Repository: Microsoft/vsts-agent Branch: master Commit: ce3bfe7180d1 Files: 811 Total size: 8.6 MB Directory structure: gitextract_26hybwmd/ ├── .CodeQL.yml ├── .azure-pipelines/ │ ├── build-job.yml │ ├── build-jobs.yml │ ├── get-pat.yml │ ├── package-vcredist.yml │ ├── pipeline.yml │ ├── scripts/ │ │ ├── Get-SigntoolPath.ps1 │ │ ├── RemoveSignatureForThirdPartyAssemlies.ps1 │ │ ├── RemoveSignatureScript.ps1 │ │ ├── run-and-verify.js │ │ ├── switch-branch.ps1 │ │ └── switch-branch.sh │ └── signing.yml ├── .editorconfig ├── .gdn/ │ └── .gdnbaselines ├── .gitattributes ├── .github/ │ ├── CODEOWNERS │ ├── ISSUE_TEMPLATE/ │ │ ├── bug.yml │ │ ├── config.yml │ │ ├── feature.yml │ │ └── question.yml │ ├── ISSUE_TEMPLATE.md │ ├── copilot-instructions.md │ ├── labelChecker/ │ │ ├── .npmrc │ │ ├── index.js │ │ └── package.json │ ├── pull_request_template.md │ └── workflows/ │ ├── autoAssignABTT.yml │ ├── labelChecker.yml │ ├── localization-automerge.yml │ └── stale.yml ├── .gitignore ├── .vsts.ci.yml ├── .vsts.release.yml ├── LICENSE ├── README.md ├── SECURITY.md ├── assets.json ├── azure-pipelines-agent.sln ├── docs/ │ ├── contribute.md │ ├── design/ │ │ ├── auth.md │ │ ├── byos.md │ │ ├── clientcert.md │ │ ├── coreclr.md │ │ ├── jobcancellation.md │ │ ├── logprocessors.md │ │ ├── non-glibc-containers.md │ │ ├── percentEncoding.md │ │ ├── proxy.md │ │ ├── res/ │ │ │ └── AgentLogProcessors.xml │ │ └── setMTU.md │ ├── git.md │ ├── jobdirectories.md │ ├── layers.md │ ├── node6.md │ ├── noderunner.md │ ├── preview/ │ │ ├── consumeoutputvariable.md │ │ ├── latebreaking.md │ │ ├── logdecorations.md │ │ ├── outdated/ │ │ │ ├── conditions.md │ │ │ ├── pipeline.md │ │ │ ├── resources.md │ │ │ ├── yaml/ │ │ │ │ ├── dot-net-core-template.yaml │ │ │ │ ├── dot-net-core.yaml │ │ │ │ ├── vsbuild-template.yaml │ │ │ │ └── vsbuild.yaml │ │ │ ├── yamldeserialization.md │ │ │ └── yamlscripts.md │ │ ├── outputvariable.md │ │ ├── runtaskindocker.md │ │ ├── yaml-authz-troubleshooting.md │ │ └── yamlgettingstarted.md │ ├── start/ │ │ ├── configonprem.md │ │ ├── configvsts.md │ │ ├── envlinux.md │ │ ├── envosx.md │ │ ├── envredhat.md │ │ ├── envubuntu.md │ │ ├── envwin.md │ │ ├── moreconfig.md │ │ ├── nixsvc.md │ │ ├── proxyconfig.md │ │ ├── resourceconfig.md │ │ ├── roles.md │ │ ├── svcosx.md │ │ └── svcsystemd.md │ ├── threat-model/ │ │ ├── AgentsTasks-ThreatModel.tm7 │ │ └── README.md │ └── troubleshooting.md ├── images/ │ └── readme.md ├── open-pullrequest.ps1 ├── release/ │ ├── Send-PRsNotification.ps1 │ ├── createAdoPrs.js │ ├── createReleaseBranch.js │ ├── fillReleaseNotesTemplate.js │ ├── package.json │ ├── rollrelease.js │ └── util.js ├── releaseNote.md ├── send-notifications.ps1 ├── src/ │ ├── .helpers.sh │ ├── Agent.Listener/ │ │ ├── Agent.Listener.csproj │ │ ├── Agent.cs │ │ ├── CommandLine/ │ │ │ ├── BaseCommand.cs │ │ │ ├── ConfigureAgent.cs │ │ │ ├── ConfigureOrRemoveBase.cs │ │ │ ├── ReAuthAgent.cs │ │ │ ├── RemoveAgent.cs │ │ │ ├── RunAgent.cs │ │ │ └── WarmupAgent.cs │ │ ├── CommandSettings.cs │ │ ├── Configuration/ │ │ │ ├── ConfigurationManager.cs │ │ │ ├── ConfigurationProvider.cs │ │ │ ├── CredentialManager.cs │ │ │ ├── CredentialProvider.cs │ │ │ ├── FeatureFlagProvider.cs │ │ │ ├── IRSAKeyManager.cs │ │ │ ├── IntegratedCredential.cs │ │ │ ├── NegotiateCredential.cs │ │ │ ├── OAuthCredential.cs │ │ │ ├── PromptManager.cs │ │ │ ├── RSAFileKeyManager.cs │ │ │ ├── ServiceControlManager.cs │ │ │ └── Validators.cs │ │ ├── Configuration.Linux/ │ │ │ └── SystemdControlManager.cs │ │ ├── Configuration.Windows/ │ │ │ ├── AutoLogonManager.cs │ │ │ ├── AutoLogonRegistryManager.cs │ │ │ ├── NativeWindowsServiceHelper.cs │ │ │ ├── RSAEncryptedFileKeyManager.cs │ │ │ ├── WindowsRegistryManager.cs │ │ │ └── WindowsServiceControlManager.cs │ │ ├── Configuration.macOS/ │ │ │ └── MacOSServiceControlManager.cs │ │ ├── Diagnostics/ │ │ │ ├── DiagnosticSuite.cs │ │ │ ├── DiagnosticsTests.cs │ │ │ ├── DiskInfo.cs │ │ │ ├── DnsTest.cs │ │ │ ├── FolderPermissionInfo.cs │ │ │ ├── IDiagnosticInfo.cs │ │ │ ├── IDiagnosticTest.cs │ │ │ ├── MtuInfo.cs │ │ │ └── PingTest.cs │ │ ├── DistributedTask.Pipelines/ │ │ │ ├── TaskResources.g.cs │ │ │ ├── Update-FromVso.ps1 │ │ │ └── Yaml/ │ │ │ ├── Contracts/ │ │ │ │ ├── CheckoutStep.cs │ │ │ │ ├── DeploymentTarget.cs │ │ │ │ ├── IPhase.cs │ │ │ │ ├── IPhaseTarget.cs │ │ │ │ ├── ISimpleStep.cs │ │ │ │ ├── IStep.cs │ │ │ │ ├── IVariable.cs │ │ │ │ ├── Phase.cs │ │ │ │ ├── PhaseSelector.cs │ │ │ │ ├── PhasesTemplate.cs │ │ │ │ ├── PhasesTemplateReference.cs │ │ │ │ ├── Process.cs │ │ │ │ ├── ProcessResource.cs │ │ │ │ ├── ProcessTemplate.cs │ │ │ │ ├── ProcessTemplateReference.cs │ │ │ │ ├── QueueTarget.cs │ │ │ │ ├── ServerTarget.cs │ │ │ │ ├── StepGroup.cs │ │ │ │ ├── StepsTemplate.cs │ │ │ │ ├── StepsTemplateReference.cs │ │ │ │ ├── TaskReference.cs │ │ │ │ ├── TaskStep.cs │ │ │ │ ├── Variable.cs │ │ │ │ ├── VariablesTemplate.cs │ │ │ │ └── VariablesTemplateReference.cs │ │ │ ├── FileData.cs │ │ │ ├── IFileProvider.cs │ │ │ ├── ITraceWriter.cs │ │ │ ├── ParseOptions.cs │ │ │ ├── PipelineParser.cs │ │ │ └── TypeConverters/ │ │ │ ├── ConverterUtil.general.cs │ │ │ ├── ConverterUtil.phases.cs │ │ │ ├── ConverterUtil.processes.cs │ │ │ ├── ConverterUtil.steps.cs │ │ │ ├── ConverterUtil.variables.cs │ │ │ ├── PhasesTemplateConverter.cs │ │ │ ├── ProcessConverter.cs │ │ │ ├── ProcessTemplateConverter.cs │ │ │ ├── StepsTemplateConverter.cs │ │ │ ├── VariablesTemplateConverter.cs │ │ │ └── YamlConstants.cs │ │ ├── JobDispatcher.cs │ │ ├── MessageListener.cs │ │ ├── NuGet.Config │ │ ├── Program.cs │ │ ├── SelfUpdater.cs │ │ ├── Telemetry/ │ │ │ ├── CustomerIntelligenceServer.cs │ │ │ ├── TelemetryPublisher.cs │ │ │ └── WorkerCrashTelemetryPublisher.cs │ │ ├── ValidationHelper/ │ │ │ ├── InstallerVerifier.cs │ │ │ ├── UnsafeNativeMethods.cs │ │ │ ├── Utility.cs │ │ │ └── VerificationException.cs │ │ ├── net10.json │ │ ├── net6.json │ │ └── net8.json │ ├── Agent.PluginHost/ │ │ ├── Agent.PluginHost.csproj │ │ └── Program.cs │ ├── Agent.Plugins/ │ │ ├── Agent.Plugins.csproj │ │ ├── Artifact/ │ │ │ ├── ArtifactDownloadParameters.cs │ │ │ ├── ArtifactItemFilters.cs │ │ │ ├── ArtifactProviderFactory.cs │ │ │ ├── BuildServer.cs │ │ │ ├── FileContainerProvider.cs │ │ │ ├── FileShareProvider.cs │ │ │ ├── IArtifactProvider.cs │ │ │ ├── PipelineArtifactConstants.cs │ │ │ ├── PipelineArtifactProvider.cs │ │ │ └── PipelineArtifactServer.cs │ │ ├── ArtifactsTracer.cs │ │ ├── BuildArtifact/ │ │ │ ├── BuildArtifactPluginConstants.cs │ │ │ └── BuildArtifactPluginV1.cs │ │ ├── GitCliManager.cs │ │ ├── GitSourceProvider.cs │ │ ├── ITfsVCCliManager.cs │ │ ├── PipelineArtifact/ │ │ │ ├── FilePathServer.cs │ │ │ ├── PipelineArtifactPlugin.cs │ │ │ ├── PipelineArtifactPluginConstants.cs │ │ │ ├── PipelineArtifactPluginUtil.cs │ │ │ ├── PipelineArtifactPluginV1.cs │ │ │ ├── PipelineArtifactPluginV2.cs │ │ │ └── Telemetry/ │ │ │ ├── FileShareActionRecord.cs │ │ │ └── PipelineArtifactActionRecord.cs │ │ ├── PipelineCache/ │ │ │ ├── FingerprintCreator.cs │ │ │ ├── PipelineCachePluginConstants.cs │ │ │ ├── PipelineCacheServer.cs │ │ │ ├── PipelineCacheTaskPluginBase.cs │ │ │ ├── RestorePipelineCacheV0.cs │ │ │ ├── SavePipelineCacheV0.cs │ │ │ ├── TarUtils.cs │ │ │ └── Telemetry/ │ │ │ └── PipelineCacheActionRecord.cs │ │ ├── RepositoryPlugin.cs │ │ ├── SvnCliManager.cs │ │ ├── SvnSourceProvider.cs │ │ ├── TFCliManager.cs │ │ ├── TeeCliManager.cs │ │ ├── TestFilePublisher/ │ │ │ ├── ClientFactory.cs │ │ │ ├── Finder/ │ │ │ │ ├── ITestFileFinder.cs │ │ │ │ └── TestFileFinder.cs │ │ │ ├── PipelineConfig.cs │ │ │ ├── Plugin/ │ │ │ │ └── TestFilePublisherLogPlugin.cs │ │ │ ├── SimpleTimer.cs │ │ │ ├── Telemetry/ │ │ │ │ ├── TelemetryConstants.cs │ │ │ │ ├── TelemetryDataCollector.cs │ │ │ │ └── TelemetryDataWrapper.cs │ │ │ ├── TestFilePublisher.cs │ │ │ ├── TestRunContextBuilder.cs │ │ │ ├── TraceListener.cs │ │ │ └── TraceLogger.cs │ │ ├── TestResultParser/ │ │ │ ├── Bus/ │ │ │ │ └── IBus.cs │ │ │ ├── ClientFactory.cs │ │ │ ├── Gateway/ │ │ │ │ ├── ILogParserGateway.cs │ │ │ │ ├── ILogPreProcessor.cs │ │ │ │ ├── LogParserGateway.cs │ │ │ │ └── LogPreProcessor.cs │ │ │ ├── IEnumerableExtension.cs │ │ │ ├── ParserFactory.cs │ │ │ ├── PipelineConfig.cs │ │ │ ├── PipelineTestRun.cs │ │ │ ├── PipelineTestRunPublisher.cs │ │ │ ├── Plugin/ │ │ │ │ └── TestResultLogPlugin.cs │ │ │ ├── SimpleTimer.cs │ │ │ ├── Telemetry/ │ │ │ │ ├── TelemetryConstants.cs │ │ │ │ ├── TelemetryDataCollector.cs │ │ │ │ └── TelemetryDataWrapper.cs │ │ │ ├── TestRunManager.cs │ │ │ └── TraceLogger.cs │ │ ├── TfsVCCliManager.cs │ │ └── TfsVCSourceProvider.cs │ ├── Agent.Sdk/ │ │ ├── Agent.Sdk.csproj │ │ ├── AgentClientCertificateManager.cs │ │ ├── AgentWebProxy.cs │ │ ├── AssemblyInfo.cs │ │ ├── CommandPlugin.cs │ │ ├── CommandStringConvertor.cs │ │ ├── ContainerInfo.cs │ │ ├── DockerVersion.cs │ │ ├── ExecutionTargetInfo.cs │ │ ├── ITraceWriter.cs │ │ ├── Knob/ │ │ │ ├── AgentKnobs.cs │ │ │ ├── BuiltInDefaultKnobSource.cs │ │ │ ├── CompositeKnobSource.cs │ │ │ ├── EnvironmentKnobSource.cs │ │ │ ├── ICompositeKnobSource.cs │ │ │ ├── IEnvironmentKnobSource.cs │ │ │ ├── IKnobSource.cs │ │ │ ├── IKnobValueContext.cs │ │ │ ├── Knob.cs │ │ │ ├── KnobValue.cs │ │ │ ├── PipelineFeatureSource.cs │ │ │ └── RuntimeKnobSource.cs │ │ ├── LogPlugin.cs │ │ ├── MountVolume.cs │ │ ├── PortMapping.cs │ │ ├── ProcessInvoker.MacLinux.cs │ │ ├── ProcessInvoker.Windows.cs │ │ ├── ProcessInvoker.cs │ │ ├── ScopedEnvironment.cs │ │ ├── SecretMasking/ │ │ │ ├── ILoggedSecretMasker.cs │ │ │ ├── IRawSecretMasker.cs │ │ │ ├── LegacySecretMasker.cs │ │ │ ├── LoggedSecretMasker.cs │ │ │ └── OssSecretMasker.cs │ │ ├── TaskPlugin.cs │ │ └── Util/ │ │ ├── ArgUtil/ │ │ │ ├── ArgUtil.cs │ │ │ ├── ArgUtilInstanced.cs │ │ │ └── IArgUtilInstanced.cs │ │ ├── AzureInstanceMetadataProvider.cs │ │ ├── BlobStoreWarningInfoProvider.cs │ │ ├── CertificateUtil.cs │ │ ├── ExceptionsUtil.cs │ │ ├── IOUtil.cs │ │ ├── MaskingUtil.cs │ │ ├── NetFrameworkUtil.cs │ │ ├── NullTraceWriter.cs │ │ ├── PathUtil.cs │ │ ├── PlatformUtil.cs │ │ ├── PsModulePathUtil.cs │ │ ├── RepositoryUtil.cs │ │ ├── SslUtil.cs │ │ ├── StringUtil.cs │ │ ├── TeeUtil.cs │ │ ├── UrlUtil.cs │ │ ├── UtilKnobValueContext.cs │ │ ├── VssUtil.cs │ │ ├── WellKnownSecretAliases.cs │ │ ├── WhichUtil.cs │ │ └── WindowsProcessUtil.cs │ ├── Agent.Service/ │ │ └── Windows/ │ │ ├── AgentService.Designer.cs │ │ ├── AgentService.cs │ │ ├── AgentService.csproj │ │ ├── App.config │ │ ├── FinalPublicKey.snk │ │ ├── Program.cs │ │ ├── Properties/ │ │ │ └── AssemblyInfo.cs │ │ ├── Resource.Designer.cs │ │ ├── Resource.de-de.resx │ │ ├── Resource.es-es.resx │ │ ├── Resource.fr-fr.resx │ │ ├── Resource.it-IT.resx │ │ ├── Resource.ja-jp.resx │ │ ├── Resource.ko-KR.resx │ │ ├── Resource.resx │ │ ├── Resource.ru-RU.resx │ │ ├── Resource.zh-CN.resx │ │ └── Resource.zh-TW.resx │ ├── Agent.Worker/ │ │ ├── Agent.Worker.csproj │ │ ├── AgentLogPlugin.cs │ │ ├── AgentPluginManager.cs │ │ ├── AssemblyInfo.cs │ │ ├── AsyncCommandContext.cs │ │ ├── Build/ │ │ │ ├── ArtifactCommandExtension.cs │ │ │ ├── BuildCommandExtension.cs │ │ │ ├── BuildDirectoryManager.cs │ │ │ ├── BuildJobExtension.cs │ │ │ ├── BuildServer.cs │ │ │ ├── Enums.cs │ │ │ ├── FileContainerServer.cs │ │ │ ├── GitCommandManager.cs │ │ │ ├── GitSourceProvider.cs │ │ │ ├── LegacyTrackingConfig.cs │ │ │ ├── SourceProvider.cs │ │ │ ├── SvnCommandManager.cs │ │ │ ├── SvnSourceProvider.cs │ │ │ ├── TFCommandManager.cs │ │ │ ├── TeeCommandManager.cs │ │ │ ├── TfsVCCommandManager.cs │ │ │ ├── TfsVCSourceProvider.cs │ │ │ ├── TopLevelTrackingConfig.cs │ │ │ ├── TrackingConfig.cs │ │ │ ├── TrackingConfigBase.cs │ │ │ ├── TrackingConfigHashAlgorithm.cs │ │ │ ├── TrackingManager.cs │ │ │ ├── UploadResult.cs │ │ │ └── WorkspaceMaintenanceProvider.cs │ │ ├── CodeCoverage/ │ │ │ ├── CoberturaSummaryReader.cs │ │ │ ├── CodeCoverageCommands.cs │ │ │ ├── CodeCoverageConstants.cs │ │ │ ├── CodeCoveragePublisher.cs │ │ │ ├── CodeCoverageServer.cs │ │ │ ├── CodeCoverageUtilities.cs │ │ │ ├── FeatureFlagUtility.cs │ │ │ ├── ICodeCoverageSummaryReader.cs │ │ │ └── JaCoCoSummaryReader.cs │ │ ├── Container/ │ │ │ ├── ContainerDiagnosticsManager.cs │ │ │ ├── DockerCommandManager.cs │ │ │ └── DockerUtil.cs │ │ ├── ContainerOperationProvider.cs │ │ ├── ContainerOperationProviderEnhanced.cs │ │ ├── DiagnosticLogManager.cs │ │ ├── ExecutionContext.cs │ │ ├── ExpressionManager.cs │ │ ├── GitManager.cs │ │ ├── Handlers/ │ │ │ ├── AgentPluginHandler.cs │ │ │ ├── Handler.cs │ │ │ ├── HandlerFactory.cs │ │ │ ├── LegacyPowerShellHandler.cs │ │ │ ├── NodeHandler.cs │ │ │ ├── PowerShell3Handler.cs │ │ │ ├── PowerShellExeHandler.cs │ │ │ ├── ProcessHandler/ │ │ │ │ ├── CmdArgsSanitizer.cs │ │ │ │ ├── Exceptions.cs │ │ │ │ ├── ProcessHandler.cs │ │ │ │ ├── ProcessHandlerHelper.cs │ │ │ │ └── ProcessHandlerV2.cs │ │ │ └── StepHost.cs │ │ ├── JobExtension.cs │ │ ├── JobExtensionRunner.cs │ │ ├── JobRunner.cs │ │ ├── Maintenance/ │ │ │ └── MaintenanceJobExtension.cs │ │ ├── ManagementScriptStep.cs │ │ ├── NodeJsUtil.cs │ │ ├── NodeVersionStrategies/ │ │ │ ├── CustomNodeStrategy.cs │ │ │ ├── GlibcCompatibilityInfo.cs │ │ │ ├── GlibcCompatibilityInfoProvider.cs │ │ │ ├── IGlibcCompatibilityInfoProvider.cs │ │ │ ├── INodeVersionStrategy.cs │ │ │ ├── Node10Strategy.cs │ │ │ ├── Node16Strategy.cs │ │ │ ├── Node20Strategy.cs │ │ │ ├── Node24Strategy.cs │ │ │ ├── Node6Strategy.cs │ │ │ ├── NodeContainerTestHelper.cs │ │ │ ├── NodeRunnerInfo.cs │ │ │ ├── NodeVersionOrchestrator.cs │ │ │ └── TaskContext.cs │ │ ├── NuGet.Config │ │ ├── PluginInternalCommandExtension.cs │ │ ├── Program.cs │ │ ├── Release/ │ │ │ ├── AgentUtilities.cs │ │ │ ├── Artifacts/ │ │ │ │ ├── ArtifactDirectoryCreationFailedException.cs │ │ │ │ ├── ArtifactDownloadException.cs │ │ │ │ ├── BuildArtifact.cs │ │ │ │ ├── CommitsDownloadException.cs │ │ │ │ ├── CustomArtifact.cs │ │ │ │ ├── Definition/ │ │ │ │ │ ├── ArtifactDefinition.cs │ │ │ │ │ ├── BuildArtifactDetails.cs │ │ │ │ │ ├── CustomArtifactDetails.cs │ │ │ │ │ ├── CustomArtifactDownloadDetails.cs │ │ │ │ │ ├── CustomArtifactVersionDetails.cs │ │ │ │ │ ├── GitHubArtifactDetails.cs │ │ │ │ │ ├── IArtifactDetails.cs │ │ │ │ │ ├── JenkinsArtifactDetails.cs │ │ │ │ │ ├── TfsGitArtifactDetails.cs │ │ │ │ │ ├── TfsVCArtifactDetails.cs │ │ │ │ │ └── WellKnownStreamTypes.cs │ │ │ │ ├── FileShareArtifact.cs │ │ │ │ ├── GenericHttpClient.cs │ │ │ │ ├── GitHubArtifact.cs │ │ │ │ ├── GitHubHttpClient.cs │ │ │ │ ├── JenkinsArtifact.cs │ │ │ │ ├── TfsGitArtifact.cs │ │ │ │ └── TfsVCArtifact.cs │ │ │ ├── ContainerFetchEngine/ │ │ │ │ ├── ContainerFetchEngine.cs │ │ │ │ ├── ContainerFetchEngineDefaultOptions.cs │ │ │ │ ├── ContainerFetchEngineOptions.cs │ │ │ │ ├── ContainerItem.cs │ │ │ │ ├── FetchEngine.cs │ │ │ │ ├── HttpRetryOnTimeoutHandler.cs │ │ │ │ ├── HttpRetryOnTimeoutOptions.cs │ │ │ │ ├── IConatinerFetchEngineLogger.cs │ │ │ │ ├── IContainerProvider.cs │ │ │ │ ├── ItemType.cs │ │ │ │ └── NullExecutionLogger.cs │ │ │ ├── ContainerProvider/ │ │ │ │ ├── FileContainerProvider.cs │ │ │ │ └── Helpers/ │ │ │ │ ├── AsyncLazy.cs │ │ │ │ ├── ContainerProviderFactory.cs │ │ │ │ ├── ExecutionLogger.cs │ │ │ │ └── VssConnectionFactory.cs │ │ │ ├── DeploymentJobExtension.cs │ │ │ ├── IArtifactExtension.cs │ │ │ ├── IReleaseDirectoryManager.cs │ │ │ ├── ReleaseCommandExtension.cs │ │ │ ├── ReleaseDirectoryManager.cs │ │ │ ├── ReleaseFileSystemManager.cs │ │ │ ├── ReleaseJobExtension.cs │ │ │ ├── ReleaseServer.cs │ │ │ ├── ReleaseTrackingConfig.cs │ │ │ ├── ReleaseTrackingManager.cs │ │ │ ├── RetryExecutor.cs │ │ │ └── ZipStreamDownloader.cs │ │ ├── ResourceMetricsManager.cs │ │ ├── RetryHelper.cs │ │ ├── SignatureService.cs │ │ ├── SimpleTimer.cs │ │ ├── StepsRunner.cs │ │ ├── TaskCommandExtension.cs │ │ ├── TaskDecoratorManager.cs │ │ ├── TaskManager.cs │ │ ├── TaskRestrictionsChecker.cs │ │ ├── TaskRestrictionsExtension.cs │ │ ├── TaskRunner.cs │ │ ├── Telemetry/ │ │ │ ├── CustomerIntelligenceServer.cs │ │ │ └── TelemetryCommandExtension.cs │ │ ├── TempDirectoryManager.cs │ │ ├── TfManager.cs │ │ ├── Variables.cs │ │ ├── VsoTaskLibManager.cs │ │ ├── Worker.cs │ │ ├── WorkerCommandManager.cs │ │ └── WorkerUtilties.cs │ ├── Common.props │ ├── Microsoft.VisualStudio.Services.Agent/ │ │ ├── AdditionalMaskingRegexes.cs │ │ ├── AgentCertificateManager.cs │ │ ├── AgentCredentialStore/ │ │ │ ├── LinuxAgentCredentialStore.cs │ │ │ ├── MacOSAgentCredentialStore.cs │ │ │ ├── NoOpAgentCredentialStore.cs │ │ │ └── WindowsAgentCredentialStore.cs │ │ ├── AgentServer.cs │ │ ├── AgentService.cs │ │ ├── AssemblyInfo.cs │ │ ├── AsyncManualResetEvent.cs │ │ ├── Blob/ │ │ │ ├── BlobFileInfo.cs │ │ │ ├── BlobStoreClientTelemetryTfs.cs │ │ │ ├── BlobStoreUtils.cs │ │ │ ├── BlobstoreClientSettings.cs │ │ │ ├── BuildArtifactActionRecord.cs │ │ │ ├── CustomerIntelligenceTelemetrySender.cs │ │ │ ├── DedupManifestArtifactClientFactory.cs │ │ │ ├── IDedupRecord.cs │ │ │ ├── PipelineTelemetryRecord.cs │ │ │ └── TimelineRecordAttachmentTelemetryRecord.cs │ │ ├── Capabilities/ │ │ │ ├── AgentCapabilitiesProvider.cs │ │ │ ├── CapabilitiesManager.cs │ │ │ ├── EnvironmentCapabilitiesProvider.cs │ │ │ ├── NixCapabilitiesProvider.cs │ │ │ ├── PowerShellCapabilitiesProvider.cs │ │ │ └── UserCapabilitiesProvider.cs │ │ ├── Command.cs │ │ ├── ConfigurationStore.cs │ │ ├── Constants.cs │ │ ├── CorrelationContextManager.cs │ │ ├── CredentialData.cs │ │ ├── DeploymentGroupServer.cs │ │ ├── EnhancedTracing.cs │ │ ├── EnvironmentsServer.cs │ │ ├── Exceptions.cs │ │ ├── ExtensionManager.cs │ │ ├── Extensions.cs │ │ ├── HostContext.cs │ │ ├── HostTraceListener.cs │ │ ├── IAgentCredentialStore.cs │ │ ├── IExtension.cs │ │ ├── ITracingProxy.cs │ │ ├── JobNotification.cs │ │ ├── JobServer.cs │ │ ├── JobServerQueue.cs │ │ ├── LocationServer.cs │ │ ├── Logging.cs │ │ ├── Microsoft.VisualStudio.Services.Agent.csproj │ │ ├── NuGet.Config │ │ ├── ProcessChannel.cs │ │ ├── ProcessExtensions.cs │ │ ├── ProcessInvoker.cs │ │ ├── StreamString.cs │ │ ├── TaskServer.cs │ │ ├── Terminal.cs │ │ ├── ThrottlingReportHandler.cs │ │ ├── TraceManager.cs │ │ ├── TraceSetting.cs │ │ ├── Tracing.cs │ │ ├── TracingProxy.cs │ │ ├── Util/ │ │ │ ├── EnumUtil.cs │ │ │ ├── PlanUtil.cs │ │ │ ├── PowerShellExeUtil.cs │ │ │ ├── ServerUtil.cs │ │ │ ├── TaskResultUtil.cs │ │ │ ├── UnixUtil.cs │ │ │ └── VarUtil.cs │ │ ├── VstsAgentWebProxy.cs │ │ └── WindowsEnvVarHelper.cs │ ├── Misc/ │ │ ├── BuildConstants.ch │ │ ├── InstallAgentPackage.template.xml │ │ ├── Publish.template.ps1 │ │ ├── UpdateAgentPackage.template.xml │ │ ├── check-symlinks.sh │ │ ├── externals.sh │ │ ├── layoutbin/ │ │ │ ├── AgentService.js │ │ │ ├── containerHandlerInvoker.js.template │ │ │ ├── darwin.svc.sh.template │ │ │ ├── de-DE/ │ │ │ │ └── strings.json │ │ │ ├── en-US/ │ │ │ │ └── strings.json │ │ │ ├── es-ES/ │ │ │ │ └── strings.json │ │ │ ├── fr-FR/ │ │ │ │ └── strings.json │ │ │ ├── installdependencies.sh │ │ │ ├── it-IT/ │ │ │ │ └── strings.json │ │ │ ├── ja-JP/ │ │ │ │ └── strings.json │ │ │ ├── ko-KR/ │ │ │ │ └── strings.json │ │ │ ├── powershell/ │ │ │ │ ├── Add-AndroidSdkCapabilities.ps1 │ │ │ │ ├── Add-AntCapabilities.ps1 │ │ │ │ ├── Add-ApplicationCapabilities.ps1 │ │ │ │ ├── Add-AzureGuestAgentCapabilities.ps1 │ │ │ │ ├── Add-AzurePowerShellCapabilities.ps1 │ │ │ │ ├── Add-Capabilities.ps1 │ │ │ │ ├── Add-ChefCapabilities.ps1 │ │ │ │ ├── Add-DotNetFrameworkCapabilities.ps1 │ │ │ │ ├── Add-JavaCapabilities.ps1 │ │ │ │ ├── Add-MSBuildCapabilities.ps1 │ │ │ │ ├── Add-MavenCapabilities.ps1 │ │ │ │ ├── Add-PowerShellCapabilities.ps1 │ │ │ │ ├── Add-ScvmmAdminConsoleCapabilities.ps1 │ │ │ │ ├── Add-SqlPackageCapabilities.ps1 │ │ │ │ ├── Add-VisualStudioCapabilities.ps1 │ │ │ │ ├── Add-WindowsKitCapabilities.ps1 │ │ │ │ ├── Add-WindowsSdkCapabilities.ps1 │ │ │ │ ├── Add-XamarinAndroidCapabilities.ps1 │ │ │ │ ├── CapabilityHelpers/ │ │ │ │ │ ├── CapabilityFunctions.ps1 │ │ │ │ │ ├── CapabilityHelpers.psm1 │ │ │ │ │ ├── PathFunctions.ps1 │ │ │ │ │ ├── RegistryFunctions.ps1 │ │ │ │ │ ├── VersionFunctions.ps1 │ │ │ │ │ └── VisualStudioFunctions.ps1 │ │ │ │ ├── Get-LocalGroupMembership.ps1 │ │ │ │ └── Start-AzpTask.ps1 │ │ │ ├── ru-RU/ │ │ │ │ └── strings.json │ │ │ ├── runsvc.sh │ │ │ ├── systemd.svc.sh.template │ │ │ ├── tasks-exception-list.json │ │ │ ├── update.cmd.template │ │ │ ├── update.sh.template │ │ │ ├── vsts.agent.plist.template │ │ │ ├── vsts.agent.service.template │ │ │ ├── zh-CN/ │ │ │ │ └── strings.json │ │ │ └── zh-TW/ │ │ │ └── strings.json │ │ ├── layoutroot/ │ │ │ ├── config.cmd │ │ │ ├── config.sh │ │ │ ├── env.sh │ │ │ ├── license.html │ │ │ ├── reauth.cmd │ │ │ ├── reauth.sh │ │ │ ├── run-docker.sh │ │ │ ├── run.cmd │ │ │ └── run.sh │ │ └── osxsvclayout.txt │ ├── NuGet.Config │ ├── Test/ │ │ ├── CodeCoverage.runsettings │ │ ├── L0/ │ │ │ ├── ConstantGenerationL0.cs │ │ │ ├── Container/ │ │ │ │ ├── ContainerDiagnosticsManagerL0.cs │ │ │ │ ├── ContainerInfoL0.cs │ │ │ │ ├── DockerCommandManagerL0.cs │ │ │ │ └── DockerUtilL0.cs │ │ │ ├── CorrelationContextManagerL0.cs │ │ │ ├── EnhancedTracingCorrelationL0.cs │ │ │ ├── EnhancedTracingL0.cs │ │ │ ├── ExtensionManagerL0.cs │ │ │ ├── HostContextExtensionL0.cs │ │ │ ├── HostContextL0.cs │ │ │ ├── KnobL0.cs │ │ │ ├── Listener/ │ │ │ │ ├── AgentL0.cs │ │ │ │ ├── CommandSettingsL0.cs │ │ │ │ ├── Configuration/ │ │ │ │ │ ├── AgentAutoLogonTestL0.cs │ │ │ │ │ ├── AgentCapabilitiesProviderTestL0.cs │ │ │ │ │ ├── AgentCredentialL0.cs │ │ │ │ │ ├── ArgumentValidatorTestsL0.cs │ │ │ │ │ ├── ConfigurationManagerL0.cs │ │ │ │ │ ├── Mocks/ │ │ │ │ │ │ └── MockNativeWindowsServiceHelper.cs │ │ │ │ │ ├── NativeWindowsServiceHelperL0.cs │ │ │ │ │ ├── PromptManagerTestsL0.cs │ │ │ │ │ ├── ServiceControlManagerL0.cs │ │ │ │ │ └── UserCapabilitiesProviderTestL0.cs │ │ │ │ ├── JobDispatcherL0.cs │ │ │ │ ├── ListenerCorrelationIntegrationL0.cs │ │ │ │ ├── MessageListenerL0.cs │ │ │ │ └── PipelineParserL0.cs │ │ │ ├── LocStringsL0.cs │ │ │ ├── NodeHandler.GlibcTest.cs │ │ │ ├── NodeHandlerCollections.cs │ │ │ ├── NodeHandlerL0.AllSpecs.cs │ │ │ ├── NodeHandlerL0.TestSpecifications.cs │ │ │ ├── NodeHandlerL0.cs │ │ │ ├── NodeHandlerTestBase.cs │ │ │ ├── PagingLoggerL0.cs │ │ │ ├── Plugin/ │ │ │ │ ├── BlobstoreClientSettingsL0.cs │ │ │ │ ├── ChunkerTests.cs │ │ │ │ ├── FingerprintCreatorTests.cs │ │ │ │ ├── FingerprintTests.cs │ │ │ │ ├── IsPathyTests.cs │ │ │ │ ├── LogPluginHostL0.cs │ │ │ │ ├── MatchingTests.cs │ │ │ │ ├── RepositoryPluginL0.cs │ │ │ │ ├── TarUtilsL0.cs │ │ │ │ ├── TestFileContainerProvider/ │ │ │ │ │ └── TestFileContainerProviderL0.cs │ │ │ │ ├── TestFilePublisher/ │ │ │ │ │ ├── TestFileFinderL0.cs │ │ │ │ │ ├── TestFilePublisherL0.cs │ │ │ │ │ └── TestFilePublisherLogPluginL0.cs │ │ │ │ ├── TestFileShareProvider/ │ │ │ │ │ ├── MockDedupManifestArtifactClientFactory.cs │ │ │ │ │ ├── TestFileShareProviderL0.cs │ │ │ │ │ └── TestTelemetrySender.cs │ │ │ │ ├── TestGitCliManager/ │ │ │ │ │ ├── MockAgentTaskPluginExecutionContext.cs │ │ │ │ │ ├── MockGitCliManager.cs │ │ │ │ │ └── TestGitCliManagerL0.cs │ │ │ │ ├── TestGitSourceProvider/ │ │ │ │ │ ├── GitSourceProviderL0.cs │ │ │ │ │ ├── MockAgentTaskPluginExecutionContext.cs │ │ │ │ │ ├── MockGitCliManager.cs │ │ │ │ │ └── MockGitSoureProvider.cs │ │ │ │ └── TestResultParser/ │ │ │ │ ├── EnumerableExtensionL0.cs │ │ │ │ ├── LogPreProcessorL0.cs │ │ │ │ ├── PipelineTestRunPublisherL0.cs │ │ │ │ ├── TestResultLogPluginL0.cs │ │ │ │ └── TestRunManagerL0.cs │ │ │ ├── ProcessExtensionL0.cs │ │ │ ├── ProcessInvokerL0.cs │ │ │ ├── ProxyConfigL0.cs │ │ │ ├── SecretMaskerTests/ │ │ │ │ ├── LoggedSecretMaskerL0.cs │ │ │ │ └── SecretMaskerL0.cs │ │ │ ├── ServiceInterfacesL0.cs │ │ │ ├── TestHostContext.cs │ │ │ ├── TestUtil.cs │ │ │ ├── TraceManagerL0.cs │ │ │ ├── Util/ │ │ │ │ ├── ArgUtilL0.cs │ │ │ │ ├── CertificateUtilL0.cs │ │ │ │ ├── IOUtilL0.cs │ │ │ │ ├── ProcessUtilL0.cs │ │ │ │ ├── RepositoryUtilL0.cs │ │ │ │ ├── StringUtilL0.cs │ │ │ │ ├── TaskResultUtilL0.cs │ │ │ │ ├── TelemetryPropsUtil.cs │ │ │ │ ├── UrlUtilL0.cs │ │ │ │ ├── VarUtilL0.cs │ │ │ │ ├── VssUtilL0.cs │ │ │ │ └── WhichUtilL0.cs │ │ │ ├── VstsAgentWebProxyL0.cs │ │ │ └── Worker/ │ │ │ ├── AgentPluginManagerL0.cs │ │ │ ├── Build/ │ │ │ │ ├── BuildDirectoryManagerL0.cs │ │ │ │ ├── BuildJobExtensionL0.cs │ │ │ │ ├── GitCommandManagerL0.cs │ │ │ │ ├── GitSourceProviderL0.cs │ │ │ │ ├── TfsVCCommandManagerL0.cs │ │ │ │ ├── TfsVCSourceProvider.WorkspaceUtilL0.cs │ │ │ │ ├── TfsVCSourceProviderL0.cs │ │ │ │ ├── TrackingConfigHashAlgorithmL0.cs │ │ │ │ ├── TrackingConfigL0.cs │ │ │ │ ├── TrackingManagerL0.cs │ │ │ │ └── WorkspaceMaintenanceProvicerL0.cs │ │ │ ├── CodeCoverage/ │ │ │ │ ├── CoberturaSummaryReaderTests.cs │ │ │ │ ├── CodeCoverageCommandExtensionTests.cs │ │ │ │ ├── CodeCoverageConstants.cs │ │ │ │ ├── CodeCoverageUtilitiesTests.cs │ │ │ │ ├── JacocoSummaryReaderTests.cs │ │ │ │ ├── frame-summary.html │ │ │ │ └── index.html │ │ │ ├── ContainerOperationProviderEnhancedL0.cs │ │ │ ├── ContainerOperationProviderL0.cs │ │ │ ├── ContainerOperationProviderL0.md │ │ │ ├── ContainerOperationProviderL0Base.cs │ │ │ ├── ExecutionContextL0.cs │ │ │ ├── ExpressionManagerL0.cs │ │ │ ├── GitManagerL0.cs │ │ │ ├── Handlers/ │ │ │ │ ├── CmdArgsSanitizerL0.cs │ │ │ │ ├── ProcessHandlerHelperL0.cs │ │ │ │ ├── ProcessHandlerHelperTelemetryL0.cs │ │ │ │ └── ProcessHandlerL0.cs │ │ │ ├── JobExtensionL0.cs │ │ │ ├── JobRunnerL0.cs │ │ │ ├── LoggingCommandL0.cs │ │ │ ├── PluginInternalUpdateRepositoryPathCommandL0.cs │ │ │ ├── Release/ │ │ │ │ ├── AgentUtlitiesL0.cs │ │ │ │ ├── FetchEngineL0.cs │ │ │ │ ├── GitHubArtifactL0.cs │ │ │ │ ├── JenkinsArtifactL0.cs │ │ │ │ ├── ReleaseDirectoryManagerL0.cs │ │ │ │ ├── ReleaseJobExtensionL0.cs │ │ │ │ ├── TfsGitArtifactL0.cs │ │ │ │ └── TfsVCArtifactL0.cs │ │ │ ├── SetVariableRestrictionsL0.cs │ │ │ ├── StepsRunnerL0.cs │ │ │ ├── TaskCommandExtensionL0.cs │ │ │ ├── TaskDecoratorManagerL0.cs │ │ │ ├── TaskManagerL0.cs │ │ │ ├── TaskRunnerL0.cs │ │ │ ├── Telemetry/ │ │ │ │ └── TelemetryCommandExtensionTests.cs │ │ │ ├── TfManagerL0.cs │ │ │ ├── VariablesL0.cs │ │ │ ├── WorkerCommandManagerL0.cs │ │ │ ├── WorkerCorrelationIntegrationL0.cs │ │ │ └── WorkerL0.cs │ │ ├── L1/ │ │ │ ├── L1HostContext.cs │ │ │ ├── Mock/ │ │ │ │ ├── FakeAgentPluginManager.cs │ │ │ │ ├── FakeBuildServer.cs │ │ │ │ ├── FakeConfigurationStore.cs │ │ │ │ ├── FakeCustomerIntelligenceServer.cs │ │ │ │ ├── FakeJobServer.cs │ │ │ │ ├── FakeReleaseServer.cs │ │ │ │ ├── FakeResourceMetricsManager.cs │ │ │ │ ├── FakeTaskManager.cs │ │ │ │ └── FakeTaskServer.cs │ │ │ ├── Plugins/ │ │ │ │ ├── FakeCheckoutTask.cs │ │ │ │ └── FakeGitCliManager.cs │ │ │ └── Worker/ │ │ │ ├── CheckoutL1Tests.cs │ │ │ ├── ConditionsL1Tests.cs │ │ │ ├── ConfigL1Tests.cs │ │ │ ├── ContainerL1Tests.cs │ │ │ ├── CoreL1Tests.cs │ │ │ ├── CorrelationL1Tests.cs │ │ │ ├── L1TestBase.cs │ │ │ ├── TimeoutLogFlushingL1Tests.cs │ │ │ └── VariableL1Tests.cs │ │ ├── NuGet.Config │ │ ├── Test.csproj │ │ └── TestData/ │ │ └── TaskManagerL0/ │ │ └── task.json │ ├── agentversion │ ├── dev.cmd │ ├── dev.sh │ └── dir.proj └── tools/ ├── FindAgentsNotCompatibleWithAgent/ │ ├── QueryAgentPoolsForCompatibleOS.ps1 │ └── readme.md └── FindPipelinesUsingRetiredImages/ ├── QueryJobHistoryForRetiredImages.ps1 └── readme.md ================================================ FILE CONTENTS ================================================ ================================================ FILE: .CodeQL.yml ================================================ path_classifiers: test: # Note: use only forward slash / as a path separator. # * Matches any sequence of characters except a forward slash. # ** Matches any sequence of characters, including a forward slash. # This wildcard must either be surrounded by forward slash symbols, or used as the first segment of a path. # It matches zero or more whole directory segments. There is no need to use a wildcard at the end of a directory path because all sub-directories are automatically matched. # That is, /anything/ matches the anything directory and all its subdirectories. # Always enclose the expression in double quotes if it includes *. - src/Test # The default behavior is to tag all files created during the # build as `generated`. Results are hidden for generated code. You can tag # further files as being generated by adding them to the `generated` section. generated: - _reports ================================================ FILE: .azure-pipelines/build-job.yml ================================================ # This Yaml Document has been converted by ESAI Yaml Pipeline Conversion Tool. parameters: - name: jobName type: string - name: displayName type: string - name: pool type: object - name: container type: string - name: targetFramework type: string - name: timeoutInMinutes type: number - name: branch type: string - name: os type: string values: - win - linux - linux-musl - osx - name: arch type: string values: - arm - arm64 - x64 - x86 - name: unitTests type: boolean - name: functionalTests type: boolean - name: codeCoverage type: boolean - name: sign type: boolean - name: verifySigning type: boolean - name: publishArtifact type: boolean - name: enableADOLogIssue type: boolean default: false - name: packageType type: string default: agent values: - agent - pipelines-agent - name: disableSdl type: boolean default: false - name: justificationForDisablingSdl type: string default: '' jobs: - job: ${{ parameters.jobName }} displayName: ${{ parameters.displayName }} pool: ${{ parameters.pool }} timeoutInMinutes: ${{ parameters.timeoutInMinutes }} ${{ if eq(parameters.targetFramework, 'all') }}: strategy: matrix: NET8.0: targetFramework: 'net8.0' NET10.0: targetFramework: 'net10.0' ${{ if ne(parameters.container, '') }}: container: ${{ parameters.container }} ${{ if eq(parameters.disableSdl, true) }}: parameters: sdl: codeql: compiled: enabled: false justificationForDisabling: ${{ parameters.justificationForDisablingSdl}} variables: PACKAGE_TYPE: ${{ parameters.packageType }} ${{ if eq(parameters.os, 'win') }}: devCommand: dev.cmd ${{ if ne(parameters.os, 'win') }}: devCommand: ./dev.sh layoutRoot: '_layout/${{ parameters.os }}-${{ parameters.arch }}' DisableCFSDetector: true DisableDockerDetector: true nugetMultiFeedWarnLevel: none CheckoutBranch: ${{ parameters.branch }} ${{ if ne(parameters.targetFramework, 'all') }}: targetFramework: ${{ parameters.targetFramework }} templateContext: outputs: - ${{ if or(parameters.unitTests, parameters.functionalTests) }}: - output: buildArtifacts displayName: 'Publish Test logs' condition: always() PathtoPublish: src/Test/TestLogs ArtifactName: ${{ parameters.os }}-${{ parameters.arch }}-$(System.JobId) - ${{ if eq(parameters.publishArtifact, true) }}: - output: buildArtifacts displayName: 'Publish Hash Artifact' PathtoPublish: _package ArtifactName: agent - ${{ if eq(parameters.publishArtifact, true) }}: - output: buildArtifacts displayName: 'Publish Agent Artifact' PathtoPublish: _package_hash ArtifactName: hash steps: - checkout: self clean: true - task: Bash@3 displayName: Switch to target branch inputs: filePath: .azure-pipelines/scripts/switch-branch.sh env: TARGET_BRANCH: $(CheckoutBranch) condition: | and( eq(variables['Build.SourceBranch'], 'refs/heads/master'), ne(variables.CheckoutBranch, '') ) # 1ES images used on the ARM pool doesn't contain unzip tool, so we need to install it before starting the build - ${{ if and(eq(parameters.arch, 'arm64'), ne(parameters.os, 'osx'), ne(parameters.os, 'win')) }}: - script: sudo dnf -y update && sudo dnf -y install unzip displayName: Install unzip retryCountOnTaskFailure: 5 # Install nuget - ${{ if eq(parameters.os, 'win') }}: - task: NuGetToolInstaller@1 displayName: Install NuGet for signing tests # Set up auth for nuget for when new packages need to be consumed - task: NuGetAuthenticate@1 # Build agent layout - script: ${{ variables.devCommand }} layout $(targetFramework) Release ${{ parameters.os }}-${{ parameters.arch }} workingDirectory: src displayName: Build & Layout Release retryCountOnTaskFailure: 5 ${{ if parameters.enableADOLogIssue }}: env: ADO_ENABLE_LOGISSUE: true # Check if broken symlinks exist in the agent build - task: Bash@3 inputs: filePath: src/Misc/check-symlinks.sh displayName: Check symlinks # Run l0 tests - ${{ if parameters.unitTests }}: - ${{ if and(eq(parameters.os, 'win'), eq(parameters.arch, 'x86')) }}: - task: UseDotNet@2 displayName: Install .NET Core 6 Runtime inputs: version: '6.0.x' packageType: 'runtime' installationPath: 'C:\Program Files (x86)\dotnet' env: PROCESSOR_ARCHITECTURE: x86 - script: ${{ variables.devCommand }} testl0 $(targetFramework) Debug ${{ parameters.os }}-${{ parameters.arch }} workingDirectory: src displayName: Unit tests timeoutInMinutes: 5 # Run l1 tests - ${{ if parameters.functionalTests }}: - ${{ if and(eq(parameters.os, 'win'), eq(parameters.arch, 'x86')) }}: - task: UseDotNet@2 displayName: Install .NET Core 6 SDK inputs: version: '6.0.424' packageType: sdk performMultiLevelLookup: true - script: ${{ variables.devCommand }} testl1 $(targetFramework) Debug ${{ parameters.os }}-${{ parameters.arch }} workingDirectory: src displayName: Functional tests - ${{ if or(parameters.unitTests, parameters.functionalTests) }}: # Publish test results - task: PublishTestResults@2 displayName: Publish Test Results **/*.trx inputs: testRunner: VSTest testResultsFiles: '**/*.trx' testRunTitle: 'Agent Tests - ${{ parameters.os }}-${{ parameters.arch }}' condition: always() # Code coverage - ${{ if and(parameters.codeCoverage, parameters.unitTests, parameters.functionalTests) }}: - script: | dotnet tool install --global dotnet-reportgenerator-globaltool dotnet tool install --global dotnet-coverage displayName: Install Code Coverage and Report Generator - script: "${{ variables.devCommand }} report $(targetFramework) Debug ${{ parameters.os }}-${{ parameters.arch }}" displayName: Generate Code Coverage report workingDirectory: src - task: PublishCodeCoverageResults@1 inputs: codeCoverageTool: 'cobertura' summaryFileLocation: _reports/**/Cobertura.xml pathToSources: src - ${{ if eq(parameters.os, 'osx') }}: - task: UseDotNet@2 inputs: packageType: 'sdk' version: '6.0.x' - ${{ if parameters.sign }}: # Signing steps - template: /.azure-pipelines/signing.yml@self parameters: layoutRoot: ${{ variables.layoutRoot }} isWindows: ${{ eq(parameters.os, 'win') }} # Publish artifacts - ${{ if parameters.publishArtifact }}: # Package .NET Core Windows dependency (VC++ Redistributable) - ${{ if eq(parameters.os, 'win') }}: - template: /.azure-pipelines/package-vcredist.yml@self parameters: layoutRoot: ${{ variables.layoutRoot }} flavor: ${{ parameters.arch }} # Create agent package zip - script: "${{ variables.devCommand }} package $(targetFramework) Release ${{ parameters.os }}-${{ parameters.arch }}" workingDirectory: src displayName: Package Release - script: "${{ variables.devCommand }} hash $(targetFramework) Release ${{ parameters.os }}-${{ parameters.arch }}" workingDirectory: src displayName: Hash Package - ${{ if parameters.verifySigning }}: # Verify all binaries are signed (generate report) - task: securedevelopmentteam.vss-secure-development-tools.build-task-codesignvalidation.CodesignValidation@0 displayName: 'Generate Codesign Report' inputs: path: ${{ variables.layoutRoot }} # Verify all binaries are signed (check report) - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1 displayName: 'Verify Codesign Report' inputs: CodesignValidation: true CodesignValidationBreakOn: WarningAbove ToolLogsNotFoundAction: Error ================================================ FILE: .azure-pipelines/build-jobs.yml ================================================ # This Yaml Document has been converted by ESAI Yaml Pipeline Conversion Tool. parameters: - name: jobName type: string - name: displayName type: string - name: pool type: object - name: container type: string default: '' - name: targetFramework type: string - name: timeoutInMinutes type: number default: 120 - name: branch type: string default: '' - name: os type: string - name: arch type: string - name: unitTests type: boolean default: true - name: functionalTests type: boolean default: true - name: codeCoverage type: boolean default: false - name: sign type: boolean - name: verifySigning type: boolean default: false - name: publishArtifacts type: boolean - name: enableADOLogIssue type: boolean default: false - name: buildAlternatePackage type: boolean default: false - name: disableSdl type: boolean default: false jobs: - template: /.azure-pipelines/build-job.yml@self parameters: jobName: ${{ parameters.jobName }} displayName: ${{ parameters.displayName }} pool: ${{ parameters.pool }} container: ${{ parameters.container }} timeoutInMinutes: ${{ parameters.timeoutInMinutes }} os: ${{ parameters.os }} arch: ${{ parameters.arch }} branch: ${{ parameters.branch }} codeCoverage: ${{ parameters.codeCoverage }} unitTests: ${{ parameters.unitTests }} functionalTests: ${{ parameters.functionalTests }} sign: ${{ parameters.sign }} verifySigning: ${{ parameters.verifySigning }} publishArtifact: ${{ parameters.publishArtifacts }} packageType: agent targetFramework: ${{ parameters.targetFramework }} - ${{ if parameters.buildAlternatePackage }}: - template: /.azure-pipelines/build-job.yml@self parameters: jobName: ${{ parameters.jobName }}_alternate displayName: ${{ parameters.displayName }} (without Node 6, Node 10) pool: ${{ parameters.pool }} container: ${{ parameters.container }} timeoutInMinutes: ${{ parameters.timeoutInMinutes }} os: ${{ parameters.os }} arch: ${{ parameters.arch }} branch: ${{ parameters.branch }} codeCoverage: false unitTests: false functionalTests: false sign: ${{ parameters.sign }} verifySigning: ${{ parameters.verifySigning }} publishArtifact: ${{ parameters.publishArtifacts }} packageType: pipelines-agent targetFramework: ${{ parameters.targetFramework }} ================================================ FILE: .azure-pipelines/get-pat.yml ================================================ steps: - task: AzureCLI@2 inputs: azureSubscription: ARM - WIF - manual scriptType: pscore scriptLocation: inlineScript inlineScript: | az account set --subscription $(SUBSCRIPTION_ID) $accessToken = az account get-access-token --resource $(RESOURCE_ID) --query accessToken --output tsv echo "##vso[task.setvariable variable=ACCESS_TOKEN;issecret=true]$accessToken" displayName: Get Access Token ================================================ FILE: .azure-pipelines/package-vcredist.yml ================================================ # This Yaml Document has been converted by ESAI Yaml Pipeline Conversion Tool. parameters: - name: layoutRoot type: string - name: flavor type: string steps: # Package .NET Core Windows dependency (VC++ Redistributable) - powershell: | Write-Host "Downloading 'VC++ Redistributable' package." $outDir = Join-Path -Path $env:TMP -ChildPath ([Guid]::NewGuid()) New-Item -Path $outDir -ItemType directory $outFile = Join-Path -Path $outDir -ChildPath "ucrt.zip" Invoke-WebRequest -Uri https://vstsagenttools.blob.core.windows.net/tools/ucrt/ucrt_${{ parameters.flavor }}.zip -OutFile $outFile Write-Host "Unzipping 'VC++ Redistributable' package to agent layout." $unzipDir = Join-Path -Path $outDir -ChildPath "unzip" Add-Type -AssemblyName System.IO.Compression.FileSystem [System.IO.Compression.ZipFile]::ExtractToDirectory($outFile, $unzipDir) $agentLayoutBin = Join-Path -Path $(Build.SourcesDirectory) -ChildPath "${{ parameters.layoutRoot }}\bin" Copy-Item -Path $unzipDir -Destination $agentLayoutBin -Force displayName: Package UCRT ================================================ FILE: .azure-pipelines/pipeline.yml ================================================ # This Yaml Document has been converted by ESAI Yaml Pipeline Conversion Tool. # This pipeline will be extended to the OneESPT template parameters: - name: targetFramework type: string default: all - name: preBuildStages type: stageList default: [] - name: postBuildStages type: stageList default: [] - name: test type: boolean default: true - name: sign type: boolean default: false - name: publishArtifacts type: boolean default: false - name: buildAlternatePackage type: boolean default: true - name: branch type: string default: '' - name: testProxyAgent type: boolean default: false - name: stageDependencies type: object default: [] - name: stageCondition type: string default: '' # Targets - name: win_x64 type: boolean default: true - name: win_x86 type: boolean default: true - name: win_arm64 type: boolean default: true - name: linux_x64 type: boolean default: true - name: linux_arm type: boolean default: true - name: linux_arm64 type: boolean default: true - name: alpine_x64 type: boolean default: true - name: alpine_arm64 type: boolean default: true - name: macOS_x64 type: boolean default: true - name: macOS_arm64 type: boolean default: true resources: repositories: - repository: 1ESPipelineTemplates type: git name: 1ESPipelineTemplates/1ESPipelineTemplates ref: refs/tags/release extends: template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates parameters: settings: skipBuildTagsForGitHubPullRequests: true featureFlags: autoBaseline: false sdl: binskim: preReleaseVersion: '4.3.1' # do not fail on CG componentgovernance: failOnAlert: false alertWarningLevel: "Never" baseline: baselineSet: default baselineFile: $(Build.SourcesDirectory)/.gdn/.gdnbaselines sourceAnalysisPool: name: 1ES-ABTT-Shared-Pool image: abtt-windows-2022 os: windows customBuildTags: - ES365AIMigrationTooling stages: - ${{ parameters.preBuildStages }} - stage: build displayName: Build ${{ if ne(length(parameters.stageDependencies), 0)}}: dependsOn: ${{ parameters.stageDependencies }} ${{ if ne(parameters.stageCondition, '') }}: condition: ${{ parameters.stageCondition }} jobs: # Test Proxy Agent - ${{ if parameters.testProxyAgent }}: - job: test_proxy_agent displayName: Test Proxy Agent ${{ if eq(parameters.targetFramework, 'all') }}: strategy: matrix: NET8.0: targetFramework: 'net8.0' NET10.0: targetFramework: 'net10.0' pool: name: 1ES-ABTT-Shared-Pool image: abtt-ubuntu-2404 os: linux variables: DisableDockerDetector: true nugetMultiFeedWarnLevel: none ${{ if ne(parameters.targetFramework, 'all') }}: targetFramework: ${{ parameters.targetFramework }} timeoutInMinutes: 300 steps: - template: /.azure-pipelines/get-pat.yml@self - bash: | cd ./.azure-pipelines/scripts/ npm install axios minimist releaseBranch="${{ parameters.branch }}" sourceBranch="$(Build.SourceBranch)" branch="${releaseBranch:-"${sourceBranch}"}" echo "Canary \"branch\" parameter: \"${branch}\"" echo "Canary \"target_framework\" parameter: \"$(targetFramework)\"" node ./run-and-verify.js \ --projectUrl "$(CANARY_PROJECT_URL)" \ --pipelineId "$(CANARY_PIPELINE_ID)" \ --token "$(ACCESS_TOKEN)" \ --templateParameters "{ \"branch\": \"${branch}\", \"target_framework\": \"$(targetFramework)\"}" displayName: Test Proxy Agent # Windows (x64) - ${{ if parameters.win_x64 }}: - template: /.azure-pipelines/build-jobs.yml@self parameters: jobName: build_windows_x64 displayName: Windows (x64) pool: name: 1ES-ABTT-Shared-Pool image: abtt-windows-2022 os: windows os: win arch: x64 branch: ${{ parameters.branch }} codeCoverage: true unitTests: ${{ parameters.test }} functionalTests: ${{ parameters.test }} sign: ${{ parameters.sign }} verifySigning: ${{ parameters.sign }} publishArtifacts: ${{ parameters.publishArtifacts }} buildAlternatePackage: ${{ parameters.buildAlternatePackage }} targetFramework: ${{ parameters.targetFramework }} # Windows (x86) - ${{ if parameters.win_x86 }}: - template: /.azure-pipelines/build-jobs.yml@self parameters: jobName: build_windows_x86 displayName: Windows (x86) pool: name: 1ES-ABTT-Shared-Pool image: abtt-windows-2022 os: windows os: win arch: x86 branch: ${{ parameters.branch }} unitTests: ${{ parameters.test }} functionalTests: ${{ parameters.test }} sign: ${{ parameters.sign }} publishArtifacts: ${{ parameters.publishArtifacts }} buildAlternatePackage: ${{ parameters.buildAlternatePackage }} targetFramework: ${{ parameters.targetFramework }} # Windows (ARM64) - ${{ if parameters.win_arm64 }}: - template: /.azure-pipelines/build-jobs.yml@self parameters: jobName: build_windows_arm64 displayName: Windows (ARM64) pool: name: 1ES-ABTT-Shared-Pool image: abtt-windows-2022 os: windows os: win arch: arm64 branch: ${{ parameters.branch }} unitTests: false functionalTests: false sign: ${{ parameters.sign }} publishArtifacts: ${{ parameters.publishArtifacts }} buildAlternatePackage: ${{ parameters.buildAlternatePackage }} targetFramework: ${{ parameters.targetFramework }} # Linux (x64) - ${{ if parameters.linux_x64 }}: - template: /.azure-pipelines/build-jobs.yml@self parameters: jobName: build_linux_x64 displayName: Linux (x64) pool: name: 1ES-ABTT-Shared-Pool image: abtt-ubuntu-2404 os: linux os: linux arch: x64 branch: ${{ parameters.branch }} unitTests: ${{ parameters.test }} functionalTests: ${{ parameters.test }} sign: ${{ parameters.sign }} publishArtifacts: ${{ parameters.publishArtifacts }} buildAlternatePackage: ${{ parameters.buildAlternatePackage }} targetFramework: ${{ parameters.targetFramework }} # Linux (ARM) - ${{ if parameters.linux_arm }}: - template: /.azure-pipelines/build-jobs.yml@self parameters: jobName: build_linux_arm displayName: Linux (ARM) pool: name: 1ES-ABTT-Shared-Pool image: abtt-ubuntu-2404 os: linux timeoutInMinutes: 75 os: linux arch: arm branch: ${{ parameters.branch }} unitTests: false functionalTests: false sign: false publishArtifacts: ${{ parameters.publishArtifacts }} buildAlternatePackage: ${{ parameters.buildAlternatePackage }} targetFramework: ${{ parameters.targetFramework }} # Linux (ARM64) - ${{ if parameters.linux_arm64 }}: - template: /.azure-pipelines/build-jobs.yml@self parameters: jobName: build_linux_arm64 displayName: Linux (ARM64) pool: name: 1ES-ABTT-Shared-ARM-64-Pool vmImage: abtt-azurelinux3_arm64 os: linux timeoutInMinutes: 75 os: linux arch: arm64 branch: ${{ parameters.branch }} unitTests: ${{ parameters.test }} functionalTests: ${{ parameters.test }} sign: false publishArtifacts: ${{ parameters.publishArtifacts }} buildAlternatePackage: ${{ parameters.buildAlternatePackage }} targetFramework: ${{ parameters.targetFramework }} # Alpine (x64) - ${{ if parameters.alpine_x64 }}: - template: /.azure-pipelines/build-jobs.yml@self parameters: jobName: build_alpine_x64 displayName: Alpine (x64) pool: name: 1ES-ABTT-Shared-Pool image: abtt-ubuntu-2404 os: linux #container: alpine os: linux-musl arch: x64 branch: ${{ parameters.branch }} unitTests: ${{ parameters.test }} functionalTests: false sign: false publishArtifacts: ${{ parameters.publishArtifacts }} buildAlternatePackage: false targetFramework: ${{ parameters.targetFramework }} # Alpine (ARM64) - ${{ if parameters.alpine_arm64 }}: - template: /.azure-pipelines/build-jobs.yml@self parameters: jobName: build_alpine_arm64 displayName: Alpine (ARM64) pool: name: 1ES-ABTT-Shared-ARM-64-Pool vmImage: abtt-azurelinux3_arm64 os: linux # container: # arm64v8/alpine (N/A) os: linux-musl arch: arm64 branch: ${{ parameters.branch }} unitTests: ${{ parameters.test }} functionalTests: false sign: false publishArtifacts: ${{ parameters.publishArtifacts }} buildAlternatePackage: false targetFramework: ${{ parameters.targetFramework }} # macOS (x64) - ${{ if parameters.macOS_x64 }}: - template: /.azure-pipelines/build-jobs.yml@self parameters: disableSdl: true jobName: build_osx displayName: macOS (x64) pool: name: Azure Pipelines image: macos-15 os: macOS os: osx arch: x64 branch: ${{ parameters.branch }} unitTests: ${{ parameters.test }} functionalTests: ${{ parameters.test }} sign: ${{ parameters.sign }} publishArtifacts: ${{ parameters.publishArtifacts }} buildAlternatePackage: ${{ parameters.buildAlternatePackage }} targetFramework: ${{ parameters.targetFramework }} # macOS (ARM64) - ${{ if parameters.macOS_arm64 }}: - template: /.azure-pipelines/build-jobs.yml@self parameters: disableSdl: true jobName: build_osx_arm64 displayName: macOS (ARM64) pool: name: Azure Pipelines image: macos-15-arm64 os: macOS os: osx arch: arm64 branch: ${{ parameters.branch }} unitTests: false functionalTests: false sign: ${{ parameters.sign }} publishArtifacts: ${{ parameters.publishArtifacts }} buildAlternatePackage: ${{ parameters.buildAlternatePackage }} targetFramework: ${{ parameters.targetFramework }} - ${{ parameters.postBuildStages }} ================================================ FILE: .azure-pipelines/scripts/Get-SigntoolPath.ps1 ================================================ function Get-Signtool() { <# .SYNOPSIS Function used to get signtool from windows SDK #> $systemBit = "x64" $programFiles = ${Env:ProgramFiles(x86)} if((Get-WmiObject Win32_Processor).AddressWidth -ne 64) { $systemBit = "x86" $programFiles = ${Env:ProgramFiles} } Write-Host "##[debug]System architecture is $systemBit" $signtoolPath = "" try { $windowsSdkPath=Get-ChildItem "$programFiles\Windows Kits\10\bin\1*" | Select-Object FullName | Sort-Object -Descending { [version](Split-Path $_.FullName -leaf)} | Select-Object -first 1 $signtoolPath = "$($windowsSdkPath.FullName)\$systemBit\signtool.exe" return $signtoolPath } catch { Write-Host "##[error]Unbable to get signtool in $signtoolPath" exit 1 } } ================================================ FILE: .azure-pipelines/scripts/RemoveSignatureForThirdPartyAssemlies.ps1 ================================================ <# .SYNOPSIS Script is used as a start point for the process of removing signature from the third party assemlies .PARAMETER LayoutRoot Parameter that contains path to the _layout directory for current agent build #> [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$LayoutRoot ) . $PSScriptRoot\Get-SigntoolPath.ps1 . $PSScriptRoot\RemoveSignatureScript.ps1 $signtoolPath = Get-Signtool | Select -Last 1 if ( ($signToolPath -ne "") -and (Test-Path -Path $signtoolPath) ) { Remove-ThirdPartySignatures -SigntoolPath "$signToolPath" -LayoutRoot "$LayoutRoot" } else { Write-Host "##[error]$signToolPath is not a valid path" exit 1 } ================================================ FILE: .azure-pipelines/scripts/RemoveSignatureScript.ps1 ================================================ function Remove-ThirdPartySignatures() { <# .SYNOPSIS The script is used to perform signature removal of third party assemblies .PARAMETER SigntoolPath Path to signtool.exe .PARAMETER LayoutRoot Parameter that contains path to the _layout directory for current agent build #> [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$SigntoolPath, [Parameter(Mandatory = $true)] [string]$LayoutRoot) $failedToUnsign = New-Object Collections.Generic.List[String] $succesfullyUnsigned = New-Object Collections.Generic.List[String] $filesWithoutSignatures = New-Object Collections.Generic.List[String] $filesCounter = 0 foreach ($tree in Get-ChildItem -Path "$LayoutRoot" -Include "*.dll","*.exe" -Recurse | select FullName) { $filesCounter = $filesCounter + 1 try { # check that file contain a signature before removal $verificationOutput = & "$SigntoolPath" verify /pa "$($tree.FullName)" 2>&1 | Write-Output $fileDoesntContainSignature = $false; if ($verificationOutput -match "No signature found.") { $fileDoesntContainSignature = $true; $filesWithoutSignatures.Add("$($tree.FullName)") $Error.clear() } if ($fileDoesntContainSignature -ne $true) { $removeOutput = & "$SigntoolPath" remove /s "$($tree.FullName)" 2>&1 | Write-Output if ($lastExitcode -ne 0) { $failedToUnsign.Add("$($tree.FullName)") $Error.clear() } else { $succesfullyUnsigned.Add("$($tree.FullName)") } } } catch { $failedToUnsign.Add("$($tree.FullName)") $Error.clear() } } Write-host "Failed to unsign - $($failedtounsign.Count)" Write-host "Succesfully unsigned - $($succesfullyUnsigned.Count)" Write-host "Files without signature - $($filesWithoutSignatures.Count)" foreach ($s in $filesWithoutSignatures) { Write-Host "File $s doesn't contain signature" } foreach ($s in $succesfullyunsigned) { Write-Host "Signature succefully removed for $s file" } if ($failedToUnsign.Count -gt 0) { foreach ($f in $failedtounsign) { Write-Host "##[error]Something went wrong, failed to process $f file" } exit 1 } exit 0 } ================================================ FILE: .azure-pipelines/scripts/run-and-verify.js ================================================ /* Script arguments: * Required: - projectUrl - pipelineId - token * Optional: - templateParameters (JSON) - intervalInSeconds (20 by default) */ const axios = require('axios'); const minimist = require('minimist'); const args = minimist(process.argv.slice(2)); const apiUrl = `${args.projectUrl}/_apis/pipelines/${args.pipelineId}/runs?api-version=7.0`; const data = {}; if (args.templateParameters) { data.templateParameters = JSON.parse(args.templateParameters); } const config = { auth: { username: 'Basic', password: args.token } }; (async () => { const run = ( await axios.post(apiUrl, data, config) ).data; const webUrl = run._links.web.href; console.log(`Pipeline run URL: ${webUrl}`); const interval = setInterval(async () => { const { state, result } = ( await axios.get(run.url, config) ).data; console.log(`Current state: "${state}"`); if (state != 'completed') return; clearInterval(interval); const message = `Pipeline run completed with result "${result}"; URL: ${webUrl}`; if (result == 'succeeded') { console.log(message); } else { console.log(`##vso[task.logissue type=error]${message}`); console.log('##vso[task.complete result=Failed]'); } }, (args.intervalInSeconds || 20) * 1000); })(); ================================================ FILE: .azure-pipelines/scripts/switch-branch.ps1 ================================================ git config user.email "azure-pipelines-bot@microsoft.com" git config user.name "azure-pipelines-bot" git checkout -f origin/$env:TARGET_BRANCH if ($LASTEXITCODE -ne 0){ Write-Error "git checkout failed with exit code $LASTEXITCODE" -ErrorAction Stop } ================================================ FILE: .azure-pipelines/scripts/switch-branch.sh ================================================ git config user.email "azure-pipelines-bot@microsoft.com" git config user.name "azure-pipelines-bot" git checkout -f origin/$TARGET_BRANCH last_exit_code=$? if [[ $last_exit_code != 0 ]]; then echo "git checkout failed with exit code $last_exit_code" exit 1 fi ================================================ FILE: .azure-pipelines/signing.yml ================================================ # This Yaml Document has been converted by ESAI Yaml Pipeline Conversion Tool. parameters: - name: layoutRoot type: string - name: isWindows type: boolean default: true steps: - ${{ if parameters.isWindows }}: - task: PowerShell@2 inputs: targetType: 'filePath' filePath: ./.azure-pipelines/scripts/RemoveSignatureForThirdPartyAssemlies.ps1 arguments: '-LayoutRoot ${{ parameters.layoutRoot }}' errorActionPreference: 'continue' displayName: Remove signatures from the third party packages condition: ne(variables['DISABLE_SIGNATURE_REMOVAL'], 'true') - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 inputs: ConnectedServiceName: $(ConnectedServiceName) UseMSIAuthentication: true AppRegistrationClientId: $(AppRegistrationClientId) AppRegistrationTenantId: $(AppRegistrationTenantId) EsrpClientId: $(EsrpClientId) AuthAKVName: $(AuthAKVName) AuthSignCertName: $(AuthSignCertName) FolderPath: '${{ parameters.layoutRoot }}/bin' Pattern: AgentService.exe signConfigType: inlineSignParams inlineOperation: | [{ "keyCode": "CP-235845-SN", "operationSetCode": "StrongNameSign", "parameters": [], "toolName": "sign", "toolVersion": "1.0" }, { "keyCode": "CP-235845-SN", "operationSetCode": "StrongNameVerify", "parameters": [], "toolName": "sign", "toolVersion": "1.0" } ] displayName: Sign Agent Assemblies (Strong Name Signing) - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 inputs: ConnectedServiceName: $(ConnectedServiceName) UseMSIAuthentication: true AppRegistrationClientId: $(AppRegistrationClientId) AppRegistrationTenantId: $(AppRegistrationTenantId) EsrpClientId: $(EsrpClientId) AuthAKVName: $(AuthAKVName) AuthSignCertName: $(AuthSignCertName) FolderPath: '${{ parameters.layoutRoot }}/bin' Pattern: | Agent.*.dll Agent.*.exe Microsoft.VisualStudio.Services.Agent.dll AgentService.exe **\AgentService.resources.dll UseMinimatch: true signConfigType: inlineSignParams inlineOperation: | [{ "keyCode": "CP-230012", "operationSetCode": "SigntoolSign", "parameters": [{ "parameterName": "OpusName", "parameterValue": "Microsoft" }, { "parameterName": "OpusInfo", "parameterValue": "http://www.microsoft.com" }, { "parameterName": "FileDigest", "parameterValue": "/fd \"SHA256\"" }, { "parameterName": "PageHash", "parameterValue": "/NPH" }, { "parameterName": "TimeStamp", "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" } ], "toolName": "sign", "toolVersion": "1.0" }, { "keyCode": "CP-230012", "operationSetCode": "SigntoolVerify", "parameters": [], "toolName": "sign", "toolVersion": "1.0" } ] displayName: Sign Agent Assemblies (Authenticode Signing) - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 inputs: ConnectedServiceName: $(ConnectedServiceName) UseMSIAuthentication: true AppRegistrationClientId: $(AppRegistrationClientId) AppRegistrationTenantId: $(AppRegistrationTenantId) EsrpClientId: $(EsrpClientId) AuthAKVName: $(AuthAKVName) AuthSignCertName: $(AuthSignCertName) FolderPath: '${{ parameters.layoutRoot }}' Pattern: | bin\powershell\**\*.ps1 bin\powershell\**\*.psm1 externals\vstshost\**\*.ps1 externals\vstshost\**\*.psd1 externals\vstshost\**\*.psm1 UseMinimatch: true signConfigType: inlineSignParams inlineOperation: | [{ "keyCode": "CP-230012", "operationSetCode": "SigntoolSign", "parameters": [{ "parameterName": "OpusName", "parameterValue": "Microsoft" }, { "parameterName": "OpusInfo", "parameterValue": "http://www.microsoft.com" }, { "parameterName": "FileDigest", "parameterValue": "/fd \"SHA256\"" }, { "parameterName": "PageHash", "parameterValue": "/NPH" }, { "parameterName": "TimeStamp", "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" } ], "toolName": "sign", "toolVersion": "1.0" }, { "keyCode": "CP-230012", "operationSetCode": "SigntoolVerify", "parameters": [], "toolName": "sign", "toolVersion": "1.0" } ] displayName: Sign PowerShell Scripts (Authenticode Signing) - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 inputs: ConnectedServiceName: $(ConnectedServiceName) UseMSIAuthentication: true AppRegistrationClientId: $(AppRegistrationClientId) AppRegistrationTenantId: $(AppRegistrationTenantId) EsrpClientId: $(EsrpClientId) AuthAKVName: $(AuthAKVName) AuthSignCertName: $(AuthSignCertName) FolderPath: '${{ parameters.layoutRoot }}' Pattern: | bin\**\*.dll bin\**\*.exe externals\**\*.exe externals\**\*.dll externals\**\*.pyd UseMinimatch: true signConfigType: inlineSignParams inlineOperation: | [{ "keyCode": "CP-231522", "operationSetCode": "SigntoolSign", "parameters": [{ "parameterName": "OpusName", "parameterValue": "Microsoft" }, { "parameterName": "OpusInfo", "parameterValue": "http://www.microsoft.com" }, { "parameterName": "Append", "parameterValue": "/as" }, { "parameterName": "FileDigest", "parameterValue": "/fd \"SHA256\"" }, { "parameterName": "PageHash", "parameterValue": "/NPH" }, { "parameterName": "TimeStamp", "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" } ], "toolName": "sign", "toolVersion": "1.0" }, { "keyCode": "CP-231522", "operationSetCode": "SigntoolVerify", "parameters": [], "toolName": "sign", "toolVersion": "1.0" } ] displayName: Sign Agent Assemblies (3rd Party Assemblies Signing) - task: DeleteFiles@1 inputs: SourceFolder: '${{ parameters.layoutRoot }}' Contents: '**\CodeSignSummary-*.md' displayName: Delete CodeSignSummary.md retryCountOnTaskFailure: 4 ================================================ FILE: .editorconfig ================================================ # NOTE: Requires **VS2019 16.3** or later # All Rules Enabled with default severity # Description: All Rules are enabled with default severity. Rules with IsEnabledByDefault = false are force enabled with default severity. [*] indent_style = space # XML project files [*.{csproj,proj,j}] indent_size = 2 [*.json] indent_size = 2 # Powershell files [*.ps1] indent_size = 2 # Shell script files [*.sh] end_of_line = lf indent_size = 4 # Code files [*.{cs,vb}] indent_size = 4 # insert_final_newline = true # TODO: Enable as warning/error and clean unused imports in the next PR # https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/style-rules/ide0005#overview dotnet_diagnostic.CS8019.severity = warning # https://github.com/dotnet/format/issues/1623 dotnet_diagnostic.IDE0130.severity = none dotnet_analyzer_diagnostic.category-Style.severity = error # Code style rules # IDE0001: Simplify Names dotnet_diagnostic.IDE0001.severity = suggestion # IDE0002: Simplify Member Access dotnet_diagnostic.IDE0002.severity = suggestion # IDE0003: Remove qualification dotnet_diagnostic.IDE0003.severity = suggestion # IDE0004: Remove Unnecessary Cast dotnet_diagnostic.IDE0004.severity = warning # Remove unnecessary using directives dotnet_diagnostic.IDE0005.severity = warning # Enforce 'var' used dotnet_diagnostic.IDE0007.severity = none # Use explicit type instead of 'var' dotnet_diagnostic.IDE0008.severity = none # IDE0010: Add missing cases dotnet_diagnostic.IDE0010.severity = none # IDE0011: Add braces dotnet_diagnostic.IDE0011.severity = suggestion # IDE0017: Simplify object initialization dotnet_diagnostic.IDE0017.severity = suggestion # IDE0018: Variable declaration can be inlined dotnet_diagnostic.IDE0018.severity = suggestion # IDE0019: Use pattern matching to avoid as followed by a null check dotnet_diagnostic.IDE0019.severity = warning # IDE0020: Use pattern matching to avoid 'is' check followed by a cast (with variable) dotnet_diagnostic.IDE0020.severity = warning # IDE0022: Use block body for method dotnet_diagnostic.IDE0022.severity = none # IDE0025: Use expression body for property dotnet_diagnostic.IDE0025.severity = suggestion # IDE0027: Use expression body for accessor dotnet_diagnostic.IDE0027.severity = suggestion # IDE0028: Simplify collection initialization dotnet_diagnostic.IDE0028.severity = suggestion # IDE0029: Null check can be simplified (ternary conditional check) dotnet_diagnostic.IDE0029.severity = suggestion # IDE0030: Null check can be simplified (nullable ternary conditional check) dotnet_diagnostic.IDE0030.severity = suggestion # IDE0031: Use null propagation dotnet_diagnostic.IDE0031.severity = suggestion # IDE0032: Use auto property dotnet_diagnostic.IDE0032.severity = suggestion # IDE0036: Order modifiers dotnet_diagnostic.IDE0036.severity = warning # IDE0038: Use pattern matching to avoid is check followed by a cast (without variable) dotnet_diagnostic.IDE0038.severity = warning # IDE0040: Add accessibility modifiers dotnet_diagnostic.IDE0040.severity = warning # IDE0041 Use 'is null' check dotnet_diagnostic.IDE0041.severity = suggestion # IDE0042: Deconstruct variable declaration dotnet_diagnostic.IDE0042.severity = suggestion # IDE0044: Add readonly modifier dotnet_diagnostic.IDE0044.severity = warning # IDE0045: Use conditional expression for assignment dotnet_diagnostic.IDE0045.severity = suggestion # IDE0046: Convert to conditional expression dotnet_diagnostic.IDE0046.severity = suggestion # IDE0047: Remove unnecessary parentheses dotnet_diagnostic.IDE0047.severity = suggestion # IDE0048 dotnet_diagnostic.IDE0048.severity = suggestion # IDE0049: Simplify Names dotnet_diagnostic.IDE0049.severity = suggestion # IDE0034: Simplify 'default' expression dotnet_diagnostic.IDE0034.severity = suggestion # IDE0054: Use compound assignment dotnet_diagnostic.IDE0054.severity = suggestion # IDE0055: Formatting rule dotnet_diagnostic.IDE0055.severity = warning # IDE0056: Use index operator dotnet_diagnostic.IDE0056.severity = suggestion # IDE0057: Substring can be simplified dotnet_diagnostic.IDE0057.severity = suggestion # IDE0058: Remove unnecessary expression value dotnet_diagnostic.IDE0058.severity = none # IDE0059: Unnecessary assignment of a value dotnet_diagnostic.IDE0059.severity = suggestion # IDE0060: Remove unused parameter dotnet_diagnostic.IDE0060.severity = warning # IDE0063: Use simple 'using' statement dotnet_diagnostic.IDE0063.severity = suggestion # IDE0066: Use switch expression dotnet_diagnostic.IDE0066.severity = suggestion # IDE0071: Simplify interpolation dotnet_diagnostic.IDE0071.severity = suggestion # IDE0074: Use compound assignment dotnet_diagnostic.IDE0074.severity = suggestion # IDE0078: Use pattern matching dotnet_diagnostic.IDE0078.severity = suggestion # IDE0083: Use pattern matching dotnet_diagnostic.IDE0083.severity = suggestion # IDE0090: Use 'new(...)' dotnet_diagnostic.IDE0090.severity = suggestion # IDE0100: Remove unnecessary equality operator dotnet_diagnostic.IDE0100.severity = warning # IDE0120: Simplify LINQ expression dotnet_diagnostic.IDE0120.severity = warning # IDE0270: Null check can be simplified (if null check) dotnet_diagnostic.IDE0270.severity = suggestion # IDE1005: Delegate invocation can be simplified. dotnet_diagnostic.IDE1005.severity = suggestion # IDE1006: Code-style naming rules dotnet_diagnostic.IDE1006.severity = warning # IDE0160: Convert to block scoped namespace dotnet_diagnostic.IDE0160.severity = none dotnet_code_quality.ca1711.allowed_suffixes = Flag|Flags # Do not declare static members on generic types dotnet_diagnostic.CA1000.severity = error # Types that own disposable fields should be disposable dotnet_diagnostic.CA1001.severity = error # Use generic event handler instances dotnet_diagnostic.CA1003.severity = error # Enums should have zero value dotnet_diagnostic.CA1008.severity = error # Collections should implement generic interface dotnet_diagnostic.CA1010.severity = error # Abstract types should not have constructors dotnet_diagnostic.CA1012.severity = silent # Mark assemblies with CLSCompliant dotnet_diagnostic.CA1014.severity = silent # Mark assemblies with assembly version dotnet_diagnostic.CA1016.severity = error # Mark assemblies with ComVisible dotnet_diagnostic.CA1017.severity = error # Mark attributes with AttributeUsageAttribute dotnet_diagnostic.CA1018.severity = error # Define accessors for attribute arguments dotnet_diagnostic.CA1019.severity = error # Use properties where appropriate dotnet_diagnostic.CA1024.severity = silent # Mark enums with FlagsAttribute dotnet_diagnostic.CA1027.severity = error # Enum Storage should be Int32 dotnet_diagnostic.CA1028.severity = error # Use events where appropriate dotnet_diagnostic.CA1030.severity = silent # Do not catch general exception types dotnet_diagnostic.CA1031.severity = silent # Implement standard exception constructors dotnet_diagnostic.CA1032.severity = suggestion # Interface methods should be callable by child types dotnet_diagnostic.CA1033.severity = silent # Nested types should not be visible dotnet_diagnostic.CA1034.severity = silent # Override methods on comparable types dotnet_diagnostic.CA1036.severity = error # Avoid empty interfaces dotnet_diagnostic.CA1040.severity = error # Provide ObsoleteAttribute message dotnet_diagnostic.CA1041.severity = error # Use Integral Or String Argument For Indexers dotnet_diagnostic.CA1043.severity = error # Properties should not be write only dotnet_diagnostic.CA1044.severity = suggestion # Declare types in namespaces dotnet_diagnostic.CA1050.severity = error # Do not declare visible instance fields dotnet_diagnostic.CA1051.severity = silent # Static holder types should be Static or NotInheritable dotnet_diagnostic.CA1052.severity = suggestion # Uri parameters should not be strings dotnet_diagnostic.CA1054.severity = silent # Uri return values should not be strings dotnet_diagnostic.CA1055.severity = silent # Uri properties should not be strings dotnet_diagnostic.CA1056.severity = silent # Types should not extend certain base types dotnet_diagnostic.CA1058.severity = error # Move pinvokes to native methods class dotnet_diagnostic.CA1060.severity = silent # Do not hide base class methods dotnet_diagnostic.CA1061.severity = error # Validate arguments of public methods # PARTIALLY COMPLETE dotnet_diagnostic.CA1062.severity = suggestion # Implement IDisposable Correctly dotnet_diagnostic.CA1063.severity = error # Exceptions should be public dotnet_diagnostic.CA1064.severity = error # Do not raise exceptions in unexpected locations dotnet_diagnostic.CA1065.severity = error # Type {0} should implement IEquatable because it overrides Equals dotnet_diagnostic.CA1066.severity = error # Override Object.Equals(object) when implementing IEquatable dotnet_diagnostic.CA1067.severity = error # CancellationToken parameters must come last dotnet_diagnostic.CA1068.severity = error # Avoid using cref tags with a prefix dotnet_diagnostic.CA1200.severity = error # Do not pass literals as localized parameters dotnet_diagnostic.CA1303.severity = silent # Specify CultureInfo dotnet_diagnostic.CA1304.severity = silent # Specify IFormatProvider dotnet_diagnostic.CA1305.severity = silent # Specify StringComparison dotnet_diagnostic.CA1307.severity = suggestion # Normalize strings to uppercase dotnet_diagnostic.CA1308.severity = suggestion # Use ordinal stringcomparison dotnet_diagnostic.CA1309.severity = suggestion # P/Invokes should not be visible dotnet_diagnostic.CA1401.severity = suggestion # Avoid excessive inheritance dotnet_diagnostic.CA1501.severity = error # Avoid excessive complexity dotnet_diagnostic.CA1502.severity = silent # Avoid unmaintainable code dotnet_diagnostic.CA1505.severity = error # Avoid excessive class coupling dotnet_diagnostic.CA1506.severity = silent # Use nameof to express symbol names dotnet_diagnostic.CA1507.severity = error # Avoid dead conditional code # TOO MANY FALSE POSITIVES dotnet_diagnostic.CA1508.severity = silent # Invalid entry in code metrics rule specification file dotnet_diagnostic.CA1509.severity = error # Identifiers should not contain underscores # Too much work to change now dotnet_diagnostic.CA1707.severity = silent # Identifiers should differ by more than case dotnet_diagnostic.CA1708.severity = suggestion # Identifiers should have correct suffix dotnet_diagnostic.CA1710.severity = error # Identifiers should not have incorrect suffix dotnet_diagnostic.CA1711.severity = error # Do not prefix enum values with type name dotnet_diagnostic.CA1712.severity = error # Flags enums should have plural names dotnet_diagnostic.CA1714.severity = error # Identifiers should have correct prefix dotnet_diagnostic.CA1715.severity = error # Identifiers should not match keywords dotnet_diagnostic.CA1716.severity = error # Only FlagsAttribute enums should have plural names dotnet_diagnostic.CA1717.severity = error # Identifier contains type name dotnet_diagnostic.CA1720.severity = error # Property names should not match get methods dotnet_diagnostic.CA1721.severity = error # Type names should not match namespaces dotnet_diagnostic.CA1724.severity = silent # Parameter names should match base declaration dotnet_diagnostic.CA1725.severity = silent # Review unused parameters dotnet_diagnostic.CA1801.severity = suggestion # Use literals where appropriate # this flags 'static readonly' as should be 'const' dotnet_diagnostic.CA1802.severity = silent # Do not ignore method results dotnet_diagnostic.CA1806.severity = suggestion # Initialize reference type static fields inline dotnet_diagnostic.CA1810.severity = error # Avoid uninstantiated internal classes dotnet_diagnostic.CA1812.severity = error # Avoid unsealed attributes dotnet_diagnostic.CA1813.severity = error # Prefer jagged arrays over multidimensional dotnet_diagnostic.CA1814.severity = error # Override equals and operator equals on value types dotnet_diagnostic.CA1815.severity = suggestion # Dispose methods should call SuppressFinalize dotnet_diagnostic.CA1816.severity = suggestion # Properties should not return arrays dotnet_diagnostic.CA1819.severity = silent # Test for empty strings using string length dotnet_diagnostic.CA1820.severity = suggestion # Remove empty Finalizers dotnet_diagnostic.CA1821.severity = error # Mark members as static dotnet_diagnostic.CA1822.severity = silent # Avoid unused private fields dotnet_diagnostic.CA1823.severity = error # Mark assemblies with NeutralResourcesLanguageAttribute dotnet_diagnostic.CA1824.severity = error # Avoid zero-length array allocations. dotnet_diagnostic.CA1825.severity = suggestion # Do not use Enumerable methods on indexable collections. Instead use the collection directly dotnet_diagnostic.CA1826.severity = suggestion # Do not use Count() or LongCount() when Any() can be used dotnet_diagnostic.CA1827.severity = suggestion # Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used dotnet_diagnostic.CA1828.severity = error # Use Length/Count property instead of Count() when available dotnet_diagnostic.CA1829.severity = suggestion # Dispose objects before losing scope dotnet_diagnostic.CA2000.severity = error # Do not lock on objects with weak identity dotnet_diagnostic.CA2002.severity = error # Consider calling ConfigureAwait on the awaited task dotnet_diagnostic.CA2007.severity = silent # Do not create tasks without passing a TaskScheduler dotnet_diagnostic.CA2008.severity = suggestion # Do not call ToImmutableCollection on an ImmutableCollection value dotnet_diagnostic.CA2009.severity = error # Always consume the value returned by methods marked with PreserveSigAttribute dotnet_diagnostic.CA2010.severity = error # Review SQL queries for security vulnerabilities dotnet_diagnostic.CA2100.severity = error # Specify marshaling for P/Invoke string arguments dotnet_diagnostic.CA2101.severity = silent # Seal methods that satisfy private interfaces dotnet_diagnostic.CA2119.severity = error # Do Not Catch Corrupted State Exceptions dotnet_diagnostic.CA2153.severity = error # Rethrow to preserve stack details. dotnet_diagnostic.CA2200.severity = error # Do not raise reserved exception types dotnet_diagnostic.CA2201.severity = suggestion # Initialize value type static fields inline dotnet_diagnostic.CA2207.severity = error # Instantiate argument exceptions correctly dotnet_diagnostic.CA2208.severity = suggestion # Non-constant fields should not be visible dotnet_diagnostic.CA2211.severity = suggestion # Disposable fields should be disposed dotnet_diagnostic.CA2213.severity = error # Do not call overridable methods in constructors dotnet_diagnostic.CA2214.severity = error # Disposable types should declare finalizer dotnet_diagnostic.CA2216.severity = error # Do not mark enums with FlagsAttribute dotnet_diagnostic.CA2217.severity = suggestion # Override GetHashCode on overriding Equals dotnet_diagnostic.CA2218.severity = error # Do not raise exceptions in finally clauses dotnet_diagnostic.CA2219.severity = error # Override Equals on overloading operator equals dotnet_diagnostic.CA2224.severity = error # Operator overloads have named alternates dotnet_diagnostic.CA2225.severity = error # Operators should have symmetrical overloads dotnet_diagnostic.CA2226.severity = error # Collection properties should be read only dotnet_diagnostic.CA2227.severity = suggestion # Implement serialization constructors dotnet_diagnostic.CA2229.severity = error # Overload operator equals on overriding value type Equals dotnet_diagnostic.CA2231.severity = error # Pass system uri objects instead of strings dotnet_diagnostic.CA2234.severity = suggestion # Mark all non-serializable fields dotnet_diagnostic.CA2235.severity = error # Mark ISerializable types with serializable dotnet_diagnostic.CA2237.severity = error # Provide correct arguments to formatting methods dotnet_diagnostic.CA2241.severity = error # Test for NaN correctly dotnet_diagnostic.CA2242.severity = error # Attribute string literals should parse correctly dotnet_diagnostic.CA2243.severity = error # Do not duplicate indexed element initializations dotnet_diagnostic.CA2244.severity = error # Do not assign a property to itself. dotnet_diagnostic.CA2245.severity = error # Assigning symbol and its member in the same statement. dotnet_diagnostic.CA2246.severity = error # Do not use insecure deserializer BinaryFormatter dotnet_diagnostic.CA2300.severity = error # Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder dotnet_diagnostic.CA2301.severity = error # Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize dotnet_diagnostic.CA2302.severity = error # Do not use insecure deserializer LosFormatter dotnet_diagnostic.CA2305.severity = error # Do not use insecure deserializer NetDataContractSerializer dotnet_diagnostic.CA2310.severity = error # Do not deserialize without first setting NetDataContractSerializer.Binder dotnet_diagnostic.CA2311.severity = error # Ensure NetDataContractSerializer.Binder is set before deserializing dotnet_diagnostic.CA2312.severity = error # Do not use insecure deserializer ObjectStateFormatter dotnet_diagnostic.CA2315.severity = error # Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver dotnet_diagnostic.CA2321.severity = error # Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing dotnet_diagnostic.CA2322.severity = error # Do not use TypeNameHandling values other than None dotnet_diagnostic.CA2326.severity = error # Do not use insecure JsonSerializerSettings dotnet_diagnostic.CA2327.severity = error # Ensure that JsonSerializerSettings are secure dotnet_diagnostic.CA2328.severity = error # Do not deserialize with JsonSerializer using an insecure configuration dotnet_diagnostic.CA2329.severity = error # Ensure that JsonSerializer has a secure configuration when deserializing dotnet_diagnostic.CA2330.severity = error # Review code for SQL injection vulnerabilities dotnet_diagnostic.CA3001.severity = error # Review code for XSS vulnerabilities dotnet_diagnostic.CA3002.severity = error # Review code for file path injection vulnerabilities dotnet_diagnostic.CA3003.severity = error # Review code for information disclosure vulnerabilities dotnet_diagnostic.CA3004.severity = error # Review code for LDAP injection vulnerabilities dotnet_diagnostic.CA3005.severity = error # Review code for process command injection vulnerabilities dotnet_diagnostic.CA3006.severity = error # Review code for open redirect vulnerabilities dotnet_diagnostic.CA3007.severity = error # Review code for XPath injection vulnerabilities dotnet_diagnostic.CA3008.severity = error # Review code for XML injection vulnerabilities dotnet_diagnostic.CA3009.severity = error # Review code for XAML injection vulnerabilities dotnet_diagnostic.CA3010.severity = error # Review code for DLL injection vulnerabilities dotnet_diagnostic.CA3011.severity = error # Review code for regex injection vulnerabilities dotnet_diagnostic.CA3012.severity = error # Do Not Add Schema By URL dotnet_diagnostic.CA3061.severity = error # Insecure DTD processing in XML dotnet_diagnostic.CA3075.severity = error # Insecure XSLT script processing. dotnet_diagnostic.CA3076.severity = error # Insecure Processing in API Design, XmlDocument and XmlTextReader dotnet_diagnostic.CA3077.severity = error # Mark Verb Handlers With Validate Antiforgery Token dotnet_diagnostic.CA3147.severity = error # Do Not Use Weak Cryptographic Algorithms dotnet_diagnostic.CA5350.severity = error # Do Not Use Broken Cryptographic Algorithms dotnet_diagnostic.CA5351.severity = error # Do Not Use Unsafe Cipher Modes dotnet_diagnostic.CA5358.severity = error # Do Not Disable Certificate Validation dotnet_diagnostic.CA5359.severity = error # Do Not Call Dangerous Methods In Deserialization dotnet_diagnostic.CA5360.severity = error # Do Not Disable SChannel Use of Strong Crypto dotnet_diagnostic.CA5361.severity = error # Do Not Refer Self In Serializable Class dotnet_diagnostic.CA5362.severity = error # Do Not Disable Request Validation dotnet_diagnostic.CA5363.severity = error # Do Not Use Deprecated Security Protocols dotnet_diagnostic.CA5364.severity = error # Do Not Disable HTTP Header Checking dotnet_diagnostic.CA5365.severity = error # Use XmlReader For DataSet Read Xml dotnet_diagnostic.CA5366.severity = error # Do Not Serialize Types With Pointer Fields dotnet_diagnostic.CA5367.severity = error # Set ViewStateUserKey For Classes Derived From Page dotnet_diagnostic.CA5368.severity = error # Use XmlReader For Deserialize dotnet_diagnostic.CA5369.severity = suggestion # Use XmlReader For Validating Reader dotnet_diagnostic.CA5370.severity = error # Use XmlReader For Schema Read dotnet_diagnostic.CA5371.severity = error # Use XmlReader For XPathDocument dotnet_diagnostic.CA5372.severity = error # Do not use obsolete key derivation function dotnet_diagnostic.CA5373.severity = error # Do Not Use XslTransform dotnet_diagnostic.CA5374.severity = error # Do Not Use Account Shared Access Signature dotnet_diagnostic.CA5375.severity = error # Use SharedAccessProtocol HttpsOnly dotnet_diagnostic.CA5376.severity = error # Use Container Level Access Policy dotnet_diagnostic.CA5377.severity = error # Do not disable ServicePointManagerSecurityProtocols dotnet_diagnostic.CA5378.severity = error # Do Not Use Weak Key Derivation Function Algorithm dotnet_diagnostic.CA5379.severity = error # Do Not Add Certificates To Root Store dotnet_diagnostic.CA5380.severity = error # Ensure Certificates Are Not Added To Root Store dotnet_diagnostic.CA5381.severity = error # Use Secure Cookies In ASP.Net Core dotnet_diagnostic.CA5382.severity = error # Ensure Use Secure Cookies In ASP.Net Core dotnet_diagnostic.CA5383.severity = error # Do Not Use Digital Signature Algorithm (DSA) dotnet_diagnostic.CA5384.severity = error # Use Rivest–Shamir–Adleman (RSA) Algorithm With Sufficient Key Size dotnet_diagnostic.CA5385.severity = error # Avoid hardcoding SecurityProtocolType value dotnet_diagnostic.CA5386.severity = error # Do Not Use Weak Key Derivation Function With Insufficient Iteration Count dotnet_diagnostic.CA5387.severity = error # Ensure Sufficient Iteration Count When Using Weak Key Derivation Function dotnet_diagnostic.CA5388.severity = error # Do Not Add Archive Item's Path To The Target File System Path dotnet_diagnostic.CA5389.severity = error # Do not hard-code encryption key dotnet_diagnostic.CA5390.severity = error # Use antiforgery tokens in ASP.NET Core MVC controllers dotnet_diagnostic.CA5391.severity = error # Use DefaultDllImportSearchPaths attribute for P/Invokes dotnet_diagnostic.CA5392.severity = silent # Do not use unsafe DllImportSearchPath value dotnet_diagnostic.CA5393.severity = error # Do not use insecure randomness dotnet_diagnostic.CA5394.severity = error # Miss HttpVerb attribute for action methods dotnet_diagnostic.CA5395.severity = error # Set HttpOnly to true for HttpCookie dotnet_diagnostic.CA5396.severity = error # Do not use deprecated SslProtocols values dotnet_diagnostic.CA5397.severity = error # Avoid hardcoded SslProtocols values dotnet_diagnostic.CA5398.severity = error # HttpClients should enable certificate revocation list checks dotnet_diagnostic.CA5399.severity = error # Ensure HttpClient certificate revocation list check is not disabled dotnet_diagnostic.CA5400.severity = error # Do not use CreateEncryptor with non-default IV dotnet_diagnostic.CA5401.severity = suggestion # Use CreateEncryptor with the default IV dotnet_diagnostic.CA5402.severity = error # Do not hard-code certificate dotnet_diagnostic.CA5403.severity = error # Analyzer version mismatch dotnet_diagnostic.CA9999.severity = error dotnet_naming_style.underscored_camel_case.capitalization = camel_case dotnet_naming_style.underscored_camel_case.required_prefix = _ # Rule to force private fields to be underscored camel case dotnet_naming_symbols.private_fields.applicable_kinds = field dotnet_naming_symbols.private_fields.applicable_accessibilities = private dotnet_naming_rule.private_fields_underscored.symbols = private_fields dotnet_naming_rule.private_fields_underscored.style = underscored_camel_case dotnet_naming_rule.private_fields_underscored.severity = suggestion ================================================ FILE: .gdn/.gdnbaselines ================================================ { "hydrated": false, "properties": { "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/baselines", "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance." }, "version": "1.0.0", "baselines": { "default": { "name": "default", "createdDate": "2024-02-20 10:22:13Z", "lastUpdatedDate": "2024-02-20 10:22:13Z" } }, "results": { "24c3ac3899a30f6cc0775a00314ef848344ec59d6429bfa50d42fd4ea866cae2": { "signature": "24c3ac3899a30f6cc0775a00314ef848344ec59d6429bfa50d42fd4ea866cae2", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Example in docs", "createdDate": "2024-02-20 10:22:13Z" }, "8d297344c1e1bf3e258d1b2ca4afb5c06636a18e5f21a336b76668c3cf8992e0": { "signature": "8d297344c1e1bf3e258d1b2ca4afb5c06636a18e5f21a336b76668c3cf8992e0", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "f9fad72c2307e7267d7c6b3b34b728a7eb5552ab3fbe26e1f3d8432de62fe8e5": { "signature": "f9fad72c2307e7267d7c6b3b34b728a7eb5552ab3fbe26e1f3d8432de62fe8e5", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "2bccc624deb3e079e5ec8f549a788ef9f8afc9cd2a00d7921e2ebc81ffc62fef": { "signature": "2bccc624deb3e079e5ec8f549a788ef9f8afc9cd2a00d7921e2ebc81ffc62fef", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "cd2a3f2e3843934826515e4f92b5bb47485d6728cf43adfb6be002b1f39b46d0": { "signature": "cd2a3f2e3843934826515e4f92b5bb47485d6728cf43adfb6be002b1f39b46d0", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "ad90cfc89d359b0392b75f577f9a61d68cb9d09d303e7e60e5bafdbdbf8f88ff": { "signature": "ad90cfc89d359b0392b75f577f9a61d68cb9d09d303e7e60e5bafdbdbf8f88ff", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "63c639fec8bb7c8c06b0fe22589d7f2e95fd3a1b9bb4010961d3c94486a91b4e": { "signature": "63c639fec8bb7c8c06b0fe22589d7f2e95fd3a1b9bb4010961d3c94486a91b4e", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "2e1df57b20080483b99c3d0aa1de7bfb007cbbbd45343560f0ea2f1477cdda7f": { "signature": "2e1df57b20080483b99c3d0aa1de7bfb007cbbbd45343560f0ea2f1477cdda7f", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "60fd239d334298ee57982ad36171899470733b0565f9bc00e4b559055bb4b65c": { "signature": "60fd239d334298ee57982ad36171899470733b0565f9bc00e4b559055bb4b65c", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "cb0545311ac45e0b78b48f086b5ab75612bb6c8a92bf4115f2f70c66bfff6ee6": { "signature": "cb0545311ac45e0b78b48f086b5ab75612bb6c8a92bf4115f2f70c66bfff6ee6", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "020b01b4118ec031d8cc6925ebf1df0aa73ff1691eabed38c71f8e032971b4b7": { "signature": "020b01b4118ec031d8cc6925ebf1df0aa73ff1691eabed38c71f8e032971b4b7", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "0e722333a0cb7a1c68f4f23bb6a2cd55f51e197cb0fce079901be64258777d9b": { "signature": "0e722333a0cb7a1c68f4f23bb6a2cd55f51e197cb0fce079901be64258777d9b", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "a5d9c9fbcf9e89b1c0b173e56bc5c36bcc1d2706fbc02253109b266428c628dd": { "signature": "a5d9c9fbcf9e89b1c0b173e56bc5c36bcc1d2706fbc02253109b266428c628dd", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "7b69a473e0bf71b21c85fd488b7078d34d3e7c8be3ab7fd3cef0d8e3af69ac64": { "signature": "7b69a473e0bf71b21c85fd488b7078d34d3e7c8be3ab7fd3cef0d8e3af69ac64", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "d4a48c94f2e9feb9ac86451e56cf788f42442371f9eee17eb33a75ff174fe93f": { "signature": "d4a48c94f2e9feb9ac86451e56cf788f42442371f9eee17eb33a75ff174fe93f", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "01462e1d7e4c0bbe58b525a90f718a86b40e0e07c1e52f6b70783d3d82bb1819": { "signature": "01462e1d7e4c0bbe58b525a90f718a86b40e0e07c1e52f6b70783d3d82bb1819", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "d295cac3872ea43d805ece11f6f89ad1e73c525c6fd1dd20a70486a362ac35b2": { "signature": "d295cac3872ea43d805ece11f6f89ad1e73c525c6fd1dd20a70486a362ac35b2", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" }, "85b71727a6d63622ddd1e13b79d79161e65ffe16c08f0a422f4957e2f527860d": { "signature": "85b71727a6d63622ddd1e13b79d79161e65ffe16c08f0a422f4957e2f527860d", "alternativeSignatures": [], "memberOf": [ "default" ], "justification": "Unit test data", "createdDate": "2024-02-20 10:22:13Z" } } } ================================================ FILE: .gitattributes ================================================ ############################################################################### # Set default behavior to automatically normalize line endings. ############################################################################### * text=auto # Shell scripts should always use line feed not crlf *.sh text eol=lf ############################################################################### # Set default behavior for command prompt diff. # # This is need for earlier builds of msysgit that does not have it on by # default for csharp files. # Note: This is only used by command line ############################################################################### #*.cs diff=csharp ############################################################################### # Set the merge driver for project and solution files # # Merging from the command prompt will add diff markers to the files if there # are conflicts (Merging from VS is not affected by the settings below, in VS # the diff markers are never inserted). Diff markers may cause the following # file extensions to fail to load in VS. An alternative would be to treat # these files as binary and thus will always conflict and require user # intervention with every merge. To do so, just uncomment the entries below ############################################################################### *.js text *.json text *.resjson text *.htm text *.html text *.xml text *.txt text *.ini text *.inc text #*.sln merge=binary #*.csproj merge=binary #*.vbproj merge=binary #*.vcxproj merge=binary #*.vcproj merge=binary #*.dbproj merge=binary #*.fsproj merge=binary #*.lsproj merge=binary #*.wixproj merge=binary #*.modelproj merge=binary #*.sqlproj merge=binary #*.wwaproj merge=binary ############################################################################### # behavior for image files # # image files are treated as binary by default. ############################################################################### *.png binary *.jpg binary *.jpeg binary *.gif binary *.ico binary *.mov binary *.mp4 binary *.mp3 binary *.flv binary *.fla binary *.swf binary *.gz binary *.zip binary *.7z binary *.ttf binary ############################################################################### # diff behavior for common document formats # # Convert binary document formats to text before diffing them. This feature # is only available from the command line. Turn it on by uncommenting the # entries below. ############################################################################### *.doc diff=astextplain *.DOC diff=astextplain *.docx diff=astextplain *.DOCX diff=astextplain *.dot diff=astextplain *.DOT diff=astextplain *.pdf diff=astextplain *.PDF diff=astextplain *.rtf diff=astextplain *.RTF diff=astextplain ================================================ FILE: .github/CODEOWNERS ================================================ # Global rule: * @microsoft/azure-pipelines-tasks-and-agent @microsoft/azure-pipelines-platform ================================================ FILE: .github/ISSUE_TEMPLATE/bug.yml ================================================ name: Bug description: File a bug report title: "[BUG]: " labels: ["bug"] body: - type: markdown attributes: value: | Thanks for taking the time to fill out this bug report! - type: markdown attributes: value: | ## Having issue with Tasks? Log an issue at [Azure-Pipelines-Tasks](https://github.com/Microsoft/azure-pipelines-tasks). It contains all of the in-box tasks we ship with Azure-Pipelines/VSTS/TFS. If you're having issues with tasks in Build/Release jobs (e.g. unreasonable task failure) please log an issue there. - type: textarea id: what-happened attributes: label: What happened? description: What did you do? What happened? What did you expect to happen? placeholder: Put your description of the bug here. validations: required: true - type: textarea id: versions attributes: label: Versions description: Specify the agent version and operation system version placeholder: Azure DevOps version 2.100.1 / Windows 10 validations: required: true - type: checkboxes id: environment-type attributes: label: Environment type (Please select at least one enviroment where you face this issue) options: - label: Self-Hosted - label: Microsoft Hosted - label: VMSS Pool - label: Container - type: dropdown id: azure-devops-type attributes: label: Azure DevOps Server type options: - dev.azure.com (formerly visualstudio.com) - Azure DevOps Server (Please specify exact version in the textbox below) validations: required: true - type: input id: azure-devops-server-datails attributes: label: Azure DevOps Server Version (if applicable) placeholder: Azure DevOps Server 2019.1 - type: input id: operation-system attributes: label: Operation system placeholder: Windows 11, Ubuntu 20.04... - type: input id: version-control-type attributes: label: Version controll system - type: textarea id: logs attributes: label: Relevant log output description: | Please copy and paste any relevant log output. You can find it in the _diag folder or on the pipelines logs on ADO side render: shell ================================================ FILE: .github/ISSUE_TEMPLATE/config.yml ================================================ blank_issues_enabled: false contact_links: - name: Developer Community url: https://developercommunity.visualstudio.com/AzureDevOps about: For other Azure DevOps issues - name: Tasks issue url: https://github.com/microsoft/azure-pipelines-tasks/issues/new about: If you have issues with tasks, please place your issues here. - name: Security issue url: https://github.com/microsoft/azure-pipelines-agent/security/policy about: For security issues, please check our policy - name: Issue with YAML url: https://github.com/Microsoft/azure-pipelines-yaml about: Over there we discuss YAML templates, samples for Azure Pipelines, and designs for upcoming YAML features. Also a place for the community to share best practices, ideas, and so on. File suggestions and issues here if they're specific to YAML pipelines. ================================================ FILE: .github/ISSUE_TEMPLATE/feature.yml ================================================ name: Feature request description: Use this template to submit a feature request title: "[enhancement]: " labels: ["enhancement"] body: - type: markdown attributes: value: | Thanks for taking the time to raise a question - type: markdown attributes: value: | ## Having issue with Tasks? Log an issue at [Azure-Pipelines-Tasks](https://github.com/Microsoft/azure-pipelines-tasks). It contains all of the in-box tasks we ship with Azure-Pipelines/VSTS/TFS. If you're having issues with tasks in Build/Release jobs (e.g. unreasonable task failure) please log an issue there. - type: textarea id: what-happened attributes: label: Describe your feature request here placeholder: Put your question here. description: Please try to provide as much details as possible validations: required: true ================================================ FILE: .github/ISSUE_TEMPLATE/question.yml ================================================ name: Help needed description: Raise a question title: "[Question]: " labels: ["helpwanted"] body: - type: markdown attributes: value: | Thanks for taking the time to raise a question - type: markdown attributes: value: | ## Having issue with Tasks? Log an issue at [Azure-Pipelines-Tasks](https://github.com/Microsoft/azure-pipelines-tasks). It contains all of the in-box tasks we ship with Azure-Pipelines/VSTS/TFS. If you're having issues with tasks in Build/Release jobs (e.g. unreasonable task failure) please log an issue there. - type: textarea id: what-happened attributes: label: Describe your question placeholder: Put your question here. validations: required: true - type: textarea id: versions attributes: label: Versions description: Specify the agent version and operation system version placeholder: Azure DevOps version 2.100.1 / Windows 10 validations: required: true - type: checkboxes id: environment-type attributes: label: Environment type (Please select at least one enviroment where you face this issue) options: - label: Self-Hosted - label: Microsoft Hosted - label: VMSS Pool - label: Container - type: dropdown id: azure-devops-type attributes: label: Azure DevOps Server type options: - dev.azure.com (formerly visualstudio.com) - Azure DevOps Server (Please specify exact version in the textbox below) validations: required: true - type: input id: operation-system attributes: label: Operation system placeholder: Windows 11, Ubuntu 20.04... - type: input id: version-control-type attributes: label: Version controll system - type: input id: azure-devops-server-datails attributes: label: Azure DevOps Server Version (if applicable) placeholder: Azure DevOps Server 2019.1 ================================================ FILE: .github/ISSUE_TEMPLATE.md ================================================ ## Having issue with YAML? Please log an issue at [Azure-Pipelines-YAML](https://github.com/Microsoft/azure-pipelines-yaml). Over there we discuss YAML templates, samples for Azure Pipelines, and designs for upcoming YAML features. Also a place for the community to share best practices, ideas, and so on. File suggestions and issues here if they're specific to YAML pipelines. ## Having issue with Tasks? Log an issue at [Azure-Pipelines-Tasks](https://github.com/Microsoft/azure-pipelines-tasks). It contains all of the in-box tasks we ship with Azure-Pipelines/VSTS/TFS. If you're having issues with tasks in Build/Release jobs (e.g. unreasonable task failure) please log an issue there. ## Having issue with software on Hosted Agent? Log an issue at [Hosted Agent Image Repository](https://github.com/actions/virtual-environments). It contains the VM image used in the Azure Pipelines Hosted Agent Pool. If you're having Build/Release failures that seems like they are related to software installed on the Hosted Agent (e.g. the `dotnet` SDK is missing or the Azure SDK is not on the latest version) please log an issue there. ## Having generic issue with Azure-Pipelines/VSTS/TFS? Please report it on [Developer Community](https://developercommunity.visualstudio.com/spaces/21/index.html) ## Have you tried troubleshooting? [Troubleshooting doc](https://www.visualstudio.com/en-us/docs/build/troubleshooting) ## Agent Version and Platform Version of your agent? 2.144.0/2.144.1/... OS of the machine running the agent? OSX/Windows/Linux/... ## Azure DevOps Type and Version dev.azure.com (formerly visualstudio.com) or on-premises TFS/Azure DevOps Server? If on-premises, which release? 2015.0, 2017.1, 2019 RC2, etc. If dev.azure.com, what is your organization name? https://dev.azure.com/{organization} or https://{organization}.visualstudio.com ## What's not working? Please include error messages and screenshots. ## Agent and Worker's Diagnostic Logs Logs are located in the agent's `_diag` folder. The agent logs are prefixed with `Agent_` and the worker logs are prefixed with `Worker_`. All sensitive information should already be masked out, but please double-check before pasting here. ================================================ FILE: .github/copilot-instructions.md ================================================ # GitHub Copilot Instructions for Azure Pipelines Agent This repository contains the Azure Pipelines Agent, a cross-platform build and release agent written in C# for .NET Core. When working with this codebase, follow these guidelines and use the provided development tools. ## Project Structure - **Source Code**: All source code is in the `src/` directory - **Build Scripts**: Use `src/dev.sh` (Linux/macOS) or `src/dev.cmd` (Windows) - **Agent Layout**: Built agent is placed in `{root}/{runtime_id}/_layout` - **Documentation**: Available in `docs/` directory ## Development Workflow ### Initial Setup ```bash # Clone and navigate to source git clone https://github.com/microsoft/azure-pipelines-agent cd ./src # First time setup - creates full agent layout ./dev.sh layout ``` ### Build Commands All commands should be run from the `src/` directory: #### Linux/macOS ```bash ./dev.sh {command} [target_framework] [build_config] [runtime_id] [test_filters] ``` #### Windows ```cmd dev {command} [target_framework] [build_config] [runtime_id] [test_filters] ``` ### Available Commands | Command | Short | Description | |---------|-------|-------------| | `layout` | `l` | Create full agent layout in `{root}/{runtime_id}/_layout` (run first time) | | `build` | `b` | Build everything and update agent layout folder | | `test` | `t` | Build agent binaries and run unit tests for current platform | | `testl0` | `l0` | Run L0 (unit) tests only | | `testl1` | `l1` | Run L1 (integration) tests only | | `package` | `p` | Create distribution packages | | `hash` | | Generate hash files | | `report` | | Generate test reports | | `lint` | | Run code linting | | `lint-verify` | | Verify linting rules | ### Normal Development Flow ```bash # 1. Initial layout (first time only) ./dev.sh layout # 2. Make code changes # ... edit files ... # 3. Build and test ./dev.sh build ./dev.sh test # 4. Commit changes git add . git commit -m "Your changes" git push ``` ## Project Details ### Technology Stack - **Language**: C# (.NET Core) - **Target Framework**: net6.0 (default), net8.0 supported - **Platforms**: Windows (x64, x86, ARM64), macOS (x64, ARM64), Linux (x64, ARM) - **Build System**: MSBuild with custom scripts ### Key Components - **Agent.Listener**: Main agent listener service - **Agent.Worker**: Task execution worker - **Agent.PluginHost**: Plugin hosting environment - **Agent.Plugins**: Built-in plugins - **Agent.Sdk**: SDK for agent development ### Dependencies - **.NET SDK**: Automatically downloaded if not present - **Git**: Required for development (Git for Windows on Windows) - **Node.js**: For certain pipeline tasks ## Testing ### Test Types - **L0 Tests**: Unit tests (`./dev.sh testl0`) - **L1 Tests**: Integration tests (`./dev.sh testl1`) ### Test Filters Add custom test filters as the 5th parameter: ```bash ./dev.sh test net6.0 Debug osx-arm64 "TestCategory=YourCategory" ``` ## Debugging ### Debug Mode Run the agent with debug mode: ```bash ./config.sh --debug ./run.sh --debug ``` ### Environment Variables for Debugging - `VSTSAGENT_DEBUG_TASK`: Debug specific tasks by ID or name+version ## Build Configurations ### Available Configurations - **Debug**: Development builds with debug symbols - **Release**: Production builds optimized for performance ### Runtime IDs Common runtime identifiers: - `win-x64`, `win-x86`, `win-arm64` - `osx-x64`, `osx-arm64` - `linux-x64`, `linux-arm`, `linux-arm64` - `rhel.6-x64` ### Package Types - `agent` (default): Full agent package - `pipelines-agent`: Pipelines-specific package (excludes Node 6/10) ## Code Style Follow the [.NET Foundation coding guidelines](https://github.com/dotnet/corefx/blob/master/Documentation/coding-guidelines/coding-style.md): - Use PascalCase for public members - Use camelCase for private fields - Use meaningful names - Keep methods focused and small - Include XML documentation for public APIs ## Common Tasks ### Adding New Features 1. Create/modify source files in appropriate `src/` subdirectories 2. Add unit tests in `src/Test/` 3. Build and test: `./dev.sh build && ./dev.sh test` 4. Update documentation if needed ### Troubleshooting Build Issues - **"unzip not found"**: Install unzip (`sudo apt install unzip` on WSL) - **Missing dependencies**: Run `./dev.sh layout` to restore - **Test failures**: Check platform-specific test filters ### Working with Agent Layout The built agent in `_layout/` can be used for: - Local testing and debugging - Manual agent installation - Testing pipeline integration To configure and run the built agent: ```bash cd {root}/{runtime_id}/_layout ./config.sh ./run.sh ``` ## Best Practices 1. **Always run layout first** when starting development 2. **Build before testing** to ensure latest changes are included 3. **Run tests** before committing to catch regressions 4. **Use appropriate runtime ID** for your target platform 5. **Follow the normal dev flow** for consistent results ## Additional Resources - [Contributing Guide](../docs/contribute.md) - [Azure DevOps Agent Documentation](https://docs.microsoft.com/azure/devops/pipelines/agents/) - [Self-hosted Agent Installation](https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/windows-agent?view=azure-devops) ================================================ FILE: .github/labelChecker/.npmrc ================================================ registry=https://pkgs.dev.azure.com/mseng/PipelineTools/_packaging/PipelineTools_PublicPackages/npm/registry/ always-auth=true ================================================ FILE: .github/labelChecker/index.js ================================================ const rm = require('typed-rest-client/RestClient'); const core = require('@actions/core'); const github = require('@actions/github'); async function main() { try { const issueTypes = ['bug', 'enhancement', 'misc', 'internal']; const pullRequestNumber = github.context.issue.number; console.log(`Running for PR: ${pullRequestNumber}\n`); let rest = new rm.RestClient('labelChecker'); console.log('Getting label info\n'); let res = await rest.get(`https://api.github.com/repos/microsoft/azure-pipelines-agent/issues/${pullRequestNumber}/labels`); console.log(`Labels: ${JSON.stringify(res.result)}`); let labelCount = 0; res.result.forEach(tag => { let name = tag.name.toLowerCase(); if (issueTypes.indexOf(name) > -1) { console.log(`Found tag: ${name}`); labelCount++; } }); if (labelCount === 0) { throw `Must be labeled one of ${issueTypes.join(', ')}` } if (labelCount > 1) { throw `Cannot contain more than one label of ${issueTypes.join(', ')}. Currently contains ${labelCount}` } } catch (err) { core.setFailed(err); } } main(); ================================================ FILE: .github/labelChecker/package.json ================================================ { "name": "labelchecker", "version": "1.0.0", "description": "", "main": "index.js", "scripts": { "test": "echo \"Error: no test specified\" && exit 1" }, "author": "", "license": "ISC", "dependencies": { "@actions/core": "1.2.6", "@actions/github": "2.1.1", "typed-rest-client": "2.3.0" } } ================================================ FILE: .github/pull_request_template.md ================================================ ### **Context** _Explain the context or motivation behind this PR. Include links to any related Azure DevOps Work Items or GitHub issues._ 📌 [How to link to ADO Work Items](https://learn.microsoft.com/en-us/azure/devops/boards/github/link-to-from-github?view=azure-devops) --- ### **Description** _Provide a concise summary of the changes introduced in this PR._ --- ### **Risk Assessment** (Low / Medium / High) _Assess the risk level and justify your assessment. For example: code path sensitivity, usage scope, or backward compatibility concerns._ --- ### **Unit Tests Added or Updated** (Yes / No) _Indicate whether unit tests were added or modified to reflect the changes._ --- ### **Additional Testing Performed** _List manual or automated tests performed beyond unit tests (e.g., integration, scenario, regression)._ --- ### **Change Behind Feature Flag** (Yes / No) _Can this change be behine feature flag, if not why?_ --- ### **Tech Design / Approach** - Design has been written and reviewed. - Any architectural decisions, trade-offs, and alternatives are captured. --- ### **Documentation Changes Required** (Yes/No) _Indicate whether related documentation needs to be updated._ - User guides, API specs, system diagrams, or runbooks are updated. --- ### **Logging Added/Updated** (Yes/No) - Appropriate log statements are added with meaningful messages. - Logging does not expose sensitive data. - Log levels are used correctly (e.g., info, warn, error). --- ### **Telemetry Added/Updated** (Yes/No) - Custom telemetry (e.g., counters, timers, error tracking) is added as needed. - Events are tagged with proper metadata for filtering and analysis. - Telemetry is validated in staging or test environments. --- ### **Rollback Scenario and Process** (Yes/No) - Rollback plan is documented. --- ### **Dependency Impact Assessed and Regression Tested** (Yes/No) - All impacted internal modules, APIs, services, and third-party libraries are analyzed. - Results are reviewed and confirmed to not break existing functionality. ================================================ FILE: .github/workflows/autoAssignABTT.yml ================================================ name: Auto Assign ABTT to Project Board on: issues: types: - opened jobs: assign_one_project: runs-on: ubuntu-latest permissions: issues: write name: Assign to ABTT Project steps: - name: "Add triage and area labels" uses: actions-ecosystem/action-add-labels@v1 with: github_token: ${{ secrets.GITHUB_TOKEN }} labels: | Area: Agent triage - name: "Assign issues with 'Area: ABTT' label to project board" uses: actions/add-to-project@v0.4.1 with: project-url: https://github.com/orgs/microsoft/projects/755 github-token: ${{ secrets.ABTT_TOKEN }} ================================================ FILE: .github/workflows/labelChecker.yml ================================================ # This workflow ensures that all PRs are correctly labeled name: LabelChecker on: [pull_request] jobs: label: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - run: | cd .github/labelChecker npm install node index.js ================================================ FILE: .github/workflows/localization-automerge.yml ================================================ name: 'LEGO automerge' on: pull_request: types: - opened branches: - Localization jobs: worker: runs-on: ubuntu-latest permissions: issues: write if: github.actor == 'csigs' steps: - uses: actions-ecosystem/action-add-labels@v1 with: github_token: ${{ secrets.GITHUB_TOKEN }} labels: enhancement - uses: actions/github-script@v3 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | github.pulls.merge({ owner: context.payload.repository.owner.login, repo: context.payload.repository.name, pull_number: context.payload.pull_request.number, merge_method: 'squash' }) ================================================ FILE: .github/workflows/stale.yml ================================================ name: Mark stale issues and pull requests on: schedule: - cron: "0 * * * *" jobs: stale: runs-on: ubuntu-latest permissions: issues: write steps: - uses: actions/stale@v3 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue has had no activity in 180 days. Please comment if it is not actually stale' stale-issue-label: 'stale' days-before-stale: 180 days-before-close: 7 exempt-pr-label: 'no-stale' exempt-issue-label: 'no-stale' ================================================ FILE: .gitignore ================================================ **/bin **/obj **/libs **/*.xproj **/*.xproj.user **/.vs **/.vscode **/*.error **/*.json.pretty **/.taskkey node_modules **/node_modules _downloads _hashes _l1 _layout _package _package_hash _reports _dotnetsdk TestResults TestLogs .DS_Store **/*.DotSettings.user src/Misc/dotnet-install.* #generated src/Microsoft.VisualStudio.Services.Agent/BuildConstants.cs ================================================ FILE: .vsts.ci.yml ================================================ # This Yaml Document has been converted by ESAI Yaml Pipeline Conversion Tool. parameters: - name: testProxyAgent type: boolean displayName: Test Proxy Agent default: true # Targets - name: win_x64 type: boolean displayName: Windows (x64) default: true - name: win_x86 type: boolean displayName: Windows (x86) default: true - name: win_arm64 type: boolean displayName: Windows (ARM64) default: true - name: linux_x64 type: boolean displayName: Linux (x64) default: true - name: linux_arm type: boolean displayName: Linux (ARM) default: false - name: linux_arm64 type: boolean displayName: Linux (ARM64) default: false - name: alpine_x64 type: boolean displayName: Alpine (x64) default: true - name: alpine_arm64 type: boolean displayName: Alpine (ARM64) default: true - name: macOS_x64 type: boolean displayName: macOS (x64) default: true - name: macOS_arm64 type: boolean displayName: macOS (ARM64) default: true pr: branches: include: - '*' paths: exclude: - 'docs/*' extends: template: /.azure-pipelines/pipeline.yml@self parameters: publishArtifacts: ${{ ne(variables['Build.Reason'], 'PullRequest') }} buildAlternatePackage: false testProxyAgent: ${{ parameters.testProxyAgent }} targetFramework: 'all' win_x64: ${{ parameters.win_x64 }} win_x86: ${{ parameters.win_x86 }} win_arm64: ${{ parameters.win_arm64 }} linux_x64: ${{ parameters.linux_x64 }} linux_arm: ${{ parameters.linux_arm }} linux_arm64: ${{ parameters.linux_arm64 }} alpine_x64: ${{ parameters.alpine_x64 }} alpine_arm64: ${{ parameters.alpine_arm64 }} macOS_x64: ${{ parameters.macOS_x64 }} macOS_arm64: ${{ parameters.macOS_arm64 }} ================================================ FILE: .vsts.release.yml ================================================ # This Yaml Document has been converted by ESAI Yaml Pipeline Conversion Tool. trigger: branches: include: - '*' paths: include: - release - .azure-pipelines - .vsts.release.yml pr: branches: include: - '*' paths: include: - release - .azure-pipelines - .vsts.release.yml parameters: - name: version type: string displayName: Version default: 'NotSet' - name: targetFramework displayName: Target framework type: string default: net8.0 values: - net8.0 - net10.0 - name: derivedFrom type: string displayName: Derived From Version default: 'lastMinorRelease' values: - 'lastMinorRelease' - name: skipTests type: boolean default: false displayName: Skip Tests # buildStageOnly is useful for testing changes of the build stage which cannot be tested # in the ci project, like signing, without actually doing a release - name: buildStageOnly type: boolean default: false displayName: Build Stage Only - name: onlyGitHubRelease type: boolean default: false displayName: Release only for GitHub - name: testProxyAgent type: boolean default: true displayName: Test Proxy Agent - name: disableNotifications type: boolean default: false displayName: Disable Teams Notifications # Skip CG variables: - name: OneES_JobScannedCount value: 1 extends: template: /.azure-pipelines/pipeline.yml@self parameters: branch: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.releaseBranch'] ] test: ${{ not(parameters.skipTests) }} sign: true publishArtifacts: true targetFramework: ${{ parameters.targetFramework }} testProxyAgent: ${{ parameters.testProxyAgent }} stageDependencies: - Verify_release - Create_Release_Branch stageCondition: | and( succeeded('Verify_release'), in(dependencies.Create_Release_Branch.result, 'Succeeded', 'Skipped') ) preBuildStages: - stage: Verify_release displayName: Verify it's a release run pool: name: 1ES-ABTT-Shared-Pool image: abtt-ubuntu-2404 os: linux jobs: - job: Set_variables displayName: Set release-specific variables steps: - pwsh: | $isBuildStageOnly = [System.Convert]::ToBoolean('${{ parameters.buildStageOnly }}') $buildReason = '$(Build.Reason)' $currentSprint = (Invoke-WebRequest https://whatsprintis.it -Headers @{"Accept" = "application/json" } | ConvertFrom-Json) $isReleaseWeek = $currentSprint.week -eq 3 Write-Host "isReleaseWeek = $isReleaseWeek" $isRelease = ($buildReason -eq 'Manual' -and !$isBuildStageOnly) -or ($buildReason -eq 'Schedule' -and $isReleaseWeek) Write-Host "isRelease = $isRelease" Write-Host "##vso[task.setVariable variable=isRelease;isOutput=true]$isRelease" $isTestRun = ($buildReason -eq 'IndividualCI' -or $buildReason -eq 'PullRequest') Write-Host "isTestRun = $isTestRun" Write-Host "##vso[task.setVariable variable=isTestRun;isOutput=true]$isTestRun" $isScheduledRelease = $isRelease -and $buildReason -eq 'Schedule' Write-Host "isScheduledRelease = $isScheduledRelease" if ($isRelease -or $isTestRun) { if ($isScheduledRelease -or $isTestRun) { $majorAndMinorVersion = "3.$($currentSprint.sprint)" $patchVersion = 0 ## Looking for a free patch version while ($true) { $agentVersion = "$majorAndMinorVersion.$patchVersion" git ls-remote --exit-code --heads origin refs/heads/releases/$agentVersion if ($LASTEXITCODE -ne 0) { if ($LASTEXITCODE -eq 2) { $LASTEXITCODE = 0 break } else { Write-Error "git ls-remote failed with exit code $LASTEXITCODE" -ErrorAction Stop } } $patchVersion++ } } else { $agentVersion = "${{ parameters.version }}" if ($agentVersion -eq 'NotSet') { Write-Error "Version parameter is required for manual release." -ErrorAction Stop } ## Verify target framework for specified version $majorVersion = $agentVersion.Split('.')[0] if (("${{ parameters.targetFramework }}" -eq "net8.0" -and $majorVersion -ne "4") -or ("${{ parameters.targetFramework }}" -eq "net10.0" -and $majorVersion -ne "5")) { Write-Error "The major version should be 4 for net8.0 and 5 for net10.0" -ErrorAction Stop } } if ($isTestRun) { $agentVersion = '3.000.999' } Write-Host "agentVersion = $agentVersion" Write-Host "##vso[task.setVariable variable=agentVersion;isOutput=true]$agentVersion" $releaseBranch = "releases/$agentVersion" Write-Host "releaseBranch = $releaseBranch" Write-Host "##vso[task.setVariable variable=releaseBranch;isOutput=true]$releaseBranch" } name: SetReleaseVariables displayName: Set release-specific variables - stage: Create_Release_Branch displayName: Create Release Branch dependsOn: - Verify_release jobs: ################################################################################ - job: Create_Release_Branch ################################################################################ displayName: Create Release Branch variables: IsTestRun: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.isTestRun'] ] IsRelease: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.isRelease'] ] ReleaseBranch: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.releaseBranch'] ] AgentVersion: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.agentVersion'] ] condition: and(succeeded(), or(eq(variables.IsRelease, 'True'), eq(variables.IsTestRun, 'True'))) pool: name: 1ES-ABTT-Shared-Pool image: abtt-ubuntu-2404 os: linux steps: - checkout: self - task: NodeTool@0 displayName: Use node 20.20.0 inputs: versionSpec: "20.20.0" - script: | cd release npm ci node createReleaseBranch.js $(AgentVersion) --derivedFrom=${{ parameters.derivedFrom }} --targetCommitId=$(Build.SourceVersion) env: EDITOR: cat PAT: $(GithubToken) displayName: Push release branch to GitHub postBuildStages: - stage: Release dependsOn: - build - Verify_release jobs: ################################################################################ - job: publish_agent_packages ################################################################################ displayName: Publish Agents (Windows/Linux/OSX) pool: name: 1ES-ABTT-Shared-Pool image: abtt-windows-2025 os: windows demands: AzurePS variables: IsTestRun: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.isTestRun'] ] IsRelease: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.isRelease'] ] ReleaseBranch: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.releaseBranch'] ] AgentVersion: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.agentVersion'] ] condition: and(succeeded(), or(eq(variables.IsRelease, 'True'), eq(variables.IsTestRun, 'True'))) steps: # Clean - checkout: self clean: true - task: PowerShell@2 displayName: Switch to release branch inputs: filePath: .azure-pipelines/scripts/switch-branch.ps1 env: TARGET_BRANCH: $(ReleaseBranch) # Download all agent packages from all previous phases - task: DownloadBuildArtifacts@0 displayName: Download Agent Packages inputs: artifactName: agent # Upload agent packages to Azure blob storage and refresh Azure CDN - task: AzurePowerShell@5 displayName: Upload to Azure Blob inputs: pwsh: true azurePowerShellVersion: 'LatestVersion' azureSubscription: 'azure-pipelines-agent-vstsagentpackage-oauth' scriptType: 'InlineScript' inline: | Write-Host "Preloading Azure modules." # This is for better performance, to avoid module-autoloading. Import-Module Azure, Az.Accounts, Az.Storage, Az.Cdn -ErrorAction Ignore -PassThru $uploadFiles = New-Object System.Collections.ArrayList Select-AzSubscription -SubscriptionId $(SubscriptionId) $storageContext = New-AzStorageContext -StorageAccountName vstsagentpackage -UseConnectedAccount $versionDir = "$(AgentVersion)" $container = "agent" $isTestContainer = "$(IsTestRun)" Write-Host "isTestContainer = $isTestContainer" if ($isTestContainer -eq "True") { $container = "testagent" New-AzStorageContainer -Context $storageContext -Name $container -Permission Off } Write-Host "container = $container" Get-ChildItem -LiteralPath "$(System.ArtifactsDirectory)/agent" | ForEach-Object { $target=$_ $fullPath = $target.FullName Get-ChildItem -LiteralPath "$fullPath" -Include "*.zip","*.tar.gz" | ForEach-Object { $executable = $_ $execFullPath = $executable.FullName $execName = $executable.Name Write-Host "Uploading $execName to BlobStorage vstsagentpackage/$container/$versionDir" Set-AzStorageBlobContent -Context $storageContext -Container $container -File "$execFullPath" -Blob "$versionDir/$execName" -Force $uploadFiles.Add("/$container/$versionDir/$execName") } } # Clean up blob container with test agent version - task: AzurePowerShell@5 displayName: Delete Azure Blob container with test agent version condition: and(succeeded(), eq(variables.IsTestRun, 'True')) inputs: pwsh: true azurePowerShellVersion: 'LatestVersion' azureSubscription: 'azure-pipelines-agent-vstsagentpackage-oauth' scriptType: 'InlineScript' inline: | Import-Module Azure, Az.Accounts, Az.Storage -ErrorAction Ignore -PassThru Select-AzSubscription -SubscriptionId $(SubscriptionId) $storageContext = New-AzStorageContext -StorageAccountName vstsagentpackage -UseConnectedAccount $container = 'testagent' Remove-AzStorageContainer -Name $container -Context $storageContext -Force # Download all agent hashes created in previous phases - task: DownloadBuildArtifacts@0 displayName: Download Agent Hashes inputs: artifactName: hash downloadPath: $(Build.SourcesDirectory)/_hashes # Fill release notes with agent version and package hashes - script: | cd release node fillReleaseNotesTemplate.js $(AgentVersion) displayName: Fill release notes # Create agent release on Github - powershell: | Write-Host "Creating github release." $releaseNotes = [System.IO.File]::ReadAllText("$(Build.SourcesDirectory)\releaseNote.md") $releaseData = @{ tag_name = "v$(AgentVersion)"; target_commitish = "$(Build.SourceVersion)"; name = "v$(AgentVersion)"; body = $releaseNotes; draft = $false; prerelease = $true; } $releaseParams = @{ Uri = "https://api.github.com/repos/Microsoft/azure-pipelines-agent/releases"; Method = 'POST'; Headers = @{ Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("vsts:$(GithubToken)")); } ContentType = 'application/json'; Body = (ConvertTo-Json $releaseData -Compress) } [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $releaseCreated = Invoke-RestMethod @releaseParams Write-Host $releaseCreated $releaseId = $releaseCreated.id Write-Host "##vso[task.setVariable variable=releaseId;isoutput=true]$releaseId" $assets = [System.IO.File]::ReadAllText("$(Build.SourcesDirectory)\assets.json").Replace("","$(AgentVersion)") $assetsParams = @{ Uri = "https://uploads.github.com/repos/Microsoft/azure-pipelines-agent/releases/$releaseId/assets?name=assets.json" Method = 'POST'; Headers = @{ Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("vsts:$(GithubToken)")); } ContentType = 'application/octet-stream'; Body = [system.Text.Encoding]::UTF8.GetBytes($assets) } Invoke-RestMethod @assetsParams displayName: Create agent release on Github name: create_github_release # Delete test agent release - powershell: | Write-Host "Deleting test github release." $releaseId = $(create_github_release.releaseId) $releaseParams = @{ Uri = "https://api.github.com/repos/Microsoft/azure-pipelines-agent/releases/$releaseId"; Method = 'DELETE'; Headers = @{ Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("vsts:$(GithubToken)")); } ContentType = 'application/json'; } [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $releaseDeleted = Invoke-RestMethod @releaseParams Write-Host $releaseDeleted.Id displayName: Delete test agent release from Github condition: and(succeeded(), eq(variables.IsTestRun, 'True')) - stage: Cleanup_Release_Branch displayName: Cleanup Release Branch dependsOn: - Verify_release - Create_Release_Branch - Release condition: always() jobs: - job: Delete_Release_Branch displayName: Delete Release Branch variables: IsTestRun: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.isTestRun'] ] condition: eq(variables.IsTestRun, 'True') pool: name: 1ES-ABTT-Shared-Pool image: abtt-ubuntu-2404 os: linux steps: - checkout: self - powershell: | git config --global user.email "azure-pipelines-bot@microsoft.com" git config --global user.name "azure-pipelines-bot" git status $testBranch = "releases/3.000.999" $testTag = "v3.000.999" if (git ls-remote --heads origin $testBranch) { git -c credential.helper='!f() { echo "username=pat"; echo "password=$(GithubToken)"; };f' push origin --delete $testBranch } if (git ls-remote --tags origin $testTag) { git -c credential.helper='!f() { echo "username=pat"; echo "password=$(GithubToken)"; };f' push --delete origin $testTag } displayName: Clean up test release branch - stage: CreatePRs dependsOn: - Release - Verify_release condition: and(succeeded(), not(${{ parameters.onlyGitHubRelease }})) pool: name: 1ES-ABTT-Shared-Pool image: abtt-ubuntu-2404 os: linux jobs: ################################################################################ - job: create_ado_prs ################################################################################ displayName: Create PRs in AzureDevOps and ConfigChange variables: IsTestRun: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.isTestRun'] ] IsRelease: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.isRelease'] ] ReleaseBranch: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.releaseBranch'] ] AgentVersion: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.agentVersion'] ] condition: and(succeeded(), or(eq(variables.IsRelease, 'True'), eq(variables.IsTestRun, 'True'))) steps: - checkout: self - ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/master') }}: - script: git checkout $(ReleaseBranch) displayName: Checkout release branch # Download all agent hashes created in previous phases - task: DownloadBuildArtifacts@0 displayName: Download Agent Hashes inputs: artifactName: hash downloadPath: $(Build.SourcesDirectory)/_hashes - template: /.azure-pipelines/get-pat.yml@self - bash: | set -x cd release npm install ls node createAdoPrs.js $(AgentVersion) --dryrun="$(IsTestRun)" name: s_CreateAdoPrs displayName: Create PRs in AzureDevOps and ConfigChange env: USERNAME: $(User) PAT: $(ACCESS_TOKEN) USEREMAIL: $(Email) - stage: S_Notifications displayName: Notifications dependsOn: - Verify_release - CreatePRs pool: name: 1ES-ABTT-Shared-Pool image: abtt-ubuntu-2404 os: linux jobs: - job: j_SendPRsNotifications displayName: Send Release PRs notifications variables: IsTestRun: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.isTestRun'] ] IsRelease: $[ stageDependencies.Verify_release.Set_variables.outputs['SetReleaseVariables.isRelease'] ] AdoPrId: $[ stageDependencies.CreatePRs.create_ado_prs.outputs['s_CreateAdoPrs.AdoPrId'] ] AdoPrLink: $[ stageDependencies.CreatePRs.create_ado_prs.outputs['s_CreateAdoPrs.AdoPrLink'] ] CcPrId: $[ stageDependencies.CreatePRs.create_ado_prs.outputs['s_CreateAdoPrs.CcPrId'] ] CcPrLink: $[ stageDependencies.CreatePRs.create_ado_prs.outputs['s_CreateAdoPrs.CcPrLink'] ] condition: | and( not(${{ parameters.disableNotifications }}), eq(variables.IsRelease, 'True'), eq(variables.IsTestRun, 'False'), not(${{ parameters.onlyGitHubRelease }}) ) steps: - task: PowerShell@2 inputs: targetType: 'filePath' filePath: ./release/Send-PRsNotification.ps1 displayName: Send MS Teams notification env: TEAMS_WEBHOOK: $(MsTeamsWebhook) ADO_PR_ID: $(AdoPrId) ADO_PR_LINK: $(AdoPrLink) CC_PR_ID: $(CcPrId) CC_PR_LINK: $(CcPrLink) ================================================ FILE: LICENSE ================================================ The MIT License (MIT) Copyright (c) Microsoft Corporation Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: README.md ================================================ # Azure Pipelines Agent ## Announcement - `AZP_AGENT_USE_LEGACY_HTTP` agent knob future deprecation We are working on pipeline agent migration to .NET 6. One of the side effect of this migration is that the legacy HTTP handler will be no longer available for use due to changes in the .NET runtime itself. Thus the related agent knob will not work once the migration will be completed. We recommend stopping using the `AZP_AGENT_USE_LEGACY_HTTP` knob. ## Overview The cross-platform build and release agent for Azure Pipelines and Team Foundation Server 2015 and beyond. This replaced the deprecated closed source windows build agent and the previous [cross-platform agent](https://github.com/Microsoft/vso-agent). Supported on Windows, macOS, and several Linux flavors. Written for .NET Core in C#. ## Status | | Build & Test | |---|:-----:| |![Win-x64](docs/res/win_med.png) **Windows x64**|[![Build & Test][win-x64-build-badge]][build]| |![Win-x86](docs/res/win_med.png) **Windows x86**|[![Build & Test][win-x86-build-badge]][build]| |![Win-arm64](docs/res/win_med.png) **Windows ARM64**|[![Build & Test][win-arm64-build-badge]][build]| |![macOS](docs/res/apple_med.png) **macOS**|[![Build & Test][macOS-build-badge]][build]| |![Linux-x64](docs/res/linux_med.png) **Linux x64**|[![Build & Test][linux-x64-build-badge]][build]| |![Linux-arm](docs/res/linux_med.png) **Linux ARM**|[![Build & Test][linux-arm-build-badge]][build]| |![RHEL6-x64](docs/res/redhat_med.png) **RHEL 6 x64**|[![Build & Test][rhel6-x64-build-badge]][build]| [win-x64-build-badge]: https://mseng.visualstudio.com/pipelinetools/_apis/build/status/VSTS.Agent/azure-pipelines-agent.ci?branchName=master&jobname=Windows%20(x64) [win-x86-build-badge]: https://mseng.visualstudio.com/pipelinetools/_apis/build/status/VSTS.Agent/azure-pipelines-agent.ci?branchName=master&jobname=Windows%20(x86) [win-arm64-build-badge]: https://mseng.visualstudio.com/pipelinetools/_apis/build/status/VSTS.Agent/azure-pipelines-agent.ci?branchName=master&jobname=Windows%20(ARM64) [macOS-build-badge]: https://mseng.visualstudio.com/pipelinetools/_apis/build/status/VSTS.Agent/azure-pipelines-agent.ci?branchName=master&jobname=macOS%20(x64) [linux-x64-build-badge]: https://mseng.visualstudio.com/pipelinetools/_apis/build/status/VSTS.Agent/azure-pipelines-agent.ci?branchName=master&jobname=Linux%20(x64) [linux-arm-build-badge]: https://mseng.visualstudio.com/pipelinetools/_apis/build/status/VSTS.Agent/azure-pipelines-agent.ci?branchName=master&jobname=Linux%20(ARM) [rhel6-x64-build-badge]: https://mseng.visualstudio.com/pipelinetools/_apis/build/status/VSTS.Agent/azure-pipelines-agent.ci?branchName=master&jobname=RHEL6%20(x64) [build]: https://mseng.visualstudio.com/PipelineTools/_build?_a=completed&definitionId=7502 ## Get the Agent [Get started with the agent](https://docs.microsoft.com/azure/devops/pipelines/agents/agents?view=azure-devops#install). ## Supported Usage This agent can be used for both Azure Pipelines and Azure DevOps Server (Team Foundation Server). Support is extended to all on-premise solutions [based on their lifecycle (including extended support)](https://learn.microsoft.com/lifecycle/products/). The only exception is the Windows version of the agent for TFS 2015 since it is distributed along with a separate Node-based agent. ## Latest and Pre-release labels for releases Releases have labels **Latest** and **Pre-release**. Please make a note that the labels mean: - **Latest** - this is the current release of the agent, available to all clients or partially available (in case it is an active release that is currently under deployment). - **Pre-release** - Next version, release process of the agent version was started and it's already available for some of the users. And will be available soon for the rest. Each new version of agent is released for users by groups during several days. And usually it becomes available for all users within 6-8 days after start of release. The release has label "Pre-release" during all these days. So it's expected behavior if specific release is used by builds in pipelines but it's marked as "Pre-release". ## Troubleshooting Troubleshooting tips are [located here](docs/troubleshooting.md) ## Contribute For developers that want to contribute, [read here](docs/contribute.md) on how to build and test. ## Issues We accept issue reports both here (file a GitHub issue) and in [Developer Community](https://developercommunity.visualstudio.com/spaces/21/index.html). Do you think there might be a security issue? Have you been phished or identified a security vulnerability? Please don't report it here - let us know by sending an email to secure@microsoft.com. ================================================ FILE: SECURITY.md ================================================ ## Security Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below. ## Reporting Security Issues **Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report). If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey). You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) * Full paths of source file(s) related to the manifestation of the issue * The location of the affected source code (tag/branch/commit or direct URL) * Any special configuration required to reproduce the issue * Step-by-step instructions to reproduce the issue * Proof-of-concept or exploit code (if possible) * Impact of the issue, including how an attacker might exploit the issue This information will help us triage your report more quickly. If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs. ## Preferred Languages We prefer all communications to be in English. ## Policy Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd). ================================================ FILE: assets.json ================================================ [ { "name": "vsts-agent-win-x64-.zip", "platform": "win-x64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//vsts-agent-win-x64-.zip" }, { "name": "pipelines-agent-win-x64-.zip", "platform": "win-x64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//pipelines-agent-win-x64-.zip" }, { "name": "vsts-agent-win-x86-.zip", "platform": "win-x86", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//vsts-agent-win-x86-.zip" }, { "name": "pipelines-agent-win-x86-.zip", "platform": "win-x86", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//pipelines-agent-win-x86-.zip" }, { "name": "vsts-agent-win-arm64-.zip", "platform": "win-arm64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//vsts-agent-win-arm64-.zip" }, { "name": "pipelines-agent-win-arm64-.zip", "platform": "win-arm64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//pipelines-agent-win-arm64-.zip" }, { "name": "vsts-agent-osx-x64-.tar.gz", "platform": "osx-x64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//vsts-agent-osx-x64-.tar.gz" }, { "name": "pipelines-agent-osx-x64-.tar.gz", "platform": "osx-x64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//pipelines-agent-osx-x64-.tar.gz" }, { "name": "vsts-agent-osx-arm64-.tar.gz", "platform": "osx-arm64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//vsts-agent-osx-arm64-.tar.gz" }, { "name": "pipelines-agent-osx-arm64-.tar.gz", "platform": "osx-arm64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//pipelines-agent-osx-arm64-.tar.gz" }, { "name": "vsts-agent-linux-x64-.tar.gz", "platform": "linux-x64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//vsts-agent-linux-x64-.tar.gz" }, { "name": "pipelines-agent-linux-x64-.tar.gz", "platform": "linux-x64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//pipelines-agent-linux-x64-.tar.gz" }, { "name": "vsts-agent-linux-arm-.tar.gz", "platform": "linux-arm", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//vsts-agent-linux-arm-.tar.gz" }, { "name": "pipelines-agent-linux-arm-.tar.gz", "platform": "linux-arm", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//pipelines-agent-linux-arm-.tar.gz" }, { "name": "vsts-agent-linux-arm64-.tar.gz", "platform": "linux-arm64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//vsts-agent-linux-arm64-.tar.gz" }, { "name": "pipelines-agent-linux-arm64-.tar.gz", "platform": "linux-arm64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//pipelines-agent-linux-arm64-.tar.gz" }, { "name": "vsts-agent-linux-musl-x64-.tar.gz", "platform": "linux-musl-x64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//vsts-agent-linux-musl-x64-.tar.gz" }, { "name": "vsts-agent-linux-musl-arm64-.tar.gz", "platform": "linux-musl-arm64", "version": "", "downloadUrl": "https://download.agent.dev.azure.com/agent//vsts-agent-linux-musl-arm64-.tar.gz" } ] ================================================ FILE: azure-pipelines-agent.sln ================================================  Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio Version 16 VisualStudioVersion = 16.0.29509.3 MinimumVisualStudioVersion = 10.0.40219.1 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Agent.Listener", "src\Agent.Listener\Agent.Listener.csproj", "{17104EA4-EE2D-45DA-9B30-E31981274230}" EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Agent.Sdk", "src\Agent.Sdk\Agent.Sdk.csproj", "{B13C8033-A4AD-4963-ABE5-19BE0F5BA812}" EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AgentService", "src\Agent.Service\Windows\AgentService.csproj", "{D12EBD71-0464-46D0-8394-40BCFBA0A6F2}" EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Agent.Worker", "src\Agent.Worker\Agent.Worker.csproj", "{F095D0DA-C40F-4774-BE6C-D43928064A70}" EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.VisualStudio.Services.Agent", "src\Microsoft.VisualStudio.Services.Agent\Microsoft.VisualStudio.Services.Agent.csproj", "{4CA8B96D-7F1D-4A34-8CF5-688D403FFB0D}" EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Agent.Plugins", "src\Agent.Plugins\Agent.Plugins.csproj", "{2B383622-0D80-465E-8311-63F9B05D67D0}" EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Agent.PluginHost", "src\Agent.PluginHost\Agent.PluginHost.csproj", "{CC3EDFC9-EE30-43C9-B2DA-34587F0A3D4A}" EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Test", "src\Test\Test.csproj", "{7EF822B7-532B-4E34-8A28-8549D1C007F7}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU Release|Any CPU = Release|Any CPU EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution {17104EA4-EE2D-45DA-9B30-E31981274230}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {17104EA4-EE2D-45DA-9B30-E31981274230}.Debug|Any CPU.Build.0 = Debug|Any CPU {17104EA4-EE2D-45DA-9B30-E31981274230}.Release|Any CPU.ActiveCfg = Release|Any CPU {17104EA4-EE2D-45DA-9B30-E31981274230}.Release|Any CPU.Build.0 = Release|Any CPU {B13C8033-A4AD-4963-ABE5-19BE0F5BA812}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {B13C8033-A4AD-4963-ABE5-19BE0F5BA812}.Debug|Any CPU.Build.0 = Debug|Any CPU {B13C8033-A4AD-4963-ABE5-19BE0F5BA812}.Release|Any CPU.ActiveCfg = Release|Any CPU {B13C8033-A4AD-4963-ABE5-19BE0F5BA812}.Release|Any CPU.Build.0 = Release|Any CPU {D12EBD71-0464-46D0-8394-40BCFBA0A6F2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {D12EBD71-0464-46D0-8394-40BCFBA0A6F2}.Debug|Any CPU.Build.0 = Debug|Any CPU {D12EBD71-0464-46D0-8394-40BCFBA0A6F2}.Release|Any CPU.ActiveCfg = Release|Any CPU {D12EBD71-0464-46D0-8394-40BCFBA0A6F2}.Release|Any CPU.Build.0 = Release|Any CPU {F095D0DA-C40F-4774-BE6C-D43928064A70}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {F095D0DA-C40F-4774-BE6C-D43928064A70}.Debug|Any CPU.Build.0 = Debug|Any CPU {F095D0DA-C40F-4774-BE6C-D43928064A70}.Release|Any CPU.ActiveCfg = Release|Any CPU {F095D0DA-C40F-4774-BE6C-D43928064A70}.Release|Any CPU.Build.0 = Release|Any CPU {4CA8B96D-7F1D-4A34-8CF5-688D403FFB0D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {4CA8B96D-7F1D-4A34-8CF5-688D403FFB0D}.Debug|Any CPU.Build.0 = Debug|Any CPU {4CA8B96D-7F1D-4A34-8CF5-688D403FFB0D}.Release|Any CPU.ActiveCfg = Release|Any CPU {4CA8B96D-7F1D-4A34-8CF5-688D403FFB0D}.Release|Any CPU.Build.0 = Release|Any CPU {2B383622-0D80-465E-8311-63F9B05D67D0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {2B383622-0D80-465E-8311-63F9B05D67D0}.Debug|Any CPU.Build.0 = Debug|Any CPU {2B383622-0D80-465E-8311-63F9B05D67D0}.Release|Any CPU.ActiveCfg = Release|Any CPU {2B383622-0D80-465E-8311-63F9B05D67D0}.Release|Any CPU.Build.0 = Release|Any CPU {CC3EDFC9-EE30-43C9-B2DA-34587F0A3D4A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {CC3EDFC9-EE30-43C9-B2DA-34587F0A3D4A}.Debug|Any CPU.Build.0 = Debug|Any CPU {CC3EDFC9-EE30-43C9-B2DA-34587F0A3D4A}.Release|Any CPU.ActiveCfg = Release|Any CPU {CC3EDFC9-EE30-43C9-B2DA-34587F0A3D4A}.Release|Any CPU.Build.0 = Release|Any CPU {7EF822B7-532B-4E34-8A28-8549D1C007F7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {7EF822B7-532B-4E34-8A28-8549D1C007F7}.Debug|Any CPU.Build.0 = Debug|Any CPU {7EF822B7-532B-4E34-8A28-8549D1C007F7}.Release|Any CPU.ActiveCfg = Release|Any CPU {7EF822B7-532B-4E34-8A28-8549D1C007F7}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {773FE1BE-2DE4-42F8-B87E-1C634BDD76A5} EndGlobalSection EndGlobal ================================================ FILE: docs/contribute.md ================================================ # Contribute (Dev) ## Dev Dependencies ![Win](res/win_sm.png) Git for Windows [Install Here](https://git-scm.com/downloads) (needed for dev sh script) ## Build, Test, Layout From src: ![Win](res/win_sm.png) `dev {command}` ![*nix](res/linux_sm.png) `./dev.sh {command}` **Commands:** `layout` (`l`): Run first time to create a full agent layout in {root}/{runtime_id}/_layout `build` (`b`): build everything and update agent layout folder `test` (`t`): build agent binaries, run unit tests applicable to the current platform Normal dev flow: ```bash git clone https://github.com/microsoft/azure-pipelines-agent cd ./src ./dev.(sh/cmd) layout # the agent that build from source is in {root}/{runtime_id}/_layout ./dev.(sh/cmd) build # {root}/{runtime_id}/_layout will get updated ./dev.(sh/cmd) test # run unit tests before git commit/push ``` To test the agent in a pipeline, follow the [self-hosted agent installation steps](https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/windows-agent?view=azure-devops). You will use the agent built from source in the `_layout` folder at the repository root to run the `config` and `run` commands. ## Debugging The agent can be run in debug mode by providing the parameter `--debug` to the `run` command. This will make the agent recognize the following environment variables: - `VSTSAGENT_DEBUG_TASK` - for remote debugging node-based pipeline tasks Note that all of these variables need to be defined on the node that is used to run the agent. Also, do not run production agents with this mode as it can cause pipelines to appear stuck. ### `VSTSAGENT_DEBUG_TASK` environment variable When enabled, the agent will start the Node process with specific parameters. These parameters cause the process to wait for the debugger to attach before continuing with the execution of the pipeline task script. The value must be set to either: - Task `id`, which is an unique GUID identifier to be found in `task.json` definition of the task - Task `name` and major `version`, e.g. AzureCLIV2 Only one task can be debugged at one time and all other tasks in the same pipeline will proceed as usual. If you wish to stop debugging this task either restart that agent without `--debug` option, or unset the variables from above. ## Editors [Using Visual Studio 2017](https://www.visualstudio.com/vs/) [Using Visual Studio Code](https://code.visualstudio.com/) ## Styling We use the dotnet foundation and CoreCLR style guidelines [located here]( https://github.com/dotnet/corefx/blob/master/Documentation/coding-guidelines/coding-style.md) ## Troubleshooting build or test problems 'unzip' not found - if you see this while building or testing on Windows, you need to install unzip for the Windows bash shell - open a command window, run bash, and run `sudo apt install unzip` to get that tool installed ================================================ FILE: docs/design/auth.md ================================================ # Agent Authentication and Authorization ## Goals - Support agent installs in untrusted domains - The account that configures or runs the agent process is not relevant for accessing Azure DevOps resources. - Accessing Azure DevOps resources is done with a per-job token which expires when job completes. - The token is granted to trusted parts of the system including the agent, installed tasks and script steps specified by the build admin as trusted. - Protect the token from developer contributions such as unit tests, msbuild targets (not designated as trusted by the build admin). - Same code and scheme for agents connecting to either Azure DevOps in the cloud or deployed on-prem. ## Configuration Configuring an agent registers an agent with a pool using your identity. Configuring an agent is [covered here in the documentation](https://www.visualstudio.com/en-us/docs/build/actions/agents/v2-windows). ![Config](res/01AgentConfig.png) Configuration is done with the user being authenticated via a PAT (or AAD). On-premisis deployments also support integrated auth (domain logged on credentials) or NTLM (supply username and password from non domain joined machine - typically Linux or OSX). *Your credentials are not stored and are only relevant for registering the agent with the service.* During configuration an RSA public/private key pair is created, the private key is stored in file on disk, on windows the content is protected with DPAPI (machine level encrypted - agent only valid on that machine) and on Linux/OSX with chmod permissions. Using your credentials, the agent is registered with the service by sending the public key to the service which adds that agent to the pool and stores the public key, STS will generate clientId associated with the public key. ## Start and Listen After configuring the agent, the agent can be started interactively (./run.cmd or ./run.sh) or as a service. ![Start](res/02AgentStartListen.png) On start, the agent listener process loads the RSA private key (on windows decrypting with machine key DPAPI), sends a JWT token which signed by the private key to the service. The server response with an OAuth token that grants permission to access the message queue (http long poll), allowing the agent to acquire the messages it will eventually run. ## Queue Build When a build is queued, its demands are evaluated, it is matched to an agent and a message is placed in a queue of messages for that agent. The agent is listening for jobs via the message queue http long poll. The message encrypted with the agent's public key, stored during agent configuration. ![Queue](res/03AgentQueueBuild.png) A build is queued manually or as the result of a check-in trigger or build schedule. A [JWT token](http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) is generated, granting limited access to the project or collection level build service account (see options tab of build definition). The lifetime of the JWT token is the lifetime of the build or at most the build timeout (options tab). ## Accessing Azure DevOps Resources The job message sent to the agent contains the token to talk back to Azure DevOps. The agent listener parent process will spawn an agent worker process for that job and send it the job message over IPC. The token is never persisted. Each task is run as a unique subprocess. The encrypted access token will be provided as an environment variable in each task subprocess. The token is registered with the agent as a secret and scrubbed from the logs as they are written. There is an option to make the token accessible to ad-hoc scripts during the build (powershell, bash, and batch task scripts). NOTE: The point is to make the token not *readily* available to developer contributed assets like unit tests and build (msbuild etc..) targets and scripts. The token is meant for tasks and scripts that are trusted by the build admin by (1) installing the task or (2) directing a build definition to run that script. The goal is to avoid having the token accidentally leak in scripts. Even then, the token will expire at the end of the job which helps mitigate any accidental exposure. ## Keeping RSA private key - security implications Agent stores RSA private key in a '.credentials_rsaparams' file in the agent root directory. For Windows host - it is protected by [DPAPI](https://docs.microsoft.com/dotnet/standard/security/how-to-use-data-protection). On Linux/OSX - it sets up chmod permissions (read & write) to the user which configured the agent (by calling 'chmod 600' command) - so this user will be able to reconfigure the agent. For user which runs the agent - there should be permissions to read '.credentials_rsaparams' file. No other permissions are required for this file - please make sure that you don't grant any additional permissions since this file stores sensitive connection data. An RSA private key is being created during agent configuration and removed only after running of 'config remove' command. If this file will be removed - you need to run 'config remove' command and configure it again to register the agent. This is actual for all agent modes (running as interactive, 'run once' mode, running as a service). ## StoreAgentKeyInCSPContainer (Windows) A knob is available that enables generation and storge of the RSA private key in a named container . When the agent is registered, the name of the container is written to .credentials_rsaparams (which is still encrypted by DPAPI) instead of the key parameters. More information about CNG key storage is here: https://learn.microsoft.com/en-us/windows/win32/seccng/key-storage-and-retrieval e.g. set STORE_AGENT_KEY_IN_CSP_CONTAINER=true ### AgentKeyUseCng (Windows) Specifies that the Key is created using Cng (Cryptography Next Generation) They key is created as User Private, so it will not be located if the agent is run as a different user. e.g. set AGENT_KEY_USE_CNG=true ================================================ FILE: docs/design/byos.md ================================================ # Elastic Self-hosted Agent Pools (formerly "BYOS: Bring Your Own Subscription Agent Pools") Microsoft-hosted agents are extremely convenient: low/no cost, no infrastructure to maintain, and elastic with demand. In return, customers must give up control over tools, capacity, and speed. On the other end of the spectrum, self-hosted agents offer the exact opposite set of trade-offs: full control over everything, at the expense of maintaining and paying for infrastructure. With self-hosted agents, elasticity is difficult to achieve. Elastic self-hosted pools represent a middle ground: they pair the convenience and elastic capacity of the Microsoft-hosted pool with the control and flexibility of self-hosted agents. **Azure Pipelines will manage agents to the customer's specification, completely automated, in the customer's Azure subscription.** ## State of this spec This is in the early design phase and we are looking for feedback in the PR (or as issues in the repo). ## Customer scenarios The theme throughout these scenarios is that the customer wants hosted elasticity but customization beyond what Microsoft-hosted offers. General themes are around: - VM specs (memory, CPU, disk) and network environment - Preinstalled software - Agent lifecycle - Auto-scaling - On-premises customers have often asked us for access to the Microsoft-hosted pools. In lieu of that (which complicates billing and technical design), this feature must be available to Azure DevOps Server customers. ### VM specs and environment 1. Customer wants more memory, more processor, or more IO than our native images. 2. [Customer](https://github.com/MicrosoftDocs/vsts-docs/issues/2985) wants an NCv2 VM with particular instruction sets for machine learning. (It's niche enough that we won't stand up dedicated hosted pools, but broad enough to be very interesting for our business.) 3. Customer wants additional storage attached to the VM. 4. Customer wants to deploy to a private App Service. It's in a private VNET with no inbound connectivity. 5. Customer wants to open corporate firewall to specific IP addresses so that Microsoft-hosted agents can communicate with their servers. The IP address range for Microsoft-hosted agents changes every week. 6. Customer wants to restrict network connectivity of agent machines and allow them to reach only approved sites. ### Preinstalled software 1. Customer wants Windows 2016 with VS 2019 Preview. (We only offer certain combos like Win2016 + VS2017 and Win2019 + VS2019.) 2. Customer wants to pin a specific set of tools and dependencies, preconfigured on the image. 3. Customer wants extreme control over the exact OS build, settings, versions, and so on. ### Agent lifecycle 1. Customer wants to run several consecutive jobs on an agent to take advantage of incremental source and machine-level package caches. 2. Customer wants to recycle agent machines every night or after every N jobs to clean up the accumulated "detritus" and reduce flakiness in build. 3. Customer uses agents to build untrusted code and hence wants to recycle the agent after every job. 4. Customer wants to run a cleanup script after every job instead of a full-blown recycle. 5. Customer wants to run additional configuration or cache warmup before an agent beings accepting jobs. 6. Customer wants to keep the agent machines for some time after a failure in order to debug the failure. ### Auto-scaling 1. Customer wants to de-provision agents machines that are not being used for running jobs. 1. At the same time, customer does not want us to wait to provision new agents until after a job has been scheduled. Customer wants to get this flexibility by setting some limits: - Minimum number of idle machines (to ensure that there are machines readily available to service new jobs as they arrive). - Maximum number of machines (to ensure that we do not exceed the max budget constraints). 1. Customer wants to set different limits for different times in the day to handle peak and off-peak loads. ### On-premises customers 1. Customer wants to use Azure DevOps Server with elastic agent pools. ## Industry review Similar problem spaces: - [Jenkins can use Azure agents](https://docs.microsoft.com/en-us/azure/jenkins/jenkins-azure-vm-agents) this way - [AppVeyor](https://www.appveyor.com/docs/server/running-builds-on-azure/) offers instructions for solving a similar problem on several cloud providers - GitLab CI/CD offers auto-scaling of builder containers using [Docker Machine](https://gitlab.com/gitlab-org/gitlab-runner/blob/master/docs/configuration/autoscale.md) or [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes.html). Not offered: - [Travis CI](https://docs.travis-ci.com/user/enterprise/setting-up-travis-ci-enterprise/) offers an enterprise product that you can install on your own infrastructure. While you can choose what kind of VM to run it on, there's no elasticity. - [CircleCI](https://circleci.com/docs/2.0/aws/#nomad-clients) offers an on-your-infrastructure product. You must scale up and down the workers manually, there's no elasticity. ## Solution For starters, this is about running agents on VMs in Azure. Later, we may consider whether this same solution works for: - AKS - Any Kubernetes - Other clouds ### VM scale sets The mechanism under the hood being considered for managing virtual machines in Azure is VM scale sets (VMSS). [VM scale sets](https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview) have the following benefits: • Easy to create and manage a large number of virtual machines with the same base OS image and configuration. • Customer can pick one of the standard images, create their own [custom image](https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-use-custom-image-cli), or install their own software on top of a standard image using [script extensions](https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-cli). • Customer can pick a [size](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes?toc=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-machine-scale-sets%2FTOC.json&bc=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json) for their virtual machines. • Customer can use [availability zones](https://docs.microsoft.com/en-us/azure/availability-zones/az-overview) to distribute VM instances in a scale set across multiple data centers. • Customer can configure [networking](https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-networking) for VMs in their scale set. • Customer can schedule automatic [OS image updates](https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade). • Customer can use standard Azure policies to control various settings in the scale set. • Azure Pipelines can easily grow or shrink the number of virtual machines in the scale set. Azure has a good [marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps?filters=virtual-machine-images) of images that customers can start with for their base images. These include Windows Server, Ubuntu, Debian based images, Windows server with Visual Studio, etc. In addition, wherever possible, we should publish our Microsoft-hosted images to this marketplace. There are some licensing constraints that prevent us from publishing all the software though. ### Setup For a lot of customers, it would be enough to have them - go to pool setup - create a new pool, and select the option to use Azure VMs - pick an Azure subscription, a VM scale set + a few different agent lifetime policies - have Azure Pipelines configure it all for them Some initial conceptual designs: ![BYOS1](res/byos1.png) ![BYOS2](res/byos2.png) ================================================ FILE: docs/design/clientcert.md ================================================ # Support Ssl Client Certificate in Build/Release Job (TFS On-Prem Only) ## Goals - Support agent configure and connect to TFS use ssl client certificate - Support get source in Build job and download artifact in Release job works with ssl client certificate - Provide documentation and scripts to help customer prepare all pre-requrements before configuration - Expose ssl client certificate information in vsts-task-lib for task author ## Pre-requirements - CA certificate(s) in `.pem` format (This should contains the public key and signature of the CA certificate, you need put the root ca certificate and all your intermediate ca certificates into one `.pem` file) - Client certificate in `.pem` format (This should contains the public key and signature of the Client certificate) - Client certificate private key in `.pem` format (This should contains only the private key of the Client certificate) - Client certificate archive package in `.pfx` format (This should contains the signature, public key and private key of the Client certificate) - Use `SAME` password to protect Client certificate private key and Client certificate archive package, since they both have client certificate's private key The Build/Release agent is just xplat tool runner, base on what user defined in their Build/Release definition, invoke different tools to finish user's job. So the client certificate support is not only for the agent infrastructure but most important for all different tools and technologies user might use during a Build/Release job. ``` Ex: Clone Git repository from TFS use Git Sync TFVC repository from TFS use Tf.exe on Windows and Tf on Linux/OSX Write customer Build/Release task that make REST call to TFS use VSTS-Task-Lib (PowerShell or Node.js) Consume Nuget/NPM packages from TFS package management use Nuget.exe and Npm [Future] Publish and consume artifacts from TFS artifact service use Drop.exe (artifact) and PDBSTR.exe (symbol) ``` You can use `OpenSSL` to get all pre-required certificates format ready easily as long as you have all pieces of information. ### Windows Windows has a pretty good built-in certificate manger, the `Windows Certificate Manager`, it will make most Windows based application deal with certificate problem easily. However, most Linux background application (Git) and technologies (Node.js) won't check the `Windows Certificate Manager`, they just expect all certificates are just a file on disk. Use the following step to setup pre-reqs on Windows, assume you already installed your corporation's `CA root cert` into local machine's `Trusted CA Store`, and you have your client cert `clientcert.pfx` file on disk and you know the `password` for it. - Export CA cert from `Trusted Root CA Store`, use `Base64 Encoding X.509 (.CER)` format, name the export cert to something like `ca.pem`. - Export any intermediate CA cert from `Intermediate CA Store`, use `Base64 Encoding X.509 (.CER)` format, name the export cert to something like `ca_inter_1/2/3.pem`. Concatenate all intermediate ca certs into `ca.pem`, your `ca.pem` might looks like following: ``` -----BEGIN CERTIFICATE----- (Your Root CA certificate: ca.pem) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Intermediate CA certificate: ca_inter_1.pem) -----END CERTIFICATE----- ... -----BEGIN CERTIFICATE----- (Your Intermediate CA certificate: ca_inter_n.pem) -----END CERTIFICATE----- ``` - Extract Client cert and Client cert private key from `.pfx` file. You need `OpenSSL` to do this, you either install `OpenSSL for Windows` or just use `Git Bash`, since `Git Bash` has `OpenSSL` baked in. ``` Inside Git Bash: Extract client-cert.pem openssl pkcs12 -in clientcert.pfx -passin pass: -nokeys -clcerts -out client-cert.pem Extract client-cert-key.pem, this will get password protected openssl pkcs12 -in clientcert.pfx -passin pass: -nocerts -out client-cert-key.pem -passout pass: ``` At this point, you should have all required pieces `ca.pem`, `client-cert.pem`, `client-cert-key.pem` and `clientcert.pfx`. ### No-Windows As I mentioned before, most Linux backgroud application just expect all certificate related files are on disk, and use `OpenSSL` to deal with cert is quiet common on Linux, so I assume for customer who wants to setup Build/Release agent on Linux already has `ca.pem`, `client-cert.pem` and `client-cert-key.pem` in place. So the only missing piece should be the client cert archive `.pfx` file. ``` From Terminal: openssl pkcs12 -export -out client-cert-archive.pfx -passout pass: -inkey client-cert-key.pem -in client-cert.pem -passin pass: -certfile CA.pem ``` ## Configuration **In order to get directory/file ACL setup correctly, make sure you put all certificates files under agent root directory** Pass `--sslcacert`, `--sslclientcert`, `--sslclientcertkey`. `--sslclientcertarchive` and `--sslclientcertpassword` during agent configuration. Ex: ```batch .\config.cmd --sslcacert enterprise.pem --sslclientcert client.pem --sslclientcertkey clientcert-key-pass.pem --sslclientcertarchive clientcert-2.pfx --sslclientcertpassword "test123" ``` We store your client cert private key password securely on each platform. Ex: ``` Windows: Windows Credential Store OSX: OSX Keychain Linux: Encrypted with symmetric key based on machine id ``` ## How agent handle client cert within a Build/Release job After configuring client cert for agent, agent infrastructure will start talk to VSTS/TFS service using the client cert configured. Since the code for `Get Source` step in build job and `Download Artifact` step in release job are also bake into agent, those steps will also follow the agent client cert configuration. Agent will expose client cert configuration via environment variables for every task execution, task author need to use `vsts-task-lib` methods to retrieve back client cert configuration and handle client cert with their task. ## Get client cert configuration by using [VSTS-Task-Lib](https://github.com/Microsoft/vsts-task-lib) method Please reference [VSTS-Task-Lib doc](https://github.com/Microsoft/vsts-task-lib/blob/master/node/docs/cert.md) for detail ## Progress - Agent infrastructure (you can configure and queue a build/release) [DONE] - Fetch git repository [DONE] - Fetch tfvc repository [Only supported in Windows agent] - Expose client cert info to task sdk [DONE] ## Self-Signed CA Certificates I would assume there are some self-signed CA certificates along with the client certificate, however the current agent doesn't has a good way to handle self-signed CA certificates. The work of the client certificate support do add a `--sslcacert` option to agent configuration, but it currentlly just for some of the downstream tools your Build/Release job and not for the agent infrastructure. In order to use self-signed CA certificates with the agent, you need to maunally install all self-signed CA certificates into your OS's certificate store, like: `Windows certificate manager` on `Windows`, `OpenSSL CA store` on `Linux`. Just like you have to manually configure your browser to take those certificates. We might be able to improve this when we consume netcore 2.0 in the agent. The next problem is about all different downstream tools you used in your Build/Release job, the way they find CA certificates might all different. Ex: - Git (version < 2.14.x) expect a `--cainfo` option and point to the CA file. - Git (version >= 2.14.x) has a config option to let Git to read CA from `Windows Certificate Manager` on `Windows`. - Tf.exe expect read CA from `Windows Certificate Manager`. - TEE (tf on linux) expect read CA from `Java Certificate Store`. - PowerShell expect read CA from `Windows Certificate Manager`. - Node.js expect a `ca` parameter on `tls.options`. - Node.js (version >= 7.3) also expect an environment vairble to point to the CA file `NODE_EXTRA_CA_CERTS`, however the agent current use Node.js version 6.x which mean we can't use that envirinment variable. At this point, I would sugguest when you have a self-signed CA cert, please make sure the tools or technologies you used within your Build/Release works with your self-signed CA cert first, then try to configure the agent. In this way, even you get an error within your build/release job, you might have better idea of where is the error coming from. ## Dev notes I use following commands to generate certificates for testing(all commands needs to be run on same machine in admin command prompt) Root CA cert: `MakeCert -n "CN=Enterprise_issuer_2" -pe -ss Root -sr LocalMachine -sky exchange -m 6 -a sha1 -len 2048 -r -eku 1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.1` Server cert: `MakeCert -n "CN=TFSAT.mycompany.com" -pe -ss My -sr LocalMachine -sky exchange -m 6 -in Enterprise_issuer_2 -is Root -ir LocalMachine -a sha1 -eku 1.3.6.1.5.5.7.3.1 -len 2048` Client cert: `MakeCert -n "CN=mycompany\ting" -pe -ss My -sr CurrentUser -sky exchange -m 6 -in Enterprise_issuer_2 -is Root -ir LocalMachine -a sha1 -eku 1.3.6.1.5.5.7.3.2 -len 2048` ================================================ FILE: docs/design/coreclr.md ================================================ # Agent Platform Plans ## Goals - Expand our Linux support: Right now we only support RedHat 7.2 and Ubuntu 14.04/16.04. We routinely get requests versions like RedHat 6 and new distros like SUSE. - Produce a minimal number of agent packages: Right now we drop [5 agents for every build](https://github.com/Microsoft/vsts-agent/releases). This won't scale. Ideally, only Windows, Mac, and Linux - Allow task authors to create core-CLR tasks and package core clr assets: Right now we only [support typescript (via node) and powershell](https://github.com/Microsoft/vsts-task-lib/blob/master/README.md). - Rationalize all of this with emerging [Docker initiative](https://youtu.be/OOV5bXcJHpc) ## Phases We must first move the agent to 2.0 core CLR and figure out the linux-x64 single target before we can implement core CLR tasks which can run in a container of any other linux distro and version. For that reason, we have separated the work into two clear phases. Move the agent to core CLR with one linux-x64 target and then support writing tasks in core CLR. ## Phase One: Core CLR 2.0 Agent ### Officially Supported and Tested **Windows**: Windows 7 SP1+, Server 2008 R2 SP1+ **Mac OS**: 10.12 (Sierra)+ (reduction) **Fedora Based Linux**: RedHat/CentOS/Oracle Linux 7+ and Fedora 25+ **Debian Based Linux**: Ubuntu 17.04/16.04/14.04, Debian 8.7+ and Linux Mint 17+ **openSUSE Linux**: 42.2+ ### Expanding Linux We are currently building an agent per Linux distro and version that we support: RedHat 7.2, Ubuntu 14.04, Ubuntu 16.04. We need to expand to officially supported SUSE and other enterprise distros like Oracle. .Net Core 2.0 will allow us to only build a **portable linux x64** package which will work across [these supported OS distros and versions](https://github.com/dotnet/core/blob/master/roadmap.md#supported-os-versions). ### Expanding Linux: Unsupported CoreCLR 2.0 Versions We need to expand the versions (RedHat 6) and expand the distros (SUSE). Some of the supported version restrictions are soft limits (official support, encouraging moving forward, RedHat) and others are hard limits (won't technically work, Mac OS and openssl). We will attempt to make versions like RedHat 6 work, but the ultimate Linux solution is [our container story](https://youtu.be/OOV5bXcJHpc). With our container story, the agent runs in the host and it's jobs and tasks in any linux image you select. The limits will only come from our task story. See Phase 2 below. ### OS Dependencies Customers need to install OS dependencies. Getting the OS dependencies installed [has been a pain point for customers](https://github.com/Microsoft/vsts-agent/issues/232). In order to improve the customer experience around getting OS dependencies, we will add OS dependencies check as part of agent configuration. When a required .net core dependency is missing, customer can just run another script we added to install all missing dependencies. Here is a [list of the OS dependencies](https://github.com/dotnet/core/blob/master/Documentation/prereqs.md). For OSX, openssl via homebrew will no longer be required in core clr 2.0. For Linux, core CLR 2.0 has a new feature to allow loading OS dependencies from a folder for [self contained linux apps](https://github.com/dotnet/core/blob/master/Documentation/self-contained-linux-apps.md). However we can't really levage this feature since we can't redistribute those native OS binary due to legal issue. ### Reducing Supported Versions Implications Core CLR 2.0, while expanding distros, is contracting supported versions. Most impactful to us is RedHat 7.2 and OSX 10.10 (Yosemite) and 10.11 (El Capitan) which we currently support today with our agent. It only supports the recently released 10.12 (Sierra). RedHat is a soft limit so we will attempt to work back to RH6. OSX is a hard technical limit (openssl) so we will only support 10.12+ ### Agent Builds and Updates Customers can update their agents from our web UI. New tasks and new features can demand a new agent version. *Customers will find themselves stuck as they are potentially surprised they need to update yet updates will not work until they upgrade their OS*. This is a mac OS and Redhat 7.2 issue. The backend holds a registry of agents by platform and version. It will currently download from github releases by version and platform. For example: https://github.com/Microsoft/vsts-agent/releases/download/v2.114.0/vsts-agent-win7-x64-2.114.0.zip Currently, we advertise these platforms in the UI and APIs. - win7-x64 - osx.10.11-x64 - rhel.7.2-x64 - ubuntu.14.04-x64 - ubuntu.16.04-x64 When customers request agent update from web UI, the service will base the agent's current version and the latest version has been registered in the backend to decide whether to send an `Agent Update` message to the agent. With Consuming CoreCLR 2.0 in the agent, we will change to have only 3 agent packages instead of 5. - win-x64 - osx-x64 - linux-x64 We will change download urls to an Azure CDN url backed by Azure blob storage (firewall considerations and github throttling during agent update) but we will continue to offer [release metadata](https://github.com/Microsoft/vsts-agent/releases) along with the source. The agent major version will remain 2.x. Agents will still update along major version lines if we choose to register the appropriate paths. The UI will only show **Windows, Mac OS and Linux** tabs (drop distro specific tabs). If 2.125.0 is the first agent version that build from CoreCLR 2.0, then here is what will happen during agent updates: **Existing Installed Agent (version < 2.125.0) --> 2.125.0 Drops** win7-x64 --> win-x64-2.125.zip osx.10.11-x64 --> osx-x64-2.125.0.zip (Darwin version >= 16.0.0) osx.10.11-x64 --> Deadend. (Darwin version < 16.0.0, about 10% of all osx agents in VSTS) rhel.7.2-x64 --> linux-x64-2.125.0.zip. Redirection for old agents ubuntu.14.04-x64 --> linux-x64-2.125.0.zip. Redirection for old agents ubuntu.16.04-x64 --> linux-x64-2.125.0.zip. Redirection for old agents In order to make the agent update experience smoothly to most of customers, the service will start tracking the agent OS information as first class concept. So anytime customers request agent updates, the service will not only base on the agent's current version but also base on agent's OS to decide whether to send `Agent Update` message to the agent. **Alternatives** We considered moving the version to 3.0 which requires an explicit 'migration' from customers due to the OS constraints but that will cause too much friction as new tasks and features demand 3.0. On premise upgrades will upgrade only to find their builds are failing. This can still happen for OSX 10.10 and 10.11 but we shouldn't push the pain to all our platforms (especially windows) due to this. This will also require mac OS users to manually migrate after that sprint which is better than requiring all platforms (windows being the majority) to migrate manually. We have also discussed whether there's a way to detect server side if OS version is 10.12 and redirect them to osx.10.12-x64 agent download and platform. ### Timeline Core CLR 2.0 releases Q3 2017 (soon). We have a [branch ready to go](https://github.com/Microsoft/vsts-agent/tree/users/tihuang/netcore20). We will target the 2.01 core CLR release which contains critical fixes. ## Phase Two: Core CLR Tasks A guiding principle from the inception of the build.vNext is that the agent needs to carry everything it needs to be able to execute any task from the market place. It is important to separate For Linux, that's node which [goes back to RH5](https://nodesource.com/blog/node-binaries-for-enterprise-linux/), although RedHat 6 is the important one that we get repeated requests for. ### Tool Runner Task For a typical tool runner task (msbuild, gradle) the user is bringing the environment in the form of a machine, VM or docker image. The agent carries the task script engine (node) ```bash AGENT + User | +---------+ +--------+ | | Handler|----->Node | | +-------+-+ +--------+ | | | +v-------+ which | +---------+ | Script +-------------> Gradle | +--------+ | +---------+ +---------+ | +------+ | Modules | | | Java | +---------+ | +------+ | + ``` ### Utility Task ```bash + | +---------+ +--------+ | run | Handler|----->Node +-------> +-------+-+ +--------+ | | | +v-------+ | | Script | | +--------+ | +---------+ | | Modules | | +---------+ | | +---------+ | run | deps +-------+----> +---------+ ``` ================================================ FILE: docs/design/jobcancellation.md ================================================ # Agent jobs cancellation Agent receives cancellation signal from server - which initiates job cancellation process. ## How agent cancells job execution in details? When agent receives cancellation signal from server (this usually happens when job execution is timed out, or it was cancelled manually by user) - it sends SIGINT signal to the child process responsible for task execution. If child process has been successfully stopped by SIGINT signal - agent considers that task has been cancelled; otherwise, the agent will send SIGTERM signal to this process. You can find relevant source code [here](https://github.com/microsoft/azure-pipelines-agent/blob/master/src/Agent.Sdk/ProcessInvoker.cs#L418). ================================================ FILE: docs/design/logprocessors.md ================================================ # Agent Log Processors RFC ## Goals Provide an extensibility mechanism which offers other teams and partners to do additional processing on log output cooperatively as part of the job (as opposed to post job log processing). Performance and reliability will be critical. ## Scenarios ### Publishing Test Results In addition to our tasks, testing tools can be invoked from command lines. Since many test frameworks do not have reporters by default, we need to scan the output looking for well known output patterns and publish test results to our test management service. We will also search for well known test result file on disk and publish those to our test management service. These test tools can be called from our tasks but also via command lines and scripts such as `PowerShell`, `ShellScripts`, `python`, `javascript` or any scripting technology. They can also be called via `npm test` which is simply an indirection to a set of cmd lines and script calls. ### Telemetry on Tool Usage It is useful to know the usage and trends of certain scenarios being leverage via Azure Pipelines. For example, we may want to know the numbers and trends of packages published to `npm` or `nuget`, docker images published or kubernetes configurations applied using our pipelines. Since we redirect all STDOUT/STDERR, we can identify tool invocation base on each tools output pattern. Once again, these may be called via tasks, cmd lines, scripts and even runners like `npm run publish`. ### Send Output to Another Service Output could be processed and sent to another service for storage and processing. Alternatively, via config, writing back logs to Azure Pipelines can be disabled with the plugin logger offering a message to be substituted. ## Log Processing Plugins We will introduce a log processing plugins very similar to other agent plugins. Currently the Worker process will generate an `IList steps` base on the job message server send down. Each `IStep` contains an `IExecutionContext`, the execution context is the core component which sends final output message (after mask secrets) to the live console circular buffer and permanent log storage in pages. In addition, `IExecutionContext` will also send the output message to the `log plugin host` through STDIN. In a companion out of proc log processing extensibility point, output can be processed in parallel with our log processing. Since not keeping up with stdin can cause it to fail. In order to avoid having every plugin to get that right (and to reduce risk), we will create one `log plugin host` which buffers STDIN. All log plugins are best effort, plugins can't change the result of customer's job. Plugin can produce outputs back to user, but it can't log error/warning issues back to job. Plugins will be written in net core and loaded in-proc of the `log plugin host`. It will not block our live console and log publishing. Each plugin needs to implement the following interface: ```C# public interface IAgentLogPlugin { // Used for prefix outputs string FriendlyName { get;} // Invoke on every line of the log output Task ProcessLineAsync(IAgentLogPluginContext context, TaskStepDefinitionReference step, string line); // Invoke after all tasks finished on worker side and all output lines finished process on plugin. Task FinalizeAsync(IAgentLogPluginContext context); } ``` The context will looks like: ```C# public interface IAgentLogPluginContext { // SystemConnection back to Azure DevOps Service public VssConnection VssConnection { get; } // Job variables public IDictionary Variables { get; } // Job endpoints public IList Endpoints { get; } // Job repositories public IList Repositories { get; } // Tasks that's going to run public IDictionary Steps { get; } // goes to agent diag log void Trace(string message); // goes to user's build log in `Job Finalize` node void Output(string message); } ``` General flow looks like: ![layers](res/AgentLogProcessors.png) ## Log Processing Host To ensure log processing plugins do not block stdin, the host will take care of buffering output, processing that buffer or queue of log lines and processing that queue. That buffering may start out as in memory similar to our other queues but we could consider backing it by files if required. As it's processed each plugin will be called with `ProcessLineAsync(AgentLogPluginContext context, TaskStepDefinitionReference step, string line)`. That will be a blocking call per plugin which would ideally do light processing or alter internal tracking state and return. If a plugin writes transient state data, it should do it in the agent temp folder so it gets cleaned up automatically by the agent. To encourage this, the host plugin will provide context that contains all job variables worker setup at the beginning of the build, so plugin can get the temp folder base on `$(Agent.TempDirectory)`. It is a requirement that plugins process output in a stream SAX style processing style. Buffering the full log and then processing will not be efficient and may get you flagged in telemetry or terminated by the plugin host. Each plugin will prefer a friendly user message on it's role used in user feedback (see below). The processing host will also have deep tracing in agent diagnostics. ## Lifetime Worker will start the log processing plugin host at the end of `Job Initialize` along with a `LogPluginHostContext` send through STDIN in JSON format. ```C# public class LogPluginHostContext { // Job variables public IDictionary Variables { get; } // Job endpoints public IList Endpoints { get; } // Job repositories public IList Repositories { get; } // Tasks that's going to run public IDictionary Steps { get; } } ``` After plugin host started, the plugin host will start async plugin process task for each plugin in separate threads. Then, the plugin host will sit in a loop of reading STDIN and redirect the input to each plugin. When worker finish running all job steps (tasks defined by user in their definition), the worker will enter `Job Finalize` mode. Worker will send a special string `##vso[logPlugin.finish]` to the plugin host, so each plugin can start their finalize process. The worker will start stream output from plugin host to user, so user can figure out what's going on. ```C# AgentLogPluginHost pluginHost = new AgentLogPluginHost(context, plugins); Task pluginHostTask = pluginHost.Run(); while(true) { var input = Console.ReadLine(); if(string.Equals(input, "##vso[loglugin.finish]")) { pluginHost.Finish(); break; } else { pluginHost.EnqueueConsoleOutput(input); } } await pluginHostTask; ``` ## Circuit Breaking The worker will monitor the log host process. If it crashes or returns a non success code, report the error to log. The agent and worker should continue reliably in the even of any issues with side processing. The plugin host will short-circuit the plugin if the plugin is not able to catch up processing outputs. For now, we will circuit break on memory usage, if the plugin has more than 10MB pending strings for more than 100 sec, we will stop let that plugin process anymore. ## Telemetry (TODO) We need telemetry on: - Disabling log hosts - Failure to load a plugin: it will be disabled - Memory usage of the out of proc log host processor (plugins are in proc to that) - Add more here ## Testing Since this work has the potential to be impactful on performance and reliability we will do heavy L0 testing around both the positive cases and the negative scenarios (getting circuit breaks etc...). In the negative case testing, we can simply set the thresholds extremely low. For example, set memory consumption or processor utilization very low to avoid taking down the box running the tests. We are testing the circuit breaking functionality. Each plugin should be heavily tested in L0 fashion by contributing a set of output files and baseline results. The tests will feed the output test files into the log processing host with the plugin writing it's conclusions to an output file that we baseline and automate. ## Scope and Delivery Initially this will be first party plugins packaged with the agent. Eventually, this may be opened to external third party plugins. Achieving that would require service side features to deliver as an extension. It would also introduce another compatibility issue moving independently of the agent. If we expose externally (not delivered as part of the agent), we will offer the ability to be your own log processing host because of the compat and dependency problems (agents stay back and get auto updated). This is a long discussion out of the scope of this design document. ## Sample A sample log plugin implementation might looks like following: ```C# using System; using System.Collections.Generic; using System.Threading.Tasks; using Agent.Sdk; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; using System.IO; using Microsoft.VisualStudio.Services.Common; namespace Agent.Plugins.Log { public class SampleLogPlugin : IAgentLogPlugin { public string FriendlyName => "Re-save Log"; private string _fileName = $"{Guid.NewGuid().ToString("N")}.log"; public Task InitializeAsync(IAgentLogPluginContext context) { return Task.FromResult(true); } public Task ProcessLineAsync(IAgentLogPluginContext context, Pipelines.TaskStepDefinitionReference step, string output) { context.Trace("DEBUG_PROCESS"); var file = Path.Combine(context.Variables.GetValueOrDefault("agent.homedirectory").Value, "_diag", _fileName); context.Output($"{step.Name}: {output}"); return Task.CompletedTask; } public async Task FinalizeAsync(IAgentLogPluginContext context) { context.Trace("DEBUG_FINISH"); var file = Path.Combine(context.Variables.GetValueOrDefault("agent.homedirectory").Value, "_diag", _fileName); await File.AppendAllTextAsync(file, StringUtil.ConvertToJson(context.Variables)); } } } ``` ================================================ FILE: docs/design/non-glibc-containers.md ================================================ # Non-glibc Containers If you want to use a non-glibc-based container, such as Alpine Linux, you will need to arrange a few things on your own. First, you must supply your own copy of Node.js. Second, you must add a label to your image telling the agent where to find the Node.js binary. Finally, stock Alpine doesn't come with other dependencies that Azure Pipelines depends on: bash, sudo, which, and groupadd. ## Bring your own Node.js You are responsible for adding a Node LTS binary to your container. As of November 2018, we expect that to be Node 10 LTS. You can start from the `node:10-alpine` image. ## Tell the agent about Node.js The agent will read a container label "com.azure.dev.pipelines.handler.node.path". If it exists, it must be the path to the Node.js binary. For example, in an image based on `node:10-alpine`, add this line to your Dockerfile: ``` LABEL "com.azure.dev.pipelines.agent.handler.node.path"="/usr/local/bin/node" ``` ## Add requirements Azure Pipelines assumes a bash-based system with common administration packages installed. Alpine Linux in particular doesn't come with several of the packages needed. Installing `bash`, `sudo`, and `shadow` will cover the basic needs. ``` RUN apk add bash sudo shadow ``` If you depend on any in-box or Marketplace tasks, you'll also need to supply the binaries they require. ## Full example of a Dockerfile ``` FROM node:10-alpine RUN apk add --no-cache --virtual .pipeline-deps readline linux-pam \ && apk add bash sudo shadow \ && apk del .pipeline-deps LABEL "com.azure.dev.pipelines.agent.handler.node.path"="/usr/local/bin/node" CMD [ "node" ] ``` ================================================ FILE: docs/design/percentEncoding.md ================================================ # Percent Encoding ### Problem As the agent currently works, there is no way to pass certain reserved values (%3B, %0D, %0A, and %5D) through the agent without using a custom encoding/decoding scheme. This is hard because you have to control the scheme used by the sender and receiver. The reason this is impossible is because we escape certain values needed for the ##vso commands to function: `; -> %3B, \r -> %0D, \n -> %0A, ] -> %5D`. The agent then automatically decodes these values. We use `%` to encode these, but don't provide an option for encoding `%` itself ### Solution We've introduced encoding for `%` which will map to `%AZP25`. This means that any time the agent receives `%AZP25` as part of a command, it will automatically decode it to `%`. So `##vso[task.setvariable variable=test%AZP25]a%AZP25` will now set a variable `test%: a%`. NOTE: This was previously designed to use %25 instead of %AZP25 as the escape sequence. We decided to go with %AZP25 instead since %25 was used somewhat often because of its role in url encoding. Some agents may continue to emit warnings for %25 as this change rolls out (or if you haven't updated to the most recent agent). These warnings are safe to ignore. This behavior will be enabled by default in March 2021. To disable it, you can set a job level variable DECODE_PERCENTS to false. To avoid getting warnings about it and opt into the behavior early, set a job level variable DECODE_PERCENTS to true. ``` jobs: - job: variables: - name: DECODE_PERCENTS value: true steps: - powershell: Write-Host '##vso[task.setvariable variable=test]a%AZP25' displayName: 'Set Variable' # This will print the a% correctly as the value of test - powershell: 'Get-ChildItem env:' displayName: 'printenv' ``` ================================================ FILE: docs/design/proxy.md ================================================ # How Proxy Works in Agent and Task Execution ## Goals - Support agent configure and connect to VSTS/TFS behind web proxy - Support get source in Build job and download artifact in Release job works behind web proxy - Expose proxy agent configuration in vsts-task-lib for task author ## Configuration Documentation for configuring agent to follow web proxy can be found [here](https://www.visualstudio.com/en-us/docs/build/actions/agents/v2-windows#how-do-i-configure-the-agent-to-work-through-a-web-proxy-and-connect-to-team-services). In short: Agent version 2.122.0 or above - Pass `--proxyurl`, `--proxyusername` and `--proxypassword` during agent configuration. Ex: ``` ./config.cmd --proxyurl http://127.0.0.1:8888 --proxyusername "1" --proxypassword "1" ``` We store your proxy credential securely on each platform. Ex: ``` Windows: Windows Credential Store OSX: OSX Keychain Linux: Encrypted with symmetric key based on machine id ``` - Create a `.proxybypass` file under agent root to specify proxy bypass Url's Regex (ECMAScript syntax). Ex: ``` github\.com bitbucket\.com ``` Before 2.122.0 - Create a `.proxy` file under agent root to specify proxy url. Ex: ``` http://127.0.0.1:8888 ``` - For authenticate proxy set environment variables `VSTS_HTTP_PROXY_USERNAME` and `VSTS_HTTP_PROXY_PASSWORD` for proxy credential before start agent process. - Create a `.proxybypass` file under agent root to specify proxy bypass Url's Regex (ECMAScript syntax). Ex: ``` github\.com bitbucket\.com ``` ## How agent handle proxy within a Build/Release job After configuring proxy for agent, agent infrastructure will start talk to VSTS/TFS service through the web proxy specified in the `.proxy` file. Since the code for `Get Source` step in build job and `Download Artifact` step in release job are also bake into agent, those steps will also follow the agent proxy configuration from `.proxy` file. Agent will expose proxy configuration via environment variables for every task execution, task author need to use `vsts-task-lib` methods to retrieve back proxy configuration and handle proxy with their task. ## Get proxy configuration by using [VSTS-Task-Lib](https://github.com/Microsoft/vsts-task-lib) method Please reference [VSTS-Task-Lib doc](https://github.com/Microsoft/vsts-task-lib/blob/master/node/docs/proxy.md) for detail ================================================ FILE: docs/design/res/AgentLogProcessors.xml ================================================ 3VpRc5s4EP41nrl7SAYkhPFjEqdtZnJtps5Nr48YZEyDkQ/kxu6vPwkksCSwsY3j9PxiWAkhfbv77WrFAN4t1h8zfzn/i4Q4GQArXA/geACA7QCX/XHJppR4nlMKoiwORadaMIl/YSG0hHQVhzhXOlJCEhovVWFA0hQHVJH5WUZe1W4zkqhvXfoRNgSTwE9M6bc4pHOxCmTV8k84jubyzbYlWqZ+8BJlZJWK9w0AnBW/snnhy7FE/3zuh+R1SwTvB/AuI4SWV4v1HU44thK28rkPLa3VvDOc0i4PCLX89JOVWPpNxB8F1jeSveBMzJJuJDLF2jB/2h7A29d5TPFk6Qe89ZXZApPN6SIRzeZsxAR/4ozi9ZZIzO4jJgtMsw3rIluHAilpSeL2tVaLI7vMt1TiCJkvLCGqRq7RYBcCkBY0gYGOgQdX9rL7OiuT9adyBGvn+h3bu0YKArZTSbZAsEEDCAidDsJoPwa1TVhH2QRoAcsEZXvBVsOCYQ8Llhz0Pla8Vie1UW/fBA/bwOPZz1/yy4MCVFDAW4ICL08NwEI6NaAGCJwmYuiBHd3zuwlsgWo3MTQxIexhwcP3tODuvHAuODwDjsc4Z5mD6y/4QhP2qtuHCcXLShTRYtUWF/ZPHwdj14E+zoWdjfbbEksNl/xyluD1Dc9p2bJxGorLcZD4eR4HKiyzOEnuSEKyYgiZeu5IxHCoJMI7HQvtIJIMJz6Nf6rpcxNC4g1PJC6yTKEK6EKdyoYjdZCcrLIAi+e2M1ptKMfaOxT1swhTY6hCadXSu+mxAydIPQabJGYGnu037mnpCY/TSlDtKr6sKBsFC3lGKEOdpOz2amTt0H9OM/KCt1qs4le1yE0O7CdpdxDQdABd1/CuprS9YrCTvMvMWaer2axhNyN1s8xIgPO8g2paNKHCCHqC0bU1GB3UMfPvg6S6pP77CAmvY/oPp/TrIRK332VTyuZTto08Vwq+FwIXVj2ecBazqXO/KQJDVyoDVunmqqOWLCLhvSTlIS38QM89jvD0gariS/90B82twOR5/PCZRfgi3E+Zh7kiypsSzXSYE1DVWDKcx79E9stVveRTLhaBbgdozCT+ipK8rBbxB/wkjjj5JXjGh+KeFQd+ciPElHDvzZkzx2n0zG/GV04/romAwXCe6ZpN5tOHZ0Jg6MGA96B06jz0BfXSBUJmFDgbfcEOW7R3AJJjgNQQKs8HklkAXCarKE5PzM/PgxUysBq+JVYdkva98bAOeq7lKUHv1IB3sUBm61kKsp0jQ5k5FNKG6jGYNRUwyqg1I8Wsar26/66IbLgqA9AN62B7y3XdaMQ+KeB54h9/SjGb11TvymTlO/+fsdI0kJHhtm7TbqAPrzXrFAa8/W+1jWTUQPBi7uqq6SLbHV9rBdGu7urq1SdP01eLszJc/c1WN2G77VMetU25toFyzGO5wDGp/TMJ8fUPNqsPT+QVZ5N58cQpMbHFbzrZhkRcy/Vt1zbjn90U/7QSyDGe5JiE+XC/xsGKlyDuGH1xkro0Qg5QqQY4JtU0ZghuD1zjHFAOYkHhRV39D0zpRpyFc/JmIpLROYlI6iePpOBk+zdgGMfTVKCfNnQu5XmOFjhAXdzrPyFwOkSKzvlddVMWNNABelMrF5etUrja8btRn+uc2mlhB5wpVhgT9pQPIE6PFGZRbPI8/vL3M3uQXdx//WrYjJm8qeXYlPAyopJQCJHM2QJmIEXhWM/aFnEY8tc0EqtKvX1EH1vHtqEa2RR9+sjjpEFvAc9iTk7Y8oH1yCuxhq8mSbzMOTpVCT4hq/BNwhCwNKhAx8Kt7hZHQWWW6Z74B08MJxK1BqSU0DZL6lIAFzsNryf8jLIIlOfY28TnNMTxHk73EegxEljXI626Pdy91T80QqCWzwTeKNrrCZenDdE1QsCR/jmD8f1Sf7EedSgOdj/bAK1nGyelAeZhhab4y6Z5tn7QCofg2K1kdbAlDzH0PKOn9EB/DxxCzZJOSw8kI21/FcE513oqqqrs4hMpPpI4/HTkd00atEjouCaPN0bCI5IGdlt/Oltqr/4+Gd7/Bw== ================================================ FILE: docs/design/setMTU.md ================================================ # Set custom MTU parameter ## Goals - Allow specifying MTU value for networks used by container jobs (useful for docker-in-docker scenarios in k8s cluster). ## Configuration You need to set the environment variable AGENT_MTU_VALUE to set the MTU value, after that restart the self-hosted agent. You can find more about agent restart [here](https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows?view=azure-devops#how-do-i-restart-the-agent) and about setting different environment variables for each individual agent [here](https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows?view=azure-devops#how-do-i-set-different-environment-variables-for-each-individual-agent). This allows you to set up a network parameter for the job container, the use of this command is similar to the use of the next command while container network configuration: ```-o com.docker.network.driver.mtu=AGENT_MTU_VALUE``` ================================================ FILE: docs/git.md ================================================ # Git VSTS and TFS require git >= 2.9. For windows, the agent bundles portable git. For OSX and Linux, it is a pre-requisite. ## OSX If you use git, git >= 2.9.0 is a pre-requisite for OSX agents. We recommend using [home brew](http://brew.sh) to install ```bash $ brew update $ brew install git ==> Downloading https://homebrew.bintray.com/bottles/git-2.9.0.el_capitan.bottle.tar.gz ... (restart terminal) $ git --version git version 2.9.0 $ which git /usr/local/bin/git $ ls -la /usr/local/bin/git ... /usr/local/bin/git -> ../Cellar/git/2.9.0/bin/git ``` ## Ubuntu If you use git, git >= 2.9.0 is a pre-requisite for Ubuntu agents. [Install Latest Git on Ubuntu](http://askubuntu.com/questions/568591/how-do-i-install-the-latest-version-of-git-with-apt/568596) ```bash $ sudo apt-add-repository ppa:git-core/ppa $ sudo apt-get update $ sudo apt-get install git ``` ## Redhat and CentOS If you use git, git >= 2.9.0 is a pre-requisite for Redhat/CentOS agents. [Based on Install Latest Git on Redhat/Centos](http://tecadmin.net/install-git-2-x-on-centos-rhel-and-fedora/#) ```bash $ yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel $ yum install gcc perl-ExtUtils-MakeMaker $ cd /usr/src $ wget https://www.kernel.org/pub/software/scm/git/git-2.9.2.tar.gz $ tar xzf git-2.9.2.tar.gz $ cd git-2.9.2 $ make prefix=/usr/local/git all $ make prefix=/usr/local/git install ``` In /etc/bashrc ```bash export PATH=$PATH:/usr/local/git/bin ``` ================================================ FILE: docs/jobdirectories.md ================================================ # Job directories ## Overview ## Work Folder Layout The agent keeps working files and folders in a directory named _work under the agent by default but can be configured for another location. This is available to scripts and tasks as: ``` Variable: Agent.WorkFolder EnvVar: AGENT_WORKFOLDER ``` *IMPORTANT*: Variables should always be used to locate a specific directory. Do not hard code assumptions about the layout as it may change. ## Build Build maintains source files from the source control systems for building. Example layout: ``` _work │ ├───1 │ ├───a │ ├───b │ ├───s │ └───TestResults ├───2 │ ├───a │ ├───b │ ├───s │ └───TestResults └───SourceRootMapping │ Mappings.json ├───7ca83873-9ab2-43be-86ac-bfb844bf5232 │ ├───11 │ │ SourceFolder.json │ └───7 │ SourceFolder.json └───GC ``` Each repository is an in incrementing int folder. ### _work/\<#\> Each definition gets it's own build directory. The build directory is the number directory above the sources and artifacts. This is typically used if you want to create folders and work outside of the repo sources to avoid local uncommitted changes. ``` Variable: Agent.BuildDirectory EnvVar: AGENT_BUILDDIRECTORY ``` Under that folder is ... ### s: source folder The source repository is downloaded to this folder. This is the root of the repository. ``` Variable: Build.SourcesDirectory EnvVar: BUILD_SOURCESDIRECTORY ``` ### b: binaries The binaries folder is useful as an output folder for building outside of the source repo folders. ``` Variable: build.binariesdirectory EnvVar: BUILD_BINARIESDIRECTORY ``` ### a: artifacts Copying files to this directory ``` Variable: Build.ArtifactStagingDirectory EnvVar: BUILD_ARTIFACTSTAGINGDIRECTORY ``` ### TestResults ``` Variable: Common.TestResultsDirectory EnvVar: COMMON_TESTRESULTSDIRECTORY ``` ## Source Mappings Location of sources is maintained in the SourceRootMapping folder directly under the root folder. These files are used by the agent to define the variables that tasks and build scripts use. *IMPORTANT*: Do not directly access these files or manipulate them. Use variables. SourceRootMapping layout: ``` └───SourceRootMapping │ Mappings.json ├───7ca83873-9ab2-43be-86ac-bfb844bf5232 │ ├───11 │ │ SourceFolder.json │ └───7 │ SourceFolder.json └───GC ``` ### Mappings.json This maintains an incrementing counter for source folder creation. This is incremented when a new repository is encountered. ``` { "lastBuildFolderCreatedOn": "09/15/2015 00:44:53 -04:00", "lastBuildFolderNumber": 4 } ``` ### SourceFolder.json Detailed information about each build working folder is kept in a SourcesFolder.json file. It is stored under the collectionId (guid) and definitionId (int) folder. Locations are stored as relative paths relative to the root of the working folder. This allows for (1) moving of a working folder without rewriting and (2) changing the layout scheme without forcing sources to get pulled unnecessarily. ``` { "build_artifactstagingdirectory": "4\\a", "agent_builddirectory": "4", "collectionName": "DefaultCollection", "definitionName": "M87_PrintEnvVars", "fileFormatVersion": 2, "lastRunOn": "09/15/2015 00:44:53 -04:00", "build_sourcesdirectory": "4\\s", "common_testresultsdirectory": "4\\TestResults", "collectionId": "7ca83873-9ab2-43be-86ac-bfb844bf5232", "definitionId": "7", "hashKey": "88255a024f3b92da0b6939a240b3b1c3e65e30c7", "repositoryUrl": "http://sample.visualstudio.com/DefaultCollection/gitTest/_git/gitTest%20WithSpace", "system": "build" } ``` **collectionName/definitionName**: These are informational fields. They are useful if you want to locate during troubleshootng to find out where sources are for a given definition. Searching under the SourceRootMapping folder makes it easy to find. **hashKey**: elements of the repository details (for example url of the git repo) are used to create a sha1 hash. Getting a new hashKey indicates that key repository details from the definition have changed enough to warrant pulling a new sources working folder. ### GC If a definitions repository information changes causing a new build working folder to be created, the old SourceFolder.json will get copied to the GC folder indicating it can deleted and reclaimed. A tool will be available to iterate and clean up unused working folders. ================================================ FILE: docs/layers.md ================================================ # Architectural Layers of the Agent Code `Agent.Listener`, `Agent.Worker`, `Agent.PluginHost`, and `Agent.Plugins` are at the top. They do not depend on each other. `Agent.Listener` and `Agent.Worker` both depend on `Microsoft.VisualStudio.Services.Agent`. (This could likely be renamed `Agent.Core` or `Agent.Common` for more clarity.) All of the assemblies mentioned so far depend on `Agent.Sdk`, and many of them depend on the various `Microsoft.VisualStudio.Services.*` web APIs. Additionally, `Agent.SDK` depends on some `Microsoft.TeamFoundation.*` assemblies. ## Diagram In rough terms, dependencies look like this: ![Dependency graph](res/dependencies.svg) ```mermaid graph TB subgraph App Agent.Listener Agent.Worker Agent.PluginHost Agent.Plugins end subgraph Platform agentcore[MS.VS.Services.Agent] agentsdk[Agent.SDK] end subgraph Infrastructure webapi[MS.VS.Services.*.WebAPI] tf[Microsoft.TeamFoundation.*] end Agent.Listener --> agentcore Agent.Worker --> agentcore Agent.PluginHost --> agentsdk Agent.Plugins --> agentsdk agentcore --> agentsdk agentcore --> webapi agentsdk --> tf ``` ================================================ FILE: docs/node6.md ================================================ # Agent Packages and Node versions Agent tasks can be implemented in PowerShell or Node. The agent ships with multiple versions of Node that tasks can target. As new Node versions are released, [tasks](https://github.com/microsoft/azure-pipelines-tasks) are updated to use new Node versions. The runtimes are included with the agent. As Node versions exit out of the upstream maintenance window, some Pipelines tasks still depend on it. Azure DevOps updates supported tasks to a supported Node version. Third party tasks may still need older Node versions to run. To accommodate this, we have 2 flavors of packages: | Packages | Node versions | Description | |----------------------|------------------|----------------------------| | `vsts-agent-*` | 6, 10, 16, 20, 24 | Includes all Node versions that can be used as task execution handler | | `pipelines-agents-*` | 16, 20, 24 | Includes only recent Node versions. The goal for these packages is to not include any end-of-life version of Node. | ================================================ FILE: docs/noderunner.md ================================================ # Node 6 support Agent tasks can be implemented in PowerShell or Node. The agent currently ships with multiple versions of Node that tasks can target: 6, 10, 16, 20 & 24. Since Node 6 has long passed out of the upstream maintenance window, and all officially supported tasks are migrated from Node 6 to Node 10, Node 6 soon will be removed from the agent package. It's also highly recommended to third-party task maintainers migrate tasks to Node 10 or Node 16. However, to support backward compatibility with the Node 6 tasks we provide self-service methods to install the designated Node runner manually. ## Install Node 6 runner manually To support the execution of Node 6 tasks agent should be provided with the latest Node 6 version - `6.17.1.0`. Despite that Node 6 is officially reached the End-of-Life, please, notice that it still can have maintenance updates, so it is required for the agent to get the latest binaries. You can check the currently existing Node versions [here](https://nodejs.org/dist/). Please use the following steps to manually install the required runner: 1. Download the latest available version of Node 6 binaries for your operating system from the official Node [registry](https://nodejs.org/dist/). 1. Create a folder named `node` under the `agent/externals` directory, and extract downloaded Node binaries into that folder. You can also use the following commands to install the Node 6 runner via the Powershell or Bash: Windows: ```powershell $agentFolder = "" // Specify the Azure DevOps Agent folder, e.g. C:\agents\my_agent $osArch = "" // Specify the OS architecture, e.g. x64 / x86 New-Item -Type Directory -Path "${agentFolder}\externals\node" Invoke-WebRequest -Uri "https://nodejs.org/dist/v6.17.1/win-${osArch}/node.exe" -OutFile "${agentFolder}\externals\node\node.exe" Invoke-WebRequest -Uri "https://nodejs.org/dist/v6.17.1/win-${osArch}/node.lib" -OutFile "${agentFolder}\externals\node\node.lib" ``` Linux / macOS: ```bash agent_folder="" // Specify the Azure DevOps Agent folder, e.g. /home/user/agents/my_agent os_platform="" // Specify the OS platform, e.g. linux / darwin os_arch="" // Specify the OS architecture, e.g. x64 / x86 mkdir "${agent_folder}/externals/node" wget -O "/tmp/node-v6.17.1-${os_platform}-${os_arch}.tar.gz" "https://nodejs.org/dist/v6.17.1/node-v6.17.1-${os_platform}-${os_arch}.tar.gz" tar -xvf "/tmp/node-v6.17.1-${os_platform}-${os_arch}.tar.gz" -C "${agent_folder}/externals/node/" ``` ## Install Node runner via NodeTaskRunnerInstaller You can also use the Azure DevOps task [NodeTaskRunnerInstaller](https://github.com/microsoft/azure-pipelines-tasks/tree/master/Tasks/NodeTaskRunnerInstallerV0) to install the required runner version via Azure DevOps CI. Use the following pipeline task sample to install the latest version of Node 6 runner: ```yaml - task: NodeTaskRunnerInstaller@0 inputs: runnerVersion: 6 ``` Please, check more details in [NodeTaskRunnerInstaller task](https://learn.microsoft.com/azure/devops/pipelines/tasks/reference/node-task-runner-installer-v0) documentation. ================================================ FILE: docs/preview/consumeoutputvariable.md ================================================ # How to Set/Publish Output Variables in Task ## Overview The feature is to allow a given task to publish a set of variables back to server that scope to the current task. All output variables from the same task instance has its own namespace, so they don’t overlap each other within the job. [Full Design Doc](./outputvariable.md) ## Step to consume this feature ### Minimum agent version You need demand minimum agent version to 2.119.1 in your Task.json, since 2.119.1 agent is the first version agent that has the ability to set and publish output variables. ### Bump task major version Since output variable involved a new concept of reference name for task instance in Build/Release definition, and publish output variable normally will change the way you consume the variable in downstream tasks. So, we recommend to bump your task's major version, so definition owner has a chance to provide a meaningful reference name for task they have and change how downstream tasks consume the output variables in definition editor. ### Define output variable in task.json There is no required changes to your task's implementation for using this feature, the only thing you need to do is update your task.json. Here is an example: ``` JSON "OutputVariables": [ { "name": "MY_OUTPUTVARIABLE_1", "description": "This is the description of my output variable." }, { "name": "MY_OUTPUTVARIABLE_2", "description": "Description can contains markdown [vsts-tasks](https://github.com/microsoft/vsts-tasks)" } ] ``` The agent will base on the `OutputVariables` section in your task.json set and publish the variable along with the reference name of the task instance. ## Example I have a task called `DeployVM`, the task will take a image as input, deploy a VM use that image, and set a variable `VMPublicIP` point to the public IP of the VM using `##vso[task.setvariable]` command, the task current version `1.2.0` In my Build/Release definition, I add a `DeployVM` task, then a `CmdLine` task to ping the `VMPublicIP` to check whether the VM is up. However, I can not have multiple `DeployVM` tasks in a single definition, since they set the same variable `VMPublicIP`, that variable will get overwrite over and over again. I want to use the output variable feature for solving this problem. Here is what I will do: 1. Add `"minimumAgentVersion" : "2.119.1"` to task.json 1. Change task version to `2.0.0` a new major version 3. Add following to task.json ```JSON "OutputVariables": [{ "name": "VMPublicIP", "description": "This is the public IP of the deployed VM." }] ``` 4. Publish the new version task. 5. Now I can do something like this for my definition to deploy multiple VM using different image and ping them. ``` Definition | | |__ DeployVM task 2.0 (this step takes Ubuntu16 image as input. I set the reference name for this step to be "DeployUbuntu16") | | |__ DeployVM task 2.0 (this step takes Windows10 image as input. I set the reference name for this step to be "DeployWindows10") | | |__ CmdLine task with input "ping $(DeployUbuntu16.VMPublicIP)" | | |__ CmdLine task with input "ping $(DeployWindows10.VMPublicIP)" ``` ================================================ FILE: docs/preview/latebreaking.md ================================================ # VSTS Agent System Pre-Requisites ## ![win](../res/win_med.png) Windows [Windows System Pre-Requisties](../start/envwin.md) ## ![osx](../res/apple_med.png) OSX [OSX System Pre-Requisties](../start/envosx.md) ## ![ubuntu](../res/ubuntu_med.png) Ubuntu 16.04 [Ubuntu System Pre-Requisties](../start/envubuntu.md) ## ![redhat](../res/redhat_med.png) RedHat and CentOS [Redhat/CentOS System Pre-Requisties](../start/envredhat.md) ================================================ FILE: docs/preview/logdecorations.md ================================================ # Log decorations Task authors should be able to control how the log output is displayed to the end user. This outlines different decoration options that are available. ## Special lines * Errors * `##[error] I am an error` * Warnings * `##[warning] I am a warning` * Debug * `##[debug] I am a debug output` * Commands * `##[command] I am a command/a tool` * Sections * `##[section] I am a section, which is usually whole task step. Agent injects this internally.` ## Collapse >Note that that if you log an error using ```##vso[task.logissue]error/warning message``` command (see [logging commands](https://github.com/Microsoft/azure-pipelines-tasks/blob/master/docs/authoring/commands.md) here) we will surface those errors in build view and when clicked , we will automatically jump to that particular line. If it's already part of a group, we will auto-expand the group. Task authors can mark any part of the log as a collapsible region using these decorations: Starting the collapsible region - `##[group]` Ending the collapsible region - `##[endgroup]` ### Notes * Nested groups is out of current scope. * Our tool runner can start injecting `##[group]` in front of `##[command]`, that will support grouping, if we need much grainer control over grouping, it can also add `##[endgroup]` when the command outputs the whole text. * The first line of region will be taken as group title by default. * If there's only one line in the region (including the group title), it will not be considered as a collapsible. * If there's `##[group]` with out corresponding `##[endgroup]` we will add implicit `##[endgroup]`. * Decisions on how to we surfaces error/warnings that are part of a group is not covered in this doc. ### Examples Example 1 - ``` ##[group] ##[command]"C:\WINDOWS\system32\cmd.exe" /D /E:ON /V:OFF /S /C "CALL "C:\_temp\e51ecc3a-f080-4f7c-9bf5-d9e5386068c8.cmd"" Write your commands here Use the environment variables input below to pass secret variables to this script ##[group] ##[command]"C:\WINDOWS\system32\cmd.exe" /D /E:ON /V:OFF /S /C "CALL "C:\_temp\e51ecc3a-f080-4f7c-9bf5-f9e5386068c8.cmd"" This is command 2 ##[endgroup] ##[group] ##[command]"C:\WINDOWS\system32\cmd.exe" /D /E:ON /V:OFF /S /C "CALL "C:\_temp\e51ecc3a-f080-4f7c-9bf5-f9e5386068c9.cmd"" ##[endgroup] ##[group:noendgroup] I started a group with out end ##[group] I am a group I am a group ##[endgroup] I am a part of parent group ``` will be perceived as - ``` > ##[command]"C:\WINDOWS\system32\cmd.exe" /D /E:ON /V:OFF /S /C "CALL "C:\_temp\e51ecc3a-f080-4f7c-9bf5-d9e5386068c8.cmd"" > ##[command]"C:\WINDOWS\system32\cmd.exe" /D /E:ON /V:OFF /S /C "CALL "C:\_temp\e51ecc3a-f080-4f7c-9bf5-f9e5386068c8.cmd"" ##[command]"C:\WINDOWS\system32\cmd.exe" /D /E:ON /V:OFF /S /C "CALL "C:\_temp\e51ecc3a-f080-4f7c-9bf5-f9e5386068c9.cmd"" > I started a group with out end ``` ``` v ##[command]"C:\WINDOWS\system32\cmd.exe" /D /E:ON /V:OFF /S /C "CALL "C:\_temp\e51ecc3a-f080-4f7c-9bf5-d9e5386068c8.cmd"" Write your commands here Use the environment variables input below to pass secret variables to this script v ##[command]"C:\WINDOWS\system32\cmd.exe" /D /E:ON /V:OFF /S /C "CALL "C:\_temp\e51ecc3a-f080-4f7c-9bf5-f9e5386068c8.cmd"" This is command 2 ##[command]"C:\WINDOWS\system32\cmd.exe" /D /E:ON /V:OFF /S /C "CALL "C:\_temp\e51ecc3a-f080-4f7c-9bf5-f9e5386068c9.cmd"" v I started a group with out end > I am a group I am a part of parent group ``` Example 2 - Get sources task : Original task - ``` Syncing repository: SomeRepo (Git) Prepending Path environment variable with directory containing 'git.exe'. ##[command]git version git version 2.18.0.windows.1 ##[command]git config --get remote.origin.url ##[command]git clean -ffdx ##[command]git reset --hard HEAD HEAD is now at cb1adf878a7b update swe ##[command]git config gc.auto 0 ##[command]git config --get-all http.https://repohere ##[command]git config --get-all http.proxy ##[command]git -c http.extraheader="AUTHORIZATION: bearer ***" fetch --tags --prune --progress --no-recurse-submodules origin From https://repohere - [deleted] (none) -> origin/teams/some remote: Azure Repos remote: remote: Found 1444 objects to send. (1323 ms) Receiving objects: 0% (1/1444) ... Resolving deltas: 100% (708/708), completed with 594 local objects. 7d80bdb9d646..5214d0492d27 features/DraggableDashboardGrid -> origin/features/DraggableDashboardGrid ... ... ##[command]git checkout --progress --force e48a3009f2a0163d102423eef6ffaf7f4c2a2176 Warning: you are leaving 1 commit behind, not connected to any of your branches: cb1adf878a7b Update CloudStore packages to 0.1.0-20190213.7 and Domino packages to 0.1.0-20190213.7 If you want to keep it by creating a new branch, this may be a good time to do so with: git branch cb1adf878a7b HEAD is now at e48a3009f2a0 update swe ##[command]git config http.https://repohere "AUTHORIZATION: bearer ***" ``` Single grouping - ``` Syncing repository: SomeRepo (Git) Prepending Path environment variable with directory containing 'git.exe'. ##[group] ##[command]git version git version 2.18.0.windows.1 ##[group] ##[command]git config --get remote.origin.url ##[group] ##[command]git clean -ffdx ##[group] ##[command]git reset --hard HEAD ##[group] HEAD is now at cb1adf878a7b update swe ##[group] ##[command]git config gc.auto 0 ##[group] ##[command]git config --get-all http.https://repohere ##[group] ##[command]git config --get-all http.proxy ##[group] ##[command]git -c http.extraheader="AUTHORIZATION: bearer ***" fetch --tags --prune --progress --no-recurse-submodules origin From https://repohere - [deleted] (none) -> origin/teams/some remote: Azure Repos remote: remote: Found 1444 objects to send. (1323 ms) Receiving objects: 0% (1/1444) ... Resolving deltas: 100% (708/708), completed with 594 local objects. 7d80bdb9d646..5214d0492d27 features/DraggableDashboardGrid -> origin/features/DraggableDashboardGrid ... ... ##[group] ##[command]git checkout --progress --force e48a3009f2a0163d102423eef6ffaf7f4c2a2176 Warning: you are leaving 1 commit behind, not connected to any of your branches: cb1adf878a7b Update CloudStore packages to 0.1.0-20190213.7 and Domino packages to 0.1.0-20190213.7 If you want to keep it by creating a new branch, this may be a good time to do so with: git branch cb1adf878a7b HEAD is now at e48a3009f2a0 update swe ##[group] ##[command]git config http.https://repohere "AUTHORIZATION: bearer ***" ``` Single grouping parsed - ``` Syncing repository: SomeRepo (Git) Prepending Path environment variable with directory containing 'git.exe'. > ##[command]git version ##[command]git config --get remote.origin.url ##[command]git clean -ffdx > ##[command]git reset --hard HEAD ##[command]git config gc.auto 0 ##[command]git config --get-all http.https://repohere ##[command]git config --get-all http.proxy > ##[command]git -c http.extraheader="AUTHORIZATION: bearer ***" fetch --tags --prune --progress --no-recurse-submodules origin > ##[command]git checkout --progress --force e48a3009f2a0163d102423eef6ffaf7f4c2a2176 ##[command]git config http.https://repohere "AUTHORIZATION: bearer ***" ``` ================================================ FILE: docs/preview/outdated/conditions.md ================================================ # Task Conditions ## Overview Team build provides users with the capability to create a single definition with multiple different triggers. Depending on the trigger configuration those triggers my also build many different branches. This capability has solved some of the scenarios where customers of Xaml build had to create and maintain multiple build definitions, however, it still falls short in a couple of key ways. One specific example is the ability to have certain triggers do more or less work in a given build. It is very common for a user to want to configure their CI build to be very fast and run a minimal set of tests while having a nightly scheduled build run a larger set of tests. Currently the only option the user has is to fall back on writing a script to run their tests and then check the BUILD_REASON environment variable. While this is a work around is does reduce the overall usefulness of our CI system. To improve on the scenario of having a single build definition that builds multiple different triggers and branches we can introduce the concept of a Conditional on each task and phase that will be evaluated first on the server and then on the agent. In the case of the server evaluation a negative condition acts in the same way a disabled task would and it is removed from the job before it is sent to the agent. ## Expression syntax The UI can provide for an editor but the expression should be stored in a simple syntax that will be easily compatible with config as code scenarios. The syntax will simply be a nested set of functions that are evaluated starting with the inner function and working its way out. All expressions must ultimately result in a boolean. At a later date we could easily add additional evaluators to the expression for string parsing and other operations. Example: Run a step only for the master branch `eq(variables['Source.BranchName'], 'master')` Example: Run a task for all branches other than master `ne(variables['Source.BranchName'], 'master')` `succeeded()` ## UX notes `Runs on` dropdown with following options: * Success * Succes or failed * Always (note, includes canceled) * Condition - When condition is selected, a condition builder area becomes visible. The customer has three inputs: Variable, Operator, Value. And a plus button to add additional conditions. - Conditions are and'ed - TODO: Implicitly wrap `and(success(), ...)` and don't show `agent.jobstatus` in the dropdown? - TODO: Wrap `Value` in single-quotes, unless already contains a single-quote? (required to enable `in`) * Custom - When custom is selected, a text area becomes visible. - ~~~Evaluation will implicitly wrap `and(success(), ...)` if agent.jobstatus variable or job status functions not referenced.~~~ Coalesce with `success()` when custom condition is selected and the text area is left empty. ## Open issues * Need to determine whether variable macro expansion is supported within the expression. Matters for how rules are applied in the future w.r.t. inline expressions. ## Technical reference ### Types #### Boolean `true` or `false` (ordinal case insensitive) #### Null Null is a special type that is returned from a dictionary miss only, e.g. (`variables['noSuch']`). There is no keyword for null. #### Number Starts with `-` `.` or `0-9`. Internally parses into .Net `Decimal` type using invariant culture. Cannot contain `,` since it is a separator. #### String Single-quoted, e.g. 'this is a string' or '' Literal single-quote escaped by two single quotes, e.g. 'all y''all' #### Version Starts with a number and contains two or three `.`. Internall parses into .Net `Version` type. Note, only one `.` is present, then the value would be parsed as a number. #### Object Pre-defined complex objects are available depending on the context. On the agent, `variables` is defined as an object that can be indexed into. ### Indexing rules #### Syntax to access values Two syntaxes are supported for accessing members of an object. * Index syntax - `someComplexObject['someKey']` * Property dereference syntax - `someComplexObject.someKey` - In order to use the property syntax, the property name must adhere to the regex `^[a-zA-Z_][a-zA-Z0-9_]*$` Examples for complex objects: * Chaining accessors: `someComplexObject['firstLevel'].secondLevel` * Nested evaluation: `someComplexObject[anotherObject['someProperty']]` #### Accessor rules * For Objects, when the key does not exist, Null is returned. * For Objects, if the key is not a String an attempt is made to type-cast the key to a String first. If the type-cast, then Null is returned. * For non-indexable values, Null is returned. - This means that `someObject.noSuchKey.noSuchKey2.noSuchKey3` will simply return null. ### Type Casting #### Conversion chart Detailed conversion rules are listed further below. | | | To | | | | | | | | -------- | ----------- | ----------- | ----------- | ----------- | ----------- | ----------- | ----------- | ----------- | | | | **Array** | **Boolean** | **Null** | **Number** | **Object** | **String** | **Version** | | **From** | **Array** | - | Yes | - | - | - | - | - | | | **Boolean** | - | - | - | Yes | - | Yes | - | | | **Null** | - | Yes | - | Yes | - | Yes | - | | | **Number** | - | Yes | - | - | - | Yes | Partial | | | **Object** | - | Yes | - | - | - | - | - | | | **String** | - | Yes | Partial | Partial | - | - | Partial | | | **Version** | - | Yes | - | - | - | Yes | - | Note, Array is not currently exposed via any expressions available on the agent #### Array to Boolean * =\> True #### Boolean to Number * False =\> 0 * True =\> 1 #### Boolean to String * False =\> 'False' * True =\> 'True' #### Null to Boolean * =\> False #### Null to Number * =\> 0 #### Null to String * =\> Empty string #### Number to Boolean * 0 =\> False * Otherwise =\> True #### Number to Version * Must be greater than zero and must contain a non-zero decimal. Must be less than Int32.MaxValue (decimal component also). #### Number to String * =\> Invariant-culture ToString #### Object to Boolean * =\> True #### String to Boolean * Empty string =\> False * Otherwise =\> True #### String to Null * Empty string =\> Null * Otherwise not convertible #### String to Number * Empty string =\> 0 * Otherwise try-parse using invariant-culture and the following rules: AllowDecimalPoint | AllowLeadingSign | AllowLeadingWhite | AllowThousands | AllowTrailingWhite. If try-parse fails, then not convertible. #### String to Version * Try-parse. Must contain Major and Minor component at minimum. If try-parse fails, then not convertible. #### Version to Boolean * =\> True #### Version to String * Major.Minor * or Major.Minor.Build * or Major.Minor.Build.Revision ### Named Values #### variables * Alias to reference the variables object. For example: `variables['Build.Reason']` ### Functions #### and * Evaluates True if all parameters are True * Min parameters: 2. Max parameters: N * Casts parameters to Boolean for evaluation * Short-circuits after first False #### contains * Evaluates True if left parameter String contains right parameter * Min parameters: 2. Max parameters: 2 * Casts parameters to String for evaluation * Performs ordinal ignore-case comparison #### endsWith * Evaluates True if left parameter String ends with right parameter * Min parameters: 2. Max parameters: 2 * Casts parameters to String for evaluation * Performs ordinal ignore-case comparison #### eq * Evaluates True if parameters are equal * Min parameters: 2. Max parameters: 2 * Converts right parameter to match type of left parameter. Returns False if conversion fails. * Ordinal ignore-case comparison for Strings #### ge * Evaluates True if left parameter is greater than or equal to the right parameter * Min parameters: 2. Max parameters: 2 * Converts right parameter to match type of left parameter. Errors if conversion fails. * Ordinal ignore-case comparison for Strings #### gt * Evaluates True if left parameter is greater than the right parameter * Min parameters: 2. Max parameters: 2 * Converts right parameter to match type of left parameter. Errors if conversion fails. * Ordinal ignore-case comparison for Strings #### in * Evaluates True if left parameter is equal to any right parameter * Min parameters: 1. Max parameters: N * Converts right parameters to match type of left parameter. Equality comparison evaluates False if conversion fails. * Ordinal ignore-case comparison for Strings * Short-circuits after first match #### le * Evaluates True if left parameter is less than or equal to the right parameter * Min parameters: 2. Max parameters: 2 * Converts right parameter to match type of left parameter. Errors if conversion fails. * Ordinal ignore-case comparison for Strings #### lt * Evaluates True if left parameter is less than the right parameter * Min parameters: 2. Max parameters: 2 * Converts right parameter to match type of left parameter. Errors if conversion fails. * Ordinal ignore-case comparison for Strings #### ne * Evaluates True if parameters are not equal * Min parameters: 2. Max parameters: 2 * Converts right parameter to match type of left parameter. Returns True if conversion fails. * Ordinal ignore-case comparison for Strings #### not * Evaluates True if parameter is False * Min parameters: 1. Max parameters: 1 * Converts value to Boolean for evaluation #### notIn * Evaluates True if left parameter is not equal to any right parameter * Min parameters: 1. Max parameters: N * Converts right parameters to match type of left parameter. Equality comparison evaluates False if conversion fails. * Ordinal ignore-case comparison for Strings * Short-circuits after first match #### or * Evaluates True if any parameter is true * Min parameters: 2. Max parameters: N * Casts parameters to Boolean for evaluation * Short-circuits after first True #### startsWith * Evaluates true if left parameter string starts with right parameter * Min parameters: 2. Max parameters: 2 * Casts parameters to String for evaluation * Performs ordinal ignore-case comparison #### xor * Evaluates True if exactly one parameter is True * Min parameters: 2. Max parameters: 2 * Casts parameters to Boolean for evaluation #### succeeded * Evaluates True when `in(variables('Agent.JobStatus'), 'Succeeded', 'PartiallySucceeded')` * Min parameters: 0. Max parameters: 0 #### succeededOrFailed * Evaluates True when `in(variables('Agent.JobStatus'), 'Succeeded', 'PartiallySucceeded', 'Failed')` * Min parameters: 0. Max parameters: 0 #### always * Evaluates True when `in(variables('Agent.JobStatus'), 'Succeeded', 'PartiallySucceeded', 'Failed', 'Canceled')`. Note, critical-failure may still prevent a task from running - e.g. get sources plugin failed. * Min parameters: 0. Max parameters: 0 ================================================ FILE: docs/preview/outdated/pipeline.md ================================================ # Pipelines #### Note to readers: This is still in flight so some concepts appear that are not fully flushed out ## Goals - **Define constructs which provide a more powerful and flexible execution engine for RM/Build/Deployment**: Allow pipeline execution with minimal intervention points required from consumers - **Provide a simple yet powerful config as code model**: Easily scale from very simple processes to more complex processes without requiring cumbersome hierarchies and concepts - **Provide data flow constructs for simple variables and complex resources**: Provide semantic constructs for describing how data flows through the system ## Non-Goals - **Provide a full replacement for all existing application-level constructs**: This is not meant to encompass all application semantics in the Build and RM systems ## Terms - **Pipeline**: A construct which defines the inputs and outputs necessary to complete a set of work, including how the data flows through the system and in what order the steps are executed - **Job**: A container for task execution which supports different execution targets such as server, queue, or deploymentGroup - **Condition**: An [expression language](conditions.md) supporting rich evaluation of context for conditional execution - **Task**: A smallest unit of work in the system, allowing consumers to plug custom behaviors into jobs - **Variable**: A name/value pair, similar to environment variables, for passing simple data values - **Resource**: An object which defines complex data and semantics for import and export using a pluggable provider model. See [resources](resources.md) for a more in-depth look at the resource extensibility model. ## Semantic concepts for resources ### Import A keyword which conveys the intent to utilize an external resource in the current job. The resource which is imported will be placed in the job's working directory in a folder of the same name. References to contents within the resource may simply use relative paths starting with the resource name. For instance, if you import a resource named `vso`, then the file `foo.txt` may be referenced within the job simply as `vso/foo.txt`. ### Export A keyword which conveys the intent to publish a resource for potential consumption in a downstream job. The inputs provided to the `export` item are dependent upon the type of resource which is being exported. ### How it works Under the covers `import` and `export` are simply semantic mappings to the resource provider tasks. When the system reads an `import` the statement is replaced with the resource-specific import task as specified by the resource provider. Likewise in place of an `export` the system injects the resource-specific export task as specified by the resource provider. While we could simply document and inform consumers to utlize the tasks directly, this provides a more loosely coupled and easy to read mechanism for performing the same purpose. The keywords also allow the system to infer dependencies between jobs in the system automatically, which further reduces the verbosity of the document. ## Simple pipeline The pipeline process may be defined completely in the repository using YAML as the definition format. A very simple definition may look like the following: ```yaml resources: - name: vso type: self jobs: - name: simple build target: type: queue name: default steps: - import: vso - task: msbuild@1.* name: Build solution inputs: project: vso/src/project.sln arguments: /m /v:minimal - export: artifact name: drop inputs: include: ['bin/**/*.dll'] exclude: ['bin/**/*Test*.dll'] ``` This defines a pipeline with a single job which acts on the current source repository. Since all file paths are relative to a resource within the working directory, there is a resource defined with the type `self` which indicates the current repository. This allows the pipeline author to alias the current repository like other repositories, and allows separation of process and source if that model is desired as there is no implicit mapping of the current repository. After selecting an available agent from a queue named `default`, the agent runs the msbuild task from the server locked to the latest version within the 1.0 major milestone. Once the project has been built successfully the system will run an automatically injected task for the `artifact` resource provider to publish the specified data to the server at the name `drop`. ## Resources While the previous examples only show a single repository resource, it is entirely possible in this model to provide multiple repositories or any number of resources for that matter in a job. For instance, you could have a job that pulls a `TfsGit` repository in addition to a `GitHub` repository or multiple repositories of the same type. For this particular instance the repository which contains the pipeline definition does not contain code itself, and as such there is no self referenced resource defined or needed. ```yaml resources: - name: vsts-agent type: git endpoint: git-hub-endpoint # TBD on how to reference endpoints from this format data: url: https://github.com/Microsoft/vsts-agent.git ref: master - name: vsts-tasks type: git endpoint: git-hub-endpoint # TBD on how to reference endpoints from this format data: url: https://github.com/Microsoft/vsts-tasks.git ref: master jobs: - name: job1 target: type: queue name: default steps: - import: vsts-agent - import: vsts-tasks - task: msbuild@1.* name: Compile vsts-agent inputs: project: vsts-agent/src/build.proj - task: gulp@0.* name: Compile vsts-tasks inputs: gulpfile: vsts-tasks/src/gulpfile.js ``` ## Job dependencies For a slightly more complex model, here is the definition of two jobs which depend on each other, propagating the outputs of the first job including environment and artifacts into the second job. ```yaml resources: - name: vso type: self jobs: - name: job1 target: type: queue name: default steps: - import: vso - task: msbuild@1.* name: Build solution inputs: project: vso/src/project.sln arguments: /m /v:minimal - export: artifact name: drop inputs: include: ['/bin/**/*.dll'] exclude: ['/bin/**/*Test*.dll'] - export: environment name: outputs inputs: var1: myvalue1 var2: myvalue2 - name: job2 target: type: queue name: default steps: - import: jobs('job1').exports('drop') - import: jobs('job1').exports('outputs') - task: powershell@1.* name: Run dostuff script inputs: script: drop/scripts/dostuff.ps1 arguments: /a:$(job1.var1) $(job1.var2) ``` This is significant in a few of ways. First, we have defined an implicit ordering dependency between the first and second job which informs the system of execution order without explicit definition. Second, we have declared a flow of data through our system using the `export` and `import` verbs to constitute state within the actively running job. In addition we have illustrated that the behavior for the propagation of outputs across jobs which will be well-understood by the system; the importing of an external environment will automatically create a namespace for the variable names based on the source which generated them. In this example, the source of the environment was named `job1` so the variables are prefixed accordingly as `job1.var1` and `job1.var2`. ## Conditional job execution By default a job dependency requires successful execution of all previous dependent jobs. Job dependencies are discovered by looking at the `condition` and `import` statements for a job to determine usages of the `jobs()` function. All referenced jobs from these statements are considered dependencies and if no custom condition is present a default expression is provided by the system requiring successful execution of all dependencies. This default behavior may be modified by specifying a custom job execution [condition](conditions.md). For instance, we can modify the second job from above as follows to provide different execution behaviors: ### Always run ```yaml - name: job2 target: type: queue name: default condition: "in(jobs('job1').result, 'succeeded', 'failed', 'canceled', 'skipped')" .... ``` The condition above places an implicit ordering dependency on the completion of `job1`. Since all result conditions are mentioned `job2` will always run after the completion of `job1`. The presence of the custom condition completely overrides the default behavior of success, configuring this job to run for any result. ### Run based on outputs ```yaml - name: job2 target: type: queue name: default condition: "and(eq(jobs('job1').result, 'succeeded'), eq(jobs('job1').exports.outputs.var1, 'myvalue'))" .... ``` The condition above places both a success requirement and the comparison of an output from `job1` which may be dynamically determined during execution. The ability to include output variables from a previous job execution to provide control flow decisions later opens up all sorts of conditional execution policies not available in the current system. Again, as in the previous example, the presence of a custom condition overrides the default behavior. ### Run if a previous job failed ```yaml jobs: - name: job1 target: type: queue name: default steps: ..... - name: job1-error target: type: server condition: "eq(jobs('job1').result, 'failed')" steps: ..... ``` In the above example the expression depends on an output of the `job1`. This will place an implicit execution dependency on the completion of `job1` in order to evaluate the execution condition of `job1-error`. Since we only execute this job on failure of a previous job, under normal circumstances it will be skipped. This is useful for performing cleanup or notification handling when a critical step in the pipeline fails. ## Job Toolset Plugins The default language for a job will be the presented thus far which, while powerful and quite simple, still requires rigid knowledge of the available tasks and system to accomplish even the simplest of tasks. Individual project types, like those which build and test node projects, may find the learning curve for getting started higher than it needs to be. One important tenet of our system is that it is not only powerful but also approachable for newcomers alike. In order to satisfy the on-boarding of more simple projects, we will allow for the job definition language to be extended via `toolset` plug-ins. The general idea behind toolsets would be that for certain tools, such as node, there are common actions which need to occur in most, if not all, jobs which build/test using that specific tool. The plug-in would simply authoring of the job contents by providing custom pluggable points that make sense for that particular job type. Additionally certain things would *just happen*, such as installing the toolset and placing it in the path automatically. For an example of how the internals of a custom language may look, see the [following document](https://github.com/Microsoft/vsts-tasks/blob/master/docs/yaml.md). ## Task Templates Tasks are another construct which may be templated. On the server these are known as `TaskGroups`, and this provides a mechanism for performing the same style of reuse without requiring interaction with the server model. ```yaml inputs: - name: project type: string - name: platform type: string defaultValue: AnyCPU - name: configuration type: string defaultValue: Debug - name: testAssemblies type: string - task: msbuild@1.* name: "Build {{ inputs('project') }}" inputs: project: "{{ inputs('project') }}" arguments: "/p:Platform={{ inputs('platform') }} /p:Configuration={{ inputs('configuration') }}" - task: vstest@1.* name: "Test {{ inputs('testAssemblies') }}" inputs: assemblies: "{{ inputs('testAssemblies') }}" ``` If the above file were located in a folder `src/tasks/buildandtest.yml`, a job may include this group with the following syntax: ```yaml jobs: - name: build target: type: queue name: default steps: - import: code - include: code/src/tasks/buildandtest.yml inputs: project: code/src/dirs.proj testAssemblies: code/bin/**/*Test*.dll ``` This provides the ability to build up libararies of useful functionality by aggregating individual tasks into larger pieces of logic. ## Looping Often it is desirable to run a job across different environments, toolsets, or inputs. In examples we have analyzed thus far the user has the requirement of being very explicit about all combinations of inputs which may become daunting when the list grows beyond 2 or 3. The solution to this growth problem is the introduction of a looping construct, which allows the author to define a list of items to be used as items to apply to the template. In order to illustrate the scenario, consider the task template from the previous section. We would now like to run the same set of steps in different jobs for a set of inputs. With the constructs we have defined thus far, we would be required to list each job explicitly for the different input sets desired. ```yaml resources: - name: code type: git data: url: https://github.com/Microsoft/vsts-agent.git ref: master jobs: - name: x86-release target: type: queue name: default steps: - import: code - task: code/src/tasks/buildandtest.yml inputs: project: code/src/dirs.proj platform: x86 configuration: release testAssemblies: code/bin/x86/**Test*.dll - name: x64-release target: type: queue name: default steps: - import: code - task: code/src/tasks/buildandtest.yml inputs: project: code/src/dirs.proj platform: x64 configuration: release testAssemblies: code/bin/x64/**Test*.dll - name: finalize target: server condition: and(succeeded('x86-release'), succeeded('x64-release')) steps: .... ``` Using looping constructs, we can reduce duplication and simplify our process considerably. Taking a look at the previous example, we are effectively performing the same work twice with two different values for the `release` input to our task. Instead of listing this twice, we could simply apply a list of items and allow the system to expand this for us. ```yaml resources: - name: code type: git data: url: https://github.com/Microsoft/vsts-agent.git ref: master jobs: - name: "build-{{item}}-release" target: type: queue name: default steps: - import: code - task: code/src/tasks/buildandtest.yml inputs: project: code/src/dirs.proj platform: "{{item}}" configuration: release testAssemblies: "code/bin/{{item}}/**Test*.dll" with_items: - x86 - x64 - name: finalize target: server condition: and(succeeded('x86-release'), succeeded('x64-release')) steps: .... ``` As you can see in our example above, the looping construct removed our duplicated job logic and allowed us to more concisely define the desired logic and input sets. If more than a single value should be considered for each iteration, the system will also allow for an array of dictionaries as the input source. This allows for more complex and powerful iterators where there is more than a single dimension: ```yaml resources: - name: code type: git data: url: https://github.com/Microsoft/vsts-agent.git ref: master jobs: - name: "build-{{item.platform}}-{{item.configuration}}" target: type: queue name: default variables: "{{item}}" steps: - import: code clean: false - task: code/src/tasks/buildandtest.yml inputs: project: code/src/dirs.proj platform: $(platform) configuration: $(configuration) testAssemblies: code/bin/$(platform)/**Test*.dll with_items: - platform: x86 configuration: release - platform: x86 configuration: debug - platform: x64 configuration: release - platform: x64 configuration: debug - name: finalize target: server condition: and(succeeded('x86-release'), succeeded('x64-release'), succeeded('x86-debug'), succeeded('x64-debug')) steps: .... ``` Other looping constructs may be introduced in the future, such as the concept of a cross product is computed from multiple lists in order to build matrix. At this time, however, the explicit looping construct should be sufficent for most scenarios and provides for a cleaner description language. ## Pipeline Templates Pipelines may be authored as stand-alone definitions or as templates to be inherited. The advantage of providing a model for process inheritance is it provides the ability to enforce policy on a set of pipeline definitions by providing a master process with configurable overrides. ### Defining a Template The definition for a template from which other pipelines inherit, in the most simple case, looks similar to the following pipeline. This particular file would be dropped in `src/toolsets/dotnet/pipeline.yml` and is modeled after the existing ASP.NET Core template found on the service. ```yaml # All values which appear in the inputs section are overridable by a definition # which extends the template. parameters: # Controls the name of the queue which jobs should use queueName: default # Controls the pattern for build project discovery projects: **/project.json # Controls the input pattern for test project discovery testProjects: **/*Tests/project.json # Controls whether or not web projects should be published publishWebProjects: true # Controls whether or not the published projects should be zipped zipPublishedProjects: true # Defines the input matrix for driving job generation from a template matrix: - buildConfiguration: release dotnet: 1.1 # Defines the customizable stages that may be overridden. Each group # is expected to contain 0 or more task directives, which will be injected # at specific points in the template output. groups: before_install: before_restore: before_build: before_test: before_publish: after_publish: # In our resource list a self reference type is inferred by the system. The name 's' has been chosen in this # case for backward compatibility with the location of $(build.sourcesdirectory). resources: - name: s type: self jobs: - with_items: "{{matrix}}" name: "build-{{item.buildConfiguration}}" target: type: queue name: "{{queueName}}" variables: "{{item}}" steps: - import: s - group: before_install - task: dotnetcore@0.* name: install inputs: command: install arguments: "--version {{item.dotnet}}" - group: before_restore - task: dotnetcore@0.* name: restore inputs: command: restore projects: "{{projects}}" - group: before_build - task: dotnetcore@0.* name: build inputs: command: build arguments: --configuration $(buildConfiguration) - group: before_test - task: dotnetcore@0.* name: test inputs: command: test projects: {{testProjects}} arguments: --configuration $(buildConfiguration) - group: before_publish - task: dotnetcore@0.* name: publish inputs: command: publish arguments: --configuration $(buildConfiguration) --output $(build.artifactstagingdirectory) publishWebProjects: {{publishWebProjects}} zipPublishedProject: {{zipPublishedProjects}} - export: artifact name: drop condition: always() inputs: pathToPublish: $(build.artifactstagingdirectory) - group: after_publish ``` There are a couple of points which should be made clear before we move on. First, the context within a template is implicitly set to the `inputs` object to avoid the need to reference it explicitly. Second, we have a couple of examples where we are using an object expansion to inject an array variable as the array of another property. For instance, the `group` tag is just a place-holder for a task group, which is itself just an object which contains a list of tasks. The `group` tag is special in that the template author is allowing the derived definition to replace or inject behavior at particular points of the process. We also see this when providing all of the values from the matrix item as variables which will then be accessible as environment variables within the job downstream. Since the item being iterated is an array of dictionaries, and the `variables` property is expected itself to be a dictionary, we are able to safely perform this replacement using templating syntax. ```yaml - variables: "{{item}}" ``` ### Using a Template A usage of this template is shown below. Assuming the code being built lives in the same repository as this file and the defaults provided are sufficient (e.g. using project.json, you want zip and publish your web application, and you only want to build, test, and package a release build verified against the latest dotnet framework) then your file may be as simple as what you see below. ```yaml # Since this file does not have a location qualifier and the toolset does not have required inputs, this is # all that is required for the most simple of definitions that fit our pre-defined model. uses: dotnet ``` If the code author desires to build and test their code on multiple dotnet versions or multiple build configurations, there is a top-level `matrix` property which may be overridden to specify specific configurations and versions. The defaults provided by the template above are `buildConfiguration: release, dotnet: 1.1`. In our example below, we want to build and verify our application against both `dotnet: 1.0` and `dotnet: 1.1`, so we override the matrix with the necessary values. ```yaml # Since this file does not have a location qualifier and the toolset does not have required inputs, this is # all that is required for the most simple of definitions that fit our pre-defined model. uses: dotnet # Specify the matrix input by defining it inline here. In this example we will run the default project, test, # publish step for the release configuration and dotnet versions 1.0 and 1.1. matrix: - buildConfiguration: release dotnet: 1.0 - buildConfiguration: release dotnet: 1.1 ``` Assuming more control is needed, such as the injection of custom steps into the pre-defined lifecycle, there are a few override points defined in the initial template as the empty `group` elements with the job steps. These may be specified in the top-level file and will be overlayed on top of the base template execution time as appropriate. ```yaml # Since this file does not have a location qualifier and the toolset does not have required inputs, this is # all that is required for the most simple of definitions that fit our pre-defined model. uses: dotnet # Individual steps within the toolset lifecycle may be overridden here. In this case the following injection # points are allowed. Each overridable section is denoted in the template by the 'group' step type, which serves # as a named placeholder for implementations to inject custom logic and well-understood points without # understanding the entire job execution. groups: before_install: - task: powershell@1.* name: My custom powershell install step inputs: script: src/scripts/preinstall.ps1 # before_restore: # before_build: # before_test: # before_publish: # after_publish: # Specify the matrix input by defining it inline here. In this example we will run the default project, test, # publish step for the release configuration and dotnet versions 1.0 and 1.1. matrix: - buildConfiguration: release dotnet: 1.0 - buildConfiguration: release dotnet: 1.1 ``` ## Containers Containers can provide for much more flexible pipelines by enabling individual jobs to define their execution environemtn without requiring toolsets and dependencies to be installed on the agent machines. Each job can sepcify one or more container images to be used to execute tasks along with additional container images to be started and linked to the job execution container. Container image operating systems must match the host operating system the agent is running on. Prior to running tasks the agent will start a container based on the image specified, map in the resources as volumes, start and link any additional services and setup environment variables. If you want to build containers as part of your job you will need to specify that the docker daemon should be made available to your job by setting maphost property to true ```yaml # define a container image resource. resources: - name: job1image type: docker-image endpoint: id: msazure-docker-endpoint-id data: image: msazure/nodestandard tag: 2017-1 - name: redis-services type: docker-image data: image: redis tag: 3.0.7 jobs: - name: job1 # define the container for the job along with any services that should be linked to the container container: image: job1image maphost: true services: - name: redis image: redis-service steps: - task: bash@1.x name: Run build script inputs: script: build.sh - task: bash@1.x name: Test app inputs: script: test.sh ``` Having the agent start the container on the host prior to running tasks potentially enables some other interesting capabilities like controlling access to certian internet resources. For example if you have a policy in your organziation that you should not pull packages from nuget.org the container networking could be configured wiht a proxy that prevents access. ================================================ FILE: docs/preview/outdated/resources.md ================================================ # Resources ## Goals - **Provide generic construct for data flow through a pipeline**: Consume and publish resources which may then be consumed downstream - **Provide extensible mechanism for consuming any resource type**: Pluggable resource providers allow for future extensibility with minimal changes - **Provide smarter routing for agent pools**: Provide smarter agent allocation based on required resources matched against what already exists on the agent - **Provide disk space insights and administration from the server**: Having a concept of resources provides better insight into what is taking space on your agents - **Decouple the agent from resource acquisition to reduce required agent updates**: Providing an extensible and clean surface area reduces the coupling between the agent and server for fewer forced updates ## Resource Contract Broken down into the most simple concepts possible, the purpose of the execution engine is to flow variables and data from job to job and machine to machine. Most importantly, a key insight is that the execution engine doesn't need to understand the internals of the data propagating through different stages within a pipeline, but only how to identify, retrieve, and update the different types of data. For this reason, the proposal outlined here is to formalize the concept of an extensible type known simply as `Resource` with the following properties: ```yaml resource: name: string # A local name by which this resource is referenced type: string # A type of resource for provider selection endpoint: ordinal name to an endpoint # An optional reference to a managed endpoint id: string # A provider-specific value for resource identification data: object # An opaque structure provided for/by the provider ``` ## Resource Identification Resources downloaded on the agent, including repositories, build artifacts, nuget packages, etc., should be registered with and tracked by the server to provide better agent routing and visibility for pool administrators to determine which definitions and resources consume the most space. In order to provide this selection, the messages delivered to the agent for running jobs will need to be altered to include a list of the resources which are required for the job. For instance, a pipeline which consumes a build drop artifact, a git repository, and a nuget package may look something like the following: *Note: The instance identifier is listed as a format string for illustrative purposes and would be computed prior to agent selection or delivery to the agent for matching agent resources to resource requirements. The resource provider, determined by the resource type, is responsible for specifying the set of properties used for identifying a specific version of the corresponding resource type.* ```yaml job: resources: - name: build type: vsts.build id: "{{data.collectionId}}.{{data.buildId}}.{{data.artifactName}}" endpoint: system-endpoint-id data: collectionId: "45a325da-9ad3-4e34-a044-5a6765528113" projectId: "ac963673-c64a-48d4-b7f5-28e44a9db45c" definitionId: 4 buildId: 27 artifactName: drop - name: vso type: git id: "{{data.url}}" endpoint: github-endpoint-id data: url: "https://github.com/Microsoft/vsts-tasks.git" ref: master - name: nuget_refs type: nuget id: "{{endpoint.id}}.{{data.feed}}.{{data.package}}.{{data.version}}" endpoint: nuget-endpoint-id data: feed: my feed package: my package version: "2.1.0.0" ``` When requesting an agent, the system will attach all resources needed for the job to the agent requirements. The pool orchestrator will then take the requested resources into consideration while selecting an agent to attempt to reduce resource downloads to a minimum. Resources will be identified and matched by the tuple (resource.type, resource.id), so a given resource type is **REQUIRED** to specify an ID formatting specification which is unique to a specific resource for that type only. ## Resource Caching When the agent receives a job message from the server that includes a resource list, it will determine up-front where the resource should be located based on a combination of the target definition and the resource identifiers provided by the server. By default, the local folder for resources will be contained within the working folder for a build definition (for instance, `$(Agent.InstallDir)\_work\1\{resource.name}`). Prior to execution of a job, the agent will compute and either reference existing folders or create new empty folders for all resources included in the job. The local folder on disk is always based on the name of the resource which allows for easy discovery of files within a resource. For instance, given the resources in the job above the agent might generate the following stucture on disk: ``` $(Agent.InstallDir) _work 1 build # locally generated folder for resource 'build' vso # locally generated folder for resource 'vso' nuget_refs # locally generated folder for resource 'nuget_refs' ``` The agent will then populate the environment with mappings which translate a resource name to the location on disk allocated for the resource. It is important to note that since the agent itself has no concept of the internals of a resource, it is up to the resource download task to determine what the appropriate behavior is if the current resource folder is detected to be dirty (e.g. re-download, incremental update, etc). In order to retain the separation of concerns between the directory manager of the agent and the actual downloading of resources to disk, the task library will be updated to provide the ability to retrieve resources by name. The task library will be updated to provide functions to retrieve a resource by name, similar to the way a task can retrieve a service endpoint by ID: ``` // returns the full resource from the job environment getResource(name: string): Resource ``` Once a resource has been successfully placed on disk (e.g. the resource download task completes successfully) the agent will register the resource with the list of cached items on the server in addition to tracking the items locally on the agent itself. The server cache list will consist of the following contract for reporting contents: ```yaml cache: size: long # aggregate size of all items in the cache items: - resource: id: string # the computed id for identifying this resource instance/version type: string # the resource type or provider name name: string # This may not make sense when dealing with shared resources as the name can differ across definitions size: long # size of the resource in bytes location: string # location of the resource on disk createdOn: datetime # date and time of download lastAccessedOn: datetime # date and time of last hit from a job ``` As the cache is populated the agent selection algorithm can adjust to prefer agents that have the fewest unavailable resources for running a given job. This should dramatically speed up re-runs of jobs in addition to running a triggered job with previously downloaded resources. A key point to reiterate in this section is the responsibility of the agent is to determine the local folder in which resource should be placed, not to actually manage or place them. This decouples the responsibility of local disk management and resource download, ensuring we have a clean contract between the agent and the tasks which it runs. ## Resource Download and Upload Since the core pipeline engine does not understand how to actually acquire or update specific resources, we will need to provide a pluggable mechanism by which resource providers may inject logic to perform this actions on behalf of the system. The current mechanism for plugging into the agent is tasks and that is the proposed mechanism for extended the agent for resource consumption and production. Similar to the release management artifact extensibility model, resource types will register tasks for both the download and upload actions on a particular resource. The main difference between the release management model and the proposed model is a resource provider **MUST** implement a download task as well as an upload task, as there will be no known types to the system. By analyzing the resources needed in a job, the server will automatically inject the necessary tasks implementations as specified by the provider. The key to representing these as tasks rather than implicit plugins on agent is it allows consumers to rearrange the acquisition of resources with respect to their own custom tasks, where today the artifact and repository acquisitions **MUST** be the first step in the job. A secondary advantage to driving all resource acquisition with tasks is it allows us to decouple the agent from any specific artifact implementation and reduce our schedule of required agent updates short of a security issue, core agent logic bug, or breaking change in the contract between the agent and server. ## Resource Sharing While out of scope for the current work, it is useful to describe how we might begin to share resources across definitions to get further improvements and a fairly large reduction in disk space usage on the agent. With a few small changes to the layout structure on disk, in addition to the introduction of containers, we may be able to further improve resuse of resources on an agent. Instead of downloading resources to per-definition folders, we would instead download them to a shared cache folder which sits side by side with the per-definition working folder. Prior to handing over to the resource download tasks, the agent would setup junction points (shown below as rN folders) for definition-specific mappings into the shared resource folders. ``` $(Agent.InstallDir) _work 1 build => r1 vso => r2 nuget_refs => r3 r1 # locally generated folder for resource 'build' based on the id r2 # locally generated folder for resource 'vso' based on the id r2 # locally generated folder for resource 'nuget_refs' based on the id ``` While this would dramatically improve sharing of resources and reduce disk space, it does require knowledge of sharing on the part of the definition author and may pose more challenges than it is worth. Ideally we would mount the shared directories into the definition working space in a copy-on-write mode, where the source folder is read only and changes are applied on top the source volume per-definition. Further investigation will need to be done in order to determine if containers help us out in this area. ## History (how did we get here) Team build provides the ability to explicitly select a single repository for automatic download to the agent and for the purposes of triggering. While this works for the simple case of a product with source contained to a single repository, this does not work for larger projects which may have source aggregated across multiple repositories and even repository providers. There is currently an abstraction for repository in build which factors out the common properties as first-class while leaving the provider-specific properties as an opaque data dictionary with the following contract: ```yaml repository: id: string type: string name: string defaultBranch: string rootFolder: string clean: string checkoutSubmodules: boolean properties: (string, string) ``` A few of non-first class properties leaked into the core object contract, such as 'clean', 'checkoutSubmodules', and 'rootFolder'. In addition to non-shared properties being driven into the core contract, we also never formally introduced the concept of a repository to core the core execution engine. Due to the lack of a formal concept in distributed task the repository is first converted to a `ServiceEndpoint` before being sent to the agent as the core execution system does not have a concept of a `Repository`. While this works in many cases it is not without problems as well. - It overloads the meaning of a `ServiceEndpoint` to not only convey shared credentials to a remote endpoint but also represent configuration options specific to the instance - It confuses the agent when running the build plug-in since we have no way of knowing if the service endpoint was injected by the build system from a repository object or if the user simply defined a custom endpoint that points to `GitHub` for the purposes of working with data on that service - The concept of a repository and how it is downloaded is currently tightly coupled with the agent binary, which requires an agent update any time new functionality is to be delivered or bugs are fixed While it may make sense to introduce a first-class concept of repository into the core execution engine, it's not clear there is a necessity to do so. Taking a step back at the existing concepts and semantics we support in our application layers today: - Build - Supports a repository with rich triggering semantics and the ability to produce and associate artifacts with a build, such as build drop artifacts or azure packages to be consumed by a downstream release - Does **NOT** provide a mechanism for consuming the outputs of a previous build as the input to another build - Release Management - Supports a generic concept of `Artifact` which can represent a build output artifact, a repository, a nuget package, or any other type of resource which is extensible - Does **NOT** support triggering based on source changes since the application layer knows only of generic artifacts and doesn't understand the semantics of a repository or any other artifact other than a build. - Does **NOT** not support publishing capabilities, only consumption, so you cannot produce a zip from a release and attach it as an output for triggering another release Both application layers have their strengths and weaknesses when it comes to artifact management, and the goal of this design is to take both application layer concepts and expose them in the execution engine so as to supersede and represent both concepts equally for a more powerful runtime. Another key prinicple to keep in mind is there needs to be a clear separation between what we consider the application layer, which deals in semantics (repositories are an example of a resource with strong semantics), and the execution engine, which deals with generic constructs and the flow of data (repositories are modeled as a generic resource, seen like any other opaque source of data). ================================================ FILE: docs/preview/outdated/yaml/dot-net-core-template.yaml ================================================ --- # Agent queue queue: "Default" # Additional variables variables: {} # Restore restoreArguments: "" # Build buildProjects: "**/*.sln" buildArguments: "" buildConfiguration: "Debug" # Test testProjects: "**/*test*.csproj" # Publish publishWebProjects: False publishArguments: "" # # Stage and publish drop # copyPattern: # - "**" # copyRoot: s # dropStagingPath: "$(Build.ArtifactStagingDirectory)" # dropArtifactName: "drop-$(BuildConfiguration)-$(BuildPlatform)" # dropType: Container # Container or FilePath # dropPath: "" # Only required if FilePath --- # Self repo resources: - name: s type: self phases: - name: "Build" target: type: queue name: {{queue}} jobs: - name: "Build" variables: # - name: BuildConfiguration # value: "{{buildConfiguration}}" # - name: BuildPlatform # value: "{{buildPlatform}}" {{#each variables}} - name: "{{@key}}" value: "{{this}}" {{/each}} steps: - phase: preRestore - phase: restore steps: - task: DotNetCoreCLI@0.* display: Restore inputs: command: restore publishWebProjects: true projects: "{{buildProjects}}" arguments: "{{restoreArguments}}" zipAfterPublish: true - phase: postRestore - phase: preBuild - phase: build steps: - task: DotNetCoreCLI@0.* display: Build inputs: command: build publishWebProjects: true projects: "{{buildProjects}}" arguments: "--configuration $(buildConfiguration) {{buildArguments}}" zipAfterPublish: true - phase: postBuild - phase: preTest - phase: test steps: - task: DotNetCoreCLI@0.* display: Test inputs: command: test publishWebProjects: true projects: "{{testProjects}}" arguments: "--configuration $(buildConfiguration) --logger:trx {{testArguments}}" zipAfterPublish: true - phase: postTest - phase: prePublish - phase: publish steps: - task: DotNetCoreCLI@0.* display: Publish inputs: command: publish publishWebProjects: "{{publishWebProjects}}" projects: "" arguments: "--configuration $(buildConfiguration) --output $(build.artifactstagingdirectory) --framework netcoreapp1.1 {{publishArguments}}" zipAfterPublish: true - phase: postPublish - phase: preTestResults - phase: testResults steps: - task: PublishTestResults@2.* display: Publish Test Results inputs: testRunner: VSTest, testResultsFiles: "**/TestResults/*.trx", searchFolder: "$(System.DefaultWorkingDirectory)", mergeTestResults: "true", testRunTitle: "", platform: "", configuration: "", publishRunAttachments: "true" - phase: postTestResults - phase: preArtifact - phase: artifact steps: - task: PublishBuildArtifacts@1.* display: Publish Artifact inputs: PathtoPublish: "$(build.artifactstagingdirectory)", ArtifactName: WebApp, ArtifactType: Container, TargetPath: "\\\\my\\share\\$(Build.DefinitionName)\\$(Build.BuildNumber)" - phase: postArtifact ================================================ FILE: docs/preview/outdated/yaml/dot-net-core.yaml ================================================ template: name: dot-net-core-template.yaml parameters: buildProjects: "**/*.sln" buildConfiguration: "Debug" testProjects: "test/**/*.csproj" ================================================ FILE: docs/preview/outdated/yaml/vsbuild-template.yaml ================================================ --- # Agent queue queue: "" # Job expansion matrix: - buildConfiguration: release buildPlatform: any cpu # Additional variables variables: {} # Restore restoreSolution: "s/**/*.sln" restoreNuGetVersion: 3.3.0 # Build buildSolution: "s/**/*.sln" buildArguments: "" buildClean: false buildVSVersion: 15.0 # Test testPattern: - "**/*test*.dll" - "!**/obj/**" testRoot: s # Symbols symbolsPattern: "**/bin/**/*.pdb" symbolsRoot: s symbolsStore: "" symbolsSkipIndex: false symbolsWarnIfNotIndexed: false # Stage and publish drop copyPattern: - "**" copyRoot: s dropStagingPath: "$(Build.ArtifactStagingDirectory)" dropArtifactName: "drop-$(BuildConfiguration)-$(BuildPlatform)" dropType: Container # Container or FilePath dropPath: "" # Only required if FilePath --- # Self repo resources: - name: s type: self phases: - name: "VS Build" target: type: queue name: {{queue}} jobs: {{#matrix}} - name: "build-{{buildConfiguration}}-{{buildPlatform}}" variables: - name: BuildConfiguration value: "{{buildConfiguration}}" - name: BuildPlatform value: "{{buildPlatform}}" {{#each @root.variables}} - name: "{{@key}}" value: "{{this}}" {{/each}} steps: - phase: preRestore - phase: restore steps: - task: NuGetInstaller@0.* inputs: solution: "{{@root.restoreSolution}}" restoreMode: restore nuGetVersion: "{{@root.restoreNuGetVersion}}" - phase: postRestore - phase: preBuild - phase: build steps: - task: VSBuild@1.* inputs: solution: "{{@root.buildSolution}}" msbuildArgs: "{{@root.buildArguments}}" configuration: "{{buildConfiguration}}" platform: "{{buildPlatform}}" clean: "{{@root.buildClean}}" vsVersion: "{{@root.buildVSVersion}}" msbuildArchitecture: x86 logProjectEvents: false createLogFile: false - phase: postBuild - phase: preTest - phase: test steps: - task: VSTest inputs: testAssemblyVer2: "{{#each @root.testPattern}}{{#unless @first}}\n{{/unless}}{{this}}{{/each}}" searchFolder: "{{@root.testRoot}}" configuration: "{{buildConfiguration}}" platform: "{{buildPlatform}}" - phase: postTest - phase: preSymbols - phase: symbols steps: - task: PublishSymbols@1.* inputs: SearchPattern: "{{@root.symbolsPattern}}" SymbolsFolder: "{{@root.symbolsRoot}}" SymbolsPath: "{{@root.symbolsStore}}" SkipIndexing: "{{@root.symbolsSkipIndex}}" TreatNotIndexedAsWarning: "{{@root.symbolsWarnIfNotIndexed}}" SymbolsArtifactName: "Symbols_{{buildConfiguration}}_{{buildPlatform}}" - phase: postSymbols - phase: preDrop - phase: drop steps: - task: CopyFiles@2.* inputs: Contents: "{{#each @root.copyPattern}}{{#unless @first}}\n{{/unless}}{{this}}{{/each}}" SourceFolder: "{{@root.copyRoot}}" TargetFolder: "{{@root.dropStagingPath}}" - task: PublishBuildArtifacts@1.* inputs: PathtoPublish: "{{@root.dropStagingPath}}" ArtifactName: "{{@root.dropArtifactName}}" ArtifactType: "{{@root.dropType}}" TargetPath: "{{@root.dropPath}}" - phase: postDrop {{/matrix}} ================================================ FILE: docs/preview/outdated/yaml/vsbuild.yaml ================================================ # target: # type: queue # name: myQueue template: name: vsbuild-template.yaml parameters: queue: myQueue projects: myProject.sln matrix: - buildConfiguration: debug buildPlatform: any cpu - buildConfiguration: release buildPlatform: any cpu variables: myCustomVar1: my value 1 myCustomVar2: my value 2 steps: preBuild: - task: credscan@1.* ================================================ FILE: docs/preview/outdated/yamldeserialization.md ================================================ # VSTS YAML deserialization This document describes the details of the YAML deserialization process. This is not a "getting started" document. Several expansion mechanisms are available during the deserialization process. The goals are: 1. Enable process reuse (maintainability) 1. Enable a simple getting-started experience The deserialzation process occurs when a definition is triggered (manual, CI, or scheduled). All expansion mechanisms discussed in this document, occur during the deserialization process. In this sense, all mechanisms discussed here are "static". This document does not discuss dynamic mechanisms - i.e. adding additional jobs, after initial construction. ## Structural overview The YAML document describes an entire process. At a high level, the structure of a process is: ``` ├───resources (endpoints, etc) └───phases ├───phase │ ├───target # e.g. agent queue │ └───jobs │ ├───job # e.g. a build │ │ ├───variables │ │ └───steps │ │ ├───step # e.g. run msbuild │ │ └───[...] │ └───[...] └───[...] ``` ### Level inference In the spirit of simplicity, the YAML file is not required to define the full structural hierarchy. For example, a very simple process may only define steps (one job implied, one phase implied): ```yaml steps: - task: VSBuild@1.* inputs: solution: "**/*.sln" configuration: "Debug" platform: "Any CPU" ``` In short, the rules are: - Where a process is defined, properties for a single phase can be specified without defining `phases -> phase`. - Where a process is defined, properties for a single job can be specified without defining `phases -> phase -> jobs -> job`. - Where a phase is defined, properties for a single job can be specified without defining `jobs -> job`. The inference rules apply to templates as well. For details, see the schema reference section below. ## Deserialization overview The static expansion mechanisms can largely be separated into two categories: 1) mustache preprocessing and 2) templates. Additionally, templates depend on mustache preprocessing as the mechanism for passing parameters into a template. At a high level, the deserialization process is: 1. Preprocess file (mustache) 1. Deserialize yaml 1. If structure references a template 1. Preprocess template (mustache) 1. Deserialize yaml 1. If structure references a template, recursively repeat 3.i 1. Merge structure into caller structure ## Mustache Each YAML file that is loaded is run through mustache preprocessing. ### Mustache escaping rules Properties referenced using `{{property}}` will be JSON-string-escaped. Escaping can be omitted by using the triple-brace syntax: `{{{property}}}`. ### Server generated mustache context When a definition is triggered (manual, CI, or scheduled), information about the event will be available as the mustache context object. The available data will be similar to the \"variables\" that are available server side today when a build is queued. ### User defined mustache context The server generated context will be overlaid onto optional user defined context. *Yaml front matter* is a common technique to define metadata at the beginning of a document. Using YAML front matter, user defined context can be defined in a separate section, distinguished by a starting line `---` and ending line `---`. Example YAML front matter: ```yaml --- matrix: - buildConfiguration: debug buildPlatform: any cpu - buildConfiguration: release buildPlatform: any cpu --- jobs: {{#each matrix}} - name: build-{{buildConfiguration}}-{{buildPlatform}}} - task: VSBuild@1.* inputs: solution: "**/*.sln" configuration: "{{buildConfiguration}}" platform: "{{buildPlatform}}" {{/each}} ``` ## Templates Templates enable portions of a process to be imported from other files. ### Template parameters When a template is referenced, the caller may pass parameters to the template. The parameters are overlaid onto any user defined context in the target file (YAML front matter). The overlaid object is used as the mustache context during template deserialization. Default parameter values can be specified in the template's YAML front matter. Since the caller-defined parameter values are overlaid on top, any parameters that are not specified will not be overridden. TODO: What about the server generated context? Should that always be available in the mustache context during template deserialization without the caller explicitly passing it in? Should all outer root context? TODO: EXAMPLES ### Template granularity Templates may be used to define an entire process, or may be used to pull in smaller pieces. The following types of templates are supported: - entire process - array of phases - array of jobs - array of variables - array of steps TODO: MORE DETAILS ABOUT HOW ARRAYS ARE PULLED IN, MULTIPLE ARRAYS CAN BE PULLED INTO SINGLE OUTER ARRAY TODO: EXAMPLES ### Template chaining Templates may reference other templates, but only at lower level objects in the hierarchy. For example, a process template can reference a phases template. A process template cannot reference another process template. ### TODO: Discuss overrides and selectors ### What-if mode A "what-if" mode is supported for debugging the YAML static expansion and deserialization process. What-if mode dumps the constructed pipeline to the console, and exits. Example: ``` ~/vsts-agent/_layout/bin/Agent.Listener --whatif --yaml ~/vsts-agent/docs/preview/yaml/vsbuild.yaml ``` ### Task version resolution and caching In run-local mode, all referenced tasks must either be pre-cached under \_work/\_tasks, or optionally credentials can be supplied to query and download each referenced task from VSTS/TFS. VSTS example: ``` ~/vsts-agent/_layout/bin/Agent.Listener --url https://contoso.visualstudio.com --auth pat --token --yaml ~/vsts-agent/docs/preview/yaml/cmdline.yaml ``` TFS example (defaults to integrated): ``` ~/vsts-agent/_layout/bin/Agent.Listener --url http://localhost:8080/tfs --yaml ~/vsts-agent/docs/preview/yaml/cmdline.yaml ``` TFS example (negotiate, refer `--help` for all auth options): ``` ~/vsts-agent/_layout/bin/Agent.Listener --url http://localhost:8080/tfs --auth negotiate --username --password --yaml ~/vsts-agent/docs/preview/yaml/cmdline.yaml ``` ## Schema reference All YAML definitions start with an entry \"process\" file. ### Process structures #### process ```yaml # general properties name: string # process properties resources: [ resource ] template: processTemplateReference phases: [ phase | phasesTemplateReference ] # phase properties - not allowed when higher level template or phases is defined target: phaseTarget jobs: [ job | jobsTemplateReference ] # job properties - not allowed when higher level template, phases, or jobs is defined timeout: string # e.g. "0.01:30:00" (1 hour and 30 minutes) variables: { string: string } steps: [ import | export | task | stepsPhase | stepsTemplateReference ] ``` #### resource ```yaml name: string type: string data: { string: any } ``` #### processTemplateReference ```yaml name: string # relative path to process template parameters: { string: any } phases: [ # phase specific step overrides { name: string jobs: [ # phase and job specific step overrides { name: string steps: { string: [ import | export | task ] } } ] steps: { string: [ import | export | task ] } } ] jobs: [ # job specific step overrides { name: string steps: { string: [ import | export | task ] } } ] steps: { string: [ import | export | task ] } # step overrides ``` #### processTemplate ```yaml resources: [ resource ] phases: [ phase | phasesTemplateReference ] jobs: [ job | jobsTemplateReference ] steps: [ import | export | task | stepsPhase | stepsTemplateReference ] ``` ### Phase structures #### phase ```yaml # phase properties phase: string # name target: phaseTarget jobs: [ job | jobsTemplateReference ] # job properties timeout: string # e.g. "0.01:30:00" (1 hour and 30 minutes) variables: { string: string } steps: [ import | export | task | stepsPhase | stepsTemplateReference ] ``` #### phasesTemplateReference ```yaml template: string # relative path parameters: { string: any } phases: [ # phase specific step overrides { name: string jobs: [ # phase and job specific step overrides { name: string steps: { string: [ import | export | task ] } } ] steps: { string: [ import | export | task ] } } ] jobs: [ # job specific step overrides { name: string steps: { string: [ import | export | task ] } } ] steps: { string: [ import | export | task ] } # step overrides ``` #### phasesTemplate ```yaml phases: [ phase ] jobs: [ job | jobsTemplateReference ] steps: [ import | export | task | stepsPhase | stepsTemplateReference ] ``` ### Job structures #### job ```yaml job: string # name timeoutInMinutes: number variables: [ variable | variablesTemplateReference ] steps: [ import | export | task | stepsPhase | stepsTemplateReference ] ``` #### jobsTemplateReference ```yaml template: string # relative path parameters: { string: any } jobs: [ # job specific step overrides { name: string steps: { string: [ import | export | task ] } } ] steps: { string: [ import | export | task ] } # step overrides ``` #### jobsTemplate ```yaml jobs: [ job ] steps: [ import | export | task | stepsPhase | stepsTemplateReference ] ``` #### variable ```yaml name: string value: string verbatim: bool # instructs agent not to uppercase/etc when setting env var ``` #### variablesTemplateReference ```yaml template: string # relative path parameters: { string: any } ``` #### variablesTemplate ```yaml variables: [ variable ] ``` ### Step structures #### script ```yaml script: string name: string # display name workingDirectory: string failOnStderr: true | false condition: string continueOnError: true | false enabled: true | false timeoutInMinutes: number env: { string: string } ``` #### powershell ```yaml script: string name: string # display name errorActionPreference: stop | continue | silentlyContinue failOnStderr: true | false ignoreLASTEXITCODE: true | false workingDirectory: string condition: string continueOnError: true | false enabled: true | false timeoutInMinutes: number env: { string: string } ``` #### bash ```yaml script: string name: string # display name workingDirectory: string failOnStderr: true | false condition: string continueOnError: true | false enabled: true | false timeoutInMinutes: number env: { string: string } ``` #### task ```yaml task: string # task reference, e.g. "VSBuild@1" name: string # display name condition: string continueOnError: true | false enabled: true | false timeoutInMinutes: number inputs: { string: string } env: { string: string } ``` #### stepsPhase ```yaml phase: string # name steps: [ import | export | task ] ``` #### stepsTemplateReference ```yaml template: string # relative path parameters: { string: any } steps: { string: [ import | export | task ] } # step overrides ``` #### stepsTemplate ```yaml steps: [ script | powershell | bash | task | stepsPhase ] ``` ================================================ FILE: docs/preview/outdated/yamlscripts.md ================================================ # VSTS YAML simplified script syntax The goal of this document is to define a simplified syntax for running scripts and command lines. Running a script should not require the formal declaration `- task: name@version, inputs...`. ## Proposed well-known tasks - `script` - `bash` - `powershell` ## `script` ```yaml - script: inline script goes here workingDirectory: $(system.defaultWorkingDirectory) failOnStderr: false env: name1: value1 name2: value2 ``` `script` inline script content. Uses cmd.exe on Windows, and sh on Linux. `workingDirectory` defaults to `$(system.defaultWorkingDirectory)`. `failOnStderr` defaults to `false`. ### Works on all OS It is crucial that we have a well-known task (i.e. `script`) that works on both Windows and Linux. Many popular CI tools work on Windows and Linux. For example: git, node, npm, tfx. ### Generate a temp script We will always generate a temp script with the inline content - shell script on Linux and a .cmd file on Windows. On Windows, it is important to be aware that cmd.exe has two interpretation modes. Slightly different rules are applied by the command line interpreter versus the script interpreter. On a cmd.exe command line, `%` cannot be escaped. Whereas within a script it can be escaped by doubling the character - e.g. `echo this %%is%% escaped` Furthermore, on the command line non-existing variables are not replaced. Whereas in a script non-existing variables are replaced with empty. Example 1:
In an interactive shell, `echo hello%20world` outputs `hello%20world`.
In a script, `echo hello%20world` outputs `hello0world` (assuming arg 2 is not specified). Example 2:
In an interactive shell, `echo hello %nosuch% var` outputs `hello %nosuch% var`.
In a script, `echo hello %nosuch% var` outputs `hello var`. A way customers might run into problems with the script interpreter, would be if they leverage VSTS macros to inline a job variable into their script. The customer would not be able to escape the value, since they are referencing the value indirectly rather than hardcoding the value. Likely places where a customer would have a `%` in a variable, would be either in a password (secret variable) or a URL-encoded data. Note, password should be mapped in via env anyway. And only a subset of URLs contain URL-encoded data. So this limitation is probably OK. The ability to specify an `env` mapping becomes crucial for Windows in order to workaround escaping problems. Furthermore, one additional limitation follows. Since the syntax for referencing environment variables is different across Windows and Linux, script re-usability across platforms becomes somewhat more narrow. In practice this may not present a significant problem. Lastly, one additional concern remains. Since the command-line-interpreter versus script-interpreter difference is subtle, we may run into customer confusion - "works on the command line". An alternative approach would be to name the well-known task by the more generic name `command` and offer users additional control whether to generate a script, or possibly even whether to exec the process directly instead of via the shell. The alternative has drawbacks of it's own (more complicated controls, different on Windows). Therefore, we think simply always generating a script is the better approach - and the name will be `script` so it should be clear the task is generating a script. ### cmd.exe command line options Wrap command with `"" /Q /D /E:ON /V:OFF /S /C ""` - `/Q` Turns echo off. - Not sure whether we should set /Q.

Reasons to set:
A) Consistency with Linux.
B) Folks commonly turn off echo in their own scripts. More often than not?

Reasons to not set:
A) When generating a temp script, script contents will not otherwise get traced to the build output log.

Another option would be to set /Q and the handler can dump the script contents to the build output log. Yet another option would be to dump to build debug log. - `/D` Disable execution of AutoRun commands from registry - The motivation is to prevent accidental interference. Disabling autorun commands should be OK since it doesn't make sense for a CI build to depend on the presence of auto-run commands (bizarre coupling). - `/E:ON` Enable command extensions - Command extensions are enabled by default, unless disabled via registry. - `/V:OFF` Disable delayed environment expansion. - Delayed environment expansion is disabled by default, unless enabled via registry. - `/S` will cause first and last quote after /C to be stripped ### bash command line options TODO ### Other considerations - For scenario when generating a script on Windows, revisit details from previous conversation with Philip regarding bubbling error level. IIRC the feedback was to consider CALL and checking %ERRORLEVEL% at the end if we generate a script. This has to do with error level from nested calls not bubbling as exit code of the process. Which is inconsitent wrt exit codes from externals processes. Note, this also could be related to the difference between .cmd and .bat files... investigate. - Do we need a way to specify script should create a .bat file instead of .cmd? Seems unlikely. However, could be accomplished by allowing script:bat/cmd instead of simply true/false. - Do we need a way to allow the user to influence the command line args to cmd.exe? For instance, to set one of the encoding switches:
`/A` Causes the output of internal commands to a pipe or file to be ANSI
`/U` Causes the output of internal commands to a pipe or file to be Unicode

Otherwise we could consider a special property for these particular settings. - Need option to invoke `dash` on Linux? Or always prefer `dash`? It seems unlikely that the small increase in startup perf would matter for our scenario. - Consider a property `runInShell` (defaults to true) to offer a simple way out of shell escaping challenges. Motivation is similar to `verbatim` functionality in task lib. Furthermore, would that mean Linux users should be able to specify argv rather than forced to specify the full line? - Do we need a way to influence how the agent interprets stdout encoding? - Will "script" commonly mislead customers to think they can specify a powershell script file path followed by args? Alternative would be something like "command" verbiage. - Due to tools commonly writing to stderr, generate a .cmd script on Windows instead of .ps1. From the parent process, we can't distinguish write-error from a downstream process writing non-error text to stderr (downstream processes inherit streams by default). Therefore, if we generated a .ps1 instead, customers would expect write-error to fail by default which we can't do, due to the stderr problem. Alternative would be to set the error action preference to stop, but that doesn't make sense for the "script" task since it runs bash on Linux. ## `bash` ```yaml - bash: inline script workingDirectory: $(system.defaultWorkingDirectory) failOnStderr: false ``` `bash` runs inline script using bash from the PATH `workingDirectory` defaults to `$(system.defaultWorkingDirectory)`. `ignoreExitCode` defaults to `false`. `failOnStderr` defaults to `false`. ### Notes Always gens a script in agent.tempdirectory. Specify noprofile, etc... Works on Windows too if bash is in the PATH. Check other well-known locations for sh.exe? Does +x need to be set? Will this "just work" for scripts in the repo? ## `powershell` ```yaml - powershell: inline script workingDirectory: $(system.defaultWorkingDirectory) errorActionPreference: stop failOnStderr: false ``` `powershell` runs inline script using powershell from the PATH or well-known location. `workingDirectory` defaults to `$(system.defaultWorkingDirectory)`. `errorActionPreference` defaults to `stop`. `ignoreLASTEXITCODE` defaults to `false`. `failOnStderr` defaults to `false`. ### Notes - Try PATH, fallback to full desktop. - Always gens a script in agent.tempdirectory. - Specify noprofile, etc... - Should we add `ignoreLASTEXITCODE: false`?

Reasons to add:
A) Consider scenario where the customer runs msbuild and it returns 1. Doesn't bubble as it naturally does in cmd.exe.

Reasons to not add:
A) Different from powershell behavior.
B) Exit or return or break or continue are strange... can prevent checking $LASTEXITCODE... investigate. ## Limitations of combining tool+args into a single input The proposed well-known tasks above take the full command line as one input. The proposed pattern differs from existing tasks. Today the existing tasks all specify two inputs - i.e. an input for tool or script-path and a separate input for args. Furthermore, existing script tasks (Batch/Shell/PowerShell) use `filePath` inputs to specify the script-path. Multiple implications follow from the proposed pattern change; specific scenarios are discussed further below. For reference, see followng summary of relevant command/script task inputs today: - Command Line - (string) Tool - (string) Args - Batch Script - (filePath) Script - (string) Args - Shell Script - (filePath) Script - (string) Args - PowerShell Script - (filePath) Script - (string) Args ### Limitations for `command` For the proposed well-known task "command", combining tool+args into a single input doesn't impose much limitation. Note, the "Command Line" task today uses string for the Tool input. Since a goal of the task is to enable running shell built-in commands, filePath cannot be used. The only limitation imposed by combining tool+args into a single input, is the definition author will be responsible for accurately quoting the "tool" portion of the command line. ### Limitations for `bash`/`powershell` using primary Git repo This analysis applies to the proposed well-known tasks `bash`/`powershell` under two scenarios: 1. Today, when the build is using a Git repo, and the script is in the repo. 2. In the future when sync'ing multiple repos is supported, the script is in the "primary repo", and the primary repo is a Git repo. The existing script tasks use a filePath input type. So a relative path to a script in a Git repo today, is rooted against the repo directory. For example, `foo.sh` is rooted as `$(system.defaultWorkingDirectory)/foo.sh`. By combining script+args into a single input, some limitations are imposed: 1. With a single combined script+args input, the shell will resolve relative script paths against the working directory. The working directory will be defaulted to `system.defaultWorkingDirectory` so relative paths will often work the same.

However, bash and powershell require at least one slash in unrooted script paths. This is a security measure to prevent a file in the current directory from hijacking a command in the PATH. So `foo.sh` will not work, but `./foo.sh` and `subdir/foo.sh` will. (TODO: CONFIRM subdir/foo.sh WORKS IN BASH) 2. Relative script paths now tied to working directory input. (Limitation in some scenarios, advantage in others). 3. The definition author will be responsible for accurately quoting the "script" portion of the command line. ### Limitations for `bash`/`powershell` using secondary Git repo In anticipation of multiple repos, we have discussed the idea of bringing additional functionality to filePath inputs. One idea is to introduce an elegant syntax `path/to/file@repo` to resolve a path against a secondary repo. By combining script+args into a single input, we lose the ability to leverage the future elegant syntax. The future elegant syntax will only work with filePath inputs. Two options exist for specifying scripts in secondary Git repos: 1. Root the script against the secondary repo directory. For example, `$(repos.myFancyRepo.directory)/foo.sh` 2. Set the workingDirectory so the shell will resolve the script path. For example, ```yaml - bash: ./foo.sh workingDirectory: $(repos.myFancyRepo.directory) ``` ### Limitations for `bash`/`powershell` using TFVC/SVN repo Server-path to local-path resolution is complicated for TFVC/SVN due to mappings. For TFVC, the agent calls `tf resolvePath` to map filePath inputs. By combining script+args into a single input, we lose the ability to leverage functionality of filePath inputs to deal with the problem. However, we can solve the problem by adding support for inline expressions. For example, something like: ```yaml - bash: $(=resolvePath('myFancyRepo', '$/teamProject/subdir/foo.sh')) ``` ================================================ FILE: docs/preview/outputvariable.md ================================================ # Output Variables ## Overview The feature is to allow a given task to publish a set of variables back to server, so the variables can be used in downstream jobs. All output variables from the same task instance have its own namespace, so they don’t overlap each other within the job. ## Changes for task author and ad-hoc script owner There will be 2 different ways to produce output variables. ### For task author: Declare a new section in the task.json to indicate which variables will get published. ``` JSON "OutputVariables": [{ "name" : "MY_OUTPUTVARIABLE_1", "description" : "This is the description of my output variable." }, { "name" : "MY_OUTPUTVARIABLE_2", "description" : "Description can contains markdown [vsts-tasks](https://github.com/microsoft/vsts-tasks)" }] ``` Task author doesn't have to change their task script if the script already uses `##vso[task.setvariable]` to set variables. Agent will, based on the `OutputVariables` section from task.json, determine which variables need to be published and patch timeline record with the output variables. The `OutputVariables` section will also be used as intellisense hint in the definition editor. ### For Ad-hoc script: Use `##vso` command to publish output variables. We will add a new parameter `isOutput=true/false` to the set variable command for setting output variables. ``` ##vso[task.setvariable variable=foo;isSecret=false;isOutput=true;]value ``` In definition editor, downstream tasks won't get variable name intellisense for output variables that were published by an ad-hoc script. ## Server side changes: The output variables will be stored as part of timeline record for each task instance, just like task issues. In this way, we can distinguish the same output variable published by 2 instances of same task within a job. For example, the definition has 2 `AcquireToken` tasks which publish an output variable called `AuthToken`. We will also introduce `ref name` to each task instance and each job, the `ref name` will be used as namespace for the output variables, so the downstream task can use the `ref name` to pick the right variable. ``` Example: $(JobBuild1.XCode1.Variable1) in downstream jobs. $(XCode1.Variable1) in downstream tasks within the same job. ``` ### Ref name A new `ref name` will be generated when a new task is added to the definition. The generated `ref name` looks like this: ``` {TaskName}_{Number} ``` Customer can change it, but we will give a warning that they need to change all downstream references. ### TODO I am not sure how are we going to generate Job ref name, since we don’t have job chaining at this point. It should be something like: ``` {DefinitionName}_{JobName} ``` ### Definition editor intellisense We need to add intellisense for typing variables in definition editor, since all output variables are defined in task.json. ## Agent changes Today, the timeline record update is best effort on each update call, and continue retrying on failure till the end of the job. When the job finishes, any remaining errors won’t affect the job result. We need to change this since output variables are critical to downstream tasks/jobs, we don’t want a downstream job to fail because of some missing output variable, the failure will be expensive on big fanin fanout scenario. We should fail the job if it fails to produce output variables when job finishes. ## Compatibility Since task author needs to change their task.json in order to use the output variables feature, we suggest they should bump the major version in this case. since definition has major version locking, all existing definitions should continue working without any problems. When definition owner decides to consume the new major version, they will fix the downstream task’s input to use the right name of the output variables anyway. Because of this, we should not have any compatibility problems to worry about. ## Examples 1. Consuming output variables within the same job ``` Job_1 | |__TaskA_1 | |__TaskA_2 | |__TaskB_1 | |__TaskB_2 ``` - `TaskA_1` and `TaskA_2` are two instances of same task `TaskA`. - `TaskA` will, based on its inputs, acquire a token from some service and produce an output variable `AuthToken`. - `TaskA_1`, `TaskA_2` are also the ref names for the tasks. - `TaskB_1` and `TaskB_2` are two instances of same task `TaskB`. - `TaskB` takes credential as input and makes a rest call to some endpoint. - `TaskB_1`, `TaskB_2` are also the ref names for the tasks. When consuming an output variable in `TaskB_1` and `TaskB_2`, you must provide the `ref name` as namespace. Agent won’t set `$(AuthToken)` as long as `$(AuthToken)` is an output variable. ``` In the above example: TaskB_1’s input will be $(TaskA_1.AuthToken). TaskB_2’s input will be $(TaskA_2.AuthToken). ``` 2. Consuming output variables in a downstream job ``` Job_1 Job_2 | | |__TaskA_1 |__TaskB_1 | | |__TaskA_2 |__TaskB_2 ``` - Same `TaskA` and `TaskB`, but this time `TaskB_1` and `TaskB_2` are in a downstream job. ``` In this example: TaskB_1’s input will be $(Job_1.TaskA_1.AuthToken). TaskB_2’s input will be $(Job_1.TaskA_2.AuthToken). ``` ================================================ FILE: docs/preview/runtaskindocker.md ================================================ # Run Job Inside Container (PREVIEW for Linux Agent) ## Overview The feature is to allow a given build/release job executed inside a container on a Linux build/release agent. ## Benefits ### Run build/release on more platforms Today, the agent is only supported on Windows, OSX, Ubuntu 14, Ubuntu16 and RedHat7, which means your build/release job are also restricted by this. With this feature, the restriction is only scope to the machine that host the agent, you can use any docker image you want for any platform as long as the platform support our task execution engine, ex. Node.js. ### All other benefits of using container ## Job execution flow changes ### Today ``` Everything happened in agent Host Machine Job | | Come from VSTS/TFS | --> Agent.Listener | | Launch worker to run the job | --> Agent.Worker | | Launch different handler for each task | --> Task Execution Engine (Node, PowerShell, etc.) ``` ### Use container execution ``` Agent Host Machine Job | | Come from VSTS/TFS | --> Agent.Listener | | Launch worker to run the job | --> Agent.Worker | | Container -------------------------------------------------------------------------------- | | | | | Launch different handler for each task inside container | | | | | --> Docker EXEC Task Execution Engine (Node, PowerShell, etc.) | | | -------------------------------------------------------------------------------- ``` ### How to try out Install Docker into your agent host machine. [Instructions](https://docs.docker.com/engine/installation) Make sure you can [Manage Docker as a non-root user](https://docs.docker.com/engine/installation/linux/linux-postinstall/) on your agent host machine, since agent won't call any `Docker` commands with `sudo`. Add definition variable `_PREVIEW_VSTS_DOCKER_IMAGE` to your build/release definition to point to a docker image. ``` Ex: _PREVIEW_VSTS_DOCKER_IMAGE = ubuntu:16.04 ``` That's it, you can queue build as normal. ### Request for Feedback We log every `Docker` commands we ran during a build/release job, if you find any command we ran is wrong or any improvement we can make, feel free to create an issue and let us know. ================================================ FILE: docs/preview/yaml-authz-troubleshooting.md ================================================ # Moved! Moved to [the official docs site](https://docs.microsoft.com/azure/devops/pipelines/process/resources). ================================================ FILE: docs/preview/yamlgettingstarted.md ================================================ # Moved! We've moved the YAML documentation out of preview and over to the official [docs site](https://docs.microsoft.com/azure/devops/pipelines/get-started-yaml). If you're really stuck and need to get the old preview docs, the last commit where they were updated is 3d39fca. ================================================ FILE: docs/start/configonprem.md ================================================ # Configure Agent for On-Premises TFS ## Support This agent is supported for: ![osx](../res/apple_sm.png) ![linux](../res/linux_sm.png) OSX/Linux: TFS2015 and beyond. ![win](../res/win_sm.png) Windows: TFS.vNext If you want to run windows agent for TFS2015, use the agent that you download from that server. This agent will ship with TFS.vNext major release. ## Key Points - Use server URL (http://mytfsserver:8080/tfs) - Windows will default to Integrated. You will not have to enter credentials - Linux will default to Negotiate for an on-premises URL. Prefer a local account created on the server - Add the account to proper roles. [Details](roles.md) ## Configure Windows ```bash C:\myagent\config.cmd >> Connect: Enter server URL > http://myserver:8080/tfs Enter authentication type (press enter for Integrated) > Connecting to server ... >> Register Agent: Enter agent pool (press enter for default) > Enter agent name (press enter for mymachine) > myAgentName Scanning for tool capabilities. Connecting to the server. Successfully added the agent Enter work folder (press enter for _work) > 2016-05-27 11:03:33Z: Settings Saved. Enter run agent as service? (Y/N) (press enter for N) > ``` note: last question is on Windows only. Linux/OSX start docs have info on running them as a service via svc.sh. ## Configure OSX/Linux ```bash $ ./config.sh >> Connect: Enter server URL > http://myserver:8080/tfs Enter authentication type (press enter for Negotiate) > Enter user name > myserver\someuser Enter password > ******** Connecting to server ... Saving credentials... >> Register Agent: Enter agent pool (press enter for default) > Enter agent name (press enter for mymachine) > myAgentName Scanning for tool capabilities. Connecting to the server. Successfully added the agent Enter work folder (press enter for _work) > 2016-05-27 11:03:33Z: Settings Saved. Enter run agent as service? (Y/N) (press enter for N) > ``` ## Run the agent interactively **If you did not run as a service**, you can start it interactively by running ![win](../res/win_sm.png) Windows: run.cmd ![osx](../res/apple_sm.png) ![linux](../res/linux_sm.png) OSX/Linux: ./run.sh ```bash $ ./run.sh Scanning for tool capabilities. Connecting to the server. 2016-05-27 11:07:41Z: Listening for Jobs ``` ## Replace If you are asked whether to replace an agent, [read details here](moreconfig.md) ## Reconfigure or Unconfigure [Details here](moreconfig.md) ================================================ FILE: docs/start/configvsts.md ================================================ # Configure Agent for VSTS Service ## Key Points - Use https account URL (https://contoso.visualstudio.com) - Should use default of PAT Authentication for VSTS. [Details](roles.md) - Copy and Paste your PAT into the terminal. ## Configure ```bash >> Connect: Enter server URL > https://contoso.visualstudio.com Enter authentication type (press enter for PAT) > Enter personal access token > **************************************************** Connecting to server ... Saving credentials... >> Register Agent: Enter agent pool (press enter for default) > Enter agent name (press enter for mymachine) > myAgentName Scanning for tool capabilities. Connecting to the server. Successfully added the agent Enter work folder (press enter for _work) > 2016-05-27 11:03:33Z: Settings Saved. Enter run agent as service? (Y/N) (press enter for N) > ``` note: last question is on Windows only. Linux/OSX start docs have info on running them as a service via svc.sh. ## Run the agent interactively **If you did not run as a service**, you can start it interactively by running ![win](../res/win_sm.png) Windows: run.cmd ![osx](../res/apple_sm.png) ![linux](../res/linux_sm.png) OSX/Linux: ./run.sh ```bash $ ./run.sh Scanning for tool capabilities. Connecting to the server. 2016-05-27 11:07:41Z: Listening for Jobs ``` ## Replace If you are asked whether to replace an agent, [read details here](moreconfig.md) [Details here](moreconfig.md) ## Reconfigure or Unconfigure [Details here](moreconfig.md) ================================================ FILE: docs/start/envlinux.md ================================================ # System requirements: Linux [This page has moved.](https://docs.microsoft.com/azure/devops/pipelines/agents/v2-linux#check-prerequisites) ================================================ FILE: docs/start/envosx.md ================================================ # System requirements: macOS [This page has moved.](https://docs.microsoft.com/azure/devops/pipelines/agents/v2-osx#check-prerequisites) ================================================ FILE: docs/start/envredhat.md ================================================ # ![redhat](../res/redhat_med.png) Red Hat/CentOS System Prerequisites [2.124.0 or below] ## Versions Tested on Red Hat 7.2. Not domain joined. 64-bit supported. ## Dependency Packages ```bash sudo yum -y install libunwind.x86_64 icu ``` If you're still having issues: [Full List Needed](https://github.com/dotnet/core/blob/master/Documentation/prereqs.md) ## Git If you use git, git >= 2.9.0 is a pre-requisite for Red Hat/CentOS agents. [Based on Install Latest Git on Red Hat/CentOS](http://tecadmin.net/install-git-2-x-on-centos-rhel-and-fedora/#) ```bash $ yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel $ yum install gcc perl-ExtUtils-MakeMaker $ cd /usr/src $ wget https://www.kernel.org/pub/software/scm/git/git-2.9.2.tar.gz $ tar xzf git-2.9.2.tar.gz $ cd git-2.9.2 $ make prefix=/usr/local/git all $ make prefix=/usr/local/git install ``` In /etc/bashrc ```bash export PATH=$PATH:/usr/local/git/bin ``` ## Optionally Java if TfsVc The agent distributes [Team Explorer Everywhere (TEE)](https://www.visualstudio.com/products/team-explorer-everywhere-vs.aspx). But, if you are using TfsVc, install Oracle Java 1.8+ as TEE uses Java. ## RHEL Universal Base Images (UBI) packages ```bash yum install -y git unzip libicu ``` UBI 8 will require `glibc-langpack-en` to be installed: ```bash yum -y install glibc-langpack-en ``` ================================================ FILE: docs/start/envubuntu.md ================================================ # ![Ubuntu](../res/ubuntu_med.png) Ubuntu System Prerequisites [2.124.0 or below] ## Versions Tested on 18.04 LTS (Bionic), 16.04 LTS (Xenial) and 14.04 LTS (Trusty). Not domain joined. 18.04 is recommended since it's the latest and supports SystemD for running as a service. ## Dependency Packages ### Ubuntu 18.04 (x64, ARM32), 16.04 (x64 only) ```bash sudo apt-get install -y libunwind8 libcurl3 ``` ### Ubuntu 14.04 (x64 only) ```bash sudo apt-get install -y libunwind8 libcurl3 libicu52 ``` If you're still having issues: [Full List Needed](https://github.com/dotnet/core/blob/master/Documentation/prereqs.md) ## Git If you use git, git >= 2.9.0 is a pre-requisite for Ubuntu agents. [Install Latest Git on Ubuntu](http://askubuntu.com/questions/568591/how-do-i-install-the-latest-version-of-git-with-apt/568596) ```bash $ sudo apt-add-repository ppa:git-core/ppa $ sudo apt-get update $ sudo apt-get install git ``` ## Optionally Java if using TFVC The agent distributes Team Explorer Everywhere. But, if you are using TFVC, install Oracle Java 1.8+ as TEE uses Java. ## Etc There was an assertion that on Ubuntu 16 this was needed. We didn't need. Adding in case it helps someone. We will verify on clean build and dev boxes. ```bash apt-get install libcurl4-openssl-dev ``` ================================================ FILE: docs/start/envwin.md ================================================ # System requirements: Windows [This page has moved.](https://docs.microsoft.com/azure/devops/pipelines/agents/v2-windows#check-prerequisites) ================================================ FILE: docs/start/moreconfig.md ================================================ # Replacing an agent If an agent already exists, configuration will ask you if you want to replace it. The name will default to the machine name so if configure two agents on the same machine, you can enter N and it will give you a chance to provide another name. If you are reconfiguring the agent, then choose Y. If you intended to actually replace an different agent, ensure the other agent is unconfigured. If two instances run with the same agent name, one will get a conflict. After a few minutes of conflicts, one will shut down. ```bash Enter agent name (press enter for mymachine) > Scanning for tool capabilities. Connecting to the server. Enter replace? (Y/N) (press enter for N) > N Enter agent name (press enter for mymachine) > testagent Scanning for tool capabilities. Connecting to the server. Successfully added the agent ``` # Unconfigure > Important: If you're running as a service on Linux/OSX, ensure you `stop` then `uninstall` the service before unconfiguring. See [Nix Service Config](nixsvc.md) ```bash $ ./config.sh remove Removing service Does not exist. Skipping Removing service Removing agent from the server Enter authentication type (press enter for PAT) > Enter personal access token > **************************************************** Succeeded: Removing agent from the server Removing .Credentials Succeeded: Removing .Credentials Removing .Agent Succeeded: Removing .Agent ``` # Help ```bash ./config.sh --help ``` ================================================ FILE: docs/start/nixsvc.md ================================================ # Running As A Service On Unix and OSX Key Points: - This is a convenience which only creates OS specific service files. - SystemD is used on Linux. Ubuntu 16 LTS, Redhat 7.1 has SystemD - SystemD requires sudo so all scripts below must be called with sudo. OSX does not. ## Managing the Service ./svc.sh was generated to manage your service ## Install Install will create a LaunchAgent plist on OSX or a systemd unit file on Linux ```bash $ ./svc.sh install ... Creating runsvc.sh Creating .Service svc install complete ``` Service files point to `./runsvc.sh` which will setup the environment and start the agents host. See Environment section below. ### Start ```bash $ sudo ./svc.sh start starting vsts.agent.bryanmac.testsvc status vsts.agent.bryanmac.testsvc: /Users/bryanmac/Library/LaunchAgents/vsts.agent.bryanmac.testsvc.plist Started: 25324 0 vsts.agent.bryanmac.testsvc ``` ### Status ```bash $ sudo ./svc.sh status status vsts.agent.bryanmac.testsvc: /Users/bryanmac/Library/LaunchAgents/vsts.agent.bryanmac.testsvc.plist Started: 25324 0 vsts.agent.bryanmac.testsvc ``` Left number is the pid if the service is running ### Stop ```bash $ sudo ./svc.sh stop stopping vsts.agent.bryanmac.testsvc status vsts.agent.bryanmac.testsvc: /Users/bryanmac/Library/LaunchAgents/vsts.agent.bryanmac.testsvc.plist Stopped ``` ### Uninstall > NOTE: Stop is a separate command with launchd (script is a thin wrapper). You likely want to stop before uninstalling. ```bash $ sudo ./svc.sh uninstall ``` ## OSX Auto Logon and Lock On OSX the convenience default is to create the service as a LaunchAgent. A LaunchAgent runs when the user logs which gives it access to the UI for UI tests. If you want it start when the box reboots, you can configure it to auto logon that account and lock on startup. [Auto Logon and Lock](http://www.tuaw.com/2011/03/07/terminally-geeky-use-automatic-login-more-securely/) ## Setting the Environment When you install and/or configure tools, your path is often setup or other environment variables are set. Examples are PATH, JAVA_HOME, ANT_HOME, MYSQL_PATH etc... If your environment changes at any time, you can run env.sh and it will update your path. You can also manually edit .env file. Changes are retained. Stop and start the service for changes to take effect. ```bash $ ./env.sh $ sudo ./svc.sh stop ... Stopped $ sudo ./svc.sh start ... Started: 15397 0 vsts.agent.bryanmac.testsvc2 ``` ## Environment Configuring as a service will snapshot off your PATH and other "interesting variables" like LANG, JAVA_HOME etc.. When the service starts, it will read these and set. This allows for unified environment management between ```bash $ ls -la -rwxrwx--- 1 bryanmac staff 189 May 29 11:42 .agent -rwxrwx--- 1 bryanmac staff 106 May 29 11:41 .credentials -rw-r--r-- 1 bryanmac staff 58 May 29 11:44 .env -rw-r--r-- 1 bryanmac staff 187 May 29 11:40 .path ... -rwxr-xr-x 1 bryanmac staff 546 May 29 11:40 env.sh ``` Run ./env.sh to update. You can also inject anything you want to run when the service runs. For example setting up environment, calling other scripts etc... ./runsvc.sh ``` # insert anything to setup env when running as a service ``` ## Service Files This is a convenience that simply creates a service file for you can sets permissions. You are free to manually configure and control your service using alternate methods. Details are in .service file in root of the agent OSX LaunchAgent: ~/Library/LaunchAgents/vsts.agent.{accountName}.{agentName}.plist Linux SystemD: /etc/systemd/system/vsts.agent.{accountName}.{agentName}.service These files are created from a template located OSX: ./bin/vsts.agent.plist.template Linux: ./bin/vsts.agent.service.template For example, on OSX you could use that template to run as a launch daemon if you are not needing UI tests and/or don't want to configure auto logon lock. [Details Here](https://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html) ================================================ FILE: docs/start/proxyconfig.md ================================================ # Using VSTS Agent behind Proxy ## Key Points - Create .proxy file with proxy url under agent root directory. - If using an authenticated proxy, set authenticate proxy credential through environment variable `VSTS_HTTP_PROXY_USERNAME` and `VSTS_HTTP_PROXY_PASSWORD` ## Steps 1. Create .proxy file with your proxy server url under agent root directory. ```bash echo http://proxyserver:8888 > .proxy ``` If your proxy doesn't require authentication or the default network credential of the current vsts agent run as user is able to authenticate with proxy, then your agent proxy configure has finished. Configure and run agent as normal. *note: For back compat reason, we will fallback to read proxy url from envrionment variable VSTS_HTTP_PROXY.* 2. If your proxy requires additionally authentication, you will need to provide that credential to vsts agent through environment variables. We will treate the proxy credential as sensitive information and mask it in any job logs or agent diag logs. **Set following environment variables before configure and run vsts agent.** ### Windows ```batch set VSTS_HTTP_PROXY_USERNAME=proxyuser set VSTS_HTTP_PROXY_PASSWORD=proxypassword ``` ### Unix and OSX ```bash export VSTS_HTTP_PROXY_USERNAME=proxyuser export VSTS_HTTP_PROXY_PASSWORD=proxypassword ``` *If your agent is running as service on Unix or OSX, you will need to add following section to .env file under agent root directory, then execute ./env.sh to update service envrionment variable.* ``` VSTS_HTTP_PROXY_USERNAME=proxyuser VSTS_HTTP_PROXY_PASSWORD=proxypassword ``` [Details here](nixsvc.md#setting-the-environment) ## Limitations - Only agent infrastructure itself has proxy support, which means the agent is able to run a Build/Release job behind proxy. However, you still have to setup proxy config for each individual tool that agent invoke during a Build/Release job. Ex, - proxy config for git. - proxy config for any tasks that make REST call. (We will add built-in proxy support to task lib.) ================================================ FILE: docs/start/resourceconfig.md ================================================ # Configure Resource Limits for Azure Pipelines Agent ## Linux ### Memory When the agent on a Linux system that is under high memory pressure, it is important to ensure that the agent does not get killed or become otherwise unusable. If the agent process dies or runs out of memory it cannot stream pipeline logs or report pipeline status back to the server, so it is preferable to reclaim system memory from pipeline job processes before the agent process. #### CGroups `cgroups` can be used to prevent job processes from consuming too many resources or to isolate resources between multiple agents. For a single agent it is useful to isolate the agent from the jobs it runs. It is important to use two groups, because otherwise the pipeline job processes will inherit the group from their parent, the agent, so there will be no distinction in terms of control. A second `job` cgroup allows the job processes to be managed independent of the agent, e.g. in an out-of-memory scenario (when the job exceeds the limits given by the `job` cgroup), the job will be killed instead of the agent. If a single cgroup is used, the agent may killed to reclaim memory from the cgroup. Additionally, using two groups can provide the agent "dedicated" memory to avoid instability caused by thrashing. In the following example `cgconfig.conf`, if the `azpl_job` group memory limit is 6G and the host machine has 7G of total memory, the agent will effectively have access 1G of memory at all times, assuming there are no other significant applications running on the host. Without this, under high memory load where a significant portion of memory is backed by executable code loaded from files on disk, such as when building large dotnet applications, this memory may be evicted before the OOM killer is invoked. This thrashing can degrade the performance of the Linux system and the agent so severely that the agent's connection to the server can time out, causing the pipeline to fail. The `/etc/cgconfig.conf` [file](https://linux.die.net/man/5/cgconfig.conf) can be used to set up two cgroups that impose different memory limits. For Microsoft Hosted Ubuntu 1604 agents, which have 7G of memory and 8G of swap, the following configuration is used: ``` group azpl_agent { memory {} } group azpl_job { memory { memory.limit_in_bytes = 6g; memory.memsw.limit_in_bytes = 13g; } } ``` This is used in conjunction with a `/etc/cgrules.conf` [config file](https://linux.die.net/man/5/cgrules.conf). The `cgrules.conf` file controls what groups a process will run in. `Agent.Listener` and `Agent.Worker` are the two high priority agent processes, so they are run in a group that does not have a memory limit, and all other processes, notably job processes created by the agent, will run in memory limited group. The following configuration is used for Hosted Ubuntu 1604 machines: ``` vsts:Agent.Listener memory azpl_agent vsts:Agent.Worker memory azpl_agent vsts memory azpl_job ``` #### Understanding the Out of Memory Killer If a Linux system runs out of memory, it invokes the [OOM killer](https://lwn.net/Articles/317814/) to reclaim memory. The OOM killer chooses a process to sacrifice based on heuristics, and adjusted by `oom_score_adj`. Higher scores are more likely to get killed, and range from -1000 to 1000. It is important that the agent process has a lower score than the job processes it manages, because if the agent is killed the job effectively dies as well. The agent can help manage process OOM scores (via `oom_score_adj`). By default, processes that are invoked by the agent will have an `oom_score_adj` of 500, and by Linux defaults, the agent will have an OOM score, and `oom_score_adj` of 0. For machines who's sole purpose is to run an agent, it is reasonable to run the agent with a very low score, such as -999 or -1000, so that it is not killed in OOM scenarios. There are multiple ways to set the agent `oom_score_adj` of the agent, if necessary, but the important part for most use-cases is that the agent has a lower OOM score than the job processes. When running interactively the score can be set in the shell, and will be inherited by the agent: ```bash $ echo $oomScoreAdj > /proc/$$/oom_score_adj $ ./run.sh ``` If the agent is being managed by systemd, the `OOMScoreAdjust` directive can be set in the unit file: ``` $ cat /etc/systemd/system/vsts.agent.user.linux-host.service [Unit] Description=Azure Pipelines Agent (user.linux-host) After=network.target [Service] ExecStart=/home/user/agent/runsvc.sh User=user WorkingDirectory=/home/user/agent KillMode=process KillSignal=SIGTERM TimeoutStopSec=5min OOMScoreAdjust=-999 [Install] WantedBy=multi-user.target ``` In this configuration, the `Agent.Listener` and `Agent.Worker` processes will run with `oom_score_adj = -999`, and all other processes invoked by the agent will have 500, ensuring the agent is kept alive even if the job causes out-of-memory conditions. ================================================ FILE: docs/start/roles.md ================================================ # Configure Account and Roles ## VSTS Create a PAT token. [Step by Step here](https://www.visualstudio.com/en-us/docs/setup-admin/team-services/use-personal-access-tokens-to-authenticate) Choose all scopes or the minimum "Agent Pools (read, manage)" scope. ![PAT Scope](scopes.png "PAT Scope") ## On Premises TFS You can use a domain user but it's recommended to create a local windows user on each of your application tiers specifically for registering build agents. ## Add to Role Add the user from above to only the Agent Pool Administrators which allows you to register the agent. ![Agent Roles](roles.png "Agent Roles") >> TIPS: >> You can add to roles for a specific pool or select "All Pools" on the left and grant for all pools. This allows the account owner to delegate build administration globally or for specific pools. [More here](https://msdn.microsoft.com/en-us/Library/vs/alm/Build/agents/admin) >> The role is only needed to register the agent. A token is downloaded to listen to the queue. >> When a build is run, it will generate an OAuth token for the scoped identity selected on the general tab of the build definition. That token is short lived and will be used to access resource in VSTS. The account used to register the agent has no bearing on the build run time credentials ================================================ FILE: docs/start/svcosx.md ================================================ # Running As A Service OSX Key Points: - This is a convenience which only creates OS specific service files. - Creates a LaunchAgent service scoped to a user for UI tests etc... - Starts at login. Auto login and lock recommended. ## Managing the Service ./svc.sh was generated to manage your service ## Install Install will create a LaunchAgent plist on OSX ```bash $ ./svc.sh install ... Creating runsvc.sh Creating .Service svc install complete ``` plist points to `./runsvc.sh` which will setup the environment and start the agents host. See Environment section below. ### Start ```bash $ ./svc.sh start starting vsts.agent.bryanmac.testsvc status vsts.agent.bryanmac.testsvc: /Users/bryanmac/Library/LaunchAgents/vsts.agent.bryanmac.testsvc.plist Started: 25324 0 vsts.agent.bryanmac.testsvc ``` ### Status ```bash $ ./svc.sh status status vsts.agent.bryanmac.testsvc: /Users/bryanmac/Library/LaunchAgents/vsts.agent.bryanmac.testsvc.plist Started: 25324 0 vsts.agent.bryanmac.testsvc ``` Left number is the pid if the service is running ### Stop ```bash $ ./svc.sh stop stopping vsts.agent.bryanmac.testsvc status vsts.agent.bryanmac.testsvc: /Users/bryanmac/Library/LaunchAgents/vsts.agent.bryanmac.testsvc.plist Stopped ``` ### Uninstall ```bash $ ./svc.sh uninstall ``` ## OSX Auto Logon and Lock On OSX the convenience default is to create the service as a LaunchAgent. A LaunchAgent runs when the user logs which gives it access to the UI for UI tests. If you want it start when the box reboots, you can configure it to auto logon that account and lock on startup. [Auto Logon and Lock](http://www.tuaw.com/2011/03/07/terminally-geeky-use-automatic-login-more-securely/) ## Setting the Environment When you install and/or configure tools, your path is often setup or other environment variables are set. Examples are PATH, JAVA_HOME, ANT_HOME, MYSQL_PATH etc... If your environment changes at any time, you can run env.sh and it will update your path. You can also manually edit .env file. Changes are retained. Stop and start the service for changes to take effect. ```bash $ ./env.sh $ sudo ./svc.sh stop ... Stopped $ sudo ./svc.sh start ... Started: 15397 0 vsts.agent.bryanmac.testsvc2 ``` ## Environment Configuring as a service will snapshot off your PATH and other "interesting variables" like LANG, JAVA_HOME etc.. When the service starts, it will read these and set. This allows for unified environment management between ```bash $ ls -la -rwxrwx--- 1 bryanmac staff 189 May 29 11:42 .agent -rwxrwx--- 1 bryanmac staff 106 May 29 11:41 .credentials -rw-r--r-- 1 bryanmac staff 58 May 29 11:44 .env -rw-r--r-- 1 bryanmac staff 187 May 29 11:40 .path ... -rwxr-xr-x 1 bryanmac staff 546 May 29 11:40 env.sh ``` Run ./env.sh to update. You can also inject anything you want to run when the service runs. For example setting up environment, calling other scripts etc... ./runsvc.sh ``` # insert anything to setup env when running as a service ``` ## Service Files This is a convenience that simply creates a service file for you can sets permissions. You are free to manually configure and control your service using alternate methods. Details are in .service file in root of the agent OSX LaunchAgent: ~/Library/LaunchAgents/vsts.agent.{accountName}.{agentName}.plist Linux SystemD: /etc/systemd/system/vsts.agent.{accountName}.{agentName}.service These files are created from a template located OSX: ./bin/vsts.agent.plist.template For example, on OSX you could use that template to run as a launch daemon if you are not needing UI tests and/or don't want to configure auto logon lock. [Details Here](https://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html) ================================================ FILE: docs/start/svcsystemd.md ================================================ # Running As A Service On Unix with systemd Key Points: - This is a convenience which only creates OS specific service files. - systemd is used on Linux. Ubuntu 16 LTS, Redhat 7.1 has systemd - systemd commands require sudo ## Managing the Service ./svc.sh was generated to manage your service ## Install Install will create a systemd unit file on Linux ```bash $ sudo ./svc.sh install ... Creating runsvc.sh Creating .Service svc install complete ``` Service files point to `./runsvc.sh` which will setup the environment and start the agents host. See Environment section below. ### Start ```bash $ sudo ./svc.sh start ``` ### Status ```bash $ sudo ./svc.sh status ``` ### Stop ```bash $ sudo ./svc.sh stop ``` ### Uninstall ```bash $ sudo ./svc.sh uninstall ``` ## Setting the Environment When you install and/or configure tools, your path is often setup or other environment variables are set. Examples are PATH, JAVA_HOME, ANT_HOME, MYSQL_PATH etc... If your environment changes at any time, you can run env.sh and it will update your path. You can also manually edit .env file. Changes are retained. Stop and start the service for changes to take effect. ```bash $ ./env.sh $ sudo ./svc.sh stop ... $ sudo ./svc.sh start ... ``` ## Environment Configuring as a service will snapshot off your PATH and other "interesting variables" like LANG, JAVA_HOME etc.. When the service starts, it will read these and set. This allows for unified environment management between ```bash $ ls -la -rwxrwx--- 1 bryanmac staff 189 May 29 11:42 .agent -rwxrwx--- 1 bryanmac staff 106 May 29 11:41 .credentials -rw-r--r-- 1 bryanmac staff 58 May 29 11:44 .env -rw-r--r-- 1 bryanmac staff 187 May 29 11:40 .path ... -rwxr-xr-x 1 bryanmac staff 546 May 29 11:40 env.sh ``` Run ./env.sh to update. You can also inject anything you want to run when the service runs. For example setting up environment, calling other scripts etc... ./runsvc.sh ``` # insert anything to setup env when running as a service ``` ## Service Files This is a convenience that simply creates a service file for you can sets permissions. You are free to manually configure and control your service using alternate methods. Details are in .service file in root of the agent Linux systemd: /etc/systemd/system/vsts.agent.{accountName}.{agentName}.service These files are created from a template located Linux: ./bin/vsts.agent.service.template ================================================ FILE: docs/threat-model/AgentsTasks-ThreatModel.tm7 ================================================ DRAWINGSURFACE6559cf12-2510-4965-a613-8d2b3dc8e2c9DiagramNameAgent: ConfigurationDRAWINGSURFACE24d21d64-1fc7-4b33-ad06-b4a5be165f37GE.TB.B24d21d64-1fc7-4b33-ad06-b4a5be165f37Machine Trust BoundaryNameAgent Machine Trust BoundaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Configurable AttributesAs Generic Trust Border BoundarySE.TB.TMCore.MachineTrustBoundary38755169293da1cd04f-306b-4196-bf71-bce3d7dba41aGE.Ada1cd04f-306b-4196-bf71-bce3d7dba41aFree Text AnnotationNameVSTS/TFS URL, Pool Name, Agent Name, RSA Public Key, Agent capabilities metadataOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A10039011501916ca8905a-a219-4ae5-8dff-a7a3b68afecdGE.P6ca8905a-a219-4ae5-8dff-a7a3b68afecdGeneric ProcessNameConfig Agent ExecutableOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.P1001371121100c2407363-8038-432b-b541-75db8101199aGE.TB.Bc2407363-8038-432b-b541-75db8101199aAzure Trust BoundaryNameAzure Trust BoundaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Configurable AttributesAs Generic Trust Border BoundarySE.TB.TMCore.AzureTrustBoundary392607173607d03136f4-6cc4-488c-b062-e8026a62a011GE.Pd03136f4-6cc4-488c-b062-e8026a62a011Identity ServerNameSPSOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Threat Model only for Agents and TasksConfigurable AttributesAs Generic ProcessSE.P.TMCore.IdSrv10010161122100973739e4-b680-49e5-adc2-fa6d053e03feGE.P973739e4-b680-49e5-adc2-fa6d053e03feWeb APINameTFSOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Threat Model only for Agents and TasksConfigurable AttributesWeb API Technologies1e972c93-2bd6-4915-8f5f-f46fd9f9399dSelectGenericMVC 5MVC 60Hosting environment6c5d51b0-91b1-45ca-aebd-3238f93db3b8SelectOn PremAzure0Identity Provider3175328a-d229-4546-887b-39b914a75dd8SelectADFSAzure AD0As Generic ProcessSE.P.TMCore.WebAPI10065011201001739aa04-c297-4f1c-ae3c-72bd5d8dfb50GE.DS1739aa04-c297-4f1c-ae3c-72bd5d8dfb50DatabaseNameAzure DevOps DatabaseOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Threat Model only for Agents and TasksConfigurable AttributesDatabase Technologies6047e74b-a4e1-4e5b-873e-3f7d8658d6b3SelectGenericOnPrem0SQL Version0a5c9e0f-f68c-4607-9a1a-a02841f1e9deSelectAllV12MsSQL2016MsSQL2012MsSQL20140SSIS packages Used649208cc-3b55-40ff-94b9-015c0fb0c9e8SelectYesNo0As Generic Data StoreSE.DS.TMCore.SQL1006461350100432375a7-5e15-420f-a6b8-4dd2290533a1GE.DS432375a7-5e15-420f-a6b8-4dd2290533a1Generic Data StoreNameFile System StorageOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Storage provided by Machine OSGE.DS1001351344100167193e7-f528-47e2-914a-a513a4144ca6GE.DS167193e7-f528-47e2-914a-a513a4144ca6DatabaseNameSTS DatabaseOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Threat Model only for Agents and TasksConfigurable AttributesDatabase Technologies6047e74b-a4e1-4e5b-873e-3f7d8658d6b3SelectGenericOnPrem0SQL Version0a5c9e0f-f68c-4607-9a1a-a02841f1e9deSelectAllV12MsSQL2016MsSQL2012MsSQL20140SSIS packages Used649208cc-3b55-40ff-94b9-015c0fb0c9e8SelectYesNo0As Generic Data StoreSE.DS.TMCore.SQL100101613551007406a895-7ace-4dcf-8940-eeec52e8ae28GE.A7406a895-7ace-4dcf-8940-eeec52e8ae28Free Text AnnotationNameAgent registered using PAT/ Service Principal/ MSI Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A1003881258191
Agent: Configuration
8ded86dc-98bd-43f6-9e54-69b838fa656dGE.DF8ded86dc-98bd-43f6-9e54-69b838fa656dRequestName1: Write RSA Private KeyDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17801Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request152234SouthWestNorthWest6ca8905a-a219-4ae5-8dff-a7a3b68afecd155202432375a7-5e15-420f-a6b8-4dd2290533a1140349ce60f4f5-e392-41d7-aa4c-69de71a685b4GE.DFce60f4f5-e392-41d7-aa4c-69de71a685b4RequestName2: Register AgentDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17802Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request478236SouthEastSouthWest6ca8905a-a219-4ae5-8dff-a7a3b68afecd218202973739e4-b680-49e5-adc2-fa6d053e03fe668201c107bcb5-2b40-4ee0-b9fb-284c5f0b682eGE.DFc107bcb5-2b40-4ee0-b9fb-284c5f0b682eGeneric Data FlowName3: Store RSA Public KeyDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17803Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Internal implemtation of Azure DevOps Service is not in the scope of this Threat Model.Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF698269SouthNorth973739e4-b680-49e5-adc2-fa6d053e03fe7002151739aa04-c297-4f1c-ae3c-72bd5d8dfb506963559a753df9-c9d4-49c7-881a-eec6c8faf83eGE.DF9a753df9-c9d4-49c7-881a-eec6c8faf83eGeneric Data FlowName4: Register Agent as AppDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17804Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Interaction between the Azure DevOps Service and the Secure Token Service (STS) is not in the scope of this service.Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF879220SouthEastSouthWest973739e4-b680-49e5-adc2-fa6d053e03fe731201d03136f4-6cc4-488c-b062-e8026a62a0111034203c3312765-24e3-4451-9176-271a4da8f137GE.DFc3312765-24e3-4451-9176-271a4da8f137Generic Data FlowName5: Store Public KeyDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17805Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Internal implemtation of Secure Token Service (STS) is not in the scope of this Threat Model.Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF1066288SouthNorthd03136f4-6cc4-488c-b062-e8026a62a0111066217167193e7-f528-47e2-914a-a513a4144ca6106636027a5d300-9123-4af1-998c-3bf22997f0a2GE.DF27a5d300-9123-4af1-998c-3bf22997f0a2ResponseName6: Client Id for AgentDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Interaction between the Azure DevOps Service and the Secure Token Service (STS) is not in the scope of this service.Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Response887119NorthWestNorthEastd03136f4-6cc4-488c-b062-e8026a62a0111034140973739e4-b680-49e5-adc2-fa6d053e03fe7311380a96c814-dbf2-46d0-a8e9-e435dd8f0facGE.DF0a96c814-dbf2-46d0-a8e9-e435dd8f0facResponseName7: Client Id for Agent & STS URLDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Response46689NorthWestNorthEast973739e4-b680-49e5-adc2-fa6d053e03fe6681386ca8905a-a219-4ae5-8dff-a7a3b68afecd2181398efa0dc1-b5c0-49a2-9af8-2c15fae40e01GE.DF8efa0dc1-b5c0-49a2-9af8-2c15fae40e01Generic Data FlowName8: Store Agent Config & STS infoDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF226281SouthEastNorthEast6ca8905a-a219-4ae5-8dff-a7a3b68afecd218202432375a7-5e15-420f-a6b8-4dd2290533a12303491.25DRAWINGSURFACE9bc3582d-5e45-4551-9713-65b1afe59afaDiagramNameAgent: Job PollingDRAWINGSURFACEfd074a24-fbf4-4066-aa20-4480583da7e3GE.TB.Bfd074a24-fbf4-4066-aa20-4480583da7e3Machine Trust BoundaryNameAgent Machine Trust BoundaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Configurable AttributesAs Generic Trust Border BoundarySE.TB.TMCore.MachineTrustBoundary58133146435c350b223-e32e-42b4-8286-df587c619156GE.Ac350b223-e32e-42b4-8286-df587c619156Free Text AnnotationNameJWT Token signed with Private KeyOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A10055515225819d8710c-11af-4d9a-83b8-2a54b7816fe0GE.P19d8710c-11af-4d9a-83b8-2a54b7816fe0Generic ProcessNameAgent ListenerOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.P1002471220100ef8b12c6-963f-4162-bfa9-02149966c61eGE.Pef8b12c6-963f-4162-bfa9-02149966c61eIdentity ServerNameSPSOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Threat Model only for Agents and TasksConfigurable AttributesAs Generic ProcessSE.P.TMCore.IdSrv10097911271006db9dd7f-74f1-4c07-9fdd-17e00dc45963GE.P6db9dd7f-74f1-4c07-9fdd-17e00dc45963Web ApplicationNameTFS InstanceOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Threat Model only for Agents and TasksConfigurable AttributesWeb Application Technologiesf9960f99-8659-4776-90d7-e454ef832db7SelectGenericWeb FormsMVC5MVC60EnvironmentType80fe9520-5f00-4480-ad47-f2fd75dede82SelectOnPremAzure0Processes XMLdf53c172-b70c-412c-9e99-a6fbc10748eeSelectYesNo0As Generic ProcessSE.P.TMCore.WebApp100983134910062c99feb-cf7f-44a5-b27c-fef8789ad860GE.DS62c99feb-cf7f-44a5-b27c-fef8789ad860Generic Data StoreNameFile System StorageOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.DS1001831489100a602b240-dd90-4728-9ca8-9e7f1df007adGE.DSa602b240-dd90-4728-9ca8-9e7f1df007adDatabaseNameSTS DatabaseOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Threat Model only for Agents and TasksConfigurable AttributesDatabase Technologies6047e74b-a4e1-4e5b-873e-3f7d8658d6b3SelectGenericOnPrem0SQL Version0a5c9e0f-f68c-4607-9a1a-a02841f1e9deSelectAllV12MsSQL2016MsSQL2012MsSQL20140SSIS packages Used649208cc-3b55-40ff-94b9-015c0fb0c9e8SelectYesNo0As Generic Data StoreSE.DS.TMCore.SQL10011451306100f36a8bbc-c9b2-4990-a6be-4f9b33e92439GE.TB.Bf36a8bbc-c9b2-4990-a6be-4f9b33e92439Azure Trust BoundaryNameAzure Trust BoundaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Configurable AttributesAs Generic Trust Border BoundarySE.TB.TMCore.AzureTrustBoundary53593418758243fdfef1-3a6d-4bc5-ab71-0e6273b8cecbGE.A43fdfef1-3a6d-4bc5-ab71-0e6273b8cecbFree Text AnnotationNameAgent uses OAuth token for subsequent communication with TFSOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A10055211682587c62a375-90ca-44ec-9318-79e55b1df39dGE.A7c62a375-90ca-44ec-9318-79e55b1df39dFree Text AnnotationNameTFS generates fresh AES-256 symmetric key per session Encrypts AES key using agent's RSA public keyOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A10010061500258466eee69-2e1d-454b-9409-9873b4fe6a11GE.A466eee69-2e1d-454b-9409-9873b4fe6a11Free Text AnnotationNameJob content encrypted with AES-256 keyOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A100558165825856f21a46-32a3-4705-9d1e-9ddf6c7c8431GE.A56f21a46-32a3-4705-9d1e-9ddf6c7c8431Free Text AnnotationNameDecrypts Job content using decrypted AES keyOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A100521125258732a954a-46b7-4c61-b66d-60281aa6c8dcGE.A732a954a-46b7-4c61-b66d-60281aa6c8dcFree Text AnnotationNameSigned JWT Token validated using agent's Public KeyOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A10011421119258dee167e2-b505-4d54-9c8b-8b0873da2984GE.Adee167e2-b505-4d54-9c8b-8b0873da2984Free Text AnnotationNameAES key encrypted using Agent's RSA Public KeyOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A10062313542586b3b6dac-4aae-4016-96ad-79dc5030a749GE.A6b3b6dac-4aae-4016-96ad-79dc5030a749Free Text AnnotationNameAgent Decrypts AES key using its RSA Private KeyOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A100241343258
Agent: Job Polling
b8d0eed4-f8b3-4ab2-9852-398bcde1ce84GE.DFb8d0eed4-f8b3-4ab2-9852-398bcde1ce84RequestName1: Load Agent Config, RSA Private Key & STS infoDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17801Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request269423NorthSouthWest62c99feb-cf7f-44a5-b27c-fef8789ad86023349419d8710c-11af-4d9a-83b8-2a54b7816fe0265301887ab657-2f80-4f46-92c8-047b6175d2f6GE.DF887ab657-2f80-4f46-92c8-047b6175d2f6ResponseName5: OAuth Token with limited scopeDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17805Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Response632160WestNorthEast00000000-0000-0000-0000-00000000000098417719d8710c-11af-4d9a-83b8-2a54b7816fe0328238f5e98725-78b1-4c24-994a-b7e022dda54cGE.DFf5e98725-78b1-4c24-994a-b7e022dda54cResponseName11: Build/Release JobsDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17807Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Response670657SouthWestSouth6db9dd7f-74f1-4c07-9fdd-17e00dc45963100143019d8710c-11af-4d9a-83b8-2a54b7816fe0297315d9fd6364-86ca-4f76-9926-b208f63b51b1GE.DFd9fd6364-86ca-4f76-9926-b208f63b51b1RequestName2: Exchange JWT for OAuth TokenDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17802Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request66946NorthNorthWest19d8710c-11af-4d9a-83b8-2a54b7816fe0297226ef8b12c6-963f-4162-bfa9-02149966c61e9971455a0d2820-2a6b-4455-85b8-ce93e2b31a3bGE.DF5a0d2820-2a6b-4455-85b8-ce93e2b31a3bResponseName3: Read Public KeyDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17803Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Internal implemtation of Secure Token Service (STS) is not in the scope of this Threat Model.Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Response1066268NorthSoutha602b240-dd90-4728-9ca8-9e7f1df007ad1195311ef8b12c6-963f-4162-bfa9-02149966c61e10292223e32d43c-ed41-45d3-a563-5d968df1b113GE.DF3e32d43c-ed41-45d3-a563-5d968df1b113Generic Data FlowName4: Verify JWT TokenDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17804Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Internal implemtation of Secure Token Service (STS) is not in the scope of this Threat Model.Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF1161183NorthEastSouthEastef8b12c6-963f-4162-bfa9-02149966c61e1060145ef8b12c6-963f-4162-bfa9-02149966c61e1060208f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150aGE.DFf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150aRequestName10: Poll for Jobs using OAuth TokenDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17806Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request678558SouthEastWest19d8710c-11af-4d9a-83b8-2a54b7816fe03283016db9dd7f-74f1-4c07-9fdd-17e00dc4596398839963fec324-52c5-4b14-8ec3-7932d54969d3GE.DF63fec324-52c5-4b14-8ec3-7932d54969d3Generic Data FlowName7: AES Key GenerationDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF1127467EastSouth6db9dd7f-74f1-4c07-9fdd-17e00dc4596310783996db9dd7f-74f1-4c07-9fdd-17e00dc4596310334445e91d835-80b7-4c1a-9812-13d482b47520GE.DF5e91d835-80b7-4c1a-9812-13d482b47520Generic Data FlowName12: Job DecryptionDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF151194NorthWestWest19d8710c-11af-4d9a-83b8-2a54b7816fe026523800000000-0000-0000-0000-0000000000002522703d3d8d93-f79d-472e-9116-70ce3d33dcbaGE.DF3d3d8d93-f79d-472e-9116-70ce3d33dcbaRequestName6: Agent Startup - Session creation with TFSDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17806Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request735270EastNorth19d8710c-11af-4d9a-83b8-2a54b7816fe03422706db9dd7f-74f1-4c07-9fdd-17e00dc4596310333558ea6620a-8c12-414a-b1e3-a53fe2903a1cGE.DF8ea6620a-8c12-414a-b1e3-a53fe2903a1cGeneric Data FlowName8: Session created, Ready to PollDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF724419NorthWestSouthEast6db9dd7f-74f1-4c07-9fdd-17e00dc45963100136719d8710c-11af-4d9a-83b8-2a54b7816fe0328301a41be1a0-5d7f-4e44-a04f-dc99db16c642GE.DFa41be1a0-5d7f-4e44-a04f-dc99db16c642Generic Data FlowName9: AES DecryptionDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF116336NorthSouthWest19d8710c-11af-4d9a-83b8-2a54b7816fe029722619d8710c-11af-4d9a-83b8-2a54b7816fe02653011.25DRAWINGSURFACE9170c488-4cdf-4b44-8055-a93e8fb16045DiagramNameAgent: Job MessageDRAWINGSURFACE645f878c-70e7-47b6-ae63-b3fd0487667eGE.TB.B645f878c-70e7-47b6-ae63-b3fd0487667eMachine Trust BoundaryNameAgent Machine Trust BoundaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Configurable AttributesAs Generic Trust Border BoundarySE.TB.TMCore.MachineTrustBoundary440561704248295d83a-efe0-4541-bab0-edd836c664a6GE.P8295d83a-efe0-4541-bab0-edd836c664a6Generic ProcessNameAgent ListenerOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.P1002881163100276cdd23-5358-434d-bb21-9d487e5fcbe0GE.P276cdd23-5358-434d-bb21-9d487e5fcbe0Web ApplicationNameTFS ServiceOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Threat Model only for Agents and TasksConfigurable AttributesWeb Application Technologiesf9960f99-8659-4776-90d7-e454ef832db7SelectGenericWeb FormsMVC5MVC60EnvironmentType80fe9520-5f00-4480-ad47-f2fd75dede82SelectOnPremAzure0Processes XMLdf53c172-b70c-412c-9e99-a6fbc10748eeSelectYesNo0As Generic ProcessSE.P.TMCore.WebApp1647851170169ab74bdc7-9518-4d97-946f-66d33b5daf05GE.Pab74bdc7-9518-4d97-946f-66d33b5daf05Generic ProcessNameAgent WorkerOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.P1002921380100caa1c07a-afd3-4a48-8871-6c3b89843c3dGE.DScaa1c07a-afd3-4a48-8871-6c3b89843c3dGeneric Data StoreNameFile System StorageOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.DS10012813311001a8b9f53-ec6a-4971-9d12-ca7ebbdf4da9GE.TB.B1a8b9f53-ec6a-4971-9d12-ca7ebbdf4da9Azure Trust BoundaryNameAzure Trust BoundaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Configurable AttributesAs Generic Trust Border BoundarySE.TB.TMCore.AzureTrustBoundary5197541372850f8c62d2-6e11-4ce7-8c5c-ff81aef18be4GE.P0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4Web ApplicationNameAzure DevOpsOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Threat Model only for Agents and TasksConfigurable AttributesWeb Application Technologiesf9960f99-8659-4776-90d7-e454ef832db7SelectGenericWeb FormsMVC5MVC60EnvironmentType80fe9520-5f00-4480-ad47-f2fd75dede82SelectOnPremAzure0Processes XMLdf53c172-b70c-412c-9e99-a6fbc10748eeSelectYesNo0As Generic ProcessSE.P.TMCore.WebApp11985413961202dcd64d1-ffe5-4d09-ac68-4dd0a73bb8fcGE.A2dcd64d1-ffe5-4d09-ac68-4dd0a73bb8fcFree Text AnnotationNameWorker uses JWT token received from TFS to utilize ADO services in pipeline tasks like code checkout, etcOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A1295201329204c7ed9264-fa73-4ef5-b886-168c7445dd37GE.Ac7ed9264-fa73-4ef5-b886-168c7445dd37Free Text AnnotationNameDecrypts Job content using decrypted AES keyGE.A12992045204
Agent: Job Message
07b5d34e-cbae-442d-a607-c6b3c5fd710eGE.DF07b5d34e-cbae-442d-a607-c6b3c5fd710eGeneric Data FlowName2: Polling TFS Server for available jobsDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Internal implemtation of Secure Token Service (STS) is not in the scope of this Threat Model.Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF584178EastNorthWest8295d83a-efe0-4541-bab0-edd836c664a6383213276cdd23-5358-434d-bb21-9d487e5fcbe08131984ae4dc87-a64f-4ced-b46f-20d6048a4ca3GE.DF4ae4dc87-a64f-4ced-b46f-20d6048a4ca3Generic Data FlowName1: Read Agent Config & RSA Private KeyDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF200264NorthWestcaa1c07a-afd3-4a48-8871-6c3b89843c3d1783368295d83a-efe0-4541-bab0-edd836c664a62932139e0604ca-d4eb-4f4e-a9bc-4858bed7c5d7GE.DF9e0604ca-d4eb-4f4e-a9bc-4858bed7c5d7Generic Data FlowName5: Create Worker Process & Run JobDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF341301SouthNorth8295d83a-efe0-4541-bab0-edd836c664a6338258ab74bdc7-9518-4d97-946f-66d33b5daf05342386e13ada1f-4b35-4d1a-96b2-18d5b79e76e3GE.DFe13ada1f-4b35-4d1a-96b2-18d5b79e76e3RequestName3: Send Encrypted Job MessageDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request588282WestSouthEast276cdd23-5358-434d-bb21-9d487e5fcbe07902528295d83a-efe0-4541-bab0-edd836c664a6369244044f1875-70e2-4683-988f-edafbe68ca0aGE.DF044f1875-70e2-4683-988f-edafbe68ca0aGeneric Data FlowName4: Decrypt Job MetadataDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF333106NorthWestNorthEast8295d83a-efe0-4541-bab0-edd836c664a63061818295d83a-efe0-4541-bab0-edd836c664a6369181be36fd4e-3f3d-4a58-abb1-a0830d2173baGE.DFbe36fd4e-3f3d-4a58-abb1-a0830d2173baRequestName6: Accessing ADO services Dataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request621430EastWestab74bdc7-9518-4d97-946f-66d33b5daf053874300f8c62d2-6e11-4ce7-8c5c-ff81aef18be48594551.5DRAWINGSURFACE01081e16-ca66-42c6-b2c5-e470ce83a88cDiagramNameAgent: VMSS PoolDRAWINGSURFACE736335e4-36cf-489d-9964-86bd1df4f106GE.DS736335e4-36cf-489d-9964-86bd1df4f106Azure StorageNameAzure Blob StorageOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesStorage Typeb3ece90f-c578-4a48-b4d4-89d97614e0d2SelectFileTableQueueBlob4HTTPS Enforced229f2e53-bc3f-476c-8ac9-57da37efd00fSelectTrueFalse1Network Securityeb012c7c-9201-40d2-989f-2aad423895a5SelectAllow access from all networksAllow access from selective networks1CORS Enabledc63455d0-ad77-4b08-aa02-9f8026bb056fSelectTrueFalse1As Generic Data StoreSE.DS.TMCore.AzureStorage100901183100642e4b68-b7fb-4df5-ac5c-6e6405654f83GE.P642e4b68-b7fb-4df5-ac5c-6e6405654f83Azure Traffic ManagerNameAzure Traffic Manager (Priority)Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic ProcessSE.P.TMCore.AzureTrafficManager10056311621002861dcfc-4975-4916-b084-00a957515d7fGE.P2861dcfc-4975-4916-b084-00a957515d7fGeneric ProcessNameAkamai CDNOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Akamai CDN is externalGE.P10028613871006261586d-5250-4d57-9106-e219d186b4afGE.P6261586d-5250-4d57-9106-e219d186b4afHostNameAzure Front DoorOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesHost Technologies97da4742-4e59-441a-994c-a1490d70dd28SelectAzure IaaSGeneric0As Generic ProcessSE.P.TMCore.Host100309149100bb4a6bce-ebc1-460f-a000-780782e3716eGE.Pbb4a6bce-ebc1-460f-a000-780782e3716eHostNameHost VMOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesHost Technologies97da4742-4e59-441a-994c-a1490d70dd28SelectAzure IaaSGeneric1As Generic ProcessSE.P.TMCore.Host10014871350100e07e6bdd-176d-46b5-89a2-b5a1c2007712GE.Pe07e6bdd-176d-46b5-89a2-b5a1c2007712HostNameHost VMOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesHost Technologies97da4742-4e59-441a-994c-a1490d70dd28SelectAzure IaaSGeneric1As Generic ProcessSE.P.TMCore.Host10013281448100534dc643-539c-4f32-a92f-b2d654529b26GE.P534dc643-539c-4f32-a92f-b2d654529b26Azure Traffic ManagerNameAzure Traffic Manager (Geographic)Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic ProcessSE.P.TMCore.AzureTrafficManager1008061162100f88e3111-e0e2-4ab4-9711-899d27b843a3GE.DSf88e3111-e0e2-4ab4-9711-899d27b843a3Azure Key VaultNameAzure Key VaultOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAzure Key Vault Firewall Settingscd610fb8-4fbd-49c0-966f-8b4634b39262SelectAllow access from all networksAllow access from selected networks1Azure Key Vault Audit Logging Enabled78bf9482-5267-41c6-84fd-bac2fb6ca0b9SelectTrueFalse1Authenticating to Key Vaultae94fa17-596d-476e-a283-0afc166dcf26SelectManaged IdentitiesService or User Principal and CertificateService or User Principal and Secret1As Generic Data StoreSE.DS.TMCore.AzureKeyVault10044912451000f7c09cd-bfdc-4988-b77f-35e4fa7a5903GE.TB.B0f7c09cd-bfdc-4988-b77f-35e4fa7a5903Azure Trust BoundaryNameAzure Trust BoundaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Configurable AttributesAs Generic Trust Border BoundarySE.TB.TMCore.AzureTrustBoundary32554138893d5733e8d-f67e-49e6-9d26-3084253e5fedGE.TB.Bd5733e8d-f67e-49e6-9d26-3084253e5fedAzure IaaS VM Trust BoundaryNameAzure IaaS VM Trust BoundaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Configurable AttributesAs Generic Trust Border BoundarySE.TB.TMCore.AzureIaaSVMTrustBoundary44410901117538d5ae29d1-8c88-4a68-b587-4c209a563fa5GE.Pd5ae29d1-8c88-4a68-b587-4c209a563fa5HostNameHost VMOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesHost Technologies97da4742-4e59-441a-994c-a1490d70dd28SelectAzure IaaSGeneric1As Generic ProcessSE.P.TMCore.Host10011471333100d3aadaf0-863c-4711-9100-b1bbaa541d1fGE.Pd3aadaf0-863c-4711-9100-b1bbaa541d1fGeneric ProcessNameTeam Services Agent ExtensionOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.P100131711751007ba0f5b6-b757-42ae-bc9b-16bc9a6e7acaGE.P7ba0f5b6-b757-42ae-bc9b-16bc9a6e7acaGeneric ProcessNameOneCertOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579OneCert is not a part of this reviewGE.P10057114731008a84b905-408f-4401-ba17-3dff497e32abGE.TB.B8a84b905-408f-4401-ba17-3dff497e32abAzure Trust BoundaryNameAzure DevOps Trust BoundaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Configurable AttributesAs Generic Trust Border BoundarySE.TB.TMCore.AzureTrustBoundary19096156232388aa7929-bea9-486d-96a1-8d9973681107GE.P88aa7929-bea9-486d-96a1-8d9973681107Generic ProcessNameAgents Build PipelineOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Akamai CDN is externalGE.P10916916091197c25c8af-b7bc-43ca-9efe-077ef12df710GE.A7c25c8af-b7bc-43ca-9efe-077ef12df710Free Text AnnotationNameAgent Binaries created by build pipelineOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A1001091380138
Agent: VMSS Pool
94427037-2ecb-4511-8365-b85f37d5e6c4GE.DF94427037-2ecb-4511-8365-b85f37d5e6c4ResponseName6: Fetch Agent BinaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Response260135WestNorthEast6261586d-5250-4d57-9106-e219d186b4af31499736335e4-36cf-489d-9964-86bd1df4f106185188d4aed796-beaf-4727-a6d6-65f3aea46acfGE.DFd4aed796-beaf-4727-a6d6-65f3aea46acfResponseName6: Fetch Agent BinaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Response223319NorthWestSouthEast2861dcfc-4975-4916-b084-00a957515d7f304405736335e4-36cf-489d-9964-86bd1df4f10618527877aca7e9-6d92-4e43-a17d-39f5104f0373GE.DF77aca7e9-6d92-4e43-a17d-39f5104f0373Generic Data FlowNameLoad TLS CertDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF345233WestSouthf88e3111-e0e2-4ab4-9711-899d27b843a34542956261586d-5250-4d57-9106-e219d186b4af3591442c7f6505-8f4b-4de0-817e-7539b32fdeacGE.DF2c7f6505-8f4b-4de0-817e-7539b32fdeacRequestName5: Fetch Agent BinaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request479134NorthWestEast642e4b68-b7fb-4df5-ac5c-6e6405654f835811806261586d-5250-4d57-9106-e219d186b4af404999af3ab21-6eed-42c4-b9bf-bc632b025151GE.DF9af3ab21-6eed-42c4-b9bf-bc632b025151RequestName5: Fetch Agent BinaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request457350SouthWestNorthEast642e4b68-b7fb-4df5-ac5c-6e6405654f835812432861dcfc-4975-4916-b084-00a957515d7f367405e12fb109-0cd1-4c37-a24f-373701d968e3GE.DFe12fb109-0cd1-4c37-a24f-373701d968e3Generic Data FlowName2: Provision AgentDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17802Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF1458320SouthEastNorthWestd3aadaf0-863c-4711-9100-b1bbaa541d1f1398256bb4a6bce-ebc1-460f-a000-780782e3716e1505368ef313fed-0491-4b36-ac7d-f224ecdb90eaGE.DFef313fed-0491-4b36-ac7d-f224ecdb90eaRequestName4: Fetch Agent BinaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request723213WestEast534dc643-539c-4f32-a92f-b2d654529b26811212642e4b68-b7fb-4df5-ac5c-6e6405654f836582129da822e9-93bf-4279-a852-fde25c083efbGE.DF9da822e9-93bf-4279-a852-fde25c083efbGeneric Data FlowName2: Provision AgentDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17802Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF1370372SouthNorthd3aadaf0-863c-4711-9100-b1bbaa541d1f1367270e07e6bdd-176d-46b5-89a2-b5a1c200771213784545725dba2-1375-40fd-9bb2-75d4550fe4feGE.DF5725dba2-1375-40fd-9bb2-75d4550fe4feGeneric Data FlowName2: Provision AgentDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17802Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF1281303SouthWestNorthEastd3aadaf0-863c-4711-9100-b1bbaa541d1f1335256d5ae29d1-8c88-4a68-b587-4c209a563fa512283512cc6debc-1845-4846-8dfd-4a323e812d82GE.DF2cc6debc-1845-4846-8dfd-4a323e812d82ResponseName1: Fetch Agent BinaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17801Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Response1161220EastWest534dc643-539c-4f32-a92f-b2d654529b26901212d3aadaf0-863c-4711-9100-b1bbaa541d1f1322225ff3a6b97-1674-45a6-bc13-da6ac909ef8bGE.DFff3a6b97-1674-45a6-bc13-da6ac909ef8bRequestName3: Fetch Agent BinaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17803Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request1026309NorthWestSouthEastd5ae29d1-8c88-4a68-b587-4c209a563fa51165351534dc643-539c-4f32-a92f-b2d654529b26887243746b595f-a178-4f62-8655-e1eb40d3bbb8GE.DF746b595f-a178-4f62-8655-e1eb40d3bbb8RequestName3: Fetch Agent BinaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17803Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request1065427WestSouthe07e6bdd-176d-46b5-89a2-b5a1c20077121333498534dc643-539c-4f32-a92f-b2d654529b26856257697a5481-a24f-453a-bcdb-adc9cc86b2d2GE.DF697a5481-a24f-453a-bcdb-adc9cc86b2d2RequestName3: Fetch Agent BinaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17803Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0SE.DF.TMCore.Request1173616SouthSouthWestbb4a6bce-ebc1-460f-a000-780782e3716e1537445534dc643-539c-4f32-a92f-b2d654529b268242435aed5a00-2d45-4ca7-a3eb-29de0afcb824GE.DF5aed5a00-2d45-4ca7-a3eb-29de0afcb824Generic Data FlowNameCertificate AuthorityDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF458492WestEast7ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca5765232861dcfc-4975-4916-b084-00a957515d7f3814371e43eb3f-061f-4000-84f7-2a41eca5cb12GE.DF1e43eb3f-061f-4000-84f7-2a41eca5cb12Generic Data FlowNameCertificate AuthorityDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF585398NorthEast7ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca621479f88e3111-e0e2-4ab4-9711-899d27b843a3544295ebd17035-3abc-4602-a022-97fc5555e969GE.DFebd17035-3abc-4602-a022-97fc5555e969Generic Data FlowNameAgent binaries UploadDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesShow Boundary Threats23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59SelectYesNo0GE.DF136467WestSouth88aa7929-bea9-486d-96a1-8d9973681107174663736335e4-36cf-489d-9964-86bd1df4f1061402781.25TH89973739e4-b680-49e5-adc2-fa6d053e03fec107bcb5-2b40-4ee0-b9fb-284c5f0b682e1739aa04-c297-4f1c-ae3c-72bd5d8dfb50FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c107bcb5-2b40-4ee0-b9fb-284c5f0b682e48973739e4-b680-49e5-adc2-fa6d053e03fe:c107bcb5-2b40-4ee0-b9fb-284c5f0b682e:1739aa04-c297-4f1c-ae3c-72bd5d8dfb502025-04-25T14:31:40.4706624+05:30HighTitleAn adversary may leverage the lack of monitoring systems and trigger anomalous traffic to databaseUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may leverage the lack of intrusion detection and prevention of anomalous database activities and trigger anomalous traffic to databaseStateInformationInteraction between Azure DevOps service and its persistant store is not in scope for this threat model.InteractionStringDeletedPossibleMitigationsEnable Threat detection on Azure SQL database. Refer: <a href="https://aka.ms/tmtauditlog#threat-detection">https://aka.ms/tmtauditlog#threat-detection</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feNotApplicable1739aa04-c297-4f1c-ae3c-72bd5d8dfb50TH89falsefalseTH105973739e4-b680-49e5-adc2-fa6d053e03fec107bcb5-2b40-4ee0-b9fb-284c5f0b682e1739aa04-c297-4f1c-ae3c-72bd5d8dfb50FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c107bcb5-2b40-4ee0-b9fb-284c5f0b682e47973739e4-b680-49e5-adc2-fa6d053e03fe:c107bcb5-2b40-4ee0-b9fb-284c5f0b682e:1739aa04-c297-4f1c-ae3c-72bd5d8dfb502025-04-25T14:27:47.8600008+05:30HighTitleAn adversary can tamper critical database securables and deny the actionUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary can tamper critical database securables and deny the actionStateInformationInteraction between Azure DevOps service and its persistant store is not in scope for this threat model.InteractionStringDeletedPossibleMitigationsAdd digital signature to critical database securables. Refer: <a href="https://aka.ms/tmtcrypto#securables-db">https://aka.ms/tmtcrypto#securables-db</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feNotApplicable1739aa04-c297-4f1c-ae3c-72bd5d8dfb50TH105falsefalseTH3973739e4-b680-49e5-adc2-fa6d053e03fec107bcb5-2b40-4ee0-b9fb-284c5f0b682e1739aa04-c297-4f1c-ae3c-72bd5d8dfb50FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c107bcb5-2b40-4ee0-b9fb-284c5f0b682e46973739e4-b680-49e5-adc2-fa6d053e03fe:c107bcb5-2b40-4ee0-b9fb-284c5f0b682e:1739aa04-c297-4f1c-ae3c-72bd5d8dfb502025-04-25T14:27:37.4343988+05:30MediumTitleAn adversary can deny actions on database due to lack of auditingUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happenedUserThreatDescriptionProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system.StateInformationInteraction between Azure DevOps service and its persistant store is not in scope for this threat model.InteractionStringDeletedPossibleMitigationsEnsure that login auditing is enabled on SQL Server. Refer: <a href="https://aka.ms/tmtauditlog#identify-sensitive-entities">https://aka.ms/tmtauditlog#identify-sensitive-entities</a>PriorityMediumSDLPhaseImplementation973739e4-b680-49e5-adc2-fa6d053e03feNotApplicable1739aa04-c297-4f1c-ae3c-72bd5d8dfb50TH3falsefalseTH6d03136f4-6cc4-488c-b062-e8026a62a011c3312765-24e3-4451-9176-271a4da8f137167193e7-f528-47e2-914a-a513a4144ca6FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c3312765-24e3-4451-9176-271a4da8f13761d03136f4-6cc4-488c-b062-e8026a62a011:c3312765-24e3-4451-9176-271a4da8f137:167193e7-f528-47e2-914a-a513a4144ca62025-04-25T14:41:11.851992+05:30HighTitleAn adversary can gain access to sensitive PII or HBI data in databaseUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAdditional controls like Transparent Data Encryption, Column Level Encryption, EKM etc. provide additional protection mechanism to high value PII or HBI data. StateInformationInteraction between the Secure Token Service (STS) and its persistant store is not in the scope of this Threat Model.InteractionStringDeletedPossibleMitigationsUse strong encryption algorithms to encrypt data in the database. Refer: <a href="https://aka.ms/tmtcrypto#strong-db">https://aka.ms/tmtcrypto#strong-db</a> Ensure that sensitive data in database columns is encrypted. Refer: <a href="https://aka.ms/tmtdata#db-encrypted">https://aka.ms/tmtdata#db-encrypted</a> Ensure that database-level encryption (TDE) is enabled. Refer: <a href="https://aka.ms/tmtdata#tde-enabled">https://aka.ms/tmtdata#tde-enabled</a> Ensure that database backups are encrypted. Refer: <a href="https://aka.ms/tmtdata#backup">https://aka.ms/tmtdata#backup</a> Use SQL server EKM to protect encryption keys. Refer: <a href="https://aka.ms/tmtcrypto#ekm-keys">https://aka.ms/tmtcrypto#ekm-keys</a> Use AlwaysEncrypted feature if encryption keys should not be revealed to Database engine. Refer: <a href="https://aka.ms/tmtcrypto#keys-engine">https://aka.ms/tmtcrypto#keys-engine</a>PriorityHighSDLPhaseImplementationd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable167193e7-f528-47e2-914a-a513a4144ca6TH6falsefalseTH4d03136f4-6cc4-488c-b062-e8026a62a011c3312765-24e3-4451-9176-271a4da8f137167193e7-f528-47e2-914a-a513a4144ca6FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c3312765-24e3-4451-9176-271a4da8f13760d03136f4-6cc4-488c-b062-e8026a62a011:c3312765-24e3-4451-9176-271a4da8f137:167193e7-f528-47e2-914a-a513a4144ca62025-04-25T14:41:07.0478601+05:30HighTitleAn adversary can gain unauthorized access to database due to loose authorization rulesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionDatabase access should be configured with roles and privilege based on least privilege and need to know principle. StateInformationInteraction between the Secure Token Service (STS) and its persistant store is not in the scope of this Threat Model.InteractionStringDeletedPossibleMitigationsEnsure that least-privileged accounts are used to connect to Database server. Refer: <a href="https://aka.ms/tmtauthz#privileged-server">https://aka.ms/tmtauthz#privileged-server</a> Implement Row Level Security RLS to prevent tenants from accessing each others data. Refer: <a href="https://aka.ms/tmtauthz#rls-tenants">https://aka.ms/tmtauthz#rls-tenants</a> Sysadmin role should only have valid necessary users . Refer: <a href="https://aka.ms/tmtauthz#sysadmin-users">https://aka.ms/tmtauthz#sysadmin-users</a>PriorityHighSDLPhaseImplementationd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable167193e7-f528-47e2-914a-a513a4144ca6TH4falsefalseTH1d03136f4-6cc4-488c-b062-e8026a62a011c3312765-24e3-4451-9176-271a4da8f137167193e7-f528-47e2-914a-a513a4144ca6FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c3312765-24e3-4451-9176-271a4da8f13759d03136f4-6cc4-488c-b062-e8026a62a011:c3312765-24e3-4451-9176-271a4da8f137:167193e7-f528-47e2-914a-a513a4144ca62025-04-25T14:41:01.1259518+05:30HighTitleAn adversary can gain unauthorized access to database due to lack of network access protectionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionIf there is no restriction at network or host firewall level, to access the database then anyone can attempt to connect to the database from an unauthorized locationStateInformationInteraction between the Secure Token Service (STS) and its persistant store is not in the scope of this Threat Model.InteractionStringDeletedPossibleMitigationsConfigure a Windows Firewall for Database Engine Access. Refer: <a href="https://aka.ms/tmtconfigmgmt#firewall-db">https://aka.ms/tmtconfigmgmt#firewall-db</a>PriorityHighSDLPhaseImplementationd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable167193e7-f528-47e2-914a-a513a4144ca6TH1falsefalseTH133973739e4-b680-49e5-adc2-fa6d053e03fe9a753df9-c9d4-49c7-881a-eec6c8faf83ed03136f4-6cc4-488c-b062-e8026a62a011FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c99a753df9-c9d4-49c7-881a-eec6c8faf83e58973739e4-b680-49e5-adc2-fa6d053e03fe:9a753df9-c9d4-49c7-881a-eec6c8faf83e:d03136f4-6cc4-488c-b062-e8026a62a0112025-04-25T14:40:02.1644754+05:30HighTitleAn adversary may guess the client id and secrets of registered applications and impersonate themUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may guess the client id and secrets of registered applications and impersonate them StateInformationInteraction between Azure DevOps and Secure Token Service (STS) is not in the scope of this threat model.InteractionStringDeletedPossibleMitigationsEnsure that cryptographically strong client id, client secret are used in Identity Server. Refer: <a href="https://aka.ms/tmtcrypto#client-server">https://aka.ms/tmtcrypto#client-server</a>PriorityHighSDLPhaseImplementation973739e4-b680-49e5-adc2-fa6d053e03feNotApplicabled03136f4-6cc4-488c-b062-e8026a62a011TH133falsefalseTH117973739e4-b680-49e5-adc2-fa6d053e03fe9a753df9-c9d4-49c7-881a-eec6c8faf83ed03136f4-6cc4-488c-b062-e8026a62a011FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c99a753df9-c9d4-49c7-881a-eec6c8faf83e57973739e4-b680-49e5-adc2-fa6d053e03fe:9a753df9-c9d4-49c7-881a-eec6c8faf83e:d03136f4-6cc4-488c-b062-e8026a62a0112025-04-25T14:39:37.5736861+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationInteraction between Azure DevOps and Secure Token Service (STS) is not in the scope of this threat model.InteractionStringDeletedPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feNotApplicabled03136f4-6cc4-488c-b062-e8026a62a011TH117falsefalseTH114973739e4-b680-49e5-adc2-fa6d053e03fe9a753df9-c9d4-49c7-881a-eec6c8faf83ed03136f4-6cc4-488c-b062-e8026a62a011FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c99a753df9-c9d4-49c7-881a-eec6c8faf83e56973739e4-b680-49e5-adc2-fa6d053e03fe:9a753df9-c9d4-49c7-881a-eec6c8faf83e:d03136f4-6cc4-488c-b062-e8026a62a0112025-04-25T14:39:33.3949706+05:30HighTitleAn adversary may issue valid tokens if Identity server's signing keys are compromisedUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can abuse poorly managed signing keys of Identity Server. In case of key compromise, an adversary will be able to create valid auth tokens using the stolen keys and gain access to the resources protected by Identity server.StateInformationInteraction between Azure DevOps and Secure Token Service (STS) is not in the scope of this threat model.InteractionStringDeletedPossibleMitigationsEnsure that signing keys are rolled over when using Identity Server. Refer: <a href="https://aka.ms/tmtcrypto#rolled-server">https://aka.ms/tmtcrypto#rolled-server</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feNotApplicabled03136f4-6cc4-488c-b062-e8026a62a011TH114falsefalseTH113973739e4-b680-49e5-adc2-fa6d053e03fe9a753df9-c9d4-49c7-881a-eec6c8faf83ed03136f4-6cc4-488c-b062-e8026a62a011FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c99a753df9-c9d4-49c7-881a-eec6c8faf83e55973739e4-b680-49e5-adc2-fa6d053e03fe:9a753df9-c9d4-49c7-881a-eec6c8faf83e:d03136f4-6cc4-488c-b062-e8026a62a0112025-04-25T14:39:28.1390218+05:30HighTitleAn adversary can get access to a user's session due to improper logout from Identity ServerUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can get access to a user's session due to improper logout from Identity ServerStateInformationInteraction between Azure DevOps and Secure Token Service (STS) is not in the scope of this threat model.InteractionStringDeletedPossibleMitigationsImplement proper logout when using Identity Server. Refer: <a href="https://aka.ms/tmtsmgmt#proper-logout">https://aka.ms/tmtsmgmt#proper-logout</a>PriorityHighSDLPhaseImplementation973739e4-b680-49e5-adc2-fa6d053e03feNotApplicabled03136f4-6cc4-488c-b062-e8026a62a011TH113falsefalseTH82973739e4-b680-49e5-adc2-fa6d053e03fec107bcb5-2b40-4ee0-b9fb-284c5f0b682e1739aa04-c297-4f1c-ae3c-72bd5d8dfb50FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c107bcb5-2b40-4ee0-b9fb-284c5f0b682e45973739e4-b680-49e5-adc2-fa6d053e03fe:c107bcb5-2b40-4ee0-b9fb-284c5f0b682e:1739aa04-c297-4f1c-ae3c-72bd5d8dfb502025-04-25T14:27:29.2049069+05:30HighTitleAn adversary can gain access to sensitive data by performing SQL injectionUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. StateInformationInteraction between Azure DevOps service and its persistant store is not in scope for this threat model.InteractionStringDeletedPossibleMitigationsEnsure that login auditing is enabled on SQL Server. Refer: <a href="https://aka.ms/tmtauditlog#identify-sensitive-entities">https://aka.ms/tmtauditlog#identify-sensitive-entities</a> Ensure that least-privileged accounts are used to connect to Database server. Refer: <a href="https://aka.ms/tmtauthz#privileged-server">https://aka.ms/tmtauthz#privileged-server</a> Enable Threat detection on Azure SQL database. Refer: <a href="https://aka.ms/tmtauditlog#threat-detection">https://aka.ms/tmtauditlog#threat-detection</a> Do not use dynamic queries in stored procedures. Refer: <a href="https://aka.ms/tmtinputval#stored-proc">https://aka.ms/tmtinputval#stored-proc</a>PriorityHighSDLPhaseImplementation973739e4-b680-49e5-adc2-fa6d053e03feNotApplicable1739aa04-c297-4f1c-ae3c-72bd5d8dfb50TH82falsefalseTH6973739e4-b680-49e5-adc2-fa6d053e03fec107bcb5-2b40-4ee0-b9fb-284c5f0b682e1739aa04-c297-4f1c-ae3c-72bd5d8dfb50FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c107bcb5-2b40-4ee0-b9fb-284c5f0b682e44973739e4-b680-49e5-adc2-fa6d053e03fe:c107bcb5-2b40-4ee0-b9fb-284c5f0b682e:1739aa04-c297-4f1c-ae3c-72bd5d8dfb502025-04-25T14:27:22.374734+05:30HighTitleAn adversary can gain access to sensitive PII or HBI data in databaseUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAdditional controls like Transparent Data Encryption, Column Level Encryption, EKM etc. provide additional protection mechanism to high value PII or HBI data. StateInformationInteraction between Azure DevOps service and its persistant store is not in scope for this threat model.InteractionStringDeletedPossibleMitigationsUse strong encryption algorithms to encrypt data in the database. Refer: <a href="https://aka.ms/tmtcrypto#strong-db">https://aka.ms/tmtcrypto#strong-db</a> Ensure that sensitive data in database columns is encrypted. Refer: <a href="https://aka.ms/tmtdata#db-encrypted">https://aka.ms/tmtdata#db-encrypted</a> Ensure that database-level encryption (TDE) is enabled. Refer: <a href="https://aka.ms/tmtdata#tde-enabled">https://aka.ms/tmtdata#tde-enabled</a> Ensure that database backups are encrypted. Refer: <a href="https://aka.ms/tmtdata#backup">https://aka.ms/tmtdata#backup</a> Use SQL server EKM to protect encryption keys. Refer: <a href="https://aka.ms/tmtcrypto#ekm-keys">https://aka.ms/tmtcrypto#ekm-keys</a> Use AlwaysEncrypted feature if encryption keys should not be revealed to Database engine. Refer: <a href="https://aka.ms/tmtcrypto#keys-engine">https://aka.ms/tmtcrypto#keys-engine</a>PriorityHighSDLPhaseImplementation973739e4-b680-49e5-adc2-fa6d053e03feNotApplicable1739aa04-c297-4f1c-ae3c-72bd5d8dfb50TH6falsefalseTH4973739e4-b680-49e5-adc2-fa6d053e03fec107bcb5-2b40-4ee0-b9fb-284c5f0b682e1739aa04-c297-4f1c-ae3c-72bd5d8dfb50FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c107bcb5-2b40-4ee0-b9fb-284c5f0b682e43973739e4-b680-49e5-adc2-fa6d053e03fe:c107bcb5-2b40-4ee0-b9fb-284c5f0b682e:1739aa04-c297-4f1c-ae3c-72bd5d8dfb502025-04-25T14:27:17.7032508+05:30HighTitleAn adversary can gain unauthorized access to database due to loose authorization rulesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionDatabase access should be configured with roles and privilege based on least privilege and need to know principle. StateInformationInteraction between Azure DevOps service and its persistant store is not in scope for this threat model.InteractionStringDeletedPossibleMitigationsEnsure that least-privileged accounts are used to connect to Database server. Refer: <a href="https://aka.ms/tmtauthz#privileged-server">https://aka.ms/tmtauthz#privileged-server</a> Implement Row Level Security RLS to prevent tenants from accessing each others data. Refer: <a href="https://aka.ms/tmtauthz#rls-tenants">https://aka.ms/tmtauthz#rls-tenants</a> Sysadmin role should only have valid necessary users . Refer: <a href="https://aka.ms/tmtauthz#sysadmin-users">https://aka.ms/tmtauthz#sysadmin-users</a>PriorityHighSDLPhaseImplementation973739e4-b680-49e5-adc2-fa6d053e03feNotApplicable1739aa04-c297-4f1c-ae3c-72bd5d8dfb50TH4falsefalseTH111973739e4-b680-49e5-adc2-fa6d053e03fe9a753df9-c9d4-49c7-881a-eec6c8faf83ed03136f4-6cc4-488c-b062-e8026a62a011FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c99a753df9-c9d4-49c7-881a-eec6c8faf83e54973739e4-b680-49e5-adc2-fa6d053e03fe:9a753df9-c9d4-49c7-881a-eec6c8faf83e:d03136f4-6cc4-488c-b062-e8026a62a0112025-04-25T14:39:22.5281178+05:30HighTitleAn adversary can bypass authentication due to non-standard Identity Server authentication schemesUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can bypass authentication due to non-standard Identity Server authentication schemesStateInformationInteraction between Azure DevOps and Secure Token Service (STS) is not in the scope of this threat model.InteractionStringDeletedPossibleMitigationsUse standard authentication scenarios supported by Identity Server. Refer: <a href="https://aka.ms/tmtauthn#standard-authn-id">https://aka.ms/tmtauthn#standard-authn-id</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feNotApplicabled03136f4-6cc4-488c-b062-e8026a62a011TH111falsefalseTH115973739e4-b680-49e5-adc2-fa6d053e03fe9a753df9-c9d4-49c7-881a-eec6c8faf83ed03136f4-6cc4-488c-b062-e8026a62a011FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c99a753df9-c9d4-49c7-881a-eec6c8faf83e53973739e4-b680-49e5-adc2-fa6d053e03fe:9a753df9-c9d4-49c7-881a-eec6c8faf83e:d03136f4-6cc4-488c-b062-e8026a62a0112025-04-25T14:39:15.2343929+05:30HighTitleAn adversary may sniff the data sent from Identity ServerUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may sniff the data sent from Identity Server. This can lead to a compromise of the tokens issued by the Identity ServerStateInformationInteraction between Azure DevOps and Secure Token Service (STS) is not in the scope of this threat model.InteractionStringDeletedPossibleMitigationsEnsure that all traffic to Identity Server is over HTTPS connection. Refer: <a href="https://aka.ms/tmtcommsec#identity-https">https://aka.ms/tmtcommsec#identity-https</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feNotApplicabled03136f4-6cc4-488c-b062-e8026a62a011TH115falsefalseTH116973739e4-b680-49e5-adc2-fa6d053e03fe9a753df9-c9d4-49c7-881a-eec6c8faf83ed03136f4-6cc4-488c-b062-e8026a62a011FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c99a753df9-c9d4-49c7-881a-eec6c8faf83e52973739e4-b680-49e5-adc2-fa6d053e03fe:9a753df9-c9d4-49c7-881a-eec6c8faf83e:d03136f4-6cc4-488c-b062-e8026a62a0112025-04-25T14:39:09.5592319+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationInteraction between Azure DevOps and Secure Token Service (STS) is not in the scope of this threat model.InteractionStringDeletedPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feNotApplicabled03136f4-6cc4-488c-b062-e8026a62a011TH116falsefalseTH112973739e4-b680-49e5-adc2-fa6d053e03fe9a753df9-c9d4-49c7-881a-eec6c8faf83ed03136f4-6cc4-488c-b062-e8026a62a011FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c99a753df9-c9d4-49c7-881a-eec6c8faf83e51973739e4-b680-49e5-adc2-fa6d053e03fe:9a753df9-c9d4-49c7-881a-eec6c8faf83e:d03136f4-6cc4-488c-b062-e8026a62a0112025-04-25T14:39:02.8323167+05:30HighTitleAn adversary can leverage the weak scalability of Identity Server's token cache and cause DoSUserThreatCategoryDenial of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to specUserThreatDescriptionThe default cache that Identity Server uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users. StateInformationInteraction between Azure DevOps and Secure Token Service (STS) is not in the scope of this threat model.InteractionStringDeletedPossibleMitigationsOverride the default Identity Server token cache with a scalable alternative. Refer: <a href="https://aka.ms/tmtauthn#override-token">https://aka.ms/tmtauthn#override-token</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feNotApplicabled03136f4-6cc4-488c-b062-e8026a62a011TH112falsefalseTH1176ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b4506ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-04-25T14:36:38.8980467+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString2: Register AgentPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH117falsefalseTH1166ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b4496ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-04-25T14:36:06.3913086+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString2: Register AgentPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH116falsefalseTH1973739e4-b680-49e5-adc2-fa6d053e03fec107bcb5-2b40-4ee0-b9fb-284c5f0b682e1739aa04-c297-4f1c-ae3c-72bd5d8dfb50FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c107bcb5-2b40-4ee0-b9fb-284c5f0b682e42973739e4-b680-49e5-adc2-fa6d053e03fe:c107bcb5-2b40-4ee0-b9fb-284c5f0b682e:1739aa04-c297-4f1c-ae3c-72bd5d8dfb502025-04-25T14:27:01.7174178+05:30HighTitleAn adversary can gain unauthorized access to database due to lack of network access protectionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionIf there is no restriction at network or host firewall level, to access the database then anyone can attempt to connect to the database from an unauthorized locationStateInformationInteraction between Azure DevOps service and its persistant store is not in scope for this threat model.InteractionStringDeletedPossibleMitigationsConfigure a Windows Firewall for Database Engine Access. Refer: <a href="https://aka.ms/tmtconfigmgmt#firewall-db">https://aka.ms/tmtconfigmgmt#firewall-db</a>PriorityHighSDLPhaseImplementation973739e4-b680-49e5-adc2-fa6d053e03feNotApplicable1739aa04-c297-4f1c-ae3c-72bd5d8dfb50TH1falsefalseTH1386ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b4416ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T14:39:34.72094+05:30HighTitleAn adversary may tamper deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may tamper deployed binariesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the VMInteractionString2: Register AgentPossibleMitigationsEnsure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a>PriorityHighSDLPhaseDesign6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH138falsefalseTH1376ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b4406ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-04-25T14:25:36.8036814+05:30HighTitleAn adversary may reverse engineer deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may reverse engineer deployed binariesStateInformationAzure DevOps Agent is open source. Code is already available on GitHub. Deployed binaries do not contain any sensitive data.InteractionString2: Register AgentPossibleMitigationsEnsure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a>PriorityHighSDLPhaseImplementation6ca8905a-a219-4ae5-8dff-a7a3b68afecdNotApplicable973739e4-b680-49e5-adc2-fa6d053e03feTH137falsefalseTH1346ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b4396ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T14:39:26.2031605+05:30HighTitleAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devicesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. StateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the VMInteractionString2: Register AgentPossibleMitigationsEnsure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a>PriorityHighSDLPhaseDesign6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH134falsefalseTH1396ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b4386ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:59:13.5676421+05:30HighTitleAn adversary may gain access to sensitive data stored on host machinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data stored on host machinesStateInformationAzure DevOps Agent Configuration script runs with the least amount of privilages.InteractionString2: Register AgentPossibleMitigationsConsider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a>PriorityHighSDLPhaseDesign6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH139falsefalseTH1366ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b4376ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:59:09.3785291+05:30HighTitleAn adversary may gain elevated privileges and execute malicious code on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionIf an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application.StateInformationAzure DevOps Agent Configuration script runs with the least amount of privilages.InteractionString2: Register AgentPossibleMitigationsEnsure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a>PriorityHighSDLPhaseImplementation6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH136falsefalseTH1356ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b4366ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:58:52.7673535+05:30HighTitleAn adversary may gain unauthorized access to data on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to data on host machinesStateInformationAzure DevOps exposes REST APIs using with an Agent can be registered. This requires the a PAT token with sufficient privilages. Only HTTPS calls can be made to the machine hosting Azure DevOps.InteractionString2: Register AgentPossibleMitigationsEnsure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a>PriorityHighSDLPhaseImplementation6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH135falsefalseTH82d03136f4-6cc4-488c-b062-e8026a62a011c3312765-24e3-4451-9176-271a4da8f137167193e7-f528-47e2-914a-a513a4144ca6FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c3312765-24e3-4451-9176-271a4da8f13762d03136f4-6cc4-488c-b062-e8026a62a011:c3312765-24e3-4451-9176-271a4da8f137:167193e7-f528-47e2-914a-a513a4144ca62025-04-25T14:41:16.7055046+05:30HighTitleAn adversary can gain access to sensitive data by performing SQL injectionUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. StateInformationInteraction between the Secure Token Service (STS) and its persistant store is not in the scope of this Threat Model.InteractionStringDeletedPossibleMitigationsEnsure that login auditing is enabled on SQL Server. Refer: <a href="https://aka.ms/tmtauditlog#identify-sensitive-entities">https://aka.ms/tmtauditlog#identify-sensitive-entities</a> Ensure that least-privileged accounts are used to connect to Database server. Refer: <a href="https://aka.ms/tmtauthz#privileged-server">https://aka.ms/tmtauthz#privileged-server</a> Enable Threat detection on Azure SQL database. Refer: <a href="https://aka.ms/tmtauditlog#threat-detection">https://aka.ms/tmtauditlog#threat-detection</a> Do not use dynamic queries in stored procedures. Refer: <a href="https://aka.ms/tmtinputval#stored-proc">https://aka.ms/tmtinputval#stored-proc</a>PriorityHighSDLPhaseImplementationd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable167193e7-f528-47e2-914a-a513a4144ca6TH82falsefalseTH3d03136f4-6cc4-488c-b062-e8026a62a011c3312765-24e3-4451-9176-271a4da8f137167193e7-f528-47e2-914a-a513a4144ca6FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c3312765-24e3-4451-9176-271a4da8f13763d03136f4-6cc4-488c-b062-e8026a62a011:c3312765-24e3-4451-9176-271a4da8f137:167193e7-f528-47e2-914a-a513a4144ca62025-04-25T14:42:37.273916+05:30MediumTitleAn adversary can deny actions on database due to lack of auditingUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happenedUserThreatDescriptionProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system.StateInformationInteraction between the Secure Token Service (STS) and its persistant store is not in the scope of this Threat Model.InteractionStringDeletedPossibleMitigationsEnsure that login auditing is enabled on SQL Server. Refer: <a href="https://aka.ms/tmtauditlog#identify-sensitive-entities">https://aka.ms/tmtauditlog#identify-sensitive-entities</a>PriorityMediumSDLPhaseImplementationd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable167193e7-f528-47e2-914a-a513a4144ca6TH3falsefalseTH105d03136f4-6cc4-488c-b062-e8026a62a011c3312765-24e3-4451-9176-271a4da8f137167193e7-f528-47e2-914a-a513a4144ca6FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c3312765-24e3-4451-9176-271a4da8f13764d03136f4-6cc4-488c-b062-e8026a62a011:c3312765-24e3-4451-9176-271a4da8f137:167193e7-f528-47e2-914a-a513a4144ca62025-04-25T14:42:42.5818819+05:30HighTitleAn adversary can tamper critical database securables and deny the actionUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary can tamper critical database securables and deny the actionStateInformationInteraction between the Secure Token Service (STS) and its persistant store is not in the scope of this Threat Model.InteractionStringDeletedPossibleMitigationsAdd digital signature to critical database securables. Refer: <a href="https://aka.ms/tmtcrypto#securables-db">https://aka.ms/tmtcrypto#securables-db</a>PriorityHighSDLPhaseDesignd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable167193e7-f528-47e2-914a-a513a4144ca6TH105falsefalseTH89d03136f4-6cc4-488c-b062-e8026a62a011c3312765-24e3-4451-9176-271a4da8f137167193e7-f528-47e2-914a-a513a4144ca6FAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9c3312765-24e3-4451-9176-271a4da8f13765d03136f4-6cc4-488c-b062-e8026a62a011:c3312765-24e3-4451-9176-271a4da8f137:167193e7-f528-47e2-914a-a513a4144ca62025-04-25T14:42:47.5731986+05:30HighTitleAn adversary may leverage the lack of monitoring systems and trigger anomalous traffic to databaseUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may leverage the lack of intrusion detection and prevention of anomalous database activities and trigger anomalous traffic to databaseStateInformationInteraction between the Secure Token Service (STS) and its persistant store is not in the scope of this Threat Model.InteractionStringDeletedPossibleMitigationsEnable Threat detection on Azure SQL database. Refer: <a href="https://aka.ms/tmtauditlog#threat-detection">https://aka.ms/tmtauditlog#threat-detection</a>PriorityHighSDLPhaseDesignd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable167193e7-f528-47e2-914a-a513a4144ca6TH89falsefalseTH116d03136f4-6cc4-488c-b062-e8026a62a01127a5d300-9123-4af1-998c-3bf22997f0a2973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c927a5d300-9123-4af1-998c-3bf22997f0a266d03136f4-6cc4-488c-b062-e8026a62a011:27a5d300-9123-4af1-998c-3bf22997f0a2:973739e4-b680-49e5-adc2-fa6d053e03fe2025-04-25T14:43:07.2904944+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationInteraction between Azure DevOps Service and Secure Token Service (STS) is not in the scope of this Threat Model.InteractionStringDeletedPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesignd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable973739e4-b680-49e5-adc2-fa6d053e03feTH116falsefalseTH117d03136f4-6cc4-488c-b062-e8026a62a01127a5d300-9123-4af1-998c-3bf22997f0a2973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c927a5d300-9123-4af1-998c-3bf22997f0a267d03136f4-6cc4-488c-b062-e8026a62a011:27a5d300-9123-4af1-998c-3bf22997f0a2:973739e4-b680-49e5-adc2-fa6d053e03fe2025-04-25T14:43:16.5494312+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationInteraction between Azure DevOps Service and Secure Token Service (STS) is not in the scope of this Threat Model.InteractionStringDeletedPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesignd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable973739e4-b680-49e5-adc2-fa6d053e03feTH117falsefalseTH116973739e4-b680-49e5-adc2-fa6d053e03fe0a96c814-dbf2-46d0-a8e9-e435dd8f0fac6ca8905a-a219-4ae5-8dff-a7a3b68afecdFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c90a96c814-dbf2-46d0-a8e9-e435dd8f0fac68973739e4-b680-49e5-adc2-fa6d053e03fe:0a96c814-dbf2-46d0-a8e9-e435dd8f0fac:6ca8905a-a219-4ae5-8dff-a7a3b68afecd2025-04-25T14:43:51.2917206+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString7: Client Id for Agent & STS URLPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feMitigated6ca8905a-a219-4ae5-8dff-a7a3b68afecdTH116falsefalseTH135973739e4-b680-49e5-adc2-fa6d053e03fe0a96c814-dbf2-46d0-a8e9-e435dd8f0fac6ca8905a-a219-4ae5-8dff-a7a3b68afecdFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c90a96c814-dbf2-46d0-a8e9-e435dd8f0fac69973739e4-b680-49e5-adc2-fa6d053e03fe:0a96c814-dbf2-46d0-a8e9-e435dd8f0fac:6ca8905a-a219-4ae5-8dff-a7a3b68afecd2025-05-02T11:33:05.6186266+05:30HighTitleAn adversary may gain unauthorized access to data on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to data on host machinesStateInformationAzure DevOps exposes REST APIs using with an Agent can be registered. This requires the a PAT token with sufficient privilages. Only HTTPS calls can be made to the machine hosting Azure DevOps.InteractionString7: Client Id for Agent & STS URLPossibleMitigationsEnsure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a>PriorityHighSDLPhaseImplementation973739e4-b680-49e5-adc2-fa6d053e03feMitigated6ca8905a-a219-4ae5-8dff-a7a3b68afecdTH135falsefalseTH136973739e4-b680-49e5-adc2-fa6d053e03fe0a96c814-dbf2-46d0-a8e9-e435dd8f0fac6ca8905a-a219-4ae5-8dff-a7a3b68afecdFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c90a96c814-dbf2-46d0-a8e9-e435dd8f0fac70973739e4-b680-49e5-adc2-fa6d053e03fe:0a96c814-dbf2-46d0-a8e9-e435dd8f0fac:6ca8905a-a219-4ae5-8dff-a7a3b68afecd2025-05-02T11:33:10.4906918+05:30HighTitleAn adversary may gain elevated privileges and execute malicious code on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionIf an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application.StateInformationAzure DevOps Agent Configuration script runs with the least amount of privilages. It seeks for user consent before any modification.InteractionString7: Client Id for Agent & STS URLPossibleMitigationsEnsure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a>PriorityHighSDLPhaseImplementation973739e4-b680-49e5-adc2-fa6d053e03feMitigated6ca8905a-a219-4ae5-8dff-a7a3b68afecdTH136falsefalseTH139973739e4-b680-49e5-adc2-fa6d053e03fe0a96c814-dbf2-46d0-a8e9-e435dd8f0fac6ca8905a-a219-4ae5-8dff-a7a3b68afecdFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c90a96c814-dbf2-46d0-a8e9-e435dd8f0fac71973739e4-b680-49e5-adc2-fa6d053e03fe:0a96c814-dbf2-46d0-a8e9-e435dd8f0fac:6ca8905a-a219-4ae5-8dff-a7a3b68afecd2025-05-01T14:41:45.0219029+05:30HighTitleAn adversary may gain access to sensitive data stored on host machinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data stored on host machinesStateInformationConfidential data such as client secret, RSA private key, etc. are stored in an encrypted manner. Rest of the data is related ot the job being executed and cannot be stored in an encrypted manner.InteractionString7: Client Id for Agent & STS URLPossibleMitigationsConsider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feMitigated6ca8905a-a219-4ae5-8dff-a7a3b68afecdTH139falsefalseTH117973739e4-b680-49e5-adc2-fa6d053e03fe0a96c814-dbf2-46d0-a8e9-e435dd8f0fac6ca8905a-a219-4ae5-8dff-a7a3b68afecdFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c90a96c814-dbf2-46d0-a8e9-e435dd8f0fac72973739e4-b680-49e5-adc2-fa6d053e03fe:0a96c814-dbf2-46d0-a8e9-e435dd8f0fac:6ca8905a-a219-4ae5-8dff-a7a3b68afecd2025-04-25T15:27:38.2459986+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString7: Client Id for Agent & STS URLPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feMitigated6ca8905a-a219-4ae5-8dff-a7a3b68afecdTH117falsefalseTH134973739e4-b680-49e5-adc2-fa6d053e03fe0a96c814-dbf2-46d0-a8e9-e435dd8f0fac6ca8905a-a219-4ae5-8dff-a7a3b68afecdFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c90a96c814-dbf2-46d0-a8e9-e435dd8f0fac73973739e4-b680-49e5-adc2-fa6d053e03fe:0a96c814-dbf2-46d0-a8e9-e435dd8f0fac:6ca8905a-a219-4ae5-8dff-a7a3b68afecd2025-05-01T14:42:06.3936436+05:30HighTitleAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devicesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. StateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the VMInteractionString7: Client Id for Agent & STS URLPossibleMitigationsEnsure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feMitigated6ca8905a-a219-4ae5-8dff-a7a3b68afecdTH134falsefalseTH137973739e4-b680-49e5-adc2-fa6d053e03fe0a96c814-dbf2-46d0-a8e9-e435dd8f0fac6ca8905a-a219-4ae5-8dff-a7a3b68afecdFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c90a96c814-dbf2-46d0-a8e9-e435dd8f0fac74973739e4-b680-49e5-adc2-fa6d053e03fe:0a96c814-dbf2-46d0-a8e9-e435dd8f0fac:6ca8905a-a219-4ae5-8dff-a7a3b68afecd2025-04-25T15:29:55.9417364+05:30HighTitleAn adversary may reverse engineer deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may reverse engineer deployed binariesStateInformationAzure DevOps Agent is open source. Code is already available on GitHub. Deployed binaries do not contain any sensitive data.InteractionString7: Client Id for Agent & STS URLPossibleMitigationsEnsure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a>PriorityHighSDLPhaseImplementation973739e4-b680-49e5-adc2-fa6d053e03feNotApplicable6ca8905a-a219-4ae5-8dff-a7a3b68afecdTH137falsefalseTH138973739e4-b680-49e5-adc2-fa6d053e03fe0a96c814-dbf2-46d0-a8e9-e435dd8f0fac6ca8905a-a219-4ae5-8dff-a7a3b68afecdFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c90a96c814-dbf2-46d0-a8e9-e435dd8f0fac75973739e4-b680-49e5-adc2-fa6d053e03fe:0a96c814-dbf2-46d0-a8e9-e435dd8f0fac:6ca8905a-a219-4ae5-8dff-a7a3b68afecd2025-05-01T14:42:22.6269141+05:30HighTitleAn adversary may tamper deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may tamper deployed binariesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the VMInteractionString7: Client Id for Agent & STS URLPossibleMitigationsEnsure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a>PriorityHighSDLPhaseDesign973739e4-b680-49e5-adc2-fa6d053e03feMitigated6ca8905a-a219-4ae5-8dff-a7a3b68afecdTH138falsefalseTH13719d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a16419d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T14:44:09.7033455+05:30HighTitleAn adversary may reverse engineer deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may reverse engineer deployed binariesStateInformationAzure DevOps Agent is open source. Code is already available on GitHub. Deployed binaries do not contain any sensitive data.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsEnsure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH137falsefalseTH13419d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a16319d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T14:43:55.3984521+05:30HighTitleAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devicesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. StateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the VMInteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsEnsure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH134falsefalseTH133a602b240-dd90-4728-9ca8-9e7f1df007ad5a0d2820-2a6b-4455-85b8-ce93e2b31a3bef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afa5a0d2820-2a6b-4455-85b8-ce93e2b31a3b171a602b240-dd90-4728-9ca8-9e7f1df007ad:5a0d2820-2a6b-4455-85b8-ce93e2b31a3b:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:45:29.5364191+05:30HighTitleAn adversary may guess the client id and secrets of registered applications and impersonate themUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may guess the client id and secrets of registered applications and impersonate them StateInformationImplementation of the Secure Token Service (STS) is not in the scope of this review.InteractionStringDeletedPossibleMitigationsEnsure that cryptographically strong client id, client secret are used in Identity Server. Refer: <a href="https://aka.ms/tmtcrypto#client-server">https://aka.ms/tmtcrypto#client-server</a>PriorityHighSDLPhaseImplementationa602b240-dd90-4728-9ca8-9e7f1df007adNotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH133falsefalseTH114a602b240-dd90-4728-9ca8-9e7f1df007ad5a0d2820-2a6b-4455-85b8-ce93e2b31a3bef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afa5a0d2820-2a6b-4455-85b8-ce93e2b31a3b170a602b240-dd90-4728-9ca8-9e7f1df007ad:5a0d2820-2a6b-4455-85b8-ce93e2b31a3b:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:45:24.9551156+05:30HighTitleAn adversary may issue valid tokens if Identity server's signing keys are compromisedUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can abuse poorly managed signing keys of Identity Server. In case of key compromise, an adversary will be able to create valid auth tokens using the stolen keys and gain access to the resources protected by Identity server.StateInformationImplementation of the Secure Token Service (STS) is not in the scope of this review.InteractionStringDeletedPossibleMitigationsEnsure that signing keys are rolled over when using Identity Server. Refer: <a href="https://aka.ms/tmtcrypto#rolled-server">https://aka.ms/tmtcrypto#rolled-server</a>PriorityHighSDLPhaseDesigna602b240-dd90-4728-9ca8-9e7f1df007adNotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH114falsefalseTH13819d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b112919d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:42:54.711178+05:30HighTitleAn adversary may tamper deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may tamper deployed binariesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the VMInteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsEnsure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigatedef8b12c6-963f-4162-bfa9-02149966c61eTH138falsefalseTH13719d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b112819d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:37:48.3250015+05:30HighTitleAn adversary may reverse engineer deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may reverse engineer deployed binariesStateInformationAzure DevOps Agent is open source. Code is already available on GitHub. Deployed binaries do not contain any sensitive data.InteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsEnsure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0NotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH137falsefalseTH13419d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b112719d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:37:30.1244926+05:30HighTitleAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devicesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. StateInformationCustomers choose their own infra to host the the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the VMInteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsEnsure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigatedef8b12c6-963f-4162-bfa9-02149966c61eTH134falsefalseTH13319d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b112619d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:35:29.9283365+05:30HighTitleAn adversary may guess the client id and secrets of registered applications and impersonate themUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may guess the client id and secrets of registered applications and impersonate them StateInformationSecure Token Service (STS) is not in the scope of this review.InteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsEnsure that cryptographically strong client id, client secret are used in Identity Server. Refer: <a href="https://aka.ms/tmtcrypto#client-server">https://aka.ms/tmtcrypto#client-server</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0NotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH133falsefalseTH1166db9dd7f-74f1-4c07-9fdd-17e00dc45963f5e98725-78b1-4c24-994a-b7e022dda54c19d8710c-11af-4d9a-83b8-2a54b7816fe0FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf5e98725-78b1-4c24-994a-b7e022dda54c1786db9dd7f-74f1-4c07-9fdd-17e00dc45963:f5e98725-78b1-4c24-994a-b7e022dda54c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-05-01T14:46:07.5908771+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString11: Build/Release JobsPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH116falsefalseTH133ef8b12c6-963f-4162-bfa9-02149966c61e3e32d43c-ed41-45d3-a563-5d968df1b113ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afa3e32d43c-ed41-45d3-a563-5d968df1b113177ef8b12c6-963f-4162-bfa9-02149966c61e:3e32d43c-ed41-45d3-a563-5d968df1b113:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:45:51.6640155+05:30HighTitleAn adversary may guess the client id and secrets of registered applications and impersonate themUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may guess the client id and secrets of registered applications and impersonate them StateInformationImplementation of the Secure Token Service (STS) is not in the scope of this review.InteractionStringDeletedPossibleMitigationsEnsure that cryptographically strong client id, client secret are used in Identity Server. Refer: <a href="https://aka.ms/tmtcrypto#client-server">https://aka.ms/tmtcrypto#client-server</a>PriorityHighSDLPhaseImplementationef8b12c6-963f-4162-bfa9-02149966c61eNotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH133falsefalseTH114ef8b12c6-963f-4162-bfa9-02149966c61e3e32d43c-ed41-45d3-a563-5d968df1b113ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afa3e32d43c-ed41-45d3-a563-5d968df1b113176ef8b12c6-963f-4162-bfa9-02149966c61e:3e32d43c-ed41-45d3-a563-5d968df1b113:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:45:47.9221275+05:30HighTitleAn adversary may issue valid tokens if Identity server's signing keys are compromisedUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can abuse poorly managed signing keys of Identity Server. In case of key compromise, an adversary will be able to create valid auth tokens using the stolen keys and gain access to the resources protected by Identity server.StateInformationImplementation of the Secure Token Service (STS) is not in the scope of this review.InteractionStringDeletedPossibleMitigationsEnsure that signing keys are rolled over when using Identity Server. Refer: <a href="https://aka.ms/tmtcrypto#rolled-server">https://aka.ms/tmtcrypto#rolled-server</a>PriorityHighSDLPhaseDesignef8b12c6-963f-4162-bfa9-02149966c61eNotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH114falsefalseTH113ef8b12c6-963f-4162-bfa9-02149966c61e3e32d43c-ed41-45d3-a563-5d968df1b113ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afa3e32d43c-ed41-45d3-a563-5d968df1b113175ef8b12c6-963f-4162-bfa9-02149966c61e:3e32d43c-ed41-45d3-a563-5d968df1b113:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:45:44.8033641+05:30HighTitleAn adversary can get access to a user's session due to improper logout from Identity ServerUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can get access to a user's session due to improper logout from Identity ServerStateInformationImplementation of the Secure Token Service (STS) is not in the scope of this review.InteractionStringDeletedPossibleMitigationsImplement proper logout when using Identity Server. Refer: <a href="https://aka.ms/tmtsmgmt#proper-logout">https://aka.ms/tmtsmgmt#proper-logout</a>PriorityHighSDLPhaseImplementationef8b12c6-963f-4162-bfa9-02149966c61eNotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH113falsefalseTH111ef8b12c6-963f-4162-bfa9-02149966c61e3e32d43c-ed41-45d3-a563-5d968df1b113ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afa3e32d43c-ed41-45d3-a563-5d968df1b113174ef8b12c6-963f-4162-bfa9-02149966c61e:3e32d43c-ed41-45d3-a563-5d968df1b113:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:45:41.3069886+05:30HighTitleAn adversary can bypass authentication due to non-standard Identity Server authentication schemesUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can bypass authentication due to non-standard Identity Server authentication schemesStateInformationImplementation of the Secure Token Service (STS) is not in the scope of this review.InteractionStringDeletedPossibleMitigationsUse standard authentication scenarios supported by Identity Server. Refer: <a href="https://aka.ms/tmtauthn#standard-authn-id">https://aka.ms/tmtauthn#standard-authn-id</a>PriorityHighSDLPhaseDesignef8b12c6-963f-4162-bfa9-02149966c61eNotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH111falsefalseTH115ef8b12c6-963f-4162-bfa9-02149966c61e3e32d43c-ed41-45d3-a563-5d968df1b113ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afa3e32d43c-ed41-45d3-a563-5d968df1b113173ef8b12c6-963f-4162-bfa9-02149966c61e:3e32d43c-ed41-45d3-a563-5d968df1b113:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:45:37.2721101+05:30HighTitleAn adversary may sniff the data sent from Identity ServerUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may sniff the data sent from Identity Server. This can lead to a compromise of the tokens issued by the Identity ServerStateInformationImplementation of the Secure Token Service (STS) is not in the scope of this review.InteractionStringDeletedPossibleMitigationsEnsure that all traffic to Identity Server is over HTTPS connection. Refer: <a href="https://aka.ms/tmtcommsec#identity-https">https://aka.ms/tmtcommsec#identity-https</a>PriorityHighSDLPhaseDesignef8b12c6-963f-4162-bfa9-02149966c61eNotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH115falsefalseTH112ef8b12c6-963f-4162-bfa9-02149966c61e3e32d43c-ed41-45d3-a563-5d968df1b113ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afa3e32d43c-ed41-45d3-a563-5d968df1b113172ef8b12c6-963f-4162-bfa9-02149966c61e:3e32d43c-ed41-45d3-a563-5d968df1b113:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:45:33.9032854+05:30HighTitleAn adversary can leverage the weak scalability of Identity Server's token cache and cause DoSUserThreatCategoryDenial of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to specUserThreatDescriptionThe default cache that Identity Server uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users. StateInformationImplementation of the Secure Token Service (STS) is not in the scope of this review.InteractionStringDeletedPossibleMitigationsOverride the default Identity Server token cache with a scalable alternative. Refer: <a href="https://aka.ms/tmtauthn#override-token">https://aka.ms/tmtauthn#override-token</a>PriorityHighSDLPhaseDesignef8b12c6-963f-4162-bfa9-02149966c61eNotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH112falsefalseTH11719d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b112519d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:34:58.8085568+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigatedef8b12c6-963f-4162-bfa9-02149966c61eTH117falsefalseTH11419d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b112419d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-04-25T15:38:36.2080751+05:30HighTitleAn adversary may issue valid tokens if Identity server's signing keys are compromisedUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can abuse poorly managed signing keys of Identity Server. In case of key compromise, an adversary will be able to create valid auth tokens using the stolen keys and gain access to the resources protected by Identity server.StateInformationSecure Token Service (STS) is not in the scope of this review.InteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsEnsure that signing keys are rolled over when using Identity Server. Refer: <a href="https://aka.ms/tmtcrypto#rolled-server">https://aka.ms/tmtcrypto#rolled-server</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0NotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH114falsefalseTH11319d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b112319d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-04-25T15:38:19.9749577+05:30HighTitleAn adversary can get access to a user's session due to improper logout from Identity ServerUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can get access to a user's session due to improper logout from Identity ServerStateInformationSecure Token Service (STS) is not in the scope of this review.InteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsImplement proper logout when using Identity Server. Refer: <a href="https://aka.ms/tmtsmgmt#proper-logout">https://aka.ms/tmtsmgmt#proper-logout</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0NotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH113falsefalseTH11119d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b112219d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-04-25T15:38:06.7497316+05:30HighTitleAn adversary can bypass authentication due to non-standard Identity Server authentication schemesUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can bypass authentication due to non-standard Identity Server authentication schemesStateInformationStandard authentication is used with proper client verification.InteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsUse standard authentication scenarios supported by Identity Server. Refer: <a href="https://aka.ms/tmtauthn#standard-authn-id">https://aka.ms/tmtauthn#standard-authn-id</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigatedef8b12c6-963f-4162-bfa9-02149966c61eTH111falsefalseTH13919d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b112119d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-04-25T15:37:28.6583118+05:30HighTitleAn adversary may gain access to sensitive data stored on host machinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data stored on host machinesStateInformationTokens stored by the Azure DevOps Agent are stored in an encrypted. They are also short lived. Security of the infrastructure hosting the Azure DevOps Agent is not in the scope of this review.InteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsConsider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigatedef8b12c6-963f-4162-bfa9-02149966c61eTH139falsefalseTH11519d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b112019d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-04-25T15:35:57.2081331+05:30HighTitleAn adversary may sniff the data sent from Identity ServerUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may sniff the data sent from Identity Server. This can lead to a compromise of the tokens issued by the Identity ServerStateInformationAll traffic to Identity Service happens over HTTPS.InteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsEnsure that all traffic to Identity Server is over HTTPS connection. Refer: <a href="https://aka.ms/tmtcommsec#identity-https">https://aka.ms/tmtcommsec#identity-https</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigatedef8b12c6-963f-4162-bfa9-02149966c61eTH115falsefalseTH13619d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b111919d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:42:34.9400474+05:30HighTitleAn adversary may gain elevated privileges and execute malicious code on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionIf an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application.StateInformationAzure DevOps Pipeline Agent runs with the least amount of privileges.InteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsEnsure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigatedef8b12c6-963f-4162-bfa9-02149966c61eTH136falsefalseTH13519d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b111819d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-04-25T15:31:57.6249727+05:30HighTitleAn adversary may gain unauthorized access to data on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to data on host machinesStateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsEnsure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigatedef8b12c6-963f-4162-bfa9-02149966c61eTH135falsefalseTH11719d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a16219d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T14:43:45.2266277+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH117falsefalseTH13919d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a16119d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T14:43:33.0700606+05:30HighTitleAn adversary may gain access to sensitive data stored on host machinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data stored on host machinesStateInformationConfidential data such as client secret, RSA private key, etc. are stored in an encrypted manner. Rest of the data is related ot the job being executed and cannot be stored in an encrypted manner.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsConsider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH139falsefalseTH13619d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a16019d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T14:43:22.553469+05:30HighTitleAn adversary may gain elevated privileges and execute malicious code on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionIf an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application.StateInformationAzure DevOps Pipeline Agent runs with the least amount of privileges.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsEnsure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH136falsefalseTH13519d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a15919d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T14:38:49.403429+05:30HighTitleAn adversary may gain unauthorized access to data on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to data on host machinesStateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsEnsure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH135falsefalseTH11619d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a15819d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T14:38:18.675604+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH116falsefalseTH1386db9dd7f-74f1-4c07-9fdd-17e00dc45963f5e98725-78b1-4c24-994a-b7e022dda54c19d8710c-11af-4d9a-83b8-2a54b7816fe0FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf5e98725-78b1-4c24-994a-b7e022dda54c1856db9dd7f-74f1-4c07-9fdd-17e00dc45963:f5e98725-78b1-4c24-994a-b7e022dda54c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-05-01T14:49:00.7864152+05:30HighTitleAn adversary may tamper deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may tamper deployed binariesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString11: Build/Release JobsPossibleMitigationsEnsure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a>PriorityHighSDLPhaseDesign6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH138falsefalseTH11619d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b111719d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-04-25T15:31:47.9746258+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigatedef8b12c6-963f-4162-bfa9-02149966c61eTH116falsefalseTH11219d8710c-11af-4d9a-83b8-2a54b7816fe0d9fd6364-86ca-4f76-9926-b208f63b51b1ef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afad9fd6364-86ca-4f76-9926-b208f63b51b111619d8710c-11af-4d9a-83b8-2a54b7816fe0:d9fd6364-86ca-4f76-9926-b208f63b51b1:ef8b12c6-963f-4162-bfa9-02149966c61e2025-04-25T15:31:37.3648341+05:30HighTitleAn adversary can leverage the weak scalability of Identity Server's token cache and cause DoSUserThreatCategoryDenial of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to specUserThreatDescriptionThe default cache that Identity Server uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users. StateInformationSecure Token Service (STS) is not in the scope of this review.InteractionString2: Exchange JWT for OAuth TokenPossibleMitigationsOverride the default Identity Server token cache with a scalable alternative. Refer: <a href="https://aka.ms/tmtauthn#override-token">https://aka.ms/tmtauthn#override-token</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0NotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH112falsefalseTH1376db9dd7f-74f1-4c07-9fdd-17e00dc45963f5e98725-78b1-4c24-994a-b7e022dda54c19d8710c-11af-4d9a-83b8-2a54b7816fe0FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf5e98725-78b1-4c24-994a-b7e022dda54c1846db9dd7f-74f1-4c07-9fdd-17e00dc45963:f5e98725-78b1-4c24-994a-b7e022dda54c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-05-01T14:48:51.0899504+05:30HighTitleAn adversary may reverse engineer deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may reverse engineer deployed binariesStateInformationAzure DevOps Agent is open source. Code is already available on GitHub. Deployed binaries do not contain any sensitive data.InteractionString11: Build/Release JobsPossibleMitigationsEnsure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH137falsefalseTH1346db9dd7f-74f1-4c07-9fdd-17e00dc45963f5e98725-78b1-4c24-994a-b7e022dda54c19d8710c-11af-4d9a-83b8-2a54b7816fe0FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf5e98725-78b1-4c24-994a-b7e022dda54c1836db9dd7f-74f1-4c07-9fdd-17e00dc45963:f5e98725-78b1-4c24-994a-b7e022dda54c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-05-01T14:47:42.7798612+05:30HighTitleAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devicesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. StateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString11: Build/Release JobsPossibleMitigationsEnsure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a>PriorityHighSDLPhaseDesign6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH134falsefalseTH1176db9dd7f-74f1-4c07-9fdd-17e00dc45963f5e98725-78b1-4c24-994a-b7e022dda54c19d8710c-11af-4d9a-83b8-2a54b7816fe0FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf5e98725-78b1-4c24-994a-b7e022dda54c1826db9dd7f-74f1-4c07-9fdd-17e00dc45963:f5e98725-78b1-4c24-994a-b7e022dda54c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-05-01T14:47:30.1878805+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString11: Build/Release JobsPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH117falsefalseTH1396db9dd7f-74f1-4c07-9fdd-17e00dc45963f5e98725-78b1-4c24-994a-b7e022dda54c19d8710c-11af-4d9a-83b8-2a54b7816fe0FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf5e98725-78b1-4c24-994a-b7e022dda54c1816db9dd7f-74f1-4c07-9fdd-17e00dc45963:f5e98725-78b1-4c24-994a-b7e022dda54c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-05-01T14:47:19.3885754+05:30HighTitleAn adversary may gain access to sensitive data stored on host machinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data stored on host machinesStateInformationConfidential data such as client secret, RSA private key, etc. are stored in an encrypted manner. Rest of the data is related ot the job being executed and cannot be stored in an encrypted manner.InteractionString11: Build/Release JobsPossibleMitigationsConsider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a>PriorityHighSDLPhaseDesign6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH139falsefalseTH113a602b240-dd90-4728-9ca8-9e7f1df007ad5a0d2820-2a6b-4455-85b8-ce93e2b31a3bef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afa5a0d2820-2a6b-4455-85b8-ce93e2b31a3b169a602b240-dd90-4728-9ca8-9e7f1df007ad:5a0d2820-2a6b-4455-85b8-ce93e2b31a3b:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:45:13.5273776+05:30HighTitleAn adversary can get access to a user's session due to improper logout from Identity ServerUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can get access to a user's session due to improper logout from Identity ServerStateInformationImplementation of the Secure Token Service (STS) is not in the scope of this review.InteractionStringDeletedPossibleMitigationsImplement proper logout when using Identity Server. Refer: <a href="https://aka.ms/tmtsmgmt#proper-logout">https://aka.ms/tmtsmgmt#proper-logout</a>PriorityHighSDLPhaseImplementationa602b240-dd90-4728-9ca8-9e7f1df007adNotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH113falsefalseTH111a602b240-dd90-4728-9ca8-9e7f1df007ad5a0d2820-2a6b-4455-85b8-ce93e2b31a3bef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afa5a0d2820-2a6b-4455-85b8-ce93e2b31a3b168a602b240-dd90-4728-9ca8-9e7f1df007ad:5a0d2820-2a6b-4455-85b8-ce93e2b31a3b:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:45:15.5632018+05:30HighTitleAn adversary can bypass authentication due to non-standard Identity Server authentication schemesUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can bypass authentication due to non-standard Identity Server authentication schemesStateInformationImplementation of the Secure Token Service (STS) is not in the scope of this review.InteractionStringDeletedPossibleMitigationsUse standard authentication scenarios supported by Identity Server. Refer: <a href="https://aka.ms/tmtauthn#standard-authn-id">https://aka.ms/tmtauthn#standard-authn-id</a>PriorityHighSDLPhaseDesigna602b240-dd90-4728-9ca8-9e7f1df007adNotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH111falsefalseTH115a602b240-dd90-4728-9ca8-9e7f1df007ad5a0d2820-2a6b-4455-85b8-ce93e2b31a3bef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afa5a0d2820-2a6b-4455-85b8-ce93e2b31a3b167a602b240-dd90-4728-9ca8-9e7f1df007ad:5a0d2820-2a6b-4455-85b8-ce93e2b31a3b:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:45:17.3530656+05:30HighTitleAn adversary may sniff the data sent from Identity ServerUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may sniff the data sent from Identity Server. This can lead to a compromise of the tokens issued by the Identity ServerStateInformationImplementation of the Secure Token Service (STS) is not in the scope of this review.InteractionStringDeletedPossibleMitigationsEnsure that all traffic to Identity Server is over HTTPS connection. Refer: <a href="https://aka.ms/tmtcommsec#identity-https">https://aka.ms/tmtcommsec#identity-https</a>PriorityHighSDLPhaseDesigna602b240-dd90-4728-9ca8-9e7f1df007adNotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH115falsefalseTH112a602b240-dd90-4728-9ca8-9e7f1df007ad5a0d2820-2a6b-4455-85b8-ce93e2b31a3bef8b12c6-963f-4162-bfa9-02149966c61eFAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afa5a0d2820-2a6b-4455-85b8-ce93e2b31a3b166a602b240-dd90-4728-9ca8-9e7f1df007ad:5a0d2820-2a6b-4455-85b8-ce93e2b31a3b:ef8b12c6-963f-4162-bfa9-02149966c61e2025-05-01T14:45:19.2634376+05:30HighTitleAn adversary can leverage the weak scalability of Identity Server's token cache and cause DoSUserThreatCategoryDenial of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to specUserThreatDescriptionThe default cache that Identity Server uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users. StateInformationImplementation of the Secure Token Service (STS) is not in the scope of this review.InteractionStringDeletedPossibleMitigationsOverride the default Identity Server token cache with a scalable alternative. Refer: <a href="https://aka.ms/tmtauthn#override-token">https://aka.ms/tmtauthn#override-token</a>PriorityHighSDLPhaseDesigna602b240-dd90-4728-9ca8-9e7f1df007adNotApplicableef8b12c6-963f-4162-bfa9-02149966c61eTH112falsefalseTH1366db9dd7f-74f1-4c07-9fdd-17e00dc45963f5e98725-78b1-4c24-994a-b7e022dda54c19d8710c-11af-4d9a-83b8-2a54b7816fe0FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf5e98725-78b1-4c24-994a-b7e022dda54c1806db9dd7f-74f1-4c07-9fdd-17e00dc45963:f5e98725-78b1-4c24-994a-b7e022dda54c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-05-01T14:47:01.6530694+05:30HighTitleAn adversary may gain elevated privileges and execute malicious code on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionIf an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application.StateInformationAzure DevOps Pipeline Agent runs with the least amount of privileges.InteractionString11: Build/Release JobsPossibleMitigationsEnsure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH136falsefalseTH1356db9dd7f-74f1-4c07-9fdd-17e00dc45963f5e98725-78b1-4c24-994a-b7e022dda54c19d8710c-11af-4d9a-83b8-2a54b7816fe0FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf5e98725-78b1-4c24-994a-b7e022dda54c1796db9dd7f-74f1-4c07-9fdd-17e00dc45963:f5e98725-78b1-4c24-994a-b7e022dda54c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-05-01T14:46:27.3727757+05:30HighTitleAn adversary may gain unauthorized access to data on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to data on host machinesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString11: Build/Release JobsPossibleMitigationsEnsure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH135falsefalseTH13819d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a16519d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T14:44:32.8697802+05:30HighTitleAn adversary may tamper deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may tamper deployed binariesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsEnsure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH138falsefalseTH138276cdd23-5358-434d-bb21-9d487e5fcbe0e13ada1f-4b35-4d1a-96b2-18d5b79e76e38295d83a-efe0-4541-bab0-edd836c664a6FAREAST\adityamankal9170c488-4cdf-4b44-8055-a93e8fb16045e13ada1f-4b35-4d1a-96b2-18d5b79e76e3259276cdd23-5358-434d-bb21-9d487e5fcbe0:e13ada1f-4b35-4d1a-96b2-18d5b79e76e3:8295d83a-efe0-4541-bab0-edd836c664a62025-05-01T15:13:04.0069306+05:30HighTitleAn adversary may tamper deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may tamper deployed binariesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString3: Send Encrypted Job MessagePossibleMitigationsEnsure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a>PriorityHighSDLPhaseDesign276cdd23-5358-434d-bb21-9d487e5fcbe0Mitigated8295d83a-efe0-4541-bab0-edd836c664a6TH138falsefalseTH137276cdd23-5358-434d-bb21-9d487e5fcbe0e13ada1f-4b35-4d1a-96b2-18d5b79e76e38295d83a-efe0-4541-bab0-edd836c664a6FAREAST\adityamankal9170c488-4cdf-4b44-8055-a93e8fb16045e13ada1f-4b35-4d1a-96b2-18d5b79e76e3258276cdd23-5358-434d-bb21-9d487e5fcbe0:e13ada1f-4b35-4d1a-96b2-18d5b79e76e3:8295d83a-efe0-4541-bab0-edd836c664a62025-05-01T14:50:44.9064218+05:30HighTitleAn adversary may reverse engineer deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may reverse engineer deployed binariesStateInformationAzure DevOps Agent is open source. Code is already available on GitHub. Deployed binaries do not contain any sensitive data.InteractionString3: Send Encrypted Job MessagePossibleMitigationsEnsure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a>PriorityHighSDLPhaseImplementation276cdd23-5358-434d-bb21-9d487e5fcbe0Mitigated8295d83a-efe0-4541-bab0-edd836c664a6TH137falsefalseTH134276cdd23-5358-434d-bb21-9d487e5fcbe0e13ada1f-4b35-4d1a-96b2-18d5b79e76e38295d83a-efe0-4541-bab0-edd836c664a6FAREAST\adityamankal9170c488-4cdf-4b44-8055-a93e8fb16045e13ada1f-4b35-4d1a-96b2-18d5b79e76e3257276cdd23-5358-434d-bb21-9d487e5fcbe0:e13ada1f-4b35-4d1a-96b2-18d5b79e76e3:8295d83a-efe0-4541-bab0-edd836c664a62025-05-01T14:50:33.6215094+05:30HighTitleAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devicesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. StateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString3: Send Encrypted Job MessagePossibleMitigationsEnsure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a>PriorityHighSDLPhaseDesign276cdd23-5358-434d-bb21-9d487e5fcbe0Mitigated8295d83a-efe0-4541-bab0-edd836c664a6TH134falsefalseTH117276cdd23-5358-434d-bb21-9d487e5fcbe0e13ada1f-4b35-4d1a-96b2-18d5b79e76e38295d83a-efe0-4541-bab0-edd836c664a6FAREAST\adityamankal9170c488-4cdf-4b44-8055-a93e8fb16045e13ada1f-4b35-4d1a-96b2-18d5b79e76e3256276cdd23-5358-434d-bb21-9d487e5fcbe0:e13ada1f-4b35-4d1a-96b2-18d5b79e76e3:8295d83a-efe0-4541-bab0-edd836c664a62025-05-01T14:50:21.9459032+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString3: Send Encrypted Job MessagePossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign276cdd23-5358-434d-bb21-9d487e5fcbe0Mitigated8295d83a-efe0-4541-bab0-edd836c664a6TH117falsefalseTH139276cdd23-5358-434d-bb21-9d487e5fcbe0e13ada1f-4b35-4d1a-96b2-18d5b79e76e38295d83a-efe0-4541-bab0-edd836c664a6FAREAST\adityamankal9170c488-4cdf-4b44-8055-a93e8fb16045e13ada1f-4b35-4d1a-96b2-18d5b79e76e3255276cdd23-5358-434d-bb21-9d487e5fcbe0:e13ada1f-4b35-4d1a-96b2-18d5b79e76e3:8295d83a-efe0-4541-bab0-edd836c664a62025-05-01T14:49:40.753136+05:30HighTitleAn adversary may gain access to sensitive data stored on host machinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data stored on host machinesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString3: Send Encrypted Job MessagePossibleMitigationsConsider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a>PriorityHighSDLPhaseDesign276cdd23-5358-434d-bb21-9d487e5fcbe0Mitigated8295d83a-efe0-4541-bab0-edd836c664a6TH139falsefalseTH136276cdd23-5358-434d-bb21-9d487e5fcbe0e13ada1f-4b35-4d1a-96b2-18d5b79e76e38295d83a-efe0-4541-bab0-edd836c664a6FAREAST\adityamankal9170c488-4cdf-4b44-8055-a93e8fb16045e13ada1f-4b35-4d1a-96b2-18d5b79e76e3254276cdd23-5358-434d-bb21-9d487e5fcbe0:e13ada1f-4b35-4d1a-96b2-18d5b79e76e3:8295d83a-efe0-4541-bab0-edd836c664a62025-05-01T14:49:32.4672116+05:30HighTitleAn adversary may gain elevated privileges and execute malicious code on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionIf an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application.StateInformationAzure DevOps Pipeline Agent runs with the least amount of privileges.InteractionString3: Send Encrypted Job MessagePossibleMitigationsEnsure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a>PriorityHighSDLPhaseImplementation276cdd23-5358-434d-bb21-9d487e5fcbe0Mitigated8295d83a-efe0-4541-bab0-edd836c664a6TH136falsefalseTH135276cdd23-5358-434d-bb21-9d487e5fcbe0e13ada1f-4b35-4d1a-96b2-18d5b79e76e38295d83a-efe0-4541-bab0-edd836c664a6FAREAST\adityamankal9170c488-4cdf-4b44-8055-a93e8fb16045e13ada1f-4b35-4d1a-96b2-18d5b79e76e3253276cdd23-5358-434d-bb21-9d487e5fcbe0:e13ada1f-4b35-4d1a-96b2-18d5b79e76e3:8295d83a-efe0-4541-bab0-edd836c664a62025-05-01T14:49:22.753428+05:30HighTitleAn adversary may gain unauthorized access to data on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to data on host machinesStateInformationConfidential data such as client secret, RSA private key, etc. are stored in an encrypted manner. Rest of the data is related ot the job being executed and cannot be stored in an encrypted manner.InteractionString3: Send Encrypted Job MessagePossibleMitigationsEnsure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a>PriorityHighSDLPhaseImplementation276cdd23-5358-434d-bb21-9d487e5fcbe0Mitigated8295d83a-efe0-4541-bab0-edd836c664a6TH135falsefalseTH116276cdd23-5358-434d-bb21-9d487e5fcbe0e13ada1f-4b35-4d1a-96b2-18d5b79e76e38295d83a-efe0-4541-bab0-edd836c664a6FAREAST\adityamankal9170c488-4cdf-4b44-8055-a93e8fb16045e13ada1f-4b35-4d1a-96b2-18d5b79e76e3252276cdd23-5358-434d-bb21-9d487e5fcbe0:e13ada1f-4b35-4d1a-96b2-18d5b79e76e3:8295d83a-efe0-4541-bab0-edd836c664a62025-05-01T14:49:13.7743005+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString3: Send Encrypted Job MessagePossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign276cdd23-5358-434d-bb21-9d487e5fcbe0Mitigated8295d83a-efe0-4541-bab0-edd836c664a6TH116falsefalseTH178e07e6bdd-176d-46b5-89a2-b5a1c2007712746b595f-a178-4f62-8655-e1eb40d3bbb8534dc643-539c-4f32-a92f-b2d654529b26FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c746b595f-a178-4f62-8655-e1eb40d3bbb8310e07e6bdd-176d-46b5-89a2-b5a1c2007712:746b595f-a178-4f62-8655-e1eb40d3bbb8:534dc643-539c-4f32-a92f-b2d654529b262025-05-01T15:41:47.5055539+05:30HighTitleAn adversary may spoof the service or service endpoints by leveraging stale CNAME DNS records and executing a subdomain hijack attackUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof the service or service endpoints by leveraging stale CNAME DNS records and executing a subdomain hijack attackStateInformationThere are no stale DNS CNAME records. Even deprecated and decommissioned routes are still kept online to ensure that the CNAME record is reserved.InteractionString3: Fetch Agent BinaryPossibleMitigationsAddress stale CNAME DNS records mapping custom domain names to the domain name of the Azure Traffic Manager instance. In some cases, deleting the stale CNAME records may be sufficient, while in other cases, the domain name of the Azure Traffic Manager instance should be kept to prevent subdomain hijack attacks. Refer: <a href="https://aka.ms/tmt-th178 ">https://aka.ms/tmt-th178 </a>PriorityHighSDLPhaseImplementatione07e6bdd-176d-46b5-89a2-b5a1c2007712Mitigated534dc643-539c-4f32-a92f-b2d654529b26TH178falsefalseTH117e07e6bdd-176d-46b5-89a2-b5a1c2007712746b595f-a178-4f62-8655-e1eb40d3bbb8534dc643-539c-4f32-a92f-b2d654529b26FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c746b595f-a178-4f62-8655-e1eb40d3bbb8309e07e6bdd-176d-46b5-89a2-b5a1c2007712:746b595f-a178-4f62-8655-e1eb40d3bbb8:534dc643-539c-4f32-a92f-b2d654529b262025-05-01T15:41:33.7864014+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString3: Fetch Agent BinaryPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesigne07e6bdd-176d-46b5-89a2-b5a1c2007712Mitigated534dc643-539c-4f32-a92f-b2d654529b26TH117falsefalseTH93e07e6bdd-176d-46b5-89a2-b5a1c2007712746b595f-a178-4f62-8655-e1eb40d3bbb8534dc643-539c-4f32-a92f-b2d654529b26FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c746b595f-a178-4f62-8655-e1eb40d3bbb8308e07e6bdd-176d-46b5-89a2-b5a1c2007712:746b595f-a178-4f62-8655-e1eb40d3bbb8:534dc643-539c-4f32-a92f-b2d654529b262025-05-01T15:41:24.3771135+05:30HighTitleAn adversary may gain access to sensitive data stored in Azure Virtual MachinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionIf an adversary can gain access to Azure VMs, sensitive data in the VM can be disclosed if the OS in the VM is not encryptedStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines without proper JIT access.InteractionString3: Fetch Agent BinaryPossibleMitigationsUse Azure Disk Encryption to encrypt disks used by Virtual Machines. Refer: <a href="https://aka.ms/tmtdata#disk-vm">https://aka.ms/tmtdata#disk-vm</a>PriorityHighSDLPhaseDesigne07e6bdd-176d-46b5-89a2-b5a1c2007712Mitigated534dc643-539c-4f32-a92f-b2d654529b26TH93falsefalseTH116e07e6bdd-176d-46b5-89a2-b5a1c2007712746b595f-a178-4f62-8655-e1eb40d3bbb8534dc643-539c-4f32-a92f-b2d654529b26FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c746b595f-a178-4f62-8655-e1eb40d3bbb8307e07e6bdd-176d-46b5-89a2-b5a1c2007712:746b595f-a178-4f62-8655-e1eb40d3bbb8:534dc643-539c-4f32-a92f-b2d654529b262025-05-01T15:35:17.6990981+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString3: Fetch Agent BinaryPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesigne07e6bdd-176d-46b5-89a2-b5a1c2007712Mitigated534dc643-539c-4f32-a92f-b2d654529b26TH116falsefalseTH178d5ae29d1-8c88-4a68-b587-4c209a563fa5ff3a6b97-1674-45a6-bc13-da6ac909ef8b534dc643-539c-4f32-a92f-b2d654529b26FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cff3a6b97-1674-45a6-bc13-da6ac909ef8b306d5ae29d1-8c88-4a68-b587-4c209a563fa5:ff3a6b97-1674-45a6-bc13-da6ac909ef8b:534dc643-539c-4f32-a92f-b2d654529b262025-05-02T11:33:16.9514738+05:30HighTitleAn adversary may spoof the service or service endpoints by leveraging stale CNAME DNS records and executing a subdomain hijack attackUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof the service or service endpoints by leveraging stale CNAME DNS records and executing a subdomain hijack attackStateInformationThere are no stale DNS CNAME records. Even deprecated and decommissioned routes are still kept online to ensure that the CNAME record is reserved.InteractionString3: Fetch Agent BinaryPossibleMitigationsAddress stale CNAME DNS records mapping custom domain names to the domain name of the Azure Traffic Manager instance. In some cases, deleting the stale CNAME records may be sufficient, while in other cases, the domain name of the Azure Traffic Manager instance should be kept to prevent subdomain hijack attacks. Refer: <a href="https://aka.ms/tmt-th178 ">https://aka.ms/tmt-th178 </a>PriorityHighSDLPhaseImplementationd5ae29d1-8c88-4a68-b587-4c209a563fa5Mitigated534dc643-539c-4f32-a92f-b2d654529b26TH178falsefalseTH117d5ae29d1-8c88-4a68-b587-4c209a563fa5ff3a6b97-1674-45a6-bc13-da6ac909ef8b534dc643-539c-4f32-a92f-b2d654529b26FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cff3a6b97-1674-45a6-bc13-da6ac909ef8b305d5ae29d1-8c88-4a68-b587-4c209a563fa5:ff3a6b97-1674-45a6-bc13-da6ac909ef8b:534dc643-539c-4f32-a92f-b2d654529b262025-05-01T15:31:47.3657402+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString3: Fetch Agent BinaryPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesignd5ae29d1-8c88-4a68-b587-4c209a563fa5Mitigated534dc643-539c-4f32-a92f-b2d654529b26TH117falsefalseTH93d5ae29d1-8c88-4a68-b587-4c209a563fa5ff3a6b97-1674-45a6-bc13-da6ac909ef8b534dc643-539c-4f32-a92f-b2d654529b26FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cff3a6b97-1674-45a6-bc13-da6ac909ef8b304d5ae29d1-8c88-4a68-b587-4c209a563fa5:ff3a6b97-1674-45a6-bc13-da6ac909ef8b:534dc643-539c-4f32-a92f-b2d654529b262025-05-01T15:31:22.195947+05:30HighTitleAn adversary may gain access to sensitive data stored in Azure Virtual MachinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionIf an adversary can gain access to Azure VMs, sensitive data in the VM can be disclosed if the OS in the VM is not encryptedStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines without a proper JIT approval.InteractionString3: Fetch Agent BinaryPossibleMitigationsUse Azure Disk Encryption to encrypt disks used by Virtual Machines. Refer: <a href="https://aka.ms/tmtdata#disk-vm">https://aka.ms/tmtdata#disk-vm</a>PriorityHighSDLPhaseDesignd5ae29d1-8c88-4a68-b587-4c209a563fa5Mitigated534dc643-539c-4f32-a92f-b2d654529b26TH93falsefalseTH116d5ae29d1-8c88-4a68-b587-4c209a563fa5ff3a6b97-1674-45a6-bc13-da6ac909ef8b534dc643-539c-4f32-a92f-b2d654529b26FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cff3a6b97-1674-45a6-bc13-da6ac909ef8b303d5ae29d1-8c88-4a68-b587-4c209a563fa5:ff3a6b97-1674-45a6-bc13-da6ac909ef8b:534dc643-539c-4f32-a92f-b2d654529b262025-05-02T11:33:13.950116+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString3: Fetch Agent BinaryPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesignd5ae29d1-8c88-4a68-b587-4c209a563fa5Mitigated534dc643-539c-4f32-a92f-b2d654529b26TH116falsefalseTH117534dc643-539c-4f32-a92f-b2d654529b262cc6debc-1845-4846-8dfd-4a323e812d82d3aadaf0-863c-4711-9100-b1bbaa541d1fFAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c2cc6debc-1845-4846-8dfd-4a323e812d82302534dc643-539c-4f32-a92f-b2d654529b26:2cc6debc-1845-4846-8dfd-4a323e812d82:d3aadaf0-863c-4711-9100-b1bbaa541d1f2025-05-01T15:30:42.8398517+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString1: Fetch Agent BinaryPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign534dc643-539c-4f32-a92f-b2d654529b26Mitigatedd3aadaf0-863c-4711-9100-b1bbaa541d1fTH117falsefalseTH93534dc643-539c-4f32-a92f-b2d654529b262cc6debc-1845-4846-8dfd-4a323e812d82d3aadaf0-863c-4711-9100-b1bbaa541d1fFAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c2cc6debc-1845-4846-8dfd-4a323e812d82301534dc643-539c-4f32-a92f-b2d654529b26:2cc6debc-1845-4846-8dfd-4a323e812d82:d3aadaf0-863c-4711-9100-b1bbaa541d1f2025-05-01T15:20:47.796463+05:30HighTitleAn adversary may gain access to sensitive data stored in Azure Virtual MachinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionIf an adversary can gain access to Azure VMs, sensitive data in the VM can be disclosed if the OS in the VM is not encryptedStateInformationNo sensitive data is stored on the Azure VM.InteractionString1: Fetch Agent BinaryPossibleMitigationsUse Azure Disk Encryption to encrypt disks used by Virtual Machines. Refer: <a href="https://aka.ms/tmtdata#disk-vm">https://aka.ms/tmtdata#disk-vm</a>PriorityHighSDLPhaseDesign534dc643-539c-4f32-a92f-b2d654529b26Mitigatedd3aadaf0-863c-4711-9100-b1bbaa541d1fTH93falsefalseTH116642e4b68-b7fb-4df5-ac5c-6e6405654f839af3ab21-6eed-42c4-b9bf-bc632b0251512861dcfc-4975-4916-b084-00a957515d7fFAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c9af3ab21-6eed-42c4-b9bf-bc632b025151324642e4b68-b7fb-4df5-ac5c-6e6405654f83:9af3ab21-6eed-42c4-b9bf-bc632b025151:2861dcfc-4975-4916-b084-00a957515d7f2025-05-01T15:43:31.7434226+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString5: Fetch Agent BinaryPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign642e4b68-b7fb-4df5-ac5c-6e6405654f83Mitigated2861dcfc-4975-4916-b084-00a957515d7fTH116falsefalseTH116534dc643-539c-4f32-a92f-b2d654529b262cc6debc-1845-4846-8dfd-4a323e812d82d3aadaf0-863c-4711-9100-b1bbaa541d1fFAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c2cc6debc-1845-4846-8dfd-4a323e812d82300534dc643-539c-4f32-a92f-b2d654529b26:2cc6debc-1845-4846-8dfd-4a323e812d82:d3aadaf0-863c-4711-9100-b1bbaa541d1f2025-05-01T15:30:47.9415877+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString1: Fetch Agent BinaryPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign534dc643-539c-4f32-a92f-b2d654529b26Mitigatedd3aadaf0-863c-4711-9100-b1bbaa541d1fTH116falsefalseTH636261586d-5250-4d57-9106-e219d186b4af94427037-2ecb-4511-8365-b85f37d5e6c4736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c94427037-2ecb-4511-8365-b85f37d5e6c43296261586d-5250-4d57-9106-e219d186b4af:94427037-2ecb-4511-8365-b85f37d5e6c4:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:45:26.0530981+05:30HighTitleAn adversary can abuse poorly managed Azure Blob Storage account access keysUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can abuse poorly managed Azure Blob Storage account access keys and gain unauthorized access to storage.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString6: Fetch Agent BinaryPossibleMitigationsEnsure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a>PriorityHighSDLPhaseImplementation6261586d-5250-4d57-9106-e219d186b4afMitigated736335e4-36cf-489d-9964-86bd1df4f106TH63falsefalseTH676261586d-5250-4d57-9106-e219d186b4af94427037-2ecb-4511-8365-b85f37d5e6c4736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c94427037-2ecb-4511-8365-b85f37d5e6c43286261586d-5250-4d57-9106-e219d186b4af:94427037-2ecb-4511-8365-b85f37d5e6c4:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:45:17.5863735+05:30HighTitleAn adversary may gain unauthorized access to Azure Blob Storage account in a subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to Azure Blob Storage account in a subscriptionStateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString6: Fetch Agent BinaryPossibleMitigationsAssign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a>PriorityHighSDLPhaseImplementation6261586d-5250-4d57-9106-e219d186b4afMitigated736335e4-36cf-489d-9964-86bd1df4f106TH67falsefalseTH1406261586d-5250-4d57-9106-e219d186b4af94427037-2ecb-4511-8365-b85f37d5e6c4736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c94427037-2ecb-4511-8365-b85f37d5e6c43276261586d-5250-4d57-9106-e219d186b4af:94427037-2ecb-4511-8365-b85f37d5e6c4:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:45:05.653308+05:30HighTitleAn adversary can gain unauthorized access to Azure Blob Storage instances due to weak network configurationUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to Azure Blob Storage instances due to weak network configurationStateInformationStorage Account contains the Agent Binaries. There is no EUII. Access must be set as public for it to serve as a the data layer for the two CDNs.InteractionString6: Fetch Agent BinaryPossibleMitigationsIt is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a>PriorityHighSDLPhaseImplementation6261586d-5250-4d57-9106-e219d186b4afNotApplicable736335e4-36cf-489d-9964-86bd1df4f106TH140falsefalseTH176261586d-5250-4d57-9106-e219d186b4af94427037-2ecb-4511-8365-b85f37d5e6c4736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c94427037-2ecb-4511-8365-b85f37d5e6c43266261586d-5250-4d57-9106-e219d186b4af:94427037-2ecb-4511-8365-b85f37d5e6c4:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:43:42.9700598+05:30HighTitleAn adversary can gain unauthorized access to Azure Blob Storage due to weak access control restrictionsUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to Azure Blob Storage due to weak access control restrictionsStateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString6: Fetch Agent BinaryPossibleMitigationsGrant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a>PriorityHighSDLPhaseImplementation6261586d-5250-4d57-9106-e219d186b4afMitigated736335e4-36cf-489d-9964-86bd1df4f106TH17falsefalseTH83d03136f4-6cc4-488c-b062-e8026a62a01127a5d300-9123-4af1-998c-3bf22997f0a2973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c927a5d300-9123-4af1-998c-3bf22997f0a2353d03136f4-6cc4-488c-b062-e8026a62a011:27a5d300-9123-4af1-998c-3bf22997f0a2:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:53:14.2590728+05:30MediumTitleAn adversary can gain access to sensitive data stored in Web API's config filesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can gain access to the config files. and if sensitive data is stored in it, it would be compromised.StateInformationInteraction between the Azure DevOps Service and the Secure Token Service (STS) is not in the scope of this service.InteractionStringDeletedPossibleMitigationsEncrypt sections of Web API's configuration files that contain sensitive data. Refer: <a href="https://aka.ms/tmtconfigmgmt#config-sensitive">https://aka.ms/tmtconfigmgmt#config-sensitive</a>PriorityMediumSDLPhaseImplementationd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable973739e4-b680-49e5-adc2-fa6d053e03feTH83falsefalseTH16d03136f4-6cc4-488c-b062-e8026a62a01127a5d300-9123-4af1-998c-3bf22997f0a2973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c927a5d300-9123-4af1-998c-3bf22997f0a2352d03136f4-6cc4-488c-b062-e8026a62a011:27a5d300-9123-4af1-998c-3bf22997f0a2:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:53:09.7238328+05:30HighTitleAn adversary can gain access to sensitive data by sniffing traffic to Web APIUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can gain access to sensitive data by sniffing traffic to Web APIStateInformationInteraction between the Azure DevOps Service and the Secure Token Service (STS) is not in the scope of this service.InteractionStringDeletedPossibleMitigationsForce all traffic to Web APIs over HTTPS connection. Refer: <a href="https://aka.ms/tmtcommsec#webapi-https">https://aka.ms/tmtcommsec#webapi-https</a>PriorityHighSDLPhaseImplementationd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable973739e4-b680-49e5-adc2-fa6d053e03feTH16falsefalseTH106d03136f4-6cc4-488c-b062-e8026a62a01127a5d300-9123-4af1-998c-3bf22997f0a2973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c927a5d300-9123-4af1-998c-3bf22997f0a2351d03136f4-6cc4-488c-b062-e8026a62a011:27a5d300-9123-4af1-998c-3bf22997f0a2:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:53:05.8793297+05:30HighTitleAn adversary can gain access to sensitive information from an API through error messagesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can gain access to sensitive data such as the following, through verbose error messages - Server names - Connection strings - Usernames - Passwords - SQL procedures - Details of dynamic SQL failures - Stack trace and lines of code - Variables stored in memory - Drive and folder locations - Application install points - Host configuration settings - Other internal application details StateInformationInteraction between the Azure DevOps Service and the Secure Token Service (STS) is not in the scope of this service.InteractionStringDeletedPossibleMitigationsEnsure that proper exception handling is done in ASP.NET Web API. Refer: <a href="https://aka.ms/tmtxmgmt#exception">https://aka.ms/tmtxmgmt#exception</a>PriorityHighSDLPhaseImplementationd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable973739e4-b680-49e5-adc2-fa6d053e03feTH106falsefalseTH110d03136f4-6cc4-488c-b062-e8026a62a01127a5d300-9123-4af1-998c-3bf22997f0a2973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c927a5d300-9123-4af1-998c-3bf22997f0a2350d03136f4-6cc4-488c-b062-e8026a62a011:27a5d300-9123-4af1-998c-3bf22997f0a2:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:53:02.1200618+05:30HighTitleAn adversary may gain unauthorized access to Web API due to poor access control checksUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to Web API due to poor access control checksStateInformationInteraction between the Azure DevOps Service and the Secure Token Service (STS) is not in the scope of this service.InteractionStringDeletedPossibleMitigationsImplement proper authorization mechanism in ASP.NET Web API. Refer: <a href="https://aka.ms/tmtauthz#authz-aspnet">https://aka.ms/tmtauthz#authz-aspnet</a>PriorityHighSDLPhaseImplementationd03136f4-6cc4-488c-b062-e8026a62a011NotApplicable973739e4-b680-49e5-adc2-fa6d053e03feTH110falsefalseTH976ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b43496ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:52:35.8698959+05:30HighTitleAn adversary can gain access to sensitive data by performing SQL injection through Web APIUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. StateInformationInput Validation done on Azure DevOps service is not in the scope of this threat model.InteractionString2: Register AgentPossibleMitigationsEnsure that type-safe parameters are used in Web API for data access. Refer: <a href="https://aka.ms/tmtinputval#typesafe-api">https://aka.ms/tmtinputval#typesafe-api</a>PriorityHighSDLPhaseImplementation6ca8905a-a219-4ae5-8dff-a7a3b68afecdNotApplicable973739e4-b680-49e5-adc2-fa6d053e03feTH97falsefalseTH1086ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b43486ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:52:31.2885919+05:30HighTitleAn adversary may inject malicious inputs into an API and affect downstream processesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may inject malicious inputs into an API and affect downstream processesStateInformationInput Validation done on Azure DevOps service is not in the scope of this threat model.InteractionString2: Register AgentPossibleMitigationsEnsure that model validation is done on Web API methods. Refer: <a href="https://aka.ms/tmtinputval#validation-api">https://aka.ms/tmtinputval#validation-api</a> Implement input validation on all string type parameters accepted by Web API methods. Refer: <a href="https://aka.ms/tmtinputval#string-api">https://aka.ms/tmtinputval#string-api</a>PriorityHighSDLPhaseImplementation6ca8905a-a219-4ae5-8dff-a7a3b68afecdNotApplicable973739e4-b680-49e5-adc2-fa6d053e03feTH108falsefalseTH876ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b43476ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:52:04.1021298+05:30HighTitleAn adversary may spoof Config Agent Executable and gain access to Web APIUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionIf proper authentication is not in place, an adversary can spoof a source process or external entity and gain unauthorized access to the Web Application StateInformationA PAT token with the right scopes is required to register the Agent.InteractionString2: Register AgentPossibleMitigationsEnsure that standard authentication techniques are used to secure Web APIs. Refer: <a href="https://aka.ms/tmtauthn#authn-secure-api">https://aka.ms/tmtauthn#authn-secure-api</a>PriorityHighSDLPhaseDesign6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH87falsefalseTH1096ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b43466ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:51:49.8277061+05:30HighTitleAttacker can deny a malicious act on an API leading to repudiation issuesUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happenedUserThreatDescriptionAttacker can deny a malicious act on an API leading to repudiation issuesStateInformationAuditing and logging is enforced on Web API.InteractionString2: Register AgentPossibleMitigationsEnsure that auditing and logging is enforced on Web API. Refer: <a href="https://aka.ms/tmtauditlog#logging-web-api">https://aka.ms/tmtauditlog#logging-web-api</a>PriorityHighSDLPhaseDesign6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH109falsefalseTH836ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b43456ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:51:29.0046704+05:30MediumTitleAn adversary can gain access to sensitive data stored in Web API's config filesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can gain access to the config files. and if sensitive data is stored in it, it would be compromised.StateInformationConfig files on the VM hosting the Azure DevOps Agent is in an encrypted manner. Furthermore, the VM is only accessible with the right JIT approval due to the RBAC policies.InteractionString2: Register AgentPossibleMitigationsEncrypt sections of Web API's configuration files that contain sensitive data. Refer: <a href="https://aka.ms/tmtconfigmgmt#config-sensitive">https://aka.ms/tmtconfigmgmt#config-sensitive</a>PriorityMediumSDLPhaseImplementation6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH83falsefalseTH166ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b43446ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:50:40.3530602+05:30HighTitleAn adversary can gain access to sensitive data by sniffing traffic to Web APIUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can gain access to sensitive data by sniffing traffic to Web APIStateInformationData is sent over HTTPS and is encrypted.InteractionString2: Register AgentPossibleMitigationsForce all traffic to Web APIs over HTTPS connection. Refer: <a href="https://aka.ms/tmtcommsec#webapi-https">https://aka.ms/tmtcommsec#webapi-https</a>PriorityHighSDLPhaseImplementation6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH16falsefalseTH1066ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b43436ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:50:20.7709687+05:30HighTitleAn adversary can gain access to sensitive information from an API through error messagesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can gain access to sensitive data such as the following, through verbose error messages - Server names - Connection strings - Usernames - Passwords - SQL procedures - Details of dynamic SQL failures - Stack trace and lines of code - Variables stored in memory - Drive and folder locations - Application install points - Host configuration settings - Other internal application details StateInformationProper exception handling and message scrubbing is in place.InteractionString2: Register AgentPossibleMitigationsEnsure that proper exception handling is done in ASP.NET Web API. Refer: <a href="https://aka.ms/tmtxmgmt#exception">https://aka.ms/tmtxmgmt#exception</a>PriorityHighSDLPhaseImplementation6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH106falsefalseTH1106ca8905a-a219-4ae5-8dff-a7a3b68afecdce60f4f5-e392-41d7-aa4c-69de71a685b4973739e4-b680-49e5-adc2-fa6d053e03feFAREAST\adityamankal6559cf12-2510-4965-a613-8d2b3dc8e2c9ce60f4f5-e392-41d7-aa4c-69de71a685b43426ca8905a-a219-4ae5-8dff-a7a3b68afecd:ce60f4f5-e392-41d7-aa4c-69de71a685b4:973739e4-b680-49e5-adc2-fa6d053e03fe2025-05-01T15:49:48.8809364+05:30HighTitleAn adversary may gain unauthorized access to Web API due to poor access control checksUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to Web API due to poor access control checksStateInformationA PAT token with the right scopes is required to register the Agent.InteractionString2: Register AgentPossibleMitigationsImplement proper authorization mechanism in ASP.NET Web API. Refer: <a href="https://aka.ms/tmtauthz#authz-aspnet">https://aka.ms/tmtauthz#authz-aspnet</a>PriorityHighSDLPhaseImplementation6ca8905a-a219-4ae5-8dff-a7a3b68afecdMitigated973739e4-b680-49e5-adc2-fa6d053e03feTH110falsefalseTH10119d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a28119d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T15:14:01.8364969+05:30HighTitleAn adversary can reverse weakly encrypted or hashed contentUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can reverse weakly encrypted or hashed contentStateInformationAdhering to the right encryption and logging standards. Logs are scrubbed to prevent any secrets from being exposed.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsDo not expose security details in error messages. Refer: <a href="https://aka.ms/tmtxmgmt#messages">https://aka.ms/tmtxmgmt#messages</a> Implement Default error handling page. Refer: <a href="https://aka.ms/tmtxmgmt#default">https://aka.ms/tmtxmgmt#default</a> Set Deployment Method to Retail in IIS. Refer: <a href="https://aka.ms/tmtxmgmt#deployment">https://aka.ms/tmtxmgmt#deployment</a> Use only approved symmetric block ciphers and key lengths. Refer: <a href="https://aka.ms/tmtcrypto#cipher-length">https://aka.ms/tmtcrypto#cipher-length</a> Use approved block cipher modes and initialization vectors for symmetric ciphers. Refer: <a href="https://aka.ms/tmtcrypto#vector-ciphers">https://aka.ms/tmtcrypto#vector-ciphers</a> Use approved asymmetric algorithms, key lengths, and padding. Refer: <a href="https://aka.ms/tmtcrypto#padding">https://aka.ms/tmtcrypto#padding</a> Use approved random number generators. Refer: <a href="https://aka.ms/tmtcrypto#numgen">https://aka.ms/tmtcrypto#numgen</a> Do not use symmetric stream ciphers. Refer: <a href="https://aka.ms/tmtcrypto#stream-ciphers">https://aka.ms/tmtcrypto#stream-ciphers</a> Use approved MAC/HMAC/keyed hash algorithms. Refer: <a href="https://aka.ms/tmtcrypto#mac-hash">https://aka.ms/tmtcrypto#mac-hash</a> Use only approved cryptographic hash functions. Refer: <a href="https://aka.ms/tmtcrypto#hash-functions">https://aka.ms/tmtcrypto#hash-functions</a> Verify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH101falsefalseTH10219d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a28219d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T15:14:07.619899+05:30HighTitleAn adversary may gain access to sensitive data from log filesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data from log filesStateInformationAdhering to the right encryption and logging standards. Logs are scrubbed to prevent any secrets from being exposed.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsEnsure that the application does not log sensitive user data. Refer: <a href="https://aka.ms/tmtauditlog#log-sensitive-data">https://aka.ms/tmtauditlog#log-sensitive-data</a> Ensure that Audit and Log Files have Restricted Access. Refer: <a href="https://aka.ms/tmtauditlog#log-restricted-access">https://aka.ms/tmtauditlog#log-restricted-access</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH102falsefalseTH9419d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a28319d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T15:14:23.0369646+05:30HighTitleAn adversary can gain access to sensitive information through error messagesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can gain access to sensitive data such as the following, through verbose error messages - Server names - Connection strings - Usernames - Passwords - SQL procedures - Details of dynamic SQL failures - Stack trace and lines of code - Variables stored in memory - Drive and folder locations - Application install points - Host configuration settings - Other internal application details StateInformationAdhering to the right encryption and logging standards. Logs are scrubbed to prevent any secrets from being exposed.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsDo not expose security details in error messages. Refer: <a href="https://aka.ms/tmtxmgmt#messages">https://aka.ms/tmtxmgmt#messages</a> Implement Default error handling page. Refer: <a href="https://aka.ms/tmtxmgmt#default">https://aka.ms/tmtxmgmt#default</a> Set Deployment Method to Retail in IIS. Refer: <a href="https://aka.ms/tmtxmgmt#deployment">https://aka.ms/tmtxmgmt#deployment</a> Exceptions should fail safely. Refer: <a href="https://aka.ms/tmtxmgmt#fail">https://aka.ms/tmtxmgmt#fail</a> ASP.NET applications must disable tracing and debugging prior to deployment. Refer: <a href="https://aka.ms/tmtconfigmgmt#trace-deploy">https://aka.ms/tmtconfigmgmt#trace-deploy</a> Implement controls to prevent username enumeration. Refer: <a href="https://aka.ms/tmtauthn#controls-username-enum">https://aka.ms/tmtauthn#controls-username-enum</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH94falsefalseTH3019d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a28419d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T15:14:58.7935727+05:30MediumTitleAttacker can deny the malicious act and remove the attack foot prints leading to repudiation issuesUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happenedUserThreatDescriptionProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a systemStateInformationDetailed verbose logging is implemented in Azure Pipeline Agent. Logs are scrubbed to prevent any secrets from being exposed.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsEnsure that auditing and logging is enforced on the application. Refer: <a href="https://aka.ms/tmtauditlog#auditing">https://aka.ms/tmtauditlog#auditing</a> Ensure that log rotation and separation are in place. Refer: <a href="https://aka.ms/tmtauditlog#log-rotation">https://aka.ms/tmtauditlog#log-rotation</a> Ensure that Audit and Log Files have Restricted Access. Refer: <a href="https://aka.ms/tmtauditlog#log-restricted-access">https://aka.ms/tmtauditlog#log-restricted-access</a> Ensure that User Management Events are Logged. Refer: <a href="https://aka.ms/tmtauditlog#user-management">https://aka.ms/tmtauditlog#user-management</a>PriorityMediumSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH30falsefalseTH3219d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a28519d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T15:16:01.1473632+05:30HighTitleAn adversary can spoof the target web application due to insecure TLS certificate configurationUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionEnsure that TLS certificate parameters are configured with correct valuesStateInformationAzure DevOps Service ensures TLS with the right SSL certificates.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsVerify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH32falsefalseTH719d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a28619d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T15:16:28.5696821+05:30HighTitleAn adversary can steal sensitive data like user credentialsUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAttackers can exploit weaknesses in system to steal user credentials. Downstream and upstream components are often accessed by using credentials stored in configuration stores. Attackers may steal the upstream or downstream component credentials. Attackers may steal credentials if, Credentials are stored and sent in clear text, Weak input validation coupled with dynamic sql queries, Password retrieval mechanism are poor, StateInformationAzure DevOps Service ensures TLS with the right SSL certificates.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsExplicitly disable the autocomplete HTML attribute in sensitive forms and inputs. Refer: <a href="https://aka.ms/tmtdata#autocomplete-input">https://aka.ms/tmtdata#autocomplete-input</a> Perform input validation and filtering on all string type Model properties. Refer: <a href="https://aka.ms/tmtinputval#typemodel">https://aka.ms/tmtinputval#typemodel</a> Validate all redirects within the application are closed or done safely. Refer: <a href="https://aka.ms/tmtinputval#redirect-safe">https://aka.ms/tmtinputval#redirect-safe</a> Enable step up or adaptive authentication. Refer: <a href="https://aka.ms/tmtauthn#step-up-adaptive-authn">https://aka.ms/tmtauthn#step-up-adaptive-authn</a> Implement forgot password functionalities securely. Refer: <a href="https://aka.ms/tmtauthn#forgot-pword-fxn">https://aka.ms/tmtauthn#forgot-pword-fxn</a> Ensure that password and account policy are implemented. Refer: <a href="https://aka.ms/tmtauthn#pword-account-policy">https://aka.ms/tmtauthn#pword-account-policy</a> Implement input validation on all string type parameters accepted by Controller methods. Refer: <a href="https://aka.ms/tmtinputval#string-method">https://aka.ms/tmtinputval#string-method</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH7falsefalseTH8119d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a28719d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T15:16:36.9076712+05:30HighTitleAn adversary can create a fake website and launch phishing attacksUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionPhishing is attempted to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a Web Server which is a trustworthy entity in electronic communicationStateInformationAzure DevOps Service ensures TLS with the right SSL certificates.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsVerify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a> Ensure that authenticated ASP.NET pages incorporate UI Redressing or clickjacking defences. Refer: <a href="https://aka.ms/tmtconfigmgmt#ui-defenses">https://aka.ms/tmtconfigmgmt#ui-defenses</a> Validate all redirects within the application are closed or done safely. Refer: <a href="https://aka.ms/tmtinputval#redirect-safe">https://aka.ms/tmtinputval#redirect-safe</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH81falsefalseTH8619d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a28819d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T15:17:13.0697522+05:30HighTitleAn adversary may spoof Agent Listener and gain access to Web ApplicationUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionIf proper authentication is not in place, an adversary can spoof a source process or external entity and gain unauthorized access to the Web ApplicationStateInformationRequires an access token issued by a mutually trusted Identity Service.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsConsider using a standard authentication mechanism to authenticate to Web Application. Refer: <a href="https://aka.ms/tmtauthn#standard-authn-web-app">https://aka.ms/tmtauthn#standard-authn-web-app</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH86falsefalseTH9619d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a28919d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T15:20:23.5770061+05:30HighTitleAn adversary can gain access to sensitive data by performing SQL injection through Web AppUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. StateInformationInput scrubbing on Auzre DevOps Service is not in the scope of this reviewInteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsEnsure that type-safe parameters are used in Web Application for data access. Refer: <a href="https://aka.ms/tmtinputval#typesafe">https://aka.ms/tmtinputval#typesafe</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH96falsefalseTH9819d8710c-11af-4d9a-83b8-2a54b7816fe0f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a6db9dd7f-74f1-4c07-9fdd-17e00dc45963FAREAST\adityamankal9bc3582d-5e45-4551-9713-65b1afe59afaf2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a29019d8710c-11af-4d9a-83b8-2a54b7816fe0:f2dbcb6a-6f20-4ec4-94e7-b6e7bd45150a:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-05-01T15:18:05.1600016+05:30HighTitleAn adversary can gain access to sensitive data stored in Web App's config filesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary can gain access to the config files. and if sensitive data is stored in it, it would be compromised.StateInformationSecurity of the Azure DevOps Web Config File is not in the scope of this review.InteractionString10: Poll for Jobs using OAuth TokenPossibleMitigationsEncrypt sections of Web App's configuration files that contain sensitive data. Refer: <a href="https://aka.ms/tmtdata#encrypt-data">https://aka.ms/tmtdata#encrypt-data</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH98falsefalseTH116bb4a6bce-ebc1-460f-a000-780782e3716e697a5481-a24f-453a-bcdb-adc9cc86b2d2534dc643-539c-4f32-a92f-b2d654529b26FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c697a5481-a24f-453a-bcdb-adc9cc86b2d2311bb4a6bce-ebc1-460f-a000-780782e3716e:697a5481-a24f-453a-bcdb-adc9cc86b2d2:534dc643-539c-4f32-a92f-b2d654529b262025-05-01T15:41:56.8299201+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString3: Fetch Agent BinaryPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesignbb4a6bce-ebc1-460f-a000-780782e3716eMitigated534dc643-539c-4f32-a92f-b2d654529b26TH116falsefalseTH93bb4a6bce-ebc1-460f-a000-780782e3716e697a5481-a24f-453a-bcdb-adc9cc86b2d2534dc643-539c-4f32-a92f-b2d654529b26FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c697a5481-a24f-453a-bcdb-adc9cc86b2d2312bb4a6bce-ebc1-460f-a000-780782e3716e:697a5481-a24f-453a-bcdb-adc9cc86b2d2:534dc643-539c-4f32-a92f-b2d654529b262025-05-01T15:42:05.0609259+05:30HighTitleAn adversary may gain access to sensitive data stored in Azure Virtual MachinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionIf an adversary can gain access to Azure VMs, sensitive data in the VM can be disclosed if the OS in the VM is not encryptedStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines without proper JIT access.InteractionString3: Fetch Agent BinaryPossibleMitigationsUse Azure Disk Encryption to encrypt disks used by Virtual Machines. Refer: <a href="https://aka.ms/tmtdata#disk-vm">https://aka.ms/tmtdata#disk-vm</a>PriorityHighSDLPhaseDesignbb4a6bce-ebc1-460f-a000-780782e3716eMitigated534dc643-539c-4f32-a92f-b2d654529b26TH93falsefalseTH117bb4a6bce-ebc1-460f-a000-780782e3716e697a5481-a24f-453a-bcdb-adc9cc86b2d2534dc643-539c-4f32-a92f-b2d654529b26FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c697a5481-a24f-453a-bcdb-adc9cc86b2d2313bb4a6bce-ebc1-460f-a000-780782e3716e:697a5481-a24f-453a-bcdb-adc9cc86b2d2:534dc643-539c-4f32-a92f-b2d654529b262025-05-01T15:42:14.7196744+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString3: Fetch Agent BinaryPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesignbb4a6bce-ebc1-460f-a000-780782e3716eMitigated534dc643-539c-4f32-a92f-b2d654529b26TH117falsefalseTH178bb4a6bce-ebc1-460f-a000-780782e3716e697a5481-a24f-453a-bcdb-adc9cc86b2d2534dc643-539c-4f32-a92f-b2d654529b26FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c697a5481-a24f-453a-bcdb-adc9cc86b2d2314bb4a6bce-ebc1-460f-a000-780782e3716e:697a5481-a24f-453a-bcdb-adc9cc86b2d2:534dc643-539c-4f32-a92f-b2d654529b262025-05-01T15:42:23.9754268+05:30HighTitleAn adversary may spoof the service or service endpoints by leveraging stale CNAME DNS records and executing a subdomain hijack attackUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof the service or service endpoints by leveraging stale CNAME DNS records and executing a subdomain hijack attackStateInformationThere are no stale DNS CNAME records. Even deprecated and decommissioned routes are still kept online to ensure that the CNAME record is reserved.InteractionString3: Fetch Agent BinaryPossibleMitigationsAddress stale CNAME DNS records mapping custom domain names to the domain name of the Azure Traffic Manager instance. In some cases, deleting the stale CNAME records may be sufficient, while in other cases, the domain name of the Azure Traffic Manager instance should be kept to prevent subdomain hijack attacks. Refer: <a href="https://aka.ms/tmt-th178 ">https://aka.ms/tmt-th178 </a>PriorityHighSDLPhaseImplementationbb4a6bce-ebc1-460f-a000-780782e3716eMitigated534dc643-539c-4f32-a92f-b2d654529b26TH178falsefalseTH1167ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca1e43eb3f-061f-4000-84f7-2a41eca5cb12f88e3111-e0e2-4ab4-9711-899d27b843a3FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c1e43eb3f-061f-4000-84f7-2a41eca5cb123157ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca:1e43eb3f-061f-4000-84f7-2a41eca5cb12:f88e3111-e0e2-4ab4-9711-899d27b843a32025-05-01T15:42:37.5762635+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionStringCertificate AuthorityPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign7ba0f5b6-b757-42ae-bc9b-16bc9a6e7acaMitigatedf88e3111-e0e2-4ab4-9711-899d27b843a3TH116falsefalseTH1177ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca1e43eb3f-061f-4000-84f7-2a41eca5cb12f88e3111-e0e2-4ab4-9711-899d27b843a3FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c1e43eb3f-061f-4000-84f7-2a41eca5cb123167ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca:1e43eb3f-061f-4000-84f7-2a41eca5cb12:f88e3111-e0e2-4ab4-9711-899d27b843a32025-05-01T15:42:47.646022+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionStringCertificate AuthorityPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign7ba0f5b6-b757-42ae-bc9b-16bc9a6e7acaMitigatedf88e3111-e0e2-4ab4-9711-899d27b843a3TH117falsefalseTH1867ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca1e43eb3f-061f-4000-84f7-2a41eca5cb12f88e3111-e0e2-4ab4-9711-899d27b843a3FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c1e43eb3f-061f-4000-84f7-2a41eca5cb123617ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca:1e43eb3f-061f-4000-84f7-2a41eca5cb12:f88e3111-e0e2-4ab4-9711-899d27b843a32025-05-01T15:57:44.9700312+05:30LowTitleAn adversary may attempt to delete key vault or key vault object causing business disruption. UserThreatCategoryDenial of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to specUserThreatDescriptionAn adversary may attempt to delete key vault or key vault object causing business disruption. StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionStringCertificate AuthorityPossibleMitigationsKey Vault's soft delete feature allows recovery of the deleted vaults and vault objects, known as soft-delete . Soft deleted resources are retained for a set period of time, 90 days. Refer : <a href="https://aka.ms/tmt-th186 ">https://aka.ms/tmt-th186 </a>PriorityLowSDLPhaseImplementation7ba0f5b6-b757-42ae-bc9b-16bc9a6e7acaMitigatedf88e3111-e0e2-4ab4-9711-899d27b843a3TH186falsefalseTH117642e4b68-b7fb-4df5-ac5c-6e6405654f839af3ab21-6eed-42c4-b9bf-bc632b0251512861dcfc-4975-4916-b084-00a957515d7fFAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c9af3ab21-6eed-42c4-b9bf-bc632b025151325642e4b68-b7fb-4df5-ac5c-6e6405654f83:9af3ab21-6eed-42c4-b9bf-bc632b025151:2861dcfc-4975-4916-b084-00a957515d7f2025-05-01T15:43:37.380838+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString5: Fetch Agent BinaryPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign642e4b68-b7fb-4df5-ac5c-6e6405654f83Mitigated2861dcfc-4975-4916-b084-00a957515d7fTH117falsefalseTH1827ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca1e43eb3f-061f-4000-84f7-2a41eca5cb12f88e3111-e0e2-4ab4-9711-899d27b843a3FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c1e43eb3f-061f-4000-84f7-2a41eca5cb123607ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca:1e43eb3f-061f-4000-84f7-2a41eca5cb12:f88e3111-e0e2-4ab4-9711-899d27b843a32025-05-01T15:57:39.4230465+05:30HighTitleAn adversary may gain unauthorized access to Azure Key Vault secrets due to weak authorization rulesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to Azure Key Vault secrets due to weak authorization rules StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionStringCertificate AuthorityPossibleMitigationsLimit Azure Key Vault data plane access by configuring strict access policies. Grant users, groups and applications the ability to perform only the necessary operations against keys or secrets in a Key Vault instance. Follow the principle of least privilege and grant privileges only as needed. Refer : <a href="https://aka.ms/tmt-th181 ">https://aka.ms/tmt-th181 </a>PriorityHighSDLPhaseImplementation7ba0f5b6-b757-42ae-bc9b-16bc9a6e7acaMitigatedf88e3111-e0e2-4ab4-9711-899d27b843a3TH182falsefalseTH1817ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca1e43eb3f-061f-4000-84f7-2a41eca5cb12f88e3111-e0e2-4ab4-9711-899d27b843a3FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c1e43eb3f-061f-4000-84f7-2a41eca5cb123597ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca:1e43eb3f-061f-4000-84f7-2a41eca5cb12:f88e3111-e0e2-4ab4-9711-899d27b843a32025-05-01T15:57:34.7931814+05:30HighTitleAn adversary may gain unauthorized access to manage Azure Key Vault due to weak authorization rules.UserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to manage Azure Key Vault due to weak authorization rules. StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionStringCertificate AuthorityPossibleMitigationsAccess to the Azure Key Vault management plane should be restricted by choosing appropriate Role-Based Access Control (RBAC) roles and privileges in accordance with the principle of least privilege. Over permissive or weak authorization rules may potentially permit data plane access (e.g. a user with Contribute (RBAC) permissions to Key Vault management plane may grant themselves access to the data plane by setting the Azure Key Vault access policy). Refer : <a href="https://aka.ms/tmt-th181 ">https://aka.ms/tmt-th181 </a>PriorityHighSDLPhaseImplementation7ba0f5b6-b757-42ae-bc9b-16bc9a6e7acaMitigatedf88e3111-e0e2-4ab4-9711-899d27b843a3TH181falsefalseTH178534dc643-539c-4f32-a92f-b2d654529b26ef313fed-0491-4b36-ac7d-f224ecdb90ea642e4b68-b7fb-4df5-ac5c-6e6405654f83FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cef313fed-0491-4b36-ac7d-f224ecdb90ea323534dc643-539c-4f32-a92f-b2d654529b26:ef313fed-0491-4b36-ac7d-f224ecdb90ea:642e4b68-b7fb-4df5-ac5c-6e6405654f832025-05-01T15:43:15.9034593+05:30HighTitleAn adversary may spoof the service or service endpoints by leveraging stale CNAME DNS records and executing a subdomain hijack attackUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof the service or service endpoints by leveraging stale CNAME DNS records and executing a subdomain hijack attackStateInformationThere are no stale DNS CNAME records. Even deprecated and decommissioned routes are still kept online to ensure that the CNAME record is reserved.InteractionString4: Fetch Agent BinaryPossibleMitigationsAddress stale CNAME DNS records mapping custom domain names to the domain name of the Azure Traffic Manager instance. In some cases, deleting the stale CNAME records may be sufficient, while in other cases, the domain name of the Azure Traffic Manager instance should be kept to prevent subdomain hijack attacks. Refer: <a href="https://aka.ms/tmt-th178 ">https://aka.ms/tmt-th178 </a>PriorityHighSDLPhaseImplementation534dc643-539c-4f32-a92f-b2d654529b26Mitigated642e4b68-b7fb-4df5-ac5c-6e6405654f83TH178falsefalseTH1797ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca1e43eb3f-061f-4000-84f7-2a41eca5cb12f88e3111-e0e2-4ab4-9711-899d27b843a3FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c1e43eb3f-061f-4000-84f7-2a41eca5cb123587ba0f5b6-b757-42ae-bc9b-16bc9a6e7aca:1e43eb3f-061f-4000-84f7-2a41eca5cb12:f88e3111-e0e2-4ab4-9711-899d27b843a32025-05-01T15:57:30.8225157+05:30HighTitleAn adversary can gain unauthorized access to Azure Key Vault instances due to weak network security configuration.UserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to Azure Key Vault instances due to weak network security configuration.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionStringCertificate AuthorityPossibleMitigationsRestrict access to Azure Key Vault instances by configuring firewall rules to permit connections from selected networks (e.g. a virtual network or a custom set of IP addresses).For Key Vault client applications behind a firewall trying to access a Key Vault instance, see best practices mentioned here: <a href="https://aka.ms/tmt-th179 ">https://aka.ms/tmt-th179 </a>PriorityHighSDLPhaseImplementation7ba0f5b6-b757-42ae-bc9b-16bc9a6e7acaMitigatedf88e3111-e0e2-4ab4-9711-899d27b843a3TH179falsefalseTH206261586d-5250-4d57-9106-e219d186b4af94427037-2ecb-4511-8365-b85f37d5e6c4736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c94427037-2ecb-4511-8365-b85f37d5e6c43306261586d-5250-4d57-9106-e219d186b4af:94427037-2ecb-4511-8365-b85f37d5e6c4:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:45:42.9296543+05:30MediumTitleAn adversary can deny actions on Azure Blob Storage due to lack of auditing UserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happenedUserThreatDescriptionProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system.StateInformationDetailed verbose logging is implemented in Azure Pipeline Agent. Logs are scrubbed to prevent any secrets from being exposed.InteractionString6: Fetch Agent BinaryPossibleMitigationsUse Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a>PriorityMediumSDLPhaseImplementation6261586d-5250-4d57-9106-e219d186b4afMitigated736335e4-36cf-489d-9964-86bd1df4f106TH20falsefalseTH216261586d-5250-4d57-9106-e219d186b4af94427037-2ecb-4511-8365-b85f37d5e6c4736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c94427037-2ecb-4511-8365-b85f37d5e6c43316261586d-5250-4d57-9106-e219d186b4af:94427037-2ecb-4511-8365-b85f37d5e6c4:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:45:52.6658478+05:30HighTitleAn adversary can gain unauthorized access to Azure Blob Storage due to weak CORS configurationUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to Azure Blob Storage due to weak CORS configurationStateInformationStorage Account contains the Agent Binaries. There is no EUII. Access must be set as public for it to serve as a the data layer for the two CDNs.InteractionString6: Fetch Agent BinaryPossibleMitigationsEnsure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a>PriorityHighSDLPhaseImplementation6261586d-5250-4d57-9106-e219d186b4afNotApplicable736335e4-36cf-489d-9964-86bd1df4f106TH21falsefalseTH856261586d-5250-4d57-9106-e219d186b4af94427037-2ecb-4511-8365-b85f37d5e6c4736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88c94427037-2ecb-4511-8365-b85f37d5e6c43326261586d-5250-4d57-9106-e219d186b4af:94427037-2ecb-4511-8365-b85f37d5e6c4:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:45:58.569917+05:30HighTitleAn adversary can access Azure storage blobs and containers anonymouslyUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can gain access to Azure storage containers and blobs if anonymous access is provided to potentially sensitive data accidentally.StateInformationStorage Account contains the Agent Binaries. There is no EUII. Access must be set as public for it to serve as a the data layer for the two CDNs.InteractionString6: Fetch Agent BinaryPossibleMitigationsEnsure that only the required containers and blobs are given anonymous read access. Refer: <a href="https://aka.ms/tmt-th85">https://aka.ms/tmt-th85</a>PriorityHighSDLPhaseImplementation6261586d-5250-4d57-9106-e219d186b4afNotApplicable736335e4-36cf-489d-9964-86bd1df4f106TH85falsefalseTH1162861dcfc-4975-4916-b084-00a957515d7fd4aed796-beaf-4727-a6d6-65f3aea46acf736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cd4aed796-beaf-4727-a6d6-65f3aea46acf3332861dcfc-4975-4916-b084-00a957515d7f:d4aed796-beaf-4727-a6d6-65f3aea46acf:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:46:09.1532195+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationStorage Account contains the Agent Binaries. There is no EUII. Access must be set as public for it to serve as a the data layer for the two CDNs.InteractionString6: Fetch Agent BinaryPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign2861dcfc-4975-4916-b084-00a957515d7fMitigated736335e4-36cf-489d-9964-86bd1df4f106TH116falsefalseTH172861dcfc-4975-4916-b084-00a957515d7fd4aed796-beaf-4727-a6d6-65f3aea46acf736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cd4aed796-beaf-4727-a6d6-65f3aea46acf3342861dcfc-4975-4916-b084-00a957515d7f:d4aed796-beaf-4727-a6d6-65f3aea46acf:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:46:35.942155+05:30HighTitleAn adversary can gain unauthorized access to Azure Blob Storage due to weak access control restrictionsUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to Azure Blob Storage due to weak access control restrictionsStateInformationStorage Account contains the Agent Binaries. There is no EUII. Access must be set as public for it to serve as a the data layer for the two CDNs.InteractionString6: Fetch Agent BinaryPossibleMitigationsGrant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a>PriorityHighSDLPhaseImplementation2861dcfc-4975-4916-b084-00a957515d7fNotApplicable736335e4-36cf-489d-9964-86bd1df4f106TH17falsefalseTH1402861dcfc-4975-4916-b084-00a957515d7fd4aed796-beaf-4727-a6d6-65f3aea46acf736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cd4aed796-beaf-4727-a6d6-65f3aea46acf3352861dcfc-4975-4916-b084-00a957515d7f:d4aed796-beaf-4727-a6d6-65f3aea46acf:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:46:44.5369879+05:30HighTitleAn adversary can gain unauthorized access to Azure Blob Storage instances due to weak network configurationUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to Azure Blob Storage instances due to weak network configurationStateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString6: Fetch Agent BinaryPossibleMitigationsIt is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a>PriorityHighSDLPhaseImplementation2861dcfc-4975-4916-b084-00a957515d7fMitigated736335e4-36cf-489d-9964-86bd1df4f106TH140falsefalseTH672861dcfc-4975-4916-b084-00a957515d7fd4aed796-beaf-4727-a6d6-65f3aea46acf736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cd4aed796-beaf-4727-a6d6-65f3aea46acf3362861dcfc-4975-4916-b084-00a957515d7f:d4aed796-beaf-4727-a6d6-65f3aea46acf:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:46:48.8353927+05:30HighTitleAn adversary may gain unauthorized access to Azure Blob Storage account in a subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to Azure Blob Storage account in a subscriptionStateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString6: Fetch Agent BinaryPossibleMitigationsAssign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a>PriorityHighSDLPhaseImplementation2861dcfc-4975-4916-b084-00a957515d7fMitigated736335e4-36cf-489d-9964-86bd1df4f106TH67falsefalseTH632861dcfc-4975-4916-b084-00a957515d7fd4aed796-beaf-4727-a6d6-65f3aea46acf736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cd4aed796-beaf-4727-a6d6-65f3aea46acf3372861dcfc-4975-4916-b084-00a957515d7f:d4aed796-beaf-4727-a6d6-65f3aea46acf:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:46:52.75319+05:30HighTitleAn adversary can abuse poorly managed Azure Blob Storage account access keysUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can abuse poorly managed Azure Blob Storage account access keys and gain unauthorized access to storage.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString6: Fetch Agent BinaryPossibleMitigationsEnsure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a>PriorityHighSDLPhaseImplementation2861dcfc-4975-4916-b084-00a957515d7fMitigated736335e4-36cf-489d-9964-86bd1df4f106TH63falsefalseTH202861dcfc-4975-4916-b084-00a957515d7fd4aed796-beaf-4727-a6d6-65f3aea46acf736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cd4aed796-beaf-4727-a6d6-65f3aea46acf3382861dcfc-4975-4916-b084-00a957515d7f:d4aed796-beaf-4727-a6d6-65f3aea46acf:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:47:21.5717047+05:30MediumTitleAn adversary can deny actions on Azure Blob Storage due to lack of auditing UserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happenedUserThreatDescriptionProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system.StateInformationDetailed verbose logging and tracking is implemented.InteractionString6: Fetch Agent BinaryPossibleMitigationsUse Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a>PriorityMediumSDLPhaseImplementation2861dcfc-4975-4916-b084-00a957515d7fMitigated736335e4-36cf-489d-9964-86bd1df4f106TH20falsefalseTH1172861dcfc-4975-4916-b084-00a957515d7fd4aed796-beaf-4727-a6d6-65f3aea46acf736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cd4aed796-beaf-4727-a6d6-65f3aea46acf3392861dcfc-4975-4916-b084-00a957515d7f:d4aed796-beaf-4727-a6d6-65f3aea46acf:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:47:33.5698362+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString6: Fetch Agent BinaryPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign2861dcfc-4975-4916-b084-00a957515d7fMitigated736335e4-36cf-489d-9964-86bd1df4f106TH117falsefalseTH212861dcfc-4975-4916-b084-00a957515d7fd4aed796-beaf-4727-a6d6-65f3aea46acf736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cd4aed796-beaf-4727-a6d6-65f3aea46acf3402861dcfc-4975-4916-b084-00a957515d7f:d4aed796-beaf-4727-a6d6-65f3aea46acf:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:49:01.3199009+05:30HighTitleAn adversary can gain unauthorized access to Azure Blob Storage due to weak CORS configurationUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to Azure Blob Storage due to weak CORS configurationStateInformationStorage Account contains the Agent Binaries. There is no EUII. Access must be set as public for it to serve as a the data layer for the two CDNs.InteractionString6: Fetch Agent BinaryPossibleMitigationsEnsure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a>PriorityHighSDLPhaseImplementation2861dcfc-4975-4916-b084-00a957515d7fNotApplicable736335e4-36cf-489d-9964-86bd1df4f106TH21falsefalseTH852861dcfc-4975-4916-b084-00a957515d7fd4aed796-beaf-4727-a6d6-65f3aea46acf736335e4-36cf-489d-9964-86bd1df4f106FAREAST\adityamankal01081e16-ca66-42c6-b2c5-e470ce83a88cd4aed796-beaf-4727-a6d6-65f3aea46acf3412861dcfc-4975-4916-b084-00a957515d7f:d4aed796-beaf-4727-a6d6-65f3aea46acf:736335e4-36cf-489d-9964-86bd1df4f1062025-05-01T15:49:13.5030816+05:30HighTitleAn adversary can access Azure storage blobs and containers anonymouslyUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can gain access to Azure storage containers and blobs if anonymous access is provided to potentially sensitive data accidentally.StateInformationStorage Account contains the Agent Binaries. There is no EUII. Access must be set as public for it to serve as a the data layer for the two CDNs.InteractionString6: Fetch Agent BinaryPossibleMitigationsEnsure that only the required containers and blobs are given anonymous read access. Refer: <a href="https://aka.ms/tmt-th85">https://aka.ms/tmt-th85</a>PriorityHighSDLPhaseImplementation2861dcfc-4975-4916-b084-00a957515d7fNotApplicable736335e4-36cf-489d-9964-86bd1df4f106TH85falsefalseTH116ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba362ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:20:27.9494281+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString6: Accessing ADO services PossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesignab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH116falsefalseTH135ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba363ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:20:40.9005132+05:30HighTitleAn adversary may gain unauthorized access to data on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to data on host machinesStateInformationConfidential data such as client secret, RSA private key, etc. are stored in an encrypted manner. Rest of the data is related ot the job being executed and cannot be stored in an encrypted manner.InteractionString6: Accessing ADO services PossibleMitigationsEnsure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a>PriorityHighSDLPhaseImplementationab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH135falsefalseTH136ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba364ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:20:45.9244552+05:30HighTitleAn adversary may gain elevated privileges and execute malicious code on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionIf an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application.StateInformationAzure DevOps Pipeline Agent runs with the least amount of privileges.InteractionString6: Accessing ADO services PossibleMitigationsEnsure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a>PriorityHighSDLPhaseImplementationab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH136falsefalseTH101ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba365ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:35:11.5548687+05:30HighTitleAn adversary can reverse weakly encrypted or hashed contentUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can reverse weakly encrypted or hashed contentStateInformationAdhering to the right encryption and logging standards. Logs are scrubbed to prevent any secrets from being exposed.InteractionString6: Accessing ADO services PossibleMitigationsDo not expose security details in error messages. Refer: <a href="https://aka.ms/tmtxmgmt#messages">https://aka.ms/tmtxmgmt#messages</a> Implement Default error handling page. Refer: <a href="https://aka.ms/tmtxmgmt#default">https://aka.ms/tmtxmgmt#default</a> Set Deployment Method to Retail in IIS. Refer: <a href="https://aka.ms/tmtxmgmt#deployment">https://aka.ms/tmtxmgmt#deployment</a> Use only approved symmetric block ciphers and key lengths. Refer: <a href="https://aka.ms/tmtcrypto#cipher-length">https://aka.ms/tmtcrypto#cipher-length</a> Use approved block cipher modes and initialization vectors for symmetric ciphers. Refer: <a href="https://aka.ms/tmtcrypto#vector-ciphers">https://aka.ms/tmtcrypto#vector-ciphers</a> Use approved asymmetric algorithms, key lengths, and padding. Refer: <a href="https://aka.ms/tmtcrypto#padding">https://aka.ms/tmtcrypto#padding</a> Use approved random number generators. Refer: <a href="https://aka.ms/tmtcrypto#numgen">https://aka.ms/tmtcrypto#numgen</a> Do not use symmetric stream ciphers. Refer: <a href="https://aka.ms/tmtcrypto#stream-ciphers">https://aka.ms/tmtcrypto#stream-ciphers</a> Use approved MAC/HMAC/keyed hash algorithms. Refer: <a href="https://aka.ms/tmtcrypto#mac-hash">https://aka.ms/tmtcrypto#mac-hash</a> Use only approved cryptographic hash functions. Refer: <a href="https://aka.ms/tmtcrypto#hash-functions">https://aka.ms/tmtcrypto#hash-functions</a> Verify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a>PriorityHighSDLPhaseImplementationab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH101falsefalseTH102ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba366ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:22:04.7933101+05:30HighTitleAn adversary may gain access to sensitive data from log filesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data from log filesStateInformationNo sensitive data is present in Logs. All logs are parsed, scrubed off any/any sensistive information from logsInteractionString6: Accessing ADO services PossibleMitigationsEnsure that the application does not log sensitive user data. Refer: <a href="https://aka.ms/tmtauditlog#log-sensitive-data">https://aka.ms/tmtauditlog#log-sensitive-data</a> Ensure that Audit and Log Files have Restricted Access. Refer: <a href="https://aka.ms/tmtauditlog#log-restricted-access">https://aka.ms/tmtauditlog#log-restricted-access</a>PriorityHighSDLPhaseImplementationab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH102falsefalseTH139ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba367ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:40:10.7519329+05:30HighTitleAn adversary may gain access to sensitive data stored on host machinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data stored on host machinesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString6: Accessing ADO services PossibleMitigationsConsider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a>PriorityHighSDLPhaseDesignab74bdc7-9518-4d97-946f-66d33b5daf05NotApplicable0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH139falsefalseTH94ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba368ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:38:11.4650105+05:30HighTitleAn adversary can gain access to sensitive information through error messagesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can gain access to sensitive data such as the following, through verbose error messages - Server names - Connection strings - Usernames - Passwords - SQL procedures - Details of dynamic SQL failures - Stack trace and lines of code - Variables stored in memory - Drive and folder locations - Application install points - Host configuration settings - Other internal application details StateInformationAdhering to the right encryption and logging standards. Logs are scrubbed to prevent any secrets from being exposed.InteractionString6: Accessing ADO services PossibleMitigationsDo not expose security details in error messages. Refer: <a href="https://aka.ms/tmtxmgmt#messages">https://aka.ms/tmtxmgmt#messages</a> Implement Default error handling page. Refer: <a href="https://aka.ms/tmtxmgmt#default">https://aka.ms/tmtxmgmt#default</a> Set Deployment Method to Retail in IIS. Refer: <a href="https://aka.ms/tmtxmgmt#deployment">https://aka.ms/tmtxmgmt#deployment</a> Exceptions should fail safely. Refer: <a href="https://aka.ms/tmtxmgmt#fail">https://aka.ms/tmtxmgmt#fail</a> ASP.NET applications must disable tracing and debugging prior to deployment. Refer: <a href="https://aka.ms/tmtconfigmgmt#trace-deploy">https://aka.ms/tmtconfigmgmt#trace-deploy</a> Implement controls to prevent username enumeration. Refer: <a href="https://aka.ms/tmtauthn#controls-username-enum">https://aka.ms/tmtauthn#controls-username-enum</a>PriorityHighSDLPhaseImplementationab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH94falsefalseTH30ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba369ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:36:48.2308377+05:30MediumTitleAttacker can deny the malicious act and remove the attack foot prints leading to repudiation issuesUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happenedUserThreatDescriptionProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a systemStateInformationDetailed verbose logging is implemented in Azure Pipeline Agent. Logs are scrubbed to prevent any secrets from being exposed.InteractionString6: Accessing ADO services PossibleMitigationsEnsure that auditing and logging is enforced on the application. Refer: <a href="https://aka.ms/tmtauditlog#auditing">https://aka.ms/tmtauditlog#auditing</a> Ensure that log rotation and separation are in place. Refer: <a href="https://aka.ms/tmtauditlog#log-rotation">https://aka.ms/tmtauditlog#log-rotation</a> Ensure that Audit and Log Files have Restricted Access. Refer: <a href="https://aka.ms/tmtauditlog#log-restricted-access">https://aka.ms/tmtauditlog#log-restricted-access</a> Ensure that User Management Events are Logged. Refer: <a href="https://aka.ms/tmtauditlog#user-management">https://aka.ms/tmtauditlog#user-management</a>PriorityMediumSDLPhaseImplementationab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH30falsefalseTH117ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba370ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:40:00.2837378+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy for all Azure Subscriptions hosting Microsoft Hosted Pools. Customers who host the Agent on their own Azure Subscription are responsible for the security of their Azure Subscription.InteractionString6: Accessing ADO services PossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesignab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH117falsefalseTH32ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba371ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:35:52.6940848+05:30HighTitleAn adversary can spoof the target web application due to insecure TLS certificate configurationUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionEnsure that TLS certificate parameters are configured with correct valuesStateInformationAzure DevOps Service ensures TLS with the right SSL certificates.InteractionString6: Accessing ADO services PossibleMitigationsVerify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a>PriorityHighSDLPhaseImplementationab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH32falsefalseTH7ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba372ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:35:37.5204729+05:30HighTitleAn adversary can steal sensitive data like user credentialsUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAttackers can exploit weaknesses in system to steal user credentials. Downstream and upstream components are often accessed by using credentials stored in configuration stores. Attackers may steal the upstream or downstream component credentials. Attackers may steal credentials if, Credentials are stored and sent in clear text, Weak input validation coupled with dynamic sql queries, Password retrieval mechanism are poor, StateInformationAzure DevOps Service ensures TLS with the right SSL certificates.InteractionString6: Accessing ADO services PossibleMitigationsExplicitly disable the autocomplete HTML attribute in sensitive forms and inputs. Refer: <a href="https://aka.ms/tmtdata#autocomplete-input">https://aka.ms/tmtdata#autocomplete-input</a> Perform input validation and filtering on all string type Model properties. Refer: <a href="https://aka.ms/tmtinputval#typemodel">https://aka.ms/tmtinputval#typemodel</a> Validate all redirects within the application are closed or done safely. Refer: <a href="https://aka.ms/tmtinputval#redirect-safe">https://aka.ms/tmtinputval#redirect-safe</a> Enable step up or adaptive authentication. Refer: <a href="https://aka.ms/tmtauthn#step-up-adaptive-authn">https://aka.ms/tmtauthn#step-up-adaptive-authn</a> Implement forgot password functionalities securely. Refer: <a href="https://aka.ms/tmtauthn#forgot-pword-fxn">https://aka.ms/tmtauthn#forgot-pword-fxn</a> Ensure that password and account policy are implemented. Refer: <a href="https://aka.ms/tmtauthn#pword-account-policy">https://aka.ms/tmtauthn#pword-account-policy</a> Implement input validation on all string type parameters accepted by Controller methods. Refer: <a href="https://aka.ms/tmtinputval#string-method">https://aka.ms/tmtinputval#string-method</a>PriorityHighSDLPhaseImplementationab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH7falsefalseTH81ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba373ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:39:55.8693797+05:30HighTitleAn adversary can create a fake website and launch phishing attacksUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionPhishing is attempted to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a Web Server which is a trustworthy entity in electronic communicationStateInformationAzure DevOps Service ensures TLS with the right SSL certificates.InteractionString6: Accessing ADO services PossibleMitigationsVerify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a> Ensure that authenticated ASP.NET pages incorporate UI Redressing or clickjacking defences. Refer: <a href="https://aka.ms/tmtconfigmgmt#ui-defenses">https://aka.ms/tmtconfigmgmt#ui-defenses</a> Validate all redirects within the application are closed or done safely. Refer: <a href="https://aka.ms/tmtinputval#redirect-safe">https://aka.ms/tmtinputval#redirect-safe</a>PriorityHighSDLPhaseImplementationab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH81falsefalseTH86ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba374ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:36:08.2737305+05:30HighTitleAn adversary may spoof Agent Worker and gain access to Web ApplicationUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionIf proper authentication is not in place, an adversary can spoof a source process or external entity and gain unauthorized access to the Web ApplicationStateInformationRequires an access token issued by a mutually trusted Identity Service.InteractionString6: Accessing ADO services PossibleMitigationsConsider using a standard authentication mechanism to authenticate to Web Application. Refer: <a href="https://aka.ms/tmtauthn#standard-authn-web-app">https://aka.ms/tmtauthn#standard-authn-web-app</a>PriorityHighSDLPhaseDesignab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH86falsefalseTH134ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba375ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:23:21.1875833+05:30HighTitleAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devicesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. StateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString6: Accessing ADO services PossibleMitigationsEnsure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a>PriorityHighSDLPhaseDesignab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH134falsefalseTH137ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba376ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:22:51.1062862+05:30HighTitleAn adversary may reverse engineer deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may reverse engineer deployed binariesStateInformationAzure DevOps Agent is open source. Code is already available on GitHub. Deployed binaries do not contain any sensitive data.InteractionString6: Accessing ADO services PossibleMitigationsEnsure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a>PriorityHighSDLPhaseImplementationab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH137falsefalseTH138ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba377ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:23:38.1235534+05:30HighTitleAn adversary may tamper deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may tamper deployed binariesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString6: Accessing ADO services PossibleMitigationsEnsure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a>PriorityHighSDLPhaseDesignab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH138falsefalseTH96ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba378ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:39:50.6267751+05:30HighTitleAn adversary can gain access to sensitive data by performing SQL injection through Web AppUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. StateInformationInput scrubbing on Auzre DevOps Service is not in the scope of this reviewInteractionString6: Accessing ADO services PossibleMitigationsEnsure that type-safe parameters are used in Web Application for data access. Refer: <a href="https://aka.ms/tmtinputval#typesafe">https://aka.ms/tmtinputval#typesafe</a>PriorityHighSDLPhaseImplementationab74bdc7-9518-4d97-946f-66d33b5daf05NotApplicable0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH96falsefalseTH98ab74bdc7-9518-4d97-946f-66d33b5daf05be36fd4e-3f3d-4a58-abb1-a0830d2173ba0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4REDMOND\rishabhmalik9170c488-4cdf-4b44-8055-a93e8fb16045be36fd4e-3f3d-4a58-abb1-a0830d2173ba379ab74bdc7-9518-4d97-946f-66d33b5daf05:be36fd4e-3f3d-4a58-abb1-a0830d2173ba:0f8c62d2-6e11-4ce7-8c5c-ff81aef18be42025-09-29T12:39:18.7163829+05:30HighTitleAn adversary can gain access to sensitive data stored in Web App's config filesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary can gain access to the config files. and if sensitive data is stored in it, it would be compromised.StateInformationCommunication is secured using encryption of payload and appropriate TLs channelInteractionString6: Accessing ADO services PossibleMitigationsEncrypt sections of Web App's configuration files that contain sensitive data. Refer: <a href="https://aka.ms/tmtdata#encrypt-data">https://aka.ms/tmtdata#encrypt-data</a>PriorityHighSDLPhaseImplementationab74bdc7-9518-4d97-946f-66d33b5daf05Mitigated0f8c62d2-6e11-4ce7-8c5c-ff81aef18be4TH98falsefalseTH11688aa7929-bea9-486d-96a1-8d9973681107ebd17035-3abc-4602-a022-97fc5555e969736335e4-36cf-489d-9964-86bd1df4f106REDMOND\rishabhmalik01081e16-ca66-42c6-b2c5-e470ce83a88cebd17035-3abc-4602-a022-97fc5555e96938088aa7929-bea9-486d-96a1-8d9973681107:ebd17035-3abc-4602-a022-97fc5555e969:736335e4-36cf-489d-9964-86bd1df4f1062025-09-29T12:29:58.1108394+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationStorage Account contains the Agent Binaries. There is no EUII. Access must be set as public for it to serve as a the data layer for the two CDNs.InteractionStringAgent binaries UploadPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign88aa7929-bea9-486d-96a1-8d9973681107Mitigated736335e4-36cf-489d-9964-86bd1df4f106TH116falsefalseTH1788aa7929-bea9-486d-96a1-8d9973681107ebd17035-3abc-4602-a022-97fc5555e969736335e4-36cf-489d-9964-86bd1df4f106REDMOND\rishabhmalik01081e16-ca66-42c6-b2c5-e470ce83a88cebd17035-3abc-4602-a022-97fc5555e96938188aa7929-bea9-486d-96a1-8d9973681107:ebd17035-3abc-4602-a022-97fc5555e969:736335e4-36cf-489d-9964-86bd1df4f1062025-09-29T12:28:01.9764807+05:30HighTitleAn adversary can gain unauthorized access to Azure Blob Storage due to weak access control restrictionsUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to Azure Blob Storage due to weak access control restrictionsStateInformationStorage Account contains the Agent Binaries. There is no EUII. Access must be set as public for it to serve as a the data layer for the two CDNs.InteractionStringAgent binaries UploadPossibleMitigationsGrant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a>PriorityHighSDLPhaseImplementation88aa7929-bea9-486d-96a1-8d9973681107NotApplicable736335e4-36cf-489d-9964-86bd1df4f106TH17falsefalseTH14088aa7929-bea9-486d-96a1-8d9973681107ebd17035-3abc-4602-a022-97fc5555e969736335e4-36cf-489d-9964-86bd1df4f106REDMOND\rishabhmalik01081e16-ca66-42c6-b2c5-e470ce83a88cebd17035-3abc-4602-a022-97fc5555e96938288aa7929-bea9-486d-96a1-8d9973681107:ebd17035-3abc-4602-a022-97fc5555e969:736335e4-36cf-489d-9964-86bd1df4f1062025-09-29T12:28:50.612381+05:30HighTitleAn adversary can gain unauthorized access to Azure Blob Storage instances due to weak network configurationUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to Azure Blob Storage instances due to weak network configurationStateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionStringAgent binaries UploadPossibleMitigationsIt is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a>PriorityHighSDLPhaseImplementation88aa7929-bea9-486d-96a1-8d9973681107Mitigated736335e4-36cf-489d-9964-86bd1df4f106TH140falsefalseTH6788aa7929-bea9-486d-96a1-8d9973681107ebd17035-3abc-4602-a022-97fc5555e969736335e4-36cf-489d-9964-86bd1df4f106REDMOND\rishabhmalik01081e16-ca66-42c6-b2c5-e470ce83a88cebd17035-3abc-4602-a022-97fc5555e96938388aa7929-bea9-486d-96a1-8d9973681107:ebd17035-3abc-4602-a022-97fc5555e969:736335e4-36cf-489d-9964-86bd1df4f1062025-09-29T12:30:29.4505368+05:30HighTitleAn adversary may gain unauthorized access to Azure Blob Storage account in a subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to Azure Blob Storage account in a subscriptionStateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionStringAgent binaries UploadPossibleMitigationsAssign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a>PriorityHighSDLPhaseImplementation88aa7929-bea9-486d-96a1-8d9973681107Mitigated736335e4-36cf-489d-9964-86bd1df4f106TH67falsefalseTH6388aa7929-bea9-486d-96a1-8d9973681107ebd17035-3abc-4602-a022-97fc5555e969736335e4-36cf-489d-9964-86bd1df4f106REDMOND\rishabhmalik01081e16-ca66-42c6-b2c5-e470ce83a88cebd17035-3abc-4602-a022-97fc5555e96938488aa7929-bea9-486d-96a1-8d9973681107:ebd17035-3abc-4602-a022-97fc5555e969:736335e4-36cf-489d-9964-86bd1df4f1062025-09-29T12:25:46.6362523+05:30HighTitleAn adversary can abuse poorly managed Azure Blob Storage account access keysUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can abuse poorly managed Azure Blob Storage account access keys and gain unauthorized access to storage.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionStringAgent binaries UploadPossibleMitigationsEnsure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a>PriorityHighSDLPhaseImplementation88aa7929-bea9-486d-96a1-8d9973681107Mitigated736335e4-36cf-489d-9964-86bd1df4f106TH63falsefalseTH2088aa7929-bea9-486d-96a1-8d9973681107ebd17035-3abc-4602-a022-97fc5555e969736335e4-36cf-489d-9964-86bd1df4f106REDMOND\rishabhmalik01081e16-ca66-42c6-b2c5-e470ce83a88cebd17035-3abc-4602-a022-97fc5555e96938588aa7929-bea9-486d-96a1-8d9973681107:ebd17035-3abc-4602-a022-97fc5555e969:736335e4-36cf-489d-9964-86bd1df4f1062025-09-29T12:31:11.6939251+05:30MediumTitleAn adversary can deny actions on Azure Blob Storage due to lack of auditing UserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happenedUserThreatDescriptionProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system.StateInformationDetailed verbose logging and tracking is implemented.InteractionStringAgent binaries UploadPossibleMitigationsUse Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a>PriorityMediumSDLPhaseImplementation88aa7929-bea9-486d-96a1-8d9973681107Mitigated736335e4-36cf-489d-9964-86bd1df4f106TH20falsefalseTH11788aa7929-bea9-486d-96a1-8d9973681107ebd17035-3abc-4602-a022-97fc5555e969736335e4-36cf-489d-9964-86bd1df4f106REDMOND\rishabhmalik01081e16-ca66-42c6-b2c5-e470ce83a88cebd17035-3abc-4602-a022-97fc5555e96938688aa7929-bea9-486d-96a1-8d9973681107:ebd17035-3abc-4602-a022-97fc5555e969:736335e4-36cf-489d-9964-86bd1df4f1062025-09-29T12:30:42.5667128+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionStringAgent binaries UploadPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign88aa7929-bea9-486d-96a1-8d9973681107Mitigated736335e4-36cf-489d-9964-86bd1df4f106TH117falsefalseTH2188aa7929-bea9-486d-96a1-8d9973681107ebd17035-3abc-4602-a022-97fc5555e969736335e4-36cf-489d-9964-86bd1df4f106REDMOND\rishabhmalik01081e16-ca66-42c6-b2c5-e470ce83a88cebd17035-3abc-4602-a022-97fc5555e96938788aa7929-bea9-486d-96a1-8d9973681107:ebd17035-3abc-4602-a022-97fc5555e969:736335e4-36cf-489d-9964-86bd1df4f1062025-09-29T12:28:21.8262752+05:30HighTitleAn adversary can gain unauthorized access to Azure Blob Storage due to weak CORS configurationUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to Azure Blob Storage due to weak CORS configurationStateInformationStorage Account contains the Agent Binaries. There is no EUII. Access must be set as public for it to serve as a the data layer for the two CDNs.InteractionStringAgent binaries UploadPossibleMitigationsEnsure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a>PriorityHighSDLPhaseImplementation88aa7929-bea9-486d-96a1-8d9973681107NotApplicable736335e4-36cf-489d-9964-86bd1df4f106TH21falsefalseTH8588aa7929-bea9-486d-96a1-8d9973681107ebd17035-3abc-4602-a022-97fc5555e969736335e4-36cf-489d-9964-86bd1df4f106REDMOND\rishabhmalik01081e16-ca66-42c6-b2c5-e470ce83a88cebd17035-3abc-4602-a022-97fc5555e96938888aa7929-bea9-486d-96a1-8d9973681107:ebd17035-3abc-4602-a022-97fc5555e969:736335e4-36cf-489d-9964-86bd1df4f1062025-09-29T12:27:15.4156626+05:30HighTitleAn adversary can access Azure storage blobs and containers anonymouslyUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary can gain access to Azure storage containers and blobs if anonymous access is provided to potentially sensitive data accidentally.StateInformationStorage Account contains the Agent Binaries. There is no EUII. Access must be set as public for it to serve as a the data layer for the two CDNs to access it.InteractionStringAgent binaries UploadPossibleMitigationsEnsure that only the required containers and blobs are given anonymous read access. Refer: <a href="https://aka.ms/tmt-th85">https://aka.ms/tmt-th85</a>PriorityHighSDLPhaseImplementation88aa7929-bea9-486d-96a1-8d9973681107Mitigated736335e4-36cf-489d-9964-86bd1df4f106TH85falsefalseTH1016db9dd7f-74f1-4c07-9fdd-17e00dc4596363fec324-52c5-4b14-8ec3-7932d54969d36db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa63fec324-52c5-4b14-8ec3-7932d54969d33896db9dd7f-74f1-4c07-9fdd-17e00dc45963:63fec324-52c5-4b14-8ec3-7932d54969d3:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T16:00:19.4049157+05:30HighTitleAn adversary can reverse weakly encrypted or hashed contentUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can reverse weakly encrypted or hashed contentStateInformationTFS side security protocols are not in the scope of this reviewInteractionString7: AES Key GenerationPossibleMitigationsDo not expose security details in error messages. Refer: <a href="https://aka.ms/tmtxmgmt#messages">https://aka.ms/tmtxmgmt#messages</a> Implement Default error handling page. Refer: <a href="https://aka.ms/tmtxmgmt#default">https://aka.ms/tmtxmgmt#default</a> Set Deployment Method to Retail in IIS. Refer: <a href="https://aka.ms/tmtxmgmt#deployment">https://aka.ms/tmtxmgmt#deployment</a> Use only approved symmetric block ciphers and key lengths. Refer: <a href="https://aka.ms/tmtcrypto#cipher-length">https://aka.ms/tmtcrypto#cipher-length</a> Use approved block cipher modes and initialization vectors for symmetric ciphers. Refer: <a href="https://aka.ms/tmtcrypto#vector-ciphers">https://aka.ms/tmtcrypto#vector-ciphers</a> Use approved asymmetric algorithms, key lengths, and padding. Refer: <a href="https://aka.ms/tmtcrypto#padding">https://aka.ms/tmtcrypto#padding</a> Use approved random number generators. Refer: <a href="https://aka.ms/tmtcrypto#numgen">https://aka.ms/tmtcrypto#numgen</a> Do not use symmetric stream ciphers. Refer: <a href="https://aka.ms/tmtcrypto#stream-ciphers">https://aka.ms/tmtcrypto#stream-ciphers</a> Use approved MAC/HMAC/keyed hash algorithms. Refer: <a href="https://aka.ms/tmtcrypto#mac-hash">https://aka.ms/tmtcrypto#mac-hash</a> Use only approved cryptographic hash functions. Refer: <a href="https://aka.ms/tmtcrypto#hash-functions">https://aka.ms/tmtcrypto#hash-functions</a> Verify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH101falsefalseTH1026db9dd7f-74f1-4c07-9fdd-17e00dc4596363fec324-52c5-4b14-8ec3-7932d54969d36db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa63fec324-52c5-4b14-8ec3-7932d54969d33906db9dd7f-74f1-4c07-9fdd-17e00dc45963:63fec324-52c5-4b14-8ec3-7932d54969d3:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T15:54:54.1397704+05:30HighTitleAn adversary may gain access to sensitive data from log filesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data from log filesStateInformationTFS side security is not in the scope of this review.InteractionString7: AES Key GenerationPossibleMitigationsEnsure that the application does not log sensitive user data. Refer: <a href="https://aka.ms/tmtauditlog#log-sensitive-data">https://aka.ms/tmtauditlog#log-sensitive-data</a> Ensure that Audit and Log Files have Restricted Access. Refer: <a href="https://aka.ms/tmtauditlog#log-restricted-access">https://aka.ms/tmtauditlog#log-restricted-access</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH102falsefalseTH946db9dd7f-74f1-4c07-9fdd-17e00dc4596363fec324-52c5-4b14-8ec3-7932d54969d36db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa63fec324-52c5-4b14-8ec3-7932d54969d33916db9dd7f-74f1-4c07-9fdd-17e00dc45963:63fec324-52c5-4b14-8ec3-7932d54969d3:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T15:53:27.8650937+05:30HighTitleAn adversary can gain access to sensitive information through error messagesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can gain access to sensitive data such as the following, through verbose error messages - Server names - Connection strings - Usernames - Passwords - SQL procedures - Details of dynamic SQL failures - Stack trace and lines of code - Variables stored in memory - Drive and folder locations - Application install points - Host configuration settings - Other internal application details StateInformationTFS side security is not in the scope of this review.InteractionString7: AES Key GenerationPossibleMitigationsDo not expose security details in error messages. Refer: <a href="https://aka.ms/tmtxmgmt#messages">https://aka.ms/tmtxmgmt#messages</a> Implement Default error handling page. Refer: <a href="https://aka.ms/tmtxmgmt#default">https://aka.ms/tmtxmgmt#default</a> Set Deployment Method to Retail in IIS. Refer: <a href="https://aka.ms/tmtxmgmt#deployment">https://aka.ms/tmtxmgmt#deployment</a> Exceptions should fail safely. Refer: <a href="https://aka.ms/tmtxmgmt#fail">https://aka.ms/tmtxmgmt#fail</a> ASP.NET applications must disable tracing and debugging prior to deployment. Refer: <a href="https://aka.ms/tmtconfigmgmt#trace-deploy">https://aka.ms/tmtconfigmgmt#trace-deploy</a> Implement controls to prevent username enumeration. Refer: <a href="https://aka.ms/tmtauthn#controls-username-enum">https://aka.ms/tmtauthn#controls-username-enum</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH94falsefalseTH306db9dd7f-74f1-4c07-9fdd-17e00dc4596363fec324-52c5-4b14-8ec3-7932d54969d36db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa63fec324-52c5-4b14-8ec3-7932d54969d33926db9dd7f-74f1-4c07-9fdd-17e00dc45963:63fec324-52c5-4b14-8ec3-7932d54969d3:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T15:56:44.0369281+05:30MediumTitleAttacker can deny the malicious act and remove the attack foot prints leading to repudiation issuesUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happenedUserThreatDescriptionProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a systemStateInformationInput scrubbing on Auzre DevOps Service is not in the scope of this reviewInteractionString7: AES Key GenerationPossibleMitigationsEnsure that auditing and logging is enforced on the application. Refer: <a href="https://aka.ms/tmtauditlog#auditing">https://aka.ms/tmtauditlog#auditing</a> Ensure that log rotation and separation are in place. Refer: <a href="https://aka.ms/tmtauditlog#log-rotation">https://aka.ms/tmtauditlog#log-rotation</a> Ensure that Audit and Log Files have Restricted Access. Refer: <a href="https://aka.ms/tmtauditlog#log-restricted-access">https://aka.ms/tmtauditlog#log-restricted-access</a> Ensure that User Management Events are Logged. Refer: <a href="https://aka.ms/tmtauditlog#user-management">https://aka.ms/tmtauditlog#user-management</a>PriorityMediumSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH30falsefalseTH326db9dd7f-74f1-4c07-9fdd-17e00dc4596363fec324-52c5-4b14-8ec3-7932d54969d36db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa63fec324-52c5-4b14-8ec3-7932d54969d33936db9dd7f-74f1-4c07-9fdd-17e00dc45963:63fec324-52c5-4b14-8ec3-7932d54969d3:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T15:59:50.5948001+05:30HighTitleAn adversary can spoof the target web application due to insecure TLS certificate configurationUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionEnsure that TLS certificate parameters are configured with correct valuesStateInformationTFS side security protocols are not in the scope of this reviewInteractionString7: AES Key GenerationPossibleMitigationsVerify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH32falsefalseTH76db9dd7f-74f1-4c07-9fdd-17e00dc4596363fec324-52c5-4b14-8ec3-7932d54969d36db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa63fec324-52c5-4b14-8ec3-7932d54969d33946db9dd7f-74f1-4c07-9fdd-17e00dc45963:63fec324-52c5-4b14-8ec3-7932d54969d3:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T16:00:01.6849188+05:30HighTitleAn adversary can steal sensitive data like user credentialsUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAttackers can exploit weaknesses in system to steal user credentials. Downstream and upstream components are often accessed by using credentials stored in configuration stores. Attackers may steal the upstream or downstream component credentials. Attackers may steal credentials if, Credentials are stored and sent in clear text, Weak input validation coupled with dynamic sql queries, Password retrieval mechanism are poor, StateInformationTFS side security protocols are not in the scope of this reviewInteractionString7: AES Key GenerationPossibleMitigationsExplicitly disable the autocomplete HTML attribute in sensitive forms and inputs. Refer: <a href="https://aka.ms/tmtdata#autocomplete-input">https://aka.ms/tmtdata#autocomplete-input</a> Perform input validation and filtering on all string type Model properties. Refer: <a href="https://aka.ms/tmtinputval#typemodel">https://aka.ms/tmtinputval#typemodel</a> Validate all redirects within the application are closed or done safely. Refer: <a href="https://aka.ms/tmtinputval#redirect-safe">https://aka.ms/tmtinputval#redirect-safe</a> Enable step up or adaptive authentication. Refer: <a href="https://aka.ms/tmtauthn#step-up-adaptive-authn">https://aka.ms/tmtauthn#step-up-adaptive-authn</a> Implement forgot password functionalities securely. Refer: <a href="https://aka.ms/tmtauthn#forgot-pword-fxn">https://aka.ms/tmtauthn#forgot-pword-fxn</a> Ensure that password and account policy are implemented. Refer: <a href="https://aka.ms/tmtauthn#pword-account-policy">https://aka.ms/tmtauthn#pword-account-policy</a> Implement input validation on all string type parameters accepted by Controller methods. Refer: <a href="https://aka.ms/tmtinputval#string-method">https://aka.ms/tmtinputval#string-method</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH7falsefalseTH816db9dd7f-74f1-4c07-9fdd-17e00dc4596363fec324-52c5-4b14-8ec3-7932d54969d36db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa63fec324-52c5-4b14-8ec3-7932d54969d33956db9dd7f-74f1-4c07-9fdd-17e00dc45963:63fec324-52c5-4b14-8ec3-7932d54969d3:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T15:57:26.2448695+05:30HighTitleAn adversary can create a fake website and launch phishing attacksUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionPhishing is attempted to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a Web Server which is a trustworthy entity in electronic communicationStateInformationTFS side security protocols are not in the scope of this reviewInteractionString7: AES Key GenerationPossibleMitigationsVerify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a> Ensure that authenticated ASP.NET pages incorporate UI Redressing or clickjacking defences. Refer: <a href="https://aka.ms/tmtconfigmgmt#ui-defenses">https://aka.ms/tmtconfigmgmt#ui-defenses</a> Validate all redirects within the application are closed or done safely. Refer: <a href="https://aka.ms/tmtinputval#redirect-safe">https://aka.ms/tmtinputval#redirect-safe</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH81falsefalseTH866db9dd7f-74f1-4c07-9fdd-17e00dc4596363fec324-52c5-4b14-8ec3-7932d54969d36db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa63fec324-52c5-4b14-8ec3-7932d54969d33966db9dd7f-74f1-4c07-9fdd-17e00dc45963:63fec324-52c5-4b14-8ec3-7932d54969d3:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T15:59:25.9550711+05:30HighTitleAn adversary may spoof TFS Instance and gain access to Web ApplicationUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionIf proper authentication is not in place, an adversary can spoof a source process or external entity and gain unauthorized access to the Web ApplicationStateInformationTFS side security protocols are not in the scope of this reviewInteractionString7: AES Key GenerationPossibleMitigationsConsider using a standard authentication mechanism to authenticate to Web Application. Refer: <a href="https://aka.ms/tmtauthn#standard-authn-web-app">https://aka.ms/tmtauthn#standard-authn-web-app</a>PriorityHighSDLPhaseDesign6db9dd7f-74f1-4c07-9fdd-17e00dc45963NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH86falsefalseTH966db9dd7f-74f1-4c07-9fdd-17e00dc4596363fec324-52c5-4b14-8ec3-7932d54969d36db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa63fec324-52c5-4b14-8ec3-7932d54969d33976db9dd7f-74f1-4c07-9fdd-17e00dc45963:63fec324-52c5-4b14-8ec3-7932d54969d3:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T16:00:56.9961064+05:30HighTitleAn adversary can gain access to sensitive data by performing SQL injection through Web AppUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. StateInformationInput scrubbing on Auzre DevOps Service is not in the scope of this reviewInteractionString7: AES Key GenerationPossibleMitigationsEnsure that type-safe parameters are used in Web Application for data access. Refer: <a href="https://aka.ms/tmtinputval#typesafe">https://aka.ms/tmtinputval#typesafe</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH96falsefalseTH986db9dd7f-74f1-4c07-9fdd-17e00dc4596363fec324-52c5-4b14-8ec3-7932d54969d36db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa63fec324-52c5-4b14-8ec3-7932d54969d33986db9dd7f-74f1-4c07-9fdd-17e00dc45963:63fec324-52c5-4b14-8ec3-7932d54969d3:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T15:53:10.5947784+05:30HighTitleAn adversary can gain access to sensitive data stored in Web App's config filesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary can gain access to the config files. and if sensitive data is stored in it, it would be compromised.StateInformationTFS side security is not in the scope of this review.InteractionString7: AES Key GenerationPossibleMitigationsEncrypt sections of Web App's configuration files that contain sensitive data. Refer: <a href="https://aka.ms/tmtdata#encrypt-data">https://aka.ms/tmtdata#encrypt-data</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH98falsefalseTH11619d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba39919d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:56:34.3005629+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH116falsefalseTH13519d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba40019d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:54:45.8132533+05:30HighTitleAn adversary may gain unauthorized access to data on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to data on host machinesStateInformationConfidential data such as client secret, RSA private key, etc. are stored in an encrypted manner. Rest of the data is related ot the job being executed and cannot be stored in an encrypted manner.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsEnsure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH135falsefalseTH13619d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba40119d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:51:05.7113199+05:30HighTitleAn adversary may gain elevated privileges and execute malicious code on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionIf an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application.StateInformationAzure DevOps Pipeline Agent runs with the least amount of privileges.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsEnsure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH136falsefalseTH10119d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba40219d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:57:11.7222486+05:30HighTitleAn adversary can reverse weakly encrypted or hashed contentUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can reverse weakly encrypted or hashed contentStateInformationAdhering to the right encryption and logging standards. Logs are scrubbed to prevent any secrets from being exposed.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsDo not expose security details in error messages. Refer: <a href="https://aka.ms/tmtxmgmt#messages">https://aka.ms/tmtxmgmt#messages</a> Implement Default error handling page. Refer: <a href="https://aka.ms/tmtxmgmt#default">https://aka.ms/tmtxmgmt#default</a> Set Deployment Method to Retail in IIS. Refer: <a href="https://aka.ms/tmtxmgmt#deployment">https://aka.ms/tmtxmgmt#deployment</a> Use only approved symmetric block ciphers and key lengths. Refer: <a href="https://aka.ms/tmtcrypto#cipher-length">https://aka.ms/tmtcrypto#cipher-length</a> Use approved block cipher modes and initialization vectors for symmetric ciphers. Refer: <a href="https://aka.ms/tmtcrypto#vector-ciphers">https://aka.ms/tmtcrypto#vector-ciphers</a> Use approved asymmetric algorithms, key lengths, and padding. Refer: <a href="https://aka.ms/tmtcrypto#padding">https://aka.ms/tmtcrypto#padding</a> Use approved random number generators. Refer: <a href="https://aka.ms/tmtcrypto#numgen">https://aka.ms/tmtcrypto#numgen</a> Do not use symmetric stream ciphers. Refer: <a href="https://aka.ms/tmtcrypto#stream-ciphers">https://aka.ms/tmtcrypto#stream-ciphers</a> Use approved MAC/HMAC/keyed hash algorithms. Refer: <a href="https://aka.ms/tmtcrypto#mac-hash">https://aka.ms/tmtcrypto#mac-hash</a> Use only approved cryptographic hash functions. Refer: <a href="https://aka.ms/tmtcrypto#hash-functions">https://aka.ms/tmtcrypto#hash-functions</a> Verify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH101falsefalseTH10219d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba40319d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:57:28.7652472+05:30HighTitleAn adversary may gain access to sensitive data from log filesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data from log filesStateInformationNo sensitive data is present in Logs. All logs are parsed, scrubed off any/any sensistive information from logsInteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsEnsure that the application does not log sensitive user data. Refer: <a href="https://aka.ms/tmtauditlog#log-sensitive-data">https://aka.ms/tmtauditlog#log-sensitive-data</a> Ensure that Audit and Log Files have Restricted Access. Refer: <a href="https://aka.ms/tmtauditlog#log-restricted-access">https://aka.ms/tmtauditlog#log-restricted-access</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH102falsefalseTH13919d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba40419d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:57:55.6414671+05:30HighTitleAn adversary may gain access to sensitive data stored on host machinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data stored on host machinesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsConsider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH139falsefalseTH9419d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba40519d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:56:00.0658534+05:30HighTitleAn adversary can gain access to sensitive information through error messagesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary can gain access to sensitive data such as the following, through verbose error messages - Server names - Connection strings - Usernames - Passwords - SQL procedures - Details of dynamic SQL failures - Stack trace and lines of code - Variables stored in memory - Drive and folder locations - Application install points - Host configuration settings - Other internal application details StateInformationAdhering to the right encryption and logging standards. Logs are scrubbed to prevent any secrets from being exposed.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsDo not expose security details in error messages. Refer: <a href="https://aka.ms/tmtxmgmt#messages">https://aka.ms/tmtxmgmt#messages</a> Implement Default error handling page. Refer: <a href="https://aka.ms/tmtxmgmt#default">https://aka.ms/tmtxmgmt#default</a> Set Deployment Method to Retail in IIS. Refer: <a href="https://aka.ms/tmtxmgmt#deployment">https://aka.ms/tmtxmgmt#deployment</a> Exceptions should fail safely. Refer: <a href="https://aka.ms/tmtxmgmt#fail">https://aka.ms/tmtxmgmt#fail</a> ASP.NET applications must disable tracing and debugging prior to deployment. Refer: <a href="https://aka.ms/tmtconfigmgmt#trace-deploy">https://aka.ms/tmtconfigmgmt#trace-deploy</a> Implement controls to prevent username enumeration. Refer: <a href="https://aka.ms/tmtauthn#controls-username-enum">https://aka.ms/tmtauthn#controls-username-enum</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH94falsefalseTH3019d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba40619d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:50:01.3358332+05:30MediumTitleAttacker can deny the malicious act and remove the attack foot prints leading to repudiation issuesUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happenedUserThreatDescriptionProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a systemStateInformationDetailed verbose logging is implemented in Azure Pipeline Agent. Logs are scrubbed to prevent any secrets from being exposed.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsEnsure that auditing and logging is enforced on the application. Refer: <a href="https://aka.ms/tmtauditlog#auditing">https://aka.ms/tmtauditlog#auditing</a> Ensure that log rotation and separation are in place. Refer: <a href="https://aka.ms/tmtauditlog#log-rotation">https://aka.ms/tmtauditlog#log-rotation</a> Ensure that Audit and Log Files have Restricted Access. Refer: <a href="https://aka.ms/tmtauditlog#log-restricted-access">https://aka.ms/tmtauditlog#log-restricted-access</a> Ensure that User Management Events are Logged. Refer: <a href="https://aka.ms/tmtauditlog#user-management">https://aka.ms/tmtauditlog#user-management</a>PriorityMediumSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH30falsefalseTH11719d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba40719d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:53:41.0683608+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH117falsefalseTH3219d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba40819d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:58:58.4359288+05:30HighTitleAn adversary can spoof the target web application due to insecure TLS certificate configurationUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionEnsure that TLS certificate parameters are configured with correct valuesStateInformationAzure DevOps Service ensures TLS with the right SSL certificates.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsVerify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH32falsefalseTH719d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba40919d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:59:01.7552094+05:30HighTitleAn adversary can steal sensitive data like user credentialsUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAttackers can exploit weaknesses in system to steal user credentials. Downstream and upstream components are often accessed by using credentials stored in configuration stores. Attackers may steal the upstream or downstream component credentials. Attackers may steal credentials if, Credentials are stored and sent in clear text, Weak input validation coupled with dynamic sql queries, Password retrieval mechanism are poor, StateInformationAzure DevOps Service ensures TLS with the right SSL certificates.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsExplicitly disable the autocomplete HTML attribute in sensitive forms and inputs. Refer: <a href="https://aka.ms/tmtdata#autocomplete-input">https://aka.ms/tmtdata#autocomplete-input</a> Perform input validation and filtering on all string type Model properties. Refer: <a href="https://aka.ms/tmtinputval#typemodel">https://aka.ms/tmtinputval#typemodel</a> Validate all redirects within the application are closed or done safely. Refer: <a href="https://aka.ms/tmtinputval#redirect-safe">https://aka.ms/tmtinputval#redirect-safe</a> Enable step up or adaptive authentication. Refer: <a href="https://aka.ms/tmtauthn#step-up-adaptive-authn">https://aka.ms/tmtauthn#step-up-adaptive-authn</a> Implement forgot password functionalities securely. Refer: <a href="https://aka.ms/tmtauthn#forgot-pword-fxn">https://aka.ms/tmtauthn#forgot-pword-fxn</a> Ensure that password and account policy are implemented. Refer: <a href="https://aka.ms/tmtauthn#pword-account-policy">https://aka.ms/tmtauthn#pword-account-policy</a> Implement input validation on all string type parameters accepted by Controller methods. Refer: <a href="https://aka.ms/tmtinputval#string-method">https://aka.ms/tmtinputval#string-method</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH7falsefalseTH8119d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba41019d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:50:16.7296583+05:30HighTitleAn adversary can create a fake website and launch phishing attacksUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionPhishing is attempted to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a Web Server which is a trustworthy entity in electronic communicationStateInformationAzure DevOps Service ensures TLS with the right SSL certificates.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsVerify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a> Ensure that authenticated ASP.NET pages incorporate UI Redressing or clickjacking defences. Refer: <a href="https://aka.ms/tmtconfigmgmt#ui-defenses">https://aka.ms/tmtconfigmgmt#ui-defenses</a> Validate all redirects within the application are closed or done safely. Refer: <a href="https://aka.ms/tmtinputval#redirect-safe">https://aka.ms/tmtinputval#redirect-safe</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH81falsefalseTH8619d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba41119d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:50:47.5638494+05:30HighTitleAn adversary may spoof Agent Listener and gain access to Web ApplicationUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionIf proper authentication is not in place, an adversary can spoof a source process or external entity and gain unauthorized access to the Web ApplicationStateInformationRequires an access token issued by a mutually trusted Identity Service.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsConsider using a standard authentication mechanism to authenticate to Web Application. Refer: <a href="https://aka.ms/tmtauthn#standard-authn-web-app">https://aka.ms/tmtauthn#standard-authn-web-app</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH86falsefalseTH13419d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba41219d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:53:16.3187875+05:30HighTitleAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devicesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. StateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsEnsure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH134falsefalseTH13719d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba41319d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:54:07.2919278+05:30HighTitleAn adversary may reverse engineer deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may reverse engineer deployed binariesStateInformationAzure DevOps Agent is open source. Code is already available on GitHub. Deployed binaries do not contain any sensitive data.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsEnsure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH137falsefalseTH13819d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba41419d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:52:34.0143874+05:30HighTitleAn adversary may tamper deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may tamper deployed binariesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsEnsure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a>PriorityHighSDLPhaseDesign19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH138falsefalseTH9619d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba41519d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T19:00:17.1628243+05:30HighTitleAn adversary can gain access to sensitive data by performing SQL injection through Web AppUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. StateInformationInput scrubbing on Auzre DevOps Service is not in the scope of this reviewInteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsEnsure that type-safe parameters are used in Web Application for data access. Refer: <a href="https://aka.ms/tmtinputval#typesafe">https://aka.ms/tmtinputval#typesafe</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0NotApplicable6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH96falsefalseTH9819d8710c-11af-4d9a-83b8-2a54b7816fe03d3d8d93-f79d-472e-9116-70ce3d33dcba6db9dd7f-74f1-4c07-9fdd-17e00dc45963REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa3d3d8d93-f79d-472e-9116-70ce3d33dcba41619d8710c-11af-4d9a-83b8-2a54b7816fe0:3d3d8d93-f79d-472e-9116-70ce3d33dcba:6db9dd7f-74f1-4c07-9fdd-17e00dc459632025-09-29T18:56:13.4946687+05:30HighTitleAn adversary can gain access to sensitive data stored in Web App's config filesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary can gain access to the config files. and if sensitive data is stored in it, it would be compromised.StateInformationCommunication is secured using encryption of payload and appropriate TLs channelInteractionString6: Agent Startup - Session creation with TFSPossibleMitigationsEncrypt sections of Web App's configuration files that contain sensitive data. Refer: <a href="https://aka.ms/tmtdata#encrypt-data">https://aka.ms/tmtdata#encrypt-data</a>PriorityHighSDLPhaseImplementation19d8710c-11af-4d9a-83b8-2a54b7816fe0Mitigated6db9dd7f-74f1-4c07-9fdd-17e00dc45963TH98falsefalseTH1166db9dd7f-74f1-4c07-9fdd-17e00dc459638ea6620a-8c12-414a-b1e3-a53fe2903a1c19d8710c-11af-4d9a-83b8-2a54b7816fe0REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa8ea6620a-8c12-414a-b1e3-a53fe2903a1c4176db9dd7f-74f1-4c07-9fdd-17e00dc45963:8ea6620a-8c12-414a-b1e3-a53fe2903a1c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-09-29T18:56:43.0795345+05:30HighTitleAn adversary can gain unauthorized access to resources in an Azure subscriptionUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString8: Session created, Ready to PollPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>PriorityHighSDLPhaseDesign6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH116falsefalseTH1356db9dd7f-74f1-4c07-9fdd-17e00dc459638ea6620a-8c12-414a-b1e3-a53fe2903a1c19d8710c-11af-4d9a-83b8-2a54b7816fe0REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa8ea6620a-8c12-414a-b1e3-a53fe2903a1c4186db9dd7f-74f1-4c07-9fdd-17e00dc45963:8ea6620a-8c12-414a-b1e3-a53fe2903a1c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-09-29T18:55:31.4791747+05:30HighTitleAn adversary may gain unauthorized access to data on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionAn adversary may gain unauthorized access to data on host machinesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString8: Session created, Ready to PollPossibleMitigationsEnsure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH135falsefalseTH1366db9dd7f-74f1-4c07-9fdd-17e00dc459638ea6620a-8c12-414a-b1e3-a53fe2903a1c19d8710c-11af-4d9a-83b8-2a54b7816fe0REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa8ea6620a-8c12-414a-b1e3-a53fe2903a1c4196db9dd7f-74f1-4c07-9fdd-17e00dc45963:8ea6620a-8c12-414a-b1e3-a53fe2903a1c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-09-29T18:51:42.9359867+05:30HighTitleAn adversary may gain elevated privileges and execute malicious code on host machinesUserThreatCategoryElevation of PrivilegesUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bugUserThreatDescriptionIf an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application.StateInformationAzure DevOps Pipeline Agent runs with the least amount of privileges.InteractionString8: Session created, Ready to PollPossibleMitigationsEnsure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH136falsefalseTH1396db9dd7f-74f1-4c07-9fdd-17e00dc459638ea6620a-8c12-414a-b1e3-a53fe2903a1c19d8710c-11af-4d9a-83b8-2a54b7816fe0REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa8ea6620a-8c12-414a-b1e3-a53fe2903a1c4206db9dd7f-74f1-4c07-9fdd-17e00dc45963:8ea6620a-8c12-414a-b1e3-a53fe2903a1c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-09-29T18:57:42.0760401+05:30HighTitleAn adversary may gain access to sensitive data stored on host machinesUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized partyUserThreatDescriptionAn adversary may gain access to sensitive data stored on host machinesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString8: Session created, Ready to PollPossibleMitigationsConsider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a>PriorityHighSDLPhaseDesign6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH139falsefalseTH1176db9dd7f-74f1-4c07-9fdd-17e00dc459638ea6620a-8c12-414a-b1e3-a53fe2903a1c19d8710c-11af-4d9a-83b8-2a54b7816fe0REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa8ea6620a-8c12-414a-b1e3-a53fe2903a1c4216db9dd7f-74f1-4c07-9fdd-17e00dc45963:8ea6620a-8c12-414a-b1e3-a53fe2903a1c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-09-29T18:53:48.8581245+05:30HighTitleAn adversary may spoof an Azure administrator and gain access to Azure subscription portalUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressUserThreatDescriptionAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.StateInformationProper RBAC is configured for the Azure Subscription with a strong JIT policy.InteractionString8: Session created, Ready to PollPossibleMitigationsEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>PriorityHighSDLPhaseDesign6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH117falsefalseTH1346db9dd7f-74f1-4c07-9fdd-17e00dc459638ea6620a-8c12-414a-b1e3-a53fe2903a1c19d8710c-11af-4d9a-83b8-2a54b7816fe0REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa8ea6620a-8c12-414a-b1e3-a53fe2903a1c4226db9dd7f-74f1-4c07-9fdd-17e00dc45963:8ea6620a-8c12-414a-b1e3-a53fe2903a1c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-09-29T18:53:23.3360927+05:30HighTitleAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devicesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. StateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString8: Session created, Ready to PollPossibleMitigationsEnsure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a>PriorityHighSDLPhaseDesign6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH134falsefalseTH1376db9dd7f-74f1-4c07-9fdd-17e00dc459638ea6620a-8c12-414a-b1e3-a53fe2903a1c19d8710c-11af-4d9a-83b8-2a54b7816fe0REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa8ea6620a-8c12-414a-b1e3-a53fe2903a1c4236db9dd7f-74f1-4c07-9fdd-17e00dc45963:8ea6620a-8c12-414a-b1e3-a53fe2903a1c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-09-29T18:54:20.9051321+05:30HighTitleAn adversary may reverse engineer deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may reverse engineer deployed binariesStateInformationAzure DevOps Agent is open source. Code is already available on GitHub. Deployed binaries do not contain any sensitive data.InteractionString8: Session created, Ready to PollPossibleMitigationsEnsure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a>PriorityHighSDLPhaseImplementation6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH137falsefalseTH1386db9dd7f-74f1-4c07-9fdd-17e00dc459638ea6620a-8c12-414a-b1e3-a53fe2903a1c19d8710c-11af-4d9a-83b8-2a54b7816fe0REDMOND\rishabhmalik9bc3582d-5e45-4551-9713-65b1afe59afa8ea6620a-8c12-414a-b1e3-a53fe2903a1c4246db9dd7f-74f1-4c07-9fdd-17e00dc45963:8ea6620a-8c12-414a-b1e3-a53fe2903a1c:19d8710c-11af-4d9a-83b8-2a54b7816fe02025-09-29T18:52:43.0604102+05:30HighTitleAn adversary may tamper deployed binariesUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processesUserThreatDescriptionAn adversary may tamper deployed binariesStateInformationCustomers choose their own infra to host the Azure DevOps Agent. Security of this infra and the policies configured on it are not in the scope of this review. Microsoft Hosted Pool is securely contained on a dedicated Azure Subscription and no user can access the Virtual Machines.InteractionString8: Session created, Ready to PollPossibleMitigationsEnsure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a>PriorityHighSDLPhaseDesign6db9dd7f-74f1-4c07-9fdd-17e00dc45963Mitigated19d8710c-11af-4d9a-83b8-2a54b7816fe0TH138falsefalsetrue887ab657-2f80-4f46-92c8-047b6175d2f6887ab657-2f80-4f46-92c8-047b6175d2f6true00000000-0000-0000-0000-000000000000102be8a5-2c83-439a-9157-f7c7e9ac1321The connector should be attached to two elements.9bc3582d-5e45-4551-9713-65b1afe59afa5e91d835-80b7-4c1a-9812-13d482b475205e91d835-80b7-4c1a-9812-13d482b47520true00000000-0000-0000-0000-000000000000102be8a5-2c83-439a-9157-f7c7e9ac1321The connector should be attached to two elements.9bc3582d-5e45-4551-9713-65b1afe59afa736335e4-36cf-489d-9964-86bd1df4f106736335e4-36cf-489d-9964-86bd1df4f106true00000000-0000-0000-0000-0000000000001d2b4354-16e9-486c-944f-e8e14bce2ae5'Azure Blob Storage' requires at least one 'Any'01081e16-ca66-42c6-b2c5-e470ce83a88c4.3falsefalseSelectYesNoShow Boundary ThreatsVirtualDynamic23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59ListA unidirectional representation of the flow of data between elementsfalseGE.DFBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEtJREFUOE9j+P//P1bMaOr9Hx2jqwFhDAEYHngDYBiXRhjGKoiMR5IBIIWkYmwGgGh0jFN8OBkA4qBhbGJYxbEagMNQrOIUGuD9HwBIkRfD8QF9EgAAAABJRU5ErkJggg==Generic Data FlowROOTLinefalseAnyAnyfalseA representation of a data storefalseGE.DSLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAEzhJREFUeF7t1iGubmdyheEeRmBgBhAY4CF4QhlAQIbQINSDMDQMbGhwQUCDBgYGJje3SkqrVSpSirS9vP8HPAd8RdbRkfZ5//T161cA4MOsjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu62PAMC7rY8AwLutjwDAu/WPf/+Pn77+Ufz405dvk/df5inbLgB+P3/75bdvn+f9m/2E//7LX9ddqWpzD//TP/3n1z+K/xv+e9p2AfD7+fnLL98+z/s3+wl//uEv665UtbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TJQTAjz99+QpAjl9/++3b53n/Zj9BADwgIQAA4B8JgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giABwgAANIIgAcIAADSCIAHCAAA0giAByQEwI8/ffkKQI5ff/vt2+d5/2Y/QQA8ICEAtl0A/H5+/vLLt8/z/s1+ggB4gAAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAIAgEkA3NTmHr4dUwkAACYBcFObe/h2TCUAAJgEwE1t7uHbMZUAAGASADe1uYdvx1QCAIBJANzU5h6+HVMJAAAmAXBTm3v4dkwlAACYBMBNbe7h2zGVAABgEgA3tbmHb8dUAgCASQDc1OYevh1TCQAAJgFwU5t7+HZMJQAAmATATW3u4dsxlQAAYBIAN7W5h2/HVAkBUBsAyPG3X3779nnev9lPEAAPqD90bQaAFALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQIAgDQC4AECAIA0AuABAgCANALgAQkBsO0C4Pfz85dfvn2e92/2EwTAAwQAAJMAuKnNPXw7phIAAEwC4KY29/DtmEoAADAJgJva3MO3YyoBAMAkAG5qcw/fjqkEAACTALipzT18O6YSAABMAuCmNvfw7ZhKAAAwCYCb2tzDt2MqAQDAJABuanMP346pBAAAkwC4qc09fDumEgAATALgpjb38O2YSgAAMAmAm9rcw7djKgEAwCQAbmpzD9+OqQQAAJMAuKnNPXw7phIAAEwC4KY29/DtmEoAADAJgJva3MO3YyoBAMAkAG5qcw/fjqkEAACTALipzT18O6YSAABMAuCmNvfw7ZhKAAAwCYCb2tzDt2MqAQDAJABuanMP346pBAAAkwC4qc09fDumEgAATALgpjb38O2YSgAAMAmAm9rcw7djKgEAwCQAbmpzD9+OqQQAAJMAuKnNPXw7phIAAEwC4KY29/DtmEoAADAJgJva3MO3YyoBAMAkAG5qcw/fjqkEAACTALipzT18O6YSAABMAuCmNvfw7ZhKAAAwCYCb2tzDt2MqAQDAJABuanMP346pBAAAkwC4qc09fDumEgAATALgpjb38O2YSgAAMAmAm9rcw7djKgEAwCQAbmpzD9+OqQQAAJMAuKnNPXw7phIAAEwC4KY29/DtmEoAADAJgJva3MO3YyoBAMAkAG5qcw/fjqkEAACTALipzT18O6YSAABMAuCmNvfw7ZhKAAAwCYCb2tzDt2MqAQDAJABuanMP346pBAAAkwC4qc09fDumEgAATALgpjb38O2YSgAAMAmAm9rcw7djKgEAwCQAbmpzD9+OqQQAAJMAuKnNPXw7phIAAEwC4KY29/DtmEoAADAJgJva3MO3YyoBAMAkAG5qcw/fjqkEAACTALipzT18O6YSAABMAuCmNvfw7ZhKAAAwCYCb2tzDt2MqAQDAJABuanMP346pBAAAkwC4qc09fDumEgAATALgpjb38O2YSgAAMAmAm9rcw7djKgEAwCQAbmpzD9+OqQQAAJMAuKnNPXw7phIAAEwC4KY29/DtmEoAADAJgJva3MO3YyoBAMAkAG5qcw/fjqkEAACTALipzT18O6YSAABMAuCmNvfw7ZhKAAAwCYCb2tzDt2MqAQDAJABuanMP346pBAAAkwC4qc09fDumEgAATALgpjb38O2YSgAAMAmAm9rcw7djKgEAwCQAbmpzD9+OqQQAAJMAuKnNPXw7phIAAEwC4KY29/DtmEoAADAJgJva3MO3YyoBAMAkAG5qcw/fjqkEAACTALipzT18O6YSAABMAuCmNvfw7ZhKAAAwCYCb2tzDt2MqAQDAJABuanMP346pBAAAkwC4qc09fDumEgAATALgpjb38O2YSgAAMAmAm9rcw7djKgEAwCQAbmpzD9+OqQQAAJMAuKnNPXw7pkoIgO++/+ErADn+56+/fvs879/sJwiAByQEAAD8IwHwAAEAQBoB8AABAEAaAfAAAQBAGgHwAAEAQBoB8AABAEAaAfAAAQBAGgHwAAEAQBoB8AABAEAaAfAAAQBAGgHwAAEAQBoB8AABAEAaAfAAAQBAGgHwAAEAQBoB8AABAEAaAfAAAQBAGgHwAAEAQBoB8AABAEAaAfAAAQBAGgHwAAEAQBoB8AABAEAaAfAAAQBAGgHwAAEAQBoB8AABAEAaAfAAAQBAGgHwAAEAQBoB8AABAEAaAfAAAQBAGgHwAAEAQBoB8AABAEAaAfAAAQBAGgHwAAEAQBoB8IB//tc/f/3u+x8AIMa//Nt/rf+zUv0hAwAA+P8RAADwgQQAAHwgAQAAH0gAAMAHEgAA8IEEAAB8IAEAAB9IAADABxIAAPCBBAAAfCABAAAfSAAAwAcSAADwgQQAAHwgAQAAH0gAAMAHEgAA8IEEAAB8IAEAAB9IAADABxIAAPCBBAAAfCABAAAfSAAAwAcSAADwgQQAAHwgAQAAH0gAAMAHEgAA8IEEAAB8IAEAAB9IAADABxIAAPCBBAAAfCABAAAfSAAAwAcSAADwgQQAAHwgAQAAH0gAAMAHEgAA8IH+HgDfff/DVwDgM/w9AACAz7I+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgDvtj4CAO+2PgIA77Y+AgBv9vVP/wvm8MX4W+CLKgAAAABJRU5ErkJggg==Generic Data StoreROOTParallelLinesfalseAnyAnyfalseA representation of an external interactorfalseGE.EILower right of stenciliVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAALEwAACxMBAJqcGAAAANBJREFUOE9j+P//P1UwVkFyMJhgNPX+jwW/B2J5dA24MJhAMwCOmc19LgJpfnRN2DCYQDeADGxPFYN0I7J8aG+QgGPYHdWglJ0wvkVi0SJWC7/PyGpgGK9B6W2TM4Fy2iDDAkqau4BsJb+ixg5savEaxGTm8wFI64MMA2IpEBsYix+R1cAwwTASdY1MB8mDMLdt0FRsakAYr0FQ74BdAsJAtjpymCFjQoG9Ekjrg7wI86aEe/R6ZDUwTNBrxGLqGwTErhRiQZhBFGOsgqTj/wwAWDijBcYFCvcAAAAASUVORK5CYII=Generic External InteractorROOTRectanglefalseAnyAnyfalseA representation of a generic processfalseGE.PCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAARRJREFUOE99ksFmQ0EUhtOHKCGUUi6hhEieoVy6CiGrkG3IA2TVB+hThVLyDN1eSghdZTX5P84fc5u5d/H558z5z5kzc+/gYVb/ZydS6F0+pdTCCcwHUYsvQQPU8Vb0NjgKirog39vgXWA8iZWYhBKzT76zwUZ47KV4ER/iOWL2yeMrNriECUbiM9Y0IXYOX7FBPsFCcPJeUEzMfu8E8CYw/gqKnkKJ2SdvbwsvvgXGLsi3Co0X+X+AUoTy+v4PXgXX+xFDMRa3Bjlr8RfqvbmgqT+rdZ4X9sGD0pRJH0OJR3evmiODaQQnVqE8MtoUC40MhsKz4GTujhJXxUIjg5kKTmTsXKfFQiNDDg/JJBRzBcX14ApRBWL6a6sYxQAAAABJRU5ErkJggg==Generic ProcessROOTEllipsefalseAnyAnyfalseA border representation of a trust boundaryfalseGE.TB.BBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCGeneric Trust Border BoundaryROOTBorderBoundaryfalseAnyAnyfalseAn arc representation of a trust boundaryfalseGE.TB.LBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAABX0lEQVQ4T2NgNPXGh/mhGJscGCNzQArtgVgfxmcy87kAwlA5ZLVwDGOAFQPp/1Dcj8zHZwiY4LUPdgLSMM0YmM8+5JaAY5gRkI3dAJuUUlsgjVUzCM/ZuDPg////vEA2dgNAkqpBKTuBbKwGRNV0iQNpmCZQGMG9AxPk57IJvA6ksRrAYu67EEjLA7E+s7nPReQwAWtGC0CiMMwQkPNZ5H0TtqArIIRBAWueUCgM9gLQEG1QGHDbBr1YuftQDJDvapFYtAhdEwwDY+TO8cvXXUCWw8IAbMjCrXtDgDQHlK8E04CO1YPTVoA0A9nwQIQZAtYMxaBAw2oAFINSLaoBSFgfGEgPgDQ2jWAs5hZVCaSxGwB0Ca+iX9I2IBusGORn3YistTA+q4Xf59KJcy1BarEaAMJAQ8ABixRg6omN/fWgwF26Y38EzLsghfiwNhBbADELlC8KxEpAzAHh/2cAANCSU7ngF2KpAAAAAElFTkSuQmCCGeneric Trust Line BoundaryROOTLineBoundaryfalseAnyAnyfalseA representation of an annotationfalseGE.ACentered on stenciliVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAALEwAACxMBAJqcGAAAANBJREFUOE9j+P//P1UwVkFyMJhgNPX+jwW/B2J5dA24MJhAMwCOmc19LgJpfnRN2DCYQDeADGxPFYN0I7J8aG+QgGPYHdWglJ0wvkVi0SJWC7/PyGpgGK9B6W2TM4Fy2iDDAkqau4BsJb+ixg5savEaxGTm8wFI64MMA2IpEBsYix+R1cAwwTASdY1MB8mDMLdt0FRsakAYr0FQ74BdAsJAtjpymCFjQoG9Ekjrg7wI86aEe/R6ZDUwTNBrxGLqGwTErhRiQZhBFGOsgqTj/wwAWDijBcYFCvcAAAAASUVORK5CYII=Free Text AnnotationROOTAnnotationfalseAnyAnyMicrosoft C+AI Security11111111-1111-1111-1111-111111111111Azure Threat Model Template1.0.0.33falseRepresents a request from a source to a target.falseSE.DF.TMCore.RequestBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEtJREFUOE9j+P//P1bMaOr9Hx2jqwFhDAEYHngDYBiXRhjGKoiMR5IBIIWkYmwGgGh0jFN8OBkA4qBhbGJYxbEagMNQrOIUGuD9HwBIkRfD8QF9EgAAAABJRU5ErkJggg==RequestGE.DFLinefalseAnyAnyfalseRepresents a response from a target to a sourcefalseSE.DF.TMCore.ResponseBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEtJREFUOE9j+P//P1bMaOr9Hx2jqwFhDAEYHngDYBiXRhjGKoiMR5IBIIWkYmwGgGh0jFN8OBkA4qBhbGJYxbEagMNQrOIUGuD9HwBIkRfD8QF9EgAAAABJRU5ErkJggg==ResponseGE.DFLinefalseAnyAnyfalsefalseSelectSQLMongoDBAzure TableCassandraAPI TypeVirtualDynamicd456e645-5642-41ad-857f-951af1a3d968ListfalseSelectAllow access from all networksAllow access from selected networks (including Azure)Allow access from selected networks (excluding Azure)Azure Cosmos DB Firewall SettingsVirtualDynamicb646c6da-6894-432a-8925-646ae6d1d0eaListGlobally distributed, multi-model database service with support for NoSQLfalseSE.P.TMCore.AzureDocumentDBLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAKhpJREFUeF7t3S2YHMXaBuBPHnkk8kgkEolEYpFIJBIRgYg4IgIRgYhAxCAiIxCREYgIRERERMSKiBURCEy+PMk1h6Wpzu7O1MxUv3WL29QF2Zme6uqn6/f/3r59CwBMplkInNflH2/fPnn5x/88fvHm7Z1fX1/rm18u3n7x06ujyL/d+ptLVz/301fvvkjj+wHn1ywEDvfs4q8H4f3fLv/2kFw+qD+99/Lt/33/vLx///Dib9/764d/DxUPnr35W4BYXlOgn2YhsO7q2/ndJx8e7LsH+uf3XzUffBzmsx9fvr++u16Ie08vhQQ4ULMQZnXx5s/3D5WHv//V5b57W/3k7ovmw4kx7ELCrlch4WwXEv74892v2/i9YWbNQqju6kP+q58/vL23HirUsRt++PbRh2CXOvD89ftk0KwjUF2zECrIGPxu8lwa/TT+eQi0Hg7MLb0HXz549b6u7OYh6DWgumYhbElmmqfR/v5d452H/H/+O8eEOo6v1WuQOSBX6x9sVbMQRpUGOBPA0iCbcMe5JGRm6EgoYMuahXBu6X5Nw5qJXJnUlS7aVkMMoxAK2JpmIZzSblldGs40oLrwqUIoYGTNQjimLLV79PzN2+8ev/Zmz3QSCrKfQeat5F5Y3h9wKs1C6CmNXJbcZdx+lh3v4KZyT+TeyD0iEHBKzUI4xMvLP9+/3eQtR3c+3E56xdI7ll4yQwYcU7MQbiMP/Ox1n8l6dsuDvnaBIHta2JuAnpqFcJ2svc+6e136cFpZ/pqlsHYx5FDNQlhKV2TGKNOt7y0fxpAhtvQOZIXB8p6F6zQLIdK1nzeNbJHaanyAcWTXwgT0BHVDBdxEs5B5pWs/bxS69mHbsv9A5uZYWcCaZiFzSfdh3hwclAM1ZSJhNiMyb4CrmoXUl4Ygb/qW6cFc0ruXoT09AzQLqSk3fG583ftAZH5P9uwwZ2BOzULqyOz93OA50rTVAAD8686HCYRWE8ylWcj2ZRexbMyTG7t1wwO0ZFgwe3yYL1Bfs5BtyrK93Lgm8wE9ZPKglQR1NQvZlizdy9t+6wYGONRuiECvQC3NQrYhY/uO0wVOKRMHcy7Bsj1ie5qFjCtdcVnPazveuSToZSLnVVnGmbpwU5kXkkleH5P/pvX/rsmQ0/JzZa/61neglqwmsoJg25qFjCddb+mCM6lvmzIv4+pDMg/O3UM0jejVh3DFI2DzkLj6HZdB4+q1EW63JXU79dk8ge1pFjKONJRpFFs3HueXGdP5fbLt6u5htnvIZVLm8vfkdhKGdtcze1jk+iYI55ob/hpPfptnF5YSbkWzkPNLg6eBO790Z7ce7hXf0rfqau/C3ScfQkImxSYk6DE7j1z7/B7L34qxNAs5n9w03vhPKw/5TGzKgyNLnvIb6M6sYxcQckqecHBauc5ZpbT8TRhDs5DTS7dZ3jRbNxGHS2OfxigT5zzk2dmFg8zD2E1otI9Gf2nbDA2Mp1nI6WSc2Br+vjIuv3ujzxwKa5e5rYTDBINdj4HzM/rIHAFzY8bRLOT40sDkZmjdJNxcHvZpoDNBLA22JUkcU+pYepC+ffTaHJ0DpCdOD9z5NQs5nkweS+U3/rifdNGmqzZv9hoQzi2BM5vipKfAvILbybXKdTOh9nyahRxHxhmtcb65XKuMHWZmd968ltcTRpSx7vQSpGcqPVStus1fMuci97jeu9NrFtJXGgS7o91Mxu7TnW/CEFVkzDuBIGFWD8G6zLMQ9E+rWUgfSbTp7m9Vdj7ITZ9rlG5UbwDMIMviMoxlDkFbek4M751Gs5DD5SY3c/if8gaUGzxvRGYDM7s86LI/QSYEW374l1yL9AQurxd9NQvZX95ik+5blXpWuZnz0E9D5y0f1mVya8KAuUIfZOhUb8DxNAvZj7f+v+Shn4YsDdryOgHXy3h4lhvOHgbSlmQC9fL6cLhmIbeX7qrZJ/jk+6fB8tCHvnZhYOZhgkwQ1hvQV7OQm8sa1tm38E2vR8b0reeF48oQWt6GZ11VlN4QKwX6aRZyM+nyn3Wdb97208XvoA84j2xxPWuvQPYNWF4Pbq9ZyPUyoW3GLn9v+zCWWXsF0vOqHTpMs5CPm3GWf9YsG9uHsaV7PFsSt+7hitIDa9Ow/TULaUvSznK2VkWsyoMftmemIJAhEG3UfpqF/FO6mmbaucuDH7ZvpiBgXsDtNQv5u5ke/pll68EPtSQIzLBHSXpobTZ2c81C/pLtameZ6Z8ZxSbVQF15S64+eTn7BQgBN9Ms5INZHv55M7CcD+aQ5YN5SLbagiqEgJtpFvKh2796l1neBIybwZyydLDyNsNCwPWahbNLpam+pjY9G3kTWH53YB550anc1mWvgOV35i/NwtlV39o3s4KN9QORF57M/2m1FRXkuy2/Mx80C2f23ePam/zkZtAtBizlQLNWm1HBnV+FgJZm4ayy/K1VearIFr7L7wyw8/jFm7JnC2T79uX3nV2zcEaZ8V/5UA0Pf+AmsiKo4lLBfCfznv6uWTibdIlX3ugnZxcsvzPAmrwtt9qSrcvKLkOgf2kWziZL4VqVpQKzYIF9VG0XM89r+V1n1SycSbr+q+6MleU90i6wr29+qbkiKnMdlt91Rs3CmVRe8ueYTOAQeYGouFlQ9kHxcjR5AKg861/XP9BD1eWB5kZNHgAqH5Pp7R/ooWovQIZ+Z28nm4UzyA/fqhQVePsHeqraCzB7W9ksnEHlsX/n+QM9ZbJ0q62pYOZegGZhdRdv6lbmsNkF0FvVjdJm7gVoFlaXXfFaFaGCjGstvy/AoSqfGpgejuX3nUGzsLrKk/9yky6/L8ChKp8YmE2Plt93Bs3Cyqp3/3/90ARAoL+cqNdqcyqY9cWpWVhZ9RP/cqbB8jsDHKpyD0DMOAzQLKyscooNcwCAY6g8ByAePJtv9VSzsLLKy/92rAIAeqt8XHrMeEhQs7Cy7AHd+vErsQ8A0FP1uVMx4/Bps7CyiltaLtkJEOip6k6AV804fNosrKz1w1fkLACgh6pnAbRcvm8229ehomZhVanIrR+9Ir0AQA8zvP3vzLYSoFlYVeX9rFv0AgCHyth4q32p6OmrudrMZmFVswWATHicrUsL6KfytuktT14KAGXNFgAi2x5n6OPqdQC4Th6GmRjXaleqEgAKmzEAhO2BgdtIW1l93X+LAFDYrAEgsgPi8noALKXHcKZx/6sEgMJmDgAx405XwM3l4f/lg9pb/n6MAFDY7AEgsjzQxEBgKbv9Vd/v/zoCQGECwAef3ns55clXQFuWDM+wTfp1BIDCBIC/ZILPbJUd+KecHTLbbP81AkBhAsA/5YxvQwIwn4z3330y1zr/6wgAhQkAbdnn++HvThCEWWTHuwwFttqDmQkAhQkAH5fZv+YGQF3p7fvml4vm/Y8AUJoAcL2MBaZb0O6BUEt6+WY51W9fAkBhAsDNpaHIKWCCAGxbHmrZErx1n/N3AkBhAsDtCQKwTR78tycAFCYA7E8QgG3w4N+fAFCYAHC47B+QpYPPX5ssCCN5/OKNB/+BBIDCBIC+sm2o5YNwPtm+N5N27eLXhwBQmABwHBke+P7X15YQwolk974c8926H9mfAFCYAHB82UvgwbM3dheEztJ+JWhbync8AkBhAsBp5eRBYQD2l7k2mXw76/n8pyYAFCYAnI8wADeTh/6dd2/6tuo9PQGgMAFgDBkmyMSlHEG6/I1gRrkXPPTPTwAoTAAYT8YzM5kpvQP5fZa/GVSUun7/t8v3dT9La1v3BqcnABQmAIwvb0DfPX79NrOcbTpEFRn6ypLZ7KFhyd64BIDCBIDtyeSnBII0nnoI2IrU1dTZ1F0T+LZDAChMANi+DBlkQmHmEORM8+VvDOeQB0fqZOqmZXrbJQAUJgDUlO1Psz468wiEAo4ts/R3b/fZDbNVJ9kmAaAwAWAeaZi/+eVDT0FuassPua1ss5u6k9n5qUse9vUJAIUJAHNL12x6C9Kgp7dAMCB2D/psuJO3+tSRf93RjT8jAaAwAYA1afQzfisc1JRu+91DPr9xfm9v9CwJAIUJAOwjD4tsXpQHR+TY1TQUeXNc1jHOIxvp5DfJ2Hx+o8wJye9mYx1uQwAoTADgGHZDC62QEPYz2N+uez52b+9ZS5/rHa3fA/YlABQmAHBu2QRm9/DaDTm0QkNU2Sp51/1+1dXvnQl2u2sSxt85l9TNZf2trFlYlQDA1mXb2KsPy1gGiVPI31x+DmPqbJ0AUJgAAMAaAaAwAQCANQJAYQIAAGsEgMIEAADWCACFCQAArBEAChMAAFgjABQmAACwRgAoTAAAYI0AUJgAAMAaAaAwAQCANQJAYQIAAGsEgMIEAADWCACFCQAArBEAChMAAFgjABQmAACwRgAoTAAAYI0AUJgAAMAaAaAwAQCANQJAYQIAAGsEgMIEAADWCACFCQAArBEAChMAAFgjABQmAACwRgAoTAAAYI0AUJgAAMAaAaAwAQCANQJAYQIAAGsEgMIEAADWCACFCQAArBEAChMAAFgjABQmAACwRgAoTAAAYI0AUJgAAMAaAaAwAQCANQJAYQIAAGsEgMIEAADWCACFCQAArBEAChMAAFgjABQmAACwRgAoTAAAYI0AUJgAAMAaAaAwAQCANQJAYQIAAGsEgMIEAADWCACFCQAArBEAChMAAFgjABQmAACwRgAoTAAAYI0AUJgAAMAaAaAwAQCANQJAYQIAAGsEgMIEAADWCACFCQAArBEAChMAAFgjABQmAACwRgAoTAAAYI0AUJgAAMAaAaAwAQCANQJAYQIAAGsEgMIEAADWCACFCQAArBEAChMAAFgjABQmAACwRgAoTAAAYI0AUJgAAMAaAaAwAQCANQJAYQIAAGsEgMIEAADWCACFCQAArBEAChMAAFgjABQmAACwRgAoTAAAYI0AUJgAAMAaAaAwAQCANQJAYQIAAGsEgMIEAADWCACFCQAArBEAChMAAFgjABQmAACwRgAoTAAAYI0AUJgAAMAaAaAwAQCANQJAYQIAAGsEgMIEAADWCACFCQAArBEAChMA5vTZjy/ffvHTq//5/tfXb+803Ht6+b4B2PnywavmvwfUJAAUJgDU9MndF+8f7LsH+eMXb97fyH/8+e5Xb9SDm/rml4vm32ObdvXkqk/vvWz+t8xJAChMANi+//z35duvH168f9DnZr18f7+2f+9DCQC15Pdc/sYtzy7+6gVKr1Dq2rePXr8PDAkRrX+bGgSAwgSA7fn3Dy/efvXzxdv7v12+ff76/St987c9BgGglpsGgJvIg+LR8zfvw0GCwb/uCAYVCACFCQDbkMY0b/npyl/+hqckANTSMwC0pOcgQTV/Jz1Vrc/A2ASAwgSAsWWyXhrQY3br34YAUMuxA8BSeqwyhPD5fZNJt0IAKEwAGFMe/OlOXf5e5yYA1HLqAHBVQu2DZ2+sLBmcAFCYADCWdJM+/H28B/+OAFDLOQPAVRdvPvQMWIEwHgGgMAFgHN89fn3wMr1jEwBqGSUAXJWer0wibH1eTk8AKEwAOL8sozr35L6bEgBqGTEA7OTBIwicnwBQmABwXmng0v25/F1GJQDUMnIA2Ek4toLgfASAwgSA80mX//L3GJ0AUMsWAkBkaCz7C9hb4PQEgMIEgNNLIzbyRL+PEQBq2UoA2Mm+AtkIq/VdOA4BoDAB4LTy8N/KeH+LAFDL1gJACAGnJQAUJgCcVtY9L3+DLREAatliAIi0W+YFnIYAUJgAcDoZw1xe/60RAGrZagCI7CqoJ+D4BIDCBIDTyNany2u/RQJALVsOAJHhNBMDj0sAKEwAOL40UKc+te9YBIBath4AImdltL4bfQgAhQkAx1eh639HAKilQgAI9fJ4BIDCBIDjyi5/o2/vexsa2lqqBIAcLJR7rfUdOYwAUJgAcFw54GR5zbdMAKilSgCIzAdofUcOIwAUJgAcT7W3/xAAaqkUAEL97E8AKEwAOJ67T2q9/YcGtpZqASDnalgV0JcAUJgAcBxphLZ0yM9NCQC1VAsAkTM2Wt+V/QgAhQkAx/Hlgxrr/pcEgFoqBgC9AH0JAIUJAMex9S1/1wgAtVQMAKEXoB8BoDAB4Dgqdv+HAFBL1QCgF6AfAaAwAaC/Ktv+tggAtVQNAPHVz+pqDwJAYQJAf5V2/lsSAGqpHAAePbcvQA8CQGECQH9peJbXuQoBoJbKASB7cNgd8HACQGECQH+5psvrPJLsmJZJUl/89Oof0nuxk30McvNfldUNre/MNlUOAPHtI5MBDyUAFCYA9JXzyZfXeBSZGPXpvZfNz82cPhYAUl+WAXBn9JC7YxjgcPm9l9e1smZhVQJAXyOv/88bfuszM690ke96f27bXZ5Jdk9fjf1wyCFBrc/OzQkAhQkAfX0/6ARAZ6ZzDFlqN3oI+OxHvV6HEAAKEwD6GvX0vyxNbH1eOFR6Dkbe98KmQIcRAAoTAPp6+Pt4KwAyG9qmKBzTyEtfzQM4jABQmADQ14jdoflMrc8KvWRy6bLejSK9E63PzM0IAIUJAH3lei6v8bll2V/rs0JPz1+POwygB2x/AkBhAkBfy+s7ghxM1Pqs0NOIw187JgLuTwAoTADo5z//HbMbVADgFEadABtfP7SD5b4EgMIEgH4EAGY28kTALM9tfWauJwAUJgD0M2oASMPc+rzQ08gBQAjenwBQmADQjwDAzASAmgSAwgSAfrLZzvL6jkAA4BQEgJoEgMIEgH6yn/ry+o5AAOAURg4AeYi1PjPXEwAKEwD6EQCYmQBQkwBQmADQjwDAzASAmgSAwgSAfgQAZiYA1CQAFCYA9CMAMDMBoCYBoDABoB8BgJkJADUJAIUJAP0IAMxMAKhJAChMAOhHAGBmAkBNAkBhAkA/AgAzEwBqEgAKEwD6EQCYmQBQkwBQmADQjwDAzASAmgSAwgSAfgQAZiYA1CQAFCYA9CMAMDMBoCYBoDABoB8BgJkJADUJAIUJAP0IAMxMAKhJAChMAOhHAGBmAkBNAkBhAkA/AgAzEwBqEgAKEwD6EQCYmQBQkwBQmADQjwDAzASAmgSAwgSAfgQAZiYA1CQAFCYA9CMAMDMBoCYBoDABoB8BgJkJADUJAIUJAP0IAMxMAKhJAChMAOhHAGBmAkBNAkBhAkA/AgAz+14AKEkAKEwA6EcAYGbf/HLxrrq16+C5CQD7EwAKEwD6EQCYmQBQkwBQmADQjwDAzASAmgSAwgSAfgQAZiYA1CQAFCYA9CMAMLOvHwoAFQkAhQkA/YzaAAoAnMKoATieXQgA+xIAChMA+hm1CzTLs1qfF3oaOQBo5/YnABTmxuhn1ACQz9X6vNCTAFCTAFCYG6OfdLUvr+8Ivnzwqvl5oaf//Pflu+rWroPnpp3bnwBQmBujn3tPL99d0vZ1PqfP7wsAnMay7o2k9Xm5ngBQmADQz9NXY94oeTNrfV7o7eLNn++qXLsentu/7rxofmY+TgAoTADoI43LH+/bvvZ1PicNH6eS2fbL+jeKzFFofWY+TgAoTADoI93sy2s7goSS1ueFY3j0/M27ateui+dmOex+BIDCBIA+Rh3/f/7a78vp3P9tzPsgHr940/zMfJwAUJgAcLh//zBu93/eyFqfGY5h5COBL989xwyH3Z4AUJgAcLjvHo/b6N19ctn8zHAMWXK6rIMjcT/cngBQmABwmDR4o779R7Ynbn1uOIb0hi3r4Ehyr35yVy/AbQgAhQkA+8sOeyM//OOzHy0B5LTSpizr4UiyUsHS2JsTAAoTAG7vq58vNnNTGPPk1EZeCbCT/QrskHkzAkBhAkDbp/devt/bPNKNniVEmUU8+tvNVU5A4xxG3RK7JUEgKxfSm5d7XY/ZPwkAhc0eAEbev/xQ1j1zDqNPBDzUg2dzrawRAAoTAOoGAGcAcA4Zdhp5S+BDCQC1NQurEgBqBoA0wK3vC6cw8oZAhxIAamsWViUA1AwAszVSjCXj6cs6WYUAUFuzsCoBoGYAMMOZc0vbsqyXFQgAtTULqxIA6gUAs/8ZQXbdW9bNCgSA2pqFVQkA9QKAt39GkB33Rt8oax8CQG3NwqoEgFoBwOE/jGTkczL2JQDU1iysSgCoFQBsZMJIKi4JFABqaxZWJQDUCQA5irX1HeGcspPmsq5umQBQW7OwKgGgRgCYrVFiW7KN9rLObpUAUFuzsCoBYPsBIDeoQ38YWern01c1HiQCQG3NwqoEgG0HgDSqOYO99d1gJKmnz19vfz6AAFBbs7AqAWC7ASDrrL35syW539LmLOvylggAtTULqxIAthcAnGXOlmV/gC3PCRAAamsWViUAbCcAXL67D+89vXzfgLa+C2xJVq1scaMgAaC2ZmFVAsD4ASBb+37zy4Xufsr59N7Lt6nfyzo/MgGgtmZhVQLA2AFAVz8z+Pz+q7d5sG6hR0AAqK1ZWJUAMHYAyBtS63NDRVkp8O2j10PvHigA1NYsrEoAGDsAZNw/+6nr/mcmecgu74VRCAC1NQurEgC2MQkwb0R5M2p9B6hk9HkBAkBtzcKqBIBtBICd/F4O/KGi9HLd2cDKAAGgtmZhVQLAtgJAZFjA5EAqSX3eyi6BAkBtzcKqBIDtBYDIW5IQwNblrf/h79vaFEgAqK1ZWJUAsM0AEAkB2R+g9b1gdJnxv8UdAQWA2pqFVQkA2w0AO1/8pCeAbcnDf2sbAO0IALU1C6sSALYfAPIbWibIVuSe2/KpgAJAbc3CqgSA7QeAuP/bZfP7wUgSVLd+JLAAUFuzsCoBoEYACJMCGV0enst6uzUCQG3NwqoEgDoBIJsFGQpgVJmwuqyzWyQA1NYsrEoAqBMAwm6BjCj3WfavuFpXt0oAqK1ZWJUAUCsAZGZ163vCOT19VechIgDU1iysSgCoFQDCskBG8tXPNbr+dwSA2pqFVQkA9QLAo+dzNVCMbavr/dcIALU1C6sSAOoFgPjkrsmAnF+1t/8QAGprFlYlANQMAN89NhmQ80tv1LJubp0AUFuzsKrZA0CWzWXM/Kqsp8+xpDu5AbY2g9kwAOeWY6uX9bICAaC2ZmFVsweA2/j03su3955eDn9eeSSwtL4DnEp2p1zWyy3JyoU8/Ja+f/dS0Pq+VeU7L69NZc3CqgSA28v4+hYat7yBtT4/nELalmWdHFE20Eqwz0ZFCfmt7zIzAaAwAWB/GR5YXs+RmAfAuXx+/9W7Ktiul6NIL1ne5u2e+XECQGECwGHuPhm3J8A8AM5l9HCcdi8TgFufnb8TAAoTAA6Tt4d0IS6v6wjyuVqfGY5t5LX/efP38L85AaAwAeBw6WpfXtdR6N7k1EZfWmunzNsRAAoTAA43ci+AiYCcWg6kWtbDUTgr4/YEgMIEgD5GHfPMTmytzwvHkhn1y3o4ChNjb08AKEwA6CPdistrO4LZ1ixzfo9fjLn7X/bv+PcPhsRuSwAoTADoI8MAI24QlP0KWp8XjmXU4bA8yFqfl48TAAoTAPoZceazRo9Tyhv2sg6OIsN0rc/MxwkAhQkA/Tz8fbyuT78vpzTyBkBfPzQfZh8CQGEeEP2MOBEwwxKtzwrHMPIKACti9iMAFCYA9DNq49f6rHAMI++MaU+M/QgAhQkA/aSLcXl9R2DXM04lR+Uu698oWp+X6wkAhQkA/Yy6FFAA4FRGfVjYFnt/AkBhAkA/owYAW59yKqOeAaCd258AUJgbo59RA8CXDwQATmPUPQC0c/sTAApzY/QzagD45hfLnziNZd0bhXZufwJAYW6MfkYNAPY/5xRGPgXQIUD7EwAKEwD6GTUA2AGNUxh5E6A8xFqfmesJAIUJAP0IAMxs1PofAsD+BIDCBIB+BABmJgDUJAAUJgD0IwAws6w2Wda9UQgA+xMAChMA+hEAmFlWmyzr3igEgP0JAIUJAP0IAMxMAKhJAChMAOhHAGBmAkBNAkBhAkA/AgAzEwBqEgAKEwD6EQCYmQBQkwBQmADQjwDAzL599PpddWvXwXMTAPYnABQmAPQjADCz1LNl3RuFALA/AaAwAaAfAYCZCQA1CQCFCQD9CADMTACoSQAoTADoRwBgZgJATQJAYQJAPwIAMxMAahIAChMA+hEAmJkAUJMAUJgA0I8AwMwEgJoEgMIEgH4EAGYmANQkABQmAPQjADAzAaAmAaAwAaAfAYCZCQA1CQCFCQD9CADMTACoSQAoTADoRwBgZgJATQJAYQJAPwIAMxMAahIAChMA+hEAmJkAUJMAUJgA0I8AwMwEgJoEgMIEgH4EAGYmANQkABQmAPQjADAzAaAmAaAwAaAfAYCZCQA1CQCFCQD9CADMTACoSQAoTADoRwBgZgJATQJAYQJAPwIAMxMAahIAChMA+hEAmJkAUJMAUJgA0I8AwMwEgJoEgMIEgH4EAGYmANQkABQmAPQjADAzAaAmAaAwAaCfz358+e6Stq/zOQkAnIIAUJMAUJgA0M9//isAMC8BoCYBoDABoB8BgJkJADUJAIUJAP0IAMxs5ADw4Nmb5mfmegJAYQJAPwIAMxMAahIAChMA+vn3Dy/eXdL2dT6n+79dNj8v9CQA1CQAFCYA9PXHn++uauM6n5PGj1MYOQDoBdufAFCYANBXrufyGp+bAMApjBwAvnssAOxLAChMAOhrxJtFAOAURg4AXz+8aH5mricAFCYA9PXo+Zt3l7V9rc8ln6n1WaGnkQNAdulsfWauJwAUJgD0lQl3y2t8brmBW58Veho5AHx672XzM3M9AaAwAaCvERvB56/9xhxfhpqWdW8UWaHT+sxcTwAoTADo69tHY74FaQA5toe/jxkALt89v1qfl5sRAAoTAPr6/P6YJwIaA+XY0tO0rHcjePrKENghBIDCBIC+bAbEjP51Z8x6H+r+YQSAwgSA/i7ejPcmlA2KPrlrGIDj+Orni3fVrF33zs0eAIcRAAoTAPp7/GLMsdCM0bY+LxxqxOWvO18+MPx1CAGgMAGgv3tPx1sKuGMuAL2NOu9lR8/XYQSAwgSA/kZdCRAZnrAigJ6eXYz7gLAC4HACQGECQH+jHgu8YyiAXkbe/Cfsgnk4AaAwAeA4cl2X13okJkZxqAwnLevVaNTzwwkAhQkAxzHyrmg7GapofXa4Th7+6V6/Wp9G9NmPtgA+lABQmABwHN/8Mu6yqKsyHJBJXK3vAEtZ73/3ybiTXK8y/t+HAFCYAHAco88DWMoubgktebPLZ299J+aViaPpMRp1t7+WPLha34XbEQAKEwCOZ+TZ0TeRupGb/yprqueRIJgNfjKclY2krtaNLfj+V0NcPQgAhQkAx5MJSMvrvXXpJWh9V7YpY+SZyX9VGvwtjO9fx/r/PgSAwgSA40kDtMU3p48RAGrZylyV28punK3vy+0JAIUJAMc18hap+xAAaqkaANTTfgSAwgSA4xr5kJR9aFhrqRgA0uuW1Qqt78vtCQCFCQDHt/XJgFcJALVUDACZtNj6ruxHAChMADi+Sr0AAkAtFQOAzX/6EgAKEwBOo0ovgABQS7UAYO///gSAwgSA06jSCyAA1FItAHj7708AKEwAOJ2nr7Z/IwkAtVQKAN7+j0MAKEwAOJ3srLb1fQEEgFqqBIDcV5/e8/Z/DAJAYQLAaW29wRUAaqkSAGz7ezwCQGECwOlteXMgAaCWCgEgQ2ut70YfAkBhAsDp5WS1ra4KEABq2XoA0PV/fAJAYQLAeWw1BAgAtWw9AKiPxycAFCYAnM8WQ4AGt5YtB4C7Ty6b34m+BIDCBIDzSgjY0pwAAaCWrQaAh79b8ncqAkBhAsAYvn30ehNLBAWAWrYYAHLUr8N+TkcAKEwAGEcmM42+WZAAUMvWAoDlfqcnABQmAIwnvQEXb953BzR/s3MSAGrZSgB4/vrPt5/ff9X8DhyXAFCYADCmzA3IJKfRhgUEgFpGDwCp/7kPcj+0Pj/HJwAUJgCM7ZO7H4LAKD0CAkAtIweATI7N9tmtz83pCACFCQDbkElPaazTFbr8DU9JAKhlxACQSX5f/KS7fxQCQGECwPbkyNN7Ty/f5rdb/p7HJgDUMkoASFf//d8u7eo3IAGgMAFg29Jg3vn19ck2FBIAajl3AEi9zaRXY/zjEgAKEwDqyDBBuk4TCNKNeowJhAJALecIAKmbeehnfkvrMzEWAaAwAaC29BAkFGT9dIYNcjMfMqFQAKjlFAEgdS4TWb/6+cKb/gYJAIUJAPPKG1jCQeSNLD0HkRt+zZcPTM6qpGcASLBMHclY/nePX1u3X0R+0+VvXVmzsCoBAOZ10wCwe7jHg2dv/hcWEwg96GsTAAoTAGBeV3uBdjzQuUoAKEwAAGCNAFCYAADAGgGgsCwVa/3oACAAFNf60QFAACjOgRsAtJxql9FRNAsrs/82AC2ZJ7Z8ZlTWLKwsO3S1fngA5nb5vgOg/eyoqFlYWbbpbP3wAMwr54ssnxfVNQsryySP1o8PwLyyKdTyeVFds7CydPEk6bUqAABzypkOy+dFdc3C6hzyAsBVOfdh+ayorllYXX7oVgUAYE6zrQCIZmF1hgEA2Jlx/D+ahTOwHBCAyOqw5TNiBs3CGWTHp1ZFAGAuM3b/R7NwFnoBAOaW58Dy2TCLZuEs9AIAzO3xi/lm/+80C2eStZ+tSgFAbZ/9+PLdY6D9bJhBs3Amf/z59q0TAgHm8+j5vG//0SycTbqAWpUDgJq++GnOpX9XNQtn9M0vJgQCzCD7wMx29n9Ls3BGGQr49J6hAIDqZtz3v6VZOKskQjsEAtSVF7288F1t+2fVLJzZvaeXzUoDwLblBe/56zk3/WlpFs7O0kCAemY88e9jmoXYJRCgkkz0Xrbzs2sW8mFSYJaJtCoSANuRtty4/z81C/kgxwZnp6hWhQJgfJn0l7b8atvOB81C/iIEAGzTJ3dfTHvS3000C/m7dB19+cBwAMBW/PsHm/1cp1nIPwkBANuQN38P/+s1C1n37SNLBAFGlcPddPvfTLOQj7NZEMB4PPxvp1nI9XKCYMaYWpUQgNP6/P4rs/1vqVnIzWRLSQcIAZzX1w8vrPPfQ7OQm0ulS+VrVUoAjuv7X53st69mIbd3/7dLJwkCnEiGYB89t7f/IZqF7Ofpqz8MCQAcWcb7TfY7XLOQ/WVIIF1SrUoLwGFyWqvx/j6ahRwuqwSyGUWrAgNwO2lP064u21r21yykjyxJyRGUrcoMwM2kHbXEr79mIX2ZGwBwe976j6tZyHHcfXJp8yCAG/DWf3zNQo7n4s2fb7/62bAAQEuOX0+v6bLtpL9mIceXCv7FT04XBIj0juaclWVbyfE0CzmdJy//eJ94WzcEwAxyymp6R5ftI8fVLOT0sqOViYLATLKNug19zqdZyPk8ePbm/ZGWrZsFoILMg3p2YZz/3JqFnFd2ucpYmI2EgEoy78kEv3E0CxlDgsCdX19bOghsWvbuz3ynZRvHeTULGUuCQE4bNDQAbEkmODuxb1zNQsaVm8nyQWBkaaM8+MfXLGR8mUDjnAFgFP+68+J9m/T8tVn9W9EsZDuydjbHD5snAJxDhiYzadm2vdvTLGR7zBMATunLB68c1LNxzUK2LWNv2WCjddMC7Cs9jdm1z+Y9NTQLqSFdcukVyBKc1s0McBOZzZ+2JD2NV9sYtq1ZSD1J7JkrYIgAuIm0FWkzTOqrq1lIbdmQI7N1TRwErsruo+nit1vfHJqFzCHdeQ9/f/N+Mk+rMQDqy/K9zBmybn8+zULmk+WEWcpjvgDMIQfy5PAx4/rzahYyt4SBNAxpIPJ20Go8gO1Jb18m8zl7n2gWwlXpGsy4oNMJYVtyz2a+T4b6bNTDUrMQ1mQL4swM/vSe1QQwogzj3X1y6bx9rtUshJvI0sLMG3A4EZxPVvNkEl+G7bzlcxvNQritNDwZKvju8ev3m4a0Giqgj9xj6YmzXI9DNAvhUAIB9JNu/dxLuae85dNLsxB6Ewjg5jKsdufdG3427bJMj2NpFsKxCQTwQcbwszwvE/d06XNKzUI4tQSCHC2at540hpYcUlX22M+kvUygNVOfc2oWwgiyWYlQwJaldysP+7zdpzvf+D0jaRbCqIQCRpVx+wxpZac9XflsQbMQtuRqKEgjbE4Bx5TQuZuklx32HJfLVjULoYI0zOl2TUOdrYzTaDsCmZtKfcl5GKk/2WRHFz7VNAuhsiyrSmOeRn03lKDXYD456CoP+YzR797mPeSZSbMQZnW11yDycMhDwtkH25Rg13rIW1sPAgDcyq73IDKzW0g4jyylyzVP780urO0e7pbWwc00C4H9tUJC7OYh7OQh1nq4zWg3sW5nN/YemVW/u57Law3sr1kInN5u+GEnG8XsHoKRt92rD8mWU/RC7N6+PybL4a5+9t3b+U5Oklx+f+C0moUAQGVv/+//AepEPm3UUKVFAAAAAElFTkSuQmCCAzure Cosmos DBGE.DSParallelLinesfalseAnyAnyfalsefalseSelectAllow access from all networksAllow access from selected networksAzure Key Vault Firewall SettingsVirtualDynamiccd610fb8-4fbd-49c0-966f-8b4634b39262ListfalseSelectTrueFalseAzure Key Vault Audit Logging EnabledVirtualDynamic78bf9482-5267-41c6-84fd-bac2fb6ca0b9ListfalseSelectManaged IdentitiesService or User Principal and CertificateService or User Principal and SecretAuthenticating to Key VaultVirtualDynamicae94fa17-596d-476e-a283-0afc166dcf26ListTool for securely storing and accessing secretsfalseSE.DS.TMCore.AzureKeyVaultLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAMAAADDpiTIAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAMAUExURQB51gh92hCB2hiF2iCJ3iiN3jCR3jiV4kCZ4kid4lCh5lml5mGq5mmu6nG26nm66n266oW+7o3G7pXK7p3O8qXS8q7W8rba8r7e9sbi9s7m9tbq+t7u+uby+u72//b6/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANYLBa4AAAAhdFJOU///////////////////////////////////////////AJ/B0CEAAAAJcEhZcwAAXEYAAFxGARSUQ0EAACNGSURBVHhe7Z3rWupAEkUFUfGOiopHBd7/KU+ARlGhL7V3daoS9p/5ZsYTIFnprnufLI/qtfoKwNvsedLoerzV6r89zmbz8P/3Rr0D4GP2cDcenRzUYHwzeXkLf9wD9QmAj+nNeXjMSZ1ePvSDgr4A8Pl8G3nt92t49fge/nl31QcA5i932W/+b51eTz/CZbqp7gPwcj0ID1Oqi6cOm4YdB+Df7Wl4ipiun8MFO6cuA/DxcBaeH0HD224ahd0F4GUcHh1No4cObgVdBWBKfPm/NZx0DoFuAjAtdvlyNbz7DJ/REXUQgMUjx/A7oEG3EOgcAMqPf62bDoUGugbAi/7jbzSYLMLnuVe3APi4DE9IXaPX8JHe1SUAFhM05leiq26YAh0C4FXN9N+vwUP4YNfqDAD1Vv9vnc3ChztWVwCY1lz9v3Xn3hjsBgCLm/BAquvCu0fYCQDeVeK+eRq+hC/hVF0A4Kmd5X+rW9fbgH8A5tfhQbSmc8+FY+4B+Nfi8r/V0HG5iHcAXtpd/reahK/jT84BmIYH0LpuwhdyJ98APITbb0DXTk1B1wDchZtvQpc+CfAMQGvRn/06d1ku5heARQvB/7jOPUYF3QIwvwi33ZBGDgnwCsDC4PN3SYBTAOyt/xudubMDnAJgzP771oU3X8AnAPfhdhvUZfiKXuQSAEPxn79yFhP0CICZ+O9++coLOATg1Ub+57Cewhd1IX8AvFl//icnnoqE3AEwr1z8LdHQUTjAHQBX4SabliNn0BsAj+EWG5cfQ9AZAA4MgI3ctIz4AsCDAbDRqZfOQV8AuDAANhqHr2xdrgBwYgBs5MQM8ATAPy8GwEY+zABPAIjnvbajcxe+oCMAnsKNdaPH8MVNyw8An1Wm/zA18OAJ+AHgNtxWR7oOX92y3ADwL9xUV3IwXtgNAM4swI3Ow5c3LC8AuAoBfMu+HegEgM9huKPONDRvBzoBQKcL8Gx9WNxGV/Tp8mvdhR9gVj4A+KTHAM/vX/+Fi3/pc/Z4xf4g866gDwC4C8Dp3cvh/o23B665aX0JcAEAcwEYXCcr9t7viVnnU+MBYRcA8PpARtO83q1XnkVg3BHwAMCCFQQeTcMVMzRj1R4YXwI8AECKAZwWPP6V/pFWAdttAg4AIC0A9+Vv4jPlk22HAx0AQFkAxqJhjnOK9WG6T8QBAIzXUFyfNSOEIC/CtUzKPgCzcBsBDYBJnh+ESaSWG4XsA4DPghj9ifmVaI67A5aPFjEPwAIOAl2g0Vg4DnkWLmRR5gF4DjdRrBvcD39GITQ8Ttw8AOg0KEog7g00RO/DdQzKOgCf4RZKRYrCfGDOwChcxqCsAwAGAWi5uBm2C9gtDrQOAJabJY7swroSbsNV7Mk4AO/hBspEHdsI+QKn4SL2ZByASbiBInEntSyg3JDZRkHjACA3fUC+6dBwArOxINsAQFEgehr2HXAFrsI1zMk2AEgeQMHuegmXFmgYLmFOtgEATIBTjbndQFoAykcoyjYAgBNYWP6TJ6A61WppoGkA5uHmCaSUg5fHpawaAaYBAPZcpRV3IV6TrBoBpgGQx17U3jc5k0YzgqYBkJsAeiaXuEBIxSjBZRkAuQmguOGKrQCj6QDLAMiHgij6XOIidaOTIy0DIC4GUi3DlZ5XY7QmwDIA4jCQqs/9ET6kWDZbxCwDcB3uXKmUe/KlCSqbboBlAKROgPLJbdIzq17Dv7clywBIk29AG0iO5sJ4sM1gsGEAxPWg2se3CvcAm7NCDAMgzQWrd+MKjVObZ4q2CsAsWrMlLcNUf9OEZNrsD2oTgPu4ZyTNBKh3YwvrlAbhn9tSewB8XCTeCWlXqL6/LTQCwr+2pda+1Utj48enaQsBqFCBLVybtI1TkVoCYLEe/h7Pjwjfswq2ljAhZHJMQDsAvG9iPPG5HUIAKmTdXsNHFeoIwFbTYEXFU+TCQGCFeIswHXAEYKP51+YeB0DYh1Ej4ho+qlCpRhXlCOZ+1Qfg/bumJu6wCRPvNZqwZEHq1Ddr5ajB6gDsjt2K35HwR6Wq0YktW5ySAJxc1XcUagPwI7ynAkCNnVYGQGpzav7kvLqdUBmAn0d/RQGQ5oJq3MKL8FllSpWFrv5mmFom2KoKwPyXZxf9sdLKmxoAyDzUHACqjxauCcD775XTLQB6K0Cj26q1YxUBeP1jO/fMBkit7uHPTi5qmoL1ANgTP407vuGPSlVjE9UFABxtWqZaAGyC/78UXxPDH5WqBgCyfHA2ACfDelPFKgGw2DvvUSUSWGM4e/ioQqU2p/BnKw2qVZDWAWC+f96nCgAVcgHC2WUJABbhzzZKWYwsVQFgfiCvE5+cJGzDrJANFLYIJwD45fZUKiKuAcCh56+TDq5wPIOwHiD860P67ffWGTBcAYCPg2t5/CcKx0RXqAjaZ9BmKPzrQ/oT+LgJ/4eq9AE4/PwTv1B4mytUXsniQKnu0L+WxWWFkJA6AP8iqdN4x7S0DddqVXCqP3xPtflYH2ZtAGLPP9HCIe3Bs9oXkFrR9/3ec3UClAF4jb4s8e1a2hmk3oAh7AxKlXvsXfHUCdAFIP78E2aRNBukng0QFiumPPv9xebaBKgC8C+1WcYb+cMfFUs5hiItVEhFgg+MIVUmQBOA6P6/VjzpIQwFak/jkY6JSi1Mh3yLc1VfQBGAj3RVZ9xgF0aCtPcA4Q6QvNMHeVf1BvUAiPj/X4rHgsVzIlWra6Wzy5K2afi7PdIkQA2ArOMV4s2BUj9QdyCXFMv4b43bvIoEaAFwMP7/Q/G4vXxOoGIsSDwnMJXcifab6RGgBEDmUOXEBOWkEXlIikNCxJNCUzUe8QurtbzqALC//mOP4n6g2ArUWwLEC0BybEEi9aGV5VYBIPv5J3xjsRWotwSIF4DkN0plmJSOnVIBID+PF98YgYOjlZaAuXgBSOZ2k/udTu+oBgAFb0n8toiDwY3TpWM1ydekVL9HOr7IPgZvIwUASsYnJJxj8fumFAuQ+yXJAeYZd22oMWyWD0DZ6XrxQLd0TlSjgUY4UFYJslKyTiln2Rwp/CY6AIXna8aXNeDQII2MgNgCzDABsiZjKySG2ACUnrAbtwKlY3nXoheGIEfIJ43SvPeGHxBiA1BayJc43EUeCWhETgt/iONSzYaUenC5OebkSlIqMgDFi2QibA8sus1dpzZYzcXHRTVKBvKyNzt2uwAXAMH8tLh1DDiCjU6ZRpOwSn2jZNP/ffjDpNjOIBUAyfHaCaKR145aS5H9hPYqSWL+XnfKPQ+FCYDogP3E4ojdd975cUBQslE6Ml1gX15QDUEmAKKztRPmkbAP80ukeNAb4o5kxPHfwh9miereEAEQzvdP7Gny2MtGlLv1gj3/9ClWZZXmTPeGB8C78CYleiDFZUFbEbprxOfXBaU3orI6wwFxgggNgIXUXEvsj8I+rB2dgSH0hfT4ui8lo0ClleYjXkSQBoA8bJ+wkKU9ot8aQuM2PqRVwF9K9ysXL3O8w5FZAAArdcJCKrKPDgiInrwBGcmgdKN/+RpDS3aSAPgAFurURAf4DWx0I3WdtpPtESW3oIUgfsKKB3EAWEC2esJGhsLBW52JtoFPkWf7S+m0pKQNlmUGcACQF8qslIiTyuswf+i6OIK2eCC8/jnVaSIzh5QWogCApO0bpV4RyhLQ2IKTspfmBQtDb5VRnyojnFMjyADgE31FE+8m7gkGlSAwZZgeK6UXAOEghCElKcAAAPaTUyYttsPsaniflSCcTyVpjb3KaFOTetCUmicCAFieZKXThI3+yVoCVrp4Si0Dr9fEz0t7oBIfYCNGbQAOgLxU/lupZZK3BKx19Xgwlvr5fMuxOYNSbDcSHkLXaEAoE8YBACp3v5RazKhLwFqn15PZr9s3nz3dsTb+L2W8pMAOSqh3gAGQ87urVHaDvARsdT4eX08a3Y3HYzpjK2UsAJCJi08TRQEgOemppC3pY6orI3GLOblw2SMKAJ6qWWuYelPgrHAryplbjPkb8CYAAiCd5fdHyapJtDCkFWXk7cEgGtw0jAGwoLnLyXgZ0JbXmnJ6+qHOh0ZoCxwGAFiyuavkZkbabCoqJ1SHcw3ODoEAYL6VqRlKeMC5unLiNAQnGssJQAAwveZ04aQ3OzDHPmMEODJczYgQAPAY8K7SJ2YykvP1lFW5iZabrgUVPgMAcH3zjPfF1yaQY56TbiFSJAwAID3QYa9GOblNTtSxjrKOLiKtoRklBwclB4Aanx/mOTN+PIE874xlRAFpQTkAjCTQVrmN3Ly4g7bSFk0jRsHzWmkL+qDEAFADM+mqmSDaLVNWnnPOs2rldqAYAGZoNut12YhUH6isvBZu6ckT+yS2A6UAoCHsXRXlND2YAbk7GtGvFbcKCQFgbsbJGOAPlU6hakO53buZI7WzJG0UEQJAXIlLB1+JxlBUVf6GjMyd+iWpKygDgOgClo++kwyiqamSYl1k8twvZRvSPyUDgFehJRl+aTseVNazJZyqsUfClIAIAN4CIBt1YNkVKB3oy3uXZNEgEQC8Ly0cdkLJoahoUNqEyjNqZePDJADwFgBxg6NVAoqfP9OoFUWDJADQFgBgqL9SnTgowfMnGrWigLAAANoCADW2MFMRLImePzGoJlkCBADQXj5s2plBAqQ/iJVYlywB5QDQFgB00JE5AuRAs2LCgiWgHADWAoDPOCHWJBM0EEZiVmLVOgmWgGIAWAsAY5Y7L4qCawj9HlZsq7xNpBgA1gLA6G1HR7gSNQI7tUn7WXk4sBQA1gJAmnT4z0he4FwUhNkRK71a/F6VAkCKwtKG3uccUq+vS9ieYXVZFi8BpQCQ7jfv2Iu5gW6BW3lA61skk7bUFSkEgBSzoJ7q+NiyITDkzGsTT9v+qdK6gEIAoINzvjRivDHfIozzBXROGNSzFngoxVaF3mgZAOj5HUGAx7xXcw6XIlGW/404Ga7CJaAMAI4PyJt1/iVql1KBSMv/RtjE5S+VBSSKAJBPtNuVyqm+b61MELlgLf8bSQ9d+amyHHsRAJzIm8q53s0iUN0WHGLZrD2iLGSDIp+0CABKFTPZAvzWR2VLoHz8eFKcOvGiYFAJAJy+LLYFuKNpxbjgSJb7T4jiZheZgSUAwEOhVwJH2sQ1r9Y3dK+0jlFWsRIzsAAAShqAMd42pvcqgcEbDTt2LUrPbYkZWAAAxU3FZ5um9KbeO3alCTEjLVhiBhYAwAhVYgONMvXCHF71R1fIQJa0KOtsgRmYDwBlcVK0AHc15cTV9+iSfHr7XzEW2gIzMB8ARrZK1QL8oRnFYv2lwa2yBbMSZXBUvhmYDwDje+munj/1cU92CkePeNY/R4x5iPlmYDYAjIIFhSRATIsn4k5wWWn3akQwYRKH8u8oGwCGh11zAdjo/Y5SwXLxqOb37RGjQjQ7SZULACMPVHkBCHpDDwEaP/FjvnERYhnZY1dyAWDEKNUN6EN6lYcGRtM6G/8PERyu7FBALgAEo1o6xIQguWtFOZuvWIQlIDdTmQnAnBCeqGdF/ZE3AAhLQK7HnQkAwTVpcQFwBwBhCmPuHpAJACFJ1eIC4A8AgsmVuQfkATAPFwXU5gLgDwBC/0XmHpAHAGEHKBgHy5c/APAOrMxO4TwA8BxllTTgQfkDgJARyHvl8gDAo0CUZmCx/AFAqMDP++pZAODFgO0uAB4BINQFZPkBWQDI799W7S4AHgEghN6y/IAsAHCvtHY0/Zc8AoAHg7JywjkA4E5gvUKQ/fIIAB57GYULRZUDAO4EMjvoJHIJAB4Mykm/5wAAO4H55QlKcgkAXoWbY3nlAAA7geKRwCz5BED+rYNydt4MAHAnUKWLqkQ+AYCnMeSsvBkAwCCehgu1J58A4N5XRglOBgDw19DvBkrJKQBwt3jGnU8DsAgXk6t+LehvOQXgI3wJsTJSsGkA4HrwVhPBGzkFAF9809HgNABwYrJ8fi1dXgGAR7Kko8FpAOACxZbDwCt5BQA+XDbtgKcBQBPT7d7CjbwCsERb3dPbbxIA2BChT1ISyC0A8B6QjAQkAXgOV5Kq9TDwSm4BgMvxk5GAJABoZUo7/WC/5BYAOCWYTAckAUA9kZZLQTbyCwCaiU2+fykAFugaVLOt9qD8AoDuAcmagBQAaCYoqyhBXX4BgP2AVCgoBQAaBroN12lXjgGQf/WNUg1ZKQDQ0sQ2G8K+5RgANBKfmsycAgCsSikbXKwmxwCgRliqKCQBAJoKbP3+beQYAHRi0DBc5pASAKC1yUqj4UvlGQA0EJNwwxIAoHHA1ovBNvIMAFocnKjITgAgv3Mb2TABXAOAdmUksvEJAEAnwEAtyFqeAUCNgMS8sAQA4IcLjjNXkWsAwAmNiZcwAQDog9iIAjgHAEwHJNyAOABoMYCJREAj1wCgDyFekRUHABxaaiMR0Mg1AOi8oLgnFgcAzASYqAVYyTcAYG9mfFRMHADQ/mi/IyTINwBgXVjcEo8DAOYirdiAzgEAU/LxbEAcALAiuML5GnnyDQAYCopbYlEAwE8ehMu0L98AoP350bLcKABgf7KVOKB7AMC6zGhvZhQAsBih9bkQX3IOABiQj6aDogCAMSgTBcFrOQdA/vXXij6HKABgGMCME+AdADApHy3KiAIAHhXY/lyArZwDAJblRLfiKABgCMpIMUAj5wCA3lg0EBAFAIsDparRKso5AGA85iJcZa+iAGAlwXa8QPcAYH5gNBIUBQALQJhJBfkHANuLowG5GABgTbiNpqC1vAMAjguLhQJjAICVCAZmA23lHQCwMjhWlxMDAMxCWRgNEuQdANAPjE2JiAEActfaSbF/5R0AcDOOReRiAICFCHbiQO4BWIZvI1RsLY4BIL9ta1mpCG3kHgCsLDAWC1YEIFzFgtwDgEVkYkVhegAYCgT6BwCLycaSATEAsFyQmZrwRu4BwMa1SgHA4k9Gbt1a7gHAHkU7ABiKBPsHAFuMY+lAPQDsFIR1AAD5D1gp9iOOAMTVawD0TM/acg8Alg06AuAeAKw89yxcZZ+OAMTVCQBiHrkeAGY6QxsdATioGAB6AejaOgJwUEcA4uoEALGasCMAcXUCgNhDPgIQV68BwGbEHQEgqh0Ajm5gRwCIZeaPAMTVCQDaiQMcASDqCAAm9wDIf8BKUgCwwRRHAIhqBwAsHZyYUl1VPQcg1h6sB4CRW7eWewCwY0NiP0IPgFgOsrbcA6D3LuoBcBquYkHuAcDscSkA2MYTu3JtuQcAC8pKAQC70u2MCPIPAJaWiTlkMQDAAPSxN5An7OSW2KiOGADgcRHH9nCawPbwWF4uBgA4KdbOnEj3AICzWmKjQmMAgB8bP6miqrwDoDirJQbAZ/j3QhmqCvUOADgrVjoiBpxLYSgW7B0A0B97C5fZpygA2IBKG/duLe8AgGc3SaeEgd5nLAdVWd4BuAzfRijpnEAwABm9dF15BwCbEBPf5sN/7hUInp1IkHcAwpcRKroURwEAtx47kSDnAID+eDQvGwUAND7tjAp1DgAYkZOfFwC6n1YOj3cPADixMzq1OwqA6pGVNeUcAHArjk7tjgIAhgLtlIQ4BwA8N1B+bByYhUycXC/X+6xQ8tomEwCAJ4fGAoEJAED/M35yvVxYrVqRLAAALsTx9zAOABgI0DoyomcAgGP740c4xwEArQ+tdFDPAAC98Xh5dhwA8KO1zg3rGQDg0cFxZywOABgI0KoL7RkAWE4ucXhXHADwrBotK7BfAKA2YNwSiwMAFiNqTQnpFwCgDZiozYwDADYkaN2+fgGA9QWenLyH6+xXAgDQ/hjEShHk6hcA4EsY9wJTAIBugNLJYb0CAN2Go0dHJwFA959YRbpcvQIAzAWnTvBNAACWIigdG9IrAOSJrI0S72ACADQPoXN0WK8AAAszU3VZKQDATKROWVifAJiDGdlUMC4FAJgN0IkE9AkA1ApLFWWkAHgM15FKJR3QJwDQ35oqy0oBAFaF6aQD+gQAmAhIFmamAFigW5BGaXCPAECzMfF6sEYpAGAjVGNeZI8AQCNxye6cJABoJFrDEewRAOj7l2zQTAKAWqEaKeH+AICmgtORuCQA83AlsRT2gP4AAO8AyVh8EgC0MlgjI9gfAMBMYEY2Lg0AfLf5fkBvAIB9gEQuuFEaAHBaoEaHWG8AQC3wjK+fBuA9XEsueoNQXwBYYDN6GqUj8WkA0ISgQn9IXwAAJ3U2SrtgGQBchYuJRc8H9AUAsCCvUToQnwEA2J3eiF0Y1hMA4ExwzquXAQBaFcQfGdkTAPA3L+PGZwAARwLogwJ6AgAaBs4qx8kBAHZG2OHgfgCAr7zDjBhcDgC4MUoOB/cDALQaNK8kNwcAuCaAHQ7uBwBoKUjevPYcANA5EY244eBeAADXYuVN6swCAC0MZIcCegEAHH7JO7gvCwA8Gsw9PqQPABDuedacxiwACNsRNSPUBwBw1yvP98oDAO0OaMSMBvYAgE/Y8M60vPMAQBsUGzG7BHsAAGEByFt08wAAzw5Zi7gEdB8AwgKQ6XllAnAfLgqIuAR0HwDCAjDIa8nJBIDglBKXgM4DwFgAMoc0ZgJA8AOIS0DnAYCLgRulWoKCcgEg7AG8JaDrAOClYPnR91wAGHsALSXUdQDwyGv+mN5cAPCigAZKVnVoxwFgLADZGfhsAPDkJO8MmY4DwFgAckoB1soGgBCbpi0B3QaAsgBkb7fZAOBdSo1IS0C3AWAsAPk1WPkA4CWKzRLAcQQ6DcCcsQDkV2HmA4AXKTdKjK3MVKcBIAQBS2Zz5QPAue2U0qAuAwD3g66Vf2pvAQCElGCzNimdIRGXo2PjGKZWSfVFAQCMUEBydK2O/ADAsLSyw8ArlQDAiFDz+8Ry5AaAT4YFeHJaUIRdAgAjR6V3klRMbgDgWDcl3nYJAIRC1ZVyqtXJ8gIAI+PSKH5GyE8VAQBPDFtrqHWi7GF5AYBiAZb52kUAMCrDGmnMjozLCQCUGGChq10GAOkbRk8z1pAPADg2VpEJWAoA3iW41nnRVyTIBwD4QJC1yhIuZQBw4pRaRwkdlgsAKIG24pRrIQCkVWqQH6qkyAMAC0qcrdjCKgSAFYa/qLsJeACAleAoDLSVAsDJVfCKg/LkAAB4HmdQae11KQCkYBC5XTgl+wC8c/bW8vtaDADJVDkZ1jQDzAPAMgDKA+3FAJCiVXXNAPMA0CociustygHgxIMbVTQDrAPAMgAKg0ArlQNAWwIqmgHGAaAZAIIAiwAA2hJQzwywDQDNABAsABIAeEtANTPANgC8EkdBhFUCAG0JqGYGmAaAZgBIFgARALwloJYZYBkAngEgSrGIAOAtAZXMAMMA8AwA0QIgA4C4BJxXKRM3DAApB7xSQS3wt2QA8JaAk8sahqBdAEj59ZVk1bYyAIhLQPYkA0RmAZB/sb+S2VNCAIhLQI1WEasA8BwAcbm9EABaUnCl/E5GqYwCgB/EsCOhQyUF4B/PeWEPk98jmwDMmPdQOoNNCgDTetEPB5gE4B98IOOOxJMXxABwutiCBhmnGyGyCMAH8wbKY6piAFg9AhsNdVtGDQIwJ4ze/NapuNtKDsCC6Ao2v0A1JGgPgDn17gF19nIAqK7gyclIMyRoDoAFfgzTroCOawAAqiuoGxQ2BwAxALwScC4jAgDVFVQlwBgAC14FwFrIGG4EAMoE6R2dqdkBtgAgr/8ng5J5AL8FAUBMZa410vIFTAFAtv/ASCoEAK1JYKuhUuP4dCwVv2bpg/zWgL3WGACM48R+aEA+Ztqe/lH9/5WwlwYEgDLY+IfU8wLt6o0Z/10LXKNAALgJrbUewpU7qVeu49RIVAe2IxQAYk3zVhU7hmqLmf8PQvdMGABqUmijmxpVYm2IM2nzh+B6KhiA5XP4KkRVqROsL2oGfSN5EmgrHAB2WHOlOrXCdcUO/62Fm8wEACgnHPzSafVJctp6Z4d/ViIcxUgAgB4OWqtjzsAz3f1rhG8AHAA0NrfGEOjQNrBgB8w2YtRRUQDg1oZs1Z1tQGX5J/nLFACYDY676sg2oLL8ozmArTgAcAsEv9WFbUBp+ceSwN8iAbAkp7i38r8NKC3/tGMXWAAoBAQ3cr4NKC3/vMP4WQCQS0R35Hkb0Fr+OR7gWjQAgKqbhEZuawTe2LUfX+J10vAA0DIDGl2xcK+qudrrz5y3TwSA2+vyQ4MHf+mhqdbu34h46A4RgOWbTjRgrTNn+8C/i/DFNcQ8cYUJgEa9w7euHe0Dc3LB/E9RJ2tRAaDXiP7Q0I1H+KzlE29EbaXmArDQXPiafUC5i5yj93H4ukriGYArcQEgN73/1Y35fWBxr2gJrUQeqkUGQNUQXGn4aNsfeFF+A+hH7rEB0CgR/KlTwwhMtQL/Xxqx+yfpAGiUvv7S6cRmdHiqFwjZij9JhQ+Ariuw0XBizhZYPGov/o0UOucUAGB3P+/V4M4UAvOHCo9fpW9OAQB+//NeDW7qTBrP0HyiGPbdkcZETQ0A1J3BrWwg8HlX5/HrTFVWAYA9POawrlqvGHq/q/Vbxyrejw4ACl2whzR6aHEZmD/phj53dabj+igBoFcgtEfjaTtu4bNCU9xB0QMAQVoA6GYGf2twXT1b/O+20s6/kdbz1wOgLgEnJ6d3nDLpLH08qBV77Zfe2Up6AFQICf7S2WOV2MBiqpzu+yvFUcqKAOiViR7W1ZOySfg5va5m335Jc5S2JgDsQZJ5OrtTswfe7quEuH5LdXSaKgAKA4SyNLh6pL8z70/XVa2+b+mOztMFoC0CGg0uJzNW5GT2cNXSw2+kPDpRGQCd0QHZurh7AqvI3qb31U2+H9IenakNQBuW4C+dXU5eBC7i++vkqpUt/4e0n78+AAYIWOt0fD15mmWA8Dl7ntyM9Ws7sqR8lE4jfQBqR4RSOhuPbyeT6eyXnieTu/G4/Vf+h/Sffw0ArBHgR2rx3x3VAGD5XD920gXVeP51AKiYHe6QzqsEtusAoDAlvfMa18lxVwKAf05G11VrYnYtAJbzduMp3lStEbYaADrDkjuqwXO4afqqB0BLyUGP0jo7a59qArCcHp2BHOmdn7hHVQFYzo7OQFqVzP+gugDozc3sjm7rNj9XBmC5qFlK7VAD0gTYbNUGQG2udDc0qt7pVB+A5VulzkGHqrv9r9UCAMvPev1UvnQfblBNtQHActFuoZhRDV/C7amqVgA4Joj36KxiZ9OOWgJg+X7cBn6qreNS2wJguTgGhnc01K79PKjWAFguZ0dvYKvL9gYetQjAcn4Vfn/PVT34s6s2AThmh9a6aMf6C2oXgKMt2I7zv6OWAVguHvq9CJy1PeWqbQB6vgjct+T8fat9ABpLoK9VAu3u/htZAGD52Ut3YGDiBBQTACyXr/2LCVzWLPw6LCMALOc9yw8NFeY+i2QFgOXyrU/G4K2ZWed2AFA/bMuOxvpd39myBMByMelDUGDUSt7/kEwB0PgDna8ZtXbqlTEAGlOg24Xjd+3MtT4scwAsl0/dNQUuDUR+fskgAHXOX2pBY4sHn1oEoJsImHz8VgGodw5TLRl9/HYB6BYCZh+/ZQAaBO67gYDhx28bgAaBRyMTOwFdWX781gFo9Ow6LjC4tZHzOyzzACyXM7fVAlZPud6VAwCWy49bjzmCs6mtoO9+uQBgufysfUwXrPoH2cnkBIBGbzd+loFK55cx5AeAxieoeFAroOFN6wcaF8gTAI3e657XKdDYxc7/LWcALJeL5xYO7svV2cS61/dH7gBotJiadAzPJvaSvWl5BKDR3BoDPp9+I6cANPp8MjN/3O3Tb+QXgEbz55vW6wYGV49+n34j1wCs9P54GR5FC1I8p7iW3APQaPFy20LScKB+UnkVdQGAlT6e7yqmDU+vHz0Fe2LqCgArLWaTsX6M4Px22oU3f6suAbDWv8cbtYDxaDx5tZ/gLVPnAFjr/WVySU0fno7v0XPIjaqbAGw0e5pcwnvCeDx5nHXttd9RlwEIeps9CEBoHvxk1s2X/od6AMCX3mbNmrA6I3w83rM/jFb/++1k8jTrw3P/Up8AOOqPlsv/GYwBVbJoZ40AAAAASUVORK5CYII=Azure Key VaultGE.DSParallelLinesfalseAnyAnyfalsefalseSelectTrueFalseAzure Redis Cache TLS EnforcedVirtualDynamic866e2e37-a089-45bc-9576-20fc95304b82ListfalseSelectAllow access from all networksAllow access from selected networksAzure Redis Cache Firewall SettingsVirtualDynamic1bda806d-f9b6-4d4e-ab89-bf649f2c2ca5ListAzure Redis CachefalseSE.P.TMCore.AzureRedisLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAMBlJREFUeF7t3SFg3UYWr/GFhYWFhYWFgQsDQwMfLAwMKCgIKAgoMFgQEBDyQGDAAsOAgIACgwADA4MAA4OAEr98ztNamZzY915rpDMzH/iR2W58r66k+WvmzOhfV1dXkiRpMGGj1JOTj/9cHZ9++sqrvy+vfv/vx+96/Or86t//OVvdwxdn4eeZPH978c13QfmdJekuYaOUyduzm46ODnDqDKNO+offP1z96+mJPvv1r9Nvjs88TLz5cPm/43pxnSHi4y+pT2GjVNP78y+dDh3QvEOad1RRh6Z1/PL8Jjj8n/97/r/f5+jdzeiDgUFqX9goHer88stw+7xznzoTn877M4WFKShMIYGQV54bknIJG6XvmebTp6H4aRj+5z9Pww5CYyP0TQFwCoTT1EN5bklaV9iosX365+r6Bv3i/ZeneArTmE+ObvDSffz07EtAePLm49Wz4y+jB6cXn0/A4LyUtKywUWOYnubp5H97/WWo/sc/HKZXDg+Ozq4evfwytcCqDUcNpGWFjeoL8/LTnDw3VJ/m1bJp1ODp5/OZUSrrDaTDhI1qF0/1r0++dPbcJLlZRjdRqTeMGDCSNe2VUF4bkr4WNqoNPPnwBMT8KZ29VfbS11ilQKHqVF/g8kXpRtiofBjG58mezp4nnehmJ+lurFghFDBS4PSBRhY2ansM5fN0z/pqnmKiG5mk+2PkbNqC2akDjSRs1PrY7pZhSor0rMSXtsUoG0WGjLo5baBehY2qjw5/KtSLbkCS8mAUjgJDliMaCNSLsFHLYw6fIX3mHn3Cl9rGCAEjdtYQqGVho5bBzYFhRNfdS/1iqS21Oo4OqDVhow7Dxc9NgJuB6++lMTk6oFaEjdod+5aznMileZJKPAhQO+DqAmUUNup2zOfz2lML+CTtijDAPh6ODCiLsFHfYnifIj6W6UUXtyTtis2IWAXEfh/lvUZaS9ioL3gtLnP6VO67za6kGlhiyDSir0HW2sLG0TFfRyGfy/UkrYlpRaYXefiY35OkGsLGEXHBceG57a6krfHwQfGgUwSqKWwcCcNuXGg+7UvKiPcUMBVZ3ruk+wobR8Ae31xY0QUnSdlQOMj+AqxCKu9n0iHCxl5Ryc8FxIUUXWCS1AJqlHifSHmPk/YRNvaGxMz6Wyv5JfWEokE3GdKhwsZe8MTPWlvn9zWhyJObZoSnKs6Xu7z5cHl9070Pln1F//Yc75GIPuck+n4aE+eDGwxpX2Fj6+z4+8cLlqaOkNGdecc572hHqaLmnJ9/b1a0zI8J9S7T8XIkrF9sVObKAe0qbGwVS/l4svJFPG0isE2dFE+/dFzUbEydmhulLGseGtjlcgoLdCL8Bi6JbRejWV4vukvY2Bo7/jZMw+8su6SjodOh8/GJJbcpKLByht9tPjUR/c7Kg9ExVw3oe8LGllAJ65NKHqywmJ7gCWV0HN6A+jcfRWC6gSma6PzQ+hhZYySt/M2ksLEFPJUwzBWd8KqP0MVQMTd8NimhAyh/I4nRHc4NzhOuV1+bvR2uWa9TzYWN2fGk4XD/eqZh++mJvvw9pH1RsU5wnKYTLNhdD0GMB6j576ExhY1Z+dRf3zR8z83ZZUVaE1NFLLGcphFcrVAPD1CGeYWNGXGy+tS/LJ66GMafKu3LYy5tjRDKkkZeye0Onssj7PvmwXGFjdnwRBCdvNoPAYoRFKZQrLxXixglYHSK6naLf5dBwaZLBscUNmbBkD9PqNFJq90wpM8TvsP56hEdFyME3CesIzgcDwe+W2A8YWMGPKGa8PfHMCkFe6zZdmhPo6ETY1jbZYj7o+aCMFUeU/UrbNwaT6um+d3R6TMk6lO+dIPRAVauGAb2w5RreSzVp7BxSxSj2fnfzU5f2p1hYD/UCpXHUP0JG7fCEiCX/nwfx4YL07k66XCEAaYJfNC4nSGgf2HjFniStfOP8bRPIZ9b6krLoUaGFTGOCnwfo4zlcVM/wsa1kchN499iMxSK+crjJWlZjKq5yVjM9wj0K2xcEyncDT6+Rsfv3L60Ph5GDALf8kGkT2HjmrzYbrBm3x35pO2xDNk9SG4wQks4Ko+T2hY2roUdvaKTbTTMQdrxS/kwEucbDL/gAaU8Pmpb2LgGCtrc29+9uKUWMA9ukfLJ9VLK8tioXWHjGtitLjrBRsEuhy7nk9rBtMDoowFMBbgaqR9hY20Mq0Un1yh4s5nv45baw2gdS+Oi63oU7g/Qj7CxtpGLa7x4pPaN/oZSRwH6EDbWxIkz6lyanb/Uj5FDgO8L6EPYWBPFNNEJ1Ts7f6k/o4YACrjLY6H2hI01sZQkOqF6xkZHVvpLfRq1MNDNytoXNtZCJzji8L+7aEn9GrWo2SWB7Qsba2Gzm+hE6hkFj+VxkNSXEVcGeG9rX9hYC2/eik6knh29MyVLveNV5tH13zOmPsrjoLaEjbWMWADoZj9S/1jdFF3/PaO2qTwOakvYWAvb3kYnUs8s/pPGMNrW5tRzlcdAbQkbaxnxzX/u+CeNgW1yo3tAz8pjoLaEjbWMGACcApD6N+IUAMrjoLaEjbWMGABcKiP1j6W+0fXfu/I4qC1hYy0jBgDfoS31b8R7G8rjoLaEjbWMepGw/LE8FpL6MOL+JpPyWKgtYWMtowYAqoN9e5bUH1b5/PL8NLzuR1AeD7UlbKxl1ACAx6/cNUvqzcj3NJTHQ20JG2sZ/WLh+5fHRFKbRr+foTwmakvYWIsXjCFA6oH3si/K46K2hI21eNF8wXSAGwRJ7WHO3/vYjfL4qC1hYy1eODcoDOQFIuUxkpQTm3qNXPAXKY+R2hI21mIA+BbHxNEAKS+e+kd8j8kuymOltoSNtRgAYowGuFeAlA87/PnU/33l8VJbwsZaDAC34/WaBgFpe0zP/fqXHf9dyuOmtoSNtRgAdsONhyeP8vhJqotd/di+O7ou9a3y+KktYWMtBoD9MPR49O7CGgGpsld/X149OLLj31d5HNWWsLEWA8Bhfvj9w9Vvrz9enXx0O2FpKWzP/ft/P17X4ETXne5WHlO1JWysxQBwfzyl8LRCZfL82EraDfP77MURXV/aT3ls1ZawsRYDwHIYFeAmZhiQ7sbcPqNoPu0vqzzOakvYWIsBoA7DgPQtO/36ymOutoSNtRgA6iMMPHp5fvX87YU1AxoKc/oso+U+Y6e/jvI3UFvCxloMAOtjbwGeglhW6OiAesP2vOzS55r9bZS/h9oSNtZiANgeRYRUPlMIZSBQaxjWf3Z8cT3KxWhXdI5rPeXvo7aEjbUYAPLhyYkRAuoHTi+cMlAe7H/ByBVP+G7Ok1P5m6ktYWMtBoD8mDuloJBRAp62mFctf0dpaYxGcb5Ru8J9wv3321D+jmpL2FiLAaBNP/7x4foJjFDASMH78+utCcPfWLoLoZIpKM4nhvLt7NtV/rZqS9hYiwGgL4SCabSAoVqe4MrfXONiFQrnBOfHkzdfhvEJk9G5pDaVv7naEjbWYgAYA9MI3Oy56VOwRSfgqEGfqBvh9+WdFXT0/O5W5I+jPB/UlrCxFgOAqNymkwAdBhgOphNxVUI+LLPjt2Funt+KER9+O9fZC+X5oraEjbUYALQL5oSnkEAFOB3PNJIANzi6H6rrp2PJxjlTEHv44ssx96142lV5bqktYWMtBgAtjeHmKSxg6szAU+vU0aG3ZY5T5fyEAs3595+e1ifR8ZPuozwn1ZawsRYDgDKaVjlEqFKfd6q1cG1Efx9WySur8h6vtoSNtRgAJKkf5T1ebQkbazEASFI/ynu82hI21mIAkKR+lPd4tSVsrMUAIEn9KO/xakvYWIsBQJL6Ud7j1ZawsRYDgCT1o7zHqy1hYy0GAEnqR3mPV1vCxloMAJLUj/Ier7aEjbUYACSpH+U9Xm0JG2sxAEhSP8p7vNoSNtZiAJCkfpT3eLUlbKzFACBJ/Sjv8WpL2FiLAUCS+lHe49WWsLEWA4Ak9aO8x6stYWMtBgBJ6kd5j1dbwsZaDACS1I/yHq+2hI21GAAkqR/lPV5tCRtrMQBIUj/Ke7zaEjbWYgCQpH6U93i1JWysxQAgSf0o7/FqS9hYiwFAkvpR3uPVlrCxFgOAJPWjvMerLWFjLQYASepHeY9XW8LGWgwAktSP8h6vtoSNtRgAJKkf5T1ebQkbazEASFI/ynu82hI21mIAkKR+lPd4tSVsrMUAIEn9KO/xakvYWIsBQJL6Ud7j1ZawsRYDgCT1o7zHqy1hYy0GAEnqR3mPV1vCxloMAJIy+Pd/zkK///fjnZ4dX1wdn35aFP9m9LcmTz+LPm/03dZU3uPVlrCxFgOApCX8/Ofp/zrBhy++7rhfn1z+r2M9+fjP51tPfD/q1duzm2Bx9O4mWPz2+iZE/PrXaXhc91X+bbUlbKzFACDpNlMHRWdFp/X87c3Tdnk/0XKmY/zi/eVXYeHB0e2jDOW/o7aEjbUYAKRx8dRJpzI9kU5P6iM+pbdoCgmEMn4/7uflf6O2hI21GACkvk1D80/e3MyV28FLOYWNtRgApD788vz06tHL8+snwTcfLq/enztEL7UmbKzFACC1h6F7rt3pif7T9QN9fI1LakfYWIsBQMqNzp4CMKrH6ezLa1hSP8LGWgwAUi50+MzXU5B3cd3fx9eupP6EjbUYAKRt2eFLmoSNtRgApHX99OzD9ZC+Hb6kUthYiwFAqo8KfZ7yrcyXdJuwsRYDgFQHQ/tU6bvmXtKuwsZaDADSctimlWr90ws7fUn7CxtrMQBI9/PjH1/m9H3Sl3RfYWMtBgDpMDzt86IWN+GRtJSwsRYDgLQ7n/Yl1RQ21mIAkO7GC3V82pdUW9hYiwFA+j7W7NPxl9eNJNUQNtZiAJC+RcfPO9Z94pe0prCxFgOAdMOOX9KWwsZaDADSydUPv3+43rTHjl/SlsLGWgwAGh3L+azql5RB2FiLAUCjmp76y2tCkrYSNtZiANCIHr44c7vehrw9+3R1fPo1tlz+/b8fv8IeDf/+z9nqHr86/+azvPr78pvP7NsfdZewsRYDgEbCRj4u69vWvEOk4HLqMOlEpw6VfRei3683vDBq+s68LXI6Frwq2tAwprCxFgOARkGn4lx/XdOT+tSxT506r0OOfhPth3oVjicjHRxfRkE43hz38rdQm8LGWgwAGgFPWueXdv73xTGcOvinnzsgOiM6peiYaxtlSHjz4fLq/bkBoRVhYy0GAPWO+X6HUffDEyXD0POn+OjYqi2MxPBbzkcPvDZyCRtrMQCoZ5zf5TmvGxRC8oRIh/Do5fkwc+/6GitiCAbUIRAMnFLYTthYiwFAvXKJ39cYBqYyfRq6pyAyOm7ShOkE+gimfBgtKM8pLS9srMUAoB7RyZXn+kjY0XB6snf4XktiGoFpIUKBtQXLCxtrMQCoNwxll+d575jHZc6eIVyL8rQmpg+osyFsOkpwf2FjLQYA9YRq/xH28+c70uFT6e0SO2VDCGUUjnPUIsP9hI21GADUC97k1/PufuxhwLArT1vR95eyIhBw7roPx93CxloMAOoBw5A9Vi4zj89TvtX56gXnMuc0owO+ffNbYWMtBgD1gKVL5bndKm6MFFkRaqLvKvWEES2uXzfq+iJsrMUAoNYx71+e161h9IKnIqYxou8ojYAVK7yrY+S6gbCxFgOAWscweXlet4D5UCqnHd6XvsVqHvatGG2aIGysxQCglrW45I8hftfmS7thKowpsVaD/r7CxloMAGoVN4ZWNiJhSJMqaJ/2pcNx/VAv0PMUQdhYiwFArWLTm/J8zoZliXxOt92VlkP4p+/qcVlh2FiLAUCtylw1TMfvtSXVxx4D1AqU12CrwsZavEmpRcyhl+dyBgxN8sTvEj5pXUwPUF9TXpOtCRtrMQCoRdne9EelMp/JoX5pWywLbjkIhI21GADUokxb/jL86Pp9KRdGCVt8OVHYWIsBQK3h5TflebwFahDcl1/KjWu0pV0Gw8ZaDABqDZvnlOfx2hhidLhfagPXKstwy+s4o7CxFgOAWrPl2n+K/LxmpDaxYiD70sGwsRZvZmrNVsN5BA/n+qW2sUInWxHxXNhYiwFArSnP4TXwsh6H/NvHzZ/isH25g2N/qA3IuKNg2FiLAUAt4UZcnsO1sQe56/rXR7Hn1AHzzgdqPyZsB0uF99zW20IzMlV+JmpF5p+bNz7Og0X0vbUelgxmWlGEsLEWA4BawhxeeQ7XxKtJ7fyXRYij8+PeQ6fIcOzUYfa4tesueBKdjgHnHMfl6WccJ8756DhqGUzrZXqnSNhYiwFALVnz7X88vUWfQXej05qe2unQ6NiyPWm1ZgoJ06jCNJrg1NT9cQyzvG0wbKzFAKCWcNMrz+Ea6Ky8sd6O40MHxJMqS6zonFpab90TdqLk+LMpFeGA8MUUSvS7KcZIH7U+5bFdW9hYiwFALeHmVp7DS+Nm6rDr1xi2n57oeVLyab4NUzAgoHGv97y+HdMBW5/bYWMtBgC1ZI0AwMt8or89EjoKnuwZbvapvj+EAmovqIR3pOtrnPsEp/nxWlPYWIsBQC2pHQAYAoz+bu+46XFs6RjKY6L+UQTHygpGeQwEJ1ePX61Xa1QKG2sxAKgltQMAN8Do7/aGIX2ufeaMM66F1rYIwowAsUwuOn9GwOhXeVzWEDbWYgBQS2oGAIa6o7/ZC4rCOH6jLrXTYbguGB0Ybd8Cwk95LNYQNtZiAFBLagaAHuf+edK309dSpjAwSjHhFvsDhI21GADUkpoBoKcNf5jDzLKuWX0iVLIst+eaAaYEy+9dW9hYiwFALakVAHoY/udGzLytVftaExXzjAow2hSdl61b+3oKG2sxAKgltQIA1e/R32sBHT/HxWI+bY1dH3t7Y+baI2lhYy0GALWkVgDgCSb6e9lRt+ATvzJhRICNh3qZGuC7lN+xprCxFgOAWlIrADB0Hv29rKjoz7BtqfQ9BFM2GorO35astf34JGysxQCgltQKAC1dB4SVLXcqk/bR+hs1Wf5YfqeawsZaDABqyegBgJtp+dml7JhHbzUEGACkJEYOAHb+almrIcAAICUxagDYcm9yaSktFtsaAKQkRgwAPDVZ6a9etPZ+AQOAlMSIAYClfuXnlVrFS3ai8zwrA4CUxIgBgDf2lZ9XatXpRVu7bhoApCRGDABbvJBEqik6z7MyAEhJjBgAtnovuVSDIwC3CxtrMQCoJdYASG2zBuB2YWMtBgC1ZMQAwMtVXAWgXtChRud5VgYAKYkRAwD4fOVnllrDZlbR+Z2ZAUBKYtQAAHcCVMsoZm3xDYEGACmJkQMADAFqUaudPwwAUhKjBwA8O173/eTSfbCPRaudPwwAUhIGgC8eHJ1dnXy0MFB5XXy6uq5dic7flhgApCQMADd4qnr+9uLq03UOiL+XtAWW+rF6JTpvW2MAkJIwAHzr5z9PrQ1QCsenn65ae9nPXQwAUhIGgO+bgoAjAlob7/qno4zOy9YZAKQkDAB3Y2rgt9cfr9hytfye0lKY46cgleAZnYe9MABISRgA9vPwxdn1qAA36/n3lQ7F/D7Xyw+/9zHHfxcDgJSEAeBwj16eX79a2CkC7Yu5fUaVWl7OdygDgJSEAeD+eHIjDBy9u3CaQCFGjAiLXBe9VPMfygAgJWEAWB5zuDzdMbTrVMG43p59up7TZ4+J6DwZlQFASsIAUN8vz0+vn/wYIWAL1/JYqX28XZLA9/Tz9UQHF50H+sIAICVhAFgfUwbcBOksKCg0FLSFaR6W6XHtMPXTe9X+0gwAUhIGgDwYKua4MWxMkZj1BNuiuJPfgZA2PdmPWLS3NAOAlIQBID9umI9fnV//Vjx50im58mA5zNVzTAleT97Y0ddmAJCSMAC0jW1iuaFSdMhvydMqnRnK32REvOCJYzEN2YPjhVHW3WdjAJCSMAD0j2VnU6fHUPbUEfLioyksIPvbEKch+QnL6qbvAubj+Y697Z3fGwOAlAQ3zvIcXoLXQV8YEp9CxF3mIaPsnO9i590/fufyflFT2FiLNz61xAAgaU0GACkJA4CkNRkApCQMAJLWZACQkjAASFqTAUBKwgAgaU0GACkJA4CkNRkApCQMAJLWZACQkjAASFqTAUBKwgAgaU0GACkJA4CkNRkApCQMAJLWZACQkjAASFqTAUBKwgAgaU0GACkJA4CkNRkApCQMAJLWZACQkjAASFqTAUBKwgAgaU0GACkJA4CkNRkApCQMAJLWZACQkjAASFqTAUBKwgAgteXhi7OrH//4EP5vLTAASEkYAKR2cL0+efMx/N9aYQCQkjAASPn98PuHq9cnl1fvzz+F/3tLDABSEgYAKbef/zy97vi5rh4cnYX/TUsMAFISBgApLzr888t/Pl9SV/968f4y/G9aYwCQkjAASDk9fnV+9em677/618Wnq6ufnrVb+DdnAJCSMABI+Tx/e/H5Mrq5nn573Xbh35wBQErCACDlwfI+iv3m11IPhX9zBgApCQOAlMO82G/u179Ow/++VQYAKQkDgLQ9iv2Y559fQzh6dxH+9y0zAEhJGACkbXGtTMV+c1T/91L4N2cAkJIwAEjbKYv95noq/JszAEhJGACk9VHs9+bD18V+c70V/s0ZAKQkDADSuij2O/n4ZXOf7+mt8G/OACAlYQCQ1kPnFxX7zTEtEP1/e2EAkJIwAEjrYE4/Kvabo/Cv5Vf97sIAICVhAJDqYzlfeY1ERrhuDABSEgYAqR6e5o9Pv93cJ/L2rN/CvzkDgJSEAUCq45fndxf7zfVc+DdnAJCSMABIy6OTu6vYb673wr85A4CUhAFAWtaTN/tdUxT+/fB734V/cwYAKQkDgLQMOvFdi/3meO9/9O/1ygAgJWEAkO5vn2K/Of4/0b/XMwOAlIQBQLofiv1OL3Yv9puwJ8AohX9zBgApCQOAdLhHL8/3KvabG6nwb84AICVhAJAOs2+x39xohX9zBgApCQOAtB867hfvv/8mv12MVvg3ZwCQkjAASLuj2I8d+8rzfR+8Bjj6t0dhAJCSMABIu6Fg75BivzkK/ygajP79URgApCQMANLdKPa7601+u3h2PGbh35wBQErCACDd7ulC18jIhX9zBgApCQOAFKOzfvX3/Yr95hhFiP7OaAwAUhIGAOlbPz27f7Hf3OiFf3MGACkJA4D0NYr9GK4vz+lDUTvw859jF/7NGQCkJAwA0g3W5y9R7DfHNRb9rVEZAKQkDADSFzWuBZYNWvj3NQOAlIQBQKNbuthvzsK/bxkApCQMABoZc/Pvz5cr9pt7fWLhX8QAICVhANCoHhydLVrsN2fh3/cZAKQkDAAaUY1ivzmuq+jvygAgpWEA0GjYjrc8X5d08tHCv9sYAKQkDAAaBZ0y8/Llubq0hy/Owr+vLwwAUhIGAI2gZrHfnIV/dzMASEkYANQ7iv0urvv++FxdCjUFbCEcfQbdMABISRgA1DPOw5rFfnO8NTD6DPqaAUBKwgCgXj1/W7fYb87Cv90ZAKQkDADqzY9/rFPsN0enFn0WfcsAICVhAFBPKPbjabw8H2tiG+HosyhmAJCSMACoF3QsaxT7zVn4tz8DgJSEAUA9+O31x9WK/eaevLHwb18GACkJA4Bat2ax3xz7Clj4tz8DgJSEAUCtotjv+LT+5j7fQ0cWfS7dzgAgJWEAUIt+eb5+sd+chX+HMwBISRgA1Bo6kLWL/eb42xb+Hc4AICVhAFBLKPYrz7W1Wfh3PwYAKQkDgFpAsd3Ru22K/eYo/Is+n3ZnAJCSMAAou62L/eZ4sVD0GbU7A4CUhAFAmVHsd3qxXbHf3Iv3Fv4twQAgJWEAUFYPX2xb7Ddn4d9yDABSEgYAZUShXXlObYniw+hzan8GACkJA4AyodiPofbyfNqShX/LMgBISRgAlAXFfm/PchT7zf3612n4eXUYA4CUhAFAGdDJZin2m2PpYfR5dTgDgJSEAUBbe/TyPE2x39z55T8W/lVgAJCSMABoS08rnX9LsPCvDgOAlIQBQFug2I8X6pTnTRYW/tVjAJCSMABobQyrZyz2m7Pwrx4DgJSEAUBrylrsN/f8rYV/NRkApCQMAFrL41fnV5+u+/74nMmAwj+WI0afX8swAEhJGAC0hlrn2dI8b+szAEhJGABUU/ZivznqEqLvoGUZAKQkDACqhWI/qunLcyMrC//WYQCQkjAAqAY6U+bTy/MiKwv/1mMAkJIwAGhpLRT7zRFUmKqIvouWZwCQkjAAaEnPji8+//zxOZEVgSX6LqrDACAlYQDQEniCfn3SRrHf3PGphX9rMwBISRgAdF8//3naVLHfhGkKC//WZwCQkjAA6D4eHJ01Vew3Z+HfNgwAUhIGAB2K37ilYr85C/+2YwCQkjAA6BA8PZe/eUss/NuOAUBKwgCgfbBPfovFfnNvPlyG303rMABISRgAtKtWi/3mmLL45bmFf1syAEhJGAC0C27aF9d9f/x7t4J9CqLvp/UYAKQkDAC6y2+vPzZb7Ddn4V8OBgApCQOAbtN6sd/co5eekxkYAKQkDACKUOxHsVz5u7bKwr88DABSEgYAlSiSO/nY5uY+EaYvKGCMvqvWZwCQkjAAaI6bcw/FfnOc49F31TYMAFISBgBNKPYrf8fWnV5Y+JeNAUBKwgAgHL3rp9hvzsK/fAwAUhIGgLFR7McrccvfrwfsWBh9Z23LACAlYQAYF8V+DJGXv10PLPzLywAgJWEAGNPDF/0V+81xXkffW9szAEhJGADG8+RNnd88C5YwWviXlwFASsIAMA46xV6L/eYY3Yi+v3IwAEhJGADGQLHf27M+i/3mLPzLzwAgJWEA6N+vf/Vb7DdH4d9Pzxz6z84AICVhAOgb6+B7Lvabe/r5XI6OgXIxAEhJGAD61Xux35yFf+0wAEhJGAD6Q0f46u9+3uS3CzqV6FgoHwOAlIQBoC/MgY9Q7DdH2ImOhXIyAEhJGAD6MUqx35yFf+0xAEhJGAD6QLEfneH8NxgBdQ7R8VBeBgApCQNA+2r9htm9P/9k4V+DDABSEgaAdo1Y7DdHRxIdF+VmAJCSMAC0iXlvnoDL4z6K88t/rs/dHrGfQc8jGwYAKQluOOU5vASvg3oo9qMDLI+52sfv+uCo75ENA4CUhAGgLY9fjVnsNwJGdH7+8zT83XtiAJCSMAC0o9Zvpe3xEqNRChoNAFISBoD86BjoIMpjrD5wDUa/e68MAFISBoDcGBIeudivZ0zlMKUT/e49MwBISRgA8qIYzGK/PvG7UswZ/e69MwBISRgAcrLYr1+M6Iy8fbEBQErCAJDP87cXnw9hfFzVNjZuGn33QgOAlIQBII8f/7DYr2ds8BP97qMxAEhJGABysNivX0zl8LKm6HcfkQFASsIAsD2K/S6u+/74WKpdvJ551GK/7zEASEkYALb12+uPFvt16u3Zp+tpneh3H5kBQErCALAdi/369eK9xX7fYwCQkjAArI+nwjcfLPbr1ZM3FvvdxgAgJWEAWBfFficf3dynR9RxWOx3NwOAlIQBYD3c+Cz26xPFfr88t9hvFwYAKQkDwDoo9iuPkfpwfGqx3z4MAFISBoD6jt5Z7NcrfluL/fZjAJCSMADUw1MhT4flsVEfLPY7jAFASsIAUAfzwRb79Yk6Djqx6HfX3QwAUhIGgOU9fGGxX68IdRb73Y8BQErCALAshoXLY6E+WOy3DAOAlIQBYBkUglns1y92bYx+d+3PACAlYQC4P4v9+sV7GljCGf3uOowBQErCAHA/vOmNTWDK76/2WexXhwFASsIAcDi2fbXYr08U+7Ftc/S7634MAFISBoDDWOzXr9cnlxb7VWQAkJIwAOyHYj9e9Vp+X/XBYr/6DABSEgaA3f307MPV2zOL/XpEsZ/37nUYAKQkDAC7sdivX9RxPDiy2G8tBgApCQPA3Sj24wlx/v3Uh/fnnyz2W5kBQErCADA2Ct7K324UfHff5Lc+A4CUhAFgXLyzoPzdRvHs2GK/rRgApCQMAGPiyXfEtxUylfP4lefmlgwAUhIGgDHV+t0zO7/857qYMzoeWo8BQErCADAeit5GK2qk2I9lnNHx0LoMAFISBoDxjFb49+pvi/0yMQBISRgAxsKSxvK36hnnd3QctB0DgJSEAWAcPAWPspkRUxyEneg4aFsGACkJA8A4av3W2RByLPbLywAgJWEAGMMohX+8q8Fiv9wMAFISBoAxvPnQf+GfxX5tMABISRgA+jdC4d+TNxb7tcIAICVhAOgbT8RsgFP+Pr3gTX4W+7XFACAlYQDoG3vel79NLyz2a5MBQErCANCvX573W/h3fPrp6sc/nO9vkQFASsIA0K9eC/+O3l1Y7NcwA4CUhAGgT7zxrvxNemCxX/sMAFISBoD+9Fj4R7Hfwxdn4fdVWwwAUhIGgP48f9tX4d/Jx3+u6xmi76r2GACkJAwAfaEqvqfCP4v9+mMAkJIwAPSFDrP8LVpFsV/0HdU2A4CUhAGgHz0V/v322mK/XhkApCQMAH3opfCPYj86iOg7qg8GACkJA0Afeij8o9iPtxZG30/9MABISRgA2kfhX3n8W8OmRRb7jcEAICVhAGgf78Avj39LGL2Ivpf6ZACQkjAAtI3jXB77VrBc0fNkPAYAKQkDQLsYMm+18I9ivwdHFvuNyAAgJWEAaFerhX/vzz9Z7DcwA4CUhAGgTa0W/r0+sdhvdAYAKQkDQJt4ii6PeXbPji32kwFASsMA0B52ySuPd2YU+7FLYfRdNB4DgJSEAaAtPz1rq/CPz2qxn+YMAFISBoC28IKc8lhnxTQFgSX6HhqXAUBKwgDQjpYK/179fXn9foLoe2hsBgApCQNAO1op/OOcij6/BAOAlIQBoA0tFP5Z7KddGACkJAwA+TGPzs558+ObzenFP9dTFNHnl+YMAFISBoD8Xry//HxI4+OcAS8jsthPuzIASEkYAHJjCV15bDOx2E/7MgBISRgAcstc+Pf087kTfWbpNgYAKQkDQF5P3tT5be6LeoRHL/19dRgDgJSEASCnrIV/FvvpvgwAUhIGgJyYWy+P6dYo9vNNfrovA4CUhAEgn7VvkLtgC2KL/bQEA4CUhAEgFzrZbIV/1CJEn1U6hAFASsIAkEumwj9qEB6+8E1+WpYBQErCAJAHhX9spzs/jluh2O+X5xb7aXkGACkJA0AeWQr/jk8t9lM9BgApCQNADmvfFL+HYr/o80lLMQBISRgAtkfh38nH67H/8FiuhTcORp9PWpIBQErCALA9ttQtj9+aKPbjphx9NmlpBgApCQPAtrYu/GPkwWI/rckAICVhANjW65PtCv/efLi02E+rMwBISRgAtsMa+/K4reX5W4v9tA0DgJSEAWAbWxX+Md1gsZ+2ZACQkjAAbKPWcb8NxX4Pjiz207YMAFISBoD1/fzn6eqFf7xfgL8bfR5pTQYAKQkDwPrWLvzj71nspywMAFISBoB1PXp5/vnwxMesBov9lI0BQErCALAeCv94yU55rGpgiuHxK38D5WMAkJIwAKyn1rEunV/+Y7Gf0jIASEkYANaxVuGfxX7KzgAgJWEAWAe77pXHaGkU+zHNEP19KQsDgJSEAaC+NQr/+B2jvy1lYwCQkjAA1MUTOXPy5fFZisV+ao0BQErCAFDXs+OLz4cjPkb3RbD49S/n+9UWA4CUhAGgHl6zW6vw7+3Zp+tXCUd/V8rMACAlYQCop1bh36u/LfZTuwwAUhIGgDqYly+PyRKefv69or8ntcIAICVhAFhejcI/phJYTRD9PaklXQcAbqjRl5YyMgAsj/33y+NxH2wfbLGfetF1APDlG2qJAWBZdNRLFv5R7Oeb/NSTrgPAi/eX4ZeWMjIALOv49NPnrx8fk31xL7HYT73pOgCwF3f0paWMDADLWbLw78kbpxLVp64DAByyUysMAMtYqvDv4pPFfupb9wHAC1itMAAsY4nCP4r92Dwo+velXnQfAKwDUCsMAPdH4V/5/fdF7YAjhxpB9wGAKmAvZrXAAHB/VOqX338fR+8uLPbTMLoPALCIRy0wANwP37P87vv47bX3CY1liABAQZCpXtkZAA7HKN+hhX8U+3EjjP5dqWdDBAC4KZCyMwAc7tDCv5OPFvtpXMMEAGoBfv7TC115GQAOc2jhn8V+Gt0wAQAUCDkVoKwMAIdhw6/yO9/FEUFpsACAZ8de+MrJALA/CvfK73sbRgIt9pO+GC4A4OELC36UjwFgPz8926/wz2I/6WtDBgBuBL7SU9kYAPbDmv3yu34PxX7WAElfGzIAgCcHbwjKxACwu30K/16fXFrsJwWGDQDwqUCZGAB2t2vhn8V+0vcNHQDASz8MAcrAALCbXQr/KPbrdepDWsrwAQBMB1gToK0ZAO5G4R81PPPvV+J6fnBksZ90FwPA/2eFsLZWKwD0tPSVt3uW32+OqQFH9KTdGAAKvjhIW6kVAF793ccrsXmqL7/bHMV+bvQl7e7xq/u9QGtfYWM23DC9kWhttQIAT8XR32vNbYV/bvAl7Y/rpryWagobM2KFgPOIWlOtAMD0VvT3WsLIXPm9QLEfTzHR/0fS7Rg1K6+pmsLGzEhIjgZoDbUCAFp+4933Cv8s3pXuhwfd8rqqKWzMjqFHRwNUW80A0PJ6eKbkyu/DNUkwiP57SXc79C2a9xE2toKbqDuKqZaaAYCh8hY7zKhK2Rod6f7WHv5H2NgShh0fvXTOUcurGQDQ2goXOvmy8O/p52MU/beSdsfDwPy6WkvY2KLj00/uG6BF1Q4AhNeWnpznhX+MYBi8pWUwmj1dW2sKG1v25sOlhUhaRO0AADbSif52Njyh0Onzmdmu22tMWgbX0nRtrS1s7AHzKS1XWmt7awQAtLA18FT49/bMYj9pKVxLBOrpXrC2sLEnPGG5FakOsVYAIP1nDqtT4R/XksV+0jK4lpi6nu4DWwgbe8MNljkWn1y0j+9tdlMD638zrmjhJsVnc0tuaVlH77aZ958LG3vGUKZ7CGgXa+/LTYV9thDAq34t9pOWtdbo4l3CxhHwVMPcq0Oa+p67XnZTQ7YNdayjkZZ11xs01xQ2joQtTZkesE5AJTri8nxZA0VBno9SXxjdY5Vaeb1vKWwcFT/OwxdOD+gGVe/lebIGQoBP31IfCPTlJloZhI2j4+bLHI1PYWKaqDw/1kLxqjvtSW3joZJNv8rrO4OwUTdIbVRAGwbGRI3IVpt0TBiZcgWL1BaG/DPN90fCRsVYs0lVtDfjsWy1TecctSpW40tt4FrN+tQ/Fzbqbuw0yPCwbyPsH6MAW+7WNccyVgOolBPXZrZCv9uEjdodw8PclFkzbhjoF/N45W+/Fc45alRcwirlwL2fa5KRuvm1ml3YqMNRNU7hli9L6U+2+TyGGAme0WeVVB8hvMWOfxI2ahncoOk0HB3oAxf7VssCb0Ohqq/CltbDvYDi8Bbm+W8TNqoOOg9OGtd3t4sgxy6S5W+bAUWqFgpK9XD999DxT8JG1UdRGaMDFBIaCNrCktAsRYGRaZvr6LNL2h/3aF7es/WS4KWFjVofiZKVBaRLX1aUX/YQAM4p6lGcfpIOw/RtS1X9+wobtT2SJkO6FJgwv2vFdz50rBlrAkoUKPH0YrCU7sZSPoJz9oC/hLBROdHZsCkN87zuTJgDwSz7bl9zTA9wc/P8kW7Q6bPJGw9d5TXTs7BRbZhGCZ4dX1zP+br0cDtM3bQ2P8jQJueNo0saESN4nP9MvZbXxijCRrWNUMCQL4nW5WHroVCohSmBElME03JVw4B6RqfPec7mbb0V9B0ibFR/WCvOSc/wL6HAIeA66EAZkSmPfyu4KU7bXLvlsHpAMGeErsVwXlvYqHFwUXDDp9iQZOyIwTIouMv4/u99cX64d4VaQginTopR0BEK+e4jbJRYQsZUAkWHjhocjifpXjYNoYCQmypB0dEBZULg5j7V85K9GsJG6TY8FU51Bowc0MkREHxKjPFEwnHqbc6RQDCtSnGvAa2F64mXc3FNjVa1v7SwUboPisq4MEnjXKQgIGDkIjOemltaMrgvpjxcpqqlcd0w6sS51cO0WiZho1QbFzIhYT6SgGk0oecRBW5o3Mx6r0Jm6mMKgTyxOW2gu3DNEyA5Z7g39DJ9llXYKGUzjSpgKlqMQsOkhT0RGDbn87f6KtFDUJQ1/X78Tk4djItrlGuXVTNc1y7LW1/YKPVqChFzPI3PA8UuysBxm2m+8nu4AY78pDOFO34HVhxwzBwt6ANTfvyedPSc64wIOYyfR9goSVvjiZBgwBTRtBLF9xnkxNA9vw+/E0GO322kka1WhY2SlNkUDjCNpDDSQic0cqFpDVPnTiHeNGI1HXuH7dsWNkpS6+aFplNImEYSMPKyVebfp+PAtMt0fKjPsHMfR9goSSOhOHHq+MByzalTnEz1CaWog61lehqfm6rmS/PvA4fkVQobJUlSz67+9f8AHXEg066vd7YAAAAASUVORK5CYII=Azure Redis CacheGE.DSParallelLinesfalseAnyAnyfalsefalseSelectFileTableQueueBlobStorage TypeVirtualDynamicb3ece90f-c578-4a48-b4d4-89d97614e0d2ListfalseSelectTrueFalseHTTPS EnforcedVirtualDynamic229f2e53-bc3f-476c-8ac9-57da37efd00fListfalseSelectAllow access from all networksAllow access from selective networksNetwork SecurityVirtualDynamiceb012c7c-9201-40d2-989f-2aad423895a5ListfalseSelectTrueFalseCORS EnabledVirtualDynamicc63455d0-ad77-4b08-aa02-9f8026bb056fListAzure StoragefalseSE.DS.TMCore.AzureStorageLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAIIVJREFUeF7t3SF8HMcVB+DCwsDCwsBCw8DA0MDAwMAAgwCDAoMCgwCDAJMAQ4MAQ4OAgAIDAwMBAwOBAAMTVaP5OZVXz9bs6ebdzuwHvvdzJtLqbud276/Vvdm/XVxcAAA7Ew4CAHMLBwGAuYWDAMDcwkEAYG7hIAAwt3AQAJhbOAgAzC0cBADmFg4CAHMLBwGAuYWDAMDcwkEAYG7hIAAwt3AQAJhbOAgAzC0cBADmFg4CAHMLBwGAuYWDAMDcwkEAYG7hIAAwt3AQAJhbOAgAzC0cBADmFg4CAHMLBwGAuYWDAMDcwkEAYG7hIAAwt3AQAJhbOAgAzC0cBADmFg4CAHMLBwGAuYWDAMDcwkEAYG7h4Oe8fPv+4sHz84v7v729+Prx2cVXPwMwg++fvr06tz99+efl6T5+D2Ae4eDSu/cXV2/6Xz58ffG3H18CMLkvfnp18d2vby7+ePPu8m0gfm9gbOHgdY//+PPiHw9ehS8QAOZXgsCbPy9/EwzeIxhXOFicX4a+b355E74YANiXckXg+WtXA2YSDr4+f+9yPwA3PHxxfvk2cfN9g/HcGCi/+f/z3978AYg9+l0ImMFH/1E+7Fc+CRpNOAAUf7/vzwEz+Og/SvtHNNkAcF35cHj5pfH6ewhj+esf5ROeJdVFEw0AS+WXxg/vIYznr3+UBSCiCQaASPmlUXvguK5KuYzjt38A1vKBwHFdlSf//TOcWAD4nPLB8etvKozjqrj8D8ChSvv4hzcVxnFVtP4BcKhyk7jrbyyM4apY9Q+AQz175e6BI7oqZY3naFIB4DblpnHX31gYQy3BhAJACwFgTLUEEwoALQSAMdUSTCgAtBAAxlRLMKEA0EIAGFMtwYQCQAsBYEy1BBMKAC0EgDHVEkwoALQQAMZUSzChANBCABhTLcGEAkALAWBMtQQTCgAtBIAx1RJMKAC0EADGVEswoQDQQgAYUy3BhAJACwFgTLUEEwoALQSAMdUSTCgAtBAAxlRLMKEA0EIAGFMtwYQCQAsBYEy1BBMKAC0EgDHVEkwoALQQAMZUSzChANBCABhTLcGEAkALAWBMtQQTCgAtBIAx1RJMKAC0EADGVEswoQDQQgAYUy3BhAJACwFgTLUEEwoALQSAMdUSTCgAtBAAxlRLMKEA0EIAGFMtwYQCQAsBYEy1BBMKAC0EgDHVEkwoALQQAMZUSzChANBCABhTLcGEAkALAWBMtQQTCgAtBIAx1RJMKAC0EADGVEswoQDQQgAYUy3BhAJACwFgTLUEEwoALQSAMdUSTCgAtBAAxlRLMKEA0EIAGFMtwYQCQAsBYEy1BBMKAC0EgDHVEkwoALQQAMZUSzChANBCABhTLcGEAkALAWBMtQQTCgAtBIAx1RJMKAC0EADGVEswoQDQQgAYUy3BhAJACwFgTLUEEwoALQSAMdUSTCgAtBAAxlRLMKEA0EIAGFMtwYQCQAsBYEy1BBMKAC0EgDHVEkwoALQQAMZUSzChANBCABhTLcGEAkALAWBMtQQTCgAtBIAx1RJMKAC0EADGVEswoQDQQgAYUy3BhAJACwFgTLUEEwoALQSAMdUSTCgAtBAAxlRLMKEA0EIAGFMtwYQCQAsBYEy1BBMKAC0EgDHVEkwoALQQAMZUSzChANBCABhTLcGEAkALAWBMtQQTCgAtBIAx1RJMKAC0EADGVEswoQDQQgAYUy3BhAJACwFgTLUEE5rhq5/PLu7/9pZbfPfrm3D/tYq2yU1f/PQq3H+3+eaXN+H2+Fg53qP91+Kf/34dbpOP/fDsbbj/ehMAxlRLMKEZygv2+oMh9vz1u3D/tVpuj1h5k4n2322c/NqU4z3afy1KeFhuj5ten78P919vjoEx1RJMaAYBoI0AkEMA6EsA6E8AYI1aggnNIAC0EQByCAB9CQD9CQCsUUswoRkEgDYCQA4BoC8BoD8BgDVqCSY0gwDQRgDIIQD0JQD0JwCwRi3BhGYQANoIADkEgL4EgP4EANaoJZjQDAJAGwEghwDQlwDQnwDAGrUEE5pBAGgjAOQQAPoSAPoTAFijlmBCMwgAbQSAHAJAXwJAfwIAa9QSTGgGAaCNAJBDAOhLAOhPAGCNWoIJzSAAtBEAcggAfQkA/QkArFFLMKEZBIA2AkAOAaAvAaA/AYA1agkmNIMA0EYAyCEA9CUA9CcAsEYtwYRmEADaCAA5BIC+BID+BADWqCWY0AwCQBsBIIcA0JcA0J8AwBq1BBOaQQBoIwDkEAD6EgD6EwBYo5ZgQjMIAG0EgBwCQF8CQH8CAGvUEkxoBgGgjQCQQwDoSwDoTwBgjVqCCc0gALQRAHIIAH0JAP0JAKxRSzChGQSANgJADgGgLwGgPwGANWoJJjSDANBGAMghAPQlAPQnALBGLcGEZhAA2ggAOQSAvgSA/gQA1qglmNAMAkAbASCHANCXANCfAMAatQQTmkEAaCMA5BAA+hIA+hMAWKOWYEIzCABtBIAcAkBfAkB/AgBr1BJMaAYBoI0AkEMA6EsA6E8AYI1aggnNIAC0EQByCAB9CQD9CQCsUUswoRkEgDYCQA4BoC8BoD8BgDVqCSY0gwDQRgDIIQD0JQD0JwCwRi3BhGYQANoIADkEgL4EgP4EANaoJZjQDAJAGwEghwDQlwDQnwDAGrUEE5pBAGgjAOQQAPoSAPoTAFijlmBCMwgAbQSAHAJAXwJAfwIAa9QSTGgGAaCNAJBDAOhLAOhPAGCNWoIJzSAAtBEAcggAfQkA/QkArFFLMKEZBIA2AkAOAaAvAaA/AYA1agkmNIMA0EYAyCEA9CUA9CcAsEYtwYRmEADaCAA5BIC+BID+BADWqCWY0AwCQBsBIIcA0JcA0J8AwBq1BBOaQQBoIwDkEAD6EgD6EwBYo5ZgQjMIAG0EgBwCQF8CQH8CAGvUEkxoBgGgjQCQQwDoSwDoTwBgjVqCCc0gALQRAHIIAH0JAP0JAKxRSzChGQSANgJADgGgLwGgPwGANWoJJjRDOeGWA5vP+9d/Dntj+iDaJjf9/f6rcP/d5suHXsctDg1YxRc/vQq3ycfuPToL919vAsCYagkmFABaCABjqiWYUABoIQCMqZZgQgGghQAwplqCCQWAFgLAmGoJJhQAWggAY6olmFAAaCEAjKmWYEIBoIUAMKZaggkFgBYCwJhqCSYUAFoIAGOqJZhQAGghAIyplmBCAaCFADCmWoIJBYAWAsCYagkmFABaCABjqiWY0Azl7lXlFqF83ne/vgn3X6tom9xU7jgX7b/bfPPLm3B7fKwc79H+a1HuJBhtk4/98OzwWy7fhQAwplqCCc1QXrDXHwyx56/fhfuv1XJ7xA69Xa2TX5tyvEf7r0UJD8vtcdPr8/fh/uvNMTCmWoIJzSAAtBEAcggAfQkA/QkArFFLMKEZBIA2AkAOAaAvAaA/AYA1agkmNIMA0EYAyCEA9CUA9CcAsEYtwYRmEADaCAA5BIC+BID+BADWqCWY0AwCQBsBIIcA0JcA0J8AwBq1BBOaQQBoIwDkEAD6EgD6EwBYo5ZgQjMIAG0EgBwCQF8CQH8CAGvUEkxoBgGgjQCQQwDoSwDoTwBgjVqCCc0gALQRAHIIAH0JAP0JAKxRSzChGQSANgJADgGgLwGgPwGANWoJJjSDANBGAMghAPQlAPQnALBGLcGEZhAA2ggAOQSAvgSA/gQA1qglmNAMAkAbASCHANCXANCfAMAatQQTmkEAaCMA5BAA+hIA+hMAWKOWYEIzCABtBIAcAkBfAkB/AgBr1BJMaAYBoI0AkEMA6EsA6E8AYI1aggnNIAC0EQByCAB9CQD9CQCsUUswoRkEgDYCQA4BoC8BoD8BgDVqCSY0gwDQRgDIIQD0JQD0JwCwRi3BhGYQANoIADkEgL4EgP4EANaoJZjQDAJAGwEghwDQT3lj+u7XN+H+a/Gv/7y+KMcBn/fkv3+G+6+3Hy/P5dHjyfTi7N3lSy1+/RGrJZjQDAJAm/LijvZfq+X2iAkAfbx7f3Hx5cPD9i2s8fSlY3GNWoIdmUEAaCMA5BAA+nj44jzcb3Bs5UrR8vXHp9US7MgMAkAbASCHAHB8b/58f/H3+6/C/QY9lMC5fB0SqyXYiRkEgDYCQA4B4Pi+fXL43/3hEP948Oqi/Nnp+uuQWC3BTswgALQRAHIIAMdVPpQV7S/o7Ydn3lta1BLswAwCQBsBIIcAcFzl77HR/oLeyp+dyp+flq9JPlZLsAMzCABtBIAcAsDxPPrdB/84rW9+eXP5Uoxfn1S1BDsvgwDQRgDIIQAcR/nNq/wdNtpXkOmPN9YG+Jxagh2XQQBoIwDkEACOo/z9NdpPkO3eIytIfk4twY7LIAC0EQByCAB3V37jivYRnIrFgT6tlmCnZRAA2ggAOQSAuyu/cUX7CE6lHNfaAmO1BDstgwDQRgDIIQDczanWoYfbWBwoVkuwwzIIAG0EgBwCwOHKb1g++MdWffGTtsBILcEOyyAAtBEAcggAhyt3g4v2DWyFxYFuqiXYWRkEgDYCQA4B4DAv31rvn+0rr9HyWl2+fveslmBnZRAA2ggAOQSAw5QFV6L9AltjcaCP1RLsqAwCQBsBIIcAsF5psYr2CWxVOZ8uX8d7VUuwkzIIAG0EgBwCwDrlg3+H7jM4lXKPiuVrea9qCXZSBgGgjQCQQwBY58Fz6/0zpr3/2e6DWoIdlEEAaCMA5BAA2pWWKh/8Y1SlZdXiQALAEASAHAJAu2+f+OAfYytXsJav672pJdg5GQSANgJADgGgzV1fj7AF5QrW3hcHqiXYORnKCfern8+4RfnQSrT/WkXb5KZDL2l/+XBfr2Mr/jGL75/u+5fQWoIdAwCzK3ewvP6muCe1BDsFAGb39eOzy7fB+A1ydrUEOwUA9qAsaHX9jXEvagl2CADswV4XB6ol2CEAsBcPX+yvLbCWYGcAwF7scXGgWoKdAQB78sOzfbUF1hLsCADYk70tDlRLsCMAYG+++eXN5dti/IY5m1qCnQAAe7SXxYFqCXYAAOzRvUf7WByolmAHAMBe7WFxoFqCJw8Ae1VuVjd7W2AtwZMHgD2bfXGgWoInnqHcWvT+b2+5xXe/vgn3X6tom9z0xU+H3ea2fGo42t5ofrwUPT/Yq3JOmLktsJbgiWcoJ53rD4bY89fvwv3Xark9YuWSX7T/bvP4jzn+Vlh+24meH+zZzIsD1RI86QwCQBsBIMeeA0D5LefQKyAws7I40Mu3c14FqCV40hkEgDYCQI49B4DyW0703IB5FweqJXjCGQSANgJAjr0GgLLoSfktJ3puQFXOw8tjZ3S1BE82gwDQRgDIsdcAUH67iZ4X8H//+s/ry8MlPoZGVUvwZDMIAG0EgBx7DABlsZPoOQE3zfDnvutqCZ5oBgGgjQCQY28BoCxyUn6riZ4TcNM/HryaanGgWoInmkEAaCMA5NhbAND2B+vN9L5VS/AkMwgAbQSAHHsKAOfvLq5+m4meD/Bp5QOzsywOVEvwJDMIAG0EgBx7CgDa/uBw3z+d472rluAJZhAA2ggAOfYSAMqiJtr+4G5K++zy2BpNLcGTyyAAtBEAcuwlAGj7g7v7+vHZ5eEUH2OjqCV4chkEgDYCQI49BIC7vpaA/ytttMtjbCS1BE8sgwDQRgDIsYcAoO0PjqccTyO3BdYSPLEMAkAbASDH7AHg0e/a/uDYSjvt8lgbRS3Bk8ogALQRAHLMHADKbyna/uD4Rl4cqJbgSWUQANoIADlmDgDa/qCfcnwtj7kR1BI8oQwCQBsBIMesAaAsWqLtD/oZdXGgWoInlEEAaCMA5Jg1AGj7g/7KcbY89rauluDJZBAA2ggAOWYMAC/O7vbaAdqNtjhQLcETySAAtBEAcswYALT9QZ5yvC2PwS2rJXgiGQSANgJAjtkCQHlc0eMF+hlpcaBagieRQQBoIwDkmCkAaPuD0yjnkVHaAmsJnkQGAaCNAJBjpgBQjq3osQL9jbI4UC3BE8ggALQRAHLMEgC0/cFpffHTGG2BtQRPIIMA0EYAyDFLAPj2ibY/OLURFgeqJXjwGQSANgJAjhkCQGlDih4jkKtchdt6W2AtwYPPIAC0EQByzBAA7j06Cx8jkG/riwPVEjzwDAJAGwEgx+gBoLQfRY8POJ1y/l4eq1tRS/CgMwgAbQSAHCMHAG1/sE1bXhyoluBBZxAA2ggAOUYOAA+eu9c/bNWW/kx4XS3BA84gALQRAHKMGgC0/cG2latzW1wcqJbgAWcQANoIADlGDQDfP7XoD2zdFt/vagkebAYBoI0AkGPEAKDtD8ZQrtJtbXGgWoIHm0EAaCMA5BgxAHz1s7Y/GEW5Wrc8hk+pluCBZhAA2ggAOUYLANr+YDxbWhyoluBBZhAA2ggAOUYKAOUDRYc+XuB0vn58dnkIx8d1tlqCB5lBAGgjAOQYKQCUu41FjwXYvnL1bnlMn0ItwQPMIAC0EQByjBIAygeJyt3GoscCbF9ZHGgLbYG1BA8wgwDQRgDIMUoAKHcZix4HMI5yFW95bGerJXhwGQSANgJAjhECgLY/mMMWFgeqJXhwGQSANgJAjhECQLm7WPQYgPGUq3nLYzxTLcEDyyAAtBEAcmw9AGj7g7mcenGgWoIHlkEAaCMA5NhyACiXCssHh6KfD4yrXNVbHu9ZagkeVIZywi0rmfF5dz3xR9vkpkNvqPPlw/6vY2/+MK9TLQ5US/CAAID+SsC//sacpZbgAQEAOU6xOFAtwYMBAHKUP4lntwXWEjwYACBP9uJAtQQPBADIU5b4zmwLrCV4IABArszFgWoJHgQAkKu0I2e1BdYSPAgAIF/W4kC1BA8AADiNZ6/6twXWEvxwAOA0MhYHqiX44QDA6fS+z0gtwQ8GAE7nHw9edV0cqJbgBwMAp9Xzrrm1BD80Q7nLWXlyfN53v74J91+raJvcVBbhiPbfbcondqPtrXHv0Vm4bWDfSltgr8WBagl+aIZy4rv+YIg9f/0u3H+tltsjVtbijvbfbe76d7pycJdLfdG2AcovgcvzxjHUEvzADAJAGwEgx6kCQFn5K9ouwAc9FgeqJfhhGQSANgJAjlMEgHJQR9sEuO7rx2eXp4z4PHKoWoIflkEAaCMA5DhFACifg4m2CbD09OVx2wJrCX5QBgGgjQCQIzsAlIM52h5ApCwOdMy2wFqCH5RBAGgjAOTIDADlIPbBP2Cthy/OL08h8XllrVqCH5JBAGgjAOTIDAA/Xr72o20BfE75xeH86vOA8blljVqCH5JBAGgjAOTICgCvz99f9fZG2wK4TekcWp5XDlFL8AMyCABtBIAcWQGgLBwUbQegxbEWB6ol+AEZBIA2AkCOjABQbvEZbQNgjfKLxPL8slYtwcYzCABtBIAcvQNA+eBf+RRvtA2Ate66OFAtwYYzCABtBIAcvQNA+fRu9P0Ahyi/UCzPM2vUEmw4gwDQRgDI0TMAlL/XHXqzIYBPucviQLUEG80gALQRAHL0DAB3vaMjQKS0BR66OFAtwUYzCABtBIAcvQKA9f6Bng5dHKiWYIMZBIA2AkCOXgHAB/+AnsqfFw9pC6wl2GAGAaCNAJCjRwAo/y/6HoBjOmRxoFqCjWUQANoIADmOHQCs9w9kKYsDrW0LrCXYWAYBoI0AkOPYAaAk8ujrAXpYuzhQLcGGMggAbQSAHMcMAC/fWu8fyFdWG12ejz6llmAjGQSANgJAjmMGAOv9A6ewZnGgWoKNZBAA2ggAOY4VAMrCHNHXAWT41J8ll2oJNpBBAGgjAOQ4RgAoH/w7dDsAx9C6OFAtwQYyCABtBIAcxwgAD55b7x84vZb311qCb84gALQRAHLcNQCUhTh88A/YgnIuum1xoFqCb84gALQRAHLcNQB8+8QH/4DtKPcg+XB+i9QSfGMGAaCNAJDjLgHgxdnd5gigh88tDlRL8E0ZBIA2AkCOuwQA6/0DW/T147PL01t8zqsl+KYMAkAbASDHoQHg3qOzcBxgC0pr8vJ8V9QSfEMGAaCNAJDj0AAAsGXlCmXUFlhL8A0ZBIA2AkAOAQCY1cMX55enuY/PebUEX5xBAGgjAOQQAIBZlcWBzq8+D/j/c14twRdnEADaCAA5BABgZuUOpdfPebUEX5hBAGgjAOQQAICZLRcHqiX4wgwCQBsBIIcAAMyu3Kn0wzmvluCLMggAbQSAHAIAsAcfFge6OvFFX5BBAGgjAOQQAIA9KG2B5Zx3deKLviCDANBGAMghAAB7UBYvK+e8qxNf9AUZBIA2AkAOAQDYA38CGIgAkEMAAGZ3/Q6BtQRflEEAaCMA5BAAgJlpAxyQAJBDAABm9uD5x8sB1xJ8YQYBoI0AkEMAAGZVlgJe3hColuCLMwgAbQSAHAIAMKvolsC1BF8MAIzvQ9vfkgAAABP70Pa3JAAAwKSut/0t1RJ8EwAwrmXb31ItwTcCAONatv0t1RJ8IwAwpqjtb6mW4JsBgDFFbX9LtQTfDACM51Ntf0u1BBsAAMbzqba/pVqCDQAAY/n+afsKu7UEGwEAxnFb299SLcGGAIBxPHzx+ba/pVqCDQEAYyg3M7ut7W+plmBjAMAYWtr+lmoJNgYAbN9XP7e1/S1dlS9+ehVuFADYtta2v6Wr8q//vA43CgBs15q2v6Wr8vXjs3DDAMA2rW37W7oqPzx7G24cANimtW1/S1fl+et34cYBgO05pO1v6a9/lFsHRj8EANiWQ9r+lv76x4+/+TMAAGzdoW1/S3/9o1xKcBUAALbt0La/pY/+49Hv5+EPAwBO7y5tf0s3Br598ib8oQDA6ZRF++7S9rd0Y6D8KeDeI+sCAMCW3LXtbykcPH93cfHNL64EAMAWfPnw7m1/S+HgBzoDAOD0jtH2txQOXlc+bVhaDqIHBAD0VZbrX743H0M4GCnpo3xAsKw9HD1AAOD4jtX2txQOfk75G0RZOvjxH39e3P/tLXAEum+ASLlXz/J9+FjCQSCf23ID1x277W8pHATyPXv1Z3gSAPbp2G1/S+EgcBrab4GiR9vfUjgInMbr8/c+aAt0aftbCgeB0ykf+olOCMA+9Gr7WwoHgdNxZ07Yt15tf0vhIHBa7swJ+9Sz7W8pHAROT1sg7Evvtr+lcBA4vRdn78KTBDCn3m1/S+EgsA3aAmEfyhW/3m1/S+EgsA3lcqC2QJhfRtvfUjgIbIfbcsPcypW+5XGfIRwEtkNbIMyrXOHLavtbCgeBbSl334xOHsDYMtv+lsJBYHu0BcJcypW9zLa/pXAQ2J5ymTA6iQBjym77WwoHgW369om2QJjBKdr+lsJBYJu0BcIcTtH2txQOAtt1X1sgDO1UbX9L4SCwXdoCYVynbPtbCgeBbSuXD6OTC7Btp2z7WwoHge279+gsPMEA23Tqtr+lcBDYPm2BMJZTt/0thYPAGL77VVsgjGALbX9L4SAwBm2BMIZnr07f9rcUDgLjKJcVoxMOsA1baftbCgeBcZTLiv/8t/sEwBaVK3Qv327ng3/XhYPAWLQFwjZtqe1vKRwExvPVz9oCYUtK29/51Zo/8TF7auEgMB5tgbAtW2v7WwoHgTF9/9R9AmALStvf8vjcmnAQGFNpC/ziJ22BcGpbbPtbCgeBcWkLhNPaatvfUjgIjKu0BX75UFsgnMKW2/6WwkFgbNoC4TS23Pa3FA4C4/v6sbZAyLT1tr+lcBAYX2kLdJ8AyLP1tr+lcBCYQ7kcGZ2ogOMaoe1vKRwE5lDaAstlyeiEBRzPCG1/S+EgMA9tgdDXKG1/S+EgMI/SFlguT0YnLuBuyudsXp+P0fa3FA4CcymXJ6OTF3A3I7X9LYWDwHzKZcroBAYcpny+plxhu36cjSQcBOZTVifTFgjH8+j3sdr+lsJBYE7aAuE4Rmz7WwoHgTmVVcq0BcLdPX99teRfeJyNIhwE5qUtEO5m1La/pXAQmJu2QDjMyG1/S+EgMLdy+TI6uQGfN3Lb31I4CMxPWyCsM3rb31I4CMyvXMbUFgjtRm/7WwoHgX3QFghtZmj7WwoHgX0olzO1BcLtZmj7WwoHgf14/If7BMDnzNL2txQOAvuiLRBiM7X9LYWDwL68ONMWCJGZ2v6WwkFgf7QFwsdma/tbCgeB/Xnzp7ZAuK58PmZ5nMwkHAT26f5v2gKhmLHtbykcBPZJWyBU5XMxy+NjNuEgsF9P/qstkH2bte1vKRwE9k1bIHtVPgdTPg+zPCZmFA4C+/bHG22B7NOPv83b9rcUDgJ8+0RbIPsye9vfUjgIoC2QvZm97W8pHAQoHjw/D0+UMJs9tP0thYMAhbZA9mIPbX9L4SDAB09fagtkbntp+1sKBwGuu/foLDxxwuj21Pa3FA4CXKctkFntqe1vKRwEWPr+qfsEMJe9tf0thYMAS9oCmc3e2v6WwkGAyMMX2gKZwx7b/pbCQYBIuVz6z3+7TwDjK59rWb6+9yYcBPgUbYGMrixzvXxd71E4CPA5X/2sLZAx7bntbykcBPgcbYGM6v6O2/6WwkGA2/zwTFsgY9l7299SOAhwm3IZ9YuftAUyjif/3Xfb31I4CNBCWyCj0PZ3UzgI0KJcTv3yobZAtk/b303hIEArbYFsnba/WDgIsEa5nWp04oVT0/b3aeEgwBrl8qr7BLBF2v4+LRwEWEtbIFuj7e/zwkGAtcpl1nLCjU7EcAra/j4vHAQ4hLZAtkLb3+3CQYBDlRNvdEKGTNr+bhcOAhzq2SttgZzWd79q+2sRDgLchbZATkXbX7twEOAuXr59ry2Qk3jw/PzyJRi/LvlYOAhwV9oCyabtb51wEOCuzt9daAskVVmWevk65NPCQYBjePS7tkBy3Ht0dvmSi1+HxMJBgGPRFkgGbX/rhYMAwNzCQQBgbuEgADC3cBAAmFs4CADMLRwEAOYWDgIAcwsHAYC5hYMAwNzCQQBgbuEgADC3cBAAmFs4CADMLRwEAOYWDgIAcwsHAYC5hYMAwNzCQQBgbuEgADC3cBAAmFs4CADMLRwEAOYWDgIAcwsHAYC5hYMAwNzCQQBgbuEgADC3cBAAmFs4CADMLRwEAOYWDgIAcwsHAYC5hYMAwNzCQQBgbuEgADC3cBAAmFs4CADM7OJv/wODjlxbDNgpmgAAAABJRU5ErkJggg==Azure StorageGE.DSParallelLinesfalseAnyAnyfalsefalseSelectAzure-RedisGenericCache TechnologiesVirtualDynamic2226af6a-5cfe-4283-a62d-f35d3234336dListfalseSelectAllCache VersionVirtualDynamic250ddabe-ef50-4fe3-9f7d-74881a8c608eListCachefalseSE.DS.TMCore.CacheLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAIxJREFUOE9j+P//PxwzmnrPB+L/BPB5IOaH6SFVMxgzmflcANJgQ0jWDMMwQ8jSDMMgQ0Au0AZiVzKxBcgFWE0nFoMNcM6smoaPxoZhcpS7AIu/SMLDIQxKJswpxoVhikC2YZMHYVAgCuLCMANcs6vDsMmDMMwL9jDFJGCwHrABuhFZPkgSRGGIHu//AJbS3MIG0q+eAAAAAElFTkSuQmCCCacheGE.DSParallelLinesfalseAnyAnyfalsefalseSelectGenericOnPremDatabase TechnologiesVirtualDynamic6047e74b-a4e1-4e5b-873e-3f7d8658d6b3ListfalseSelectAllV12MsSQL2016MsSQL2012MsSQL2014SQL VersionVirtualDynamic0a5c9e0f-f68c-4607-9a1a-a02841f1e9deListfalseSelectYesNoSSIS packages UsedVirtualDynamic649208cc-3b55-40ff-94b9-015c0fb0c9e8ListDatabasefalseSE.DS.TMCore.SQLLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAHCZJREFUeF7t3S2UVEcaBuDIlSsjVkSsWBGxIiJiRcQKZCwyErEiIiIiErEiIgKBQCAwiBErECsQESNWICIQCAQCEREREREzO99wOgzNC8xPz3T3fR/xmDonJ8z9ble9t25V3Y+Ojo4AgDKxEdiu337//ejx4Ys/PHr8/Oi7fx9+0Ff/+u/RF18+vBLf3s7/z9Pu3P/pjX/38xe/Hv85+W8Etis2Apf39NkvfwyEDw6evTFQfv3dj28Mrn//54Ojjz7+fvH+9o/7b/zdcx1OX5cJOqtrNtdv/ZoCmxMbgXf75dfXT+e3f/jfycB165vHfwxqaeDj4v70lx/+uLarWYgJVHP9nzz9+bgkuU7A+8VGaLUa3O89fPrHU+lq8Pn407txgGI3rOq0mlWYGgoJ8G6xEZZuBoaDR6/eq9+89ehk4EiDCsuxev1wOhzMWov1ewNaxEZYgtU7+OnwV+/cPcWz7s9/vXNyb8xrnHmlM/eMxYs0iI2wT6azXj3NT0fesqCOq/f5jYdHX371n5N7a+4xCxNZktgIu2re58707SwGm8F+FoiljhuuympR4tyDsxhRKGBfxUbYBTMV+/3dJydTs/Mkljpj2AVCAfsoNsJ1W72rnwV5s1grdbKwT4QCdl1shKu2GvCng0ydJyzRLDicNQUzs2V7ItsWG2GTZqvVnPC2em+fOkZoJBCwTbERLmMO01kN+N7dw9mdDgReGXDVYiOc12yRmr32tuDB5sy5FbMuZj6yJBCwabERPuTlz7+ddErztGIrHlyPCQTzxccJ3E4x5LJiIySHT16eTOt7yoftm+A9AXzOxZhAvv57hQ+JjTDmXf5sX5onDkfowm6b9TZzlLFXBZxVbKTXdB6zAOnGzYPYyQC775PP7p2syZnttuu/cViJjXSZ6cMZ9B3AA8szOwtmFm9m86wb4LTYyPLN9P68O7QvH3qswsCs51nvE+gTG1muWT0824qs3Idu85pg1gz49HGv2MiyzAlj80EdC/mAZNb8zIygVwRdYiP7b1L9nLU/KT/94AHWeUXQJTayv2aK3wp+4LK8Ili+2Mh+mQV9cyqfp33gKsyBQ7YULk9sZD9MMp93+zNtl360AJs0p4DOWoH1voj9FBvZbfOlvUnk6QcKcNVmQfG8HpjZx/X+if0RG9k9szp3krfDeliZVz5zjsNZzeKuWRj6Iem/fR9bSntN7WcW0jqB/RQb2R2TsKdTNs2/LBPkVgPozOacHoAn6M371tP2rYOd0yXX/4YxT42rv3P+7tU1sEV1/1knsH9iI9s3T/zTSRr498M8Ca0GszmDfWo3xyufHvzssT6bCTurazbH164Cw+xumetrsetum3UCsxtpva7sntjI9swgMQOHJ6LdMSFsBp4ZgFaD0XRwM0CZ+tyemR1bBYXVzMK85phaeVW2fRMEpjbrdWN3xEa2Y6Z+Pd1szwwcq+n4efLUee2/+brlKiB8e/vV+ga/ses113xOI12vDdsXG7le8zTpieV6zMzKdEgzyM/ZCTM4zPvq9ZqwfDMoTf3nXpiFbHNfpHuGzZhwbcZst8RGrsds55tpsvRj4fKmQ5+OfZ7+pqO3ZYmzmFmD+W1OMJhBSzjfrFkjI3TvhtjI1ZoOxtPG5sxT/er9/MymzPVdv+ZwWRMiZ9ZoBrDPb/j9XsYsmp3fq1C+XbGRqzEL/OY9ZPpBcHbT+U4nPO/pTSmyTav1BTNTYOHu+c0C21n0vH5duR6xkc2bKUWLj85vOtXpXFfT+OvXFXbJBNIJpmYJzmdes/gC4fWLjWzOvOuaASzd9Lxtpgbnes1Uq6l89t3M+s1rqVmLYi3Bh802Tq8Frk9sZDNmW5+DfD5snpTm1YgnAJZuZggm3N689Ujf8A5zXXxw6HrERi5nnvp9k//d5lXIPBHNVKm0T7MJvfN6y26gt00farfA1YqNXJyn/mwG/Xkv6kAQyGZ2YBbECQOvmQ24WrGR85t3ffP+Kt3ErQz6cDHCwJvmlYnZws2LjZzPLFbzQ31lVu0b9GFzVmGgfRHh9C3WCW1WbOTs5j22Kf9X7+vmWqxfH2BzZgCcmcbZLZN+hw2cG7A5sZGzmcU76QZtMYl8Vu/PE8r6tQGuzkyHz26C1lmB2SrslcDlxUber/19v6d92B2tswITfpwVcjmxkXeb1Nl6jv90Mp72YTdN3zTn6ze9kpy/1QmhFxcbyWbwa5xyM/DD/mgLAjPzYavgxcRG3jYDYNtZ/gZ+2F9tQWDWI61fA94vNvKmtsF/3vEb+GEZJgi0fIV0HlrW/37eLTbyWtPgP6v656uF69cA2H9zNkfDFwqFgLOLjbwy51C3DP5zeM88KaxfA2BZZh/90l8LCAFnExt5tdWv4XS/+RudrgVdGj5TPh8cW/+7eVNsbDeDf8PX/Oapf/1vB3rMYUKpb1iKOaxt/W/mtdjYbgbGdDMtxWybmR/++t8N9Jl99Et+JeDQsneLjc0OHj2PN9FS+KAGsG5O1FvqGSfzwOOwoCw2tpr3YktOwrMCeP7G9b8bYBYBL/WU03nw0fe9LTa2WvIRv5PurfIH3mfJi59n0eP639suNjaaoyTTTbMEk34d7AOcxZK3P/uU8JtiY5u54WeQTDfMvpv3X975A+cxhwYt8XXo9Ifzt63/va1iY5s5NCLdLEswixrX/16AD5lTQVOfsu9mLdT639oqNjaZNJhukiXwzgu4jKUeFuTrga/ExiZLPg3LVBdwGUt9QLIr4JXY2GJugHknlG6QfefpH9iEpR6M5iTU8gCw5BP/PP0Dm7DUB6X5m2bb4/rf2yQ2NpjCL/XQn9nHu/73AlzUUj8j3L4tMDY2WOoK13Hz1qPjPzH/3QDntdSdUrMWoHkWIDY2WPLWP1/AAjZp+pTU1yzBPAyu/70tYmODpS7+G/b+A5u05I+kzcPg+t/bIjYu3ZL3/g9fvgI2afqU1NcswawFa30NEBuXbsnn/g/f+gc2afqU1NcsRetDU2xcuiVv/xv2twKbtPQ+s3XdVGxcuiV/9nc4BAjYpCWfmDpa+8zYuHRLDwDzKc/1vxngopb6eeCV1j4zNi7d0m/mYScAsAlL3gFw2vrf3SA2Lt1Sv/1/mtMAgU2YviT1MUvTuBMgNi5dKv4SmQUALqPl6X88f/Hr8Z+cr8NSxcalS8Vfoknu7R+7AC5m+o6Wp/8hAJRIxV8q3wUALmL6jtSnLJUAUCIVf8m++/fh8Z+drwXAuukzUl+yZAJAiVT8pXtw8Oz4T8/XA2Bl+orUhyydAFAiFX/p5uNHzV+9Aj5s+oglfyjtfQSAEqn4DeaHPd9BWL8eAPPk3zr4DwGgRCp+E98KAE779nbfO/91AkCJVPw2c/b1L7/aIgjNZqvf0s/5PysBoEQqfqO//eP+0dNnvxxfknydgOWa337TPv8PEQBKpOK3mnd+M/3nwCDoML/1+fxt8/v+RAAokYrfbj6QZJcALNvhk5cnM3+pD2gnAJRIxeeVeR/48uffji9TvnbA/pn1Pl/967/xN88rAkCJVHxe+/Nf75ycHmiRIOy3me7//u6To4YvoF6WAFAiFZ+3CQKwnwz85ycAlEjF590EAdgPBv6LEwBKpOLzYasgYI0A7JYJ5wb+yxEASqTicz7zqVC7BmC7ZlX/LO6zpe/yBIASqfhczGwfnD3FZgXgeszT/p37P9nOt2ECQIlUfC5nnkDmSWSeSNavN3B5c3LfrW8ee9q/IgJAiVR8NmdmBeaDQ0+e/nx8uXMNgA+bQX/W3Xjav3oCQIlUfK6GMADnY9DfDgGgRCo+V08YgMygv30CQIlUfK7XbFeaNQP3Hj61gJA6s5Dv4NHzk3f6E4zTb4TrJQCUSMVnu+azpDM7YGshSzULZOcp//MbD+NvgO0SAEqk4rNbbtw8ODnYxK4C9tW86prtevOBrTlEK93n7A4BoEQqPrvtiy8fHn17+/Bk2tQrA3bNTOnP7NU84c+9aqve/hEASqTis1/mvemcRmiWgG1YPd3POhYL95ZBACiRis/+m3er0yHPyYSPD1/4eBEbMffSDPazRsXT/XIJACVS8Vmm2W0wnfZMzc7rg9lutX4/wJhXSzPYz70ys0uzMDXdUyyTAFAiFZ8uEwpmcdZ09rMV0YxBj3lltHpfP9vw5l6wSA8BoEQqPoyZ3p0BYZ4AZ4B4cPDsJBzMd9bX7yN2VxrkfSqX9xEASqTiw1nM4sPTswdjBpoJCY0dyHWbIDbXeswC0Ln+s+5jamJ/PZchAJRIxYdNmenkGZBOzySM1eLEFa8cXpmn9dU1mdcxq+u1WnQ3rLTnqgkAJVLxYZtWixVXTs8wrMwT7+kAMbb5XYXVornT5pXJ+r97NQW/4kmdXSQAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJVLxAeglAJRIxQeglwBQIhUfgF4CQIlUfAB6CQAlUvEB6CUAlEjFB6CXAFAiFR+AXgJAiVR8AHoJACVS8QHoJQCUSMUHoJcAUCIVH4BeAkCJVHwAegkAJT7+9O5bxQeglwBQ4pPP7sUbAIBOAkCJv//zQbwBAOgkAJT46l//jTcAAJ0EgBLf330SbwAAOgkAJR49fh5vAAA6CQAlfvv996M//eWHeBMA0EcAKHLj5kG8CQDoIwAUuXP/p3gTANBnfYxoEBsbvPz5N68BADj681/vHA8LeaxYstjY4suv/hNvBgB6fH7j4fGQkMeJJYuNLQ6fvIw3AwA9vv7ux+MhIY8TSxYbmzgVEKDbvYdPj4eDPEYsWWxscvDImQAAzWZN2PrY0CA2tpn3P+mmAGDZWt//j9jY5snTn+ONAcCy3f7hf8fDQB4bli42NvKBIIAusxW8dfp/xMZGcxN8/OndeJMAsDw3bz067v7zmNAgNrZ6cPAs3iQALM+8/l0fB5rExmZeBQAs3xwEt97/t4mNzeZLgc4GAFi29qf/ERvbzVehrAcAWKb2d/8rsZGjjx4fvvCxIICFmQ//NK/8Py028sr3d5/EGwiA/dR67G8SG3nt1jeP400EwH6x8O9NsZHXZlGgo4IB9tsnn90z9b8mNvKmX361MwBgX816Lqv+3xYbeduEgC++NBMAsG8ePX5+3I3nvr1ZbCSb1wE3bh7EGwyA3XPn/k/H3Xfu09vFRt5NCADYD19/9+Nxt537cgSAC5kQMKtJ0w0HwPZZ8f9hsZGz8d0AgN0zi7bnQW29z+ZNsZGzc04AwO6YV7SzaHu9r+ZtsZHzmc8IOzYYYLtmVtaT/9nFRs5v9pjOQRPppgTgan17+/C4K879M1ls5GJm2sniQIDrZavfxcRGLue7fx/GmxSAzZlXrwePHPJzUbGRy5uTp+azk+mmBeBypn89fPLyuLvNfTAfFhvZjOcvfvUhIYANm5X+PuxzebGRzbr9w//sEgC4pOlHpz9d72O5mNjI5j199ovZAIAL+ts/7vui34bFRq6O2QCA85kD1+zv37zYyNUyGwDwYbPQz6d8r05s5HqYDQDI5kwVC/2uVmzk+pgNAHht3vV76r8esZHrN4dZOEoYaLVa4e9d//WJjWzP93efHH386d34AwFYopu3Hpnu34LYyHbNNwXmwxbWBwBLNtP9jw9fHHd7uS/kasVGdsMk4vm8ZfrhAOyrWd3vQJ/ti43sljn84osvLRQE9tsM/POxtJnlXO/nuH6xkd00K2P//s8H8YcFsKsM/LspNrLbJgiYEQB23Sxonql+A/9uio3sh1k8M4dlpB8ewLbMwD87mmzp222xkf0yawRmG036IQJcFwP/fomN7KfnL361awC4dnOa6b2HT4+7odw3sZtiI/tttg9+/d2PzhEArsz0L/PAcfjk5XG3k/sidltsZBkmCNy5/9PJYRvpBwxwXquFfU7u23+xkeWZlD5p3awAcBGz8+jBwbPj7iT3Meyf2MhyzXYcswLAWaym+eerpet9CfsvNtLBrACQ3Lh5cLKoz/79ZYuNdDErAMwpo9MPeLffIzbSa84UmB0En3x2L3YSwHJM6J8jemcL8XpfwPLFRhhz0uCtbx6frPpNnQewf+b3PCF/wv76b54usRHWTRiY9QLzUY/UqQC7a2b0Jsz79j6nxUZ4n4NHz4UB2HFzOt/s17eCn3eJjXAWc9737Aue7xDYSQDbNYF8fotW73NWsREuYj5TPO8W7SaA6zG/tfnNmdrnImIjXNasKp4tRfO5YrMDsBnzlD+/qfninpX7XFZshE0zOwDnd3rAt2qfTYuNcJXMDkA2W/TmPf78Pgz4XLXYCNdpOrp5wpmOzwFENDk94Futz3WLjbBNM0MwuwvmlcEcT5o6Ttg3M50/X9Sbk/dmK613+GxbbIRdMtsNZ5XzdJzTgXptwK6be3Tu1W9vG+zZXbERdt3qtcGcbjYdbeqE4TqcHuxn5spUPvsiNsI+mo53nrZmpmA+Z+obBmzaDPRzCubcYzMr5cmefRYbYSnmRLTpqOdI1Om453jU1LHDaQZ6GsRGWLrDJy9Ppmung5+Ofjp8MwZdZseJgZ5msRGaTThYLTqc97ozSNiNsH+mZlO72U0ytZzAZ5CH12IjkM3gMYPI7NueQWX2cM8gM+xOuD6rwX1MHcacNjm1mV0j63UD3hYbgYtbbVscq9cMwsL7zRHRq2szOztW12wWda6upS/cwWbFRgBgyY4++j/BMxlbj3YqvwAAAABJRU5ErkJggg==DatabaseGE.DSParallelLinesfalseAnyAnyfalsefalseSelectYesNoAzure SQL DB SSIS Packages UsedVirtualDynamicd8830a8d-37b8-472e-abcc-0d157857f576ListfalseSelectAllow access from all networksAllow access from AzureAllow access from selected networksAzure SQL DB Firewall SettingsVirtualDynamice68e212d-896e-403e-8a2d-8c6d2b2505dfListfalseSelectTrueFalseAzure SQL DB TDE EnabledVirtualDynamic3a2a095f-94bc-467f-987c-8dac8307cdc6ListfalseSelectTrueFalseAzure SQL DB Auditing EnabledVirtualDynamic6a3509e5-a3fd-41db-8dea-6fb44b031e4bListfalseSelectTrueFalseVulnerability Assessment EnabledVirtualDynamic212cf67e-047a-4617-860f-92282e04b8d8ListServer based TDS service for highly available, globally distributed appsfalseSE.DS.TMCore.AzureSQLDBLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAOc5JREFUeF7t3S3UHFW6t/GRRx6JfCVyJBI5ciwSiRyJGHFExBERIyIQiBExiEjEEcgIBAIRgYiIiIiIQCAwebmerJp0Nnf37l27qvZHXeK31qx7SD39UV31r/35l3fv3kmSpJMJi9IRfnj527vF97/8+u6f//fmqq+evXn3+TevdvHF09fh31w8e/Hrf14n0vchSSMKi1KJ56/e3xi//enjm3h6o/3L1y+m89//88tH7/HL7z4OEwQbPpvXv/7+x0cVf36S1EJYlPDbH/es5an38fO3Dzc0bnDc6D57MucNfW+fPHofGP727StDgqSmwqLOg6d3mrgvb+6fPn4Z3rx0jDQkPPnx7UNAIJBdfneSVCMsai4v3vz+cAN59MPbd//4/n3TPDeZ6Oajvi1dDnyPtMrYciBprbCoMfE0z9MiT43cJP76L5/kz+K//vk+GCxjEAgGL98aDCRdFxbVv+Vmz+h4++N1zRIMvv4jFDz9+dd3tAal55KkcwqL6gtPczT38nTnU71qLd0ItBQw/sOWAumcwqLa4QmNJ3tv9jqSoUA6n7Co4yw3fBajcWCeevL//vflQxcTXQcONJTmExa1H2/4GhXTQ5l9QAvB24cFEeNzXNIYwqK24w1fs2LwKYMLWcgoPe8l9S8sqg5PSDSdesPXmTCGgLUmnGkgjSEsqgz9o6yD//d/v36YdhVdHKUzYfwA3QVMV01/L5L6EBaVx1MOTzvOwZduoyWMFjG7CqS+hEXFuIDxVMPTTXShk3Qb0w2Z4srMAvc2kNoKi/qAJkyeXrhwRRc0SevQXUa3Gd1nhgHpeGHx7FgEheZ9d8WTjkEYoGWAVS/T36OkfYTFM+IJhCcRtmCNLlCSjkEXGwHc1QilfYXFM+GJgycPR+9L/SGQ20Ug7SMszo5pe6x57mA+aQyMwWEsjtMKpe2ExVkxdc+nfWlsjM1hdU1bBaQ6YXE2rMzHKmXRxUTSmFhfgJY89yWQ1gmLM+DpgKcEm/mludGiR/eAgwalMmFxZPTvs0GJ8/bHRPMurTWX2EiJJ709MR89/btOAx0P58pPrx0nIN0jLI6IGz/9+9FFQcehWfbyJnp5k6UrhlkXi1H7cC/fA+/p8j1evnc3g2qHz5/vJv3uJH0QFkdC/x/L8zqwb3/LjY3Pm5sdy7lyE3T3tzw+Iz4rPjM+O1qpls8z+qy1jb/+66VBQLoiLI6Ap0cupDb1b2dpfudzffz87cMNy+bU4/BZ85kzdmVpTeAGFn1XKsNn6bksfSws9owbPzcnm1fXWZrol6d4n+DHsLQgsEIe3x3fob+BcowRoLsw/XylMwqLvWJFMEf134+tihkXwU2Dm4fTpebDd7oEA75rt6fOo7uQLhh/Dzq7sNgbVv+yKfQ6LmhL0z19zDZ1inNgGW/AuWFX2Z/RgkJrYvrZSWcRFnuxDPCLfrxnRisITZn0FXuz1704VzhnaCmwJe0Dxr58/4sDBXU+YbEH/CDt43yPZl2CEKOZ7b/UVjiXOKc4t+w6ePEQjOwW0JmExZb4AZ59Pj9PZ3wGNOF6QdJRONc4587cQsBDh60BOouw2MqZn/rZ9pT+SEfkqxeci5yTnJvROTszWwN0BmHxaGd86mdQFu/ZRUo0Cs5VztmzDCi0NUCzC4tHYoT/WZ76Ga3P4D1v+hrdmcKArQGaVVg8Cv2Nsy/hu9z0ea/uX64ZLWFg5t8yDymst5C+d2lkYfEIs0/vYxAVU658ctBZcK5zzs+6iyIBh/eXvm9pVGFxT1wk2Ho1+oHNgKd9+w11dnTtzdoqwMNL+n6lEYXFvbx8+/uUTwc0D7IUq3P0pY8R+Gfcu4OZEbbuaXRhcQ/0n802YIiLGhc3+/al22bcxIuHGR5q0vcqjSIsbo0m8ZmaAgkyrLHujV8qM1sQ4Frg4ECNKixuiR38Zrn58z648dv0J9VZgsAMrYJcFxz3oxGFxa1w849+MCOiz88+fmlb/KYYOBv95kZiCNCIwuIW+DFEP5TR0FTpwj3SvrhejL7/gCFAowmLtdh2dIamva9t7pcOQ7cAv7notzgKQ4BGEhZr0KQ3Q5L3qV9qgxvoyA8QvHY39dIIwmKNz78Ze+cwmvxpwUjfl6Tj8Bsc+UGC127roXoXFtdihHz0YxjFX//lvF6pF7Qm8puMfqsj4GEofU9ST8LiGsyFjX4Eo+BCY2KX+sK4gJFbFXkoSt+T1IuwWIof6ejNdU7xk/pEMB/5+uJCQepVWCw1ctM/A3bs85f6RtfcqAMDGVfkA4Z6FBZL8MNk1Hx04o/AKTvSGHiSHvVa4w6C6lFYLDHy1r689vT9SOoXN9LotzwCWxrVm7B4L5q1ohN9FP4gpbFwzRm1FeCzJ84KUF/C4r1GTuM+/UtjGvm644BA9SQs3oOR/yP3/T9/5Q9RGhGr7EW/6RH44KGehMV7PP157M1+CDCX70fSOEZ++LDrUb0Ii/cYeQvPTx+//OMtxO9LUv9GXiGQDY/S9yO1EBZzRm/+txlOGtvIDyAsapS+H6mFsJhDE1Z0Yo/iy+8MANLIRt822DFI6kFYzHny49vwpB6F03GksY28/gjcI0A9CIs5I0/DAUuKpu9J0jgYxxP9tkdhN6R6EBZzRk/fcG1uaUyMQYp+0yNxHIB6EBZzRt6ec/HshXsASCPitxv9pkfj9uNqLSzmjN78BqYRpe9LUv9GngJ4iY3U0vcmHSks5oy8N/clWwGksczy9A+XBVZrYTFnlgBgK4A0llme/mEAUGthMWeWAICvnjkdRxrB6HP/UwYAtRYWc2YKAHj8/O0fbyt+r5LaG33tkYgBQK2FxZzZAgAcDyD16ftffh166fFrDABqLSzmzBgAuMBwoUnfq6R2WDKXhbui3+zoDABqLSzmzBgAFjQ1pu9X0vHYcnzGJ/+FAUCthcWcmQMAWOo4fc+SjvPoh/n6/FMGALUWFnNmDwBguWNX6pKOxTK/7NYZ/SZnYwBQa2Ex5wwBAJ88clyAdBR+a2e5tsAAoNbCYs6ZfqT427ev3DxI2gm/rS+enuOp/5IBQK2FxZyzBQAwGIl+yfSzkLQeg25nHeWfYwBQa2Ex54wBYMF7//YnuwWkGqy7MdOyvmsYANRaWMw5cwBY8Bm4eJBUxhv/BwYAtRYWcwwAH3AxMwhIt3nj/zMDgFoLizkGgD/79PHLh0WEnDoovcdvgd8Ev43oN3N2BgC1FhZzDADXMViQecwsYZp+btIZcO7zG5h5Fb8tGADUWljMMQDcx1YBnQUL+DA49rMnr8Lfgv7MAKDWwmKOAaAcKwtygTQMaBbc9Fmvnzn8Pu2XMwCotbCYYwBYjwslF0wunFxALz9XqXfe9LdjAFBrYTHHALCNJQzQMuBKg+oV5ybnqDf9bRkA1FpYzDEA7INpUuxE6P4Dao1zkHPRqXv7MQCotbCYYwDYH09ajBt4/PztuxdvbB3QvjjHONc453zKP4YBQK2FxRwDwPFYL51NidiPwAuHanEOcS5xTp11Lf7W/B2rtbCYYwDoA1OuaKZlUJZjCHQN5wYr8X39f2+cptcRA4BaC4s5BoA+8ST3+TevHi70DNpyMaLz+en1bw+B8J9/nAOcC5888um+VwYAtRYWcwwAY2EgFyO4uSlw0Xn51taC0fFUvzTjs+qeT/bjMQCotbCYYwCYAzcN+oAJBrQYcEFybYJ+8F3wnfDd8B0xQM8b/TwMAGotLOYYAObGKHCaj5dWg2XgoQFhW8sNHnzGfNZ85nz2DsybnwFArYXFHAOA2OeAGxXNz9y4sNzMcOZBiSz3fPlZLJ8PnxWfmXPrBc6N9NyRjhQWcwwAKsFANG58WLocLjH//PKGuUjPu6NEr4XXmL5u3svyvhxsp1KcV+m5Jx0pLOYYANSTpcviFhe3UW8MAGotLOYYACSpjgFArYXFHAOAJNUxAKi1sJhjAJCkOgYAtRYWcwwAklTHAKDWwmKOAUCS6hgA1FpYzDEASFIdA4BaC4s5BgBJqmMAUGthMccAIEl1DABqLSzmGAAkqY4BQK2FxRwDgCTVMQCotbCYYwCQpDoGALUWFnMMAJJUxwCg1sJijgFAkuoYANRaWMwxAEhSHQOAWguLOQYASapjAFBrYTHHACBJdQwAai0s5hgAJKmOAUCthcUcA4Ak1TEAqLWwmGMAkKQ6BgC1FhZzDACSVMcAoNbCYo4BQJLqGADUWljMMQBIUh0DgFoLizkGAEmqYwBQa2ExxwAgSXUMAGotLOYYACSpjgFArYXFHAOAJNUxAKi1sJhjAJCkOgYAtRYWcwwAklTHAKDWwmKOAUCS6hgA1FpYzDEASFIdA4BaC4s5BgBJqmMAUGthMccAIEl1DABqLSzmGAAkqY4BQK2FxRwDgCTVMQCotbCYYwCQpDoGALUWFnMMAJJUxwCg1sJijgFAkuoYANRaWMwxAEhSHQOAWguLOQYASapjAFBrYTHHACBJdQwAai0s5hgAJKmOAUCthcUcA4Ak1TEAqLWwmGMAkKQ6BgC1FhZzDACSVMcAoNbCYo4BQJLqGADUWljMMQBIUh0DgFoLizkGAEmqYwBQa2ExxwAgSXUMAGotLOYYACSpjgFArYXFHAOAJNUxAKi1sJhjAJCkOgYAtRYWcwwAklTHAKDWwmKOAUCS6hgA1FpYzDEASFIdA4BaC4s5BgBJqmMAUGthMccAIEl1DABqLSzmGAAkqY4BQK2FxRwDgCTVMQCotbCYYwCQpDoGALUWFnMMAJJUxwCg1sJijgFAkuoYANRaWMwxAEhSHQOAWguLOQYASapjAFBrYTHHACBJdQwAai0s5hgAJKmOAUCthcUcA4Ak1TEAqLWwmGMAkKQ6BgC1FhZzDACSVMcAoNbCYo4BQJLqGADUWljMMQBIUh0DgFoLizkGAEmqYwBQa2ExxwAgSXUMAGotLOYYACSpjgFArYXFHAOAJNUxAKi1sJhjAJCkOgYAtRYWcwwAklTHAKDWwmKOAUCS6hgA1FpYzDEASFIdA4BaC4s5BgBJqmMAUGthMccAIEl1DABqLSzmGAAkqY4BQK2FxRwDgCTVMQCotbCYYwCQpDoGALUWFnMMAJJUxwCg1sJijgFAkuoYANRaWMwxAEhSHQOAWguLOQYASapjAFBrYTHHACBJdQwAai0s5hgAJKmOAUCthcUcA4Ak1TEAqLWwmGMAkKQ6BgC1FhZzDACSVMcAoNbCYo4BQJLqGADUWljMMQBIUh0DgFoLizkGAEmqYwBQa2ExxwCw3n/985d3n3/z6t0//+/Nfzx78evDxWDx9uG68PFn/vrX3z/6b57+/OvDv/3yu9cPx/vk0S/h35vZX//18uG9/+P7+HPkM1s+v59ef6jjyY9vH/7N3//9/vOLji/tifNwOT+lFsJijgHgfp8+fvlwk+aGw00o/Sy39vzVb+++/+V9OPjbt3MFgyU47XXh5LN7/Pztuy+evn432jnOOcZncwRCU/QaVMYAoNbCYo4B4LbPnrx69+1Pv7777eEBNP4Mj8STMKGAJ2UCSfSae0RrCTc2nuzT93QEAttXz94MEaKOvJlwbkevQWUMAGotLOYYAP6Mz+TrP56OXr790OzcK14jLRK9fo88YdLF0UuAAgGq564CA8B4DABqLSzmGAA+oJmdm0P6GY2gtxsaT/tHdJPU4KLdYxAwAIzHAKDWwmKOAeDFQ7MwT6npZzOSXm5k3PhHaDm5ROhjEGL0flowAIzHAKDWwmLO2QMAfenRSP3RtA4AjJVg4F36ukbC+IQegoABYDwGALUWFnPOGgBmuGFdahUA/vt/fnkYJJm+npExpoJBi9H7PYIBYDwGALUWFnPOGADo6+9pUNoWWgQAQtTl/PyZMH6h1SwLA8B4DABqLSzmnC0AzHjzx9EBgK6TGT/HS3QNsY5A9P73ZAAYjwFArYXFnDMFgFlv/jgqANA0PvqAyVKEneiz2IsBYDwGALUWFnPOEgBmvvnjiADAzX/UaZK1WDUv+kz2YAAYjwFArYXFnDMEAN7j7M3VeweAM9/8F0fdLA0A4zEAqLWwmHOGAHCGH+eeAcCb/wesEBl9RlsyAIzHAKDWwmLO7AGAhWnS9zyjPQNAq/X7e0V3UvQ5bcUAMB4DgFoLizkzBwBW+JthkZ977BUAmBOf/q2z45za83djABiPAUCthcWcmQPAmZqt9wgANHenf0fvvXjz+26LBRkAxmMAUGthMWfWAMAiLul7ndnWAYDjpX9DH6NrJPrsahkAxmMAUGthMWfWAMC0rfS9zmzLAMDyvqNt6NPKHoMCDQDjMQCotbCYM2sAoIk2fa8z2zIAcFNIj6/rtt5AyAAwHgOAWguLOTMGANaoT99nC6yTz4WBpmJaJC5R4//DFmFlqwDw93+fY9bElrbuCjAAjMcAoNbCYs6MAeDRD+1GrrPgEEvlrpkqxpMk0xYZeV/aBL9VAGATnPTYytuyFcAAMB4DgFoLizkzBoBWO9Rx097y82Qg41fP3tzVQrBFAPDpf70tWwEMAOMxAKi1sJgzWwBgalb6Ho+w9c0/xRMmLQPX1jXYIgD09vTPRXXpPmGwHa0q/G9aePj/ehuouNUCQQaA8RgA1FpYzJktAPB+0vd4hK0Hgl1DwKGbIL1Z1waAXp7+ae1g9z0WcYpeZ4qbbi/rPfCdRK+xlAFgPAYAtRYWc2YLANwI0/e4N57Ko9eyN97rcuGpDQCtn/7ptql5gqa7pIeZHwSp6PWVMACMxwCg1sJizmwBoMXa/1uPAi/Fzb/me2z99P/81W93P/HfwvoFrS/EW7QCGADGYwBQa2ExZ7YA0GL52q2afltp+fS/9Q2ILhJmYaR/50i1rTEGgPEYANRaWMyZLQC02ryGp8/o9fSu5dM/fffRa6pFCGjZHfD4+dvwdd3LADAeA4BaC4s5BoBtfPG0vu+3hVYD6Gh12GszHTAmgDUZLv/mUZidEL2mexkAxmMAUGthMWe2AMA0sfQ9HoFBbFv0Yx+JVosWN0n+5hHnHbMJ0r99FAJI9JruYQAYjwFArYXFnNkCQMuLPk9+NRf+o7UYMInaJvJ70cLQalEogmj0mu5hABiPAUCthcWc2QJAq5vagqdbXkP02nrTovmfz+fIlpJWgZAbQvR67mEAGI8BQK2FxZzZAkCLdQAi9HFvMSd8Lzwdt2j+P+rpf9GqFaBmbQgDwHgMAGotLObMFgBa3diu6TUItApKLbpIWo0LWbs6pAFgPAYAtRYWc2YLAGg5r/0aFruha2DPke8lWjSN146OX4sbcfpajsBnHL2eHAPAeAwAai0s5swYAGhmTt9nL2gaZqpi68GCrF6Yvra9Hd38f6nFxkF8z9FryTEAjMcAoNbCYs6MAaCXcQA5DMJr1T3Qol+8doW8Gi3Wh+CmEL2WHAPAeAwAai0s5swYANDDxjD34umU5uKjugeY/5++hiO07P5oseLh2i4PA8B4DABqLSzmzBoAWq4HsBZP5UcEgRZ94gSy6LUchS6X9DUdIXotOQaA8RgA1FpYzJk1ADDXvKfZACX2DgItnoZb75iIFufDmt+XAWA8BgC1FhZzZg0AePRDv4MB70EQqNkj/5oWrSN8F9FrOVKL2SFrxj0YAMZjAFBrYTFn5gDAE3SL0d9b4yK95W6DLWZJ9LA6Yottgg0A52AAUGthMWfmAACeoNP3PCKmD251E+Winx5/bz0EgBbve80ukQaA8RgA1FpYzJk9AKDFk99euGDXjg0Y5Ul4ay26hNYEHwPAeAwAai0s5pwhAHDDbLXv/R642NR0CbS4WPUQAFosCWwAOAcDgFoLizlnCADghtnjEsFrMa1u7XdnADiOAeAcDABqLSzmnCUAgKmBMwwKXDAuYM2SwgaA4xgAzsEAoNbCYs6ZAgAIAWzMk34OoyLQlHYHGACO4yDAczAAqLWwmHO2AADGBLRYG34vXHxKBga2uFj1sCVyi+98TfAxAIzHAKDWwmLOGQPAYsTlgq8p2XmuxcXqrNMADQDnYABQa2Ex58wBAKyLP0uXwL03mxZbAX/1bN3e+FtqMRNkze/LADAeA4BaC4s5Zw8AC55QW2yRuyVmOUTvLdXiSZj+9+i1HKnFRdoAcA4GALUWFnMMAB8wmI5lckfdRAj3DDpr0Rfew42mRcBbs2iTAWA8BgC1FhZzDAB/xkwBnlhHbBHgNeduOi3GPrTeDpjzPH1Ne2OaZvRacgwA4zEAqLWwmGMAuI4bKV0D3LzSz61nuVaAFtsBY8sNjUq1eM+MOYheS44BYDwGALUWFnMMAPdhU6FR9hTgdUbvYcHAx/TfHKHlVMAWOyCuHfdgABiPAUCthcUcA0AZnmIZ0d5zqwBjGG51A/Ae0n9zhJYDAVtcoNcGHgPAeAwAai0s5hgA1vvsyasmU+rukesGaLEkcqtxAC36/7G2y8MAMB4DgFoLizkGgHo0qfcWBHLdAK26M1osCdxiG2ACVvRa7mEAGI8BQK2FxRwDwHa4ufVyIWBxo+g1LlqtgpgLJlujK6TFbI6a92kAGI8BQK2FxRwDwPZabDqTyj2BthoIyPgEpllGr2kPrWY81Kx8aAAYjwFArYXFHAPAPrgBpJ/1kbjRRq9rwZMx89Qv/81Rjrrp8B5bjHWoDTkGgPEYANRaWMwxAOyn9Y6DuUFoXPzTf3OUI8YCtHp/a+f/LwwA4zEAqLWwmDNjAKB5u+Wc8wVPgS2XFc59t6xtkP6bo/BkfmuqYq1WTf+4ZznmWwwA4zEAqLWwmDNjAODpkvfGk9iR/c2RVqPtkftuW3YDYK+bDwGw1fvKrcFwDwPAeAwAai0s5swcAMCNoOVe9C2moC3u+W5bd1NsfQNqefPHFrMcDADjMQCotbCYM3sAWDAtjptD9N/vqeWMgOj1pFp3U4Cb5hYtNXRptLz5g9cQvbYSBoDxGADUWljMOUsAWNAtcMQAtEWrLgDmvkevJ9JinfwUN+6v/whLa5rPOYf5XtNjHu2n17fXXriXAWA8BgC1FhZzzhYAFvxgt3hau4WbWas9A1iZMHpNkR5aARYMDiSQ3NNaw0A/AlYvr32rgacGgPEYANRaWMw5awBY8NTGGIE9tqrl4pr+vaMw9iB6Tdf00AqQIgxwYeUmT1cKCDbUWqzud0tJ4Mo58maytIi1wF4a0fsfkQFArYXFnLMHgEuME6AZ+tPH9Z9Jy8F/KH0a7akVYERbji85y80kt1rlSAwAai0s5hgAYlycGCFPN8G9A9RoRaA1gSCRHu9oa1o0WoeWUW359A8DwHgMAGotLOYYAO7DxeqyKfoSzed0JaT/ppW1g9EYs9Bb03rvaDXZosXokgFgPAYAtRYWcwwA8ynt/7/Ueg+D0eyxxoQBYDwGALUWFnMMAHPhibR2Tn3LwYsj2brpf2EAGI8BQK2FxRwDwFzojog+kxJ0BfTUpdEjukr2mDkCA8B4DABqLSzmGADmscXT/4LzovWqej3jHIs+ty0YAMZjAFBrYTHHADCPmr7/SMvdAnvGVNHo89qKAWA8BgC1FhZzDABz4GJauwtdhFkO6d86Mz6P6HPakgFgPAYAtRYWcwwAc9hzWWMGu6V/74y2GF9xDwPAeAwAai0s5hgAxnfEjan1tsGtHblmvgFgPAYAtRYWcwwAY9trKlrkrGsEHL1hjgFgPAYAtRYWcwwA42LJ4T36/W+hq+EsswOYVUHoiT6HPRkAxmMAUGthMccAMCZ2cdtrHnoOS99y8U5f00x4f612qzMAjMcAoNbCYo4BYDxHDUa7hfAx60WvZbiCAWA8BgC1FhZzDADjaNUkfQuvZ5YNhOja2HuO/z0MAOMxAKi1sJhjABgDg/22WuVva4xDYH78qGMDCFa0qrR86r9kABiPAUCthcUcA0DfWJOf9xO9z94QUEabLkiw6u03YAAYjwFArYXFnBkDAL54+nroHyWvnfcQvbfeMUhwhMWDnv587PS+exkAxmMAUGthMWfWALDg/f3j+zdD7G5HUzRP0NxAo/cymhE+e0LA0VMpcwwA4zEAqLWwmDN7ALhEHy/z2Nk0hzn06WfRwos3vz/c9P/+79fd9EHvoecwwGvqaXyFAWA8BgC1FhZzzhQAUjz50b/OyG+eBLkZp5/Plhgkx4WCG/6X373udlDf3pYwwHS7XgIBN6O//quP3wKvg/Nydq3WWdiDAUCthcWcMweAa/hMuEDRB8/o9gU3bn7oOfR/L/+GGz3H6q2ZuTd0e/A5XX7OdIlcnqt7I6DtuamS5sX5mp5P0pHCYo4BQL3iZnx0CEBvay2oneVhgHNiCfXsDbGE/RHGFukcwmKOAUA9IwSk5+wRaIWIXo/mw9ibpfWJ8UHe2DWisJhjAFDv6EZJz9sjtF4SWPtg7AFjUI4Y9yMdJSzmGAA0Ai7Y6bl7BJ4E/Y2MjRv+8mSffr/SLMJijhc3jYIm2vT8PQJ7HfQyQ0B5zK6h1Ygn/LNsXS2FxRwDgEZC33x6Dh+BwYis1RC9JrVHQOMp3757nVVYzDEAaDSMwk7P46P0sFug3uPaRauQ/fiSAUAnwZoKDNBLz+WjEEBc16ENmvd7X15aaiEs5hgANCJuwC0HdfG3nSFwHKbpjbDBlNRKWMwxAGhU3IBbPgnS9OzvZz+EPAbz2cQv5YXFHC9gGhkhgHX80/P6KIwyn2lN+x7QzM+APkfwS/cLizkGAI2Oc7hlCGCGAE+q0WvT/fgeWw7wvBffN11Alx4/f/ufpYIj0T4iTC9Njy2tFRZzDACaAedx6ydGnlqj16bbeOLnBtpi34fIcoPn++TmzaZgjEFgw6ro9W+Bz+ByzwH+vl0fKhEWcwwAmgVzwVuHABafcYbAfei+aX3j53zhZstNl3Ue9rzJr3W5UyYtJC1bu9SvsJhjANBMuFC2fpJ8/soZArfw2XAzaxHWaHYnpNFlw1N39PpGwHWb1gLei10JQljMMQBoNq22Eb7EU5rLB/8ZzelH37BYM4IFnGb+PmglIBAwVdLBk+cUFnMMAJpRqx0EL3EhJoxEr+9suEHR1J5+Rnsg/PFkTNg4a3cMM1MYeGgYOI+wmGMA0Kx4IkrP9xZ4HdHrOwOa+xlMl34me+Dpl+Bn98vHCEIuojS/sJhjANDM6GtOz/kWGOwWvb6ZMahu7+Z+xlsQsEbuzz8KnxGflbML5hQWcwwAmh033/S8b4GnsDM0SfMEvvd8fpr4XYBpPbpk+F3YRTCPsJhjANAZ9LLADEsXz/ybYxbGXk/93Ky4aXnN2g5hjQGSziQYX1jM8ceks+Dm1IMe55rXomVjr75+ZlSwA6B9+/vh++MzNgiMKyzmGAAk1aApfo9+ZW5GZx5A2QJBgIGULjY0nrCYYwCQtBY36K3XXKCpn6fRHsdLLK04NJszwBSsM8AUxxz+u+XfLPj8OF6PrRsGgbGExRwDgKRS3JyZZ55eT2pw4+em2PpmyDWRGQy8luXmnb7WvfC3GODI3172IIhe45EIKQ4W7F9YzDEASCrBdDKm36XXkhoM7msxlY+wcXmz7/VGRxcLgYvX2iIg8TdH2KnxzMJijgFA0r3o799yoBizIo6ezsff44a/dYg5Ep8bgy5ZafLIrhI+O/52+nrUXljMMQBIuseW/f0ch3706O9sjadX+rNpWp+1KZvxBXw/R7UO8N3ZLdCXsJhjAJCUwxNzeu1Yi5vVEc39NJdz00///uyWfRCiz2RLfIdn/Hx7FRZzDACSbtmq75cnRm7K0d/YCjv+0VfufPb3nzefxd5dLHRD+Hm3FxZzDACSIvQtb/WExwC7PZ/6aeJ3jfvrmM5Hs/1eXQQcl5ad9O/qOGExxwAgKbXlBZ3ug+hv1OI1unpdGVoF+D72CgKEjPRv6hhhMccAIOkSN4ctRnpzY96j+ZmWBEbAOwhtPT47PsM9WmX4zg1lxwuLOQYASYutbv60Hmz9lMnxWC9g65UHz4zPco81GPiu7BI4VljMMQBIwlY3/62n9zEWgaZ+n/j3swSBrUMb35uB7RhhMccAIImbbO3Nnwv91tPPmDXgevTHoemeAZXRd7EWXQKGt/2FxRwDgHRu3Pxrm2u5wG/Z38+xjlyDXx/js99y22ruMwa5fYXFHAOAdF5b3PyZfrfVdYTXw+C09G+oDb4LvpPouyrFOeIywvsJizkGAOm8nr2ou/nzpLhVvzFP/c7l7w/dAlst4MS5MvIeDD0LizkGAOmcap+0WSEwOm4pn/rHwKJQW4S9LVqd9GdhMccAIJ0PG8ek14ISW938feofC98Vyy1H32UJQoDbC28rLOYYAKRz+fybV1VTs7a6+W+5u6COw3fGdxd9p6WYepgeX+uExRwDgHQe/N5rpmRtcfP36W8OW3UJbLnT5JmFxRwDgHQOXKxrmtu3uPlzvXEk+Dy26hIwENYLizkGAOkcagZebXHzZyS5C8LMhy6BLRYPqp2RcnZhMccAIM2vZpc2gkPtXHCWhE2Pq7nU7vro7IA6YTHHACDNjZH2awfb0cRb28/rFL/zYFBfdA7ci3PNLqJ1wmKOAUCaFxfUtUuwsgBM7fXBvt3z4TuvaTGqOWfPLCzmGACkea3tV6XFoGZwl82551bbbcR9yRBQJizmGACkOTEwK/2936tm6Vee4FzuVTTl13QfEUBdJ+J+YTHHACDNh53c1l48GbAXHfMePPXZh6tFbQioCbFnExZzDADSfNY+gdNlEB3vHjb7K1IbAhxHcp+wmGMAkOaydp1/+lzXXqi9+euWmjEB/Dv3i8gLizkGAGkenzz6ZdViO3QXMF0wOuY9fEpTTk3rUk2X1lmExRwDgDQP1mdPf+P3qOn39+avez35cf06AY4HuC0s5hgApDkwcj/9fd+j5smsZoVBnVPNioGGzevCYo4BQBof/aQs3JP+vnP4N2v7/f/27as/DhEfV7pl7XbCjge4LizmGACk8a3dV52beHS8HK4bbuyjGp9/s+7cczxALCzmGACksTHwb80FkfEC0fFyfArTFmh94tyNzrEcuhHS451dWMwxAEhjW9MvytP72ouv27ZqKz+8/C08x3IIoS4V/LGwmGMAkMbFcqnpb/oea/tgHfSnra0dFOgYlI+FxRwDgDSuNU/jrBIYHSunZlth6Za14wFsjfogLOYYAKQxcUNOf8853MAZRBUd7xb7/bWnteMB1o5/mVFYzDEASPvjd8ZTziUWNqH5M2f579ML5JpNd5gtcHmMez36Yd0sA+lea8cD2C31XljMMQBI2+Gp/Iun72/sNE/usS0uT0trjsu/40k+et23ED7SY0l7WLMiJee0O1AaAKRD0ZTOYDqm040wInntxdXR1joKzflrugIMqQYAaVeXN3yeptPfUs/WPv279KqOtnZ9irMPCAyLOQYA6TqeLLgJjnbDT9EtEb2/W9ZOMZRqrVmh8uzna1jMMQBIH+M3QR/+LE3f9I9G7zOHQVnpsaQjMONkTYvVmVsBwmKOAUB68bAhDs37ewzaa41dAqP3fMvanQWlrRDCo3PzljO3AoTFHAOAzozzf+Z+7jVP/w78Uw8YELjm/nTWVoCwmGMA0BnNfuNfrHn6Z7ZAehypBW7m0Tl6y5oFsmYQFnMMADoTmgjPMrKdgYvRZ3CLK6upN/xmo3P1ljOuCxAWcwwAOgMuImdrGlwz75+VAtPjSC2taQU44xiWsJhjANDMGNx3xpsaT/G89+gzucanf/XKVoC8sJhjANCsWGu/h/n7XIi+/+XXj9b3Z57zssZ/hP//8r9/8uPbh2l5uOcmvWbNf5/+1StbAfLCYo4BQLPhaaHFdD7mLnOj5obNTXzNrnv34tgs7sMmPYSCtw9v98NrKX1iYuR/egypJ2vO6dEX8CoRFnMMAJrF0c39TJVjQCEtDT38jngNPPWwnkH0/9/iyH/1bk0rwJlatcJijgFAM2DqzxFz12lZ4Aa759P90c72pKRxlbYCnGlKYFjMMQBodDy97jl4jWBBs/6svxWf/jWKNa0AdM2lx5lRWMwxAGhUNPnvNbWP/nCa9+nLj/72TM5ygdT4CPql2wV//Ud4T48zo7CYYwDQiPZq8qcpnAtG6RS6UZ111TSNq3SMC4EhPcaMwmKOAUCj2aPJnzDBcdfsQDYyZi2kn4XUM8bhROfyLUzDTY8zm7CYYwDQSLZexpcbP6P4o781O6f+aVSlg3CZMpseYzZhMccAoBFws9qyv58bH0/80d86izNcFDUn1r+IzulrzhB2w2KOAUC9oz+exW7Sc3ctWhFKBxLN6AzNopoTLXfROX3L7JuAhcUcA4B6xvm51ZrejHY/w6j+e5xlYJTmVfpbpqsvPcZMwmKOAUC9op9vi5H+DBhkZH/0N/bGe+BCtWY9f9BsyX//9Of3ewlwEdsixDCSOv1b0kh4oo/O7Wu416XHmElYzDEAqEes+LVFnx1P/aWrh61FVwVL8bL86BE7kTEamlBBKCgdFLVll4rUAteH0lk7e0wd7kVYzDEAqDeck1v8UHlq3ns+P7v2HXXDzyHs8FpyLQQ2/2sWpa1hM48DCIs5BgD1hBt27c2f5vU9R/jzm6E5vuenCZ6OuNjRIpG+fpv/NQt+h+n5fcvM4wDCYo4BQL2gOa/2SZqbMqvbRcevwWvj4jFi0/kSBpanJZv/NQvO5fS3egv3u/QYswiLOQYA9YAbbO20NMLD1k3+HI/WhFl2y3PXP82E1j7HAbwXFnMMAOoB/fXpuVmC8FB6IbiFfnKaF7cYiChpP44DeC8s5hgA1BoD19LzsgQ/6K1u/hyHVca23mtA0j64fkS/5WtmHQcQFnNKpw9JW2KQWnpOlij98d/CiH6byKWx0PUX/Z6v4Z6XHmMGYTGHi170IUl7o/Wppom9dATwNTT3b7nPgKRjlY79mbGFLyzm0BwSfUDSnmhqZyGb9Hy811Y3fwb42c8vjS2a7noLa2akxxhdWMzZ6kIqlajp96fPPzpmCZ4YfOqX5lC61PeMv/2wmLPFxVQqwajd9Dy8F6P9o2OWYJ2AWacCSWfEktjRb/0aBvqmxxhdWMwpXUhBqkF/+9qBdpyrtaP9afJ3hL80F7oTo9/7NTOuhhkWc7gYbzl/WrplbdPbFov8zDr/Vzo77mPRb/4aWgHTY4wuLN6jdACFtMbaKX8M0qtZr4KAa3+/NLeSB4QZN8QKi/fg4hh9SNJWuAmvbfqvCahcFGqXGJbUv9Jtv2eb/RMW70GfaG3zqnTL2kE3NQv9cE73sE2vpP198bTsQaFmGnKPwuK9GBQRfUhSLVbeWjPwjh/o2vEp3vylcymd0l67/0hvwuK9SkdRSvdas/1sTb8/oWG2dC/pNm7o0fXgGqYOpscYWVgs4bLA2hrNcul5do+1/f7c/O3zl86ndEo7LQbpMUYWFkuwPOLaJlcptXbgX82gVKf6SedkAAiKpUqXVJSuYdGd9PzKYawAU3Si4+XUbissaVw8wEbXhWtmWwwoLJaquQBLl9Yst7s2gK5dY0DSHLjeRNeGa9gILz3GyMLiGq4LoFprbsiM2l/TBVW7rbCk8XENiK4P18z20BAW13JAoGqsmYLHJkHRsW5xxL+kRXSNuKZmU7IehcW1apdf1XmtSdalU3gW9vtLWkTXiGsMABkMqnCFQJVa8/RfuownZtzQQ9J6JQ+t/Lfpvx9ZWKy1xf7rOo81T/9rxpzQ9O9Kf5IuGQB2wIpJ0Qcopdbsurfm6X/NFENJczMA7IQLbvQhSgu6i0rX/F/z9M801TV7C0iamwFgR8ybjD5ICWsW1qAfPzrWLWtaGSTNryQAsElZ+u9HFha3ZkuArimdjkcffnScW+guSI8jSSgJAM4CWKl020XNb02aLt2/Gz79S7qmZCExA0AFNl2JPlSd06Mfyubjs85E6ap/Pv1LuiW6blyzdqfSXoXFPfE0tmbpVs2ndN3/NTNLfPqXdEt03bjGvQA2wDoBLhZ0bmua0koH//n0L+mW0s2A3A1wI3zwa0Zzaw6l+2qXbtsJlgpOjyNJCwYhR9eOa0qvW70Li0dau5WrxvbDy7LR/6WDSOlmct6/pFtK1xQxAOzALoFzWXNzLpmqg9n66iRtr3RcEf99eoyRhcUWXv/6+0O/cPShay6l/f9r5v6XtjBIOp/SlkUeVtNjjCwstlT6hWg8pc1obN8bHeea2ZbrlLSP0pVqS2cu9S4stsYTnwME51X6dM5ugdFxrpmtn07SPkruM3Rdpv9+dGGxF/S3ODZgLmv6/0vPgdlSuqR9lFxbZtsHAGGxJ6z+5oZC8yBxp9/xLaX9/zb/S7pH6RoAtESmxxhdWOwR8zXX7AGvvpQupFHa/+/of0n3KJ0CyKZ26TFGFxZ7xg3BboFx8f2l3+ktf/u2bCwI+02kx5CkFHuRRNeQa2abAoiw2Du6BRjoZRAYT+k0mk8e2f8vaXulO4vONgUQYXEUrB1As4ybC42j5AZN0IuOcY39/5LuVbq42IwPF2FxNAaBMZROoyldp3u2rTol7aN0ACAYX0TLM10BTGXmvpMedzRhcVR8Ic4Y6Ffp7nz050fHucb5/5LuUToA8Bq6KBmnxLWHB5b07/QuLI6OdEcQsEWgL6VP6KUbRbn7n6R70GIcXUNq0a1AGBiluyAszoIWAUZ6lg4k0z64oaff0S2lKwCyZkB6DElKHTGlnD1PaMXseVfSsDgjvgjXEWirdIoeK29Fx7nG7X8l5ZQOLq5FSzQt0j2OGQiLM2PwRun0D22jNACUdOHQypP+e0lKbdX/X4rrGS3S6etpKSyeAX009AO5lsBx+OGl38Mt0TGuKd1iWNI57dX/fy9aNnvZrjwsngnNxgweK+1vVrmSk57vJTrGNYzETY8hSanSrsW90BLdulsgLJ4VXwZL1fZygsymJACUztN1DwBJOWvm/++JFujS5dG3FBb17i8v3rzvInAGwXZKpsYYACRtrXRtkaNwr0lf6xHCoj7GGtCuK1CvJACUrgJYOsVQ0vlwHY+uHz3gtR09kyksKsaXw0A2vigHD5Zj+s3l53kL3QXRMa5xFUBJOb236DKWqeQ6WSss6j7cpGi6Kd1U4qzSz+8WA4CkLbFQ2HK9IAgwc4jB31w76IfnmoPoBrz8f3Qh8N9/9Wy/7mHWqzlqcGBYVDlOLk4MBxBel35mtxgAJG2Jmypju9J6Da77dD9ufd3nobKky3StsKg6fHEkShJm9OWeVckJbQCQNBKub1yHthorRgjYuzsgLGpb3MxIiZ89OXcgKAkAJPXoGNfQJJceQ5KORksD16PoOlWKLor0+FsKi9oPAwmZVcDYgbPtTVDS/EZYiI5xjdMAJfWE690WC8ztuXxwWNRxaOJhZgGJcfbxA7SEpO//Gj6X6BjXlG41LElH4IGvdtZYybWzRFhUO9z4+LLpS2JKyEwLEZWexNExrnEvAEm9ojWg5gGP+0BJF+q9wqL6whdPKwHjCEYeWLjnZkB0p6T/XpJ6wcMdD3XR9esejCHbeqGgsKj+Mf3kyY9vH7oORgkFpWtel6yvwMjb9N9LUm9qdiPcet+AsKgx0cxEfxPdB/SJ9zbIsHS969K0XDLIUJJaoTU3uobl0BWw5SJBYVFzobWA5neCAaNSWw02LJ3SUpqUCT/pMSSpR2tnCJQ+SN0SFnUOBAMG5tGstIQDuhP22uegtJ+e1xUd55qtm8ckaS/0569ppaW7c6tWgLAo4VpAWLvSFc1X6d+4hSf66DjXuBiQpJEwwHvNTK+tWgHConQvAgKWsQfg5CQoIO1uKBnFSp/+5b/NYZRsegxJ6hlbn5c+VG3VChAWpT1wQy+dxlL6w9h77WxJ2lrpeCds0QoQFqVelPaRla41IEmt8TTfohUgLEq9KE3GW/WNSdKR6D6Nrmm3sBZMepwSYVHqBU/00Yl/jSsCShoR3aOlAwIZZ5Uep0RYlHpRuikQHAcgaUSlU59R0w0QFqWelI4DePqz4wAkjYdWgNJ1WL79af31LixKPSkdB8ASwukxJGkELOMeXdeu+fK79Vuhh0WpJ6XjALDVSlmSdCSe6KNr2jVsmpYe415hUeoJzWKlU2QYUZseR5J6xxim0usdKwqmx7lHWJR6U9osVpOKJaklRvdH17Vr1o57CotSb0r3BQBLFKfHkaTelc4GWNviGRalHpXOkS3dfliSesDDS3RNu4YW0vQY9wiLUo/WrJfNjobpcSSpZ6Uboa1dAC0sSj3iZh6d/LfYCiBpNKULoK0d8xQWpV6l2wvnbLFhhiQdrWQmAIsHpf/+HmFR6tWapTLdIEjSaHiqj65n16T//h5hUerVmg0zSNJr58lKUgulUwHTf3+PsCj1bE0rgMsDSxqJAUAKrGkFgJsESRpFySZotHKm//4eYVHq3ZpWAEKDWwVLGkHJQ46zAHQqjOwvXS8bDgiUNILo+nUN3QXpv79HWJRGwPKX0Y8hxyWCJfWMB5zo2nXN2vVOwqI0AsYClE6VAU1rrg0gqVeli559+Z0BQCf07EX5JkFY22QmSXv79qey65qbAem0aP6KfhQ5a380krSn0u3PGRSdHuMeYVEaydoBgXA8gKSe0LXJ0r7R9eqatZuehUVpNI9+KJ8WCH5o7LyVHk+SWijdCnjtPgAIi9JoSM2fPSlbOWvBQEKXCpbUg6+elc1uqtnxNCxKI+JJfm1XAKtuuUiQpNZKZzYxYDA9xr3CojSq0tGzl2hBoCXh8niSdJQ1s5pqWi/DojQy5sRGP5R7sGmQIUDS0dasa7J2CeBFWJRGxg/p08flCwQt7A6QdLQ1+5usXQBoERal0T1/9dvq8QAgQDgwUNIReGhZs8Pp2ul/i7AozWDtKoELmtecIihpb2ue/rdYzTQsSrNY88O6xBxbFwuStJe1s5d4wEmPVSosSjP5euWugZdcNljS1taOV6K7ID3WGmFRmk3p2toRmtzcRVDSVtbOWFq79n8qLEqzIWkzxS/6MZUgedslIKnW2jVL6C7YapZSWJRmtFUIAMndqYKS1vj+l19Xz1KiSzM93lphUZoVIWCL7gAwQLBmGU5J5/P05/U3f2YmcQ27PF6NsCjNrma1wBRLCDtdUFJO7awkWg7SY9YIi9IZbDE74BKhonZhDklz+sf3ddcbWi7TY9YKi9JZPPqhLpFH2J7TgYKSwIqitWOP6G7cYwZSWJTOhGY1fmDRD68G0wbp70v/nqRz4AGjZknyxZMft5n2lwqL0tmQrunLj358tZg6+NWzN44TkE6CvUjYVCy6HpSi9SA9/lbConRWW48LSLHqF2nejYak+bA871azjECI2HLUfyosSme2V5dAiik9DBxkKqGBQBoTLXs8OKzZze8Wrg97rzwaFqWz44e35VTBe/CDZ9wA+w7QSsBAQhcbkvrC75LfJ6P6t2rmT/EAckSXYViU9B6tAdyYox/pURhERDC4RL8gQUHjoYk4/T7VvzWb9qzB7/2oWURhUdIH9MHtPTZAknDkzKGwKOnPWOSHJ4HoRytJNWj2P3r9kLAo6Tp+pAYBSVthLEGLgcBhUVKeQUBSLVYObTXYNyxKuh9BYKtthiWdB4NC0+vJkcKipHI04e0xH1jSXJhRsPXOfmuERUl1+HFvuSKYpPEx0I8tgdPrRSthUdI2WFCIHzz9fFtsCiJpTOwH0tvCXmFR0j5oGaCbYK8VxCT1hfFBTCFOrwU9CIuS9kfrAIt+MBCIi8RRK41J2he/ZVr+9l7Lv1ZYlNQOswrYIChdNtZWA6lfDP5lf4CRtv0Oi5IkaWbv/vL/AWnC3Iq39rQuAAAAAElFTkSuQmCCAzure SQL DatabaseGE.DSParallelLinesfalseAnyAnyfalsefalseSelectAllow access from all networksAllow access from selected networks (including Azure)Allow access from selected networks (excluding Azure)Azure SQL DW DB Firewall SettingsVirtualDynamicb8c8850c-979b-4db0-b536-9aa364b7e6a2ListfalseSelectTrueFalseAzure SQL DW DB TDE EnabledVirtualDynamicd2ce181d-abae-448d-8ef4-9acdbeb839feListfalseSelectTrueFalseAzure SQL DW DB Auditing EnabledVirtualDynamiccd2a18a2-cebd-4b0f-ae4c-964b190e84f2ListCloud-based Enterprise Data WarehousefalseSE.DS.TMCore.AzureSQLDWDBLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRQAAXEUBuS1iLAAALZ9JREFUeF7t3SGc3Mb9N+A/LCwsLCwsLCwsLA0sLCwMCCgIKAgoMCgIKDApCAwICAwICAgwMDAwMDAwMAgoudffu1e9s/a359uVNBpJD3j200yTXc2eRvPd0czo/25ubgCAgykLAYB9KwsBgH0rCwGAfSsLAYB9KwsBgH0rCwGAfSsLAYB9KwvhKJ7//P7mz/9+c/PD618+/GP97wDsUVkIe/fty/c3v//nq5v/+/zF/yQIvHr33w//d/3fAOxJWQh7lV/6f/zX6486/rG/fvP25s17QQDYt7IQ9uanN7/c/sKvOvzKr754efP5d29v3t3eGajfE2DLykLYiwzp/+U/T+/4x37995c3X37/7uaX2wGB+jMAtqgshK3LEP7fvn17+0u+6tgv9ZsvX948+/Hdh7euPw9ga8pC2KoM2X/x3dvbX+5VRz7V7756dfPNi/cfPqr+fICtKAthazJE/9UP725/qVcd99z+8Oz1zfevLB0EtqsshC35+qf3zTr+sT99/fomEwzHxwTQu7IQtiBD8RmSrzrm1j57bg8BYFvKQuhZht4zBF91xGvLxEN7CABbUBZCjzLUniH3quPtSSYgZiKiPQSAnpWF0JMMrWeIvepse5Z5CZmYaA8BoEdlIfQgQ+nZlrfqXLfkt/94dZOJiuP6AaypLIQ1Zeg82/DOtYlPL/LwIXsIAL0oC2ENGSrPtrtLbeLTizyMyOOHgbWVhdBattlday3/WvJwohdvrRgA1lEWQivPf35/e4+86iCPIg8rsnQQaK0shKV9+/L97T3xqkM8osx3yB4Clg4CrZSFsJTc+8498KoT5H4PAUsHgaWVhTC33OvOPe+q0+OUxw8DSysLYS7ZxCf3uKtOjk/L/AhLB4EllIUwVSa15Z723tbyryXzJTx+GJhTWQjXyiS23MPe+1r+tWT+hMcPA3MoC+FSmbSWfe+PtpZ/LZlP4fHDwBRlIVwi+9wffS3/WvKsBHsIANcoC+EpMjntd1/p+NeWeRYePwxcqiyEx2Qy2h+eWcvfm8y78Phh4KnKQqhk8tmfvtbx9y7zMDx+GPiUshAeymSzz55by781uT1jDwHgnLIQYljLX3UubEdu19hDABgrCzm2TCb7/Dub+OxNlg7aQwAYlIUcUyaPffn9O5v47Fy2ZraHAFAWcjx58IxNfI5jePywPQTguMpCjiOTxGzic1zD44ftIQDHUxayf9++fH/7gJmqU+B4MvqTPQTG5wmwX2Uh+/XD619uHyhTdQKQ0aDnP1s6CEdQFrI/L97+93YWeHXRh7GMDmWUaHweAftRFrIfmeSVWd/VRR4+JaNFGTUan1fA9pWFbN+wiY+1/Mwho0cZRRqfZ8B2lYVsV2ZzZ1a3tfwsweOHYT/KQrYnm/hkFre1/Cwto0rZKdLSQdi2spBtyZPfrOWntYwyZedIjx+GbSoL2YZs4mMtP2vLqFN2khyfn0DfykL6lie75Qlv1cUY1pJRKI8fhu0oC+lTnuT2p691/PTN44dhG8pC+pInt3323Fp+tiVh1eOHoV9lIX0Y1vJXF1fYioRXjx+G/pSFrGtYy28TH/bE44ehL2Uh68hyqiyrsokPe5VQ6/HD0IeykPayjMomPhzF8PhhewjAespC2smyKZv4cFQ597OR1bhdAMsrC1lelknZxAfupC3YQwDaKgtZTh6tmkesVhdBOLq0DXsIQBtlIfPLo1TzSNXqogd8zOOHYXllIfPJsqe//EfHD9dI27F0EJZRFjJdljll3bO1/DBN2lDakqWDMK+ykOsNm/hYyw/zSptK27J0EOZRFnK5XJSyrtlafljWsIfAuA0ClykLuUzWMVvLD215/DBMUxbyNLn4WMsP60obtHQQLlcW8rhcbKzlh76kTXr8MDxdWUgtF5c847y6+AB9yB4CHj8Mn1YW8rFcTPJM8+piA/Tpr994/DA8pizkTi4eWX9cXVyA/nn8MJxXFh7dsJbfJj6wD9lDwOOH4WNl4VENa/lt4gP7lD0EPH4Y7pSFR/TsR5v4wFH87it7CEBZeCS5CNjEB47pD888fpjjKguPII3eJj5AZOmgPQQ4mrJwz9LIbeIDVPL4YXsIcBRl4R69ePvf25RfNXqAwfD4YXsIsHdl4Z6kESfVVw0d4Jzh8cP2EGCvysI9SKNNireWH5jC44fZq7Jwy7KWP6ndWn5gTlkt9PxnSwfZj7Jwi4ZNfKzlB5aU1UPfvhQE2L6ycGuys5e1/EBLWU30w2tLB9musnArsomPtfzAmrK6KKuMxtcn6F1Z2Lts4mMtP9ATjx9ma8rCXmUTH2v5gV5l1dHnlg6yEWVhb7Iz12fPdfzANmQV0pffe/wwfSsLe5HhtKzlrxoYQO+yKilPGh1f26AHZeHaMnyWtfw28QH2IKuUPH6Y3pSFaxnW8tvEB9gjjx+mJ2XhGrKW3yY+wBH86evXHj/M6srCljIsZhMf4Igyudnjh1lLWdhChsFs4gPwwuOHWUVZuKQMe9nEB+BjmfTs8cO0VBYuIcNcNvEBeNzw+GF7CLC0snBOGdb6y390/ACXyNyoTI4eX1NhLmXhHDKMlfta1vIDXC9zpewhwBLKwikybJX7WNbyA8wnc6fsIcCcysJr5b6VtfwAy/H4YeZSFl4q96ms5QdoJ3OrLB1kirLwqXJfylp+gHVkjlXmWlk6yDXKwk/JfShr+QH6kDlXmXtl6SCXKAvPySY+1vID9GnYQ2B87YZKWTiWTXys5QfYBo8f5inKwkEmmOT+UnWCAdC3zNGydJBzysJMKMn9JJv4AGxf5mx5/DBjH/1DJpDk/pFNfAD2J3O4PH6Ywf/+R9by28QHYP/++o3HD/P/A4BNfACOJbd43RY4truX4uQAYN9MEDy2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi2u5fixABg3wSAY7t7KU4MAPZNADi225ecBL36/T9flSduS89/fl8eG9C3Hq4fD331w7vyONfy7rb/rzsH9q8s7Mkf//W6bEgtvXr33w+HUh8f0K8erh8PpdMdHyOspSzsiQAAXEsAgPPKwp4IAMC1BAA4ryzsiQAAXEsAgPPKwp4IAMC1BAA4ryzsiQAAXEsAgPPKwp4IAMC1BAA4ryzsiQAAXEsAgPPKwp4IAMC1BAA4ryzsiQAAXEsAgPPKwp4IAMC1BAA4ryzsiQAAXEsAgPPKwp4IAMC1BAA4ryzsiQAAXEsAgPPKwp4IAMC1BAA4ryzsiQAAXEsAgPPKwp4IAMC1BAA4ryzsiQAAXEsAgPPKwp4IAMC1BAA4ryzsiQAAXEsAgPPKwp4IAMC1BAA4ryzsiQAAXEsAgPPKwp4IAPP55UM1cgHasp/euIDydAIAnFcW9kQAmE/qUdVvS3I+jOsF5wgAcF5Z2BMBYD4CAEcjAMB5ZWFPBID5CAAcjQAA55WFPREA5iMAcDQCAJxXFvZEAJiPAMDRCABwXlnYEwFgPgIARyMAwHllYU8EgPkIAByNAADnlYU9EQDmIwBwNAIAnFcW9kQAmI8AwNEIAHBeWdgTAWA+AgBHIwDAeWVhTwSA+QgAHI0AAOeVhT0RAOYjAHA0AgCcVxb2RACYjwDA0QgAcF5Z2BMBYD4CAEcjAMB5ZWFPBID5CAAcjQAA55WFPREA5iMAcDQCAJxXFvZEAJiPAMDRCABwXlnYEwFgPgIARyMAwHllYU8EgPkIAByNAADnlYU9EQDmIwBwNAIAnFcW9kQAmI8AwNEIAHBeWdgTAWA+AgBHIwDAeWVhTwSA+QgAHI0AAOeVhT0RAOYjAHA0AgCcVxb2RACYjwDA0QgAcF5Z2BMBYD4CAEcjAMB5ZWFPBID5CAAcjQAA55WFPREA5iMAcDQCAJxXFvZEAJiPAMDRCABwXlnYEwFgPgIARyMAwHllYU8EgPkIAByNAADnlYU9EQDmIwBwNAIAnFcW9kQAmI8AwNEIAHBeWdgTAWA+AgBHIwDAeWVhTwSA+QgAHI0AAOeVhT0RAOYjAHA0AgCcVxb2RACYjwDA0QgAcF5Z2BMBYD4CAEcjAMB5ZWFPBID5CAAcjQAA55WFPREA5iMAcDQCAJxXFvZEAJiPAMDRCABwXlnYEwFgPgIAR9PD9eN3X726+ct/3tx89cO7m3e3/X99rNBaWdgTAWA+AgBH0/r68ZsvX978+d9vbr747u3tr/1fbi8d9bHB2srCnggA8xEAOJqlrx/5df+3b9/efPPi/c2b9/u4TnAcZWFPBID5CAAczdzXj9/+4244/+ufdPhsX1nYEwFgPgIARzP1+vHrv7+8+ez5m5tnP767efFWh8++lIU9EQDmIwBwNNdcP3If/6/fvL359uX7D29Rvy/sQVnYEwFgPgIAR/PU60fu5X/+3dubn94cd5le6p6Ji5+SCY7n5NZI9d+MmRzZh7KwJwLAfLIEqWq0W5ILzLhecM5j1490+lmat7eh/aEjzwjG0G4ybyHfxeAPz9a/rj6UuRUPj+9PX7/+37HnbzQEB7dh5lUW9iQnQ3XCtLSXAABHM75+/OqLl7ed4Q+vt/lLP8edjjAdY0Yshg4zYeZhPY8gdR7q/zAoCAlPVxb2ZNyA1yAAwDYN1490FpnI1/tGPDm+dGLpzNKpZU+B1CHBZXxd4nHDqELmc+S7zIjIkW/xVMrCnggAwLV6nr2fjj63tIZf8pl8WF1/mN/v//nqfxs2ZQ+HowaDsrAnAgCwZZnwNgzb5972EYfrtyLBIMs+MwKz1dtElygLeyIAAFuSEYf8ss/QczqU6prCdqQPyijNHnd7LAt7IgAAPcvw8Zffv7vtKLJxUHUNYT8ytyCjBAl5W+8bysKeCABAT3I9yMU/nYAOn9zSGZ4HsbX9DcrCnggAwNpycc9F3v17PiV9VkaEtrAcsSzsiQAArCGdfvYM8CufayUwZvJnr2GgLOyJAAC0kOHb5z/fDe0fad19lh/mOntOQlA6sWsNexmcc5TvOnMHMorU05LDsrAnOUGqL7MlAQD2K8u90sntpSMaOtZ0NkMnnGCTpYjR+0z2HN9wrMPyyUGWUaZuW98zIWEgtwnW/luUhT0RAIC5Zce9bBK0tXv6w6/1YXe7oWM/6va3D8NCvo9hU6V0sNX316OMkOTvOK5bC2VhTwQAYC5b+bWf/QOGoffMRUgHN64LnzY8GCnfY0JTD/3JOQl3CTAt+5uysCcCADBVOtFeN+XJNS7D9RmROMLucz3IiEnOieG2Qm8jBhkVaDFXoCzsiQAAXCvr9Xu6uOeWQ37Zp7M/6v7zvcrthAzFJ4z18rjkBIElR3/Kwp4IAMAlMps/HWwPHX9GHTKsmyfR9f4kQj728BkOaweC9INLBIGysCdbDADDM7u3bFynqcYze7dIEOxffvGvOUM8n51f+PklufYMb+aVAJfbBplLsNbk0fSHc074LAt7ssUAsKUZqOeM6zRVLszV52xJfgmM60UfMpy+1q+0YbMXQ/rHkn4hTw1cY25JRpXmGFEqC3siAKxjXKepBACWkItg7tlWf68l9b7DG22tEQYy2pTr6vhYLlEW9kQAWMe4TlMJAMwtw+wth/uzJXCGf3X6PCb9RX6ht9pCOiNfl/ZRg7KwJwLAOsZ1mkoAYC6ZnJWOuPobLSG/9jOp0CQ+LpHzNNe9FremEjYyP2F8DJ9SFvZEAFjHuE5TCQDMIb++Ww2z5tqTyZ/jY4BLZX5IlvRV59mcMvIw/uzHlIU9EQDWMa7TVAIAU2XIv8Wwqo6fpbQIAhlxeOoKlLKwJwLAOsZ1mkoAYIp899XfZE65cNqJjxaWXrWSPugp/VZZ2BMBYB3jOk0lAHCtpTv/jCrkyWzjz4WlZeXAUqNaTwkBZWFPBIB1jOs0lQDANZbu/LMPvA17WFPOv5yH1fk51adCQFnYEwFgHeM6TSUAcKn8Kq/+DnO5dMIULGmp/SweCwEnBb0RANYxrtNUAgCXyCS86m8whzwKeK3nr8Njcp1c4lHV6UfHnxUnBb0RANYxrtNUAgBPlSHRpTb4ycXVDH96lnBanbtTVdevj/6hRwLAOsZ1mkoA4KmWXCaVDX3Gnwe9ye2p6vydIuF3vMrlow/tkQCwjnGdphIAeIolzxP3/NmSJSYGZhOth5/x0Qf2SABYx7hOUwkAPMVSu/zllkK2Zn34WdCz7BVQnctTPdwy+ORDeyMArGNcp6kEAD5lyYl/WW89/jzo3RIrA3KLbXj/kw/sjQCwjnGdphIA+JQl7/379c8WLTUKMPRp5Yf2RABYx7hOUwkAPCZP2lti+VPkaX7jz4MtSHCtzumphmtZ+aE9EQDWMa7TVAIAj8ns5Oo7n8PDIU/YmiX6k8+e37WJ8gN7IgCsY1ynqQQAHrPU2ufIbOrx58EWZE+MJUbG8iCivH/5oT0RANYxrtNUAgCPWXLb36wAGH8ebMES+wFEHkCU9y8/tCcCwDrGdZpKAOAxf/nPss9I98AftmjJviTvX35oTwSAdYzrNJUAwGOWDgAe98vWLDkvJvIZ5Qf3RABYx7hOUwkAPGbpAJD7qFlp8PAzoWdLLouNfEb5wT0RANYxrtNUAgCPWToARD5j/LnQoyU3xRrkc8oP74kAsI5xnaYSAHhMiwAQD7dBhR6lv8kkver8nVM+qzyAnggA6xjXaSoBgMe0CgC5FfDtSyGAPqWvadV/5PPKg+iJALCOcZ2mEgB4TKsAEEIAPWrZ+Uc+szyQnggA6xjXaSoBgMe0DACDnJPj44A15J5/i2H/h/K55cH0RABYx7hOUwkAPGaNABB//eat1QGsaqnNfj4ln10eUE8EgHWM6zSVAMBj1goAkZ0C3RKgtazzz5a81TnZQo6hPLCeCADrGNdpKgGAx6wZAAZ5ZkAevzo+NphTRpyWeM7/pXIs5QH2RABYx7hOUwkAPKaHADDIk9IubfPwKXm071c/vLsdcarOu9ZyTOWB9kQAWMe4TlMJADympwAwyDG9eCsIME2eQ5FrRy8d/yDHVh5wTwSAdYzrNJUAwGN6DACD3BowR4BLZWZ/RpOqc6oHOcbywHsiAKxjXKepBAAe03MAGPzuq1e3DxVye4Bzcn//2Y/vbs+V6hzqSY63rERPBIB1jOs0lQDAY7YQAB7KdSnntCWEZIg/58LSD++ZW469rFBPBIB1jOs0lQDAY7YWAB7KLYL86ktHMK4X+5Q+IRP6euifrpV6lJXriQCwjnGdphIAeMyWA8BDWdedjsFtgv3JhNBcx37/z+1f3yN1KivaEwFgHeM6TSUA8Ji9BICHch84u7w9//m90YENynU/162cm3l+RPU33rLUsax4TwSAdYzrNJUAwGP2GADGEghSz9wusOFQfzJrP5M88zfawiS+qVLn8ovoiQCwjnGdphIAeMwRAkAl17fsCpf2ka1hx98Ly8h3nSCWZ0HsZUj/Uvkeyi+nJwLAOsZ1mkoA4DFHDQCVdEj5PnK+ffPivdGCK2WFRn7Vp6PPd5k1+Uft7Cv5jsovricCwDrGdZpKAOAxAsCnZVh6GDHIUHU6t0uvTXuT7XXzPSQopX1mKV6+oz3es59bvr/yS+2JALCOcZ2mEgB4jAAwTcJBliPmHB3CwUPj77t3mXH/8Phz/UjdIr/ke+gXti7fc/nl90QAWMe4TlMJADxGAGhnGEkYZERh6FwjqxYedr5TZEnkw/d+6OExrPlY3KNKuysbY09yclQH35IAMJ0AwGMEAGgr7a5sjD0RANYxrtNUAgCPEQCgrbS7sjH2ZIsBYLhHtWXjOk2Vp6lVn7MlCTHjejEPAQDaSrsrG2NPcuGtDr6lSwMAcBkBANpKuysbY08EANg/AQDaSrsrG2NPBADYPwEA2kq7KxtjTwQA2D8BANpKuysbY08EANg/AQDaSrsrG2NPBADYPwEA2kq7KxtjTwQA2D8BANpKuysbY08EANg/AQDaSrsrG2NPBADYPwEA2kq7KxtjTwQA2D8BANpKuysbY08EANg/AQDaSrsrG2NPBADYPwEA2kq7KxtjTwQA2D8BANpKuysbY08EANg/AQDaSrsrG2NPBADYPwEA2kq7KxtjTwQA2D8BANpKuysbY08EANg/AQDaSrsrG2NPthgAfvuPV+X7bMm4TlN9/dP78nO25Ivv3n6oSl2/a+T9qs/Zku9f/fKhKnX9LiEAQFtpd2Vj7IkAsI5xnaYSAE4JAPcEAGgr7a5sjD0RANYxrtNUAsApAeCeAABtpd2VjbEnAsA6xnWaSgA4JQDcEwCgrbS7sjH2RABYx7hOUwkApwSAewIAtJV2VzbGnggA6xjXaSoB4JQAcE8AgLbS7srG2BMBYB3jOk0lAJwSAO4JANBW2l3ZGHsiAKxjXKepBIBTAsA9AQDaSrsrG2NPBIB1jOs0lQBwSgC4JwBAW2l3ZWPsiQCwjnGdphIATgkA9wQAaCvtrmyMPREA1jGu01QCwCkB4J4AAG2l3ZWNsScCwDrGdZpKADglANwTAKCttLuyMfZEAFjHuE5TCQCnBIB7AgC0lXZXNsaeCADrGNdpKgHglABwTwCAttLuysbYEwFgHeM6TSUAnBIA7gkA0FbaXdkYeyIArGNcp6kEgFMCwD0BANpKuysbY08EgHWM6zSVAHBKALgnAEBbaXdlY+yJALCOcZ2mEgBOCQD3BABoK+2ubIw9EQDWMa7TVALAKQHgngAAbaXdlY2xJwLAOsZ1mkoAOCUA3BMAoK20u7Ix9kQAWMe4TlMJAKcEgHsCALSVdlc2xp4IAOsY12kqAeCUAHBPAIC20u7KxtgTAWAd4zpNJQCcEgDuCQDQVtpd2Rh7IgCsY1ynqQSAUwLAPQEA2kq7KxtjTwSAdYzrNJUAcEoAuCcAQFtpd2Vj7IkAsI5xnaYSAE4JAPcEAGgr7a5sjD0RANYxrtNUAsApAeCeAABtpd2VjbEnAsA6xnWaSgA4JQDcEwCgrbS7sjH2RABYx7hOUwkApwSAewIAtJV2VzbGnggA6xjXaSoB4JQAcE8AgLbS7srG2BMBYB3jOk0lAJwSAO4JANBW2l3ZGHsiAKxjXKepBIBTAsA9AQDaSrsrG2NPBIB1jOs0lQBwSgC4JwBAW2l3ZWPsiQCwjnGdphIATgkA9wQAaCvtrmyMPREA1jGu01QCwCkB4J4AAG2l3ZWNsScCwDrGdZpKADglANwTAKCttLuyMfZEAFjHuE5TCQCnBIB7AgC0lXZXNsaeCADrGNdpKgHglABwTwCAttLuysbYEwFgHeM6TSUAnBIA7gkA0FbaXdkYeyIArGNcp6kEgFMCwD0BANpKuysbY08EgHWM6zSVAHBKALgnAEBbaXdlY+yJALCOcZ2mEgBOCQD3BABoK+2ubIw9EQDWMa7TVALAKQHg3pYCQK5Jnz1/c3s+PP/5/UXfQf7d+PL7d7f//Z///ebm9//c1vUi17d8B/HXb97e1mNs+P+3VrcjyflYnqQ9yUlUHXxLAsB0AsCpvF/1OVtyhADwmy9f3uT40tn/cnspqOsw1Q+vf7l59uO7246zOo61/Onr1zdf/fDu5sXby66DD+Uamrol8Pzqi5fl57SUv+kQxq5RvefW5O9S/rF6IgCsY1ynqQSAUwLAvR4DwB+evb759uX7D4dXH/OScs3527frnB/pHPPL/psXywWefK+p31rXynzu+JguUb3n1tzW42GleiQArGNcp6kEgFMCwL2eAkDab37tj4+xtda/NH/995e35/iSoxxj+ayMLuSzq2NaigAgADyZADCdAHBKALjXSwD4vHEH+JiWASC/xt+8v+w6N6d3H06jfPetbg8IAALAkwkA0wkApwSAe2sHgHQ8OUfHx7WmFgEg9+Qvvb4tKSEkEyyrY52TACAAPJkAMJ0AcEoAuLdmAMjw81r3+h+zdADIpLzxZ/Yi14slRwMEAAHgyXpKyLBHawaAzL4fH08PlgoAvQaesdR/qbkBAsBGAkCSYH4prSn3px4eEzCvtQJA2vf4WHqxRABIx/fTmz4DTyU/vn731fwjqgLARgIAsH9rBIAs8+tlwl9l7gCQTXm2OJqZH2BzjwQLAAIA0InWASD3l6dsbNPCnAEgv6K3PJKZY59zJEAAEACATrQOAJlpPj6G3swVALYQdp4idZhrYqAAIAAAnWgdALLL3fgYrpVfp9k4KKEiQ9WPyZyDTMB7yq2HuQJAb8sbp5hrNZEAIAAAnWgZADKzfI57/+n4s4HOtb9KM6Sdep+bkT9HAMjxjd93Llmzn2OM4eFG6aCHsvG/P5c5tkgWAAQAoBMtA0D2uR9//qUyHJ1OpHr/awz77z+coT81ACwxyTGTCLN1b967+syHErQyKjL3Q5TyXk/5/McIAAIA0ImWAWDqBjjpmJdanx7ZnS8BY0oAyKjEnDP+M9qRgFJ91lMk4Mx52yVBqfqcpxIABACgEy0DwNSOqNUz7vMY3qr8KeYc+s+w/lyBJ3WaazXClFEAAUAAADrRMgBM2fkvv6qr9+xJfv3P9WCf3NevPmOKBKg5QkCCXPX+TyEACABAJ1oGgClD4+lYq/fsSb7L8XFfY4nOfzBXCLh2NEYAEACATrQMAOPPvtSS9//nMMdWv5noV733nOaYjHntKIAAIAAAnWgZAKb+8pxjGdpSMoFwfLyXmnPDnU+ZI6xcs0OgACAAAJ3Yyi2AyG2AdCDVe69tjicbTl1id4kM4Y8//1LXBDIBQAAAOtEyAMyxSU1+ufZ2KyDHMz7OS7UY+h+buirjmtsAAoAAAHSiZQCYa2vcjCT0NBIwx/D/GvXJ0sDxcVwit3Sq932MACAAAJ1oGQDyWePPv1Y6n5bH/pj8eh8f3yWm7jw4xdRli5euBhAABACgEy070akX/0o6zzzsp/q8VqZOqMu2vdX7tpBnCYyP5xKXzgMQAAQAoBOtf0VPve98TibhZSi++swlTb3/n/31W838r2Ti4fiYLnHpPAABQAAAOtE6AEztcD4lv8ZTp1ad6tT7/zne6n1byfc0PqZLXLpDowAgAACdWOM++hxL5j4lcwRybz4dTnUMc8mufePPvsQas//Hpt7CqN7zHAFAAAA6sUYAyAYycz8u9zF5LO5Sa+ynrmxY4/sfm1qHS0ZbBAABAOjEWh3QHNvRXmqJCYMJF+PPucQ1u+nNbeoTDC8ZZREABACgE2v+Ap1rX4BLZeLaXB3v1M2Nlr5F8RQ5B8bHdYlLRlcEAAEA6MTaQ9BrhYDIEripkwWn3j//zZfr72o4dSLjJaMqAoAAAHSih3vQn0+cSDdFHsAzZX7A1OcbVO/ZWjrw8XFd4pJzSAAQAIBO9BAAIp3w1F3prpUJidd+D+P3ulT1nq1NfTCQAHCZ23o8rBTAGnoJAJFNdda8JZAlfdVxPWb8Hpeq3rO1qZ2yAHCZ23o8rBTAGnoKAIOMBrTYK6Dy7MfL1uWP//tLVe/ZWr7v8XFdIg8Vqt63IgAIAEAnegwAg+yRP3WS3TWyRLE6nsrU2xbpEKv3bWnqHACTAC9zW4+HlQJYQ88BYJBZ6i2DQOYEPHViYCYRjv/7S/SwD0CC1vi4LnFJiBEABACgE1sIAIMMNS/1MKGxp+7RP3UfgLk3JrpGzoHxcV3ikqWMAoAAAHRiSwFgkE4ke+hnv/+HdZnbU54uOHUnwEtuNyxl6iOBq/c8RwAQAIBObDEADLJqINvYLrV88CmjAAki4//uEln1UL1vS1NGMfLdV+95jgAgAACd2HIAGCQIZAnfEg8Y+tQ9+qlPA3zqrYYlTRlJufT4BQABAOjEHgLAIPei554jkF0Kq88aTN1GN6ZuRzzF1E2ALn2csQAgAACd2FMAGGRW+1yjARkerz5jkNGH8X9zqRxv9d4tTH0S4FPmSTwkAAgAQCf2GAAiy/jmmCSYIFG9/0NTNy36VMhY0tTllQlA1fueIwAIAEAn9hoAIkvs5hgJ+NQyt6nzACJD8dV7L2nqDoDXzF8QAAQAoBN7DgAxdZZ+fKpznrqTXlx6L30O2fZ4fByXuOaYBQABAOjE3gNAfr1PHQX41H3uTOKbY6Sh5ShAPmvp76UiAAgAQCf2HgBi6jP7nzJJb+qGQNFySeDUeQtZ/3/N6gUBQAAAOtEyAKy13K3Fdr1Tl9MNMiu/ev85ZffB8ede6trjFAAEAKATLQNAOtJvX76/XTpX/f9LafXEvjn2IMiw/CWP171U3nvq0P+1v/5DABAAgE60DgD5zHQgS3ZyD2Unv6Gu13pqZzfXKMBSISD37OeYqzBllEIAEACATqwRAAZ5CM3StwWmrgLIXgLV+54z106E6ajn/NtkR8PxZ1wjxzXlbyYACABAJ9YMAJHRgKyjX+K2wBwz3TNZrnrvc+YaBRjklsmnnkfwmPy3Uyf8PTR1uaIAIAAAnVg7AAzSUadzeer99k/JzP05dgJMOKne/zFzrAh4KN9N1uzn+6s+byy/0DPcnycNjt9rihdvr7/3PxAABACgE70EgIeyHC5hIJ34p3bheyidS2a4T93e9qFrfn2nk0xnOX6vOWTEJKMCCSaRuQKpc/53bqlMXfFwTkLIlJGIwdQAsLQsGa2Oe075nPLDAVrqMQCMpTNNx5Zf1kPH91A6xKkz/StTOoN0llNvP/RkrvNEABAAgE5sIQCsJb+oq3o8VYbhx++5RbmVUNXvGgKAAAB0QgCozXG/O6auQljbXN/DQAAQAIBOCACnMnSf2fxVHS6VznOupYGtpTNMh13V61oCgAAAdEIAOLXEdryZqzD+nJ7NGYIeEgAEAKATAsDH0lFXxz6HrGrY0sTArKaYe38GAUAAADohANzJngHXPN72UvlVnU5m/Pm9mjsECAACANAJAeBuotsca9yfKnsbbGlewJwhQAAQAIBOHDkAZO+A3O+fc5b7Jf7w7PViG/fMLR1jOu+qHpcQAAQAoBMtA0Dkl3a2tZ1jm95r5bNzr7/1Y4nPyW5+c+5euJQ5QoAAIAAAnWgdAAb51Z3PzlD4Erv4jaWDzcY+rR5DfI3h++h5ouDUECAACABAJ9YKAJXcG89tgkzGyy/07ECXIfJLRgsSJvLfZAOePAI373fJ8wR6keNOYOlxZCDf8bVLBDPqkr9tr5ZYAjqW77D8YgFa6ikAUBuCUUYvho4qt1ESdMYSmoZ/J//+MLlx7icDJpQtsU/AEeT7K79UgJYEgOMQAvqQ7678QgFaEgCOZYkQkNGJ6rOo5Xsrv0yAlgSA45l7D4JMWux5cmVv8p2VXyRASwLA8WQFxrcvhYC15Psqv0SAlgSAY1oqBLTYTnnr8l2VXyBASwLAcS0RAsI59bh8R+UXB9CSi/WxJQQssdeA8+q8fD/llwbQkgs12ZxHCGgn3035hQG05CINbaXdlY0RoCUBANpKuysbI0BLAgC0lXZXNkaAlgQAaCvtrmyMAC0JANBW2l3ZGAFaEgCgrbS7sjECtCQAQFtpd2VjBGhJAIC20u7KxgjQkgAAbaXdlY0RoCUBANpKuysbI0BLAgC0lXZXNkaAlgQAaCvtrmyMAC0JANBW2l3ZGAFaEgCgrbS7sjECtCQAQFtpd2VjBGhJAIC20u7KxgjQkgAAbaXdlY0RoCUBANpKuysbI0BLAgC0lXZXNkaAlgQAaCvtrmyMAC0JANBW2l3ZGAFaEgCgrbS7sjECtCQAQFtpd2VjBGhJAIC20u7KxgjQkgAAbaXdlY0RoCUBANpKuysbI0BLAgC0lXZXNkaAlgQAaCvtrmyMAC0JANBW2l3ZGAFaEgCgrbS7sjECtCQAQFtpd2VjBGhJAIC20u7KxgjQkgAAbaXdlY0RoCUBANpKuysbI0BLAgC0lXZXNkaAlgQAaCvtrmyMAC0JANBW2l3ZGAFaEgCgrbS7sjECtCQAQFtpd2VjBGhJAIC20u7KxgjQkgAAbaXdlY0RoCUBANpKuysbI0BLAgC0lXZXNkaAlgQAaCvtrmyMAC0JANBW2l3ZGAFaEgCgrbS7sjECtCQAQFtpd2VjBGhJAIC20u7KxgjQ0t++fVtepIBlpN2VjRGgpa9+eFdepID5/fYfrz40OwEA6MC3L9+XFypgfn/81+sPzU4AADrw4u1/ywsVML+/fvP2Q7MTAIBOZFiyulgB83r247sPTU4AADrx5ffmAcDSfvPly5tf/vuhxX1oc2VDBGjtzfv/3vzqi5flRQuYR1bcDG3upBECrOWz5/YDgCUlaA/t7aQBAqzl1TujALCUYfLf4KPGB7C2r3+yJBDm9ruvXv3v3v/go4YH0IM//9utAJhLRtV+eP3Lh6b1cTv76B8AevDuw7XKskCYxxfffTz0PzgpAOhB5gMIATBNHrQ1bluDshCgB0IAXO+xzj/KQoBeCAFwuU91/lEWAvQkISCzmKsLHfCx8XK/c8pCgN5kCVN+1VQXPODFza///vLm+c/vPzSXug2NlYUAvco+ATYLgo/94dnrmzxVc9xeHlMWAvQsFzq3BOBO9vcfb/LzFGUhQO9ywcsTBI0GcFQJwd++fPqQ/1hZCLAVmSD4p69flxdI2KOE3oTfa371P1QWAmxNfgnlWefVBRP2IttkP3yi3xRlIcAW5RfRVz+8EwTYnd//c9pwf6UsBNgyQYC9+OO/Xs/e8Q/KQoA9EATYqsxr+f7V6RP85lQWAuxJgkD2D8ha6epiC7347Pmbm5/eLNvxD8pCgL3KHgLZKjW7plUXYGgtz7rIrP65Jvc9VVkIsHdGBVhbfu0vdX//KcpCgCPJqMAX3721uyCLy2z+zEtp/Wu/UhYCHJUwwNwyypROP5tWjc+3NZWFANyHAbcJuFSW7z37sY9f+ueUhQB87N0vN7ePWs0jiTNpq7roc1w5JzK5NOdIzpWH506vykIAHpfRgQzrZr22BxIdT/7m2ZY3v/JzLozPjy0oCwG4zA+vf7kNBOkUbDy0P/mb5m+b5Xr5W4///ltUFgIwTSZ8ZZlhhoUz87vqVOhX5n3kOfsZ0u9t8t5cykIA5petXTNknI4lk8TcOlhfNoTK3yJ/k/xtlt5+tydlIQBtZJZ4Op2sNsjGMILBcvKrPpM4813nO+95hn4LZSEA68pOhemkvnnx/rbDyq2EhAPzC84bfs0nSOU7yy0YHf15ZSEAfcvM83Ruw+jBw5AQe3vWQYLPULcM16e+mZA3fAfj74dPKwsB2I/MWh86ykjHOYSGGDrWytx7HmQY/uH7D0Pyg4edeozrwnzKQgBg38pCAGDfykIAYN/KQgBg38pCAGDfykIAYN/KQgBg38pCAGDPbv7v/wEdeAwhD83PCgAAAABJRU5ErkJggg==Azure SQL Data Warehouse DatabaseGE.DSParallelLinesfalseAnyAnyfalsefalseSelectAllow access from all networksAllow access from AzureAllow access from selected networksAzure MySQL DB Firewall SettingsVirtualDynamic9afccb81-bc8b-4527-ad05-f90ec3e396cbListfalseSelectTrueFalseAzure MySQL DB TLS EnforcedVirtualDynamic4d3b2548-8c31-460e-88e5-4c26135003acListFully managed, enterprise-ready community MySQL database as a service for app development and deploymentfalseSE.DS.TMCore.AzureMySQLDBLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRQAAXEUBuS1iLAAAK2ZJREFUeF7t3S2UHdX29WHklUgkEnklEonEIpFIJCICEYGIuCICEYGIQURGICIjIiIQLVpEtGjRokWLCMz59+x+681ZlVl1vk/tvdZPPGPcsW5I6nxVzdofq75YrVYAAKAYWwTQhjcfPq7WPfn7ZqPvX1ytvvvj+H41/9bYy3/uwvF+/Pf+VZjXBWB5tgjgeNYviE/f3IYL5vhi/cWvF2n958lleK0/vrwO78V6eLi4eUgO9v0EcBy2CGAzXaR0sXp1cffZBf2bZx/sRRC7WQ8NwwjEEBQICcBhbBGo7sPt48V9uGP/+dXN/78QuQsVljMXEvQ5jj9bAI9sEahCFwldLHTR+OHP69W3z7nAZ6TPdZhy0IjN++uP9x+//04AVdgikMkwVL9+J//lb5f2QoFaNFWjaRt9N168fxw1GH9/gKxsEejR7f25e7jQ627+v/9jHh77+erp47TCL69vVs/f3a7eXhEMkI8tAq27vvt39frycehed3A6YbsTOXBMmkpQKNBoAYsQ0TtbBFqihVxc7NGiYQGiFh9qbQGLDtETWwSWosYxw8WeuXr0SAF1WFeg77Kmpta/40ArbBE4l+GCrzsoVuAjKy021AJUjRIQCNAKWwROhQs+cPGwQFVrCfRboF0ylmKLwLFwwQc2029DvxG2IeKcbBE4hJqscMEH9qf1L+pCyfZDnJItArvS3KbmOFmhDxyXFsL+9Nf1Q8dKpgtwTLYIbKKFTNoLrfaq2grlTlwAjku/NTW50m+PxYQ4lC0CjvY4P3t7+zA86U5OAM5Lv0V1KqT/APZhi8BA8/larczjbYG2aWeB1g3QoRDbskXUprsJNTH5+ncu+kCPFNgV3AkDmGOLqEfziRpKZOU+kIt+0/pts2YAY7aIOrSyWAv53IkDQB5aQKjdBOrLMT4PoCZbRG7aW6wte/TZB2rS9J7WC7B4sDZbRD56fC7z+gDG9OAiegzUZIvIQ6v4NeznfvgAMNCIoEYGWThYhy2if+rMx359APvQqABrBfKzRfRJq3zVqIdhfgDHoN4C6jo4PtcgB1tEX7SQR3t+WdQH4BT0jA8tGmQrYS62iD5oNT9b+PLSSI6mcdZpaFaLOcc05aNHyZ6DFoy5Yxgfq/BwqFx0k6GbDXYP5GCLaJsW9unk6n6gaI8ugsMFcXwBX7+wVri70m6U4fVqjnn9vRjeI2E0q326+dC5aPwZox+2iDYpdetJYO7HiGWoy5ouWFo9rYuYOq7p4sZz3I9nCAxa36L3WLta9J5rftp9JjgvfRYEgT7ZItqiuyZdYNyPD6eli4xOcFzc2zaEBM1T//r/RhNYDHteGhFgaqAvtog2aEhYJzOet39aw1y75jZ1AdGFhL3QeejudJhuGEYPmGI4DZ2r9DtisWAfbBHLUkcuXYg4SR2XTk7DhV5bm7iTr02/s2FqQcGAB2Edj85del/pLtg2W8RyNMzMyunD6a5+WHCnuz+GJrEtjRhop8MwlUAQ359+h3ovx+8x2mCLOD/djbKoaT86QQ8Xe93RcdeBY9M6HG21HEKB+x5ims5t+m2O31csyxZxPporY4HfbnQy0XumYXzm6rEUhXYNc2vxGwsOt6NdTApT4/cSy7BFnIcuYAz3b6a5We7u0bphlEBrTL55RiCYohE72gu3wRZxWjpRaMja/Tjw2DhHi7I0d8hqYvRK6060pkd3vezk+ZymUhjBW5Yt4nR0h8Cios/pZKCdDzQUQVYawdIaAtb6fKJgpN/9+L3Cedgijk93sjyX/xP98DV3qrt8hvVRjUYBNTrAgsJHeh9YG3B+tojj0mIhFglx0QccwsAj1gacny3iePTDrjz/x0Uf2B5h4OJhpJRzxXnYIg6nL7AufO4LXoFW7ivN80MG9qMwoPnxiqOHWidB867Ts0UcRj/cigt9dLev9M5CPuC4NIJWbeeQpgRoHnRatoj96eJXLbHr9aohClv2gNPSXbH6DFTaSaRzy/h9wHHYIvajtFrph6l5SvXZH78PAE5LU2u6MFZpJKbOn+P3AIezRexOQ3RVFvvpws/QHLC8SkFADZVYU3RctojdaLGb+8Jmw4UfaFOVIKC1VUw1Ho8tYnsVLv5a0c+FH2hfhSBACDgeW8R2sl/8NaVBm06gP9k7jxICjsMWsZkWv7kvZhbacsQ+XKBvGrnL+mRCQsDhbBHztNUv64I/DR3SjhPIQ9MCeghRxnMWIeAwtohpuivOOr+mRX78mICcsvYo0XmL3QH7sUV4+pJlHU6j/zaQX9YupWq7Pn6t2MwW4WVdVEOnLaAOBf2Mzyl58jfNgnZli/jcq4t8i/40J6jXNX6tAPLTugB3XugZ25V3Y4uINGyWscUvbXyB2rKFAK3P0vl6/Drh2SIitaB0X7aeMewPQLKd3/R6xq8Rni3ik4z7/XmwBoCB1gRkWxj4/B03ONuwRTzSDyPbthk1+Bm/TgC1adg807lOU7ZMBWxmi3ikYXL35eqVFv3xowDgZFvorF1b49eIyBbxePefreHPL68Z+gcwLdtUwNsrdgXMsUU8Pt/ffaF6xd0/gE2yjQKoS+D4NeITW0S+JMzdP4BtZDv3qQXy+DXikS1Wp2Ej90XqGUNhALahR4C7c0iv2BY4zRary9ghi4f8ANhGtmkApj+n2WJ12bb+aTHj+DUCgHNx8689j/SMvgCeLVam+SL3BeoZe/8B7EJ3ze5c0isWA3q2WNmL9/k6//GoTAC7yLYFWpgG+JwtVqbV8u7L0zOt6h2/TgBwtF7InUd6p5u78WutzhYr+/b5lf3y9EzDeePXCQBOxl1QwjNQPmeLlWUc+hIt7Bm/VgAY04I5dw7pHSOhn7PFytwXJwN1Nhy/VgAY052yO4f0TiOhavG+/lqrs8Wq9OVwX5wMSL8ANtFCuWw7ANZ9uGUkdJ0tVqUvh/vSZKEGH+PXDACDjIug1zEVGtliVdkDAKMAAKZkv/uXNx9oib7OFqvKHgCEjlgAHPULceeMTAgAkS1WVSEAKOHzIwCwLtsDgKZw7otssaoKAUC+/O2SxTAAHmR7+M8cAkBki1VVCQDyzbMPPCEQKE7PPsk+77+OABDZYlWVAoDoIUGEAKAmrYjP9uTTTQgAkS1WVS0AiHYGMB0A1KILoaYC3TkhMwJAZItVVQwAovbH6v89fj8A5KOdQJWG/dcRACJbrKpqABCdEGgXDOSWvdHPJgSAyBarqhwABr/+fUO/bCAZNfnRmh/3m6+EABDZYlUEgEeaEnh9yWgAkIH2+Fcd8h8jAES2WBUBIPrpr+uV7hzG7xOA9mldz7fPuetfRwCIbLEqAsDntFL4xXtGA4BeaGuvpvLc77k6AkBki1URAKZpuyBPEwTapQv/k/sLf8XtfdsiAES2WBUBYDOCANAWLvzbIwBEtlgVAWB7BAFgWVz4d0cAiGyxKgLA7vRMATUWoaUwcB46T2mOnwv/7ggAkS1WRQDYn7YZ/fzqZqX+4uP3FcDhtDX3hz/zP7P/lAgAkS1WRQA4Dm09YucAcDiNrGkff7WH9pwKASCyxaoIAMelhkJqPapHjo7fawDTtL5GfTho4HNcBIDIFqsiAJyO7mAUBpgiADwN8euiz9z+6RAAIlusigBwHlo4qNXLhAFUpwuS1s5otMz9VnBcBIDIFqsiAJyfwoBWNPPsAVSgOX09dZOL/jIIAJEtVkUAWJbmO7XK+dnbW0YHkIZ68mvEi778yyMARLZYFQGgLVo3oDlR3THRZwC90HlEu2B+fMl8fmsIAJEtVkUAaJumCzR0qpMrIwRohXa5aNRKF3y267WNABDZYlUEgL5oDlVTBtonrWHW8ecJHNvH+9ypi4iG9L/744ptep0hAES2WBUBoH86KWtRoUYJCAU4xHCx1929Rp70/Av3nUM/CACRLVZFAMhJi6+0lkAjBToBsJ4AY/rtayeK7uw1qqTpJvddQt8IAJEtVkUAqENztd+/uHo44ethRjoxXN+xriA7rR3RZ60wqJEijRixUK8OAkBki1URACAaMSAc9Eu/Y31mGrof5uq5o4cQACJbrIoAgE0UDnRB0ZzwekBgvcF5DPPyort4fQZafc9FHtsgAES2WBUBAMcwDgmih7sMFy7WIHxOIyzD+6O+D8P7xsUdx0QAiGyxKgIAzk0XNl3gxoFBtJNhuCgOWh5pGB+raIRk/TVpMebwetkzj3PTd3L8va3MFqsiAKBX2qI2XFhPjbtx9IoAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBICL1TfPPqy+++PK/n9o15e/XT58bl89vbT/PwACwJgtVlUhAOgi8evfN6sn9/RjkIubf+9fvn9P5OP9/60/9/TN7erHl9cPIcH93Titb59frX5+dbN69vZ2qxPZ26vHz/f15d3D563PnXCHyrb53VRii1VlCwC6K/zhz+uHC7cuBuPXe4jru39Xz9/dPlyU3L+N4/j+xdXqxfu71e3Dx+c/i33o+6AgQaBDJQSAyBaryhAAdDLXBWPTXf0x6X3THeZ/njD8fAwKbgptClnj9/pUFDBe/nP3EDjcMQEZEAAiW6yq1wCgC+9Pf10f/S5/V7pgaYjaHSM20+f4y+ubo9/t70q/A00XsJ4A2RAAIlusqscAoDs2Hff4tSxJow9MDexGc/OtfY4KIgoCjOwgCwJAZItV9RQAdHemxV3j19ASXTzcsSPScP/4vWuJfhcsHkQGBIDIFqvqJQB8/fuH5u4Wp+gHx1Cyp/dl6WmbXWh6wr0OoBcEgMgWq+ohAPR08R/oeHXc7vVU1ePnKFooyJQAekUAiGyxqh4CQE93jOsIAZ/0evEfaOrJvS6gdQSAyBaraj0AaAh2fMw9IQT0f/EfqIeAe31AywgAkS1W1XIA0HyxOvKtH2+PNIJRdQhZr7vXERyHLZ/oDQEgssWqWg4AarQzPt5eadW7e43ZZfoMRdsEWeCJnhAAIlusquUAcM6ucOdQbVuZXu/4PchA7aDd6wVaRACIbLGqVgOAmv2Mj7V3CjRqeetebza6S84W4Nb9938s7kQfCACRLVbVagDQgqvxsWZQZSFZ1s9vwIJA9IIAENliVa0GgPfXOb+0WtSYfQ45y+LNOVoLQG8A9IAAENliVS0GAA2Tj48zk+x3j9nv/gd6rLB7/UBLCACRLVbVYgDQ/Or4ODPJPAqgPf/Z7/4HegS1ew+AlhAAIlusqsUAkHEB4FjWUYAqd/+iaSr3HgAtIQBEtlhViwFAz/kfH2c2ukvONodcYe5/jHUAaB0BILLFqloMANmax0zJ9qS53ts27+Pb5zwyGG0jAES2WBUBYDkXN+299/vSnXDmff9TNF3l3g+gFQSAyBarajEAqG3u+Diz+uHPHCvJK0zbOHrd7v0AWkEAiGyxqhYDgFZXj48zq1cXOVaSZ+3bsAkPB0LrCACRLVZFAFjeN8/6biurUYzxa6pC01XuPQFaQQCIbLEqAsDyet8SqFGM8WuqggCA1hEAIlusigCwvJ63BGZv2rQJAQCtIwBEtlgVAaANvW4JrPhZrSMAoHUEgMgWqyIAtKHHLYEVG/+MEQDQOgJAZItVEQDa0duWwEptf6cQANA6AkBki1URANrR05bAqo1/xggAaB0BILLFqggAbellS2DFtr8OAQCtIwBEtlgVAaAtvWwJ1PdmfOwVEQDQOgJAZItVEQDa0sOWwMqNf8YIAGgdASCyxaoIAO1pfUtg1ba/DgEArSMARLZYFQGgPS1vCaze+GeMAIDWEQAiW6yKANCmVrcEVm776xAA0DoCQGSLVREA2vT6sr0tgV//zt3/mD6nL3/rs40zaiAARLZYFQGgXRpud+/PUmj846kfAo8FRqsIAJEtVkUAaFdLWwJp++vpu/rdH1cPNEKiKQGdcLNw34UW6b0fPoeW6Ljc8Z6TPsfx97YyW6yKANAuXXBbGV6m8Y/n1gD8+PI6TZfE8WtrlT6H8bG3oIU1IgSAyBarIgC0rYUtgbT9nTZ1gtd7pv+v91ET99paRACYRgCIbLEqAkDbWvh8fvqLxj9TNp3gNQTc884J95paRACYRgCIbLEqAkD7lt4SSOOfadue4DUf3OP76F5LiwgA0wgAkS1WRQBo35JbAmn7O2/XE7ymdG4fzsf+72uNew0tIgBMIwBEtlgVAaAPS20JpPHPvH1O8FrY2cuWSnf8LSIATCMARLZYFQGgD0tsCaTt72aHnODHf1eL3HG3iAAwjQAQ2WJVBIA+LLElkM9hMwJAGwgA0wgAkS1WRQDoxzm3BNL4ZzsEgDYQAKYRACJbrIoA0I9zfla0/d0OAaANBIBpBIDIFqsiAPTlHFsCafyzPQJAGwgA0wgAkS1WRQDoyzm2BNL2d3sEgDYQAKYRACJbrIoA0J9TbwnUd2L8b8IjALSBADCNABDZYlUEgP6ccksgjX92QwBoAwFgGgEgssWqCAD90ep8rdJ3792haPu7GwJAGwgA0wgAkS1WRQDo0ym2BNL4Z3cEgDYQAKYRACJbrIoA0Cet0nfv3SFo+7s7AkAbCADTCACRLVZFAOjXMbcE6rG1478fmxEA2kAAmEYAiGyxKgJAv/TDdu/fPmj8sx8CQBsIANMIAJEtVkUA6NsxtgTqGQO0/d0PAaANBIBpBIDIFqsiAMxT451xrSXP3x2+JbCHxj+tdiYkALSBADCNABDZYlUEgHk/v7ppui3uoVsCe2j7q+9oq6NCBIA2EACmEQAiW6yKADDvp7+um79DPmRL4I8v22/8o9dHAFiGO+4WEQCmEQAiW6yKADBPAaD1OfJDtgS23vhHr02jFASAZbjjbhEBYBoBILLFqggA8xQAdEytr5LfZ0vg9y+u7v9T//e14umbxzUOBIBluONuEQFgGgEgssWqCADzhgCgefaWRwH0Ix+/j5u03vhnfX0DAWAZ7rhbRACYRgCIbLEqAsC8IQBI6xfMXbYE9tD2d/2hRwSAZbjjbhEBYBoBILLFqggA89YDQOsXzV22BOrPjv/71qwHGgLAMtxxt4gAMI0AENliVQSAeesBQFr+MW27JbD16QzRaMv6MRMAluGOu0UEgGkEgMgWqyIAzBsHgNafl7/NlkAtrBv/d6359vlVOGYCwDLccbeIADCNABDZYlUEgHnjACAtb53btCWwh8Y/en/Hx00AWIY77hYRAKYRACJbrIoAMM8FAHUHHP+5lsxtCeyh7a87fgLAMtxxt4gAMI0AENliVQSAeS4AtH4X/fZqekvgxU3bd/9T30cCwDLccbeIADCNABDZYlUEgHkuAMivjZ5wBm5LYOvrF2RqDQMBYBnuuFtEAJhGAIhssSoCwLypAND6Snq9h+Nj1sjA+M+1ZGj7Oz5uIQAswx13iwgA0wgAkS1WRQCYNxUApOX2wOMtgT00/hna/joEgGW4424RAWAaASCyxaoIAPPmAsDXv7d9UdU0xXCsPbX9dQgAy3DH3SICwDQCQGSLVREA5s0FAGn5wjoMqevCOv7/WrPe9tchACzDHXeLCADTCACRLVZFAJi3KQC0PrSuhX+tP8lQ3KLFdQSAZbjjbhEBYBoBILLFqggA8zYFAGl5cZ22/fXW9tchACzDHXeLCADTCACRLVZFAJi3TQDoYXtdy8Ztfx0CwDLccbeIADCNABDZYlUEgHnbBABpvcFOq1zbX4cAsAx33C0iAEwjAES2WBUBYN62AaCHFrstmmtbvI4AsAx33C0iAEwjAES2WBUBYN62AaCHh+y0ZpfvHgFgGe64W0QAmEYAiGyxKgLAvG0DgLR6EmrVNo8uHhAAluGOu0UEgGkEgMgWqyIAzNslALTeHrglc21/HQLAMtxxt4gAMI0AENliVQSAebsEAOlhz30L5tr+OgSAZbjjbhEBYBoBILLFqggA83YNAD303F/apra/DgFgGe64W0QAmEYAiGyxKgLAvF0DgLTed39pm9r+OgSAZbjjbhEBYBoBILLFqggA8/YJAGpsM/578Mmmtr8OAWAZ7rhbRACYRgCIbLEqAsC8fQKAqMHN+O/Cdm1/HQLAMtxxt4gAMI0AENliVQSAefsGANoDe9u0/XUIAMv45tnuozVLIABMIwBEtlgVAWDevgFAaAwUbdv21yEALOP2/tqhNRvfv7haffnbbgs3z4kAMI0AENliVQSAeYcEANoDR9u2/XUIAOgRAaA9tlgVAWDeIQGA9sCfHPo9yxgA9J6M/z7kQgBojy1WRQCYd0gAEBoDPdql7a9DAECPCADtscWqCADzDg0AtAfeve2vkzEAcGLOjwDQHlusigAw79AAIK1evM5l17a/TsYAwOhQfgSA9thiVQSAeccIAJXbA+/T9tfJGAB+fMlW0ewIAO2xxaoIAPOOEQCkanvgfdr+OhkDANND+REA2mOLVREA5h0rAGgf9fjvrmCftr9OxgAgPDciNwJAe2yxKgLAvGMFAKnWHnjftr9O1gBQNRhWQQBojy1WRQCYd8wAUG3Od9+2v07WACAXN2wHzIoA0B5brIoAMO+YAaBSY6BD2v46mQMAHSPzIgC0xxarIgDMO2YAkCon+0Pa/jqZAwCLAfMiALTHFqsiAMw7dgDQKED2k/0pvlOZA4Doezb+u9E/AkB7bLEqAsC8YwcAyd4A5tC2v072ACCtvkbsjwDQHlusigAw7xQBIPOQ7zHa/joVAoAet6vf4/jfQL8IAO2xxaoIAPNOEQAk6yjAKe7+pUIAEO2cYD1AHgSA9thiVQSAeacKABlHAU519y9VAoD8ev93jv8d9IkA0B5brIoAMO9UAUCyjQKc6u5fKgUA0fdu/G+hPwSA9thiVQSAeacMAJrzzdIXQM1sTnX3L9UCgKhLINMBfSMAtMcWqyIAzDtlAJAMrWB1kTpm1z+nYgAQPUvh9uH87f99tI0A0B5brIoAMO/UAUBavbht6xwnuaoBQL7+/QO7AzpFAGiPLVZFAJh3jgDQ8/avt1cfTzr0P6gcAETvsRYHMhrQFwJAe2yxKgLAvHMEANFdXm8nd313FF7c6zm26gFgoN0jz9/lbiSVCQGgPbZYFQFg3rkCgPQ036vvjUKLex2nQACIvnn2YfX6ss33BJ8QANpji1URAOadMwBIDyu/FVIUVtzxnwoBwPvuj6vVy3/u2C3QKAJAe2yxKgLAvHMHANHdXavPiNecv4ah3XGfEgFgnqZi9F2tdrJX8Hl1cdds8yQCQHtssSoCwLwlAoBo0VdrF72nb27tsZ4DAWB7CmhqytRqiDyUemfo+6BHTg8LUPW/x3+uBQSA9thiVQSAeUsFgIFObO+vl/0B6wRy6n3+mxAA9qORAU0T6Dh1p9xrKNBxq3Pm1Pew1a6aBID22GJVBIB5SweAwRJBQCcOXTzc8ZwbAeB4dNesz1XD5jp+fc6DlgKCjkcjGdssNtV5bPzft4AA0B5brKrFAKAT0/pJaUlalOeOcSlaH6D351RhQH+v/n79O+7fXwoBYBn6HigsnNsu20s1KjD+XFpxyudjbEvnsfFxVWaLVbUYALAd3RlpZEAXIQ3v7hoK9Of13+m/199zzm19wLG0/FCtFkYQCQCRLVZFAMjL3Vm5Pwf0StMZLW+BVLB2x31OBIDIFqsiAADolXamjM9pLWkhdBMAIlusigAAoEdqRtV6A6RzN8xyCACRLVZFAADQGy38a71ttsKJO/ZzIwBEtlgVAQBY1tDBD9vppZeBuma6z/vc9J6Nj60yW6yKAAAsS7swxr9L9E+7E9znfW4EgMgWqyIAAMsiAOTUwg4AIQBEtlgVAQBYFgEgH83/D88pWBoBILLFqggAwLIIAPnoEc3us14CASCyxaoIAMCyCAD5tDL8LwSAyBarIgAAyyIA5KIW2+5zXgoBILLFqggAwLIIALm0dPcvBIDIFqsiAADLIgDk0drdvxAAIlusigAALIsAkIc6FLrPeEkEgMgWqyIAAMsiAOSgBxO5z3dpBIDIFqsiAADLIgD0T+2JW9n3P0YAiGyxKgIAsCwCQN+u7/5dff378k/9m0IAiGyxKgIAsCwCQL/U8a+FR/7OIQBEtlgVAQBYFgGgT3oc8Xd/tLfob4wAENliVQQAYFkEgP5ozr/lYf91BIDIFqsiAADLIgD05dXF3erL39pc8OcQACJbrIoAACyLANAPfVbuM2wZASCyxaoIAMCyCADt03x/ay1+t0UAiGyxKgIAsCwCQLu0yl+fT09D/mMEgMgWqyIAAMsiALRHF/5nb29XXz3t98I/IABEtlgVAQBYFgGgLc/f5bjwDwgAkS1WRQAAlkUAWJ629elz6GVr3y4IAJEtVkUAAJZFAFiGzn0a5m+9k9+hCACRLVZFAACWRQA4Hz2vv8JFfx0BILLFqggAwLIIAKehi/2L93erX17fdNGy91QIAJEtVkUAAJZFANiN9uTrojbQ+zfQXv3KF3uHABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlUEAADIiwAQ2WJVBAAAyIsAENliVQQAAMiLABDZYlW3998N96UBAPSPABDZYmXuSwMA6B8BILLFyr787dJ+cQAAfSMARLZY2X//98F+cQAAfbu4+ff+NO/P/RXZYmU//XVtvzgAgL5poff4nF+ZLVb27O2t/eIAAPr1nyeX96d4f96vyhYre3v10X55AAD9+vb51f0p3p/3q7LFyj7+u1qxEBAAcvnl9c39Kd6f96uyxepYBwAAubx4f3d/evfn/KpssbqX/9zZLxAAoE/XdywAHLPF6jQNoAUj7ksEAOjLd38w/+/YIlZfaL7IfZEAAH15/u72/rTuz/WV2SJWX7y/ZjcAAPROo7kM/3u2iEc//MliQADomc7j43M7HtkiHr2+ZDEgAPRMo7njczse2SI+YRQAAPqkZ7uMz+n4xBbxiR4ewY4AAOjPqwv2/s+xRUTsCACAvjD3v5ktIrr9uFp9/TuPCQaAHmjUlkf/bmaL+NybD2wLBIAe0Pd/O7YI7+dXTAUAQMs0Wqturuvnbni2CE9fKqYCAKBdeqT7+NwNzxYxjV0BANCmJ38z9L8LW8Q8bS1xXz4AwDK+fX7F0P+ObBGbKWm6LyEA4Lw0NUu//93ZIrZDl0AAWJamZJn3348tYjsabvr+xZX9UgIATu/lP3T725ctYnsKAeo37b6YAIDTYdHfYWwRu1GnQEIAAJwPF//D2SJ2pwUohAAAOD06/R2HLWI/jAQAwGn99BcP+TkWW8T+CAEAcBpqxz4+52J/tojDKASoKYX7AgMAdsec//HZIg6n3QE/vqRPAAAciov/adgijoeOgQCwv+fvbu9Ppf78isPYIo5LjSp4gBAAbO/L3y5Xbz7Q4e+UbBHHp1aVXz0lBADAJurtryevjs+jOC5bxGloceB3f7A4EACmaAG1zpXr506chi3itFgXAACf+5XFfmdlizi915d3D3Nc7kcAAJVoepT5/vOzRZyH2gfzNEEAlWlalGf5L8MWcV7P3t6ySwBAKTrnPX3DFr8l2SLOTyteaSEMoAKd61jlvzxbxDLUPVALBBkNAJCVFvrpXLd+7sMybBHL+nDL2gAAuXzz7MNK/VDG5zssxxbRhlcXdzQPAtA17XZirr9Ntoh2aKhMQ2buhwUALdOz+1nh3y5bRHu0YIYuggB6oEV+DPe3zxbRrhfvmRYA0CYN92tb8/i8hTbZItqmPtm/vGZaAEA7fn51w3B/Z2wRfdBuAc2xuR8jAJyDHt7DcH+fbBF90fqAH/4kCAA4H83za6fS+HyEftgi+vT++iNBAMBJ6Y6fC38Otoi+EQQAHJt2IfHEvlxsETkoCLB1EMAhuPDnZYvIRT9eggCAXXDhz88WkZNW6rJrAMAcPYeEC38NtojctFdXTx2koRAAUQMf7ePnEb212CLqUGdBbedxJwUAuekJfc/f3a7UXGz9vIAabBH1aHrgx5dMDwAV6Lf++pKtfNXZIurS9ICePsj0AJCLftP6bauD6Ph3j5psEdBjiDU9oKYf7mQCoA/6Deu3rN/0+m8csEVgnRYG6c7h699ZKwD0QIv6tOOHHv2YY4vAFG0P0olFJxh34gGwjP88uXyY23/5D3P72I4tAptoOFEnGhYOAstS22+G+LEPWwR2oS1E2krEegHgPNSlT785nr+PQ9gisC+tMFaTIdYLAMelPfvP3t6yih9HY4vAMehhRE/f3NJoCNiTfjsK1HTowynYInBsGqrUPKXWDGixkjvZAdXpt6E5fYb3cQ62CJyaupCp9zhTBahOQ/u/vL6hMx/OzhaBc9LwpqYKWESIKvTEPd3lM5+PJdkisBTtKBimCmhHjCw00qURr1cXbNdDO2wRaIXukBQIdPLUUKk7uQKt0XdVDbP03WUBH1pli0CrtDBKd1GaM2V3AVqhfflql63vJo/WRS9sEeiFhlO1eEpbpXQSdidn4JjUBlsr9bVuRa2xx99JoBe2CPRMJ2WdnHWSZtoAh2I4H1nZIpCJRgkUCtRFTWsJGCmAozv7YShfF3vu7pGdLQIV6G5ODzQapg/YdVCHtpzqrn4YxqfpDiqyRaAqLeAaphB0gVAwoHNhv7T9TnvuFfK0QE/tqcefOVCVLQL4nILBsOBQuxAUDlhjsCyN2uhzUN8IfS5qrqPPibl6YDNbBLAbDSHrwqO5Y12IdEHShUnzyu7Che1wgQdOxxYBHNfbq48PFy7RYkRdzNaDglR5LoLm34fXrEWZw3sxXNy5wAPnYYsAljWMKIjmroeLpFaoDxfPOccME8Pq+E2mLuYKP+PXB2B5tggAADJbffF/3O55HoeNu6wAAAAASUVORK5CYII=Azure Database for MySQLGE.DSParallelLinesfalseAnyAnyfalsefalseSelectAllow access from all networksAllow access from AzureAllow access from selected networksAzure Postgres DB Firewall SettingsVirtualDynamicba682010-cfcf-4916-9f88-524f8d9ce8a8ListfalseSelectTrueFalseAzure Postgres DB TLS EnforcedVirtualDynamic65a8827c-6efd-4243-aa81-0625c4aea98eListFully managed, enterprise-ready community PostgreSQL database as a service for app development and deploymentfalseSE.DS.TMCore.AzurePostgresDBLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRQAAXEUBuS1iLAAAK3VJREFUeF7t3S+gHFfZBnDkJ5FIJBJZiURikcjKyooKRASiAlGBqEDEICIjKiorEBUVFRUVFREREREVmHx5EpZsTt+bu3t3Z+bsvD/xQ5yS3bNzZ+Y8c/7Nr169egUANFMWAtv7/vl/Xn3948//88W/X7z67KvnH/TJ0+ev/vCPnxbxafF9oy+/fflenV/8/PqXFL8N2F5ZCFzHt8/ubsD//PjZew3sbx798OpXn36/a8e/949f/vTe8cjxOQ4P47EErqssBD4sT7aHhurR128b9r/8622D/tEXP5WNHw/z+7//+Oa45vjmOH/+zdug8M1PQgJcoiyEzn7+z9vG/cn3L//3dJqn1TRCv/3bj2UjxbYSuvL3+fjJ+70J6YEZ/77AW2UhdHAYY0+DkYYjDciv/7r/bviOfvf5216E/K0P8xQS9I7PB+imLIS9ODzN56Z/eJJPl3LVSNBP5l0kGGTy5GFo4dnLN8mgPJ9gT8pCuEW5eecmfhiL9zTPQ/3fZ2+DwWHegWDAHpWFMLvjxt4TPWvJHJA//fNdKLDMkVtWFsJMNPbMLPMLsqQzq0Fyro7nL8yqLIStZGmXxp5bl3M353DOZcsVmVVZCGvJzTFPTpmcl3HX6mYKe5ClitlN8ekPL1+f+vX1AGsqC2EpGnx467AsUQ8BWykL4Vo0+HC/XBu5RnKtCASspSyEh8rOaxp8uEyWsGa1QeYQ2M2QpZSFcI6MaWYnPdvkwjISCDKp8PF3L+1gyNWUhfAhWfucG1GWPtlsB9aVnrVce9nd0j4EXKIshNGPL/7z5gUr6dqvbkrANnJN5tq0UyHnKgshMvaYWcrW48NtyFLDzBtIYB+vZxiVhfSVN+RlrXJeklLdYIDbkB0KE+BzTY/XOURZSC/pOkwXoid92KeEgVzj5gxwrCykh0zky1Kj6oYB7FMmENqNkCgL2a9sMpIle2bvQ28Z5stwn/kCfZWF7Esu8IwFWqcPVLItcZYV2mOgl7KQfXjy/cs3F3Z1wQOMDhsO2Y64h7KQ25UEn8k+nvaBS2RScHoFxnsM+1EWcnsykz/jecb2gWvKXIHsLWAFwf6UhdyObNaTLrvqwgW4ljxcfPL0uR0Hd6QsZH5Zwmd8nwz15DzYgrc99pWHDm8pvH1lIXPK+H664ozv78NxY5rhm6zUiPyNv/7x51+4hRnaWXEy1jtrzg+/LdJ4HH53Nqipjg23Ie8hsKfA7SoLmU8m42j453do2NJVmsbu0dfvN+bj35V3MsZ8OE5ZwTIGBjtVzsuEwdtUFjKP3Ajd+LaX8c9D4354Ws8wTBore62v7xAU0luSv0U2t8rfJi/Dqf5+rCP3Kj0Ct6MsZHu5ueWGVl1kLCfHPNsjHzfwNke5PZmodhwQ8nc13LCeDA2YIzC/spDt5KKxP/+ysqwpN6g0DNkzIQ2Fmc19pMcmf/P8/TNUk3BgQuMyMnzj2ppXWcj6MnnKcr7rS5dwjuthLN5aZu6Sa/AwYTEhXI/BdSRcZdjMtTefspD15KLIxeEJ5DI5fnmSO3Td637kGjL8cxhKyDwDcwwe7rCh0HiM2U5ZyDoywS8XRXWx8GE5bnmtaW4o9i1nTYdQkLCZoSS7b54nq5ly7xuPK+srC1lWxsRy46guDmrpjs0TWJYaeX0ps8m8gpybOUcNHZwm90DzA7ZVFrKcjEXr7r9fnhIydp/ufGOH3Jqcszl3cw7r5btb7oW5J47Hj3WUhVxfnlqNH35YngjSpW9dPXuTczrntp6/WvYPMJS3vrKQ60rXoHHCX0pXaZZh2TiETjKHIOd8zn27e74v8yrG48VyykKuI92AEv/70ujnIveUD29lxYow8E56Ss3zWUdZyOXSnWXs7y2NPpzmEAa63zvSY+rdAssrC7lMdpfrPtEvTzMafXi4LDXMqoLOw4eZRGkr7uWUhTxMTtSsTa9O5C7y+43pw/XkvpKn4a6TiDNB0JDAMspCzpf1rF3f2pen/SzlsaYXlpUetY69Avm9Ng+6vrKQ82TcruMEnkxwdFHC+tIrkKHGbpsO2TPguspCTpfu7m5pPONyuuRgDgnhnXofc/8ZjwEPUxZymozLVSfoXmn4YV6dgkDe1mhy4OXKQu7XqfHX8MPt6BIEMinSNuGXKQv5sC6Nf8b4NfxwmxIE9j5HIEFHCHi4spC7dWj8bcIB+5Bu8k+/er7rfUmEgIcrC6llwl91Au5J1vFbzgf7kuWDe95HQAh4mLKQX8pSvz2n6Gw9agMf2LcsHdzrqqWEABMDz1MW8r6Mg+95qd8f/mEyDXSR+9le5wZkdcD4e7lbWcg7SZR7nkiTXcXG3wzsWwJ/gn91T7h1eZnS+HuplYW8kyVw1Um2B+kOHH8v0EceAKp7w61zbztNWchbe53xn+GMvGls/L1AP59/86K8T9yyzNfKK9nH38r7ykLevtxnj+P+uTA0/sCx7LFf3S9uWd7PYm7Th5WFvPpVJpNUJ9Wts74fqOzxVeYmBX5YWdjdXtf7Z0OQ8bcCRCY873FioIeeu5WFne111r8kDNwnXeZ7e7V59jgxFFArCzvb64QYu/sBp8g7BKr7yC2zNLBWFnaVp/+kxeoEumVOfuAce3ubYB6Cspvr+Du7Kwu72mPy9fQPnGuP90LDoL9UFna1t9Qbnv6Bh9jj/TAvRRp/Z2dlYUc5MaoT5tbZDAN4iD3uDeCB6H1lYUeffbXPLTHNfgUewpDo/pWFHe1x6V92Mhx/J8Ap9tor6j0B75SF3eT1mNWJcus++uKn1z+v/s0AH5JVUdV95dZls6Pxt3ZVFnbz+Lt97vyXrT3H3wpwqj0ui84wgKHRt8rCbjIxpDpRbl1m8Y6/FeAUaSSr+8oe5KFv/L0dlYXd7HH/60jSHX8rwCmygqi6r+yB1QBvlYXd7G3v62PWvQIPkcly1T1lD8wDeKss7KY6QfZCVxfwEB8/2efQaFgh9VZZ2MleZ7oemAcAnCtr5TOEWN1T9iKrv8bf3U1Z2MlelwAey4Ye4+8GuMteJ0YfEwAEgBYBQC8AcKoOT//x9Y+2SS8LO+kQAEIvAHCKDk//IQAIAG0CQDb00OUFfMjTH/a5KVpFABAA2gSAyFBAJj0e/36AyJLhzI6v7h17JAAIAK0CQPzpn7YHBt6XXf/2vB9KRQAQANoFgPj0K7tgAW+lV3Cvu6F+iAAgALQMAPGXfz0zHADNZcZ/hgare8TeCQACQNsAEHldsLdiQU/fPvv5zeTg6t7QgQAgALQOAJFxv9wIxuMC7Fe2CO+w1v9DBAABoH0AiMz8tU8A9PDZVz3W+d9HABAABIAjf/zyp1cZExyPEXD78nrf333ec7y/IgAIAALAIL0BX36rNwD2IpN9s/Knut47EwAEAAHgDlkWlI1BxuMF3I7s7Ndtff+pBAABQAD4gEwSynihlQJwWzKxN5t+Vdc1bwkAAoAAcIIMCwgCMD8N/+kEAAFAADiDIABz0vCfTwAQAASABzgEASsGYFsa/ocTAAQAAeBCf3787FUmGo3HFVhGZvVnpU528qyuSU4jAAgAAsCVZKbx59+8MDwAC8m96pOnz9/0wFXXIOcRAAQAAeDKsnIgLxrKpiPjsQbOl217s0lXdb3xcAKAACAALCi9Anli8a4BOE+25k6Q9rS/HAFAABAAViIMwIdp9NclAAgAAsAGhAF4S6O/HQFAABAANpYbX1YSZFazZYXsXbbXzmRZY/rbEwAEAAFgMr//+9veAUsL2YOsiskkvjzl25N/LgKAACAATCwrCrLJSZ6YrCrgFmSNfhqWbJRlnf7cBAABQAC4IQkEeUthbq7pIcjN9vhvCWvLsFWe8NNrld6r6rxlTgKAACAA3LjDkEFuwuYQsLRMXP3i3y/ezFvRpX/bBAABQADYmUwqTC/Bp1+9DQVWGvAQh678DD99/OT5m3OqOt+4XQKAACAANJHx2EzEevT1izcXvi2LOcjM/CzHy9BSZud7su9BABAABIDGDr0FCQaHeQUmG+5TAl9u+Flumr91JpeapNebACAACACUfvPobTjI/II0GLlZuGHM7dDIH57mM06fv2Emj1Z/Y3pzPQsAAgAPksmHx70HGSs+hASrE64vEzxzbNNLk+Md6a7P30CXPQ8hAAgAAgCL+d3nb0NCZCLZoeFKN/QhLOT8G8/JLjLccjgOmZtxOD7pnj8cN1vkshQBQAAQAJjGYdjh2HFwODhMZPyQawaL44a6cuhyHx035AfV74Yt5Nwdz/VuysJOBACAfgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABACAhgQAAUAAAGhIABAABICN/ObRD6/+8I+f/ufPj5+9+uyr5/f69LXjf/frv/5Qfj6/9H+fvTvm9x3v4+P8u89/LD8PbpkAIAAIAAtLQ/+nfz579ejrF4tecM9e/ufN53/x7xf/a7y6hoNDQ5+G/Mn3L6923HOtHI7xX/71TDDgpgkAAoAAcGW///uPbxrgNDw5tuPxXtuL19d4LvQEkASRvYaC/LbPv3nx6puf1r2p5fg+/eHlq0+ePn/127/dfiAYf9+aqvqwHAFAABAAriBP+Wn0v3++fYN/im+f/fymsUyjmafl6jfdgtT/y29fvkojfPz7tpRje8thYPw9a6rqw3IEAAFAAHigNJwZR87T33hMb8nPrzNLGtHqN84oDetsjf5dcoNNSKl+x6zG37Cmqj4sRwAQAASAM6ULPU/Pt9AAneoWzoEMrTz+7jbDVo7vx0+e30Rvy1j3NVX1YTkCgAAgAJwhE78y2W48hrdu5nPgoy9+2s2NKudOgkD1O2cx1nlNVX1YjgAgAAgAJ8hs7z1fLDOeA5lXka7+sa57kHkCWaVQ/e6tjXVdU1UfliMACAACwAekyzZLyTJOfnzM9ma2cyCT6PY0xHKXDGnMtipjrOOaqvqwHAFAABAA7pDJZrcyq/9Ss5wD6WnJ0/FYvz3LsECGOarjsYWxfmuq6sNyBAABQAAopPHPcRmP1V7NcA5kRUWHp/67ZBlpdVzWNtZrTVV9WI4AIAAIAINujX9seQ5kmCU764116iibR229UmCs05qq+rAcAUAAEACOdGz8Y6tzIOPf3br875OdDLecFzDWZ01VfViOACAACAD/1bXxjy3OAY3/3XJctgoBY13WVNWH5QgAAoAA8F9r7yE/k7XPAY3//fI3SSitjt+SxnqsqaoPyxEABAAB4LUsOxuPSydrngNZ36/xP01WoazdEzDWYU1VfViOACAAtA8Aecra+zr/+6x1DmSCm8b/POmZWnNi4Pj9a6rqw3IEAAGgfQBwEax3Dtz6i5O2ktUB1fFcwvjda6rqw3Lc+wSA1gEge/uPx6OjNc4BS/0u8+jrF+Vxvbbxe9dU1YflCAACQNsAkLHVzhvPHFv6HOg+x+Ja1nh/wPida6rqw3IEAAGgbQDw9P/OkudAtrntPsfiWrJt8NKTAsfvXFNVH5YjAAgAbQOA8eh3ljoHMnktnz1+Hw+39HyA8fvWVNWH5QgAAkDLAJClaONx6Gypc2Cvr/Pd2p/++aw83tcwfteaqvqwHAFAAGgZAD5+Mu+YdP4euTDzpJdXEY8+/+bFm/9+zTcVLnEOpJEav4fryFDAUksDx+9aU1UfliMACAAtA8Bsu/6lMc/b4NIzUdX3Q37/9x/fTLJLYEjDMH72Ka59DqRxemhdOM1Sbw8cv2dNVX1YjgAgALQLANn4ZzwGW0nDf+13weed+unhePzdy5NXOVz7HDDrf3mZWPmQwHif8XvWVNWH5QgAAkC7AJD3zo/HYAu5+Jae0Z0n8fze+yY8XvMcSKN0a7P+87c4GP/bzDIcVP0NLjF+x5qq+rAcAUAAaBcActMcj8HacszX3uM9DXO6jfPdVX2qf/MQs2/4kzCUUHRfz0vW3Kcnozpes1iiF2D8jjVV9WE5AoAA0C4AzLD8Lw1LVbe1/PHLn967+K91Dsz69J/5CNlJ76Fv10tgmPUdBtfeIXD8/DVV9WE5AoAA0C4AzPBEt8VrXiuZQJhAdK1zII3R+Fu3lgmf13pKnqH3aHTtFQHj56+pqg/LEQAEgHYBYIbtf6t6bSlBoCo/x4wz/9NgX3u5XHaQnK2X45o9SuNnr6mqD8sRAASAdgFg/P1buPa47Qxm21shDXVVz2uYbXvjrCap6vkQ42evqaoPyxEABAABYAMZg6/qdstmGiNfao38sdneJZHln1U9zzV+7pqq+rAcAUAAEAA2sOb73deQxmf8jVvJKoSqjkuYaavj7BJZ1fFc4+euqaoPyxEABAABYCNrPKWuJY3P+Pu2kBtaVb+lZH7BNbdkvkQmO1Z1PNf4uWuq6sNyBAABoF0AyO8dj8FWsrysquOtmaURvMZkxnPN9M6Da6wuGT9zTVV9WI4AIAC0CwCzNFaRiWRb7wlwqVm6/7ccVpll/sM1zqXxM9dU1YflCAACQLsAMONJn7X4Wzy9XsMs3f9bHr9ZegEyJ6Gq3znGz1xTVR+WIwAIAO0CwIybuRzkKfZas7nXMsNNJC8+quq2phl6lq6xHHD8zDVV9WE5AoAA0C4AzLZ8q5IgcAs9ApkEN8N6+DyBV/Vb0yw9IZe+Y2L8vDVV9WE5AoAA0C4AzPQ64PscXlxT/Y4ZJKSMdV5bAsi1d/t7iBmORVy6x8T4eWuq6sNyBAABoF0AiPzm8TjMLFvsZtngbDsIZtLZWNe1JSRVddvCDOfVpctLx89bU1UfliMACAAtA8Dsr6y9S552M9FrluGBjL2PdVzbTKsoZjivLp0IOH7emqr6sBwBQABoGQBm6a69RDZ+2Xp4YIaJbzNNmpxhNUBu6lXdTjV+3pqq+rAcAUAAaBkAYtb3u58rf78lX3zzIVtPAMz3V/XaSoZoxjqu7dKVAOPnramqD8sRAASAtgFgtrfXXWrtIDBDY5cQV9VtS1u/bvrSUDR+3pqq+rAcAUAAaBsAMnN865v1EtYKAnkl7vjda5th/f8oQzNjPdd2yWTR8bPWVNWH5QgAAkDbABB76wU4loZoyfHxGca7Z3yh0gwTARPOqrqdYvysNVX1YTkCgADQOgDEDE9sS0l38FKN5AxLALea+/AhOd5jPdf2h38IANxPABAA2geAPawIuM8SvQEz7Hw3ww6Aoxl2mhQAOIUAIAC0DwDx6Ovb3BfgHOkNuOYT8wzvVLikoVvKDAHgkuWh42etqaoPyxEABAAB4L+y//54bPYoYaf6/efKhjPjZ69txgCQrXjHeq7tkqA3ftaaqvqwHAFAABAA/iurArKt7Hh89iiz5y/dP3+GADDjmxMTSsZ6rk0A4BQCgAAgABzJm9T2skHQfXLxX/LmuBl6TPJip6puWxIAHq6qD8sRAAQAAWDQLQQ8tCdghpuHHoCaAMApBAABQAAopFGc4UU3a3joZjoz3DzMAahd8krg8bPWVNWH5QgAAoAA8AEzLHVbw0MmBs4QkC599/0SZlgFcEkwGj9rTVV9WI4AIAAIAPfIWvOtX3qzhuyKWP3+u8wwCfCSru6lzLC75CWvix4/a01VfViOACAACAAnyGSzva8QSMg5Zw95AaA2Q6/RJZMjx89aU1UfliMACAACwBnS5fzs5ZvugPJY3rrsY1/97soMDV3qUNVtSzNskHTJ6o7xs9ZU1YflCAACgABwpkwQ3PPOgad2H88QANLYVnXb0gxzI6p6nWr8rDVV9WE5AoAAIAA8ULpZ88S8t/kBWd9f/d7RDJPd8o6Dqm5byvU01nNNOR+rep1q/Lw1VfVhOQKAACAAXCjdrXkD3NY3/ms6pRdghvXulzZ215ZzYazj2i4NRePnramqD8sRAAQAAeCK8hKWPbxe+JRlgekBGf/dFi6Z8X5tWTEy1m9tlw6LjJ+3pqo+LEcAEAAEgAVkh7rciG91wuCp58T477Yw00qAGeZFXPImwBg/b01VfViOACAACAALyw35FpcQfvTF/ZvJzDDscc7KhaXN8He+dHvk8fPWVNWH5QgAAoAAsJJ0madX4FYmDZ4yDDDDC4HSy3Lpmw2vIXsobP23ffH6fl7V7RzjZ66pqg/LEQAEAAFgZWkoZthE5z6nnBefPN2+yzsu7fa+hkwEHeu1ttzQq7qdY/zMNVX1YTkCgAAgAGwkPQKzB4Gq3sdmWAkQ6Xqv6remGYZDHvJOh9H4mWuq6sNyBAABQADYWMbaZ50seN+Wsul6n2VI4766LmmGNwBGViFU9TvH+JlrqurDcgQAAUAAmECGBb59Nt/FeMoSu1nqveWugDPcSBPErjEXYvzcNVX1YTkCgAAgAEwiIWCGbuRjp7xud4albwdb7Akww9v/IsNJVf3ONX7umqr6sBwBQAAQACaSBmz8+2zplDX2WXY2/rutpDdizRUB+e2zDIGcEtZOMX7umqr6sBwBQABoGQAye33GV8nGDEvrDk59295MwxeZjV/VcQmz7PqY5X/XCj7jZ6+pqg/LEQAEgJYB4NBtnW7TS16duoRZupQjQamq42iGJXAHeSK/1tPwh8y0guNa3f8xfvaaqvqwHAFAAGgdACIz8GfqDZhlaV2celxmeS/AwdIhYLblmzlnqno+xPjZa6rqw3IEAAGgfQA4yMUww4tlZhpTP6cRnWnoIhICrrEs7li62Wdr/BNgq7o+1Pj5a6rqw3IEAAFAABikITtlH/ylzPBGuYNzAtFsExgP8ve8dH/8yN9lxv0aTh2mOdX4+Wuq6sNyBAABQAC4Qy6ONcaSRzONp587sWzGvQwOsk/AQ4JAutdnfZnTEu9BGL9jTVV9WI4AIAAIAPdIo7bWXvO5mefvMdZhC98/P/+8mKn34i75Xfn7p2GvAkHmM+S/3cLrnK89xBHjd6ypqg/LEQAEAAHgRDlOefXsEjfdSOM/05Nmus6ret5n5l6APclxro7/pcbvWVOuy1lsubX0WgQAAUAAeIBMMEsDmSV72cGv+o5z5DNmWVN+8ND19Jk/MX4W17fU8NT4PV1dc2XFrAQAAUAAuII8jeVNbOkdOCcQ5CaeWeWz7CZ37JIVEY+/m3PMfC8e2jtzivG7uhIAeigLOxEAri9jx7m4IsHg0K0Y6eaf7Wl/dOnSsoSgGUPNHuS4XmNVw13G7+tKAOihLOxEAGB0jZ3lZlrNsCfXXvY3Gr+vKwGgh7KwEwGA0bU2REpX9fjZPFx6j6rjfE3jd3YlAPRQFnYiAHDsmuPLWdmQZXfjd3C+DMtcY8Lpfcbv7UoA6KEs7EQA4Ni1Z5dnOVXeVnf8HZxvqeWno/F7uxIAeigLOxEAOMjkxOp4XeoWNgia2TXf9nef8bu7EgB6KAs7EQCIzC5f8mVIjvnDZNz/2tv9fsj4/V0JAD2UhZ0IAES2vq2O1TWZFHie3KDXbPxjrENXAkAPZWEnAgBLvFSm8uu/mhR4qmwuleNVHccljfXoSgDooSzsRADobemu/1EatVnfrjeLrRr/GOvSlQDQQ1nYiQDQVxr/LV55HBlyGOvDto1/jPXpSgDooSzsRADo6y//Wmdp2V3yMqWxTp1ljsSWjX+MdepKAOihLOxEAOhp68b/IDfa7vsEpCdm6S1+TzXWrSsBoIeysBMBoJc0tlt1+98lL7fJeTjWtYP87rxCuTouWxjr15UA0ENZ2IkA0Edm+6854e8c6frutkxwhi7/0VjHrgSAHsrCTgSAHjLzPtvyVsdjJrnxZiLcWP89yTX358dzDMGMxrp2JQD0UBZ2IgDsW57619pH/prSQKbu4++5ZRl+yVj/2pv7nGOsc1cCQA9lYScCwD5lYtmjr19M3djcJ3X/9PXf6tYnCR7+FrN191fGunclAPRQFnbSMQDkRpwlaHvclS5PzWlsbqG7/1R5De4t7xuQc636XTMa696VANBDWdhJxwBwLJPi0rjkOIzH5pbkTX5Z2nfLT/z3SahJF/otzhGYZZnffcZ6dyUA9FAWdtI9ABxLGEiXcxrT8TjNKBdwhjOyjK76PXt2i2Hgi3/PPyQz1rkrAaCHsrATAaCWG3VuAgkEWa41Qw9Bgkm697OOf89P+ue6pTCQm+7McwFSP36edrnsNeV3judnN2VhJwLA6Q6hII1NnryztC4XUSZ5HR/TS6UhS+jId2Q2/Ewbxcwu8wUOf6OEpfx9ZltNkLkne5qjwW0SAAQAAeDKcmNPA3SQHoQ05JU8yR//fzs8dWwpxziBKsHg2qHtXFnZINixJQFAABAAaCl7I4zXwtoSQmbdEIj9EwAEAAGAtrJqYrwetpBeoqp+sCQBQAAQAGgtje94TWzhy29fmtjJqgQAAUAAoL3Mxxiviy3khnwLuwWyDwKAACAAwGt5Ah+vjS1khUDHfR1YnwAgAAgA8F+Pv5sjBGSFQFYsVHWEaxEABAABAP4rY/DZ22G8RraQFQKZpFjVE65BABAABAA4khAw01bQ2bOgqidcSgAQAAQAGGQi3kzbCmdowgoBrk0AEAAEACgkBOTaGK+XraRXwgoBrkkAEAAEALhDtnWeKQSkLlYIcC0CgAAgAMAHpMHNrPzja2ZLVghwLQKAACAAwD3ykqaZQkB8/MT2wVxGABAABAA4Qd7cuPUbBEeff2OFAA8nAAgAAgCcKCFgvH629uR7KwR4GAFAABAA4AyzvEHwWJYs/uaREMB5BAABQACAM33ydI6XBx3LdZy5ClV9oSIACAACADzALG8QPJaJihmmqOoLIwFAABAA4IG++PeL15dQfV1tyQoBTiEACAACAFxgltcIj6wQ4D4CgAAgAMCFZnmD4Cj1sn0wdxEABAABAC4002uER1khkC2Nq3rTmwAgAAgAcAWzvUHw2LOXVgjwSwKAACAAwJUkBGRjntxYZ5MeCj0BHMt5MbYH3ZSFnQgAAP0IAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAAgAAA0JAAKAAADQkAAgAPzq5/+8/p/i5ABgvwQAAeCN6uQAYL8EAAHgjd/+7cfyBAFgn775SQAoC7v56IufyhMEgH3K/K+xLeimLOzmk6fPyxMEgH169lIAKAu7+fLbl+UJAsD+/ObRD69v/XV70ElZ2M23z34uTxIA9udP/3z2+tZftwedlIUdmQgI0MNnXz1/fduv24JOysKOPn19QlQnCgD7YgngW2VhR1kSUp0oAOzHr//6w6tsAHd8/++qLOwqE0OqEwaAffjLv4z/H5SFXX3+zYvyhAFgH57+8PL17b5uA7opC7tKt5BeAIB9yv1d9/87ZWFnegEA9in39/Ge31lZ2JleAID98fT/S2Vhd4+/szMgwJ54+v+lspBXv/rDP7wgCGAPfvf5j57+C2Uhb7cH/r/PDAUA3Doz/2tlIW+ZEAhw2+z7f7eykHdy8lQnFQBzy8Q/r/29W1nIOzl5rAoAuD32/P+wspD35T0B5gMA3A5v/LtfWcgvPfne0kCAW5BVXOM9nF8qC6mZFAgwt9/+7cdXL970/Nf3cd4pC7nbJ0+flycdANvKq35/fGHS36nKQj4sr5OsTj4AtpF5WpmvNd6vuVtZyP2EAIA5pPG32c/5ykJOIwQAbEvj/3BlIaczJwBgGxr/y5SFnOeLf1sdALCmTPiz0c9lykLOlxRqsyCA5WWp3/fPzfa/VFnIw+QNgjkxqxMWgMv9/u/W+V9LWcjD5cTMLlTViQvAw+XlbN7rfz1lIZczORDgOjK8mp1Yx/sslykLuY7H3718M1GlOqEBuF+GVW3ws4yykOvJtpQffWFIAOBc6fI33r+cspDre/T1C6sEAE6Qe2WWV4/3Ua6rLGQZWbaSGazVCQ/A9296TC3xW0dZyLL0BgD80qdfPX99i6zvm1xfWcjyknD/+KW5AQB56jfRb31lIev58lsrBYCecu8z1r+dspB1ZZZr9g0wLAB08fGT52b4b6wsZBtZMvjnx14xDOxXdkrNtunj/Y/1lYVsKxeH7YSBPckKKG/vm0tZyBzyhkHLBoFblp38nnzvnf0zKguZSyYK/uaR+QHA7cg9ywS/uZWFzCdvwMr+AVYMADPLPSr3Km/tm19ZyLwyazZvxdIjAMwkq5iykY+Z/bejLOQ2ZGjAHAFgS3kYyRP/s5e27701ZSG3JTNr7SoIrCm79+UhZLwfcTvKQm5Tthf+y7+e2VAIWEz2KrFt7z6Uhdy2dMVlLM6EQeAaci/JPUU3/76UhexDZuFmGc7vPjdPADhf7h3p5jejf5/KQvYnuwtm7229AsCHZAgx3fzZiGy8j7AvZSH79vi7l6/+9E/vHADeyfbjedq3jK+PspAeMp6XPQUMEUBP2ab3s6+ev8qLyMb7A/tXFtKPIQLoIdd4rnUz+SkL6c0QAexPrulc2yb0cVAWQuRGkRtG9hbQMwC3JxuEZSWQ5XtUykKoZMfBdB1m3LC62QDbSlBPYE9wN5mP+5SFcJ/MGcjkIe8igG1lEu8nT43pc76yEM6RGcRZTZBlRNUNCriudO3nmjN7n0uUhfBQ6XZM92OGCiwvhOvIG/d07XNtZSFcSyYfZXOR3LzMHYDTpMHPbnyZwJeXfI3XFVxDWQhLSZelQADvy7WQayLXhgaftZSFsJYEgjzl5GknTz3VzRH25rjBN47PVspC2EqefnJTzKzmj74wqZB9yLmceTEZw7cmn1mUhTCTLG9KL0GemCw7ZHZZDZMAm3PW0jxmVhbC7LIpUZZBZejAagO2kNfmprH/9Kvnb3qtsjfGeJ7CzMpCuDXZtjihIJsTZc9zPQVcU3bYS2Of8yvd+CbqsQdlIexFbtSHYJAhhNzE8+RW3eQhY/XZZCfnS57qc+54eQ57VRbC3mUzldzcM06bLtwEA8sSe8jf+dB1/+jrF2/OAzPx6agshM4ycevJ9y/fPAUewoGeg9txGJuPTMbL3/HpD8boYVQWAnc7DCscQkIcGhyvTV5WJnzmOGeex+HYp3H3FA/nKwuBy2StdxqlNE6HhirScB3CQnTvVTh0xx9knsbhWGV4JscwxuMLXK4sBNZ3WMlwkNnmx+EhSx6PG8vKkqsfMkGu+s5jxw14HCbSHXhKh3mUhQDAnr361f8DYnNath4YI+YAAAAASUVORK5CYII=Azure Database for PostgreSQLGE.DSParallelLinesfalseAnyAnyfalseBrowserfalseSE.EI.TMCore.BrowserLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAADu1JREFUeF7t1iGun8cVxuEsobAL6EK6hGyhCygILPACDAILCrKBwIJCAwODgsDAgoCCbsK9MyBTWa/0Kc34+OacBzwB70gz+kufb35fffz4EQAYJo4AQG9xBAB6iyMA0FscAYDe4ggA9BZHAKC3OAIAvcURAOgtjgBAb3EEAHqLIwDQWxwBgN7iCAD0FkcAoLc4AgC9xREA6C2OAEBvcQQAeosjANBbHAGA3uIIAPQWRwCgtzgCAL3FEQDoLY4AQG9xBAB6iyMA0FscAYDe4ggA9BZHAKC3OAIAvcURAOgtjgBAb3EEAHqLIwDQWxwBgN7iCAD0FkcAoLc4AgC9xREA6C2OAEBvcQQAeosjANBbHAGA3uIIAPQWRwCgtzgCAL3FEQDoLY4AQG9xBAB6iyMA0FscAYDe4ggA9BZHAKC3OAIAvcURAOgtjgBAb3EEAHqLIwDQWxwBgN7iCAD0FkcAoLc4AgC9xREA6C2OAEBvcQQAeosjANBbHAGA3uIIAPQWRwCgtzgCAL3FEQDoLY4AQG9xBAB6iyMA0FscAYDe4ggA9BZHAKC3OAIAvcURAOgtjgBAb3EEAHqLIwDQ2/7P7/7w148AwAw/B8BXv//2IwAwgwAAgIEEAAAMJAAAYCABAAADCQAAGEgAAMBAAgAABhIAADCQAACAgQQAAAwkAABgIAEAAAMJAAAYSAAAwEACAAAGEgAAMJAAAICBBAAADCQAAGAgAQAAAwkAABhIAADAQAIAAAYSAAAwkAAAgIEEAAAMJAAAYCABAAADCQAAGEgAAMBAAgAABhIAADCQAACAgQQAAAwkAABgIAEAAAMJAAAYSAAAwEACAAAGEgAAMJAAAICBBAAADCQAAGAgAQAAAwkAABhIAADAQAIAAAYSAAAwkAAAgIEEAAAMJAAAYCABAAADCQAAGEgAAMBAAgAABhIAADCQAACAgQQAAAwkAABgIAEAAAMJAAAYSAAAwEACAAAGEgAAMJAAAICBBAAADCQAAGAgAQAAAwkAABhIAADAQAIAAAYSAAAwkAAAgIEEAAAMJAAAYCABAAADffYA+PZvP+xHAIBf5v0//x3/33rDun8/kg5vEAAA8P8RAAAwkAAAgIEEAAAMJAAAYCABAAADCQAAGEgAAMBAAgAABhIAADCQAACAgQQAAAwkAABgIAEAAAMJAAAYSAAAwEACAAAGEgAAMJAAAICBBAAADCQAAGAgAQAAAwkAABhIAADAQAIAAAYSAAAwkAAAgIEEAAAMJAAAYCABAAADCQAAGEgAAMBAAgAABhIAADCQAACAgQQAAAwkAABgIAEAAAMJAAAYSAAAwEACAAAGEgAAMJAAAICBBEChf7z718c/fv09fHbfvHn/8snl77CD9fvS74Yv6bvvf3z5PPM3+xoJgELr40i/A25bf4w+/f46Wb8v/W74kt68/fDyeeZv9jUSAIUEAFUEANQTAMe6fz+SDm8QAJAJAKgnAI51/34kHd4gACATAFBPABzr/v1IOrxBAEAmAKCeADjW/fuRdHiDAIBMAEA9AXCs+/cj6fAGAQCZAIB6AuBY9+9H0uENAgAyAQD1BMCx7t+PpMMbBABkAgDqCYBj3b8fSYc3CADIBADUEwDHun8/kg5vEACQCQCoJwCOdf9+JB3eIAAgEwBQTwAc6/79SDq8QQBAJgCgngA41v37kXR4gwCATABAPQFwrPv3I+nwBgEAmQCAegLgWPfvR9LhDQIAMgEA9QTAse7fj6TDGwQAZAIA6gmAY92/H0mHNwgAyAQA1BMAx7p/P5IObxAAkAkAqCcAjnX/fiQd3iAAIBMAUE8AHOv+/Ug6vEEAQCYAoJ4AONb9+5F0eIMAgKx7AKx/S+uPLbwm7z789PJ55m/2NRIAhQQAVboHAPDrCYBCAoAqAgB4IgAKCQCqCADgiQAoJACoIgCAJwKgkACgigAAngiAQgKAKgIAeCIACgkAqggA4IkAKCQAqCIAgCcCoJAAoIoAAJ4IgEICgCoCAHgiAAoJAKoIAOCJACgkAKgiAIAnAqCQAKCKAACeCIBCAoAqAgB4IgAKCQCqCADgiQAoJACoIgCAJwKgkACgigAAngiAQgKAKgIAeCIACgkAqggA4IkAKCQAqCIAgCcCoJAAoIoAAJ4IgEICgCrdA2D9W3rz9gO8Ku8+/PTyeeZv9jUSAIUEAFW6B8D6fel3w5e0IuDTb/U1EwCFBABVBADUEwDHun8/kg5vEACQCQCoJwCOdf9+JB3eIAAgEwBQTwAc6/79SDq8QQBAJgCgngA41v37kXR4gwCATABAPQFwrPv3I+nwBgEAmQCAegLgWPfvR9LhDQIAMgEA9QTAse7fj6TDGwQAZAIA6gmAY92/H0mHNwgAyAQA1BMAx7p/P5IObxAAkAkAqCcAjnX/fiQd3iAAIBMAUE8AHOv+/Ug6vEEAQCYAoJ4AONb9+5F0eIMAgEwAQD0BcKz79yPp8AYBAJkAgHoC4Fj370fS4Q0CADIBAPUEwLHu34+kwxsEAGQCAOoJgGPdvx9JhzcIAMgEANQTAMe6fz+SDm8QAJAJAKgnAI51/34kHd4gACATAFBPABzr/v1IOrxBAEAmAKCeADjW/fuRdHiDAICsewB88+b9/o3wmqy/8Z9+q6+ZACgkAKiy/hh9+v0B/C8BUEgAUEUAAE8EQCEBQBUBADwRAIUEAFUEAPBEABQSAFQRAMATAVBIAFBFAABPBEAhAUAVAQA8EQCFBABVBADwRAAUEgBUEQDAEwFQSABQRQAATwRAIQFAFQEAPBEAhQQAVQQA8EQAFBIAVBEAwBMBUEgAUEUAAE8EQCEBQBUBADwRAIUEAFUEAPBEABQSAFQRAMATAVBIAFBFAABPBEAhAUAVAQA8EQCFBABVBADwRAAUEgBUEQDAEwFQSABQRQAATwRAIQFAle4BsH5f+t3wJb15++Hl88zf7GskAAoJAKoIAKgnAI51/34kHd4gACATAFBPABzr/v1IOrxBAEAmAKCeADjW/fuRdHiDAIBMAEA9AXCs+/cj6fAGAQCZAIB6AuBY9+9H0uENAgAyAQD1BMCx7t+PpMMbBABkAgDqCYBj3b8fSYc3CADIBADUEwDHun8/kg5vEACQCQCoJwCOdf9+JB3eIAAgEwBQTwAc6/79SDq8QQBAJgCgngA41v37kXR4gwCATABAPQFwrPv3I+nwBgEAmQCAegLgWPfvR9LhDQIAMgEA9QTAse7fj6TDGwQAZAIA6gmAY92/H0mHNwgAyAQA1BMAx7p/P5IObxAAkAkAqCcAjnX/fiQd3iAAIBMAUE8AHOv+/Ug6vEEAQCYAoJ4AONb9+5F0eIMAgEwAQD0BcKz79yPp8AYBAJkAgHoC4Fj370fS4Q0CALLuAQD8egKgkACgigAAngiAQgKAKgIAeCIACgkAqggA4IkAKCQAqCIAgCcCoJAAoIoAAJ4IgEICgCoCAHgiAAoJAKoIAOCJACgkAKgiAIAnAqCQAKCKAACeCIBCAoAqAgB4IgAKCQCqCADgiQAoJACoIgCAJwKgkACgigAAngiAQgKAKgIAeCIACgkAqggA4IkAKCQAqCIAgCcCoJAAoIoAAJ4IgEICgCoCAHgiAAoJAKoIAOCJACgkAKgiAIAnAqCQAKCKAACeCIBCAoAq3QPgmzfv92+E12T9jf/0W33NBEAhAUCV9cfo0++vk/X70u+GL+nN2w8vn2f+Zl8jAVBIAFBFAEA9AXCs+/cj6fAGAQCZAIB6AuBY9+9H0uENAgAyAQD1BMCx7t+PpMMbBABkAgDqCYBj3b8fSYc3CADIBADUEwDHun8/kg5vEACQCQCoJwCOdf9+JB3eIAAgEwBQTwAc6/79SDq8QQBAJgCgngA41v37kXR4gwCATABAPQFwrPv3I+nwBgEAmQCAegLgWPfvR9LhDQIAMgEA9QTAse7fj6TDGwQAZAIA6gmAY92/H0mHNwgAyAQA1BMAx7p/P5IObxAAkAkAqCcAjnX/fiQd3iAAIBMAUE8AHOv+/Ug6vEEAQCYAoJ4AONb9+5F0eIMAgEwAQD0BcKz79yPp8AYBAJkAgHoC4Fj370fS4Q0CADIBAPUEwLHu34+kwxsEAGQCAOoJgGPdvx9Jhzf81gLghx//sz8Q+NxWbH76/XWyfl/63fAlvfvw08vnmb/Z10gAAMBAAgAABhIAADCQAACAgQQAAAwkAABgIAEAAAMJAAAYSAAAwEACAAAGEgAAMJAAAICBBAAADCQAAGAgAQAAAwkAABhIAADAQAIAAAYSAAAwkAAAgIEEAAAMJAAAYCABAAADCQAAGEgAAMBAAgAABhIAADCQAACAgQQAAAwkAABgIAEAAAMJAAAYSAAAwEACAAAGEgAAMJAAAICBBAAADCQAAGAgAQAAAwkAABhIAADAQAIAAAYSAAAw0G86AL7+0993BAAAv8yf//Iu/r/1hs8eAADA6yMAAGAgAQAAAwkAABhIAADAQAIAAAYSAAAwkAAAgIEEAAAMJAAAYCABAAADCQAAGEgAAMBAAgAABhIAADCQAACAgQQAAAwkAABgIAEAAAMJAAAYSAAAwEACAAAG+jkAAIBZ4ggA9BZHAKC3OAIAvcURAOgtjgBAb3EEAHqLIwDQWxwBgN7iCAD0FkcAoLc4AgC9xREA6C2OAEBvcQQAeosjANBbHAGA3uIIAPQWRwCgtzgCAL3FEQDoLY4AQG9xBAB6iyMA0FscAYDe4ggA9BZHAKC3OAIAvcURAOgtjgBAb3EEAHqLIwDQWxwBgN7iCAD0FkcAoLc4AgC9xREA6C2OAEBvcQQAeosjANBbHAGA3uIIAPQWRwCgtzgCAL3FEQDoLY4AQG9xBAB6iyMA0FscAYDe4ggA9BZHAKC3OAIAvcURAOgtjgBAb3EEAHqLIwDQWxwBgN7iCAD0FkcAoLc4AgC9xREA6C2OAEBvcQQAeosjANBbHAGA3uIIAPQWRwCgtzgCAL3FEQDoLY4AQG9xBAB6iyMA0FscAYDe4ggA9BZHAKC3OAIAvcURAOgtjgBAb3EEAHqLIwDQWxwBgN7iCAD0FkcAoLc4AgCdffzqv7BDXhYT/E+AAAAAAElFTkSuQmCCBrowserGE.EIRectanglefalseAnyAnyfalseA representation of Dynamics CRM Mobile Client ApplicationsfalseSE.EI.TMCore.DynamicsCRMMobileClientLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRQAAXEUBuS1iLAAAABl0RVh0U29mdHdhcmUAcGFpbnQubmV0IDQuMC4xMzQDW3oAAFcBSURBVHhe7d15fFTlvT/wZLIRwiaSbbIvZAES9h1kU0AExQ13LNaiXku1rd3V3tq6AFlmyc6+iEHF4oJr61JvF22rXlu9rVrxcnu76K+29lJ3Pb/nOZNgGD4GiOT7PHPy+eP9InwJkzNn5pPnM3POzMQ5jkNERER9DBxSbHjppZecuKw6IiIjXnzxRef9999Xv47w7yiyGxySvd5++20YRCIik/75z3+qX1H49xbZCQ7JTih0REQ2if69RfaCQ7KLfooNBY2IyEZ8NiA2wCHZg4s/EcWiN998U/0Kw7/XyA5wSPZAwSIiigX6nKXo32lkDzgkO6BAERHFkujfa2QPOCTz9NNnKExERLFEv1Qw+vcb2QEOyTwUJCKiWBT9+43sAIdkFl/rT0Resm/fPvWrDf++I3PgkMx65plnYIiIiGJV9O85Mg8OySwUHiKiWBb9e47Mg0MyC4WHiCiWRf+eI/PgkMxC4SEiimV8TwD7wCGZhcJDRBTL+M6A9oFDMguFh4golrEA2AcOySwUHiKiWMYCYB84JLNQeIiIYhkLgH3gkMxC4SEiimUsAPaBQzILhYeIKJaxANgHDsksFB4ioljGAmAfOCSzUHiIiGIZC4B94JDMQuEhb3r11VdJQfuGvIUFwD5wSGah8JD36A99ir7t+yq0f8hbWADsA4dkFgoPeQ8LwCfQ/iFvYQGwDxySWSg85D0sAJ9A+4e8hQXAPnBIZqHwkPewAHwC7R/yFhYA+8AhmYXCQ97DAvAJtH/IW1gA7AOHZBYKD3kPC8An0P4hb2EBsA8cklkoPOQ9LACfQPuHvIUFwD5wSGah8JD3sAB8Au0f8hYWAPvAIZmFwkPewwLwCbR/yFtYAOwDh2QWCg95DwvAJ9D+IW9hAbAPHJJZKDxERLGMBcA+cEhmofAQEcUyFgD7wCGZhcJDRBTLWADsA4dkFgoPEVEsYwGwDxySWSg8RESxjAXAPnBIZqHwEBHFMhYA+8AhmYXCQ0QUy1gA7AOHZBYKDxFRLGMBsA8cklkoPEREsYwFwD5wSGah8BARxTIWAPvAIZmFwkNEFMtYAOwDh2QWCg8RUSxjAbAPHJJZKDxERLGMBcA+cEhmofAQEcUyFgD7wCGZhcJDRBTLWADsA4dkFgoPEVEsYwGwDxySWSg8RESxjAXAPnBIZqHwEBHFMhYA+8AhmYXCQ0QUy1gA7AOHZBYKDxFRLGMBsA8cklkoPEREsYwFwD5wSGah8BARxTIWAPvAIZmFwkNEFMtYAOwDh2QWCo+0V199VW0K3j4iii0o49JYAOwDh2QWCo80FgAi70AZl8YCYB84JLNQeKSxABB5B8q4NBYA+8AhmYXCI40FgMg7UMalsQDYBw7JLBQeaSwARN6BMi6NBcA+cEhmofBIYwEg8g6UcWksAPaBQzILhUcaCwCRd6CMS2MBsA8cklkoPNJYAIi8A2VcGguAfeCQzELhkcYCQOQdKOPSWADsA4dkFgqPNBYAIu9AGZfGAmAfOCSzUHiksQAQeQfKuDQWAPvAIZmFwiONBYDIO1DGpbEA2AcOySwUHmksAETegTIujQXAPnBIZqHwSGMBIPIOlHFpLAD2gUMyC4VHGgsAkXegjEtjAbAPHJJZKDzSWACIvANlXBoLgH3gkMxC4ZHGAkDkHSjj0lgA7AOHZBYKjzQWACLvQBmXxgJgHzgks1B4pLEAEHkHyrg0FgD7wCGZhcIjjQWAyDtQxqWxANgHDsksFB5pLABE3oEyLo0FwD5wSGah8EhjASDyDpRxaSwA9oFDMguFRxoLAJF3oIxLYwGwDxySWSg80lgAiLwDZVwaC4B94JDMQuGRxgJA5B0o49JYAOwDh2QWCo80FgAi70AZl8YCYB84JLNQeKSxABB5B8q4NBYA+8AhmYXCI40FgMg7UMalsQDYBw7JLBQeaSwARN6BMi6NBcA+cEhmofBIYwEg8g6UcWksAPaBQzILhUcaCwCRd6CMS2MBsA8cklkoPNJYAIi8A2VcGguAfeCQzELhkcYCQOQdKOPSWADsA4dkFgqPNBYAIu9AGZfGAmAfOCSzUHiksQAQeQfKuDQWAPvAIZmFwiONBYDIO1DGpbEA2AcOySwUHmksAETegTIujQXAPnBIZqHwSGMBIPIOlHFpLAD2gUMyC4VHGgsAkXegjEtjAbAPHJJZKDzSWACIvANlXBoLgH3gkMxC4ZHGAkDkHSjj0lgA7AOHZBYKjzQWACLvQBmXxgJgHzgks1B4pLEAEHkHyrg0FgD7wCGZhcIjjQWAyDtQxqWxANgHDsksFB5pLABE3oEyLo0FwD5wSGah8EhjASDyDpRxaSwA9oFDMguFRxoLAJF3oIxLYwGwDxySWSg80lgAiLwDZVwaC4B94JDMQuGRxgJA5B0o49JYAOwDh2QWCo80FgAi70AZl8YCYB84JLNQeKSxABB5B8q4NBYA+8AhmYXCI40FgMg7UMalsQDYBw7JLBQeaSwARN6BMi6NBcA+cEhmofBIYwEg8g6UcWksAPaBQzILhUcaCwCRd6CMS2MBsA8cklkoPNJYAIi8A2VcGguAfeCQzELhkcYCQOQdKOPSWADsA4dkFgqPNBYAIu9AGZfGAmAfOCSzUHiksQAQeQfKuDQWAPvAIZmFwiONBYDIO1DGpbEA2AcOySwUHmksAETegTIujQXAPnBIZqHwSGMBIPIOlHFpLAD2gUMyC4VHGgsAkXegjEtjAbAPHJJZKDzSWACIvANlXBoLgH3gkMxC4ZHGAkDkHSjj0lgA7AOHZBYKjzQWACLvQBmXxgJgHzgks1B4pLEAEHkHyrg0FgD7wCGZhcIjjQWAyDtQxqWxANgHDsksFB5pLABE3oEyLo0FwD5wSGah8EhjASDyDpRxaSwA9oFDMguFRxoLAJF3oIxLYwGwDxySWSg80lgAiLwDZVwaC4B94JDMQuGRxgJA5B0o49JYAOwDh2QWCo80FgAi70AZl8YCYB84JLNQeKSxABB5B8q4NBYA+8AhmYXCI40FgMg7UMalsQDYBw7JLBQeaSwARN6BMi6NBcA+cEhmofBIYwEg8g6UcWksAPaBQzILhUcaCwCRd6CMS2MBsA8cklkoPNJYAIi8A2VcGguAfeCQzELhkcYCQOQdKOPSWADsA4dkFgqPNBYAIu9AGZfGAmAfOCSzUHiksQAQeQfKuDQWAPvAIZmFwiONBYDIO1DGpbEA2AcOySwUHmksAETegTIujQXAPnBIZqHwSGMBIPIOlHFpLAD2gUMyC4VHGgsAkXegjEtjAbAPHJJZKDzSWACIvANlXBoLgH3gkMxC4ZHGAkDkHSjj0lgA7AOHZBYKjzQWACLvQBmXxgJgHzgks1B4pLEAEHkHyrg0FgD7wCGZhcIjjQWAyDtQxqWxANgHDsksFB5pLABE3oEyLo0FwD5wSGah8EhjASDyDpRxaSwA9oFDMguFRxoLAJF3oIxLYwGwDxySWSg80lgAiLwDZVwaC4B94JDMQuGRxgJA5B0o49JYAOwDh2QWCo80FgAi70AZl8YCYB84JLNQeKSxABB5B8q4NBYA+8AhmYXCI40FgMg7UMalsQDYBw7JLBQeaSwARN6BMi6NBcA+cEhmofBIYwEg8g6UcWksAPaBQzILhUcaCwCRd6CMS2MBsA8cklkoPNJYAIi8A2VcGguAfeCQzELhkcYCQOQdKOPSWADsA4dkFgqPNBYA77l+7eOpykXKRPTv5F0o49JYAOwDh2QWCo80FgDvWfm1B9K/cM39Pz/j83fVxmfWjE3MrB+blBkYjL6XvAVlXBoLgH3gkMxC4ZHGAuA9KfkNGWnFTc8m5Qb+TxWA11UBeF0VgAXoe8lbUMalsQDYBw7JLBQeaSwA3hPnr8mI8699Ni6r1onPrHMSMmu1Jeh7yVtQxqWxANgHDsksFB5pLADe8pXr7s0685L2M5MLal/RBSBOFQBdAhQWgD4AZVwaC4B94JDMQuGRxgLgLVd+ffeJy6+889HBZY1vxWXVqwKgZASVEAtAH4AyLo0FwD5wSGah8EhjAfCWMTPXnzhyatujybn1b8Vl6mcAWAD6EpRxaSwA9oFDMguFRxoLgLcUj287o2Bs62vJuYF39dP/LAB9C8q4NBYA+8AhmYXCI40FwFv8o1uWZ1U1O0m5gchtzALQp0Tn2wQWAPvAIZmFwiONBcBbfP61yxUnPmutun15CKCvQRmXxgJgHzgks1B4pLEAeMcXrnqoumhi29q47Br3zH8eAuh7UMalsQDYBw7JLBQeaSwA3jF7yc65/qqWjZGT/0JKgAWgj0EZl8YCYB84JLNQeKSxAHhH1sjmpWkFoTvjMvRt26CohZ8FoE9BGZfGAmAfOCSzUHiksQB4R/Wcja25Y1v+6S76evHP4jMAfQ3KuDQWAPvAIZmFwiONBcAbbgj8Z0JmZWjHoGL91L9+5N/x6J8FoE9BGZfGAmAfOCSzUHiksQDEvnln3+Wbe9au1KTMmp0+/fS/e/yfBaAvQhmXxgJgHzgks1B4pLEAxL7Rs7YkKX5fdvCHkYWfBaCvQhmXxgJgHzgks1B4pLEAxL4LPr+nUnkoZ1TrG+4JgHrR158DoG9jFoA+JTrfJrAA2AcOySwUHmksALFv/LwtE5S/DS1rUAu+vl1ZAPqq6HybwAJgHzgks1B4pLEAxL6kvLUTkvJq/hbvrz30NmYB6FMOuf0NYAGwDxySWSg80lgAYp96tD9B+Ru6fVkA+hZ4HxDGAmAfOCSzUHiksQDEtotX3X/CCUt3tibkhN4+8LR/VywAfcoht78BLAD2gUMyC4VHGgtAbJt16s4VY+Zs+01CTvCDuGy12Helb2MWgD4lOt8msADYBw7JLBQeaSwAsW1wUfMVAwoaXovLrvnQvU1ZAPq0rtk2hQXAPnBIZqHwSGMBiG0pecFvJecG3ovLqv3YvU1ZAPq0rtk2hQXAPnBIZqHwSGMBiE1TT9rpU6oHFjes86nFPh4d/9dYAPoUeB8QxgJgHzgks1B4pLEAxKap89uTpi5o/0p6Zcsv9Gv/4zPUQu++B0CUGCoAbRseT1AGK4no3+nwDrn9DWABsA8cklkoPNJYAGLT1EXt/aee3P5k3tjWj+My1jpxw9TtGfsFYJAyRTkO/Tsd3iG3vwEsAPaBQzILhUcaC0Ds+feaXySetvzujOPLm36Wmh9Si7u6LTNq1O1ZG9PnABSP31hVMn7jDzNHte5Jrwytzxu5+nJlCPpewqLzbQILgH3gkMxC4ZHGAhB75pzanlI1Y1NBQlb9L9wFXh8CyATvAqjFSAG4vu6p9HEnbT9/QFHojf5FwfcHFNe9PqR0zT1KLvp+wuB9QBgLgH3gkMxC4ZHGAhB7MitDw4aVhebHZwaej3z4T52TkBlQJaDjUX9XMVIAvnT94yfMPnNnS3z2mg/iMtc4Pv9aJyl/7StKCfp+wg65/Q1gAbAPHJJZKDzSWABiT97YxkW5Yxr/NyUv8G5cVkDdjgHHl1Ef0wXgjEt2XzfztB3/SMiuc+LT6x2fuk5JeYFXFBaAo3DI7W8AC4B94JDMQuGRxgIQe9KKw2ekFYWdBL9e8DX16F8/E6Bv0xg8B+CsKx5OKJy4fnVWVYsTr89jUGXGlx1wkvOCrygsAEeha7ZNYQGwDxySWSg80lgAYsulqx4uL5646frII//O21Et8p2vAIixArDy6h+nKAuzRrXtjlyXyLkMPn/AScoPvqKwAByFyD40iwXAPnBIZqHwSGMBiC2fu+LBb884pf0VdFtClheAz3/xkYxLvvjIs9Wztx203b6ceh4C6IGu+9AUFgD7wCGZhcIjjQUgtoyavimUN7r1bXRbQpYXgMxRLRnKs/qQRtft9vlZAHqi6z40hQXAPnBIZqHwSGMBiA033PzzZKU4p6ptZ1rhwYtltywuAKdesLt45uKdVyTnhl+L/ihjFoCe6boPTWEBsA8cklkoPNJYAGLDRV/YM3D5yj1Lhpa3/SguO3Twsf5Po29jiwvAjMW3nTxp/q2/6l/QtD8uS21jl213DwHwHICjFp1vE1gA7AOHZBYKjzQWgNgwKLduqLIyMTf487icgxfLT6VvY4sLwLDK8IVDK0IfJOYEP3ZPauyy7SwAPROdbxNYAOwDh2QWCo80FgD7BdY/l1Awbl15al7w4QR/4G/RT5d3y9ICMGLG1lHHlTWuTsrVn2RYq7bz4Hcy5CGAnum6D01hAbAPHJJZKDzSWADsN2vpztTMkc3TknICf/Tp2y3jU972F7G0AGSNarp8QHHoycjL/jo+x6DLdrMA9EzXfWgKC4B94JDMQuGRxgJgv6wRDf6BRYEL4jJq/hKXrhZL/cE/XZ4u/1T6NrawAKhti08rrN+Rkqfvg/q6qD+jtp2HAHomOt8msADYBw7JLBQeaSwA9ssZGf5cRkXwNZ+/5gOfeqTs04cAohZMSN/GlhUAtV0JyiD1CP+OeL3w621kAThmumbbFBYA+8AhmYXCI40FwH4D8kNX988LusfK49UjZg3dlpBlBcCXUZ+v1MRl1r0Et7dD5BCAKgB8K+CjgvalNBYA+8AhmYXCI40FwG7jpm+rTMtrDMal60/7U7dZ5lp1u2mH3paQRQXgnEvu81dM3XRxQlbdW9En/UVjAegZtC+lsQDYBw7JLBQeaSwAdlMFoCl7ROv/6tsq8si/E749D2FXAVg++7Sdv07Mq3n/cNeBBaBn0L6UxgJgHzgks1B4pLEA2G3o8Ka7+ueH39HPAMRlampB18BtCVlUALKrWq8ZVtH8VmJ24OP4w7yUkQWgZ9C+lMYCYB84JLNQeKSxANipenbrYGVKv/zwz33ZegGPfO5/hFo8o06ag/RtbEEBmDB3o0+ZNLgktDlRLew+XWQOcx14EmDPROfbBBYA+8AhmYXCI40FwE7l01oqlHBKfui/D/7o36NkQQGYumBbasWUtpuOGx56IV4f+z/M8X8t8gwA3wfgaKF9KY0FwD5wSGah8EhjAbBTdnXLXOWt5Pz6D6LfJOeoGC4AZ6/YkzRpwY7slIL6x9Sj//d9enuOoAT4/HUsAD2A9qU0FgD7wCGZhcIjjQXAPiNO2DR4yPDw+an5AcenXyN/BI+YP5XhAjBp/rqJ4+e1tfcvCr3uyw448frZjEx9AuDhCgCfAegJtC+lsQDYBw7JLBQeaSwA9ime2DJ7aHm4NS5dLZIZ+naKHBc/avo2NlgArr7+sYHVc9avKJrQ5PQr0J9g2FEAOhd/tM0deA5Az3TNtiksAPaBQzILhUcaC4B98sc21maMaFCLt360rBfM2DwHYPmqB6pLp268CW7XYbgFwKJnAPrnBhOUVCUe/bst0L6UxgJgHzgks1B4pLEA2KdfbkNtco56xKxfK3+gBODb77AMFoCMkc3fHFQa7vYd/z6NbYcA1MI/VvmWkoX+3RZoX0pjAbAPHJJZKDzSWADs0b9odZpyUUJW3WPx+ql//a5/7glzh95uR8xAAaie2ZaqTBxQFLwzKaf+Xbhdh2FTASifvOmsjIqmLYnZdb+Oz6gNxqXXzkTfZwO0L6WxANgHDsksFB5pLAB2uP6WnyZWTG8r7lew9rGE7Jq33OP/mWvUbaRk1xxyjPyI6NtYuACcfPF98cUTWrPzRzf9oF9e/W/dAoO27TBsOAdgzuJNA5TJxePXPXx8eZPjfhaDKmbx6XXfQN9vg+h8m8ACYB84JLNQeKSxANhBFYDjTj7vrrnJuYGX4zPrP3ZP/nMLgF781ddgkTwsfRvLF4CkYRUtY/vlhl5NyK77MLL9Udt1BCwpAOOU/8kc0fBBfHZAbVfQScgMOYkZIRaAbrAA2AcOySwUHmksAHaYf0b7CdMWbr+9X0Hw7+5Z/67Os+W1gxfII6L/r3ABmLOk/dQJc7f+uF9+4O34zp+Ptu0wTBeAKYt2LKmavfGezBF176bk66xEtku/ikFhAegGC4B94JDMQuGRxgJg3ubbfjNo/NwtlxWMbf1rUm7gfXQ79ZhwAaiYsunqovHrnaRc/bM7fj7arsMwdQ7AovPuSlROrZq15XZ/dev+BH/dx2D7WAC6wQJgHzgks1B4pLEAmPe9Nf9RUTxx3S1xGfq4f8ej/mNFsAAMGt6ckegPfc/X+WY/n6kAyL8T4AXX/Lj/WVc+WDH39NufLp6w3onXr77Iblbbo/bfwdvHAtANFgD7wCGZhcIjjQXAvJHT1598XFl4R+Qp/5guAOtSCsJ/dT/pTxcAt9DEzjMAqgDMP+eqh3+fO3bdv5JzdImpUyUAbh8LQDdYAOwDh2QWCo80FgDz+uXV/yDJX//yQYtN1DHxHtGXI1AA5i7dUaR8c/Dwxt8n5OhHy/pndxaZLttzFKTPAVh80R1Lp512267hJ2x1UgvD7uIf2f6O63Hw9rEAdIMFwD5wSGah8EhjATBn6vytg5VZKTnBJ+Iz6tWjTbW4gNvoM+nlAnDi6Q+ljJ61bf6oGZv2phWH3nZPWETbcZSkngE474oHBihzpy3ecVfJ5PX/QtsCsAB0gwXAPnBIZqHwSGMBMEct/uOnnLTld8eXtv4rPks96tQvNXPf+OcYHgbo5QIwa/H9/mEVGy9Tlx/5ednHZtslzgFYfP7t8ededv/Icy67/79LJm2J7CewLQALQDdYAOwDh2QWCo80FgBzhg4PTlH+X3Lu2sjr5d2T5/Dt1GO9XADSChq/lJIb+i/3eD/6+T0k8QyAKgBnzlm642e5Y9a/k1rYUWCODAtAN1gA7AOHZBYKjzQWADNOPOP2cRVTN96c5K9/Nz57rbot9FnzXQ4BHHzMuWf05fRSAaicvSVNOXNgceNDCe4zF13O+kfbcpR6+xyAKQu3nFY9e+Ou4kltTqJ73oIuMArYFoAFoBssAPaBQzILhUcaC4C8TTtf6Td90Y5vVEzb9GdfduijyKf9qYWlswD09I1/ounL6oUCcMEV96TOOHVHddGUDY8NLG18K7Ld+ufon3dstr23CsCkk3YMVKqrT9j4SHZV0zuHHLIA2wKwAHSDBcA+cEhmofBIYwGQpRb/BGVk0cR1bUk5+q1y6z+OnDXfSd0u9heAMSefe/st/YuCf47Pqv0ocs5Cx89zt7/LNvRQLxaA2cqfjy9pficxK/DxISctgm0BWAC6wQJgHzgks1B4pLEAyLr4iofSll/+UKB86saXI8f98e1yzBzjAjBv6V0peeNazssc1fRfCf76d475SYsdeuMcgLFztpxXNnnDw8dXNDvJufpZlx5vNwtAN1gA7AOHZBYKjzQWAFnTT75tyOT5O57KGd2q9v+xXzgPcYwLQOmUDfOGlDVsSVSP0A/9WceuDBzLAuCvbk1VFuSPabs3c0RTxzZ2wj//MFgAusECYB84JLNQeKSxAMjJGnlz0oDi1YVx2Wt/7e5//Vaz+qlz/DTzZ+f+DPXnMSgAZ154R4IypHBi291DKxojl3tgIe24P3UWALQtR+lYHQIYWlKbkl4RHpk5quWZ/gWh99xXK+iPV9bnK2Tgn30EWAC6wQJgHzgks1B4pLEAyFEFYE565c2PJ+TUvqUX/shHzMIF5tjQt/GxKwCVyi7/6IY/J+bqt8jV5eXQ+5MLbctROoYFYOmQ4tr/TM4L7Pdl138U2b7ObcU/+wiwAHSDBcA+cEhmofBIYwGQcfqlu4dkjWhcOSC//l++rNoPRZ7+145BAagc1zygbFLrouGT2/6cVhx6X19mfMZnOoZ+WJ/lEEDrthf7KcNzq5ouS82r3ZOSV+vEH9ttZQHoBguAfeCQzELhkcYCIKNqzpapw8pbGxLSG9RirBYj/bp5iRLwGQvAVdc/kZJf1TxpQEHwxvjs2nfcR8360b9++jz6EMAx1NMC8OXrHki78Ip7q5ZcuPur6RUNzyf59eXp/a0d+nN6iAWgGywA9oFDMguFRxoLgIxhlc03DSgO/9H9wB/3TXMEFn/tMxQAtfj7lPysES3BfrnB9yOL/poO+rKjftYx5B4C6FkBqJ57xvZ/Tyuo/78Ef+Aj91CLu/irbdflBfysHmAB6AYLgH3gkMxC4ZHGAtC7qk5o76eMTC0M356QE1CPoLvu/45FCR9n/uz0z/gMBWBoSTBNaUzND73qy1aX4W6vLi5R5QX97M/oaM8BWHLhLp9S6B+z7tqBJY2/T/DXf+Re1oFFv+PrqJ/TQywA3WABsA8cklkoPNJYAHpXVmWLP7Oi5cbk3MALaP/3uh4WgIkLtxRXz9n4xbT84KuJ7lv9dnPSXy+IHAJQBSDv8AUgo6oxLX1kQ/mwysavpeSHfxaXpcsKvtxjhAWgGywA9oFDMguFRxoLQO854+JH+heO3TBrUGHorweORYPboFf1oACMW7hpgFr8PzfihA3/TC0If6g/qtjnnrcgt/1HWgAGlK/vN7i8adSg4eGrfP7aVyOHWHRhOfQyjyEWgG6wANgHDsksFB5pLAC9RxWA2dMW7dqUnFu7P/KufzFTAE7PHdd8Z3Je4KPErLqPI8fQrS0AE1OLmm9JyWv4iy+z/v1IAegALvcYYQHoBguAfeCQzELhkcYC0Hv81RsvTR/R9mpCdt0H8Ni5hKMoAGPnrklRSoeOCIdTC0P74tLrnHh1Ge5L6AQXf+1wBeDyqx/MUW4unrzxLp8/8FtfZo0TWfz1dvb6WyyzAHSDBcA+cEhmofBIYwHoHRUTAyNS8wON8VkBtTCpRVjv72P1IT9HSv/MIywA37zpybS5Z24fkV6x9prE3Lpn3BPm0jsvpzZyJr17HTpmvay7ArDonF3FJy+748qFZ9/+ZuQtldWCn766Y/HvUgDA5R4jLADdYAGwDxySWSg80lgAjr0x05sTyyYE6ocOr/uDu5/VI+lefkr60x1hAbjqukfL5511+1eTsmv+HnmPAnBZgiIFQL8M8OACUDqxOXHBWXd8bdrJO95Jya37WOz9FA7GAtANFgD7wCGZhcIjjQXg2Fqw5I60OQvbKwcUhh5JzKl/293Pw/QirPe3+EJ1xAVg8PDQJQNKgi/HZwfdd/ozVlg6+Px1qgDUqwJQf6AAqMXfp1ybXd30zOCyxo8SsutVAcD/v5exAHSDBcA+cEhmofBIYwE4torHNYwqGhtuSM6t/5/4rHpHHwJwnwEQPov+gMMUgIGFa33Kecm5tff7svWb5qjvPXAsPeqyBOlnAJLzAq8obgEondhSWjKh+dvDKhqfSy0I/0u/1O+TkxPxZfQiFoBusADYBw7JLBQeaSwAx86is3am5lSFzhlWoRav3FonXi+oWaFPFn+9UB18LLl36du4mwLgr2oanD2qcWJaQc1TSTn6ewOR9/h3t7UGX6YQX05AFYCgKgCRQwDFE1oWF41vdtTirxb+kNpOtV8z13ZQ2wsuoxexAHSDBcA+cEhmofBIYwE4dlQBGFU4bt33fH61OHUuFgfeia7DwQtJ79I/r/sCMF8VgNdT8gPvRT4hT/+fjv8nva1Rok8CzBnTsjhnTLOTkq+uS/R2ym8rC0A3WADsA4dkFgqPNBaAY2dQUejq1PzQb6XfNa9bn1IAcqo3LT++ovXR1IKgu9jC/2tQdAHwqwKQPbrZSc63Yt+yAHSDBcA+cEhmofBIYwH47AbmhlOUCYlZtbvi9VPn6UaOS2NRBWDE9B0DlKUZleseHlDU9HG8+7a5LABHiQWgGywA9oFDMguFRxoLwGdz5dd+lFBQvS5vQE6oJSFr7R/iMlY7ccNUCZA+3o/o2ziqAFRO216svHzc8GZHv8VvQmaj+j61qKL/bxA6BOB3C4C6LuD7hbEAdIMFwD5wSGah8EhjAfhsVAHInX/WnRek5AT+Kz6z9t3ICXRqkdCPqvHiIUffxlEFoGzqumLl5ePKw068Pu6vz/q3YVujsAD0THS+TWABsA8cklkoPNJYAD6bEVPbTi4e3/Jwor9+f2TxVzr3L1485OhtiCoApaoAKC8PKVMFwP13S7Y1CgtAzxy47xnEAmAfOCSzUHiksQD03Jeu/VnViOkbA4OLA47PfTQdVQBscEgB2KAKwIaXBw9vwN9vCXQOwIECAL5fGAtAN1gA7AOHZBYKjzQWgJ5TBeCuWWf88EP3GLptC38nDxUAngR4eGBbxbEA2AcOySwUHmksAEfvW7c80V8pL5uy5dHjy1vUIqv2JQvAMcVnAHoGbKs4FgD7wCGZhcIjjQXg6FWdsK5Q+W6/vNDv4zLUAhv9kj983Fie3pYjLQDo/xvEcwB65qDb1BAWAPvAIZmFwiONBeDo5FQEU44rqT9xSHHd/yTmBN5x3/THltf8I3wGoDewAHSDBcA+cEhmofBIYwE4OqoAjBxUGLo2ITv8ri+79qP4rLVqPxr5SNojw3MAegMLQDdYAOwDh2QWCo80FoAjt+o7Dyf19wcuS8qq/3V8dv1H7uLqPvq3dPHX+AxAb2AB6AYLgH3gkMxC4ZHGAnBk8sY0pCgLUnICu+P1Z/u7L/vTi6vS+eE0+HixOfo2PtICgP6/QTwHoGcOuk0NYQGwDxySWSg80lgADm/ykm2+vLGNuemVwef6F6oFwD3rv/OlfwpeJMzTtzELQG9gAegGC4B94JDMQuGRxgJweKoATBhz0uamgUUNf03wdx6DVgtB537Ei4R5ettYAHoDC0A3WADsA4dkFgqPNBaA7o2etal/ztjmCzKrmv6QlBN696CFPxZ47hwAngTYHbCt4lgA7AOHZBYKjzQWgO4Vjm8eP6A4GPDpp/rdp/4P3YdW81AB4KsADg9sqzgWAPvAIZmFwiONBaB72dUN6wcPD76tP+c/3qbP+T9SnnsGQF0X8P3CWAC6wQJgHzgks1B4pLEAYOdfurtYWZ8/tvm1pFy18GeoAqAXUxvP9v80+jbmOQC9gQWgGywA9oFDMguFRxoLwKFmnrojbcrJ2xdMXrj978dXqIVSPfqPnPGvfvnzHAARfAagZ8C2imMBsA8cklkoPNJYAA5VPXtzRfbo1q/H5wT/6e6nzg/64TkAYngOQM+AbRXHAmAfOCSzUHiksQAcamBJ+Iv9C8N/9GWFPjzwXv9KfLb6Wj8FDPajtfgMQG9gAegGC4B94JDMQuGRxgLwiXELticrV2aMbHkyyR904t33+O+yvzoLQKzQ2+ypcwBaeA7AYRx0mxrCAmAfOCSzUHiksQBEVM5c169i5vrS4dM2PT2sosXx6YUza40SVQJijUeeATioAIDvF8YC0A0WAPvAIZmFwiONBSBCFYDC4VPbrkzyh1+Ozwg48e7T/vp4sy4Ch+63mOGpAsBzAA4HbKs4FgD7wCGZhcIjjQXAiWvc/OK0Uy68+8aknPoX4rNq98dl1EZe868/9CfWTvqLxgLQG1gAusECYB84JLNQeKSxADhxJ56x6+rK6Vuec8/21y/5UwUgLl3tn4y16u8drwCIVSwAvYEFoBssAPaBQzILhUdaXy4AU+e3JyulQ4rCO/vlRJ721+/45z7ydz/md7Wi/o5PBLOfvo2PtACg/2/QpxcAdV3A9wtjAegGC4B94JDMQuGR1scLQKny84yK1v+Ld4/3d9036hd959d4EbCf3nYWgN7AAtANFgD7wCGZhcIjra8WgPlnto+ZvGDbD7KrW9/sV6AWf/3IH+yfmOeRQwB8I6AjA7ZVHAuAfeCQzELhkdZXC8CI6RvOL57Y9kJibv177tP8LABWYQHoGbCt4lgA7AOHZBYKj7S+VgAuverR+LTicGqCv+4bvmy10Oiz/NPdBRI91Rvb9G18oAAEeQjg2GEB6AYLgH3gkMxC4ZHWlwqAWvz7KYUDisPNCTn1r8apAhDZD+qXuoZ/2ccufZ0y1CNmFoBjjQWgGywA9oFDMguFR1pfKgBlUzdUKOH+hYHX9KN/tD88RT36d09udJ8FqI/5QwB8GeDhgW0VxwJgHzgks1B4pPWVAjB27vqCwvEtV2WMbHJSctV19+ox/yjx+lkAXQAyY78A8ByAwwPbKo4FwD5wSGah8EjrQwXgppKJLfvd9/hPV4u/frMfsD+8RheA+IwGzSPPAATh9wtjAegGC4B94JDMQuGR5vUCcNGqe4Yo36qYvumZtMKwWvg7Fn998h8+vts7Duxz/XXXv3cWkc5Z17+D/+e+W2Hn93T++cnXCTkBp5+6noPLmpzjK1v+L2/cxtcmnvzDn00+Zfd0vT9Kp65XBWD9y0OG632hL6vj/6NtNojnAPTMJ/cHc1gA7AOHZBYKjzQvF4DJs7YOnDRv65SJC7f+ImNky373hDj91H/nAop/ufcOvUC7P7fjZ+uFt3Px7fp399CEFvV9ij5vIbUg4AyrbHQKJ6z7sH9h8FeJOfU/SisK/yh9ZPOPUgtDtyXlBtcNLG1clzGqdV3euA3B0XNv++6FV//H5cu/8tMCvU/KpmwoViIFwN0X6rKl98URYAHomQP3J4NYAOwDh2QWCo80rxaAq7/7eEL1tE3VBdWt1yb46/+Errsod7Fdq77uWNzdRV0fzw4palE5sNDXOPHZa9XiV+sMUot0Uk7w9bjM+n3q3/Yl5dbuyxzVtG/8Sdv2nX3JD18ZNWPDVf5RLafMOW3XKd+88elTrlvzaz/aF9rWnb8d9p3vP5Y7Yc6W6WUTN+4dog8B6BMhOwuAZXgIoGfAtopjAbAPHJJZKDzSPFwA8nLHtV6TkFOnF/8Poq+3uM7PF9DPQrhP5+vPHgg4SZlBx5ehFuNM9YhcLXp6UU4rCDmjZmx1rvzGT5zFF9z7BVUAKtVCXakKQKUqAJXjT9xWueySH1aMmL7heH9Vy8DZp9058Fs3/XKgKgCJaF9oqgA0XPuDx1844eQtLw0ZHnpP7ZfI4q8/9MjCEsCTAHsGbKs4FgD7wCGZhcIjzasFIKOi5aq0wvAv3OtpywKnt0OVAJ/6OrUw4AwuDe1Pyw//Z+X0W5+tnLnjdlUArlYF4OqBReGrJ8zbcfW/r/m1VrB++/O+b9/05IBLrn5wxKRF7dU5Y9eNK5zQMuOEpXd+e8KC9rr8iRvr+hUG6xL8gbr4zPq6uMyaurgsrVZ9XeeauujWVyYt2ObkVDc7SXrx73gWQn3/odtpgU9/BoAFoDtgW8WxANgHDsksFB5pXisA2eU1g5U5KTmBJxKy9WLRzYKBj+8eRtfL6Dymr+bu3/WfXemfUevEq/+jn84fUtH4ZnJu8NkhpaFfZo4MP+4f07BzSHnjdcsuf/Db31r99KKLrvxJklI+7ZSdo0sntU2snrN9QdaotgVDyppOyaxqOXfErM3XZY9u+/7A0oabjysLNYw8Yev/lk3b4mSManWS8wKOT19f9yV/ndulF3lNbYc+4a/zpD93FvnafZnggevTA3AffXY8B6Bn4G0kjAXAPnBIZqHwSPNgAZisvJ6SW/NBZBEOR66rXrjxL/OjEp9doxbNzmP5t6hFVH3tvtueunz16D5efe1zn+rXb8JT6yT41zpJ/hpn/IKtzqKL7vqPqSffduYP1vzHSZu3PeeelNeVWvyHKrXTFu3cWTpp3eOqADiqADj9CtR16Lod6vroy47QX0d0vN6/Q+c26YVf/5vW+X+6UtcH+KTcRFOX01XX7TqGWAB65pDbxwAWAPvAIZmFwiPNSwVg7Nyty0snb3gqJS/4XkJ2zceR66gLgPqlHXW9e65jEcxUC5Fe6DsX3HQ1VwuqLho+tUhMWtDuqEfy7aoAnKQKwEnj5m89SRWAiVNO3pFx49qfDr3mu09edv5lex46vrTmocTMtQ+p//9Qgj/46JDhja8NLA7+uX9B/ZsDS+qd1NwaJ1GVjoO2ocui71ILvBaXrrdD/9nxd3fx1wVF0dvW+f/dMtSV/rfOkxT11x3f27VMuH+qedfL6UU8B6BnwLaKYwGwDxySWSg80rxQAC64/L4U5fzq2VseGlbZrB6hd5wp7i5YauGKus6fTeeCqL5WC26SP+gMKGp4b1Bx+NV+BYFd8Tm1tT5/Xc3J591dc+mXH73wwi8+VDn15O1Thk/ceFF6efNX1OL8FVUevjLyhK0PjZu3zUnLr3F87kKtt1M/au/y6DxrrePLXKO+/vQC4F5H9/9r6u/usxCa/rrj3w8s7OrvWnQBOLDod/meAwt/V/qyOnR+Xy/hOQA9A7ZVHAuAfeCQzELhkRbrBWDs7FtTZ5yys3LRebueHT5lo7pOeiHtXLz0YrWm47qq2aFP5XahvufAgtjx/Qf2k/468vd4tUgn+UPOwOKA0y+v/vVBReFXcqrani6furFpxqk7lyy74oGCoZWhokGl4YqxJ956yvQlO79RMW1jOH/0ut8dV9oUeYSunz1wF1i1sLtvTKS/1qVFbbP+umPxju/4+fFq+xJyg05yQdBJLQo5A0rCHw0uCX+Q6K//iyoK+1RRUGr2Jfjr9yXlBvcl54X2pag/U3LD6uvw3oScut/1KwruTSkIvpqYG/i9uozX+heH9nVKzq1/OTkv8Id+Ber/5au/5wXdy0n0B/clZNeryw7sU9um1O3zZdf9SX3vW2nFYaef2p6kvICTkKO22d1veh9FU/MD+/Yw/+5e38hcF4DEvMArSuQQwOhmHgI4ApF9aBYLgH3gkMxC4ZHmgQIwZtSMraFBwxv/nKgWyQMLi7v4q+voPgPQAf8y76C+Vz8Vnt3xdLn7iFw/La7m7td60daLcq2TXtnoLFy2S7krPOu0O+arApBdMW3T0Ku///OLzrriwfXHVYR+qArAi6n5ob8kZAfeTPAH31J/vu/T26AfqeuF/sBT6h3bqOjL/mRe4xYAfZZ+v/wGZ9jIVqd06npn/Pxtztwzbn9v6fK7/jJ8yoYb+xWEVw4sbVo5pLx5Zfn0zSunLNqxcvYZO1cuXXHvynNX3rvyvJV3n3vKRbvHXfXdx5d98drHTj/vigemff2G/7j4Wzf+dGWHL1zy5Yfnnv9v9yy+6Iv3rDzn8vtWnnzB7pXTl965snp++0r/2NaVQyoaV6aVNKxMym9YmVnV+p0xJ23fM3PpHU7V7C1OwbhW57iykONzD1PobdfXTT9K77iO+jq5+1XvX30d9Uzr3Ad63rHv3ftk5P/GuwWgXhWA+o4C0LjYX90YeQbgkNtOHAtAN1gA7AOHZBYKj7RYLgDLrtgzrXru9lsGFDe97PMH3ok8hR31dPmBBeegX+CHchff1ZFFqfNRuF6c1Fw9CnYGFTV9vPTi+9498exd7RkjG1ecftHdK879wp4JI6asX5ZZFt6Q4K/bkFHV+pPsMW2vpeTX/CUpN/CeT5cG/VG8mSH1p1rU9GW65wroy9Y/Vy2cec3O0BFtTvW87c6ii3b/LXv0um+rArBCFYAVqgCsiM8MrEgtaFiRUdW2omLmxhVTTtmx4uTzdl18/mX3nFM1a3NVWnFj4dDKtsKMUesKJy68rfCUC+4qPOeye4q+dsMTZd+56fGSW0I/nRdoe/rWG+t/8sB31zy+57urn7jjhponH7mh5olHbw7+7IfNW15Y27rthapbGn6aft3qRwu/9v3HCy/56iOFp116f+EJy+4uLJ62oTCjurlwcHlTYUphU2HehPWVUxa3zz3xnLtWjDtp+4qSiW0rji8PrUjw16xQ+1htd+CAaUt23Dnj9Nv+UjRjvTOovNFJzFX7wX32I7Jf4/TJlBl6n+uipfe5Wtzd/RV0fP6g/v5XFLcA5I5pXZwzutVJ4TMA3Tr4vm8GC4B94JDMQuGRFosF4OrrfpailE9adNuNOWPW/WfkUaf6xawfOR9SAI6U+n8ZN6tH3EFFL9a17/oyA38cUt74m2GVzY9mVbTd/u2bfv7QNTf85KbRczctS8iqW+bLDp4zsDC0YXBR0C0J7jaohU0fu9fH5xPUAp+S2/CRKijvDChq+Gt6Rcu+0kmbXu1fGLxPPcptj/M3ticUbWjPm7SlfdHyu9uvq32q5cbwr0df8a1H/TOX3pY7oCyYe/7lu04469LdS9Uj7mXlMzYuy6xuXZZW3LAsPrNmWXyGVqvUL1OlZZn6+cvUIrxMPcpe1r8gdGFybuC80XO3/vvyVXs+OPvSu5zTP3enc8bn7nLOWPFD9fUu/effz7r0gafKp22+xpdZu8ynLk/Tl632h1Kr1LmXq/aJKyEnsCytpHFZ1uiNy0acsG3Z3LN2LVt4/u75vtya3LTh4dwxJ7Xnfu5Lj/vr2p4fckvDz86+/NsPBSaevqM9Y3Rre3J+Q7ta3JXa9rSS4AODy4K/GlBYuy8hq+Z/kvyBf6p99V5idviN5JzQH4eUtezLH7/5yYLxm91XS+SOWb84d/R6VQD0Oyei208UC0A3WADsA4dkFgqPtFgsACuveSLr819+7LrsqrbfuCfCHfSIvad0cbhFn8H/gVrM307Mqnst1R/csfi8e6/79k2/XJA7ujmjeta606acsuXeUbM3OqoAqJ8XKR76hD1VFpzEHP2oNfBhfHbd/oSs+n/2zw/9I6Oy6Y2yyW0vj5y+4b6lF9+zKbTpxaa6db+pPH3FntTq2Tv6T1iwbVDZtE2DMka1Dp5wcnvGV7730wXnXn7/eeMXbFvevySw/MwVd/zotIt3vTl1yU5n+LSN7mv++xc1uD9TFQBdVBR9/TsKiEttW+f+cOlnHbrq+r31atvrFHUd1OXpExLdkw5d+nv1/498nz4coY/3pxU3OplVG5zyGVucE5be4cxbtuv5+Jya5akl4eUVM7cvX3rxA+de+e0nZp79hfsLji9vGlwyed3gsmmbB1bN2pJ24pntqd+t+2VqXdtvR5132YOfHzN76+aBhXVbBpeEfple2bzvuJLmhzKGh2+bsei2Tau+89M1Soa+zXNGr1ucU93mpOQFo243I1gAusECYB84JLNQeKTFYgEYMLyxcmBZ43NJeYF/ue9k5769rl7AI8fN0fU8rOw6fdz5w4IJ654vn7bxpqyRzbNLxm0YXTVz3TVF41vuHFQS/mVyTuB3qQXBN/sX6qey1f/poN/oJ7Wo3pmw8FZn0QW7Xyye0PaNimmbzi2ZuGFuRmXjBFUAxqgCUHHa8ntK1OI/4rq1P/vymZ+//8bRs3eEx8/f9pgqAD9XC/tTKQWhX6rLfrFffvClpJzgy3HZgZcHlYb+MaQ8/MGAkgann3r0q0uGfsMf93ofWJz19Y/M3MMMeu7+2XUx75gfJLKwR3Sdq4W/85UFbgnopM9J0M9s1DtJuQGnX0HAGVgaVhr+pfb7y/FqexNzAi+nqO1PyQv9NjU//OuhZU1PqQLwC1UA7lEFoPXEs9q/f33dL6+9qfG5CeeufDBj7OytJQML60tUAahSBWCcKgCVqgAMn37ybSVq8c9X3Lc31gXAX73OSeYzAN0C2yqOBcA+cEhmofBIi7UCoB71zojLqGmJy6r9v8h1UIuXPnHMPYlM039XOo/Xdv67exKf+tNd2NTMfcSsvlb/r2jSBqdq9rbfJuaFrlt0wZ010xe11x5f0rI2JT+wemBR/cMDCgN/TMkLq8VP/399Ul7QyRvX5gwqbdimFsVrVQG4dkBp/bVzz77j2s9/5ZHPz1x0a+UlV92f/rlVPzpxyfn33pBZ2nBDSvbqG3wZN9+QnFN7c+WMzU8WTtz4wvGVLX/Iqm55d2hl80f9ixvcj/KNPhs+8rW+XtHzT9F1IYf/t/Przr8j6t8OugxEXy7ark++J8EfcFILQs5x5Q0fH1fR9I/jK5te849u+c3oE299NqNq/fr4jPobEtNvuaGgquGGs1bsuuG61T9ZoSSg271gbNvi/LFtjipJn9y25rAAdIMFwD5wSGah8EiLhQIwaf6t8aNnb00eVNJYlZBV2xR5c5vOxUf9Qo66TgdT/+6eeKYWDvckM/VoOD3gJGQF3k7Orfvf+JyaX5xw2s5nz//CA9sHFjecsPiiu66tmLL5p2l5DeqRdq1a7Oud/oXhd1IKGv8cnxX6pSoATw4ubXhy6uIdT5647I6Fi87fdXz5jI1ZJ51118TCseun+zLrpsf5lay66ZMXtjfNOGWnc1xxyEnKWqMena92n7aPPDrvWEzgNvcFIffQRULGGiezMuTMXnqbc97l9/06JT88S+2n6VmjmqZPWLBzesnk1ukDiwLTjysNf81fxfcBOBywreJYAOwDh2QWCo+0GCkAKWNmb81RBeCR5Ly69+Iy9VvwqgKgF9HDFYADj4h1YVCLb3aNe4b5kOFNL1VMaw3njmnMza1unTaktLEmyR/cn+APvhufrY/j16oCsNbJHNXqlE3f+lrVgu0bS2duqVAlov+A4nD/6afe1n/VN348/ZQLdi1VBWClKgCvqgKwXxWA/aoA7Fc/e7+6jPf0WwHH+zte0uc+66C2xX1qXW9fHywAHbeH3heR/aH+zNbPFgSV8IdxmYH9qgDszxrZtF8VgP2qAOxXBWB/XHrNO/H+qMsyhwWgGywA9oFDMguFR1osFIDBxU2TlPvV4v+GTz9F7i4eHce1j2QR1QuNetSdnBt4M7uq5afHVzR/s3h86/dGTGndPagkuCs5t+7HCf7a3+vXsuvPyc8e1fLb4ZM3bJ6+ePvqMXO3XVo+c9uCKUtvn37+ZY9cNnHBbdcPq2wKDilpuHNIacPj/QtDv0jJCz2bPqLlnf4F+lFtXeSzANzj6nqh1+/Cp7ahY+GLfK3nnSWgD3L3hd4/+tG8vv260HN12/bLCzhDy1qcgUVhJ8kfeQmlT5/LcNBhB2NYALrBAmAfOCSzUHik2VwArm/YO2/E3NvPSc4NNaTmhdUj945FM0O/VK/LQqC/1sWgk14kOr7Wj+RT1SKiFumfZlQ275i9eOevCsa2rD6+LLguo7zh9yn5gff91c1O/riWP8RnrWnJHNnYUjF1w1dPPW/X+auueSAwfvbmr6uFZ2VqXv1VI2dsfTBnzLoX0opDf0otCH6c4O9YsDoXMnfb1M/U78nvLnKd9KEHpev3aXrb3e2NiLxJjv6eju9Ts4TcgPvStzR1HYaUNTrDRjQ7WVXNjn90k/uqgMpZW5wRs7c6o+ZscyYvus2ZuXRnt2Ysvd2Zcfod6s87ncmn7HRGzdrsjFT/v1RdVu64Vsc/ps0ZNrLZOa6iyRlc3uTocxPcN1hyt7lj/7vbq7evU8e/RS/O7v/pvE5dv19x9xv4e8d5Fu4JjZpb9nQB0B+j3HH5hx6Tl8YC0A0WAPvAIZmFwiPN5gLwjdrftVfMbn/Jpx8BdlkUD6IXnnT1yFCXA/0UsT4ZUL9/vvq6f1FQLZaNTun0TU7x1E03TD3ptosWnb3LyRjR+G5ybv3+/gXhN9Wi+99TF+3404WX39c+59zdBcNGNhQk+GsKJs/bvOT0c3f+PV+VA/3IM149ko8869C5yHX+qbZJL1oHFjC9TXquy4datPRLA3PCTkJ2wwe+rIZ3fFmh/Uk5wf39CsL7VTH5hy9Hv5Vv7WvxmXV7fZmBvXGZwb1xWSElsFfN96YWhvYOLW/am1PVtrdi2ua9E07avnfG4u17556+de+Fq+7fe9k3f7z33659dO+q657Yu6bxl3vbtv7np2pVmrc+v7d5+wt7G7f9197Vjc/uXfXNR/Ze+e3H917wxT17F5zbvnf2GbfvHT9/+94Rs7bsLZuxda9/9Ia9aUUNe9Wj8r1xw5R0JaNObafe1nqXL6tuX1JO/euqJL2l96svu25/fFbd/sTs+vf1ZyUk5ITUvui4/Tr3kz4PQpcld9/pr/XCr8/TiJys6b4XgztX+7nzGZXOBbjztjeHBaAbLAD2gUMyC4VHms0F4IzL97TnjNvwkv5wn0gBiN5+vdgr+v311eLsLtL6aWK1sAwobnTmnX2Xs7r5GeeKax91xs7b8deU7PC+wcMbnUGFjb8dP7f9vsu/8WRd+fStE2acuvP0+efvDsw+Z/fvVAH4nSoAv0vIrnttUFH4w6Qcddnuy+j0QqS/1j9T/7xIKXFfdtg5cxc3vaDp9wQIq0ftTc6wylYnf+w6J2d02/9kVjY/lVEWvn/MCevvX3rR3fdfevVjLVNP2T4jvbJxpFrsylQBKFMFoEwVACVQpgpAmSoAZaoAlKkCUFY5fXOZKgBlqgCUzTl9S5kqAGWXfevHZaoAlKkCUKYKQJla6D+VKgBlqgCUqQJQpgpA2erG58q+9M1HylQBKDv/yj1lqgCUqQJQpgpAmSoAZeUzt5apAlA2oKihTO3fMlUAylQBUF/Xqe3U21rvGj3n1qnnXf7QqlMv2r114olb7s8sC9w/qKDu/vwxrfuKJm5w0ke2qtsjrPaJ3jd6H3WekKkKgFsC9P7V+1T/m/qz81kB/feOQhApD3of6383jgWgGywA9oFDMguFR5rNBWDxit3tWaM3vOSexd/5cbsHbX/noqDfv18vFnXuMfwTz9rlLFm+2zntc/c4iy68x5l0yg4nb9y6p1Lzws3+setunHPq7c0Ll+3eMn3JnVuHVgTDA0vCtw0b0fxr/RR4aoFe1DsX9Kinvjvop+qTsoPOcaVhJ290y1slkza8kFYQ2jGktHGDf3Rba+GkjXWDSpu/PrCkeVXmqLZVJZPWryqasO7ivOqWM3JHhBfOWLhp4ReuemjhTbXPTlu/5Vdpt93+Sx+6/rFidcPzqUrpyq/+6IR5S3cszBsRWHhccd3C0knrLi6ftmlVdnXbqkGlDatUCfpu2ZRNDUXjN2zQ+yq7qvWBUbO2/il/bNt7Q1QxS8rR+1uVAffZlc59rhd/FoAjBbZVHAuAfeCQzELhkWZ3AbhHFYCNHQVgjfrlH1UA3EfbamHIWuO+QU7e2PXOjCW3Oededrdz3hX3OvPOvvPv/up1v+lXEHw4q7q1rWrutuvLp26+fMGyH7aOnrv9oQHFauXKr3830R95FOrLuMUtEZHL1D8joB7FNziDhze+kVbS8HNfTuBBtRDd58uuv69fbvC+vKrG+ybM3bxt4bIffi+/et2CCSdunXHRqvsmrW19ulLpj65TX7Zh228yAk1Pj/nS1+6dPmHephkzT7v9wrMu3dM4cf6td+WOXndf//zwfep2uE+VgPtSCoKPHVfR9NvjKxvfPVDKdAnoevubwwLQDRYA+8AhmYXCI83+ArDhJfdNfNQif+C4e+eJcx1PDfv8Nc5g9Wh8xdX3O7eEf6Iemd/kpOTVOIUT1z91zXcfu3LlVx/MWLLigbqpS+5w3+o2LqtBUZeZsVb9XV92zcfxWas/Ssio+ciXEfogPjPwgZp9EOev+aBs5uYPTjx394PX1z4zSxmAtpOOvTXbXin58pqn/m3Oudv/mDMu/IEva626TYJK/Qdx2fUfKh91+Ng9L6DzPtFx8mekLHSK+rt7HkGXr48eC0A3WADsA4dkFgqPtNgoAPqRvn6aX2+zXsD117WOLyvkZFdvcOYtu9OZPH+HM+vU252zL73P+fr3f+J85+YnnYu/9OBb5dM3/y6lIPDEgNLwfw8ua3Df8z4hM6jfCMjRx/eHVTQ7g4tDv8+panp87qm3P1w4duPFqgDMVQVgrioAc1UBmKsKwBi1+A9R4LvU0bGnCkDql1c/lasKwIzcceG5qgCo2ySo1M8dM2/7tVMWtT8+oDj4+ODyxj8PHN6oFuWO+4Y+CVTdr/VLMX3qdo6cZKhnauF2zz/QC7gufZr6N7zAHw4LQDdYAOwDh2QWCo+0mCkA+k181C9zffw9wV/rpOaHHP/oDc6oObc6c86401mx6iHnjBX3OHPPusM55/I9zvlX7HFmntbuDB6u39Gv3kktDDnDKpv3541p/a+MytZHBhY1bkrJC6zOqW5bnVHeuKpy8oYLvvClR85V0tG2kD0u++qjI5Z9fs8FQ8vDF2SMavnm0Mrm1T5/3dqBJeH2rKqmn/lHN/1xcEnoo2R/KFIA3PMJ1MLdSd2fIsVAf41zcRgsAN1gAbAPHJJZKDzSYqoAqEdtSXkhZ2CJWszLW5yZp9/hzDl7l1M4boPzb9/8kXPJVx50Ji/a5vQrqFHfo8/CD/2/+Ky1z8VlBJ5Lr2x7rnr2rT8+5cJdaxcuv++8BZ97pAz9TIpNC8++K1GZdOqFd6yae8a2LfkTG5/pXxh6Tj3yfy4+p+6FgcVN7+hPEnQ/RVEt/L50/SmKkWcLeoAFoBssAPaBQzILhUdaLBUA/ZK7jKomZ8TsDU5eVYtz8aoHnEuuftDJGtHsDCltcdIKm51+uWEnObPGmb6w3Vl6wX3bVAHIVAUgM6NyXWbVrO3pqgAMXrh8T6oqAO6nzJF3qAKQrArAgHlnbj9OFYCM1IJQpioAmaNmbh17yrK7f1c6oc1JcA8lNThx6focED4D0BtYAOwDh2QWCo80mwvA6Rftac+p7ngfgOw65/jKZmf4tA3OmBM3OcUT1znjTtrqVM/Z8rchJaFfj5yx9emSCZvDvozg8qSMmuWzF9+xfPllj0xFl0t9y1nL9/RXTquYvH65KgDL4zIbl1dO3nxHXnXrr5Jz63+Xkhd6T39yYeQ8AX1oQGXjIHqu89LxfgWZLADdYQGwDxySWSg80mwuAGdedF97bvX6l/RL/NKKG52cMev0gu9MX3Lr/pGzN/8iq7p5d//CQLh/Qf1XFp9311UrrnxwErocomgXXnLPaZPmbflyWmH9dWmFDZvTihoeGFrR/GLuuA2O/kwHn86H+y6EHfSJhPo9Cty/swB0hwXAPnBIZqHwSLO5ACy75O72oonrXho0vOHd3HEb38gc2fLGmLlb3zjt4nueXXLxPRcpeej/ER2tJRftGr30kru/t/Tz976RP7r1jRR/4A1fRv3fk3NrPtKfCqkX//is+o/Uo/83lS+hy7AByrg0FgD7wCGZhcIjzeYCcO13H2i/9It7Xjrrc/c8kTd+0zhVAMaNmbN1nCoAo9Tif7ySjP4f0dFSBaC/KgA5Sy+9d1xedcs4VQDGlYxvvnDmyRv+kVHR6CRl1TsDcmv+X7K/9lxVADLRZdgAZVwaC4B94JDMQuGRZnMBuPnmh077+nd+dPlVX3/0bPTvRL1pybKt2cqXc0c1fyslq/5bQ/JrrlIy0PfaAmVcGguAfeCQzELhkWZzASCio4MyLo0FwD5wSGah8EhjASDyDpRxaSwA9oFDMguFRxoLAJF3oIxLYwGwDxySWSg80lgAiLwDZVwaC4B94JDMQuGRxgJA5B0o49JYAOwDh2QWCo80FgAi70AZl8YCYB84JLNQeKSxABB5B8q4NBYA+8AhmYXCI40FgMg7UMalsQDYBw7JLBQeaSwARN6BMi6NBcA+cEhmofBIYwEg8g6UcWksAPaBQzILhUcaCwCRd6CMS2MBsA8cklkoPNJYAIi8A2VcGguAfeCQzELhkcYCQOQdKOPSWADsA4dkFgqPNBYAIu9AGZfGAmAfOCSzUHiksQAQeQfKuDQWAPvAIZmFwiONBYDIO1DGpbEA2AcOySwUHmksAETegTIujQXAPnBIZqHwSGMBIPIOlHFpLAD2gUMyC4VHGgsAkXegjEtjAbAPHJJZKDzSWACIvANlXBoLgH3gkMxC4ZHGAkDkHSjj0lgA7AOHZBYKjzQWACLvQBmXxgJgHzgks1B4pLEAEHkHyrg0FgD7wCGZhcIjjQWAyDtQxqWxANgHDsksFB5pLABE3oEyLo0FwD5wSGah8EhjASDyDpRxaSwA9oFDMguFRxoLAJF3oIxLYwGwDxySWSg80lgAiLwDZVwaC4B94JDMQuGRxgJA5B0o49JYAOwDh2QWCo80FgAi70AZl8YCYB84JLNQeKSxABB5B8q4NBYA+8AhmYXCI40FgMg7UMalsQDYBw7JLBQeaSwARN6BMi6NBcA+cEhmofBIYwEg8g6UcWksAPaBQzILhUcaCwCRd6CMS2MBsA8cklkoPNJYAIi8A2VcGguAfeCQzELhkcYCQOQdKOPSWADsA4dkFgqPNBYAIu9AGZfGAmAfOCSzUHiksQAQeQfKuDQWAPvAIZmFwiONBYDIO1DGpbEA2AcOySwUHmksAETegTIujQXAPnBIZqHwSGMBIPIOlHFpLAD2gUMyC4VHGgsAkXegjEtjAbAPHJJZKDzSWACIvANlXBoLgH3gkMxC4ZHGAkDkHSjj0lgA7AOHZBYKjzQWACLvQBmXxgJgHzgks1B4pLEAEHkHyrg0FgD7wCGZhcIjjQWAyDtQxqWxANgHDsksFB5pLABE3oEyLo0FwD5wSGah8EhjASDyDpRxaSwA9oFDMguFRxoLAJF3oIxLYwGwDxySWSg80lgAiLwDZVwaC4B94JDMQuGRxgJA5B0o49JYAOwDh2QWCo80FgAi70AZl8YCYB84JLNQeKSxABB5B8q4NBYA+8AhmYXCI40FgMg7UMalsQDYBw7JLBQeaSwARN6BMi6NBcA+cEhmofBIYwEg8g6UcWksAPaBQzILhUcaCwCRd6CMS2MBsA8cklkoPNJYAIi8A2VcGguAfeCQzELhkcYCQOQdKOPSWADsA4dkFgqPNBYAIu9AGZfGAmAfOCSzUHiksQAQeQfKuDQWAPvAIZmFwiONBYDIO1DGpbEA2AcOySwUHmksAETegTIujQXAPnBIZqHwSGMBIPIOlHFpLAD2gUMyC4VHGgsAkXegjEtjAbAPHJJZKDzSWACIvANlXBoLgH3gkMxC4ZHGAkDkHSjj0lgA7AOHZBYKjzQWACLvQBmXxgJgHzgks1B4pLEAEHkHyrg0FgD7wCGZhcIjjQWAyDtQxqWxANgHDsksFB5pLABE3oEyLo0FwD5wSGah8EhjASDyDpRxaSwA9oFDMguFRxoLAJF3oIxLYwGwDxySWSg80lgAiLwDZVwaC4B94JDMQuGRxgJA5B0o49JYAOwDh2QWCo80FgAi70AZl8YCYB84JLNQeKSxABB5B8q4NBYA+8AhmYXCI40FgMg7UMalsQDYBw7JLBQeaSwARN6BMi6NBcA+cEhmofBIYwEg8g6UcWksAPaBQzILhUcaCwCRd6CMS2MBsA8cklkoPNJYAIi8A2VcGguAfeCQzELhkcYCQOQdKOPSWADsA4dkFgqPNBYAIu9AGZfGAmAfOCSzUHiksQAQeQfKuDQWAPvAIZmFwiONBYDIO1DGpbEA2AcOySwUHmksAETegTIujQXAPnBIZqHwSGMBIPIOlHFpLAD2gUMyC4VHGgsAkXegjEtjAbAPHJJZKDzSWACIvANlXBoLgH3gkMxC4ZHGAkDkHSjj0lgA7AOHZBYKjzQWACLvQBmXxgJgHzgks1B4pLEAEHkHyrg0FgD7wCGZhcIjjQWAyDtQxqWxANgHDsksFB5pLABE3oEyLo0FwD5wSGah8EhjASDyDpRxaSwA9oFDMguFRxoLAJF3oIxLYwGwDxySWSg80lgAiLwDZVwaC4B94JDMQuGRxgJA5B0o49JYAOwDh2QWCo80FgAi70AZl8YCYB84JLNQeKSxABB5B8q4NBYA+8AhmYXCI40FgMg7UMalsQDYBw7JLBQeaSwARN6BMi6NBcA+cEhmofBIYwEg8g6UcWksAPaBQzILhUcaCwCRd6CMS2MBsA8cklkoPNJYAIi8A2VcGguAfeCQzELhkcYCQOQdKOPSWADsA4dkFgqPNBYAIu9AGZfGAmAfOCSzUHiksQAQeQfKuDQWAPvAIZmFwiONBYDIO1DGpbEA2AcOySwUHmksAETegTIujQXAPnBIZqHwSGMBIPIOlHFpLAD2gUMyC4VHGgsAkXegjEtjAbAPHJJZKDzSWACIvANlXBoLgH3gkMxC4ZHGAkDkHSjj0lgA7AOHZBYKjzQWACLvQBmXxgJgHzgks1B4pLEAEHkHyrg0FgD7wCGZhcIjjQWAyDtQxqWxANgHDsksFB5pLABE3oEyLo0FwD5wSGah8EhjASDyDpRxaSwA9oFDMguFRxoLAJF3oIxLYwGwDxySWSg80lgAiLwDZVwaC4B94JDMQuGRxgJA5B0o49JYAOwDh2QWCo80FgAi70AZl8YCYB84JLNQeIiIYhkLgH3gkMxC4SEiimUsAPaBQzILhYeIKJaxANgHDsksFB4ioljGAmAfOCSzUHiIiGIZC4B94JDMQuEhIoplLAD2gUMyC4WHiCiWsQDYBw7JLBQeIqJYxgJgHzgks1B4iIhiGQuAfeCQzELhISKKZSwA9oFDMguFh4golrEA2AcOySwUHiKiWMYCYB84JLNQeIg+q6efftrZt2+fuovh+52mf0m/+OKL8P8TfRYsAPaBQzILhYeoJ5555hnn7bffVncrfF87HP2pkOhyiY4WC4B94JDMQuEhOhr6UXz0/eqz0L+80c8hOlIsAPaBQzILhYfoSOin+aPvT8fSn/70J/hziQ6HBcA+cEhmofAQHc7hju8fK++//z78+UTdYQGwDxySWSg8RN0x8csVbQfRp2EBsA8cklkoPESf5rOc5PdZoe0hQlgA7AOHZBYKDxFiwy9VtF1E0VgA7AOHZBYKD1E0fUJe9H3HBJ4TQEeCBcA+cEhmofAQdfX888+ruwq+/5igD0Og7STqxAJgHzgks1B4iLqKvs/YQL8EEW0rkcYCYB84JLNQeIg6Sb3cryfQ9hJpLAD2gUMyC4WHqFP0/cUm/BwB+jQsAPaBQzILhYdI0+/NH31/sQ3abiIWAPvAIZmFwkOkRd9XbIS2m4gFwD5wSGah8BBp0fcVG73++utw26lvYwGwDxySWSg8RC+99JK6e+D7jG3Q9lPfxgJgHzgks1B4iPQb7kTfV2yFtp/6NhYA+8AhmYXCQxR9P7EZ2n7q21gA7AOHZBYKD1H0/cRmzzzzDLwO1HexANgHDsksFB6i6PuJzfTLFdF1oL6LBcA+cEhmofAQRd9PbMZXAlA0FgD7wCGZhcJDFH0/sZn+pEJ0HajvYgGwDxySWSg8RNH3E5vplyyi60B9FwuAfeCQzELhIYq+n9iMJwFSNBYA+8AhmYXCQxR9P7EZ2n7q21gA7AOHZBYKD9Hbb7+t7h74PmMbtP3Ut7EA2AcOySwUHiL9tHr0fcVWaPupb2MBsA8cklkoPERa9H3FRnwPAEJYAOwDh2QWCg+RFgufB4C2m4gFwD5wSGah8BBpzz//vLqL4PuNDXRBQdtNxAJgHzgks1B4iDpF319sgraXSGMBsA8cklkoPESdbD0ZkI/+qTssAPaBQzILhYeoKxvPBUDbSdSJBcA+cEhmofAQRYu+35jE9/6nw2EBsA8cklkoPETRbDkhUL9BEdo+oq5YAOwDh2QWCg8Rsm/fPnWXwfcjCTzuT0eKBcA+cEhmofAQfRr92fvR9yEpaHuIEBYA+8AhmYXCQ9Qd/e570fej3sSn/elosQDYBw7JLBQeosN5+umn1d0H36eOJf2MA/r5RN1hAbAPHJJZKDxER6q3ftHyeD99Fja+dLWvg0MyC4WH6Ggdy48P1q84QD+D6EhF36fIPDgks1B4iHqqp68U0M8k6MMK6DKJjlb0/YvMg0Myi4+2qLe8+OKL7gmD+o17ut7n/vnPf7pzfpQv9Zau9zeyAxySWTzWSkReYvr9KgiDQzIPhYiIKBZF/34jO8Ahmcf3ViciL9CHnaJ/v5Ed4JDsgMJERBRLon+vkT3gkOzAd1sjolhm8m2q6fDgkOzBQwFEFIv41L/94JDs8tJLL8GAERHZKvr3GNkHDsk+LAFEFAueeeYZ9SsL/x4ju8Ah2Um/lhYFjojIBvqBSvTvLbIXHJK9+CZBRGSjY/nZEyQDDsl+ugjwLYOJyCT9dD8X/tgFh0RERORlTtz/ByjTnPQ/HMIyAAAAAElFTkSuQmCCDynamics CRM Mobile ClientGE.EIRectanglefalseAnyAnyfalseA representation of Dynamics CRM Outlook ClientfalseSE.EI.TMCore.DynamicsCRMOutlookClientLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRQAAXEUBuS1iLAAAABl0RVh0U29mdHdhcmUAcGFpbnQubmV0IDQuMC4xMzQDW3oAAGyJSURBVHhe7d13gFTluT/w7Y22lO29V7bSexVQUUSxAsbCqrEkmku4JsGbpiJsmZltM7tLWTqIqChoMDEJiSRBYhJyY25UTK73F01MYhKS6zWkvL/nOTOzDMMLbjln5j1nvn98ZmF2d+bMmZ3zfM973hImhAAAAIAQI70TACDY3v3gQ3Hi7Q+E/ejb4sHeU+LRQ2/Q3fKfBYCBk94JABAoZ88KrdD3HntHK/Kr2l8TlWtfFoUPHj0P3+//uwAweNI7AQCMcOqdM+LIa+9qZ/Vc0Kd86dgFhf5iEAAA9CW9EwBgKLj5/tjr7/c13y9rOi4t6gOBAACgL+mdAAD9cebDs33N9+sPvq4VaVnx1gMCAIC+pHcCAPjj5vuDJ94VTUfc1+kH0nyvBwQAAH1J7wSA0PX2++ea7+/ZfEosfmLozfd6QAAA0Jf0TgCwPm/zvevlt8XD+41tvtcDAgCAvqR3AoC1cKH3bb6fsP7CYXaqQwAA0Jf0TgAwJ26+P3rK3Xy/xvWaMs33ekAAANCX9E4AUNv7Z9zN91zoufl+hf2EtGhaCQIAgL6kdwKAOrjQ7zp+bpY8Mzbf6wEBAEBf0jsBIPBef/fcLHncfD/n0cAOs1MdAgCAvqR3AoBxfJvveZa8UGi+1wMCAIC+pHcCwND1d5Eb6B8EAAB9Se8EgIHxX+QGzff6QwAA0Jf0TgCQM2KRG+gfBAAAfUnvBAh1skVu0HwfXAgAAPqS3gkQSryL3Hib7wO9yA30DwIAgL6kdwJYkf8iN2i+NxcEAAB9Se8EMDPfRW6MXqMeAgcBAEBf0jsBzIILvdkXuYH+QQAA0Jf0TgDV+C5yo9Ia9RA4CAAA+pLeCRAs3lnyvGvUY5Y88EIAANCX9E6AQOBCz4vcoPke+gMBAEBf0jsB9MSL3PiuUY9Z8mAwEAAA9CW9E2AwsMgNGAkBAEBf0jsBLsW7yI3vGvWYJQ+MhgAAoC/pnQBevmvU8wEYzfcQLAgAAPqS3gmhhxe58W2+xyx5oBoEAAB9Se8E6/Jdox6L3ICZIAAA6Et6J1gDFrkBK0EAANCX9E4wF9816rHIDVgVAgCAvqR3gpqwyA2EMgQAAH1J74Tg8zbfe2fJQ/M9hDoEAAB9Se+EwMEiNwD9gwAAoC/pnaA//0Vu0HwPMDAIAAD6kt4JQ+OdJQ+L3ADoBwEAQF/SO6F//Be5QfM9gHEQAAD0Jb0Tzue7yA3WqAcIDgQAAH1J7wxVskVu0HwPoAYEAAB9Se8MBb6L3GCNegD1IQAA6Et6p5VgkRsAa0AAANCX9E4z8l3kBmvUA1gPAgCAvqR3qo5nyfNdox6z5AFYHwIAgL6kd6rCd5EbNN8DhDYEAAB9Se8MNO8iN75r1MsOAAAQuhAAAPQlvdNIWOQGAAYDAQBAX9I79cCL3PiuUY9Z8gBgKBAAAPQlvXMgfNeoxyI3AGAUBAAAfUnvvBgu9L7N95glDwACBQEAQF/SO33XqMciNwCgAgQAAH1pN1zoscgNAKgMAQBAX9qN7MMGAKASBAAAfWk3sg8bAIBKEAAA9KXdyD5sAAAqQQAA0Jd2I/uwAQCoBAEAQF/ajezDBgCgEgQAAH1pN7IPGwCAShAAAPSl3cg+bAAAKkEAANCXdiP7sAEAqAQBAEBf2o3swwYAoBIEAAB9aTeyDxsAgEoQAAD0pd3IPmwAACpBAADQl3Yj+7ABAKgEAQBAX9qN7MMGAKASBAAAfWk3sg8bAIBKEAAA9KXdyD5sAAAqQQAA0Jd2I/uwAQCoBAEAQF/ajezDBgCgEgQAAH1pN7IPGwCAShAAAPSl3cg+bAAAKkEAANCXdiP7sAEAqAQBAEBf2o3swwYAoBIEAAB9aTeyDxsAgEoQAAD0pd3IPmwAACpBAADQl3Yj+7ABAKgEAQBAX9qN7MMGAKASBAAAfWk3sg8bAIBKEAAA9KXdyD5sAAAqQQAA0Jd2I/uwAQCoBAEAQF/ajezDBgCgEgQAAH1pN7IPGwCAShAAAPSl3cg+bAAAKkEAANCXdiP7sAEAqAQBAEBf2o3swwYAoBIEAAB9aTeyDxsAgEoQAAD0pd3IPmwAACpBAADQl3Yj+7ABAKgEAQBAX9qN7MMGAKASBAAAfWk3sg8bAIBKEAAA9KXdyD5sAAAqQQAA0Jd2I/uwAQCoBAEAQF/ajezDBgCgEgQAAH1pN7IPGwCAShAAAPSl3cg+bAAAKkEAANCXdiP7sAEAqAQBAEBf2o3swwYAoBIEAAB9aTeyDxsAgEoQAAD0pd3IPmwAACpBAADQl3Yj+7ABAKgEAQBAX9qN7MMGAKASBAAAfWk3sg8bAIBKEAAA9KXdyD5sAAAqQQAA0Jd2I/uwAQCoBAEAQF/ajezDBgCgEgQAAH1pN7IPGwCAShAAAPSl3cg+bAAAKkEAANCXdiP7sAEAqAQBAEBf2o3swwYAoBIEAAB9aTeyDxsAgEoQAAD0pd3IPmwAACpBAADQl3Yj+7ABAKgEAQBAX9qN7MMGAKASBAAAfWk3sg8bAIBKEAAA9KXdyD5sAAAqQQAA0Jd2I/uwAQCoBAEAQF/ajezDBgCgEgQAAH1pN7IPGwCAShAAAPSl3cg+bAAAKkEAANCXdiP7sAEAqAQBAEBf2o3swwYAoBIEAAB9aTeyDxsAgErmPHpM2I++DQA+dh1/R5x4+wNx6p0zVM7lhf5itBvZhw0AAADM5Z7Np8TBE++KMx+epfIuL/xe2o3sQQAAAMCcpnzpmBYEfAu+P+1G9ssAAABgbmtcr4mzWmMAAgAAAEBIWdZ0XHpJAAEAAADA4mSjaBAAAAAAQkDvsXeo5CMAAAAAhJTKtS+L98+cuxSAAAAAABAiHj30BgIAAABAqOFWAG+HQAQAAACAEHL01PsIAAAAAKHGexkAAQAAACCE8LwACAAAAAAhhhfWQgAAAAAIQQgAAAAAIQgBAAAAIAQhAAAAAIQgBAAAMA3ZYiYAoYbX+Jd9PgaKH0t7QNk3AQBUggAAgAAAACEIAQAAAQAAQhACAAACAACEIAQAAAQAAAhBCAAACAAAEIIQAAAQAAAgBCEAACAAAEAIQgAAQAAAgBCEAACAAAAAIQgBAAABAABCEAIAAAIAAIQgBAAAEfb+mbPi4f2vSz8jA8GPpT2g7JsAACpBAAAQYfajb0s/HwPFj6U9oOybAAAqQQCAUPfooTekn43B4MfTHlT2TQAAlSAAQCjTo9nfFz+m9sCybwIAqAQBAELR2bNCrHG9Jv1MDAU/tvYEsm8CXMycR49pB+N7Np8SfD3q4zzYe0r7+SlfOiZ9PID+QACAUHPmw7Pa373s8zBU/Pjak8i+CaGrcu3LWuL0FvBjr78vTrz9geDep/z3MlRvv/+h9ni7jr/TFxBW2E9ItwXACwEAQgkX/2VNx6WfBT3wc2hPJPsmhA4+M+ci3HvsHfH6u2e0P4xg4Kauo6feF9zRxcg/fDAnBAAIFe9+8KFY/ISxx0B+Hu3JZN8E6+IzfO5QwhNK8B8a/w2oiFscjrz2rratfNlB9logdCAAQCjgFtJAHO/4ubQnlH0TrIcPoFz0+Uyb33ez4csG3FIhe21gfQgAYHXcAjth/cvSv3+98fNpTyr7JlgDJ0nXy28rfaY/UNwy0HTkDXQqDDEIAGBl3NcqUMWf8XNqTyz7Jpgb99A/9U7wrucHCrdooANhaEAAAKvivk98aVb2d28Ufl7tyWXfBHPiwh/MjnzBwq8ZQcDaEADAivRa3Geg+Lm1DZB9E8yFD46hcMb/cbjTIC4NWBMCAFgNX56V/a0HAj+/thGyb4I58EGRO8fx+whu3MmR5xcIdJMaGAsBAKyE+zHJ/s4DhbdB2xDZN0Ft3FmEz3b5/QM57izIl0Rk+w/MBwEArELvef0Hg7dD2xjZN0FdPEufXrPyhQJuIcFlAfNDAACz49ZJVYYy8/ZoGyX7JqiHz/q5wwi/ZzAwHJi4gMj2K5gDAgCYmVGL+gwWb5O2YbJvglpw1q8PPdfThsBCAACzMnpe/8Hg7dI2TvZNUAN3ZMNZv754zG0gJ9wAfSAAgBnxJGwqrm3C26ZtoOybEHw8i18ojukPBJ5v2+jFNkBfCABgNlz8VV3HhLdP20jZNyG4ODGiyd9Yql2Tg0tDAAAzCcS8/kMZ6szbqG2o7JsQPDx0zawL9pgNQoB5IACAWfDII6OLP891wp8J2ff6g7dT21jZNyE4eHIIfk8gcBACzAEBAMyAF/UxehKy3mPv0FOJMAQAC0Fnv+BBCFAfAgCoLhDz+vvWCQQAi0DxDz6EALUhAIDKdh1/R/p3qxduVeDWBd/nRACwABR/dSAEqAsBAFTF1+Nlf7N64f4E/sWfIQCYnPdaDqiDQ8BQPlhgDAQAUNH6g8bO68/F/2LDwREATIxTI+9/UA/P3KXq+N1QhQAAKuETBaMX9eFjEM9Z4v/cXggAJoXirz5O3VhSWB0IAKCKQFwq5OLPEwn5P7cvBAAT4vnoeb+D+njJZdl7CIGHAAAq4NbBFfYT0r9RvfBEcPw8/s/tDwHAZPgPh9Mj73cwB56bQfZeQmAhAECw8eysRs/rzzWiP8WfIQCYCK9Jj+l9zQkjA4IPAQCCKRDz+vNxZiAniAgAJsHXknl6SN7fYD7oFBh8CAAQLNwfiE/gZH+XeuEOhQNtHUYAMAkM9zM/Hocre28hMBAAIBgCsagPF3//5+0PBAATeLD3lLazwfyMHvYDF4cAAIEWiHn9hzIiDAFAcbzmPDr9WQf34TC6KRDkEAAgkHgEkNHF3/Xy0IaDIwAo7mIzOIF5YWhgcCAAQKAEelGfwUIAUBiW9rUujAoIPAQACASj5/XnVoWjpy6c138wEAAUxT3G0fRvXTwkCLMEBhYCABiNJ2mT/e3phY8ZskV9BgsBQFFWHvJ36p0z2uvjkQ2clvnfvvx/3qr49cveezAGAgAYyegOvpda1GewEAAUNNghHSriYs8dVQb6h8azZfF+4N+1aj8IbuFBh8DAQQAAI/DnOBDz+htxHEQAUAwXhP5O46gqbqLioYt6jn3l0RB8xmy1mRAD0VkI3BAAQG98rFZhUZ/BQgBQDPcQ531qNvxB2HX8nYDMdnfP5lOWahUwem5wcEMAAD3xMc/ozy4/vpEnPQgACuE3m/en2XAzvdEzXcnwJQKjknEgcY9e2esDfSEAgF74uMOtkrK/M71wPTC6NRgBQCF6De0IFO6wZ/SH4ONwr1grDJdEK4DxEABAD2+/r96iPoOFAKAIMx2cOJXyNX7Z6wgWXgLTzP0D0ApgPAQAGCq+9Gh0aycfWwM1BBwBQBFmuabN6TfYZ/0Xwx9Ms7Wi+EIrgLEQAGAouHOz0cU/0CPAEAAUwJ3aeD+qLhBzW+thKItjBBNaAYyFAACDxZ9No499wbiUiQCgADOc/Rs9vaXezBoCMC+AcRAAYDACMVQ3WMcrBIAgM8PZv9mKv5cZQwCPqJC9FtCHHguoQOgIxOcxmH+TCABBpvrZv1mLv5fZQgB3ZMQaAcZCCID+MPrYx5/zYM/7ggAQRNxznfefqqxyNmq2yZVUG2FhRWZsHYLAMXpefy7+ei7qM1gIAEGkco91/uOUbbMZ8YeN1yTwf42q4vkVZK8D9IUQAP54+J3RAZxHEqhyPEIACBLu7BWosZ4DxUP9gjGzn5F4f5tpngAMCQwMKy28BUMTiEV9+Dik0mVfBIAg4YVteN+phif5UXWc/1DxH7v/61UVlgoOHIQACMS8/kYu6jNYCABBwE3Sqp6NWv36My9Y5P+aVcQHJHQGDJxATb0K6uGibHTx58dXcd0SBIAgWH9QzTMO7iwn214r4aJqlgWEjG6OhPMhBIQePhYYPa8/F3+jF/UZLASAIFBx6B+3SITKJDRmuRQQiAlI4HwqH6xBX3wcNrqvE4dKlf+eEAACjK+v8z5TTagNPTPDmgEcymTbDsZCCLA+HmljdPHnSd5Ub1FCAAgwFYcecRKWbauV8UHefz+oaCgfUBg8DupmuVQEA8NDnI3uX2OWjqUIAAHGQ+x4n6mEk6psW63ODK0AGA0QPCr22oah4ctqRhf/Rw8FflGfwUIACCAVm/9D8ezfywzrMHABkm07BIZq47Zh8HgEkOw91pPZJpdCAAggFf84QvXs38sMB3e+XCHbdggMvlaMEGBufOyVvbd6MssQY18IAAGkWvN/KJ/9e2E1RugPDgEqzN0OA8fDrmXvqV74koJZF5hCAAgQFZv/Q/3s30v1szusDaAGPtAjBJgH98APlUV9BgsBIEBUa/7H2f85qrcC8IHM6I5L0D9mPtsLJfyZMXoiLW4V4nDu/9xmggAQIKr9oeDs/3yqtwIM5YMK+kMIUBfP4cBLrcveN71YpV8IAkAA8B8L7ydV4Oz/Qk1H1B66w9sn224IHtfLWE5YNTx5ltGdZq00PBQBIABUa2I2+rqYGak6Q6MXz1kg224ILrMN+7KyQMzrb7UJohAAAkC1pX+5RUK2naFO5Q82N2vKthmCT9XFvUIJt2qG8qI+g4UAEAAqDf9Dj/KLU71JF/MB6MOIQmGWqV+tiIu/0Sc1XCituD4EAoDB+GDD+0gVRo+JNTP+MPjvL5XwFKOy7YaB4YJhRJjiS31YTjiwAjGvv5WXiUYAMJhqZwahsuTvYKmc8rE8sD74Uo9Rw8SsXCxUc+Q14+f1t3rLDgKAwVQaLnTqHfT+/zgqD+/C6A19ePt6GBUCeAiaFZuLVRKIMBwKfTsQAAym0vV/DCX7eA/2qjspEBcs2TbDwPh29uR9yu+57OeGwoodxlQRiKmxQ2V0BwKAgVQb/290L1kr4CZFlZtweRiSbLuh/2SjPYwYGsshQOWRJWYUiH4wqo3aMhICgIG4KZD3jwrQfNx/Ks/tjRkch+5iRdmIEMChGyFAH0a8P/5CbYZHBAADqXQNCSvK9R+fZfjvP1VgJMDQXaogG3GZjEMAB3D/54L+4RY5o4Mvt/yF4kJPCAAGUml9aKMXxrAS3lf++08V/Dcl22bov487IzciLFtl7vhA434URh+7+L0J1VUeEQAMxL3uef+oALP/9R8PlfTff6rASI6h60+TPE8KJfvdoeDPoNlXjwskLv5GT34V6sEMAcBAqnQm4wUyZNsHF6dqD27eLtn2Qv/195q8EUPNQrWpeaD4PTK6wytfmlFplFYwIAAYRKXFZbCQzMCp1HrjD5M5DU1/AwAzKgTwJDb+zwVuXJSNHrGEzpluCAAGUWk8uRHNmVanUv8Nf1gTYGgGeuA3asa5UOtx3h/cHG/05UrM0XAOAoBBVOpJbsREJ1an8ixg6NA5NIM58zNqzvlQGnP+cXgfG138MUvj+RAADKLSBxuTxwycSnM4+AvEeGgrG2zTr1EhIFRmnbsUvkxpxL71xcFZ5Um+ggEBwCD8B837Jtj4D162fXBpfCbivy9VgSmdh2Yo136NaqJWee4JowViXn8OzSj+F0IAMIgqncgwbGzwePSE//5UAfp0DM1QO38ZFQK4SPk/l9VxS6lsX+gpFPdrfyEAGESV4oGJYwZP1eFagThjsrKhBgDGIcCI0RjcXydUzlSxqE/wIQAYgK9l8X5RAXdmk20jfDxVe2nzZDKy7YX+0SMAMH4cI4arhcK16kD0Y+GWMv/nhfMhABiADwq8X1SADmODp+oBhM8+ZdsL/aNXAGBGhQA+MFuxtzoHm0CMSsIQy/5BADAA71TeLyrAkLHBU7X5kIuObHuhf/QMAIwv9xkxN4PVxqtz8Tf6eMStr6p0wDYDBAADqNTpZChvcKjj3vb++1MVsu2F/tE7ADAu1EaFACO2N9CM2j++uPhjmuWBQQAwgEoBwOgpNa1M5d7Dsu2F/jGqoBpV5Mw+bS1vu9HFn0dl8KUx/+eGS0MAMIBKY3oxb/zgIQBYk5HF1Khmbg4BZly4hve10Sch/Pgo/oODAGAAla4dy7YP+ocP5P77UxWy7YX+Mfps2qgQYLazXN5WI+ZL8GX21pFgQwAwgCoBgJskZdsH/cMfDv99qgrZ9kL/BKJgGNXbnQuqyitVevE2Gl38+bKCqpN1mQUCgAFUGYLCBzrZ9kH/qLwegGx7oX8CecZoxDBc1Tu7GbVmgi8u/lYaIREsCAAGUCUAYLz40HDzov8+VYXR11WtLNBNxkaFABWHu/Gxz+jiz5dXuIXF93lhcBAADKDKBxMzxg0NAoA1BeOasVELOKk04U0gph0PpamSAwEBwABceHm/BBsCwNAgAFhTMAIAM2ruey68/s8VaEa9Nl8qj8oxKwQAAyAAWAMCgDUFKwAwo1ZyDGbH40CsN6LypFxmhgBgAAQAa1C5E6DRPaytLJgBgHGzvWy7hirQRZKb4o3o3+BPpWHVVoMAYABVAgAf6GTbB/3DHw7/faoK2fZC/wQ7ADCjQkCgmsmNmuvAn0p9HKwIAcAACADWcM/mU7Qb5fs22GTbC/2jQgBgR14zpsc8hwAjO8rx8DtuHZM9t154v/D+8X9u0BcCgAFUSa08SYZs+6B/VO10hGA3NKoEAGbUmHmjhsphUR9rQQAwgErNVrLtg/5RaU0HXwgAQ6NSAGBGhgA9J8vh/WZ051OzzHRoFQgABkAAsAZVOx/xojCy7YX+US0AMKPmzddrxjzePqOLPy9cZqa1DqwAAcAAKgUA9BYfvN5jwR9fLYPRHUOjYgBgRoaAocyZb9R2+eJwoer7YmUIAAZQKQBgvPjgqfQ++kIAGBqVCw0XWyOW8B5sgQ3UvP4o/sGBAGAAlZqOEQAGT8W51hn3jpZtL/SP6sWGt8+Izy0/Jl8+8n++izFqlIIvLOoTXAgABlBp1iqjh+tYmaqdkfjShGx7oX/McLZpVAjgpvz+XGfn1i/Z7+tJ706KMHAIAAZQafhYIKbptCpVD048OkG2vdA/Zmlu5uv2Rgy5+7gQEIh5/XmODSzqE3wIAAbgZMv7RQU4Wxwcvg7rvy9VwQdP2TZD/5glADAOoUaEgIuNtQ9EuFR1fo1QhABgAJXmkOcPuWwb4dJUngUQl3WGxkwBgAUqBHBhlv2cnlSdWyNUIQAYgK/d8X5RAWYDHByVVx8zopd4KDFbAGBGzr3PywkHolUJi/qoBwHAAJyseb+oAnMBDJyqIwC4EMi2F/rPjAGAGRkCjMYhw//1QPAhABiE94sq0GQ8cAMZLhVIXLxk2wv9Z9YAwDgEPNhrnj4gfDKk6nwagABgGJUKiJkOGCpQrQXHFyYBGjozBwCvQFyvH6qLdTQEdSAAGESlP3zXy8YP67ESlTpx+gvE+Gyrs0IAYCqHAL7sqMqy6HBxCAAGUWkeeb6eLdtGkOO5E/z3oSowB8DQWSUAMO6sKnuNwdTfyYYg+BAADKJSEcF144FRucOSWTuBqcRKAYAFYuKe/uIRUFbbv1aGAGAQlSYDYkZMK2pVKp+9YETH0FmxQKlwmW/xE1jUx2wQAAyi2kxyKjYVqkilORz8YU4HfVi1SAWzfwgW9TEnBAADqTTXNXqP94/KM5WhL4c+rHyWGowQwEUExd+cEAAMpFpTMpqPP57KPZcxmkMfVm+mDsQyvl58qVOlEx0YGAQAA6k2m5wZxg4Hk8oLADEsAqSPULhOzcOQjQ4BWNTH/BAADKRaczKfGci2E9xUHv7HuJOVbLthYEKlo5qRIUD1zwr0DwKAgbhjDO8fVXBTXaCaBs1I5eZ/vsYq22YYuFAJAIwvQ+p96Q+L+lgHAoCBuNiqdn0M48jl+CCp8rVMdADUTygFAMYhQK8VJLGoj7UgABhMtbNK/gDLtjPUqX49EzMA6ifUAgDj18wtkrL90R8ckDGvv/UgABiMe27zPlIFjyXHZYALqX5wG8rBG84XigGA8WWkwcwHwkVC1dUxYWgQAAzGPbd5H6kEowHOx82jKjf/4/q/vkI1AHjxJQE+BnzcZQE+dnHHYf/fB+tAADAYN53xPlIJHwBk2xqqVFq4SQbX//UV6gHA16l3zmiXKfnSILdW8r8ZxvaHBgSAAFDxgIMx5W6qn/0zXP/XFwIAgBsCQACoeIaJVgA31c/+Ga7/6wsBAMANASAAeCfzflJNqLcCmOHsH9f/9YcAAOCGABAA3OtexcUyQv3ashnO/oO5wptVIQAAuCEABIiqvWlDtXnZDGf/DBM36Q8BAMANASBAVJ1oJlRbAcxw9s+tRpizQX8IAABuCAABouJwQK9QawUwy9k/mv+NgQAA4IYAEECqLjbDIwJC6UyTC6v/PlDRUD6ccHEIAABuCAABxNNw8v5SEa/wJdtmq+Fr6v6vXUU8ZbNs+2HoEAAA3BAAAkjlpmfeLqtfCuD9z4XV/7WrCIs2GQcBAMANASDAuNMd7zMV8YIfVr4UYKZ5zVfYT0hfAwwdAgCAGwJAgKm4OJAvq44KWH9Q7eV+fXGBkr0G0AcCAIAbAkAQqN4MbbX+AHzd3wy9/r0w97+xEAAA3BAAgoBX3eL9pjKrTBPM/RpUnIXxYjiocF8F2WsBfSAAALghAATBnEePaTtPZVyIzD4LHe9nsx3seYIi2WsB/SAAALghAASJqnMC+DJzCDBj8WdY+c94CAAAbggAQaJ6Z0AvM4YALqJmGe7nK9QXZwoUBAAANwSAIOIZ+Hj/qY5DgFk6pvEftJmu+fsK9eWZAwUBAMANASCIzNIK4MXj6HlNA9lrUQHPtMhhxXebzYLDoOw1gf4QAADcEACCzCytAF48WZBq16m51/ypd8y1H/1h6F/gIAAAuCEABBkf+Hkfmg1PVavCcDWe4MesTf5e3F8By/4GDgIAgBsCQJDxgd+MHdYYF15udg9G8Xp4/+uWOZDza5G9RjAGAgCAGwKAAszaCuDFQYCX2DV6/noOGlYq/AzX/gMPAQDADQFAAWZuBfDHfQR4KuGh/GH54n3zYO8pbSEfs3bwuxT0/A88BAAANwQARZhtREB/8YRHPPUxt3LwHxu72CWDxU8c1+Yc4ADBLQpmmCxpKPj1yfYDGAsBAMANAUAhx15Xd6lg0B9m/QsOBAAANwQAhfAZsBWbueFCmPUveBAAANwQABRjhpUCYWg45HHYk73/YDwEAAA3BADFWKlDIMjx0EnZew+BgQAA4IYAoCCrdggEEcYzFsrecwgcBAAANwQARaFDoPWg6V8NCADB9cimbxWRW0mp7PsQOAgAiuJpdnEpwFrQ9K8GBIDgosK/kvyJ3Cn7PgQOAoDC+M3h/Qvmh6Z/dSAABFfdZTtvJf+XXuP8VljKJmdkSrMzOsW2ioTLfh6MgwCgOIwKMD80/asFASC4wtNtt5G/h6U2ibCURkEBQESltHQjAAQeAoDieFSA2Ze6DXVY6lctCADBFZa+8TaiBYBwKv4RKU2ksTsitREBIMAQAExgzqPHTL/kbajiNQxk7ykEDwJAcDy0/rnhZGrBVGdzWHrjP9wtAC1aCCAIAEGAAGASGBpoPtxyc7F1DyB4EACCg4p/DrHNvHrHT8PSHf8KS22hANAswpLtxNFNEAACDAHARHiRHN7foD4uMjySQ/Y+QnAhAATHvKu25xBbwUTXT6n4UwCg4o8AEFQIACbDq+TxPgd18eUadPpTFwJAcOTXOPPza53dY4ta3wxLafoXQQAIMgQAE8IkQWrjJY1l7xuoAQEgOPIn9pSRryeVdX4Y7m3+RwAIKgQAE+LrylZfK9+s0ONffQgAwZFc0VGZVNH+vZGFrSKcm/9xCSDoEABMasL6l8Xr72J4oEq4j4bsvQK1IAAER0T6pkryvYi0TSIidRMFAFwCCDYEABPjTmY4mKkBxd888JkJvDWf+lr+pEU7V8dmN/8snMf/J3vO/hEAggoBwOR4jgC0BAQXir+5IAAE3rW3Pjtt0qJdX4zLsZ3msf9a0eevCABBhQBgAXw5AH0CguPh/a9L3xNQFwJA4OXWdE9LKun4YmRaCwUAmwhLbSP0FQEgqBAALII7BvKsc/x+QGCg+JsTAkDgFUzqWpVe1flcdIbtdwgA6kAAsBgsHhQYKP7mhQAQeDXztzpKpveIYXmt7sKfSkUfMwEGHQKABa0/+Lr25oD+3j9zVqywn5DudzAHBIDA+bLtJ+EkMrWstW1MkUNEp1OxT/FCAAg2BACL4slouFjx+wP64H4WmN7X/BAAAue6NS9EXnvnC3ExqY0dkcmNIpyb/xEAlIEAYGHcORD9AvSBnv7WgQAQONn1XTFkVESqzaVd+09xeCAAqAABIATw9WosJzw4vN8wta+1IAAEzopbD5WRB5JKO4+FJXPB5xDgRcUfASCoEABCBDddYw2BgeHlfNHkbz0IAIGzas2R1eSjksmbRVhSIxV6LvoUBLgDIKYCDjoEgBCD1oCPx/uHO1LK9h+YHwJA4JRN71lNPhpd3Oou9toaAAgAqkAACEHcN6D32DvirJYD5H8YoYr3C+8f2X4Da0AACJzorE2ryUcR6U2e4u8HASCoEABCGDdvHzyBToKML49gDf/QgAAQOOFpzavJR9LizxAAggoBALTCd/RUaPYPePv9D9HJL8QgABjv1vuPDCfTcydubglLtZ/ta/JHAFAKAgD04T+GUAkC3MEPs/mFJgQA41HxzyFtExfv/nl4uuOfYWk2EZZGIcAXAkDQIQDABfjSQNORNyx3oOTOfbuOv4Om/hCHAGC8qlk78siW9KquX4alNVMAoEKPAKAcBAC4JJ72lvsJmLnDIC+XzGf7vGCS7DVCaEEAMN7I3I5Csj8uy/HbsNTGf4WlNiEAKAgBAPqFiycXUZ5Z0AxTDHMTPy+MtKwJZ/twPgQA48Vm2UvJy1EZLX+j4k8BAC0AKkIAgEHhZnQeK69KIODOfDyE757Np3CmD5eEAGCsqQv3pWZWdV8Vk2V/LcJb6C8GASCoEABAF95AwNfYedEcLsj8t2EEbtLn5+CCz60SmK0PBgIBwFgUAGaVTOp9NCbLcZqX/g3Xlv/1K/xeCABBhQAAhuLizH9kD/aeErygjjcg9AcXeP4dPqvnx8AEPaAHBABjTV2891PjZ21/LSHX8eew5CYRltTiLvQhEAC6Nn8rkeSQBNn3VYMAAAAhBQHAGF9s/H44iayeu8NRPHWrSMjlwt4owsZ5Cn0I9AG4+c6DldffduCGuvm9s8aVtY3PKN+Un1XxRKLsZ1WAAAAAIQUBwBhU/KPJiDHF7R3Dch0iksf+c4FP2UTFPjRGAWTXbF6dVd1zLKnC+X0KAC9QAGimADBf9rMqQAAAgJCCAGCMy5bvj73s2v3jotNtrnCt8FORp6/hKRdZB4BZJAA80vyDBJKbVdv1+Ij81j8Ny7efHZ7f8sfEwo0/Hl30RIPsd1SAAAAAIQUBwBgj0pviSXpYckuPtvZ/chMV/2YRmcIdAT1n/NYNAOlkef7UrgNhqU/Qa3tChKc/IaKyN4ronE1flP2OChAAACCkIAAYI7OmfTrZEp9j/7l3zf9w+hpJYYC/WjkA3HTP8xPJ3tIZm0+HpzZq4SeCXlt0JslqRgAAAFABAoAxUivbV5IPE/KooGtn/PSVzv4jkvkyABV6C/cBmHvtviVzlu/9n7yJ3dolj/Aket0pdgoAdhGTZUcAAABQAQKAMaKzHCtjshwfRqR7ijuP/+fmfwoA2v8tGgCuu+do5NiyzisTSzr+Jy6HQ08jaRHhaTY6+7chAAAAqAIBQF933n90OJlRMGlrS1ia/W/nlv7lr4SLvEUDwF2f/kYcWTxh4Z7WqEz7B+7X7e70GJ7uDgDR2QgAAABKQADQFxX/HOKatmTPWxEZtn9eUOgvxgIB4O4HXx5HDl5+4zNiWH7bea8vPL1FRCEAAACoAwFAX5MX7iwkh/Lru/8cntbiXvinv0weAMqm944jB7Nqu0VU5vlTHoenNWv3RWfZEAAAAFSAAKCfLz/+vbj6uTsmZox3Hk8spDNgnwLYLyYOAFfd8szoGnrt0Zn2o7LX5g4ALQgAAACqQADQDwWAgqU3PbtqVKHzJ1EZjguK4McydwC4bMHyA92Jxc7T2oiHvr4Pbn2XABAAAADUgACgn8uW7ZtQPWv7uric9l+EpVER9LkG/rFMHgBq5/U2VM7a9vORBR1/7gsAPq8PfQAAABSDAKCfhLTGubHpzZsiMh1vh2WEVgAYU+r4XGKxNs6fXgtf/z//9SEAAAAoBgFg6Gw9P44gMcNzHQ/FZtp+HJFuO9NX1AfChAGgfMb2RDJxZGFrV0xWi4hI49dx4XoH6AQIAKAYBIChW3XfC9Er7z2SmJDraIvO4Fnv5EXwY5kwAOTUdRdk13X927A8xze17dcm/iGe8f9e6AQIAKAYBIChy6l1JZCsqLSWbm21vySe/56L4LkC2C8mDACjCm0zyHfjsps/CON5/7Wljv1eF0EnQAAAxSAADF16RWs5+WxsZvN3+ew3nIp/37K/PtfBL4l/1mQBgLY7Oja75XLyq6gMLvSe4i95fegDAACgGASAocusbL2J/GV4Hhe/TSKSimCkpAhekskCAG1zOBlOriXvaK/hEhAAAAAUgwAwdMOyHDeRv0RTkeNr/xGpjUJbBtfT/N1vJgoAEcktCeTe8ORmnvjnLxe8Fj/hFALcnQARAAAAlIAAMHh103dEk5xhWe3/FpZk/98wba3/JirkG6nobSKeywD9ZZIAcMPtz4+evmTPhNgM2wva0sZM9np8nBsFgAAAAKAEBIDBo+KfSr6QUdH1Snia7e/a2vdaL3gu/p4OcZJieFHmCQCLl9789LZxZW2n+xt0EAAAABSDADB4OVXdeWT/2KLOP4Sn2P6prXvvPSPux1nxBUwSAOrm7VxTNXv7W6MKW8+E9zPk4BIAAIBiEAAGLz6ntYh8M5rn/R/HhZukeF04G94lcaE0SQCIy3asi81yiOg0h4jg19qP14lOgAAAikEAGJyqOa6y7LqONbHZjlMRPO8/nf27i76n8HtJiqGUCQLAhHlbUsnyMcWt+yKpoEfQ6wvn140AQL+OAAAAJoMAMDjF05zLKQDsjsly/Npd9N1N3UOicABYcdvhiNKpXbXFk11do4scP3N3dmR+r+EiMBEQAIBiEAAGJ73auT65suM3MVktHw24s9/FqB0A4seVty9OyLO9FpPZ8tcIrcXDEwJkr8UPpgIGAFAMAsDAlM/aGkMSRxW1tg7Pd4jIdCpw/SyCH0vRADBlUU8MuTynvqOdCvjvI9J4vQPbIAIAWgAAAJSBADAwVPxHkbLo9Oat7jn/uQh6Cp3k2ne/8e8rGgAmLuwaRfaVTO0UsdmtVMwdIlxb85+Lv2fCI9lr8oE+AAAAillhPyH4wAf9c/Uj3xaTb9gvUmu7qFBTcfN2ghtIhz8ZnwBQuGifWNn2Q+nzB9rq1pPilk3fF+Ov3CVGFTlEZAad+ad5OzvS9nrJXpMPbwCouelp6fOoYML6l6Wfkf5AAAAAsLjcm54S6TWdYniegwo2N4NLiuFgeQLAyKm9ouDTX5M+f6CV3fuCGH/bsyKxjgKPbJv7yRsAxl22U/o8Kin41NdE3t2HRd4nj0i/L4MAAABgcenXPSXicztEFBU0rQk82RsC5IVvQBQMANk3HBApkzeLuHwKPLJt7idvJ0AzBIC8e46ItKv2iYwVB/r9PiAAAABYVP79L4islU+JMXO2iYg0Pvvn69+b3F+9fQCGSqUA8MCLouju50Xqop0iPs8uIjM48Pht7wB4OwEqHwDueE7kXvOkGD2xR4yi4JN05V6Rfdsh+c/6QAAAALCovLueF2NndYu4QipoWuc/Lv686A9Jo39TgZNd++43LpQKBYCie4+IEgo8SVN7aJs8IUe23f3Udwlg0S7p86mi6Or9Ire2WyRk20Q4v+6kJpF0xR7pz/pCAAAAsKDSh46KkrsOi8SJXXQWy0WailoyL/rjWfUvjQqFlQIAPXcunfUmz9gmEorbaLv619P/UlQPAOV3Py8m3LJf5EzfLEbkt4moDAoAqS0iItkmkq/YK/0dL+48iAAAAGBB4z/1NVF1+yExssqlFQV35z8+K/ashKcVf4sEAHre0ntfEHkrDohhRe0ikrfNO9bff5sHQNkAQO9tMb3eypufFPXzXCK5rJVeK28zBwC7iExxUADYJ/9dj8VPHEcAAACwopo7D4m6ZXvFyLIOd3HQUEH0slAAKKKCWL/qGVG5cIeIz7dTEWzu93z/l6JqACi+7wVRfctBUTh3ixhVsFHEZHLY8Ww3feXAx/0AZL/r9fD+1xEAAACspPghOvtf+5Iovf6AyJ7YLeJ46J9v4debCi0AD7woiq/YK7JrukRMlnu7wrVRDlwQfbZ1gFQcBlhJZ/7Vtz4rCudtF0kVnSKCL+VItj3pykv3ATjy2rsIAAAAVlL5by+J6Z9/WWQu3EmFmZv85QVCNwoEgPz7XhQjJ28VETy3AV/7117z0Io/U3EY4NQ7nhOzrtorxhR30Jl+K531u2hb+RLA+dt+qQAw5UvHxNmzXP8RAAAALKPkvhdE5Z2HxLhpm92F0OIBIHvlMyJp7g4RV9Lp6evgCQDajId+2zpAKrUAVJP5D70kqpbuFWmVThGbaafXx839PL3xhWHnUgGg99g7WvFHAAAAsJC8Ow6JzMt3ieFVnVQIuPj7BAC/a9xDxo8ZpADA1/1LKexkXL5HJOS305k6F0J+nZ7QwwGAC6Nsu/tJhT4ARbRPyx54QUy8+7C47LbnRO7kLSI82bPfSbg22oFer9+2X6wPwJxHz539IwAAAFhI+g1P0dlwu4jM5NXvuCD68CsSQxbEAFB67xExYfVBkTNzm4jg4W/e7enD//fZ1kFQIQCUPvCimLbmWVF91W4xls7843Iv0qfDb9tlAaBy7cvi1Dtn+oo/AgAAgBV86kVR1vCcyFq8W0Sm27VOcFqTuFYgfFoB9BaEAMBn/0W3PycK5+8Q46goaqMZZNs2RMG+BFBNr3NSw2FRdcUekVHfLQk5Fye7BHDwhLvjny8EAAAAk+OhYbUr9ovCqVtFTJq3gxh3iqOCYGRfgEAHAHqOkvu/JnKuf0bE5FPx597+Wk94/V9fsDsBzr3vRXH5Lc+KpLJubR9r+1qynTK+AYDP/L29/v0hAAAAmFz+3YdF5pytYnSxQ0SkeWbB03rF09cBFI4BC3AA4FXv0q/aL0bVbRaRGQMrigMVrBaAyvuOiGl3PKOd+WfT64zLGfhQTm8A4KWz/Zv9fWk3/hsAAADmUPzAi6LwtmfFqBqniEznaX4fpyLA8/5zk7FPs7HfdeIh48cMZAC4/0VRsOZ5kThpi4hOt7k7wGmtG7wtftumg4D3AaD9V3zvEVF969NixlU7RUa1y/PafFo4JNspU37z02LX8XO9/S9Gu5FuDACAQnj+8lXtr4Gf69Z/W8xb9YxIHt/lue7vKRZa8aCvXpJCMSTacxAKAIWL9omVbT+Ubp9eln7+W2LyjQdFUnW3e6Iffm7t+Xlb/LZNB94AUHPT09Lt0duNjT8Qiz/5vKhevEOMLmsVsdme1+h7eUOynRdxj3+xl9FuZB82AACV8EHS9+AV6rbueyuWJNfO2/5o3oTu9xNyWz/Smv21EEC8AUCPaX9lfAJAWLKjm4TLtnOobrnn0HAyvnj65q8mj+/8bWy2/UN3YfQ+v+ffsm0cAm8AiM62f1G2XXqatHD35JrZ2z9XOKH7J0ll7R9FpDf/S3tN/iTbeREIAABgHQgA56PiP5ZMzqp1bQ9P9Vz3lxcDY/DzBSYA5JAHCyd3v9TXoVHWqVG2jUMQ4ACwqWrmdjEqp0OEJ3lCnGSbBgABAACsAwHgfLfec3QK2VE0efMbYVoAkBRFoxkcAOYvOxiTP6l7clad8+DIwtb/pz3fxQKAztyjACgAZNkMCwC1c3snEFt2bfePeXrfGHo+nd5HBAAAsA4EgPMtXH5g+YJrDvw+t76bDvhcNKwVAMpnbgsvnb61NKm8477Y7JZfRab7Pbf2/MaFAe8wQCMCQHqVK4YUFE7s+WzJlM1/GV3c7t6XPIKjbxTHkCAAAIB1IACcL7G4dfnoktbfx2XzcLgWOugzaTEwjoEBIG9Sdwz5SlqV842YTPv/8TK/FwQdIwOA9xKAMQEgnbSMLel4fVi24x9RWrihwu+d5leyPQOEAAAA1oEA4JZa8fgwMj8hd6ONzhb/wgf8cG/nP/n1YGNwoTEoAFy78sniq27ctzq7vvPYqOJWEZXOPeL5OSXF3hsAZNs4BEb1ARhT0DRpdEHLw6MKW08l5Dj+Fp7S/C/3a+AwQ8/tDXOSbRoABAAAsA4EADcq/hlk36jCJ/4Untb8z/A0ngufCqS8EBhHK77EmADwiWU37Xsns6btr2FpG0U4FUVm2IgGCQMDwIZReU0Uauh1aK02Fz63DhAAAMA6EABE2DV3PjOqctbWySNzHUdjM1r+FpbS+K+gXPv30jkAlNV1xpCU3Drnv2fXdv5lWJ7jLBfI8ORLtAAYRK9OgK4dr0eT3DlX71s2IqfFHpfV9KOYzCYRrp3xy59bBwgAAGAdCAAirHbh9orCyVvvikvv+FFEEl/75xn/vCMAghAEdAwAn3rk21GV07ekpZW0XR6X1bLNPcc/FX2e9Icn+9HG+wfuderRCfDB9S/EN3zmSPaNDYevHz9r25Zh2S3/6z7zp9dgYP8FggAAANaBAED1otL5ibGlncdiMuy/c68LT8XfuCLy8fQNAOPGz96+eFRe65GYDNt77g5xHHBIX+e4wL1WPToBUgAove6OA6uzqjueH57neDcy3fYP7swYrhV/fh5u1bjwuXWAAAAA1hHKAWD8rL1xJG1kYfuj8bmO30emc/M/H+i9BZELCZFfDzYGP69OASC7ujMip7rzquTS9q64LMdvIvtWMuTWDQ4B/Bp9yLZHZ0PpA7B05VOxJHn8nN7V+ZN69g/Ps/+a3jN6XHpdtP3hfcXfQ/L8Q4QAAADWEeIBIInMjs9p2xmUYi+jYwAYntUcTbbGZ7aIiDQHPT49puw5A2iIAWAsmTyysHN7mPZ6At5JEwEAAKwjlAPAuKKOyWRXXJb9zUA2g38sHQLAxMW9M+ov22ZPLGr7WVSqTURoPf79nicIwqmQujsB9j8AJI9vjyZ5o4odNw7Lt++JyrC/EZZC+0cLbfLnMQgCAABYRygGgOW3vhRJkjPHd60ZkWP/fUwGFxIOAIqEgCEEgLrFW6NJasXszevKZvb8ZVRR+1le5S8iucl9jVz2fAF0bhRA/wLA8JKehBHFzmx6HTfEZtu2hKc2/VULMt6VCyXPYSAEAACwjhANACPILZUzd+6NyaSCkhrEHv8yQwsAaeSOtOqOp+Nz7f+ITm/5ZwQVfncHOVMGgLKEwq5PxOW0Px+d4Xg3IqX5H+4A4CF5DgMhAACAdYRiACidtiupbPqupvTxPf8VmdZ8tm/GOPlBP/AGGQBq521MzJ3kmJVa07FjeIHjjbAkd8e4CHpt6gSA/l0CuPvTL+aQVWUzer8aldV6ICrd9uvIVJ67gB6n7/0K+OtBAAAA6wjFABCRZs8ghyP42rg23S8d3Hl8fIBmw7sk3pbBB4Dy1KrG+yIyW97WJvgZx4/Hj0uFN7nRHQJkzxlA/e0ESMX/avLbuvk76PdofyQ94aad9XtGMXAAkDyHgRAAAMA6Qi0AlE60Tc2pbvlSTFbL61wcw3kyHC4qWvFnFxz0A2sQAeDfH/vO2LVf+XZNWoXjSzEZm74bntb8Z/fj8OPx49K/vWfLsucMIC0AXKIF4PIbnhpF7p5x+e7DlTO2fDiurN297drcDFz4+bUE7fUgAACAdYRKAFi09MlIEp9bbb8vvaLlJ7HZzX/SCm0SHdi12fAUMsAAcNmNT1YtuH7/ZxILW7/PZ/oqNPVfzLkAcOFEQIUTO5PGz9o8d+qS3V8vnbblbHQGL+jj7Z8hf7wAQwAAAOsIoQAwnBQmFrS1xGba/hKR3vx3rdByM7kWALjIKFJoBhgARhTYbhpRYH8zOtNOZ/6e3vFM9thBxp0Ao7WpgFtkAeDm3LqOr40ta38vIb/1nxGpHAD49+g9kjxWECAAAIB1hEoAKKxvLyX/PiLPfiycm/61QkmS6MCeTIVfpbPmfgaAEbmbksjymMymnZHpVFy110S/x69F0VYAdwCwiRifFoDCic4csjKtsmPfmOK2P8RkOv7GQaav46I6YQYBAACsI1QCQHply1Ly3oj8JipCjdrMeBGpDiqyjZ4A4DnIy6/9Bg5vQ/8DwATyWmwmb79dhNPvaH0atMsARPb4QRaR3kLF3y5isx2+AWApeW9McTsV/VYRntRG+PVvpNfhXZhJgfcGfQAAwEqsHgAuv25fFMnPrnF+anie/ffc/Ozu7Me9/z3N5efO8HwP9sHRzwCQPr5j5diS1qdis5p/x2f/7mZy4ru8r+zxg4z7AERn2s/rBJhd51xK3htV1Ebb7W3F4PeHX4eXEq8HAQAArMPqAaBi2uZhldM2L08ud26JSHec0QqMt9ir6hIBIKNq61hSm1TWfjCxqFVEarMY+v2+wmSjANJrnEvJeyMKW6W/oxAEAACwDqsHgPgsWxLpjsmwvRue0vKPC874VXTpAHANOTE8v/39KJMVfyabCMgbAIYXIAAAAASMlQPAiMzWvPh024rI1MbvhfN1ZN9r/SqTBIDy6bvHkmvSKjdvTyzs/GdsZtu/wlPpZ9TpId8vlwwAaAEAAAgciweAa4dl2J+JSH3i12HJG0TYuE3uEHD+dV21cKGRB4BacjKtslt7DREpDhGZ6rlmLnscRckuAWRQACDuSwCS31EIAgAAWIcVA8C9a78+koxPLXc+FpXa8ks6+/+ru7e/p7jKD+5quEgAKJm6pZacTK3sFOGpTdqQv3Dvkriyx1EUAgAAgCKsGAAWr9ifv+i6fZ9MKe842jcmnotq39S4CrtIACia6qolJ1Mq26iIenrFm+H1+EEAAABQhBUDQHZV2xxyfGS+7Q/nAoAnBHDhlB/c1XCRAFA4taeWnEyu6KCzf8/r8JI9jqIQAAAAFGGlAPDAF47Hk8tmXvWkY0xR6wexPOb/vABA/IuniqQBYDMFgM0nkyr4EgC9LtnvmcClOgFiGCAAQABZLAAkk2eWrj4ihuV3UCH1BAD5wVxdlg4AzRcNAMMLHNLfUQgCAABYh1UCwMMbvp140z2HJ9bM2/1STt0WEZVBBZQLKQKAUtACAACgCKsEgEU37K2cvGT7PfFZrSe1JX65iMoO4udf01UPb+NAA4DscRSFPgAAAIqwSgBIK7evTi61H4/JtP/ePZc8HbBlIUB+YFcHbyMCgKoQAADAOsweADJK7Qkkd0Su7fGEbNufItNbzrqLqAmb/r1wCUBVCAAAYB0WCADpZHlcZuuB8NRWKo683O9GOlvbRAdszzKyZmPpAIBOgAAASjBzALj/80ejRuU4psWmtuyLTG05rTXT9jX9owVARWgBAABQhFkDQP7EzqiCSZ2lI/LsD0UktfwmnIsmr/PPASCZ15TnIknOXb81By40Aw0AssdRFPoAAAAowqwBILncnkiaRhXa3oxIaz7rPvNnXEC9Z//nHbzNAQFAZQgAAGAdZgwAk5fuKBg/f+sNY0taX0nIsWnXlbVir5318789AUB+EFcbbzcCgKoQAADAOkwaAG6sXdT7jcTCjt9EmHBFvEtCAFAZAgAAWIeZAkD17K3RZHRyRfu6MaVt/y8m0/5heN9Zv4UMNACYyKU6AQ5HJ0AAgMAxUwDIm+Acl1vfuSAhx7Y9gof7adf7LzhIm1+oBoACBAAAgIAxUwBIq2qbSl4cnm97LzylUYQnUwhIlh6ozc3KAUByCcAbADAMEAAggMwQAG6+85lYsmDiwm0tY0odv4vLpoMxBwAqlO5LAOT8a7XmxYVmoAFA9jiKQh8AAABFmCQAjCZPzr16t0jI4zH+jVQceZY/PijT/+UHa3NCAFAZAgAAWIfqAWDmVbtHT1y0Y0Lx1C0vplc7RVQGF8gmN98iaCWh2gcAlwAAAAJH9QBQOKWnOru+69MxOa0ntbN9rfj7HJR9/20VoRoA0AkQACBwVA8AIwra1ozIb3sjOqP1TLjvMr8knAIB0y4FyA/Y5mTlAIBOgAAAalA1ANQt2plBbkwqdz4Vm+kQkXwN1vdsn/+tXf9HHwDp4ygKfQAAABShcACYT05n1HQL92x/vMTvE8RcBW/AQjIAuCgAuBAAAAACSbUAUDazO5KUZta6Pp1U7vr18Nw2CgB08NU6/Vm4458vK18CoEJ6yRYAye8oBAEAAKxDpQDQvu314eu+ejy3cGrPJ0YVtu6MSLV/EJ5MZ43J3PGPQwCTHpitxdIBoPniAaDAIf0dhSAAAIB1KBYAar9q++FDORN6vhaR1vybsJTGv/N4//AkCgAcArQgEAKtAAgAqkIAAADrUCkALLnh6evmL3/q6LjSjnfdw/02uYt+Eh18eeIf/n8oXAbAJQBVIQAAgHWoFABG5jjWjsi2ixgqEuEUAHi+/zCe65+LoVb8n3AfiM91yrIefn0DDQCyx1EURgEAAChChQAw9bK9xeTL6RVd34tOs4uIvgLnOdvX5vvnf/P0v+YqeAOmvV6CAKAiBAAAsI5gBoDLrt0bTlImLth5S9XM7b9MrXBR0aMDrW9xC0VWvgSAiYAAANQQ5AAQS1bXzN12ILGk/Y8x2ip/G+lA6znTD1Uh1gfAGwAwFTAAQAAFMwAUTupKKJrc/UR6Vefp6KyWj7Rmfq2zXwh09LuUUA0AaAEAAAicYAaAyPTm4WR3RFqziKCiF85FL4mKQIrFpvcdCC406AOgKgQAALCOQAeAOz/1cgxJSq5wLo/Jsm2OSG95k8eGuwsfHWS5+HOBkx+ArY9fO+8DLQDYuykUIQCoo/8B4MyHZ8WJtz8QvcfeEY8eekP7oFWufVn6IQQACIZAB4Cpl+8ZN2XJnkXjyjp6ozNbBAWA84tZqKMQFK4FAE3/AoCJhEwnwIt5/4w7GLhefls8vP917QMo+2ACABgt0AEgu941gTw3utjxXkRqIxWzEL/e7ydcCwBU4PkyQEpzN92HToDqGHoAuJh3P/hQCwb2o2+LB3tPiRX2E9IPLACAXgIVAGrn9USRufkTnRvHlra9l5BjE+HJm6jIIQD40wo8twKk2EIrAIRCC8BAvf3+h+Loqfe1YHDP5lNiWdNx6QcZAGCgAhgAEsjOoslOEUcFIIzn90/y9Pg//zpriHMHgPDkVhGR3N5N0AdAHYEPABdz6p0z4shr72rBYI3rNTHn0WPSDzgAwMUEIgCsuv/Q1BvueuaxgkmbT40saBOR3OmPh/vxPP8qFDDfYqoVV9/7eBu9rRQX+1nZ/fRVa93w/q4/9/3haVoxFAl5rWJkcYcYXdr5l9Tx3e+Wzdx7qmbBU1/w7sPCqT0UAHpOJld0UDjwBCe+TMCPJXtNikIAMBhfRjh44l3RdMTd8XDKlxAMAEDOyAAwefb2SDLyshv23bfwhn3/nVLZ9VetdzvP8a9RpIDxNpx3KYLuc1+Dp3/7FHHvfbLC3vc99/95aCN3ckzItYvE4nYRl2P/Pf3O6cj0ltPRWbbT8Xm201QIfxqRZjsZn9t6MrGk82RqVdfJ7LrN36iYtevJq25/yb76oVeWe/dl0ZSeWnIypaL93KUTz3NJX5OiEACC4OxZofUv2HX83IiECesxIgEg1BkcABLJjIzxzvbEkrb/o4P+P/oKqEoFjIu5ttgQhZLzij1/z+bh2V4N/xz/PM9ayF+936OfJ1z843JaBJ+tV8zcKhYs3ysqZ245FJvZsi653LmuctaOdZfd+My68XN3Xk0BoJ4CQD0FgPq06u56CgDVFADKr77j64UUAMZ592XplK215GRqhVOEp/E2erYTASCQzBkALsY7VJFHJKw/6B6RgKGKAKHDqADw6f/41oiaeb31SaXtj8Zl27/XV6xUxGGEL0doZ/be++iAn2ITESl2jbvlgoMA3U/FNzK9ScRnN4vc+m5RNXfHH8eUdB6i33Ex+p4rIa/FlVnjck28bIdrxW1Pu2ZeuevW4bm2+pIpW+uXrnyu/vMbXq1fv/GHSbJ957V933+WkDX3rX1xzeT5276SXe36VWJhGxUi3j4P39dhApfqBBgSwwDNwHdEAg9VxIgEAGsyIgBQ8Q8nuePn9d4RldX8dt8ZMh9EvWdTFx5cg4cXIHKPu3fznvVT4Y9mya0iPKmT7qMCRWewXIAp1Ijkkk6xbNVh8cWNP/wFmS3bF0NBxf8O8k8KAGLaom0iscjuOfvnbSZJxGQhgCd9ulgAGF7gkP6OQkIjAFwMj0g49jpGJABYhREBIKnUGTWupPP+kflt34pIbzmjHTxVL1S8fRwEPE34Cbk2kVjs+GhEXusvMqo2n5x6xdMni6fvbKcA0EABoIECQAMFgIZrVh1uoOJ/A0nr2XkqgsTctfZo9oqG5+oq5uysy6jtmpRZ2zFj2hX7Pj3r6gNOus+ZVtPtjMm2OSPTbc7wFJszLKWJNDrDUhn/u1mTP7H7W3Ov2SsqZmwVKeUdIiaTg5MnAND2avMF+L8OxaEFwIJef/dM31BFHpGw+AkEAwAz0DsApJU0jksuapwUl2E7FJVmE+Ha2fTHFCpvq8Cg8O/7Ph4XSEbf63te77997yP0e3xGGpdrFyOLW8/GZtvfjc20vTUiz/aLpHLHqYzatu+OK2/vql+0Z8NDXz6+4eEnTsxede+xKJK66Ibn8vLqO/NKp28pL5u5vS6loqtubJlzYmqVa3rVvO231C7cuTa1unttYkn758aUOL5SMWv7D2oX7BYFU7aJcRVOKoAtIpL3jzben7ZFu/zg6YPg7R/BlyW0Hv/8fc/PeITT9us2H4B0vxoDfQBCCA9V5BEJHAz4QIOhigBqMSAAXJta3PhKXFbTb90Fipt1OQRICo+X/GDbT1zEuXB6baQCyeh7jJvK6SsX2gg6ww/Xmvu5eDZSAW4UUWlNIn9yt5hxzd4PKuf09oyf1fvgVbc8dffsq3ddQQGglgJAMQWA/Ie+cjyfAkAiFf8x5M5FNxx6PH+C8/HS6VsPlM3Y/mpKZderw/LaTkZk2F6LyrK/HpNtfyuSwkREesvpyPSmX8Xn2P88Ir9NxOc4RDQVwAh63e4Z/5h7G7Vw0lf4+avn31zwfYq/9//u+zgg+OkLQTL0mP6k+9UYCAAhzndEgneoIkYkAASHXgGgdt72FHJdemX7rpG5zX+Lzmj8h7vgcACwn19wdMVnw56ipxVTbyGk0MHFniccoqLKYSSCvj+u1CkKJ2/7y+jitiOR6Ztc0emNrorZW11XfuLpprnX7b962apnqju6Tpauf+yVRXd++uiasqnONQmZG9eEjd20hgrymuH5HZ8pmb7j2cLJW18dU+ygwt/+XnpVpxhV4BCxWhO9ZBu1Ys0F34MDiFbc6ec9gUT7ytvvPev3zpPAgcBb7PuKuC/v6+Whgd5/e76n/a4/vp+/T/8OAlwCACnfxZMwIgEgMHQMAFPJTzOqu+lA6dCKcrg2RI4P6kYGAC8u+BQ2NJ4e+1xYOQBwx7l099e6hbvFHZ9++X/IEtnr8HrwC8ceowAgKAAICgCCAoD78bTOgfTaqODyWgYRqRspWDwuIpMfFxHJT1xYXD2F1zvHv4aKvSaJ0fe8+PG5gCfT82m4qHsez3sWyp0Q+9D92uui39H2NX+l+zT0fR69cB6+j34+qAEAnQBhALB4EoBxhhoAbrn7+Uhy6/xr9z+dUe36w7C8tguLjaEFh4uq5/n4jJkKKfc9GJnfLsYUd/x6XGnHsYR8+6PhGU13hac1NVAAaKDi/4mGtd+cc92dz0+bsnjnFSWTt/xb1vhuZ3ymwxmW1OKk7Xdm1fW8Vjp9q0gstIsoLqxUrN3DADkAcLH2ntW7WyA4EIRz8ZZto/Zz7q/avvA9w+878yfcq9/7f+2xiLfXP+O+Dv76WgL436TveTyPqT0ebzPjf9PP+vL+XoCgBQB0wUMVvSMSsHgSwOAMJQDUztk1fML83QWLrj/w5JQlu8XwAir+2pmnt+jQQVO7Hs/FjO5j3jPZi6LfOa/AMbr/vAMx//+c8BSHiMt2iFGF9n8kZNveG57r+K+UcudruXU9T46f3fvIopuenrPinhcL02o6ikcVtVamVrqmTly85/b6y3Z9qXjKls7s6u7XUsqcIjaDgoRWML0Bxluo6Tn75gHwFFLtPsKv0bNdXNwiM+0iJtsu4vMcYlhBqxhZ1PbP0cVtf4/Ptr9PYeE0hYU+kRk8K6D9dEy243QsictynI7Pbjsdl932ZlSW7T9jc2yvDy9qPR2bY389mv6fkO94c3hh62mvYfT/mMyW/4zNsv08Ia/1dHxuK/2u+7FiMu2nozPspykMnY5IazkdTl9p+07TdtL/m/87Jsv2/vCC1rPD8ltFfA5vs40KM+3Lvv1+bv+e43mtfe+P7GeY788Q7ffc3/P2AaDXd64PQHXnUoI+ADB0viMSeKgiRiQAXNwQA8CE6tk7/yOtyvXayKJ2EZHOBZIOlFrxpIO+79motzjID6w+6Of5rJebtdM8TeDa2Hw+W+V/8+Px/71FmqfdbRJ5E7rF3GX7zky/Ys+22nk7b8+p7ZlGAaB87rUHKh740vG7rrv7hcb0mg4XBYDnR+S3/jA+x/Hz2CzHL2OyHL+OyXScoWJJZ/Ke7e17bHo+7/bzNtBX98+4n1cLB/QzWo98uo8ehwp+p0ir6RJF0zaLmvk7xPSle/626Pr9fxo/e9uT0Rm2dXE5jnVUrNeNKGhbl1nbva5s5rZ1VfO2r5u0ZPe6OcsPrFtw3ZPr5i/f98DExbuuWXjjUzffcv+Rzy666eAtM6/ev/yGu448sPK+F9d53XDX4QdmX7P/utnX7Fm1+Kb96xZe/+Q6+v+6CUv2rKuct2td0fQd61KqXOsohKwbRs8Xm9O6LirLsW50aceGgilbDkxcsucPNfN3isIpmwX3Y0gs4g6K9Hq0os2v18MberR9w+8No3/T+6UtXOR9b31/ru99JFoAcD+OFpKyKARktfgEgHYKAO3vjeBLAOf9LSgHAcCsfBdP4oMeRiQADC4AXH/P4eGktmzm9n9LLu/6bmx262/cB3nvwd4XHTh9yQ+s52i/wy0GfE2b/s0Fpe9Mmx+/SURQIYnPavtXxawdf69buOvt4fn2neXTt7iuvfWQ7cY7D18796p9c7MrOz4xIte+hortp2ou2/NkxdwdFFJsv4jPsf2BCr/2GO6iTkWHi5zWXE6Pz3g7tUJGBSu9VcTktItRxZ0if/IWUTVvx5/GlHY+R9vjCktpJE2ucPp3eIrNFZfV5hpT5nLlTupxVc3b5ppx1V7X5Tc/1X7L3Yea5yzbe3NcTmv9yCJn/diyrvrkyu562vb6xTc9Vb/stqfrb/v0ixPWfvW7k//9q9+c+OXGb89ucZ24q7Hz+19+zPFd51eav/PVrzR99wuP279n3+A47tzgeMXp6PnRo107X7+zZ8/rxRs7juc+svHl+n9/7Jv1D6z/Zv3KB75Wv/T2w/VzbjxUXzZ3e31abWf92IrO+hFFHfVxuR31mfU9c+oW7bplwQ0HG2dcvc9VNafXlTfB5RpX6nDFZNLrSePXZjtPenXXy5Vztr2fNbHr/0ZXtIvYXIeI1EITF3bv+8bvE7eYcHDj99Dz/mn7l0MVT2Rk11pJojJ9WwCcFAAwCgCCwH9EAhZPglAyyACQS75QPKP3mLuDHxcBLgCejmjyg2f/aEXjCa2IhCe3EXp8rRmev0fSG0V0RotILnb961Of/86H2/a/eZCke7ftvs++FJFV0X5lRlnbrykAeLaL8Zk6X47gIs8FiTsLcn8F93O4O+TRzzDt2jj9TFqbiMjpFokVW0XJrO3i+nteEOubfvAmmeu7P/Sw78CrUSSBv9q6TlSTHzxu/6743KMvic8/+g3xhce+qfn8Y98gXxePO77/o7atP2skebLH09vjra+s/FLzsZNL1zz9+4rLtosx5Z0iJpv3Hwco3r/8vvP7v4H262OEOzHS/byfkzzoZ8PTWkUkhaqojLa+AJBVu3kpeW9kYfv5fwvqQQAIBd6hijwiAYsngZUNNAB8ev3x6itWPvfJnAk93xhR0Paut2lcKwLaWR8XT2/RHSQOAFrfASrMfBae0vT3yNSWtxILOr49ft7OvUVTtj2WUuK657YHjj76yYe/3r7whr2deRNdTjoTd9IZqSs6w/5CQnbL/8ZQUOgba689NnfWa9bO/uOyWsXIgvazyeWdf04p7zydVd11cvqV+09OX7r/yYRc+/0UABooADRQAGhIrNzaQAGggQJAwyPNP1j9ePuPpq177Pj45Xc8W1s+Z2tdyczuWSvvOfjgjXc90zj/+oOdtQt3OnMn9TjHVbicCXltzojUJmd4cqMHbWNyi5MCjZO2y0mhRhOe2tIVld7Sw18Ti9ufrFuw/beTFu8QNfO3itoF20gv2e42v1fUzNv5u9Lp238yMr9tV0RKkzOCHtsr3HdWwVSeVdD9XDzrIO0fZ2SGzRmX2+ocW95N27nNWT1/p3PhDQedl6989j+yJ3TNjc2z1Y2pcNbNWf5M3Z0Pfbtyk/PH2Y3OE/UUAK6hAHArBYAGCgANFAAaqKiT5oYRRa0PFk7fsjF3QteB1Iq2k/FZzT+MSW9+c0Re29+G5bT/IT6z7Y1h2a0/TqvsOll/2b6TU6440OD9m8qs7l5K3qO/p/P/DtSDABDKfEckeIcqyg6qAGYxkABAxT/8ipXP3zph0d5n4nMcf9B6tmtN5/RVCwB9B8oh4ACxSUSkN/49LsdxJjbL/t9Rac2vxqXbewvqtnz11vte+uzy2w5fO6akbXJ2TecnSmd099Qu3PbH9OpOrbhrzc0avlTQLPja/qiiDpFY3PHXmCzbr6IzbP8Vl2k/NSq/9bW0io7jxVO6Xiqf3rNt6uJdG9Z99XsbbJt/dteXWn5Qtvz2w3lVs/cU1C3cUTl+bm9N3qQtdWPKnHWp1d3TqMivmnfdgU9Vz9u+NrXauTatuuOxhSt2/2Dh9Xs/mLRkzz9LZmwT6TUukVjSKeJyWmk7PK0K3pED2j7zBJO+8ER89yP//AV8f8dNCzT0PQoXIoIen2mjETT8O97H8/58C52Bt4hY7jRZ7KTt7BHF07aKyZfvFVOv3Hd6bHnHxqgs29phBe1ri6b2rp20ZN/9s5cduLl67s6Fw3Pb6tKrnHWFU3pqSqb3Voyf3Vs8dcn2vHse/mbOho6fFDV3/Wf9stXPraqds33D2CLHxmE5zZuTytpfGVfSeXh0QUd3clFrc+3s3g13PvTNDfd//pUF3r+rDAoABAEAzMl38SSMSAAzGUgACMtoiRhe1N4Un9/6u4j0lrPa2TU30XuKttZBTg9pLSI+r/WPRVO3vFo6fcvjqRUdc3NquieUT+25vGpmd1NWTedzowpbf8i932Mybe8Oy2/9e0wWX2Om3+3TJKKzmsWYslYx65r94oqVz/ysYubWr5RM3XxbxazeJZnVrmkUAGpLpnRVUQAopQCQTwEg/6v2V+d/YeMr/0Eh43EKAM0UAJ4bP6f3OAWAVykAvBqb4/hhfK7j9fgc+5uxmfa3ItNtb9EZ9a9GFjr+nFjcenZEYdu/6PuCtyeKwkeENh0yF1/vdlE40S6ZcMsGFWRv0deay/nfFyvgvs4FADf/79Pvefsz9D2G+99aACEcjqLSbbSdNm0UAG23oAL8IYWD/6btfYu2+63oTNtbFMDeID+Lz3b8mALAqxQAXqUA8J2S6duepQDQPe3yHY/d8+8vf/HRth+tfqLzJxnLbn0uhQJAPgWA/ITs5pKkso5aCgDjKQAUUwAooACQf+dD38qnADDa+3d1LgC0n/93oB4EAOg/XjzJd0QCFk8C1fQ3ANAZZllYcmMDFfvvnDe0SytoVFzSeOIfz33+1061TmLnCp+7INF92pk6/w7/fpMYV94pymb2fjS23PVS8niXa8nNB5wzr9z7aGpJ14OjCtoeGJFve3x0Ycs3R+Tb/4fPrHkuffeZdLMYltcqkis6/zch1/Ei/d/FYrKbXclVba6rbn3WdcdDL31u0XVPzrhm9cH8tV86lrH6ky8tXXDNwTXJBW1r4tI2rolIfpQ8sSanruux6Uv3fads5vZXU8d3/zirrvv3dDZ/dly581/D8ttEZCb3ZPe8fm3bva+PXoPG+z3eLu/3/Hn3A/1b2xe+qEjz4/QVbqL9ju/P8O/5OO+xfX/O8xjaNnm2re97zPs8/D3P9zU+j+X5HQo6gjtPJha3iaSKzr8lV7p+lzre+UZmrfNE/aLdr0y8fN++kUVdD1KgWROZtGFNepl9zawrd6z5zH98Y836J45NkP1NeWXXdi/NrulGHwAIDTxU0TsiAYsnQTANIADc7e6M5zkz5cIgP0heSCt2rZrwZIc2613YOLp/HJ2187/5bDe9UdDZtrh/3bf+SFbYe36QRW6dvnjvs4k5ThGTYdOG+/Hc/RH8mNz5TOvIxyGgWWTVdonpV+35DblKtv2+Vt79UgY5vGDZUyKZznwpAAgKANpMftyU3tfh0P91wCXQ+5DGHSopLCRtEBQABAUAQQFAUAD4sux98CqY0LWUvDeawoX8sZWBAADG4csIvosnYUQCGO1SAWDSZbviUytcFSPy2x+JyWw+5u6cx0O8+MyQDoi+Z4mXop2p+p7xcmtBi4hMbf3HiPzW02NKHIeis5vWVs7uXX/Fjc84s2t6nCML2nZm1fV8c0xJ569iMux0tt8kYrNbxLiyTpFS1fVuSk3Pd4cVdD5GAaCBAkADBYCGmVfvve36Nc/Nvf7O5+ryJnfVTb9y351zrz7gTCl1OiN4id10ktrsjMm076Cf/++MaqeI5zHp9Nhc+Hl2P3fTOW8jb3s/Xx9o7y3PyKhNcUzvb0JOi0gb3ymq5u4QORM2n+ROj+HJTzhHF9mddQv2Oum9dmbWtjtp/zuj05tfGJHv+F+ejEj62OpAAIDA8l08CSMSQG+XCgBpFV3lY4o77huW2/omBQA6yHMA4BYA/vdAAgDxXt9OazobndX8p+gs+69istp+mFXjfLFsWldjcnnr/GG59mvIejrb/0k0nfHzxDoxWfa/xGbbfj0sz/bLsaVt/5U3cetrpbN3HKi9YvcX51x/cO6iG57Nz6zrKh5T0l6ZVuGcMmXx7k/Uzt+xdmxZ+9qKWdu/NmHBbjGmqEO77t136ULbfh6ytpHuo9ej3ecbUCgE9L1G+gqX5nl/tc6N2iUh737j/3PfDPe+DU/eKEbm20Xp9B2iYPIWkVLZJuJ4ASVer8H/EoqaEABADd7Fk3xHJGDxJBioSwWAkXkdj1Dx/0VURtOH2nXpJB4vzwd6T9HsdwCgn+PiQEUiJtP2Qdp45ytZNV1fSat0Layc2rWpaELniyML7N+PyWr+KZ3pvx2e1viX2KxmkVTWLrJrul6rmLGtfcG1+x65atXB26rn7ZpGAaBixrUHym++66W7KAA0Z9V3baYAcHhUfusPh+XyDH/2tyLTbG/F57T+gXuWR1GY4KbpCB7r7+kz4A4y3uLvoW0vF38v733wsbTwxIXeGwC8vN8n9HcTRSFsWG6bSMhppeJvF5H08xH03kRqrUIIAABD4h2qyJcRsHgSfBz/APBI2y/nzb7+hWWRmfY1sVmtx2LpIO1eb58OgNqkPNzE63Og5n/zmTWvTMdftbNsz32ef0dn2cSw/LazMZn2b4wr6dg95bLd362eta03PrfpM8mlrU+PK+Y57G0fJZW3i6IpPR+NKXG8FJfd5Eof3+kqnbJ57YJl+65Zc//h9Tff/vTjScVt90akNK6Jy2q+v2TqtieLpmz98aji9jcT8hwf0GNoQ9zc2+U5o9f+TfgMlRf0oa/ugu8p8N6ixX0JtM559DPa/R78+9rrYPTa+wrbuZ/nToHcOVBbAyDXofWoH1PawZ3lROr4TpFW1SHyJveI0lm9omx2ryifs11UzN0hJi7ZLWZeve9jzfBatl9MX/akmH71AVG7cJeo8DxW0bStIrOOh/S5REqVS4wp6xCJ9PyjSjrEsIJ2bcgfT8F7/ut2v57zeb9P/IvxRX/HQwsAHtL7eR9zAONRCPw3xP9mHM54qWbu/EiPf+F1d5UgAIA58YgE38WTMCIBmCQA7J19wwsneLpWnttfKxz+vAd3vl6eROGAl6TlSwRaCOCwwE3rdB9fW6d/jyhyiKxJm/9Kbl6x6tAs8l9Vs7ZpP8dhQhtOSCrpvk/ce/iPZIXvNq26/eBo8uSCpbsEz+5HAYB+h1ff85lyVgsc/Jz0Vds+n4KuFSK6v6+I+fwMN1Ent5I291fv1MD8/b7HJLSdEbSNEVpgoN9JpZ/T0H30cwl5rWJ0cYdILXeK/AmbxXgqzpMW7RQzrtwp5lzdK1aseUas+ew3xN2f+4a49wvfFPev/7Z43HFCdG3/ycdyks7tp0Tnzp+Jjh0/F+3bfyHWbzgu7v/3r4t7P/8tseqBF8Tim/aK+Sv2ielX7RXV8ykY0POXzNwusuq2iDElThHFwYjfq3GEv2pDBPm1MN4/hMOR1gmS9y991cKAZ5/x97QOm7xvzjXrn7d/Pf0nePIm9//5MSl8MG1SJ+/EThwAvD/Pv0s/r3UipH+rDQEArMV38SSMSAg9/gHg1rXf3luzaN8JnrOd53l3z/VOB+sLuIuidv2Wv6ZyEy4XDXfhiMtxiLxJW8T1dx0WN9//grjytmfPlkzr/fqonI5nc+t6/phW4fz9sGzHf46ftfOVKZfv3zOquOMz1fO2r7/29kPOxasOOesv3+scWWR3RqY3OqPSm7dmVTlPZ9LZdEwGFxjP82gFhJ+bt4G2yVOQ3Gfp/H/PfT4i6HVFZzhEQm6bNkFQEhXssSXOPyYWdr49Mq/tJ+OK207m1TlP1i/YdXLW1U99q3Dqlo3DCuwPRKQ230UBoIECQAMFgAYq/h50X1pzAwWABgoADRQAGgombm6gANBAAaCBAkADBYAGCgANa9Z9o4ECQAMFgAYKAA0UABqowH8sCgANFAAaKAA0UABooADQQAGggQJAAwWABgoADRQAGigANFAAaKAA0EABoIECQAMFgAYKAA0UABqo8DdQAHB/TW6i18GvhdH3yKjC9odKp2+zV8/Z/nT1nN6TGeM7To7IbTkZn9l8ckxR2/9kVLnE2DKn4PH63KrAQwPd+9UTCLQAwZeIuMDze8LvD9/v+bm+sEC0cMD3e7/Hf1PKQwCA0MCLJ/mOSMDiSdbkHwCuuO3g3qIZ207w2a33bE0rpLIDYt9ZnBsX5mF0hp42vksUTt4q5ix/Sjz8+PfEZ776XXHDJw//s2jytt9GpzjepOLx+tjizu+WTug9eN1tL26767PHHqmau21OZm3XNcUztq+vW7LnJ2VzesXwAhvPCEjPw8XE83yyM1P6P29nBBUivmSRkGP/+/B8+19js2y/iUhtOR2VYT8dk+V4Kza79b9is9tOxWW3n0wsdp5Mr+o6WTCp52T+hJ4Xsmu6tmWUt9lKJ3ZumLe0d8Ndnz664dGmHz3c2Ppa9Z79ryb47iOreqLtVCKZ+qnPf/v2lfcc2TBp3pYNGWW2DWPymzfk1rn2VM7uPZk7YfPJ5ArnyeH5rScTch2n4nNaf0H7862YzLbTEWk2Xo74t6MK2j4cnmf/e1yWTZurwT0REr1n3r8bLShw4ecWFPqqfZ/fR8/31YUAAKHNOyIBiydZg38AoDP1vcUzdlAA4CZxOjBzc7HvwbsPn/XRV23Ofv5KB3I6sJfP7BV3PHRUNKw9Km6+57CYsGivyKcwkFbt/FtiUduekQWtD1TO2Xnzituff/CuB7/WPvOqA7vyJm45PKrI9r34nJafxmY53h6eb/vLsLwWKh6e5/I+vvYcXPwv3B4uNPFZDpFa1iaKJ3X9edJlu35WMmXrzuHZjnX5E3vW1V+289Nzrn3yzvHzdl5OBaueAkA9BYB6CgD1FADGUwAopQBQWDKhM3/+VdvzKQDkUwDIpgAwnAJAhO8+sioq/pFkJAWA1FWfPJJPASCfAkA+BYB8CgBlFADqKQDUUwCopwBQP2nRriuWrnzm7nnL9j5YM2fbujHF7euq5+3cPXf5gTer5mw/k13TLUbktQse0dEX3LwtR/SeagHzvNaa899TBSEAAPjzjkjwXTwJIxLM4cIAcGhvUV8AoIOetrSrf8HlMzZPAEh9Qutln1Tu4rXvxZKbnxRLV5HVT4kF1x84Uzl7+09SK13PRWfaXIXTtjprFu5y5NZv/krVnJ2u6UufPJpR0/0DOpM8HZfV8lEUN+9TgQinUBGurQbIz8MFgp+/RcRkO8S4cqdIqnC9OabU+VxMjmM73e9iUek217AchytrfLurZtbmlkUrnvrc1MV7V4wrbK+fceXu+lX3P1/1Ffvxwk2uE31T0MLQbN7x0zHOLT8uefg/jlZft3p/fW69q37BiqeuX7Hm8CPTrthjK5q8xZVY2OmKzbS7KABo4nLtO5Krul5Mq3G+lTK+Q8Tl8CUb9/t7/t+YkhAAAPrLd/EkjEhQkzwAbHcHAO3AzOPl6eDn2xlKCwB8Vsf3bxLD8uxi0qIdon3bq+KutYdEbOaXRXTmJu4J/8sVdx5qXPflb827+o4XE8jOGcueorPCViryFCDSOt2PrU3Cw5cb6PnSNmgBgIeGRWidx+h5UunsMb1RJNLZff2SvWLxykO7H2l6bQ5J9t12UN/GHW+lkiuvufuZfVOu3kqBziYitL8x+nvgywG+f2fqQQAAGCpePMl3RAIWTwqeiweAVndx7pv5j8MAFWLP2VoEfT+1qltMvmK3qJ23Q0xZtFusuPM5cesDR8QdDx4Rdz70olh575Ezs67e/+PciT3PRaQ19aRUud5IrXIJXqaXe9NHpPBKeTw3QItILOwQI/Md78VnN54snNh9snJ677Mjcjs/QwGggZ63gQJAAwWAhglL9jZQAJhHxT+NxPluO6iPin8CyaYAsIACQAMFgAYKAPQec8dKW0N8XuuD5bO2HyyauvVkXK795LCC1ndHFreLqCwOB56/Q210Bl9C4M6GHBx5dAEVaO3vlL5qAZW/cnjkYOEJF3y/vLD3FwIAgFGweFLgfXwA4Gu3dPCjA2942kbtujwvCjOqyCUq5uwSy257TixbfUgsueFpMfGyPeLaOw6LLzWfEF+1fV/c/7lviIpZvWJkYRs9RpOIokIfl2M7OzzP8adhOa3vxme0vhWdbjuVkGM/mTG+62RqeedTY/PtGxZfe2DDmgdeupOM8d02sL67PvPySHLbkhuf3jC62LFhXEXHkynVXVoYiEhvPhWd2fJWfK7tvWEF9jPxWfa/x6TxsFBuKaK/Ua1vAX9lHAY8AcA7SoH/nocGAQAg0HhEgu/iSRiRoJ+PDQDaGT8dYPlAm9YkEnJbRVpVj9YUX7dojyifvp3O9o+Kz2/4jrj+rkNi+lW7ROHULpE/uUdk1LjEsHy7Ngadz9TGlbpEwaStH9Qt2PFK3WW7e8pm7/1ManXP5RQA6ikA1FMAqKAAkE8BIJ+KfxqJ8t02sD4q/pEklQJAPgWA/HHlHeUUAOopANQnV3QuKZm69aGJl/VunbR424mcCZ1/TCzmViQ+w+cz9PMDAE8spC19zCNUuPPo+cV8MBAAAFTB/Qt4qCJGJAxefwJAOB1g4/NaRdL4dpFc3ilKpm4TN9xzRCy84aCgwi0WrHhKXHfnc2La0j0ip94lYjIbRdp4p8it2/xeQq5tX3hKkys8xe5Kq+xxjZ+9s2n+dfsfWLLq2asXfeKlGoJOedAvi1ccTCTVV6988polN+5+qGSmq2lseauLAoCL/lZdsTm2PRlVPf8vucwponh5ag4BfIlAm776gmI+GAgAACrzLp7kOyIBiydd3McHAJ7gp5mKf4eoXbJNFE3qEhPnbRefe/w7YtW9R0RqeYeIz/LMokcik1tEHJ2JzVyyT6y+66XvkDLfxwcwynWrDxeQb0y5bJeIz9goeOZGbYbHJDt9RR8AgJCFxZPk/APAstXP7y2dtuNEODf70wEzOtMmxpZ1ioIpPWLC4m2idPpmUTJtszbkr2rutt+Nynf8qGDClh+WT99xeGS+cx0FgAYKAA2zluxroOJ/FUn0fXwAo1DxH0munLJwV0NcxsYGnrlxWK5zbcmkrYdyarpei81qORWTafsdrzKpTXGtdRakYODtM+CZn8DNcx9fAjt3PwIAgJXwiAQOBty/gIcqhtqIBP8AcO3Kw3vLKQDwdVWeMpenfc2u7xHj5/SKaVfsFFXztr2fN6nnjdElbT9KyLEdisloapp55Z6Nt9374j0kxfexAIJt5e2HxhEKpDs3jcxvsQ/LdRxKyGn7UWyW4xfxua2/TSzu/FdctkMbjaIVem1WS/o30wo/d4Il7vsRAABCge/iSVYekeAfAJavPrS3bPrWEzzMamRRh0gZ3y1Sxzu1xW0uv/ngPxesOPDkpMt3351Z65qdkGurpABQQAEgn4p/Oon2fSyAYKPiH0XSKADkj8hvKaQAUJlU5pxZOn3LXVOu3LN37vVPnS2YtFnEZ9pEpHbJgAs/D3310s78vaEAAQAglPHiSb4jEsy+eJJ/ALjrgef3Lrl+/wlema9w6tZvZ9RsdiWXd7ooALiuvvWQ86pbD9289NZDpSTe9/cAzGLpqqfiSMmyOw7duLzh+Y6KWdtcw7JsrsgUm2tUvuPl7Jq2f4zIc09MFU1BOCqt+ecUArrIbNnj+ZPeCQDWZdbFk/wDwOOPf23v5x556cSnPvuyIHf6fg/A6pZev301+Siv1imiUmxieGaTSMxu3EwiZT8vI70TAEKLd0SC7+JJqo1IkASA+RQArqHi30BKfb8HYHVU/IvJnXk1zgYKAA0UABqo+M8m4bKfl5HeCQDAfBdPCvaIBP8AAABDI70TAOBSvIsneUckcHGWFW09IQAA6Et6JwDAYBi5eBICAIC+pHcCAOiJRyT4Lp40mBEJCAAA+pLeCQAQCL6LJ3GBv9SIBAQAAH1J7wQACCb/EQm8eBICAIC+pHcCAACAlYmw/w8D59p9QURxGwAAAABJRU5ErkJggg==Dynamics CRM Outlook ClientGE.EIRectanglefalseAnyAnyfalsefalseSelectGenericCSharpNodeJSIoT Device TechnologiesVirtualDynamic0e4c07fd-732f-44e3-901a-81446a6bcd4cListfalseSelectYesNoIP CapableVirtualDynamic5a86ce50-eedb-4cd4-9686-8619c3196d05ListfalseSelectWindows IoT CoreOtherDevice OSVirtualDynamicc654e773-cfea-4cee-b832-ed22bf619348ListfalseSelectDirect connectivityAgentsAzure IoT device SDKsDevice ConnectivityVirtualDynamic2774528e-4318-498b-9228-8341d7112a6aListfalseSelectAzure IoT HubCustomDevice Identity StoreVirtualDynamic51551b3e-c1e1-4181-b8d3-b74ad078b0beListAn IoT client agent which generates and sends telemetry data to the cloud, and receives messages from the cloudfalseSE.EI.TMCore.IoTdeviceLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAQMAAAEDCAYAAAAx0WHLAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOwwAADsMBx2+oZAAAABl0RVh0U29mdHdhcmUAcGFpbnQubmV0IDQuMC4xMzQDW3oAACpZSURBVHhe7Z35nxbVsfCHXUQWgSCbCiIuCO7exHwSF3KjbzS5r4mJMTG5Nzd6XaNxlmcZZhhmBgaGYVUQjeQqxHiVRUUkoqJhGWD2AWRREFDgvn9HvVWn+xmHpobZus/SXT98xamZ5+nTp05XV9U5p04eAHSJpzYcg7tf2g9T5jZAn+d3QF7+TsijfwW7KaiFvHQTPI36C+pUJyNK6rAtu/k2CuGCz+bkufUwc9V+oOc2qIuOYIU5Hlt3DCZUNuJgQlINkFe4xxtcXAME+yBdod7+/K5ZQzBs1l4cOwjXRiEa8lH39LzSc4vP7/iKBqDnOaib9rDCOVu/geGkwEwT5BWhRX9evADnoLcwDoTn3zuOKj1Xx7oYXlKPYwjh2ihoAp9feo7xeabnunzr16iac3V1juBnfz2EH2oWS+4ybR7BV6jSs/WrkyEZejOJIbAKeq4xbHzkjS9RRWfr66wf7n3lc8jLtqKLsYv/IsF+lEdQD/k2eARiCOykAJ9vfM4feeMLVNW3Omv7H0owKY9ADIG7+KFBwSazhmBIFj0CFV4ybRTsQCWWG2H+tlOoMk9vbQpUA0myve7iewSmDcEwlSMQQ+AEGDIMSdei2jzdqf/8hMIDjCPYDwj20+YRmM0RXFSM8agYAofYqaKB36w9jOrzjcFgtA55BejasR8QrEYlC+uh0LBHMHQWGgHJEbgHegdDMawjHSpFqlwB94eC3fihQdH7J5QyTaEMgXgE7pJuRjWiHfjVmsM4oESRztFmCEwnCyk0EI/AadCQ/2z1Qci7bWmrN7C4PxLsxM8RWBEaiCFwn/xdMKkS9TimFC27TCe6g+8RFL5nNll4oSwoihV9aa9RH1lq7A6FaAjwTZzabNojQCMgoWXMQDvA/0KwDt8jSBnOEVyocgRiCGIJKxTswjcEmQ/MzhoMl+nDeMMKBXvwDUHacGgwajYaAUkWxhtWKNgB7UlPN8IzG80mC0fQdvZUA99GIT6wQsE8/kaSJ9ebLUwyqpSShWIIEgErFMyiDEEDPLH+KD6P/EOqA/EIEgYrFMxhi0cwG42AJAuTBSsUzKA2HTUYNwQXU/FSMQTJgxUK+lGGoBGe2mA2NBgpOYLkwgoFvfg5gqcNzxqIR5BwWKGgDz9H8PRGs6GBlywUQ5BoWKGgB0s8gpG0oEgMgcAKhejxk4V/esesRzCsWHYfCj6sUIiWnCEwHBpcrJKFYggEH1YoRIclhkB5BLLXQGgPKxSiwc8RPGv4pCPxCAQWVihA6KdMt+UIzBoCdYZmkg2B0qsU9GFhhUmByr3R2XO0yCbTAnnF+zyy+P9UwIP+zf1Mh9DS39HJtt01FH7NwucMewSJqUfQkV7p/0mvVA28va7RW8srwr8ng819X1JghbEEH2B6kClOpgdCHRqzEybMqYPblrbAz//7EDz69lHkGDyD8fyCbafUlB/9/Ou1h+Gelw/ALUtaYOQsP/tOA4j+pcF1vkHkewTPvWu2HoEyBLHMEZyr1z5orCeWe3p9oJ1eKU9T/elpdQ4l/UzyB18/BN9b1gqXV9RDvwL8rnSj9z1ETwy/y7DCOEFvCXpD4CC5KLMbrpnfCH9869wTaHvCL18/DJdV1EH/QrwGvWHoOu2Ly7YZArMeAR2SoQZ3+35xnXZ6HZrdDdcuaIT/ePPsg0R7Cu0NuaGmGS4u8b0LenG012tcYYVxgKx6Cq08PpC3LdsH5R99g3rmlR8GxVu+hlup7DwVLVVvF/IczBuCEXE7DZn0Sv2bX4v9vQ/mbP0ab5O/9zBY+NlpuGPl59CHrk3XpXAi2Ka4wApdhuJzjA1HlNTBH/7HzKafh9YegUur9sOzhpOFQ+nsw7gYAjKyqFdKgP4+JA+gu1DYOKYM+5NyD2SUuHa6DCt0EXLJ/VDgMYwFg4pMGsPj4hFQ6bdMMwzDUMf01u4c6c0n4Duz0dBSUplePly7XYQVuga55Gipf4ExfFBxSeSiuBx5pvS6Fx54zU69/udbR6FfkTdTFIvpSlboCpTUQW/gmuoW1A2vsKShPALXDQHpFb2BaTWteEv8fdrErcv2+17CeWaVXIAVuoBKENbDr9eaiR9tJBY5Al+vD//NLb0+ueGYZwxcPmCGFdoOumWD07uh5rPTqAdeOUnjIpo+dN0jQCNAel2y/QzeEn+ftjO6FI0BzTpw92c7rNBmsKMnVjZiv/PKSCLfKaNpTMcNAbrZEyub8Hb4e3SJa6oxZKBVjq7lEVihraSb4OoFkh9ozyh6E6kEFtNfrhBDvX7vhf2+h+CQQWCFNoID5rqFzdjPfOcnkTFz0AjQsmiuv1wh3QzTY6rXO1b4+yFcMQis0Cq2Kws7pSoeLmRYjFalylw2BJ5er5gXb73SKkk108D2gWWwQpsoqoNLyiVH0J5Y1CNAvY4pa8Db4e8xTkydj8bABcPNCm2hYLda1BHs3CQzJA6bjlCv/Yv24O3w9xhHaAWl9fsaWKEVYJyVaVbbTYMdm1TiUc4c9ZpugoJNydLr0h1nPN3R8mq2XyyAFdoAxpN3rNiP/ch3btIYHYfpQyLBen1ozWF1/2y/2AArNE3hHhhWvBf7j+/UpDEiV1CF6yuXQL0OySQrPAhCxXSs1SUrNIrnRpb+4yT2Hd+hSWKU87MGOSjsE70SeSk0CDYWS2GFJkGreV21zB4Q19c0exWUuH5yDdTr9IUyPUz86KX92B8Whgus0Bj49iiqw/7iOzFplH140u4Ys8ugXtEYBO8vyfQtrIW8Asu8A1ZoChz4VMQy2HFJZlJlDBKH6Qa4vka8gvZQgV3rFiOxQhNQFVqMjYOdlnTmbzvleQeuVuml2Fi8PZYBqT121UBghSbAATO5UgYNB1Vgpv5h+812sN1T5kqIwHH7cqqobZHXxwpNkG6CwoQtROkqVO/f2dwBtjtpC4y6ygs7z6gQSuVUuL7TDSvUDbpKF2TMryso3nISZq46AFfPb4SrqhrguoVN8CP8+amN5gdzX6oA5Frt/oJdMChtXq9Z1OtPVx+EmxY1w1TU67TqJpj50n54+h3zeh1dgnol3XL9pxtWqJt0M9y1ch/2Dd9hUbJsxxm4eXELDEztxlHTqvIWag25wq8VQHL8edLcBqj4+BR+jP+uKKGBbOV01PlAb+/OFebqGNKBOSpjT/ojz4r0GdRr4V6YPK8RKj8xU12JTuvyCqEw/acbVqgVdJFQUWURH4bB8dNXD3oDAwdtpyWv6a1M8R22dcZi/ctpyWtR7bTFpewU0msTzPlIv17vXHnA0xU98J0l6Nr02gTTF5kxXKqNNnh9rFAn2BF0xl2wg6JmLBUGyaJF7rYScJBnmowsqx1UhG11pU4/6rV/oX69jiO9UkGRbs++eMZrcLoWv4b/7qi4MIXXtkGvrFAnGC+Nna03rqTTlnqdkEvVQf+U3naPnY2xpe3bYHNgO6m9wXuIkiF0XkRvKz+hp9hPs15nVPshDNcenbBCnaCLds8rn2Of8B0VNtdUozfQW0OQo6geRs3WtzbirpX71TXZttgG6vVejXqlIrkqLODa0l2wj0eX6VsS//j6o+G1vTewQp2ga/ZnTTULHnztEIYGIa/1zzTDnSv0JD+L3j8RniGLGnxD6zprcuZL+7yQj2tHT8FQY6ampHbNZ6fsSCKyQp1gpy/fqSeTOzCKmJtyDgX63GF3jEET0ExNsP1RoKbmwk7A0ffh9wavFRXeTFF38xwhwwp1QUkedMmCHRMFj739pRqgbDt6Cxq0H710AC/DXztM+tJUWWcZctNo1Ov3l7di/0el12a452U9oc7gdAQvqu7CCnWBNz9QU8bZS75FlKTBN8ioWXreIkMztNvNkkUqHYHGimY+gm2PgjGl/poQrh29hfRaokev4+egTgsNJ4dZoS6ws0cU65nKUYYgss0++L3odQSvGQXjynDAmB40nYHGalhWp15DDhHag2FZ8JpRMKWqPrqXVVdhhbpAi36JpumnyLeLoktZreHsx6lVGFvaMA11PtBYjUWjFWx7FERe/AWN/NxPol91et1Cmg0xPFPECnWBg/ryiuh3KpZ/9LWy8GwbwgK//5mNx/ByfBvC4qbFzXZMQ50PNPKTKqPPGVTR9u6ojXy6QYteb1lCOxgN65UV6gKNwSQN25YrPv4memOAinzkjSN4Ob4NYXGLE8agDqbMi379hdJr1MYA+/rRt6I/Hv62pbT+JdHGYC+MK9MVJkQ8j4vuZOH70a+XmLEQB79pd7IzMEwYN0dTmKDOMmTaEBZobHQc/T+9JulhQuEeuHiWnhOTIn+DZPVscrmyCt8e1ucMSK8xMPKUcEbDFrxmFFyZ+ARiwW4YXKRnanHM7Aiz8AW1MDCtZ/BPLMd7iGoqLSxoalHTlDG9TMj4sO3oLfi9IzXNdllRzYoV6iJ/F/TRdObevaoAZURvkXQj/IumQq5D0rTOwPKdizTVl6/nIVL7NaLy+vB778bvD14zCoZmaMVjkhcdEVl91ZCVZxD6nDStMWiA6k/1FD3xkodRrZcIEU3rLgjvjRq2XvH7MIZfrmtJNXl7Ua6X6AqsUCc4aDIfnMD+4DspTG6swTdI2LMKqUaYXq1x4EedCA0L7Oc5mgrWTFuABjLsKlBoCHQWcrVCr6xQJ/im+8Vrh7A/+E4Km75kgcNys+l7MK4MXiMqnn3nmOovti22gQ/TI29EPyWXIw/DzdD2bNBJydjPwWtExZ/f+0p5l2xbdMIKdYIP52SNFpjO+iNvpNcGgQYevv10eTXEd5fRwhTLZxJyFNXDvyzVV0bs+XePejmh3rra9PlMCzy+7ih+LX+tsLl9GdXetECvrFAn+FAN0Fwe60kqJkHhQk+z0PQ5NCiPvvUlfh1/jSgYnkUDFFXmPGywnaNL9Ewb5/jVmkOeQeipoafP4ecfev0wfh1/jSgYppKHFuiVFeqELHFRHSz8TG/VYVrKSmW8VSa6q+4luY/491TWvWpb9AtRgvRxYftyDmwntTd4D1FTSAVg6KEmY9/VvqK/U3+/B57XVGinPdbolRXqJtsCVIUo2Ek6uOeVg97g8ctmK+NEi03a8K22//uZqw7ix/jvipI/Ub7AtROZ0d2mdgfvRQc/XHGgnd7w37P06j98NAuhfr8bbl1qplT/UxsovIl4QVxXYYW6QWWN0uxSBnl03VcwsbzeMwxUL4ASjTSI8Gcq2Pq7N/XFkBx0sIv1y5CDpBrgtiXN2Hz+nnTwh7eOwbgyfOhJr6RPMvioX6q3cO2CRnh0nRljleMaNRNiiV5ZoQnQTQt2lEmqP9UfBpwPVQiV3mpc39kKvoEHFOkvPX4+dJVi6yqeN2qJXlmhCdA6/uBFc6fv2MxDaw6jsXRkSjEIGvk/vmXWq7KVh+k0JZv0ygpNkF8LdER1sMMEyBteTO4twvWb7WC4ZToEtBWq8mWVXlmhKbIt8KvXzSQSbeX5d79yL3HYHnKBZ+2Hyo+/wdvh7zGJqISwLYnDHKzQFAW1cGFWvIP2XELJL1e9AgLDBDrYNHhfSWdk8W4vSc31mSlYoUnSTUCLR4Kdl0SUV0CrJV3YmMSBhmBKldnZBBspev+4nyuwTK+s0CToHQzM6FuebDNDZ9W76xWQIRCPgOUi9H6t1CsrNA0OpBtq9G1ttpEfr4qw/kLUoP4mlItB5/g/r0RYf6G3sEIbwAFV8o+T2H98p8YdK/a39wR0fydW6tvS7Rpq1aOtemWFNlC4GwZlkplMpJOd1WIUrl9sJtUI4+aIR9ARo8sw7LMtadgeVmgLqQaYPFffvnIbuHVpK75dLXUjzwd6chMrJEfQEbcuwZDP1vAgByu0CXwwqH5hsHPjyO/eOOIZAteWHaMhGC85gg6h8zSc0CsrtAnqQOzI3/1dX9UcE6jpJqpi5FqeAEODiZXiEXREerNDemWFtkEdiW8fE3vNdUC1HFRiiXbWcfdvK+kGmFCerDCuO1QrvdIuWEf0ygptRO0/3wtULy7Y6S5T9ck3MCDt4CpDNX0ohqAj5m87BX1Te93SKyu0FbKw6Jb++5t6y41FReGmE55HoAbM9nPv11ZQB5fNlenDjsh/j/TqmCEgWKHNqJChCe5b7faSZSqWomJJ10IDNATiEXTM7/FF5aReCVZoO5RUzDTB1AVurnu/cXGrt7rQtWQhhgbiEXTMDYtQp2rWwDG95mCFroCDc0DhLpjlyErFRdtPg6pNQAOGux+bwb6eWCEeAcfif56GYbTfAPuI7TtXYIUuQefToRJuXmy3l6DOBCT30cWVhdi/l4tHwHLHin2gStK5qNcgrNA5aC0CWeWd8Nu/21Vi64kNx9S5EE4sOuHAfr3UsEdAx7Tds9qudSZPbTyuvFK1qtDVsCAIK3QVUkqmBYYU18HDfzM7eB5ffwxGlqInoA71sKAmfk9AQ3CZ4QVFFR99jW/dOq/aE/bjD140U9I8x6NvH4PRtHekN4e12AordB2a0sE3cb+CHXDvX/Sec/Dz14/A4BQaJfJUXHYdKTQwbAioVJoyBOqo8u2eUaV+xYfw5iWtULxF39F2D7x2BC4oIr2iJxCHkICDFcYFNXhQeTiAxs+ph3/7azSG4VdrDuODg28Lqn/vsieQA/vLdGhQ+bHvEdAZFsH2kQdIfZ1thQtStXDLkhYo/Uf4Jz7/eu0R9IxopyG2Iw567QxWGDcoVqdFIJTAI1A2o6YJfvH6YaCTjWv+2bUzEpbuOANUiuwhHCSUsOxH36u+0x8wcYgd0w0waa5Zj6CcQoO2xVhMG9ujFqKhDiiJh58ZXbJXhRJ/fOtLoFWAwe/moLMU8jcdV3q9cVEz9I2jXrsCK4w1qGhSLg0esvbF+5TSaQBQom9ophZGztoDFxfvVv8Oy9bCQHQP+xWQQcGBkcW/p/iVBop6U6CcvY6DoEdwmWGP4FtD0N14nPSKqBARQwk6No0e6IJd0B91RycojfB1SgzP7lZ6pd95esW/z+mVztSMk167CitMGjSI6MGmtwwNpiAkp9/H+Q2BD9DkeWanZz1DQEa2u4agA0ivpLOOdJsEvXYHVigkC8oRGK5H0OYRhGUIhO7DCoXkoDwCswuKyj4UQ2AFrFBIBsoQmE0WziZDkOpJjkAIHVYoxB8LPILZH54MN0cg9A5WKMQbNARXGDcEIScLhd7DCoX4goZgkuGK0+IRWAorFOIJGgLTZx+WSrLQXlihED/STTDZ8MrCUvII1GItMQRWwgqFeIGGYEqV2RwBHZUnhsByWKEQHyzIEZT8gwqEiiGwHlYoxAOVIzDrEdBmIc8Q7OHbKNgDKxTchwyB4QVFCz87jYbA3wPAtVGwC1YouA0agivnm501qP4UPQIqAkIbgrg2CvbBCgV3STfB1PlmQ4PqT8kjEEPgHKxQcBMLQoMF277xDYGEBs7BCgX3QENwleHQgM6N7FlhEsEKWKHgFpQjsGHWQHIEbsMKBXcgj8DwMXPe9CEaApk+dBtWKLhBpgk9ArM5AvEIYgQrFOzHAo+gLUcgHkE8YIWC3aSb4GrThkCFBrL7MFawQsFe0COYajg0mEcnHcmsQfxghYKdoCEwffbhPJk+jC+sULAPNAR0RFzw4dSJOvtQVhbGF1Yo2EXKvEfQdsCJeATxhRUK9oAewaWVZusRVHyUmzUQQxBrWKFgB8oQmPUIKsgjoHMNZPow/rBCwTyULDRcs1A8goTBCgWzkEdg+DTkNo9AcgTJgRUK5kBDMMn0achb0SMQQ5A8WKFgBjQEEw2fhuyFBjJrkEhYoaAfNASXzzW7Dblt+lByBMmEFQp6sSBHUC7JQoEVCvpQOQKzHkGZOhZdPILEwwoFPZAhMDx92HYasuQIBFYoRI/KEZg2BHTkWYN4BIIHKxSiJd0EVxg+DbnNIxBDIORghUJ0kEdgeK9BqToEVTwCIQArFKIBDcEUw+XMSyVZKHQEK0wi+TuRXR4Ftd7DQv/mZNxnugOGBqY9AnUactI8gs70Sr/nPpdEWGHswQFAA4JiZnxI84r3qbd2rspvv4KdMLBoF/TJx7+lYh40/55t9aCHiYp7KAPRxYGE332F4XMNShIRGnB6xX/b6XVA4U7oj/+q2RPSLemd/i7T3M5jSqiBYIVxhAYJKdtnED7s0xc2wY9f3g+PrTsKlR+fwmfm3IfohZ3/C8t2nIH05hPwh//5Er6/vBXGzsZBRINGfRc+YGQslHFgrouDbbLhWQMVGsQ1WRjQ6wB80K+rboR7XzkA/7XuGNBiqmB/5CDdUhm3J9Yfg5+uPgjX1zTDkPTZ36e+n7tuHGGFsYHeAPgWz7Yod5AKiT689giOA35wdJfqz07Dv646AOPLyVtAA0FvFzV4/DcLeQSGFxTN2hJDj4Bc+za97oKr5jeFqlfiP978AqahUelfiPokj5D0G/eQghW6DinNt+yXlO2FP759DPXLKz1Mfrn2SxicQg+BHj50PacYDg1mbaFkYYwMQZteG+CS2XXwn2/p0evTG7+CyyrwuuQBUn925AW6Dit0lXaDZdqCJli28/+hLnkFR0lq80m4c+UB/F/+9zoo3hKnZOG3er22ugmW7DCjV+Lmxej9tRmFmHkKrNBFyG1Et3zaQrNTdzaQ/SBGhkDptQmm17TgrfH3a4LvLt/vGSgyDFy7XYQVugS5bDhYhpfUAyXKgkpLGrExBG16bYDSrR0nAU2yeMcZGFveqNoZi9CBFboCDXhUxL2vHkLd8ApLEpk2Q+B4Bpym/VCvP1kdblIwKh5cc8TzEijJyN2PK7BCF8DOH5jZa+1bQzffGgLHPQLSa3ovzHZMr0u2n4Fh6J2qdQvcfbkAK7QdfGtMrDBbHswm0puPx8MQKL2aXaXZWyhnRUflO7lwiRVaC3ZwphluWGRXMskkmQ9y6whcDg1Iry0wIybJ3x+uaFXj1Lk8Aiu0Ehww+Oa4a9VB7G9eCUlDLTEmt9Rpj8DT6x0vfY63xN+nizzw2mG8LzTSLhkEVmgd9OZAQ7ByP/Yz3/lJY94np7yEleuhQbYF9boPb4m/T5d5aC0aBAoZXFmPwAptA98cEhp8S9U2NATOn4a8Xen1xsWteEv8fcaBmasOeCED2weWwQptAuNh0+XBbGIuHYuuPAKXDQGSqjd+srQurscXmROzDKzQFvDNNyi9G/uT7+SkoY48I4/A9dAA9TowtQdvib/PODKyBPVm+2pFVmgDlHhJNQI9AMGOTSKxOQRVrSxshPKtJ/G2+HuNK55HZ/GsDyu0ARww978qMweEZwgoR+C4ISBQrz9bnUy9Pr7uqB8uWJpQZIWmwYE/siRZbmRHtHkEcTAEqNfRpXvxtvh7TQJXzqPdlwjXP6ZhhSahaRi0npQxD3Zk0lDrCOKQIyBIr5kmmC96zetDOrVx/QErNEmqAW5aJNuQiduX00q2Fr6fXAP1essS0Stx3ysH/HCB6SeTsEJTkLUsTLYbGUR5BS6tYmNBrwBDneC9JZn+RbXo8VmmV1ZoCnQj6W0Y7Lgkc/dKqtxLG1+Y/nIFfAtShaDgvSWZ+1/93D69skITqKlE2YnI0a9oj91TUueD9IoxcvCeBMgbmLZMr6zQBOhGTp3n9vbVqPjesmZ7M9CdkaqDq6rEyHP88EU6h8MivbJCE6SbILsleQtRusLi7WfsTDh1BWw3nTkRvCfBw9OrJesOWKFu0FW6IGN2XcHCz07DzJcPwrAsJXZ2e6CSRpfsgZmrPgfaJRj8jE6GFVu+eo0D2zsobTZEmLftlNLfmFLsP79NpNcxpXvgvtWHznvIig5GleA4o6nGYN+ZgBXqJtME5DIFO0oH+ZtOwISKBu/Ni95JW/Y+h6rHh7/LtMCIknp4bN1X+DH+u6LESzg5svstB9UpeNHM9uQnNhyHi0vRBaepWdIf7fA8S6/4M+k72wKjZjfAHzSdrRHkoTWH7NErK9SJv8iIavgFOypqbl6CMRsNFDp6rNM95/h7GkBouL4zx8xuO/UGoYHMts8y1CKjZsh+oD/0I/2oTD3pqysuOO0ZwLZOrDRz6E2boeLaphNWqBN02/riwAl2UNQMxrBEvRm4NnWGv2GobKveTVRD0v4bjWuTbaBe+xXswmbz9xIFlR9/A30oDCD9cG3qDErm4edpm3jwu6NkcAoNlgpLmTbphBXqBK3y+DK9ceWAFD5Q5A1w7ekq9FDi4Kn5TF8uYfJcDGd6OtB1g17MBM16VX3TW2NJn8fv0alXWnHb6/EYBqxQJ/hA/eQv+naxjatAbyCs6RwcOIMy+lbW/Ww1xpc2TUWdD2znva/oq2s4rIQMZUiJOHxBXZDRZ8geX38U+wvbz7VFJ6xQJxizP/eunqSct5qvFa+7/dx29BQMNa5fqCeHQGGJynFw7bCNdAM8+44evd65gvQachIu06Rtjwx5IVYkEVmhTjL6ahv2obXg+WFPz+F34lsweK2ooIIvfDssA43ksh2nscn8fYSJcu3DTsDR96HrHrxWVHhGvgvJzihhhbqgjLOmDv/N345EZ31pahTfTsFrRkH/Qhykaq6caYctaNTrT6OccsXvvVtTRe4L06hT00lEVqgLHNQDCvTMJIyOcnEHvpmGZfXUahxRjPfR2yRZ1OCgHlioR6/jZqNOo0qqYj9flKnFy/DXDpMJ5XQfEY3PrsIKdYGdPaJYT2erxFunawl6gaZwZ0I5ZcwND5rOKNgDwzUZR5V4i1SvevIGU6gCkumZIlaoC7SEY9GyBzsmbJbtoLX9PVxT0FVw0NDS1+C1w2ZqlQPTi2isxs3RM8tCKwjZNoQFjpsyDUf9T68JcZarp7BCXeCgvqwi+kFD688jz8Lj9z+54Shejm9DWNy0iAaNBdNQ5wON/KTK6PU6/9PTaIQjNvLY10+si16vVAXKuF5ZoS7QGFyuYdDQyjQdxuDRt7/Ey/FtCItbFlswaDoD9Xqlhu3o5InpMAZPro9+34IYA3yDjNO0Si2yjHMO/H4yOsHrhs2MhRa4k52hwgRNeo08TGjUsuz82mp8WSU6TCjcAxfPikmiCQdl8JpRYEWiqTNUYliTXmkZb5R6TevZvEQesnG9skJdFOyGwSk9m1km4Jsqss7GwT9UU/Z8Is0mmJ6C6oyCWrigSNPUYpm3l4BtR2/B8TlE09SimvrGccS2QxesUBdqlZeeoib/96+0b5yWIjPt6C0YItyZpMUpnYFv6j4pPbMJP/lLhIVF0Sv4/gt66mwMKqLFZEledERocq8J1dmhl6dGF1XrcmRKMkXoFoeFpvl5QhWgiUivy3f8L16Cv26YeMvMDeuVFeoErW9q83HsD76TwuSel/fjIA054YTt13noS+TZ87BIN6Je9RSsuX05VTMKuV+w/dMW6NmAVvLhyei8m+7ACnWC1veB/z6EfcJ3VNgML6nH2CykGBNjvAEaa/w9s/EY9pfl04o5UK//hqFZ8B6i4sIs5VLC0yuVpw9eIyruo1DH9EwCwQp1UrRXy8Kj9qjlvL1NwhXsUQqs/lRfEYxb1Vx0RMmysNGs14WoB2UMepuEo1ASvYxyjVWsLsd+siIpzAp1UlAL/Qt2YJ/wHRUFVOlYHUzSU2tMisOBl9YU3uQYlqk1n3HuKvhQ6dqslKMyd2J1Tz0E/7MFm/TqdVDRTs8IcW3SCSvUCnYEKmCBxjdsjvEVjSrR1eUHjP4O/55CjeB36aBPIRqD0OsxRAUl4BqM6HVkKYZSpNeuPmCUgMS/p88FvytqZn/4teonK5LCrFA3qAiKm4IdpYPH1x+HEVRSO+tXSqYHnuoFtIEDhZRVvA+GFNfBb9+IfskxBy11VgOc6z9bwfZSiffgvejgwTVHQB1fVuyfWkR6bK9X0rPSaytQvuFhQ3qlqcvQk589hRXqBhV1UUbPop2OmL/tFNyLBmn8nL0woHCXqthMhUSGZ2vhBy/uh7KtZg/bUIumbN+6HAQfuouy+hKsHIWbT8J3l7cqPQ4oqoU+2K4BRbthbFkd3P3SAaA3c/AzOrnApvMWWaEJ0Dou0LAF2FXUWyzKZbdRgd5W1SdmDamtFG854XmjXL+ZgBWaAF25G2rMHGJhO2p9hIormX6zHdKrpoKxrnFpOXoFPU12RgErNEF+LfTVOLfrEoPTFO92MRlmG6JXlqVUcIdyGTZ5e6zQFJkm+PGqA9hXfAcmkX9/8wv3EodBUK93rTRz5qKteFuWLfP2WKEpaH15gZ5dYq4wWCWYHPUKcuTvgr6Fotf20CnQVuULCFZoklQj3LnCzInMtvHw2kP2TDv1FnwLil7P5pI5GCZIAvE80LZmTdtfbWdghubHLZl26i1qu7roNcj4SjT2thgEVmiaVD1cWmFmlZ8t3KDKm5FXEOJRcKYpIr2KQQhijYfACm0A3ePf/u0I9hXfgXGm6P3j/uBwcF1BZ6BeH3njC7xN/t6TypQq8hAMh4Ss0AbIPdZ41p1N9C1yeCqxM5Re6+CFHWfwVvn7TyqTKxvMGgRWaAtFe2FoNllz1OPn1Kkwie2PuJBAvXaVK+c3mzMIrNAm0F2esSgZc9Tff2GfeVdRF+kGmLZQX8k7l5g8l3IIBsYBK7SNTDPc/oKegqOmuP/Vg+4vLuouCdBrT7m6GseC7lJorNA28hEcODNfiufAUcfFU8LQxY1IvYHuN9MCP35ZVp1yTKcZJfWC0DQuWKGV0MBpgpkvm9kfHxW/XJMzBGFX93UFX6+rDmJ38H2UZK5f3OIbBK7vQoYV2op6kzTBjRqrEUfJj1b5Nf8Tawh8fA/hZhz4wT4S0CDgeNdiEFih7eADdEWV29udb166Hz0CjS6gC6BeKZse7CsB8mYs0uAhsEIXSDXA4GwdVH7iXkGUi6lGX1JmDboL6vXCbD3MdVCvUXPjktZoDQIrdAWqY4fx9v2rD2Nf8R1oE1Q/UR0UakNZbJvx6xPe54hedTKjJsKQgRW6BMWbaBBG4Nu29EM7y2vV/PMMjJ2D3gApMen5ga5C/YTeE1WitlWvpojMQ2CFLkLFQlONML3Grm2yty7d560otKm8lUso768JpmPMHOxbU2Q/OIn/8L/TxfU1EUw7skJnwY6hBw89hWvmN8JSTYdmctyypMUzAFTNJmnrB0LH1ytyNeqVPK1gf+vg+U0nYQKdtZHdB33RSAV/r5ubwvYQWKHr0MOnBk8DjJm9F37/pp5dcv+17ihcRptN/GtLSBAy1J/t9fp3PXr9+etfwBA6Cp/Wg+Q8vKK90D+1B17Yae6FQ9A0e2gGgRXGBjQK5GZm8S2NA2lSZT384rVwDwOl1YNTqxqgH5Vso4NY1NkG4glEy9l6vWJuAzwYsl7vX30QvjMbDQ89/HRyN7eLFHXdB9sx72OzOY3QPARWGEf8rbPqzYIWng5JuXJeA/zgxVb4zRtfQHrzCXVuw6J/nsb+/bajqYrtgk9Pw6wtJ+F3+Ca6a+V+5arSOYLqTUHfR98bl4pErhHQK8muROP8wxf3wW9Rr3QsfDXqryagVzo0h87cfHrjV/DI37+E7y1rgfFl+D30XTm9kmHvzLsjo4TMNWwQbg7DILDCJEBnFuYUr45Wa/J+9k8tImOh/o6Uzf2dPPx2Qg8vpy9/Orcv7XMh3SoZPvDkXbQdrUcPfw+8OksMwk2LySD0Yv0KK0wkOAhoINBgogc9B/2s5D0YJIIFMHqNQqe+Qag07SHQ7FVPPQRWKAhC9/ENQtlWs+c3XoVhUo8MAisUBKFnUKIxVQ9F75/A55J/WHVwDdVDoBCJa2NHsEJBEHoOGYSieijcZNggLEBj0B0PgRUKgtA7KDeBBiH/veP4XPIPqw6u7Y6HwAoFQeg9ykNogOcNG4TrFragQeiCh8AKBUEIB5VDQIPw7lf4XPIPqw6uVSFDJx4CKxQEITwoZEjVo4dg1iDQJr7z5hBYoSAI4ZIzCO8aziGcz0NghYIghI9vEJ57x7SH0EEO4RyBIAjR4a9D+LPpHML8hnNnGc76QRCE6PE9BNMG4bqF6B20DxnOaqQgCHpoMwiGpx3VyU1+yHBOIwVB0IMyCA3wnGkPoZqSimgQ2EYKgqAH3yA8+45ZD+HqBS1iDATBOL5B+NNGsx6CGANBsAELDEKeFO0QBEvIGQRD6xDyRs3a41V+4RonCIJeyCCkG+DpDcfw+eQf2qjwSi1TA7iGCYKgH99DeHqDXg8h7/5XPwc5+08QLKPNIOjzEPKW7Thz/p1MgiCYwTcIz2hKKqr/9CvEi9Kaaa5BgiCYw88hPKXBQ1D/uX0Z7WJq5BsjCIJZNBmEb/9HHQwiswqCYCV+yPDU+ugMQtv/qESi5A4EwV58g/BkRAbhrB+8KigYMnANEQTBPH7I8MT6o/jInv0w95ZzBNNyWxrpolxjBEEwizIIjfD4unANAit88LXD3lFRVAlFjIIg2IfvIYR5LgMrzHH78n3eRakaChkH2ccgCPZAz2ZRPRRtCscgsMIgcz85BWQYRhbvRoMgnoIgWIMfMvT+oBbI+//sU6AIy6pkzAAAAABJRU5ErkJggg==IoT DeviceGE.EIRectanglefalseAnyAnyfalsefalseSelectGenericXamarinAndroidiOSWindows PhoneMobile Client TechnologiesVirtualDynamic84259115-f55a-44fc-9423-6c239e36e595ListA representation of a Mobile Client Application (Mobile App)falseSE.EI.TMCore.MobileLower right of stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAEm5JREFUeF7t3aFTXMkaxuH7J65BrIhAICMQkYiIK1asiIyIiFgTEYFErEAiIpARSAQiMgIzd85sZbdDTt3ab5rQ89KPeLpgasie2eI7/ZthOPxns9kAAJNZvfH/ub6+3lxeXm4+fPhj8+bNm83Z2dnm+Ph488svvwDAFJZ9b9n/ln3w4uJic3Nzs90i1/fNQ7V640P39/e7B3hycrL6PwIAZrfskR8/ftx8+fJlu3Wu76eHZPXG1vJM3zN8APh3jo6ONu/fv98sT54f7qmHZPXGxXLgr1+/Xn1wAMD/9/Lly83nz5+3W+r6Pjva6o1fv37dnJ6erj4gAODfu7q62m6tP+61o63eaPMHgMex/EhgeQP9w712tB9uOD8/X30AAMB+Xrz4dXN7e7vdZr/fc0f67pO7u7tdqawdPACwv99+++92q/1+Ex7pu0+W32dcO2gAoN8hXS/g7w+WN/559g8AP8/bt2+3W+6Pm/EIf3/gZ/8A8HMtT7QP5UJBf3+wXNJw7WABgMfz6dOn7bb744b81P7+YHmH4tqBAgCPZ7m0/re9d6TdsrwpYe0gAYDH9e7du+3Wu74pP6XdslylaO0gAYDHdSi/Drhblr9etHaQAMDjWq62227Eo+yW5S/+rR0kAPC4lj8b3G7Eo+wWAQAAT0MAAMCEBAAATEgAAMCEBAAATEgAAMCEBAAATEgAAMCEBAAATEgAAMCEBAAATEgAAMCEBAAATEgAAMCEBAAATEgANE5PTzdnZ2cA8CSOjo5W96OnIAAa19fX28NYP0AAeGzLJry2Hz0FAdAQAAA8JQEgAACYkAAQAABMSAAIAAAmJAAEAAATEgACAIAJCQABAMCEBIAAAGBCAkAAADAhASAAAJiQABAAAExIAAgAACYkAAQAABMSAAIAgAkJAAEAwIQEgAAAYEICQAAAMCEBIAAAmJAAEAAATEgACAAAJiQABAAAExIAAgCACQkAAQDAhASAAABgQgJAAAAwIQEgAACYkAAQAABMSAAIAAAmJAAEAAATEgACAIAJCQABAMCEBIAAAGBCAkAAADAhASAAAJiQABAAAExIAAgAACYkAAQAABMSAAIAgAkJAAEAwIQEgAAAYEICQAAAMCEBIAAAmJAAEAAATEgACAAAJiQABAAAExIAAgCACQkAAQDAhASAAABgQgJAAAAwIQEgAACYkAAQAABMSAAIAAAmJAAEAAATEgACAIAJCQABAMCEBIAAAGBCAkAAADAhASAAAJiQABAAAExIAAgAACYkAAQAABMSAAIAgAkJAAEAwIQEgAAAYEICQAAAMCEBIAAAmJAAEAAATEgACAAAJiQABAAAExIAAgCACQkAAQDAhASAAABgQgJAAAAwIQEgAACYkAAQAABMSAAIAAAmJAAEAAATEgACAIAJff78ebf3jLD8tx8ezwi7RQAAwFx2iwAAgLnsFgEAAHPZLQIAAOayWwQAAMxltwgAAJjLbhEAADCX3SIAAGAuu0UAAMBcdosAAIC57BYBAABz2S0CAADmslsEAADMZbcIAACYy24RAAAwl90iAABgLrtFAAA/w+3t7eb8/Hzz+vXrzdnZ2eb4+Hj1HADsb5mrZb4W79+/33z69Gk7fusz2dotAgB4TDc3N7uT0dq8Az/fixe/bj5+/Li5v7/fjuT6nO4WAQA8lnfv3q3OOfD0Tk5ONssrcQ/ndLFbBADQa3mmsbzUvzbjwDjLqwFr++xuEQBAL5s/HK4lAu7u7raj+s/M7hYBAPRY3ni0NtvA4Tg9Pd2O6z9zu1sEALCv5eeLR0dHq7MNHJarq6vt2P41u7tFAAD7evPmzepcA4fn1atX27H9a3Z3iwAA9rG88W/52eLaXAOH6cuXL9vxFQBAh+WCI2szDRyuy8vL7fgKAKDDxcXF6kwDh2u5QNAyv7shFgDAPkafO4C65WJdy/wexBALAMjkDYCQZ5nbZX53QywAgH0IAMgjAIBuAgDyCACgmwCAPAIA6CYAII8AALoJAMgjAIBuAgDyCACgmwCAPAIA6CYAII8AALoJAMgjAIBuAgDyCACgmwCAPAIA6CYAII8AALoJAMgjAIBuAgDyCACgmwCAPAIA6CYAII8AALoJAMgjAIBuAgDyCACg2+gAePXq1ebs7AyiLN+3a9/PT0UAAN1GB8Dd3d32MNaPDQ7V8n279v38VAQA0E0AQJ0AaAgAyCQAoE4ANAQAZBIAUCcAGgIAMgkAqBMADQEAmQQA1AmAhgCATAIA6gRAQwBAJgEAdQKgIQAgkwCAOgHQEACQSQBAnQBoCADIJACgTgA0BABkEgBQJwAaAgAyCQCoEwANAQCZBADUCYCGAIBMAgDqBEBDAEAmAQB1AqAhACCTAIA6AdAQAJBJAECdAGgIAMgkAKBOADQEAGQSAFAnABoCADIJAKgTAA0BAJkEANQJgIYAgEwCAOoEQEMAQCYBAHUCoCEAIJMAgDoB0BAAkEkAQJ0AaAgAyCQAoE4ANAQAZBIAUCcAGgIAMgkAqBMADQEAmQQA1AmAhgCATAIA6gRAQwBAJgEAdQKgIQAgkwCAOgHQEACQSQBAnQBoCADIJACgTgA0BABkEgBQJwAaAgAyCQCoEwANAQCZBADUCYCGAIBMAgDqBEBDAEAmAQB1AqAhACCTAIA6AdAQAJBJAECdAGgIAMgkAKBOADQEAGQSAFAnABoCADIJAKgTAA0BAJkEANQJgIYAgEwCAOoEQEMAQCYBAHUCoCEAIJMAgDoB0BAAkEkAQJ0AaAgAyCQAoE4ANAQAZBIAUCcAGgIAMgkAqBMADQEAmQQA1AmAhgCATAIA6gRAQwBAJgEAdQKgIQAgkwCAOgHQEACQSQBAnQBoCADIJACgTgA0BABkEgBQJwAaAgAyCQCoEwANAQCZBADUCYCGAIBMAgDqBEBDAEAmAQB1AqAhACCTAIA6AdAQAJBJAECdAGgIAMgkAKBOADQEAGQSAFAnABoCADIJAKgTAA0BAJkEANQJgIYAgEwCAOoEQEMAQCYBAHUCoCEAIJMAgDoB0BAAkEkAQJ0AaAgAyCQAoE4ANAQAZBIAUCcAGgIAMgkAqBMADQEAmQQA1AmAhgCATAIA6gRAQwBAJgEAdQKgIQAgkwCAOgHQEACQSQBAnQBoCADIJACgTgA0BABkEgBQJwAaAgAyCQCoEwANAQCZBADUCYCGAIBMAgDqBEBDAEAmAQB1AqAhACCTAIA6AdAQAJBJAECdAGgIAMgkAKBOADQEAGQSAFAnABoCADIJAKgTAA0BAJkEANQJgIYAgEwCAOoEQEMAQCYBAHUCoCEAIJMAgDoB0BAAkEkAQJ0AaAgAyCQAoE4ANAQAZBIAUCcAGgIAMgkAqBMADQEAmQQA1AmAhgCATAIA6gRAQwBAJgEAdQKgIQAgkwCAOgHQEACQSQBAnQBoCADIJACgTgA0BABkEgBQJwAaAgAyCQCoEwANAQCZBADUCYCGAIBMAgDqBEBDAEAmAQB1AqAhACCTAIA6AdAQAJBJAECdAGgIAMgkAKBOADQEAGQSAFAnABoCADIJAKgTAA0BAJkEANQJgIYAgEwCAOoEQEMAQCYBAHUCoCEAIJMAgDoB0BAAkEkAQJ0AaAgAyCQAoE4ANAQAZBIAUCcAGgIAMgkAqBMADQEAmQQA1AmAxvn5+S4CgKdze3u7Own0EABQJwCAob6dBHoIAKgTAMBQAgDGEADAUAIAxhAAwFACAMYQAMBQAgDGEADAUAIAxhAAwFACAMYQAMBQAgDGEADAUAIAxhAAwFACAMYQAMBQAgDGEADAUAIAxhAAwFACAMYQAMBQAgDGEADAUAIAxhAAwFACAMYQAMBQAgDGEADAUAIAxhAAwFACAMYQAMBQAgDGEADAUAIAxhAAwFACAMYQAMBQAgDGEADAUAIAxhAAwFACAMYQAMBQAgDGEADAUAIAxhAAwFACAMYQAMBQAgDGEADAUAIAxhAAwFACAMYQAMBQAgDGOKgAuLi4WL0T8HwJABjjoALg06dPq3cCni8BAGMcVACMPhjg6QkAGOOgAmBxcnKyekfgeRIAMMbBBcDvv/++ekfgeRIAMMbBBcDV1dXqHYHnSQDAGAcXAIvj4+PVOwPPjwCAMQ4yAD5+/Lh6Z+D5EQAwxkEGwP39/ebly5erXwA8LwIAxjjIAFh8/vx59QuA50UAwBgHGwALPwqA508AwBgHHQALEQDPmwCAMQ4+ABZ//vnn6hcD+QQAjBERAIubm5vdndf+ESCXAIAxYgLgm+WA3717tzk6Olr9B4EsAgDGiAuAh5bfFri+vt58+PAHEGi5+ufDua4SAFAXHwAAAgDqBAAQTwBAnQAA4gkAqBMAQDwBAHUCAIgnAKBOAADxBADUCQAgngCAOgEAxBMAUCcAgHgCAOoEABBPAECdAADiCQCoEwBAPAEAdQIAiCcAoE4AAPEEANQJACCeAIA6AQDEEwBQJwCAeAIA6gQAEE8AQJ0AAOIJAKgTAEA8AQB1AgCIJwCgTgAA8QQA1AkAIJ4AgDoBAMQTAFAnAIB4AgDqBAAQTwBAnQAA4gkAqBMAQDwBAHUCAIgnAKBOAADxBADUCQAgngCAOgEAxBMAUCcAgHgCAOoEABBPAECdAADiCQCoEwBAPAEAdQIAiCcAoE4AAPEEANQJACCeAIA6AQDEEwBQJwCAeAIA6gQAEE8AQJ0AAOIJAKgTAEA8AQB1AgCIJwCgTgAA8QQA1AkAIJ4AgDoBAMQTAFAnAIB4AgDqBAAQTwBAnQAA4gkAqBMAQDwBAHUCAIgnAKBOAADxBADUCQAgngCAOgEAxBMAUCcAgHgCAOoEABBPAECdAADiCQCoEwBAPAEAdQIAiCcAoE4AAPEEANQJACCeAIA6AQDEEwBQJwCAeAIA6gQAEE8AQJ0AAOIJAKgTAEA8AQB1AgCIJwCgTgAA8QQA1AkAIJ4AgDoBAMQTAFAnAIB4AgDqBAAQTwBAnQAA4gkAqBMAQDwBAHUCAIgnAKBOAADxBADUCQAgngCAOgEAxBMAUCcAgHgCAOoEABBPAECdAADiCQCoEwBAPAEAdQIAiCcAoE4AAPEEANQJACCeAIA6AQDEEwBQJwCAeAIA6gQAEE8AQJ0AAOIJAKgTAEA8AQB1AgCIJwCgTgAA8QQA1AkAIN7oALi8vNxcX19DlOX7du37+akIAKDb6AAA6gQA0E0AQB4BAHQTAJBHAADdBADkEQBANwEAeQQA0E0AQB4BAHQTAJBHAADdBADkEQBANwEAeQQA0E0AQB4BAHQTAJBHAADdBADkEQBANwEAeQQA0E0AQB4BAHQTAJBHAADdBADkEQBANwEAeQQA0E0AQB4BAHQTAJBHAADdBADkEQBANwEAeQQA0E0AQB4BAHQTAJBHAADdBADkEQBANwEAeQQA0E0AQB4BAHQTAJBHAADdBADkEQBANwEAeQQA0E0AQB4BAHQTAJBHAADdBADkEQBANwEwzunp6ebDhz9inZycrD4ufj4BAHQTAON8O4mnOjs7W31c/HwCAOgmAMYRAOxLAADdBMA4AoB9CQCgmwAYRwCwLwEAdBMA4wgA9iUAgG4CYBwBwL4EANBNAIwjANiXAAC6CYBxBAD7EgBANwEwjgBgXwIA6CYAxhEA7EsAAN0EwDgCgH0JAKCbABhHALAvAQB0EwDjCAD2JQCAbgJgHAHAvgQA0E0AjCMA2JcAALoJgHGOj483yyaa6sWLX1cfFz+fAAC6CQDIIwCAbgIA8ggAoJsAgDwCAOgmACCPAAC6CQDIIwCAbgIA8ggAoJsAgDwCAOgmACCPAAC6CQDIIwCAbgIA8ggAoJsAgDwCAOgmACCPAAC6CQDIIwCAbgIA8ggAoJsAgDwCAOgmACCPAAC6CQDIIwCAbgIA8ggAoJsAgDwCAOj2/v371RMMcLjevn27HV8BAHQ4Pz9fPcEAh+vDhz+24ysAgA6Xl5erJxjgcC1zu8zv6lAD/BtfvnxZPcEAh+vr16/b8RUAQKezs7PVkwxweF69erUd279m94dhBqi4urpaPdEAh2eZ12+z+8MwA1T99tt/V082wOFYXq1r5/a7IQbYx93d3ebk5GT1pAOMd3x8vFnes9PO7XdDDLCv29vbzYsXv66efIBxlrm8ubnZjun3M/vdJwA9llcCljcZrZ2EgKe3vDK3xPnDWV38cANAj/v7+81ygSCvBsA4R0dHm+VKncs8PpzRb1ZvBOi1/K7xxcXFZnmD4HIyWjtJAY9reQVuCfDl1biHM/nQ6o0AwHO2+c//ANXKlJNVydZSAAAAAElFTkSuQmCCMobile ClientGE.EIRectanglefalseAnyAnyfalseA representation of Active Directory Federation Services (ADFS) ServerfalseSE.P.TMCore.ADFSCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAIz1JREFUeF7t3SF8XNUeLeArr0QirkAgEAgEAoFAICprK5EVTyAQiMoKBAJRgaioqKmIQFQ8UYGoQFQgKioqKioQFRUVmLzZ8OMRDittktlnZv/3+cQn7vpxeyYzc86sZFYm/zk9PQUANiaG/Onps1en3//45PTWd49Pv7718+kX1x/84b0P75z+5/3vgYVPvrz/xzly/auf/jhvmpOHz0/f/P777pTK5xlwHDHcssdPXv7xYv/R5/fiBQ64mlYK7tz79fTlb292p1o+/4DDieEW3X3w9PSDT+/GCxfQVysDz1+83p16+XwE1hfDLWk/nvTdPhzHzW8e+YkAHEkMt6B99/HZtQfxogQczn//98MfW5vlOQqsK4aza+/zG/LBWG7cfGgsCAcUw5m1EVL7jiNdgIDjar9FYBsAhxHDWbVfSUoXHWAc7adz7Vdwl+cv0FcMZ3T/5Fm82ADjab+R8+q1twNgTTGczaPHL/zYH4ppHyhkEwDrieFM2vuJBn9QU/s1weU5DfQRw5m0DxxJFxaghvZZHcvzGthfDGfRLhzpggLU0X4zYHluA/uL4SzahSNdUIBafFAQ9BfDGbQLRrqQAPW8//GPBoHQWQxn4PP9YS7tQ7yW5zlwdTGsrn2ISLqAAHVdu3GyO73zOQ9cXgyru/3DL/ECAtTVPsvDhwNBPzGszl/5gzndffB0d4rn8x64nBhW1v62eLpwAPW1vxi4POeBq4lhZe1P/aYLB1Bf++ne8pwHriaGlfnwH5hX+yNBy3MeuJoYVub3/2Fuy3MeuJoYVvbtbX/zH2bWdj7L8x64vBhW9tX/+b/xogHMof2Fz+V5D1xeDCtTAGBuCgD0EcPKFACYmwIAfcSwMgUA5qYAQB8xrEwBgLkpANBHDCtTAGBuCgD0EcPKFACYmwIAfcSwMgUA5qYAQB8xrEwBgLkpANBHDCtTAGBuCgD0EcPKFACYmwIAfcSwMgUA5qYAQB8xrEwBgLkpANBHDCtTAGBuCgD0EcPKFACYmwIAfcSwMgUA5qYAQB8xrEwBgLkpANBHDCtTAGBuCgD0EcPKFACYmwIAfcSwMgUA5qYAQB8xrEwBgLkpANBHDCtTAGBuCgD0EcPKFACYmwIAfcSwMgUA5qYAQB8xrEwBgLkpANBHDCtTAGBuCgD0EcPKFACYmwIAfcSwMgUA5qYAQB8xrEwBgLkpANBHDCtTAGBuCgD0EcPKFACYmwIAfcSwMgUA5qYAQB8xrEwBgLkpANBHDCtTAGBuCgD0EcPKFACYmwIAfcSwMgUA5qYAQB8xrEwBgLkpANBHDCtTAGBuCgD0EcPKFACYmwIAfcSwMgUA5qYAQB8xrEwBgLkpANBHDCtTAGBuCgD0EcPKFACYmwIAfcSwMgUA5qYAQB8xrEwBgLkpANBHDCtTAGBuCgD0EcPKFACYmwIAfcSwMgUA5qYAQB8xrEwBgLkpANBHDCtTAGBuCgD0EcPKRiwA73/84+kX1x9AKZ9dexCfz8emAEAfMaxsxALQbtPydsLo2gttej4fmwIAfcSwMgUA+lAAYG4xrEwBgD4UAJhbDCtTAKAPBQDmFsPKFADoQwGAucWwMgUA+lAAYG4xrEwBgD4UAJhbDCtTAKAPBQDmFsPKFADoQwGAucWwMgUA+lAAYG4xrEwBgD4UAJhbDCtTAKAPBQDmFsPKFADoQwGAucWwMgUA+lAAYG4xrEwBgD4UAJhbDCtTAKAPBQDmFsPKFADoQwGAucWwMgUA+lAAYG4xrEwBgD4UAJhbDCtTAKAPBQDmFsPKFADoQwGAucWwMgUA+lAAYG4xrEwBgD4UAJhbDCtTAKAPBQDmFsPKRiwA126cnD56/AJKuX/yLD6fj00BgD5iWNmIBQDoRwGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDMTQGAPmJYmQIAc1MAoI8YVqYAwNwUAOgjhpUpADA3BQD6iGFlCgDM64vrD05fvf59d6rn8x+4uBhWpgDAPD758v7pt7cfnz589Pz0ze9e+KGnGFamAEBt73145/TWd499pw8ri2FlCgDU9N///XD69a2fvfDDgcSwMgUA6mnn7cvf3uxO4XxeA/3FsDIFAOr44NO7p0+e/rY7dfP5DKwnhpUpAFBDG/j5lT44nhhWpgDA+K7dOPFePxxZDCtTAGBsN795tDtV8/kLHE4MK1MAYFzt1/uW5yxwHDGsTAGAMV3/6qfdKZrPW+DwYliZAgDjaWt/7/nDWGJYmQIAY2kf8PP4ycvd6ZnPWeA4YliZAgBj+f7HJ7tTM5+vwPHEsDIFAMbhfX8YVwwrUwBgDO9//KP3/WFgMaxMAYAx3D95tjsl83kKHF8MK1MA4Pi+uP5gdzrmcxQYQwwrUwDguNrq3x/4gfHFsDIFAI7r29s+7Q8qiGFlCgAcTxv+vfnd8A8qiGFlCgAcz8nD57vTMJ+bwFhiWJkCAMfR/sTv8nwExhXDyhQAOLw2/Hv67NXuFMznZS/tcwXaJwu2vyrYftOguXHz4R//+9HjF7v/JP//gH+LYWUKABze2sO/9sLfXuTf+/BOPP5fWiFQBOBiYliZAgCHtfbwr/1KYftrgunY52k/FTBGhLeLYWUKABzWmsO/h4+ev/O7/vN8du2BjyKGt4hhZQoAHM6aw7/2UcLpmJfRfnLw8rc3u38uHwO2LIaVKQBwGG349/zF691pl8/FfbR/t/376biX5bcTIIthZQoAHEYb5S3Pvx7ae/ftx/fpmFfVfnNgeRzYuhhWpgDA+tqP1tca2X196+d4zH20nyY8fvJy98/nY8IWxbAyBQDWt9bwry3+0/F6+OTL+7tD5OPCFsWwMgUA1nX9q592p1o+//bVXqTTMXvxVgD8LYaVKQCwnjWHf3fu/RqP2VP7lUK/FQB/imFlCgCsZ63hX3tRbh8olI7ZW7tGLI8PWxTDyhQAWMeaw7+b3zyKx1yLQSAoAMAFtU/lW55vPaw5/DuPQSAoAMAFVB7+nccgkK2LYWUKAPTVhn9rDefai3A65iEYBLJ1MaxMAYC+bv/wy+7UyufbPtqL71X/0E8v7a8GLm8XbEUMK1MAoJ+PPr+32vBvlHP10eMXu5uTbyPMLIaVKQDQz1rDv7bCT8c7hrZBWKvkwMhiWJkCAH3MOPw7j0EgWxTDyhQA2N+sw7/zrPn1wqhiWJkCAPtb6zviEYZ/5zEIZGtiWJkCAPtZ8z3x0c9Pg0C2JIaVKQCwn7VeBEca/p3HIJAtiWFlCgBc3Zo/Bh9t+Hceg0C2IoaVKQBwNVsb/p3HIJCtiGFlCgBczRaHf+cxCGQLYliZAgCXt+Xh33kMApldDCtTAODy1nqxa/9uOl4FBoHMLoaVKQBwOe2cWZ5HPbQXzyrDv/MYBDKzGFamAMDFrfkncSsN/85jEMjMYliZAgAXt+bwr714pmNWYxDIrGJYmQIAF9N+PL88f3ppL5rpmFWt9VcR4ZhiWJkCABfTPplvef70UHn4d56PPr9nEMh0YliZAgDv1s6T5bnTwwzDv/Pc/uGX3ZeYv26oKIaVKQDwdoZ/V2MQyGxiWJkCAG9n+Hd117/6afel5q8fqolhZQoAnM/wb38GgcwihpUpAHC+J09/250m+dzZx4zDv/MYBDKLGFamAEB285tHu1Mknzf7mHn4dx6DQGYQw8oUAPi39z/+0fCvI4NAZhDDyhQA+Lc7937dnR75nNnHFoZ/5zEIpLoYVqYAwD+tOfxrL4LpmFthEEhlMaxMAYB/Wmv411780vG2xCCQymJYmQIAf1tz+Nde/NIxt8YgkKpiWJkCAH9qw79Xr9f57rS96KVjbpFBIFXFsDIFAP5098HT3SmRz5N9bHn4dx6DQCqKYWUKAHx/+tm1B7vTIZ8j+9r68O88Jw8NAqklhpUpAGD4dwwffHrXIJBSYliZAsDWfX3r592pkM+PfRj+vdut7x7v7qp8/8FoYliZAsCWGf4dV9tGPH/xend35fsQRhLDyhQAtszw7/gMAqkihpUpAGyV4d84DAKpIIaVKQBsUfvu3PBvHAaBVBDDyhQAtsjwbzwGgYwuhpUpAGxNG/6t9d1mexFLx+TdDAIZXQwrUwDYmvsnz3ZP/Xw+7KO9eBn+7ccgkJHFsDIFgC354rrh3+gMAhlVDCtTANiKNYd/7UUrHZPLMwhkVDGsTAFgK9Yc/rUXrXRMrsYgkBHFsDIFgC0w/KvFIJARxbAyBYAtMPyrxyCQ0cSwMgWA2V27cbJ7qufn/74M/9ZlEMhIYliZAsDM2nfnT5+92j3V8/N/H4Z/61vzrRu4rBhWpgAws29vrzMmM/w7nLUeQ7isGFamADArw785rPlTHLiMGFamADCrtd4/Nvw7vDV3HHBRMaxMAWBGhn/zMQjk2GJYmQLAbAz/5mQQyLHFsDIFgNms9Sly7cWnvQilY3IYBoEcUwwrUwCYyZqfI99efNIxORyDQI4phpUpAMxkrfeJ24uO4d8YDAI5lhhWpgAwizU/Ora96KRjchwGgRxDDCtTAJhB++58rT8eY/g3HoNAjiGGlSkAzMDwb3sMAjm0GFamAFCd4d82GQRyaDGsTAGgOsO/7TII5JBiWJkCQGWGfxgEcigxrEwBoKr23fnL397snsb5ub0Pw786DAI5lBhWpgBQ1e0fftk9hfPzeh+Gf/V8fevn3UOXH0/oJYaVKQBU9NHn9wz/+P/aT4OePP1t9/DlxxR6iGFlCgAVPXxk+Mc/fXH9we4hzI8r9BDDyhQAqllz+NdeRNIxqeH+ybPdw5gfW9hXDCtTAKhkzeFfe/FIx6QOg0DWFMPKFAAqMfzjXQwCWUsMK1MAqGLN4V970UjHpB6DQNYSw8oUAKp49PjF7imbn8f7aC8Whn9zMQhkDTGsTAGgghs3H+6ervk5vC/DvzkZBNJbDCtTABid4R9XYRBIbzGsTAFgdN//+GT3VM3P330Y/s3PIJCeYliZAsDIPvnyvuEfV2YQSE8xrEwBYGSGf+zLIJBeYliZAsCoDP/oxSCQHmJYmQLAiAz/6MkgkB5iWJkCwIgM/+jNIJB9xbAyBYDRtOHf8nnai+HfthkEso8YVqYAMJrHT17unpr5+bqPdvFPx2M7PrtmEMjVxbAyBYCRtOfj8jnaS7v4p2OyLXcfPN09HfJzBN4mhpUpAIzivQ/vrDb8axf9dEy2p21AXr02COTyYliZAsAo1hr+tYu94R9nGQRyFTGsTAFgBIZ/HJpBIJcVw8oUAEaw1eFfO/9uffd4c0b4ICaDQC4rhpUpABzbzW8e7Z6K+fm5r9GHf2t91PHoWglI98ehGQRyGTGsTAHgmNp781se/ikAx2UQyGXEsDIFgGO6c+/X3dMwPzf3UWX4pwAcn0EgFxXDyhQAjsXwTwEYhUEgFxHDyhQAjmWti26lT/xTAMZgEMhFxLAyBYBj2PLw7ywFYBwGgbxLDCtTADi0rQ//zlIAxmEQyLvEsDIFgENba/jXSkWF4d9ZCsBY1vzJFPXFsDIFgENa873WdvFOxxyZAjAeg0DOE8PKFAAOyfDvnxSA8az52ynUFsPKFAAOZc3ft24X7XTM0SkAY1rrbSpqi2FlCgCHsObAql2s0zErUADGtOZQlbpiWJkCwCGs9StWFYd/ZykA4zIIZCmGlSkArM3w73wKwNgMAjkrhpUpAKzN8O98CsDYDAI5K4aVKQCsyfDv7RSA8RkE8pcYVqYAsBbDv3dTAMZnEMhfYliZAsBa7p882z3F8vNuH9WHf2cpADUYBNLEsDIFgDV8cd3w7yIUgDoMAolhZQoAvf33fz8Y/l2QAlCHQSAxrEwBoDfDv4tTAGoxCNy2GFamANBTe2/+ze/rDP++//FJPGZlCkAtBoHbFsPKFAB6WnP4996Hd+IxK1MA6jEI3K4YVqYA0Muaw79Zn6cKQE2Pn7zcfRn5a2NeMaxMAaCHNvx7+uzV7imVn2f7aBfbdMwZKAA1GQRuUwwrUwDo4dvbj3dPp/wc29dsw7+zFIC62iZl+XUxtxhWpgCwL8O/q1MA6mqbFIPAbYlhZQoA+zp5+Hz3VMrPr33MOvw7SwGorV0/l18b84phZQoA+7h242T3NMrPrX1t4bmpANRnELgdMaxMAeCqDP/2pwDUZxC4HTGsTAHgqgz/9qcAzMEgcBtiWJkCwFUY/vWhAMzBIHAbYliZAsBVGP71oQDMo11Ll18nc4lhZQoAl3X9q592T538fNrX1p6PCsBcDALnFsPKFAAuow3/nr94vXvq5OfTPtqLYTrmzBSAuRgEzi2GlSkAXEa7cC+fQz20PcFWhn9nKQDzMQicVwwrG7EAtIFZ+8MyjKX9zr/hX1/t624lYE2XfczaDiP9Oz3N/I2HQeC8YljZiCdiu03L28m82sWyvbWQngvs77Jv2dx98DT+O1yca9icYliZAsCx3bj5MD4P6EMBOA6DwPnEsDIFgGNqPw5OzwH6UQCOo21a1nrLjOOIYWUKAMey1eHfoSkAx2MQOJcYVqYAcCxbHf4dmgJwPG3bYhA4jxhWpgBwDIZ/h6MAHFfbuCzvY2qKYWUKAMdg+Hc4CsDxta3L8n6mnhhWpgBwaIZ/h6UAHJ9B4BxiWJkCwCEZ/h2eAjAGg8D6YliZAsAhGf4dngIwBoPA+mJYmQLAoRj+HYcCMA6DwNpiWJkCwKG0PyOcHm/WpQCMxSCwrhhWpgBwCA8fPY+PNetTAMZiEFhXDCtTAFhbu9h99Pm9+FizPgVgPAaBNcWwMgWAtd3+4Zf4OHMYCsB4DAJrimFlCgBrMvw7PgVgTAaB9cSwMgWANRn+HZ8CMC6DwFpiWJkCwFoM/8agAIzLILCWGFamALAGw79xKABjaxuZ5WPAmGJYmQLAGgz/xqEAjM0gsI4YVqYA0Jvh31gUgPG1rczycWA8MaxMAaA3w7+xKAA1tM3M8rFgLDGsTAGgJ8O/8SgANbTNjEHg2GJYmQJAL4Z/Y1IA6jAIHFsMKxuxALRfjbn13WNWcP/k2e5hz8+FfbV/Pz2eVbW3Mpb3X0WvXl/uu8onT3+L/0417TqSHteRGQSOLYaVjVgAWM/jJy93D3t+LuyjfZc52/CvfSe8/Dqpo+q1zSBwXDGsTAHYjjXfWplx+KcA1Fb52mYQOKYYVqYAbMN7H95Z7UeLJw/nHP4pALVVvrYZBI4phpUpANtw596vu4c7Pwf20S5SH3x6Nx6zOgWgturXNoPA8cSwMgVgfm0MtXzce2ljq3TMGSgAtVW/thkEjieGlSkA82ur7uXj3sOMw7+zFIDaZri2GQSOJYaVKQBzu/nNo93DnB/7fc3+iX8KQG2zXNsMAscRw8oUgHm9//GPhn97UABqm+XaZhA4jhhWpgDMy/BvPwpAbTNd2wwCxxDDyhSAORn+7U8BqG2ma1vb2lz2I53pL4aVKQBzMvzbnwJQ22zXNoPA44thZQrAfAz/+lAAapvx2ta2N8uvk8OJYWUKwFza8O+yf/zlorYw/DvrsgWg/XQk/Tvsr21Olvf3u8x4bWv3g0Hg8cSwMgVgLmt919ouOq1cpGPOSgEYhwLwt7bBWX6tHEYMK1MA5vHZtQe7hzQ/zvv69vY2hn9nKQDjUAD+ZhB4PDGsTAGYx1rDv6fPXm1m+HeWAjAOBeCfDAKPI4aVKQBz+PrWz7uHMz/G+7p24yQec3YKwDgUgH8zCDy8GFamANRn+LcOBWAcCsC/tfvEIPCwYliZAlDfZV+oLmqLw7+zFIBxKACZQeBhxbAyBaA2w7/1KADjUAAyg8DDimFlCkBd7eQ3/FuPAjAOBeB8BoGHE8PKFIC6DP/WpQCMQwF4O4PAw4hhZQpATe29+bUGQFse/p2lAIxDAXi7dv8YBK4vhpUpADXdP3m2e/jyY7qPrQ//zlIAxqEAvJtB4PpiWNmIJ0n7U7btyUy25t8G3/rw7ywFYBwKwLu1zU7b7izvB/qJYWUjniTtNi1vJ+sz/PsnBWAcCsDFtO3O8n6gnxhWpgDwly+uP4iPx1YpAONQAC7OIHA9MaxMAaBpm4L0WGyZAjAOBeDi1hwIb10MK1MAMPzLFIBxKACX07Y8y/uD/cWwMgWA9nkC6XHYOgVgHArA5RgEriOGlSkA29Y+SdDwL1MAxqEAXJ5BYH8xrEwB2DbDv/MpAONQAK7GILCvGFamAGyX4d/bKQDjUACuxiCwrxhWpgBsk+HfuykA41AArs4gsJ8YVqYAbJPh37spAONQAK7OILCfGFamAGyP4d/FKADjUAD2YxDYRwwrUwC2x/DvYhSAcSgA+zMI3F8MK1MAtmWW4V/7o0jLr20LHj1+Ee+PY1vezq2oVKYNAvcXw8oUgO2YafinAIxleTu3otpP0wwC9xPDyhSA7Zhp+KcAjGV5O7eiWgEwCNxPDCtTALahDf/SfV2VAjCW5e3ciop7mnabl18HFxPDyhSAbfjs2lzDPwVgLMvbuRUVC0DTtkDLr4V3i2FlCsD82po93c+VKQBjWd7OrahaAAwCryaGlSkAc3v1es5P/FMAxrK8nVtRtQA0bRO0/Hp4uxhWpgDMbdZP/FMAxrK8nVtRuQC0QWDbBi2/Js4Xw8oUgHnNNvw7SwEYy/J2bkXlAtC027/8mjhfDCtTAOY12/DvLAVgLMvbuRXVC0BjEHhxMaxMAZjTjMO/sxSAsSxv51bMUAAMAi8uhpUpAPOZdfh3lgIwluXt3IoZCkBjEHgxMaxsxALQXrzaiTWz2z/8srv782Oyry38qV8FYCzL27kV7VxO90c1BoEXE8PKRiwAs2sn28vf3uzu/vyY7GPm4d9ZCsBYlrdzK2YpAE37WpZfH/8Uw8oUgMNb87v/mYd/ZykAY1nezq2YqQA0BoFvF8PKFIDD+ujze6sNbmYf/p2lAIxleTu3YrYCYBD4djGsTAE4rIePnu/u9vxY7KO9pTD78O8sBWAsy9u5FbMVgMYg8HwxrEwBOJzrX/20u8vz47Cvm988iseclQIwluXt3IoZC4BB4PliWJkCcBiGf30pAGNZ3s6tmLEANO3rWn6tKABc0ZrDv0++vB+POTMFYCzL27kVsxaApm2Kll/v1sWwMgVgfWsO/+7c+zUec3YKwFiWt3MrZi4AbVPUPlRs+TVvWQwrUwDW1y7ay/u9h60N/85SAMayvJ1bMXMBaAwC/ymGlSkA67px8+Hubs73/b62Nvw7SwEYy/J2bsXsBaAxCPxbDCtTANZj+LceBWAsy9u5FVsoAO3DxZZf91bFsDIFYD3f//hkdxfn+31fWxz+naUAjGV5O7diCwWgMQj8UwwrUwDW0V6gDf/WowCMZXk7t2IrBcAg8E8xrEwBWEe7UC/v6x62PPw7SwEYy/J2bsVWCkBjEKgAcAGGf+tTAMayvJ1bsaUC0Gx9EBjDyhSAvgz/DkMBGMvydm7F1grA1geBMaxMAejL8O8wFICxLG/nVmytADRbHgTGsDIFoJ81h3+tWKRjbpUCMJbl7dyKLRaALQ8CY1iZAtBPuzgv798e2lsK7314Jx5zqxSAsSxv51ZssQA0Wx0ExrAyBaCPNYd/HqN/UwDGsrydW7HVAtBscRAYw8q8uOxvzeHf4ycv4zG3TgEYy/J2bsWWC8AWB4ExrEwB2J/h3+EpAGNZ3s6t2HIBaLY2CIxhZQrAfgz/jkMBGMvydm7F1gtAGwSu9dPPEcWwMgVgP+2CvLxPezD8ezsFYCzL27kVWy8ATftwsuX9MqsYVqYAXF2775b3Zy8el7f74NO7p+3iuzWjviWUbusWKOl/2sogMIaVeaG5mnbiG/4B/PlW6PI6NqMYVqYAXI3hH8Df2l8pXV7LZhPDyhSAy1uz7Rr+ARVtYRAYw8oUgMtrP6Jf3o89GP4Blc0+CIxhZQrA5bT7a3kf9uJP/QLVzTwIjGFlCsDFrTn8a/9u+0TBdFyAKq5/9dPukpavc9XFsDIF4OLWHP61P66RjglQzaw/BYhhZQrAxaw5/PPdPzCTWX8KEMPKFICLOXn4fHd35ftwX5b/wGxevV7nI9KPKYaVKQDvdu3Gye6uyvdfD60tp+MCVLXmN03HEsPKFIB3W/v9rPaxtum4AFXN+Pc6YliZAvB2a7+X1d7/T8cFqGztn5weQwwrUwDebq2/9veX5y9ex+MCVDbjEDCGlSkA52sfbbm8v9aQjg1QWXttWV7rqothZQrA+b69fZj3sPwKIDCbQ10/DymGlSkA51vrM/+XfAQwMJsZPwwohpUpANmhfvzftBMl3QaAitb84LRjimFlCkB26AGLzwIAZvHw0XyfAdDEsDIFIDv077C++f3308+uPYi3BaCKNf9myrHFsDIFIDvGp1i1zwRovzubbg/AyNqYeeYX/yaGlSkAWfv9/OV9dSjtx2c+HRCoor2FudafSh9JDCtTALJjFoC/tN9CaL9K0wY16TYCHEP7br+96N+59+sQ18pDiWFlCkC2vJ9G0Bp2+2RCgGNZXpe2JIaVKQDZ8n4CYNtiCADM7PQ//w8kcTH18txRDAAAAABJRU5ErkJggg==ADFSGE.PEllipsefalseAnyAnyfalseAzure Active DirectoryfalseSE.P.TMCore.AzureADCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAANa5JREFUeF7t3S2UXcW29vEjX3kl8kokEnkkEnskEolEIK6IOCICgTgCgYhBRCIQkYgjEIgIRAQiIgIRgcDk5aFHj3RXP3v3+qiPOav+4jfuPRNIutdee1Wtqjln/ePdu3cAAGAxNghgXj+//uPdyzd//vX/+n8OYA02CGBeL1798e5///3q3avfbyYBr9/+yYQAWJANApiXJgD/+PLlu4++fvXu9z/evfvnf357p1j57wGYmw0CmNftBED+5/9+/fv/MgEA1mODAOZ1dwJwiwkAsB4bBDAvNwH45r+///WP/L8PYE42CGBez1++fTAB+H9f/frup99YBQBWYoMA5qTM/w+e3Oz7lxS/rQwAMD8bBDAfZfx/+PSVHfxvqTLgj7/nAP7PADAPGwQwn0++/c0O+qVPv3v917/u/wwA87BBAHP54oc3drC/5Msf3/z1n/k/C8AcbBDAPJTh7wb5x1AZAMzNBgHM4Ydf3/6d4e8G+Mfov6M/ADAvGwSQn/r733b6O0r/PZUBwJxsEEBuyvjXgT9uUN9LlQP68+7++QDys0EAeamMTwf8uMH8KFUQlH8PgNxsEEBen33/2g7iZ6mSoPy7AORlgwByevLiWMb/VlQGAPOwQQD5uB7/tVEZAMzDBgHk8vPrPw6X++1FZQAwBxsEkMfrt39Wy/jfisoAID8bBJCDMv51gI8bpFujMgDIzQYB5KCDe9zg3Mvnz6kMALKyQQDx6cAeNyj39vQnKgOAjGwQQGzPfmmf8b+Hzhwof0YAsdkggLhUhtcr438rVQbo7IHyZwUQlw0CiEnld2cP+GlFlQhUBgB52CCAeDS4qvzODb5R6AwCVSbc/bkBxGSDAOJR2Z0bdKOhMgDIwQYBxKKDeNxgGxWVAUB8NgggDg2mbpCNjsoAIDYbBBCDBlE3uGZAZQAQmw0CGE+DZ9SM/62oDADiskEAY2nQ7H3ATytUBgAx2SCAcTRYatB0g2lW/3r2+q9fzf++AMawQQDjaLB0g2h2T15QGQBEYoMAxtAg6QbPWTx/SWUAEIUNAuhPg6MbNGeiMwx+fv13VqC9BgD6sUEAfWlQjHbATytKbnz9lvJAYDQbBNCPDvj54Mkag/+tj7+hMgAYzQYB9KFB8KOv5yj324vKAGAsGwTQx6ffzZnxvxWVAcA4NgigvS9/zHXATytUBgBj2CCAtr79ef6M/62oDADGsEEA7bx4tU7G/1ZUBgD92SCANpTxn/2An1aUDEllANCPDQKoTwf8fPh0zYz/rZQUWV43AG3YIIC69Gb7ybdzHfDTipIjy+sHoD4bBFDX58/J+N/j2S9UBgCt2SCAep7+NPcBPy0oSfKn36gMAFqyQQB1/PAr5X5HqT2ykibLawqgDhsEcN7LN2T8n0VlANCODQI4RzXtqm13gxr2oTIAaMMGARynN1adducGMxxDZQBQnw0COE6n3LlBDOdQGQDUZYMAjtHpdm7wwnlUBgB12SCA/XSqnRu4UA+VAUA9NghgH72ZcsBPH2qnrLbKd68/gP1sEMB2eiPVm6kbrNCG2iqXnwOAfWwQwDbK+Fetuhuk0NYXP1AZAJxhgwC2UY26G5zQxzf//f2vj8F/NgCus0EAj9MbqBuU0I/yLl68ojIAOMIGAVynN083IKE/tVumMgDYzwYBXKY3TjL+Y6EyANjPBgF4etPkgJ+YqAwA9rFBAA/pDVNvmm7wQQxUBgDb2SCA+1Tu98//cMBPBlQGANvYIID7Pn9Oxn8WVAYA29gggPee/kTGfzbK03j5hsoA4BobBHDjh1854Cer//03lQHANTYI4N0/fn5NuV92yttQ/sbdzxXADRsEVvf67Z9/v0G6QQW5KH+j/HwBMAEAHtAb48ffkPE/E+VxlJ8zsDobBFb2r2cc8DMj5XOUnzWwMhsEVvXVj5T7zYrKAOA+GwRW9OwXMv5nR2UA8J4NAqv56Tcy/ldBZQBwwwaBleiAnw+eMPivhMoAgAkAFqc3wY++ptxvRVQGYHU2CKxCR8i6wQFroDIAK7NBYAU6OtYNCliH8j7U8bG8N4AV2CAwOx0Z6wYErEeVAer8WN4jwOxsEJiZjool4x93qfMjlQFYjQ0Cs1IjGDWEcYMA1qYOkOX9AszMBoEZqQEMB/zgmicvqAzAOmwQmI2Wd9UAxj30gbuev6QyAGuwQWA2avziHvZAicoArMIGgZmo4Yt70AOXUBmAFdggMAst57oHPPAYKgMwOxsEZqBlXMr9cAaVAZiZDQLZafmWjH/UQGUAZmWDQGZattXyrXuYA0c8+4XKAMzHBoHMPv3utX2IA0dpK+mn36gMwFxsEMjqyx8p90MbHzz59d2r36kMwDxsEMhIy7TuwQ3U8tHXr6gMwDRsEMhGy7Nk/KMHbTGV9x+QkQ0CmWhZVsuz7mENtKCtpvI+BLKxQSALHfDz4VPK/dAflQHIzgaBLD75lnI/jEFlALKzQSCDL34g4x9jURmAzGwQiO6b/3LAD2KgMgBZ2SAQ2Q+/viXjH6FQGYCMbBCI6uWbP9/9z/8x+CMeKgOQjQ0CESnjnwN+EJm2psr7FojKBoFotMf6z/+Q8Y/YtDX14hWVAcjBBoFoPvueA36Qg7aoqAxABjYIRKLz2N2DFohKzam0ZXX3PgaisUEgiucvOeAHOalJVXk/A5HYIBDBz6854Ae5qVlVeV8DUdggMNrrt3+S8d+A9qeVTHnNx9+QbFkTlQGIygaBkZTxr+5q7mGK7TSYf/Xjm3faRjmSma49bP133/789u8adz6TY6gMQFQ2CIykrmruQYrrtGKigVqdElu1ptWkQKfgff78DUcw70BlACKyQWAUDWDuAQpPg7AGY+VLlNeyB60uqESTXI3HURmAaGwQGEFvlu7BiYf0tq+l+fIajqKBTdsNtGm+jsoARGKDQG86V523yMdpgH360+9hT59T8ibHNF+nFZvyugEj2CDQk/ZGeXO8TpMjvWFnWULWZ/qvZ+RyXKJJXHnNgN5sEOhFA5r2Rt1DEjf0Rq036/LaZaDcBC17u99rdUrWLK8X0JMNAr0wOFymff5RyX21Kb+DLZ77tOql463LawX0YoNAD+wVX6ZmPLNljGsyQ3On+3Q9qAzAKDYItKY9UPdAxE2SWNQkv7O0lUGnwfvUsGnWzxux2SDQkvY+3YMQaySHabDTJMf9/quiMgAj2CDQivY8yfh/SNdktaQwVoHuozIAvdkg0IL2OtkDfkjXZNVkME16SA58j8oA9GSDQG1a9tVep3vorUyD3yyZ/kfRAfI9KgPQkw0CtdEUxlMv/fJarYgzIN6jMgC92CBQ05MX7PU6GvTKa7UyToF8j8oA9GCDQC16w3UPuNVpsCuv1eo04H30NTkit7RqVl4joCYbBGrQ3jYJXg9pkOPtztMZAjri2F23FWn1rLxGQC02CJzFg9zTNdG1Ka8X3uNkyPvIE0ErNgicwVLuZZR5bUPeyHtUiqAVGwTOIJnLY093OyaR96kyIOuJkIjLBoGjKOfyVN/NA3yfF6/+sNdyVTpDgdwR1GSDwBHf/kzG/yW0eT2G1aT7WEVCTTYI7KW3NRK3PCX+8eZ2jPa+3TVdGZUBqMUGgT2U1c4BP5fx9n8OqwAPURmAGmwQ2EotSz98SrLWJbz9n8cqwENUBqAGGwS2+uRbDvi5hrf/OlgFeIjKAJxlg8AWnz8n4/8avaXxgK6DltIeXSVxhg0Cj9GbrXsg4T36/dejQY7Okh73GY6yQeAadbNzDyLcR6JWXV/8wIrTJZwsiSNsELjk5Rsy/rfQNWJpti6dEeCuNW48+4UJJ/axQcDRfrYSj9zDB/exLNsG2wCXKedEk6TymgGX2CBQ0tusWpG6Bw8eIvu/jc++pxrgGk6bxB42CJTUgtQ9cOBRo90G7aYfR2UAtrJB4C6OZt1H+//lNUQdert11xz3sQWFLWwQuEX99X5qjlReR9RDEuo2VAbgMTYIiBKKOOBnP5WrldcS9ZCLsh2VAbjGBgEttZJxfcw3/yUBsCXyUbajMgDX2CDWpgQiJRK5Bwoep0ZJ5TVFPV/9SEOgPagMwCU2iLVx8Mo5PGzbohJgP53YqZM7715HwAaxLtqtnseDti0SU48hORUlG8SatHftHhzYp7yuqOvFK1oCH0WCKu6yQaxHD1Uy/s/TNSyvLeriTIBzSFLFLRvEWrRnTW11HToroby+qItmQOdokqoJf3ldsR4bxDq0X60EIfegwH7KuC6vMerSiZTu2mM7TfhJVoUNYg0q9/vnf2iqUlt5nVEXOQB1UBkAG8QaPn9Oxn8LvFm1RRVAPVQGrM0GMT8dV+seCDiPkwDbog9AXVQGrMsGMTd1qnMPAtRBglVbnE5ZH5UBa7JBzEtvp2T8t6U31PK6ox5aAddHZcCabBBzev32z7/L1NwDAPXoDbW89qiHw4Da0IuBKizK64152SDmo4x/jlHt47PvX/91yf3ngPOYxLaja0tlwDpsEPPhrakfmgG1o1Usd81Rj0qD9cJw97pjTjaIubBn2h+lgG1QAtiHSoTLa4/52CDm8ewXHpgjkAjYBqdV9qNS4fL6Yy42iDno0BQO+BmDPIA26FzZl0qGy88A87BB5KclaPWld19qtEceQH3a/2dC2xeVAXOzQeSmBJ6PviZTejTyAOqie+UYVAbMywaRm/p7uy8y+lLyZfnZ4DgmteNQGTAnG0ReJEnFoS0YHpp1KJ/FXWP0Q2XAfGwQOamft/viYhyqAerg5MoYqAyYiw0iH/XxJkEqHi1bl58V9tEqCudXxEFlwDxsELkoS5cHZFwcsnIOp//FohcNjryegw0iD2Xn0hs9tk+/oyfAUZT+xaRnjj6b8vNCLjaIHLQ0SmOUHHhjOoak1rh0uBhJrrnZIHIgMSoPPSzLzw/XadLkriXi0CFj5eeGPGwQ8dEUJR9VaZSfIy7T1om7johFORrlZ4ccbBCxcSJaTtrLZt90uw+fktuShZ5J5eeH+GwQcWlZlKSovNSlsfxM4amVMtUtOVAZkJMNIia9PZLxn5+OaC4/W3j0t8iDyoB8bBDxKNtWiWTui4dcSAjcR90U3XVEPFQG5GKDiEfZtu4Lh1zUGZC3pP2+/JGKlyyoDMjDBhELD7856O2IY1WPoyogDyoDcrBBxKH9YvcFQy5K/mNp9By2wXIh1yU+G0QMOgKVBKj8Pvv+NYN/JSTC5qFnl55h5WeIOGwQ46kESufJuy8W8tDgX362OIdS2Dz0DNOzrPwMEYMNYiztE9MEJb+vfnzz18fpP2OcoyNp3TVHPEp8ZQUsJhvEWNovdl8k5KFWzeXnirpoh50HJ2LGZIMYh9PP8lPdevm5og0OxMpD1Uzl54exbBBj6LAY98VBDtqX1tJ0+bmiLVbM8qAyIBYbRH8aOEhsyks969W2tvxc0R45M3lQGRCLDaKvl2849CQzfXYchDIWBwflQWVAHDaIfvT2Ql1zXvrseJjFQN+MPKgMiMEG0Ye+AP/8D/uXWWnZmcE/Fjpn5kFlwHg2iD7UJMZ9MRCf3mDo63+d3shHlEOq/4L7zBAPlQFj2SDa02EZ7guB+JR1zuB/3d0DrEZkfnN6Zh6qfio/P/Rhg2jr+UuWKbPSsuXIvUtNPLT6ELWcSgmt5YE92pfvXSGhz4iDg3IYcX/ghg2iHfqY5zW6r7/yDW7L3ZTxHi3/QA2QLmXij/h5OTgoj4j38wpsEG3wQMpr9F6l3qzLe0cJpOW/N4Letrfks2jy0nvrhBLbPEbcH6uzQdSnh6SWbt2Nj9iUr1F+nj1p1ejSIDZ6/1QD7J4mPMqf6L2FwsFBeej+KD8/tGODqE97x+6GR2yj+/pr8Lr2Bqt/ppWl8r/rQXkIR7az1L+//LNao812HjoPpfz80IYNoq67GdHIQQPb6ES7rQOsMt7L/7YlvcGfPYRnRHkgB23lQWVAHzaIevQQdzc44tKgO/pQH608uJ/tkl6TFS3519rKGnGNOTgoB30HqQxozwZRB61J89GS+ui+/kca2ai/euutAE1Kat7PI671bRml+3kQi+4PKgPaskGcpxv32t4t4lGW/ejB/8wydauqAA2arRrr6Jr3zmHQd1MTJvfzIBYqA9qyQZyjG3ZPZjTG00A0+m2jRmvo2gl2WsVqPViqYU/vygBW5/KgMqAdG8Q57DPmMrqvvwa/WvdMzVWAvXkIZ/ROZBQ6cuYxonJkBTaI48g0zkUD5sjBX393zZa1NScAvQ/VGdFsiTM58hhROTI7G8QxukHdjYuY9Nbde+n5Lu19105IyzwBkBGllxwclMfo6pzZ2CD2o9tYLtpvHzn4K9+gRVvo7BMA7ctrf778WVrSfaDr5n4exKLEapWilp8hjrFB7EO/8VxG7yeq0qBVYl32CYDo2vROyNRWTIsJGerT5zRy224mNojteHDkokGt/Ax7UnOTlpPFGSYAwsFBuEb3+cgVvFnYILZh6TCX0e1FtU3UuvRslgmAjCj/0gSN8sAcqAw4zwaxDclDOeiBPvpQn14ldTNNAGTEwTAcHJQHlQHn2CAeR/lQDhr8R2cO96wOmW0CIBwchGuoDDjOBnEdDURy0H5u74zyUu9BdMYJgIx4yHOEdw5UBhxng7hMGdzsEcanh8Lovv41WvvuNesEYMRDXjk+HByUA5UBx9ggvFa126hLn9HIvv4aOEa9Pc46ARB9riMODuI7n4PufSoD9rFBPMTbQA76jEYO/noLGXkWxMwTABlxcBCrfnmMOFMiMxvEQ+wHxjf6UB/93aMnibNPAISDg3CNErTLzw+eDeI+HVLibjTEMbqvv1YdIhwBvcIEQEY85Kn8yUMTtvLzw0M2iPd6HomKY/RGOHLw1xJxlH3iVSYAMuLgIDWfcT8LYtGWzegk4AxsEDfoChafMu3Lz60nPWQitY9daQKg7yYHB+GSEUmj2dggbpZ0Iz3Y8ZAGqPJz66lHa9+9VpoAyKiDgyJs9+BxI5JGM7HB1fEFj290oo+WnyOuDq02AZARyZ+8IORBZcBlNri6kWVceNwqff2PWHECIBwchGuoDPBscGUk+cSlh+3o7N7og+KqEwAZcXAQScJ5UBnwkA2uquehLdhHy62jD/3IMDlceQIgI458pkw4B71AUBlwnw2uSIOLu2kwngb/kV9cJRGN6Ot/xOoTAD3kOTgIl1AZcJ8NrkaHjJDQE5O+sCNP+tLgnyknZPUJgOi7zMFBuESfE5UBN2xwJZoNcthHTKrEGN3XX2VE7meLignADX2ne1cG8CzJQys25ee3IhtchWaB2R7wqxjd118Tj4xvdEwA3tO16P2mp60qKgNyUO5G+fmtxgZXofpQd2NgLD24Rw/+Wd/kmADcN6IGnHyiPEa0k47EBlfAwR4xjT7UJ1pr372YADw0ogaciqIctFrTu510JDY4O472jGl0X381dsmeDMoEwBtRA05PkRxGtJOOwgZnptkee3TxjGjiclfEvv5HMAHw9Nn2LiXVShZdRXNYtTLABmelWZ5me+4GwDgaaMrPqqeZurkxAbiMg4NwzYqVATY4I83uqNONZ3Rf/9lyQZgAXDfiTU+TDvqM5LBaZYANzohOXbFoSXZ0Bu6MLVyZADxuxJseW495rFQZYIOzoVd3LHoQju7rn6W1715MALYZkXOigcX9LIhFz6dVKgNscCY6HMR9yBhDS6Ejv1xa/p15NYgJwHYcHIRLVqkMsMFZcF53LPpSjTzURwlZGiDdzzYLJgDb6dmgZ0T5e7dGA7IclLw5siFZDzY4AxJvYlFnvZEzan2RV0gCZQKwj54Rve9LrULRgjwHlXGWn99MbDA7Sm9i0cA78ghOPeBXOaSFCcB+HByEa0b3KGnJBjPT7Hr2Zd5M9KYzchlNWw4rPWiZAByj69a7PJBjyPMYkS/Sgw1mRvvNOOjr3x8TgOP07CivQWscHJTDqHyR1mwwKw7giENldiMH/1la++7FBOAcDg7CJSPyRVqzwYyYSccx+lAfdRdctfqDCcB5Iw4O0j6z+1kQy2yVATaYzYpLvVFp0Cg/n55W7/vABOA8TR5HlKtycFAOM1UG2GAmZNPGoaXM8vPpadUB6y4mAHXomdJ7uXeVUtUZzFIZYINZUE8bx+hDfUj+vMEEoJ5RBwdxYmkOM1QG2GAWdNQaT8ulI/v66wHNffAeE4C6ODgIl+gzyl4ZYIMZ8HAaT3kXI78AGvzZN72PCUB9I46I7XVwkL7Dumdu6TO/S5Pr23/m/vvV6fqpn0P5+WVhg9FxqtYNLVFqANQXVUvwGoxv3V4r3Zx341q20nL52S+0bvzRff3ZL31In2t5rY7SfeX+jhWN2OJSSaL7WY7S1oIGdD0Djg5ayrnSc0T3BpOCGyM6SdZig5GtvDymEhQN3ipTqnXDaRDXA2HPl3lEgtRd+rsZ/D0mAG2MWu49u72lF4QzA/4W2gJU6e/KlVj63o3se3KUDUa1YoKMfl8N+j3etjWp0JvOteNyNQkZPfhT9XEZE4B2NMD1vvc1qOx909bPqWfGiJ9Vz4+9P+8sdM3LaxKdDUakm2ultz4NtNrqKK9DL3p4aFZ/92fS9R+51EW/h8cxAWhrRCMY/X1bJr362fS2H+FNVKsCK67SjS6F3ssGI1ol2Utv/PoSl7//KLcTAV3/kYO/HigM/o9jAtCernHvQfbawUF6Zowuw71EP9dqK3Yjq6L2ssFoVmiTqS+3HrgRZu/RKOeBsqhtmAD0MWK5VwNL+T3Q5HzkxHwLPdP0ZrzK9q2e5VkqA2wwEr0Nu4s8E01wRp6XH5neINw1g8cEoJ8Ry723z0MNppneNEUTFU2cyus4oyyVATYYhbJuZ37z00xRVQ3l740btcugVsAEoK8Rg7BWxDKvFGoSs8KK3oitor1sMALtPc+856sEmd5Zupmo+Yq7briOCUBfGshG9sPISi93Mz/fb0WvDLDB0bZmvWalMrsMy0OjlNUH2I4JQH96VrGFt59egFaoFIhcGWCDI2nJRA8xdyFnMMspUi3os6e17zlMAMbQoWSZl+VH0YvQtb4js4iar2GDI82aJKKlwqilOhHoQTDzxK8XJgDjjDg4aBazr/pF3SqywVG0VOIu3gyUuFP+vrihwX/FpiEtMAEYa8TBQTOYfeVXIm4V2eAIGiDdRZuBstnL3xc3tA+4WqOQlpgAjDeyg2dms+d+SbStIhvsTUsjs5aF6DCP8vfFDX3uqzQH6YUJwHh6llHee4wa6Mw6FtyKNCbYYE9aEpl11kdi0GV6QK5QBtQbE4AYdG9T5nvMzKvBt6KsCttgLxocNUi6C5QdpUGXuZamqIMJQBwjDg6axQpNwCLkhdlgL2fPuo4qasZnBKqEYPBvhwlALCprLa8rtpm9JDjCOGGDPczc6S3bkZC9rHCuw2hMAOLJeE58BBoc3fWcyeiVYhtsTVmy7mLMQElt7Ps/xGDSBxOAmHgpOGaFrqAjc8VssCUlf828BBzpLP8odHOT7d8HE4C4sp3eF4HejlfYMhxVGWCDrSgrduaBQM1syt8ZN1j+74MJQFyqDMhyTnwkap/urudsRlQG2GALyoZVVqz7xWdBt7/r6PbXHhOA2KgO2k9jxyoriL2bSNlgC7NndNZ88M5qhfre0ZgAxEd/kP1mbhN/l7Y7ejaRssHaVljCoexvG1YB2mICkAMdQvdZKY9Iv2evJlI2WNMKe7+a0Ze/NzxyAdpiApAHZwbss0ougOhFqccqkQ3WskrHNzL/t9N+3gr3xChMAPJ48YpVwz1W6AtwV4/jpW2wBmW7rtDrXYMZ7T730Y3triXOYwKQg54b5AHsN3siean18dI2eJYGxNmPdbzFXt5+MzeCGo0JQA41P6eVrHhPttwqssEzNKvVze1+kRmpt315DXCd7hFOAmyDCUAOdAY8Rtsm7nrOrGVlgA2eob7X7peYFUd+HsM2QBtMAHKgaugYvTysmEPUqjLABo9a4QjHu7TNUV4DbLPavdILE4D4tPpVXmtst9IK810tKgNs8IgVm7zooIryOmCbFZfyemACEF+P7O6ZrVQOWKp979jgXlrOWnFZZkTv5lkoUdRdU5zDBCA+DWDltcZ2q3QFvKRmZYAN7qG+1qtk/Jfo/X8OXQHrYwIQHy8O56i/jLuuK6nVe8YGt9J+xMoPcU72OkcllO664jgmAPFROXSOXjrddV2JVtxrNJKywa1Wz+Qurwf2UQ6Fu644jglAfHQAPM9d19UomfRsZYANbqF9CPdDrUIzsPKaYB8GmPqYAMTHyuF57rquSJ0Rz3SitcHH0MmNEsAaKAWsjwlAfFrCLq819qGR2Hs6ar+8PlvZ4DXqSLRixn+JCcB52gt11xbHMQGIr7zO2G/VxPNLjlaW2OAl2m9g5nWDCcB5TADqYwIQX3mdsR8TgIeOVAbYoKN9htVOYrqGCcB5TADqYwIQX3mdsZ+7rqs7Uhlgg472GdxfuiomAOcxwNTHBCC+2u1cV+SuK/ZXBthgaeXWi5dQBXDe6pUkLTABiI8DxM7R9XPXFTf2VAbY4F2rt128prxW2Ic+APUxAYiPkwDP0fVz1xXvba0MsMFbtFy8jpn8OWwr1ccEID6VUZfXGttRhr6NjuYvr13JBkXNKsj4v04TpPK6YTsyeetjAhBfzcNcVsSW9HZawS+v3102qP0DHs6Pe+zi4jJOA2yDCUB8HAd8DiuH+1x7UX0QUIaqHiLuD8J9W5ZY4OkkRXdNcQ4TgPiU+1Jea2zHyvQ+ul6X2k8/CHBC23Y6CbG8ftiGwaUNJgBx6UHMSYDnkAB4jFb0XWXAvf8hSrCg1e92W8stcB+rTG0wAYhJy/6cAXAe9+RxejaUPSjuXdxbmmWRA7CNlrLL64fHsdLUBhOAWD548ivJwhXx4nCcOy/g3v+4S7PVj7/hYj+GPIDj9GBkolkXE4A49GxghbAejUnuOuM6rehf2np6ELhLywW6id0fihua4dPa8zhdO5VFse1UBxOA8dSJTaemltcT53B8+H4an67dizZY0ilD7g/HDbYBzlOWKuU95zEBGEuTWV4I2uAwun20gv9Y3okNOjpliPILj7reejSZ0qzVXWc8jgnAGHrYXiq1wnl6i3XXHZ5yrLZMRG3wErW+Vemb+wtXpuVrMnzrYVvgOCYAfeke1dJ0ee1QF6uD2+1pUGeD1+jhrDde9xevjFWA+vRGpQHNXW94TAD60aDExL89moZtoxV6rdSX1+8aG9yCh8NDnPLVhnpTsC2wDROA9mjo0xerzo9TfsSRLSgb3EozM/IC3tMbQXmNUIfKqbQt4K473mMC0Jba+PLW3w/H0T9Oq89Hy01tcA+aBt1HRUBbbAtcxwSgDRr69KftZlb+rjt7sqQN7qXZBw/lG5wP0IeWYHk4PMQEoD49ZGno0x8rfpcp+VRbo+U128sGj+Kc5hvsD/ahhzL33H1MAOqhoc84qjijCsjTinutfDMbPENNg1b/4PRmqhu4vDZoQ18G2lbfYAJwnp5f+t1p6DOGJvY0/fH0nKu5GmWDZ2nWvPryrLYCeID0xbYAE4CzaOgzHjX/ntry1x5TbLAGZcquXr5Bb4D+NDte+fwKJgDHqJppTwMVtMGW3kNakdLKenmtarDBWjRbWf3Y17NZmjhGq1ArbgswAdiPhj4xcObMQ0ea++xhg7WtXstZI1sTx+ihslKvCiYA22m7iITdGDTIkfR3n1bQW+eS2WALKzcN0o1NNvE4K20LMAHYRg19aiZTtaAzBrQ6Ef3nPEtJvDSUu2/rYT5n2WArSq5ZNbtTNziTgLF0/WfPS2ECcJ1KqKI39NF2hD7H259Zz8xZq4r0Ysib/3363pXXqRUbbEmz2VWzPHWjz7jkqIeTHlh6Y8lQ+aAtqVnfOJgAXKZ8nOj3p7YL3b054wvE7FtMe+kz7t1J1gZ7WDnbU797eT2y0t7d3QeW9lVbZazWpLcsLQPf/VxmwATgoQwNffRi9Nj9qBeIGVqNkxz+kFamRpSf2mAvmu2uuvwzw96e3vjd7yZ66GZ4WM22LcAE4D09WzKc1a97cM/WaOZyRa0Wrl4eXtJ3dtRYYIM9KQFk1eYt+tJnbDqim1U9DtzvVFIpXssyllo0UMywLcAE4EaWhj5Hr7HeoLOVLuqFYPVGXaXRq8E22Jtu5BVrtkWDTpa9czmayKkJQ63+1a3oPsy+NLn6BEDfpwx5NnoTPvvM0wqHPqPoK4l6AVj1+X5JlHwwGxxBA+DKHdyi753rgVVjz1x/RvSMZj2wjkxyIlh5ApCloY8e/DVXm/TsiLgtoJeFrSuFK9HnFSUnxQZHWr1pkJJBIu2d64Fae2Km2a+WvqK/uWTcFlhxAqAHaoZ8E93vLRNPozw7WjwzZqGVkEiTVBscrcwsX5FulJF757pJNUi3TNLUZ6xBJvL2h65DpreY1SYAGlCjTyRFb3y99r+1eqXVxN4DjZ5X+jxaPjMy69XcZw8bjIBs0Rua1etB3GPZXA9SVWboRu35JY6+/SFqHpNhW2CVCYA+i5ET5D3Uf8D9Dj1o8qoth1bPD01sdJ/oOeX+ftyIWrlhg1FoQGIP6T1NiPQwqdnJTPt0ujk1cLi/s6do2x8lzd61LRD5DWeFCUCGhj6i71ak5Dd9v/SGrsm2Jk97r6F+H/13ui+Ub8Gb/uO0yhl5omqD0UR+ExlJD3t9oXV9NCnQjaYv6d1rp0mU4qI3Af27oolV1Dfa0dsfj4m8LTDzBED3RZTkqcfou5ZhgNQApXvmmkiTmEz0fC2fx9HYYER6M2TGuRa9ZUQuHYy4LaAHdvlzHhVlAqDvfYaGPsKqJUT3QIbcFBuMSoMBe03rUU5C1NJBLaNqoIwyOZ1tAqBJYPS3qFtateqV6Ie4tEVV3htR2WBkmlXpIecuPOalAVZVCZFKaO7SBEWDlfvZe5plAqCl6QiNUrbQJHBkoh9i0DNKSdTl/RGZDWZAnemaopcOaltg5CrVDBMALZ9GneiVtDpBtRL0nY/e6dSxwSyUzUpewJq01Bq1tGbktkDmCYA+05oVLq3x/IEoSTLDfr9jg5koK1hvhe6Dwfw084667Ka3w97bAlknAFrRy/IQ1epEhO0ejKf7Nupq5BY2mA1Ng6DPP2rpoCpYeiWHZZsAqIoiS2mfaIWCRD9I9OZlW9hgRpqFZT/JDedpAIy4F3ebKNZ6yTjTBCBLQx/Rz6kkVPd7YC3Rm/vsYYOZqV7YfWhYS9TSwdbbAhkmANozzVLaJ/pZozbNQl9aaYxaknyEDWanJVfyAiBRSweVt9BiKTnyBECrH1ka+tyK3voZ/ag6JfN+v2ODM2DWjlu3pYPRksz089SuH486AdCqR5bSPiHRD3fpu1DeIzOwwVnQNAh33ZYORpvFa7Ja6z6NNgHQ5CtLQ59bSvRjBRGi+yDyAWVn2eBsSN7BXVFLB2tsC0SaAOigqkxv/ZoY6md2vwvWk7W5zx42OCM9XNnLw11K6InWeEarVmcmrBEmAJrEZGroIypFZMsQt/Q9ytKX4gwbnJW+5NTwoqQve7SZvn6eI8ewjp4AKKch24OTRD/cpQl4eY/MygZnpiVJzreGoyzfaCU+2j/fM2kdNQHI1tBH9CzQ9XK/D9ajSeAMzX32sMHZsdeHa9TeM9Le9Z5tgd4TAD009e9lK4/SliCJfrilSXa2CWwNNrgKZYS7mwG4HdgiLWfrAfXY6lXPCUC2hj6iz5PJP+5SLlCmZNWabHAlaunImwAu0b0RrXRQy5SX7tkeE4Dba1L++9GR6IeSOoZmW72qyQZXo31fHgy4RiVBkerZ9SarrYry52w9AcjW0OfWY6sZWE/GSWxtNrgiPVCVBOZuFOBWtNLBclug1QRAe6TZGvqIJvck/eIurWBlK1NtxQZXxpsCttBAGylpSG8zerC1mABozzxSLsRWmrBc2irBmrTSmy1vpSUbXB1Ng7CVVo2iPFC0NF+zjEkDaMY3JRL94Oi7mnEi25IN4qYRi/Z93Y0ElKKVDq5KqzI0+0JppeY+e9ggbmi2qCVVd0MBJa0aZeyEN4vaJysiP30nI577EYUN4j2ViLhsa+CS2zK5lcuLetIWDIl+KK1wmM9ZNoiHtLdKXgD2yJo5n4muL99LlDQhZEvucTYIj6ZBOEKZxzOfKT6Ctlko24WjFVtW37axQVymumLVgrsbD7hG+SSaRJb3FPbRNSTRD85qh/mcZYO4TrNLtZB0NyDwmEilg5noe0eiHxytzDK53s8GsQ1Ng3CGatXZp9xGEyZW3uDovoh2jHcWNojttLdLXgCOonTwcSTg4hKtprHff5wNYh+9ndA0CGeQJPiQVkd0+JC7XoBWYMt7BvvYIPajaRCOokvZQ2pBTKIfHK24MmGuwwZxnB7m7qYFHJUIsoT5nq4F3yFcQnOfumwQ59CcBFvoHqEa4D1dC02I3LUCtMJKrkxdNojzOJQEj6FL4H3k0eAStsnasEHUoSQmepTDUfZyeb+sTvu67lphXVolo7lPOzaIemgahJIeatT/eyTS4pZWULWSWt4jqMcGUZ9Oh3M3OdbDcuZlSvBy1wxrUXMfJsnt2SDa4DAhCFnM13H89tq0YkplTB82iHbIdF4be/+P05sfVTRr0kppeT+gHRtEWxxlui7e/rchb2YtWhlV86fyPkBbNog+ONlsLbz9b6ftMncNMR+tiNIPYwwbRD/PfqFp0Co4rnQf+gLMT5NimvuMY4PoS8vCPOzmpkkeiU37PHlB5czMqIYZzwbRn2bBNA2aF8v/+ykZ0F1L5KbJsFY+y88b/dkgxtAbIiVQcyK7+RjVg7vriZw4zCcWG8RYan3pvjzI69XvJDkdwYR4HlrhpLlPLDaI8WgaNA+99ZSfL7bRgUnumiIXTeTIgYnHBhGD3hpZAs2PZKfjVB7mriny4DCfuGwQcWjWTNOg3Dj29xxWwnLS50bpa2w2iHi+omlQWnQ4O4cTAvPRyiV5L/HZIGLSeem8DeVD1vM5tAXORSuW7PfnYIOIi6ZB+fAmdA6VAHlopbL8/BCXDSI2NQ1iWTSP8vPDPmx/xaeVSa1Qlp8dYrNB5KDscvdlRBwfPPn1r4/Kf37YRk2U3LVFDDT3ycsGkYdKbDhMKC4lQ5WfGfahF0BcWonkMJ+8bBC5/PTbH3+/abovKMbSA7L8vLAPE4CY6G+Rnw0iH7XYpGlQPKwAnMcEIBatONLcZw42iJxUekPJVCy0AT6PCUAcWmnUimP5GSEnG0RuJE3FwQTgPKoAYtBqFof5zMUGkZ+6z9E0aDwtl5afDfb5kgnAcFpZpLnPfGwQc9BBKh8+JS9gNN6azuEsjLG0olh+JpiDDWIeKtHhAToWZwGcwyR2DK0gcu/OzQYxH5oGjcMb1Dn0uehPky6tIJafBeZig5jTs1/e0jRoAPWyLz8LbKMOc+6aoh2tGNLcZw02iHlxmFB/VAIcR0VLXzT3WYsNYm5KSvv4Gw4T6okTAY8hf6UPrQxqhbC8/pibDWJ+KunhmNV+1Mym/AzwOEpZ2+Mwn3XZINbBEmsfqqMurz2uU8c5dy1Rj1YCKVNdlw1iLS9e/UHToMa0xEpi1T6sULWl60tzn7XZINajPWoOE2qLbYDtNDAxKW2Hw3wgNog10TSoLY4G3u75Sw4AakGTKq34ldcba7JBrI3DV9oh2WobVqPq0zWlGgV32SCgNzCaBtXHKsDjePuvj+Y+cGwQEJoGtaEBrrzWuKG9f97+69KKXnmdAbFB4JbeGvTW6h4sOEYDXHmdcYOy1Hq0gsdkE9fYIFCiJKsusrAf0tv/B0/YdqqB5j7YwgYBR4MWeQF1aKCjBvs+kk/r0Iod+/3YwgaBS9Sdjbe0Ojgm+D11o2NyeR4nT2IPGwSuoWlQHRrwNKEqr+9qtBJCnsk5upfYVsJeNgg8Rg9t9bd3DyNsp9WU1WuzyS85R/cQE0kcYYPAVmRtn6fVlFXzAfTW6q4JtqG5D86wQWAPlRrRt/0cNWopr+vs1JKWff/jtAJHIinOsEFgr5dv/nz34VPyAs548mKdPVy9tTJpPI4EUtRgg8ARKj365FuSuc5YoXGL7hMmi8do0kRzH9Rig8AZX/xAUtdRs2dzU0FynCZNWmkrrylwlA0CZz37hcOEzpixnlt7/iz7H6OVNZr7oDYbBGpQK1KaBh03U0c3qkWO04paeT2BGmwQqEUd3j7+hryAo9TTPfOyr7LUqfM/RitoWkkrrylQiw0CNWkQ+Ox7mgYdlTXxi8nfcVo54zAftGaDQAssA5+jfeAMg4K2LXSwDzkgx2jSpMlTeV2B2mwQaIVEsPO0mhJxgNBKjyZ5fL7HabuE5j7oxQaBllQKRh34OXq7VnJYlCTBb39++3e+gvtZsQ3NfdCbDQKtaeBS+1v3IMR2etvWcvuIfvB6U9XAT13/OfoMtTJWXl+gNRsEetHg5R6K2E85AhqQWy8h//Dr27+3IdjjP4/DfDCSDQI90TSoPiWSaXJV481SiYdantYEg8+pHq2A0dwHI9kg0JsGGfaQ21FZmRoLKW9AEwPRoK4Jgqj98G1c9O+Sp9GOrnH5HQB6s0FgBL0NaeBxD0xgBlpB4TAfRGGDwCjav6ZzHGakFS6a+yASGwRG05I0+82YxUznOmAeNghE8NNvNA1CfjOe7Ig52CAQBefHIyutYGklq7yngShsEIhEeQH/ekbTIOShqgutYJX3MhCJDQIRPXnBYUKIj+Y+yMIGgahUQkVeAKLSShWH+SALGwQie/mGw4QQD4f5IBsbBKKjaRCi0IoUzX2QkQ0CWai1rXsoAz1oJUorUuV9CWRgg0AmHCaEEXQ4Es19kJkNAtmo5EqlV+5BDdSmlafyHgSysUEgo9dv//z7GFz3wAZq0EqTVpzKew/IyAaBrGgahFa0wsRhPpiJDQLZqSTLPcSBI7SypBWm8j4DMrNBYAYvXnGYEM7TYT4098GMbBCYBU2DcAbNfTAzGwRmolKtT78jLwDbaeVIK0jlvQTMxAaBGX35I02D8DgO88EqbBCYFU2DcI1Wimjug1XYIDAzlXL977/JC8B9X/1Icx+sxQaB2ektj6ZBEK0IcZgPVmSDwApU2qUSLzcoYA1aCaK5D1Zlg8BKvvnv7+QFLEjHSbPfj5XZILAamgatRSs/5T0ArMYGgRWp9EslYG7AwBy00qMVn/KzB1Zkg8CqOExoXjrMR8dGl585sCobBFankjA3iCAnmvsAD9kggHf/UGkYeQH5aUWHw3yAh2wQwA0dJkTToLw4zAe4zAYBvKdSMZWMuQEGMWnlhuY+wHU2COChL34gLyADHf+slZvy8wNwnw0C8GgaFNsn39LcB9jKBgFcplIylZS5AQjjaIWm/KwAXGaDAK57/ZamQVFoRUbHPJefEYDrbBDA42gaNJ5WYjjMBzjGBgFsp1IzNzihLR3nrJWY8vMAsI0NAtjnh19pGtSTDvOhuQ9wjg0C2E+lZypBcwMW6qG5D1CHDQI4RiVon35HXkALWmHRsc3lNQdwjA0COIemQXVxmA9Qnw0COE+laTQNOk8rKjT3AeqzQQB1qESNw4SO07HM5TUFUIcNAqhHpWoqWXMDHDya+wDt2SCAulSyptI1N9jhPq2Y0NwHaM8GAbShw4TcoIcbOnaZ/X6gDxsE0I5K2Wga9BDNfYC+bBBAWypp4zChG9rv18pIeY0AtGWDANrT2+7qTYO0EqLjlctrA6A9GwTQj0rd3OA4O5r7AGPZIIC+nr9c6zAhHaPMfj8wlg0C6G+VpkFPXrDfD0RggwDGUAmcSuHcwJmdVji00lH+zgDGsEEAY83WNEjHJOu45PL3BDCODQIYT6VxMxwmRHMfICYbBBCDSuQ+eJJ3EqBjkcvfCUAMNgggjoxNgzjMB4jPBgHEopI5lc65wTYarVjQ3AeIzwYBxPT0p9iHCenYYx1/XP7cAOKxQQBxRW0a9Nn3NPcBMrFBALGppE6ldW4gHkErE+XPCCA2GwQQn0rrPvl2bNMgrUToeOPyZwMQnw0CyEOldm5wbk0rEBzmA+RlgwByUcldz6ZBOsaY5j5AbjYIIB8dJtSjaZCOLy7/bgD52CCAnFSCp1I8N3CfRXMfYC42CCAvleLVPkxIxxRrhaH8uwDkZYMA8qvVNIjDfIA52SCAOahE70zTIK0k0NwHmJMNApjHkcOEtN+v44jLPwvAPGwQwFy0hK/SPTfYl7RiwGE+wPxsEMCcVMLnBv1bWimguQ+wBhsEMC8dJuSaBum4Yfb7gXXYIIC5lU2Dnrxgvx9YjQ0CmJ/K+7TfrxWB8p8BmJ8NApifSvx0rHAZB7AGGwQAADN794//D+yRVit7y9yqAAAAAElFTkSuQmCCAzure ADGE.PEllipsefalseAnyAnyfalseA representation of Azure Data ExplorerfalseSE.P.TMCore.ADECentered on stenciliVBORw0KGgoAAAANSUhEUgAAADwAAAA8CAYAAAA6/NlyAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAFiUAABYlAUlSJPAAAAQ3SURBVGhD3djNa9RAGAbwnvyD9ODRox78BwQVD3oQRD14qAp6EFSoINiDXgQFQURBlFJsVbSVHsQiiq390NrP3e2XLda223a7HfsMeddJ8iaZmUyy2z7w0CWZyeZHdzPZNJ14WhBNzX117Z7L/eLQk0FxpG0os57q/CkuvZsSTWI79UTnhv0w/h+M1AOdKzYIRvJE547lwEge6Lpgo8BIlmhT7OnXI+L+t2lx9u0vdj9XFhsHRrJAm2KBnF3dkOezslEVzd1j7Di1kVg0Doy4RKfBUpLQsVg0CYy4QNt8Z8f+rHln4M/iWkUcbx8OjU/EojpgJA3aBgvQRnXLe3d/sB3fa3W8FhbVBSM2aBss9e6XkvfO/jwemPON08aiJmDEBJ0GSw2inw3P+/YbYVFTMKKDdoGl3vlcFP3zK3JpUrcbY1EbMBKHdomNqhUWtQUjHNoUi6UHV2MsPzprLBrEtn4uyfnF5XX5Wt0XahowoqJtsOo6q3NjwWHLlap3BCFfx6LTghGg02Ipcegg9nZv0YelYBv2qWNrdQFGjj0fZU8yqrjaRqVr8k9oPPed7SkseTPC+Vj6Gxov6wqMHH2hf3N/8+OUNysc3avxg74Zb0Y42MfNcQpGTNDcjYXpOst9UrCNGyvrGozYom1vKlR0LBbNAoyYoHFfjIuYuk0XS235VJDl9vmaFRgxQasNYgHpGF3UAyU1SzBiig5i1XU2cY3VqS14avGlGCy1iOrWurclOrroOCwlDbq5a1xce180B/+YuSde9e2V/TR6xgma+84ulCvebH+W1jfFlZ6J0Pi4Anvw4Yi41T1nBlaxrtAcFqDgf5dSqW6JG9vreHBOVAm7r9UQzGGpQOskiOawVG6NRRKXHqUq1ggch0W7hg57I5ND6DgsNYhOg9UG62BXNwreaL2cbBtjT5Lro++zYmihLP9y+7lyWC1wFljK+U7+ZNM2CpsIzhJLcY2Ow6KRYBfYymb0zzc1rtBJWJQFu8DSMb4Vrnpb4pMWrYNFQ2CXWGrWaF0s6gNngaVmhTbBojVwllgq7r91oos2xaISnAcWx1irRD/HCiYJbYNFJZg7QaorbNIxuEShbbGoBL8ZOGB9ollhKUF0GiwqwUvlQRFENwKWQui0WLR20VLReWGHZ+7I6uRc50RqLFoDI0DjKUYeWCxTNF53ybrQPs0iTOoD68Q1lpoX2gicFZaq+/FOg9YGZ41Fv05e9EYmxxatBc4Dq/tcTI0NOhHcqFiKKToW3OhYigk6ErxTsBRdNAveaViKDjoE3qlYShLaB97pWEocugbeLVhKFFqCdxuWwqElmDtBqg4Wj264udR6YClBtASneQCA4FdWR99+9hj1xFJUtATbPgBQM/e3J4RuBCyF0LWLlukDAC4qupGwFKBrYATo/uJ1Kyzl93Kv/JnXaFjK11JZ/APE8zEB5VpUdAAAAABJRU5ErkJggg==Azure Data ExplorerGE.PEllipsefalseAnyAnyfalsefalseSelectOnly AzureAzure and On PremLinked Service TypesVirtualDynamicafe0080c-37dc-4d53-9edd-d0a163856bdcListAzure Data FactoryfalseSE.P.TMCore.AzureDataFactoryCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAHIVJREFUeF7t3S+UXMXW8OErr7wSiUQikUgkFomM+ATiiggEIgIRgUAgIhAxEREIBOIViAhEBCICMQIxIiIiAhEzX3ZYfZl0dqp7prv+nKpHPGYvFumZVM759elTff51dXUFACwmHQIAc0uHAMDc0iEAMLd0CADMLR0CAHNLhwDA3NIhADC3dAgAzC0dAgBzS4cAwNzSIQAwt3QIAMwtHQIAc0uH9Pf08q+r//vjHw9+e3H19c/P/+fuT8+vPv3u4qD/3H129a//97aYZf/tvut/3r1fnr/1euL17b9mALYjHVLPs+ev3pxAH//+8n8n190J94Ov/3jnZL0F//7vP0ERYRI/08OnL9/8nPHz7v8OAOgvHXJ7f70+38WJL06AcSL84sc/35wY4ySZnTxXsYuELx9evvm9iAOAvtIhh12+fHX18zMn+XP45P7F1ecP/nzzu4wrI8IAoL50yNvi8+54R7/73D37XJ3z2l0xiN95/O5FAcB5pcOVxTv7OOHceXT55p1pdnKij+tREFcKXry5DzH/ewSgLB2u5OLFqzd32Mdn0x/d2+ZNeCuLSIsgiI9j4v6L63+3ALxfOpxZvMOPE358br/Vu+55v7hCEPcSPLmwTRGgJB3OJk4G8S7x429d0l9J3KsRV3bi4wJXBwDelg637vq7fDfsEeL+gdhpEOsi1sf+mgFYTTrcorgh7PsnL95cAs5OAHBdrJNYL24kBFaVDrciLuvGO7p4Z5cd5OGQuDIQHxPETYT76wtgZulwdLFNLy7v++IdzunDb/54c69I7AzZX3MAs0mHI4rPbeOBNO7cp4XPfvjTVQFgaulwJHEQjnf72UEaaovvhoiPmewiAGaTDnuLg228249LstlBeTWxfTFuWtsX71Jjz/v77D/CN8Qs+2+vi/9v9uet/JFLXHmK340dBMAs0mEvceK//+uLJS7z706q10/icVf67kQ9+ufQ16Ni9/rD7uea9WuUI4K+enxp9wCweemwtRlP/NefcBeXkONEuepJIx7kEz9/BE78PuL3EpGw5e9oiNceV1N8NABsVTpsZYYTf5zorz/j3iXim4koit9brIO4Az/CYEvrIV5rBN7+zwUwunTYQtzct7WH78TJKS7/ejxtfRFSsUZ2HyuMfrUg7tPw/AFgS9JhTXFg38IX98QJJ3YfxDtTB/YxXH9y46g3iMZVDB8LAFuQDmuIg2J8ZjryneRxQ168xqeXTvhbEFdh4r6C0b4UKj4W8B0CwOjS4bnFgXrEy/3xLj/eTcYlfe/ati+e+nfn0eUw9xDE2rJbABhVOjynuGQ70ruz3Uk/Thb7r5V5xMc2EQO97x2I8HW/CDCidHgO8Y46TrTZQbGHuO/AO/31xN93/L3HxzvZumghIiR2Ouy/NoCe0uGp4h1P3BWdHQxbikvBcROfrXmEuIkwrgr0uiIVa3H/NQH0kg5PETfQ9b7sujvxe7dPJoIwthf2CIG4Krb/egB6SIe31fvkH3+2Ez/H6rUlNb5LYv+1ALSWDm+j98k/Lu261M9txJa91t8rEFcg9l8HQEvp8KbiM/9eJ/84cPuiHk4V2/Va3ygoAoCe0uFNxOX2Xjf8xeVb+6w5p/gmv2yt1WJ3ANBLOryJ+DwzO7DVFgfq/dcC59AyAuKGVREL9JAOjxWfnWYHtdriq1/3XwucU8vvsLCegR7S4THi0n+Pr1yNjxvc5U9trde3b6YEWkuHx4jtdtmBrDY3/NFKyzUeYbv/5wPUlA6P0ePhPnGX9v7rgFriKkDLLwvyFEqgpXR4SFyuzA5gtbnxj9Za7nDxLYFAS+nwkB7fnhbioS77rwVqihv0srVYQ1xtcH8L0Eo6PKTXvv97v7gCQFuf3G+71j06GGglHR7S62lqtkvRWutvuIyttfuvAaCGdFgS37efHbhaiPDwff+08v2T9jtd4s/cfx0ANaTDkvjq0uzA1Urcf7D/muDcIjR7fM+F5wMAraTDkt4BEGJ/9v7rgnOJG/FaPxhoRwAAraTDkhECIDz4TQRwfj1P/kEAAK2kw5JRAiDYFcA5xUN5Pv2uzw6XHQEAtJIOS0YKgOCRwJxDfMV0j8/89wkAoJV0WDJaAIQ4cPuSIG4j4jG+YbLX1tZ9AgBoJR2WjBgAO/EFRfH69l8zZOJm0tb7/A8RAEAr6bBk5ADYic9xhQCZuMkv9tp/+E3/y/0ZAQC0kg5LthAAOxECvlmNEJf64x3/CJ/zlwgAoJV0WLKlANiJd3vxOe/FC98iuJoIwPgK6VE+4z9EAACtpMOSLQbAdfFwl7gE7CuF5xXP1f/q8eXw7/YzAgBoJR2WbD0AroubBuOysCsD2xfrMk76o362fywBALSSDktmCoDrIgbiBBKXjD2TfXwRbfFtkHF5f4vv9N9HAACtpMOSWQNgX9xAGN80GD/v/u+A9uIjm8e/v7y68+jy6qN785zw9wkAoJV0WLJKAOyLewfi5BPvOp8995FBbbHOIsDiHf7WL+vfhAAAWkmHJasGQCauEnz58PJ/Vwp8JfHNRUzFO/s48cXXOs/87v4YAgBoJR2WCICy+Ga5XRjEwTxObvE72/89riQu38fvIHZfxO8knrYXV1Sy39/qBADQSjosEQCniTgI8W43DvYhTozxew1b2p4Y2+12r3v3s8T3Lex+xtXfzd+GAABaSYclAqCd2JmwO5nuTrCZ3UcQt7W7BP8+ce/D7nXMdMf9iOL3vf9vDqCGdFgSJ4zswAWcTgAAraTDEgEA9QgAoJV0WCIAoB4BALSSDksEANQjAIBW0mGJAIB6BADQSjosEQBQjwAAWkmHJQIA6hEAQCvpsEQAQD0CAGglHZYIAKhHAACtpMMSAQD1CACglXRYIgCgHgEAtJIOSwQA1CMAgFbSYYkAgHoEANBKOiwRAFCPAABaSYclAgDqEQBAK+mwRABAPQIAaCUdlggAqEcAAK2kwxIBAPUIAKCVdFgiAKAeAQC0kg5LBADUIwCAVtJhiQCAegQA0Eo6LBEAUI8AAFpJhyUCAOoRAEAr6bBEAEA9AgBoJR2WCACoRwAAraTDEgEA9QgAoJV0WCIAoB4BALSSDksEANQjAIBW0mGJAIB6BADQSjosEQBQjwAAWkmHJQIA6hEAQCvpsEQAQD0CAGglHZYIAKhHAACtpMMSAQD1CACglXRYIgCgHgEAtJIOSwQA1CMAgFbSYYkAgHoEANBKOiwRAFCPAABaSYclAgDqEQBAK+mwRABAPQIAaCUdlggAqEcAAK2kwxIBAPUIAKCVdFgiAKAeAQC0kg5LBADUIwCAVtJhiQCAegQA0Eo6LBEAUI8AAFpJhyUCAOoRAEAr6bBEAEA9AgBoJR2WCACoRwAAraTDEgEA9QgAoJV0WCIAoB4BALSSDksEANQjAIBW0mGJAIB6BADQSjosEQBQjwAAWkmHJQIA6hEAQCvpsEQAQD0CAGglHZYIAKhHAACtpMMSAQD1CACglXRYIgCgHgEAtJIOSwQA1CMAgFbSYYkAgHoEANBKOiwRAFCPAABaSYclAgDqEQBAK+mwRABAPQIAaCUdlggAqEcAAK2kwxIBAPUIAKCVdFgiAKAeAQC0kg5LBADUIwCAVtJhiQCAegQA0Eo6LBEAUI8AAFpJhyUCAOoRAEAr6bBEAEA9AgBoJR2WCACoRwAAraTDEgEA9QgAoJV0WCIAoB4BALSSDksEANQjAIBW0mGJAIB6BADQSjosEQBQjwAAWkmHJQIA6hEAQCvpsEQAQD0CAGglHZYIAKhHAACtpMMSAQD1CACglXRYIgCgHgEAtJIOSwQA1CMAgFbSYYkAgHoEANBKOiwRAFCPAABaSYclAgDqEQBAK+mwRABAPQIAaCUdlggAqEcAAK2kwxIBAPUIAKCVdFgiAKAeAQC0kg5LBADUIwCAVtJhiQCAegQA0Eo6LBEAUI8AAFpJhyUCAOoRAEAr6bBEAEA9AgBoJR2WCACoRwAAraTDEgEA9QgAoJV0WCIAoB4BALSSDksEANQjAIBW0mGJAIB6BADQSjosEQBQjwAAWkmHJQIA6hEAQCvpsEQAQD0CAGglHZYIAKhHAACtpMMSAQD1CACglXRYIgCgHgEAtJIOSwQA1CMA2PfXq6urcH0GO6esj3RYIgCgHgHAdS/+urr69LuLq4sXb47w6X/Duk5dH+mwRABAPQKAnTiof3TvjzfrQgCw7xzrIx2WCACoRwAQnl7+dfXB138f3IMA4LpzrY90WCIAoB4BwOPfX179+79vrwsBwM4510c6LBEAUI8AWNv3T16k60IAEM69PtJhiQCAegTAur56fJmuiSAAqLE+0mGJAIB6BMB6YgvX5w/+TNfDjgBYV831kQ5LBADUIwDWEtu4Pv72Il0L1wmANdVeH+mwRABAPQJgHc+ev7r68Jt/7uQuEQDrabE+0mGJAIB6BMAa4jj6n7v5GsgIgLW0Wh/psEQAQD0CYH4Pn767jesQAbCOlusjHZYIAKhHAMzt3i/P07/3QwTAGlqvj3RYIgCgHgEwry8fvn8b1yECYH491kc6LBEAUI8AmE/cyf3ZD+VtXIcIgHn1XB/psEQAQD0CYC5xYD5mG9chAmBOvddHOiwRAFCPAJhHPLDl2G1chwiA+YywPtJhiQCAegTAHH5+9vJG27gOEQBzGWV9pMMSAQD1CIDte98DW04hAOYx0vpIhyUCAOoRANt296fbbeM6RADMYbT1kQ5LBADUIwC2KR7Y8sWPp93JXSIAtm3U9ZEOSwQA1CMAtie2cX1y//Q7uUsEwHaNvD7SYYkAgHoEwLbEgfeje+e5k7tEAGzT6OsjHZYIAKhHAGzHk4ubPbDlFAJge7awPtJhiQCAegTANjz+/eYPbDmFANiWrayPdFgiAKAeATC++7+efxvXIQJgO7a0PtJhiQCAegTA2O48uv0DW04hALZha+sjHZYIAKhHAIwptnGd+sCWUwiAsW11faTDEgEA9QiA8Vy+PM8DW04hAMa15fWRDksEANQjAMZyzge2nEIAjGnr6yMdlggAqEcAjCOOda22cR0iAMYzw/pIhyUCAOoRAGN48NuLptu4DhEAY5llfaTDEgEA9QiA/uLvIPu76UkAjGOm9ZEOSwQA1CMA+ok7ub982Gcb1yECoL8Z10c6LBEAUI8A6CMe2PLpd33v5C4RAH3Nuj7SYYkAgHoEQHtx8Oy9jesQAdDPzOsjHZYIAKhHALQV27g++Lr/Nq5DBEAfs6+PdFgiAKAeAdBO6we2nEIAtLfC+kiHJQIA6hEAbXz/pP0DW04hANpaZX2kwxIBAPUIgPq+ejzmndwlAqCdldZHOiwRAFCPAKgntnF9/qDfA1tOIQDqW3F9pMMSAQD1CIA6YhvXJ/fHvpO7RADUter6SIclAgDqEQDn9+z5qyEe2HIKAVDPyusjHZYIAKhHAJzXk4txHthyCgFQx+rrIx2WCACoRwCcz8On29nGdYgAOD/rQwDAUATAedz7ZbwHtpxCAJyX9fG3dFgiAKAeAXC6UR/YcgoBcD7Wxz/SYYkAgHoEwO3Fndyf/bDNbVyHCIDTWR/vSoclAgDqEQC3EwfA0R/YcgoBcBrrI5cOSwQA1CMAbi4e2LL1bVyHCIDbsz7eLx2WCACoRwDczM/PXk6xjesQAXA71kdZOiwRAFCPADjeg9+29cCWUwiAm7M+DkuHJQIA6hEAx7n701zbuA4RADdjfRwnHZYIAKhHAJTFA1u++HHOO7lLBMBxrI+bSYclAgDqEQDvF9u4Pv1u3ju5SwTAYdZH/nspSYclAgDqEQC5OMB9dG/uO7lLBECZ9SEAYPMEwLtmeWDLKQTA+1kfAgCmIADe9vj3eR7YcgoBkLM+/iYAYAIC4B/3f11nG9chAuBd1sc/BABMQAD87c6j+R7YcgoB8Dbr420CACawegDENq7PH6y3jesQAfA36yMnAGACKwfA5cu5H9hyCgFgfZQIAJjAqgHw7Pmr6R/YcorVA8D6KBMAMIEVAyCOKatv4zpk5QCwPg4TADCB1QIgHthiG9dhqwaA9XEcAQATWCkA4mfNfge8a8UAsD6OJwBgAisEQNzJ/eVD27huYqUAsD5uTgDABGYPgJUf2HKKVQLA+rgdAQATmDkA4iBlG9ftrBAA1sftCQCYwKwB8PTyr6sPvraN67ZmDwDr4zQCACYwYwD8/MwDW041cwBYH6cTADCB2QLg+yce2HIOswaA9XEeAgAmMFMAfPXYndznMmMAWB/nIwBgAjMEQGzj+uJHD2w5p5kCwPo4PwEAE9h6AMQ2rk/uu5P73GYJAOujDgEAE9hyAHhgSz0zBID1UY8AgAlsNQCeXHhgS01bDwDroy4BABPYYgA8fGobV21bDgDroz4BABPYWgDc+8UDW1rYagBYH20IAJjAlgLgziPbuFrZYgBYH+0IAJjAFgIg7uT+7AfbuFraUgBYH+0JAJjA6AFw+dIDW3rYSgBYH30IAJjAyAEQD2yxjauPLQSA9dGPAIAJjBoA8cAW27j6GT0ArI++BABMYMQAePCbB7b0NnIAWB/9CQCYwGgBcPcn27hGMGoAWB9jEAAwgVECwANbxjJaAFgfYxEAMIERAiC2cX36nTu5RzJSAFgf4xEAMIHeARAHko/uuZN7NKMEgPUxJgEAE+gZALGNy53cYxohAKyPcQkAmECvAHj8uwe2jKx3AFgfYxMAMIEeAXD/V9u4RtczAKyP8QkAmEDrAPjqsQe2bEGvALA+tkEAwARaBUBs4/r8gW1cW9E6AKyPbREAMIEWAeCBLdvTMgCsj+0RADCB2gHw7PkrD2zZoFYBYH1skwCACdQMgPi3axvXNrUIAOtjuwQATKBWAMQDW2zj2q7aAWB9bJsAgAnUCIB7v3hgy9bVDADrY/sEAEzgnAEQd3J/+dA2rhnUCADrYx4CACZwrgCIB7Z89oNtXLM4dwBYH3MRADCBcwRAHAxs45rLOQPA+piPAIAJnBoA8cCWD762jWs25woA62NOAgAmcEoA/PzMA1tmdY4AsD7mJQBgArcNgO+feGDLzE4NAOtjbgIAJnCbAPDAlvmdEgDWx/wEAEzgJgEQ27i++NGd3Cu4zQHe+liHAIAJHBsAsY3rk/vu5F7FTQ/w1sdaBABM4JgAiH/sHtiylpsc4K2P9QgAmMChAHhy4YEtKzr2AG99rEkAwARKAfDwqW1cqzrmAG99rEsAwATeFwD3f7WNa2WHDvDWx9oEAEwgC4A7j2zjWl3pAG99IABgAtcDwANb2MkO8NYHOwIAJrALgMuXHtjCP/YP8NYH1wkAmEAEQDywxTYurrt+gLc+2CcAYAKffndhGxfviDv849j74LcX1gfvEAAAsCABAAALEgAAsCABAAALEgAAsCABAAALEgAAsCABAAALEgAAsCABAAALEgAAsCABAAALigdE7Z+rj5EOSwQAAIwjzsv75+pjpMMSAQAA4xAAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALCgx7+/fH16zs/ZJemwRAAAwDge/Pbi9ek5P2eXpMMSAQAA4xAAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALAgAQAACxIAALCg+78KAABYztc/P399es7P2SXpsEQAAMA4BAAALEgAAMCCBAAALEgAAMCCBAAALEgAAMCCBAAALEgAAMCCBAAALEgAAMCCBAAALEgAQEX/ufvs6tPvLqbz0b0/0p93JB98/Uf62rduC7/7MOva//jbi/Tn3SIBABXFAWP/38IM4jni2c87ki8fXr5+qfnr37It/O7DrGt/pnOZAICKBEA/AqAvATA+AQAVCYB+BEBfAmB8AgAqEgD9CIC+BMD4BABUJAD6EQB9CYDxCQCoSAD0IwD6EgDjEwBQkQDoRwD0JQDGd+fR7f6NpMMSAcCKBEA/AqAvATC+2/4bSYclAoAVCYB+BEBfAmB8AgAqEgD9CIC+BMD4BABUJAD6EQB9CYDxCQCoSAD0IwD6EgDjEwBQkQDoRwD0JQDGJwCgIgHQjwDoSwCMTwBARQKgHwHQlwAYnwCAigRAPwKgLwEwPgEAFQmAfgRAXwJgfAIAKhIA/QiAvgTA+AQAVCQA+hEAfQmA8QkAqEgA9CMA+hIA4xMAUJEA6EcA9CUAxicAoCIB0I8A6EsAjE8AQEUCoB8B0JcAGJ8AgIoEQD8CoC8BMD4BABUJgH4EQF8CYHwCACoSAP0IgL4EwPgEAFQkAPoRAH0JgPEJAKhIAPQjAPoSAOP77Ic/X/9I+c9Zkg5LBAArEgD9CIC+BMD4bvt3lA5LBAArEgD9CIC+BMD4BABUJAD6EQB9CYDxCQCoSAD0IwD6EgDjEwBQkQDoRwD0JQDGJwCgIgHQjwDoSwCMTwBARQKgHwHQlwAYnwCAigRAPwKgLwEwPgEAFQmAfgRAXwJgfAIAKhIA/QiAvgTA+AQAVCQA+hEAfQmA8QkAqEgA9CMA+hIA4xMAUJEA6EcA9CUAxicAoCIB0I8A6EsAjE8AQEUCoB8B0JcAGJ8AgIoEQD8CoC8BMD4BABUJgH4EQF8CYHwCACoSAP0IgL4EwPgEAFQkAPoRAH0JgPEJAKhIAPQjAPoSAOMTAFCRAOhHAPQlAMb30b0/Xv9I+c9Zkg5LBAArEgD9CIC+BMD4PvxGAEA1AqAfAdCXABifAICKBEA/AqAvATA+AQAVCYB+BEBfAmB8AgAq+vjbi6tY+7O5+9Pz9OcdyWc//Jm+9q3bwu8+zLr27/+6jQA7hgAAgAUJAABYkAAAgAUJAABYkAAAgAUJAABYkAAAgAUJAABYkAAAgAUJAABYkAAAgAUJAABYkAAAgAUJAABYkAAAgAUJAABY0L//++z16Tk/Z5ekwxIBAABj2T9XHyMdlggAABjL/rn6GOmwRAAAwFj2z9XHSIclAgAAxrJ/rj5GOiwRAAAwlv1z9THSYYkAAICx7J+rj5EOSwQAAIxl/1x9jHRYIgAAYCz75+pjpMMSAQAAY9k/Vx8jHZYIAAAYy/65+hjpsEQAAMBY9s/Vx0iHJQIAAMayf64+RjosEQAAMJb9c/Ux0mGJAACAseyfq4+RDksEAACMZf9cfYx0WCIAAGAs++fqY6TDEgEAAGPZP1cfIx2WCAAAGMv+ufoY6bBEAADAWPbP1cdIhyUCAADGsn+uPkY6LBEAADCWy5evXp+i8/P2+6TDEgEAAGO5eCEAAGA5AgAAFiQAAGBBAgAAFiQAAGBBAgAAFiQAAGBBAgAAFiQAAGBBAgAAFiQAAGBBAgAAFiQAAGBBAgAAFiQAAGBBAgAAFiQAAGBBAgAAFiQAAGBBAgAAFvTk4q/Xp+j8vP0+6bBEAADAWOLcvH++PiQdlggAABiLAACABQkAAFiQAACABQkAAFiQAACABQkAAFiQAACABQkAAFiQAACABQkAAFiQAACABQkAAFiQAACABQkAAFiQAACABQkAAFiQAACABQkAAFhQkwB48frPiD8IABhDnJuvn6uPkQ4BgLmlQwBgbukQAJhbOgQA5pYOAYC5pUMAYG7pEACYWzoEAOaWDgGAuaVDAGBu6RAAmFs6BADmlg4BgJld/ev/A62ZYztUYvs0AAAAAElFTkSuQmCCAzure Data FactoryGE.PEllipsefalseAnyAnyfalseA high-scale ingestion-only service for collecting telemetry data from concurrent sourcesfalseSE.P.TMCore.AzureEventHubCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAGzlJREFUeF7t3SF8XNXWxuErKyuRSCQSeSUSi0QiPoGoiKhAVCAqrkAgKhA1iIqKCgQCUYGoQERURERERERERNTMnV0+fnAP67RJ1p5mr30e8ZhXTU6b2f/MnEz+tdvtAICNCUcAYG7hCADMLRwBgLmFIwAwt3AEAOYWjgDA3MIRAJhbOAIAcwtHAGBu4QgAzC0cAYC5hSMAMLdwBADmFo69nV2+2b04vtw9fHG+++LJ6e7f/zkBAP5fOx+bdlaeXLzZH53xedpTOPZytf8ajp6f7/71f8cAwDV9/dPZrv3wvDxXewrHHl6dXe0+efQ6/MIAgHe79+B4d3x+uAgIx6yLq93u428d/gCQ8dnjk/2xGp+1WeGY9dXTs/ALAQBu5umry/3RGp+3GeGY0V76j74AAODm2s2By7O2h3DM+P7lRfgFAAA39+WPp/vjNT5zM8Ixo925GH0BAMDNtV8TXJ61PYRjxqffnYRfAABwc2UCwN3/ANCPAACADRIAALBBAgAANkgAAMAGCQAA2CABAAAbJAAAYIMEAABskAAAgA0SAACwQQIAADZIAADABgkAANggAQAAGyQAAGCDBAAAbJAAAIANEgAAsEECAAA2SAAAwAYJAADYIAEAABskAABggwQAAGyQAACADRIAALBBAgAANkgAAMAGCQAA2CABAAAbJAAAYIMEAABskAAAgA0SAACwQQIAADZIAADABgkAANggAQAAGyQAAGCDBAAAbJAAAIANEgAAsEECAAA2SAAAwAYJAADYIAEAABskAABggwQAAGyQAACADRIAALBBAgAANkgAAMAGCQAA2CABAAAbJAAKuffgj38wAPLuH8XPtVvRrsHyrO0hHDMEwPGuXYPldQHgdtoBGD3XboUAKEQAAPQjAARAGQIAoB8BIADKEAAA/QgAAVCGAADoRwAIgDIEAEA/AkAAlCEAAPoRAAKgDAEA0I8AEABlCACAfgSAAChDAAD0IwAEQBkCAKAfASAAyhAAAP0IAAFQhgAA6EcACIAyBABAPwJAAJQhAAD6EQACoAwBANCPABAAZQgAgH4EgAAoQwAA9CMABEAZAgCgHwEgAMoQAAD9CAABUIYAAOhHAAiAMgQAQD8CQACUIQAA+hEAAqAMAQDQjwAQAGUIAIB+BIAAKEMAAPQjAARAGQIAoB8BIADKEAAA/QgAAVCGAADoRwAIgDIEAEA/AkAAlCEAAPoRAAKgDAEA0I8AEABlCACAfgSAAChDAAD0IwAEQBkCAKAfASAAyhAAAP0IAAFQhgAA6EcACIAyBABAPwJAAJQhAAD6EQACoAwBANCPACgSAJ9+t+1/qOaTRwIAoJcvnpyGz7VbUSYAvv7pLPwCtuTLH0/3lyK+PgDczKOfz8Pn2q1o5+rymvQQjhnfv7wIv4Ataf9Zl9cFgNt5cXwZPtduRTtXl9ekh3DMeHV2FX4BW/LL66v9pYivDwA3c3b5ZnfvQfx8uwUvTw5zpoRj1ldPt/s2wOc/ePkfoLeHL7b5NsAh31IOx6yLfax89HB7vw3QCvXk4s3+EsTXBYDb29pvA7RztL36sbwOvYRjD+0liy1FwP2j492z3y/3X3p8PQDIaYfhViKgnZ+Hfjs5HHtprwRs4e2A9rL/ISutp6v9w2z/qdqNiu0lta1qsdbuV1leH2B87ft35s+caedmOz///jUfQjj21p5on7663B09P39bbzP45tnZ7slvFwe7OaO39lh9SFOsfW7Doe6yBQ7jzx9m2nNbi/r2g1j0XF1FOx/bOfkhfzAJR+bRXplo3xjRwcf/ah9i5Tc4gK0IR+bQCtknM95clVd1ADLCkTm0l8WiA453a2+VtHj6+7UEmE04Ut/x+bY/OCOr3eOxvKYAMwlH6nv8q49kzvAXHYHZhSP1+aNMeR/i13AA7ko4Up+b//LaHyBZXleAWYQj9fmd/7z2+8XL6wowi3CkPgGQJwCAmYUj9QmAPAEAzCwcqU8A5AkAYGbhSH0CIE8AADMLR+oTAHkCAJhZOFKfAMgTAMDMwpH6BECeAABmFo7UJwDyBAAws3CkPgGQJwCAmYUj9QmAPAEAzCwcqU8A5AkAYGbhSH0CIE8AADMLR+oTAHkCAJhZOFKfAMgTAMDMwpH6BECeAABmFo7UJwDyBAAws3CkPgGQJwCAmYUj9QmAPAEAzCwcqU8A5AkAYGbhSH0CIE8AADMLR+oTAHkCAJhZOFKfAMgTAMDMwpH6BECeAABmFo7UJwDyBAAws3CkPgGQJwCAmYUj9QmAPAEAzCwcqU8A5AkAYGbhSH0CIE8AADMLR+oTAHkCAJhZOFKfAMgTAMDMwpH6BECeAABmFo7UJwDyBAAws3CkPgGQJwCAmYUj9QmAPAEAzCwcqU8A5AkAYGbhSH0CIE8AADMLR+oTAHkCAJhZOFKfAMgTAMDMwpH6BECeAABmFo7UJwDyBAAws3CkPgGQJwCAmYUj9QmAPAEAzCwcqU8A5I0aAC9PrnZHz893//7Pye7+UfzYt+STR693Xzw53T36+Xx3cbW/QsE1A/4pHKlPAOSNFgBXb3ZvD/7osfKHjx6+3r04vtxfrvgaAn8JR+oTAHkjBUA7/NtPutHj5J8evjjfX7b4WgJ/CEfqEwB5IwXA1z+dhY+Rde2tkuV1BP4SjtQnAPJGCYBfXl+Fj493a6+YtFdO/n4tgb+EI/UJgLxRAuDLH0/Dx8f7uR8A1oUj9bU7xKMnRK6v/eS9vK53wXv/t9d+M2B5PYE/hCP1ffPMe8ZZI/xKWXsJO3psXE979WR5TYE/hCP1tZevoydErqe9hbK8pneh3cgWPT6up70StrymwB/CkfrOLt/4kJiE9vv2y2t6F9wAmCMAYF04MgevAtxO++l/lLvHBUCOAIB14cg8Pv/BHeQ3NcrNf40AyBEAsC4cmYePj72+drf9aB8eIwByBACsC0fm0w629mqAzwf4p3ZItI+OHfFDYwRAjgCAdeHI3NpB1w6WrTs+f3vih9doFO1xRgcb1yMAYF04AmMQADkCANaFIzAGAZAjAGBdOAJjEAA5AgDWhSMwBgGQIwBgXTgCYxAAOQIA1oUjMAYBkCMAYF04AmMQADkCANaFIzAGAZAjAGBdOAJjEAA5AgDWhSMwBgGQIwBgXTgCYxAAOQIA1oUjMAYBkCMAYF04AmMQADkCANaFIzAGAZAjAGBdOAJjEAA5AgDWhSMwBgGQIwBgXTgCYxAAOQIA1oUjMAYBkCMAYF04AmMQADkCANaFIzAGAZAjAGBdOAJjEAA5AgDWhSMwBgGQIwBgXTgCYxAAOQIA1oUjMAYBkCMAYF04AmMQADkCANaFIzAGAZAjAGBdOAJjEAA5AgDWhSMwBgGQIwBgXTgCYxAAOQIA1oUjMAYBkCMAYF04AmMQADkCANaFIzAGAZAjAGBdODK3k4s3u3awbNmrs6v9pYivz0jaY40ONq6nQgCcXfp+fHlS4/txNuHIfNo32Oc/nO7uPYifKLfqs8cnu0c/n+8vUXzd7lp7coweN9czagAcn7/ZffHkdHf/KH7cW/Xpdye7o+fnu6s3+6sUXDf6Ckfm0b6R2jdU9M3GX1oItCfl5fW7awIgZ8QAaMEpxN/tk0evvSrwAYQj82hPgNE3GP/UnpTb2yPLa3iXBEDOaAHw1dOz8HESEwGHFY7M4fuXF+E3FetGOzAEQM5I/54vji/Dx8i69kqAtwMOJxypr91Y5GXG22nhtLyed0UA5IwSAO0Q++jh6/Ax8m7tLczl9aSPcKQ+P/3fXrs5a3k974oAyBklAPz0f3vtxsDl9aSPcKS+b555r/G22k9qy+t5VwRAzigB8PhXQZ7hbYDDCEfqa3e1R99IXM/F23uP4mv7IbXHET0+rmeUV3O+/PE0fHxcT5XP7agmHKnv42+935gx0m8D+Le8vYcvxnj/uL0SET0+rqe9Era8puSFI/U5NHJGCoD2U2z0GHm/Z79f7i9hfF0/JAGQIwAOIxypTwDkjBQAT37z/vFttHs52m/DLK/nXRAAOQLgMMKR+gRAzmgfCNQ+xjl6nKx7+mqMn/4bAZAjAA4jHKlPAOSMFgA+1+Fm2k13y2t4lwRAjgA4jHCkPgGQM1oANC0CvBLwbi2SRvzjTgIgRwAcRjhSnwDIGTEA/tTuCWgHir8k95f2kbHtZskR/6BTIwByBMBhhCP1CYCckQPg79rjbE+OW1bhQ2IEQE77d15eU/LCkfoEQE6VAKAGAZAjAA4jHKlPAOQIAHoSADkC4DDCkfoEQI4AoCcBkCMADiMcqU8A5AgAehIAOQLgMMKR+gRAjgCgJwGQIwAOIxypTwDkCAB6EgA5AuAwwpH6BECOAKAnAZAjAA4jHKlPAOQIAHoSADkC4DDCkfoEQI4AoCcBkCMADiMcqU8A5AgAehIAOQLgMMKR+gRAjgCgJwGQIwAOIxypTwDkCAB6EgA5AuAwwpH6BECOAKAnAZAjAA4jHKlPAOQIAHoSADkC4DDCkfoEQI4AoCcBkCMADiMcqU8A5AgAehIAOQLgMMKR+gRAjgCgJwGQIwAOIxypTwDkCAB6EgA5AuAwwpH6BECOAKAnAZAjAA4jHKlPAOQIAHoSADkC4DDCkfoEQI4AoCcBkCMADiMcqU8A5AgAehIAOQLgMMKR+gRAjgCgJwGQIwAOIxypTwDkCAB6EgA5AuAwwpH6BECOAKAnAZAjAA4jHKlPAOQIAHoSADkC4DDCkfoEQI4AoCcBkCMADiMcqU8A5AgAehIAOQLgMMKR+gRAjgCgJwGQIwAOIxypTwDkCAB6EgA5AuAwwpH6BECOAKAnAZAjAA4jHKlPAOQIAHoSADkC4DDCkfoEQE6VAHh1dvX2yXHLzi7H/7cSADnt33l5TckLR+oTADkjB8Cjn893nz12oPzd/aPj3ec/nO5enox5UAiAHAFwGOFIfQIgZ8QAOD5/4+C/hqPn57urt/988XW8CwIgRwAcRjhSnwDIGS0A2uF/70H8WPmn9mrA8hreJQGQIwAOIxypTwDkjBYAfvK/uSe/XewvXXw9PzQBkCMADiMcqU8A5IwUAI9/vQgfI+/W7gsY5QZBAZAjAA4jHKlPAOSMFADt5ezoMfJ+T19d7i9hfF0/JAGQIwAOIxyp74snDo2MkW4i++ihmLutdkPg8nrehW+enYWPj+tp98Asryl54Uh97Ykv+kbi/T797mR/CePr+qG1l7Cjx8j1jHIz4PcvvY1zW+2tnOX1pI9wpL5nv1+G30y835c/jnMHeXvpM3qMXE976X15Te9C+8Cm6PHxfu0G2OX1pI9wpL72EvYnj7x0fBsjfZiMAMgZJQAa9wHczij3ccwoHJlDO8iibyjWjfKe8Z8EQM5IAdBuLPVZDjcz0qtxMwpH5vHwhXsBrqu91DjaJ8gJgJyRAqBpn00QPU7+qb2CWeHvPFQWjszlxfHlzp3k69pPZe3z9ZfXbQQCIGe0AGjaK3Pennu3ET/OeUbhyHwurnZvD7mvnp75PPm99jkJ7Vcl2yskI/+KkQDIGTEAmna4tQ94+vqns7ePMXrsW9J+QGm/sdG+H0f9g04zCkdgDAIgZ9QAgBGEIzAGAZAjAGBdOAJjEAA5AgDWhSMwBgGQIwBgXTgCYxAAOQIA1oUjMAYBkCMAYF04AmMQADkCANaFIzAGAZAjAGBdOAJjEAA5AgDWhSMwBgGQIwBgXTgCYxAAOQIA1oUjMAYBkCMAYF04AmMQADkCANaFIzAGAZAjAGBdOAJjEAA5AgDWhSMwBgGQIwBgXTgCYxAAOQIA1oUjMAYBkCMAYF04AmMQADkCANaFIzAGAZAjAGBdOAJjEAA5AgDWhSMwBgGQIwBgXTgCYxAAOQIA1oUjMAYBkCMAYF04AmMQADkCANaFIzAGAZAjAGBdOAJjEAA5AgDWhSMwBgGQIwBgXTgCYxAAOQIA1oUjMAYBkCMAYF04AmMQADkCANaFIzAGAZAjAGBdOAJjEAA5AgDWhSPzenlytXvy28Xu4YvzTXv868WuHa5Xb/ZXJbhOoxAAOQIA1oUj83n08/nu3oP4SXLrPv/hdHd2+bYEwmt3lwRAjgCAdeHIPI7P3+w+e3wSPjnyl/tHx29fGVlev7smAHIEAKwLR+bQXt7++NvX4RMjsXbgLq/jXRIAOQIA1oUjc/j6p7PwSZF1LZhGui9AAOQIAFgXjtT36szBcVtHz8/3lzC+rh+aAMgRALAuHKmv3eUePSHyfiMdGgIgRwDAunCkvq+eevn/ttoNgcvreVfar21Gj5HrEQCwLhyp79Pv3PmfMcqvBbb7EaLHx/V8+ePp/jLG1xa2Lhypz93/OScX43wugJi7vfZW2PJ6An8IR+oTADkjBUD7KTZ6jLzfi+PL/SWMrytsXThSnwDIGSkA3AdwO+2Vk9E/6hnuUjhSnwDIGSkAmvaridHjJNY+9rr9KuzyOgJ/CUfqEwA5owVA+0nWvQDX571/eL9wpD4BkDNaAPzJH3V6t08evd61t0yW1w34p3CkPgGQM2oANO0PPLU/afzFk1N/62Gv/bGr9rHX7ad+7/nD9YUj9TkYckYOAIAewpH6BECOAABmF47UJwByBAAwu3CkPgGQIwCA2YUj9QmAHAEAzC4cqU8A5AgAYHbhSH0CIEcAALMLR+oTADkCAJhdOFKfAMgRAMDswpH6BECOAABmF47UJwByBAAwu3CkPgGQIwCA2YUj9QmAHAEAzC4cqU8A5AgAYHbhSH0CIEcAALMLR+oTADkCAJhdOFKfAMgRAMDswpH6BECOAABmF47UJwByBAAwu3CkPgGQIwCA2YUj9QmAHAEAzC4cqU8A5AgAYHbhSH0CIEcAALMLR+oTADkCAJhdOFKfAMgRAMDswpH6BECOAABmF47UJwByBAAwu3CkPgGQIwCA2YUj9QmAHAEAzC4cqU8A5AgAYHbhSH0CIEcAALMLR+oTADkCAJhdOFKfAMgRAMDswpH6BECOAABmF47UJwByBAAwu3CkPgGQIwCA2YUj9QmAHAEAzC4cqU8A5AgAYHbhSH0CIEcAALMLR+r75JEAyBAAwOzCkfq+/PE0PNh4v3sPjveXML6uALMIR+p79PN5eLjxfp89Ptlfwvi6AswiHKnvl9dX4eHG+33909n+EsbXFWAW4cgcPv/B2wA3df/oeHd26f1/YH7hyBzaQdYOtOigI/bkt4v9pYuvJ8BMwpF5PPv9UgRc09Hz8/0li68jwGzCkbm0VwK8HbCu/crky5Or/aWKrx/AjMKRObVDrr3E3X7S/fd/Tjbtq6dnu8e/XuzazZJXb9/yj68ZwKzCEQCYWzgewvcvL3btw2k+/e4kfBm2kvYxu+2nyPaTdHuPffm1AsDowrGn9v5zOyyjg3QW7et7deY9ZIAP6fj8zdu38tpbeu0DvKLn5wrafUjtHHn44vzt27Qf6qPIw7GX9o/z0cPtfCZ9+4+4vAYA9NXu22mvwEbPwzNoH0fePs11+XX3Fo69zPBy/025mxzgcNoPllv5Y2ftVY1DfjBZOPbQ3vOPvqDZtfsD3FUOcBiVX+q/jXbv3PIa9BKOPWzppf+lp6/cGAjQ21Z/sDzUmRKOWe0lmuiL2AqfKAfQ31Y/1bT9QL28Fj2EY1b71bjoi9iK9ql7y2sCwO21O+Oj59uteHHc/1WAcMza+t+ib/cBLK8JALe39R8s2686Lq9JVjhmtQcafQFbIQAA+tr6D5btVwOX1yQrHLMEgAAA6Kl9SE70fLsly2uSFY5ZAkAAAPQkAARACQIAoC8BIABKEAAAfQkAAVCCAADoSwAIgBIEAEBfAkAAlCAAAPoSAAKgBAEA0JcAEAAlCACAvgSAAChBAAD0JQAEQAkCAKAvASAAShAAAH0JAAFQggAA6EsACIASBABAXwJAAJQgAAD6EgACoAQBANCXABAAJQgAgL4EgAAoQQAA9CUABEAJAgCgLwEgAEoQAAB9CQABUIIAAOhLAAiAEgQAQF8CQACUIAAA+hIAAqAEAQDQlwAQACUIAIC+BIAAKEEAAPQlAARACQIAoC8BIABKEAAAfQkAAVCCAADoSwAIgBIEAEBfAkAAlCAAAPoSAAKgBAEA0JcAEAAlCACAvgSAAChBAAD0JQAEQAkCAKAvASAAShAAAH0JAAFQggAA6EsACIASBABAXwJAAJQgAAD6EgACAAA2aXnWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGYJAADoa3nWZoVjlgAAgL6WZ21WOGZ980wAAEAv94+KBMDTV5fhFwAA3NznP5zuj9f4zL2tcMx6dXYVfgEAwM21V9aXZ21WOPbw8bevwy8CALiZX15f7Y/W+Ly9rXDs4eWJVwEAIKvdWL88Y3sIx16Onp+HXwwA8H4fPXy9u3j7w398zmaEY0+Pfj7f3XsQf2EAQKzd+Hd2+WZ/lMbna1Y49nZ8/mb3xZNTIQAA7/Hpdye7J79d7I/P+EztJRwPqcVAu5kBAPhfyzPzkMIRAJhbOAIAcwtHAGBu4QgAzC0cAYC5hSMAMLdwBADmFo4AwNzCEQCYWzgCAHMLRwBgZrt//RfSP7A68db76QAAAABJRU5ErkJggg==Azure Event HubGE.PEllipsefalseAnyAnyfalsefalseSelectAllow any IP inboundAllow only other Logic AppsAllow specific IP rangesNw Level Access Control Config for TriggersVirtualDynamicd488c23c-1667-45a1-994b-f56f2655727bListfalseSelectNoneSpecific IPNw Level Access Control Config for ContentsVirtualDynamic0b0ab9bc-a582-4509-a6c4-8d56de65661eListfalseSelectYesNoTrigger_action has sensitive inputs_outputsVirtualDynamicb1724997-7ae6-4b30-a001-9c5b42d9d1d1ListfalseSelectYesNoHTTP request based TriggerVirtualDynamic5afb52dc-dffb-4319-aa22-523f78ee3845ListA representation of Azure Logic AppsfalseSE.P.TMCore.ALACentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAMAAADDpiTIAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAMAUExURQB51gh92hCB2hiF2iCJ3iiN3jCR3jiV4kCZ4kid4lCh5lml5mGq5mmu6nG26nm66n266oW+7o3G7pXK7p3O8qXS8q7W8rba8r7e9sbi9s7m9tbq+t7u+uby+u72//b6/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANYLBa4AAAAhdFJOU///////////////////////////////////////////AJ/B0CEAAAAJcEhZcwAAXEYAAFxGARSUQ0EAABnSSURBVHhe7Z1rV+o6FEV5KFZRQQXEF/D/f+VFWXLUJrs7adLu3qz55Y5xbpKmdJr3Y3QgRUMBCocCFA4FKBwKUDgUoHAoQOFQgMKhAIVDAQqHAhQOBSgcClA4FKBwKEDhUIDCoQCFQwEKhwIUDgUoHApQOBSgcChA4VCAwqEAhUMBCocCFA4FKBwKUDgUoHAoQOFQgMKhAIVDAQqHAhQOBSgcClA4FKBwKEDhUIDCoQCFQwEKhwIUDgUoHApQOBSgcChA4VCAwqEAhUMBCocCFA4FKBwKUDgUoHAoQOFQgMKhAIVDAQongQC77Xb7uFwuqhMP+GeSgdXnLzxfHnnabl/wj61oI8DLenlXzUZ/uMX/JRlY4kf+5rJaPGzf8D+jiBNgv324rX15QAEy8lcAUC3W7wgRSoQAb4/XeK4TCpCRJ/zIDiY3qw+ECiFUgLe7CzzQBwXIyAo/sofZ8hUB1QQJsF9d4UkCFCAjDQIcuXzaIayOAAF2iwkeIkIBMvKMH1lifBtSDOgFeFR9fgqQlS1+5AZu9ApoBXi+RNqNUICMKAUYjebaXoFSgAXSVUABMvKOH7mZsXJATiXAh6Ltd4YCZEQvwGh0pRog0gjwOkWSKihARkIEGE3WiCWhEOBV2foDFCAn+JGVrBBLoFmAt7DvTwGygh9ZyzOi+WkU4L1p5O8vFCAn+JG1jBsNaBJg75vz8UIBchL65zhp6g42CeCZfhKgADkJFWBUIaKPBgFekEwAFCAnwQKMlojpQRZgH/48CpCVCr+ynrE8LCwL8IhEQqAAOQkXYHSNqG5EAfZBI0CAAuQkQoDRBnGdiALEFAAUICu3+JVDmCGuE0mAqAKAAmQlRgCxCJAEiCoAKEBW7vArB3GFyC4kAdRLAH5BAXISPi7zidAREASIGAP4hALkJE6Ae8R2IAgQVdqMJtwZlJNVxMjMaDTdI3odvwD7wFnAi9vV1v8ckpDX50XIEp0j/pUBfgE2iKviYhW7M4XEsd+EDAn462W/APeIq2CmWXpCUrPVK3CBKHX8Aqjngcf8/H2xVY/UeAtorwA7xGzkIng3EknGu/bP9AkRangF0DYBrmJ2JJJU7G/wHRq4QfgaXgGUTYBLNvz7Rblka4rgNbwCiFvAz4xbHU6Qm+dlVUXNZxyZVNViMwS7NdsFj/i2jHoF0P1winXHfbGeBw5kOBjfGH7Bb3SVgO88GZ8AujbgHKHtsQ1ezOph1ryyumd0m0V8rUCfALqJAKsdgA9dBaajsj7GpRoO8E0H+AQQziL5R9OK074I28vWyGSLdI3SfGrEEd/CMJ8Aqk6AuNaoP9Zj5C8VY28v2gQ7zfv6xgJ9AmhaFt6uRb+skb2U2DZAU+GNEfYvPgE0s03CLHOPvKT++/9kbLoWUNXXnn6gTwDNtLPJLtJ72vr/m8YtVn3yikyKeEZsfAIglojJQSDl0Ggw4tLantkjjyKeMswjwAdiSUwQ1hTKcbEIjLZ4v9AMenjKa48Ab4glIe846YlU4z91ZobHhefIo8Qjwv7BI4DmNKoFwloiaBlTIIZHhTUL+D2bRFsI0LDttBei9k0oMVnindAMBYUJoKlKDfaNQxeyBjG2Wwe0+Hv1CKBRymCRqD5HMQq7S9/6EcDgNFnAeZYR3OEp9tBMCHoWBrcQwODgWM4mgLCsqnf6EcDgOFDM7nk9dseCNCNBYQI8IJaEwcHRuO2sWoxOfn2CHEqECaDZg2hQgBzzQD/AUwyCDEoUIQBylgs8xSDIoAQFaA+eYhBkUIICtAdPMQgyKEEB2oOnGAQZlKAA7cFTDIIMSlCA9uApBkEGJShAe/AUgyCDEsULMPu8c7sRcUEJnmIQZFCieAE8P8AfxNkEhDEIMihBARBGhgKcoAAuEMYgyKAEBUAYGQpwggK4QBiDIIMSFABhZCjACQrgAmEMggxKUACEkaEAJyiAC4QxCDIoQQEQRoYCnKAALhDGIMigBAVAGBkKcIICuEAYgyCDEhQAYWQowAkK4AJhDIIMSlAAhJGhACcogAuEMQgyKEEBEEaGApygAC4QxiDIoAQFQBgZCnCCArhAGIMggxIUAGFkKMAJCuACYQyCDEpQAISRoQAnKIALhDEIMihBARBGhgKcoAAuEMYgyKAEBUAYGQpwggK4QBiDIIMSFABhZCjACQrgAmEMggxKUACEkaEAJyiAC4QxCDIoQQEQRoYCnKAALhDGIMigBAVAGBkKcIICuEAYgyCDEsULMK00iPeO4ikGQQYlihcgAXiKQZBBCQrQHjzFIMigBAVoD55iEGRQggK0B08xCDIoQQHag6cYBBmUoADtwVMMggxKUID24CkGQQYlihAg59XBR/AUgyCDEkUIIB723poLPMUgyKFEEQJcI2t5uMJTDIIcShQhgDiS35o5nmIQ5FCiCAE0N97Gc4+nGAQ5lChCgFdkLQ8Gr0v/BjmUKEKAwwXyloMJnmERZFGiDAHukbcceH5BEyCLEmUIkLMOeMYzLIIsSpQhwOEGmUvPNZ5gEuRRohAB8hUBr3iCSZBHiUIEyNYKuEH6NkEmJUoRYJ9nOPhih/RtglxKlCLA4V1c1xnJ5A2pGwXZlChGgMPLGBlMx9hyD+AT5FOiHAEOr6nLgMkLUjYLMipRkACHjytkMQ0zu2/6DXIqUZIAh/0yXTUwvt8jVcMgrxJFCXAsBO6Qy7bM7f/5H0FmJQoT4NgbeGjfIZwtjbf+v0F+JYoT4MjH0/Iee/5OiErMEAjcLZ8G8cf/BV5BokQBamyRdSeGp/sbwStIUIAjFKAGBThDAX5AAYYFXkGCAhyhADUowBkK8AMKMCzwChIU4AgFqEEBzlCAH1CAYYFXkKAARyhADQpwhgL8gAIMC7yCBAU4QgFqUIAzFOAHFGBY4BUkKMARClCDApyhAD+gAMMCryBBAY5QgBoU4AwF+AEFGBZ4BQkKcIQC1KAAZyjADyjAsMArSFCAIxSgBgU4M2QBFJuhKcCR/60AihNS0wvwgbADggLUaCEAgg6J/60Aip3wFODI/1aACu8g4LntwPMZNTcvIOiQKFmACkH/EC+A4Rt0vLwg706GLMAc7yAQJoDizOUhCvCOvDsZsgDxf7AeARRFiuErlLyIAgzkOCAnijZbmADx3QrT7JB3JwMc1zizxjsIeC48cQsg/lDgAWEHhXCG6BhBBonYuAFuwd0CiK1lsEbYQSFUbTMEGSSav9gNwv7GLcAj4kiYvkDBh3B8pOFbARUojkdeIOhv3AIoehUj2wfoexCuk7hDkGGiOB3ZfeeNW4BLxBGYIuigEE+SH3I3UCravnG3Ap0CvCGKhGdcwTQ7sXMzHeDs1hlNpe089N4pwAIxJJYIOyQahreG6PQ3mr9ZZyXnFEBz/+YAC8zG0RJ3M2kYKL7Z1HXuvUsATadyPIBD9P+guE/sdnhv9Y1m+s7VEXQJoLl8cXDF5V51pWQ1yL7NJ4qxQOfVdw4BnhFcZGhNgA/l5QEDuB7GjWYoyFUE1AXYa1oAQ2sCbNT3SE0HOcJ5RGO4oxVQF0CzGGhgc8GvisnNf1wNcoxT1REc3SPwP2oCrBBU5hGhh0D49UF3QxwR2E+Qe5EVQp/5K4Du+4+H8wu9L1Q/zG8mywE2BXS3Jv814I8Auu8/mLUA+1VQ4f+TajW0LuEHct7AHwN+CbDTXr09jFpyexvxx/+Pye3AWrqqju6xHfCrq/tTgEft72V/6vx1dZfk9tCr+/VwKoNXZLqJyc8W3FmAl4Wq+/eF6at03zeLKun10ZPr5XYY1YFmFv+Li8X5E44Ou+12vbwNuW/Z7Mz57nl53arU93N5+2T+BunDR8DLT+bL1Xb7cRQA/6DH5rTp9mGuL8IiqRYb2xXCEzKqJ0aAWleyb16ebtvfEqtlevNguEII7vRECGBqGuhtfR/d0WvB7O7JZkfoLbT1Ey7ApZX5so/NMm1jL5BxtdzYqww3yJ2WYAEubFSC7w/ZK3wVF/MHY4MFyqG8b0IFmFjYP7VfXSM7Nri6WxnaVqaazDsTKMDEQM33cpeqpzdNWINM78w4EDT3FSbAZf8vuVasWFdS7V6T1iOzJyPNowdkSEOQAP2vmHtO2N37nBrXrhPSMndvv+qarX5YL0CAce/9/5eEPT68zV49eqpk+mhhkOBDPRGiF6Dqu/h/U052qZiex3XD2kwKpk9IuVeWyoaSVoCq787OXjtTreL2R239HDINouLCQkXwca9q4uoE6P3zH95SVtaXz0j1xE6zpD6M2e8n9MO76qQvjQCTZd/12iphh228qL1N+kJgVPU/SLh/VLyWsgqY9roIdJ/yT9TZltlpdkOGMem5HlB9/oBG4EV/y+Vf03X9R9e+yixlDwPc91lu6j5/gADHPm5PwxwJi/9baSBzm1yBWW8dpxzdwL7GAQMnN/yM75rmsZIr0NfQybN+sDxEgF7eJ9X3v1lpCrDkCvSyei6kQRMkQA9bQtN8f93X/yL1PHP3Oyj2QVOlgQJ0vSUswfe/vNV//RPpphs/6dyAsKnyUAG6PR2w7fe/uo9bs7PfLNLVBR0bENhlDhZg3OEYV+jypp+Mq7aL+V9TLTXt1IDQqY1gATpcE/QeWxJP54+J1vDvt8vr9qOEHRoQvC48XIDOVgXvo/Z2Xd6tUq9afF+3rRDqu/Iz8RE8ZhIhQFf7AsKn/64Wm2yDVS9Pty0GJLsaFg6fMT8KsLytqqBirpudQZrzqv/xuX8PEfOxO1YIcdXSpJu11KrTnc5Mqmq+PArwxW4dsDuwi2OVP/TZuZh3uUvjPWorylUX8wK6052+mMxX+DP+sT18q650O+gJKAuz8W0v27dfHueBFUIXzQD1CODPFSu/DohYKf/sXOfNpUW31b3XUzwCtyLnbwbslV9v/PDzV/slgHpxTPYiV1EAjO8NbFJ6W2uHDSfZW06aoyKPzH5n5LcA2oGk3AVacwEwvu+kKaphM1d1vrJXArqmyexPR+mvADoDcp8S1lgA3Jr5/J/sNMsvcv9mmvPC69+/LoCu+ZV3UqipALg0d1iHZgFW5iJANW4yrQ2U1AVQnTOS96TQBgfrqzoNsH9oqggyFwGqJmC9KVoXQDcHl3NGQC4AxlYP8/1omojNWgSo+k2O7ptDAFVrImcdIM5oTQyf1bSSC8+sRYDmqGBXBlwCaEZhcw4FSANSUwN9Pz8N241zLqjSNN1cz3cJoKlOMt4YIh15OrZ5NM+Zd3EJQc7rljUtN1e97RRAM6aYb+5FaoNY2HIlshMNyFcHaJoAlwj7C6cAmi5lvuJMKMwGcE/Jh1QL5JtJ1zQBnL+eUwDNxZHueygTsPd3p5zXXlnjVegO5ms5aZoAzp6bWwDFcGC2m0OFJugwbnMRxuTztZwUyxfdX8wtgKZAyfUu/mc76zCDCB8jWxtGMR3hLn7cAmhuDszVHvcPaQ6gBfCF0CDLNRakuSwi5PbwPeJI5CqP/eNpvexNjMFfIedqOWn+Yt0rEtwCaKqUBwRNjbcVPZQaQGoF5JpD0Qzfu4fQPAIoRoNzrQz0CpB/HVIqhI5MppaTYuTGfXu8TwBFNyDXsJZ3SMvsPRV1/HVAppFsxWl3nsInXoBcpRmSr5OrzsmA/w8yU9NZUWKHCaBYXdC5AD2dthCDf4dWphF0hQCeHV0eARR7DD11SmuQfJ0BCeDf1vo/EsATszVIvc6ABPCPZmYSQLElxNMDpQA5sCiAZ49yCwEyzW0i9ToUwE8vAmTq0SD1OhTAj2I5CAXokM4FQOoSFKBDKEALkHodCuAHqUtQgA6hAC1A6nUogB+kLkEBOoQCtACp16EAfpC6BAXoEArQAqRehwL4QeoSFKBDKEALkHodCuAHqUuYFeB1s1xeV/9A6nUuEeDI/fKp5VHQeaEASoLOp/zL9WOmMqg9FECH9morL3d5T10J4GW9XKJ4OuJfVT9DiE8Wy1UqH5C6hD0BnhWT2E2Me7/T8sh+c6vZne9kPF+nOOAaqUmYEyDRZcCz3uuBtuVYiotZkZSEMQF2mv3MKv5dBN4LmwTlWPsLx5GQhC0B5IM0wujyFpsad8hES25aFgJIRsKWAGFXWzXQ0Wn8DnaK5dg6WtZkSEXClACJ6v9vLrNdFCIjHgcTSLu7mJCIhCUB2lwH5qSLKyzqxN1q5KOVxUhDwpIACRsAoJfT4xQ7MkNoc3YAkpAwJIDmAJpA+tg6HnxFWxMtTl9FChJ2BNDebBFE90VA+tdocacEUpCwI0DY3VZKPK+XkQzlWPwJQkhAwo4AuktJAsl2ap2P8Dsam4k/TRoJSNgRIEcNkG2azUvyFsAn0WdgIL6EGQE0B1pF4D4ELR9Jh7K+iT52B/ElzAigvNwqlI6HAnYZaoAjsXUAokuYEeAB0RPT1Z3WIPlY1onYZW+ILmFGgMTDwN/kOrLIQyaNYysyRJcwI0Di8bMzSL4jMmns+UqNILqEGQGSTaD9Acl3RLLlDL+JrcgQXYICJCXpPNA/Yo/DRXQJCpCUhBPBP4ltySC6BAVICgWgADmgAPEg+Y6gABQgBxQgHiTfERSAAuSAAsSD5DuCAlCAHFCAeJB8R1AACpADChAPku8ICkABckAB4kHyHUEBKEAOKEA8SL4jKAAFyAEFiAfJdwQFoAA5oADxIPmOoAAUIAcUIB4k3xEUgALkgALEg+Q7ggJQgBxQgHiQfEdQAAqQAwoQD5LvCApAAXJAAeJB8h1BAShADihAPEi+IygABcgBBYgHyXcEBaAAOaAA8SD5jqAAFCAHFCAeJN8RFIAC5IACxIPkO4ICUIAcUIB4kHxHUAAKkAMKEA+S7wgKEC1AlrtWjiD5jqAA0QIkum/7Lx1fG0YBogXQJB1B9H1LcVzisYkpQYAVoiem48tjM1VksRojuoQZAbaInpg7JN8RWW6/jL/7DNElzAiwz3Ph2gbJd0Smiiz28lhElzAjQJ7rdsZ7pN4RmSqy2KtDEV3CjgBZfruu749/x3MTE3sJOqJL2BEgy6WbHdcAh8MMD05KbCdgWALkuHNvhqS7I0sjILoli/gShgTYp78/vPMC4PCKJycl+gp0xJcwJMDhESkk4xoJd0mGtmz8ayABCUsCpB5GmbTISjSv6ZsysU3A4QmwSzuSGl1ytiJ5U6ZFTwYpSJgS4PA2QSIpeESiHZPY4tHFBxKOAElI2BLg8JpuOq2n75/Y4tH4BcnGgDQkjAlw2CW6fnnyjAR74Bl5SMIKiUaBNCSsCXDYL5BOK6o3JNcLm3QNwSckGQcSkTAnwOHw3ronddl9//83qWqySct2LJKRMCjA4fBy12ZM6KZVqZmGXZLhgKrtb4l0JEwKcOR1eVMF/xlNqmqx7nj+z8e2dWMmQTmGlCSsCvA/YHPTpilwnaIcQ1oSFCAj+81tFVEQzKr5eock2oEEJSjA/xl8Eon0AvQzAEtc4JNIhAmgWbVDAeyATyLhWW7YQoA1wpLe0SxQWyLsH1oIYKAXTk70I0DsClaSHM1eizAB1ogl4UmRdE96ATQpxm5iIMlpUWO3EKBCWNI7mkWWnmlzjwAviCUxQVjSO5oZKc96E48Aqo0vHAq0gmY2zfO1PAJoRhZ6WIxPnKj+XBH2L75/18zTsxtghA0+iITvBBWfAJqtb2wFGkFz6o5v85xPANXWjRbrmEk6VCcu+I6e8AmgOsqp3UJGkgjVTjvfuK1PAFWirANMoNqg4mux+wTQLXlnHWAATRNwNPItn/cJ8IF4Mh2fzEQc7FRLascIXcMnwEG37Sl+PytJhG5duvcEDa8AujWObAX0jfKsBe/MnVcA5ebn3nZmki/WyhXp3lFbrwC6psWxGWBkf0aZqM8o8K4+9wqwQ8xGrtgV6Av9vjT/IVpeAfTnoE0fWQj0wf5Rv7HSv3jHL0DACShUoHt2y5DjKfyHKPgFCDv9oFpym0Bn7J8XYRvRhMsU/AKEn+ZXVdXNkosEcrJZ3lQRuxAXiO7AL0DkKVieHUgkCZGn1AvHqAgCvCF2GH2c2VgOcQJI11AIAigHA//AscGcxAkgVcuSANqxoF9QgJxECSCepC0JEHUkevfndpdElABiu1wUIKYIiD7yniiIEUD+kxQFiCkCKEBOYgSQO+ayABFFQMcXOBZGhAANF5HJAsQ8EDFJDsK/x7ThFKqG77UPPwkTMUkOwgVoOkq56Xu9BB+Bh4gkB8ECNO7hb/xeD0hJDbeMZiRUgOaB+eY/WM2JcT+hABkJFEBxE62ixA68750CZCRMgGvFMg1NlR32VK4Uz0jQp1Cd4aNqs61CFp9wYUhGAgSY6FZmqAQ4fATc80YBMqIXYKa8SkUnwOHwpF4f1OMdPv9/tAJM1Ru3tQIc9o/KeoAHiGZEJ8B4oT+EXi3A5zpUVSlAATKiEWCyCNmpESDAkc0cDxGgABlpFuDyKWyJfpgAx+bgY9NCMR4dlZEGAaZ3wU3wUAGO7NZzqTlAATIiCXBxHzMEEyHAJy9Pt77FIhQgIz4Bqvt15AhspACf7LcPi6p+Pg3PkM5IXYDLavnU6tZh/Deet+1qubz/t1+FO0My8i3AVVXdLZdP2/YX57YXgAwaClA4FKBwKEDhUIDCoQCFQwEKhwIUDgUoHApQOBSgcChA4VCAwqEAhUMBCocCFA4FKBwKUDgUoHAoQOFQgMKhAIVDAQqHAhQOBSgcClA4FKBwKEDhUIDCoQCFQwEKhwIUDgUoHApQOBSgcChA4VCAwqEAhUMBCocCFA4FKBwKUDgUoHAoQOFQgMKhAIVDAQqHAhQOBSgcClA4FKBwKEDhUIDCoQCFQwEKhwIUDgUoHApQNIfDf3vWx7ZNgTrkAAAAAElFTkSuQmCCAzure Logic AppsGE.PEllipsefalseAnyAnyfalseA representation of Azure Machine Learning ServicefalseSE.P.TMCore.AzureMLCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAI6xJREFUeF7t3SF0HUe2LuCBAwMvDAwcGBhoODQwMDAwwCAgIMBggEGAwQCTAEMDA0ODAIMAAwMBAQMDA4OAIX7azjovSue3dCSdc3pX1we+9db977uK3Oqu3t1du+ofHz58AAAmE0M4tVdv//fh+dnvHx69fP/h/rO3H3318/lHn/909uEf37+CYfzfj6////n73dM/zucHL959PMdfnP9+ccrn6wBOKYZwCjUQ1uDoBs9sqkD49snbD09evb+4FPL1AccWQziWGvC++eXNxwEwDYwwm3/ef/3h68dvPr79+v1/F1dJuG7gGGIIh1Y3/i8eeNKHq1Rh/PDXdxeXTL6O4JBiCIdSr/nrO2ga7ICsPov5PMCxxRDu6uzd/z78+79v4uAG7OfLh+cfJw4ury84hBjCXdS3zPqumQY04OZqsuzyOoO7iiHc1vfP3v5t8ALurt6ovfv4MiBfe3BTMYSbqtnLXvnDcf3rP2cf6vPa8vqD24gh3EQNSDUwpQELOKzPfnhtMSEOIoawr7r5W8gHTqvm2Dx9rUuAu4kh7KNe+3vyh3XUm4BaQnt5XcK+Ygj78M0f1lVv30wM5LZiCNcx2x96qIW2ltcn7COGcJVaqjQNRMA6rBPAbcQQPuXlm98t8gMNWTqYm4ohfIrv/tBTbSRkN0FuIoaQ1JrkaeABenjwwk6C7C+GkGj5g968BeAmYghL9X0xDThALyYEsq8YwmX1RPHFA0//MIKapPvmvQWCuF4M4bLHv3n6h5HUOh3L6xiWYgiXff3YzH8YSb2xW17HsBRD2KnX/7XmeBpkgL7sE8B1Ygg7teNYGlyA3n58riWQq8UQdr59Ys1/GNGXD+0RwNViCDvVV5wGF6A/3QBcJYZQat3/NKgAY3j00v4AfFoMoWj/g7Hd1w7IFWIIpdYVT4MKMIZvfnlzcSnn6xtiCKUWE0mDCjCGe49MBOTTYgilnh7SoAKMoTbwWl7XsBNDKF/9fB4HFWAM1cWzvK5hJ4ZQbAAE41te17ATQyif/6QAgNGdvbMWAFkMoXgDAOOr/TwuX9ewE0Mo5gDA2Gojr+V1DTsxhKILAMZmW2CuEkMo1gGAsdVbvOV1DTsxhGIlQBiblQC5Sgyh2AsAxlZv8ZbXNezEEMqLc7sBwsjqLd7yuoadGMJOzSJOAwvQnzUAuEoMYUcnAIzJPgBcJ4aw8+SVeQAwovu+/3ONGMJOrSL2z/s+A8BoXr75/eISztc1lBjCZbWneBpggJ5qH4/ldQxLMYTLHr30GQBG8u0Tr/+5XgzhsvoMUPuKp4EG6KU+2b16a/Y/14shLFkVEMbw3VNP/+wnhrBUbwGqrSgNOEAP9fT/5r2nf/YTQ0i0BEJvPz638h/7iyF8ircA0FPN06k3dZevV7hKDOFTqrc4DT7Auh7+6umfm4khXKVeM6YBCFjH149t+8vNxRCuUwNOGoiA0/ry4blX/9xKDOE6NeDUwJMGJOA06ru/Wf/cVgxhHzXw1JKjaWACjqta/l6cW++f24sh7KsmBdosCE7v8W/vLy7BfF3CPmIIN1FFgDcBcBpVcLv5cwgxhJt697s5AXBsVWjb5pdDiSHcRk0MrF3I0sAF3E0V2FVoX77m4C5iCHdh4yA4rCqstfpxaDGEu6rXlF/97JMA3MUXD84+1B4cy+sLDiGGcChPX7+3iyDcUPX3P3rpxs9xxRAOrQazGtTSYAf84bMfXn/c0c/rfk4hhnAMNahVIVDLCFs7AP5079H5x818TPLjlGIIp1DfNr/55Y03A0ynCuAqhKsgdtNnLTGEU6slTWu+wP1nbz+qwbEmEVpbgFHVBL46h+vpfnde1wI+z8/08dNDDKErnQV0VYv0LM9X6CyG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQlQKArhQAjCaG0JUCgK4UAIwmhtCVAoCuFACMJobQ1RcPzuLgC2v75/3XH968/9/FaZrPXegmhtDRgxfv4sALXXz75O3FqZrPX+gmhtDNu98/fPi/H1/HQRc6efnm4mQN5zB0E0Po5runb+NgC93UPJXl+QsdxRA6qSeq+r6aBlvo6Mmr9xenbj6foYsYQif//u+bOMhCV/W56veP8wHzOQ0dxBC6qCepNMBCdz8+f3dxCufzGjqIIXRQT1Da/hiVtkC6iyF0oO2P0X39+M3FqZzPb1hbDGFt9eT02Q8m/jE+bYF0FUNYWy2okgZTGM2//mOJYHqKIaypnpjSQAqjevRSWyD9xBDWZMMftkZbIB3FENai7Y+t+v6ZfQLoJYawhnpCst4/W1VtgWfvtAXSRwxhDbVwSho4YStqVcvleQ9riSGcWrX9We+fGTw/0xZIDzGEU6sFU9JgCVujLZAuYginpO2P2dQql8vrAE4thnBK9USUBknYqprs+u7jl4B8TcApxBBOpRZISQMkbN13T7UFsq4Ywilo+2NmNenVPgGsKYZwCrUwShoYYRbaAllTDOHYakEUbX/w6kOtfrm8PuAUYgjHVk8+aTCE2Xzx4Mw+AawihnBMT1+b+AeXaQtkDTGEY9L2B3/12Q+vP9RqmMtrBY4phnAs9aSTBkCY3bdPtAVyWjGEY6gnHG1/8GnaAjmlGMIx1MInadAD/vDVz+cXl0q+fuDQYgiHVk822v7getoCOZUYwqHde3QeBzvgr+ozmbZATiGGcEj1RJMGOiD78bm2QI4vhnAo9SRTC52kQQ7I6nOZtkCOLYZwKNr+4Ha+fmyfAI4rhnAI9QRj4h/cnrZAjimGcAi1sEka1ID91KqZy+sKDiWGcFf15JIGNOBmHr3UFshxxBDu6suH2v7gELQFciwxhLvQ9geH9f0z+wRweDGE26onFev9w2HVZNqzd9oCOawYwm3dv3hSSQMYcDf//q+2QA4rhnAb2v7guJ6faQvkcGIIt1ELl6RBCzgMbYEcUgzhpl6ca/uDU6jVNZfXH9xGDOGm6skkDVbAYdUkW/sEcAgxhJuohUrSQAUcx3dPtQVydzGEfWn7g9Orybb2CeCuYgj7qieRNEABx3Xv0fnFJZivS9hHDGEftTCJtj9YT626ubwuYV8xhH3UwiRpUAJO44sHZ/YJ4NZiCNd5+trEP+hAWyC3FUO4jrY/6KE+w2kL5DZiCFepJ440EAHr+PaJtkBuLobwKfWkoe0P+tEWyE3FED5F2x/09OVDbYHcTAwhqScMbX/Ql7ZAbiKGkNTCI2nQAXqoz3PaAtlXDGGpnizSgAP0cv+ZCYHsJ4ZwWT1R1IIjabABetEWyL5iCJdp+4OxfP34zcWlm69n2Ikh7NSThIl/MJ4X59oCuVoMYacWGEmDC9Bbrda5vJ7hshhCqba/NLAAY3j0UlsgnxZDKLWwSBpUgDFoC+QqMQRtf7ANtXrn8vqGEkPmVk8M1vuHbahJvGfvtAXydzFkbrWQSBpIgDH9+7/aAvm7GDIvbX+wTU9fmxDIX8WQedWTQho8gLFpC2QphsypFg5JAwewDbWq5/K6Z14xZE71hJAGDWAbanKvfQLYiSHzefir9f5hBtoC2Ykhc9H2B/OoSb61yudyHGA+MWQu9USQBgpgm+49Or+49PN4wDxiyDxevdX2BzOq1T6X4wFziSHz0PYHc/riwZl9AiYXQ+ZQC4OkgQGYg7bAucWQ7avKX9sfzK0+/2kLnFcM2b6q/NOAAMzl2yfaAmcVQ7atKn5tf8COtsA5xZBt0/YHXPblQ22BM4oh21WVfhoAgLlpC5xPDNmuWgAkXfzA3OqzoLbAucSQbaoKP134AOX+MxMCZxJDtqcq+89/0vYHfJq2wLnEkO3R9gfs4+vHby6GjDyOsC0xZFuqorfeP7CvF+faAmcQQ7blm1+s9w/sr1YJXY4jbE8M2Q5tf8BtPPzVPgFbF0O2oxb4SBc3wFW0BW5fDNmGx79p+wNur1YNXY4rbEcMGV9V7tb7B+6iJg+/eqstcKtiyPhqQY90QQPcxL//qy1wq2LI2LT9AYf09LV9ArYohoytKvZ0EQPcRrUFmhC4PTFkXLWAR7qAAe6iVhNdjjeMLYaMqyr1dPEC3EVNKrZPwLbEkDHVwh3pwgU4BG2B2xJDxqPtDziFWl10Of4wphgynqrM08UKcEj3Hp1fDDl5HGIsMWQstVCHtj/gVJ680ha4BTFkLNr+gFP6/CdtgVsQQ8ZRC3SkCxTgmLQFji+GjKEqcG1/wBrqs6O2wLHFkDFUBZ4uTIBT+OYX+wSMLIb0V5W3tj9gbdoCxxVD+tP2B3Tw5UNtgaOKIb1VxZ0uRIA1PP5NW+CIYkhvtRBHuggB1lCfI7UFjieG9FULcKQLEGBN95/ZJ2A0MaSnqrBrAY508QGsSVvgeGJITz8+1/YH9FWrki7HLfqKIf1UZW29f6C7F+faAkcRQ/qpBTfSxQbQSa1Ouhy/6CmG9KLtDxjJw1/tEzCCGNKL9f6BkWgLHEMM6aMW2EgXGEBntVrpcjyjlxjSQ1XQ1vsHRlSTll+91RbYWQzp4ftn1vsHxqUtsLcYsj5tf8AWPH1tn4CuYsj6qnJOFxPASGoSswmBPcWQdT0/0/YHbMeDF9oCO4oh69L2B2xJTWa2T0A/MWQ9tYBGuoAARqYtsJ8Yso53v2v7A7arVjVdjnusJ4asoyrkdNEAbMG9R+cXQ10e/zi9GHJ6tWCGtj9g65680hbYRQw5PW1/wAw+/0lbYBcx5LSqIk4XCsAWaQvsIYacTlXC2v6AmdTnTm2B64shp1OVcLpAALbsm1/sE7C2GHIaVQF/9oOJf8CctAWuK4achrY/YGb1+XM5LnI6MeT4qvJNFwTATB7/pi1wLTHk+L76+TxeDAAzqdVPtQWuI4Ycl7Y/gD99/8w+AWuIIcdTlW4thJEuAoAZaQtcRww5nh+fa/sDWKrVUJfjJccVQ46jKlzr/QNkz8+0BZ5SDDmOWvginfQAaAs8tRhyeNr+AK738Ff7BJxKDDk86/0DXK/aAt99/BKQx1IOJ4YcVi10kU50AP6uVkldjqMcXgw5nGr7q4o2neQA/F1Nln71VlvgscWQw6kFLtIJDsCnaQs8vhhyGNr+AG6vVk1djqscTgw5jKpg00kNwPVq8rR9Ao4nhtxdLWiRTmgA9vfghbbAY4khd6ftD+DuPvvBPgHHEkPuphaySCcyADenLfA4Ysjt1QIW2v4ADqtWU12Ot9xNDLm9qlTTyQvA7X318/nFEJvHXW4nhtxOLVyh7Q/gOLQFHlYMuR1tfwDH8/lP2gIPKYbcXFWm6YQF4HB+fK4t8FBiyM1URfrFA21/AMdWn1m1BR5GDLmZWqginahbZ9vO06onn/R32BotX/ubdb2Rb36xT8AhxJD9VSVaC1Wkk3TrrNB1OjPtKlnXk++8+3lxPu+Ko9oC7y6G7O/bJ3O2/dWTx/JYcDyzzTGpxbSWx4Ds68dzTj42Bt1dDNlPVaDpxJxB7XWwPB4cz71H5/HvsFV6vvc3866jj3/TFngXMWQ/NUilk3Lr7NN9WjXPYsYB3vyS/d1/NuebyPos5nPR7cWQ683a9lc3orN3ZuCeUj3lpL/F1nm6299Mc0SWvr8ofpbHg/3EkKu52PJx4Thm/cZrpvfNzPxQoi3wdmLI1WZpx1ryum0ds64xUf/u5bHgal8+9FmS/cWQT5t5ws2jl17JnloVXOlvMQsF582YmJyPC1kM+TQtN5zSzAN6qT735THhalqT2VcMyWYejC26sY5ZJwDueOt0czO/pbR+xM3EkGzWZTfrrcfyWHAadQNMf5NZWG3ydixPno8LfxVD/m7WgdgM23XN2t+9U//+5THhejV3YtbJo/aS2F8M+auZ2/5svbkuBYDB/LZmbgt89dZDyz5iyF9V73s60bZO29/6FAAKgLuYbQnpHW2B+4khf6pV72adUFNPEMvjwWnNPgfApK67qcm7xi8+JYb8qSrJdHJtnc1Yenj6eu4CwCB+d/VNPB3bratJ295gXi2G/KEWlkgn1gy0/fVgHQDn4V3VrPhZ5zDpIrlaDPnDrG1/tZDI8liwjhq8099oFjaeOoxZ2wI/+0EX01ViiAtmeTxYz6zfcMvyWHB7HmhYiuHsvDLLx4V1zDpwf/6TpV0PySfNfFxmFsPZzTppphYOMWmmn1nbUD25HZ5JzVwWw5lpm8nHhfXURLj099q66oBYHgvuRltzPi6ziuHMZq2QLZzR22yfpGouirdRx2Fhs3xcZhTDWVWFmE6crasnAt/Ieptti1cbUB1P3QRnneNkafO/iuGM6qKweQZdzbYgkG2Aj8vmZvm4zCaGM7J9Zj4u9DDTU1sN0s7J47O9OTGcTVWE9c0xnSxbp+1vHLMUqc7J05h5lUmfPP8Qw9nM9n11p54AlseCvuotQPXGp7/lVpiodVr1NJz+Dltn7PtDDGcycxVcC4Msjwe9bX2iqm//p1VvP2dtC3SuKQD+UQtEpJNj67T9jWur3249la2jZsanv8fWeds0eQEwc9ufTVbGtdXz1sI/65hpgulSrYmwPB4zieEMnPT5uDCGrS1XrRV1XR6G8nHZuhjOwGuvfFwYx71H2/h8Vf+O5b+N0/M5dD4x3DoTX/JxYSzVKz/64lXV1aDnvwcTovNx2bIYbp3WF7aiXl+OuoZF/d6v3pqL0omW6LnEcMssfpGPC+Oqp5fR3mjV72vSXz8WRcvHZatiuGVbbaG6juUvt62Ku1EWCap5KLXF8fLfQA+WRc/HZYtiuFU2wMjHhW2owav7RK4vH547F5urScI2RptDDLdo5rY/W2DOpet33HoLpQNlDLZGz8dla2K4RdX7nv7gW6ftb071tqvLt9z6PWzwM55qj0t/z62bqS0whltTM6VnbfurSn55PJhDfRKownfNc79eqWrzG1M9CRs3ty2GWzNrJVvfg5fHgvnUN/dTt77WNWe56fFtbcXJfdUciBnenMZwS6rVKP2BZ6Dtj8vqfPjmlzdH+zRQP7cKDTP8t6Pe3sw6d2qGz1Yx3JJZ2/6src5VqjCuyYJ3bR2s//v6OXr6t2vWtsAqaLfesRLDrXDi5uMCl9WbgfvP3n5UN/P6dFR2bwrq/91l9b+v/3/VWeIN0zxmfZCq8315LLYkhltQN0CvrgDurlabTGPNDLZc6MZwC2advFKVurY/4NBMpt6eGI6uKjbtKwCHo506H5eRxXB0W9kn/aZmWsACOD0LquXjMqoYjmzmJSxtrQocU90ELam+HTEcVZ2cNrEAOB6bquXjMqIYjmrWtr+qyC23CpyKbdW3IYYjqsps1gkqD3/V9gecTk20TmPRDLbUFhjDEdWCDemPtXVViS+PBcCxnXp/iS62NObGcDQzV6O1QMfyeMAW1XVeqxDuViXcXQO1HHH9z3VDevzbe5/DTmTmt641D2J5PEYUw9F8+VDbH2xVze256Z4FVQzoijm+mhmfjv/WbaUtMIYjmbntz3r/bFld23fdrKh2P/RG4HhmbgusNRGWx2M0MRyFky8fFxjdIZfyriJiSxO3upn5IaxWR1wej5HEcBT1PTD9YbZuK6+fYKnO62Os5FmDtS2Lj+fynIyZjP4ZNoYjmHkCSk10Wh4P2IJjziyv8cKbgOMwETsfl+5iOAItKLAtp1jIqz4HmDtzHFqxxxPD7l6cW4QCtuSUb/R0zxxH/Q0/+2HOt7JVvC6Pxwhi2N2sy1DWjOblsYAtOPXTo0L6OGZejn3EN0sx7MxGFPm4wKiqXz+d88fkLcBx1CROG7KNI4Zdzdz2t8WtKKGs0c1TBbX1AY5j5rbA0d4sxbCrQ/YGj6QmLmn7Y6vWWslzK8u5dlRvWNIx37pqYV0ei85i2FEtuHCqSULdVEW9PB6wBfVZK53zp+AzwPHUk7Dxur8YdjRrRVkLbCyPBWzFmh099eZh+ftwOLO+sa05EKO8sY1hN7WCVzrQMzBbmS1b83txfVpb/j4cTs2xmHXO1ihtgTHsZta2vxFnlcJNrN3Vs/x9OKxZ2wJH6dqKYSeznkC1oIa2P7ZuzQKgnk6Xvw+HN+sDXK1tsTwW3cSwi7oBeoUE21XrqKfz/xQsq30aa/6N19b9E24Mu5h1EkkNTNr+mMEaiwDtjNayNbJZJ3F3n2gaww60keTjAluz1lu+WoBo+btwHPU213jeTww7OMae4CPQm8xsao+LdC0cW719WP4uHM/3K6z42EEVuF3f6MZwbWu2Bq2pKmSDErNZo823erWXvwfHNfNS7l3fNsVwTXWS2EwC5nLqmeIPfzXJdg2Pf5v34a5jV1cM1zTzdpI2J2FWp3zrZ/b/umZtC/z6cb/PuzFcy8wTRTyRMLta9jpdG4dWnxyW/21OpyZ4p7/LDGrp6+XxWFMM11ILJ6SDtnWeSOCPpWNred50jRyKbbV7WGvi59q6jfUxXMPMVWEtlLE8HjCjmgRbq2Cm6+Su6qaz/O+xjpnf9nbahjqGa1hrT/C1afuDv6qHgUO/CTDBtp96G5P+VlvXqS0whqc2c9tfx5mhsLb6HHCIh4K6xjo9cfGnugke+5NPV10K0hie0sy9obUwxvJ4AH+qh4PbtgXXIKvA7m3mh7+zd+ufmzE8pVogIR2greu8OhR0UzeK+oZ/3fyAmmRVrcQdBlf2c6ruj246fP6N4anMPBGkFsRYHg/gejVpttQ1VN+Rd/+zp/0xzTwBfO2W1Bieyqw7RGn7A/jTzDu/Lo/FKcXwFGpBhHRAZlAV7/J4AMyq3t4cq/2zu/pktTwepxLDU6jKJx2MrdOLDPB3My8Dv9bnqxgeWy17mw7E1mn7A8hqUvSsD4ZrtQXG8JhmbvuzDCnAp83cFrjGp+EYHtOskz1qwQttfwBXm3Vy+L1H5xf//HxMjiWGx1LrfM/a9leV7fJ4APBX7hP5uBxDDI9l1squFrpYHgsAslnfFNeql6d8UxzDY6gFD9I/eAba/gD2V3tBzDpX7JRtgTE8NLM783EBINMtlo/LIcXw0Gbt76yFLbT9AdzOrA+O3z45zYNjDA+pboBe5QBwU7XHQxpbZ3CKT8cxPKSZ13jW9gdwN7NOHv/y4fEnj8fwUOzylI8LAPupt8jaAo8jhodSCxukf9TWddjnGWArvn8255vk+nx+zDfJMTyEmZd0rIUslscDgNupm+Csc8nuXxQ/y+NxKDG8q/pj1dK36R+zddr+AA7v8W/zPlQeq5sshnc187aOJv4BHMesbYFfPz7OZ+UY3sXMEzZq4Yrl8QDgMGaeWP7i/PBtgTG8i29+mbNloyrT5bEA4LDcYw4nhrelOsvHBYDD8JY5H5fbiOFt1cIF6ZfeOm1/AKfz43PzzA4hhrdhhmY+LgAclk6zfFxuKoY3pUczHxcAjsNaM/m43EQMb6pugukX3TptfwDr+epnn53vIoY3MfOEjPrssTweAJyG/WbycdlXDG9i1p2aquipNx8ArOeLB3POBTjEjrMx3Fe1vqVfDAA4rlp1d3lfvokY7mvWZRkBYG01D+0uXWgx3EctSJB+IQDgNO7SFhjD68zc9gcAndRkyOV9eh8xvE5VHOmXAABO67ZtgTG8ysxtfwDQ0W3eAsTwKp7+AaCX2otneb++Tgw/xdM/APRUyyMv79tXieGnePoHgJ6qNX95375KDJOzd57+AaCzm7wFiGHi6R8AeqsNkpb370+J4VL1/X/2g6d/AOhu3+2CY7j06OWc+y4DwGj2XR0whkvVXpD+IwBAL7VS7z47Bcbwspn3WwaAET3+7frJgDG87PtnJv8BwEj2mQwYw8u+eGDLXwAYSbXtX/cZIIY71fuffjAA0Nt1awLEcMee/wAwpm+fXN0NEMOd2mIw/VAAoLfPf7p6aeAY7lj6FwDGddWiQDEs9X+UfhgAMIar5gHEsDx9bfU/ABjZj8/fXdzS830+huXBCxMAAWBk3/zy5uKWnu/zMSw1ezD9MABgDLWU//L+vhPDcu+R9f8BYGS1L8Dy/r4Tw1LLCKYfBgCMY3l/34lhUQAAwPiW9/edGBYFAACMb3l/34lhUQAAwPiW9/edGJaaOZh+EAAwjuX9fSeGxT4AADC2q/YDiGH57ql1AABgZPU5f3l/34lhsRIgAIztVisB1gYC6YcBAGO4/+ztxS093+djWN68txsgAIysNvZb3t93Yrjzr/+cxR8IAPT2z/uvP/z+v4u7ebi/lxju1KuD9EMBgN5qT5/lff2yGO48P/s9/lAAoLeazL+8r18Ww516dVA7CaUfDAD0VK//ay7f8r5+WQwv0w4IAGOptXyW9/OlGF7mLQAAjOW6p/8Sw6XvTQYEgCHUUv7L+3gSw6V3v3/4uJ5w+g8BAD189sPrD2fvrn/6LzFMdAQAQG+PXn564Z+lGH6KdQEAoKd9X/3vxPBTakLglw/P438YAFhHfabfZ+LfZTG8Ss0HsEQwAPRQN/99v/tfFsPrKAIAYH016e/V25vf/EsM96EIAID11M3/5ZuLm3G4R+8jhvuqIuDrx2/iLwYAHEfNx7vpN/+lGN7Uw1/ffVx3OP2SAMDh7LPM7z5ieBv1GsInAQA4jlqW/+nr/fv8rxPDu3j823t7BwDAgdS3/h+fv/tQrfiX77d3FcO7ql+yftn6pdM/BgC4Wn1ar9f9Nd/u8j32UGJ4SPVG4N4jiwcBwD5qgl/NrTvWjX8nhsdQsxXrrYCVBAHgr754cPbxaf+2Pf23EcNjq6rmyav3H/+x9Y9OBwMAtqpW7/vmlzcfN++5azvfbcVwDbXbYBUFteFQHZSvfj7/SHshACPa3cdqvZy6t9Un8brXHXoy323FEADYsg//+H+lNd2BKuyxJwAAAABJRU5ErkJggg==Azure MLGE.PEllipsefalseAnyAnyfalseIngests and processes high-volume data stream falseSE.P.TMCore.AzureStreamAnalyticsCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAM4FJREFUeF7t3S2UHcfVqOEPXhgYaBgYaGgYGBoYaHBBwAUCBgYGAQIGBgEGASIGAQYGAQYGAgECAQIGAgYCAgIGAiZz9WpWf3OmtM/M+enu2rXrBc9a9+7P0ZxTp7tr166f/p+bmxtJkjSZMChJkmoLg5IkqbYwKEmSaguDkiSptjAoSZJqC4OSJKm2MChJkmoLg5IkqbYwKEmSaguDkiSptjAoSZJqC4OSJKm2MChJkmoLg5IkqbYwKEmSaguDkiSptjAoSZJqC4OSJKm2MChJkmoLg5IkqbYwKEmSaguDkiSptjAoSZJqC4OSJKm2MChJkmoLg5IkqbYwKEmSaguDkiSptjAoSZJqC4OSJKm2MChJkmoLg5IkqbYwKEmSaguDkiSptjAoSZJqC4OSJKm2MChJkmoLg5IkqbYwKEmSaguDkiSptjAoSZJqC4OSJKm2MChJkmoLg5IkqbYwKEmSaguDkiSptjAoSZJqC4OSJKm2MChJkmoLg5IkqbYwKEmSaguDkiSptjAoSZJqC4OSJKm2MChJkmoLg5IkqbYwKEmSaguDkiSptjAoSZJqC4OSJKm2MChJkmoLg5IkqbYwKEmSaguDkrSlV29/u/nx53fD4PO230EaXRiUpC199vWrm//5vy+Hwedtv4M0ujAoSVt5/etvYSeb3cs3VgFUSxiUpK188/xt2MFm9+T7N+8/fvydpBGFQUnaymjl/8Xvv/j5/cePv5M0ojAoSVsYtfy/+OHlr++/RvzdpNGEQUnawtOfxiz/L/787S/vv0b83aTRhEFJ2sIf/z5m+X/xf/7fyxuqGO33kkYUBiVpbc9fvQs71dFQxWi/mzSiMChJa/v8u9dhhzoaqhjtd5NGFAYlaU3vfrv5UD6POtQRvXj97v3Xir+rNIowKElrGnXv/zF/+9fr918r/q7SKMKgJK1p9MV/rd89eXlDVePwO0qjCYOStBbK5VEnOrpnLzwTQGMLg5K0FsrlUQc6uj/9wzMBNLYwKElroExOuTzqQCvwTACNLAxK0hq+/U+txX+tL37wBUEaVxiUpDV8+rTW4r/WJ1/6giCNKwxK0rV4f37UaVbz48+eCaAxhUFJulbVxX+tvz7zTACNKQxK0jVY/Mf786MOsxpOOPRMAI0oDErSNdgjH3WWVXHSYdsGUnZhUJKu8dnXtRf/tVjs2LaBlF0YlKRLzbL4r8X3bttCyiwMStKlnnz/Juwgq+N7t20hZRYGJekSMy3+a/G92/aQMguDknSJf/13rsV/Lb5/2yZSVmFQki7BC3KijnEWf/7WFwRpHGFQks716u2ci/8OcSaALwjSKMKgJJ2LF+NEneJsnv7kmQAaQxiUpHPNuviv9ce/eyaAxhAGJekcsy/+az1/5QuClF8YlKRzsPgt6ghn9fl3viBI+YVBSToVi96iTnBmv3viC4KUXxiUpFN99W8X/0V4IVLbVlImYVCSTvXJly7+i3AmQttWUiZhUJJO8cNLF/89hLMR2jaTsgiDknQKF/89jLMR2jaTsgiDkvQYFv9x8l3U8ekW0yNtu0lZhEFJegwn3kWdnu778WfPBFgT7UnlyemV64VBSXrMH75y8d8p/vJPFwOugQ7/cMqJ6opJwHXCoCQ9hFHYYSen45gmefuhCBC3pR5G2z35/k043WQScJ0wKFXx4vW7G86o/+uz1zcv3/igWAuj2vZhrOO+ee4Lgi5Buz32jgmTgMuFQakCOn9OZDt8WLA3m61r7X+r0zEic/HfeT596guCzsG7JXipUtSWEZOAy4RBaXRR53+IBwajC49rPZ+L/y5jBepx53b8h0wCzhcGpZE91vkf4r9jftEHx+kufUDP7m//8gVBx1CVW+O6Mgk4TxiURnVO599iXtvXuD6M9onaTo9jLtuK030sJv3s63UTSpOA04VBaUTXdP6HmK/99j8u2oqwmDJqM52GEnfbpjPaouM/ZBJwmjAojWatzv8QIzbedMeJd+3fm5GL/67HPva2XWfCfbplx3/IJOBxYVAayRad/yE6PbcR3m7JitpHp+NamjGh5B7t8d4Ik4CHhUFpFFt3/i22Ec5axnXx3zqoKrVtW1Wvjv+QScBxYVAawd6d/yEeKrNsI2TEyk6JqB10Po5Qbtu4GjrcTIdFmQTEwqCUXc/O/xCfge1dFR8urPh30d82aNeK1wzfKes1YxLwsTAoZZal828x4qnw5rdnL379sBMi+o5aV5WTKTN3/IdMAu4Lg1JWWTv/Q8yVj7aNkBX+nPDHAzL6TtoW0wJcM6NNKTE9RAUs+k5ZmQTcCYNSRiN0/ofYRvjFD7m3EfIg/Py7127vS4JrhvUW2XcKLB3/qNeNScCtMChlM1rnfyjjNkLKzr1XZ+thXDNc9+1v19PoHf8hkwATAA1g5M6/xSEovbYRUl6mzEy5Ofpsyon1GKzLaH/PPTFFRDWryn24mD0JCINSFpU6/0M8eNhGyIP18PtugVEbD+/H3quu3LhmWKexxzWzqNrxH5o5CQiDUgZVO/9DfL+tthHSfiOszNZ5uGZYt7Flp0W1qHrHf2jWJCAMSr3N0Pm3mJNfYxshUwx7nbeuvta6ZhZ0/FQZZqwWzZgEhEGppxk7/0PLNsJztoS5jW9u124jnLnjPzRbEhAGpV5m7/wPnbKNkIcVUwi2mXDKNdNiLYrrQ+7MlASEQakHO//Yso2Q9lnairKv2/h0THTNtKgYWDGKzZIEhEFpb3b+p2Fu37fy6Rzt1lM7/tPMkASEQWlPdv7S9ujQ7PjPUz0JCIPSXuz8JWVWOQkIg9Ie7PwljaBqEhAGpa3Z+UsaScUkIAxKW7LzlzQitky2z7ORhUFpK3b+kkbEWQmXHrSUVRiUtmDnL2lUnJTYPtNGFwalLZAARDeWJGVWcfSPMChtxdPrJI2m4ugfYVDailUASSOpOvpHGJS2ZBVA0ii++veb94+t+Fk2ujAobckqgKQR8FKlc96sOJowKG3NKoCk7HjVdvvsqiQMSluzCiAps+qjf4RBaQ+8rzy68SSpt+qjf4RBaQ9k12TZ0c0nSb3MMPpHGJT2QpYd3YCS1MsMo3+EQWkvVgEkZVPx1b+RMCjtiX220U0oSXtjh1L7jKoqDEp74pQtTtuKbkbdzkd+9vWrD/70j19uvvjhzQccT/rjz+8edDiPyf97iX/7n7f/++/85Z+//O+/78uaNDt2KC33THVhUNobnVl0M87g06e3nS+dMdWQpZNu22hvbbLAZzRRU2Uzjf4RBqW9Va8C8N2W0TsdKh3rqKuM+a34/CRtLJYiMXAdhyqYafSPMCj18K///hrelKNZSvZ09nynGbYTgYVTJAbLtMIfvrJaoHHMNvpHGJR6+ePfX4U3Z2Z0dIyEGdm/fDNHZ38qkh/ahUOfPvnShEB5zTb6RxiUehmhCsBCOUa4dGyzjO7XQoL0zfO3H9rP9QTKgnU47bU6gzAo9cTNGN2kPfGZWKA34yhhS7Qnawkov7qOQL0w8GivzRmEQaknOoXoJt0TnRGj1Gcvfr1h0dvh59N2nr96d/P5d6+tDmg3TDu21+EswqDUW6/XBbN4j9L+2w8D/fizaR8/vPz1w9oBzybQlmYd/SMMSr3tWQVgER/l/VmO/xwNFRgqMVRkot9PutTMo3+EQSmDLV8XTImZlfuu2h8LlRkqNFRqot9VOsfMo3+EQSkDVtivvTCM0T4diPP64+P6YAGh5w3oErOP/hEGpSzWel0wawo4pKb991UDv22vdSMaE8ljex3NJgxKWVxTBeB/x4py5/bnwZTOllNHqoEpQKuAJgAawLmvC+bEOf43ruSfF4njk+/fuINAIUf/t8KglAmZ+in7wvlvuLHN7LUgCeSa8FwBLRz93wmDUjY8xKObGYzyeAGNI349hMWfI75rQuty9H8nDErZRFUA5vhZJGjHr3NwwJDbCOfk6P++MChldPiiIBb3VX8Rz/J6XUYsVDgWHIhDB3bo3Llu/vvlf8vq+eXf5m/xN2dYOMn15BsK58LaoPY6mFkYlLJiYVelzokk5rCTp0POVKbmJUh/+sdtgkAJnbP62+8wMkaDdAouFqyPimH1QcO5wqCkdTFNwYiTjpQONeMbD8/B56cKw6t9KyQFdAx8n+i7qgamC9vffXZhUNJ1lg6fh84MC88YXTGVQEIwcoWGd1BQhYm+o8bl6D8WBiWdh1Iyi8uYonCl+e2RyyQ/tEnbViNwfUAtjv5jYVDS45YOf/Ry/tYYfbFwkTUEI43CXB9Qg6P/48KgpBjz3cwV2ylcjgoJiRPl9rZ9M6Lz8FXE43L0f1wYlHSHOW0W71kSXh9TBawbGOEsByoYJn7jmWFL66XCoDQ7OiQ6Jsv7+6BMS2WFl/m0v0UmVAO8JsbBwtT2N9SdMCjNisVflHvpkKIHirZHB8toO/OJbawN8BrJb5Rppl7CoDQTSoSMPn1hTC6U2zNXBehcmMKIPrv6c/T/uDAozYCO33fHj4G9+c9e5NtSSJWCBY3RZ1Zfjv4fFwalyngwuKp7TCzEZHqg/U17Y0uoFaQ8HP2fJgxKFdHx82CIHhgaC1sJWa/R/sY9sXDUxDIHR/+nCYNSJbxsx+Nda+J35fdtf/Oe2D3iAsF+WETa/iaKhUGpAt/7Pg9esJRp1MeBUZ4Z0Ee2ylBmYVAaGR2/5/HPiRJ8loNf+BzuEtgX9337O+i4MCiNyCNbteD41wznv7MuwCrUfjIuEM0sDEqjefqTx7TqPubh2aKX4UAhzjOIPqPWxbbetu11XBiURsFcq0ez6iGU4blO2mtnbySp0efTekj6fPPf6cKglB2lVcq80UNgBjzoKC0fYvqDlxZF2P54+N/OWC3JUA1ggZqVqm1xvbftrlgYlDLjIVr90JXDDp3vu/UIlhX0bKdjCxuJFX+/4la2DNUA2to3S26HZ0Pm90hkEgaljFhVzXav6KYfEZ0AHS0jU8rDdMDZype0ObsqlipClVXtvMyn/a574nd2p8p2XAx4mjAoZUI2X+Hta4xMGNXzcMqyVe1SJCskLSOvv+Cz93zRENe176LYhtsBTxMGpSzoKEftZJjrZdRMWT37e+6vwWiWpIbvOlqSxuftXQ3w5MBtZDshMqMwKGUw2oIpHuJMUTAynvUscka1/G6MbEdap9G7GuC6gPWRkLbtrPvCoNQTnchIK/zpPBgBszPh8Hvodpsmv+UInRsJHMlb+x32wvVDpxV9Nl1m9Km2rYVBqZdRSv50aCyM8wFzOt7nz6LHqD0z4dCenqvInRJYD8ln2766EwalHrKX/HkoU9p2bvE6lLuzL34jCe1Z0WE6wl0C1+Oe7ZnMZRcGpT1lL/kzr0+J3wfJulg8SBUl61oBqjw913JwvbFFNPpsOl3PaZ3swqC0l8wlf0aplvi3R0dHgpVxxMsIkspU+5n3NNpi2GxI5No21a0wKO0h44NtKfPb8ffB9ErGdQK9j5dlSsBdApfrncRlFQalrWUr+dPx85l8kUgOPLCzdXgc4tRzGshXC1+Oaby2PWUCoJ3xAM201cmOPy+uFUbe/EbRb9cD0xS9q0OZ18tkNuvZHA8Jg9IWGMFkOcvfjn8c/EaMvqPfsQcWLfZ+oRCJUfTZdBzbO9t2nF0YlNZG559lkRcrq+34x0Onm2XBKAkkL0lqP+OerASch9/M+/6+MCitiZJphvlcOo/eIzddjwOFMmwdzJAEZD9PIZve733IJgxKa8lwxjk7Dbzxa2F9QIYRcO8kgHao9IrsrZE49lzImU0YlNbAaLv3Nj8WHFr2q4vOt3c1IEMSMMLx2VlQQWrbcFZhULoWD0QejNENuAc6hd7lWe2DBK/3KLh3EsAaG88JOA1rkdr2m1UYlK7BqW49O38W+Vnmmw/TPD2vu95JAIcFeWLgaVwLdCsMzowbmLlFDtwAW0d81evpOHc7uuH2QBnUvb5z4/f/w1f9RsK9kwBOUow+l+5jarBtuxmFwRmRET5WQiMZcD75uJ4vLun9ClflwXXA9RBdJ3vonQR4RsBpfJabAHzAsaPRBRLh5nYRycd6bUfy99AxPd810TMJcFHgaaj0tm03mzA4E/aoX/KQcFvZnV6dPxUbS/56CPd3rymBnkkA6wH4+9Hn0i2e+7NXDcPgTK5ZPezRkv06f34312XoFFwnvUbEdMLMy7efaQ+eFPg41iy17TaTMDgLSsfRRXGOmTuiXp1/71ezajyM9Hq9hIr7pP08e2COO8OJiZnNviUwDM6ATnutmyPDG8L21OthSsnO93rrGj0WB/bsZHruyhkF07mzDuLC4AzWvjFIJmaYj2ZU0eOlPvxN5jXbzzMzrjfKy49xz/N9PPCja2xLvToYkvWe2yJHwqCGqvBM6wLC4Ay2GAkw31d5hEqH06OkyDTLbIt16Li5lpjuoITMmRRrLeqikrKcc8G/TYfI35tpWxRne0Rts5WeSdg5u5x0+xzn9dMzJANhcAZbLgqquLCEh0iPVcXVO3+qGt88f/thQSkdcu852yU5YAEZ1zGJQdX2Z4X+Xtc07dj+/T3xm0afSw9bkoGqA7swOINLtv6dg5FVlQdnj5IpuPGqdT5Lh893G2mBFgkz10G16QSqWls/C9D7rAq+Z/S5dDquE57rlZKBMDiD6AdeG3NvI89bM29JRxV9t631Wjm9Nn5/RtLML+7R0eyB78F1QRm9wrTBHkkAbdX+3b312gVR0ZIM9K7sXCsMzmCvN2dxoYx4Uh3l0V4j1NE7f3aEMFqeZfEVCzQ5BnrkZHfrJCDDqNEqwDZ4TjKFN2IyEAZnsHc2zN8bYbTEZ7zmcKRrjdr5Uy1hlDf7XCtTBbTDiFM3W64JyJIcWQXY1pIMkGy1bZ9RGJzBGocAnYsRBiPD9rNkQMfPwq8eC/0W3Djt58qO64hyeM92y4hrnd9ztKoASUD0fa7BtdH+nV6sAuyHKjPP1MzJQBicASOUXiVuSqZZFpJk6Pgx0ul+S5ttWTKuhKkQFj6OctjK2lsEex4EFLEKsD+SgYzTZGFwFr1PyeLB2GtxECPXnqX+Q6N0/lmSpVHRbrQf7di2bTYkLNF3uATfuf33e9qiyqHT8dznmZchGQiDs+hZBTi0V6mIG5+ybIbvvGAU3X7ObFjUR7vZ8a9jSQSyVwR4SEef/xzcaxnXQ8yyQDU7fgemhXsdJR8GZ7Jmpr+GJRmgs75mpMRDh1WpVDmyjPRbLJjLvHKWm5JFidFn1/VI/uhkMycClG2jz36qrHvGe1c/9TGmivhd9kwGwuBs1sj0t8IIgg6cz7ggaaHj5OFyGCdxyHCa3Cn4vO3vkIUd/764XnnwZd05cOm1wOLQ9t/KgqTLilZeJAM857eeLguDM6JDin4IrS9r508HxIjPB2MfJAIZDsyJnHsaJpW87FMcJrljYFC3VTIQBmdlErC9rJ0/Uy7Oi+bA75DxyGGuETr26DMf4vOPsA/cLYHjIRkgSV4ruQyDMzMJ2E7Gzp+sutdxx3oY1ZiM0wI8gKOtdCQHVAqyTmVETHrHxTV4bTIQBmd3brlPj8tY2mXe2b38uWWtBixIIEd+QdK1ixyVw6XJQBjU7etv7RzWka3zp/S55eugtb6s1YDRsZg4am+N65xzJ8KgbnFQgyWyy7GYLlvn7xTPuLJXA0Y1wq4hnY51Au1vfEwY1B1KKjRo1NA6jodKpoc1pVp/xxqoBrS/ry7nboBaTAA2QFklamx9jPL61vtXz0Ei4iinFs7GyL7NbhRMd0ZtrDGZAGyEbUB2JA/jyNxMc7XVTjzjgBBu8AXtzbRGZDkYalFtTQtTAr2OUK2E+9WzL+rgXm9/42PCoI5j1GHJ7GN0Lpnm+/mdRnzrGQ9ibmC2JtKJ06Ys1FqzokLbLMdEk0Dw90btALjuMh8nPQoSy6h9NR4TgB1YDbhDR5up5M8q/1MObMmAjpdyNltPe6+ZYDTNdc0c+0gdAm3ISWnt99HpnOKswwRgJ7NXA+hk6TDadumJjiD7aDZLh/8YkjoqEFQjRpg+OGf7k+7jd47aVOMxAdgZI04aPfoxqsq4L5uSefRZM+D6IDkZeeEaCQu/e+bqCtWokdu4F48FrsMEoBPmIivPpTGyZs4448KrjJ0/i9QY6VdcqEblJ+trprkHTQLO58FnNZRLADiQh/JeO+fO/58Oif97+7/p6dmL014aMgoeDIz8Ms3zH8o0DbMkSdmuya2Q3HBtZFsPYxJwvtmqmFWVSQC4gXm4RF+yxUM32w3PKGnkF82QxDCyzvwgzdL50wFmb6utkfhm6kRMAs7DMzRqR42lTAJwbomRL57xvHBGzpSCR6gKLFWV7AvU+J0zlKD5TdlOl/G664XEN8tUmEnA6XwJWg0lEoBTR/4tRoTtv5XJspAqywMSdGK0W7YV/cdk6Pz5/bK95yCbLFNhWQcG2fB7Re2nsQyfALAi9ZqtXNmTgAXzp6wMZ+XynlvXuEBIQjgCNOu8/jGM5nq+yY8KiR3/ebjGe68RIGE0CXgYg5Oo7TSW4ROANUbHI+4JpjNeTmhbjnG9dGUuK9D53/PvMDfN6D57Wf8xdP49Kye0peXky9D5UmLueUaDScDDeP5E7aaxDJ0ArHl2Ox1f+++PjqoBSUKr/e+q4Xv36vy5oWZZ1b812rFnBcck4GE9EzStY+gEYO253YpJwGzo/HvMJVO2Zl60/Ty6Xs9qwIjVwb1QOYzaTOMYOgHYYq7QJGBcvTr/jNtKq+lVDSDxGG3ty17oPKI20ziGTQB44EZfaA0mAeNhMejep5Px91gc2X4WbadHNcAqQMwEYHzDJgBbr0Jl5Xv7N5VTj86f0SgVh/azaHv83ntWeqwCxEwAxmcC8AC23LkIKDcWNe7d+ZMcel30RYe855QAlYf2M8zOBGB8wyYAe21DYTW52X9Oa+4COQWJxigHIM2AJGyv47N5DrR/f3YjH12uW8MmANhrFSrlRsqO7d9XH6z/oDoT/VZbMRHMizU70W+2Nqs+92V6sZYuM3QCsOd51MwDuuCrP1aD7739yP3g+bEFc+vFga75uM8EYHxDJwCMyPZeEUzZuf0c2gcJ2N7z/ZQ57fzHsPViULd63rd3FU7rGzoBwKUvAroGI0LLwftiK1b0W2yJ/f3t51BuWyUBnDnS/q3Z0XlEbaVxDJ8AMDrr8fIQHjK+6GV7PNB7HADjWRDj2iIJIOlv/87sPAlwfMMnAOj5akqrAdsgsetR3YGJ3fjWTgI8DOhjGV7frOuUSADAQzv6gnuwGrAuttr1eiWs+73r4DpaY42QBwHF9l5/pfWVSQDQMwkA1QBXCl+Oh2zvvcUmcrWskQS48DcWtZXGUioBQO8kAJQLHTGcjnI/D9ktFm+dg7/vq3zruSYJ8ACgGAOdqL00lnIJADIkATxwmMN269BxS8ffq9x/iM6feeP2M6qGS5IA/nsTwhjtGbWZxlIyAUCGJAB0LKwody/5nUwdP6qd9EjSyTsSWBzLtceBLdzop2Aai//Nggd9lbbhe5xzzXnw13HfPM/xfNV1uOfb3/aYMJhZliQAPHjo9GauCGTr+EHnP/K6DV6KRZuydmLr7ZK0FQ8MKlvcWyO2G9cgCz0fmm5iexvt2v5vdafHuRxaX+kEAJmSAFBWZEQ20wOGjoLRZKaOH8zvjtaJMSqlA+bGjb7T3kgKuJ5HTAhoS65LkicsFY/2v9PHPAWwhvIJAPY4J/wSjDQopVWsCvCd+G49DvE5BZ3/KO1OOZ9TCXsvkjwFCQGjQ+fOa/MQoBqmSADA/B8Pp6gReqtUFWBUxWgqY8K1ICnJ3vnTgdKRZquanINOgnL7yFMsimW+v3W6aRIA8NDPUjo9hlEeHSgl1RG2EvJw57OSwIzQWbHILfOCTBLViuVV7jsqce331Xi4RqPfWOOZKgFYjLSAhVI1c75ZqgOHHX7WisoxtGP7fbKgzJ89OV0D1wxTQ+6KGReLTqPfVuOZMgFA1nUBj6GsumzV4jtstUWLBzSdEg9r/hYXymgd/oKqStYtXSR2WddJbIlqEdeVB2aNxwWAdUybAODcfcGZUSngxwQP1kN05C2y+Pa/Y6EZ//sRFpudis414xw001FupfLArBFVej7MbuoEAIxAZhyBzYCEJmOpmcpNlcRzLbQHU0ttWykX5/9rmT4BWLBa2ZWtNfA7ZlxwRrLJ9E30mXWLZNxDePJy/r8OppPPSbrDYCVsvbIaMDYu6ox70Jl2sXR6OnbCuD4gHxPYsbGOiym3S56RYbAiqwFjYk49Y8nfUdNlMi/enBHrNHwujofpNaZDr10wHgarshowjqxlY5IRRrLRZ9bp2HLqIsH+KBdHv4/yIXnmvlnzaOswWJ3VgLy4yBldt79ZBiSQ7MyIPrfOxyjGc/r7svyfHwMO1j9tUQkNg6fgA7HNjAuIUgT/b+ZE2/8uKx7mrJaMGlx9ZJ4jptTmfP82su7sqM7yf170q1Rntq6ShcGHMH/30HYn/m8cNNP+77IiaXFU1xeL/DInj3b+22PKxwWC+7L8nwv9EH3nnvdBGDyGUX70wSM81Ed6YQiJjYnAvuhUmY7JPPqz898Pgwe3C+7H8n9/9JP0q736yjAYoYOMvsBDeHBeu0pxb2TFox6POwquCy767IvARu78Ke0yxTXaKZB87pEqiKNiCjRqf22P/oXdTRn6xjAYYfVh9GUeM2ISABKBh6Y6dD7akwV+I8z3MhLN3HHyEGEERyLFepxzRs7cj8sanqwJAusC2s+t9Xhk9b64x7ims011hsHIpQkARk0C6KgYjVCmib6XTkNnRUI1ykIvVqZnWxzF5+GFLSRQlxz48RgSCA4TyTQN5nkB22CO2cV/26ONWdic+ToOg5FrEgCMmgQseEDSBt44p6MzoeNv2zKzbJ0/o/yttgAdw3wkI8TelQGun/az6XoeYrUtEvW979lLhcHItQkARk8CwLy1VYHj+I25Vkbc352l82eqpOfCoAXXOp1Fz6kwqwDrolNyanN9TKXRL2Rf19QKg5E1EgBUSAIWVgXubHlYxR4ydP5Z10jwedit0aMiYBVgXdyjUTvrfAwCuV9H2u3WCoORtRIAVEoCQNbHjUUbzZRdk/VS4h8t62317vy5HzJ2/C3mjlnIFH2HLVV6VvTE9eUOp+vQflTntliH00MYjKyZAKBaEnCI78WIqdp7B+gkmZOms6pyaEvvzp/7arS2pPK1Z0fCvdR+Bp2P+zZqXz2MQR2Jb8X+KgxGWCEcNc41KicBi5GrA3zeZeX5OdvMRtGz86dt+fvtZxoF1/VeL0Xi77R/X+dh9D9TdfJa9E08s0e+R08RBiMscIga6lo09EjvELgW80VcVJSReLBl2nbFnBYXPWX9KiWuY/iOURvsgaQqe7n/VLTj1kkU7dX+XZ3Hff+P4zoefS3TucJghJF61GhroOFnP/2LETYX3nI4C9bO2Gln/l0eqPwd2pzka+RFLJfo2fnzIG4/z+h4Nmw5JUD1sf2bOp37/h+214t3MgqDx2y99a3iw3Et3MR01gs68NbSoUfaf29WvTr/6kku1+dWa15IjNu/p9OtvX6rkupT0I8Jg8fssYikUnlUubCYLLrmtjbLNBf37RbrAmZ/SF+D6caoTeUWU4TBY/ZaSMIPM1tZWtuiQhJda1ujalZ9PUVrzQXDPG8cEFyGkrYL/47zkKkzEwDstZWEC9fMX9ei8+ixdx2st5hxXhFrJVyW/y9n6f84E8tbYfAhe1UBwLypWZouRRWp11kMLCya/QFz7WCBNmz/TZ2GxClqU93i2mzbbEZh8DGMzJnXjBp2Cx4EonMx577nNXrIzv/OpYsuSf6dBrwMCzIt/R/HtTXa4VtbCYOn2DsJYHHRrOVUnafXfD/s/D9GFe/cbWhW/i7HNRi1qW652+xOGDzV3kkAe40rnkindZAgsoskunb2YOd/HM8K1kRE7XaIRMHy7OW2OLG1GteW3QmD59g7CQAXuQ9aHeI67PmKZipUXpOPY2RPW0UVAeKz7ZhYE23btqnu81TJ+8LguXokAWwV9GEhsODp3BLzmlht3X4mPY7nBms1rOpdj2dhz3tgFE4t3RcGL9EjCeCCd4HgvCj599rit2C9Qfu5pD1xH/ia38d58M/HwuCleiQBYG7RVZ1z4YSz3iudnatWBi76O43368fC4DV6JQH8TbYctZ9HtZDoZXjgea0pAw/7OY0H/8TC4LV6JQGgc3D/cE1M9/S6rhZMOzmPqAzs/E/n1r9YGFxDzySAhzQ/uOcG1MAiMebvot96T1zPTD20n0/am53/eZwijoXBtfDg7jlPywPbeZ9xkcCRyEW/7d64lkhq288o7c3O/zxu/TsuDK6JzKv36I0VspZtx8LvleU4U66f0backqywQ4HOgkWyyz1ImzJN5v0wJjv/87nN9LgwuDYWX2zxnvBz8SB0FJcbHVOGcv+Cw4VGWVPCnnq2RZ66JYx2ZjGja2by4xlq538+rvG2LXUnDG6l5xnth0hGnBPKhY4oU8cPSocjrCMhabrmFESmN0ge2n9XOXANnnKMsj7m66QfFga3xMMqw4lVfAYyak8T7IuOP+MhJiMcMEVpc62OgfvBBY75UJ3pecT1yNz697gwuDXK8Jke+jxEnRPdDzclizOzzPEf4jNlHw1vOaXm+QZ5kOD12klVgafEPi4M7oES/KdPc5W1SEromNw+uA3alZsyY8cPrsfsU0N0/lsfhOSDs7/e77cYHW3nNO/jwuBethzJXIOLh8VULo5aByNqplsyj2bYbpi9XEgCtdc6iVHWP1TDNehiv+vx/G7bVh8Lg3tj1B39iBm4ZeoyTPNwE2Yd7S9ISkZYKEQyuvciSeae3TWzH0r+zvevw+v2NGGwhwwvd3kIHQXVCuZIHRnFWFDJTo+Mi/oiPGxHWARK59+rTamGuS5ge0y7WPJfB4O2tn0VC4O90LGOUv5i4SCVi9mnCfj+tMNoIxeSuewlf/Ts/A/xUHVOdX20qVv81mXF9nRhsLfs1YAWnR9zyDOcOMWImREh5f1s+/ZPwSiLhKX9Xhll6fwXVMGsBqyHjspV/uviWdy2s44LgxmMVA04ROLCaIlSODf46OcMsICP8iTfafSHFav8R/k9+JxZp1K4FmavfF3DhX7bGSW5zyIMZsKIo0KWTJmPUTMXKJ1qtvIzCRefiwVxVDOybdG8BtfPN8/HeTCwgCn7NU8l5cn3b1wPcwbuee7/kaqbI+GaHGFaL5MwmA3zZIw6oh99ZIzwSAyYj6ZisKCzojNerDFqpVPh3+Lf5m8wAuFvV191PNrc9Qid/yE6s5GSqx7s+PfBwKVtez0sDGZVpRqg7fGwHW0xEGtfRl0JznoQF199jGeWHf8+TADOFwYzq1oN0HqoboxWmh658z9ERYmKwOxTA3T8WddwVMX9406V84TBETDa8AbTITqfEXdi0FlU6PwPMerle7XftTJK/Xb8fbEupf1ddFwYHIlzawI3/ogLgPjc0fepgnuTxa+sP2m/ewVccyycZR1PtSRuRFxvLgQ8XRgcDT84C9tcHzAfFjKOuNWSazbjezC2xMOZedoKx7RSgbTTz8mtgKcLg6Ni/ocHjDdlfXT8o44qmR+vtM3yEpTJqX6MlLzR6bO+xIFGblYBThcGR8chJbONrmYxcsePzAf89MLaDe5XDpzit83w8OZ3orRPZZFrzk5/LFYBThMGq6DU6I6BGkbv+MHntyM5zZ5JAc8JFu9RkeA6s4I4PqsApwmD1fAAmb3kOir2l4/e8YOtcXYs1yEpoINe0GEvh2ctiUKLjn35b/Dnb3+5929Ef0c1WAV4XBisirIeK5IdheVX5WAZRiGe+y7tzyrA48JgdVwUjAysCuTDb1LlRDkSzhHfmChVYRXgYWFwJlYF+qPt+Q34LdrfZ1QkMV5TUl9WAR4WBmdkVWB/tDVtXu0GZStq9H0l7c8qwHFhcHZWBbazHAZTabS/4BwKE0gpF5457b2qW2FQdzhbntXGzuVejkSKhXCsym7btwpe5sODJvr+kvqqsq5obWFQMUZ4lKzZn2x14GF0hnT6HKbStmMlTF9QLYraQFIODODae1cmAFdZqgPsT44uutlQ/mY/doWz3k/B7+9vL43BKsDHwqDOx/HDHPZCdWCGToFDbThIhcNVuLFmW2nL947aRVJOVgE+FgZ1PTpE5rxZgUopfPQ1BIzu+R4kObOM8CMsXnShnzQmqwD3hUFth0oBiQGl8uXs8SwVA+bt+TzMaTPC5XPyedvvMCt+M4/zlcZlFeC+MKh+WGhIxwuy1eUM8wgj8uVM84fwQqT2f8tIfvk7s5Xvz8Vcv6N+qQarAHfCoKTb9/a7wl+qxSrAnTAozY4KiVs9pZqsAtwKg9KsLPdL9VkFuBUGpdmw9sJyvzQPTu9snwOzCYPSLJjnZ1Gkq/ulufz521/ePwLi58IswqBUHTsf6Pid55fmNfOZJgiDUlV0/BzO5It7JM1eBQiDUkW8yOmTL+34Jd2ZuQoQBqUqmOPnBD9H/JIiM1cBwqA0Oo4wZlW/i/skPWbWKkAYlEbF0cZk9NFNLkmRWasAYVAaCWV+5vdHf+OipH5mrAKEQWkEHOTBC5Es80u61oxVgDAoZcXcPq9RdjW/pLXNVgUIg1I2z1786hn9kjb1l3/OVQUIg1ImL9/8Zplf0uZ4zvBekPYZVFUYlDJx5C9pL3/71+v3j534WVRNGJSy4BCf6CaVpC3MVAUIg1IGlv4l9TBLFSAMShlY+pfUwyxVgDAo9WbpX1JPM1QBwqDUk6V/Sb3NUAUIg1JPlv4lZVC9ChAGpV4s/UvKonoVIAxKPVj6l5RN5SpAGJR6sPQvKZvKVYAwKO3N0r+krKpWAcKgtCdL/5Iyq1oFCIPSniz9S8qOKmX77BpdGJT2YulfUnZ/+scvN+8+FADi59iowqC0B0v/krKr2vkjDEp7YGFNdMNJUgaVO3+EQWkP3FjcYNGNJ0k9Ve/8EQalvZgESMpmhs4fYVDak0mApCxm6fwRBqW9mQRI6m2mzh9hUOrBJEBa1ydf/nzzzfO3N//67683f/7We+shs3X+CINSLyYBp+Fh/vzVu5tv//P25o9/9yAl3ffZ168+dPrt/fXq7W83n3/3+uZ3T+L/3axm7PwRBqWeTAKOo+N/8frd+2a632YkA3999tpzFSbGb881wPka7fXRevv+Enr609sPFYLo35rJrJ0/wqDUm0nAfbRF1PG3eLBT8v3DVz7YZ/H7L36++eKHNxefVf/sxa8fKgbRv13dzJ0/wqCUgUnAbSn3x58f7/gjVgVqY+qHKaC1OjASTK6X6G9VNHvnjzAoZTFrEnBNx99iZMg7Fyz31sA00FrXRoTrhYoClYXo71dg538rDEqZzJQEMKr74eXHi7fWwr/9l386tTIaFu1xdDaL+NrfdCvcdxUXmdr53wmDUjbVkwAestGq7a1YFRgDvw+L9Vjbcfj77Y2KQ4VthHb+94VBKaOKScDeHX+Evz9LhWUUTAGxOK/9rXqjAkElYsRthHb+HwuDUlZVkgBGdpRX2+/XEw/3J9/XnvvNjkV4p+z26G20bYR2/rEwKGU2chKQseOPMPq0KrCPa7fx9UYFKfM2Qjv/48KglN1oSQAP+RE6/tbIJd/sOKthzW18vS3bCDNtO7Xzf1gYlEYwQhJAx0+pdPSHEJ+fzurTpx47fC0W022506O3LNsI7fwfFwalUWRNAqp0/BFKvtF31uM4nKltz8pIGntsI7TzP00YlEaSKQmgVM7op/rDp/fobkSU/Nt2nAXbCPc6f8LO/3RhUBpN7yRg6fh779feC2+Ui9pBx3HuQtuOs9l6TYmd/3nCoDSiHknAbB3/ghFd1B46bs9T/LJbXlq15jZCO//zhUFpVHslAax0ZiQz6tatNTgNcDoWT7btp1trHERl53+ZMCiNbMskwI7/jtMAp2NBaNt+uu/lm98u2kZo53+5MCiNboskgA7Pjv+O0wCn87o5HW3FeolTKkx2/tcJg1IFayUBjEqcv/0Y7esBQY/jlLy27XSah7YR2vlfLwxKVVyTBNjxP442itpOd1js1rabzsP5CYfbCO381xEGpUrOTQI4qY35yPbf0cc40S5qQ91iPnu2HSJbIiGvesBWD2FQquaUJICOf4Q3sWVCuzoNcBzXXNtmUhZhUKroWBJgx38dpwGOG/EFUJpHGJSqOkwC7PjX4TRAjPK/pWplFgalyngoO8e/Htrz3L3bM2DRWttWUiZhUJLOsdeLXkby7EXdV/6qhjAoSeegs4s6wVmxMNLyv7ILg5J0DqcB7mNhZNtGUjZhUJLO5TTAHRZGtu0jZRMGJelcTgPc4gx7y/8aQRiUpHM5DXCLl0a1bSNlFAYl6RLnHLlcFW9JbNtFyigMStIlOPku6hRnQfm/bRMpqzAoSZfgxTczTwM8+f7N+2aI20bKJgxK0qVmngbgtbVte0hZhUFJutSs0wCffGn5X2MJg5J0qVmnAb74wfK/xhIGJekan339KuwkK/MFUxpNGJSka3zzfK5pgD98Zflf4wmDknSN17/+FnaUVX31b8v/Gk8YlKRrzTQN8Oqt5X+NJwxK0rVmmQb49Omr9183bgMpszAoSdeaZRrg6U9v33/duA2kzMKgJK1hhmkAEp32e0sjCIOStAYWx0WdZhUkOO13lkYRBiVpDSyOizrOKljn0H5naRRhUJLWwiK5qPMcHacdcurh4XeVRhIGJWktVacBeOlR+12lkYRBSVpL1WkAXnrUfldpJGFQktb0x7/Xmgag/P/uw+L/+PtKIwiDkrQm3pQXdaSj+ss/Lf9rfGFQktbEm/KijnRUz178+v5rxd9VGkUYlKS18ca8qDMdze+eWP5XDWFQktZWZRrgr89ev/868XeURhIGJWltVaYBfnhp+V81hEFJ2sLo0wC//+Jny/8qIwxK0haefD/2NMDn31n+Vx1hUJK28PzVu7BjHcWPP384+zf8btJowqAkbeWTL8ecBqD8334XaWRhUJK2Muo0gOV/VRMGJWkro04DWP5XNWFQkrY02jSA5X9VFAYlaUtPf3p789nXr4bBK43b7yCNLgxKkqTawqAkSaotDEqSpNrCoCRJqi0MSpKk2sKgJEmqLQxKkqTawqAkSaotDEqSpNrCoCRJqi0MSpKk2sKgJEmqLQxKkqTawqAkSaotDEqSpNrCoCRJqi0MSpKk2sKgJEmqLQxKkqTawqAkSaotDEqSpNrCoCRJqi0MSpKk2sKgJEmqLQxKkqTawqAkSaotDEqSpNrCoCRJqi0MSpKk2sKgJEmqLQxKkqTawqAkSaotDEqSpNrCoCRJqi0MSpKk2sKgJEmqLQxKkqTawqAkSaotDEqSpNrCoCRJqi0MSpKk2sKgJEmqLQxKkqTawqAkSaotDEqSpNrCoCRJqi0MSpKk2sKgJEmqLQxKkqTawqAkSaotDEqSpNrCoCRJqi0MSpKk2sKgJEmqLQxKkqTawqAkSaotDEqSpNrCoCRJqi0MSpKk2sKgJEmqLQxKkqTawqAkSaotDEqSpNrCoCRJqi0MSpKk2sKgJEmqLQxKkqTKbv7n/wPUvfsts+As/QAAAABJRU5ErkJggg==Azure Stream AnalyticsGE.PEllipsefalseAnyAnyfalseA representation of Azure Traffic Manager ( DNS-based traffic load balancer )falseSE.P.TMCore.AzureTrafficManagerCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAMAAADDpiTIAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAMAUExURQB51gh92hCB2hiF2iCJ3iiN3jCR3jiV4kCZ4kid4lCh5lml5mGq5mmu6nG26nm66n266oW+7o3G7pXK7p3O8qXS8q7W8rba8r7e9sbi9s7m9tbq+t7u+uby+u72//b6/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANYLBa4AAAAhdFJOU///////////////////////////////////////////AJ/B0CEAAAAJcEhZcwAAXEYAAFxGARSUQ0EAABkUSURBVHhe7Z3pQts6EEbD0pbS232FsuT9n/KyfJTYkW1pNKuk86cFQjz2HBLHMyPv9oOu8SvA9emuHX5gp/zhVoCm8u/YAK8C3JzjyLWCVwOcCtBc/t0a4FOABvO/2/3GzvnCpQC3LeZ/d+LSAI8C3L3FIWsMlwY4FKDV/Ps0wJ8A7eb/wYBr7KQf3Alw33D+d7tTdwZ4E+D+PQ5Vo7gzwJkAreffnwG+BGg//7vd2Q121ge+BLjEQWqac1cGuBLgPxyixnFlgCcBOsm/LwMcCdBN/h8MuMM+2+NHgM84OF3w1o0BbgT4gkPTCW4M8CJAZ/n3Y4ATAbrL/2737h77bosPAb7joHTFexcGuBDgBw5JZ7gwwIMAnebfhwEOBOg2/7vdJQ6BIfYC/D7B0eiR/3AQ7DAXoOv8OzDAWoDO829vgLEAf3rP/273EYfCCFsBGhsApPEFB8MGUwFG/p8wNcBSgJF/YGmAoQA3I/8vfMUhMcBOgCYHQKnYjQ6bCTDyP8HMACsBRv5nWBlgJMDdyP+cnzg0ytgI0PIAKBWj0WEbAbpsANnCxgCjt4BP2OnBASYGWJ0EdjQEkI+FAVYCDANSGIwOmwnQwyBwOfoGmAkwDEiiboCdAPv7d9jpwQHaBhgKMK4GJFEeHbYUYH/3Bjs9OEDXAFMBRkUgiaoBtgIMA5JoGmAswP7v6ApJoDg6bC3A6AtLomeAuQD769EZnkDNAHsBxmxIEi0DHAgwDEhyoTM67EGA/U/s8+AQneFxFwL0PCG+gooBPgQYLUJJNAxwIkCPq0Rl8AFHRxAvAgwDksgPj7sRYLQIJRE3wI8Aw4Ak0gY4EqCPuwUU8xlHRwhPAowmsSSyw+OeBBgGpBE1wJUAo0ksjaQBvgQYBqT5jsMjgDMBxthwGrnhcW8CjCaxNGIGuBNgGJBGygB/AowmsTS/cHiYcSjAMCCJ0OiwRwHGArJJZAxwKcBoEksiYoBPAfa/sc+DQ06ucHgYcSrAaBJLIjA67FWAYUASfgPcCrD/in0eHMJugF8BRpNYklPmwVHHAvR1O+lsmEeHPQswmsSS8BrgWoBhQBJWA3wLMFqEkpzf4vgw4FuAYUAaxtFh5wKMteTS8BngXYDRJJaGzQD3AgwD0rxlGhz1L8BoEUrDNDocQIBhQBoeAyIIMO4wmIbFgBACjCaxNO9xeGqIIcAwIA3D6HAQAUaTWJp6A6IIMAxIU21AGAHGWnJpag2II8BoEktTOTocSICxllyaOgMiCTCaxNJUGRBKgGFAmhoDYgmw/4hdHkyoGB2uE+BOYS3TKaNJLAndgCoB7t6qrGc84QN2eTCBbECNAPdvddYznjCaxNJQDagQ4DkVl/hKjWFAEuroMF2Al0RIr2V6xOMLz+AIogFkAV7/ENUNGE1iSWgGkAU4eCHWN2C0CKUgGUAVYPJxTN2A0SSW5IQwOkwUYPZxvFEDwmlGGB6nCXB0OUZyNdskGi1C5zf4TxzKDSAJkLgg26ABZzd7/C8QxQZQBEiWZNQNuBJuEXo8lPhvJB60LYIgwEJJTt0A2Saxpz8l/D8UhcPj5QIslmSbMuD5pRRfxKLMgGIBvmEzCb7iIWrINYnhrRRfBaPIgFIBVo+51IrWi0gZ8HJJBV9G403B6HChABtHXN0AmbXk/l1Sw9fhKBgeLxNg8y9O3QCJJrHXS6r4RjzyDSgS4BeefgV1A/jXkju4pI7vBCTbgBIBss661Q1gbxI7uDMDvhORi8xOnQIBMj91UUpSVTAbcGgwvhWSzF6tfAFyP3WTipJVsLYITV7B8L2Y5BmQLUD+lVd1AzibxKbvYPhmULIMyBWgpPaib8AFtlzN7AwG341KTr9mpgBltTd1A7iaxOZXs/HtsGT0aeQJUFp7PfmDX9SCx4Cjaga+H5dtA7IEKF+kqbgsXcstQ/fOcTULPwjMpgE5AlD6r9QNqG8SS1Qz8ZPIfMKuLJEhAO3Q6htQ2SKUOlL4UWg2qvTbAlD/tNQNqGsSS75W4mexWTdgUwB6D34oA9LvlfhhcFYN2BKg5vS6tD2tGnqL0MK5En4anW/YnRQbAtR9vOK9u00GVAM+4Pfn4MfhWanQrQtQ+/Fa3YCMgnWCxWum+Hl8lg1YFaD+dh3qBlCaxJavmeMBDbBowJoAHEWWAAas1EzwiBb4iV2asyIAT5FN3YDSJrG1mhke0gJL9ZllAbiKrHz3N8qkzIDVW6/gMU2wYMCyAJf4xWrUDfiEDeewHhwe1AZpAxYFYGy0UjcgP/aN0PCoRkjWaJcEYG20Uzcgdy25rcDwsFZIXZtdEIC50VLbgMzzl80JGjyuGRIGpAUoeRfN4t3aqZYAWQZsf0DBA9vh2ICkAALjNlkNioxkrCWX8QEVj2yI07/YtRdSAkiMW6kbsHkVO+cCBR7aEvPdTgggkn8DA95gw2myLlDhsU0x2/FjAVYWAKhD24DVTpa8ZgU8uC2mBhwJIDVy/4AjAzKbVfDoxpgYMBdAMP85Tcq8/F1qEcrMf6MCTD6VzwQQzb++AQtNYrn5b1WAQwOmAtD6KQrQNiA50XhyhZ9ugl9oj9eLwhMB6D112WgbkNilgsE1/EZ7pAVQyL8DA0oGF/Er7ZEUQCX/u91HbE6L2WlNSf77EuBWJ/+boyrsTAwoyn9fAugtja1twOGlrZUG6QT4pfawFUDdgNeL22X5HwJIYWVAYf6HAGJoG/Dc4FKa/yGAHN+xVS0eDVgbkUvzHGuD2AtQ/tdYySXlVQextocDAbQNuF8ajVkDobaHBwHUXwMIINL2cCFAAAMQaHv4EGBxYNENiLM9nAhQdl3WAMTZHk4EcG8AwmwPLwJ4NwBRtocbAZwbgCDbw48Avg1AjO3hSICCDj19EGJ7eBIgv0dXH0TYHq4EcGwAAmwPXwL4NQDxtYczAdwagPDaw5sAXg1AdO3hToC8aW11EFx7+BPApwGIrT0cCuDSAITWHh4F8GgAImsPlwI4NACBtYdPAXbnyssJboK42sOpAPpLim6AsNrDqwDeDEBU7eFWAGcGIKj28CuALwMQU3s4FsCVAQipPTwLsLtQXk5wBUTUHq4FUF9QchkE1B6+BfBjAOJpD+cCuDEA4bSHdwG8GIBo2sO9ALv3iMoWBNMe/gVQX1AyCWJpjwACuDAAobRHBAE8GIBI2iOEAA4MQCDtEUMAewMQR3sEEWD3GbFZgTDaI4oA6gtKzkAU7RFGAGMDEER7xBHA1gDE0B6BBDA1ACG0RyQBdl8RoAGIoD1CCWC4oCQCaI9YAtgZgO23RzABzAzA5tsjmgBWBmDr7RFOACMDsPH2iCfA7hfCVAXbbo+AApgsKIltt0dAAUwMwKbbI6IAFgZgy+0RUgADA7Dh9ogpgL4B2G57BBVAfTlBbLY9ogqgbQC22h5hBdid/kW4KmCj7RFXAN3ZcWy0PcIKoLx6BLbaHlEF0F5HDpttj6ACqK8kie22R0wBTtVXEsWG2yOkAAb3FMCW2yOiACevQauBTbdHQAFGOZiTgAKYtARh2zkojy/cvcV2acQTwH1LmK4AN+fYLJFwAhiNB2HrOahG+Lcy/+EEsBoTx+Zz0BTg+hQbJRNMALOFIrD9HBQF+FOd/2ACXCJCfRBADnoC/D7BJisIJYDhopGIIAc1AX4w5D+UAO8MFw1FCDloCfAD26sjkACmtw9ADDkoCfAVm6skjgDntwjPBASRg44AX7C1WsIIYHwrQUSRg4oA/2Fj1UQRwPqm4ggjBwUB7tnyH0UA85vKI44c5AW4f49NMRBDAJMC4AQEkoO4AHcX2BIHMQQwz78nASrLfzNCCGC1LswBiCQHYQFu3mA7PEQQ4BvisgSh5CArQG35d04AAeRPqjJALDmIxnt9hq1w4V+AT4jKFgSTg6QA9eXfOe4F8HC/mAcQTQ6CAnCU/2Z4F8DHPcOcCPCLP//eBYh451AxAXjKfzN8C+Dn/uEIKAcpAb7h+XlxLYCj+8cjohyEBOAq/83wLIBxAXACQspBRoCPeHZuHAtw5ij/5gLwlf9m+BXAvAA4AUHlICDA/SWemx+3ApxcIRofIKoc+AXgLP/O8SqAfQF4CsLKgV0A3vLfDK8CmCwJvgLCyoFbgFvJ/HsVwEEBeAriyoFZAO7y3wyfAhjeHmwBBJYDrwDXsvn3KQD/aVQ1iCwH1uj5y38zPArwEXF4AqHlwCnAb+n8exTASQF4CmLLgVEAgfLvHH8CuCkATkBwOfAJwDL9uYE7AXSXAM4G0eXAJoBI+XeONwEcFQAnILwcuAQQKv/NcCbAG6f5txBA4QTgAV8CeCoAT0GAObC9BagY4EoA/SWAs0GEOfCdBIpfBHjAkwC+CsBTEGIOfAJoGOBIAIslgLNBjDkwCqBggB8BvBWApyDIHDgF6OlS8E9s3ScIMgdWAeqXAt3A0zlAI/AK0Gc5ODTMAggbMARgh1sAWQOGAOywC8C9JsSEIQA7/AJItoUOAdgREEDQgCEAOxICyBkwBGBHRAAxA4YA7MgIIDUeNARgR0gAIQOGAOxICSBjwBCAHTEBRAwYArAjJwDnKuEvDAHYERRAYKGIIQA7ogKwGzAEYEdWAG4DhgDsCAuw/4Tt8DAEYEdaAN6JkSEAO+ICsBowBGBHXgBOA4YA7CgIwGjAEIAdDQH4JoeHAOyoCMBmwBCAHR0BuAwYArCjJACTAUMAdrQE4LmByBCAHTUBWBYQGAKwkyPAD56l0BgMGAKwkyHAw9s3z2KI9QYMAdjZFuDp9I3nneJP7fj4EICdzcz+fH4czx1xaxcQGAKwsyXAv5dtniXRKw0YArCzIcDB2zbPmih1BgwB2FkX4PC0jWlVnCoDhgDsrApwNTltZ1oXrWYBgSEAO2sCzP9YT//iB3VUGDAEYGdFgOMXa6a1UekGDAHYWRYg9WZ9zrM6MtmAIQA7iwLcnOERE5jWR6feW2wIwM6SAEt/pEx3SCAuIDAEYGdBgOUXaaZ7pNAMGAKwkxZg7U2a6S5JJAOGAOwkBVhPDpcBF3i+AoYA7KQE2PrjXDpvKISwgMAQgJ1EMrdfnJnulVpuQEQBuO8rwjttmRDgPuPNmeluycUGDAH23/C0XBwJkJcUpvul31/i+TIZAvzCs7IxFyDzj5LthhllCwh0L8C0PMfBTIDsF+UTrlsmFRnQuwA3Vd0USWYC5L8ps900q8SAzgW4E1iIfSpASTLYbptYsNG+BbgnXDnZZCJA2Rvy+S1+rZbPeMJt+hbgA56RlUMByvLPeOvk7AUEuhYg/++khAMByq8wvOO6eXquAT0L8B3Px8yrAJR1PJhKg9kb71gAhsG6JP8EoK3j8gG/XU3eBa5+Bahrp1/hRQBa/tlKg5kLCHQrAL2NcgsIQH+DOTiJqCPHgF4FoLXPZPGcv5r1O5hKg1lBdCpAedk0nycBavLPVhp8CGPzPKdTAT7iqSR4FKAu/2ylwYwz3T4F+IpnEuFBgOoPGHz30t8KpUsBMKAvxBeOD5hspcGtYHoU4E99ftb4wpB/xtLghgEdCvBX6gIAuODx64zhVOeZ1Sse/QlwJ3YBgBm24vCqAd0JcP8Oz+IfttLgmgHdCVDYM2nKW67C0IoBvQnA3AIuDFtpcH+99MbXmQDcLeDSXCLuepZqH30J8BvPEAe20uCSAV0JcC17AUCEz4i9nrQBXQkQ6wQAsBWH9zepFui+3gJKezRdwFYaTNbAOzsJDGnATwRfT8KAzgSQ7AMQg680mDCgMwGCGnCF6Os5MqA3AWSGgaThKw0e/QV0J4BkN6AcfKXBuQH9CRDTAL7S4MyADgWIUxA+hK80ODWgRwEEZwIE4SsN7u8PhmK7FCCmAXylwcPrIX0KIN4WJsJ7BM/BPwM6FUBuMlASvtLgqwG9ChDTgE8IngPMxnQrAEfzvj58pcGX6eV+BYhpwHcEz8GTAR0LELA/6AG+4vCzAT0LUD3CaQFjafDJgK4FiGnAa8rq+ZEUwPulUj4BwnUJP8JYGnwwICWA9wtljAKQF/Kx5JTzALxyIIDECrqMsO5/RAMYS4MHHArg+zIJ7+5LLhYixRu+0uArEwFcG8Dsf8RGUcbi8D+mAng2gPsFMKIBnKVBMBNA4E4KXHALELJRlLM0+MxcAL+XStlPgUIawFkafOJIALcGsAsQs1WYszT4yLEAXg3gFyBmoyhnafCBhAD8d9RiYVGAO/ohCWkAZ2kwLYDPi+VLAjy8kNPfGEO2CnOWBtMCuDRgSYDH5X/oBoRsFOUsDaYF8GjAggDP0/99GcBZHF4QQOrGKhWkBXgp7NENiNgqzFgaXBLAX7kkKcDr+r90AyI2ip7+RfDVLArgzoCUAIfr//ZlAFtpcFkAbwYk9nj66k03IGKj6DlTYWhFAKEb7FE5FmB+/taXAUylwTUBfBXMjgQ4vopTYQCeIRIXLKXBVQFcGTAXIFXLoRsQsVGUpTi8LoAnA+YCJO8ATF9gMaIBdN9f2RBA5kbLJGYCLJyg0OsCEVuFPyL2CrYE8FM0nwqweKGKbkDERtH60uCWAH4MmAiwUrDsy4BviJ3MpgBuDDgUYLVxjW5AxFbh2tLgtgBeGmcOBNgYYKAbELFRtLIwlCGAk7aJVwFutwp4XRlQWRrMEcCHAf8EuN+OhmxAxEbRutJglgAuDHgRICtHfRlQUxrME8CDAS8C5L1K0w0I2CpcUxrMFMBB4wx2MvezGtkAH2c8ZVSUBnMFsDfgWYD8K7bkT8gRDaCXBrMFMDfgSYCSqh35E3LEVuF31MJQvgDWBjwKUHYDMLIB9u935VBLgwUCGLdOPQhwc4b/Z9KVAR8QeyElAtgacEN4aSYbELFVmFYcLhLA1IAbyh3AyQZEbBQlffApE8DyuNyQLtF0ZcBXxF5CoQCG7ZPES3RkAyI2ihJ2tlSAeMelKwN+IfZ8igXoyQA8QSDKS4PlAnRkQMBG0UuEng1BgIOBvCCUvzCCcAaUXw6iCBDuuNB7JvwNSa9CuBxIEqAjA0I1ilIuB9MEGAZ4hHSPQaIA+6/YaBToBjwvQRIAWkmYKkC4Jnq6AUEaRYktAWQBhgG+oLaE0AXoyIAAjaLnt4i1lAoBwg3SkA3w3ypMbwutESDcGEWzBlS0BVcJ0I8BvhtFNdrCFwhnAPXua54NqLqdVKUATwu1RoI8R3X3Bs/gDo3RsGXCjVKRD5fXRtHKVUNrBRgGGFOZ/3oBejLAYZvgyRWCo1IvwJ7SrWsK2QB/jaL0i1svMAgQb5iuGQPq888iQEcGHK5ObQ9D/nkE6MgAVw2R5Fa3A3gEiDdQ24IB5GbXQ5gEiDdOSTbATTMUS/7ZBAhoAHVlHScG8OSfT4B4BpBLKC5ahauXCAV8Ari8TrIK2QAHrTDkJZDmMAoQb6A2rgFs+WcVoCMDjFuF+fLPK0BHBpg2QtBvi3EMrwCFqzg5IKIBHDcK+QezAPFGh8kGmBVBWfPPLkA/BliVwXnzzy/AMEAW4mpwi/ALEG9hDaoBFiUwllvFHSIgQLjR4UAGsOdfRIB4BlAH67RbhfnzLyNAPwboFkB4bhY7RUaAaEurxDCAGuMqQgKEGx2mG6B28VMk/2IC9GOA1uVvmfzLCTAM4OWNTP4FBejHAI1WYfIV6y0EBQg3Okw2QP7ip1j+RQUYBnAhl39ZAfoxQPbCh2D+hQUYBnBA7mDPQViAcKPD5Kutcpe+RPMvLUBHBkh96JHNv7gAw4BKhPMvL0BHBki0CnMMAK8iL0C80WGyAfynvOL51xBgGEBGPv8qAnRkAO/bnUL+dQToxwDeEx6mAeBVdATY30YbHfZggEb+tQSINzxONYDvxU4l/2oCDANK0cm/ngABDSDO4PC0CjMOAK+iJ0DAe/ITDeBQXSv/mgLEGx63M0At/6oCdGRA5Y7q5V9XgH4MqNtR4kZJ6ArgbKnVHAwM0My/tgDxhsep6aCrrpp/dQH6MYC6o7r51xdgGLDOe/y2FvoC7H9iV+NANIDSKEotQ5IxECDe8LieAer5NxEgoAHElflKW4X1828jQEADiJdmyhpF3+rn30iA/TfschwUDKAOpVRhJEC80WGqAfmtwib5NxOgHwNyG0Vt8m8nwDBgyvktHq6MnQDWS64TIBqQ0yYoOQC8iqEA8UaHiQZkNIqa5d9UgGHAC3b5txWgGwM2GkXJNzBjwFaA/SUOQRwEDJAeAF7FWIB4o8O77wi9jJVWYdP8WwsQ0QBaw/5io6ht/s0F6N6Akyv83AhzAfb3FzgUcSAakGoT1BgAXsVegICjw0QDEo2i5vn3IEDHBtjn34UA/RgwbxX+he8b4kIA9VuvMEAzYNooSnsOXnwIEHB0mMEAD/n3IkA/Brx2w7nIvxsB+jPgG742xo0A+5szHJk40M7hnluFib0F7PgRIODoMPFT3GMvlJf8exKgJwPc5N+VAP0Y8Af/OsCVAP0Y4AdfAgQcHY5ugDMBhgHaeBNgGKCMOwGGAbr4EyDg6HBkAxwKMAzQxKMAEQ0w7uyj41KAgAYY9/bS8SlAwNHhqAY4FWAYoIVXAYYBSrgVYBigg18BBgrs9/8DkYW+/i+p/18AAAAASUVORK5CYII=Azure Traffic ManagerGE.PEllipsefalseAnyAnyfalseEnables execution of background processes in AzurefalseSE.P.TMCore.AzureWebJobCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAUFtJREFUeF7tnS3cLcdxpw0DFy5cGBhoGGi4VDDQMFDAYIHBAoEAgQCDBSIBggYGggIGBgYCBgICAgICBgIhd/Xo/Y3v3L51zpmPrq6q7j94fk5K7z3TM9PTVV1f/at3794JIYQQYjFMoRAiL9/++N/vvvr2p3/wxV///u53f/rhH3z6M//6n9914Td/+O6D39747Osf/3H9r7/76edh2WMVQuTFFAohxvPjz3p0U6qbov23//r+H8r4V59+k55/+t3fPjAgWoMB46W9byFEDKZQCOHDTz/rPxThtmv/5Is3BW8p05n558++/eW+8Vb8/qs34+Av38uTIMRITKEQ4j4otc///OO7f//jm0v+f/yfv5nKUHzI//q/b8YBz43npxCDED6YQiHEcXBr//Fvbzv6//3/vv9ld2spNnGPX3/+3bvffimjQIhemEIhxGPY2eO2Rtn/z99rVx+JjAIhrmMKhRBvsLsnXo87GmVjKSGRiy35EEOtfZ9CiPeYQiFWhUx8FD67SmLRloIRdaAqgVJGPDbyEAjxIaZQiJVAMZCNrh3+/MggEOI9plCImfn+7//9S8yYGD4KwVIUYg14/5Ri/uEvf3+H92c/T4SYHVMoxGx888N//7Lr+5f/kFtfPAajEOMQI7GdQ0LMhikUYgZIAiN5T7F8cQVCQnQwVPdCMSumUIiqoPRpn6umO6In9HagskDdCsVMmEIhKoF7n52+avLFCPAoYQzIMyCqYwqFyA6LL+5Zdd0TkdBzgARCznjYz08hKmAKhcgIiyyLLYuutRgLEQXVBISe1HxIVMIUCpEJXPw05lFcX1RAIQJRBVMoRAboyKfdvqiMQgQiM6ZQiCjYNdGVTwl9YibwXjGv1V9AZMIUCjEaYqc0YbEWTyFmglwBlROKDJhCIUaBe1Td+cSKEB748pu///wZ2N+GEN6YQiE8oec6bXnl5hfiLWmQ9sPKExCjMYVCeEB8n2x+HcAjxMcoT0CMxhQK0RPinYrvC3Ec8gRURii8MYVC9ECKX4h74DGTR0B4YQqFuIMUvxD9IGTGWRcyBERvTKEQV5DiF8IPGQKiN6ZQiDMQq5TiF2IMJAvSaphqmv13KMRZTKEQR2ABYkeirH4hxiNDQNzFFArxDOqVOYpXh/MIEQ/fIX012u9UiFeYQiEeQecyGpdYC5EYAw2U6CIHlIuxC2zhPdFeuaV9ny0Yd9a/4/f2v092+jYGdXLMwT9/9u27P/5NnQXFcUyhEC1ff/fTu19/rpP5RoCBtVfutEtGCXMscvtessE8YayMmbETIuJeUE7WvYr+kI+jHgLiCKZQiA0yjj/5Qgl+vcGYYheNkuTYY5TmCos2lSLsUvdeBIWS+kNeDs9Y7YXFM0yhEEBcUYvzfXCRo+zo984OuX3O4s3QJMxAK1yMAiWW9oFwkQ4cEo8whWJtUFKK616D54brniRJdvXtsxXHwVuA0cTzVAjhHhhVFUJIYiymUKwJ5UTsVK0FRHwMsXop+3EwP3nOuLZ/8weFDq5ATobKBsWGKRTrQdKWjud9Dm5pEqzYlWo3lQPeA3MXw1VegmPwnataQIApFOvAAqrs/sfg0icurR1+DUikxCOjOf0avFfyBqyNKRRrQJKfkq0+hN0RCyOZ+eq5XhveH94atal+jLwBa2MKxdxo1/8hxJPZNZJ01j4rMQeUw2HUUdKq3IGPkTdgTUyhmBfipVoA34MHRDug9eCdkzegvJf3yBuwHqZQzAfuUHa61oe/OhgB2v2vC++e7HglEb4hb8A6mEIxF9r1v4bno/apgh4YKMDVc2PkDVgDUyjmACteCVDHoa5fiX8C+HZIIFzdKyBvwNyYQlEfdjKKb56Hsj8teGLP6l4BjCCFyObEFIra0CnN+pDFMciV0CEqogXDkNLZFY/DxvghlNg+E1EbUyhqgvta5X19oFysfb5CbBAfX/GUTConZBzPgykU9eDELyX69YXM8PY5C7EHo3s1rwBhMrXCngNTKOqANa4DfPxgcW+fuRAWeAU4dc+aR7PBZkPHDNfHFIoayOU/BsU+xRk4N2IVQ0BestqYQpEfZfmPQ90CxRUwBFYw0LlHlc/WxBSK3FCfPGNJEvfEjgK3u/XfI2FsKoUSV8BVTtzcmlezQEhAJ2bWwxSKvMwa76fOer+LyNi2WN0CxR0wBGZvLMShWu19i7yYQpEPapBnjCui+C2lijGQsapB3QLFXcgpmblqgE1Ke88iJ6ZQ5ALX82wLBjXUr3bThDqsfxuNugWKHmAIzJrHgwdP30h+TKHIA2eYzxTv52yCM7H0rF4PdQsUPWAO4Taf0RDAUFbILDemUORgppa+LAZXkoRYQLIaQOoWKHqxGQKzNfPCsFHybF5MoYiH2Lj1QVWDBQBXfnt/Z8gaCgDFO0VPyC+ZrcUwBryaBuXEFIo42AlkzIA/Cx/9p3/6oVscMHMCJJ6adrxC3IG+E7OFBVQhkA9TKGJAWc7QOIQ4f+/YX+ZQANz1cgjRwmYAI9qab1WRxywXplCMBwVXvUb4apz/KJlDAUDCZjtmIe5C18+ZOgqqQiAPplCMpXqZHzvzUYfm4F2wxpABnoNaBgsv+MYye8HOoFLaHJhCMQ6s+8qZv1jzIxvjcK3MsVEWaGU9Cy+Y/zPkCIGMgHhMoRgDmbFVLXqUcJTLmzCDNaYsYNDpvHThySxNhPB8qldAHKZQ+MMHbH0QFaBEMdpy59Aga2xZ0MImvOEbnKFcWN9KHKZQ+FJV+ZOkSMiivZ8IyJDGhWiNMws8L7k4hTd4xKonEMsIiMEUCj+qKn/KkVC6+3uJBjd79hAKRkq25ybmgzmW3Sv2ChkB4zGFwoeKyp84Y+bM9uylgaBzA8QoyCuqnFTM2JVEOw5TKPpTUfmPzvC/SubSwA2dGyBGwS46e3jsGTICxmEKRV+qKX/c6qPq+ntAnB33oXUvmVAXNDEKPE7MN2seVkBGwBhMoehHNeWfKdHvDIy5Qkmlzg0QI6l8nLiMAH9MoehDNeWfobzvDhw2Yt1XNnRugBgJybJVqwRkBPhiCsV9Kil/dgiMt72HilQ5SnWW5y1qQEig6jHDJCKrOsAHUyjuUUn5szOYqWsdC12F3Q5Gl84NEKPB+1QxJECOj3pq9McUiuuwqFsTOCPsCGb8qCr0BwDG6Hl6osgLOSu8+2d4Gea41CuGBHR2QH9MobgGH20VxTN7HLqKF0YxzpqgnPneMfhJ7NygdPZf//MNr8oUlPd2DaAB0HZ9vuvNgHjWewJFWqF8tkU9NfpiCsV5WMRZzK1JmwkWpYpZ/leo0iedeaMYZy5QoBiRKFW6YG7Ktqr7nLGj8LkfKgM2A4HE2Wr3pJ4a/TCF4hws3hXq0H/9+XdLudBY4Ko0RGH+yAgYC/MDRciuGcWIkqzwHfcE47PiqYLqqdEHUyiOg0KtsGhg/a/oOkOpVlngcO0qxukDHS03dz1u5BmO0l0d3mX7nsU5TKE4Bot1hR0mMcJ27CvBLq+Km1OJTveRsl8HldPewxSK17CbZnGxJmUmiPG1Y18R3LzW88mIEp3OQUIeioCcj4rZ7eIeHIDUzglxDFMoXpM9g5Ydrz6MD6nUGx0joB2/eIOEWwxbksG0uxesdaskNvfGFIrn4Fq0JmIWSOxRk5mPYVdNopf1zDLCjra9hxXBpc8OH4VfMQtf+EMeVoWTS7NhCsVj2FVbEzALqit/DotEpUzvVfM3mMOU31U+1laMhSonhc7OYQqFDYtS5h0I7lAp/9dkf48tK2Q7k/hIfTpeD7n1xVVUHngOUyg+Jnu5H2NTHflxUDbWc8zKjMmc7NZ4DxU70om8zN7ltCemUHxI9tgxmc9S/ufBxWw9z6zMUPK0KX3F84UXzCtKf9u5Jz7GFIoPyZw9rrrxe6CIrOealarJneTO4N6v0C5b1IcwkjZFrzGF4j24Xq0JlgEp//uwIyV5yHq+GWF3U8UIoD4f41lKX0SgpMDXmELxRuYOclL+/cie39HCnMya7MmCS6iiklEl5kUHBz3HFIq3HvJZdy5S/v1ht1ppp5qt3JNGLHLxi4yoG+pjTOHqZHYLS/n7gWu9UmJadJyTeUjGtdrviuwoKdDGFK4OzVesSZQBdqrteEU/Kp0ZABHln8xBdvuVjCWxNnimlBT4MaZwZbJ3+lNSiz+ZDUCLUccI4yGpcACWEBaUcrdzenVM4apkjvsDY2vHLHyo1pzGKzS0JfXJzS9mYIWummcwhSuSOe6/wSLfjlv4wHzgeVvvISvscHp5iDgzgcVSbXnFbCgf4D2mcEUqdIVjV9qOW/hR7eAgwEV/xwhQfF/MDkatEqnfMIWrgUVoTZRs6KCL8VQ7OAiu1D4T/kLxW78nxGxoM/WGKVwJdnlV3Jy//0r1rBGQ/Ga9j8ygzNv7sJDiF6ui/gAyAH6V+ZCflhkOg6lK5pbQjyCs1d7HhhS/WJ3MHTVHYQpXgR21NTGyUvUgmFnIfCjUI9qsZyl+Id5DdUuvxNmKmMIVINmpWmxX2avxVKyDp7mRFL8QNkfDZTNiCmenYokXqAtgPGQPV5w7QojHrBpeNYWzg1vUmgTZYRfX3osYD++hWnmgEOIxNFkjIbz91mfHFM4Mp5ZVrXFu70XEQfKQTr4TYh5WLA00hbOC679yS9P2fkQs1U4PFMIT1laqqo6Ssfz6i7+uFQowhbNSodvfI3A5t/cj4mHBsN6XEJVBOW+KmnWTsClVUyQib9zNnieUls2Lxn2vFAowhTOC69964VWQAZCXauWkQrCe7JU7p6Ci1Ecrv4zHb69UFWAKZwNLtXrSlgyA3FQ7QlisARUrxLZR8nirMpYSM6Zs4YBVeq6YwtmYYXGWAZCfakcIi7lgR0+zKnbVeDzb+ZkZjADrnqLAIFmhQZApnAmyta0XXA0ZAPlhwWARtt6fED3h6HI2NuzqZ2lnmy1Ha4XD10zhTGQ/4/8oMgBqQKOgypUmIicYlrjxeyTfZYX7yrZeZwyZ9MQUzsJMGdoyAOqgRkHiDmTGE04iubSaK/8u2Vq08x3PHAowhTPAS8tYZ3oVGQC1UKMgcQZ2+CsqfAva8lrPKIpnp2pWxxTOwGxZ2TIA6qFGQeIRhIlYoyi/m3mHeZVPvsiTUMs3POuxwaawOrys2RZeGQA1UaMgAaxHKDV2tyv2nD8LuTSZwmiztgk2hdWZMRNbBkBd1ChoTQgB0VSGXX47J8RrspUGztgbwBRWho/NennVkQFQGzUKWgPyjigfmz17fBSZTm6lqVI7vuqYwqpkSvzrPQ5ciO39ilqoUdCcYJxj4M0aJ44kW2kgTZbaMVbGFFYlUyMJD8tVyUK14f2pUdAcYOBL6Y8hU04X732mddgUVoTEmiyThJ2exyEX1Je39y1qkS25SRxni+mv0ic+E5lCATOVBZrCimSJsbJIYIywUFj//Q7abdSGnQPxYevdirxg0FPNIQ9cHDz7LB022WjOUslhCquRyUW0xYhIGLH++x2UWFQXGryoRXAdiDvzLeOx2b9HEUemI90p6WzHVxFTWI0syVUsGoyHRcP673ehhni7Z1EDdi7ZDjkRNsR3eVcKteUlkwdtBo+sKawEL8F6OaPBA7FNCK/61dkyUGeHvuYeniDRFwx3Gdc1wKDOUum1bfgqYworkSWrmiSVbUxejV/21xC5YQ5kCUuJjyFXh90kRlr77kRuMvV6qd7kyRRWIctEILa7TxDy6mO9wvnU1SH885s/qNQvK3yreNKU0FebLGcFVG8OZAqrkMW92ibneY2LyoL9dUQuSFLK4p4U78ETw7ejk/bmgSz8LKdtVvYCmMIKZDky0lLKXhNzhpjTrKjffz4wxgibKZN/TrLogMpeAFOYnSyJIIyhXVywTK2/7QGGxf5aIh65/PNBoyW5+dcgixe4qhfAFGaHj9t6CaOhOUg7Nu9a1VkaUMyAXP65wENWPSlLnCNLFVhVL4ApzE4Gq49dXzsu8D7/XXHMHHz2tVz+WaAPiL6LdcnSB6ai8WkKM5Ml8/9REwjvntXqBRALbuUsGcgrsyX2qWmPYA5kKLmt6AUwhZnJsPvH4mzHteFxBsAezjxorynGwEKTJea4KuTBYGQrFCb2ZDkLppoXwBRmJcPuH0vz2a6DOKT173rxzPgQfjD3spQdrcim+JXRLyyYFxnycap5AUxhVjLsvl7twL2PeqWRSXtN4Yt3WEc8RopfHCVLXk4lL4ApzAhncFsPeyTs/l+5Hkec9a7ypjGgdLIkGK2GFL84C+tihhM3K3kBTGFGMizER+LvI5JR1L/cH8X7Y+D74TuT4hdXyJIkXuXodlOYjQy1nlbTHwvr3/amWqJJNZhvqu8fy6b4ldwn7pLhgLgquVqmMBsZdv/El9pxtWAgWP+2N7Sdba8t+kAfhxFeHPGGFL/oTZbmQBXmtCnMBK5Y6+GOhN3gkbj7qLGqEsAH9fMfC/NYil94UCVkHI0pzAQP0Xq4Izmy+wdi89a/7w0JUu21xXUw7rz7N4iPYR4/aqglxB0yeAGY39kTtk1hFnh40bFYEsGOvkQSP6zf8EALZx8I22SIGa6KjADhRZXQcSSmMAsZjns8k3A30gDIPrEqoEz/HMgIEB5kKB3PXhJoCrMQvTiffXkjDQDlAdwDhTOiZ4M4howA4UEGAx9DpB1XFkxhBlgMrIc5krPldiMNAJRXe31xDN4TCsd6riIOGQGiNxn6AmTerJnCDEQnZV1puTvSAIBnZxIIG8JKKvPLC0aAjvYVPcngBci6VpvCaCgNil6kr8TYRxsAKLN2DOIxKvOrAd9+ZrepqEUGL0DWkkBTGE30Qs0u5Er5xmgDAC9JOwZh89svdaBPJWQEiJ5EewGu6hRvTGE00aV/V621UX0ANpQHcAzV+NdERoDoRQYvAF1G23FFYwojyVC6cbU7WUTXQuUBPAaL+zd/UI1/ZWQEiF5EV/2wFrVjisYURvLJF7G7tTsZmxEGgPIAbKT850FGgOgBeV3W/BpJttbXpjAKFm0+duvBjeJOGVKEAUBsux3H6tDd79efS/nPhIwAcZeqyeWemMIoojv/nW380xJhACgP4ENQ/hnKfkR/ZASIu0R7mO/qmN6Ywiiie7KfbfzTggfD+l1v1DzlDQwwKf+5kREg7kCPCWtejYRk8XZcUZjCCHDPWA9rFEeP/H1FRIe53/1JYQCUv1r7roGMAHGH6E3Cp4nWa1MYQXTtf6/YTMTkIt7djmMlpPzXQ0aAuMrnf47VNWw22zFFYQojiLTKWEx6ZWdGZZ5nyy4dhZT/usgIEFfA0xvhqd1D07h2XBGYwtFEH/zTs01jVMe5FcsBpfwFRsDd3B2xHqz51nwaRZYurqZwNMRErIc0ip5JGcTjrWt4k7HJhCdS/j5wCBa9MKz/lhn1wxBniN50Yrj2yDm7iykcTWTr3yun/j0jqpSxZxgjO1L+PmCIb4tSxYOTZASIM0RXnWVoDWwKRzL6AJ2W3hn0kfdDcks7ntmQ8u8PBrh1BC+udQxL699kJVujFZEXFLA1h0ZBT4J2TKMxhSOJdv+jUNox3WH0gUB7Zq8G4NlK+feFWCTNk/bPeQ+u0ujDuc6islhxBLxdkQZuhhMCTeFIcMFbD2cEHgqTF2pdaxS9DZosaOffFxafoxn0hJaqNViSESCOEH1SaHQ1gCkcReRuGYhztmPqQWSJidc9RSLl3xcSRs/mi2DYVksO1DkZ4hUYwdbcGUX0HDWFo4hONPJKmos8iKZ3UmM0Uv79wN15N1EuOmR3lizlViIvkSEu1rZ2PCMxhaOIzMLk2u14ehFdYzrL2QAYaFL+fcAo7VXuihFRKTlQRoB4RlTvlo3I9doUjoDF3XoYo/DMmI8qBdyYwfWpU/36gKL2CAtRNRDdTe0MhD2iE65ETqIPCIrMVzGFI4hUkiyKXu5/UJOJe0j59wHviVXe1wvCM5FJvGeRESAeEelpjKzeMoUjiEwoGtE1L9pFWrUeWsq/D3xfz8r7esE1+J6sMWSEsY54LqIWs5WjH8UUeoMVHqkgR3QMi0wEBJRoO6bsMC+in9sMRLgUo+OoZ+DbkBEg9kRXpEU1cTOF3tBhzHoII8DwGPHxRycCgqf7tzco/0o7yYwQk488GCf6mNUzyAgQLZGexxFeaQtT6E2kchzVfjE6ERCqZD9L+d+HxatXlv8dqKuukhzIM4tyvYp8RJalR+VtmUJvIi2tUQcwRCcCApPKM9mxB1L+98GojVg8HlGpZTPjlBEgIDoMENEV0BR6gtvNuvlRjHT7RScCQubOgFL+98ma7Ml3Fn3a2lFkBIiNSMM1InfHFHoSeQITnod2PJ5kSGijy1Wm3eGGlP89Hp3glwnecXSv9aOw8M/SQEtcJ3K+ejane4Qp9CTyAY+2sDIkAkKGc6f3SPnfA8Mye2hnD14K6z6yQe6CjIC1iU5QH71ZM4WeRLpYRsdYuJ41jtGc9XygXBg7CzdGE5bp2YYvKCmUPP+e7HB+j9+V8r8H5XajF4kesLBmCIm9AiPg6CmJYj4IXUXO09E6yhR6QZzNuukRRFhXXC9LRvSzicWCRyMM1eDnhfmbzZNzFnbXkRuAo/CsZQSsS2TuymgvtSn0IrI0LiK+AmRoW+MZDZ3htjGR7cruHlmFXdnqYERW6unwDLxAkVVAZxjRMEzkAyVszYcRjNZTptCLyPh/VLZ0hn4AGzz/Cjsw8R5CL7NlqOMZy2IYvyKqQ5uII7KEe7Sn2hR6Eal8opJ7osseRV3YDYwsWx1NdP/1o4x2y4p4qLKx5sIIRnr7TKEHkfF/XKjteEYSGVMSNcFbUzHZ7yzkNVQIQ2GstGMX87KKt9oUehBZ/z+q/e8jImNKoh6Zmzd5wI4nS7LsM1AK7djFnETqq32+ljem0IPImvjoZJ7ImJKowwyZ/lfBQ1ghOTBb22XhQ2TodqTH2hR6EOkGz5BEpeQ78YyZMv2vwqJboUcEY5QRMD+Ra/aog71MoQdRcT5eYjuWCCqdly7GwhzNcJJfFrJ00HwGPTNmTtAUsXkAozyBprA3kS5wFG87nghoLGKNT6yNFIkN5XfZkwMJWejdzUtkC2uM4HY8HpjC3vAxWzc5giwxVVyGFRKdxDgUT34O3SuzfzMz9mkQb0RuXAkztePxwBT2JtL9ncm1qjCA2FBZ2TH4fs+eQzEaQjgyAuYkygAdlQhoCnsTld076iEehSQva5xiLdRi9hy42bP30mCtiWo2JvyInHcjTvw0hT3BxWnd3AiIr7bjiUbVAOtCTFuHzFyDdSS7Bw0jYPRpbsKXyB4unKDZjqc3prAnkbveUYkUZ1BToDVBOaxe5teDyMSsI6zcy2FGUMLWex7BiBbUprAnkR9sRldrZEtkEQNeH7mH+8GijEFlPessRB0+JvpC+Ml6vyMY0RHQFPYk0m2XddHV2QDroCxxH/i2s4fTlOg5B1E5bMzvdiy9MYU9iVJ2uOKyllhFupXEOFQn7gtJUuT5WM8+C6sc6jQzkQ2BvNcPU9iTqGMVWXzbsWQi8rhJ4Y/axY6BZ0w/BesdZIG5IEOwLpFhbO+kYVPYi8j4SZYOgI/gxDdr3KI+2vWNJ3tyrbxBdYns4uqdS2IKexFZAZA9CQf3ZfZWp+I8GStPVoHs+8zflBoG1SQycdt7PTGFvYhsAVyh5Cq761KcY7Vz/DPCd585vObdMIj7pxfBBp6RPWyMtv8mL9VxogxL75bAprAXZMFaNzWCCu42yhStsYt6qLtfHtixRWVuHwFl0iO2y30y79hI3DF68EyQrM16rXJVm6j5RBVRO5aemMJeUMdo3ZQ33g+tB1jfSgSsT6/FXPSF7ytq/TnKWaNxU/jkmHiWQLIucQ1CKvISvBHlrWV9acfSE1PYi6hDPHhZ7ViyoYOB6qPufvkhhmq9uyy8ChuhgFH6kb1DcEOPaEubmcikbc8zAUxhD5i41s2MIHssNjI5UvTBO5Yr+oECzZwcaFUssehjvGTqeIgbfFVDILJ3C/ka7Xh6YQp7wOJo3cwIzrrWRoJhlP14U/EcKf96sIhmUqYthCtYGzbFn9lgWdEQ4Fhq61mMwFOfmcIeRNZOelpMd8leryyeI+VfF2LomY1vxpZZ8besZghEvRvPltKmsAdYLdbNjIAPvR1PBrAiK33g4kOk/OtDdZDO4ugL3osVmhxFVQJ45rSZwh5E7nSzZq5m71suHiPlPxdKwu0LlQOzJ8RGVZWgN9qx9MIU9iDqA2MitmPJQGRTJHEPKf85iezxPits/NrnPAtROo31px1LL0xhDygdsW7GG9w07ViiwSOhmv+aSPnPDblKvGPr3YtrEGLxLF2LIrIU0CvEYgp7EBUvwU3TjiWayBIScQ88N+37FHOBgefZWGdFMKoyJ2NfYca8NlPYg6gdr1VTG41i/3Xx7sUtcsAOS99pX0h4nikvAIPGus8ReBlTpvAuagL0HnYX1jhFHajeaN+rmA/WLR3Q1ZeZQmjswq17HIFXuaUpvEvkg8rWBIie2tY4RR10xO9aRMZ6ZwQjIGtp9hkiN7Zees0U3mVGV8kVdOb/HLCAZS0tFT5wEI6+3X6QYzGDERAV2vbybJvCu/DxWDcxgkyTTDuJeVAy4Hrgulb1Tj8wAqo3DIpKbvfqBmgK7xJZ855lp8Y4tHjMQ8byUuEPXryoRX9GeJaVvWlR5e2Ektux9MAU3iWqCyAKtx1LFCr9mw8d/bsmKKyoLnAzkrFS6yhRzYC8qpFM4V2iDIBMuzQtGPOhZMC1wQ1rzQtxnqo9AqJ0m1c7YFN4l6jMdzpQtWOJgB2DEojmgxhm+67FWpCNrW/7PlXzAaLyurzWHlN4l9UNgMijkIUvM2Qyi3sQClL74Pt4xbU9ieoGyHxrx9IDU3iXqOM2s3Rti4oTCX9UDSAAQ5Dz+605Io7DZql9tpmJbAfcjqUHpvAuUQZAFotS2f/zkvGsCREDLuyorPBZqFZdE+nd9fA+msK7EK+wbsCbDAYAL8kam5gDNQUSLfL43cOrza0HkU3uZAC8IIMBoPK/+amawSz8iOx9Up1KXgDyP6x7GEEZA8Aa/Ai8uiWdQaVC80MpUPvehaBM1Jov4jVVvACRHl4ZAC/IsDBH5T+IceiIYGER5fmcAa86995EGgAenkdTeIfIB5TBAFB50PyQ/d2+d7E2ka7hWfDY4faG/B9r7COQAfCCz76OLdGib7g1LjEf7bsXa6NEwPt4nXjXG2vsI5AB8AKvM5OPol3AOlTYrYgxsCuU5+8+VcIA1thHIAPgBdEGQGSTCDGWag1MhB+q/OlHBcPaGvcIOGa/HctdTOEdVjYAVAGwDuoIKDaiWp/PSIUwgDXuEXjoN1N4h0gDILo+WwvBOuhkQLGh7P9+VOi0aY17BDIAXhBtAOgI4HVQS2ABtAO25oe4Bm3U22ecDWvcIyhhAPzl+7hEuGgDQD0A1iHLyZMiFsX/+0M1VfucM2GNeQQlDACUsDX4EUR3k5IBsA4yAASo+19/sifYWmMegQyAF3g8oDMoFrgO1U4xEz4wD6z5Ia6TPRHQGvMIZAC8QAaAGAXvun3/Yj1U/9+fLMe6P8Ia8whkALwgujRLBsA6yAAQSgD0IftZG9aYRyAD4AXRZwHQI94al5gPGQAiMuF5ZrLn11hjHoFHboQpvENkGWC0AaAkwHWQASBUAeBD9m/LGvMI2Fy3Y7mLKbyDDAB7bGIuZAAIQo7W3BD3yNwLIPLANxkAL+BErnY8IyF2ZY1LzIcMAMGGw5ob4j7ts87CbI3uTOEdIs9Ljs4eVSvgdVAfACEDwId/+l1eD0Dkia8lDACwBj+CaANAC8I6fPKFWgGvjr53HzJ71yKT3L/5oX+HRFN4F2vwI4juz06ZhjUuMR+c/Ni+f7EWMgB8yGwARK7xhB/a8dzFFN4lqjlGtFs20joUY/nsax0HvDoyAHzIHF6TAXAALDjrBryJnjiRCSJiLF/8NbbrpIhHBoAPmQ2AyHfucUiSKbzLqgYAqDXoGpAM1L57sRYyAHzInF8T+c7bsfTAFN4lqiNehtgRRog1NjEXHu44UQu8QNbcEPfIHF6LqvTy6o1gCu8SqQTbsYxGx4POD16e9r2L9YgsCZuZzMcB452wxuyN1+bWFN4l6iGBR5zkDKoEmJ/oahORAx0G5APPdf+cMxG1ufUKb5vCu9CRz7qJEUTHZpUIOD/ZzysX48A1a80RcY3MbYDh15/HGABeJySawrtEJkpkyM6OSoIUY/DoyCVqEqUQZiW7dy3K4PNqcmcK7xJ5SEaGBBLlAcwLbUppd71/32Jd9K33JXMCYGSbe6/GY6bwLpHZsXyQ7XhGQxKLNTZRH3Z87fsW66LmX33JXF1DK15rzCPAq96Opwem8C6RH0WGGlIsRXaK1vhEbTIYmCIPfOvq/dEHysfb55uJyI0dyeXteHpgCu8SaSll2aFFVkIIP778Rh0AxYfoFNA+ZD9fIzK07bXumMK7UIpn3cQIsmSR8sKs8Ym6KP4vLNQQqA/Zk2sj8z28no0p7IF1E6NoxxIBikIlQnMRfdy0yIlCfn3Aexvdx+UZVChY4x6Bx1HAYAp7EKn8siSSKEN4LjJ3KBOx6FvvA3rjL9/n9AT8y3/ElXd7eR5NYQ8i62OzuJKYyNb4RD2yhJZETti5ygvQB55jxtM2o5I9PdceU9iDyCQ4r4zJK9DByRqjqEX2BCURj7wAfclUcRPZ9tnzlFtT2AMWTOtmRpCpVauSAecgq1tS5EFegP4Qd89wNkCkN9cz98gU9iCyZIKzCNrxRBIZOxL34f2171QIC3kB+kN/gOi8rshKD68mQGAKexDZDCjbgi0vQG0ytycVuWC3qrNA+kP8PTK3K9Kj7RnSNoU9iDwVDzdcO55o5AWoCQk4qv0XZ+BEUoUCfMCz3D7vEUTmcnmecGsKe2HdzCiyxWx5idY4RW60+xdXYN5Y80nchxDvaKM8sqzdszeCKewFsRvrhkaQsYxE7YFrgddGu39xlcjGMbMzsmlQZAWAtzfbFPYi0m2SsWxLWcK1UN9/cQflA/jCrtzTPb4ReQiQ9wFJprAXuGqsmxoBxkc7ngzINVgDZf6LHhCKlNHvB8/WOy8gcs3Gi9SOpyemsBfU41s3NYLMndsiuySKY2j3L3qhKiB/PPMCIkO33s2QTGEvoif+qBjRWaiQ0BnieeHdKPYvehK5GVoFNlYeTYMiK7i8vRumsBeRpYCQ+fAWajutMYscEHtT9z/REyUB+0PORc/vlo1AZAjHew0yhT2J3OlmaglsQYtHa9wiByPii2It9M37w3fbqwoMBWxdYxTenkhT2BMOMrBubARY3O14MoG7KrJUUhwjou5YzIuMgDH0+G4jPbUjEpFNYU8ie2N7l1D0QPkANfCKL4o1WcUIwCUfqQP4bu+cIxD5nkZsYE1hTyIPBYIKOzdlCdegd3xRrA3lZTOXCPK9bMqXev0obycbrKv5YJF9HEaEsE1hT6JjKCMaRfRASYE1YMFWiaDoBetTZJtZL/bKfwMPWuSO+uypeisksZvCnrADt25uFJV6uc+6GMxIxk6ToiaUK0d2Te0N38YzzyuKLWqdIyftaCgvelM2oozdFPYmso7Su5NSb9QpsA5344tC7CFzvfIGgO/haIgMJRxl9PCMj3iGI70VjLEdjwemsDeR9a/Ef9rxZEYHiNSC+eV5XrdYCxRjZAv1K+Duv/oN8O8ikqAJ5b2KsUdWaI1qZW8KexPdBeurb49ZpRlQRUBN2P1884O8AaIPeJayVwrcUfx7cHXz/VjX8IaQgOVqxxCz/n4U3i2AN0xhb1DA1k2O4mzyRxTRCZPiHkd2FUKcIaMhgLL28Hrx7URURVhVAtGVWaOOszeFvYlOBMTKa8eUEcX/50C5AaI37EgpqY5ySxOTJjTh7eXi96PukV33lrwY2bsARq0fptCDyERAOJr5GYni//Og3ADhBUqS3bJ3Eh2GLNcZ3fsCJUwlgTUmb9BTPN9IfUVopX0mXphCD6Itqgq124r/zwdGXQXjU9QEZYn7mjAnc+2q4mLXTbI2Cp+Q7bMyvlGQqR/RiCe6OdPIyjVT6EF0TGVUUsVVFP+fF9ynlRJRRX1IbGPOvaL9d9nAeM6eDNmbkb1rTKEH0VmVI90qV1D8f37UPEiIa0Q2DxrNSMPMFHoR4c7Zkzkxa6ZOYOIxKhcU4hqzdUx8xMiQoSn0ItqVkzUpi3hbdNxJjIN3XalFtRCZiGoeNIJRHQA3TKEXvDjrpkcxMrniDLh8rPGKuWE3M6LftxCzgTc3qnmQJ6M6AG6YQi94adZNjwKrsR1TBsjgtcYr5kflgkJcJ6p5kBejk9VNoSfRrpuMxwPTqMgaq1gHSrBULijEeSKbB/VmVAfADVPoSeTBQJCtLbDi/2KD+N+IM8CFmI3I5kE9GZ0gbAo9ic4DyFYOqPi/aNm3JBVCHAcPb9VyQTaC7f14Ywo9IenJuvmRZAoDKP7/GEIj9D+fwbI/Cy7NjOEqIbJTtXkQSY3tvXhjCr2JPhcgU1dAxf8/BMVHiVzbs2FVQwnjR94AIc5D99lK5YIReskUehO9mI+utXyE4v9voPRRdK/iX2T8Wv9+duQNEOIalZoHRVQDmUJvWMysBzCSDMlWq8b/ycPARceEP1sHH51DEom8AUJcA69i9s1WRIdQUziCaNcMCqgd02hW6P9PuIcwB+4tlHePdsy49lb1nMgbIMQ1MpcLRvWoMYUjiE7S4IFH76aiSyKvwC4Uz0ULYR1AOfP/e9e0c3riKoeDWMgbIMR5+GbYjFjfVCSjOwBumMIRZHDljm660JLVGn1Gpta1eBOiE0ojkTdAiGtkO12QzVM7xhGYwhFEHw8MkWcDZLj/s+DKb+8jGp4j79Ea7yrIGyDEeTIlCOI5bcc3AlM4iugSOOLI3q7qR2CBWmPKDDX57X1kASVojXkV5A0Q4hqsa9E5RVF6yBSOIkNZV0TpBVQsacvk/rcgpLNaciBuTPJp2EHICyDEefhuIpPSCWO2YxqFKRxF9OmAEOXWrua2zuj+tyA5kDJD6x5mgd0+iUza8Qtxn2hvLN7LdkyjMIUjyXCmc8TOtpqSyuz+b8GdFh1e6g33Y3VIFELcI7oijaqpdkyjMIUjyeAKZwztuDypmACY3f1vUbl9MC5JykQJa0TFB4WYHdz/kWFDrh0ZujOFI8kQBhgdg6mWAFjF/W+BdR3ddOooeIVw7WfoUinECmBgW9/iKKLq/zdM4WgyhAFGlmFUSwCs5P63wHuRNSTA3Gc+RLQBFSIC8nS2uU/8G4M3ahccnYtFWK8d00hM4WgyKMSRlli1BMCK7n8L5ll0lQDX5/1fOQdBiBl4tP6NNggIrUWvBxhD7bhGYgpHkyEMAKNeRqUEwMrufwsy50d3YKRU77dfvrVJjoz39YDFmV2LKhDEFbbd/xG8DYLobrTogXZMozGFEWQIA4w4IIhdn3XtrFR3/1uwmIxoHEQ8v6dRidKNrALgubXtUzEQeZYYN6pQEK+4s85vBkGvpNjoLoDcSzum0ZjCCDKEAXAHebtlWSita2dlZjc1CYKe/cDvKET+LQlKLBL7/AUSVqO8CEdOr+R54uLlb5XXIPawmbDmzFl6GNUZNmKR5X8bpjCCLGEAb6usUmlaZIeqUbCb8KoDPmMAsLtnbrAreWWURCQOWbv/I+Dm5PlizEQZLiuDEYYBye450pjn2r2qcXoozl7GyFX4ltoxRWAKo8gQBuDFeC5UlRIAcWG3458V4oxXFNwznhkA/DcWIWr9zy6MIzxVLUd2/69g3BgDPOv290VfMGzZzOyfP8ZYVNJZz3WvR8VWtK4hJ6gdUwSmMIromswNz7h3byXjyWoLNYtmz4WqNQBQ2sytHkcYYzjsf9uTq7v/Z/B7UcpodlhHH70vjLCRJc/QO+x59/yWDN7mDO5/MIVReCw0V/ByfXN/1vUywkKxqsuWBaaHu3IzAFB0Hn0IRi0iPXb/FlkWwVk4M8/IuWr/vQcY1b3X9Ltjj84343m0Y4rCFEaC29l6aKPxsJL5QK1rZYSFpB3/SrBbv5slvBkAXomfIxICPY1yGQB9QMleWTfxInnPH1zd1rXvQK5Me50z9PDA3WFEtdlRTGEkJK1YD200uILbsd3FSxF4cPcjm4U7uQGbAYCis/57D7wTAr12/yAD4D54q+4YaJ7JgSS2Wte8y534eQb9kim0agqj8XCXXqF3jDJDqeNRtDi/52qlwGYAeC2E4JkQ6Ln7B82x67A29Upk80gOZO547bTv7KCjq7D4nry9LmcwhdFkSQbsnanp4Q7zYOX4/zPOegM2A4D/tf57L7wSAj13/yAD4BrMQ+t53qF3cqCnor0TnozuwpqtssoURuO98zhK791VFs/GKzzCH7OAN+CoIbcZAMwh67/3pLcyHfENygC4hmcL2x7JgbjZWTut3+8Bno/2mkfw9MQdJVtzLFOYgSzJgD0ttmjr8yjeceUZYDF5dabAZgCA9d970jsh0Hv3DzIAruHtIb2bHOi90WEdba95hLYvwmiuGi6emMIMZEkGxJLtER/jg7J+PyO944Gzwjt9tqiMNACgl+E2YvcPMgCuMWJtvJocOKLDHnOzve4Ror3Kd/sXeGAKs5DFZd7DJZ7FoHkF9e/t2MVzHnkD9gbACO9Pr5DViN0/yAC4Tq+2us94lBzIewPmCbF+kvJYq0eW17VjegXjtX5nFHybPT10vTCFWchUNnd3V1ylBFDx/2ts3oB97HO0AQB3EwJH7f5BBsB1enasfAbzebRyPwK5OPvn8YroBOzeCeW9MIWZGH12+yNoCtOO7QyjdlV38WyDvAJ4erbyrL0BMNKbdUexjpynMgCuU6mk2IP9t/UKjNoRHpNn4CVsx5UBU5iJTIrzTplMlRJAxf/7wLzdu+NHGgBXEwJH7v5BBsB1ol3a0ZxZpzzKJs/A99iOKQumMBOjF6Vn3HmRd9vKjiBrnGoGcM1bz9wLDJB2DK8YbWzLALgO3+k+3LQaZ+bOlSZePbnyLY7CFGYjk7vrqhegQglgZku1OqMXIZTDmYTACENbBsA9ssXlR0IpZPs8LHoYSqzdeHDxJJwtTz/7HY7GFGaDB5jF2mUynN0l8/fWb2Uja6LKDETUIJM/Q+jhCBHKZKQBwDfIRiJTH/a7ZOmVEgFJkEcSAa/2TOB7oMKhDTWcNZTvtC0egSnMSKbJftalU6UEMGOd6ixE9yDPyCgDAKW/JROzkTi6e8xOlcoiL1DEr5LrzoS1CNOSBP0qwfCMUZE9p8oUZgQvgPWAI2DinfECVPlQV0oAHO2WGx1fr4C3AcA7flQulzkuexQUlXVvq4Fx3T6bPRiA1q6dygB26Cj0dj3Hu8D8BGtdxGvW/l4Lf9P+u2yYwqyMqn09wpme2Z69u3vBzqgd96wQ6uB+WTjOGHJ3qDAHRuNlAGzu/ldhQxb/Ue/fiwq5RSOg9PbZzn070ZPnhTe5nXt4aflG+Zu29Jx51G4Y+PtX8+tO1dgoTGFWsMSsBx2BNSkeUcH9m7FPdW9Y7NtsfBaEEXHh1d21Fh4GwN7df4SrLW+zMLq6JDPs6I+GdwgdYCSyqTwS0+fv2t94ltfDutL+fUZMYWYyeQGOJs1VSNZhjO24ZwLl/6wUk/92prnIWVB21nVXpqcB8Mzd/woUQNXwl0JLH8Mufp8gyP+NYYjCPuK6f0Q7R1hTHhkPVUJMpjAzmbwAcKTDExPS+reZmDkBkAXgSJa7Z1iAeWJdc2VYkO/uvnlXR9z9r+Dfj/AE9SbbepgFvEBs0M54g15hdYO1PHtnc8QiMYXZyeQFYIK9etl3rM5RENNqxz0DKJizJW4eYQEt1I/he74SLz3r7n8FRkBFQ/iu8SOOY83T1rNYyZtqCrOTbTF9lYXac5HyYNYTAHHp30mS4sO+axix81ec9hgYakcMAYw6z2dazQiosMGYBeZo+/z3CYH8b6WcElNYgUxeAF56Gx/acyTJJJIZEwDxyvQwvHi3uKrPuvS2rGPrN8VzWGQf5Qfg7h9xsEsVIwBlk319mQ3rwLQtIbBaLpUprEA2L4BlGW5Yf58JFFU75ur03iGyyB51U/N3WpTvs0/mwiAY7UmrYARk2gitghXj5/9H/mwjmBFTWIVsrlWrNwAWuvW3mbDGXRnPsstnYQEWgQoVH5VgUY38zjMbAexErTELf6wsf88qIi9MYRVQrpkSYBhLOwkqJH/N0hoVRvRcsMICGAVnkw1FDa4kKHqzjzuL8fDsK8X6H2EKK5Ftx9W2f6xQ/13NbfWI0Q2XtrBAjzI0kRPe691E0N5geMrYjGeG3immsBLZvACwdxvyf1t/k4l904yqjFb+Yg3w9LRzLZot4UzEktE4PIsprEY2LwBZypt7KHunLnax23OsipS/8MBK9opGHSVzQRJm+44qYQqrgbLlY7VeUBQkLjG27NZ69RJAddiz4b0SjtrASLLAeN7/Hf/O+r0VyRb7x1OXbZ1bHbwA2YzEM5jCimTcaZNcl70WfIYSwJXjodw7uxCUOZ3xerkkWdTYbfJdMUdWMwystq8R8D55D6CSv3xkTBA9gymsSjZFgLWefeGcoQRwJS8AcwqFzMITsfPgWVN+hodr1sTH3rHdvRIHvrnNA4OHcO+Byd41VLxnhrXTFFaFj8t6UeIxs5QAzrw7QimgKLJVa2CAMH9mMwZ6Jv5l9wCKa2wh3uqYwsrITXaOWUoA2WXNpIS4F5RHz52oJ7MYA70T/+6cRSFyglc3wvvmgSmsTMaywMzMUAK4MUMXPhQGrsXK74VvkF30iJ79vekZ06UpmHWNmeAd70MYUPG9H4Xvc6vwmgFTWB1ia9bLEx+CodQ+u8pUNv7YVczUkREwYvgWq2Su9078q9AD5CwoQDxT5IE8805h/DCfMQRnSdJlbZnFY7phCquDe0blMq/hY26fXXWy911oYZ5ap4vNBN8j7yXzN8ni3jvcMlP8/66BikHAHKhsDFTP+LcwhTPAy7JeongPH3X73KpTyfgjZDFTCOYVvJusbZN7Jv5tzBD/Z42g8qO9tzvwe9UMgRky/i1M4Szg0rNepnijeherR7BTse43C8RJqyT3ecC9o1isZxMBirp3UtcM8X/CN+199QSPQIV8gVky/i1M4SwQr6kaEx7Bb7+sf5jFIzLuMJiLLHrtWEeBYcSinsWVmcUb4PE8Ksf/MYh67/ofgaGUufcBhmpv4zATpnAmlBD4GG8LPxK64ln3HMXIRdWizY2INET2oAAiPXVeXrCq8X/mKe+kvR9PCINlNNh5FjNl/FuYwpnAepslC7U3syefZVmEUXDRsf7W1cquq/2bSJiL+/GNAO+Dl7JDeVjXzEyE8t9gnc4UsmVuzJbxb2EKZ0OhAJsZs1r3oHSjEwKzeFlahYRR3P5NNHhtRsaEvd4NStS6XmZ47tEKL8P3ujH72rhhCmdEoYCPoXVy+5xmIyoUgMHJtdvxRMGCthnB/G/Wd48SGrF75hpesd2K8f8sCi9DO/dZM/4tTOGMKBTwMVHuvtGMDgVkU/4bvG8W2Ozvnbird5WAZwJstfh/tmogSjKtcY4go2fME1M4KyRhWS99VWbObt0z0rWYVflXg7lJ+ZX1jHvhFQKoFP9nvmYzCHn3UaEA3l07npkxhTMTaV1mo302MzMiFEAcNTLTf0a8d9O9E2Grxf+zVgJFnuvRjmVmTOHMYF3qzO23FrTts5kdT2WSIYlqVryNgN7xb8IsNHuyrpWNrOEgwkDWeEcwe+nfHlM4OwoFrOfqgrYWvheZk+pmAKPds0QMY9hj0cfrlCWr3SJ7K/Coo91X8uKZwhVYPRSwmgHATgdFbT2Lu8zeTyED3kaAVyIc48661mSft1HVFKuUAIIpXAE+zEz9yEeDi7J9JjPj5ZIlVtleS/jg3THOc+fHb2dbb7K7uqPyKbJ0yRyBKVwFDiXx2hVmZyUDAIveegZ3YUfaXkv4ghHglcPjUQLGePe5IVnOPyBnZRtTZiIqKjxOhsyKKVyJyod23GEl5eWxa0QJsbjvryPG4Gm4792/vF9yO/aQNb+H0AHG9IalsBgrHsftd9nZRre9zdYK+hERPRVmPv2vxRSuRrXGHT3gntvnMCMeu38WdGX8x1LNcOckRuseRrY+3lNlA4CRZY3fk5W8o6ZwNbDOVysNXMUA8Nj9r+QizIx3o6CePFK4eBkiNiBVvv8IA2ClBGlTuCIk6ayUD7CCEvNo/sPisHfnijhQnhEx4qs8S7pjro7chFQxAKI8PYSZ2rHMiClcFa868YxgWbf3PxseOyu1+c1FJcP9VdndyJJBGQDPYU6RsDm7sW8KVyaq+cRoZjcA+HB7K4Zsh6aINyLcxFc4Gne3/m1vqsS5o3M98MrM3BjIFK4MbsXM3bt6kcUAiM6GPgrGxEotQqvh2R+gF8yhIzvKEWGNKgYAu3Br/KOh38eMVT+mcHUo96niVrxKBgMAhWqNLSMrNQepCLs0671lg7WlHXsLytn6tz2p0geAY5ut8UfAxnC2EKApFO9+RbzOmgSzkMEAyGLdv8KjQcxoMLZQPrhUZ9zJQIXw3ZHOkaOqG7IeBLQno4eQMc3iDTSF4o1M1mdvMhgAFdy2UDkGyELVLqLs/kg2m80Q4F6ze+6OGJOjEgExBttrZyNreTbf0AxngJhC8QbxuhHuuAiiDQDKbKxxZaPy7p9mRc8azRBrni3BiXlt3WsmXuUBjKpGyl4JEHUWwBk436FyyaApFO9hV1Gp1vgo0QZAFfd/hV2SBUrmiIeFHfORuHQVuO/sSbyvnrfX2RUtPKcjSYlRVFkj+IZYTzM/y0eYQvEh7KRmSwqMNgAqeFayL5DPoPWsdU8W3OcsMU04c+8RvEooHZnQaLUozkKVEOEGG0XebYXcig1TKD4m+6JylkgDAKVawaCq3C3xbBy5qqfjEZm9dq/6SWCMWf/Og6whLjZd1nirwHOtEBowhcJmVHLOCCINAFyg1pgygYFSeVd8NiOehNf2NyqT+VvFOGnH22L9Oy8yhoCq9Ad5RgVPgCkUj5lhYkKkAcC1rTFlonrXv7MhliqtYY+SPcn0lXE50oNBIlt7/Uiiu//14IiRlwFTKB5D6dQMJwdG7vgqxP+rH/e7ugEAmWPIJPq1491gRz46REbCXTuOCDCMsidxHqHK92QKxXPYXUSd492LyAmaPf6fNS56BhkAubPIH+WX4DaOUIB8k9Exa3KDZvGwVsmpMYXiNaNKdbyIWvArJPfMkBAnA2BsMt1ZrBAcCjDSa8G1o5pDzaT8oUolgCkUx6gcq4pa8CscuVw5+W9DBsAb2cJNhA8fJd1laGUcYQTMpvyrxP/BFIrjVFBoFiyM7b2MAEVjjScL2RKiriID4I0sRjohw2dx9kzhipFGAGEHvjlrHFWp9C2ZQnGOClntLVEGQOb6bIisjuiJDIA3MlQDcLjPM69SxnAingrvk+8weir0AzlLpRCiKRTnqXZwUIQBwK7CGksmZumNLwPgPVFK5pm7fwMDJbMSfGW8XAHDYrZd/x51AlyU7O7tPezER8e6sydO4qZtx1wVGQDvGZ1Y98rdv4FBnN0jBtwPxxjfqRLgXjk9r8L93oEKjvbeM2MKxTWqJbPwYT+rR+5N9nyJ6s1/9sgAeM9I7xzP8YhhzVpx9h1lAK8GYTI8G6/uk7/hbyve51WqrSGmUFyn4ofNojUq6YdFIevzmSX+DzIA3jPC8MTLcCZ8xI7a+p2KcO/MN5ihic8dmGvtu86MKRT3QJmOdjveBdfcyPh3RkPgVby2EjIA3uN5uh5etLOLPq5w67dEfap1EDWF4j5V4nstdCjDi7G/F08yGQIj79sbGQDv4Vu07vkuR939e5jvM2a+i5o5RKZQ9IFs0IpGAN6L0W1Bow0BYpvtmCojA+BDeL/WfV/hrLt/I6rNr+gHSp5va4OYP6FDqNhB1BSKflQ1AtilHMlk7k2UIUDyZjuWysgA+JBec+pOjHfm0reKYIztFTjwflmDNqofCvYKUyj6UtUIABTj6HJBGG0IzHYevgyAD+lVndP+7hkytPoVb7DBmaXnxx1MoegPSrRaYuAGbq8o99YoQyDC2+HJ1WeGocpOqP296mDgWPd7lvZ3z0ADHOs3xXhm+96vYgqFDxWrA/ZEeQPA2xD44q/14nfPuPuseNczJUVmMAB4nkoAjIdvo303q2IKhR8YAb3ckRFEegPAyxDgd9trVabHMyJmzXzd/24G2EkzDwnbHO1Xj1fDuseztL97Fk8jVryGeRO1icmIKRS+sBOobARApDcAUNg9M7uPJvvwd1w7++64l6LBY5XNCGjf+xHvTRYDANez9btiDCM7n1bAFAp/UCC93JJRRHsDej6/Iwd47JUISijzTqLnTpN7PfJ8RsG8a8fX/k0L83T/b67S/u5ZMpxOuCqzJ7pewRSKcVQ3AgBlM7pvAIw0AKyFm6ZJ7d9lobermeTALEZAW1GDl6L9m5YsBgAoDDAejMSZclp6YQrFWFAk1qStBMlNo7sI9jQA2t9uwe3f/pvMpYMeSgbFm6EuGjfulkzH/x7J3+hlAPSY39lPxZwNlfw9xhSK8fSKUUaDkjiamHWXkQYAC/++kUv2RcXrsBnc7xmMALwRKP6jXoleBkAvL0jlaqBqyPX/GFMoYuCQkG1nU51PvjjfJ/0sPQ2AI4luGAEkcWGsVdhReDWewQg4suvORC8DoNd9ywswjiMholUxhSIOFpg2yakq3Ifn8ZgjcwAq4tl4BkN1lKenB708bD2zyOUFGEfGctYMmEIRC8qoLXWqDK5zjx1zTwMgIolxBJ7tZzECqpRV9TIA8NK1v32Vu14Awm142jCyt7AMvznLBqInlYzVkZhCEQ8W62zZwijsnmGBngZANZf2UQhbeM8j3OvtdbPRK9EWQ6L97Tuc8QLwtySe0vfgmceKb0yVBh/S+73NgikUeeCDtyZ0Vdg18jH2cMnJADgGz9rb3dxzZ+wBO2Vr3GdhzrW/fYdHXgC+E5Q43wq71yvVB+SrzJJTdBeeZft8hAyAEuDisyZ1ZTiK825+QE8DYLazAFpQIN7dJzPvsnodxeuhSLbEUuCb6Bku47dmCidehbBI+2yEDIAysAuYMbZHHPNqHLmnAZB9B9uLns/MIqsR0OvbwXBtfzs7GH/e770CGcpXs2EKRU6YwG0XtFlgZ3V259NzUaNuvv39WUFJW8+gF7yX9pqREAKxxnmVK+74DKyeIOhZkVQVUyjywmLWy52ZiS0kcHRxxWXPv7F+6wo80/YaM9OrLv4RmYwADGdrjFepvJP0fu+ZyWaYZsAUitzM5NI7q/gp1/PIcF4xRsiO0DNJjJyDDLtljEVrfFchMTfzQVDPINnVuqcVwHvaPo/VMYWiBixsVV16ZxU/ng/vMxOqLup3IOziOYcyGAEebZExnPjdanNmZQMAVvzGn2EKRR2oB64UEjir+KG3u/8RqzYLwavimVvC/OxR9nkVzxLIaoYA64V1H6twNeF4VkyhqAXKNPuJglcUv5e7/xGUY7VjWAUUmKei5LcjjADmmzWe3lQxBFY3AFZK9j2CKRQ1yVgqeEXxj3D3W9A2tx3LSvDcPXsFUI/+rIOdB6Nd3hUMAWvc3rAOYMwzv7aeB6xXvB+eFc/M+ne9WS3Z9xWmUNSFj2nkrvkZLPhnFD+QpTzC3W/B4n12vLPB/ffqmmdBqGHkM/YueXxEZkPAGm9vSFLelHt7/Ufw7fPcrN/rhb7xDzGFoj64s60PYCR8bEfdvpRWZchlUIzwDc8d2Ug3bHQXvIyGgHcvEQz4q0rWOykVenZarI4pFHPARI/aTW+8arGLgTDK/XcE1Qq/h9CN9Yx6MOL0xUzx7kyGgLcBcDeZlvfmmY+CZ6K95qqYQjEPKFjPI2Ff8UyhRrr7H8F42nGuDAach1t2ROvlDF6wlgyGgGeIkPBRe70reK5bMgDeYwrFfKBsIxIEuWbrDszi7n+EXIQf4pFcOiIMkHmORRoCXgYAc6T3/fT0DvLMyQlRDsB7TKGYEz7OiA6Ce4u7d1tWD1gktvGKN3hvPb013qGWKuVuKKXRlRFea4CXV6dHciDVB6OfcwVMoZgbdnQjXe/73R6uPetvMsGz0S7hY1hAeyXVefdc6Llz9ATFNnqu0crYGssd8Cq01+kJm4grXijyHe7mJMyMKRTzgyIe5Q3gI9xf2zPBpxevkhdXhXnTw7XuWW2BQo0Id10hoi69d2kkRsyopM6jBqjc/ccwhWIdsKxHlErtF4iIMMRZIhbmKrCo3knQ8vaweFYv9GZELkRL7+TIkSEzDNBXzark7j+OKRRrwWLs3Xlv7/Ilpmf9TTYqH/s6gquGnLdLtoKHaSPC09Tz++NZR+yyrRCP3P3nMYViTch+9/IG7GOEFRIBgVjpNmZhc9ad7L1bJLRgXTcrETtVjA5rLFeIrJgh6RBXv9z91zGFYm3YrfNRWR/8HXDfbdeoEKPlGezHLGxQKEfep3fiH1Ta/fPM2vGPgLCfNZ6zZDCQuRe5+69jCoWgZLB3T3hcj9vvex4605OIGG1FmC+P3in5FCN2itV2/1GHT+GBu2uAk8ch47g+plCIDRbuXg1V9l3CzrqOo8ALMCLDeSbYlW2MdMtW2v3DyOQ5CwwBEiYxRM4aBDozYw5MoRAtuHnv9g5gkdkUQi835AiidmriONV2/8A30N5HJEcNAn0P82AKhbBAebNruZMfsC16/JZHnoEXyi7OC3NpZGOrHjD3R3pHrvDIIEDe/q2oiSkU4hl38gP2MXXPQ0l6g3t5G7fIRZWuf3u8O+d5gOJXg6y5MIVCHOFKfsC+K2CVPIANdkPb2EUOmIPWu8qO5pLIgCkU4gzsCs6cMb4l1VVbvJUQmAtc6NUS/zY0j0QGTKEQV6DM74ghsK8Hrxa7pVFS9tjtKlTzIG20Z2MIEYUpFOIOrwyBffyzYvzW+yhb8ZqKWf8b0eV/QmyYQiF68MwQIJGQv6kaw903NRJjofPb3UY2kahznciCKRSiJ5YhsFegI04j7I3yAWIg/FJxvmzolEmRCVMohAd7Q2DfTKT38aSjQBGpHepYerenHg0H2LT3JEQUplAITzAEvJPp+O0RCYZkocsIGMPV44evoL4PYgVMoRAj8M6m/3RQljhJjaoM8GWk8gf1uhcrYAqFmAESDUe1G+YkPBkBPoxW/up1L1bBFAoxCyPzC/anHYo+jFb+GIzK0herYAqFmIlexxkfASNAnoA+jFb+QNioHYcQs2IKhZgJyvVGhQIAg0OJgfeIUP4kjcp4EythCoWYDSoPrEXfC8oddWzqeVDAEcoflPgnVsMUCjEjJHdZC78XdKv749+kVI5C0ubIcM0elf2JFTGFQswIbvmIw4eim7989e1P72i53MozwRgj2/tmfz5CeGAKhZgVFI2lALyJSg7cez2ylrdl6ASpzH+xIqZQiFnBJW8pgBHQ/XDk+QFW3sP+DIZoeBZRLv+W/RHVQqyCKRRiRtiBRx8kQzXCKCX82dcf76yRtX83Gt4DR+KOrMx4BWPZTqgUYhVMoRAzkunQIToHerudUWj7nAf+72glRwgm62l+6gAoVsMUCjEbKNtMO05gPN6uZxQ+u22IVP6URGL0WM8hE6raECthCoWYjdElgGdgRzxrDTqGV+Zn3+J9SqUQmTCFQswEytVa7LNB86BMSXp3wNVf9ex+JQSKVTCFQswCuzkUq7XQZ4XxkqxXLSmNZ03Pg6wx/qMoIVCsgikUYhaIfVuLfBVwn3/x17xeAZQ+46N9b2Qjn94oIVCsgCkUYgYyJv5dBeWKS50QQfTulPp9dvqVYvtXUEKgmB1TKMQMVMg6vwpu9n//4w+/GASebWzZ4RPPx5PC85xpl/8KJQSK2TGFQlSnSuJfT1BY7Mq3sj8UN5w5mpi/5d+QgzCzAXUUJQSKmTGFQlSGXVvEoT9iPpQQKGbGFApRmU+LJ/6JXCghUMyKKRSiKiSozZL4J/KghEAxI6ZQiKoobi08UEKgmBFTKERFqEe3Fm8heqCEQDEbplCIaijxT3ijhEAxG6ZQiGpQE28t2kL0RAmBYiZMoRCVoHZ9pQY1IhY6TLZzUIiKmEIhqhHd+EeVB2swy2mNQoApFKIiLM7Wou0JeQeUiBEbrnr8rTiGlL+YDVMoRFXI1LYWbw84Aa9ts4sxUO344QoQ4qFFMc8YRTw64VPKX8yIKRSiMt6dALddf3vdPfTSV1VCH6jBp8HT/vlieI1K/JTyF7NiCoWoDrtzazG/i7XrfwSliRybK4/ANdj1Y0i1z3XPX77/6d2vP/dr/iTlL2bGFApRHZRvz66AR3b9z+DI3t9++YOSBQ/AsyaUc9TQAo+wgJS/mB1TKMQM9DAC2IWijHq1gZU34DE8GzwmV591z7CAlL9YAVMoxCygTGjeYi3yr0CZ9O78JgPgMe2zusrdsMDv/vTDzz9j/7YQM2EKhZiNM9UBGAxezV5kADymfVZ3uRIWkPIXK2EKhZgRysiedQxk17iVmnkhA+Ax7bPqwZmwgNr8itUwhULMitWwB6XMSYLt33ogA+Ax7bPqyauwwL/8h477FethCoWYHbLyqS+nzGzkwi8D4DHts/LACgug/M9UHAgxC6ZQCOGDDIDHtM/Ki31Y4ExfByFmwxQKIXyQAfCY9ll5o7P9xeqYQiGED6MNAOLeZLafgdCI9VvetM9KCOGLKRRC+DDaACD5rR3DK/g3ER0L23EIIXwxhUIIH0YaAHfK2vAEWL/pSTsGIYQvplAI4cNIA+DK7n+Dygiy463f9aIdgxDCF1MohPBhlAHAwUPttc8yOhTQXl8I4YspFEL4MMIAQGn3ynAfGQpory2E8MUUCiF8GGEAUOPeXvcqI0MB7bWFEL6YQiGED94GQM/d/8aoUEB7XSGEL6ZQCOGDtwFAa+P2mj3odc7+M9prCiF8MYVCCB88DQB63Huda4BX4ezRumdprymE8MUUCiF88DQAvHb/G/y+dd1etNcTQvhiCoUQPngZAPyu96mG/L6nAdNeTwjhiykUQvjgpUC//ObvP/+8fc2ecB3r+j1oryWE8MUUCiF88DAAKNNrr+MJBwxZ47hLex0hhC+mUAjhAzvoT7743lSAVxm1+9+gLNAax1X+9T+/e/eHv4y9ByGEDAAhQvjxp3fvPv/zj78c12spxaOgPNvfHgEHDVnjOQpHDv/+qx/ffftj354FQojjmEIhxDgwBr74699/6d9/NkRw58CfO1AWeKY5ECWEeD7Y6UvpC5EDUyiEiAMFiUHw6Z9++GWHbylUuHPcbw+eNQciLwGDBi9HlJEihHiOKRRC5OLr7376RZn+2399/4v7HCUbrVgpC2Rnj9cCYwSX/lffStkLUQVTKIQQQoiZefer/w9UKmqmn25+HAAAAABJRU5ErkJggg==Azure Web JobGE.PEllipsefalseAnyAnyfalseA representation of Dynamics CRM serverfalseSE.P.TMCore.DynamicsCRMCentered on stenciliVBORw0KGgoAAAANSUhEUgAAASAAAAEYCAYAAAD8qitAAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOwwAADsMBx2+oZAAAABl0RVh0U29mdHdhcmUAcGFpbnQubmV0IDQuMC4xMzQDW3oAAFUmSURBVHhe7b13eNxFuu/Z6m7JMtGWOkjdkmxwxsZgMMY2JsOYZOIwZBhyGEyOAxjjoBysLFkOcsIJkxmTxybMEIYwMMMczp17z+55dp+959l7n91z7nOfZ3fP7n33+31/3bb865JbtqRWh/rjo5ZK3b/+Vf2qvvW+VW9VeUTEYrFYRgRjosVisaQCY6LFYrGkAmOixWKxpAJjosVisaQCY6LFYrGkAmOixWKxpAJjosVisaQCY6LFYrGkAmOixWKxpAJjoiW3WVK3By/m/1ksQ4kx0ZK7PPnCt+IL1Ep+pErGTWmTW+56W1Zv+xr/Mr/fYhkMxkRL7nL5ze+Iv6xLPCUN4glXii/UKb5guxxZ2irPV36Gt5g/Z7EcDsZES+5y4vxe8ZTWiaesWjzlNRCiVXjF38EaufvR9/AW8+cslsPBmGjJXSKT1+AHrJ9Im3iizeIJteP3WvGXdsg9j9qxIcvQYky05C5F5bB4opVwvzrEE6iTgkgnrKCXxAeX7N5HPsBbzJ+zWA4HY6IlN6nv2iN5JfVwwZrFF27B66rY33gNtcq9T7yLt5k/a7EcDsZES27y2AtvweWC4ERb8dpoBcgy7BgTLbnJFTdthbsFyycCNyzUYAXIMuwYEy25yYy5aySvtF084UbxlloBsgw/xkRLbnJMRRPEB+4XBCgvYl0wy/BjTLTkHqu3/U18HP+BAOVFmlWErABZhhtjoiX3+M2ze8QHqyevtFW8DD4MAytAlmHGmGjJPc5axAjoWsf6Ka6TvGiHFSDLsGNMtOQehWWMfq4TT0mHBh16SqutAFmGHWOiJffwBCE4KkBtEKAm53crQJZhxphoyS2eenGPLrvwRGH5lDSKNwQ3zE7DW1KAMdGSW1xwxU7xMgAxugoCVKNik2dnwSwpwJhoyS3GzVgDt4sBiLSAqnQcyC7FsKQCY6IltxhVBpeLFhCXX0TqxBvpguBYF8wy/BgTLbnDs5VfQXxiIhPm4DNFqF281gWzpABjoiV3uOrXb0CAKiUvssoJQCyF4JS0xqbirQBZhhdjoiV3mDijW7yMASptVNfLW7oclhBcsojdD8gy/BgTLbnD0SXc77kSIgMRCrVBfCqdGTHGAlkBsgwzxkRLbrBs1Z/FH4DwRCEy5Y3iCbfrNhxqAVGYrABZhhljoiU3mHfZDskLwtqp4IBzLegUX2mzI0D6txUgy/BiTLTkBoUUHlg9njKITKha8iBAnhAHo1sgPFaALMOPMdGSG3Ccxxvhqvd6nQXjVhyeQL34OQAdjAmPFSDLMGJMtGQ/dz/4PoSFFlCDrgOj6GgcUMgRI7shmSUVGBMt2c9pZ66HsEBs4GrlBRv1GB6u/9KtWCk6Og5kBcgyvBgTLdnPkRMY+8Op9oNhBcgyvBgTLdlNXdt34o1wwzGT6PTFCpBleDEmWrKbS6/dAVGxFpBl5DEmWrKbyGRGOhOO9xwEK0CWYcaYaMlu/AEKTFui4LixAmQZZoyJluzltsW/UzHxRIDR7eqLFSDL8GJMtGQvE2atFj3zS+N8TKLTFytAluHFmGjJXo6KdDrBh9x4zCg6fbECZBlejImW7OT+Fz5RMdFjd3SxqVtw3FgBsgwvxkRLdnL6RRsd1yvEnQ+tC2YZeYyJluzk6HIutYD4BLjfj0lw3FgBsgwvxkRL9rG83tl8zBttiQ1AQ4hMU+99sQJkGWaMiZbsY96F28WvuxxCgEprdeMxo+j0xQqQZZgxJlqyjyOiTeItWelMwUdrxBsyuVxurABZhhdjoiW7WFL/jW40pgtQ6X5FufGYSXDcWAGyDC/GREt2Mecc7v3TKL4IxCRcCwHqEW+ArphJdPpiBWigrF67By/m/1n6x5hoyS6OPr5TNxrjZvPcdjUvglfd89kkOn2xAjRQ/CEIenSlnLRwrdz75MdIMr/PciDGREv2sLT+C+eY5QAEJ8TBZWcVvCMsJtHpixWggXDzfW+ijDtRrh3ij7SJf2yzjCmvlHkLV+Hf5s9YHIyJluzhrIs3Ovs9w+rx6XarEJZwQywaOhlWgAbC0cfXOeVKeLhjYJ34S5qlaPxq/Nv8GYuDMdGSPRzNNV8hCAj3eA7XOI2ktF7yOR3vnnZ3YwUoKUsav3ROEOHMImcZS1DGpSBaKWOmdOIt5s9ZHIyJluxgZdvXUhDsQKPgkcsUoDrJi7apAHkDNhBxKJgxfy3KqhUi1ISyboGwo7x1oW+jHHtCM95i/pzFwZhoyQ5O+QUaRwCNA+6ADyKiY0CcgocA+Wwc0KBZve0bKQw0wvJhjFWL+IOdklcEsS+pRpk3SdEU64Ilw5hoyQ68YYiHRj83SX5ZPUSk3emt0TsXWAEaNOdc/yrKcRXEHBZlWa34ylp1bM0bqYQVVCNFE6wLlgxjoiXzeeqZt+AWrBHPuBoddM4rrRJvqBtiwpNQGyU/SBfLJDp9sQJ0MDylXUKR94fg1kaWoZy4vAW/B1BmkXYpmVKPt5k/a3EwJloynxMWvNJHSA4XK0D98cv7ebKsqcz2M2ZqB95q/rzFwZhoyXzyo47rNTisAPXH0eOrXGWViBWg5BgTLZnNXYvfF2/U3CgODStAJhY/tXdAi3mtACXHmGjJbMbP6BJPSQPoM6V+OFgBMlJ24gaNeDaWWR+sACXHmGjJXDbs/E8ymhHP7IUNjeKQsAKUQGXHl5IX7RBPgFPthjLrgxWg5BgTLZnLRb/c5jSOAe35nAwrQG4mz1uP8l0qoyqS7yZgBSg5xkRL5jLmuDrxhJrtGNAw0Nr7F/FGGFle4yzwNZbZfqwAJceYaMlMllX9UfKCDILrgQjRCjI3jIFjBagvM+auQ1k0iLe0R7zB5OeqWQFKjjHRkpnMPnu7eMoZDLdSRpcy4tncMAaOFaA4rZv+In6WLS2fMEMckgu8FaDkGBMtmckRpRCLcJV4x3WKp5jCYW4YA8cKUJzzr9mprhfLg+u+PBFTeR2IFaDkGBMtmcf9T/xBCtT6gWsQ7nRWvxsaxaFhBShOIRfxhqudpRdczhK2g9BDgTHRknmEp/Si0q8UT6gF4sMFkRws3T8lfFhYAVLOunwXCpjijnKFAOXRDeOaL1OZ9cEKUHKMiZbMYtWa79FA2sVTjt6ZW4LSFWOkrqFRHBJWgBRvKazKMqdMNAI6XOlsa+IuLxdWgJJjTLRkFqeetwEiUYtKTzehRjyBGskrsy7YUHDuFdsg5s66L93In7tLRlEmWi6mMtuPFaDkGBMtmUVhOXc3pPA0S0EUv3OLUIiGqVEcGlaA8oLVjvWD8lBLCG5YXhRuLjf5TyivA7EClBxjoiVzuPfJD1HZud9Pu/jCteINctOxRhUMU6M4NHJbgM69cpOzkT/cW29pjfhCHXC9YFkGuaFbcoG3ApQcY6IlczjupBY0kjXopRkB3aAHDqoVVGJdsMFiLpOBYwUoOcZES2bQuuF7OYrCU9ypcSkcgPYFY4cOwlUwNYpDI3cF6PzLuHukqUwGjhWg5BgTLZnB3Is3QHxg7YSd7Td84TbxhyEWpck3yxoYuStA+SHm21QmA8cKUHKMiZbMQMcngu3iLeO4T73kBVsgQKj8kWowgHO/kpGjAnTmJduQ/8HHUVkBSo4x0ZL+3H7PbuGqd09pGyygavFFaiUfvzsnnsIFswJ0WGzc+RfJ5zHLUUN5HCJWgJJjTLSkP9HJ3ajkEBsOOIcrdZbGOZ+KAsTlGHYQ+nCYddZmlB3H1Aa/m4AVoOQYEy3pzbLmL3S8xxOqFV9ps579zqN3PDpuscr5m4cQGhrFoZFbAtSz5R/g0qJcy1ti+TaVycCxApQcY6IlvZl9fi+sHwgPl1wEmsXLHjvcqgFyTOdCVB8XpRoaxaGRWwI0cXp7zHWtgxs2+DgqK0DJMSZa0htPBKLAQVJDpR9ackeAnq36FmXaKt4yCA+jnCNWgFKBMdGSvlzwy42o3FVWgIaYKXNg/YRqxBvlOfpOtLO5TAaOFaDkGBMt6Yuf+xGXcZB5KJZaJCM3BOihp9/XLVa9DOoM1oqPe/1wyYWxTAaOFaDkGBMt6cmvH/tYPMUceKb4HDjlOyzkiAAVT2LgZpcO4vtCjRAgzixy4amhTA4BK0DJMSZa0pOSmWt1etjLGTDdfsNc8YeMHBCga29/x4n5gduVF2qXgtIWydfBfCtAqcCYaEk/Xqz7HA0Dlk9ZrRPrU8KN0RPN/qEl+wWokPnk7pGlNeLnkpZiiEeoVvIiyVe7J8MKUHKMiZb044Sz1sMtgOgEULn5qgGHw012C9AZl/SIL8plLB3ijzbobodeHrlc1hjLt6lMBo4VoOQYEy3pxYZXfkYjqYfrVSsFgU7n0EHufmio9ENL9gpQ7/qPpZAR45FKFSAVnxDPVIP7xf2VrAClBGOiJb3QVe8lbeoW+EKd6iIMRZxKcrJXgCpmb3bldeixApQcY6IlvRgVWQ7BaRZPcZX4YfkUlKOCB60AHS6PLPk9ynEoTo49OFaAkmNMtKQP197yqngDsHwqGJfC+J868TESOsCZMHPFHzqyU4CKJncOaE/nwWIFKDnGREv6cGx5teRHVqPV8KSLJt1sbKDnUg2aLBSgK2/ZCRe2QbwRbuJmyPMQkksCNPa4FimMNsutD/wOf5rfY8KYaEkPfv30B3AV6nTD+Tw2GAiBbhOhUdCDj1NJSpYJ0PptP8poTq9H6iBCneY8DyG5IkDHz6rX7WCc46o7ZfystfLYcx/iX+b398WYaEkPjjgOD1XP+aLbBSuIlk8pBYirtod/DCPbBGjmmavFWwIBggXk0WhyU56HjlwQoLMu3yL5oS7dCliPLYrCMg826MEI7veaMCZaRp5nln2pgpPHwWc2mOJGPSImj9uwxnZBNFX6oSV7BOjpZZ9IXoBWI/JT4mxbYs7z0JHtAnTuDW+hc1wBK51bwqBceR5dBGUc4fhaG95i/lxfjImWkadiGgPkOObTKV40fn8pg+MgOjp4ylgVCpG54g8d2SNAgYmtema+RjiXNOieSeY8Dx3ZLEAPPLgV5dioVo+Xgl6K+loGIQo2SmG4A/WlAW8zf7YvxkTLyLKk+nPHzTJU6tSSHQJ08W1vo3fmJvMd4ivp1IF8brthzvPQka0CdNODH8LVSr4djPtzJoyJlpFl9tk9eIDsVcwPNnVkvgB1b/oJorNS8jg2EalTV4GWkDOe5s7v0JKNAvTwC1+IJ7RUfNHkRz+5P2vCmGgZOVZ1fC/+YA0e4PD30MnJfAGadHI3/C8OOtdKfhnyEloOd7YLAjT4xabJyDYBWlL7BylgGXLpSniFMc99cX/ehDHRMnJMn7MeD4+DpRwDcqZzR4wMF6A7nnxPvGMbncjxUJWeHOvlOFoI1mUZB6INeR5CskmAnly5Vwq4bUlRjbMrA0NBDHnui/saJoyJlpGhd+uP4i2qg6vA3jkFgYbJyHABKqxoUNFxdg+g9dPoTMMjP6nY0C1bBGhJzZewfFCGKDPdrC0AEY/2GPPcF/d1TBgTLSPD/As3SF4U7hcau8mkTT2ZK0DzL+T2JXBjA3XiLV2reWDsFGe/8rkFBxf0GvM8dGSDAC1v+VqtRhWeUKX4uGl/EPWB4SGGPPfFfS0TxkTLyMD9iD3l7GmG5lyqwZOZAvT48r3OQDOniDnbVcyoZ/xdxsBO/B1sgjsx/IP8mS5AXbv+LoU6brZKfIzI58C9xqZ169+mPPfFfT0TxkRL6jnr4k0QHzw4LhEIL3c2Rjc81NSSmQJ0NC2caIfeO/GX051FfkL1zrE7XAsW5MC0O79DSyYL0Ou79kjecS3iK62WgiDqIsWnAlZQuF28IQYe4m9DnvvivqYJY6IltWx8/cfY1HCL+MMN4guil+aRy4aHmloyT4DmLezF/XLdnCk/qSVTBahn+z9I/vHoCA15OhTc1zVhTLSklgUXrYFbUCN56LUL0EPn6ZlUw99DJyezBGh5wycyigOgjPUZgj2dB0smClDvq3+VMRNqNVjTlKdDwX1tE8ZES2rxjYWbwLVJdBNo2uLVp+tpEh9qasksAToy0uysldOjqgffgAZLpgnQxh0/y1HH4XkH6yV/CCLx3dc3YUy0pI55v9go3mC75Jf07G80jLPgLI1rWjPlZJAAXXDVeygzTrm3CI8tyovivk15SiGZJEDrtv0sRx4Hq7EE4h1q0edtytOh4P4OE8ZES2pYt+Mf5YgoXS0GyHHmq1o85c4UvC6WNDzUlJIhArS0/gvxBFp0FbY32CX5XJFtyk+KyRQBamj/gxSOqxFPBWN7WsVX0g4RH3wH6P4eE8ZES2qYu/Bl8dPV4nlUkWV4aLB+dJV2o25C1tecHRkyQ4COHYfyK4N4w331oeHkl3bgd963KU+pIxMEaFnDp7C+afmgzEJ1GqKQV9Yg+SGUpyFPh4L7u0wYEy2pQbfY0IdOsVmuZ1L50fv40eA97IEMDzW1pL8AzVu4w9kOgrOHFHPuSRNsdU43NeYpdaS7AL1Y90fxB+H2w+rJK4Xlw9NhGYeGOuljHTTk6VBwf58JY6Jl+Dn3PCca1x9agwqARlPWhofWKP7iNmcavnzkB1HTXYAeXfa+5AUrVcDz45tilaNcYUn6i60AHYz6ul2of+skH4KTz2O+uUwFFmQ+Y6VoidOKNOTpUHB/pwljomV44dgPo0tNDy29SG8BKhjX7kQ6x8cdeM99xiAS85Na0lWAnofbpYcaGO55KHF/rwljomV4OW/Ry+oymB5aepG+AjRjLnrq+KZiLMs0EBw36ShADz3/EaxuWNmlsBwN9zyUuL/bhDHRMnys3/53mLkwebm1geGhpRfpKUA33f8m3K5qR3QoPm4BShMxSjcBuu+x9+BuOctSUuGiur/fhDHRMnzMWvByLEoXjYQNJZ1JQwHq3PSjM3MY4ViP4Z7TiHQSoJsf3K2hHd4oxIHbk6Sg/rnvwYQx0TI8tK/+s/iLuMYGD4inmxoeWlqRhgJUcgIHRzlT4xrDMN3/CJMuAnT9nW/qiSosJz5H7g7pqagx3vNQ4r4PE8ZEy/AweVZPbDc5mL/c96dvA0pL0kuAzr/yVdwLKjfEWzcaY0WP32u84h9w/yNLOgjQJTe86pzXFeapIM0oO4g3698A9vMZLO57MWFMtAw9Kzq+EA93OwxXS345w93tIPSh8HTll8IgOU+kVXzlEBrG+8QFJy4+fQUoDcRopAXovKu34/ktBavx/NqdI3TKIT5crBsY/Gr3ZLjvx4Qx0TL0jJvZjh8QII12rhFvqNv40NKL9BEgf4RxUZ3iZ3zK2FjQoVtw4n/zNQ1mGUdSgM4+h65Wi54n5+MWqmr9rELHt1JGl7XEdlww3/dQ4b4nE8ZEy9DyVM3XToNAw8in6cvNsLjoz/DQ0ov0EKAp83tRfujBy6t1jZKP4t1XfNKUkRKg6Qsg0oGR3xPJfV8mjImWoaVkuhPVrPvoFtdLfhlnwUY+Ujc5Iy9A19y8E99d44yZhet0qYpu3pYBYQwjIUCTT2lD+XB5hfmeUon73kwYEy1Dx12/+VD8utthvfjL0DPR+gnVOvvWGB5aejGyAvTkit9LfqDKWZhLAQq2wPrpdO5pAHsSjzSpFqAx5avEG3GWUKTDhmzu+zNhTLQMHZFJXc56L87ehGD9cJGkLsOIBdKlMyMsQKPLGxyh1pifVp35yuOJDGoBUYRc95tmpEqAVvf+RUITYrtARlA2HGhOg/2k3PdpwphoGRquuut1KeSRwGPRM3HZQLhaG7SvhNtvcEDa/ODShhEUoGmndKK8UE5RlFOwDlYQZw45BsRxNI4BwSIy3XMakQoB4tHTR5TiGTEuqnwlyqpSOzidejfcUypx36sJY6JlaMgva0RvjQYDq4crjP3amNBThTqciFSD2ZpejIwAXXjVFvEVxWdt4E7QaoxwDKhKt97Ij0CM2NCM95w+DLcAPb3sMxnN2S0ePV1Bq6dFTy/lzgCpmGZPhvt+TRgTLYPnzEUb0QvAH6elE2pwDnbjICoD6NCgtZcwPLT0IvUC9PCSvTpQ79X9fGqd4LkQyipUKfkVKDvumc3yTIuz8w/OcArQoy/sFm+gRfxlcLX0mGQGuLJsuK0GZwqtAOUsva/+KL4gKoRGPaPhcMvVIHfr437FEKUQTGXDA0s/UitAvdu/l0K4Dzz4zlO6Qjdm84ZqNJZFy00DEWvgXjCOinEu7vtNL4ZLgK6/d4e6op4yTmjU646G3FdcZ744WE83H2VkuqdU4r5vE8ZEy+A48axtqATp30MnJ7UCNGY8vjMIi5ENqyQTAjUPznAI0KKbdznBmBlgAbrv3YQx0XL41LZ+KwUMOtRYH/ODyRxSJ0BT5rRLXiksw9gGY74wXVXTPWUOQy1Ap5yzAQLN8bCVsIDSv3zc92/CmGg5fMbNaI81HjZc84PJHFIjQItu2ymeIg6iQnyijZKHRjZKv9d0T5nDUArQiQs2OONinGYPdTkumOE70wl3HkwYEy2HxwPPfOoMNqPBqj/eZ0oyI0mBAD383G6nMXGBbrhLZw39Ic4aZkCcVBKGSoBCJzIQE25XuBL1q1rHwLguzvSd6YQ7HyaMiZbDY+z4VvGWQ3xCNc5JDYaHklEMswDV9XwnBaGVeiKDJ1An/mgTxIeD9JVOT2+6pwxiKASo4mRY0wzfKG2QgkirFJbU4Fng7wwoH3deTBgTLYfO1bd9IL6SBo1PYUQqe3KTWZpZDK8AFVRUO8e/hBp0kW4+3FZtXPxODVcw3VPmMFgBOmrKGgjzi3LkuDUaAe4cOdSunZvzXMzfmy6482PCmGg5dI6s6NTjgDXAsLgBFaTW+FAyi+EToPJZdFU5lV6rC0w9gSoIEUQ7vFJ8ZavxCjE33lPmcLgCtG7nP8lo7pgZbhd/GdzSokrJDzTr37qkJ9wqvpD5O9MJd75MGBMth8bpC9ehUrCCNGuPzsaqZ5MbHkpmMTwCNOs8iDPXx5VznAeuagCuFy0eTr9zbCPQCFGi22G6p8zhcASotulLOWY8ypwLl+F2aUcGcWZUvTOuCHQZT/rXL3feTBgTLQOnpu0nVIZKNCb2WDVoOM0aQOfh4YKGh5JZDL0A/eK67SgvNK4sEJhkHDutC1k2l4OJ52u/dgbkaemwjAzXzCTc+TNhTLQMnCmn1kBs0JjKmyWvDKJT7Kz/cpYSmB9M5jC0AnTX42+LZ+xKZz+kLHCxkjF26sAF6OFn94o/tAzlXa1lrbOAhmtmEu48mjAmWgbGA099Iv7AcvFFuyE8tag0q2LjGWy0dhC6L89UfqrXyueiyeI28WbAGMZgOXbyKmTdXB59uWXxB6gzK5yZLbjxo8obxMt9owzXzCTc+TRhTLQMjKPHcZEpGhS3C402Q4CaNIhOp5XVZ89whkiA6lu+lQL26LQQGWwYqJOC0ti2qllM4ITkArTwmi3O+E6Us4FOKAInMXzsyAzXzCTceTVhTLQkZ+Ginc5OfdxcTKfcG2QUG1gRKpCuTkYPZngoGcUQCdDYSbHtR0JVeIXwcIA+OPIbZg03RVNakH1zmZAzLtkiBVEIc2AZxNlZqKzjh2pBWAGy9EPvaz+Jv5jCw2nk2K59Y9C4SrndBi0ipiPNZZJmHoMXoNAUiDLLByKtsSxhzny1Sl7Zctd3ZR9Fk7tRBOZymToT5cqgy9IVcOE7Ub74PVjvRNJzs7WyzI+DcufZhDHRcnAmz6F1wx6qRY+H4d40ukKZx5/oVpioPBlx7lcyBidAE2ehYYVXoCx4rRYpLOfYD0MV6Io5G/VnM8Fpq1EMieVy6vmrxc8dDMMN4o10aZl4gx2x00tRLtxaI2QHoS0Gli77wAkKK2/SzbJ8nE7m3wG4GdyLl8feQpj2m9KZzOEL0MxT8fkSNKowRCfAcoEgQ6Dzw53OwlO4HObvzB7GTjY3wvGnoww4Exhp1/gn7nnkK+XyE1rPSIP1fITuG26+bqbgzrcJY6Klf/zoxT2l3ZJflv5bgg6ewxOgORf2Qnwyfz+fwTJ2SieKI7F8ppyxDp2X+TPZhDvfJoyJFjOX/HI7einuOMcZHCtAJs44/2XJjyxHT54NFuDg6F+A1lgBimFMtCSy4ZWfZVRwFUzlVvjnaJAZca7XYDk0Abr4+t1OBLiOj/FzpmvmDlaAEvPuxphoSWTy7PXOVHJRS2zPHwiQYeoxqzgEAfrVra854szTX1H5dEDVdM0coj8BmrQgJkCGz2QT7nybMCZaDuSRZz9Dz96iA8/cq6aAB+WhUZoKPasYoADdeN8bupWG454yBqoen8v+OJ9kWAFKzLsbY6LlQI4uQ6MqB+Eq8UeqxBNAQ9NYH8fUzF6SC9CS2j+Ip5gxLA06rewL1cuoyFonJMF4zdzBumCJeXdjTLTs54yLN4ivvAsNjFsgcKdDp1HqjoeGQs8ukgvQfY987oyHla9XgR4VdmJa8riFqPGauYMVoMS8uzEmWhw6u78SX/EKFGabrtXhVgm6Rifc7rgYhkLPLpIL0MPPvh1bub0SQo33BppQTigvmuHGa+YOVoAS8+7GmGhxKJ6xUXwMmINboQf/x3zbfb8bCj27SC5Ai3+7B//nexod65Abs/Gz+jn39XKL/gXIxgHFMSZaxPPre3ftEx+KDVe7xwVICzgH9rOxAjQ4rAWUmHc3xkSLeEaFKx3xgdCoxcNCpehYATqgnKwA9Y8VoMS8uzEm5joz569DA2pT4VHLhwVKwekrOnFrKJs5XAHSI2OQZrpmDtGfANlp+P0YE3OZR5b8UXy6+TfjWWKFGROffZZQn0LOaqwADQorQIl5d2NMzGXGHMcTJxnng4bUt0D7Wj454X6RwxQgflY/575ebmFdsMS8uzEm5iqnX9ArHm40FqkTPV4nbvHE6SM+Cf/LSqwADQYrQIl5d2NMzEWerd6LBlSt67x0rVeYgYcxwSF9LCEVn5ywgqwADQYrQIl5d2NMzEWKJraIJ9DtHCjI3erQoEyFmltYARoM/QuQjQOKY0zMNc67ajNcL+5RTMumUzxRTsHngouVDCtAg8FaQIl5d2NMzCVWNn0lhYH6WMOBW6V7OefCMouBYAVoMFgBSsy7G2NiLhGd2iz5XOvFjeRjm8zzeBR1xeLjPrnK4QqQnYZX+hMgOw2/H2NirnDZzW+It7jKcbf0uJgWNLR2VA5zgeYcVoAGhRWgxLy7MSbmAqvWfCt5Y7hzH9ytcK34xnG2C42He9vQBbN7GoPDFCB+Vj/nvl5uYV2wxLy7MSbmAkUTKyW/pAfWD8d7YAVxl8MgBSm28h0NylSouYUVoMFgBSgx726MidnORdetcabaITjeMsb7oNEEVqMBQYB4PhNFiWd1Gwo1t7ACNBisACXm3Y0xMZtp6vnamekqsxZOcqwADYb+BcjGAcUxJmYzxcc1ij8KAQraLUOTYwVoMFgLKDHvboyJ2crpizbB+mmWfG4oH+bJFuaCs8SxAjQYrAAl5t2NMTEbebF6r+RV0OqB6xXkwDMwTB1a+nC4AmSn4ZX+BMhOw+/HmJiNFE3mccoNksfD89hgIisTCsziwgrQoLAClJh3N8bEbOOks9c7jaK42ol6DnHPnyo0GqRZDsJhChA/q59zXy+3sC5YYt7dGBOziUeXfuAocrRZ8svrxHNsk/hLu3KiAgweK0CDwQpQYt7dGBOziQKubOd55dzfh+d6laGRBGrFF86FgwUHixWgwWAFKDHvboyJ2ULF3O0qOAws3LeJGPd7RoNyXi0HxwrQYOhfgGwcUBxjYjZwxwNvOeIDy0ePDmah8JgdNiZYRMRdYBY3VoAGg7WAEvPuxpiY6XRv+E73dHYsHzSMKAoktq2qCo+udk8sMIsbK0CDwQpQYt7dGBMznfDx6+B/tUBsIEIsjNi+zvx7nwBRoPpMGVoMHK4A2Wl4pT8BstPw+zEmZjJnXv6yeCM8WJBCA+GJHa3siBGtImccSIXIVWAWF1aABoUVoMS8uzEmZipPLfsQGW8VT7RavMF2/I6HzMYTH/Oh+MD62fe7y2S0uDlMAeJn9XPu6+UW1gVLzLsbY2KmclSkDb0vhaVSfBrx7IiPulyxcR/+7S/n9qvmQrP0xQrQYLAClJh3N8bETGTK/C7xBNrEC6HJVxegr6vFAjnQBVMz0VBolr5YARoMVoAS8+7GmJhp3LD4TVg4sHhCLeKHC8Z9nT0Ru9Ri8FgBGgz9C5CNA4pjTMwkGju/l/zwSvFGW9BYatFQYOEEUQB2w7EhwArQYLAWUGLe3RgTM4ljoivEG1gNVwuCE6wSPxqLnu+FxmAqFMuhYAVoMFgBSsy7G2NipnDaJZvEG0JmeaZXsEYKoz2SF+RgM9d/cRaMv1sOm8MVIDsNr/QnQHYafj/GxExg8aMfiKe4VrzlsHQgOGoBFTWJn/E/agFl/wMedqwADQorQIl5d2NMTHfae3+SwiJkEg3DE41nuF68pTXi4THLpZ3irPvCQ7YMgsMUIH5WP+e+Xm5hXbDEvLsxJqY7oYnIYBgiE6mDFVQnvpJ2Pc/LU7oC6WgAwXaIEf5nKBTLoWAFaDBYAUrMuxtjYjqz4LyNGuvjKa9zYn7CreLjKabhGscNC7WJN9KBxlBtLBTLoWAFaDBYAUrMuxtjYrpy52NvIWNcatEE0bECM/xYARoM/QuQjQOKY0xMR9p7/iYFQVbqBvEEWsRXxqUW5oxbhgorQIPBWkCJeXdjTExHjhkP96qIrlUT4HaqsYpuGUasAA0GK0CJeXdjTEw3TlzQCbcLFs+4VbB+GsUX4ZlenGqPz4BZhoXDFSA7Da/0J0B2Gn4/xsR04pe3vYbM1EB8kCm6YCo8leKNoqIbMm0ZQqwADQorQIl5d2NMTBcqG36UvLGwdsrb9Uwvzm7R9fJGu9EgIEQGs88ylBymAPGz+jn39XIL64Il5t2NMTFdKIg0iD8KoQlDeAKrJJ8LTINNaAwdeID43ZBpy1BiBWgwWAFKzLsbY2I6MH1Wq3gqUKEjzZIXbHFcrtIV4gtXiS8E8YnYWbDhxwrQYLAClJh3N8bEkebMy7YbM2RJMaEW8UVrdIlLXqBd7n/sIzyeA5+VFaD+6V+AbBxQHGPiSHLXwx9LPo/TyYEHlO54Q2shQngW0XpYQO1y7+Mf4BEd+LysAPWPtYAS8+7GmDhS1PZ8pyvcfSWd4rcCNOLkR1arAHlKuK6uU+560grQoWAFKDHvboyJI8WYSVzThYobhunPpRaGqT1L6sgLrpKCcs42cnvbRrnt8dfxmA58ZkYBstPwSn8CZKfh92NMHAmmnNotefEFpJEW8VfYCjziBFvQUPBayn2XGuXOp6wAHQpWgBLz7saYmGrOuLRXfLqlao26X3qSRYCVGg/JMmLokdahBmd3gWC73PfEx3hcBz4764L1j3XBEvPuxpiYSu58eLf2tJ6ySrheHPuBG1bMSOfVxkxZUkhJpe6z5IVb7AtUy4NPvIVHduDzswLUP1aAEvPuxpiYKuo6PpUjwrXoZbtQYRnljN42VCUFkTpnr2dDpiyppE2OmdQpM87fIE9W/xWPLPEZWgHqHytAiXl3Y0xMFQwu1DPbDf6jYshURsHxE67cD60Sf2mH+Hlya9CxKPIjEFtuIRuqxmuD+EpRDnR30Ij5O1f9+0vqdDbQF27RaXA974wb8Ot78VleGw2ejZ4nwbJS63WCVZJfhu/B/zWQMMxYHrpS+CwFgmfmR6rxvlbdTdIP8QhP65QTz94icxdulstvfluuue0tWbHyD3hM5mcX58Gnd+Pz+C5uj1K8XEZFWsSH6zo7FhjKJIfoX4BsHFAcY2IqqDixzREf3qxJfIgrQ5kG42e8ZVxKUqeNnuLiCAxEgNHcXFIS6cL7KAzMM4WBn2W5AP4NceDvceuCM1O+YLMUQIi4E6SPm+/j+jwTjWWWF+WyFQhVqAd/M1ocn4X4jC5vlLITu2X+Rdvl1gc+lOeqv5V1277GozA/n4HyxJIPdVtcWrA+fIePU/Z2nZ5iLaDEvLsxJg43p5+9EZUWjSPLBCeBQLVaINwqVgd0IQRqfVBcONZVCqGgGDH0AFaEv5yWDNIDTeINwIKAK5oXpbBU4T2V4onC6uHZ9xQr/Tw+y1NAIEJcJ8cwhknzVsu8RZvlitvfkpcqP5b1m75HkZufw1Dw2HN7pDAMAQ1ASDmRwHulaJbhvkxlkkNYAUrMuxtj4nBy6c07tLfmbFdS8en7/wwkP8JV+xBaWgRM07ESQBGBpUPLxA9hUpGCqNDtclw0fpbChM8qsHy4FS3FqbhKLauiGT1yzqWb5de/eV9WNP5JNu34BxSvucyHk9nnrcY9wcWMwuLiSSQQTV8ZxNNVFrlIfwJkp+H3Y0wcLh55cQ8qKHr9SJWOa+y72SwUH+KIjzNOo+IRR62WZslHgy0saZH8cKd4Q90QH47x4H8VeE8UFg/eW1jeJsUTO2TWWZvlnkf3Ss+Wf0RRmss3FWza8Rdp6fpJ7nrgXSma9BLEchksN45tIc94bgUcCwpAWDWPiWWSS1gBSsy7G2PicFDf+Z3kl65BJWWwYRcqKXrL+M32Jzx90zMRuiN0ozjWBStIB4tLOJjc6ogTLBmPui1N4ufgbbgaYlMv8y7eJlff8Z5UNScfBB4KmtZ9Kc+s+FgYEnH1rW/L/IVbZeb8XjlqQqfkcyfKoHN/zlFHcAlLKaoduG+OXVFUkQdadXxmxfU6RuWNCVIuY12wxLy7MSYOB0dXoNKiouogKRsjxz9MQpMt4kM4ZsNxH+SHFY5ulQ7SBl6SgugKpDdJ8bQumXPpNnl46R9kw6v/AUVlLr/Dpa7nW1n8/F657t4P5cIbd8spl7wq5adtkNETICghWGFRDlijvHVciYKI++YZa3rOGu4dLqGfW6Lgmfk4KB7k7FvsGYXb8DzxXPseAol0ipVfB8BjaTmKFaDEvLsxJg41gSmolLB6dKZG1xVx9oYzJ7GKHL9p998ZDy0ENERA6ycf1kPxlFo5fdEmeWDpn1A05vI6VNZs/kEef2mPLLr1deEUb8nJ6+ToyWvgDvHstHoVGrpEPggF46x84VrdU4nn6KurBGuUouHcM58BhCYKy4busrqNTEcaRYiCBYtI88aDIWG16fiVTvFDiGjV4dk6Y1bxcshNrAAl5t2NMXEoOfmsDikId6NSchyEvSdckGCXDrSabjqV5IVqdHrbEQk0QG10dDPQONmAOBBcTAumBW4UfucMlh4FTcsGjVbHc9jgIKzlzB8o69TP6P9wzWMmtcvci7bKbx7/QHoHOSPVs+Uf5NnKP8m197wrJ5xBcTDnK44ObsdwThNx4oTiMH7HE6zGs6iFdYb/45nQ0omHC6h7pWM5Meh6sRxoJVFsOGh+MHg9Wk90QVl2YQgihExduTDKkELGeKHYe3l/uvYsVKvv08/EO6UM7Jz6FyAbBxTHmDhUXHhtr4wOVYovALeLlamc08roKVHpvBEOsppvPFXoSm82BMbRsOemdcYN79kQQgymiwf24X+wGHxwOXyhDvGH2mJTz06+8strYN3gOkUrIbY1Ujy5Xi759e+kbfMXKAZz2SSjsu1T+dXdn8gvfvWOTDitW446DiLChssI8WgXXvHdhjz1JS468YYdR2flCC0zuMLqDlNsdDyHlhDA73kh5/RZxhpph4FyiLtiDF5U6yoJvIZznf1/x6+p0/bqorLs8QqcNNy/SWwyTISsBZSYdzfGxKHg5gd367ouJyqWFRumOhs5ez3CSFzDTaeUECyb0k40CIoJKj8aB60Cig4rSB6sA85CMco47kpRiGgt5AUhoDrO0Smjyjtl2vyX5fYHE/fLGSgPPvOJzIOlVHJCl+TruAqsEFpTdHV0QDdmfaDhOsGKyRui5iFG3Krpi2Od0LLB+7VhUwQYdwQxVfeK30cLheVEsUJ+OfDMmT2d3etTLiYo3vssJ1psDL2gaAOGYfD/FDbmid/Dz+D6fCaeMN4fFxw3rnymK1aAEvPuxpg4WB7ldDujY8NdTqUNroDFU+1YE6hkWsG4p7OpcqUSdadoFTSrCKkQacMCaPg6TqXWDwqU7plGNcNlYewOLIEFl74sv636Blk2l0N/LG/4Qrjz41TONI2DEI9ZpuXF0AQVO5aTujksQ6TDKuC98Lx7P8TBz6UWYVprrvy46CtAJjg2xMhqjgURrr/T15iFopYJ74GbkvGVf/PavL/4PR4UlBfLWGfI+HkKHD/P++PvsevERM4RvBg6fsbP8f24Vp989ZuWZvQnQHYafj/GxMFQ1/MnJ66FFUrHRHgzNY740I2JV7piVrTEm04prPCBWAMvZxp6ft4vD0Cku8NeG0LjTKM3ypHjWmTWub3yfP1XyKo5/yaWN+2VK2/aJVNOXS/HwKIqgHWTH7cMcH1veYtGQTuN3WnkjmUSKyv+js84YyZsmI6lkJAfFyarJ+6SOc+BIuC4PXHXjMtEdModYsSlHhyk5ngW0TEiFapmdUf5noNBC1itYPzOQW8FwhN34fidug2LumAQOVpdETwDusI6g4j8gn1LdjJAdPpiBSgx726MiYfLhh1/lkKeXlGGyhREA2FPp24Dezc0GlRwjQMqqYotTRhZ8oKrNVpZCyzEmB3cnzZENJ4yuAmwfo6d0CbzL90qTyx9H1k059tNe89f5dpbXpWSaetlNEWmCNdledD90EBMlkmdFMA60HEZxgQxCDHgrA1zBnppeeFeghAIVlbeLxsiLQst1wPzYiJu6TjERCZmVSm6XAJpzD/jfVQQ8VkIjONe4p7js2O8Hx6RpAP1AGKmrwdB75vfSfHiwmN+Hy2fMK6F69Hio5hRXNUKxTVVeNX6IrF76w9XftMN64Il5t2NMfFwGTdjPSoGp9mr4GbR58eNsOem+LCCUXS0l6/VJQjuG041OqjLXpcry9FIOJbDgxCPgbt4yvz18uzKvciWOa99aVv/jdz37F6Ze8krsCC4yjyWv5gLoQ0PVo42dm4/gh6fPT9nnzgLpVYBLQG1SGgB8b4aYEm2ih8uIS0ItSQArZA4pjz1pa/wOLNPzgxUHE8QosDnxGcEsSuI4rtwLxz74plsnkArvodjYBAGdce4qp6fxf9oGSLtoOiYWszqVTHFfan15owDcbW/fhfuld/NcTjeC3cO0LEgChnzQrHJwBkxK0CJeXdjTDwcJpwMS0LP6qLgoMGx4qm5H+vV2NjYa4e5/QPeWxzrWUcQ3Q6DgqjjUS1SPLVdbntwYJZOffcf5Oxrdkh0ZmysiI2Y12UPT2sihAbEhs+enGJB6w+NRl0gWACMxdHBWA6CawyN8x66Oiw3Z4ofDbSM94rGr5YKf4cI8f3x7zsIcVerAO7dEce1694+RdN6JDhjjYROXCvT5rfIhdftkotveFUuuHaT3PjAO/Lw0s/l8WWfy6NL98oTL/xOalq+lHXbfkaWYeHu+pv0vvKTbNzlLAfZtPNnORh8L9/XsfEHWVL7sTy25F15cvkeeWrF5/Lw83vkolvfknPx/efd+LbMveI1qZizWgLTWyU0c7UcO6VdjpjQLaPGQ6jKW/eLEaH4UJD65DUdsQKUmHc3xsRDZdY5W8Qz1tnB0B9BwyqG6KRiNTRdglIeG1ODnrxKxy8cVwcgXY9yRq/rWALOMgjHGkMFZg+Paxx9fIMsvGardHR/i6yY8xfnqZqvZfp5sPI4AAxR3ec24Hrq3mjPDGHV8ZkOR+A4rsR0CobOBOH/dGvYgDjeAUtB88LP4T28ju5CiM860+NOY6PVQStJRY0WEVwkLpWIzuqVyQs2yIIrt8vC67fJzRCRex77UJZUfy9NnYcfBpCOLG34TF5s/E5uWrxbrr3nbbnwmp06EXDC/NVSMatTjhyPMg3CSlNBh2jBsnWsRri2XP7CjpDWmz4r1AOtP/idbqWmsf7yObCjYAfADpXPEp8jfI++n694blF0PPybn+F7lfizrZOjprbithPzMXlep2MV9q3LWYg73yaMiYfCwqs3oMDRILmAEg9Qz2xnbA0fquGmhhJfSZeKgDbuYLyCwf3T1fbtzv/Q+DW2BJaOvsLk95dUy/Gze+X5FZ8gC+Z8xVkM1+rkM9fKaAod80ZXQmfKuvBdtOpY2ZzpbBU6xrlwtkrFhRW4JSbGsQA8xkVBXBgVzfEdja2BCFFg4q6LWk1ajtUyZmqbzDh/k1x86xty51PvywsNe6Vr6/BusZHpdG74QZbWfyw3PPGenH/zqzLpjHVyzERuvoY6QAGHSHBzNz86Sh+DRvHc6Hp6AnhmXGoCAVGLSzsUoM+OA/QQM3420CbeIESNs4d4Xnp4Y6RS8aEDdjqkZhk7bRNuJ/H+pszr0bpiqtPZhDvfJoyJA+VX97+js0geTh1HVmpDZI/DYD7tGQw3NaSgMXOJh79krT5w7r/jWAzsiShMsFDKKYSwjiA+x5Z3ynmX7ZLeHQdfc/XgUx/I5JPapLCC4yOxyqguEb4TFZIWip7gQcFT8cMrXEsvNxej1aJWEHpTCBUXZapwBWPRvazQ6vKxzNZI/oT1Ujxzg0xasFHOunqb3PP0h9Ky0XFdRpLtr+zfrGzttp+krv0P8kLVh/LblR/I81W/l+cr98oL1Xv09/jrc5Ufykv1n0jbevP2relCVevnct/jb8j8X22XiWf1QChaZfTxXRASxh/xufD58LnzWaFDKUMd59gm6hsFR11lzhSG4WYzYJXhG9zXHJ9V60utm1VyzPh1+LrE75++YLPWD2OdziLc+TZhTBwI9z36MQodPUoFCrwCD46zGfhSDo5qIJ0OpuIBDidc2ErBgRUxKtqm4udUGhQARYPWCSyWcSf1yv1PfYbbNueFPPLCXpk2d60UwGKhyU4RUbcqPjXMsSIVFo7tMJ8QFIgQLR7t8VSEKT6svPhuWIDxAVsOxI7GfY07cbXMv3ib3Hj/+/Lgbz+V3t6D39NQ0LLue1m15id83wfgc7nsptflgqt2yezzN0rFqWskenKPHDEOgsoz9zkYzoZR3CgFzAvKlQ3Nxy02mHcIal5pJxohrD/O2qnYA3zGsT7xWYYRxC2IAIMN4Zpr0CGshjKWD54J6sYRk7pk6pz1Mm5Gm8y5YAvcqVfk4l9tkdsWvy2PLPm9PLb0I2no/Eq6er9DNsx5G2qa134nj7z4iS51mX3heimdsVFDBzxjGcWN+6dLT3Gii6Wzgciv1sPY7/HyiIVLHFvxAi6b+D1T5vbGyi27cefbhDExGUsbv4EZGhtj4axPgCYqN9/CK4UojArHOA7DTQ0t6JE4SMsGz14IvY4ueA1UyShYRHPPXy8NXf1bE4+u+FgWLOpBJXtRezJPuAfXYGNBHiAYPjRKXSPFxqfuHC0YCBErDxoot6pQU5puFIWIa8tC+AxcLDZqNqr7n/5EOjc7g7hDyebNf5Bnqn+Ue575TK68800544qX5SSISuSkLgmfuEYKYfk5goJ71tNmeZ/suVFOHGvimAh6c13pjvzQ7VNhZVkGkL+Y+6qwwcWEZV8PB3F3rD1cT8fVKFKMYo6lcdtYlGM+rufl96KzKsDnuQeSH25OAQVd6wjqD93RWFAov1/LO4DvoOXIZwoxY5xWYHqPhE9aK9PPfVVOveRtuej6XfKre96Wp5b/UZp6hk+omnr+Krfc/5FMmbNWjizDPaLz0YmHWCfL4FFvYJUeKV46pUU7mZsf+ERWrTNveUsB0j204+WbpbjzbcKYeDCauv8meWNpFXCGBQKASlIQQaOFi8FK7guvQYVHJUzBUgtd1a0WDyoCX9HTHoEGdsV1r+BWzfe/ZtsPwnPIjuLMChqeWjloHPm05NS8RmNA4am/T1ELoKIEYBVFIbBcx6bmNd5H4H4WlrdI+Unr5YyLX5G7Hv69tK8bOvdj1dq/yHM1X8h1974tsy7o1Rmi/OOQd25tMq4FQgfhC6KcUfZsrLoTIe7Pxw3CGM9DNxgCpGNQaPD5/FzAOWqHm+E7MUlIU4sN+aTwMlwg1qNTCBxwTfzPmdHDs9cygnjohvoM5MT1OO7Ha8am6jWNY16E1kHcQmD5qYvDe8L3c10by5nR55qO74UFraIDizafg/bo4Pg778ERSee+nNnVuIsMsYK16q9okNETmmXs9G4585LX5bq7P5KnV3whPVv/hiI1l/Ph8MSS9+TcS3fJVbAon162B0nm95k44YxNuG+UoaFOZxPufJswJh4MNnqa4LrheoQCxGl1ukIrURFQwTj9jF5QfWXDTQ0p6Mk1cheV8qjyGrnxvjdwi+b7vueRd6ViepvG0zhjOex9m9W9YIXXsZwAt8zg6RX4G1YNK4nGLnGgkZ87FpYNGhgHpW++/12pbB38LNP617+Vl5o/kTuefF/O+9VrMmHuBp3d0oYIVCBpCdC6xN9OI0TDg5mvkclg3/soDsEqvIKSKqeBMq9s9DFrglaQlhnHMCC8flolEFwn7gefgaDRktOV8rR41OrBtSkgMUFT8VWLBWn6vbHfISCOSLM8WW78H9/Pz/JvvtLCce7DGdAnvKfYPcI60rrDwWCKCmFj5f3FhV9Fja/4jOYdZYHv4zPi881H2TDaXJ8fN8pnlDvLBoyGgB8/f42cdf1rcu+jv5Nl9V9K77bUjrmdcMZWlB/FOVYuWYo73yaMif1RWI6KwF4UhefseIfKpkFleNiskDSpYfnojIGupzLf2JCBXvuoqfXy0AvmHujF2q+EexbrOfO6sBP3WI7PodJzuYg2Klb6WCXWRsCKykZGKwACNXpCm0RPaZEbH3xbege5YVh1+1dyw/27Zd7FO2XinJfl6OO7HdcowJmvFsc90kaF+0QjZEOkuOxzSxS8nw2UY1PxaWT9DMUG0KqBO8ROQBs6GzivQZHFc1KBYONXIXNcHv1brwtRUhcN74ULpQtzURbOSnaKHcvJEUC1Qvj5GMyHM9iO90IM1HJRKycmgn3Bs1MxBbyHfSKqlgzfg7SYBRQXlvjvcbRDwLPS0AS1flkOTl51/C8u1Lwnvk+v0Sa+YLvu2EjRVXHT72qWYyd2y+TT18v8SzbI9fe+Iivbhs+lmzxnC+rj8HsII4073yaMiSZGaUAcKhWFhr0LMXzpoVCIHmqUTpmjMaE39uhm5qgUFDLuiay9J9JomofQGNCYRqF3y4epP2Heenn0qXdxa4n3etuj78mRx/H+0BgJGiTXXuVzHRO/h1ZCWcx9Q+V0BlAhSPDjC8c3yvTze+SqB3ZJa0/yafr+qFr1R7n0zo9kytkbZBSFWwd0aR0iL2hwKnSGMrGkD5zpLBxXI9PPWiu3LP5Amrr/gkdrft6HwrS57PxQrw3fmU24823CmOhmwim4IHs2rvOKmeX7eqvBoIOVFJc2GT2O0dEQBfRcuiJcI6UpdBzghiCVUZRWSWTGallRnzi417zmSzln0U7xF3M2bLX2iqPClVJYxs/jnmmxwTpwtoSNjSGwN4cAFk9rkkW3vSU1nYdXwZ6v/kxuuvcDOeXsrRI4rhWiCouAg/Sly/E9VWpB0HroK9y+siEoP8vwQmsSVj6n52lB5RWtkCNLV8ikUzvk/CtflceXfCjNaw99N4RTz1uL+khr1/CdWYQ73yaMiX0ZPwPuSsCZMVEXhT15Bb4gZkoPiigsER38RI/ABqp+vmNqO6uv26SAi0KLG6TspC55qSVxFfqTS3bL5FM6dAaC4qWzMUWO66CxOhwYjZna+hpcKcdOXiXjZq+VBx4b+ALTOF2bf4LYvCfT566T0IxmtW7ogjAeSY+Y5qA13RqOHengqbM/suMOUHRiwtN3bMSSnnDRLF04WuEcbuCwAjsypDkLazng3iBFkzvlxPm9ekSSu770pbbpO/nFFTt0ZjAXzk1z59+EMTHOaZdsRSOib87C5k6B6AV07Icj+BAGNupBoONEEAjdqIzT97qSHq5XOawd/q+4VcbNapdnqz/F7Rx4b3c/vVeOrOjQcQQPrQ1Oa3KMgmMdEVSM6DL8D8JGCwvu19FT2uWcG3bJU1UfJVzrYNDsvuHOd2XiyWvEz8WSDDngoCZ9eLpSHI/R8oCYctM1WFzOrBMFNLYEgJaWjp/E8x4v0/jflnSEbnt8zyR2Hnxm+mzZUXJcUcc/YSXBkqdFzXElb2CZjDmuRs6+6i1ZUv+lXH//bomexE4ILnexM7ivdVQnN8zfmy2425IJYyKZ84staLwsbKAj9mhkaHwFsfEYJ+DO/MUDBg1WrRaI3CgKCFeR00IINMqYyb3y0Evv4VYOvK9LfvkW3Co+PMJD+lAJouvwO3ooPUWU4tUq+eG1kl+xTK646x3p3jLwOJxHn9sjv7jxdTl+QbfOFKnrRGsF7p9TcZhvAIHkUhCNhsV72BPq+i0GJwL9nZ9VF7LBOYBQx5xYeRudsSBTmVjSh1h91BlDHdBHHUBnEnff983cscdHJ8jnqh2hWkkcLGcng/rIDpVrJBktX9qD/6M9RThT6fq+LMPdtkwYE+dcuNopLC5joBuDHiC/Yo1aG7ptAlwcZ4kDCn4QcOZDLQhOGzP+pKhdAhXdcucDb+I29t9Pz8afZPY5G6VQGz8tDmRQ90TmPeAhUxA5M4eGXjG9RxZd+7J09SZfXEqau7+SRde9ImUntDvBe/GxGYpMGa6rMS4UDVQ+hhcw9D7gTPfq4LjO9jA/LCv8rq4W03B/nKmicLO35H5D8YFnvp/Rsn3KwpKGUDRYB/gM44GHSNfxT9YJptENq2A9YcfHGCvGkMVECp2MdjrB5bCclkPIUDfGtGiIQKGuJTR8ZxbhbmsmEhIuv/Fl3UTeV04XC+4QG1FZt3jGwqVgwwlwd0MUpOELD5mg07OwNymAhXHF7btwC/vvpWftt3LKGY6V4UQncx/myj57CXGAtxYmb4PccPd70thljjztS9u6H+WOh/bIjHnrkS9ck0F8HMOheU3fHjhTvnSb2MvhlRVOhRIih/dyGtfPQXK6VPG8UFx0Ro1CBWGiCPH9cCvjAYKOyxZ7P3uJ+Gct6UkI9U7dLHYoqCsaVuBM2+vz1NgovHJsDxa4Tp4wpCFQpxH07GTyI53orLjvOINGGTzKODN0RsWOmGUz7rZn4oA/rr/7LTSelbr4jn6vbhvKCFf1W1nAUHY0eFVyPhzDlx4SFbRomuTsi7bg6/ffx4s1n8nJZ25yHnAsOtYJSEOjpc+N72acybyFb0rTACKPH3x+t8y7fKsUnwjzl+NMsWA6jmfp4LGeU49KprE1cJ3Qa1GAuFyA0/Zqfut9sOLhHnSwnIPe6P0Y7Ib74kCz7ukM8XKWQFCQWE6soBQjfp4VGnmB+KQkUNMyKBjg6kyGsJ7wuSKds8GoD4TnrPE9Oi7K58znTUHSGDLUEY5tsmMKoNNSS5rjRRC0Mi7cZqeU+J3ZhLsdmtAfS9r+SW5Z/LkzzR5yNo/XXtxw0b7wgcRnxrTAOTumx9vggeBaOgZC87UcLgjHQPCAvNyjhQ8DDX7Cgl5Z1fsjbsG5mVUt30lkKtwc7WHwPvjVTsAZGz3vrUFOOvNlWfxM8tmrO+99XQIndKMHglWDCsJKpGKh4zScFo9Vlnh+VFRwX9qrsXJALPi9Kn58HysVfmdaPH2fFRP7v94rxcapaIwSV9Gh+PD7VMD4fkCrijFVOqCJe8Q1nWC5WDSv9rj4HC0xDR5kmcUqMp7R2KldEoa7yVM0Jp2+SU46d6tMnb9GTjp7nZx1xXY59+odcu6VG2ThdZvl9sfelwdf+FTuf+4j+c0Lv5cHntsjv3l+r6ze+OdB0bH5r9K55Sel++V/lPaNP8vS+i/koWc/kIee+Ui/Z/GSz+Sup/bIRTdslXOvAbivc655TWYv3CJTF6yVGedskqlnbZLQ9DZdwxaesV5d6X1BkoH62PHQfDbxMgSx8bm4GOgAv1qwXJNXp52A834+pxgMyoSFsi+QUZ8zn1fsfX2fMV7V4uc1931Pn/fy/jj+xzWEasmj80GbiY8P8ZVLUrSj0WhvXFstJfwf9zUkYSxpjrtNmtAfl97+ikyfT8sChU2flVtssNc2XLQvOvAKYfFz7REbGj/DQuZD5sOhiCHdy4dUhEqBv7kP8xHwqx9/6Qv57//y3+T/+x8iLev/JFPP2KgP11mkx8pDawTXQ29y7OR6ue0Rc9BhnGVNn8pVv35HApPxGdz/vgeMRqz7LKugsDLQ5YKFwhM+46Y1RYeiBCiqrKAcGHeOUsbvrPxAhQvlo2XEgWUILU1runF85daio/C9OhvCgUaKrwoyvxNmeRm3G2Uj4N5C+H8Rv79NLUouEYjM6tS9f+Zf/YosvO0dXSrw0LPvCS3C2o6vZPWWH5BVc/6zkbXbf5aG7m9kedOXKmh3P/J7ufa238kFi16RuedtltKT1siYye1SwHEaWups7LQ+KCQqHHhWQDtU1gfUK53F4ngjnheXoahrFBMsPhsHRn7zmbH+oT6qC41r69a9uCbrJcVIOyzU1XhHwr91XIivuC4nRViP+TdFNV4ndUyR78fvWYz7eZrQH5fevktmnrl6n9WjYzwUFNcFE+CCU/YWAaeh6vhJsFUKdSdCmplszPgf/N18CgDEibNS3/z8r/J///v/JW1b/yzT56yXUWPhJ9MkVSHg+EuTHFPaif9tlMbV/a/TeeClz2XWwjUydgoqkg6WO+6ibzzFhddagb+RxsqBiqGuFceP+PDhn7NCaOXke9FLaWXFe/xR5EN3dnSWFTiDiqg87P20B6RIAv0dPV3EmYZVU5zT9HTt0MNyC47iSa0SndYik09rk3Mu65Wb735dnl76uazq+lm27kg+ZmU5NGrafpCHfvuJ3PKb38mFV7whE05qleLx1VI8sVGOHsc6ivqAekqR0mUcKg54/iparBsUFtRf4BxWyXqEZxuzdOhq60wtxw7ZOfF3ErOGWb+0g6LrRQtYt3ZhfXEsH20v2tHj93g7ylLcz8aE/lh0xxty6rmwQDjtjp7bMXlxERbqwSijVeE0WvYYugUmrZdwFSwZWAXsJdjwy1fLpAWbZd0rf5Z/++//j7z34f8mp50DwYutLteegZZEeZMUT++Wm+/fjdsy3/CLTd/IzAu3QFS44BWWDe5Z1znhOrqOCWKoRyNz6hT3pmeiQwzisRxqGqvpjMoBkWQPqH+XcOavByCd942eMn7deI+l65fwt4oWKu6Y8aul7MQNMvPs7XL2la/IlXe8Kvc+966s7P6TrHn177hdcx4sI0fvjv8olau+kQee3C2X3fKezF+0U6adsV7CJ7RKAawVnWTg1r1BLlxmHBkEBc/az1lWToKE0bEyul2HFNBG1L0CHHym5Y+OSl0xnYLH5xlkSyuboqftBp/hd6h3EGtHWYq77E3oj0tue12mz+PGUWiIVGYWlvbu5gvvI4DP0MSMLFfrQa0m7VEAB9vQ4H3l9fJQ5e/kn/7z/ypff/1fZeE178RmiShYeNA8widSJRPn98qKpj/jdhJv8rfLPpWzL94hR9Dl4UZYDC6EtVSASjIKPZNOiRfj++n+wad3gsVqnVNZAxQffE7HCSiqQM10CI9ukMVKRMuJwYzMN/JDFw7vzSvq0G07AxPbVaCvuv01Wfzc+1LXfWjnglkyh7WbfpSV9Z/KI0+9KQsuf1OOm71WRtES4qwVx/J0vyh2vM44jzNTinqmbpkjLvpKGJxKL4G7KWrMGuocLXAKVoBthO/NXtxla0J/0C2auYBH6sDspDVShAapBXhwdPU2rA0VHXVzWh1Lgutc0JDnX/myfPXdf5G//8d/lTse+UCFwdmwCu8fXy+FFY0y97IDZ8Di1Db/UU48f7uMnbrGuRc+yMgK3B+PRnZmqDylSx0/Wx84KwAzjl6IK995KivFVNM4dkPRATr4COjuMX4I7xlV3i5jj++S42Z2yhkXrpM7H3xDKpusyFgOpGvzX/Q0j4uv3SknzuuR0hPW6WGVukUNOzGdMUY70DEh1DmKE6wpblejVjb+1o4NdVGFyNCmsgl3+ZnQH4vueEtOOrMXDZJ+KgqHhaiWjPnCcXSTdbgsOsgbqNIgPm9RnVTMaJKmdf8k//Pf/5u8UPeTFEyEIME81XOu0PiLJ9fLzXcmnqPesfELufzWnTKaa8QCsKrQY+iAH3fHg2+eV06XC7/jWurqUWj4yulwPdkUD5cWEU3eYghWwNlOVKOTQ8tlVMkKKT6uVmbOXyOXXPua3P3Ebnm+7hPpfXX/TJzFcqi0bvhCHn3xQ/nlr9+W0y94RcqmrhP/WHRsJRCmYLUzJggh0qU5cc9CO9AD21O24S4nE/rjstvfjFlAdKE4MEerIrkA6cAcZ3jgzuTxhNFgvVx951vywR//D9n+2ucy6cz1kl/yItLh3sBaGjO11rh73E2Lfy/R2T06A8FBXDVxuQMhB5bRq2iMTYi9CEUGVpBaPW0ah6HH/qJ3YQ+jA8UUT9wT12RxIHnGeVvk6nvflSUNA4uMtliGitpNf5dbn3xXTrqwS4qmoj5yQoSTHTr+w/FFc7vKFtzlYUJ/UIDUAmLDxwd1ZgAuiuPfwtdF46ZbpdPQFCedkoayc1wFf3MadNysTlne/YNs2/PPcv4Nm1X1db/mUINMmbdeltX/EV+1/4urqr+QitmbhPsM0Sx1Fo7CmuJGWjr4i3vgQ2KPQZcpNoincUccW+JAIYUGLllheZtUzFwvc857WX51x6tS3/WnA77LYkkXmlf/We5a/K4s+MVaKZm9UfLHQ4xQx/VEFZ0YYTwR2xw7Vy6IdcYw2TE7EypoE6z/FDF2tgxb4aSRTpTQaGDHi/frOC47Y76X10N7RJruW862m4Itk915N6E/9gkQpwvxwbgAqXXDwWRkijMATgQ0zEm85nEtFl4Z47Polrdl+/s/yVMv7pGxJaudGQB8npt417d/L//2b/9D/v3f/102bfterr9vjxwxkQXGKXKICa0aFBS/k+HregpBUa2M1gJGj8HAu6hT4Lq1BR7E2ONWycxzNssdv3lfltZm1+F7ltyjuulzueexj2XuRdvkmIl00WLtjxY93TXGLem5exzQBtwJE+2CK+x1kqWoDULVLaOisd0hdIiCg+X4jLYxXpNtkp02hy04Dsvf94vFcODOpwn90Z8AOSeLVjqj9xxwhjiousJ/pRoXTdgiS1r+LPXrv5STzt6gM1RU2tlnbpZXXvtn+V/+87/IP//v/688tfJDORH/L+SsE0f/4To5swYc7K7SmTKdTQvBVUO6fi/Hb/B9R0RaJTS5Xc64eKNxWw6LJRt5AR7DvMt2SOkMtIcQ9+qmt8GAWqBCAiMAbYnHSOksMGduYd1oECXHQjnYjbao0dxqHaF9abAk2i/hqgeXYAw17jyZ0B9GAeJN0txTq4fLCjiAxngfukGVcuplvVK39lO5/K7dzrR3sEbmXLJBNr7xg/zz//mv8vHn/yy/fmCvjI5ybx7OZKHgivFZXJPCojsFcmuCQKdeOx66ftSEOpl+wQa5/N69UrvKulIWC1nZ+KVcfeubMn3+BhlzPNoQJ19062IKCxq8Cg2tpJgAUHCK6TU4i2TphnH4QsdRY8Gyzgzx8OHOgwn90a8AITO+CMQjUCv55VBYqDC3xLh+8VeyeOV3ekYTMzR1zibp2PiTfP+3fxFunTHvoi0QpSrxjEMhcStVPSmVv/O6y8THNWNFUHH4pKNg/cw6f4vc+/RnsmqNPXLYYhkIbes+kRsf3S1TFnC7WHgOIYoMBChS44y9MlCXoScqBmh7OlvMxbWM0m/Qc9rcgjHUuO/ZhP7odwxIzzdfrq6XP9wlx5+2Rh5c8ZmccXmPFBY3S/lpTVLb/YN88Pn/JCvrvpSpc1dDkTlz1RabPuegV6vjvnF9Gdyp0eVdMgHCdeNdH0nP1kPbndBisZjp3Pi9XHnLK1Ixo1NGl3H9ZWzBKy0ibtpXzjEheCocqI7UiZ8BwLSUhhH3PZrQH/0JUB5MPB1tD9bLaYs2yS8feEciU1tl6uyNurJ6x5s/y2+efV+KJ9EnhcgwUpRKzJicsZ2SX9Qmo3CtSaevlatv+Z00NuXWYkqLZaRYUvWFLLr+TZl0KtogI7K5VISzbBrJzRlniJNLMIYa9z2Z0B/9ClCwS/yRWjnjqrdl9sJXNYjvzic+k9/W/0muv2eXHDW+RzT2poTbjzrrrnTaMFQjp13xqixp/hKXN3+xxWJJHU9XfyuzL9oq+YyhK+aeXvBQXIIx1LjvwYT+uObm3TLtnHWOKjKmgOupYL6NndkmMy/cKdPm9ci8C9bKE0t/kAuv2yVHHl8tuncQ105FObBVLxNPWStX3viarNk09OegWyyWoaOl6y9y1XU7pRxtNj/KrUhgbHCqPtTgtGuOJcGY4EyaE3pTq6sjdL1nqFHTCWfYaIBwHFi3NWHkN40XXivcjq8yf39f9Mf1t7wrJ5zZI4UV8BU5ZReokdLpPXLqgk0y88w1csHNb8spV+zEja10BIqxQcFmOe+S9fLgEx/iEuaLWyyW9Gfxkx/L3At2yNjxnU7QI4MYuWCb7TzAcJmO2FY9ECEuj+LYEhd+x7ck0UW5nLBqhJjVIb1aB7vd32NCf9wAF2zqmat1totfUjytS2acvUWPED7+NFhGGp/TrV8699IdUtNh97GxWLKRZa1/lLOv2CqjKSQctIaQ6AEUAW5Hwv3ZOX7Ezfpg/TAKm1P/3J5Z98+m50SLCVZRpAOXM39HX/THFbe+IdMv3Kz78UTmbpNJZ+6UsRNpTtXKmIntcvJZ6+X5yr14q/kiFosl+1jR/o1cdP0WGTejXUYFV0k+98oq5mw2LCSeBkKXjHtq6ZbLcL04Hqy7XdCCqsUlzNfti/644qZNMmnOOjl2wjopjLZJIS561qVbZWmdFR2LxSKe9t5v5bp7dktgGtwyRmKXdOl4j8Yeccwn2K4xgxxL4mnBE8/owcfM1+qL/qiqek8eeuwDeeTp38tzLyVuk2GxWCxx1m37D3INjJZjJq7TlQ08bqgg1CTB4+vk6ptexlvMnzNhTLRYLJaB0Nr7ldxw+w5ZUX94G/gZEy0WiyUVGBMtFoslFRgTLRaLJRUYEy0WiyUVGBMtFoslFRgTLRaLJRUYEy0WiyUVGBMtFoslFRgTLRaLZfgRz/8PAJ95CqMJni8AAAAASUVORK5CYII=Dynamics CRMGE.PEllipsefalseAnyAnyfalseA representation of Dynamics CRM PortalfalseSE.P.TMCore.DynamicsCRMPortalCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRQAAXEUBuS1iLAAAABl0RVh0U29mdHdhcmUAcGFpbnQubmV0IDQuMC4xMzQDW3oAAGWmSURBVHhe7d13fBRl/gfw7G56T0jZnk3vvUCoIUAo0lEURVAUFT0sWE5U1IueCinbN21TCAmEKiA2VBRPrKd354nnef688zy9s5yn3tlQmN/3mZ0NIQwKmLY7nz/er919sjs7MzuZ72dmnpnx4TgOAAAAJEa0EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2AgAAgHcTbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2AgAAgHcTbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2AgAAgHcTbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2AgAAgHcTbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2AgAAgHcTbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2AgAAgHcTbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2DoQb1j3LVczfBgAAAGeJ1dL+9XWgiDYOBDbiPso6AAAAOEuslvavrwNFtHEgIAAAAAD8PAgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAIGDD/FXd8wAAACPOYNW9/vV1oIg2DoTBmBFsBvf/HgAAgJGA1Six2vVzIAAIEAAAAGCkQgAQIAAAAICUIAAIEAAAAEBKEAAECAAAACAlCAACBAAAAJASBAABAgAAAEgJAoAAAQAAAKQEAUCAAAAAAFKCACBAAAAAAClBABAgAAAAgJQgAAgQAAAAQEoQAAQIAAAAICUIAAIEAAAAkBIEAAECAAAASAkCgAABAAAApAQBQIAAAAAAUoIAIEAAAAAAKUEAECAAAACAlCAACBAAAABAShAABAgAAAAgJQgAAgQAAACQEgQAAQIAAABICQKAAAEAAACkBAFAgAAAAABSggAgQAAAAAApQQAQIAAAAICUIAAIEAAAAEBKEAAECAAAQ+vOmmdiyEJyAVGJvQcABg8CgAABAGBoUdHPumP90zvIY2vvOzDGR1kj94s3MTKx9wPAwEIAECAAAAytMbM3Z5fP3ry7YGrnu6MybZtk8bUbfOONGygAnE/CxD4DAAMHAUCAAAAwtGRqSw7ZJ1OZ6P+llqMAwFEAYDqIUuwzADBwEAAECAAAQ8tHXZtD9vmoajmf+DoKAHWcnCji6zoIAgDAIEMAECAAAAyNNesekpOI5HJHha9uwxM+qg0UAOopADAsCNR2EAQAgEGGACBAAAAYGlT8w8i8ect6zKOybG/5qOrp/4XEGzmfOMbUQRAAAAYZAoAAAQBgaFx23a6YFat33jL7wi3PxeU0fOzD9wFwBwAzsVAAsCAAAAwyBAABAgDA0CirbIsZPbXtluyxzc+FJlo+Zrv/XRAAAIYSAoAAAQBgaCQVNsaRak2O44+BOtN/WAdAFwQAgKGEACBAAAAYGkmlTjVp0RY0fRlssBzhCz/2AAAMOQQAAQIAwNBQ5jZoSVdMpp0L1Js5GTv+jz4AAEMOAUCAAAAwNPz1dVrS5a+r4xSqWgoAta7/GQQAgCGFACBAAAAYXCuve1xG4sbM6JoYaDDulbHiz5/3T/8v6AMAMOQQAAQIAACDi4q/Lyk7Z8nO66LSbYf4/xO+6BP0AQAYcggAAgQAgME14Zwe34mze8blT+q8JSTR8qKr6FPB57EQgAAAMJQQAAQIAACDKyLR5huZZBsXmmC9RaE0vshv+SutxEYQAACGGgKAAAEAYHClj3UGppW3XJVY0vxkiMHyD77gKy0CBACAoYYAIEAAABhchVPbQ/Imt1kzxzu5qDQ7FXwTcR8CQB8AgKGGACBAAAAYPNWmP8gKJ28MV2VZ7bHpFi5Q5y78DAsCCAAAQw0BQIAAADB4rrjloCJrXHt0gLLG4RtXw8n4nv8IAADDCQFAgAAAMHjSx7UHxGU3KBVKYxO777+r8FuERwQAgOGAACBAAAAYPDPP3akbP6tncrDBtv34sX8EAIDhhAAgQAAAGDwXXrZv2XnL9j6eUNDyN584+v/gDwFQ4We9/3kIAABDDQFAgAAAMHhmnrfjnqqF27mEgmYq8LVEKPju4o8AADDkEAAECAAAg0dbYL9Hk2/nQpKowLsLft+tfwQAgCGHACBAAAAYPH662nt8tbWcXM3+N9wBoB8EAIAhhQAgQAAAGDwylfEeQv8XIoXfDQEAYEghAAgQAAAG3vLVj+hIZXRmY5eP0t3pT6T4MwgAAEMKAUCAAAAw8Kj4zyZbUsrbD/so2fF/FgJEij+DAAAwpBAABAgAAANv/OyeCyfM7nlend/8Dx92CEAMAgDAsEAAECAAAAy8mNSm5eQPQXrLxz6qWir49L+BAAAwIiAACBAAAAZeSIL1KvKhn8b0P9f/BRV6BACAEQEBQIAAADDw/HWmNeR7uVoo8ggAACMGAoAAAQBg4JRP2xpHysKT7Ra52vQDOwVQ9mNnADAIAABDCgFAgAAAMHDKp/XkktUxGY0P+SiNR1lxl7ECz276I1b8GQkFgObWZ+SM2N8AhgoCgAABAGDglM/oOYfs0+Q3v+sTX3eMv/Z/LAIAQ4XfjyiJmgSIvQdgKCAACBAAAAbG3bUvyoqndl9WNKXrE01+ExX2Wir+9D8Rw4o8kXgfgNU3PxR2zY17R6+45sEpY2Z2ZsVk2rTqrNo4Xfb6MCIT+wzAYEAAECAAAPx8VPwVJFhX0LwqNrPhk5BEq1DY6X+C3QUwnh4lHgDSytq15JeJxa1b43Iae2IyrQ4KALdS8a8iIWKfARgMCAACBACAn2/FdY/7r7j2scjQROu1CmX9p67j/ibCijwFAP5/Qyj4/Xl5ALiz/iUZCc6b3FUam9G4NSrV8VlEqv1IZJr549j0mufi0tffHJ+xPkrsswCDAQFAgAAA8POlFjYFpBQ2xfqpTTfI4oyf8sf+iYwCgFzJzgToV/T78v4AEECyZl384KXRGdZn/XR13/lp647662u/CTLUfBKUuMFK4sQ+CzAYEAAECAAAP58qx6om04P0ZjsV9C/4ok7Fn+0JUMSbXGcCiBV/xssDwFW3PhlOzpt18a7mUVnWt32UG2iaaziZqobz1dVyfvraTqIS+yzAYEAAECAAAPx8ukJ7JdkdmWb5m1xl/N519z9W+E2cIk44FVCs+DNeHgDOW7knntRNW7ztvfgcx/9krD9ErJGT03T7ao2cn87YSRAAYMggAAgQAAB+vphM2wLydmiyhXNd/Y8VfDMfAOTCoQApdgI8d9V+2dg5W3SjZ3V35U3eyEWl2VzzIpbmS7yZ89OYOX+duZMgAMCQQQAQIAAA/Hy+GssCX63lbbma3faX/R+wAk9FnYq7jPUHYIVemgFAEZ/XbAhLsXcHJ1o5hYZNL80fNl9UJs5Pa0IAgCGHACBAAAA4e5ev3h9NxqWVd9xLAeADV+EXCruShQF6zZ8JQCQWAK68/ilfUj5v6UM3RWc0vOCaN+71BAUACku+OgoBenMnQQCAIYMAIEAAADh7VPzziGn8OVtfpS3c/50YANjzPq+lFwCCyK8vuuKxj5PL2r7pP29kaiMCAAwLBAABAgDA2auct7W8cu7WPdnjOj4OTDAfOV7gzoCXBoCJc7YFj53ZYymZupmLyWo8abr5AKClAKAzdRIEABgyCAACBACAs5dY2FRBXozLtB/11RiP9S9yp8VLAwBNW7BcbbQQ0emWqeqFswAQAGBoIQAIEAAAzlz1/S8EEG1xZfeymPTGP4QYrNypCt1P8sIAMPei3XlV5+64NDKt4fHevhD9ppvdKhl7AGA4IAAIEAAAztyd9xyKWFf93Njxs7bfEWxoeNtHaaFln4pc/+P8P8ZdDL0wAMxe8uDy6eftfFKT1/qej9JK00khoN/0ow8ADBcEAAECAMCZK57YMap4UsdMTV5zrZ/e9q6PmgJAvwL3k7w4AKSPda5JK3f+LTLV8QV/OiQCAIwgCAACBACAMxeuN6qC1XXL/NXGTrnW/A8fDRW5vkX9THhRAMga3+lLAqPSLfdFpJq5AL1Q/MUOAbgDAA4BwBBDABAgAACcGZPz977qvKacYL3Z4a8xvSVXmfqd/neGvCsAaMnEsGTrRn8q7gp2VUR24R9+3XDidLs6ASIAwNBDABAgAACcvsvX7JddcdMTweq85vGBestTfhp2SVuhyLkv+HOmvCgAJJY4RycWO28PNlie5udHfC2pcc2fftONswBguCAACBAAAE5f2hingkSHJ1mnK1TGg/yNbeKoyDH9Ctxp86IAEJVmvoi8Eqg3/tNHyeYJzR8VWy+cPN24DgAMFwQAAQIAwOlTZVmDSVlEkulGubLu973FP44t+1TY+nV0+1HuYugFAYCmR0YUwQnGG4MNxu/9tGx+0HxhxV9s2gk6AcJwQQAQIAAAnD5NtlVF7o1NN7/ur637nBU5ORVxRuIBwI+EKTTGteR7tnvfNT9OPU8QAGC4IAAIEAAATl9MqsVAeiKT2K1s6zgZBQAFLfO9AeBseEEAkMcZDWQ2TU8H+eGE6TuF44cAKADgboAwhBAABAgAAKfPT2kxkB5fpZmTU+FmfQBkyhqea/kXL3Y/yjsCwHxyUBZf/4HoNIo4fiVABAAYWggAAgQAgJ9WNG6TL8k05Dkv9ldbn/GJM1HBpiLG93LfQMu9NAPA+Sv2xZAx6tzG9QpV/X/4TpEiPf7FHD8NEAEAhhYCgAABAOCnUfEPIaszS9ufDku0fcgXMFrWXQGAFX965Jd/8WL3ozw7AJQSY+7E9pf8dHXfnsl8QACA4YIAIEAAAPhphnxneEJeywOa7OYPg/TWr/iizZ/n3odIkTstHhwAiiq7phZWdu3XFTT/y09T/71rHSAyjSJwCACGCwKAAAEA4KeFGKwRxEHF/weF0nzMJ5YVbBLPmFzO9mqAHhwAQhKt88ibgTrLD77x5mNyfj6ITKOI45cCRgCAoYUAIEAAAPhxeRVN+pTRDVXBBuuDvhoLJ2PXtmd9APhi58aKP+lzmttPchdDDwwAJZVt0aQ8Lste7a8z/UNB08OKv4xNy2nOB5wGCMMFAUCAAADw4ygAVGaMa/w1bem+0ntnO3fB70ukyP0ozw4A6eR2fYHjCT9t/eeuSyEzwjSJTW8/CAAwXBAABAgAAD9OX9x4pbaw4VBwooXv/DfgPCgAnHfpwzLir8lvGBebZdsclmz+q6/K+K2M7wdB//+neQYAc7wPAC4FDEMLAUCAAAAgLmtiu4zI43IaHojNdnBBBrbb/2f09j8VDwoAMxZv86s6tycuJst+vp/O+Du5ul64HgKbDpovZxQAcDMgGB4IAAIEAABxVPxDiSo00WIN0ve9te3Jxexn8aAAUFbVoiM3JJc1PBxkMH8sV5k4udLsOvZ/huHo+JUAEQBgaCEACBAAAMSllrcYyNQArXGLTywVN3bDnzM4xv2T3MXQQwLA9Xc+7Td6emtpfkXT/uQyBxecaKWteCr+DN8Pok8AEJveftAHAIYLAoAAAQBAnKHYcS7ZF5ZoeccnjooWv5VLzqbDnxgPCgCs+BPt2NndC5W59ufCUyz81ruPSsAHAGF6EABghEMAECAAAIhT59l/qc61cxQAqEiz4/+C/sXu5/KAADDzwp0hVefvqMip2HhnoMHyR9HpOEPecAggWGsOIRoSKfZ3GJkQAAQIAADiQhJsvyScn4YVfVq23YWa3wsgXtTOigcEAFVeYxy5fVSm4wUq1p+KTscZ8oZOgFT4c8lqMoXIxd4DIw8CgAABAOBEwYnrY0ihQmmyyOMsrh7u7GY/7JE/FHBiIfvZRnAAyJvQLCORmjx7WViSZUtQgvm/CrXxe9HpOEOeHADSR7ePIiXRKfbVgRrTXj+V8dc+sXUVRC/2fhhZEAAECAAAJ6LiP4W0+apr/+ATS8UqrpaKNAsAP/OmP6cysgOAHylLKnZcG6w3PSdXsev91x89aRrOgicfAqDiP4Fsic9q+KOfuv5fsvi6v1Dxf55cKvZ+GFkQAAQIAAAudz5wyJeERKYZLwvQ1/xJoar9/HgAEG75q2JoORfp1HbG3MVwhAaAmcv3yTLGtYVqch2XxGXYtvtrje/2ngYpNj1nyBM7AU6e3T6KjM8qd96ry29+PyrVziloOtheIhktK2Sd2OdgZEEAECAAALhQ8Q8lBlVe422+mvpP5Urj9677/tNyzQcACgJ88R+YAugBAcAvpbwjLiTBWh+oNX+iUNV/4zrXX9IBoJRsyRnX/PfwZOu3vhr63YRrIfjSb+gbZ0EA8AAIAAIEAACXBRfvSl6wdNfFhuKWzbRV9xXf25/v+U/LNb/7nx754i+NADB5bk9p+fTu1bSV+4wvFWs5P67COItNzxnypAAwZtbmCDKhcHLrXdljHW/r8qxcAI2765RQE3+DKEW8mUEA8AAIAAIEAACXyrmbK8n25NKWvyg0pu9dp/sxQtHjC5/b8UJ21tzDHKkBYE7P2gkzN/9TldvwlUxVx1/sR+Y+DVJses6QhwWANNKQNaH1najUuq/8NOs5Nk9650XvsmJEAPAACAACBACQuo4tf/Qj0aXTNi1NKWl5dVS6/XMqTgPS0e20jNAAkFbWdl9KaSsXkWKl8WT9IGg8B/A6CHwAGOGdAGct2RVGpo+bveXetDFtrypzGr8K0Jt+EJseAQKAB0AAECAAgNRR8Q8jGbmTOm7x1xjfl8XXHRuUa/6fyggNAH5qy31E2PXPAoAwrv3H/yx5wmmAVPx1pH38nJ6v47Iav1eoLMd8VA3ETtMgOi8QADwAAoAAAQCkbubibfEzz982VVvQWK9Q13/kOubPluWTVu6DY4QFgPDUhrHkDj+t5SA7tu0ax8EIACN3D8BFNz3lT2bOu+KRmsKpXX9IKGrhQgxW4RCIhdDvhQDgsRAABAgAIHWGogaDobBhRUSKZbNcXffv48syrdD7HLMecO6iMYICQOX8zQoq/reGpTi4AD3b9c/Gk+YFCwDsbAh2ISTWJjY9Z2ik9gGYffF22fnXPh65ZM2TjfOufIQzlLVxsjj6nRh2uh/NC+YUywcCgAdAABAgAIDUBelMJaTVX2N8U66s/6a3MIuv4AeO+ztGSACg4p9HfqHOb9rnr7dwCv4SyO7xpP/t3j0Awvj/TCM4AEyZceG2BwpndL+SMmEjF55mF6Zd+L349Zzw/OTpQgDwAAgAAgQAkKryqk4FCaPiv5C28F5nW3lyfguv30p+sA1zAJi64HEZUYyb1XU+eVFX2PQRf6aD2LgOoN4AMEIOASxZ9WgQiZl+wbb7Ji/a8pmmsOnEMHh6EAA8AAKAAAEApIqKv45cmVTUsi1Qa/tIFs/uay9s9fJ9ABjRlfzAGv4AEETidflt18ZnNf01JNH6FX/BI7FxHUCuToAjKgDMIC1FU7t/q85r+Zbmw4/19j8VBAAPgAAgQAAAqSqc1JZPticXt3warLcfkbHOXSqhc9dQdgQc5gCQNnqzMq1sc0WIodFC3/8lGx/XOe6DO/0j5SyA2RduCydJs5fufmD2xXuOpozZ6Po9+MMd4uP+IxAAPAACgAABAKQqNsNSTB6JTDF966upOeq60Q9b6bMAILpyHxzDHABCE+wTQw32Tn+N+U1ZfP0RFnxkYuM5wEbKdQCo+E8lHYVTOl/XFbZyYSnsFD/xcT4NCAAeAAFAgAAAUjN14TY/otcXNF4QpK9/0VddQ1ujD9Cyu8FV+Ptu+Z3cyWvguL9jmAJAZsXGEJIckeK4MUBjed+Xxonv3c4CAD8P+ozrIBjuToBjZmyMIFnjZm+qHj97038MJS007cJpj+67PoqM909AAPAACAACBACQGir+8WR1QUXnvvAk24fsEreuZVcoxtIJAFnkV/F5Tc/4aSz/5ecDH4Bo65yd7sfGS2y8B8gICABjSVNaefPv4nLsR0KS2G5/4TdxLw8i4/0TEAA8AAKAAAEApKJ96zsyErTwkofyiqd2tqeObv0oJNH2jWurz935j/CBgK38z6oAnL5hCgAXrdobQNT5UzrP15e2HIjOdHyqUJu+7512VgSFc95Fx3uADFcAKJu2OZqU5U3ouDOz3PkXZY7jG4Wm/phox0eR8f4JCAAeAAFAgAAAUkHFX0F0S69+fLYqt+HRYIPpO4XGdNRV8PtjK/+zKgCnz11khj4AxJH5JVWd5ohU6zu+GiM77n/s+NYvGyfhUWy8B8gwBoAysimttP0vUYmOrwM05qP0W1MA6DP9biLj/RMQADwAAoAAAQCk4rq1zwat/uXB2QuX76uPzbS/IXMf5+2/0h9qQxgApszfpaDCn1E0dWN1YmnzbwJ0pv/0nvEwVGc9CIa6E2Dh5I1RZELWuPa7U8va3lFmN3H+KrPrKn8i43eWEAA8AAKAAAEApOL8Sx+OvmDFIzWzzn/wn+q8xq97O3qJr8iHzhAFACr+chIUn9MwPjzFsi/IYPpSrjZ+z2/tD0cAGOLTAKn455CNKWXOf4Qn277xo/AhU9MyoBrQ5QABwAMgAAgQAEAqiqd0xZRM7XLmTtzIRbLLu4qvwIfeEAWAlDHOCDJLmdtQE5hg/rOCtsDFx4f+j4cgDAzVhYDUeU2hZKImr+lOXX7TG3GZDs6fvvfE9Zb4OJ4FBAAPgAAgQAAAqfDV1sX46+udfrp6Ts6O1w7gve1/liEKAIllLYmkQ53f+HlQguUIf6ofX+jd3ONDz4ciALj7AAx+ANATe2ym48MgnflrBf/9tNXPpjGWzfsBXQYQADwAAoAAAQCkQJl9/9hR6fff7KutOeRaTo3HL/t7ckeuoeEuGoMcABYt3R5IJlbM6bpdW+h4NTzVwvlpzMK5/mwc2PzoLWAu7gAgNt4DZLA7AUYn1wWSqqjk+l+HJ1t+G5Jo/c5XbTzq6uAoTB8fgsjALQcIAB4AAUCAAADejoq/nNwVm3n/vwL1tV/xxV9l4omswIdOb7Gl54MbACLJA1ULut9X5lr/56PawN/wyHVve2EcTkVsvAfIEASAaNIYkVj3vb+mnp3tccyFTZd7GmlcBjYEIgB4AAQAAQIAeLMFl+8Onbl0hzY6xWIJ1Ru/8lXXfT8Uu7fPyCAGgMyihrD0ksaMtNHNTkNx45chSZYj7DvZ1v+P7gEYAjIqmAPdB6Bp05vR9vY30tNHOy8I1tXVBunqXgvQ1XFydo5/39McBw8CgAdAABAgAIA3m37hDs2UxdvGhSc0bVbE2oUr3NUQd89vRnRFPnQGKQCsuP5xeWpBQ4IqwzrdT1u/x3WhG9rqj2ffRY/8vDj+fys6boNoIM8CuGHdozLi+2vTK5n3Gl9ZlFrW8mCQloavZt9F08am001kXAYQAoAHQAAQIACAN9MWNk/XFjTbg/W238mpyMr4IsACAFtWRVfgQ28QAsB1dx4MuXrtAaUyq2FlaIJlp6/a+M4JRZCd+85f7Y/Nh+GZFwN5HQAq/nGkuKxq45qkkuaHIlKs79A0c3L2Pfw003diDwAIEAAECADgjXIn9shJQHS64/qoNPvfAnTmz3uLH3/+P1tZs13g5OTjuEPDXTQGIQBMPXebvnLhtopRaY4tQVozp2D9HfiCz254xLB5wV4L48CIjeMgGog+AHOW7pQTv/Mu31VIrk4sadwXSFv+rlMcTVT83QGAvRaIjMsAQgDwAAgAAgQA8EZU/KNJVmiSvdZfZ/6SCsJ3vYWuF62wvTQAxKRYzhuVYtkbpLe8o1BbXB0e+e9z/5+650EfYuM4iAYoAISRJENp61UxWU1PhSRa/6ZQu/oXuH5f9/S5X7u+exAhAHgABAABAgB4I0Nhe5ahsO2SoATrgycUuZFoAANA6YyNUSQtMslsDNKwY+Cs8NOw+VMeRb57GPUGAB0FAN2ZBYC4XLuCBKeWOzMyx7cuCk91tMtUlq9HwHQiAHgABAABAgB4o1Ep9kXRyfanA3Xmvx9fNkVX2MNvYANAFelQ5jS8rqBiKKdh89e6H5rj32fk+FkAZxUAIkhOaLL5qsAE0z5fjen/ZPHm74/fz3/YIAB4AAQAAQIAeJOFy58II4nxmQ13h+rNX/lrqLj2LpuiK+zhNwABoGhGeyjRZ05wrs0Y7/woJtPxHSuGrPjL42ja+b4PIt89jI5fCvj0A0BoutOPRIWlNhSFp9pXBuhNm+Wqus96r2vA5qXIdw0hBAAPgAAgQAAAb0LFP5usTipt2+unrvvu+B3/GNEV9vAbmACQQa5QFzTsCE2y/C9AZzqq6O0AJxD77mF0lgEgkpQHJzXeGJhgf9JPY3lfHl9/xBUAaLjDv6cDAcADIAAIEADAmxRN2VZJtqhyW96SK2t/OH6+v+jKemT4GQGgsHKDH4k0jHbM1pU2doanWt+gQvg9K/xymm4Zm/YRGwBO/xDAVdc/FkKKp527Y8mo7Oa7/HTW3X4a88fs7IbjPf3ZNA77dCIAeAAEAAECAHiTYIP93JBE+xsBOstXcvdlX/nl8qQV9cjx8wJAJMmLzjTe6m8wv6VQm/7nE1N/jN8SZr3hadplccKNb8S+exidSSdAKv4GYp6/dNebyrzmv8pU9Z/I4jYc8Ylj13Sg4fEBgJ4P/2+NAOABEAAECADgDTJKTaPImLAk46/lKuPHMqVwqVtWHNgV8Ni13088XWv4uYvGWQSAW+/7jT+JLZnWOi42o+6mQH3dHpm6/gt+WOwOd+xRuAoev3XMvkdsHIbR8QsBnToAzDp/ZwApm37u9uunLtj6csnUTi4ynd3KmaYpbgNhRd81na7rO7DfWvz7hggCgAdAABAgAIA3oOJfSGrjMowvKjT1X7HCL+MLISt8bietrIfXzwsAEaS0tGrTLcH6+lfl8bVf0P/eD73DdJ/v3vua9P/+YXaaAWAUuX/SnJ6/6fIb/xukN3IKNVvP/MihHZHvGkIIAB4AAUCAAACebPqc7b4kUp9nnxuXbn40LNH4oVxdf4Qv/DG0QmanwIkViZHkLAJAxvjWRHKjMrfhET+N6d+u3eD9hjvCufoAiN8LIKW0QUaKU8uars4c13YgeXTrkbBk69ERdKz/VBAAPAACgAABADwZFf8QkqrMbLrGX2N+S64ysq3gY3zhZwEglq2U3cvmCSvqkeMsAoC/rq6M7KcC+q1MZT7quskPG1a/YY9grrMA6ikAGCkAGPsHAD9yi6HI8VZ4qvU/Cq3pGP22x1yHdQh/VT/x4Q4zBAAPgAAgQAAAT5ZUZEtMKrTeEJNufshPY/yUP/bPrnzHigQr/iP0HPgTnEEACDPUjCLnBelqG3zV9e9SURSmlwUAD5jWPtgeAD+tifPXmTpJbwBIKW0cn1zSsC4+y/5EZIrtPwE667fsaoau0/yEDo0jN+ggAHgABAABAgB4MnWOsVyVbXw2Oo22JLW1fFGRq6xULFhBpWLB94AXVs6uY7Qjh7tonGYAUOc6ZFT8s0ITanYH62s5BRsGf7Ef1wV/XD3i2bHxETitIuRqtvvfTAHA3Bmgt/QGgOSSxnUUALjIFDv9jvRbxtk4WayVpo/WL/yNjEb0dCIAeAAEAAECAHiiWeduDSAJySXNSyNSLK8GJpiooLgKgkxFxZTfJU7LY98txZNX1sPLPV6nEQCo+IeRxTEZVmdQQv3bvpo6Puzwu8LZ5/npdP8PjsBpFeHqBGg+qRNgQlHjOn1hAxeWTEWf/x3dezjYNLLCL0zjyJxOBAAPgAAgQAAATzR+xqYIUplU7LwnQGf7s+uGN7QCdhcGT/ITAUCT1x6kymnKUGbbN8dk2LgAPRVDseF4mFOdBaAuaFynzm/gQpItop8b4RAAPAACgAABADxRZLJVT6pDDJaXFSrzZ3wRFV8hj3w/EgCo+CvIYmVOa2d4sv3PgQlm4V73IsPxMKe6EiALACoWAJIQAGBwIAAIEADAk4RprTIS7q8yjlco6x+T00q39xrwfXf3e5JTBICscZuj0sZ0ZahyWltjM1uOBultxzx2L4eIU90LAAEABhsCgAABADwJFf9gMj1Ibbpfoax5Q8Y6hcWyzn5s2RNdIY98pw4A52aUd++ISW/6c6DOesxXbT0mV7Ki6CWHAH5kDwB/CAABAAYJAoAAAQA8xTU3Pxk0emq3ITzBenuAyvicPH7DRz5x6ykA1BwPACd2yBrZ3EXjFAEgc+ymOzPKO7noNAe9p46Tx5uJ0DFObHge5lR9ADR9+wCIfG6EQwDwAAgAAgQA8ARU/OUkec6FD86JSrFvlcfXfyKLr/3GdaofK6JCMRVfKY9MPxEA0sudd6aNcXJR6VbaWmZ39qP3sR7x7FFseB4GAQCGCwKAAAEAPMHkeZt9K+ZunlE6dWNtRLL1970XveGP/dOKlz82fsKKeOT7iQCQWt58Z8qYJgoAFj4A9L4XAWAkQwDwAAgAAgQA8ASaHEuAPt92hybH+m5wgunL4wGAEQopI75SHpl+IgCklDvvTB7TwkWm2Wjr3/1e4VFseB4GAQCGCwKAAAEARrpr73g+c+WNB89PKml5KDyJCoaWFUJa1vpyF0hPdMoA0EoBwEkBgN3+VuRzHg6dAGG4IAAIEABgpKMAsPrqW597O7ei+zOF2uTaGvb0ot8XAsBJAQCnAcJgQgAQIADASLX2gYNBJHbGBXtrJi98kNMVtbmKJX/cny1rJ618PRMCAAIADCkEAAECAIxUVPzjSbE2v6U5SGvlfFXC9eARALwCLgUMwwUBQIAAACNV9oTmsdnjm6vDk23P+sRS8Y8Ttv7FVrzHO2F5Dve4n00AEBueh0EnQBguCAACBAAYqUal1q8gbwfpTZ/7xFMx6L0jnAjxlfHI5h53BAAEABhSCAACBAAYaTQZ5iiSFWow3xukN3/qpzF+6yp87mWsXzH0dOgDgD4AMKQQAAQIADDSqNLMKcpU04WBWstmmdJ6hF0BT6bcQMtWDel3P3hvINkAgJsBwfBAABAgAMBIsfr2/TLiF6ozzwxQGrf6qoxv0VbiUf7Kd72X+2XL2AkrXM+HPQAIADCkEAAECAAwUuRWOEPyKpy6YK35ZnmM8WP+Nr9qWqZYgYxlBZLdBY+ee8mlcHuLBvoAoA8ADCkEAAECAIwUyhxLkTLbsiE00fS8PL7+G9cWP61U2WPvHgB6jQAgPjwPgwAAwwUBQIAAAMNt9JxNASROnWdbMSrd/BcKAPzxYb4w9vb8F479i690PZO7mCMAIADAkEIAECAAwHCj4p9ALkssa9kclmj9xE9DxZCtTN1b+15W+Hq5pwkBAAEAhhQCgAABAIZL/qR2GfHLmNhaRlrVBU1vBWitX8vYVn//wu/NziYAeIFTBQBcCRAGGwKAAAEAhgsVf18SHZtpnxOWbDkQlGD+Uq4y/cAXRPGVq3eSagCgLeZTBQCcBQCDCQFAgAAAw0Vf5IgiU6PSLPf7aerfkbHlhx3v54/5SwgCAAIADCkEAAECAAwXVZ4tjTRFZ1j+5q+t+1oWX8vJYus4GevxL75y9U44BIBDADCkEAAECAAw1C68fHcwKZ84u+sWVa7ttdAkKgT8+f4UAKj4y/hDAOTEzlXex100ziYAiA3Pw6ATIAwXBAABAgAMNSr+amKecd7WD9R5jq/lqlq++Ltu8ctWoqb+K1Xv5C7mCAAIADCkEAAECAAwVCbM3SwjEWNmdpWUVm3alT2hnYtIoZW8u/j3vdBP/4LnzdAHAH0AYEghAAgQAGCoUPFXkOSM8W0LQ1Js+311ZuGCP2y5EVag7k6AUuoIKNkAgJsBwfBAABAgAMBQic1yBMRmNSyJTnd0++usf/FRUtFjxe+Ego89AO75hT0ACAAwOBAABAgAMFRCEq2hxBaUYOX81FZOFs92/wuX+uUDADsubCboA8CgDwAtHyKfG+EQADwAAoAAAQCGQtH0rul5Uzrro9MbXvXXmDk52/XPLy99CxtbgUqk+DPu6UYAEAkAjRQArKKfG+EQADwAAoAAAQAGU+aEFjnxp+J/f87kTi42s5GT01a/TFlDy8oDhN3kp19xkxqpHgI4nQAg8rkRDgHAAyAACBAAYDBR8deQ8crcpo2jMhq5YL2VAgAVPL7jn5voilQ60AdAPACgDwAMEgQAAQIADAZ7x5v+JCK/smOSvrjhl0EJ1gM+cbTlH2d0XemPDwHC8X/xFal0/EgASBrtzQFA/CyA3j4ACAAwSBAABAgAMBio+CeRBaNn9dQG6EwvKVT1H/Bb/XF1/OV+fVgI4IPACStPaZLsHgAEABgeCAACBAAYDL9Ye3D8NbceNOVWbHqJivwx18V+aqjI0SMLALH0yJ73vQaAVOEQAAIADCkEAAECAAyG1NLWxSklrb8dlWb/VEZb+exGP64AQCvJWFbw6Hn8BmGZOWklKi1SDQA/dRogAgAMEgQAAQIADKTyqp4YUhaf0bAhRGf53F9touLPAgAtG3wIYMWOHfun50ohAJx4GpV0uIvG2fQBEBueh8F1AGC4IAAIEABgIFHxn0y2Gwpb3/FXW47IlFTsTyhetJLsvdIfW168o5idFfc8OZs9AGLD8zAIADBcEAAECAAwEKoW9YSTnIKKzrUZ5R3vK7ObODlbIaKT309DH4ATAgC7FDAOAcBgQgAQIADAQKDin07WZk1o2x+eZv3CT8dWhhuouLEL/py0koS+EABOCgC4FwAMJgQAAQIADIT0MS1l6WOcm5W5jr/66Yzf8suC+za/4itKcDubPgBeAAEAhgsCgAABAAZCgM5YQQ75aYxH5ErjMRnr6BdLK3BW2MRXlOAm1T0Ap+gD0HsIgPUBEPncCIcA4AEQAAQIAHA2Lr/ugJyE5kzsTAlNsi721RptcnX9e+ziLjK2ImRX+WNFjT3yN/mBk7D5wop/bwAwUwAwoxMgOgHCIEMAECAAwNmg4u9HNBQAFlAAeMZPa/qOVuhHffi7/DG0MnQTX1ECHwBYUBLCEgUAGQIAAgAMOgQAAQIAnI20sa3RaeWtK7QFjT3BBtPfFep+BQpOi4zdGZG/JwIVjzhjBz2iEyD6AMAgQwAQIADAmSqsdPomFDemawoatsdl27lAHStk7Mp+7PcXXSnCKciUtCXM7wmg1/H1HdQmoQAgfi8ABAAYbAgAAgQAOBNU/IPJ4sxxza0xmbY/ByeYOV8V/e7suv787y+6UoRTYP0l+BAQb+ZkZ3IIwAtgDwAMFwQAAQIAnK6LV+8Nrlq8JTm/wrkxvbyJi2DHaGNppee+sQ9bAZ54PHT4nbByZq/d+rb3/7tY26na+7b11+/vwjixY9+MXG08ptAYf/DVmI/4axzfBmgaWki8e36nlDuFAGBz7yE4aVieDH0AYLggAAgQAOB0UQCYsejyXfWpY9p+F5li5/w1rPMaK/70uzMjsTC5CyaPvXZzt7mX275/d7eLfUbkvfx9Dtztfd9z4mu2xeunNXOBBisXRvMvMt1xZFRm43+0hW3v5VRs+13htJ13FVXtGuWe364A0MJFplpd85n/HmGY/afTAyEAwHBBABAgAMBPGT2p05+Ezb54+7rpF2z7m7bA+aVPHK2c+fv5C8f+R2phYuN0QnGmNv7UO3e7G3vdV99DGmw4fT7DHoXhydlxbE09F6A3cSFJVi4wwfw/marunzJV/QdytekDX63xA/8E4we0pf+uXGV6KzDB+lZ4quOt2OymtzQFztcNJW2/KZy29cGFK59qWLbm0EUk3D3fU8c470wZ7eSiUtm8ZndS7PPdYtPqYRAAYLggAAgQAOCnUPHXkQmG4uY2VV7jf4MTrUdOKKJ9C6z4SnH4sGWSvxyxu6Cz12y8GfZ34ToFbNx729l72PvZ5/p81v0Z/nP1HDvzISjBxI3KtHPJZU6ubPomLndi++vBCSZrsMGyISazcUNqeceG4umb79cVOa+iADCfAsB8CgDzKQDMpwAwhwLAjMKpWydTABhDxT+R+Lrne8aYtjvTR7dx0ewQQN9xRwAYyRAAPAACgAABAE7l+rue8SXBaWXOioS8xnVBCeZnewu9p2DFnN993icA8O20sman4CnNvN7CzmOfraWt+1rOT1PLRaZbOXV+0/dhybZ36e8vMjJl/Yu+mroXw5LNL2oLm14snrbpxXlLd744Y/FWe2ymbY4qu6GysKKr8oIrHq9ct+HVSUQrNo/76tz6RgwpvP2ep8tmLuouyxjd2mQoaOEiUigAuK+v4A4AXuBUAQBXAoTBhgAgQACAU6HiH0FS4vMa1vrpjIfl6vpPPK4AsfFlhyriqLAz/NY74zr/XhFv5nzjLZwsjnW0s1KhNQnFto4L1Ju4qGQbN+6crdyyXzzx5bTzdtfS5ysYCgAVFAAqKABU6AqbKoqndlZQAKigAJAfm2FTUgCIpQAQSwEglop/DAkSm8d9UfGvIjsoAByYde7mA2llze+GJpo5Py0bX/d0EC8JATgLAIYLAoAAAQBOJWdiZ3bOhM6V4am2PT7sVD/2+3pkABCKP7viHhV/OW15+ulMVODNRwI15n+HJTj+GZfZ/s+odOefFDrLAR+18TEKAY+FGCyPKTMaH5u3dN9jd294dQeZxeaLs+t1+S/vfdb/sjWPR827ZE985sRN8ZrCFqW20KEpqerOmbxw15TSGVurUsd1VsXmNFbRd1Up1KYqChxVND6ktspH6VYntNVXzV+2e8MN6w58umTlHq5sagenyXVw8r7znYq/DAFgpEMA8AAIAAIEADiV0ATbBeS3/hrzJ70rOI8sPrRcsvGmrX85vfbX1nNRaWYuNtv6eWSa7ZWksvb951z88P55lz5aYxjdMZkCQAEFgIKQBEsBBYCC+RfvK6Din0tGUfGXEf9f3nMwhgJAydxL9kylADCVAsAMCgDzKQBUUwA4RAHgNQoAr1EAeI0CwGsUAF6jAPAajQepfY2Kv6BOaKt/LSzJ8jdtfuOR+OwGLizZxgVQSOnbx6L3okHuPgseDocAYLggAAgQAKA/VXqthswM0dc3+qlNX8nZbvG+neV+zIkdos4SG457eWLDZY/sGD57Tn/vHQ/3c+I+fs+PQx1tXTL1XFiqlVMXNh6LyrD/NVBveS4y1XowPsv2hDrf9qCmwOaMybLfmTO56/qVtzxz/dr1L88i4Rdf82w8Ka2Yv7M8odBRnjGubUbOpE2LtQXOxREpjvPDU+wXjcpquDKxzHm3vsRZF5nuqAtJsppDk8yNusLmZ7IndH6TPLqdU+W3cPRezldDwYPmoeuSvzR+fEEXuAs8v4VPj+7TKvn3Ce8VuC4aRG08ajuBu/0siP4Ggw+dAGG4IAAIEACgP1b8yZPhhtoP5aq6o67ibyXsUaSA9CW+UjxDrHj37bm/gTxARZB15qNx4Hfn03fRIyuq8jgqru7d/FQo5fRZBevAR8NhF9KZcsH2H8rnbNmZMa5j1awLdiy/bPXD86cv7imiAKCnAKDMreyKpQAQy4o/kVPxH0dqJs3baaUAYKUA8AQFgHcpALwbnuz4q7/O/FcqXn9XaE0fko/o+UcUNj6mefWJn8b4ZaDefDRAZ+b8NCYaDzaONK7ugNKf+xoK7uP7wmsZK/h9ij8fAHrb2HwQ0e//8GQ0fDEnzf+hgQAAwwUBQIAAAG6FlZ1askiX39AYmWT8MFBX971MWXPMtZXNTkU7jQAwIKjQ9Z56R9/NFz0KBHwhZQGAHt1byTRuMnpPWKKNSyxu4/RFzreDEuo3+aprGv3UtY2ZE9oa51z6YEPVkh2XjJ21pfC6W5/MtjS8kn/rr55buHTVI1ekj2m8Ili34Qp5bM0VPrF1V9A0XqHOb63PmdR9yFDsfCUyxfxKfLb9Q01+IxedZuWC9FTUqXCJjjdfoGkrva/ewk6f6Q0u7L1suthzmg5+q59h0+TCF/o+/1MnYvOG8POEYc+pvfczbPhi3O+h5yMA+gDAcEEAECAAgBsV/0rybEKx87/+OtsPMmX9MZlyPf2mbMXGAoBZeD7Y3MsSK5JUBFy3yqXnVPz5rWZ6Tyz9nR0mULsetQUt3OyLHuKWXPn4tknztmdTAIj0V9dFZk1si5y7YnckBYDg8plb/K5f+5TvzXf9JvWGO57dtPSqRz7LGNP4GQWAzygAfEbD/IwCwGdylfFLhbruW1913XcuNT/4qtdzvsoHON/4B6g4s70T/cZZKLJiAYAPAbE03vxlk+k1w9pZMeYv8LNBwIo5m25hmPyhEDFsmlkIYOPBsM+40fewoMbPK4bNN4Y+N+ICAG4GBMMDAUCAAAAXXbVPRS6YMHdLi6Gk5YOoNAdt5bKVL21d81ua9Luywiu+whsE7iJGj6xwsS1nKqABWgsXmmj7PjzJ9mFYkvUVf71po0xTt0GmqluvK3KuX3DJw+svu+HAyitveaZw7rI9+aOnbxqbMab9fEOB8+bwRNvNVHxv9okz3RyR2vhA0dTu1wunbOJiMyycv6qGL8p8keb3ctCjsBteTtg8kFGhlcVv4IkWUb7AsqLu0lts+S18htqEvQDscMXxPQPu97Liz4o6PXcP86TCL+j3/3bieLB5xvQNAQz7G723r76fGwbYAwDDBQFAgAAAVPzLyFOTF2w9GsXfeY4Vwr5FhIWAB6iNbW2KrvQGGOswZyVsHKjgxtL3xtZy4YlWTpPb/HVSSetLWePbjTkTO8rmX7pDUTClQ0Zbk7LLrj8gW7X2Gf3Vtx2cRQHgSgoAd1EAOEAB4CgFgKMUAI5SADjqozQT+h5WBN273mPZdLI9HMKeBmF3vWtLvf/4ncIJAYDNMxpvfqueYf8bbL7SsBlW+Fng4PdssO+lv/Nb9kyfYYoV/94CzobH5hFDf3MTgkZvGODfw/7W57P859nwhs9p9QEQ+dyIhj4AHgEBQIAAIF2FFd2hZHTepE235Ezc+MeEkhYuIMG15X9iYaHftXfrVPjbiR2ffgRbKdLnGP7YNRsetfMrTDZc92tWGN3t9ZycnsdkOLiscW1cSpnzD6qcxi5VTlMtBYCbk0tbl4+euWXBJTceWLz0+icvShvfuiIyzXJdeLL17uh0hzU+p2lrbFbjI1FpjmcjUxx/i0i2cwFaKrL8MXb2Pazosu9lrwm/JU7t/N9oHNyFk293vYfvgU9tchpPf72VC02xc6OyHJwqv5EzlDq5tLFt3+dO6vg6saTlzQCdabtCbez21Ri7/bTGbn+dsTss2do9KrOhOza7sVuZ29StLWjpTihydhuKW9lz56hMR42mqMmSMamjM3G0szE6w7E+odTpyK7o7O4rY3zHRm1BkyU+p8GYUNLcnljm7E4ocXZrC1u6lXnNNPym7uiMRvo+e3eA3kzfbe721Zq7FRoT0xNksOyl73reUNr6aeLoVk5T0MTF0HREpFi4wAQTJ+cPqbDfoM+84H8XN/pb30Di/p1PeM+Jv2Xve/nXx9/H9gAotBQCdMZOcjwA5DvWqfMcrj0AvcuRx0AA8AAIAAIEAGlavOph39KqLfrcCZuuTyhq3UeF/599V84ubIXNflP26F6pC8RXfiLo8+x4Nd+rn+0+p2HxxZYNl20ls9esI5+ZHXY4RgXrGBXN7xTq2i9Txzi/mL909xeLVzzUsfwX++csuuShTGW6NSxYbwqbu+KRtFV3PHfbeVc/vjtlrPPpiDTLm1RkvwrUmV1b4PwWcN+tefo+/jvped8AwL82UTEycb5qE3/uvZ/G9B21f0HvIbWk7gsaJjF+4auyfBGW7PgiPq/5i5Ty1i8KpnZ+MWFuzxczl+z89IKVe/4++6IdPfE5jReFJNnnR6Y3zY/JapmvynPOL5rWPX/6BTvnz1u+a/6SVQ/NX3XrgQU3/erZBWvveWr+3eufmWJq/m1OU/frY5s3v35BU9cfqhztv89s2fRGZWv34Yt5mw9f3N7zp4s2bn1rfse2P+WbW1/JqK5/ZuodDxyYf8u9z8y/+ran5l/4i8fnz1nx8PzKJQ/Nz6vaPF9d1DA/Lq9hflSmY35IsmN+aGrDeboS55WFVd21left/H3Foh1fFE/r+iJ9bOsX2nzHF5Gp5i98NbVfyFQ03UozTbfpOKXpS4Xa9B39Nj8otPXH5FrXFjwr4mzenXiNAvb70iM/f0lvABTmNx+02Dw/VQCwUwCwUwCg3+mEZckjIAB4AAQAAQKA9FDxDyBlFefuuEad79wVkmh/V6Ex/+94wWfY875o5daX+MrvZHyRX88XA1bkXcWYhscKsPB97I56fmozZyhq/2HOsoe+m3nh7mdjsuy3pI1xrpp/8e5Vi1fsqzr/8oczUoubLqMAYA/Sm+yBCZYObXHrIX2J853wVPP7Abr6f/trTUcUKvYdDG09sg6E9J2uUwTpu/gQIEwLX4QsnExr5wKTGrmY7GYuc2InN2XxTq58ztZngxJta+i9qygAkLpVFACIcRUFgFUUAFZRAFiVMrZ1FQWAVRPm9ayiAHAFBYAVsy/aOTMuuzGdAkAyBYBkCgDJyjxnMgWAZAoAyRQAki+6Zl/K9Xc+nX7bfb/JuO3eAynrrYdmmJpfrt1gf35rdd3BR+7e8MyuOx84uPFXNc/uuKfuN49V1z372L31z+6rb/yts6HzzVuaNr1ZTAEgigKAjgJAMgWAZAoAyRQAkikAJFMASKYAkEwBIJkCQDIFgGQKAMmhKQ2pFAByCqZ1jacAcBEFgFUUAFZl0HRQAFhFAWAVBYBVFABWUQCg6Tb1ikxz/LL8nO5HJi3c8kFmZfvXqpImLjTVxvnpaB6yec7mJz9vaR6zYs8f/mC/u3D4gw8ELIwJvw+FMPY5Wu44X62501dr6Q0A2oKmdZp8Gn4yuzQzfc6zIAB4AAQAAQKAtFy/7vnApav3a2YsffDq0eds2R2Z1vie6xg0K4hsBc621Bn2fADwheB+wnah2+mRFYHaoxQEvpUpTf/105v+E5hg+jhYZ/nH6Kqe9+41vvqerf2NhitveSI/eXSzTh5fr/PTmPWhiba0uDRrW2yqhQvkr5DHhs2+g+2eryEsaNAKmBX8eCunUNmO+mpsP/iqrd/6qcxfBWktX4UkWP7rpzF+RJ95jwrQez5q+3vyhJb3wrPa30sa2/le1YUPvrfmnufeW1f30oZ7LL+NvXbdwcD5l+4OyqlsDxqVYw1etGJ79KXX7lHNWfagZvz87bqcio26hJIWXUxWky4kyaZTqOt1svhanSyOqaNxN+poOl3Yc6VLUIJFbyhuSkkqaU4JSbImXH7jY5fe8cDBP9967wFu9W2Pcr+49VFu9dr95HF6TdY+xl1722Pf3lx98I9r73uxY+k1++fI42n49D19se+mwCWoc30ffa8s3uSiNOkUGpMu0GDRRWU267RF7ToKPbqxc7bq5i5/SDf1/F2xkZnW4IBEU1BEZkNQ2aztQUuvPhB0yz0v+m9wvKi+33rolpvuPbB/5qU738iZ3vlebF7je4EG23sylZWWIROpe0+urvvAV1/3ka9mw398VQ98JYvf8BUFr6/l8ebvFUrrUXmc5Ygs3vKNXGX5yk9r+yo4seGr0KQGZ2hyo9K9jGoLnOsIBQDWH6XPsuQZEAA8AAKAAAFAOqj4y0j+stVPLU8b17ElOsPxV3+t5b+urXJWPGkF5t5tK75yO3P8FiAFAH4rkLYW2XH0+LpvfZXGv4QZ7M9kTujsKZmxpUaT23Ll6KotV/1i7YF7LrnuEfuU87ZsShnT3K1Q1ndT8dosU1q20hb+W0E6I+dLW1quDoKE/x4WAtgeBiO/JyEkwcZFpTq+VeU0fk7eUec0vjBmZs8Lc5fve7pgSte99P4lFACWUABYQgFgCQWAJRQAlkxb8uASCgBLfmV+ZXp9y+sF1915sIgCQFn25PYydZFj/Lkrtq++ZPUeGwWAtvHztnVTAOjWl7R0UwDopgDQTQGAxrW2mwIAqSP13TRfXeKJstdmucrYw7DnMVmOZ3IrOj7Pr+zgsie2CtpIO2Ft7VzWhPYfMsdv/Hfy6I4/R6baH6N52E1F/wTsu6n4C+pc30lo/rko+X4A3RQAuqMymrspAHTT/O+mANA9Z9ne7imLd66NzLBOCEwyl1EAKBs9a3sZBYDSX977Yrp94+tJFALG3PzrAzMpAJxLAWAJBYAlFACWUABYQgGA1C1RFTT9Im/qpntTRrds0eY5XghLNL2oUNb+jsLXJ+FJ9m9DEuz/CNbZ3ghLsL6izWt+oWzGthcmzHvwrvHzdo1yL6fa/JZ1mvwWLjSJnXrab3ka+RAAPAACgAABQDrOWfqQYu7yh8+dunj3xtjsxj/xPdbdxd+9W57fqh5IrOPfes5XU/9tgN7yub/G9J6fqv7VQLVpizqref3cpQ+tXbnmwKVUoMerch2VicUNV+ZMat1cXNXxpa6okaMA4Cr0/PF8Gl9avqhwcv5aM3+Z3Yg0Ow3X/E9fjeldP435z8F6y+GoFNvrmtyGl9LLmw9kjXN2501sr1l541M1lvY3q+uaX59xw10HddPO26PLq9hsKJq2KSOvcmN28pi2nPjc5tygRFsuBZKp8y7dd/nkRTtWF0zpXKMubFoTmW5dO2l+16NzL972r0kLtn5dOK2bSylv41T5TVxkegMXZGB7HdheDvofiKul+eoKJMfDVZ/QwuYxf0iCTZsbfe4krN39mePY78afnsh/Ty0nZ9/Ffx/bC+J28ufZMXp2ESOaX1x4aiMXn+vkksrauPwpXdykhTu4khmbXwhOMt/upzetCUqyrUks61gzeua26yfO37l88qKdczLGbiyPSLbnaguaclPGOLPTxnakZ0/cmFw0pSNhwaW7dXfVv6KpaXw9w9hyuGzO0r0riio31Siz7HX+6hp7VKr18bjMhpdGpTY8GJ1sd8alWk1FFRtrlv3iyZrVtx9aQsLdyykV/3WavGYKAOzqkzQNngUBwAMgAAgQAKQjNM3uOyq7cW1UZsO7VARYxzYqGmx3OhUIvlCz891FV2pnT+gBHp1hfz+tvO05fVHz/dGptnPjMxqmppY4ZxVObrudinRrfJZjV2ii5clAnenlkETL36LSbUeCDWyPAX2+t5C5AoC/3sjFZNu50bO2cFMX73w/d9LGTm1+022G4paVuoLm82MzHOdo8hqqMsqbK2nY5RQACi6/8akCo/OPZXfXv7j0+rueubVq8Z5bKQDcQwGgI2/yxt0UAPZRAHg4ONFGrE9FpNpeCkuy/jY4wfKqn9b8Km05/z4q3fqhKs/xTWy24/uodAcXmmzjAhMsHP2dCqurI5xrXN3jy+YtO7TCTmukAty34AsBgAWG44Wb/n96P9+fq4gfJ/Ye+jzr58D3dWD/i33a6ZH/vamNXZ6YjXOg3kJF1sJFptm4uJxGFqY+kauNf5CpjK/KVaZX/fXmV4MTLa+GGKwvkIMhCdb9FAAepgDwMAWAXRQAOigAGCkArFt46Z6b1tW+fN19tt9Nq29+I3bu0r1JFAAKKAAUUgAooQBQQQGgigLABAoAZRQAiigAFCxf/WQBFf8E4uteTlkAUOdhDwAMHgQAAQKANNCWop62TCdTMe45fkoWcQcAvqe+KwD09uY+3rHJxd3O9xcQnvMFhj2y18IwafjBtPWmzGviItIdf/dRmQ5Sgd07c8mO9vIZm2/Q5zrPic9qnBGTYV0al2FuGZVmfjU82fo5K0iurWY2zHrOX2fmwlKoyOrNf6XXBxmZqv5goMF4UFvccHDOst0HV974ZNfCS/Ysr1q0teSaW5/Qr177TOrFq54YM27G1gnRBsuEIHXNBHncr8kDE6LTrdOnnb+jZvbFu5/Kr9z8lKGk/aXU8rZ/JY1u/U5T0HI0KqOBC0igLXkNK+a0LJ8wbQxbvllQYo+ucez9e+97+nIV/1MGAHrkAwDff8H9fYzw+d7XQlt/fb+r9300nL4BQPifPHH4wvt4wne7fzuee7jsuetzbJnw05g5CgJcbJaDnT74jbaw5V8Jxc43k8qanx09s/vxRSsf2Tftgj13+modk2SxdRPkMfdPiEs1Tcgb3zLh4qv3Tli3/tliEi22fPalLWhZp2WHAChgnbQMjnwIAB4AAUCAACANFAAuoQDwPK3wPzhxhU8rLUbYUj+xrR++mLl71xO2a5u/gh61M3zhoYKiruUSy5zc3KV7uOmLH+xS6CzjFl22e+nq256oLpzUtS3K0PhyoM78kq+m7rUAbd17AVrj574ayxG5ig2T9RKnYVHRicl0cDkVG7nU8tYWel3OUAAopwBQri1qKJ+zfHc5BYCCBcv3aCgARFAACFp29ROzll71xG4KAIdGJVoOUQA4RAGAPHBIoax9kbbq/y86veGTkCTbJ4EG638oqHxLjgYkWI75UeCQsy15flr7zQueu62vvn//KWKfFyP2/r7DEdP3vT+X2DApwNB8YeHIX2+moGT+gebZt4EJlv8GGsz/Dk2xfTwqq/FfoSkNf5ap7M9TADhEAeAQBYBD+RNaDlEAOETFfxMZK7Z89pVY1LzOUNTMhVP4O2kZHPkQADwAAoAAAcA7lVV1y4l/VJojNSzJPkuhqt3kut583y0+WmGdsJL/Kawws2PxAn43Njv+bOYUSvO3AVrTxwG6+jdkmtrHMie0P3HRlY++dM6S3eZAnWVe8bSum6ecu71dn+98I0Rn4/zU7Hh0HRdsoK38ZNu3IcmOjwMT7IflSuvjFAD20LD3qPMa95TP3rxn8qJtK1ff+pRqwrwtquQxTn3FvO1jJ8zeNic+s3GOPL5+DgUXF3qeOW5j7YQ52z7OHNvOhSVQsWJ7NeIeIBsITTu/i5xNt7DCFp1OOHts74mVXzZksRu4iEQjZyhq4CYv6OEWXrrnb0VTu35Fv8Ec+k3mRKda5uRN7p6TX9k1J6mscU50mmWOLLaWHq1d8dkOLjiRAqHod4xoCAAeAAFAgADgnaj4B5BoCgBXUgB41V9b95GrNz7rlU8rqt5dyCetwE6td/cxe81+ayqoKtYpz8wFJdg+VeU6ntcXOh4ITzVNSCx1Ti2e0nW1Mqux1V9jfiNQb303ONH+L3+d+Ss5FX85FWYKC1xcdhNnKG3/d8r4jheSxnXURGU2TaIAkEkFJFOd35hJASBz6dWPjF79y6eqJs7bUpVc7lxEAWDj+HO2HVZmNh6mAHCYir8LPffTGt8PSzYdCTawgFHLyWk83dfe53fBu3ePn830w6m5lwt+XrO9QTRv6bWr06GJi0hxcFFpTd/466zv0W9wWBa3/jAFgMP5k7sPUwA4nDS66TAFgMMUAA4rVPUf+eloGVH3Gb7nQADwAAgAAgQA7zQqrTGNrAhNtG4L1Ju+82UrU/7Oc2yLmH4nvoifRQDgj12z49Z1RwISTB+HJFneCEywssvu9qSVNe1IG91opRX5VUEJpjX0vfV+GuNztEI/xu6PH5Jo/SE0yfp+RKr11dhM23Oa/IbHDSWt29LGddpyp3X9cuyCbcsWXfbY1IoFOys1hU0zotPtCyOTbUsTilpuzRjbbonPabSEp9icKaPb/5Q2poOLSLK5Cjs/LcL48cV9A72maeWvPsfaWDESppX/uzD97jb4+fj5yQgBoDdguecxaxPa6X1sj0yIwcTpi1p5cbTFH2owC3dKFPpF8OsTYfieAwHAAyAACBAAvFN4omMR+R0V4S9k6g3H+CIZa6EVLFtBuw8DnGEBZCtvtmVHRddXbfxfXGbDb1PLWhtSy9pm54x1nlMwvsWRVOh4LjzZ/H+0df8vharuU1qRf8UuAUxtnDav8bvUMucTo6u67ztvxZ7rrvnl/nMXXronjwKAMmda16jzLn987LKrn6qmANCpKWzePSrD/hIFgPeDE8wfUZD4t0Jl+rdcafrMX2v+lgUKdjogGxc5myZ2Yx2+uNB09XZsY6/ZeAvjz/dxYH93E9phYPDzms3z/gGAYe9hv4nwPiry7BRPdjonu8ujv9rM+bKrA8aa+NMaFfHs4k7C+z0LAoAHQAAQIAB4jzttf50+d+UzC6Mym6/w11o6AnXW//hpaGXMrsPPr3TZsXsqlnxxFFZYfBGk16w4sr0EvZ0Bhd+Tf82e1/Lnj4ck278J0FmeCjVYmgsmde4fO33zk/rCxtrwZFNdfIb1megUy9/ZHgcq3lx6uZPTFjS8SgHAGplqtiQUNhmzx7VfOWPR9gWXX7Nv3SVX7TFnjXGulcfX/kIeX/OL2EzHhsxxGw8kFLe+EZ5q+7/gRMu/g/TmY74aoYC4i4u7oPDTxI41C7v3+QLE0Pj2FiLCb5EKn+t9D2HD6J1elxOuZ8+ohM/R39wd4Nipf+wc9cg0Ozcqs4GLz23kVHmNnKbAwSWWtXCZkzZy2ZM7udwpzCYuf2oXVz67h5u8aPtpq+Dt4CrO3clNWrSTm7BgJztPn8tjw63cxGVN6uSSxjg5XXETR2GJP+OC3ZwoOtPBsbMZwlIdXJDBxi6zy487P0/ce374aXdPZx/839h72O/NuOZJrxM+654v/fDzXSDaTp9jj+7DMvTcdYaEGztjgt0Miu0FoO86sYOdJ0AA8AAIAAIEAO9BAWAjBYD9UVnNH8rVpm/kKtNRvkd7b4Gj5zzhNVuZs6LA9giwu8Bp6TUfAtjvyHajs2P87DU7PXADF5Fu4zQlzn+ri1uuqZyzNXPhhbu3TZm39Uh8tu1rH2XN13Jl/RG50vgDfcexlNGt3HmX7uaWrNxrpOIfGpFiDqYAEJwzvt1/yfKdhotX7Oqcc17PN7ocx1cUAP5HAYD5WqGqOyJX1f9AK1JSf5QfF3782Xiz4nG8IPcWpL56p5O9l3VUZB3SbK5H4d4Arr8TftrY8AkVPb7w8AVJ+Cy7aRC7zj29l22NsgAUlmLnYqjAanKbuZSyNi6Xin1JFRX4WZu4CXM6uHMu2sYtu+4x7rKbnuBW3vokd+XaA9w1tz/DVde/yFmdr502i/N3nLntD5y5/Y+csfUNrqbxj9wv73mOW3XTfu7KW57ill+/n5u7fCc35bwt3KQFW7mymZu5nIoOLmNCB5c2vpPTl7RxsdktXLCBTT9NXyz9ljGEPfJBgKbfXYzd3MsCO0zU/7oELGDxZ3yw1+w3oPnS9/Puecq/1zX83mtMsM/yZ3ewszyE34Bes7+7AoDwGf59ruG5lluPhADgARAABAgA3mPl7S/0TDxv78Gw1IbPWcc8duta1xYtrVhF0e/Fr3iF385dDPnz0ms5tuUdnGjjcmirc+Fle7lzlu/mplyw86vM8Z27w3SOupTSttfTRrd9G51q/yAq1f4nan81fWznXio6tRnj2i0LL9ndM+/SvY4pF+69I2Vc2x3+uto75KraO4ITTDWppS2/T6et5YgkVgjcBcddnITxYePIioO7uLhf8+h1XzStbJr9tBZ+yzcs2c5FpTVwESkNX4YlNnwQkmD7vxC99XBMuv2wvrDpcPbEzsO5FV3Pq/Kb2gINpvUUOu6lQlRNAaCaClM1FalqH6Wl2kdFlNSmrKsOTDBXh6fYqykAVGvzmqvTxrRV51V0VpfN6KoeP7urumLexuq5y7ZXr7hxf/WVtz5Vver2p6p/se6Z6uvverb6fsvL1c2dfzgtTaSRNGz6Y7Wj681q+6Y/VZvb3qy+4/7nq1ff+mT1Nbc9XX3ZTU9WL1ixq7rq/J7qyYu2VY85Z0t1XuXG6qxJG6szJnZWJ5S2V8dlt1TTb1FNBb2aCn81BQDXY1wdTZ+RsOlkjy4RKXZLQpGzJ7nM+XTamNbDymzH4dAE4+FAbf3hQJ3x7ahU2+exFH4iUlkPfTvnr7PwF0ByFX6GhQJ65Au5e+ue/Vb0W/KHjui9vXtjXMsme4/rbwJ+OORHl9sRDQHAAyAACBAAvMc5l+7qyZu66WCQwf45u/Oei9iKtM/vJays+a2+uBp6fw1tBddyCloBh1Ahjctu5i68+nGua/dfuPscv+WuWPsklzep6wdFrOUHhcr8vZ/W/O/wBPvLuWO7d1172/PNGxxvXHbrfS8px8zZmjJu/vb5FYsf3DT5gj1Hk8e2UsGo5Xv/n7Bl6S787jb3+PS+ZluJrLizMwfqj8mUtaw/ww9UJASmH6iY/CBXWWhcbEdCEh1HRmU0HdHktxxJGe08klTi/Lu+oPlFbY7jEV22dUvJZOeWeUu2brl+7cEtv6773QN1ttfGbNn2ShhRiM1TKVlvez2RzLn29oNrL1n92JaJszZtScg2bYlLNW6JTTPvSRvtfDdrfMeRhGLnkbjsxiPhydYjATrz9/Tb0O9gJlbh0fgD/UZH5fH1x+TxdcfkFChdQaAP914p/vdmwcC9d8YdKIT3nbTsjngIAB4AAUCAAOA9Zl+6mwJANwWAhs/5lSm/cqXfhN+i7r+iEray+ELLCjC18VtjdZwyp5EbP2crN2PJLm7ust3cvEse4haseJibfO4OrrCq61ttQfPz/ipzG21hm1PGtNdPmr21adbiBzuqzt/bVTJ9S2tsltUUlmxuCU9xPBif23g4oaT5WGS6lT/v33WFPYZ9N9sadL9m338iOY2fL23VhyVauLgM2zF9QdOnyaWtfx6V5ng0QGveGJXm2KjMbWrTFjkdyryW9VT8byVrKACsoQCwhgLAmqRS55UUAC6iALCIAsDs0snO2XOXbJ19w20HZ1MAmEgBQEXF35/IxOaplFDxDyfJFABGUwCYTQFgNgWA2RQAZlMAmJ82xrmSAsAaCgBrKACsoQCwJibTsS6ptNWcXNrWnFDk7IjJaNjoT7+NrrDlNzkTOz+g+f9fZU4DF55k4/w1bK8U+23p93avL3qXBbb3QCj+/HsEJyyzHgEBwAMgAAgQALzH7Ev39uRP20IBoPFz/phrTI3rmC+/wu23ouJXuGyLi/7O307XxPlqrFxooo0rqNzEXXHTE9yNdz/N3firp7mpi3cciUhp+F9QgvU/vhrje8GJ5kZNUcPFY2dvnXHZ9U/OuXHd03dcsHJfW/Lojr0RqbY/hCbWf8XO8ecPQVC4kMfdz+9dcK3o3ePAVvZmTqGi71Ubv1eoTf+Vq02f+aiMn1AR+Jihto8DteaPlZm2j9NLGz4qn97125nnP7i9sKLrJmVGw9xx53TPXbJq74xb7z84rqbp5TQSJDZfYPC0bvpjNCm+v+65yutu2Td72sLuufHZjrlV5++6f/EVjzwzcd62t7LHd3ysymn+ODjB9rGvqv5jCpw8maruU4Wm/nNfrelrCg1Hffn7KfRZRj0TAoAHQAAQIAB4DxYA8qZuFvYAsN2qrOiyAi+youK3vlkRpgKtruUCE8xcWnkbd+Gqh7glV+3mxs1u54qr2rmiqk1c6YzuP5XP2rI9eXTrvSFJ1lVF07c0jZ+/4wlDSeveUWkN+/TFHS9qCtvepL/91V9r/MSPL+j1nEzFDilsoADArsLHjgmz0MG28Gg5UdWzy8lyqoIWLqW84/3UsRs364pb7w40WFdR8V/BUABYQQFgBQWAFRQALqUAcB4FgBkUAAooABgoABgoAOgpAKio+EcSye/GH2pU/ANILAUADQUAAwUAQ1yWw0ABYAwFgPkUAC6kALCCAsAKCgArKACsoGWSNyq7YU1WZXddduXGJ9MntvwvPtfGKdTu0//67A3wLAgAHgABQIAA4D3cASCQBQB+BUoBgN/CF1ZO7uOu/K5/V6e5IIOZi0izcLTS5ibM2cLdYzzEXb/ucS53koPTFlg5TUEzVzi164Xlqx/dMHPJzkXxeY3FExbu2jJu3g5OmdPkOnVLye7axnrZ1/Gnb/mpLGyr/ohMvf6//traL0P1pi8D1JYPZfHWtykAvE3j9LaPqvbtkBTz21kVnW9XnLtr39Jrn1x+Z91rmQRb8RKxYdM7sWT8hTc8uq7i/K7fpoxreNtPs/5tCgC0jJiJiZYT4zv+evNHFAy/VGhNX8rUxq8UGtP3cv70VlqOe5fpfsv3CcTaRJzYm/9sIQB4AAQAAQKA9zgeABxCAGC7/xm2AmS/DQsE9EivZUoLF5LYwOVUbOLGze3hSqZ2c2Nn9nCzL9rNLb3mEe6aW5+kIHCAW3PX09zilfs+zq/s+qMyt/GAXF23JyrD/n/s9rHBtAUvp2EpaMueYcd3A3UmLjqtgYtKsf0rSFf3kqGw8dC4GVsOZZVvXE8BYCEFgIU0XgspACwMTjEvzJq8aSEFgCkUAJKp+EcQbMVLBBX/QBK/5IZH8ykAzKYAsJACwEIKALSMmIlpYUiSbSkte03F0zYfistpOESB9Q8R6fbPw1LtHAUCKrjuZZsIAUBOoVROAbe3Eyx/CIweGX4PFMMOf7kJexvEC/qZQgDwAAgAAgQA7+EKAN39AgD9Jvyu/jpOptrAKVS0ha5hN+BpoK37dir+27l5l+zlFizby81YvIsrm76FO+eiPdwt9xziz13/tfEFbuGKvZwqr5kLSaKtfBoOOz0wMMH0Q4jB/N9Qg+XjEJ31b4Eay59oq/+10ETLy5rc5pdV2Y27Iwym2tLKTfdfvnr//SuvfaJCbJwBfsyVNx4IJedecMUj96eXt94fkWqxx+c17R+V3fiyn970slxT/3s/rfHtQIPpH6Epls+CDeZvAmn59mOnwcYLt5fu7WjYh7v484elhADA7yn42RAAPAACgAABwHuIBgB+xWal4s92+ddxQQkWLjq9kUufsIkrPWcrl1/ZzU2ct51bfdsBvtPfosv3cBULe7jCaRu53MkdXPakjeze71yQwch26/OdBdn59QlFrV9nju84XDCl86HMCV3mhNKN14en2OeFJFoqKQBUUgAopwCQSwEgh4o/Eys2zgA/hoq/L9FQAMhJK2/NCU+1FCjzmsaPym6opABQGZ1hv8BQ7FybO6mtrWxGx29Sy5v+Hpdt5UIMrPizIs+KMq2X+MJP/xNsbxi/B8x1jQI565vCXwfjhCL+cyAAeAAEAAECgPc4VQBgt2cNTLByEWlWblS6g9PktfCn9C1cuY/Lm9zF5U7s5Hf7X37j49yMC3dQ0W/jQpPqubBkM3+cPzLV9q5cVbOfVpz75UrL/vjslv1Z4zftHTenxzxr6a7rZyx7eO70S57II6Fi4wUwWGactyuWlM25aPtFC5Zvu7tkelubtti2PyzFQsuraT8V5P0KrfE3kakN/2KHpgK07NAAu+oj/V+wQwWx9BwBQHIQAAQIAN5DPACwc+9NXEyOg8uoaOUSS5q55KIW7sKrHuZuuPsZbuyszZyairyusJXT5LdyozKauLBEGxegruOS6H3TF+3mKubuaKMAUEQBoIgCQBEFgKKscZsKxs3uSacAoKcAEMuKP8HxexhSVPz9SPjci7YrKQAkFU9vy9KV2IsoANDyaiqiglykL2qZO+GcbfvLpm7mYtIsrhsNsb0D7OJDsfR/wq5AKF7MzwYCgAdAABAgAHiPucsf6imYsvlgcG8AqOP8dSbakrdxhrJmrmhGB5cx1smllLZws5bs5Jas2vd9fsXGf8ekO/4Rl9n8fnRa8x/91faH5XGm7X5xtdszR7dtv2DFY9uXXfnEhWLfB+AJzl32cDxZM3X+ju2qLOt2CgDbfeIt2wN1jqdi0hr/Ep5k+4evxvihQmP8kt3wib8PAX/orK/+hb5vO1vv9f4NAcADIAAIEAC8x8Klj/QUT+45GEoBQK4088c5I1LtnKG0lcue1M6VTu/gsia2cYllTmpr4bSFjf+LSrX+Pj7L8fj4WT2P0pZUbfa4TRMpACRTAEimAJBMASCZAkC02PcBeAIq/r5ESQEgmQJAMgWAZFm8Jbm0snvRjAXbNuZPaH88LMn0dJDe/H/BCbZjvhrWd4CKO99ngGHPad3mxl9hk7UJ7ezsGna2Dd+OAOAJEAAECADeY9HF+3qKKzcfDDHYPmc3xQlJsnMxWY1cQrGTy6/s5CbN33K0dEbX2xkT2ver8ht7QpPMtkCd8TZllv3qmYt3XHXpNY/NIqPEhg3gbZau2JtEloyt2nR1ZIrp2hCD+R7632kJTbLtDE+1PaPKb3lfV9TKhSfbOF8Vu5AVK/C0juuLP82WcbchAHgCBAABAoD3WLhsT0/RlE0Hg5LMnwclWTllnpM0c3FZDVzhlE3c3It3f3/ORQ9umbJ450WjZ20pDE00R1MAiIjPsofNOG9HKBX/ICIXGzaAt6Hi70tCxs/oCgtPNoZRAIgMNdhHlc3oGj9pQc+qmRc/eGDakl1ccqmTC9aaOF+2N4C/HTIr+Gyrf4PwnO0J4Lf+EQA8BAKAAAHAe6y6YV/Puct3Hiyf2f157qTOw4ay9gZVXktNbKajhgJAzbzle9eTC+Ys35tFosSGASB1cy7eqZyzbFfxgpUPrTxn2e6a1NGtNSE6Uw0FgJpwg6VHn2/7QJll4fw19ZyC1nf+6nrOT1X/CoWAejJVbJgwsiAACBAAvMd99z3Wc8dd+w9ef8uTn6++6amuK67br1PnOxUUABQZ49oV85fvVcxdvldGxV/yd74D+DEUAmQLVz4kX3TlwwoKAIrwBLPCT2lSzFjYUXnOeRtfKJ3s5MISbFyAysiF62q5CF2tMVhTG0QBAP9bHgABQIAA4D3uv//x+evu3n/xDbc+ddN1txyYR8LE3gcAZ2fO4k49uaS0svV2CgC3ByiNt1MAuD1SXzuN4DRYD4EAIEAAAAAAKUEAECAAAACAlCAACBAAAABAShAABAgAAAAgJQgAAgQAAACQEgQAAQIAAABICQKAAAEAAACkBAFAgAAAAABSggAgQAAAAAApQQAQIAAAAICUIAAIEAAAAEBKEAAECAAAACAlCAACBAAAAJASBAABAgAAAEgJAoAAAQAAAKQEAUCAAAAAAFKCACBAAAAAAClBABAgAAAAgJQgAAgQAAAAQEoQAAQIAAAAICUIAAIEAAAAkBIEAAECAAAASAkCgAABAAAApAQBQIAAAAAAUoIAIEAAAAAAKUEAECAAAACAlCAACBAAAABAShAABAgAAAAgJQgAAgQAAACQEgQAAQIAAABICQKAAAEAAACkBAFAgAAAAABSggAgQAAAAAApQQAQIAAAAICUIAAIEAAAAEBKEAAEgxEALl29nzvw/N8BAABGHFajxGrXz4EAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBCAAAAAAShAAAAAAgQQgAAAAAEoQAAAAAIEEIAAAAABKEAAAAACBBHhkAAAAAYOQSbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2AgAAgHcTbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2AgAAgHcTbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2AgAAgHcTbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2AgAAgHcTbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2AgAAgHcTbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8G6ijQAAAODdRBsBAADAu4k2AgAAgHcTbQQAAADvJtoIAAAA3k20EQAAALybaCMAAAB4N9FGAAAA8Gacz/8DA6+zSJMsMSQAAAAASUVORK5CYII=Dynamics CRM PortalGE.PEllipsefalseAnyAnyfalsefalseSelectAzure IaaSGenericHost TechnologiesVirtualDynamic97da4742-4e59-441a-994c-a1490d70dd28ListA representation of a machine e.g., on-prem or azure server that hosts an applicationfalseSE.P.TMCore.HostCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAARRJREFUOE99ksFmQ0EUhtOHKCGUUi6hhEieoVy6CiGrkG3IA2TVB+hThVLyDN1eSghdZTX5P84fc5u5d/H558z5z5kzc+/gYVb/ZydS6F0+pdTCCcwHUYsvQQPU8Vb0NjgKirog39vgXWA8iZWYhBKzT76zwUZ47KV4ER/iOWL2yeMrNriECUbiM9Y0IXYOX7FBPsFCcPJeUEzMfu8E8CYw/gqKnkKJ2SdvbwsvvgXGLsi3Co0X+X+AUoTy+v4PXgXX+xFDMRa3Bjlr8RfqvbmgqT+rdZ4X9sGD0pRJH0OJR3evmiODaQQnVqE8MtoUC40MhsKz4GTujhJXxUIjg5kKTmTsXKfFQiNDDg/JJBRzBcX14ApRBWL6a6sYxQAAAABJRU5ErkJggg==HostGE.PEllipsefalseAnyAnyfalseA representation of Identity Server falseSE.P.TMCore.IdSrvCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAALEwAACxMBAJqcGAAAANBJREFUOE9j+P//P1UwVkFyMJhgNPX+jwW/B2J5dA24MJhAMwCOmc19LgJpfnRN2DCYQDeADGxPFYN0I7J8aG+QgGPYHdWglJ0wvkVi0SJWC7/PyGpgGK9B6W2TM4Fy2iDDAkqau4BsJb+ixg5savEaxGTm8wFI64MMA2IpEBsYix+R1cAwwTASdY1MB8mDMLdt0FRsakAYr0FQ74BdAsJAtjpymCFjQoG9Ekjrg7wI86aEe/R6ZDUwTNBrxGLqGwTErhRiQZhBFGOsgqTj/wwAWDijBcYFCvcAAAAASUVORK5CYII=Identity ServerGE.PEllipsefalseAnyAnyfalsefalseSelectGenericNodeJsCSharpIoT Cloud Gateway TechnologiesVirtualDynamic9c1cc117-8938-40ca-bb0a-23d6002ddcf0ListfalseSelectAzure IoT HubAzure Event HubsAzure IoT protocol gatewayCustom cloud gatewayGateway choiceVirtualDynamic1e48cf4e-8ae0-4455-9a2b-c158693877f3ListA high-scale service enabling secure bidirectional communication from variety of devices.falseSE.GP.TMCore.IoTCloudGatewayCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAHg5JREFUeF7t3S+cHFW2B/CVSCQCgUAgnkAgViAQCGQsMhKBQKxYEYlAIBAIRAQCExGBiEBEICJWRDwRgYhAIBAREYiYfnOo7ZdU95mZ6u7qrntPfcX3s5sTMnPrTNU9v67+M//YbDYAwMqkRQCgtrQIANSWFgGA2tIiAFBbWgQAakuLAEBtaREAqC0tAgC1pUUAoLa0CADUlhYBgNrSIgBQW1oEAGpLiwBAbWkRAKgtLQIAtaVFAKC2tAgA1JYWAYDa0iIAUFtaBABqS4sAQG1pEQCoLS0CALWlRQCgtrQIANSWFgGA2tIiAFBbWgQAakuLAEBtaREAqC0tAgC1pUUAoLa0CADUlhYBgNrSIgBQW1oEAGpLiwBAbWkRAKgtLQIAtaVFAKC2tAgA1JYWAYDa0iIAUFtaBABqS4sAQG1pEQCoLS0CALWlRQCgtrQIANSWFgGA2tIiAFBbWgQAakuLAEBtaREAqC0tAgC1pUUAoLa0CADUlhYBgNrSIgBQW1oEAGpLiwBAbWkRAKgtLQIAtaVFAKC2tAgA1JYWAYDa0iIAUFtaBABqS4sAQG1pEQCoLS0CALWlRQCgtrQIANSWFgGA2tIiAFBbWgQAakuLAEBtaREAqC0tAgC1pUUAoLa0CADUlhYBgNrSIgBQW1qc4t43Tzb/eOdb/iv6sdsjAJb3/PeXm/c+up/u3WsVfUmbNYUAsE8IAGiL4Z+L3qQNm0IAyAkBAG0w/K8X/UmbNoUAcD0hAGBZhv/Nokdp46YQAG4mBAAsw/C/XfQpbd4UAsDthACAyzL8p4lepQ2cQgCYRggAuAzDf7roV9rEKQSA6YQAgPMy/A8TPUsbOYUAcBghAOA8DP/DRd/SZk4hABxOCACYl+F/nOhd2tApBIDjCAEA8zD8jxf9S5s6hQBwPCEA4DSG/2mih2ljpxAATiMEABzH8D9d9DFt7hQCwOmEAIDDGP7ziF6mDZ5CAJiHEAAwjeE/n+hn2uQpBID5CAEANzP85xU9TRs9xVIB4K13v9t8cudBOY8eP79qa95rgDX769Wrzd0vf0n3zp598PGP6Zy7hOhr2uwplrwD4BEzAD1b+o5GrCFd2BRLPwUgBADQoxaezoh1pIubYukAEIQAAHrSymsZYi3pAqdoIQAEIQCAHrT0QsZYT7rIKVoJAEEIAKBlrb2LIdaULnSKlgJAEAIAaFFrwz/EutLFTtFaAAhCAAAtaXH4h1hbuuApWgwAQQgAoAWtDv8Q60sXPUWrASAIAQAsqeXhH2KN6cKnaDkABCEAgCW0PvxDrDNd/BStB4AgBABwST0M/xBrTQ9gih4CQBACALiEXoZ/iPWmBzFFLwEgCAEAnFNPwz/EmtMDmWKOAPDhpz+l9XMQAgA4h0sO//g+b7//ffp3h4h1pwczxRwB4P6DZ38P5uzvzkEIAGBOlx7+c32/WHt6QFPMFQDm+lpTCQEAzGGJ4R/ft1QAmOvrTSUEAHCKpYZ/KBcA5vqaUwkBABxjyeEfSgaAub7uVEIAAIdYeviHsgEgCAEAtKaF4R9KB4AgBADQilaGfygfAIIQAMDSWhr+YRUBIAgBACylteEfVhMAghAAwKW1OPzDqgJAEAIAuJRWh39YXQAIQgAA59by8A+rDABBCADgXFof/mG1ASAIAQDMrYfhH1YdAIIQAMBcehn+YfUBIAgBAJyqp+EfBID/EgIAOFZvwz8IAG8QAgA4VI/DPwgAO4QAAKbqdfgHASAhBABwm56HfxAAriEEAHCd3od/EABuIAQAsKvC8A8CwC2EAAC2qgz/IABMIAQAUGn4BwFgIiEAYL2qDf8gABxACABYn4rDPwgABxICANaj6vAPAsARhACA+ioP/yAAHEkIAKir+vAPAsAJhACAetYw/IMAcCIhAKCOtQz/IADMQAgA6N+ahn8QAGYiBAD0a23DPwgAMxICAPqzxuEfBICZCQEA/Vjr8A8CwBkIAQDtW/PwD4sHgBje2Rc9RGsBIAgBAO1a+/APpx5//Pv4OukXn+rUYdliAAhCAEB7DP/BKT1487jSL36IU4ZlqwEgCAEA7TD8Xzu2D7vHtfeFj3HssGw5AAQhAGB5hv/YMb3Ijmv0RU9xzLBsPQAEIQBgOYb/vkP7cd1xjf5wqkOHZQ8BIAgBAJdn+OcO6clNx7VXONUhw7KXABCEAIDLMfyvN7Uvtx1XWjzV1GHZUwAIlwoB8UN78fLV1bfM1wFQ3bc/PE33x7n1NvzDlAAw5bjS4hymDMveAkA4dwjo8WQEOAf7be62ADD1uNLiXG774fUYAMK5TkrDH2DMfrvvpgBwyHGlxTnd9MPrNQCEuU9Kwx8gZ78duy4AHHpcaXFu1/3weg4AYa6T0vAHuJn99rUsABxzXGnxHLIfXu8BIJx6Uhr+ANPYbwe7AeDY40qL57L7w6sQAMKxJ6XhD3AY++04AJxyXGnxnN784VUJAOHQk9LwBzjO2vfbbQA49bjS4rltf3iVAkCYelIa/gCnWfN+G8c0x3GlxUuIH161ABBuOykNf4B5rHW//eTOg1mOKy1eStVPu7vupDT8Aea1xv12rtmZFjnd7klp+AOch/32OGmReWxPyionY6TODz/9aXShAW2Ka3VNv1Ok2n57CWmR+cQvtDD8gSWsLQRU2W8vJS3Cm+KCilSdbTBA2zwi5jppEbYMf+ifEEAmLUIw/KEOIYBdaREMf6gnrulnv724usTz6551SYus29Nnf27efv/7dAMB+hbXdlzju9c965MWWS/DH+oTAghpkXUy/GE9hADSIutj+MP6xDX/5OkfV1tAvi9QW1pkXR49fr55693v0g0CqC2u/dgDdvcF6kuLrIfhDwgB65QWWQfDH9gSAtYnLVKf4Q/sij3h4SMhYC3SIrXdf/AsvfgBQuwRu/sG9aRF6jL8gSmEgPrSIjUZ/sAhhIDa0iL1GP7AMeJ37O/uJ9SQFqnl6+/+k17YAFPc++bJ1VaS7y/0Ky1SR1y42QUNcAghoJ60SA2GPzAnIaCWtEj/DH/gHL669+vVFpPvO/QlLdK3L/71OL1wAeZw98tfrraafP+hH2mRfsWFmV2wAHMSAvqXFumT4Q9ckhDQt7RIfwx/YAmff/Fo89erV1fbUL430a60SD/iwrtz9+f0wgS4hM8+fygEdCgt0oe44OLCyy5IgEsSAvqTFmmf4Q+0RgjoS1qkbYY/0KpP7jzYvHgpBPQgLdKuuLD++dmD9MIDaMGHn/4kBHQgLdKmuKDiwsouOICWCAHtS4u0x/AHeiMEtC0t0hbDH+jVBx//uHn++8urrSzf31hOWqQdceHEBZRdWAA9eO+j+0JAg9IibYgLJi6c7IIC6IkQ0J60yPIMf6AaIaAtaZFlGf5AVe/8zw+bp8/+vNrq8v2Py0mLLCcuDMMfqOzt978XAhqQFllGXBBxYWQXDEAlQsDy0iKXZ/gDayMELCstclmGP7BWsfc9evz8aivM90fOJy1yOY+f/G74A6v21rvfCQELSItcRpzwceJnFwTAmggBl5cWOT/DH2BMCListMh5Gf4Audgb7z94drVV5vsn80mLnM9PD38z/AFuIQScX1rkPOKEzk50APYJAeeVFpmf4Q9wOCHgfNIi8zL8AY5375snV1tpvr9yvLTIfL794Wl6QgMwnRAwv7TIPOKEzU5kAA4nBMwrLXI6wx9gfkLAfNIipzH8Ac7n7pe/XG21+f7LdGmR431179f0hAVgPkLA6dIix4kTMjtRAZifEHCatMjhDH+AyxMCjpcWOYzhD7Cczz5/uPnr1aur7Tjfo8mlRaaJE87wB1ieEHC4tMjt4kSLEy47EQG4PCHgMGmRmxn+AG2KvfnFSyFgirTI9Qx/gLZ9+OlPQsAEaZFcnFCGP0D7hIDbpUX2xYkUJ1R2ogHQHiHgZmmRMcMfoE+xd//x519XW3m+v69ZWuQ1wx+gb+99dH/z/PeXV1t6vs+vVVrktfhs/0/uPACgY/GZLd4iOJYWAYDa0iIAUFtaBABqS4sAQG1pEQCoLS0CALWlRQCgtrQIANSWFgGA2tIiAFBbWgQAakuLAEBtaREAqC0tAgC1pUUAoLa0CADUlhYBgNrSIgBQW1oEAGpLiwBAbWkRAKgtLQIAtaVFAKC2tAgA1JYWAYDa0iIAUFtaBABqS4sAQG1pkdM8ffbn5vGT3zf3vnkCwIxib409dnff5XBpkcP89erV5v6DZ5s7d3/evP3+95t/vPMtAGcUe23sud//+L+bFy9fXW3F+f7M9dIi0zz//eXmi389NvQBFvTWu99t7n75izsDB0qL3Cwe8X/93X/+PumykxGAZfz76yeb2KN39232pUWuF4/6P/j4x/TEA2B5sUe7G3C7tEguTqj3PrqfnnAAtCOemhUCbpYW2ffstxee6wfoiBBws7TIWDyf5LY/QH/irq13CeTSImNf3fs1PbEAaF+8Q2B3X0cAuNUff/7l1f4AnYuncXf397VLi7wWb/fLTiYA+hFvD9zd39cuLfKa5/4B+hevBdjd39cuLfKa2/8ANfiAoLG0yCCe/89OIgD643UAY2mRQfzWqewkAqA/safv7vNrlhYZCAAAdQgAY2mRgQAAUIcAMJYWGQgAAHUIAGNpkYEAAFCHADCWFhkIAAB1CABjaZGBAABQhwAwlhYZCAAAdQgAY2mRgQAAUIcAMJYWGQgAAHUIAGNpkYEAAFCHADCWFhkIAAB1CABjaZGBAABQhwAwlhYZCAAAdQgAY2mRgQAAUIcAMJYWGVQLAG+9+93m8y8ebb7+7j9/Xwjh+e8vNy9evvr/P3/7w9PN3S9/2bzzPz+kX4N9b7///V5f//jzr7Sv8d9mX4N90avoWfTuzb6G7Z+j59F7fZ0uru3dvsa5uoa+xrHt7vNrlhYZxMmSnUS9uXP3583DR883f716dXVY+bFmnjz9Y/PFvx7/HRyyr7t2sYlGX3f7dps4r/T1etHXR48P72v8m/i32ddcuzjX4pw7ZgDGOV6lrwLAWFpk0HsA+OTOg83TZ39eHUp+fFPFIwMb62sRqOboa9x9ia+VfY81il5ET3b7dCh9HYtrd46+xjn/2ecP0+/RCwFgLC0y6DUAxG27Yx6Z3iY2gPc+up9+zzWIvp5jA4k7LWvua9ySjh7s9uVU8TXX/FRWnFNzBNVdcQ30+tSAADCWFhn0GADion/224ur5efHdKp4rjDuLGTfu7IPPv5xlkdR14m7LP/8bH19/fDTn/5+7nm3H3OJrx3fI/velcW5FNfqbj/mEtdCXBPZ926ZADCWFhn0FgBiozvnRf+mNT0lELc9L9HXeI1GvPAqW0NF0ddDX5dyjPgevd+6PkRcm5foa1wTvfVVABhLiwx6CgDxyP9Sw39rDc+zXjJUhdi413CHJR6hXmJIbcX3WsMdljh3LtnXuDZ6usMiAIylRQa9BIB4Pu6ct/2vExd/j7cBp4rnj8952/860dfKrwmIYzvnbf/rxM+y8msClngQEHrqqwAwlhYZ9BIAjnnL1Fzi4q/6drZzvDBtqgh0Ffsax3SOF6ZNFT/TbF29i74u8SBgq5e+CgBjaZFBDwEgbsPvrvvSvrr3a7q2nunrecQx7R7npVV8/UoLfe3hKUEBYCwtMughACz5aGorbjtWurUaj6aWuEW9K9ZQ6S6Avp5HK33t4W6gADCWFhm0HgBaeJS6FR8rmq2xRy08mtqqdBdAX89DX6cTAMbSIoPWA0BLJ3M8AsnW2KMln/vfFY+qsjX2KI5l9/iWoq/n0fprAQSAsbTIoOUAEK/8v+Tbfaao8Pa1eCX17nEtrcI7LeIYdo9rafp6Hi2/g0UAGEuLDFoOAPFCpt31Li1+g1i21p60dDt16943T9K19iSOYfe4lqav5xG/dChbawsEgLG0yKDlAHD/wbOrJebrXkq8DSlba0+WfEvldVo+D6dqcePV1/OIayhbawta7NeS0iKDljeIFk/keDdAttaetPCuil0Vnq9u6XnqLX09j7iGsrW2QAAYS4sMWg4AS37ox02ytfakxQ01XuuRrbUnrb1eJejrebQcrASAsbTIoOUAsMRHfk7R+0fY7h5PK3r99ash1r57PK3Q1/PI1tsCAWAsLTJoOQC0mPyDAHAePX/QUqx993haoa/nka23BQLAWFpk0HIAaPFWdej5EVVo9c5Kttae7B5PK7K19mT3eFrQ8muBBICxtMig5QDQ4olc4TnVFl9b4cVq56Gv59Hyu4EEgLG0yKDlAPDTw9+ulpiveykVNtQWN4gKv8GupU9X3NLX8/DAqR9pkUHLJ/K/v27vA0AilGRr7Ul8mNHucS3t+x//N11rT+IYdo9rafp6Hi1/IJgAMJYWGbQcAFr8CNDPv3iUrrUn//zswdWh5Me3lM8+f5iutSdxDLvHtTR9PY+4hrK1tkAAGEuLDFoOAKGl56vj+f/eXwC41cKvVt2KF1RV+NW1cQwtvcBSX8+j9V8KJgCMpUUGrQeAlm5XP3zU7sd/Hqql26oVnlbZaul1K/p6Hq3/WnABYCwtMmg9AMT7gFv5PIAPP/0pXWOP9PU84lh2j28J8bOt8JsAt1rqa+ufqyAAjKVFBq0HgNDCb6+r9Oh/Kx7J7B7npbX+aOoY+noe+jqNADCWFhn0EADiOcAln7OO1N/7p/9l4vUMS/e150+pu87Sd1fiZ1rltSpv0tdpBICxtMighwAQ4lW3S138d7/8JV1TBZ/cWa6vd+7+nK6pgji23eO9lPiZZmuqYKm+xjXSS18FgLG0yKCXABDiLXi76z+3irdSdy3xFEvL76OeyxKfYxE/y2wtlSzxwuCe+ioAjKVFBj0FgHDvm8ttqo8ePy/xNqopLvmugOhrtoaK7j94dnXIeR/mFt8rW0NFcQ7tHv+59PZhSgLAWFpk0FsACF/86/HZb1vHRb+W4b91iTsBa7ijsusSoTW+R/a9K7vEiwJ7vKMiAIylRQY9BoAQz8ed48NBIlhEwMi+5xrEc6zn6muFT1E8Vhz7OULr2vt6rgcDcQ30+hoVAWAsLTLoNQCEeFXwnI8C4q1+ld47fazo65xPCcSHuFR8F8WhogdzfqBN3PLX16Gvce3u9udYce73/O4UAWAsLTLoOQBsxQYQm+GxjwTi+cTKr5w+VoShUwZW9LXSh/zMJXpySl/j3+rrvnin0CmvDYi+VngAIACMpUUGFQLAVjxnH7dDIwzcdBs7gkI8Yoi39/Wc9C8l3vscfY0N8qaQFX8X/030teL70OcWPYpe3dbXOJfjv4mfgb7eLq7p6OttdwXe7Gul1/sIAGNpkUGlAJCJCzse3QfDfj4xiPR1fm/21bCfT5yja+mrADCWFhlUDwAAayIAjKVFBgIAQB0CwFhaZCAAANQhAIylRQYCAEAdAsBYWmQgAADUIQCMpUUGAgBAHQLAWFpkIAAA1CEAjKVFBgIAQB0CwFhaZCAAANQhAIylRQYCAEAdAsBYWmQgAADUIQCMpUUGAgBAHQLAWFpkIAAA1CEAjKVFBgIAQB0CwFhaZPDstxfpSQRAf548/eNqa8/3+zVKiwz+evUqPYkA6M+Ll6+utvZ8v1+jtMhr7310Pz2RAOjH2+9/f7Wl5/v8WqVFXrv75S/pyQRAP+7c/flqS8/3+bVKi7wWzxllJxMA/Xj0+PnVlp7v82uVFhn78NOf0hMKgPbFU7m7+zoCwCTxboC33v0uPbEAaFfs3V79n0uL7Lv/4Fl6cgHQrm9/eHq1hef7+tqlRXL3vnmSnmAAtCf27N19nNfSItdzJwCgfYb/7dIiN4vnkz74+Mf0pANgObE3e8X/NGmR28WnBP776yd/f7hEdhICcDmxF8eeHHvz7n5NLi0yXZxs8bTAPz97kJ6UAJxP7L2xBxv8h0uLHCc+Z/rho+ebr+79uvnkzoO/+QwBgNPFXrrdV2OPjb3WZ/ufJi0CALWlRQCgtrQIANSWFgGA2tIiAFBbWgQAakuLAEBtaREAqC0tAgC1pUUAoLa0CADUlhYBgNrSIgBQW1oEAGpLiwBAbWkRAKgtLQIAtaVFAKC2tAgA1JYWAYDa0iIAUFtaBABqS4sAQG1pEQCoLS0CALWlRQCgtrTINC9evrr6n/zvALgse/Jh0iK3u/fNk817H93fPP/95dUf8/8GgMuIvTj25Nibd/+OXFrkZnGC/eOdb/8mBAAsazv8t/uyEDBNWuR6bw7/LSEAYBm7w39LCLhdWjzV/QfPrv4n/7ueZcN/SwgAuKzrhv9W1RAw14xNi6e4++Uvm0/uPLj6v/nf9+qm4b8lBABcxm3Df6tiCIjjnuO40uKxYvhHw6sFgCnDf0sIADivqcN/q1oI2B77qceVFo+xHf6hUgA4ZPhvCQEA53Ho8N+qFALePP5TjistHurN4R+qBIBjhv+WEAAwr2OH/1aVELDbg2OPKy0eYnf4hwoB4JThvyUEAMzj1OG/VSEEZH045rjS4lTZ8A+9B4A5hv+WEABwmrmG/1bvIeC6Xhx6XGlxiuuGf+g5AMw5/LeEAIDjzD38t3oOATf145DjSou3uWn4h14DwDmG/5YQAHCYcw3/rV5DwG09mXpcafEmtw3/0GMAOOfw3xICAKY59/Df6jEETOnLlONKi9eZMvxDbwHgEsN/69sfnl59y3wdAAxir8z20HPoLQRMDUa3HVdazEwd/qGnAHDJ4d/bSQawJPtz7pA7IzcdV1rcdcjwD70EACcXQNvs0/sOfWrkuuPaK+w6dPiHHgKAkwqgD/brsWNeG5Ed1+gPu44Z/qH1AOBkAuiLffu1YwJA2D2u0Rd907HDP7QcAJxEAH2yfw+ODQDhzePa+8LhlOEfWg0ATh6AvtnHTwsAYXtce1843nuZ/YNDtBgAnDQANax9Pz81AIT4OntfuGIAMPwBalnzvi4ATGT4A9S01v1dAJjA8AeobY37vABwC8MfYB3Wtt8LADcw/AHWZU37vgBwDcMfYJ3Wsv8LAAnDH2Dd1jAHBIAdhj8Aofo8EADeYPgD8KbKc0EA+C/DH4BM1fkgAFwx/AG4ScU5sfoAYPgDMEW1ebHqAGD4A3CISnNjtQHA8AfgGFXmxyoDgOEPwCkqzJHVBQDDH4A59D5PVhUADH8A5tTzXFlNADD8ATiHXufLKgKA4Q/AOfU4Z8oHAMMfgEvobd6UDgCGPwCX1NPcKRsADH8AltDL/CkZAAx/AJbUwxwqFwAMfwBa0Po8KhUADH8AWtLyXCoTAAx/AFrU6nwqEQAMfwBa1uKc6j4AGP4A9KC1edV1ADD8AehJS3Or2wBg+APQo1bmV5cBwPAHoGctzLHuAoDhD0AFS8+zrgKA4Q9AJUvOtW4CgOEPQEVLzbcuAoDhD0BlS8y55gOA4Q/AGlx63jUdAC7J8AdgaZcMAXOINe8dRE8BwPAHoBU9hYBY794B9BIADH8AWtNLCIi17i2+hwBg+APQqh5CQKxzb+GtBwDDH4DWtR4CYo17i245ABj+APSi5RAQ69tbcKsBwPAHoDethoBY295iWwwAhj8AvWoxBMS69hbaWgAw/AHoXWshINa0t8iWAoDhD0AVLYWAWM/eAlsJAIY/ANW0EgJiLXuLayEAGP4AVNVCCIh17C1s6QBg+ANQ3dIhINawt6glA0D8hqNoSjXR090+AzBN7KHZ3tq7OX6r37Gir2mjs/+Y48QPebfHABwm9tJsj+U40dO9JgsA8zH8AeYjBMwn+rnXYAFgHoY/wPyEgHlEL/eaKwCczvAHOB8h4HTRx73GCgCnMfwBzk8IOE30cK+pAsDxDH+AyxECjhf922uoAHAcwx/g8oSA40Tv9popABzO8AdYjhBwuOjbXiMFgMMY/gDLEwIOEz3ba6IAMJ3hD9AOIWC66NdeAwWAaQx/gPYIAdNEr/aaJwDczvAHaJcQcLvo017jBICbGf4A7RMCbhY92muaAHA9wx+gH0LA9aI/ew0TAHKGP0B/hIBc9GavWQLAPsMfoF9CwL7oy16jXrx89ffAY3D/wbOrtox7BEBfYi/P9vi1ip6kjQIAakuLAEBtaREAqC0tAgC1pUUAoLa0CADUlhYBgNrSIgBQW1oEAGpLiwBAbWkRAKgtLQIAtaVFAKC2tAgA1JYWAYDa0iIAUFtaBABqS4sAQG1pEQCoLS0CALWlRQCgtrQIANSWFgGA2tIiAFBbWgQAakuLAEBtaREAqC0tAgC1pUUAoLa0CADUlhYBgNrSIgBQW1oEAGpLiwBAbWkRAKhs84//A8D3CvyRtDA6AAAAAElFTkSuQmCCIoT Cloud GatewayGE.PEllipsefalseAnyAnyfalseA specialized device that acts as a communication enabler between an IoT device and a cloud backendfalseSE.GP.TMCore.IoTFieldGatewayCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAARRJREFUOE99ksFmQ0EUhtOHKCGUUi6hhEieoVy6CiGrkG3IA2TVB+hThVLyDN1eSghdZTX5P84fc5u5d/H558z5z5kzc+/gYVb/ZydS6F0+pdTCCcwHUYsvQQPU8Vb0NjgKirog39vgXWA8iZWYhBKzT76zwUZ47KV4ER/iOWL2yeMrNriECUbiM9Y0IXYOX7FBPsFCcPJeUEzMfu8E8CYw/gqKnkKJ2SdvbwsvvgXGLsi3Co0X+X+AUoTy+v4PXgXX+xFDMRa3Bjlr8RfqvbmgqT+rdZ4X9sGD0pRJH0OJR3evmiODaQQnVqE8MtoUC40MhsKz4GTujhJXxUIjg5kKTmTsXKfFQiNDDg/JJBRzBcX14ApRBWL6a6sYxQAAAABJRU5ErkJggg==IoT Field GatewayGE.PEllipsefalseAnyAnyfalsefalseSelectGenericNET Framework 3WCF TechnologiesVirtualDynamicb28a8275-e02f-48b5-888c-87d03d5b01beListfalseSelectTransportMessageSecurity ModeVirtualDynamic6644d5f0-e070-4350-a13b-4d36dcb86531ListfalseSelectNonewindows username certificateClient Credential TypeVirtualDynamic18aa87e2-8648-48e7-a197-46f0b65a81d1ListfalseSelectNoneEncryptAndSign SignProtection LevelVirtualDynamicb81b55b0-ca7b-41df-8cfa-d644e1df1c92ListfalseSelectBasicHttpBindingWSHttpBinding NetTcpBinding WSFederationHttpBinding BindingVirtualDynamiccdaf2be7-2522-458a-8401-64055c7bdec3ListWindows Communication Foundation WCF is Microsoft s unified programming model for building service oriented applications. falseSE.P.TMCore.WCFCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAWMAAAF6CAYAAADMGzmyAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOwwAADsMBx2+oZAAAABl0RVh0U29mdHdhcmUAcGFpbnQubmV0IDQuMC4xMzQDW3oAACNUSURBVHhe7d0/qB3H2cdx92lSukhhkiIqQkjpUqWahBgMCRjMxWCQCmODDQpWocJgFQYHDCbgFAI3AUMIhgSXejuVKVXeMqXKlPfN73jGXq2e2fmzM7szu98PPPC+ztk9V+ecfXZ25pmZVwAAAFZ59OjRze3bt28++OCDG/efAABbunXr1s2f/vSnmydPntz8+c9/vvnNb35DQgaALb3++us319fXN1P//e9/b/Tf3UsAAC0p4T59+tSl4Bf95z//oYUMAK395S9/ubl7965LvTZ1WdCHDAANqZ9Yrd8YWscA0Ihau2r1ptCgnqos3KEAgFrU2tUgXarf//73N//4xz9IyABQi0+sOVRtoW4NdwoAwBpKwkrGJVSHrIkh7lQAgFIqZfv3v//t0msedWu89tprJGMAWMOXqa3x+PHjm6urKxIyAJRSn+/z589dWi1HqRsAFMopZYtRNwcJGQAKKHnW9Mc//vHmb3/7GwkZAFJpwoYmbtSkmXsM5gFAojWlbDEqc1O5m3srAECIWq8p60+UoNQNABL4lmtLvuXt3hIAMKdWa876E6VYRAgAAny1wxYodQOAgNqlbDFapF6L1bu3BwAoEZeuP1FKg4Ss6gYAjl87Yg9+7Qv3pwDAebUsZYvRYCF9xwBOz683vCdK3QCcnvpstyhli/E7ibg/CwDOwyfAHmjwUIvYuz8NAM5DEy964pfsdH8eABzfHqVsMVrEnlI3AKfhy8l6RKkbgNNQ63OvUrYUlLoBOLyaWym1okXtWUgIwKGpYqGHUrYYSt0AHFZPpWwx19fXDOYBOB4/y20kfnag+ycAwPg0KPbs2TOX5sbAFk0ADqXnUrYYv6Kc+6cAwLi22kqpFUrdAAzP76YxMrZoAjA8JbEj8PvzuX8WAIxDNcVPnz516WxsmjHIYB6A4YxYyhajMjeVu7l/IgD0b8+tlFqh1A3AUB4+fHijOCLf4nf/VADo1+ilbDEsIgSge77q4MgodQPQPVVQnIGvn3b/bADoh1qLvW2l1IoGJ1nVDUB3/BoOZ+LX3HAfAQDs74ilbDEapGR7fwDdGGErpVYodQPQDfWdHrmULcbvYOI+DgDYnk9EZ6ZF8yl1A7CrO3fuuJR0br6rxn0sALCdM5WyxTx//pxSNwDb82Vd+JEmgWgyiPuIAKA9tYrPVsqWgr5jAJs5cylbzJMnT1hICMA2NNHhzKVsMZS6AWhO1RPfffedSzuwsEUTgKb8bDPEaXsmbdPkPjoAqEelW9fX1y7dYAlbNAFoglK2fFpkX4vtu48QANY7+lZKrVDqBqAarVOs9YqRjy2aAFSjZIJy/mbmPk4AyKea4qdPn7q0ghKUugFYxQ9AYT2VuanczX20AJDujFsptaLBT1Z1A5Dt4cOHNwrUwxZNALJRytYGiwgBSMZWSu1Q6gYgmSoo0A5bNAGIUquNrZTa0qAog3kAgvy2QWjPr/XhPnoA+BGlbNvR4Ki6g9xHDwDfYyul7VHqBuAl6iumlG17bNEE4AeUsu3n2bNnlLoB+J72tcN+KHUDcKkpppRtX8+fP6fUDTgzX16F/fmyQvfVADgT9VVSytYP+o6BE6KUrT9PnjxhISHgbNQKQ38odQNORK0vtcLQH7ZoAk7Cz/pCv7Q9k7Zpcl8ZgCNSCdX19bW77NEjzYSkdQwcmN8UE/3zm8G6rw7AkbCV0lgodQMO6Orq6ubx48fuMscI2KIJOCBK2cbkb6LuawQwMiVi1p8YE6VuwEH4gSCMyw+8uq8UwIjYSml8GnRlVTdgYH7yAMbHFk3AwChlOxZtAuC+WgCjYCul46HUDRiQFgPC8bBFEzAQStmOS4OxtI6BAfjte3Bcfrss95UD6JFKoChlOzYNymojWfeVA+gNWymdx3fffUd1BdAr9SVSynYebNEEdIhStvN59uwZg3lAT9hK6bwodQM6otaRWkk4H3VLsaob0AFf5oTz8uWM7icBYA8qZXv+/Lm7LHFW9B0DO1JrSK0i4OnTp9QeA3tRawjwKHUDdqCFgJ48eeIuQ4AtmoDNUcqGkIcPH17C/VQAtMRWSgih1A3YiN+cEgjxm9C6nwyAFthKCSmorAAaUmtHrZ6zUFeMBim1QtkPfaEf/F9S+NcrdLzOo/Kvs2CLJqCho5ayqaWvZKnEqYFJK7nWDr2PT9TX19fuLzmWq6urm8ePH5OQgZqUiI+ylZKS3w9TeI1EuVcoQevvOso6H5S6AZWpdaNWzsh0I9HAo5UEew3dLFRGOHIfvV+7xP2UAKwxYimbEpgSWW+t39JQq3nE/np9D1q/xP2UAJRSa1LlbKPQTUN9sVZCK4233377h8E4dSOofzkWeprwx9y7d888b2noOxmpK8NPEnI/KQAl1KoZ4TFZlQrqSrGSV2oocSqJKpm2/Dfr/Grl6v2svyMn9PeO8P2wXx6wglozatX0TEnNSlIpoRZ/L+Vm6tO+7Jhh/J0poWN7TsqUugEraDGgXukmYSWlpdBA0ii1vkpeDx48MP8dS9HzkqZs0QQU6LWUTY/4VhIKxZtvvnmp5R2ZbiDqt7b+faFQ90Vv1J9P6xjI4MuReqIBq8sgkJF4rBilLzVXbrdMbzci/9tyPzUASzRo10spm7Z0yilP67E134ImrqS2ljWw2cv3qRsk61YACXy/Xg/UqrOSyzzUFXHUKcUxSrLvvvuu+bnMo5euC32vVFcAEWq17P14r/dPmS135iQ8pyeI+/fvm5/TPHqoUfaVOu5nB2BKrZW9+xg1WGUlkHkcZf2G2tRSfuONN8zPbBp7P/3o+2MwDzD4WVJ7SW0Nf/XVV+4ILEmpOtGSqHs+BVHqBhjUStmrtalHbCtZTOOtt966vA7plGhTZvnt1dWjv49V3YAJX260ByUCK0FMY8+JGroBqJWpJwclNs3aS2lN6jOdTq/es2875TPW37iHH5YyBbDfVkqxR2n1fW75dynxqs/8o48+Mv8eHymJ1TrOhxYOUr3w1uVmH374ofn3+NirH5m+Y+B/1CrZYwqtWoxWQvCxZd/w119/bf4NoVibjOfx8ccfu6Pai90A91i3Wk8+1B7j9NQq2VpsoK5l37Va2tPWtv5v629YitrJWDGfrNKyf1wtcutv8LFHQqbUDaem1sjW/bFLy1y27JZQAvJ1uNNF2j/77LOX/o5YtEjGCk/fyU9+8pPLZI6U9yoV67bYsotI3w+DeTilPUrZlhLx+++/715Vl1rZmhwyfS+vpFWsaJWMp63jd95554X/rdVN88svv3zhfeaxZULWgOel+gM4lf9daFsOIC0lYiWE2kJTqaf/5pJWsaJVMlZ4oRvFtFVfy7fffmu+l4+tErLeh9bxKIwfClEeviXSOpZWW1MiqEmtS+t9FNPyrdJWsaJlMp72l+v/tl6jqD1TculzU1jfa4v4wx/+YL4/URZN+uE1+r7HwMIo1iSXvaLmo7cGvN577z3zfRT636ZKW8WKlslY/cRTqiqxXuej5tPNUvLvNbZ8uhuNv8G5FFoPyTjuchc0frA9Rs2lLkNdEtOYPmqvvXG1TMaKeYKJrTWhG0st+rdZ79Fj7FUXPQqS8c6WugR6iVqzvZS0rPPPY5481+ybp2idjOetY7X6rdfNo9aTxigtZCwjGe8s1ve3d3zzzTfuL13n888/N88/D2vyiPW6nGidjBXz1rESrfW6ecy7Y0qlvt9esffqgiMgGXfgsq2N8QPeO5RAa9BqY9b556HH+7kaXTlbJON561g+/fRT87VW1Jg0Equy2Cv2XF1wJCTjDqQ+1m4ZNeqIc/9d035iz3pdbmyRjBVr//6UvzMmVoe8R9T4d50BybgTGtywfsh7hNVCzZXbj/nFF1+4I39Uqy90q2RsrRmS2w1Vo39eCxtZ594j9lpdcEQk445YP+Y9wmrh5YgtbmOFpVb3zVbJWGGxXrcUNbqHrPPuEWt/S2dCMu5ISRKrHWqNrpHTT+pD/cJza8vZprFlMrY+v9Qqkmmon32NkvesHdbTDsJIxh1Jqb9tGWuXwUytmJiHpWYN9pbJOPRYnroj9DTWJuS9b+7UFechGXdCLUGtyvavf/3L/GG3jrX9xCqBs84bi9BkEuu1pbFlMlZYSluqawdSYyu9tYp//vOfl0Xo5yV/CCMZd0KtCN+qStnos3as6dtb0wKz1H7E3joZh2pqS6d0r+1Dts7ZMnwp2/Q3jTiScQeUfKatiJr9pSmxZgR/zaSVUKvpk08+MV9fGlsnY4Vlzfe6ZvLN1jP0pt+rftc1p9IfGcm4A2o9zPvX9PlZP/QWUUpJzjpfSliTJDzr9Wtij2QcutHkbhk1jTU3za26K5RMpvSUcOfOHff/YQnJeGdqNYS2UrJ+7LUjlDRi1k5UCb1vi2m9eyTjpcWArNenRmkrc6unLau7S90WVsUMXkQy3plaDaE+xjVdACmxZvWwNf3ES2sit6gASOkPn+8usjbUAg5Z872uWdi/dbVOaCF93Qxv3bqV9D2cGcl4R2otxObtp67rUBJcHOdj/Q5qxRKrKw4vIhnvRIlQrYXYI7Qe560f/tpY0/+IcbX6PcW6T/R71xZNpd1iZ9AsGeuR5dVXX725ffs2YcQvf/nLm7t377qvYdmjR4/MC2BN4LxKJqAsRWqj669//evNL37xC/N6IG5fblaXax3b+fvf/37zs5/9LLmbQK+zLoLSCPVR4xxqt45zWru/+tWvLknZXQrAvtSSUDdOjprTg4FarWO15HKoWkYzTd2lAOwrVMoWY10MuUGJEaRW67hkEFiD0pettIA9qVVQuvdZjVI3wFtbzld6Y9eNQP2j7pIAtqfWwNqVuDToZ10YKUGrGFNrb+5rNKscAFLUKO1Z83hZQn3b/sIpjVgZnR511fdoHbs2Umtba/w7QxHb305J0TouJ0preK3fSUrEStlifKmbuzSA7fiLpgZdeNYFshQlq2fV6BZR6HF4ydqt+GOxx3ToaXz00UfuXWzarsk6LjdKnnxKPvtaK7Hp79WkJ3eJANtQK6BksMNSUupWsoPH22+/bZ4rN2JJQsnKOq5W7J2MFUv091nHlESukt/S2qe7KSorsKkWC6XofNaFEopctUbbFbGbkHVMzeg9GYt1TEmU1JDnDOTVntKspy9VF7lLBWhLd/8WLo94xgUzD2vX4pias7RirGNqRg/JONaa1KO/dVxJ5MpZnKnW092UBqUvXTVASy0X107t040NIM2VPLqGInYjWLsUZ0r0kIxjLdaaq9WV/N6s88yj9tOdpxsVg3loSokodf2JUiktqly1BpQUsUTYellHRQ/JOOXx3jquJNTXnyv2O4qtLriWPp/L3wC0UKOULSbWssyddi3WeUojpqQyJDd6SMaKGOuY0sjtToi1zFs93Xn6e+k7RhO6y9ce7AhZSmgpiWiq5sCdIsY6pnaMkowfPHhgHlcSuQN5S11T+i1vgVI3NKG7fIvBjhDrIlLkqtlFkXIzso6rHb0k49jvoWa/sSKXdQ5F7pjDGtr5xl1CwHotStlirO39Y5MtLPNzrInYGhxLrbGa0Usyjj3q1x7MzG0MWC3z1n3Fc/qMqD1GFf5Ra2uXx7vZhZTbX1y7iyKWDFKrQdZGL8k4Vlki1nGlodl1OUIt8635Lj53SQFldFdvPdhhsS6i3P5iJW/rPKURU/v9QtFLMo5Ni5aaG6PmPhmFnlS27KYQNQoYzMMquptvNdgxFXq8zVUzEShiLq0f47ja0UsyTkmOtbfYymWdY4+dYfy15C4tII82GN26FSGhWt1c1jlKI2VRJL3GOrZ29JKMFTG509xjkft7vHfv3kvnyN3NoxZaxyiyZSnbnNXCTHkknlLCmp9jTaT0V9ZuiYdipGSsBZ2s40ojdyDZqqZZuwZ3KTUyqK5ANt3F96KLZX4B5Q7e1e6/Tek3t45rESMl49oVJmrp5uhlEM/zlUnuMgOWaZtt/Yj3Yl08uVs71Vou00dKWZV1XIsYKRmLddyayBGqqMktk6tF3526/9ylBoTtVco2ZV08uX2F1jnWRArruBbRUzJO+V6s49ZELuscKZ9hK5S6IYnu2nv+UEOPtbmsc6yJFNZxLaKnZLzH31Ljxrznk59+46zqhkUaZdbMtz3p4rYunlzWOdZEjBKEdVyL6CkZpyQ1q6JhTeTWvVvnyJ1AUpvGNK6urkjIsNXcSqmUNeCSW+wfSuhrIqbFe4aip2ScktRql/zlVlRY758ye7A1St1g0l06t2KhBasuNTcZh0bQSyNlPd3a77kUPSXjlKRWu7Ilt+TSSsYpdeOtqYVPQsZL9ixlm7LqQmuVM5VGSkusdj3tUuwxaBaKlM9GlTDWsaWR22iw6tbV+OiByjgvO1oDokS8x/oTll5bMRiX1TLfu2LIU+kdg3m40F15rxlJFpIxagt1k/TCD5y7SxJntcVWSjmsZNxDXzbGFeq26gWlbnhFd+O9Fk0JIRmjtt6TsfjJVu7SxNn0UMo2ZyXjvWtCMbYRkrFoGQJ3aeJM/IIlvaFljNpGScaUup2U7sI9spJxDwX6GFet9bG3cPfu3e/LO3EOPZWyzVnJWP8NKNV7NcWUBtNZ1e0kVAC/x1ZKqWolYz2a1orUfnXr2NqRehPVJBTr+Nqxx2eTO85hJeNe6owt/hp1lyyOSnfdnkrZ5qwZeCnTkaesKdVrIqXiREnCOrZFpHx/1nEtIuWzucwwM44tjdwKIL1+fg51B/RKNxv6jg9uz62UUlmJNHdtitrTb1Pev/Z7LkVPa1OkDK5aN9g1kTuGMGLXF6VuB6dt93srZZvTY/j8wlHkUMvROseaiDnrqm0pFTlWMlwTubs7a//E+TlGqNDxFU/u8sVR9FrKNhdKpLmsc6yJFNZxLaKnZJyyHVbtjVrVH57DOsce2/XnUsNEDSh3CeMI/CPPKKyLJ5d1jjWRwjquRfSUjPf4W3Kf7qxz5Cb0vbBF08FoMGCUH59YF0/uoKN1jjWRwjquRfSUjFMSo3XcmshlnSN366a96O+k1O0gfJnMSKyLJ/exsvZWPz2tIdxTMk5hHbcmcoTWmR6Jv4bdJY1R6a46SivAU9nR/OLJHUG/DHzMzrEmUvpGreNaxEjJWL8967jSePDggTtzmpFm3y2h1G1wfmrlaKxSqNzdPmongZTPUfXQ1rG1Y6RkHKqOKQ3Vc+e49LfOztFzjXGI/t0sJDQw3U1HVKO8TaxzlIbKo2Jql3CFYqRkXHvCR+7gnXWDHLGBIpS6DUp30dxWRC90wc0vIEWu2v3GMVaLvkX0koxTJsNYNb5rIpd1jtQp5b3R985g3mBGK2Wz1LiIavcbx9RuBYail2ScMovNOq40anVV9T7xaYnfEMJd6uhdb1splbAG8dT/lyPUwi6N2EBoaOS+dvSSjFMW/beOK43cJ73QzXhk+k2zRdMgdNfU3XN0oUf+XNY5SiOlvM46rnb0koxjteu1p6XnsrqpRhy8m9NU7qurKxJy73rcSqmEEs78QlLkqtl1kFJWZR1XO3pJxjE1u4neffddd9Z01nlSWvMjoNStc9py/yg/NrEuptx+49pdFTFblLeNkoxrDqCm1HlPhfqLY11No9B1QELu2KilbCGXWUeziym331jm51gTMVtUVPSQjFPWmLaOK41cR+wvnvONL3f5oxdKxKOW7ISEFmzPVfNxOfYZb7GucQ/JOFarW/OJJHfWnVgrxZXcyHumPnkG8zrjO/SPJnRBpySjOes8JRFLDLW7RazoIRnHug1q3gBzK4Nq/m565wfsXSrA3o5QyhaiR7H5RVXSUvrss89eOk9pxFjH1IweknGs77XWGsYlA3ehQdsj0o2H1nEnfBH4UVmbSZZcWDVbrLEbn3VMzeghGcdYx5RESdebdZ4jlHuG6ClEk7xcSsBeND1SieaoQkm0ZKq3WtTWuXIjtmWPtQFmzeg9GSuBWseURK5QbfPRxlPmWERoZ6NspbSWNRsvZV2EudCFmhu//e1v3RltoWUba0VKl5R1XK2IDYTVuhmVJNBQd9TR6bOi1G1Hd+7ccV/FsYVaWiVPBJo1plb1mkhJhhrgso5dG6kJqsa/MxQx6k+2jsuJ0pas9TsZYfPRGvySuS49YCtHLGVbYl1kagUBXqiC48jdeFNqJLCq28b0mDjaVkprhSZTnOVCQ5z1+zjbdeJzg0sVaE2t4pRH5SMJDeTROoaEurLO9PQouk7oO96I7npHm0mUypoeraB1DOt3oTgjSt028vrrr582+YSqIc4yQANbqFV8hkqjELZoakzVE7lb1h9NqHWM87J+D4oz0w1KDTeXOlCTf/Q4u1Dr+IsvvnCvwJnQVxzmuzRdCkEt6pSP7axwFqHW8dkGNWG3imm0fE/13pS6VebLVfC90MLhb731lntFvlCNakp8/PHH7iwvq7nTiI+UBdKt49bE/fv33Zlf9vXXX5vHpMTSeWNCs+1oFf/I5w6XSrDWUbZSquny+FX5QrTOlxqh99U6Etbr18Qea1OEdpAJlRymRsqNxRLqrqJV/DJK3SrxUxzxoqUkUGptYgmxXrsm9kjGocbAhx9+aL4+JVL+HSHW+RRrznlUml7OQkIV6K4Gm35k1gW5ZjAv1AWSEqEF10PLgJbG1sk4tKZwqHWaEmvGP0ILMelpCTZK3VZSaUruRoxnc9my3Lgw17SQdKx1zpSwrG1xz2PrZBzqglGStl4fizW/6aWbJcJ042QR+kKUsqVZujhDj9Yp1HKzzhkLfW+WmrtGb52MLUrQ1mtj8e2337ozlLHOqWDQLs5vROFSDFIdeSul2kIVC++88457RRm14KzzxsK6CZSey4otk3Fo7Q/rtbH48ssv3dFlPv30U/O8R97Foyb9LmkdZ3r48OGNAun0FGFdqN988417RZmSJFozgVmxZTK2GgQln4nK39ZYes81T0Bno4bLZV9JpKGULd/SYFJK8lpSMlBlfX+hutjc2DIZW6zXLcXaLoSlriglaeSh1C2R7lqhmk4sa9l60vHWeUNhVSCUJHUrtkrGVv937uSYGl1t1nkVLBBVRjdHEnICVVCgXGgyiKLG00ZOXa2VNK3X5cZWyXgu94ZU4/P+3e9+Z55bVTQop8/vUnIJm+5WjAqvFyp304VdQ87033lCKq1CmMYWydjq937jjTfM185jaXp4jvfff988v6JGoj8zPbEwmBeguxR3+zqWWnD37t1zr1onNam+99577ogfWa/LiS2S8TzZffXVV+br5lFridfPP//cPL8i5d+POJW5qRLFpSB4lLLVpQvWupAVKpGqRVUv1ntMQzMFp0IzB1OjdTKet4pTaq510yldZ2JOFTDWeyjOvp53TbrhsqrbjF93FHUttV7X1rxOpQzMzW+01mtSo3UynraKl54yfNTsWtOkEOs9FAzY1ecnl7lUBPUVzx8LUUdoHQNFzRayLL2XYiq3KmEaLZPxvFWsiTPW6xSheupSS33xLJbVDosIOX4BD7SzlCRr9SF7uqnqkd16r3nyt16TEi2T8bQFH+ouePPNN6t3qS31ETMBqi092VDq9j/a1w7tLa2cpiqL2k8m6j/95JNPXnqv6SN9aeu4VTKe1kZbXS/qTqudhEU3xPl7+SARb8N3lbq0dD6qKa7Z34ZlSwlZ0aqraP6+0/eZ/vfUaJWMp4l2+t/VRdDqswnVESuoLtqOvvvTDubpLsRWStuLJeSW+wz6KorpDMuS1nGLZDxtFfuZjC27z6yW9zRY/Gd7Pie5FHUe6qNp8ciHuNhAm2pqt2T9DUvRIhlv+VuMlfYxWLcPPf2cbnt/Stn2t1T2ptBss1aP5nP6W3LWO66ZjDUYN6+Dbik2nZw64n3paehUpW5qFWN/SmpWQphGy24Li24ASkhLk0nWJGMNlumC2/qpLNYtoWD8pA++wsulq+NS9QR3/34sLc/oo4cRff2dasGmLhmpxKbXpyTu1kKL/0+jh78T31MD5PClbv4RAP25bEdjJIlpsHZunpRp1KqY2Ko7COkOX+qm0hFaAP1aWg/Zh/qSa63BcFRKrvfv3zc/v2mwbne/9Bs/bKmbLxtB3/QjvGxLYySPaWxdcTGKWKWKDxol/VNVy927d4+XkNlKaSyxemQfeh3SkzD1w2M5XN+xX1UfY1Hr7VLmYySVeZz1+72MuhufhxX0uY9Hg8CHWkiIUraxxSYpTEMrmZ3hCSj1yUFB3/DYDlPqphkttAiO4TK6bCQbK7aeTLGF3Mkp6pKga258qhEffosmtQg0GITj0ADfZf6+kXxCoddvPXmkFnXVWKvPLYVaUgzQHYturJfyz1GxldJx6XvNTcoK/aB7f1JSCzjnKcCHxkZGvelgmZ5whm0da9YWa7Een1rKKRNGQtFDci5Nvj50U6LRcXz+Sd+luHFQynYu+q5Vl2klq5xQX7Nu4ioVq71Wg1qt6sfW+XP6fkOh8zAB5lyGK3Xzo484JyW8S7G8kcBqhH/qWgoldevYtaGWEb/t81IDYaiErLo8QNTCVV+qldhGCSVgPaLypAfx8yZcuuuX7hq1Hy9xDDkTJHoI9SPTDYG5IUrd/FxuIEQlQlbi6y1YXRBLNPB8+S33SqscMaqMJXrUt5Jfb0GJGpbod9ztqm4q79FjHRCj/lcrAfYS+i0DMep2u6zd0hv1FTPAgVRWEuwl+B0jVXeLCFHKhlwa5LUS4d7BzszI0VWpm2+qA7l6LHkDcvkuWpcS96NV2ShlQwkN9loJca9gdUGU0O9498E83Q0Y7MAaa9a1qBmsLog1fC50qXF7uhtQFI81eil1oyQTa+h3rF4Clxq3RSkbatl7Zp7WsgDW0tT/O3fubJ+QNYII1GIlya2CUjbU4ivLXJpsT7V1R9tSB/vaq9SNkkzUpJmbm5W6UcqGVi4DIEbCbBlAbZuVumnQjv290MLWpW6UZKIFdXs1X9XNr1QEtHJpURiJs3awuiBa8itYutRZH1spobWtSt0oZUNrzfqO/er2QGutS90oycQWNKOzSe0xpWzY0mVpQiOR1gie7rCV6qVuSsQMdmBLrUrdKGXDltQdVm0wTwuBM28fe6hd6kZJJvbgdyx3KbWcsjqDHdiD1j2xkmpp8HSHPVQpdVMZm8rZgL3UKnVTKxvYi+9hcKk1nyZ4MNiBvVnJNTdYXRB7K66s8KOAwN60DoqVYFODrZTQA3WTFdUeazEgoBdrSt2AXvj5Gi7NxlHKht5oPRQr0caC1QXRk6xSNw2YMNiBHmlA2Uq4oaCUDT3yOdal3DAN2lHKhh7lrlvB7xg90u84uoGpX4cT6NWlv81IvPNgdUH0zK8L71Lvy1R6QSkbemcl33nwO0bvgvvlUcqGUcTWrVCBPdA7s9TNN5mBUVxmMxmJWAGMwncNu1T8yitqLmubaWAUGpyzEjElmRiJNjB9YTDv1VdfpY8Nw7mshDVJxCqoB0bzQjJmth1GNC91o5QNI3phVt5Pf/pT95+BsWi8Q4mYkkyM6oUFhPT/0GeMUWkwj242jMisqNAgnkb2tMKV5vMTBEEQbULll5qYpC5il4JfpEc97fWvFxDE3qGBDYX1v+XGr3/965uf//zn5v9GEFuHnua0cYdLvUDf/N5hNWiARAMl7tQAgFQkYwDoAMkYADpAMgaADpCMAaADJGMA6ADJGAA6QDIGgA6QjAGgAyRjAOgAyRgAOkAyBoAOkIwBoAMkYwDoAMkYADpAMgaADpCMAaADJGMA6ADJGAA6QDIGgA6QjAGgAyRjAOgAyRgAOkAyBoAOkIwBoAMkYwDoAMkYADpAMgaADpCMAaADJGMA6ADJGAA6QDIGgA6QjAGgAyRjAOgAyRgAOkAyBoAOkIwBoAMkYwDoAMkYADpAMgaADpCMAaADJGMA6ADJGAA6QDIGgA6QjAGgAyRjAOgAyRgAOkAyBoAOkIwBoAMkYwDoAMkYADpAMgaADpCMAaADJGMA6ADJGAA6QDIGgA6QjAGgAyRjAOgAyRgAOkAyBoAOkIwBoAMkYwDoAMkYADpAMgaADpCMAaADJGMA6ADJGAA68OjRo5vXXnvt5vbt26vj1q1bN3fv3iUZAwCAkFde+X9E3kzwCU4YKQAAAABJRU5ErkJggg==WCFGE.PEllipsefalseAnyAnyfalsefalseSelectGenericMVC 5MVC 6Web API TechnologiesVirtualDynamic1e972c93-2bd6-4915-8f5f-f46fd9f9399dListfalseSelectOn PremAzureHosting environmentVirtualDynamic6c5d51b0-91b1-45ca-aebd-3238f93db3b8ListfalseSelectADFSAzure ADIdentity ProviderVirtualDynamic3175328a-d229-4546-887b-39b914a75dd8ListWeb APIfalseSE.P.TMCore.WebAPICentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAAJUJJREFUeF7t3SuAHMfZLuDAwMDAwMAfGgYGhhoaBgYaGAQIBBgECAQYBIgYGAoYCAoYGBgICAgICAgICAiY7NG7OhvL7a9We5mq6ep6wEO+OPZ0z2zX23X93cXFBQCwmLK4Vy/e/Hzx9dM3F199//ri80evLv7yn5cXnz18efG7L58BwDD/9+8Xl23QF9++umyT0jaljdq2W3tWFvfkx1fvLr58f3P//PWL8ksAgL1IMJglDJTFPUjDn3RV3WAA2Lv0VL96u98gUBbPKanpb/99Vd5MAJjJ7796fjlE8O4yB9Tt3rmUxXP57tnbiz/883l5EwFgVn/614uLZ6/31RtQFs/hwZM35U0DgCPIC+7Tl+/eN3l1OzhaWRwtsyirmwUAR5IhgUc/vX3f9NXt4UhlcaTM8K9uEgAcVYa8t+3haGVxlKSg6sYAwJFlOODccwLK4ggZB0lXSHVjAODoMjHwzeWUgLqd7K0sjpDNEqobAgCryF4B2/ZxlLLYW8Y+qhsBAKvJxnfbdnKEstibt38A+CBn2mzbyRHKYk8m/gHAr51jVUBZ7Omv39jfHwA+lrNvtu1lb2Wxl8x2NPMfAH5r9MFBZbGXb37U/Q8AlYc/vHnfVNbtZw9lsZcsd6guGgBWN3oYoCz2YvY/ANQyRL5tN3sqi7388YHxfwBoGTkPoCz2Ul0sAPDByE2BymIPL978XF4sAPDB4+fj9gMoiz3k8J/qYgGAD7Jabtt+9lIWe3jyQgAAgOsIAACwIAEAABYkAADAggQAAFiQAAAACxIAAGBBAgAALEgAAIAFCQAAsCABAAAWJAAAwIIEAABYkAAAAAsSAABgQQIAACxIAACABQkAALAgAQAAFiQAAMCCBAAAWJAAAAALEgAAYEECAAAsSAAAgAUJAACwIAEAABYkAADAggQAAFiQAAAACxIAAGBBAgAALEgAAIAFCQAAsCABAAAWJAAAwIIEAABYkAAAAAsSAABgQQIAACxIAACABQkAALAgAQAAFiQAAMCCBAAAWJAAAAALEgAAYEECAAAsSAAAgAUJAACwIAEAABYkAADAggQAAFiQAAAACxIAAGBBAgAALEgAAIAFCQAAsCABAAAWJAAAwIIEAABYkAAAAAsSAABgQQIAACxIAACABQkAALAgAQAAFiQAAMCCBAAAWJAAAAALEgAAYEECAAAsSADYib/85yUAE/v9V8/L5/teCQA7sb0GAObyp3+9KJ/veyUA7MT2GgCYiwDQVhZ7EAAAGE0AaCuLPQgAAIwmALSVxR4EAABGEwDaymIPAgAAowkAbWWxBwEAgNEEgLay2IMAAMBoAkBbWexBAABgNAGgrSz2IAAAMJoA0FYWexAAABhNAGgriz0IAACMJgC0lcUeBAAARhMA2spiDwIAAKMJAG1lsQcBAIDRBIC2stiDAADAaAJAW1nsQQAAYDQBoK0s9iAAADCaANBWFnsQAAAYTQBoK4s9CAAAjCYAtJXFHgQAAEYTANrKYg8CAACjCQBtZbEHAQCA0QSAtrLYgwAAwGgCQFtZ7EEAAGA0AaCtLPYgAAAwmgDQVhZ7EAAAGE0AaCuLPQgAAIwmALSVxR4EAABGEwDaymIPAgAAowkAbWWxBwEAgNEEgLay2IMAAMBoAkBbWexBAABgNAGgrSz2IAAAMJoA0FYWexAAABhNAGgriz0IAACMJgC0lcUeBAAARhMA2spiDwIAAKMJAG1lsQcBAIDRBIC2stiDAADAaAJAW1nsQQAAYDQBoK0s9iAAADCaANBWFnsQAAAYTQBoK4s9CAAAjCYAtJXFHgQAAEYTANrKYg8CAACjCQBtZbEHAQCA0QSAtrLYgwAAwGgCQFtZ7EEAAGA0AaCtLPYgAAAwmgDQVhZ7EAAAGE0AaCuLPQgAAIwmALSVxR4EAABGEwDaymIPAgAAowkAbWWxBwEAgNEEgLay2IMAAMBoAkBbWexBAABgNAGgrSz2IAAAMJoA0FYWexAAABhNAGgriz0IAACMJgC0lcUeBAAARhMA2spiDwIAAKMJAG1lsQcBAIDRBIC2stiDAADAaAJAW1nsQQAAYDQBoK0s9iAAADCaANBWFnsQAAAYTQBoK4s9CAAAjCYAtJXFHgQAAEYTANrKYg8CAACjCQBtZbEHAQCA0QSAtrLYgwAAwGgCQFtZ7EEAAGA0AaCtLPYgAAAwmgDQVhZ7EAAAGE0AaCuLPQgAAIwmALSVxR4EAABGEwDaymIPAgAAowkAbWWxBwEAgNEEgLay2IMAAMBoAkBbWexBAABgNAGgrSz2IAAAMJoA0FYWexAAABhNAGgriz0IAACMJgC0lcUeBAAARhMA2spiDwIAAKMJAG1lsQcBAIDRBIC2stiDAADAaAJAW1nsQQAAYDQBoK0s9iAAADCaANBWFnsQAAAYTQBoK4s9CAAAjCYAtJXFHgQAAEYTANrKYg8CAACjCQBtZbEHAQCA0QSAtrLYgwAAwGgCQFtZ7EEAAGA0AaCtLPYgAAAwmgDQVhZ7EAAAGE0AaCuLPQgAAIwmALSVxR4EAABGEwDaymIPAgAAowkAbWWxBwEAgNEEgLay2IMAAMBoAkBbWexBAABgNAGgrSz2IAAAMJoA0FYWexAAABhNAGgriz0IAKzkzbuLi/zmP+XV25/f/+P1vwO4PwGgrSz2kIdddbF7tr0G1vXizc+XDfbj528vvvr+9aXPH726+Mt/Xl78379P+4DJAyv/3o/lv5X/Zh4O+RwJGB9/PqAmALSVxR4EAGaQ32n+ANPYpuHd+8Mjn/Fv//11ONCrAL8QANrKYg8CAHuSN/qZGvq7+Ozhh3Dw9dM3Fz++uuwyKO8FHJkA0FYWexAAOKenL99dNoRpEP/44Hn5fR/d7796fvHXb15ehp78PW7vERyRANBWFnsQABjl3c8X/xurz9t9Gr7q++VDL8GX7+9T7pd5BRyRANBWFnsQAOjp2eufL9/w84ZbfZfcTCY0/v271xffPRv3EIKeBIC2stiDAMAp5S0/jVQaqyOO3+/BH/75/OKLb18JA0xNAGgriz0IANxXuqjzx+EtfzxhgFkJAG1lsQcBgLvIm/6jn95eTt6rviPGEwaYiQDQVhZ7EAC4jTQu2fzGBL59EwbYOwGgrSz2IADwKVmql8YkjUr1fbBvedBmIqbVBOyJANBWFnsQAKikiz8/+FNvp8v5JMD94/Hri2y2tP2+YTQBoK0s9iAA8LE0DpnB723/2DKMk56d7fcPowgAbWWxBwGAyIQ+s/jXkw2H8t1vfw/QmwDQVhZ7EADWlW7+jA2vugUvv8hv4MET8wQYRwBoK4s9CADryal02Y5XNz9bWd2ReQKCAL0JAG1lsQcBYB0Z38/D3RI+PiXhML1D6SX6+DcEpyIAtJXFHgSA48uRs1nGV91LuE4e0uYI0IMA0FYWexAAjs9SPu4rv6E8K7a/LbgrAaCtLPYgABxfegCq+wi3la2fc8Lj9jcGtyUAtJXFHgSANdizn1PKXhGZTLr9ncFNCQBtZbEHAWANegE4tUwmzWoSEwW5CwGgrSz2IACsQy8APfz56xd2FeTWBIC2stiDALCOLAO0BJBevtQbwC0IAG1lsQcBYC3ZB6C6p3AKegO4KQGgrSz2IACsJRO39ALQm94APkUAaCuLPQgA69ELwAh6A7iOANBWFnsQANaTfd4dAMQoegOoCABtZbEHAWBN2ee9urfQg94AtgSAtrLYgwCwpryR6QVgtPQGbH+LrEkAaCuLPQgA69ILwDn85T8vHTeMAHCNstiDALCu9AKka7a6x9BTHv7ZnXL7m2QdAkBbWexBAFjbd8/elvcYestyVEcNr0sAaCuLPQgAOC6Yc8qy1O1vkuMTANrKYg8CAHoBODfzAtYjALSVxR4EACIP4OpewyiZj/Ls9eWGAeVvlGMRANrKYg8CAOG4YPbgD/98fpEeqe3vk+MRANrKYg8CAFccF8xefGW/gMMTANrKYg8CAFf0ArAnX3z76v3Psv6tMj8BoK0s9iAA8LHPH+kFYD+EgOMSANrKYg8CAB9zXDB789dvXjpM6IAEgLay2IMAwJbjgtkbIeB4BIC2stiDAMCWXgD26LOH9go4EgGgrSz2IABQWaEXIKchZv+DmO1htKrsWikEHIMA0FYWexAAqMx4XHAa8ixlzBKyyD7z+X3HXbqPsynN1f//Sk5QzJG2+W85Tvk8EgLSS7X9vpiLANBWFnvIQ6262D3bXgN97PW44HQFZ3Z4Gvn8fl+8OW9jkM+Qh0M+T8aqna3QXxqPc3/v3I8A0FYWexAAaNlDL0D++3mrf/DkzWVjv/2Me/b05bvLz22b5T6EgLkJAG1lsQcBgOuM7gXIVrDZiyDd90d7uOdvLcMH6cGorp3bEwLmJQC0lcUeBAA+pXeXdg6BScOYN+btf/uo0ruSPe8z2TLXX90XbsbEwDkJAG1lsQcBgE/pcVxwGr30Lnh7+yDh5+/fvb7sAanuF9ezT8B8BIC2stiDAMBNnKIXIOP5eeN15Ov1MvzhYKbbs23wXASAtrLYgwDATdynFyAP5sfPx/3xHEWWuj384Y0hgltwiuA8BIC2stiDAMBNpZu1+j4q6crOuL712qeRXpMMEdih8dNGPqi5OwGgrSz2IABwUzc5Ljhvq/lDMR7bRwJVhlEEgbbcGz1O+ycAtJXFHgQAbqM1Np05Ahkm2P7z9JFZ7+nuNmmwlvuSwLq9b+yHANBWFnsQALiNbS9A/ogzaW37zzFGgkA2G7It8W/lt2mVyX4JAG1lsQcBgNvKWHQanCzj2/5vnEeGXPJ9CAK/Zo+A/RIA2spiDwIAt5UHqjH+fcr3kqEBcwR+kWGr7X3i/ASAtrLYgwAAx5NVA7dZtXF0eqv2RwBoK4s9CABwXJmYaVjgw8qAlbaanoEA0FYWexAA4NgyZJM9Gaq/pZVkiaqhq/0QANrKYg8CAKwhKzhWP4nQdsH7IQC0lcUeBABYSx5kK+8fMPJBTpsA0FYWexAAYD2ZJNj7mOe9ynwAB1KdnwDQVhZ7EABgTRkPz54O1d/Y0ZkPcH4CQFtZ7EEAgLVlpcCKQwLmA5yXANBWFnsQAIBsmbviBEHbWJ+PANBWFnsQAIBIl/hqywXT8+G8gPMQANrKYg8CAPCxHKW70pBAdkzc3gP6EwDaymIPAgCwlVnysz2g78NQwHgCQFtZ7EEAACrpGl9lqWC2S7YqYCwBoK0s9iAAAC3ZRniVyYH/ePz6/SXX94HTEwDaymIPAgBwnbwZ50jd6m/xSLJBULZL3l4/fQgAbWWxBwEAuImsm6/+Ho8kvR3b66YPAaCtLPYgAAA39dUCywRHPuhXJgC0lcUeBADgNh7+8Kb8uzyKTAh89dbeAL0JAG1lsQcBALitr58eOwTkjITtNXNaAkBbWexBAADu4ujDASYE9iUAtJXFHgQA4K6OfJpg9kDYXi+nIwC0lcUeBADgPj5/dNzVARnq2F4vpyEAtJXFHgQA4D6yT0D206/+Vmdnh8B+BIC2stiDAADcVxrJo24brBegDwGgrSz2IAAAp5Btg//89fFCQK5pe63cnwDQVhZ7EACAU8kBQuk2r/5uZ/bds3EP/1UIAG1lsQcBADilGZ8pn2JFwOkJAG1lsQcBgFVkXXd+75E3uqxj33rw5M3//pkrdoW7vdzL6m93ZnoBTksAaCuLPeQBV13snm2vAa48e/3z/xr3v/zn5aXqN3QX+XdlyVv+3Y9+ensZDrb/fX5xtJUBegFOSwBoK4s9CADM7OnLdxdf/v/GPse5Vr+X3tLQpecgn2X7+VaWSYGzPeQ/RS/A6QgAbWWxBwGAmWSSWQ6jyfn052rwr/OHfz6//Gz5jGkAP/7sK0oo2uP3dFd6AU5HAGgriz0IAMwgXe4zdilnyGD1t8ajHRykF+A0BIC2stiDAMBe5W0/3ftHWFaWa/jH49cXmaOwvc4VpFekui8z0gtwGgJAW1nsQQBgb2Z927+pNIarnTR3tPkAj5/rBbgvAaCtLPYgALAHR3rbv6mEnPz9be/FUc34rGnJ0M72+rgdAaCtLPYgAHBO2UM+y+qONFHstrKCYZUg8MW3xxgKyO/V/hD3IwC0lcUeBADOJZOpVnrj/5Q0jkdvVHJ9WSlRXf9sHBJ0PwJAW1nsQQBgtEyEO+UGPUeSxjFLCLf37EhyfdW1z8ZkwPsRANrKYg8CAKNkIlhmwlffKb/22cOXh54omOurrns2q03mPCUBoK0s9iAAMEL+eHT3317mR2zv5RGk4TzCvI+/f3fM72cEAaCtLPYgANBT3vqPvKRvhAyXHHFuwBF6gzJkk4msH18XNyMAtJXFHgQAeslY/5+/nuuPfK/Se5K/1e09nlkaziP0Co1sGI5EAGgriz0IAPSQ39VRZnvvydGGBLISpLrOmaSHZntdfJoA0FYWexAAOLWjzPLeqwypHKnbObPpq+ucSTay2l4X1xMA2spiDwIAp5JGKZOiqu+M08os+qOcNniEXoDsYrm9Lq4nALSVxR4EAE4hjZG1/WPlzfkob56z9wJkLsP2mrieANBWFnsQALivTPab7Y/5KHLfj3DC4BF6AfIs3V4XbQJAW1nsQQDgPrI8TeN/XplseYQNaWbvBTjqng29CABtZbEHAYC7ypj/ESZwHUEeprMPB8zeC5C/he010SYAtJXFHgQA7soGP/uSPRdmnxg4e6B0QuDNCQBtZbEHAYC7MNt/n7I6YOYlgrP3AoxsJGYnALSVxR4EAG7rwRPr/PcsPTPb72wmM/cC5Ejn7fVQEwDaymIPAgC38ein+WdrryD77G+/u1nM3AuQCZnb66EmALSVxR4EAG4qv5UjnOC2ijSk2+9wBrOfEeCI4JsRANrKYg8CADeRyU329p9Lvq9ZVwbMfFKg5YA3IwC0lcUeBABu4m//fVV+F+zbrJMC8xZdXc8MHA50MwJAW1nsQQDgU46wS9vKZp2YNvNkwKOc09CTANBWFnsQALjO7OOxfJDJm9vvdu++fjrvapNZ51+MJAC0lcUeBACuM/NYLL9IiJttKCDzTmaddGo54KcJAG1lsQcBgJaZx2H5rRmXBs6622R2ZdxeC78mALSVxR4EAFrs8388sy1Rm3nfCfMAricAtJXFHgQAKjOPv9KWVQHb73rPMmwx6/LTpy/tB3AdAaCtLPYgALA189grnzbyQXYKs5478fCHN+8/fn1NCADXKYs9CABsOejn2GabEDjrMtT8HW2vhV8IAG1lsQcBgI95+19Dhni23/1eZSy9uoa9m224ZTQBoK0s9iAA8DHL/tYwWy/AjBNSE6S318EvBIC2stiDAMCVmSdccXsz9QJkf/3qGvbu2evLlFVe0+oEgLay2IMAwBUz/9cyUy/AjM+psCNgmwDQVhZ7EAC4ks1LqvvNcc0yUz1BZca5KV86GbBJAGgriz0IAETWLFf3mmObaaJaTtmrrmHPcorm9jr4QABoK4s9CACEpX/rmmWcesZ5ABlm2V4HHwgAbWWxBwEAk//WNks39axnU9gSuCYAtJXFHmYMAPnMnI7Jf2ub6S11xqCaeRbV393q8rur7tdeCQDAIT1+Pu7hdh+zng7I/AQA4JA+fzTHZDUbVXEuAgBwSFliN8OeAIarOBcBADisPAu2z4e9yVBF9dmhNwEAOKwss9s+H/Ymh1VVnx16EwCAw8pGO9vnwx5Zsso5CADAoc2wZn3GkwGZnwAAHNoMh9dkxUL12aEnAQA4tCyz2z4j9ubBEysBGE8AAA4tG+1snxF7k16K6rNDTwIAcGg5Enr7jNibWc8EYG4CAHB4e98Q6MUbSwEZTwAADm+G44Grzw09CQDA4c2wEqD63NCTAAAcXmbZb58Te2MzIEYTAIDD+/t3+18K+Kd/2QyIsQQA4PC++Hb/RwMLAIwmAACH97f/7j8A5NyC6rNDLwIAcHgzHAokADCaAAAc3mcP9x8A0ktRfXboRQAADi/j69vnxN5knkL12aEXAQA4PAEAfuuQAcC2msDHBAD4rZEbZJXFHrLvd3WxwJoEAPitpy/fvf/p1b/HUyuLvdhVC7hiEiD8VnrLt7/DXspiLzkCtLpgYD2WAcJvbX+DPZXFXqRp4IqNgODXRg+LlcVeMruxumhgPbYChl8bfT5GWezl1VsrAYAPHAYEv5bl8tvfYE9lsSddakB8/XT/xwH//isTlxkjk+SzWu7j319vZbGn/NFXFw+sZeR657uqPjf0cI4hsbLYUxLOHx9I1bC6Z6/HLXe6C3uXMEp6ms7x91AWe9MLAGyfC3tj91JG+cfj88yHKYu9JVnbEwDWlb//7XNhb3585fwS+svbfybIb39/I5TFERwOBOuaYQ+ARz9Ztkx/D56cbzJsWRzFUACs6avv978E8Mv3n7H67HAqnz86bxAuiyPlBlQ3Bjiu0eud78KziZ5yFsboZX9bZXGk3IC/fmNvAFhFxjzP/eC7if/7t3lK9JE5MOca9/9YWRwtD4PsClbdKOBYZjgEKGwCRA/5/b+57ACrf3cjlcVzefiDOQFwdDOM/2dNdvXZ4T72tv11WTynpy/fXY6NVDcPmF/+xrd/93vz+LkVAJxOzpTIqpLt7+zcyuIeZJtQewXAsWS/8+3f+h5ZocQpZNfb9Gxvf197URb3JKkpeyTnwVHdYGAeMxwBHOYkcVeZO5J9LnL8/d4nu5bFvUq3XMYPs2ogEyn0EMBcZlj+F4YhuYl07actiuwbkRfWGVa4XCmL0IPdH9eWh+X2N7FHeYDPuAJghrkV7EtZhF7SCFQPL45vhtn/MWtQnenNk30oi9CL7VXXldP1tr+HPUpQqT7/ns1wuBL7UxahF+ur1zTL5j+Rz1pdw57NcLgS+1MWoScTrNaTZb3b38EezTr+f84T5ZhXWYSeHLO6luypv/0N7NWs4/+zBCz2pSxCT3nLygYZ1YOM45mpcZpx/D9mmV/BvpRF6M1Oa2uY6e0/Zhz/n2V3RfanLEJvegHWMNPbf05om3H8f6YJluxLWYQR/vHYksAjm+3tP2Gluo69y9/R9lrgJsoijKAX4Nhmm5g26/7/ez5shn0rizDKrG9dXG+2dekzh9EfX9kCmLspizBSGovqwcacMo7+6u1cs9JnDqIJLx9fC9xUWYSR0ljMOPmK2oyb0swaQmebZ8G+lEUYzbLAY0iDNNsb6ayz/8MEQO6jLMI5pPGoHnLMIY3ojEfSZhJddT0zePzcDoDcXVmEc8hkpuohxxzSi7P9Tmcw69kUCVzG/7mPsgjnMutSrNXNehrdzKdT2gCI+yqLcC4Zj/3TvwwFzCTfV763j7/HWXw56d7/MWuPC/tRFuGccrBJ9jevHnrsy6zj/ldmDpvpvdheD9xGWYRzS6NiaeD+zfwWOvPa/wSX7fXAbZVF2AO7BO5b5mtsv7OZzDr5L774ds45F+xLWYS9sD/APs066e/K7CtOZjtngX0qi7AnTg3cl8w+n3352czbT2dobNZJl+xLWYS9+fyR8wL24M9fzzvj/8rsb/+W/3EqZRH2Jm+cefBVD0TGyMSzrNDYfjezmf3wqa++t/0vp1EWYY/y5ikEnEe2aT5Ct/MRdpt0/C+nUhZhz+wWONZfv5l/zP/K7L+dDMFsrwnuqizC3uUAF/sE9JflZkdp/I9w7LTd/zilsggzePLinR0DO8o2udt7PrPZV5MkvCTEbK8L7qoswiwyKS3dotUDk7tJqDraOvNsmzv72//sey+wP2URZpLJabPP7N6L7I53hJn+W0eYPGrzH06tLMKMZj7ZbQ/SRX7E8+W/+XH+LaX/+OD5+0uprw/uqizCrHKI0Mx7vJ/DEbv8r6R3KI1ndd0zOdp8DPahLMLs8tZ3hAd/b5nlf4T1/S1HWTLq6F96KItwBGnYDAvUsrHPzOf430Sur7r22dj6l17KIhxJ3p6ymU31cF1NuvsfPFljLXlCTnUPZpPerO21wSmURTiijHOvOiyQJXCZ5LfKOvKjHCOd7+2IEzPZh7IIR5WHad6oVpkomDf+DIOstIHMEXb8u5I5DNvrg1Mpi7CCDA3krfiIvQJp+HNq3JEn+LUc6cAoB//QU1mE1Tz66e0h5gnkGtLDsWq3cUJPdV9mZOc/eiuLsKrsgpcu85l6BXJOfyb2HXEHv9vI2RDV/ZmVt396K4vAh2VkeaPc43yBdHPns2kkPsi4/5GGcrz9M0JZBH4tY+kZJkjvQBrf0ZPMsqQt8xUeP1+3e/86Rxr3j/RmbK8RTq0sAp+WSYQJBXkT//zRq8tgcJ+TCTNxL/+O7M6Xf2cae2/4n3akcf9I2NteI/RQFoH7yVt63uI+Zfv/43ZyD6tGdGZO/WOUsgiwd0cb9w9v/4xUFgH2LD0sRxv3D2//jFQWAfbsiGc7ePtntLIIsFeZJFk1oLPz9s9oZRFgj4424/+Kt3/OoSwC7M1RTvirePvnHMoiwJ7kfIOq4TwCu/5xLmURYC+yIdJRjvfdynWtfoYD51MWAfYgOyEetfGPHOK0vWYYpSwCnFsOY8r2yFXDeQTZNtq5DpxTWQQ4pyN3+1/JNW6vG0YqiwDncuQJf1dyeNT2umG0sghwDhkTrxrMI0nPRs4x2F47jFYWAUb7x+NjbvKzlf0MttcO51AWAUbJRLijbu+7Zcc/9qQsAoyQxv+IB/u0ZGXD9h7AuZRFgN6evf758o24aiiPKL0c23sA51QWAXp69NPbQ6/x3/rTv15cvLl8+a/vB5xDWQToIV3+f/9ujcl+VzLrX9c/e1QWAU4tXf7Z/a5qJI/MrH/2qiwCnFI29zn6zn6Vv/zn5fvLr+8JnFtZBDiFlZb4bf3xgQ1/2LeyCHBfGfdescv/ypMXxv3Zt7IIcFeZ7b7qW/+Vr75//f5W1PcH9qIsAtzFwx/eLLW8r2Lcn1mURYDb+PHVu4vPHq6zo1+LcX9mUhYBbiLd/V9+v9a6/us445+ZlEXYg6wbf/HG29ReZTe/vPFWDeGKcprh9h7BnpVF2IO//ffDRLJMKEsX8/Z/5zyypn+lPfxvIgcabe8T7F1ZhHNLg189ZC2tOo+s50/Dnz3tt9/L6hKGcn8+vl8wg7II55aZ1NXDNjLZ7LtnxlpHSMOWrWx19dcSiEz6Y1ZlEc4pjXv1sN3Kwzdvpdv/P/eXyX1Zy776kr7r5N5knsr23sEsyiKc023Hl/N2mrdUx63eXxq0nNan4b9ezjUwHMXsyiKcy03f/itptNJ4mTB4O+nCToBaedve28oKiO19hNmURTiHjDefqhHKvyeNmvHZWu51GrGrlRbc3IMnjvflGMoinEMa7OqBe19ZPZC5AoYIPhzQk2WVuvjvJj1M23sKsyqLMFreSEfMNM/qggSNVSZvZSOlhJ80+pbw3Y+1/hxNWYTRer39XyfDBNm9Ldu3HqV3IEMe6drPm6oG/3Ss9eeIyiKMlEZrD+vMEwjScOaNeZYegrzhZ+JkgoxJfH2k8Td8xBGVRRgpjVf14D23LPXKkEFCQXoosuzrXA1B/tt5s8/a/Ezcc/LeGOn29+bPUZVFGCVv/2loq4fvXmUCXYJBZGw9jXJkKCEN9ZVMuNtebyREfPzPRd7ir/49kRP28u/XjX8+Gn+OrizCKHt9+2dtCXYaf46uLMIIGb+e7e2f40vjv/2twhGVRRjBJjTsjXX+rKQsQm/Vcb9wTpl7sf2dwpGVRejN2z97ovFnRWUResrs+OohDOfgSGlWVRahp9se9ws9ZAKqU/1YWVmEXu5z3C+cSvZXcGw0qyuL0Iu3f84tGyzZ2hcEAAZKd2v1QIZRsvHU9ncJqyqLcGqjjvuFivF++K2yCKd2juN+IYz3Q60swil5++dcjPdDW1mEU3rwxNs/4xnvh+uVRTiVGY/7ZW45rtl4P3xaWYRTcdwvI+UM/4TO7e8Q+K2yCKfg7Z9R8tZvS1+4nbIIp5CjVauHNZySt364m7II9+W4X3pL71KWl25/e8DNlEW4L8f90tNnD19ePHvtrR/uoyzCfXj7p5e89WdZ6fY3B9xeWYT7yJhs9fCG+/DWD6dVFuGuHPfLqWUXSTP84fTKItyV4345lSztS3d/tpL++DcGnEZZhLvw9s8pZJw/G0jZwx/6KotwFzl4pXqgw019/ujVxYs3xvlhhLIId5E3tq++f33ZdVs93KEl4dGRvTBWWYT7SBBIF65tgPmUzBl5/NwEPziHsginkO1ZBQEqf/76hZn9cGZlEU5JEOBK9ojwxg/7UBahhwSBL79/fbmuu2ocOKYEvy++fWUTH9iZsgg9ZV13un/tGXBsCXpZx++kPtinsgijPH357nLpV9WAMKcEO+P7sH9lEUYzPDC/nAD55IWlfDCLsgjnlEliGTO2n8D+Zf3+wx9088OMyiLsxaOf3l4OEVhBsB8afTiGsgh7k4mDCQPpZq4aJfrS6MPxlEXYs4SBHDz09+9eX/zpX1YS9KLRh2MrizCTrC//+umby01mqoaMm0mYytwLjT6soSzCrD7uHfjsoUBwnSzXy33K0IoT+GA9ZRGOJEvT0kOQyYTZg75qDFeQQJSlllll4ax9oCzCkaXxSyOYo4szqfBoPQVZPpnx+3Tn5xqtzQcqZRFWlG7wNJbZvjZvymlE9zrJMBsmfdzIZ9hDQw/cRlkEfi29BmlgI41tGt3IKYdpiK/cpTfh6o39Y5nQePXfuJJei2ydvP1sAHdRFgGAI7v43f8Df0ALmCKDJIYAAAAASUVORK5CYII=Web APIGE.PEllipsefalseAnyAnyfalsefalseSelectWeb AppWeb App for ContainersTypeVirtualDynamice8c6c66c-d75f-4ddf-bc22-3dad2a5934dbListfalseSelectTrueFalseAzure Web App Processes XMLVirtualDynamic049c845a-28c2-46f8-bda2-971ff7df9bd4ListfalseSelectTrueFalseAzure Web App Processes JSONVirtualDynamicd69db950-2372-4bd3-8328-f751f0b04c03ListfalseSelectAllow access from all networksAllow access from selected networksAzure Web App Firewall SettingsVirtualDynamic327ab565-9b38-4f6a-8171-6ab7deb2246bListfalseSelectTrueFalseAzure Web App CORS UsedVirtualDynamicf6b0309d-2020-4c3f-838f-5ab8ea0d2194ListWeb application built and hosted on Azure App ServicefalseSE.P.TMCore.AzureAppServiceWebAppCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRQAAXEUBuS1iLAAAR6FJREFUeF7t3SHYJMeRoOEFAgcMDhgYLFhgYHBgwQGDAwYHFhwwNTiw0NDggICBwYAFBgsEDAwMRBYIGhgILBAwMDAQEBAQMBAQEBAw0c33z9ZM/TnR/Vd3V2VFZH7gfR47Jc1Ud1dVRmZGRv7D999/L0mSJhM2Ssrpb9/+/ftPv/zurY//+u33v/7T12/96o9ff/+z3321q19+8u7PX/voz9+8vY4vv/n768uLr1lSTmGjpL7+8rc3Heknn7/r0H/+h789dcD//O9ffv8PH35exk9+++Xb4IGAZPk8f/zi26fPSBDTfn5J/YWNkva37uD/9T/edO7//TdfhJ3oDH760Vff/8vvv3r6Pn772ZvZBGcSpH7CRkn3Wabo6dR+8bGd/L2Y9eC7WwcHzhxI+wobJb3ss6+++/73f/n2+w9fd1J29H386NUXb2cNWFJwxkC6X9go6bnPv/77U9IbU/fV1uRHR+C1zBawxGJQIG0TNkoz++51/7FM4zPadGRfz3/79ZuggNkZgoJvvnv9ywa/tTSzsFGaCZ0D2+nY7uboflz8tgQELB0Q5K3vAWlGYaM0Ml7+dAJ0Bnb482IXwhIQtPeINIOwURoNCXuvPv3maVo46gykJY+A5Z/2/pFGFDZK1THKZ1qfrXiu4etW5BBw77DLw/wBjSpslCpinziZ+lTQi17q0r24p7i3rEWgkYSNUhVsz2Nq37V89cJSAcWJ3G6o6sJGKTNevKzV/tO/2enrXASeBKAEou19KmUXNkrZLNP7jvSVFYcgEZg6M6AqwkYpAxL5SMJyTV/VsEzAvWu9AWUWNkpnYl82JXfJxI5erlIV3MPcy2xDbe9z6Wxho9QbU/yspbqur1Fxb3OPu5NAWYSNUi+M9tlvHb0wpVFxxgR1Klwi0JnCRulIjvalNyhSxRkU7iLQGcJG6Qisgzral2Iku1qGWD2FjdKeOI6Vg1eil56k59jqyg6C9jmS9hY2So9ibZN9+07zS/f50asvnioOehaBjhI2SvdifZ9iKB7AI+2DZ+lXf7TAkPYXNkq34uXk3n3pWOTQ/OVv5gloH2GjtNXS8UcvK0nHoNKgCYN6VNgovcSOXzqfgYAeETZKl9jxS/kQCLg0oFuFjVLLjl/Kj1oCBgLaKmyUFnb8Uj0kC/Lsts+ztBY2Suw9/vBPX5vVLxVG8G4goEvCRs2LAj4UH3EfvzQO6gh4CqFaYaPmxOlkVu6TxsRsHrN6nkCoRdioubCNyFr9Y6B8LBnhEV7+VGncguNqoz8DLgvVxj3C+Rzte0DzCRs1B44gJWs4ekkoh6XTXTrvP37x7dO+7yz14ck453rA2Q9LAMHa83LtdDjRZ9O5+G08hnhuYaPGxhSgCX7nI8+ClzCjbTrNV59+87YzbX+zEXAcNAEMn5Uz8A0OcuBd4IFDcwobNS5ewK7z90Unt3TyfP/u037fOjhg9oAjcaPvUsfgHvUI4vmEjRoPGcBO9x+v7ezNvH4MsyHsSiEoME/leHzHBqjzCBs1FqaWne7fn539OZgtIN+AZQSDgmPw3bosML6wUWNg9PST3zqVugcCKDv7vLjXWcs2INgPOSouC4wtbFRtRO6W730cwRMFVOjw2+9YeZHkyjY3fjtzCR5H4GvAO6awUXXRWZlZfR9G+eRJML1s+dRxEBBT5IppbWfE7uNswJjCRtXjqP8+jvLnQ3BHkMc2xOie0GXOBowlbFQtjvq3c5SvNQJnRrbukNnO2YBxhI2qwVH/NnT6H+DDL9zipIvIHWCpgKN03TXzMmcD6gsblZ+j/uvo7KOXON+ZI39tQSIhAbYnY17mbEBtYaPyYpTCmnX0MOrNaD9qXyMznNmT9fcqXbPMDET3kz5/+m58puoJG5UTB3e4rel9TO9H7dcwfemxqLoVU95UJnQ3wfuYXTOZtpawUfkwzeZU5L6Y3m2/Z2kr8knYWuhz+RwzlAbXNYSNyoMHyUS/d1jbj9rvRWW/9juXbsUSAbNK0T02IyoymmuTX9ioHBhhONW4bV3/ESYxaS8sERBUmqD7JkHQJYHcwkadj33qs29F6vX5+Xt8UWlPzNwRWBrAf/50RkP7/SiHsFHnIZN29qIkZwQ+jFasEaAjEFzOvjxA1UVrBuQTNuocZPnPPGI4e8bjn/7tS9ctdRieb/J5Zp3ZY1mEUxvb70XnCRvVH0VHZs0m3jux7xHWCNDRZs8TMPE2j7BRfb369JvwQdE5mK5tfyNpb0ueADNP0X04Mp4xA+3zhY3qgxfAbNXFmP5kGvTfP8sd9LC/u/29pKNQXGi2GQE+72dfuSRwprBRx2OteaaqfixvUCBknQiUPTGKmZnlWqWjMSCYLRBgQEANhfa7UB9ho45FIsws6/28zFjzi6b7CIKyJ0T5clJvPCs8MzPlBBlsnyNs1HGI8KMHYESM+F9a58v+fRCgmLmsMyyBwCy7BlgaZBZk/R3oWGGj9seNzbpydOOPhql9tjy138El2ZdCGInd8nmkPbFsRjA9QyBgcmBfYaP2xQ1NIYzohh8J2cxsZ2w//0sowJP95cZns5CJzsT9N0PSMAMC63H0ETZqPzMk+9F5s4b3yPQd5UKjPzsTawQoA5akRn+nkDtkZc7jhY3aB9PGo+/xZUSyx8iY4KHCd8UUpeuUyoD8mZETBRlY3DOjqO3CRj2O/a0jP5wc97n3Hl5qpkd/VzYEPe21S2cg+B79uHACnfZzax9hox5D1Dpqwg5Tc5xU2H7mvVR5mZGU1V67dBaCcYLy6F4dgYW5jhE26n6U9oxu4BGwTn/0GniVpQC4d1nZEJyPOvPo8tv+wkbdhz270Y1b3a3b+h5FklN0HRkR8LXXL52JIH3ULccGAfsKG3W7EdfhmO5nXb79rD1U2BUAlnrO+o6ka1gWGPF4cZY63I2zj7BR2xGNEpVGN2plP//D3059yPheq7y8CAI81EQZ8RyNOBvgltx9hI3aZsTOn/XDLNPaFQoELawWqMyYpRrtkCGDgMeFjXrZiJ0/nydbtTsS7aJrzYjkRSuYKSs6y9GWKgkCrNB5v7BR143W+Wca9UcqbW9yVKLsRpsNMPC+X9ioy0br/DmjIHsEXeHY4DW+U+6T9WeQMhltNsAg4D5ho2Kjdf6V9rGzvzn6DFmRRNl+BimbkWYDDAJuFzbqfSN1/jzwFbPW6VSjz5OV1ctUATOAo5xWyrvNQ4S2Cxv13Eid/9nb+x7BdVepErigOFT7OaSMqtTeeAk5TQYB24SNemeUzp819CNr+PdSqUrgwmqBqoIlgRFKCbstd5uwUW+M0vlTUGekh6FiyWWrBaoK1tFHOFjInICXhY0ap/Pn6Fo+y/qzjaDamiUzMMxetJ9Dyoh3xggVBBn8uC33srBR3/8DHWd0Q1Uy8jnaRPbVpipdm1Q1H/+1/tHm1ua4LGycXfXIl45mhtHmJ5/XO3qZLGWnJVUJy4fVDxViNnfEmdBHhY0zq36kL9HuTB1MxWImrE1avnQO/M4E4yAPhPfLgk6Jpay1vWa1+HPaP/tXf3z3d5MQvFzXlvcFI+jqs6LW5nhf2DgrpsyjG6eKUdf7r+HzVhydOC1ZH7/fumNnG93S2Ua/eQUk/3H9dJZ8Jt6J6yCh+lZBBgzL7ycDgLfYqhXdMFXwsLafaRZMUVZcp3RasgaKZrEWzjPGb1Z9OvwRBK58/g9+Hf/zCghi2t94VmHjbIjgqya6MNXHWnj7mWZTNYBzWjIPOnruIzp6RsHVik719MGHX5RODqxUBv1IYeNMeOir3si8oCx28U7V5E2nJftjNwbr4NwzI+x5P8sPd8pZOIMFuiYPAHgJ7JV00xtTcSaSPcd0etWX+cxLOEdj/ZqXPUlwldfns/rHV3VnSmYv0BU2zoDOs+oUH+uQJpDFeNlXDepGrtvQ09LhM7PiNH4fVb9nZn8rHoy2l7BxdJVHijNm+t+KqD767ipwWvJ2dvg5VP3uue5ZZ1PDxtFV3DsOpjDbz6IYU+rRd5gdI5LZpyVfQgBM4ivr93b4ufzj69+j4g4BBoQzDqzCxpFV3evv9PDtqq73zj4tGWGUT9Iey1/Rd6Y8fvjqi6ddAtE/y4yAsr3vRhc2jqri1DCdgdPC9yFPouoIkTyG2c8N4Hll1mvmffdV8d6qOBMw20ArbBwR2+WqJYdxvU4HP6b6Nk9Gvu1nGhkFd8hzqZrIqXd+8Pq5+0Gx35F3BZUP2/tyVGHjaBgJVhtFOALcD51K9B1XwH07+o4Pglzycuz0x1MxCOA+nCXwDhtHU23d0M5/f5VrmFPzYbQEJWZmWHPldMToM2scT0FAsVm4EZ+5SNg4EtYQox84Kzv/41B2N/rOKxjh3ACW4QjEzNyfD0mB1WZ4ZijTHTaOgqzh6IfNys7/WHSgRPbRd19BxSCA5QueQxP5RBDADoHon2U1+pkBYeMIqp0QZ+ffB2t7laedq5wbwBQ/11o1AVPHqBgEjHzYWthYHaOkSiMOkmTs/PupvDMAWYMAR/vaoloQwOBs1EPXwsbqKlX6oyPyON/+Ku8MQKaqkI72datqQQBB7YhJgWFjZRTNiX7AjHhh8iC0n0F9VN4ZgDNPEORlSNEUR/u6F+++SomBVZbfbhE2VlVp3Z+bHySltZ9D/VB0Jvp9quidpMShKQRO1TK6lVO1OgGjzdaGjRVVW/dfAhU6oPazqB/um6onQy56lIomR6XS0prqIJhkMBT9s2y41pGKBIWNFVV6Of1wFfGeOY2rNxjVVt+bflQQwIin6qFKqqNSPgDPQ/ucVBU2VlNp3X/d+YOs6fbzqD9GuJWT2Lj2vc6NYFaE+9KCPeqJo4Sj9oxGGbiFjZVUWveP9p972E8ejHbb36eSR4MAtvHxYnN9X2epFASw+6V9hqoJG6uotO7/o1fxdY66v7Qqkuqi36kKgoBba0rY8SuTKjNPXGf1g7rCxio4TCT6YbK5VnmOIGb9mXS+6jsD6Mi3BAF2/MqqShBQ/byAsLECzmyOfpBsrt3IjNbaz6XzjbAzgHvr0rnmdvyq4MdFZnd77MI5StiYHS/oChHiSy9YPkP72ZRD7Z0Bb+47tlb95yoIsONXNRWeQYLtqku5YWN2Fab+uSmi9jVGme1nUx481NU7S4IAZgL+9++/KlVwRQL3b4VnsOq7PGzMrMrU/5bCFhzv2n4+5UJWffTb1WLHr7rIoapQKKjilu6wMasqU/9bRv8Ysbb0iCrVmXiZwYDqqfLer1YlMGzMqsLUP7Wto/YINdXbz6icWDuPfsNalnvTIED1/LhAEFBtVjdszKjC1P+ta1V0Ku3nVF5Vtp1Ko6owE1BpV0DYmE2Fqf97ElUMAOph32/0W0p6DO946uyvRf9e9nMD6AvYRdS+OzIKG7PJPvLauubfMgCoh2CUab7o95RmRae3dNq8r3m3gfLazN4ueH7Wz9M9/uOv3979zu2lyimvYWMmFab+770ZPQioJvbT//O/95qRyv2i0xyWDp7E5XXHflYp3I9fBwHRdWbCNbbXnU3YmAXRYr8X7X3umfpfVK4gNbsRjhCWWrxvWeZad/LtvZ8FSdTRZ8iC7YtnBUhbhY1Z/Paz3AezPNL5wwCgNrb8PHoPSGdY1tvp6BmpVj3Z7lKeQBbZt3qHjRkwwsq8zrPHtRkA1MehO9nXIzU3glTyVujs91qHz4J+4tphaxlkPvI9bMwg+4lse1SmMgAYAw+4QYCyoCztr/74ZmRfrTDNPbLnibGskjXoChvPlv0H3aumugHAOPgto99YOhKBJ6P7V59+k3q9/mgEPNH3kwXL2e01ZxA2nil74t8Pd1zzNQAYS/acFY2BEf4ynd/eg7Oi38h8hDfLMBlrA4SNZ8r8Et17mtcAYDzbM5NdMtA2DIgY4bLUNNL6/d44vTPzUhz1EdprPlvYeJbsiX97n0hlADAmMn+j31vagtEi9xBr+BlHjZllX4ojabi95jOFjWfJnPh3RPnJrOtCegyjNKsF6hY/+e2bUX7V7XiZZO5HWKZor/dMYeMZMif+7ZX012Idr/0eNIbsuSw6H50BgwCmrtv7R/ej+E7mIl2ZZn7DxjNkflketc/U44DHxotoz6RR1cbyJlX26ACc2j8WMynRb5AB/UmWXI6wsTdKTkZfVAb/98D13OxVovS4//zyu91zR1QHnT5T0qznm8DXV+ZSwSz3tNd7hrCxJx6KrJWcmEbi5Knon+3BAGAOv/n0a4OAyVCilpF+9lrwI6NvyboUQGCYYeknbOwp87Y/8hKOLDDBS6L9PjSWf/3EHQGzYBmT95nT+3lkzi1jOai93t7Cxl4yj/6XPZtHHjZhADAuRn7Zy1nrcYwwSeY1kS8v3uXRb5fB2dsCw8Zeso7+eaiX9boj6xLw9/B3aCwkIGWdetTjGLTQqWTb061Y5qWAs2cBwsYeMhf9WUpsEtVH/3wvfP7l+9AYqMme9b7WY6jtQDJf+5srP6ooRr9pBiTBt9fbS9jYQ9bDG9bZmT12J5gkNAYCWov/jIfRPtnkM5yqN7qsFTrJHWmvtZew8WhZR/887OsOmdFc9O/tybXD+hhdZM1l6WO8z06RHkf7Y+HdnvU5PWsWIGw8WtbRf1uhqUcSlyd61ZZ5r3Ff9YMAavCztm9QPq6sSwFnzQKEjUcicSb6As4W1WjuUZ3QUUZNTAlnPn70HDWDAH5Hgv8l8VdjI/Euug/OdsYsQNh4pKxffpTR22OZwgOB6iFoY7QY/Z6q8b3wbLMm7Gh/PgTvGZegz5gFCBuPwtp/9MHPFpVl7HWt0d+tnBghZk0kyiVvEEDgxr59nu/299U8si7d9Z4FCBuPknHtv038W/Q6TILM8fbvVj7MEHFka/QbKj/2gX/052+c5tcT7oOMCYG9ZwHCxiNkzfy/dDQj07zRv783OpX271YuROVO+dfEC9U8G0V6veNv1XMWIGw8QsbRf5T4t+ixBXDR/t3Kg+ni6DdTbuQaucNGL+mR6H2rnrMAYePeso7+r5Xy7Fk/2iIj+bAsdE7CqjMNjzCxT7fIuiut1yxA2Li3nqPprV6qwdyzqht7U9u/X+ehAzl3vd8g4BYsz5DUZWKf7pExsffa7PSewsY9ZUy2YDbipZdFzz3eJCe1f7/O4Xp/HUtGv+W09YiKM9R7CRv3lPHEvy1b73qeHuVWwBxc76+BlzUjfjt+7SVjP/XSLPUewsa9VB39o+co8Ge/cyvgmbhPPbs/P55dgmWn+rW3rNsCj84PCxv3kjGq2lp5L/pvj0Kw0f796oNRpCV9c7PjVw9VZ6sfETbuJVvhFCI8Ir31NUboFKL//ki+3Poj2a/nUo9ux24cnw31UHnG+l5h4x4ynrq0dfTPtEv03x+pdwnI2XF/muyXF5nZbo9Vb7yHo/vxTOyia69zL2HjHrId+kNxhS2jf5yxN/TIH1nPsesi+g10vl/Y8etk2YoDbZ25vkfY+CimLKIPcqZbRthUEIv+jCP1yPhUzoqUejPV+fGFstxSTxlnAbbOXt8qbHxUtpOWbi2teEYA4JkAxyKCzjYrped++Jv4YC6pt2yzAEeVBw4bH5ExkeLW9fUzAgD48juGmf51UIHzqOlOaauMswBHnG0RNj4i2wlLBCPtNb7krADg1kBFL2M92WN8azEIUAbZZgGoVdJe46PCxkdk+9LuWTs5KwCwIuC+SObMNhulbSiO5YyYzpRtFoA8mb2fibDxXtlOVro3e/KsAOCodZ4Zuc2vPp4HgwCdaYQB7TVh472ynap075d1VgAAX3iP+/1fvn2KlqPvV7UYBOhM2WYB9h4kho33YOtfppfuI3snzwwAzAN4TMajp/UYgwCdKVu10M++enoYwmu9Vdh4D0bb0cWeha2I7TVudWYAwIl07fVom4znemsfBgE6S7a+jfdce433ChvvkWmt5NH6yWcGAJ4MeB87//EZBOgM2ba275kMGDbeKlvy36PZ9BwSE/25PfDjugVqO74rC/zMwyBAZ8hW3I5y5u013iNsvFW2L+fRWuJnHAa0Zh7ANnT+7BmPvkONyyBAvWXLceMZaK/xHmHjrTJNj+xRU//sAGDPNZ5R0QFY3W9eJGZ5aJB6ynaOCDPv7TXeKmy8RbZjf/cYPZ8dABBQtdekd+j8M+Wc6BwGAerpzKXhyC8/eTxhPGy8RabkK14I7fXdK/rze9pzq8dIeOFb2lcLgwD1lCnfaI+BYti4FWuwmdZF9qySdHYVObcDvo8XfbY9uTqfQYB6yTbjzY619hpvETZulengn0e3/rXOHmXuleQxCjv/I90T7OYJ/GEQoF4y5bw9ugwQNm6VKQN778Q59uNHf09PvtDesPPXFtwjeyRGSdcwOxvdf2cgGHlk23jYuAWj7eiCzrL3g8/Ri9Hf09Neez0rs/PXLVi6MwjQkbL1fSxLtNe4Vdi4RabyiEdMlzO1Ev1dPTHD0l7XTHiRZ5puG90HH34xRIKlQYCONsrsd9i4RaY92Jz+1l7fozJM8+yd11AJL3CP8+3nx//25fdf/de99r8SLH89invHnTQ6SqZTArnX710GCBtfkmkK5KjSuQQV0d/X24zLAHb+/fA9RwH0v35Sv7wy74ZHpkelS+hzMs1O3nufh40vydI5grX69vr2kGW7x2yHA9n598Ms3rVEU56BTNt872EQoKNkKoF/7zJA2PiSTOsfRz3cvBijv+8Ms+wGsPPvZ2udiRF+E4MAHSFTZUCe0XtmwsPGa/hLsowKHt0C8ZIsn/PVp+MvA/Aw2fkfj2fm1rXxUXZiHJErpLll2C6+uCfIDRuvyVT8Z49ayNdkyYhmqra9tpG41a8PlsvuPUVvlPMXDAK0p0zL4fcsA4SN12Sq/X90lm+mus+MkNvrG4Gd//GYWdmj42O2bYTjlw0CtBcC40wz4u31vSRsvCbLNC2j8/ba9pYpyWPEswHs/I/H7NHewWOmQcC9ZlhWUx+ZgmJydtrruyZsvISDB6K/9Aw9OkS24EV/9xl6BDw9eaTv8Qhgj8qRyVQO9V4jBtXqL9MywK33dNh4ya/+mOeh75EZnyngwaMnP2Vh538sZul63CuZXnz3MgjQozItA9y6bTxsvCTLdG2vpDh+2OjvPws5Ce01VmPnfyyejZ7VI0eoFcBMSfu5pFtkWgbgHbu+tmvCxkimPY891+8yrVHzoq1cGpjp6EzbZkbDDN2R22IvGaFWwCP11KVMs2Hs1Guv75KwMZLp8J8e0/+LDKcCrlWessy0q2IkdL63PPRHGCGhkyDgjABK9XHfZJkJuyWYDRsjWV7evZPhMgU+uGerRwYjZI5nxPOQZYvoCMs7TOUaBOgeWQaLt/QRYWMkyxRf7xFwtkRAcBJVe52Z8ZtFn0OP4YWTrbPieqrXCuD6b1lHlZCpSN7W7YBhY4s/LPpLztD7iE9eaNF1nIkXVHudWWXaSjkKphqZmWq/60yqz/gwk2EQoFtkWgbYOlAOG1tZpsFZY2yvrYeM05o98yDulSkiHsU9tfzPUn3mh+e+ctKt+suS5Lx1O2DY2Mqy/n907f9LMo5myPhurzOTEbaHZcNDXW1UWr1WAIOOCsG2csiUM7blXRE2trKs/59VCCfjNDYjwXvWf1nOoXNmdAY6FWzprPl3ln+foJD/ni2Z/C7rm22EbWHZbJ3Sy6h6MEgQMOpZHNoXwWJ0D51hS38ZNq5lWf+nQzkr4SnTj7r20jowLy1GYMwW0GlHf8aeCEooROPIfz/c9/cc85lN9aCQa+cztJ9LamXZDrtl0BA2rmWZ0rhlb+MRMu5xbmcB+N+su5Md7gi8PtagR5p+5rNkfI624pmqkn+h82Qpmc+gr722Vti4lmX9n5Fse209Zc1q/s2nX3/PEoVFdsYy6lY0PlPlWgHMbo0wI6PjcH9E905v3KvttbXCxrUsI8mzR0JmtKuX7Amej2KmqnKtAF6s1WpxqB/u7yzLoC8tW4WNiyzr/0wbttfWGyOX6NqkPTGb0957o6peK+DsWUnllWVG9qU8sbBx4fr/c5WnLpUbM21n7XI5E4lK0fdRxUwBm7bLsnOMQKS9trWwcZGltnGWSDtLcofGMvs2s+q1Aipv0dQxsuwce+lcgLBxwUEj0R/aW5ZM6IznAqg2MnVHTPa7VfVaAWcVKVNeWXa8XOs/w0ZkWfPuffrfNZmSO1QfS1vrbZyzI+eIEUv0XVXg76m1CjvowkZk2cqQLSM6y7KIanspOWdWjFYq59qwu8EgQKiQQxc2ghKv0R/WW7btNm4H1CPcQvYyZh8r17WgGqbLOsqyi46Aur22RdiILA9gtgdp/2UAlxTuU+97Y03QcrLbVU665aVrEKAMdXTory7NSr3XsMiwFpdp/X+t8uhE56BD8GjZ27F+WTXvhoAvSwKzztHjDJYtLg083msAL6roD+kty/7/VvVtS+qLvBHXhe/H7puqZ1s46zO3LHUuWLpurw3vNYA1yugP6S1rohRTe+4G0BZuD9sHI+ks25JvRfBiEDCnLFvHP7xQq+K9BvAvR39Ib5lP3qpcy1x9kEjb3je6H4F3linVWzFg8BCh+XDPRvdDb/RX7bXhvQZk6NyuJS5k4DJAVjlmZq7tvdVjmFWJvvPseKddmorVuDJsa71UEfC9BmRIALy2dSED8iRcBlDLkV4fWfZY38PgcC5ZAtZoV8qz/wNG3dF/3FuFI1EtCqQ113r7ItCqmhzo8tA8shwMFB029uz/gBdY9B/3ViFK9mwALWY/0OcsfOdZaq7fqsIgR48jly36/XuLkuqf/R9kqXRXZSRVNTNZ+3GP/7mY2qT6XvTbZOf5AePLkggY7Uh69n+QYQcA03rtdWUVr0WaGzALT/PLgU6UzjT6jbLz/IDxZRgoRnl1z/4PMqxrE82315WVyYDzoiKkL+5cqiYH8nI2kBxXhuqx9FPtdT37P8iwZaFa8RSTAedjgZ+8qiYHMkq0dPCYslQEbJcqn10kMoxms1YAvMRkwLnwMLf3gHIhObBifg5bsHvkPzFzxXsL7Ejgnl4jc3355ya3Pi5Ldd22uN6zi+SHjv6j3qrtoyZqd91/Du7hroMp9YoVO5m9oONtP8+9+LMYVDFT+UhQxH/Ln0HAwJ/p8td2b/qI+HvtqS1E9ewi6Xij/6i3ShEnD0GGZRMdywI/dVU8Vpj7jVFj+1m2oLOhw++xM4IAi7/LWYKXZViWamcvn11ghgSaKFEhs6plSbUdD27mcyn0MkY+GZY3b7V1xom1XV7uZy578HezdOCW2FiGrartCbvPLjBDZxZtVcgqS4EHHYfO3+p+Y+B3zFDm/FbtqG2NWamMSchc057LGCPIsE2Vbcvra3p2gRnWy7hx1teUlVP/47PzHw+j04pFg9qRG8sDFSog0uEYCLxBIBd9Rz21hwI9u8AMHdqlc4uzIREmun6Nwc5/XATvFYsGsZf8T198VzKAMRDIc4LsOnnz2QVmSFKocFwmCS8V1xO1jZ3/HDLkPM2GIGbWHAECoOg76W2dsPn24ogKon+5twovXqLZ6NpVn53/XHgpZxj4zITve8bttFm2Aq53M6W7uOzlMLMUdND+WFPlOWh/c42N37xi0aDqWMqYbTYgw8wxM1/L9by9sAzTExW2AJr4N6YfvB6V2PnPi4FHhnrtsyEpbaYtthkCzfUx1G8vLEOCAiOw5XoycvQ/rg8+NABQnprtM2HgR/2A9rcYUYaddusdJW8vLENWe7tHMRtH/2NjBNj+5poPgb55Af3NcMBWhlo763727YVlKJfZ7nXNxNH/+BiJWMVMIFPavID+MvcBe8gw0F4X23t7YRnWvzLXAHD0P4cqdSh0PPMCzjFyEJBtqf3thWUoLrHOTswky/5NHY+kpHWhDMm8gP5GDQKy9CXL9by9sAw1srMWAeJmjK5XY5pxj7KuMy+gv3W2+ihYWoo+a2/LIOfthUX/Um8Zt4PwRVn1by7rNTJpYV5Af1lnhe9FjlH0OXtbdjy9vbDoX+ot4zYstqdE16qxefyvIuYF9LeuXDeC6DP2trzfni6Ijjf6l3rjWrKpePCGHjfi9KP2Y15AP8zAruvXV5dhuX0Jqp4uKEMAwPoa15JJlvUa9Ze9KJXOZ15APwzE2u+/qgw7ypY8p6cLypCZmPGF62lhcxtp1KFjmBfQD7Mu7fdfUYbD5KhHwLU8XVCGACBj4pWn/s1tlBeOjmVeQB8sBYxwUmeGXWVLvZOnC8pQnCBbGWCz/zXStKOOZ17A8UbYoZOp6u7TBWUIALLVYbf0r2BpYN2C2VTzAo6VtV7MVhkCxWcBQKYLyiLDoQ06X/WXjfojqdrdQ8epXq0zw4A7XQCQrQY7SYnRdWoubgfUPeigHEQcp3KBoAwBAMcScy1PF5QhKSFTwhVJPdE1aj7Zj6hWbr+zkNghKs8CZMq5e7qgDAEAFfe4lgwokhBdo+ZDImh7f0hbuZX4OFVnATLklz0LADJsdyMq4loy8KHV2ghbj3QOjxE/TtUdARm23S87nJ4uKEMAkKne8y8+dk+v3skUnKoO6q1H95P2U/GcgEyF954uKEMAwJfCtWRg1K41EwF1D5MAj5dt+/gWBgCBLAEAiSXR9WleFV8yOpeFxPrgO66WDJjh7B0DgAs8AEgtKwLqVtSPiO4l7a9arY4MAcCS3Px0QQYA72SYnlEuGQ+qUm4ZdlbNIlsRuZdkOn7/6YIMAN4xclekvU+kazKc+T6LjEfJX2MAEMgSALgFUBEe2vZekSJsG43uIR2HHRft75CVAUAgSwDgiV6KVHrB6FyctR7dQzpOpaJABgCBLAGAa3eKZLk/lZ91RPrjO29/h6wMAAIGAMrMAEBbWUekv5/8tk6irgFAIMsUqwGAIgYA2sL9/+fhELf1b5GVAUDAGQBlZgCgLUwAPE+VMzsyBAAWArrAAEARAwBt4Umi5+GUvfb3yChDkGgAcIEBgCIGANoiw1nvs8p0pPw1vEui6+/pWQDwL78/PwDIEr0ZAChiAKAt3AJ4ng//VOPQrnQBQIZOL8uRqwYAilgHQFvQCUX3j47Hu7v9PTIyAAhkCQAsBKQIiTvtvSK1HECcxwBgOwOAC1zDU6TKFiOdywDgPFUCgAznzTwLADJMWzHy5lrOZhavIu19IkUMAM5TJQDIMMhcjjh/uqAM095ZAgD38aq1RMvSSwwAzlMlAMiQKMrOP67l6YIMAN5hqje6Ps2rUplRncsA4Dy//KTGLoAM/e1ydsLTBWWISH71xzw/nqU8tVbpoBGdK8PLfVZZBpEvoa+Lrr+nZbbk6YIyrElkmr7xMA+tESC394gUoRhNdA/peFUKAWWYJVpqJjxdUIYAYFmTyMBpPK2RGNreI1KEgmbRPaTjkV3f/h4Z/fwP5/cvy2zJ0wVlyHzPtM7628+M4vXO3761BoC2ybDHe1ZVqnVmKL1PH8e1PF0QVc6if6mnH7364umCMnAngBaZ7kvlR7AY3Uc6XpVaHWzBi66/p6XuztMFZTqfOAPP9NaCczLa+0O65r//xndHb5UCdbYVR5+hp+XsnacLyrL1LdNUq4mAQpXMYuWR4XC12VQK1DMEiMtyyduLiv6l3j7/Ok8AwJ7S6Bo1F5aD2ntDusYDgfqrchJglsH28l57e2EZpiUyJXFYEliu/+se7gToL8tx8i9hkBtdf2/L4WZvLyzDlPeSmJCBeQDKVJtCdZgI2Bfvad7X698gqyy7RJbreXthmbYmZEEFuOg6NYdMAalqyfA+nUWmGjIvyVBzZz2z+fbCMlUnyiLDj6XzeASw7mVFwH6yDRyvyVAqmtn+5XreXliG+sTZaq7TAbgMMKdKowrl4zJAP5mSx1+SIbmcSoTL9by9sGyRSRZO5c3J6X89ynfH8f7nf51rX0WGMsDrUxPfXliG6W72Ry7XkwX1paNr1bi4D6skFSkv3x3HY/dapaW6DMn269omby8sy7a3bD8mHQFJE9G1akxVzhVXbr47+iAIqFKvI8P9sJ7dfHthWfYnZvwhLewxF87GaO8B6R6+O/ogVyv7aYAEhNG197aut5Pu4jIWdCChx2TAOWTMQ1FdJgP2RTJ7+xtkkeWQuXXS5LMLzFANMOuWjgzJGzpepS1FqiHDDquZkHyZMS8gS07IOr/p2QVmyFrNGsFlqeCk47A+t344pD04g9hfxryADMtBbaL9swvMUAwo86lObusZm6N/HeXVpxYG6i1bXkCGyrI/+e3zJc5nF5ihFkB7gZlkWcPR/hz960jcW+4IOAezyhme7QxbANdFgPDsAjOsURC1ZX4RmwswJkf/Opp1Ac7z04+++p6lmPY36SnDMlBbbv/ZBbL9KfqPesu8p5NjFF3PG4ujf/WSYZl1VjznZ23xzbLNvl0SeXaRWbasZFq3iZjVO5YqZ4mrPrLTXQo4D4M3Dmpqf5ej8Y6Jrqe3dnD97CKRYXSbeS8nzOodR7YDqDQ+dxSdj2qfPWf9siSBtp/52UUiQ6JC5p0AC48Kru+D10Hc2euCmlOGhOs6jhls9cwLyLADgJmn9rqe/R9kSHLLeChQxITA+vgNXf/XGTJ0CrOjr1mXxj1K1oH1s/+DLFMVFUZmXKPrefXxcJLc2f6+0pEIPBmFRvek+jpyFxC/c/R39hYtrT/7P8iSrMDphO21ZZTl+9JjGAl4CJB6IykwQwl2vckHOmI2MMvuuij58dn/AaPa6D/ujZmI9tqycmvPGM7KENbcmH0yCMiB2cD1YTl7YHYh+rt6iwY4z/7PgtFQ9Af0VCk72yh+LNl3oWg8BAEZ1on1ZjZwz63BWQaI0QFJz/7PgmSB6A/oiYehva7MiBozBE7aR9YTxTQu7reZg4Afvvri+//zhzw5EXsNBDL8ptEOALzXgCyFbqq9gMlbsD7AODiXYu/pQOka3nkz7i6ik1wSvykEl2Uw9ehWwSwJgJe21r/XgCx73CtWaGMNOfosqokXUZWEVI1jpjoB0VZcOt0sp68+UkI4S9Gn9gyAxXsNyHLqXdW12CwzKNqPhwWpNwLPkZcVmS19Kdmbf55lVvWed0CWBMBLg+n3GkA0luFLJwJsr62KDHkU2hfJPEdsE5IuYSQ84ruEqfWty2v8eyzHRX9Ob8xW3LI0naXY06U6J+81LDIkLhCEVH3hfvX6Cz+qhKXOw3Nh0SD1xghulKJjl6ajr6Ef4L+L/rze2PG19cTaDLvDLiUAImxElq0LPco0HsGzAsa19zYhaQtGnhxiE92TFdCnPBo80x9kCIQYnL5UM4TPGv23vTFr0V7bImxElrWLqmuvLgGM756RjPQoOpZKxcfogLaOmLcgEMry+a9VD8wyCCShtL22RdiILImA16KXrLLkUOh45Kk8sk1Iulf2QIBr27Pjb9HBZkiSvLRdOMtvc222MmxcZPhyuYb2urLzvO+5PLJNSHoUI2KmozMkyvEsMOLsFRRn2S7IgI+AZH1tWarDXvstwsZFln2YR0aRR/Cs7zm5VVBnYyTK0lTPJG4CD7Y+n5mvlWW7IKN+ArIsM+jXEgARNi6ydGTVXqxZAif1d+s2Ieko3IdU1SNxcM93EsEFHR3v5UyVMrNsF+Qa/l+SWjAvLaGHjYssU9mXyhhm5Pq/eAFUm7XSHOgkWRNmcAdG7gQHERLcln+P/4b+IPu27EzbBTPgt2u/o7WwccGXGf2hvdGhZr/xFq7/C9yzHi0snYOcnAyzAWd7aVkmbFzLUBAIVeqxE3FF1685MXvlkoDUH89d5l0SR9sycA4b17LUta9yLgBTZ9H1a14k4nigkHQOnr0MxYN6oy9qv4tW2LjG2k/0h/fGlor22rIh2nL9X5ewNlllKUsaCbMBJMRFz+WoXlr/R9i4xh7C6A8/Q6aM04jr/3oJS2rZ72NpVFmKB/WwJRE5bGxlKWiQfTug6/97GfsBNUFQOg+D2tFLtW8toBc2trIkUmxZ0ziT6/+Pmmv5xARB6TwjzwZsLaEfNrYoJhH9Jb1l3g7Iizy6Zl33j//25ZPon83ABEHpPCzH/fSj8QZuW2fLw8ZWps6NYKS9vgyyJEtWweh3+S0J6ig6Ev17s2CWzQRB6RxZSgnvZWshsrAxkmV6m46ivbYMsmyXzIqHi9+OabdL096zV/CicImHCknnGGU24JYD9MLGSJYEt6zLAFkKJmVCh0Yd8mvHUbYIEKI/ayZuF5TOU3024JYj9MPGCCOT6C87Q7ZlAF7W0XXOhLVspvUJFB+tGc6a+CxbdS5xNkA6D7MBVUsJ37LDKGy8JMtLOdsyQKbg6F4//V18IEiLtWo6eaJkOnockcnOGlaW7adnYjag/W4kHY9BzO3Lkuf3kV9+8zT6Cj9TK2y8JMt2QKZnMm2fIuMyus5K2Bvbfq6zcU0urbwOzj76yuJB0kkqHSzEu6K9/mvCxksyrc9yLe31naV6BjtT9+1nyoIofPYdAiDoZdal/X4kHe++2YD+tpT/XQsbL8lUFjhTp1V1rWiRdWvlmlUW3yDC37rFR9K+ss8G3DpTGDZek2VKNssyQKYaCfcgr+ORhL2e2E1QOTt3T+4UkM6RdTbgngPzwsZrMo3EMiwDVD8AiLyO9jNlZnLgO3wPVhGUzsG7P9NupXsShsPGazJlvGdYBqieAFixA2HWZcTynfciiMuUFCvN4mev+6DomTwDAUl7fS8JG1+SaQR2y5aHI1Q+Y7rS9H+L66bIUPS5ZsRvmSkxVhpdppw4nv/2+rYIG1+Saf3j1qzHvVWejq42/R8ZYQvmnpgVOzsolmaQ6d1z77s8bHxJpmUAKtC119dL9QTAUdaPs63FnW3ZMmiSoHScTDVKbim3vhY2bpFpK8S9H/5RdKDR9VRQefo/Url051H4PkwSlPZHMnL0zJ2BgP/ed3nYuEWm3QC3HH6wJ0ZZ0fVUMML0f4sZGYsGvY/nw2UBaT+ZTn99pDR+2LgFI67oYs5ABHRGKdvKCYAjjwxZm7NewHN8HwTtvWd9CDxYoqHYFH8/ojMmln/Gb8e/b8CirHiGMr1fHpkBDxu3yjTlekaZVPIPomvJ7pEpoyrIU6n6+xyJ7+TIJTMCy6WTfzQvg/uUP4fRFtfsVkdlkCn579Gl3LBxq0xT4PdUQXpEpi0gtzpryaQ3fiM6kOg7mB27BfY4YIiXD6N7piF7jIqo/8B7xxkCnSVT8h9bodvru0XYuBUPYXRRZ7mnEMK9KicAzrZfvMIhHmfhu7lnZE3wQB7JmVOhBDEVzrHQOOhjonvxLI/2eWHjLTJVZHskGeJWH/25bgLgGfkSZ2MK2a2CMb4XpjW3TCXyPWarwsiyxtbrlx6RKe9rj1nvsPEWmZYBGI306twyZYHegpd3+1lmwYyVJYQv44VyaUTNSCPT1GfEQEBHom85c8arRa5Ne423Chtvke1LoWNur/EITD9Gf392e9w0ldE5uCRwHUHSMrXIVH+13S4EAtY/0N54d0b321n2yOEJG2+V6QVBMNJjBFC1BDDZ8e1nmREdhLsErmOXzwcf1v2OWBKccblL+6NPyfS+2GsmN2y8VbaEOKYB22vcEzdD9Pdmxw3cfpaZ0TlUncnRNuQ3mCioR5H7Et1fZyEHrb3Ge4SN98gUHXEtR84CZCoDeYsRq//tgTyWTMtY2l+vpUGNKVP+y565bmHjPbKtjxxZ7CRbNLjVkd9JdSyNeJbA2KgJYTEh3Srb+37POi5h4z2ISKKLPQsRW3uNe8m08+EWvvyu4/thliT67jQGcncsIqRbZFsm3HMgFzbeK1u28FGZwBUPnDkyIBrNfAmCcy1/GARoq2zLvXvs/V8LG+818lTJWsW95K6B3mae2YA5cx8MArRFtkHt3gnuYeMjso2ciODaa3xUxYpyrv/fZ+zZgDk7/wVBgMtiuiTb6H/P5L9F2PiIbEVW9p4FyJbrsJUvuvuZGzAuZvN61A1RPdlG/0fs4gobH5HtgCDsOQuQ7TCILVz/34fFg8bU8wwR1cBAL9vW4CNms8PGR2XLmtxzFqDiIUCu/+/H2YAxzV4iW89lO+vlqEFc2PiobMmA2Ct6ylbvYAvX//fnbMB4Hj1aVWPIOPo/6gj3sHEPmSongVmJ9hrvUXH0Z7bzMZwNGItJgUK20T8DjaPyVMLGPRCxRB/mTHuMhKkmFv3ZWbFjof0M2pezAeM4ItFKdWTL/MeRS7hh4x6ynZ6EPdZRqpWL3WvmQ9c5GzAOArr299UcsmX+48gZ3LBxLxQtiD7QmR6dBahWA4Btme1n0HGcDajPXTNzyjj633sbeyts3AujomzJFI883Hye6M/MzATA/pj9IvDKdu9ru72OW1UdGSu8HrH1by1s3FO2hArc2yl+/nW9IkBcc/s51AdTd9m2xGqbIxOvlA99QnQfnImApL3OvYWNe8q4peLeh5vp3ejPy8oEwBy4b8gwj34j5bV33XXllW3XGnrM3oaNe8uYWHFP4Y+MOxuuYcdC+xl0DgJO7jmXBerY++Q15ZTxvd4rDyVs3FvG5ApexLcerFCtCJAVAPPhnssYECtmDs3YMu5WQ6/7Lmw8Qsa10FszLH/5Sa0A4OO/+vLKimWBaltKZ3R0FrbOlXFQR0DSXudRwsYjZEyywC3lP6sldJkAmBujj1effuOyQHK3zhSqBpJ0Mz57PXNPwsajZEy0uGWtJeP1X2ICYB10MJxIF/2OOp9bAseUcSmu9+6TsPEoWY/S3RpxZVwrusQEwHp4PlwWyMdnaTxZZ6R77zwJG4+UNeraMs0X/bdZmQBYF8sC1SpOjoxpYg8JGgcj7IzbcrnPeo7+ETYeKeOOALzUYRIgRP9dViYA1kaH47bBPHyexpF1N9cZg7aw8WhZt0FdK7tIwkj032RlAuAYCDx5MRgInMsZtTFkTfxjFvqMWaaw8WhZZwFI8rs0BZM1fyHCDd5ev2ojEKi2DXUsXzxtCSQh0OC6rqyDz7OqToaNPWT9IZgeaq8VlcoAk0jWXr/GwAjGY4fPxxoyARnJZL3XbXWfrIl/vTP/18LGHrLOAjB6jiL8SmWAqVfQXr/GwvOTNYieEc8cozhnB3LKmviHM7eZho29ZH2BRacw8SNF/25GjEza69eYCAQ8cTAXBhFsHWQ2kZlDdxCcL+vyWa+a/5eEjb1knQVAuyaTNXM0ctZ6ks5DjkrG88z1BqNPij3xbH721eVkY+0vc/5Wr5r/l4SNPWWtgEYUz3rrcp1kAUf/XkZn31Q6R6VEVb2ZaeS9whbD9btG+8k89X/26B9hY09kN2fcloF1BbBKiVfMrCzXrXlkTXIax7HvKYo/sZzDbCNBAQFd+xvrNpl3zmR4T4eNvTEtFn1BGSwJGpUSrlxznFOlRFVtxwh2ySngfURg4M6D63gH/iHx80B/0l7zGcLG3riZs9ZAJypnloIHMPrn2XgI0LwMAObCs857iWUEBlEEBjMuJZBTwYwJARLfx3JmS+azW7LM0oaNZ8g8fclNVeWQlgzrSjqHAYDWeG+BaXA6xyVIQKVZwuWauX4+B3ljfK5ra/uZT27NtEsrbDxL5mn2Koez8HC036vmYACgWzFKXgKFdbCwtuQj7GkZsa+RZ7VcxyOJe5kHa3zfzCi3z+5ZwsazUEQja0Lg0QlAe/nw9YPUfq+agwGAZvfB6/4j89T/mUV/ImHjmSptt8so2w2mfhhVRfeENIv/kXjqP+PybNh4JhICM0dw2VF5rP1ONQemVqN7QppB5s4fGbdnh41ncyrzftYinxcZ4NE9IY2OHK0PEi/TZj1OOmzMIHMWZ2buD55bdE9Io8s8a8y1Zd11ETZmkPmcgKzInG2/R83F5TPN5p+Sb9FmRrt9TrMIG7PIXMYxIwMAeUSwZvKjV7k7/+hk2UzCxiwyH+SQEftn2+9Qc3n1aZ1jq6VHsObPtr/on2XAlvbs57KEjZmQ1R59uXofB4m035/m4vOiWfwweXG2rIl/a2FjNpVO4jsT31P73WkuJBtF94Y0kuy5LsxcV0jIDhuz4aVmctPLKkScOh5LQdH9IY3gBwXKslOTo30uMwobM7LK2cuop91+b5qPeQAa1QdBWzaZDvt5SdiYFQfdRF+43uC0rPY703woBhXdH1J12QOAKlP/i7AxK05RqnIq3xky7zdVX+6e0WgyV/pbVJn6X4SNmVkm+DLPAdCC2aDoHtGtHHBkUKHzrzT1vwgbs2O7W/QDzK5a9KnjkDib92htaSzVpv4XYWN2HHriy+19fC/td6V5WUlT6qPq4CtsrMClgPcZAGjN8zSk41Wc+l+EjVXkLxDUd5ai/X4kzwaQjlN16n8RNlbBF/+T5CdB9cKSSPv9SOyccblM9dS4Z6vnXYWNlXz21Xe+4F4jEm2/GwlUiIzuGUn3G6HwWthYjVueDAB0GbMAltKW9jPKyathY0Wzbw00ANA1ltLehvPbEf0zCQTTBNXtM1ZR2FjR7KMcAwC9xFM1ryOfaJ3QxfLiR3/+5inL26BAi08+H6fgWthYFQkZ0Q82A15Q7fchrXmq5mXkEbFtsv3OWgYFcxvtxNWwsTISM6IfbnSjrEnpWATJJs2+jyWS9rvaah0U8Bx6XsmYCPgqb/mLhI2V8QPNGJkbAGgrzowwCHjniFEdsy0EWwQGH74elPB8skwX/f3Kj6BuxEJrYWN1/FCzReEGALqFSYFvkBfRfjdHIzDg+2e2kkJNLiXkN9K6/1rYOILZpjoNAHSr2ctpn9H5v4T3Fl59+s3bAMFlhXONtu6/FjaOYqb6AAYAusesNTSYlm+/iwo+//rvTwECwRsBAn7x8ZsgASZ57mvEdf+1sHEks5yIZgCge82WOMvnbb+DEbGroZ1RWCwBw8IZhveRszHKfv9LwsaRzJIUaACgR8wSBJCU1352vY88qiV4uITZo3VQcQmzLT8ulgC5dVtodWHjaIjiRs/ANQDQo5hWHjlvhs/XfmYdiwFYxSqtoyb9tcLGEY1+aJABgPbAqGe0YJl1cbY+tp9Vx6ra+VfND7lH2DiqeluftgcsBgDaC3vYSSyL7rNq6ID4POvPp+Pxnf/zv9cLJNl10X6WkYWNIxv1aFTqmLefVXoE67zcV9H9lh1JbU75n4P8gYqzSAQsI2f8R8LG0TFajm6Aynjg2s8pPYoXIhnkVbLEWeYjyHfUfw6WkCruKGCZaMRKfy8JG0fHy2G0dU4DAB2JZ4aM7swvd5YtZnyJZ1G1xDTXTI5Y+3lmEDbOgIIaIyUFGgCohyUQyFJwhoCEWh88z+21qp/KVSUfOQiqurBxFiMdisLnaD+fdCRenGdlebNey55+p/rPR0AY/UYVcO3t55lJ2DiTypFrq/1sUg9Mu/McMQV/5BIBuTsUn3GaPw/OU4h+qwoyngXRW9g4m1HqoTsaUgbL+fgk49Fp3zPLxn/HC5pnk90Is2VnZ8e7puIe/8Vs2/0uCRtnVHkaa+HISJmta9NHZk3EqoZ8i6rbQ0HgYkD5Rtg4q8rTWZilfKWkc/COqbjNb0HuiDOl74SNM2NqKLpxKvjB6wfTkqeSjlB9lpSdUqOf7nersHFmVetXr82e2SppP7wTq5eGnrXQz0vCxtkxRVSxjvUaSVROdUl6BJ1m9XchSxYzHO17j7BRY1QLJOo1sUrSPUjMrLzeD3ag8Dnaz6Y3wka9QfQ7Qslgarm3n02SLuGdEb1LKqHzNyfqurBR71Q93KLlsaiSXsKg56cf1T8szc5/m7BRzzGNPkIQ4JKApEuo5jjCe87Of7uwUe8bZSaAh4Pqau3nkzQnZgYrb39es/O/Tdio2ChBAHjgXRKQ5kZnmeVkx0fZ+d8ubNRlBAGjPDB8Dh8YaT7s7eeshui9UJGd/33CRl03yu6ABSWQnQ2Q5kAeUOVa/i07//uFjXrZaEGAswHS+NjeR4cZvQMqsvN/TNiobUYLAvDLT772pCxpMKNs71uz839c2KjtOFyieqnMFtODbheUxjDK9r41O/99hI26DevnowUB+PBPzgZIVY20vW+NYMYByj7CRt1u1CDA2QCpno/+/M0wu5XWWHL9/GtP9dtL2Kj7EASMts62IDfAs7Sl3AjWR30HMcDyHbSvsFH3G+Hs7EuYerOKoJQPHSPbeaPndgSeZXKMsFGPY/08upFHQCTuEZtSDmztGy3Jb43AxlykY4SN2gfrcNENPQpmOpySk85BFvxIBX0iDKTaz639hI3aDw/pyNE5n40RiBG61Ad7+kfM7m8xgGo/u/YVNmpfnB8wWsGgFiMR9+VKxyHI/vXrEfFIlfwifL5PPvdd0kPYqP2NWDAowsiEgKf9/JLuR4c44ra+lnv8+wobdQwi+Bmm7mAgID2OPe8/+92Y2/paDJBY3mi/Ax0nbNSxRjqG8yVk8PpQS7dhxnCm9wQJxeYR9Rc26nij7xBoGQhIL+MZGXk/f8TaIucJG9XH6DsEWiT3MKpx66D0HMtlsywPLnj3mTh8rrBR/RDxz5AcuGYgIL1BQS2q3EXPycjYNWRN//OFjeqLtS9q7UcPysgIBPjcLg1oNmT1j1qz/yXMdFjWN4ewUef4+K/fDr/H9xJeCm7/0eg4m3+2Gb816hi034nOEzbqPEyLjV7e8xpGRQRC7fciVcUMH0m/oxcDu4b1fov75BM26ly8MGbLBG7xsuSl6dYgVcU0NxnuMxTwuYag3vX+nMJG5UAHOOuSwIKRAweCmDCoKujsyG2ZaYfPJST7GsTnFTYqD7YHzbwksCAQoliI24aUEaN9AvaZ1/fX3OJXQ9ioXHi5zLZH+BqmVJkVcPeAzkYnR2A6+0zdGlP+ztjVEDYqJ9YTfdE8x8uGzGqnGdULgScB6MxJfZeY5V9L2Ki8WF+cdf/wNQRGJE5SWKX9zqRHEWASaM5yMM+tmJVzG289YaPye/WpswGXMDJjJGLmsR5Fp2ZC33UE3hb2qSlsVA3OBryMBEqmaz2aWFsxxc9ym8m31zHqN9GvtrBRtTDajR5QPcfMANuSXCZQi46Me8NOfxtH/WMIG1UPU5W+vLZj9MLUrtXJ5kSWOmv6ZvDfhqUQvrf2+1RNYaNqIlGJ6e7owdVlvNQY0fBic2vhuAiSeT7cq38fTi10e99YwkbV5mzAY1gqICDgTAJfeHUxRc1vyG9pEt/9HPWPK2xUfc4G7IdgalkucN0zN/I72CFjcuw+CJ4MgscVNmocZL/7MtwXU8gkjDG6dKvheZjpovwuwZnT+vsi6DVZdnxho8ZDZzX7qWRHIYmMAjHMuBgUHINAlmloOnsD2uNwLzOD0n7/GlPYqDExfe2yQB8GBffju6KzZ5bFynv9cN6I0/1zCRs1Nl6wvljPwVQ13z21Gyg2wzTrjMEBn5nPzhQ+3wVrzXwvbsnrj6RXC/rMKWzUHEhqc1kgD9Zdl1kDpmHpIKsGCKzPc+18Djp4Rpd8NrPx8yDY4rfxIK15hY2ax7JbwJFXDXSgdKRgXzYv8MUSMETa3/2apfNuMS2//vsW3D/LNUXXrHwogOR0v8JGzYdRJh1K9LKQNAaCNAK89vnXnMJGzYtlAbdUSWNhnd+y12qFjZKBgFQfS0Ykm7rOr0jYKC3YwsboIXq5SMqLbZRWrtQ1YaPUIgHMQEDKjy2VHmqlLcJG6RL2bbt1UMrHjl+3Chula1hPZF3RQEA6nx2/7hU2SlsYCEjnsePXo8JG6RYEAuQIUMkuelFJ2gcFu+z4tZewUboXNcWtCCfti1k2qi5avU97ChulR3F8KyOV6GUmaRtm1Zhdcx+/jhA2SnthxEKteA+BkbajLLcn9OloYaO0N0YwbCG0loAUW9b3ZzweWucIG6UjUV3wpx+ZJyCBoJjdNFbtU29ho9QDmcwsD7iNUDPiSF6n+XWmsFHqjRchL8ToRSmNgmD31affmM2vFMJG6SxMg5IrYE0BjYSkPpa+2vtdOlPYKGVAMtQvP3EHgWriOG2CWUf7yipslLJh9PTzP7hEoNyYuWKK30p9qiBslLJiiYDCKAQDbJuKXsJST2Txc/a+2/dUTdgoVUBtAWYG2DvtMoF6YqRPp0/Fy/a+lKoIG6WKPvn826ecAbcV6gis6TO970hfowgbpeo+++q7pxGalQf1CLL3TeTTqMJGaSRM01JpzbwBvYSAkVkklpaszKfRhY3SyJgdYCqX0Z0BwdxYLqIAFYmlZu5rNmGjNJNPv/zu6az1n/3O8wlGR8BH4MeMkAl8ml3YKM2MssScUWBAUB/Z+uwSYR3fDl96LmyU9A4dB2vCS1DgskFe/D78TuwIMXFPui5slHQdW8EICpalA+sQ9MX3vXT2rN+T19H+RpKuCxsl3Y4kMkaeBAUkljlbsI+ffvTV0zQ+iZvkaziyl/YRNkraDxUL6biWGQM6M2cN3iFI4vtgmybfD+v1dvTS8cJGSf3Q2S0zByBLnQ4RUYdZzfJZCHyWz8hnBsHR+ruQ1E/YKCkXitIsneYyk4BlNqFF2dqoM34ERXLWf8e6Qwdr8cs1uqdeyi9slCRJI/v+H/4/9LltVUPYeKIAAAAASUVORK5CYII=Azure App Service Web AppGE.PEllipsefalseAnyAnyfalsefalseSelectTrueFalseAzure API App Processes XMLVirtualDynamic0eb10857-97b7-4c8c-8fdd-c289b7921a7eListfalseSelectTrueFalseAzure API App Processes JSONVirtualDynamic0945adcf-1cfd-432f-8032-05391ab62336ListfalseSelectAllow access from all networksAllow access from selected networksAzure API App Firewall SettingsVirtualDynamiccb0fca77-c600-4622-b9a5-118107fcd9ddListfalseSelectTrueFalseAzure API App CORS UsedVirtualDynamic3f4a2250-9087-44c1-9fb7-61e9eb1e4df7ListWeb API built and hosted on Azure App ServicefalseSE.P.TMCore.AzureAppServiceApiAppCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRQAAXEUBuS1iLAAAJUJJREFUeF7t3SuAHMfZLuDAwMDAwMAfGgYGhhoaBgYaGAQIBBgECAQYBIgYGAoYCAoYGBgICAgICAgICAiY7NG7OhvL7a9We5mq6ep6wEO+OPZ0z2zX23X93cXFBQCwmLK4Vy/e/Hzx9dM3F199//ri80evLv7yn5cXnz18efG7L58BwDD/9+8Xl23QF9++umyT0jaljdq2W3tWFvfkx1fvLr58f3P//PWL8ksAgL1IMJglDJTFPUjDn3RV3WAA2Lv0VL96u98gUBbPKanpb/99Vd5MAJjJ7796fjlE8O4yB9Tt3rmUxXP57tnbiz/883l5EwFgVn/614uLZ6/31RtQFs/hwZM35U0DgCPIC+7Tl+/eN3l1OzhaWRwtsyirmwUAR5IhgUc/vX3f9NXt4UhlcaTM8K9uEgAcVYa8t+3haGVxlKSg6sYAwJFlOODccwLK4ggZB0lXSHVjAODoMjHwzeWUgLqd7K0sjpDNEqobAgCryF4B2/ZxlLLYW8Y+qhsBAKvJxnfbdnKEstibt38A+CBn2mzbyRHKYk8m/gHAr51jVUBZ7Omv39jfHwA+lrNvtu1lb2Wxl8x2NPMfAH5r9MFBZbGXb37U/Q8AlYc/vHnfVNbtZw9lsZcsd6guGgBWN3oYoCz2YvY/ANQyRL5tN3sqi7388YHxfwBoGTkPoCz2Ul0sAPDByE2BymIPL978XF4sAPDB4+fj9gMoiz3k8J/qYgGAD7Jabtt+9lIWe3jyQgAAgOsIAACwIAEAABYkAADAggQAAFiQAAAACxIAAGBBAgAALEgAAIAFCQAAsCABAAAWJAAAwIIEAABYkAAAAAsSAABgQQIAACxIAACABQkAALAgAQAAFiQAAMCCBAAAWJAAAAALEgAAYEECAAAsSAAAgAUJAACwIAEAABYkAADAggQAAFiQAAAACxIAAGBBAgAALEgAAIAFCQAAsCABAAAWJAAAwIIEAABYkAAAAAsSAABgQQIAACxIAACABQkAALAgAQAAFiQAAMCCBAAAWJAAAAALEgAAYEECAAAsSAAAgAUJAACwIAEAABYkAADAggQAAFiQAAAACxIAAGBBAgAALEgAAIAFCQAAsCABAAAWJAAAwIIEAABYkAAAAAsSAABgQQIAACxIAACABQkAALAgAQAAFiQAAMCCBAAAWJAAAAALEgAAYEECAAAsSADYib/85yUAE/v9V8/L5/teCQA7sb0GAObyp3+9KJ/veyUA7MT2GgCYiwDQVhZ7EAAAGE0AaCuLPQgAAIwmALSVxR4EAABGEwDaymIPAgAAowkAbWWxBwEAgNEEgLay2IMAAMBoAkBbWexBAABgNAGgrSz2IAAAMJoA0FYWexAAABhNAGgriz0IAACMJgC0lcUeBAAARhMA2spiDwIAAKMJAG1lsQcBAIDRBIC2stiDAADAaAJAW1nsQQAAYDQBoK0s9iAAADCaANBWFnsQAAAYTQBoK4s9CAAAjCYAtJXFHgQAAEYTANrKYg8CAACjCQBtZbEHAQCA0QSAtrLYgwAAwGgCQFtZ7EEAAGA0AaCtLPYgAAAwmgDQVhZ7EAAAGE0AaCuLPQgAAIwmALSVxR4EAABGEwDaymIPAgAAowkAbWWxBwEAgNEEgLay2IMAAMBoAkBbWexBAABgNAGgrSz2IAAAMJoA0FYWexAAABhNAGgriz0IAACMJgC0lcUeBAAARhMA2spiDwIAAKMJAG1lsQcBAIDRBIC2stiDAADAaAJAW1nsQQAAYDQBoK0s9iAAADCaANBWFnsQAAAYTQBoK4s9CAAAjCYAtJXFHgQAAEYTANrKYg8CAACjCQBtZbEHAQCA0QSAtrLYgwAAwGgCQFtZ7EEAAGA0AaCtLPYgAAAwmgDQVhZ7EAAAGE0AaCuLPQgAAIwmALSVxR4EAABGEwDaymIPAgAAowkAbWWxBwEAgNEEgLay2IMAAMBoAkBbWexBAABgNAGgrSz2IAAAMJoA0FYWexAAABhNAGgriz0IAACMJgC0lcUeBAAARhMA2spiDwIAAKMJAG1lsQcBAIDRBIC2stiDAADAaAJAW1nsQQAAYDQBoK0s9iAAADCaANBWFnsQAAAYTQBoK4s9CAAAjCYAtJXFHgQAAEYTANrKYg8CAACjCQBtZbEHAQCA0QSAtrLYgwAAwGgCQFtZ7EEAAGA0AaCtLPYgAAAwmgDQVhZ7EAAAGE0AaCuLPQgAAIwmALSVxR4EAABGEwDaymIPAgAAowkAbWWxBwEAgNEEgLay2IMAAMBoAkBbWexBAABgNAGgrSz2IAAAMJoA0FYWexAAABhNAGgriz0IAACMJgC0lcUeBAAARhMA2spiDwIAAKMJAG1lsQcBAIDRBIC2stiDAADAaAJAW1nsQQAAYDQBoK0s9iAAADCaANBWFnsQAAAYTQBoK4s9CAAAjCYAtJXFHgQAAEYTANrKYg8CAACjCQBtZbEHAQCA0QSAtrLYgwAAwGgCQFtZ7EEAAGA0AaCtLPYgAAAwmgDQVhZ7EAAAGE0AaCuLPQgAAIwmALSVxR4EAABGEwDaymIPAgAAowkAbWWxBwEAgNEEgLay2IMAAMBoAkBbWexBAABgNAGgrSz2IAAAMJoA0FYWexAAABhNAGgriz0IAKzkzbuLi/zmP+XV25/f/+P1vwO4PwGgrSz2kIdddbF7tr0G1vXizc+XDfbj528vvvr+9aXPH726+Mt/Xl78379P+4DJAyv/3o/lv5X/Zh4O+RwJGB9/PqAmALSVxR4EAGaQ32n+ANPYpuHd+8Mjn/Fv//11ONCrAL8QANrKYg8CAHuSN/qZGvq7+Ozhh3Dw9dM3Fz++uuwyKO8FHJkA0FYWexAAOKenL99dNoRpEP/44Hn5fR/d7796fvHXb15ehp78PW7vERyRANBWFnsQABjl3c8X/xurz9t9Gr7q++VDL8GX7+9T7pd5BRyRANBWFnsQAOjp2eufL9/w84ZbfZfcTCY0/v271xffPRv3EIKeBIC2stiDAMAp5S0/jVQaqyOO3+/BH/75/OKLb18JA0xNAGgriz0IANxXuqjzx+EtfzxhgFkJAG1lsQcBgLvIm/6jn95eTt6rviPGEwaYiQDQVhZ7EAC4jTQu2fzGBL59EwbYOwGgrSz2IADwKVmql8YkjUr1fbBvedBmIqbVBOyJANBWFnsQAKikiz8/+FNvp8v5JMD94/Hri2y2tP2+YTQBoK0s9iAA8LE0DpnB723/2DKMk56d7fcPowgAbWWxBwGAyIQ+s/jXkw2H8t1vfw/QmwDQVhZ7EADWlW7+jA2vugUvv8hv4MET8wQYRwBoK4s9CADryal02Y5XNz9bWd2ReQKCAL0JAG1lsQcBYB0Z38/D3RI+PiXhML1D6SX6+DcEpyIAtJXFHgSA48uRs1nGV91LuE4e0uYI0IMA0FYWexAAjs9SPu4rv6E8K7a/LbgrAaCtLPYgABxfegCq+wi3la2fc8Lj9jcGtyUAtJXFHgSANdizn1PKXhGZTLr9ncFNCQBtZbEHAWANegE4tUwmzWoSEwW5CwGgrSz2IACsQy8APfz56xd2FeTWBIC2stiDALCOLAO0BJBevtQbwC0IAG1lsQcBYC3ZB6C6p3AKegO4KQGgrSz2IACsJRO39ALQm94APkUAaCuLPQgA69ELwAh6A7iOANBWFnsQANaTfd4dAMQoegOoCABtZbEHAWBN2ee9urfQg94AtgSAtrLYgwCwpryR6QVgtPQGbH+LrEkAaCuLPQgA69ILwDn85T8vHTeMAHCNstiDALCu9AKka7a6x9BTHv7ZnXL7m2QdAkBbWexBAFjbd8/elvcYestyVEcNr0sAaCuLPQgAOC6Yc8qy1O1vkuMTANrKYg8CAHoBODfzAtYjALSVxR4EACIP4OpewyiZj/Ls9eWGAeVvlGMRANrKYg8CAOG4YPbgD/98fpEeqe3vk+MRANrKYg8CAFccF8xefGW/gMMTANrKYg8CAFf0ArAnX3z76v3Psv6tMj8BoK0s9iAA8LHPH+kFYD+EgOMSANrKYg8CAB9zXDB789dvXjpM6IAEgLay2IMAwJbjgtkbIeB4BIC2stiDAMCWXgD26LOH9go4EgGgrSz2IABQWaEXIKchZv+DmO1htKrsWikEHIMA0FYWexAAqMx4XHAa8ixlzBKyyD7z+X3HXbqPsynN1f//Sk5QzJG2+W85Tvk8EgLSS7X9vpiLANBWFnvIQ6262D3bXgN97PW44HQFZ3Z4Gvn8fl+8OW9jkM+Qh0M+T8aqna3QXxqPc3/v3I8A0FYWexAAaNlDL0D++3mrf/DkzWVjv/2Me/b05bvLz22b5T6EgLkJAG1lsQcBgOuM7gXIVrDZiyDd90d7uOdvLcMH6cGorp3bEwLmJQC0lcUeBAA+pXeXdg6BScOYN+btf/uo0ruSPe8z2TLXX90XbsbEwDkJAG1lsQcBgE/pcVxwGr30Lnh7+yDh5+/fvb7sAanuF9ezT8B8BIC2stiDAMBNnKIXIOP5eeN15Ov1MvzhYKbbs23wXASAtrLYgwDATdynFyAP5sfPx/3xHEWWuj384Y0hgltwiuA8BIC2stiDAMBNpZu1+j4q6crOuL712qeRXpMMEdih8dNGPqi5OwGgrSz2IABwUzc5Ljhvq/lDMR7bRwJVhlEEgbbcGz1O+ycAtJXFHgQAbqM1Np05Ahkm2P7z9JFZ7+nuNmmwlvuSwLq9b+yHANBWFnsQALiNbS9A/ogzaW37zzFGgkA2G7It8W/lt2mVyX4JAG1lsQcBgNvKWHQanCzj2/5vnEeGXPJ9CAK/Zo+A/RIA2spiDwIAt5UHqjH+fcr3kqEBcwR+kWGr7X3i/ASAtrLYgwAAx5NVA7dZtXF0eqv2RwBoK4s9CABwXJmYaVjgw8qAlbaanoEA0FYWexAA4NgyZJM9Gaq/pZVkiaqhq/0QANrKYg8CAKwhKzhWP4nQdsH7IQC0lcUeBABYSx5kK+8fMPJBTpsA0FYWexAAYD2ZJNj7mOe9ynwAB1KdnwDQVhZ7EABgTRkPz54O1d/Y0ZkPcH4CQFtZ7EEAgLVlpcCKQwLmA5yXANBWFnsQAIBsmbviBEHbWJ+PANBWFnsQAIBIl/hqywXT8+G8gPMQANrKYg8CAPCxHKW70pBAdkzc3gP6EwDaymIPAgCwlVnysz2g78NQwHgCQFtZ7EEAACrpGl9lqWC2S7YqYCwBoK0s9iAAAC3ZRniVyYH/ePz6/SXX94HTEwDaymIPAgBwnbwZ50jd6m/xSLJBULZL3l4/fQgAbWWxBwEAuImsm6/+Ho8kvR3b66YPAaCtLPYgAAA39dUCywRHPuhXJgC0lcUeBADgNh7+8Kb8uzyKTAh89dbeAL0JAG1lsQcBALitr58eOwTkjITtNXNaAkBbWexBAADu4ujDASYE9iUAtJXFHgQA4K6OfJpg9kDYXi+nIwC0lcUeBADgPj5/dNzVARnq2F4vpyEAtJXFHgQA4D6yT0D206/+Vmdnh8B+BIC2stiDAADcVxrJo24brBegDwGgrSz2IAAAp5Btg//89fFCQK5pe63cnwDQVhZ7EACAU8kBQuk2r/5uZ/bds3EP/1UIAG1lsQcBADilGZ8pn2JFwOkJAG1lsQcBgFVkXXd+75E3uqxj33rw5M3//pkrdoW7vdzL6m93ZnoBTksAaCuLPeQBV13snm2vAa48e/3z/xr3v/zn5aXqN3QX+XdlyVv+3Y9+ensZDrb/fX5xtJUBegFOSwBoK4s9CADM7OnLdxdf/v/GPse5Vr+X3tLQpecgn2X7+VaWSYGzPeQ/RS/A6QgAbWWxBwGAmWSSWQ6jyfn052rwr/OHfz6//Gz5jGkAP/7sK0oo2uP3dFd6AU5HAGgriz0IAMwgXe4zdilnyGD1t8ajHRykF+A0BIC2stiDAMBe5W0/3ftHWFaWa/jH49cXmaOwvc4VpFekui8z0gtwGgJAW1nsQQBgb2Z927+pNIarnTR3tPkAj5/rBbgvAaCtLPYgALAHR3rbv6mEnPz9be/FUc34rGnJ0M72+rgdAaCtLPYgAHBO2UM+y+qONFHstrKCYZUg8MW3xxgKyO/V/hD3IwC0lcUeBADOJZOpVnrj/5Q0jkdvVHJ9WSlRXf9sHBJ0PwJAW1nsQQBgtEyEO+UGPUeSxjFLCLf37EhyfdW1z8ZkwPsRANrKYg8CAKNkIlhmwlffKb/22cOXh54omOurrns2q03mPCUBoK0s9iAAMEL+eHT3317mR2zv5RGk4TzCvI+/f3fM72cEAaCtLPYgANBT3vqPvKRvhAyXHHFuwBF6gzJkk4msH18XNyMAtJXFHgQAeslY/5+/nuuPfK/Se5K/1e09nlkaziP0Co1sGI5EAGgriz0IAPSQ39VRZnvvydGGBLISpLrOmaSHZntdfJoA0FYWexAAOLWjzPLeqwypHKnbObPpq+ucSTay2l4X1xMA2spiDwIAp5JGKZOiqu+M08os+qOcNniEXoDsYrm9Lq4nALSVxR4EAE4hjZG1/WPlzfkob56z9wJkLsP2mrieANBWFnsQALivTPab7Y/5KHLfj3DC4BF6AfIs3V4XbQJAW1nsQQDgPrI8TeN/XplseYQNaWbvBTjqng29CABtZbEHAYC7ypj/ESZwHUEeprMPB8zeC5C/he010SYAtJXFHgQA7soGP/uSPRdmnxg4e6B0QuDNCQBtZbEHAYC7MNt/n7I6YOYlgrP3AoxsJGYnALSVxR4EAG7rwRPr/PcsPTPb72wmM/cC5Ejn7fVQEwDaymIPAgC38ein+WdrryD77G+/u1nM3AuQCZnb66EmALSVxR4EAG4qv5UjnOC2ijSk2+9wBrOfEeCI4JsRANrKYg8CADeRyU329p9Lvq9ZVwbMfFKg5YA3IwC0lcUeBABu4m//fVV+F+zbrJMC8xZdXc8MHA50MwJAW1nsQQDgU46wS9vKZp2YNvNkwKOc09CTANBWFnsQALjO7OOxfJDJm9vvdu++fjrvapNZ51+MJAC0lcUeBACuM/NYLL9IiJttKCDzTmaddGo54KcJAG1lsQcBgJaZx2H5rRmXBs6622R2ZdxeC78mALSVxR4EAFrs8388sy1Rm3nfCfMAricAtJXFHgQAKjOPv9KWVQHb73rPMmwx6/LTpy/tB3AdAaCtLPYgALA189grnzbyQXYKs5478fCHN+8/fn1NCADXKYs9CABsOejn2GabEDjrMtT8HW2vhV8IAG1lsQcBgI95+19Dhni23/1eZSy9uoa9m224ZTQBoK0s9iAA8DHL/tYwWy/AjBNSE6S318EvBIC2stiDAMCVmSdccXsz9QJkf/3qGvbu2evLlFVe0+oEgLay2IMAwBUz/9cyUy/AjM+psCNgmwDQVhZ7EAC4ks1LqvvNcc0yUz1BZca5KV86GbBJAGgriz0IAETWLFf3mmObaaJaTtmrrmHPcorm9jr4QABoK4s9CACEpX/rmmWcesZ5ABlm2V4HHwgAbWWxBwEAk//WNks39axnU9gSuCYAtJXFHmYMAPnMnI7Jf2ub6S11xqCaeRbV393q8rur7tdeCQDAIT1+Pu7hdh+zng7I/AQA4JA+fzTHZDUbVXEuAgBwSFliN8OeAIarOBcBADisPAu2z4e9yVBF9dmhNwEAOKwss9s+H/Ymh1VVnx16EwCAw8pGO9vnwx5Zsso5CADAoc2wZn3GkwGZnwAAHNoMh9dkxUL12aEnAQA4tCyz2z4j9ubBEysBGE8AAA4tG+1snxF7k16K6rNDTwIAcGg5Enr7jNibWc8EYG4CAHB4e98Q6MUbSwEZTwAADm+G44Grzw09CQDA4c2wEqD63NCTAAAcXmbZb58Te2MzIEYTAIDD+/t3+18K+Kd/2QyIsQQA4PC++Hb/RwMLAIwmAACH97f/7j8A5NyC6rNDLwIAcHgzHAokADCaAAAc3mcP9x8A0ktRfXboRQAADi/j69vnxN5knkL12aEXAQA4PAEAfuuQAcC2msDHBAD4rZEbZJXFHrLvd3WxwJoEAPitpy/fvf/p1b/HUyuLvdhVC7hiEiD8VnrLt7/DXspiLzkCtLpgYD2WAcJvbX+DPZXFXqRp4IqNgODXRg+LlcVeMruxumhgPbYChl8bfT5GWezl1VsrAYAPHAYEv5bl8tvfYE9lsSddakB8/XT/xwH//isTlxkjk+SzWu7j319vZbGn/NFXFw+sZeR657uqPjf0cI4hsbLYUxLOHx9I1bC6Z6/HLXe6C3uXMEp6ms7x91AWe9MLAGyfC3tj91JG+cfj88yHKYu9JVnbEwDWlb//7XNhb3585fwS+svbfybIb39/I5TFERwOBOuaYQ+ARz9Ztkx/D56cbzJsWRzFUACs6avv978E8Mv3n7H67HAqnz86bxAuiyPlBlQ3Bjiu0eud78KziZ5yFsboZX9bZXGk3IC/fmNvAFhFxjzP/eC7if/7t3lK9JE5MOca9/9YWRwtD4PsClbdKOBYZjgEKGwCRA/5/b+57ACrf3cjlcVzefiDOQFwdDOM/2dNdvXZ4T72tv11WTynpy/fXY6NVDcPmF/+xrd/93vz+LkVAJxOzpTIqpLt7+zcyuIeZJtQewXAsWS/8+3f+h5ZocQpZNfb9Gxvf197URb3JKkpeyTnwVHdYGAeMxwBHOYkcVeZO5J9LnL8/d4nu5bFvUq3XMYPs2ogEyn0EMBcZlj+F4YhuYl07actiuwbkRfWGVa4XCmL0IPdH9eWh+X2N7FHeYDPuAJghrkV7EtZhF7SCFQPL45vhtn/MWtQnenNk30oi9CL7VXXldP1tr+HPUpQqT7/ns1wuBL7UxahF+ur1zTL5j+Rz1pdw57NcLgS+1MWoScTrNaTZb3b38EezTr+f84T5ZhXWYSeHLO6luypv/0N7NWs4/+zBCz2pSxCT3nLygYZ1YOM45mpcZpx/D9mmV/BvpRF6M1Oa2uY6e0/Zhz/n2V3RfanLEJvegHWMNPbf05om3H8f6YJluxLWYQR/vHYksAjm+3tP2Gluo69y9/R9lrgJsoijKAX4Nhmm5g26/7/ez5shn0rizDKrG9dXG+2dekzh9EfX9kCmLspizBSGovqwcacMo7+6u1cs9JnDqIJLx9fC9xUWYSR0ljMOPmK2oyb0swaQmebZ8G+lEUYzbLAY0iDNNsb6ayz/8MEQO6jLMI5pPGoHnLMIY3ojEfSZhJddT0zePzcDoDcXVmEc8hkpuohxxzSi7P9Tmcw69kUCVzG/7mPsgjnMutSrNXNehrdzKdT2gCI+yqLcC4Zj/3TvwwFzCTfV763j7/HWXw56d7/MWuPC/tRFuGccrBJ9jevHnrsy6zj/ldmDpvpvdheD9xGWYRzS6NiaeD+zfwWOvPa/wSX7fXAbZVF2AO7BO5b5mtsv7OZzDr5L774ds45F+xLWYS9sD/APs066e/K7CtOZjtngX0qi7AnTg3cl8w+n3352czbT2dobNZJl+xLWYS9+fyR8wL24M9fzzvj/8rsb/+W/3EqZRH2Jm+cefBVD0TGyMSzrNDYfjezmf3wqa++t/0vp1EWYY/y5ikEnEe2aT5Ct/MRdpt0/C+nUhZhz+wWONZfv5l/zP/K7L+dDMFsrwnuqizC3uUAF/sE9JflZkdp/I9w7LTd/zilsggzePLinR0DO8o2udt7PrPZV5MkvCTEbK8L7qoswiwyKS3dotUDk7tJqDraOvNsmzv72//sey+wP2URZpLJabPP7N6L7I53hJn+W0eYPGrzH06tLMKMZj7ZbQ/SRX7E8+W/+XH+LaX/+OD5+0uprw/uqizCrHKI0Mx7vJ/DEbv8r6R3KI1ndd0zOdp8DPahLMLs8tZ3hAd/b5nlf4T1/S1HWTLq6F96KItwBGnYDAvUsrHPzOf430Sur7r22dj6l17KIhxJ3p6ymU31cF1NuvsfPFljLXlCTnUPZpPerO21wSmURTiijHOvOiyQJXCZ5LfKOvKjHCOd7+2IEzPZh7IIR5WHad6oVpkomDf+DIOstIHMEXb8u5I5DNvrg1Mpi7CCDA3krfiIvQJp+HNq3JEn+LUc6cAoB//QU1mE1Tz66e0h5gnkGtLDsWq3cUJPdV9mZOc/eiuLsKrsgpcu85l6BXJOfyb2HXEHv9vI2RDV/ZmVt396K4vAh2VkeaPc43yBdHPns2kkPsi4/5GGcrz9M0JZBH4tY+kZJkjvQBrf0ZPMsqQt8xUeP1+3e/86Rxr3j/RmbK8RTq0sAp+WSYQJBXkT//zRq8tgcJ+TCTNxL/+O7M6Xf2cae2/4n3akcf9I2NteI/RQFoH7yVt63uI+Zfv/43ZyD6tGdGZO/WOUsgiwd0cb9w9v/4xUFgH2LD0sRxv3D2//jFQWAfbsiGc7ePtntLIIsFeZJFk1oLPz9s9oZRFgj4424/+Kt3/OoSwC7M1RTvirePvnHMoiwJ7kfIOq4TwCu/5xLmURYC+yIdJRjvfdynWtfoYD51MWAfYgOyEetfGPHOK0vWYYpSwCnFsOY8r2yFXDeQTZNtq5DpxTWQQ4pyN3+1/JNW6vG0YqiwDncuQJf1dyeNT2umG0sghwDhkTrxrMI0nPRs4x2F47jFYWAUb7x+NjbvKzlf0MttcO51AWAUbJRLijbu+7Zcc/9qQsAoyQxv+IB/u0ZGXD9h7AuZRFgN6evf758o24aiiPKL0c23sA51QWAXp69NPbQ6/x3/rTv15cvLl8+a/vB5xDWQToIV3+f/9ujcl+VzLrX9c/e1QWAU4tXf7Z/a5qJI/MrH/2qiwCnFI29zn6zn6Vv/zn5fvLr+8JnFtZBDiFlZb4bf3xgQ1/2LeyCHBfGfdescv/ypMXxv3Zt7IIcFeZ7b7qW/+Vr75//f5W1PcH9qIsAtzFwx/eLLW8r2Lcn1mURYDb+PHVu4vPHq6zo1+LcX9mUhYBbiLd/V9+v9a6/us445+ZlEXYg6wbf/HG29ReZTe/vPFWDeGKcprh9h7BnpVF2IO//ffDRLJMKEsX8/Z/5zyypn+lPfxvIgcabe8T7F1ZhHNLg189ZC2tOo+s50/Dnz3tt9/L6hKGcn8+vl8wg7II55aZ1NXDNjLZ7LtnxlpHSMOWrWx19dcSiEz6Y1ZlEc4pjXv1sN3Kwzdvpdv/P/eXyX1Zy776kr7r5N5knsr23sEsyiKc023Hl/N2mrdUx63eXxq0nNan4b9ezjUwHMXsyiKcy03f/itptNJ4mTB4O+nCToBaedve28oKiO19hNmURTiHjDefqhHKvyeNmvHZWu51GrGrlRbc3IMnjvflGMoinEMa7OqBe19ZPZC5AoYIPhzQk2WVuvjvJj1M23sKsyqLMFreSEfMNM/qggSNVSZvZSOlhJ80+pbw3Y+1/hxNWYTRer39XyfDBNm9Ldu3HqV3IEMe6drPm6oG/3Ss9eeIyiKMlEZrD+vMEwjScOaNeZYegrzhZ+JkgoxJfH2k8Td8xBGVRRgpjVf14D23LPXKkEFCQXoosuzrXA1B/tt5s8/a/Ezcc/LeGOn29+bPUZVFGCVv/2loq4fvXmUCXYJBZGw9jXJkKCEN9ZVMuNtebyREfPzPRd7ir/49kRP28u/XjX8+Gn+OrizCKHt9+2dtCXYaf46uLMIIGb+e7e2f40vjv/2twhGVRRjBJjTsjXX+rKQsQm/Vcb9wTpl7sf2dwpGVRejN2z97ovFnRWUResrs+OohDOfgSGlWVRahp9se9ws9ZAKqU/1YWVmEXu5z3C+cSvZXcGw0qyuL0Iu3f84tGyzZ2hcEAAZKd2v1QIZRsvHU9ncJqyqLcGqjjvuFivF++K2yCKd2juN+IYz3Q60swil5++dcjPdDW1mEU3rwxNs/4xnvh+uVRTiVGY/7ZW45rtl4P3xaWYRTcdwvI+UM/4TO7e8Q+K2yCKfg7Z9R8tZvS1+4nbIIp5CjVauHNZySt364m7II9+W4X3pL71KWl25/e8DNlEW4L8f90tNnD19ePHvtrR/uoyzCfXj7p5e89WdZ6fY3B9xeWYT7yJhs9fCG+/DWD6dVFuGuHPfLqWUXSTP84fTKItyV4345lSztS3d/tpL++DcGnEZZhLvw9s8pZJw/G0jZwx/6KotwFzl4pXqgw019/ujVxYs3xvlhhLIId5E3tq++f33ZdVs93KEl4dGRvTBWWYT7SBBIF65tgPmUzBl5/NwEPziHsginkO1ZBQEqf/76hZn9cGZlEU5JEOBK9ojwxg/7UBahhwSBL79/fbmuu2ocOKYEvy++fWUTH9iZsgg9ZV13un/tGXBsCXpZx++kPtinsgijPH357nLpV9WAMKcEO+P7sH9lEUYzPDC/nAD55IWlfDCLsgjnlEliGTO2n8D+Zf3+wx9088OMyiLsxaOf3l4OEVhBsB8afTiGsgh7k4mDCQPpZq4aJfrS6MPxlEXYs4SBHDz09+9eX/zpX1YS9KLRh2MrizCTrC//+umby01mqoaMm0mYytwLjT6soSzCrD7uHfjsoUBwnSzXy33K0IoT+GA9ZRGOJEvT0kOQyYTZg75qDFeQQJSlllll4ax9oCzCkaXxSyOYo4szqfBoPQVZPpnx+3Tn5xqtzQcqZRFWlG7wNJbZvjZvymlE9zrJMBsmfdzIZ9hDQw/cRlkEfi29BmlgI41tGt3IKYdpiK/cpTfh6o39Y5nQePXfuJJei2ydvP1sAHdRFgGAI7v43f8Df0ALmCKDJIYAAAAASUVORK5CYII=Azure App Service API AppGE.PEllipsefalseAnyAnyfalsefalseSelectTrueFalseAzure Mobile App Processes XMLVirtualDynamic6c7ab607-e310-4d74-aa5b-397d87f02ee9ListfalseSelectTrueFalseAzure Mobile App Processes JSONVirtualDynamic015d94e3-d54e-4c09-9ce2-2731a0dc86f0ListfalseSelectAllow access from all networksAllow access from selected networksAzure Mobile App Firewall SettingsVirtualDynamic9b54ed83-3970-475b-97a0-be7641051497ListfalseSelectTrueFalseAzure Mobile App CORS UsedVirtualDynamic6ddbac5e-2e11-4b88-b917-587749ea4721ListMobile app backend service built and hosted on Azure App ServicefalseSE.P.TMCore.AzureAppServiceMobileAppCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRQAAXEUBuS1iLAAAJiVJREFUeF7t3SF8HOe1xuELCwsDCwMLCy8sDA0sDAwMCCgwKDAoCLggIMCkwNCgwNCgIKDAwEDAQMBAwEDAZK+Pc3Xjjk5255N2Zt/ZfcBTcH6NNJY8s3/v7Hzff+12OwDgwrRDtu/mdrd7eXW7e/Hm/e77f777f//9P28/+cPfrnb/9d1r4MJ98eTN/18Xvn3x67Xi+ev3n64hVzcfPl5S+usM29YO2Z56of/u/17gf//XN+2JDvBQdW355vm73bN/v9/VPzA+v/6wTe2QbXj19nb3l39c7373vRd8YF1fP7v+9A7j9LrEdrRDsl2//7D76qfr9qQEWNOffni7+/n601sC7fWKXO2QXK/fffAWPxCl3oX0bsD2tEMy1YdxfHgPSFQRULclp9ctcrVD8tSHbr586sUfyFXvTrodsB3tkDz1eE53wgEkqc8ETK9fZGqHZLn9sHPfH9gM7wJsQzskSz13251kAInqHcvpdYw87ZAstQBHd5IBJKp3LOudy8+vY+Rph+SoZ/67EwwgWb1zOb2ekaUdkqPW4+5OLoBktTT59HpGlnZIjjqJupMLINmff/Q0QLp2SA5L/gJbVIuWTa9nZGmH5KhnaruTCyDd9HpGlnZIDkv/AltVy5dPr2nkaIfk6E4qtqnuiX7/z3fsYXvr8/LyyoJAydohGeo52u6kYnvqxW36+6VXu8p1P0O2xw6B2dohGerts+6kYnssijLGZ1/Ow48/C4Bk7ZAMtZ52d1KxLbUq2vR3y36efjkPT1/dfPx19r9jTq8dkqHun3UnFdtjc5T56t2SL574HMA5cOsrWzskgwA4H18+vdq9eisCDqnbXvVhye5nyPYIgGztkAwCANgyAZCtHZLBPgDAlgmAbO2QDPUJ2u6kAtgCAZCtHZJBAABbJgCytUMyCABgywRAtnZIBgEAbJkAyNYOySAAgC0TANnaIRkEALBlAiBbOySDAAC2TABka4dkEADAlgmAbO2QDAIA2DIBkK0dkkEAAFsmALK1QzIIAGDLBEC2dkgGAQBsmQDI1g7JIACALRMA2dohGQQAsGUCIFs7JMMpA+B337/Z/ff/vN19++Ld7snLm93Lq9v/cHXz4eMh9scNrOf6/Yd75+fTVzefXnzrHP7iyZv2HF+DAMjWDslwigD46qfrTxeQ6bEA2/X63YdPMV9h3533SxEA2dohGdYMgHrh//naCz+cs3q3YM0QEADZ2iEZ1goAJylclnqXr7sWHJtrS7Z2SIY1AqDuEU6/L3D+6sW5uyYckwDI1g7JsHQA1IeD6i3B6fcFLkP9A6C7NhyLAMjWDsmwdADUJ4Wn3xO4HPW5n+7acCwCIFs7JMOSAVAfAvKvf+CPf79qrxHHIACytUMyLBkA7v0DZcnPAgiAbO2QDEsGgBMTKEs+EeA6k60dkmHJAHjx5v3Hb9F/X+By3Nx+/J/mGnEMAiBbOyTDkgFQK4NNvx9wmZZaLlgAZGuHZFgyAG4/vf733xe4LH/6YZnHAQVAtnZIhqUCoGp/+r2Ay/X1s+v2WvFYAiBbOyTDUgHw5dOrj1++/57A5fnm+TJPAgiAbO2QDEsFwCkfAaxbD3dblgK/OPVGXPVC3V0rHksAZGuHZFgqAGrnv+n3Oparmw+7Ou7acezUe5HDltUCPXUO1Yvo89fvd/Vp/c/PtWOqVUG7Y3gsAZCtHZJhqQD4yz+OHwD1r5il1xWHS1fnbkX29Px7rKWuNQIgWzskwxYCoN669MIP66pz+JhLeQuAy9QOyZAeAHUB8hY/nEZ9mPdYtwUEwGVqh2RIDwD/8ofTOtbneQTAZWqHZEgOgCcvl/nQEDDmGC+yAuAytUMypAZAPcrnrX/IUOfiY1f2FACXqR2SITUAaiOh7usCp1HXiul5OkIAXKZ2SIbUAPju40ndfV3gNB57TguAy9QOyZAaAD78B1n+8LfHLe8tAC5TOyRDagC4/w95HvNIoAC4TO2QDIkBUBeZ7msCp/Xq7cP3ExAAl6kdkiExAGrlv+5rAqdV14vp+TqXALhM7ZAMiQFQa/53XxM4rVqbY3q+ziUALlM7JENiACx1TMDj1NM50/N1LgFwmdohGRIDYKltQ4HHSQx7AZCtHZIhMQDqhO6+JnBaAoBR7ZAMAgCY6zEbAwmAy9QOySAAgLlqga7p+TqXALhM7ZAMAgCYSwAwqh2SQQAAcwkARrVDMggAYC4BwKh2SAYBAMwlABjVDskgAIC5BACj2iEZBAAwlwBgVDskgwAA5hIAjGqHZBAAwFwCgFHtkAwCAJhLADCqHZJBAABzCQBGtUMyCABgLgHAqHZIBgEAzCUAGNUOySAAgLkEAKPaIRkEADCXAGBUOySDAADmEgCMaodkEADAXAKAUe2QDAIAmEsAMKodkkEAAHMJAEa1QzIIAGAuAcCodkgGAQDMJQAY1Q7JIACAuQQAo9ohGQQAMJcAYFQ7JIMAAOYSAIxqh2QQAMBcAoBR7ZAMAgCYSwAwqh2SQQAAcwkARrVDMggAYC4BwKh2SAYBAMwlABjVDskgAIC5BACj2iEZBAAwlwBgVDskgwAA5hIAjGqHZBAAwFwCgFHtkAwCAJhLADCqHZJBAABzCQBGtUMyCABgLgHAqHZIBgEAzCUAGNUOySAAgLkEAKPaIRkEADCXAGBUOySDAADmEgCMaodkEADAXAKAUe2QDAIAmEsAMKodkkEAAHMJAEa1QzIIAGAuAcCodkgGAQDMJQAY1Q7JIACAuQQAo9ohGQQAMJcAYFQ7JIMAAOYSAIxqh2QQAMBcAoBR7ZAMAgCYSwAwqh2SQQAAcwkARrVDMggAYC4BwKh2SAYBAMwlABjVDskgAIC5BACj2iEZBAAwlwBgVDskgwAA5hIAjGqHZBAAwFwCgFHtkAwCAJhLADCqHZJBAABzCQBGtUMyCABgLgHAqHZIBgEAzCUAGNUOySAAgLkEAKPaIRkEADCXAGBUOySDAADmEgCMaodkEADAXAKAUe2QDAIAmEsAMKodkkEAAHMJAEa1QzIIAGAuAcCodkgGAQDMJQAY1Q7JIACAuQQAo9ohGQQAMJcAYFQ7JIMAAOYSAIxqh2QQAMBcAoBR7ZAMAgCYSwAwqh2SQQCwlD/+/Wr38up2d3XzYffVT9ft/4dtEQCMaodkEAAc2xdP3ux++NfNx1/lf/5eKwYqCrr/hm0QAIxqh2QQABzL775/s/vu4+/u5vbjb7H5vd6pOKhI6L4G2QQAo9ohGQQAx/DnH9/uXr/78PHX1/9OpyoSKha6r0UuAcCodkgGAcBjfPn0avfizfuPv7b+d3lIRUPFQ/e1ySMAGNUOySAAeIjf//XN7umr+/f5H6oiomKi+17kEACMaodkEACM+vbF4fv8D1VRUXHRfV9OTwAwqh2SQQAwV138f77+9Mrf/t6OpeLim+f+DiQSAIxqh2QQABzyh79d7Z6/fvh9/oeq2KgXnO6YOA0BwKh2SAYBwG+pt+KfvLzZ3X76cH//u1pDxUdFSHeMrEsAMKodkkEA0Pn62fXu+v38x/qWVhFSMeLzAaclABjVDskgAPjcn354u3v1dvn7/A9VUVJx0h07yxMAjGqHZBAAlFqZ79m/17/P/1AVKRUr3Z+F5QgARrVDMgiAy1bL99bP+9T3+R+qosWywusRAIxqh2QQAJerduirnfqmP/+tqXipvzMVM92fk+MRAIxqh2QQAJfnbpve6c9962w7vDwBwKh2SAYBcDl+a5vec2Pb4eUIAEa1QzIIgMuw5PK9qWw7fHwCgFHtkAwC4LyNbtN7bmw7fFwCgFHtkAwC4Dw9dpvec2Pb4eMQAIxqh2QQAOflbvne6c+UX9h2+HEEAKPaIRkEwPmoHfSSlu9NZtvhhxEAjGqHZBAA21cX5TW26T03th0eJwAY1Q7JIAC261Tb9J4b2w7PJwAY1Q7JIAC2Z+vL96ay7fBhAoBR7ZAMAmBb0rbpPTe2Hd5PADCqHZJBAGxD+ja958a2wz0BwKh2SAYBkK1Wsqvf0fRnxDpsO/yfBACj2iEZBECmus9fK9hd2vK9qWw7/AsBwKh2SAYBkOdctuk9N7YdFgCMa4dkEAA5aoW6c9ym99xc8rbDAoBR7ZAMAuD06hPntTLd9OdAtkvcdlgAMKodkkEAnNYlbtN7bi5p22EBwKh2SAYBcBqXvk3vubmUbYcFAKPaIRkEwLpqpTnb9J6vc992WAAwqh2SQQCs426bXsv3XoZz3XZYADCqHZJBACzPNr2X69y2HRYAjGqHZBAAy6kV5GzTyzltOywAGNUOySAAjq8+EV4rx03/XFy2c9h2WAAwqh2SQQAcj216mWPL2w4LAEa1QzIIgOOwTS8jtrrtsABgVDskgwB4nFoJzja9PNTWth0WAIxqh2QQAI9j4x4eqz4kuJW1AwQAo9ohGQTA49m6l4fa2mOCAoBR7ZAMAuB46tP/9fOc/nlgaqsLBQkARrVDMgiA46vn/30ugE7dLtryUsECgFHtkAwCYDmeDODO3WZBdbuo+7uyFQKAUe2QDAJgWdYG4Jy2CxYAjGqHZBAA66iFX2oBmOmflfP18ur202Oi3d+HrRIAjGqHZBAA66oLqP0BztvWnu0fIQAY1Q7JIABOww6B56du89Tf3a3f599HADCqHZJBAJxOPf9dy8FO//xsT23+dC73+fcRAIxqh2QQAKdXz4PXc+HTnwP56nHPeuyz+72eIwHAqHZIBgFw2FortdXz4a/fuS2wBXX75lz2+B8hABjVDskgAA5b+2L/7QvLCqdaexe/2msi6UkCAcCodkgGAXDY3XHVp/fXeru37ifX8+N335vTW3Mf/7otVI8R1vetF93u/3MKAoBR7ZAMAuCw6fGt+YGv+tff3QsBp1G3ZdZ6Ea53FmqDoM+/vwDYTwBka4dkEACHTY+vrP3Il22H11e3Yep2TPf7WMJv3foRAPsJgGztkAwC4LDp8X1uzUVf7rYdtqzw8tbcpvfQhz8FwH4CIFs7JIMAOGx6fJ16HGytD2vV7Ye6DTE9Bh5vzW165y4PLQD2EwDZ2iEZBMBh0+PbZ82NX2w7fDxrbtN7twDU3HdyBMB+AiBbOySDADhsenyHrL31q22HH27t39VDloAWAPsJgGztkAwC4LDp8c2V/K9KtvNujQDYTwBka4dkEACHTY9vVOJ95Uu25ja9x/i8hgDYTwBka4dkEACHTY/vodb8ZHldqG07/J/WfmKj/h4f4x0ZAbCfAMjWDskgAA6bHt9jrP1sed1z7p4tvySnWLPhmJ/JEAD7CYBs7ZAMAuCw6fEdw6lXl7sU57BqowDYTwBka4dkEACHTY/vmNZeX/5Sth1ec5veCowl920QAPsJgGztkAwC4LDp8R1bvUW95g5z57ztcL31vubOjfUI4dK3WATAfgIgWzskgwA4bHp8S1nzxetuWeFz+XzAOUeUANhPAGRrh2QQAIdNj29p5/T29RrO/TaKANhPAGRrh2QQAIdNj28tth3eb+0PUtY7DNNjWIMA2E8AZGuHZBAAh02Pb01rP8K2hWWFT/Eo5Sl/JgJgPwGQrR2SQQAcNj2+U6gXoHq+vDu+YzvmIjbHdomLKQmA/QRAtnZIBgFw2PT4Tmlry9gey5rLKdefO2k5ZQGwnwDI1g7JIAAOmx5fgkvZdnjNDZVS3/kQAPsJgGztkAwC4LDp8aWoe+HpW9k+1Np/tuTPPgiA/QRAtnZIBgFw2PT40tSn4c9p2+FLeXdjLgGwnwDI1g7JIAAOmx5fqq1vO7z25xu2sv6BANhPAGRrh2QQAIdNjy/dmp+UP8aKePXW+5rb9G5tBUQBsJ8AyNYOySAADpse3xas/ax8fa/RF9W11zioxyjrQ4XT40gnAPYTANnaIRkEwGHT49uSeo59rReQetdh7rbDa65yuPVdEAXAfgIgWzskgwA4bHp8W5SyXv6a+xyMBEkyAbCfAMjWDskgAA6bHt9W1Vvua+6Y9/lb7nWff81teh9ySyKVANhPAGRrh2QQAIdNj2/r1v7QXX2vtaKjXqASlu89JgGwnwDI1g7JIAAOmx7fuVjz7filLfFYYgoBsJ8AyNYOySAADpse37lZ8wN5x1bvLCy9MNGpCYD9BEC2dkgGAXDY9PjO0dqP5B3DFrYuPgYBsJ8AyNYOySAADpse3zmrD+2tte3wQ21h+d5jEgD7CYBs7ZAMAuCw6fFdgjWX5Z2rblOkbE+8JgGwnwDI1g7JIAAOmx7fJVlzY57fcrd87znf599HAOwnALK1QzIIgMOmx3dp7rbm7X42S9vq8r3HJAD2EwDZ2iEZBMBh0+O7VGtuO1y3H+o2xPQYLpEA2E8AZGuHZBAAh02P79Itue1wPda3lW161yIA9hMA2dohGQTAYdPj4xfH3nb4nJbvPSYBsJ8AyNYOySAADpseH7+qF+zHrvFftxXq9sL0a/MLAbCfAMjWDskgAA6bHh/3PeRFqt492PI2vWsRAPsJgGztkAwC4LDp8XHfQ16kav3+6dfhPgGwnwDI1g7JIAAOmx4f9wmA5QiA/QRAtnZIBgFw2PT4uE8ALEcA7CcAsrVDMgiAw6bHx30CYDkCYD8BkK0dkkEAHDY9Pu4TAMsRAPsJgGztkAwC4LDp8XGfAFiOANhPAGRrh2QQAIdNj4/7BMByBMB+AiBbOySDADhsenzcJwCWIwD2EwDZ2iEZBMBh0+PjPgGwHAGwnwDI1g7JIAAOmx4f9wmA5QiA/QRAtnZIBgFw2PT4uE8ALEcA7CcAsrVDMgiAw6bHx30CYDkCYD8BkK0dkkEAHDY9Pu4TAMsRAPsJgGztkAwC4LDp8XGfAFiOANhPAGRrh2QQAIdNj4/7BMByBMB+AiBbOySDADhsenzcJwCWIwD2EwDZ2iEZBMBh0+PjPgGwHAGwnwDI1g7JIAAOmx4f9wmA5QiA/QRAtnZIBgFw2PT4uE8ALEcA7CcAsrVDMgiAw6bHx30CYDkCYD8BkK0dkkEAHDY9Pu4TAMsRAPsJgGztkAwC4LDp8XGfAFiOANhPAGRrh2QQAIdNj4/7BMByBMB+AiBbOySDADhsenzcJwCWIwD2EwDZ2iEZBMBh0+PjPgGwHAGwnwDI1g7JIAAOmx4f9wmA5QiA/QRAtnZIBgFw2PT4uE8ALEcA7CcAsrVDMgiAw6bHx30CYDkCYD8BkK0dkkEAHDY9Pu4TAMsRAPsJgGztkAwC4LDp8XGfAFiOANhPAGRrh2QQAIdNj4/7BMByBMB+AiBbOySDADhsenzcJwCWIwD2EwDZ2iEZBMBh0+PjPgGwHAGwnwDI1g7JIAAOmx4f9wmA5QiA/QRAtnZIBgFw2PT4uE8ALEcA7CcAsrVDMgiAw6bHx30CYDkCYD8BkK0dkkEAHDY9Pu4TAMsRAPsJgGztkAwC4LDp8XGfAFiOANhPAGRrh2QQAIdNj4/7BMByBMB+AiBbOySDADhsenzcJwCWIwD2EwDZ2iEZBMBh0+PjPgGwHAGwnwDI1g7JIAAOu37/4eNh9cfKLwTAMm4//tX749+v2p/fKQgARrVDMgiAw373/ZtPF5m6GH9+nPxKABzfs3+/333x5E37szsVAcCodkgGATBfXYzrojw9XgTAMb16e7v70w85b/t/TgAwqh2SQQCMq4tzXaSnx33JBMDj1a2mr59dtz+rFAKAUe2QDALg4b55/s7nA/6PAHi4urX05OXN7vd/zXq7vyMAGNUOySAAHqcu2nXxvvTPBwiAh3n++v2nn0P380kkABjVDskgAI6jLuJ1MZ/+WS6FABjz8/XtpxfT7ueSTAAwqh2SQQAc159/fLt7/e7ybgsIgHlubne7b19s9++3AGBUOySDAFhGXeTrYv/5n+ucCYDDnr7axn3+fQQAo9ohGQTAcupiXxf96Z/vHAmA3/bizfvdl0+3c59/HwHAqHZIBgGwvFrJ7eXVeT82KADuu7r5sPvqp+zH+kYJAEa1QzIIgPXUi0G9KEz/vOdAAPyqbv189/HvcK0g2f25t0wAMKodkkEArKteFOrF4dw+HyAAfvHDv27ilu89JgHAqHZIBgFwGue2rPClB0Dy8r3HJAAY1Q7JIABO61yWFb7UANjC8r3HJAAY1Q7JIAAy1IvIlpcVvrQAqJUf6+/pOd7n30cAMKodkkEA5KgXk60uK3xJAVArPp7zff59BACj2iEZBECeemHc2rLClxAAW12+95gEAKPaIRkEQK662NaLzvTnk+icA6BuzdTOj92f4dIIAEa1QzIIgHz14pP+2OC5BsBWtuldiwBgVDskgwDYhvRlhc8tAM5p+d5jEgCMaodkEADbUi9K9eI0/Zmd2rkEQO3kWDs6dseLAGBcOySDANimepFKWlZ46wFwt3xvd5z8SgAwqh2SQQBsV9KywlsOgHNfvveYBACj2iEZBMD21YtXvYhNf45r2mIA1A6NtVNjd2z0BACj2iEZBMD5qBezUy0rvKUAqMf6zm2b3rUIAEa1QzIIgPNzimWFtxAAl7p87zEJAEa1QzIIgPNUL3L1c1xrWeH0AKidF93nfzwBwKh2SAYBcN7W2nY4NQAuZZvetQgARrVDMgiAy1AX7iWXFU4LAMv3LkMAMKodkkEAXJZ6UVzi8wEpAVC3PCzfuxwBwKh2SAYBcHnqxfHY2w4nBEDtoFhfs/teHIcAYFQ7JIMAuFzHXFb4lAFg+d71CABGtUMyCADqxbNeRKe/hxGnCIBaAfHbF/6urEkAMKodkkEAcKdeTB+6rPDaAVA7I7rPvz4BwKh2SAYBwOfqRfUhywqvFQC1fK9tek9HADCqHZJBANCpZYXrxXb6u/ktSwdA7Xxo+d7TEwCMaodkEADsUy+6c7YdXioA7rbptXxvBgHAqHZIBgHAIXOWFV4iACzfm0cAMKodkkEAMNe+ZYWPGQCW780lABjVDskgABhVL87TbYePEQC1QmHtZNj9f8kgABjVDskgAHio+h3fLSv8mAC4W77Xff58AoBR7ZAMAoDHuFtW+CFv2VcAWL53WwQAo9ohGQQAMJcAYFQ7JIMAAOYSAIxqh2QQAMBcAoBR7ZAMAgCYSwAwqh2SQQAAcwkARrVDMggAYC4BwKh2SAYBAMwlABjVDskgAIC5BACj2iEZBAAwlwBgVDskgwAA5hIAjGqHZBAAwFwCgFHtkAwCAJhLADCqHZJBAABzCQBGtUMyCABgLgHAqHZIBgEAzCUAGNUOySAAgLkEAKPaIRkEADCXAGBUOySDAADmEgCMaodkEADAXAKAUe2QDAIAmEsAMKodkkEAAHMJAEa1QzIIAGAuAcCodkgGAQDMJQAY1Q7JIACAuQQAo9ohGQQAMJcAYFQ7JIMAAOYSAIxqh2QQAMBcAoBR7ZAMAgCYSwAwqh2SQQAAcwkARrVDMggAYC4BwKh2SAYBAMwlABjVDskgAIC5BACj2iEZBAAwlwBgVDskgwAA5hIAjGqHZBAAwFwCgFHtkAwCAJhLADCqHZJBAABzCQBGtUMyCABgLgHAqHZIBgEAzCUAGNUOySAAgLkEAKPaIRkEADCXAGBUOySDAADmEgCMaodkEADAXAKAUe2QDAIAmEsAMKodkkEAAHMJAEa1QzIIAGAuAcCodkgGAQDMJQAY1Q7JIACAuQQAo9ohGQQAMJcAYFQ7JIMAAOYSAIxqh2QQAMBcAoBR7ZAMAgCYSwAwqh2SQQAAcwkARrVDMggAYC4BwKh2SAYBAMwlABjVDskgAIC5BACj2iEZBAAwlwBgVDskgwAA5hIAjGqHZBAAwFwCgFHtkAwCAJhLADCqHZJBAABzCQBGtUMyCABgLgHAqHZIBgEAzCUAGNUOySAAgLkEAKPaIRkEADCXAGBUOySDAADmEgCMaodkEADAXAKAUe2QDAIAmEsAMKodkkEAAHMJAEa1QzIIAGAuAcCodkgGAQDMJQAY1Q7JIACAuQQAo9ohGQQAMJcAYFQ7JIMAAOYSAIxqh2QQAMBcAoBR7ZAMAgCYSwAwqh2SQQAAcwkARrVDMggAYC4BwKh2SAYBAMwlABjVDskgAIC5BACj2iEZBAAwlwBgVDskgwAA5hIAjGqHZBAAwFwCgFHtkAwCAJhLADCqHZJBAABzCQBGtUMyCABgLgHAqHZIBgEAzCUAGNUOySAAgLkEAKPaIRkEADCXAGBUOySDAADmEgCMaodkEADAXAKAUe2QDAIAmEsAMKodkiExAJ6+umm/JnBaAoBR7ZAMiQGw1DEBjyMAGNUOySAAgLm+fpZ3XguAbO2QDAIAmCvxvBYA2dohGQQAMJcAYFQ7JENiALy8um2/JnBaj3mxFQCXqR2SITEAXr0VAJDoycubj6dof94eIgAuUzskQ2IAXN18aL8mcFp1vZier3MJgMvUDsmQGACl+5rAadXtuem5OpcAuEztkAypAfCHv121Xxc4nXp3bnquziUALlM7JENqAPz5x7ft1wVO43ffv/l4avbn6xwC4DK1QzKkBkCd1N3XBU7jMasAFgFwmdohGVIDwKOAkKX26JiepyMEwGVqh2RIDYDbD7tPbzl2XxtY3+t3D7//XwTAZWqHZEgNgFJvOXZfG1hXfSh3en6OEgCXqR2SITkAbAsMGb598fgXWQFwmdohGZIDoG4DfPnU44BwSl88ebOrc/Hzc/MhBMBlaodkSA6A8vz1MscHzFPn4PS8fAgBcJnaIRmWOinrOf7p93qor366br8HsKw696bn40PVC3X3PR5LAGRrh2RYKgAe+8zw525ud5++Xvd9gGV8/ex6V+fe5+fiYwiAy9QOybBUAPzph+MFwJ2lLiDAr+rx27ouTM+/x/pOAFykdkiGpQLgGI8NdV68ee+DgbCQunX32Of9f0t9Lqj7no8lALK1QzIsFQC//+vj1g0/5NXb20+PJv3x72IAHqr+tV8v+rXP/2M2+pljqc/yCIBs7ZAMSwVAmX6vpdR9ylo6uNYNqItBfV6g2FGQS1cv8HfnQ6m34escqXfSlvqX/m+p798d42MJgGztkAxLBsDS/6IAtmOpIBcA2dohGZYMgHqbfvr9gMu01N4eAiBbOyTDkgFwrAVEgG27fv+hvUYcgwDI1g7JsGQAHGP9cGD7llzRUwBka4dkWDIA6hP60+8HXJ76x0B3jTgGAZCtHZJhyQAox1xJDNimJR/XFQDZ2iEZlg4AnwOAy1b/COiuDcciALK1QzIsHQDfPHdywiV79u9lrzECIFs7JMPSAVCP/vx87XFAuFRLr9YpALK1QzIsHQDlmFuKAtvxw79u2mvCMQmAbO2QDGsEQPEuAFyW2w+73RdPlln853MCIFs7JMNaAVDLgFoaGC5Dvfh//WyZzX+mBEC2dkiGtQKg1A6BlgeG81af+v/TD8ts/NMRANnaIRnWDIBSHwqs7zk9DmD7KvDX3oVTAGRrh2RYOwDu1EWi9iCvNcKnxwRsR73dX9eRNf/V/zkBkK0dkuFUAfC5v/zj+tMFxAcFYRvq8zz1fH8t8Vu39rrzei0CIFs7JENCAEzVvyT+/OPbTyd2qXcKXl7dAiurx/juzsN6nPe//+c0/8rfRwBka4dkSAwAgLkEQLZ2SAYBAGyZAMjWDskgAIAtEwDZ2iEZBACwZQIgWzskgwAAtkwAZGuHZBAAwJYJgGztkAwCANgyAZCtHZJBAABbJgCytUMyCABgywRAtnZIBgEAbJkAyNYOySAAgC0TANnaIRkEALBlAiBbOySDAAC2TABka4dkEADAlgmAbO2QDAIgS22FXFuuHssf/37Vfp+H+MPfrtrvsYRjHveXT49/3PV76r4X6xMA2dohGQTA6X3x5M2ufg+3Hz7+Rprf0WPd3O52T17e7H73/Zv2++9TL3RLHtshL96833397Lo9tkMqImpP++nXPJarmw+7b56/a7836xEA2dohGQTAaf3+r292P18v9yL1uWf/Hvtd/+Uf1x//s/5rre3567Fjr3/1V/h8/jWWIgJOSwBka4dkEACn9dVP677I1tv43XFMrX1cc9S7GN2xdp6+uvn4n/Rf59gq4LpjYB0CIFs7JIMAOK01X6jK3LfT6+/F9L89tXrLvTvWTt06mP73S+qOgXUIgGztkAwC4LS+fbHuxas+wNYdx9Trd59u+rdf45TmvoOxZsBcv58fJhyfAMjWDskwel+Y46p71Wt9wK7uic/9IOBa989Hzf30/Z9/fPvx/95/jWMT0aclALK1QzLUp6S7k4r11NvyS0dAvaCPPFpXH7qbfo1Tq5/RyJMM363wwlA/p4c8XcHxCIBs7ZAMAiBDPQpYtwN++NfNp0fXjqU+Y1Cf5h99kVrjxXPUq7fjf1fvfq71AcLu5/MQ9TuqF51696b7nqxLAGRrh2SoC1p3UsHaH6Tbp+6zz73/z2URANnaIRkEAL+l3jWodxBOtQjQnQqRY64MyHkRANnaIRkEAIfUYkW12E1daI99i6JTH0yt71W3Ifyrn0MSH1nlV+2QDHXB7U4qgC0QANnaIRlGFlcBSCMAsrVDMggAYMsEQLZ2SAYBAGxZ3cacXtfI0Q7J0Z1UAFsgALK1Q3JYyQzYqtR9K/hFOySHR62ArarbmNNrGjnaITnm7hAHkGZ6PSNLOyTH3D3iAZLUu5fT6xlZ2iE5arOU7uQCSLbmts88TDskRy292p1cAMnqHy/T6xlZ2iE56lO03ckFkOz5a4sApWuHZPEkALAl9fhybRM9vZaRpR2S5cnLm/YkA0j01U/XHy9d/fWMHO2QLFXSFgQCtuLFG2//b0E7JE8VdXeiASTx+N92tEPyvHp7610AIN4P/7r5eMnqr2NkaYdk8kggkOy7f3r0b0vaIbmqrrsTD+CUatXS6fWKbO2QbE9f3bgdAMT4yz+ud7efnvrrr1lkaofkq1227BMAnFIt91ufT5pen9iGdsh23Hw89+q2QD0l8Pu/elcAWE6981g7lNbaJLb63b52yHbV0sH1DO73/3z3aS3uOlmL1QSBOb548suLfPnm+btP15Ja1vfna//SPzftEAA4Z7v/+l9btWq/xi9TKgAAAABJRU5ErkJggg==Azure App Service Mobile AppGE.PEllipsefalseAnyAnyfalsefalseSelectGenericWeb FormsMVC5MVC6Web Application TechnologiesVirtualDynamicf9960f99-8659-4776-90d7-e454ef832db7ListfalseSelectOnPremAzureEnvironmentTypeVirtualDynamic80fe9520-5f00-4480-ad47-f2fd75dede82ListfalseSelectYesNoProcesses XMLVirtualDynamicdf53c172-b70c-412c-9e99-a6fbc10748eeListWeb ApplicationfalseSE.P.TMCore.WebAppCentered on stenciliVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAABcRgAAXEYBFJRDQQAANcZJREFUeF7t3a+77UTW7fH+x1u0QCAQCAQCgcAgXoFAtGiBaNGiBaIF4ggEAoFAIDDn7kE/uexTPXbmqpmq1I/1FZ/n3nc2O2etrCQ1UlWp/OX9+/cAAODJ2CIAANibLQIAgL3ZIgAA2JstAgCAvdkiAADYmy0CAIC92SIAANibLQIAgL3ZIgAA2JstAgCAvdkiAADYmy0CAIC92SIAANibLQIAgL3ZIgAA2JstAgCAvdkiAADYmy0CAIC92SIAANibLQIAgL3ZIgAA2JstAgCAvdkiAADYmy0CAIC92SIAANibLQIAgL3ZIgAA2JstAgCAvdkiAADYmy0CAIC92SIAANibLQIAgL3ZIgAA2JstAgCAvdkiAADYmy0CAIC92SIAANibLQIAgL3ZIgAA2JstAgCAvdkiAADYmy0CAIC92SIAANibLUZ++eWX9+/evQMA4JKffvrppVnxbQ36ssXIP/7xj/d//etfAQC45IsvvnhpVnxbg75sMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjBAAAQAsEgHFsMUIAAAC0QAAYxxYjmQCgvwEA7O2zzz6zbcBbCADj2GJEP7L7Ic+U2wAA7Of//u//bBvwFgLAOLYYIQAAABwCwDpsMUIAAAA4BIB12GKEAAAAcAgA67DFCAEAAOAQANZhixECAADAIQCswxYjBAAAgEMAWIctRggAAACHALAOW4wQAAAADgFgHbYYIQAAABwCwDpsMUIAAAA4BIB12GKEAAAAcAgA67DFCAEAAOAQANZhixECAADAIQCswxYjBAAAgEMAWIctRggAAACHALAOW4wQAAAADgFgHbYYIQAAABwCwDpsMUIAAAA4BIB12GKEAAAAcAgA67DFCAEAAOAQANZhixECAADAIQCswxYjBAAAgEMAWIctRggAAACHALAOW4wQAHAnHW+Yw7t3715+Ev87AUIAWIctRnQhcD/kmXIbwKPc8YQxdO6Xvw/wGgFgHbYYIQDgTu54whgEAEQIAOuwxQgBAHdyxxPGIAAgQgBYhy1GCAC4kzueMAYBABECwDpsMUIAwJ3c8YQxCACIEADWYYsRAgDu5I4njEEAQIQAsA5bjBAAcCd3PGEMAgAiBIB12GKEAIA7ueMJYxAAECEArMMWIwQA3MkdTxiDAIAIAWAdthghAOBO7njCGAQARAgA67DFCAEAd3LHE8YgACBCAFiHLUYIALiTO54wBgEAEQLAOmwxQgDAndzxhDEIAIgQANZhixECAO7kjieMQQBAhACwDluMEABwJ3c8YQwCACIEgHXYYoQAgDu54wljEAAQIQCswxYjBADcyR1PGIMAgAgBYB22GCEA4E7ueMIYBABECADrsMUIAQB3cscTxiAAIEIAWIctRggAuJM7njAGAQARAsA6bDFCAMCd3PGEMQgAiBAA1mGLEQIA7uSOJ4xBAECEALAOW4wQAHAndzxhDAIAIgSAddhihACAO7njCWMQABAhAKzDFiMEANzJHU8YgwCACAFgHbYYIQDgTu54whgEAEQIAOuwxQgBAHdyxxPGIAAgQgBYhy1GCAC4kzueMAYBABECwDpsMUIAwJ3c8YQxCACIEADWYYsRAgDu5I4njEEAQIQAsA5bjBAAcCd3PGEMAgAiBIB12GKEAIA7ueMJYxAAECEArMMWIwQA3MkdTxiDAIAIAWAdthghAOBO7njCGAQARAgA67DFCAEAd3LHE8YgACBCAFiHLUYIALiTO54wBgEAEQLAOmwxQgDAndzxhDEIAIgQANZhixECAO7kjieMQQBAhACwDluMEABwJ3c8YQwCACIEgHXYYoQAgDu54wljEAAQIQCswxYjBADcyR1PGIMAgAgBYB22GCEA4E7ueMIYBABECADrsMUIAQB3cscTxiAAIEIAWIctRggAuJM7njAGAQARAsA6bDFCAMCd3PGEMQgAiBAA1mGLEQIA7uSOJ4xBAECEALAOW4wQAHAndzxhDAIAIgSAddhihACAO7njCWMQABAhAKzDFiMEANzJHU8YgwCACAFgHbYYIQDgTu54whgEAEQIAOuwxQgBAHdyxxPGIAAgQgBYhy1GCAC4kzueMAYBABECwDpsMUIAwJ3c8YQxCACIEADWYYsRAgDu5I4njEEAQOTf//73+08++cQePw4BYBxbjBAAcCd3PGEMAgAe9csvv7z/17/+9f7rr79+//HHH9vjSQgA49hihACAO7njCWMQAJD1008/vf/nP//5/vPPP//gmCIAjGOLEQIA7uSOJ4xBAEAL6h3QsaShAgLAOLYYIQDgTu54whgEALT2888/v/w//n9DX7YYIQDgTu54whgEAGAfthghAOBO7njCGAQAYB+2GCEA4E7ueMIYBABgH7YYIQDgTu54whgEAGAfthghAOBO7njCGASAMX788cf37969+/9++OGHP36LyH/+858P/k7KbeN52WJEB5a7OJwptwE8yh1PGEPnfvn74Bo17mqotW+1jK4ei/vb3/5m938P+ve0WI/+/e+//56Q8ERsMUIAwJ3c8YQxCAA5etRNDav237fffvtHo3u2Ot4M9Pn0Ob/55ps/Prc+vxbzKb8b1mWLEQIA7uSOJ4xBAHiMGnwtg/vVV1+9/+ijj+y+XJV6J/S9tKofgWBtthghAOBO7njCGAQA79dff32vl+CoC3/2O/vW9H01hKDAoxX+yn2DedlihACAO6kbchU1b0E7uO3MSo1c+fs8o99+++2PcXt1j3/66af2d31WOgcUhDSfQMGo3HeYhy1GCACAx7mxLzX6usstX2aDc5999tkf+40wMB9bjHCRAzzOjf3oTlZd3O63Qx3NHdD+/P333192rd/fuI8tRrjIAR7nxh70aJ6693ebwDcL7VcNE/DI4Vi2GOEiB3icG+t6/Ypa9zuhD+3vv//97+95K+D9bDHCRQ7wODfWo8l8jOvPQfMFmGh6H1uMcJEDPM6NdaihYQb/nNQroImDzBXoyxYjXOQAj3Njfmr4d+rmd49r3rmUcE9aY0ALDhEE+rDFCBc5wOPcmJMaEDUkOyzSo++gMfNoAp0mMn733XdbhB19Z30XPYpZfk/k2WKEixzgcW7MRQ3GLg2/hiuy4+O7zHPQ0wM6xwgCbdhihIsc4HFuzEENhH6LHR7j03fQ3W/5HTMUIHbZJwSB62wxwkUO8Dg3xtNCMyPv+DWTXV30Le64NZ7fegU9NZpffvml/fdqqEdCx7u+r/vf76DfmacG8mwxwkUO8Dg3xtFz5C0atlrH2/FevwxHjZL7b2votcHHd+tBvQru362h76xtHS9D0n4YMQFRYYt1BOrZYoSLHOBxbtxPE/x0x31nw6MuaK0UqLH1coa6QsDVbva77mp/+OGHS/tNf+saXm1X++funhgdBwwLPM4WI1zkAI9z415qaO6c5a53AmiIofwcB4WBK13/alD1ncrt9qSnBa4EFg0FnD2mp5Ck/XZXQFPoOPuN8CdbjHCRAzzOjXvoLvuu7v6at9npDtRt4xEjGv/DTz/9dCkEaF3/cpsl3ZlrP971NIKOD4YFztlihIsc4HFu9KU7TY1d976bVGOoMfiaBkR30m5bjxrV+B/071/ZrzWfXwFOYenqUElE30f/zlkPxTOzxQgXOcDj3OhHjXHvpXvVfZxZcEYNzJXPdkymG01d5+7zPUJDMbUNrf77O9Zp0G+jXo7y3392thjhIgd4nBt9aFJcz7t+NV76N7J3ile6/nvP9q915ekATfwrt/co7f+eAU/HzyxBaxa2GOEiB3icG22pQdb4sttvLWh8/+qEMd1ZZsOJnvMvtzcDPc7nPu8jrr7jv/eqhZqQyJMC/2WLES5ygMe50U7PLn9tt9WYe3YhHHV7t17kpxU1kNmnK7Q/sj0prylI9FpkiCGB/7LFCBc5wOPcaKNXl78a3ZbdwPqc7t95hCYNltubyZWeDY3rl9vL6rWyI0MCBACgKc6Na3p1+etir9+mxZ3pQdvKNkxXxsrvlDmepXXvhva15ib0eGrgmYcEbDHCRQ7wODfyenX5q7Ht0dV+pXFsGUR60ufM/iY9JjeqodZ23b93xbMOCdhihIsc4HFu5Kibt3WXf8/14RUosp9Xk9zK7c1MY/Hue0S0f3rtf2239URBfV4N6ZT/1s5sMcJFDvA4N+ppHNbtlyxdyNVdXP47LalXwf3bEXU3l9taQfb76mmCclst9VgUSudw+e/syhYjXOQAj3OjTmZ/nel513/I3v1r/HrWWf8Rdb1n5zv07lrX7916WehV5mhcZYsRLnKAx7nxuJaT/e646z9kx6BXn3GeXSWwdy/AQd33LScJqrdmlbkaWbYY4SIHeJwbMV1Uryw0U7rjrv+QvfufdcGfWtnf7a4Jdvp9WvYGaFs7hwBbjHCRAzzOjXPqSlZj6PZDhpbgLf+NnrJ3/7vMMNf3cN8vclcvwOHKcsYlLUa062OCthjhIgd4nBtv091Zq5Xd1NV792z67N3/3Y1fb7P3Ahz09EKrBYT0mKDeYFj+G6uzxQgXOcDj3PB08cwuLVtSl/+Ii/Gz3/0fsr0AIybWKbS1elxQx+9uv6UtRrjI9XNlaVGgpVZ3rrpotpqcpUZkxJis/s3Md9jt7v+Q6QVQ74ka5HJbd7jytsbXdAzsFAJsMUIA6IcAgBmoy7NFQ6s79RaNv7Zx9a19V2hte/e5Iq1eODSbbC9Ay3cE1NKQUatjcZcQYIsRAkA/BACMpju1FrPqdbfXottf47ijL7iZuQv6m3I7O8n0Aui3LLdzJx3XLY5JbWOHOQG2GCEA9EMAwGg6BsvjspZmTbeY8KdtjL7Q6i7efbbIakv+1sr2AozeL60moyoErP50gC1GCAD9EAAwkhbnKY/JWho6aPGon7YxwwU2c6e7+93/IbNvZlgTQcdo5rOX9DuPmJPSii1GCAD9EAAwSqtx/xYXVgWRGS6sult0ny+y+93/IdsLcNfCTZHsOw5eW3mxIFuMEAD6aXFAArVajfu3WN5X15dyu6NkFpRR13C5nZ1lenvuXsDpTHaC52urvuTJFiMEgH4IABihxbh/5rpQavE5Wsq8C/+udxLMIvOOgNGTAUstel61TkS53dnZYoQA0A8BAHdrMe7f4pW+szX+P/74o/2cZ0Y+6z6Kur8zK+7N9ohkixAwU+/VI2wxQgDohwCAO7UY98++Je61kc+HvyVzLmr+Q7mdZ5BZJXHGbvMWIWC2IHvGFiMEgH4IALhLi3F//b2247b/qBnvmhSKMovG7LrwT0THgdsfZ3TczPgY3dUQoO+l3qNyuzOyxQgBoB8CAO5y9U5FjWRmjPy1WbtMdxjXvltmzf1Z75avvk1wlTUCbDFCAOgnM5aqt15hDplZ8G47vbVYWe/qjP9ZG3/JfLeZv88dMnfOMw+ZZNq511YYDrLFCAGgn8xJVG4D4zzLuaHn3N13eZTukGbuLs90/z/b5L9SZthE3eVX56D0oqCs49R97kfN2sNxsMUIAaAfAsDanuHcaPWCH9EFVr1eM3WX6sLvPuuZZ538V8pMBpxp0SSFER2PV4e2Di3m2fRkixECQD8EgLXtfm7oAtnq/eqv6UKp+S8zXCwzr459lpX/IpmVAVs8hnqVQq2Ov1bB9rVWK2z2YIsRAkA/BIC17X5uZO7wamlp1ZGv/q3t9lWjMesFfoTa/Tdy8qSGoXS8uc/V0gwhx7HFCAGgHwLA2nY+N66O+9dSw6C7sjsfqco8zrbqMrC9ZHpQ7vyN1Uuh4yqzeNEVM84HsMUIAaAfAsDadj03Wo77Z+iuUvu296uBM49/zXhhHykzh6L3uwF03Oi3bTW2nzHjfABbjBAA+iEArG3Xc6PHuH+WPosmavWYdV/7Yhtd1Fd/J3wPtWFRDXO5jav0u+g4afFq6lZmmw9gixECQD8EgLXteG60eFtaLwoDurNrsa5B5tW/M7zbfkaZdRRa9O7oDlvHw0yBtaTPV37uUWwxQgDohwCwtt3ODTWKI7v+a2hMVw2PJhBm7soz596M7zCYQWa+SKZh1N20/i2N6V99Zv8u6jXqPZT1KFuMEAD6IQCsbbdzI3MnNwvdBaqBfnSCmZ7ld9s5M8uFfDZqmNXQuX32lkd7U9Tbo9/1jtn7vcyyboQtRggA/RAA1rbTuZGZzHXQ44K6o7t7pvVb1BipgdHvo+9VjsNmGqzPPvvsg23gQ5kG2vXc6PfS76bt1f5GvahXTBMXdYy7//0RM6wdYYsRAkA/BIC17XJuqEFUA+c+b0R33q+3pWM6u62e9DkVVHQhzpx3+q1ff098KLNPdWevZ/PVuM44jn+sXPk6QOoxUPffRrStMojezRYjBIB+CABr2+XcyE78OxvfvGvRlbus8srXUTKTKmelMPLW4lT6ntmert6PP0ZsMUIA6IcAsLYdzg1d0LJdrTp+y+2VNIa78twC0d1b+b3wv2a8i6+hsXoNQZTfq6Rw6/4+ovNs5NoAthghAPRDAFjbDudGZjKc1E5sUtDQ/lpl9vZrGgPWnAINIeg76LxVQzHbQi93Ua+Pvr/ukrU/dGer/TPLHJAa+sz6XWsneGZDrXrFym3dxRYjBIB+CABrW/3cyN7J6KKpBr3c3qPUna4L6CqPHEaOgKCLu44JUQMpo8d9M47Prklv+i4Ke6s28G/RWP6ViXn6XbNhdtS7L2wxQgDohwCwtpXPDV3AskulKjiU28vQZ9A5sNNcgbdoX6sRFTU+R1AoqXE4GuDSWZhw/72okXP/jiiEHZ9pxombrek7tnwdtfav+3ciClIjgqEtRnSguC9xptwGPALA2lY+N7IT/3o906weBd1xjly/Hfs5uvh7DddkhwJ0/pXb6s0WIwSAfggAa1v13NDdR6Y7V5OYrnT9P+pY4vUZ7krRnkKkGn3doZfHVmvZSbQjegFsMUIA6IcAsLZVz43s3f+IuxZdYNVtq56H7NMK2J+GMXR8jpiYucr5ZIsRAkA/BIC1rXhuZO/+dTc+YtzyNf37GtNWt2vmO2AfmnipuRTZd0G0pOMy01t1dy+ALUYIAP0QANa24rmROeZkxoVw9Jk0VDDTsrHoQ7+v7vJ1zs14LGYnBN7ZC2CLEQJAPwSAta14bmTuVPT2tXI7MzpeHKPhAnoI1qY7fP2OCnirrMKYWSb4zl4AW4wQAPohAKxttXND3efuM525a+JfDxoP1vwBDRmsuADRM1FDqAZUv5eCXPlbriA7IfCuXgBbjBAA+iEArG21cyNz93/3RKVeNFbsvh/msMtxpqcP3Pc7c1cvgC1GCAD9EADWttK5kbn7v3uSUk9artZ9R8xhlWGmSLYXQD0f5bZas8UIAaAfAsDaVjo3nvnuX2pXG9SLbTSxSxdm/c7HqnksVPShY4VD7R/tJ+0v7TfV3H//Fu3v8jdbVaYXQOdnuZ3WbDFCAOiHALC2Vc6NzN3/HRekO9VOCtRFvNzGa3r0TA2dlkXWcSBq9GSnJxKO76QeFH1HHUv63tG8kNpzQ/us3Maqsr0A2rfltlqyxcgqF7kVEQDWtsq5kVlrv/fF6E66ILvveKZFl6wms73uRRB1dR+N6uHOwFD+28edu6jHR5+3xaz7TOjc6e2KmV6A3r0gthhZ5SK3IgLA2lY4NzKN3253/5m3Hs4wE/3oZag1emEcUWPu9uuZUW/J6yHbC9AzBNliZPcAoBPmSMB3c3cDEbedu8xwYSnpTsN91jvo93DH/xm3nUdkLwx6jtp9jjM73f1LZh/sMvlxpNrXPWuYodzGyjK9ADrXy+20YosRfSD3Qc+U25hZ5vs9q19++eVll/n9OIq6MN1n3YkupNkGqXby3253/1K7QMuO+2AEdWm7/fuWXm+aHCXTC6D1KsrttGKLEQIADgSAMbKPSKkb223vzE7dsIfaEKTAUG4D9WrvgDVRs9zG6hRq3Hc9o17pcjst2GKEAIADAWCM7KSs2mffd3ru/6Dv477rmZ0efxxJkx/d/j0z4zDjFZkQ3mtNBFuMEABwIADc70qXYO2jbzs2fJkLsCYNlttBvcy+73X3O1JtD9SVIb8zthghAOBAALifjs/yOz+idua7xip3nPiWWQJ4t7vQUTK9Ly0ev5xN5pHIHkNxthghAOBAALhf9o6odr9EC9+sqvYJgB3HoUeqXTlxtycBREGotjeux4RIW4wQAHAgANwre1euv6mdfTzjb9tC7fGx05K0M6idBLfbkwCH2nZG56+eIii3c4UtRggAOBAA7qV1Bsrv+4jaBaay/84Kah9F0/FUbgN5tU8C7PoIZmZhpNbDIbYYIQDgQAC4l47N8vs+onbpXwWGchu7qO161ZBBuQ3k1T4JoDvfchu7qB0Oad0bZYsRAgAOBIB7Zcb/a7v/s8MMK9BkPvedz+y4DsJIOobdfj7Tuut7Fpm2puWEVFuMEABwIADcR48Cld/1EbUX3J0Xvck8hqa/KbeDvMy7KHZ8FFB0/XTf90zLZbltMUIAwIEAcJ/sZKjaxX92fuadRwDnUPtOgB0fBTzUzklpuSiQLUYIADgQAO6TXZSnZtGR3R954xHAOdQuhLPjo4CH2mOy5bsBbDFCAMCBAHCfTFd07Zj3rs/+H2qPDR4B7KP2ZUy7PgoomWGAVtddW4wQAHAgANwjO/5fu+LYrmOth9rXNetYKreB62qvsbsHMd3Vu+/9llZP6dhihACAAwHgHtk7oJpnrnee/X+ofexK14JyG7iudl2Knq/EnUHtNatVMLXFCAEABwLAPbLj/zUNntYKKP9+N7VrAOw8+Wyk2vdSSLmNnYwKRLYYIQDgQAC4R2b8X7+N29ZbnuGVt+57n2n5yBX+lHkcc9e1AKT2XJUWj6faYoQAgAMBoL/sSmi1dxUz/pYtZS6yP/7448uf+u0hb1SDN7Pa4akWgd0WIwQAHAgA/WXXQq/ZD7uPsUrmrnP3UDSS299ndl6fQmrfkdDiyQhbjBAAcCAA9Jc90WtmFrdcXGRWmXHn3SdFjlQ7H2Pn91NI7RM72SeDXrPFCAEABwJAf5lFUGqXW32G9e5rh0RaXGDxttrFgHRdLrexk8ywiN4oWG6nhi1GCAA4EAD6yzTOGrt223rL1QvJCmpXXNOYbLkNtFP7hsrdF6mS2iWSr05StcUIAQAHAkB/mYloNa9cfZY73doxVi0aVG4D7dSepzu/pOpQu1DV1YmAthghAOBAAOgv8zKamhcAPUtDV3tc6L8vt4F2al9S9QzHaW1IvTp3xxYjBAAcCAB9ZV9Go4mDbnvOM3StSu3d1bPsl1F09+r2+1ue4UmVmp47ubp4ly1GCAA4EAD6yt711EyweoYJgFIbAHQdKLeBdlgO+H/VPqp69W2VthghAOBAAOgr28WnxYPc9pxnmAAozDqfS20AeIZXM+uxU/fdz1x5VNUWIwQAHAgAfWUm+eg3cdtynulRt5p1EWT3585H05sn3X4/U25jR7UrAl5ZIdEWIwQAHAgAfWVWP6tZ8OaZHnUjAMyFAODVDlVdGcKzxQgBAAcCQF+Z7vmayVXPMLP6UDMsIrwIqK/M0sw7vxDoUHv90voW5TYeZYsRAgAOBIB+si8BqnmUSPuq/Ptdue9/Rneo5TbQTs1Q1WHG601rtY9HXlkfwRYjBAAcCAD9ZGc916ywlllmeEWZyVUEgL4IAF7t45Gff/75y5/5bUVsMUIAwIEA0E82ANSMdeu54/Lvd0RjMye33888QyjTmL777m+5MpHXFiMEABwIAP1kk33NW9aeZZybADAnt9/PPEMAuHNypC1GCAA4EAD6yU7Qc9t6S+Y9AyvKTDjLLMGMOne//GYFmbCaXQvAFiMEABwIAP1oOd/yuz3Cbest6m7UHcfuasdVxW0HbdX0VonmrLjt7KTmMd5D9jpsixECAA4EgH70PcrvFsncPQBYGwGgIQLA4wgA/RAAADwiO5RnixECAA4EgH50HJbfLZIZ6wawNg0dlNeCR9hihACAAwGgn0wA0IXAbQvAvrKTI20xQgDAgQDQT+YZ/cwEIgBry763whYjBAAcCAD9ZE7q2lesAlgfAaAhAsDjCAD9ZN7yRQAAno/arPJa8AhbjBAAcCAA9JOZ2KM3g7ltAdgXAaAhAsDjCAD9ZAIAxy7wfL755puX099fE87YYoQAgAMBoJ/Ms70cu8Dz0TWvvBY8whYjBAAcCAD90AMA4BH0ADTERfRxBIB+Ms/2MgcAeD5qs8prwSNsMUIAwIEA0M9djwGqp2F3vAxoTrwMyKvdLwSAhggAjyMA9HNXACi3sSNdVN13P1NuA+198skndt+/JXNOrOiu/WKLEQIADgSAfjKp/s5Xia6EADAnAoDnvvsZAkBDBIDHEQD6yQSATEOnFwiV29mNnqhw3/3M77///vKnfnto46OPPrL7/i2ZxbFW89tvv9nvfoZ3ATREAHgcAaCfzMzezNsAFRrK7exGx6n77meeoWdkNLffz3Csetn9YosRAgAOBIB+9D3K7xbJXDye4a6KADAnt9/PPEMAyPRWZdYMEVuM7B4AdJDpOyKm7qpy/42m7jD3WVeT6dbLNHSZtw6uhgAwJ7ffzzxDALhzHo8tRnRxch/iTLkNAH248++MzudyG7vReL777meeobEZKRPKfv7555c/9dvbReZJHgIAgD+48+/Mt99++/Jnfls7cd/9DAGgL3plvMyaFdkJq7YYIQAA86pdROTLL798+TO/rZ24736GANAXAcDT5F/33c+U23iULUYIAMC8ap+t/vTTT1/+zG9rJ3/729/s939L9tEqPCYz2e3XX399+VO/vV0okLvv/hY9Sllu41G2GCEAAPOqvYCoYSy3sSMWnZmLeljcfj9TbmNHCuTuu7/l888/f/kzv62ILUYIAMC8NKbvzsEzz9C1SgCYCwHAc9/7zNdff/3yZ35bEVuMEACAeWVffFNuZzefffaZ/e5v0XWu3AbaqZ3trrkt5TZ2k5kXoTeAltt5lC1GCADAvDLPET/DWgBffPGF/e5v0Zvnym2gHR1zbr+/RT045TZ2kzl3ryzkZYsRAgAwLz0r7c7BM8/Q2Kmr1H33t2RWYsTjatsRBbhyG7upDUVy5V0ethghAABzq53xfmUccRW1S0R/9dVXL3/mt4XraueqPMPjqpn5O1dWY7XFCAEAmFvtTOJn6F5VL4f77m95hjvOkWoD2TP0yNQOU12dF2GLEQIAMDfdvbrz8MyM73Voqfa6pUmD5TbQTu0x+gwrVta+HvlqSLXFCAEAmFvt3a7svvBN7azzZ+gVGan2blftTrmNnWRe5Z15ZfhrthghAABzy0wm2v0CWxsAnmWBpFFqh6l2f1Kl9vgUPfJbbqeGLUYIAMDcMsus7j7pjYVn5sLCTB/KTAC82mtnixECADA3rZnuzsMzV9YUX0EmFD3DComjuP19ZvfFqmoXqpKrr0e2xQgBAJhf7R2W7NzgZVZZe4b3z4+g19e6/X1GAa7czi60P2of3W0R2G0xQgAA5lf7mJXsPBEw0yvyDEskj5AJYzuH08wEwBZDdrYYIQAA88tMKtr9Wevau6zdx51HyczH0F1yuZ1dZNrUqxMAxRYjBABgfpm7rN0ffasdFtG1rtwGrqsNp7vPT6l9JFKuLAF8sMUIAQBYA/MAPlR7ob36nDW82jZk50WZtADXiPF/scUIAQBYQ+bRohZdi7OqnRfxDOvPj8Dv8CfNu3Hf+UyroTpbjBAAgDVkLi47rwdQu0IiywH3oQbd7e+37Dw3Rb1M7jufaTU3xRYjBABgDepedOfjGXVH7jrhqnaFxN3HnkepXQVQbU65jV2MHKazxUgmAGjsDUDed99993L6+XPyTGaBkV0ff8v0iOw8+3yU2jHvXZcBHj1R1xYjmQAA4JrsiZ95MdCud1yZ561ZDKitzHoMP/zww8uf+u2tTPNt3Pc903I4xBYjBABgjExjlHnmuuVdxkxYDGi8TAhr8cjbjNSz577vmZaLddlihAAAjJGZoZ9ZZlR2XXqVxYDGygzDKLiV21ldpvtfNK+n3FaWLUYIAMAY2Rn6tbOuRY8QltvZQe2kKw2hlNtAXm23twJbuY0daE6P+75nPv/885c/9dvLsMUIAQAYIzsrPbMs8Mcff/zyp357K6vtdt39Ncl3q33sTU8MlNvYQWZybuvJkLYYIQAA42TGQ7PDADuOf9MAjaW7WLef37JjANNcHvddz+j8bT0UYosRAgAwTnalvtrV12THBVgyM695FLAd9WK5ffyWHYeiMm1ojyBkixECADBOdhxQj1K57Z3RxXq3xi+zH3adhX63zFMYO64BkFn85/vvv3/5U7+9LFuMEACAsbIrgWlc323vTMvHjmaQaYR6XHyfkZ4scfv3zG5Po2T2Qa8gbosRAgAwls7B8rx8RGZRIE2aK7ezutpu6Oz+xodql2KWlo+9zUBd+e57nun1VkpbjBAAgLGyC/VkFmGR3brAa2dgf/311y9/5rfVgvavJlweNE9B19mSxsOPpaFrqAFx29O/8/rf7X23Xft2yt2eRFHv00yTcW0xokeK3EEG4D7ZRjnz+FGvO5BR1KC77/mW7FsBj4ZVz3yrwdW/q9+u9mU4oyho6vPqrvUIDcd3ynRJ165HoX+73MbKMq/n7rkqpy0C2FdmAZIejyCNVLsP3GI0R0N43K3riQk1WJmAtTKFGX1vhRvtB+3bt0JC7eS3nYKn9kVmDo72abmtVmwRwL4yk+Ak+/jhjDLL0erpi2dr3Fs5QoL7387sdMxl5j9Iz5dR2SKAvWWWBt5pPDazEAvut9NbADPhsfXSvyVbBLC3zB2w7PBIoBr/zNLIuJ+eWtFQQvkbrmbW880WAewvc0eSnQw3khoQjUtrIlvt43+Yh+6GFQjUKK42HyVzrt2xBLUtAtjfjr0AemZc3cZqKDJjzliHGkhNvNTYes9x8quy59kd8x9sEcBzyN6ZzLQ8sBp8PV6lz+U+L56Denf0JIKGd2bqIcicY5pvc8c5ZosAnsPMdydv0TLIuutTl35mURU8BzW86gkauYjV7OeXLQJ4HpkXk9x1h3LQCnXc5SNLx6uGC/ROhzuXFp757l9sEcDz0N2GuxBFet6l6AKoi7W6dJm4h9Y0oVDHb8+hghV612wRwPNQY6u7DncxOtPjTkUz9nWnRqP/IU1odN5a4//snQEMm3xIa2Jo3kDrY3n2u3+xRQDPJdsLoIam3FYtzeDWdjJDEatQo3s0wBqXViOtHo5jyVwZPZNdcytefx7dwR6BQo2kPvvuv5HCZ4vFh2bsVXNsEcBzyfYC6KKZmWSlrldd7HYY01dvxdG4Hw2mGk81ompUy+++A42jH0HheNHRTu9C0Lmg3pXssZ3pZdHf3P3qY1sE8Hyydy01y5Xq7iqzDPFMdBe8c+PekiZvrh7y9Pn11MmjXfO1b5o8tOhNq2WLAJ5PthdANIZabu+g7ep/32kG/2or0Y2iO1q3/1aknh4N35z99gq47m8jOu/uvvsXWwTwnLIzl3UBKy+M+r/VNZwNFb3pc2ktAXH/+5mzwIM/aZ6D239n1EOku+hZjxvR51PvxuvvqqCbDbmjjidbBPC8Mg2iaAxYf6+ucY2fZsZBe9LYtD6XLravu+/1/3f//Rk1AMff4206Jtz+O/O6YdVvoxCh7nENNbn/fiR9Jn0+fVaFXfffRGqG0FqzRQDPSxfdbOM9y/i+Pv8xKU/j9dH4be3sdnUHPzom/Mxq7+K1X8ttlI6JhzrWZnlcVN8zO/Fv5EqFtgjguWXvZkZS96vuFDOPcWXuVNUQldvBn9Swuf12Rr1P5XYi6jHQ2PyKTx+MmPj3mi0CeG5XxjPvorsnNRiaof26Sz8jM1atRqfcDv6UCZFXx8I170TbWGEFSfUajO5FskUAyM5o7kkXzexd/pnMbHXdcZbbwZ8yY/ZXg1zp6B2YMcwecwdGskUAkOyEwJZ0J6fJe7273DNdyK0brF1kApXmYZTbaUkrLapXYobVDDV/ofx8I9giAIi6VLMTAq/Qv6lxeT2WWH6mXjJd1hp+KLeD939RN7zbX2cU8srt9KL5CepJGhEGdGyPXvb5YIsAcMiuEJihsVt1jY4YG1UPg/tMZzKT1p5BZlJl62GdRx1h4K51B2aaO2KLAHBQY9xzhrUuvLr7Plth7S61E8d0N8fjgP9r1f2onoue6w2ox2Gm48UWAeA1dVm2HgrQhfbqrO/WVrpzndUOPSmaPJg5Fs7o/ClXDxzNFgGglBnXLekiqAvrbBfCQ2YpZFYF/JDG8t1+OjNbEDyoV0qLDrUYHrj7Vb+PsEUAcK7cFalbeJbJT29R92xtT4f++xEvcpmR9l/m+fvZ95++15UJg7POFbFFAHB0IbzyTLUef5ppDNTJPPrI0wD/lVlQSUs2l9uZzZXgq+Awa8CxRQB4y9X5ALPPnM8MdYx8octMMu+CmLFr/DU9IeA+9yNmHPd/zRYB4MzV+QC6oyq3OQvdrWUCzuzDG71l14yYeTGlq+/EmD3c2CIARK7OktbFtdzmLDJ3ss/+boDMehEzd/9fDbkrrBFhiwAQuTofQGa9Q8qMZWumeLmdZ5JZK2LWuROZp0Fem3nc/zVbBIBHtFgfYMZHwBRuMt/rWdcEyLz6V/t3hsWfSvoNrxzT+tuZx/1fs0UAeFTmbrk0YwjIDHE865oAGv5w++PMLC/Eee1q4y8zHstvsUUAqJEZ/y3NduFUY+A+5xk1Hs+4JkBmoZwZXof7WovGf+Z5LY4tAkCtqzOmZaYLqIYBMg3b7DO/W8uMl6uhnWk9iKsT/uTOtxm2YosAkHH1yQCZKQRkngFXaJh9saOWNJPf7YczMz0G2qLxX2HGv2OLAJCVeYSuNEsDoUmO7vNFZuve7iUz+U/0d+W2RmjRa6UAtGrgs0UAyNLFsMUrVWcJAZlAo0fiyu3sKLNs8iz7pkXjr++y8pwPWwSAK3RRvLpGgOjuavQFNvtMuP6u3NZOsiv/jZ7sqYCqpzXcZ6uhZ/1nfIyxhi0CwFVa4vXKG9QO2sboLuPMZMDdewFWnB+hYzKzYFFJbzyceQnjR9kiALSghjvzetiS7jRHjqvrnfDuc0XevXv38ud+myvL3v0rNJTbuot+i1bH4ixzGK6yRQBoRauitbjwyqgGJNvgrTo7PJJ9Q96oLvMW61SIjoGdVnu0RQBoSXdMLYYDZNS8gGyjt8vd4mGlMNRqvF8UYnf7LW0RAFrTmGmLiYGiMHH363fpBfivVYKQjo8W4/0y4ni7gy0CQA+6c291UVZjrLH58t/oKbvQ0S53jvoeK4QgPWmQ+ZyOjtdRQxe92SIA9KJu2RaLBR205sBdd2dqAN1niOzyREDmuX+5KwCpoW55bM3wGGpPtggAvbVYNvigu7273i2fbQRne9lRrczLkeSuu3/t31aTTUWfe+Qji3ewRQC4Q+Y1smd099e7uzbbC7D6OwKyQze97/51h95qot9hxRf7ZNgiANyl1SNaB90F9r7bzjY4qzYs2XUQet/9q1cis0jTmZleRtWbLQLAnbTIT6tJWwfNDdAaBOW/1UL2iQDp9Zl60fyKzHfV3/S6+9dnajnWL/q8qw/T1LJFALibLuqtHhN8TXfrPYYFssMX+o4rDQVkX+zUY9EmdfdnH0M8o9/kromKM7FFABhBDWPLyYEH3d2pa7dlw6ttZbufFR7K7c0o2/WvYZjWoUuTPFt394sC4s4z/c/YIgCM1PI57tfUgLR8p4AaJffvPGL29wRoqCL7G2heR7m9LO2nVmtHvKbvdteTI7OyRQAYrdeQgKhbu9XrerONk8JI7ycWsnRHnF26udUQhwJI9pHLyLN2+ZdsEQBm0GtI4KDG++rEr+xjgaKFZsrtzeBKw3u1Z0Mz+7Vf3LZbeOYu/5ItAsBMeg0JHHS3q38je+d6ZT2D2eYDZMf95cpjjuqR6dHVf6DL/3/ZIgDMpueQwEHd8hq/rg0C+u+vvO1wloZJ8yPc53uE9l3mzlrB68q+ewRd/p4tAsCM1NDqDrVnb4BoFrvuZmsajexSuaLvM/o981cm/UnN5EqFOfV89JjV/5q+j/6dbM/O7mwRAGamVwu3XgjmLbp71B36I3e3V+YrjAwBCjpX1tF/ZMU/NcK628+uK1BLx4eCRvk58CdbBIAVqMHs3X38miaQnTXSauSuDFOMCAH69640/tr/Z+FIPQsKRld6F2q0ftRzZ7YIAKtQo6tu3rsaGFGjpxXpXGOtu84rn0V/e1cDpol3Vz+rW9pYNf0mvedslPRvMsP/cbYIAKtRw3vXsMBragTVBa5hguO5fnV1u/+2Ro+ldF/Tyoju361xLPij763vrB6SK70JWRpWoLu/ni0CwKp099x7ctkZPcqmO9EWY916Hr71YkHaXosFdnR3rwmZPR/di+h3VvAovyMeY4sAsDJ1A+sOd8TdaGv6Dmpoy++YocZyl32i35fu/mtsEQB2oAZC3dQjewRa0bwDNeCZR9rUKzLyTr0VGv62bBEAdqJGc5cgoO/w1gTE146JeHc+JdGLvrN6QWj427JFANiV7qJ3aBRFExA1T6B0ZWb/TNTwZ1ZmxGNsEQB2pyBw92NqeIwCmp6qoOHvyxYB4FnoWfi7VqfDuRZvZ8TjbBEAno2WF9YEs12GB1ah/a25CjzHfz9bBIBnpgl0ehnQDo/MzUj7VcsDv3v37mV3+98A/dkiAOC/9AidVrhzDRnqaAEi7U/G9udgiwCAD+kRNE1MY75AHY3rv14mGfOwRQDA2xQGNHlQwwQ8SfAhjemre193+jT6c7NFAMDjjpfhqOHbYbGhGvq+GiLRXb4mUpb7BvOyRQBAnma0q0HUmPduEwmPtx9qgZ6ffvrp5ev6fYD52SIAoB0FAs1412OGWsZXq/XN3lOgz6fPqWEOfW59fhr8vdgiAOAeeuRQ8wnUyGoI4e6lfPXvqQtf/77G7Xk073nYIgBgHgoJapgPehGQGuyIgsXrv5Ny23hetggAAPZmiwAAYG+2CAAA9maLAABgb7YIAAD2ZosAAGBvtggAAPZmiwAAYG+2CAAA9maLAABgb7YIAAD2ZosAAGBvtggAAPZmiwAAYG+2CAAA9maLAABgb7YIAAD2ZosAAGBvtggAAPZmiwAAYG+2CAAA9maLAABgb7YIAAD2ZosAAGBvtggAAPZmiwAAYG+2CAAA9maLAABgb7YIAAD2ZosAAGBvtggAAPZmiwAAYG+2CAAA9maLAABgb7YIAAD2ZosAAGBvtggAAPZmiwAAYG+2CAAA9maLAABgb7YIAAD2ZosAAGBvtggAAPZmiwAAYGfv//L/AJhRPXeofvJkAAAAAElFTkSuQmCCWeb ApplicationGE.PEllipsefalseAnyAnyfalseA representation of Azure IaaS VM Trust BoundaryfalseSE.TB.TMCore.AzureIaaSVMTrustBoundaryBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCAzure IaaS VM Trust BoundaryGE.TB.BBorderBoundaryfalseAnyAnyfalseA border representation of Azure Trust Boundary, also referred to as Azure Services ZonefalseSE.TB.TMCore.AzureTrustBoundaryBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCAzure Trust BoundaryGE.TB.BBorderBoundaryfalseAnyAnyfalseA border representation of a Cloud Gateway Zone, also referred to as Cloud Gateway Trust BoundaryfalseSE.TB.TMCore.IoTCloudGatewayZoneBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCIoT Cloud Gateway ZoneGE.TB.BBorderBoundaryfalseAnyAnyfalseA border representation of a Device Zone, also referred to as Device Trust BoundaryfalseSE.TB.TMCore.IoTDeviceZoneBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCIoT Device ZoneGE.TB.BBorderBoundaryfalseAnyAnyfalseA border representation of a Field Gateway Zone, also referred to as Field Gateway Trust BoundaryfalseSE.TB.TMCore.IoTFieldGatewayZoneBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCIoT Field Gateway ZoneGE.TB.BBorderBoundaryfalseAnyAnyfalseA border representation of a Local User Zone, also referred to as Local User Trust BoundaryfalseSE.TB.TMCore.LocalUserTrustBoundaryBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCLocal User ZoneGE.TB.BBorderBoundaryfalseAnyAnyfalseA representation of an end-users machine trust boundaryfalseSE.TB.TMCore.MachineTrustBoundaryBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCMachine Trust BoundaryGE.TB.BBorderBoundaryfalseAnyAnyfalseA border representation of a Remote User Zone, also referred to as Remote User Trust BoundaryfalseSE.TB.TMCore.RemoteUserTrustBoundaryBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCRemote User ZoneGE.TB.BBorderBoundaryfalseAnyAnyfalsefalseSelectAzureStand aloneOther cloudsEnvironmentVirtualDynamic1e5ffbf5-f5bc-4fe5-a73b-dc516d274c82ListA representation of Service Fabric Cluster for stand-alone or cloud environmentsfalseSE.TB.TMCore.ServiceFabricBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCService Fabric Trust BoundaryGE.TB.BBorderBoundaryfalseAnyAnyfalseDDenial of ServiceDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to specfalseEElevation of PrivilegesA user subject gains increased capability or privilege by taking advantage of an implementation bugfalseIInformation DisclosureInformation disclosure happens when the information can be read by an unauthorized partyfalseRRepudiationRepudiation threats involve an adversary denying that something happenedfalseSSpoofingSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network addressfalseTTamperingTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processestruetrueTitlefalse22222222-2222-2222-2222-2222222222220UserThreatCategoryfalse22222222-2222-2222-2222-2222222222220UserThreatShortDescriptiontrue22222222-2222-2222-2222-2222222222220UserThreatDescriptionfalse22222222-2222-2222-2222-2222222222220StateInformationfalse22222222-2222-2222-2222-2222222222220InteractionStringfalse22222222-2222-2222-2222-2222222222220PossibleMitigationsfalse22222222-2222-2222-2222-2222222222222PriorityfalseHighMediumLow22222222-2222-2222-2222-2222222222221SDLPhasefalseDesignImplementation22222222-2222-2222-2222-2222222222221falseDThe default cache that Identity Server uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users. target is 'SE.P.TMCore.IdSrv'TH112UserThreatDescriptionfalseThe default cache that Identity Server uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseOverride the default Identity Server token cache with a scalable alternative. Refer: <a href="https://aka.ms/tmtauthn#override-token">https://aka.ms/tmtauthn#override-token</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary can leverage the weak scalability of Identity Server's token cache and cause DoSfalseDAn Adversary can launch DoS attack on WCF if Throttling in not enabledtarget is 'SE.P.TMCore.WCF'TH130UserThreatDescriptionfalseAn Adversary can launch DoS attack on WCF if Throttling in not enabled22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable WCF's service throttling feature. Refer: <a href="https://aka.ms/tmtconfigmgmt#throttling">https://aka.ms/tmtconfigmgmt#throttling</a>22222222-2222-2222-2222-2222222222222PriorityfalseLow22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An Adversary can launch DoS attack on WCF if Throttling in not enabledfalseDFailure to restrict requests originating from third party domains may result in unauthorized actions or access of datasource is 'SE.EI.TMCore.Browser' and target is 'SE.P.TMCore.WebApp'TH26UserThreatDescriptionfalseFailure to restrict requests originating from third party domains may result in unauthorized actions or access of data22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that authenticated ASP.NET pages incorporate UI Redressing or clickjacking defences. Refer: <a href="https://aka.ms/tmtconfigmgmt#ui-defenses">https://aka.ms/tmtconfigmgmt#ui-defenses</a> Ensure that only trusted origins are allowed if CORS is enabled on ASP.NET Web Applications. Refer: <a href="https://aka.ms/tmtconfigmgmt#cors-aspnet">https://aka.ms/tmtconfigmgmt#cors-aspnet</a> Mitigate against Cross-Site Request Forgery (CSRF) attacks on ASP.NET web pages. Refer: <a href="https://aka.ms/tmtsmgmt#csrf-asp">https://aka.ms/tmtsmgmt#csrf-asp</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can perform action on behalf of other user due to lack of controls against cross domain requestsfalseDThe default cache that ADAL (Active Directory Authentication Library) uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users.target is 'SE.P.TMCore.AzureAD'TH91UserThreatDescriptionfalseThe default cache that ADAL (Active Directory Authentication Library) uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseOverride the default ADAL token cache with a scalable alternative. Refer: <a href="https://aka.ms/tmtauthn#adal-scalable">https://aka.ms/tmtauthn#adal-scalable</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary can leverage the weak scalability of token cache and cause DoSfalseEIf there is no restriction at network or host firewall level, to access the database then anyone can attempt to connect to the database from an unauthorized locationtarget is 'SE.DS.TMCore.SQL'TH1UserThreatDescriptionfalseIf there is no restriction at network or host firewall level, to access the database then anyone can attempt to connect to the database from an unauthorized location22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseConfigure a Windows Firewall for Database Engine Access. Refer: <a href="https://aka.ms/tmtconfigmgmt#firewall-db">https://aka.ms/tmtconfigmgmt#firewall-db</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to database due to lack of network access protectionfalseEDue to poorly configured account policies, adversary can launch brute force attacks on {target.Name} target is 'SE.DS.TMCore.AzureSQLDB'TH10UserThreatDescriptionfalseDue to poorly configured account policies, adversary can launch brute force attacks on {target.Name} 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseWhen possible use Azure Active Directory Authentication for connecting to SQL Database. Refer: <a href="https://aka.ms/tmt-th10a">https://aka.ms/tmt-th10a</a> Ensure that least-privileged accounts are used to connect to Database server. Refer: <a href="https://aka.ms/tmt-th10b">https://aka.ms/tmt-th10b</a> and <a href="https://aka.ms/tmt-th10c">https://aka.ms/tmt-th10c</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to Azure SQL database due to weak account policyfalseEAn adversary may jail break into a mobile device and gain elevated privilegessource is 'SE.EI.TMCore.Mobile'TH104UserThreatDescriptionfalseAn adversary may jail break into a mobile device and gain elevated privileges22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseImplement implicit jailbreak or rooting detection. Refer: <a href="https://aka.ms/tmtauthz#rooting-detection">https://aka.ms/tmtauthz#rooting-detection</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may jail break into a mobile device and gain elevated privilegesfalseEAn adversary may gain unauthorized access to Web API due to poor access control checkstarget is 'SE.P.TMCore.WebAPI'TH110UserThreatDescriptionfalseAn adversary may gain unauthorized access to Web API due to poor access control checks22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseImplement proper authorization mechanism in ASP.NET Web API. Refer: <a href="https://aka.ms/tmtauthz#authz-aspnet">https://aka.ms/tmtauthz#authz-aspnet</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to Web API due to poor access control checksfalseEAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.flow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No'flow crosses 'SE.TB.TMCore.AzureTrustBoundary'TH116UserThreatDescriptionfalseAn adversary can gain unauthorized access to resources in Azure subscription. The adversary can be either a disgruntled internal user, or someone who has stolen the credentials of an Azure subscription.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to resources in an Azure subscriptionfalseEAn adversary can bypass built in security through Custom Services or ASP.NET Pages which authenticate as a service accounttarget is 'SE.P.TMCore.DynamicsCRM'TH120UserThreatDescriptionfalseAn adversary can bypass built in security through Custom Services or ASP.NET Pages which authenticate as a service account22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseCheck service account privileges and check that the custom Services or ASP.NET Pages respect CRM's security. Refer: <a href="https://aka.ms/tmtcommsec#priv-aspnet">https://aka.ms/tmtcommsec#priv-aspnet</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can bypass built in security through Custom Services or ASP.NET Pages which authenticate as a service accountfalseEMisconfiguration of Security Roles, Business Unit or Teamstarget is 'SE.P.TMCore.DynamicsCRM'TH124UserThreatDescriptionfalseMisconfiguration of Security Roles, Business Unit or Teams22222222-2222-2222-2222-2222222222220PossibleMitigationsfalsePerform security modelling and use Field Level Security where required. Refer: <a href="https://aka.ms/tmtauthz#modeling-field">https://aka.ms/tmtauthz#modeling-field</a> Perform security modelling and use Business Units/Teams where required. Refer: <a href="https://aka.ms/tmtdata#modeling-teams">https://aka.ms/tmtdata#modeling-teams</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221Misconfiguration of Security Roles, Business Unit or TeamsfalseEMisuse of the Share featuretarget is 'SE.P.TMCore.DynamicsCRM'TH125UserThreatDescriptionfalseMisuse of the Share feature22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseMinimize access to share feature on critical entities. Refer: <a href="https://aka.ms/tmtdata#entities">https://aka.ms/tmtdata#entities</a> Train users on the risks associated with the Dynamics CRM Share feature and good security practices. Refer: <a href="https://aka.ms/tmtdata#good-practices">https://aka.ms/tmtdata#good-practices</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221Misuse of the Share featurefalseEUsers with CRM Portal access are inadvertently given access to sensitive records and datatarget is 'SE.P.TMCore.DynamicsCRMPortal'TH128UserThreatDescriptionfalseUsers with CRM Portal access are inadvertently given access to sensitive records and data22222222-2222-2222-2222-2222222222220PossibleMitigationsfalsePerform security modelling of portal accounts keeping in mind that the security model for the portal differs from the rest of CRM. Refer: <a href="https://aka.ms/tmtauthz#portal-security">https://aka.ms/tmtauthz#portal-security</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221Users with CRM Portal access are inadvertently given access to sensitive records and datafalseEAn adversary may gain unauthorized access to data on host machinesflow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No' flow crosses 'SE.TB.TMCore.MachineTrustBoundary'TH135UserThreatDescriptionfalseAn adversary may gain unauthorized access to data on host machines22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to data on host machinesfalseEIf an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application.flow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No'flow crosses 'SE.TB.TMCore.MachineTrustBoundary'TH136UserThreatDescriptionfalseIf an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain elevated privileges and execute malicious code on host machinesfalseEAn adversary can gain unauthorized access to {target.Name} due to weak access control restrictionstarget is 'SE.DS.TMCore.AzureStorage'TH17UserThreatDescriptionfalseAn adversary can gain unauthorized access to {target.Name} due to weak access control restrictions22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseGrant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to {target.Name} due to weak access control restrictionsfalseEDue to poorly configured account policies, adversary can launch brute force attacks on {target.Name}target is 'SE.DS.TMCore.SQL' and target.6047e74b-a4e1-4e5b-873e-3f7d8658d6b3 is 'OnPrem'TH2UserThreatDescriptionfalseDue to poorly configured account policies, adversary can launch brute force attacks on {target.Name}22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseWhen possible, use Windows Authentication for connecting to SQL Server. Refer: <a href="https://aka.ms/tmtauthn#win-authn-sql">https://aka.ms/tmtauthn#win-authn-sql</a> When SQL authentication mode is used, ensure that account and password policy are enforced on SQL server. Refer: <a href="https://aka.ms/tmtauthn#authn-account-pword">https://aka.ms/tmtauthn#authn-account-pword</a> Do not use SQL Authentication in contained databases. Refer: <a href="https://aka.ms/tmtauthn#autn-contained-db">https://aka.ms/tmtauthn#autn-contained-db</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to SQL database due to weak account policyfalseEFailure to restrict the privileges and access rights to the application to individuals who require the privileges or access rights may result into unauthorized use of data due to inappropriate rights settings and validation.source is 'SE.EI.TMCore.Browser' and target is 'SE.P.TMCore.WebApp'TH27UserThreatDescriptionfalseFailure to restrict the privileges and access rights to the application to individuals who require the privileges or access rights may result into unauthorized use of data due to inappropriate rights settings and validation.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that administrative interfaces are appropriately locked down. Refer: <a href="https://aka.ms/tmtauthn#admin-interface-lockdown">https://aka.ms/tmtauthn#admin-interface-lockdown</a> Enforce sequential step order when processing business logic flows. Refer: <a href="https://aka.ms/tmtauthz#sequential-logic">https://aka.ms/tmtauthz#sequential-logic</a> Ensure that proper authorization is in place and principle of least privileges is followed. Refer: <a href="https://aka.ms/tmtauthz#principle-least-privilege">https://aka.ms/tmtauthz#principle-least-privilege</a> Business logic and resource access authorization decisions should not be based on incoming request parameters. Refer: <a href="https://aka.ms/tmtauthz#logic-request-parameters">https://aka.ms/tmtauthz#logic-request-parameters</a> Ensure that content and resources are not enumerable or accessible via forceful browsing. Refer: <a href="https://aka.ms/tmtauthz#enumerable-browsing">https://aka.ms/tmtauthz#enumerable-browsing</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may bypass critical steps or perform actions on behalf of other users (victims) due to improper validation logicfalseEAn adversary may gain elevated privileges on the functionality of cloud gateway if SAS tokens with over-privileged permissions are used to connect(source is 'SE.EI.TMCore.IoTdevice' or source is 'SE.GP.TMCore.IoTFieldGateway') and target is 'SE.GP.TMCore.IoTCloudGateway'TH37UserThreatDescriptionfalseAn adversary may gain elevated privileges on the functionality of cloud gateway if SAS tokens with over-privileged permissions are used to connect22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseConnect to Cloud Gateway using least-privileged tokens. Refer: <a href="https://aka.ms/tmtauthz#cloud-least-privileged">https://aka.ms/tmtauthz#cloud-least-privileged</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may gain elevated privileges on Cloud GatewayfalseEDatabase access should be configured with roles and privilege based on least privilege and need to know principle. target is 'SE.DS.TMCore.SQL' TH4UserThreatDescriptionfalseDatabase access should be configured with roles and privilege based on least privilege and need to know principle. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that least-privileged accounts are used to connect to Database server. Refer: <a href="https://aka.ms/tmtauthz#privileged-server">https://aka.ms/tmtauthz#privileged-server</a> Implement Row Level Security RLS to prevent tenants from accessing each others data. Refer: <a href="https://aka.ms/tmtauthz#rls-tenants">https://aka.ms/tmtauthz#rls-tenants</a> Sysadmin role should only have valid necessary users . Refer: <a href="https://aka.ms/tmtauthz#sysadmin-users">https://aka.ms/tmtauthz#sysadmin-users</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to database due to loose authorization rulesfalseEAn adversary may get access to admin interface or privileged services like WiFi, SSH, File shares, FTP etc., on a devicesource is 'SE.EI.TMCore.IoTdevice' or source is 'SE.GP.TMCore.IoTFieldGateway'TH41UserThreatDescriptionfalseAn adversary may get access to admin interface or privileged services like WiFi, SSH, File shares, FTP etc., on a device22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that all admin interfaces are secured with strong credentials. Refer: <a href="https://aka.ms/tmtconfigmgmt#admin-strong">https://aka.ms/tmtconfigmgmt#admin-strong</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to privileged features on {source.Name}falseEAn adversary may leverage insufficient authorization checks on the device and execute unauthorized and sensitive commands remotely.(source is 'SE.GP.TMCore.IoTFieldGateway' or source is 'SE.GP.TMCore.IoTCloudGateway') and target is 'SE.EI.TMCore.IoTdevice'TH42UserThreatDescriptionfalseAn adversary may leverage insufficient authorization checks on the device and execute unauthorized and sensitive commands remotely.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalsePerform authorization checks in the device if it supports various actions that require different permission levels. Refer: <a href="https://aka.ms/tmtauthz#device-permission">https://aka.ms/tmtauthz#device-permission</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may trigger unauthorized commands on the devicefalseEAn adversary may use unused features or services on {target.Name} such as UI, USB port etc. Unused features increase the attack surface and serve as additional entry points for the adversarysource is 'SE.EI.TMCore.IoTdevice' or source is 'SE.GP.TMCore.IoTFieldGateway'TH48UserThreatDescriptionfalseAn adversary may use unused features or services on {target.Name} such as UI, USB port etc. Unused features increase the attack surface and serve as additional entry points for the adversary22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that only the minimum services/features are enabled on devices. Refer: <a href="https://aka.ms/tmtconfigmgmt#min-enable">https://aka.ms/tmtconfigmgmt#min-enable</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may exploit unused services or features in {target.Name}falseEAn adversary may leverage insufficient authorization checks on the field gateway and execute unauthorized and sensitive commands remotely(source is 'SE.EI.TMCore.IoTdevice' or source is 'SE.GP.TMCore.IoTCloudGateway') and target is 'SE.GP.TMCore.IoTFieldGateway'TH51UserThreatDescriptionfalseAn adversary may leverage insufficient authorization checks on the field gateway and execute unauthorized and sensitive commands remotely22222222-2222-2222-2222-2222222222220PossibleMitigationsfalsePerform authorization checks in the Field Gateway if it supports various actions that require different permission levels. Refer: <a href="https://aka.ms/tmtauthz#field-permission">https://aka.ms/tmtauthz#field-permission</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may trigger unauthorized commands on the field gatewayfalseEA compromised access key may permit an adversary to have over-privileged access to an {target.Name} instance target is 'SE.P.TMCore.AzureDocumentDB'TH54UserThreatDescriptionfalseA compromised access key may permit an adversary to have over-privileged access to an {target.Name} instance22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse resource (SAS like) tokens (derived using master keys) to connect to Cosmos DB instances whenever possible. Scope the resource tokens to permit only the privileges necessary (e.g. read-only). Store secrets in a secret storage solution (e.g. Azure Key Vault). Refer: <a href="https://aka.ms/tmt-th54">https://aka.ms/tmt-th54</a> 22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221A compromised access key may permit an adversary to have more access than intended to an {target.Name} instance falseIAn adversary may read content stored in {target.Name} instances through SQL injection based attackstarget is 'SE.P.TMCore.AzureDocumentDB' and target.d456e645-5642-41ad-857f-951af1a3d968 is 'SQL'TH56UserThreatDescriptionfalseAn adversary may read content stored in {target.Name} instances through SQL injection based attacks22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse parametrized SQL queries to query Cosmos DB instances. Refer: <a href="https://aka.ms/tmt-th56">https://aka.ms/tmt-th56</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may read content stored in {target.Name} instances through SQL injection based attacksfalseEAn adversary can gain unauthorized access to Azure Cosmos DB instances due to weak network security configurationtarget is 'SE.P.TMCore.AzureDocumentDB' and not target.b646c6da-6894-432a-8925-646ae6d1d0ea is 'Allow access from selected networks (excluding Azure)'TH57UserThreatDescriptionfalseAn adversary can gain unauthorized access to Azure Cosmos DB instances due to weak network security configuration22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRestrict access to Azure Cosmos DB instances by configuring account-level firewall rules to only permit connections from selected IP addresses where possible. Refer: <a href="https://aka.ms/tmt-th57">https://aka.ms/tmt-th57</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to Azure Cosmos DB instances due to weak network security configurationfalseEAn adversary may leverage insufficient authorization checks on the Event Hub (SAS token) and be able to listen (Read) to the Events and manage (change) configurations of the Event Hubtarget is 'SE.P.TMCore.AzureEventHub'TH59UserThreatDescriptionfalseAn adversary may leverage insufficient authorization checks on the Event Hub (SAS token) and be able to listen (Read) to the Events and manage (change) configurations of the Event Hub22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse a send-only permissions SAS Key for generating device tokens. Refer: <a href="https://aka.ms/tmtauthz#sendonly-sas">https://aka.ms/tmtauthz#sendonly-sas</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may exploit the permissions provisioned to the device token to gain elevated privilegesfalseEIf a token that grants direct access to the event hub is given to the device, it would be able to send messages directly to the eventhub without being subjected to throttling. It further exempts such a device from being able to be blacklisted.target is 'SE.P.TMCore.AzureEventHub'TH60UserThreatDescriptionfalseIf a token that grants direct access to the event hub is given to the device, it would be able to send messages directly to the eventhub without being subjected to throttling. It further exempts such a device from being able to be blacklisted.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseDo not use access tokens that provide direct access to the Event Hub. Refer: <a href="https://aka.ms/tmtauthz#access-tokens-hub">https://aka.ms/tmtauthz#access-tokens-hub</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary bypass the secure functionalities of the Event Hub if devices authenticate with tokens that give direct access to Event HubfalseEAn adversary may gain elevated privileges on the functionality of Event Hub if SAS keys with over-privileged permissions are used to connecttarget is 'SE.P.TMCore.AzureEventHub'TH62UserThreatDescriptionfalseAn adversary may gain elevated privileges on the functionality of Event Hub if SAS keys with over-privileged permissions are used to connect22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseConnect to Event Hub using SAS keys that have the minimum permissions required. Refer: <a href="https://aka.ms/tmtauthz#sas-minimum-permissions">https://aka.ms/tmtauthz#sas-minimum-permissions</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may gain elevated privileges on Event HubfalseEAn adversary can gain unauthorized access to all entities in {target.Name} tablestarget is 'SE.DS.TMCore.AzureStorage' and target.b3ece90f-c578-4a48-b4d4-89d97614e0d2 is 'Table'TH64UserThreatDescriptionfalseAn adversary can gain unauthorized access to all entities in {target.Name} tables22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseGrant fine-grained permission on a range of entities in Azure Table Storage. Refer: <a href="https://aka.ms/tmt-th64">https://aka.ms/tmt-th64</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to all entities in {target.Name}'s tablesfalseEAn adversary can gain unauthorized access to {target.Name} instances due to weak network configurationtarget is 'SE.DS.TMCore.AzureStorage' and target.eb012c7c-9201-40d2-989f-2aad423895a5 is 'Allow access from selective networks'target is 'SE.DS.TMCore.AzureStorage'TH140UserThreatDescriptionfalseAn adversary can gain unauthorized access to {target.Name} instances due to weak network configuration22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseIt is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to {target.Name} instances due to weak network configurationfalseEAn adversary may gain unauthorized access to {target.Name} account in a subscriptiontarget is 'SE.DS.TMCore.AzureStorage'TH67UserThreatDescriptionfalseAn adversary may gain unauthorized access to {target.Name} account in a subscription22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseAssign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to {target.Name} account in a subscriptionfalseEIf RBAC is not implemented on Service Fabric, clients may have over-privileged access on the fabric's cluster operationsflow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No'flow crosses 'SE.TB.TMCore.ServiceFabric'TH71UserThreatDescriptionfalseIf RBAC is not implemented on Service Fabric, clients may have over-privileged access on the fabric's cluster operations22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRestrict client's access to cluster operations using RBAC. Refer: <a href="https://aka.ms/tmtauthz#cluster-rbac">https://aka.ms/tmtauthz#cluster-rbac</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to Service Fabric cluster operationsfalseEAn adversary may gain unauthorized access to {target.Name} if connection is insecure(source is 'SE.P.TMCore.AzureDataFactory') and source.afe0080c-37dc-4d53-9edd-d0a163856bdc is 'Only Azure'(source is 'SE.P.TMCore.AzureDataFactory')TH90UserThreatDescriptionfalseAn adversary may gain unauthorized access to {target.Name} if connection is insecure22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse Data management gateway while connecting On Prem SQL Server to Azure Data Factory. Refer: <a href="https://aka.ms/tmtcommsec#sqlserver-factory">https://aka.ms/tmtcommsec#sqlserver-factory</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to {target.Name} if connection is insecurefalseIAn adversary can reverse weakly encrypted or hashed contenttarget is 'SE.P.TMCore.WebApp'TH101UserThreatDescriptionfalseAn adversary can reverse weakly encrypted or hashed content22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseDo not expose security details in error messages. Refer: <a href="https://aka.ms/tmtxmgmt#messages">https://aka.ms/tmtxmgmt#messages</a> Implement Default error handling page. Refer: <a href="https://aka.ms/tmtxmgmt#default">https://aka.ms/tmtxmgmt#default</a> Set Deployment Method to Retail in IIS. Refer: <a href="https://aka.ms/tmtxmgmt#deployment">https://aka.ms/tmtxmgmt#deployment</a> Use only approved symmetric block ciphers and key lengths. Refer: <a href="https://aka.ms/tmtcrypto#cipher-length">https://aka.ms/tmtcrypto#cipher-length</a> Use approved block cipher modes and initialization vectors for symmetric ciphers. Refer: <a href="https://aka.ms/tmtcrypto#vector-ciphers">https://aka.ms/tmtcrypto#vector-ciphers</a> Use approved asymmetric algorithms, key lengths, and padding. Refer: <a href="https://aka.ms/tmtcrypto#padding">https://aka.ms/tmtcrypto#padding</a> Use approved random number generators. Refer: <a href="https://aka.ms/tmtcrypto#numgen">https://aka.ms/tmtcrypto#numgen</a> Do not use symmetric stream ciphers. Refer: <a href="https://aka.ms/tmtcrypto#stream-ciphers">https://aka.ms/tmtcrypto#stream-ciphers</a> Use approved MAC/HMAC/keyed hash algorithms. Refer: <a href="https://aka.ms/tmtcrypto#mac-hash">https://aka.ms/tmtcrypto#mac-hash</a> Use only approved cryptographic hash functions. Refer: <a href="https://aka.ms/tmtcrypto#hash-functions">https://aka.ms/tmtcrypto#hash-functions</a> Verify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can reverse weakly encrypted or hashed contentfalseIAn adversary may gain access to sensitive data from log filestarget is 'SE.P.TMCore.WebApp' TH102UserThreatDescriptionfalseAn adversary may gain access to sensitive data from log files22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that the application does not log sensitive user data. Refer: <a href="https://aka.ms/tmtauditlog#log-sensitive-data">https://aka.ms/tmtauditlog#log-sensitive-data</a> Ensure that Audit and Log Files have Restricted Access. Refer: <a href="https://aka.ms/tmtauditlog#log-restricted-access">https://aka.ms/tmtauditlog#log-restricted-access</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain access to sensitive data from log filesfalseIAn adversary may gain access to unmasked sensitive data such as credit card numberssource is 'SE.EI.TMCore.Browser' and target is 'SE.P.TMCore.WebApp'TH103UserThreatDescriptionfalseAn adversary may gain access to unmasked sensitive data such as credit card numbers22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that sensitive data displayed on the user screen is masked. Refer: <a href="https://aka.ms/tmtdata#data-mask">https://aka.ms/tmtdata#data-mask</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain access to unmasked sensitive data such as credit card numbersfalseIAn adversary can gain access to sensitive data such as the following, through verbose error messages - Server names - Connection strings - Usernames - Passwords - SQL procedures - Details of dynamic SQL failures - Stack trace and lines of code - Variables stored in memory - Drive and folder locations - Application install points - Host configuration settings - Other internal application details target is 'SE.P.TMCore.WebAPI'TH106UserThreatDescriptionfalseAn adversary can gain access to sensitive data such as the following, through verbose error messages - Server names - Connection strings - Usernames - Passwords - SQL procedures - Details of dynamic SQL failures - Stack trace and lines of code - Variables stored in memory - Drive and folder locations - Application install points - Host configuration settings - Other internal application details 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that proper exception handling is done in ASP.NET Web API. Refer: <a href="https://aka.ms/tmtxmgmt#exception">https://aka.ms/tmtxmgmt#exception</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive information from an API through error messagesfalseIAn adversary may retrieve sensitive data (e.g, auth tokens) persisted in browser storagesource is 'SE.EI.TMCore.Browser' and target is 'SE.P.TMCore.WebAPI' TH107UserThreatDescriptionfalseAn adversary may retrieve sensitive data (e.g, auth tokens) persisted in browser storage22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that sensitive data relevant to Web API is not stored in browser's storage. Refer: <a href="https://aka.ms/tmtdata#api-browser">https://aka.ms/tmtdata#api-browser</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may retrieve sensitive data (e.g, auth tokens) persisted in browser storagefalseIAn adversary may sniff the data sent from Identity Server. This can lead to a compromise of the tokens issued by the Identity Servertarget is 'SE.P.TMCore.IdSrv'TH115UserThreatDescriptionfalseAn adversary may sniff the data sent from Identity Server. This can lead to a compromise of the tokens issued by the Identity Server22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that all traffic to Identity Server is over HTTPS connection. Refer: <a href="https://aka.ms/tmtcommsec#identity-https">https://aka.ms/tmtcommsec#identity-https</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may sniff the data sent from Identity ServerfalseISensitive attributes or fields on an Entity can be inadvertently disclosedtarget is 'SE.P.TMCore.DynamicsCRM'TH119UserThreatDescriptionfalseSensitive attributes or fields on an Entity can be inadvertently disclosed22222222-2222-2222-2222-2222222222220PossibleMitigationsfalsePerform security modelling and use Field Level Security where required. Refer: <a href="https://aka.ms/tmtauthz#modeling-field">https://aka.ms/tmtauthz#modeling-field</a> Perform security modelling and use Business Units/Teams where required. Refer: <a href="https://aka.ms/tmtdata#modeling-teams">https://aka.ms/tmtdata#modeling-teams</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221Sensitive attributes or fields on an Entity can be inadvertently disclosedfalseISensitive Entity records (containing PII, HBI information) can be inadvertently disclosed to users who should not have accesstarget is 'SE.P.TMCore.DynamicsCRM'TH121UserThreatDescriptionfalseSensitive Entity records (containing PII, HBI information) can be inadvertently disclosed to users who should not have access22222222-2222-2222-2222-2222222222220PossibleMitigationsfalsePerform security modelling and use Field Level Security where required. Refer: <a href="https://aka.ms/tmtauthz#modeling-field">https://aka.ms/tmtauthz#modeling-field</a> Perform security modelling and use Business Units/Teams where required. Refer: <a href="https://aka.ms/tmtdata#modeling-teams">https://aka.ms/tmtdata#modeling-teams</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221Sensitive Entity records (containing PII, HBI information) can be inadvertently disclosed to users who should not have accessfalseIIf a mobile device containing cached customer data in the CRM Mobile Client is lost the data could be disclosed if the device is not securedtarget is 'SE.EI.TMCore.DynamicsCRMMobileClient'TH122UserThreatDescriptionfalseIf a mobile device containing cached customer data in the CRM Mobile Client is lost the data could be disclosed if the device is not secured22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure a device management policy is in place that requires a use PIN and allows remote wiping. Refer: <a href="https://aka.ms/tmtcrypto#pin-remote">https://aka.ms/tmtcrypto#pin-remote</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221If a mobile device containing cached customer data in the CRM Mobile Client is lost the data could be disclosed if the device is not securedfalseIIf a laptop with the Dynamics CRM Outlook Client and offline data is lost the data could be disclosed if the device is not securedtarget is 'SE.EI.TMCore.DynamicsCRMOutlookClient'TH123UserThreatDescriptionfalseIf a laptop with the Dynamics CRM Outlook Client and offline data is lost the data could be disclosed if the device is not secured22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure a device management policy is in place that requires a PIN/password/auto lock and encrypts all data (e.g. Bitlocker). Refer: <a href="https://aka.ms/tmtcrypto#bitlocker">https://aka.ms/tmtcrypto#bitlocker</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221If a laptop with the Dynamics CRM Outlook Client and offline data is lost the data could be disclosed if the device is not securedfalseISecure system configuration information exposed via JScripttarget is 'SE.P.TMCore.DynamicsCRM'TH126UserThreatDescriptionfalseSecure system configuration information exposed via JScript22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseInclude a development standards rule proscribing showing config details in exception management outside development. Refer: <a href="https://aka.ms/tmtdata#exception-mgmt">https://aka.ms/tmtdata#exception-mgmt</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221Secure system configuration information exposed via JScriptfalseISecure system configuration information exposed when exception is thrown.target is 'SE.P.TMCore.DynamicsCRM'TH127UserThreatDescriptionfalseSecure system configuration information exposed when exception is thrown.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseInclude a development standards rule proscribing showing config details in exception management outside development. Refer: <a href="https://aka.ms/tmtdata#exception-mgmt">https://aka.ms/tmtdata#exception-mgmt</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221Secure system configuration information exposed when a DotNET exception is thrownfalseIAn Adversary can sniff communication channel and steal the secrets.target is 'SE.P.TMCore.WCF'TH131UserThreatDescriptionfalseAn Adversary can sniff communication channel and steal the secrets.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable HTTPS - Secure Transport channel. Refer: <a href="https://aka.ms/tmtcommsec#https-transport">https://aka.ms/tmtcommsec#https-transport</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An Adversary can sniff communication channel and steal the secrets falseIAn adversary may gain access to sensitive data stored on host machinesflow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No' flow crosses 'SE.TB.TMCore.MachineTrustBoundary'TH139UserThreatDescriptionfalseAn adversary may gain access to sensitive data stored on host machines22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseConsider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may gain access to sensitive data stored on host machinesfalseIAn adversary can read sensitive data by sniffing traffic to {target.Name}target is 'SE.P.TMCore.AzureRedis' and not target.866e2e37-a089-45bc-9576-20fc95304b82 is 'True'TH14UserThreatDescriptionfalseAn adversary can read sensitive data by sniffing traffic to {target.Name}22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that communication to {target.Name} is over SSL/TLS. Configure {target.Name} such that only connections over SSL/TLS are permitted. Also ensure that connection string(s) used by clients have the ssl flag set to true (I.e. ssl=true). Refer: <a href="https://aka.ms/tmt-th14">https://aka.ms/tmt-th14</a>.22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can read sensitive data by sniffing traffic to {target.Name}falseIAn adversary can gain access to sensitive data by sniffing traffic from Mobile clientsource is 'SE.EI.TMCore.Mobile'TH15UserThreatDescriptionfalseAn adversary can gain access to sensitive data by sniffing traffic from Mobile client22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseImplement Certificate Pinning. Refer: <a href="https://aka.ms/tmtcommsec#cert-pinning">https://aka.ms/tmtcommsec#cert-pinning</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive data by sniffing traffic from Mobile clientfalseIAn adversary can gain access to sensitive data by sniffing traffic to Web APItarget is 'SE.P.TMCore.WebAPI'TH16UserThreatDescriptionfalseAn adversary can gain access to sensitive data by sniffing traffic to Web API22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseForce all traffic to Web APIs over HTTPS connection. Refer: <a href="https://aka.ms/tmtcommsec#webapi-https">https://aka.ms/tmtcommsec#webapi-https</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive data by sniffing traffic to Web APIfalseIAn adversary can read sensitive data by sniffing unencrypted SMB traffic to {target.Name}target is 'SE.DS.TMCore.AzureStorage' and target.b3ece90f-c578-4a48-b4d4-89d97614e0d2 is 'File'TH19UserThreatDescriptionfalseAn adversary can read sensitive data by sniffing unencrypted SMB traffic to {target.Name}22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse SMB 3.0 compatible client to ensure in-transit data encryption to Azure File Shares. Refer: <a href="https://aka.ms/tmt-th19a">https://aka.ms/tmt-th19a</a> and <a href="https://aka.ms/tmt-th19b">https://aka.ms/tmt-th19b</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can read sensitive data by sniffing unencrypted SMB traffic to {target.Name}falseIIf application saves sensitive PII or HBI data on phone SD card or local storage, then it ay get stolen.source is 'SE.EI.TMCore.Mobile'TH31UserThreatDescriptionfalseIf application saves sensitive PII or HBI data on phone SD card or local storage, then it ay get stolen.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEncrypt sensitive or PII data written to phones local storage. Refer: <a href="https://aka.ms/tmtdata#pii-phones">https://aka.ms/tmtdata#pii-phones</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain sensitive data from mobile devicefalseIAn adversary may eavesdrop and interfere with the communication between {source.Name} and {target.Name} and possibly tamper the data that is transmitted.(source is 'SE.EI.TMCore.IoTdevice' or source is 'SE.GP.TMCore.IoTFieldGateway') and target is 'SE.GP.TMCore.IoTCloudGateway'TH38UserThreatDescriptionfalseAn adversary may eavesdrop and interfere with the communication between {source.Name} and {target.Name} and possibly tamper the data that is transmitted.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseSecure Device to Cloud Gateway communication using SSL/TLS. Refer: <a href="https://aka.ms/tmtcommsec#device-cloud">https://aka.ms/tmtcommsec#device-cloud</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may eavesdrop the traffic to cloud gatewayfalseIAn adversary can eaves drop on communication between application server and {target.Name} server, due to clear text communication protocol usage.(target is 'SE.DS.TMCore.SQL' and source is 'SE.P.TMCore.WebApp')TH5UserThreatDescriptionfalseAn adversary can eaves drop on communication between application server and {target.Name} server, due to clear text communication protocol usage.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure SQL server connection encryption and certificate validation. Refer: <a href="https://aka.ms/tmtcommsec#sqlserver-validation">https://aka.ms/tmtcommsec#sqlserver-validation</a> Force Encrypted communication to SQL server. Refer: <a href="https://aka.ms/tmtcommsec#encrypted-sqlserver">https://aka.ms/tmtcommsec#encrypted-sqlserver</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive data by sniffing traffic to databasefalseIAn adversary may eavesdrop and interfere with the communication between the device and the field gateway and possibly tamper the data that is transmittedsource is 'SE.EI.TMCore.IoTdevice' and target is 'SE.GP.TMCore.IoTFieldGateway'TH52UserThreatDescriptionfalseAn adversary may eavesdrop and interfere with the communication between the device and the field gateway and possibly tamper the data that is transmitted22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseSecure Device to Field Gateway communication. Refer: <a href="https://aka.ms/tmtcommsec#device-field">https://aka.ms/tmtcommsec#device-field</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may eavesdrop the communication between the device and the field gatewayfalseIAn adversary having access to {target.Name} may read sensitive clear-text datatarget is 'SE.P.TMCore.AzureDocumentDB'TH53UserThreatDescriptionfalseAn adversary having access to {target.Name} may read sensitive clear-text data22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEncrypt sensitive data before storing it in Azure Document DB.22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary having access to {target.Name} may read sensitive clear-text datafalseIAdditional controls like Transparent Data Encryption, Column Level Encryption, EKM etc. provide additional protection mechanism to high value PII or HBI data. target is 'SE.DS.TMCore.SQL'TH6UserThreatDescriptionfalseAdditional controls like Transparent Data Encryption, Column Level Encryption, EKM etc. provide additional protection mechanism to high value PII or HBI data. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse strong encryption algorithms to encrypt data in the database. Refer: <a href="https://aka.ms/tmtcrypto#strong-db">https://aka.ms/tmtcrypto#strong-db</a> Ensure that sensitive data in database columns is encrypted. Refer: <a href="https://aka.ms/tmtdata#db-encrypted">https://aka.ms/tmtdata#db-encrypted</a> Ensure that database-level encryption (TDE) is enabled. Refer: <a href="https://aka.ms/tmtdata#tde-enabled">https://aka.ms/tmtdata#tde-enabled</a> Ensure that database backups are encrypted. Refer: <a href="https://aka.ms/tmtdata#backup">https://aka.ms/tmtdata#backup</a> Use SQL server EKM to protect encryption keys. Refer: <a href="https://aka.ms/tmtcrypto#ekm-keys">https://aka.ms/tmtcrypto#ekm-keys</a> Use AlwaysEncrypted feature if encryption keys should not be revealed to Database engine. Refer: <a href="https://aka.ms/tmtcrypto#keys-engine">https://aka.ms/tmtcrypto#keys-engine</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive PII or HBI data in databasefalseEAn adversary can abuse poorly managed {target.Name} account access keys and gain unauthorized access to storage.target is 'SE.DS.TMCore.AzureStorage'TH63UserThreatDescriptionfalseAn adversary can abuse poorly managed {target.Name} account access keys and gain unauthorized access to storage.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can abuse poorly managed {target.Name} account access keysfalseIAn adversary can abuse an insecure communication channel between a client and {target.Name}target is 'SE.DS.TMCore.AzureStorage' and target.229f2e53-bc3f-476c-8ac9-57da37efd00f is 'True'target is 'SE.DS.TMCore.AzureStorage'TH65UserThreatDescriptionfalseAn adversary can abuse an insecure communication channel between a client and {target.Name}22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can abuse an insecure communication channel between a client and {target.Name}falseISecrets can be any sensitive information, such as storage connection strings, passwords, or other values that should not be handled in plain text. If secrets are not encrypted, an adversary who can gain access to them can abuse them.flow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No' flow crosses 'SE.TB.TMCore.ServiceFabric'TH73UserThreatDescriptionfalseSecrets can be any sensitive information, such as storage connection strings, passwords, or other values that should not be handled in plain text. If secrets are not encrypted, an adversary who can gain access to them can abuse them.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEncrypt secrets in Service Fabric applications. Refer: <a href="https://aka.ms/tmtdata#fabric-apps">https://aka.ms/tmtdata#fabric-apps</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to unencrypted secrets in Service Fabric applicationsfalseIAn adversary may conduct man in the middle attack and downgrade TLS connection to clear text protocol, or forcing browser communication to pass through a proxy server that he controls. This may happen because the application may use mixed content or HTTP Strict Transport Security policy is not ensured. source is 'GE.EI' and target is 'SE.P.TMCore.WebApp' and target.80fe9520-5f00-4480-ad47-f2fd75dede82 is 'Azure' TH78UserThreatDescriptionfalseAn adversary may conduct man in the middle attack and downgrade TLS connection to clear text protocol, or forcing browser communication to pass through a proxy server that he controls. This may happen because the application may use mixed content or HTTP Strict Transport Security policy is not ensured. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseConfigure SSL certificate for custom domain in Azure App Service. Refer: <a href="https://aka.ms/tmtcommsec#ssl-appservice">https://aka.ms/tmtcommsec#ssl-appservice</a> Force all traffic to Azure App Service over HTTPS connection . Refer: <a href="https://aka.ms/tmtcommsec#appservice-https">https://aka.ms/tmtcommsec#appservice-https</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive data by sniffing traffic to Azure Web AppfalseI An adversary can fingerprint web application by leveraging server header information source is 'GE.EI' and target is 'SE.P.TMCore.WebApp' and target.80fe9520-5f00-4480-ad47-f2fd75dede82 is 'Azure' TH79UserThreatDescriptionfalse An adversary can fingerprint web application by leveraging server header information 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRemove standard server headers on Windows Azure Web Sites to avoid fingerprinting. Refer: <a href="https://aka.ms/tmtconfigmgmt#standard-finger">https://aka.ms/tmtconfigmgmt#standard-finger</a>22222222-2222-2222-2222-2222222222222PriorityfalseLow22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can fingerprint an Azure web application by leveraging server header informationfalseIRobots.txt is often found in your site's root directory and exists to regulate the bots that crawl your site. This is where you can grant or deny permission to all or some specific search engine robots to access certain pages or your site as a whole. The standard for this file was developed in 1994 and is known as the Robots Exclusion Standard or Robots Exclusion Protocol. Detailed info about the robots.txt protocol can be found at robotstxt.org.(source is 'SE.EI.TMCore.Browser') and (target is 'SE.P.TMCore.WebApp')TH80UserThreatDescriptionfalseRobots.txt is often found in your site's root directory and exists to regulate the bots that crawl your site. This is where you can grant or deny permission to all or some specific search engine robots to access certain pages or your site as a whole. The standard for this file was developed in 1994 and is known as the Robots Exclusion Standard or Robots Exclusion Protocol. Detailed info about the robots.txt protocol can be found at robotstxt.org.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that administrative interfaces are appropriately locked down. Refer: <a href="https://aka.ms/tmtauthn#admin-interface-lockdown">https://aka.ms/tmtauthn#admin-interface-lockdown</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to certain pages or the site as a whole.falseISQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. target is 'SE.DS.TMCore.SQL'TH82UserThreatDescriptionfalseSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that login auditing is enabled on SQL Server. Refer: <a href="https://aka.ms/tmtauditlog#identify-sensitive-entities">https://aka.ms/tmtauditlog#identify-sensitive-entities</a> Ensure that least-privileged accounts are used to connect to Database server. Refer: <a href="https://aka.ms/tmtauthz#privileged-server">https://aka.ms/tmtauthz#privileged-server</a> Enable Threat detection on Azure SQL database. Refer: <a href="https://aka.ms/tmtauditlog#threat-detection">https://aka.ms/tmtauditlog#threat-detection</a> Do not use dynamic queries in stored procedures. Refer: <a href="https://aka.ms/tmtinputval#stored-proc">https://aka.ms/tmtinputval#stored-proc</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive data by performing SQL injectionfalseIAn adversary can gain access to the config files. and if sensitive data is stored in it, it would be compromised.target is 'SE.P.TMCore.WebAPI'TH83UserThreatDescriptionfalseAn adversary can gain access to the config files. and if sensitive data is stored in it, it would be compromised.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEncrypt sections of Web API's configuration files that contain sensitive data. Refer: <a href="https://aka.ms/tmtconfigmgmt#config-sensitive">https://aka.ms/tmtconfigmgmt#config-sensitive</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive data stored in Web API's config filesfalseIAn adversary may conduct man in the middle attack and downgrade TLS connection to clear text protocol, or forcing browser communication to pass through a proxy server that he controls. This may happen because the application may use mixed content or HTTP Strict Transport Security policy is not ensured.(source is 'SE.EI.TMCore.Browser' and target is 'SE.P.TMCore.WebApp')TH9UserThreatDescriptionfalseAn adversary may conduct man in the middle attack and downgrade TLS connection to clear text protocol, or forcing browser communication to pass through a proxy server that he controls. This may happen because the application may use mixed content or HTTP Strict Transport Security policy is not ensured.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseApplications available over HTTPS must use secure cookies. Refer: <a href="https://aka.ms/tmtsmgmt#https-secure-cookies">https://aka.ms/tmtsmgmt#https-secure-cookies</a> Enable HTTP Strict Transport Security (HSTS). Refer: <a href="https://aka.ms/tmtcommsec#http-hsts">https://aka.ms/tmtcommsec#http-hsts</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive data by sniffing traffic to Web ApplicationfalseIIf an adversary can gain access to Azure VMs, sensitive data in the VM can be disclosed if the OS in the VM is not encryptedflow crosses 'SE.TB.TMCore.AzureIaaSVMTrustBoundary'TH93UserThreatDescriptionfalseIf an adversary can gain access to Azure VMs, sensitive data in the VM can be disclosed if the OS in the VM is not encrypted22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse Azure Disk Encryption to encrypt disks used by Virtual Machines. Refer: <a href="https://aka.ms/tmtdata#disk-vm">https://aka.ms/tmtdata#disk-vm</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may gain access to sensitive data stored in Azure Virtual MachinesfalseIAn adversary can gain access to sensitive data such as the following, through verbose error messages - Server names - Connection strings - Usernames - Passwords - SQL procedures - Details of dynamic SQL failures - Stack trace and lines of code - Variables stored in memory - Drive and folder locations - Application install points - Host configuration settings - Other internal application details target is 'SE.P.TMCore.WebApp'TH94UserThreatDescriptionfalseAn adversary can gain access to sensitive data such as the following, through verbose error messages - Server names - Connection strings - Usernames - Passwords - SQL procedures - Details of dynamic SQL failures - Stack trace and lines of code - Variables stored in memory - Drive and folder locations - Application install points - Host configuration settings - Other internal application details 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseDo not expose security details in error messages. Refer: <a href="https://aka.ms/tmtxmgmt#messages">https://aka.ms/tmtxmgmt#messages</a> Implement Default error handling page. Refer: <a href="https://aka.ms/tmtxmgmt#default">https://aka.ms/tmtxmgmt#default</a> Set Deployment Method to Retail in IIS. Refer: <a href="https://aka.ms/tmtxmgmt#deployment">https://aka.ms/tmtxmgmt#deployment</a> Exceptions should fail safely. Refer: <a href="https://aka.ms/tmtxmgmt#fail">https://aka.ms/tmtxmgmt#fail</a> ASP.NET applications must disable tracing and debugging prior to deployment. Refer: <a href="https://aka.ms/tmtconfigmgmt#trace-deploy">https://aka.ms/tmtconfigmgmt#trace-deploy</a> Implement controls to prevent username enumeration. Refer: <a href="https://aka.ms/tmtauthn#controls-username-enum">https://aka.ms/tmtauthn#controls-username-enum</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive information through error messagesfalseIAn adversary may gain access to sensitive data from uncleared browser cachesource is 'SE.EI.TMCore.Browser' and target is 'SE.P.TMCore.WebApp'TH99UserThreatDescriptionfalseAn adversary may gain access to sensitive data from uncleared browser cache22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that sensitive content is not cached on the browser. Refer: <a href="https://aka.ms/tmtdata#cache-browser">https://aka.ms/tmtdata#cache-browser</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain access to sensitive data from uncleared browser cachefalseRAttacker can deny a malicious act on an API leading to repudiation issuestarget is 'SE.P.TMCore.WebAPI'TH109UserThreatDescriptionfalseAttacker can deny a malicious act on an API leading to repudiation issues22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that auditing and logging is enforced on Web API. Refer: <a href="https://aka.ms/tmtauditlog#logging-web-api">https://aka.ms/tmtauditlog#logging-web-api</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221Attacker can deny a malicious act on an API leading to repudiation issuesfalseRThis is due to the Last Modified By field being overwritten on each save(target is 'SE.P.TMCore.DynamicsCRM')TH118UserThreatDescriptionfalseThis is due to the Last Modified By field being overwritten on each save22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseIdentify sensitive entities in your solution and implement change auditing. Refer: <a href="https://aka.ms/tmtauditlog#sensitive-entities">https://aka.ms/tmtauditlog#sensitive-entities</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221A malicious user can deny they made a change to {target.Name}falseRProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system.target is 'SE.DS.TMCore.AzureStorage'TH20UserThreatDescriptionfalseProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can deny actions on {target.Name} due to lack of auditing falseRProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system.target is 'SE.DS.TMCore.SQL' TH3UserThreatDescriptionfalseProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that login auditing is enabled on SQL Server. Refer: <a href="https://aka.ms/tmtauditlog#identify-sensitive-entities">https://aka.ms/tmtauditlog#identify-sensitive-entities</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can deny actions on database due to lack of auditingfalseRProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a systemtarget is 'SE.P.TMCore.WebApp'TH30UserThreatDescriptionfalseProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that auditing and logging is enforced on the application. Refer: <a href="https://aka.ms/tmtauditlog#auditing">https://aka.ms/tmtauditlog#auditing</a> Ensure that log rotation and separation are in place. Refer: <a href="https://aka.ms/tmtauditlog#log-rotation">https://aka.ms/tmtauditlog#log-rotation</a> Ensure that Audit and Log Files have Restricted Access. Refer: <a href="https://aka.ms/tmtauditlog#log-restricted-access">https://aka.ms/tmtauditlog#log-restricted-access</a> Ensure that User Management Events are Logged. Refer: <a href="https://aka.ms/tmtauditlog#user-management">https://aka.ms/tmtauditlog#user-management</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221Attacker can deny the malicious act and remove the attack foot prints leading to repudiation issuesfalseRAn adversary may perform actions such as spoofing attempts, unauthorized access etc. on Cloud gateway. It is important to monitor these attempts so that adversary cannot deny these actionstarget is 'SE.GP.TMCore.IoTCloudGateway'TH34UserThreatDescriptionfalseAn adversary may perform actions such as spoofing attempts, unauthorized access etc. on Cloud gateway. It is important to monitor these attempts so that adversary cannot deny these actions22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that appropriate auditing and logging is enforced on Cloud Gateway. Refer: <a href="https://aka.ms/tmtauditlog#logging-cloud-gateway">https://aka.ms/tmtauditlog#logging-cloud-gateway</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary can deny actions on Cloud Gateway due to lack of auditingfalseRAn adversary may perform actions such as spoofing attempts, unauthorized access etc. on Field gateway. It is important to monitor these attempts so that adversary cannot deny these actionstarget is 'SE.GP.TMCore.IoTFieldGateway'TH49UserThreatDescriptionfalseAn adversary may perform actions such as spoofing attempts, unauthorized access etc. on Field gateway. It is important to monitor these attempts so that adversary cannot deny these actions22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that appropriate auditing and logging is enforced on Field Gateway. Refer: <a href="https://aka.ms/tmtauditlog#logging-field-gateway">https://aka.ms/tmtauditlog#logging-field-gateway</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary can deny actions on Field Gateway due to lack of auditingfalseRProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. source is 'GE.EI' and target is 'SE.P.TMCore.WebApp' and target.80fe9520-5f00-4480-ad47-f2fd75dede82 is 'Azure'TH77UserThreatDescriptionfalseProper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable diagnostics logging for web apps in Azure App Service. Refer: <a href="https://aka.ms/tmtauditlog#diagnostics-logging">https://aka.ms/tmtauditlog#diagnostics-logging</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can deny actions on Azure App Service due to lack of auditingfalseSAn adversary can bypass authentication due to non-standard Azure AD authentication schemestarget is 'SE.P.TMCore.AzureAD'TH11UserThreatDescriptionfalseAn adversary can bypass authentication due to non-standard Azure AD authentication schemes22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse standard authentication scenarios supported by Azure Active Directory. Refer: <a href="https://aka.ms/tmtauthn#authn-aad">https://aka.ms/tmtauthn#authn-aad</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can bypass authentication due to non-standard Azure AD authentication schemesfalseSAn adversary can bypass authentication due to non-standard Identity Server authentication schemestarget is 'SE.P.TMCore.IdSrv'TH111UserThreatDescriptionfalseAn adversary can bypass authentication due to non-standard Identity Server authentication schemes22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse standard authentication scenarios supported by Identity Server. Refer: <a href="https://aka.ms/tmtauthn#standard-authn-id">https://aka.ms/tmtauthn#standard-authn-id</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary can bypass authentication due to non-standard Identity Server authentication schemesfalseSAn adversary can get access to a user's session due to improper logout from Identity Servertarget is 'SE.P.TMCore.IdSrv'TH113UserThreatDescriptionfalseAn adversary can get access to a user's session due to improper logout from Identity Server22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseImplement proper logout when using Identity Server. Refer: <a href="https://aka.ms/tmtsmgmt#proper-logout">https://aka.ms/tmtsmgmt#proper-logout</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can get access to a user's session due to improper logout from Identity ServerfalseSAn adversary can abuse poorly managed signing keys of Identity Server. In case of key compromise, an adversary will be able to create valid auth tokens using the stolen keys and gain access to the resources protected by Identity server.target is 'SE.P.TMCore.IdSrv'TH114UserThreatDescriptionfalseAn adversary can abuse poorly managed signing keys of Identity Server. In case of key compromise, an adversary will be able to create valid auth tokens using the stolen keys and gain access to the resources protected by Identity server.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that signing keys are rolled over when using Identity Server. Refer: <a href="https://aka.ms/tmtcrypto#rolled-server">https://aka.ms/tmtcrypto#rolled-server</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may issue valid tokens if Identity server's signing keys are compromisedfalseSAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.flow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No'flow crosses 'SE.TB.TMCore.AzureTrustBoundary' TH117UserThreatDescriptionfalseAn adversary may spoof an Azure administrator and gain access to Azure subscription portal if the administrator's credentials are compromised.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable fine-grained access management to Azure Subscription using RBAC. Refer: <a href="https://aka.ms/tmtauthz#grained-rbac">https://aka.ms/tmtauthz#grained-rbac</a> Enable Azure Multi-Factor Authentication for Azure Administrators. Refer: <a href="https://aka.ms/tmtauthn#multi-factor-azure-admin">https://aka.ms/tmtauthn#multi-factor-azure-admin</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may spoof an Azure administrator and gain access to Azure subscription portalfalseSAn adversary can get access to a user's session by replaying authentication tokens (source is 'GE.P' or source is 'GE.EI') and target is 'SE.P.TMCore.AzureAD'TH12UserThreatDescriptionfalseAn adversary can get access to a user's session by replaying authentication tokens 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that TokenReplayCache is used to prevent the replay of ADAL authentication tokens. Refer: <a href="https://aka.ms/tmtauthn#tokenreplaycache-adal">https://aka.ms/tmtauthn#tokenreplaycache-adal</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can get access to a user's session by replaying authentication tokens falseSAn adversary may gain access to the field gateway by leveraging default login credentials. target is 'SE.GP.TMCore.IoTFieldGateway'TH129UserThreatDescriptionfalseAn adversary may gain access to the field gateway by leveraging default login credentials. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that the default login credentials of the field gateway are changed during installation. Refer: <a href="https://aka.ms/tmtconfigmgmt#default-change">https://aka.ms/tmtconfigmgmt#default-change</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may gain access to the field gateway by leveraging default login credentials. falseSAn adversary can gain unauthorized access to API end points due to weak CORS configurationsource is 'SE.EI.TMCore.Browser' and target is 'SE.P.TMCore.WebAPI'TH13UserThreatDescriptionfalseAn adversary can gain unauthorized access to API end points due to weak CORS configuration22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that only trusted origins are allowed if CORS is enabled on ASP.NET Web API. Refer: <a href="https://aka.ms/tmtconfigmgmt#cors-api">https://aka.ms/tmtconfigmgmt#cors-api</a> Mitigate against Cross-Site Request Forgery (CSRF) attacks on ASP.NET Web APIs. Refer: <a href="https://aka.ms/tmtsmgmt#csrf-api">https://aka.ms/tmtsmgmt#csrf-api</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to API end points due to unrestricted cross domain requestsfalseSAn adversary may guess the client id and secrets of registered applications and impersonate them target is 'SE.P.TMCore.IdSrv'TH133UserThreatDescriptionfalseAn adversary may guess the client id and secrets of registered applications and impersonate them 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that cryptographically strong client id, client secret are used in Identity Server. Refer: <a href="https://aka.ms/tmtcrypto#client-server">https://aka.ms/tmtcrypto#client-server</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may guess the client id and secrets of registered applications and impersonate themfalseEAn adversary can gain unauthorized access to {target.Name} due to weak CORS configurationtarget is 'SE.DS.TMCore.AzureStorage' and target.c63455d0-ad77-4b08-aa02-9f8026bb056f is 'False'target is 'SE.DS.TMCore.AzureStorage'TH21UserThreatDescriptionfalseAn adversary can gain unauthorized access to {target.Name} due to weak CORS configuration22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to {target.Name} due to weak CORS configurationfalseSThe session cookies is the identifier by which the server knows the identity of current user for each incoming request. If the attacker is able to steal the user token he would be able to access all user data and perform all actions on behalf of user.source is 'SE.EI.TMCore.Browser' and target is 'SE.P.TMCore.WebApp'TH22UserThreatDescriptionfalseThe session cookies is the identifier by which the server knows the identity of current user for each incoming request. If the attacker is able to steal the user token he would be able to access all user data and perform all actions on behalf of user.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseSet up session for inactivity lifetime. Refer: <a href="https://aka.ms/tmtsmgmt#inactivity-lifetime">https://aka.ms/tmtsmgmt#inactivity-lifetime</a> Implement proper logout from the application. Refer: <a href="https://aka.ms/tmtsmgmt#proper-app-logout">https://aka.ms/tmtsmgmt#proper-app-logout</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can get access to a user's session due to improper logout and timeoutfalseSThe session cookies is the identifier by which the server knows the identity of current user for each incoming request. If the attacker is able to steal the user token he would be able to access all user data and perform all actions on behalf of user.source is 'SE.EI.TMCore.Browser' and target is 'SE.P.TMCore.WebApp'TH23UserThreatDescriptionfalseThe session cookies is the identifier by which the server knows the identity of current user for each incoming request. If the attacker is able to steal the user token he would be able to access all user data and perform all actions on behalf of user.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable ValidateRequest attribute on ASP.NET Pages. Refer: <a href="https://aka.ms/tmtconfigmgmt#validate-aspnet">https://aka.ms/tmtconfigmgmt#validate-aspnet</a> Encode untrusted web output prior to rendering. Refer: <a href="https://aka.ms/tmtinputval#rendering">https://aka.ms/tmtinputval#rendering</a> Avoid using Html.Raw in Razor views. Refer: <a href="https://aka.ms/tmtinputval#html-razor">https://aka.ms/tmtinputval#html-razor</a> Sanitization should be applied on form fields that accept all characters e.g, rich text editor . Refer: <a href="https://aka.ms/tmtinputval#richtext">https://aka.ms/tmtinputval#richtext</a> Do not assign DOM elements to sinks that do not have inbuilt encoding . Refer: <a href="https://aka.ms/tmtinputval#inbuilt-encode">https://aka.ms/tmtinputval#inbuilt-encode</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can get access to a user's session due to insecure coding practicesfalseSEnsure that TLS certificate parameters are configured with correct valuestarget is 'SE.P.TMCore.WebApp'TH32UserThreatDescriptionfalseEnsure that TLS certificate parameters are configured with correct values22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseVerify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can spoof the target web application due to insecure TLS certificate configurationfalseSAn adversary may replacing the {source.Name} or part of the {source.Name} with some other {source.Name}. (source is 'SE.EI.TMCore.IoTdevice' or source is 'SE.GP.TMCore.IoTFieldGateway') and (target is 'SE.GP.TMCore.IoTFieldGateway' or target is 'SE.GP.TMCore.IoTCloudGateway')TH35UserThreatDescriptionfalseAn adversary may replacing the {source.Name} or part of the {source.Name} with some other {source.Name}. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that devices connecting to Field or Cloud gateway are authenticated. Refer: <a href="https://aka.ms/tmtauthn#authn-devices-cloud">https://aka.ms/tmtauthn#authn-devices-cloud</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may spoof {source.Name} with a fake onefalseSAn attacker may extract cryptographic key material from {source.Name}, either at the software or hardware level, and subsequently access the system with a different physical or virtual {source.Name} under the identity of the {source.Name} the key material has been taken from. A good illustration is remote controls that can turn any TV and that are popular prankster tools.(source is 'SE.EI.TMCore.IoTdevice' or source is 'SE.GP.TMCore.IoTFieldGateway') and (target is 'SE.GP.TMCore.IoTFieldGateway' or target is 'SE.GP.TMCore.IoTCloudGateway')TH36UserThreatDescriptionfalseAn attacker may extract cryptographic key material from {source.Name}, either at the software or hardware level, and subsequently access the system with a different physical or virtual {source.Name} under the identity of the {source.Name} the key material has been taken from. A good illustration is remote controls that can turn any TV and that are popular prankster tools.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse per-device authentication credentials. Refer: <a href="https://aka.ms/tmtauthn#authn-cred">https://aka.ms/tmtauthn#authn-cred</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may reuse the authentication tokens of {source.Name} in anotherfalseSAn adversary may predict and generate valid security tokens to authenticate to IoT Hub, by leveraging weak encryption keys(source is 'SE.EI.TMCore.IoTdevice' or source is 'SE.GP.TMCore.IoTFieldGateway') and target is 'SE.GP.TMCore.IoTCloudGateway'TH40UserThreatDescriptionfalseAn adversary may predict and generate valid security tokens to authenticate to IoT Hub, by leveraging weak encryption keys22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseGenerate a random symmetric key of sufficient length for authentication to IoT Hub. Refer: <a href="https://aka.ms/tmtcrypto#random-hub">https://aka.ms/tmtcrypto#random-hub</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may auto-generate valid authentication tokens for IoT HubfalseSAn adversary may get access to SaS tokens used to authenticate to IoT Hub. If the lifetime of these tokens is not finite, the adversary may replay the stolen tokens indefinitely(source is 'SE.EI.TMCore.IoTdevice' or source is 'SE.GP.TMCore.IoTFieldGateway') and target is 'SE.GP.TMCore.IoTCloudGateway'TH44UserThreatDescriptionfalseAn adversary may get access to SaS tokens used to authenticate to IoT Hub. If the lifetime of these tokens is not finite, the adversary may replay the stolen tokens indefinitely22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse finite lifetimes for generated SaS tokens. Refer: <a href="https://aka.ms/tmtsmgmt#finite-tokens">https://aka.ms/tmtsmgmt#finite-tokens</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may replay stolen long-lived SaS tokens of IoT HubfalseSAn adversary may spoof a device and connect to field gateway. This may be achieved even when the device is registered in Cloud gateway since the field gateway may not be in sync with the device identities in cloud gatewaysource is 'SE.EI.TMCore.IoTdevice' and target is 'SE.GP.TMCore.IoTFieldGateway'TH50UserThreatDescriptionfalseAn adversary may spoof a device and connect to field gateway. This may be achieved even when the device is registered in Cloud gateway since the field gateway may not be in sync with the device identities in cloud gateway22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseAuthenticate devices connecting to the Field Gateway. Refer: <a href="https://aka.ms/tmtauthn#authn-devices-field">https://aka.ms/tmtauthn#authn-devices-field</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may spoof a device and connect to field gatewayfalseEAn adversary may reuse a stolen long-lived resource token, access key or connection string to access an {target.Name} instancetarget is 'SE.P.TMCore.AzureDocumentDB'TH55UserThreatDescriptionfalseAn adversary may reuse a stolen long-lived resource token, access key or connection string to access an {target.Name} instance22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse minimum token lifetimes for generated resource tokens. Rotate secrets (e.g. resource tokens, access keys and passwords in connection strings) frequently, in accordance with your organization's policies. Refer: <a href="https://aka.ms/tmt-th55">https://aka.ms/tmt-th55</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may reuse a stolen long-lived resource token, access key or connection string to access an {target.Name} instancefalseSIf multiple devices use the same SaS token, then an adversary can spoof any device using a token that he or she has access totarget is 'SE.P.TMCore.AzureEventHub'TH58UserThreatDescriptionfalseIf multiple devices use the same SaS token, then an adversary can spoof any device using a token that he or she has access to22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse per device authentication credentials using SaS tokens. Refer: <a href="https://aka.ms/tmtauthn#authn-sas-tokens">https://aka.ms/tmtauthn#authn-sas-tokens</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may spoof a device by reusing the authentication tokens of one device in anotherfalseSIf a service fabric cluster is not secured, it allow any anonymous user to connect to it if it exposes management endpoints to the public Internet.flow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No'flow crosses 'SE.TB.TMCore.ServiceFabric'TH68UserThreatDescriptionfalseIf a service fabric cluster is not secured, it allow any anonymous user to connect to it if it exposes management endpoints to the public Internet.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRestrict anonymous access to Service Fabric Cluster. Refer: <a href="https://aka.ms/tmtauthn#anon-access-cluster">https://aka.ms/tmtauthn#anon-access-cluster</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to resources in Service FabricfalseSIf the same certificate that is used for node-to-node security is used for client-to-node security, it will be easy for an adversary to spoof and join a new node, in case the client-to-node certificate (which is often stored locally) is compromisedflow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No'flow crosses 'SE.TB.TMCore.ServiceFabric'TH69UserThreatDescriptionfalseIf the same certificate that is used for node-to-node security is used for client-to-node security, it will be easy for an adversary to spoof and join a new node, in case the client-to-node certificate (which is often stored locally) is compromised22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that Service Fabric client-to-node certificate is different from node-to-node certificate. Refer: <a href="https://aka.ms/tmtauthn#fabric-cn-nn">https://aka.ms/tmtauthn#fabric-cn-nn</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can spoof a node and access Service Fabric clusterfalseSAttackers can exploit weaknesses in system to steal user credentials. Downstream and upstream components are often accessed by using credentials stored in configuration stores. Attackers may steal the upstream or downstream component credentials. Attackers may steal credentials if, Credentials are stored and sent in clear text, Weak input validation coupled with dynamic sql queries, Password retrieval mechanism are poor, (target is 'SE.P.TMCore.WebApp')TH7UserThreatDescriptionfalseAttackers can exploit weaknesses in system to steal user credentials. Downstream and upstream components are often accessed by using credentials stored in configuration stores. Attackers may steal the upstream or downstream component credentials. Attackers may steal credentials if, Credentials are stored and sent in clear text, Weak input validation coupled with dynamic sql queries, Password retrieval mechanism are poor, 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseExplicitly disable the autocomplete HTML attribute in sensitive forms and inputs. Refer: <a href="https://aka.ms/tmtdata#autocomplete-input">https://aka.ms/tmtdata#autocomplete-input</a> Perform input validation and filtering on all string type Model properties. Refer: <a href="https://aka.ms/tmtinputval#typemodel">https://aka.ms/tmtinputval#typemodel</a> Validate all redirects within the application are closed or done safely. Refer: <a href="https://aka.ms/tmtinputval#redirect-safe">https://aka.ms/tmtinputval#redirect-safe</a> Enable step up or adaptive authentication. Refer: <a href="https://aka.ms/tmtauthn#step-up-adaptive-authn">https://aka.ms/tmtauthn#step-up-adaptive-authn</a> Implement forgot password functionalities securely. Refer: <a href="https://aka.ms/tmtauthn#forgot-pword-fxn">https://aka.ms/tmtauthn#forgot-pword-fxn</a> Ensure that password and account policy are implemented. Refer: <a href="https://aka.ms/tmtauthn#pword-account-policy">https://aka.ms/tmtauthn#pword-account-policy</a> Implement input validation on all string type parameters accepted by Controller methods. Refer: <a href="https://aka.ms/tmtinputval#string-method">https://aka.ms/tmtinputval#string-method</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can steal sensitive data like user credentialsfalseSAzure AD authentication provides better control on identity management and hence it is a better alternative to authenticate clients to Service Fabricflow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No'flow crosses 'SE.TB.TMCore.ServiceFabric'TH70UserThreatDescriptionfalseAzure AD authentication provides better control on identity management and hence it is a better alternative to authenticate clients to Service Fabric22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse AAD to authenticate clients to service fabric clusters. Refer: <a href="https://aka.ms/tmtauthn#aad-client-fabric">https://aka.ms/tmtauthn#aad-client-fabric</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary can potentially spoof a client if weaker client authentication channels are usedfalseSIf self-signed or test certificates are stolen, it would be difficult to revoke them. An adversary can use stolen certificates and continue to get access to Service Fabric cluster.flow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No'flow crosses 'SE.TB.TMCore.ServiceFabric'TH72UserThreatDescriptionfalseIf self-signed or test certificates are stolen, it would be difficult to revoke them. An adversary can use stolen certificates and continue to get access to Service Fabric cluster.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that service fabric certificates are obtained from an approved Certificate Authority (CA). Refer: <a href="https://aka.ms/tmtauthn#fabric-cert-ca">https://aka.ms/tmtauthn#fabric-cert-ca</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary can spoof a node in Service Fabric cluster by using stolen certificatesfalseSOn a public client (e.g. a mobile device), refresh tokens may be stolen and used by an attacker to obtain access to the API. Depending on the client type, there are different ways that tokens may be revealed to an attacker and therefore different ways to protect them, some involving how the software using the tokens requests, stores and refreshes them.source is 'SE.EI.TMCore.Mobile' and target is 'SE.P.TMCore.WebAPI'TH74UserThreatDescriptionfalseOn a public client (e.g. a mobile device), refresh tokens may be stolen and used by an attacker to obtain access to the API. Depending on the client type, there are different ways that tokens may be revealed to an attacker and therefore different ways to protect them, some involving how the software using the tokens requests, stores and refreshes them.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse ADAL libraries to manage token requests from OAuth2 clients to AAD (or on-premises AD). Refer: <a href="https://aka.ms/tmtauthn#adal-oauth2">https://aka.ms/tmtauthn#adal-oauth2</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary obtains refresh or access tokens from {source.Name} and uses them to obtain access to the {target.Name} APIfalseSThe session cookies is the identifier by which the server knows the identity of current user for each incoming request. If the attacker is able to steal the user token he would be able to access all user data and perform all actions on behalf of user. source is 'SE.P.TMCore.WebApp' and target is 'SE.P.TMCore.AzureAD'TH75UserThreatDescriptionfalseThe session cookies is the identifier by which the server knows the identity of current user for each incoming request. If the attacker is able to steal the user token he would be able to access all user data and perform all actions on behalf of user. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseImplement proper logout using ADAL methods when using Azure AD. Refer: <a href="https://aka.ms/tmtsmgmt#logout-adal">https://aka.ms/tmtsmgmt#logout-adal</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can get access to a user's session due to improper logout from Azure ADfalseSThe session cookies is the identifier by which the server knows the identity of current user for each incoming request. If the attacker is able to steal the user token he would be able to access all user data and perform all actions on behalf of user. source is 'SE.P.TMCore.WebApp' and target is 'SE.P.TMCore.ADFS'TH76UserThreatDescriptionfalseThe session cookies is the identifier by which the server knows the identity of current user for each incoming request. If the attacker is able to steal the user token he would be able to access all user data and perform all actions on behalf of user. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseImplement proper logout using WsFederation methods when using ADFS. Refer: <a href="https://aka.ms/tmtsmgmt#wsfederation-logout">https://aka.ms/tmtsmgmt#wsfederation-logout</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can get access to a user's session due to improper logout from ADFSfalseSThe session cookies is the identifier by which the server knows the identity of current user for each incoming request. If the attacker is able to steal the user token he would be able to access all user data and perform all actions on behalf of user. (source is 'SE.EI.TMCore.Browser' and target is 'SE.P.TMCore.WebApp')TH8UserThreatDescriptionfalseThe session cookies is the identifier by which the server knows the identity of current user for each incoming request. If the attacker is able to steal the user token he would be able to access all user data and perform all actions on behalf of user. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseApplications available over HTTPS must use secure cookies. Refer: <a href="https://aka.ms/tmtsmgmt#https-secure-cookies">https://aka.ms/tmtsmgmt#https-secure-cookies</a> All http based application should specify http only for cookie definition. Refer: <a href="https://aka.ms/tmtsmgmt#cookie-definition">https://aka.ms/tmtsmgmt#cookie-definition</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221Attackers can steal user session cookies due to insecure cookie attributesfalseSPhishing is attempted to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a Web Server which is a trustworthy entity in electronic communicationtarget is 'SE.P.TMCore.WebApp'TH81UserThreatDescriptionfalsePhishing is attempted to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a Web Server which is a trustworthy entity in electronic communication22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseVerify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a> Ensure that authenticated ASP.NET pages incorporate UI Redressing or clickjacking defences. Refer: <a href="https://aka.ms/tmtconfigmgmt#ui-defenses">https://aka.ms/tmtconfigmgmt#ui-defenses</a> Validate all redirects within the application are closed or done safely. Refer: <a href="https://aka.ms/tmtinputval#redirect-safe">https://aka.ms/tmtinputval#redirect-safe</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can create a fake website and launch phishing attacksfalseSAn adversary can gain access to Azure storage containers and blobs if anonymous access is provided to potentially sensitive data accidentally. target is 'SE.DS.TMCore.AzureStorage' and target.b3ece90f-c578-4a48-b4d4-89d97614e0d2 is 'Blob'TH85UserThreatDescriptionfalseAn adversary can gain access to Azure storage containers and blobs if anonymous access is provided to potentially sensitive data accidentally.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that only the required containers and blobs are given anonymous read access. Refer: <a href="https://aka.ms/tmt-th85">https://aka.ms/tmt-th85</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can access Azure storage blobs and containers anonymouslyfalseSIf proper authentication is not in place, an adversary can spoof a source process or external entity and gain unauthorized access to the Web Applicationtarget is 'SE.P.TMCore.WebApp'TH86UserThreatDescriptionfalseIf proper authentication is not in place, an adversary can spoof a source process or external entity and gain unauthorized access to the Web Application22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseConsider using a standard authentication mechanism to authenticate to Web Application. Refer: <a href="https://aka.ms/tmtauthn#standard-authn-web-app">https://aka.ms/tmtauthn#standard-authn-web-app</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may spoof {source.Name} and gain access to Web ApplicationfalseSIf proper authentication is not in place, an adversary can spoof a source process or external entity and gain unauthorized access to the Web Application target is 'SE.P.TMCore.WebAPI'TH87UserThreatDescriptionfalseIf proper authentication is not in place, an adversary can spoof a source process or external entity and gain unauthorized access to the Web Application 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that standard authentication techniques are used to secure Web APIs. Refer: <a href="https://aka.ms/tmtauthn#authn-secure-api">https://aka.ms/tmtauthn#authn-secure-api</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may spoof {source.Name} and gain access to Web APIfalseTAn adversary can execute remote code on the server through XSLT scriptingtarget is 'SE.P.TMCore.WebApp' and target.df53c172-b70c-412c-9e99-a6fbc10748ee is 'Yes'TH100UserThreatDescriptionfalseAn adversary can execute remote code on the server through XSLT scripting22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseDisable XSLT scripting for all transforms using untrusted style sheets. Refer: <a href="https://aka.ms/tmtinputval#disable-xslt">https://aka.ms/tmtinputval#disable-xslt</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can execute remote code on the server through XSLT scriptingfalseTAn adversary can tamper critical database securables and deny the actiontarget is 'SE.DS.TMCore.SQL'TH105UserThreatDescriptionfalseAn adversary can tamper critical database securables and deny the action22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseAdd digital signature to critical database securables. Refer: <a href="https://aka.ms/tmtcrypto#securables-db">https://aka.ms/tmtcrypto#securables-db</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary can tamper critical database securables and deny the actionfalseTAn adversary may inject malicious inputs into an API and affect downstream processestarget is 'SE.P.TMCore.WebAPI'TH108UserThreatDescriptionfalseAn adversary may inject malicious inputs into an API and affect downstream processes22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that model validation is done on Web API methods. Refer: <a href="https://aka.ms/tmtinputval#validation-api">https://aka.ms/tmtinputval#validation-api</a> Implement input validation on all string type parameters accepted by Web API methods. Refer: <a href="https://aka.ms/tmtinputval#string-api">https://aka.ms/tmtinputval#string-api</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may inject malicious inputs into an API and affect downstream processesfalseTAn Adversary can view the message and may tamper the message target is 'SE.P.TMCore.WCF'TH132UserThreatDescriptionfalseAn Adversary can view the message and may tamper the message 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseWCF: Set Message security Protection level to EncryptAndSign. Refer: <a href="https://aka.ms/tmtcommsec#message-protection">https://aka.ms/tmtcommsec#message-protection</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An Adversary can view the message and may tamper the message falseTAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. flow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No' flow crosses 'SE.TB.TMCore.MachineTrustBoundary'TH134UserThreatDescriptionfalseAn adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devicesfalseTAn adversary may reverse engineer deployed binariesflow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No'flow crosses 'SE.TB.TMCore.MachineTrustBoundary'TH137UserThreatDescriptionfalseAn adversary may reverse engineer deployed binaries22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may reverse engineer deployed binariesfalseTAn adversary may tamper deployed binariesflow.23e2b6f4-fcd8-4e76-a04a-c9ff9aff4f59 is 'No'flow crosses 'SE.TB.TMCore.MachineTrustBoundary'TH138UserThreatDescriptionfalseAn adversary may tamper deployed binaries22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may tamper deployed binariesfalseTWebsite defacement is an attack on a website where the attacker changes the visual appearance of the site or a webpage. source is 'SE.EI.TMCore.Browser' and target is 'SE.P.TMCore.WebApp'TH24UserThreatDescriptionfalseWebsite defacement is an attack on a website where the attacker changes the visual appearance of the site or a webpage. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseImplement Content Security Policy (CSP), and disable inline javascript. Refer: <a href="https://aka.ms/tmtconfigmgmt#csp-js">https://aka.ms/tmtconfigmgmt#csp-js</a> Enable browser's XSS filter. Refer: <a href="https://aka.ms/tmtconfigmgmt#xss-filter">https://aka.ms/tmtconfigmgmt#xss-filter</a> Access third party javascripts from trusted sources only. Refer: <a href="https://aka.ms/tmtconfigmgmt#js-trusted">https://aka.ms/tmtconfigmgmt#js-trusted</a> Enable ValidateRequest attribute on ASP.NET Pages. Refer: <a href="https://aka.ms/tmtconfigmgmt#validate-aspnet">https://aka.ms/tmtconfigmgmt#validate-aspnet</a> Ensure that each page that could contain user controllable content opts out of automatic MIME sniffing . Refer: <a href="https://aka.ms/tmtinputval#out-sniffing">https://aka.ms/tmtinputval#out-sniffing</a> Use locally-hosted latest versions of JavaScript libraries . Refer: <a href="https://aka.ms/tmtconfigmgmt#local-js">https://aka.ms/tmtconfigmgmt#local-js</a> Ensure appropriate controls are in place when accepting files from users. Refer: <a href="https://aka.ms/tmtinputval#controls-users">https://aka.ms/tmtinputval#controls-users</a> Disable automatic MIME sniffing. Refer: <a href="https://aka.ms/tmtconfigmgmt#mime-sniff">https://aka.ms/tmtconfigmgmt#mime-sniff</a> Encode untrusted web output prior to rendering. Refer: <a href="https://aka.ms/tmtinputval#rendering">https://aka.ms/tmtinputval#rendering</a> Perform input validation and filtering on all string type Model properties. Refer: <a href="https://aka.ms/tmtinputval#typemodel">https://aka.ms/tmtinputval#typemodel</a> Ensure that the system has inbuilt defences against misuse. Refer: <a href="https://aka.ms/tmtauditlog#inbuilt-defenses">https://aka.ms/tmtauditlog#inbuilt-defenses</a> Enable HTTP Strict Transport Security (HSTS). Refer: <a href="https://aka.ms/tmtcommsec#http-hsts">https://aka.ms/tmtcommsec#http-hsts</a> Implement input validation on all string type parameters accepted by Controller methods. Refer: <a href="https://aka.ms/tmtinputval#string-method">https://aka.ms/tmtinputval#string-method</a> Avoid using Html.Raw in Razor views. Refer: <a href="https://aka.ms/tmtinputval#html-razor">https://aka.ms/tmtinputval#html-razor</a> Sanitization should be applied on form fields that accept all characters e.g, rich text editor . Refer: <a href="https://aka.ms/tmtinputval#richtext">https://aka.ms/tmtinputval#richtext</a> Do not assign DOM elements to sinks that do not have inbuilt encoding . Refer: <a href="https://aka.ms/tmtinputval#inbuilt-encode">https://aka.ms/tmtinputval#inbuilt-encode</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can deface the target web application by injecting malicious code or uploading dangerous filesfalseTAn attacker steals messages off the network and replays them in order to steal a user's session(source is 'SE.EI.TMCore.Browser' and target is 'SE.P.TMCore.WebApp')TH33UserThreatDescriptionfalseAn attacker steals messages off the network and replays them in order to steal a user's session22222222-2222-2222-2222-2222222222220PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An attacker steals messages off the network and replays them in order to steal a user's sessionfalseTAn adversary may leverage known vulnerabilities and exploit a device if the firmware of the device is not updatedsource is 'SE.EI.TMCore.IoTdevice' or source is 'SE.GP.TMCore.IoTFieldGateway'TH39UserThreatDescriptionfalseAn adversary may leverage known vulnerabilities and exploit a device if the firmware of the device is not updated22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that the Cloud Gateway implements a process to keep the connected devices firmware up to date. Refer: <a href="https://aka.ms/tmtconfigmgmt#cloud-firmware">https://aka.ms/tmtconfigmgmt#cloud-firmware</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may exploit known vulnerabilities in unpatched devicesfalseTAn adversary may partially or wholly replace the software running on {target.Name}, potentially allowing the replaced software to leverage the genuine identity of the device if the key material or the cryptographic facilities holding key materials were available to the illicit program. For example an attacker may leverage extracted key material to intercept and suppress data from the device on the communication path and replace it with false data that is authenticated with the stolen key material.source is 'SE.EI.TMCore.IoTdevice' or source is 'SE.GP.TMCore.IoTFieldGateway'TH43UserThreatDescriptionfalseAn adversary may partially or wholly replace the software running on {target.Name}, potentially allowing the replaced software to leverage the genuine identity of the device if the key material or the cryptographic facilities holding key materials were available to the illicit program. For example an attacker may leverage extracted key material to intercept and suppress data from the device on the communication path and replace it with false data that is authenticated with the stolen key material.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseStore Cryptographic Keys securely on IoT Device. Refer: <a href="https://aka.ms/tmtcrypto#keys-iot">https://aka.ms/tmtcrypto#keys-iot</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may tamper {source.Name} and extract cryptographic key material from itfalseTAn adversary may perform a Man-In-The-Middle attack on the encrypted traffic sent to {target.Name}(source is 'SE.GP.TMCore.IoTFieldGateway' or source is 'SE.GP.TMCore.IoTCloudGateway') and (target is 'SE.EI.TMCore.IoTdevice' or target is 'SE.GP.TMCore.IoTFieldGateway')TH45UserThreatDescriptionfalseAn adversary may perform a Man-In-The-Middle attack on the encrypted traffic sent to {target.Name}22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseVerify X.509 certificates used to authenticate SSL, TLS, and DTLS connections. Refer: <a href="https://aka.ms/tmtcommsec#x509-ssltls">https://aka.ms/tmtcommsec#x509-ssltls</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may attempt to intercept encrypted traffic sent to {target.Name}falseTAn adversary may launch malicious code into {target.Name} and execute ittarget is 'SE.EI.TMCore.IoTdevice' or target is 'SE.GP.TMCore.IoTFieldGateway'TH46UserThreatDescriptionfalseAn adversary may launch malicious code into {target.Name} and execute it22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that unknown code cannot execute on devices. Refer: <a href="https://aka.ms/tmtconfigmgmt#unknown-exe">https://aka.ms/tmtconfigmgmt#unknown-exe</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may execute unknown code on {target.Name}falseTAn adversary may launch offline attacks made by disabling or circumventing the installed operating system, or made by physically separating the storage media from the device in order to attack the data separately.source is 'SE.EI.TMCore.IoTdevice'TH47UserThreatDescriptionfalseAn adversary may launch offline attacks made by disabling or circumventing the installed operating system, or made by physically separating the storage media from the device in order to attack the data separately.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEncrypt OS and additional partitions of IoT Device with Bitlocker. Refer: <a href="https://aka.ms/tmtconfigmgmt#partition-iot">https://aka.ms/tmtconfigmgmt#partition-iot</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may tamper the OS of a device and launch offline attacksfalseTAn adversary may eavesdrop and interfere with the communication between a client and Event Hub and possibly tamper the data that is transmittedtarget is 'SE.P.TMCore.AzureEventHub'TH61UserThreatDescriptionfalseAn adversary may eavesdrop and interfere with the communication between a client and Event Hub and possibly tamper the data that is transmitted22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseSecure communication to Event Hub using SSL/TLS. Refer: <a href="https://aka.ms/tmtcommsec#comm-ssltls">https://aka.ms/tmtcommsec#comm-ssltls</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may eavesdrop the communication between the a client and Event HubfalseTAn adversary can tamper the data uploaded to {target.Name} storage when HTTPS cannot be enabled.target is 'SE.DS.TMCore.AzureStorage' and target.b3ece90f-c578-4a48-b4d4-89d97614e0d2 is 'Blob' and target.229f2e53-bc3f-476c-8ac9-57da37efd00f is 'True'target is 'SE.DS.TMCore.AzureStorage' and target.b3ece90f-c578-4a48-b4d4-89d97614e0d2 is 'Blob'TH66UserThreatDescriptionfalseAn adversary can tamper the data uploaded to {target.Name} storage when HTTPS cannot be enabled.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseValidate the hash (which should be generated using a cryptographically strong hashing algorithm) after downloading the blob if HTTPS cannot be enabled.22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can tamper the data uploaded to {target.Name} when HTTPS cannot be enabledfalseTThe source of a package is the individual or organization that created the package. Running a package from an unknown or untrusted source might be risky.target is 'SE.DS.TMCore.SQL' and target.649208cc-3b55-40ff-94b9-015c0fb0c9e8 is 'Yes'TH88UserThreatDescriptionfalseThe source of a package is the individual or organization that created the package. Running a package from an unknown or untrusted source might be risky.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseSSIS packages should be encrypted and digitally signed . Refer: <a href="https://aka.ms/tmtcrypto#ssis-signed">https://aka.ms/tmtcrypto#ssis-signed</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary can tamper SSIS packages and cause undesirable consequencesfalseTAn adversary may leverage the lack of intrusion detection and prevention of anomalous database activities and trigger anomalous traffic to databasetarget is 'SE.DS.TMCore.SQL'TH89UserThreatDescriptionfalseAn adversary may leverage the lack of intrusion detection and prevention of anomalous database activities and trigger anomalous traffic to database22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable Threat detection on Azure SQL database. Refer: <a href="https://aka.ms/tmtauditlog#threat-detection">https://aka.ms/tmtauditlog#threat-detection</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may leverage the lack of monitoring systems and trigger anomalous traffic to databasefalseTAn adversary may gain unauthorized access to {source.Name}, tamper its OS and get access to confidential information in the field gatewaysource is 'SE.GP.TMCore.IoTFieldGateway'TH92UserThreatDescriptionfalseAn adversary may gain unauthorized access to {source.Name}, tamper its OS and get access to confidential information in the field gateway22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEncrypt OS and additional partitions of IoT Field Gateway with Bitlocker. Refer: <a href="https://aka.ms/tmtconfigmgmt#field-bitlocker">https://aka.ms/tmtconfigmgmt#field-bitlocker</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to IoT Field Gateway and tamper its OSfalseTAn adversary can use various tools, reverse engineer binaries and abuse them by tamperingsource is 'SE.EI.TMCore.Mobile'TH95UserThreatDescriptionfalseAn adversary can use various tools, reverse engineer binaries and abuse them by tampering22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseObfuscate generated binaries before distributing to end users. Refer: <a href="https://aka.ms/tmtdata#binaries-end">https://aka.ms/tmtdata#binaries-end</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary can reverse engineer and tamper binariesfalseTSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. target is 'SE.P.TMCore.WebApp'TH96UserThreatDescriptionfalseSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that type-safe parameters are used in Web Application for data access. Refer: <a href="https://aka.ms/tmtinputval#typesafe">https://aka.ms/tmtinputval#typesafe</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive data by performing SQL injection through Web AppfalseTSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. target is 'SE.P.TMCore.WebAPI'TH97UserThreatDescriptionfalseSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that type-safe parameters are used in Web API for data access. Refer: <a href="https://aka.ms/tmtinputval#typesafe-api">https://aka.ms/tmtinputval#typesafe-api</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive data by performing SQL injection through Web APIfalseTAn adversary can gain access to the config files. and if sensitive data is stored in it, it would be compromised.target is 'SE.P.TMCore.WebApp'TH98UserThreatDescriptionfalseAn adversary can gain access to the config files. and if sensitive data is stored in it, it would be compromised.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEncrypt sections of Web App's configuration files that contain sensitive data. Refer: <a href="https://aka.ms/tmtdata#encrypt-data">https://aka.ms/tmtdata#encrypt-data</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to sensitive data stored in Web App's config filesfalseEAn adversary can gain unauthorized access to Azure SQL DB instances due to weak network security configuration.target is 'SE.DS.TMCore.AzureSQLDB' and not target.e68e212d-896e-403e-8a2d-8c6d2b2505df is 'Allow access from selected networks'TH143UserThreatDescriptionfalseAn adversary can gain unauthorized access to Azure SQL DB instances due to weak network security configuration.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRestrict access to Azure SQL Database instances by configuring server-level and database-level firewall rules to permit connections from selected networks (e.g. a virtual network or a custom set of IP addresses) where possible. Refer:<a href="https://aka.ms/tmt-th143">https://aka.ms/tmt-th143</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to Azure SQL DB instances due to weak network security configuration.falseIAn adversary can read confidential data due to weak connection string configuration.target is 'SE.DS.TMCore.AzureSQLDB'TH144UserThreatDescriptionfalseAn adversary can read confidential data due to weak connection string configuration.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseClients connecting to an Azure SQL Database instance using a connection string should ensure encrypt=true and trustservercertificate=false are set. This configuration ensures that connections are encrypted only if there is a verifiable server certificate (otherwise the connection attempt fails). This helps protect against Man-In-The-Middle attacks. Refer: <a href="https://aka.ms/tmt-th144">https://aka.ms/tmt-th144</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can read confidential data due to weak connection string configurationfalseIAn adversary having access to the storage container (e.g. physical access to the storage media) may be able to read sensitive data.target is 'SE.DS.TMCore.AzureSQLDB' and not target.3a2a095f-94bc-467f-987c-8dac8307cdc6 is 'True'TH145UserThreatDescriptionfalseAn adversary having access to the storage container (e.g. physical access to the storage media) may be able to read sensitive data.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable Transparent Data Encryption (TDE) on Azure SQL Database instances to have data encrypted at rest. Refer:<a href="https://aka.ms/tmt-th145a">https://aka.ms/tmt-th145a</a>. Use the Always Encrypted feature to allow client applications to encrypt sensitive data before it is sent to the Azure SQL Database. Refer: <a href="https://aka.ms/tmt-th145b">https://aka.ms/tmt-th145b</a> 22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary having access to the storage container (e.g. physical access to the storage media) may be able to read sensitive datafalseEA compromised identity may permit more privileges than intended to an adversary due to weak permission and role assignments.target is 'SE.DS.TMCore.AzureSQLDB'TH146UserThreatDescriptionfalseA compromised identity may permit more privileges than intended to an adversary due to weak permission and role assignments.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseIt is recommended to review permission and role assignments to ensure the users are granted the least privileges necessary. Refer: <a href="https://aka.ms/tmt-th146">https://aka.ms/tmt-th146</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221A compromised identity may permit more privileges than intended to an adversary due to weak permission and role assignmentsfalseRAn adversary can deny actions performed on {target.Name} due to a lack of auditing.target is 'SE.DS.TMCore.AzureSQLDB' and target.6a3509e5-a3fd-41db-8dea-6fb44b031e4b is 'True'target is 'SE.DS.TMCore.AzureSQLDB'TH147UserThreatDescriptionfalseAn adversary can deny actions performed on {target.Name} due to a lack of auditing.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable auditing on Azure SQL Database instances to track and log database events. After configuring and customizing the audited events, enable threat detection to receive alerts on anomalous database activities indicating potential security threats. Refer: <a href="https://aka.ms/tmt-th147">https://aka.ms/tmt-th147</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary can deny actions performed on {target.Name} due to a lack of auditingfalseEAn adversary can gain long term, persistent access to an Azure SQL DB instance through the compromise of local user account password(s).target is 'SE.DS.TMCore.AzureSQLDB'TH148UserThreatDescriptionfalseAn adversary can gain long term, persistent access to an Azure SQL DB instance through the compromise of local user account password(s).22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseIt is recommended to rotate user account passwords (e.g. those used in connection strings) regularly, in accordance with your organization's policies. Store secrets in a secret storage solution (e.g. Azure Key Vault).22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain long term, persistent access to an Azure SQL DB instance through the compromise of local user account password(s)falseEAn adversary may abuse weak {target.Name} configuration.target is 'SE.DS.TMCore.AzureSQLDB' and target.212cf67e-047a-4617-860f-92282e04b8d8 is 'True'target is 'SE.DS.TMCore.AzureSQLDB'TH149UserThreatDescriptionfalseAn adversary may abuse weak {target.Name} configuration.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable SQL Vulnerability Assessment to gain visibility into the security posture of your Azure SQL Database instances. Acting on the assessment results help reduce attack surface and enhance your database security. Refer: <a href="https://aka.ms/tmt-th149">https://aka.ms/tmt-th149</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may abuse weak {target.Name} configurationfalseEAn adversary can gain unauthorized access to {target.Name} instances due to weak network security configuration.target is 'SE.DS.TMCore.AzureMySQLDB' and not target.9afccb81-bc8b-4527-ad05-f90ec3e396cb is 'Allow access from selected networks'TH150UserThreatDescriptionfalseAn adversary can gain unauthorized access to Azure MySQL DB instances due to weak network security configuration.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRestrict access to Azure MySQL DB instances by configuring server-level firewall rules to only permit connections from selected IP addresses where possible. Refer: <a href="https://aka.ms/tmt-th150">https://aka.ms/tmt-th150</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to Azure MySQL DB instances due to weak network security configurationfalseTAn adversary may read and/or tamper with the data transmitted to {target.Name} due to weak configuration.target is 'SE.DS.TMCore.AzureMySQLDB' and not target.4d3b2548-8c31-460e-88e5-4c26135003ac is 'True'TH151UserThreatDescriptionfalseAn adversary may read and/or tamper with the data transmitted to Azure MySQL DB due to weak configuration.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnforce communication between clients and Azure MySQL DB to be over SSL/TLS by enabling the Enforce SSL connection feature on the server. Check that the connection strings used to connect to MySQL databases have the right configuration (e.g. ssl = true or sslmode=require or sslmode=true are set). Refer: <a href="https://aka.ms/tmt-th151a">https://aka.ms/tmt-th151a</a> Configure MySQL server to use a verifiable SSL certificate (needed for SSL/TLS communication). Refer: <a href="https://aka.ms/tmt-th151b">https://aka.ms/tmt-th151b</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may read and/or tamper with the data transmitted to Azure MySQL DB due to weak configurationfalseEAn adversary can gain long term, persistent access to {target.Name} instance through the compromise of local user account password(s).target is 'SE.DS.TMCore.AzureMySQLDB'TH152UserThreatDescriptionfalseAn adversary can gain long term, persistent access to an Azure MySQL DB instance through the compromise of local user account password(s).22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseIt is recommended to rotate user account passwords (e.g. those used in connection strings) regularly, in accordance with your organization's policies. Store secrets in a secret storage solution (e.g. Azure Key Vault).22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain long term, persistent access to an Azure MySQL DB instance through the compromise of local user account password(s)falseEAn adversary can gain unauthorized access to {target.Name} instances due to weak network security configuration.target is 'SE.DS.TMCore.AzurePostgresDB' and not target.ba682010-cfcf-4916-9f88-524f8d9ce8a8 is 'Allow access from selected networks'TH153UserThreatDescriptionfalseAn adversary can gain unauthorized access to Azure Postgres DB instances due to weak network security configuration.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRestrict access to Azure Postgres DB instances by configuring server-level firewall rules to only permit connections from selected IP addresses where possible. Refer: <a href="https://aka.ms/tmt-th153">https://aka.ms/tmt-th153</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to Azure Postgres DB instances due to weak network security configurationfalseTAn adversary may read and/or tamper with the data transmitted to {target.Name} due to weak configuration.target is 'SE.DS.TMCore.AzurePostgresDB' and not target.65a8827c-6efd-4243-aa81-0625c4aea98e is 'True'TH154UserThreatDescriptionfalseAn adversary may read and/or tamper with the data transmitted to Azure Postgres DB due to weak configuration.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnforce communication between clients and Azure Postgres DB to be over SSL/TLS by enabling the Enforce SSL connection feature on the server. Check that the connection strings used to connect to MySQL databases have the right configuration (e.g. ssl = true or sslmode=require or sslmode=true are set). Refer: <a href="https://aka.ms/tmt-th154a">https://aka.ms/tmt-th154a</a> Configure MySQL server to use a verifiable SSL certificate (needed for SSL/TLS communication). Refer: <a href="https://aka.ms/tmt-th154b">https://aka.ms/tmt-th154b</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may read and/or tamper with the data transmitted to Azure Postgres DB due to weak configurationfalseEAn adversary can gain long term, persistent access to {target.Name} instance through the compromise of local user account password(s).target is 'SE.DS.TMCore.AzurePostgresDB'TH155UserThreatDescriptionfalseAn adversary can gain long term, persistent access to an Azure Postgres DB instance through the compromise of local user account password(s).22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseIt is recommended to rotate user account passwords (e.g. those used in connection strings) regularly, in accordance with your organization's policies. Store secrets in a secret storage solution (e.g. Azure Key Vault).22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain long term, persistent access to an Azure Postgres DB instance through the compromise of local user account password(s)falseEAn adversary can gain unauthorized access to {target.Name} due to weak account policytarget is 'SE.DS.TMCore.AzureSQLDWDB'TH156UserThreatDescriptionfalseAn adversary can gain unauthorized access to {target.Name} due to weak account policy22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseWhen possible use Azure Active Directory Authentication for Connecting to SQL DW Database. Refer: <a href="https://aka.ms/tmt-th156a">https://aka.ms/tmt-th156a</a>. Ensure that least-privileged accounts are used to connect to SQL DW Database. Refer: <a href="https://aka.ms/tmt-th156b">https://aka.ms/tmt-th156b</a> and <a href="https://aka.ms/tmt-th156c">https://aka.ms/tmt-th156c</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to {target.Name} due to weak account policyfalseEAn adversary can gain unauthorized access to {target.Name} instances due to weak network security configurationtarget is 'SE.DS.TMCore.AzureSQLDWDB' and not target.b8c8850c-979b-4db0-b536-9aa364b7e6a2 is 'Allow access from selected networks (excluding Azure)'TH157UserThreatDescriptionfalseAn adversary can gain unauthorized access to Azure SQL DW DB instances due to weak network security configuration22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRestrict access to Azure SQL DW DB instances by configuring server-level firewall rules to permit connections from selected networks (e.g. a virtual network or a custom set of IP addresses) where possible. Refer: <a href="https://aka.ms/tmt-th157">https://aka.ms/tmt-th157</a>.22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to Azure SQL DW DB instances due to weak network security configurationfalseTAn adversary can read confidential data or tamper with it due to weak connection string configuration at {target.Name} target is 'SE.DS.TMCore.AzureSQLDWDB'TH158UserThreatDescriptionfalseAn adversary can read confidential data or tamper with it due to weak connection string configuration22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseClients connecting to a Azure SQL DW DB instance using a connection string should ensure that encryption is enabled and trusting the server certificate by default is disabled (e.g. encrypt=true and trustservercertificate=false are set). This configuration ensures that connections are encrypted only if there is a verifiable server certificate (otherwise the connection attempt fails). This helps protect against Man-In-The-Middle attacks. Refer: <a href="https://aka.ms/tmt-th158">https://aka.ms/tmt-th158</a>.22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can read confidential data or tamper with it due to weak connection string configurationfalseIAn adversary having access to the storage container (e.g. physical access to the storage media) may read sensitive datatarget is 'SE.DS.TMCore.AzureSQLDWDB' and not target.d2ce181d-abae-448d-8ef4-9acdbeb839fe is 'True'TH159UserThreatDescriptionfalseAn adversary having access to the storage container (e.g. physical access to the storage media) may read sensitive data22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable Transparent Data Encryption (TDE) on Azure SQL Data Warehouse Database instances to have data encrypted at rest. Refer: <a href="https://aka.ms/tmt-th159">https://aka.ms/tmt-th159</a>.22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary having access to the storage container (e.g. physical access to the storage media) may read sensitive datafalseEAn identity that is compromised may permit more privileges than intended to an adversary due to weak permission and role assignmentstarget is 'SE.DS.TMCore.AzureSQLDWDB'TH160UserThreatDescriptionfalseAn identity that is compromised may permit more privileges than intended to an adversary due to weak permission and role assignments22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseReview permission and role assignments to ensure users are granted the least privileges necessary. Refer: <a href="https://aka.ms/tmt-th160">https://aka.ms/tmt-th160</a>.22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An identity that is compromised may permit more privileges than intended to an adversary due to weak permission and role assignmentsfalseRAn adversary can deny actions performed on {target.Name} due to lack of auditingtarget is 'SE.DS.TMCore.AzureSQLDWDB' and not target.cd2a18a2-cebd-4b0f-ae4c-964b190e84f2 is 'True'TH161UserThreatDescriptionfalseAn adversary can deny actions performed on {target.Name} due to lack of auditing22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable auditing on Azure SQL DW DB instances to track and log database events. After configuring and customizing the audited events, enable threat detection to receive alerts on anomalous activities indicating potential security threats. Refer: <a href="https://aka.ms/tmt-th161">https://aka.ms/tmt-th161</a>.22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can deny actions performed on {target.Name} due to lack of auditingfalseEAn adversary can gain long term, persistent access to {target.Name} through a compromise of its connection string(s)target is 'SE.DS.TMCore.AzureSQLDWDB'TH162UserThreatDescriptionfalseAn adversary can gain long term, persistent access to {target.Name} through a compromise of its connection string(s)22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseIt is recommended to rotate user account passwords (e.g. those used in connection strings) regularly, in accordance with your organization's policies. Store secrets in a secret storage solution (e.g. Azure Key Vault).22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain long term, persistent access to {target.Name} through a compromise of its connection string(s)falseEAn adversary can gain unauthorized access to {target.Name} instances due to weak network security configurationtarget is 'SE.P.TMCore.AzureRedis' and not target.1bda806d-f9b6-4d4e-ab89-bf649f2c2ca5 is 'Allow access from selected networks'TH163UserThreatDescriptionfalseAn adversary can gain unauthorized access to {target.Name} instances due to weak network security configuration22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRestrict access to Azure Redis Cache instances by configuring firewall rules to only permit connections from selected IP addresses or VNETs where possible. Refer: <a href="https://aka.ms/tmt-th163">https://aka.ms/tmt-th163</a>.22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to {target.Name} instances due to weak network security configurationfalseEAn adversary can gain long term, persistent access to {target.Name} instance through a compromise of its access key(s)target is 'SE.P.TMCore.AzureRedis'TH164UserThreatDescriptionfalseAn adversary can gain long term, persistent access to {target.Name} instance through a compromise of its access key(s)22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseIt is recommended to rotate user account passwords (e.g. those used in connection strings) regularly, in accordance with your organization's policies. Store secrets in a secret storage solution (e.g. Azure Key Vault).22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain long term, persistent access to {target.Name} instance through a compromise of its access key(s)falseDAn adversary may block access to the application or API hosted on {target.Name} through a denial of service attacktarget is 'SE.P.TMCore.AzureAppServiceWebApp' or target is 'SE.P.TMCore.AzureAppServiceApiApp' or target is 'SE.P.TMCore.AzureAppServiceMobileApp'TH165UserThreatDescriptionfalseAn adversary may block access to the application or API hosted on {target.Name} through a denial of service attack22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseNetwork level denial of service mitigations are automatically enabled as part of the Azure platform (Basic Azure DDoS Protection). Refer: <a href="https://aka.ms/tmt-th165a">https://aka.ms/tmt-th165a</a>. Implement application level throttling (e.g. per-user, per-session, per-API) to maintain service availability and protect against DoS attacks. Leverage Azure API Management for managing and protecting APIs. Refer: <a href="https://aka.ms/tmt-th165b">https://aka.ms/tmt-th165b</a>. General throttling guidance, refer: <a href="https://aka.ms/tmt-th165c">https://aka.ms/tmt-th165c</a> 22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may block access to the application or API hosted on {target.Name} through a denial of service attackfalseEAn adversary may gain long term persistent access to related resources through the compromise of an application identitytarget is 'SE.P.TMCore.AzureAppServiceWebApp' or target is 'SE.P.TMCore.AzureAppServiceApiApp' or target is 'SE.P.TMCore.AzureAppServiceMobileApp'TH166UserThreatDescriptionfalseAn adversary may gain long term persistent access to related resources through the compromise of an application identity22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseStore secrets in secret storage solutions where possible, and rotate secrets on a regular cadence. Use Managed Service Identity to create a managed app identity on Azure Active Directory and use it to access AAD-protected resources. Refer: <a href="https://aka.ms/tmt-th166">https://aka.ms/tmt-th166</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain long term persistent access to related resources through the compromise of an application identityfalseEAn adversary may gain unauthorized access to {target.Name} due to weak network configuration(target is 'SE.P.TMCore.AzureAppServiceWebApp' and not target.327ab565-9b38-4f6a-8171-6ab7deb2246b is 'Allow access from selected networks') or (target is 'SE.P.TMCore.AzureAppServiceApiApp' and not target.cb0fca77-c600-4622-b9a5-118107fcd9dd is 'Allow access from selected networks') or (target is 'SE.P.TMCore.AzureAppServiceMobileApp' and not target.9b54ed83-3970-475b-97a0-be7641051497 is 'Allow access from selected networks')TH167UserThreatDescriptionfalseAn adversary may gain unauthorized access to {target.Name} due to weak network configuration22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRestrict access to Azure App Service to selected networks (e.g. IP whitelisting, VNET integrations). Refer: <a href="https://aka.ms/tmt-th167">https://aka.ms/tmt-th167</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to {target.Name} due to weak network configurationfalseIAn adversary can achieve remote code execution on a server hosting an application or API by exploiting JSON deserialization logic(source is 'GE.EI' or source is 'SE.EI.TMCore.Browser') and ((target is 'SE.P.TMCore.AzureAppServiceWebApp' and target.d69db950-2372-4bd3-8328-f751f0b04c03 is 'True') or (target is 'SE.P.TMCore.AzureAppServiceApiApp' and target.0945adcf-1cfd-432f-8032-05391ab62336 is 'True') or (target is 'SE.P.TMCore.AzureAppServiceMobileApp' and target.015d94e3-d54e-4c09-9ce2-2731a0dc86f0 is 'True'))TH168UserThreatDescriptionfalseAn adversary can achieve remote code execution on a server hosting an application or API by exploiting JSON deserialization logic22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure serialized objects from untrusted sources are not being deserialized, or handle objects that have been serialized using a serializer that only permits primitive data types. Refer: <a href="https://aka.ms/tmt-th168">https://aka.ms/tmt-th168</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can achieve remote code execution on a server hosting an application or API by exploiting JSON deserialization logicfalseIAn adversary can achieve remote code execution on a server hosting an application or API by exploiting XML parsing logic or through XSLT scripting(source is 'GE.EI' or source is 'SE.EI.TMCore.Browser') and ((target is 'SE.P.TMCore.AzureAppServiceWebApp' and target.049c845a-28c2-46f8-bda2-971ff7df9bd4 is 'True') or (target is 'SE.P.TMCore.AzureAppServiceApiApp' and target.0eb10857-97b7-4c8c-8fdd-c289b7921a7e is 'True') or (target is 'SE.P.TMCore.AzureAppServiceMobileApp' and target.6c7ab607-e310-4d74-aa5b-397d87f02ee9 is 'True'))TH169UserThreatDescriptionfalseAn adversary can achieve remote code execution on a server hosting an application or API by exploiting XML parsing logic or through XSLT scripting22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseDisable XSLT scripting for all transforms using untrusted style sheets. Refer: <a href="https://aka.ms/tmt-th169a">https://aka.ms/tmt-th169a</a>. Disable DTD processing and external entity resolution on XML parsers to protect against XXE attacks. Refer: <a href="https://aka.ms/tmt-th169b">https://aka.ms/tmt-th169b</a>, <a href="https://aka.ms/tmt-th169c">https://aka.ms/tmt-th169c</a>, <a href="https://aka.ms/tmt-th169d">https://aka.ms/tmt-th169d</a> and <a href="https://aka.ms/tmt-th169e">https://aka.ms/tmt-th169e</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can achieve remote code execution on a server hosting an application or API by exploiting XML parsing logic or through XSLT scriptingfalseIAttacker can steal user session cookies due to insecure cookie attributessource is 'SE.EI.TMCore.Browser' and (target is 'SE.P.TMCore.AzureAppServiceWebApp' or target is 'SE.P.TMCore.AzureAppServiceApiApp' or target is 'SE.P.TMCore.AzureAppServiceMobileApp')TH170UserThreatDescriptionfalseAttacker can steal user session cookies due to insecure cookie attributes22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseApplications available over HTTPS must use secure cookies. Refer: <a href="https://aka.ms/tmt-th170a">https://aka.ms/tmt-th170a</a>. All HTTP based applications should specify http only for cookie definition. Refer: <a href="https://aka.ms/tmt-th170b">https://aka.ms/tmt-th170b</a> and <a href="https://aka.ms/tmt-th170c">https://aka.ms/tmt-th170c</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221Attacker can steal user session cookies due to insecure cookie attributesfalseEAn adversary may get access to a user's session due to improper logout from ADFSsource is 'SE.P.TMCore.ADFS' and (target is 'SE.P.TMCore.AzureAppServiceWebApp' or target is 'SE.P.TMCore.AzureAppServiceApiApp' or target is 'SE.P.TMCore.AzureAppServiceMobileApp')TH171UserThreatDescriptionfalseAn adversary may get access to a user's session due to improper logout from ADFS22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseImplement proper logout using WsFederation methods when using ADFS. Refer: <a href="https://aka.ms/tmt-th171">https://aka.ms/tmt-th171</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may get access to a user's session due to improper logout from ADFSfalseEAn adversary may get access to a user's session due to improper logout from Azure ADsource is 'SE.P.TMCore.AzureAD' and (target is 'SE.P.TMCore.AzureAppServiceWebApp' or target is 'SE.P.TMCore.AzureAppServiceApiApp' or target is 'SE.P.TMCore.AzureAppServiceMobileApp')TH172UserThreatDescriptionfalseAn adversary may get access to a user's session due to improper logout from Azure AD22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseImplement proper logout using ADAL methods when using Azure AD. Refer: <a href="https://aka.ms/tmt-th172">https://aka.ms/tmt-th172</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may get access to a user's session due to improper logout from Azure ADfalseRAn adversary can deny performing actions against {target.Name} due to lack of auditing, leading to repudiation issues(source is 'GE.EI' or source is 'SE.EI.TMCore.Browser') and (target is 'SE.P.TMCore.AzureAppServiceWebApp' or target is 'SE.P.TMCore.AzureAppServiceApiApp' or target is 'SE.P.TMCore.AzureAppServiceMobileApp')TH173UserThreatDescriptionfalseAn adversary can deny performing actions against {target.Name} due to lack of auditing, leading to repudiation issues22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseImplement application level auditing and logging, especially for sensitive operations, like accessing secrets from secrets storage solutions. Other examples include user management events like successful and failed user logins, password resets, password changes, account lockouts and user registrations.22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can deny performing actions against {target.Name} due to lack of auditing, leading to repudiation issuesfalseIAn adversary can fingerprint an Azure web application or API by leveraging server header information(source is 'GE.EI' or source is 'SE.EI.TMCore.Browser') and (target is 'SE.P.TMCore.AzureAppServiceWebApp' or target is 'SE.P.TMCore.AzureAppServiceApiApp' or target is 'SE.P.TMCore.AzureAppServiceMobileApp')TH174UserThreatDescriptionfalseAn adversary can fingerprint an Azure web application or API by leveraging server header information22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRemove standard server headers to avoid fingerprinting. Refer: <a href="https://aka.ms/tmt-th174a">https://aka.ms/tmt-th174a</a> and <a href="https://aka.ms/tmt-th174b">https://aka.ms/tmt-th174b</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can fingerprint an Azure web application or API by leveraging server header informationfalseTAn adversary can read sensitive data by sniffing or intercepting traffic to {target.Name}source is 'SE.EI.TMCore.Browser' and (target is 'SE.P.TMCore.AzureAppServiceWebApp' or target is 'SE.P.TMCore.AzureAppServiceApiApp' or target is 'SE.P.TMCore.AzureAppServiceMobileApp')TH175UserThreatDescriptionfalseAn adversary can read sensitive data by sniffing or intercepting traffic to {target.Name}22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseConfigure SSL certificate for custom domain in Azure App Service. Force all HTTP traffic to the app service to be over HTTPS by enabling the HTTPS only option on the instance. Refer: <a href="https://aka.ms/tmt-th175a">https://aka.ms/tmt-th175a</a> and <a href="https://aka.ms/tmt-th175b">https://aka.ms/tmt-th175b</a>. Enable HTTP Strict Transport Security (HSTS). Refer: <a href="https://aka.ms/tmt-th175c">https://aka.ms/tmt-th175c</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can read sensitive data by sniffing or intercepting traffic to {target.Name}falseEAn adversary may perform action(s) on behalf of another user due to lack of controls against cross domain requests(target is 'SE.P.TMCore.AzureAppServiceWebApp' and target.f6b0309d-2020-4c3f-838f-5ab8ea0d2194 is 'False') or (target is 'SE.P.TMCore.AzureAppServiceApiApp' and target.3f4a2250-9087-44c1-9fb7-61e9eb1e4df7 is 'False') or (target is 'SE.P.TMCore.AzureAppServiceMobileApp' and target.6ddbac5e-2e11-4b88-b917-587749ea4721 is 'False')target is 'SE.P.TMCore.AzureAppServiceWebApp' or target is 'SE.P.TMCore.AzureAppServiceApiApp' or target is 'SE.P.TMCore.AzureAppServiceMobileApp'TH176UserThreatDescriptionfalseAn adversary may perform action(s) on behalf of another user due to lack of controls against cross domain requests22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that only trusted origins are allowed if CORS is being used. Refer: <a href="https://aka.ms/tmt-th176">https://aka.ms/tmt-th176</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may perform action(s) on behalf of another user due to lack of controls against cross domain requestsfalseSAn adversary may be able to perform action(s) on behalf of another user due to lack of controls against cross domain requestssource is 'SE.EI.TMCore.Browser' and (target is 'SE.P.TMCore.AzureAppServiceWebApp' or target is 'SE.P.TMCore.AzureAppServiceApiApp' or target is 'SE.P.TMCore.AzureAppServiceMobileApp')TH177UserThreatDescriptionfalseAn adversary may be able to perform action(s) on behalf of another user due to lack of controls against cross domain requests22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure that authenticated pages incorporate UI Redressing or clickjacking defences. Refer: <a href="https://aka.ms/tmt-th177a">https://aka.ms/tmt-th177a</a>. Mitigate against Cross-Site Request Forgery (CSRF) attacks. Refer: <a href="https://aka.ms/tmt-th177b">https://aka.ms/tmt-th177b</a> and <a href="https://aka.ms/tmt-th177c">https://aka.ms/tmt-th177c</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may be able to perform action(s) on behalf of another user due to lack of controls against cross domain requestsfalseSAn adversary may spoof the service or service endpoints by leveraging stale CNAME DNS records and executing a subdomain hijack attacktarget is 'SE.P.TMCore.AzureTrafficManager'TH178UserThreatDescriptionfalseAn adversary may spoof the service or service endpoints by leveraging stale CNAME DNS records and executing a subdomain hijack attack22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseAddress stale CNAME DNS records mapping custom domain names to the domain name of the Azure Traffic Manager instance. In some cases, deleting the stale CNAME records may be sufficient, while in other cases, the domain name of the Azure Traffic Manager instance should be kept to prevent subdomain hijack attacks. Refer: <a href="https://aka.ms/tmt-th178 ">https://aka.ms/tmt-th178 </a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may spoof the service or service endpoints by leveraging stale CNAME DNS records and executing a subdomain hijack attackfalseEAn adversary can gain unauthorized access to Azure Key Vault instances due to weak network security configuration.target is 'SE.DS.TMCore.AzureKeyVault' and not target.cd610fb8-4fbd-49c0-966f-8b4634b39262 is 'Allow access from selected networks'TH179UserThreatDescriptionfalseAn adversary can gain unauthorized access to Azure Key Vault instances due to weak network security configuration.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRestrict access to Azure Key Vault instances by configuring firewall rules to permit connections from selected networks (e.g. a virtual network or a custom set of IP addresses).For Key Vault client applications behind a firewall trying to access a Key Vault instance, see best practices mentioned here: <a href="https://aka.ms/tmt-th179 ">https://aka.ms/tmt-th179 </a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain unauthorized access to Azure Key Vault instances due to weak network security configuration.falseRAn adversary can deny actions performed on {target.Name} due to a lack of auditing. target is 'SE.DS.TMCore.AzureKeyVault' and not target.78bf9482-5267-41c6-84fd-bac2fb6ca0b9 is 'True'TH180UserThreatDescriptionfalseAn adversary can deny actions performed on {target.Name} due to a lack of auditing. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable audit logging on Azure Key Vault instances to monitor how and when the instances are access, and by whom. Use standard Azure access controls to restrict access to the logs. Refer : <a href="https://aka.ms/tmt-th180 ">https://aka.ms/tmt-th180 </a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can deny actions performed on {target.Name} due to a lack of auditing. falseEAn adversary may gain unauthorized access to manage {target.Name} due to weak authorization rules. target is 'SE.DS.TMCore.AzureKeyVault'TH181UserThreatDescriptionfalseAn adversary may gain unauthorized access to manage {target.Name} due to weak authorization rules.22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseAccess to the Azure Key Vault management plane should be restricted by choosing appropriate Role-Based Access Control (RBAC) roles and privileges in accordance with the principle of least privilege. Over permissive or weak authorization rules may potentially permit data plane access (e.g. a user with Contribute (RBAC) permissions to Key Vault management plane may grant themselves access to the data plane by setting the Azure Key Vault access policy). Refer : <a href="https://aka.ms/tmt-th181 ">https://aka.ms/tmt-th181 </a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to manage {target.Name} due to weak authorization rules.falseEAn adversary may gain unauthorized access to {target.Name} secrets due to weak authorization rules target is 'SE.DS.TMCore.AzureKeyVault'TH182UserThreatDescriptionfalseAn adversary may gain unauthorized access to {target.Name} secrets due to weak authorization rules22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseLimit Azure Key Vault data plane access by configuring strict access policies. Grant users, groups and applications the ability to perform only the necessary operations against keys or secrets in a Key Vault instance. Follow the principle of least privilege and grant privileges only as needed. Refer : <a href="https://aka.ms/tmt-th181 ">https://aka.ms/tmt-th181 </a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to {target.Name} secrets due to weak authorization rulesfalseEAn adversary can abuse poorly managed service principal Certificate. An adversary may gain unauthorized access to {target.Name} due to compromise of User or Service Principal . target is 'SE.DS.TMCore.AzureKeyVault' and target.ae94fa17-596d-476e-a283-0afc166dcf26 is 'Service or User Principal and Certificate'TH183UserThreatDescriptionfalseAn adversary can abuse poorly managed service principal Certificate. An adversary may gain unauthorized access to {target.Name} due to compromise of User or Service Principal .22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure secure management and storage of Azure Key Vault Service/User Principal certificate. It is recommended to rotate service principal certificate regularly, in accordance with organizational policies. If supported , use managed identities for Azure resources and details can be found here. Refer : <a href="https://aka.ms/tmt-th183 ">https://aka.ms/tmt-th183 </a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can abuse poorly managed service principal Certificate. An adversary may gain unauthorized access to {target.Name} due to compromise of User or Service Principal . falseEAn adversary can abuse poorly managed service principal secret. An adversary may gain unauthorized access to {target.Name} due to compromise of Service Principal Secret . target is 'SE.DS.TMCore.AzureKeyVault' and target.ae94fa17-596d-476e-a283-0afc166dcf26 is 'Service or User Principal and Secret' TH184UserThreatDescriptionfalseAn adversary can abuse poorly managed service principal secret. An adversary may gain unauthorized access to {target.Name} due to compromise of Service Principal Secret .22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse managed identities for Azure resources and details can be found here at <a href="https://aka.ms/tmt-th183 ">https://aka.ms/tmt-th183</a>. If managed identities is not supported , use Service/User Principal and Certificate. If none of the above options are feasible, please ensure secure management and storage of Azure Key Vault Service/User Principal secret . It is recommended to rotate service/user principal secret regularly, in accordance with organizational policies.22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can abuse poorly managed service principal secret. An adversary may gain unauthorized access to {target.Name} due to compromise of Service Principal Secret . falseEAn adversary can abuse poorly managed authentication/access policies. An adversary may gain unauthorized access to {target.Name} due to compromise of secret/certificate used to authenticate to {target.Name} .target is 'SE.DS.TMCore.AzureKeyVault' and target.ae94fa17-596d-476e-a283-0afc166dcf26 is 'Select' TH185UserThreatDescriptionfalseAn adversary can abuse poorly managed authentication/access policies. An adversary may gain unauthorized access to {target.Name} due to compromise of secret/certificate used to authenticate to {target.Name} 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse managed identities for Azure resources and details can be found here at <a href="https://aka.ms/tmt-th183 ">https://aka.ms/tmt-th183 </a>. If managed identities is not supported , use Service/User Principal and Certificate. If none of the above options are feasible, please ensure secure management and storage of Azure Key Vault Service/User Principal secret . It is recommended to rotate service/user principal secret regularly, in accordance with organizational policies.22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can abuse poorly managed authentication/access policies. An adversary may gain unauthorized access to {target.Name} due to compromise of secret/certificate used to authenticate to {target.Name} . falseDAn adversary may attempt to delete key vault or key vault object causing business disruption. target is 'SE.DS.TMCore.AzureKeyVault'TH186UserThreatDescriptionfalseAn adversary may attempt to delete key vault or key vault object causing business disruption. 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseKey Vault's soft delete feature allows recovery of the deleted vaults and vault objects, known as soft-delete . Soft deleted resources are retained for a set period of time, 90 days. Refer : <a href="https://aka.ms/tmt-th186 ">https://aka.ms/tmt-th186 </a>22222222-2222-2222-2222-2222222222222PriorityfalseLow22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may attempt to delete key vault or key vault object causing business disruption. falseEAn adversary may gain unauthorized access to manage {target.Name} due to weak authorization rulestarget is 'SE.P.TMCore.ALA'TH187UserThreatDescriptionfalseAn adversary may gain unauthorized access to manage {target.Name} due to weak authorization rules22222222-2222-2222-2222-2222222222220PossibleMitigationsfalse Access to the Azure Logic Apps management plane should be restricted by assigning the appropriate Role-Based Access Control (RBAC) roles to only those needing the privileges. Follow the principle of least privilege.  Refer : <a href="https://aka.ms/tmt-th187 ">https://aka.ms/tmt-th187 </a> 22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to manage {target.Name} due to weak authorization rulesfalseEAn adversary may gain unauthorized access to {target.Name} workflow run history data due to weak network configurationtarget is 'SE.P.TMCore.ALA' and not target.0b0ab9bc-a582-4509-a6c4-8d56de65661e is 'Specific IP'TH188UserThreatDescriptionfalseAn adversary may gain unauthorized access to {target.Name} workflow run history data due to weak network configuration22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseLimit Azure Logic Apps data plane access to workflow run history data by only allowing requests from specific IP address ranges. Grant access only as necessary, adhering to the principle of least privilege. Refer : <a href="https://aka.ms/tmt-th188 ">https://aka.ms/tmt-th188 </a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to {target.Name} workflow run history data due to weak network configurationfalseEAn adversary may gain unauthorized access to {target.Name} triggers/actions inputs or outputs by workflow run history datatarget is 'SE.P.TMCore.ALA' and not target.b1724997-7ae6-4b30-a001-9c5b42d9d1d1 is 'No'TH189UserThreatDescriptionfalseAn adversary may gain unauthorized access to {target.Name} triggers/actions inputs or outputs by workflow run history data22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnable secure inputs or outputs on the trigger or action to prevent sensitive data from being logged into run history. Refer : <a href="https://aka.ms/tmt-th189 ">https://aka.ms/tmt-th189 </a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to {target.Name} triggers/actions inputs or outputs by workflow run history datafalseEAn adversary may gain unauthorized access to {target.Name} trigger due to weak controls on the triggertarget is 'SE.P.TMCore.ALA' and not target.5afb52dc-dffb-4319-aa22-523f78ee3845 is 'No'TH190UserThreatDescriptionfalseAn adversary may gain unauthorized access to {target.Name} trigger due to weak controls on the trigger22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseLimit access to invoke the trigger by Logic Apps Shared Access Signatures ( SAS) keys and callback URLs. Refer : <a href="https://aka.ms/tmt-th190 ">https://aka.ms/tmt-th190</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to {target.Name} trigger due to weak controls on the triggerfalseEAn adversary may gain unauthorized access to trigger {target.Name} workflows due to weak network configuration  target is 'SE.P.TMCore.ALA' and ( target.d488c23c-1667-45a1-994b-f56f2655727b is 'Allow any IP inbound' or target.d488c23c-1667-45a1-994b-f56f2655727b is 'Select')TH191UserThreatDescriptionfalseAn adversary may gain unauthorized access to trigger {target.Name} workflows due to weak network configuration 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRestrict calls to Azure Logic Apps on a network level, only permitting specific clients (belonging to a set of IP addresses or IP address range) to trigger workflows. Refer : <a href="https://aka.ms/tmt-th191 ">https://aka.ms/tmt-th191</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseDesign22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to trigger {target.Name} workflows due to weak network configuration falseIAn adversary may read sensitive workflow parameters due to improper handling and management of workflow parameters and inputs target is 'SE.P.TMCore.ALA'TH192UserThreatDescriptionfalseAn adversary may read sensitive workflow parameters due to improper handling and management of workflow parameters and inputs 22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseDefine resource parameters and leverage Azure Logic Apps workflow definition language, such as the @parameters() operation, to access resource parameter values at runtime. Use the securestring parameter type to better protect when and how parameter values can be accessed. For sensitive parameters (e.g. secrets), use Azure Key Vault to store and retrieve secrets when needed. Refer : <a href="https://aka.ms/tmt-th192 ">https://aka.ms/tmt-th192</a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may read sensitive workflow parameters due to improper handling and management of workflow parameters and inputs falseEAn adversary can abuse poorly managed credentials or secrets used to access other resources in AAD tenantstarget is 'SE.P.TMCore.ALA'TH193UserThreatDescriptionfalseAn adversary can abuse poorly managed credentials or secrets used to access other resources in AAD tenants22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseUse managed identities , if possible , for your logic apps to connect to different resources managed in AAD tenant.  Refer : <a href="https://aka.ms/tmt-th193 ">https://aka.ms/tmt-th193</a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can abuse poorly managed credentials or secrets used to access other resources in AAD tenants.falseEAn adversary may gain unauthorized access to run any action on {target.Name} due to weak authorization rulestarget is 'SE.P.TMCore.ADE'TH194UserThreatDescriptionfalseAn adversary may gain unauthorized access to run any action on {target.Name} due to weak authorization rules22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure access to run any action on a Kusto resource is restricted by assigning the appropriate Role-Based Access Control (RBAC) roles to only those needing the privileges. Follow the principle of least privilege. Security roles define which security principals (users and applications) can have permissions to operate on a secured resource (such as a database or a table), and what operations are permitted. Refer : 1) <a href="https://aka.ms/tmt-th194 ">https://aka.ms/tmt-th194 </a> 2)<a href="https://aka.ms/tmt-th194a ">https://aka.ms/tmt-th194a </a>22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary may gain unauthorized access to run any action on {target.Name} due to weak authorization rulesfalseISecret information should not be logged in {target.Name}target is 'SE.P.TMCore.ADE'TH195UserThreatDescriptionfalseSecret information should not be logged in {target.Name}22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnsure any secret information like passwords , SAS Tokens , refresh tokens etc are not logged in Azure Data Explorer.22222222-2222-2222-2222-2222222222222PriorityfalseHigh22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221Secret information should not be logged in {target.Name}falseISensitive information might get disclosed while querying {target.Name}target is 'SE.P.TMCore.ADE'TH196UserThreatDescriptionfalseSensitive information might get disclosed while querying {target.Name}22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseRestrictedViewAccess policy can be enabled on tables in database which contain sensitive information and only principals with "UnrestrictedViewer" role in the database can query that data.Refer : <a href="https://aka.ms/tmt-th196 ">https://aka.ms/tmt-th196 </a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221Sensitive information might get disclosed while querying {target.Name}falseEAn adversary can run malicious Kusto queries on {target.Name} if user provided input is used in non-parameterised queriestarget is 'SE.P.TMCore.ADE'TH197UserThreatDescriptionfalseAn adversary can run malicious Kusto queries on {target.Name} if user provided input is used in non-parameterised queries22222222-2222-2222-2222-2222222222220PossibleMitigationsfalsePlease use query parameters to protect against injection attacks.Refer : <a href="https://aka.ms/tmt-th197 ">https://aka.ms/tmt-th197 </a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can run malicious Kusto queries on {target.Name} if user provided input is used in non-parameterised queriesfalseIAn adversary can gain access to unencrypted sensitive data stored in {target.Name} clustertarget is 'SE.P.TMCore.ADE'TH198UserThreatDescriptionfalseAn adversary can gain access to unencrypted sensitive data stored in {target.Name} cluster22222222-2222-2222-2222-2222222222220PossibleMitigationsfalseEnabling encryption at rest on your cluster provides data protection for stored data (at rest). Refer : <a href="https://aka.ms/tmt-th198 ">https://aka.ms/tmt-th198 </a>22222222-2222-2222-2222-2222222222222PriorityfalseMedium22222222-2222-2222-2222-2222222222221SDLPhasefalseImplementation22222222-2222-2222-2222-2222222222221An adversary can gain access to unencrypted sensitive data stored in {target.Name} cluster ================================================ FILE: docs/threat-model/README.md ================================================ # Threat Model A threat model provides a visual representation of how components in the stack interact. When the model is accurate, security and compliance teams can evaluate it effectively, identifying potential vulnerabilities and areas for optimization. Keeping the threat model up to date helps protect **both** customer data and Microsoft assets. - 📥 [Download the Threat Modeling Tool](https://aka.ms/threatmodelingtool) - 📚 [Learn more about threat modeling](https://osgwiki.com/wiki/Task_-_Services_Security:_Complete_And_Upload_A_Threat_Model) > **Note:** Diagrams of various flows are exported and checked in as PNGs for easy reference. > When updating the threat model, make sure to check in the latest PNG to: > `azure-pipelines-agent/docs/threat-model/Export` ================================================ FILE: docs/troubleshooting.md ================================================ # Troubleshooting The agent sends logs to the server but some failures such as configuration, networking or permissions prevent that. It requires investigating within the agent. Often these logs are most relevant to the product but they can sometimes provide hints to a user as what could be wrong. ## System.Debug If you are having issues with a build, the first step is to set System.Debug to `true` on the build or release definitions variables tab. The agent and tasks will emit [debug]xxx lines for more detailed insight into what the specific task is doing. ## Agent Trace Logs Logs are in the _diag folder. The agent has two parts. The agent which listens to the build queue. When it gets a build message, it creates a worker process to run that build. For example: ```bash $ ls -la _diag/ -rwxr--r-- 1 bryanmac staff 23126 Jun 11 06:43 Agent_20160611-104223-utc.log -rwxr--r-- 1 bryanmac staff 26046 Jun 11 08:39 Agent_20160611-123755-utc.log -rwxr--r-- 1 bryanmac staff 240035 Jun 11 08:38 Worker_20160611-123825-utc.log -rwxr--r-- 1 bryanmac staff 220196 Jun 11 08:38 Worker_20160611-123843-utc.log -rwxr--r-- 1 bryanmac staff 220012 Jun 11 08:39 Worker_20160611-123858-utc.log ``` If the agent isn't picking up builds, the agent logs are likely the most relevant. If a build starts running and you want to get details of that build, the specific worker log is relevant. Secrets are masked out of the logs. ## Http Tracing The agent has built in functionality to trace all http traffic's header into diag log. Enable the tracing via environment variable `VSTS_AGENT_HTTPTRACE` ```bash Windows: set VSTS_AGENT_HTTPTRACE=true OSX/Linux: export VSTS_AGENT_HTTPTRACE=true ``` Set the environment variable before you launch the agent.listener ## (Alternate) Http Tracing Windows Start [Fiddler](http://www.telerik.com/fiddler). It's recommended to only listen to agent traffic. File > Capture Traffic off (F12) Enable decrypting HTTPS traffic. Tools > Fiddler Options > HTTPS tab. Decrypt HTTPS traffic Let the agent know to use the proxy: ```bash set VSTS_HTTP_PROXY=http://127.0.0.1:8888 ``` Run the agent interactively. If you're running as a service, you can set as the environment variable in control panel for the account the service is running as. Restart the agent. TODO: video ## (Alternate) Http Tracing OSX / Linux It's easy to capture the http trace of the agent using Charles Proxy (similar to Fiddler on windows). TODO: video Start Charles Proxy Charles: Proxy > Proxy Settings > SSL Tab. Enable. Add URL Charles: Proxy > Mac OSX Proxy. Recommend disabling to only see agent traffic. ```bash export VSTS_HTTP_PROXY=http://127.0.0.1:8888 ``` Run the agent interactively. If it's running as a service, you can set in the .env file. See [nix service](start/nixsvc.md) Restart the agent. ## Security Notice HTTP traces and trace files can contain credentials. 1. Do not POST them on a publically accessible site. 2. If you send them to the product team, they will be treated securely and discarded after the investigation. ## Workaround HttpTimeoutException You may experience Build failed because of http timeout during upload build artifact, or a Build/Release finished without detail log since agent hit HttpTimeoutException and not able to upload logs. The HttpClient that agent used by default will retry at most 5 times on any Network/Socket area exception. Regular http post request by default will timeout after 100 seconds, artifact upload http post request by default will timeout after 300 seconds. We provide two environment variables that will allow you overwrite these configurations. ```bash Windows: set VSTS_HTTP_RETRY=5 // set http retry, valid range [5, 10] set VSTS_HTTP_TIMEOUT=120 // set http timeout, valid range [100, 1200] Linux: export VSTS_HTTP_RETRY=5 // set http retry, valid range [5, 10] export VSTS_HTTP_TIMEOUT=120 // set http timeout, valid range [100, 1200] ``` ================================================ FILE: images/readme.md ================================================ # Docker Images for the Agent CI/CD Pipeline ## Docker Hub In order to publish these images, you need to be a member of the organization `azpagentinfra` ## How to Build ```bash docker build --tag "azpagentinfra/alpine:latest" ./images/alpine/ ``` ## How to Push ```bash docker push "azpagentinfra/alpine:latest" ``` ================================================ FILE: open-pullrequest.ps1 ================================================ param( [Parameter(Mandatory)] [string] $SourceBranch ) # Getting a created PR. Result object has interface in accordance with article https://docs.github.com/en/rest/reference/pulls#get-a-pull-request function Get-PullRequest() { return (gh api -X GET repos/:owner/:repo/pulls -F head=":owner:$SourceBranch" -f state=open -f base=master | ConvertFrom-Json) } $openedPR = Get-PullRequest if ($openedPR.html_url.length -ne 0) { throw "A PR from $SourceBranch to master already exists." } $buildUrl = "$env:SYSTEM_TEAMFOUNDATIONCOLLECTIONURI$env:SYSTEM_TEAMPROJECT/_build/results?buildId=$env:BUILD_BUILDID&_a=summary" $body = "This PR was auto-generated with [the localization pipeline build]($buildUrl)." gh pr create --head $SourceBranch --title 'Localization update' --body $body --label "misc" # Getting a number to the opened PR $PR_NUMBER = (Get-PullRequest).number Write-Host "##vso[task.setvariable variable=PR_NUMBER]$PR_NUMBER" # Getting a link to the opened PR $PR_LINK = (Get-PullRequest).html_url Write-Host "##vso[task.setvariable variable=PR_LINK]$PR_LINK" ================================================ FILE: release/Send-PRsNotification.ps1 ================================================ # Send notifications by POST method to MS Teams webhook # Body of message is compiled as Office 365 connector card # More details about cards - https://docs.microsoft.com/en-us/microsoftteams/platform/task-modules-and-cards/cards/cards-reference#office-365-connector-card $wikiLink = "[Wiki](https://dev.azure.com/mseng/AzureDevOps/_wiki/wikis/AzureDevOps.wiki/18816/How-to-release-the-agent)" $arePRsCreated = $env:ADO_PR_ID -and $env:CC_PR_ID if ($arePRsCreated) { $adoPrLink = "[ADO PR $env:ADO_PR_ID]($env:ADO_PR_LINK)" $ccPrLink = "[CC PR $env:CC_PR_ID]($env:CC_PR_LINK)" $title = "Agent ADO release PRs created" $text = "Created PRs with update of agent packages in ADO and ConfigChange repos.`n- $adoPrLink`n-$ccPrLink.`nRelated agent release article in $wikiLink." $themeColor = "#4974A5" } else { $pipelineLink = "$env:SYSTEM_TEAMFOUNDATIONCOLLECTIONURI$env:SYSTEM_TEAMPROJECT/_build/results?buildId=$env:BUILD_BUILDID&_a=summary" $buildLink = "[ID $($env:BUILD_BUILDID)]($($pipelineLink))" $title = "Agent release pipeline failed - ID $($env:BUILD_BUILDID)" $text = "Failed to create agent release. Please review the results of failed build: $buildLink. Related article in $wikiLink." $themeColor = "#FF0000" } # Notifications will be sent only if PRs are created or if it's the first failed attempt. $shouldNotify = $arePRsCreated -or $env:SYSTEM_JOBATTEMPT -eq '1' if ($shouldNotify) { $body = [PSCustomObject]@{ title = $title text = $text themeColor = $themeColor } | ConvertTo-Json Invoke-RestMethod -Uri $env:TEAMS_WEBHOOK -Method Post -Body $body -ContentType "application/json" } else { Write-Host "Skipping notification." } ================================================ FILE: release/createAdoPrs.js ================================================ const azdev = require('azure-devops-node-api'); const fs = require('fs'); const path = require('path'); const tl = require('azure-pipelines-task-lib/task'); const util = require('./util'); const got = require('got'); const INTEGRATION_DIR = path.join(__dirname, '..', '_layout', 'integrations'); const GIT = 'git'; const opt = require('node-getopt').create([ ['', 'dryrun=ARG', 'Dry run only, do not actually commit new release'], ['h', 'help', 'Display this help'], ]) .setHelp( 'Usage: node createAdoPrs.js [OPTION] \n' + '\n' + '[[OPTIONS]]\n' ) .bindHelp() // bind option 'help' to default action .parseSystem(); // parse command line const orgUrl = 'dev.azure.com/mseng'; const httpsOrgUrl = `https://${orgUrl}`; const authHandler = azdev.getPersonalAccessTokenHandler(process.env.PAT); const connection = new azdev.WebApi(httpsOrgUrl, authHandler); /** * Fills InstallAgentPackage.xml and Publish.ps1 templates. * Replaces and with the right values in these files. * @param {string} agentVersion Agent version, e.g. 2.193.0 */ function createIntegrationFiles(agentVersion) { fs.mkdirSync(INTEGRATION_DIR, { recursive: true }); for (const agentPackageXml of ['InstallAgentPackage', 'UpdateAgentPackage']) { const xmlFilePath = path.join(INTEGRATION_DIR, `${agentPackageXml}.xml`); util.fillAgentParameters( path.join(__dirname, '..', 'src', 'Misc', `${agentPackageXml}.template.xml`), xmlFilePath, agentVersion ); clearEmptyHashValueLine(xmlFilePath); clearEmptyXmlNodes(xmlFilePath); } const publishScriptFilePath = path.join(INTEGRATION_DIR, 'Publish.ps1'); util.fillAgentParameters( path.join(__dirname, '..', 'src', 'Misc', 'Publish.template.ps1'), publishScriptFilePath, agentVersion ); clearEmptyHashValueLine(publishScriptFilePath); } function clearEmptyXmlNodes(filePath) { let xmlFile = fs.readFileSync(filePath, 'utf-8'); while (xmlFile.length != (xmlFile = xmlFile.replace(/\s*<[\w\s="]+>\n*\s*<\/[\w\s="]+>/g, "")).length) { } fs.writeFileSync(filePath, xmlFile); } function clearEmptyHashValueLine(filePath) { const text = fs.readFileSync(filePath, 'utf-8'); const lines = text.split('\n'); const modifiedLines = lines.filter((line) => !line.includes('')); fs.writeFileSync(filePath, modifiedLines.join('\n').replace(/\n\r(\n\r)+/g, '\n\r')); } /** * Create AzureDevOps pull request using files from `INTEGRATION_DIR` * @param {string} repo AzureDevOps repo name * @param {string} project AzureDevOps project name * @param {string} sourceBranch pull request source branch * @param {string} targetBranch pull request target branch * @param {string} commitMessage commit message * @param {string} title pull request title * @param {string} description pull reqest description * @param {string[]} targetsToCommit files to add in pull request */ async function openPR(repo, project, sourceBranch, targetBranch, commitMessage, title, description, targetsToCommit, dryrun = false) { console.log(`Creating PR from "${sourceBranch}" into "${targetBranch}" in the "${project}/${repo}" repo`); const repoPath = path.join(INTEGRATION_DIR, repo); if (!fs.existsSync(repoPath)) { const gitUrl = `https://${process.env.PAT}@${orgUrl}/${project}/_git/${repo}`; util.execInForeground(`${GIT} clone --depth 1 ${gitUrl} ${repoPath}`, null, dryrun); } for (const targetToCommit of targetsToCommit) { const relativePath = path.dirname(targetToCommit); const fullPath = path.join(repoPath, relativePath); const fileName = path.basename(targetToCommit); const sourceFile = path.join(INTEGRATION_DIR, fileName); const targetFile = path.join(fullPath, fileName); if (dryrun) { console.log(`Fake copy file from ${sourceFile} to ${targetFile}`); } else { console.log(`Copy file from ${sourceFile} to ${targetFile}`); fs.mkdirSync(fullPath, { recursive: true }); fs.copyFileSync(sourceFile, targetFile); } } for (const targetToCommit of targetsToCommit) { util.execInForeground(`${GIT} add ${targetToCommit}`, repoPath, dryrun); } util.execInForeground(`${GIT} checkout -b ${sourceBranch}`, repoPath, dryrun); util.execInForeground(`${GIT} commit -m "${commitMessage}"`, repoPath, dryrun); util.execInForeground(`${GIT} push --force origin ${sourceBranch}`, repoPath, dryrun); const prefix = 'refs/heads/'; const refs = { sourceRefName: `${prefix}${sourceBranch}`, targetRefName: `${prefix}${targetBranch}` }; const pullRequest = { ...refs, title, description }; console.log('Getting Git API'); const gitApi = await connection.getGitApi(); console.log('Checking if an active pull request for the source and target branch already exists'); let PR = (await gitApi.getPullRequests(repo, refs, project))[0]; if (PR) { console.log('PR already exists'); } else if (dryrun) { return [-1, 'test']; // return without creating PR for test runs } else { console.log('PR does not exist; creating PR'); PR = await gitApi.createPullRequest(pullRequest, repo, project); } const prLink = `${httpsOrgUrl}/${project}/_git/${repo}/pullrequest/${PR.pullRequestId}`; console.log(`Link to the PR: ${prLink}`); return [PR.pullRequestId, prLink]; } /** * Queries whatsprintis.it for current sprint version * * @throws An error will be thrown if the response does not contain a sprint version as a three-digit numeric value * @returns current sprint version */ async function getCurrentSprint() { const response = await got.get('https://whatsprintis.it/?json', { responseType: 'json' }); const sprint = response.body.sprint; if (!/^\d\d\d$/.test(sprint)) { throw new Error(`Sprint must be a three-digit number; received: ${sprint}`); } return sprint; } async function main() { try { const agentVersion = opt.argv[0]; if (agentVersion === undefined) { console.log('Error: You must supply a version'); process.exit(-1); } else if (!agentVersion.match(/^\d\.\d\d\d.\d+$/)) { throw new Error(`Agent version should fit the pattern: "x.xxx.xxx"; received: "${agentVersion}"`); } util.verifyMinimumNodeVersion(); util.verifyMinimumGitVersion(); createIntegrationFiles(agentVersion); let dryrun = false; if (opt.options.dryrun) { dryrun = opt.options.dryrun.toString().toLowerCase() === "true" } console.log(`Dry run: ${dryrun}`); util.execInForeground(`${GIT} config --global user.email "${process.env.USEREMAIL}"`, null, dryrun); util.execInForeground(`${GIT} config --global user.name "${process.env.USERNAME}"`, null, dryrun); const sprint = await getCurrentSprint(); const project = 'AzureDevOps'; const sourceBranch = `users/${process.env.USERNAME}/agent-${agentVersion}`; const targetBranch = 'master'; const commitMessage = `Agent Release ${agentVersion}`; const title = 'Update Agent'; const [adoPrId, adoPrLink] = await openPR( 'AzureDevOps', project, sourceBranch, targetBranch, commitMessage, title, `Update agent to version ${agentVersion}`, [ path.join( 'DistributedTask', 'Service', 'Servicing', 'Host', 'Deployment', 'Groups', 'InstallAgentPackage.xml' ), path.join( 'DistributedTask', 'Service', 'Servicing', 'Host', 'Deployment', 'Groups', 'UpdateAgentPackage.xml' ), ], dryrun ); const [ccPrId, ccPrLink] = await openPR( 'AzureDevOps.ConfigChange', project, sourceBranch, targetBranch, commitMessage, title, `Update agent publish script to version ${agentVersion}`, [ path.join( 'tfs', `M${sprint}`, 'PipelinesAgentRelease', agentVersion, 'Publish.ps1' ) ], dryrun ); console.log(`##vso[task.setvariable variable=AdoPrId;isOutput=true]${adoPrId}`); console.log(`##vso[task.setvariable variable=AdoPrLink;isOutput=true]${adoPrLink}`); console.log(`##vso[task.setvariable variable=CcPrId;isOutput=true]${ccPrId}`); console.log(`##vso[task.setvariable variable=CcPrLink;isOutput=true]${ccPrLink}`); console.log('Done.'); } catch (err) { tl.setResult(tl.TaskResult.Failed, err.message || 'run() failed', true); throw err; } } main(); ================================================ FILE: release/createReleaseBranch.js ================================================ const cp = require('child_process'); const fs = require('fs'); const path = require('path'); const tl = require('azure-pipelines-task-lib/task'); const util = require('./util'); const { Octokit } = require("@octokit/rest"); const { graphql } = require("@octokit/graphql"); const fetch = require('node-fetch'); const OWNER = 'microsoft'; const REPO = 'azure-pipelines-agent'; const GIT = 'git'; const VALID_RELEASE_RE = /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/; const octokit = new Octokit({}); // only read-only operations, no need to auth const graphqlWithFetch = graphql.defaults({ // Create a reusable GraphQL instance with fetch request: { fetch, }, headers: { authorization: process.env.PAT ? `token ${process.env.PAT}` : undefined, } }); process.env.EDITOR = process.env.EDITOR === undefined ? 'code --wait' : process.env.EDITOR; var opt = require('node-getopt').create([ ['', 'dryrun', 'Dry run only, do not actually commit new release'], ['', 'derivedFrom=version', 'Used to get PRs merged since this release was created', 'lastMinorRelease'], ['', 'branch=branch', 'Branch to select PRs merged into', 'master'], ['', 'targetCommitId=commit', 'Fetch PRs merged since this commit', ''], ['h', 'help', 'Display this help'], ]) .setHelp( 'Usage: node createReleaseBranch.js [OPTION] \n' + '\n' + '[[OPTIONS]]\n' ) .bindHelp() // bind option 'help' to default action .parseSystem(); // parse command line async function verifyNewReleaseTagOk(newRelease) { if (!newRelease || !newRelease.match(VALID_RELEASE_RE) || newRelease.endsWith('.999.999')) { console.log(`Invalid version '${newRelease}'. Version must be in the form of .. where each level is 0-999`); process.exit(-1); } try { var tag = 'v' + newRelease; await octokit.repos.getReleaseByTag({ owner: OWNER, repo: REPO, tag: tag }); console.log(`Version ${newRelease} is already in use`); process.exit(-1); } catch { console.log(`Version ${newRelease} is available for use`); } } function writeAgentVersionFile(newRelease) { console.log('Writing agent version file') if (!opt.options.dryrun) { fs.writeFileSync(path.join(__dirname, '..', 'src', 'agentversion'), `${newRelease}\n`); } return newRelease; } function filterCommitsUpToTarget(commitList) { try{ var targetCommitId = opt.options.targetCommitId; var targetIndex = commitList.indexOf(targetCommitId); if (targetIndex === -1) { console.log(`Debug: Commit ID ${targetCommitId} not found in the list.`); return commitList; } // Return commits up to and including the target commit return commitList.slice(0, targetIndex + 1); }catch (e){ console.log(e); console.error(`Unexpected error while filtering commits`); process.exit(-1); } } async function fetchPRsForSHAsGraphQL(commitSHAs) { var queryParts = commitSHAs.map((sha, index) => ` commit${index + 1}: object(expression: "${sha}") { ... on Commit { associatedPullRequests(first: 1) { edges { node { title number createdAt closedAt labels(first: 10) { edges { node { name } } } } } } } }`); var fullQuery = ` query ($repo: String!, $owner: String!) { repository(name: $repo, owner: $owner) { ${queryParts.join('\n')} } } `; try { var response = await graphqlWithFetch(fullQuery, { repo: REPO, owner: OWNER, }); var prs = []; Object.keys(response.repository).forEach(commitKey => { var commit = response.repository[commitKey]; if (commit && commit.associatedPullRequests) { commit.associatedPullRequests.edges.forEach(pr => { prs.push({ title: pr.node.title, number: pr.node.number, createdAt: pr.node.createdAt, closedAt: pr.node.closedAt, labels: pr.node.labels.edges.map(label => ({ name: label.node.name })), // Extract label names }); }); } }); return prs; } catch (e) { console.log(e); console.error(`Error fetching PRs via GraphQL.`); process.exit(-1); } } async function fetchPRsSincePreviousReleaseAndEditReleaseNotes(newRelease, callback) { try { var latestReleases = await octokit.repos.listReleases({ owner: OWNER, repo: REPO }) var filteredReleases = latestReleases.data.filter(release => !release.draft); // consider only pre-releases and published releases var majorVersion = parseInt(newRelease.split('.')[0]); var releaseTagPrefix = 'v' + majorVersion; console.log(`Getting latest release starting with ${releaseTagPrefix}`); var latestReleaseInfo = filteredReleases.find(release => release.tag_name.toLowerCase().startsWith(releaseTagPrefix.toLowerCase())); // Fall back to previous major version if no releases found for current major version if (!latestReleaseInfo && majorVersion > 0) { var fallbackPrefix = 'v' + (majorVersion - 1); console.log(`No releases found with prefix ${releaseTagPrefix}, falling back to ${fallbackPrefix}`); latestReleaseInfo = filteredReleases.find(release => release.tag_name.toLowerCase().startsWith(fallbackPrefix.toLowerCase())); } if (!latestReleaseInfo) { console.log(`Error: No releases found with prefix ${releaseTagPrefix} or fallback. Aborting.`); process.exit(-1); } console.log(`Previous release tag with ${latestReleaseInfo.tag_name} and published date is: ${latestReleaseInfo.published_at}`) try { var comparison = await octokit.repos.compareCommits({ owner: OWNER, repo: REPO, base: latestReleaseInfo.tag_name, head: 'master', }); var commitSHAs = comparison.data.commits.map(commit => commit.sha); var filteredCommits = filterCommitsUpToTarget(commitSHAs); try { var allPRs = await fetchPRsForSHAsGraphQL(filteredCommits); editReleaseNotesFile({ items: allPRs }); } catch (e) { console.log(e); console.log(`Error: Problem in fetching PRs using commit SHA. Aborting.`); process.exit(-1); } } catch (e) { console.log(e); console.log(`Error: Cannot find commits changes. Aborting.`); process.exit(-1); } } catch (e) { console.log(e); console.log(`Error: Cannot find releases. Aborting.`); process.exit(-1); } } async function fetchPRsSinceLastReleaseAndEditReleaseNotes(newRelease, callback) { var derivedFrom = opt.options.derivedFrom; console.log("Derived from %o", derivedFrom); try { var releaseInfo; // If derivedFrom is 'lastMinorRelease', fetch PRs by comparing with the previous release. // For example: // - If newRelease = 4.255.0, it will compare changes with the latest RELEASE/PRE-RELEASE tag starting with 4.xxx.xxx. // - If newRelease = 3.255.1, it will compare changes with the latest RELEASE/PRE-RELEASE tag starting with 3.xxx.xxx. if (derivedFrom === 'lastMinorRelease') { console.log("Fetching PRs by comparing with the previous release.") await fetchPRsSincePreviousReleaseAndEditReleaseNotes(newRelease, callback); return; } else if (derivedFrom !== 'latest') { var tag = 'v' + derivedFrom; console.log(`Getting release by tag ${tag}`); releaseInfo = await octokit.repos.getReleaseByTag({ owner: OWNER, repo: REPO, tag: tag }); } else { console.log("Getting latest release"); releaseInfo = await octokit.repos.getLatestRelease({ owner: OWNER, repo: REPO }); } var branch = opt.options.branch; var lastReleaseDate = releaseInfo.data.published_at; console.log(`Fetching PRs merged since ${lastReleaseDate} on ${branch}`); try { var results = await octokit.search.issuesAndPullRequests({ q: `type:pr+is:merged+repo:${OWNER}/${REPO}+base:${branch}+merged:>=${lastReleaseDate}`, order: 'asc', sort: 'created' }) editReleaseNotesFile(results.data); } catch (e) { console.log(`Error: Problem fetching PRs: ${e}`); process.exit(-1); } } catch (e) { console.log(e); console.log(`Error: Cannot find release ${opt.options.derivedFrom}. Aborting.`); process.exit(-1); } } function editReleaseNotesFile(body) { var releaseNotesFile = path.join(__dirname, '..', 'releaseNote.md'); var existingReleaseNotes = fs.readFileSync(releaseNotesFile); var newPRs = { 'Features': [], 'Bugs': [], 'Misc': [] }; body.items.forEach(function (item) { var category = 'Misc'; item.labels.forEach(function (label) { if (category) { if (label.name === 'bug') { category = 'Bugs'; } if (label.name === 'enhancement') { category = 'Features'; } if (label.name === 'internal') { category = null; } } }); if (category) { newPRs[category].push(` - ${item.title} (#${item.number})`); } }); var newReleaseNotes = ''; var categories = ['Features', 'Bugs', 'Misc']; categories.forEach(function (category) { newReleaseNotes += `## ${category}\n${newPRs[category].join('\n')}\n\n`; }); newReleaseNotes += existingReleaseNotes; var editorCmd = `${process.env.EDITOR} ${releaseNotesFile}`; console.log(editorCmd); if (opt.options.dryrun) { console.log('Found the following PRs = %o', newPRs); console.log('\n\n'); console.log(newReleaseNotes); console.log('\n'); } else { fs.writeFileSync(releaseNotesFile, newReleaseNotes); try { cp.execSync(`${process.env.EDITOR} ${releaseNotesFile}`, { stdio: [process.stdin, process.stdout, process.stderr] }); } catch (err) { console.log(err.message); process.exit(-1); } } } function commitAndPush(directory, release, branch) { util.execInForeground(GIT + " checkout -b " + branch, directory, opt.options.dryrun); util.execInForeground(`${GIT} commit -m "Agent Release ${release}" `, directory, opt.options.dryrun); util.execInForeground(`${GIT} -c credential.helper='!f() { echo "username=pat"; echo "password=$PAT"; };f' push --set-upstream origin ${branch}`, directory, opt.options.dryrun); } function commitAgentChanges(directory, release) { var newBranch = `releases/${release}`; util.execInForeground(`${GIT} add ${path.join('src', 'agentversion')}`, directory, opt.options.dryrun); util.execInForeground(`${GIT} add releaseNote.md`, directory, opt.options.dryrun); util.execInForeground(`${GIT} config --global user.email "azure-pipelines-bot@microsoft.com"`, null, opt.options.dryrun); util.execInForeground(`${GIT} config --global user.name "azure-pipelines-bot"`, null, opt.options.dryrun); commitAndPush(directory, release, newBranch); } function checkGitStatus() { var git_status = cp.execSync(`${GIT} status --untracked-files=no --porcelain`, { encoding: 'utf-8' }); if (git_status) { console.log('You have uncommited changes in this clone. Aborting.'); console.log(git_status); if (!opt.options.dryrun) { process.exit(-1); } } else { console.log('Git repo is clean.'); } return git_status; } async function main() { try { var newRelease = opt.argv[0]; if (newRelease === undefined) { console.log('Error: You must supply a version'); process.exit(-1); } util.verifyMinimumNodeVersion(); util.verifyMinimumGitVersion(); await verifyNewReleaseTagOk(newRelease); checkGitStatus(); writeAgentVersionFile(newRelease); await fetchPRsSinceLastReleaseAndEditReleaseNotes(newRelease); commitAgentChanges(path.join(__dirname, '..'), newRelease); console.log('done.'); } catch (err) { tl.setResult(tl.TaskResult.Failed, err.message || 'run() failed', true); throw err; } } main(); ================================================ FILE: release/fillReleaseNotesTemplate.js ================================================ const fs = require('fs'); const path = require('path'); const util = require('./util'); /** * @param {*} releaseNotes Release notes template text content * @returns Release notes where `` is replaced with the provided agents package hash */ function addHashesToReleaseNotes(releaseNotes) { const hashes = util.getHashes(); const lines = releaseNotes.split('\n'); const modifiedLines = lines.map((line) => { if (!line.includes('')) { return line; } // Package is the second column in the releaseNote.md file, get it's value const columns = line.split('|').filter((column) => column.length !== 0); const packageColumn = columns[1]; // Inside package column, we have the package name inside the square brackets const packageName = packageColumn.substring(packageColumn.indexOf('[') + 1, packageColumn.indexOf(']')); if (hashes[packageName]) return line.replace('', hashes[packageName]); else return line; }); return modifiedLines.join('\n'); } /** * * @param {*} releaseNotes Release notes template text content * @returns Release notes where not filling in lines is removed */ function removeMissingBuild(releaseNotes) { var buildNames = []; var buildDescriptionIndexes = []; const lines = releaseNotes.split('\n'); lines.forEach((line) => { if (line.includes('')) { buildNames.push(line.substring(line.indexOf('|') + 1, line.indexOf('|', line.indexOf('|') + 1)).trim()); } }); for (var i = 0; i < lines.length; i++) { if (containBuildDescriptionHeader(lines[i], buildNames) !== -1) { var endIndex = -1; var numberOfOccurrences = 0; buildDescriptionIndexes.push(i - 1); // add empty string before description index buildDescriptionIndexes.push(i); while (i < lines.length && endIndex === -1) { i++; buildDescriptionIndexes.push(i); if (lines[i].indexOf('```') !== -1) { numberOfOccurrences++; if (numberOfOccurrences === 2) { endIndex = i; } } } } } return lines .filter((line, idx) => line.indexOf('') === -1 && buildDescriptionIndexes.indexOf(idx) === -1) .join('\n'); } /** * * @param {*} line Line of release notes * @param {*} buildNames List of build names * @returns index of buildescription header */ function containBuildDescriptionHeader(line, buildNames) { return buildNames.findIndex(bn => line.indexOf('## ' + bn) >= 0); } /** * @param {string} releaseNotes Release notes template text content * @param {string} agentVersion Agent version, e.g. 2.193.0 * @returns Release notes where `` is replaced with the provided agent version */ function addAgentVersionToReleaseNotes(releaseNotes, agentVersion) { return releaseNotes.replace(//g, agentVersion); } /** * Takes agent version as the first cmdline argument. * * Reads the releaseNote.md template file content and replaces `` and `` with agent version and package hash respectively. */ function main() { const agentVersion = process.argv[2]; if (agentVersion === undefined) { throw new Error('Agent version argument must be supplied'); } const releaseNotesPath = path.join(__dirname, '..', 'releaseNote.md'); const releaseNotes = fs.readFileSync(releaseNotesPath, 'utf-8'); const releaseNotesWithAgentVersion = addAgentVersionToReleaseNotes(releaseNotes, agentVersion); const filledReleaseNotes = addHashesToReleaseNotes(releaseNotesWithAgentVersion); const cleanedReleaseNotes = removeMissingBuild(filledReleaseNotes); fs.writeFileSync(releaseNotesPath, cleanedReleaseNotes); } main(); ================================================ FILE: release/package.json ================================================ { "private": true, "devDependencies": { "@octokit/rest": "^16.43.2", "@octokit/graphql": "^7.1.1", "azure-devops-node-api": "^12.0.0", "azure-pipelines-task-lib": "^4.3.1", "got": "^11.8.6", "node-getopt": "^0.3.2" } } ================================================ FILE: release/rollrelease.js ================================================ const { Octokit } = require("@octokit/rest"); const owner = 'microsoft'; const repo = 'azure-pipelines-agent'; var opt = require('node-getopt').create([ ['', 'dryrun', 'Dry run only, do not actually commit new release'], ['', 'ghpat=pat', 'GitHub PAT', ''], ['', 'stage=stage', 'The stage of the current agent deployment (ex. Ring 0)', ''], ['h', 'help', 'Display this help'], ]) .setHelp( "Usage: node rollrelease.js [OPTION] \n" + "\n" + "[[OPTIONS]]\n" ) .bindHelp() // bind option 'help' to default action .parseSystem(); // parse command line async function main() { var release = opt.argv[0]; if (release === undefined) { console.log('Error: You must supply a version'); process.exit(-1); } if (!opt.options.stage) { console.log('Error: You must specify the stage the agent is being rolled out to'); process.exit(-1); } const octokit = new Octokit({ auth: opt.options.ghpat }); var tag = 'v' + release; var releaseInfo; try { releaseInfo = await octokit.repos.getReleaseByTag({ owner, repo, tag }); } catch (e) { console.log(`Error: Unable to find release ${tag}: ${e}`); process.exit(-1); } var releaseId = releaseInfo.data.id; // TODO: Add other actions to take when rolling agent to specific rings // Some ideas: // - Update release body // - Post to Slack Channel if (opt.options.stage.toLowerCase() === 'ring 5') { if (!opt.options.dryrun) { try { await octokit.repos.updateRelease({ owner, repo, release_id: releaseId, prerelease: false, }); console.log(`Release ${release} marked no longer pre-release`); } catch (e) { console.log(`Error: Problem updating release: ${e}`); } } else { console.log(`Release ${release} to be marked no longer pre-release`); } } } main(); ================================================ FILE: release/util.js ================================================ const cp = require('child_process'); const fs = require('fs'); const path = require('path'); const GIT = 'git'; const GIT_RELEASE_RE = /([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})/; exports.verifyMinimumNodeVersion = function() { var version = process.version; var minimumNodeVersion = '12.10.0'; // this is the version of node that supports the recursive option to rmdir if (parseFloat(version.substr(1,version.length)) < parseFloat(minimumNodeVersion)) { console.log('Version of Node does not support recursive directory deletes. Be sure you are starting with a clean workspace!'); } console.log(`Using node version ${version}`); } exports.verifyMinimumGitVersion = function() { var gitVersionOutput = cp.execSync(`${GIT} --version`, { encoding: 'utf-8'}); if (!gitVersionOutput) { console.log('Unable to get Git Version.'); process.exit(-1); } var gitVersion = gitVersionOutput.match(GIT_RELEASE_RE)[0]; var minimumGitVersion = '2.25.0'; // this is the version that supports sparse-checkout if (parseFloat(gitVersion) < parseFloat(minimumGitVersion)) { console.log(`Version of Git does not meet minimum requirement of ${minimumGitVersion}`); process.exit(-1); } console.log(`Using git version ${gitVersion}`); } exports.execInForeground = function(command, directory, dryrun = false) { directory = directory || '.'; console.log(`% ${command}`); if (!dryrun) { cp.execSync(command, { cwd: directory, stdio: [process.stdin, process.stdout, process.stderr] }); } } /** * Replaces `` and `` with the right values depending on agent package file name * * @param {string} template Template path (e.g. InstallAgentPackage.template.xml or Publish.template.ps1 paths) * @param {string} destination Path where the filled template should be written (e.g. InstallAgentPackage.xml path) * @param {string} version Agent version, e.g. 2.193.0 */ exports.fillAgentParameters = function(template, destination, version) { try { var data = fs.readFileSync(template, 'utf8'); data = data.replace(//g, version); const hashes = exports.getHashes(); const dataLines = data.split('\n'); const modifiedDataLines = dataLines.map((line) => { for (const packageName of Object.keys(hashes)) { if (line.includes(packageName)) { return line.replace('', hashes[packageName]); } } return line; }); data = modifiedDataLines.join('\n'); console.log(`Generating ${destination}`); fs.writeFileSync(destination, data); } catch(e) { console.log('Error:', e.stack); } } /** * @returns A map where the keys are the agent package file names and the values are corresponding packages hashes */ exports.getHashes = function() { const hashesDirPath = path.join(__dirname, '..', '_hashes', 'hash'); const hashFiles = fs.readdirSync(hashesDirPath); const hashes = {}; for (const hashFileName of hashFiles) { const hashFilePath = path.join(hashesDirPath, hashFileName); if (fs.statSync(hashFilePath).isDirectory()) { console.log(`Skipping directory ${hashFilePath}`); continue; } const agentPackageFileName = hashFileName.replace('.sha256', ''); const hashFileContent = fs.readFileSync(hashFilePath, 'utf-8').trim(); // Last 64 characters are the sha256 hash value const hashStringLength = 64; const hash = hashFileContent.slice(hashFileContent.length - hashStringLength); hashes[agentPackageFileName] = hash; } return hashes; } ================================================ FILE: releaseNote.md ================================================ ## Agent Downloads | | Package | SHA-256 | | -------------- | ------- | ------- | | Windows x64 | [vsts-agent-win-x64-.zip](https://download.agent.dev.azure.com/agent//vsts-agent-win-x64-.zip) | | | Windows x86 | [vsts-agent-win-x86-.zip](https://download.agent.dev.azure.com/agent//vsts-agent-win-x86-.zip) | | | macOS x64 | [vsts-agent-osx-x64-.tar.gz](https://download.agent.dev.azure.com/agent//vsts-agent-osx-x64-.tar.gz) | | | macOS ARM64 | [vsts-agent-osx-arm64-.tar.gz](https://download.agent.dev.azure.com/agent//vsts-agent-osx-arm64-.tar.gz) | | | Linux x64 | [vsts-agent-linux-x64-.tar.gz](https://download.agent.dev.azure.com/agent//vsts-agent-linux-x64-.tar.gz) | | | Linux ARM | [vsts-agent-linux-arm-.tar.gz](https://download.agent.dev.azure.com/agent//vsts-agent-linux-arm-.tar.gz) | | | Linux ARM64 | [vsts-agent-linux-arm64-.tar.gz](https://download.agent.dev.azure.com/agent//vsts-agent-linux-arm64-.tar.gz) | | | Linux musl x64 | [vsts-agent-linux-musl-x64-.tar.gz](https://download.agent.dev.azure.com/agent//vsts-agent-linux-musl-x64-.tar.gz) | | | Linux musl ARM64 | [vsts-agent-linux-musl-arm64-.tar.gz](https://download.agent.dev.azure.com/agent//vsts-agent-linux-musl-arm64-.tar.gz) | | After Download: ## Windows x64 ``` bash C:\> mkdir myagent && cd myagent C:\myagent> Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory("$HOME\Downloads\vsts-agent-win-x64-.zip", "$PWD") ``` ## Windows x86 ``` bash C:\> mkdir myagent && cd myagent C:\myagent> Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory("$HOME\Downloads\vsts-agent-win-x86-.zip", "$PWD") ``` ## macOS x64 ``` bash ~/$ mkdir myagent && cd myagent ~/myagent$ tar xzf ~/Downloads/vsts-agent-osx-x64-.tar.gz ``` ## macOS ARM64 ``` bash ~/$ mkdir myagent && cd myagent ~/myagent$ tar xzf ~/Downloads/vsts-agent-osx-arm64-.tar.gz ``` ## Linux x64 ``` bash ~/$ mkdir myagent && cd myagent ~/myagent$ tar xzf ~/Downloads/vsts-agent-linux-x64-.tar.gz ``` ## Linux ARM ``` bash ~/$ mkdir myagent && cd myagent ~/myagent$ tar xzf ~/Downloads/vsts-agent-linux-arm-.tar.gz ``` ## Linux ARM64 ``` bash ~/$ mkdir myagent && cd myagent ~/myagent$ tar xzf ~/Downloads/vsts-agent-linux-arm64-.tar.gz ``` ## Alpine x64 ***Note:*** Node 6 does not exist for Alpine. ``` bash ~/$ mkdir myagent && cd myagent ~/myagent$ tar xzf ~/Downloads/vsts-agent-linux-musl-x64-.tar.gz ``` ## Alpine ARM64 ***Note:*** Node 6 does not exist for Alpine. ``` bash ~/$ mkdir myagent && cd myagent ~/myagent$ tar xzf ~/Downloads/vsts-agent-linux-musl-ARM64-.tar.gz ``` ## Alternate Agent Downloads Alternate packages below do not include Node 6 & 10 and are only suitable for users who do not use Node 6 & 10 dependent tasks. See [notes](docs/node6.md) on Node version support for more details. | | Package | SHA-256 | | ----------- | ------- | ------- | | Windows x64 | [pipelines-agent-win-x64-.zip](https://download.agent.dev.azure.com/agent//pipelines-agent-win-x64-.zip) | | | Windows x86 | [pipelines-agent-win-x86-.zip](https://download.agent.dev.azure.com/agent//pipelines-agent-win-x86-.zip) | | | macOS x64 | [pipelines-agent-osx-x64-.tar.gz](https://download.agent.dev.azure.com/agent//pipelines-agent-osx-x64-.tar.gz) | | | macOS ARM64 | [pipelines-agent-osx-arm64-.tar.gz](https://download.agent.dev.azure.com/agent//pipelines-agent-osx-arm64-.tar.gz) | | | Linux x64 | [pipelines-agent-linux-x64-.tar.gz](https://download.agent.dev.azure.com/agent//pipelines-agent-linux-x64-.tar.gz) | | | Linux ARM | [pipelines-agent-linux-arm-.tar.gz](https://download.agent.dev.azure.com/agent//pipelines-agent-linux-arm-.tar.gz) | | | Linux ARM64 | [pipelines-agent-linux-arm64-.tar.gz](https://download.agent.dev.azure.com/agent//pipelines-agent-linux-arm64-.tar.gz) | | ================================================ FILE: send-notifications.ps1 ================================================ param( [Parameter(Mandatory = $true)] [bool]$IsPRCreated, [Parameter(Mandatory = $true)] [string]$RepoName ) # Function sends Office 365 connector card to webhook. # It requires title and message text displyed in card and theme color used to hignlight card. function Send-Notification { param ( [Parameter(Mandatory = $true)] [string]$titleText, [Parameter(Mandatory = $true)] [string]$messageText, [Parameter(Mandatory = $true)] [string]$themeColor ) $body = [PSCustomObject]@{ title = $titleText text = $messageText themeColor = $themeColor } | ConvertTo-Json Invoke-RestMethod -Uri $($env:TEAMS_WEBHOOK) -Method Post -Body $body -ContentType 'application/json' } $wikiLink = "[Wiki](https://mseng.visualstudio.com/AzureDevOps/_wiki/wikis/AzureDevOps.wiki/16150/Localization-update)" if ($IsPRCreated) { $pullRequestLink = "[PR $($env:PR_NUMBER)]($($env:PR_LINK))" $titleText = "Azure Pipelines $RepoName Localization update PR created - ID $($env:PR_NUMBER)" $messageText = "Created $RepoName Localization update PR. Please review and approve/merge $pullRequestLink. Related article in $wikiLink." $themeColor = "#FFFF00" } else { $buildUrl = "$env:SYSTEM_TEAMFOUNDATIONCOLLECTIONURI$env:SYSTEM_TEAMPROJECT/_build/results?buildId=$($env:BUILD_BUILDID)&_a=summary" $buildLink = "[ID $($env:BUILD_BUILDID)]($($buildUrl))" $titleText = "Azure Pipelines $RepoName Localization build failed - ID $($env:BUILD_BUILDID)" $messageText = "Failed to create $RepoName Localization update PR. Please review the results of failed build $buildLink. Related article in $wikiLink." $themeColor = "#FF0000" } Send-Notification -titleText $titleText -messageText $messageText -themeColor $themeColor ================================================ FILE: src/.helpers.sh ================================================ function failed() { local error=${1:-Undefined error} echo "Failed: $error" >&2 popd exit 1 } function warn() { local error=${1:-Undefined error} echo "WARNING - FAILED: $error" >&2 } function checkRC() { local rc=$? if [ $rc -ne 0 ]; then failed "${1} Failed with return code $rc" fi } function heading() { echo echo echo "-----------------------------------------" echo " ${1}" echo "-----------------------------------------" } ================================================ FILE: src/Agent.Listener/Agent.Listener.csproj ================================================  Exe true PreserveNewest PreserveNewest ================================================ FILE: src/Agent.Listener/Agent.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Util; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.Agent.Listener.Diagnostics; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using System.IO; using System.Reflection; using System.Runtime.CompilerServices; using Microsoft.TeamFoundation.TestClient.PublishTestResults.Telemetry; using Microsoft.VisualStudio.Services.Agent.Listener.Telemetry; using System.Collections.Generic; using Newtonsoft.Json; using Agent.Sdk.Knob; using Agent.Listener.Configuration; namespace Microsoft.VisualStudio.Services.Agent.Listener { [ServiceLocator(Default = typeof(Agent))] public interface IAgent : IAgentService { Task ExecuteCommand(CommandSettings command); } public sealed class Agent : AgentService, IAgent, IDisposable { private IMessageListener _listener; private ITerminal _term; private bool _inConfigStage; private ManualResetEvent _completedCommand = new ManualResetEvent(false); public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _term = HostContext.GetService(); } public async Task ExecuteCommand(CommandSettings command) { using (Trace.EnteringWithDuration()) { ArgUtil.NotNull(command, nameof(command)); try { Trace.Verbose("Initializing core services..."); var agentWebProxy = HostContext.GetService(); var agentCertManager = HostContext.GetService(); VssUtil.InitializeVssClientSettings(HostContext.UserAgent, agentWebProxy.WebProxy, agentCertManager.VssClientCertificateManager, agentCertManager.SkipServerCertificateValidation); _inConfigStage = true; _completedCommand.Reset(); _term.CancelKeyPress += CtrlCHandler; //register a SIGTERM handler HostContext.Unloading += Agent_Unloading; // TODO Unit test to cover this logic var configManager = HostContext.GetService(); // command is not required, if no command it just starts if configured // TODO: Invalid config prints usage if (command.IsHelp()) { PrintUsage(command); return Constants.Agent.ReturnCode.Success; } if (command.IsVersion()) { _term.WriteLine(BuildConstants.AgentPackage.Version); return Constants.Agent.ReturnCode.Success; } if (command.IsCommit()) { _term.WriteLine(BuildConstants.Source.CommitHash); return Constants.Agent.ReturnCode.Success; } if (command.IsDiagnostics()) { PrintBanner(); _term.WriteLine("Running Diagnostics Only..."); _term.WriteLine(string.Empty); DiagnosticTests diagnostics = new DiagnosticTests(_term); diagnostics.Execute(); return Constants.Agent.ReturnCode.Success; } // Configure agent prompt for args if not supplied // Unattend configure mode will not prompt for args if not supplied and error on any missing or invalid value. if (command.IsConfigureCommand()) { PrintBanner(); try { await configManager.ConfigureAsync(command); return Constants.Agent.ReturnCode.Success; } catch (Exception ex) { Trace.Error(ex); _term.WriteError(ex.Message); return Constants.Agent.ReturnCode.TerminatedError; } } // remove config files, remove service, and exit if (command.IsRemoveCommand()) { try { await configManager.UnconfigureAsync(command); return Constants.Agent.ReturnCode.Success; } catch (Exception ex) { Trace.Error(ex); _term.WriteError(ex.Message); return Constants.Agent.ReturnCode.TerminatedError; } } if (command.IsReAuthCommand()) { try { await configManager.ReAuthAsync(command); return Constants.Agent.ReturnCode.Success; } catch (Exception ex) { Trace.Error(ex); _term.WriteError(ex.Message); return Constants.Agent.ReturnCode.TerminatedError; } } _inConfigStage = false; // warmup agent process (JIT/CLR) // In scenarios where the agent is single use (used and then thrown away), the system provisioning the agent can call `agent.listener --warmup` before the machine is made available to the pool for use. // this will optimizes the agent process startup time. if (command.IsWarmupCommand()) { Trace.Info("Starting agent warmup process - pre-loading assemblies for optimal performance"); var binDir = HostContext.GetDirectory(WellKnownDirectory.Bin); foreach (var assemblyFile in Directory.EnumerateFiles(binDir, "*.dll")) { try { Trace.Info($"Load assembly: {assemblyFile}."); var assembly = Assembly.LoadFrom(assemblyFile); var types = assembly.GetTypes(); foreach (Type loadedType in types) { try { Trace.Info($"Load methods: {loadedType.FullName}."); var methods = loadedType.GetMethods(BindingFlags.DeclaredOnly | BindingFlags.NonPublic | BindingFlags.Public | BindingFlags.Instance | BindingFlags.Static); foreach (var method in methods) { if (!method.IsAbstract && !method.ContainsGenericParameters) { Trace.Verbose($"Prepare method: {method.Name}."); RuntimeHelpers.PrepareMethod(method.MethodHandle); } } } catch (Exception ex) { Trace.Error(ex); } } } catch (Exception ex) { Trace.Error(ex); } } Trace.Info("Agent warmup completed successfully - assemblies pre-loaded"); return Constants.Agent.ReturnCode.Success; } Trace.Info("Loading agent configuration from settings store"); AgentSettings settings = configManager.LoadSettings(); var store = HostContext.GetService(); bool configuredAsService = store.IsServiceConfigured(); // Run agent //if (command.Run) // this line is current break machine provisioner. //{ // Error if agent not configured. if (!configManager.IsConfigured()) { Trace.Error("Agent configuration not found - agent needs to be configured before running"); _term.WriteError(StringUtil.Loc("AgentIsNotConfigured")); PrintUsage(command); return Constants.Agent.ReturnCode.TerminatedError; } Trace.Verbose($"Agent configuration loaded successfully, Configured as service: '{configuredAsService}'"); //Get the startup type of the agent i.e., autostartup, service, manual StartupType startType; var startupTypeAsString = command.GetStartupType(); if (string.IsNullOrEmpty(startupTypeAsString) && configuredAsService) { // We need try our best to make the startup type accurate // The problem is coming from agent autoupgrade, which result an old version service host binary but a newer version agent binary // At that time the servicehost won't pass --startuptype to agent.listener while the agent is actually running as service. // We will guess the startup type only when the agent is configured as service and the guess will based on whether STDOUT/STDERR/STDIN been redirect or not Trace.Info($"Try determine agent startup type base on console redirects."); startType = (Console.IsErrorRedirected && Console.IsInputRedirected && Console.IsOutputRedirected) ? StartupType.Service : StartupType.Manual; } else { if (!Enum.TryParse(startupTypeAsString, true, out startType)) { Trace.Info($"Could not parse the argument value '{startupTypeAsString}' for StartupType. Defaulting to {StartupType.Manual}"); startType = StartupType.Manual; } } Trace.Info($"Set agent startup type - {startType}"); HostContext.StartupType = startType; bool debugModeEnabled = command.GetDebugMode(); if (debugModeEnabled) { Trace.Warning("Agent is running in debug mode, don't use it in production"); settings.DebugMode = true; store.SaveSettings(settings); } else if (settings.DebugMode && !debugModeEnabled) { settings.DebugMode = false; store.SaveSettings(settings); } if (PlatformUtil.RunningOnWindows) { if (store.IsAutoLogonConfigured()) { if (HostContext.StartupType != StartupType.Service) { Trace.Info($"Autologon is configured on the machine, dumping all the autologon related registry settings"); var autoLogonRegManager = HostContext.GetService(); autoLogonRegManager.DumpAutoLogonRegistrySettings(); } else { Trace.Info($"Autologon is configured on the machine but current Agent.Listener.exe is launched from the windows service"); } } } //Publish inital telemetry data var telemetryPublisher = HostContext.GetService(); try { var systemVersion = PlatformUtil.GetSystemVersion(); Dictionary telemetryData = new Dictionary { { "OS", PlatformUtil.GetSystemId() ?? "" }, { "OSVersion", systemVersion?.Name?.ToString() ?? "" }, { "OSBuild", systemVersion?.Version?.ToString() ?? "" }, { "configuredAsService", $"{configuredAsService}"}, { "startupType", startupTypeAsString } }; var cmd = new Command("telemetry", "publish"); cmd.Data = JsonConvert.SerializeObject(telemetryData); cmd.Properties.Add("area", "PipelinesTasks"); cmd.Properties.Add("feature", "AgentListener"); await telemetryPublisher.PublishEvent(HostContext, cmd); } catch (Exception ex) { Trace.Warning($"Unable to publish telemetry data. {ex}"); } // Run the agent interactively or as service return await RunAsync(settings, command.GetRunOnce()); } finally { _term.CancelKeyPress -= CtrlCHandler; HostContext.Unloading -= Agent_Unloading; _completedCommand.Set(); } } } public void Dispose() { _term?.Dispose(); _completedCommand.Dispose(); } private void Agent_Unloading(object sender, EventArgs e) { if ((!_inConfigStage) && (!HostContext.AgentShutdownToken.IsCancellationRequested)) { HostContext.ShutdownAgent(ShutdownReason.UserCancelled); _completedCommand.WaitOne(Constants.Agent.ExitOnUnloadTimeout); } } private void CtrlCHandler(object sender, EventArgs e) { _term.WriteLine(StringUtil.Loc("Exiting")); if (_inConfigStage) { HostContext.Dispose(); Environment.Exit(Constants.Agent.ReturnCode.TerminatedError); } else { ConsoleCancelEventArgs cancelEvent = e as ConsoleCancelEventArgs; if (cancelEvent != null && HostContext.GetService().IsServiceConfigured()) { ShutdownReason reason; if (cancelEvent.SpecialKey == ConsoleSpecialKey.ControlBreak) { Trace.Info("Received Ctrl-Break signal from agent service host, this indicate the operating system is shutting down."); reason = ShutdownReason.OperatingSystemShutdown; } else { Trace.Info("Received Ctrl-C signal, stop agent.listener and agent.worker."); reason = ShutdownReason.UserCancelled; } HostContext.ShutdownAgent(reason); } else { HostContext.ShutdownAgent(ShutdownReason.UserCancelled); } } } private async Task InitializeRuntimeFeatures() { try { Trace.Info("Initializing runtime features from feature flags"); var featureFlagProvider = HostContext.GetService(); var traceManager = HostContext.GetService(); // Check enhanced logging feature flag var enhancedLoggingFlag = await featureFlagProvider.GetFeatureFlagAsync(HostContext, "DistributedTask.Agent.UseEnhancedLogging", Trace); bool enhancedLoggingEnabled = string.Equals(enhancedLoggingFlag?.EffectiveState, "On", StringComparison.OrdinalIgnoreCase); // Check enhanced worker crash handling feature flag var enhancedWorkerCrashHandlingFlag = await featureFlagProvider.GetFeatureFlagAsync(HostContext, "DistributedTask.Agent.EnhancedWorkerCrashHandling", Trace); bool enhancedWorkerCrashHandlingEnabled = string.Equals(enhancedWorkerCrashHandlingFlag?.EffectiveState, "On", StringComparison.OrdinalIgnoreCase); Trace.Info($"Enhanced logging feature flag is {(enhancedLoggingEnabled ? "enabled" : "disabled")}"); // Set the result on TraceManager - this automatically switches all trace sources traceManager.SetEnhancedLoggingEnabled(enhancedLoggingEnabled); // Ensure child processes (worker/plugin) pick up enhanced logging via knob Environment.SetEnvironmentVariable("AZP_USE_ENHANCED_LOGGING", enhancedLoggingEnabled ? "true" : null); // Check progressive backoff feature flag var progressiveBackoffFlag = await featureFlagProvider.GetFeatureFlagAsync(HostContext, "DistributedTask.Agent.EnableProgressiveRetryBackoff", Trace); bool progressiveBackoffEnabled = string.Equals(progressiveBackoffFlag?.EffectiveState, "On", StringComparison.OrdinalIgnoreCase); Trace.Info($"Progressive backoff feature flag is {(progressiveBackoffEnabled ? "enabled" : "disabled")}"); // Ensure listener process picks up progressive backoff via knob Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", progressiveBackoffEnabled ? "true" : null); Trace.Info($"Enhanced worker crash handling feature flag is {(enhancedWorkerCrashHandlingEnabled ? "enabled" : "disabled")}"); // Ensure child processes (worker/plugin) pick up enhanced crash handling via knob Environment.SetEnvironmentVariable("AZP_ENHANCED_WORKER_CRASH_HANDLING", enhancedWorkerCrashHandlingEnabled ? "true" : null); Trace.Info("Runtime features initialization completed successfully"); } catch (Exception ex) { // Don't fail the agent if feature flag check fails Trace.Warning($"Runtime features initialization failed, using defaults: {ex}"); } } //create worker manager, create message listener and start listening to the queue private async Task RunAsync(AgentSettings settings, bool runOnce = false) { using (Trace.EnteringWithDuration()) { try { Trace.Info(StringUtil.Format("Entering main agent execution loop({0})", nameof(RunAsync))); var featureFlagProvider = HostContext.GetService(); var checkPsModulesFeatureFlag = await featureFlagProvider.GetFeatureFlagAsync(HostContext, "DistributedTask.Agent.CheckPsModulesLocations", Trace); if (PlatformUtil.RunningOnWindows && checkPsModulesFeatureFlag?.EffectiveState == "On") { string psModulePath = Environment.GetEnvironmentVariable("PSModulePath"); bool containsPwshLocations = PsModulePathUtil.ContainsPowershellCoreLocations(psModulePath); if (containsPwshLocations) { _term.WriteLine(StringUtil.Loc("PSModulePathLocations")); } } Trace.Info("Initializing message listener - establishing connection to Azure DevOps"); _listener = HostContext.GetService(); if (!await _listener.CreateSessionAsync(HostContext.AgentShutdownToken)) { Trace.Error("Failed to create session with Azure DevOps"); return Constants.Agent.ReturnCode.TerminatedError; } HostContext.WritePerfCounter("SessionCreated"); Trace.Info("Session created successfully - agent is now listening for jobs"); // Check feature flags for enhanced logging and other runtime features await InitializeRuntimeFeatures(); _term.WriteLine(StringUtil.Loc("ListenForJobs", DateTime.UtcNow)); IJobDispatcher jobDispatcher = null; CancellationTokenSource messageQueueLoopTokenSource = CancellationTokenSource.CreateLinkedTokenSource(HostContext.AgentShutdownToken); CancellationTokenSource keepAliveToken = CancellationTokenSource.CreateLinkedTokenSource(HostContext.AgentShutdownToken); try { Trace.Info("Initializing job notification service for real-time updates"); var notification = HostContext.GetService(); if (!String.IsNullOrEmpty(settings.NotificationSocketAddress)) { notification.StartClient(settings.NotificationSocketAddress, settings.MonitorSocketAddress); } else { notification.StartClient(settings.NotificationPipeName, settings.MonitorSocketAddress, HostContext.AgentShutdownToken); } // this is not a reliable way to disable auto update. // we need server side work to really enable the feature // https://github.com/Microsoft/vsts-agent/issues/446 (Feature: Allow agent / pool to opt out of automatic updates) bool disableAutoUpdate = !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("agent.disableupdate")); bool autoUpdateInProgress = false; Task selfUpdateTask = null; bool runOnceJobReceived = false; jobDispatcher = HostContext.CreateService(); TaskAgentMessage previuosMessage = null; _ = _listener.KeepAlive(keepAliveToken.Token); Trace.Info("Starting message processing loop - agent ready to receive jobs"); while (!HostContext.AgentShutdownToken.IsCancellationRequested) { TaskAgentMessage message = null; bool skipMessageDeletion = false; try { Trace.Info("Next message wait initiated - Agent ready to receive next message from server"); Task getNextMessage = _listener.GetNextMessageAsync(messageQueueLoopTokenSource.Token); if (autoUpdateInProgress) { Trace.Verbose("Auto update task running at backend, waiting for getNextMessage or selfUpdateTask to finish."); Task completeTask = await Task.WhenAny(getNextMessage, selfUpdateTask); if (completeTask == selfUpdateTask) { autoUpdateInProgress = false; bool agentUpdated = false; try { agentUpdated = await selfUpdateTask; } catch (Exception ex) { Trace.Info($"Ignore agent update exception. {ex}"); } if (agentUpdated) { Trace.Info("Auto update task finished at backend, an agent update is ready to apply exit the current agent instance."); Trace.Info("Stop message queue looping."); messageQueueLoopTokenSource.Cancel(); try { await getNextMessage; } catch (Exception ex) { Trace.Info($"Ignore any exception after cancel message loop. {ex}"); } if (runOnce) { return Constants.Agent.ReturnCode.RunOnceAgentUpdating; } else { return Constants.Agent.ReturnCode.AgentUpdating; } } else { Trace.Info("Auto update task finished at backend, there is no available agent update needs to apply, continue message queue looping."); } message = previuosMessage;// if agent wasn't updated it's needed to process the previous message previuosMessage = null; } } if (runOnceJobReceived) { Trace.Verbose("One time used agent has start running its job, waiting for getNextMessage or the job to finish."); Task completeTask = await Task.WhenAny(getNextMessage, jobDispatcher.RunOnceJobCompleted.Task); if (completeTask == jobDispatcher.RunOnceJobCompleted.Task) { Trace.Info("Job has finished at backend, the agent will exit since it is running under onetime use mode."); Trace.Info("Stop message queue looping."); messageQueueLoopTokenSource.Cancel(); try { await getNextMessage; } catch (Exception ex) { Trace.Info($"Ignore any exception after cancel message loop. {ex}"); } return Constants.Agent.ReturnCode.Success; } } message ??= await getNextMessage; //get next message Trace.Info($"Next message wait completed - Received message from server: {message.MessageType}"); HostContext.WritePerfCounter($"MessageReceived_{message.MessageType}"); if (string.Equals(message.MessageType, AgentRefreshMessage.MessageType, StringComparison.OrdinalIgnoreCase)) { if (disableAutoUpdate) { Trace.Info("Auto-update handling - Refresh message received but skipping autoupdate since agent.disableupdate is set"); } else { if (autoUpdateInProgress == false) { autoUpdateInProgress = true; var agentUpdateMessage = JsonUtility.FromString(message.Body); var selfUpdater = HostContext.GetService(); selfUpdateTask = selfUpdater.SelfUpdate(agentUpdateMessage, jobDispatcher, !runOnce && HostContext.StartupType != StartupType.Service, HostContext.AgentShutdownToken); Trace.Info(StringUtil.Format("Agent update handling - Self-update task initiated, target version: {0}", agentUpdateMessage.TargetVersion)); } else { Trace.Info("Agent update message received, skip autoupdate since a previous autoupdate is already running."); } } } else if (string.Equals(message.MessageType, JobRequestMessageTypes.AgentJobRequest, StringComparison.OrdinalIgnoreCase) || string.Equals(message.MessageType, JobRequestMessageTypes.PipelineAgentJobRequest, StringComparison.OrdinalIgnoreCase)) { if (autoUpdateInProgress) { previuosMessage = message; } if (autoUpdateInProgress || runOnceJobReceived) { skipMessageDeletion = true; Trace.Info($"Skip message deletion for job request message '{message.MessageId}'."); } else { Pipelines.AgentJobRequestMessage pipelineJobMessage = null; switch (message.MessageType) { case JobRequestMessageTypes.AgentJobRequest: Trace.Verbose("Converting legacy job message format to pipeline format"); var legacyJobMessage = JsonUtility.FromString(message.Body); pipelineJobMessage = Pipelines.AgentJobRequestMessageUtil.Convert(legacyJobMessage); break; case JobRequestMessageTypes.PipelineAgentJobRequest: Trace.Verbose("Processing pipeline job message for execution"); pipelineJobMessage = JsonUtility.FromString(message.Body); break; } Trace.Info("Dispatching job to worker process for execution"); jobDispatcher.Run(pipelineJobMessage, runOnce); if (runOnce) { Trace.Info("One time used agent received job message."); runOnceJobReceived = true; } } } else if (string.Equals(message.MessageType, JobCancelMessage.MessageType, StringComparison.OrdinalIgnoreCase)) { Trace.Verbose("Processing job cancellation request from Azure DevOps"); var cancelJobMessage = JsonUtility.FromString(message.Body); bool jobCancelled = jobDispatcher.Cancel(cancelJobMessage); skipMessageDeletion = (autoUpdateInProgress || runOnceJobReceived) && !jobCancelled; if (skipMessageDeletion) { Trace.Info($"Skip message deletion for cancellation message '{message.MessageId}'."); } } else if (string.Equals(message.MessageType, JobMetadataMessage.MessageType, StringComparison.OrdinalIgnoreCase)) { Trace.Info("Processing job metadata update from Azure DevOps"); var metadataMessage = JsonUtility.FromString(message.Body); jobDispatcher.MetadataUpdate(metadataMessage); } else { Trace.Error($"Received message {message.MessageId} with unsupported message type {message.MessageType}."); } } catch (AggregateException e) { Trace.Error($"Exception occurred while processing message from queue: {e.Message}"); ExceptionsUtil.HandleAggregateException((AggregateException)e, (message) => Trace.Error(message)); } finally { if (!skipMessageDeletion && message != null) { Trace.Info($"Message deletion from queue initiated - Deleting processed message: {message.MessageId}"); try { await _listener.DeleteMessageAsync(message); Trace.Info($"Message deletion completed - Message {message.MessageId} successfully removed from queue"); } catch (Exception ex) { Trace.Error($"Catch exception during delete message from message queue. message id: {message.MessageId}"); Trace.Error(ex); } finally { Trace.Info("Message cleanup completed - Message reference cleared, ready for next message"); message = null; } } else { Trace.Info("Message deletion skipped - Either skip flag set or no message to delete"); } } } } finally { Trace.Info("Beginning agent shutdown sequence - cleaning up resources"); keepAliveToken.Dispose(); if (jobDispatcher != null) { Trace.Info("Shutting down job dispatcher - terminating active jobs"); await jobDispatcher.ShutdownAsync(); } Trace.Info("Cleaning up agent listener session - disconnecting from Azure DevOps"); //TODO: make sure we don't mask more important exception await _listener.DeleteSessionAsync(); messageQueueLoopTokenSource.Dispose(); } } catch (TaskAgentAccessTokenExpiredException) { Trace.Info("Agent OAuth token has been revoked - shutting down gracefully"); } Trace.Info("Agent run completed successfully - exiting with success code"); return Constants.Agent.ReturnCode.Success; } } private void PrintUsage(CommandSettings command) { string ext = "sh"; if (PlatformUtil.RunningOnWindows) { ext = "cmd"; } string commonHelp = StringUtil.Loc("CommandLineHelp_Common"); string envHelp = StringUtil.Loc("CommandLineHelp_Env"); if (command.IsConfigureCommand()) { _term.WriteLine(StringUtil.Loc("CommandLineHelp_Configure", Path.DirectorySeparatorChar, ext, commonHelp, envHelp)); } else if (command.IsRemoveCommand()) { _term.WriteLine(StringUtil.Loc("CommandLineHelp_Remove", Path.DirectorySeparatorChar, ext, commonHelp, envHelp)); } else { _term.WriteLine(StringUtil.Loc("CommandLineHelp", Path.DirectorySeparatorChar, ext)); } } private void PrintBanner() { _term.WriteLine(_banner); } private static string _banner = string.Format(@" ___ ______ _ _ _ / _ \ | ___ (_) | (_) / /_\ \_____ _ _ __ ___ | |_/ /_ _ __ ___| |_ _ __ ___ ___ | _ |_ / | | | '__/ _ \ | __/| | '_ \ / _ \ | | '_ \ / _ \/ __| | | | |/ /| |_| | | | __/ | | | | |_) | __/ | | | | | __/\__ \ \_| |_/___|\__,_|_| \___| \_| |_| .__/ \___|_|_|_| |_|\___||___/ | | agent v{0,-10} |_| (commit {1}) ", BuildConstants.AgentPackage.Version, BuildConstants.Source.CommitHash.Substring(0, 7)); } } ================================================ FILE: src/Agent.Listener/CommandLine/BaseCommand.cs ================================================ using CommandLine; using Microsoft.VisualStudio.Services.Agent; namespace Agent.Listener.CommandLine { public class BaseCommand { [Option(Constants.Agent.CommandLine.Flags.Help)] public bool Help { get; set; } [Option(Constants.Agent.CommandLine.Flags.Version)] public bool Version { get; set; } } } ================================================ FILE: src/Agent.Listener/CommandLine/ConfigureAgent.cs ================================================ using CommandLine; using Microsoft.VisualStudio.Services.Agent; namespace Agent.Listener.CommandLine { [Verb(Constants.Agent.CommandLine.Commands.Configure)] public class ConfigureAgent : ConfigureOrRemoveBase { [Option(Constants.Agent.CommandLine.Flags.AcceptTeeEula)] public bool AcceptTeeEula { get; set; } [Option(Constants.Agent.CommandLine.Flags.AddDeploymentGroupTags)] public bool AddDeploymentGroupTags { get; set; } [Option(Constants.Agent.CommandLine.Flags.AddEnvironmentVirtualMachineResourceTags)] public bool AddEnvironmentVirtualMachineResourceTags { get; set; } [Option(Constants.Agent.CommandLine.Flags.AddMachineGroupTags)] public bool AddMachineGroupTags { get; set; } [Option(Constants.Agent.CommandLine.Flags.AlwaysExtractTask)] public bool AlwaysExtractTask { get; set; } [Option(Constants.Agent.CommandLine.Args.Agent)] public string Agent { get; set; } [Option(Constants.Agent.CommandLine.Args.CollectionName)] public string CollectionName { get; set; } [Option(Constants.Agent.CommandLine.Flags.DeploymentGroup)] public bool DeploymentGroup { get; set; } [Option(Constants.Agent.CommandLine.Args.DeploymentGroupName)] public string DeploymentGroupName { get; set; } [Option(Constants.Agent.CommandLine.Args.DeploymentGroupTags)] public string DeploymentGroupTags { get; set; } [Option(Constants.Agent.CommandLine.Flags.DeploymentPool)] public bool DeploymentPool { get; set; } [Option(Constants.Agent.CommandLine.Args.DeploymentPoolName)] public string DeploymentPoolName { get; set; } [Option(Constants.Agent.CommandLine.Flags.EnableServiceSidTypeUnrestricted)] public bool EnableServiceSidTypeUnrestricted { get; set; } [Option(Constants.Agent.CommandLine.Flags.Environment)] public bool EnvironmentVMResource { get; set; } [Option(Constants.Agent.CommandLine.Args.EnvironmentName)] public string EnvironmentName { get; set; } [Option(Constants.Agent.CommandLine.Args.EnvironmentVMResourceTags)] public string EnvironmentVMResourceTags { get; set; } [Option(Constants.Agent.CommandLine.Flags.GitUseSChannel)] public bool GitUseSChannel { get; set; } [Option(Constants.Agent.CommandLine.Flags.DisableLogUploads)] public bool DisableLogUploads { get; set; } [Option(Constants.Agent.CommandLine.Flags.ReStreamLogsToFiles)] public bool ReStreamLogsToFiles { get; set; } [Option(Constants.Agent.CommandLine.Flags.MachineGroup)] public bool MachineGroup { get; set; } [Option(Constants.Agent.CommandLine.Args.MachineGroupName)] public string MachineGroupName { get; set; } [Option(Constants.Agent.CommandLine.Args.MachineGroupTags)] public string MachineGroupTags { get; set; } [Option(Constants.Agent.CommandLine.Args.MonitorSocketAddress)] public string MonitorSocketAddress { get; set; } [Option(Constants.Agent.CommandLine.Args.NotificationPipeName)] public string NotificationPipeName { get; set; } [Option(Constants.Agent.CommandLine.Args.NotificationSocketAddress)] public string NotificationSocketAddress { get; set; } [Option(Constants.Agent.CommandLine.Flags.NoRestart)] public bool NoRestart { get; set; } [Option(Constants.Agent.CommandLine.Flags.OverwriteAutoLogon)] public bool OverwriteAutoLogon { get; set; } [Option(Constants.Agent.CommandLine.Args.Pool)] public string Pool { get; set; } [Option(Constants.Agent.CommandLine.Args.ProjectName)] public string ProjectName { get; set; } [Option(Constants.Agent.CommandLine.Args.ProxyPassword)] public string ProxyPassword { get; set; } [Option(Constants.Agent.CommandLine.Args.ProxyUserName)] public string ProxyUserName { get; set; } [Option(Constants.Agent.CommandLine.Args.ProxyUrl)] public string ProxyUrl { get; set; } [Option(Constants.Agent.CommandLine.Flags.UseBasicAuthForProxy)] public bool UseBasicAuthForProxy { get; set; } [Option(Constants.Agent.CommandLine.Flags.Replace)] public bool Replace { get; set; } [Option(Constants.Agent.CommandLine.Flags.RunAsAutoLogon)] public bool RunAsAutoLogon { get; set; } [Option(Constants.Agent.CommandLine.Flags.RunAsService)] public bool RunAsService { get; set; } [Option(Constants.Agent.CommandLine.Flags.Once)] public bool RunOnce { get; set; } [Option(Constants.Agent.CommandLine.Flags.PreventServiceStart)] public bool PreventServiceStart { get; set; } [Option(Constants.Agent.CommandLine.Args.SslCACert)] public string SslCACert { get; set; } [Option(Constants.Agent.CommandLine.Args.SslClientCert)] public string SslClientCert { get; set; } [Option(Constants.Agent.CommandLine.Args.SslClientCertArchive)] public string SslClientCertArchive { get; set; } [Option(Constants.Agent.CommandLine.Args.SslClientCertKey)] public string SslClientCertKey { get; set; } [Option(Constants.Agent.CommandLine.Args.SslClientCertPassword)] public string SslClientCertPassword { get; set; } [Option(Constants.Agent.CommandLine.Flags.SslSkipCertValidation)] public bool SslSkipCertValidation { get; set; } [Option(Constants.Agent.CommandLine.Args.Url)] public string Url { get; set; } [Option(Constants.Agent.CommandLine.Args.WindowsLogonAccount)] public string WindowsLogonAccount { get; set; } [Option(Constants.Agent.CommandLine.Args.WindowsLogonPassword)] public string WindowsLogonPassword { get; set; } [Option(Constants.Agent.CommandLine.Args.Work)] public string Work { get; set; } } } ================================================ FILE: src/Agent.Listener/CommandLine/ConfigureOrRemoveBase.cs ================================================ using CommandLine; using Microsoft.VisualStudio.Services.Agent; namespace Agent.Listener.CommandLine { public class ConfigureOrRemoveBase : BaseCommand { [Option(Constants.Agent.CommandLine.Args.Auth)] public string Auth { get; set; } [Option(Constants.Agent.CommandLine.Flags.LaunchBrowser)] public bool LaunchBrowser { get; set; } [Option(Constants.Agent.CommandLine.Args.Password)] public string Password { get; set; } [Option(Constants.Agent.CommandLine.Args.Token)] public string Token { get; set; } [Option(Constants.Agent.CommandLine.Flags.Unattended)] public bool Unattended { get; set; } [Option(Constants.Agent.CommandLine.Args.UserName)] public string UserName { get; set; } [Option(Constants.Agent.CommandLine.Args.ClientId)] public string ClientId { get; set; } [Option(Constants.Agent.CommandLine.Args.TenantId)] public string TenantId { get; set; } [Option(Constants.Agent.CommandLine.Args.ClientSecret)] public string ClientSecret { get; set; } } } ================================================ FILE: src/Agent.Listener/CommandLine/ReAuthAgent.cs ================================================ using CommandLine; using Microsoft.VisualStudio.Services.Agent; namespace Agent.Listener.CommandLine { [Verb(Constants.Agent.CommandLine.Commands.ReAuth)] public class ReAuthAgent : ConfigureOrRemoveBase { } } ================================================ FILE: src/Agent.Listener/CommandLine/RemoveAgent.cs ================================================ using CommandLine; using Microsoft.VisualStudio.Services.Agent; namespace Agent.Listener.CommandLine { [Verb(Constants.Agent.CommandLine.Commands.Remove)] public class RemoveAgent : ConfigureOrRemoveBase { } } ================================================ FILE: src/Agent.Listener/CommandLine/RunAgent.cs ================================================ using CommandLine; using Microsoft.VisualStudio.Services.Agent; namespace Agent.Listener.CommandLine { // Default Non-Requried Verb [Verb(Constants.Agent.CommandLine.Commands.Run)] public class RunAgent : BaseCommand { [Option(Constants.Agent.CommandLine.Flags.Commit)] public bool Commit { get; set; } [Option(Constants.Agent.CommandLine.Flags.Diagnostics)] public bool Diagnostics { get; set; } [Option(Constants.Agent.CommandLine.Flags.Once)] public bool RunOnce { get; set; } [Option(Constants.Agent.CommandLine.Args.StartupType)] public string StartupType { get; set; } [Option(Constants.Agent.CommandLine.Flags.DebugMode)] public bool DebugMode { get; set; } } } ================================================ FILE: src/Agent.Listener/CommandLine/WarmupAgent.cs ================================================ using CommandLine; using Microsoft.VisualStudio.Services.Agent; namespace Agent.Listener.CommandLine { [Verb(Constants.Agent.CommandLine.Commands.Warmup)] public class WarmupAgent : BaseCommand { } } ================================================ FILE: src/Agent.Listener/CommandSettings.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections; using System.Collections.Generic; using System.Linq; using Agent.Listener.CommandLine; using Agent.Sdk; using Agent.Sdk.Util; using CommandLine; using Newtonsoft.Json.Converters; using Newtonsoft.Json; using System.Runtime.Versioning; namespace Microsoft.VisualStudio.Services.Agent.Listener { public sealed class CommandSettings { private readonly Dictionary _envArgs = new Dictionary(StringComparer.OrdinalIgnoreCase); private readonly IPromptManager _promptManager; private readonly Tracing _trace; // Accepted Commands private Type[] verbTypes = new Type[] { typeof(ConfigureAgent), typeof(RunAgent), typeof(RemoveAgent), typeof(WarmupAgent), typeof(ReAuthAgent), }; private string[] verbCommands = new string[] { Constants.Agent.CommandLine.Commands.Configure, Constants.Agent.CommandLine.Commands.Remove, Constants.Agent.CommandLine.Commands.Run, Constants.Agent.CommandLine.Commands.Warmup, Constants.Agent.CommandLine.Commands.ReAuth, }; // Commands private ConfigureAgent Configure { get; set; } private RemoveAgent Remove { get; set; } private RunAgent Run { get; set; } private WarmupAgent Warmup { get; set; } private ReAuthAgent ReAuth { get; set; } public IEnumerable ParseErrors { get; set; } // Constructor. public CommandSettings(IHostContext context, string[] args, IScopedEnvironment environmentScope = null) { ArgUtil.NotNull(context, nameof(context)); _promptManager = context.GetService(); _trace = context.GetTrace(nameof(CommandSettings)); ParseArguments(args); if (environmentScope == null) { environmentScope = new SystemEnvironment(); } // Mask secret arguments if (Configure != null) { context.SecretMasker.AddValue(Configure.Password, WellKnownSecretAliases.ConfigurePassword); context.SecretMasker.AddValue(Configure.ProxyPassword, WellKnownSecretAliases.ConfigureProxyPassword); context.SecretMasker.AddValue(Configure.SslClientCert, WellKnownSecretAliases.ConfigureSslClientCert); context.SecretMasker.AddValue(Configure.Token, WellKnownSecretAliases.ConfigureToken); context.SecretMasker.AddValue(Configure.WindowsLogonPassword, WellKnownSecretAliases.ConfigureWindowsLogonPassword); context.SecretMasker.AddValue(Configure.TenantId, WellKnownSecretAliases.ConfigureTenantId); context.SecretMasker.AddValue(Configure.ClientId, WellKnownSecretAliases.ConfigureClientId); context.SecretMasker.AddValue(Configure.ClientSecret, WellKnownSecretAliases.ConfigureClientSecret); } if (Remove != null) { context.SecretMasker.AddValue(Remove.Password, WellKnownSecretAliases.RemovePassword); context.SecretMasker.AddValue(Remove.Token, WellKnownSecretAliases.RemoveToken); context.SecretMasker.AddValue(Remove.TenantId, WellKnownSecretAliases.RemoveTenantId); context.SecretMasker.AddValue(Remove.ClientId, WellKnownSecretAliases.RemoveClientId); context.SecretMasker.AddValue(Remove.ClientSecret, WellKnownSecretAliases.RemoveClientSecret); } if (ReAuth != null) { context.SecretMasker.AddValue(ReAuth.Token, WellKnownSecretAliases.RemoveToken); } PrintArguments(); // Store and remove any args passed via environment variables. var environment = environmentScope.GetEnvironmentVariables(); string envPrefix = "VSTS_AGENT_INPUT_"; foreach (DictionaryEntry entry in environment) { // Test if starts with VSTS_AGENT_INPUT_. string fullKey = entry.Key as string ?? string.Empty; if (fullKey.StartsWith(envPrefix, StringComparison.OrdinalIgnoreCase)) { string val = (entry.Value as string ?? string.Empty).Trim(); if (!string.IsNullOrEmpty(val)) { // Extract the name. string name = fullKey.Substring(envPrefix.Length); // Mask secrets. bool secret = Constants.Agent.CommandLine.Args.Secrets.Any(x => string.Equals(x, name, StringComparison.OrdinalIgnoreCase)); if (secret) { context.SecretMasker.AddValue(val, $"CommandSettings_{fullKey}"); } // Store the value. _envArgs[name] = val; } // Remove from the environment block. _trace.Info($"Removing env var: '{fullKey}'"); environmentScope.SetEnvironmentVariable(fullKey, null); } } } // // Interactive flags. // public bool GetAcceptTeeEula() { return TestFlagOrPrompt( value: Configure?.AcceptTeeEula, name: Constants.Agent.CommandLine.Flags.AcceptTeeEula, description: StringUtil.Loc("AcceptTeeEula"), defaultValue: false); } public bool GetAlwaysExtractTask() { return TestFlag(Configure?.AlwaysExtractTask, Constants.Agent.CommandLine.Flags.AlwaysExtractTask); } public bool GetReplace() { return TestFlagOrPrompt( value: Configure?.Replace, name: Constants.Agent.CommandLine.Flags.Replace, description: StringUtil.Loc("Replace"), defaultValue: false); } public bool GetRunAsService() { return TestFlagOrPrompt( value: Configure?.RunAsService, name: Constants.Agent.CommandLine.Flags.RunAsService, description: StringUtil.Loc("RunAgentAsServiceDescription"), defaultValue: false); } public bool GetPreventServiceStart() { return TestFlagOrPrompt( value: Configure?.PreventServiceStart, name: Constants.Agent.CommandLine.Flags.PreventServiceStart, description: StringUtil.Loc("PreventServiceStartDescription"), defaultValue: false ); } public bool GetRunAsAutoLogon() { return TestFlagOrPrompt( value: Configure?.RunAsAutoLogon, name: Constants.Agent.CommandLine.Flags.RunAsAutoLogon, description: StringUtil.Loc("RunAsAutoLogonDescription"), defaultValue: false); } public bool GetOverwriteAutoLogon(string logonAccount) { return TestFlagOrPrompt( value: Configure?.OverwriteAutoLogon, name: Constants.Agent.CommandLine.Flags.OverwriteAutoLogon, description: StringUtil.Loc("OverwriteAutoLogon", logonAccount), defaultValue: false); } public bool GetNoRestart() { return TestFlagOrPrompt( value: Configure?.NoRestart, name: Constants.Agent.CommandLine.Flags.NoRestart, description: StringUtil.Loc("NoRestart"), defaultValue: false); } public bool GetDeploymentGroupTagsRequired() { return TestFlag(Configure?.AddMachineGroupTags, Constants.Agent.CommandLine.Flags.AddMachineGroupTags) || TestFlagOrPrompt( value: Configure?.AddDeploymentGroupTags, name: Constants.Agent.CommandLine.Flags.AddDeploymentGroupTags, description: StringUtil.Loc("AddDeploymentGroupTagsFlagDescription"), defaultValue: false); } public bool GetAutoLaunchBrowser() { return TestFlagOrPrompt( value: GetConfigureOrRemoveBase()?.LaunchBrowser, name: Constants.Agent.CommandLine.Flags.LaunchBrowser, description: StringUtil.Loc("LaunchBrowser"), defaultValue: true); } public string GetClientId() { return GetArgOrPrompt( argValue: GetConfigureOrRemoveBase()?.ClientId, name: Constants.Agent.CommandLine.Args.ClientId, description: StringUtil.Loc("ClientId"), defaultValue: string.Empty, validator: Validators.NonEmptyValidator); } public string GetClientSecret() { return GetArgOrPrompt( argValue: GetConfigureOrRemoveBase()?.ClientSecret, name: Constants.Agent.CommandLine.Args.ClientSecret, description: StringUtil.Loc("ClientSecret"), defaultValue: string.Empty, validator: Validators.NonEmptyValidator); } public string GetTenantId() { return GetArgOrPrompt( argValue: GetConfigureOrRemoveBase()?.TenantId, name: Constants.Agent.CommandLine.Args.TenantId, description: StringUtil.Loc("TenantId"), defaultValue: string.Empty, validator: Validators.NonEmptyValidator); } /// /// Returns EnableServiceSidTypeUnrestricted flag or prompts user to set it up /// /// Parameter value public bool GetEnableServiceSidTypeUnrestricted() { return TestFlagOrPrompt( value: Configure?.EnableServiceSidTypeUnrestricted, name: Constants.Agent.CommandLine.Flags.EnableServiceSidTypeUnrestricted, description: StringUtil.Loc("EnableServiceSidTypeUnrestricted"), defaultValue: false); } // // Args. // public string GetAgentName() { return GetArgOrPrompt( argValue: Configure?.Agent, name: Constants.Agent.CommandLine.Args.Agent, description: StringUtil.Loc("AgentName"), defaultValue: Environment.MachineName ?? "myagent", validator: Validators.NonEmptyValidator); } public string GetAuth(string defaultValue) { return GetArgOrPrompt( argValue: GetConfigureOrRemoveBase().Auth, name: Constants.Agent.CommandLine.Args.Auth, description: StringUtil.Loc("AuthenticationType"), defaultValue: defaultValue, validator: Validators.AuthSchemeValidator); } public string GetPassword() { return GetArgOrPrompt( argValue: GetConfigureOrRemoveBase()?.Password, name: Constants.Agent.CommandLine.Args.Password, description: StringUtil.Loc("Password"), defaultValue: string.Empty, validator: Validators.NonEmptyValidator); } public string GetPool() { return GetArgOrPrompt( argValue: Configure?.Pool, name: Constants.Agent.CommandLine.Args.Pool, description: StringUtil.Loc("AgentMachinePoolNameLabel"), defaultValue: "default", validator: Validators.NonEmptyValidator); } public string GetToken() { return GetArgOrPrompt( argValue: GetConfigureOrRemoveBase()?.Token, name: Constants.Agent.CommandLine.Args.Token, description: StringUtil.Loc("PersonalAccessToken"), defaultValue: string.Empty, validator: Validators.NonEmptyValidator); } public string GetUrl(bool suppressPromptIfEmpty = false) { // Note, GetArg does not consume the arg (like GetArgOrPrompt does). if (suppressPromptIfEmpty && string.IsNullOrEmpty(GetArg(Configure?.Url, Constants.Agent.CommandLine.Args.Url))) { return string.Empty; } return GetArgOrPrompt( argValue: Configure?.Url, name: Constants.Agent.CommandLine.Args.Url, description: StringUtil.Loc("ServerUrl"), defaultValue: string.Empty, validator: Validators.ServerUrlValidator); } public string GetDeploymentGroupName() { var result = GetArg(Configure?.MachineGroupName, Constants.Agent.CommandLine.Args.MachineGroupName); if (string.IsNullOrEmpty(result)) { return GetArgOrPrompt( argValue: Configure?.DeploymentGroupName, name: Constants.Agent.CommandLine.Args.DeploymentGroupName, description: StringUtil.Loc("DeploymentGroupName"), defaultValue: string.Empty, validator: Validators.NonEmptyValidator); } return result; } public string GetDeploymentPoolName() { return GetArgOrPrompt( argValue: Configure?.DeploymentPoolName, name: Constants.Agent.CommandLine.Args.DeploymentPoolName, description: StringUtil.Loc("DeploymentPoolName"), defaultValue: string.Empty, validator: Validators.NonEmptyValidator); } public string GetProjectName(string defaultValue) { return GetArgOrPrompt( argValue: Configure?.ProjectName, name: Constants.Agent.CommandLine.Args.ProjectName, description: StringUtil.Loc("ProjectName"), defaultValue: defaultValue, validator: Validators.NonEmptyValidator); } public string GetCollectionName() { return GetArgOrPrompt( argValue: Configure?.CollectionName, name: Constants.Agent.CommandLine.Args.CollectionName, description: StringUtil.Loc("CollectionName"), defaultValue: "DefaultCollection", validator: Validators.NonEmptyValidator); } public string GetDeploymentGroupTags() { var result = GetArg(Configure?.MachineGroupTags, Constants.Agent.CommandLine.Args.MachineGroupTags); if (string.IsNullOrEmpty(result)) { return GetArgOrPrompt( argValue: Configure?.DeploymentGroupTags, name: Constants.Agent.CommandLine.Args.DeploymentGroupTags, description: StringUtil.Loc("DeploymentGroupTags"), defaultValue: string.Empty, validator: Validators.NonEmptyValidator); } return result; } // Environments public string GetEnvironmentName() { var result = GetArg(Configure?.EnvironmentName, Constants.Agent.CommandLine.Args.EnvironmentName); if (string.IsNullOrEmpty(result)) { return GetArgOrPrompt( argValue: Configure?.EnvironmentName, name: Constants.Agent.CommandLine.Args.EnvironmentName, description: StringUtil.Loc("EnvironmentName"), defaultValue: string.Empty, validator: Validators.NonEmptyValidator); } return result; } public bool GetEnvironmentVirtualMachineResourceTagsRequired() { return TestFlag(Configure?.AddEnvironmentVirtualMachineResourceTags, Constants.Agent.CommandLine.Flags.AddEnvironmentVirtualMachineResourceTags) || TestFlagOrPrompt( value: Configure?.AddEnvironmentVirtualMachineResourceTags, name: Constants.Agent.CommandLine.Flags.AddEnvironmentVirtualMachineResourceTags, description: StringUtil.Loc("AddEnvironmentVMResourceTags"), defaultValue: false); } public string GetEnvironmentVirtualMachineResourceTags() { var result = GetArg(Configure?.EnvironmentVMResourceTags, Constants.Agent.CommandLine.Args.EnvironmentVMResourceTags); if (string.IsNullOrEmpty(result)) { return GetArgOrPrompt( argValue: Configure?.EnvironmentVMResourceTags, name: Constants.Agent.CommandLine.Args.EnvironmentVMResourceTags, description: StringUtil.Loc("EnvironmentVMResourceTags"), defaultValue: string.Empty, validator: Validators.NonEmptyValidator); } return result; } public string GetUserName() { return GetArgOrPrompt( argValue: GetConfigureOrRemoveBase()?.UserName, name: Constants.Agent.CommandLine.Args.UserName, description: StringUtil.Loc("UserName"), defaultValue: string.Empty, validator: Validators.NonEmptyValidator); } [SupportedOSPlatform("windows")] public string GetWindowsLogonAccount(string defaultValue, string descriptionMsg) { return GetArgOrPrompt( argValue: Configure?.WindowsLogonAccount, name: Constants.Agent.CommandLine.Args.WindowsLogonAccount, description: descriptionMsg, defaultValue: defaultValue, validator: Validators.NTAccountValidator); } public string GetWindowsLogonPassword(string accountName) { return GetArgOrPrompt( argValue: Configure?.WindowsLogonPassword, name: Constants.Agent.CommandLine.Args.WindowsLogonPassword, description: StringUtil.Loc("WindowsLogonPasswordDescription", accountName), defaultValue: string.Empty, validator: Validators.NonEmptyValidator); } public string GetWork() { return GetArgOrPrompt( argValue: Configure?.Work, name: Constants.Agent.CommandLine.Args.Work, description: StringUtil.Loc("WorkFolderDescription"), defaultValue: Constants.Path.WorkDirectory, validator: Validators.NonEmptyValidator); } public string GetMonitorSocketAddress() { return GetArg(Configure?.MonitorSocketAddress, Constants.Agent.CommandLine.Args.MonitorSocketAddress); } public string GetNotificationPipeName() { return GetArg(Configure?.NotificationPipeName, Constants.Agent.CommandLine.Args.NotificationPipeName); } public string GetNotificationSocketAddress() { return GetArg(Configure?.NotificationSocketAddress, Constants.Agent.CommandLine.Args.NotificationSocketAddress); } // This is used to find out the source from where the agent.listener.exe was launched at the time of run public string GetStartupType() { return GetArg(Run?.StartupType, Constants.Agent.CommandLine.Args.StartupType); } public string GetProxyUrl() { return GetArg(Configure?.ProxyUrl, Constants.Agent.CommandLine.Args.ProxyUrl); } public string GetProxyUserName() { return GetArg(Configure?.ProxyUserName, Constants.Agent.CommandLine.Args.ProxyUserName); } public string GetProxyPassword() { return GetArg(Configure?.ProxyPassword, Constants.Agent.CommandLine.Args.ProxyPassword); } public bool GetUseBasicAuthForProxy() { return TestFlag(Configure?.UseBasicAuthForProxy, Constants.Agent.CommandLine.Flags.UseBasicAuthForProxy); } public bool GetSkipCertificateValidation() { return TestFlag(Configure?.SslSkipCertValidation, Constants.Agent.CommandLine.Flags.SslSkipCertValidation); } public string GetCACertificate() { return GetArg(Configure?.SslCACert, Constants.Agent.CommandLine.Args.SslCACert); } public string GetClientCertificate() { return GetArg(Configure?.SslClientCert, Constants.Agent.CommandLine.Args.SslClientCert); } public string GetClientCertificatePrivateKey() { return GetArg(Configure?.SslClientCertKey, Constants.Agent.CommandLine.Args.SslClientCertKey); } public string GetClientCertificateArchrive() { return GetArg(Configure?.SslClientCertArchive, Constants.Agent.CommandLine.Args.SslClientCertArchive); } public string GetClientCertificatePassword() { return GetArg(Configure?.SslClientCertPassword, Constants.Agent.CommandLine.Args.SslClientCertPassword); } public bool GetGitUseSChannel() { return TestFlag(Configure?.GitUseSChannel, Constants.Agent.CommandLine.Flags.GitUseSChannel); } public bool GetEnvironmentVMResource() { return TestFlag(Configure?.EnvironmentVMResource, Constants.Agent.CommandLine.Flags.Environment); } public bool GetRunOnce() { return TestFlag(Configure?.RunOnce, Constants.Agent.CommandLine.Flags.Once) || TestFlag(Run?.RunOnce, Constants.Agent.CommandLine.Flags.Once); } public bool GetDebugMode() { return TestFlag(Run?.DebugMode, Constants.Agent.CommandLine.Flags.DebugMode); } public bool GetDeploymentPool() { return TestFlag(Configure?.DeploymentPool, Constants.Agent.CommandLine.Flags.DeploymentPool); } public bool GetDeploymentOrMachineGroup() { if (TestFlag(Configure?.DeploymentGroup, Constants.Agent.CommandLine.Flags.DeploymentGroup) || (Configure?.MachineGroup == true)) { return true; } return false; } public bool GetDisableLogUploads() { return TestFlag(Configure?.DisableLogUploads, Constants.Agent.CommandLine.Flags.DisableLogUploads); } public bool GetReStreamLogsToFiles() { return TestFlag(Configure?.ReStreamLogsToFiles, Constants.Agent.CommandLine.Flags.ReStreamLogsToFiles); } public bool Unattended() { if (TestFlag(GetConfigureOrRemoveBase()?.Unattended, Constants.Agent.CommandLine.Flags.Unattended)) { return true; } return false; } // // Command Checks // public bool IsRunCommand() { if (Run != null) { return true; } return false; } public bool IsVersion() { if ((Configure?.Version == true) || (Remove?.Version == true) || (Run?.Version == true) || (Warmup?.Version == true) || (ReAuth?.Version == true)) { return true; } return false; } public bool IsHelp() { if ((Configure?.Help == true) || (Remove?.Help == true) || (Run?.Help == true) || (Warmup?.Help == true) || (ReAuth?.Help == true)) { return true; } return false; } public bool IsCommit() { return (Run?.Commit == true); } public bool IsDiagnostics() { return (Run?.Diagnostics == true); } public bool IsConfigureCommand() { if (Configure != null) { return true; } return false; } public bool IsRemoveCommand() { if (Remove != null) { return true; } return false; } public bool IsWarmupCommand() { if (Warmup != null) { return true; } return false; } public bool IsReAuthCommand() => ReAuth != null; // // Private helpers. // private string GetArg(string value, string envName) { if (value == null) { value = GetEnvArg(envName); } return value; } private string GetArgOrPrompt( string argValue, string name, string description, string defaultValue, Func validator) { // Check for the arg in the command line parser. ArgUtil.NotNull(validator, nameof(validator)); string result = GetArg(argValue, name); // Return the arg if it is not empty and is valid. _trace.Info($"Arg '{name}': '{result}'"); if (!string.IsNullOrEmpty(result)) { if (validator(result)) { return result; } _trace.Info("Arg is invalid."); } // Otherwise prompt for the arg. return _promptManager.ReadValue( argName: name, description: description, secret: Constants.Agent.CommandLine.Args.Secrets.Any(x => string.Equals(x, name, StringComparison.OrdinalIgnoreCase)), defaultValue: defaultValue, validator: validator, unattended: Unattended()); } private string GetEnvArg(string name) { string val; if (_envArgs.TryGetValue(name, out val) && !string.IsNullOrEmpty(val)) { _trace.Info($"Env arg '{name}': '{val}'"); return val; } return null; } private bool TestFlag(bool? value, string name) { bool result = false; if (value == null || value == false) { string envStr = GetEnvArg(name); if (!bool.TryParse(envStr, out result)) { result = false; } } else { result = true; } _trace.Info($"Flag '{name}': '{result}'"); return result; } private bool TestFlagOrPrompt( bool? value, string name, string description, bool defaultValue) { bool result = TestFlag(value, name); if (!result) { result = _promptManager.ReadBool( argName: name, description: description, defaultValue: defaultValue, unattended: Unattended()); } return result; } private string[] AddDefaultVerbIfNecessary(string[] args) { if (args.Length == 0) { return new string[] { Constants.Agent.CommandLine.Commands.Run }; } // Add default verb "Run" at front if we are given flags / options if (!verbCommands.Any(str => str.Contains(args[0])) && args[0].StartsWith("--")) { string[] newArgs = new string[args.Length + 1]; newArgs[0] = Constants.Agent.CommandLine.Commands.Run; Array.Copy(args, 0, newArgs, 1, args.Length); return newArgs; } return args; } private void ParseArguments(string[] args) { // Parse once to record Errors ParseArguments(args, false); if (ParseErrors != null) { // Parse a second time to populate objects (even if there are errors) ParseArguments(args, true); } } private void ParseArguments(string[] args, bool ignoreErrors) { // We have custom Help / Version functions using (var parser = new Parser(config => { config.AutoHelp = false; config.AutoVersion = false; config.CaseSensitive = false; // We should consider making this false, but it will break people adding unknown arguments config.IgnoreUnknownArguments = ignoreErrors; })) { // Parse Arugments // the parsing library does not allow a mix of verbs and no-verbs per parse (https://github.com/commandlineparser/commandline/issues/174) args = AddDefaultVerbIfNecessary(args); parser .ParseArguments(args, verbTypes) .WithParsed( x => { Configure = x; }) .WithParsed( x => { Run = x; }) .WithParsed( x => { Remove = x; }) .WithParsed( x => { Warmup = x; }) .WithParsed( x => { ReAuth = x; }) .WithNotParsed( errors => { ParseErrors = errors; }); } } private void PrintArguments() { if (Configure != null) { _trace.Info(string.Concat(nameof(Configure), " ", ObjectAsJson(Configure))); } if (Remove != null) { _trace.Info(string.Concat(nameof(Remove), " ", ObjectAsJson(Remove))); } if (ReAuth != null) { _trace.Info(string.Concat(nameof(ReAuth), " ", ObjectAsJson(ReAuth))); } if (Warmup != null) { _trace.Info(string.Concat(nameof(Warmup), " ", ObjectAsJson(Warmup))); } if (Run != null) { _trace.Info(string.Concat(nameof(Run), " ", ObjectAsJson(Run))); } } private string ObjectAsJson(object obj) { return JsonConvert.SerializeObject( obj, Formatting.Indented, new JsonConverter[] { new StringEnumConverter() }); } private ConfigureOrRemoveBase GetConfigureOrRemoveBase() { if (Configure != null) { return Configure as ConfigureOrRemoveBase; } if (Remove != null) { return Remove as ConfigureOrRemoveBase; } if (ReAuth != null) { return ReAuth as ConfigureOrRemoveBase; } return null; } } } ================================================ FILE: src/Agent.Listener/Configuration/ConfigurationManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Util; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Capabilities; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.OAuth; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Net.Sockets; using System.Security.Cryptography; using System.Threading; using System.Threading.Tasks; using System.Runtime.InteropServices; using System.Runtime.Versioning; using System.Security.AccessControl; using System.Security.Principal; using Newtonsoft.Json; using Microsoft.Win32; using Microsoft.VisualStudio.Services.Agent.Listener.Telemetry; using Microsoft.TeamFoundation.Test.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { [ServiceLocator(Default = typeof(ConfigurationManager))] public interface IConfigurationManager : IAgentService { bool IsConfigured(); Task ConfigureAsync(CommandSettings command); Task UnconfigureAsync(CommandSettings command); Task ReAuthAsync(CommandSettings command); AgentSettings LoadSettings(); } public sealed class ConfigurationManager : AgentService, IConfigurationManager { private IConfigurationStore _store; private ITerminal _term; private ILocationServer _locationServer; private ServerUtil _serverUtil; private const string VsTelemetryRegPath = @"SOFTWARE\Microsoft\VisualStudio\Telemetry\PersistentPropertyBag\c57a9efce9b74de382d905a89852db71"; private const string VsTelemetryRegKey = "IsPipelineAgent"; private const int _maxRetries = 3; private const int _delaySeconds = 2; public override void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); Trace.Verbose("Creating _store"); _store = hostContext.GetService(); Trace.Verbose("store created"); _term = hostContext.GetService(); _locationServer = hostContext.GetService(); _serverUtil = new ServerUtil(Trace); } public bool IsConfigured() { bool result = _store.IsConfigured(); Trace.Info($"Is configured: {result}"); return result; } public AgentSettings LoadSettings() { Trace.Info(nameof(LoadSettings)); if (!IsConfigured()) { throw new InvalidOperationException("Not configured"); } AgentSettings settings = _store.GetSettings(); Trace.Info("Settings Loaded"); return settings; } public async Task ConfigureAsync(CommandSettings command) { ArgUtil.NotNull(command, nameof(command)); if (PlatformUtil.RunningOnWindows) { CheckAgentRootDirectorySecure(); } Trace.Info($"Agent configuration initiated - OS: {PlatformUtil.HostOS}, Architecture: {PlatformUtil.HostArchitecture}, AgentVersion: {BuildConstants.AgentPackage.Version}"); if (IsConfigured()) { throw new InvalidOperationException(StringUtil.Loc("AlreadyConfiguredError")); } // Populate proxy setting from commandline args var vstsProxy = HostContext.GetService(); bool saveProxySetting = SetupVstsProxySetting(vstsProxy, command); // Populate cert setting from commandline args var agentCertManager = HostContext.GetService(); bool saveCertSetting = SetupCertSettings(agentCertManager, command); AgentSettings agentSettings = new AgentSettings(); // TEE EULA agentSettings.AcceptTeeEula = false; switch (PlatformUtil.HostOS) { case PlatformUtil.OS.OSX: case PlatformUtil.OS.Linux: // Write the section header. WriteSection(StringUtil.Loc("EulasSectionHeader")); // Verify the EULA exists on disk in the expected location. string eulaFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), "license.html"); ArgUtil.File(eulaFile, nameof(eulaFile)); // Write elaborate verbiage about the TEE EULA. _term.WriteLine(StringUtil.Loc("TeeEula", eulaFile)); _term.WriteLine(); // Prompt to acccept the TEE EULA. agentSettings.AcceptTeeEula = command.GetAcceptTeeEula(); break; case PlatformUtil.OS.Windows: // Warn and continue if .NET 4.6 is not installed. #pragma warning disable CA1416 // SupportedOSPlatformGuard not honored on enum members if (!NetFrameworkUtil.Test(new Version(4, 6), Trace)) { WriteSection(StringUtil.Loc("PrerequisitesSectionHeader")); // Section header. _term.WriteLine(StringUtil.Loc("MinimumNetFrameworkTfvc")); // Warning. } #pragma warning restore CA1416 break; default: throw new NotSupportedException(); } // Create the configuration provider as per agent type. string agentType = GetAgentTypeFromCommand(command); Trace.Info($"Agent type determined from command - Type: '{agentType}', IsDeploymentGroup: {command.GetDeploymentOrMachineGroup()}, IsEnvironmentVM: {command.GetEnvironmentVMResource()}"); var extensionManager = HostContext.GetService(); IConfigurationProvider agentProvider = (extensionManager.GetExtensions()) .FirstOrDefault(x => x.ConfigurationProviderType == agentType); ArgUtil.NotNull(agentProvider, agentType); Trace.Info($"Configuration provider resolved - Provider: '{agentProvider.GetType().Name}' for agent type: '{agentType}'"); bool isHostedServer = false; // Loop getting url and creds until you can connect ICredentialProvider credProvider = null; VssCredentials creds = null; WriteSection(StringUtil.Loc("ConnectSectionHeader")); while (true) { // Get the URL agentProvider.GetServerUrl(agentSettings, command); Trace.Info($"Server URL configured - URL: '{agentSettings.ServerUrl}', IsUnattended: {command.Unattended()}"); // Get the credentials credProvider = GetCredentialProvider(command, agentSettings.ServerUrl); Trace.Info("cred retrieved"); try { bool skipCertValidation = command.GetSkipCertificateValidation(); isHostedServer = await CheckIsHostedServer(agentProvider, agentSettings, credProvider, skipCertValidation); Trace.Info($"Server type detection completed - IsHostedServer: {isHostedServer}"); // Get the collection name for deployment group agentProvider.GetCollectionName(agentSettings, command, isHostedServer); // Validate can connect. creds = credProvider.GetVssCredentials(HostContext); await agentProvider.TestConnectionAsync(agentSettings, creds, isHostedServer, skipCertValidation); Trace.Info("Test Connection complete."); break; } catch (SocketException e) { ExceptionsUtil.HandleSocketException(e, agentSettings.ServerUrl, _term.WriteError); } catch (Exception e) when (!command.Unattended()) { _term.WriteError(e); _term.WriteError(StringUtil.Loc("FailedToConnect")); } } bool rsaKeyGetConfigFromFF = global::Agent.Sdk.Knob.AgentKnobs.RsaKeyGetConfigFromFF.GetValue(UtilKnobValueContext.Instance()).AsBoolean(); RSAParameters publicKey; if (rsaKeyGetConfigFromFF) { // We want to use the native CSP of the platform for storage, so we use the RSACSP directly var keyManager = HostContext.GetService(); var ffResult = await keyManager.GetStoreAgentTokenInNamedContainerFF(HostContext, Trace, agentSettings, creds); var enableAgentKeyStoreInNamedContainer = ffResult.useNamedContainer; var useCng = ffResult.useCng; using (var rsa = keyManager.CreateKey(enableAgentKeyStoreInNamedContainer, useCng)) { publicKey = rsa.ExportParameters(false); } } else { // We want to use the native CSP of the platform for storage, so we use the RSACSP directly var keyManager = HostContext.GetService(); var result = keyManager.GetStoreAgentTokenConfig(); var enableAgentKeyStoreInNamedContainer = result.useNamedContainer; var useCng = result.useCng; using (var rsa = keyManager.CreateKey(enableAgentKeyStoreInNamedContainer, useCng)) { publicKey = rsa.ExportParameters(false); } } // Loop getting agent name and pool name WriteSection(StringUtil.Loc("RegisterAgentSectionHeader")); while (true) { try { await agentProvider.GetPoolIdAndName(agentSettings, command); Trace.Info($"Pool resolution successful - PoolId: {agentSettings.PoolId}, PoolName: '{agentSettings.PoolName}'"); break; } catch (Exception e) when (!command.Unattended()) { _term.WriteError(e); _term.WriteError(agentProvider.GetFailedToFindPoolErrorString()); } } TaskAgent agent; while (true) { agentSettings.AgentName = command.GetAgentName(); Trace.Info($"Agent registration attempt - Name: '{agentSettings.AgentName}', Pool: '{agentSettings.PoolName}' (ID: {agentSettings.PoolId})"); // Get the system capabilities. // TODO: Hook up to ctrl+c cancellation token. _term.WriteLine(StringUtil.Loc("ScanToolCapabilities")); Dictionary systemCapabilities = await HostContext.GetService().GetCapabilitiesAsync(agentSettings, CancellationToken.None); Trace.Info($"System capabilities scan completed - Found {systemCapabilities.Count} capabilities: [{string.Join(", ", systemCapabilities.Take(5).Select(kvp => $"{kvp.Key}={kvp.Value}"))}...]"); _term.WriteLine(StringUtil.Loc("ConnectToServer")); agent = await agentProvider.GetAgentAsync(agentSettings); if (agent != null) { Trace.Info($"Existing agent found - AgentId: {agent.Id}, Version: '{agent.Version}', Status: '{agent.Status}', LastRequestTime: {agent.StatusChangedOn}"); _term.WriteLine(StringUtil.Loc("AgentWithSameNameAlreadyExistInPool", agentSettings.PoolName, agentSettings.AgentName)); if (command.GetReplace()) { Trace.Info("Replace mode enabled - updating existing agent with new configuration"); // Update existing agent with new PublicKey, agent version and SystemCapabilities. agent = UpdateExistingAgent(agent, publicKey, systemCapabilities); agent = await UpdateAgentWithRetryAsync( () => agentProvider.UpdateAgentAsync(agentSettings, agent, command), command ); if (agent != null) { _term.WriteLine(StringUtil.Loc("AgentReplaced")); Trace.Info($"Agent replacement successful - AgentId: {agent.Id}, NewVersion: '{agent.Version}'"); break; } } else if (command.Unattended()) { Trace.Error($"Agent already exists in unattended mode - AgentId: {agent.Id}, AgentName: '{agentSettings.AgentName}'"); // if not replace and it is unattended config. agentProvider.ThrowTaskAgentExistException(agentSettings); } } else { Trace.Info("No existing agent found - creating new agent registration"); // Create a new agent. agent = CreateNewAgent(agentSettings.AgentName, publicKey, systemCapabilities); try { agent = await agentProvider.AddAgentAsync(agentSettings, agent, command); _term.WriteLine(StringUtil.Loc("AgentAddedSuccessfully")); break; } catch (Exception e) when (!command.Unattended()) { _term.WriteError(e); _term.WriteError(StringUtil.Loc("AddAgentFailed")); } } } // Add Agent Id to settings agentSettings.AgentId = agent.Id; // respect the serverUrl resolve by server. // in case of agent configured using collection url instead of account url. string agentServerUrl; if (agent.Properties.TryGetValidatedValue("ServerUrl", out agentServerUrl) && !string.IsNullOrEmpty(agentServerUrl)) { Trace.Info($"Agent server url resolve by server: '{agentServerUrl}'."); // we need make sure the Schema/Host/Port component of the url remain the same. UriBuilder inputServerUrl = new UriBuilder(agentSettings.ServerUrl); UriBuilder serverReturnedServerUrl = new UriBuilder(agentServerUrl); if (Uri.Compare(inputServerUrl.Uri, serverReturnedServerUrl.Uri, UriComponents.SchemeAndServer, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) != 0) { inputServerUrl.Path = serverReturnedServerUrl.Path; Trace.Info($"Replace server returned url's scheme://host:port component with user input server url's scheme://host:port: '{inputServerUrl.Uri.AbsoluteUri}'."); agentSettings.ServerUrl = inputServerUrl.Uri.AbsoluteUri; } else { agentSettings.ServerUrl = agentServerUrl; } } UpdateCredentialData(agent, agentSettings, credProvider.CredentialData, isHostedServer); // Testing agent connection, detect any protential connection issue, like local clock skew that cause OAuth token expired. _term.WriteLine(StringUtil.Loc("TestAgentConnection")); var credMgr = HostContext.GetService(); VssCredentials credential = credMgr.LoadCredentials(); var agentSvr = HostContext.GetService(); try { await agentSvr.ConnectAsync(new Uri(agentSettings.ServerUrl), credential); } catch (VssOAuthTokenRequestException ex) when (ex.Message.Contains("Current server time is")) { // there are two exception messages server send that indicate clock skew. // 1. The bearer token expired on {jwt.ValidTo}. Current server time is {DateTime.UtcNow}. // 2. The bearer token is not valid until {jwt.ValidFrom}. Current server time is {DateTime.UtcNow}. Trace.Error("Catch exception during test agent connection."); Trace.Error(ex); throw new InvalidOperationException(StringUtil.Loc("LocalClockSkewed")); } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, agentSettings.ServerUrl, (message) => Trace.Error(message)); throw; } // We will Combine() what's stored with root. Defaults to string a relative path agentSettings.WorkFolder = command.GetWork(); // notificationPipeName for Hosted agent provisioner. agentSettings.NotificationPipeName = command.GetNotificationPipeName(); agentSettings.MonitorSocketAddress = command.GetMonitorSocketAddress(); agentSettings.NotificationSocketAddress = command.GetNotificationSocketAddress(); agentSettings.DisableLogUploads = command.GetDisableLogUploads(); agentSettings.ReStreamLogsToFiles = command.GetReStreamLogsToFiles(); if (agentSettings.DisableLogUploads && agentSettings.ReStreamLogsToFiles) { throw new NotSupportedException(StringUtil.Loc("ReStreamLogsToFilesError")); } agentSettings.AlwaysExtractTask = command.GetAlwaysExtractTask(); _store.SaveSettings(agentSettings); if (saveProxySetting) { Trace.Info("Save proxy setting to disk."); vstsProxy.SaveProxySetting(); } if (saveCertSetting) { Trace.Info("Save agent cert setting to disk."); agentCertManager.SaveCertificateSetting(); } _term.WriteLine(StringUtil.Loc("SavedSettings", DateTime.UtcNow)); bool saveRuntimeOptions = false; var runtimeOptions = new AgentRuntimeOptions(); if (PlatformUtil.RunningOnWindows && command.GetGitUseSChannel()) { saveRuntimeOptions = true; runtimeOptions.GitUseSecureChannel = true; } if (saveRuntimeOptions) { Trace.Info("Save agent runtime options to disk."); _store.SaveAgentRuntimeOptions(runtimeOptions); } if (PlatformUtil.RunningOnWindows) { // config windows service if (command.GetRunAsService()) { Trace.Info("Configuring to run the agent as service"); var serviceControlManager = HostContext.GetService(); agentSettings.EnableServiceSidTypeUnrestricted = command.GetEnableServiceSidTypeUnrestricted(); serviceControlManager.ConfigureService(agentSettings, command); } // config auto logon else if (command.GetRunAsAutoLogon()) { Trace.Info("Agent is going to run as process setting up the 'AutoLogon' capability for the agent."); var autoLogonConfigManager = HostContext.GetService(); await autoLogonConfigManager.ConfigureAsync(command); //Important: The machine may restart if the autologon user is not same as the current user //if you are adding code after this, keep that in mind } } else if (PlatformUtil.RunningOnLinux) { // generate service config script for Linux var serviceControlManager = HostContext.GetService(); serviceControlManager.GenerateScripts(agentSettings); } else if (PlatformUtil.RunningOnMacOS) { // generate service config script for macOS var serviceControlManager = HostContext.GetService(); serviceControlManager.GenerateScripts(agentSettings); } if(PlatformUtil.RunningOnWindows) { // add vstelemetry registrykey this.AddVSTelemetryRegKey(); } try { var telemetryData = new Dictionary { { "AuthenticationType", credProvider.CredentialData.Scheme }, }; var cmd = new Command("telemetry", "publish") { Data = JsonConvert.SerializeObject(telemetryData) }; cmd.Properties.Add("area", "PipelinesTasks"); cmd.Properties.Add("feature", "AgentCredentialManager"); var telemetryPublisher = HostContext.GetService(); await telemetryPublisher.PublishEvent(HostContext, cmd); } catch (Exception ex) { Trace.Warning($"Unable to publish credential type telemetry data. Exception: {ex}"); } Trace.Info($"Agent configuration completed successfully - AgentId: {agentSettings.AgentId}, AgentName: '{agentSettings.AgentName}', Pool: '{agentSettings.PoolName}', ServerUrl: '{agentSettings.ServerUrl}'"); } private async Task UpdateAgentWithRetryAsync( Func> operation, CommandSettings command) { int attempt = 0; while (true) { try { return await operation(); } catch (Exception e) when ( e is TimeoutException || e is TaskCanceledException || (e is OperationCanceledException && !(e is TaskCanceledException)) ) { attempt++; if (command.Unattended()) { if (attempt >= _maxRetries) { _term.WriteError(e); _term.WriteError(StringUtil.Loc("FailedToReplaceAgent")); Trace.Error($"{operation.Method.Name} failed after maximum retries. Exception: {e}"); throw new InvalidOperationException(StringUtil.Loc("FailedToReplaceAgent"), e); } else { Trace.Info($"Retrying operation, Attempt: '{attempt}'."); int backoff = _delaySeconds * (int)Math.Pow(2, attempt - 1); _term.WriteLine(StringUtil.Loc("RetryingReplaceAgent", attempt, _maxRetries, backoff)); await Task.Delay(TimeSpan.FromSeconds(backoff)); } } else { _term.WriteError(e); _term.WriteError(StringUtil.Loc("FailedToReplaceAgent")); break; } } catch (Exception e) { _term.WriteError(e); _term.WriteError(StringUtil.Loc("FailedToReplaceAgent")); break; } } return default(T); } public async Task UnconfigureAsync(CommandSettings command) { ArgUtil.NotNull(command, nameof(command)); string currentAction = string.Empty; try { //stop, uninstall service and remove service config file if (_store.IsServiceConfigured()) { currentAction = StringUtil.Loc("UninstallingService"); _term.WriteLine(currentAction); if (PlatformUtil.RunningOnWindows) { var serviceControlManager = HostContext.GetService(); serviceControlManager.UnconfigureService(); _term.WriteLine(StringUtil.Loc("Success") + currentAction); } else if (PlatformUtil.RunningOnLinux) { // unconfig systemd service first throw new InvalidOperationException(StringUtil.Loc("UnconfigureServiceDService")); } else if (PlatformUtil.RunningOnMacOS) { // unconfig macOS service first throw new InvalidOperationException(StringUtil.Loc("UnconfigureOSXService")); } } else { if (PlatformUtil.RunningOnWindows) { //running as process, unconfigure autologon if it was configured if (_store.IsAutoLogonConfigured()) { currentAction = StringUtil.Loc("UnconfigAutologon"); _term.WriteLine(currentAction); var autoLogonConfigManager = HostContext.GetService(); autoLogonConfigManager.Unconfigure(); _term.WriteLine(StringUtil.Loc("Success") + currentAction); } else { Trace.Info("AutoLogon was not configured on the agent."); } } } //delete agent from the server currentAction = StringUtil.Loc("UnregisteringAgent"); _term.WriteLine(currentAction); bool isConfigured = _store.IsConfigured(); bool hasCredentials = _store.HasCredentials(); if (isConfigured && hasCredentials) { AgentSettings settings = _store.GetSettings(); var credentialManager = HostContext.GetService(); // Get the credentials var credProvider = GetCredentialProvider(command, settings.ServerUrl); Trace.Info("cred retrieved"); bool isEnvironmentVMResource = false; bool isDeploymentGroup = (settings.MachineGroupId > 0) || (settings.DeploymentGroupId > 0); if (!isDeploymentGroup) { isEnvironmentVMResource = settings.EnvironmentId > 0; } Trace.Info(StringUtil.Format("Agent configured for deploymentGroup : {0}", isDeploymentGroup.ToString())); string agentType = isDeploymentGroup ? Constants.Agent.AgentConfigurationProvider.DeploymentAgentConfiguration : isEnvironmentVMResource ? Constants.Agent.AgentConfigurationProvider.EnvironmentVMResourceConfiguration : Constants.Agent.AgentConfigurationProvider.BuildReleasesAgentConfiguration; var extensionManager = HostContext.GetService(); var agentCertManager = HostContext.GetService(); IConfigurationProvider agentProvider = (extensionManager.GetExtensions()).FirstOrDefault(x => x.ConfigurationProviderType == agentType); ArgUtil.NotNull(agentProvider, agentType); bool isHostedServer = await CheckIsHostedServer(agentProvider, settings, credProvider, agentCertManager.SkipServerCertificateValidation); VssCredentials creds = credProvider.GetVssCredentials(HostContext); await agentProvider.TestConnectionAsync(settings, creds, isHostedServer, agentCertManager.SkipServerCertificateValidation); TaskAgent agent = await agentProvider.GetAgentAsync(settings); if (agent == null) { _term.WriteLine(StringUtil.Loc("Skipping") + currentAction); } else { await agentProvider.DeleteAgentAsync(settings); _term.WriteLine(StringUtil.Loc("Success") + currentAction); } } else { _term.WriteLine(StringUtil.Loc("MissingConfig")); } //delete credential config files currentAction = StringUtil.Loc("DeletingCredentials"); _term.WriteLine(currentAction); if (hasCredentials) { _store.DeleteCredential(); var keyManager = HostContext.GetService(); keyManager.DeleteKey(); _term.WriteLine(StringUtil.Loc("Success") + currentAction); } else { _term.WriteLine(StringUtil.Loc("Skipping") + currentAction); } //delete settings config file currentAction = StringUtil.Loc("DeletingSettings"); _term.WriteLine(currentAction); if (isConfigured) { // delete proxy setting HostContext.GetService().DeleteProxySetting(); // delete agent cert setting HostContext.GetService().DeleteCertificateSetting(); // delete agent runtime option _store.DeleteAgentRuntimeOptions(); if(PlatformUtil.RunningOnWindows) { // delete vstelemetry registrykey this.DeleteVSTelemetryRegKey(); } _store.DeleteSettings(); _term.WriteLine(StringUtil.Loc("Success") + currentAction); } else { _term.WriteLine(StringUtil.Loc("Skipping") + currentAction); } } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, _store.GetSettings().ServerUrl, _term.WriteLine); throw; } catch (Exception) { _term.WriteLine(StringUtil.Loc("Failed") + currentAction); throw; } } public async Task ReAuthAsync(CommandSettings command) { bool isConfigured = _store.IsConfigured(); if (!isConfigured) { throw new InvalidOperationException("Not configured"); } AgentSettings agentSettings = _store.GetSettings(); bool isDeploymentGroup = (agentSettings.MachineGroupId > 0) || (agentSettings.DeploymentGroupId > 0); bool isEnvironmentVMResource = !isDeploymentGroup && (agentSettings.EnvironmentId > 0); string agentType = isDeploymentGroup ? Constants.Agent.AgentConfigurationProvider.DeploymentAgentConfiguration : (isEnvironmentVMResource ? Constants.Agent.AgentConfigurationProvider.EnvironmentVMResourceConfiguration : Constants.Agent.AgentConfigurationProvider.BuildReleasesAgentConfiguration); var extensionManager = HostContext.GetService(); IConfigurationProvider agentProvider = extensionManager.GetExtensions() .FirstOrDefault(x => x.ConfigurationProviderType == agentType); ArgUtil.NotNull(agentProvider, agentType); ICredentialProvider credProvider = GetCredentialProvider(command, agentSettings.ServerUrl); bool skipCertValidation = command.GetSkipCertificateValidation(); bool isHostedServer = await CheckIsHostedServer(agentProvider, agentSettings, credProvider, skipCertValidation); // Get the collection name for deployment group agentProvider.GetCollectionName(agentSettings, command, isHostedServer); bool rsaKeyGetConfigFromFF = global::Agent.Sdk.Knob.AgentKnobs.RsaKeyGetConfigFromFF.GetValue(UtilKnobValueContext.Instance()).AsBoolean(); var keyManager = HostContext.GetService(); bool enableAgentKeyStoreInNamedContainer; bool useCng; WriteSection(StringUtil.Loc("ConnectSectionHeader")); // Loop getting url and creds until you can connect while (true) { try { // Validate can connect. VssCredentials creds = credProvider.GetVssCredentials(HostContext); await agentProvider.TestConnectionAsync(agentSettings, creds, isHostedServer, skipCertValidation); Trace.Info("Test Connection complete."); if (rsaKeyGetConfigFromFF) { (enableAgentKeyStoreInNamedContainer, useCng) = await keyManager.GetStoreAgentTokenInNamedContainerFF(HostContext, Trace, agentSettings, creds); } else { (enableAgentKeyStoreInNamedContainer, useCng) = keyManager.GetStoreAgentTokenConfig(); } RSAParameters publicKey; using (var rsa = keyManager.CreateKey(enableAgentKeyStoreInNamedContainer, useCng)) { publicKey = rsa.ExportParameters(false); } TaskAgent agent = await agentProvider.GetAgentAsync(agentSettings); if (agent == null) { try { _term.WriteLine(StringUtil.Loc("ScanToolCapabilities")); var capsManager = HostContext.GetService(); Dictionary systemCapabilities = await capsManager.GetCapabilitiesAsync(agentSettings, CancellationToken.None); agent = CreateNewAgent(agentSettings.AgentName, publicKey, systemCapabilities); agent = await agentProvider.AddAgentAsync(agentSettings, agent, command); _term.WriteLine(StringUtil.Loc("AgentAddedSuccessfully")); } catch (Exception e) when (!command.Unattended()) { _term.WriteError(e); _term.WriteError(StringUtil.Loc("AddAgentFailed")); } } else { agent.Authorization = new TaskAgentAuthorization { PublicKey = new TaskAgentPublicKey(publicKey.Exponent, publicKey.Modulus), }; agent = await UpdateAgentWithRetryAsync( () => agentProvider.UpdateAgentAsync(agentSettings, agent, command), command ); if (agent != null) { _term.WriteLine(StringUtil.Loc("AgentReplaced")); break; } } agentSettings.AgentId = agent.Id; _store.SaveSettings(agentSettings); UpdateCredentialData(agent, agentSettings, credProvider.CredentialData, isHostedServer); break; } catch (SocketException e) { ExceptionsUtil.HandleSocketException(e, agentSettings.ServerUrl, _term.WriteError); } catch (Exception e) when (!command.Unattended()) { _term.WriteError(e); _term.WriteError(StringUtil.Loc("FailedToConnect")); } } } private void UpdateCredentialData( TaskAgent agent, AgentSettings agentSettings, CredentialData newCredentialData, bool isHostedServer) { // See if the server supports our OAuth key exchange for credentials if (agent.Authorization != null && agent.Authorization.ClientId != Guid.Empty && agent.Authorization.AuthorizationUrl != null) { // We use authorizationUrl as the oauth endpoint url by default. // For TFS, we need make sure the Schema/Host/Port component of the oauth endpoint url also match configuration url. (Incase of customer's agent configure URL and TFS server public URL are different) // Which means, we will keep use the original authorizationUrl in the VssOAuthJwtBearerClientCredential (authorizationUrl is the audience), // But might have different Url in VssOAuthCredential (connection url) // We can't do this for VSTS, since its SPS/TFS urls are different. UriBuilder configServerUrl = new UriBuilder(agentSettings.ServerUrl); UriBuilder oauthEndpointUrlBuilder = new UriBuilder(agent.Authorization.AuthorizationUrl); if (!isHostedServer && Uri.Compare(configServerUrl.Uri, oauthEndpointUrlBuilder.Uri, UriComponents.SchemeAndServer, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) != 0) { oauthEndpointUrlBuilder.Scheme = configServerUrl.Scheme; oauthEndpointUrlBuilder.Host = configServerUrl.Host; oauthEndpointUrlBuilder.Port = configServerUrl.Port; Trace.Info($"Set oauth endpoint url's scheme://host:port component to match agent configure url's scheme://host:port: '{oauthEndpointUrlBuilder.Uri.AbsoluteUri}'."); } var credentialData = new CredentialData { Scheme = Constants.Configuration.OAuth, Data = { { "clientId", agent.Authorization.ClientId.ToString("D") }, { "authorizationUrl", agent.Authorization.AuthorizationUrl.AbsoluteUri }, { "oauthEndpointUrl", oauthEndpointUrlBuilder.Uri.AbsoluteUri }, }, }; // Save the negotiated OAuth credential data _store.SaveCredential(credentialData); } else { switch (PlatformUtil.HostOS) { case PlatformUtil.OS.OSX: case PlatformUtil.OS.Linux: // Save the provided admin cred for compat with previous agent. _store.SaveCredential(newCredentialData); break; case PlatformUtil.OS.Windows: // Not supported against TFS 2015. _term.WriteError(StringUtil.Loc("Tfs2015NotSupported")); return; default: throw new NotSupportedException(); } } } private ICredentialProvider GetCredentialProvider(CommandSettings command, string serverUrl) { Trace.Info(nameof(GetCredentialProvider)); var credentialManager = HostContext.GetService(); // Get the default auth type. // Use PAT as long as the server uri scheme is Https and looks like a FQDN // Otherwise windows use Integrated, linux/mac use negotiate. string defaultAuth = string.Empty; Uri server = new Uri(serverUrl); if (server.Scheme == Uri.UriSchemeHttps && server.Host.Contains('.')) { defaultAuth = Constants.Configuration.PAT; } else { defaultAuth = PlatformUtil.RunningOnWindows ? Constants.Configuration.Integrated : Constants.Configuration.Negotiate; } string authType = command.GetAuth(defaultValue: defaultAuth); // Create the credential. Trace.Info(StringUtil.Format("Creating credential for auth: {0}", authType)); var provider = credentialManager.GetCredentialProvider(authType); if (provider.RequireInteractive && command.Unattended()) { throw new NotSupportedException($"Authentication type '{authType}' is not supported for unattended configuration."); } provider.EnsureCredential(HostContext, command, serverUrl); return provider; } private TaskAgent UpdateExistingAgent(TaskAgent agent, RSAParameters publicKey, Dictionary systemCapabilities) { ArgUtil.NotNull(agent, nameof(agent)); agent.Authorization = new TaskAgentAuthorization { PublicKey = new TaskAgentPublicKey(publicKey.Exponent, publicKey.Modulus), }; // update - update instead of delete so we don't lose user capabilities etc... agent.Version = BuildConstants.AgentPackage.Version; agent.OSDescription = RuntimeInformation.OSDescription; foreach (KeyValuePair capability in systemCapabilities) { agent.SystemCapabilities[capability.Key] = capability.Value ?? string.Empty; } return agent; } private TaskAgent CreateNewAgent(string agentName, RSAParameters publicKey, Dictionary systemCapabilities) { TaskAgent agent = new TaskAgent(agentName) { Authorization = new TaskAgentAuthorization { PublicKey = new TaskAgentPublicKey(publicKey.Exponent, publicKey.Modulus), }, MaxParallelism = 1, ProvisioningState = TaskAgentProvisioningStateConstants.Provisioned, Version = BuildConstants.AgentPackage.Version, OSDescription = RuntimeInformation.OSDescription, }; foreach (KeyValuePair capability in systemCapabilities) { agent.SystemCapabilities[capability.Key] = capability.Value ?? string.Empty; } return agent; } private void WriteSection(string message) { _term.WriteLine(); _term.WriteLine($">> {message}:"); _term.WriteLine(); } [SupportedOSPlatform("windows")] private void AddVSTelemetryRegKey() { try { //create the VsTelemetryRegKey under currentuser/VsTelemetryRegPath and set value to true using (RegistryKey key = Registry.CurrentUser.OpenSubKey(VsTelemetryRegPath, writable: true)) { if (key != null && key.GetValue(VsTelemetryRegKey) == null) { key.SetValue(VsTelemetryRegKey, "s:true", RegistryValueKind.String); } } } catch (Exception) { // ignore failure as this is not critical to agent functionality Trace.Info("Error while adding VSTelemetry regkey"); } } [SupportedOSPlatform("windows")] private void DeleteVSTelemetryRegKey() { try { // delete the VsTelemetryRegKey under currentuser/VsTelemetryRegPath using (RegistryKey key = Registry.CurrentUser.OpenSubKey(VsTelemetryRegPath, writable: true)) { if (key != null && key.GetValue(VsTelemetryRegKey) != null) { key.DeleteValue(VsTelemetryRegKey); } } } catch (Exception) { // ignore failure as this is not critical to agent functionality Trace.Info("Error while deleting VSTelemetry regkey"); } } [SupportedOSPlatform("windows")] private void CheckAgentRootDirectorySecure() { Trace.Info(nameof(CheckAgentRootDirectorySecure)); try { string rootDirPath = HostContext.GetDirectory(WellKnownDirectory.Root); if (!String.IsNullOrEmpty(rootDirPath)) { // Get info about root folder DirectoryInfo dirInfo = new DirectoryInfo(rootDirPath); // Get directory access control list DirectorySecurity directorySecurityInfo = dirInfo.GetAccessControl(); AuthorizationRuleCollection dirAccessRules = directorySecurityInfo.GetAccessRules(true, true, typeof(NTAccount)); // Get identity reference of the BUILTIN\Users group IdentityReference bulitInUsersGroup = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null).Translate(typeof(NTAccount)); // Check if BUILTIN\Users group have modify/write rights for the agent root folder List potentiallyInsecureRules = dirAccessRules.OfType().AsParallel() .Where(rule => rule.IdentityReference == bulitInUsersGroup && (rule.FileSystemRights.HasFlag(FileSystemRights.Write) || rule.FileSystemRights.HasFlag(FileSystemRights.Modify))) .ToList(); // Notify user if there are some potentially insecure access rules for the agent root folder if (potentiallyInsecureRules.Count != 0) { Trace.Warning(StringUtil.Format("The {0} group have the following permissions to the agent root folder: ", bulitInUsersGroup.ToString())); potentiallyInsecureRules.ForEach(accessRule => Trace.Warning(StringUtil.Format("- {0}", accessRule.FileSystemRights.ToString()))); _term.Write(StringUtil.Loc("agentRootFolderInsecure", bulitInUsersGroup.ToString())); } } else { Trace.Warning("Can't get path to the agent root folder, check was skipped."); } } catch (Exception ex) { Trace.Warning("Can't check permissions for agent root folder:"); Trace.Warning(ex.Message); _term.Write(StringUtil.Loc("agentRootFolderCheckError")); } } private bool SetupVstsProxySetting(IVstsAgentWebProxy vstsProxy, CommandSettings command) { ArgUtil.NotNull(command, nameof(command)); bool saveProxySetting = false; string proxyUrl = command.GetProxyUrl(); bool useBasicAuthForProxy = command.GetUseBasicAuthForProxy(); if (!string.IsNullOrEmpty(proxyUrl)) { if (!Uri.IsWellFormedUriString(proxyUrl, UriKind.Absolute)) { throw new ArgumentOutOfRangeException(nameof(proxyUrl)); } Trace.Info("Reset proxy base on commandline args."); string proxyUserName = command.GetProxyUserName(); string proxyPassword = command.GetProxyPassword(); vstsProxy.SetupProxy(proxyUrl, proxyUserName, proxyPassword, useBasicAuthForProxy); saveProxySetting = true; } return saveProxySetting; } private bool SetupCertSettings(IAgentCertificateManager agentCertManager, CommandSettings command) { bool saveCertSetting = false; bool skipCertValidation = command.GetSkipCertificateValidation(); string caCert = command.GetCACertificate(); string clientCert = command.GetClientCertificate(); string clientCertKey = command.GetClientCertificatePrivateKey(); string clientCertArchive = command.GetClientCertificateArchrive(); string clientCertPassword = command.GetClientCertificatePassword(); // We require all Certificate files are under agent root. // So we can set ACL correctly when configure as service if (!string.IsNullOrEmpty(caCert)) { caCert = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), caCert); ArgUtil.File(caCert, nameof(caCert)); } if (!string.IsNullOrEmpty(clientCert) && !string.IsNullOrEmpty(clientCertKey) && !string.IsNullOrEmpty(clientCertArchive)) { // Ensure all client cert pieces are there. clientCert = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), clientCert); clientCertKey = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), clientCertKey); clientCertArchive = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), clientCertArchive); ArgUtil.File(clientCert, nameof(clientCert)); ArgUtil.File(clientCertKey, nameof(clientCertKey)); ArgUtil.File(clientCertArchive, nameof(clientCertArchive)); } else if (!string.IsNullOrEmpty(clientCert) || !string.IsNullOrEmpty(clientCertKey) || !string.IsNullOrEmpty(clientCertArchive)) { // Print out which args are missing. ArgUtil.NotNullOrEmpty(Constants.Agent.CommandLine.Args.SslClientCert, Constants.Agent.CommandLine.Args.SslClientCert); ArgUtil.NotNullOrEmpty(Constants.Agent.CommandLine.Args.SslClientCertKey, Constants.Agent.CommandLine.Args.SslClientCertKey); ArgUtil.NotNullOrEmpty(Constants.Agent.CommandLine.Args.SslClientCertArchive, Constants.Agent.CommandLine.Args.SslClientCertArchive); } if (skipCertValidation || !string.IsNullOrEmpty(caCert) || !string.IsNullOrEmpty(clientCert)) { Trace.Info("Reset agent cert setting base on commandline args."); agentCertManager.SetupCertificate(skipCertValidation, caCert, clientCert, clientCertKey, clientCertArchive, clientCertPassword); saveCertSetting = true; } return saveCertSetting; } private string GetAgentTypeFromCommand(CommandSettings command) { string agentType = Constants.Agent.AgentConfigurationProvider.BuildReleasesAgentConfiguration; if (command.GetDeploymentOrMachineGroup()) { agentType = Constants.Agent.AgentConfigurationProvider.DeploymentAgentConfiguration; } else if (command.GetDeploymentPool()) { agentType = Constants.Agent.AgentConfigurationProvider.SharedDeploymentAgentConfiguration; } else if (command.GetEnvironmentVMResource()) { agentType = Constants.Agent.AgentConfigurationProvider.EnvironmentVMResourceConfiguration; } return agentType; } private async Task CheckIsHostedServer(IConfigurationProvider agentProvider, AgentSettings agentSettings, ICredentialProvider credProvider, bool skipServerCertificateValidation) { bool isHostedServer = false; VssCredentials creds = credProvider.GetVssCredentials(HostContext); try { // Determine the service deployment type based on connection data. (Hosted/OnPremises) await _serverUtil.DetermineDeploymentType(agentSettings.ServerUrl, creds, _locationServer, skipServerCertificateValidation); } catch (VssUnauthorizedException) { // In case if GetConnectionData returned some auth problem need to check // maybe connect will be successfull with CollectionName // (as example PAT was generated for url/CollectionName) if (!agentProvider.IsCollectionPossible) throw; } if (!_serverUtil.TryGetDeploymentType(out isHostedServer)) { Trace.Warning(@"Deployment type determination has been failed; assume it is OnPremises and the deployment type determination was not implemented for this server version."); } return isHostedServer; } } } ================================================ FILE: src/Agent.Listener/Configuration/ConfigurationProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Linq; using System.Net.Http; using System.Net.Sockets; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { public interface IConfigurationProvider : IExtension, IAgentService { string ConfigurationProviderType { get; } bool IsCollectionPossible { get; } void GetServerUrl(AgentSettings agentSettings, CommandSettings command); void GetCollectionName(AgentSettings agentSettings, CommandSettings command, bool isHosted); Task TestConnectionAsync(AgentSettings agentSettings, VssCredentials creds, bool isHosted, bool skipServerCertificateValidation = false); Task GetPoolIdAndName(AgentSettings agentSettings, CommandSettings command); string GetFailedToFindPoolErrorString(); Task UpdateAgentAsync(AgentSettings agentSettings, TaskAgent agent, CommandSettings command); Task AddAgentAsync(AgentSettings agentSettings, TaskAgent agent, CommandSettings command); Task DeleteAgentAsync(AgentSettings agentSettings); Task GetAgentAsync(AgentSettings agentSettings); void ThrowTaskAgentExistException(AgentSettings agentSettings); } public class BuildReleasesAgentConfigProvider : AgentService, IConfigurationProvider { public Type ExtensionType => typeof(IConfigurationProvider); private ITerminal _term; protected IAgentServer _agentServer; public string ConfigurationProviderType => Constants.Agent.AgentConfigurationProvider.BuildReleasesAgentConfiguration; public bool IsCollectionPossible => false; public override void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); _term = hostContext.GetService(); _agentServer = HostContext.GetService(); } public void GetServerUrl(AgentSettings agentSettings, CommandSettings command) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); ArgUtil.NotNull(command, nameof(command)); agentSettings.ServerUrl = command.GetUrl(); } public void GetCollectionName(AgentSettings agentSettings, CommandSettings command, bool isHosted) { // Collection name is not required for Build/Release agent } public virtual async Task GetPoolIdAndName(AgentSettings agentSettings, CommandSettings command) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); ArgUtil.NotNull(command, nameof(command)); string poolName = command.GetPool(); TaskAgentPool agentPool = (await _agentServer.GetAgentPoolsAsync(poolName)).FirstOrDefault(); if (agentPool == null) { throw new TaskAgentPoolNotFoundException(StringUtil.Loc("PoolNotFound", poolName)); } else { Trace.Info(StringUtil.Format("Found pool {0} with id {1} and name {2}", poolName, agentPool.Id, agentPool.Name)); agentSettings.PoolId = agentPool.Id; agentSettings.PoolName = agentPool.Name; } } public string GetFailedToFindPoolErrorString() => StringUtil.Loc("FailedToFindPool"); public void ThrowTaskAgentExistException(AgentSettings agentSettings) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); throw new TaskAgentExistsException(StringUtil.Loc("AgentWithSameNameAlreadyExistInPool", agentSettings.PoolId, agentSettings.AgentName)); } public Task UpdateAgentAsync(AgentSettings agentSettings, TaskAgent agent, CommandSettings command) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); return _agentServer.UpdateAgentAsync(agentSettings.PoolId, agent); } public Task AddAgentAsync(AgentSettings agentSettings, TaskAgent agent, CommandSettings command) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); return _agentServer.AddAgentAsync(agentSettings.PoolId, agent); } public Task DeleteAgentAsync(AgentSettings agentSettings) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); return _agentServer.DeleteAgentAsync(agentSettings.PoolId, agentSettings.AgentId); } public async Task TestConnectionAsync(AgentSettings agentSettings, VssCredentials creds, bool isHosted, bool skipServerCertificateValidation = false) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); _term.WriteLine(StringUtil.Loc("ConnectingToServer")); await _agentServer.ConnectAsync(new Uri(agentSettings.ServerUrl), creds); } public async Task GetAgentAsync(AgentSettings agentSettings) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); var agents = await _agentServer.GetAgentsAsync(agentSettings.PoolId, agentSettings.AgentName); Trace.Verbose(StringUtil.Format("Returns {0} agents", agents.Count)); return agents.FirstOrDefault(); } } public class DeploymentGroupAgentConfigProvider : AgentService, IConfigurationProvider { public Type ExtensionType => typeof(IConfigurationProvider); public string ConfigurationProviderType => Constants.Agent.AgentConfigurationProvider.DeploymentAgentConfiguration; public bool IsCollectionPossible => true; protected ITerminal _term; protected string _projectName = string.Empty; private IDeploymentGroupServer _deploymentGroupServer = null; public override void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); _term = hostContext.GetService(); _deploymentGroupServer = HostContext.GetService(); } public void GetServerUrl(AgentSettings agentSettings, CommandSettings command) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); ArgUtil.NotNull(command, nameof(command)); agentSettings.ServerUrl = command.GetUrl(); Trace.Info(StringUtil.Format("url - {0}", agentSettings.ServerUrl)); } public void GetCollectionName(AgentSettings agentSettings, CommandSettings command, bool isHosted) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); ArgUtil.NotNull(command, nameof(command)); // for onprem tfs, collection is required for deploymentGroup if (!isHosted) { Trace.Info("Provided url is for onprem tfs, need collection name"); agentSettings.CollectionName = command.GetCollectionName(); } } public virtual async Task GetPoolIdAndName(AgentSettings agentSettings, CommandSettings command) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); ArgUtil.NotNull(command, nameof(command)); _projectName = command.GetProjectName(_projectName); var deploymentGroupName = command.GetDeploymentGroupName(); var deploymentGroup = await GetDeploymentGroupAsync(_projectName, deploymentGroupName); Trace.Info($"PoolId for deployment group '{deploymentGroupName}' is '{deploymentGroup.Pool.Id}'."); Trace.Info($"Project id for deployment group '{deploymentGroupName}' is '{deploymentGroup.Project.Id.ToString()}'."); agentSettings.PoolId = deploymentGroup.Pool.Id; agentSettings.PoolName = deploymentGroup.Pool.Name; agentSettings.DeploymentGroupId = deploymentGroup.Id; agentSettings.ProjectId = deploymentGroup.Project.Id.ToString(); } public virtual string GetFailedToFindPoolErrorString() => StringUtil.Loc("FailedToFindDeploymentGroup"); public virtual void ThrowTaskAgentExistException(AgentSettings agentSettings) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); throw new TaskAgentExistsException(StringUtil.Loc("DeploymentMachineWithSameNameAlreadyExistInDeploymentGroup", agentSettings.DeploymentGroupId, agentSettings.AgentName)); } public virtual async Task UpdateAgentAsync(AgentSettings agentSettings, TaskAgent agent, CommandSettings command) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); ArgUtil.NotNull(command, nameof(command)); var deploymentMachine = (await this.GetDeploymentTargetsAsync(agentSettings)).FirstOrDefault(); deploymentMachine.Agent = agent; deploymentMachine = await _deploymentGroupServer.ReplaceDeploymentTargetAsync(new Guid(agentSettings.ProjectId), agentSettings.DeploymentGroupId, deploymentMachine.Id, deploymentMachine); await GetAndAddTags(deploymentMachine, agentSettings, command); return deploymentMachine.Agent; } public virtual async Task AddAgentAsync(AgentSettings agentSettings, TaskAgent agent, CommandSettings command) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); ArgUtil.NotNull(command, nameof(command)); var deploymentMachine = new DeploymentMachine() { Agent = agent }; var azureSubscriptionId = await GetAzureSubscriptionIdAsync(); if (!String.IsNullOrEmpty(azureSubscriptionId)) { deploymentMachine.Properties.Add("AzureSubscriptionId", azureSubscriptionId); } deploymentMachine = await _deploymentGroupServer.AddDeploymentTargetAsync(new Guid(agentSettings.ProjectId), agentSettings.DeploymentGroupId, deploymentMachine); await GetAndAddTags(deploymentMachine, agentSettings, command); return deploymentMachine.Agent; } public virtual async Task DeleteAgentAsync(AgentSettings agentSettings) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); var machines = await GetDeploymentTargetsAsync(agentSettings); Trace.Verbose(StringUtil.Format("Returns {0} machines with name {1}", machines.Count, agentSettings.AgentName)); var machine = machines.FirstOrDefault(); if (machine != null) { if (!string.IsNullOrWhiteSpace(agentSettings.ProjectId)) { await _deploymentGroupServer.DeleteDeploymentTargetAsync(new Guid(agentSettings.ProjectId), agentSettings.DeploymentGroupId, machine.Id); } else { await _deploymentGroupServer.DeleteDeploymentTargetAsync(agentSettings.ProjectName, agentSettings.DeploymentGroupId, machine.Id); } } } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "CreateConnection")] public virtual async Task TestConnectionAsync(AgentSettings agentSettings, VssCredentials creds, bool isHosted, bool skipServerCertificateValidation = false) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); var url = agentSettings.ServerUrl; // Ensure not to update back the url with agentSettings !!! _term.WriteLine(StringUtil.Loc("ConnectingToServer")); // Create the connection for deployment group Trace.Info("Test connection with deployment group"); if (!isHosted && !string.IsNullOrWhiteSpace(agentSettings.CollectionName)) // For on-prm validate the collection by making the connection { UriBuilder uriBuilder = new UriBuilder(new Uri(url)); uriBuilder.Path = uriBuilder.Path + "/" + agentSettings.CollectionName; Trace.Info(StringUtil.Format("Tfs Collection level url to connect - {0}", uriBuilder.Uri.AbsoluteUri)); url = uriBuilder.Uri.AbsoluteUri; } VssConnection deploymentGroupconnection = VssUtil.CreateConnection(new Uri(url), creds, trace: Trace, skipServerCertificateValidation); await _deploymentGroupServer.ConnectAsync(deploymentGroupconnection); Trace.Info("Connect complete for deployment group"); } public virtual async Task GetAgentAsync(AgentSettings agentSettings) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); var machines = await GetDeploymentTargetsAsync(agentSettings); Trace.Verbose(StringUtil.Format("Returns {0} machines", machines.Count)); var machine = machines.FirstOrDefault(); if (machine != null) { return machine.Agent; } return null; } private async Task GetAndAddTags(DeploymentMachine deploymentMachine, AgentSettings agentSettings, CommandSettings command) { // Get and apply Tags in case agent is configured against Deployment Group if (command.GetDeploymentGroupTagsRequired()) { try { string tagString = command.GetDeploymentGroupTags(); Trace.Info(StringUtil.Format("Given tags - {0} will be processed and added", tagString)); if (!string.IsNullOrWhiteSpace(tagString)) { var tagsList = tagString.Split(',').Where(s => !string.IsNullOrWhiteSpace(s)) .Select(s => s.Trim()) .Distinct(StringComparer.CurrentCultureIgnoreCase).ToList(); if (tagsList.Any()) { Trace.Info(StringUtil.Format("Adding tags - {0}", string.Join(",", tagsList.ToArray()))); deploymentMachine.Tags = tagsList; await _deploymentGroupServer.UpdateDeploymentTargetsAsync(new Guid(agentSettings.ProjectId), agentSettings.DeploymentGroupId, new List() { deploymentMachine }); _term.WriteLine(StringUtil.Loc("DeploymentGroupTagsAddedMsg")); } } } catch (Exception e) when (!command.Unattended()) { _term.WriteError(e); _term.WriteError(StringUtil.Loc("FailedToAddTags")); } } } private async Task GetDeploymentGroupAsync(string projectName, string deploymentGroupName) { ArgUtil.NotNull(_deploymentGroupServer, nameof(_deploymentGroupServer)); var deploymentGroup = (await _deploymentGroupServer.GetDeploymentGroupsAsync(projectName, deploymentGroupName)).FirstOrDefault(); if (deploymentGroup == null) { throw new DeploymentGroupNotFoundException(StringUtil.Loc("DeploymentGroupNotFound", deploymentGroupName)); } Trace.Info(StringUtil.Format("Found deployment group {0} with id {1}", deploymentGroupName, deploymentGroup.Id)); return deploymentGroup; } private async Task> GetDeploymentTargetsAsync(AgentSettings agentSettings) { List machines; if (!string.IsNullOrWhiteSpace(agentSettings.ProjectId)) { machines = await _deploymentGroupServer.GetDeploymentTargetsAsync(new Guid(agentSettings.ProjectId), agentSettings.DeploymentGroupId, agentSettings.AgentName); } else { machines = await _deploymentGroupServer.GetDeploymentTargetsAsync(agentSettings.ProjectName, agentSettings.DeploymentGroupId, agentSettings.AgentName); } return machines; } private async Task GetAzureSubscriptionIdAsync() { // We will use the Azure Instance Metadata Service in order to fetch metadata ( in this case Subscription Id used to provision the VM) if the VM is an Azure VM // More on Instance Metadata Service can be found here: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service string azureSubscriptionId = string.Empty; const string imdsUri = "http://169.254.169.254/metadata/instance/compute/subscriptionId?api-version=2017-08-01&format=text"; using (var handler = HostContext.CreateHttpClientHandler()) using (var httpClient = new HttpClient(handler)) { httpClient.DefaultRequestHeaders.Add("Metadata", "True"); httpClient.Timeout = TimeSpan.FromSeconds(5); try { azureSubscriptionId = await httpClient.GetStringAsync(imdsUri); if (!Guid.TryParse(azureSubscriptionId, out Guid result)) { azureSubscriptionId = string.Empty; } } catch (HttpRequestException httpEx) { azureSubscriptionId = string.Empty; Trace.Info($"HTTP error accessing Azure IMDS: {httpEx.Message}"); } catch (TaskCanceledException tcEx) when (tcEx.InnerException is System.TimeoutException) { azureSubscriptionId = string.Empty; Trace.Info($"Timeout accessing Azure IMDS (not running on Azure): {tcEx.Message}"); } catch (SocketException ex) { azureSubscriptionId = string.Empty; ExceptionsUtil.HandleSocketException(ex, imdsUri, (message) => Trace.Info(message)); } catch (Exception ex) { // An exception will be thrown if the Agent Machine is a non-Azure VM. azureSubscriptionId = string.Empty; Trace.Info($"GetAzureSubscriptionId ex: {ex.Message}"); Trace.Info(ex.ToString()); } } return azureSubscriptionId; } } public class SharedDeploymentAgentConfigProvider : BuildReleasesAgentConfigProvider, IConfigurationProvider { public new string ConfigurationProviderType => Constants.Agent.AgentConfigurationProvider.SharedDeploymentAgentConfiguration; public override async Task GetPoolIdAndName(AgentSettings agentSettings, CommandSettings command) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); ArgUtil.NotNull(command, nameof(command)); string poolName = command.GetDeploymentPoolName(); TaskAgentPool agentPool = (await _agentServer.GetAgentPoolsAsync(poolName, TaskAgentPoolType.Deployment)).FirstOrDefault(); if (agentPool == null) { throw new TaskAgentPoolNotFoundException(StringUtil.Loc("DeploymentPoolNotFound", poolName)); } else { Trace.Info(StringUtil.Format("Found deployment pool {0} with id {1} and name {2}", poolName, agentPool.Id, agentPool.Name)); agentSettings.PoolId = agentPool.Id; agentSettings.PoolName = agentPool.Name; } } } public class EnvironmentVMResourceConfigProvider : DeploymentGroupAgentConfigProvider, IConfigurationProvider { public new string ConfigurationProviderType => Constants.Agent.AgentConfigurationProvider.EnvironmentVMResourceConfiguration; private IEnvironmentsServer _environmentsServer = null; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _environmentsServer = HostContext.GetService(); } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "environmentConnection")] public override async Task TestConnectionAsync(AgentSettings agentSettings, VssCredentials creds, bool isHosted, bool skipServerCertificateValidation = false) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); var url = agentSettings.ServerUrl; // Ensure not to update back the url with agentSettings !!! _term.WriteLine(StringUtil.Loc("ConnectingToServer")); // Create the connection for environment virtual machine resource Trace.Info("Test connection with environment"); if (!isHosted && !string.IsNullOrWhiteSpace(agentSettings.CollectionName)) // For on-prm validate the collection by making the connection { UriBuilder uriBuilder = new UriBuilder(new Uri(url)); uriBuilder.Path = uriBuilder.Path + "/" + agentSettings.CollectionName; Trace.Info(StringUtil.Format("Tfs Collection level url to connect - {0}", uriBuilder.Uri.AbsoluteUri)); url = uriBuilder.Uri.AbsoluteUri; } VssConnection environmentConnection = VssUtil.CreateConnection(new Uri(url), creds, trace: Trace, skipServerCertificateValidation); await _environmentsServer.ConnectAsync(environmentConnection); Trace.Info("Connection complete for environment"); } public override async Task GetPoolIdAndName(AgentSettings agentSettings, CommandSettings command) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); ArgUtil.NotNull(command, nameof(command)); _projectName = command.GetProjectName(_projectName); var environmentName = command.GetEnvironmentName(); Trace.Info(StringUtil.Format("vm resource will be configured against the environment '{0}'", environmentName)); var environmentInstance = await GetEnvironmentAsync(_projectName, environmentName); agentSettings.EnvironmentName = environmentName; agentSettings.EnvironmentId = environmentInstance.Id; agentSettings.ProjectName = environmentInstance.Project.Name; agentSettings.ProjectId = environmentInstance.Project.Id.ToString(); Trace.Info(StringUtil.Format("vm resource configuration: environment id: '{0}', project name: '{1}', project id: '{2}'", agentSettings.EnvironmentId, agentSettings.ProjectName, agentSettings.ProjectId)); } public override string GetFailedToFindPoolErrorString() => StringUtil.Loc("FailedToFindEnvironment"); public override void ThrowTaskAgentExistException(AgentSettings agentSettings) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); throw new TaskAgentExistsException(StringUtil.Loc("VMResourceWithSameNameAlreadyExistInEnvironment", agentSettings.EnvironmentId, agentSettings.AgentName)); } public override async Task AddAgentAsync(AgentSettings agentSettings, TaskAgent agent, CommandSettings command) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); ArgUtil.NotNull(agent, nameof(agent)); ArgUtil.NotNull(command, nameof(command)); var virtualMachine = new VirtualMachineResource() { Name = agent.Name, Agent = agent }; var tags = GetVirtualMachineResourceTags(command); virtualMachine.Tags = tags; virtualMachine = await _environmentsServer.AddEnvironmentVMAsync(new Guid(agentSettings.ProjectId), agentSettings.EnvironmentId, virtualMachine); Trace.Info(StringUtil.Format("Environment virtual machine resource with name: '{0}', id: '{1}' has been added successfully.", virtualMachine.Name, virtualMachine.Id)); var pool = await _environmentsServer.GetEnvironmentPoolAsync(new Guid(agentSettings.ProjectId), agentSettings.EnvironmentId); Trace.Info(StringUtil.Format("environment pool id: '{0}'", pool.Id)); agentSettings.PoolId = pool.Id; agentSettings.AgentName = virtualMachine.Name; agentSettings.EnvironmentVMResourceId = virtualMachine.Id; return virtualMachine.Agent; } private IList GetVirtualMachineResourceTags(CommandSettings command) { // Get and apply Tags in case agent is configured against Deployment Group var result = new List(); bool needToAddTags = command.GetEnvironmentVirtualMachineResourceTagsRequired(); if (needToAddTags) { string tagString = command.GetEnvironmentVirtualMachineResourceTags(); Trace.Info(StringUtil.Format("Given tags - '{0}' will be processed and added to environment vm resource", tagString)); if (!string.IsNullOrWhiteSpace(tagString)) { var tagsList = tagString.Split(',').Where(s => !string.IsNullOrWhiteSpace(s)) .Select(s => s.Trim()) .Distinct(StringComparer.CurrentCultureIgnoreCase).ToList(); result.AddRange(tagsList); } } return result; } public override async Task DeleteAgentAsync(AgentSettings agentSettings) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); Trace.Info(StringUtil.Format("Deleting environment virtual machine resource with id: '{0}'", agentSettings.EnvironmentVMResourceId)); if (!string.IsNullOrWhiteSpace(agentSettings.ProjectId)) { await _environmentsServer.DeleteEnvironmentVMAsync(new Guid(agentSettings.ProjectId), agentSettings.EnvironmentId, agentSettings.EnvironmentVMResourceId); } else { await _environmentsServer.DeleteEnvironmentVMAsync(agentSettings.ProjectName, agentSettings.EnvironmentId, agentSettings.EnvironmentVMResourceId); } Trace.Info(StringUtil.Format("Environment virtual machine resource with id: '{0}' has been successfully deleted.", agentSettings.EnvironmentVMResourceId)); } public override async Task GetAgentAsync(AgentSettings agentSettings) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); var vmResources = await GetEnvironmentVMsAsync(agentSettings); Trace.Verbose(StringUtil.Format("Returns {0} virtual machine resources", vmResources.Count)); var machine = vmResources.FirstOrDefault(); if (machine != null) { return machine.Agent; } return null; } public override async Task UpdateAgentAsync(AgentSettings agentSettings, TaskAgent agent, CommandSettings command) { ArgUtil.NotNull(agentSettings, nameof(agentSettings)); ArgUtil.NotNull(command, nameof(command)); var tags = GetVirtualMachineResourceTags(command); var vmResource = (await GetEnvironmentVMsAsync(agentSettings)).FirstOrDefault(); vmResource.Agent = agent; vmResource.Tags = tags; Trace.Info(StringUtil.Format("Replacing environment virtual machine resource with id: '{0}'", vmResource.Id)); vmResource = await _environmentsServer.ReplaceEnvironmentVMAsync(new Guid(agentSettings.ProjectId), agentSettings.EnvironmentId, vmResource); Trace.Info(StringUtil.Format("environment virtual machine resource with id: '{0}' has been replaced successfully", vmResource.Id)); var pool = await _environmentsServer.GetEnvironmentPoolAsync(new Guid(agentSettings.ProjectId), agentSettings.EnvironmentId); agentSettings.AgentName = vmResource.Name; agentSettings.EnvironmentVMResourceId = vmResource.Id; agentSettings.PoolId = pool.Id; return vmResource.Agent; } private async Task GetEnvironmentAsync(string projectName, string environmentName) { ArgUtil.NotNull(_environmentsServer, nameof(_environmentsServer)); var environment = (await _environmentsServer.GetEnvironmentsAsync(projectName, environmentName)).FirstOrDefault(); if (environment == null) { throw new EnvironmentNotFoundException(StringUtil.Loc("EnvironmentNotFound", environmentName)); } Trace.Info(StringUtil.Format("Found environment {0} with id {1}", environmentName, environment.Id)); return environment; } private async Task> GetEnvironmentVMsAsync(AgentSettings agentSettings) { List machines; if (!string.IsNullOrWhiteSpace(agentSettings.ProjectId)) { machines = await _environmentsServer.GetEnvironmentVMsAsync(new Guid(agentSettings.ProjectId), agentSettings.EnvironmentId, agentSettings.AgentName); } else { machines = await _environmentsServer.GetEnvironmentVMsAsync(agentSettings.ProjectName, agentSettings.EnvironmentId, agentSettings.AgentName); } return machines; } } } ================================================ FILE: src/Agent.Listener/Configuration/CredentialManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.Agent.Listener.Telemetry; using Newtonsoft.Json; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { // TODO: Refactor extension manager to enable using it from the agent process. [ServiceLocator(Default = typeof(CredentialManager))] public interface ICredentialManager : IAgentService { ICredentialProvider GetCredentialProvider(string credType); VssCredentials LoadCredentials(); } public class CredentialManager : AgentService, ICredentialManager { public static readonly Dictionary CredentialTypes = new(StringComparer.OrdinalIgnoreCase) { { Constants.Configuration.AAD, typeof(AadDeviceCodeAccessToken)}, { Constants.Configuration.PAT, typeof(PersonalAccessToken)}, { Constants.Configuration.Alternate, typeof(AlternateCredential)}, { Constants.Configuration.Negotiate, typeof(NegotiateCredential)}, { Constants.Configuration.Integrated, typeof(IntegratedCredential)}, { Constants.Configuration.OAuth, typeof(OAuthCredential)}, { Constants.Configuration.ServiceIdentity, typeof(ServiceIdentityCredential)}, { Constants.Configuration.ServicePrincipal, typeof(ServicePrincipalCredential)}, }; public ICredentialProvider GetCredentialProvider(string credType) { Trace.Info(nameof(GetCredentialProvider)); Trace.Info(StringUtil.Format("Creating type {0}", credType)); if (!CredentialTypes.ContainsKey(credType)) { throw new ArgumentException("Invalid Credential Type"); } Trace.Info(StringUtil.Format("Creating credential type: {0}", credType)); var creds = Activator.CreateInstance(CredentialTypes[credType]) as ICredentialProvider; Trace.Verbose("Created credential type"); return creds; } public VssCredentials LoadCredentials() { IConfigurationStore store = HostContext.GetService(); if (!store.HasCredentials()) { throw new InvalidOperationException("Credentials not stored. Must reconfigure."); } CredentialData credData = store.GetCredentials(); ICredentialProvider credProv = GetCredentialProvider(credData.Scheme); credProv.CredentialData = credData; VssCredentials creds = credProv.GetVssCredentials(HostContext); return creds; } } } ================================================ FILE: src/Agent.Listener/Configuration/CredentialProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Net.Http; using System.Net.Http.Headers; using System.Net.Sockets; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Util; using Microsoft.Identity.Client; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Client; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Azure.Identity; using System.Threading; using Azure.Core; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { public interface ICredentialProvider { Boolean RequireInteractive { get; } CredentialData CredentialData { get; set; } VssCredentials GetVssCredentials(IHostContext context); void EnsureCredential(IHostContext context, CommandSettings command, string serverUrl); } public abstract class CredentialProvider : ICredentialProvider { public CredentialProvider(string scheme) { CredentialData = new CredentialData(); CredentialData.Scheme = scheme; } public virtual Boolean RequireInteractive => false; public CredentialData CredentialData { get; set; } public abstract VssCredentials GetVssCredentials(IHostContext context); public abstract void EnsureCredential(IHostContext context, CommandSettings command, string serverUrl); } public sealed class AadDeviceCodeAccessToken : CredentialProvider { private IPublicClientApplication _app = null; private readonly string _clientId = "97877f11-0fc6-4aee-b1ff-febb0519dd00"; private readonly string _userImpersonationScope = "499b84ac-1321-427f-aa17-267ca6975798/.default"; public AadDeviceCodeAccessToken() : base(Constants.Configuration.AAD) { } public override VssCredentials GetVssCredentials(IHostContext context) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(AadDeviceCodeAccessToken)); trace.Info(nameof(GetVssCredentials)); CredentialData.Data.TryGetValue(Constants.Agent.CommandLine.Args.Url, out string serverUrl); ArgUtil.NotNullOrEmpty(serverUrl, nameof(serverUrl)); var tenantAuthorityUrl = GetTenantAuthorityUrl(context, serverUrl); if (tenantAuthorityUrl == null) { throw new NotSupportedException($"This Azure DevOps organization '{serverUrl}' is not backed by Azure Active Directory."); } if (_app == null) _app = PublicClientApplicationBuilder.Create(_clientId).Build(); var authResult = AcquireATokenFromCacheOrDeviceCodeFlowAsync(context, _app, new string[] { _userImpersonationScope }).GetAwaiter().GetResult(); var aadCred = new VssAadCredential(new VssAadToken(authResult.TokenType, authResult.AccessToken)); VssCredentials creds = new VssCredentials(null, aadCred, CredentialPromptType.DoNotPrompt); trace.Info("cred created"); return creds; } public override void EnsureCredential(IHostContext context, CommandSettings command, string serverUrl) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(AadDeviceCodeAccessToken)); trace.Info(nameof(EnsureCredential)); ArgUtil.NotNull(command, nameof(command)); CredentialData.Data[Constants.Agent.CommandLine.Args.Url] = serverUrl; } private async Task AcquireATokenFromCacheOrDeviceCodeFlowAsync(IHostContext context, IPublicClientApplication app, IEnumerable scopes) { AuthenticationResult result = null; var accounts = await app.GetAccountsAsync().ConfigureAwait(false); if (accounts.Any()) { // Attempt to get a token from the cache (or refresh it silently if needed) result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault()) .ExecuteAsync().ConfigureAwait(false); } // Cache empty or no token for account in the cache, attempt by device code flow if (result == null) { result = await GetTokenUsingDeviceCodeFlowAsync(context, app, scopes).ConfigureAwait(false); } return result; } private Uri GetTenantAuthorityUrl(IHostContext context, string serverUrl) { Tracing trace = context.GetTrace(nameof(AadDeviceCodeAccessToken)); using (var handler = context.CreateHttpClientHandler()) using (var client = new HttpClient(handler)) { client.DefaultRequestHeaders.Accept.Clear(); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); client.DefaultRequestHeaders.Add("X-TFS-FedAuthRedirect", "Suppress"); client.DefaultRequestHeaders.UserAgent.Clear(); client.DefaultRequestHeaders.UserAgent.AddRange(VssClientHttpRequestSettings.Default.UserAgent); using (var requestMessage = new HttpRequestMessage(HttpMethod.Head, $"{serverUrl.Trim('/')}/_apis/connectiondata")) { HttpResponseMessage response; try { response = client.SendAsync(requestMessage).GetAwaiter().GetResult(); } catch (SocketException e) { ExceptionsUtil.HandleSocketException(e, serverUrl, (message) => trace.Error(message)); throw; } // Get the tenant from the Login URL, MSA backed accounts will not return `Bearer` www-authenticate header. var bearerResult = response.Headers.WwwAuthenticate.Where(p => p.Scheme.Equals("Bearer", StringComparison.OrdinalIgnoreCase)).FirstOrDefault(); if (bearerResult != null && bearerResult.Parameter.StartsWith("authorization_uri=", StringComparison.OrdinalIgnoreCase)) { var authorizationUri = bearerResult.Parameter.Substring("authorization_uri=".Length); if (Uri.TryCreate(authorizationUri, UriKind.Absolute, out Uri aadTenantUrl)) { return aadTenantUrl; } } return null; } } } /// /// Gets an access token so that the application accesses the web api in the name of the user /// who signs-in on a separate device /// /// An authentication result, or null if the user canceled sign-in, or did not sign-in on a separate device /// after a timeout (15 mins) private async Task GetTokenUsingDeviceCodeFlowAsync(IHostContext context, IPublicClientApplication app, IEnumerable scopes) { Tracing trace = context.GetTrace(nameof(AadDeviceCodeAccessToken)); AuthenticationResult result; try { result = await app.AcquireTokenWithDeviceCode(scopes, deviceCodeCallback => { // This will print the message on the console which tells the user where to go sign-in using // a separate browser and the code to enter once they sign in. var term = context.GetService(); term.WriteLine($"Please finish AAD device code flow in browser ({deviceCodeCallback.VerificationUrl}), user code: {deviceCodeCallback.UserCode}"); return Task.FromResult(0); }).ExecuteAsync().ConfigureAwait(false); } catch (MsalServiceException) { // AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials. // AADSTS90133: Device Code flow is not supported under /common or /consumers endpoint. // AADSTS90002: Tenant not found. This may happen if there are // no active subscriptions for the tenant. Check with your subscription administrator. throw; } catch (OperationCanceledException ex) { trace.Warning(ex.Message); result = null; } catch (MsalClientException ex) { trace.Warning(ex.Message); result = null; } return result; } } public sealed class PersonalAccessToken : CredentialProvider { public PersonalAccessToken() : base(Constants.Configuration.PAT) { } public override VssCredentials GetVssCredentials(IHostContext context) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(PersonalAccessToken)); trace.Info(nameof(GetVssCredentials)); ArgUtil.NotNull(CredentialData, nameof(CredentialData)); string token; if (!CredentialData.Data.TryGetValue(Constants.Agent.CommandLine.Args.Token, out token)) { token = null; } ArgUtil.NotNullOrEmpty(token, nameof(token)); trace.Info(StringUtil.Format("token retrieved: {0} chars", token.Length)); // PAT uses a basic credential VssBasicCredential basicCred = new VssBasicCredential("VstsAgent", token); VssCredentials creds = new VssCredentials(null, basicCred, CredentialPromptType.DoNotPrompt); trace.Info("cred created"); return creds; } public override void EnsureCredential(IHostContext context, CommandSettings command, string serverUrl) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(PersonalAccessToken)); trace.Info(nameof(EnsureCredential)); ArgUtil.NotNull(command, nameof(command)); CredentialData.Data[Constants.Agent.CommandLine.Args.Token] = command.GetToken(); } } public sealed class ServiceIdentityCredential : CredentialProvider { public ServiceIdentityCredential() : base(Constants.Configuration.ServiceIdentity) { } public override VssCredentials GetVssCredentials(IHostContext context) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(ServiceIdentityCredential)); trace.Info(nameof(GetVssCredentials)); ArgUtil.NotNull(CredentialData, nameof(CredentialData)); string token; if (!CredentialData.Data.TryGetValue(Constants.Agent.CommandLine.Args.Token, out token)) { token = null; } string username; if (!CredentialData.Data.TryGetValue(Constants.Agent.CommandLine.Args.UserName, out username)) { username = null; } ArgUtil.NotNullOrEmpty(token, nameof(token)); ArgUtil.NotNullOrEmpty(username, nameof(username)); trace.Info(StringUtil.Format("token retrieved: {0} chars", token.Length)); // ServiceIdentity uses a service identity credential VssServiceIdentityToken identityToken = new VssServiceIdentityToken(token); VssServiceIdentityCredential serviceIdentityCred = new VssServiceIdentityCredential(username, "", identityToken); VssCredentials creds = new VssCredentials(null, serviceIdentityCred, CredentialPromptType.DoNotPrompt); trace.Info("cred created"); return creds; } public override void EnsureCredential(IHostContext context, CommandSettings command, string serverUrl) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(ServiceIdentityCredential)); trace.Info(nameof(EnsureCredential)); ArgUtil.NotNull(command, nameof(command)); CredentialData.Data[Constants.Agent.CommandLine.Args.Token] = command.GetToken(); CredentialData.Data[Constants.Agent.CommandLine.Args.UserName] = command.GetUserName(); } } public sealed class AlternateCredential : CredentialProvider { public AlternateCredential() : base(Constants.Configuration.Alternate) { } public override VssCredentials GetVssCredentials(IHostContext context) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(AlternateCredential)); trace.Info(nameof(GetVssCredentials)); string username; if (!CredentialData.Data.TryGetValue(Constants.Agent.CommandLine.Args.UserName, out username)) { username = null; } string password; if (!CredentialData.Data.TryGetValue(Constants.Agent.CommandLine.Args.Password, out password)) { password = null; } ArgUtil.NotNull(username, nameof(username)); ArgUtil.NotNull(password, nameof(password)); trace.Info(StringUtil.Format("username retrieved: {0} chars", username.Length)); trace.Info(StringUtil.Format("password retrieved: {0} chars", password.Length)); VssBasicCredential loginCred = new VssBasicCredential(username, password); VssCredentials creds = new VssCredentials(null, loginCred, CredentialPromptType.DoNotPrompt); trace.Info("cred created"); return creds; } public override void EnsureCredential(IHostContext context, CommandSettings command, string serverUrl) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(AlternateCredential)); trace.Info(nameof(EnsureCredential)); ArgUtil.NotNull(command, nameof(command)); CredentialData.Data[Constants.Agent.CommandLine.Args.UserName] = command.GetUserName(); CredentialData.Data[Constants.Agent.CommandLine.Args.Password] = command.GetPassword(); } } public sealed class ServicePrincipalCredential : CredentialProvider { public ServicePrincipalCredential() : base(Constants.Configuration.ServicePrincipal) { } public override VssCredentials GetVssCredentials(IHostContext context) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(ServicePrincipalCredential)); trace.Info(nameof(GetVssCredentials)); CredentialData.Data.TryGetValue(Constants.Agent.CommandLine.Args.TenantId, out string tenantId); ArgUtil.NotNullOrEmpty(tenantId, nameof(tenantId)); trace.Info(StringUtil.Format("tenant id retrieved: {0} chars", tenantId.Length)); CredentialData.Data.TryGetValue(Constants.Agent.CommandLine.Args.ClientId, out string clientId); ArgUtil.NotNullOrEmpty(clientId, nameof(clientId)); trace.Info(StringUtil.Format("client id retrieved: {0} chars", clientId.Length)); CredentialData.Data.TryGetValue(Constants.Agent.CommandLine.Args.ClientSecret, out string clientSecret); ArgUtil.NotNullOrEmpty(clientSecret, nameof(clientSecret)); trace.Info(StringUtil.Format("client secret retrieved: {0} chars", clientSecret.Length)); var credential = new ClientSecretCredential(tenantId, clientId, clientSecret); var tokenRequestContext = new TokenRequestContext(VssAadSettings.DefaultScopes); var accessToken = credential.GetTokenAsync(tokenRequestContext, CancellationToken.None).GetAwaiter().GetResult(); var vssAadToken = new VssAadToken("Bearer", accessToken.Token); var vssAadCredentials = new VssAadCredential(vssAadToken); var creds = new VssCredentials(vssAadCredentials); trace.Info("cred created"); return creds; } public override void EnsureCredential(IHostContext context, CommandSettings command, string serverUrl) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(ServicePrincipalCredential)); trace.Info(nameof(EnsureCredential)); ArgUtil.NotNull(command, nameof(command)); CredentialData.Data[Constants.Agent.CommandLine.Args.ClientId] = command.GetClientId(); CredentialData.Data[Constants.Agent.CommandLine.Args.TenantId] = command.GetTenantId(); CredentialData.Data[Constants.Agent.CommandLine.Args.ClientSecret] = command.GetClientSecret(); } } } ================================================ FILE: src/Agent.Listener/Configuration/FeatureFlagProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.FeatureAvailability; using Microsoft.VisualStudio.Services.FeatureAvailability.WebApi; using System; using System.Threading; using System.Threading.Tasks; namespace Agent.Listener.Configuration { [ServiceLocator(Default = typeof(FeatureFlagProvider))] public interface IFeatureFlagProvider : IAgentService { /// /// Gets the status of a feature flag from the specified service endpoint. /// If request fails, the feature flag is assumed to be off. /// /// Agent host contexts /// The name of the feature flag to get the status of. /// Trace writer for output /// The status of the feature flag. /// Thrown if agent is not configured public Task GetFeatureFlagAsync(IHostContext context, string featureFlagName, ITraceWriter traceWriter, CancellationToken ctk = default); public Task GetFeatureFlagWithCred(IHostContext context, string featureFlagName, ITraceWriter traceWriter, AgentSettings settings, VssCredentials creds, CancellationToken ctk = default); } public class FeatureFlagProvider : AgentService, IFeatureFlagProvider { public async Task GetFeatureFlagAsync(IHostContext context, string featureFlagName, ITraceWriter traceWriter, CancellationToken ctk = default) { traceWriter.Verbose(nameof(GetFeatureFlagAsync)); ArgUtil.NotNull(featureFlagName, nameof(featureFlagName)); var credMgr = context.GetService(); VssCredentials creds = credMgr.LoadCredentials(); var configManager = context.GetService(); AgentSettings settings = configManager.LoadSettings(); return await GetFeatureFlagWithCred(context, featureFlagName, traceWriter, settings, creds, ctk); } public async Task GetFeatureFlagWithCred(IHostContext context, string featureFlagName, ITraceWriter traceWriter, AgentSettings settings, VssCredentials creds, CancellationToken ctk) { var agentCertManager = context.GetService(); ArgUtil.NotNull(creds, nameof(creds)); using var vssConnection = VssUtil.CreateConnection(new Uri(settings.ServerUrl), creds, traceWriter, agentCertManager.SkipServerCertificateValidation); var client = vssConnection.GetClient(); try { return await client.GetFeatureFlagByNameAsync(featureFlagName, checkFeatureExists: false, ctk); } catch (Exception e) { Trace.Warning("Unable to retrieve feature flag status: " + e.ToString()); return new FeatureFlag(featureFlagName, "", "", "Off", "Off"); } } } } ================================================ FILE: src/Agent.Listener/Configuration/IRSAKeyManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Listener.Configuration; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using System; using System.Runtime.Serialization; using System.Security.Cryptography; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { /// /// Manages an RSA key for the agent using the most appropriate store for the target platform. /// [ServiceLocator( PreferredOnWindows = typeof(RSAEncryptedFileKeyManager), Default = typeof(RSAFileKeyManager) )] public interface IRSAKeyManager : IAgentService { /// /// Creates a new RSA instance for the current agent. If a key file is found then the current /// key is returned to the caller. /// /// An RSA instance representing the key for the agent RSA CreateKey(bool enableAgentKeyStoreInNamedContainer, bool useCng); /// /// Deletes the RSA key managed by the key manager. /// void DeleteKey(); /// /// Gets the RSACryptoServiceProvider instance currently stored by the key manager. /// /// An RSACryptoServiceProvider instance representing the key for the agent /// No key exists in the store RSA GetKey(); } public static class IRSAKeyManagerExtensions { public static async Task<(bool useNamedContainer, bool useCng)> GetStoreAgentTokenInNamedContainerFF(this IRSAKeyManager _, IHostContext hostContext, global::Agent.Sdk.ITraceWriter trace, AgentSettings agentSettings, VssCredentials creds, CancellationToken cancellationToken = default) { var useNamedContainer = AgentKnobs.StoreAgentKeyInCSPContainer.GetValue(UtilKnobValueContext.Instance()).AsBoolean(); var useCng = AgentKnobs.AgentKeyUseCng.GetValue(UtilKnobValueContext.Instance()).AsBoolean(); if (useNamedContainer || useCng) { return (useNamedContainer, useCng); } var featureFlagProvider = hostContext.GetService(); var enableAgentKeyStoreInNamedContainerFF = (await featureFlagProvider.GetFeatureFlagWithCred(hostContext, "DistributedTask.Agent.StoreAgentTokenInNamedContainer", trace, agentSettings, creds, cancellationToken)).EffectiveState == "On"; var useCngFF = (await featureFlagProvider.GetFeatureFlagWithCred(hostContext, "DistributedTask.Agent.UseCng", trace, agentSettings, creds, cancellationToken)).EffectiveState == "On"; return (enableAgentKeyStoreInNamedContainerFF, useCngFF); } public static (bool useNamedContainer, bool useCng) GetStoreAgentTokenConfig(this IRSAKeyManager _) { var useNamedContainer = AgentKnobs.StoreAgentKeyInCSPContainer.GetValue(UtilKnobValueContext.Instance()).AsBoolean(); var useCng = AgentKnobs.AgentKeyUseCng.GetValue(UtilKnobValueContext.Instance()).AsBoolean(); return (useNamedContainer, useCng); } } // Newtonsoft 10 is not working properly with dotnet RSAParameters class // RSAParameters has fields marked as [NonSerialized] which cause we loss those fields after serialize to JSON // https://github.com/JamesNK/Newtonsoft.Json/issues/1517 // https://github.com/dotnet/corefx/issues/23847 // As workaround, we create our own RSAParameters class without any [NonSerialized] attributes. [Serializable] internal class RSAParametersSerializable : ISerializable { private const string containerNameMemberName = "ContainerName"; private const string useCngMemberName = "UseCng"; private bool _useCng; private string _containerName; private RSAParameters _rsaParameters; public RSAParameters RSAParameters { get { return _rsaParameters; } } public RSAParametersSerializable(string containerName, bool useCng, RSAParameters rsaParameters) { _containerName = containerName; _useCng = useCng; _rsaParameters = rsaParameters; } private RSAParametersSerializable() { } public string ContainerName { get { return _containerName; } set { _containerName = value; } } public bool UseCng { get { return _useCng; } set { _useCng = value; } } public byte[] D { get { return _rsaParameters.D; } set { _rsaParameters.D = value; } } public byte[] DP { get { return _rsaParameters.DP; } set { _rsaParameters.DP = value; } } public byte[] DQ { get { return _rsaParameters.DQ; } set { _rsaParameters.DQ = value; } } public byte[] Exponent { get { return _rsaParameters.Exponent; } set { _rsaParameters.Exponent = value; } } public byte[] InverseQ { get { return _rsaParameters.InverseQ; } set { _rsaParameters.InverseQ = value; } } public byte[] Modulus { get { return _rsaParameters.Modulus; } set { _rsaParameters.Modulus = value; } } public byte[] P { get { return _rsaParameters.P; } set { _rsaParameters.P = value; } } public byte[] Q { get { return _rsaParameters.Q; } set { _rsaParameters.Q = value; } } public RSAParametersSerializable(SerializationInfo information, StreamingContext context) { bool hasContainerNameMember = false; bool hasUseCngMember = false; var e = information.GetEnumerator(); while (e.MoveNext()) { if (e.Name == containerNameMemberName) { hasContainerNameMember = true; } if (e.Name == useCngMemberName) { hasUseCngMember = true; } } _containerName = ""; _useCng = false; if (hasContainerNameMember) { _containerName = (string)information.GetValue(containerNameMemberName, typeof(string)); } if (hasUseCngMember) { _useCng = (bool)information.GetValue(useCngMemberName, typeof(bool)); } _rsaParameters = new RSAParameters() { D = (byte[])information.GetValue("d", typeof(byte[])), DP = (byte[])information.GetValue("dp", typeof(byte[])), DQ = (byte[])information.GetValue("dq", typeof(byte[])), Exponent = (byte[])information.GetValue("exponent", typeof(byte[])), InverseQ = (byte[])information.GetValue("inverseQ", typeof(byte[])), Modulus = (byte[])information.GetValue("modulus", typeof(byte[])), P = (byte[])information.GetValue("p", typeof(byte[])), Q = (byte[])information.GetValue("q", typeof(byte[])) }; } public void GetObjectData(SerializationInfo info, StreamingContext context) { info.AddValue(containerNameMemberName, _containerName); info.AddValue(useCngMemberName, _useCng); info.AddValue("d", _rsaParameters.D); info.AddValue("dp", _rsaParameters.DP); info.AddValue("dq", _rsaParameters.DQ); info.AddValue("exponent", _rsaParameters.Exponent); info.AddValue("inverseQ", _rsaParameters.InverseQ); info.AddValue("modulus", _rsaParameters.Modulus); info.AddValue("p", _rsaParameters.P); info.AddValue("q", _rsaParameters.Q); } } } ================================================ FILE: src/Agent.Listener/Configuration/IntegratedCredential.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { public sealed class IntegratedCredential : CredentialProvider { public IntegratedCredential() : base(Constants.Configuration.Integrated) { } public override VssCredentials GetVssCredentials(IHostContext context) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(IntegratedCredential)); trace.Info(nameof(GetVssCredentials)); // Create instance of VssConnection using default Windows credentials (NTLM) VssCredentials creds = new VssCredentials(true); trace.Verbose("cred created"); return creds; } public override void EnsureCredential(IHostContext context, CommandSettings command, string serverUrl) { //Integrated credentials do not require any configuration parameters } } } ================================================ FILE: src/Agent.Listener/Configuration/NegotiateCredential.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using System; using System.Net; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { public sealed class NegotiateCredential : CredentialProvider { public NegotiateCredential() : base(Constants.Configuration.Negotiate) { } public override VssCredentials GetVssCredentials(IHostContext context) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(NegotiateCredential)); trace.Info(nameof(GetVssCredentials)); ArgUtil.NotNull(CredentialData, nameof(CredentialData)); // Get the user name from the credential data. string userName; if (!CredentialData.Data.TryGetValue(Constants.Agent.CommandLine.Args.UserName, out userName)) { userName = null; } ArgUtil.NotNullOrEmpty(userName, nameof(userName)); trace.Info("User name retrieved."); // Get the password from the credential data. string password; if (!CredentialData.Data.TryGetValue(Constants.Agent.CommandLine.Args.Password, out password)) { password = null; } ArgUtil.NotNullOrEmpty(password, nameof(password)); trace.Info("Password retrieved."); // Get the URL from the credential data. string url; if (!CredentialData.Data.TryGetValue(Constants.Agent.CommandLine.Args.Url, out url)) { url = null; } ArgUtil.NotNullOrEmpty(url, nameof(url)); trace.Info($"URL retrieved: {url}"); // Create the Negotiate and NTLM credential object. var credential = new NetworkCredential(userName, password); var credentialCache = new CredentialCache(); switch (PlatformUtil.HostOS) { case PlatformUtil.OS.Linux: case PlatformUtil.OS.OSX: credentialCache.Add(new Uri(url), "NTLM", credential); break; case PlatformUtil.OS.Windows: credentialCache.Add(new Uri(url), "Negotiate", credential); break; } VssCredentials creds = new VssCredentials(new WindowsCredential(credentialCache), CredentialPromptType.DoNotPrompt); trace.Verbose("cred created"); return creds; } public override void EnsureCredential(IHostContext context, CommandSettings command, string serverUrl) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(PersonalAccessToken)); trace.Info(nameof(EnsureCredential)); ArgUtil.NotNull(command, nameof(command)); ArgUtil.NotNullOrEmpty(serverUrl, nameof(serverUrl)); //TODO: use Validators.NTAccountValidator when it works on Linux CredentialData.Data[Constants.Agent.CommandLine.Args.UserName] = command.GetUserName(); CredentialData.Data[Constants.Agent.CommandLine.Args.Password] = command.GetPassword(); CredentialData.Data[Constants.Agent.CommandLine.Args.Url] = serverUrl; } } } ================================================ FILE: src/Agent.Listener/Configuration/OAuthCredential.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.OAuth; using Microsoft.VisualStudio.Services.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { public class OAuthCredential : CredentialProvider { public OAuthCredential() : base(Constants.Configuration.OAuth) { } public override void EnsureCredential( IHostContext context, CommandSettings command, String serverUrl) { // Nothing to verify here } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "VssOAuthJwtBearerClientCredential")] public override VssCredentials GetVssCredentials(IHostContext context) { ArgUtil.NotNull(context, nameof(context)); var clientId = this.CredentialData.Data.GetValueOrDefault("clientId", null); var authorizationUrl = this.CredentialData.Data.GetValueOrDefault("authorizationUrl", null); // For back compat with .credential file that doesn't has 'oauthEndpointUrl' section var oathEndpointUrl = this.CredentialData.Data.GetValueOrDefault("oauthEndpointUrl", authorizationUrl); ArgUtil.NotNullOrEmpty(clientId, nameof(clientId)); ArgUtil.NotNullOrEmpty(authorizationUrl, nameof(authorizationUrl)); // We expect the key to be in the machine store at this point. Configuration should have set all of // this up correctly so we can use the key to generate access tokens. var keyManager = context.GetService(); var signingCredentials = VssSigningCredentials.Create(() => keyManager.GetKey()); var clientCredential = new VssOAuthJwtBearerClientCredential(clientId, authorizationUrl, signingCredentials); var agentCredential = new VssOAuthCredential(new Uri(oathEndpointUrl, UriKind.Absolute), VssOAuthGrant.ClientCredentials, clientCredential); // Construct a credentials cache with a single OAuth credential for communication. The windows credential // is explicitly set to null to ensure we never do that negotiation. return new VssCredentials(null, agentCredential, CredentialPromptType.DoNotPrompt); } } } ================================================ FILE: src/Agent.Listener/Configuration/PromptManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { [ServiceLocator(Default = typeof(PromptManager))] public interface IPromptManager : IAgentService { bool ReadBool( string argName, string description, bool defaultValue, bool unattended); string ReadValue( string argName, string description, bool secret, string defaultValue, Func validator, bool unattended); } public sealed class PromptManager : AgentService, IPromptManager { private ITerminal _terminal; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _terminal = HostContext.GetService(); } public bool ReadBool( string argName, string description, bool defaultValue, bool unattended) { string answer = ReadValue( argName: argName, description: description, secret: false, defaultValue: defaultValue ? StringUtil.Loc("Y") : StringUtil.Loc("N"), validator: Validators.BoolValidator, unattended: unattended); return String.Equals(answer, "true", StringComparison.OrdinalIgnoreCase) || String.Equals(answer, StringUtil.Loc("Y"), StringComparison.CurrentCultureIgnoreCase); } public string ReadValue( string argName, string description, bool secret, string defaultValue, Func validator, bool unattended) { Trace.Info(nameof(ReadValue)); ArgUtil.NotNull(validator, nameof(validator)); string value = string.Empty; // Check if unattended. if (unattended) { // Return the default value if specified. if (!string.IsNullOrEmpty(defaultValue)) { return defaultValue; } // Otherwise throw. throw new ArgumentNullException(StringUtil.Loc("InvalidConfigFor0TerminatingUnattended", argName)); } // Prompt until a valid value is read. while (true) { // Write the message prompt. string prompt = string.IsNullOrEmpty(defaultValue) ? StringUtil.Loc("Prompt0", description) : StringUtil.Loc("Prompt0Default1", description, defaultValue); _terminal.Write($"{prompt} > "); // Read and trim the value. value = secret ? _terminal.ReadSecret() : _terminal.ReadLine(); value = value?.Trim() ?? string.Empty; // Return the default if not specified. if (string.IsNullOrEmpty(value) && !string.IsNullOrEmpty(defaultValue)) { Trace.Info($"Falling back to the default: '{defaultValue}'"); return defaultValue; } // Return the value if it is not empty and it is valid. // Otherwise try the loop again. if (!string.IsNullOrEmpty(value)) { if (validator(value)) { return value; } else { Trace.Info("Invalid value."); _terminal.WriteLine(StringUtil.Loc("EnterValidValueFor0", description)); } } } } } } ================================================ FILE: src/Agent.Listener/Configuration/RSAFileKeyManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Security.Cryptography; using System.Threading; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { public class RSAFileKeyManager : AgentService, IRSAKeyManager { private string _keyFile; private IHostContext _context; public RSA CreateKey(bool enableAgentKeyStoreInNamedContainer, bool useCng) { RSACryptoServiceProvider rsa = null; if (!File.Exists(_keyFile)) { Trace.Info("Creating new RSA key using 2048-bit key length"); rsa = new RSACryptoServiceProvider(2048); // Now write the parameters to disk IOUtil.SaveObject(new RSAParametersSerializable("", false, rsa.ExportParameters(true)), _keyFile); Trace.Info(StringUtil.Format("Successfully saved RSA key parameters to file {0}", _keyFile)); // Try to lock down the credentials_key file to the owner/group var chmodPath = WhichUtil.Which("chmod", trace: Trace); if (!String.IsNullOrEmpty(chmodPath)) { var arguments = $"600 {new FileInfo(_keyFile).FullName}"; using (var invoker = _context.CreateService()) { var exitCode = invoker.ExecuteAsync(HostContext.GetDirectory(WellKnownDirectory.Root), chmodPath, arguments, null, default(CancellationToken)).GetAwaiter().GetResult(); if (exitCode == 0) { Trace.Info(StringUtil.Format("Successfully set permissions for RSA key parameters file {0}", _keyFile)); } else { Trace.Warning(StringUtil.Format("Unable to succesfully set permissions for RSA key parameters file {0}. Received exit code {1} from {2}", _keyFile, exitCode, chmodPath)); } } } else { Trace.Warning(StringUtil.Format("Unable to locate chmod to set permissions for RSA key parameters file {0}.", _keyFile)); } } else { Trace.Info(StringUtil.Format("Found existing RSA key parameters file {0}", _keyFile)); rsa = new RSACryptoServiceProvider(); rsa.ImportParameters(IOUtil.LoadObject(_keyFile).RSAParameters); } return rsa; } public void DeleteKey() { if (File.Exists(_keyFile)) { Trace.Info(StringUtil.Format("Deleting RSA key parameters file {0}", _keyFile)); File.Delete(_keyFile); } } public RSA GetKey() { if (!File.Exists(_keyFile)) { throw new CryptographicException(StringUtil.Loc("RSAKeyFileNotFound", _keyFile)); } Trace.Info(StringUtil.Format("Loading RSA key parameters from file {0}", _keyFile)); var parameters = IOUtil.LoadObject(_keyFile).RSAParameters; var rsa = new RSACryptoServiceProvider(); rsa.ImportParameters(parameters); return rsa; } void IAgentService.Initialize(IHostContext context) { base.Initialize(context); _context = context; _keyFile = context.GetConfigFile(WellKnownConfigFile.RSACredentials); } } } ================================================ FILE: src/Agent.Listener/Configuration/ServiceControlManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Linq; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { public class ServiceControlManager : AgentService { public void CalculateServiceName(AgentSettings settings, string serviceNamePattern, string serviceDisplayNamePattern, out string serviceName, out string serviceDisplayName) { ArgUtil.NotNull(settings, nameof(settings)); Trace.Entering(); serviceName = string.Empty; serviceDisplayName = string.Empty; Uri accountUri = new Uri(settings.ServerUrl); string accountName = string.Empty; if (accountUri.Host.Equals("dev.azure.com", StringComparison.OrdinalIgnoreCase)) { accountName = accountUri.AbsolutePath.Split('/', StringSplitOptions.RemoveEmptyEntries).FirstOrDefault(); } else { accountName = accountUri.Host.Split('.').FirstOrDefault(); } if (string.IsNullOrEmpty(accountName)) { throw new InvalidOperationException(StringUtil.Loc("CannotFindHostName", settings.ServerUrl)); } string resourceCollection = settings.PoolName ?? settings.EnvironmentName; serviceName = StringUtil.Format(serviceNamePattern, accountName, resourceCollection, settings.AgentName); if (serviceName.Length > 80) { Trace.Verbose($"Calculated service name is too long (> 80 chars). Trying again by calculating a shorter name."); int exceededCharLength = serviceName.Length - 80; string accountNameSubstring = StringUtil.SubstringPrefix(accountName, 25); exceededCharLength -= accountName.Length - accountNameSubstring.Length; string poolNameSubstring = StringUtil.SubstringPrefix(settings.PoolName, 25); string environmentNameSubstring = StringUtil.SubstringPrefix(settings.EnvironmentName, 25); if (settings.PoolName != null) { exceededCharLength -= settings.PoolName.Length - poolNameSubstring.Length; } if (settings.EnvironmentName != null) { exceededCharLength -= settings.EnvironmentName.Length - environmentNameSubstring.Length; } string agentNameSubstring = settings.AgentName; // Only trim agent name if it's really necessary if (exceededCharLength > 0) { agentNameSubstring = StringUtil.SubstringPrefix(settings.AgentName, settings.AgentName.Length - exceededCharLength); } string resourceCollectionSubstring = poolNameSubstring ?? environmentNameSubstring; serviceName = StringUtil.Format(serviceNamePattern, accountNameSubstring, resourceCollectionSubstring, agentNameSubstring); } serviceDisplayName = StringUtil.Format(serviceDisplayNamePattern, accountName, resourceCollection, settings.AgentName); Trace.Info($"Service name '{serviceName}' display name '{serviceDisplayName}' will be used for service configuration."); } } } ================================================ FILE: src/Agent.Listener/Configuration/Validators.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.IO; using System.Runtime.Versioning; using System.Security.Principal; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { public static class Validators { private static String UriHttpScheme = "http"; private static String UriHttpsScheme = "https"; public static bool ServerUrlValidator(string value) { try { Uri uri; if (Uri.TryCreate(value, UriKind.Absolute, out uri)) { if (uri.Scheme.Equals(UriHttpScheme, StringComparison.OrdinalIgnoreCase) || uri.Scheme.Equals(UriHttpsScheme, StringComparison.OrdinalIgnoreCase)) { return true; } } } catch (Exception) { return false; } return false; } public static bool AuthSchemeValidator(string value) { return CredentialManager.CredentialTypes.ContainsKey(value); } public static bool FilePathValidator(string value) { var directoryInfo = new DirectoryInfo(value); if (!directoryInfo.Exists) { try { Directory.CreateDirectory(value); } catch (Exception) { return false; } } return true; } public static bool BoolValidator(string value) { return string.Equals(value, "true", StringComparison.OrdinalIgnoreCase) || string.Equals(value, "false", StringComparison.OrdinalIgnoreCase) || string.Equals(value, StringUtil.Loc("Y"), StringComparison.CurrentCultureIgnoreCase) || string.Equals(value, StringUtil.Loc("N"), StringComparison.CurrentCultureIgnoreCase); } public static bool NonEmptyValidator(string value) { return !string.IsNullOrEmpty(value); } [SupportedOSPlatform("windows")] public static bool NTAccountValidator(string arg) { if (string.IsNullOrEmpty(arg) || String.IsNullOrEmpty(arg.TrimStart('.', '\\'))) { return false; } var logonAccount = arg.TrimStart('.'); try { NTAccount ntaccount = new NTAccount(logonAccount); SecurityIdentifier sid = (SecurityIdentifier)ntaccount.Translate(typeof(SecurityIdentifier)); } catch (IdentityNotMappedException) { try { if (!logonAccount.EndsWith('$')) { NTAccount ntaccount = new NTAccount(logonAccount + '$'); SecurityIdentifier sid = (SecurityIdentifier)ntaccount.Translate(typeof(SecurityIdentifier)); Console.WriteLine(StringUtil.Loc("AutoLogonAccountGmsaHint")); } } catch { return false; } return false; } return true; } } } ================================================ FILE: src/Agent.Listener/Configuration.Linux/SystemdControlManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Runtime.Versioning; using System.Text; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { [ServiceLocator(Default = typeof(SystemDControlManager))] [SupportedOSPlatform("linux")] public interface ILinuxServiceControlManager : IAgentService { void GenerateScripts(AgentSettings settings); } [SupportedOSPlatform("linux")] public class SystemDControlManager : ServiceControlManager, ILinuxServiceControlManager { // This is the name you would see when you do `systemctl list-units | grep vsts` private const string _svcNamePattern = "vsts.agent.{0}.{1}.{2}.service"; private const string _svcDisplayPattern = "Azure Pipelines Agent ({0}.{1}.{2})"; private const string _shTemplate = "systemd.svc.sh.template"; private const string _shName = "svc.sh"; public void GenerateScripts(AgentSettings settings) { try { string serviceName; string serviceDisplayName; CalculateServiceName(settings, _svcNamePattern, _svcDisplayPattern, out serviceName, out serviceDisplayName); string svcShPath = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), _shName); string svcShContent = File.ReadAllText(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), _shTemplate)); var tokensToReplace = new Dictionary { { "{{SvcDescription}}", serviceDisplayName }, { "{{SvcNameVar}}", serviceName } }; svcShContent = tokensToReplace.Aggregate( svcShContent, (current, item) => current.Replace(item.Key, item.Value)); File.WriteAllText(svcShPath, svcShContent, new UTF8Encoding(false)); var unixUtil = HostContext.CreateService(); unixUtil.ChmodAsync("755", svcShPath).GetAwaiter().GetResult(); } catch (Exception ex) { Trace.Error(ex); throw; } } } } ================================================ FILE: src/Agent.Listener/Configuration.Windows/AutoLogonManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Diagnostics; using System.IO; using System.Runtime.Versioning; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { [ServiceLocator(Default = typeof(AutoLogonManager))] [SupportedOSPlatform("windows")] public interface IAutoLogonManager : IAgentService { Task ConfigureAsync(CommandSettings command); void Unconfigure(); } [SupportedOSPlatform("windows")] public class AutoLogonManager : AgentService, IAutoLogonManager { private ITerminal _terminal; private INativeWindowsServiceHelper _windowsServiceHelper; private IAutoLogonRegistryManager _autoLogonRegManager; private IConfigurationStore _store; public override void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); _terminal = hostContext.GetService(); _windowsServiceHelper = hostContext.GetService(); _autoLogonRegManager = HostContext.GetService(); _store = hostContext.GetService(); } public async Task ConfigureAsync(CommandSettings command) { ArgUtil.NotNull(command, nameof(command)); if (!_windowsServiceHelper.IsRunningInElevatedMode()) { Trace.Error("Needs Administrator privileges to configure agent with AutoLogon capability."); throw new SecurityException(StringUtil.Loc("NeedAdminForAutologonCapability")); } string domainName; string userName; string logonAccount; string logonPassword; while (true) { logonAccount = command.GetWindowsLogonAccount(defaultValue: string.Empty, descriptionMsg: StringUtil.Loc("AutoLogonAccountNameDescription")); GetAccountSegments(logonAccount, out domainName, out userName); if ((string.IsNullOrEmpty(domainName) || domainName.Equals(".", StringComparison.CurrentCultureIgnoreCase)) && !logonAccount.Contains("@")) { logonAccount = String.Format("{0}\\{1}", Environment.MachineName, userName); domainName = Environment.MachineName; } Trace.Info(StringUtil.Format("LogonAccount after transforming: {0}, user: {1}, domain: {2}", logonAccount, userName, domainName)); logonPassword = command.GetWindowsLogonPassword(logonAccount); if (_windowsServiceHelper.IsValidAutoLogonCredential(domainName, userName, logonPassword)) { Trace.Info("Credential validation succeeded"); break; } if (command.Unattended()) { throw new SecurityException(StringUtil.Loc("InvalidAutoLogonCredential")); } Trace.Error("Invalid credential entered."); _terminal.WriteError(StringUtil.Loc("InvalidAutoLogonCredential")); } _autoLogonRegManager.GetAutoLogonUserDetails(out string currentAutoLogonUserDomainName, out string currentAutoLogonUserName); if (currentAutoLogonUserName != null && !userName.Equals(currentAutoLogonUserName, StringComparison.CurrentCultureIgnoreCase) && !domainName.Equals(currentAutoLogonUserDomainName, StringComparison.CurrentCultureIgnoreCase)) { string currentAutoLogonAccount = String.Format("{0}\\{1}", currentAutoLogonUserDomainName, currentAutoLogonUserName); if (string.IsNullOrEmpty(currentAutoLogonUserDomainName) || currentAutoLogonUserDomainName.Equals(".", StringComparison.CurrentCultureIgnoreCase)) { currentAutoLogonAccount = String.Format("{0}\\{1}", Environment.MachineName, currentAutoLogonUserName); } Trace.Warning($"AutoLogon already enabled for {currentAutoLogonAccount}."); if (!command.GetOverwriteAutoLogon(currentAutoLogonAccount)) { Trace.Error("Marking the agent configuration as failed due to the denial of autologon setting overwriting by the user."); throw new InvalidOperationException(StringUtil.Loc("AutoLogonOverwriteDeniedError", currentAutoLogonAccount)); } Trace.Info($"Continuing with the autologon configuration."); } // grant permission for agent root folder and work folder Trace.Info("Create local group and grant folder permission to logon account."); string agentRoot = HostContext.GetDirectory(WellKnownDirectory.Root); string workFolder = HostContext.GetDirectory(WellKnownDirectory.Work); Directory.CreateDirectory(workFolder); _windowsServiceHelper.GrantDirectoryPermissionForAccount(logonAccount, new[] { agentRoot, workFolder }); _autoLogonRegManager.UpdateRegistrySettings(command, domainName, userName, logonPassword); _windowsServiceHelper.SetAutoLogonPassword(logonPassword); await ConfigurePowerOptions(); SaveAutoLogonSettings(domainName, userName); RestartBasedOnUserInput(command); } public void Unconfigure() { if (!_windowsServiceHelper.IsRunningInElevatedMode()) { Trace.Error("Needs Administrator privileges to unconfigure an agent running with AutoLogon capability."); throw new SecurityException(StringUtil.Loc("NeedAdminForAutologonRemoval")); } var autoLogonSettings = _store.GetAutoLogonSettings(); _autoLogonRegManager.ResetRegistrySettings(autoLogonSettings.UserDomainName, autoLogonSettings.UserName); _windowsServiceHelper.ResetAutoLogonPassword(); // Delete local group we created during configure. string agentRoot = HostContext.GetDirectory(WellKnownDirectory.Root); string workFolder = HostContext.GetDirectory(WellKnownDirectory.Work); _windowsServiceHelper.RevokeDirectoryPermissionForAccount(new[] { agentRoot, workFolder }); Trace.Info("Deleting the autologon settings now."); _store.DeleteAutoLogonSettings(); Trace.Info("Successfully deleted the autologon settings."); } private void SaveAutoLogonSettings(string domainName, string userName) { Trace.Entering(); var settings = new AutoLogonSettings() { UserDomainName = domainName, UserName = userName }; _store.SaveAutoLogonSettings(settings); Trace.Info("Saved the autologon settings"); } private async Task ConfigurePowerOptions() { var filePath = WhichUtil.Which("powercfg.exe", require: true, trace: Trace); string[] commands = new string[] { "/Change monitor-timeout-ac 0", "/Change monitor-timeout-dc 0" }; foreach (var command in commands) { try { Trace.Info($"Running powercfg.exe with {command}"); using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { Trace.Info(message.Data); }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { Trace.Error(message.Data); _terminal.WriteError(message.Data); }; await processInvoker.ExecuteAsync( workingDirectory: string.Empty, fileName: filePath, arguments: command, environment: null, cancellationToken: CancellationToken.None); } } catch (Exception ex) { //we will not stop the configuration. just show the warning and continue _terminal.WriteError(StringUtil.Loc("PowerOptionsConfigError")); Trace.Error(ex); } } } private void RestartBasedOnUserInput(CommandSettings command) { Trace.Info("Asking the user to restart the machine to launch agent and for autologon settings to take effect."); _terminal.WriteLine(StringUtil.Loc("RestartMessage")); var noRestart = command.GetNoRestart(); if (!noRestart) { var shutdownExePath = WhichUtil.Which("shutdown.exe", trace: Trace); Trace.Info("Restarting the machine in 15 seconds"); _terminal.WriteLine(StringUtil.Loc("RestartIn15SecMessage")); string msg = StringUtil.Loc("ShutdownMessage"); //we are not using ProcessInvoker here as today it is not designed for 'fire and forget' pattern //ExecuteAsync API of ProcessInvoker waits for the process to exit var args = $@"-r -t 15 -c ""{msg}"""; Trace.Info($"Shutdown.exe path: {shutdownExePath}. Arguments: {args}"); try { Process.Start(shutdownExePath, $@"{args}"); } catch (System.ComponentModel.Win32Exception w32Ex) { Trace.Error($"Failed to start shutdown process: Win32 error {w32Ex.NativeErrorCode}: {w32Ex.Message}"); _terminal.WriteError($"Failed to restart machine automatically. Please restart manually. Error: {w32Ex.Message}"); } catch (FileNotFoundException fnfEx) { Trace.Error($"Shutdown executable not found at '{shutdownExePath}': {fnfEx.Message}"); _terminal.WriteError($"Cannot find shutdown.exe. Please restart machine manually."); } catch (Exception ex) { Trace.Error($"Unexpected error starting shutdown process: {ex.Message} {ex}"); _terminal.WriteError($"Failed to restart machine automatically. Please restart manually. Error: {ex.Message}"); } } else { _terminal.WriteLine(StringUtil.Loc("NoRestartSuggestion")); } } //todo: move it to a utility class so that at other places it can be re-used private void GetAccountSegments(string account, out string domain, out string user) { string[] segments = account.Split('\\'); domain = string.Empty; user = account; if (segments.Length == 2) { domain = segments[0]; user = segments[1]; } } } } ================================================ FILE: src/Agent.Listener/Configuration.Windows/AutoLogonRegistryManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.Win32; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Runtime.Versioning; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { [ServiceLocator(Default = typeof(AutoLogonRegistryManager))] [SupportedOSPlatform("windows")] public interface IAutoLogonRegistryManager : IAgentService { void GetAutoLogonUserDetails(out string domainName, out string userName); void UpdateRegistrySettings(CommandSettings command, string domainName, string userName, string logonPassword); void ResetRegistrySettings(string domainName, string userName); //used to log all the autologon related registry settings when agent is running void DumpAutoLogonRegistrySettings(); } [SupportedOSPlatform("windows")] public class AutoLogonRegistryManager : AgentService, IAutoLogonRegistryManager { private IWindowsRegistryManager _registryManager; private INativeWindowsServiceHelper _windowsServiceHelper; private ITerminal _terminal; public override void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); _registryManager = hostContext.GetService(); _windowsServiceHelper = hostContext.GetService(); _terminal = HostContext.GetService(); } public void GetAutoLogonUserDetails(out string domainName, out string userName) { userName = null; domainName = null; var regValue = _registryManager.GetValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogon); if (int.TryParse(regValue, out int autoLogonEnabled) && autoLogonEnabled == 1) { userName = _registryManager.GetValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonUserName); domainName = _registryManager.GetValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonDomainName); } } public void UpdateRegistrySettings(CommandSettings command, string domainName, string userName, string logonPassword) { IntPtr userHandler = IntPtr.Zero; PROFILEINFO userProfile = new PROFILEINFO(); try { string securityId = _windowsServiceHelper.GetSecurityId(domainName, userName); if (string.IsNullOrEmpty(securityId)) { Trace.Error($"Could not find the Security ID for the user '{domainName}\\{userName}'. AutoLogon will not be configured."); throw new ArgumentException(StringUtil.Loc("InvalidSIDForUser", domainName, userName)); } //check if the registry exists for the user, if not load the user profile if (!_registryManager.SubKeyExists(RegistryHive.Users, securityId)) { userProfile.dwSize = Marshal.SizeOf(typeof(PROFILEINFO)); userProfile.lpUserName = userName; _windowsServiceHelper.LoadUserProfile(domainName, userName, logonPassword, out userHandler, out userProfile); } if (!_registryManager.SubKeyExists(RegistryHive.Users, securityId)) { throw new InvalidOperationException(StringUtil.Loc("ProfileLoadFailure", domainName, userName)); } //machine specific settings, i.e., autologon UpdateMachineSpecificRegistrySettings(domainName, userName); //user specific, i.e., screensaver and startup process UpdateUserSpecificRegistrySettings(command, securityId); } finally { if (userHandler != IntPtr.Zero) { _windowsServiceHelper.UnloadUserProfile(userHandler, userProfile); } } } public void ResetRegistrySettings(string domainName, string userName) { string securityId = _windowsServiceHelper.GetSecurityId(domainName, userName); if (string.IsNullOrEmpty(securityId)) { Trace.Error($"Could not find the Security ID for the user '{domainName}\\{userName}'. Unconfiguration of AutoLogon is not possible."); throw new ArgumentException(StringUtil.Loc("InvalidSIDForUser", domainName, userName)); } //machine specific ResetAutoLogon(domainName, userName); //user specific ResetUserSpecificSettings(securityId); } public void DumpAutoLogonRegistrySettings() { Trace.Info("Dump from the registry for autologon related settings"); Trace.Info("****Machine specific policies/settings****"); if (_registryManager.SubKeyExists(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.ShutdownReasonDomainPolicy)) { var shutDownReasonSubKey = RegistryConstants.MachineSettings.SubKeys.ShutdownReasonDomainPolicy; var shutDownReasonValueName = RegistryConstants.MachineSettings.ValueNames.ShutdownReason; var shutdownReasonValue = _registryManager.GetValue(RegistryHive.LocalMachine, shutDownReasonSubKey, shutDownReasonValueName); Trace.Info($"Shutdown reason domain policy. Subkey - {shutDownReasonSubKey} ValueName - {shutDownReasonValueName} : {shutdownReasonValue}"); } else { Trace.Info($"Shutdown reason domain policy not found."); } if (_registryManager.SubKeyExists(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.LegalNotice)) { var legalNoticeSubKey = RegistryConstants.MachineSettings.SubKeys.LegalNotice; var captionValueName = RegistryConstants.MachineSettings.ValueNames.LegalNoticeCaption; //legal caption/text var legalNoticeCaption = _registryManager.GetValue(RegistryHive.LocalMachine, legalNoticeSubKey, captionValueName); //we must avoid printing the text/caption in the logs as it is user data var isLegalNoticeCaptionDefined = !string.IsNullOrEmpty(legalNoticeCaption); Trace.Info($"Legal notice caption - Subkey - {legalNoticeSubKey} ValueName - {captionValueName}. Is defined - {isLegalNoticeCaptionDefined}"); var textValueName = RegistryConstants.MachineSettings.ValueNames.LegalNoticeText; var legalNoticeText = _registryManager.GetValue(RegistryHive.LocalMachine, legalNoticeSubKey, textValueName); var isLegalNoticeTextDefined = !string.IsNullOrEmpty(legalNoticeCaption); Trace.Info($"Legal notice text - Subkey - {legalNoticeSubKey} ValueName - {textValueName}. Is defined - {isLegalNoticeTextDefined}"); } else { Trace.Info($"LegalNotice caption/text not defined"); } var autoLogonSubKey = RegistryConstants.MachineSettings.SubKeys.AutoLogon; var valueName = RegistryConstants.MachineSettings.ValueNames.AutoLogon; var isAutoLogonEnabled = _registryManager.GetValue(RegistryHive.LocalMachine, autoLogonSubKey, valueName); Trace.Info($"AutoLogon. Subkey - {autoLogonSubKey}. ValueName - {valueName} : {isAutoLogonEnabled} (0-disabled, 1-enabled)"); var userValueName = RegistryConstants.MachineSettings.ValueNames.AutoLogonUserName; var domainValueName = RegistryConstants.MachineSettings.ValueNames.AutoLogonDomainName; var userName = _registryManager.GetValue(RegistryHive.LocalMachine, autoLogonSubKey, userValueName); var domainName = _registryManager.GetValue(RegistryHive.LocalMachine, autoLogonSubKey, domainValueName); Trace.Info($"AutoLogonUser. Subkey - {autoLogonSubKey}. ValueName - {userValueName} : {userName}"); Trace.Info($"AutoLogonUser. Subkey - {autoLogonSubKey}. ValueName - {domainValueName} : {domainName}"); Trace.Info("****User specific policies/settings****"); var screenSaverPolicySubKeyName = RegistryConstants.UserSettings.SubKeys.ScreenSaverDomainPolicy; var screenSaverValueName = RegistryConstants.UserSettings.ValueNames.ScreenSaver; if (_registryManager.SubKeyExists(RegistryHive.CurrentUser, screenSaverPolicySubKeyName)) { var screenSaverSettingValue = _registryManager.GetValue(RegistryHive.CurrentUser, screenSaverPolicySubKeyName, screenSaverValueName); Trace.Info($"Screensaver policy. SubKey - {screenSaverPolicySubKeyName} ValueName - {screenSaverValueName} : {screenSaverSettingValue} (1- enabled)"); } else { Trace.Info($"Screen saver domain policy doesnt exist"); } Trace.Info("****User specific settings****"); var screenSaverSettingSubKeyName = RegistryConstants.UserSettings.SubKeys.ScreenSaver; var screenSaverSettingValueName = RegistryConstants.UserSettings.ValueNames.ScreenSaver; var screenSaverValue = _registryManager.GetValue(RegistryHive.CurrentUser, screenSaverSettingSubKeyName, screenSaverSettingValueName); Trace.Info($"Screensaver - SubKey - {screenSaverSettingSubKeyName}, ValueName - {screenSaverSettingValueName} : {screenSaverValue} (0-disabled, 1-enabled)"); var startupSubKeyName = RegistryConstants.UserSettings.SubKeys.StartupProcess; var startupValueName = RegistryConstants.UserSettings.ValueNames.StartupProcess; var startupProcessPath = _registryManager.GetValue(RegistryHive.CurrentUser, startupSubKeyName, startupValueName); Trace.Info($"Startup process SubKey - {startupSubKeyName} ValueName - {startupValueName} : {startupProcessPath}"); Trace.Info(""); } private void ResetAutoLogon(string domainName, string userName) { var actualDomainNameForAutoLogon = _registryManager.GetValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonDomainName); var actualUserNameForAutoLogon = _registryManager.GetValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonUserName); if (string.Equals(actualDomainNameForAutoLogon, domainName, StringComparison.CurrentCultureIgnoreCase) && string.Equals(actualUserNameForAutoLogon, userName, StringComparison.CurrentCultureIgnoreCase)) { _registryManager.SetValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonUserName, ""); _registryManager.SetValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonDomainName, ""); _registryManager.SetValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogon, "0"); } else { Trace.Info("AutoLogon user and/or domain name is not same as expected after autologon configuration."); Trace.Info($"Actual values: Domain - {actualDomainNameForAutoLogon}, user - {actualUserNameForAutoLogon}"); Trace.Info($"Expected values: Domain - {domainName}, user - {userName}"); Trace.Info("Skipping the revert of autologon settings."); } } private void UpdateMachineSpecificRegistrySettings(string domainName, string userName) { var hive = RegistryHive.LocalMachine; //before enabling autologon, inspect the policies that may affect it and log the warning InspectAutoLogonRelatedPolicies(); _registryManager.SetValue(hive, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonUserName, userName); _registryManager.SetValue(hive, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonDomainName, domainName); _registryManager.DeleteValue(hive, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonPassword); _registryManager.DeleteValue(hive, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonCount); _registryManager.SetValue(hive, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogon, "1"); } private void InspectAutoLogonRelatedPolicies() { Trace.Info("Checking for policies that may prevent autologon from working correctly."); _terminal.WriteLine(StringUtil.Loc("AutoLogonPoliciesInspection")); var warningReasons = new List(); if (_registryManager.SubKeyExists(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.ShutdownReasonDomainPolicy)) { //shutdown reason var shutdownReasonValue = _registryManager.GetValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.ShutdownReasonDomainPolicy, RegistryConstants.MachineSettings.ValueNames.ShutdownReason); if (int.TryParse(shutdownReasonValue, out int shutdownReasonOn) && shutdownReasonOn == 1) { warningReasons.Add(StringUtil.Loc("AutoLogonPolicies_ShutdownReason")); } } if (_registryManager.SubKeyExists(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.LegalNotice)) { //legal caption/text var legalNoticeCaption = _registryManager.GetValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.LegalNotice, RegistryConstants.MachineSettings.ValueNames.LegalNoticeCaption); var legalNoticeText = _registryManager.GetValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.LegalNotice, RegistryConstants.MachineSettings.ValueNames.LegalNoticeText); if (!string.IsNullOrEmpty(legalNoticeCaption) || !string.IsNullOrEmpty(legalNoticeText)) { warningReasons.Add(StringUtil.Loc("AutoLogonPolicies_LegalNotice")); } } if (warningReasons.Count > 0) { Trace.Warning("Following policies may affect the autologon:"); _terminal.WriteError(StringUtil.Loc("AutoLogonPoliciesWarningsHeader")); for (int i = 0; i < warningReasons.Count; i++) { var msg = String.Format("{0} - {1}", i + 1, warningReasons[i]); Trace.Warning(msg); _terminal.WriteError(msg); } _terminal.WriteLine(); } } private void UpdateUserSpecificRegistrySettings(CommandSettings command, string securityId) { //User specific UpdateScreenSaverSettings(command, securityId); //User specific string subKeyName = $"{securityId}\\{RegistryConstants.UserSettings.SubKeys.StartupProcess}"; _registryManager.SetValue(RegistryHive.Users, subKeyName, RegistryConstants.UserSettings.ValueNames.StartupProcess, GetStartupCommand(runOnce: command.GetRunOnce())); } private void UpdateScreenSaverSettings(CommandSettings command, string securityId) { Trace.Info("Checking for policies that may prevent screensaver from being disabled."); _terminal.WriteLine(StringUtil.Loc("ScreenSaverPoliciesInspection")); string subKeyName = $"{securityId}\\{RegistryConstants.UserSettings.SubKeys.ScreenSaverDomainPolicy}"; if (_registryManager.SubKeyExists(RegistryHive.Users, subKeyName)) { var screenSaverValue = _registryManager.GetValue(RegistryHive.Users, subKeyName, RegistryConstants.UserSettings.ValueNames.ScreenSaver); if (int.TryParse(screenSaverValue, out int isScreenSaverDomainPolicySet) && isScreenSaverDomainPolicySet == 1) { Trace.Warning("Screensaver policy is defined on the machine. Screensaver may not remain disabled always."); _terminal.WriteError(StringUtil.Loc("ScreenSaverPolicyWarning")); } } string screenSaverSubKeyName = $"{securityId}\\{RegistryConstants.UserSettings.SubKeys.ScreenSaver}"; string screenSaverValueName = RegistryConstants.UserSettings.ValueNames.ScreenSaver; //take backup if it exists string origValue = _registryManager.GetValue(RegistryHive.Users, screenSaverSubKeyName, screenSaverValueName); if (!string.IsNullOrEmpty(origValue)) { var nameForTheBackupValue = GetBackupValueName(screenSaverValueName); _registryManager.SetValue(RegistryHive.Users, screenSaverSubKeyName, nameForTheBackupValue, origValue); } _registryManager.SetValue(RegistryHive.Users, screenSaverSubKeyName, screenSaverValueName, "0"); } private string GetStartupCommand(bool runOnce) { //startup process string cmdExePath = Environment.GetEnvironmentVariable("comspec"); if (string.IsNullOrEmpty(cmdExePath)) { Trace.Error("Unable to get the path for cmd.exe."); throw new ArgumentException(StringUtil.Loc("FilePathNotFound", "cmd.exe")); } //file to run in cmd.exe var filePath = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), "run.cmd"); string once = runOnce ? "--once" : null; //extra " are to handle the spaces in the file path (if any) var startupCommand = $@"{cmdExePath} /D /S /C start ""Agent with AutoLogon"" ""{filePath}"" --startuptype autostartup {once}"; Trace.Info($"Agent auto logon startup command: '{startupCommand}'"); return startupCommand; } private void ResetUserSpecificSettings(string securityId) { var targetHive = RegistryHive.Users; DeleteStartupCommand(targetHive, securityId); var screenSaverSubKey = $"{securityId}\\{RegistryConstants.UserSettings.SubKeys.ScreenSaver}"; var currentValue = _registryManager.GetValue(targetHive, screenSaverSubKey, RegistryConstants.UserSettings.ValueNames.ScreenSaver); if (string.Equals(currentValue, "0", StringComparison.CurrentCultureIgnoreCase)) { //we only take the backup of screensaver setting at present, reverting it back if it exists RevertOriginalValue(targetHive, screenSaverSubKey, RegistryConstants.UserSettings.ValueNames.ScreenSaver); } else { Trace.Info($"Screensaver setting value was not same as expected after autologon configuration. Actual - {currentValue}, Expected - 0. Skipping the revert of it."); } } private void DeleteStartupCommand(RegistryHive targetHive, string securityId) { var startupProcessSubKeyName = $"{securityId}\\{RegistryConstants.UserSettings.SubKeys.StartupProcess}"; var expectedStartupCmd = GetStartupCommand(runOnce: false); var actualStartupCmd = _registryManager.GetValue(targetHive, startupProcessSubKeyName, RegistryConstants.UserSettings.ValueNames.StartupProcess); // Use StartWith() instead of Equals() because we don't know if the startupCmd should include the runOnce parameter if (actualStartupCmd != null && actualStartupCmd.StartsWith(expectedStartupCmd, StringComparison.CurrentCultureIgnoreCase)) { _registryManager.DeleteValue(RegistryHive.Users, startupProcessSubKeyName, RegistryConstants.UserSettings.ValueNames.StartupProcess); } else { Trace.Info($"Startup process command is not same as expected after autologon configuration. Skipping the revert of it."); Trace.Info($"Actual - {actualStartupCmd}, Expected - {expectedStartupCmd}."); } } private void RevertOriginalValue(RegistryHive targetHive, string subKeyName, string name) { var nameofTheBackupValue = GetBackupValueName(name); var originalValue = _registryManager.GetValue(targetHive, subKeyName, nameofTheBackupValue); Trace.Info($"Reverting the registry setting. Hive - {targetHive}, subKeyName - {subKeyName}, name - {name}"); if (string.IsNullOrEmpty(originalValue)) { Trace.Info($"No backup value was found. Deleting the value."); //there was no backup value present, just delete the current one _registryManager.DeleteValue(targetHive, subKeyName, name); } else { Trace.Info($"Backup value was found. Revert it to the original value."); //revert to the original value _registryManager.SetValue(targetHive, subKeyName, name, originalValue); } Trace.Info($"Deleting the backup key now."); //delete the value that we created for backup purpose _registryManager.DeleteValue(targetHive, subKeyName, nameofTheBackupValue); } private string GetBackupValueName(string valueName) { return string.Concat(RegistryConstants.BackupKeyPrefix, valueName); } } public class RegistryConstants { public const string BackupKeyPrefix = "VSTSAgentBackup_"; public class MachineSettings { public class SubKeys { public const string AutoLogon = @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"; public const string ShutdownReasonDomainPolicy = @"SOFTWARE\Policies\Microsoft\Windows NT\Reliability"; public const string LegalNotice = @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"; } public class ValueNames { public const string AutoLogon = "AutoAdminLogon"; public const string AutoLogonUserName = "DefaultUserName"; public const string AutoLogonDomainName = "DefaultDomainName"; public const string AutoLogonCount = "AutoLogonCount"; public const string AutoLogonPassword = "DefaultPassword"; public const string ShutdownReason = "ShutdownReasonOn"; public const string LegalNoticeCaption = "LegalNoticeCaption"; public const string LegalNoticeText = "LegalNoticeText"; } } public class UserSettings { public class SubKeys { public const string ScreenSaver = @"Control Panel\Desktop"; public const string ScreenSaverDomainPolicy = @"Software\Policies\Microsoft\Windows\Control Panel\Desktop"; public const string StartupProcess = @"SOFTWARE\Microsoft\Windows\CurrentVersion\Run"; } public class ValueNames { public const string ScreenSaver = "ScreenSaveActive"; //Value name in the startup tasks list. Every startup task has a name and the command to run. //the command gets filled up during AutoLogon configuration public const string StartupProcess = "VSTSAgent"; } } } } ================================================ FILE: src/Agent.Listener/Configuration.Windows/NativeWindowsServiceHelper.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.ComponentModel; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Runtime.Versioning; using System.Security; using System.Security.AccessControl; using System.Security.Principal; using System.ServiceProcess; using System.Threading; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.Win32; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { [ServiceLocator(Default = typeof(NativeWindowsServiceHelper))] [SupportedOSPlatform("windows")] public interface INativeWindowsServiceHelper : IAgentService { string GetUniqueBuildGroupName(); bool LocalGroupExists(string groupName); void CreateLocalGroup(string groupName); void DeleteLocalGroup(string groupName); void AddMemberToLocalGroup(string accountName, string groupName); void GrantFullControlToGroup(string path, string groupName); void RemoveGroupFromFolderSecuritySetting(string folderPath, string groupName); bool IsUserHasLogonAsServicePrivilege(string domain, string userName); bool GrantUserLogonAsServicePrivilage(string domain, string userName); bool IsValidCredential(string domain, string userName, string logonPassword); NTAccount GetDefaultServiceAccount(); NTAccount GetDefaultAdminServiceAccount(); bool IsServiceExists(string serviceName); void InstallService(string serviceName, string serviceDisplayName, string logonAccount, string logonPassword, bool setServiceSidTypeAsUnrestricted); void UninstallService(string serviceName); void StartService(string serviceName); void StopService(string serviceName); void CreateVstsAgentRegistryKey(); void DeleteVstsAgentRegistryKey(); string GetSecurityId(string domainName, string userName); void SetAutoLogonPassword(string password); void ResetAutoLogonPassword(); bool IsRunningInElevatedMode(); void LoadUserProfile(string domain, string userName, string logonPassword, out IntPtr tokenHandle, out PROFILEINFO userProfile); void UnloadUserProfile(IntPtr tokenHandle, PROFILEINFO userProfile); bool IsValidAutoLogonCredential(string domain, string userName, string logonPassword); void GrantDirectoryPermissionForAccount(string accountName, IList folders); void RevokeDirectoryPermissionForAccount(IList folders); bool IsWellKnownIdentity(string accountName); bool IsManagedServiceAccount(string accountName); } [SupportedOSPlatform("windows")] public class NativeWindowsServiceHelper : AgentService, INativeWindowsServiceHelper { private const string AgentServiceLocalGroupPrefix = "VSTS_AgentService_G"; private ITerminal _term; public override void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); _term = hostContext.GetService(); } public string GetUniqueBuildGroupName() { return AgentServiceLocalGroupPrefix + IOUtil.GetPathHash(HostContext.GetDirectory(WellKnownDirectory.Bin)).Substring(0, 5); } // TODO: Make sure to remove Old agent's group and registry changes made during auto upgrade to vsts-agent. public bool LocalGroupExists(string groupName) { Trace.Entering(); bool exists = false; IntPtr bufptr; int returnCode = NetLocalGroupGetInfo(null, // computer name groupName, 1, // group info with comment out bufptr); // Win32GroupAPI.LocalGroupInfo try { switch (returnCode) { case ReturnCode.S_OK: Trace.Info($"Local group '{groupName}' exist."); exists = true; break; case ReturnCode.NERR_GroupNotFound: case ReturnCode.ERROR_NO_SUCH_ALIAS: exists = false; break; case ReturnCode.ERROR_ACCESS_DENIED: // NOTE: None of the exception thrown here are userName facing. The caller logs this exception and prints a more understandable error throw new UnauthorizedAccessException(StringUtil.Loc("AccessDenied")); default: throw new InvalidOperationException(StringUtil.Loc("OperationFailed", nameof(NetLocalGroupGetInfo), returnCode)); } } finally { // we don't need to actually read the info to determine whether it exists int bufferFreeError = NetApiBufferFree(bufptr); if (bufferFreeError != 0) { Trace.Error(StringUtil.Format("Buffer free error, could not free buffer allocated, error code: {0}", bufferFreeError)); } } return exists; } public void CreateLocalGroup(string groupName) { Trace.Entering(); LocalGroupInfo groupInfo = new LocalGroupInfo(); groupInfo.Name = groupName; groupInfo.Comment = StringUtil.Format("Built-in group used by Team Foundation Server."); int returnCode = NetLocalGroupAdd(null, // computer name 1, // 1 means include comment ref groupInfo, 0); // param error number // return on success if (returnCode == ReturnCode.S_OK) { Trace.Info($"Local Group '{groupName}' created"); return; } // Error Cases switch (returnCode) { case ReturnCode.NERR_GroupExists: case ReturnCode.ERROR_ALIAS_EXISTS: Trace.Info(StringUtil.Format("Group {0} already exists", groupName)); break; case ReturnCode.ERROR_ACCESS_DENIED: throw new UnauthorizedAccessException(StringUtil.Loc("AccessDenied")); case ReturnCode.ERROR_INVALID_PARAMETER: throw new ArgumentException(StringUtil.Loc("InvalidGroupName", groupName)); default: throw new InvalidOperationException(StringUtil.Loc("OperationFailed", nameof(NetLocalGroupAdd), returnCode)); } } public void DeleteLocalGroup(string groupName) { Trace.Entering(); int returnCode = NetLocalGroupDel(null, // computer name groupName); // return on success if (returnCode == ReturnCode.S_OK) { Trace.Info($"Local Group '{groupName}' deleted"); return; } // Error Cases switch (returnCode) { case ReturnCode.NERR_GroupNotFound: case ReturnCode.ERROR_NO_SUCH_ALIAS: Trace.Info(StringUtil.Format("Group {0} not exists.", groupName)); break; case ReturnCode.ERROR_ACCESS_DENIED: throw new UnauthorizedAccessException(StringUtil.Loc("AccessDenied")); default: throw new InvalidOperationException(StringUtil.Loc("OperationFailed", nameof(NetLocalGroupDel), returnCode)); } } public void AddMemberToLocalGroup(string accountName, string groupName) { Trace.Entering(); LocalGroupMemberInfo memberInfo = new LocalGroupMemberInfo(); memberInfo.FullName = accountName; int returnCode = NetLocalGroupAddMembers(null, // computer name groupName, 3, // group info with fullname (vs sid) ref memberInfo, 1); //total entries // return on success if (returnCode == ReturnCode.S_OK) { Trace.Info($"Account '{accountName}' is added to local group '{groupName}'."); return; } // Error Cases switch (returnCode) { case ReturnCode.ERROR_MEMBER_IN_ALIAS: Trace.Info(StringUtil.Format("Account {0} is already member of group {1}", accountName, groupName)); break; case ReturnCode.NERR_GroupNotFound: case ReturnCode.ERROR_NO_SUCH_ALIAS: throw new ArgumentException(StringUtil.Loc("GroupDoesNotExists", groupName)); case ReturnCode.ERROR_NO_SUCH_MEMBER: throw new ArgumentException(StringUtil.Loc("MemberDoesNotExists", accountName)); case ReturnCode.ERROR_INVALID_MEMBER: throw new ArgumentException(StringUtil.Loc("InvalidMember")); case ReturnCode.ERROR_ACCESS_DENIED: throw new UnauthorizedAccessException(StringUtil.Loc("AccessDenied")); default: throw new InvalidOperationException(StringUtil.Loc("OperationFailed", nameof(NetLocalGroupAddMembers), returnCode)); } } public void GrantFullControlToGroup(string path, string groupName) { Trace.Entering(); if (IsGroupHasFullControl(path, groupName)) { Trace.Info($"Local group '{groupName}' already has full control to path '{path}'."); return; } DirectoryInfo dInfo = new DirectoryInfo(path); DirectorySecurity dSecurity = dInfo.GetAccessControl(); if (!dSecurity.AreAccessRulesCanonical) { Trace.Warning("Acls are not canonical, this may cause failure"); } dSecurity.AddAccessRule( new FileSystemAccessRule( groupName, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow)); dInfo.SetAccessControl(dSecurity); } private bool IsGroupHasFullControl(string path, string groupName) { DirectoryInfo dInfo = new DirectoryInfo(path); DirectorySecurity dSecurity = dInfo.GetAccessControl(); var allAccessRuls = dSecurity.GetAccessRules(true, true, typeof(SecurityIdentifier)).Cast(); SecurityIdentifier sid = (SecurityIdentifier)new NTAccount(groupName).Translate(typeof(SecurityIdentifier)); if (allAccessRuls.Any(x => x.IdentityReference.Value == sid.ToString() && x.AccessControlType == AccessControlType.Allow && x.FileSystemRights.HasFlag(FileSystemRights.FullControl) && x.InheritanceFlags == (InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit) && x.PropagationFlags == PropagationFlags.None)) { return true; } else { return false; } } public bool IsUserHasLogonAsServicePrivilege(string domain, string userName) { Trace.Entering(); ArgUtil.NotNullOrEmpty(userName, nameof(userName)); bool userHasPermission = false; using (LsaPolicy lsaPolicy = new LsaPolicy()) { IntPtr rightsPtr; uint count; uint result = LsaEnumerateAccountRights(lsaPolicy.Handle, GetSidBinaryFromWindows(domain, userName), out rightsPtr, out count); try { if (result == 0) { IntPtr incrementPtr = rightsPtr; for (int i = 0; i < count; i++) { LSA_UNICODE_STRING nativeRightString = Marshal.PtrToStructure(incrementPtr); string rightString = Marshal.PtrToStringUni(nativeRightString.Buffer); Trace.Verbose($"Account {userName} has '{rightString}' right."); if (string.Equals(rightString, s_logonAsServiceName, StringComparison.OrdinalIgnoreCase)) { userHasPermission = true; } incrementPtr += Marshal.SizeOf(nativeRightString); } } else { Trace.Error($"Can't enumerate account rights, return code {result}."); } } finally { result = LsaFreeMemory(rightsPtr); if (result != 0) { Trace.Error(StringUtil.Format("Failed to free memory from LsaEnumerateAccountRights. Return code : {0} ", result)); } } } return userHasPermission; } public bool GrantUserLogonAsServicePrivilage(string domain, string userName) { Trace.Entering(); ArgUtil.NotNullOrEmpty(userName, nameof(userName)); using (LsaPolicy lsaPolicy = new LsaPolicy()) { // STATUS_SUCCESS == 0 uint result = LsaAddAccountRights(lsaPolicy.Handle, GetSidBinaryFromWindows(domain, userName), LogonAsServiceRights, 1); if (result == 0) { Trace.Info($"Successfully grant logon as service privilage to account '{userName}'"); return true; } else { Trace.Info($"Fail to grant logon as service privilage to account '{userName}', error code {result}."); return false; } } } public bool IsWellKnownIdentity(string accountName) { var ntaccount = new NTAccount(accountName); var sid = (SecurityIdentifier)ntaccount.Translate(typeof(SecurityIdentifier)); SecurityIdentifier networkServiceSid = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null); SecurityIdentifier localServiceSid = new SecurityIdentifier(WellKnownSidType.LocalServiceSid, null); SecurityIdentifier localSystemSid = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null); return sid.Equals(networkServiceSid) || sid.Equals(localServiceSid) || sid.Equals(localSystemSid); } public bool IsValidCredential(string domain, string userName, string logonPassword) { return IsValidCredentialInternal(domain, userName, logonPassword, LOGON32_LOGON_NETWORK); } public bool IsValidAutoLogonCredential(string domain, string userName, string logonPassword) { return IsValidCredentialInternal(domain, userName, logonPassword, LOGON32_LOGON_INTERACTIVE); } public NTAccount GetDefaultServiceAccount() { SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, domainSid: null); NTAccount account = sid.Translate(typeof(NTAccount)) as NTAccount; if (account == null) { throw new InvalidOperationException(StringUtil.Loc("NetworkServiceNotFound")); } return account; } public NTAccount GetDefaultAdminServiceAccount() { SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, domainSid: null); NTAccount account = sid.Translate(typeof(NTAccount)) as NTAccount; if (account == null) { throw new InvalidOperationException(StringUtil.Loc("LocalSystemAccountNotFound")); } return account; } public void RemoveGroupFromFolderSecuritySetting(string folderPath, string groupName) { DirectoryInfo dInfo = new DirectoryInfo(folderPath); if (dInfo.Exists) { DirectorySecurity dSecurity = dInfo.GetAccessControl(); var allAccessRuls = dSecurity.GetAccessRules(true, true, typeof(SecurityIdentifier)).Cast(); SecurityIdentifier sid = (SecurityIdentifier)new NTAccount(groupName).Translate(typeof(SecurityIdentifier)); foreach (FileSystemAccessRule ace in allAccessRuls) { if (String.Equals(sid.ToString(), ace.IdentityReference.Value, StringComparison.OrdinalIgnoreCase)) { dSecurity.RemoveAccessRuleSpecific(ace); } } dInfo.SetAccessControl(dSecurity); } } public bool IsServiceExists(string serviceName) { Trace.Entering(); ServiceController service = ServiceController.GetServices().FirstOrDefault(x => x.ServiceName.Equals(serviceName, StringComparison.OrdinalIgnoreCase)); return service != null; } public void InstallService(string serviceName, string serviceDisplayName, string logonAccount, string logonPassword, bool setServiceSidTypeAsUnrestricted) { Trace.Entering(); try { var isManagedServiceAccount = IsManagedServiceAccount(logonAccount); Trace.Info($"Account '{logonAccount}' is managed service account: {isManagedServiceAccount}."); // If the account name specified by the lpServiceStartName parameter is the name of a managed service account or virtual account name, // the lpPassword parameter must be NULL. More info: https://learn.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-createservicea if (isManagedServiceAccount) { logonPassword = null; } } catch (Win32Exception exception) { Trace.Info($"Fail to check account '{logonAccount}' is managed service account or not due to error: {exception.Message}"); } string agentServiceExecutable = "\"" + Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), WindowsServiceControlManager.WindowsServiceControllerName) + "\""; IntPtr scmHndl = IntPtr.Zero; IntPtr svcHndl = IntPtr.Zero; IntPtr tmpBuf = IntPtr.Zero; IntPtr svcLock = IntPtr.Zero; try { //invoke the service with special argument, that tells it to register an event log trace source (need to run as an admin) using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { _term.WriteLine(message.Data); }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { _term.WriteLine(message.Data); }; processInvoker.ExecuteAsync(workingDirectory: string.Empty, fileName: agentServiceExecutable, arguments: "init", environment: null, requireExitCodeZero: true, cancellationToken: CancellationToken.None).GetAwaiter().GetResult(); } Trace.Verbose(StringUtil.Format("Trying to open SCManager.")); scmHndl = OpenSCManager(null, null, ServiceManagerRights.AllAccess); if (scmHndl.ToInt64() <= 0) { throw new InvalidOperationException(StringUtil.Loc("FailedToOpenSCM")); } Trace.Verbose(StringUtil.Format("Opened SCManager. Trying to create service {0}", serviceName)); svcHndl = CreateService(scmHndl, serviceName, serviceDisplayName, ServiceRights.AllAccess, SERVICE_WIN32_OWN_PROCESS, ServiceStartType.AutoStart, ServiceError.Normal, agentServiceExecutable, null, IntPtr.Zero, null, logonAccount, logonPassword); if (svcHndl.ToInt64() <= 0) { throw new InvalidOperationException(StringUtil.Loc("OperationFailed", nameof(CreateService), GetLastError())); } _term.WriteLine(StringUtil.Loc("ServiceInstalled", serviceName)); //set recovery option to restart on failure. ArrayList failureActions = new ArrayList(); //first failure, we will restart the service right away. failureActions.Add(new FailureAction(RecoverAction.Restart, 0)); //second failure, we will restart the service after 1 min. failureActions.Add(new FailureAction(RecoverAction.Restart, 60000)); //subsequent failures, we will restart the service after 1 min failureActions.Add(new FailureAction(RecoverAction.Restart, 60000)); // Lock the Service Database int lockRetries = 10; int retryTimeout = 5000; while (true) { svcLock = LockServiceDatabase(scmHndl); var svcLockIntCode = svcLock.ToInt64(); if (svcLockIntCode > 0) { break; } _term.WriteLine(StringUtil.Loc("ServiceLockErrorRetry", svcLockIntCode, retryTimeout / 1000)); lockRetries--; if (lockRetries > 0) { Thread.Sleep(retryTimeout); continue; } throw new InvalidOperationException(StringUtil.Loc("FailedToLockServiceDB")); } int[] actions = new int[failureActions.Count * 2]; int currInd = 0; foreach (FailureAction fa in failureActions) { actions[currInd] = (int)fa.Type; actions[++currInd] = fa.Delay; currInd++; } // Need to pack 8 bytes per struct tmpBuf = Marshal.AllocHGlobal(failureActions.Count * 8); // Move array into marshallable pointer Marshal.Copy(actions, 0, tmpBuf, failureActions.Count * 2); // Change service error actions // Set the SERVICE_FAILURE_ACTIONS struct SERVICE_FAILURE_ACTIONS sfa = new SERVICE_FAILURE_ACTIONS(); sfa.cActions = failureActions.Count; sfa.dwResetPeriod = SERVICE_NO_CHANGE; sfa.lpCommand = String.Empty; sfa.lpRebootMsg = String.Empty; sfa.lpsaActions = tmpBuf.ToInt64(); // Call the ChangeServiceFailureActions() abstraction of ChangeServiceConfig2() bool falureActionsResult = ChangeServiceFailureActions(svcHndl, SERVICE_CONFIG_FAILURE_ACTIONS, ref sfa); //Check the return if (!falureActionsResult) { int lastErrorCode = (int)GetLastError(); Exception win32exception = new Win32Exception(lastErrorCode); if (lastErrorCode == ReturnCode.ERROR_ACCESS_DENIED) { throw new SecurityException(StringUtil.Loc("AccessDeniedSettingRecoveryOption"), win32exception); } else { throw win32exception; } } else { _term.WriteLine(StringUtil.Loc("ServiceRecoveryOptionSet", serviceName)); } // Change service to delayed auto start SERVICE_DELAYED_AUTO_START_INFO sdasi = new SERVICE_DELAYED_AUTO_START_INFO(); sdasi.fDelayedAutostart = true; // Call the ChangeServiceDelayedAutoStart() abstraction of ChangeServiceConfig2() bool delayedStartResult = ChangeServiceDelayedAutoStart(svcHndl, SERVICE_CONFIG_DELAYED_AUTO_START_INFO, ref sdasi); //Check the return if (!delayedStartResult) { int lastErrorCode = (int)GetLastError(); Exception win32exception = new Win32Exception(lastErrorCode); if (lastErrorCode == ReturnCode.ERROR_ACCESS_DENIED) { throw new SecurityException(StringUtil.Loc("AccessDeniedSettingDelayedStartOption"), win32exception); } else { throw win32exception; } } else { _term.WriteLine(StringUtil.Loc("ServiceDelayedStartOptionSet", serviceName)); } if (setServiceSidTypeAsUnrestricted) { this.setServiceSidTypeAsUnrestricted(svcHndl, serviceName); } _term.WriteLine(StringUtil.Loc("ServiceConfigured", serviceName)); } finally { if (scmHndl != IntPtr.Zero) { // Unlock the service database if (svcLock != IntPtr.Zero) { UnlockServiceDatabase(svcLock); svcLock = IntPtr.Zero; } // Close the service control manager handle CloseServiceHandle(scmHndl); scmHndl = IntPtr.Zero; } // Close the service handle if (svcHndl != IntPtr.Zero) { CloseServiceHandle(svcHndl); svcHndl = IntPtr.Zero; } // Free the memory if (tmpBuf != IntPtr.Zero) { Marshal.FreeHGlobal(tmpBuf); tmpBuf = IntPtr.Zero; } } } public void UninstallService(string serviceName) { Trace.Entering(); Trace.Verbose(StringUtil.Format("Trying to open SCManager.")); IntPtr scmHndl = OpenSCManager(null, null, ServiceManagerRights.Connect); if (scmHndl.ToInt64() <= 0) { throw new InvalidOperationException(StringUtil.Loc("FailedToOpenSCManager")); } try { Trace.Verbose(StringUtil.Format("Opened SCManager. query installed service {0}", serviceName)); IntPtr serviceHndl = OpenService(scmHndl, serviceName, ServiceRights.StandardRightsRequired | ServiceRights.Stop | ServiceRights.QueryStatus); if (serviceHndl == IntPtr.Zero) { int lastError = Marshal.GetLastWin32Error(); throw new Win32Exception(lastError); } try { Trace.Info(StringUtil.Format("Trying to delete service {0}", serviceName)); int result = DeleteService(serviceHndl); if (result == 0) { result = Marshal.GetLastWin32Error(); throw new Win32Exception(result, StringUtil.Loc("CouldNotRemoveService", serviceName)); } Trace.Info("successfully removed the service"); } finally { CloseServiceHandle(serviceHndl); } } finally { CloseServiceHandle(scmHndl); } } public void StartService(string serviceName) { Trace.Entering(); try { ServiceController service = ServiceController.GetServices().FirstOrDefault(x => x.ServiceName.Equals(serviceName, StringComparison.OrdinalIgnoreCase)); if (service != null) { service.Start(); _term.WriteLine(StringUtil.Loc("ServiceStartedSuccessfully", serviceName)); } else { throw new InvalidOperationException(StringUtil.Loc("CanNotFindService", serviceName)); } } catch (Exception exception) { Trace.Error(exception); _term.WriteError(StringUtil.Loc("CanNotStartService")); // This is the last step in the configuration. Even if the start failed the status of the configuration should be error // If its configured through scripts its mandatory we indicate the failure where configuration failed to start the service throw; } } public void StopService(string serviceName) { Trace.Entering(); try { ServiceController service = ServiceController.GetServices().FirstOrDefault(x => x.ServiceName.Equals(serviceName, StringComparison.OrdinalIgnoreCase)); if (service != null) { if (service.Status == ServiceControllerStatus.Running) { Trace.Info("Trying to stop the service"); service.Stop(); try { _term.WriteLine(StringUtil.Loc("WaitForServiceToStop")); service.WaitForStatus(ServiceControllerStatus.Stopped, TimeSpan.FromSeconds(35)); } catch (System.ServiceProcess.TimeoutException) { throw new InvalidOperationException(StringUtil.Loc("CanNotStopService", serviceName)); } } Trace.Info("Successfully stopped the service"); } else { Trace.Info(StringUtil.Loc("CanNotFindService", serviceName)); } } catch (Exception exception) { Trace.Error(exception); _term.WriteError(StringUtil.Loc("CanNotStopService", serviceName)); // Log the exception but do not report it as error. We can try uninstalling the service and then report it as error if something goes wrong. } } public void CreateVstsAgentRegistryKey() { RegistryKey tfsKey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\TeamFoundationServer\15.0", true); if (tfsKey == null) { //We could be on a machine that doesn't have TFS installed on it, create the key tfsKey = Registry.LocalMachine.CreateSubKey(@"SOFTWARE\Microsoft\TeamFoundationServer\15.0"); } if (tfsKey == null) { throw new ArgumentNullException("Unable to create regiestry key: 'HKLM\\SOFTWARE\\Microsoft\\TeamFoundationServer\\15.0'"); } try { using (RegistryKey vstsAgentsKey = tfsKey.CreateSubKey("VstsAgents")) { String hash = IOUtil.GetPathHash(HostContext.GetDirectory(WellKnownDirectory.Bin)); using (RegistryKey agentKey = vstsAgentsKey.CreateSubKey(hash)) { agentKey.SetValue("InstallPath", Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), "Agent.Listener.exe")); } } } finally { tfsKey.Dispose(); } } public void DeleteVstsAgentRegistryKey() { RegistryKey tfsKey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\TeamFoundationServer\15.0", true); if (tfsKey != null) { try { RegistryKey vstsAgentsKey = tfsKey.OpenSubKey("VstsAgents", true); if (vstsAgentsKey != null) { try { String hash = IOUtil.GetPathHash(HostContext.GetDirectory(WellKnownDirectory.Bin)); vstsAgentsKey.DeleteSubKeyTree(hash); } finally { vstsAgentsKey.Dispose(); } } } finally { tfsKey.Dispose(); } } } public string GetSecurityId(string domainName, string userName) { var account = new NTAccount(domainName, userName); var sid = account.Translate(typeof(SecurityIdentifier)); return sid != null ? sid.ToString() : null; } public void SetAutoLogonPassword(string password) { using (LsaPolicy lsaPolicy = new LsaPolicy(LSA_AccessPolicy.POLICY_CREATE_SECRET)) { lsaPolicy.SetSecretData(LsaPolicy.DefaultPassword, password); } } public void ResetAutoLogonPassword() { using (LsaPolicy lsaPolicy = new LsaPolicy(LSA_AccessPolicy.POLICY_CREATE_SECRET)) { lsaPolicy.SetSecretData(LsaPolicy.DefaultPassword, null); } } public bool IsRunningInElevatedMode() { return new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator); } public void LoadUserProfile(string domain, string userName, string logonPassword, out IntPtr tokenHandle, out PROFILEINFO userProfile) { Trace.Entering(); tokenHandle = IntPtr.Zero; ArgUtil.NotNullOrEmpty(userName, nameof(userName)); if (LogonUser(userName, domain, logonPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, out tokenHandle) == 0) { throw new Win32Exception(Marshal.GetLastWin32Error()); } userProfile = new PROFILEINFO(); userProfile.dwSize = Marshal.SizeOf(typeof(PROFILEINFO)); userProfile.lpUserName = userName; if (!LoadUserProfile(tokenHandle, ref userProfile)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } Trace.Info($"Successfully loaded the profile for {domain}\\{userName}."); } public void UnloadUserProfile(IntPtr tokenHandle, PROFILEINFO userProfile) { Trace.Entering(); if (tokenHandle == IntPtr.Zero) { Trace.Verbose("The handle to unload user profile is not set. Returning."); } if (!UnloadUserProfile(tokenHandle, userProfile.hProfile)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } Trace.Info($"Successfully unloaded the profile for {userProfile.lpUserName}."); } public void GrantDirectoryPermissionForAccount(string accountName, IList folders) { ArgUtil.NotNull(folders, nameof(folders)); Trace.Entering(); string groupName = GetUniqueBuildGroupName(); Trace.Info(StringUtil.Format("Calculated unique group name {0}", groupName)); if (!LocalGroupExists(groupName)) { Trace.Info(StringUtil.Format("Trying to create group {0}", groupName)); CreateLocalGroup(groupName); } Trace.Info(StringUtil.Format("Trying to add userName {0} to the group {1}", accountName, groupName)); AddMemberToLocalGroup(accountName, groupName); // grant permssion for folders foreach (var folder in folders) { if (Directory.Exists(folder)) { Trace.Info(StringUtil.Format("Set full access control to group for the folder {0}", folder)); GrantFullControlToGroup(folder, groupName); } } } public void RevokeDirectoryPermissionForAccount(IList folders) { ArgUtil.NotNull(folders, nameof(folders)); Trace.Entering(); string groupName = GetUniqueBuildGroupName(); Trace.Info(StringUtil.Format("Calculated unique group name {0}", groupName)); // remove the group from folders foreach (var folder in folders) { if (Directory.Exists(folder)) { Trace.Info(StringUtil.Format($"Remove the group {groupName} for the folder {folder}.")); try { RemoveGroupFromFolderSecuritySetting(folder, groupName); } catch (Exception ex) { Trace.Error(ex); } } } //delete group Trace.Info(StringUtil.Format($"Delete the group {groupName}.")); DeleteLocalGroup(groupName); } /// /// Checks if account is managed service /// /// account name /// Returns true if account is managed service. public bool IsManagedServiceAccount(string accountName) { accountName = SanitizeManagedServiceAccountName(accountName); var returnCode = this.CheckNetIsServiceAccount(null, accountName, out bool isServiceAccount); if (returnCode != ReturnCode.S_OK) { Trace.Warning($"NetIsServiceAccount return code is {returnCode}"); } return isServiceAccount; } /// /// Checks if account is managed service /// /// /// /// /// Returns 0 if account is managed service, otherwise - returns non-zero code /// Throws exception if there's an error during check public virtual uint CheckNetIsServiceAccount(string ServerName, string AccountName, out bool isServiceAccount) { return NativeWindowsServiceHelper.NetIsServiceAccount(ServerName, AccountName, out isServiceAccount); } private bool IsValidCredentialInternal(string domain, string userName, string logonPassword, UInt32 logonType) { Trace.Entering(); IntPtr tokenHandle = IntPtr.Zero; ArgUtil.NotNullOrEmpty(userName, nameof(userName)); Trace.Info($"Verify credential for account {userName}."); int result = LogonUser(userName, domain, logonPassword, logonType, LOGON32_PROVIDER_DEFAULT, out tokenHandle); if (tokenHandle.ToInt32() != 0) { if (!CloseHandle(tokenHandle)) { Trace.Error("Failed during CloseHandle on token from LogonUser"); } } if (result != 0) { Trace.Info($"Credential for account '{userName}' is valid."); return true; } else { Trace.Info($"Credential for account '{userName}' is invalid."); return false; } } private byte[] GetSidBinaryFromWindows(string domain, string user) { try { SecurityIdentifier sid = (SecurityIdentifier)new NTAccount(StringUtil.Format("{0}\\{1}", domain, user).TrimStart('\\')).Translate(typeof(SecurityIdentifier)); byte[] binaryForm = new byte[sid.BinaryLength]; sid.GetBinaryForm(binaryForm, 0); return binaryForm; } catch (Exception exception) { Trace.Error(exception); return null; } } /// /// Removes '$' character from managed service account name /// /// account name /// private string SanitizeManagedServiceAccountName(string accountName) { // remove the last '$' for MSA ArgUtil.NotNullOrEmpty(accountName, nameof(accountName)); return accountName.TrimEnd('$'); } // Helper class not to repeat whenever we deal with LSA* api internal class LsaPolicy : IDisposable { public IntPtr Handle { get; set; } public LsaPolicy() : this(LSA_AccessPolicy.POLICY_ALL_ACCESS) { } public LsaPolicy(LSA_AccessPolicy access) { LSA_UNICODE_STRING system = new LSA_UNICODE_STRING(); LSA_OBJECT_ATTRIBUTES attrib = new LSA_OBJECT_ATTRIBUTES() { Length = 0, RootDirectory = IntPtr.Zero, Attributes = 0, SecurityDescriptor = IntPtr.Zero, SecurityQualityOfService = IntPtr.Zero, }; IntPtr handle = IntPtr.Zero; uint hr = LsaOpenPolicy(ref system, ref attrib, (uint)access, out handle); if (hr != 0 || handle == IntPtr.Zero) { throw new InvalidOperationException(StringUtil.Loc("OperationFailed", nameof(LsaOpenPolicy), hr)); } Handle = handle; } public void SetSecretData(string key, string value) { LSA_UNICODE_STRING secretData = new LSA_UNICODE_STRING(); LSA_UNICODE_STRING secretName = new LSA_UNICODE_STRING(); secretName.Buffer = Marshal.StringToHGlobalUni(key); var charSize = sizeof(char); secretName.Length = (UInt16)(key.Length * charSize); secretName.MaximumLength = (UInt16)((key.Length + 1) * charSize); if (value != null && value.Length > 0) { // Create data and key secretData.Buffer = Marshal.StringToHGlobalUni(value); secretData.Length = (UInt16)(value.Length * charSize); secretData.MaximumLength = (UInt16)((value.Length + 1) * charSize); } else { // Delete data and key secretData.Buffer = IntPtr.Zero; secretData.Length = 0; secretData.MaximumLength = 0; } uint result = LsaStorePrivateData(Handle, ref secretName, ref secretData); uint winErrorCode = LsaNtStatusToWinError(result); if (winErrorCode != 0) { throw new InvalidOperationException(StringUtil.Loc("OperationFailed", nameof(LsaNtStatusToWinError), winErrorCode)); } } void IDisposable.Dispose() { // We will ignore LsaClose error LsaClose(Handle); GC.SuppressFinalize(this); } internal static string DefaultPassword = "DefaultPassword"; } internal enum LSA_AccessPolicy : long { POLICY_VIEW_LOCAL_INFORMATION = 0x00000001L, POLICY_VIEW_AUDIT_INFORMATION = 0x00000002L, POLICY_GET_PRIVATE_INFORMATION = 0x00000004L, POLICY_TRUST_ADMIN = 0x00000008L, POLICY_CREATE_ACCOUNT = 0x00000010L, POLICY_CREATE_SECRET = 0x00000020L, POLICY_CREATE_PRIVILEGE = 0x00000040L, POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080L, POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100L, POLICY_AUDIT_LOG_ADMIN = 0x00000200L, POLICY_SERVER_ADMIN = 0x00000400L, POLICY_LOOKUP_NAMES = 0x00000800L, POLICY_NOTIFICATION = 0x00001000L, POLICY_ALL_ACCESS = 0x00001FFFL } [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)] public static extern uint LsaStorePrivateData( IntPtr policyHandle, ref LSA_UNICODE_STRING KeyName, ref LSA_UNICODE_STRING PrivateData ); [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)] public static extern uint LsaNtStatusToWinError( uint status ); private static UInt32 LOGON32_LOGON_INTERACTIVE = 2; private const UInt32 LOGON32_LOGON_NETWORK = 3; // Declaration of external pinvoke functions private static readonly string s_logonAsServiceName = "SeServiceLogonRight"; private const UInt32 LOGON32_PROVIDER_DEFAULT = 0; private const int SERVICE_SID_TYPE_UNRESTRICTED = 0x00000001; private const int SERVICE_WIN32_OWN_PROCESS = 0x00000010; private const int SERVICE_NO_CHANGE = -1; private const int SERVICE_CONFIG_FAILURE_ACTIONS = 0x2; private const int SERVICE_CONFIG_DELAYED_AUTO_START_INFO = 0x3; private const int SERVICE_CONFIG_SERVICE_SID_INFO = 0x5; // TODO Fix this. This is not yet available in coreclr (newer version?) private const int UnicodeCharSize = 2; private static LSA_UNICODE_STRING[] LogonAsServiceRights { get { return new[] { new LSA_UNICODE_STRING() { Buffer = Marshal.StringToHGlobalUni(s_logonAsServiceName), Length = (UInt16)(s_logonAsServiceName.Length * UnicodeCharSize), MaximumLength = (UInt16) ((s_logonAsServiceName.Length + 1) * UnicodeCharSize) } }; } } public struct ReturnCode { public const int S_OK = 0; public const int ERROR_ACCESS_DENIED = 5; public const int ERROR_INVALID_PARAMETER = 87; public const int ERROR_MEMBER_NOT_IN_ALIAS = 1377; // member not in a group public const int ERROR_MEMBER_IN_ALIAS = 1378; // member already exists public const int ERROR_ALIAS_EXISTS = 1379; // group already exists public const int ERROR_NO_SUCH_ALIAS = 1376; public const int ERROR_NO_SUCH_MEMBER = 1387; public const int ERROR_INVALID_MEMBER = 1388; public const int NERR_GroupNotFound = 2220; public const int NERR_GroupExists = 2223; public const int NERR_UserInGroup = 2236; public const uint STATUS_ACCESS_DENIED = 0XC0000022; //NTSTATUS error code: Access Denied } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct LocalGroupInfo { [MarshalAs(UnmanagedType.LPWStr)] public string Name; [MarshalAs(UnmanagedType.LPWStr)] public string Comment; } [StructLayout(LayoutKind.Sequential)] public struct LSA_UNICODE_STRING { public UInt16 Length; public UInt16 MaximumLength; // We need to use an IntPtr because if we wrap the Buffer with a SafeHandle-derived class, we get a failure during LsaAddAccountRights public IntPtr Buffer; } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct LocalGroupMemberInfo { [MarshalAs(UnmanagedType.LPWStr)] public string FullName; } [StructLayout(LayoutKind.Sequential)] public struct LSA_OBJECT_ATTRIBUTES { public UInt32 Length; public IntPtr RootDirectory; public LSA_UNICODE_STRING ObjectName; public UInt32 Attributes; public IntPtr SecurityDescriptor; public IntPtr SecurityQualityOfService; } [StructLayout(LayoutKind.Sequential)] public struct SERVICE_FAILURE_ACTIONS { public int dwResetPeriod; public string lpRebootMsg; public string lpCommand; public int cActions; public long lpsaActions; } [StructLayout(LayoutKind.Sequential)] public struct SERVICE_DELAYED_AUTO_START_INFO { public bool fDelayedAutostart; } [StructLayout(LayoutKind.Sequential)] public struct SERVICE_SID_INFO { public int dwServiceSidType; } // Class to represent a failure action which consists of a recovery // action type and an action delay private class FailureAction { // Property to set recover action type public RecoverAction Type { get; set; } // Property to set recover action delay public int Delay { get; set; } // Constructor public FailureAction(RecoverAction actionType, int actionDelay) { Type = actionType; Delay = actionDelay; } } [Flags] public enum ServiceManagerRights { Connect = 0x0001, CreateService = 0x0002, EnumerateService = 0x0004, Lock = 0x0008, QueryLockStatus = 0x0010, ModifyBootConfig = 0x0020, StandardRightsRequired = 0xF0000, AllAccess = (StandardRightsRequired | Connect | CreateService | EnumerateService | Lock | QueryLockStatus | ModifyBootConfig) } [Flags] public enum ServiceRights { QueryConfig = 0x1, ChangeConfig = 0x2, QueryStatus = 0x4, EnumerateDependants = 0x8, Start = 0x10, Stop = 0x20, PauseContinue = 0x40, Interrogate = 0x80, UserDefinedControl = 0x100, Delete = 0x00010000, StandardRightsRequired = 0xF0000, AllAccess = (StandardRightsRequired | QueryConfig | ChangeConfig | QueryStatus | EnumerateDependants | Start | Stop | PauseContinue | Interrogate | UserDefinedControl) } public enum ServiceError { Ignore = 0x00000000, Normal = 0x00000001, Severe = 0x00000002, Critical = 0x00000003 } public enum ServiceStartType { BootStart = 0x00000000, SystemStart = 0x00000001, AutoStart = 0x00000002, DemandStart = 0x00000003, Disabled = 0x00000004 } // Enum for recovery actions (correspond to the Win32 equivalents ) private enum RecoverAction { None = 0, Restart = 1, Reboot = 2, RunCommand = 3 } [DllImport("Logoncli.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern uint NetIsServiceAccount(string ServerName, string AccountName, [MarshalAs(UnmanagedType.Bool)] out bool IsServiceAccount); [DllImport("Netapi32.dll")] private extern static int NetLocalGroupGetInfo(string servername, string groupname, int level, out IntPtr bufptr); [DllImport("Netapi32.dll")] private extern static int NetApiBufferFree(IntPtr Buffer); [DllImport("Netapi32.dll")] private extern static int NetLocalGroupAdd([MarshalAs(UnmanagedType.LPWStr)] string servername, int level, ref LocalGroupInfo buf, int parm_err); [DllImport("Netapi32.dll")] private extern static int NetLocalGroupAddMembers([MarshalAs(UnmanagedType.LPWStr)] string serverName, [MarshalAs(UnmanagedType.LPWStr)] string groupName, int level, ref LocalGroupMemberInfo buf, int totalEntries); [DllImport("Netapi32.dll")] public extern static int NetLocalGroupDel([MarshalAs(UnmanagedType.LPWStr)] string servername, [MarshalAs(UnmanagedType.LPWStr)] string groupname); [DllImport("advapi32.dll")] private static extern Int32 LsaClose(IntPtr ObjectHandle); [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)] private static extern uint LsaOpenPolicy( ref LSA_UNICODE_STRING SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, uint DesiredAccess, out IntPtr PolicyHandle); [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)] private static extern uint LsaAddAccountRights( IntPtr PolicyHandle, byte[] AccountSid, LSA_UNICODE_STRING[] UserRights, uint CountOfRights); [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)] public static extern uint LsaEnumerateAccountRights( IntPtr PolicyHandle, byte[] AccountSid, out IntPtr UserRights, out uint CountOfRights); [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)] public static extern uint LsaFreeMemory(IntPtr pBuffer); [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern int LogonUser(string userName, string domain, string password, uint logonType, uint logonProvider, out IntPtr tokenHandle); [DllImport("userenv.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern Boolean LoadUserProfile(IntPtr hToken, ref PROFILEINFO lpProfileInfo); [DllImport("userenv.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern Boolean UnloadUserProfile(IntPtr hToken, IntPtr hProfile); [DllImport("kernel32", SetLastError = true)] public static extern bool CloseHandle(IntPtr handle); [DllImport("advapi32.dll", EntryPoint = "CreateServiceA")] private static extern IntPtr CreateService( IntPtr hSCManager, string lpServiceName, string lpDisplayName, ServiceRights dwDesiredAccess, int dwServiceType, ServiceStartType dwStartType, ServiceError dwErrorControl, string lpBinaryPathName, string lpLoadOrderGroup, IntPtr lpdwTagId, string lpDependencies, string lp, string lpPassword); [DllImport("advapi32.dll")] public static extern IntPtr OpenSCManager(string lpMachineName, string lpDatabaseName, ServiceManagerRights dwDesiredAccess); [DllImport("advapi32.dll", SetLastError = true)] public static extern IntPtr OpenService(IntPtr hSCManager, string lpServiceName, ServiceRights dwDesiredAccess); [DllImport("advapi32.dll", SetLastError = true)] public static extern int DeleteService(IntPtr hService); [DllImport("advapi32.dll")] public static extern int CloseServiceHandle(IntPtr hSCObject); [DllImport("advapi32.dll")] public static extern IntPtr LockServiceDatabase(IntPtr hSCManager); [DllImport("advapi32.dll")] public static extern bool UnlockServiceDatabase(IntPtr hSCManager); [DllImport("advapi32.dll", EntryPoint = "ChangeServiceConfig2")] public static extern bool ChangeServiceFailureActions(IntPtr hService, int dwInfoLevel, ref SERVICE_FAILURE_ACTIONS lpInfo); [DllImport("advapi32.dll", EntryPoint = "ChangeServiceConfig2")] public static extern bool ChangeServiceSidType(IntPtr hService, int dwInfoLevel, ref SERVICE_SID_INFO lpInfo); [DllImport("advapi32.dll", EntryPoint = "ChangeServiceConfig2")] public static extern bool ChangeServiceDelayedAutoStart(IntPtr hService, int dwInfoLevel, ref SERVICE_DELAYED_AUTO_START_INFO lpInfo); [DllImport("kernel32.dll")] static extern uint GetLastError(); /// /// Sets service sid type as SERVICE_SID_TYPE_UNRESTRICTED - to make service more configurable for admins from the point of permissions /// /// Service handler /// Service name private void setServiceSidTypeAsUnrestricted(IntPtr svcHndl, string serviceName) { // Change service SID type to unrestricted SERVICE_SID_INFO ssi = new SERVICE_SID_INFO(); ssi.dwServiceSidType = SERVICE_SID_TYPE_UNRESTRICTED; // Call the ChangeServiceDelayedAutoStart() abstraction of ChangeServiceConfig2() bool serviceSidTypeResult = ChangeServiceSidType(svcHndl, SERVICE_CONFIG_SERVICE_SID_INFO, ref ssi); //Check the return if (!serviceSidTypeResult) { int lastErrorCode = (int)GetLastError(); Exception win32exception = new Win32Exception(lastErrorCode); if (lastErrorCode == ReturnCode.ERROR_ACCESS_DENIED) { throw new SecurityException(StringUtil.Loc("AccessDeniedSettingSidType"), win32exception); } else { throw win32exception; } } else { _term.WriteLine(StringUtil.Loc("ServiceSidTypeSet", serviceName)); } } } [StructLayout(LayoutKind.Sequential)] public struct PROFILEINFO { public int dwSize; public int dwFlags; [MarshalAs(UnmanagedType.LPTStr)] public String lpUserName; [MarshalAs(UnmanagedType.LPTStr)] public String lpProfilePath; [MarshalAs(UnmanagedType.LPTStr)] public String lpDefaultPath; [MarshalAs(UnmanagedType.LPTStr)] public String lpServerName; [MarshalAs(UnmanagedType.LPTStr)] public String lpPolicyPath; public IntPtr hProfile; } } ================================================ FILE: src/Agent.Listener/Configuration.Windows/RSAEncryptedFileKeyManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.IO; using System.Runtime.Versioning; using System.Security.Cryptography; using System.Text; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { [SupportedOSPlatform("windows")] public class RSAEncryptedFileKeyManager : AgentService, IRSAKeyManager { private string _keyFile; private IHostContext _context; public RSA CreateKey(bool enableAgentKeyStoreInNamedContainer, bool useCng) { if (enableAgentKeyStoreInNamedContainer) { return CreateKeyStoreKeyInNamedContainer(useCng); } else { return CreateKeyStoreKeyInFile(useCng); } } private RSA CreateKeyStoreKeyInNamedContainer(bool useCng) { RSA rsa; if (!File.Exists(_keyFile)) { if (useCng) { Trace.Info("Creating new RSA key using 2048-bit key length"); var cspKeyCreationParameters = new CngKeyCreationParameters(); cspKeyCreationParameters.KeyCreationOptions = CngKeyCreationOptions.None; cspKeyCreationParameters.Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider; cspKeyCreationParameters.Parameters.Add(new CngProperty("Length", BitConverter.GetBytes(2048), CngPropertyOptions.None)); string keyContainerName = "AgentKeyContainer" + Guid.NewGuid().ToString(); #pragma warning disable CA2000 // Dispose objects before losing scope var cngKey = CngKey.Create(CngAlgorithm.Rsa, keyContainerName, cspKeyCreationParameters); #pragma warning restore CA2000 // Dispose objects before losing scope rsa = new RSACng(cngKey); // Now write the parameters to disk SaveParameters(default(RSAParameters), keyContainerName, useCng); Trace.Info(StringUtil.Format("Successfully saved containerName to file {0} in container {1}", _keyFile, keyContainerName)); } else { Trace.Info("Creating new RSA key using 2048-bit key length"); CspParameters Params = new CspParameters(); Params.KeyContainerName = "AgentKeyContainer" + Guid.NewGuid().ToString(); Params.Flags |= CspProviderFlags.UseNonExportableKey | CspProviderFlags.UseMachineKeyStore; rsa = new RSACryptoServiceProvider(2048, Params); // Now write the parameters to disk SaveParameters(default(RSAParameters), Params.KeyContainerName, useCng); Trace.Info(StringUtil.Format("Successfully saved containerName to file {0} in container {1}", _keyFile, Params.KeyContainerName)); } } else { Trace.Info(StringUtil.Format("Found existing RSA key parameters file {0}", _keyFile)); var result = LoadParameters(); if(string.IsNullOrEmpty(result.containerName)) { Trace.Info("Container name not present; reading RSA key from file"); return CreateKeyStoreKeyInFile(useCng); } CspParameters Params = new CspParameters(); Params.KeyContainerName = result.containerName; Params.Flags |= CspProviderFlags.UseNonExportableKey | CspProviderFlags.UseMachineKeyStore; rsa = new RSACryptoServiceProvider(Params); } return rsa; // References: // https://stackoverflow.com/questions/2274596/how-to-store-a-public-key-in-a-machine-level-rsa-key-container // https://social.msdn.microsoft.com/Forums/en-US/e3902420-3a82-42cf-a4a3-de230ebcea56/how-to-store-a-public-key-in-a-machinelevel-rsa-key-container?forum=netfxbcl // https://security.stackexchange.com/questions/234477/windows-certificates-where-is-private-key-located } private RSA CreateKeyStoreKeyInFile(bool useCng) { RSACryptoServiceProvider rsa = null; if (!File.Exists(_keyFile)) { Trace.Info("Creating new RSA key using 2048-bit key length"); rsa = new RSACryptoServiceProvider(2048); // Now write the parameters to disk SaveParameters(rsa.ExportParameters(true), string.Empty, false); Trace.Info(StringUtil.Format("Successfully saved RSA key parameters to file {0}", _keyFile)); } else { Trace.Info(StringUtil.Format("Found existing RSA key parameters file {0}", _keyFile)); var result = LoadParameters(); if(!string.IsNullOrEmpty(result.containerName)) { Trace.Info("Keyfile has ContainerName, so we must read from named container"); return CreateKeyStoreKeyInNamedContainer(useCng); } rsa = new RSACryptoServiceProvider(); rsa.ImportParameters(result.rsaParameters); } return rsa; } public void DeleteKey() { if (File.Exists(_keyFile)) { Trace.Info(StringUtil.Format("Deleting RSA key parameters file {0}", _keyFile)); File.Delete(_keyFile); } } public RSA GetKey() { return GetKeyFromFile(); } private RSA GetKeyFromNamedContainer() { if (!File.Exists(_keyFile)) { throw new CryptographicException(StringUtil.Loc("RSAKeyFileNotFound", _keyFile)); } Trace.Info(StringUtil.Format("Loading RSA key parameters from file {0}", _keyFile)); var result = LoadParameters(); if (string.IsNullOrEmpty(result.containerName)) { // we should not get here. GetKeyFromNamedContainer is only called from GetKeyFromFile when result.containerName is not empty return GetKeyFromFile(); } if (result.useCng) { Trace.Info("Using CNG api"); #pragma warning disable CA2000 // Dispose objects before losing scope // disposed by by call to rsa.Dispose() var cngKey = CngKey.Open(result.containerName, CngProvider.MicrosoftSoftwareKeyStorageProvider, CngKeyOpenOptions.UserKey); #pragma warning restore CA2000 // Dispose objects before losing scope var rsa = new RSACng(cngKey); return rsa; } else { Trace.Info("Using RSACryptoServiceProvider"); CspParameters Params = new CspParameters(); Params.KeyContainerName = result.containerName; Params.Flags |= CspProviderFlags.UseNonExportableKey | CspProviderFlags.UseMachineKeyStore; var rsa = new RSACryptoServiceProvider(Params); return rsa; } } private RSA GetKeyFromFile() { if (!File.Exists(_keyFile)) { throw new CryptographicException(StringUtil.Loc("RSAKeyFileNotFound", _keyFile)); } Trace.Info(StringUtil.Format("Loading RSA key parameters from file {0}", _keyFile)); var result = LoadParameters(); if(!string.IsNullOrEmpty(result.containerName)) { Trace.Info("Keyfile has ContainerName, reading from NamedContainer"); return GetKeyFromNamedContainer(); } var rsa = new RSACryptoServiceProvider(); rsa.ImportParameters(result.rsaParameters); return rsa; } private (string containerName, bool useCng, RSAParameters rsaParameters) LoadParameters() { var encryptedBytes = File.ReadAllBytes(_keyFile); var parametersString = Encoding.UTF8.GetString(ProtectedData.Unprotect(encryptedBytes, null, DataProtectionScope.LocalMachine)); var deserialized = StringUtil.ConvertFromJson(parametersString); return (deserialized.ContainerName, deserialized.UseCng, deserialized.RSAParameters); } private void SaveParameters(RSAParameters parameters, string containerName, bool useCng) { var parametersString = StringUtil.ConvertToJson(new RSAParametersSerializable(containerName, useCng, parameters)); var encryptedBytes = ProtectedData.Protect(Encoding.UTF8.GetBytes(parametersString), null, DataProtectionScope.LocalMachine); File.WriteAllBytes(_keyFile, encryptedBytes); File.SetAttributes(_keyFile, File.GetAttributes(_keyFile) | FileAttributes.Hidden); } void IAgentService.Initialize(IHostContext context) { base.Initialize(context); _context = context; _keyFile = context.GetConfigFile(WellKnownConfigFile.RSACredentials); } } } ================================================ FILE: src/Agent.Listener/Configuration.Windows/WindowsRegistryManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Runtime.Versioning; using Microsoft.Win32; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { [ServiceLocator(Default = typeof(WindowsRegistryManager))] [SupportedOSPlatform("windows")] public interface IWindowsRegistryManager : IAgentService { string GetValue(RegistryHive hive, string subKeyName, string name); void SetValue(RegistryHive hive, string subKeyName, string name, string value); void DeleteValue(RegistryHive hive, string subKeyName, string name); bool SubKeyExists(RegistryHive hive, string subKeyName); } [SupportedOSPlatform("windows")] public class WindowsRegistryManager : AgentService, IWindowsRegistryManager { public void DeleteValue(RegistryHive hive, string subKeyName, string name) { using (RegistryKey key = OpenRegistryKey(hive, subKeyName, true)) { if (key != null) { key.DeleteValue(name, false); } } } public string GetValue(RegistryHive hive, string subKeyName, string name) { using (RegistryKey key = OpenRegistryKey(hive, subKeyName, false)) { if (key == null) { return null; } var value = key.GetValue(name, null); return value != null ? value.ToString() : null; } } public void SetValue(RegistryHive hive, string subKeyName, string name, string value) { using (RegistryKey key = OpenRegistryKey(hive, subKeyName, true)) { if (key == null) { Trace.Warning($"Couldn't get the subkey '{subKeyName}. Proceeding to create subkey."); using (RegistryKey createdKey = CreateRegistryKey(hive, subKeyName, writable: true)) { createdKey.SetValue(name, value); } return; } key.SetValue(name, value); } } public bool SubKeyExists(RegistryHive hive, string subKeyName) { using (RegistryKey key = OpenRegistryKey(hive, subKeyName, false)) { return key != null; } } private RegistryKey OpenRegistryKey(RegistryHive hive, string subKeyName, bool writable = true) { RegistryKey key = null; switch (hive) { case RegistryHive.CurrentUser: key = Registry.CurrentUser.OpenSubKey(subKeyName, writable); break; case RegistryHive.Users: key = Registry.Users.OpenSubKey(subKeyName, writable); break; case RegistryHive.LocalMachine: key = Registry.LocalMachine.OpenSubKey(subKeyName, writable); break; } return key; } private RegistryKey CreateRegistryKey(RegistryHive hive, string subKeyName, bool writable = true) { RegistryKey key = null; switch (hive) { case RegistryHive.CurrentUser: key = Registry.CurrentUser.CreateSubKey(subKeyName, writable); break; case RegistryHive.Users: key = Registry.Users.CreateSubKey(subKeyName, writable); break; case RegistryHive.LocalMachine: key = Registry.LocalMachine.CreateSubKey(subKeyName, writable); break; } return key; } } } ================================================ FILE: src/Agent.Listener/Configuration.Windows/WindowsServiceControlManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Runtime.Versioning; using System.Security; using System.Security.Principal; using System.Text; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { [ServiceLocator(Default = typeof(WindowsServiceControlManager))] [SupportedOSPlatform("windows")] public interface IWindowsServiceControlManager : IAgentService { void ConfigureService(AgentSettings settings, CommandSettings command); void UnconfigureService(); } [SupportedOSPlatform("windows")] public class WindowsServiceControlManager : ServiceControlManager, IWindowsServiceControlManager { public const string WindowsServiceControllerName = "AgentService.exe"; private const string ServiceNamePattern = "vstsagent.{0}.{1}.{2}"; private const string ServiceDisplayNamePattern = "Azure Pipelines Agent ({0}.{1}.{2})"; private INativeWindowsServiceHelper _windowsServiceHelper; private ITerminal _term; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _windowsServiceHelper = HostContext.GetService(); _term = HostContext.GetService(); } public void ConfigureService(AgentSettings settings, CommandSettings command) { ArgUtil.NotNull(command, nameof(command)); Trace.Entering(); if (!_windowsServiceHelper.IsRunningInElevatedMode()) { Trace.Error("Needs Administrator privileges for configure agent as windows service."); throw new SecurityException(StringUtil.Loc("NeedAdminForConfigAgentWinService")); } // TODO: Fix bug that exists in the legacy Windows agent where configuration using mirrored credentials causes an error, but the agent is still functional (after restarting). Mirrored credentials is a supported scenario and shouldn't manifest any errors. // We use NetworkService as default account for build and release agent // We use Local System as default account for deployment agent, deployment pool agent, environment vm agent bool isDeploymentGroupScenario = command.GetDeploymentOrMachineGroup() || command.GetDeploymentPool() || command.GetEnvironmentVMResource(); NTAccount defaultServiceAccount = isDeploymentGroupScenario ? _windowsServiceHelper.GetDefaultAdminServiceAccount() : _windowsServiceHelper.GetDefaultServiceAccount(); string logonAccount = command.GetWindowsLogonAccount(defaultValue: defaultServiceAccount.ToString(), descriptionMsg: StringUtil.Loc("WindowsLogonAccountNameDescription")); string domainName; string userName; GetAccountSegments(logonAccount, out domainName, out userName); if ((string.IsNullOrEmpty(domainName) || domainName.Equals(".", StringComparison.CurrentCultureIgnoreCase)) && !logonAccount.Contains('@')) { logonAccount = String.Format("{0}\\{1}", Environment.MachineName, userName); domainName = Environment.MachineName; } Trace.Info($"LogonAccount after transforming: {logonAccount}, user: {userName}, domain: {domainName}"); string logonPassword = string.Empty; if (!defaultServiceAccount.Equals(new NTAccount(logonAccount)) && !_windowsServiceHelper.IsWellKnownIdentity(logonAccount) && !_windowsServiceHelper.IsManagedServiceAccount(logonAccount)) { while (true) { try { logonPassword = command.GetWindowsLogonPassword(logonAccount); } catch (ArgumentException exception) { Trace.Warning($"LogonAccount {logonAccount} is not managed service account, although you did not specify WindowsLogonPassword - maybe you wanted to use managed service account? Please see https://aka.ms/gmsa for guidelines to set up sMSA/gMSA account. "); Trace.Warning(exception.Message); throw; } if (_windowsServiceHelper.IsValidCredential(domainName, userName, logonPassword)) { Trace.Info("Credential validation succeed"); break; } else { if (!command.Unattended()) { Trace.Info("Invalid credential entered"); _term.WriteLine(StringUtil.Loc("InvalidWindowsCredential")); } else { throw new SecurityException(StringUtil.Loc("InvalidWindowsCredential")); } } } } string serviceName; string serviceDisplayName; CalculateServiceName(settings, ServiceNamePattern, ServiceDisplayNamePattern, out serviceName, out serviceDisplayName); if (_windowsServiceHelper.IsServiceExists(serviceName)) { _term.WriteLine(StringUtil.Loc("ServiceAlreadyExists", serviceName)); _windowsServiceHelper.UninstallService(serviceName); } Trace.Info("Verifying if the account has LogonAsService permission"); if (_windowsServiceHelper.IsUserHasLogonAsServicePrivilege(domainName, userName)) { Trace.Info($"Account: {logonAccount} already has Logon As Service Privilege."); } else { if (!_windowsServiceHelper.GrantUserLogonAsServicePrivilage(domainName, userName)) { throw new InvalidOperationException(StringUtil.Loc("CanNotGrantPermission", logonAccount)); } } // grant permission for agent root folder and work folder Trace.Info("Create local group and grant folder permission to service logon account."); string agentRoot = HostContext.GetDirectory(WellKnownDirectory.Root); string workFolder = HostContext.GetDirectory(WellKnownDirectory.Work); Directory.CreateDirectory(workFolder); _windowsServiceHelper.GrantDirectoryPermissionForAccount(logonAccount, new[] { agentRoot, workFolder }); _term.WriteLine(StringUtil.Loc("GrantingFilePermissions", logonAccount)); // install service. _windowsServiceHelper.InstallService(serviceName, serviceDisplayName, logonAccount, logonPassword, settings.EnableServiceSidTypeUnrestricted); // create .service file with service name. SaveServiceSettings(serviceName); // Add registry key after installation _windowsServiceHelper.CreateVstsAgentRegistryKey(); Trace.Info("Configuration was successful, trying to start the service"); if (!command.GetPreventServiceStart()) { _windowsServiceHelper.StartService(serviceName); } } public void UnconfigureService() { if (!_windowsServiceHelper.IsRunningInElevatedMode()) { Trace.Error("Needs Administrator privileges for unconfigure windows service agent."); throw new SecurityException(StringUtil.Loc("NeedAdminForUnconfigWinServiceAgent")); } string serviceConfigPath = HostContext.GetConfigFile(WellKnownConfigFile.Service); string serviceName = File.ReadAllText(serviceConfigPath); if (_windowsServiceHelper.IsServiceExists(serviceName)) { _windowsServiceHelper.StopService(serviceName); _windowsServiceHelper.UninstallService(serviceName); // Delete local group we created during configure. string agentRoot = HostContext.GetDirectory(WellKnownDirectory.Root); string workFolder = HostContext.GetDirectory(WellKnownDirectory.Work); _windowsServiceHelper.RevokeDirectoryPermissionForAccount(new[] { agentRoot, workFolder }); // Remove registry key only on Windows _windowsServiceHelper.DeleteVstsAgentRegistryKey(); } IOUtil.DeleteFile(serviceConfigPath); } private void SaveServiceSettings(string serviceName) { string serviceConfigPath = HostContext.GetConfigFile(WellKnownConfigFile.Service); if (File.Exists(serviceConfigPath)) { IOUtil.DeleteFile(serviceConfigPath); } File.WriteAllText(serviceConfigPath, serviceName, new UTF8Encoding(false)); File.SetAttributes(serviceConfigPath, File.GetAttributes(serviceConfigPath) | FileAttributes.Hidden); } private void GetAccountSegments(string account, out string domain, out string user) { string[] segments = account.Split('\\'); domain = string.Empty; user = account; if (segments.Length == 2) { domain = segments[0]; user = segments[1]; } } } } ================================================ FILE: src/Agent.Listener/Configuration.macOS/MacOSServiceControlManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Collections.Generic; using System.Linq; using Microsoft.VisualStudio.Services.Agent.Util; using System.Runtime.Versioning; namespace Microsoft.VisualStudio.Services.Agent.Listener.Configuration { [ServiceLocator(Default = typeof(MacOSServiceControlManager))] [SupportedOSPlatform("macos")] public interface IMacOSServiceControlManager : IAgentService { void GenerateScripts(AgentSettings settings); } [SupportedOSPlatform("macos")] public class MacOSServiceControlManager : ServiceControlManager, IMacOSServiceControlManager { // This is the name you would see when you do `systemctl list-units | grep vsts` private const string _svcNamePattern = "vsts.agent.{0}.{1}.{2}"; private const string _svcDisplayPattern = "Azure Pipelines Agent ({0}.{1}.{2})"; private const string _shTemplate = "darwin.svc.sh.template"; private const string _svcShName = "svc.sh"; public void GenerateScripts(AgentSettings settings) { Trace.Entering(); string serviceName; string serviceDisplayName; CalculateServiceName(settings, _svcNamePattern, _svcDisplayPattern, out serviceName, out serviceDisplayName); try { string svcShPath = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), _svcShName); // TODO: encoding? // TODO: Loc strings formatted into MSG_xxx vars in shellscript string svcShContent = File.ReadAllText(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), _shTemplate)); var tokensToReplace = new Dictionary { { "{{SvcDescription}}", serviceDisplayName }, { "{{SvcNameVar}}", serviceName } }; svcShContent = tokensToReplace.Aggregate( svcShContent, (current, item) => current.Replace(item.Key, item.Value)); //TODO: encoding? File.WriteAllText(svcShPath, svcShContent); var unixUtil = HostContext.CreateService(); unixUtil.ChmodAsync("755", svcShPath).GetAwaiter().GetResult(); } catch (Exception e) { Trace.Error(e); throw; } } } } ================================================ FILE: src/Agent.Listener/Diagnostics/DiagnosticSuite.cs ================================================ using Microsoft.VisualStudio.Services.Agent.Listener.Diagnostics; using System; using System.Collections.Generic; using System.Text; namespace Agent.Listener.Diagnostics { class DiagnosticSuite { public string SuiteName { get; set; } public List DiagnosticInfo { get; set; } public List DiagnosticTests { get; set; } } } ================================================ FILE: src/Agent.Listener/Diagnostics/DiagnosticsTests.cs ================================================ using Agent.Listener.Diagnostics; using System; using System.Collections.Generic; namespace Microsoft.VisualStudio.Services.Agent.Listener.Diagnostics { public class DiagnosticTests { public DiagnosticTests(ITerminal terminal) { m_terminal = terminal; m_diagnosticSuites = new List { new DiagnosticSuite() { SuiteName = "Networking", DiagnosticInfo = new List { new MtuInfo() }, DiagnosticTests = new List { new DnsTest(), new PingTest(), } }, new DiagnosticSuite() { SuiteName = "Disk Health", DiagnosticInfo = new List { new DiskInfo(), new FolderPermissionInfo(), }, }, }; } public void Execute() { foreach (var suite in m_diagnosticSuites) { m_terminal.WriteLine($"----- Diagnostics for {suite.SuiteName} -----"); bool result = true; if (suite.DiagnosticTests != null) { foreach (var test in suite.DiagnosticTests) { string testName = test.GetType().Name; m_terminal.WriteLine(string.Format("*** {0} ***", testName)); try { if (!test.Execute(m_terminal)) { result = false; m_terminal.WriteError(string.Format("*** {0} Failed ***", testName)); } else { m_terminal.WriteLine(string.Format("*** {0} Succeeded ***", testName)); } } catch (Exception ex) { result = false; m_terminal.WriteError(ex); m_terminal.WriteError(string.Format("*** {0} Failed ***", testName)); } m_terminal.WriteLine(string.Empty); } } foreach (var info in suite.DiagnosticInfo) { string infoName = info.GetType().Name; m_terminal.WriteLine(string.Format("*** {0} ***", infoName)); try { info.Execute(m_terminal); m_terminal.WriteLine(string.Format("*** {0} Completed ***", infoName)); } catch (Exception ex) { m_terminal.WriteError(ex); m_terminal.WriteError(string.Format("*** {0} Failed ***", infoName)); } m_terminal.WriteLine(string.Empty); } if (suite.DiagnosticTests != null) { if (result) { m_terminal.WriteLine($"{suite.SuiteName} Diagnostics tests were successful!"); } else { m_terminal.WriteLine($"{suite.SuiteName} 1 or more diagnostics tests FAILED!"); } } m_terminal.WriteLine(string.Empty); m_terminal.WriteLine(string.Empty); } } private List m_diagnosticSuites; private ITerminal m_terminal; } } ================================================ FILE: src/Agent.Listener/Diagnostics/DiskInfo.cs ================================================ using System.IO; namespace Microsoft.VisualStudio.Services.Agent.Listener.Diagnostics { class DiskInfo : IDiagnosticInfo { public void Execute(ITerminal terminal) { string root = Path.GetPathRoot(System.Reflection.Assembly.GetEntryAssembly().Location); terminal.WriteLine($"Agent running on Drive {root}"); try { DriveInfo[] allDrives = DriveInfo.GetDrives(); foreach (DriveInfo d in allDrives) { terminal.WriteLine($"Drive {d.Name}"); terminal.WriteLine($" Drive type: {d.DriveType}"); if (d.IsReady == true) { terminal.WriteLine($" Volume label: {d.VolumeLabel}"); terminal.WriteLine($" File system: {d.DriveFormat}"); terminal.WriteLine(string.Format(" Available space to current user:{0, 15:N0} KB", d.AvailableFreeSpace / c_kb)); terminal.WriteLine(string.Format(" Total available space: {0, 15:N0} KB", d.TotalFreeSpace / c_kb)); terminal.WriteLine(string.Format(" Total size of drive: {0, 15:N0} KB", d.TotalSize / c_kb)); } else { terminal.WriteLine($" Drive is not Ready"); } } } catch (IOException ex) { terminal.WriteError(ex); } catch (System.UnauthorizedAccessException ex) { terminal.WriteError(ex); } } private const int c_kb = 1024; } } ================================================ FILE: src/Agent.Listener/Diagnostics/DnsTest.cs ================================================ using System; using System.Net; namespace Microsoft.VisualStudio.Services.Agent.Listener.Diagnostics { class DnsTest : IDiagnosticTest { public bool Execute(ITerminal terminal) { try { IPHostEntry host = Dns.GetHostEntry(c_hostname); terminal.WriteLine(string.Format("GetHostEntry: {0} returns:", c_hostname)); foreach (IPAddress address in host.AddressList) { terminal.WriteLine($" {address}"); } return true; } catch (Exception ex) { terminal.WriteError(ex); return false; } } private const string c_hostname = "www.bing.com"; } } ================================================ FILE: src/Agent.Listener/Diagnostics/FolderPermissionInfo.cs ================================================ using System; using System.IO; using System.Security.AccessControl; using System.Security.Principal; namespace Microsoft.VisualStudio.Services.Agent.Listener.Diagnostics { class FolderPermissionInfo : IDiagnosticInfo { public void Execute(ITerminal terminal) { try { terminal.WriteLine("Checking for Read & Write Permissions"); string currentDirName = Directory.GetCurrentDirectory(); DirectoryInfo directoryInfo = new DirectoryInfo(currentDirName); terminal.WriteLine($"{directoryInfo.FullName.PadRight(c_padding)} {HasFolderWritePermission(terminal, currentDirName)}"); DirectoryInfo[] folders = directoryInfo.GetDirectories(); foreach (DirectoryInfo folder in folders) { terminal.WriteLine($"{folder.FullName.PadRight(c_padding)} {HasFolderWritePermission(terminal, folder.FullName)}"); } string[] files = Directory.GetFiles(currentDirName); foreach (string file in files) { terminal.WriteLine($"{file.PadRight(c_padding)} {HasFileReadWritePermission(terminal, new FileInfo(file))}"); } } catch (Exception ex) { terminal.WriteError(ex); } } // There isn't a cross-plat lookup to easily determine if a directory is writable // The easiest generic approach is to attempt the operation private bool HasFolderWritePermission(ITerminal terminal, string dirPath) { try { using (FileStream fs = File.Create(Path.Combine(dirPath, Path.GetRandomFileName()), 1, FileOptions.DeleteOnClose)) { return true; } } catch (Exception ex) { terminal.WriteError(ex); return false; } } // There isn't a cross-plat lookup to easily determine read / write / lock permissions // The easiest generic approach is to attempt to open the file in ReadWrite mode private bool HasFileReadWritePermission(ITerminal terminal, FileInfo file) { try { using (FileStream stream = file.Open(FileMode.Open, FileAccess.ReadWrite, FileShare.None)) { stream.Close(); return true; } } catch (Exception ex) { terminal.WriteError(ex); return false; } } private const int c_padding = 75; } } ================================================ FILE: src/Agent.Listener/Diagnostics/IDiagnosticInfo.cs ================================================ namespace Microsoft.VisualStudio.Services.Agent.Listener.Diagnostics { public interface IDiagnosticInfo { void Execute(ITerminal terminal); } } ================================================ FILE: src/Agent.Listener/Diagnostics/IDiagnosticTest.cs ================================================ namespace Microsoft.VisualStudio.Services.Agent.Listener.Diagnostics { public interface IDiagnosticTest { bool Execute(ITerminal terminal); } } ================================================ FILE: src/Agent.Listener/Diagnostics/MtuInfo.cs ================================================ using System.Net.NetworkInformation; namespace Microsoft.VisualStudio.Services.Agent.Listener.Diagnostics { class MtuInfo : IDiagnosticInfo { public void Execute(ITerminal terminal) { NetworkInterface[] nics = NetworkInterface.GetAllNetworkInterfaces(); IPGlobalProperties properties = IPGlobalProperties.GetIPGlobalProperties(); terminal.WriteLine($"IP interface information for {properties?.HostName}.{properties?.HostName}"); terminal.WriteLine(); foreach (NetworkInterface adapter in nics) { terminal.WriteLine(adapter.Description); if (adapter.Supports(NetworkInterfaceComponent.IPv4)) { IPInterfaceProperties adapterProperties = adapter.GetIPProperties(); IPv4InterfaceProperties p = adapterProperties.GetIPv4Properties(); if (p == null) { terminal.WriteLine("No IPv4 information is available for this interface."); } else { terminal.WriteLine($" IPv4 MTU ............................... : {p.Mtu}"); } } if (adapter.Supports(NetworkInterfaceComponent.IPv6)) { IPInterfaceProperties adapterProperties = adapter.GetIPProperties(); IPv6InterfaceProperties p = adapterProperties.GetIPv6Properties(); if (p == null) { terminal.WriteLine("No IPv6 information is available for this interface."); } else { terminal.WriteLine($" IPv6 MTU ............................... : {p.Mtu}"); } } } } } } ================================================ FILE: src/Agent.Listener/Diagnostics/PingTest.cs ================================================ using System.Net.NetworkInformation; namespace Microsoft.VisualStudio.Services.Agent.Listener.Diagnostics { class PingTest : IDiagnosticTest { public bool Execute(ITerminal terminal) { using (Ping ping = new Ping()) { try { terminal.WriteLine(string.Format("Attempt to Ping: {0} with timeout {1}", c_hostname, c_timeout)); PingReply pingreply = ping.Send(c_hostname, c_timeout); terminal.WriteLine(string.Format("Address: {0}", pingreply.Address)); terminal.WriteLine(string.Format("Status: {0}", pingreply.Status)); terminal.WriteLine(string.Format("Round trip time: {0}", pingreply.RoundtripTime)); if (pingreply.Status != IPStatus.Success) { terminal.WriteError(string.Format("Unsuccessful status response from {0}. Verify internet connection is working", c_hostname)); return false; } } catch (PingException ex) { terminal.WriteError(ex); return false; } } return true; } private const string c_hostname = "www.bing.com"; private const int c_timeout = 10000; } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/TaskResources.g.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Globalization; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines { internal static class TaskResources { internal static string PlanNotFound(params object[] args) { const string Format = @"No plan found for identifier {0}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string PlanSecurityDeleteError(params object[] args) { const string Format = @"Access denied: {0} does not have delete permissions for orchestration plan {1}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string PlanSecurityWriteError(params object[] args) { const string Format = @"Access denied: {0} does not have write permissions for orchestration plan {1}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string HubExtensionNotFound(params object[] args) { const string Format = @"No task hub extension was found for hub {0}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string SecurityTokenNotFound(params object[] args) { const string Format = @"No security token was found for artifact {0} using extension {1}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string TimelineNotFound(params object[] args) { const string Format = @"No timeline found for plan {0} with identifier {1}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string LogWithNoContentError(params object[] args) { const string Format = @"Content must be provided to create a log."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string LogWithNoContentLengthError(params object[] args) { const string Format = @"ContentLength header must be specified to create a log."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string UnsupportedRollbackContainers(params object[] args) { const string Format = @"Rollback is supported only at the top level container."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string HubNotFound(params object[] args) { const string Format = @"No hub is registered with name {0}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string MultipleHubResolversNotSupported(params object[] args) { const string Format = @"Only one default task hub resolver may be specified per application. Found {0}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string HubExists(params object[] args) { const string Format = @"A hub is already registered with name {0}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string TimelineRecordInvalid(params object[] args) { const string Format = @"The timeline record {0} is not valid. Name and Type are required fields."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string TimelineRecordNotFound(params object[] args) { const string Format = @"No timeline record found for plan {0} and timeline {1} with identifier {2}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string FailedToObtainJobAuthorization(params object[] args) { const string Format = @"Unable to obtain an authenticated token for running job {0} with plan type {1} and identifier {2}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string TaskInputRequired(params object[] args) { const string Format = @"Task {0} did not specify a value for required input {1}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string PlanOrchestrationTerminated(params object[] args) { const string Format = @"Orchestration plan {0} is not in a runnable state."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string PlanAlreadyStarted(params object[] args) { const string Format = @"Orchestration plan {0} version {1} has already been started for hub {2}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string TimelineExists(params object[] args) { const string Format = @"A timeline already exists for plan {0} with identifier {1}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string InvalidContainer(params object[] args) { const string Format = @"Container is not valid for {0} orchestration."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string EndpointNotFound(params object[] args) { const string Format = @"No endpoint found with identifier {0}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string ShouldStartWithEndpointUrl(params object[] args) { const string Format = @"EndpointUrl of HttpRequest execution should start with $(endpoint.url)."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string TaskExecutionDefinitionInvalid(params object[] args) { const string Format = @"Task execution section of task definition for Id : {0} is either missing or not valid."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string ServerExecutionFailure(params object[] args) { const string Format = @"Failure occured while sending Http Request : {0}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string UnsupportedTaskCountForServerJob(params object[] args) { const string Format = @"Container is not valid for orchestration as job should contain exactly one task."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string TaskServiceBusPublishFailed(params object[] args) { const string Format = @"Task {0} failed to publish to message bus {1} configured on service endpoint {2}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string TaskServiceBusExecutionFailure(params object[] args) { const string Format = @"Task {0} failed to publish to message bus {1} configured on service endpoint {2}. Error: {3}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string TimeoutFormatNotValid(params object[] args) { const string Format = @"The Timeout values '{0}' are not valid for job events '{1}' in the task execution section for Id: '{2}'. Specify valid timeout in 'hh:mm:ss' format such as '01:40:00' and try again."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string JobNotFound(params object[] args) { const string Format = @"No job found with identifier '{0}' for plan '{1}'."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string PlanGroupNotFound(params object[] args) { const string Format = @"No plan group found with identifier {0}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string PlanSecurityReadError(params object[] args) { const string Format = @"Access denied: {0} does not have read permissions for orchestration plan {1}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string SaveJobOutputVariablesError(params object[] args) { const string Format = @"Failed to save output variables for job '{0}'. Error: {1}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string VstsAccessTokenCacheKeyLookupResultIsInvalidError(params object[] args) { const string Format = @"Failed to get Visual Studio Team Foundation Service access token from property cache service, cache key is invalid."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string VstsAccessTokenKeyNotFoundError(params object[] args) { const string Format = @"Visual Studio Team Foundation Service token (AccessTokenKey) is invalid. Try to validate again."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string VstsAccessTokenCacheKeyLookupResultIsNullError(params object[] args) { const string Format = @"Failed to get Visual Studio Team Foundation Service access token, cache value is invalid."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string VstsAccessTokenIsNullError(params object[] args) { const string Format = @"Visual Studio Team Foundation Service access token is invalid, token shouldn't be null."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string VstsIdTokenKeyNotFoundError(params object[] args) { const string Format = @"Visual Studio Team Foundation Service token (IdToken) is invalid. Try to validate again."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string VstsNonceNotFoundError(params object[] args) { const string Format = @"Visual Studio Team Foundation Service token (Nonce) is invalid. Try to validate again."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string FailedToGenerateToken(params object[] args) { const string Format = @"Unable to generate a personal access token for service identity '{0}' ('{1}'). Error : {2}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string FailedToObtainToken(params object[] args) { const string Format = @"Failed to obtain the Json Web Token(JWT) for service principal id '{0}'"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string InvalidAzureEndpointAuthorizer(params object[] args) { const string Format = @"No Azure endpoint authorizer found for authentication of type '{0}'"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string InvalidAzureManagementCertificate(params object[] args) { const string Format = @"Invalid Azure Management certificate"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string InvalidEndpointAuthorizer(params object[] args) { const string Format = @"No Endpoint Authorizer found for endpoint of type '{0}'"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string InvalidEndpointId(params object[] args) { const string Format = @"The value {0} provided for the endpoint identifier is not within the permissible values for it."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string InvalidScopeId(params object[] args) { const string Format = @"The scope {0} is not valid."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string ResourceUrlNotSupported(params object[] args) { const string Format = @"ResourceUrl is not support for the endpoint type {0} and authentication scheme {1}."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string NoAzureCertificate(params object[] args) { const string Format = @"Could not extract certificate for AzureSubscription."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string NoAzureServicePrincipal(params object[] args) { const string Format = @"Could not extract service principal information for AzureSubscription."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string NoUsernamePassword(params object[] args) { const string Format = @"Could not extract Username and Password for endpoint."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string NullSessionToken(params object[] args) { const string Format = @"Unable to generate a personal access token for service identity '{0}' ('{1}') because of null result."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string MissingProperty(params object[] args) { const string Format = @"""Expected property {0} in service endpoint defintion"""; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string ServiceEndPointNotFound(params object[] args) { const string Format = @"Service endpoint with id {0} not found"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string InvalidLicenseHub(params object[] args) { const string Format = @"This operation is not supported on {0} hub as it is not a licensing hub."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string HttpMethodNotRecognized(params object[] args) { const string Format = @"The Http Method: {0} is not supported."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string TaskDefinitionInvalid(params object[] args) { const string Format = @"Task definition for Id: {0} is either missing or not valid."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string UrlCannotBeEmpty(params object[] args) { const string Format = @"Url for HttpRequest cannot be empty."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string UrlIsNotCorrect(params object[] args) { const string Format = @"Url {0} for HttpRequest is not correct."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string UrlShouldComeFromEndpointOrExplicitelySpecified(params object[] args) { const string Format = @"Url for HttpRequest should either come from endpoint or specified explicitely."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string WaitForCompletionInvalid(params object[] args) { const string Format = @"Wait for completion can only be true or false. Current value: {0}"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string HttpRequestTimeoutError(params object[] args) { const string Format = @"The request timed out after {0} seconds as no response was recieved."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string UnableToAcquireLease(params object[] args) { const string Format = @"Unable to acquire lease: {0}"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string UnableToCompleteOperationSecurely(params object[] args) { const string Format = @"Internal Error: Unable to complete operation securely."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string CancellingHttpRequestException(params object[] args) { const string Format = @"An error was encountered while cancelling request. Exception: {0}"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string EncryptionKeyNotFound(params object[] args) { const string Format = @"Encryption Key should have been present in the drawer: {0} with lookup key: {1}"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string ProcessingHttpRequestException(params object[] args) { const string Format = @"An error was encountered while processing request. Exception: {0}"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string AzureKeyVaultTaskName(params object[] args) { const string Format = @"Download secrets: {0}"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string AzureKeyVaultServiceEndpointIdMustBeValidGuid(params object[] args) { const string Format = @"Azure Key Vault provider's service endpoint id must be non empty and a valid guid."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string AzureKeyVaultKeyVaultNameMustBeValid(params object[] args) { const string Format = @"Azure Key Vault provider's vault name must be non empty."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string AzureKeyVaultLastRefreshedOnMustBeValid(params object[] args) { const string Format = @"Azure Key Vault provider's last refreshed on must be valid datetime."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string InvalidAzureKeyVaultVariableGroupProviderData(params object[] args) { const string Format = @"Either variable group is not an azure key vault variable group or invalid provider data in azure key vault variable group."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string VariableGroupTypeNotSupported(params object[] args) { const string Format = @"Variable group type {0} is not supported."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string TaskRequestMessageTypeNotSupported(params object[] args) { const string Format = @"This kind of message type: {0}, is not yet supported"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string HttpHandlerUnableToProcessError(params object[] args) { const string Format = @"Unable to process messages with count : {0} and message types as: {1}"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string YamlFrontMatterNotClosed(params object[] args) { const string Format = @"Unexpected end of file '{0}'. The file started with '---' to indicate a preamble data section. The end of the file was reached without finding a corresponding closing '---'."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string YamlFrontMatterNotValid(params object[] args) { const string Format = @"Error parsing preamble data section from file '{0}'. {1}"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string YamlFileCount(params object[] args) { const string Format = @"A YAML definition may not exceed {0} file references."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } internal static string MustacheEvaluationTimeout(params object[] args) { const string Format = @"YAML template preprocessing timed out for the file '{0}'. Template expansion cannot exceed '{1}' seconds."; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Update-FromVso.ps1 ================================================ [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$VsoSrcPath, [switch]$SkipCopy) $ErrorActionPreference = 'Stop' # Build the TaskResources.g.cs content. $stringBuilder = New-Object System.Text.StringBuilder $xml = [xml](Get-Content -LiteralPath "$VsoSrcPath\DistributedTask\Sdk\Server\TaskResources.resx") $null = $stringBuilder.AppendLine('using System.Globalization;') $null = $stringBuilder.AppendLine('') $null = $stringBuilder.AppendLine('namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines') $null = $stringBuilder.AppendLine('{') $null = $stringBuilder.AppendLine(' internal static class TaskResources') $null = $stringBuilder.AppendLine(' {') foreach ($data in $xml.root.data) { $null = $stringBuilder.AppendLine(@" internal static string $($data.name)(params object[] args) { const string Format = @"$($data.value.Replace('"', '""'))"; if (args == null || args.Length == 0) { return Format; } return string.Format(CultureInfo.CurrentCulture, Format, args); } "@) } $null = $stringBuilder.AppendLine(' }') $null = $stringBuilder.AppendLine('}') # Copy over the .cs files if (!$SkipCopy) { mkdir $PSScriptRoot\Yaml -ErrorAction Ignore robocopy $VsoSrcPath\DistributedTask\Sdk\Server\Pipelines $PSScriptRoot\Yaml *.cs /mir } # Write TaskResources.cs. [System.IO.File]::WriteAllText("$PSScriptRoot\TaskResources.g.cs", ($stringBuilder.ToString()), ([System.Text.Encoding]::UTF8)) ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/CheckoutStep.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class CheckoutStep : ISimpleStep { public String Name { get; set; } internal String Clean { get; set; } internal String FetchDepth { get; set; } internal String Lfs { get; set; } public ISimpleStep Clone() { return new CheckoutStep { Name = Name, Clean = Clean, FetchDepth = FetchDepth, Lfs = Lfs, }; } internal IList GetVariables(IList resources) { var variables = new List(); switch (Name ?? String.Empty) { case YamlConstants.None: variables.Add(new Variable() { Name = "agent.source.skip", Value = "true" }); break; case YamlConstants.Self: ProcessResource repo = null; if (resources != null) { repo = resources.FirstOrDefault((ProcessResource resource) => { return String.Equals(resource.Type, YamlConstants.Repo, StringComparison.OrdinalIgnoreCase) && String.Equals(resource.Name, Name, StringComparison.OrdinalIgnoreCase); }); } String clean = !String.IsNullOrEmpty(Clean) ? Clean : TryGetDataValue(repo, YamlConstants.Clean); if (!String.IsNullOrEmpty(clean)) { variables.Add(new Variable() { Name = "build.repository.clean", Value = clean }); } String fetchDepth = !String.IsNullOrEmpty(FetchDepth) ? FetchDepth : TryGetDataValue(repo, YamlConstants.FetchDepth); if (!String.IsNullOrEmpty(fetchDepth)) { variables.Add(new Variable() { Name = "agent.source.git.shallowFetchDepth", Value = fetchDepth }); } String lfs = !String.IsNullOrEmpty(Lfs) ? Lfs : TryGetDataValue(repo, YamlConstants.Lfs); if (!String.IsNullOrEmpty(lfs)) { variables.Add(new Variable() { Name = "agent.source.git.lfs", Value = lfs }); } break; default: // Should not reach here. throw new NotSupportedException($"Unexpected checkout step resource name: '{Name}'"); } return variables; } private static String TryGetDataValue(ProcessResource repo, String key) { Object obj; if (repo != null && repo.Data.TryGetValue(key, out obj)) { return obj as String; } return null; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/DeploymentTarget.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class DeploymentTarget : IPhaseTarget { internal String ContinueOnError { get; set; } internal String Group { get; set; } internal String HealthOption { get; set; } internal String Percentage { get; set; } internal IList Tags { get; set; } internal String TimeoutInMinutes { get; set; } /// Number of retries for task failure internal String RetryCountOnTaskFailure { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/IPhase.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal interface IPhase { } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/IPhaseTarget.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal interface IPhaseTarget { } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/ISimpleStep.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal interface ISimpleStep : IStep { ISimpleStep Clone(); } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/IStep.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal interface IStep { String Name { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/IVariable.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal interface IVariable { } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/Phase.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal class Phase : IPhase { internal String Condition { get; set; } internal String ContinueOnError { get; set; } internal IList DependsOn { get; set; } internal String EnableAccessToken { get; set; } internal String Name { get; set; } internal IList Steps { get; set; } internal IPhaseTarget Target { get; set; } internal IList Variables { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/PhaseSelector.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class PhaseSelector { internal String Name { get; set; } internal IDictionary> StepOverrides { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/PhasesTemplate.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { // A phase template cannot reference other phase templates, but // steps within can reference templates. internal class PhasesTemplate : StepsTemplate { internal IList Phases { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/PhasesTemplateReference.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal class PhasesTemplateReference : StepsTemplateReference, IPhase { internal IList PhaseSelectors { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/Process.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class Process : Phase { internal IList Phases { get; set; } internal IList Resources { get; set; } internal ProcessTemplateReference Template { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/ProcessResource.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class ProcessResource { internal String Name { get; set; } internal String Type { get; set; } internal IDictionary Data { get { if (_data == null) { _data = new Dictionary(StringComparer.OrdinalIgnoreCase); } return _data; } } private IDictionary _data; } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/ProcessTemplate.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { // A process template cannot reference other process templates, but // phases/steps within can reference templates. internal sealed class ProcessTemplate : PhasesTemplate { internal IList Resources { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/ProcessTemplateReference.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class ProcessTemplateReference : PhasesTemplateReference { } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/QueueTarget.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class QueueTarget : IPhaseTarget { internal String ContinueOnError { get; set; } internal IList Demands { get; set; } internal IDictionary> Matrix { get; set; } internal String Name { get; set; } internal String Parallel { get; set; } internal String TimeoutInMinutes { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/ServerTarget.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class ServerTarget : IPhaseTarget { internal String ContinueOnError { get; set; } internal IDictionary> Matrix { get; set; } internal String Parallel { get; set; } internal String TimeoutInMinutes { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/StepGroup.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class StepGroup : IStep { public String Name { get; set; } internal IList Steps { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/StepsTemplate.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { // A step template cannot reference other step templates (enforced during deserialization). internal class StepsTemplate { internal IList Steps { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/StepsTemplateReference.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal class StepsTemplateReference : IStep { public String Name { get; set; } internal IDictionary Parameters { get; set; } internal IDictionary> StepOverrides { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/TaskReference.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class TaskReference { internal String Name { get; set; } internal String Version { get; set; } internal TaskReference Clone() { return new TaskReference { Name = Name, Version = Version, }; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/TaskStep.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class TaskStep : ISimpleStep { public String Name { get; set; } internal String Condition { get; set; } internal Boolean ContinueOnError { get; set; } internal Boolean Enabled { get; set; } internal IDictionary Environment { get; set; } internal IDictionary Inputs { get; set; } internal TaskReference Reference { get; set; } internal Int32 TimeoutInMinutes { get; set; } /// Number of retries for task failure internal Int32 RetryCountOnTaskFailure { get; set; } public ISimpleStep Clone() { return new TaskStep() { Name = Name, Condition = Condition, ContinueOnError = ContinueOnError, Enabled = Enabled, Environment = new Dictionary(Environment ?? new Dictionary(0, StringComparer.Ordinal)), Inputs = new Dictionary(Inputs ?? new Dictionary(0, StringComparer.OrdinalIgnoreCase)), Reference = Reference?.Clone(), TimeoutInMinutes = TimeoutInMinutes, RetryCountOnTaskFailure = RetryCountOnTaskFailure }; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/Variable.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class Variable : IVariable { internal String Name { get; set; } internal String Value { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/VariablesTemplate.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class VariablesTemplate { internal IList Variables { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/Contracts/VariablesTemplateReference.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts { internal sealed class VariablesTemplateReference : IVariable { internal String Name { get; set; } internal IDictionary Parameters { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/FileData.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.ComponentModel; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml { [EditorBrowsable(EditorBrowsableState.Never)] public sealed class FileData { public String Name { get; set; } public String Directory { get; set; } public String Content { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/IFileProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.ComponentModel; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml { [EditorBrowsable(EditorBrowsableState.Never)] public interface IFileProvider { FileData GetFile(String path); String ResolvePath(String defaultRoot, String path); } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/ITraceWriter.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.ComponentModel; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml { [EditorBrowsable(EditorBrowsableState.Never)] public interface ITraceWriter { void Info(String format, params Object[] args); void Verbose(String format, params Object[] args); } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/ParseOptions.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.ComponentModel; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml { [EditorBrowsable(EditorBrowsableState.Never)] public sealed class ParseOptions { public ParseOptions() { } internal ParseOptions(ParseOptions copy) { MaxFiles = copy.MaxFiles; MustacheEvaluationMaxResultLength = copy.MustacheEvaluationMaxResultLength; MustacheEvaluationTimeout = copy.MustacheEvaluationTimeout; MustacheMaxDepth = copy.MustacheMaxDepth; } /// /// Gets or sets the maximum number files that can be loaded when parsing a pipeline. Zero or less is treated as infinite. /// public Int32 MaxFiles { get; set; } /// /// Gets or sets the evaluation max result bytes for each mustache template. Zero or less is treated as unlimited. /// public Int32 MustacheEvaluationMaxResultLength { get; set; } /// /// Gets or sets the evaluation timeout for each mustache template. Zero or less is treated as infinite. /// public TimeSpan MustacheEvaluationTimeout { get; set; } /// /// Gets or sets the maximum depth for each mustache template. This number limits the maximum nest level. Any number less /// than 1 is treated as Int32.MaxValue. An exception will be thrown when the threshold is exceeded. /// public Int32 MustacheMaxDepth { get; set; } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/PipelineParser.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.ComponentModel; using System.Globalization; using System.IO; using System.Linq; using System.Text; using System.Threading; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts; using Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters; using YamlDotNet.Serialization; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml { [EditorBrowsable(EditorBrowsableState.Never)] public sealed class PipelineParser { public PipelineParser(ITraceWriter trace, IFileProvider fileProvider, ParseOptions options) { if (trace == null) { throw new ArgumentNullException(nameof(trace)); } if (fileProvider == null) { throw new ArgumentNullException(nameof(fileProvider)); } if (options == null) { throw new ArgumentNullException(nameof(options)); } m_trace = trace; m_fileProvider = fileProvider; m_options = new ParseOptions(options); } /// /// This is for internal unit testing only. /// [EditorBrowsable(EditorBrowsableState.Never)] public String DeserializeAndSerialize(String defaultRoot, String path, IDictionary mustacheContext, CancellationToken cancellationToken) { Int32 fileCount = 0; // Load the target file. path = m_fileProvider.ResolvePath(defaultRoot: defaultRoot, path: path); PipelineFile processFile = LoadFile(path, mustacheContext, cancellationToken, ref fileCount); Process process = processFile.Object; ResolveTemplates(process, defaultRoot: processFile.Directory, cancellationToken: cancellationToken, fileCount: ref fileCount); // Serialize SerializerBuilder serializerBuilder = new SerializerBuilder(); serializerBuilder.DisableAliases(); serializerBuilder.WithTypeConverter(new ProcessConverter()); ISerializer serializer = serializerBuilder.Build(); return serializer.Serialize(process); } // TODO: CHANGE THIS TO PUBLIC WHEN SWITCH RETURN TYPES internal Process LoadInternal(String defaultRoot, String path, IDictionary mustacheContext, CancellationToken cancellationToken) { Int32 fileCount = 0; // Load the target file. path = m_fileProvider.ResolvePath(defaultRoot: defaultRoot, path: path); PipelineFile processFile = LoadFile(path, mustacheContext, cancellationToken, ref fileCount); Process process = processFile.Object; ResolveTemplates(process, defaultRoot: processFile.Directory, cancellationToken: cancellationToken, fileCount: ref fileCount); // Create implied levels for the process. if (process.Steps != null) { var newPhase = new Phase { Name = process.Name, Condition = process.Condition, ContinueOnError = process.ContinueOnError, DependsOn = process.DependsOn, EnableAccessToken = process.EnableAccessToken, Steps = process.Steps, Target = process.Target, Variables = process.Variables, }; process.Phases = new List(); process.Phases.Add(newPhase); process.Condition = null; process.ContinueOnError = null; process.DependsOn = null; process.EnableAccessToken = null; process.Steps = null; process.Target = null; process.Variables = null; } // Convert "checkout" steps into variables. if (process.Phases != null) { foreach (Phase phase in process.Phases) { if (phase.Steps != null && phase.Steps.Count > 0) { if (phase.Steps[0] is CheckoutStep) { if (phase.Variables == null) { phase.Variables = new List(); } foreach (Variable variable in (phase.Steps[0] as CheckoutStep).GetVariables(process.Resources)) { phase.Variables.Add(variable); } phase.Steps.RemoveAt(0); } // Validate "checkout" is only used as the first step within a phase. if (phase.Steps.Any(x => x is CheckoutStep)) { throw new InvalidOperationException($"Step '{YamlConstants.Checkout}' is currently only supported as the first step within a phase."); } } } } // Record all known phase names. var knownPhaseNames = new HashSet(StringComparer.OrdinalIgnoreCase); if (process.Phases != null) { foreach (Phase phase in process.Phases) { knownPhaseNames.Add(phase.Name); } } // Generate missing names. Int32? nextPhase = null; if (process.Phases != null) { foreach (Phase phase in process.Phases) { if (String.IsNullOrEmpty(phase.Name)) { String candidateName = String.Format(CultureInfo.InvariantCulture, "Phase{0}", nextPhase); while (!knownPhaseNames.Add(candidateName)) { nextPhase = (nextPhase ?? 1) + 1; candidateName = String.Format(CultureInfo.InvariantCulture, "Phase{0}", nextPhase); } phase.Name = candidateName; } } } m_trace.Verbose(StringUtil.Format("{0}", new TraceObject("After resolution", process))); return process; } private PipelineFile LoadFile(String path, IDictionary mustacheContext, CancellationToken cancellationToken, ref Int32 fileCount) where TConverter : IYamlTypeConverter, new() { fileCount++; if (m_options.MaxFiles > 0 && fileCount > m_options.MaxFiles) { throw new FormatException(TaskResources.YamlFileCount(m_options.MaxFiles)); } cancellationToken.ThrowIfCancellationRequested(); FileData file = m_fileProvider.GetFile(path); String mustacheReplaced; StringReader reader = null; CancellationTokenSource mustacheCancellationTokenSource = null; try { // Read front-matter IDictionary frontMatter = null; reader = new StringReader(file.Content); String line = reader.ReadLine(); if (!String.Equals(line, "---", StringComparison.Ordinal)) { // No front-matter. Reset the reader. reader.Dispose(); reader = new StringReader(file.Content); } else { // Deseralize front-matter. cancellationToken.ThrowIfCancellationRequested(); StringBuilder frontMatterBuilder = new StringBuilder(); while (true) { line = reader.ReadLine(); if (line == null) { throw new FormatException(TaskResources.YamlFrontMatterNotClosed(path)); } else if (String.Equals(line, "---", StringComparison.Ordinal)) { break; } else { frontMatterBuilder.AppendLine(line); } } var frontMatterDeserializer = new Deserializer(); try { frontMatter = frontMatterDeserializer.Deserialize>(frontMatterBuilder.ToString()); } catch (Exception ex) { throw new FormatException(TaskResources.YamlFrontMatterNotValid(path, ex.Message), ex); } } // Merge the mustache replace context. frontMatter = frontMatter ?? new Dictionary(); if (mustacheContext != null) { foreach (KeyValuePair pair in mustacheContext) { frontMatter[pair.Key] = pair.Value; } } // Prepare the mustache options. mustacheCancellationTokenSource = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken); // var mustacheOptions = new MustacheEvaluationOptions // { // CancellationToken = mustacheCancellationTokenSource.Token, // EncodeMethod = MustacheEncodeMethods.JsonEncode, // MaxResultLength = m_options.MustacheEvaluationMaxResultLength, // }; // Parse the mustache template. cancellationToken.ThrowIfCancellationRequested(); var mustacheParser = new MustacheTemplateParser(useDefaultHandlebarHelpers: true, useCommonTemplateHelpers: true); MustacheExpression mustacheExpression = mustacheParser.Parse(template: reader.ReadToEnd()); // Limit the mustache evaluation time. if (m_options.MustacheEvaluationTimeout > TimeSpan.Zero) { mustacheCancellationTokenSource.CancelAfter(m_options.MustacheEvaluationTimeout); } try { // Perform the mustache evaluation. mustacheReplaced = mustacheExpression.Evaluate( replacementObject: frontMatter, additionalEvaluationData: null, parentContext: null, partialExpressions: null //options: mustacheOptions ); } catch (System.OperationCanceledException ex) when (mustacheCancellationTokenSource.IsCancellationRequested && !cancellationToken.IsCancellationRequested) { throw new System.OperationCanceledException(TaskResources.MustacheEvaluationTimeout(path, m_options.MustacheEvaluationTimeout.TotalSeconds), ex); } m_trace.Verbose(StringUtil.Format("{0}", new TraceFileContent($"{file.Name} after mustache replacement", mustacheReplaced))); } finally { reader?.Dispose(); reader = null; mustacheCancellationTokenSource?.Dispose(); mustacheCancellationTokenSource = null; } // Deserialize DeserializerBuilder deserializerBuilder = new DeserializerBuilder(); deserializerBuilder.WithTypeConverter(new TConverter()); IDeserializer deserializer = deserializerBuilder.Build(); TObject obj = deserializer.Deserialize(mustacheReplaced); m_trace.Verbose(StringUtil.Format("{0}", new TraceObject($"{file.Name} after deserialization ", obj))); var result = new PipelineFile { Name = file.Name, Directory = file.Directory, Object = obj }; return result; } private void ResolveTemplates(Process process, String defaultRoot, CancellationToken cancellationToken, ref Int32 fileCount) { if (process.Template != null) { // Load the template. String templateFilePath = m_fileProvider.ResolvePath(defaultRoot: defaultRoot, path: process.Template.Name); PipelineFile templateFile = LoadFile(templateFilePath, process.Template.Parameters, cancellationToken, ref fileCount); ProcessTemplate template = templateFile.Object; // Resolve template references within the template. if (template.Phases != null) { ResolveTemplates(template.Phases, defaultRoot: templateFile.Directory, cancellationToken: cancellationToken, fileCount: ref fileCount); } else if (template.Steps != null) { ResolveTemplates(template.Steps, defaultRoot: templateFile.Directory, cancellationToken: cancellationToken, fileCount: ref fileCount); } // Merge the template. ApplyStepOverrides(process.Template, template); process.Phases = template.Phases; process.Steps = template.Steps; process.Resources = MergeResources(process.Resources, template.Resources); process.Template = null; } // Resolve nested template references. else if (process.Phases != null) { ResolveTemplates(process.Phases, defaultRoot, cancellationToken, ref fileCount); } else { if (process.Variables != null) { ResolveTemplates(process.Variables, defaultRoot, cancellationToken, ref fileCount); } if (process.Steps != null) { ResolveTemplates(process.Steps, defaultRoot, cancellationToken, ref fileCount); } } } private void ResolveTemplates(IList phases, String defaultRoot, CancellationToken cancellationToken, ref Int32 fileCount) { for (int i = 0; i < (phases?.Count ?? 0);) { if (phases[i] is PhasesTemplateReference) { // Load the template. var reference = phases[i] as PhasesTemplateReference; String templateFilePath = m_fileProvider.ResolvePath(defaultRoot: defaultRoot, path: reference.Name); PipelineFile templateFile = LoadFile(templateFilePath, reference.Parameters, cancellationToken, ref fileCount); PhasesTemplate template = templateFile.Object; // Resolve template references within the template. if (template.Steps != null) { ResolveTemplates(template.Steps, defaultRoot: templateFile.Directory, cancellationToken: cancellationToken, fileCount: ref fileCount); } // Merge the template. ApplyStepOverrides(reference, template); phases.RemoveAt(i); if (template.Phases != null) { foreach (IPhase phase in template.Phases) { phases.Insert(i, phase); } i += template.Phases.Count; } else if (template.Steps != null) { var newPhase = new Phase { Steps = template.Steps }; phases.Insert(i, newPhase); i++; } } else { // Resolve nested template references. var phase = phases[i] as Phase; if (phase.Variables != null) { ResolveTemplates(phase.Variables, defaultRoot, cancellationToken, ref fileCount); } if (phase.Steps != null) { ResolveTemplates(phase.Steps, defaultRoot, cancellationToken, ref fileCount); } i++; } } } private void ResolveTemplates(IList variables, String defaultRoot, CancellationToken cancellationToken, ref Int32 fileCount) { for (int i = 0; i < (variables?.Count ?? 0);) { if (variables[i] is VariablesTemplateReference) { // Load the template. var reference = variables[i] as VariablesTemplateReference; String templateFilePath = m_fileProvider.ResolvePath(defaultRoot: defaultRoot, path: reference.Name); PipelineFile templateFile = LoadFile(templateFilePath, reference.Parameters, cancellationToken, ref fileCount); VariablesTemplate template = templateFile.Object; // Merge the template. variables.RemoveAt(i); if (template.Variables != null) { foreach (IVariable variable in template.Variables) { variables.Insert(i, variable); } i += template.Variables.Count; } } else { i++; } } } private void ResolveTemplates(IList steps, String defaultRoot, CancellationToken cancellationToken, ref Int32 fileCount) { for (int i = 0; i < (steps?.Count ?? 0);) { if (steps[i] is StepsTemplateReference) { // Load the template. var reference = steps[i] as StepsTemplateReference; String templateFilePath = m_fileProvider.ResolvePath(defaultRoot: defaultRoot, path: reference.Name); PipelineFile templateFile = LoadFile(templateFilePath, reference.Parameters, cancellationToken, ref fileCount); StepsTemplate template = templateFile.Object; // Merge the template. ApplyStepOverrides(reference.StepOverrides, template.Steps); steps.RemoveAt(i); if (template.Steps != null) { foreach (IStep step in template.Steps) { steps.Insert(i, step); } i += template.Steps.Count; } } else { i++; } } } private static void ApplyStepOverrides(PhasesTemplateReference reference, PhasesTemplate template) { // Select by phase name. var byPhaseNames = (reference.PhaseSelectors ?? new List(0)) .Join(inner: (template.Phases ?? new List(0)).Cast(), outerKeySelector: (PhaseSelector phaseSelector) => phaseSelector.Name, innerKeySelector: (Phase phase) => phase.Name, resultSelector: (PhaseSelector phaseSelector, Phase phase) => new { Selector = phaseSelector, Phase = phase }) .ToArray(); // Apply overrides from phase selectors. foreach (var byPhaseName in byPhaseNames) { ApplyStepOverrides(byPhaseName.Selector.StepOverrides, byPhaseName.Phase.Steps); } // Apply unqualified overrides. var allStepLists = (template.Phases ?? new List(0)) .Cast() .Select((Phase phase) => phase.Steps ?? new List(0)) .Concat(new[] { template.Steps ?? new List(0) }) .ToArray(); foreach (List stepList in allStepLists) { ApplyStepOverrides(reference.StepOverrides, stepList); } } private static void ApplyStepOverrides(IDictionary> stepOverrides, IList steps) { stepOverrides = stepOverrides ?? new Dictionary>(0); steps = steps ?? new List(0); for (int i = 0; i < steps.Count;) { if (steps[i] is StepGroup) { var stepGroup = steps[i] as StepGroup; IList overrides; if (stepOverrides.TryGetValue(stepGroup.Name, out overrides)) { steps.RemoveAt(i); overrides = overrides ?? new List(0); foreach (ISimpleStep step in overrides.Select(x => x.Clone())) { steps.Insert(i, step); } i += overrides.Count; } else { i++; } } else { i++; } } } private static List MergeResources(IList overrides, IList imports) { overrides = overrides ?? new List(0); imports = imports ?? new List(0); var result = new List(overrides); var knownOverrides = new HashSet(overrides.Select(x => x.Name)); result.AddRange(imports.Where(x => !knownOverrides.Contains(x.Name))); return result; } private sealed class PipelineFile { public String Name { get; set; } public String Directory { get; set; } public T Object { get; set; } } private struct TraceFileContent { public TraceFileContent(String header, String value) { m_header = header; m_value = value; } public override String ToString() { var result = new StringBuilder(); result.AppendLine(); result.AppendLine(String.Empty.PadRight(80, '*')); result.AppendLine($"* {m_header}"); result.AppendLine(String.Empty.PadRight(80, '*')); result.AppendLine(); using (StringReader reader = new StringReader(m_value)) { Int32 lineNumber = 1; String line = reader.ReadLine(); while (line != null) { result.AppendLine($"{lineNumber.ToString().PadLeft(4)}: {line}"); line = reader.ReadLine(); lineNumber++; } } return result.ToString(); } private readonly String m_header; private readonly String m_value; } private struct TraceObject where TConverter : IYamlTypeConverter, new() { public TraceObject(String header, TObject value) { m_header = header; m_value = value; } public override String ToString() { var result = new StringBuilder(); result.AppendLine(); result.AppendLine(String.Empty.PadRight(80, '*')); result.AppendLine($"* {m_header}"); result.AppendLine(String.Empty.PadRight(80, '*')); result.AppendLine(); SerializerBuilder serializerBuilder = new SerializerBuilder(); serializerBuilder.WithTypeConverter(new TConverter()); ISerializer serializer = serializerBuilder.Build(); result.AppendLine(serializer.Serialize(m_value)); return result.ToString(); } private readonly String m_header; private readonly TObject m_value; } private readonly IFileProvider m_fileProvider; private readonly ParseOptions m_options; private readonly ITraceWriter m_trace; } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/TypeConverters/ConverterUtil.general.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Reflection; using YamlDotNet.Core; using YamlDotNet.Core.Events; using YamlDotNet.Serialization; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters { internal static partial class ConverterUtil { internal static Boolean ReadBoolean(IParser parser) { // todo: we may need to make this more strict, to ensure literal boolean was passed and not a string. using the style and tag, the strict determination can be made. we may also want to use 1.2 compliant boolean values, rather than 1.1. Scalar scalar = parser.Expect(); switch ((scalar.Value ?? String.Empty).ToUpperInvariant()) { case "TRUE": case "Y": case "YES": case "ON": return true; case "FALSE": case "N": case "NO": case "OFF": return false; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Expected a boolean value. Actual: '{scalar.Value}'"); } } internal static void ReadExactString(IParser parser, String expected) { // todo: this could be strict instead? i.e. verify actually declared as a string and not a bool, etc. Scalar scalar = parser.Expect(); if (!String.Equals(scalar.Value ?? String.Empty, expected ?? String.Empty, StringComparison.Ordinal)) { throw new SyntaxErrorException(scalar.Start, scalar.End, $"Expected value '{expected}'. Actual '{scalar.Value}'."); } } internal static Int32 ReadInt32(IParser parser) { Scalar scalar = parser.Expect(); Int32 result; if (!Int32.TryParse( scalar.Value ?? String.Empty, NumberStyles.AllowLeadingSign | NumberStyles.AllowThousands, CultureInfo.InvariantCulture, out result)) { throw new SyntaxErrorException(scalar.Start, scalar.End, $"Expected an integer value. Actual: '{scalar.Value}'"); } return result; } internal static String ReadNonEmptyString(IParser parser) { // todo: this could be strict instead? i.e. verify actually declared as a string and not a bool, etc. Scalar scalar = parser.Expect(); if (String.IsNullOrEmpty(scalar.Value)) { throw new SyntaxErrorException(scalar.Start, scalar.End, $"Expected non-empty string value."); } return scalar.Value; } /// /// Reads a mapping(string, string) from start to end using the specified StringComparer. /// /// The parser instance from which to read /// A dictionary instance with the specified comparer internal static IDictionary ReadMappingOfStringString(IParser parser, StringComparer comparer) { parser.Expect(); var mappingValue = new Dictionary(comparer); while (!parser.Accept()) { mappingValue.Add(parser.Expect().Value, parser.Expect().Value); } parser.Expect(); return mappingValue; } internal static IDictionary ReadMapping(IParser parser, Int32 depth = 1) { var mappingStart = parser.Expect(); if (depth > MaxObjectDepth) { throw new SyntaxErrorException(mappingStart.Start, mappingStart.End, $"Max object depth of {MaxObjectDepth} exceeded."); } var mapping = new Dictionary(); depth++; // Optimistically increment the depth to avoid addition within the loop. while (!parser.Accept()) { String key = parser.Expect().Value; Object value; if (parser.Accept()) { value = parser.Expect().Value; } else if (parser.Accept()) { value = ReadSequence(parser, depth); } else { value = ReadMapping(parser, depth); } mapping.Add(key, value); } parser.Expect(); return mapping; } internal static IList ReadSequenceOfString(IParser parser) { parser.Expect(); var sequence = new List(); while (parser.Allow() == null) { sequence.Add(parser.Expect().Value); } return sequence; } internal static IList ReadSequence(IParser parser, Int32 depth = 1) { var sequenceStart = parser.Expect(); if (depth > MaxObjectDepth) { throw new SyntaxErrorException(sequenceStart.Start, sequenceStart.End, $"Max object depth of {MaxObjectDepth} exceeded."); } var sequence = new List(); depth++; // Optimistically increment the depth to avoid addition within the loop. while (!parser.Accept()) { if (parser.Accept()) { sequence.Add(parser.Expect()); } else if (parser.Accept()) { sequence.Add(ReadSequence(parser, depth)); } else { sequence.Add(ReadMapping(parser, depth)); } } parser.Expect(); return sequence; } internal static void ValidateNull(Object prevObj, String prevName, String currName, Scalar scalar) { if (prevObj != null) { throw new SyntaxErrorException(scalar.Start, scalar.End, $"'{currName}' is not allowed. '{prevName}' was already specified at the same same level and is mutually exclusive."); } } internal static void WriteMapping(IEmitter emitter, IDictionary value) { emitter.Emit(new MappingStart()); var dictionary = value as IDictionary; foreach (KeyValuePair pair in dictionary.OrderBy(x => x.Key, StringComparer.OrdinalIgnoreCase)) { emitter.Emit(new Scalar(pair.Key)); if (pair.Value is IDictionary) { WriteMapping(emitter, pair.Value as IDictionary); } else if (pair.Value is IDictionary) { WriteMapping(emitter, pair.Value as IDictionary); } else if (pair.Value is IEnumerable && !(pair.Value is String)) { WriteSequence(emitter, pair.Value as IEnumerable); } else { emitter.Emit(new Scalar(String.Format(CultureInfo.InvariantCulture, "{0}", pair.Value))); } } emitter.Emit(new MappingEnd()); } internal static void WriteMapping(IEmitter emitter, IDictionary value) { emitter.Emit(new MappingStart()); var dictionary = value as IDictionary; foreach (KeyValuePair pair in dictionary.OrderBy(x => x.Key, StringComparer.OrdinalIgnoreCase)) { emitter.Emit(new Scalar(pair.Key)); emitter.Emit(new Scalar(pair.Value)); } emitter.Emit(new MappingEnd()); } internal static void WriteSequence(IEmitter emitter, IEnumerable value) { emitter.Emit(new SequenceStart(null, null, true, SequenceStyle.Block)); foreach (Object obj in value) { if (obj is IDictionary) { WriteMapping(emitter, obj as IDictionary); } else if (obj is IDictionary) { WriteMapping(emitter, obj as IDictionary); } else if (obj is IEnumerable && !(obj is String)) { WriteSequence(emitter, obj as IEnumerable); } else { emitter.Emit(new Scalar(String.Format(CultureInfo.InvariantCulture, "{0}", obj))); } } emitter.Emit(new SequenceEnd()); } internal const Int32 MaxObjectDepth = 10; } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/TypeConverters/ConverterUtil.phases.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Reflection; using Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts; using YamlDotNet.Core; using YamlDotNet.Core.Events; using YamlDotNet.Serialization; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters { internal static partial class ConverterUtil { internal static IList ReadPhases(IParser parser, Boolean simpleOnly) { var result = new List(); parser.Expect(); while (parser.Allow() == null) { result.Add(ReadPhase(parser, simpleOnly)); } return result; } internal static IPhase ReadPhase(IParser parser, Boolean simpleOnly) { IPhase result; parser.Expect(); Scalar scalar = parser.Expect(); if (String.Equals(scalar.Value, YamlConstants.Name, StringComparison.Ordinal)) { var phase = new Phase { Name = ReadNonEmptyString(parser) }; while (parser.Allow() == null) { scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.DependsOn: if (parser.Accept()) { scalar = parser.Expect(); if (!String.IsNullOrEmpty(scalar.Value)) { phase.DependsOn = new List(); phase.DependsOn.Add(scalar.Value); } } else { phase.DependsOn = ReadSequenceOfString(parser); } break; case YamlConstants.Condition: phase.Condition = ReadNonEmptyString(parser); break; case YamlConstants.ContinueOnError: phase.ContinueOnError = ReadNonEmptyString(parser); break; case YamlConstants.EnableAccessToken: phase.EnableAccessToken = ReadNonEmptyString(parser); break; case YamlConstants.Deployment: if (phase.Target != null) { ValidateNull(phase.Target as QueueTarget, YamlConstants.Queue, YamlConstants.Deployment, scalar); ValidateNull(phase.Target as ServerTarget, YamlConstants.Server, YamlConstants.Deployment, scalar); throw new NotSupportedException("Unexpected previous target type"); // Should not reach here } phase.Target = ReadDeploymentTarget(parser); break; case YamlConstants.Queue: if (phase.Target != null) { ValidateNull(phase.Target as DeploymentTarget, YamlConstants.Deployment, YamlConstants.Queue, scalar); ValidateNull(phase.Target as ServerTarget, YamlConstants.Server, YamlConstants.Queue, scalar); throw new NotSupportedException("Unexpected previous target type"); // Should not reach here } phase.Target = ReadQueueTarget(parser); break; case YamlConstants.Server: if (phase.Target != null) { ValidateNull(phase.Target as DeploymentTarget, YamlConstants.Deployment, YamlConstants.Server, scalar); ValidateNull(phase.Target as QueueTarget, YamlConstants.Queue, YamlConstants.Server, scalar); throw new NotSupportedException("Unexpected previous target type"); // Should not reach here } phase.Target = ReadServerTarget(parser); break; case YamlConstants.Variables: phase.Variables = ReadVariables(parser, simpleOnly: false); break; case YamlConstants.Steps: phase.Steps = ReadSteps(parser, simpleOnly: false); break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected process property: '{scalar.Value}'"); } } result = phase; } else if (String.Equals(scalar.Value, YamlConstants.Template, StringComparison.Ordinal)) { if (simpleOnly) { throw new SyntaxErrorException(scalar.Start, scalar.End, $"A phases template cannot reference another phases '{YamlConstants.Template}'."); } var reference = new PhasesTemplateReference { Name = ReadNonEmptyString(parser) }; while (parser.Allow() == null) { scalar = parser.Expect(); SetProperty(parser, reference, scalar); } result = reference; } else { throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unknown phase type: '{scalar.Value}'"); } return result; } internal static DeploymentTarget ReadDeploymentTarget(IParser parser) { // Handle the simple case "deployment: group" if (parser.Accept()) { return new DeploymentTarget() { Group = ReadNonEmptyString(parser) }; } var result = new DeploymentTarget(); parser.Expect(); while (parser.Allow() == null) { Scalar scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.ContinueOnError: result.ContinueOnError = ReadNonEmptyString(parser); break; case YamlConstants.Group: result.Group = ReadNonEmptyString(parser); break; case YamlConstants.HealthOption: result.HealthOption = ReadNonEmptyString(parser); break; case YamlConstants.Percentage: result.Percentage = ReadNonEmptyString(parser); break; case YamlConstants.Tags: if (parser.Accept()) { scalar = parser.Expect(); if (!String.IsNullOrEmpty(scalar.Value)) { result.Tags = new List(); result.Tags.Add(scalar.Value); } } else { result.Tags = ReadSequenceOfString(parser); } break; case YamlConstants.TimeoutInMinutes: result.TimeoutInMinutes = ReadNonEmptyString(parser); break; case YamlConstants.RetryCountOnTaskFailure: result.RetryCountOnTaskFailure = ReadNonEmptyString(parser); break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected property: '{scalar.Value}'"); } } return result; } internal static QueueTarget ReadQueueTarget(IParser parser) { // Handle the simple case "queue: name" if (parser.Accept()) { return new QueueTarget() { Name = ReadNonEmptyString(parser) }; } var result = new QueueTarget(); parser.Expect(); while (parser.Allow() == null) { Scalar scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.ContinueOnError: result.ContinueOnError = ReadNonEmptyString(parser); break; case YamlConstants.Demands: if (parser.Accept()) { scalar = parser.Expect(); if (!String.IsNullOrEmpty(scalar.Value)) { result.Demands = new List(); result.Demands.Add(scalar.Value); } } else { result.Demands = ReadSequenceOfString(parser); } break; case YamlConstants.Matrix: parser.Expect(); result.Matrix = new Dictionary>(StringComparer.OrdinalIgnoreCase); while (parser.Allow() == null) { String key = ReadNonEmptyString(parser); result.Matrix[key] = ReadMappingOfStringString(parser, StringComparer.OrdinalIgnoreCase); } break; case YamlConstants.Name: result.Name = ReadNonEmptyString(parser); break; case YamlConstants.Parallel: result.Parallel = ReadNonEmptyString(parser); break; case YamlConstants.TimeoutInMinutes: result.TimeoutInMinutes = ReadNonEmptyString(parser); break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected property: '{scalar.Value}'"); } } return result; } internal static ServerTarget ReadServerTarget(IParser parser) { // Handle the simple case "server: true" Scalar scalar = parser.Peek(); if (scalar != null) { if (ReadBoolean(parser)) { return new ServerTarget(); } return null; } var result = new ServerTarget(); parser.Expect(); while (parser.Allow() == null) { scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.ContinueOnError: result.ContinueOnError = ReadNonEmptyString(parser); break; case YamlConstants.Matrix: parser.Expect(); result.Matrix = new Dictionary>(StringComparer.OrdinalIgnoreCase); while (parser.Allow() == null) { String key = ReadNonEmptyString(parser); result.Matrix[key] = ReadMappingOfStringString(parser, StringComparer.OrdinalIgnoreCase); } break; case YamlConstants.Parallel: result.Parallel = ReadNonEmptyString(parser); break; case YamlConstants.TimeoutInMinutes: result.TimeoutInMinutes = ReadNonEmptyString(parser); break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected property: '{scalar.Value}'"); } } return result; } internal static void SetProperty(IParser parser, PhasesTemplateReference reference, Scalar scalar) { if (String.Equals(scalar.Value, YamlConstants.Phases, StringComparison.Ordinal)) { parser.Expect(); var selectors = new List(); while (parser.Allow() == null) { var selector = new PhaseSelector(); parser.Expect(); ReadExactString(parser, YamlConstants.Name); selector.Name = ReadNonEmptyString(parser); while (parser.Allow() == null) { scalar = parser.Expect(); SetProperty(parser, selector, scalar); } } reference.PhaseSelectors = selectors; } else { SetProperty(parser, reference as StepsTemplateReference, scalar); } } internal static void SetProperty(IParser parser, PhaseSelector selector, Scalar scalar) { if (String.Equals(scalar.Value, YamlConstants.Steps, StringComparison.Ordinal)) { selector.StepOverrides = ReadStepOverrides(parser); } else { throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected property: '{scalar.Value}'"); } } internal static void WritePhases(IEmitter emitter, IList phases) { emitter.Emit(new SequenceStart(null, null, true, SequenceStyle.Block)); foreach (IPhase phase in phases) { WritePhase(emitter, phase); } emitter.Emit(new SequenceEnd()); } internal static void WritePhase(IEmitter emitter, IPhase phase, Boolean noBootstrap = false) { if (!noBootstrap) { emitter.Emit(new MappingStart()); } if (phase is PhasesTemplateReference) { var reference = phase as PhasesTemplateReference; if (!noBootstrap) { emitter.Emit(new Scalar(YamlConstants.Template)); emitter.Emit(new Scalar(reference.Name)); if (reference.Parameters != null && reference.Parameters.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Parameters)); WriteMapping(emitter, reference.Parameters); } } if (reference.PhaseSelectors != null && reference.PhaseSelectors.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Phases)); emitter.Emit(new SequenceStart(null, null, true, SequenceStyle.Block)); foreach (PhaseSelector selector in reference.PhaseSelectors) { emitter.Emit(new MappingStart()); if (!String.IsNullOrEmpty(selector.Name)) { emitter.Emit(new Scalar(YamlConstants.Name)); emitter.Emit(new Scalar(selector.Name)); } if (selector.StepOverrides != null && selector.StepOverrides.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Steps)); WriteStepOverrides(emitter, selector.StepOverrides); } emitter.Emit(new MappingEnd()); } emitter.Emit(new SequenceEnd()); } WriteStep(emitter, reference as StepsTemplateReference, noBootstrap: true); } else { var p = phase as Phase; if (!noBootstrap) { emitter.Emit(new Scalar(YamlConstants.Name)); emitter.Emit(new Scalar(p.Name ?? String.Empty)); } if (p.DependsOn != null && p.DependsOn.Count > 0) { emitter.Emit(new Scalar(YamlConstants.DependsOn)); if (p.DependsOn.Count == 1) { emitter.Emit(new Scalar(p.DependsOn[0])); } else { WriteSequence(emitter, p.DependsOn); } } if (!String.IsNullOrEmpty(p.Condition)) { emitter.Emit(new Scalar(YamlConstants.Condition)); emitter.Emit(new Scalar(p.Condition)); } if (!String.IsNullOrEmpty(p.ContinueOnError)) { emitter.Emit(new Scalar(YamlConstants.ContinueOnError)); emitter.Emit(new Scalar(p.ContinueOnError)); } if (!String.IsNullOrEmpty(p.EnableAccessToken)) { emitter.Emit(new Scalar(YamlConstants.EnableAccessToken)); emitter.Emit(new Scalar(p.EnableAccessToken)); } if (p.Target != null) { QueueTarget queueTarget = null; DeploymentTarget deploymentTarget = null; ServerTarget serverTarget = null; if ((queueTarget = p.Target as QueueTarget) != null) { emitter.Emit(new Scalar(YamlConstants.Queue)); // Test for the simple case "queue: name". if (!String.IsNullOrEmpty(queueTarget.Name) && String.IsNullOrEmpty(queueTarget.ContinueOnError) && String.IsNullOrEmpty(queueTarget.Parallel) && String.IsNullOrEmpty(queueTarget.TimeoutInMinutes) && (queueTarget.Demands == null || queueTarget.Demands.Count == 0) && (queueTarget.Matrix == null || queueTarget.Matrix.Count == 0)) { emitter.Emit(new Scalar(queueTarget.Name)); } else // Otherwise write the mapping. { emitter.Emit(new MappingStart()); if (!String.IsNullOrEmpty(queueTarget.Name)) { emitter.Emit(new Scalar(YamlConstants.Name)); emitter.Emit(new Scalar(queueTarget.Name)); } if (!String.IsNullOrEmpty(queueTarget.ContinueOnError)) { emitter.Emit(new Scalar(YamlConstants.ContinueOnError)); emitter.Emit(new Scalar(queueTarget.ContinueOnError)); } if (!String.IsNullOrEmpty(queueTarget.Parallel)) { emitter.Emit(new Scalar(YamlConstants.Parallel)); emitter.Emit(new Scalar(queueTarget.Parallel)); } if (!String.IsNullOrEmpty(queueTarget.TimeoutInMinutes)) { emitter.Emit(new Scalar(YamlConstants.TimeoutInMinutes)); emitter.Emit(new Scalar(queueTarget.TimeoutInMinutes)); } if (queueTarget.Demands != null && queueTarget.Demands.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Demands)); if (queueTarget.Demands.Count == 1) { emitter.Emit(new Scalar(queueTarget.Demands[0])); } else { WriteSequence(emitter, queueTarget.Demands); } } if (queueTarget.Matrix != null && queueTarget.Matrix.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Matrix)); emitter.Emit(new MappingStart()); foreach (KeyValuePair> pair in queueTarget.Matrix.OrderBy(x => x.Key, StringComparer.OrdinalIgnoreCase)) { emitter.Emit(new Scalar(pair.Key)); WriteMapping(emitter, pair.Value); } emitter.Emit(new MappingEnd()); } emitter.Emit(new MappingEnd()); } } else if ((deploymentTarget = p.Target as DeploymentTarget) != null) { emitter.Emit(new Scalar(YamlConstants.Deployment)); // Test for the simple case "deployment: group". if (!String.IsNullOrEmpty(deploymentTarget.Group) && String.IsNullOrEmpty(deploymentTarget.ContinueOnError) && String.IsNullOrEmpty(deploymentTarget.HealthOption) && String.IsNullOrEmpty(deploymentTarget.Percentage) && String.IsNullOrEmpty(deploymentTarget.TimeoutInMinutes) && (deploymentTarget.Tags == null || deploymentTarget.Tags.Count == 0)) { emitter.Emit(new Scalar(deploymentTarget.Group)); } else // Otherwise write the mapping. { emitter.Emit(new MappingStart()); if (!String.IsNullOrEmpty(deploymentTarget.Group)) { emitter.Emit(new Scalar(YamlConstants.Group)); emitter.Emit(new Scalar(deploymentTarget.Group)); } if (!String.IsNullOrEmpty(deploymentTarget.ContinueOnError)) { emitter.Emit(new Scalar(YamlConstants.ContinueOnError)); emitter.Emit(new Scalar(deploymentTarget.ContinueOnError)); } if (!String.IsNullOrEmpty(deploymentTarget.HealthOption)) { emitter.Emit(new Scalar(YamlConstants.HealthOption)); emitter.Emit(new Scalar(deploymentTarget.HealthOption)); } if (!String.IsNullOrEmpty(deploymentTarget.Percentage)) { emitter.Emit(new Scalar(YamlConstants.Percentage)); emitter.Emit(new Scalar(deploymentTarget.Percentage)); } if (!String.IsNullOrEmpty(deploymentTarget.TimeoutInMinutes)) { emitter.Emit(new Scalar(YamlConstants.TimeoutInMinutes)); emitter.Emit(new Scalar(deploymentTarget.TimeoutInMinutes)); } if (deploymentTarget.Tags != null && deploymentTarget.Tags.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Tags)); if (deploymentTarget.Tags.Count == 1) { emitter.Emit(new Scalar(deploymentTarget.Tags[0])); } else { WriteSequence(emitter, deploymentTarget.Tags); } } emitter.Emit(new MappingEnd()); } } else if ((serverTarget = p.Target as ServerTarget) != null) { emitter.Emit(new Scalar(YamlConstants.Server)); // Test for the simple case "server: true". if (String.IsNullOrEmpty(serverTarget.ContinueOnError) && String.IsNullOrEmpty(serverTarget.Parallel) && String.IsNullOrEmpty(serverTarget.TimeoutInMinutes) && (serverTarget.Matrix == null || serverTarget.Matrix.Count == 0)) { emitter.Emit(new Scalar("true")); } else // Otherwise write the mapping. { emitter.Emit(new MappingStart()); if (!String.IsNullOrEmpty(serverTarget.ContinueOnError)) { emitter.Emit(new Scalar(YamlConstants.ContinueOnError)); emitter.Emit(new Scalar(serverTarget.ContinueOnError)); } if (!String.IsNullOrEmpty(serverTarget.Parallel)) { emitter.Emit(new Scalar(YamlConstants.Parallel)); emitter.Emit(new Scalar(serverTarget.Parallel)); } if (!String.IsNullOrEmpty(serverTarget.TimeoutInMinutes)) { emitter.Emit(new Scalar(YamlConstants.TimeoutInMinutes)); emitter.Emit(new Scalar(serverTarget.TimeoutInMinutes)); } if (serverTarget.Matrix != null && serverTarget.Matrix.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Matrix)); emitter.Emit(new MappingStart()); foreach (KeyValuePair> pair in serverTarget.Matrix.OrderBy(x => x.Key, StringComparer.OrdinalIgnoreCase)) { emitter.Emit(new Scalar(pair.Key)); WriteMapping(emitter, pair.Value); } emitter.Emit(new MappingEnd()); } emitter.Emit(new MappingEnd()); } } else { throw new NotSupportedException($"Unexpected target type: '{p.Target.GetType().FullName}'"); } } if (p.Variables != null && p.Variables.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Variables)); WriteVariables(emitter, p.Variables); } if (p.Steps != null && p.Steps.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Steps)); WriteSteps(emitter, p.Steps); } } if (!noBootstrap) { emitter.Emit(new MappingEnd()); } } internal static void WritePhasesTemplate(IEmitter emitter, PhasesTemplate template, Boolean noBootstrapper = false) { if (!noBootstrapper) { emitter.Emit(new MappingStart()); } if (template.Phases != null && template.Phases.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Phases)); WritePhases(emitter, template.Phases); } WriteStepsTemplate(emitter, template, noBootstrapper: true); if (!noBootstrapper) { emitter.Emit(new MappingEnd()); } } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/TypeConverters/ConverterUtil.processes.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Reflection; using Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts; using YamlDotNet.Core; using YamlDotNet.Core.Events; using YamlDotNet.Serialization; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters { internal static partial class ConverterUtil { internal static IList ReadProcessResources(IParser parser) { var result = new List(); parser.Expect(); while (parser.Allow() == null) { parser.Expect(); Scalar scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.Endpoint: case YamlConstants.Repo: break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected resource type: '{scalar.Value}'"); } var resource = new ProcessResource { Type = scalar.Value }; resource.Name = ReadNonEmptyString(parser); while (parser.Allow() == null) { string dataKey = ReadNonEmptyString(parser); if (parser.Accept()) { resource.Data[dataKey] = ReadMapping(parser); } else if (parser.Accept()) { resource.Data[dataKey] = ReadSequence(parser); } else { resource.Data[dataKey] = parser.Expect().Value ?? String.Empty; } } result.Add(resource); } return result; } internal static ProcessTemplateReference ReadProcessTemplateReference(IParser parser) { parser.Expect(); ReadExactString(parser, YamlConstants.Name); var result = new ProcessTemplateReference { Name = ReadNonEmptyString(parser) }; while (parser.Allow() == null) { Scalar scalar = parser.Expect(); SetProperty(parser, result, scalar); } return result; } internal static void WriteProcessResources(IEmitter emitter, IList resources) { emitter.Emit(new SequenceStart(null, null, true, SequenceStyle.Block)); foreach (ProcessResource resource in resources) { emitter.Emit(new MappingStart()); emitter.Emit(new Scalar(resource.Type)); emitter.Emit(new Scalar(resource.Name)); if (resource.Data != null && resource.Data.Count > 0) { foreach (KeyValuePair pair in resource.Data) { emitter.Emit(new Scalar(pair.Key)); if (pair.Value is String) { emitter.Emit(new Scalar(pair.Value as string)); } else if (pair.Value is Dictionary) { WriteMapping(emitter, pair.Value as Dictionary); } else { WriteSequence(emitter, pair.Value as List); } } } emitter.Emit(new MappingEnd()); } emitter.Emit(new SequenceEnd()); } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/TypeConverters/ConverterUtil.steps.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Reflection; using Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts; using YamlDotNet.Core; using YamlDotNet.Core.Events; using YamlDotNet.Serialization; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters { internal static partial class ConverterUtil { internal static IList ReadSteps(IParser parser, Boolean simpleOnly = false) { var result = new List(); parser.Expect(); while (parser.Allow() == null) { result.Add(ReadStep(parser, simpleOnly)); } return result; } internal static IStep ReadStep(IParser parser, Boolean simpleOnly = false) { IStep result; parser.Expect(); var scalar = parser.Expect(); if (String.Equals(scalar.Value, YamlConstants.Task, StringComparison.Ordinal)) { var task = new TaskStep { Enabled = true }; scalar = parser.Expect(); String[] refComponents = (scalar.Value ?? String.Empty).Split('@'); Int32 version; if (refComponents.Length != 2 || String.IsNullOrEmpty(refComponents[0]) || String.IsNullOrEmpty(refComponents[1]) || !Int32.TryParse(refComponents[1], NumberStyles.None, CultureInfo.InvariantCulture, out version)) { throw new SyntaxErrorException(scalar.Start, scalar.End, $"Task reference must be in the format @. For example MyTask@2. The following task reference format is invalid: '{scalar.Value}'"); } task.Reference = new TaskReference { Name = refComponents[0], Version = refComponents[1], }; while (parser.Allow() == null) { scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.Inputs: task.Inputs = ReadMappingOfStringString(parser, StringComparer.OrdinalIgnoreCase); break; default: SetTaskControlProperty(parser, task, scalar); break; } } result = task; } else if (String.Equals(scalar.Value, YamlConstants.Script, StringComparison.Ordinal)) { var task = new TaskStep { Enabled = true, Reference = new TaskReference { Name = "CmdLine", Version = "2", }, Inputs = new Dictionary(StringComparer.OrdinalIgnoreCase), }; task.Inputs["script"] = parser.Expect().Value ?? String.Empty; while (parser.Allow() == null) { scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.FailOnStderr: task.Inputs["failOnStderr"] = parser.Expect().Value ?? String.Empty; break; case YamlConstants.WorkingDirectory: task.Inputs["workingDirectory"] = parser.Expect().Value ?? String.Empty; break; default: SetTaskControlProperty(parser, task, scalar); break; } } result = task; } else if (String.Equals(scalar.Value, YamlConstants.Bash, StringComparison.Ordinal)) { var task = new TaskStep { Enabled = true, Reference = new TaskReference { Name = "Bash", Version = "3", }, Inputs = new Dictionary(StringComparer.OrdinalIgnoreCase), }; task.Inputs["targetType"] = "inline"; task.Inputs["script"] = parser.Expect().Value ?? String.Empty; while (parser.Allow() == null) { scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.FailOnStderr: task.Inputs["failOnStderr"] = parser.Expect().Value ?? String.Empty; break; case YamlConstants.WorkingDirectory: task.Inputs["workingDirectory"] = parser.Expect().Value ?? String.Empty; break; default: SetTaskControlProperty(parser, task, scalar); break; } } result = task; } else if (String.Equals(scalar.Value, YamlConstants.PowerShell, StringComparison.Ordinal)) { var task = new TaskStep { Enabled = true, Reference = new TaskReference { Name = "PowerShell", Version = "2", }, Inputs = new Dictionary(StringComparer.OrdinalIgnoreCase), }; task.Inputs["targetType"] = "inline"; task.Inputs["script"] = parser.Expect().Value ?? String.Empty; while (parser.Allow() == null) { scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.ErrorActionPreference: task.Inputs["errorActionPreference"] = parser.Expect().Value ?? String.Empty; break; case YamlConstants.FailOnStderr: task.Inputs["failOnStderr"] = parser.Expect().Value ?? String.Empty; break; case YamlConstants.IgnoreLASTEXITCODE: task.Inputs["ignoreLASTEXITCODE"] = parser.Expect().Value ?? String.Empty; break; case YamlConstants.WorkingDirectory: task.Inputs["workingDirectory"] = parser.Expect().Value ?? String.Empty; break; default: SetTaskControlProperty(parser, task, scalar); break; } } result = task; } else if (String.Equals(scalar.Value, YamlConstants.Checkout, StringComparison.Ordinal)) { var checkoutStep = new CheckoutStep(); scalar = parser.Expect(); checkoutStep.Name = scalar.Value ?? String.Empty; if (String.Equals(checkoutStep.Name, YamlConstants.Self, StringComparison.Ordinal)) { while (parser.Allow() == null) { scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.Clean: checkoutStep.Clean = ReadNonEmptyString(parser); break; case YamlConstants.FetchDepth: checkoutStep.FetchDepth = ReadNonEmptyString(parser); break; case YamlConstants.Lfs: checkoutStep.Lfs = ReadNonEmptyString(parser); break; } } } else if (String.Equals(checkoutStep.Name, YamlConstants.None, StringComparison.Ordinal)) { parser.Expect(); } else { throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected resource name '{scalar.Value}'. The '{YamlConstants.Checkout}' step currently can only be used with the resource name '{YamlConstants.Self}' or '{YamlConstants.None}'."); } result = checkoutStep; } else if (String.Equals(scalar.Value, YamlConstants.Group, StringComparison.Ordinal)) { if (simpleOnly) { throw new SyntaxErrorException(scalar.Start, scalar.End, $"A step '{YamlConstants.Group}' cannot be nested within a step group or steps template."); } var stepGroup = new StepGroup() { Name = ReadNonEmptyString(parser) }; while (parser.Allow() == null) { scalar = parser.Expect(); if (String.Equals(scalar.Value, YamlConstants.Steps, StringComparison.Ordinal)) { stepGroup.Steps = ReadSteps(parser, simpleOnly: true).Cast().ToList(); } else { throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected property: '{scalar.Value}'"); } } result = stepGroup; } else if (String.Equals(scalar.Value, YamlConstants.Template, StringComparison.Ordinal)) { if (simpleOnly) { throw new SyntaxErrorException(scalar.Start, scalar.End, $"Steps '{YamlConstants.Template}' cannot be nested within a step group or steps template."); } var templateReference = new StepsTemplateReference { Name = ReadNonEmptyString(parser) }; while (parser.Allow() == null) { scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.Parameters: templateReference.Parameters = ReadMapping(parser); break; case YamlConstants.Steps: templateReference.StepOverrides = ReadStepOverrides(parser); break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected property: '{scalar.Value}'"); } } result = templateReference; } else { throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unknown step type: '{scalar.Value}'"); } return result; } internal static IDictionary> ReadStepOverrides(IParser parser) { var result = new Dictionary>(); parser.Expect(); while (parser.Allow() == null) { String key = ReadNonEmptyString(parser); result[key] = ReadSteps(parser, simpleOnly: true).Cast().ToList(); } return result; } internal static void SetProperty(IParser parser, StepsTemplateReference reference, Scalar scalar) { switch (scalar.Value ?? String.Empty) { case YamlConstants.Parameters: reference.Parameters = ReadMapping(parser); break; case YamlConstants.Steps: reference.StepOverrides = ReadStepOverrides(parser); break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected property: '{scalar.Value}'"); } } internal static void SetTaskControlProperty(IParser parser, TaskStep task, Scalar scalar) { switch (scalar.Value ?? String.Empty) { case YamlConstants.Condition: task.Condition = parser.Expect().Value; break; case YamlConstants.ContinueOnError: task.ContinueOnError = ReadBoolean(parser); break; case YamlConstants.Enabled: task.Enabled = ReadBoolean(parser); break; case YamlConstants.Environment: task.Environment = ReadMappingOfStringString(parser, StringComparer.Ordinal); break; case YamlConstants.Name: task.Name = parser.Expect().Value; break; case YamlConstants.TimeoutInMinutes: task.TimeoutInMinutes = ReadInt32(parser); break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected property {scalar.Value}"); } } internal static void WriteSteps(IEmitter emitter, IList steps) { emitter.Emit(new SequenceStart(null, null, true, SequenceStyle.Block)); foreach (IStep step in steps) { WriteStep(emitter, step); } emitter.Emit(new SequenceEnd()); } internal static void WriteStep(IEmitter emitter, IStep step, Boolean noBootstrap = false) { if (!noBootstrap) { emitter.Emit(new MappingStart()); } if (step is StepsTemplateReference) { var reference = step as StepsTemplateReference; if (!noBootstrap) { emitter.Emit(new Scalar(YamlConstants.Template)); emitter.Emit(new Scalar(reference.Name)); if (reference.Parameters != null && reference.Parameters.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Parameters)); WriteMapping(emitter, reference.Parameters); } } if (reference.StepOverrides != null && reference.StepOverrides.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Steps)); WriteStepOverrides(emitter, reference.StepOverrides); } } else if (step is StepGroup) { var group = step as StepGroup; emitter.Emit(new Scalar(YamlConstants.Group)); emitter.Emit(new Scalar(group.Name)); if (group.Steps != null && group.Steps.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Steps)); WriteSteps(emitter, group.Steps.Cast().ToList()); } } else if (step is TaskStep) { var task = step as TaskStep; if (String.Equals(task.Reference.Name, "CmdLine", StringComparison.OrdinalIgnoreCase) && String.Equals(task.Reference.Version, "2", StringComparison.Ordinal) && task.Inputs != null) { emitter.Emit(new Scalar(YamlConstants.Script)); String script; task.Inputs.TryGetValue("script", out script); emitter.Emit(new Scalar(script ?? String.Empty)); WriteTaskPreInputProperties(emitter, task); String failOnStderr; if (task.Inputs.TryGetValue("failOnStderr", out failOnStderr) && !String.IsNullOrEmpty(failOnStderr)) { emitter.Emit(new Scalar(YamlConstants.FailOnStderr)); emitter.Emit(new Scalar(failOnStderr)); } String workingDirectory; if (task.Inputs.TryGetValue("workingDirectory", out workingDirectory) && !String.IsNullOrEmpty(workingDirectory)) { emitter.Emit(new Scalar(YamlConstants.WorkingDirectory)); emitter.Emit(new Scalar(workingDirectory)); } WriteTaskPostInputProperties(emitter, task); } else if (String.Equals(task.Reference.Name, "Bash", StringComparison.OrdinalIgnoreCase) && String.Equals(task.Reference.Version, "3", StringComparison.Ordinal) && task.Inputs != null && task.Inputs.ContainsKey("targetType") && String.Equals(task.Inputs["targetType"], "inline", StringComparison.OrdinalIgnoreCase)) { emitter.Emit(new Scalar(YamlConstants.Bash)); String script; task.Inputs.TryGetValue("script", out script); emitter.Emit(new Scalar(script ?? String.Empty)); WriteTaskPreInputProperties(emitter, task); String failOnStderr; if (task.Inputs.TryGetValue("failOnStderr", out failOnStderr) && !String.IsNullOrEmpty(failOnStderr)) { emitter.Emit(new Scalar(YamlConstants.FailOnStderr)); emitter.Emit(new Scalar(failOnStderr)); } String workingDirectory; if (task.Inputs.TryGetValue("workingDirectory", out workingDirectory) && !String.IsNullOrEmpty(workingDirectory)) { emitter.Emit(new Scalar(YamlConstants.WorkingDirectory)); emitter.Emit(new Scalar(workingDirectory)); } WriteTaskPostInputProperties(emitter, task); } else if (String.Equals(task.Reference.Name, "PowerShell", StringComparison.OrdinalIgnoreCase) && String.Equals(task.Reference.Version, "2", StringComparison.Ordinal) && task.Inputs != null && task.Inputs.ContainsKey("targetType") && String.Equals(task.Inputs["targetType"], "inline", StringComparison.OrdinalIgnoreCase)) { emitter.Emit(new Scalar(YamlConstants.PowerShell)); String script; task.Inputs.TryGetValue("script", out script); emitter.Emit(new Scalar(script ?? String.Empty)); WriteTaskPreInputProperties(emitter, task); String errorActionPreference; if (task.Inputs.TryGetValue("errorActionPreference", out errorActionPreference) && !String.IsNullOrEmpty(errorActionPreference)) { emitter.Emit(new Scalar(YamlConstants.ErrorActionPreference)); emitter.Emit(new Scalar(errorActionPreference)); } String failOnStderr; if (task.Inputs.TryGetValue("failOnStderr", out failOnStderr) && !String.IsNullOrEmpty(failOnStderr)) { emitter.Emit(new Scalar(YamlConstants.FailOnStderr)); emitter.Emit(new Scalar(failOnStderr)); } String ignoreLASTEXITCODE; if (task.Inputs.TryGetValue("ignoreLASTEXITCODE", out ignoreLASTEXITCODE) && !String.IsNullOrEmpty(ignoreLASTEXITCODE)) { emitter.Emit(new Scalar(YamlConstants.IgnoreLASTEXITCODE)); emitter.Emit(new Scalar(ignoreLASTEXITCODE)); } String workingDirectory; if (task.Inputs.TryGetValue("workingDirectory", out workingDirectory) && !String.IsNullOrEmpty(workingDirectory)) { emitter.Emit(new Scalar(YamlConstants.WorkingDirectory)); emitter.Emit(new Scalar(workingDirectory)); } WriteTaskPostInputProperties(emitter, task); } else { emitter.Emit(new Scalar(YamlConstants.Task)); if (String.IsNullOrEmpty(task.Reference.Version)) { emitter.Emit(new Scalar(task.Reference.Name)); } else { emitter.Emit(new Scalar($"{task.Reference.Name}@{task.Reference.Version}")); } WriteTaskPreInputProperties(emitter, task); if (task.Inputs != null && task.Inputs.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Inputs)); WriteMapping(emitter, task.Inputs); } WriteTaskPostInputProperties(emitter, task); } } else if (step is CheckoutStep) { var checkoutStep = step as CheckoutStep; emitter.Emit(new Scalar(YamlConstants.Checkout)); if (String.Equals(checkoutStep.Name, YamlConstants.None, StringComparison.OrdinalIgnoreCase)) { emitter.Emit(new Scalar(YamlConstants.None)); } else if (String.Equals(checkoutStep.Name, YamlConstants.Self, StringComparison.OrdinalIgnoreCase)) { emitter.Emit(new Scalar(YamlConstants.Self)); if (!String.IsNullOrEmpty(checkoutStep.Clean)) { emitter.Emit(new Scalar(YamlConstants.Clean)); emitter.Emit(new Scalar(checkoutStep.Clean)); } if (!String.IsNullOrEmpty(checkoutStep.FetchDepth)) { emitter.Emit(new Scalar(YamlConstants.FetchDepth)); emitter.Emit(new Scalar(checkoutStep.FetchDepth)); } if (!String.IsNullOrEmpty(checkoutStep.Lfs)) { emitter.Emit(new Scalar(YamlConstants.Lfs)); emitter.Emit(new Scalar(checkoutStep.Lfs)); } } else { // Should not reach here. throw new NotSupportedException($"Unexpected checkout step resource name: '{checkoutStep.Name}'"); } } if (!noBootstrap) { emitter.Emit(new MappingEnd()); } } internal static void WriteStepOverrides(IEmitter emitter, IDictionary> overrides) { emitter.Emit(new MappingStart()); foreach (KeyValuePair> pair in overrides) { emitter.Emit(new Scalar(pair.Key)); WriteSteps(emitter, pair.Value.Cast().ToList()); } emitter.Emit(new MappingEnd()); } internal static void WriteStepsTemplate(IEmitter emitter, StepsTemplate template, Boolean noBootstrapper = false) { if (!noBootstrapper) { emitter.Emit(new MappingStart()); } if (template.Steps != null && template.Steps.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Steps)); WriteSteps(emitter, template.Steps); } if (!noBootstrapper) { emitter.Emit(new MappingEnd()); } } private static void WriteTaskPreInputProperties(IEmitter emitter, TaskStep task) { if (!String.IsNullOrEmpty(task.Name)) { emitter.Emit(new Scalar(YamlConstants.Name)); emitter.Emit(new Scalar(task.Name)); } if (!task.Enabled) { emitter.Emit(new Scalar(YamlConstants.Enabled)); emitter.Emit(new Scalar("false")); } if (!String.IsNullOrEmpty(task.Condition)) { emitter.Emit(new Scalar(YamlConstants.Condition)); emitter.Emit(new Scalar(task.Condition)); } if (task.ContinueOnError) { emitter.Emit(new Scalar(YamlConstants.ContinueOnError)); emitter.Emit(new Scalar("true")); } if (task.TimeoutInMinutes > 0) { emitter.Emit(new Scalar(YamlConstants.TimeoutInMinutes)); emitter.Emit(new Scalar(String.Format(CultureInfo.InvariantCulture, "{0}", task.TimeoutInMinutes))); } } private static void WriteTaskPostInputProperties(IEmitter emitter, TaskStep task) { if (task.Environment != null && task.Environment.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Environment)); WriteMapping(emitter, task.Environment); } } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/TypeConverters/ConverterUtil.variables.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Reflection; using Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts; using YamlDotNet.Core; using YamlDotNet.Core.Events; using YamlDotNet.Serialization; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters { internal static partial class ConverterUtil { internal static IList ReadVariables(IParser parser, Boolean simpleOnly = false) { var result = new List(); if (parser.Accept()) { // The simple syntax is: // variables: // var1: val1 // var2: val2 foreach (KeyValuePair pair in ReadMappingOfStringString(parser, StringComparer.OrdinalIgnoreCase)) { result.Add(new Variable() { Name = pair.Key, Value = pair.Value }); } } else { // When a variables template is referenced, sequence syntax is required: // variables: // - name: var1 // value: val1 // - name: var2 // value: val2 // - template: path-to-variables-template.yml parser.Expect(); while (parser.Allow() == null) { parser.Expect(); Scalar scalar = parser.Expect(); if (String.Equals(scalar.Value, YamlConstants.Name, StringComparison.Ordinal)) { var variable = new Variable { Name = ReadNonEmptyString(parser) }; while (parser.Allow() == null) { scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.Value: variable.Value = parser.Expect().Value; break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected property: '{scalar.Value}."); } } result.Add(variable); } else if (String.Equals(scalar.Value, YamlConstants.Template, StringComparison.Ordinal)) { if (simpleOnly) { throw new SyntaxErrorException(scalar.Start, scalar.End, $"A variables template cannot reference another variables '{YamlConstants.Template}'."); } var reference = new VariablesTemplateReference { Name = ReadNonEmptyString(parser) }; while (parser.Allow() == null) { scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.Parameters: reference.Parameters = ReadMapping(parser); break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected property: '{scalar.Value}'"); } } result.Add(reference); } else { throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unknown job type: '{scalar.Value}'"); } } } return result; } internal static void WriteVariables(IEmitter emitter, IList variables) { if (!variables.Any(x => x is VariablesTemplateReference)) { emitter.Emit(new MappingStart()); foreach (Variable variable in variables) { emitter.Emit(new Scalar(variable.Name)); emitter.Emit(new Scalar(variable.Value)); } emitter.Emit(new MappingEnd()); } else { emitter.Emit(new SequenceStart(null, null, true, SequenceStyle.Block)); foreach (IVariable variable in variables) { emitter.Emit(new MappingStart()); if (variable is Variable) { var v = variable as Variable; emitter.Emit(new Scalar(YamlConstants.Name)); emitter.Emit(new Scalar(v.Name)); emitter.Emit(new Scalar(YamlConstants.Value)); emitter.Emit(new Scalar(v.Value)); } else { var reference = variable as VariablesTemplateReference; emitter.Emit(new Scalar(YamlConstants.Template)); emitter.Emit(new Scalar(reference.Name)); if (reference.Parameters != null && reference.Parameters.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Parameters)); WriteMapping(emitter, reference.Parameters); } } emitter.Emit(new MappingEnd()); } emitter.Emit(new SequenceEnd()); } } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/TypeConverters/PhasesTemplateConverter.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Reflection; using Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts; using YamlDotNet.Core; using YamlDotNet.Core.Events; using YamlDotNet.Serialization; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters { internal sealed class PhasesTemplateConverter : IYamlTypeConverter { public Boolean Accepts(Type type) { return typeof(PhasesTemplate) == type; } public Object ReadYaml(IParser parser, Type type) { var result = new PhasesTemplate(); parser.Expect(); while (parser.Allow() == null) { Scalar scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { // // Phases template properties // case YamlConstants.Phases: ConverterUtil.ValidateNull(result.Steps, YamlConstants.Steps, YamlConstants.Phases, scalar); result.Phases = ConverterUtil.ReadPhases(parser, simpleOnly: true); break; // // Steps template properties // case YamlConstants.Steps: ConverterUtil.ValidateNull(result.Phases, YamlConstants.Phases, YamlConstants.Steps, scalar); result.Steps = ConverterUtil.ReadSteps(parser, simpleOnly: false); break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected process property: '{scalar.Value}'"); } } return result; } public void WriteYaml(IEmitter emitter, Object value, Type type) { ConverterUtil.WritePhasesTemplate(emitter, value as PhasesTemplate); } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/TypeConverters/ProcessConverter.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Reflection; using Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts; using YamlDotNet.Core; using YamlDotNet.Core.Events; using YamlDotNet.Serialization; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters { internal sealed class ProcessConverter : IYamlTypeConverter { public Boolean Accepts(Type type) { return typeof(Process).IsAssignableFrom(type); } public Object ReadYaml(IParser parser, Type type) { var result = new Process(); parser.Expect(); while (parser.Allow() == null) { Scalar scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { // // Process properties // case YamlConstants.Resources: result.Resources = ConverterUtil.ReadProcessResources(parser); break; case YamlConstants.Template: ConverterUtil.ValidateNull(result.Phases, YamlConstants.Phases, YamlConstants.Template, scalar); ConverterUtil.ValidateNull(result.ContinueOnError, YamlConstants.ContinueOnError, YamlConstants.Template, scalar); if (result.Target != null) { ConverterUtil.ValidateNull(result.Target as DeploymentTarget, YamlConstants.Deployment, YamlConstants.Template, scalar); ConverterUtil.ValidateNull(result.Target as QueueTarget, YamlConstants.Queue, YamlConstants.Template, scalar); ConverterUtil.ValidateNull(result.Target as ServerTarget, YamlConstants.Server, YamlConstants.Template, scalar); throw new NotSupportedException("Unexpected previous target type"); // Should not reach here } ConverterUtil.ValidateNull(result.Variables, YamlConstants.Variables, YamlConstants.Template, scalar); ConverterUtil.ValidateNull(result.Steps, YamlConstants.Steps, YamlConstants.Template, scalar); result.Template = ConverterUtil.ReadProcessTemplateReference(parser); break; case YamlConstants.Phases: ConverterUtil.ValidateNull(result.Template, YamlConstants.Template, YamlConstants.Phases, scalar); ConverterUtil.ValidateNull(result.ContinueOnError, YamlConstants.ContinueOnError, YamlConstants.Phases, scalar); if (result.Target != null) { ConverterUtil.ValidateNull(result.Target as DeploymentTarget, YamlConstants.Deployment, YamlConstants.Phases, scalar); ConverterUtil.ValidateNull(result.Target as QueueTarget, YamlConstants.Queue, YamlConstants.Phases, scalar); ConverterUtil.ValidateNull(result.Target as ServerTarget, YamlConstants.Server, YamlConstants.Phases, scalar); throw new NotSupportedException("Unexpected previous target type"); // Should not reach here } ConverterUtil.ValidateNull(result.Variables, YamlConstants.Variables, YamlConstants.Phases, scalar); ConverterUtil.ValidateNull(result.Steps, YamlConstants.Steps, YamlConstants.Phases, scalar); result.Phases = ConverterUtil.ReadPhases(parser, simpleOnly: false); break; // // Phase properties // case YamlConstants.ContinueOnError: ConverterUtil.ValidateNull(result.Template, YamlConstants.Template, YamlConstants.ContinueOnError, scalar); ConverterUtil.ValidateNull(result.Phases, YamlConstants.Phases, YamlConstants.ContinueOnError, scalar); result.ContinueOnError = ConverterUtil.ReadNonEmptyString(parser); break; case YamlConstants.Deployment: ConverterUtil.ValidateNull(result.Template, YamlConstants.Template, YamlConstants.Deployment, scalar); ConverterUtil.ValidateNull(result.Phases, YamlConstants.Phases, YamlConstants.Deployment, scalar); if (result.Target != null) { ConverterUtil.ValidateNull(result.Target as QueueTarget, YamlConstants.Queue, YamlConstants.Deployment, scalar); ConverterUtil.ValidateNull(result.Target as ServerTarget, YamlConstants.Server, YamlConstants.Deployment, scalar); throw new NotSupportedException("Unexpected previous target type"); // Should not reach here } result.Target = ConverterUtil.ReadDeploymentTarget(parser); break; case YamlConstants.Queue: ConverterUtil.ValidateNull(result.Template, YamlConstants.Template, YamlConstants.Queue, scalar); ConverterUtil.ValidateNull(result.Phases, YamlConstants.Phases, YamlConstants.Queue, scalar); if (result.Target != null) { ConverterUtil.ValidateNull(result.Target as DeploymentTarget, YamlConstants.Deployment, YamlConstants.Queue, scalar); ConverterUtil.ValidateNull(result.Target as ServerTarget, YamlConstants.Server, YamlConstants.Queue, scalar); throw new NotSupportedException("Unexpected previous target type"); // Should not reach here } result.Target = ConverterUtil.ReadQueueTarget(parser); break; case YamlConstants.Server: ConverterUtil.ValidateNull(result.Template, YamlConstants.Template, YamlConstants.Server, scalar); ConverterUtil.ValidateNull(result.Phases, YamlConstants.Phases, YamlConstants.Server, scalar); if (result.Target != null) { ConverterUtil.ValidateNull(result.Target as DeploymentTarget, YamlConstants.Deployment, YamlConstants.Server, scalar); ConverterUtil.ValidateNull(result.Target as QueueTarget, YamlConstants.Queue, YamlConstants.Server, scalar); throw new NotSupportedException("Unexpected previous target type"); // Should not reach here } result.Target = ConverterUtil.ReadServerTarget(parser); break; case YamlConstants.Variables: ConverterUtil.ValidateNull(result.Template, YamlConstants.Template, YamlConstants.Variables, scalar); ConverterUtil.ValidateNull(result.Phases, YamlConstants.Phases, YamlConstants.Variables, scalar); result.Variables = ConverterUtil.ReadVariables(parser); break; case YamlConstants.Steps: ConverterUtil.ValidateNull(result.Template, YamlConstants.Template, YamlConstants.Steps, scalar); ConverterUtil.ValidateNull(result.Phases, YamlConstants.Phases, YamlConstants.Steps, scalar); result.Steps = ConverterUtil.ReadSteps(parser, simpleOnly: false); break; // // Generic properties // case YamlConstants.Name: result.Name = scalar.Value; break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected process property: '{scalar.Value}'"); } } return result; } public void WriteYaml(IEmitter emitter, Object value, Type type) { emitter.Emit(new MappingStart()); var process = value as Process; if (!String.IsNullOrEmpty(process.Name)) { emitter.Emit(new Scalar(YamlConstants.Name)); emitter.Emit(new Scalar(process.Name)); } if (process.Resources != null && process.Resources.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Resources)); ConverterUtil.WriteProcessResources(emitter, process.Resources); } if (process.Template != null) { emitter.Emit(new Scalar(YamlConstants.Template)); emitter.Emit(new MappingStart()); if (!String.IsNullOrEmpty(process.Template.Name)) { emitter.Emit(new Scalar(YamlConstants.Name)); emitter.Emit(new Scalar(process.Template.Name)); } if (process.Template.Parameters != null && process.Template.Parameters.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Parameters)); ConverterUtil.WriteMapping(emitter, process.Template.Parameters); } ConverterUtil.WritePhase(emitter, process.Template as PhasesTemplateReference, noBootstrap: true); emitter.Emit(new MappingEnd()); } if (process.Phases != null && process.Phases.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Phases)); ConverterUtil.WritePhases(emitter, process.Phases); } ConverterUtil.WritePhase(emitter, process, noBootstrap: true); emitter.Emit(new MappingEnd()); } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/TypeConverters/ProcessTemplateConverter.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Reflection; using Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts; using YamlDotNet.Core; using YamlDotNet.Core.Events; using YamlDotNet.Serialization; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters { internal sealed class ProcessTemplateConverter : IYamlTypeConverter { public Boolean Accepts(Type type) { return typeof(ProcessTemplate) == type; } public Object ReadYaml(IParser parser, Type type) { var result = new ProcessTemplate(); parser.Expect(); while (parser.Allow() == null) { Scalar scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { // // Process template properties // case YamlConstants.Resources: result.Resources = ConverterUtil.ReadProcessResources(parser); break; // // Phases template properties // case YamlConstants.Phases: ConverterUtil.ValidateNull(result.Steps, YamlConstants.Steps, YamlConstants.Phases, scalar); result.Phases = ConverterUtil.ReadPhases(parser, simpleOnly: false); break; // // Steps template properties // case YamlConstants.Steps: ConverterUtil.ValidateNull(result.Phases, YamlConstants.Phases, YamlConstants.Steps, scalar); result.Steps = ConverterUtil.ReadSteps(parser, simpleOnly: false); break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected process property: '{scalar.Value}'"); } } return result; } public void WriteYaml(IEmitter emitter, Object value, Type type) { emitter.Emit(new MappingStart()); var template = value as ProcessTemplate; if (template.Resources != null && template.Resources.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Resources)); ConverterUtil.WriteProcessResources(emitter, template.Resources); } ConverterUtil.WritePhasesTemplate(emitter, template, noBootstrapper: true); emitter.Emit(new MappingEnd()); } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/TypeConverters/StepsTemplateConverter.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Reflection; using Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts; using YamlDotNet.Core; using YamlDotNet.Core.Events; using YamlDotNet.Serialization; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters { internal sealed class StepsTemplateConverter : IYamlTypeConverter { public Boolean Accepts(Type type) { return typeof(StepsTemplate) == type; } public Object ReadYaml(IParser parser, Type type) { var result = new StepsTemplate(); parser.Expect(); while (parser.Allow() == null) { Scalar scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.Steps: result.Steps = ConverterUtil.ReadSteps(parser, simpleOnly: true); break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected steps template property: '{scalar.Value}'"); } } return result; } public void WriteYaml(IEmitter emitter, Object value, Type type) { ConverterUtil.WriteStepsTemplate(emitter, value as StepsTemplate); } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/TypeConverters/VariablesTemplateConverter.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Reflection; using Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.Contracts; using YamlDotNet.Core; using YamlDotNet.Core.Events; using YamlDotNet.Serialization; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters { internal sealed class VariablesTemplateConverter : IYamlTypeConverter { public Boolean Accepts(Type type) { return typeof(VariablesTemplate) == type; } public Object ReadYaml(IParser parser, Type type) { var result = new VariablesTemplate(); parser.Expect(); while (parser.Allow() == null) { Scalar scalar = parser.Expect(); switch (scalar.Value ?? String.Empty) { case YamlConstants.Variables: result.Variables = ConverterUtil.ReadVariables(parser, simpleOnly: true); break; default: throw new SyntaxErrorException(scalar.Start, scalar.End, $"Unexpected variables template property: '{scalar.Value}'"); } } return result; } public void WriteYaml(IEmitter emitter, Object value, Type type) { emitter.Emit(new MappingStart()); var template = value as VariablesTemplate; if (template.Variables != null && template.Variables.Count > 0) { emitter.Emit(new Scalar(YamlConstants.Variables)); ConverterUtil.WriteVariables(emitter, template.Variables); } emitter.Emit(new MappingEnd()); } } } ================================================ FILE: src/Agent.Listener/DistributedTask.Pipelines/Yaml/TypeConverters/YamlConstants.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml.TypeConverters { internal static class YamlConstants { internal const String Bash = "bash"; internal const String Checkout = "checkout"; internal const String Clean = "clean"; internal const String Condition = "condition"; internal const String ContinueOnError = "continueOnError"; internal const String Demands = "demands"; internal const String DependsOn = "dependsOn"; internal const String Deployment = "deployment"; internal const String EnableAccessToken = "enableAccessToken"; internal const String Enabled = "enabled"; internal const String Endpoint = "endpoint"; internal const String ErrorActionPreference = "errorActionPreference"; internal const String Environment = "env"; internal const String FailOnStderr = "failOnStderr"; internal const String FetchDepth = "fetchDepth"; internal const String Group = "group"; internal const String HealthOption = "healthOption"; internal const String IgnoreLASTEXITCODE = "ignoreLASTEXITCODE"; internal const String Inputs = "inputs"; internal const String Lfs = "lfs"; internal const String Matrix = "matrix"; internal const String Name = "name"; internal const String None = "none"; internal const String Parallel = "parallel"; internal const String Parameters = "parameters"; internal const String Percentage = "percentage"; internal const String Phases = "phases"; internal const String PowerShell = "powershell"; internal const String Queue = "queue"; internal const String Repo = "repo"; internal const String Resources = "resources"; internal const String Script = "script"; internal const String Self = "self"; internal const String Server = "server"; internal const String Steps = "steps"; internal const String Tags = "tags"; internal const String Task = "task"; internal const String Template = "template"; internal const String TimeoutInMinutes = "timeoutInMinutes"; internal const String Type = "type"; internal const String Value = "value"; internal const String Variables = "variables"; internal const String WorkingDirectory = "workingDirectory"; internal const String RetryCountOnTaskFailure = "retryCountOnTaskFailure"; } } ================================================ FILE: src/Agent.Listener/JobDispatcher.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk.Knob; using Agent.Sdk.Util; using Agent.Listener.Configuration; using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Net.Sockets; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using System.Linq; using Microsoft.VisualStudio.Services.Common; using System.Diagnostics; using Newtonsoft.Json; using Microsoft.VisualStudio.Services.Agent.Listener.Telemetry; namespace Microsoft.VisualStudio.Services.Agent.Listener { [ServiceLocator(Default = typeof(JobDispatcher))] public interface IJobDispatcher : IAgentService { TaskCompletionSource RunOnceJobCompleted { get; } void Run(Pipelines.AgentJobRequestMessage message, bool runOnce = false); bool Cancel(JobCancelMessage message); void MetadataUpdate(JobMetadataMessage message); Task WaitAsync(CancellationToken token); Task ShutdownAsync(); } // This implementation of IJobDispatcher is not thread safe. // It is base on the fact that the current design of agent is dequeue // and process one message from message queue everytime. // In addition, it only execute one job every time, // and server will not send another job while this one is still running. public sealed class JobDispatcher : AgentService, IJobDispatcher { private int _poolId; AgentSettings _agentSetting; private static readonly string _workerProcessName = $"Agent.Worker{IOUtil.ExeExtension}"; // this is not thread-safe private readonly Queue _jobDispatchedQueue = new Queue(); private readonly ConcurrentDictionary _jobInfos = new ConcurrentDictionary(); //allow up to 30sec for any data to be transmitted over the process channel //timeout limit can be overwrite by environment VSTS_AGENT_CHANNEL_TIMEOUT private TimeSpan _channelTimeout; private TaskCompletionSource _runOnceJobCompleted = new TaskCompletionSource(); public override void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); // get pool id from config var configurationStore = hostContext.GetService(); _agentSetting = configurationStore.GetSettings(); _poolId = _agentSetting.PoolId; int channelTimeoutSeconds = AgentKnobs.AgentChannelTimeout.GetValue(UtilKnobValueContext.Instance()).AsInt(); // _channelTimeout should in range [30, 300] seconds _channelTimeout = TimeSpan.FromSeconds(Math.Min(Math.Max(channelTimeoutSeconds, 30), 300)); Trace.Info($"JobDispatcher initialized - agent/worker IPC timeout: {_channelTimeout.TotalSeconds} seconds"); } public TaskCompletionSource RunOnceJobCompleted => _runOnceJobCompleted; [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "WorkerDispatcher")] public void Run(Pipelines.AgentJobRequestMessage jobRequestMessage, bool runOnce = false) { using (Trace.EnteringWithDuration()) { ArgUtil.NotNull(jobRequestMessage, nameof(jobRequestMessage)); Trace.Info($"Job request {jobRequestMessage.RequestId} for plan {jobRequestMessage.Plan.PlanId} job {jobRequestMessage.JobId} received."); WorkerDispatcher currentDispatch = null; if (_jobDispatchedQueue.Count > 0) { Guid dispatchedJobId = _jobDispatchedQueue.Dequeue(); if (_jobInfos.TryGetValue(dispatchedJobId, out currentDispatch)) { Trace.Verbose($"Retrieve previous WorkerDispather for job {currentDispatch.JobId}."); } } WorkerDispatcher newDispatch = new WorkerDispatcher(jobRequestMessage.JobId, jobRequestMessage.RequestId); if (runOnce) { Trace.Info("Starting dispatcher with runOnce option.(Agent will terminate agent after completion)"); jobRequestMessage.Variables[Constants.Variables.Agent.RunMode] = new VariableValue(Constants.Agent.CommandLine.Flags.Once); newDispatch.WorkerDispatch = RunOnceAsync(jobRequestMessage, currentDispatch, newDispatch); } else { Trace.Info("Starting Dispatcher(RunAsync)"); newDispatch.WorkerDispatch = RunAsync(jobRequestMessage, currentDispatch, newDispatch); } _jobInfos.TryAdd(newDispatch.JobId, newDispatch); _jobDispatchedQueue.Enqueue(newDispatch.JobId); Trace.Info(StringUtil.Format("Job dispatcher setup complete [JobId:{0}, QueuePosition:{1}, ActiveJobs:{2}, DispatchMode:{3}]", newDispatch.JobId, _jobDispatchedQueue.Count, _jobInfos.Count, (runOnce ? "RunOnce" : "Normal"))); } } public void MetadataUpdate(JobMetadataMessage jobMetadataMessage) { ArgUtil.NotNull(jobMetadataMessage, nameof(jobMetadataMessage)); Trace.Info(StringUtil.Format("Job metadata update received for job: {0}", jobMetadataMessage.JobId)); WorkerDispatcher workerDispatcher; if (!_jobInfos.TryGetValue(jobMetadataMessage.JobId, out workerDispatcher)) { Trace.Verbose($"Job request {jobMetadataMessage.JobId} is not a current running job, ignore metadata update."); } else { workerDispatcher.UpdateMetadata(jobMetadataMessage); Trace.Verbose($"Fired metadata update for job request {workerDispatcher.JobId}."); } } public bool Cancel(JobCancelMessage jobCancelMessage) { ArgUtil.NotNull(jobCancelMessage, nameof(jobCancelMessage)); Trace.Info($"Job cancellation request {jobCancelMessage.JobId} received, cancellation timeout {jobCancelMessage.Timeout.TotalMinutes} minutes."); WorkerDispatcher workerDispatcher; if (!_jobInfos.TryGetValue(jobCancelMessage.JobId, out workerDispatcher)) { Trace.Verbose($"Job request {jobCancelMessage.JobId} is not a current running job, ignore cancllation request."); return false; } else { if (workerDispatcher.Cancel(jobCancelMessage.Timeout)) { Trace.Verbose($"Fired cancellation token for job request {workerDispatcher.JobId}."); } return true; } } public async Task WaitAsync(CancellationToken token) { WorkerDispatcher currentDispatch = null; Guid dispatchedJobId; if (_jobDispatchedQueue.Count > 0) { dispatchedJobId = _jobDispatchedQueue.Dequeue(); if (_jobInfos.TryGetValue(dispatchedJobId, out currentDispatch)) { Trace.Verbose($"Retrive previous WorkerDispather for job {currentDispatch.JobId}."); } } else { Trace.Verbose($"There is no running WorkerDispather needs to await."); } if (currentDispatch != null) { using (var registration = token.Register(() => { if (currentDispatch.Cancel(TimeSpan.FromSeconds(60))) { Trace.Verbose($"Fired cancellation token for job request {currentDispatch.JobId}."); } })) { try { Trace.Info($"Waiting WorkerDispather for job {currentDispatch.JobId} run to finish."); await currentDispatch.WorkerDispatch; Trace.Info($"Job request {currentDispatch.JobId} processed successfully."); } catch (Exception ex) { Trace.Error($"Worker Dispatch failed with an exception for job request {currentDispatch.JobId}."); Trace.Error(ex); } finally { WorkerDispatcher workerDispatcher; if (_jobInfos.TryRemove(currentDispatch.JobId, out workerDispatcher)) { Trace.Verbose($"Remove WorkerDispather from {nameof(_jobInfos)} dictionary for job {currentDispatch.JobId}."); workerDispatcher.Dispose(); } } } } } public async Task ShutdownAsync() { Trace.Info(StringUtil.Format("JobDispatcher shutdown initiated [ActiveJobs:{0}, QueuedJobs:{1}]", _jobInfos.Count, _jobDispatchedQueue.Count)); WorkerDispatcher currentDispatch = null; if (_jobDispatchedQueue.Count > 0) { Guid dispatchedJobId = _jobDispatchedQueue.Dequeue(); if (_jobInfos.TryGetValue(dispatchedJobId, out currentDispatch)) { try { Trace.Info(StringUtil.Format("Waiting for worker completion and cancelling any running jobs for job: {0}", currentDispatch.JobId)); await EnsureDispatchFinished(currentDispatch, cancelRunningJob: true); Trace.Info(StringUtil.Format("Worker process shutdown completed successfully for job: {0}", currentDispatch.JobId)); } catch (Exception ex) { Trace.Error($"Catching worker dispatch exception for job request {currentDispatch.JobId} durning job dispatcher shut down."); Trace.Error(ex); } finally { WorkerDispatcher workerDispatcher; if (_jobInfos.TryRemove(currentDispatch.JobId, out workerDispatcher)) { Trace.Verbose($"Remove WorkerDispather from {nameof(_jobInfos)} dictionary for job {currentDispatch.JobId}."); workerDispatcher.Dispose(); } } } } Trace.Info("JobDispatcher shutdown completed - all worker processes terminated"); } private async Task EnsureDispatchFinished(WorkerDispatcher jobDispatch, bool cancelRunningJob = false) { Trace.Info(StringUtil.Format("EnsureDispatchFinished initiated [JobId:{0}, RequestId:{1}, CancelRunningJob:{2}, IsCompleted:{3}]", jobDispatch.JobId, jobDispatch.RequestId, cancelRunningJob, jobDispatch.WorkerDispatch.IsCompleted)); if (!jobDispatch.WorkerDispatch.IsCompleted) { if (cancelRunningJob) { // cancel running job when shutting down the agent. // this will happen when agent get Ctrl+C or message queue loop crashed. Trace.Info(StringUtil.Format("Forced job cancellation initiated [JobId:{0}, Reason:AgentShutdown, Action:CancelAndWait]", jobDispatch.JobId)); jobDispatch.WorkerCancellationTokenSource.Cancel(); // wait for worker process exit then return. await jobDispatch.WorkerDispatch; Trace.Info(StringUtil.Format("Forced job cancellation completed [JobId:{0}, Status:Cancelled, WorkerTerminated:True]", jobDispatch.JobId)); return; } // base on the current design, server will only send one job for a given agent everytime. // if the agent received a new job request while a previous job request is still running, this typically indicate two situations // 1. an agent bug cause server and agent mismatch on the state of the job request, ex. agent not renew jobrequest properly but think it still own the job reqest, however server already abandon the jobrequest. // 2. a server bug or design change that allow server send more than one job request to an given agent that haven't finish previous job request. Trace.Info(StringUtil.Format("Concurrent job detected - checking server job status [JobId:{0}, RequestId:{1}, PoolId:{2}]", jobDispatch.JobId, jobDispatch.RequestId, _poolId)); var agentServer = HostContext.GetService(); TaskAgentJobRequest request = null; try { Trace.Info(StringUtil.Format("Querying server for job status [JobId:{0}, RequestId:{1}, Operation:GetAgentRequest]", jobDispatch.JobId, jobDispatch.RequestId)); request = await agentServer.GetAgentRequestAsync(_poolId, jobDispatch.RequestId, CancellationToken.None); Trace.Info(StringUtil.Format("Server job status query completed [JobId:{0}, HasResult:{1}, ServerStatus:{2}]", jobDispatch.JobId, request.Result != null, request.Result?.ToString() ?? "InProgress")); } catch (Exception ex) { // we can't even query for the jobrequest from server, something totally busted, stop agent/worker. Trace.Error($"Catch exception while checking jobrequest {jobDispatch.JobId} status. Cancel running worker right away."); Trace.Error(ex); jobDispatch.WorkerCancellationTokenSource.Cancel(); // make sure worker process exit before we rethrow, otherwise we might leave orphan worker process behind. await jobDispatch.WorkerDispatch; Trace.Info(StringUtil.Format("Emergency worker termination completed [JobId:{0}, WorkerCancelled:True, Status:Rethrowing]", jobDispatch.JobId)); // rethrow original exception throw; } if (request.Result != null) { // job request has been finished, the server already has result. // this means agent is busted since it still running that request. // cancel the zombie worker, run next job request. Trace.Error($"Received job request while previous job {jobDispatch.JobId} still running on worker. Cancel the previous job since the job request have been finished on server side with result: {request.Result.Value}."); jobDispatch.WorkerCancellationTokenSource.Cancel(); // wait 45 sec for worker to finish. Task completedTask = await Task.WhenAny(jobDispatch.WorkerDispatch, Task.Delay(TimeSpan.FromSeconds(45))); if (completedTask != jobDispatch.WorkerDispatch) { // at this point, the job exectuion might encounter some dead lock and even not able to be canclled. // no need to localize the exception string should never happen. throw new InvalidOperationException($"Job dispatch process for {jobDispatch.JobId} has encountered unexpected error, the dispatch task is not able to be canceled within 45 seconds."); } Trace.Info(StringUtil.Format("Zombie worker termination successful [JobId:{0}, ServerResult:{1}, WorkerCancelled:True]", jobDispatch.JobId, request.Result.Value)); } else { // something seriously wrong on server side. stop agent from continue running. // no need to localize the exception string should never happen. Trace.Error(StringUtil.Format("Server state inconsistency detected [JobId:{0}, Issue:NewJobWhilePreviousIncomplete, ServerBehavior:Unexpected, Action:ThrowException]", jobDispatch.JobId)); throw new InvalidOperationException($"Server send a new job request while the previous job request {jobDispatch.JobId} haven't finished."); } } Trace.Info(StringUtil.Format("Normal dispatch completion wait initiated [JobId:{0}, WorkerCompleted:{1}]", jobDispatch.JobId, jobDispatch.WorkerDispatch.IsCompleted)); try { await jobDispatch.WorkerDispatch; Trace.Info($"Job request {jobDispatch.JobId} processed succeed."); } catch (Exception ex) { Trace.Error($"Worker Dispatch failed with an exception for job request {jobDispatch.JobId}."); Trace.Error(ex); } finally { WorkerDispatcher workerDispatcher; if (_jobInfos.TryRemove(jobDispatch.JobId, out workerDispatcher)) { Trace.Verbose($"Remove WorkerDispather from {nameof(_jobInfos)} dictionary for job {jobDispatch.JobId}."); workerDispatcher.Dispose(); Trace.Info(StringUtil.Format("Worker dispatcher cleanup completed [JobId:{0}, RemovedFromDictionary:True, Disposed:True, ActiveJobs:{1}]", jobDispatch.JobId, _jobInfos.Count)); } else { Trace.Warning(StringUtil.Format("Worker dispatcher cleanup failed [JobId:{0}, Reason:NotFoundInDictionary, ActiveJobs:{1}]", jobDispatch.JobId, _jobInfos.Count)); } } } private async Task RunOnceAsync(Pipelines.AgentJobRequestMessage message, WorkerDispatcher previousJobDispatch, WorkerDispatcher currentJobDispatch) { try { await RunAsync(message, previousJobDispatch, currentJobDispatch); } catch (AggregateException e) { ExceptionsUtil.HandleAggregateException((AggregateException)e, (message) => Trace.Error(message)); } finally { Trace.Info("Fire signal for one time used agent."); _runOnceJobCompleted.TrySetResult(true); } } private async Task RunAsync(Pipelines.AgentJobRequestMessage message, WorkerDispatcher previousJobDispatch, WorkerDispatcher newJobDispatch) { using (Trace.EnteringWithDuration()) { Trace.Info(StringUtil.Format("Starting job execution [JobId:{0}, PlanId:{1}, DisplayName:{2}]", message.JobId, message.Plan.PlanId, message.JobDisplayName)); if (previousJobDispatch != null) { Trace.Verbose(StringUtil.Format("Waiting for previous job completion before starting new job [PreviousJobId:{0}, NewJobId:{1}]", previousJobDispatch.JobId, message.JobId)); await EnsureDispatchFinished(previousJobDispatch); Trace.Info("Previous job cleanup completed - ready for new job execution"); } else { Trace.Info(StringUtil.Format("No previous job detected - this is the first job request. [JobId:{0}]", message.JobId)); } var jobRequestCancellationToken = newJobDispatch.WorkerCancellationTokenSource.Token; var workerCancelTimeoutKillToken = newJobDispatch.WorkerCancelTimeoutKillTokenSource.Token; var workerFlushLogsTimeoutToken = newJobDispatch.WorkerFlushLogsTimeoutTokenSource.Token; var term = HostContext.GetService(); term.WriteLine(StringUtil.Loc("RunningJob", DateTime.UtcNow, message.JobDisplayName)); // first job request renew succeed. TaskCompletionSource firstJobRequestRenewed = new TaskCompletionSource(); var notification = HostContext.GetService(); var agentCertManager = HostContext.GetService(); // lock renew cancellation token. using (var lockRenewalTokenSource = new CancellationTokenSource()) using (var workerProcessCancelTokenSource = new CancellationTokenSource()) { long requestId = message.RequestId; Guid lockToken = Guid.Empty; // lockToken has never been used, keep this here of compat // Because an agent can be idle for a long time between jobs, it is possible that in that time // a firewall has closed the connection. For that reason, forcibly reestablish this connection at the // start of a new job Trace.Info(StringUtil.Format("Refreshing server connection before job execution [ConnectionType:JobRequest, JobId:{0}]", message.JobId)); var agentServer = HostContext.GetService(); await agentServer.RefreshConnectionAsync(AgentConnectionType.JobRequest); // start renew job request Trace.Info($"Start renew job request {requestId} for job {message.JobId}."); Task renewJobRequest = RenewJobRequestAsync(_poolId, requestId, lockToken, firstJobRequestRenewed, lockRenewalTokenSource.Token); // wait till first renew succeed or job request is canceled // not even start worker if the first renew fail Trace.Info(StringUtil.Format("Waiting for first job request renewal to confirm [JobId:{0}, RequestId:{1}]", message.JobId, requestId)); await Task.WhenAny(firstJobRequestRenewed.Task, renewJobRequest, Task.Delay(-1, jobRequestCancellationToken)); if (renewJobRequest.IsCompleted) { // renew job request task complete means we run out of retry for the first job request renew. Trace.Info($"Unable to renew job request for job {message.JobId} for the first time, stop dispatching job to worker."); return; } if (jobRequestCancellationToken.IsCancellationRequested) { Trace.Info(StringUtil.Format("Job cancellation requested during setup - stopping job request renewal for job: {0}", message.JobId)); // stop renew lock lockRenewalTokenSource.Cancel(); // renew job request should never blows up. await renewJobRequest; // complete job request with result Cancelled await CompleteJobRequestAsync(_poolId, message, lockToken, TaskResult.Canceled); return; } HostContext.WritePerfCounter($"JobRequestRenewed_{requestId.ToString()}"); Task workerProcessTask = null; object _outputLock = new object(); List workerOutput = new List(); using (var processChannel = HostContext.CreateService()) using (var processInvoker = HostContext.CreateService()) { Trace.Info(StringUtil.Format("Initializing worker process communication channel for job: {0}", message.JobId)); var featureFlagProvider = HostContext.GetService(); var newMaskerAndRegexesFeatureFlagStatus = await featureFlagProvider.GetFeatureFlagAsync(HostContext, "DistributedTask.Agent.EnableNewMaskerAndRegexes", Trace); var enhancedLoggingFlag = await featureFlagProvider.GetFeatureFlagAsync(HostContext, "DistributedTask.Agent.UseEnhancedLogging", Trace); var environment = new Dictionary(); if (newMaskerAndRegexesFeatureFlagStatus?.EffectiveState == "On") { environment.Add("AZP_ENABLE_NEW_MASKER_AND_REGEXES", "true"); } // Ensure worker sees the enhanced logging knob if the listener enabled it if (enhancedLoggingFlag?.EffectiveState == "On") { environment["AZP_USE_ENHANCED_LOGGING"] = "true"; var traceManager = HostContext.GetService(); traceManager.SetEnhancedLoggingEnabled(true); } // Start the process channel. // It's OK if StartServer bubbles an execption after the worker process has already started. // The worker will shutdown after 30 seconds if it hasn't received the job message. Trace.Info(StringUtil.Format("Starting process channel server for worker communication [JobId:{0}]", message.JobId)); processChannel.StartServer( // Delegate to start the child process. startProcess: (string pipeHandleOut, string pipeHandleIn) => { // Validate args. ArgUtil.NotNullOrEmpty(pipeHandleOut, nameof(pipeHandleOut)); ArgUtil.NotNullOrEmpty(pipeHandleIn, nameof(pipeHandleIn)); Trace.Info(StringUtil.Format("Setting up worker process output capture [JobId:{0}]", message.JobId)); // Save STDOUT from worker, worker will use STDOUT report unhandle exception. processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stdout) { if (!string.IsNullOrEmpty(stdout.Data)) { lock (_outputLock) { workerOutput.Add(stdout.Data); } } }; // Save STDERR from worker, worker will use STDERR on crash. processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stderr) { if (!string.IsNullOrEmpty(stderr.Data)) { lock (_outputLock) { workerOutput.Add(stderr.Data); } } }; // Start the child process. HostContext.WritePerfCounter("StartingWorkerProcess"); var assemblyDirectory = HostContext.GetDirectory(WellKnownDirectory.Bin); string workerFileName = Path.Combine(assemblyDirectory, _workerProcessName); Trace.Info(StringUtil.Format("Creating worker process for job execution [Executable:{0}, Arguments:spawnclient, PipeOut:{1}, PipeIn:{2}, JobId:{3}]", workerFileName, pipeHandleOut, pipeHandleIn, message.JobId)); workerProcessTask = processInvoker.ExecuteAsync( workingDirectory: assemblyDirectory, fileName: workerFileName, arguments: "spawnclient " + pipeHandleOut + " " + pipeHandleIn, environment: environment, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: true, redirectStandardIn: null, inheritConsoleHandler: false, keepStandardInOpen: false, highPriorityProcess: true, continueAfterCancelProcessTreeKillAttempt: ProcessInvoker.ContinueAfterCancelProcessTreeKillAttemptDefault, cancellationToken: workerProcessCancelTokenSource.Token); Trace.Info("Worker process started successfully"); } ); // Send the job request message. // Kill the worker process if sending the job message times out. The worker // process may have successfully received the job message. try { var body = JsonUtility.ToString(message); var numBytes = System.Text.ASCIIEncoding.Unicode.GetByteCount(body) / 1024; string numBytesString = numBytes > 0 ? $"{numBytes} KB" : " < 1 KB"; Trace.Info(StringUtil.Format("Sending job request message to worker process - job: {0}, size: {1}", message.JobId, numBytesString)); HostContext.WritePerfCounter($"AgentSendingJobToWorker_{message.JobId}"); var stopWatch = Stopwatch.StartNew(); using (var csSendJobRequest = new CancellationTokenSource(_channelTimeout)) { await processChannel.SendAsync( messageType: MessageType.NewJobRequest, body: body, cancellationToken: csSendJobRequest.Token); } stopWatch.Stop(); Trace.Info($"Took {stopWatch.ElapsedMilliseconds} ms to send job message to worker"); } catch (OperationCanceledException) { // message send been cancelled. // timeout 30 sec. kill worker. Trace.Info($"Job request message sending for job {message.JobId} been cancelled after waiting for {_channelTimeout.TotalSeconds} seconds, kill running worker."); workerProcessCancelTokenSource.Cancel(); try { Trace.Info(StringUtil.Format("Waiting for worker process termination after job message send timeout [JobId:{0}, Timeout:{1}s, Reason:SendMessageCancelled]", message.JobId, _channelTimeout.TotalSeconds)); await workerProcessTask; } catch (OperationCanceledException) { Trace.Info("worker process has been killed."); } Trace.Info($"Stop renew job request for job {message.JobId}."); // stop renew lock lockRenewalTokenSource.Cancel(); // renew job request should never blows up. await renewJobRequest; // not finish the job request since the job haven't run on worker at all, we will not going to set a result to server. return; } // we get first jobrequest renew succeed and start the worker process with the job message. // send notification to machine provisioner. var systemConnection = message.Resources.Endpoints.SingleOrDefault(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); var accessToken = systemConnection?.Authorization?.Parameters["AccessToken"]; VariableValue identifier = null; VariableValue definitionId = null; if (message.Plan.PlanType == "Build") { message.Variables.TryGetValue("build.buildId", out identifier); message.Variables.TryGetValue("system.definitionId", out definitionId); } else if (message.Plan.PlanType == "Release") { message.Variables.TryGetValue("release.deploymentId", out identifier); message.Variables.TryGetValue("release.definitionId", out definitionId); } await notification.JobStarted(message.JobId, accessToken, systemConnection.Url, message.Plan.PlanId, (identifier?.Value ?? "0"), (definitionId?.Value ?? "0"), message.Plan.PlanType); HostContext.WritePerfCounter($"SentJobToWorker_{requestId.ToString()}"); try { TaskResult resultOnAbandonOrCancel = TaskResult.Succeeded; // wait for renewlock, worker process or cancellation token been fired. // keep listening iff we receive a metadata update bool keepListening = true; while (keepListening) { // Job execution monitoring loop - waiting for worker completion, renewal, cancellation, or metadata updates Trace.Verbose(StringUtil.Format("Job execution monitoring cycle started [JobId:{0}, WaitingFor:WorkerCompletion|RenewalUpdate|Cancellation|MetadataUpdate]", message.JobId)); var metadataUpdateTask = newJobDispatch.MetadataSource.Task; var completedTask = await Task.WhenAny(renewJobRequest, workerProcessTask, Task.Delay(-1, jobRequestCancellationToken), metadataUpdateTask); if (completedTask == workerProcessTask) { keepListening = false; Trace.Info(StringUtil.Format("Worker process completion detected [JobId:{0}, MonitoringMode:WorkerFinished, Action:ProcessResults]", message.JobId)); // worker finished successfully, complete job request with result, attach unhandled exception reported by worker, stop renew lock, job has finished. int returnCode = await workerProcessTask; Trace.Info($"Worker finished for job {message.JobId}. Code: " + returnCode); string detailInfo = null; if (!TaskResultUtil.IsValidReturnCode(returnCode)) { detailInfo = string.Join(Environment.NewLine, workerOutput); Trace.Info($"Return code {returnCode} indicate worker encounter an unhandled exception or app crash, attach worker stdout/stderr to JobRequest result."); await LogWorkerProcessUnhandledException(message, detailInfo, agentCertManager.SkipServerCertificateValidation); // Publish worker crash telemetry for Kusto analysis var telemetryPublisher = HostContext.GetService(); await telemetryPublisher.PublishWorkerCrashTelemetryAsync(HostContext, message.JobId, returnCode, "200"); } TaskResult result = TaskResultUtil.TranslateFromReturnCode(returnCode); Trace.Info($"Finish job request for job {message.JobId} with result: {result}"); term.WriteLine(StringUtil.Loc("JobCompleted", DateTime.UtcNow, message.JobDisplayName, result)); Trace.Info($"Stop renew job request for job {message.JobId}."); // stop renew lock lockRenewalTokenSource.Cancel(); // renew job request should never blows up. await renewJobRequest; Trace.Info($"Job request completion initiated - Completing job request for job: {message.JobId}"); if (ShouldUseEnhancedCrashHandling(message, returnCode)) { // Direct plan event reporting for Plan v8+ worker crashes await ReportJobCompletionEventAsync(message, result, agentCertManager.SkipServerCertificateValidation); Trace.Info("Plan event reporting executed successfully for worker crash"); } else { // Standard completion for Plan v7 or normal Plan v8+ scenarios, or when enhanced handling is disabled await CompleteJobRequestAsync(_poolId, message, lockToken, result, detailInfo); Trace.Info("Standard completion executed successfully"); } Trace.Info("Job request completion completed"); // print out unhandled exception happened in worker after we complete job request. // when we run out of disk space, report back to server has higher priority. if (!string.IsNullOrEmpty(detailInfo)) { Trace.Error("Unhandled exception happened in worker:"); Trace.Error(detailInfo); } return; } else if (completedTask == renewJobRequest) { keepListening = false; Trace.Warning(StringUtil.Format("Job renewal process completed [JobId:{0}, Result:Abandoned, Action:StopListening]", message.JobId)); resultOnAbandonOrCancel = TaskResult.Abandoned; } else if (completedTask == metadataUpdateTask) { Trace.Info($"Send job metadata update message to worker for job {message.JobId}."); using (var csSendCancel = new CancellationTokenSource(_channelTimeout)) { var body = JsonUtility.ToString(metadataUpdateTask.Result); Trace.Verbose(StringUtil.Format("Sending metadata update to worker [JobId:{0}, MessageType:JobMetadataUpdate, Body:{1}]", message.JobId, body)); await processChannel.SendAsync( messageType: MessageType.JobMetadataUpdate, body: body, cancellationToken: csSendCancel.Token); } newJobDispatch.ResetMetadataSource(); } else { keepListening = false; Trace.Info(StringUtil.Format("Job cancellation detected [JobId:{0}, MonitoringMode:Cancellation, CancellationRequested:{1}, Result:Canceled, Action:StopListening]", message.JobId, jobRequestCancellationToken.IsCancellationRequested)); resultOnAbandonOrCancel = TaskResult.Canceled; } } // renew job request completed or job request cancellation token been fired for RunAsync(jobrequestmessage) // cancel worker gracefully first, then kill it after worker cancel timeout try { Trace.Info($"Send job cancellation message to worker for job {message.JobId}."); using (var csSendCancel = new CancellationTokenSource(_channelTimeout)) { var messageType = MessageType.CancelRequest; if (HostContext.AgentShutdownToken.IsCancellationRequested) { var service = HostContext.GetService(); var ffState = await service.GetFeatureFlagAsync(HostContext, "DistributedTask.Agent.FailJobWhenAgentDies", Trace); if (ffState.EffectiveState == "On") { await PublishTelemetry(message, TaskResult.Failed.ToString(), "100"); resultOnAbandonOrCancel = TaskResult.Failed; } switch (HostContext.AgentShutdownReason) { case ShutdownReason.UserCancelled: messageType = MessageType.AgentShutdown; break; case ShutdownReason.OperatingSystemShutdown: messageType = MessageType.OperatingSystemShutdown; break; } } await processChannel.SendAsync( messageType: messageType, body: string.Empty, cancellationToken: csSendCancel.Token); } } catch (OperationCanceledException) { // message send been cancelled. Trace.Info($"Job cancel message sending for job {message.JobId} been cancelled, kill running worker."); workerProcessCancelTokenSource.Cancel(); try { await workerProcessTask; } catch (OperationCanceledException) { Trace.Info("worker process has been killed."); } } Trace.Info($"Waiting for worker to exit gracefully for job: {message.JobId}"); // Wait for worker to complete within the original timeout var gracefulExitTask = await Task.WhenAny(workerProcessTask, Task.Delay(-1, workerFlushLogsTimeoutToken)); if (gracefulExitTask != workerProcessTask) { // Original timeout expired, handle with timeout log flushing if enabled await HandleWorkerTimeoutAsync( message.JobId, processChannel, workerProcessTask, workerProcessCancelTokenSource, workerCancelTimeoutKillToken); } else { Trace.Info("Worker process exit completed - Worker exited gracefully within timeout"); } Trace.Info($"Finish job request for job {message.JobId} with result: {resultOnAbandonOrCancel}"); term.WriteLine(StringUtil.Loc("JobCompleted", DateTime.UtcNow, message.JobDisplayName, resultOnAbandonOrCancel)); // complete job request with cancel result, stop renew lock, job has finished. // stop renew lock lockRenewalTokenSource.Cancel(); // renew job request should never blows up. await renewJobRequest; Trace.Info($"Job request completion initiated - Completing cancelled job request for job: {message.JobId}"); // complete job request await CompleteJobRequestAsync(_poolId, message, lockToken, resultOnAbandonOrCancel); Trace.Info("Job request completion completed for cancelled job"); } catch (AggregateException e) { ExceptionsUtil.HandleAggregateException((AggregateException)e, (message) => Trace.Error(message)); } finally { Trace.Info($"Next job readiness - Sending job completion notification for job: {message.JobId}"); // This should be the last thing to run so we don't notify external parties until actually finished await notification.JobCompleted(message.JobId); Trace.Info($"Job dispatcher cleanup completed - Ready for next job after job: {message.JobId}"); } } } } } public async Task RenewJobRequestAsync(int poolId, long requestId, Guid lockToken, TaskCompletionSource firstJobRequestRenewed, CancellationToken token) { ArgUtil.NotNull(firstJobRequestRenewed, nameof(firstJobRequestRenewed)); Trace.Info(StringUtil.Format("Job request renewal process initiated [PoolId:{0}, RequestId:{1}, FirstRenewal:{2}]", poolId, requestId, !firstJobRequestRenewed.Task.IsCompleted)); var agentServer = HostContext.GetService(); TaskAgentJobRequest request = null; int firstRenewRetryLimit = 5; int encounteringError = 0; // renew lock during job running. // stop renew only if cancellation token for lock renew task been signal or exception still happen after retry. while (!token.IsCancellationRequested) { try { request = await agentServer.RenewAgentRequestAsync(poolId, requestId, lockToken, token); Trace.Info($"Successfully renew job request {requestId}, job is valid till {request.LockedUntil.Value}"); if (!firstJobRequestRenewed.Task.IsCompleted) { // fire first renew succeed event. firstJobRequestRenewed.TrySetResult(0); Trace.Info(StringUtil.Format("First job request renewal completed successfully [RequestId:{0}, InitialRenewal:True, Status:Confirmed]", requestId)); } if (encounteringError > 0) { encounteringError = 0; agentServer.ResetConnectionTimeout(AgentConnectionType.JobRequest); HostContext.WritePerfCounter("JobRenewRecovered"); Trace.Info(StringUtil.Format("Job renewal error recovery completed [RequestId:{0}, ErrorsCleared:True, Status:Recovered]", requestId)); } // renew again after 60 sec delay await HostContext.Delay(TimeSpan.FromSeconds(60), token); } catch (TaskAgentJobNotFoundException) { // no need for retry. the job is not valid anymore. Trace.Info($"TaskAgentJobNotFoundException received when renew job request {requestId}, job is no longer valid, stop renew job request."); return; } catch (TaskAgentJobTokenExpiredException) { // no need for retry. the job is not valid anymore. Trace.Info($"TaskAgentJobTokenExpiredException received renew job request {requestId}, job is no longer valid, stop renew job request."); return; } catch (OperationCanceledException) when (token.IsCancellationRequested) { // OperationCanceledException may caused by http timeout or _lockRenewalTokenSource.Cance(); // Stop renew only on cancellation token fired. Trace.Info($"job renew has been canceled, stop renew job request {requestId}."); return; } catch (Exception ex) { Trace.Error($"Catch exception during renew agent jobrequest {requestId}."); Trace.Error(ex); encounteringError++; // retry TimeSpan remainingTime = TimeSpan.Zero; if (!firstJobRequestRenewed.Task.IsCompleted) { // retry 5 times every 10 sec for the first renew if (firstRenewRetryLimit-- > 0) { remainingTime = TimeSpan.FromSeconds(10); } } else { // retry till reach lockeduntil + 5 mins extra buffer. remainingTime = request.LockedUntil.Value + TimeSpan.FromMinutes(5) - DateTime.UtcNow; } if (remainingTime > TimeSpan.Zero) { TimeSpan delayTime; if (!firstJobRequestRenewed.Task.IsCompleted) { Trace.Info($"Retrying lock renewal for jobrequest {requestId}. The first job renew request has failed."); delayTime = BackoffTimerHelper.GetRandomBackoff(TimeSpan.FromSeconds(1), TimeSpan.FromSeconds(10)); } else { Trace.Info($"Retrying lock renewal for jobrequest {requestId}. Job is valid until {request.LockedUntil.Value}."); if (encounteringError > 5) { delayTime = BackoffTimerHelper.GetRandomBackoff(TimeSpan.FromSeconds(15), TimeSpan.FromSeconds(30)); } else { delayTime = BackoffTimerHelper.GetRandomBackoff(TimeSpan.FromSeconds(5), TimeSpan.FromSeconds(15)); } } // Re-establish connection to server in order to avoid affinity with server. // Reduce connection timeout to 30 seconds for faster failure detection during retries HostContext.WritePerfCounter("ResetJobRenewConnection"); Trace.Info(StringUtil.Format("Job renewal connection refresh initiated [RequestId:{0}, Timeout:30s, Reason:RetryRecovery, ErrorCount:{1}]", requestId, encounteringError)); await agentServer.RefreshConnectionAsync(AgentConnectionType.JobRequest, TimeSpan.FromSeconds(30)); try { // back-off before next retry. await HostContext.Delay(delayTime, token); } catch (OperationCanceledException) when (token.IsCancellationRequested) { Trace.Info($"job renew has been canceled, stop renew job request {requestId}."); } } else { Trace.Info(StringUtil.Format("Job renewal retry exhausted [RequestId:{0}, ErrorCount:{1}, RemainingTime:0, Action:StopRenewal, Status:Failed]", requestId, encounteringError)); HostContext.WritePerfCounter("JobRenewReachLimit"); return; } } } } // TODO: We need send detailInfo back to DT in order to add an issue for the job private async Task CompleteJobRequestAsync(int poolId, Pipelines.AgentJobRequestMessage message, Guid lockToken, TaskResult result, string detailInfo = null) { Trace.Entering(); if (PlanUtil.GetFeatures(message.Plan).HasFlag(PlanFeatures.JobCompletedPlanEvent)) { Trace.Verbose($"Skip FinishAgentRequest call from Listener because Plan version is {message.Plan.Version}"); return; } var agentServer = HostContext.GetService(); int completeJobRequestRetryLimit = 5; List exceptions = new List(); Trace.Info(StringUtil.Format("Job completion retry configuration [JobId:{0}, RetryLimit:{1}, DelayBetweenRetries:5s]", message.JobId, completeJobRequestRetryLimit)); while (completeJobRequestRetryLimit-- > 0) { try { Trace.Info(StringUtil.Format("Finishing agent request [JobId:{0}, RequestId:{1}, Result:{2}, RemainingRetries:{3}]", message.JobId, message.RequestId, result, completeJobRequestRetryLimit)); await agentServer.FinishAgentRequestAsync(poolId, message.RequestId, lockToken, DateTime.UtcNow, result, CancellationToken.None); Trace.Info(StringUtil.Format("Job completion successful [JobId:{0}, RequestId:{1}, Result:{2}, Status:Completed]", message.JobId, message.RequestId, result)); return; } catch (TaskAgentJobNotFoundException) { Trace.Info($"TaskAgentJobNotFoundException received, job {message.JobId} is no longer valid."); return; } catch (TaskAgentJobTokenExpiredException) { Trace.Info($"TaskAgentJobTokenExpiredException received, job {message.JobId} is no longer valid."); return; } catch (Exception ex) { Trace.Error($"Caught exception during complete agent jobrequest {message.RequestId}."); Trace.Error(ex); exceptions.Add(ex); } // delay 5 seconds before next retry. Trace.Info(StringUtil.Format("Job completion retry delay initiated [JobId:{0}, DelayDuration:5s, RemainingRetries:{1}]", message.JobId, completeJobRequestRetryLimit)); await Task.Delay(TimeSpan.FromSeconds(5)); } // rethrow all catched exceptions during retry. Trace.Error(StringUtil.Format("Job completion failed - all retries exhausted [JobId:{0}, RequestId:{1}, TotalExceptions:{2}, FinalAction:ThrowAggregateException]", message.JobId, message.RequestId, exceptions.Count)); throw new AggregateException(exceptions); } // Determines if enhanced crash handling should be used for Plan v8+ worker crashes private bool ShouldUseEnhancedCrashHandling(Pipelines.AgentJobRequestMessage message, int returnCode) { if (!AgentKnobs.EnhancedWorkerCrashHandling.GetValue(UtilKnobValueContext.Instance()).AsBoolean()) return false; bool isPlanV8Plus = PlanUtil.GetFeatures(message.Plan).HasFlag(PlanFeatures.JobCompletedPlanEvent); bool isWorkerCrash = !TaskResultUtil.IsValidReturnCode(returnCode); return isPlanV8Plus && isWorkerCrash; } // Creates a job server connection with proper URL normalization for OnPremises servers private async Task CreateJobServerConnectionAsync(Pipelines.AgentJobRequestMessage message, bool skipServerCertificateValidation = false) { Trace.Info("Creating job server connection"); var systemConnection = message.Resources.Endpoints.SingleOrDefault(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection)); ArgUtil.NotNull(systemConnection, nameof(systemConnection)); var jobServer = HostContext.GetService(); VssCredentials jobServerCredential = VssUtil.GetVssCredential(systemConnection); Uri jobServerUrl = systemConnection.Url; Trace.Verbose($"Initial connection details [JobId:{message.JobId}, OriginalUrl:{jobServerUrl}]"); // Make sure SystemConnection Url match Config Url base for OnPremises server if (!message.Variables.ContainsKey(Constants.Variables.System.ServerType) || string.Equals(message.Variables[Constants.Variables.System.ServerType]?.Value, "OnPremises", StringComparison.OrdinalIgnoreCase)) { try { Uri urlResult = null; Uri configUri = new Uri(_agentSetting.ServerUrl); if (Uri.TryCreate(new Uri(configUri.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped)), jobServerUrl.PathAndQuery, out urlResult)) { //replace the schema and host portion of messageUri with the host from the //server URI (which was set at config time) Trace.Info($"URL replacement for OnPremises server - Original: {jobServerUrl}, New: {urlResult}"); jobServerUrl = urlResult; } } catch (InvalidOperationException ex) { Trace.Error(ex); } catch (UriFormatException ex) { Trace.Error(ex); } } var jobConnection = VssUtil.CreateConnection(jobServerUrl, jobServerCredential, trace: Trace, skipServerCertificateValidation); await jobServer.ConnectAsync(jobConnection); Trace.Info($"Job server connection established successfully"); return jobConnection; } // Reports job completion to server via plan event (similar to how worker reports) // Used for Plan v8+ scenarios where listener needs to notify server of job completion private async Task ReportJobCompletionEventAsync(Pipelines.AgentJobRequestMessage message, TaskResult result, bool skipServerCertificateValidation = false) { Trace.Info($"Plan event reporting initiated - Sending job completion event to server"); try { using (var jobConnection = await CreateJobServerConnectionAsync(message, skipServerCertificateValidation)) { var jobServer = HostContext.GetService(); // Create job completed event (similar to worker) var jobCompletedEvent = new JobCompletedEvent(message.RequestId, message.JobId, result); // Send plan event with retry logic (similar to worker pattern) int retryLimit = 5; var exceptions = new List(); while (retryLimit-- > 0) { try { await jobServer.RaisePlanEventAsync(message.Plan.ScopeIdentifier, message.Plan.PlanType, message.Plan.PlanId, jobCompletedEvent, CancellationToken.None); Trace.Info($"Plan event reporting completed successfully [JobId:{message.JobId}, Result:{result}]"); return; } catch (TaskOrchestrationPlanNotFoundException ex) { Trace.Error($"TaskOrchestrationPlanNotFoundException during plan event reporting for job {message.JobId}"); Trace.Error(ex); return; // No point retrying } catch (TaskOrchestrationPlanSecurityException ex) { Trace.Error($"TaskOrchestrationPlanSecurityException during plan event reporting for job {message.JobId}"); Trace.Error(ex); return; // No point retrying } catch (Exception ex) { Trace.Error(ex); exceptions.Add(ex); } // delay 5 seconds before next retry Trace.Info($"Plan event reporting retry delay - Waiting 5 seconds before retry {5 - retryLimit}/5"); await Task.Delay(TimeSpan.FromSeconds(5)); } // If we get here, all retries failed Trace.Warning($"Plan event reporting failed after all retries [JobId:{message.JobId}, TotalExceptions:{exceptions.Count}]"); foreach (var ex in exceptions) { Trace.Error(ex); } } } catch (Exception ex) { Trace.Error("Critical error during plan event reporting setup"); Trace.Error(ex); } } // log an error issue to job level timeline record [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "jobServer")] private async Task LogWorkerProcessUnhandledException(Pipelines.AgentJobRequestMessage message, string errorMessage, bool skipServerCertificateValidation = false) { try { using (var jobConnection = await CreateJobServerConnectionAsync(message, skipServerCertificateValidation)) { var jobServer = HostContext.GetService(); var timeline = await jobServer.GetTimelineAsync(message.Plan.ScopeIdentifier, message.Plan.PlanType, message.Plan.PlanId, message.Timeline.Id, CancellationToken.None); ArgUtil.NotNull(timeline, nameof(timeline)); TimelineRecord jobRecord = timeline.Records.FirstOrDefault(x => x.Id == message.JobId && x.RecordType == "Job"); ArgUtil.NotNull(jobRecord, nameof(jobRecord)); jobRecord.ErrorCount++; jobRecord.Issues.Add(new Issue() { Type = IssueType.Error, Message = errorMessage }); await jobServer.UpdateTimelineRecordsAsync(message.Plan.ScopeIdentifier, message.Plan.PlanType, message.Plan.PlanId, message.Timeline.Id, new TimelineRecord[] { jobRecord }, CancellationToken.None); } } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, message.Resources.Endpoints.SingleOrDefault(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection)).Url.ToString(), (message) => Trace.Error(message)); } catch (Exception ex) { Trace.Error("Fail to report unhandled exception from Agent.Worker process"); Trace.Error(ex); } } private async Task PublishTelemetry(Pipelines.AgentJobRequestMessage message, string Task_Result, string TracePoint) { try { var telemetryData = new Dictionary { { "JobId", message.JobId.ToString()}, { "JobResult", Task_Result }, { "TracePoint", TracePoint}, }; var cmd = new Command("telemetry", "publish") { Data = JsonConvert.SerializeObject(telemetryData) }; cmd.Properties.Add("area", "PipelinesTasks"); cmd.Properties.Add("feature", "AgentShutdown"); var telemetryPublisher = HostContext.GetService(); await telemetryPublisher.PublishEvent(HostContext, cmd); } catch (Exception ex) { Trace.Warning($"Unable to publish agent shutdown telemetry data. Exception: {ex}"); } } private class WorkerDispatcher : IDisposable { public long RequestId { get; } public Guid JobId { get; } public Task WorkerDispatch { get; set; } public TaskCompletionSource MetadataSource { get; set; } public CancellationTokenSource WorkerCancellationTokenSource { get; private set; } public CancellationTokenSource WorkerCancelTimeoutKillTokenSource { get; private set; } public CancellationTokenSource WorkerFlushLogsTimeoutTokenSource { get; private set; } private readonly object _lock = new object(); const int maxValueInMinutes = 35790; // 35790 * 60 * 1000 = 2147400000 // The "CancelAfter" method converts minutes to milliseconds // It throws an exception if the value is greater than 2147483647 (Int32.MaxValue) public WorkerDispatcher(Guid jobId, long requestId) { JobId = jobId; RequestId = requestId; WorkerCancellationTokenSource = new CancellationTokenSource(); WorkerCancelTimeoutKillTokenSource = new CancellationTokenSource(); WorkerFlushLogsTimeoutTokenSource = new CancellationTokenSource(); MetadataSource = new TaskCompletionSource(); } public bool Cancel(TimeSpan timeout) { if (WorkerCancellationTokenSource != null && WorkerCancelTimeoutKillTokenSource != null && WorkerFlushLogsTimeoutTokenSource != null) { lock (_lock) { if (WorkerCancellationTokenSource != null && WorkerCancelTimeoutKillTokenSource != null && WorkerFlushLogsTimeoutTokenSource != null) { WorkerCancellationTokenSource.Cancel(); // make sure we have at least 60 seconds for cancellation. if (timeout.TotalSeconds < 60) { timeout = TimeSpan.FromSeconds(60); } // make sure we have less than 2147400000 milliseconds if (timeout.TotalMinutes > maxValueInMinutes) { timeout = TimeSpan.FromMinutes(maxValueInMinutes); } // Use the original timeout for worker execution (no flush signal beforehand) WorkerFlushLogsTimeoutTokenSource.CancelAfter(timeout.Subtract(TimeSpan.FromSeconds(15))); // Set kill timeout to original timeout + 1 minute for log flushing TimeSpan killTimeout = timeout.Add(TimeSpan.FromMinutes(1)); WorkerCancelTimeoutKillTokenSource.CancelAfter(killTimeout); return true; } } } return false; } public void UpdateMetadata(JobMetadataMessage message) { lock (_lock) { MetadataSource.TrySetResult(message); } } public void ResetMetadataSource() { MetadataSource = new TaskCompletionSource(); } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } private void Dispose(bool disposing) { if (disposing) { if (WorkerCancellationTokenSource != null || WorkerCancelTimeoutKillTokenSource != null || WorkerFlushLogsTimeoutTokenSource != null) { lock (_lock) { if (WorkerCancellationTokenSource != null) { WorkerCancellationTokenSource.Dispose(); WorkerCancellationTokenSource = null; } if (WorkerCancelTimeoutKillTokenSource != null) { WorkerCancelTimeoutKillTokenSource.Dispose(); WorkerCancelTimeoutKillTokenSource = null; } if (WorkerFlushLogsTimeoutTokenSource != null) { WorkerFlushLogsTimeoutTokenSource.Dispose(); WorkerFlushLogsTimeoutTokenSource = null; } } } } } } private async Task HandleWorkerTimeoutAsync( Guid jobId, IProcessChannel processChannel, Task workerProcessTask, CancellationTokenSource workerProcessCancelTokenSource, CancellationToken workerCancelTimeoutKillToken) { Trace.Info($"Worker process for job {jobId} hasn't completed within original timeout, sending flush logs request and waiting 1 minute before forceful kill."); try { // Send special flush logs request to worker using (var csSendFlush = new CancellationTokenSource(_channelTimeout)) { await processChannel.SendAsync( messageType: MessageType.FlushLogsRequest, body: string.Empty, cancellationToken: csSendFlush.Token); } Trace.Info("Flush logs request sent to worker, waiting 1 minute for log flushing before forceful kill."); } catch (Exception ex) { Trace.Warning($"Failed to send flush logs request to worker: {ex.Message}"); Trace.Warning(ex.ToString()); } // Now wait for the additional 1 minute log flushing period try { await Task.WhenAny(workerProcessTask, Task.Delay(-1, workerCancelTimeoutKillToken)); if (!workerProcessTask.IsCompleted) { // Worker still hasn't exited after 1 minute log flushing period, force kill Trace.Info($"Worker process for job {jobId} hasn't exited after 1 minute log flushing period, proceeding to forceful kill."); workerProcessCancelTokenSource.Cancel(); await workerProcessTask; Trace.Info("Worker process forceful termination completed"); } else { Trace.Info("Worker process exited gracefully after flush logs signal"); } } catch (OperationCanceledException) { Trace.Info("worker process has been killed."); } } } } ================================================ FILE: src/Agent.Listener/MessageListener.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Capabilities; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using System; using System.Collections.Generic; using System.Net.Http; using System.Net.Sockets; using System.Threading; using System.Threading.Tasks; using System.Security.Cryptography; using System.IO; using System.Text; using Microsoft.VisualStudio.Services.OAuth; using System.Diagnostics; using System.Runtime.InteropServices; using Agent.Sdk.Knob; using Agent.Sdk.Util; using Agent.Listener.Configuration; namespace Microsoft.VisualStudio.Services.Agent.Listener { [ServiceLocator(Default = typeof(MessageListener))] public interface IMessageListener : IAgentService { Task CreateSessionAsync(CancellationToken token); Task DeleteSessionAsync(); Task GetNextMessageAsync(CancellationToken token); Task KeepAlive(CancellationToken token); Task DeleteMessageAsync(TaskAgentMessage message); } public sealed class MessageListener : AgentService, IMessageListener { private long? _lastMessageId; private AgentSettings _settings; private ITerminal _term; private IAgentServer _agentServer; private TaskAgentSession _session; private static UtilKnobValueContext _knobContext = UtilKnobValueContext.Instance(); private TimeSpan _getNextMessageRetryInterval; private TimeSpan _keepAliveRetryInterval; private bool? _enableProgressiveBackoff = null; private TimeSpan _sessionCreationRetryInterval = TimeSpan.FromSeconds(30); private readonly TimeSpan _sessionConflictRetryLimit = TimeSpan.FromMinutes(4); private readonly TimeSpan _clockSkewRetryLimit = TimeSpan.FromMinutes(30); private readonly Dictionary _sessionCreationExceptionTracker = new Dictionary(); private TimeSpan _sessionConflictElapsedTime = TimeSpan.Zero; private TimeSpan _clockSkewElapsedTime = TimeSpan.Zero; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _term = HostContext.GetService(); _agentServer = HostContext.GetService(); } /// /// Calculates the retry interval based on the progressive backoff setting and error count. /// /// The number of consecutive errors. /// The default interval when progressive backoff is disabled. /// The current interval (used for random backoff calculation). /// If true, uses random backoff when progressive backoff is disabled. /// The calculated retry interval. private TimeSpan GetRetryInterval( int continuousError, TimeSpan defaultInterval, TimeSpan currentInterval = default, bool useRandomBackoff = false) { if (_enableProgressiveBackoff == true) { double delaySeconds = Math.Min(Math.Pow(2, continuousError) * 1.5, 300); return TimeSpan.FromSeconds(delaySeconds); } if (useRandomBackoff) { // Random backoff for GetNextMessage: [15,30]s for first 5 errors, then [30,60]s var minBackoff = continuousError <= 5 ? TimeSpan.FromSeconds(15) : TimeSpan.FromSeconds(30); var maxBackoff = continuousError <= 5 ? TimeSpan.FromSeconds(30) : TimeSpan.FromSeconds(60); return BackoffTimerHelper.GetRandomBackoff(minBackoff, maxBackoff, currentInterval); } // Default: fixed interval return defaultInterval; } public async Task CreateSessionAsync(CancellationToken token) { Trace.Entering(); // Fetch progressive backoff knob value _enableProgressiveBackoff = AgentKnobs.EnableProgressiveRetryBackoff.GetValue(_knobContext).AsBoolean(); Trace.Info($"Progressive backoff knob value: {_enableProgressiveBackoff}"); // Settings var configManager = HostContext.GetService(); _settings = configManager.LoadSettings(); var serverUrl = _settings.ServerUrl; Trace.Info(_settings); // Capabilities. _term.WriteLine(StringUtil.Loc("ScanToolCapabilities")); Dictionary systemCapabilities = await HostContext.GetService().GetCapabilitiesAsync(_settings, token); // Create connection. Trace.Info("Loading Credentials"); var credMgr = HostContext.GetService(); VssCredentials creds = credMgr.LoadCredentials(); var agent = new TaskAgentReference { Id = _settings.AgentId, Name = _settings.AgentName, Version = BuildConstants.AgentPackage.Version, OSDescription = RuntimeInformation.OSDescription, }; string sessionName = $"{Environment.MachineName ?? "AGENT"}"; var taskAgentSession = new TaskAgentSession(sessionName, agent, systemCapabilities); string errorMessage = string.Empty; bool encounteringError = false; int continuousError = 0; _term.WriteLine(StringUtil.Loc("ConnectToServer")); while (true) { token.ThrowIfCancellationRequested(); Trace.Info($"Attempt to create session."); try { Trace.Info("Connecting to the Agent Server..."); await _agentServer.ConnectAsync(new Uri(serverUrl), creds); Trace.Info("VssConnection created"); _session = await _agentServer.CreateAgentSessionAsync( _settings.PoolId, taskAgentSession, token); Trace.Info($"Session created."); if (_enableProgressiveBackoff == true) { // Reset BOTH on successful session creation _sessionConflictElapsedTime = TimeSpan.Zero; _clockSkewElapsedTime = TimeSpan.Zero; } if (encounteringError) { _term.WriteLine(StringUtil.Loc("QueueConnected", DateTime.UtcNow)); _sessionCreationExceptionTracker.Clear(); encounteringError = false; continuousError = 0; } return true; } catch (OperationCanceledException) when (token.IsCancellationRequested) { Trace.Info("Session creation has been cancelled."); throw; } catch (TaskAgentAccessTokenExpiredException) { Trace.Info("Agent OAuth token has been revoked. Session creation failed."); throw; } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, serverUrl, (msg) => Trace.Error(msg)); throw; } catch (Exception ex) { Trace.Error("Catch exception during create session."); Trace.Error(ex); if (!IsSessionCreationExceptionRetriable(ex)) { _term.WriteError(StringUtil.Loc("SessionCreateFailed", ex.Message)); return false; } continuousError++; _sessionCreationRetryInterval = GetRetryInterval( continuousError, defaultInterval: TimeSpan.FromSeconds(30)); if (!encounteringError) //print the message only on the first error { _term.WriteError(StringUtil.Loc("QueueConError", DateTime.UtcNow, ex.Message, _sessionCreationRetryInterval.TotalSeconds)); encounteringError = true; } Trace.Info($"Unable to create session in CreateSessionAsync (attempt {continuousError})"); Trace.Info(StringUtil.Format("Sleeping for {0} seconds before retrying.", _sessionCreationRetryInterval.TotalSeconds)); await HostContext.Delay(_sessionCreationRetryInterval, token); } } } public async Task DeleteSessionAsync() { if (_session != null && _session.SessionId != Guid.Empty) { using (var ts = new CancellationTokenSource(TimeSpan.FromSeconds(30))) { await _agentServer.DeleteAgentSessionAsync(_settings.PoolId, _session.SessionId, ts.Token); } } } public async Task GetNextMessageAsync(CancellationToken token) { Trace.Entering(); ArgUtil.NotNull(_session, nameof(_session)); ArgUtil.NotNull(_settings, nameof(_settings)); bool encounteringError = false; int continuousError = 0; string errorMessage = string.Empty; Stopwatch heartbeat = new Stopwatch(); heartbeat.Restart(); // Fetch progressive backoff knob value _enableProgressiveBackoff = AgentKnobs.EnableProgressiveRetryBackoff.GetValue(_knobContext).AsBoolean(); Trace.Info($"Progressive backoff knob value: {_enableProgressiveBackoff}"); while (true) { token.ThrowIfCancellationRequested(); TaskAgentMessage message = null; try { message = await _agentServer.GetAgentMessageAsync(_settings.PoolId, _session.SessionId, _lastMessageId, token); // Decrypt the message body if the session is using encryption message = DecryptMessage(message); if (message != null) { _lastMessageId = message.MessageId; } if (encounteringError) //print the message once only if there was an error { _term.WriteLine(StringUtil.Loc("QueueConnected", DateTime.UtcNow)); encounteringError = false; continuousError = 0; } } catch (OperationCanceledException) when (token.IsCancellationRequested) { Trace.Info("Get next message has been cancelled."); throw; } catch (TaskAgentAccessTokenExpiredException) { Trace.Info("Agent OAuth token has been revoked. Unable to pull message."); throw; } catch (Exception ex) { Trace.Error("Catch exception during get next message."); Trace.Error(ex); // don't retry if SkipSessionRecover = true, DT service will delete agent session to stop agent from taking more jobs. if (ex is TaskAgentSessionExpiredException && !_settings.SkipSessionRecover && await CreateSessionAsync(token)) { Trace.Info($"{nameof(TaskAgentSessionExpiredException)} received, recovered by recreate session."); } else if (!IsGetNextMessageExceptionRetriable(ex)) { throw; } else { continuousError++; _getNextMessageRetryInterval = GetRetryInterval( continuousError, defaultInterval: TimeSpan.FromSeconds(30), currentInterval: _getNextMessageRetryInterval, useRandomBackoff: true); if (!encounteringError) { //print error only on the first consecutive error _term.WriteError(StringUtil.Loc("QueueConError", DateTime.UtcNow, ex.Message)); encounteringError = true; } // re-create VssConnection before next retry await _agentServer.RefreshConnectionAsync(AgentConnectionType.MessageQueue); Trace.Info($"Unable to get next message in GetNextMessageAsync (attempt {continuousError})"); Trace.Info(StringUtil.Format("Sleeping for {0} seconds before retrying.", _getNextMessageRetryInterval.TotalSeconds)); await HostContext.Delay(_getNextMessageRetryInterval, token); } } if (message == null) { if (heartbeat.Elapsed > TimeSpan.FromMinutes(30)) { Trace.Info($"No message retrieved from session '{_session.SessionId}' within last 30 minutes."); heartbeat.Restart(); } else { Trace.Verbose($"No message retrieved from session '{_session.SessionId}'."); } _getNextMessageRetryInterval = BackoffTimerHelper.GetRandomBackoff(TimeSpan.FromSeconds(5), TimeSpan.FromSeconds(15), _getNextMessageRetryInterval); Trace.Info(StringUtil.Format("Sleeping for {0} seconds before retrying.", _getNextMessageRetryInterval.TotalSeconds)); await HostContext.Delay(_getNextMessageRetryInterval, token); continue; } Trace.Info($"Message '{message.MessageId}' received from session '{_session.SessionId}'."); return message; } } public async Task DeleteMessageAsync(TaskAgentMessage message) { Trace.Entering(); ArgUtil.NotNull(_session, nameof(_session)); if (message != null && _session.SessionId != Guid.Empty) { using (var cs = new CancellationTokenSource(TimeSpan.FromSeconds(30))) { await _agentServer.DeleteAgentMessageAsync(_settings.PoolId, message.MessageId, _session.SessionId, cs.Token); } } } public async Task KeepAlive(CancellationToken token) { int continuousError = 0; _keepAliveRetryInterval = TimeSpan.FromSeconds(30); // Fetch progressive backoff knob value _enableProgressiveBackoff = AgentKnobs.EnableProgressiveRetryBackoff.GetValue(_knobContext).AsBoolean(); Trace.Info($"Progressive backoff knob value: {_enableProgressiveBackoff}"); while (!token.IsCancellationRequested) { try { await _agentServer.GetAgentMessageAsync(_settings.PoolId, _session.SessionId, null, token); Trace.Info($"Sent GetAgentMessage to keep alive agent {_settings.AgentId}, session '{_session.SessionId}'."); // Reset on success continuousError = 0; _keepAliveRetryInterval = TimeSpan.FromSeconds(30); } catch (Exception ex) { continuousError++; _keepAliveRetryInterval = GetRetryInterval( continuousError, defaultInterval: TimeSpan.FromSeconds(30)); Trace.Info($"Unable to sent GetAgentMessage to keep alive (attempt {continuousError}): {ex.Message}"); Trace.Info($"KeepAlive will retry in {_keepAliveRetryInterval.TotalSeconds} seconds."); } await HostContext.Delay(_keepAliveRetryInterval, token); } } private TaskAgentMessage DecryptMessage(TaskAgentMessage message) { if (_session.EncryptionKey == null || _session.EncryptionKey.Value.Length == 0 || message == null || message.IV == null || message.IV.Length == 0) { return message; } using (var aes = Aes.Create()) using (var decryptor = GetMessageDecryptor(aes, message)) using (var body = new MemoryStream(Convert.FromBase64String(message.Body))) using (var cryptoStream = new CryptoStream(body, decryptor, CryptoStreamMode.Read)) using (var bodyReader = new StreamReader(cryptoStream, Encoding.UTF8)) { message.Body = bodyReader.ReadToEnd(); } return message; } private ICryptoTransform GetMessageDecryptor( Aes aes, TaskAgentMessage message) { if (_session.EncryptionKey.Encrypted) { // The agent session encryption key uses the AES symmetric algorithm var keyManager = HostContext.GetService(); using (var rsa = keyManager.GetKey()) { return aes.CreateDecryptor(rsa.Decrypt(_session.EncryptionKey.Value, RSAEncryptionPadding.OaepSHA1), message.IV); } } else { return aes.CreateDecryptor(_session.EncryptionKey.Value, message.IV); } } private bool IsGetNextMessageExceptionRetriable(Exception ex) { if (ex is TaskAgentNotFoundException || ex is TaskAgentPoolNotFoundException || ex is TaskAgentSessionExpiredException || ex is AccessDeniedException || ex is VssUnauthorizedException) { Trace.Info($"Non-retriable exception: {ex.Message}"); return false; } else { Trace.Info($"Retriable exception: {ex.Message}"); return true; } } private bool IsSessionCreationExceptionRetriable(Exception ex) { if (ex is TaskAgentNotFoundException) { Trace.Info("The agent no longer exists on the server. Stopping the agent."); _term.WriteError(StringUtil.Loc("MissingAgent")); return false; } else if (ex is TaskAgentSessionConflictException) { Trace.Info("The session for this agent already exists."); _term.WriteError(StringUtil.Loc("SessionExist")); // when the EnableProgressiveRetryBackoff FF is enabled if(_enableProgressiveBackoff == true){ //update session conflict time _sessionConflictElapsedTime += _sessionCreationRetryInterval; //check the total elapsed time is within the retry limit if (_sessionConflictElapsedTime >= _sessionConflictRetryLimit) { Trace.Info($"The session conflict exception have reached retry limit. Elapsed: {_sessionConflictElapsedTime.TotalSeconds}s, Limit: {_sessionConflictRetryLimit.TotalSeconds}s"); _term.WriteError(StringUtil.Loc("SessionExistStopRetry", _sessionConflictRetryLimit.TotalSeconds)); return false; } } // when the EnableProgressiveRetryBackoff FF is disabled else{ if (_sessionCreationExceptionTracker.ContainsKey(nameof(TaskAgentSessionConflictException))) { _sessionCreationExceptionTracker[nameof(TaskAgentSessionConflictException)]++; if (_sessionCreationExceptionTracker[nameof(TaskAgentSessionConflictException)] * _sessionCreationRetryInterval.TotalSeconds >= _sessionConflictRetryLimit.TotalSeconds) { Trace.Info("The session conflict exception have reached retry limit."); _term.WriteError(StringUtil.Loc("SessionExistStopRetry", _sessionConflictRetryLimit.TotalSeconds)); return false; } } else { _sessionCreationExceptionTracker[nameof(TaskAgentSessionConflictException)] = 1; } } Trace.Info("The session conflict exception haven't reached retry limit."); return true; } else if (ex is VssOAuthTokenRequestException && ex.Message.Contains("Current server time is")) { Trace.Info("Local clock might skewed."); _term.WriteError(StringUtil.Loc("LocalClockSkewed")); // when the EnableProgressiveRetryBackoff FF is enabled if(_enableProgressiveBackoff == true) { // Only update clock skew time _clockSkewElapsedTime += _sessionCreationRetryInterval; // check the total elapsed time is within the retry limit if (_clockSkewElapsedTime >= _clockSkewRetryLimit) { Trace.Info($"The OAuth token request exception have reached retry limit. Elapsed: {_clockSkewElapsedTime.TotalSeconds}s, Limit: {_clockSkewRetryLimit.TotalSeconds}s"); _term.WriteError(StringUtil.Loc("ClockSkewStopRetry", _clockSkewRetryLimit.TotalSeconds)); return false; } } // when the EnableProgressiveRetryBackoff FF is disabled else { if (_sessionCreationExceptionTracker.ContainsKey(nameof(VssOAuthTokenRequestException))) { _sessionCreationExceptionTracker[nameof(VssOAuthTokenRequestException)]++; if (_sessionCreationExceptionTracker[nameof(VssOAuthTokenRequestException)] * _sessionCreationRetryInterval.TotalSeconds >= _clockSkewRetryLimit.TotalSeconds) { Trace.Info("The OAuth token request exception have reached retry limit."); _term.WriteError(StringUtil.Loc("ClockSkewStopRetry", _clockSkewRetryLimit.TotalSeconds)); return false; } } else { _sessionCreationExceptionTracker[nameof(VssOAuthTokenRequestException)] = 1; } } Trace.Info("The OAuth token request exception haven't reached retry limit."); return true; } else if (ex is TaskAgentPoolNotFoundException || ex is AccessDeniedException || ex is VssUnauthorizedException) { Trace.Info($"Non-retriable exception: {ex.Message}"); return false; } else { Trace.Info($"Retriable exception: {ex.Message}"); return true; } } } } ================================================ FILE: src/Agent.Listener/NuGet.Config ================================================  ================================================ FILE: src/Agent.Listener/Program.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using CommandLine; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Diagnostics; using System.Globalization; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Listener { public static class Program { private static Tracing trace; public static int Main(string[] args) { if (PlatformUtil.UseLegacyHttpHandler) { AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false); } using (HostContext context = new HostContext(HostType.Agent)) { return MainAsync(context, args).GetAwaiter().GetResult(); } } // Return code definition: (this will be used by service host to determine whether it will re-launch agent.listener) // 0: Agent exit // 1: Terminate failure // 2: Retriable failure // 3: Exit for self update private static async Task MainAsync(IHostContext context, string[] args) { trace = context.GetTrace("AgentProcess"); trace.Entering(); trace.Info($"Agent package {BuildConstants.AgentPackage.PackageName}."); trace.Info($"Running on {PlatformUtil.HostOS} ({PlatformUtil.HostArchitecture})."); trace.Info($"RuntimeInformation: {RuntimeInformation.OSDescription}."); context.WritePerfCounter("AgentProcessStarted"); var terminal = context.GetService(); // TODO: check that the right supporting tools are available for this platform // (replaces the check for build platform vs runtime platform) try { trace.Info($"Version: {BuildConstants.AgentPackage.Version}"); trace.Info($"Commit: {BuildConstants.Source.CommitHash}"); trace.Info($"Culture: {CultureInfo.CurrentCulture.Name}"); trace.Info($"UI Culture: {CultureInfo.CurrentUICulture.Name}"); // Validate directory permissions. string agentDirectory = context.GetDirectory(WellKnownDirectory.Root); trace.Info($"Validating directory permissions for: '{agentDirectory}'"); try { IOUtil.ValidateExecutePermission(agentDirectory); } catch (Exception e) { terminal.WriteError(StringUtil.Loc("ErrorOccurred", e.Message)); trace.Error(StringUtil.Format($"Directory permission validation failed - insufficient permissions - {0}", e.Message)); trace.Error(e); return Constants.Agent.ReturnCode.TerminatedError; } if (PlatformUtil.UseLegacyHttpHandler) { trace.Warning($"You are using the legacy HTTP handler because you set ${AgentKnobs.LegacyHttpVariableName}."); trace.Warning($"This feature will go away with .NET 6.0, and we recommend you stop using it."); trace.Warning($"It won't be available soon."); } if (PlatformUtil.RunningOnWindows) { trace.Verbose("Configuring Windows-specific settings and validating prerequisites"); // Validate PowerShell 3.0 or higher is installed. var powerShellExeUtil = context.GetService(); try { powerShellExeUtil.GetPath(); trace.Info("PowerShell validation successful - compatible version found"); } catch (Exception e) { terminal.WriteError(StringUtil.Loc("ErrorOccurred", e.Message)); trace.Error(StringUtil.Format("PowerShell validation failed - required version not found or accessible - {0}", e.Message)); return Constants.Agent.ReturnCode.TerminatedError; } // Validate .NET Framework 4.5 or higher is installed. if (!NetFrameworkUtil.Test(new Version(4, 5), trace)) { terminal.WriteError(StringUtil.Loc("MinimumNetFramework")); trace.Error(".NET Framework version below recommended minimum - functionality may be limited"); // warn only, like configurationmanager.cs does. this enables windows edition with just .netcore to work } // Upgrade process priority to avoid Listener starvation using (Process p = Process.GetCurrentProcess()) { try { p.PriorityClass = ProcessPriorityClass.AboveNormal; } catch (Exception e) { trace.Warning("Unable to change Windows process priority"); trace.Warning(e.Message); } } } // Add environment variables from .env file string envFile = Path.Combine(context.GetDirectory(WellKnownDirectory.Root), ".env"); if (File.Exists(envFile)) { var envContents = File.ReadAllLines(envFile); foreach (var env in envContents) { if (!string.IsNullOrEmpty(env) && env.IndexOf('=') > 0) { string envKey = env.Substring(0, env.IndexOf('=')); string envValue = env.Substring(env.IndexOf('=') + 1); Environment.SetEnvironmentVariable(envKey, envValue); } } trace.Info($"Successfully loaded {envContents.Length} environment variables from .env file"); } // Parse the command line args. var command = new CommandSettings(context, args, new SystemEnvironment()); trace.Info("Command line arguments parsed successfully - ready for command execution"); // Print any Parse Errros if (command.ParseErrors?.Any() == true) { List errorStr = new List(); foreach (var error in command.ParseErrors) { if (error is TokenError tokenError) { errorStr.Add(tokenError.Token); } else { // Unknown type of error dump to log terminal.WriteError(StringUtil.Loc("ErrorOccurred", error.Tag)); } } terminal.WriteError( StringUtil.Loc("UnrecognizedCmdArgs", string.Join(", ", errorStr))); } // Defer to the Agent class to execute the command. IAgent agent = context.GetService(); try { trace.Verbose("Delegating command execution to Agent service"); return await agent.ExecuteCommand(command); } catch (OperationCanceledException) when (context.AgentShutdownToken.IsCancellationRequested) { trace.Info("Agent execution cancelled - graceful shutdown requested"); return Constants.Agent.ReturnCode.Success; } catch (NonRetryableException e) { terminal.WriteError(StringUtil.Loc("ErrorOccurred", e.Message)); trace.Error("Non-retryable exception occurred during agent execution"); trace.Error(e); return Constants.Agent.ReturnCode.TerminatedError; } } catch (Exception e) { terminal.WriteError(StringUtil.Loc("ErrorOccurred", e.Message)); trace.Error("Unhandled exception during agent startup - initialization failed"); trace.Error(e); return Constants.Agent.ReturnCode.RetryableError; } } } } ================================================ FILE: src/Agent.Listener/SelfUpdater.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using Agent.Sdk.Util; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Newtonsoft.Json; using System; using System.Diagnostics; using System.IO; using System.IO.Compression; using System.Linq; using System.Net.Http; using System.Net.Sockets; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Listener { [ServiceLocator(Default = typeof(SelfUpdater))] public interface ISelfUpdater : IAgentService { Task SelfUpdate(AgentRefreshMessage updateMessage, IJobDispatcher jobDispatcher, bool restartInteractiveAgent, CancellationToken token); } public class SelfUpdater : AgentService, ISelfUpdater { private static string _packageType = BuildConstants.AgentPackage.PackageType; private static string _platform = BuildConstants.AgentPackage.PackageName; private static UpdaterKnobValueContext _knobContext = new UpdaterKnobValueContext(); private PackageMetadata _targetPackage; private ITerminal _terminal; private IAgentServer _agentServer; private int _poolId; private int _agentId; private string _serverUrl; private VssCredentials _creds; private ILocationServer _locationServer; private bool _hashValidationDisabled; public override void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); _terminal = hostContext.GetService(); _agentServer = HostContext.GetService(); var configStore = HostContext.GetService(); var settings = configStore.GetSettings(); _poolId = settings.PoolId; _agentId = settings.AgentId; _serverUrl = settings.ServerUrl; var credManager = HostContext.GetService(); _creds = credManager.LoadCredentials(); _locationServer = HostContext.GetService(); _hashValidationDisabled = AgentKnobs.DisableHashValidation.GetValue(_knobContext).AsBoolean(); } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "invokeScript")] public async Task SelfUpdate(AgentRefreshMessage updateMessage, IJobDispatcher jobDispatcher, bool restartInteractiveAgent, CancellationToken token) { ArgUtil.NotNull(updateMessage, nameof(updateMessage)); ArgUtil.NotNull(jobDispatcher, nameof(jobDispatcher)); if (!await UpdateNeeded(updateMessage.TargetVersion, token)) { Trace.Info($"Can't find available update package."); return false; } Trace.Info($"An update is available."); // Print console line that warn user not shutdown agent. await UpdateAgentUpdateStateAsync(StringUtil.Loc("UpdateInProgress")); await UpdateAgentUpdateStateAsync(StringUtil.Loc("DownloadAgent", _targetPackage.Version)); await DownloadLatestAgent(token); Trace.Info($"Download latest agent and unzip into agent root."); // wait till all running job finish await UpdateAgentUpdateStateAsync(StringUtil.Loc("EnsureJobFinished")); await jobDispatcher.WaitAsync(token); Trace.Info($"All running jobs have exited."); // delete agent backup DeletePreviousVersionAgentBackup(token); Trace.Info($"Delete old version agent backup."); // generate update script from template await UpdateAgentUpdateStateAsync(StringUtil.Loc("GenerateAndRunUpdateScript")); string updateScript = GenerateUpdateScript(restartInteractiveAgent); Trace.Info($"Generate update script into: {updateScript}"); // kick off update script Process invokeScript = new Process(); if (PlatformUtil.RunningOnWindows) { invokeScript.StartInfo.FileName = WhichUtil.Which("cmd.exe", trace: Trace); invokeScript.StartInfo.ArgumentList.Add("/c"); invokeScript.StartInfo.ArgumentList.Add(updateScript); } else { invokeScript.StartInfo.FileName = WhichUtil.Which("bash", trace: Trace); invokeScript.StartInfo.ArgumentList.Add(updateScript); } invokeScript.Start(); Trace.Info($"Update script start running"); await UpdateAgentUpdateStateAsync(StringUtil.Loc("AgentExit")); return true; } private async Task UpdateNeeded(string targetVersion, CancellationToken token) { // when talk to old version tfs server, always prefer latest package. // old server won't send target version as part of update message. if (string.IsNullOrEmpty(targetVersion)) { var packages = await _agentServer.GetPackagesAsync(_packageType, _platform, 1, token); if (packages == null || packages.Count == 0) { Trace.Info($"There is no package for {_packageType} and {_platform}."); return false; } _targetPackage = packages.FirstOrDefault(); } else { _targetPackage = await _agentServer.GetPackageAsync(_packageType, _platform, targetVersion, token); if (_targetPackage == null) { Trace.Info($"There is no package for {_packageType} and {_platform} with version {targetVersion}."); return false; } } Trace.Info($"Version '{_targetPackage.Version}' of '{_targetPackage.Type}' package available in server."); PackageVersion serverVersion = new PackageVersion(_targetPackage.Version); Trace.Info($"Current running agent version is {BuildConstants.AgentPackage.Version}"); PackageVersion agentVersion = new PackageVersion(BuildConstants.AgentPackage.Version); if (serverVersion.Major == 2 && agentVersion.Major == 3) { Trace.Info("We don't downgrade agent from 3.* to 2.*, skipping update"); return false; } if (serverVersion.CompareTo(agentVersion) > 0) { return true; } if (AgentKnobs.DisableAgentDowngrade.GetValue(_knobContext).AsBoolean()) { Trace.Info("Agent downgrade disabled, skipping update"); return false; } // Always return true for newer agent versions unless they're exactly equal to enable auto rollback (this feature was introduced after 2.165.0) if (serverVersion.CompareTo(agentVersion) != 0) { _terminal.WriteLine(StringUtil.Loc("AgentDowngrade")); return true; } return false; } private bool HashValidation(string archiveFile) { if (_hashValidationDisabled) { Trace.Info($"Agent package hash validation disabled, so skipping it"); return true; } // DownloadUrl for offline agent update is started from Url of ADO On-Premises // DownloadUrl for online agent update is started from Url of feed with agent packages bool isOfflineUpdate = _targetPackage.DownloadUrl.StartsWith(_serverUrl); if (isOfflineUpdate) { Trace.Info($"Skipping checksum validation for offline agent update"); return true; } if (string.IsNullOrEmpty(_targetPackage.HashValue)) { Trace.Warning($"Unable to perform the necessary checksum validation since the target package hash is missed"); return false; } string expectedHash = _targetPackage.HashValue; string actualHash = IOUtil.GetFileHash(archiveFile); bool hashesMatch = StringUtil.AreHashesEqual(actualHash, expectedHash); if (hashesMatch) { Trace.Info($"Checksum validation succeeded"); return true; } // A hash mismatch can occur in two cases: // 1) The archive is compromised // 2) The archive was not fully downloaded or was damaged during downloading // There is no way to determine the case so we just return false in both cases (without throwing an exception) Trace.Warning($"Checksum validation failed\n Expected hash: '{expectedHash}'\n Actual hash: '{actualHash}'"); return false; } /// /// _work /// \_update /// \bin /// \externals /// \run.sh /// \run.cmd /// \package.zip //temp download .zip/.tar.gz /// /// /// private async Task DownloadLatestAgent(CancellationToken token) { string latestAgentDirectory = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Path.UpdateDirectory); IOUtil.DeleteDirectory(latestAgentDirectory, token); Directory.CreateDirectory(latestAgentDirectory); int agentSuffix = 1; string archiveFile = null; bool downloadSucceeded = false; bool validationSucceeded = false; try { // Download the agent, using multiple attempts in order to be resilient against any networking/CDN issues for (int attempt = 1; attempt <= Constants.AgentDownloadRetryMaxAttempts && !validationSucceeded; attempt++) { // Generate an available package name, and do our best effort to clean up stale local zip files while (true) { if (_targetPackage.Platform.StartsWith("win")) { archiveFile = Path.Combine(latestAgentDirectory, $"agent{agentSuffix}.zip"); } else { archiveFile = Path.Combine(latestAgentDirectory, $"agent{agentSuffix}.tar.gz"); } // The package name is generated, check if there is already a file with the same name and path if (!string.IsNullOrEmpty(archiveFile) && File.Exists(archiveFile)) { Trace.Verbose(StringUtil.Format("Deleting latest agent package zip '{0}'", archiveFile)); try { // Such a file already exists, so try deleting it IOUtil.DeleteFile(archiveFile); // The file was successfully deleted, so we can use the generated package name break; } catch (Exception ex) { // Couldn't delete the file for whatever reason, so generate another package name Trace.Warning(StringUtil.Format("Failed to delete agent package zip '{0}'. Exception: {1}", archiveFile, ex)); agentSuffix++; } } else { // There is no a file with the same name and path, so we can use the generated package name break; } } // Allow a 15-minute package download timeout, which is good enough to update the agent from a 1 Mbit/s ADSL connection. var timeoutSeconds = AgentKnobs.AgentDownloadTimeout.GetValue(_knobContext).AsInt(); Trace.Info($"Attempt {attempt}: save latest agent into {archiveFile}."); using (var downloadTimeout = new CancellationTokenSource(TimeSpan.FromSeconds(timeoutSeconds))) using (var downloadCts = CancellationTokenSource.CreateLinkedTokenSource(downloadTimeout.Token, token)) { try { Trace.Info($"Download agent: begin download"); //open zip stream in async mode using (var handler = HostContext.CreateHttpClientHandler()) using (var httpClient = new HttpClient(handler)) using (var fs = new FileStream(archiveFile, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize: 4096, useAsync: true)) using (var result = await httpClient.GetStreamAsync(_targetPackage.DownloadUrl)) { //81920 is the default used by System.IO.Stream.CopyTo and is under the large object heap threshold (85k). await result.CopyToAsync(fs, 81920, downloadCts.Token); await fs.FlushAsync(downloadCts.Token); } Trace.Info($"Download agent: finished download"); downloadSucceeded = true; validationSucceeded = HashValidation(archiveFile); } catch (OperationCanceledException) when (token.IsCancellationRequested) { Trace.Info($"Agent download has been canceled."); throw; } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, _targetPackage.DownloadUrl, (message) => Trace.Warning(message)); } catch (Exception ex) { if (downloadCts.Token.IsCancellationRequested) { Trace.Warning($"Agent download has timed out after {timeoutSeconds} seconds"); } Trace.Warning($"Failed to get package '{archiveFile}' from '{_targetPackage.DownloadUrl}'. Exception {ex}"); } } } if (!downloadSucceeded) { throw new TaskCanceledException($"Agent package '{archiveFile}' failed after {Constants.AgentDownloadRetryMaxAttempts} download attempts."); } if (!validationSucceeded) { throw new TaskCanceledException(@"Agent package checksum validation failed. There are possible reasons why this happened: 1) The agent package was compromised. 2) The agent package was not fully downloaded or was corrupted during the download process. You can skip checksum validation for the agent package by setting the environment variable DISABLE_HASH_VALIDATION=true"); } // If we got this far, we know that we've successfully downloadeded the agent package if (archiveFile.EndsWith(".zip", StringComparison.OrdinalIgnoreCase)) { ZipFile.ExtractToDirectory(archiveFile, latestAgentDirectory); } else if (archiveFile.EndsWith(".tar.gz", StringComparison.OrdinalIgnoreCase)) { string tar = WhichUtil.Which("tar", trace: Trace); if (string.IsNullOrEmpty(tar)) { throw new NotSupportedException($"tar -xzf"); } // tar -xzf using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += new EventHandler((sender, args) => { if (!string.IsNullOrEmpty(args.Data)) { Trace.Info(args.Data); } }); processInvoker.ErrorDataReceived += new EventHandler((sender, args) => { if (!string.IsNullOrEmpty(args.Data)) { Trace.Error(args.Data); } }); int exitCode = await processInvoker.ExecuteAsync(latestAgentDirectory, tar, $"-xzf \"{archiveFile}\"", null, token); if (exitCode != 0) { throw new NotSupportedException($"Can't use 'tar -xzf' extract archive file: {archiveFile}. return code: {exitCode}."); } } } else { throw new NotSupportedException($"{archiveFile}"); } Trace.Info($"Finished getting latest agent package at: {latestAgentDirectory}."); } finally { try { // delete .zip file if (!string.IsNullOrEmpty(archiveFile) && File.Exists(archiveFile)) { Trace.Verbose(StringUtil.Format("Deleting latest agent package zip: {0}", archiveFile)); IOUtil.DeleteFile(archiveFile); } } catch (Exception ex) { //it is not critical if we fail to delete the .zip file Trace.Warning(StringUtil.Format("Failed to delete agent package zip '{0}'. Exception: {1}", archiveFile, ex)); } } if (!String.IsNullOrEmpty(AgentKnobs.DisableAuthenticodeValidation.GetValue(HostContext).AsString())) { Trace.Warning("Authenticode validation skipped for downloaded agent package since it is disabled currently by agent settings."); } else { if (PlatformUtil.RunningOnWindows) { var isValid = this.VerifyAgentAuthenticode(latestAgentDirectory); if (!isValid) { throw new Exception("Authenticode validation of agent assemblies failed."); } else { Trace.Info("Authenticode validation of agent assemblies passed successfully."); } } else { Trace.Info("Authenticode validation skipped since it's not supported on non-Windows platforms at the moment."); } } // copy latest agent into agent root folder // copy bin from _work/_update -> bin.version under root string binVersionDir = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), $"{Constants.Path.BinDirectory}.{_targetPackage.Version}"); Directory.CreateDirectory(binVersionDir); Trace.Info($"Copy {Path.Combine(latestAgentDirectory, Constants.Path.BinDirectory)} to {binVersionDir}."); IOUtil.CopyDirectory(Path.Combine(latestAgentDirectory, Constants.Path.BinDirectory), binVersionDir, token); // copy externals from _work/_update -> externals.version under root string externalsVersionDir = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), $"{Constants.Path.ExternalsDirectory}.{_targetPackage.Version}"); Directory.CreateDirectory(externalsVersionDir); Trace.Info($"Copy {Path.Combine(latestAgentDirectory, Constants.Path.ExternalsDirectory)} to {externalsVersionDir}."); IOUtil.CopyDirectory(Path.Combine(latestAgentDirectory, Constants.Path.ExternalsDirectory), externalsVersionDir, token); // copy and replace all .sh/.cmd files Trace.Info($"Copy any remaining .sh/.cmd files into agent root."); foreach (FileInfo file in new DirectoryInfo(latestAgentDirectory).GetFiles() ?? new FileInfo[0]) { // Copy and replace the file. file.CopyTo(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), file.Name), true); } // for windows service back compat with old windows agent, we need make sure the servicehost.exe is still the old name // if the current bin folder has VsoAgentService.exe, then the new agent bin folder needs VsoAgentService.exe as well if (PlatformUtil.RunningOnWindows) { if (File.Exists(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), "VsoAgentService.exe"))) { Trace.Info($"Make a copy of AgentService.exe, name it VsoAgentService.exe"); File.Copy(Path.Combine(binVersionDir, "AgentService.exe"), Path.Combine(binVersionDir, "VsoAgentService.exe"), true); File.Copy(Path.Combine(binVersionDir, "AgentService.exe.config"), Path.Combine(binVersionDir, "VsoAgentService.exe.config"), true); Trace.Info($"Make a copy of Agent.Listener.exe, name it VsoAgent.exe"); File.Copy(Path.Combine(binVersionDir, "Agent.Listener.exe"), Path.Combine(binVersionDir, "VsoAgent.exe"), true); File.Copy(Path.Combine(binVersionDir, "Agent.Listener.dll"), Path.Combine(binVersionDir, "VsoAgent.dll"), true); // in case of we remove all pdb file from agent package. if (File.Exists(Path.Combine(binVersionDir, "AgentService.pdb"))) { File.Copy(Path.Combine(binVersionDir, "AgentService.pdb"), Path.Combine(binVersionDir, "VsoAgentService.pdb"), true); } if (File.Exists(Path.Combine(binVersionDir, "Agent.Listener.pdb"))) { File.Copy(Path.Combine(binVersionDir, "Agent.Listener.pdb"), Path.Combine(binVersionDir, "VsoAgent.pdb"), true); } } } } private void DeletePreviousVersionAgentBackup(CancellationToken token) { // delete previous backup agent (back compat, can be remove after serval sprints) // bin.bak.2.99.0 // externals.bak.2.99.0 foreach (string existBackUp in Directory.GetDirectories(HostContext.GetDirectory(WellKnownDirectory.Root), "*.bak.*")) { Trace.Info($"Delete existing agent backup at {existBackUp}."); try { IOUtil.DeleteDirectory(existBackUp, token); } catch (Exception ex) when (!(ex is OperationCanceledException)) { Trace.Error(ex); Trace.Info($"Catch exception during delete backup folder {existBackUp}, ignore this error try delete the backup folder on next auto-update."); } } // delete old bin.2.99.0 folder, only leave the current version and the latest download version var allBinDirs = Directory.GetDirectories(HostContext.GetDirectory(WellKnownDirectory.Root), "bin.*"); if (allBinDirs.Length > 2) { // there are more than 2 bin.version folder. // delete older bin.version folders. foreach (var oldBinDir in allBinDirs) { if (string.Equals(oldBinDir, Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), $"bin"), StringComparison.OrdinalIgnoreCase) || string.Equals(oldBinDir, Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), $"bin.{BuildConstants.AgentPackage.Version}"), StringComparison.OrdinalIgnoreCase) || string.Equals(oldBinDir, Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), $"bin.{_targetPackage.Version}"), StringComparison.OrdinalIgnoreCase)) { // skip for current agent version continue; } Trace.Info($"Delete agent bin folder's backup at {oldBinDir}."); try { IOUtil.DeleteDirectory(oldBinDir, token); } catch (Exception ex) when (!(ex is OperationCanceledException)) { Trace.Error(ex); Trace.Info($"Catch exception during delete backup folder {oldBinDir}, ignore this error try delete the backup folder on next auto-update."); } } } // delete old externals.2.99.0 folder, only leave the current version and the latest download version var allExternalsDirs = Directory.GetDirectories(HostContext.GetDirectory(WellKnownDirectory.Root), "externals.*"); if (allExternalsDirs.Length > 2) { // there are more than 2 externals.version folder. // delete older externals.version folders. foreach (var oldExternalDir in allExternalsDirs) { if (string.Equals(oldExternalDir, Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), $"externals"), StringComparison.OrdinalIgnoreCase) || string.Equals(oldExternalDir, Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), $"externals.{BuildConstants.AgentPackage.Version}"), StringComparison.OrdinalIgnoreCase) || string.Equals(oldExternalDir, Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), $"externals.{_targetPackage.Version}"), StringComparison.OrdinalIgnoreCase)) { // skip for current agent version continue; } Trace.Info($"Delete agent externals folder's backup at {oldExternalDir}."); try { IOUtil.DeleteDirectory(oldExternalDir, token); } catch (Exception ex) when (!(ex is OperationCanceledException)) { Trace.Error(ex); Trace.Info($"Catch exception during delete backup folder {oldExternalDir}, ignore this error try delete the backup folder on next auto-update."); } } } } private string GenerateUpdateScript(bool restartInteractiveAgent) { int processId = Process.GetCurrentProcess().Id; string updateLog = Path.Combine(HostContext.GetDiagDirectory(), $"SelfUpdate-{DateTime.UtcNow.ToString("yyyyMMdd-HHmmss")}.log"); string agentRoot = HostContext.GetDirectory(WellKnownDirectory.Root); string templateName = "update.sh.template"; if (PlatformUtil.RunningOnWindows) { templateName = "update.cmd.template"; } string templatePath = Path.Combine(agentRoot, $"bin.{_targetPackage.Version}", templateName); string template = File.ReadAllText(templatePath); template = template.Replace("_PROCESS_ID_", processId.ToString()); template = template.Replace("_AGENT_PROCESS_NAME_", $"Agent.Listener{IOUtil.ExeExtension}"); template = template.Replace("_ROOT_FOLDER_", agentRoot); template = template.Replace("_EXIST_AGENT_VERSION_", BuildConstants.AgentPackage.Version); template = template.Replace("_DOWNLOAD_AGENT_VERSION_", _targetPackage.Version); template = template.Replace("_UPDATE_LOG_", updateLog); template = template.Replace("_RESTART_INTERACTIVE_AGENT_", restartInteractiveAgent ? "1" : "0"); string scriptName = "_update.sh"; if (PlatformUtil.RunningOnWindows) { scriptName = "_update.cmd"; } string updateScript = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), scriptName); if (File.Exists(updateScript)) { IOUtil.DeleteFile(updateScript); } File.WriteAllText(updateScript, template); return updateScript; } private async Task UpdateAgentUpdateStateAsync(string currentState) { _terminal.WriteLine(currentState); try { await _agentServer.UpdateAgentUpdateStateAsync(_poolId, _agentId, currentState); } catch (VssResourceNotFoundException) { // ignore VssResourceNotFoundException, this exception means the agent is configured against a old server that doesn't support report agent update detail. Trace.Info($"Catch VssResourceNotFoundException during report update state, ignore this error for backcompat."); } catch (Exception ex) { Trace.Error(ex); Trace.Info($"Catch exception during report update state, ignore this error and continue auto-update."); } } /// /// Verifies authenticode sign of agent assemblies /// /// /// private bool VerifyAgentAuthenticode(string agentFolderPath) { if (!Directory.Exists(agentFolderPath)) { Trace.Error($"Agent folder {agentFolderPath} not found."); return false; } var agentDllFiles = Directory.GetFiles(agentFolderPath, "*.dll", SearchOption.AllDirectories); var agentExeFiles = Directory.GetFiles(agentFolderPath, "*.exe", SearchOption.AllDirectories); var agentAssemblies = agentDllFiles.Concat(agentExeFiles); Trace.Verbose(String.Format("Found {0} agent assemblies. Performing authenticode validation...", agentAssemblies.Count())); foreach (var assemblyFile in agentAssemblies) { FileInfo info = new FileInfo(assemblyFile); try { InstallerVerifier.VerifyFileSignedByMicrosoft(info.FullName, this.Trace); } catch (Exception e) { Trace.Error(e); return false; } } return true; } } public class UpdaterKnobValueContext : IKnobValueContext { public string GetVariableValueOrDefault(string variableName) { return null; } public IScopedEnvironment GetScopedEnvironment() { return new SystemEnvironment(); } } } ================================================ FILE: src/Agent.Listener/Telemetry/CustomerIntelligenceServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.CustomerIntelligence.WebApi; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.WebPlatform; namespace Microsoft.VisualStudio.Services.Agent.Listener.Telemetry { [ServiceLocator(Default = typeof(CustomerIntelligenceServer))] public interface ICustomerIntelligenceServer : IAgentService { void Initialize(VssConnection connection); Task PublishEventsAsync(CustomerIntelligenceEvent[] ciEvents); } // This service is used for tracking task events which are applicable for VSTS internal tasks public class CustomerIntelligenceServer : AgentService, ICustomerIntelligenceServer { private CustomerIntelligenceHttpClient _ciClient; public void Initialize(VssConnection connection) { ArgUtil.NotNull(connection, nameof(connection)); _ciClient = connection.GetClient(); } public Task PublishEventsAsync(CustomerIntelligenceEvent[] ciEvents) { return _ciClient.PublishEventsAsync(events: ciEvents); } } } ================================================ FILE: src/Agent.Listener/Telemetry/TelemetryPublisher.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebPlatform; using Newtonsoft.Json; namespace Microsoft.VisualStudio.Services.Agent.Listener.Telemetry { [ServiceLocator(Default = typeof(TelemetryPublisher))] public interface IAgenetListenerTelemetryPublisher : IAgentService { public Task PublishEvent(IHostContext context, Command command); } public sealed class TelemetryPublisher : AgentService, IAgenetListenerTelemetryPublisher { private ICustomerIntelligenceServer _ciService; public string Name => "publish"; public List Aliases => null; public async Task PublishEvent(IHostContext context, Command command) { try { _ciService = context.GetService(); ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); Dictionary eventProperties = command.Properties; if (!eventProperties.TryGetValue(WellKnownEventTrackProperties.Area, out string area) || string.IsNullOrEmpty(area)) { throw new ArgumentException(StringUtil.Loc("ArgumentNeeded", "Area")); } if (!eventProperties.TryGetValue(WellKnownEventTrackProperties.Feature, out string feature) || string.IsNullOrEmpty(feature)) { throw new ArgumentException(StringUtil.Loc("ArgumentNeeded", "Feature")); } string data = command.Data; if (string.IsNullOrEmpty(data)) { throw new ArgumentException(StringUtil.Loc("ArgumentNeeded", "EventTrackerData")); } CustomerIntelligenceEvent ciEvent; try { var ciProperties = JsonConvert.DeserializeObject>(data); ciEvent = new CustomerIntelligenceEvent() { Area = area, Feature = feature, Properties = ciProperties }; } catch (Exception ex) { throw new ArgumentException(StringUtil.Loc("TelemetryCommandDataError", data, ex.Message)); } var credMgr = context.GetService(); VssCredentials creds = credMgr.LoadCredentials(); ArgUtil.NotNull(creds, nameof(creds)); var configManager = context.GetService(); AgentSettings settings = configManager.LoadSettings(); var agentCertManager = context.GetService(); using var vsConnection = VssUtil.CreateConnection(new Uri(settings.ServerUrl), creds, Trace, agentCertManager.SkipServerCertificateValidation); _ciService.Initialize(vsConnection); /// This endpoint is not accepting data on some old Azure DevOps OnPremise versions try { await PublishEventsAsync(context, ciEvent); } catch (VssUnauthorizedException) { Trace.Warning("Unable to publish telemetry data"); } } // We never want to break pipelines in case of telemetry failure. catch (Exception ex) { Trace.Warning(StringUtil.Format("Telemetry command failed: {0}", ex.ToString())); } } private async Task PublishEventsAsync(IHostContext context, CustomerIntelligenceEvent ciEvent) { try { await _ciService.PublishEventsAsync(new CustomerIntelligenceEvent[] { ciEvent }); } catch (VssUnauthorizedException) { Trace.Warning("Unable to publish telemetry data"); } } } internal static class WellKnownEventTrackProperties { internal static readonly string Area = "area"; internal static readonly string Feature = "feature"; } } ================================================ FILE: src/Agent.Listener/Telemetry/WorkerCrashTelemetryPublisher.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Newtonsoft.Json; namespace Microsoft.VisualStudio.Services.Agent.Listener.Telemetry { [ServiceLocator(Default = typeof(WorkerCrashTelemetryPublisher))] public interface IWorkerCrashTelemetryPublisher : IAgentService { Task PublishWorkerCrashTelemetryAsync(IHostContext hostContext, Guid jobId, int exitCode, string tracePoint); } public sealed class WorkerCrashTelemetryPublisher : AgentService, IWorkerCrashTelemetryPublisher { public async Task PublishWorkerCrashTelemetryAsync(IHostContext hostContext, Guid jobId, int exitCode, string tracePoint) { try { var telemetryPublisher = hostContext.GetService(); var telemetryData = new Dictionary { ["JobId"] = jobId.ToString(), ["ExitCode"] = exitCode.ToString(), ["TracePoint"] = tracePoint }; var command = new Command("telemetry", "publish") { Data = JsonConvert.SerializeObject(telemetryData) }; command.Properties.Add("area", "AzurePipelinesAgent"); command.Properties.Add("feature", "WorkerCrash"); await telemetryPublisher.PublishEvent(hostContext, command); Trace.Info($"Published worker crash telemetry for job {jobId} with exit code {exitCode}"); } catch (Exception ex) { Trace.Warning($"Failed to publish worker crash telemetry: {ex}"); } } } } ================================================ FILE: src/Agent.Listener/ValidationHelper/InstallerVerifier.cs ================================================ using System; using System.ComponentModel; using System.Globalization; using System.Runtime.InteropServices; using System.Security.Cryptography.X509Certificates; namespace Microsoft.VisualStudio.Services.Agent.Listener { /// /// Utility class that encapsulates security checks for the downloaded installer /// public static class InstallerVerifier { /// /// Extended key usage identifier /// public const string EXTENDED_KEY_USAGE = "2.5.29.37"; /// /// The enhanced key usage OID that should be present in the certificate used to /// authenticode sign cabinet files and mpb. /// public const string CODE_SIGNING_ENHANCED_KEY_USAGE = "1.3.6.1.5.5.7.3.3"; /// /// Utility method to verify that mp was signed by Microsoft /// /// Path to the file to check the signature on. public static void VerifyFileSignedByMicrosoft(string filePath, Tracing trace, string expectedEKU = CODE_SIGNING_ENHANCED_KEY_USAGE) { // proceed with authenticode checks WinTrustData winTrustData = VerifyFileAuthenticodeSignatureHelper(filePath, trace); try { IntPtr pProviderData = UnsafeNativeMethods.WTHelperProvDataFromStateData(winTrustData.StateData); if (pProviderData == IntPtr.Zero) { throw new Win32Exception(string.Format(CultureInfo.CurrentCulture, "File {0} WTHelperProvDataFromStateData returned null.", filePath)); } IntPtr pSigner = UnsafeNativeMethods.WTHelperGetProvSignerFromChain(pProviderData, 0, false, 0); if (pSigner == IntPtr.Zero) { throw new Win32Exception(string.Format(CultureInfo.CurrentCulture, "File {0} WTHelperGetProvSignerFromChain returned null.", filePath)); } CRYPT_PROVIDER_SGNR provSigner = (CRYPT_PROVIDER_SGNR)Marshal.PtrToStructure(pSigner, typeof(CRYPT_PROVIDER_SGNR)); CERT_CHAIN_POLICY_PARA policyPara = new CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CERT_CHAIN_POLICY_PARA))); CERT_CHAIN_POLICY_STATUS policyStatus = new CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CERT_CHAIN_POLICY_STATUS))); if (!UnsafeNativeMethods.CertVerifyCertificateChainPolicy( new IntPtr(UnsafeNativeMethods.CERT_CHAIN_POLICY_MICROSOFT_ROOT), provSigner.pChainContext, ref policyPara, ref policyStatus)) { throw new Win32Exception(string.Format(CultureInfo.CurrentCulture, "File {0} CertVerifyCertificateChainPolicy wasn't able to check for the policy", filePath)); } //If using SHA-2 validation the root certificate is different from the older SHA-1 certificate if (policyStatus.dwError != 0) { policyPara.dwFlags = UnsafeNativeMethods.MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG; if (!UnsafeNativeMethods.CertVerifyCertificateChainPolicy( new IntPtr(UnsafeNativeMethods.CERT_CHAIN_POLICY_MICROSOFT_ROOT), provSigner.pChainContext, ref policyPara, ref policyStatus)) { throw new Win32Exception(string.Format(CultureInfo.CurrentCulture, "File {0} CertVerifyCertificateChainPolicy wasn't able to check for the policy", filePath)); } if (policyStatus.dwError != 0) { #if DEBUG { policyPara.dwFlags = UnsafeNativeMethods.MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG; if (!UnsafeNativeMethods.CertVerifyCertificateChainPolicy( new IntPtr(UnsafeNativeMethods.CERT_CHAIN_POLICY_MICROSOFT_ROOT), provSigner.pChainContext, ref policyPara, ref policyStatus)) { throw new Win32Exception(string.Format(CultureInfo.CurrentCulture, "File {0} CertVerifyCertificateChainPolicy wasn't able to check for the policy", filePath)); } if (policyStatus.dwError != 0) { trace.Error("policyStatus: " + policyStatus.ToString()); trace.Error("policyStatus.pvExtraPolicyStatus: " + policyStatus.pvExtraPolicyStatus); trace.Error(String.Format("Error occurred while calling WinVerifyTrust: {0}", string.Format(CultureInfo.CurrentCulture, "File {0} does not have a valid MS or ms-test signature.", filePath))); // throw new VerificationException(string.Format(CultureInfo.CurrentCulture, "File {0} does not have a valid MS or ms-test signature.", filePath)); } } #else throw new VerificationException(string.Format(CultureInfo.CurrentCulture, "File {0} does not have a valid MS signature.", filePath)); #endif } } trace.Info(String.Format("File {0} has a valid MS or ms-test signature.", filePath)); // Get the certificate used to sign the file IntPtr pProviderCertificate = UnsafeNativeMethods.WTHelperGetProvCertFromChain(pSigner, 0); if (pProviderCertificate == IntPtr.Zero) { throw new Win32Exception(string.Format(CultureInfo.CurrentCulture, "WTHelperGetProvCertFromChain returned null.")); } CRYPT_PROVIDER_CERT provCert = (CRYPT_PROVIDER_CERT)Marshal.PtrToStructure(pProviderCertificate, typeof(CRYPT_PROVIDER_CERT)); // Check for our EKU in the certificate using (X509Certificate2 x509Cert = new X509Certificate2(provCert.pCert)) { if (((X509EnhancedKeyUsageExtension)x509Cert.Extensions[EXTENDED_KEY_USAGE]).EnhancedKeyUsages[expectedEKU] == null) { // throw new exception throw new VerificationException(string.Format(CultureInfo.CurrentCulture, "Authenticode signature for file {0} is not signed with a certificate containing the EKU {1}.", filePath, expectedEKU)); } trace.Info(String.Format("Authenticode signature for file {0} is signed with a certificate containing the EKU {1}.", filePath, expectedEKU)); } } finally { // dispose winTrustData object winTrustData.Dispose(); } } /// /// Helper method to verify that published mp, mpb, or cabinet files have a valid authenticode signature /// /// Path to the file to check the signature on. /// WinTrustData object private static WinTrustData VerifyFileAuthenticodeSignatureHelper(string filePath, Tracing trace) { WinTrustData trustData = null; WinTrustFileInfo fileInfo = new WinTrustFileInfo(filePath); WINTRUST_SIGNATURE_SETTINGS signatureSettings = null; WinVerifyTrustResult result; if (Utility.IsWin8OrAbove()) { // On Windows 8 and above we have the APIs to enforce stronger checks const string szOID_CERT_STRONG_SIGN_OS_1 = "1.3.6.1.4.1.311.72.1.1"; //this specifies to enforce SHA-2 based hashes and other strong key requirements signatureSettings = new WINTRUST_SIGNATURE_SETTINGS(new CERT_STRONG_SIGN_PARA(szOID_CERT_STRONG_SIGN_OS_1)); trustData = new Win8TrustData(fileInfo, signatureSettings); } else { // no signature settings trustData = new WinTrustData(filePath); } try { result = UnsafeNativeMethods.WinVerifyTrust( IntPtr.Zero, UnsafeNativeMethods.WINTRUST_ACTION_GENERIC_VERIFY_V2, trustData); if (result == WinVerifyTrustResult.FileNotSigned) { throw new VerificationException(string.Format(CultureInfo.CurrentCulture, "File {0} does not have a valid authenticode signature.", filePath)); } else if (result != WinVerifyTrustResult.Success) { var winTrustResultErrorString = String.Format("{0} ({1})", GetVerboseWinVerifyTrustResultErrorString(result), ConvertWinVerifyTrustResultToHex(result)); throw new VerificationException(string.Format(CultureInfo.CurrentCulture, "WinVerifyTrustWrapper on file {0} failed with unexpected error: {1}", filePath, winTrustResultErrorString)); } } catch (Exception ex) { trace.Error(String.Format("Error occurred while calling WinVerifyTrust: {0}", ex)); // free all objects (trustData and signatureSettings) if (signatureSettings != null) { signatureSettings.Dispose(); } trustData.Dispose(); throw; } trace.Info(String.Format("File {0} has a valid authenticode signature.", filePath)); // only free signatureSettings if (signatureSettings != null) { signatureSettings.Dispose(); // zero out the psignature pointer in trustData to be safe Marshal.FreeHGlobal(((Win8TrustData)trustData).pSignatureSettings); ((Win8TrustData)trustData).pSignatureSettings = IntPtr.Zero; } return trustData; } private static string GetVerboseWinVerifyTrustResultErrorString(WinVerifyTrustResult result) { switch (result) { case WinVerifyTrustResult.ActionUnknown: return "Trust provider does not support the specified action"; case WinVerifyTrustResult.FileNotSigned: return "File was not signed"; case WinVerifyTrustResult.ProviderUnknown: return "Trust provider is not recognized on this system"; case WinVerifyTrustResult.SubjectFormUnknown: return "Trust provider does not support the form specified for the subject"; case WinVerifyTrustResult.SubjectNotTrusted: return "Subject failed the specified verification action"; case WinVerifyTrustResult.UntrustedRootCert: return "A certification chain processed correctly but terminated in a root certificate that is not trusted by the trust provider"; default: return "Unknown WinVerifyTrustResult value"; } } private static string ConvertWinVerifyTrustResultToHex(WinVerifyTrustResult result) { return "0x" + result.ToString("X"); } } } ================================================ FILE: src/Agent.Listener/ValidationHelper/UnsafeNativeMethods.cs ================================================ using System; using System.Runtime.InteropServices; using System.Security.Cryptography.X509Certificates; using Microsoft.Win32.SafeHandles; using ComTypes = System.Runtime.InteropServices.ComTypes; namespace Microsoft.VisualStudio.Services.Agent.Listener { /// /// Standard return values from the WinVerifyTrustWrapper API /// internal enum WinVerifyTrustResult : uint { Success = 0, ProviderUnknown = 0x800b0001, // The trust provider is not recognized on this system ActionUnknown = 0x800b0002, // The trust provider does not support the specified action SubjectFormUnknown = 0x800b0003, // The trust provider does not support the form specified for the subject SubjectNotTrusted = 0x800b0004, // The subject failed the specified verification action FileNotSigned = 0x800b0100, UntrustedRootCert = 0x800B0109 // A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. } /// /// Structure provides information about a signer or countersigner /// [StructLayout(LayoutKind.Sequential)] internal struct CRYPT_PROVIDER_SGNR { public uint cbStruct; public ComTypes.FILETIME sftVerifyAsOf; public uint csCertChain; public IntPtr pasCertChain; // CRYPT_PROVIDER_CERT* public uint dwSignerType; public IntPtr psSigner; // CMSG_SIGNER_INFO* public uint dwError; public uint csCounterSigners; public IntPtr pasCounterSigners; // CRYPT_PROVIDER_SGNR* public IntPtr pChainContext; // PCCERT_CHAIN_CONTEXT } /// /// structure contains information used in CertVerifyCertificateChainPolicy /// to establish policy criteria for the verification of certificate chains /// [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] internal struct CERT_CHAIN_POLICY_PARA { public uint cbSize; public uint dwFlags; public IntPtr pvExtraPolicyPara; public CERT_CHAIN_POLICY_PARA(int size) { this.cbSize = (uint)size; this.dwFlags = 0; this.pvExtraPolicyPara = IntPtr.Zero; } } /// /// Structure holds certificate chain status information returned by the CertVerifyCertificateChainPolicy /// function when the certificate chains are validated /// [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] internal struct CERT_CHAIN_POLICY_STATUS { public uint cbSize; public uint dwError; public IntPtr lChainIndex; public IntPtr lElementIndex; public IntPtr pvExtraPolicyStatus; public CERT_CHAIN_POLICY_STATUS(int size) { this.cbSize = (uint)size; this.dwError = 0; this.lChainIndex = IntPtr.Zero; this.lElementIndex = IntPtr.Zero; this.pvExtraPolicyStatus = IntPtr.Zero; } } /// /// Interop structure for calling into CERT_STRONG_SIGN_PARA /// [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] internal struct CERT_STRONG_SIGN_PARA { public uint cbStruct; public uint dwInfoChoice; [MarshalAs(UnmanagedType.LPStr)] public string pszOID; public CERT_STRONG_SIGN_PARA(string oId) { this.cbStruct = (uint)Marshal.SizeOf(typeof(CERT_STRONG_SIGN_PARA)); this.dwInfoChoice = 2; // CERT_STRONG_SIGN_OID_INFO_CHOICE this.pszOID = oId; } } /// /// Sub-structure of WinTrustData for verifying a file /// [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] internal struct WinTrustFileInfo { public uint StructSize; public string filePath; public IntPtr hFile; public IntPtr pgKnownSubject; public WinTrustFileInfo(string filePath) { this.filePath = filePath; this.StructSize = (uint)Marshal.SizeOf(typeof(WinTrustFileInfo)); this.hFile = IntPtr.Zero; this.pgKnownSubject = IntPtr.Zero; } } /// /// Structure provides information about a provider certificate /// [StructLayout(LayoutKind.Sequential)] internal struct CRYPT_PROVIDER_CERT { public uint cbStruct; public IntPtr pCert; // PCCERT_CONTEXT public bool fCommercial; public bool fTrustedRoot; public bool fSelfSigned; public bool fTestCert; public uint dwRevokedReason; public uint dwConfidence; public uint dwError; public IntPtr pTrustListContext; // CTL_CONTEXT* public bool fTrustListSignerCert; public IntPtr pCtlContext; // PCCTL_CONTEXT public uint dwCtlError; public bool fIsCyclic; public IntPtr pChainElement; // PCERT_CHAIN_ELEMENT } /// /// Defines pinvoke signature for functions that perform security checks /// internal static class UnsafeNativeMethods { public const uint CERT_CHAIN_POLICY_MICROSOFT_ROOT = 7; public const uint MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG = 0x00010000; public const uint MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG = 0x00020000; public static readonly Guid WINTRUST_ACTION_GENERIC_VERIFY_V2 = new Guid("00AAC56B-CD44-11d0-8CC2-00C04FC295EE"); // Native method to validate that the file is signed by any authorized publisher [DllImport("wintrust.dll", ExactSpelling = true, SetLastError = false, CharSet = CharSet.Unicode)] internal static extern WinVerifyTrustResult WinVerifyTrust( IntPtr hwnd, [MarshalAs(UnmanagedType.LPStruct)] Guid pgActionID, [In, Out] WinTrustData pWVTData); // Native method to validate that the file is signed by any authorized publisher [DllImport("wintrust.dll", EntryPoint = "WinVerifyTrust", ExactSpelling = true, SetLastError = false, CharSet = CharSet.Unicode)] internal static extern WinVerifyTrustResult Win8VerifyTrust( IntPtr hwnd, [MarshalAs(UnmanagedType.LPStruct)] Guid pgActionID, [In, Out] Win8TrustData pWVTData); // Get the trust provider behind the file signature // returns CRYPT_PROVIDER_DATA* [DllImport("wintrust.dll", SetLastError = false, CharSet = CharSet.Unicode)] internal static extern IntPtr WTHelperProvDataFromStateData(IntPtr hStateData); // Get the signer from the trust provider // returns CRYPT_PROVIDER_SGNR* [DllImport("wintrust.dll", SetLastError = false, CharSet = CharSet.Unicode)] internal static extern IntPtr WTHelperGetProvSignerFromChain( IntPtr pProvData, // CRYPT_PROVIDER_DATA* uint idxSigner, bool fCounterSigner, uint idxCounterSigner); // Verify the cert chains up to the correct root [DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = false)] internal static extern bool CertVerifyCertificateChainPolicy( IntPtr pszPolicyOID, IntPtr pChainContext, ref CERT_CHAIN_POLICY_PARA pPolicyPara, [In, Out] ref CERT_CHAIN_POLICY_STATUS pPolicyStatus); // returns CRYPT_PROVIDER_CERT* [DllImport("wintrust.dll", SetLastError = false, CharSet = CharSet.Unicode)] internal static extern IntPtr WTHelperGetProvCertFromChain( IntPtr pSgnr, // CRYPT_PROVIDER_SGNR* uint idxCert); } /// /// Safe handle for a file /// internal class FileInfoSafeHandle : SafeHandleZeroOrMinusOneIsInvalid { public FileInfoSafeHandle(WinTrustFileInfo info) : base(true) { this.SetHandle(Marshal.AllocHGlobal(Marshal.SizeOf(typeof(WinTrustFileInfo)))); Marshal.StructureToPtr(info, this.handle, false); } protected override bool ReleaseHandle() { if (this.handle != IntPtr.Zero) { Marshal.FreeHGlobal(this.handle); this.handle = IntPtr.Zero; return true; } return false; } } /// /// Structure used to specify the signatures on a file /// [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] internal class WINTRUST_SIGNATURE_SETTINGS : IDisposable { public uint cbStruct = (uint)Marshal.SizeOf(typeof(WINTRUST_SIGNATURE_SETTINGS)); public uint dwIndex = 0; public uint dwFlags = 0; public uint cSecondarySigs = 0; public uint dwVerifiedSigIndex = 0; public IntPtr pCryptoPolicy; // *CCERT_STRONG_SIGN_PARA public WINTRUST_SIGNATURE_SETTINGS(CERT_STRONG_SIGN_PARA strongSignParam) { this.pCryptoPolicy = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(CERT_STRONG_SIGN_PARA))); Marshal.StructureToPtr(strongSignParam, this.pCryptoPolicy, false); } ~WINTRUST_SIGNATURE_SETTINGS() { this.Dispose(false); } public void Dispose() { this.Dispose(true); GC.SuppressFinalize(this); } protected virtual void Dispose(bool disposing) { if (this.pCryptoPolicy != IntPtr.Zero) { Marshal.FreeHGlobal(this.pCryptoPolicy); this.pCryptoPolicy = IntPtr.Zero; } } } /// /// Interop structure for calling into WinVerifyTrustWrapper /// [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] internal class WinTrustData : IDisposable { public uint StructSize = (uint)Marshal.SizeOf(typeof(WinTrustData)); public IntPtr PolicyCallbackData = IntPtr.Zero; public IntPtr SIPClientData = IntPtr.Zero; public uint UIChoice = 2; public uint RevocationChecks = 0x00000001; // WTD_REVOKE_WHOLECHAIN public uint UnionChoice = 1; public FileInfoSafeHandle pFile; public uint StateAction = 1; // WTD_STATEACTION_VERIFY public IntPtr StateData = IntPtr.Zero; [MarshalAs(UnmanagedType.LPWStr)] public string URLReference; public uint ProvFlags = 0x00000080; // WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT public uint UIContext = 0; public WinTrustData() { } public WinTrustData(string fileName) { WinTrustFileInfo fileInfo = new WinTrustFileInfo(fileName); this.pFile = new FileInfoSafeHandle(fileInfo); } ~WinTrustData() { this.Dispose(false); } public void Dispose() { this.Dispose(true); GC.SuppressFinalize(this); } protected virtual void Dispose(bool disposing) { // Any hWVTStateData must be released by a call with close. if (this.StateData != IntPtr.Zero) { this.StateAction = 2; // WTD_STATEACTION_CLOSE if (Utility.IsWin8OrAbove()) { UnsafeNativeMethods.Win8VerifyTrust( IntPtr.Zero, UnsafeNativeMethods.WINTRUST_ACTION_GENERIC_VERIFY_V2, (Win8TrustData)this); } else { UnsafeNativeMethods.WinVerifyTrust( IntPtr.Zero, UnsafeNativeMethods.WINTRUST_ACTION_GENERIC_VERIFY_V2, this); } } if (disposing) { // dispose the file handle if (this.pFile != null) { this.pFile.Dispose(); } } } } /// /// Interop structure for passing signatures on Win 8 or Higher /// [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] internal class Win8TrustData : WinTrustData { public IntPtr pSignatureSettings; // WINTRUST_SIGNATURE_SETTINGS* public Win8TrustData(WinTrustFileInfo fileInfo, WINTRUST_SIGNATURE_SETTINGS signatureSettings) { this.StructSize = (uint)Marshal.SizeOf(typeof(Win8TrustData)); this.pFile = new FileInfoSafeHandle(fileInfo); this.pSignatureSettings = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(WINTRUST_SIGNATURE_SETTINGS))); Marshal.StructureToPtr(signatureSettings, this.pSignatureSettings, false); } ~Win8TrustData() { this.Dispose(false); } protected override void Dispose(bool disposing) { if (this.pSignatureSettings != IntPtr.Zero) { Marshal.FreeHGlobal(this.pSignatureSettings); this.pSignatureSettings = IntPtr.Zero; } base.Dispose(disposing); } } } ================================================ FILE: src/Agent.Listener/ValidationHelper/Utility.cs ================================================ using System; namespace Microsoft.VisualStudio.Services.Agent.Listener { public class Utility { /// /// Checks if the OS version is win8 or above(doesn't check whether it is client or server) /// public static bool IsWin8OrAbove() { Version osVersion = Environment.OSVersion.Version; return (osVersion.Major >= 6 && osVersion.Minor >= 2); } } } ================================================ FILE: src/Agent.Listener/ValidationHelper/VerificationException.cs ================================================ using System; using System.Runtime.Serialization; namespace Microsoft.VisualStudio.Services.Agent.Listener { /// /// Represents errors that occur during validating intelligence pack signatures /// [SerializableAttribute] public class VerificationException : Exception { public VerificationException(string message) : base(message) { } public VerificationException(string message, Exception ex) : base(message, ex) { } #if NET6_0 protected VerificationException(SerializationInfo info, StreamingContext context) : base(info, context) { } #endif } } ================================================ FILE: src/Agent.Listener/net10.json ================================================ [ { "id": "alpine", "versions": [ { "name": "3.22+" } ] }, { "id": "amzn", "versions": [ { "name": "2" }, { "name": "2023" } ] }, { "id": "azure-linux", "versions": [ { "name": "3.0+" } ] }, { "id": "centos", "versions": [ { "name": "9+" } ] }, { "id": "debian", "versions": [ { "name": "12+" } ] }, { "id": "fedora", "versions": [ { "name": "42+" } ] }, { "id": "macOS", "versions": [ { "name": "14+" } ] }, { "id": "opensuse-leap", "versions": [ { "name": "15.6+" } ] }, { "id": "almalinux", "versions": [ { "name": "8+" } ] }, { "id": "rhel", "versions": [ { "name": "8+" } ] }, { "id": "ol", "versions": [ { "name": "8+" } ] }, { "id": "rocky", "versions": [ { "name": "8+" } ] }, { "id": "sles", "versions": [ { "name": "15.6+" } ] }, { "id": "ubuntu", "versions": [ { "name": "22.04" }, { "name": "24.04" }, { "name": "25.10" } ] }, { "id": "Windows Client", "versions": [ { "name": "10", "version": "1607+" }, { "name": "11", "version": "22631+" } ] }, { "id": "Windows Nano Server", "versions": [ { "name": "2019+" } ] }, { "id": "Windows Server", "versions": [ { "name": "2016+" } ] }, { "id": "Windows Server Core", "versions": [ { "name": "2016+" } ] } ] ================================================ FILE: src/Agent.Listener/net6.json ================================================ [ { "id": "alpine", "versions": [ { "name": "3.13+" } ] }, { "id": "amzn", "versions": [ { "name": "2" } ] }, { "id": "centos", "versions": [ { "name": "7+" } ] }, { "id": "debian", "versions": [ { "name": "10+" } ] }, { "id": "fedora", "versions": [ { "name": "33+" } ] }, { "id": "macOS", "versions": [ { "name": "10.15+" } ] }, { "id": "mariner", "versions": [ { "name": "1.0+" } ] }, { "id": "opensuse-leap", "versions": [ { "name": "15+" } ] }, { "id": "rhel", "versions": [ { "name": "7+" } ] }, { "id": "ol", "versions": [ { "name": "7+" } ] }, { "id": "rocky", "versions": [ { "name": "8+" } ] }, { "id": "sles", "versions": [ { "name": "12.2+" } ] }, { "id": "ubuntu", "versions": [ { "name": "16.04" }, { "name": "18.04" }, { "name": "20.04+" } ] }, { "id": "Windows Client", "versions": [ { "name": "7", "version": "7601+" }, { "name": "8.1" }, { "name": "10", "version": "14393+" } ] }, { "id": "Windows Nano Server", "versions": [ { "version": "17763+" } ] }, { "id": "Windows Server", "versions": [ { "name": "2012+" } ] }, { "id": "Windows Server Core", "versions": [ { "name": "2012+" } ] } ] ================================================ FILE: src/Agent.Listener/net8.json ================================================ [ { "id": "alpine", "versions": [ { "name": "3.20+" } ] }, { "id": "amzn", "versions": [ { "name": "2" }, { "name": "2023" } ] }, { "id": "azure-linux", "versions": [ { "name": "3.0" } ] }, { "id": "centos", "versions": [ { "name": "9+" } ] }, { "id": "debian", "versions": [ { "name": "12+" } ] }, { "id": "fedora", "versions": [ { "name": "41+" } ] }, { "id": "macOS", "versions": [ { "name": "14+" } ] }, { "id": "opensuse-leap", "versions": [ { "name": "15.6+" } ] }, { "id": "almalinux", "versions": [ { "name": "8+" } ] }, { "id": "rhel", "versions": [ { "name": "8+" } ] }, { "id": "ol", "versions": [ { "name": "8+" } ] }, { "id": "rocky", "versions": [ { "name": "8+" } ] }, { "id": "sles", "versions": [ { "name": "15.6+" } ] }, { "id": "ubuntu", "versions": [ { "name": "22.04" }, { "name": "24.04" }, { "name": "25.10" } ] }, { "id": "Windows Client", "versions": [ { "name": "10", "version": "1607+" }, { "name": "11", "version": "22631+" } ] }, { "id": "Windows Nano Server", "versions": [ { "name": "2019+" } ] }, { "id": "Windows Server", "versions": [ { "name": "2016+" } ] }, { "id": "Windows Server Core", "versions": [ { "name": "2016+" } ] } ] ================================================ FILE: src/Agent.PluginHost/Agent.PluginHost.csproj ================================================  Exe true ================================================ FILE: src/Agent.PluginHost/Program.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Globalization; using System.IO; using System.Linq; using System.Net.Sockets; using System.Reflection; using System.Runtime.Loader; using System.Text; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Util; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.PluginHost { public static class Program { private static CancellationTokenSource tokenSource = new CancellationTokenSource(); private static string executingAssemblyLocation = string.Empty; public static int Main(string[] args) { if (PlatformUtil.UseLegacyHttpHandler) { AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false); } Console.CancelKeyPress += Console_CancelKeyPress; // Set encoding to UTF8, process invoker will use UTF8 write to STDIN Console.InputEncoding = Encoding.UTF8; Console.OutputEncoding = Encoding.UTF8; try { ArgUtil.NotNull(args, nameof(args)); ArgUtil.Equal(2, args.Length, nameof(args.Length)); string pluginType = args[0]; if (string.Equals("task", pluginType, StringComparison.OrdinalIgnoreCase)) { string assemblyQualifiedName = args[1]; ArgUtil.NotNullOrEmpty(assemblyQualifiedName, nameof(assemblyQualifiedName)); string serializedContext = Console.ReadLine(); ArgUtil.NotNullOrEmpty(serializedContext, nameof(serializedContext)); AgentTaskPluginExecutionContext executionContext = StringUtil.ConvertFromJson(serializedContext); ArgUtil.NotNull(executionContext, nameof(executionContext)); VariableValue culture; ArgUtil.NotNull(executionContext.Variables, nameof(executionContext.Variables)); if (executionContext.Variables.TryGetValue("system.culture", out culture) && !string.IsNullOrEmpty(culture?.Value)) { CultureInfo.DefaultThreadCurrentCulture = new CultureInfo(culture.Value); CultureInfo.DefaultThreadCurrentUICulture = new CultureInfo(culture.Value); } AssemblyLoadContext.Default.Resolving += ResolveAssembly; try { Type type = Type.GetType(assemblyQualifiedName, throwOnError: true); var taskPlugin = Activator.CreateInstance(type) as IAgentTaskPlugin; ArgUtil.NotNull(taskPlugin, nameof(taskPlugin)); taskPlugin.RunAsync(executionContext, tokenSource.Token).GetAwaiter().GetResult(); } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, executionContext.VssConnection.Uri.ToString(), executionContext.Error); } catch (AggregateException ex) { ExceptionsUtil.HandleAggregateException((AggregateException)ex, executionContext.Error); } catch (Exception ex) { executionContext.Error(ex.Message); executionContext.Debug(ex.StackTrace); } finally { AssemblyLoadContext.Default.Resolving -= ResolveAssembly; } return 0; } else if (string.Equals("command", pluginType, StringComparison.OrdinalIgnoreCase)) { string assemblyQualifiedName = args[1]; ArgUtil.NotNullOrEmpty(assemblyQualifiedName, nameof(assemblyQualifiedName)); string serializedContext = Console.ReadLine(); ArgUtil.NotNullOrEmpty(serializedContext, nameof(serializedContext)); AgentCommandPluginExecutionContext executionContext = StringUtil.ConvertFromJson(serializedContext); ArgUtil.NotNull(executionContext, nameof(executionContext)); AssemblyLoadContext.Default.Resolving += ResolveAssembly; try { Type type = Type.GetType(assemblyQualifiedName, throwOnError: true); var commandPlugin = Activator.CreateInstance(type) as IAgentCommandPlugin; ArgUtil.NotNull(commandPlugin, nameof(commandPlugin)); commandPlugin.ProcessCommandAsync(executionContext, tokenSource.Token).GetAwaiter().GetResult(); } catch (Exception ex) { // any exception throw from plugin will fail the command. executionContext.Error(ex.ToString()); } finally { AssemblyLoadContext.Default.Resolving -= ResolveAssembly; } return 0; } else if (string.Equals("log", pluginType, StringComparison.OrdinalIgnoreCase)) { // read commandline arg to get the instance id var instanceId = args[1]; ArgUtil.NotNullOrEmpty(instanceId, nameof(instanceId)); // read STDIN, the first line will be the HostContext for the log plugin host string serializedContext = Console.ReadLine(); ArgUtil.NotNullOrEmpty(serializedContext, nameof(serializedContext)); AgentLogPluginHostContext hostContext = StringUtil.ConvertFromJson(serializedContext); ArgUtil.NotNull(hostContext, nameof(hostContext)); // create plugin object base on plugin assembly names from the HostContext List logPlugins = new List(); AssemblyLoadContext.Default.Resolving += ResolveAssembly; try { foreach (var pluginAssembly in hostContext.PluginAssemblies) { try { Type type = Type.GetType(pluginAssembly, throwOnError: true); var logPlugin = Activator.CreateInstance(type) as IAgentLogPlugin; ArgUtil.NotNull(logPlugin, nameof(logPlugin)); logPlugins.Add(logPlugin); } catch (Exception ex) { // any exception throw from plugin will get trace and ignore, error from plugins will not fail the job. Console.WriteLine($"Unable to load plugin '{pluginAssembly}': {ex}"); } } } finally { AssemblyLoadContext.Default.Resolving -= ResolveAssembly; } // start the log plugin host var logPluginHost = new AgentLogPluginHost(hostContext, logPlugins); Task hostTask = logPluginHost.Run(); while (true) { var consoleInput = Console.ReadLine(); if (string.Equals(consoleInput, $"##vso[logplugin.finish]{instanceId}", StringComparison.OrdinalIgnoreCase)) { // singal all plugins, the job has finished. // plugin need to start their finalize process. logPluginHost.Finish(); break; } else { // the format is TimelineRecordId(GUID):Output(String) logPluginHost.EnqueueOutput(consoleInput); } } // wait for the host to finish. hostTask.GetAwaiter().GetResult(); return 0; } else { throw new ArgumentOutOfRangeException(pluginType); } } catch (Exception ex) { // infrastructure failure. Console.Error.WriteLine(ex.ToString()); return 1; } finally { Console.CancelKeyPress -= Console_CancelKeyPress; } } private static Assembly ResolveAssembly(AssemblyLoadContext context, AssemblyName assembly) { string assemblyFilename = assembly.Name + ".dll"; if (string.IsNullOrEmpty(executingAssemblyLocation)) { executingAssemblyLocation = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); } return context.LoadFromAssemblyPath(Path.Combine(executingAssemblyLocation, assemblyFilename)); } private static void Console_CancelKeyPress(object sender, ConsoleCancelEventArgs e) { e.Cancel = true; tokenSource.Cancel(); } } } ================================================ FILE: src/Agent.Plugins/Agent.Plugins.csproj ================================================  Library true ================================================ FILE: src/Agent.Plugins/Artifact/ArtifactDownloadParameters.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Minimatch; namespace Agent.Plugins { internal class ArtifactDownloadParameters { /// /// Options on how to retrieve the build using the following parameters. /// public BuildArtifactRetrievalOptions ProjectRetrievalOptions { get; set; } /// /// Either project ID or project name need to be supplied. /// public Guid ProjectId { get; set; } /// /// Either project ID or project name need to be supplied. /// public string ProjectName { get; set; } public int PipelineId { get; set; } public string ArtifactName { get; set; } public string TargetDirectory { get; set; } public string[] MinimatchFilters { get; set; } public bool MinimatchFilterWithArtifactName { get; set; } public bool IncludeArtifactNameInPath { get; set; } public int ParallelizationLimit { get; set; } = 8; public int RetryDownloadCount { get; set; } = 4; public bool CheckDownloadedFiles { get; set; } = false; public Options CustomMinimatchOptions { get; set; } = null; public bool ExtractTars { get; set; } = false; public string ExtractedTarsTempPath { get; set; } public bool AppendArtifactNameToTargetPath { get; set; } = true; } internal enum BuildArtifactRetrievalOptions { RetrieveByProjectId, RetrieveByProjectName } } ================================================ FILE: src/Agent.Plugins/Artifact/ArtifactItemFilters.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text; using System.Threading.Tasks; using Agent.Sdk; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.VisualStudio.Services.BlobStore.Common; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.FileContainer; using Microsoft.VisualStudio.Services.WebApi; using Minimatch; namespace Agent.Plugins { class ArtifactItemFilters { private readonly VssConnection connection; private readonly IAppTraceSource tracer; public ArtifactItemFilters(VssConnection connection, IAppTraceSource tracer) { this.tracer = tracer; this.connection = connection; } /// /// Collects hashtable with items in accordance with patterns /// /// List of relative paths for items detected in artifact. The relative paths start from name of artifact. /// Array of patterns used to filter items in artifact /// Download parameters from minimatcherFuncs /// public dynamic GetMapToFilterItems(List paths, string[] minimatchPatterns, Options customMinimatchOptions) { // Hashtable to keep track of matches. Hashtable map = new Hashtable(); foreach (string minimatchPattern in minimatchPatterns) { tracer.Info($"Pattern: {minimatchPattern}"); // Trim and skip empty. string currentPattern = minimatchPattern.Trim(); if (String.IsNullOrEmpty(currentPattern)) { tracer.Info($"Skipping empty pattern."); continue; } // Clone match options. Options matchOptions = CloneMiniMatchOptions(customMinimatchOptions); // Skip comments. if (!matchOptions.NoComment && currentPattern.StartsWith('#')) { tracer.Info($"Skipping comment."); continue; } // Set NoComment. Brace expansion could result in a leading '#'. matchOptions.NoComment = true; // Determine whether pattern is include or exclude. int negateCount = 0; if (!matchOptions.NoNegate) { while (negateCount < currentPattern.Length && currentPattern[negateCount] == '!') { negateCount++; } currentPattern = currentPattern.Substring(negateCount); if (negateCount > 0) { tracer.Info($"Trimmed leading '!'. Pattern: '{currentPattern}'"); } } bool isIncludePattern = negateCount == 0 || (negateCount % 2 == 0 && !matchOptions.FlipNegate) || (negateCount % 2 == 1 && matchOptions.FlipNegate); // Set NoNegate. Brace expansion could result in a leading '!'. matchOptions.NoNegate = true; matchOptions.FlipNegate = false; // Trim and skip empty. currentPattern = currentPattern.Trim(); if (String.IsNullOrEmpty(currentPattern)) { tracer.Info($"Skipping empty pattern."); continue; } // Expand braces - required to accurately interpret findPath. string[] expandedPatterns; string preExpandedPattern = currentPattern; if (matchOptions.NoBrace) { expandedPatterns = new string[] { currentPattern }; } else { expandedPatterns = ExpandBraces(currentPattern, matchOptions); } // Set NoBrace. matchOptions.NoBrace = true; foreach (string expandedPattern in expandedPatterns) { if (expandedPattern != preExpandedPattern) { tracer.Info($"Pattern: {expandedPattern}"); } // Trim and skip empty. currentPattern = expandedPattern.Trim(); if (String.IsNullOrEmpty(currentPattern)) { tracer.Info($"Skipping empty pattern."); continue; } string[] currentPatterns = new string[] { currentPattern }; IEnumerable> minimatcherFuncs = MinimatchHelper.GetMinimatchFuncs( currentPatterns, tracer, matchOptions ); UpdatePatternsMap(isIncludePattern, paths, minimatcherFuncs, ref map); } } return map; } /// /// Expands braces in patterns if they are exist /// /// String of pattern /// Download parameters from minimatcherFuncs /// private string[] ExpandBraces(string pattern, Options matchOptions) { // Convert slashes on Windows before calling braceExpand(). Unfortunately this means braces cannot // be escaped on Windows, this limitation is consistent with current limitations of minimatch (3.0.3). tracer.Info($"Expanding braces."); string convertedPattern = pattern.Replace("\\", "/"); return Minimatcher.BraceExpand(convertedPattern, matchOptions).ToArray(); } /// /// Adds or removes items from map in accordance with patterns /// /// Defines if specific pattern possitive or negative /// List of relative paths for items detected in artifact. The relative paths start from name of artifact. /// Functions of MinimatchHelper /// Map for items in artifact collected in accordance with patterns. The map is hashtable, key is string path to item in artifact, value is bool true for all items. Item with path from the hashtable is considered as required to be in list after filtering. private void UpdatePatternsMap(bool isIncludePattern, List paths, IEnumerable> minimatcherFuncs, ref Hashtable map) { string patternType = isIncludePattern ? "include" : "exclude"; tracer.Info($"Applying {patternType} pattern against original list."); List matchResults = this.FilterItemsByPatterns(paths, minimatcherFuncs); int matchCount = 0; foreach (string matchResult in matchResults) { matchCount++; if (isIncludePattern) { // Union the results. map[matchResult] = Boolean.TrueString; } else { // Subtract the results. map.Remove(matchResult); } } tracer.Info($"{matchCount} matches"); } /// /// Returns list of FileContainerItem items required to be downloaded. Used by FileContainerProvider. /// /// List of items detected in artifact /// Map for items in artifact collected in accordance with patterns. The map is hashtable, key is string path to item in artifact, value is bool true for all items. Item with path from the hashtable is considered as required to be in list after filtering. /// public List ApplyPatternsMapToContainerItems(List items, Hashtable map) { List resultItems = new List(); foreach (FileContainerItem item in items) { if (Convert.ToBoolean(map[item.Path])) { resultItems.Add(item); } } return resultItems; } /// /// Returns list of FileInfo items required to be downloaded. Used by FileShareProvider. /// /// List of files detected in artifact /// Map for files in artifact collected in accordance with patterns. The map is hashtable, key is string path to file in artifact, value is bool true for all files. File with path from the hashtable is considered as required to be in list after filtering. /// Full path to artifact placed on file share /// public List ApplyPatternsMapToFileShareItems(IEnumerable files, Hashtable map, string sourcePath) { char[] trimChars = new[] { '\\', '/' }; List resultItems = new List(); foreach (FileInfo file in files) { var artifactName = new DirectoryInfo(sourcePath).Name; string pathInArtifact = RemoveSourceDirFromPath(file, sourcePath); if (Convert.ToBoolean(map[Path.Combine(artifactName, pathInArtifact)])) { resultItems.Add(file); } } return resultItems; } /// Collects list of items filtered by minimather in accordance with pattern /// /// List of relative paths for items detected in artifact. The relative paths start from name of artifact. /// Functions of MinimatchHelper /// private List FilterItemsByPatterns(List paths, IEnumerable> minimatchFuncs) { List filteredItems = new List(); foreach (string path in paths) { if (minimatchFuncs.Any(match => match(path))) { filteredItems.Add(path); } } return filteredItems; } /// /// Trims source path from full path of file. Result is path to file in artifact. /// E.g. file is \\FileShare\TestArtifact\TestFolder\TestFile.txt, sourcePath is \\FileShare\TestArtifact, result is TestFolder\TestFile.txt. /// /// FileInfo object with info about file in artifact /// String path to artifact on file share. /// public string RemoveSourceDirFromPath(FileInfo file, string sourcePath) { char[] trimChars = new[] { '\\', '/' }; return file.ToString().Remove(0, sourcePath.Length).TrimStart(trimChars); } /// Creates copy of provided minimatcher options /// /// Existed minimatcher options for copying /// private Options CloneMiniMatchOptions(Options currentMiniMatchOptions) { Options clonedMiniMatchOptions = new Options() { Dot = currentMiniMatchOptions.Dot, FlipNegate = currentMiniMatchOptions.FlipNegate, MatchBase = currentMiniMatchOptions.MatchBase, NoBrace = currentMiniMatchOptions.NoBrace, NoCase = currentMiniMatchOptions.NoCase, NoComment = currentMiniMatchOptions.NoComment, NoExt = currentMiniMatchOptions.NoExt, NoGlobStar = currentMiniMatchOptions.NoGlobStar, NoNegate = currentMiniMatchOptions.NoNegate, NoNull = currentMiniMatchOptions.NoNull, IgnoreCase = currentMiniMatchOptions.IgnoreCase, AllowWindowsPaths = PlatformUtil.RunningOnWindows }; return clonedMiniMatchOptions; } } } ================================================ FILE: src/Agent.Plugins/Artifact/ArtifactProviderFactory.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Sdk; using Agent.Plugins.PipelineArtifact; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.Agent.Blob; namespace Agent.Plugins { internal class ArtifactProviderFactory { private AgentTaskPluginExecutionContext _context; private VssConnection _connection; private IAppTraceSource _tracer; private FileContainerProvider fileContainerProvider; private PipelineArtifactProvider pipelineArtifactProvider; private FileShareProvider fileShareProvider; public ArtifactProviderFactory(AgentTaskPluginExecutionContext context, VssConnection connection, IAppTraceSource tracer) { this._connection = connection; this._context = context; this._tracer = tracer; } public IArtifactProvider GetProvider(BuildArtifact buildArtifact) { string artifactType = buildArtifact.Resource.Type; if (PipelineArtifactConstants.PipelineArtifact.Equals(artifactType, StringComparison.CurrentCultureIgnoreCase)) { return pipelineArtifactProvider ??= new PipelineArtifactProvider(this._context, this._connection, this._tracer); } else if (PipelineArtifactConstants.Container.Equals(artifactType, StringComparison.CurrentCultureIgnoreCase)) { return fileContainerProvider ??= new FileContainerProvider(this._connection, this._tracer); } else if (PipelineArtifactConstants.FileShareArtifact.Equals(artifactType, StringComparison.CurrentCultureIgnoreCase)) { return fileShareProvider ??= new FileShareProvider(this._context, this._connection, this._tracer, DedupManifestArtifactClientFactory.Instance); } else { throw new InvalidOperationException($"{buildArtifact} is not of type PipelineArtifact, FileShare or BuildArtifact"); } } } } ================================================ FILE: src/Agent.Plugins/Artifact/BuildServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk.Knob; using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Plugins { // A client wrapper interacting with TFS/Build's Artifact API public class BuildServer { private readonly BuildHttpClient _buildHttpClient; public BuildServer(VssConnection connection) { connection.Settings.SendTimeout = TimeSpan.FromSeconds(AgentKnobs.ArtifactAssociateTimeout.GetValue(UtilKnobValueContext.Instance()).AsInt()); _buildHttpClient = connection.GetClient(); } // Associate the specified artifact with a build, along with custom data. public async Task AssociateArtifactAsync( Guid projectId, int pipelineId, string name, string jobId, string type, string data, Dictionary propertiesDictionary, CancellationToken cancellationToken = default(CancellationToken)) { BuildArtifact artifact = new BuildArtifact() { Name = name, Source = jobId, Resource = new ArtifactResource() { Data = data, Type = type, Properties = propertiesDictionary } }; return await _buildHttpClient.CreateArtifactAsync(artifact, projectId, pipelineId, cancellationToken: cancellationToken); } // Get named artifact from a build public async Task GetArtifact( Guid projectId, int pipelineId, string name, CancellationToken cancellationToken) { return await _buildHttpClient.GetArtifactAsync(projectId, pipelineId, name, cancellationToken: cancellationToken); } public async Task> GetArtifactsAsync( Guid project, int pipelineId, CancellationToken cancellationToken) { return await _buildHttpClient.GetArtifactsAsync(project, pipelineId, userState: null, cancellationToken: cancellationToken); } //Get artifact with project name. public async Task GetArtifactWithProjectNameAsync( string project, int pipelineId, string name, CancellationToken cancellationToken) { return await _buildHttpClient.GetArtifactAsync(project, pipelineId, name, cancellationToken: cancellationToken); } public async Task> GetArtifactsWithProjectNameAsync( string project, int pipelineId, CancellationToken cancellationToken) { return await _buildHttpClient.GetArtifactsAsync(project, pipelineId, userState: null, cancellationToken: cancellationToken); } public async Task> GetDefinitionsAsync( Guid project, string definitionName, CancellationToken cancellationToken) { return await _buildHttpClient.GetDefinitionsAsync(project, definitionName, cancellationToken: cancellationToken); } } } ================================================ FILE: src/Agent.Plugins/Artifact/FileContainerProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using Agent.Sdk.Util; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Blob; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.BlobStore.Common; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts; using Microsoft.VisualStudio.Services.Content.Common; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.FileContainer; using Microsoft.VisualStudio.Services.FileContainer.Client; using Microsoft.VisualStudio.Services.WebApi; using System; using System.Collections; using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.IO.Compression; using System.Linq; using System.Net.Sockets; using System.Threading; using System.Threading.Tasks; using System.Threading.Tasks.Dataflow; using Minimatch; namespace Agent.Plugins { internal class FileContainerProvider : IArtifactProvider { private readonly VssConnection connection; private readonly FileContainerHttpClient containerClient; private readonly IAppTraceSource tracer; [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "connection2")] public FileContainerProvider(VssConnection connection, IAppTraceSource tracer) { if (connection != null) { BuildHttpClient buildHttpClient = connection.GetClient(); VssConnection connection2 = new VssConnection(buildHttpClient.BaseAddress, connection.Credentials); containerClient = connection2.GetClient(); } this.tracer = tracer; this.connection = connection; } public async Task DownloadSingleArtifactAsync( ArtifactDownloadParameters downloadParameters, BuildArtifact buildArtifact, CancellationToken cancellationToken, AgentTaskPluginExecutionContext context) { IEnumerable items = await GetArtifactItems(downloadParameters, buildArtifact); await this.DownloadFileContainerAsync(items, downloadParameters, buildArtifact, downloadParameters.TargetDirectory, context, cancellationToken); IEnumerable fileArtifactPaths = items .Where((item) => item.ItemType == ContainerItemType.File) .Select((fileItem) => Path.Combine(downloadParameters.TargetDirectory, fileItem.Path)); if (downloadParameters.ExtractTars) { ExtractTarsIfPresent(context, fileArtifactPaths, downloadParameters.TargetDirectory, downloadParameters.ExtractedTarsTempPath, cancellationToken); } } public async Task DownloadMultipleArtifactsAsync( ArtifactDownloadParameters downloadParameters, IEnumerable buildArtifacts, CancellationToken cancellationToken, AgentTaskPluginExecutionContext context) { var allFileArtifactPaths = new List(); foreach (var buildArtifact in buildArtifacts) { var dirPath = downloadParameters.AppendArtifactNameToTargetPath ? Path.Combine(downloadParameters.TargetDirectory, buildArtifact.Name) : downloadParameters.TargetDirectory; IEnumerable items = await GetArtifactItems(downloadParameters, buildArtifact); IEnumerable fileArtifactPaths = items .Where((item) => item.ItemType == ContainerItemType.File) .Select((fileItem) => Path.Combine(dirPath, fileItem.Path)); allFileArtifactPaths.AddRange(fileArtifactPaths); await DownloadFileContainerAsync(items, downloadParameters, buildArtifact, dirPath, context, cancellationToken, isSingleArtifactDownload: false); } if (downloadParameters.ExtractTars) { ExtractTarsIfPresent(context, allFileArtifactPaths, downloadParameters.TargetDirectory, downloadParameters.ExtractedTarsTempPath, cancellationToken); } } private (long, string) ParseContainerId(string resourceData) { // Example of resourceData: "#/7029766/artifacttool-alpine-x64-Debug" string[] segments = resourceData.Split('/'); long containerId; if (segments.Length < 3) { throw new ArgumentException($"Resource data value '{resourceData}' is invalid."); } if (segments.Length >= 3 && segments[0] == "#" && long.TryParse(segments[1], out containerId)) { var artifactName = String.Join('/', segments, 2, segments.Length - 2); return ( containerId, artifactName ); } else { var message = $"Resource data value '{resourceData}' is invalid."; throw new ArgumentException(message, nameof(resourceData)); } } private async Task DownloadFileContainerAsync(IEnumerable items, ArtifactDownloadParameters downloadParameters, BuildArtifact artifact, string rootPath, AgentTaskPluginExecutionContext context, CancellationToken cancellationToken, bool isSingleArtifactDownload = true) { var containerIdAndRoot = ParseContainerId(artifact.Resource.Data); var projectId = downloadParameters.ProjectId; tracer.Info($"Start downloading FCS artifact- {artifact.Name}"); if (!isSingleArtifactDownload && items.Any()) { Directory.CreateDirectory(rootPath); } var folderItems = items.Where(i => i.ItemType == ContainerItemType.Folder); Parallel.ForEach(folderItems, (folder) => { var targetPath = ResolveTargetPath(rootPath, folder, containerIdAndRoot.Item2, downloadParameters.IncludeArtifactNameInPath); Directory.CreateDirectory(targetPath); }); var fileItems = items.Where(i => i.ItemType == ContainerItemType.File); // Only initialize these clients if we know we need to download from Blobstore // If a client cannot connect to Blobstore, we shouldn't stop them from downloading from FCS var downloadFromBlob = !AgentKnobs.DisableBuildArtifactsToBlob.GetValue(context).AsBoolean(); Dictionary dedupClientTable = new Dictionary(); BlobStoreClientTelemetryTfs clientTelemetry = null; if (downloadFromBlob && fileItems.Any(x => x.BlobMetadata != null)) { // this is not the most efficient but good enough for now: var domains = fileItems.Select(x => GetDomainIdAndDedupIdFromArtifactHash(x.BlobMetadata.ArtifactHash).domainId).Distinct(); DedupStoreClient dedupClient = null; try { BlobstoreClientSettings clientSettings = await BlobstoreClientSettings.GetClientSettingsAsync( connection, Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts.Client.BuildArtifact, tracer, cancellationToken); foreach(var domainId in domains) { (dedupClient, clientTelemetry) = DedupManifestArtifactClientFactory.Instance.CreateDedupClient( this.connection, domainId, DedupManifestArtifactClientFactory.Instance.GetDedupStoreClientMaxParallelism(context, clientSettings), clientSettings.GetRedirectTimeout(), false, (str) => this.tracer.Info(str), cancellationToken); dedupClientTable.Add(domainId, dedupClient); } } catch (SocketException e) { ExceptionsUtil.HandleSocketException(e, connection.Uri.ToString(), context.Warning); // Fall back to streaming through TFS if we cannot reach blobstore for any reason downloadFromBlob = false; } catch { var blobStoreHost = dedupClient?.Client.BaseAddress.Host; var allowListLink = BlobStoreWarningInfoProvider.GetAllowListLinkForCurrentPlatform(); var warningMessage = StringUtil.Loc("BlobStoreDownloadWarning", blobStoreHost, allowListLink); // Fall back to streaming through TFS if we cannot reach blobstore downloadFromBlob = false; tracer.Warn(warningMessage); } } var downloadBlock = NonSwallowingActionBlock.Create( async item => { var targetPath = ResolveTargetPath(rootPath, item, containerIdAndRoot.Item2, downloadParameters.IncludeArtifactNameInPath); var directory = Path.GetDirectoryName(targetPath); Directory.CreateDirectory(directory); await AsyncHttpRetryHelper.InvokeVoidAsync( async () => { tracer.Info($"Downloading: {targetPath}"); if (item.BlobMetadata != null && downloadFromBlob) { var client = dedupClientTable[GetDomainIdAndDedupIdFromArtifactHash(item.BlobMetadata.ArtifactHash).domainId]; await this.DownloadFileFromBlobAsync(context, containerIdAndRoot, targetPath, projectId, item, client, clientTelemetry, cancellationToken); } else { using (var sourceStream = await this.DownloadFileAsync(containerIdAndRoot, projectId, containerClient, item, cancellationToken)) using (var targetStream = new FileStream(targetPath, FileMode.Create)) { await sourceStream.CopyToAsync(targetStream); } } }, maxRetries: downloadParameters.RetryDownloadCount, cancellationToken: cancellationToken, tracer: tracer, continueOnCapturedContext: false, canRetryDelegate: exception => exception is IOException, context: null ); }, new ExecutionDataflowBlockOptions() { BoundedCapacity = 5000, MaxDegreeOfParallelism = downloadParameters.ParallelizationLimit, CancellationToken = cancellationToken, }); await downloadBlock.SendAllAndCompleteSingleBlockNetworkAsync(fileItems, cancellationToken); // Send results to CustomerIntelligence if (clientTelemetry != null) { var planId = new Guid(context.Variables.GetValueOrDefault(WellKnownDistributedTaskVariables.PlanId)?.Value ?? Guid.Empty.ToString()); var jobId = new Guid(context.Variables.GetValueOrDefault(WellKnownDistributedTaskVariables.JobId)?.Value ?? Guid.Empty.ToString()); context.PublishTelemetry(area: PipelineArtifactConstants.AzurePipelinesAgent, feature: PipelineArtifactConstants.BuildArtifactDownload, properties: clientTelemetry.GetArtifactDownloadTelemetry(planId, jobId)); } // check files (will throw an exception if a file is corrupt) if (downloadParameters.CheckDownloadedFiles) { CheckDownloads(items, rootPath, containerIdAndRoot.Item2, downloadParameters.IncludeArtifactNameInPath); } } // Returns list of filtered artifact items. Uses minimatch filters specified in downloadParameters. private async Task> GetArtifactItems(ArtifactDownloadParameters downloadParameters, BuildArtifact buildArtifact) { (long, string) containerIdAndRoot = ParseContainerId(buildArtifact.Resource.Data); Guid projectId = downloadParameters.ProjectId; string[] minimatchPatterns = downloadParameters.MinimatchFilters; List items = await containerClient.QueryContainerItemsAsync( containerIdAndRoot.Item1, projectId, isShallow: false, includeBlobMetadata: true, containerIdAndRoot.Item2 ); Options customMinimatchOptions; if (downloadParameters.CustomMinimatchOptions != null) { customMinimatchOptions = downloadParameters.CustomMinimatchOptions; } else { customMinimatchOptions = new Options() { Dot = true, NoBrace = true, AllowWindowsPaths = PlatformUtil.RunningOnWindows }; } // Getting list of item paths. It is useful to handle list of paths instead of items. // Also it allows to use the same methods for FileContainerProvider and FileShareProvider. List paths = new List(); foreach (FileContainerItem item in items) { paths.Add(item.Path); } ArtifactItemFilters filters = new ArtifactItemFilters(connection, tracer); Hashtable map = filters.GetMapToFilterItems(paths, minimatchPatterns, customMinimatchOptions); // Returns filtered list of artifact items. Uses minimatch filters specified in downloadParameters. List resultItems = filters.ApplyPatternsMapToContainerItems(items, map); tracer.Info($"{resultItems.Count} final results"); IEnumerable excludedItems = items.Except(resultItems); foreach (FileContainerItem item in excludedItems) { tracer.Info($"Item excluded: {item.Path}"); } return resultItems; } private void CheckDownloads(IEnumerable items, string rootPath, string artifactName, bool includeArtifactName) { tracer.Info(StringUtil.Loc("BeginArtifactItemsIntegrityCheck")); var corruptedItems = new List(); foreach (var item in items.Where(x => x.ItemType == ContainerItemType.File)) { var targetPath = ResolveTargetPath(rootPath, item, artifactName, includeArtifactName); var fileInfo = new FileInfo(targetPath); if (fileInfo.Length != item.FileLength) { corruptedItems.Add(item); } } if (corruptedItems.Count > 0) { tracer.Warn(StringUtil.Loc("CorruptedArtifactItemsList")); corruptedItems.ForEach(item => tracer.Warn(item.ItemLocation)); throw new Exception(StringUtil.Loc("IntegrityCheckNotPassed")); } tracer.Info(StringUtil.Loc("IntegrityCheckPassed")); } private async Task DownloadFileAsync( (long, string) containerIdAndRoot, Guid scopeIdentifier, FileContainerHttpClient containerClient, FileContainerItem item, CancellationToken cancellationToken) { Stream responseStream = await AsyncHttpRetryHelper.InvokeAsync( async () => { Stream internalResponseStream = await containerClient.DownloadFileAsync(containerIdAndRoot.Item1, item.Path, cancellationToken, scopeIdentifier); return internalResponseStream; }, maxRetries: 5, cancellationToken: cancellationToken, tracer: this.tracer, continueOnCapturedContext: false ); return responseStream; } private static (IDomainId domainId, DedupIdentifier dedupId) GetDomainIdAndDedupIdFromArtifactHash(string artifactHash) { string[] parts = artifactHash.Split(','); if(parts.Length == 1) { // legacy format is always in the default domain: return (WellKnownDomainIds.DefaultDomainId, DedupIdentifier.Deserialize(parts[0])); } else if(parts.Length==2) { // Multidomain format is in the form of , return (DomainIdFactory.Create(parts[0]), DedupIdentifier.Deserialize(parts[1])); } throw new ArgumentException($"Invalid artifact hash: {artifactHash}", nameof(artifactHash)); } private async Task DownloadFileFromBlobAsync( AgentTaskPluginExecutionContext context, (long, string) containerIdAndRoot, string destinationPath, Guid scopeIdentifier, FileContainerItem item, DedupStoreClient dedupClient, BlobStoreClientTelemetryTfs clientTelemetry, CancellationToken cancellationToken) { (var domainId, var dedupIdentifier) = GetDomainIdAndDedupIdFromArtifactHash(item.BlobMetadata.ArtifactHash); var downloadRecord = clientTelemetry.CreateRecord((level, uri, type) => new BuildArtifactActionRecord(level, uri, type, nameof(DownloadFileContainerAsync), context)); await clientTelemetry.MeasureActionAsync( record: downloadRecord, actionAsync: async () => { return await AsyncHttpRetryHelper.InvokeAsync( async () => { if (item.BlobMetadata.CompressionType == BlobCompressionType.GZip) { using (var targetFileStream = new FileStream(destinationPath, FileMode.Create)) using (var uncompressStream = new GZipStream(targetFileStream, CompressionMode.Decompress)) { await dedupClient.DownloadToStreamAsync(dedupIdentifier, uncompressStream, null, EdgeCache.Allowed, (size) => { }, (size) => { }, cancellationToken); } } else { await dedupClient.DownloadToFileAsync(dedupIdentifier, destinationPath, null, null, EdgeCache.Allowed, cancellationToken); } return dedupClient.DownloadStatistics; }, maxRetries: 3, tracer: tracer, canRetryDelegate: e => true, context: nameof(DownloadFileFromBlobAsync), cancellationToken: cancellationToken, continueOnCapturedContext: false); }); } private string ResolveTargetPath(string rootPath, FileContainerItem item, string artifactName, bool includeArtifactName) { if (includeArtifactName) { return Path.Combine(rootPath, item.Path); } //Example of item.Path&artifactName: item.Path = "drop3", "drop3/HelloWorld.exe"; artifactName = "drop3" string tempArtifactName; if (item.Path.Length == artifactName.Length) { tempArtifactName = artifactName; } else if (item.Path.Length > artifactName.Length) { tempArtifactName = artifactName + "/"; } else { throw new ArgumentException($"Item path {item.Path} cannot be smaller than artifact {artifactName}"); } var itemPathWithoutDirectoryPrefix = item.Path.Replace(tempArtifactName, String.Empty); var absolutePath = Path.Combine(rootPath, itemPathWithoutDirectoryPrefix); return absolutePath; } // Checks all specified artifact paths, searches for files ending with '.tar'. // If any files were found, extracts them to extractedTarsTempPath and moves to rootPath/extracted_tars. private void ExtractTarsIfPresent(AgentTaskPluginExecutionContext context, IEnumerable fileArtifactPaths, string rootPath, string extractedTarsTempPath, CancellationToken cancellationToken) { tracer.Info(StringUtil.Loc("TarSearchStart")); int tarsFoundCount = 0; foreach (var fileArtifactPath in fileArtifactPaths) { if (fileArtifactPath.EndsWith(".tar")) { tarsFoundCount += 1; // fileArtifactPath is a combination of rootPath and the relative artifact path string relativeFileArtifactPath = fileArtifactPath.Substring(rootPath.Length); string relativeFileArtifactDirPath = Path.GetDirectoryName(relativeFileArtifactPath).TrimStart('/'); string extractedFilesDir = Path.Combine(extractedTarsTempPath, relativeFileArtifactDirPath); ExtractTar(fileArtifactPath, extractedFilesDir); try { IOUtil.DeleteFileWithRetry(fileArtifactPath, cancellationToken).Wait(); } // If file blocked by another process there are two different type exceptions. // If file in use by another process really the UnauthorizedAccessException; // If file in use by AV for scanning or monitoring the IOException appears. catch (Exception ex) { tracer.Warn($"Unable to delete artifact files at {fileArtifactPath}, exception: {ex.GetType()}"); tracer.Verbose(ex.ToString()); throw; } } } if (tarsFoundCount == 0) { context.Warning(StringUtil.Loc("TarsNotFound")); } else { tracer.Info(StringUtil.Loc("TarsFound", tarsFoundCount)); string targetDirectory = Path.Combine(rootPath, "extracted_tars"); Directory.CreateDirectory(targetDirectory); MoveDirectory(extractedTarsTempPath, targetDirectory); } } // Extracts tar archive at tarArchivePath to extractedFilesDir. // Uses 'tar' utility like this: tar xf `tarArchivePath` --directory `extractedFilesDir`. // Throws if any errors are encountered. private void ExtractTar(string tarArchivePath, string extractedFilesDir) { tracer.Info(StringUtil.Loc("TarExtraction", tarArchivePath)); Directory.CreateDirectory(extractedFilesDir); var extractionProcessInfo = new ProcessStartInfo("tar") { UseShellExecute = false, RedirectStandardError = true }; extractionProcessInfo.ArgumentList.Add("xf"); extractionProcessInfo.ArgumentList.Add(tarArchivePath); extractionProcessInfo.ArgumentList.Add("--directory"); extractionProcessInfo.ArgumentList.Add(extractedFilesDir); Process extractionProcess = Process.Start(extractionProcessInfo); extractionProcess.WaitForExit(); var extractionStderr = extractionProcess.StandardError.ReadToEnd(); if (extractionStderr.Length != 0 || extractionProcess.ExitCode != 0) { throw new Exception(StringUtil.Loc("TarExtractionError", tarArchivePath, extractionStderr)); } } // Recursively moves sourcePath directory to targetPath private void MoveDirectory(string sourcePath, string targetPath) { var sourceDirectoryInfo = new DirectoryInfo(sourcePath); foreach (FileInfo file in sourceDirectoryInfo.GetFiles("*", SearchOption.TopDirectoryOnly)) { file.MoveTo(Path.Combine(targetPath, file.Name), true); } foreach (DirectoryInfo subdirectory in sourceDirectoryInfo.GetDirectories("*", SearchOption.TopDirectoryOnly)) { string subdirectoryDestinationPath = Path.Combine(targetPath, subdirectory.Name); var subdirectoryDestination = new DirectoryInfo(subdirectoryDestinationPath); if (subdirectoryDestination.Exists) { MoveDirectory( Path.Combine(sourcePath, subdirectory.Name), Path.Combine(targetPath, subdirectory.Name) ); } else { subdirectory.MoveTo(Path.Combine(targetPath, subdirectory.Name)); } } } } } ================================================ FILE: src/Agent.Plugins/Artifact/FileShareProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using System.Threading.Tasks.Dataflow; using Agent.Plugins.PipelineArtifact.Telemetry; using Agent.Sdk; using Agent.Sdk.Knob; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.VisualStudio.Services.Agent.Blob; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.BlobStore.Common; using Microsoft.VisualStudio.Services.BlobStore.Common.Telemetry; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.Content.Common; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.WebApi; using Minimatch; namespace Agent.Plugins { internal class FileShareProvider : IArtifactProvider { private readonly AgentTaskPluginExecutionContext context; private readonly IAppTraceSource tracer; private const int defaultParallelCount = 1; private readonly VssConnection connection; private readonly IDedupManifestArtifactClientFactory factory; // Default stream buffer size set in the existing file share implementation https://github.com/microsoft/azure-pipelines-agent/blob/ffb3a9b3e2eb5a1f34a0f45d0f2b8639740d37d3/src/Agent.Worker/Release/Artifacts/FileShareArtifact.cs#L154 private const int DefaultStreamBufferSize = 8192; public FileShareProvider(AgentTaskPluginExecutionContext context, VssConnection connection, IAppTraceSource tracer, IDedupManifestArtifactClientFactory factory) { this.factory = factory; this.context = context; this.tracer = tracer; this.connection = connection; } public async Task DownloadSingleArtifactAsync( ArtifactDownloadParameters downloadParameters, BuildArtifact buildArtifact, CancellationToken cancellationToken, AgentTaskPluginExecutionContext context) { await DownloadMultipleArtifactsAsync(downloadParameters, new List { buildArtifact }, cancellationToken, context); } public async Task DownloadMultipleArtifactsAsync( ArtifactDownloadParameters downloadParameters, IEnumerable buildArtifacts, CancellationToken cancellationToken, AgentTaskPluginExecutionContext context) { context.Warning(StringUtil.Loc("DownloadArtifactWarning", "UNC")); var (dedupManifestClient, clientTelemetry) = await this.factory.CreateDedupManifestClientAsync( context.IsSystemDebugTrue(), (str) => context.Output(str), connection, WellKnownDomainIds.DefaultDomainId, Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts.Client.FileShare, context, cancellationToken); using (clientTelemetry) { FileShareActionRecord downloadRecord = clientTelemetry.CreateRecord((level, uri, type) => new FileShareActionRecord(level, uri, type, nameof(DownloadArtifactsAsync), context)); await clientTelemetry.MeasureActionAsync( record: downloadRecord, actionAsync: async () => { return await DownloadArtifactsAsync(downloadParameters, buildArtifacts, cancellationToken); } ); // Send results to CustomerIntelligence context.PublishTelemetry(area: PipelineArtifactConstants.AzurePipelinesAgent, feature: PipelineArtifactConstants.PipelineArtifact, record: downloadRecord); } } private async Task DownloadArtifactsAsync(ArtifactDownloadParameters downloadParameters, IEnumerable buildArtifacts, CancellationToken cancellationToken) { var records = new List(); long totalContentSize = 0; int totalFileCount = 0; foreach (var buildArtifact in buildArtifacts) { var downloadRootPath = Path.Combine(buildArtifact.Resource.Data, buildArtifact.Name); var minimatchPatterns = downloadParameters.MinimatchFilters.Select(pattern => Path.Combine(buildArtifact.Resource.Data, pattern)); var customMinimatchOptions = downloadParameters.CustomMinimatchOptions; var record = await this.DownloadFileShareArtifactAsync(downloadRootPath, Path.Combine(downloadParameters.TargetDirectory, buildArtifact.Name), defaultParallelCount, downloadParameters, cancellationToken, minimatchPatterns); totalContentSize += record.ContentSize; totalFileCount += record.FileCount; records.Add(record); } return new FileShareDownloadResult(records, totalFileCount, totalContentSize); } public async Task PublishArtifactAsync( string sourcePath, string destPath, int parallelCount, CancellationToken cancellationToken) { var (dedupManifestClient, clientTelemetry) = await this.factory.CreateDedupManifestClientAsync( context.IsSystemDebugTrue(), (str) => context.Output(str), connection, WellKnownDomainIds.DefaultDomainId, Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts.Client.FileShare, context, cancellationToken); using (clientTelemetry) { FileShareActionRecord publishRecord = clientTelemetry.CreateRecord((level, uri, type) => new FileShareActionRecord(level, uri, type, nameof(PublishArtifactAsync), context)); await clientTelemetry.MeasureActionAsync( record: publishRecord, actionAsync: async () => { return await PublishArtifactUsingRobocopyAsync(this.context, sourcePath, destPath, parallelCount, cancellationToken); } ); // Send results to CustomerIntelligence context.PublishTelemetry(area: PipelineArtifactConstants.AzurePipelinesAgent, feature: PipelineArtifactConstants.PipelineArtifact, record: publishRecord); } } private async Task PublishArtifactUsingRobocopyAsync( AgentTaskPluginExecutionContext executionContext, string dropLocation, string downloadFolderPath, int parallelCount, CancellationToken cancellationToken) { executionContext.Output(StringUtil.Loc("PublishingArtifactUsingRobocopy")); using (var processInvoker = new ProcessInvoker(this.context)) { // Save STDOUT from worker, worker will use STDOUT report unhandle exception. processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stdout) { if (!string.IsNullOrEmpty(stdout.Data)) { executionContext.Output(stdout.Data); } }; // Save STDERR from worker, worker will use STDERR on crash. processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stderr) { if (!string.IsNullOrEmpty(stderr.Data)) { executionContext.Error(stderr.Data); } }; var trimChars = new[] { '\\', '/' }; dropLocation = Path.Combine(dropLocation.TrimEnd(trimChars)); downloadFolderPath = downloadFolderPath.TrimEnd(trimChars); string robocopyArguments = "\"" + dropLocation + "\" \"" + downloadFolderPath + "\" * /E /COPY:DA /NP /R:3"; robocopyArguments += " /MT:" + parallelCount; int exitCode = await processInvoker.ExecuteAsync( workingDirectory: "", fileName: "robocopy", arguments: robocopyArguments, environment: null, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: true, cancellationToken: cancellationToken); executionContext.Output(StringUtil.Loc("RobocopyBasedPublishArtifactTaskExitCode", exitCode)); // Exit code returned from robocopy. For more info https://blogs.technet.microsoft.com/deploymentguys/2008/06/16/robocopy-exit-codes/ if (exitCode >= 8) { throw new Exception(StringUtil.Loc("RobocopyBasedPublishArtifactTaskFailed", exitCode)); } return new FileSharePublishResult(exitCode); } } private async Task DownloadFileShareArtifactAsync( string sourcePath, string destPath, int parallelCount, ArtifactDownloadParameters downloadParameters, CancellationToken cancellationToken, IEnumerable minimatchPatterns = null) { Stopwatch watch = Stopwatch.StartNew(); IEnumerable> minimatchFuncs = MinimatchHelper.GetMinimatchFuncs(minimatchPatterns, this.tracer); var trimChars = new[] { '\\', '/' }; sourcePath = sourcePath.TrimEnd(trimChars); var artifactName = new DirectoryInfo(sourcePath).Name; List files = new DirectoryInfo(sourcePath).EnumerateFiles("*", SearchOption.AllDirectories).ToList(); ArtifactItemFilters filters = new ArtifactItemFilters(connection, tracer); // Getting list of file paths. It is useful to handle list of paths instead of files. // Also it allows to use the same methods for FileContainerProvider and FileShareProvider. List paths = new List(); foreach (FileInfo file in files) { string pathInArtifact = filters.RemoveSourceDirFromPath(file, sourcePath); paths.Add(Path.Combine(artifactName, pathInArtifact)); } Options customMinimatchOptions; if (downloadParameters.CustomMinimatchOptions != null) { customMinimatchOptions = downloadParameters.CustomMinimatchOptions; } else { customMinimatchOptions = new Options() { Dot = true, NoBrace = true, AllowWindowsPaths = PlatformUtil.RunningOnWindows }; } Hashtable map = filters.GetMapToFilterItems(paths, downloadParameters.MinimatchFilters, customMinimatchOptions); // Returns filtered list of artifact items. Uses minimatch filters specified in downloadParameters. IEnumerable filteredFiles = filters.ApplyPatternsMapToFileShareItems(files, map, sourcePath); tracer.Info($"{filteredFiles.ToList().Count} final results"); IEnumerable excludedItems = files.Except(filteredFiles); foreach (FileInfo item in excludedItems) { tracer.Info($"File excluded: {item.FullName}"); } var parallelism = new ExecutionDataflowBlockOptions() { MaxDegreeOfParallelism = parallelCount, BoundedCapacity = 2 * parallelCount, CancellationToken = cancellationToken }; var contentSize = 0; var fileCount = 0; var actionBlock = NonSwallowingActionBlock.Create( action: async file => { if (minimatchFuncs == null || minimatchFuncs.Any(match => match(file.FullName))) { string tempPath = Path.Combine(destPath, Path.GetRelativePath(sourcePath, file.FullName)); context.Output(StringUtil.Loc("CopyFileToDestination", file, tempPath)); FileInfo tempFile = new System.IO.FileInfo(tempPath); using (StreamReader fileReader = GetFileReader(file.FullName)) { await WriteStreamToFile( fileReader.BaseStream, tempFile.FullName, DefaultStreamBufferSize, cancellationToken); } Interlocked.Add(ref contentSize, tempPath.Length); Interlocked.Increment(ref fileCount); } }, dataflowBlockOptions: parallelism); await actionBlock.SendAllAndCompleteAsync(filteredFiles, actionBlock, cancellationToken); watch.Stop(); return new ArtifactRecord(artifactName, fileCount, contentSize, watch.ElapsedMilliseconds); } private async Task WriteStreamToFile(Stream stream, string filePath, int bufferSize, CancellationToken cancellationToken) { ArgUtil.NotNull(stream, nameof(stream)); ArgUtil.NotNullOrEmpty(filePath, nameof(filePath)); EnsureDirectoryExists(Path.GetDirectoryName(filePath)); using (var targetStream = new FileStream(filePath, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize, useAsync: true)) { await stream.CopyToAsync(targetStream, bufferSize, cancellationToken); } } private StreamReader GetFileReader(string filePath) { string path = Path.Combine(ValidatePath(filePath)); if (!File.Exists(path)) { throw new FileNotFoundException(StringUtil.Loc("FileNotFound", path)); } return new StreamReader(new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.Read, DefaultStreamBufferSize, true)); } private void EnsureDirectoryExists(string directoryPath) { string path = ValidatePath(directoryPath); if (!Directory.Exists(path)) { Directory.CreateDirectory(path); } } private string ValidatePath(string path) { ArgUtil.NotNullOrEmpty(path, nameof(path)); return Path.GetFullPath(path); } } } ================================================ FILE: src/Agent.Plugins/Artifact/IArtifactProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.TeamFoundation.Build.WebApi; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; namespace Agent.Plugins { [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1068: CancellationToken parameters must come last")] internal interface IArtifactProvider { Task DownloadSingleArtifactAsync( ArtifactDownloadParameters downloadParameters, BuildArtifact buildArtifact, CancellationToken cancellationToken, AgentTaskPluginExecutionContext context); Task DownloadMultipleArtifactsAsync( ArtifactDownloadParameters downloadParameters, IEnumerable buildArtifacts, CancellationToken cancellationToken, AgentTaskPluginExecutionContext context); } } ================================================ FILE: src/Agent.Plugins/Artifact/PipelineArtifactConstants.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Plugins { // Use PipelineArtifactContants.cs from ADO, once the latest libs are available. public class PipelineArtifactConstants { public const string AzurePipelinesAgent = "AzurePipelinesAgent"; public const string ArtifactSize = "artifactsize"; public const string BuildArtifactDownload = "BuildArtifactDownload"; public const string Container = "Container"; public const string PipelineArtifact = "PipelineArtifact"; public const string PipelineCache = "PipelineCache"; public const string ProofNodes = "ProofNodes"; public const string RestoreCache = "RestoreCache"; public const string RootId = "RootId"; public const string SaveCache = "SaveCache"; public const string FileShareArtifact = "filepath"; public const string CustomPropertiesPrefix = "user-"; public const string HashType = "HashType"; public const string DomainId = "DomainId"; } } ================================================ FILE: src/Agent.Plugins/Artifact/PipelineArtifactProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using System.Threading; using Agent.Sdk; using Agent.Plugins.PipelineArtifact.Telemetry; using Microsoft.TeamFoundation.Build.WebApi; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.VisualStudio.Services.Agent.Blob; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Content.Common; using Microsoft.VisualStudio.Services.BlobStore.Common; using Microsoft.VisualStudio.Services.BlobStore.Common.Telemetry; namespace Agent.Plugins { internal class PipelineArtifactProvider : IArtifactProvider { private readonly IAppTraceSource tracer; private readonly AgentTaskPluginExecutionContext context; private readonly VssConnection connection; public PipelineArtifactProvider(AgentTaskPluginExecutionContext context, VssConnection connection, IAppTraceSource tracer) { this.tracer = tracer; this.context = context; this.connection = connection; } public async Task DownloadSingleArtifactAsync( ArtifactDownloadParameters downloadParameters, BuildArtifact buildArtifact, CancellationToken cancellationToken, AgentTaskPluginExecutionContext context) { // if properties doesn't have it, use the default domain for backward compatibility IDomainId domainId = WellKnownDomainIds.DefaultDomainId; if(buildArtifact.Resource.Properties.TryGetValue(PipelineArtifactConstants.DomainId, out string domainIdString)) { domainId = DomainIdFactory.Create(domainIdString); } var (dedupManifestClient, clientTelemetry) = await DedupManifestArtifactClientFactory.Instance.CreateDedupManifestClientAsync( this.context.IsSystemDebugTrue(), (str) => this.context.Output(str), this.connection, domainId, Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts.Client.PipelineArtifact, context, cancellationToken); using (clientTelemetry) { var manifestId = DedupIdentifier.Create(buildArtifact.Resource.Data); var options = DownloadDedupManifestArtifactOptions.CreateWithManifestId( manifestId, downloadParameters.TargetDirectory, proxyUri: null, minimatchPatterns: downloadParameters.MinimatchFilters, customMinimatchOptions: downloadParameters.CustomMinimatchOptions); PipelineArtifactActionRecord downloadRecord = clientTelemetry.CreateRecord((level, uri, type) => new PipelineArtifactActionRecord(level, uri, type, nameof(DownloadMultipleArtifactsAsync), this.context)); await clientTelemetry.MeasureActionAsync( record: downloadRecord, actionAsync: async () => { await AsyncHttpRetryHelper.InvokeVoidAsync( async () => { await dedupManifestClient.DownloadAsync(options, cancellationToken); }, maxRetries: 3, tracer: tracer, canRetryDelegate: e => true, context: nameof(DownloadSingleArtifactAsync), cancellationToken: cancellationToken, continueOnCapturedContext: false); }); // Send results to CustomerIntelligence this.context.PublishTelemetry(area: PipelineArtifactConstants.AzurePipelinesAgent, feature: PipelineArtifactConstants.PipelineArtifact, record: downloadRecord); } } public async Task DownloadMultipleArtifactsAsync( ArtifactDownloadParameters downloadParameters, IEnumerable buildArtifacts, CancellationToken cancellationToken, AgentTaskPluginExecutionContext context) { // create clients and group artifacts for each domain: Dictionary ArtifactDictionary)> dedupManifestClients = new(); foreach(var buildArtifact in buildArtifacts) { // if properties doesn't have it, use the default domain for backward compatibility IDomainId domainId = WellKnownDomainIds.DefaultDomainId; if(buildArtifact.Resource.Properties.TryGetValue(PipelineArtifactConstants.DomainId, out string domainIdString)) { domainId = DomainIdFactory.Create(domainIdString); } // Have we already created the clients for this domain? if(dedupManifestClients.ContainsKey(domainId)) { // Clients already created for this domain, Just add the artifact to the list: dedupManifestClients[domainId].ArtifactDictionary.Add(buildArtifact.Name, DedupIdentifier.Create(buildArtifact.Resource.Data)); } else { // create the clients: var (dedupManifestClient, clientTelemetry) = await DedupManifestArtifactClientFactory.Instance.CreateDedupManifestClientAsync( this.context.IsSystemDebugTrue(), (str) => this.context.Output(str), this.connection, domainId, Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts.Client.PipelineArtifact, context, cancellationToken); // and create the artifact dictionary with the current artifact var artifactDictionary = new Dictionary { { buildArtifact.Name, DedupIdentifier.Create(buildArtifact.Resource.Data) } }; dedupManifestClients.Add(domainId, (dedupManifestClient, clientTelemetry, artifactDictionary)); } } foreach(var clientInfo in dedupManifestClients.Values) { using (clientInfo.Telemetry) { // 2) download to the target path var options = DownloadDedupManifestArtifactOptions.CreateWithMultiManifestIds( clientInfo.ArtifactDictionary, downloadParameters.TargetDirectory, proxyUri: null, minimatchPatterns: downloadParameters.MinimatchFilters, minimatchFilterWithArtifactName: downloadParameters.MinimatchFilterWithArtifactName, customMinimatchOptions: downloadParameters.CustomMinimatchOptions); PipelineArtifactActionRecord downloadRecord = clientInfo.Telemetry.CreateRecord((level, uri, type) => new PipelineArtifactActionRecord(level, uri, type, nameof(DownloadMultipleArtifactsAsync), this.context)); await clientInfo.Telemetry.MeasureActionAsync( record: downloadRecord, actionAsync: async () => { await AsyncHttpRetryHelper.InvokeVoidAsync( async () => { await clientInfo.Client.DownloadAsync(options, cancellationToken); }, maxRetries: 3, tracer: tracer, canRetryDelegate: e => true, context: nameof(DownloadMultipleArtifactsAsync), cancellationToken: cancellationToken, continueOnCapturedContext: false); }); // Send results to CustomerIntelligence this.context.PublishTelemetry(area: PipelineArtifactConstants.AzurePipelinesAgent, feature: PipelineArtifactConstants.PipelineArtifact, record: downloadRecord); } } } } } ================================================ FILE: src/Agent.Plugins/Artifact/PipelineArtifactServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Blob; using Agent.Plugins.PipelineArtifact.Telemetry; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.VisualStudio.Services.Content.Common; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.BlobStore.Common; using Agent.Sdk.Knob; namespace Agent.Plugins { // A wrapper of DedupManifestArtifactClient, providing basic functionalities such as uploading and downloading pipeline artifacts. public class PipelineArtifactServer { private readonly IAppTraceSource tracer; public PipelineArtifactServer(IAppTraceSource tracer) { this.tracer = tracer; } // Upload from target path to Azure DevOps BlobStore service through DedupManifestArtifactClient, then associate it with the build internal async Task UploadAsync( AgentTaskPluginExecutionContext context, Guid projectId, int pipelineId, string name, string source, IDictionary properties, CancellationToken cancellationToken) { // Get the client settings, if any. var tracer = DedupManifestArtifactClientFactory.CreateArtifactsTracer(verbose: false, (str) => context.Output(str)); VssConnection connection = context.VssConnection; var clientSettings = await BlobstoreClientSettings.GetClientSettingsAsync( connection, Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts.Client.PipelineArtifact, tracer, cancellationToken); // Check if the pipeline has an override domain set, if not, use the default domain from the client settings. string overrideDomain = AgentKnobs.SendPipelineArtifactsToBlobstoreDomain.GetValue(context).AsString(); IDomainId domainId = String.IsNullOrWhiteSpace(overrideDomain) ? clientSettings.GetDefaultDomainId() : DomainIdFactory.Create(overrideDomain); var (dedupManifestClient, clientTelemetry) = DedupManifestArtifactClientFactory.Instance .CreateDedupManifestClient( context.IsSystemDebugTrue(), (str) => context.Output(str), connection, domainId, clientSettings, context, cancellationToken); using (clientTelemetry) { //Upload the pipeline artifact. PipelineArtifactActionRecord uploadRecord = clientTelemetry.CreateRecord((level, uri, type) => new PipelineArtifactActionRecord(level, uri, type, nameof(UploadAsync), context)); PublishResult result = await clientTelemetry.MeasureActionAsync( record: uploadRecord, actionAsync: async () => await AsyncHttpRetryHelper.InvokeAsync( async () => { return await dedupManifestClient.PublishAsync(source, cancellationToken); }, maxRetries: 3, tracer: tracer, canRetryDelegate: e => true, // this isn't great, but failing on upload stinks, so just try a couple of times cancellationToken: cancellationToken, continueOnCapturedContext: false) ); // Send results to CustomerIntelligence context.PublishTelemetry(area: PipelineArtifactConstants.AzurePipelinesAgent, feature: PipelineArtifactConstants.PipelineArtifact, record: uploadRecord); // 2) associate the pipeline artifact with an build artifact BuildServer buildServer = new BuildServer(connection); var propertiesDictionary = new Dictionary(properties ?? new Dictionary()) { { PipelineArtifactConstants.RootId, result.RootId.ValueString }, { PipelineArtifactConstants.ProofNodes, StringUtil.ConvertToJson(result.ProofNodes.ToArray()) }, { PipelineArtifactConstants.ArtifactSize, result.ContentSize.ToString() }, { PipelineArtifactConstants.HashType, dedupManifestClient.HashType.Serialize() }, { PipelineArtifactConstants.DomainId, domainId.Serialize() } }; BuildArtifact buildArtifact = await AsyncHttpRetryHelper.InvokeAsync( async () => { return await buildServer.AssociateArtifactAsync(projectId, pipelineId, name, context.Variables.GetValueOrDefault(WellKnownDistributedTaskVariables.JobId)?.Value ?? string.Empty, ArtifactResourceTypes.PipelineArtifact, result.ManifestId.ValueString, propertiesDictionary, cancellationToken); }, maxRetries: 3, tracer: tracer, canRetryDelegate: e => e is TimeoutException || e.InnerException is TimeoutException, cancellationToken: cancellationToken, continueOnCapturedContext: false); context.Output(StringUtil.Loc("AssociateArtifactWithBuild", buildArtifact.Id, pipelineId)); } } // Download pipeline artifact from Azure DevOps BlobStore service through DedupManifestArtifactClient to a target path // Old V0 function internal Task DownloadAsync( AgentTaskPluginExecutionContext context, Guid projectId, int pipelineId, string artifactName, string targetDir, CancellationToken cancellationToken) { var downloadParameters = new ArtifactDownloadParameters { ProjectRetrievalOptions = BuildArtifactRetrievalOptions.RetrieveByProjectId, ProjectId = projectId, PipelineId = pipelineId, ArtifactName = artifactName, TargetDirectory = targetDir }; return this.DownloadAsync(context, downloadParameters, DownloadOptions.SingleDownload, cancellationToken); } // Download with minimatch patterns, V1. internal async Task DownloadAsync( AgentTaskPluginExecutionContext context, ArtifactDownloadParameters downloadParameters, DownloadOptions downloadOptions, CancellationToken cancellationToken) { VssConnection connection = context.VssConnection; PipelineArtifactProvider provider = new PipelineArtifactProvider(context, connection, tracer); BuildServer buildServer = new(connection); // download all pipeline artifacts if artifact name is missing if (downloadOptions == DownloadOptions.MultiDownload) { List artifacts; if (downloadParameters.ProjectRetrievalOptions == BuildArtifactRetrievalOptions.RetrieveByProjectId) { artifacts = await buildServer.GetArtifactsAsync(downloadParameters.ProjectId, downloadParameters.PipelineId, cancellationToken); } else if (downloadParameters.ProjectRetrievalOptions == BuildArtifactRetrievalOptions.RetrieveByProjectName) { if (string.IsNullOrEmpty(downloadParameters.ProjectName)) { throw new InvalidOperationException("Project name can't be empty when trying to fetch build artifacts!"); } else { artifacts = await buildServer.GetArtifactsWithProjectNameAsync(downloadParameters.ProjectName, downloadParameters.PipelineId, cancellationToken); } } else { throw new InvalidOperationException($"Invalid {nameof(downloadParameters.ProjectRetrievalOptions)}!"); } IEnumerable pipelineArtifacts = artifacts.Where(a => string.Equals(a.Resource.Type, PipelineArtifactConstants.PipelineArtifact, StringComparison.OrdinalIgnoreCase)); if (!pipelineArtifacts.Any()) { throw new ArgumentException("Could not find any pipeline artifacts in the build."); } else { context.Output(StringUtil.Loc("DownloadingMultiplePipelineArtifacts", pipelineArtifacts.Count())); await provider.DownloadMultipleArtifactsAsync(downloadParameters, pipelineArtifacts, cancellationToken, context); } } else if (downloadOptions == DownloadOptions.SingleDownload) { // 1) get manifest id from artifact data BuildArtifact buildArtifact; if (downloadParameters.ProjectRetrievalOptions == BuildArtifactRetrievalOptions.RetrieveByProjectId) { buildArtifact = await buildServer.GetArtifact(downloadParameters.ProjectId, downloadParameters.PipelineId, downloadParameters.ArtifactName, cancellationToken); } else if (downloadParameters.ProjectRetrievalOptions == BuildArtifactRetrievalOptions.RetrieveByProjectName) { if (string.IsNullOrEmpty(downloadParameters.ProjectName)) { throw new InvalidOperationException("Project name can't be empty when trying to fetch build artifacts!"); } else { buildArtifact = await buildServer.GetArtifactWithProjectNameAsync(downloadParameters.ProjectName, downloadParameters.PipelineId, downloadParameters.ArtifactName, cancellationToken); } } else { throw new InvalidOperationException($"Invalid {nameof(downloadParameters.ProjectRetrievalOptions)}!"); } await provider.DownloadSingleArtifactAsync(downloadParameters, buildArtifact, cancellationToken, context); } else { throw new InvalidOperationException($"Invalid {nameof(downloadOptions)}!"); } context.SetVariable("DownloadPipelineArtifactResourceTypes", PipelineArtifactConstants.PipelineArtifact); } // Download for version 2. This decision was made because version 1 is sealed and we didn't want to break any existing customers. internal async Task DownloadAsyncV2( AgentTaskPluginExecutionContext context, ArtifactDownloadParameters downloadParameters, DownloadOptions downloadOptions, CancellationToken cancellationToken) { VssConnection connection = context.VssConnection; BuildServer buildServer = new BuildServer(connection); HashSet resourceTypes = new HashSet(); // download all pipeline artifacts if artifact name is missing if (downloadOptions == DownloadOptions.MultiDownload) { List artifacts; if (downloadParameters.ProjectRetrievalOptions == BuildArtifactRetrievalOptions.RetrieveByProjectId) { artifacts = await buildServer.GetArtifactsAsync(downloadParameters.ProjectId, downloadParameters.PipelineId, cancellationToken); } else if (downloadParameters.ProjectRetrievalOptions == BuildArtifactRetrievalOptions.RetrieveByProjectName) { if (string.IsNullOrEmpty(downloadParameters.ProjectName)) { throw new InvalidOperationException("Project name can't be empty when trying to fetch build artifacts!"); } else { artifacts = await buildServer.GetArtifactsWithProjectNameAsync(downloadParameters.ProjectName, downloadParameters.PipelineId, cancellationToken); } } else { throw new InvalidOperationException($"Invalid {nameof(downloadParameters.ProjectRetrievalOptions)}!"); } IEnumerable buildArtifacts = artifacts.Where(a => string.Equals(a.Resource.Type, PipelineArtifactConstants.Container, StringComparison.OrdinalIgnoreCase)); IEnumerable pipelineArtifacts = artifacts.Where(a => string.Equals(a.Resource.Type, PipelineArtifactConstants.PipelineArtifact, StringComparison.OrdinalIgnoreCase)); IEnumerable fileShareArtifacts = artifacts.Where(a => string.Equals(a.Resource.Type, PipelineArtifactConstants.FileShareArtifact, StringComparison.OrdinalIgnoreCase)); if (buildArtifacts.Any()) { resourceTypes.Add(PipelineArtifactConstants.Container); FileContainerProvider provider = new FileContainerProvider(connection, this.tracer); await provider.DownloadMultipleArtifactsAsync(downloadParameters, buildArtifacts, cancellationToken, context); } if (pipelineArtifacts.Any()) { resourceTypes.Add(PipelineArtifactConstants.PipelineArtifact); PipelineArtifactProvider provider = new PipelineArtifactProvider(context, connection, this.tracer); await provider.DownloadMultipleArtifactsAsync(downloadParameters, pipelineArtifacts, cancellationToken, context); } if (fileShareArtifacts.Any()) { resourceTypes.Add(PipelineArtifactConstants.FileShareArtifact); FileShareProvider provider = new FileShareProvider(context, connection, this.tracer, DedupManifestArtifactClientFactory.Instance); await provider.DownloadMultipleArtifactsAsync(downloadParameters, fileShareArtifacts, cancellationToken, context); } } else if (downloadOptions == DownloadOptions.SingleDownload) { // 1) get manifest id from artifact data BuildArtifact buildArtifact; if (downloadParameters.ProjectRetrievalOptions == BuildArtifactRetrievalOptions.RetrieveByProjectId) { buildArtifact = await buildServer.GetArtifact(downloadParameters.ProjectId, downloadParameters.PipelineId, downloadParameters.ArtifactName, cancellationToken); } else if (downloadParameters.ProjectRetrievalOptions == BuildArtifactRetrievalOptions.RetrieveByProjectName) { if (string.IsNullOrEmpty(downloadParameters.ProjectName)) { throw new InvalidOperationException("Project name can't be empty when trying to fetch build artifacts!"); } else { buildArtifact = await buildServer.GetArtifactWithProjectNameAsync(downloadParameters.ProjectName, downloadParameters.PipelineId, downloadParameters.ArtifactName, cancellationToken); } } else { throw new InvalidOperationException($"Invalid {nameof(downloadParameters.ProjectRetrievalOptions)}!"); } ArtifactProviderFactory factory = new ArtifactProviderFactory(context, connection, this.tracer); IArtifactProvider provider = factory.GetProvider(buildArtifact); resourceTypes.Add(buildArtifact.Resource.Type); await provider.DownloadSingleArtifactAsync(downloadParameters, buildArtifact, cancellationToken, context); } else { throw new InvalidOperationException($"Invalid {nameof(downloadOptions)}!"); } // Create a variable to store the resource types of the downloaded artifacts context.SetVariable("DownloadPipelineArtifactResourceTypes", string.Join(",", resourceTypes)); } } internal enum DownloadOptions { SingleDownload, MultiDownload } } ================================================ FILE: src/Agent.Plugins/ArtifactsTracer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.Agent.Util; using Agent.Sdk; using System.Text.RegularExpressions; using Microsoft.VisualStudio.Services.Content.Common.Tracing; namespace Agent.Plugins { public static class ArtifactsTracer { public static IAppTraceSource CreateArtifactsTracer(this AgentTaskPluginExecutionContext context) { ArgUtil.NotNull(context, nameof(context)); bool verbose = context.IsSystemDebugTrue(); return new CallbackAppTraceSource( (str, level) => { if (level == System.Diagnostics.SourceLevels.Warning) { context.Warning(str); } else { context.Output(str); } }, verbose ? System.Diagnostics.SourceLevels.Verbose : System.Diagnostics.SourceLevels.Information); } } } ================================================ FILE: src/Agent.Plugins/BuildArtifact/BuildArtifactPluginConstants.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Agent.Plugins.BuildArtifacts { public class BuildArtifactPluginConstants { public static readonly Guid DownloadBuildArtifactTaskId = new Guid("a433f589-fce1-4460-9ee6-44a624aeb1fb"); } } ================================================ FILE: src/Agent.Plugins/BuildArtifact/BuildArtifactPluginV1.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Knob; using Agent.Plugins; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.Core.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Minimatch; namespace Agent.Plugins.BuildArtifacts { public abstract class BuildArtifactTaskPluginBaseV1 : IAgentTaskPlugin { public abstract Guid Id { get; } protected IAppTraceSource tracer; public string Stage => "main"; public Task RunAsync(AgentTaskPluginExecutionContext context, CancellationToken token) { this.tracer = context.CreateArtifactsTracer(); return this.ProcessCommandInternalAsync(context, token); } protected abstract Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, CancellationToken token); // Properties set by tasks protected static class TaskProperties { public static readonly string BuildType = "buildType"; public static readonly string Project = "project"; public static readonly string Definition = "definition"; public static readonly string SpecificBuildWithTriggering = "specificBuildWithTriggering"; public static readonly string BuildVersionToDownload = "buildVersionToDownload"; public static readonly string BranchName = "branchName"; public static readonly string Tags = "tags"; public static readonly string AllowPartiallySucceededBuilds = "allowPartiallySucceededBuilds"; public static readonly string AllowFailedBuilds = "allowFailedBuilds"; public static readonly string AllowCanceledBuilds = "allowCanceledBuilds"; public static readonly string ArtifactName = "artifactName"; public static readonly string ItemPattern = "itemPattern"; public static readonly string DownloadType = "downloadType"; public static readonly string DownloadPath = "downloadPath"; public static readonly string CleanDestinationFolder = "cleanDestinationFolder"; public static readonly string BuildId = "buildId"; public static readonly string RetryDownloadCount = "retryDownloadCount"; public static readonly string ParallelizationLimit = "parallelizationLimit"; public static readonly string CheckDownloadedFiles = "checkDownloadedFiles"; public static readonly string ExtractTars = "extractTars"; } } // Can be invoked from a build run or a release run should a build be set as the artifact. public class DownloadBuildArtifactTaskV1_0_0 : BuildArtifactTaskPluginBaseV1 { // Same as https://github.com/Microsoft/vsts-tasks/blob/master/Tasks/DownloadBuildArtifactV1/task.json public override Guid Id => BuildArtifactPluginConstants.DownloadBuildArtifactTaskId; static readonly string buildTypeCurrent = "current"; static readonly string buildTypeSpecific = "specific"; static readonly string buildVersionToDownloadLatest = "latest"; static readonly string buildVersionToDownloadSpecific = "specific"; static readonly string buildVersionToDownloadLatestFromBranch = "latestFromBranch"; static readonly string extractedTarsTempDir = "extracted_tars"; static readonly Options minimatchOptions = new Options() { Dot = true, NoBrace = true, AllowWindowsPaths = PlatformUtil.RunningOnWindows }; protected override async Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, CancellationToken token) { ArgUtil.NotNull(context, nameof(context)); string artifactName = context.GetInput(TaskProperties.ArtifactName, required: false); string branchName = context.GetInput(TaskProperties.BranchName, required: false); string definition = context.GetInput(TaskProperties.Definition, required: false); string buildType = context.GetInput(TaskProperties.BuildType, required: true); string specificBuildWithTriggering = context.GetInput(TaskProperties.SpecificBuildWithTriggering, required: false); string buildVersionToDownload = context.GetInput(TaskProperties.BuildVersionToDownload, required: false); string targetPath = context.GetInput(TaskProperties.DownloadPath, required: true); string cleanDestinationFolder = context.GetInput(TaskProperties.CleanDestinationFolder, required: false); string environmentBuildId = context.Variables.GetValueOrDefault(BuildVariables.BuildId)?.Value ?? string.Empty; // BuildID provided by environment. string itemPattern = context.GetInput(TaskProperties.ItemPattern, required: false); string projectName = context.GetInput(TaskProperties.Project, required: false); string tags = context.GetInput(TaskProperties.Tags, required: false); string allowPartiallySucceededBuilds = context.GetInput(TaskProperties.AllowPartiallySucceededBuilds, required: false); string allowFailedBuilds = context.GetInput(TaskProperties.AllowFailedBuilds, required: false); string allowCanceledBuilds = context.GetInput(TaskProperties.AllowCanceledBuilds, required: false); string userSpecifiedBuildId = context.GetInput(TaskProperties.BuildId, required: false); string defaultWorkingDirectory = context.Variables.GetValueOrDefault("system.defaultworkingdirectory").Value; string downloadType = context.GetInput(TaskProperties.DownloadType, required: true); // advanced string retryDownloadCount = context.GetInput(TaskProperties.RetryDownloadCount, required: false); string parallelizationLimit = context.GetInput(TaskProperties.ParallelizationLimit, required: false); string checkDownloadedFiles = context.GetInput(TaskProperties.CheckDownloadedFiles, required: false); string extractTars = context.GetInput(TaskProperties.ExtractTars, required: false); string extractedTarsTempPath = Path.Combine(context.Variables.GetValueOrDefault("Agent.TempDirectory")?.Value, extractedTarsTempDir); targetPath = Path.IsPathFullyQualified(targetPath) ? targetPath : Path.GetFullPath(Path.Combine(defaultWorkingDirectory, targetPath)); // Empty input field "Matching pattern" must be recognised as default value '**' itemPattern = string.IsNullOrEmpty(itemPattern) ? "**" : itemPattern; string[] minimatchPatterns = itemPattern.Split( new[] { "\n" }, StringSplitOptions.RemoveEmptyEntries ); string[] tagsInput = tags.Split( new[] { "," }, StringSplitOptions.None ); if (!bool.TryParse(allowPartiallySucceededBuilds, out var allowPartiallySucceededBuildsBool)) { allowPartiallySucceededBuildsBool = false; } if (!bool.TryParse(allowFailedBuilds, out var allowFailedBuildsBool)) { allowFailedBuildsBool = false; } if (!bool.TryParse(allowCanceledBuilds, out var allowCanceledBuildsBool)) { allowCanceledBuildsBool = false; } if (!bool.TryParse(cleanDestinationFolder, out var cleanDestinationFolderBool)) { cleanDestinationFolderBool = false; } var resultFilter = GetResultFilter(allowPartiallySucceededBuildsBool, allowFailedBuildsBool, allowCanceledBuildsBool); if (!bool.TryParse(extractTars, out var extractTarsBool)) { extractTarsBool = false; } if (extractTarsBool && PlatformUtil.RunningOnWindows) { throw new ArgumentException(StringUtil.Loc("TarExtractionNotSupportedInWindows")); } PipelineArtifactServer server = new PipelineArtifactServer(tracer); ArtifactDownloadParameters downloadParameters; if (buildType == buildTypeCurrent) { // TODO: use a constant for project id, which is currently defined in Microsoft.VisualStudio.Services.Agent.Constants.Variables.System.TeamProjectId (Ting) string projectIdStr = context.Variables.GetValueOrDefault("system.teamProjectId")?.Value; if (String.IsNullOrEmpty(projectIdStr)) { throw new ArgumentNullException(StringUtil.Loc("CannotBeNullOrEmpty"), "Project ID"); } Guid projectId = Guid.Parse(projectIdStr); ArgUtil.NotEmpty(projectId, nameof(projectId)); int pipelineId = 0; if (int.TryParse(environmentBuildId, out pipelineId) && pipelineId != 0) { OutputBuildInfo(context, pipelineId); } else { string hostType = context.Variables.GetValueOrDefault("system.hosttype")?.Value; if (string.Equals(hostType, "Release", StringComparison.OrdinalIgnoreCase) || string.Equals(hostType, "DeploymentGroup", StringComparison.OrdinalIgnoreCase)) { throw new InvalidOperationException(StringUtil.Loc("BuildIdIsNotAvailable", hostType ?? string.Empty, hostType ?? string.Empty)); } else if (!string.Equals(hostType, "Build", StringComparison.OrdinalIgnoreCase)) { throw new InvalidOperationException(StringUtil.Loc("CannotDownloadFromCurrentEnvironment", hostType ?? string.Empty)); } else { // This should not happen since the build id comes from build environment. But a user may override that so we must be careful. throw new ArgumentException(StringUtil.Loc("BuildIdIsNotValid", environmentBuildId)); } } downloadParameters = new ArtifactDownloadParameters { ProjectRetrievalOptions = BuildArtifactRetrievalOptions.RetrieveByProjectId, ProjectId = projectId, PipelineId = pipelineId, ArtifactName = artifactName, TargetDirectory = targetPath, MinimatchFilters = minimatchPatterns, MinimatchFilterWithArtifactName = true, ParallelizationLimit = int.TryParse(parallelizationLimit, out var parallelLimit) ? parallelLimit : 8, RetryDownloadCount = int.TryParse(retryDownloadCount, out var retryCount) ? retryCount : 4, CheckDownloadedFiles = bool.TryParse(checkDownloadedFiles, out var checkDownloads) && checkDownloads, CustomMinimatchOptions = minimatchOptions, ExtractTars = extractTarsBool, ExtractedTarsTempPath = extractedTarsTempPath }; } else if (buildType == buildTypeSpecific) { if (String.IsNullOrEmpty(projectName)) { throw new ArgumentNullException(StringUtil.Loc("CannotBeNullOrEmpty"), "Project Name"); } Guid projectId; bool isProjGuid = Guid.TryParse(projectName, out projectId); if (!isProjGuid) { projectId = await GetProjectIdAsync(context, projectName); } // Set the default pipelineId to 0, which is an invalid build id and it has to be reassigned to a valid build id. int pipelineId = 0; if (bool.TryParse(specificBuildWithTriggering, out var specificBuildWithTriggeringBool) && specificBuildWithTriggeringBool) { string hostType = context.Variables.GetValueOrDefault("system.hostType")?.Value; string triggeringPipeline = null; if (!string.IsNullOrWhiteSpace(hostType) && !hostType.Equals("build", StringComparison.OrdinalIgnoreCase)) // RM env. { var releaseAlias = context.Variables.GetValueOrDefault("release.triggeringartifact.alias")?.Value; var definitionIdTriggered = context.Variables.GetValueOrDefault("release.artifacts." + releaseAlias ?? string.Empty + ".definitionId")?.Value; if (!string.IsNullOrWhiteSpace(definitionIdTriggered) && definitionIdTriggered.Equals(definition, StringComparison.OrdinalIgnoreCase)) { triggeringPipeline = context.Variables.GetValueOrDefault("release.artifacts." + releaseAlias ?? string.Empty + ".buildId")?.Value; } var triggeredProjectIdStr = context.Variables.GetValueOrDefault("release.artifacts." + releaseAlias + ".projectId")?.Value; if (!string.IsNullOrWhiteSpace(triggeredProjectIdStr) && Guid.TryParse(triggeredProjectIdStr, out var triggeredProjectId)) { projectId = triggeredProjectId; } } else { var definitionIdTriggered = context.Variables.GetValueOrDefault("build.triggeredBy.definitionId")?.Value; if (!string.IsNullOrWhiteSpace(definitionIdTriggered) && definitionIdTriggered.Equals(definition, StringComparison.OrdinalIgnoreCase)) { triggeringPipeline = context.Variables.GetValueOrDefault("build.triggeredBy.buildId")?.Value; } var triggeredProjectIdStr = context.Variables.GetValueOrDefault("build.triggeredBy.projectId")?.Value; if (!string.IsNullOrWhiteSpace(triggeredProjectIdStr) && Guid.TryParse(triggeredProjectIdStr, out var triggeredProjectId)) { projectId = triggeredProjectId; } } if (!string.IsNullOrWhiteSpace(triggeringPipeline)) { pipelineId = int.Parse(triggeringPipeline); } } if (pipelineId == 0) { if (buildVersionToDownload == buildVersionToDownloadLatest) { pipelineId = await this.GetPipelineIdAsync(context, definition, buildVersionToDownload, projectId.ToString(), tagsInput, resultFilter, null, cancellationToken: token); } else if (buildVersionToDownload == buildVersionToDownloadSpecific) { bool isPipelineIdNum = Int32.TryParse(userSpecifiedBuildId, out pipelineId); if (!isPipelineIdNum) { throw new ArgumentException(StringUtil.Loc("RunIDNotValid", userSpecifiedBuildId)); } } else if (buildVersionToDownload == buildVersionToDownloadLatestFromBranch) { pipelineId = await this.GetPipelineIdAsync(context, definition, buildVersionToDownload, projectId.ToString(), tagsInput, resultFilter, branchName, cancellationToken: token); } else { throw new InvalidOperationException("Unreachable code!"); } } OutputBuildInfo(context, pipelineId); downloadParameters = new ArtifactDownloadParameters { ProjectRetrievalOptions = BuildArtifactRetrievalOptions.RetrieveByProjectName, ProjectName = projectName, ProjectId = projectId, PipelineId = pipelineId, ArtifactName = artifactName, TargetDirectory = targetPath, MinimatchFilters = minimatchPatterns, MinimatchFilterWithArtifactName = true, ParallelizationLimit = int.TryParse(parallelizationLimit, out var parallelLimit) ? parallelLimit : 8, RetryDownloadCount = int.TryParse(retryDownloadCount, out var retryCount) ? retryCount : 4, CheckDownloadedFiles = bool.TryParse(checkDownloadedFiles, out var checkDownloads) && checkDownloads, CustomMinimatchOptions = minimatchOptions, ExtractTars = extractTarsBool, ExtractedTarsTempPath = extractedTarsTempPath }; } else { throw new InvalidOperationException($"Build type '{buildType}' is not recognized."); } string fullPath = this.CreateDirectoryIfDoesntExist(targetPath); if (cleanDestinationFolderBool) { CleanDirectory(context, fullPath, token); } var downloadOption = downloadType == "single" ? DownloadOptions.SingleDownload : DownloadOptions.MultiDownload; // Build artifacts always includes the artifact in the path name downloadParameters.IncludeArtifactNameInPath = true; // By default, file container provider appends artifact name to target path when downloading specific files. // This is undesirable because DownloadBuildArtifactsV0 doesn't do that. // We also have a blob to enable appending artifact name just in case we break someone. // By default, its value is going to be false, so we're defaulting to V0-like target path resolution. downloadParameters.AppendArtifactNameToTargetPath = AgentKnobs.EnableIncompatibleBuildArtifactsPathResolution.GetValue(context).AsBoolean(); context.Output(StringUtil.Loc("DownloadArtifactTo", targetPath)); await server.DownloadAsyncV2(context, downloadParameters, downloadOption, token); context.Output(StringUtil.Loc("DownloadArtifactFinished")); } private string CreateDirectoryIfDoesntExist(string targetPath) { string fullPath = Path.GetFullPath(targetPath); bool dirExists = Directory.Exists(fullPath); if (!dirExists) { Directory.CreateDirectory(fullPath); } return fullPath; } private void CleanDirectory(AgentTaskPluginExecutionContext context, string directoryPath, CancellationToken cancellationToken) { FileAttributes dirAttributes; context.Output(StringUtil.Loc("CleaningDestinationFolder", directoryPath)); try { dirAttributes = File.GetAttributes(directoryPath); } catch (Exception ex) when (ex is FileNotFoundException || ex is DirectoryNotFoundException) { context.Warning(StringUtil.Loc("NoFolderToClean", directoryPath)); return; } if (dirAttributes.HasFlag(FileAttributes.Directory)) { bool isDirectoryEmpty = !Directory.EnumerateFileSystemEntries(directoryPath).Any(); if (isDirectoryEmpty) { context.Warning(StringUtil.Loc("NoFolderToClean", directoryPath)); return; } // delete the child items DirectoryInfo directoryInfo = new DirectoryInfo(directoryPath); foreach (FileInfo file in directoryInfo.GetFiles()) { try { IOUtil.DeleteFileWithRetry(file.FullName, cancellationToken).Wait() ; } catch (Exception ex) { tracer.Warn($"Unable to delete build artifact file, ex:{ex.GetType()}"); throw; } } foreach (DirectoryInfo subDirectory in directoryInfo.GetDirectories()) { try { IOUtil.DeleteDirectoryWithRetry(subDirectory.FullName, cancellationToken).Wait() ; } catch (Exception ex) { tracer.Warn($"Unable to delete build subdirecotry, ex:{ex.GetType()}"); throw; } } } else { try { // specified folder is not a directory. Delete it. IOUtil.DeleteDirectoryWithRetry(directoryPath, cancellationToken).Wait() ; } catch (Exception ex) { tracer.Warn($"Unable to delete build artifact data, ex:{ex.GetType()}"); throw; } } } private async Task GetPipelineIdAsync(AgentTaskPluginExecutionContext context, string pipelineDefinition, string buildVersionToDownload, string project, string[] tagFilters, BuildResult resultFilter = BuildResult.Succeeded, string branchName = null, CancellationToken cancellationToken = default(CancellationToken)) { if (String.IsNullOrWhiteSpace(pipelineDefinition)) { throw new InvalidOperationException(StringUtil.Loc("CannotBeNullOrEmpty", "Pipeline Definition")); } VssConnection connection = context.VssConnection; BuildHttpClient buildHttpClient = connection.GetClient(); var isDefinitionNum = Int32.TryParse(pipelineDefinition, out int definition); if (!isDefinitionNum) { var definitionRef = (await buildHttpClient.GetDefinitionsAsync(new System.Guid(project), pipelineDefinition, cancellationToken: cancellationToken)).FirstOrDefault(); if (definitionRef == null) { throw new ArgumentException(StringUtil.Loc("PipelineDoesNotExist", pipelineDefinition)); } else { definition = definitionRef.Id; } } var definitions = new List() { definition }; List list; if (buildVersionToDownload == buildVersionToDownloadLatest) { list = await buildHttpClient.GetBuildsAsync(project, definitions, tagFilters: tagFilters, queryOrder: BuildQueryOrder.FinishTimeDescending, resultFilter: resultFilter); } else if (buildVersionToDownload == buildVersionToDownloadLatestFromBranch) { list = await buildHttpClient.GetBuildsAsync(project, definitions, branchName: branchName, tagFilters: tagFilters, queryOrder: BuildQueryOrder.FinishTimeDescending, resultFilter: resultFilter); } else { throw new InvalidOperationException("Unreachable code!"); } if (list.Count > 0) { return list.First().Id; } else { throw new ArgumentException(StringUtil.Loc("BuildsDoesNotExist")); } } private BuildResult GetResultFilter(bool allowPartiallySucceededBuilds, bool allowFailedBuilds, bool allowCanceledBuilds) { var result = BuildResult.Succeeded; if (allowPartiallySucceededBuilds) { result |= BuildResult.PartiallySucceeded; } if (allowFailedBuilds) { result |= BuildResult.Failed; } if (allowCanceledBuilds) { result |= BuildResult.Canceled; } return result; } private async Task GetProjectIdAsync(AgentTaskPluginExecutionContext context, string projectName) { VssConnection connection = context.VssConnection; var projectClient = connection.GetClient(); TeamProject proj = null; try { proj = await projectClient.GetProject(projectName); } catch (Exception ex) { throw new ArgumentException("Get project failed " + projectName + " , exception: " + ex); } return proj.Id; } private void OutputBuildInfo(AgentTaskPluginExecutionContext context, int? pipelineId) { context.Output(StringUtil.Loc("DownloadingFromBuild", pipelineId)); // populate output variable 'BuildNumber' with buildId context.SetVariable("BuildNumber", pipelineId.ToString()); } } } ================================================ FILE: src/Agent.Plugins/GitCliManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Diagnostics; using System.Linq; using System.Text; using System.Text.RegularExpressions; using System.Threading; using System.Threading.Tasks; using System.IO; using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Agent.Plugins.Repository { public interface IGitCliManager { Task GitConfig(AgentTaskPluginExecutionContext context, string repositoryPath, string configKey, string configValue); } public class GitCliManager : IGitCliManager { private static Encoding _encoding { get => PlatformUtil.RunningOnWindows ? Encoding.UTF8 : null; } protected readonly Dictionary gitEnv = new Dictionary(StringComparer.OrdinalIgnoreCase) { { "GIT_TERMINAL_PROMPT", "0" }, }; protected string gitPath = null; protected Version gitVersion = null; protected string gitLfsPath = null; protected Version gitLfsVersion = null; public GitCliManager(Dictionary envs = null) { if (envs != null) { foreach (var env in envs) { if (!string.IsNullOrEmpty(env.Key)) { gitEnv[env.Key] = env.Value ?? string.Empty; } } } } public bool EnsureGitVersion(Version requiredVersion, bool throwOnNotMatch) { ArgUtil.NotNull(gitPath, nameof(gitPath)); ArgUtil.NotNull(gitVersion, nameof(gitVersion)); if (gitVersion < requiredVersion && throwOnNotMatch) { throw new NotSupportedException(StringUtil.Loc("MinRequiredGitVersion", requiredVersion, gitPath, gitVersion)); } return gitVersion >= requiredVersion; } public bool EnsureGitLFSVersion(Version requiredVersion, bool throwOnNotMatch) { ArgUtil.NotNull(gitLfsPath, nameof(gitLfsPath)); ArgUtil.NotNull(gitLfsVersion, nameof(gitLfsVersion)); if (gitLfsVersion < requiredVersion && throwOnNotMatch) { throw new NotSupportedException(StringUtil.Loc("MinRequiredGitLfsVersion", requiredVersion, gitLfsPath, gitLfsVersion)); } return gitLfsVersion >= requiredVersion; } public (string gitPath, string gitLfsPath) GetInternalGitPaths(AgentTaskPluginExecutionContext context) { string agentHomeDir = context.Variables.GetValueOrDefault("agent.homedirectory")?.Value; ArgUtil.NotNullOrEmpty(agentHomeDir, nameof(agentHomeDir)); string gitPath = null; if (AgentKnobs.UseGit2_39_4.GetValue(context).AsBoolean()) { gitPath = Path.Combine(agentHomeDir, "externals", "git-2.39.4", "cmd", $"git.exe"); } else if (AgentKnobs.UseGit2_42_0_2.GetValue(context).AsBoolean()) { gitPath = Path.Combine(agentHomeDir, "externals", "git-2.42.0.2", "cmd", $"git.exe"); } if (gitPath is null || !File.Exists(gitPath)) { context.Debug("gitPath is null or does not exist. Falling back to default git path."); gitPath = Path.Combine(agentHomeDir, "externals", "git", "cmd", $"git.exe"); } string gitLfsPath; if (PlatformUtil.BuiltOnX86) { gitLfsPath = Path.Combine(agentHomeDir, "externals", "git", "mingw32", "bin", "git-lfs.exe"); } else { gitLfsPath = Path.Combine(agentHomeDir, "externals", "git", "mingw64", "bin", "git-lfs.exe"); } return (gitPath, gitLfsPath); } public virtual async Task LoadGitExecutionInfo(AgentTaskPluginExecutionContext context, bool useBuiltInGit) { // There is no built-in git for OSX/Linux gitPath = null; gitLfsPath = null; // Resolve the location of git. if (useBuiltInGit && PlatformUtil.RunningOnWindows) { context.Debug("Git paths are resolving from internal dependencies"); (gitPath, gitLfsPath) = GetInternalGitPaths(context); // Prepend the PATH. context.Output(StringUtil.Loc("Prepending0WithDirectoryContaining1", "Path", Path.GetFileName(gitPath))); // We need to prepend git-lfs path first so that we call // externals/git/cmd/git.exe instead of externals/git/mingw**/bin/git.exe context.PrependPath(Path.GetDirectoryName(gitLfsPath)); context.PrependPath(Path.GetDirectoryName(gitPath)); context.Debug($"PATH: '{Environment.GetEnvironmentVariable("PATH")}'"); } else { gitPath = WhichUtil.Which("git", require: true, trace: context); gitLfsPath = WhichUtil.Which("git-lfs", require: false, trace: context); } ArgUtil.File(gitPath, nameof(gitPath)); // Get the Git version. gitVersion = await GitVersion(context); ArgUtil.NotNull(gitVersion, nameof(gitVersion)); context.Debug($"Detect git version: {gitVersion.ToString()}."); // Get the Git-LFS version if git-lfs exist in %PATH%. if (!string.IsNullOrEmpty(gitLfsPath)) { gitLfsVersion = await GitLfsVersion(context); context.Debug($"Detect git-lfs version: '{gitLfsVersion?.ToString() ?? string.Empty}'."); } // required 2.0, all git operation commandline args need min git version 2.0 Version minRequiredGitVersion = new Version(2, 0); EnsureGitVersion(minRequiredGitVersion, throwOnNotMatch: true); // suggest user upgrade to 2.17 for better git experience Version recommendGitVersion = new Version(2, 17); if (!EnsureGitVersion(recommendGitVersion, throwOnNotMatch: false)) { context.Output(StringUtil.Loc("UpgradeToLatestGit", recommendGitVersion, gitVersion)); } // git-lfs 2.7.1 contains a bug where it doesn't include extra header from git config // See https://github.com/git-lfs/git-lfs/issues/3571 bool gitLfsSupport = StringUtil.ConvertToBoolean(context.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs)); Version recommendedGitLfsVersion = new Version(2, 7, 2); if (gitLfsSupport && gitLfsVersion == new Version(2, 7, 1)) { context.Output(StringUtil.Loc("UnsupportedGitLfsVersion", gitLfsVersion, recommendedGitLfsVersion)); } // Set the user agent. string gitHttpUserAgentEnv = $"git/{gitVersion.ToString()} (vsts-agent-git/{context.Variables.GetValueOrDefault("agent.version")?.Value ?? "unknown"})"; context.Debug($"Set git useragent to: {gitHttpUserAgentEnv}."); gitEnv["GIT_HTTP_USER_AGENT"] = gitHttpUserAgentEnv; } // git init public async Task GitInit(AgentTaskPluginExecutionContext context, string repositoryPath) { context.Debug($"Init git repository at: {repositoryPath}."); string repoRootEscapeSpace = StringUtil.Format(@"""{0}""", repositoryPath.Replace(@"""", @"\""")); return await ExecuteGitCommandAsync(context, repositoryPath, "init", StringUtil.Format($"{repoRootEscapeSpace}")); } // git fetch --tags --prune --progress --no-recurse-submodules [--depth=15] origin [+refs/pull/*:refs/remote/pull/*] public async Task GitFetch(AgentTaskPluginExecutionContext context, string repositoryPath, string remoteName, int fetchDepth, IEnumerable filters, bool fetchTags, List refSpec, string additionalCommandLine, CancellationToken cancellationToken) { context.Debug($"Fetch git repository at: {repositoryPath} remote: {remoteName}."); if (refSpec != null && refSpec.Count > 0) { refSpec = refSpec.Where(r => !string.IsNullOrEmpty(r)).ToList(); } // Git 2.20 changed its fetch behavior, rejecting tag updates if the --force flag is not provided // See https://git-scm.com/docs/git-fetch for more details string forceTag = string.Empty; if (gitVersion >= new Version(2, 20)) { forceTag = "--force"; } bool reducedOutput = AgentKnobs.QuietCheckout.GetValue(context).AsBoolean(); string progress = reducedOutput ? string.Empty : "--progress"; string tags = "--tags"; if (!fetchTags) { tags = "--no-tags"; } // insert prune-tags if knob is false to sync tags with the remote string pruneTags = string.Empty; if (EnsureGitVersion(new Version(2, 17), throwOnNotMatch: false) && !AgentKnobs.DisableFetchPruneTags.GetValue(context).AsBoolean()) { pruneTags = "--prune-tags"; } // If shallow fetch add --depth arg // If the local repository is shallowed but there is no fetch depth provide for this build, // add --unshallow to convert the shallow repository to a complete repository string depth = fetchDepth > 0 ? $"--depth={fetchDepth}" : (File.Exists(Path.Combine(repositoryPath, ".git", "shallow")) ? "--unshallow" : string.Empty); //define options for fetch string options = $"{forceTag} {tags} --prune {pruneTags} {progress} --no-recurse-submodules {remoteName} {depth} {string.Join(" ", filters.Select(filter => "--filter=" + filter))} {string.Join(" ", refSpec)}"; int retryCount = 0; int fetchExitCode = 0; while (retryCount < 3) { Stopwatch watch = new Stopwatch(); watch.Start(); fetchExitCode = await ExecuteGitCommandAsync(context, repositoryPath, "fetch", options, additionalCommandLine, cancellationToken); watch.Stop(); // Publish some fetch statistics context.PublishTelemetry(area: "AzurePipelinesAgent", feature: "GitFetch", properties: new Dictionary { { "ElapsedTimeMilliseconds", $"{watch.ElapsedMilliseconds}" }, { "RefSpec", string.Join(" ", refSpec) }, { "RemoteName", remoteName }, { "FetchDepth", $"{fetchDepth}" }, { "FetchFilter", $"{String.Join(" ", filters)}" }, { "FetchTags", $"{fetchTags}" }, { "ExitCode", $"{fetchExitCode}" }, { "Options", options } }); if (fetchExitCode == 0) { break; } else { if (++retryCount < 3) { var backOff = BackoffTimerHelper.GetRandomBackoff(TimeSpan.FromSeconds(1), TimeSpan.FromSeconds(10)); context.Warning($"Git fetch failed with exit code {fetchExitCode}, back off {backOff.TotalSeconds} seconds before retry."); await Task.Delay(backOff); } } } return fetchExitCode; } // git lfs fetch origin [ref] public async Task GitLFSFetch(AgentTaskPluginExecutionContext context, string repositoryPath, string remoteName, string refSpec, string additionalCommandLine, CancellationToken cancellationToken) { string lfsconfig = ".lfsconfig"; context.Debug($"Checkout {lfsconfig} for git repository at: {repositoryPath} remote: {remoteName}."); // default options for git checkout .lfsconfig string options = StringUtil.Format($"{refSpec} -- {lfsconfig}"); int exitCodeLfsConfigCheckout = await ExecuteGitCommandAsync(context, repositoryPath, "checkout", options, additionalCommandLine, cancellationToken); if (exitCodeLfsConfigCheckout != 0) { context.Debug("There were some issues while checkout of .lfsconfig - probably because this file does not exist (see message above for more details). Continue fetching."); } context.Debug($"Fetch LFS objects for git repository at: {repositoryPath} remote: {remoteName}."); // default options for git lfs fetch. options = StringUtil.Format($"fetch origin {refSpec}"); int retryCount = 0; int fetchExitCode = 0; while (retryCount < 3) { fetchExitCode = await ExecuteGitCommandAsync(context, repositoryPath, "lfs", options, additionalCommandLine, cancellationToken); if (fetchExitCode == 0) { break; } else { if (++retryCount < 3) { var backOff = BackoffTimerHelper.GetRandomBackoff(TimeSpan.FromSeconds(1), TimeSpan.FromSeconds(10)); context.Output($"Git lfs fetch failed with exit code {fetchExitCode}, back off {backOff.TotalSeconds} seconds before retry."); await Task.Delay(backOff); } } } return fetchExitCode; } // git sparse-checkout public async Task GitSparseCheckout(AgentTaskPluginExecutionContext context, string repositoryPath, string directories, string patterns, CancellationToken cancellationToken) { context.Debug($"Sparse checkout"); bool useConeMode = !string.IsNullOrWhiteSpace(directories); string options = useConeMode ? "--cone" : "--no-cone"; context.PublishTelemetry(area: "AzurePipelinesAgent", feature: "GitSparseCheckout", properties: new Dictionary { { "Mode", useConeMode ? "cone" : "non-cone" }, { "Patterns", useConeMode ? directories : patterns } }); int exitCode_sparseCheckoutInit = await ExecuteGitCommandAsync(context, repositoryPath, "sparse-checkout init", options, cancellationToken); if (exitCode_sparseCheckoutInit != 0) { return exitCode_sparseCheckoutInit; } else { return await ExecuteGitCommandAsync(context, repositoryPath, "sparse-checkout set", useConeMode ? directories : patterns, cancellationToken); } } // git sparse-checkout disable public async Task GitSparseCheckoutDisable(AgentTaskPluginExecutionContext context, string repositoryPath, CancellationToken cancellationToken) { context.Debug($"Sparse checkout disable"); return await ExecuteGitCommandAsync(context, repositoryPath, "sparse-checkout disable", string.Empty, cancellationToken); } // git checkout -f --progress public async Task GitCheckout(AgentTaskPluginExecutionContext context, string repositoryPath, string committishOrBranchSpec, string additionalCommandLine, CancellationToken cancellationToken) { context.Debug($"Checkout {committishOrBranchSpec}."); // Git 2.7 support report checkout progress to stderr during stdout/err redirect. string options; if (gitVersion >= new Version(2, 7)) { options = StringUtil.Format("--progress --force {0}", committishOrBranchSpec); } else { options = StringUtil.Format("--force {0}", committishOrBranchSpec); } return await ExecuteGitCommandAsync(context, repositoryPath, "checkout", options, additionalCommandLine, cancellationToken); } // git clean -ffdx public async Task GitClean(AgentTaskPluginExecutionContext context, string repositoryPath) { context.Debug($"Delete untracked files/folders for repository at {repositoryPath}."); // Git 2.4 support git clean -ffdx. string options; if (gitVersion >= new Version(2, 4)) { options = "-ffdx"; } else { options = "-fdx"; } return await ExecuteGitCommandAsync(context, repositoryPath, "clean", options); } // git reset --hard HEAD public async Task GitReset(AgentTaskPluginExecutionContext context, string repositoryPath) { context.Debug($"Undo any changes to tracked files in the working tree for repository at {repositoryPath}."); return await ExecuteGitCommandAsync(context, repositoryPath, "reset", "--hard HEAD"); } // get remote set-url public async Task GitRemoteAdd(AgentTaskPluginExecutionContext context, string repositoryPath, string remoteName, string remoteUrl) { context.Debug($"Add git remote: {remoteName} to url: {remoteUrl} for repository under: {repositoryPath}."); return await ExecuteGitCommandAsync(context, repositoryPath, "remote", StringUtil.Format($"add {remoteName} {remoteUrl}")); } // get remote set-url public async Task GitRemoteSetUrl(AgentTaskPluginExecutionContext context, string repositoryPath, string remoteName, string remoteUrl) { context.Debug($"Set git fetch url to: {remoteUrl} for remote: {remoteName}."); return await ExecuteGitCommandAsync(context, repositoryPath, "remote", StringUtil.Format($"set-url {remoteName} {remoteUrl}")); } // get remote set-url --push public async Task GitRemoteSetPushUrl(AgentTaskPluginExecutionContext context, string repositoryPath, string remoteName, string remoteUrl) { context.Debug($"Set git push url to: {remoteUrl} for remote: {remoteName}."); return await ExecuteGitCommandAsync(context, repositoryPath, "remote", StringUtil.Format($"set-url --push {remoteName} {remoteUrl}")); } // git submodule foreach --recursive "git clean -ffdx" public async Task GitSubmoduleClean(AgentTaskPluginExecutionContext context, string repositoryPath) { context.Debug($"Delete untracked files/folders for submodules at {repositoryPath}."); // Git 2.4 support git clean -ffdx. string options; if (gitVersion >= new Version(2, 4)) { options = "-ffdx"; } else { options = "-fdx"; } return await ExecuteGitCommandAsync(context, repositoryPath, "submodule", $"foreach --recursive \"git clean {options}\""); } // git submodule foreach --recursive "git reset --hard HEAD" public async Task GitSubmoduleReset(AgentTaskPluginExecutionContext context, string repositoryPath) { context.Debug($"Undo any changes to tracked files in the working tree for submodules at {repositoryPath}."); return await ExecuteGitCommandAsync(context, repositoryPath, "submodule", "foreach --recursive \"git reset --hard HEAD\""); } // git submodule update --init --force [--depth=15] [--recursive] public async Task GitSubmoduleUpdate(AgentTaskPluginExecutionContext context, string repositoryPath, int fetchDepth, IEnumerable filters, string additionalCommandLine, bool recursive, CancellationToken cancellationToken) { context.Debug("Update the registered git submodules."); string options = "update --init --force"; if (fetchDepth > 0) { options = options + $" --depth={fetchDepth}"; } if (AgentKnobs.UseFetchFilterInGitSubmoduleUpdate.GetValue(context).AsBoolean() && filters != null) { options += " " + string.Join(" ", filters.Select(f => "--filter=" + f)); } if (recursive) { options = options + " --recursive"; } return await ExecuteGitCommandAsync(context, repositoryPath, "submodule", options, additionalCommandLine, cancellationToken); } // git submodule sync [--recursive] public async Task GitSubmoduleSync(AgentTaskPluginExecutionContext context, string repositoryPath, bool recursive, CancellationToken cancellationToken) { context.Debug("Synchronizes submodules' remote URL configuration setting."); string options = "sync"; if (recursive) { options = options + " --recursive"; } return await ExecuteGitCommandAsync(context, repositoryPath, "submodule", options, cancellationToken); } // git config --get remote.origin.url public async Task GitGetFetchUrl(AgentTaskPluginExecutionContext context, string repositoryPath) { context.Debug($"Inspect remote.origin.url for repository under {repositoryPath}"); Uri fetchUrl = null; List outputStrings = new List(); int exitCode = await ExecuteGitCommandAsync(context, repositoryPath, "config", "--get remote.origin.url", outputStrings); if (exitCode != 0) { context.Warning($"'git config --get remote.origin.url' failed with exit code: {exitCode}, output: '{string.Join(Environment.NewLine, outputStrings)}'"); } else { // remove empty strings outputStrings = outputStrings.Where(o => !string.IsNullOrEmpty(o)).ToList(); if (outputStrings.Count == 1 && !string.IsNullOrEmpty(outputStrings.First())) { string remoteFetchUrl = outputStrings.First(); if (Uri.IsWellFormedUriString(remoteFetchUrl, UriKind.Absolute)) { context.Debug($"Get remote origin fetch url from git config: {remoteFetchUrl}"); fetchUrl = new Uri(remoteFetchUrl); } else { context.Debug($"The Origin fetch url from git config: {remoteFetchUrl} is not a absolute well formed url."); } } else { context.Debug($"Unable capture git remote fetch uri from 'git config --get remote.origin.url' command's output, the command's output is not expected: {string.Join(Environment.NewLine, outputStrings)}."); } } return fetchUrl; } // git config public async Task GitConfig(AgentTaskPluginExecutionContext context, string repositoryPath, string configKey, string configValue) { context.Debug($"Set git config {configKey} {configValue}"); return await ExecuteGitCommandAsync(context, repositoryPath, "config", StringUtil.Format($"{configKey} {configValue}")); } // git config --get-all public async Task GitConfigExist(AgentTaskPluginExecutionContext context, string repositoryPath, string configKey) { // git config --get-all {configKey} will return 0 and print the value if the config exist. context.Debug($"Checking git config {configKey} exist or not"); // ignore any outputs by redirect them into a string list, since the output might contains secrets. List outputStrings = new List(); int exitcode = await ExecuteGitCommandAsync(context, repositoryPath, "config", StringUtil.Format($"--get-all {configKey}"), outputStrings); return exitcode == 0; } /// /// Get the value of a git config key. Values of the key can be get from latest function parameter. /// git config --get-all /// Execution context of the agent tasks /// Local repository path on agent /// Git config key name /// Output array of values of the key /// public async Task GitConfigExist(AgentTaskPluginExecutionContext context, string repositoryPath, string configKey, IList existingConfigValues) { // git config --get-all {configKey} will return 0 and print the value if the config exist. context.Debug($"Checking git config {configKey} exist or not"); // ignore any outputs by redirect them into a string list, since the output might contains secrets. if (existingConfigValues == null) { existingConfigValues = new List(); } int exitcode = await ExecuteGitCommandAsync(context, repositoryPath, "config", StringUtil.Format($"--get-all {configKey}"), existingConfigValues); return exitcode == 0; } /// /// Verify if git config contains config key with some regex pattern /// git config --get-regexp /// public async Task GitConfigRegexExist(AgentTaskPluginExecutionContext context, string repositoryPath, string configKeyPattern) { // git config --get-regexp {configKeyPattern} will return 0 and print the value if the config exist. context.Debug($"Checking git config {configKeyPattern} exist or not"); // ignore any outputs by redirect them into a string list, since the output might contains secrets. List outputStrings = new List(); int exitcode = await ExecuteGitCommandAsync(context, repositoryPath, "config", StringUtil.Format($"--get-regexp {configKeyPattern}"), outputStrings); return exitcode == 0; } // git config --unset-all public async Task GitConfigUnset(AgentTaskPluginExecutionContext context, string repositoryPath, string configKey) { context.Debug($"Unset git config --unset-all {configKey}"); return await ExecuteGitCommandAsync(context, repositoryPath, "config", StringUtil.Format($"--unset-all {configKey}")); } // git config gc.auto 0 public async Task GitDisableAutoGC(AgentTaskPluginExecutionContext context, string repositoryPath) { context.Debug("Disable git auto garbage collection."); return await ExecuteGitCommandAsync(context, repositoryPath, "config", "gc.auto 0"); } // git repack -adfl public async Task GitRepack(AgentTaskPluginExecutionContext context, string repositoryPath) { context.Debug("Compress .git directory."); return await ExecuteGitCommandAsync(context, repositoryPath, "repack", "-adfl"); } // git prune public async Task GitPrune(AgentTaskPluginExecutionContext context, string repositoryPath) { context.Debug("Delete unreachable objects under .git directory."); return await ExecuteGitCommandAsync(context, repositoryPath, "prune", "-v"); } // git lfs prune public async Task GitLFSPrune(AgentTaskPluginExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug("Deletes local copies of LFS files which are old, thus freeing up disk space. Prune operates by enumerating all the locally stored objects, and then deleting any which are not referenced by at least ONE of the following:"); return await ExecuteGitCommandAsync(context, repositoryPath, "lfs", "prune"); } // git count-objects -v -H public async Task GitCountObjects(AgentTaskPluginExecutionContext context, string repositoryPath) { context.Debug("Inspect .git directory."); return await ExecuteGitCommandAsync(context, repositoryPath, "count-objects", "-v -H"); } // git lfs install --local public async Task GitLFSInstall(AgentTaskPluginExecutionContext context, string repositoryPath) { context.Debug("Ensure git-lfs installed."); return await ExecuteGitCommandAsync(context, repositoryPath, "lfs", "install --local"); } // git lfs logs last public async Task GitLFSLogs(AgentTaskPluginExecutionContext context, string repositoryPath) { context.Debug("Get git-lfs logs."); return await ExecuteGitCommandAsync(context, repositoryPath, "lfs", "logs last"); } // git status public async Task GitStatus(AgentTaskPluginExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Show the working tree status for repository at {repositoryPath}."); return await ExecuteGitCommandAsync(context, repositoryPath, "status", string.Empty); } // git version public virtual async Task GitVersion(AgentTaskPluginExecutionContext context) { context.Debug("Get git version."); string workingDir = context.Variables.GetValueOrDefault("agent.workfolder")?.Value; ArgUtil.Directory(workingDir, "agent.workfolder"); Version version = null; List outputStrings = new List(); int exitCode = await ExecuteGitCommandAsync(context, workingDir, "version", null, outputStrings); context.Output($"{string.Join(Environment.NewLine, outputStrings)}"); if (exitCode == 0) { // remove any empty line. outputStrings = outputStrings.Where(o => !string.IsNullOrEmpty(o)).ToList(); if (outputStrings.Count == 1 && !string.IsNullOrEmpty(outputStrings.First())) { string verString = outputStrings.First(); // we interested about major.minor.patch version Regex verRegex = new Regex("\\d+\\.\\d+(\\.\\d+)?", RegexOptions.IgnoreCase); var matchResult = verRegex.Match(verString); if (matchResult.Success && !string.IsNullOrEmpty(matchResult.Value)) { if (!Version.TryParse(matchResult.Value, out version)) { version = null; } } } } return version; } // git lfs version public virtual async Task GitLfsVersion(AgentTaskPluginExecutionContext context) { context.Debug("Get git-lfs version."); string workingDir = context.Variables.GetValueOrDefault("agent.workfolder")?.Value; ArgUtil.Directory(workingDir, "agent.workfolder"); Version version = null; List outputStrings = new List(); int exitCode = await ExecuteGitCommandAsync(context, workingDir, "lfs version", null, outputStrings); context.Output($"{string.Join(Environment.NewLine, outputStrings)}"); if (exitCode == 0) { // remove any empty line. outputStrings = outputStrings.Where(o => !string.IsNullOrEmpty(o)).ToList(); if (outputStrings.Count == 1 && !string.IsNullOrEmpty(outputStrings.First())) { string verString = outputStrings.First(); // we interested about major.minor.patch version Regex verRegex = new Regex("\\d+\\.\\d+(\\.\\d+)?", RegexOptions.IgnoreCase); var matchResult = verRegex.Match(verString); if (matchResult.Success && !string.IsNullOrEmpty(matchResult.Value)) { if (!Version.TryParse(matchResult.Value, out version)) { version = null; } } } } return version; } protected virtual async Task ExecuteGitCommandAsync(AgentTaskPluginExecutionContext context, string repoRoot, string command, string options, CancellationToken cancellationToken = default(CancellationToken)) { string arg = StringUtil.Format($"{command} {options}").Trim(); context.Command($"git {arg}"); using (var processInvoker = new ProcessInvoker(context, disableWorkerCommands: true)) { processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { context.Output(message.Data); }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { context.Output(message.Data); }; return await processInvoker.ExecuteAsync( workingDirectory: repoRoot, fileName: gitPath, arguments: arg, environment: gitEnv, requireExitCodeZero: false, outputEncoding: _encoding, cancellationToken: cancellationToken); } } protected virtual async Task ExecuteGitCommandAsync(AgentTaskPluginExecutionContext context, string repoRoot, string command, string options, IList output) { string arg = StringUtil.Format($"{command} {options}").Trim(); context.Command($"git {arg}"); if (output == null) { output = new List(); } using (var processInvoker = new ProcessInvoker(context, disableWorkerCommands: true)) { processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { output.Add(message.Data); }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { context.Output(message.Data); }; return await processInvoker.ExecuteAsync( workingDirectory: repoRoot, fileName: gitPath, arguments: arg, environment: gitEnv, requireExitCodeZero: false, outputEncoding: _encoding, cancellationToken: default(CancellationToken)); } } protected virtual async Task ExecuteGitCommandAsync(AgentTaskPluginExecutionContext context, string repoRoot, string command, string options, string additionalCommandLine, CancellationToken cancellationToken) { string arg = StringUtil.Format($"{additionalCommandLine} {command} {options}").Trim(); context.Command($"git {arg}"); using (var processInvoker = new ProcessInvoker(context, disableWorkerCommands: true)) { processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { context.Output(message.Data); }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { context.Output(message.Data); }; return await processInvoker.ExecuteAsync( workingDirectory: repoRoot, fileName: gitPath, arguments: arg, environment: gitEnv, requireExitCodeZero: false, outputEncoding: _encoding, cancellationToken: cancellationToken); } } } } ================================================ FILE: src/Agent.Plugins/GitSourceProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.Build.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using System.IO; using System.Text.RegularExpressions; using System.Text; using Agent.Sdk; using Agent.Sdk.Knob; using System.Linq; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.Identity.Client; using Microsoft.VisualStudio.Services.Common; using System.Net; namespace Agent.Plugins.Repository { public class ExternalGitSourceProvider : GitSourceProvider { public override bool GitSupportsFetchingCommitBySha1Hash(GitCliManager gitCommandManager) { return false; } // external git repository won't use auth header cmdline arg, since we don't know the auth scheme. public override bool GitSupportUseAuthHeader(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager) { return false; } public override bool GitLfsSupportUseAuthHeader(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager) { return false; } public override bool GitSupportsConfigEnv(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager) { return false; } public override void RequirementCheck(AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository, GitCliManager gitCommandManager) { // check git version for SChannel SSLBackend (Windows Only) bool schannelSslBackend = StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("agent.gituseschannel")?.Value); if (schannelSslBackend && PlatformUtil.RunningOnWindows) { gitCommandManager.EnsureGitVersion(_minGitVersionSupportSSLBackendOverride, throwOnNotMatch: true); } } } public abstract class AuthenticatedGitSourceProvider : GitSourceProvider { public override bool GitSupportUseAuthHeader(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager) { // v2.9 git exist use auth header. return gitCommandManager.EnsureGitVersion(_minGitVersionSupportAuthHeader, throwOnNotMatch: false); } public override bool GitLfsSupportUseAuthHeader(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager) { // v2.1 git-lfs exist use auth header. return gitCommandManager.EnsureGitLFSVersion(_minGitLfsVersionSupportAuthHeader, throwOnNotMatch: false); } public override bool GitSupportsConfigEnv(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager) { // v2.31 git supports --config-env. return gitCommandManager.EnsureGitVersion(_minGitVersionConfigEnv, throwOnNotMatch: false); } public override void RequirementCheck(AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository, GitCliManager gitCommandManager) { // check git version for SChannel SSLBackend (Windows Only) bool schannelSslBackend = StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("agent.gituseschannel")?.Value); if (schannelSslBackend && PlatformUtil.RunningOnWindows) { gitCommandManager.EnsureGitVersion(_minGitVersionSupportSSLBackendOverride, throwOnNotMatch: true); } } } public class BitbucketGitSourceProvider : AuthenticatedGitSourceProvider { public override bool GitSupportsFetchingCommitBySha1Hash(GitCliManager gitCommandManager) { return true; } } public class GitHubSourceProvider : AuthenticatedGitSourceProvider { public override bool GitSupportsFetchingCommitBySha1Hash(GitCliManager gitCommandManager) { if (gitCommandManager.EnsureGitVersion(_minGitVersionDefaultV2, throwOnNotMatch: false)) { return true; } return false; } } public class TfsGitSourceProvider : GitSourceProvider { public override bool GitSupportsFetchingCommitBySha1Hash(GitCliManager gitCommandManager) { return true; } public override bool UseBearerAuthenticationForOAuth() { return true; } public override bool GitSupportUseAuthHeader(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager) { // v2.9 git exist use auth header for tfsgit repository. return gitCommandManager.EnsureGitVersion(_minGitVersionSupportAuthHeader, throwOnNotMatch: false); } public override bool GitLfsSupportUseAuthHeader(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager) { // v2.1 git-lfs exist use auth header for github repository. return gitCommandManager.EnsureGitLFSVersion(_minGitLfsVersionSupportAuthHeader, throwOnNotMatch: false); } public override bool GitSupportsConfigEnv(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager) { // v2.31 git supports --config-env. return gitCommandManager.EnsureGitVersion(_minGitVersionConfigEnv, throwOnNotMatch: false); } // When the repository is a TfsGit, figure out the endpoint is hosted vsts git or on-prem tfs git // if repository is on-prem tfs git, make sure git version greater than 2.9 // we have to use http.extraheader option to provide auth header for on-prem tfs git public override void RequirementCheck(AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository, GitCliManager gitCommandManager) { var selfManageGitCreds = StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("system.selfmanagegitcreds")?.Value); if (selfManageGitCreds) { // Customer choose to own git creds by themselves, we don't have to worry about git version anymore. return; } // Since that variable is added around TFS 2015 Qu2. // Old TFS AT will not send this variable to build agent, and VSTS will always send it to build agent. bool onPremTfsGit = !String.Equals(executionContext.Variables.GetValueOrDefault(WellKnownDistributedTaskVariables.ServerType)?.Value, "Hosted", StringComparison.OrdinalIgnoreCase); // ensure git version and git-lfs version for on-prem tfsgit. if (onPremTfsGit) { gitCommandManager.EnsureGitVersion(_minGitVersionSupportAuthHeader, throwOnNotMatch: true); bool gitLfsSupport = StringUtil.ConvertToBoolean(executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs)); // prefer feature variable over endpoint data if (executionContext.Variables.GetValueOrDefault("agent.source.git.lfs") != null) { gitLfsSupport = StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("agent.source.git.lfs")?.Value); } if (gitLfsSupport) { gitCommandManager.EnsureGitLFSVersion(_minGitLfsVersionSupportAuthHeader, throwOnNotMatch: true); } } // check git version for SChannel SSLBackend (Windows Only) bool schannelSslBackend = StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("agent.gituseschannel")?.Value); if (schannelSslBackend && PlatformUtil.RunningOnWindows) { gitCommandManager.EnsureGitVersion(_minGitVersionSupportSSLBackendOverride, throwOnNotMatch: true); } } } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA1505: Avoid unmaintainable code")] public abstract class GitSourceProvider : ISourceProvider { // refs prefix // TODO: how to deal with limited refs? private const string _refsPrefix = "refs/heads/"; private const string _remoteRefsPrefix = "refs/remotes/origin/"; private const string _pullRefsPrefix = "refs/pull/"; private const string _remotePullRefsPrefix = "refs/remotes/pull/"; private const string _gitUseBasicAuthForProxyConfig = "-c http.proxyAuthMethod=basic"; private const string _tenantId = "tenantid"; private const string _clientId = "servicePrincipalId"; // client assertion type for jwt based token request required for authenticating work load identity auth scheme private const string _clientAssertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"; // entra URI to authenticate app registration/managed identity users private const string _entraURI = "https://login.microsoftonline.com/{0}/oauth2/v2.0/token"; // All scopes for the Azure DevOps API resource private const string _scopeId = "499b84ac-1321-427f-aa17-267ca6975798/.default"; // min git version that support add extra auth header. protected Version _minGitVersionSupportAuthHeader = new Version(2, 9); // min git version that support override sslBackend setting. protected Version _minGitVersionSupportSSLBackendOverride = new Version(2, 14, 2); // min git-lfs version that support add extra auth header. protected Version _minGitLfsVersionSupportAuthHeader = new Version(2, 1); // min git version where v2 is defaulted protected Version _minGitVersionDefaultV2 = new Version(2, 26); // min git version that supports new way to pass config via --config-env // Info: https://github.com/git/git/commit/ce81b1da230cf04e231ce337c2946c0671ffb303 protected Version _minGitVersionConfigEnv = new Version(2, 31); // min git version that supports sparse checkout protected Version _minGitVersionSupportSparseCheckout = new Version(2, 25); public abstract bool GitSupportUseAuthHeader(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager); public abstract bool GitLfsSupportUseAuthHeader(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager); public abstract void RequirementCheck(AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository, GitCliManager gitCommandManager); public abstract bool GitSupportsFetchingCommitBySha1Hash(GitCliManager gitCommandManager); public abstract bool GitSupportsConfigEnv(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager); public virtual bool UseBearerAuthenticationForOAuth() { return false; } public string GenerateAuthHeader(AgentTaskPluginExecutionContext executionContext, string username, string password, bool isBearer) { if (isBearer) { // tfsgit use bearer auth header with JWToken from systemconnection. ArgUtil.NotNullOrEmpty(password, nameof(password)); return $"bearer {password}"; } else { // use basic auth header with username:password in base64encoding. string authHeader = $"{username ?? string.Empty}:{password ?? string.Empty}"; string base64encodedAuthHeader = Convert.ToBase64String(Encoding.UTF8.GetBytes(authHeader)); // add base64 encoding auth header into secretMasker. executionContext.SetSecret(base64encodedAuthHeader); return $"basic {base64encodedAuthHeader}"; } } public async Task GetSourceAsync( AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository, CancellationToken cancellationToken) { // Validate args. ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(repository, nameof(repository)); Dictionary configModifications = new Dictionary(); bool selfManageGitCreds = false; Uri repositoryUrlWithCred = null; Uri proxyUrlWithCred = null; string proxyUrlWithCredString = null; Uri gitLfsUrlWithCred = null; bool useSelfSignedCACert = false; bool useClientCert = false; string clientCertPrivateKeyAskPassFile = null; bool acceptUntrustedCerts = false; bool reducedOutput = AgentKnobs.QuietCheckout.GetValue(executionContext).AsBoolean(); if (reducedOutput) { executionContext.Output(StringUtil.Loc("QuietCheckoutModeRequested")); executionContext.SetTaskVariable(AgentKnobs.QuietCheckoutRuntimeVarName, Boolean.TrueString); } executionContext.Output($"Syncing repository: {repository.Properties.Get(Pipelines.RepositoryPropertyNames.Name)} ({repository.Type})"); Uri repositoryUrl = repository.Url; if (!repositoryUrl.IsAbsoluteUri) { throw new InvalidOperationException("Repository url need to be an absolute uri."); } string targetPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); string sourceBranch = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Ref); string sourceVersion = repository.Version; bool clean = StringUtil.ConvertToBoolean(executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.Clean)); // input Submodules can be ['', true, false, recursive] // '' or false indicate don't checkout submodules // true indicate checkout top level submodules // recursive indicate checkout submodules recursively bool checkoutSubmodules = false; bool checkoutNestedSubmodules = false; string submoduleInput = executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules); if (!string.IsNullOrEmpty(submoduleInput)) { if (string.Equals(submoduleInput, Pipelines.PipelineConstants.CheckoutTaskInputs.SubmodulesOptions.Recursive, StringComparison.OrdinalIgnoreCase)) { checkoutSubmodules = true; checkoutNestedSubmodules = true; } else { checkoutSubmodules = StringUtil.ConvertToBoolean(submoduleInput); } } // retrieve credential from endpoint. ServiceEndpoint endpoint = null; if (repository.Endpoint != null) { // the endpoint should either be the SystemVssConnection (id = guild.empty, name = SystemVssConnection) // or a real service endpoint to external service which has a real id endpoint = executionContext.Endpoints.Single( x => (repository.Endpoint.Id != Guid.Empty && x.Id == repository.Endpoint.Id) || (repository.Endpoint.Id == Guid.Empty && string.Equals(x.Name, repository.Endpoint.Name.ToString(), StringComparison.OrdinalIgnoreCase))); } if (endpoint != null && endpoint.Data.TryGetValue(EndpointData.AcceptUntrustedCertificates, out string endpointAcceptUntrustedCerts)) { acceptUntrustedCerts = StringUtil.ConvertToBoolean(endpointAcceptUntrustedCerts); } var agentCert = executionContext.GetCertConfiguration(); acceptUntrustedCerts = acceptUntrustedCerts || (agentCert?.SkipServerCertificateValidation ?? false); int fetchDepth = 0; if (!int.TryParse(executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth), out fetchDepth) || fetchDepth < 0) { fetchDepth = 0; } // prefer feature variable over endpoint data if (int.TryParse(executionContext.Variables.GetValueOrDefault("agent.source.git.shallowFetchDepth")?.Value, out int fetchDepthOverwrite) && fetchDepthOverwrite >= 0) { fetchDepth = fetchDepthOverwrite; } bool gitLfsSupport = StringUtil.ConvertToBoolean(executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs)); // prefer feature variable over endpoint data if (executionContext.Variables.GetValueOrDefault("agent.source.git.lfs") != null) { gitLfsSupport = StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("agent.source.git.lfs")?.Value); } bool exposeCred = StringUtil.ConvertToBoolean(executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials)); // default fetchTags to true unless it's specifically set to false bool fetchTags = StringUtil.ConvertToBoolean(executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.FetchTags), true); string fetchFilter = executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.FetchFilter); string sparseCheckoutDirectories = executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.SparseCheckoutDirectories); string sparseCheckoutPatterns = executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.SparseCheckoutPatterns); bool enableSparseCheckout = !string.IsNullOrWhiteSpace(sparseCheckoutDirectories) || !string.IsNullOrWhiteSpace(sparseCheckoutPatterns); executionContext.Debug($"repository url={repositoryUrl}"); executionContext.Debug($"targetPath={targetPath}"); executionContext.Debug($"sourceBranch={sourceBranch}"); executionContext.Debug($"sourceVersion={sourceVersion}"); executionContext.Debug($"clean={clean}"); executionContext.Debug($"checkoutSubmodules={checkoutSubmodules}"); executionContext.Debug($"checkoutNestedSubmodules={checkoutNestedSubmodules}"); executionContext.Debug($"exposeCred={exposeCred}"); executionContext.Debug($"fetchDepth={fetchDepth}"); executionContext.Debug($"fetchFilter={fetchFilter}"); executionContext.Debug($"fetchTags={fetchTags}"); executionContext.Debug($"gitLfsSupport={gitLfsSupport}"); executionContext.Debug($"acceptUntrustedCerts={acceptUntrustedCerts}"); executionContext.Debug($"sparseCheckout={enableSparseCheckout}"); bool schannelSslBackend = StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("agent.gituseschannel")?.Value); executionContext.Debug($"schannelSslBackend={schannelSslBackend}"); // by default, find Git in the path bool preferGitFromPath = true; // On Windows, we prefer the built-in portable Git within the agent's externals folder, // system.prefergitfrompath=true will cause the agent to find Git.exe from %PATH% if (PlatformUtil.RunningOnWindows) { preferGitFromPath = AgentKnobs.PreferGitFromPath.GetValue(executionContext).AsBoolean(); } // Determine do we need to provide creds to git operation selfManageGitCreds = StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("system.selfmanagegitcreds")?.Value); if (selfManageGitCreds) { // Customer choose to own git creds by themselves. executionContext.Output(StringUtil.Loc("SelfManageGitCreds")); } // Initialize git command manager with additional environment variables. Dictionary gitEnv = new Dictionary(StringComparer.OrdinalIgnoreCase); // Git-lfs will try to pull down asset if any of the local/user/system setting exist. // If customer didn't enable `LFS` in their pipeline definition, we will use ENV to disable LFS fetch/checkout. if (!gitLfsSupport) { gitEnv["GIT_LFS_SKIP_SMUDGE"] = "1"; } // Add the public variables. foreach (var variable in executionContext.Variables) { // Add the variable using the formatted name. string formattedKey = VarUtil.ConvertToEnvVariableFormat(variable.Key, preserveCase: false); gitEnv[formattedKey] = variable.Value?.Value ?? string.Empty; } GitCliManager gitCommandManager = GetCliManager(gitEnv); await gitCommandManager.LoadGitExecutionInfo(executionContext, useBuiltInGit: !preferGitFromPath); // Read 'disable fetch by commit' value from the execution variable first, then from the environment variable if the first one is not set bool fetchByCommit = GitSupportsFetchingCommitBySha1Hash(gitCommandManager) && !AgentKnobs.DisableFetchByCommit.GetValue(executionContext).AsBoolean(); bool gitSupportAuthHeader = GitSupportUseAuthHeader(executionContext, gitCommandManager); bool gitUseSecureParameterPassing = AgentKnobs.GitUseSecureParameterPassing.GetValue(executionContext).AsBoolean(); // Make sure the build machine met all requirements for the git repository // For now, the requirement we have are: // 1. git version greater than 2.9 and git-lfs version greater than 2.1 for on-prem tfsgit // 2. git version greater than 2.14.2 if use SChannel for SSL backend (Windows only) RequirementCheck(executionContext, repository, gitCommandManager); string username = string.Empty; string password = string.Empty; bool useBearerAuthType = false; if (!selfManageGitCreds && endpoint != null && endpoint.Authorization != null) { switch (endpoint.Authorization.Scheme) { case EndpointAuthorizationSchemes.OAuth: username = EndpointAuthorizationSchemes.OAuth; useBearerAuthType = UseBearerAuthenticationForOAuth(); if (!endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.AccessToken, out password)) { password = string.Empty; } break; case EndpointAuthorizationSchemes.PersonalAccessToken: username = EndpointAuthorizationSchemes.PersonalAccessToken; if (!endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.AccessToken, out password)) { password = string.Empty; } break; case EndpointAuthorizationSchemes.Token: username = "x-access-token"; if (!endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.AccessToken, out password)) { username = EndpointAuthorizationSchemes.Token; if (!endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.ApiToken, out password)) { password = string.Empty; } } break; case EndpointAuthorizationSchemes.UsernamePassword: if (!endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.Username, out username)) { // leave the username as empty, the username might in the url, like: http://username@repository.git username = string.Empty; } if (!endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.Password, out password)) { // we have username, but no password password = string.Empty; } break; case EndpointAuthorizationSchemes.WorkloadIdentityFederation: username = EndpointAuthorizationSchemes.WorkloadIdentityFederation; password = GetWISCToken(endpoint, executionContext, cancellationToken); break; default: executionContext.Warning($"Unsupport endpoint authorization schemes: {endpoint.Authorization.Scheme}"); break; } } // prepare credentail embedded urls repositoryUrlWithCred = UrlUtil.GetCredentialEmbeddedUrl(repositoryUrl, username, password); var agentProxy = executionContext.GetProxyConfiguration(); if (agentProxy != null && !string.IsNullOrEmpty(agentProxy.ProxyAddress) && !agentProxy.WebProxy.IsBypassed(repositoryUrl)) { proxyUrlWithCred = UrlUtil.GetCredentialEmbeddedUrl(new Uri(agentProxy.ProxyAddress), agentProxy.ProxyUsername, agentProxy.ProxyPassword); // uri.absoluteuri will not contains port info if the scheme is http/https and the port is 80/443 // however, git.exe always require you provide port info, if nothing passed in, it will use 1080 as default // as result, we need prefer the uri.originalstring when it's different than uri.absoluteuri. if (string.Equals(proxyUrlWithCred.AbsoluteUri, proxyUrlWithCred.OriginalString, StringComparison.OrdinalIgnoreCase)) { proxyUrlWithCredString = proxyUrlWithCred.AbsoluteUri; } else { proxyUrlWithCredString = proxyUrlWithCred.OriginalString; } } // prepare askpass for client cert private key, if the repository's endpoint url match the TFS/VSTS url var systemConnection = executionContext.Endpoints.Single(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); if (agentCert != null && Uri.Compare(repositoryUrl, systemConnection.Url, UriComponents.SchemeAndServer, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) == 0) { if (!string.IsNullOrEmpty(agentCert.CACertificateFile)) { useSelfSignedCACert = true; } if (!string.IsNullOrEmpty(agentCert.ClientCertificateFile) && !string.IsNullOrEmpty(agentCert.ClientCertificatePrivateKeyFile)) { useClientCert = true; // prepare askpass for client cert password if (!string.IsNullOrEmpty(agentCert.ClientCertificatePassword)) { clientCertPrivateKeyAskPassFile = Path.Combine(executionContext.Variables["agent.tempdirectory"].Value, $"{Guid.NewGuid()}.sh"); List askPass = new List(); askPass.Add("#!/bin/sh"); askPass.Add($"echo \"{agentCert.ClientCertificatePassword}\""); File.WriteAllLines(clientCertPrivateKeyAskPassFile, askPass); if (!PlatformUtil.RunningOnWindows) { string toolPath = WhichUtil.Which("chmod", true); string argLine = $"775 {clientCertPrivateKeyAskPassFile}"; executionContext.Command($"chmod {argLine}"); using (var processInvoker = new ProcessInvoker(executionContext)) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { if (!string.IsNullOrEmpty(args.Data)) { executionContext.Output(args.Data); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { if (!string.IsNullOrEmpty(args.Data)) { executionContext.Output(args.Data); } }; await processInvoker.ExecuteAsync(executionContext.Variables.GetValueOrDefault("system.defaultworkingdirectory")?.Value, toolPath, argLine, null, true, CancellationToken.None); } } } } } if (gitLfsSupport) { // Construct git-lfs url UriBuilder gitLfsUrl = new UriBuilder(repositoryUrlWithCred); if (gitLfsUrl.Path.EndsWith(".git")) { gitLfsUrl.Path = gitLfsUrl.Path + "/info/lfs"; } else { gitLfsUrl.Path = gitLfsUrl.Path + ".git/info/lfs"; } gitLfsUrlWithCred = gitLfsUrl.Uri; } // Check the current contents of the root folder to see if there is already a repo // If there is a repo, see if it matches the one we are expecting to be there based on the remote fetch url // if the repo is not what we expect, remove the folder if (!await IsRepositoryOriginUrlMatch(executionContext, gitCommandManager, targetPath, repositoryUrl)) { // Delete source folder IOUtil.DeleteDirectory(targetPath, cancellationToken); } else { // delete the index.lock file left by previous canceled build or any operation cause git.exe crash last time. string lockFile = Path.Combine(targetPath, ".git", "index.lock"); if (File.Exists(lockFile)) { try { File.Delete(lockFile); } catch (Exception ex) { executionContext.Debug($"Unable to delete the index.lock file: {lockFile}"); executionContext.Debug(ex.ToString()); } } // delete the shallow.lock file left by previous canceled build or any operation cause git.exe crash last time. string shallowLockFile = Path.Combine(targetPath, ".git", "shallow.lock"); if (File.Exists(shallowLockFile)) { try { File.Delete(shallowLockFile); } catch (Exception ex) { executionContext.Debug($"Unable to delete the shallow.lock file: {shallowLockFile}"); executionContext.Debug(ex.ToString()); } } string agentWorkFolder = executionContext.Variables.GetValueOrDefault("agent.workfolder")?.Value; if (!string.IsNullOrEmpty(agentWorkFolder) && File.Exists(Path.Combine(agentWorkFolder, ".autoManagedVhd")) && !AgentKnobs.DisableAutoManagedVhdShallowOverride.GetValue(executionContext).AsBoolean()) { // The existing working directory comes from an AutoManagedVHD (indicated by the // .autoManagedVhd marker file placed in the agent work folder). // An AutoManagedVHD always contains a full, non-shallow clone of the repository. // Some pipelines enable shallow fetch parameters (e.g., fetchDepth > 0). However, // Git cannot convert an existing full clone into a shallow one in-place. // // Technical reason: // A full clone already has complete commit history and object reachability. // When a fetch is issued with a non-zero --depth against a full clone, Git // does *not* rewrite the local history to match the requested shallow boundary. // Instead, to honor the depth constraint, Git falls back to creating a brand-new // shallow clone in an empty directory. // // That behavior causes the agent to discard the VHD-provided clone and re-clone // from scratch—defeating the whole purpose of using AutoManagedVHDs for fast sync. // // To avoid this, force a normal full fetch by disabling shallow behavior: // clean = false → preserve the VHD clone // fetchDepth = 0 → perform a standard "sync" fetch clean = false; fetchDepth = 0; executionContext.Output($"Detected an Auto Managed VHD at {targetPath}. Setting clean to false and fetchDepth to 0."); } // When repo.clean is selected for a git repo, execute git clean -ffdx and git reset --hard HEAD on the current repo. // This will help us save the time to reclone the entire repo. // If any git commands exit with non-zero return code or any exception happened during git.exe invoke, fall back to delete the repo folder. if (clean) { await RunGitStatusIfSystemDebug(executionContext, gitCommandManager, targetPath); Boolean softCleanSucceed = true; // git clean -ffdx int exitCode_clean = await gitCommandManager.GitClean(executionContext, targetPath); if (exitCode_clean != 0) { executionContext.Debug($"'git clean -ffdx' failed with exit code {exitCode_clean}, this normally caused by:\n 1) Path too long\n 2) Permission issue\n 3) File in use\nFor futher investigation, manually run 'git clean -ffdx' on repo root: {targetPath} after each build."); softCleanSucceed = false; } // git reset --hard HEAD if (softCleanSucceed) { int exitCode_reset = await gitCommandManager.GitReset(executionContext, targetPath); if (exitCode_reset != 0) { executionContext.Debug($"'git reset --hard HEAD' failed with exit code {exitCode_reset}\nFor futher investigation, manually run 'git reset --hard HEAD' on repo root: {targetPath} after each build."); softCleanSucceed = false; } } // git clean -ffdx and git reset --hard HEAD for each submodule if (checkoutSubmodules) { if (softCleanSucceed) { int exitCode_submoduleclean = await gitCommandManager.GitSubmoduleClean(executionContext, targetPath); if (exitCode_submoduleclean != 0) { executionContext.Debug($"'git submodule foreach --recursive \"git clean -ffdx\"' failed with exit code {exitCode_submoduleclean}\nFor futher investigation, manually run 'git submodule foreach --recursive \"git clean -ffdx\"' on repo root: {targetPath} after each build."); softCleanSucceed = false; } } if (softCleanSucceed) { int exitCode_submodulereset = await gitCommandManager.GitSubmoduleReset(executionContext, targetPath); if (exitCode_submodulereset != 0) { executionContext.Debug($"'git submodule foreach --recursive \"git reset --hard HEAD\"' failed with exit code {exitCode_submodulereset}\nFor futher investigation, manually run 'git submodule foreach --recursive \"git reset --hard HEAD\"' on repo root: {targetPath} after each build."); softCleanSucceed = false; } } } if (!softCleanSucceed) { //fall back executionContext.Warning("Unable to run \"git clean -ffdx\" and \"git reset --hard HEAD\" successfully, delete source folder instead."); IOUtil.DeleteDirectory(targetPath, cancellationToken); } } } // if the folder is missing, create it if (!Directory.Exists(targetPath)) { Directory.CreateDirectory(targetPath); } // if the folder contains a .git folder, it means the folder contains a git repo that matches the remote url and in a clean state. // we will run git fetch to update the repo. if (!Directory.Exists(Path.Combine(targetPath, ".git"))) { // init git repository int exitCode_init = await gitCommandManager.GitInit(executionContext, targetPath); if (exitCode_init != 0) { throw new InvalidOperationException($"Unable to use git.exe init repository under {targetPath}, 'git init' failed with exit code: {exitCode_init}"); } int exitCode_addremote = await gitCommandManager.GitRemoteAdd(executionContext, targetPath, "origin", repositoryUrl.AbsoluteUri); if (exitCode_addremote != 0) { throw new InvalidOperationException($"Unable to use git.exe add remote 'origin', 'git remote add' failed with exit code: {exitCode_addremote}"); } } if (AgentKnobs.UseSparseCheckoutInCheckoutTask.GetValue(executionContext).AsBoolean()) { // Sparse checkout needs to be before any `fetch` task to avoid fetching the excluded trees and blobs, or to not _not_ fetch them if we're disabling a previous sparse checkout. if (enableSparseCheckout) { gitCommandManager.EnsureGitVersion(_minGitVersionSupportSparseCheckout, throwOnNotMatch: true); // Set up sparse checkout int exitCode_sparseCheckout = await gitCommandManager.GitSparseCheckout(executionContext, targetPath, sparseCheckoutDirectories, sparseCheckoutPatterns, cancellationToken); if (exitCode_sparseCheckout != 0) { throw new InvalidOperationException($"Git sparse checkout failed with exit code: {exitCode_sparseCheckout}"); } } else { // Only disable if git supports sparse checkout if (gitCommandManager.EnsureGitVersion(_minGitVersionSupportSparseCheckout, throwOnNotMatch: false)) { // Disable sparse checkout in case it was enabled in a previous checkout int exitCode_sparseCheckoutDisable = await gitCommandManager.GitSparseCheckoutDisable(executionContext, targetPath, cancellationToken); if (exitCode_sparseCheckoutDisable != 0) { throw new InvalidOperationException($"Git sparse checkout disable failed with exit code: {exitCode_sparseCheckoutDisable}"); } } } } await RunGitStatusIfSystemDebug(executionContext, gitCommandManager, targetPath); cancellationToken.ThrowIfCancellationRequested(); executionContext.Progress(0, "Starting fetch..."); // disable git auto gc int exitCode_disableGC = await gitCommandManager.GitDisableAutoGC(executionContext, targetPath); if (exitCode_disableGC != 0) { executionContext.Warning("Unable turn off git auto garbage collection, git fetch operation may trigger auto garbage collection which will affect the performance of fetching."); } SetGitFeatureFlagsConfiguration(executionContext, gitCommandManager, targetPath); // always remove any possible left extraheader setting from git config. if (await gitCommandManager.GitConfigExist(executionContext, targetPath, $"http.{repositoryUrl.AbsoluteUri}.extraheader")) { executionContext.Debug($"Remove http.{repositoryUrl.AbsoluteUri}.extraheader setting from git config."); await RemoveGitConfig(executionContext, gitCommandManager, targetPath, $"http.{repositoryUrl.AbsoluteUri}.extraheader", string.Empty); } var existingExtraheaders = new List(); if (await gitCommandManager.GitConfigExist(executionContext, targetPath, $"http.extraheader", existingExtraheaders)) { executionContext.Debug("Remove http.extraheader setting from git config."); foreach (var configValue in existingExtraheaders) { await RemoveGitConfig(executionContext, gitCommandManager, targetPath, $"http.extraheader", configValue); } } if (await gitCommandManager.GitConfigRegexExist(executionContext, targetPath, ".*extraheader")) { executionContext.Warning($"Git config still contains extraheader keys. It may cause errors. To remove the credential, execute \"git config --unset-all key-name\" from the repository root"); } // always remove any possible left proxy setting from git config, the proxy setting may contains credential if (await gitCommandManager.GitConfigExist(executionContext, targetPath, $"http.proxy")) { executionContext.Debug("Remove any proxy setting from git config."); await RemoveGitConfig(executionContext, gitCommandManager, targetPath, $"http.proxy", string.Empty); } var additionalFetchFilterOptions = ParseFetchFilterOptions(executionContext, fetchFilter); var additionalFetchArgs = new List(); var additionalLfsFetchArgs = new List(); var additionalCheckoutArgs = new List(); // Force Git to HTTP/1.1. Otherwise IIS will reject large pushes to Azure Repos due to the large content-length header // This is caused by these header limits - https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/requestlimits/headerlimits/ int exitCode_configHttp = await gitCommandManager.GitConfig(executionContext, targetPath, "http.version", "HTTP/1.1"); if (exitCode_configHttp != 0) { executionContext.Warning($"Forcing Git to HTTP/1.1 failed with exit code: {exitCode_configHttp}"); } if (!selfManageGitCreds) { // v2.9 git support provide auth header as cmdline arg. // as long 2.9 git exist, VSTS repo, TFS repo and Github repo will use this to handle auth challenge. if (gitSupportAuthHeader) { string configKey = "http.extraheader"; string args = ComposeGitArgs(executionContext, gitCommandManager, configKey, username, password, useBearerAuthType); additionalFetchArgs.Add(args); // Partial Clone Credential Handling: // Two feature flags control when credentials are added to git checkout for partial clones: // 1. AddForceCredentialsToGitCheckout (legacy): Only checks explicit fetch filters // 2. AddForceCredentialsToGitCheckoutEnhanced (new): Checks both explicit filters AND inherited partial clone config // The enhanced flag takes precedence when both are enabled. bool hasExplicitFetchFilter = additionalFetchFilterOptions.Any(); bool forceCredentialsLegacyEnabled = AgentKnobs.AddForceCredentialsToGitCheckout.GetValue(executionContext).AsBoolean(); bool forceCredentialsEnhancedEnabled = AgentKnobs.AddForceCredentialsToGitCheckoutEnhanced.GetValue(executionContext).AsBoolean(); bool shouldAddCredentials = false; // Enhanced behavior takes precedence - checks both explicit filters and promisor remote configuration if (forceCredentialsEnhancedEnabled) { // Enhanced detection: check for inherited partial clone configuration via git config bool hasInheritedPartialCloneConfig = await IsPartialCloneRepository(executionContext, gitCommandManager, targetPath); executionContext.Debug($"Enhanced partial clone detection - ExplicitFilter: {hasExplicitFetchFilter}, InheritedConfig: {hasInheritedPartialCloneConfig}, ForceCredentialsEnhanced: {forceCredentialsEnhancedEnabled}"); if (hasExplicitFetchFilter || hasInheritedPartialCloneConfig) { executionContext.Debug("Adding credentials to checkout due to enhanced partial clone detection"); shouldAddCredentials = true; } } else if (forceCredentialsLegacyEnabled && hasExplicitFetchFilter) { // Legacy behavior: only check explicit fetch filter, used when enhanced flag is disabled executionContext.Debug($"Legacy partial clone detection - ExplicitFilter: {hasExplicitFetchFilter}, ForceCredentials: {forceCredentialsLegacyEnabled}"); executionContext.Debug("Adding credentials to checkout due to explicit fetch filter and legacy force credentials knob"); shouldAddCredentials = true; } // Apply credentials to checkout if either feature flag condition was satisfied if (shouldAddCredentials) { additionalCheckoutArgs.Add(args); } } else { // Otherwise, inject credential into fetch/push url // inject credential into fetch url executionContext.Debug("Inject credential into git remote url."); ArgUtil.NotNull(repositoryUrlWithCred, nameof(repositoryUrlWithCred)); // inject credential into fetch url executionContext.Debug("Inject credential into git remote fetch url."); int exitCode_seturl = await gitCommandManager.GitRemoteSetUrl(executionContext, targetPath, "origin", repositoryUrlWithCred.AbsoluteUri); if (exitCode_seturl != 0) { throw new InvalidOperationException($"Unable to use git.exe inject credential to git remote fetch url, 'git remote set-url' failed with exit code: {exitCode_seturl}"); } // inject credential into push url executionContext.Debug("Inject credential into git remote push url."); exitCode_seturl = await gitCommandManager.GitRemoteSetPushUrl(executionContext, targetPath, "origin", repositoryUrlWithCred.AbsoluteUri); if (exitCode_seturl != 0) { throw new InvalidOperationException($"Unable to use git.exe inject credential to git remote push url, 'git remote set-url --push' failed with exit code: {exitCode_seturl}"); } } // Prepare proxy config for fetch. if (agentProxy != null && !string.IsNullOrEmpty(agentProxy.ProxyAddress) && !agentProxy.WebProxy.IsBypassed(repositoryUrl)) { executionContext.Debug($"Config proxy server '{agentProxy.ProxyAddress}' for git fetch."); ArgUtil.NotNullOrEmpty(proxyUrlWithCredString, nameof(proxyUrlWithCredString)); additionalFetchArgs.Add($"-c http.proxy=\"{proxyUrlWithCredString}\""); additionalLfsFetchArgs.Add($"-c http.proxy=\"{proxyUrlWithCredString}\""); // Add proxy authentication method if Basic auth is enabled if (agentProxy.UseBasicAuthForProxy) { executionContext.Debug("Config proxy to use Basic authentication for git fetch."); additionalFetchArgs.Add(_gitUseBasicAuthForProxyConfig); additionalLfsFetchArgs.Add(_gitUseBasicAuthForProxyConfig); } } // Prepare ignore ssl cert error config for fetch. if (acceptUntrustedCerts) { additionalFetchArgs.Add($"-c http.sslVerify=false"); additionalLfsFetchArgs.Add($"-c http.sslVerify=false"); } // Prepare self-signed CA cert config for fetch from TFS. if (useSelfSignedCACert) { executionContext.Debug($"Use self-signed certificate '{agentCert.CACertificateFile}' for git fetch."); additionalFetchArgs.Add($"-c http.sslcainfo=\"{agentCert.CACertificateFile}\""); additionalLfsFetchArgs.Add($"-c http.sslcainfo=\"{agentCert.CACertificateFile}\""); } // Prepare client cert config for fetch from TFS. if (useClientCert) { executionContext.Debug($"Use client certificate '{agentCert.ClientCertificateFile}' for git fetch."); if (!string.IsNullOrEmpty(clientCertPrivateKeyAskPassFile)) { additionalFetchArgs.Add($"-c http.sslcert=\"{agentCert.ClientCertificateFile}\" -c http.sslkey=\"{agentCert.ClientCertificatePrivateKeyFile}\" -c http.sslCertPasswordProtected=true -c core.askpass=\"{clientCertPrivateKeyAskPassFile}\""); additionalLfsFetchArgs.Add($"-c http.sslcert=\"{agentCert.ClientCertificateFile}\" -c http.sslkey=\"{agentCert.ClientCertificatePrivateKeyFile}\" -c http.sslCertPasswordProtected=true -c core.askpass=\"{clientCertPrivateKeyAskPassFile}\""); } else { additionalFetchArgs.Add($"-c http.sslcert=\"{agentCert.ClientCertificateFile}\" -c http.sslkey=\"{agentCert.ClientCertificatePrivateKeyFile}\""); additionalLfsFetchArgs.Add($"-c http.sslcert=\"{agentCert.ClientCertificateFile}\" -c http.sslkey=\"{agentCert.ClientCertificatePrivateKeyFile}\""); } } if (schannelSslBackend) { if (PlatformUtil.RunningOnWindows) { executionContext.Debug("Use SChannel SslBackend for git fetch."); additionalFetchArgs.Add("-c http.sslbackend=\"schannel\""); additionalLfsFetchArgs.Add("-c http.sslbackend=\"schannel\""); } else { executionContext.Debug("SChannel requested. Ignored because this is not Windows."); } } // Prepare gitlfs url for fetch and checkout if (gitLfsSupport) { // Initialize git lfs by execute 'git lfs install' executionContext.Debug("Setup the local Git hooks for Git LFS."); int exitCode_lfsInstall = await gitCommandManager.GitLFSInstall(executionContext, targetPath); if (exitCode_lfsInstall != 0) { throw new InvalidOperationException($"Git-lfs installation failed with exit code: {exitCode_lfsInstall}"); } bool lfsSupportAuthHeader = GitLfsSupportUseAuthHeader(executionContext, gitCommandManager); if (lfsSupportAuthHeader) { string authorityUrl = repositoryUrl.AbsoluteUri.Replace(repositoryUrl.PathAndQuery, string.Empty); string configKey = $"http.{authorityUrl}.extraheader"; string lfsFetchArgs = ComposeGitArgs(executionContext, gitCommandManager, configKey, username, password, useBearerAuthType); additionalLfsFetchArgs.Add(lfsFetchArgs); } else { // Inject credential into lfs fetch/push url executionContext.Debug("Inject credential into git-lfs remote url."); ArgUtil.NotNull(gitLfsUrlWithCred, nameof(gitLfsUrlWithCred)); // inject credential into fetch url executionContext.Debug("Inject credential into git-lfs remote fetch url."); configModifications["remote.origin.lfsurl"] = gitLfsUrlWithCred.AbsoluteUri; int exitCode_configlfsurl = await gitCommandManager.GitConfig(executionContext, targetPath, "remote.origin.lfsurl", gitLfsUrlWithCred.AbsoluteUri); if (exitCode_configlfsurl != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_configlfsurl}"); } // inject credential into push url executionContext.Debug("Inject credential into git-lfs remote push url."); configModifications["remote.origin.lfspushurl"] = gitLfsUrlWithCred.AbsoluteUri; int exitCode_configlfspushurl = await gitCommandManager.GitConfig(executionContext, targetPath, "remote.origin.lfspushurl", gitLfsUrlWithCred.AbsoluteUri); if (exitCode_configlfspushurl != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_configlfspushurl}"); } } } } List additionalFetchSpecs = new List(); string refFetchedByCommit = null; executionContext.Debug($"fetchDepth : {fetchDepth}"); executionContext.Debug($"fetchFilter : {fetchFilter}"); executionContext.Debug($"fetchByCommit : {fetchByCommit}"); executionContext.Debug($"sourceVersion : {sourceVersion}"); executionContext.Debug($"fetchTags : {fetchTags}"); // Determine if we should use fetch by commit based on shallow vs full clone scenarios bool shouldFetchByCommit = fetchByCommit && !string.IsNullOrEmpty(sourceVersion) && (fetchDepth > 0 || AgentKnobs.FetchByCommitForFullClone.GetValue(executionContext).AsBoolean()); executionContext.Debug($"shouldFetchByCommit : {shouldFetchByCommit}"); if (IsPullRequest(sourceBranch)) { // Build a 'fetch-by-commit' refspec iff the server allows us to do so in the shallow fetch scenario // or if it's a full clone and the FetchByCommitForFullClone knob is enabled // Otherwise, fall back to fetch all branches and pull request ref if (shouldFetchByCommit) { refFetchedByCommit = $"{_remoteRefsPrefix}{sourceVersion}"; additionalFetchSpecs.Add($"+{sourceVersion}:{refFetchedByCommit}"); } else { additionalFetchSpecs.Add("+refs/heads/*:refs/remotes/origin/*"); additionalFetchSpecs.Add($"+{sourceBranch}:{GetRemoteRefName(sourceBranch)}"); } } else { // Build a refspec iff the server allows us to fetch a specific commit in the shallow fetch scenario // or if it's a full clone and the FetchByCommitForFullClone knob is enabled // Otherwise, use the default fetch behavior (i.e. with no refspecs) if (shouldFetchByCommit) { refFetchedByCommit = $"{_remoteRefsPrefix}{sourceVersion}"; additionalFetchSpecs.Add($"+{sourceVersion}:{refFetchedByCommit}"); } } int exitCode_fetch = await gitCommandManager.GitFetch(executionContext, targetPath, "origin", fetchDepth, additionalFetchFilterOptions, fetchTags, additionalFetchSpecs, string.Join(" ", additionalFetchArgs), cancellationToken); if (exitCode_fetch != 0) { throw new InvalidOperationException($"Git fetch failed with exit code: {exitCode_fetch}"); } // If checking out by commit, explicity fetch it // This is done as a separate fetch rather than adding an additional refspec on the proceeding fetch to prevent overriding previous behavior which may have dependencies in other tasks // i.e. "git fetch origin" versus "git fetch origin commit" if (fetchByCommit && !string.IsNullOrEmpty(sourceVersion)) { List commitFetchSpecs = new List() { $"+{sourceVersion}" }; exitCode_fetch = await gitCommandManager.GitFetch(executionContext, targetPath, "origin", fetchDepth, additionalFetchFilterOptions, fetchTags, commitFetchSpecs, string.Join(" ", additionalFetchArgs), cancellationToken); if (exitCode_fetch != 0) { throw new InvalidOperationException($"Git fetch failed with exit code: {exitCode_fetch}"); } } // Checkout // sourceToBuild is used for checkout // if sourceBranch is a PR branch or sourceVersion is null, make sure branch name is a remote branch. we need checkout to detached head. // (change refs/heads to refs/remotes/origin, refs/pull to refs/remotes/pull, or leave it as it when the branch name doesn't contain refs/...) // if sourceVersion provide, just use that for checkout, since when you checkout a commit, it will end up in detached head. cancellationToken.ThrowIfCancellationRequested(); executionContext.Progress(80, "Starting checkout..."); string sourcesToBuild; executionContext.Debug($"refFetchedByCommit : {refFetchedByCommit}"); if (refFetchedByCommit != null) { sourcesToBuild = refFetchedByCommit; } else if (IsPullRequest(sourceBranch) || string.IsNullOrEmpty(sourceVersion)) { sourcesToBuild = GetRemoteRefName(sourceBranch); } else { sourcesToBuild = sourceVersion; } // fetch lfs object upfront, this will avoid fetch lfs object during checkout which cause checkout taking forever // since checkout will fetch lfs object 1 at a time, while git lfs fetch will fetch lfs object in parallel. if (gitLfsSupport) { int exitCode_lfsFetch = await gitCommandManager.GitLFSFetch(executionContext, targetPath, "origin", sourcesToBuild, string.Join(" ", additionalLfsFetchArgs), cancellationToken); if (exitCode_lfsFetch != 0) { // local repository is shallow repository, lfs fetch may fail due to lack of commits history. // this will happen when the checkout commit is older than tip -> fetchDepth if (fetchDepth > 0) { executionContext.Warning(StringUtil.Loc("ShallowLfsFetchFail", fetchDepth, sourcesToBuild)); } // git lfs fetch failed, get lfs log, the log is critical for debug. int exitCode_lfsLogs = await gitCommandManager.GitLFSLogs(executionContext, targetPath); executionContext.Output($"Git lfs fetch failed with exit code: {exitCode_lfsFetch}. Git lfs logs returned with exit code: {exitCode_lfsLogs}."); executionContext.Output($"Checkout will continue. \"git checkout\" will fetch lfs files, however this could cause poor performance on old versions of git."); } } // Finally, checkout the sourcesToBuild (if we didn't find a valid git object this will throw) int exitCode_checkout = await gitCommandManager.GitCheckout(executionContext, targetPath, sourcesToBuild, string.Join(" ", additionalCheckoutArgs), cancellationToken); if (exitCode_checkout != 0) { // local repository is shallow repository, checkout may fail due to lack of commits history. // this will happen when the checkout commit is older than tip -> fetchDepth if (fetchDepth > 0) { executionContext.Warning(StringUtil.Loc("ShallowCheckoutFail", fetchDepth, sourcesToBuild)); } throw new InvalidOperationException($"Git checkout failed with exit code: {exitCode_checkout}"); } // Submodule update if (checkoutSubmodules) { cancellationToken.ThrowIfCancellationRequested(); executionContext.Progress(90, "Updating submodules..."); int exitCode_submoduleSync = await gitCommandManager.GitSubmoduleSync(executionContext, targetPath, checkoutNestedSubmodules, cancellationToken); if (exitCode_submoduleSync != 0) { throw new InvalidOperationException($"Git submodule sync failed with exit code: {exitCode_submoduleSync}"); } List additionalSubmoduleUpdateArgs = new List(); if (!selfManageGitCreds) { if (gitSupportAuthHeader) { string authorityUrl = repositoryUrl.AbsoluteUri.Replace(repositoryUrl.PathAndQuery, string.Empty); string configKey = $"http.{authorityUrl}.extraheader"; string submoduleUpdateArgs = ComposeGitArgs(executionContext, gitCommandManager, configKey, username, password, useBearerAuthType); additionalSubmoduleUpdateArgs.Add(submoduleUpdateArgs); } // Prepare proxy config for submodule update. if (agentProxy != null && !string.IsNullOrEmpty(agentProxy.ProxyAddress) && !agentProxy.WebProxy.IsBypassed(repositoryUrl)) { executionContext.Debug($"Config proxy server '{agentProxy.ProxyAddress}' for git submodule update."); ArgUtil.NotNullOrEmpty(proxyUrlWithCredString, nameof(proxyUrlWithCredString)); additionalSubmoduleUpdateArgs.Add($"-c http.proxy=\"{proxyUrlWithCredString}\""); // Add proxy authentication method if Basic auth is enabled if (agentProxy.UseBasicAuthForProxy) { executionContext.Debug("Config proxy to use Basic authentication for git submodule update."); additionalSubmoduleUpdateArgs.Add(_gitUseBasicAuthForProxyConfig); } } // Prepare ignore ssl cert error config for fetch. if (acceptUntrustedCerts) { additionalSubmoduleUpdateArgs.Add($"-c http.sslVerify=false"); } // Prepare self-signed CA cert config for submodule update. if (useSelfSignedCACert) { executionContext.Debug($"Use self-signed CA certificate '{agentCert.CACertificateFile}' for git submodule update."); string authorityUrl = repositoryUrl.AbsoluteUri.Replace(repositoryUrl.PathAndQuery, string.Empty); additionalSubmoduleUpdateArgs.Add($"-c http.{authorityUrl}.sslcainfo=\"{agentCert.CACertificateFile}\""); } // Prepare client cert config for submodule update. if (useClientCert) { executionContext.Debug($"Use client certificate '{agentCert.ClientCertificateFile}' for git submodule update."); string authorityUrl = repositoryUrl.AbsoluteUri.Replace(repositoryUrl.PathAndQuery, string.Empty); if (!string.IsNullOrEmpty(clientCertPrivateKeyAskPassFile)) { additionalSubmoduleUpdateArgs.Add($"-c http.{authorityUrl}.sslcert=\"{agentCert.ClientCertificateFile}\" -c http.{authorityUrl}.sslkey=\"{agentCert.ClientCertificatePrivateKeyFile}\" -c http.{authorityUrl}.sslCertPasswordProtected=true -c core.askpass=\"{clientCertPrivateKeyAskPassFile}\""); } else { additionalSubmoduleUpdateArgs.Add($"-c http.{authorityUrl}.sslcert=\"{agentCert.ClientCertificateFile}\" -c http.{authorityUrl}.sslkey=\"{agentCert.ClientCertificatePrivateKeyFile}\""); } } if (schannelSslBackend) { if (PlatformUtil.RunningOnWindows) { executionContext.Debug("Use SChannel SslBackend for git submodule update."); additionalSubmoduleUpdateArgs.Add("-c http.sslbackend=\"schannel\""); } else { executionContext.Debug("SChannel requested for Git submodule update. Ignored because this is not Windows."); } } } int exitCode_submoduleUpdate = await gitCommandManager.GitSubmoduleUpdate(executionContext, targetPath, fetchDepth, additionalFetchFilterOptions, string.Join(" ", additionalSubmoduleUpdateArgs), checkoutNestedSubmodules, cancellationToken); if (exitCode_submoduleUpdate != 0) { throw new InvalidOperationException($"Git submodule update failed with exit code: {exitCode_submoduleUpdate}"); } } // handle expose creds, related to 'Allow Scripts to Access OAuth Token' option if (!selfManageGitCreds) { if (gitSupportAuthHeader && exposeCred) { string configKey = $"http.{repositoryUrl.AbsoluteUri}.extraheader"; string configValue = $"\"AUTHORIZATION: {GenerateAuthHeader(executionContext, username, password, useBearerAuthType)}\""; configModifications[configKey] = configValue.Trim('\"'); if (gitUseSecureParameterPassing) { await SetAuthTokenInGitConfig(executionContext, gitCommandManager, targetPath, configKey, configValue.Trim('\"')); } else { int exitCode_config = await gitCommandManager.GitConfig(executionContext, targetPath, configKey, configValue); if (exitCode_config != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_config}"); } } } if (!gitSupportAuthHeader && !exposeCred) { // remove cached credential from origin's fetch/push url. await RemoveCachedCredential(executionContext, gitCommandManager, repositoryUrlWithCred, targetPath, repositoryUrl, "origin"); } if (exposeCred) { // save proxy setting to git config. if (agentProxy != null && !string.IsNullOrEmpty(agentProxy.ProxyAddress) && !agentProxy.WebProxy.IsBypassed(repositoryUrl)) { executionContext.Debug($"Save proxy config for proxy server '{agentProxy.ProxyAddress}' into git config."); ArgUtil.NotNullOrEmpty(proxyUrlWithCredString, nameof(proxyUrlWithCredString)); string proxyConfigKey = "http.proxy"; string proxyConfigValue = $"\"{proxyUrlWithCredString}\""; configModifications[proxyConfigKey] = proxyConfigValue.Trim('\"'); int exitCode_proxyconfig = await gitCommandManager.GitConfig(executionContext, targetPath, proxyConfigKey, proxyConfigValue); if (exitCode_proxyconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_proxyconfig}"); } // Add proxy authentication method if Basic auth is enabled if (agentProxy.UseBasicAuthForProxy) { executionContext.Debug("Save proxy authentication method 'basic' to git config."); string proxyAuthMethodKey = "http.proxyAuthMethod"; string proxyAuthMethodValue = "basic"; configModifications[proxyAuthMethodKey] = proxyAuthMethodValue; int exitCode_proxyauth = await gitCommandManager.GitConfig(executionContext, targetPath, proxyAuthMethodKey, proxyAuthMethodValue); if (exitCode_proxyauth != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_proxyauth}"); } } } // save ignore ssl cert error setting to git config. if (acceptUntrustedCerts) { executionContext.Debug($"Save ignore ssl cert error config into git config."); string sslVerifyConfigKey = "http.sslVerify"; string sslVerifyConfigValue = "\"false\""; configModifications[sslVerifyConfigKey] = sslVerifyConfigValue.Trim('\"'); int exitCode_sslconfig = await gitCommandManager.GitConfig(executionContext, targetPath, sslVerifyConfigKey, sslVerifyConfigValue); if (exitCode_sslconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_sslconfig}"); } } // save CA cert setting to git config. if (useSelfSignedCACert) { executionContext.Debug($"Save CA cert config into git config."); string sslCaInfoConfigKey = "http.sslcainfo"; string sslCaInfoConfigValue = $"\"{agentCert.CACertificateFile}\""; configModifications[sslCaInfoConfigKey] = sslCaInfoConfigValue.Trim('\"'); int exitCode_sslconfig = await gitCommandManager.GitConfig(executionContext, targetPath, sslCaInfoConfigKey, sslCaInfoConfigValue); if (exitCode_sslconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_sslconfig}"); } } // save client cert setting to git config. if (useClientCert) { executionContext.Debug($"Save client cert config into git config."); string sslCertConfigKey = "http.sslcert"; string sslCertConfigValue = $"\"{agentCert.ClientCertificateFile}\""; string sslKeyConfigKey = "http.sslkey"; string sslKeyConfigValue = $"\"{agentCert.CACertificateFile}\""; configModifications[sslCertConfigKey] = sslCertConfigValue.Trim('\"'); configModifications[sslKeyConfigKey] = sslKeyConfigValue.Trim('\"'); int exitCode_sslconfig = await gitCommandManager.GitConfig(executionContext, targetPath, sslCertConfigKey, sslCertConfigValue); if (exitCode_sslconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_sslconfig}"); } exitCode_sslconfig = await gitCommandManager.GitConfig(executionContext, targetPath, sslKeyConfigKey, sslKeyConfigValue); if (exitCode_sslconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_sslconfig}"); } // the client private key has a password if (!string.IsNullOrEmpty(clientCertPrivateKeyAskPassFile)) { string sslCertPasswordProtectedConfigKey = "http.sslcertpasswordprotected"; string sslCertPasswordProtectedConfigValue = "true"; string askPassConfigKey = "core.askpass"; string askPassConfigValue = $"\"{clientCertPrivateKeyAskPassFile}\""; configModifications[sslCertPasswordProtectedConfigKey] = sslCertPasswordProtectedConfigValue.Trim('\"'); configModifications[askPassConfigKey] = askPassConfigValue.Trim('\"'); exitCode_sslconfig = await gitCommandManager.GitConfig(executionContext, targetPath, sslCertPasswordProtectedConfigKey, sslCertPasswordProtectedConfigValue); if (exitCode_sslconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_sslconfig}"); } exitCode_sslconfig = await gitCommandManager.GitConfig(executionContext, targetPath, askPassConfigKey, askPassConfigValue); if (exitCode_sslconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_sslconfig}"); } } } } if (gitLfsSupport) { bool lfsSupportAuthHeader = GitLfsSupportUseAuthHeader(executionContext, gitCommandManager); if (lfsSupportAuthHeader && exposeCred) { string configKey = $"http.{repositoryUrl.AbsoluteUri}.extraheader"; string configValue = $"\"AUTHORIZATION: {GenerateAuthHeader(executionContext, username, password, useBearerAuthType)}\""; configModifications[configKey] = configValue.Trim('\"'); if (gitUseSecureParameterPassing) { await SetAuthTokenInGitConfig(executionContext, gitCommandManager, targetPath, configKey, configValue.Trim('\"')); } else { int exitCode_config = await gitCommandManager.GitConfig(executionContext, targetPath, configKey, configValue); if (exitCode_config != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_config}"); } } } if (!lfsSupportAuthHeader && !exposeCred) { // remove cached credential from origin's lfs fetch/push url. executionContext.Debug("Remove git-lfs fetch and push url setting from git config."); await RemoveGitConfig(executionContext, gitCommandManager, targetPath, "remote.origin.lfsurl", gitLfsUrlWithCred.AbsoluteUri); configModifications.Remove("remote.origin.lfsurl"); await RemoveGitConfig(executionContext, gitCommandManager, targetPath, "remote.origin.lfspushurl", gitLfsUrlWithCred.AbsoluteUri); configModifications.Remove("remote.origin.lfspushurl"); } } if (useClientCert && !string.IsNullOrEmpty(clientCertPrivateKeyAskPassFile) && !exposeCred) { executionContext.Debug("Remove git.sslkey askpass file."); IOUtil.DeleteFile(clientCertPrivateKeyAskPassFile); } } // Set intra-task variable for post job cleanup executionContext.SetTaskVariable("repository", repository.Alias); if (selfManageGitCreds) { // no needs to cleanup creds, since customer choose to manage creds themselves. executionContext.SetTaskVariable("cleanupcreds", "false"); } else if (exposeCred) { executionContext.SetTaskVariable("cleanupcreds", "true"); } if (preferGitFromPath) { // use git from PATH executionContext.SetTaskVariable("preferPath", "true"); } if (repositoryUrlWithCred != null) { executionContext.SetTaskVariable("repoUrlWithCred", repositoryUrlWithCred.AbsoluteUri, true); } if (configModifications.Count > 0) { executionContext.SetTaskVariable("modifiedgitconfig", JsonUtility.ToString(configModifications), true); } if (useClientCert && !string.IsNullOrEmpty(clientCertPrivateKeyAskPassFile)) { executionContext.SetTaskVariable("clientCertAskPass", clientCertPrivateKeyAskPassFile); } await RunGitStatusIfSystemDebug(executionContext, gitCommandManager, targetPath); } public async Task PostJobCleanupAsync(AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(repository, nameof(repository)); executionContext.Output($"Cleaning any cached credential from repository: {repository.Properties.Get(Pipelines.RepositoryPropertyNames.Name)} ({repository.Type})"); Uri repositoryUrl = repository.Url; string targetPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); executionContext.Debug($"Repository url={repositoryUrl}"); executionContext.Debug($"targetPath={targetPath}"); bool cleanupCreds = StringUtil.ConvertToBoolean(executionContext.TaskVariables.GetValueOrDefault("cleanupcreds")?.Value); if (cleanupCreds) { bool preferGitFromPath = StringUtil.ConvertToBoolean(executionContext.TaskVariables.GetValueOrDefault("preferPath")?.Value); // Initialize git command manager GitCliManager gitCommandManager = GetCliManager(); await gitCommandManager.LoadGitExecutionInfo(executionContext, useBuiltInGit: !preferGitFromPath); executionContext.Debug("Remove any extraheader, proxy and client cert setting from git config."); var configModifications = JsonUtility.FromString>(executionContext.TaskVariables.GetValueOrDefault("modifiedgitconfig")?.Value); if (configModifications != null && configModifications.Count > 0) { foreach (var config in configModifications) { await RemoveGitConfig(executionContext, gitCommandManager, targetPath, config.Key, config.Value); } } var repositoryUrlWithCred = executionContext.TaskVariables.GetValueOrDefault("repoUrlWithCred")?.Value; if (string.IsNullOrEmpty(repositoryUrlWithCred)) { await RemoveCachedCredential(executionContext, gitCommandManager, new Uri(repositoryUrlWithCred), targetPath, repositoryUrl, "origin"); } } // delete client cert askpass file. string clientCertPrivateKeyAskPassFile = executionContext.TaskVariables.GetValueOrDefault("clientCertAskPass")?.Value; if (!string.IsNullOrEmpty(clientCertPrivateKeyAskPassFile)) { IOUtil.DeleteFile(clientCertPrivateKeyAskPassFile); } } public async void SetGitFeatureFlagsConfiguration( AgentTaskPluginExecutionContext executionContext, IGitCliManager gitCommandManager, string targetPath) { if (AgentKnobs.UseGitSingleThread.GetValue(executionContext).AsBoolean()) { await gitCommandManager.GitConfig(executionContext, targetPath, "pack.threads", "1"); } if (AgentKnobs.FixPossibleGitOutOfMemoryProblem.GetValue(executionContext).AsBoolean()) { await gitCommandManager.GitConfig(executionContext, targetPath, "pack.windowmemory", "256m"); await gitCommandManager.GitConfig(executionContext, targetPath, "pack.deltaCacheSize", "256m"); await gitCommandManager.GitConfig(executionContext, targetPath, "pack.packSizeLimit", "256m"); await gitCommandManager.GitConfig(executionContext, targetPath, "http.postBuffer", "524288000"); await gitCommandManager.GitConfig(executionContext, targetPath, "core.packedgitwindowsize", "256m"); await gitCommandManager.GitConfig(executionContext, targetPath, "core.packedgitlimit", "256m"); } if (AgentKnobs.UseGitLongPaths.GetValue(executionContext).AsBoolean()) { await gitCommandManager.GitConfig(executionContext, targetPath, "core.longpaths", "true"); } } protected virtual GitCliManager GetCliManager(Dictionary gitEnv = null) { return new GitCliManager(gitEnv); } private async Task IsRepositoryOriginUrlMatch(AgentTaskPluginExecutionContext context, GitCliManager gitCommandManager, string repositoryPath, Uri expectedRepositoryOriginUrl) { context.Debug($"Checking if the repo on {repositoryPath} matches the expected repository origin URL. expected Url: {expectedRepositoryOriginUrl.AbsoluteUri}"); if (!Directory.Exists(Path.Combine(repositoryPath, ".git"))) { // There is no repo directory context.Debug($"Repository is not found since '.git' directory does not exist under. {repositoryPath}"); return false; } Uri remoteUrl; remoteUrl = await gitCommandManager.GitGetFetchUrl(context, repositoryPath); if (remoteUrl == null) { // origin fetch url not found. context.Debug("Repository remote origin fetch url is empty."); return false; } context.Debug($"Repository remote origin fetch url is {remoteUrl}"); // compare the url passed in with the remote url found if (expectedRepositoryOriginUrl.Equals(remoteUrl)) { context.Debug("URLs match."); return true; } else { context.Debug($"The remote.origin.url of the repository under root folder '{repositoryPath}' doesn't matches source repository url."); return false; } } private IEnumerable ParseFetchFilterOptions(AgentTaskPluginExecutionContext context, string fetchFilter) { if (!AgentKnobs.UseFetchFilterInCheckoutTask.GetValue(context).AsBoolean()) { return Enumerable.Empty(); } if (string.IsNullOrEmpty(fetchFilter)) { return Enumerable.Empty(); } // parse filter and only include valid options var filters = new List(); var splitFilter = fetchFilter.Split('+').Where(filter => !string.IsNullOrWhiteSpace(filter)).ToList(); foreach (string filter in splitFilter) { var parsedFilter = filter.Split(':') .Where(filter => !string.IsNullOrWhiteSpace(filter)) .Select(filter => filter.Trim()) .ToList(); if (parsedFilter.Count == 2) { switch (parsedFilter[0].ToLower()) { case "tree": // currently only supporting treeless filter if (int.TryParse(parsedFilter[1], out int treeSize) && treeSize == 0) { filters.Add($"{parsedFilter[0]}:{treeSize}"); } break; case "blob": // currently only supporting blobless filter if (parsedFilter[1].Equals("none", StringComparison.OrdinalIgnoreCase)) { filters.Add($"{parsedFilter[0]}:{parsedFilter[1]}"); } break; default: // either invalid or unsupported git object break; } } } return filters; } private async Task IsPartialCloneRepository(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager, string targetPath) { try { // Skip check if .git directory doesn't exist (not a Git repository) string gitDir = Path.Combine(targetPath, ".git"); if (!Directory.Exists(gitDir)) { executionContext.Debug("Not a Git repository: .git directory does not exist"); return false; } // Check for promisor remote configuration (primary indicator) if (await gitCommandManager.GitConfigExist(executionContext, targetPath, "remote.origin.promisor")) { executionContext.Debug("Detected partial clone: remote.origin.promisor exists"); return true; } // Check for partial clone filter configuration (secondary indicator) if (await gitCommandManager.GitConfigExist(executionContext, targetPath, "remote.origin.partialclonefilter")) { executionContext.Debug("Detected partial clone: remote.origin.partialclonefilter exists"); return true; } return false; } catch (Exception ex) { // Default to false on detection failure to avoid breaking builds executionContext.Debug($"Failed to detect partial clone state: {ex.Message}"); return false; } } private async Task RunGitStatusIfSystemDebug(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager, string targetPath) { if (executionContext.IsSystemDebugTrue()) { var exitCode_gitStatus = await gitCommandManager.GitStatus(executionContext, targetPath); if (exitCode_gitStatus != 0) { executionContext.Warning($"git status failed with exit code: {exitCode_gitStatus}"); } } } private async Task RemoveGitConfig(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager, string targetPath, string configKey, string configValue) { int exitCode_configUnset = await gitCommandManager.GitConfigUnset(executionContext, targetPath, configKey); if (exitCode_configUnset != 0) { // if unable to use git.exe unset http.extraheader, http.proxy or core.askpass, modify git config file on disk. make sure we don't left credential. if (!string.IsNullOrEmpty(configValue)) { executionContext.Warning(StringUtil.Loc("AttemptRemoveCredFromConfig", configKey)); string gitConfig = Path.Combine(targetPath, ".git/config"); if (File.Exists(gitConfig)) { string gitConfigContent = File.ReadAllText(Path.Combine(targetPath, ".git", "config")); if (gitConfigContent.Contains(configKey)) { string setting = $"extraheader = {configValue}"; gitConfigContent = Regex.Replace(gitConfigContent, setting, string.Empty, RegexOptions.IgnoreCase); setting = $"proxy = {configValue}"; gitConfigContent = Regex.Replace(gitConfigContent, setting, string.Empty, RegexOptions.IgnoreCase); setting = $"askpass = {configValue}"; gitConfigContent = Regex.Replace(gitConfigContent, setting, string.Empty, RegexOptions.IgnoreCase); File.WriteAllText(gitConfig, gitConfigContent); } } } else { executionContext.Warning(StringUtil.Loc("FailToRemoveGitConfig", configKey, configKey, targetPath)); } } } private async Task ReplaceTokenPlaceholder(AgentTaskPluginExecutionContext executionContext, string targetPath, string configKey, string tokenPlaceholderConfigValue, string configValue) { //modify git config file on disk. if (!string.IsNullOrEmpty(configValue)) { string gitConfig = Path.Combine(targetPath, ".git/config"); if (File.Exists(gitConfig)) { string gitConfigContent = File.ReadAllText(Path.Combine(targetPath, ".git", "config")); using (StreamWriter config = new StreamWriter(gitConfig)) { if (gitConfigContent.Contains(tokenPlaceholderConfigValue)) { executionContext.Debug($"Replace token placeholder in git config file"); gitConfigContent = Regex.Replace(gitConfigContent, tokenPlaceholderConfigValue, configValue, RegexOptions.IgnoreCase); } await config.WriteAsync(gitConfigContent); } } } else { executionContext.Warning(StringUtil.Loc("FailToReplaceTokenPlaceholderInGitConfig", configKey)); } } private async Task RemoveCachedCredential(AgentTaskPluginExecutionContext context, GitCliManager gitCommandManager, Uri repositoryUrlWithCred, string repositoryPath, Uri repositoryUrl, string remoteName) { // there is nothing cached in repository Url. if (repositoryUrlWithCred == null) { return; } //remove credential from fetch url context.Debug("Remove injected credential from git remote fetch url."); int exitCode_seturl = await gitCommandManager.GitRemoteSetUrl(context, repositoryPath, remoteName, repositoryUrl.AbsoluteUri); context.Debug("Remove injected credential from git remote push url."); int exitCode_setpushurl = await gitCommandManager.GitRemoteSetPushUrl(context, repositoryPath, remoteName, repositoryUrl.AbsoluteUri); if (exitCode_seturl != 0 || exitCode_setpushurl != 0) { // if unable to use git.exe set fetch url back, modify git config file on disk. make sure we don't left credential. context.Warning("Unable to use git.exe remove injected credential from git remote fetch url, modify git config file on disk to remove injected credential."); string gitConfig = Path.Combine(repositoryPath, ".git/config"); if (File.Exists(gitConfig)) { string gitConfigContent = File.ReadAllText(Path.Combine(repositoryPath, ".git", "config")); gitConfigContent = gitConfigContent.Replace(repositoryUrlWithCred.AbsoluteUri, repositoryUrl.AbsoluteUri); File.WriteAllText(gitConfig, gitConfigContent); } } } private bool IsPullRequest(string sourceBranch) { return !string.IsNullOrEmpty(sourceBranch) && (sourceBranch.StartsWith(_pullRefsPrefix, StringComparison.OrdinalIgnoreCase) || sourceBranch.StartsWith(_remotePullRefsPrefix, StringComparison.OrdinalIgnoreCase)); } private string GetRemoteRefName(string refName) { if (string.IsNullOrEmpty(refName)) { // If the refName is empty return the remote name for master refName = _remoteRefsPrefix + "master"; } else if (refName.Equals("master", StringComparison.OrdinalIgnoreCase)) { // If the refName is master return the remote name for master refName = _remoteRefsPrefix + refName; } else if (refName.StartsWith(_refsPrefix, StringComparison.OrdinalIgnoreCase)) { // If the refName is refs/heads change it to the remote version of the name refName = _remoteRefsPrefix + refName.Substring(_refsPrefix.Length); } else if (refName.StartsWith(_pullRefsPrefix, StringComparison.OrdinalIgnoreCase)) { // If the refName is refs/pull change it to the remote version of the name refName = refName.Replace(_pullRefsPrefix, _remotePullRefsPrefix); } return refName; } private string ComposeGitArgs(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager, string configKey, string username, string password, bool useBearerAuthType) { bool gitSupportsConfigEnv = GitSupportsConfigEnv(executionContext, gitCommandManager); bool gitUseSecureParameterPassing = AgentKnobs.GitUseSecureParameterPassing.GetValue(executionContext).AsBoolean(); string configValue = $"AUTHORIZATION: {GenerateAuthHeader(executionContext, username, password, useBearerAuthType)}"; // if git version is v2.31 or higher and GitUseSecureParameterPassing knob is enabled if (gitSupportsConfigEnv && gitUseSecureParameterPassing) { string envVariableName = $"env_var_{configKey}"; Environment.SetEnvironmentVariable(envVariableName, configValue); executionContext.Debug($"Set environment variable {envVariableName}"); return $"--config-env={configKey}={envVariableName}"; } else { executionContext.Debug($"Use git -c option"); return $"-c {configKey}=\"{configValue}\""; } } protected virtual string GetWISCToken(ServiceEndpoint endpoint, AgentTaskPluginExecutionContext executionContext, CancellationToken cancellationToken) { var tenantId = ""; var clientId = ""; endpoint.Authorization?.Parameters?.TryGetValue(_tenantId, out tenantId); endpoint.Authorization?.Parameters?.TryGetValue(_clientId, out clientId); var app = ConfidentialClientApplicationBuilder.Create(clientId) .WithAuthority(string.Format(_entraURI, tenantId)) .WithRedirectUri(_clientAssertionType) .WithClientAssertion(async (AssertionRequestOptions options) => { var systemConnection = executionContext.Endpoints.SingleOrDefault(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.Ordinal)); ArgUtil.NotNull(systemConnection, nameof(systemConnection)); VssCredentials vssCredentials = VssUtil.GetVssCredential(systemConnection); var collectionUri = new Uri(executionContext.Variables.GetValueOrDefault("system.collectionuri")?.Value); using VssConnection vssConnection = VssUtil.CreateConnection(collectionUri, vssCredentials, trace: null); TaskHttpClient taskClient = vssConnection.GetClient(); var idToken = await taskClient.CreateOidcTokenAsync( scopeIdentifier: new Guid(executionContext.Variables.GetValueOrDefault("system.teamprojectid")?.Value), hubName: executionContext.Variables.GetValueOrDefault("system.hosttype")?.Value, planId: new Guid(executionContext.Variables.GetValueOrDefault("system.planid")?.Value), jobId: new Guid(executionContext.Variables.GetValueOrDefault("system.jobId")?.Value), serviceConnectionId: endpoint.Id, claims: null, cancellationToken: cancellationToken ); return idToken.OidcToken; }) .Build(); var authenticationResult = app.AcquireTokenForClient(new string[] { _scopeId }).ExecuteAsync(cancellationToken).GetAwaiter().GetResult(); return authenticationResult.AccessToken; } private async Task SetAuthTokenInGitConfig(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager, string targetPath, string configKey, string configValue) { // Configure a placeholder value. This approach avoids the credential being captured // by process creation audit events, which are commonly logged. For more information, // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing Guid tokenPlaceholder = Guid.NewGuid(); string tokenPlaceholderConfigValue = $"\"AUTHORIZATION: placeholder_{tokenPlaceholder}\""; executionContext.Debug($"Configured placeholder: {tokenPlaceholderConfigValue}"); int exitCode_config = await gitCommandManager.GitConfig(executionContext, targetPath, configKey, tokenPlaceholderConfigValue); if (exitCode_config != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_config}"); } await ReplaceTokenPlaceholder(executionContext, targetPath, configKey, tokenPlaceholderConfigValue.Trim('\"'), configValue); } } } ================================================ FILE: src/Agent.Plugins/ITfsVCCliManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Agent.Plugins.Repository { public interface ITfsVCCliManager { CancellationToken CancellationToken { set; } Pipelines.RepositoryResource Repository { set; } AgentTaskPluginExecutionContext ExecutionContext { set; } ServiceEndpoint Endpoint { set; } TfsVCFeatures Features { get; } string FilePath { get; } void SetupProxy(string proxyUrl, string proxyUsername, string proxyPassword); void SetupClientCertificate(string clientCert, string clientCertKey, string clientCertArchive, string clientCertPassword); bool TestEulaAccepted(); Task EulaAsync(); Task WorkspacesAsync(bool matchWorkspaceNameOnAnyComputer = false); Task StatusAsync(string localPath); Task UndoAsync(string localPath); Task ScorchAsync(); Task TryWorkspaceDeleteAsync(ITfsVCWorkspace workspace); Task WorkspaceDeleteAsync(ITfsVCWorkspace workspace); Task WorkspacesRemoveAsync(ITfsVCWorkspace workspace); Task WorkspaceNewAsync(); Task WorkfoldUnmapAsync(string serverPath); Task WorkfoldMapAsync(string serverPath, string localPath); Task WorkfoldCloakAsync(string serverPath); Task GetAsync(string localPath, bool quiet = false); Task AddAsync(string localPath); Task ShelveAsync(string shelveset, string commentFile, bool move); Task ShelvesetsAsync(string shelveset); Task UnshelveAsync(string shelveset, bool failOnNonZeroExitCode); void CleanupProxySetting(); } } ================================================ FILE: src/Agent.Plugins/PipelineArtifact/FilePathServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.Agent.Blob; namespace Agent.Plugins.PipelineArtifact { public class FilePathServer { internal async Task UploadAsync( AgentTaskPluginExecutionContext context, Guid projectId, int buildId, string artifactName, string targetPath, string fileSharePath, CancellationToken token) { string artifactPath = Path.Join(fileSharePath, artifactName); Directory.CreateDirectory(artifactPath); VssConnection connection = context.VssConnection; BuildServer buildServer = new BuildServer(connection); var propertiesDictionary = new Dictionary { { FileShareArtifactUploadEventProperties.ArtifactName, artifactName }, { FileShareArtifactUploadEventProperties.ArtifactType, PipelineArtifactConstants.FileShareArtifact }, { FileShareArtifactUploadEventProperties.ArtifactLocation, fileSharePath } }; // Associate the pipeline artifact with a build artifact. var artifact = await buildServer.AssociateArtifactAsync(projectId, buildId, artifactName, context.Variables.GetValueOrDefault(WellKnownDistributedTaskVariables.JobId)?.Value ?? string.Empty, ArtifactResourceTypes.FilePath, fileSharePath, propertiesDictionary, token); var parallel = context.GetInput(FileShareArtifactUploadEventProperties.Parallel, required: false); var parallelCount = parallel == "true" ? GetParallelCount(context, context.GetInput(FileShareArtifactUploadEventProperties.ParallelCount, required: false)) : 1; if (Directory.Exists(fileSharePath)) { FileShareProvider provider = new FileShareProvider(context, connection, context.CreateArtifactsTracer(), DedupManifestArtifactClientFactory.Instance); await provider.PublishArtifactAsync(targetPath, artifactPath, parallelCount, token); context.Output(StringUtil.Loc("CopyFileComplete", artifactPath)); } } internal static class FileShareArtifactUploadEventProperties { public const string ArtifactName = "artifactname"; public const string ArtifactLocation = "artifactlocation"; public const string ArtifactType = "artifacttype"; public const string ParallelCount = "parallelCount"; public const string Parallel = "parallel"; } // Enter the degree of parallelism, or number of threads used, to perform the copy. The value must be at least 1 and not greater than 128. // This is the same logic as the build artifact tasks https://github.com/microsoft/azure-pipelines-tasks/blob/master/Tasks/PublishBuildArtifactsV1/publishbuildartifacts.ts private int GetParallelCount(AgentTaskPluginExecutionContext context, string parallelCount) { var result = 8; if (int.TryParse(parallelCount, out result)) { if (result < 1) { context.Output(StringUtil.Loc("UnexpectedParallelCount")); result = 1; } else if (result > 128) { context.Output(StringUtil.Loc("UnexpectedParallelCount")); result = 128; } } else { throw new ArgumentException(StringUtil.Loc("ParallelCountNotANumber")); } return result; } } } ================================================ FILE: src/Agent.Plugins/PipelineArtifact/PipelineArtifactPlugin.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.Agent.Util; using Agent.Sdk; using System.Text.RegularExpressions; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using System.Linq; using System.Text.Json; namespace Agent.Plugins.PipelineArtifact { public abstract class PipelineArtifactTaskPluginBase : IAgentTaskPlugin { public abstract Guid Id { get; } public string Stage => "main"; protected IAppTraceSource tracer; public async Task RunAsync(AgentTaskPluginExecutionContext context, CancellationToken token) { ArgUtil.NotNull(context, nameof(context)); // Path // TODO: Translate targetPath from container to host (Ting) string targetPath = context.GetInput(ArtifactEventProperties.TargetPath, required: true); this.tracer = context.CreateArtifactsTracer(); await ProcessCommandInternalAsync(context, targetPath, token); } // Process the command with preprocessed arguments. protected abstract Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, string targetPath, CancellationToken token); // Properties set by tasks protected static class ArtifactEventProperties { public static readonly string ArtifactName = "artifactName"; public static readonly string TargetPath = "targetPath"; public static readonly string PipelineId = "pipelineId"; } protected virtual string GetArtifactName(AgentTaskPluginExecutionContext context) { return context.GetInput(ArtifactEventProperties.ArtifactName, required: true); } } // Caller: PublishPipelineArtifact task // Can be invoked from a build run or a release run should a build be set as the artifact. public class PublishPipelineArtifactTask : PipelineArtifactTaskPluginBase { // Same as: https://github.com/Microsoft/vsts-tasks/blob/master/Tasks/PublishPipelineArtifactV0/task.json public override Guid Id => PipelineArtifactPluginConstants.PublishPipelineArtifactTaskId; // create a normalized identifier-compatible string (A-Z, a-z, 0-9, -, and .) and remove .default since it's redundant public static readonly Regex jobIdentifierRgx = new Regex("[^a-zA-Z0-9 - .]", RegexOptions.Compiled | RegexOptions.CultureInvariant); private const string customProperties = "properties"; protected override async Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, string targetPath, CancellationToken token) { string artifactName = this.GetArtifactName(context); if (String.IsNullOrWhiteSpace(artifactName)) { string jobIdentifier = context.Variables.GetValueOrDefault("system.jobIdentifier").Value; var normalizedJobIdentifier = NormalizeJobIdentifier(jobIdentifier); artifactName = normalizedJobIdentifier; } string hostType = context.Variables.GetValueOrDefault("system.hosttype")?.Value; if (!string.Equals(hostType, "Build", StringComparison.OrdinalIgnoreCase)) { throw new InvalidOperationException( StringUtil.Loc("CannotUploadFromCurrentEnvironment", hostType ?? string.Empty)); } // Project ID Guid projectId = new Guid(context.Variables.GetValueOrDefault(BuildVariables.TeamProjectId)?.Value ?? Guid.Empty.ToString()); ArgUtil.NotEmpty(projectId, nameof(projectId)); // Build ID string buildIdStr = context.Variables.GetValueOrDefault(BuildVariables.BuildId)?.Value ?? string.Empty; if (!int.TryParse(buildIdStr, out int buildId)) { // This should not happen since the build id comes from build environment. But a user may override that so we must be careful. throw new ArgumentException(StringUtil.Loc("BuildIdIsNotValid", buildIdStr)); } string fullPath = Path.GetFullPath(targetPath); bool isFile = File.Exists(fullPath); bool isDir = Directory.Exists(fullPath); if (!isFile && !isDir) { // if local path is neither file nor folder throw new FileNotFoundException(StringUtil.Loc("PathDoesNotExist", targetPath)); } string propertiesStr = context.GetInput(customProperties, required: false); IDictionary properties = ParseCustomProperties(propertiesStr); // Upload to VSTS BlobStore, and associate the artifact with the build. context.Output(StringUtil.Loc("UploadingPipelineArtifact", fullPath, buildId)); PipelineArtifactServer server = new PipelineArtifactServer(tracer); await server.UploadAsync(context, projectId, buildId, artifactName, fullPath, properties, token); context.Output(StringUtil.Loc("UploadArtifactFinished")); } private IDictionary ParseCustomProperties(string properties) { if (string.IsNullOrWhiteSpace(properties)) { return null; } try { var propertyBag = StringUtil.ConvertFromJson>(properties); var prefixMissing = propertyBag.Keys.FirstOrDefault(k => !k.StartsWith(PipelineArtifactConstants.CustomPropertiesPrefix)); if (!string.IsNullOrWhiteSpace(prefixMissing)) { throw new InvalidOperationException(StringUtil.Loc("ArtifactCustomPropertyInvalid", prefixMissing)); } return propertyBag; } catch (JsonException) { throw new ArgumentException(StringUtil.Loc("ArtifactCustomPropertiesNotJson", properties)); } } private string NormalizeJobIdentifier(string jobIdentifier) { jobIdentifier = jobIdentifierRgx.Replace(jobIdentifier, string.Empty).Replace(".default", string.Empty); return jobIdentifier; } } // Caller: DownloadPipelineArtifact task // Can be invoked from a build run or a release run should a build be set as the artifact. public class DownloadPipelineArtifactTask : PipelineArtifactTaskPluginBase { // Same as https://github.com/Microsoft/vsts-tasks/blob/master/Tasks/DownloadPipelineArtifactV0/task.json public override Guid Id => PipelineArtifactPluginConstants.DownloadPipelineArtifactTaskId; protected override async Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, string targetPath, CancellationToken token) { string artifactName = this.GetArtifactName(context); // Create target directory if absent string fullPath = Path.GetFullPath(targetPath); bool isDir = Directory.Exists(fullPath); if (!isDir) { Directory.CreateDirectory(fullPath); } // Project ID // TODO: use a constant for project id, which is currently defined in Microsoft.VisualStudio.Services.Agent.Constants.Variables.System.TeamProjectId (Ting) string guidStr = context.Variables.GetValueOrDefault("system.teamProjectId")?.Value; Guid.TryParse(guidStr, out Guid projectId); ArgUtil.NotEmpty(projectId, nameof(projectId)); // Build ID int buildId = 0; string buildIdStr = context.GetInput(ArtifactEventProperties.PipelineId, required: false); // Determine the build id if (Int32.TryParse(buildIdStr, out buildId) && buildId != 0) { // A) Build Id provided by user input context.Output(StringUtil.Loc("DownloadingFromBuild", buildId)); } else { // B) Build Id provided by environment buildIdStr = context.Variables.GetValueOrDefault(BuildVariables.BuildId)?.Value ?? string.Empty; if (int.TryParse(buildIdStr, out buildId) && buildId != 0) { context.Output(StringUtil.Loc("DownloadingFromBuild", buildId)); } else { string hostType = context.Variables.GetValueOrDefault("system.hosttype")?.Value; if (string.Equals(hostType, "Release", StringComparison.OrdinalIgnoreCase) || string.Equals(hostType, "DeploymentGroup", StringComparison.OrdinalIgnoreCase)) { throw new InvalidOperationException(StringUtil.Loc("BuildIdIsNotAvailable", hostType ?? string.Empty, hostType ?? string.Empty)); } else if (!string.Equals(hostType, "Build", StringComparison.OrdinalIgnoreCase)) { throw new InvalidOperationException(StringUtil.Loc("CannotDownloadFromCurrentEnvironment", hostType ?? string.Empty)); } else { // This should not happen since the build id comes from build environment. But a user may override that so we must be careful. throw new ArgumentException(StringUtil.Loc("BuildIdIsNotValid", buildIdStr)); } } } // Download from VSTS BlobStore context.Output(StringUtil.Loc("DownloadArtifactTo", targetPath)); PipelineArtifactServer server = new PipelineArtifactServer(tracer); await server.DownloadAsync(context, projectId, buildId, artifactName, targetPath, token); context.Output(StringUtil.Loc("DownloadArtifactFinished")); } } public class PublishPipelineArtifactTaskV0_140_0 : PublishPipelineArtifactTask { protected override string GetArtifactName(AgentTaskPluginExecutionContext context) { return context.GetInput(ArtifactEventProperties.ArtifactName, required: false); } } } ================================================ FILE: src/Agent.Plugins/PipelineArtifact/PipelineArtifactPluginConstants.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Agent.Plugins.PipelineArtifact { public static class PipelineArtifactPluginConstants { public static readonly Guid PublishPipelineArtifactTaskId = new Guid("ECDC45F6-832D-4AD9-B52B-EE49E94659BE"); public static readonly Guid DownloadPipelineArtifactTaskId = new Guid("61F2A582-95AE-4948-B34D-A1B3C4F6A737"); } } ================================================ FILE: src/Agent.Plugins/PipelineArtifact/PipelineArtifactPluginUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; namespace Agent.Plugins.PipelineArtifact { public static class PipelineArtifactPathHelper { // This collection of invalid characters is based on the characters that are illegal in Windows/NTFS filenames. // Also prevent files (pipeline artifact names) from containing "/" or "\" due to the added complexity this introduces for file pattern matching on download. private static readonly char[] ForbiddenArtifactNameChars = new char[] { (char) 0, (char) 1, (char) 2, (char) 3, (char) 4, (char) 5, (char) 6, (char) 7, (char) 8, (char) 9, (char) 10, (char) 11, (char) 12, (char) 13, (char) 14, (char) 15, (char) 16, (char) 17, (char) 18, (char) 19, (char) 20, (char) 21, (char) 22, (char) 23, (char) 24, (char) 25, (char) 26, (char) 27, (char) 28, (char) 29, (char) 30, (char) 31, '"', ':', '<', '>', '|', '*', '?', '/', '\\' }; private static readonly HashSet ForbiddenArtifactNameCharsSet = new HashSet(ForbiddenArtifactNameChars); public static bool IsValidArtifactName(string artifactName) { return !artifactName.Any(c => ForbiddenArtifactNameCharsSet.Contains(c)); } } } ================================================ FILE: src/Agent.Plugins/PipelineArtifact/PipelineArtifactPluginV1.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Agent.Sdk; using System.Text.RegularExpressions; using System.Runtime.InteropServices; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Newtonsoft.Json; namespace Agent.Plugins.PipelineArtifact { public abstract class PipelineArtifactTaskPluginBaseV1 : IAgentTaskPlugin { public abstract Guid Id { get; } protected virtual string TargetPath => "targetPath"; protected virtual string PipelineId => "pipelineId"; protected IAppTraceSource tracer; public string Stage => "main"; public Task RunAsync(AgentTaskPluginExecutionContext context, CancellationToken token) { this.tracer = context.CreateArtifactsTracer(); return this.ProcessCommandInternalAsync(context, token); } protected abstract Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, CancellationToken token); // Properties set by tasks protected static class ArtifactEventProperties { public static readonly string BuildType = "buildType"; public static readonly string Project = "project"; public static readonly string BuildPipelineDefinition = "definition"; public static readonly string BuildTriggering = "specificBuildWithTriggering"; public static readonly string BuildVersionToDownload = "buildVersionToDownload"; public static readonly string BranchName = "branchName"; public static readonly string Tags = "tags"; public static readonly string ArtifactName = "artifactName"; public static readonly string ItemPattern = "itemPattern"; public static readonly string ArtifactType = "artifactType"; public static readonly string FileSharePath = "fileSharePath"; } } // Caller: PublishPipelineArtifact task // Can be invoked from a build run or a release run should a build be set as the artifact. public class PublishPipelineArtifactTaskV1 : PipelineArtifactTaskPluginBaseV1 { public override Guid Id => PipelineArtifactPluginConstants.PublishPipelineArtifactTaskId; protected override string TargetPath => "path"; private static readonly Regex jobIdentifierRgx = new Regex("[^a-zA-Z0-9 - .]", RegexOptions.Compiled | RegexOptions.CultureInvariant); private const string pipelineType = "pipeline"; private const string fileShareType = "filepath"; private const string customProperties = "properties"; protected override async Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, CancellationToken token) { string artifactName = context.GetInput(ArtifactEventProperties.ArtifactName, required: false); if (string.IsNullOrEmpty(artifactName)) { context.Output($"Artifact name was not inserted for publishing."); } else { context.Output($"Artifact name input: {artifactName}"); } string targetPath = context.GetInput(TargetPath, required: true); string artifactType = context.GetInput(ArtifactEventProperties.ArtifactType, required: false); artifactType = string.IsNullOrEmpty(artifactType) ? pipelineType : artifactType.ToLower(); string defaultWorkingDirectory = context.Variables.GetValueOrDefault("system.defaultworkingdirectory").Value; string propertiesStr = context.GetInput(customProperties, required: false); IDictionary properties = ParseCustomProperties(propertiesStr); bool onPrem = !String.Equals(context.Variables.GetValueOrDefault(WellKnownDistributedTaskVariables.ServerType)?.Value, "Hosted", StringComparison.OrdinalIgnoreCase); if (onPrem) { throw new InvalidOperationException(StringUtil.Loc("OnPremIsNotSupported")); } targetPath = Path.IsPathFullyQualified(targetPath) ? targetPath : Path.GetFullPath(Path.Combine(defaultWorkingDirectory, targetPath)); // Project ID var teamProjectId = context.Variables.GetValueOrDefault(BuildVariables.TeamProjectId)?.Value; Guid projectId = teamProjectId != null ? new Guid(teamProjectId) : Guid.Empty; ArgUtil.NotEmpty(projectId, nameof(projectId)); // Build ID string buildIdStr = context.Variables.GetValueOrDefault(BuildVariables.BuildId)?.Value ?? string.Empty; if (!int.TryParse(buildIdStr, out int buildId)) { // This should not happen since the build id comes from build environment. But a user may override that so we must be careful. throw new ArgumentException(StringUtil.Loc("BuildIdIsNotValid", buildIdStr)); } if (artifactType == pipelineType) { string hostType = context.Variables.GetValueOrDefault(WellKnownDistributedTaskVariables.HostType)?.Value; if (!string.Equals(hostType, "Build", StringComparison.OrdinalIgnoreCase)) { throw new InvalidOperationException( StringUtil.Loc("CannotUploadFromCurrentEnvironment", hostType ?? string.Empty)); } if (String.IsNullOrWhiteSpace(artifactName)) { string jobIdentifier = context.Variables.GetValueOrDefault(WellKnownDistributedTaskVariables.JobIdentifier).Value; var normalizedJobIdentifier = NormalizeJobIdentifier(jobIdentifier); artifactName = normalizedJobIdentifier; } if (!PipelineArtifactPathHelper.IsValidArtifactName(artifactName)) { throw new ArgumentException(StringUtil.Loc("ArtifactNameIsNotValid", artifactName)); } string fullPath = Path.GetFullPath(targetPath); bool isFile = File.Exists(fullPath); bool isDir = Directory.Exists(fullPath); if (!isFile && !isDir) { // if local path is neither file nor folder throw new FileNotFoundException(StringUtil.Loc("PathDoesNotExist", targetPath)); } // Upload to VSTS BlobStore, and associate the artifact with the build. context.Output(StringUtil.Loc("UploadingPipelineArtifact", fullPath, buildId)); PipelineArtifactServer server = new PipelineArtifactServer(tracer); await server.UploadAsync(context, projectId, buildId, artifactName, fullPath, properties, token); context.Output(StringUtil.Loc("UploadArtifactFinished")); } else if (artifactType == fileShareType) { string fileSharePath = context.GetInput(ArtifactEventProperties.FileSharePath, required: true); fileSharePath = Path.IsPathFullyQualified(fileSharePath) ? fileSharePath : Path.GetFullPath(Path.Combine(defaultWorkingDirectory, fileSharePath)); if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { FilePathServer server = new FilePathServer(); await server.UploadAsync(context, projectId, buildId, artifactName, targetPath, fileSharePath, token); } else { // file share artifacts are not currently supported on OSX/Linux. throw new InvalidOperationException(StringUtil.Loc("FileShareOperatingSystemNotSupported")); } } } private IDictionary ParseCustomProperties(string properties) { if (string.IsNullOrWhiteSpace(properties)) { return null; } try { var propertyBag = StringUtil.ConvertFromJson>(properties); var prefixMissing = propertyBag.Keys.FirstOrDefault(k => !k.StartsWith(PipelineArtifactConstants.CustomPropertiesPrefix)); if (!string.IsNullOrWhiteSpace(prefixMissing)) { throw new InvalidOperationException(StringUtil.Loc("ArtifactCustomPropertyInvalid", prefixMissing)); } return propertyBag; } catch (JsonException) { throw new ArgumentException(StringUtil.Loc("ArtifactCustomPropertiesNotJson", properties)); } } private string NormalizeJobIdentifier(string jobIdentifier) { jobIdentifier = jobIdentifierRgx.Replace(jobIdentifier, string.Empty).Replace(".default", string.Empty); return jobIdentifier; } } // Can be invoked from a build run or a release run should a build be set as the artifact. public class DownloadPipelineArtifactTaskV1 : PipelineArtifactTaskPluginBaseV1 { // Same as https://github.com/Microsoft/vsts-tasks/blob/master/Tasks/DownloadPipelineArtifactV1/task.json public override Guid Id => PipelineArtifactPluginConstants.DownloadPipelineArtifactTaskId; static readonly string buildTypeCurrent = "current"; static readonly string buildTypeSpecific = "specific"; static readonly string buildVersionToDownloadLatest = "latest"; static readonly string buildVersionToDownloadSpecific = "specific"; static readonly string buildVersionToDownloadLatestFromBranch = "latestFromBranch"; protected override async Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, CancellationToken token) { ArgUtil.NotNull(context, nameof(context)); string artifactName = this.GetArtifactName(context); string branchName = context.GetInput(ArtifactEventProperties.BranchName, required: false); string buildPipelineDefinition = context.GetInput(ArtifactEventProperties.BuildPipelineDefinition, required: false); string buildType = context.GetInput(ArtifactEventProperties.BuildType, required: true); string buildTriggering = context.GetInput(ArtifactEventProperties.BuildTriggering, required: false); string buildVersionToDownload = context.GetInput(ArtifactEventProperties.BuildVersionToDownload, required: false); string targetPath = context.GetInput(TargetPath, required: true); string environmentBuildId = context.Variables.GetValueOrDefault(BuildVariables.BuildId)?.Value ?? string.Empty; // BuildID provided by environment. string itemPattern = context.GetInput(ArtifactEventProperties.ItemPattern, required: false); string projectName = context.GetInput(ArtifactEventProperties.Project, required: false); string tags = context.GetInput(ArtifactEventProperties.Tags, required: false); string userSpecifiedpipelineId = context.GetInput(PipelineId, required: false); // Empty input field "Matching pattern" must be recognised as default value '**' itemPattern = string.IsNullOrEmpty(itemPattern) ? "**" : itemPattern; string[] minimatchPatterns = itemPattern.Split( new[] { "\n" }, StringSplitOptions.RemoveEmptyEntries ); string[] tagsInput = tags.Split( new[] { "," }, StringSplitOptions.None ); PipelineArtifactServer server = new PipelineArtifactServer(tracer); ArtifactDownloadParameters downloadParameters; if (buildType == buildTypeCurrent) { // TODO: use a constant for project id, which is currently defined in Microsoft.VisualStudio.Services.Agent.Constants.Variables.System.TeamProjectId (Ting) string projectIdStr = context.Variables.GetValueOrDefault("system.teamProjectId")?.Value; if (String.IsNullOrEmpty(projectIdStr)) { throw new ArgumentNullException("Project ID cannot be null."); } Guid projectId = Guid.Parse(projectIdStr); ArgUtil.NotEmpty(projectId, nameof(projectId)); int pipelineId = 0; if (int.TryParse(environmentBuildId, out pipelineId) && pipelineId != 0) { context.Output(StringUtil.Loc("DownloadingFromBuild", pipelineId)); } else { string hostType = context.Variables.GetValueOrDefault("system.hosttype")?.Value; if (string.Equals(hostType, "Release", StringComparison.OrdinalIgnoreCase) || string.Equals(hostType, "DeploymentGroup", StringComparison.OrdinalIgnoreCase)) { throw new InvalidOperationException(StringUtil.Loc("BuildIdIsNotAvailable", hostType ?? string.Empty, hostType ?? string.Empty)); } else if (!string.Equals(hostType, "Build", StringComparison.OrdinalIgnoreCase)) { throw new InvalidOperationException(StringUtil.Loc("CannotDownloadFromCurrentEnvironment", hostType ?? string.Empty)); } else { // This should not happen since the build id comes from build environment. But a user may override that so we must be careful. throw new ArgumentException(StringUtil.Loc("BuildIdIsNotValid", environmentBuildId)); } } downloadParameters = new ArtifactDownloadParameters { ProjectRetrievalOptions = BuildArtifactRetrievalOptions.RetrieveByProjectId, ProjectId = projectId, PipelineId = pipelineId, ArtifactName = artifactName, TargetDirectory = targetPath, MinimatchFilters = minimatchPatterns, MinimatchFilterWithArtifactName = false }; } else if (buildType == buildTypeSpecific) { int? pipelineId = null; bool buildTriggeringBool = false; if (bool.TryParse(buildTriggering, out buildTriggeringBool) && buildTriggeringBool) { string triggeringPipeline = context.Variables.GetValueOrDefault("build.triggeredBy.buildId")?.Value; if (!string.IsNullOrEmpty(triggeringPipeline)) { pipelineId = int.Parse(triggeringPipeline); } } if (!pipelineId.HasValue) { if (buildVersionToDownload == buildVersionToDownloadLatest) { pipelineId = await this.GetpipelineIdAsync(context, buildPipelineDefinition, buildVersionToDownload, projectName, tagsInput); } else if (buildVersionToDownload == buildVersionToDownloadSpecific) { pipelineId = Int32.Parse(userSpecifiedpipelineId); } else if (buildVersionToDownload == buildVersionToDownloadLatestFromBranch) { pipelineId = await this.GetpipelineIdAsync(context, buildPipelineDefinition, buildVersionToDownload, projectName, tagsInput, branchName); } else { throw new InvalidOperationException("Unreachable code!"); } } context.Output(StringUtil.Loc("DownloadingFromBuild", pipelineId)); downloadParameters = new ArtifactDownloadParameters { ProjectRetrievalOptions = BuildArtifactRetrievalOptions.RetrieveByProjectName, ProjectName = projectName, PipelineId = pipelineId.Value, ArtifactName = artifactName, TargetDirectory = targetPath, MinimatchFilters = minimatchPatterns, MinimatchFilterWithArtifactName = false }; } else { throw new InvalidOperationException($"Build type '{buildType}' is not recognized."); } string fullPath = this.CreateDirectoryIfDoesntExist(targetPath); DownloadOptions downloadOptions; if (string.IsNullOrEmpty(downloadParameters.ArtifactName)) { downloadOptions = DownloadOptions.MultiDownload; } else { downloadOptions = DownloadOptions.SingleDownload; } context.Output(StringUtil.Loc("DownloadArtifactTo", targetPath)); await server.DownloadAsync(context, downloadParameters, downloadOptions, token); context.Output(StringUtil.Loc("DownloadArtifactFinished")); } protected virtual string GetArtifactName(AgentTaskPluginExecutionContext context) { return context.GetInput(ArtifactEventProperties.ArtifactName, required: true); } private string CreateDirectoryIfDoesntExist(string targetPath) { string fullPath = Path.GetFullPath(targetPath); bool dirExists = Directory.Exists(fullPath); if (!dirExists) { Directory.CreateDirectory(fullPath); } return fullPath; } private async Task GetpipelineIdAsync(AgentTaskPluginExecutionContext context, string buildPipelineDefinition, string buildVersionToDownload, string project, string[] tagFilters, string branchName = null) { var definitions = new List() { Int32.Parse(buildPipelineDefinition) }; VssConnection connection = context.VssConnection; BuildHttpClient buildHttpClient = connection.GetClient(); List list; if (buildVersionToDownload == "latest") { list = await buildHttpClient.GetBuildsAsync(project, definitions, tagFilters: tagFilters, queryOrder: BuildQueryOrder.FinishTimeDescending, resultFilter: BuildResult.Succeeded); } else if (buildVersionToDownload == "latestFromBranch") { list = await buildHttpClient.GetBuildsAsync(project, definitions, branchName: branchName, tagFilters: tagFilters, queryOrder: BuildQueryOrder.FinishTimeDescending, resultFilter: BuildResult.Succeeded); } else { throw new InvalidOperationException("Unreachable code!"); } if (list.Count > 0) { return list.First().Id; } else { throw new ArgumentException("No builds currently exist in the build definition supplied."); } } } public class DownloadPipelineArtifactTaskV1_1_0 : DownloadPipelineArtifactTaskV1 { protected override string TargetPath => "downloadPath"; protected override string PipelineId => "buildId"; protected override string GetArtifactName(AgentTaskPluginExecutionContext context) { return context.GetInput(ArtifactEventProperties.ArtifactName, required: false); } } public class DownloadPipelineArtifactTaskV1_1_1 : DownloadPipelineArtifactTaskV1 { protected override string GetArtifactName(AgentTaskPluginExecutionContext context) { return context.GetInput(ArtifactEventProperties.ArtifactName, required: false); } } // 1.1.2 is the same as 1.1.0 because we reverted 1.1.1 change. public class DownloadPipelineArtifactTaskV1_1_2 : DownloadPipelineArtifactTaskV1_1_0 { } // 1.1.3 is the same as 1.1.0 because we reverted 1.1.1 change and the minimum agent version. public class DownloadPipelineArtifactTaskV1_1_3 : DownloadPipelineArtifactTaskV1_1_0 { } } ================================================ FILE: src/Agent.Plugins/PipelineArtifact/PipelineArtifactPluginV2.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Plugins; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.Core.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Content.Common; using Microsoft.VisualStudio.Services.Content.Common.Tracing; namespace Agent.Plugins.PipelineArtifact { public abstract class PipelineArtifactTaskPluginBaseV2 : IAgentTaskPlugin { public abstract Guid Id { get; } protected virtual string DownloadPath => "path"; protected virtual string RunId => "runId"; protected IAppTraceSource tracer; public string Stage => "main"; public Task RunAsync(AgentTaskPluginExecutionContext context, CancellationToken token) { this.tracer = context.CreateArtifactsTracer(); return this.ProcessCommandInternalAsync(context, token); } protected abstract Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, CancellationToken token); // Properties set by tasks protected static class ArtifactEventProperties { public static readonly string SourceRun = "source"; public static readonly string Project = "project"; public static readonly string PipelineDefinition = "pipeline"; public static readonly string PipelineTriggering = "preferTriggeringPipeline"; public static readonly string PipelineVersionToDownload = "runVersion"; public static readonly string BranchName = "runBranch"; public static readonly string Tags = "tags"; public static readonly string AllowPartiallySucceededBuilds = "allowPartiallySucceededBuilds"; public static readonly string AllowFailedBuilds = "allowFailedBuilds"; public static readonly string AllowCanceledBuilds = "allowCanceledBuilds"; public static readonly string ArtifactName = "artifact"; public static readonly string ItemPattern = "patterns"; } } // Can be invoked from a build run or a release run should a build be set as the artifact. public class DownloadPipelineArtifactTaskV2_0_0 : PipelineArtifactTaskPluginBaseV2 { // Same as https://github.com/Microsoft/vsts-tasks/blob/master/Tasks/DownloadPipelineArtifactV1/task.json public override Guid Id => PipelineArtifactPluginConstants.DownloadPipelineArtifactTaskId; static readonly string sourceRunCurrent = "current"; static readonly string sourceRunSpecific = "specific"; static readonly string pipelineVersionToDownloadLatest = "latest"; static readonly string pipelineVersionToDownloadSpecific = "specific"; static readonly string pipelineVersionToDownloadLatestFromBranch = "latestFromBranch"; private const int MaxRetries = 3; protected override async Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, CancellationToken token) { ArgUtil.NotNull(context, nameof(context)); string artifactName = context.GetInput(ArtifactEventProperties.ArtifactName, required: false); string branchName = context.GetInput(ArtifactEventProperties.BranchName, required: false); string pipelineDefinition = context.GetInput(ArtifactEventProperties.PipelineDefinition, required: false); string sourceRun = context.GetInput(ArtifactEventProperties.SourceRun, required: true); string pipelineTriggering = context.GetInput(ArtifactEventProperties.PipelineTriggering, required: false); string pipelineVersionToDownload = context.GetInput(ArtifactEventProperties.PipelineVersionToDownload, required: false); string targetPath = context.GetInput(DownloadPath, required: true); string environmentBuildId = context.Variables.GetValueOrDefault(BuildVariables.BuildId)?.Value ?? string.Empty; // BuildID provided by environment. string itemPattern = context.GetInput(ArtifactEventProperties.ItemPattern, required: false); string projectName = context.GetInput(ArtifactEventProperties.Project, required: false); string tags = context.GetInput(ArtifactEventProperties.Tags, required: false); string allowPartiallySucceededBuilds = context.GetInput(ArtifactEventProperties.AllowPartiallySucceededBuilds, required: false); string allowFailedBuilds = context.GetInput(ArtifactEventProperties.AllowFailedBuilds, required: false); string allowCanceledBuilds = context.GetInput(ArtifactEventProperties.AllowCanceledBuilds, required: false); string userSpecifiedRunId = context.GetInput(RunId, required: false); string defaultWorkingDirectory = context.Variables.GetValueOrDefault("system.defaultworkingdirectory").Value; targetPath = Path.IsPathFullyQualified(targetPath) ? targetPath : Path.GetFullPath(Path.Combine(defaultWorkingDirectory, targetPath)); context.Debug($"TargetPath: {targetPath}"); bool onPrem = !String.Equals(context.Variables.GetValueOrDefault(WellKnownDistributedTaskVariables.ServerType)?.Value, "Hosted", StringComparison.OrdinalIgnoreCase); if (onPrem) { throw new InvalidOperationException(StringUtil.Loc("OnPremIsNotSupported")); } if (!PipelineArtifactPathHelper.IsValidArtifactName(artifactName)) { throw new ArgumentException(StringUtil.Loc("ArtifactNameIsNotValid", artifactName)); } context.Debug($"ArtifactName: {artifactName}"); // Empty input field "Matching pattern" must be recognised as default value '**' itemPattern = string.IsNullOrEmpty(itemPattern) ? "**" : itemPattern; string[] minimatchPatterns = itemPattern.Split( new[] { "\n" }, StringSplitOptions.RemoveEmptyEntries ); string[] tagsInput = tags.Split( new[] { "," }, StringSplitOptions.None ); if (!bool.TryParse(allowPartiallySucceededBuilds, out var allowPartiallySucceededBuildsBool)) { allowPartiallySucceededBuildsBool = false; } if (!bool.TryParse(allowFailedBuilds, out var allowFailedBuildsBool)) { allowFailedBuildsBool = false; } if (!bool.TryParse(allowCanceledBuilds, out var allowCanceledBuildsBool)) { allowCanceledBuildsBool = false; } var resultFilter = GetResultFilter(allowPartiallySucceededBuildsBool, allowFailedBuildsBool, allowCanceledBuildsBool); context.Debug($"BuildResult: {resultFilter.ToString()}"); PipelineArtifactServer server = new PipelineArtifactServer(tracer); ArtifactDownloadParameters downloadParameters; if (sourceRun == sourceRunCurrent) { context.Debug("Run: CurrentRun"); // TODO: use a constant for project id, which is currently defined in Microsoft.VisualStudio.Services.Agent.Constants.Variables.System.TeamProjectId (Ting) string projectIdStr = context.Variables.GetValueOrDefault("system.teamProjectId")?.Value; if (String.IsNullOrEmpty(projectIdStr)) { throw new ArgumentNullException(StringUtil.Loc("CannotBeNullOrEmpty"), "Project ID"); } Guid projectId = Guid.Parse(projectIdStr); ArgUtil.NotEmpty(projectId, nameof(projectId)); context.Debug($"ProjectId: {projectId.ToString()}"); int pipelineId = 0; if (int.TryParse(environmentBuildId, out pipelineId) && pipelineId != 0) { OutputBuildInfo(context, pipelineId); } else { string hostType = context.Variables.GetValueOrDefault("system.hosttype")?.Value; if (string.Equals(hostType, "Release", StringComparison.OrdinalIgnoreCase) || string.Equals(hostType, "DeploymentGroup", StringComparison.OrdinalIgnoreCase)) { throw new InvalidOperationException(StringUtil.Loc("BuildIdIsNotAvailable", hostType ?? string.Empty, hostType ?? string.Empty)); } else if (!string.Equals(hostType, "Build", StringComparison.OrdinalIgnoreCase)) { throw new InvalidOperationException(StringUtil.Loc("CannotDownloadFromCurrentEnvironment", hostType ?? string.Empty)); } else { // This should not happen since the build id comes from build environment. But a user may override that so we must be careful. throw new ArgumentException(StringUtil.Loc("BuildIdIsNotValid", environmentBuildId)); } } downloadParameters = new ArtifactDownloadParameters { ProjectRetrievalOptions = BuildArtifactRetrievalOptions.RetrieveByProjectId, ProjectId = projectId, PipelineId = pipelineId, ArtifactName = artifactName, TargetDirectory = targetPath, MinimatchFilters = minimatchPatterns, MinimatchFilterWithArtifactName = true }; } else if (sourceRun == sourceRunSpecific) { context.Debug("Run: Specific"); if (String.IsNullOrEmpty(projectName)) { throw new ArgumentNullException(StringUtil.Loc("CannotBeNullOrEmpty"), "Project Name"); } Guid projectId; bool isProjGuid = Guid.TryParse(projectName, out projectId); if (!isProjGuid) { projectId = await GetProjectIdAsync(context, projectName, token); } context.Debug($"ProjectId: {projectId.ToString()}"); // Set the default pipelineId to 0, which is an invalid build id and it has to be reassigned to a valid build id. int pipelineId = 0; bool pipelineTriggeringBool; if (bool.TryParse(pipelineTriggering, out pipelineTriggeringBool) && pipelineTriggeringBool) { context.Debug("TrigerringPipeline: true"); string hostType = context.Variables.GetValueOrDefault("system.hostType").Value; string triggeringPipeline = null; if (!string.IsNullOrWhiteSpace(hostType) && !hostType.Equals("build", StringComparison.OrdinalIgnoreCase)) // RM env. { context.Debug("Environment: Release"); var releaseAlias = context.Variables.GetValueOrDefault("release.triggeringartifact.alias")?.Value; var definitionIdTriggered = context.Variables.GetValueOrDefault("release.artifacts." + releaseAlias ?? string.Empty + ".definitionId")?.Value; if (!string.IsNullOrWhiteSpace(definitionIdTriggered) && definitionIdTriggered.Equals(pipelineDefinition, StringComparison.OrdinalIgnoreCase)) { triggeringPipeline = context.Variables.GetValueOrDefault("release.artifacts." + releaseAlias ?? string.Empty + ".buildId")?.Value; context.Debug($"TrigerringPipeline: {triggeringPipeline}"); } } else { context.Debug("Environment: Build"); var definitionIdTriggered = context.Variables.GetValueOrDefault("build.triggeredBy.definitionId")?.Value; if (!string.IsNullOrWhiteSpace(definitionIdTriggered) && definitionIdTriggered.Equals(pipelineDefinition, StringComparison.OrdinalIgnoreCase)) { triggeringPipeline = context.Variables.GetValueOrDefault("build.triggeredBy.buildId")?.Value; context.Debug($"TrigerringPipeline: {triggeringPipeline}"); } } if (!string.IsNullOrWhiteSpace(triggeringPipeline)) { pipelineId = int.Parse(triggeringPipeline); } context.Debug($"PipelineId from trigerringBuild: {pipelineId}"); } if (pipelineId == 0) { context.Debug($"PipelineVersionToDownload: {pipelineVersionToDownload}"); if (pipelineVersionToDownload == pipelineVersionToDownloadLatest) { pipelineId = await this.GetPipelineIdAsync(context, pipelineDefinition, pipelineVersionToDownload, projectId.ToString(), tagsInput, resultFilter, null, cancellationToken: token); } else if (pipelineVersionToDownload == pipelineVersionToDownloadSpecific) { bool isPipelineIdNum = Int32.TryParse(userSpecifiedRunId, out pipelineId); if (!isPipelineIdNum) { throw new ArgumentException(StringUtil.Loc("RunIDNotValid", userSpecifiedRunId)); } } else if (pipelineVersionToDownload == pipelineVersionToDownloadLatestFromBranch) { pipelineId = await this.GetPipelineIdAsync(context, pipelineDefinition, pipelineVersionToDownload, projectId.ToString(), tagsInput, resultFilter, branchName, cancellationToken: token); } else { throw new InvalidOperationException("Unreachable code!"); } context.Debug($"PipelineId from non-trigerringBuild: {pipelineId}"); } OutputBuildInfo(context, pipelineId); downloadParameters = new ArtifactDownloadParameters { ProjectRetrievalOptions = BuildArtifactRetrievalOptions.RetrieveByProjectName, ProjectName = projectName, ProjectId = projectId, PipelineId = pipelineId, ArtifactName = artifactName, TargetDirectory = targetPath, MinimatchFilters = minimatchPatterns, MinimatchFilterWithArtifactName = true }; } else { throw new InvalidOperationException($"Build type '{sourceRun}' is not recognized."); } string fullPath = this.CreateDirectoryIfDoesntExist(targetPath); DownloadOptions downloadOptions; if (string.IsNullOrEmpty(downloadParameters.ArtifactName)) { downloadOptions = DownloadOptions.MultiDownload; } else { downloadOptions = DownloadOptions.SingleDownload; } context.Output(StringUtil.Loc("DownloadArtifactTo", targetPath)); await server.DownloadAsyncV2(context, downloadParameters, downloadOptions, token); context.Output(StringUtil.Loc("DownloadArtifactFinished")); } protected virtual string GetArtifactName(AgentTaskPluginExecutionContext context) { return context.GetInput(ArtifactEventProperties.ArtifactName, required: true); } private string CreateDirectoryIfDoesntExist(string targetPath) { string fullPath = Path.GetFullPath(targetPath); bool dirExists = Directory.Exists(fullPath); if (!dirExists) { Directory.CreateDirectory(fullPath); } return fullPath; } private async Task GetPipelineIdAsync( AgentTaskPluginExecutionContext context, string pipelineDefinition, string pipelineVersionToDownload, string project, string[] tagFilters, BuildResult resultFilter = BuildResult.Succeeded, string branchName = null, CancellationToken cancellationToken = default(CancellationToken)) { if (String.IsNullOrWhiteSpace(pipelineDefinition)) { throw new InvalidOperationException(StringUtil.Loc("CannotBeNullOrEmpty", "Pipeline Definition")); } VssConnection connection = context.VssConnection; BuildHttpClient buildHttpClient = connection.GetClient(); var isDefinitionNum = Int32.TryParse(pipelineDefinition, out int definition); if (!isDefinitionNum) { var definitionReferencesWithName = await AsyncHttpRetryHelper.InvokeAsync( async () => await buildHttpClient.GetDefinitionsAsync(new Guid(project), pipelineDefinition, cancellationToken: cancellationToken), maxRetries: MaxRetries, tracer: tracer, context: "GetBuildDefinitionReferencesByName", cancellationToken: cancellationToken, continueOnCapturedContext: false); var definitionRef = definitionReferencesWithName.FirstOrDefault(); if (definitionRef == null) { throw new ArgumentException(StringUtil.Loc("PipelineDoesNotExist", pipelineDefinition)); } else { definition = definitionRef.Id; } } var definitions = new List() { definition }; List list; if (pipelineVersionToDownload == pipelineVersionToDownloadLatest) { list = await AsyncHttpRetryHelper.InvokeAsync( async () => await buildHttpClient.GetBuildsAsync( project, definitions, tagFilters: tagFilters, queryOrder: BuildQueryOrder.FinishTimeDescending, resultFilter: resultFilter, cancellationToken: cancellationToken), maxRetries: MaxRetries, tracer: tracer, context: "GetLatestBuild", cancellationToken: cancellationToken, continueOnCapturedContext: false); } else if (pipelineVersionToDownload == pipelineVersionToDownloadLatestFromBranch) { list = await AsyncHttpRetryHelper.InvokeAsync( async () => await buildHttpClient.GetBuildsAsync( project, definitions, branchName: branchName, tagFilters: tagFilters, queryOrder: BuildQueryOrder.FinishTimeDescending, resultFilter: resultFilter, cancellationToken: cancellationToken), maxRetries: MaxRetries, tracer: tracer, context: "GetLatestBuildFromBranch", cancellationToken: cancellationToken, continueOnCapturedContext: false); } else { throw new InvalidOperationException("Unreachable code!"); } if (list.Count > 0) { return list.First().Id; } else { throw new ArgumentException(StringUtil.Loc("BuildsDoesNotExist")); } } private BuildResult GetResultFilter(bool allowPartiallySucceededBuilds, bool allowFailedBuilds, bool allowCanceledBuilds) { var result = BuildResult.Succeeded; if (allowPartiallySucceededBuilds) { result |= BuildResult.PartiallySucceeded; } if (allowFailedBuilds) { result |= BuildResult.Failed; } if (allowCanceledBuilds) { result |= BuildResult.Canceled; } return result; } private async Task GetProjectIdAsync(AgentTaskPluginExecutionContext context, string projectName, CancellationToken cancellationToken) { VssConnection connection = context.VssConnection; var projectClient = connection.GetClient(); try { TeamProject project = await AsyncHttpRetryHelper.InvokeAsync( async () => await projectClient.GetProject(projectName), maxRetries: MaxRetries, tracer: tracer, context: "GetProjectByName", cancellationToken: cancellationToken, continueOnCapturedContext: false); return project.Id; } catch (Exception ex) { throw new ArgumentException("Get project failed for project: " + projectName, ex); } } private void OutputBuildInfo(AgentTaskPluginExecutionContext context, int? pipelineId) { context.Output(StringUtil.Loc("DownloadingFromBuild", pipelineId)); // populate output variable 'BuildNumber' with buildId context.SetVariable("BuildNumber", pipelineId.ToString()); } } } ================================================ FILE: src/Agent.Plugins/PipelineArtifact/Telemetry/FileShareActionRecord.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using Agent.Sdk; using Microsoft.VisualStudio.Services.Content.Common.Telemetry; namespace Agent.Plugins.PipelineArtifact.Telemetry { /// /// Generic telemetry record for use with FileShare Artifact events. /// [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA1501: Avoid excessive inheritance")] public class FileShareActionRecord : PipelineArtifactActionRecord { public int TotalFile { get; private set; } public long TotalContentSize { get; private set; } public long TimeLapse { get; private set; } public int ExitCode { get; private set; } public IList ArtifactRecords { get; private set; } public FileShareActionRecord(TelemetryInformationLevel level, Uri baseAddress, string eventNamePrefix, string eventNameSuffix, AgentTaskPluginExecutionContext context, uint attemptNumber = 1) : base(level, baseAddress, eventNamePrefix, eventNameSuffix, context, attemptNumber) { } protected override void SetMeasuredActionResult(T value) { if (value is FileSharePublishResult) { FileSharePublishResult result = value as FileSharePublishResult; ExitCode = result.ExitCode; } if (value is FileShareDownloadResult) { FileShareDownloadResult result = value as FileShareDownloadResult; TotalFile = result.FileCount; TotalContentSize = result.ContentSize; this.ArtifactRecords = result.ArtifactRecords; } } } public sealed class FileSharePublishResult { public int ExitCode { get; private set; } public FileSharePublishResult(int exitCode) { this.ExitCode = exitCode; } } public sealed class FileShareDownloadResult { public int FileCount { get; private set; } public long ContentSize { get; private set; } public IList ArtifactRecords { get; private set; } public FileShareDownloadResult(IList records, int fileCount, long contentSize) { this.FileCount = fileCount; this.ContentSize = contentSize; this.ArtifactRecords = records; } } public sealed class ArtifactRecord { public string ArtifactName { get; private set; } public int FileCount { get; private set; } public long ContentSize { get; private set; } public long TimeLapse { get; private set; } public ArtifactRecord(string artifactName, int fileCount, long contentSize, long timeLapse) { this.ArtifactName = artifactName; this.FileCount = fileCount; this.ContentSize = contentSize; this.TimeLapse = timeLapse; } } } ================================================ FILE: src/Agent.Plugins/PipelineArtifact/Telemetry/PipelineArtifactActionRecord.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Blob; using Microsoft.VisualStudio.Services.Content.Common.Telemetry; using Microsoft.VisualStudio.Services.BlobStore.WebApi; namespace Agent.Plugins.PipelineArtifact.Telemetry { /// /// Generic telemetry record for use with Pipeline Artifact events. /// public class PipelineArtifactActionRecord : PipelineTelemetryRecord { public long FileCount { get; private set; } public PipelineArtifactActionRecord(TelemetryInformationLevel level, Uri baseAddress, string eventNamePrefix, string eventNameSuffix, AgentTaskPluginExecutionContext context, uint attemptNumber = 1) : base(level, baseAddress, eventNamePrefix, eventNameSuffix, context, attemptNumber) { } protected override void SetMeasuredActionResult(T value) { if (value is PublishResult) { PublishResult result = value as PublishResult; FileCount = result.FileCount; } } } } ================================================ FILE: src/Agent.Plugins/PipelineCache/FingerprintCreator.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using BuildXL.Cache.ContentStore.Interfaces.Utils; using Microsoft.VisualStudio.Services.PipelineCache.WebApi; using Minimatch; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Security.Cryptography; using System.Text; [assembly: InternalsVisibleTo("Test")] namespace Agent.Plugins.PipelineCache { public static class FingerprintCreator { private static readonly bool isWindows = RuntimeInformation.IsOSPlatform(OSPlatform.Windows); private static readonly bool isCaseSensitive = RuntimeInformation.IsOSPlatform(OSPlatform.Linux); // https://github.com/Microsoft/azure-pipelines-task-lib/blob/master/node/docs/findingfiles.md#matchoptions private static readonly Options minimatchOptions = new Options { Dot = true, NoBrace = true, NoCase = !isCaseSensitive, AllowWindowsPaths = isWindows, }; private static readonly char[] GlobChars = new[] { '*', '?', '[', ']' }; private const char ForceStringLiteral = '"'; private static bool IsPathyChar(char c) { if (GlobChars.Contains(c)) return true; if (c == Path.DirectorySeparatorChar) return true; if (c == Path.AltDirectorySeparatorChar) return true; if (c == Path.VolumeSeparatorChar) return true; return !Path.GetInvalidFileNameChars().Contains(c); } internal static bool IsPathyKeySegment(string keySegment) { if (keySegment.First() == ForceStringLiteral && keySegment.Last() == ForceStringLiteral) return false; if (keySegment.Any(c => !IsPathyChar(c))) return false; if (!keySegment.Contains(".") && !keySegment.Contains(Path.DirectorySeparatorChar) && !keySegment.Contains(Path.AltDirectorySeparatorChar)) return false; if (keySegment.Last() == '.') return false; return true; } internal static Func CreateMinimatchFilter(AgentTaskPluginExecutionContext context, string rule, bool invert) { Func filter = Minimatcher.CreateFilter(rule, minimatchOptions); Func tracedFilter = (path) => { bool filterResult = filter(path); context.Verbose($"Path `{path}` is {(filterResult ? "" : "not ")}{(invert ? "excluded" : "included")} because of pattern `{(invert ? "!" : "")}{rule}`."); return invert ^ filterResult; }; return tracedFilter; } internal static string MakePathCanonical(string defaultWorkingDirectory, string path) { // Normalize to some extent, let minimatch worry about casing if (Path.IsPathFullyQualified(path)) { return Path.GetFullPath(path); } else { return Path.GetFullPath(path, defaultWorkingDirectory); } } internal static Func CreateFilter( AgentTaskPluginExecutionContext context, IEnumerable includeRules, IEnumerable excludeRules) { Func[] includeFilters = includeRules.Select(includeRule => CreateMinimatchFilter(context, includeRule, invert: false)).ToArray(); Func[] excludeFilters = excludeRules.Select(excludeRule => CreateMinimatchFilter(context, excludeRule, invert: true)).ToArray(); Func filter = (path) => includeFilters.Any(f => f(path)) && excludeFilters.All(f => f(path)); return filter; } internal struct Enumeration { public string RootPath; public string Pattern; public SearchOption Depth; } internal class MatchedFile { private static readonly SHA256 s_sha256 = SHA256.Create(); public MatchedFile(string displayPath, long fileLength, string hash) { this.DisplayPath = displayPath; this.FileLength = fileLength; this.Hash = hash; } public MatchedFile(string displayPath, FileStream fs) : this(displayPath, fs.Length, s_sha256.ComputeHash(fs).ToHex()) { } public string DisplayPath; public long FileLength; public string Hash; public string GetHash() { return MatchedFile.GenerateHash(new[] { this }); } public static string GenerateHash(IEnumerable matches) { string s = matches.Aggregate(new StringBuilder(), (sb, file) => sb.Append($"\nSHA256({file.DisplayPath})=[{file.FileLength}]{file.Hash}"), sb => sb.ToString()); return Convert.ToBase64String(s_sha256.ComputeHash(Encoding.UTF8.GetBytes(s))); } } internal enum KeySegmentType { String = 0, FilePath = 1, FilePattern = 2 } // Given a globby path, figure out where to start enumerating. // Room for optimization here e.g. // includeGlobPath = /dir/*foo* // should map to // enumerateRootPath = /dir/ // enumeratePattern = *foo* // enumerateDepth = SearchOption.TopDirectoryOnly // // It's ok to come up with a file-enumeration that includes too much as the glob filter // will filter out the extra, but it's not ok to include too little in the enumeration. internal static Enumeration DetermineFileEnumerationFromGlob(string includeGlobPathAbsolute) { int firstGlob = includeGlobPathAbsolute.IndexOfAny(GlobChars); bool hasRecursive = includeGlobPathAbsolute.Contains("**", StringComparison.Ordinal); // no globbing if (firstGlob < 0) { return new Enumeration() { RootPath = Path.GetDirectoryName(includeGlobPathAbsolute), Pattern = Path.GetFileName(includeGlobPathAbsolute), Depth = SearchOption.TopDirectoryOnly }; } else { int rootDirLength = includeGlobPathAbsolute.Substring(0, firstGlob).LastIndexOfAny(new[] { Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar }); return new Enumeration() { RootPath = includeGlobPathAbsolute.Substring(0, rootDirLength), Pattern = "*", Depth = hasRecursive ? SearchOption.AllDirectories : SearchOption.TopDirectoryOnly }; } } internal static void CheckKeySegment(string keySegment) { if (keySegment.Equals("*", StringComparison.Ordinal)) { throw new ArgumentException("`*` is a reserved key segment. For path glob, use `./*`."); } else if (keySegment.Equals(Fingerprint.Wildcard, StringComparison.Ordinal)) { throw new ArgumentException("`**` is a reserved key segment. For path glob, use `./**`."); } else if (keySegment.First() == '\'') { throw new ArgumentException("A key segment cannot start with a single-quote character`."); } else if (keySegment.First() == '`') { throw new ArgumentException("A key segment cannot start with a backtick character`."); } } public static Fingerprint EvaluateKeyToFingerprint( AgentTaskPluginExecutionContext context, string filePathRoot, IEnumerable keySegments) { // Quickly validate all segments foreach (string keySegment in keySegments) { CheckKeySegment(keySegment); } string defaultWorkingDirectory = context.Variables.GetValueOrDefault( "system.defaultworkingdirectory" // Constants.Variables.System.DefaultWorkingDirectory )?.Value; var resolvedSegments = new List(); var exceptions = new List(); Action LogKeySegment = (segment, type, details) => { Func FormatForDisplay = (value, displayLength) => { if (value.Length > displayLength) { value = value.Substring(0, displayLength - 3) + "..."; } return value.PadRight(displayLength); }; string formattedSegment = FormatForDisplay(segment, Math.Min(keySegments.Select(s => s.Length).Max(), 50)); if (type == KeySegmentType.String) { context.Output($" - {formattedSegment} [string]"); } else { var matches = (details as MatchedFile[]) ?? new MatchedFile[0]; if (type == KeySegmentType.FilePath) { string fileHash = matches.Length > 0 ? matches[0].Hash : null; context.Output($" - {formattedSegment} [file] {(!string.IsNullOrWhiteSpace(fileHash) ? $"--> {fileHash}" : "(not found)")}"); } else if (type == KeySegmentType.FilePattern) { context.Output($" - {formattedSegment} [file pattern; matches: {matches.Length}]"); if (matches.Any()) { int filePathDisplayLength = Math.Min(matches.Select(mf => mf.DisplayPath.Length).Max(), 70); foreach (var match in matches) { context.Output($" - {FormatForDisplay(match.DisplayPath, filePathDisplayLength)} --> {match.Hash}"); } } } } }; foreach (string keySegment in keySegments) { if (!IsPathyKeySegment(keySegment)) { LogKeySegment(keySegment, KeySegmentType.String, null); resolvedSegments.Add(keySegment); } else { string[] pathRules = keySegment.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(s => s.Trim()).ToArray(); string[] includeRules = pathRules.Where(p => !p.StartsWith('!')).ToArray(); if (!includeRules.Any()) { throw new ArgumentException("No include rules specified."); } var enumerations = new Dictionary>(); foreach (string includeRule in includeRules) { string absoluteRootRule = MakePathCanonical(defaultWorkingDirectory, includeRule); context.Verbose($"Expanded include rule is `{absoluteRootRule}`."); Enumeration enumeration = DetermineFileEnumerationFromGlob(absoluteRootRule); List globs; if (!enumerations.TryGetValue(enumeration, out globs)) { enumerations[enumeration] = globs = new List(); } globs.Add(absoluteRootRule); } string[] excludeRules = pathRules.Where(p => p.StartsWith('!')).ToArray(); string[] absoluteExcludeRules = excludeRules.Select(excludeRule => { excludeRule = excludeRule.Substring(1); return MakePathCanonical(defaultWorkingDirectory, excludeRule); }).ToArray(); var matchedFiles = new SortedDictionary(StringComparer.Ordinal); foreach (var kvp in enumerations) { Enumeration enumerate = kvp.Key; List absoluteIncludeGlobs = kvp.Value; context.Verbose($"Enumerating starting at root `{enumerate.RootPath}` with pattern `{enumerate.Pattern}` and depth `{enumerate.Depth}`."); IEnumerable files = Directory.EnumerateFiles(enumerate.RootPath, enumerate.Pattern, enumerate.Depth); Func filter = CreateFilter(context, absoluteIncludeGlobs, absoluteExcludeRules); files = files.Where(f => filter(f)).Distinct(); foreach (string path in files) { using (var fs = new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.Read)) { // Path.GetRelativePath returns 'The relative path, or path if the paths don't share the same root.' string displayPath = filePathRoot == null ? path : Path.GetRelativePath(filePathRoot, path); matchedFiles.Add(path, new MatchedFile(displayPath, fs)); } } } var patternSegment = keySegment.IndexOfAny(GlobChars) >= 0 || matchedFiles.Count() > 1; var displayKeySegment = keySegment; if (context.Container != null) { displayKeySegment = context.Container.TranslateToContainerPath(displayKeySegment); } LogKeySegment(displayKeySegment, patternSegment ? KeySegmentType.FilePattern : KeySegmentType.FilePath, matchedFiles.Values.ToArray()); if (!matchedFiles.Any()) { if (patternSegment) { exceptions.Add(new FileNotFoundException($"No matching files found for pattern: {displayKeySegment}")); } else { exceptions.Add(new FileNotFoundException($"File not found: {displayKeySegment}")); } } resolvedSegments.Add(MatchedFile.GenerateHash(matchedFiles.Values)); } } if (exceptions.Any()) { throw new AggregateException(exceptions); } return new Fingerprint() { Segments = resolvedSegments.ToArray() }; } } } ================================================ FILE: src/Agent.Plugins/PipelineCache/PipelineCachePluginConstants.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Agent.Plugins.PipelineCache { public static class PipelineCachePluginConstants { public static readonly Guid CacheTaskId = new Guid("D53CCAB4-555E-4494-9D06-11DB043FB4A9"); } } ================================================ FILE: src/Agent.Plugins/PipelineCache/PipelineCacheServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using Agent.Plugins.PipelineArtifact; using Agent.Plugins.PipelineCache.Telemetry; using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Blob; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.VisualStudio.Services.BlobStore.Common.Telemetry; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.Content.Common; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.PipelineCache.WebApi; using Microsoft.VisualStudio.Services.WebApi; using JsonSerializer = Microsoft.VisualStudio.Services.Content.Common.JsonSerializer; using Microsoft.VisualStudio.Services.BlobStore.Common; using Microsoft.VisualStudio.Services.Agent.Util; using Agent.Sdk.Knob; namespace Agent.Plugins.PipelineCache { public class PipelineCacheServer { private readonly IAppTraceSource tracer; public PipelineCacheServer(AgentTaskPluginExecutionContext context) { this.tracer = context.CreateArtifactsTracer(); } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1068: CancellationToken parameters must come last")] internal async Task UploadAsync( AgentTaskPluginExecutionContext context, Fingerprint fingerprint, string path, CancellationToken cancellationToken, ContentFormat contentFormat) { VssConnection connection = context.VssConnection; var clientSettings = await BlobstoreClientSettings.GetClientSettingsAsync( connection, Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts.Client.PipelineCache, tracer, cancellationToken); // Check if the pipeline has an override domain set, if not, use the default domain from the client settings. string overrideDomain = AgentKnobs.SendPipelineCacheToBlobstoreDomain.GetValue(context).AsString(); IDomainId domainId = String.IsNullOrWhiteSpace(overrideDomain) ? clientSettings.GetDefaultDomainId() : DomainIdFactory.Create(overrideDomain); var (dedupManifestClient, clientTelemetry) = DedupManifestArtifactClientFactory.Instance .CreateDedupManifestClient( context.IsSystemDebugTrue(), (str) => context.Output(str), connection, domainId, clientSettings, context, cancellationToken); // Cache metadata is stored in artifacts, which doesn't have a domain concept, // so we can find the correct metadata even if the domain is overridden. PipelineCacheClient pipelineCacheClient = await this.CreateClientWithRetryAsync(clientTelemetry, context, connection, cancellationToken); using (clientTelemetry) { // Check if the key exists. PipelineCacheActionRecord cacheRecordGet = clientTelemetry.CreateRecord((level, uri, type) => new PipelineCacheActionRecord(level, uri, type, PipelineArtifactConstants.RestoreCache, context)); PipelineCacheArtifact getResult = await pipelineCacheClient.GetPipelineCacheArtifactAsync(new[] { fingerprint }, cancellationToken, cacheRecordGet); // Send results to CustomerIntelligence context.PublishTelemetry(area: PipelineArtifactConstants.AzurePipelinesAgent, feature: PipelineArtifactConstants.PipelineCache, record: cacheRecordGet); //If cache exists, return. if (getResult != null) { context.Output($"Cache with fingerprint `{getResult.Fingerprint}` already exists."); return; } string uploadPath = await this.GetUploadPathAsync(contentFormat, context, path, cancellationToken); //Upload the pipeline artifact. PipelineCacheActionRecord uploadRecord = clientTelemetry.CreateRecord((level, uri, type) => new PipelineCacheActionRecord(level, uri, type, nameof(dedupManifestClient.PublishAsync), context)); PublishResult result = await clientTelemetry.MeasureActionAsync( record: uploadRecord, actionAsync: async () => await AsyncHttpRetryHelper.InvokeAsync( async () => { return await dedupManifestClient.PublishAsync(uploadPath, cancellationToken); }, maxRetries: 3, tracer: tracer, canRetryDelegate: e => true, // this isn't great, but failing on upload stinks, so just try a couple of times cancellationToken: cancellationToken, continueOnCapturedContext: false) ); CreatePipelineCacheArtifactContract options = new CreatePipelineCacheArtifactContract { Fingerprint = fingerprint, RootId = result.RootId, ManifestId = result.ManifestId, ProofNodes = result.ProofNodes.ToArray(), ContentFormat = contentFormat.ToString(), DomainId = domainId.Serialize(), }; // delete archive file if it's tar. if (contentFormat == ContentFormat.SingleTar) { try { if (File.Exists(uploadPath)) { try { await IOUtil.DeleteFileWithRetry(uploadPath, cancellationToken); } catch (Exception ex) { tracer.Warn($"Unable to delete pipeline cache file, ex:{ex.GetType()}"); throw; } } } catch { } } // Try to cache the artifact PipelineCacheActionRecord cacheRecord = clientTelemetry.CreateRecord( (level, uri, type) => new PipelineCacheActionRecord( level, uri, type, PipelineArtifactConstants.SaveCache, context)); try { _ = await pipelineCacheClient.CreatePipelineCacheArtifactAsync( options, cancellationToken, cacheRecord); } catch { context.Output($"Failed to cache item."); } // Send results to CustomerIntelligence context.PublishTelemetry( area: PipelineArtifactConstants.AzurePipelinesAgent, feature: PipelineArtifactConstants.PipelineCache, record: uploadRecord); context.PublishTelemetry( area: PipelineArtifactConstants.AzurePipelinesAgent, feature: PipelineArtifactConstants.PipelineCache, record: cacheRecord); context.Output("Saved item."); } } internal async Task DownloadAsync( AgentTaskPluginExecutionContext context, Fingerprint[] fingerprints, string path, string cacheHitVariable, CancellationToken cancellationToken) { VssConnection connection = context.VssConnection; // create the client telemetry object separately since we don't know the domain yet. var clientTelemetry = new BlobStoreClientTelemetry(tracer, connection.GetClient().BaseAddress); PipelineCacheClient pipelineCacheClient = await this.CreateClientWithRetryAsync(clientTelemetry, context, connection, cancellationToken); using (clientTelemetry) { PipelineCacheActionRecord cacheRecord = clientTelemetry.CreateRecord((level, uri, type) => new PipelineCacheActionRecord(level, uri, type, PipelineArtifactConstants.RestoreCache, context)); PipelineCacheArtifact result = null; try { result = await pipelineCacheClient.GetPipelineCacheArtifactAsync( fingerprints, cancellationToken, cacheRecord); } catch { context.Output($"Failed to get cached item."); } // Send results to CustomerIntelligence context.PublishTelemetry( area: PipelineArtifactConstants.AzurePipelinesAgent, feature: PipelineArtifactConstants.PipelineCache, record: cacheRecord); if (result != null) { context.Output($"Entry found at fingerprint: `{result.Fingerprint.ToString()}`"); context.Verbose($"Manifest ID is: {result.ManifestId.ValueString}"); // if the cache artifact doesn't have a domain id, use the default domain for backward compatibility IDomainId domainId = WellKnownDomainIds.DefaultDomainId; if (String.IsNullOrEmpty(result.DomainId)) { context.Output($"No Domain specified, using default domain: `{domainId.Serialize()}`"); } else { context.Output($"Retrieving entry from domain: `{result.DomainId}`"); domainId = DomainIdFactory.Create(result.DomainId); } // now that we know the domainId, we can create the dedup manifest client var (dedupManifestClient, _) = await DedupManifestArtifactClientFactory.Instance .CreateDedupManifestClientAsync( context.IsSystemDebugTrue(), (str) => context.Output(str), connection, domainId, Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts.Client.PipelineCache, context, cancellationToken); PipelineCacheActionRecord downloadRecord = clientTelemetry.CreateRecord((level, uri, type) => new PipelineCacheActionRecord(level, uri, type, nameof(DownloadAsync), context)); await clientTelemetry.MeasureActionAsync( record: downloadRecord, actionAsync: async () => { await this.DownloadPipelineCacheAsync(context, dedupManifestClient, result.ManifestId, path, Enum.Parse(result.ContentFormat), cancellationToken); }); // Send results to CustomerIntelligence context.PublishTelemetry(area: PipelineArtifactConstants.AzurePipelinesAgent, feature: PipelineArtifactConstants.PipelineCache, record: downloadRecord); context.Output("Cache restored."); } if (!string.IsNullOrEmpty(cacheHitVariable)) { if (result == null) { context.SetVariable(cacheHitVariable, "false"); } else { context.Verbose($"Exact fingerprint: `{result.Fingerprint.ToString()}`"); bool foundExact = false; foreach (var fingerprint in fingerprints) { context.Verbose($"This fingerprint: `{fingerprint.ToString()}`"); if (fingerprint == result.Fingerprint || result.Fingerprint.Segments.Length == 1 && result.Fingerprint.Segments.Single() == fingerprint.SummarizeForV1()) { foundExact = true; break; } } context.SetVariable(cacheHitVariable, foundExact ? "true" : "inexact"); } } } } private Task CreateClientWithRetryAsync( BlobStoreClientTelemetry blobStoreClientTelemetry, AgentTaskPluginExecutionContext context, VssConnection connection, CancellationToken cancellationToken) { // this uses location service so needs http retries. return AsyncHttpRetryHelper.InvokeAsync( async () => await this.CreateClientAsync(blobStoreClientTelemetry, context, connection), maxRetries: 3, tracer: tracer, canRetryDelegate: e => true, // this isn't great, but failing on upload stinks, so just try a couple of times cancellationToken: cancellationToken, continueOnCapturedContext: false); } private async Task CreateClientAsync( BlobStoreClientTelemetry blobStoreClientTelemetry, AgentTaskPluginExecutionContext context, VssConnection connection) { var tracer = context.CreateArtifactsTracer(); IClock clock = UtcClock.Instance; var pipelineCacheHttpClient = await connection.GetClientAsync(); var pipelineCacheClient = new PipelineCacheClient(blobStoreClientTelemetry, pipelineCacheHttpClient, clock, tracer); return pipelineCacheClient; } private async Task GetUploadPathAsync(ContentFormat contentFormat, AgentTaskPluginExecutionContext context, string path, CancellationToken cancellationToken) { string uploadPath = path; if (contentFormat == ContentFormat.SingleTar) { uploadPath = await TarUtils.ArchiveFilesToTarAsync(context, path, cancellationToken); } return uploadPath; } private async Task DownloadPipelineCacheAsync( AgentTaskPluginExecutionContext context, DedupManifestArtifactClient dedupManifestClient, DedupIdentifier manifestId, string targetDirectory, ContentFormat contentFormat, CancellationToken cancellationToken) { if (contentFormat == ContentFormat.SingleTar) { string manifestPath = Path.Combine(Path.GetTempPath(), $"{nameof(DedupManifestArtifactClient)}.{Path.GetRandomFileName()}.manifest"); await AsyncHttpRetryHelper.InvokeVoidAsync( async () => { await dedupManifestClient.DownloadFileToPathAsync(manifestId, manifestPath, proxyUri: null, cancellationToken: cancellationToken); }, maxRetries: 3, tracer: tracer, canRetryDelegate: e => true, context: nameof(DownloadPipelineCacheAsync), cancellationToken: cancellationToken, continueOnCapturedContext: false); Manifest manifest = JsonSerializer.Deserialize(File.ReadAllText(manifestPath)); await TarUtils.DownloadAndExtractTarAsync(context, manifest, dedupManifestClient, targetDirectory, cancellationToken); try { if (File.Exists(manifestPath)) { try { await IOUtil.DeleteFileWithRetry(manifestPath, cancellationToken); } catch (Exception ex) { tracer.Warn($"Unable to delete manifest file, ex:{ex.GetType()}"); throw; } } } catch { } } else { DownloadDedupManifestArtifactOptions options = DownloadDedupManifestArtifactOptions.CreateWithManifestId( manifestId, targetDirectory, proxyUri: null, minimatchPatterns: null); await AsyncHttpRetryHelper.InvokeVoidAsync( async () => { await dedupManifestClient.DownloadAsync(options, cancellationToken); }, maxRetries: 3, tracer: tracer, canRetryDelegate: e => true, context: nameof(DownloadPipelineCacheAsync), cancellationToken: cancellationToken, continueOnCapturedContext: false); } } } } ================================================ FILE: src/Agent.Plugins/PipelineCache/PipelineCacheTaskPluginBase.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.PipelineCache.WebApi; namespace Agent.Plugins.PipelineCache { public enum ContentFormat { SingleTar, Files } public abstract class PipelineCacheTaskPluginBase : IAgentTaskPlugin { protected const string RestoreStepRanVariableName = "RESTORE_STEP_RAN"; protected const string RestoreStepRanVariableValue = "true"; private const string SaltVariableName = "AZP_CACHING_SALT"; private const string OldKeyFormatMessage = "'key' format is changing to a single line: https://aka.ms/pipeline-caching-docs"; protected const string ContentFormatVariableName = "AZP_CACHING_CONTENT_FORMAT"; public Guid Id => PipelineCachePluginConstants.CacheTaskId; public abstract String Stage { get; } public const string ResolvedFingerPrintVariableName = "RESTORE_STEP_RESOLVED_FINGERPRINT"; internal static (bool isOldFormat, string[] keySegments, IEnumerable restoreKeys) ParseIntoSegments(string salt, string key, string restoreKeysBlock) { Func splitAcrossPipes = (s) => { var segments = s.Split(new[] { '|' }, StringSplitOptions.RemoveEmptyEntries).Select(segment => segment.Trim()); if (!string.IsNullOrWhiteSpace(salt)) { segments = (new[] { $"{SaltVariableName}={salt}" }).Concat(segments); } return segments.ToArray(); }; Func splitAcrossNewlines = (s) => s.Replace("\r\n", "\n") //normalize newlines .Split(new[] { '\n' }, StringSplitOptions.RemoveEmptyEntries) .Select(line => line.Trim()) .ToArray(); string[] keySegments; bool isOldFormat = key.Contains('\n'); IEnumerable restoreKeys; bool hasRestoreKeys = !string.IsNullOrWhiteSpace(restoreKeysBlock); if (isOldFormat && hasRestoreKeys) { throw new ArgumentException(OldKeyFormatMessage); } if (isOldFormat) { keySegments = splitAcrossNewlines(key); } else { keySegments = splitAcrossPipes(key); } if (hasRestoreKeys) { restoreKeys = splitAcrossNewlines(restoreKeysBlock).Select(restoreKey => splitAcrossPipes(restoreKey)); } else { restoreKeys = Enumerable.Empty(); } return (isOldFormat, keySegments, restoreKeys); } public async virtual Task RunAsync(AgentTaskPluginExecutionContext context, CancellationToken token) { ArgUtil.NotNull(context, nameof(context)); VariableValue saltValue = context.Variables.GetValueOrDefault(SaltVariableName); string salt = saltValue?.Value ?? string.Empty; VariableValue workspaceRootValue = context.Variables.GetValueOrDefault("pipeline.workspace"); string workspaceRoot = workspaceRootValue?.Value; string key = context.GetInput(PipelineCacheTaskPluginConstants.Key, required: true); string restoreKeysBlock = context.GetInput(PipelineCacheTaskPluginConstants.RestoreKeys, required: false); (bool isOldFormat, string[] keySegments, IEnumerable restoreKeys) = ParseIntoSegments(salt, key, restoreKeysBlock); if (isOldFormat) { context.Warning(OldKeyFormatMessage); } context.Output("Resolving key:"); Fingerprint keyFp = FingerprintCreator.EvaluateKeyToFingerprint(context, workspaceRoot, keySegments); context.Output($"Resolved to: {keyFp}"); Func restoreKeysGenerator = () => restoreKeys.Select(restoreKey => { context.Output("Resolving restore key:"); Fingerprint f = FingerprintCreator.EvaluateKeyToFingerprint(context, workspaceRoot, restoreKey); f.Segments = f.Segments.Concat(new[] { Fingerprint.Wildcard }).ToArray(); context.Output($"Resolved to: {f}"); return f; }).ToArray(); // TODO: Translate path from container to host (Ting) string path = context.GetInput(PipelineCacheTaskPluginConstants.Path, required: true); await ProcessCommandInternalAsync( context, keyFp, restoreKeysGenerator, path, token); } // Process the command with preprocessed arguments. protected abstract Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, Fingerprint fingerprint, Func restoreKeysGenerator, string path, CancellationToken token); // Properties set by tasks protected static class PipelineCacheTaskPluginConstants { public static readonly string Key = "key"; // this needs to match the input in the task. public static readonly string RestoreKeys = "restoreKeys"; public static readonly string Path = "path"; public static readonly string PipelineId = "pipelineId"; public static readonly string CacheHitVariable = "cacheHitVar"; public static readonly string Salt = "salt"; } } } ================================================ FILE: src/Agent.Plugins/PipelineCache/RestorePipelineCacheV0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Linq; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Microsoft.VisualStudio.Services.PipelineCache.WebApi; namespace Agent.Plugins.PipelineCache { public class RestorePipelineCacheV0 : PipelineCacheTaskPluginBase { public override string Stage => "main"; protected override async Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, Fingerprint fingerprint, Func restoreKeysGenerator, string path, CancellationToken token) { context.SetTaskVariable(RestoreStepRanVariableName, RestoreStepRanVariableValue); context.SetTaskVariable(ResolvedFingerPrintVariableName, fingerprint.ToString()); var server = new PipelineCacheServer(context); Fingerprint[] restoreFingerprints = restoreKeysGenerator(); await server.DownloadAsync( context, (new[] { fingerprint }).Concat(restoreFingerprints).ToArray(), path, context.GetInput(PipelineCacheTaskPluginConstants.CacheHitVariable, required: false), token); } } } ================================================ FILE: src/Agent.Plugins/PipelineCache/SavePipelineCacheV0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.PipelineCache.WebApi; namespace Agent.Plugins.PipelineCache { public class SavePipelineCacheV0 : PipelineCacheTaskPluginBase { public override string Stage => "post"; /* To mitigate the issue - https://github.com/microsoft/azure-pipelines-tasks/issues/10907, we need to check the restore condition logic, before creating the fingerprint. Hence we are overriding the RunAsync function to include that logic. */ public override async Task RunAsync(AgentTaskPluginExecutionContext context, CancellationToken token) { bool successSoFar = false; if (context.Variables.TryGetValue("agent.jobstatus", out VariableValue jobStatusVar)) { if (Enum.TryParse(jobStatusVar?.Value ?? string.Empty, true, out TaskResult jobStatus)) { if (jobStatus == TaskResult.Succeeded) { successSoFar = true; } } } if (!successSoFar) { context.Info($"Skipping because the job status was not 'Succeeded'."); return; } bool restoreStepRan = false; if (context.TaskVariables.TryGetValue(RestoreStepRanVariableName, out VariableValue ran)) { if (ran != null && ran.Value != null && ran.Value.Equals(RestoreStepRanVariableValue, StringComparison.Ordinal)) { restoreStepRan = true; } } if (!restoreStepRan) { context.Info($"Skipping because restore step did not run."); return; } await base.RunAsync(context, token); } protected override async Task ProcessCommandInternalAsync( AgentTaskPluginExecutionContext context, Fingerprint fingerprint, Func restoreKeysGenerator, string path, CancellationToken token) { string contentFormatValue = context.Variables.GetValueOrDefault(ContentFormatVariableName)?.Value ?? string.Empty; string calculatedFingerPrint = context.TaskVariables.GetValueOrDefault(ResolvedFingerPrintVariableName)?.Value ?? string.Empty; if (!string.IsNullOrWhiteSpace(calculatedFingerPrint) && !fingerprint.ToString().Equals(calculatedFingerPrint, StringComparison.Ordinal)) { context.Warning($"The given cache key has changed in its resolved value between restore and save steps;\n" + $"original key: {calculatedFingerPrint}\n" + $"modified key: {fingerprint}\n"); } ContentFormat contentFormat; if (string.IsNullOrWhiteSpace(contentFormatValue)) { contentFormat = ContentFormat.SingleTar; } else { contentFormat = Enum.Parse(contentFormatValue, ignoreCase: true); } PipelineCacheServer server = new PipelineCacheServer(context); await server.UploadAsync( context, fingerprint, path, token, contentFormat); } } } ================================================ FILE: src/Agent.Plugins/PipelineCache/TarUtils.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Diagnostics; using System.IO; using System.Linq; using System.Runtime.ExceptionServices; using System.Runtime.InteropServices; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.VisualStudio.Services.BlobStore.WebApi; namespace Agent.Plugins.PipelineCache { public static class TarUtils { public const string TarLocationEnvironmentVariableName = "VSTS_TAR_EXECUTABLE"; private readonly static bool isWindows = RuntimeInformation.IsOSPlatform(OSPlatform.Windows); private const string archive = "archive.tar"; /// /// Will archive files in the input path into a TAR file. /// /// The path to the TAR. public static async Task ArchiveFilesToTarAsync( AgentTaskPluginExecutionContext context, string inputPath, CancellationToken cancellationToken) { if (File.Exists(inputPath)) { throw new DirectoryNotFoundException($"Please specify path to a directory, File path is not allowed. {inputPath} is a file."); } var archiveFileName = CreateArchiveFileName(); var archiveFile = Path.Combine(Path.GetTempPath(), archiveFileName); ProcessStartInfo processStartInfo = GetCreateTarProcessInfo(context, archiveFileName, inputPath); Action actionOnFailure = () => { // Delete archive file. TryDeleteFile(archiveFile); }; await RunProcessAsync( context, processStartInfo, // no additional tasks on create are required to run whilst running the TAR process (Process process, CancellationToken ct) => Task.CompletedTask, actionOnFailure, cancellationToken); return archiveFile; } /// /// This will download the dedup into stdin stream while extracting the TAR simulataneously (piped). This is done by /// starting the download through a Task and starting the TAR/7z process which is reading from STDIN. /// /// /// Windows will use 7z to extract the TAR file (only if 7z is installed on the machine and is part of PATH variables). /// Non-Windows machines will extract TAR file using the 'tar' command'. /// public static Task DownloadAndExtractTarAsync( AgentTaskPluginExecutionContext context, Manifest manifest, DedupManifestArtifactClient dedupManifestClient, string targetDirectory, CancellationToken cancellationToken) { ValidateTarManifest(manifest); Directory.CreateDirectory(targetDirectory); DedupIdentifier dedupId = DedupIdentifier.Create(manifest.Items.Single(i => i.Path.EndsWith(archive, StringComparison.OrdinalIgnoreCase)).Blob.Id); ProcessStartInfo processStartInfo = GetExtractStartProcessInfo(context, targetDirectory); Func downloadTaskFunc = (process, ct) => Task.Run(async () => { try { await dedupManifestClient.DownloadToStreamAsync(dedupId, process.StandardInput.BaseStream, proxyUri: null, cancellationToken: ct); process.StandardInput.BaseStream.Close(); } catch (Exception e) { try { process.Kill(); } catch { } ExceptionDispatchInfo.Capture(e).Throw(); } }); return RunProcessAsync( context, processStartInfo, downloadTaskFunc, () => { }, cancellationToken); } internal static async Task RunProcessAsync( AgentTaskPluginExecutionContext context, ProcessStartInfo processStartInfo, Func additionalTaskToExecuteWhilstRunningProcess, Action actionOnFailure, CancellationToken cancellationToken) { using (var process = new Process()) { process.StartInfo = processStartInfo; process.EnableRaisingEvents = true; try { context.Debug($"Starting '{process.StartInfo.FileName}' with arguments '{process.StartInfo.Arguments}'..."); process.Start(); } catch (Exception e) { // couldn't start the process, so throw a slightly nicer message about required dependencies: throw new InvalidOperationException($"Failed to start the required dependency '{process.StartInfo.FileName}'. Please verify the correct version is installed and available on the path.", e); } // Our goal is to always have the process ended or killed by the time we exit the function. try { await additionalTaskToExecuteWhilstRunningProcess(process, cancellationToken); process.WaitForExit(); int exitCode = process.ExitCode; if (exitCode == 0) { context.Output($"Process exit code: {exitCode}"); } else { throw new Exception($"Process returned non-zero exit code: {exitCode}"); } } catch (Exception e) { actionOnFailure(); ExceptionDispatchInfo.Capture(e).Throw(); } } } private static void CreateProcessStartInfo(ProcessStartInfo processStartInfo, string processFileName, string[] processArguments, string processWorkingDirectory) { processStartInfo.FileName = processFileName; foreach (var arg in processArguments) { processStartInfo.ArgumentList.Add(arg); } processStartInfo.UseShellExecute = false; processStartInfo.RedirectStandardInput = true; processStartInfo.WorkingDirectory = processWorkingDirectory; } private static ProcessStartInfo GetCreateTarProcessInfo(AgentTaskPluginExecutionContext context, string archiveFileName, string inputPath) { var processFileName = GetTar(context); inputPath = inputPath.TrimEnd(Path.DirectorySeparatorChar).TrimEnd(Path.AltDirectorySeparatorChar); var args = new System.Collections.Generic.List(); if (context.IsSystemDebugTrue()) { args.Add("-v"); } if (isWindows) { args.Add("-h"); } args.Add("-cf"); args.Add(archiveFileName); args.Add("-C"); args.Add(inputPath); args.Add("."); ProcessStartInfo processStartInfo = new ProcessStartInfo(); CreateProcessStartInfo(processStartInfo, processFileName, args.ToArray(), processWorkingDirectory: Path.GetTempPath()); // We want to create the archiveFile in temp folder, and hence starting the tar process from TEMP to avoid absolute paths in tar cmd line. return processStartInfo; } private static string GetTar(AgentTaskPluginExecutionContext context) { // check if the user specified the tar executable to use: string location = Environment.GetEnvironmentVariable(TarLocationEnvironmentVariableName); return String.IsNullOrWhiteSpace(location) ? "tar" : location; } private static ProcessStartInfo GetExtractStartProcessInfo(AgentTaskPluginExecutionContext context, string targetDirectory) { string processFileName; var args = new System.Collections.Generic.List(); if (isWindows && CheckIf7ZExists()) { processFileName = "7z"; if (context.IsSystemDebugTrue()) { args.Add("-bb1"); } args.Add("x"); args.Add("-si"); args.Add("-aoa"); args.Add($"-o{targetDirectory}"); args.Add("-ttar"); } else { processFileName = GetTar(context); if (context.IsSystemDebugTrue()) { args.Add("-v"); } args.Add("-xf"); args.Add("-"); args.Add("-C"); args.Add("."); // Instead of targetDirectory, we are providing . to tar, because the tar process is being started from targetDirectory. } ProcessStartInfo processStartInfo = new ProcessStartInfo(); CreateProcessStartInfo(processStartInfo, processFileName, args.ToArray(), processWorkingDirectory: targetDirectory); return processStartInfo; } private static void ValidateTarManifest(Manifest manifest) { if (manifest == null || manifest.Items.Count() != 1 || !manifest.Items.Single().Path.EndsWith(archive, StringComparison.OrdinalIgnoreCase)) { throw new ArgumentException($"Manifest containing a tar cannot have more than one item."); } } private static void TryDeleteFile(string fileName) { try { if (File.Exists(fileName)) { File.Delete(fileName); } } catch { } } private static string CreateArchiveFileName() { return $"{Guid.NewGuid().ToString("N")}_{archive}"; } private static bool CheckIf7ZExists() { using (var process = new Process()) { process.StartInfo.FileName = "7z"; process.StartInfo.RedirectStandardError = true; process.StartInfo.RedirectStandardOutput = true; try { process.Start(); } catch { return false; } return true; } } } } ================================================ FILE: src/Agent.Plugins/PipelineCache/Telemetry/PipelineCacheActionRecord.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Sdk; using Agent.Plugins.PipelineArtifact.Telemetry; using Microsoft.VisualStudio.Services.Content.Common.Telemetry; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.BlobStore.Common.Telemetry; using Microsoft.VisualStudio.Services.PipelineCache.WebApi; using Microsoft.VisualStudio.Services.PipelineCache.WebApi.Telemetry; namespace Agent.Plugins.PipelineCache.Telemetry { /// /// Generic telemetry record for use with Pipeline Caching events. /// public class PipelineCacheActionRecord : PipelineCacheTelemetryRecord { public static long FileCount { get; private set; } public PipelineCacheActionRecord(TelemetryInformationLevel level, Uri baseAddress, string eventNamePrefix, string eventNameSuffix, AgentTaskPluginExecutionContext context, uint attemptNumber = 1) : base( level: level, baseAddress: baseAddress, eventNamePrefix: eventNamePrefix, eventNameSuffix: eventNameSuffix, planId: Guid.Parse(context.Variables["system.planId"].Value), jobId: Guid.Parse(context.Variables["system.jobId"].Value), taskInstanceId: Guid.Parse(context.Variables["system.taskInstanceId"].Value), attemptNumber: attemptNumber) { } protected override void SetMeasuredActionResult(T value) { if (value is PublishResult) { PublishResult result = value as PublishResult; FileCount = result.FileCount; } base.SetMeasuredActionResult(value); } } } ================================================ FILE: src/Agent.Plugins/RepositoryPlugin.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Newtonsoft.Json.Linq; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using System.IO; namespace Agent.Plugins.Repository { public interface ISourceProvider { Task GetSourceAsync(AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository, CancellationToken cancellationToken); Task PostJobCleanupAsync(AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository); } public abstract class RepositoryTask : IAgentTaskPlugin { private static readonly HashSet _checkoutOptions = new HashSet(StringComparer.OrdinalIgnoreCase) { Pipelines.PipelineConstants.CheckoutTaskInputs.Clean, Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth, Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs, Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials, Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules, }; protected RepositoryTask() : this(new SourceProviderFactory()) { } protected RepositoryTask(ISourceProviderFactory sourceProviderFactory) { SourceProviderFactory = sourceProviderFactory; } public Guid Id => Pipelines.PipelineConstants.CheckoutTask.Id; public ISourceProviderFactory SourceProviderFactory { get; } public abstract string Stage { get; } public abstract Task RunAsync(AgentTaskPluginExecutionContext executionContext, CancellationToken token); protected void MergeCheckoutOptions(AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository) { // Merge the repository checkout options if ((!executionContext.Variables.TryGetValue("MERGE_CHECKOUT_OPTIONS", out VariableValue mergeCheckoutOptions) || !String.Equals(mergeCheckoutOptions.Value, "false", StringComparison.OrdinalIgnoreCase)) && repository.Properties.Get(Pipelines.RepositoryPropertyNames.CheckoutOptions) is JObject checkoutOptions) { foreach (var pair in checkoutOptions) { var inputName = pair.Key; // Skip if unexpected checkout option if (!_checkoutOptions.Contains(inputName)) { executionContext.Debug($"Unexpected checkout option '{inputName}'"); continue; } // Skip if input defined if (executionContext.Inputs.TryGetValue(inputName, out string inputValue) && !string.IsNullOrEmpty(inputValue)) { continue; } try { executionContext.Inputs[inputName] = pair.Value.ToObject(); } catch (Exception ex) { executionContext.Debug($"Error setting the checkout option '{inputName}': {ex.Message}"); } } } } protected bool HasMultipleCheckouts(AgentTaskPluginExecutionContext executionContext) { return executionContext != null && RepositoryUtil.HasMultipleCheckouts(executionContext.JobSettings); } protected TeeUtil teeUtil; protected void initializeTeeUtil(AgentTaskPluginExecutionContext executionContext, CancellationToken cancellationToken) { teeUtil = new TeeUtil( executionContext.Variables.GetValueOrDefault("Agent.HomeDirectory")?.Value, executionContext.Variables.GetValueOrDefault("Agent.TempDirectory")?.Value, AgentKnobs.TeePluginDownloadRetryCount.GetValue(executionContext).AsInt(), executionContext.Debug, cancellationToken ); } } public class CheckoutTask : RepositoryTask { public CheckoutTask() { } public CheckoutTask(ISourceProviderFactory sourceProviderFactory) : base(sourceProviderFactory) { } public override string Stage => "main"; public override async Task RunAsync(AgentTaskPluginExecutionContext executionContext, CancellationToken token) { var sourceSkipVar = StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("agent.source.skip")?.Value) || !StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("build.syncSources")?.Value ?? bool.TrueString); if (sourceSkipVar) { executionContext.Output($"Skip sync source for repository."); return; } var repoAlias = executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.Repository, true); var repo = executionContext.Repositories.Single(x => string.Equals(x.Alias, repoAlias, StringComparison.OrdinalIgnoreCase)); executionContext.PublishTelemetry(area: "AzurePipelinesAgent", feature: "Checkout", properties: new Dictionary { { "RepoType", $"{repo.Type}" }, { "HostOS", $"{PlatformUtil.HostOS}" } }); MergeCheckoutOptions(executionContext, repo); var currentRepoPath = repo.Properties.Get(Pipelines.RepositoryPropertyNames.Path); var workDirectory = executionContext.Variables.GetValueOrDefault("agent.workfolder")?.Value; var buildDirectory = executionContext.Variables.GetValueOrDefault("agent.builddirectory")?.Value; var tempDirectory = executionContext.Variables.GetValueOrDefault("agent.tempdirectory")?.Value; ArgUtil.NotNullOrEmpty(currentRepoPath, nameof(currentRepoPath)); ArgUtil.NotNullOrEmpty(workDirectory, nameof(workDirectory)); ArgUtil.NotNullOrEmpty(buildDirectory, nameof(buildDirectory)); ArgUtil.NotNullOrEmpty(tempDirectory, nameof(tempDirectory)); // Determine the path that we should clone/move the repository into const string sourcesDirectory = "s"; //Constants.Build.Path.SourcesDirectory string expectRepoPath; var path = executionContext.GetInput("path"); var maxRootDirectory = buildDirectory; if (!string.IsNullOrEmpty(path)) { // When the checkout task provides a path, always use that one expectRepoPath = IOUtil.ResolvePath(buildDirectory, path); if (AgentKnobs.AllowWorkDirectoryRepositories.GetValue(executionContext).AsBoolean()) { maxRootDirectory = workDirectory; } if (!expectRepoPath.StartsWith(maxRootDirectory.Replace(Path.AltDirectorySeparatorChar, Path.DirectorySeparatorChar) + Path.DirectorySeparatorChar)) { throw new ArgumentException($"Input path '{path}' should resolve to a directory under '{maxRootDirectory}', current resolved path '{expectRepoPath}'."); } } else if (HasMultipleCheckouts(executionContext)) { // When there are multiple checkout tasks (and this one didn't set the path), default to directory 1/s/ expectRepoPath = Path.Combine(buildDirectory, sourcesDirectory, RepositoryUtil.GetCloneDirectory(repo)); } else { // When there's a single checkout task that doesn't have path set, default to sources directory 1/s expectRepoPath = Path.Combine(buildDirectory, sourcesDirectory); } // Update the repository path in the worker process executionContext.UpdateRepositoryPath(repoAlias, expectRepoPath); executionContext.Debug($"Repository requires to be placed at '{expectRepoPath}', current location is '{currentRepoPath}'"); if (!string.Equals(currentRepoPath.Trim(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar), expectRepoPath.Trim(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar), IOUtil.FilePathStringComparison)) { executionContext.Output($"Repository is current at '{currentRepoPath}', move to '{expectRepoPath}'."); var count = 1; var staging = Path.Combine(tempDirectory, $"_{count}"); while (Directory.Exists(staging)) { count++; staging = Path.Combine(tempDirectory, $"_{count}"); } try { executionContext.Debug($"Move existing repository '{currentRepoPath}' to '{expectRepoPath}' via staging directory '{staging}'."); IOUtil.MoveDirectory(currentRepoPath, expectRepoPath, staging, CancellationToken.None); } catch (Exception ex) { executionContext.Debug("Catch exception during repository move."); executionContext.Debug(ex.ToString()); executionContext.Warning("Unable move and reuse existing repository to required location."); try { await IOUtil.DeleteDirectoryWithRetry(expectRepoPath, CancellationToken.None); } catch (Exception ioEx) { executionContext.Output($"Unable to delete existing repository on required location: {ioEx.GetType()}"); throw; } } executionContext.Output($"Repository will be located at '{expectRepoPath}'."); repo.Properties.Set(Pipelines.RepositoryPropertyNames.Path, expectRepoPath); } if (!PlatformUtil.RunningOnWindows && string.Equals(repo.Type, Pipelines.RepositoryTypes.Tfvc, StringComparison.OrdinalIgnoreCase)) { initializeTeeUtil(executionContext, token); await teeUtil.DownloadTeeIfAbsent(); } ISourceProvider sourceProvider = SourceProviderFactory.GetSourceProvider(repo.Type); await sourceProvider.GetSourceAsync(executionContext, repo, token); } } public class CleanupTask : RepositoryTask { public override string Stage => "post"; public override async Task RunAsync(AgentTaskPluginExecutionContext executionContext, CancellationToken token) { var repoAlias = executionContext.TaskVariables.GetValueOrDefault("repository")?.Value; if (!string.IsNullOrEmpty(repoAlias)) { var repo = executionContext.Repositories.Single(x => string.Equals(x.Alias, repoAlias, StringComparison.OrdinalIgnoreCase)); ArgUtil.NotNull(repo, nameof(repo)); MergeCheckoutOptions(executionContext, repo); ISourceProvider sourceProvider = SourceProviderFactory.GetSourceProvider(repo.Type); await sourceProvider.PostJobCleanupAsync(executionContext, repo); } if (!PlatformUtil.RunningOnWindows && !AgentKnobs.DisableTeePluginRemoval.GetValue(executionContext).AsBoolean()) { initializeTeeUtil(executionContext, token); try { teeUtil.DeleteTee(); } catch (Exception ex) { executionContext.Output($"Unable to delete existing repository on required location. ex:{ex.GetType}"); throw; } } } } public interface ISourceProviderFactory { ISourceProvider GetSourceProvider(string repositoryType); } public class SourceProviderFactory : ISourceProviderFactory { public virtual ISourceProvider GetSourceProvider(string repositoryType) { ISourceProvider sourceProvider = null; if (string.Equals(repositoryType, Pipelines.RepositoryTypes.GitHub, StringComparison.OrdinalIgnoreCase) || string.Equals(repositoryType, Pipelines.RepositoryTypes.GitHubEnterprise, StringComparison.OrdinalIgnoreCase)) { sourceProvider = new GitHubSourceProvider(); } else if (string.Equals(repositoryType, Pipelines.RepositoryTypes.Bitbucket, StringComparison.OrdinalIgnoreCase)) { sourceProvider = new BitbucketGitSourceProvider(); } else if (string.Equals(repositoryType, Pipelines.RepositoryTypes.ExternalGit, StringComparison.OrdinalIgnoreCase)) { sourceProvider = new ExternalGitSourceProvider(); } else if (string.Equals(repositoryType, Pipelines.RepositoryTypes.Git, StringComparison.OrdinalIgnoreCase)) { sourceProvider = new TfsGitSourceProvider(); } else if (string.Equals(repositoryType, Pipelines.RepositoryTypes.Tfvc, StringComparison.OrdinalIgnoreCase)) { sourceProvider = new TfsVCSourceProvider(); } else if (string.Equals(repositoryType, Pipelines.RepositoryTypes.Svn, StringComparison.OrdinalIgnoreCase)) { sourceProvider = new SvnSourceProvider(); } else { throw new NotSupportedException(repositoryType); } return sourceProvider; } } } ================================================ FILE: src/Agent.Plugins/SvnCliManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text; using System.Threading; using System.Threading.Tasks; using System.Xml.Serialization; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Agent.Sdk; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Plugins.Repository { public class SvnCliManager { /// /// Initializes svn command path and execution environment /// /// The build commands' execution context /// The Subversion server endpoint providing URL, username/password, and untrasted certs acceptace information /// The cancellation token used to stop svn command execution public void Init( AgentTaskPluginExecutionContext context, Pipelines.RepositoryResource repository, CancellationToken cancellationToken) { // Validation. ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(repository, nameof(repository)); ArgUtil.NotNull(cancellationToken, nameof(cancellationToken)); ArgUtil.NotNull(repository.Url, nameof(repository.Url)); ArgUtil.Equal(true, repository.Url.IsAbsoluteUri, nameof(repository.Url.IsAbsoluteUri)); ArgUtil.NotNull(repository.Endpoint, nameof(repository.Endpoint)); ServiceEndpoint endpoint = context.Endpoints.Single( x => (repository.Endpoint.Id != Guid.Empty && x.Id == repository.Endpoint.Id) || (repository.Endpoint.Id == Guid.Empty && string.Equals(x.Name, repository.Endpoint.Name.ToString(), StringComparison.OrdinalIgnoreCase))); ArgUtil.NotNull(endpoint.Data, nameof(endpoint.Data)); ArgUtil.NotNull(endpoint.Authorization, nameof(endpoint.Authorization)); ArgUtil.NotNull(endpoint.Authorization.Parameters, nameof(endpoint.Authorization.Parameters)); ArgUtil.Equal(EndpointAuthorizationSchemes.UsernamePassword, endpoint.Authorization.Scheme, nameof(endpoint.Authorization.Scheme)); _context = context; _repository = repository; _cancellationToken = cancellationToken; // Find svn in %Path% string svnPath = WhichUtil.Which("svn", trace: context); if (string.IsNullOrEmpty(svnPath)) { throw new Exception(StringUtil.Loc("SvnNotInstalled")); } else { _context.Debug($"Found svn installation path: {svnPath}."); _svn = svnPath; } // External providers may need basic auth or tokens endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.Username, out _username); endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.Password, out _password); if (endpoint.Data.TryGetValue(EndpointData.AcceptUntrustedCertificates, out string endpointAcceptUntrustedCerts)) { _acceptUntrusted = StringUtil.ConvertToBoolean(endpointAcceptUntrustedCerts); } _acceptUntrusted = _acceptUntrusted || (context.GetCertConfiguration()?.SkipServerCertificateValidation ?? false); } /// /// Detects old mappings (if any) and refreshes the SVN working copies to match the new mappings. /// /// /// /// /// /// /// public async Task UpdateWorkspace( string rootPath, Dictionary distinctMappings, bool cleanRepository, string sourceBranch, string revision) { if (cleanRepository) { // A clean build has been requested IOUtil.DeleteDirectory(rootPath, _cancellationToken); Directory.CreateDirectory(rootPath); } Dictionary oldMappings = await GetOldMappings(rootPath); _context.Debug($"oldMappings.Count: {oldMappings.Count}"); oldMappings.ToList().ForEach(p => _context.Debug($" [{p.Key}] {p.Value}")); Dictionary newMappings = BuildNewMappings(rootPath, sourceBranch, distinctMappings); _context.Debug($"newMappings.Count: {newMappings.Count}"); newMappings.ToList().ForEach(p => _context.Debug($" [{p.Key}] ServerPath: {p.Value.ServerPath}, LocalPath: {p.Value.LocalPath}, Depth: {p.Value.Depth}, Revision: {p.Value.Revision}, IgnoreExternals: {p.Value.IgnoreExternals}")); CleanUpSvnWorkspace(oldMappings, newMappings); long maxRevision = 0; foreach (SvnMappingDetails mapping in newMappings.Values) { long mappingRevision = await GetLatestRevisionAsync(mapping.ServerPath, revision); if (mappingRevision > maxRevision) { maxRevision = mappingRevision; } } await UpdateToRevisionAsync(oldMappings, newMappings, maxRevision); return maxRevision > 0 ? maxRevision.ToString() : "HEAD"; } private async Task> GetOldMappings(string rootPath) { if (File.Exists(rootPath)) { throw new Exception(StringUtil.Loc("SvnFileAlreadyExists", rootPath)); } Dictionary mappings = new Dictionary(); if (Directory.Exists(rootPath)) { foreach (string workingDirectoryPath in GetSvnWorkingCopyPaths(rootPath)) { Uri url = await GetRootUrlAsync(workingDirectoryPath); if (url != null) { mappings.Add(workingDirectoryPath, url); } } } return mappings; } private List GetSvnWorkingCopyPaths(string rootPath) { if (Directory.Exists(Path.Combine(rootPath, ".svn"))) { return new List() { rootPath }; } else { ConcurrentStack candidates = new ConcurrentStack(); Directory.EnumerateDirectories(rootPath, "*", SearchOption.TopDirectoryOnly) .AsParallel() .ForAll(fld => candidates.PushRange(GetSvnWorkingCopyPaths(fld).ToArray())); return candidates.ToList(); } } private Dictionary BuildNewMappings(string rootPath, string sourceBranch, Dictionary distinctMappings) { Dictionary mappings = new Dictionary(); if (distinctMappings != null && distinctMappings.Count > 0) { foreach (KeyValuePair mapping in distinctMappings) { SvnMappingDetails mappingDetails = mapping.Value; string localPath = mappingDetails.LocalPath; string absoluteLocalPath = Path.Combine(rootPath, localPath); SvnMappingDetails newMappingDetails = new SvnMappingDetails(); newMappingDetails.ServerPath = mappingDetails.ServerPath; newMappingDetails.LocalPath = absoluteLocalPath; newMappingDetails.Revision = mappingDetails.Revision; newMappingDetails.Depth = mappingDetails.Depth; newMappingDetails.IgnoreExternals = mappingDetails.IgnoreExternals; mappings.Add(absoluteLocalPath, newMappingDetails); } } else { SvnMappingDetails newMappingDetails = new SvnMappingDetails(); newMappingDetails.ServerPath = sourceBranch; newMappingDetails.LocalPath = rootPath; newMappingDetails.Revision = "HEAD"; newMappingDetails.Depth = 3; //Infinity newMappingDetails.IgnoreExternals = true; mappings.Add(rootPath, newMappingDetails); } return mappings; } /// /// svn info URL --depth empty --revision --xml --username --password --non-interactive [--trust-server-cert] /// /// /// /// public async Task GetLatestRevisionAsync(string serverPath, string sourceRevision) { _context.Debug($@"Get latest revision of: '{_repository.Url.AbsoluteUri}' at or before: '{sourceRevision}'."); string xml = await RunPorcelainCommandAsync( "info", BuildSvnUri(serverPath), "--depth", "empty", "--revision", sourceRevision, "--xml"); // Deserialize the XML. // The command returns a non-zero exit code if the source revision is not found. // The assertions performed here should never fail. XmlSerializer serializer = new XmlSerializer(typeof(SvnInfo)); ArgUtil.NotNullOrEmpty(xml, nameof(xml)); using (StringReader reader = new StringReader(xml)) { SvnInfo info = serializer.Deserialize(reader) as SvnInfo; ArgUtil.NotNull(info, nameof(info)); ArgUtil.NotNull(info.Entries, nameof(info.Entries)); ArgUtil.Equal(1, info.Entries.Length, nameof(info.Entries.Length)); long revision = 0; long.TryParse(info.Entries[0].Commit?.Revision ?? sourceRevision, out revision); return revision; } } /// /// Finds a local path the provided server path is mapped to. /// /// /// /// public string ResolveServerPath(string serverPath, string rootPath) { ArgUtil.Equal(true, serverPath.StartsWith(@"^/"), nameof(serverPath)); foreach (string workingDirectoryPath in GetSvnWorkingCopyPaths(rootPath)) { try { _context.Debug($@"Get SVN info for the working directory path '{workingDirectoryPath}'."); string xml = RunPorcelainCommandAsync( "info", workingDirectoryPath, "--depth", "empty", "--xml").GetAwaiter().GetResult(); // Deserialize the XML. // The command returns a non-zero exit code if the local path is not a working copy. // The assertions performed here should never fail. XmlSerializer serializer = new XmlSerializer(typeof(SvnInfo)); ArgUtil.NotNullOrEmpty(xml, nameof(xml)); using (StringReader reader = new StringReader(xml)) { SvnInfo info = serializer.Deserialize(reader) as SvnInfo; ArgUtil.NotNull(info, nameof(info)); ArgUtil.NotNull(info.Entries, nameof(info.Entries)); ArgUtil.Equal(1, info.Entries.Length, nameof(info.Entries.Length)); if (serverPath.Equals(info.Entries[0].RelativeUrl, StringComparison.Ordinal) || serverPath.StartsWith(info.Entries[0].RelativeUrl + '/', StringComparison.Ordinal)) { // We've found the mapping the serverPath belongs to. int n = info.Entries[0].RelativeUrl.Length; string relativePath = serverPath.Length <= n + 1 ? string.Empty : serverPath.Substring(n + 1); return Path.Combine(workingDirectoryPath, relativePath); } } } catch (ProcessExitCodeException) { _context.Debug($@"The path '{workingDirectoryPath}' is not an SVN working directory path."); } } _context.Debug($@"Haven't found any suitable mapping for '{serverPath}'"); // Since the server path starts with the "^/" prefix we return the original path without these two characters. return serverPath.Substring(2); } private async Task GetRootUrlAsync(string localPath) { _context.Debug($@"Get URL for: '{localPath}'."); try { string xml = await RunPorcelainCommandAsync( "info", localPath, "--depth", "empty", "--xml"); // Deserialize the XML. // The command returns a non-zero exit code if the local path is not a working copy. // The assertions performed here should never fail. XmlSerializer serializer = new XmlSerializer(typeof(SvnInfo)); ArgUtil.NotNullOrEmpty(xml, nameof(xml)); using (StringReader reader = new StringReader(xml)) { SvnInfo info = serializer.Deserialize(reader) as SvnInfo; ArgUtil.NotNull(info, nameof(info)); ArgUtil.NotNull(info.Entries, nameof(info.Entries)); ArgUtil.Equal(1, info.Entries.Length, nameof(info.Entries.Length)); return new Uri(info.Entries[0].Url); } } catch (ProcessExitCodeException) { _context.Debug($@"The folder '{localPath}.svn' seems not to be a subversion system directory."); return null; } } private async Task UpdateToRevisionAsync(Dictionary oldMappings, Dictionary newMappings, long maxRevision) { foreach (KeyValuePair mapping in newMappings) { string localPath = mapping.Key; SvnMappingDetails mappingDetails = mapping.Value; string effectiveServerUri = BuildSvnUri(mappingDetails.ServerPath); string effectiveRevision = EffectiveRevision(mappingDetails.Revision, maxRevision); mappingDetails.Revision = effectiveRevision; if (!Directory.Exists(Path.Combine(localPath, ".svn"))) { _context.Debug(String.Format( "Checking out with depth: {0}, revision: {1}, ignore externals: {2}", mappingDetails.Depth, effectiveRevision, mappingDetails.IgnoreExternals)); mappingDetails.ServerPath = effectiveServerUri; await CheckoutAsync(mappingDetails); } else if (oldMappings.ContainsKey(localPath) && oldMappings[localPath].Equals(new Uri(effectiveServerUri))) { _context.Debug(String.Format( "Updating with depth: {0}, revision: {1}, ignore externals: {2}", mappingDetails.Depth, mappingDetails.Revision, mappingDetails.IgnoreExternals)); await UpdateAsync(mappingDetails); } else { _context.Debug(String.Format( "Switching to {0} with depth: {1}, revision: {2}, ignore externals: {3}", mappingDetails.ServerPath, mappingDetails.Depth, mappingDetails.Revision, mappingDetails.IgnoreExternals)); await SwitchAsync(mappingDetails); } } } private string EffectiveRevision(string mappingRevision, long maxRevision) { if (!mappingRevision.Equals("HEAD", StringComparison.OrdinalIgnoreCase)) { // A specific revision has been requested in mapping return mappingRevision; } else if (maxRevision == 0) { // Tip revision return "HEAD"; } else { return maxRevision.ToString(); } } private void CleanUpSvnWorkspace(Dictionary oldMappings, Dictionary newMappings) { _context.Debug("Clean up Svn workspace."); oldMappings.Where(m => !newMappings.ContainsKey(m.Key)) .AsParallel() .ForAll(m => { _context.Debug($@"Delete unmapped folder: '{m.Key}'"); IOUtil.DeleteDirectory(m.Key, CancellationToken.None); }); } /// /// svn update localPath --depth empty --revision --xml --username lin --password ideafix --non-interactive [--trust-server-cert] /// /// /// private async Task UpdateAsync(SvnMappingDetails mapping) { _context.Debug($@"Update '{mapping.LocalPath}'."); await RunCommandAsync( "update", mapping.LocalPath, "--revision", mapping.Revision, "--depth", ToDepthArgument(mapping.Depth), mapping.IgnoreExternals ? "--ignore-externals" : null); } /// /// svn switch localPath --depth empty --revision --xml --username lin --password ideafix --non-interactive [--trust-server-cert] /// /// /// private async Task SwitchAsync(SvnMappingDetails mapping) { _context.Debug($@"Switch '{mapping.LocalPath}' to '{mapping.ServerPath}'."); await RunCommandAsync( "switch", $"^/{mapping.ServerPath}", mapping.LocalPath, "--ignore-ancestry", "--revision", mapping.Revision, "--depth", ToDepthArgument(mapping.Depth), mapping.IgnoreExternals ? "--ignore-externals" : null); } /// /// svn checkout localPath --depth empty --revision --xml --username lin --password ideafix --non-interactive [--trust-server-cert] /// /// /// private async Task CheckoutAsync(SvnMappingDetails mapping) { _context.Debug($@"Checkout '{mapping.ServerPath}' to '{mapping.LocalPath}'."); await RunCommandAsync( "checkout", mapping.ServerPath, mapping.LocalPath, "--revision", mapping.Revision, "--depth", ToDepthArgument(mapping.Depth), mapping.IgnoreExternals ? "--ignore-externals" : null); } private string BuildSvnUri(string serverPath) { StringBuilder sb = new StringBuilder(_repository.Url.ToString()); if (!string.IsNullOrEmpty(serverPath)) { if (sb[sb.Length - 1] != '/') { sb.Append('/'); } sb.Append(serverPath); } return sb.Replace('\\', '/').ToString(); } private string FormatArgumentsWithDefaults(params string[] args) { // Format each arg. List formattedArgs = new List(); foreach (string arg in args ?? new string[0]) { if (!string.IsNullOrEmpty(arg)) { // Validate the arg. if (arg.IndexOfAny(new char[] { '"', '\r', '\n' }) >= 0) { throw new Exception(StringUtil.Loc("InvalidCommandArg", arg)); } // Add the arg. formattedArgs.Add(QuotedArgument(arg)); } } // Add the common parameters. if (_acceptUntrusted) { formattedArgs.Add("--trust-server-cert"); } if (!string.IsNullOrWhiteSpace(_username)) { formattedArgs.Add("--username"); formattedArgs.Add(QuotedArgument(_username)); } if (!string.IsNullOrWhiteSpace(_password)) { formattedArgs.Add("--password"); formattedArgs.Add(QuotedArgument(_password)); } formattedArgs.Add("--no-auth-cache"); // Do not cache credentials formattedArgs.Add("--non-interactive"); // Add proxy setting parameters var agentProxy = _context.GetProxyConfiguration(); if (agentProxy != null && !string.IsNullOrEmpty(agentProxy.ProxyAddress) && !agentProxy.WebProxy.IsBypassed(_repository.Url)) { _context.Debug($"Add proxy setting parameters to '{_svn}' for proxy server '{agentProxy.ProxyAddress}'."); formattedArgs.Add("--config-option"); formattedArgs.Add(QuotedArgument($"servers:global:http-proxy-host={new Uri(agentProxy.ProxyAddress).Host}")); formattedArgs.Add("--config-option"); formattedArgs.Add(QuotedArgument($"servers:global:http-proxy-port={new Uri(agentProxy.ProxyAddress).Port}")); if (!string.IsNullOrEmpty(agentProxy.ProxyUsername)) { formattedArgs.Add("--config-option"); formattedArgs.Add(QuotedArgument($"servers:global:http-proxy-username={agentProxy.ProxyUsername}")); } if (!string.IsNullOrEmpty(agentProxy.ProxyPassword)) { formattedArgs.Add("--config-option"); formattedArgs.Add(QuotedArgument($"servers:global:http-proxy-password={agentProxy.ProxyPassword}")); } } return string.Join(" ", formattedArgs); } private string QuotedArgument(string arg) { char quote = '\"'; char altQuote = '\''; if (arg.IndexOf(quote) > -1) { quote = '\''; altQuote = '\"'; } return (arg.IndexOfAny(new char[] { ' ', altQuote }) == -1) ? arg : $"{quote}{arg}{quote}"; } private string ToDepthArgument(int depth) { switch (depth) { case 0: return "empty"; case 1: return "files"; case 2: return "immediates"; default: return "infinity"; } } private async Task RunCommandAsync(params string[] args) { // Validation. ArgUtil.NotNull(args, nameof(args)); ArgUtil.NotNull(_context, nameof(_context)); // Invoke tf. using (var processInvoker = new ProcessInvoker(_context)) { var outputLock = new object(); processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { _context.Output(e.Data); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { _context.Output(e.Data); } }; string arguments = FormatArgumentsWithDefaults(args); _context.Command($@"{_svn} {arguments}"); await processInvoker.ExecuteAsync( workingDirectory: _context.Variables.GetValueOrDefault("agent.workfolder")?.Value, fileName: _svn, arguments: arguments, environment: null, requireExitCodeZero: true, cancellationToken: _cancellationToken); } } private async Task RunPorcelainCommandAsync(params string[] args) { // Validation. ArgUtil.NotNull(args, nameof(args)); ArgUtil.NotNull(_context, nameof(_context)); // Invoke tf. using (var processInvoker = new ProcessInvoker(_context)) { var output = new List(); var outputLock = new object(); processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { _context.Debug(e.Data); output.Add(e.Data); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { _context.Debug(e.Data); output.Add(e.Data); } }; string arguments = FormatArgumentsWithDefaults(args); _context.Debug($@"{_svn} {arguments}"); // TODO: Test whether the output encoding needs to be specified on a non-Latin OS. try { await processInvoker.ExecuteAsync( workingDirectory: _context.Variables.GetValueOrDefault("agent.workfolder")?.Value, fileName: _svn, arguments: arguments, environment: null, requireExitCodeZero: true, cancellationToken: _cancellationToken); } catch (ProcessExitCodeException) { // The command failed. Dump the output and throw. output.ForEach(x => _context.Output(x ?? string.Empty)); throw; } // Note, string.join gracefully handles a null element within the IEnumerable. return string.Join(Environment.NewLine, output); } } /// /// Removes unused and duplicate mappings. /// /// /// public Dictionary NormalizeMappings(List allMappings) { // We use Ordinal comparer because SVN is case sensetive and keys in the dictionary are URLs. Dictionary distinctMappings = new Dictionary(StringComparer.Ordinal); HashSet localPaths = new HashSet(StringComparer.Ordinal); foreach (SvnMappingDetails map in allMappings) { string localPath = NormalizeRelativePath(map.LocalPath, Path.DirectorySeparatorChar, '/'); string serverPath = NormalizeRelativePath(map.ServerPath, '/', '\\'); if (string.IsNullOrEmpty(serverPath)) { _context.Debug(StringUtil.Loc("SvnEmptyServerPath", localPath)); _context.Debug(StringUtil.Loc("SvnMappingIgnored")); distinctMappings.Clear(); distinctMappings.Add(string.Empty, map); break; } if (localPaths.Contains(localPath)) { _context.Debug(StringUtil.Loc("SvnMappingDuplicateLocal", localPath)); continue; } else { localPaths.Add(localPath); } if (distinctMappings.ContainsKey(serverPath)) { _context.Debug(StringUtil.Loc("SvnMappingDuplicateServer", serverPath)); continue; } // Put normalized values of the local and server paths back into the mapping. map.LocalPath = localPath; map.ServerPath = serverPath; distinctMappings.Add(serverPath, map); } return distinctMappings; } /// /// Normalizes path separator for server and local paths. /// /// /// /// /// public string NormalizeRelativePath(string path, char pathSeparator, char altPathSeparator) { string relativePath = (path ?? string.Empty).Replace(altPathSeparator, pathSeparator); relativePath = relativePath.Trim(pathSeparator, ' '); if (relativePath.Contains(":") || relativePath.Contains("..")) { throw new Exception(StringUtil.Loc("SvnIncorrectRelativePath", relativePath)); } return relativePath; } // The cancellation token used to stop svn command execution private CancellationToken _cancellationToken; // The Subversion repository providing URL and untrusted certs acceptace information private Pipelines.RepositoryResource _repository; // The build commands' execution context private AgentTaskPluginExecutionContext _context; // The svn command line utility location private string _svn; // The svn user name from SVN repository connection endpoint private string _username; // The svn user password from SVN repository connection endpoint private string _password; // The acceptUntrustedCerts property from SVN repository connection endpoint private bool _acceptUntrusted; } //////////////////////////////////////////////////////////////////////////////// // svn info data objects //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "info", Namespace = "")] public sealed class SvnInfo { [XmlElement(ElementName = "entry", Namespace = "")] public SvnInfoEntry[] Entries { get; set; } } public sealed class SvnInfoEntry { [XmlAttribute(AttributeName = "kind", Namespace = "")] public string Kind { get; set; } [XmlAttribute(AttributeName = "path", Namespace = "")] public string Path { get; set; } [XmlAttribute(AttributeName = "revision", Namespace = "")] public string Revision { get; set; } [XmlElement(ElementName = "url", Namespace = "")] public string Url { get; set; } [XmlElement(ElementName = "relative-url", Namespace = "")] public string RelativeUrl { get; set; } [XmlElement(ElementName = "repository", Namespace = "")] public SvnInfoRepository[] Repository { get; set; } [XmlElement(ElementName = "wc-info", Namespace = "", IsNullable = true)] public SvnInfoWorkingCopy[] WorkingCopyInfo { get; set; } [XmlElement(ElementName = "commit", Namespace = "")] public SvnInfoCommit Commit { get; set; } } public sealed class SvnInfoRepository { [XmlElement(ElementName = "wcroot-abspath", Namespace = "")] public string AbsPath { get; set; } [XmlElement(ElementName = "schedule", Namespace = "")] public string Schedule { get; set; } [XmlElement(ElementName = "depth", Namespace = "")] public string Depth { get; set; } } public sealed class SvnInfoWorkingCopy { [XmlElement(ElementName = "root", Namespace = "")] public string Root { get; set; } [XmlElement(ElementName = "uuid", Namespace = "")] public Guid Uuid { get; set; } } public sealed class SvnInfoCommit { [XmlAttribute(AttributeName = "revision", Namespace = "")] public string Revision { get; set; } [XmlElement(ElementName = "author", Namespace = "")] public string Author { get; set; } [XmlElement(ElementName = "date", Namespace = "")] public string Date { get; set; } } } ================================================ FILE: src/Agent.Plugins/SvnSourceProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.Build.WebApi; using Agent.Sdk; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Plugins.Repository { public sealed class SvnSourceProvider : ISourceProvider { public async Task GetSourceAsync( AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository, CancellationToken cancellationToken) { // Validate args. ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(repository, nameof(repository)); SvnCliManager svn = new SvnCliManager(); svn.Init(executionContext, repository, cancellationToken); // Determine the sources directory. string sourceDirectory = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); executionContext.Debug($"sourceDirectory={sourceDirectory}"); ArgUtil.NotNullOrEmpty(sourceDirectory, nameof(sourceDirectory)); string sourceBranch = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Ref); executionContext.Debug($"sourceBranch={sourceBranch}"); string revision = repository.Version; if (string.IsNullOrWhiteSpace(revision)) { revision = "HEAD"; } executionContext.Debug($"revision={revision}"); bool clean = StringUtil.ConvertToBoolean(executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.Clean)); executionContext.Debug($"clean={clean}"); // Get the definition mappings. var mappings = repository.Properties.Get>(Pipelines.RepositoryPropertyNames.Mappings); List allMappings = mappings.Select(x => new SvnMappingDetails() { ServerPath = x.ServerPath, LocalPath = x.LocalPath, Revision = x.Revision, Depth = x.Depth, IgnoreExternals = x.IgnoreExternals }).ToList(); if (StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("system.debug")?.Value)) { allMappings.ForEach(m => executionContext.Debug($"ServerPath: {m.ServerPath}, LocalPath: {m.LocalPath}, Depth: {m.Depth}, Revision: {m.Revision}, IgnoreExternals: {m.IgnoreExternals}")); } Dictionary normalizedMappings = svn.NormalizeMappings(allMappings); if (StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("system.debug")?.Value)) { executionContext.Debug($"Normalized mappings count: {normalizedMappings.Count}"); normalizedMappings.ToList().ForEach(p => executionContext.Debug($" [{p.Key}] ServerPath: {p.Value.ServerPath}, LocalPath: {p.Value.LocalPath}, Depth: {p.Value.Depth}, Revision: {p.Value.Revision}, IgnoreExternals: {p.Value.IgnoreExternals}")); } string normalizedBranch = svn.NormalizeRelativePath(sourceBranch, '/', '\\'); executionContext.Output(StringUtil.Loc("SvnSyncingRepo", repository.Properties.Get(Pipelines.RepositoryPropertyNames.Name))); string effectiveRevision = await svn.UpdateWorkspace( sourceDirectory, normalizedMappings, clean, normalizedBranch, revision); executionContext.Output(StringUtil.Loc("SvnBranchCheckedOut", normalizedBranch, repository.Properties.Get(Pipelines.RepositoryPropertyNames.Name), effectiveRevision)); } public Task PostJobCleanupAsync(AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository) { return Task.CompletedTask; } } } ================================================ FILE: src/Agent.Plugins/TFCliManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Util; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading.Tasks; using System.Xml.Serialization; using System.Text; using System.Xml; using System.Security.Cryptography.X509Certificates; using Microsoft.VisualStudio.Services.Agent.Util; using Agent.Sdk.Knob; namespace Agent.Plugins.Repository { public sealed class TFCliManager : TfsVCCliManager, ITfsVCCliManager { public override TfsVCFeatures Features { get { return TfsVCFeatures.DefaultWorkfoldMap | TfsVCFeatures.EscapedUrl | TfsVCFeatures.GetFromUnmappedRoot | TfsVCFeatures.LoginType | TfsVCFeatures.Scorch; } } // We ship a special version of TF.exe which uses UTF-8 instead of default encoding to support all the Unicode characters // to comply with GB18030. Mainstream TF.exe uses default system encoding for redirected output. protected override Encoding OutputEncoding => Encoding.UTF8; protected override string Switch => "/"; public static readonly int RetriesOnFailure = 3; private string TfPath => VarUtil.GetTfDirectoryPath(ExecutionContext); public string FilePath => Path.Combine(TfPath, "tf.exe"); private string AppConfigFile => Path.Combine(TfPath, "tf.exe.config"); private string AppConfigRestoreFile => Path.Combine(TfPath, "tf.exe.config.restore"); // TODO: Remove AddAsync after last-saved-checkin-metadata problem is fixed properly. public async Task AddAsync(string localPath) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "vc", "add", localPath); } public void CleanupProxySetting() { ArgUtil.File(AppConfigRestoreFile, "tf.exe.config.restore"); ExecutionContext.Debug("Restore default tf.exe.config."); IOUtil.DeleteFile(AppConfigFile); File.Copy(AppConfigRestoreFile, AppConfigFile); } public Task EulaAsync() { throw new NotSupportedException(); } public async Task GetAsync(string localPath, bool quiet = false) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunCommandAsync(FormatTags.OmitCollectionUrl, quiet, RetriesOnFailure, "vc", "get", $"/version:{SourceVersion}", "/recursive", "/overwrite", localPath); } public string ResolvePath(string serverPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); string localPath = RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "vc", "resolvePath", serverPath).GetAwaiter().GetResult(); return localPath?.Trim() ?? string.Empty; } // TODO: Fix scorch. Scorch blows up if a root mapping does not exist. // // No good workaround appears to exist. Attempting to resolve by workspace fails with // the same error. Switching to "*" instead of passing "SourcesDirectory" allows the // command to exit zero, but causes every source file to be deleted. // // The current approach taken is: allow the exception to bubble. The TfsVCSourceProvider // will catch the exception, log it as a warning, throw away the workspace, and re-clone. public async Task ScorchAsync() => await RunCommandAsync(FormatTags.OmitCollectionUrl, "vc", "scorch", SourcesDirectory, "/recursive", "/diff", "/unmapped"); public void SetupProxy(string proxyUrl, string proxyUsername, string proxyPassword) { ArgUtil.File(AppConfigFile, "tf.exe.config"); if (!File.Exists(AppConfigRestoreFile)) { ExecutionContext.Debug("Take snapshot of current appconfig for restore modified appconfig."); File.Copy(AppConfigFile, AppConfigRestoreFile); } else { // cleanup any appconfig changes from previous build. CleanupProxySetting(); } if (!string.IsNullOrEmpty(proxyUrl)) { XmlDocument appConfig = new XmlDocument(); using (var appConfigStream = new FileStream(AppConfigFile, FileMode.Open, FileAccess.Read)) { appConfig.Load(appConfigStream); } var configuration = appConfig.SelectSingleNode("configuration"); ArgUtil.NotNull(configuration, "configuration"); var exist_defaultProxy = appConfig.SelectSingleNode("configuration/system.net/defaultProxy"); if (exist_defaultProxy == null) { var system_net = appConfig.SelectSingleNode("configuration/system.net"); if (system_net == null) { ExecutionContext.Debug("Create system.net section in appconfg."); system_net = appConfig.CreateElement("system.net"); } ExecutionContext.Debug("Create defaultProxy section in appconfg."); var defaultProxy = appConfig.CreateElement("defaultProxy"); defaultProxy.SetAttribute("useDefaultCredentials", "True"); ExecutionContext.Debug("Create proxy section in appconfg."); var proxy = appConfig.CreateElement("proxy"); proxy.SetAttribute("proxyaddress", proxyUrl); defaultProxy.AppendChild(proxy); system_net.AppendChild(defaultProxy); configuration.AppendChild(system_net); using (var appConfigStream = new FileStream(AppConfigFile, FileMode.Open, FileAccess.ReadWrite)) { appConfig.Save(appConfigStream); } } else { //proxy setting exist. ExecutionContext.Debug("Proxy setting already exist in app.config file."); } // when tf.exe talk to any devfabric site, it will always bypass proxy. // for testing, we need set this variable to let tf.exe hit the proxy server on devfabric. if (Endpoint.Url.Host.Contains(".me.tfsallin.net") || Endpoint.Url.Host.Contains(".vsts.me")) { ExecutionContext.Debug("Set TFS_BYPASS_PROXY_ON_LOCAL on devfabric."); AdditionalEnvironmentVariables["TFS_BYPASS_PROXY_ON_LOCAL"] = "0"; } } } public void SetupClientCertificate(string clientCert, string clientCertKey, string clientCertArchive, string clientCertPassword) { ArgUtil.File(clientCert, nameof(clientCert)); // Pass null for password to maintain original behavior (certificate without password) X509Certificate2 cert = CertificateUtil.LoadCertificate(clientCert, password: null); ExecutionContext.Debug($"Set VstsClientCertificate={cert.Thumbprint} for Tf.exe to support client certificate."); AdditionalEnvironmentVariables["VstsClientCertificate"] = cert.Thumbprint; // Script Tf commands in tasks ExecutionContext.SetVariable("VstsClientCertificate", cert.Thumbprint); } public async Task ShelveAsync(string shelveset, string commentFile, bool move) { ArgUtil.NotNullOrEmpty(shelveset, nameof(shelveset)); ArgUtil.NotNullOrEmpty(commentFile, nameof(commentFile)); // TODO: Remove parameter "move" after last-saved-checkin-metadata problem is fixed properly. if (move) { await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "vc", "shelve", "/move", "/replace", "/recursive", $"/comment:@{commentFile}", shelveset, SourcesDirectory); return; } await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "vc", "shelve", "/saved", "/replace", "/recursive", $"/comment:@{commentFile}", shelveset, SourcesDirectory); } public async Task ShelvesetsAsync(string shelveset) { ArgUtil.NotNullOrEmpty(shelveset, nameof(shelveset)); string xml = await RunPorcelainCommandAsync("vc", "shelvesets", "/format:xml", shelveset); // Deserialize the XML. // The command returns a non-zero exit code if the shelveset is not found. // The assertions performed here should never fail. var serializer = new XmlSerializer(typeof(TFShelvesets)); ArgUtil.NotNullOrEmpty(xml, nameof(xml)); using (var reader = new StringReader(xml)) { var tfShelvesets = serializer.Deserialize(reader) as TFShelvesets; ArgUtil.NotNull(tfShelvesets, nameof(tfShelvesets)); ArgUtil.NotNull(tfShelvesets.Shelvesets, nameof(tfShelvesets.Shelvesets)); ArgUtil.Equal(1, tfShelvesets.Shelvesets.Length, nameof(tfShelvesets.Shelvesets.Length)); return tfShelvesets.Shelvesets[0]; } } public async Task StatusAsync(string localPath) { // It is expected that the caller only invokes this method against the sources root // directory. The "status" subcommand cannot correctly resolve the workspace from the // an unmapped root folder. For example, if a workspace contains only two mappings, // $/foo -> $(build.sourcesDirectory)\foo and $/bar -> $(build.sourcesDirectory)\bar, // then "tf status $(build.sourcesDirectory) /r" will not be able to resolve the workspace. // Therefore, the "localPath" parameter is not actually passed to the "status" subcommand - // the collection URL and workspace name are used instead. ArgUtil.Equal(SourcesDirectory, localPath, nameof(localPath)); string xml = await RunPorcelainCommandAsync("vc", "status", $"/workspace:{WorkspaceName}", "/recursive", "/nodetect", "/format:xml"); var serializer = new XmlSerializer(typeof(TFStatus)); using (var reader = new StringReader(xml ?? string.Empty)) { return serializer.Deserialize(reader) as TFStatus; } } public bool TestEulaAccepted() { throw new NotSupportedException(); } public override async Task TryWorkspaceDeleteAsync(ITfsVCWorkspace workspace) { ArgUtil.NotNull(workspace, nameof(workspace)); try { await RunCommandAsync("vc", "workspace", "/delete", $"{workspace.Name};{workspace.Owner}"); return true; } catch (Exception ex) { ExecutionContext.Warning(ex.Message); return false; } } public async Task UndoAsync(string localPath) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunCommandAsync(FormatTags.OmitCollectionUrl, "vc", "undo", "/recursive", localPath); } public async Task UnshelveAsync(string shelveset, bool failOnNonZeroExitCode = true) { ArgUtil.NotNullOrEmpty(shelveset, nameof(shelveset)); await RunCommandAsync(FormatTags.OmitCollectionUrl, false, failOnNonZeroExitCode, "vc", "unshelve", shelveset); } public async Task WorkfoldCloakAsync(string serverPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); await RunCommandAsync(RetriesOnFailure, "vc", "workfold", "/cloak", $"/workspace:{WorkspaceName}", serverPath); } public async Task WorkfoldMapAsync(string serverPath, string localPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunCommandAsync(RetriesOnFailure, "vc", "workfold", "/map", $"/workspace:{WorkspaceName}", serverPath, localPath); } public async Task WorkfoldUnmapAsync(string serverPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); await RunCommandAsync(RetriesOnFailure, "vc", "workfold", "/unmap", $"/workspace:{WorkspaceName}", serverPath); } public async Task WorkspaceDeleteAsync(ITfsVCWorkspace workspace) { ArgUtil.NotNull(workspace, nameof(workspace)); await RunCommandAsync("vc", "workspace", "/delete", $"{workspace.Name};{workspace.Owner}"); } public async Task WorkspaceNewAsync() { var useServerWorkspace = StringUtil.ConvertToBoolean(ExecutionContext.Variables.GetValueOrDefault("build.useserverworkspaces")?.Value ?? "false"); ExecutionContext.Debug($"useServerWorkspace is set to : '{useServerWorkspace}'"); if (useServerWorkspace) { await RunCommandAsync(RetriesOnFailure, "vc", "workspace", "/new", "/location:server", "/permission:Public", WorkspaceName); } else { await RunCommandAsync(RetriesOnFailure, "vc", "workspace", "/new", "/location:local", "/permission:Public", WorkspaceName); } } public async Task WorkspacesAsync(bool matchWorkspaceNameOnAnyComputer = false) { // Build the args. var args = new List(); args.Add("vc"); args.Add("workspaces"); if (matchWorkspaceNameOnAnyComputer) { args.Add(WorkspaceName); args.Add($"/computer:*"); } args.Add("/format:xml"); // Run the command. string xml = await RunPorcelainCommandAsync(RetriesOnFailure, args.ToArray()) ?? string.Empty; // Deserialize the XML. var serializer = new XmlSerializer(typeof(TFWorkspaces)); using (var reader = new StringReader(xml)) { return (serializer.Deserialize(reader) as TFWorkspaces) ?.Workspaces ?.Cast() .ToArray(); } } public override async Task WorkspacesRemoveAsync(ITfsVCWorkspace workspace) { ArgUtil.NotNull(workspace, nameof(workspace)); await RunCommandAsync("vc", "workspace", $"/remove:{workspace.Name};{workspace.Owner}"); } } //////////////////////////////////////////////////////////////////////////////// // tf shelvesets data objects //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "Shelvesets", Namespace = "")] public sealed class TFShelvesets { [XmlElement(ElementName = "Shelveset", Namespace = "")] public TFShelveset[] Shelvesets { get; set; } } public sealed class TFShelveset : ITfsVCShelveset { // Attributes. [XmlAttribute(AttributeName = "date", Namespace = "")] public string Date { get; set; } [XmlAttribute(AttributeName = "name", Namespace = "")] public string Name { get; set; } [XmlAttribute(AttributeName = "owner", Namespace = "")] public string Owner { get; set; } // Elements. [XmlElement(ElementName = "Comment", Namespace = "")] public string Comment { get; set; } } //////////////////////////////////////////////////////////////////////////////// // tf status data objects. //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "Status", Namespace = "")] public sealed class TFStatus : ITfsVCStatus { // Elements. [XmlElement(ElementName = "PendingSet", Namespace = "")] public TFPendingSet[] PendingSets { get; set; } // Interface-only properties. [XmlIgnore] public IEnumerable AllAdds { get { return PendingSets ?.SelectMany(x => x.PendingChanges ?? new TFPendingChange[0]) .Where(x => (x.ChangeType ?? string.Empty).Split(' ').Any(y => string.Equals(y, "Add", StringComparison.OrdinalIgnoreCase))); } } [XmlIgnore] public bool HasPendingChanges => PendingSets?.Any(x => x.PendingChanges?.Any() ?? false) ?? false; } public sealed class TFPendingSet { // Attributes. [XmlAttribute(AttributeName = "computer", Namespace = "")] public string Computer { get; set; } [XmlAttribute(AttributeName = "name", Namespace = "")] public string Name { get; set; } [XmlAttribute(AttributeName = "owner", Namespace = "")] public string Owner { get; set; } [XmlAttribute(AttributeName = "ownerdisp", Namespace = "")] public string OwnerDisplayName { get; set; } [XmlAttribute(AttributeName = "ownership", Namespace = "")] public string Ownership { get; set; } // Elements. [XmlArray(ElementName = "PendingChanges", Namespace = "")] [XmlArrayItem(ElementName = "PendingChange", Namespace = "")] public TFPendingChange[] PendingChanges { get; set; } } public sealed class TFPendingChange : ITfsVCPendingChange { // Attributes. [XmlAttribute(AttributeName = "chg", Namespace = "")] public string ChangeType { get; set; } [XmlAttribute(AttributeName = "date", Namespace = "")] public string Date { get; set; } [XmlAttribute(AttributeName = "enc", Namespace = "")] public string Encoding { get; set; } [XmlAttribute(AttributeName = "hash", Namespace = "")] public string Hash { get; set; } [XmlAttribute(AttributeName = "item", Namespace = "")] public string Item { get; set; } [XmlAttribute(AttributeName = "itemid", Namespace = "")] public string ItemId { get; set; } [XmlAttribute(AttributeName = "local", Namespace = "")] public string LocalItem { get; set; } [XmlAttribute(AttributeName = "pcid", Namespace = "")] public string PCId { get; set; } [XmlAttribute(AttributeName = "psn", Namespace = "")] public string Psn { get; set; } [XmlAttribute(AttributeName = "pso", Namespace = "")] public string Pso { get; set; } [XmlAttribute(AttributeName = "psod", Namespace = "")] public string Psod { get; set; } [XmlAttribute(AttributeName = "srcitem", Namespace = "")] public string SourceItem { get; set; } [XmlAttribute(AttributeName = "svrfm", Namespace = "")] public string Svrfm { get; set; } [XmlAttribute(AttributeName = "type", Namespace = "")] public string Type { get; set; } [XmlAttribute(AttributeName = "uhash", Namespace = "")] public string UHash { get; set; } [XmlAttribute(AttributeName = "ver", Namespace = "")] public string Version { get; set; } } //////////////////////////////////////////////////////////////////////////////// // tf workspaces data objects. //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "Workspaces", Namespace = "")] public sealed class TFWorkspaces { [XmlElement(ElementName = "Workspace", Namespace = "")] public TFWorkspace[] Workspaces { get; set; } } public sealed class TFWorkspace : ITfsVCWorkspace { // Attributes. [XmlAttribute(AttributeName = "computer", Namespace = "")] public string Computer { get; set; } [XmlAttribute(AttributeName = "islocal", Namespace = "")] public string IsLocal { get; set; } [XmlAttribute(AttributeName = "name", Namespace = "")] public string Name { get; set; } [XmlAttribute(AttributeName = "owner", Namespace = "")] public string Owner { get; set; } [XmlAttribute(AttributeName = "ownerdisp", Namespace = "")] public string OwnerDisplayName { get; set; } [XmlAttribute(AttributeName = "ownerid", Namespace = "")] public string OwnerId { get; set; } [XmlAttribute(AttributeName = "ownertype", Namespace = "")] public string OwnerType { get; set; } [XmlAttribute(AttributeName = "owneruniq", Namespace = "")] public string OwnerUnique { get; set; } // Elements. [XmlArray(ElementName = "Folders", Namespace = "")] [XmlArrayItem(ElementName = "WorkingFolder", Namespace = "")] public TFMapping[] TFMappings { get; set; } // Interface-only properties. [XmlIgnore] public ITfsVCMapping[] Mappings => TFMappings?.Cast().ToArray(); } public sealed class TFMapping : ITfsVCMapping { [XmlIgnore] public bool Cloak => string.Equals(Type, "Cloak", StringComparison.OrdinalIgnoreCase); [XmlAttribute(AttributeName = "depth", Namespace = "")] public string Depth { get; set; } [XmlAttribute(AttributeName = "local", Namespace = "")] public string LocalPath { get; set; } [XmlIgnore] public bool Recursive => !string.Equals(Depth, "1", StringComparison.OrdinalIgnoreCase); [XmlAttribute(AttributeName = "item", Namespace = "")] public string ServerPath { get; set; } [XmlAttribute(AttributeName = "type", Namespace = "")] public string Type { get; set; } } } ================================================ FILE: src/Agent.Plugins/TeeCliManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text; using System.Threading; using System.Threading.Tasks; using System.Xml.Serialization; using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Plugins.Repository { public sealed class TeeCliManager : TfsVCCliManager, ITfsVCCliManager { public override TfsVCFeatures Features => TfsVCFeatures.Eula; protected override string Switch => "-"; public static readonly int RetriesOnFailure = 3; public string FilePath => Path.Combine(ExecutionContext.Variables.GetValueOrDefault("agent.homedirectory")?.Value, "externals", "tee", "tf"); // TODO: Remove AddAsync after last-saved-checkin-metadata problem is fixed properly. public async Task AddAsync(string localPath) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "add", localPath); } public void CleanupProxySetting() { // no-op for TEE. } public async Task EulaAsync() { await RunCommandAsync(FormatTags.All, "eula", "-accept"); } public async Task GetAsync(string localPath, bool quiet = false) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunCommandAsync(FormatTags.OmitCollectionUrl, quiet, 3, "get", $"-version:{SourceVersion}", "-recursive", "-overwrite", localPath); } public string ResolvePath(string serverPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); string localPath = RunPorcelainCommandAsync("resolvePath", $"-workspace:{WorkspaceName}", serverPath).GetAwaiter().GetResult(); localPath = localPath?.Trim(); // Paths outside of the root mapping return empty. // Paths within a cloaked directory return "null". if (string.IsNullOrEmpty(localPath) || string.Equals(localPath, "null", StringComparison.OrdinalIgnoreCase)) { return string.Empty; } return localPath; } public Task ScorchAsync() { throw new NotSupportedException(); } public void SetupProxy(string proxyUrl, string proxyUsername, string proxyPassword) { if (!string.IsNullOrEmpty(proxyUrl)) { Uri proxy = UrlUtil.GetCredentialEmbeddedUrl(new Uri(proxyUrl), proxyUsername, proxyPassword); AdditionalEnvironmentVariables["http_proxy"] = proxy.AbsoluteUri; } } public void SetupClientCertificate(string clientCert, string clientCertKey, string clientCertArchive, string clientCertPassword) { ExecutionContext.Debug("Convert client certificate from 'pkcs' format to 'jks' format."); string toolPath = WhichUtil.Which("keytool", true, ExecutionContext); string jksFile = Path.Combine(ExecutionContext.Variables.GetValueOrDefault("agent.tempdirectory")?.Value, $"{Guid.NewGuid()}.jks"); string argLine; if (!string.IsNullOrEmpty(clientCertPassword)) { argLine = $"-importkeystore -srckeystore \"{clientCertArchive}\" -srcstoretype pkcs12 -destkeystore \"{jksFile}\" -deststoretype JKS -srcstorepass \"{clientCertPassword}\" -deststorepass \"{clientCertPassword}\""; } else { argLine = $"-importkeystore -srckeystore \"{clientCertArchive}\" -srcstoretype pkcs12 -destkeystore \"{jksFile}\" -deststoretype JKS"; } ExecutionContext.Command($"{toolPath} {argLine}"); using (var processInvoker = new ProcessInvoker(ExecutionContext)) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { if (!string.IsNullOrEmpty(args.Data)) { ExecutionContext.Output(args.Data); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { if (!string.IsNullOrEmpty(args.Data)) { ExecutionContext.Output(args.Data); } }; processInvoker.ExecuteAsync(ExecutionContext.Variables.GetValueOrDefault("system.defaultworkingdirectory")?.Value, toolPath, argLine, null, true, CancellationToken.None).GetAwaiter().GetResult(); if (!string.IsNullOrEmpty(clientCertPassword)) { ExecutionContext.Debug($"Set TF_ADDITIONAL_JAVA_ARGS=-Djavax.net.ssl.keyStore={jksFile} -Djavax.net.ssl.keyStorePassword={clientCertPassword}"); AdditionalEnvironmentVariables["TF_ADDITIONAL_JAVA_ARGS"] = $"-Djavax.net.ssl.keyStore={jksFile} -Djavax.net.ssl.keyStorePassword={clientCertPassword}"; } else { ExecutionContext.Debug($"Set TF_ADDITIONAL_JAVA_ARGS=-Djavax.net.ssl.keyStore={jksFile}"); AdditionalEnvironmentVariables["TF_ADDITIONAL_JAVA_ARGS"] = $"-Djavax.net.ssl.keyStore={jksFile}"; } } } public async Task ShelveAsync(string shelveset, string commentFile, bool move) { ArgUtil.NotNullOrEmpty(shelveset, nameof(shelveset)); ArgUtil.NotNullOrEmpty(commentFile, nameof(commentFile)); // TODO: Remove parameter move after last-saved-checkin-metadata problem is fixed properly. if (move) { await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "shelve", $"-workspace:{WorkspaceName}", "-move", "-replace", "-recursive", $"-comment:@{commentFile}", shelveset); return; } await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "shelve", $"-workspace:{WorkspaceName}", "-saved", "-replace", "-recursive", $"-comment:@{commentFile}", shelveset); } public async Task ShelvesetsAsync(string shelveset) { ArgUtil.NotNullOrEmpty(shelveset, nameof(shelveset)); string output = await RunPorcelainCommandAsync("shelvesets", "-format:xml", $"-workspace:{WorkspaceName}", shelveset); string xml = ExtractXml(output); // Deserialize the XML. // The command returns a non-zero exit code if the shelveset is not found. // The assertions performed here should never fail. var serializer = new XmlSerializer(typeof(TeeShelvesets)); ArgUtil.NotNullOrEmpty(xml, nameof(xml)); using (var reader = new StringReader(xml)) { var teeShelvesets = serializer.Deserialize(reader) as TeeShelvesets; ArgUtil.NotNull(teeShelvesets, nameof(teeShelvesets)); ArgUtil.NotNull(teeShelvesets.Shelvesets, nameof(teeShelvesets.Shelvesets)); ArgUtil.Equal(1, teeShelvesets.Shelvesets.Length, nameof(teeShelvesets.Shelvesets.Length)); return teeShelvesets.Shelvesets[0]; } } public async Task StatusAsync(string localPath) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); string output = await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "status", "-recursive", "-nodetect", "-format:xml", localPath); string xml = ExtractXml(output); var serializer = new XmlSerializer(typeof(TeeStatus)); using (var reader = new StringReader(xml ?? string.Empty)) { return serializer.Deserialize(reader) as TeeStatus; } } public bool TestEulaAccepted() { // Resolve the path to the XML file containing the EULA-accepted flag. string homeDirectory = Environment.GetEnvironmentVariable("HOME"); if (!string.IsNullOrEmpty(homeDirectory) && Directory.Exists(homeDirectory)) { string tfDataDirectory = (PlatformUtil.RunningOnMacOS) ? Path.Combine("Library", "Application Support", "Microsoft") : ".microsoft"; string xmlFile = Path.Combine( homeDirectory, tfDataDirectory, "Team Foundation", "4.0", "Configuration", "TEE-Mementos", "com.microsoft.tfs.client.productid.xml"); if (File.Exists(xmlFile)) { // Load and deserialize the XML. string xml = File.ReadAllText(xmlFile, Encoding.UTF8); XmlSerializer serializer = new XmlSerializer(typeof(ProductIdData)); using (var reader = new StringReader(xml ?? string.Empty)) { var data = serializer.Deserialize(reader) as ProductIdData; return string.Equals(data?.Eula?.Value ?? string.Empty, "true", StringComparison.OrdinalIgnoreCase); } } } return false; } public override async Task TryWorkspaceDeleteAsync(ITfsVCWorkspace workspace) { ArgUtil.NotNull(workspace, nameof(workspace)); try { await RunCommandAsync("workspace", "-delete", $"{workspace.Name};{workspace.Owner}"); return true; } catch (Exception ex) { ExecutionContext.Warning(ex.Message); return false; } } public async Task UndoAsync(string localPath) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunCommandAsync(FormatTags.OmitCollectionUrl, "undo", "-recursive", localPath); } public async Task UnshelveAsync(string shelveset, bool failOnNonZeroExitCode = true) { ArgUtil.NotNullOrEmpty(shelveset, nameof(shelveset)); await RunCommandAsync(FormatTags.OmitCollectionUrl, false, failOnNonZeroExitCode, "unshelve", "-format:detailed", $"-workspace:{WorkspaceName}", shelveset); } public async Task WorkfoldCloakAsync(string serverPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); await RunCommandAsync(3, "workfold", "-cloak", $"-workspace:{WorkspaceName}", serverPath); } public async Task WorkfoldMapAsync(string serverPath, string localPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunCommandAsync(3, "workfold", "-map", $"-workspace:{WorkspaceName}", serverPath, localPath); } public Task WorkfoldUnmapAsync(string serverPath) { throw new NotSupportedException(); } public async Task WorkspaceDeleteAsync(ITfsVCWorkspace workspace) { ArgUtil.NotNull(workspace, nameof(workspace)); await RunCommandAsync("workspace", "-delete", $"{workspace.Name};{workspace.Owner}"); } public async Task WorkspaceNewAsync() { await RunCommandAsync("workspace", "-new", "-location:local", "-permission:Public", WorkspaceName); } public async Task WorkspacesAsync(bool matchWorkspaceNameOnAnyComputer = false) { // Build the args. var args = new List(); args.Add("workspaces"); if (matchWorkspaceNameOnAnyComputer) { args.Add(WorkspaceName); args.Add($"-computer:*"); } args.Add("-format:xml"); // Run the command. TfsVCPorcelainCommandResult result = await TryRunPorcelainCommandAsync(FormatTags.None, RetriesOnFailure, args.ToArray()); ArgUtil.NotNull(result, nameof(result)); if (result.Exception != null) { // Check if the workspace name was specified and the command returned exit code 1. if (matchWorkspaceNameOnAnyComputer && result.Exception.ExitCode == 1) { // Ignore the error. This condition can indicate the workspace was not found. return new ITfsVCWorkspace[0]; } // Dump the output and throw. result.Output?.ForEach(x => ExecutionContext.Output(x ?? string.Empty)); throw result.Exception; } // Note, string.join gracefully handles a null element within the IEnumerable. string output = string.Join(Environment.NewLine, result.Output ?? new List()) ?? string.Empty; string xml = ExtractXml(output); // Deserialize the XML. var serializer = new XmlSerializer(typeof(TeeWorkspaces)); using (var reader = new StringReader(xml)) { return (serializer.Deserialize(reader) as TeeWorkspaces) ?.Workspaces ?.Cast() .ToArray(); } } public override async Task WorkspacesRemoveAsync(ITfsVCWorkspace workspace) { ArgUtil.NotNull(workspace, nameof(workspace)); await RunCommandAsync("workspace", $"-remove:{workspace.Name};{workspace.Owner}"); } private static string ExtractXml(string output) { // tf commands that output XML, may contain information messages preceeding the XML content. // // For example, the workspaces subcommand returns a non-XML message preceeding the XML when there are no workspaces. // // Also for example, when JAVA_TOOL_OPTIONS is set, a message like "Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8" // may preceed the XML content. output = output ?? string.Empty; int xmlIndex = output.IndexOf(" 0) { return output.Substring(xmlIndex); } return output; } //////////////////////////////////////////////////////////////////////////////// // Product ID data objects (required for testing whether the EULA has been accepted). //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "ProductIdData", Namespace = "")] public sealed class ProductIdData { [XmlElement(ElementName = "eula-14.0", Namespace = "")] public Eula Eula { get; set; } } public sealed class Eula { [XmlAttribute(AttributeName = "value", Namespace = "")] public string Value { get; set; } } } //////////////////////////////////////////////////////////////////////////////// // tf shelvesets data objects //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "shelvesets", Namespace = "")] public sealed class TeeShelvesets { [XmlElement(ElementName = "shelveset", Namespace = "")] public TeeShelveset[] Shelvesets { get; set; } } public sealed class TeeShelveset : ITfsVCShelveset { [XmlAttribute(AttributeName = "date", Namespace = "")] public string Date { get; set; } [XmlAttribute(AttributeName = "name", Namespace = "")] public string Name { get; set; } [XmlAttribute(AttributeName = "owner", Namespace = "")] public string Owner { get; set; } [XmlElement(ElementName = "comment", Namespace = "")] public string Comment { get; set; } } //////////////////////////////////////////////////////////////////////////////// // tf status data objects. //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "status", Namespace = "")] public sealed class TeeStatus : ITfsVCStatus { // Elements. [XmlArray(ElementName = "candidate-pending-changes", Namespace = "")] [XmlArrayItem(ElementName = "pending-change", Namespace = "")] public TeePendingChange[] CandidatePendingChanges { get; set; } [XmlArray(ElementName = "pending-changes", Namespace = "")] [XmlArrayItem(ElementName = "pending-change", Namespace = "")] public TeePendingChange[] PendingChanges { get; set; } // Interface-only properties. [XmlIgnore] public IEnumerable AllAdds { get { return PendingChanges?.Where(x => string.Equals(x.ChangeType, "add", StringComparison.OrdinalIgnoreCase)); } } [XmlIgnore] public bool HasPendingChanges => PendingChanges?.Any() ?? false; } public sealed class TeePendingChange : ITfsVCPendingChange { [XmlAttribute(AttributeName = "change-type", Namespace = "")] public string ChangeType { get; set; } [XmlAttribute(AttributeName = "computer", Namespace = "")] public string Computer { get; set; } [XmlAttribute(AttributeName = "date", Namespace = "")] public string Date { get; set; } [XmlAttribute(AttributeName = "file-type", Namespace = "")] public string FileType { get; set; } [XmlAttribute(AttributeName = "local-item", Namespace = "")] public string LocalItem { get; set; } [XmlAttribute(AttributeName = "lock", Namespace = "")] public string Lock { get; set; } [XmlAttribute(AttributeName = "owner", Namespace = "")] public string Owner { get; set; } [XmlAttribute(AttributeName = "server-item", Namespace = "")] public string ServerItem { get; set; } [XmlAttribute(AttributeName = "version", Namespace = "")] public string Version { get; set; } [XmlAttribute(AttributeName = "workspace", Namespace = "")] public string Workspace { get; set; } } //////////////////////////////////////////////////////////////////////////////// // tf workspaces data objects. //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "workspaces", Namespace = "")] public sealed class TeeWorkspaces { [XmlElement(ElementName = "workspace", Namespace = "")] public TeeWorkspace[] Workspaces { get; set; } } public sealed class TeeWorkspace : ITfsVCWorkspace { // Attributes. [XmlAttribute(AttributeName = "server", Namespace = "")] public string CollectionUrl { get; set; } [XmlAttribute(AttributeName = "comment", Namespace = "")] public string Comment { get; set; } [XmlAttribute(AttributeName = "computer", Namespace = "")] public string Computer { get; set; } [XmlAttribute(AttributeName = "name", Namespace = "")] public string Name { get; set; } [XmlAttribute(AttributeName = "owner", Namespace = "")] public string Owner { get; set; } // Elements. [XmlElement(ElementName = "working-folder", Namespace = "")] public TeeMapping[] TeeMappings { get; set; } // Interface-only properties. [XmlIgnore] public ITfsVCMapping[] Mappings => TeeMappings?.Cast().ToArray(); } public sealed class TeeMapping : ITfsVCMapping { [XmlIgnore] public bool Cloak => string.Equals(MappingType, "cloak", StringComparison.OrdinalIgnoreCase); [XmlAttribute(AttributeName = "depth", Namespace = "")] public string Depth { get; set; } [XmlAttribute(AttributeName = "local-item", Namespace = "")] public string LocalPath { get; set; } [XmlAttribute(AttributeName = "type", Namespace = "")] public string MappingType { get; set; } [XmlIgnore] public bool Recursive => string.Equals(Depth, "full", StringComparison.OrdinalIgnoreCase); [XmlAttribute(AttributeName = "server-item")] public string ServerPath { get; set; } } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/ClientFactory.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.WebApi; namespace Agent.Plugins.Log.TestFilePublisher { public interface IClientFactory { /// /// Access any pipeline client through factory /// T GetClient() where T : VssHttpClientBase; } public class ClientFactory : IClientFactory { public ClientFactory(VssConnection vssConnection) { _vssConnection = vssConnection; } /// public T GetClient() where T : VssHttpClientBase { return _vssConnection.GetClient(); } private readonly VssConnection _vssConnection; } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/Finder/ITestFileFinder.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.Threading.Tasks; namespace Agent.Plugins.Log.TestFilePublisher { public interface ITestFileFinder { Task> FindAsync(IList patterns); } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/Finder/TestFileFinder.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading.Tasks; namespace Agent.Plugins.Log.TestFilePublisher { public class TestFileFinder : ITestFileFinder { private readonly IList _searchFolders; public TestFileFinder(IList searchFolders) { _searchFolders = searchFolders; } public async Task> FindAsync(IList patterns) { return await Task.Run(() => Find(patterns)); } protected virtual IEnumerable GetFiles(string path, string[] searchPatterns, SearchOption searchOption = SearchOption.AllDirectories) { return searchPatterns.AsParallel() .SelectMany(searchPattern => Directory.EnumerateFiles(path, searchPattern, searchOption)); } protected IEnumerable Find(IList patterns) { var files = Enumerable.Empty(); if (!_searchFolders.Any() || !patterns.Any()) { return files; } var testResultFiles = Enumerable.Empty(); testResultFiles = _searchFolders.AsParallel().Aggregate(testResultFiles, (current, folder) => current.Union(GetFiles(folder, patterns.ToArray()))); return testResultFiles; } } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/PipelineConfig.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Agent.Plugins.Log.TestFilePublisher { public class PipelineConfig { public Guid ProjectGuid { get; set; } public string ProjectName { get; set; } public int BuildId { get; set; } public string BuildUri { get; set; } public IList SearchFolders { get; } = new List(); public IList Patterns { get; } = new List(); public string StageName { get; set; } public string PhaseName { get; set; } public string JobName { get; set; } public int StageAttempt { get; set; } public int PhaseAttempt { get; set; } public int JobAttempt { get; set; } } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/Plugin/TestFilePublisherLogPlugin.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Net.Sockets; using System.Threading.Tasks; using Agent.Plugins.Log.TestResultParser.Contracts; using Agent.Sdk.Util; using Agent.Sdk; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Agent.Plugins.Log.TestFilePublisher { public class TestFilePublisherLogPlugin : IAgentLogPlugin { /// public string FriendlyName => "TestFilePublisher"; public TestFilePublisherLogPlugin() { // Default constructor } /// /// For UTs only /// public TestFilePublisherLogPlugin(ITraceLogger logger, ITelemetryDataCollector telemetry, ITestFilePublisher testFilePublisher) { _logger = logger; _telemetry = telemetry; _testFilePublisher = testFilePublisher; } /// public async Task InitializeAsync(IAgentLogPluginContext context) { try { _logger = _logger ?? new TraceLogger(context); _telemetry = _telemetry ?? new TelemetryDataCollector(new ClientFactory(context.VssConnection), _logger); await PopulatePipelineConfig(context); if (DisablePlugin(context)) { _telemetry.AddOrUpdate(TelemetryConstants.PluginDisabled, true); await _telemetry.PublishCumulativeTelemetryAsync(); return false; // disable the plugin } _testFilePublisher = _testFilePublisher ?? new TestFilePublisher(context.VssConnection, PipelineConfig, new TestFileTraceListener(context), _logger, _telemetry); await _testFilePublisher.InitializeAsync(); _telemetry.AddOrUpdate(TelemetryConstants.PluginInitialized, true); } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, context.VssConnection.Uri.ToString(), _logger.Warning); if (_telemetry != null) { _telemetry.AddOrUpdate(TelemetryConstants.PluginDisabled, true); _telemetry.AddOrUpdate(TelemetryConstants.InitializeFailed, ex); await _telemetry.PublishCumulativeTelemetryAsync(); } return false; } catch (Exception ex) { context.Trace(ex.ToString()); _logger?.Warning($"Unable to initialize {FriendlyName}."); if (_telemetry != null) { _telemetry.AddOrUpdate(TelemetryConstants.PluginDisabled, true); _telemetry.AddOrUpdate(TelemetryConstants.InitializeFailed, ex); await _telemetry.PublishCumulativeTelemetryAsync(); } return false; } return true; } /// public async Task ProcessLineAsync(IAgentLogPluginContext context, Pipelines.TaskStepDefinitionReference step, string line) { await Task.CompletedTask; } /// public async Task FinalizeAsync(IAgentLogPluginContext context) { using (var timer = new SimpleTimer("Finalize", _logger, TimeSpan.FromMinutes(2), new TelemetryDataWrapper(_telemetry, TelemetryConstants.FinalizeAsync))) { try { await _testFilePublisher.PublishAsync(); } catch (Exception ex) { _logger.Info($"Error: {ex}"); _telemetry.AddOrUpdate("FailedToPublishTestRuns", ex); } } await _telemetry.PublishCumulativeTelemetryAsync(); } /// /// Return true if plugin needs to be disabled /// private bool DisablePlugin(IAgentLogPluginContext context) { // do we want to log that the plugin is disabled due to x reason here? if (context.Variables.TryGetValue("Agent.ForceEnable.TestFilePublisherLogPlugin", out var forceEnable) && string.Equals("true", forceEnable.Value, StringComparison.OrdinalIgnoreCase)) { return false; } // Enable only for build if (!context.Variables.TryGetValue("system.hosttype", out var hostType) || !string.Equals("Build", hostType.Value, StringComparison.OrdinalIgnoreCase)) { _telemetry.AddOrUpdate("PluginDisabledReason", hostType?.Value); return true; } // Disable for on-prem if (!context.Variables.TryGetValue("system.servertype", out var serverType) || !string.Equals("Hosted", serverType.Value, StringComparison.OrdinalIgnoreCase)) { _telemetry.AddOrUpdate("PluginDisabledReason", serverType?.Value); return true; } // check for PTR task or some other tasks to enable/disable if (context.Steps == null) { _telemetry.AddOrUpdate("PluginDisabledReason", "NoSteps"); return true; } if (context.Steps.Any(x => x.Id.Equals(new Guid("0B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1")) || x.Id.Equals(new Guid("AC4EE482-65DA-4485-A532-7B085873E532")) || x.Id.Equals(new Guid("8D8EEBD8-2B94-4C97-85AF-839254CC6DA4")))) { _telemetry.AddOrUpdate("PluginDisabledReason", "ExplicitPublishTaskPresent"); return true; } if (PipelineConfig.BuildId == 0) { _telemetry.AddOrUpdate("PluginDisabledReason", "BuildIdZero"); return true; } if (!PipelineConfig.Patterns.Any()) { _telemetry.AddOrUpdate("PluginDisabledReason", "PatternIsEmpty"); return true; } if (!PipelineConfig.SearchFolders.Any()) { _telemetry.AddOrUpdate("PluginDisabledReason", "SearchFolderIsEmpty"); return true; } return false; } private async Task PopulatePipelineConfig(IAgentLogPluginContext context) { var props = new Dictionary(); if (context.Variables.TryGetValue("system.teamProject", out var projectName)) { PipelineConfig.ProjectName = projectName.Value; _telemetry.AddOrUpdate("ProjectName", PipelineConfig.ProjectName); props.Add("ProjectName", PipelineConfig.ProjectName); } if (context.Variables.TryGetValue("build.buildId", out var buildIdVar) && int.TryParse(buildIdVar.Value, out var buildId)) { PipelineConfig.BuildId = buildId; _telemetry.AddOrUpdate("BuildId", PipelineConfig.BuildId); props.Add("BuildId", PipelineConfig.BuildId); } if (context.Variables.TryGetValue("system.stageName", out var stageName)) { PipelineConfig.StageName = stageName.Value; _telemetry.AddOrUpdate("StageName", stageName.Value); props.Add("StageName", stageName.Value); } if (context.Variables.TryGetValue("system.stageAttempt", out var stageAttemptVar) && int.TryParse(stageAttemptVar.Value, out var stageAttempt)) { PipelineConfig.StageAttempt = stageAttempt; _telemetry.AddOrUpdate("StageAttempt", stageAttempt); props.Add("StageAttempt", stageAttempt); } if (context.Variables.TryGetValue("system.phaseName", out var phaseName)) { PipelineConfig.PhaseName = phaseName.Value; _telemetry.AddOrUpdate("PhaseName", phaseName.Value); props.Add("PhaseName", phaseName.Value); } if (context.Variables.TryGetValue("system.phaseAttempt", out var phaseAttemptVar) && int.TryParse(phaseAttemptVar.Value, out var phaseAttempt)) { PipelineConfig.PhaseAttempt = phaseAttempt; _telemetry.AddOrUpdate("PhaseAttempt", phaseAttempt); props.Add("PhaseAttempt", phaseAttempt); } if (context.Variables.TryGetValue("system.jobName", out var jobName)) { PipelineConfig.JobName = jobName.Value; _telemetry.AddOrUpdate("JobName", jobName.Value); props.Add("JobName", jobName.Value); } if (context.Variables.TryGetValue("system.jobAttempt", out var jobAttemptVar) && int.TryParse(jobAttemptVar.Value, out var jobAttempt)) { PipelineConfig.JobAttempt = jobAttempt; _telemetry.AddOrUpdate("JobAttempt", jobAttempt); props.Add("JobAttempt", jobAttempt); } if (context.Variables.TryGetValue("system.definitionid", out var buildDefinitionId)) { _telemetry.AddOrUpdate("BuildDefinitionId", buildDefinitionId.Value); props.Add("BuildDefinitionId", buildDefinitionId.Value); } if (context.Variables.TryGetValue("build.Repository.name", out var repositoryName)) { _telemetry.AddOrUpdate("RepositoryName", repositoryName.Value); props.Add("RepositoryName", repositoryName.Value); } if (context.Variables.TryGetValue("agent.version", out var agentVersion)) { _telemetry.AddOrUpdate("AgentVersion", agentVersion.Value); props.Add("AgentVersion", agentVersion.Value); } if (context.Variables.TryGetValue("agent.testfilepublisher.pattern", out var pattern) && !string.IsNullOrWhiteSpace(pattern.Value)) { PopulateSearchPatterns(context, pattern.Value); props.Add("SearchPatterns", string.Join(",", PipelineConfig.Patterns)); } if (context.Variables.TryGetValue("agent.testfilepublisher.searchfolders", out var searchFolders) && !string.IsNullOrWhiteSpace(searchFolders.Value)) { PopulateSearchFolders(context, searchFolders.Value); props.Add("SearchFolders", string.Join(",", PipelineConfig.SearchFolders)); } // Publish the initial telemetry event in case we are not able to fire the cumulative one for whatever reason await _telemetry.PublishTelemetryAsync("TestFilePublisherInitialize", props); } private void PopulateSearchFolders(IAgentLogPluginContext context, string searchFolders) { var folderVariables = searchFolders.Split(","); foreach (var folderVar in folderVariables) { if (context.Variables.TryGetValue(folderVar, out var folderValue)) { PipelineConfig.SearchFolders.Add(folderValue.Value); } } } private void PopulateSearchPatterns(IAgentLogPluginContext context, string searchPattern) { var patterns = searchPattern.Split(","); foreach (var pattern in patterns) { PipelineConfig.Patterns.Add(pattern); } } private ITraceLogger _logger; private ITelemetryDataCollector _telemetry; private ITestFilePublisher _testFilePublisher; public readonly PipelineConfig PipelineConfig = new PipelineConfig(); } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/SimpleTimer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Diagnostics; using Agent.Plugins.Log.TestResultParser.Contracts; namespace Agent.Plugins.Log.TestFilePublisher { /// /// This is a utitily class used for recording timing /// information. Its usage is /// using (SimpleTimer timer = new SimpleTimer("MyOperation")) /// { /// MyOperation... /// } /// public class SimpleTimer : IDisposable { /// /// Creates a timer with threshold. A perf message is logged only if /// the time elapsed is more than the threshold. /// public SimpleTimer(string timerName, ITraceLogger logger, TimeSpan threshold, TelemetryDataWrapper telemetryWrapper) { _name = timerName; _logger = logger; _threshold = threshold; _telemetryWrapper = telemetryWrapper; _timer = Stopwatch.StartNew(); } /// /// Implement IDisposable /// public void Dispose() { Dispose(true); } /// /// Stop the watch and log the trace message with the elapsed time. /// Additionaly also adds the elapsed time to telemetry under the timer nam /// public void StopAndLog() { _timer.Stop(); _telemetryWrapper.AddAndAggregate(_timer.Elapsed.TotalMilliseconds); } protected virtual void Dispose(bool disposing) { if (_disposed) return; if (disposing) { StopAndLog(); } _disposed = true; } #region private variables. private bool _disposed; private ITraceLogger _logger; private TelemetryDataWrapper _telemetryWrapper; private readonly Stopwatch _timer; private readonly string _name; private readonly TimeSpan _threshold; #endregion } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/Telemetry/TelemetryConstants.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Plugins.Log.TestFilePublisher { public class TelemetryConstants { public const string PluginInitialized = "PluginInitialized"; public const string PluginDisabled = "PluginDisabled"; public const string Exceptions = "Exceptions"; public const string FinalizeAsync = "FinalizeAsync"; public const string FindTestFilesAsync = "FindTestFilesAsync"; public const string InitializeFailed = "InitializeFailed"; public const string PublishTestRunDataAsync = "PublishTestRunDataAsync"; public const string ParseTestResultFiles = "ParseTestResultFiles"; public const string StageName = "StageName"; public const string StageAttempt = "StageAttempt"; public const string PhaseName = "PhaseName"; public const string PhaseAttempt = "PhaseAttempt"; public const string JobName = "JobName"; public const string JobAttempt = "JobAttempt"; } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/Telemetry/TelemetryDataCollector.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT license. See LICENSE file in the project root for full license information. using System; using System.Collections; using System.Collections.Concurrent; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Agent.Plugins.Log.TestResultParser.Contracts; using Microsoft.VisualStudio.Services.CustomerIntelligence.WebApi; using Microsoft.VisualStudio.Services.WebPlatform; namespace Agent.Plugins.Log.TestFilePublisher { public class TelemetryDataCollector : ITelemetryDataCollector { private readonly ITraceLogger _logger; private readonly CustomerIntelligenceHttpClient _httpClient; private const string CumulativeTelemetryFeatureName = "ConsolidatedTelemetry"; private readonly object publishLockNode = new object(); private ConcurrentDictionary _properties = new ConcurrentDictionary(); public string Area => "TestFilePublisher"; public TelemetryDataCollector(IClientFactory clientFactory, ITraceLogger logger) { _logger = logger; _httpClient = clientFactory.GetClient(); } public void AddOrUpdate(string property, object value, string subArea = null) { var propertKey = !string.IsNullOrEmpty(subArea) ? $"{subArea}:{property}" : property; try { _properties[propertKey] = value; } catch (Exception e) { _logger.Warning($"TelemetryDataCollector : AddOrUpdate : Failed to add {value} with key {propertKey} due to {e}"); } } /// public void AddAndAggregate(string property, object value, string subArea = null) { var propertKey = !string.IsNullOrEmpty(subArea) ? $"{subArea}:{property}" : property; try { // If key does not exist or aggregate option is false add value blindly if (!_properties.ContainsKey(propertKey)) { _properties[propertKey] = value; return; } // If key exists and the value is a list, assume that existing value is a list and concat them if (value is IList) { foreach (var element in (value as IList)) { (_properties[propertKey] as IList).Add(element); } return; } // If key exists and is a list add new items to list if (_properties[propertKey] is IList) { (_properties[propertKey] as IList).Add(value); return; } // If the key exists and value is integer or double arithmetically add them if (_properties[propertKey] is int) { _properties[propertKey] = (int)_properties[propertKey] + (int)value; } else if (_properties[propertKey] is double) { _properties[propertKey] = (double)_properties[propertKey] + (double)value; } else { // If unknown type just blindly set value _properties[propertKey] = value; } } catch (Exception e) { _logger.Warning($"TelemetryDataCollector : AddAndAggregate : Failed to add {value} with key {propertKey} due to {e}"); } } public Task PublishCumulativeTelemetryAsync() { try { lock (publishLockNode) { var ciEvent = new CustomerIntelligenceEvent { Area = Area, Feature = CumulativeTelemetryFeatureName, Properties = _properties.ToDictionary(entry => entry.Key, entry => entry.Value) }; // This is to ensure that the single ci event is never fired more than once. _properties.Clear(); return _httpClient.PublishEventsAsync(new[] { ciEvent }); } } catch (Exception e) { _logger.Verbose($"TelemetryDataCollector : PublishCumulativeTelemetryAsync : Failed to publish telemtry due to {e}"); } return Task.CompletedTask; } /// public Task PublishTelemetryAsync(string feature, Dictionary properties) { try { var ciEvent = new CustomerIntelligenceEvent { Area = Area, Feature = feature, Properties = properties }; return _httpClient.PublishEventsAsync(new[] { ciEvent }); } catch (Exception e) { _logger.Verbose($"TelemetryDataCollector : PublishTelemetryAsync : Failed to publish telemtry due to {e}"); } return Task.CompletedTask; } } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/Telemetry/TelemetryDataWrapper.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Plugins.Log.TestResultParser.Contracts; namespace Agent.Plugins.Log.TestFilePublisher { public class TelemetryDataWrapper { public TelemetryDataWrapper(ITelemetryDataCollector telemetry, string telemetryEventName, string telemetrySubArea = null) { telemetryDataCollector = telemetry; this.telemetryEventName = telemetryEventName; this.telemetrySubArea = telemetrySubArea; } public void AddAndAggregate(object value) { telemetryDataCollector.AddAndAggregate(telemetryEventName, value, telemetrySubArea); } private string telemetrySubArea; public string telemetryEventName; public ITelemetryDataCollector telemetryDataCollector; } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/TestFilePublisher.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Diagnostics; using System.Linq; using System.Threading; using System.Threading.Tasks; using Agent.Plugins.Log.TestResultParser.Contracts; using Microsoft.TeamFoundation.TestClient.PublishTestResults; using Microsoft.VisualStudio.Services.WebApi; using ITestResultParser = Microsoft.TeamFoundation.TestClient.PublishTestResults.ITestResultParser; using ITestRunPublisher = Microsoft.TeamFoundation.TestClient.PublishTestResults.ITestRunPublisher; namespace Agent.Plugins.Log.TestFilePublisher { public interface ITestFilePublisher { Task InitializeAsync(); Task PublishAsync(); } public class TestFilePublisher : ITestFilePublisher { private readonly VssConnection _vssConnection; private readonly PipelineConfig _pipelineConfig; private readonly TraceListener _traceListener; private readonly ITraceLogger _logger; private readonly ITelemetryDataCollector _telemetry; private ITestFileFinder _testFileFinder; private ITestResultParser _testResultParser; private ITestRunPublisher _testRunPublisher; public TestFilePublisher(VssConnection vssConnection, PipelineConfig pipelineConfig, TraceListener traceListener, ITraceLogger logger, ITelemetryDataCollector telemetry) { _traceListener = traceListener; _vssConnection = vssConnection; _pipelineConfig = pipelineConfig; _logger = logger; _telemetry = telemetry; } public TestFilePublisher(VssConnection vssConnection, PipelineConfig pipelineConfig, TraceListener traceListener, ITraceLogger logger, ITelemetryDataCollector telemetry, ITestFileFinder testFileFinder, ITestResultParser testResultParser, ITestRunPublisher testRunPublisher) : this(vssConnection, pipelineConfig, traceListener, logger, telemetry) { _testFileFinder = testFileFinder; _testResultParser = testResultParser; _testRunPublisher = testRunPublisher; } public async Task InitializeAsync() { await Task.Run(() => Initialize()); } public async Task PublishAsync() { var testResultFiles = new List(); IList testData; var testRunContext = new TestRunContextBuilder("JUnit test results") .WithBuildId(_pipelineConfig.BuildId) .WithBuildUri(_pipelineConfig.BuildUri) .WithStageName(_pipelineConfig.StageName) .WithStageAttempt(_pipelineConfig.StageAttempt) .WithPhaseName(_pipelineConfig.PhaseName) .WithPhaseAttempt(_pipelineConfig.PhaseAttempt) .WithJobName(_pipelineConfig.JobName) .WithJobAttempt(_pipelineConfig.JobAttempt) .Build(); using (new SimpleTimer(TelemetryConstants.FindTestFilesAsync, _logger, TimeSpan.FromSeconds(60), new TelemetryDataWrapper(_telemetry, TelemetryConstants.FindTestFilesAsync))) { try { testResultFiles.AddRange(await FindTestFilesAsync()); _logger.Info($"Number of files found with matching pattern {testResultFiles.Count}"); } catch (Exception ex) { _logger.Info($"Error: {ex.Message}"); _telemetry.AddOrUpdate("FindTestFilesError", ex); } } _telemetry.AddOrUpdate("NumberOfTestFilesFound", testResultFiles.Count); if (!testResultFiles.Any()) { _logger.Info("No test result files are found"); return; } using (new SimpleTimer(TelemetryConstants.ParseTestResultFiles, _logger, TimeSpan.FromSeconds(60), new TelemetryDataWrapper(_telemetry, TelemetryConstants.ParseTestResultFiles))) { testData = _testResultParser.ParseTestResultFiles(testRunContext, testResultFiles).GetTestRunData(); _logger.Info($"Successfully parsed {testData?.Count} files"); _telemetry.AddOrUpdate("NumberOfTestFilesRead", testData?.Count); } if (testData == null || !testData.Any()) { _logger.Info("No valid Junit test result files are found which can be parsed"); return; } using (new SimpleTimer(TelemetryConstants.PublishTestRunDataAsync, _logger, TimeSpan.FromSeconds(60), new TelemetryDataWrapper(_telemetry, TelemetryConstants.PublishTestRunDataAsync))) { var publishedRuns = await _testRunPublisher.PublishTestRunDataAsync(testRunContext, _pipelineConfig.ProjectName, testData, new PublishOptions(), new CancellationToken()); if (publishedRuns != null) { _logger.Info($"Successfully published {publishedRuns.Count} runs"); _telemetry.AddOrUpdate("NumberOfTestRunsPublished", publishedRuns.Count); _telemetry.AddOrUpdate("TestRunIds", string.Join(",", publishedRuns.Select(x => x.Id))); } else { _telemetry.AddOrUpdate("NumberOfTestRunsPublished", 0); } } } protected async Task> FindTestFilesAsync() { return await _testFileFinder.FindAsync(_pipelineConfig.Patterns); } private void Initialize() { _testFileFinder = _testFileFinder ?? new TestFileFinder(_pipelineConfig.SearchFolders); _testResultParser = _testResultParser ?? new JUnitResultParser(_traceListener); _testRunPublisher = _testRunPublisher ?? new TestRunPublisher(_vssConnection, _traceListener); } } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/TestRunContextBuilder.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.TestClient.PublishTestResults; using Microsoft.TeamFoundation.TestManagement.WebApi; namespace Agent.Plugins.Log.TestFilePublisher { public interface ITestRunContextBuilder { TestRunContextBuilder WithBuildId(int buildId); TestRunContextBuilder WithBuildUri(string buildUri); } public class TestRunContextBuilder : ITestRunContextBuilder { private int _buildId; private string _buildUri; private readonly string _testRunName; private string _stageName; private int _stageAttempt; private string _phaseName; private int _phaseAttempt; private string _jobName; private int _jobAttempt; public TestRunContextBuilder(string testRunName) { _testRunName = testRunName; } public TestRunContext Build() { TestRunContext testRunContext = new TestRunContext(owner: string.Empty, platform: string.Empty, configuration: string.Empty, buildId: _buildId, buildUri: _buildUri, releaseUri: null, releaseEnvironmentUri: null, runName: _testRunName, testRunSystem: "NoConfigRun", buildAttachmentProcessor: null, targetBranchName: null); testRunContext.PipelineReference = new PipelineReference() { PipelineId = _buildId, StageReference = new StageReference() { StageName = _stageName, Attempt = _stageAttempt }, PhaseReference = new PhaseReference() { PhaseName = _phaseName, Attempt = _phaseAttempt }, JobReference = new JobReference() { JobName = _jobName, Attempt = _jobAttempt } }; return testRunContext; } public TestRunContextBuilder WithBuildId(int buildId) { _buildId = buildId; return this; } public TestRunContextBuilder WithBuildUri(string buildUri) { _buildUri = buildUri; return this; } public TestRunContextBuilder WithStageName(string stageName) { _stageName = stageName; return this; } public TestRunContextBuilder WithStageAttempt(int stageAttempt) { _stageAttempt = stageAttempt; return this; } public TestRunContextBuilder WithPhaseName(string phaseName) { _phaseName = phaseName; return this; } public TestRunContextBuilder WithPhaseAttempt(int phaseAttempt) { _phaseAttempt = phaseAttempt; return this; } public TestRunContextBuilder WithJobName(string jobName) { _jobName = jobName; return this; } public TestRunContextBuilder WithJobAttempt(int jobAttempt) { _jobAttempt = jobAttempt; return this; } } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/TraceListener.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Diagnostics; using Agent.Sdk; namespace Agent.Plugins.Log.TestFilePublisher { public class TestFileTraceListener : TraceListener { private readonly IAgentLogPluginContext _context; public TestFileTraceListener(IAgentLogPluginContext context) { _context = context; } public override void Write(string message) { //ignoring this as this contains trash info } public override void WriteLine(string message) { _context.Output(message); } } } ================================================ FILE: src/Agent.Plugins/TestFilePublisher/TraceLogger.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Plugins.Log.TestResultParser.Contracts; using Agent.Sdk; namespace Agent.Plugins.Log.TestFilePublisher { public class TraceLogger : ITraceLogger { public TraceLogger(IAgentLogPluginContext context) { _context = context; _context.Variables.TryGetValue("system.debug", out var systemDebug); if (string.Equals(systemDebug?.Value, "true", System.StringComparison.OrdinalIgnoreCase)) { _debug = true; } } #region interface implementation /// void ITraceLogger.Warning(string text) { _context.Output($"Warning: {text}"); } /// void ITraceLogger.Error(string error) { _context.Output($"Error: {error}"); } /// void ITraceLogger.Verbose(string text) { if (_debug) { _context.Output($"Debug: {text}"); } } /// void ITraceLogger.Info(string text) { _context.Output(text); } #endregion private readonly IAgentLogPluginContext _context; private readonly bool _debug; } } ================================================ FILE: src/Agent.Plugins/TestResultParser/Bus/IBus.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Agent.Plugins.Log.TestResultParser.Plugin { public interface IBus { /// /// Subscribe to Message Bus to receive messages via Pub-Sub model /// Guid Subscribe(Action handlerAction); /// /// Unsubscribe to Message Bus so that subscriber no longer receives messages /// void Unsubscribe(Guid subscriptionId); } } ================================================ FILE: src/Agent.Plugins/TestResultParser/ClientFactory.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.WebApi; namespace Agent.Plugins.Log.TestResultParser.Plugin { public interface IClientFactory { /// /// Access any pipeline client through factory /// T GetClient() where T : VssHttpClientBase; } public class ClientFactory : IClientFactory { public ClientFactory(VssConnection vssConnection) { _vssConnection = vssConnection; } /// public T GetClient() where T : VssHttpClientBase { return _vssConnection.GetClient(); } private readonly VssConnection _vssConnection; } } ================================================ FILE: src/Agent.Plugins/TestResultParser/Gateway/ILogParserGateway.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Threading.Tasks; using Agent.Plugins.Log.TestResultParser.Contracts; namespace Agent.Plugins.Log.TestResultParser.Plugin { public interface ILogParserGateway { /// /// Register all parsers which needs to parse the task console stream /// Task InitializeAsync(IClientFactory clientFactory, IPipelineConfig pipelineConfig, ITraceLogger traceLogger, ITelemetryDataCollector telemetry); /// /// Process the task output data /// Task ProcessDataAsync(string data); /// /// Complete parsing the data /// Task CompleteAsync(); } } ================================================ FILE: src/Agent.Plugins/TestResultParser/Gateway/ILogPreProcessor.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Plugins.Log.TestResultParser.Plugin { public interface ILogPreProcessor { /// /// Pre processes the data performing sanitization operations if any before /// sending it over to the parsers /// string ProcessData(string data); } } ================================================ FILE: src/Agent.Plugins/TestResultParser/Gateway/LogParserGateway.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Concurrent; using System.Linq; using System.Threading.Tasks; using System.Threading.Tasks.Dataflow; using Agent.Plugins.Log.TestResultParser.Contracts; namespace Agent.Plugins.Log.TestResultParser.Plugin { public class LogParserGateway : ILogParserGateway, IBus { /// public async Task InitializeAsync(IClientFactory clientFactory, IPipelineConfig pipelineConfig, ITraceLogger traceLogger, ITelemetryDataCollector telemetry) { await Task.Run(() => { _logger = traceLogger; _telemetry = telemetry; var publisher = new PipelineTestRunPublisher(clientFactory, pipelineConfig, _logger, _telemetry); _testRunManager = new TestRunManager(publisher, _logger, _telemetry); var parsers = ParserFactory.GetTestResultParsers(_testRunManager, traceLogger, _telemetry).ToList(); _telemetry.AddOrUpdate(TelemetryConstants.ParserCount, parsers.Count); foreach (var parser in parsers) { // Subscribe parsers to Pub-Sub model Subscribe(parser.Parse); } }); } /// public async Task ProcessDataAsync(string data) { var logData = new LogData { Line = logPreProcessor.ProcessData(data), LineNumber = ++_counter }; // If the preprocesor deems the line as unnecessary to send to the parsers // it returns null. In which case we would like to return after just // incrementing the line number for book keeping if (logData.Line == null) { return; } await _broadcast.SendAsync(logData); } /// public async Task CompleteAsync() { try { _telemetry.AddOrUpdate(TelemetryConstants.TotalLines, _counter); _broadcast.Complete(); Task.WaitAll(_subscribers.Values.Select(x => x.Completion).ToArray()); using (var timer = new SimpleTimer("TestRunManagerFinalize", _logger, new TelemetryDataWrapper(_telemetry, TelemetryConstants.TestRunManagerEventArea, TelemetryConstants.FinalizeAsync), TimeSpan.FromMilliseconds(Int32.MaxValue))) { await _testRunManager.FinalizeAsync(); } } catch (Exception ex) { _logger?.Warning($"Failed to finish the complete operation: {ex}"); } } /// public Guid Subscribe(Action handlerAction) { var handler = new ActionBlock(handlerAction); _broadcast.LinkTo(handler, new DataflowLinkOptions { PropagateCompletion = true }); return AddSubscription(handler); } /// public void Unsubscribe(Guid subscriptionId) { if (_subscribers.TryRemove(subscriptionId, out var subscription)) { subscription.Complete(); } } private Guid AddSubscription(ITargetBlock subscription) { var subscriptionId = Guid.NewGuid(); _subscribers.TryAdd(subscriptionId, subscription); return subscriptionId; } private ILogPreProcessor logPreProcessor = new LogPreProcessor(); private readonly BroadcastBlock _broadcast = new BroadcastBlock(message => message); private readonly ConcurrentDictionary> _subscribers = new ConcurrentDictionary>(); private int _counter = 0; private ITraceLogger _logger; private ITelemetryDataCollector _telemetry; private ITestRunManager _testRunManager; } } ================================================ FILE: src/Agent.Plugins/TestResultParser/Gateway/LogPreProcessor.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Plugins.Log.TestResultParser.Plugin { public class LogPreProcessor : ILogPreProcessor { /// /// Strips away the prefixed ##[error] from lines written to the error stream /// Additionally also returns null if the line was identified to be a debug, command /// or section log line /// public string ProcessData(string data) { if (data.StartsWith(debugLogPrefix)) { return null; } if (data.StartsWith(errorLogPrefix)) { return data.Substring(errorLogPrefix.Length); } if (data.StartsWith(warningLogPrefix)) { return null; } if (data.StartsWith(commandLogPrefix)) { return null; } if (data.StartsWith(sectionLogPrefix)) { return null; } return data; } private const string debugLogPrefix = "##[debug]"; private const string errorLogPrefix = "##[error]"; private const string warningLogPrefix = "##[warning]"; private const string commandLogPrefix = "##[command]"; private const string sectionLogPrefix = "##[section]"; } } ================================================ FILE: src/Agent.Plugins/TestResultParser/IEnumerableExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.Linq; namespace Agent.Plugins.Log.TestResultParser.Plugin { public static class EnumerableExtension { public static IEnumerable> Batch(this IEnumerable source, int size) { TSource[] bucket = null; var count = 0; foreach (var item in source) { if (bucket == null) bucket = new TSource[size]; bucket[count++] = item; if (count != size) continue; yield return bucket; bucket = null; count = 0; } if (bucket != null && count > 0) yield return bucket.Take(count); } } } ================================================ FILE: src/Agent.Plugins/TestResultParser/ParserFactory.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Reflection; using Agent.Plugins.Log.TestResultParser.Contracts; namespace Agent.Plugins.Log.TestResultParser.Plugin { public class ParserFactory { public static IEnumerable GetTestResultParsers(ITestRunManager testRunManager, ITraceLogger logger, ITelemetryDataCollector telemetry) { var currentDir = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); var dllFile = new FileInfo(Path.Combine(currentDir, "Agent.Plugins.Log.TestResultParser.Parser.dll")); Assembly.LoadFrom(dllFile.FullName); var interfaceType = typeof(AbstractTestResultParser); return AppDomain.CurrentDomain.GetAssemblies() .SelectMany((x) => { try { return x.GetTypes(); } catch { // Skipping issues with assemblies load via reflection - since there are some issues with 'Microsoft.VisualStudio.Services.Agent', although this assembly is not relevant here return new Type[0]; } }) .Where(x => interfaceType.IsAssignableFrom(x) && !x.IsInterface && !x.IsAbstract) .Select(x => (AbstractTestResultParser)Activator.CreateInstance(x, testRunManager, logger, telemetry)); } } } ================================================ FILE: src/Agent.Plugins/TestResultParser/PipelineConfig.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Plugins.Log.TestResultParser.Contracts; namespace Agent.Plugins.Log.TestResultParser.Plugin { public class PipelineConfig : IPipelineConfig { public Guid Project { get; set; } public int BuildId { get; set; } public String StageName { get; set; } public int StageAttempt { get; set; } public String PhaseName { get; set; } public int PhaseAttempt { get; set; } public String JobName { get; set; } public int JobAttempt { get; set; } } } ================================================ FILE: src/Agent.Plugins/TestResultParser/PipelineTestRun.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Plugins.Log.TestResultParser.Contracts; namespace Agent.Plugins.Log.TestResultParser.Plugin { public class PipelineTestRun : TestRun { public PipelineTestRun(string parserUri, string runNamePrefix, int testRunId, int tcmTestRunId) : base(parserUri, runNamePrefix, testRunId) { TcmTestRunId = tcmTestRunId; } public int TcmTestRunId { get; } } } ================================================ FILE: src/Agent.Plugins/TestResultParser/PipelineTestRunPublisher.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Agent.Plugins.Log.TestResultParser.Contracts; using Microsoft.TeamFoundation.TestManagement.WebApi; using Microsoft.VisualStudio.Services.TestResults.WebApi; using TestOutcome = Microsoft.TeamFoundation.TestManagement.WebApi.TestOutcome; using TestRun = Agent.Plugins.Log.TestResultParser.Contracts.TestRun; namespace Agent.Plugins.Log.TestResultParser.Plugin { public class PipelineTestRunPublisher : ITestRunPublisher { public PipelineTestRunPublisher(IClientFactory clientFactory, IPipelineConfig pipelineConfig, ITraceLogger logger, ITelemetryDataCollector telemetry) { _logger = logger; _telemetry = telemetry; _pipelineConfig = pipelineConfig; _httpClient = clientFactory.GetClient(); } /// public async Task PublishAsync(TestRun testRun) { using (var timer = new SimpleTimer("PublishTestRun", _logger, new TelemetryDataWrapper(_telemetry, TelemetryConstants.PipelineTestRunPublisherEventArea, TelemetryConstants.PublishTestRun), TimeSpan.FromMilliseconds(int.MaxValue))) { var runCreateModel = new RunCreateModel(name: testRun.TestRunName, buildId: _pipelineConfig.BuildId, state: TestRunState.InProgress.ToString(), isAutomated: true, type: RunType.NoConfigRun.ToString()); runCreateModel.PipelineReference = new PipelineReference() { PipelineId = _pipelineConfig.BuildId, StageReference = new StageReference() { StageName = _pipelineConfig.StageName, Attempt = _pipelineConfig.StageAttempt }, PhaseReference = new PhaseReference() { PhaseName = _pipelineConfig.PhaseName, Attempt = _pipelineConfig.PhaseAttempt }, JobReference = new JobReference() { JobName = _pipelineConfig.JobName, Attempt = _pipelineConfig.JobAttempt } }; // Create the test run on the server var run = await _httpClient.CreateTestRunAsync(runCreateModel, _pipelineConfig.Project); _logger.Info($"PipelineTestRunPublisher : PublishAsync : Created test run with id {run.Id}."); _telemetry.AddAndAggregate(TelemetryConstants.TestRunIds, new List { run.Id }, TelemetryConstants.PipelineTestRunPublisherEventArea); _telemetry.AddAndAggregate($"{testRun.ParserUri.Split('/')[0]}RunsCount", 1, TelemetryConstants.PipelineTestRunPublisherEventArea); // Populate test reulsts var testResults = new List(); foreach (var passedTest in testRun.PassedTests) { testResults.Add(new TestCaseResult { TestCaseTitle = passedTest.Name, AutomatedTestName = passedTest.Name, DurationInMs = passedTest.ExecutionTime.TotalMilliseconds, State = "Completed", AutomatedTestType = "NoConfig", Outcome = TestOutcome.Passed.ToString() }); } foreach (var failedTest in testRun.FailedTests) { testResults.Add(new TestCaseResult { TestCaseTitle = failedTest.Name, AutomatedTestName = failedTest.Name, DurationInMs = failedTest.ExecutionTime.TotalMilliseconds, State = "Completed", AutomatedTestType = "NoConfig", Outcome = TestOutcome.Failed.ToString(), StackTrace = failedTest.StackTrace }); } foreach (var skippedTest in testRun.SkippedTests) { testResults.Add(new TestCaseResult { TestCaseTitle = skippedTest.Name, AutomatedTestName = skippedTest.Name, DurationInMs = skippedTest.ExecutionTime.TotalMilliseconds, State = "Completed", AutomatedTestType = "NoConfig", Outcome = TestOutcome.NotExecuted.ToString() }); } var batchedResults = testResults.Batch(BatchSize); foreach (var batch in batchedResults) { // Update the run with test results await _httpClient.AddTestResultsToTestRunAsync(batch.ToArray(), _pipelineConfig.Project, run.Id); } var runUpdateModel = new RunUpdateModel(state: TestRunState.Completed.ToString()) { RunSummary = new List() }; runUpdateModel.RunSummary.Add(new RunSummaryModel(resultCount: testRun.TestRunSummary.TotalFailed, testOutcome: TestOutcome.Failed)); runUpdateModel.RunSummary.Add(new RunSummaryModel(resultCount: testRun.TestRunSummary.TotalPassed, testOutcome: TestOutcome.Passed)); runUpdateModel.RunSummary.Add(new RunSummaryModel(resultCount: testRun.TestRunSummary.TotalSkipped, testOutcome: TestOutcome.NotExecuted)); // Complete the run await _httpClient.UpdateTestRunAsync(runUpdateModel, _pipelineConfig.Project, run.Id); return new PipelineTestRun(testRun.ParserUri, testRun.RunNamePrefix, testRun.TestRunId, run.Id); } } private readonly TestResultsHttpClient _httpClient; private readonly IPipelineConfig _pipelineConfig; private readonly ITraceLogger _logger; private readonly ITelemetryDataCollector _telemetry; public int BatchSize = 1000; } } ================================================ FILE: src/Agent.Plugins/TestResultParser/Plugin/TestResultLogPlugin.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Net.Sockets; using System.Threading.Tasks; using Agent.Plugins.Log.TestResultParser.Contracts; using Agent.Sdk.Util; using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Agent.Plugins.Log.TestResultParser.Plugin { public class TestResultLogPlugin : IAgentLogPlugin { /// public string FriendlyName => "TestResultLogParser"; public TestResultLogPlugin() { // Default constructor } /// /// For UTs only /// public TestResultLogPlugin(ILogParserGateway inputDataParser, ITraceLogger logger, ITelemetryDataCollector telemetry) { _logger = logger; _telemetry = telemetry; _inputDataParser = inputDataParser; } /// public async Task InitializeAsync(IAgentLogPluginContext context) { try { _logger = _logger ?? new TraceLogger(context); _clientFactory = new ClientFactory(context.VssConnection); _telemetry = _telemetry ?? new TelemetryDataCollector(_clientFactory, _logger); await PopulatePipelineConfig(context); if (DisablePlugin(context)) { _telemetry.AddOrUpdate(TelemetryConstants.PluginDisabled, true); await _telemetry.PublishCumulativeTelemetryAsync(); return false; // disable the plugin } await _inputDataParser.InitializeAsync(_clientFactory, _pipelineConfig, _logger, _telemetry); _telemetry.AddOrUpdate(TelemetryConstants.PluginInitialized, true); } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, context.VssConnection.Uri.ToString(), _logger.Warning); if (_telemetry != null) { _telemetry?.AddOrUpdate(TelemetryConstants.InitializeFailed, ex); await _telemetry.PublishCumulativeTelemetryAsync(); } return false; } catch (Exception ex) { context.Trace(ex.ToString()); _logger?.Warning($"Unable to initialize {FriendlyName}."); if (_telemetry != null) { _telemetry?.AddOrUpdate(TelemetryConstants.InitializeFailed, ex); await _telemetry.PublishCumulativeTelemetryAsync(); } return false; } return true; } /// public async Task ProcessLineAsync(IAgentLogPluginContext context, Pipelines.TaskStepDefinitionReference step, string line) { await _inputDataParser.ProcessDataAsync(line); } /// public async Task FinalizeAsync(IAgentLogPluginContext context) { using (var timer = new SimpleTimer("Finalize", _logger, new TelemetryDataWrapper(_telemetry, TelemetryConstants.FinalizeAsync), TimeSpan.FromMilliseconds(Int32.MaxValue))) { await _inputDataParser.CompleteAsync(); } await _telemetry.PublishCumulativeTelemetryAsync(); } /// /// Return true if plugin needs to be disabled /// private bool DisablePlugin(IAgentLogPluginContext context) { // do we want to log that the plugin is disabled due to x reason here? if (context.Variables.TryGetValue("Agent.ForceEnable.TestResultLogPlugin", out var forceEnableTestResultParsers) && string.Equals("true", forceEnableTestResultParsers.Value, StringComparison.OrdinalIgnoreCase)) { return false; } // Enable only for build if (!context.Variables.TryGetValue("system.hosttype", out var hostType) || !string.Equals("Build", hostType.Value, StringComparison.OrdinalIgnoreCase)) { _telemetry.AddOrUpdate("PluginDisabledReason", hostType?.Value); return true; } // Disable for on-prem if (!context.Variables.TryGetValue("system.servertype", out var serverType) || !string.Equals("Hosted", serverType.Value, StringComparison.OrdinalIgnoreCase)) { _telemetry.AddOrUpdate("PluginDisabledReason", serverType?.Value); return true; } // check for PTR task or some other tasks to enable/disable if (context.Steps == null) { _telemetry.AddOrUpdate("PluginDisabledReason", "NoSteps"); return true; } if (context.Steps.Any(x => x.Id.Equals(new Guid("0B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1")))) { _telemetry.AddOrUpdate("PluginDisabledReason", "ExplicitPublishTaskPresent"); return true; } if (_pipelineConfig.BuildId == 0) { _telemetry.AddOrUpdate("PluginDisabledReason", "BuildIdZero"); return true; } return false; } private async Task PopulatePipelineConfig(IAgentLogPluginContext context) { var props = new Dictionary(); if (context.Variables.TryGetValue("system.teamProjectId", out var projectGuid)) { _pipelineConfig.Project = new Guid(projectGuid.Value); _telemetry.AddOrUpdate("ProjectId", _pipelineConfig.Project); props.Add("ProjectId", _pipelineConfig.Project); } if (context.Variables.TryGetValue("build.buildId", out var buildIdVar) && int.TryParse(buildIdVar.Value, out var buildId)) { _pipelineConfig.BuildId = buildId; _telemetry.AddOrUpdate("BuildId", buildId); props.Add("BuildId", buildId); } if (context.Variables.TryGetValue("system.stageName", out var stageName)) { _pipelineConfig.StageName = stageName.Value; _telemetry.AddOrUpdate("StageName", stageName.Value); props.Add("StageName", stageName.Value); } if (context.Variables.TryGetValue("system.stageAttempt", out var stageAttemptVar) && int.TryParse(stageAttemptVar.Value, out var stageAttempt)) { _pipelineConfig.StageAttempt = stageAttempt; _telemetry.AddOrUpdate("StageAttempt", stageAttempt); props.Add("StageAttempt", stageAttempt); } if (context.Variables.TryGetValue("system.phaseName", out var phaseName)) { _pipelineConfig.PhaseName = phaseName.Value; _telemetry.AddOrUpdate("PhaseName", phaseName.Value); props.Add("PhaseName", phaseName.Value); } if (context.Variables.TryGetValue("system.phaseAttempt", out var phaseAttemptVar) && int.TryParse(phaseAttemptVar.Value, out var phaseAttempt)) { _pipelineConfig.PhaseAttempt = phaseAttempt; _telemetry.AddOrUpdate("PhaseAttempt", phaseAttempt); props.Add("PhaseAttempt", phaseAttempt); } if (context.Variables.TryGetValue("system.jobName", out var jobName)) { _pipelineConfig.JobName = jobName.Value; _telemetry.AddOrUpdate("JobName", jobName.Value); props.Add("JobName", jobName.Value); } if (context.Variables.TryGetValue("system.jobAttempt", out var jobAttemptVar) && int.TryParse(jobAttemptVar.Value, out var jobAttempt)) { _pipelineConfig.JobAttempt = jobAttempt; _telemetry.AddOrUpdate("JobAttempt", jobAttempt); props.Add("JobAttempt", jobAttempt); } if (context.Variables.TryGetValue("system.definitionid", out var buildDefinitionId)) { _telemetry.AddOrUpdate("BuildDefinitionId", buildDefinitionId.Value); props.Add("BuildDefinitionId", buildDefinitionId.Value); } if (context.Variables.TryGetValue("build.Repository.name", out var repositoryName)) { _telemetry.AddOrUpdate("RepositoryName", repositoryName.Value); props.Add("RepositoryName", repositoryName.Value); } if (context.Variables.TryGetValue("agent.version", out var agentVersion)) { _telemetry.AddOrUpdate("AgentVersion", agentVersion.Value); props.Add("AgentVersion", agentVersion.Value); } // Publish the initial telemetry event in case we are not able to fire the cumulative one for whatever reason await _telemetry.PublishTelemetryAsync("TestResultParserInitialize", props); } private readonly ILogParserGateway _inputDataParser = new LogParserGateway(); private IClientFactory _clientFactory; private ITraceLogger _logger; private ITelemetryDataCollector _telemetry; private readonly IPipelineConfig _pipelineConfig = new PipelineConfig(); } } ================================================ FILE: src/Agent.Plugins/TestResultParser/SimpleTimer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Diagnostics; using Agent.Plugins.Log.TestResultParser.Contracts; namespace Agent.Plugins.Log.TestResultParser.Plugin { /// /// This is a utitily class used for recording timing /// information. Its usage is /// using (SimpleTimer timer = new SimpleTimer("MyOperation")) /// { /// MyOperation... /// } /// public class SimpleTimer : IDisposable { /// /// Creates a timer with threshold. A perf message is logged only if /// the time elapsed is more than the threshold. /// public SimpleTimer(string timerName, ITraceLogger logger, TelemetryDataWrapper telemetryWrapper, TimeSpan threshold) { _name = timerName; _logger = logger; _threshold = threshold; _telemetryWrapper = telemetryWrapper; _timer = Stopwatch.StartNew(); } /// /// Implement IDisposable /// public void Dispose() { Dispose(true); } /// /// Stop the watch and log the trace message with the elapsed time. /// Additionaly also adds the elapsed time to telemetry under the timer nam /// public void StopAndLog() { _timer.Stop(); _telemetryWrapper.AddAndAggregate(_timer.Elapsed.TotalMilliseconds); } protected virtual void Dispose(bool disposing) { if (_disposed) return; if (disposing) { StopAndLog(); } _disposed = true; } #region private variables. private bool _disposed; private ITraceLogger _logger; private TelemetryDataWrapper _telemetryWrapper; private readonly Stopwatch _timer; private readonly string _name; private readonly TimeSpan _threshold; #endregion } } ================================================ FILE: src/Agent.Plugins/TestResultParser/Telemetry/TelemetryConstants.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Plugins.Log.TestResultParser.Plugin { public class TelemetryConstants { public const string PluginInitialized = "PluginInitialized"; public const string ParserCount = "ParserCount"; public const string TotalLines = "TotalLines"; public const string PluginDisabled = "PluginDisabled"; public const string ProjectId = "ProjectId"; public const string BuildId = "BuildId"; public const string StageName = "StageName"; public const string StageAttempt = "StageAttempt"; public const string PhaseName = "PhaseName"; public const string PhaseAttempt = "PhaseAttempt"; public const string JobName = "JobName"; public const string JobAttempt = "JobAttempt"; public const string TotalRunsDetected = "TotalRunsDetected"; public const string ValidRunsDetected = "ValidRunsDetected"; public const string Exceptions = "Exceptions"; public const string TestRunManagerEventArea = "TestRunManager"; public const string PipelineTestRunPublisherEventArea = "PipelineTestRunPublisher"; public const string RunSummaryNull = "RunSummaryNull"; public const string TotalTestsZero = "TotalTestsZero"; public const string PassedCountMismatch = "PassedCountMismatch"; public const string FailedCountMismatch = "FailedCountMismatch"; public const string SkippedCountMismatch = "SkippedCountMismatch"; public const string TestRunIds = "TestRunIds"; public const string PublishTestRun = "PublishTestRun"; public const string FinalizeAsync = "FinalizeAsync"; public const string InitializeFailed = "InitializeFailed"; } } ================================================ FILE: src/Agent.Plugins/TestResultParser/Telemetry/TelemetryDataCollector.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT license. See LICENSE file in the project root for full license information. using System; using System.Collections; using System.Collections.Concurrent; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Agent.Plugins.Log.TestResultParser.Contracts; using Microsoft.VisualStudio.Services.CustomerIntelligence.WebApi; using Microsoft.VisualStudio.Services.WebPlatform; namespace Agent.Plugins.Log.TestResultParser.Plugin { public class TelemetryDataCollector : ITelemetryDataCollector { private readonly ITraceLogger _logger; private readonly CustomerIntelligenceHttpClient _httpClient; private const string CumulativeTelemetryFeatureName = "ConsolidatedTelemetry"; private readonly object publishLockNode = new object(); private ConcurrentDictionary _properties = new ConcurrentDictionary(); public string Area => "TestResultParser"; public TelemetryDataCollector(IClientFactory clientFactory, ITraceLogger logger) { _logger = logger; _httpClient = clientFactory.GetClient(); } public void AddOrUpdate(string property, object value, string subArea = null) { var propertKey = !string.IsNullOrEmpty(subArea) ? $"{subArea}:{property}" : property; try { _properties[propertKey] = value; } catch (Exception e) { _logger.Warning($"TelemetryDataCollector : AddOrUpdate : Failed to add {value} with key {propertKey} due to {e}"); } } /// public void AddAndAggregate(string property, object value, string subArea = null) { var propertKey = !string.IsNullOrEmpty(subArea) ? $"{subArea}:{property}" : property; try { // If key does not exist or aggregate option is false add value blindly if (!_properties.ContainsKey(propertKey)) { _properties[propertKey] = value; return; } // If key exists and the value is a list, assume that existing value is a list and concat them if (value is IList) { foreach (var element in (value as IList)) { (_properties[propertKey] as IList).Add(element); } return; } // If key exists and is a list add new items to list if (_properties[propertKey] is IList) { (_properties[propertKey] as IList).Add(value); return; } // If the key exists and value is integer or double arithmetically add them if (_properties[propertKey] is int) { _properties[propertKey] = (int)_properties[propertKey] + (int)value; } else if (_properties[propertKey] is double) { _properties[propertKey] = (double)_properties[propertKey] + (double)value; } else { // If unknown type just blindly set value _properties[propertKey] = value; } } catch (Exception e) { _logger.Warning($"TelemetryDataCollector : AddAndAggregate : Failed to add {value} with key {propertKey} due to {e}"); } } public Task PublishCumulativeTelemetryAsync() { try { lock (publishLockNode) { var ciEvent = new CustomerIntelligenceEvent { Area = Area, Feature = CumulativeTelemetryFeatureName, Properties = _properties.ToDictionary(entry => entry.Key, entry => entry.Value) }; // This is to ensure that the single ci event is never fired more than once. _properties.Clear(); return _httpClient.PublishEventsAsync(new[] { ciEvent }); } } catch (Exception e) { _logger.Verbose($"TelemetryDataCollector : PublishCumulativeTelemetryAsync : Failed to publish telemtry due to {e}"); } return Task.CompletedTask; } /// public Task PublishTelemetryAsync(string feature, Dictionary properties) { try { var ciEvent = new CustomerIntelligenceEvent { Area = Area, Feature = feature, Properties = properties }; return _httpClient.PublishEventsAsync(new[] { ciEvent }); } catch (Exception e) { _logger.Verbose($"TelemetryDataCollector : PublishTelemetryAsync : Failed to publish telemtry due to {e}"); } return Task.CompletedTask; } } } ================================================ FILE: src/Agent.Plugins/TestResultParser/Telemetry/TelemetryDataWrapper.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Plugins.Log.TestResultParser.Contracts; namespace Agent.Plugins.Log.TestResultParser.Plugin { public class TelemetryDataWrapper { public TelemetryDataWrapper(ITelemetryDataCollector telemetry, string telemetryEventName, string telemetrySubArea = null) { telemetryDataCollector = telemetry; this.telemetryEventName = telemetryEventName; this.telemetrySubArea = telemetrySubArea; } public void AddAndAggregate(object value) { telemetryDataCollector.AddAndAggregate(telemetryEventName, value, telemetrySubArea); } private string telemetrySubArea; public string telemetryEventName; public ITelemetryDataCollector telemetryDataCollector; } } ================================================ FILE: src/Agent.Plugins/TestResultParser/TestRunManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT license. See LICENSE file in the project root for full license information. using System; using System.Collections.Generic; using System.Threading.Tasks; using Agent.Plugins.Log.TestResultParser.Contracts; namespace Agent.Plugins.Log.TestResultParser.Plugin { /// public class TestRunManager : ITestRunManager { private readonly ITestRunPublisher _publisher; private readonly ITraceLogger _logger; private readonly ITelemetryDataCollector _telemetry; private readonly List _runningTasks = new List(); /// /// Construct the TestRunManger /// public TestRunManager(ITestRunPublisher testRunPublisher, ITraceLogger logger, ITelemetryDataCollector telemetry) { _publisher = testRunPublisher; _logger = logger; _telemetry = telemetry; } /// /// Publish test run to pipeline /// public async Task PublishAsync(TestRun testRun) { _telemetry.AddAndAggregate(TelemetryConstants.TotalRunsDetected, 1); var validatedTestRun = ValidateAndPrepareForPublish(testRun); if (validatedTestRun != null) { _telemetry.AddAndAggregate(TelemetryConstants.ValidRunsDetected, 1); var task = _publisher.PublishAsync(validatedTestRun); _runningTasks.Add(task); await task; } } /// /// Complete pending test runs /// public async Task FinalizeAsync() { try { await Task.WhenAll(_runningTasks.ToArray()); } catch (Exception ex) { _telemetry.AddAndAggregate(TelemetryConstants.Exceptions, new List { ex }, TelemetryConstants.TestRunManagerEventArea); _logger.Error($"TestRunManager : FinalizeAsync : Failed to complete test run. Error: {ex}"); } } private TestRun ValidateAndPrepareForPublish(TestRun testRun) { if (testRun?.TestRunSummary == null) { _telemetry.AddAndAggregate(TelemetryConstants.RunSummaryNull, 1, TelemetryConstants.TestRunManagerEventArea); _logger.Error("TestRunManger : ValidateAndPrepareForPublish : TestRun or TestRunSummary is null."); return null; } // TotalTests count should always be less than passed and failed test count combined if (testRun.TestRunSummary.TotalTests < testRun.TestRunSummary.TotalFailed + testRun.TestRunSummary.TotalPassed + testRun.TestRunSummary.TotalSkipped) { testRun.TestRunSummary.TotalTests = testRun.TestRunSummary.TotalFailed + testRun.TestRunSummary.TotalPassed + testRun.TestRunSummary.TotalSkipped; } if (testRun.TestRunSummary.TotalTests == 0) { _telemetry.AddAndAggregate(TelemetryConstants.TotalTestsZero, 1, TelemetryConstants.TestRunManagerEventArea); _logger.Error("TestRunManger : ValidateAndPrepareForPublish : No tests found."); return null; } // Match the passed test count and clear the passed tests collection if mismatch occurs if (testRun.TestRunSummary.TotalPassed != testRun.PassedTests?.Count) { _telemetry.AddAndAggregate(TelemetryConstants.PassedCountMismatch, 1, TelemetryConstants.TestRunManagerEventArea); _logger.Warning("TestRunManger : ValidateAndPrepareForPublish : Passed test count does not match the Test summary."); testRun.PassedTests = new List(); } // Match the failed test count and clear the failed tests collection if mismatch occurs if (testRun.TestRunSummary.TotalFailed != testRun.FailedTests?.Count) { _telemetry.AddAndAggregate(TelemetryConstants.FailedCountMismatch, 1, TelemetryConstants.TestRunManagerEventArea); _logger.Warning("TestRunManger : ValidateAndPrepareForPublish : Failed test count does not match the Test summary."); testRun.FailedTests = new List(); } // Match the skipped test count and clear the failed tests collection if mismatch occurs if (testRun.TestRunSummary.TotalSkipped != testRun.SkippedTests?.Count) { _telemetry.AddAndAggregate(TelemetryConstants.SkippedCountMismatch, 1, TelemetryConstants.TestRunManagerEventArea); _logger.Warning("TestRunManger : ValidateAndPrepareForPublish : Skipped test count does not match the Test summary."); testRun.SkippedTests = new List(); } return testRun; } } } ================================================ FILE: src/Agent.Plugins/TestResultParser/TraceLogger.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Plugins.Log.TestResultParser.Contracts; using Agent.Sdk; namespace Agent.Plugins.Log.TestResultParser.Plugin { public class TraceLogger : ITraceLogger { public TraceLogger(IAgentLogPluginContext context) { _context = context; _context.Variables.TryGetValue("system.debug", out var systemDebug); if (string.Equals(systemDebug?.Value, "true", System.StringComparison.OrdinalIgnoreCase)) { _debug = true; } } #region interface implementation /// void ITraceLogger.Warning(string text) { _context.Output($"Warning: {text}"); } /// void ITraceLogger.Error(string error) { _context.Output($"Error: {error}"); } /// void ITraceLogger.Verbose(string text) { if (_debug) { _context.Output($"Debug: {text}"); } } /// void ITraceLogger.Info(string text) { _context.Output(text); } #endregion private readonly IAgentLogPluginContext _context; private readonly bool _debug; } } ================================================ FILE: src/Agent.Plugins/TfsVCCliManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using System.Text; using Agent.Sdk; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; using System.IO; using Agent.Sdk.Knob; using System.Linq; namespace Agent.Plugins.Repository { public abstract class TfsVCCliManager { public readonly Dictionary AdditionalEnvironmentVariables = new Dictionary(); public CancellationToken CancellationToken { protected get; set; } public ServiceEndpoint Endpoint { protected get; set; } public Pipelines.RepositoryResource Repository { protected get; set; } public AgentTaskPluginExecutionContext ExecutionContext { protected get; set; } public abstract TfsVCFeatures Features { get; } public abstract Task TryWorkspaceDeleteAsync(ITfsVCWorkspace workspace); public abstract Task WorkspacesRemoveAsync(ITfsVCWorkspace workspace); protected virtual Encoding OutputEncoding => Encoding.UTF8; protected string SourceVersion { get { string version = Repository.Version; ArgUtil.NotNullOrEmpty(version, nameof(version)); return version; } } protected string SourcesDirectory { get { string sourcesDirectory = Repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); ArgUtil.NotNullOrEmpty(sourcesDirectory, nameof(sourcesDirectory)); return sourcesDirectory; } } protected abstract string Switch { get; } protected string WorkspaceName { get { string workspace = ExecutionContext.Variables.GetValueOrDefault("build.repository.tfvc.workspace")?.Value; ArgUtil.NotNullOrEmpty(workspace, nameof(workspace)); return workspace; } } protected Task RunCommandAsync(params string[] args) { return RunCommandAsync(FormatTags.None, args); } protected Task RunCommandAsync(int retriesOnFailure, params string[] args) { return RunCommandAsync(FormatTags.None, false, retriesOnFailure, args); } protected Task RunCommandAsync(FormatTags formatFlags, params string[] args) { return RunCommandAsync(formatFlags, false, args); } protected Task RunCommandAsync(FormatTags formatFlags, bool quiet, params string[] args) { return RunCommandAsync(formatFlags, quiet, 0, args); } protected async Task RunCommandAsync(FormatTags formatFlags, bool quiet, int retriesOnFailure, params string[] args) { for (int attempt = 0; attempt < retriesOnFailure - 1; attempt++) { int exitCode = await RunCommandAsync(formatFlags, quiet, false, args); if (exitCode == 0) { return; } int sleep = Math.Min(200 * (int)Math.Pow(5, attempt), 30000); ExecutionContext.Output($"Sleeping for {sleep} ms"); await Task.Delay(sleep); // Use attempt+2 since we're using 0 based indexing and we're displaying this for the next attempt. ExecutionContext.Output($@"Retrying. Attempt {attempt + 2}/{retriesOnFailure}"); } // Perform one last try and fail on non-zero exit code await RunCommandAsync(formatFlags, quiet, true, args); } private string WriteCommandToFile(string command) { Guid guid = Guid.NewGuid(); string temporaryName = $"tfs_cmd_{guid}.txt"; using StreamWriter sw = new StreamWriter(Path.Combine(this.SourcesDirectory, temporaryName)); sw.WriteLine(command); return temporaryName; } protected async Task RunCommandAsync(FormatTags formatFlags, bool quiet, bool failOnNonZeroExitCode, params string[] args) { // Validation. ArgUtil.NotNull(args, nameof(args)); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); // Invoke tf. using (var processInvoker = new ProcessInvoker(ExecutionContext)) { var outputLock = new object(); processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { if (quiet) { ExecutionContext.Debug(e.Data); } else { ExecutionContext.Output(e.Data); } } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { ExecutionContext.Output(e.Data); } }; string arguments = FormatArguments(formatFlags, args); bool useSecureParameterPassing = AgentKnobs.TfVCUseSecureParameterPassing.GetValue(ExecutionContext).AsBoolean(); string temporaryFileWithCommand = ""; if (useSecureParameterPassing) { temporaryFileWithCommand = WriteCommandToFile(arguments); arguments = $"@{temporaryFileWithCommand}"; ExecutionContext.Debug($"{AgentKnobs.TfVCUseSecureParameterPassing.Name} is enabled, passing command via file"); } ExecutionContext.Command($@"tf {arguments}"); var result = await processInvoker.ExecuteAsync( workingDirectory: SourcesDirectory, fileName: "tf", arguments: arguments, environment: AdditionalEnvironmentVariables, requireExitCodeZero: failOnNonZeroExitCode, outputEncoding: OutputEncoding, cancellationToken: CancellationToken); if (useSecureParameterPassing) { try { await IOUtil.DeleteFileWithRetry(Path.Combine(this.SourcesDirectory, temporaryFileWithCommand), CancellationToken); } catch (Exception ex) { ExecutionContext.Output($"Unable to delete command file which is used to pass data, ex:{ex.GetType()}"); throw; } } return result; } } protected Task RunPorcelainCommandAsync(FormatTags formatFlags, params string[] args) { return RunPorcelainCommandAsync(formatFlags, 0, args); } protected Task RunPorcelainCommandAsync(params string[] args) { return RunPorcelainCommandAsync(FormatTags.None, 0, args); } protected Task RunPorcelainCommandAsync(int retriesOnFailure, params string[] args) { return RunPorcelainCommandAsync(FormatTags.None, retriesOnFailure, args); } protected async Task RunPorcelainCommandAsync(FormatTags formatFlags, int retriesOnFailure, params string[] args) { // Run the command. TfsVCPorcelainCommandResult result = await TryRunPorcelainCommandAsync(formatFlags, retriesOnFailure, args); ArgUtil.NotNull(result, nameof(result)); if (result.Exception != null) { // The command failed. Dump the output and throw. result.Output?.ForEach(x => ExecutionContext.Output(x ?? string.Empty)); throw result.Exception; } // Return the output. // Note, string.join gracefully handles a null element within the IEnumerable. return string.Join(Environment.NewLine, result.Output ?? new List()); } protected async Task TryRunPorcelainCommandAsync(FormatTags formatFlags, int retriesOnFailure, params string[] args) { var result = await TryRunPorcelainCommandAsync(formatFlags, args); for (int attempt = 0; attempt < retriesOnFailure && result.Exception != null && result.Exception?.ExitCode != 1; attempt++) { ExecutionContext.Warning($"{result.Exception.Message}"); int sleep = Math.Min(200 * (int)Math.Pow(5, attempt), 30000); ExecutionContext.Output($"Sleeping for {sleep} ms before starting {attempt + 1}/{retriesOnFailure} retry"); await Task.Delay(sleep); result = await TryRunPorcelainCommandAsync(formatFlags, args); } return result; } protected async Task TryRunPorcelainCommandAsync(FormatTags formatFlags, params string[] args) { // Validation. ArgUtil.NotNull(args, nameof(args)); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); // Invoke tf. using (var processInvoker = new ProcessInvoker(ExecutionContext)) { var result = new TfsVCPorcelainCommandResult(); var outputLock = new object(); processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { ExecutionContext.Debug(e.Data); result.Output.Add(e.Data); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { ExecutionContext.Debug(e.Data); result.Output.Add(e.Data); } }; string formattedArguments = FormatArguments(formatFlags, args); string arguments = ""; string cmdFileName = ""; bool useSecretParameterPassing = AgentKnobs.TfVCUseSecureParameterPassing.GetValue(ExecutionContext).AsBoolean(); if (useSecretParameterPassing) { cmdFileName = WriteCommandToFile(formattedArguments); arguments = $"@{cmdFileName}"; } else { arguments = formattedArguments; } ExecutionContext.Debug($@"tf {arguments}"); // TODO: Test whether the output encoding needs to be specified on a non-Latin OS. try { await processInvoker.ExecuteAsync( workingDirectory: SourcesDirectory, fileName: "tf", arguments: arguments, environment: AdditionalEnvironmentVariables, requireExitCodeZero: true, outputEncoding: OutputEncoding, cancellationToken: CancellationToken); } catch (ProcessExitCodeException ex) { result.Exception = ex; } if (useSecretParameterPassing) { CleanupTfsVCOutput(ref result, formattedArguments); try { await IOUtil.DeleteFileWithRetry(Path.Combine(this.SourcesDirectory, cmdFileName), CancellationToken); } catch (Exception ex) { ExecutionContext.Output($"Unable to delete command file, ex:{ex.GetType}"); throw; } } return result; } } private void CleanupTfsVCOutput(ref TfsVCPorcelainCommandResult command, string executedCommand) { // tf.exe removes double quotes from the output, we also replace it in the input command to correctly find the extra output List stringsToRemove = command .Output .Where(item => item.Contains(executedCommand.Replace("\"", ""))) .ToList(); command.Output.RemoveAll(item => stringsToRemove.Contains(item)); } private string FormatArguments(FormatTags formatFlags, params string[] args) { // Validation. ArgUtil.NotNull(args, nameof(args)); ArgUtil.NotNull(Endpoint, nameof(Endpoint)); ArgUtil.NotNull(Endpoint.Authorization, nameof(Endpoint.Authorization)); ArgUtil.NotNull(Endpoint.Authorization.Parameters, nameof(Endpoint.Authorization.Parameters)); ArgUtil.Equal(EndpointAuthorizationSchemes.OAuth, Endpoint.Authorization.Scheme, nameof(Endpoint.Authorization.Scheme)); string accessToken = Endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.AccessToken, out accessToken) ? accessToken : null; ArgUtil.NotNullOrEmpty(accessToken, EndpointAuthorizationParameters.AccessToken); ArgUtil.NotNull(Repository.Url, nameof(Repository.Url)); // Format each arg. var formattedArgs = new List(); foreach (string arg in args ?? new string[0]) { // Validate the arg. if (!string.IsNullOrEmpty(arg) && arg.IndexOfAny(new char[] { '"', '\r', '\n' }) >= 0) { throw new Exception(StringUtil.Loc("InvalidCommandArg", arg)); } // Add the arg. formattedArgs.Add(arg != null && arg.Contains(" ") ? $@"""{arg}""" : $"{arg}"); } // Add the common parameters. if (!formatFlags.HasFlag(FormatTags.OmitCollectionUrl)) { if (Features.HasFlag(TfsVCFeatures.EscapedUrl)) { formattedArgs.Add($"{Switch}collection:{Repository.Url.AbsoluteUri}"); } else { // TEE CLC expects the URL in unescaped form. string url; try { url = Uri.UnescapeDataString(Repository.Url.AbsoluteUri); } catch (Exception ex) { // Unlikely (impossible?), but don't fail if encountered. If we don't hear complaints // about this warning then it is likely OK to remove the try/catch altogether and have // faith that UnescapeDataString won't throw for this scenario. url = Repository.Url.AbsoluteUri; ExecutionContext.Warning($"{ex.Message} ({url})"); } formattedArgs.Add($"\"{Switch}collection:{url}\""); } } if (!formatFlags.HasFlag(FormatTags.OmitLogin)) { if (Features.HasFlag(TfsVCFeatures.LoginType)) { formattedArgs.Add($"{Switch}loginType:OAuth"); formattedArgs.Add($"{Switch}login:.,{accessToken}"); } else { formattedArgs.Add($"{Switch}jwt:{accessToken}"); } } if (!formatFlags.HasFlag(FormatTags.OmitNoPrompt)) { formattedArgs.Add($"{Switch}noprompt"); } return string.Join(" ", formattedArgs); } [Flags] protected enum FormatTags { None = 0, OmitCollectionUrl = 1, OmitLogin = 2, OmitNoPrompt = 4, All = OmitCollectionUrl | OmitLogin | OmitNoPrompt, } } [Flags] public enum TfsVCFeatures { None = 0, // Indicates whether "workspace /new" adds a default mapping. DefaultWorkfoldMap = 1, // Indicates whether the CLI accepts the collection URL in escaped form. EscapedUrl = 2, // Indicates whether the "eula" subcommand is supported. Eula = 4, // Indicates whether the "get" and "undo" subcommands will correctly resolve // the workspace from an unmapped root folder. For example, if a workspace // contains only two mappings, $/foo -> $(build.sourcesDirectory)\foo and // $/bar -> $(build.sourcesDirectory)\bar, then "tf get $(build.sourcesDirectory)" // will not be able to resolve the workspace unless this feature is supported. GetFromUnmappedRoot = 8, // Indicates whether the "loginType" parameter is supported. LoginType = 16, // Indicates whether the "scorch" subcommand is supported. Scorch = 32, } public sealed class TfsVCPorcelainCommandResult { public TfsVCPorcelainCommandResult() { Output = new List(); } public ProcessExitCodeException Exception { get; set; } public List Output { get; } } //////////////////////////////////////////////////////////////////////////////// // tf shelvesets interfaces. //////////////////////////////////////////////////////////////////////////////// public interface ITfsVCShelveset { string Comment { get; } } //////////////////////////////////////////////////////////////////////////////// // tf status interfaces. //////////////////////////////////////////////////////////////////////////////// public interface ITfsVCStatus { IEnumerable AllAdds { get; } bool HasPendingChanges { get; } } public interface ITfsVCPendingChange { string LocalItem { get; } } //////////////////////////////////////////////////////////////////////////////// // tf workspaces interfaces. //////////////////////////////////////////////////////////////////////////////// public interface ITfsVCWorkspace { string Computer { get; set; } string Name { get; } string Owner { get; } ITfsVCMapping[] Mappings { get; } } public interface ITfsVCMapping { bool Cloak { get; } string LocalPath { get; } bool Recursive { get; } string ServerPath { get; } } } ================================================ FILE: src/Agent.Plugins/TfsVCSourceProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Knob; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Plugins.Repository { public sealed class TfsVCSourceProvider : ISourceProvider { public async Task GetSourceAsync( AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository, CancellationToken cancellationToken) { // Validate args. ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(repository, nameof(repository)); // Validate .NET Framework 4.6 or higher is installed. if (PlatformUtil.RunningOnWindows && !NetFrameworkUtil.Test(new Version(4, 6), executionContext)) { throw new Exception(StringUtil.Loc("MinimumNetFramework46")); } // determine if we've been asked to suppress some checkout step output bool reducedOutput = AgentKnobs.QuietCheckout.GetValue(executionContext).AsBoolean(); if (reducedOutput) { executionContext.Output(StringUtil.Loc("QuietCheckoutModeRequested")); executionContext.SetTaskVariable(AgentKnobs.QuietCheckoutRuntimeVarName, Boolean.TrueString); } // Create the tf command manager. ITfsVCCliManager tf; if (PlatformUtil.RunningOnWindows) { tf = new TFCliManager(); } else { tf = new TeeCliManager(); } tf.CancellationToken = cancellationToken; tf.Repository = repository; tf.ExecutionContext = executionContext; if (repository.Endpoint != null) { // the endpoint should either be the SystemVssConnection (id = guild.empty, name = SystemVssConnection) // or a real service endpoint to external service which has a real id var endpoint = executionContext.Endpoints.Single( x => (repository.Endpoint.Id != Guid.Empty && x.Id == repository.Endpoint.Id) || (repository.Endpoint.Id == Guid.Empty && string.Equals(x.Name, repository.Endpoint.Name.ToString(), StringComparison.OrdinalIgnoreCase))); ArgUtil.NotNull(endpoint, nameof(endpoint)); tf.Endpoint = endpoint; } // Setup proxy. var agentProxy = executionContext.GetProxyConfiguration(); if (agentProxy != null && !string.IsNullOrEmpty(agentProxy.ProxyAddress) && !agentProxy.WebProxy.IsBypassed(repository.Url)) { executionContext.Debug($"Configure '{tf.FilePath}' to work through proxy server '{agentProxy.ProxyAddress}'."); tf.SetupProxy(agentProxy.ProxyAddress, agentProxy.ProxyUsername, agentProxy.ProxyPassword); } // Setup client certificate. var agentCertManager = executionContext.GetCertConfiguration(); if (agentCertManager != null && agentCertManager.SkipServerCertificateValidation) { executionContext.Debug("TF does not support ignoring SSL certificate validation error."); } // prepare client cert, if the repository's endpoint url match the TFS/VSTS url var systemConnection = executionContext.Endpoints.Single(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); if (!string.IsNullOrEmpty(agentCertManager?.ClientCertificateFile) && Uri.Compare(repository.Url, systemConnection.Url, UriComponents.SchemeAndServer, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) == 0) { executionContext.Debug($"Configure '{tf.FilePath}' to work with client cert '{agentCertManager.ClientCertificateFile}'."); tf.SetupClientCertificate(agentCertManager.ClientCertificateFile, agentCertManager.ClientCertificatePrivateKeyFile, agentCertManager.ClientCertificateArchiveFile, agentCertManager.ClientCertificatePassword); } // Add TF to the PATH. string tfPath = tf.FilePath; ArgUtil.File(tfPath, nameof(tfPath)); executionContext.Output(StringUtil.Loc("Prepending0WithDirectoryContaining1", PathUtil.PathVariable, Path.GetFileName(tfPath))); executionContext.PrependPath(Path.GetDirectoryName(tfPath)); executionContext.Debug($"PATH: '{Environment.GetEnvironmentVariable("PATH")}'"); if (PlatformUtil.RunningOnWindows) { // Set TFVC_BUILDAGENT_POLICYPATH string TfPath = VarUtil.GetTfDirectoryPath(executionContext); string policyDllPath = Path.Combine(TfPath, "Microsoft.TeamFoundation.VersionControl.Controls.dll"); ArgUtil.File(policyDllPath, nameof(policyDllPath)); const string policyPathEnvKey = "TFVC_BUILDAGENT_POLICYPATH"; executionContext.Output(StringUtil.Loc("SetEnvVar", policyPathEnvKey)); executionContext.SetVariable(policyPathEnvKey, policyDllPath); } // Check if the administrator accepted the license terms of the TEE EULA when configuring the agent. if (tf.Features.HasFlag(TfsVCFeatures.Eula) && StringUtil.ConvertToBoolean(executionContext.Variables.GetValueOrDefault("Agent.AcceptTeeEula")?.Value)) { // Check if the "tf eula -accept" command needs to be run for the current user. bool skipEula = false; try { skipEula = tf.TestEulaAccepted(); } catch (Exception ex) { executionContext.Debug("Unexpected exception while testing whether the TEE EULA has been accepted for the current user."); executionContext.Debug(ex.ToString()); } if (!skipEula) { // Run the command "tf eula -accept". try { await tf.EulaAsync(); } catch (Exception ex) { executionContext.Debug(ex.ToString()); executionContext.Warning(ex.Message); } } } // Get the workspaces. executionContext.Output(StringUtil.Loc("QueryingWorkspaceInfo")); ITfsVCWorkspace[] tfWorkspaces = await tf.WorkspacesAsync(); // Determine the workspace name. string buildDirectory = executionContext.Variables.GetValueOrDefault("agent.builddirectory")?.Value; ArgUtil.NotNullOrEmpty(buildDirectory, nameof(buildDirectory)); string workspaceName = $"ws_{Path.GetFileName(buildDirectory)}_{executionContext.Variables.GetValueOrDefault("agent.id")?.Value}"; executionContext.SetVariable("build.repository.tfvc.workspace", workspaceName); // Get the definition mappings. var workspaceMappings = repository.Properties.Get>(Pipelines.RepositoryPropertyNames.Mappings); DefinitionWorkspaceMapping[] definitionMappings = workspaceMappings.Select(x => new DefinitionWorkspaceMapping() { ServerPath = x.ServerPath, LocalPath = x.LocalPath, MappingType = x.Exclude ? DefinitionMappingType.Cloak : DefinitionMappingType.Map }).ToArray(); // Determine the sources directory. string sourcesDirectory = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); ArgUtil.NotNullOrEmpty(sourcesDirectory, nameof(sourcesDirectory)); // Attempt to re-use an existing workspace if the command manager supports scorch // or if clean is not specified. ITfsVCWorkspace existingTFWorkspace = null; bool clean = StringUtil.ConvertToBoolean(executionContext.GetInput(Pipelines.PipelineConstants.CheckoutTaskInputs.Clean)); if (tf.Features.HasFlag(TfsVCFeatures.Scorch) || !clean) { existingTFWorkspace = WorkspaceUtil.MatchExactWorkspace( executionContext: executionContext, tfWorkspaces: tfWorkspaces, name: workspaceName, definitionMappings: definitionMappings, sourcesDirectory: sourcesDirectory); if (existingTFWorkspace != null) { if (tf.Features.HasFlag(TfsVCFeatures.GetFromUnmappedRoot)) { // Undo pending changes. ITfsVCStatus tfStatus = await tf.StatusAsync(localPath: sourcesDirectory); if (tfStatus?.HasPendingChanges ?? false) { await tf.UndoAsync(localPath: sourcesDirectory); // Cleanup remaining files/directories from pend adds. tfStatus.AllAdds .OrderByDescending(x => x.LocalItem) // Sort descending so nested items are deleted before their parent is deleted. .ToList() .ForEach(x => { executionContext.Output(StringUtil.Loc("Deleting", x.LocalItem)); IOUtil.Delete(x.LocalItem, cancellationToken); }); } } else { // Perform "undo" for each map. foreach (DefinitionWorkspaceMapping definitionMapping in definitionMappings ?? new DefinitionWorkspaceMapping[0]) { if (definitionMapping.MappingType == DefinitionMappingType.Map) { // Check the status. string localPath = definitionMapping.GetRootedLocalPath(sourcesDirectory); ITfsVCStatus tfStatus = await tf.StatusAsync(localPath: localPath); if (tfStatus?.HasPendingChanges ?? false) { // Undo. await tf.UndoAsync(localPath: localPath); // Cleanup remaining files/directories from pend adds. tfStatus.AllAdds .OrderByDescending(x => x.LocalItem) // Sort descending so nested items are deleted before their parent is deleted. .ToList() .ForEach(x => { executionContext.Output(StringUtil.Loc("Deleting", x.LocalItem)); IOUtil.Delete(x.LocalItem, cancellationToken); }); } } } } // Scorch. if (clean) { // Try to scorch. try { await tf.ScorchAsync(); } catch (ProcessExitCodeException ex) { // Scorch failed. // Warn, drop the folder, and re-clone. executionContext.Warning(ex.Message); existingTFWorkspace = null; } } } } // Create a new workspace. if (existingTFWorkspace == null) { // Remove any conflicting workspaces. await RemoveConflictingWorkspacesAsync( tf: tf, tfWorkspaces: tfWorkspaces, name: workspaceName, directory: sourcesDirectory); // Remove any conflicting workspace from a different computer. // This is primarily a hosted scenario where a registered hosted // agent can land on a different computer each time. tfWorkspaces = await tf.WorkspacesAsync(matchWorkspaceNameOnAnyComputer: true); foreach (ITfsVCWorkspace tfWorkspace in tfWorkspaces ?? new ITfsVCWorkspace[0]) { await tf.TryWorkspaceDeleteAsync(tfWorkspace); } // Recreate the sources directory. executionContext.Debug($"Deleting: '{sourcesDirectory}'."); IOUtil.DeleteDirectory(sourcesDirectory, cancellationToken); Directory.CreateDirectory(sourcesDirectory); // Create the workspace. await tf.WorkspaceNewAsync(); // Remove the default mapping. if (tf.Features.HasFlag(TfsVCFeatures.DefaultWorkfoldMap)) { await tf.WorkfoldUnmapAsync("$/"); } // Sort the definition mappings. definitionMappings = (definitionMappings ?? new DefinitionWorkspaceMapping[0]) .OrderBy(x => x.NormalizedServerPath?.Length ?? 0) // By server path length. .ToArray() ?? new DefinitionWorkspaceMapping[0]; // Add the definition mappings to the workspace. foreach (DefinitionWorkspaceMapping definitionMapping in definitionMappings) { switch (definitionMapping.MappingType) { case DefinitionMappingType.Cloak: // Add the cloak. await tf.WorkfoldCloakAsync(serverPath: definitionMapping.ServerPath); break; case DefinitionMappingType.Map: // Add the mapping. await tf.WorkfoldMapAsync( serverPath: definitionMapping.ServerPath, localPath: definitionMapping.GetRootedLocalPath(sourcesDirectory)); break; default: throw new NotSupportedException(); } } } if (tf.Features.HasFlag(TfsVCFeatures.GetFromUnmappedRoot)) { // Get. await tf.GetAsync(localPath: sourcesDirectory, quiet: reducedOutput); } else { // Perform "get" for each map. foreach (DefinitionWorkspaceMapping definitionMapping in definitionMappings ?? new DefinitionWorkspaceMapping[0]) { if (definitionMapping.MappingType == DefinitionMappingType.Map) { await tf.GetAsync(localPath: definitionMapping.GetRootedLocalPath(sourcesDirectory), quiet: reducedOutput); } } } // Steps for shelveset/gated. string shelvesetName = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Shelveset); if (!string.IsNullOrEmpty(shelvesetName)) { // Steps for gated. ITfsVCShelveset tfShelveset = null; string gatedShelvesetName = executionContext.Variables.GetValueOrDefault("build.gated.shelvesetname")?.Value; if (!string.IsNullOrEmpty(gatedShelvesetName)) { // Clean the last-saved-checkin-metadata for existing workspaces. // // A better long term fix is to add a switch to "tf unshelve" that completely overwrites // the last-saved-checkin-metadata, instead of merging associated work items. // // The targeted workaround for now is to create a trivial change and "tf shelve /move", // which will delete the last-saved-checkin-metadata. if (existingTFWorkspace != null) { executionContext.Output("Cleaning last saved checkin metadata."); // Find a local mapped directory. string firstLocalDirectory = (definitionMappings ?? new DefinitionWorkspaceMapping[0]) .Where(x => x.MappingType == DefinitionMappingType.Map) .Select(x => x.GetRootedLocalPath(sourcesDirectory)) .FirstOrDefault(x => Directory.Exists(x)); if (firstLocalDirectory == null) { executionContext.Warning("No mapped folder found. Unable to clean last-saved-checkin-metadata."); } else { // Create a trival change and "tf shelve /move" to clear the // last-saved-checkin-metadata. string cleanName = "__tf_clean_wksp_metadata"; string tempCleanFile = Path.Combine(firstLocalDirectory, cleanName); try { File.WriteAllText(path: tempCleanFile, contents: "clean last-saved-checkin-metadata", encoding: Encoding.UTF8); await tf.AddAsync(tempCleanFile); await tf.ShelveAsync(shelveset: cleanName, commentFile: tempCleanFile, move: true); } catch (Exception ex) { executionContext.Warning($"Unable to clean last-saved-checkin-metadata. {ex.Message}"); try { await tf.UndoAsync(tempCleanFile); } catch (Exception ex2) { executionContext.Warning($"Unable to undo '{tempCleanFile}'. {ex2.Message}"); } } finally { IOUtil.DeleteFile(tempCleanFile); } } } // Get the shelveset metadata. tfShelveset = await tf.ShelvesetsAsync(shelveset: shelvesetName); // The above command throws if the shelveset is not found, // so the following assertion should never fail. ArgUtil.NotNull(tfShelveset, nameof(tfShelveset)); } // Unshelve. bool unshelveErrorsAllowed = AgentKnobs.AllowTfvcUnshelveErrors.GetValue(executionContext).AsBoolean(); await tf.UnshelveAsync(shelveset: shelvesetName, unshelveErrorsAllowed); // Ensure we undo pending changes for shelveset build at the end. executionContext.SetTaskVariable("UndoShelvesetPendingChanges", bool.TrueString); if (!string.IsNullOrEmpty(gatedShelvesetName)) { // Create the comment file for reshelve. StringBuilder comment = new StringBuilder(tfShelveset.Comment ?? string.Empty); string runCi = executionContext.Variables.GetValueOrDefault("build.gated.runci")?.Value; bool gatedRunCi = StringUtil.ConvertToBoolean(runCi, true); if (!gatedRunCi) { if (comment.Length > 0) { comment.AppendLine(); } comment.Append("***NO_CI***"); } string commentFile = null; try { commentFile = Path.GetTempFileName(); File.WriteAllText(path: commentFile, contents: comment.ToString(), encoding: Encoding.UTF8); // Reshelve. await tf.ShelveAsync(shelveset: gatedShelvesetName, commentFile: commentFile, move: false); } finally { // Cleanup the comment file. if (File.Exists(commentFile)) { try { await IOUtil.DeleteFileWithRetry(commentFile, cancellationToken); } catch (Exception ex) { executionContext.Output($"Unable to delete comment file, ex:{ex.GetType()}"); } } } } } // Cleanup proxy settings. if (agentProxy != null && !string.IsNullOrEmpty(agentProxy.ProxyAddress) && !agentProxy.WebProxy.IsBypassed(repository.Url)) { executionContext.Debug($"Remove proxy setting for '{tf.FilePath}' to work through proxy server '{agentProxy.ProxyAddress}'."); tf.CleanupProxySetting(); } // Set intra-task variable for post job cleanup executionContext.SetTaskVariable("repository", repository.Alias); } public async Task PostJobCleanupAsync(AgentTaskPluginExecutionContext executionContext, Pipelines.RepositoryResource repository) { bool undoShelvesetPendingChanges = StringUtil.ConvertToBoolean(executionContext.TaskVariables.GetValueOrDefault("UndoShelvesetPendingChanges")?.Value); if (undoShelvesetPendingChanges) { string shelvesetName = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Shelveset); executionContext.Debug($"Undo pending changes left by shelveset '{shelvesetName}'."); // Create the tf command manager. ITfsVCCliManager tf; if (PlatformUtil.RunningOnWindows) { tf = new TFCliManager(); } else { tf = new TeeCliManager(); } tf.CancellationToken = CancellationToken.None; tf.Repository = repository; tf.ExecutionContext = executionContext; if (repository.Endpoint != null) { // the endpoint should either be the SystemVssConnection (id = guild.empty, name = SystemVssConnection) // or a real service endpoint to external service which has a real id var endpoint = executionContext.Endpoints.Single( x => (repository.Endpoint.Id != Guid.Empty && x.Id == repository.Endpoint.Id) || (repository.Endpoint.Id == Guid.Empty && string.Equals(x.Name, repository.Endpoint.Name.ToString(), StringComparison.OrdinalIgnoreCase))); ArgUtil.NotNull(endpoint, nameof(endpoint)); tf.Endpoint = endpoint; } // Get the definition mappings. var workspaceMappings = repository.Properties.Get>(Pipelines.RepositoryPropertyNames.Mappings); DefinitionWorkspaceMapping[] definitionMappings = workspaceMappings.Select(x => new DefinitionWorkspaceMapping() { ServerPath = x.ServerPath, LocalPath = x.LocalPath, MappingType = x.Exclude ? DefinitionMappingType.Cloak : DefinitionMappingType.Map }).ToArray(); // Determine the sources directory. string sourcesDirectory = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); ArgUtil.NotNullOrEmpty(sourcesDirectory, nameof(sourcesDirectory)); try { if (tf.Features.HasFlag(TfsVCFeatures.GetFromUnmappedRoot)) { // Undo pending changes. ITfsVCStatus tfStatus = await tf.StatusAsync(localPath: sourcesDirectory); if (tfStatus?.HasPendingChanges ?? false) { await tf.UndoAsync(localPath: sourcesDirectory); // Cleanup remaining files/directories from pend adds. tfStatus.AllAdds .OrderByDescending(x => x.LocalItem) // Sort descending so nested items are deleted before their parent is deleted. .ToList() .ForEach(x => { executionContext.Output(StringUtil.Loc("Deleting", x.LocalItem)); IOUtil.Delete(x.LocalItem, CancellationToken.None); }); } } else { // Perform "undo" for each map. foreach (DefinitionWorkspaceMapping definitionMapping in definitionMappings ?? new DefinitionWorkspaceMapping[0]) { if (definitionMapping.MappingType == DefinitionMappingType.Map) { // Check the status. string localPath = definitionMapping.GetRootedLocalPath(sourcesDirectory); ITfsVCStatus tfStatus = await tf.StatusAsync(localPath: localPath); if (tfStatus?.HasPendingChanges ?? false) { // Undo. await tf.UndoAsync(localPath: localPath); // Cleanup remaining files/directories from pend adds. tfStatus.AllAdds .OrderByDescending(x => x.LocalItem) // Sort descending so nested items are deleted before their parent is deleted. .ToList() .ForEach(x => { executionContext.Output(StringUtil.Loc("Deleting", x.LocalItem)); IOUtil.Delete(x.LocalItem, CancellationToken.None); }); } } } } } catch (Exception ex) { // We can't undo pending changes, log a warning and continue. executionContext.Debug(ex.ToString()); executionContext.Warning(ex.Message); } } } private async Task RemoveConflictingWorkspacesAsync(ITfsVCCliManager tf, ITfsVCWorkspace[] tfWorkspaces, string name, string directory) { // Validate the args. ArgUtil.NotNullOrEmpty(name, nameof(name)); ArgUtil.NotNullOrEmpty(directory, nameof(directory)); // Fixup the directory. directory = directory.TrimEnd('/', '\\'); ArgUtil.NotNullOrEmpty(directory, nameof(directory)); string directorySlash = $"{directory}{Path.DirectorySeparatorChar}"; foreach (ITfsVCWorkspace tfWorkspace in tfWorkspaces ?? new ITfsVCWorkspace[0]) { // Attempt to match the workspace by name. if (string.Equals(tfWorkspace.Name, name, StringComparison.OrdinalIgnoreCase)) { // Try deleting the workspace from the server. if (!(await tf.TryWorkspaceDeleteAsync(tfWorkspace))) { // Otherwise fallback to deleting the workspace from the local computer. await tf.WorkspacesRemoveAsync(tfWorkspace); } // Continue iterating over the rest of the workspaces. continue; } // Attempt to match the workspace by local path. foreach (ITfsVCMapping tfMapping in tfWorkspace.Mappings ?? new ITfsVCMapping[0]) { // Skip cloaks. if (tfMapping.Cloak) { continue; } if (string.Equals(tfMapping.LocalPath, directory, StringComparison.CurrentCultureIgnoreCase) || (tfMapping.LocalPath ?? string.Empty).StartsWith(directorySlash, StringComparison.CurrentCultureIgnoreCase)) { // Try deleting the workspace from the server. if (!(await tf.TryWorkspaceDeleteAsync(tfWorkspace))) { // Otherwise fallback to deleting the workspace from the local computer. await tf.WorkspacesRemoveAsync(tfWorkspace); } // Break out of this nested for loop only. // Continue iterating over the rest of the workspaces. break; } } } } public static class WorkspaceUtil { public static ITfsVCWorkspace MatchExactWorkspace( AgentTaskPluginExecutionContext executionContext, ITfsVCWorkspace[] tfWorkspaces, string name, DefinitionWorkspaceMapping[] definitionMappings, string sourcesDirectory) { ArgUtil.NotNullOrEmpty(name, nameof(name)); ArgUtil.NotNullOrEmpty(sourcesDirectory, nameof(sourcesDirectory)); // Short-circuit early if the sources directory is empty. // // Consider the sources directory to be empty if it only contains a .tf directory exists. This can // indicate the workspace is in a corrupted state and the tf commands (e.g. status) will not return // reliable information. An easy way to reproduce this is to delete the workspace directory, then // run "tf status" on that workspace. The .tf directory will be recreated but the contents will be // in a corrupted state. if (!Directory.Exists(sourcesDirectory) || !Directory.EnumerateFileSystemEntries(sourcesDirectory).Any(x => !x.EndsWith($"{Path.DirectorySeparatorChar}.tf"))) { executionContext.Debug("Sources directory does not exist or is empty."); return null; } string machineName = Environment.MachineName; executionContext.Debug($"Attempting to find a workspace: '{name}'"); foreach (ITfsVCWorkspace tfWorkspace in tfWorkspaces ?? new ITfsVCWorkspace[0]) { // Compare the workspace name. if (!string.Equals(tfWorkspace.Name, name, StringComparison.Ordinal)) { executionContext.Debug($"Skipping workspace: '{tfWorkspace.Name}'"); continue; } executionContext.Debug($"Candidate workspace: '{tfWorkspace.Name}'"); // Compare the machine name. if (!string.Equals(tfWorkspace.Computer, machineName, StringComparison.Ordinal)) { executionContext.Debug($"Expected computer name: '{machineName}'. Actual: '{tfWorkspace.Computer}'"); continue; } // Compare the number of mappings. if ((tfWorkspace.Mappings?.Length ?? 0) != (definitionMappings?.Length ?? 0)) { executionContext.Debug($"Expected number of mappings: '{definitionMappings?.Length ?? 0}'. Actual: '{tfWorkspace.Mappings?.Length ?? 0}'"); continue; } // Sort the definition mappings. List sortedDefinitionMappings = (definitionMappings ?? new DefinitionWorkspaceMapping[0]) .OrderBy(x => x.MappingType != DefinitionMappingType.Cloak) // Cloaks first .ThenBy(x => !x.Recursive) // Then recursive maps .ThenBy(x => x.NormalizedServerPath) // Then sort by the normalized server path .ToList(); for (int i = 0; i < sortedDefinitionMappings.Count; i++) { DefinitionWorkspaceMapping mapping = sortedDefinitionMappings[i]; executionContext.Debug($"Definition mapping[{i}]: cloak '{mapping.MappingType == DefinitionMappingType.Cloak}', recursive '{mapping.Recursive}', server path '{mapping.NormalizedServerPath}', local path '{mapping.GetRootedLocalPath(sourcesDirectory)}'"); } // Sort the TF mappings. List sortedTFMappings = (tfWorkspace.Mappings ?? new ITfsVCMapping[0]) .OrderBy(x => !x.Cloak) // Cloaks first .ThenBy(x => !x.Recursive) // Then recursive maps .ThenBy(x => x.ServerPath) // Then sort by server path .ToList(); for (int i = 0; i < sortedTFMappings.Count; i++) { ITfsVCMapping mapping = sortedTFMappings[i]; executionContext.Debug($"Found mapping[{i}]: cloak '{mapping.Cloak}', recursive '{mapping.Recursive}', server path '{mapping.ServerPath}', local path '{mapping.LocalPath}'"); } // Compare the mappings. bool allMatch = true; List matchTrace = new List(); for (int i = 0; i < sortedTFMappings.Count; i++) { ITfsVCMapping tfMapping = sortedTFMappings[i]; DefinitionWorkspaceMapping definitionMapping = sortedDefinitionMappings[i]; // Compare the cloak flag. bool expectedCloak = definitionMapping.MappingType == DefinitionMappingType.Cloak; if (tfMapping.Cloak != expectedCloak) { matchTrace.Add(StringUtil.Loc("ExpectedMappingCloak", i, expectedCloak, tfMapping.Cloak)); allMatch = false; break; } // Compare the recursive flag. if (!expectedCloak && tfMapping.Recursive != definitionMapping.Recursive) { matchTrace.Add(StringUtil.Loc("ExpectedMappingRecursive", i, definitionMapping.Recursive, tfMapping.Recursive)); allMatch = false; break; } // Compare the server path. Normalize the expected server path for a single-level map. string expectedServerPath = definitionMapping.NormalizedServerPath; if (!string.Equals(tfMapping.ServerPath, expectedServerPath, StringComparison.Ordinal)) { matchTrace.Add(StringUtil.Loc("ExpectedMappingServerPath", i, expectedServerPath, tfMapping.ServerPath)); allMatch = false; break; } // Compare the local path. if (!expectedCloak) { string expectedLocalPath = definitionMapping.GetRootedLocalPath(sourcesDirectory); if (!string.Equals(tfMapping.LocalPath, expectedLocalPath, StringComparison.Ordinal)) { matchTrace.Add(StringUtil.Loc("ExpectedMappingLocalPath", i, expectedLocalPath, tfMapping.LocalPath)); allMatch = false; break; } } } if (allMatch) { executionContext.Debug("Matching workspace found."); return tfWorkspace; } else { executionContext.Output(StringUtil.Loc("WorkspaceMappingNotMatched", tfWorkspace.Name)); foreach (var trace in matchTrace) { executionContext.Output(trace); } } } executionContext.Debug("Matching workspace not found."); return null; } } public sealed class DefinitionWorkspaceMapping { public string LocalPath { get; set; } public DefinitionMappingType MappingType { get; set; } /// /// Remove the trailing "/*" from the single-level mapping server path. /// If the ServerPath is "$/*", then the normalized path is returned /// as "$/" rather than "$". /// public string NormalizedServerPath { get { string path; if (!Recursive) { // Trim the last two characters (i.e. "/*") from the single-level // mapping server path. path = ServerPath.Substring(0, ServerPath.Length - 2); // Check if trimmed too much. This is important when comparing // against workspaces on disk. if (string.Equals(path, "$", StringComparison.Ordinal)) { path = "$/"; } } else { path = ServerPath ?? string.Empty; } return path; } } /// /// Returns true if the path does not end with "/*". /// public bool Recursive => !(ServerPath ?? string.Empty).EndsWith("/*"); public string ServerPath { get; set; } /// /// Gets the rooted local path and normalizes slashes. /// public string GetRootedLocalPath(string sourcesDirectory) { // TEE normalizes all slashes in a workspace mapping to match the OS. It is not // possible on OSX/Linux to have a workspace mapping with a backslash, even though // backslash is a legal file name character. string relativePath = (LocalPath ?? string.Empty) .Replace('/', Path.DirectorySeparatorChar) .Replace('\\', Path.DirectorySeparatorChar) .Trim(Path.DirectorySeparatorChar); return Path.Combine(sourcesDirectory, relativePath); } } public enum DefinitionMappingType { Cloak, Map, } } } ================================================ FILE: src/Agent.Sdk/Agent.Sdk.csproj ================================================  Library true ================================================ FILE: src/Agent.Sdk/AgentClientCertificateManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Security.Cryptography.X509Certificates; using Agent.Sdk.Util; using Microsoft.VisualStudio.Services.Common; namespace Agent.Sdk { public class AgentCertificateSettings { public bool SkipServerCertificateValidation { get; set; } public string CACertificateFile { get; set; } public string ClientCertificateFile { get; set; } public string ClientCertificatePrivateKeyFile { get; set; } public string ClientCertificateArchiveFile { get; set; } public string ClientCertificatePassword { get; set; } public IVssClientCertificateManager VssClientCertificateManager { get; set; } } public class AgentClientCertificateManager : IVssClientCertificateManager { private readonly X509Certificate2Collection _clientCertificates = new X509Certificate2Collection(); public X509Certificate2Collection ClientCertificates => _clientCertificates; public AgentClientCertificateManager() { } public AgentClientCertificateManager(string clientCertificateArchiveFile, string clientCertificatePassword) { AddClientCertificate(clientCertificateArchiveFile, clientCertificatePassword); } public void AddClientCertificate(string clientCertificateArchiveFile, string clientCertificatePassword) { if (!string.IsNullOrEmpty(clientCertificateArchiveFile)) { _clientCertificates.Add(CertificateUtil.LoadCertificate(clientCertificateArchiveFile, clientCertificatePassword)); } } } } ================================================ FILE: src/Agent.Sdk/AgentWebProxy.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Net; using System.Text.RegularExpressions; using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Sdk { public class AgentWebProxySettings { public static string AgentProxyUrlKey = "Agent.ProxyUrl".ToLower(); public static string AgentProxyUsernameKey = "Agent.ProxyUsername".ToLower(); public static string AgentProxyPasswordKey = "Agent.ProxyPassword".ToLower(); public static string AgentProxyBypassListKey = "Agent.ProxyBypassList".ToLower(); public static string AgentUseBasicAuthForProxyKey = "Agent.UseBasicAuthForProxy".ToLower(); public string ProxyAddress { get; set; } public string ProxyUsername { get; set; } public string ProxyPassword { get; set; } public List ProxyBypassList { get; set; } public bool UseBasicAuthForProxy { get; set; } public IWebProxy WebProxy { get; set; } } public class AgentWebProxy : IWebProxy { private string _proxyAddress; private readonly List _regExBypassList = new List(); private bool _useBasicAuthForProxy = false; // Flag to control Basic auth usage public ICredentials Credentials { get; set; } public AgentWebProxy() { } public AgentWebProxy(string proxyAddress, string proxyUsername, string proxyPassword, List proxyBypassList) { Update(proxyAddress, proxyUsername, proxyPassword, proxyBypassList, false); } public AgentWebProxy(string proxyAddress, string proxyUsername, string proxyPassword, List proxyBypassList, bool useBasicAuthForProxy = false) { Update(proxyAddress, proxyUsername, proxyPassword, proxyBypassList, useBasicAuthForProxy); } public void Update(string proxyAddress, string proxyUsername, string proxyPassword, List proxyBypassList, bool useBasicAuthForProxy = false) { _useBasicAuthForProxy = useBasicAuthForProxy; _proxyAddress = proxyAddress?.Trim(); if (string.IsNullOrEmpty(proxyUsername) || string.IsNullOrEmpty(proxyPassword)) { Credentials = CredentialCache.DefaultNetworkCredentials; } else { if (_useBasicAuthForProxy) { // Use CredentialCache to force Basic authentication and avoid NTLM negotiation issues // This fixes the 407 Proxy Authentication Required errors that occur when .NET // attempts NTLM authentication but fails to fall back to Basic authentication properly var credentialCache = new CredentialCache(); var proxyUri = new Uri(_proxyAddress); credentialCache.Add(proxyUri, "Basic", new NetworkCredential(proxyUsername, proxyPassword)); Credentials = credentialCache; } else { // Default behavior: Use NetworkCredential (default logic for .NET) Credentials = new NetworkCredential(proxyUsername, proxyPassword); } } if (proxyBypassList != null) { foreach (string bypass in proxyBypassList) { if (string.IsNullOrWhiteSpace(bypass)) { continue; } else { try { Regex bypassRegex = new Regex(bypass.Trim(), RegexOptions.IgnoreCase | RegexOptions.CultureInvariant | RegexOptions.ECMAScript); _regExBypassList.Add(bypassRegex); } catch (Exception) { // eat all exceptions } } } } } public Uri GetProxy(Uri destination) { if (IsBypassed(destination)) { return destination; } else { return new Uri(_proxyAddress); } } public bool IsBypassed(Uri uri) { ArgUtil.NotNull(uri, nameof(uri)); return string.IsNullOrEmpty(_proxyAddress) || uri.IsLoopback || IsMatchInBypassList(uri); } private bool IsMatchInBypassList(Uri input) { string matchUriString = input.IsDefaultPort ? input.Scheme + "://" + input.Host : input.Scheme + "://" + input.Host + ":" + input.Port.ToString(); foreach (Regex r in _regExBypassList) { if (r.IsMatch(matchUriString)) { return true; } } return false; } } } ================================================ FILE: src/Agent.Sdk/AssemblyInfo.cs ================================================ using System.Runtime.CompilerServices; [assembly: InternalsVisibleTo("Test")] ================================================ FILE: src/Agent.Sdk/CommandPlugin.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Net.Http; using System.Net.Http.Headers; using System.Runtime.InteropServices; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Newtonsoft.Json; using Agent.Sdk.Knob; using System.Runtime.CompilerServices; namespace Agent.Sdk { [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1716: Identifiers should not match keywords")] public interface IAgentCommandPlugin { String Area { get; } String Event { get; } String DisplayName { get; } Task ProcessCommandAsync(AgentCommandPluginExecutionContext executionContext, CancellationToken token); } public class AgentCommandPluginExecutionContext : ITraceWriter, IKnobValueContext { private VssConnection _connection; private readonly object _stdoutLock = new object(); private readonly object _stderrLock = new object(); public AgentCommandPluginExecutionContext() { this.Endpoints = new List(); this.Properties = new Dictionary(StringComparer.OrdinalIgnoreCase); this.Variables = new Dictionary(StringComparer.OrdinalIgnoreCase); } public string Data { get; set; } public Dictionary Properties { get; set; } public List Endpoints { get; set; } public Dictionary Variables { get; set; } [JsonIgnore] public VssConnection VssConnection { get { if (_connection == null) { _connection = InitializeVssConnection(); } return _connection; } } public void Info(string message, [CallerMemberName] string operation = "") { Debug(message); } public void Verbose(string message, [CallerMemberName] string operation = "") { string vstsAgentTrace = AgentKnobs.TraceVerbose.GetValue(this).AsString(); if (!string.IsNullOrEmpty(vstsAgentTrace)) { Debug(message); } } public void Debug(string message) { if (StringUtil.ConvertToBoolean(this.Variables.GetValueOrDefault("system.debug")?.Value)) { Output($"##[debug]{message}"); } } public void Output(string message) { lock (_stdoutLock) { Console.Out.WriteLine(message); } } public void Error(string message) { lock (_stderrLock) { Console.Error.WriteLine(message); } } public VssConnection InitializeVssConnection() { var headerValues = new List(); headerValues.Add(new ProductInfoHeaderValue($"VstsAgentCore-Plugin", Variables.GetValueOrDefault("agent.version")?.Value ?? "Unknown")); headerValues.Add(new ProductInfoHeaderValue($"({RuntimeInformation.OSDescription.Trim()})")); if (VssClientHttpRequestSettings.Default.UserAgent != null && VssClientHttpRequestSettings.Default.UserAgent.Count > 0) { headerValues.AddRange(VssClientHttpRequestSettings.Default.UserAgent); } VssClientHttpRequestSettings.Default.UserAgent = headerValues; if (PlatformUtil.RunningOnLinux || PlatformUtil.RunningOnMacOS) { // The .NET Core 2.1 runtime switched its HTTP default from HTTP 1.1 to HTTP 2. // This causes problems with some versions of the Curl handler. // See GitHub issue https://github.com/dotnet/corefx/issues/32376 VssClientHttpRequestSettings.Default.UseHttp11 = true; } var certSetting = GetCertConfiguration(); bool skipServerCertificateValidation = false; if (certSetting != null) { if (!string.IsNullOrEmpty(certSetting.ClientCertificateArchiveFile)) { VssClientHttpRequestSettings.Default.ClientCertificateManager = new AgentClientCertificateManager(certSetting.ClientCertificateArchiveFile, certSetting.ClientCertificatePassword); } if (certSetting.SkipServerCertificateValidation) { skipServerCertificateValidation = true; VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; } } var proxySetting = GetProxyConfiguration(); if (proxySetting != null) { if (!string.IsNullOrEmpty(proxySetting.ProxyAddress)) { VssHttpMessageHandler.DefaultWebProxy = new AgentWebProxy(proxySetting.ProxyAddress, proxySetting.ProxyUsername, proxySetting.ProxyPassword, proxySetting.ProxyBypassList, proxySetting.UseBasicAuthForProxy); } } ServiceEndpoint systemConnection = this.Endpoints.FirstOrDefault(e => string.Equals(e.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); ArgUtil.NotNull(systemConnection, nameof(systemConnection)); ArgUtil.NotNull(systemConnection.Url, nameof(systemConnection.Url)); VssCredentials credentials = VssUtil.GetVssCredential(systemConnection); ArgUtil.NotNull(credentials, nameof(credentials)); return VssUtil.CreateConnection(systemConnection.Url, credentials, trace: this, skipServerCertificateValidation); } private AgentCertificateSettings GetCertConfiguration() { bool skipCertValidation = StringUtil.ConvertToBoolean(this.Variables.GetValueOrDefault("Agent.SkipCertValidation")?.Value); string caFile = this.Variables.GetValueOrDefault("Agent.CAInfo")?.Value; string clientCertFile = this.Variables.GetValueOrDefault("Agent.ClientCert")?.Value; if (!string.IsNullOrEmpty(caFile) || !string.IsNullOrEmpty(clientCertFile) || skipCertValidation) { var certConfig = new AgentCertificateSettings(); certConfig.SkipServerCertificateValidation = skipCertValidation; certConfig.CACertificateFile = caFile; if (!string.IsNullOrEmpty(clientCertFile)) { certConfig.ClientCertificateFile = clientCertFile; string clientCertKey = this.Variables.GetValueOrDefault("Agent.ClientCertKey")?.Value; string clientCertArchive = this.Variables.GetValueOrDefault("Agent.ClientCertArchive")?.Value; string clientCertPassword = this.Variables.GetValueOrDefault("Agent.ClientCertPassword")?.Value; certConfig.ClientCertificatePrivateKeyFile = clientCertKey; certConfig.ClientCertificateArchiveFile = clientCertArchive; certConfig.ClientCertificatePassword = clientCertPassword; } return certConfig; } else { return null; } } private AgentWebProxySettings GetProxyConfiguration() { string proxyUrl = this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentProxyUrlKey)?.Value; if (!string.IsNullOrEmpty(proxyUrl)) { string proxyUsername = this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentProxyUsernameKey)?.Value; string proxyPassword = this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentProxyPasswordKey)?.Value; List proxyBypassHosts = StringUtil.ConvertFromJson>(this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentProxyBypassListKey)?.Value ?? "[]"); bool useBasicAuthForProxy = StringUtil.ConvertToBoolean(this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentUseBasicAuthForProxyKey)?.Value); return new AgentWebProxySettings() { ProxyAddress = proxyUrl, ProxyUsername = proxyUsername, ProxyPassword = proxyPassword, ProxyBypassList = proxyBypassHosts, UseBasicAuthForProxy = useBasicAuthForProxy, WebProxy = new AgentWebProxy(proxyUrl, proxyUsername, proxyPassword, proxyBypassHosts, useBasicAuthForProxy) }; } else { return null; } } string IKnobValueContext.GetVariableValueOrDefault(string variableName) { return Variables.GetValueOrDefault(variableName)?.Value; } IScopedEnvironment IKnobValueContext.GetScopedEnvironment() { return new SystemEnvironment(); } } } ================================================ FILE: src/Agent.Sdk/CommandStringConvertor.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Sdk { public sealed class CommandStringConvertor { public static string Escape(string input, bool unescapePercents) { if (string.IsNullOrEmpty(input)) { return string.Empty; } string escaped = input; if (unescapePercents) { escaped = escaped.Replace("%", "%AZP25"); } foreach (EscapeMapping mapping in _specialSymbolsMapping) { escaped = escaped.Replace(mapping.Token, mapping.Replacement); } return escaped; } public static string Unescape(string escaped, bool unescapePercents) { if (string.IsNullOrEmpty(escaped)) { return string.Empty; } string unescaped = escaped; foreach (EscapeMapping mapping in _specialSymbolsMapping) { unescaped = unescaped.Replace(mapping.Replacement, mapping.Token); } if (unescapePercents) { unescaped = unescaped.Replace("%AZP25", "%"); } return unescaped; } private static readonly EscapeMapping[] _specialSymbolsMapping = new[] { new EscapeMapping(token: ";", replacement: "%3B"), new EscapeMapping(token: "\r", replacement: "%0D"), new EscapeMapping(token: "\n", replacement: "%0A"), new EscapeMapping(token: "]", replacement: "%5D") }; private sealed class EscapeMapping { public string Replacement { get; } public string Token { get; } public EscapeMapping(string token, string replacement) { ArgUtil.NotNullOrEmpty(token, nameof(token)); ArgUtil.NotNullOrEmpty(replacement, nameof(replacement)); Token = token; Replacement = replacement; } } } } ================================================ FILE: src/Agent.Sdk/ContainerInfo.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Text.RegularExpressions; using Microsoft.VisualStudio.Services.Agent.Util; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Agent.Sdk { public class ContainerInfo : ExecutionTargetInfo { private IDictionary _userMountVolumes; private List _mountVolumes; private IDictionary _userPortMappings; private List _portMappings; private List _readOnlyVolumes; private Dictionary _environmentVariables; private Dictionary _pathMappings; private PlatformUtil.OS _imageOS; public PlatformUtil.OS ExecutionOS => _imageOS; public ContainerInfo() { this.IsJobContainer = true; if (PlatformUtil.RunningOnWindows) { _pathMappings = new Dictionary(StringComparer.OrdinalIgnoreCase); } else { _pathMappings = new Dictionary(); } } public ContainerInfo(Pipelines.ContainerResource container, Boolean isJobContainer = true) { ArgUtil.NotNull(container, nameof(container)); this.ContainerName = container.Alias; string containerImage = container.Properties.Get("image"); ArgUtil.NotNullOrEmpty(containerImage, nameof(containerImage)); this.ContainerImage = containerImage; this.ContainerDisplayName = $"{container.Alias}_{Pipelines.Validation.NameValidation.Sanitize(containerImage)}_{Guid.NewGuid().ToString("N").Substring(0, 6)}"; this.ContainerRegistryEndpoint = container.Endpoint?.Id ?? Guid.Empty; this.ContainerCreateOptions = container.Properties.Get("options"); this.SkipContainerImagePull = container.Properties.Get("localimage"); _environmentVariables = container.Environment != null ? new Dictionary(container.Environment) : new Dictionary(); this.ContainerCommand = container.Properties.Get("command", defaultValue: ""); this.IsJobContainer = isJobContainer; // Windows has never automatically enabled Docker.Sock, but Linux does. So we need to set the default here based on OS. this.MapDockerSocket = container.Properties.Get("mapDockerSocket", !PlatformUtil.RunningOnWindows); this._imageOS = PlatformUtil.HostOS; _pathMappings = new Dictionary(PlatformUtil.RunningOnWindows ? StringComparer.OrdinalIgnoreCase : StringComparer.Ordinal); this._readOnlyVolumes = container.ReadOnlyMounts != null ? new List(container.ReadOnlyMounts) : new List(); if (container.Ports?.Count > 0) { foreach (var port in container.Ports) { UserPortMappings[port] = port; } } if (container.Volumes?.Count > 0) { foreach (var volume in container.Volumes) { UserMountVolumes[volume] = volume; } } } public string ContainerId { get; set; } public string ContainerDisplayName { get; private set; } public string ContainerNetwork { get; set; } public string ContainerNetworkAlias { get; set; } public string ContainerImage { get; set; } public string ContainerName { get; set; } public string ContainerCommand { get; set; } public string CustomNodePath { get; set; } public string ResultNodePath { get; set; } public Guid ContainerRegistryEndpoint { get; private set; } public string ContainerCreateOptions { get; set; } public bool SkipContainerImagePull { get; private set; } public string CurrentUserName { get; set; } public string CurrentUserId { get; set; } public string CurrentGroupName { get; set; } public string CurrentGroupId { get; set; } public bool IsJobContainer { get; set; } public bool MapDockerSocket { get; set; } public bool NeedsNode16Redirect { get; set; } public bool NeedsNode20Redirect { get; set; } public PlatformUtil.OS ImageOS { get { return _imageOS; } set { var previousImageOS = _imageOS; _imageOS = value; if (_pathMappings != null) { var newMappings = new Dictionary(_pathMappings.Comparer); foreach (var mapping in _pathMappings) { newMappings[mapping.Key] = TranslateContainerPathForImageOS(previousImageOS, mapping.Value); } _pathMappings = newMappings; } if (_environmentVariables != null) { var newEnvVars = new Dictionary(_environmentVariables.Comparer); foreach (var env in _environmentVariables) { newEnvVars[env.Key] = TranslateContainerPathForImageOS(previousImageOS, env.Value); } _environmentVariables = newEnvVars; } } } public Dictionary ContainerEnvironmentVariables { get { if (_environmentVariables == null) { _environmentVariables = new Dictionary(); } return _environmentVariables; } } public IDictionary UserMountVolumes { get { if (_userMountVolumes == null) { _userMountVolumes = new Dictionary(); } return _userMountVolumes; } } public List MountVolumes { get { if (_mountVolumes == null) { _mountVolumes = new List(); } return _mountVolumes; } } public IDictionary UserPortMappings { get { if (_userPortMappings == null) { _userPortMappings = new Dictionary(); } return _userPortMappings; } } public List PortMappings { get { if (_portMappings == null) { _portMappings = new List(); } return _portMappings; } } public bool isReadOnlyVolume(string volumeName) { return _readOnlyVolumes.Contains(volumeName); } public Dictionary PathMappings { get { if (_pathMappings == null) { _pathMappings = new Dictionary(); } return _pathMappings; } } public string TranslateToContainerPath(string path) { if (!string.IsNullOrEmpty(path)) { var comparison = PlatformUtil.RunningOnWindows ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal; foreach (var mapping in _pathMappings) { if (string.Equals(path, mapping.Key, comparison)) { return mapping.Value; } if (path.StartsWith(mapping.Key + Path.DirectorySeparatorChar, comparison) || path.StartsWith(mapping.Key + Path.AltDirectorySeparatorChar, comparison)) { return mapping.Value + path.Remove(0, mapping.Key.Length); } } } return path; } public string TranslateToHostPath(string path) { if (!string.IsNullOrEmpty(path)) { var comparison = PlatformUtil.RunningOnWindows ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal; foreach (var mapping in _pathMappings) { string retval = null; if (string.Equals(path, mapping.Value, comparison)) { retval = mapping.Key; } else if (path.StartsWith(mapping.Value + Path.DirectorySeparatorChar, comparison) || path.StartsWith(mapping.Value + Path.AltDirectorySeparatorChar, comparison)) { retval = mapping.Key + path.Remove(0, mapping.Value.Length); } if (retval != null) { if (PlatformUtil.RunningOnWindows) { retval = retval.Replace("/", "\\"); } else { retval = retval.Replace("\\", "/"); } return retval; } } } return path; } private static Regex translateWindowsDriveRegex = new Regex(@"^([a-zA-Z]):(\\|/)", RegexOptions.Compiled); public string TranslateContainerPathForImageOS(PlatformUtil.OS runningOs, string path) { if (!string.IsNullOrEmpty(path)) { if (runningOs == PlatformUtil.OS.Windows && ImageOS == PlatformUtil.OS.Linux) { return translateWindowsDriveRegex.Replace(path, "/").Replace("\\", "/"); } } return path; } public void AddPortMappings(List portMappings) { ArgUtil.NotNull(portMappings, nameof(portMappings)); foreach (var port in portMappings) { PortMappings.Add(port); } } public void AddPathMappings(Dictionary pathMappings) { ArgUtil.NotNull(pathMappings, nameof(pathMappings)); foreach (var path in pathMappings) { PathMappings.Add(path.Key, path.Value); } } } } ================================================ FILE: src/Agent.Sdk/DockerVersion.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Agent.Sdk { public class DockerVersion { public DockerVersion() { } public DockerVersion(Version serverVersion, Version clientVersion) { this.ServerVersion = serverVersion; this.ClientVersion = clientVersion; } public Version ServerVersion { get; set; } public Version ClientVersion { get; set; } } } ================================================ FILE: src/Agent.Sdk/ExecutionTargetInfo.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Sdk { [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1715: Identifiers should have correct prefix")] public interface ExecutionTargetInfo { PlatformUtil.OS ExecutionOS { get; } string CustomNodePath { get; set; } string ResultNodePath { get; set; } string TranslateContainerPathForImageOS(PlatformUtil.OS runningOs, string path); string TranslateToContainerPath(string path); string TranslateToHostPath(string path); } public class HostInfo : ExecutionTargetInfo { public PlatformUtil.OS ExecutionOS => PlatformUtil.HostOS; public string CustomNodePath { get; set; } public string ResultNodePath { get; set; } public string TranslateToContainerPath(string path) { return path; } public string TranslateToHostPath(string path) { return path; } public string TranslateContainerPathForImageOS(PlatformUtil.OS runningOs, string path) { return path; } } } ================================================ FILE: src/Agent.Sdk/ITraceWriter.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Runtime.CompilerServices; namespace Agent.Sdk { public interface ITraceWriter { void Info(string message, [CallerMemberName] string operation = ""); void Verbose(string message, [CallerMemberName] string operation = ""); } } ================================================ FILE: src/Agent.Sdk/Knob/AgentKnobs.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Sdk.Knob { public class AgentKnobs { // Containers public static readonly Knob PreferPowershellHandlerOnContainers = new Knob( nameof(PreferPowershellHandlerOnContainers), "If true, prefer using the PowerShell handler on Windows containers for tasks that provide both a Node and PowerShell handler version.", new RuntimeKnobSource("agent.preferPowerShellOnContainers"), new EnvironmentKnobSource("AGENT_PREFER_POWERSHELL_ON_CONTAINERS"), new BuiltInDefaultKnobSource("true")); public static readonly Knob SetupDockerGroup = new Knob( nameof(SetupDockerGroup), "If true, allows the user to run docker commands without sudo", new RuntimeKnobSource("VSTS_SETUP_DOCKERGROUP"), new EnvironmentKnobSource("VSTS_SETUP_DOCKERGROUP"), new BuiltInDefaultKnobSource("true")); public static readonly Knob AllowMountTasksReadonlyOnWindows = new Knob( nameof(AllowMountTasksReadonlyOnWindows), "If true, allows the user to mount 'tasks' volume read-only on Windows OS", new RuntimeKnobSource("VSTS_SETUP_ALLOW_MOUNT_TASKS_READONLY"), new EnvironmentKnobSource("VSTS_SETUP_ALLOW_MOUNT_TASKS_READONLY"), new BuiltInDefaultKnobSource("true")); public static readonly Knob SkipPostExeceutionIfTargetContainerStopped = new Knob( nameof(SkipPostExeceutionIfTargetContainerStopped), "If true, skips post-execution step for tasks in case the target container has been stopped", new RuntimeKnobSource("AGENT_SKIP_POST_EXECUTION_IF_CONTAINER_STOPPED"), new EnvironmentKnobSource("AGENT_SKIP_POST_EXECUTION_IF_CONTAINER_STOPPED"), new BuiltInDefaultKnobSource("false")); public static readonly Knob MTUValueForContainerJobs = new Knob( nameof(MTUValueForContainerJobs), "Allow to specify MTU value for networks used by container jobs (useful for docker-in-docker scenarios in k8s cluster).", new EnvironmentKnobSource("AGENT_DOCKER_MTU_VALUE"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob DockerNetworkCreateDriver = new Knob( nameof(DockerNetworkCreateDriver), "Allow to specify which driver will be used when creating docker network", new RuntimeKnobSource("agent.DockerNetworkCreateDriver"), new EnvironmentKnobSource("AZP_AGENT_DOCKER_NETWORK_CREATE_DRIVER"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob DockerAdditionalNetworkOptions = new Knob( nameof(DockerAdditionalNetworkOptions), "Allow to specify additional command line options to 'docker network' command when creating network for new containers", new RuntimeKnobSource("agent.DockerAdditionalNetworkOptions"), new EnvironmentKnobSource("AZP_AGENT_DOCKER_ADDITIONAL_NETWORK_OPTIONS"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob UseHostGroupId = new Knob( nameof(UseHostGroupId), "If true, use the same group ID (GID) as the user on the host on which the agent is running", new RuntimeKnobSource("agent.UseHostGroupId"), new EnvironmentKnobSource("AZP_AGENT_USE_HOST_GROUP_ID"), new BuiltInDefaultKnobSource("true")); public const string DockerActionRetriesVariableName = "VSTSAGENT_DOCKER_ACTION_RETRIES"; public static readonly Knob DockerActionRetries = new Knob( nameof(DockerActionRetries), "When enabled, the agent retries docker steps if failed", new RuntimeKnobSource(DockerActionRetriesVariableName), new EnvironmentKnobSource(DockerActionRetriesVariableName), new BuiltInDefaultKnobSource("false")); // Directory structure public static readonly Knob AgentToolsDirectory = new Knob( nameof(AgentToolsDirectory), "The location to look for/create the agents tool cache", new EnvironmentKnobSource("AGENT_TOOLSDIRECTORY"), new EnvironmentKnobSource("agent.ToolsDirectory"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob OverwriteTemp = new Knob( nameof(OverwriteTemp), "If true, the system temp variable will be overriden to point to the agent's temp directory.", new RuntimeKnobSource("VSTS_OVERWRITE_TEMP"), new EnvironmentKnobSource("VSTS_OVERWRITE_TEMP"), new BuiltInDefaultKnobSource("false")); // Tool configuration public static readonly Knob DisableFetchByCommit = new Knob( nameof(DisableFetchByCommit), "If true and server supports it, fetch the target branch by commit. Otherwise, fetch all branches and pull request ref to get the target branch.", new RuntimeKnobSource("VSTS.DisableFetchByCommit"), new EnvironmentKnobSource("VSTS_DISABLEFETCHBYCOMMIT"), new BuiltInDefaultKnobSource("false")); public static readonly Knob DisableFetchPruneTags = new Knob( nameof(DisableFetchPruneTags), "If true, disable --prune-tags in the fetches.", new RuntimeKnobSource("VSTS.DisableFetchPruneTags"), new EnvironmentKnobSource("VSTS_DISABLEFETCHPRUNETAGS"), new BuiltInDefaultKnobSource("false")); public static readonly Knob PreferGitFromPath = new Knob( nameof(PreferGitFromPath), "Determines which Git we will use on Windows. By default, we prefer the built-in portable git in the agent's externals folder, setting this to true makes the agent find git.exe from %PATH% if possible.", new RuntimeKnobSource("system.prefergitfrompath"), new EnvironmentKnobSource("system.prefergitfrompath"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseGit2_39_4 = new Knob( nameof(UseGit2_39_4), "If true, Git v2.39.4 will be used instead of the default version.", new RuntimeKnobSource("USE_GIT_2_39_4"), new EnvironmentKnobSource("USE_GIT_2_39_4"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseGit2_42_0_2 = new Knob( nameof(UseGit2_42_0_2), "If true, Git v2.42.0.2 will be used instead of the default version.", new RuntimeKnobSource("USE_GIT_2_42_0_2"), new EnvironmentKnobSource("USE_GIT_2_42_0_2"), new BuiltInDefaultKnobSource("false")); public static readonly Knob DisableGitPrompt = new Knob( nameof(DisableGitPrompt), "If true, git will not prompt on the terminal (e.g., when asking for HTTP authentication).", new RuntimeKnobSource("VSTS_DISABLE_GIT_PROMPT"), new EnvironmentKnobSource("VSTS_DISABLE_GIT_PROMPT"), new BuiltInDefaultKnobSource("true")); public static readonly Knob GitUseSecureParameterPassing = new Knob( nameof(GitUseSecureParameterPassing), "If true, don't pass auth token in git parameters", new RuntimeKnobSource("agent.GitUseSecureParameterPassing"), new EnvironmentKnobSource("AGENT_GIT_USE_SECURE_PARAMETER_PASSING"), new BuiltInDefaultKnobSource("true")); public static readonly Knob FixPossibleGitOutOfMemoryProblem = new Knob( nameof(FixPossibleGitOutOfMemoryProblem), "When true, set config git properties to fix possible out of memory problem", new RuntimeKnobSource("FIX_POSSIBLE_GIT_OUT_OF_MEMORY_PROBLEM"), new EnvironmentKnobSource("FIX_POSSIBLE_GIT_OUT_OF_MEMORY_PROBLEM"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseGitLongPaths = new Knob( nameof(UseGitLongPaths), "When true, set core.longpaths to true", new RuntimeKnobSource("USE_GIT_LONG_PATHS"), new EnvironmentKnobSource("USE_GIT_LONG_PATHS"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseGitSingleThread = new Knob( nameof(UseGitSingleThread), "When true, spawn only one thread searching for best delta matches", new RuntimeKnobSource("USE_GIT_SINGLE_THREAD"), new EnvironmentKnobSource("USE_GIT_SINGLE_THREAD"), new BuiltInDefaultKnobSource("false")); public static readonly Knob AgentTerminalEncoding = new Knob( nameof(AgentTerminalEncoding), "If the correct encoding name is specified, the encoding from the environment will be used instead of default UTF-8", new EnvironmentKnobSource("AGENT_TERMINAL_ENCODING"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob TfVCUseSecureParameterPassing = new Knob( nameof(TfVCUseSecureParameterPassing), "If true, don't pass auth token in TFVC parameters", new RuntimeKnobSource("agent.TfVCUseSecureParameterPassing"), new EnvironmentKnobSource("AGENT_TFVC_USE_SECURE_PARAMETER_PASSING"), new BuiltInDefaultKnobSource("true")); public const string QuietCheckoutRuntimeVarName = "agent.source.checkout.quiet"; public const string QuietCheckoutEnvVarName = "AGENT_SOURCE_CHECKOUT_QUIET"; public static readonly Knob QuietCheckout = new Knob( nameof(QuietCheckout), "Aggressively reduce what gets logged to the console when checking out source.", new RuntimeKnobSource(QuietCheckoutRuntimeVarName), new EnvironmentKnobSource(QuietCheckoutEnvVarName), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseNode10 = new Knob( nameof(UseNode10), "Forces the agent to use Node 10 handler for all Node-based tasks", new RuntimeKnobSource("AGENT_USE_NODE10"), new EnvironmentKnobSource("AGENT_USE_NODE10"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseNode20_1 = new Knob( nameof(UseNode20_1), "Forces the agent to use Node 20 handler for all Node-based tasks", new RuntimeKnobSource("AGENT_USE_NODE20_1"), new EnvironmentKnobSource("AGENT_USE_NODE20_1"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseNode20InUnsupportedSystem = new Knob( nameof(UseNode20InUnsupportedSystem), "Forces the agent to use Node 20 handler for all Node-based tasks, even if it's in an unsupported system", new RuntimeKnobSource("AGENT_USE_NODE20_IN_UNSUPPORTED_SYSTEM"), new EnvironmentKnobSource("AGENT_USE_NODE20_IN_UNSUPPORTED_SYSTEM"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseNode24 = new Knob( nameof(UseNode24), "Forces the agent to use Node 24 handler for all Node-based tasks", new PipelineFeatureSource("UseNode24"), new RuntimeKnobSource("AGENT_USE_NODE24"), new EnvironmentKnobSource("AGENT_USE_NODE24"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseNode24InUnsupportedSystem = new Knob( nameof(UseNode24InUnsupportedSystem), "Forces the agent to use Node 24 handler for all Node-based tasks, even if it's in an unsupported system", new PipelineFeatureSource("UseNode24InUnsupportedSystem"), new RuntimeKnobSource("AGENT_USE_NODE24_IN_UNSUPPORTED_SYSTEM"), new EnvironmentKnobSource("AGENT_USE_NODE24_IN_UNSUPPORTED_SYSTEM"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseNode24withHandlerData = new Knob( nameof(UseNode24withHandlerData), "Forces the agent to use Node 24 handler if the task has handler data for it", new PipelineFeatureSource("UseNode24withHandlerData"), new RuntimeKnobSource("AGENT_USE_NODE24_WITH_HANDLER_DATA"), new EnvironmentKnobSource("AGENT_USE_NODE24_WITH_HANDLER_DATA"), new BuiltInDefaultKnobSource("false")); public static readonly Knob FetchByCommitForFullClone = new Knob( nameof(FetchByCommitForFullClone), "If true, allow fetch by commit when doing a full clone (depth=0).", new RuntimeKnobSource("VSTS.FetchByCommitForFullClone"), new EnvironmentKnobSource("VSTS_FETCHBYCOMMITFORFULLCLONE"), new BuiltInDefaultKnobSource("false")); public static readonly Knob DisableAutoManagedVhdShallowOverride = new Knob( nameof(DisableAutoManagedVhdShallowOverride), "If true, the agent will NOT override shallow-fetch settings when an AutoManagedVHD full clone is detected.", new RuntimeKnobSource("VSTS.DisableAutoManagedVhdShallowOverride"), new EnvironmentKnobSource("VSTS_DISABLEAUTOMANAGEDVHD_SHALLOW_OVERRIDE"), new BuiltInDefaultKnobSource("false")); // Agent logging public static readonly Knob AgentPerflog = new Knob( nameof(AgentPerflog), "If set, writes a perf counter trace for the agent. Writes to the location set in this variable.", new EnvironmentKnobSource("VSTS_AGENT_PERFLOG"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob TraceVerbose = new Knob( nameof(TraceVerbose), "If set to anything, trace level will be verbose", new RuntimeKnobSource("VSTSAGENT_TRACE"), new EnvironmentKnobSource("VSTSAGENT_TRACE"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob DebugTask = new Knob( nameof(DebugTask), "If the agent executes a task which ID or name matches the value provided, it will run the task so that it will wait for debugger to attach", new EnvironmentKnobSource("VSTSAGENT_DEBUG_TASK"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob DumpJobEventLogs = new Knob( nameof(DumpJobEventLogs), "If true, dump event viewer logs", new RuntimeKnobSource("VSTSAGENT_DUMP_JOB_EVENT_LOGS"), new EnvironmentKnobSource("VSTSAGENT_DUMP_JOB_EVENT_LOGS"), new BuiltInDefaultKnobSource("false")); public static readonly Knob DisableTestsMetadata = new Knob( nameof(DisableTestsMetadata), "If true, publishing tests metadata to evidence store will be disabled.", new RuntimeKnobSource("AZP_AGENT_DISABLE_TESTS_METADATA"), new EnvironmentKnobSource("AZP_AGENT_DISABLE_TESTS_METADATA"), new BuiltInDefaultKnobSource("false")); // Diag logging public static readonly Knob AgentDiagLogPath = new Knob( nameof(AgentDiagLogPath), "If set to anything, the folder containing the agent diag log will be created here.", new EnvironmentKnobSource("AGENT_DIAGLOGPATH"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob WorkerDiagLogPath = new Knob( nameof(WorkerDiagLogPath), "If set to anything, the folder containing the agent worker diag log will be created here.", new EnvironmentKnobSource("WORKER_DIAGLOGPATH"), new BuiltInDefaultKnobSource(string.Empty)); // Timeouts public static readonly Knob AgentChannelTimeout = new Knob( nameof(AgentChannelTimeout), "Timeout for channel communication between agent listener and worker processes.", new EnvironmentKnobSource("VSTS_AGENT_CHANNEL_TIMEOUT"), new BuiltInDefaultKnobSource("30")); public static readonly Knob AgentDownloadTimeout = new Knob( nameof(AgentDownloadTimeout), "Amount of time in seconds to wait for the agent to download a new version when updating", new EnvironmentKnobSource("AZP_AGENT_DOWNLOAD_TIMEOUT"), new BuiltInDefaultKnobSource("1500")); // 25*60 public static readonly Knob TaskDownloadTimeout = new Knob( nameof(TaskDownloadTimeout), "Amount of time in seconds to wait for the agent to download a task when starting a job", new EnvironmentKnobSource("VSTS_TASK_DOWNLOAD_TIMEOUT"), new BuiltInDefaultKnobSource("1200")); // 20*60 public static readonly Knob TaskDownloadRetryLimit = new Knob( nameof(TaskDownloadRetryLimit), "Attempts to download a task when starting a job", new EnvironmentKnobSource("VSTS_TASK_DOWNLOAD_RETRY_LIMIT"), new BuiltInDefaultKnobSource("3")); public static readonly Knob ProccessSigintTimeout = new Knob( nameof(ProccessSigintTimeout), "Timeout for SIGINT signal during a process cancelation", new RuntimeKnobSource("PROCESS_SIGINT_TIMEOUT"), new EnvironmentKnobSource("PROCESS_SIGINT_TIMEOUT"), new BuiltInDefaultKnobSource("7500")); public static readonly Knob ProccessSigtermTimeout = new Knob( nameof(ProccessSigtermTimeout), "Timeout for SIGTERM signal during a process cancelation", new RuntimeKnobSource("PROCESS_SIGTERM_TIMEOUT"), new EnvironmentKnobSource("PROCESS_SIGTERM_TIMEOUT"), new BuiltInDefaultKnobSource("2500")); public static readonly Knob UseGracefulProcessShutdown = new Knob( nameof(UseGracefulProcessShutdown), "Attemts to use only graceful process shutdown unless hard required", new RuntimeKnobSource("USE_GRACEFUL_PROCESS_SHUTDOWN"), new EnvironmentKnobSource("USE_GRACEFUL_PROCESS_SHUTDOWN"), new BuiltInDefaultKnobSource("false")); // HTTP public const string LegacyHttpVariableName = "AZP_AGENT_USE_LEGACY_HTTP"; public static readonly Knob UseLegacyHttpHandler = new DeprecatedKnob( nameof(UseLegacyHttpHandler), "Use the libcurl-based HTTP handler rather than .NET's native HTTP handler, as we did on .NET Core 2.1", "Legacy http handler will be removed in one of the next agent releases with migration to .Net Core 6. We are highly recommend to not use it.", new EnvironmentKnobSource(LegacyHttpVariableName), new BuiltInDefaultKnobSource("false")); public static readonly Knob HttpRetryCount = new Knob( nameof(HttpRetryCount), "Number of times to retry Http requests", new EnvironmentKnobSource("VSTS_HTTP_RETRY"), new BuiltInDefaultKnobSource("3")); public static readonly Knob EnableProgressiveRetryBackoff = new Knob( nameof(EnableProgressiveRetryBackoff), "If true, enables progressive backoff delays for agent message polling and keep-alive retries when encountering retriable errors", new EnvironmentKnobSource("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF"), new BuiltInDefaultKnobSource("false")); public static readonly Knob HttpTimeout = new Knob( nameof(HttpTimeout), "Timeout for Http requests", new EnvironmentKnobSource("VSTS_HTTP_TIMEOUT"), new BuiltInDefaultKnobSource("100")); public static readonly Knob HttpTrace = new Knob( nameof(HttpTrace), "Enable http trace if true", new RuntimeKnobSource("VSTS_AGENT_HTTPTRACE"), new EnvironmentKnobSource("VSTS_AGENT_HTTPTRACE"), new BuiltInDefaultKnobSource("false")); public static readonly Knob NoProxy = new Knob( nameof(NoProxy), "Proxy bypass list if one exists. Should be comma seperated", new EnvironmentKnobSource("no_proxy"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob ProxyAddress = new Knob( nameof(ProxyAddress), "Proxy server address if one exists", new EnvironmentKnobSource("VSTS_HTTP_PROXY"), new EnvironmentKnobSource("http_proxy"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob ProxyPassword = new SecretKnob( nameof(ProxyPassword), "Proxy password if one exists", new EnvironmentKnobSource("VSTS_HTTP_PROXY_PASSWORD"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob ProxyUsername = new SecretKnob( nameof(ProxyUsername), "Proxy username if one exists", new EnvironmentKnobSource("VSTS_HTTP_PROXY_USERNAME"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob UseBasicAuthForProxy = new Knob( nameof(UseBasicAuthForProxy), "Enable proxy basic authentication to avoid NTLM negotiation issues", new EnvironmentKnobSource("VSTS_HTTP_PROXY_BASICAUTH"), new BuiltInDefaultKnobSource("false")); // Secrets masking public static readonly Knob AllowUnsafeMultilineSecret = new Knob( nameof(AllowUnsafeMultilineSecret), "WARNING: enabling this may allow secrets to leak. Allows multi-line secrets to be set. Unsafe because it is possible for log lines to get dropped in agent failure cases, causing the secret to not get correctly masked. We recommend leaving this option off.", new RuntimeKnobSource("SYSTEM_UNSAFEALLOWMULTILINESECRET"), new EnvironmentKnobSource("SYSTEM_UNSAFEALLOWMULTILINESECRET"), new BuiltInDefaultKnobSource("false")); public static readonly Knob MaskedSecretMinLength = new Knob( nameof(MaskedSecretMinLength), "Specify the length of the secrets, which, if shorter, will be ignored in the logs.", new RuntimeKnobSource("AZP_IGNORE_SECRETS_SHORTER_THAN"), new EnvironmentKnobSource("AZP_IGNORE_SECRETS_SHORTER_THAN"), new BuiltInDefaultKnobSource("0")); // Misc public static readonly Knob EnableIssueSourceValidation = new Knob( nameof(EnableIssueSourceValidation), "When true, enable issue source validation for the task.issue command.", new RuntimeKnobSource("ENABLE_ISSUE_SOURCE_VALIDATION"), new BuiltInDefaultKnobSource("false")); public static readonly Knob DisableAgentDowngrade = new Knob( nameof(DisableAgentDowngrade), "Disable agent downgrades. Upgrades will still be allowed.", new EnvironmentKnobSource("AZP_AGENT_DOWNGRADE_DISABLED"), new BuiltInDefaultKnobSource("false")); public static readonly Knob AcknowledgeNoUpdates = new Knob( nameof(AcknowledgeNoUpdates), "Opt-in to continue using agent without updates on unsopperted OS", new EnvironmentKnobSource("AGENT_ACKNOWLEDGE_NO_UPDATES"), new RuntimeKnobSource("AGENT_ACKNOWLEDGE_NO_UPDATES"), new BuiltInDefaultKnobSource("false")); public static readonly Knob AgentFailOnIncompatibleOS = new Knob( nameof(AgentFailOnIncompatibleOS), "Allow agent to fail pipelines on incompatible OS", new EnvironmentKnobSource("AGENT_FAIL_ON_INCOMPATIBLE_OS"), new RuntimeKnobSource("AGENT_FAIL_ON_INCOMPATIBLE_OS"), new BuiltInDefaultKnobSource("false")); public static readonly Knob OverridePipelineArtifactChunkSize = new Knob( nameof(OverridePipelineArtifactChunkSize), "Overrides the chunk size used in this pipeline for pipeline artifact publish.", new RuntimeKnobSource("OVERRIDE_PIPELINE_ARTIFACT_CHUNKSIZE"), new EnvironmentKnobSource("OVERRIDE_PIPELINE_ARTIFACT_CHUNKSIZE"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob AgentEnablePipelineArtifactLargeChunkSize = new Knob( nameof(AgentEnablePipelineArtifactLargeChunkSize), "Enables large chunk size for pipeline artifacts.", new EnvironmentKnobSource("AGENT_ENABLE_PIPELINEARTIFACT_LARGE_CHUNK_SIZE"), new RuntimeKnobSource("AGENT_ENABLE_PIPELINEARTIFACT_LARGE_CHUNK_SIZE"), new BuiltInDefaultKnobSource("false")); public static readonly Knob PermissionsCheckFailsafe = new Knob( nameof(PermissionsCheckFailsafe), "Maximum depth of file permitted in directory hierarchy when checking permissions. Check to avoid accidentally entering infinite loops.", new EnvironmentKnobSource("AGENT_TEST_VALIDATE_EXECUTE_PERMISSIONS_FAILSAFE"), new BuiltInDefaultKnobSource("100")); public static readonly Knob DisableInputTrimming = new Knob( nameof(DisableInputTrimming), "By default, the agent trims whitespace and new line characters from all task inputs. Setting this to true disables this behavior.", new EnvironmentKnobSource("DISABLE_INPUT_TRIMMING"), new RuntimeKnobSource("DISABLE_INPUT_TRIMMING"), new BuiltInDefaultKnobSource("false")); public static readonly Knob EnableVariableInputTrimming = new Knob( nameof(EnableVariableInputTrimming), "By default, the agent does not trim whitespace and new line characters if an input comes from a variable. Setting this to true enables this behavior.", new EnvironmentKnobSource("AGENT_ENABLE_VARIABLE_INPUT_TRIMMING"), new RuntimeKnobSource("AGENT_ENABLE_VARIABLE_INPUT_TRIMMING"), new BuiltInDefaultKnobSource("false")); public static readonly Knob DecodePercents = new Knob( nameof(DecodePercents), "By default, the agent does not decodes %AZP25 as % which may be needed to allow users to work around reserved values. Setting this to true enables this behavior.", new RuntimeKnobSource("DECODE_PERCENTS"), new EnvironmentKnobSource("DECODE_PERCENTS"), new BuiltInDefaultKnobSource("true")); public static readonly Knob AllowTfvcUnshelveErrors = new Knob( nameof(AllowTfvcUnshelveErrors), "By default, the TFVC unshelve command does not throw errors e.g. when there's no mapping for one or more files shelved. Setting this to true enables this behavior.", new RuntimeKnobSource("ALLOW_TFVC_UNSHELVE_ERRORS"), new EnvironmentKnobSource("ALLOW_TFVC_UNSHELVE_ERRORS"), new BuiltInDefaultKnobSource("false")); public static readonly Knob EnableFCSItemPathFix = new Knob( nameof(EnableFCSItemPathFix), "If true, enable the fix for the path of the item when associating or uploading to the file container server.", new RuntimeKnobSource("ENABLE_FCS_ITEM_PATH_FIX"), new EnvironmentKnobSource("ENABLE_FCS_ITEM_PATH_FIX"), new BuiltInDefaultKnobSource("false")); // Set DISABLE_JAVA_CAPABILITY_HIGHER_THAN_9 variable with any value // to disable recognition of Java higher than 9 public static readonly Knob DisableRecognitionOfJDKHigherThen9 = new Knob( nameof(DisableRecognitionOfJDKHigherThen9), "Recognize JDK and JRE >= 9 installed on the machine as agent capability. Setting any value to DISABLE_JAVA_CAPABILITY_HIGHER_THAN_9 is disabling this behavior", new EnvironmentKnobSource("DISABLE_JAVA_CAPABILITY_HIGHER_THAN_9"), new BuiltInDefaultKnobSource(string.Empty)); // TODO: Added 5/27/21. Please remove within a month or two public static readonly Knob DisableBuildArtifactsToBlob = new Knob( nameof(DisableBuildArtifactsToBlob), "By default, the agent will upload build artifacts to Blobstore. Setting this to true will disable that integration. This variable is temporary and will be removed.", new RuntimeKnobSource("DISABLE_BUILD_ARTIFACTS_TO_BLOB"), new EnvironmentKnobSource("DISABLE_BUILD_ARTIFACTS_TO_BLOB"), new BuiltInDefaultKnobSource("false")); public static readonly Knob SendBuildArtifactsToBlobstoreDomain = new Knob( nameof(SendBuildArtifactsToBlobstoreDomain), "When set, defines the domain to use to send Build artifacts to.", new RuntimeKnobSource("SEND_BUILD_ARTIFACTS_TO_BLOBSTORE_DOMAIN"), new EnvironmentKnobSource("SEND_BUILD_ARTIFACT_ARTIFACTS_TO_BLOBSTORE_DOMAIN"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob SendPipelineArtifactsToBlobstoreDomain = new Knob( nameof(SendPipelineArtifactsToBlobstoreDomain), "When set, defines the domain to use to send Pipeline artifacts to.", new RuntimeKnobSource("SEND_PIPELINE_ARTIFACTS_TO_BLOBSTORE_DOMAIN"), new EnvironmentKnobSource("SEND_PIPELINE_ARTIFACT_ARTIFACTS_TO_BLOBSTORE_DOMAIN"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob SendPipelineCacheToBlobstoreDomain = new Knob( nameof(SendPipelineArtifactsToBlobstoreDomain), "When set, defines the domain to store Pipeline caches.", new RuntimeKnobSource("SEND_PIPELINE_CACHE_TO_BLOBSTORE_DOMAIN"), new EnvironmentKnobSource("SEND_PIPELINE_CACHE_TO_BLOBSTORE_DOMAIN"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob EnableIncompatibleBuildArtifactsPathResolution = new Knob( nameof(EnableIncompatibleBuildArtifactsPathResolution), "Return DownloadBuildArtifactsV1 target path resolution behavior back to how it was originally implemented. This breaks back compatibility with DownloadBuildArtifactsV0.", new RuntimeKnobSource("EnableIncompatibleBuildArtifactsPathResolution"), new EnvironmentKnobSource("EnableIncompatibleBuildArtifactsPathResolution"), new BuiltInDefaultKnobSource("false")); public static readonly Knob DisableAuthenticodeValidation = new Knob( nameof(DisableAuthenticodeValidation), "Disables authenticode validation for agent package during self update. Set this to any non-empty value to disable.", new EnvironmentKnobSource("DISABLE_AUTHENTICODE_VALIDATION"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob DisableHashValidation = new Knob( nameof(DisableHashValidation), "If true, the agent will skip package hash validation during self-updating.", new EnvironmentKnobSource("DISABLE_HASH_VALIDATION"), new BuiltInDefaultKnobSource("false")); public static readonly Knob EnableVSPreReleaseVersions = new Knob( nameof(EnableVSPreReleaseVersions), "If true, the agent will include to seach VisualStudio prerelease versions to capabilities.", new EnvironmentKnobSource("ENABLE_VS_PRERELEASE_VERSIONS"), new BuiltInDefaultKnobSource("false")); public static readonly Knob DisableOverrideTfvcBuildDirectory = new Knob( nameof(DisableOverrideTfvcBuildDirectory), "Disables override of Tfvc build directory name by agentId on hosted agents (one tfvc repo used).", new RuntimeKnobSource("DISABLE_OVERRIDE_TFVC_BUILD_DIRECTORY"), new EnvironmentKnobSource("DISABLE_OVERRIDE_TFVC_BUILD_DIRECTORY"), new BuiltInDefaultKnobSource("false")); /// We need to remove this knob - once Node 6 handler is dropped public static readonly Knob DisableNode6DeprecationWarning = new Knob( nameof(DisableNode6DeprecationWarning), "Disables Node 6 deprecation warnings.", new RuntimeKnobSource("DISABLE_NODE6_DEPRECATION_WARNING"), new EnvironmentKnobSource("DISABLE_NODE6_DEPRECATION_WARNING"), new BuiltInDefaultKnobSource("true")); public static readonly Knob DisableNode6Tasks = new Knob( nameof(DisableNode6Tasks), "Disables Node 6 tasks and Node 6 runner.", new RuntimeKnobSource("AGENT_DISABLE_NODE6_TASKS"), new EnvironmentKnobSource("AGENT_DISABLE_NODE6_TASKS"), new BuiltInDefaultKnobSource("false")); public static readonly Knob EnableEOLNodeVersionPolicy = new Knob( nameof(EnableEOLNodeVersionPolicy), "When enabled, tasks that specify end-of-life Node.js versions (6, 10, 16) will run using a supported Node.js version available on the agent (Node 20.1 or Node 24), ignoring the EOL Node.js version(s) in respective task. An error is thrown if no supported version is available.", new RuntimeKnobSource("AGENT_RESTRICT_EOL_NODE_VERSIONS"), new EnvironmentKnobSource("AGENT_RESTRICT_EOL_NODE_VERSIONS"), new BuiltInDefaultKnobSource("false")); public static readonly Knob DisableTeePluginRemoval = new Knob( nameof(DisableTeePluginRemoval), "Disables removing TEE plugin after using it during checkout.", new RuntimeKnobSource("DISABLE_TEE_PLUGIN_REMOVAL"), new EnvironmentKnobSource("DISABLE_TEE_PLUGIN_REMOVAL"), new BuiltInDefaultKnobSource("false")); public static readonly Knob TeePluginDownloadRetryCount = new Knob( nameof(TeePluginDownloadRetryCount), "Number of times to retry downloading TEE plugin", new RuntimeKnobSource("TEE_PLUGIN_DOWNLOAD_RETRY_COUNT"), new EnvironmentKnobSource("TEE_PLUGIN_DOWNLOAD_RETRY_COUNT"), new BuiltInDefaultKnobSource("3")); public static readonly Knob DumpPackagesVerificationResult = new Knob( nameof(DumpPackagesVerificationResult), "If true, dumps info about invalid MD5 sums of installed packages", new RuntimeKnobSource("VSTSAGENT_DUMP_PACKAGES_VERIFICATION_RESULTS"), new EnvironmentKnobSource("VSTSAGENT_DUMP_PACKAGES_VERIFICATION_RESULTS"), new BuiltInDefaultKnobSource("false")); public const string ContinueAfterCancelProcessTreeKillAttemptVariableName = "VSTSAGENT_CONTINUE_AFTER_CANCEL_PROCESSTREEKILL_ATTEMPT"; public static readonly Knob ContinueAfterCancelProcessTreeKillAttempt = new Knob( nameof(ContinueAfterCancelProcessTreeKillAttempt), "If true, continue cancellation after attempt to KillProcessTree", new RuntimeKnobSource(ContinueAfterCancelProcessTreeKillAttemptVariableName), new EnvironmentKnobSource(ContinueAfterCancelProcessTreeKillAttemptVariableName), new BuiltInDefaultKnobSource("false")); public const string VstsAgentNodeWarningsVariableName = "VSTSAGENT_ENABLE_NODE_WARNINGS"; public static readonly Knob AgentDeprecatedNodeWarnings = new Knob( nameof(AgentDeprecatedNodeWarnings), "If true shows warning on depricated node (6) tasks", new RuntimeKnobSource(VstsAgentNodeWarningsVariableName), new EnvironmentKnobSource(VstsAgentNodeWarningsVariableName), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseNode = new Knob( nameof(UseNode), "Forces the agent to use different version of Node if when configured runner is not available. Possible values: LTS - make agent use latest LTS version of Node; UPGRADE - make agent use next available version of Node", new RuntimeKnobSource("AGENT_USE_NODE"), new EnvironmentKnobSource("AGENT_USE_NODE"), new BuiltInDefaultKnobSource(string.Empty)); public static readonly Knob ProcessHandlerSecureArguments = new Knob( nameof(ProcessHandlerSecureArguments), "Enables passing arguments for process handler secure way", new RuntimeKnobSource("AZP_75787_ENABLE_NEW_LOGIC"), new BuiltInDefaultKnobSource("false")); public static readonly Knob ProcessHandlerSecureArgumentsAudit = new Knob( nameof(ProcessHandlerSecureArguments), "Enables logging of passing arguments for process handler secure way", new RuntimeKnobSource("AZP_75787_ENABLE_NEW_LOGIC_LOG"), new BuiltInDefaultKnobSource("false")); public static readonly Knob ProcessHandlerTelemetry = new Knob( nameof(ProcessHandlerTelemetry), "Enables publishing telemetry about processing of arguments for Process Handler", new RuntimeKnobSource("AZP_75787_ENABLE_COLLECT"), new EnvironmentKnobSource("AZP_75787_ENABLE_COLLECT"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseNewNodeHandlerTelemetry = new Knob( nameof(UseNewNodeHandlerTelemetry), "Enables new approach to publish node handler information to the telemetry", new PipelineFeatureSource("USENEWNODEHANDLERTELEMETRY"), new BuiltInDefaultKnobSource("false")); public static readonly Knob ProcessHandlerEnableNewLogic = new Knob( nameof(ProcessHandlerEnableNewLogic), "Enables new args protect logic for process handler", new RuntimeKnobSource("AZP_75787_ENABLE_NEW_PH_LOGIC"), new EnvironmentKnobSource("AZP_75787_ENABLE_NEW_PH_LOGIC"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseProcessHandlerV2 = new Knob( nameof(UseProcessHandlerV2), "Enables new Process handler (v2)", new PipelineFeatureSource("UseProcessHandlerV2"), new BuiltInDefaultKnobSource("false")); public static readonly Knob DisableDrainQueuesAfterTask = new Knob( nameof(DisableDrainQueuesAfterTask), "Forces the agent to disable draining queues after each task", new RuntimeKnobSource("AGENT_DISABLE_DRAIN_QUEUES_AFTER_TASK"), new EnvironmentKnobSource("AGENT_DISABLE_DRAIN_QUEUES_AFTER_TASK"), new BuiltInDefaultKnobSource("false")); public static readonly Knob EnableImmediateTimelineRecordUpdates = new Knob( nameof(EnableImmediateTimelineRecordUpdates), "If true, timeline record updates will be sent immediately to the server instead of being queued", new PipelineFeatureSource("EnableImmediateTimelineRecordUpdates"), new RuntimeKnobSource("AGENT_ENABLE_IMMEDIATE_TIMELINE_RECORD_UPDATES"), new EnvironmentKnobSource("AGENT_ENABLE_IMMEDIATE_TIMELINE_RECORD_UPDATES"), new BuiltInDefaultKnobSource("false")); public static readonly Knob EnableResourceMonitorDebugOutput = new Knob( nameof(EnableResourceMonitorDebugOutput), "If true, the agent will show the resource monitor output for debug runs", new RuntimeKnobSource("AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT"), new EnvironmentKnobSource("AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT"), new BuiltInDefaultKnobSource("false")); public static readonly Knob EnableResourceUtilizationWarnings = new Knob( nameof(EnableResourceUtilizationWarnings), "If true, the agent will throw the resource utilization warnings", new RuntimeKnobSource("AZP_ENABLE_RESOURCE_UTILIZATION_WARNINGS"), new EnvironmentKnobSource("AZP_ENABLE_RESOURCE_UTILIZATION_WARNINGS"), new BuiltInDefaultKnobSource("false")); public static readonly Knob ForceCreateTasksDirectory = new Knob( nameof(ForceCreateTasksDirectory), "Forces the agent to create _tasks folder for tasks.", new RuntimeKnobSource("AGENT_FORCE_CREATE_TASKS_DIRECTORY"), new EnvironmentKnobSource("AGENT_FORCE_CREATE_TASKS_DIRECTORY"), new BuiltInDefaultKnobSource("false")); public static readonly Knob CleanupPSModules = new Knob( nameof(CleanupPSModules), "Removes the PSModulePath environment variable if the agent is running in PowerShell.", new RuntimeKnobSource("AZP_AGENT_CLEANUP_PSMODULES_IN_POWERSHELL"), new EnvironmentKnobSource("AZP_AGENT_CLEANUP_PSMODULES_IN_POWERSHELL"), new BuiltInDefaultKnobSource("false")); public static readonly Knob DisableCleanRepoDefaultValue = new DeprecatedKnob( nameof(DisableCleanRepoDefaultValue), "Avoid to set default value if build.repository.clean variable is not set on Trigger Yaml UI or in checkout steps yaml config", new EnvironmentKnobSource("AGENT_DISABLE_CLEAN_REPO_DEFAULT_VALUE"), new BuiltInDefaultKnobSource("false")); public static readonly Knob IgnoreVSTSTaskLib = new Knob( nameof(IgnoreVSTSTaskLib), "Ignores the VSTSTaskLib folder when copying tasks.", new RuntimeKnobSource("AZP_AGENT_IGNORE_VSTSTASKLIB"), new EnvironmentKnobSource("AZP_AGENT_IGNORE_VSTSTASKLIB"), new BuiltInDefaultKnobSource("false")); public static readonly Knob FailJobWhenAgentDies = new Knob( nameof(FailJobWhenAgentDies), "Mark the Job as Failed instead of Canceled when the Agent dies due to User Cancellation or Shutdown", new RuntimeKnobSource("FAIL_JOB_WHEN_AGENT_DIES"), new EnvironmentKnobSource("FAIL_JOB_WHEN_AGENT_DIES"), new BuiltInDefaultKnobSource("false")); public static readonly Knob EnhancedWorkerCrashHandling = new Knob( nameof(EnhancedWorkerCrashHandling), "If true, enables enhanced worker crash handling with forced completion for Plan v8+ scenarios where worker crashes cannot send completion events", new EnvironmentKnobSource("AZP_ENHANCED_WORKER_CRASH_HANDLING"), new BuiltInDefaultKnobSource("false")); public static readonly Knob AllowWorkDirectoryRepositories = new Knob( nameof(AllowWorkDirectoryRepositories), "Allows repositories to be checked out below work directory level on self hosted agents.", new RuntimeKnobSource("AZP_AGENT_ALLOW_WORK_DIRECTORY_REPOSITORIES"), new EnvironmentKnobSource("AZP_AGENT_ALLOW_WORK_DIRECTORY_REPOSITORIES"), new BuiltInDefaultKnobSource("false")); public static readonly Knob CheckForTaskDeprecation = new Knob( nameof(CheckForTaskDeprecation), "If true, the agent will check in the 'Initialize job' step each task used in the job for task deprecation.", new RuntimeKnobSource("AZP_AGENT_CHECK_FOR_TASK_DEPRECATION"), new BuiltInDefaultKnobSource("false")); public static readonly Knob CheckIfTaskNodeRunnerIsDeprecated246 = new Knob( nameof(CheckIfTaskNodeRunnerIsDeprecated246), "If true, the agent will check in the 'Initialize job' step each task used in the job if this task has node handlers, and all of them are deprecated.", new RuntimeKnobSource("AZP_AGENT_CHECK_IF_TASK_NODE_RUNNER_IS_DEPRECATED_246"), new PipelineFeatureSource("CheckIfTaskNodeRunnerIsDeprecated246"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseNode20ToStartContainer = new Knob( nameof(UseNode20ToStartContainer), "If true, the agent will use Node 20 to start docker container when executing container job and the container platform is the same as the host platform.", new PipelineFeatureSource("UseNode20ToStartContainer"), new RuntimeKnobSource("AZP_AGENT_USE_NODE20_TO_START_CONTAINER"), new EnvironmentKnobSource("AZP_AGENT_USE_NODE20_TO_START_CONTAINER"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseNode24ToStartContainer = new Knob( nameof(UseNode24ToStartContainer), "If true, try to start container job using Node24, then fallback to Node20, then Node16.", new PipelineFeatureSource("UseNode24ToStartContainer"), new RuntimeKnobSource("AZP_AGENT_USE_NODE24_TO_START_CONTAINER"), new EnvironmentKnobSource("AZP_AGENT_USE_NODE24_TO_START_CONTAINER"), new BuiltInDefaultKnobSource("false")); public static readonly Knob EnableNewMaskerAndRegexes = new Knob( nameof(EnableNewMaskerAndRegexes), "If true, the agent will use new SecretMasker with additional filters & performance enhancements", new EnvironmentKnobSource("AZP_ENABLE_NEW_MASKER_AND_REGEXES"), new BuiltInDefaultKnobSource("false")); public static readonly Knob EnableTimeoutLogFlushing = new Knob( nameof(EnableTimeoutLogFlushing), "If true, enables timeout log flushing where worker gets 1 minute to flush logs after job timeout before force kill.", new PipelineFeatureSource("EnableTimeoutLogFlushing"), new RuntimeKnobSource("AZP_ENABLE_TIMEOUT_LOG_FLUSHING"), new EnvironmentKnobSource("AZP_ENABLE_TIMEOUT_LOG_FLUSHING"), new BuiltInDefaultKnobSource("false")); public static readonly Knob SendSecretMaskerTelemetry = new Knob( nameof(SendSecretMaskerTelemetry), "If true, the agent will send telemetry about secret masking", new RuntimeKnobSource("AZP_SEND_SECRET_MASKER_TELEMETRY"), new EnvironmentKnobSource("AZP_SEND_SECRET_MASKER_TELEMETRY"), new BuiltInDefaultKnobSource("false")); public static readonly Knob AddDockerInitOption = new Knob( nameof(AddDockerInitOption), "If true, the agent will create docker container with the --init option.", new RuntimeKnobSource("AZP_AGENT_DOCKER_INIT_OPTION"), new EnvironmentKnobSource("AZP_AGENT_DOCKER_INIT_OPTION"), new BuiltInDefaultKnobSource("false")); public static readonly Knob LogTaskNameInUserAgent = new Knob( nameof(LogTaskNameInUserAgent), "If true, agent will log the task name in user agent.", new RuntimeKnobSource("AZP_AGENT_LOG_TASKNAME_IN_USERAGENT"), new EnvironmentKnobSource("AZP_AGENT_LOG_TASKNAME_IN_USERAGENT"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseFetchFilterInCheckoutTask = new Knob( nameof(UseFetchFilterInCheckoutTask), "If true, agent will use fetch filter in checkout task.", new RuntimeKnobSource("AGENT_USE_FETCH_FILTER_IN_CHECKOUT_TASK"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseFetchFilterInGitSubmoduleUpdate = new Knob( nameof(UseFetchFilterInGitSubmoduleUpdate), "If true, agent will pass fetch filter options in checkout task to git submodule update.", new PipelineFeatureSource("UseFetchFilterInGitSubmoduleUpdate"), new RuntimeKnobSource("AGENT_USE_FETCH_FILTER_IN_GIT_SUBMODULE_UPDATE"), new EnvironmentKnobSource("AGENT_USE_FETCH_FILTER_IN_GIT_SUBMODULE_UPDATE"), new BuiltInDefaultKnobSource("false")); public static readonly Knob StoreAgentKeyInCSPContainer = new Knob( nameof(StoreAgentKeyInCSPContainer), "Store agent key in named container (Windows).", new EnvironmentKnobSource("STORE_AGENT_KEY_IN_CSP_CONTAINER"), new BuiltInDefaultKnobSource("false")); public static readonly Knob AgentKeyUseCng = new Knob( nameof(AgentKeyUseCng), "Use CNG API to store agent key. Note: Uses Private User Storage", new EnvironmentKnobSource("AGENT_KEY_USE_CNG"), new BuiltInDefaultKnobSource("false")); public static readonly Knob RsaKeyGetConfigFromFF = new Knob( nameof(RsaKeyGetConfigFromFF), "Get config from FF.", new EnvironmentKnobSource("RSAKEYGETCONFIGFROMFF"), new BuiltInDefaultKnobSource("false")); public static readonly Knob DisableResourceUtilizationWarnings = new Knob( nameof(DisableResourceUtilizationWarnings), "If true, agent will not throw warnings related to high resource utilization", new RuntimeKnobSource("DISABLE_RESOURCE_UTILIZATION_WARNINGS"), new EnvironmentKnobSource("DISABLE_RESOURCE_UTILIZATION_WARNINGS"), new BuiltInDefaultKnobSource("false")); public static readonly Knob Rosetta2Warning = new Knob( nameof(Rosetta2Warning), "Log warning when X64 Agent is used on a Apple Silicon device.", new RuntimeKnobSource("ROSETTA2_WARNING"), new EnvironmentKnobSource("ROSETTA2_WARNING"), new PipelineFeatureSource("Rosetta2Warning"), new BuiltInDefaultKnobSource("false")); public static readonly Knob CheckPsModulesLocations = new Knob( nameof(CheckPsModulesLocations), "Checks if the PSModulePath environment variable contains locations specific to PowerShell Core.", new RuntimeKnobSource("DistributedTask.Agent.CheckPsModulesLocations"), new EnvironmentKnobSource("AZP_AGENT_CHECK_PSMODULES_LOCATIONS"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseDockerStdinPasswordOnWindows = new Knob( nameof(UseDockerStdinPasswordOnWindows), "If true, use --password-stdin for docker login on Windows.", new RuntimeKnobSource("AZP_AGENT_USE_DOCKER_STDIN_PASSWORD_WINDOWS"), new PipelineFeatureSource("UseDockerStdinPasswordOnWindows"), new BuiltInDefaultKnobSource("false")); public static readonly Knob Net8UnsupportedOsWarning = new Knob( nameof(Net8UnsupportedOsWarning), "Show warning message on the OS which is not supported by .NET 8", new PipelineFeatureSource("Net8UnsupportedOsWarning"), new BuiltInDefaultKnobSource("true")); public static readonly Knob DisableUnsupportedOsWarningNet10 = new Knob( nameof(DisableUnsupportedOsWarningNet10), "Show warning message on the OS which is not supported by .NET 10", new PipelineFeatureSource("DisableUnsupportedOsWarningNet10"), new BuiltInDefaultKnobSource("true")); public static readonly Knob UsePSScriptWrapper = new Knob( nameof(UsePSScriptWrapper), "Use PowerShell script wrapper to handle PowerShell ConstrainedLanguage mode.", new PipelineFeatureSource("UsePSScriptWrapper"), new BuiltInDefaultKnobSource("false")); public static readonly Knob AddForceCredentialsToGitCheckout = new Knob( nameof(AddForceCredentialsToGitCheckout), "If true, the credentials will be forcibly added to the Git checkout command.", new RuntimeKnobSource("ADD_FORCE_CREDENTIALS_TO_GIT_CHECKOUT"), new PipelineFeatureSource(nameof(AddForceCredentialsToGitCheckout)), new BuiltInDefaultKnobSource("false")); public static readonly Knob AddForceCredentialsToGitCheckoutEnhanced = new Knob( nameof(AddForceCredentialsToGitCheckoutEnhanced), "If true, the credentials will be added to Git checkout for partial clones with enhanced detection including promisor remote config.", new RuntimeKnobSource("ADD_FORCE_CREDENTIALS_TO_GIT_CHECKOUT_ENHANCED"), new PipelineFeatureSource(nameof(AddForceCredentialsToGitCheckoutEnhanced)), new BuiltInDefaultKnobSource("false")); public static readonly Knob InstallLegacyTfExe = new Knob( nameof(InstallLegacyTfExe), "If true, the agent will install the legacy versions of TF, vstsom and vstshost", new RuntimeKnobSource("AGENT_INSTALL_LEGACY_TF_EXE"), new EnvironmentKnobSource("AGENT_INSTALL_LEGACY_TF_EXE"), new PipelineFeatureSource("InstallLegacyTfExe"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseLatestTfExe = new Knob( nameof(UseLatestTfExe), "If true, the agent will use the latest versions of TF, vstsom", new RuntimeKnobSource("AGENT_USE_LATEST_TF_EXE"), new EnvironmentKnobSource("AGENT_USE_LATEST_TF_EXE"), new PipelineFeatureSource("UseLatestTfExe"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseSparseCheckoutInCheckoutTask = new Knob( nameof(UseSparseCheckoutInCheckoutTask), "If true, agent will use sparse checkout in checkout task.", new RuntimeKnobSource("AGENT_USE_SPARSE_CHECKOUT_IN_CHECKOUT_TASK"), new BuiltInDefaultKnobSource("false")); // Artifact associate timeout for pipeline artifact. public static readonly Knob ArtifactAssociateTimeout = new Knob( nameof(ArtifactAssociateTimeout), "Timeout for channel communication between agent listener and worker processes.", new EnvironmentKnobSource("PIPELINE_ARTIFACT_ASSOCIATE_TIMEOUT"), new BuiltInDefaultKnobSource("900")); // 15 * 60 - Setting the timeout to 15 minutes to account for slowness from azure storage and retries. public static readonly Knob AgentCDNConnectivityFailWarning = new Knob( nameof(AgentCDNConnectivityFailWarning), "Show warning message when the Agent CDN Endpoint (download.agent.dev.azure.com) is not reachable. ", new RuntimeKnobSource("AGENT_CDN_CONNECTIVITY_FAIL_WARNING"), new EnvironmentKnobSource("AGENT_CDN_CONNECTIVITY_FAIL_WARNING"), new PipelineFeatureSource("AgentCDNConnectivityFailWarning"), new BuiltInDefaultKnobSource("false")); public static readonly Knob CheckBeforeRetryDockerStart = new Knob( nameof(CheckBeforeRetryDockerStart), "If true, the agent will check if container is running before retrying a Docker start command.", new PipelineFeatureSource("CheckBeforeRetryDockerStart"), new EnvironmentKnobSource("AGENT_CHECK_BEFORE_RETRY_DOCKER_START"), new BuiltInDefaultKnobSource("false")); // Enhanced Logging public static readonly Knob UseEnhancedLogging = new Knob( nameof(UseEnhancedLogging), "If true, use structured enhanced logging format with timestamps, components, and operations", new EnvironmentKnobSource("AZP_USE_ENHANCED_LOGGING"), new BuiltInDefaultKnobSource("false")); public static readonly Knob EnableEnhancedContainerDiagnostics = new Knob( nameof(EnableEnhancedContainerDiagnostics), "When enabled, uses ContainerOperationProviderEnhanced with detailed tracing and duration logging for container operations", new PipelineFeatureSource("EnableEnhancedContainerDiagnostics"), new EnvironmentKnobSource("AGENT_ENABLE_ENHANCED_CONTAINER_LOGGING"), new BuiltInDefaultKnobSource("false")); public static readonly Knob EnableDockerExecDiagnostics = new Knob( nameof(EnableDockerExecDiagnostics), "If true, collect and report comprehensive diagnostics when docker exec commands fail, including container state, resource limits, logs, and platform-specific analysis.", new PipelineFeatureSource("EnableDockerExecDiagnostics"), new EnvironmentKnobSource("AGENT_ENABLE_DOCKER_EXEC_DIAGNOSTICS"), new BuiltInDefaultKnobSource("false")); public static readonly Knob UseNodeVersionStrategy = new Knob( nameof(UseNodeVersionStrategy), "If true, use the strategy pattern for Node.js version selection (both host and container). This provides centralized node selection logic with EOL policy enforcement. Set to false to use legacy node selection logic.", new PipelineFeatureSource("UseNodeVersionStrategy"), new RuntimeKnobSource("AGENT_USE_NODE_STRATEGY"), new EnvironmentKnobSource("AGENT_USE_NODE_STRATEGY"), new BuiltInDefaultKnobSource("false")); } } ================================================ FILE: src/Agent.Sdk/Knob/BuiltInDefaultKnobSource.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Sdk.Knob { public class BuiltInDefaultKnobSource : IKnobSource { private string _value; public BuiltInDefaultKnobSource(string value) { _value = value; } public KnobValue GetValue(IKnobValueContext context) { return new KnobValue(_value, this); } public string GetDisplayString() { return "Default"; } } } ================================================ FILE: src/Agent.Sdk/Knob/CompositeKnobSource.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Agent.Sdk.Knob { public class CompositeKnobSource : ICompositeKnobSource { private IKnobSource[] _sources; public CompositeKnobSource(params IKnobSource[] sources) { _sources = sources; } public KnobValue GetValue(IKnobValueContext context) { foreach (var source in _sources) { var value = source.GetValue(context); if (!(value is null)) { return value; } } return null; } /// /// Returns knob value by specific source type /// /// Returns knob value if it's found in knob sources, otherwise returns null public KnobValue GetValue(IKnobValueContext context) { foreach (var source in _sources) { if (source.GetType() == typeof(T)) { return source.GetValue(context); } } return null; } public string GetDisplayString() { var strings = new List(); foreach (var source in _sources) { strings.Add(source.GetDisplayString()); } return string.Join(", ", strings); } /// /// Returns true if object has source with type EnvironmentKnobSource and provided name /// /// Name to check /// Returns true if source exists with this type and name public bool HasSourceWithTypeEnvironmentByName(string name) { foreach (var source in _sources) { if (source is EnvironmentKnobSource) { var envName = (source as IEnvironmentKnobSource).GetEnvironmentVariableName(); if (String.Equals(envName, name, StringComparison.OrdinalIgnoreCase)) { return true; } } } return false; } } } ================================================ FILE: src/Agent.Sdk/Knob/EnvironmentKnobSource.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Sdk.Knob { public class EnvironmentKnobSource : IEnvironmentKnobSource { private string _envVar; public EnvironmentKnobSource(string envVar) { _envVar = envVar; } public KnobValue GetValue(IKnobValueContext context) { ArgUtil.NotNull(context, nameof(context)); var scopedEnvironment = context.GetScopedEnvironment(); var value = scopedEnvironment.GetEnvironmentVariable(_envVar); if (!string.IsNullOrEmpty(value)) { return new KnobValue(value, this); } return null; } public string GetDisplayString() { return $"${{{_envVar}}}"; } public string GetEnvironmentVariableName() { return _envVar; } } } ================================================ FILE: src/Agent.Sdk/Knob/ICompositeKnobSource.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Sdk.Knob { public interface ICompositeKnobSource : IKnobSource { bool HasSourceWithTypeEnvironmentByName(string name); KnobValue GetValue(IKnobValueContext context); } } ================================================ FILE: src/Agent.Sdk/Knob/IEnvironmentKnobSource.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Sdk.Knob { public interface IEnvironmentKnobSource : IKnobSource { string GetEnvironmentVariableName(); } } ================================================ FILE: src/Agent.Sdk/Knob/IKnobSource.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Sdk.Knob { public interface IKnobSource { KnobValue GetValue(IKnobValueContext context); string GetDisplayString(); } } ================================================ FILE: src/Agent.Sdk/Knob/IKnobValueContext.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Sdk.Knob { public interface IKnobValueContext { string GetVariableValueOrDefault(string variableName); IScopedEnvironment GetScopedEnvironment(); } } ================================================ FILE: src/Agent.Sdk/Knob/Knob.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Reflection; using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Sdk.Knob { public class DeprecatedKnob : Knob { public override bool IsDeprecated => true; public string DeprecationInfo; public DeprecatedKnob(string name, string description, params IKnobSource[] sources) : base(name, description, sources) { DeprecationInfo = ""; } public DeprecatedKnob(string name, string description, string deprecationInfo, params IKnobSource[] sources) : base(name, description, sources) { DeprecationInfo = deprecationInfo; } } public class ExperimentalKnob : Knob { public override bool IsExperimental => true; public ExperimentalKnob(string name, string description, params IKnobSource[] sources) : base(name, description, sources) { } } public class SecretKnob : Knob { public SecretKnob(string name, string description, params IKnobSource[] sources) : base(name, description, sources) { } } public class Knob { public string Name { get; private set; } public ICompositeKnobSource Source { get; private set; } public string Description { get; private set; } public virtual bool IsDeprecated => false; // is going away at a future date public virtual bool IsExperimental => false; // may go away at a future date public Knob(string name, string description, params IKnobSource[] sources) { Name = name; Description = description; Source = new CompositeKnobSource(sources); } public Knob() { } public KnobValue GetValue(IKnobValueContext context) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(Source, nameof(Source)); return Source.GetValue(context); } public KnobValue GetValue(IKnobValueContext context) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(Source, nameof(Source)); return Source.GetValue(context); } public static List GetAllKnobsFor() { Type type = typeof(T); List allKnobs = new List(); foreach (var info in type.GetFields(BindingFlags.Public | BindingFlags.Static | BindingFlags.DeclaredOnly)) { var instance = new Knob(); var locatedValue = info.GetValue(instance) as Knob; if (locatedValue != null) { allKnobs.Add(locatedValue); } } return allKnobs; } } } ================================================ FILE: src/Agent.Sdk/Knob/KnobValue.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Sdk.Knob { public class KnobValue { public IKnobSource Source { get; private set; } private string _value; public KnobValue(string value, IKnobSource source) { _value = value; Source = source; } public string AsString() { return _value; } public bool AsBoolean() { return StringUtil.ConvertToBoolean(_value); } public bool AsBooleanStrict() { return StringUtil.ConvertToBooleanStrict(_value); } public int AsInt() { return Int32.Parse(_value); } } } ================================================ FILE: src/Agent.Sdk/Knob/PipelineFeatureSource.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Sdk.Knob; /// /// Wrapper knob source for runtime feature flags. /// public class PipelineFeatureSource : RuntimeKnobSource { public PipelineFeatureSource(string featureName) : base($"DistributedTask.Agent.{featureName}") { } } ================================================ FILE: src/Agent.Sdk/Knob/RuntimeKnobSource.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Sdk.Knob { public class RuntimeKnobSource : IKnobSource { private readonly string _runTimeVar; public RuntimeKnobSource(string runTimeVar) { _runTimeVar = runTimeVar; } public KnobValue GetValue(IKnobValueContext context) { ArgUtil.NotNull(context, nameof(context)); string value = null; try { value = context.GetVariableValueOrDefault(_runTimeVar); } catch (NotSupportedException) { throw new NotSupportedException($"{GetType().Name} not supported for context type {context.GetType()}"); } if (!string.IsNullOrEmpty(value)) { return new KnobValue(value, this); } return null; } public string GetDisplayString() { return $"$({_runTimeVar})"; } } } ================================================ FILE: src/Agent.Sdk/LogPlugin.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.Linq; using System.Net.Http; using System.Net.Http.Headers; using System.Runtime.InteropServices; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Newtonsoft.Json; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Agent.Sdk { [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1716: Identifiers should not match keywords")] public interface IAgentLogPlugin { // Short meaningful name for the plugin. // Any outputs from the pluging will be prefixed with the name. string FriendlyName { get; } // Get call when plugin host load up all plugins for the first time. // return `False` will tells the plugin host not longer forward log line to the plugin Task InitializeAsync(IAgentLogPluginContext context); // Get called by plugin host on every log line. Task ProcessLineAsync(IAgentLogPluginContext context, Pipelines.TaskStepDefinitionReference step, string line); // Get called by plugin host when all step execute finish. Task FinalizeAsync(IAgentLogPluginContext context); } public interface IAgentLogPluginTrace { // agent log void Trace(string message); // user log (job log) void Output(string message); } public interface IAgentLogPluginContext { // default SystemConnection back to service use the job oauth token VssConnection VssConnection { get; } // task info for all steps IList Steps { get; } // all endpoints IList Endpoints { get; } // all repositories IList Repositories { get; } // all variables IDictionary Variables { get; } // agent log void Trace(string message); // user log (job log) void Output(string message); } public class AgentLogPluginTrace : IAgentLogPluginTrace { // agent log public void Trace(string message) { Console.WriteLine($"##[plugin.trace]{message}"); } // user log (job log) public void Output(string message) { Console.WriteLine(message); } } public class AgentLogPluginContext : IAgentLogPluginContext { private string _pluginName; private IAgentLogPluginTrace _trace; // default SystemConnection back to service use the job oauth token public VssConnection VssConnection { get; } // task info for all steps public IList Steps { get; } // all endpoints public IList Endpoints { get; } // all repositories public IList Repositories { get; } // all variables public IDictionary Variables { get; } public AgentLogPluginContext( string pluginNme, VssConnection connection, IList steps, IList endpoints, IList repositories, IDictionary variables, IAgentLogPluginTrace trace) { _pluginName = pluginNme; VssConnection = connection; Steps = steps; Endpoints = endpoints; Repositories = repositories; Variables = variables; _trace = trace; } // agent log public void Trace(string message) { _trace.Trace($"{_pluginName}: {message}"); } // user log (job log) public void Output(string message) { _trace.Output($"{_pluginName}: {message}"); } } public class AgentLogPluginHostContext { private VssConnection _connection; public List PluginAssemblies { get; set; } public List Endpoints { get; set; } public List Repositories { get; set; } public Dictionary Variables { get; set; } public Dictionary Steps { get; set; } public AgentWebProxySettings WebProxySettings { get; private set; } [JsonIgnore] public VssConnection VssConnection { get { if (_connection == null) { _connection = InitializeVssConnection(); } return _connection; } } private VssConnection InitializeVssConnection() { var headerValues = new List(); headerValues.Add(new ProductInfoHeaderValue($"VstsAgentCore-Plugin", Variables.GetValueOrDefault("agent.version")?.Value ?? "Unknown")); headerValues.Add(new ProductInfoHeaderValue($"({RuntimeInformation.OSDescription.Trim()})")); if (VssClientHttpRequestSettings.Default.UserAgent != null && VssClientHttpRequestSettings.Default.UserAgent.Count > 0) { headerValues.AddRange(VssClientHttpRequestSettings.Default.UserAgent); } VssClientHttpRequestSettings.Default.UserAgent = headerValues; var certSetting = GetCertConfiguration(); if (certSetting != null) { if (!string.IsNullOrEmpty(certSetting.ClientCertificateArchiveFile)) { VssClientHttpRequestSettings.Default.ClientCertificateManager = new AgentClientCertificateManager(certSetting.ClientCertificateArchiveFile, certSetting.ClientCertificatePassword); } if (certSetting.SkipServerCertificateValidation) { VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; } } WebProxySettings = GetProxyConfiguration(); if (WebProxySettings != null) { if (!string.IsNullOrEmpty(WebProxySettings.ProxyAddress)) { VssHttpMessageHandler.DefaultWebProxy = new AgentWebProxy(WebProxySettings.ProxyAddress, WebProxySettings.ProxyUsername, WebProxySettings.ProxyPassword, WebProxySettings.ProxyBypassList, WebProxySettings.UseBasicAuthForProxy); } } ServiceEndpoint systemConnection = this.Endpoints.FirstOrDefault(e => string.Equals(e.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); ArgUtil.NotNull(systemConnection, nameof(systemConnection)); ArgUtil.NotNull(systemConnection.Url, nameof(systemConnection.Url)); VssCredentials credentials = VssUtil.GetVssCredential(systemConnection); ArgUtil.NotNull(credentials, nameof(credentials)); return VssUtil.CreateConnection(systemConnection.Url, credentials, trace: null); } private AgentCertificateSettings GetCertConfiguration() { bool skipCertValidation = StringUtil.ConvertToBoolean(this.Variables.GetValueOrDefault("Agent.SkipCertValidation")?.Value); string caFile = this.Variables.GetValueOrDefault("Agent.CAInfo")?.Value; string clientCertFile = this.Variables.GetValueOrDefault("Agent.ClientCert")?.Value; if (!string.IsNullOrEmpty(caFile) || !string.IsNullOrEmpty(clientCertFile) || skipCertValidation) { var certConfig = new AgentCertificateSettings(); certConfig.SkipServerCertificateValidation = skipCertValidation; certConfig.CACertificateFile = caFile; if (!string.IsNullOrEmpty(clientCertFile)) { certConfig.ClientCertificateFile = clientCertFile; string clientCertKey = this.Variables.GetValueOrDefault("Agent.ClientCertKey")?.Value; string clientCertArchive = this.Variables.GetValueOrDefault("Agent.ClientCertArchive")?.Value; string clientCertPassword = this.Variables.GetValueOrDefault("Agent.ClientCertPassword")?.Value; certConfig.ClientCertificatePrivateKeyFile = clientCertKey; certConfig.ClientCertificateArchiveFile = clientCertArchive; certConfig.ClientCertificatePassword = clientCertPassword; certConfig.VssClientCertificateManager = new AgentClientCertificateManager(clientCertArchive, clientCertPassword); } return certConfig; } else { return null; } } private AgentWebProxySettings GetProxyConfiguration() { string proxyUrl = this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentProxyUrlKey)?.Value; if (!string.IsNullOrEmpty(proxyUrl)) { string proxyUsername = this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentProxyUsernameKey)?.Value; string proxyPassword = this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentProxyPasswordKey)?.Value; List proxyBypassHosts = StringUtil.ConvertFromJson>(this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentProxyBypassListKey)?.Value ?? "[]"); bool useBasicAuthForProxy = StringUtil.ConvertToBoolean(this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentUseBasicAuthForProxyKey)?.Value); return new AgentWebProxySettings() { ProxyAddress = proxyUrl, ProxyUsername = proxyUsername, ProxyPassword = proxyPassword, ProxyBypassList = proxyBypassHosts, UseBasicAuthForProxy = useBasicAuthForProxy, WebProxy = new AgentWebProxy(proxyUrl, proxyUsername, proxyPassword, proxyBypassHosts, useBasicAuthForProxy) }; } else { return null; } } } public class AgentLogPluginHost { private readonly TaskCompletionSource _jobFinished = new TaskCompletionSource(); private readonly Dictionary> _outputQueue = new Dictionary>(); private readonly Dictionary _pluginContexts = new Dictionary(); private readonly Dictionary> _shortCircuited = new Dictionary>(); private Dictionary _steps; private List _plugins; private IAgentLogPluginTrace _trace; private int _shortCircuitThreshold; private int _shortCircuitMonitorFrequency; public Dictionary PluginContexts { get => _pluginContexts; } public AgentLogPluginHost( AgentLogPluginHostContext hostContext, List plugins, IAgentLogPluginTrace trace = null, int shortCircuitThreshold = 1000, // output queue depth >= 1000 lines int shortCircuitMonitorFrequency = 10000) // check all output queues every 10 sec { ArgUtil.NotNull(plugins, nameof(plugins)); ArgUtil.NotNull(hostContext, nameof(hostContext)); _steps = hostContext.Steps; _plugins = plugins; _trace = trace ?? new AgentLogPluginTrace(); _shortCircuitThreshold = shortCircuitThreshold; _shortCircuitMonitorFrequency = shortCircuitMonitorFrequency; foreach (var plugin in _plugins) { string typeName = plugin.GetType().FullName; _outputQueue[typeName] = new ConcurrentQueue(); _pluginContexts[typeName] = new AgentLogPluginContext(plugin.FriendlyName, hostContext.VssConnection, hostContext.Steps.Values.ToList(), hostContext.Endpoints, hostContext.Repositories, hostContext.Variables, _trace); _shortCircuited[typeName] = new TaskCompletionSource(); } } public async Task Run() { using (CancellationTokenSource tokenSource = new CancellationTokenSource()) using (CancellationTokenSource monitorSource = new CancellationTokenSource()) { Task memoryUsageMonitor = StartMemoryUsageMonitor(monitorSource.Token); Dictionary processTasks = new Dictionary(); foreach (var plugin in _plugins) { // start process plugins background _trace.Trace($"Start process task for plugin '{plugin.FriendlyName}'"); var task = RunAsync(plugin, tokenSource.Token); processTasks[plugin.FriendlyName] = task; } // waiting for job finish event await _jobFinished.Task; tokenSource.Cancel(); _trace.Trace($"Wait for all plugins finish process outputs."); foreach (var task in processTasks) { try { await task.Value; _trace.Trace($"Plugin '{task.Key}' finished log process."); } catch (Exception ex) { _trace.Output($"Plugin '{task.Key}' failed with: {ex}"); } } // Stop monitor monitorSource.Cancel(); await memoryUsageMonitor; // job has finished, all log plugins should start their finalize process Dictionary finalizeTasks = new Dictionary(); foreach (var plugin in _plugins) { string typeName = plugin.GetType().FullName; if (!_shortCircuited[typeName].Task.IsCompleted) { _trace.Trace($"Start finalize for plugin '{plugin.FriendlyName}'"); var finalize = plugin.FinalizeAsync(_pluginContexts[typeName]); finalizeTasks[plugin.FriendlyName] = finalize; } else { _trace.Trace($"Skip finalize for short circuited plugin '{plugin.FriendlyName}'"); } } _trace.Trace($"Wait for all plugins finish finalization."); foreach (var task in finalizeTasks) { try { await task.Value; _trace.Trace($"Plugin '{task.Key}' finished job finalize."); } catch (Exception ex) { _trace.Output($"Plugin '{task.Key}' failed with: {ex}"); } } _trace.Trace($"All plugins finished finalization."); } } public void EnqueueOutput(string output) { if (output != null) { foreach (var plugin in _plugins) { string typeName = plugin.GetType().FullName; if (!_shortCircuited[typeName].Task.IsCompleted) { _outputQueue[typeName].Enqueue(output); } } } } public void Finish() { _trace.Trace("Job has finished, start shutting down log output processing process."); _jobFinished.TrySetResult(0); } private async Task StartMemoryUsageMonitor(CancellationToken token) { Dictionary pluginViolateFlags = new Dictionary(); foreach (var queue in _outputQueue) { pluginViolateFlags[queue.Key] = 0; } _trace.Trace($"Start output buffer monitor."); while (!token.IsCancellationRequested) { foreach (var queue in _outputQueue) { string pluginName = queue.Key; if (token.IsCancellationRequested) { break; } if (queue.Value.Count > _shortCircuitThreshold) { _trace.Trace($"Plugin '{pluginName}' has too many buffered outputs."); pluginViolateFlags[pluginName]++; if (pluginViolateFlags[pluginName] >= 10) { _trace.Trace($"Short circuit plugin '{pluginName}'."); _shortCircuited[pluginName].TrySetResult(0); } } else if (pluginViolateFlags[pluginName] > 0) { _trace.Trace($"Plugin '{pluginName}' has cleared out buffered outputs."); pluginViolateFlags[pluginName] = 0; } } await Task.WhenAny(Task.Delay(_shortCircuitMonitorFrequency), Task.Delay(-1, token)); } _trace.Trace($"Output buffer monitor stopped."); } private async Task RunAsync(IAgentLogPlugin plugin, CancellationToken token) { List errors = new List(); string typeName = plugin.GetType().FullName; var context = _pluginContexts[typeName]; bool initialized = false; try { initialized = await plugin.InitializeAsync(context); } catch (Exception ex) { errors.Add($"Fail to initialize: {ex.Message}."); context.Trace(ex.ToString()); } finally { if (!initialized) { context.Trace("Skip process outputs base on plugin initialize result."); _shortCircuited[typeName].TrySetResult(0); } } using (var registration = token.Register(() => { var depth = _outputQueue[typeName].Count; if (depth > 0) { context.Output($"Waiting for log plugin to finish, pending process {depth} log lines."); } })) { while (!_shortCircuited[typeName].Task.IsCompleted && !token.IsCancellationRequested) { await ProcessOutputQueue(context, plugin, errors); // back-off before pull output queue again. await Task.Delay(500); } } // process all remaining outputs context.Trace("Process remaining outputs after job finished."); await ProcessOutputQueue(context, plugin, errors); // print out the plugin has been short circuited. if (_shortCircuited[typeName].Task.IsCompleted) { if (initialized) { context.Output($"Plugin has been short circuited due to exceed memory usage limit."); } _outputQueue[typeName].Clear(); } // print out error to user. if (errors.Count > 0) { foreach (var error in errors) { context.Output($"Fail to process output: {error}"); } } } private async Task ProcessOutputQueue(IAgentLogPluginContext context, IAgentLogPlugin plugin, List errors) { string typeName = plugin.GetType().FullName; while (!_shortCircuited[typeName].Task.IsCompleted && _outputQueue[typeName].TryDequeue(out string line)) { try { var id = line.Substring(0, line.IndexOf(":")); var message = line.Substring(line.IndexOf(":") + 1); var processLineTask = plugin.ProcessLineAsync(context, _steps[id], message); var completedTask = await Task.WhenAny(_shortCircuited[typeName].Task, processLineTask); if (completedTask == processLineTask) { await processLineTask; } } catch (Exception ex) { // ignore exception // only trace the first 10 errors. if (errors.Count < 10) { errors.Add($"{ex} '(line)'"); } } } } } } ================================================ FILE: src/Agent.Sdk/MountVolume.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.Text.RegularExpressions; using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Sdk { public class MountVolume { public MountVolume() { } public MountVolume(string sourceVolumePath, string targetVolumePath, bool readOnly = false) { this.SourceVolumePath = sourceVolumePath; this.TargetVolumePath = targetVolumePath; this.ReadOnly = readOnly; } public MountVolume(string fromString) { ArgUtil.NotNull(fromString, nameof(fromString)); ParseVolumeString(fromString); } private static Regex _autoEscapeWindowsDriveRegex = new Regex(@"(^|:)([a-zA-Z]):(\\|/)", RegexOptions.Compiled); private string AutoEscapeWindowsDriveInPath(string path) { return _autoEscapeWindowsDriveRegex.Replace(path, @"$1$2\:$3"); } private void ParseVolumeString(string volume) { ReadOnly = false; SourceVolumePath = null; string readonlyToken = ":ro"; if (volume.EndsWith(readonlyToken, System.StringComparison.OrdinalIgnoreCase)) { ReadOnly = true; volume = volume.Remove(volume.Length - readonlyToken.Length); } // for completeness, in case someone explicitly added :rw in the volume mapping, we should strip it as well string readWriteToken = ":rw"; if (volume.EndsWith(readWriteToken, System.StringComparison.OrdinalIgnoreCase)) { ReadOnly = false; volume = volume.Remove(volume.Length - readWriteToken.Length); } // if volume starts with a ":", this is the same as having only a single path // so just strip it so we don't have to deal with an empty source volume path if (volume.StartsWith(":")) { volume = volume.Substring(1); } var volumes = new List(); // split by colon, but honor escaping of colons var volumeSplit = AutoEscapeWindowsDriveInPath(volume).Split(':'); var appendNextIteration = false; foreach (var fragment in volumeSplit) { if (appendNextIteration) { var orig = volumes[volumes.Count - 1]; orig = orig.Remove(orig.Length - 1); // remove the trailing backslash volumes[volumes.Count - 1] = orig + ":" + fragment; appendNextIteration = false; } else { volumes.Add(fragment); } // if this fragment ends with backslash, then the : was escaped if (fragment.EndsWith(@"\")) { appendNextIteration = true; } } if (volumes.Count >= 2) { // source:target SourceVolumePath = volumes[0]; TargetVolumePath = volumes[1]; // if volumes.Count > 2 here, we should log something that says we ignored options passed in. // for now, do nothing in order to remain backwards compatable. } else { // target - or, default to passing straight through TargetVolumePath = volume; } } public string SourceVolumePath { get; set; } public string TargetVolumePath { get; set; } public bool ReadOnly { get; set; } } } ================================================ FILE: src/Agent.Sdk/PortMapping.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Sdk { public class PortMapping { public PortMapping() { } public PortMapping(string hostPort, string containerPort, string protocol) { this.HostPort = hostPort; this.ContainerPort = containerPort; this.Protocol = protocol; } public string HostPort { get; set; } public string ContainerPort { get; set; } public string Protocol { get; set; } } } ================================================ FILE: src/Agent.Sdk/ProcessInvoker.MacLinux.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using System; using System.IO; using System.Runtime.InteropServices; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Util { public partial class ProcessInvoker : IDisposable { private async Task SendPosixSignal(PosixSignals signal, TimeSpan timeout) { if (_proc == null) { Trace.Info($"Process already exited, no need to send {signal}."); return true; } Trace.Info($"Sending {signal} to process {_proc.Id}."); int errorCode = kill(_proc.Id, (int)signal); if (errorCode != 0) { Trace.Info($"{signal} signal did not fire successfully."); Trace.Info($"Error code: {errorCode}."); return false; } Trace.Info($"Successfully sent {signal} to process {_proc.Id}."); Trace.Info($"Waiting for process exit or {timeout.TotalSeconds} seconds after {signal} signal fired."); var completedTask = await Task.WhenAny(Task.Delay(timeout), _processExitedCompletionSource.Task); if (completedTask == _processExitedCompletionSource.Task) { Trace.Info("Process exited successfully."); return true; } else { Trace.Info($"Process did not honor {signal} signal within {timeout.TotalSeconds} seconds."); return false; } } private void NixKillProcessTree() { try { if (_proc?.HasExited == false) { _proc?.Kill(); } } catch (InvalidOperationException ex) { Trace.Info("Ignore InvalidOperationException during Process.Kill()."); Trace.Info(ex.ToString()); } } private void WriteProcessOomScoreAdj(int processId, int oomScoreAdj) { if (PlatformUtil.HostOS != PlatformUtil.OS.Linux) { Trace.Info("OOM score adjustment is Linux only"); return; } try { string procFilePath = $"/proc/{processId}/oom_score_adj"; if (File.Exists(procFilePath)) { File.WriteAllText(procFilePath, oomScoreAdj.ToString()); Trace.Info($"Updated oom_score_adj to {oomScoreAdj} for PID: {processId}."); } } catch (Exception ex) { Trace.Info($"Failed to update oom_score_adj for PID: {processId}."); Trace.Info(ex.ToString()); } } private enum PosixSignals : int { SIGINT = 2, SIGTERM = 15 } [DllImport("libc", SetLastError = true)] private static extern int kill(int pid, int sig); } } ================================================ FILE: src/Agent.Sdk/ProcessInvoker.Windows.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.ComponentModel; using System.Diagnostics; using System.Linq; using System.Runtime.InteropServices; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Util { public partial class ProcessInvoker : IDisposable { private async Task SendCtrlSignal(ConsoleCtrlEvent signal, TimeSpan timeout) { if (_proc == null) { Trace.Info($"Process already exited, no need to send {signal}."); return true; } Trace.Info($"Sending {signal} to process {_proc.Id}."); ConsoleCtrlDelegate ctrlEventHandler = new ConsoleCtrlDelegate(ConsoleCtrlHandler); try { if (!FreeConsole()) { throw new Win32Exception(Marshal.GetLastWin32Error()); } if (!AttachConsole(_proc.Id)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } if (!SetConsoleCtrlHandler(ctrlEventHandler, true)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } if (!GenerateConsoleCtrlEvent(signal, 0)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } Trace.Info($"Successfully sent {signal} to process {_proc.Id}."); Trace.Info($"Waiting for process exit or {timeout.TotalSeconds} seconds after {signal} signal fired."); var completedTask = await Task.WhenAny(Task.Delay(timeout), _processExitedCompletionSource.Task); if (completedTask == _processExitedCompletionSource.Task) { Trace.Info("Process exited successfully."); return true; } else { Trace.Info($"Process did not honor {signal} signal within {timeout.TotalSeconds} seconds."); return false; } } catch (Exception ex) { Trace.Info($"{signal} signal did not fire successfully."); Trace.Verbose($"Caught exception during send {signal} event to process {_proc.Id}"); Trace.Verbose(ex.ToString()); return false; } finally { FreeConsole(); SetConsoleCtrlHandler(ctrlEventHandler, false); } } private bool ConsoleCtrlHandler(ConsoleCtrlEvent ctrlType) { switch (ctrlType) { case ConsoleCtrlEvent.CTRL_C: Trace.Info($"Ignore Ctrl+C to current process."); // We return True, so the default Ctrl handler will not take action. return true; case ConsoleCtrlEvent.CTRL_BREAK: Trace.Info($"Ignore Ctrl+Break to current process."); // We return True, so the default Ctrl handler will not take action. return true; } // If the function handles the control signal, it should return TRUE. // If it returns FALSE, the next handler function in the list of handlers for this process is used. return false; } private void WindowsKillProcessTree() { var pid = _proc?.Id; if (pid == null) { // process already exit, stop here. return; } Dictionary processRelationship = new Dictionary(); Trace.Info($"Scan all processes to find relationship between all processes."); foreach (Process proc in Process.GetProcesses()) { try { if (!proc.SafeHandle.IsInvalid) { PROCESS_BASIC_INFORMATION pbi = new PROCESS_BASIC_INFORMATION(); int returnLength = 0; int queryResult = NtQueryInformationProcess(proc.SafeHandle.DangerousGetHandle(), PROCESSINFOCLASS.ProcessBasicInformation, ref pbi, Marshal.SizeOf(pbi), ref returnLength); if (queryResult == 0) // == 0 is OK { Trace.Verbose($"Process: {proc.Id} is child process of {pbi.InheritedFromUniqueProcessId}."); processRelationship[proc.Id] = (int)pbi.InheritedFromUniqueProcessId; } else { throw new Win32Exception(Marshal.GetLastWin32Error()); } } } catch (Exception ex) { // Ignore all exceptions, since KillProcessTree is best effort. Trace.Verbose("Ignore any catched exception during detecting process relationship."); Trace.Verbose(ex.ToString()); } } Trace.Verbose($"Start killing process tree of process '{pid.Value}'."); Stack processesNeedtoKill = new Stack(); processesNeedtoKill.Push(new ProcessTerminationInfo(pid.Value, false)); while (processesNeedtoKill.Any()) { ProcessTerminationInfo procInfo = processesNeedtoKill.Pop(); List childProcessesIds = new List(); if (!procInfo.ChildPidExpanded) { Trace.Info($"Find all child processes of process '{procInfo.Pid}'."); childProcessesIds = processRelationship.Where(p => p.Value == procInfo.Pid).Select(k => k.Key).ToList(); } if (childProcessesIds.Count > 0) { Trace.Info($"Need kill all child processes trees before kill process '{procInfo.Pid}'."); processesNeedtoKill.Push(new ProcessTerminationInfo(procInfo.Pid, true)); foreach (var childPid in childProcessesIds) { Trace.Info($"Child process '{childPid}' needs be killed first."); processesNeedtoKill.Push(new ProcessTerminationInfo(childPid, false)); } } else { Trace.Info($"Kill process '{procInfo.Pid}'."); try { Process leafProcess = Process.GetProcessById(procInfo.Pid); try { leafProcess.Kill(); } catch (InvalidOperationException ex) { // The process has already exited Trace.Verbose("Ignore InvalidOperationException during Process.Kill()."); Trace.Verbose(ex.ToString()); } catch (Win32Exception ex) when (ex.NativeErrorCode == 5) { // The associated process could not be terminated // The process is terminating // NativeErrorCode 5 means Access Denied Trace.Verbose("Ignore Win32Exception with NativeErrorCode 5 during Process.Kill()."); Trace.Verbose(ex.ToString()); } catch (Exception ex) { // Ignore any additional exception Trace.Verbose("Ignore additional exceptions during Process.Kill()."); Trace.Verbose(ex.ToString()); } } catch (ArgumentException ex) { // process already gone, nothing needs killed. Trace.Verbose("Ignore ArgumentException during Process.GetProcessById()."); Trace.Verbose(ex.ToString()); } catch (Exception ex) { // Ignore any additional exception Trace.Verbose("Ignore additional exceptions during Process.GetProcessById()."); Trace.Verbose(ex.ToString()); } } } } private class ProcessTerminationInfo { public ProcessTerminationInfo(int pid, bool expanded) { Pid = pid; ChildPidExpanded = expanded; } public int Pid { get; } public bool ChildPidExpanded { get; } } private enum ConsoleCtrlEvent { CTRL_C = 0, CTRL_BREAK = 1 } private enum PROCESSINFOCLASS : int { ProcessBasicInformation = 0 }; [StructLayout(LayoutKind.Sequential)] private struct PROCESS_BASIC_INFORMATION { public long ExitStatus; public long PebBaseAddress; public long AffinityMask; public long BasePriority; public long UniqueProcessId; public long InheritedFromUniqueProcessId; }; [DllImport("ntdll.dll", SetLastError = true)] private static extern int NtQueryInformationProcess(IntPtr processHandle, PROCESSINFOCLASS processInformationClass, ref PROCESS_BASIC_INFORMATION processInformation, int processInformationLength, ref int returnLength); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GenerateConsoleCtrlEvent(ConsoleCtrlEvent sigevent, int dwProcessGroupId); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FreeConsole(); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool AttachConsole(int dwProcessId); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool SetConsoleCtrlHandler(ConsoleCtrlDelegate HandlerRoutine, bool Add); // Delegate type to be used as the Handler Routine for SetConsoleCtrlHandler private delegate Boolean ConsoleCtrlDelegate(ConsoleCtrlEvent CtrlType); } } ================================================ FILE: src/Agent.Sdk/ProcessInvoker.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Text; using System.Text.RegularExpressions; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.Framework.Common; namespace Microsoft.VisualStudio.Services.Agent.Util { // The implementation of the process invoker does not hook up DataReceivedEvent and ErrorReceivedEvent of Process, // instead, we read both STDOUT and STDERR stream manually on separate thread. // The reason is we find a huge perf issue about process STDOUT/STDERR with those events. public partial class ProcessInvoker : IDisposable { public static readonly bool ContinueAfterCancelProcessTreeKillAttemptDefault = false; private Process _proc; private Stopwatch _stopWatch; private int _asyncStreamReaderCount = 0; private bool _waitingOnStreams = false; private readonly AsyncManualResetEvent _outputProcessEvent = new AsyncManualResetEvent(); private readonly TaskCompletionSource _processExitedCompletionSource = new TaskCompletionSource(); private readonly ConcurrentQueue _errorData = new ConcurrentQueue(); private readonly ConcurrentQueue _outputData = new ConcurrentQueue(); private readonly TimeSpan _defaultSigintTimeout = TimeSpan.FromMilliseconds(7500); private readonly TimeSpan _defaultSigtermTimeout = TimeSpan.FromMilliseconds(2500); private ITraceWriter Trace { get; set; } private class AsyncManualResetEvent { private volatile TaskCompletionSource m_tcs = new TaskCompletionSource(); public Task WaitAsync() { return m_tcs.Task; } public void Set() { var tcs = m_tcs; Task.Factory.StartNew(s => ((TaskCompletionSource)s).TrySetResult(true), tcs, CancellationToken.None, TaskCreationOptions.PreferFairness, TaskScheduler.Default); tcs.Task.Wait(); } public void Reset() { while (true) { var tcs = m_tcs; if (!tcs.Task.IsCompleted || Interlocked.CompareExchange(ref m_tcs, new TaskCompletionSource(), tcs) == tcs) return; } } } public bool DisableWorkerCommands { get; set; } public bool TryUseGracefulShutdown { get; set; } public TimeSpan SigintTimeout { get; set; } public TimeSpan SigtermTimeout { get; set; } public event EventHandler OutputDataReceived; public event EventHandler ErrorDataReceived; public ProcessInvoker(ITraceWriter trace, bool disableWorkerCommands = false, TimeSpan? sigintTimeout = null, TimeSpan? sigtermTimeout = null) { this.Trace = trace; this.DisableWorkerCommands = disableWorkerCommands; this.SigintTimeout = sigintTimeout ?? _defaultSigintTimeout; this.SigtermTimeout = sigtermTimeout ?? _defaultSigtermTimeout; } public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: false, cancellationToken: cancellationToken); } public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: null, cancellationToken: cancellationToken); } public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: outputEncoding, killProcessOnCancel: false, cancellationToken: cancellationToken); } public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: outputEncoding, killProcessOnCancel: killProcessOnCancel, redirectStandardIn: null, cancellationToken: cancellationToken); } public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: outputEncoding, killProcessOnCancel: killProcessOnCancel, redirectStandardIn: redirectStandardIn, inheritConsoleHandler: false, cancellationToken: cancellationToken); } public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, bool inheritConsoleHandler, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: outputEncoding, killProcessOnCancel: killProcessOnCancel, redirectStandardIn: redirectStandardIn, inheritConsoleHandler: inheritConsoleHandler, keepStandardInOpen: false, highPriorityProcess: false, continueAfterCancelProcessTreeKillAttempt: ProcessInvoker.ContinueAfterCancelProcessTreeKillAttemptDefault, cancellationToken: cancellationToken); } public async Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, bool inheritConsoleHandler, bool keepStandardInOpen, bool highPriorityProcess, bool continueAfterCancelProcessTreeKillAttempt, CancellationToken cancellationToken) { ArgUtil.Null(_proc, nameof(_proc)); ArgUtil.NotNullOrEmpty(fileName, nameof(fileName)); Trace.Info("Starting process:"); Trace.Info($" File name: '{fileName}'"); Trace.Info($" Arguments: '{arguments}'"); Trace.Info($" Working directory: '{workingDirectory}'"); Trace.Info($" Require exit code zero: '{requireExitCodeZero}'"); Trace.Info($" Encoding web name: {outputEncoding?.WebName} ; code page: '{outputEncoding?.CodePage}'"); Trace.Info($" Force kill process on cancellation: '{killProcessOnCancel}'"); Trace.Info($" Redirected STDIN: '{redirectStandardIn != null}'"); Trace.Info($" Persist current code page: '{inheritConsoleHandler}'"); Trace.Info($" Keep redirected STDIN open: '{keepStandardInOpen}'"); Trace.Info($" High priority process: '{highPriorityProcess}'"); Trace.Info($" ContinueAfterCancelProcessTreeKillAttempt: '{continueAfterCancelProcessTreeKillAttempt}'"); Trace.Info($" Sigint timeout: '{SigintTimeout}'"); Trace.Info($" Sigterm timeout: '{SigtermTimeout}'"); Trace.Info($" Try to use graceful shutdown: {TryUseGracefulShutdown}"); _proc = new Process(); _proc.StartInfo.FileName = fileName; _proc.StartInfo.Arguments = arguments; _proc.StartInfo.WorkingDirectory = workingDirectory; _proc.StartInfo.UseShellExecute = false; _proc.StartInfo.CreateNoWindow = !inheritConsoleHandler; _proc.StartInfo.RedirectStandardInput = true; _proc.StartInfo.RedirectStandardError = true; _proc.StartInfo.RedirectStandardOutput = true; // Ensure we process STDERR even the process exit event happen before we start read STDERR stream. if (_proc.StartInfo.RedirectStandardError) { Interlocked.Increment(ref _asyncStreamReaderCount); } // Ensure we process STDOUT even the process exit event happen before we start read STDOUT stream. if (_proc.StartInfo.RedirectStandardOutput) { Interlocked.Increment(ref _asyncStreamReaderCount); } // If StandardErrorEncoding or StandardOutputEncoding is not specified the on the // ProcessStartInfo object, then .NET PInvokes to resolve the default console output // code page: // [DllImport("api-ms-win-core-console-l1-1-0.dll", SetLastError = true)] // public extern static uint GetConsoleOutputCP(); if (PlatformUtil.RunningOnWindows) { StringUtil.EnsureRegisterEncodings(); } if (outputEncoding != null) { _proc.StartInfo.StandardErrorEncoding = outputEncoding; _proc.StartInfo.StandardOutputEncoding = outputEncoding; } // Copy the environment variables. if (environment != null && environment.Count > 0) { foreach (KeyValuePair kvp in environment) { _proc.StartInfo.Environment[kvp.Key] = kvp.Value; } } // Set the TF_BUILD env variable. _proc.StartInfo.Environment["TF_BUILD"] = "True"; // Hook up the events. _proc.EnableRaisingEvents = true; _proc.Exited += ProcessExitedHandler; // Start the process. _stopWatch = Stopwatch.StartNew(); _proc.Start(); // Decrease invoked process priority, in platform specifc way, relative to parent if (!highPriorityProcess) { DecreaseProcessPriority(_proc); } // Start the standard error notifications, if appropriate. if (_proc.StartInfo.RedirectStandardError) { StartReadStream(_proc.StandardError, _errorData); } // Start the standard output notifications, if appropriate. if (_proc.StartInfo.RedirectStandardOutput) { StartReadStream(_proc.StandardOutput, _outputData); } if (_proc.StartInfo.RedirectStandardInput) { if (redirectStandardIn != null) { StartWriteStream(redirectStandardIn, _proc.StandardInput, keepStandardInOpen); } else { // Close the input stream. This is done to prevent commands from blocking the build waiting for input from the user. _proc.StandardInput.Close(); } } AsyncManualResetEvent afterCancelKillProcessTreeAttemptSignal = new AsyncManualResetEvent(); using (var registration = cancellationToken.Register(async () => { try { await CancelAndKillProcessTree(killProcessOnCancel); } catch (Exception ex) { // Log the exception but continue with cleanup to prevent silent failures Trace.Info($"Exception details: {ex}"); } finally { // signal to ensure we exit the loop after we attempt to cancel and kill the process tree (which is best effort) afterCancelKillProcessTreeAttemptSignal.Set(); } })) { Trace.Info($"Process started, waiting for process exit."); while (true) { Task outputSignal = _outputProcessEvent.WaitAsync(); Task[] tasks; if (continueAfterCancelProcessTreeKillAttempt) { tasks = new Task[] { outputSignal, _processExitedCompletionSource.Task, afterCancelKillProcessTreeAttemptSignal.WaitAsync() }; } else { tasks = new Task[] { outputSignal, _processExitedCompletionSource.Task }; } var signaled = await Task.WhenAny(tasks); if (signaled == outputSignal) { ProcessOutput(); } else { _stopWatch.Stop(); break; } } // Just in case there was some pending output when the process shut down go ahead and check the // data buffers one last time before returning ProcessOutput(); if (_proc.HasExited) { Trace.Info($"Finished process and elapsed time {_stopWatch.Elapsed}."); } else { Trace.Info($"Process has not exited, elapsed time {_stopWatch.Elapsed}."); } } cancellationToken.ThrowIfCancellationRequested(); // Wait for process to finish. if (_proc.ExitCode != 0 && requireExitCodeZero) { throw new ProcessExitCodeException(exitCode: _proc.ExitCode, fileName: fileName, arguments: arguments); } return _proc.ExitCode; } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } protected virtual void Dispose(bool disposing) { if (disposing) { if (_proc != null) { _proc.Dispose(); _proc = null; } } } private void ProcessOutput() { List errorData = new List(); List outputData = new List(); string errorLine; while (_errorData.TryDequeue(out errorLine)) { errorData.Add(errorLine); } string outputLine; while (_outputData.TryDequeue(out outputLine)) { outputData.Add(outputLine); } _outputProcessEvent.Reset(); // Write the error lines. if (errorData != null && this.ErrorDataReceived != null) { foreach (string line in errorData) { if (line != null) { this.ErrorDataReceived(this, new ProcessDataReceivedEventArgs(line)); } } } // Process the output lines. if (outputData != null && this.OutputDataReceived != null) { foreach (string line in outputData) { if (line != null) { // The line is output from the process that was invoked. this.OutputDataReceived(this, new ProcessDataReceivedEventArgs(line)); } } } } internal protected virtual async Task CancelAndKillProcessTree(bool killProcessOnCancel) { bool gracefulShoutdown = TryUseGracefulShutdown && !killProcessOnCancel; // Store proc reference locally to prevent race conditions with Dispose() ArgUtil.NotNull(_proc, nameof(_proc)); if (!killProcessOnCancel) { bool sigint_succeed = await SendSIGINT(SigintTimeout); if (sigint_succeed) { Trace.Info($"Process cancelled successfully through Ctrl+C/SIGINT."); return; } if (gracefulShoutdown) { return; } bool sigterm_succeed = await SendSIGTERM(SigtermTimeout); if (sigterm_succeed) { Trace.Info($"Process terminated successfully through Ctrl+Break/SIGTERM."); return; } } Trace.Info($"Kill entire process tree since both cancel and terminate signal has been ignored by the target process."); KillProcessTree(); } private async Task SendSIGINT(TimeSpan timeout) { if (PlatformUtil.RunningOnWindows) { return await SendCtrlSignal(ConsoleCtrlEvent.CTRL_C, timeout); } return await SendPosixSignal(PosixSignals.SIGINT, timeout); } private async Task SendSIGTERM(TimeSpan timeout) { if (PlatformUtil.RunningOnWindows) { return await SendCtrlSignal(ConsoleCtrlEvent.CTRL_BREAK, timeout); } return await SendPosixSignal(PosixSignals.SIGTERM, timeout); } private void ProcessExitedHandler(object sender, EventArgs e) { Trace.Info("Exited process"); if ((_proc.StartInfo.RedirectStandardError || _proc.StartInfo.RedirectStandardOutput) && _asyncStreamReaderCount != 0) { _waitingOnStreams = true; Task.Run(async () => { // Wait 5 seconds and then Cancel/Kill process tree await Task.Delay(TimeSpan.FromSeconds(5)); KillProcessTree(); _processExitedCompletionSource.TrySetResult(true); }); } else { _processExitedCompletionSource.TrySetResult(true); } } private void StartReadStream(StreamReader reader, ConcurrentQueue dataBuffer) { Task.Run(() => { while (!reader.EndOfStream) { string line = reader.ReadLine(); if (line != null) { if (DisableWorkerCommands) { line = StringUtil.DeactivateVsoCommands(line); } dataBuffer.Enqueue(line); _outputProcessEvent.Set(); } } Trace.Info($"STDOUT/STDERR stream read finished."); if (Interlocked.Decrement(ref _asyncStreamReaderCount) == 0 && _waitingOnStreams) { _processExitedCompletionSource.TrySetResult(true); } }); } private void StartWriteStream(InputQueue redirectStandardIn, StreamWriter standardIn, bool keepStandardInOpen) { Task.Run(async () => { // Write the contents as UTF8 to handle all characters. var utf8Writer = new StreamWriter(standardIn.BaseStream, new UTF8Encoding(false)); while (!_processExitedCompletionSource.Task.IsCompleted) { Task dequeueTask = redirectStandardIn.DequeueAsync(); var completedTask = await Task.WhenAny(dequeueTask, _processExitedCompletionSource.Task); if (completedTask == dequeueTask) { string input = await dequeueTask; if (input != null) { utf8Writer.WriteLine(input); utf8Writer.Flush(); if (!keepStandardInOpen) { Trace.Info($"Close STDIN after the first redirect finished."); standardIn.Close(); break; } } } } Trace.Info($"STDIN stream write finished."); }); } private void KillProcessTree() { if (PlatformUtil.RunningOnWindows) { WindowsKillProcessTree(); } else { NixKillProcessTree(); } } private void DecreaseProcessPriority(Process process) { if (PlatformUtil.HostOS != PlatformUtil.OS.Linux) { Trace.Info($"OOM score adjustment is Linux-only."); return; } int oomScoreAdj = 500; string userOomScoreAdj; if (process.StartInfo.Environment.TryGetValue("PIPELINE_JOB_OOMSCOREADJ", out userOomScoreAdj)) { int userOomScoreAdjParsed; if (int.TryParse(userOomScoreAdj, out userOomScoreAdjParsed) && userOomScoreAdjParsed >= -1000 && userOomScoreAdjParsed <= 1000) { oomScoreAdj = userOomScoreAdjParsed; } else { Trace.Info($"Invalid PIPELINE_JOB_OOMSCOREADJ ({userOomScoreAdj}). Valid range is -1000:1000. Using default 500."); } } // Values (up to 1000) make the process more likely to be killed under OOM scenario, // protecting the agent by extension. Default of 500 is likely to get killed, but can // be adjusted up or down as appropriate. WriteProcessOomScoreAdj(process.Id, oomScoreAdj); } } public sealed class ProcessExitCodeException : Exception { public int ExitCode { get; private set; } public ProcessExitCodeException(int exitCode, string fileName, string arguments) : base(StringUtil.Loc("ProcessExitCode", exitCode, fileName, arguments)) { ExitCode = exitCode; } } public sealed class ProcessDataReceivedEventArgs : EventArgs { public ProcessDataReceivedEventArgs(string data) { Data = data; } public string Data { get; set; } } } ================================================ FILE: src/Agent.Sdk/ScopedEnvironment.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; namespace Agent.Sdk { public interface IScopedEnvironment { IDictionary GetEnvironmentVariables(); void SetEnvironmentVariable(string key, string value); string GetEnvironmentVariable(string key); } public class SystemEnvironment : IScopedEnvironment { public IDictionary GetEnvironmentVariables() { return Environment.GetEnvironmentVariables(); } public void SetEnvironmentVariable(string key, string value) { Environment.SetEnvironmentVariable(key, value); } public string GetEnvironmentVariable(string key) { return Environment.GetEnvironmentVariable(key); } } public class LocalEnvironment : IScopedEnvironment { private Dictionary _delegate = null; public LocalEnvironment() : this(null) { } public LocalEnvironment(Dictionary data) { _delegate = data; if (_delegate == null) { _delegate = new Dictionary(); } } public IDictionary GetEnvironmentVariables() { // we have to return a new collection here because this method // is used in foreach statements that modify the environment. This // is allowed from Environment class since the methods are not typed to a // a single object. return new Dictionary(_delegate); } public void SetEnvironmentVariable(string key, string value) { _delegate[key] = value; } public string GetEnvironmentVariable(string key) { return _delegate.GetValueOrDefault(key); } } } ================================================ FILE: src/Agent.Sdk/SecretMasking/ILoggedSecretMasker.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Agent.Sdk.SecretMasking { /// /// An action that publishes the given data corresonding to the given /// feature to a telemetry channel. /// public delegate void PublishSecretMaskerTelemetryAction(string feature, Dictionary data); /// /// Extended ISecretMasker interface that adds support for telemetry and /// logging the origin of regexes, encoders and literal secret values. /// public interface ILoggedSecretMasker : IDisposable { int MinSecretLength { get; set; } void AddRegex(string pattern, string origin); void AddValue(string value, string origin); void AddValueEncoder(Func encoder, string origin); string MaskSecrets(string input); void RemoveShortSecretsFromDictionary(); void SetTrace(ITraceWriter trace); /// /// Begin collecting data for secret masking telemetry. /// /// /// This is a no-op if is being used, /// only supports telemetry. Also, the /// agent will only call this if a feature flag that opts in to secret /// masking telemetry is enabled.. /// /// /// The maximum number of unique correlating IDs to collect. /// void StartTelemetry(int maxUniqueCorrelatingIds); /// /// Stop collecting data for secret masking telemetry and publish the /// telemetry events. /// /// /// This is a no-op if is being used, /// only supports telemetry. /// /// The maximum number of correlating IDs to report in a single /// telemetry event. /// /// Callback to publish the telemetry data. /// void StopAndPublishTelemetry(int maxCorrelatingIdsPerEvent, PublishSecretMaskerTelemetryAction publishAction); } } ================================================ FILE: src/Agent.Sdk/SecretMasking/IRawSecretMasker.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Agent.Sdk.SecretMasking { /// /// Rerpresents a raw secret masker without the features that adds. /// public interface IRawSecretMasker : IDisposable { int MinSecretLength { get; set; } void AddRegex(string pattern); void AddValue(string value); void AddValueEncoder(Func encoder); string MaskSecrets(string input); void RemoveShortSecretsFromDictionary(); } } ================================================ FILE: src/Agent.Sdk/SecretMasking/LegacySecretMasker.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.TeamFoundation.DistributedTask.Logging; namespace Agent.Sdk.SecretMasking { /// /// Legacy secret masker that dispatches to from /// 'Microsoft.TeamFoundation.DistributedTask.Logging'. /// public sealed class LegacySecretMasker : IRawSecretMasker { private ISecretMasker _secretMasker; public LegacySecretMasker() { _secretMasker = new SecretMasker(); } private LegacySecretMasker(ISecretMasker secretMasker) { _secretMasker = secretMasker; } public int MinSecretLength { get => _secretMasker.MinSecretLength; set => _secretMasker.MinSecretLength = value; } public void AddRegex(string pattern) { _secretMasker.AddRegex(pattern); } public void AddValue(string value) { _secretMasker.AddValue(value); } public void AddValueEncoder(Func encoder) { _secretMasker.AddValueEncoder(x => encoder(x)); } public void Dispose() { (_secretMasker as IDisposable)?.Dispose(); _secretMasker = null; } public string MaskSecrets(string input) { return _secretMasker.MaskSecrets(input); } public void RemoveShortSecretsFromDictionary() { _secretMasker.RemoveShortSecretsFromDictionary(); } public LegacySecretMasker Clone() { return new LegacySecretMasker(_secretMasker.Clone()); } } } ================================================ FILE: src/Agent.Sdk/SecretMasking/LoggedSecretMasker.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.TeamFoundation.DistributedTask.Logging; namespace Agent.Sdk.SecretMasking { /// /// Extended secret masker service that allows specifying the origin of any /// masking operation. It works by wrapping an existing IRawSecretMasker /// implementation and an optionally settable ITraceWriter instance for /// secret origin logging operations. In the agent today, this class can be /// initialized with two distinct IRawSecretMasker implementations, the one /// that ships in VSO itself, and the official Microsoft open source secret /// masker, implemented at https://github/microsoft/security-utilities. /// public class LoggedSecretMasker : ILoggedSecretMasker { private IRawSecretMasker _secretMasker; private ITraceWriter _trace; private void Trace(string msg) { this._trace?.Info(msg); } private LoggedSecretMasker(IRawSecretMasker secretMasker) { _secretMasker = secretMasker; } public static LoggedSecretMasker Create(IRawSecretMasker secretMasker) { return secretMasker switch { LegacySecretMasker lsm => new LegacyLoggedSecretMasker(lsm), _ => new LoggedSecretMasker(secretMasker), }; } public void SetTrace(ITraceWriter trace) { this._trace = trace; } /// /// AddValue method with additional logic for logging origin of provided secret /// /// Secret to be added /// Origin of the secret public void AddValue(string value, string origin) { // WARNING: Do not log the value here, it is a secret! this.Trace($"Setting up value for origin: {origin}"); if (value == null) { this.Trace($"Value is empty."); return; } _secretMasker.AddValue(value); } /// /// AddRegex method with additional logic for logging origin of provided secret /// /// Regex to be added /// Origin of the regex public void AddRegex(string pattern, string origin) { // WARNING: Do not log the pattern here, it could be very specifc and contain a secret! this.Trace($"Setting up regex for origin: {origin}."); if (pattern == null) { this.Trace($"Pattern is empty."); return; } _secretMasker.AddRegex(pattern); } // We don't allow to skip secrets longer than 5 characters. // Note: the secret that will be ignored is of length n-1. public static int MinSecretLengthLimit => 6; public int MinSecretLength { get { return _secretMasker.MinSecretLength; } set { if (value > MinSecretLengthLimit) { _secretMasker.MinSecretLength = MinSecretLengthLimit; } else { _secretMasker.MinSecretLength = value; } } } public void RemoveShortSecretsFromDictionary() { this._trace?.Info("Removing short secrets from masking dictionary"); _secretMasker.RemoveShortSecretsFromDictionary(); } public void AddValueEncoder(Func encoder) { this._secretMasker.AddValueEncoder(encoder); } /// /// Overloading of AddValueEncoder method with additional logic for logging origin of provided secret /// /// /// public void AddValueEncoder(Func encoder, string origin) { this.Trace($"Setting up value for origin: {origin}"); if (encoder == null) { this.Trace($"Encoder is empty."); return; } AddValueEncoder(encoder); } public string MaskSecrets(string input) { return this._secretMasker.MaskSecrets(input); } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } public void StartTelemetry(int maxDetections) { (_secretMasker as OssSecretMasker)?.StartTelemetry(maxDetections); } public void StopAndPublishTelemetry(int maxDetectionsPerEvent, PublishSecretMaskerTelemetryAction publishAction) { (_secretMasker as OssSecretMasker)?.StopAndPublishTelemetry(publishAction, maxDetectionsPerEvent); } protected virtual void Dispose(bool disposing) { if (disposing) { _secretMasker?.Dispose(); _secretMasker = null; } } // When backed by legacy secret masker, we can still implement Clone and // the server ISecretMasker interface. This is done to minimize churn // when running without the feature flag that enables the new secret // masker. private sealed class LegacyLoggedSecretMasker : LoggedSecretMasker, ISecretMasker { public LegacyLoggedSecretMasker(LegacySecretMasker secretMasker) : base(secretMasker) { } void ISecretMasker.AddRegex(string pattern) { _secretMasker.AddRegex(pattern); } void ISecretMasker.AddValue(string value) { _secretMasker.AddValue(value); } void ISecretMasker.AddValueEncoder(ValueEncoder encoder) { _secretMasker.AddValueEncoder(x => encoder(x)); } ISecretMasker ISecretMasker.Clone() { // NOTE: It has always been the case that trace does not flow to // clones and this code path exists to preserve legacy behavior // in the absence of a feature flag, so that behavior is // retained here. var lsm = (LegacySecretMasker)_secretMasker; return new LegacyLoggedSecretMasker(lsm.Clone()); } } } } ================================================ FILE: src/Agent.Sdk/SecretMasking/OssSecretMasker.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.Globalization; using System.Text.RegularExpressions; using System.Threading; using Microsoft.Security.Utilities; namespace Agent.Sdk.SecretMasking; public sealed class OssSecretMasker : IRawSecretMasker { private SecretMasker _secretMasker; private Telemetry _telemetry; public OssSecretMasker(IEnumerable patterns = null) { _secretMasker = new SecretMasker(patterns, generateCorrelatingIds: true, defaultRegexRedactionToken: "***"); } /// /// This property allows to set the minimum length of a secret for masking /// public int MinSecretLength { get => _secretMasker.MinimumSecretLength; set => _secretMasker.MinimumSecretLength = value; } public void AddRegex(string pattern) { // NOTE: This code path is used for regexes sent to the agent via // `AgentJobRequestMessage.MaskHints`. The regexes are effectively // arbitrary from our perspective at this layer and therefore we cannot // use regex options like 'NonBacktracking' that may not be compatible // with them. var regexPattern = new RegexPattern( id: string.Empty, name: string.Empty, label: string.Empty, pattern: pattern, patternMetadata: DetectionMetadata.None, regexOptions: RegexOptions.Compiled | RegexOptions.CultureInvariant | RegexOptions.ExplicitCapture); _secretMasker.AddRegex(regexPattern); } public void AddValue(string test) { _secretMasker.AddValue(test); } public void AddValueEncoder(Func encoder) { _secretMasker.AddLiteralEncoder(x => encoder(x)); } public void Dispose() { _secretMasker?.Dispose(); _secretMasker = null; _telemetry = null; } public string MaskSecrets(string input) { _secretMasker.SyncObject.EnterReadLock(); try { _telemetry?.ProcessInput(input); return _secretMasker.MaskSecrets(input, _telemetry?.ProcessDetection); } finally { _secretMasker.SyncObject.ExitReadLock(); } } public void StartTelemetry(int maxUniqueCorrelatingIds) { _secretMasker.SyncObject.EnterWriteLock(); try { _telemetry ??= new Telemetry(maxUniqueCorrelatingIds); } finally { _secretMasker.SyncObject.ExitWriteLock(); } } public void StopAndPublishTelemetry(PublishSecretMaskerTelemetryAction publishAction, int maxCorrelatingIdsPerEvent) { Telemetry telemetry; _secretMasker.SyncObject.EnterWriteLock(); try { telemetry = _telemetry; _telemetry = null; } finally { _secretMasker.SyncObject.ExitWriteLock(); } telemetry?.Publish(publishAction, _secretMasker.ElapsedMaskingTime, maxCorrelatingIdsPerEvent); } private sealed class Telemetry { // NOTE: Telemetry does not fit into the reader-writer lock model of the // SecretMasker API because we *write* telemetry during *read* // operations. We therefore use separate interlocked operations and a // concurrent dictionary when writing to telemetry. // Key=CrossCompanyCorrelatingId (C3ID), Value=Rule Moniker C3ID is a // non-reversible seeded hash and only available when detection is made // by a high-confidence rule that matches secrets with high entropy. private readonly ConcurrentDictionary _correlationData; private readonly int _maxUniqueCorrelatingIds; private long _charsScanned; private long _stringsScanned; private long _totalDetections; public Telemetry(int maxDetections) { _correlationData = new ConcurrentDictionary(); _maxUniqueCorrelatingIds = maxDetections; ProcessDetection = ProcessDetectionImplementation; } public void ProcessInput(string input) { Interlocked.Add(ref _charsScanned, input.Length); Interlocked.Increment(ref _stringsScanned); } public Action ProcessDetection { get; } private void ProcessDetectionImplementation(Detection detection) { Interlocked.Increment(ref _totalDetections); // NOTE: We cannot prevent the concurrent dictionary from exceeding // the maximum detection count when multiple threads add detections // in parallel. The condition here is therefore a best effort to // constrain the memory consumed by excess detections that will not // be published. Furthermore, it is deliberate that we use <= // instead of < here as it allows us to detect the case where the // maximum number of events have been exceeded without adding any // additional state. if (_correlationData.Count <= _maxUniqueCorrelatingIds && detection.CrossCompanyCorrelatingId != null) { _correlationData.TryAdd(detection.CrossCompanyCorrelatingId, detection.Moniker); } } public void Publish(PublishSecretMaskerTelemetryAction publishAction, TimeSpan elapsedMaskingTime, int maxCorrelatingIdsPerEvent) { Dictionary correlationData = null; int uniqueCorrelatingIds = 0; bool correlationDataIsIncomplete = false; // Publish 'SecretMaskerCorrelation' events mapping unique C3IDs to // rule moniker. No more than 'maxCorrelatingIdsPerEvent' are // published in a single event. foreach (var pair in _correlationData) { if (uniqueCorrelatingIds >= _maxUniqueCorrelatingIds) { correlationDataIsIncomplete = true; break; } correlationData ??= new Dictionary(maxCorrelatingIdsPerEvent); correlationData.Add(pair.Key, pair.Value); uniqueCorrelatingIds++; if (correlationData.Count >= maxCorrelatingIdsPerEvent) { publishAction("SecretMaskerCorrelation", correlationData); correlationData = null; } } if (correlationData != null) { publishAction("SecretMaskerCorrelation", correlationData); correlationData = null; } // Send overall information in a 'SecretMasker' event. var overallData = new Dictionary { // The version of Microsoft.Security.Utilities.Core used. { "Version", SecretMasker.Version.ToString() }, // The total number number of characters scanned by the secret masker. { "CharsScanned", _charsScanned.ToString(CultureInfo.InvariantCulture) }, // The total number of strings scanned by the secret masker. { "StringsScanned", _stringsScanned.ToString(CultureInfo.InvariantCulture) }, // The total number of detections made by the secret masker. // This includes duplicate detections and detections without // correlating IDs such as those made by literal values. { "TotalDetections", _totalDetections.ToString(CultureInfo.InvariantCulture) }, // The total amount of time spent masking secrets. { "ElapsedMaskingTimeInMilliseconds", elapsedMaskingTime.TotalMilliseconds.ToString(CultureInfo.InvariantCulture) }, // Whether the 'maxUniqueCorrelatingIds' limit was exceeded and // therefore the 'SecretMaskerDetectionCorrelation' events does // not contain all unique correlating IDs detected. { "CorrelationDataIsIncomplete", correlationDataIsIncomplete.ToString(CultureInfo.InvariantCulture) }, // The total number of unique correlating IDs reported in // 'SecretMaskerCorrelation' events. // // NOTE: This may be less than the total number of unique // correlating IDs if the maximum was exceeded. See above. { "UniqueCorrelatingIds", uniqueCorrelatingIds.ToString(CultureInfo.InvariantCulture) }, }; publishAction("SecretMasker", overallData); } } // This is a no-op for the OSS SecretMasker because it respects // MinimumSecretLength immediately without requiring an extra API call. void IRawSecretMasker.RemoveShortSecretsFromDictionary() { } } ================================================ FILE: src/Agent.Sdk/TaskPlugin.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Net.Http; using System.Net.Http.Headers; using System.Runtime.InteropServices; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.Content.Common.Telemetry; using Microsoft.VisualStudio.Services.WebApi; using Newtonsoft.Json; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Agent.Sdk.Knob; using System.Runtime.CompilerServices; namespace Agent.Sdk { public interface IAgentTaskPlugin { Guid Id { get; } string Stage { get; } Task RunAsync(AgentTaskPluginExecutionContext executionContext, CancellationToken token); } public class WellKnownJobSettings { public static readonly string HasMultipleCheckouts = "HasMultipleCheckouts"; public static readonly string FirstRepositoryCheckedOut = "FirstRepositoryCheckedOut"; public static readonly string DefaultWorkingDirectoryRepository = "DefaultWorkingDirectoryRepository"; public static readonly string WorkspaceIdentifier = "WorkspaceIdentifier"; public static readonly string CommandCorrelationId = "CommandCorrelationId"; } public class AgentTaskPluginExecutionContext : ITraceWriter, IKnobValueContext { private VssConnection _connection; private readonly object _stdoutLock = new object(); private readonly ITraceWriter _trace; // for unit tests private static string _failTaskCommand = "##vso[task.complete result=Failed;]"; public AgentTaskPluginExecutionContext() : this(null) { } public AgentTaskPluginExecutionContext(ITraceWriter trace) { _trace = trace; this.Endpoints = new List(); this.Inputs = new Dictionary(StringComparer.OrdinalIgnoreCase); this.Repositories = new List(); this.TaskVariables = new Dictionary(StringComparer.OrdinalIgnoreCase); this.Variables = new Dictionary(StringComparer.OrdinalIgnoreCase); } public List Endpoints { get; set; } public List Repositories { get; set; } public Dictionary Variables { get; set; } public Dictionary TaskVariables { get; set; } public Dictionary Inputs { get; set; } public ContainerInfo Container { get; set; } public Dictionary JobSettings { get; set; } public AgentWebProxySettings WebProxySettings { get; private set; } [JsonIgnore] public VssConnection VssConnection { get { if (_connection == null) { _connection = InitializeVssConnection(); } return _connection; } } public VssConnection InitializeVssConnection() { var headerValues = new List(); headerValues.Add(new ProductInfoHeaderValue($"VstsAgentCore-Plugin", Variables.GetValueOrDefault("agent.version")?.Value ?? "Unknown")); headerValues.Add(new ProductInfoHeaderValue($"({RuntimeInformation.OSDescription.Trim()})")); if (VssClientHttpRequestSettings.Default.UserAgent != null && VssClientHttpRequestSettings.Default.UserAgent.Count > 0) { headerValues.AddRange(VssClientHttpRequestSettings.Default.UserAgent); } VssClientHttpRequestSettings.Default.UserAgent = headerValues; if (PlatformUtil.RunningOnLinux || PlatformUtil.RunningOnMacOS) { // The .NET Core 2.1 runtime switched its HTTP default from HTTP 1.1 to HTTP 2. // This causes problems with some versions of the Curl handler. // See GitHub issue https://github.com/dotnet/corefx/issues/32376 VssClientHttpRequestSettings.Default.UseHttp11 = true; } var certSetting = GetCertConfiguration(); bool skipServerCertificateValidation = false; if (certSetting != null) { if (!string.IsNullOrEmpty(certSetting.ClientCertificateArchiveFile)) { VssClientHttpRequestSettings.Default.ClientCertificateManager = new AgentClientCertificateManager(certSetting.ClientCertificateArchiveFile, certSetting.ClientCertificatePassword); } if (certSetting.SkipServerCertificateValidation) { skipServerCertificateValidation = true; VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; } } WebProxySettings = GetProxyConfiguration(); if (WebProxySettings != null) { if (!string.IsNullOrEmpty(WebProxySettings.ProxyAddress)) { VssHttpMessageHandler.DefaultWebProxy = new AgentWebProxy(WebProxySettings.ProxyAddress, WebProxySettings.ProxyUsername, WebProxySettings.ProxyPassword, WebProxySettings.ProxyBypassList, WebProxySettings.UseBasicAuthForProxy); } } ServiceEndpoint systemConnection = this.Endpoints.FirstOrDefault(e => string.Equals(e.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); ArgUtil.NotNull(systemConnection, nameof(systemConnection)); ArgUtil.NotNull(systemConnection.Url, nameof(systemConnection.Url)); VssCredentials credentials = VssUtil.GetVssCredential(systemConnection); ArgUtil.NotNull(credentials, nameof(credentials)); return VssUtil.CreateConnection(systemConnection.Url, credentials, trace: _trace, skipServerCertificateValidation); } public string GetInput(string name, bool required = false) { string value = null; if (this.Inputs.ContainsKey(name)) { value = this.Inputs[name]; } if (string.IsNullOrEmpty(value) && required) { throw new ArgumentNullException(name); } return value; } public void Info(string message, [CallerMemberName] string operation = "") { ArgUtil.NotNull(message, nameof(message)); Debug(message); } public void Verbose(string message, [CallerMemberName] string operation = "") { ArgUtil.NotNull(message, nameof(message)); string vstsAgentTrace = AgentKnobs.TraceVerbose.GetValue(this).AsString(); if (!string.IsNullOrEmpty(vstsAgentTrace)) { Debug(message); } } public void Error(string message) { ArgUtil.NotNull(message, nameof(message)); Output($"##vso[task.logissue type=error;]{Escape(message)}"); Output(_failTaskCommand); } public void Debug(string message) { ArgUtil.NotNull(message, nameof(message)); Output($"##vso[task.debug]{Escape(message)}"); } public void Warning(string message) { ArgUtil.NotNull(message, nameof(message)); Output($"##vso[task.logissue type=warning;]{Escape(message)}"); } public void PublishTelemetry(string area, string feature, Dictionary properties) { ArgUtil.NotNull(area, nameof(area)); ArgUtil.NotNull(feature, nameof(feature)); ArgUtil.NotNull(properties, nameof(properties)); string propertiesAsJson = StringUtil.ConvertToJson(properties, Formatting.None); Output($"##vso[telemetry.publish area={area};feature={feature}]{Escape(propertiesAsJson)}"); } public void PublishTelemetry(string area, string feature, Dictionary properties) { ArgUtil.NotNull(area, nameof(area)); ArgUtil.NotNull(feature, nameof(feature)); ArgUtil.NotNull(properties, nameof(properties)); string propertiesAsJson = StringUtil.ConvertToJson(properties, Formatting.None); Output($"##vso[telemetry.publish area={area};feature={feature}]{Escape(propertiesAsJson)}"); } public void PublishTelemetry(string area, string feature, TelemetryRecord record) => PublishTelemetry(area, feature, record?.GetAssignedProperties()); public void Output(string message) { ArgUtil.NotNull(message, nameof(message)); lock (_stdoutLock) { if (_trace == null) { Console.WriteLine(message); } else { _trace.Info(message); } } } public bool IsSystemDebugTrue() { if (Variables.TryGetValue("system.debug", out VariableValue systemDebugVar)) { return string.Equals(systemDebugVar?.Value, "true", StringComparison.OrdinalIgnoreCase); } return false; } public virtual void PrependPath(string directory) { ArgUtil.NotNull(directory, nameof(directory)); PathUtil.PrependPath(directory); Output($"##vso[task.prependpath]{Escape(directory)}"); } public void Progress(int progress, string operation) { ArgUtil.NotNull(operation, nameof(operation)); if (progress < 0 || progress > 100) { throw new ArgumentOutOfRangeException(nameof(progress)); } Output($"##vso[task.setprogress value={progress}]{Escape(operation)}"); } public void SetSecret(string secret) { ArgUtil.NotNull(secret, nameof(secret)); Output($"##vso[task.setsecret]{Escape(secret)}"); } public void SetVariable(string variable, string value, bool isSecret = false) { ArgUtil.NotNull(variable, nameof(variable)); ArgUtil.NotNull(value, nameof(value)); this.Variables[variable] = new VariableValue(value, isSecret); Output($"##vso[task.setvariable variable={Escape(variable)};issecret={isSecret.ToString()};]{Escape(value)}"); } public void SetTaskVariable(string variable, string value, bool isSecret = false) { ArgUtil.NotNull(variable, nameof(variable)); ArgUtil.NotNull(value, nameof(value)); this.TaskVariables[variable] = new VariableValue(value, isSecret); Output($"##vso[task.settaskvariable variable={Escape(variable)};issecret={isSecret.ToString()};]{Escape(value)}"); } public void Command(string command) { ArgUtil.NotNull(command, nameof(command)); Output($"##[command]{Escape(command)}"); } public void UpdateRepositoryPath(string alias, string path) { ArgUtil.NotNull(alias, nameof(alias)); ArgUtil.NotNull(path, nameof(path)); Output($"##vso[plugininternal.updaterepositorypath alias={Escape(alias)};]{path}"); } public AgentCertificateSettings GetCertConfiguration() { bool skipCertValidation = StringUtil.ConvertToBoolean(this.Variables.GetValueOrDefault("Agent.SkipCertValidation")?.Value); string caFile = this.Variables.GetValueOrDefault("Agent.CAInfo")?.Value; string clientCertFile = this.Variables.GetValueOrDefault("Agent.ClientCert")?.Value; if (!string.IsNullOrEmpty(caFile) || !string.IsNullOrEmpty(clientCertFile) || skipCertValidation) { var certConfig = new AgentCertificateSettings(); certConfig.SkipServerCertificateValidation = skipCertValidation; certConfig.CACertificateFile = caFile; if (!string.IsNullOrEmpty(clientCertFile)) { certConfig.ClientCertificateFile = clientCertFile; string clientCertKey = this.Variables.GetValueOrDefault("Agent.ClientCertKey")?.Value; string clientCertArchive = this.Variables.GetValueOrDefault("Agent.ClientCertArchive")?.Value; string clientCertPassword = this.Variables.GetValueOrDefault("Agent.ClientCertPassword")?.Value; certConfig.ClientCertificatePrivateKeyFile = clientCertKey; certConfig.ClientCertificateArchiveFile = clientCertArchive; certConfig.ClientCertificatePassword = clientCertPassword; certConfig.VssClientCertificateManager = new AgentClientCertificateManager(clientCertArchive, clientCertPassword); } return certConfig; } else { return null; } } public AgentWebProxySettings GetProxyConfiguration() { string proxyUrl = this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentProxyUrlKey)?.Value; if (!string.IsNullOrEmpty(proxyUrl)) { string proxyUsername = this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentProxyUsernameKey)?.Value; string proxyPassword = this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentProxyPasswordKey)?.Value; List proxyBypassHosts = StringUtil.ConvertFromJson>(this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentProxyBypassListKey)?.Value ?? "[]"); bool useBasicAuthForProxy = StringUtil.ConvertToBoolean(this.Variables.GetValueOrDefault(AgentWebProxySettings.AgentUseBasicAuthForProxyKey)?.Value); return new AgentWebProxySettings() { ProxyAddress = proxyUrl, ProxyUsername = proxyUsername, ProxyPassword = proxyPassword, ProxyBypassList = proxyBypassHosts, UseBasicAuthForProxy = useBasicAuthForProxy, WebProxy = new AgentWebProxy(proxyUrl, proxyUsername, proxyPassword, proxyBypassHosts, useBasicAuthForProxy) }; } // back-compat of proxy configuration via environment variables else if (!string.IsNullOrWhiteSpace(Environment.GetEnvironmentVariable("VSTS_HTTP_PROXY"))) { var ProxyUrl = Environment.GetEnvironmentVariable("VSTS_HTTP_PROXY"); ProxyUrl = ProxyUrl.Trim(); var ProxyUsername = Environment.GetEnvironmentVariable("VSTS_HTTP_PROXY_USERNAME"); var ProxyPassword = Environment.GetEnvironmentVariable("VSTS_HTTP_PROXY_PASSWORD"); var UseBasicAuthForProxy = StringUtil.ConvertToBoolean(Environment.GetEnvironmentVariable("VSTS_HTTP_PROXY_BASIC_AUTH")); return new AgentWebProxySettings() { ProxyAddress = ProxyUrl, ProxyUsername = ProxyUsername, ProxyPassword = ProxyPassword, UseBasicAuthForProxy = UseBasicAuthForProxy, WebProxy = new AgentWebProxy(ProxyUrl, ProxyUsername, ProxyPassword, null, UseBasicAuthForProxy) }; } else { return null; } } private string Escape(string input) { var unescapePercents = AgentKnobs.DecodePercents.GetValue(this).AsBoolean(); var escaped = CommandStringConvertor.Escape(input, unescapePercents); return escaped; } string IKnobValueContext.GetVariableValueOrDefault(string variableName) { return Variables.GetValueOrDefault(variableName)?.Value; } IScopedEnvironment IKnobValueContext.GetScopedEnvironment() { return new SystemEnvironment(); } } } ================================================ FILE: src/Agent.Sdk/Util/ArgUtil/ArgUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk.Util; using System; using System.Collections.Generic; using System.IO; using System.Linq; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class ArgUtil { public static IArgUtilInstanced ArgUtilInstance = new ArgUtilInstanced(); public static void Directory([ValidatedNotNull] string directory, string name) { ArgUtil.ArgUtilInstance.Directory(directory, name); } public static void Equal(T expected, T actual, string name) { ArgUtil.ArgUtilInstance.Equal(expected, actual, name); } public static void File(string fileName, string name) { ArgUtil.ArgUtilInstance.File(fileName, name); } public static void NotNull([ValidatedNotNull] object value, string name) { ArgUtil.ArgUtilInstance.NotNull(value, name); } public static void NotNullOrEmpty([ValidatedNotNull] string value, string name) { ArgUtil.ArgUtilInstance.NotNullOrEmpty(value, name); } public static void ListNotNullOrEmpty([ValidatedNotNull] IEnumerable value, string name) { ArgUtil.ArgUtilInstance.ListNotNullOrEmpty(value, name); } public static void NotEmpty(Guid value, string name) { ArgUtil.ArgUtilInstance.NotEmpty(value, name); } public static void Null(object value, string name) { ArgUtil.ArgUtilInstance.Null(value, name); } } [AttributeUsage(AttributeTargets.Parameter)] sealed class ValidatedNotNullAttribute : Attribute { } } ================================================ FILE: src/Agent.Sdk/Util/ArgUtil/ArgUtilInstanced.cs ================================================ using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text; namespace Microsoft.VisualStudio.Services.Agent.Util { public class ArgUtilInstanced : IArgUtilInstanced { public ArgUtilInstanced() { } public virtual void Directory([ValidatedNotNull] string directory, string name) { ArgUtil.NotNullOrEmpty(directory, name); if (!System.IO.Directory.Exists(directory)) { throw new DirectoryNotFoundException( message: StringUtil.Loc("DirectoryNotFound", directory)); } } public void Equal(T expected, T actual, string name) { if (object.ReferenceEquals(expected, actual)) { return; } if (object.ReferenceEquals(expected, null) || !expected.Equals(actual)) { throw new ArgumentOutOfRangeException( paramName: name, actualValue: actual, message: $"{name} does not equal expected value. Expected '{expected}'. Actual '{actual}'."); } } public virtual void File(string fileName, string name) { ArgUtil.NotNullOrEmpty(fileName, name); if (!System.IO.File.Exists(fileName)) { throw new FileNotFoundException( message: StringUtil.Loc("FileNotFound", fileName), fileName: fileName); } } public void NotNull([ValidatedNotNull] object value, string name) { if (object.ReferenceEquals(value, null)) { throw new ArgumentNullException(name); } } public void NotNullOrEmpty([ValidatedNotNull] string value, string name) { if (string.IsNullOrEmpty(value)) { throw new ArgumentNullException(name); } } public void ListNotNullOrEmpty([ValidatedNotNull] IEnumerable value, string name) { if (object.ReferenceEquals(value, null)) { throw new ArgumentNullException(name); } else if (!value.Any()) { throw new ArgumentException(message: $"{name} must have at least one item.", paramName: name); } } public void NotEmpty(Guid value, string name) { if (value == Guid.Empty) { throw new ArgumentNullException(name); } } public void Null(object value, string name) { if (!object.ReferenceEquals(value, null)) { throw new ArgumentException(message: $"{name} should be null.", paramName: name); } } } } ================================================ FILE: src/Agent.Sdk/Util/ArgUtil/IArgUtilInstanced.cs ================================================ using System; using System.Collections.Generic; using System.Text; namespace Microsoft.VisualStudio.Services.Agent.Util { public interface IArgUtilInstanced { public void Directory([ValidatedNotNull] string directory, string name); public void Equal(T expected, T actual, string name); public void File(string fileName, string name); public void NotNull([ValidatedNotNull] object value, string name); public void NotNullOrEmpty([ValidatedNotNull] string value, string name); public void ListNotNullOrEmpty([ValidatedNotNull] IEnumerable value, string name); public void NotEmpty(Guid value, string name); public void Null(object value, string name); } } ================================================ FILE: src/Agent.Sdk/Util/AzureInstanceMetadataProvider.cs ================================================ using System; using System.Collections.Generic; using System.Collections.Specialized; using System.Net.Http; using System.Text; using System.Web; namespace Agent.Sdk.Util { class AzureInstanceMetadataProvider : IDisposable { private HttpClient _client; private const string _version = "2021-02-01"; private const string _azureMetadataEndpoint = "http://169.254.169.254/metadata"; public AzureInstanceMetadataProvider() { _client = new HttpClient(); _client.Timeout = TimeSpan.FromSeconds(5); } public void Dispose() { _client?.Dispose(); _client = null; } private HttpRequestMessage BuildRequest(string url, Dictionary parameters) { UriBuilder builder = new UriBuilder(url); NameValueCollection queryParameters = HttpUtility.ParseQueryString(builder.Query); if (!parameters.ContainsKey("api-version")) { parameters.Add("api-version", _version); } foreach (KeyValuePair entry in parameters) { queryParameters[entry.Key] = entry.Value; } builder.Query = queryParameters.ToString(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, builder.Uri); request.Headers.Add("Metadata", "true"); return request; } public string GetMetadata(string category, Dictionary parameters) { if (_client == null) { throw new ObjectDisposedException(nameof(AzureInstanceMetadataProvider)); } using HttpRequestMessage request = BuildRequest($"{_azureMetadataEndpoint}/{category}", parameters); HttpResponseMessage response = _client.SendAsync(request).Result; if (!response.IsSuccessStatusCode) { string errorText = response.Content.ReadAsStringAsync().Result; throw new Exception($"Error retrieving metadata category { category }. Received status {response.StatusCode}: {errorText}"); } return response.Content.ReadAsStringAsync().Result; } public bool HasMetadata() { try { return GetMetadata("instance", new Dictionary { ["format"] = "text" }) != null; } catch (Exception) { return false; } } } } ================================================ FILE: src/Agent.Sdk/Util/BlobStoreWarningInfoProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class BlobStoreWarningInfoProvider { /// /// Used to get platform-specific reference to allow list in documentation /// public static string GetAllowListLinkForCurrentPlatform() { var hostOS = PlatformUtil.HostOS; var infoURL = ""; switch (hostOS) { case PlatformUtil.OS.Windows: infoURL = PlatformSpecificAllowList.WindowsAllowList; break; case PlatformUtil.OS.Linux: infoURL = PlatformSpecificAllowList.LinuxAllowList; break; case PlatformUtil.OS.OSX: infoURL = PlatformSpecificAllowList.MacOSAllowList; break; default: infoURL = PlatformSpecificAllowList.GenericAllowList; break; } return infoURL; } internal static class PlatformSpecificAllowList { public const string GenericAllowList = "https://aka.ms/adoallowlist"; public const string WindowsAllowList = "https://aka.ms/windows-agent-allowlist"; public const string MacOSAllowList = "https://aka.ms/macOS-agent-allowlist"; public const string LinuxAllowList = "https://aka.ms/linux-agent-allowlist"; } } } ================================================ FILE: src/Agent.Sdk/Util/CertificateUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Security.Cryptography.X509Certificates; namespace Agent.Sdk.Util { public static class CertificateUtil { /// /// Loads an X509Certificate2 from a file, handling different certificate formats. /// Uses X509CertificateLoader for .NET 9+ for Cert and Pkcs12 formats. /// For all other formats, uses the legacy constructor with warning suppression. /// /// Path to the certificate file /// Optional password for PKCS#12/PFX files /// The loaded X509Certificate2 public static X509Certificate2 LoadCertificate(string certificatePath, string password = null) { #if NET9_0_OR_GREATER var contentType = X509Certificate2.GetCertContentType(certificatePath); switch (contentType) { case X509ContentType.Cert: // DER-encoded or PEM-encoded certificate return X509CertificateLoader.LoadCertificateFromFile(certificatePath); case X509ContentType.Pkcs12: // Note: X509ContentType.Pfx has the same value (3) as Pkcs12 refer: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509contenttype?view=net-10.0 return X509CertificateLoader.LoadPkcs12FromFile(certificatePath, password); default: // For all other formats (Pkcs7, SerializedCert, SerializedStore, Authenticode, Unknown), // use the legacy constructor with warning suppression #pragma warning disable SYSLIB0057 if (string.IsNullOrEmpty(password)) { return new X509Certificate2(certificatePath); } else { return new X509Certificate2(certificatePath, password); } #pragma warning restore SYSLIB0057 } #else // For .NET 8 and earlier, use the traditional constructor // The constructor automatically handles all certificate types if (string.IsNullOrEmpty(password)) { return new X509Certificate2(certificatePath); } else { return new X509Certificate2(certificatePath, password); } #endif } } } ================================================ FILE: src/Agent.Sdk/Util/ExceptionsUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Net.Sockets; using Microsoft.VisualStudio.Services.Agent.Util; namespace Agent.Sdk.Util { public class ExceptionsUtil { public static void HandleAggregateException(AggregateException e, Action traceErrorAction) { traceErrorAction("One or several exceptions have been occurred."); foreach (var ex in ((AggregateException)e).Flatten().InnerExceptions) { traceErrorAction(ex.ToString()); } } public static void HandleSocketException(SocketException e, string url, Action traceErrorAction) { traceErrorAction("SocketException occurred."); traceErrorAction(e.Message); traceErrorAction($"Verify whether you have (network) access to {url}"); traceErrorAction($"URLs the agent need communicate with - {BlobStoreWarningInfoProvider.GetAllowListLinkForCurrentPlatform()}"); } } } ================================================ FILE: src/Agent.Sdk/Util/IOUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Linq; using System.Security.Cryptography; using System.Text; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class IOUtil { const int MAX_RETRY_DELETION = 3; private static UtilKnobValueContext _knobContext = UtilKnobValueContext.Instance(); public static string ExeExtension { get => PlatformUtil.RunningOnWindows ? ".exe" : string.Empty; } public static StringComparison FilePathStringComparison { get => PlatformUtil.RunningOnLinux ? StringComparison.Ordinal : StringComparison.OrdinalIgnoreCase; } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1720: Identifiers should not contain type")] public static void SaveObject(object obj, string path) { File.WriteAllText(path, StringUtil.ConvertToJson(obj), Encoding.UTF8); } public static T LoadObject(string path) { string json = File.ReadAllText(path, Encoding.UTF8); return StringUtil.ConvertFromJson(json); } public static string GetPathHash(string path) { ArgUtil.NotNull(path, nameof(path)); string hashString = path.ToLowerInvariant(); using (SHA256 sha256hash = SHA256.Create()) { byte[] data = sha256hash.ComputeHash(Encoding.UTF8.GetBytes(hashString)); StringBuilder sBuilder = new StringBuilder(); for (int i = 0; i < data.Length; i++) { sBuilder.Append(data[i].ToString("x2")); } string hash = sBuilder.ToString(); return hash; } } public static string GetFileHash(string path) { using (SHA256 sha256hash = SHA256.Create()) { FileInfo info = new FileInfo(path); // Open the file. FileStream stream = info.Open(FileMode.Open); // Be sure the stream is positioned to the beginning of the file. stream.Position = 0; // Compute the hash of the file stream. byte[] hashAsBytes = sha256hash.ComputeHash(stream); // Close the file. stream.Close(); // Convert the computed file hash from the byte array to a string. string hash = BitConverter.ToString(hashAsBytes); return hash; } } public static void Delete(string path, CancellationToken cancellationToken) { DeleteDirectory(path, cancellationToken); DeleteFile(path); } public static void DeleteDirectory(string path, CancellationToken cancellationToken) { DeleteDirectory(path, contentsOnly: false, continueOnContentDeleteError: false, cancellationToken: cancellationToken); } public static void DeleteDirectory(string path, bool contentsOnly, bool continueOnContentDeleteError, CancellationToken cancellationToken) { ArgUtil.NotNullOrEmpty(path, nameof(path)); DirectoryInfo directory = new DirectoryInfo(path); if (!directory.Exists) { return; } if (!contentsOnly) { // Remove the readonly flag. RemoveReadOnly(directory); // Check if the directory is a reparse point. if (directory.Attributes.HasFlag(FileAttributes.ReparsePoint)) { // Delete the reparse point directory and short-circuit. directory.Delete(); return; } } // Initialize a concurrent stack to store the directories. The directories // cannot be deleted until the files are deleted. var directories = new ConcurrentStack(); if (!contentsOnly) { directories.Push(directory); } // Create a new token source for the parallel query. The parallel query should be // canceled after the first error is encountered. Otherwise the number of exceptions // could get out of control for a large directory with access denied on every file. using (var tokenSource = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken)) { try { // Recursively delete all files and store all subdirectories. Enumerate(directory, tokenSource) .AsParallel() .WithCancellation(tokenSource.Token) .ForAll((FileSystemInfo item) => { bool success = false; try { // Skip for Symlinks if (!item.Attributes.HasFlag(FileAttributes.ReparsePoint)) { // Remove the readonly attribute. RemoveReadOnly(item); } // Check if the item is a file. if (item is FileInfo) { // Delete the file. item.Delete(); } else { // Check if the item is a directory reparse point. var subdirectory = item as DirectoryInfo; ArgUtil.NotNull(subdirectory, nameof(subdirectory)); if (subdirectory.Attributes.HasFlag(FileAttributes.ReparsePoint)) { try { // Delete the reparse point. subdirectory.Delete(); } catch (DirectoryNotFoundException) { // The target of the reparse point directory has been deleted. // Therefore the item is no longer a directory and is now a file. // // Deletion of reparse point directories happens in parallel. This case can occur // when reparse point directory FOO points to some other reparse point directory BAR, // and BAR is deleted after the DirectoryInfo for FOO has already been initialized. File.Delete(subdirectory.FullName); } } else { // Store the directory. directories.Push(subdirectory); } } success = true; } catch (Exception) when (continueOnContentDeleteError) { // ignore any exception when continueOnContentDeleteError is true. success = true; } finally { if (!success) { tokenSource.Cancel(); // Cancel is thread-safe. } } }); } catch (Exception) { tokenSource.Cancel(); throw; } } // Delete the directories. foreach (DirectoryInfo dir in directories.OrderByDescending(x => x.FullName.Length)) { cancellationToken.ThrowIfCancellationRequested(); dir.Delete(); } } public static void DeleteFile(string path) { ArgUtil.NotNullOrEmpty(path, nameof(path)); var file = new FileInfo(path); if (file.Exists) { RemoveReadOnly(file); file.Delete(); } } public static async Task DeleteDirectoryWithRetry(string path, CancellationToken cancellationToken) { for (int i = 1; i <= MAX_RETRY_DELETION; i++) { cancellationToken.ThrowIfCancellationRequested(); try { DeleteDirectory(path, cancellationToken); return; } // There is no reason to retry on DirectoryNotFoundException, SecruityException and UnauthorizedAccessException // DeleteDirectory is parallel execution so returned exception is AggregateException (with InnerExeptions) rather than IOException catch (AggregateException aex) when (i < MAX_RETRY_DELETION && aex.InnerExceptions.Any(ex => ex is IOException)) { // Pause execution briefly to allow the file to become accessible await Task.Delay(i * 1000, cancellationToken); } //Propogate exception if it is not possible to delete directory after retrying catch (Exception) { throw; } } } public static async Task DeleteFileWithRetry(string path, CancellationToken cancellationToken) { for (int i = 1; i <= MAX_RETRY_DELETION; i++) { cancellationToken.ThrowIfCancellationRequested(); try { DeleteFile(path); return; } // There is no reason to retry on FileNotFoundException, SecruityException and UnauthorizedAccessException catch (IOException) when (i < MAX_RETRY_DELETION) { // Pause execution briefly to allow the file to become accessible await Task.Delay(i * 1000, cancellationToken); } //Propogate exception if it is not possible to delete file after retrying catch (Exception) { throw; } } } public static void MoveDirectory(string sourceDir, string targetDir, string stagingDir, CancellationToken token) { ArgUtil.Directory(sourceDir, nameof(sourceDir)); ArgUtil.NotNullOrEmpty(targetDir, nameof(targetDir)); ArgUtil.NotNullOrEmpty(stagingDir, nameof(stagingDir)); // delete existing stagingDir DeleteDirectory(stagingDir, token); // make sure parent dir of stagingDir exist Directory.CreateDirectory(Path.GetDirectoryName(stagingDir)); // move source to staging Directory.Move(sourceDir, stagingDir); // delete existing targetDir DeleteDirectory(targetDir, token); // make sure parent dir of targetDir exist Directory.CreateDirectory(Path.GetDirectoryName(targetDir)); // move staging to target Directory.Move(stagingDir, targetDir); } /// /// Given a path and directory, return the path relative to the directory. If the path is not /// under the directory the path is returned un modified. Examples: /// MakeRelative(@"d:\src\project\foo.cpp", @"d:\src") -> @"project\foo.cpp" /// MakeRelative(@"d:\src\project\foo.cpp", @"d:\specs") -> @"d:\src\project\foo.cpp" /// MakeRelative(@"d:\src\project\foo.cpp", @"d:\src\proj") -> @"d:\src\project\foo.cpp" /// /// Safe for remote paths. Does not access the local disk. /// Path to make relative. /// Folder to make it relative to. /// Relative path. public static string MakeRelative(string path, string folder) { ArgUtil.NotNullOrEmpty(path, nameof(path)); ArgUtil.NotNull(folder, nameof(folder)); // Replace all Path.AltDirectorySeparatorChar with Path.DirectorySeparatorChar from both inputs path = path.Replace(Path.AltDirectorySeparatorChar, Path.DirectorySeparatorChar); folder = folder.Replace(Path.AltDirectorySeparatorChar, Path.DirectorySeparatorChar); // Check if the dir is a prefix of the path (if not, it isn't relative at all). if (!path.StartsWith(folder, IOUtil.FilePathStringComparison)) { return path; } // Dir is a prefix of the path, if they are the same length then the relative path is empty. if (path.Length == folder.Length) { return string.Empty; } // If the dir ended in a '\\' (like d:\) or '/' (like user/bin/) then we have a relative path. if (folder.Length > 0 && folder[folder.Length - 1] == Path.DirectorySeparatorChar) { return path.Substring(folder.Length); } // The next character needs to be a '\\' or they aren't really relative. else if (path[folder.Length] == Path.DirectorySeparatorChar) { return path.Substring(folder.Length + 1); } else { return path; } } public static string ResolvePath(String rootPath, String relativePath) { ArgUtil.NotNullOrEmpty(rootPath, nameof(rootPath)); ArgUtil.NotNullOrEmpty(relativePath, nameof(relativePath)); if (!Path.IsPathRooted(rootPath)) { throw new ArgumentException($"{rootPath} should be a rooted path."); } if (relativePath.IndexOfAny(Path.GetInvalidPathChars()) > -1) { throw new InvalidOperationException($"{relativePath} contains invalid path characters."); } else if (Path.GetFileName(relativePath).IndexOfAny(Path.GetInvalidFileNameChars()) > -1) { throw new InvalidOperationException($"{relativePath} contains invalid folder name characters."); } else if (Path.IsPathRooted(relativePath)) { throw new InvalidOperationException($"{relativePath} can not be a rooted path."); } else { rootPath = rootPath.Replace(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar); relativePath = relativePath.Replace(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar); // Root the path relativePath = String.Concat(rootPath, Path.AltDirectorySeparatorChar, relativePath); // Collapse ".." directories with their parent, and skip "." directories. String[] split = relativePath.Split(new[] { Path.AltDirectorySeparatorChar }, StringSplitOptions.RemoveEmptyEntries); var segments = new Stack(split.Length); Int32 skip = 0; for (Int32 i = split.Length - 1; i >= 0; i--) { String segment = split[i]; if (String.Equals(segment, ".", StringComparison.Ordinal)) { continue; } else if (String.Equals(segment, "..", StringComparison.Ordinal)) { skip++; } else if (skip > 0) { skip--; } else { segments.Push(segment); } } if (skip > 0) { throw new InvalidOperationException($"The file path {relativePath} is invalid"); } if (PlatformUtil.RunningOnWindows) { if (segments.Count > 1) { return String.Join(Path.DirectorySeparatorChar, segments); } else { return segments.Pop() + Path.DirectorySeparatorChar; } } else { return Path.DirectorySeparatorChar + String.Join(Path.DirectorySeparatorChar, segments); } } } public static void CopyDirectory(string source, string target, CancellationToken cancellationToken) { // Validate args. ArgUtil.Directory(source, nameof(source)); ArgUtil.NotNullOrEmpty(target, nameof(target)); ArgUtil.NotNull(cancellationToken, nameof(cancellationToken)); cancellationToken.ThrowIfCancellationRequested(); // Create the target directory. Directory.CreateDirectory(target); // Get the file contents of the directory to copy. DirectoryInfo sourceDir = new DirectoryInfo(source); foreach (FileInfo sourceFile in sourceDir.GetFiles() ?? new FileInfo[0]) { // Check if the file already exists. cancellationToken.ThrowIfCancellationRequested(); FileInfo targetFile = new FileInfo(Path.Combine(target, sourceFile.Name)); if (!targetFile.Exists || sourceFile.Length != targetFile.Length || sourceFile.LastWriteTime != targetFile.LastWriteTime) { // Copy the file. sourceFile.CopyTo(targetFile.FullName, true); } } // Copy the subdirectories. foreach (DirectoryInfo subDir in sourceDir.GetDirectories() ?? new DirectoryInfo[0]) { CopyDirectory( source: subDir.FullName, target: Path.Combine(target, subDir.Name), cancellationToken: cancellationToken); } } public static void ValidateExecutePermission(string directory) { ArgUtil.Directory(directory, nameof(directory)); string dir = directory; int failsafe = AgentKnobs.PermissionsCheckFailsafe.GetValue(_knobContext).AsInt(); for (int i = 0; i < failsafe; i++) { try { Directory.EnumerateFileSystemEntries(dir).FirstOrDefault(); } catch (UnauthorizedAccessException ex) { // Permission to read the directory contents is required for '{0}' and each directory up the hierarchy. {1} string message = StringUtil.Loc("DirectoryHierarchyUnauthorized", directory, ex.Message); throw new UnauthorizedAccessException(message, ex); } dir = Path.GetDirectoryName(dir); if (string.IsNullOrEmpty(dir)) { return; } } // This should never happen. throw new NotSupportedException($"Unable to validate execute permissions for directory '{directory}'. Exceeded maximum iterations."); } /// /// Recursively enumerates a directory without following directory reparse points. /// private static IEnumerable Enumerate(DirectoryInfo directory, CancellationTokenSource tokenSource) { ArgUtil.NotNull(directory, nameof(directory)); ArgUtil.Equal(false, directory.Attributes.HasFlag(FileAttributes.ReparsePoint), nameof(directory.Attributes.HasFlag)); // Push the directory onto the processing stack. var directories = new Stack(new[] { directory }); while (directories.Count > 0) { // Pop the next directory. directory = directories.Pop(); foreach (FileSystemInfo item in directory.GetFileSystemInfos()) { // Push non-reparse-point directories onto the processing stack. directory = item as DirectoryInfo; if (directory != null && !item.Attributes.HasFlag(FileAttributes.ReparsePoint)) { directories.Push(directory); } // Then yield the directory. Otherwise there is a race condition when this method attempts to initialize // the Attributes and the caller is deleting the reparse point in parallel (FileNotFoundException). yield return item; } } } private static string GetAttributesAsBinary(FileAttributes attributes) { return Convert.ToString((int)attributes, 2).PadLeft(16, '0'); } private static void SetAttributesWithDiagnostics(FileSystemInfo item, FileAttributes newAttributes) { try { item.Attributes = newAttributes; } catch (ArgumentException ex) { string exceptionMessage = $@"ArgumentException was thrown when trying to set file attributes. File path: {item.FullName} File exists: {item.Exists} File attributes: Current attributes: Readable: {item.Attributes.ToString()} As int: {(int)item.Attributes} As binary string: {GetAttributesAsBinary(item.Attributes)} New attributes: Readable: {newAttributes.ToString()} As int: {(int)newAttributes} As binary string: {GetAttributesAsBinary(newAttributes)} Exception message: {ex.Message}"; throw new ArgumentException(exceptionMessage); } } private static void RemoveReadOnly(FileSystemInfo item) { ArgUtil.NotNull(item, nameof(item)); if (item.Attributes.HasFlag(FileAttributes.ReadOnly)) { FileAttributes newAttributes = item.Attributes & ~FileAttributes.ReadOnly; SetAttributesWithDiagnostics(item, newAttributes); } } public static string GetDirectoryName(string path, PlatformUtil.OS platform) { if (string.IsNullOrWhiteSpace(path)) { return string.Empty; } if (platform == PlatformUtil.OS.Windows) { var paths = path.TrimEnd('\\', '/') .Split(new char[] { '\\', '/' }, StringSplitOptions.RemoveEmptyEntries); Array.Resize(ref paths, paths.Length - 1); return string.Join('\\', paths); } else { var paths = path.TrimEnd('/') .Split('/', StringSplitOptions.RemoveEmptyEntries); Array.Resize(ref paths, paths.Length - 1); var prefix = ""; if (path.StartsWith('/')) { prefix = "/"; } return prefix + string.Join('/', paths); } } } } ================================================ FILE: src/Agent.Sdk/Util/MaskingUtil.cs ================================================ using Microsoft.VisualStudio.Services.ServiceEndpoints.WebApi; using System; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class MaskingUtil { /// /// Returns true if endpoint authorization parameter with provided key is a secret /// Masks all keys except the specific fields - for which we know that they don't contain secrets /// /// Key to check /// Returns true if key is a secret public static bool IsEndpointAuthorizationParametersSecret(string key) { var excludedAuthParams = new string[]{ EndpointAuthorizationParameters.IdToken, EndpointAuthorizationParameters.Role, EndpointAuthorizationParameters.Scope, EndpointAuthorizationParameters.TenantId, EndpointAuthorizationParameters.IssuedAt, EndpointAuthorizationParameters.ExpiresAt, EndpointAuthorizationParameters.Audience, EndpointAuthorizationParameters.AuthenticationType, EndpointAuthorizationParameters.AuthorizationType, EndpointAuthorizationParameters.AccessTokenType, EndpointAuthorizationParameters.AccessTokenFetchingMethod, EndpointAuthorizationParameters.UseWindowsSecurity, EndpointAuthorizationParameters.Unsecured, EndpointAuthorizationParameters.OAuthAccessTokenIsSupplied, EndpointAuthorizationParameters.Audience, EndpointAuthorizationParameters.CompleteCallbackPayload, EndpointAuthorizationParameters.AcceptUntrustedCertificates }; foreach (var authParam in excludedAuthParams) { if (String.Equals(key, authParam, StringComparison.OrdinalIgnoreCase)) { return false; } } return true; } } } ================================================ FILE: src/Agent.Sdk/Util/NetFrameworkUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.Win32; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Runtime.Versioning; using System.Threading; namespace Microsoft.VisualStudio.Services.Agent.Util { [SupportedOSPlatform("windows")] public static class NetFrameworkUtil { private static List _versions; public static bool Test(Version minVersion, ITraceWriter trace) { ArgUtil.NotNull(minVersion, nameof(minVersion)); InitVersions(trace); trace?.Info($"Testing for min NET Framework version: '{minVersion}'"); return _versions.Any(x => x >= minVersion); } private static void InitVersions(ITraceWriter trace) { // See http://msdn.microsoft.com/en-us/library/hh925568(v=vs.110).aspx for details on how to detect framework versions // Also see http://support.microsoft.com/kb/318785 if (_versions != null) { return; } var versions = new List(); // Check for install root. string installRoot = GetHklmValue(@"SOFTWARE\Microsoft\.NETFramework", "InstallRoot", trace) as string; if (!string.IsNullOrEmpty(installRoot)) { // Get the version sub key names. string ndpKeyName = @"SOFTWARE\Microsoft\NET Framework Setup\NDP"; string[] versionSubKeyNames = GetHklmSubKeyNames(ndpKeyName, trace) .Where(x => x.StartsWith("v", StringComparison.OrdinalIgnoreCase)) .ToArray(); foreach (string versionSubKeyName in versionSubKeyNames) { string versionKeyName = $@"{ndpKeyName}\{versionSubKeyName}"; // Test for the version value. string version = GetHklmValue(versionKeyName, "Version", trace) as string; if (!string.IsNullOrEmpty(version)) { // Test for the install flag. object install = GetHklmValue(versionKeyName, "Install", trace); if (!(install is int) || (int)install != 1) { continue; } // Test for the install path. string installPath = Path.Combine(installRoot, versionSubKeyName); trace?.Info($"Testing directory: '{installPath}'"); if (!Directory.Exists(installPath)) { continue; } // Parse the version from the sub key name. Version versionObject; if (!Version.TryParse(versionSubKeyName.Substring(1), out versionObject)) // skip over the leading "v". { trace?.Info($"Unable to parse version from sub key name: '{versionSubKeyName}'"); continue; } trace?.Info($"Found version: {versionObject}"); versions.Add(versionObject); continue; } // Test if deprecated. if (string.Equals(GetHklmValue(versionKeyName, string.Empty, trace) as string, "deprecated", StringComparison.OrdinalIgnoreCase)) { continue; } // Get the profile key names. string[] profileKeyNames = GetHklmSubKeyNames(versionKeyName, trace) .Select(x => $@"{versionKeyName}\{x}") .ToArray(); foreach (string profileKeyName in profileKeyNames) { // Test for the version value. version = GetHklmValue(profileKeyName, "Version", trace) as string; if (string.IsNullOrEmpty(version)) { continue; } // Test for the install flag. object install = GetHklmValue(profileKeyName, "Install", trace); if (!(install is int) || (int)install != 1) { continue; } // Test for the install path. string installPath = (GetHklmValue(profileKeyName, "InstallPath", trace) as string ?? string.Empty) .TrimEnd(Path.DirectorySeparatorChar); if (string.IsNullOrEmpty(installPath)) { continue; } // Determine the version string. // // Use a range since customer might install beta/preview .NET Framework. string versionString = null; object releaseObject = GetHklmValue(profileKeyName, "Release", trace); if (releaseObject != null) { trace?.Info("Type is " + releaseObject.GetType().FullName); } if (releaseObject is int) { int release = (int)releaseObject; if (release == 378389) { versionString = "4.5.0"; } else if (release > 378389 && release <= 378758) { versionString = "4.5.1"; } else if (release > 378758 && release <= 379893) { versionString = "4.5.2"; } else if (release > 379893 && release <= 380995) { versionString = "4.5.3"; } else if (release > 380995 && release <= 393297) { versionString = "4.6.0"; } else if (release > 393297 && release <= 394271) { versionString = "4.6.1"; } else if (release > 394271 && release <= 394806) { versionString = "4.6.2"; } else if (release > 394806) { versionString = "4.7.0"; } else { trace?.Info($"Release '{release}' did not fall into an expected range."); } } if (string.IsNullOrEmpty(versionString)) { continue; } trace?.Info($"Interpreted version: {versionString}"); versions.Add(new Version(versionString)); } } } trace?.Info($"Found {versions.Count} versions:"); foreach (Version versionObject in versions) { trace?.Info($" {versionObject}"); } Interlocked.CompareExchange(ref _versions, versions, null); } private static string[] GetHklmSubKeyNames(string keyName, ITraceWriter trace) { RegistryKey key = Registry.LocalMachine.OpenSubKey(keyName); if (key == null) { trace?.Info($"Key name '{keyName}' is null."); return new string[0]; } try { string[] subKeyNames = key.GetSubKeyNames() ?? new string[0]; trace?.Info($"Key name '{keyName}' contains sub keys:"); foreach (string subKeyName in subKeyNames) { trace?.Info($" '{subKeyName}'"); } return subKeyNames; } finally { key.Dispose(); } } private static object GetHklmValue(string keyName, string valueName, ITraceWriter trace) { keyName = $@"HKEY_LOCAL_MACHINE\{keyName}"; object value = Registry.GetValue(keyName, valueName, defaultValue: null); if (object.ReferenceEquals(value, null)) { trace?.Info($"Key name '{keyName}', value name '{valueName}' is null."); return null; } trace?.Info($"Key name '{keyName}', value name '{valueName}': '{value}'"); return value; } } } ================================================ FILE: src/Agent.Sdk/Util/NullTraceWriter.cs ================================================ using System.Runtime.CompilerServices; namespace Agent.Sdk.Util { internal class NullTraceWriter : ITraceWriter { public void Info(string message, [CallerMemberName] string operation = "") { } public void Verbose(string message, [CallerMemberName] string operation = "") { } } } ================================================ FILE: src/Agent.Sdk/Util/PathUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using System; using System.IO; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class PathUtil { public static string PathVariable { get => PlatformUtil.RunningOnWindows ? "Path" : "PATH"; } public static string PrependPath(string path, string currentPath) { ArgUtil.NotNullOrEmpty(path, nameof(path)); if (string.IsNullOrEmpty(currentPath)) { // Careful not to add a trailing separator if the PATH is empty. // On OSX/Linux, a trailing separator indicates that "current directory" // is added to the PATH, which is considered a security risk. return path; } // Not prepend path if it is already the first path in %PATH% if (currentPath.StartsWith(path + Path.PathSeparator, IOUtil.FilePathStringComparison)) { return currentPath; } else { return path + Path.PathSeparator + currentPath; } } public static void PrependPath(string directory) { ArgUtil.Directory(directory, nameof(directory)); // Build the new value. string currentPath = Environment.GetEnvironmentVariable(PathVariable); string path = PrependPath(directory, currentPath); // Update the PATH environment variable. Environment.SetEnvironmentVariable(PathVariable, path); } } } ================================================ FILE: src/Agent.Sdk/Util/PlatformUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Linq; using System.Reflection; using System.Runtime.InteropServices; using System.Runtime.Versioning; using System.Text; using System.Text.RegularExpressions; using System.Threading; using System.Threading.Tasks; using System.Xml.Linq; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.Win32; using Newtonsoft.Json; using System.ServiceProcess; using Agent.Sdk.Util; using System.Net.Http; using System.Net; namespace Agent.Sdk { public static class PlatformUtil { private static UtilKnobValueContext _knobContext = UtilKnobValueContext.Instance(); private static readonly string[] linuxReleaseFilePaths = new string[2] { "/etc/os-release", "/usr/lib/os-release" }; // System.Runtime.InteropServices.OSPlatform is a struct, so it is // not suitable for switch statements. // The SupportedOSPlatformGuard is not supported on enums, so call sites using this need to suppress warnings https://github.com/dotnet/runtime/issues/51541 [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1717: Only FlagsAttribute enums should have plural names")] public enum OS { Linux, OSX, Windows, } public static OS HostOS { [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1065: Do not raise exceptions in unexpected")] get { if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) { return OS.Linux; } else if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { return OS.OSX; } else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { return OS.Windows; } throw new NotImplementedException($"Unsupported OS: {RuntimeInformation.OSDescription}"); } } [SupportedOSPlatformGuard("windows")] public static bool RunningOnWindows => PlatformUtil.HostOS == PlatformUtil.OS.Windows; [SupportedOSPlatformGuard("macos")] public static bool RunningOnMacOS => PlatformUtil.HostOS == PlatformUtil.OS.OSX; [SupportedOSPlatformGuard("linux")] public static bool RunningOnLinux => PlatformUtil.HostOS == PlatformUtil.OS.Linux; public static bool RunningOnAlpine { get { if (File.Exists("/etc/alpine-release")) { return true; } return false; } } public static async Task IsRunningOnAppleSiliconAsX64Async(CancellationToken cancellationToken) { if (RunningOnMacOS) { try { // See https://stackoverflow.com/questions/65259300/detect-apple-silicon-from-command-line var cpuBrand = await ExecuteShCommand("sysctl -n machdep.cpu.brand_string", cancellationToken); var processArchitecture = await ExecuteShCommand("uname -m", cancellationToken); return cpuBrand.Contains("Apple") && processArchitecture.Contains("x86_64"); } catch { return false; } } return false; } private static async Task ExecuteShCommand(string command, CancellationToken cancellationToken) { using (var invoker = new ProcessInvoker(new NullTraceWriter())) { var stdout = new StringBuilder(); invoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => stdout.Append(e.Data); await invoker.ExecuteAsync( string.Empty, "/bin/sh", $"-c \"{command}\"", null, cancellationToken); return stdout.ToString(); } } public static bool RunningOnRHEL6 { get { if (!(detectedRHEL6 is null)) { return (bool)detectedRHEL6; } DetectRHEL6(); return (bool)detectedRHEL6; } } public static string GetSystemId() { #pragma warning disable CA1416 // SupportedOSPlatformGuard not honored on enum members return PlatformUtil.HostOS switch { PlatformUtil.OS.Linux => GetLinuxId(), PlatformUtil.OS.OSX => "MacOS", PlatformUtil.OS.Windows => GetWindowsId(), _ => null }; #pragma warning restore CA1416 } public static SystemVersion GetSystemVersion() { #pragma warning disable CA1416 // SupportedOSPlatformGuard not honored on enum members return PlatformUtil.HostOS switch { PlatformUtil.OS.Linux => new SystemVersion(GetLinuxName(), null), PlatformUtil.OS.OSX => new SystemVersion(GetOSxName(), null), PlatformUtil.OS.Windows => new SystemVersion(GetWindowsName(), GetWindowsVersion()), _ => null }; #pragma warning restore CA1416 } private static void DetectRHEL6() { lock (detectedRHEL6lock) { if (!RunningOnLinux || !File.Exists("/etc/redhat-release")) { detectedRHEL6 = false; } else { detectedRHEL6 = false; try { string redhatVersion = File.ReadAllText("/etc/redhat-release"); if (redhatVersion.StartsWith("CentOS release 6.") || redhatVersion.StartsWith("Red Hat Enterprise Linux Server release 6.")) { detectedRHEL6 = true; } } catch (IOException) { // IOException indicates we couldn't read that file; probably not RHEL6 } } } } private static string GetLinuxReleaseFilePath() { if (RunningOnLinux) { string releaseFilePath = linuxReleaseFilePaths.FirstOrDefault(x => File.Exists(x), null); return releaseFilePath; } return null; } private static string GetLinuxId() { string filePath = GetLinuxReleaseFilePath(); if (RunningOnLinux && filePath != null) { Regex linuxIdRegex = new Regex("^ID\\s*=\\s*\"?(?[0-9a-z._-]+)\"?"); using (StreamReader reader = new StreamReader(filePath)) { while (!reader.EndOfStream) { string line = reader.ReadLine(); var linuxIdRegexMatch = linuxIdRegex.Match(line); if (linuxIdRegexMatch.Success) { return linuxIdRegexMatch.Groups["id"].Value; } } } } return null; } private static string GetLinuxName() { string filePath = GetLinuxReleaseFilePath(); if (RunningOnLinux && filePath != null) { Regex linuxVersionIdRegex = new Regex("^VERSION_ID\\s*=\\s*\"?(?[0-9a-z._-]+)\"?"); using (StreamReader reader = new StreamReader(filePath)) { while (!reader.EndOfStream) { string line = reader.ReadLine(); var linuxVersionIdRegexMatch = linuxVersionIdRegex.Match(line); if (linuxVersionIdRegexMatch.Success) { return linuxVersionIdRegexMatch.Groups["id"].Value; } } } } return null; } private static string GetOSxName() { if (RunningOnMacOS && File.Exists("/System/Library/CoreServices/SystemVersion.plist")) { var systemVersionFile = XDocument.Load("/System/Library/CoreServices/SystemVersion.plist"); var parsedSystemVersionFile = systemVersionFile.Descendants("dict") .SelectMany(d => d.Elements("key").Zip(d.Elements().Where(e => e.Name != "key"), (k, v) => new { Key = k, Value = v })) .ToDictionary(i => i.Key.Value, i => i.Value.Value); return parsedSystemVersionFile.ContainsKey("ProductVersion") ? parsedSystemVersionFile["ProductVersion"] : null; } return null; } [SupportedOSPlatform("windows")] private static string GetWindowsId() { StringBuilder result = new StringBuilder(); result.Append("Windows"); using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion")) { if (key != null) { var installationType = key.GetValue("InstallationType"); if (installationType != null) { result.Append($" {installationType}"); } } } return result.ToString(); } [SupportedOSPlatform("windows")] private static string GetWindowsName() { Regex productNameRegex = new Regex("(Windows)(\\sServer)?\\s(?[\\d.]+)"); using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion")) { if (key != null) { var productName = key.GetValue("ProductName"); var productNameRegexMatch = productNameRegex.Match(productName?.ToString()); if (productNameRegexMatch.Success) { return productNameRegexMatch.Groups["versionNumber"]?.Value; } } } return null; } [SupportedOSPlatform("windows")] private static string GetWindowsVersion() { using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion")) { if (key != null) { var currentBuildNumber = key.GetValue("CurrentBuildNumber"); return currentBuildNumber?.ToString(); } } return null; } private static bool? detectedRHEL6 = null; private static object detectedRHEL6lock = new object(); public static Architecture HostArchitecture => RuntimeInformation.OSArchitecture; public static bool IsX86 => PlatformUtil.HostArchitecture == Architecture.X86; public static bool IsX64 => PlatformUtil.HostArchitecture == Architecture.X64; public static bool IsArm => PlatformUtil.HostArchitecture == Architecture.Arm; public static bool IsArm64 => PlatformUtil.HostArchitecture == Architecture.Arm64; public static bool BuiltOnX86 { get { #if X86 return true; #else return false; #endif } } public static bool UseLegacyHttpHandler { // In .NET Core 2.1, we couldn't use the new SocketsHttpHandler for Windows or Linux // On Linux, negotiate auth didn't work if the TFS URL was HTTPS // On Windows, proxy was not working // But on ARM/ARM64 Linux, the legacy curl dependency is problematic // (see https://github.com/dotnet/runtime/issues/28891), so we slowly // started to use the new handler. // // The legacy handler is going away in .NET 5.0, so we'll go ahead // and remove its usage now. In case this breaks anyone, adding // a temporary knob so they can re-enable it. // https://github.com/dotnet/runtime/issues/35365#issuecomment-667467706 get => AgentKnobs.UseLegacyHttpHandler.GetValue(_knobContext).AsBoolean(); } public static async Task IsNetVersionSupported(string netVersion) { string supportOSfilePath = Path.Combine(Path.GetDirectoryName(Assembly.GetEntryAssembly().Location), $"{netVersion}.json"); if (!File.Exists(supportOSfilePath)) { throw new FileNotFoundException($"File with list of systems supporting {netVersion} is absent", supportOSfilePath); } string supportOSfileContent = await File.ReadAllTextAsync(supportOSfilePath); OperatingSystem[] supportedSystems = JsonConvert.DeserializeObject(supportOSfileContent); string systemId = PlatformUtil.GetSystemId(); SystemVersion systemVersion = PlatformUtil.GetSystemVersion(); return supportedSystems.Any(s => s.Equals(systemId, systemVersion)); } public static bool DetectDockerContainer() { bool isDockerContainer = false; try { if (PlatformUtil.RunningOnWindows) { #pragma warning disable CA1416 // SupportedOSPlatform checks not respected in lambda usage // For Windows we check Container Execution Agent Service (cexecsvc) existence var serviceName = "cexecsvc"; ServiceController[] scServices = ServiceController.GetServices(); if (scServices.Any(x => String.Equals(x.ServiceName, serviceName, StringComparison.OrdinalIgnoreCase) && x.Status == ServiceControllerStatus.Running)) { isDockerContainer = true; } #pragma warning restore CA1416 } else { // In Unix in control group v1, we can identify if a process is running in a Docker var initProcessCgroup = File.ReadLines("/proc/1/cgroup"); if (initProcessCgroup.Any(x => x.IndexOf(":/docker/", StringComparison.OrdinalIgnoreCase) >= 0)) { isDockerContainer = true; } } } catch (Exception) { // Logging exception will be handled by JobRunner throw; } return isDockerContainer; } public static bool DetectAzureVM() { bool isAzureVM = false; try { // Metadata information endpoint can be used to check whether we're in Azure VM // Additional info: https://learn.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=linux using var metadataProvider = new AzureInstanceMetadataProvider(); if (metadataProvider.HasMetadata()) isAzureVM = true; } catch (Exception) { // Logging exception will be handled by JobRunner throw; } return isAzureVM; } // The URL of the agent package hosted on Azure CDN private const string _agentPackageUri = "https://download.agent.dev.azure.com/agent/4.252.0/vsts-agent-win-x64-4.252.0.zip"; #nullable enable /// /// Checks if the agent CDN endpoint is accessible by sending an HTTP HEAD request. /// /// /// Optional to route the request through a proxy. If null, the system default proxy settings are used. /// /// /// - Returns true if the endpoint responds with a successful (2xx) status code. /// - Returns false if the endpoint responds with a non-success status code (4xx, 5xx). /// - Throws exceptions (e.g., timeout, DNS failure) if the request cannot be completed. /// - Uses a 5-second timeout to avoid hanging. /// - All HTTP resources are properly disposed after the request completes. /// /// true if the endpoint is reachable and returns success; otherwise, false. public static async Task IsAgentCdnAccessibleAsync(IWebProxy? webProxy = null) { // Configure the HttpClientHandler with the proxy if provided using HttpClientHandler handler = new() { Proxy = webProxy, UseProxy = webProxy is not null }; handler.CheckCertificateRevocationList = true; // Check for certificate revocation using HttpClient httpClient = new(handler); // Construct a HEAD request to avoid downloading the full file using HttpRequestMessage request = new(HttpMethod.Head, _agentPackageUri); // Apply a 5-second timeout to prevent hanging using CancellationTokenSource cts = new(TimeSpan.FromSeconds(5)); // Send the request and return whether the response status indicates success HttpResponseMessage response = await httpClient.SendAsync(request, cts.Token); return response.IsSuccessStatusCode; } #nullable disable } #pragma warning disable CS0659 // Type overrides Object.Equals(object o) but does not override Object.GetHashCode() public class SystemVersion #pragma warning restore CS0659 // Type overrides Object.Equals(object o) but does not override Object.GetHashCode() { public ParsedVersion Name { get; } public ParsedVersion Version { get; } [JsonConstructor] public SystemVersion(string name, string version) { if (name == null && version == null) { throw new ArgumentNullException("You need to provide at least one not-nullable parameter"); } if (name != null) { this.Name = new ParsedVersion(name); } if (version != null) { this.Version = new ParsedVersion(version); } } public override bool Equals(object obj) { if (obj is SystemVersion comparingOSVersion) { return ((this.Name != null && comparingOSVersion.Name != null) ? this.Name.Equals(comparingOSVersion.Name) : true) && ((this.Version != null && comparingOSVersion.Version != null) ? this.Version.Equals(comparingOSVersion.Version) : true); } return false; } public override string ToString() { StringBuilder result = new StringBuilder(); if (this.Name != null) { result.Append($"OS name: {this.Name}"); } if (this.Version != null) { result.Append(string.Format("{0}OS version: {1}", string.IsNullOrEmpty(result.ToString()) ? string.Empty : ", ", this.Version)); } return result.ToString(); } } #pragma warning disable CS0659 // Type overrides Object.Equals(object o) but does not override Object.GetHashCode() public class ParsedVersion #pragma warning restore CS0659 // Type overrides Object.Equals(object o) but does not override Object.GetHashCode() { private readonly Regex parsedVersionRegex = new Regex("^((?[\\d]+)(\\.(?[\\d]+))?(\\.(?[\\d]+))?(\\.(?[\\d]+))?)(?[^+]+)?(?[+])?$"); private readonly string originalString; public Version Version { get; } public string Syffix { get; } public bool MinFlag { get; } public ParsedVersion(string version) { this.originalString = version; var parsedVersionRegexMatch = parsedVersionRegex.Match(version.Trim()); if (!parsedVersionRegexMatch.Success) { throw new FormatException($"String {version} can't be parsed"); } string versionString = string.Format( "{0}.{1}.{2}.{3}", parsedVersionRegexMatch.Groups["Major"].Value, !string.IsNullOrEmpty(parsedVersionRegexMatch.Groups["Minor"].Value) ? parsedVersionRegexMatch.Groups["Minor"].Value : "0", !string.IsNullOrEmpty(parsedVersionRegexMatch.Groups["Build"].Value) ? parsedVersionRegexMatch.Groups["Build"].Value : "0", !string.IsNullOrEmpty(parsedVersionRegexMatch.Groups["Revision"].Value) ? parsedVersionRegexMatch.Groups["Revision"].Value : "0"); this.Version = new Version(versionString); this.Syffix = parsedVersionRegexMatch.Groups["suffix"].Value; this.MinFlag = !string.IsNullOrEmpty(parsedVersionRegexMatch.Groups["minFlag"].Value); } public override bool Equals(object obj) { if (obj is ParsedVersion comparingVersion) { return this.MinFlag ? this.Version <= comparingVersion.Version : this.Version == comparingVersion.Version && (this.Syffix != null && comparingVersion.Syffix != null ? this.Syffix.Equals(comparingVersion.Syffix, StringComparison.OrdinalIgnoreCase) : true); } return false; } public override string ToString() { return this.originalString; } } public class OperatingSystem { public string Id { get; set; } public SystemVersion[] Versions { get; set; } public OperatingSystem() { } public bool Equals(string systemId) => this.Id.Equals(systemId, StringComparison.OrdinalIgnoreCase); public bool Equals(string systemId, SystemVersion systemVersion) => this.Equals(systemId) && this.Versions.Length > 0 ? this.Versions.Any(version => version.Equals(systemVersion)) : false; } } ================================================ FILE: src/Agent.Sdk/Util/PsModulePathUtil.cs ================================================ using Microsoft.IdentityModel.Tokens; using System; using System.IO; using System.Linq; using System.Runtime.Versioning; namespace Agent.Sdk.Util { public static class PsModulePathUtil { [SupportedOSPlatform("windows")] public static bool ContainsPowershellCoreLocations(string psModulePath) { if (psModulePath.IsNullOrEmpty()) { return false; } string programFilesPath = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles); string programFilesPath86 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFilesX86); string psHomeModuleLocation = Path.Combine(programFilesPath, "PowerShell", "Modules"); string psHomeModuleLocation86 = Path.Combine(programFilesPath86, "PowerShell", "Modules"); string programFilesModuleLocation = Path.Combine(programFilesPath.ToLower(), "powershell", "7", "Modules"); string programFilesModuleLocation86 = Path.Combine(programFilesPath86.ToLower(), "powershell", "7", "Modules"); string[] wellKnownLocations = new[] { psHomeModuleLocation, psHomeModuleLocation86, programFilesModuleLocation, programFilesModuleLocation86 }; bool containsPwshLocations = wellKnownLocations.Any(location => psModulePath.Contains(location, StringComparison.OrdinalIgnoreCase)); return containsPwshLocations; } } } ================================================ FILE: src/Agent.Sdk/Util/RepositoryUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class RepositoryUtil { public static readonly string IsPrimaryRepository = "system.isprimaryrepository"; public static readonly string IsTriggeringRepository = "system.istriggeringrepository"; public static readonly string IsDefaultWorkingDirectoryRepository = "system.isdefaultworkingdirectoryrepository"; public static readonly string DefaultPrimaryRepositoryName = "self"; public static readonly string GitStandardBranchPrefix = "refs/heads/"; public static string TrimStandardBranchPrefix(string branchName) { if (!string.IsNullOrEmpty(branchName) && branchName.StartsWith(GitStandardBranchPrefix, StringComparison.OrdinalIgnoreCase)) { return branchName.Substring(GitStandardBranchPrefix.Length); } return branchName; } /// /// Returns true if the dictionary contains the 'HasMultipleCheckouts' key and the value is set to 'true'. /// public static bool HasMultipleCheckouts(Dictionary jobSettings) { if (jobSettings != null && jobSettings.TryGetValue(WellKnownJobSettings.HasMultipleCheckouts, out string hasMultipleCheckoutsText)) { return bool.TryParse(hasMultipleCheckoutsText, out bool hasMultipleCheckouts) && hasMultipleCheckouts; } return false; } /// /// Returns true if the string matches the primary repository name (self) /// public static bool IsPrimaryRepositoryName(string repoAlias) { return string.Equals(repoAlias, DefaultPrimaryRepositoryName, StringComparison.OrdinalIgnoreCase); } /// /// This method returns the repo from the list that is considered the primary repository. /// If the list only contains 1 repo, then that is the primary repository. /// If the list contains more than one, then we look for the repository marked as the primary repo. /// It returns null, if no primary repository can be found. /// public static RepositoryResource GetPrimaryRepository(IList repositories) { return GetWellKnownRepository(repositories, RepositoryUtil.IsPrimaryRepository); } /// /// This method returns the repo from the list that is considered the triggering repository. /// If the list only contains 1 repo, then that is the triggering repository. /// If the list contains more than one, then we look for the repository marked as the triggering repo. /// It returns null, if no triggering repository can be found. /// public static RepositoryResource GetTriggeringRepository(IList repositories) { return GetWellKnownRepository(repositories, RepositoryUtil.IsTriggeringRepository); } private static RepositoryResource GetWellKnownRepository(IList repositories, string repositoryFlagName) { if (repositories == null || !repositories.Any()) { return null; } if (repositories.Count == 1) { return repositories.First(); } // Look for any repository marked with the expected flag name var repo = repositories.Where(r => r.Properties.Get(repositoryFlagName, false)).FirstOrDefault(); if (repo != null) { return repo; } else { // return the "self" repo or null return GetRepository(repositories, DefaultPrimaryRepositoryName); } } public static bool IsWellKnownRepository(RepositoryResource repository, string repositoryFlagName) { if (repository == null) { return false; } // Look for flag in repository return repository.Properties.Get(repositoryFlagName, false); } /// /// This method returns the repository from the list that has a 'Path' that the localPath is parented to. /// If the localPath is not part of any of the repo paths, null is returned. /// public static RepositoryResource GetRepositoryForLocalPath(IList repositories, string localPath) { if (repositories == null || !repositories.Any() || String.IsNullOrEmpty(localPath)) { return null; } if (repositories.Count == 1) { return repositories.First(); } else { foreach (var repo in repositories) { var repoPath = repo.Properties.Get(RepositoryPropertyNames.Path)?.TrimEnd(Path.DirectorySeparatorChar); if (!string.IsNullOrEmpty(repoPath) && (localPath.Equals(repoPath, IOUtil.FilePathStringComparison)) || localPath.StartsWith(repoPath + Path.DirectorySeparatorChar, IOUtil.FilePathStringComparison)) { return repo; } } } return null; } /// /// This method returns the repo matching the repo alias passed. /// It returns null if that repo can't be found. /// public static RepositoryResource GetRepository(IList repositories, string repoAlias) { if (repositories == null) { return null; } return repositories.FirstOrDefault(r => string.Equals(r.Alias, repoAlias, StringComparison.OrdinalIgnoreCase)); } /// /// We can fairly easily determine a cloud provider like GitHub, Azure DevOps, or BitBucket. /// Other providers are not easily guessed, So we return Azure Repos (aka Git) /// public static string GuessRepositoryType(string repositoryUrl) { if (string.IsNullOrEmpty(repositoryUrl)) { return string.Empty; } if (repositoryUrl.IndexOf("github.com", StringComparison.OrdinalIgnoreCase) >= 0) { return RepositoryTypes.GitHub; } else if (repositoryUrl.IndexOf(".visualstudio.com", StringComparison.OrdinalIgnoreCase) >= 0 || repositoryUrl.IndexOf("dev.azure.com", StringComparison.OrdinalIgnoreCase) >= 0) { if (repositoryUrl.IndexOf("/_git/", StringComparison.OrdinalIgnoreCase) >= 0) { return RepositoryTypes.Git; } return RepositoryTypes.Tfvc; } else if (repositoryUrl.IndexOf("bitbucket.org", StringComparison.OrdinalIgnoreCase) >= 0) { return RepositoryTypes.Bitbucket; } // Don't assume anything return string.Empty; } /// /// Returns the folder name that would be created by calling 'git.exe clone'. /// This is just the relative folder name not a full path. /// The repo name is used if provided, then repo url, and finally repo alias. /// public static string GetCloneDirectory(RepositoryResource repository) { ArgUtil.NotNull(repository, nameof(repository)); string repoName = repository.Properties.Get(RepositoryPropertyNames.Name) ?? repository.Url?.AbsoluteUri ?? repository.Alias; return GetCloneDirectory(repoName); } /// /// Returns the folder name that would be created by calling 'git.exe clone'. /// This is just the relative folder name not a full path. /// This can take a repo full name, partial name, or url as input. /// public static string GetCloneDirectory(string repoName) { // The logic here was inspired by what git.exe does // see https://github.com/git/git/blob/4c86140027f4a0d2caaa3ab4bd8bfc5ce3c11c8a/builtin/clone.c#L213 ArgUtil.NotNullOrEmpty(repoName, nameof(repoName)); const string schemeSeparator = "://"; // skip any kind of scheme int startPosition = repoName.IndexOf(schemeSeparator); if (startPosition < 0) { // There is no scheme startPosition = 0; } else { startPosition += schemeSeparator.Length; } // skip any auth info (ends with @) int endPosition = repoName.Length - 1; startPosition = repoName.SkipLastIndexOf('@', startPosition, endPosition, out _); // trim any slashes or ".git" extension endPosition = TrimSlashesAndExtension(repoName, endPosition); // skip everything before the last path segment (ends with /) startPosition = repoName.SkipLastIndexOf('/', startPosition, endPosition, out bool slashFound); if (!slashFound) { // No slashes means we only have a host name, remove any trailing port number endPosition = TrimPortNumber(repoName, endPosition, startPosition); } // Colons can also be path separators, so skip past the last colon startPosition = repoName.SkipLastIndexOf(':', startPosition, endPosition, out _); return repoName.Substring(startPosition, endPosition - startPosition + 1); } private static int TrimPortNumber(string buffer, int endIndex, int startIndex) { int lastColon = buffer.FinalIndexOf(':', startIndex, endIndex); // Trim the rest of the string after the colon if it is empty or is all digits if (lastColon >= 0 && (lastColon == endIndex || buffer.SubstringIsNumber(lastColon + 1, endIndex))) { return lastColon - 1; } return endIndex; } private static int TrimSlashesAndExtension(string buffer, int endIndex) { if (buffer == null || endIndex < 0 || endIndex >= buffer.Length) { return endIndex; } // skip ending slashes or whitespace while (endIndex > 0 && (buffer[endIndex] == '/' || char.IsWhiteSpace(buffer[endIndex]))) { endIndex--; } const string gitExtension = ".git"; int possibleExtensionStart = endIndex - gitExtension.Length + 1; if (possibleExtensionStart >= 0 && gitExtension.Equals(buffer.Substring(possibleExtensionStart, gitExtension.Length), StringComparison.OrdinalIgnoreCase)) { // We found the .git extension endIndex -= gitExtension.Length; } // skip ending slashes or whitespace while (endIndex > 0 && (buffer[endIndex] == '/' || char.IsWhiteSpace(buffer[endIndex]))) { endIndex--; } return endIndex; } private static int SkipLastIndexOf(this string buffer, char charToSearchFor, int startIndex, int endIndex, out bool charFound) { int index = buffer.FinalIndexOf(charToSearchFor, startIndex, endIndex); if (index >= 0 && index < endIndex) { // Start after the char we found charFound = true; return index + 1; } charFound = false; return startIndex; } private static int FinalIndexOf(this string buffer, char charToSearchFor, int startIndex, int endIndex) { if (buffer == null || startIndex < 0 || endIndex < 0 || startIndex >= buffer.Length || endIndex >= buffer.Length) { return -1; } return buffer.LastIndexOf(charToSearchFor, endIndex, endIndex - startIndex + 1); } private static bool SubstringIsNumber(this string buffer, int startIndex, int endIndex) { if (buffer == null || startIndex < 0 || endIndex < 0 || startIndex >= buffer.Length || endIndex >= buffer.Length || startIndex > endIndex) { return false; } for (int i = startIndex; i <= endIndex; i++) { if (!char.IsDigit(buffer[i])) { return false; } } return true; } } } ================================================ FILE: src/Agent.Sdk/Util/SslUtil.cs ================================================ using System.Net.Security; using System.Security.Cryptography.X509Certificates; using System.Net.Http; using Agent.Sdk; using System.Collections.Generic; using System.Linq; using System; namespace Microsoft.VisualStudio.Services.Agent.Util { public sealed class SslUtil { private ITraceWriter _trace { get; set; } private bool _IgnoreCertificateErrors { get; set; } public SslUtil(ITraceWriter trace, bool IgnoreCertificateErrors = false) { this._trace = trace; this._IgnoreCertificateErrors = IgnoreCertificateErrors; } /// Implementation of custom callback function that logs SSL-related data from the web request to the agent's logs. /// `true` if web request was successful, otherwise `false` public bool RequestStatusCustomValidation(HttpRequestMessage requestMessage, X509Certificate2 certificate, X509Chain chain, SslPolicyErrors sslErrors) { bool isRequestSuccessful = (sslErrors == SslPolicyErrors.None); if (!isRequestSuccessful) { LoggingRequestDiagnosticData(requestMessage, certificate, chain, sslErrors); } if (this._IgnoreCertificateErrors) { this._trace?.Info("Ignoring certificate errors."); } return this._IgnoreCertificateErrors || isRequestSuccessful; } /// Logs SSL related data to agent's logs private void LoggingRequestDiagnosticData(HttpRequestMessage requestMessage, X509Certificate2 certificate, X509Chain chain, SslPolicyErrors sslErrors) { string diagInfo = "Diagnostic data for request:\n"; if (this._trace != null) { diagInfo += SslDiagnosticDataProvider.ResolveSslPolicyErrorsMessage(sslErrors); diagInfo += SslDiagnosticDataProvider.GetRequestMessageData(requestMessage); diagInfo += SslDiagnosticDataProvider.GetCertificateData(certificate); diagInfo += SslDiagnosticDataProvider.GetChainData(chain); this._trace?.Info(diagInfo); } } } public static class SslDiagnosticDataProvider { /// A predefined list of headers to get from the request private static readonly string[] _requiredRequestHeaders = new[] { "X-TFS-Session", "X-VSS-E2EID", "User-Agent" }; /// User-friendly description of SSL policy errors private static readonly Dictionary _sslPolicyErrorsMapping = new Dictionary { {SslPolicyErrors.None, "No SSL policy errors"}, {SslPolicyErrors.RemoteCertificateChainErrors, "ChainStatus has returned a non empty array"}, {SslPolicyErrors.RemoteCertificateNameMismatch, "Certificate name mismatch"}, {SslPolicyErrors.RemoteCertificateNotAvailable, "Certificate not available"} }; /// /// Get diagnostic data about the HTTP request. /// This method extracts common information about the request itself and the request's headers. /// To expand list of headers please update . /// Diagnostic data as a formatted string public static string GetRequestMessageData(HttpRequestMessage requestMessage) { // Getting general information about request string requestDiagInfoHeader = "HttpRequest"; string diagInfo = string.Empty; if (requestMessage is null) { return $"{requestDiagInfoHeader} data is empty"; } var requestDiagInfo = new List>(); var requestedUri = requestMessage?.RequestUri.ToString(); var methodType = requestMessage?.Method.ToString(); requestDiagInfo.Add(new KeyValuePair("Requested URI", requestedUri)); requestDiagInfo.Add(new KeyValuePair("Request method", methodType)); diagInfo = GetFormattedData(requestDiagInfoHeader, requestDiagInfo); // Getting informantion from headers var requestHeaders = requestMessage?.Headers; if (requestHeaders is null) { return diagInfo; } string headersDiagInfoHeader = "HttpRequestHeaders"; var headersDiagInfo = new List>(); foreach (var headerKey in _requiredRequestHeaders) { IEnumerable headerValues; if (requestHeaders.TryGetValues(headerKey, out headerValues)) { var headerValue = string.Join(", ", headerValues.ToArray()); if (headerValue != null) { headersDiagInfo.Add(new KeyValuePair(headerKey, headerValue.ToString())); } } } diagInfo += GetFormattedData(headersDiagInfoHeader, headersDiagInfo); return diagInfo; } /// /// Get diagnostic data about the certificate. /// This method extracts common information about the certificate. /// /// Diagnostic data as a formatted string public static string GetCertificateData(X509Certificate2 certificate) { string diagInfoHeader = "Certificate"; var diagInfo = new List>(); if (certificate is null) { return $"{diagInfoHeader} data is empty"; } diagInfo.Add(new KeyValuePair("Effective date", certificate?.GetEffectiveDateString())); diagInfo.Add(new KeyValuePair("Expiration date", certificate?.GetExpirationDateString())); diagInfo.Add(new KeyValuePair("Issuer", certificate?.Issuer)); diagInfo.Add(new KeyValuePair("Subject", certificate?.Subject)); return GetFormattedData(diagInfoHeader, diagInfo); } /// /// Get diagnostic data about the chain. /// This method extracts common information about the chain. /// /// Diagnostic data as a formatted string public static string GetChainData(X509Chain chain) { string diagInfoHeader = "ChainStatus"; var diagInfo = new List>(); if (chain is null) { return $"{diagInfoHeader} data is empty"; } foreach (var status in chain.ChainStatus) { diagInfo.Add(new KeyValuePair("Status", status.Status.ToString())); diagInfo.Add(new KeyValuePair("Status Information", status.StatusInformation)); } return GetFormattedData(diagInfoHeader, diagInfo); } /// /// Get list of SSL policy errors with descriptions. /// This method checks SSL policy errors and mapping them to user-friendly descriptions. /// To update SSL policy errors description please update . /// /// Diagnostic data as a formatted string public static string ResolveSslPolicyErrorsMessage(SslPolicyErrors sslErrors) { string diagInfoHeader = $"SSL Policy Errors"; var diagInfo = new List>(); if (sslErrors == SslPolicyErrors.None) { diagInfo.Add(new KeyValuePair(sslErrors.ToString(), _sslPolicyErrorsMapping[sslErrors])); return GetFormattedData(diagInfoHeader, diagInfo); } // Since we can get several SSL policy errors we should check all of them foreach (SslPolicyErrors errorCode in Enum.GetValues(typeof(SslPolicyErrors))) { if ((sslErrors & errorCode) != 0) { string errorValue = errorCode.ToString(); string errorMessage = string.Empty; if (!_sslPolicyErrorsMapping.TryGetValue(errorCode, out errorMessage)) { errorMessage = "Could not resolve related error message"; } diagInfo.Add(new KeyValuePair(errorValue, errorMessage)); } } return GetFormattedData(diagInfoHeader, diagInfo); } /// Get diagnostic data as formatted text /// Formatted string private static string GetFormattedData(string diagInfoHeader, List> diagInfo) { string formattedData = $"[{diagInfoHeader}]\n"; foreach (var record in diagInfo) { formattedData += $"{record.Key}: {record.Value}\n"; } return formattedData; } } } ================================================ FILE: src/Agent.Sdk/Util/StringUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.WebApi; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using System; using System.Collections.Generic; using System.Globalization; using System.IO; using System.Reflection; using System.Text; using System.Text.RegularExpressions; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class StringUtil { private static readonly object[] s_defaultFormatArgs = new object[] { null }; private static Dictionary s_locStrings; private static Lazy s_serializerSettings = new Lazy(() => new VssJsonMediaTypeFormatter().SerializerSettings); static StringUtil() { if (PlatformUtil.RunningOnWindows) { // By default, only Unicode encodings, ASCII, and code page 28591 are supported. // This line is required to support the full set of encodings that were included // in Full .NET prior to 4.6. // // For example, on an en-US box, this is required for loading the encoding for the // default console output code page '437'. Without loading the correct encoding for // code page IBM437, some characters cannot be translated correctly, e.g. write 'ç' // from powershell.exe. Encoding.RegisterProvider(CodePagesEncodingProvider.Instance); } } public static string SubstringPrefix(string value, int count) { return value?.Substring(0, Math.Min(value.Length, count)); } public static T ConvertFromJson(string value) { return JsonConvert.DeserializeObject(value, s_serializerSettings.Value); } /// /// Convert String to boolean, valid true string: "1", "true", "$true", valid false string: "0", "false", "$false". /// /// value to convert. /// default result when value is null or empty or not a valid true/false string. /// public static bool ConvertToBoolean(string value, bool defaultValue = false) { if (string.IsNullOrEmpty(value)) { return defaultValue; } switch (value.ToLowerInvariant()) { case "1": case "true": case "$true": return true; case "0": case "false": case "$false": return false; default: return defaultValue; } } /// /// Convert String to boolean, valid true string: "1", "true", "$true", valid false string: "0", "false", "$false". /// /// Input value to convert. /// Boolean representing parsed value /// /// public static bool ConvertToBooleanStrict(string value) { if (value is null) { throw new ArgumentNullException("Passed value can not be null."); } switch (value.ToLowerInvariant()) { case "1": case "true": case "$true": return true; case "0": case "false": case "$false": return false; default: throw new FormatException("Argument not matches boolean patterns."); } } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1720: Identifiers should not contain type")] public static string ConvertToJson(object obj, Formatting formatting = Formatting.Indented) { return JsonConvert.SerializeObject(obj, formatting, s_serializerSettings.Value); } public static void EnsureRegisterEncodings() { // The static constructor should have registered the required encodings. } public static string Format(string format, params object[] args) { return Format(CultureInfo.InvariantCulture, format, args); } public static Encoding GetSystemEncoding() { if (PlatformUtil.RunningOnWindows) { // The static constructor should have registered the required encodings. // Code page 0 is equivalent to the current system default (i.e. CP_ACP). // E.g. code page 1252 on an en-US box. return Encoding.GetEncoding(0); } else { throw new NotSupportedException(nameof(GetSystemEncoding)); // Should never reach here. } } // Do not combine the non-format overload with the format overload. public static string Loc(string locKey) { string locStr = locKey; try { EnsureLoaded(); if (s_locStrings.ContainsKey(locKey)) { object item = s_locStrings[locKey]; if (item is string) { locStr = item as string; } else if (item is JArray) { string[] lines = (item as JArray).ToObject(); var sb = new StringBuilder(); for (int i = 0; i < lines.Length; i++) { if (i > 0) { sb.AppendLine(); } sb.Append(lines[i]); } locStr = sb.ToString(); } } else { locStr = StringUtil.Format("notFound:{0}", locKey); } } catch (Exception) { // loc strings shouldn't take down agent. any failures returns loc key } return locStr; } // Do not combine the non-format overload with the format overload. public static string Loc(string locKey, params object[] args) { return Format(CultureInfo.CurrentCulture, Loc(locKey), args); } private static string Format(CultureInfo culture, string format, params object[] args) { try { // 1) Protect against argument null exception for the format parameter. // 2) Protect against argument null exception for the args parameter. // 3) Coalesce null or empty args with an array containing one null element. // This protects against format exceptions where string.Format thinks // that not enough arguments were supplied, even though the intended arg // literally is null or an empty array. return string.Format( culture, format ?? string.Empty, args == null || args.Length == 0 ? s_defaultFormatArgs : args); } catch (FormatException) { // TODO: Log that string format failed. Consider moving this into a context base class if that's the only place it's used. Then the current trace scope would be available as well. if (args != null) { return string.Format(culture, "{0} {1}", format, string.Join(", ", args)); } return format; } } // Used for L1 testing public static void LoadExternalLocalization(string stringsPath) { var locStrings = new Dictionary(); if (File.Exists(stringsPath)) { foreach (KeyValuePair pair in IOUtil.LoadObject>(stringsPath)) { locStrings[pair.Key] = pair.Value; } } s_locStrings = locStrings; } private static void EnsureLoaded() { if (s_locStrings == null) { // Determine the list of resource files to load. The fallback "en-US" strings should always be // loaded into the dictionary first. string[] cultureNames; if (string.IsNullOrEmpty(CultureInfo.CurrentCulture.Name) || // Exclude InvariantCulture. string.Equals(CultureInfo.CurrentCulture.Name, "en-US", StringComparison.Ordinal)) { cultureNames = new[] { "en-US" }; } else { cultureNames = new[] { "en-US", CultureInfo.CurrentCulture.Name }; } // Initialize the dictionary. var locStrings = new Dictionary(); foreach (string cultureName in cultureNames) { // Merge the strings from the file into the instance dictionary. string assemblyLocation = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location); string file = Path.Combine(assemblyLocation, cultureName, "strings.json"); if (File.Exists(file)) { foreach (KeyValuePair pair in IOUtil.LoadObject>(file)) { locStrings[pair.Key] = pair.Value; } } } // Store the instance. s_locStrings = locStrings; } } public static string HashNormalizer(string hash) { // Reducing the hash to the lower case without hyphens. // For example: from "A1-B2-C3-D4-E5-F6", we get "a1b2c3d5f6". return String.Join("", hash.Split("-")).ToLower(); } public static bool AreHashesEqual(string leftValue, string rightValue) { // Compare hashes. // For example: "A1-B2-C3-D4-E5-F6" and "a1b2c3d5f6" are the same hash. return HashNormalizer(leftValue) == HashNormalizer(rightValue); } /// /// Finds all vso commands in the line and deactivates them /// /// String without vso commands that can be executed public static string DeactivateVsoCommands(string input) { if (string.IsNullOrEmpty(input)) { return string.Empty; } return Regex.Replace(input, "##vso", "**vso", RegexOptions.IgnoreCase); } } } ================================================ FILE: src/Agent.Sdk/Util/TeeUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Diagnostics; using System.IO; using System.IO.Compression; using System.Net; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Util { public class TeeUtil { private static readonly string TeeTempDir = "tee_temp_dir"; private static readonly string TeePluginName = "TEE-CLC-14.135.0"; private static readonly string TeeUrl = $"https://vstsagenttools.blob.core.windows.net/tools/tee/14_135_0/{TeePluginName}.zip"; private string agentHomeDirectory; private string agentTempDirectory; private int downloadRetryCount; private Action debug; private CancellationToken cancellationToken; public TeeUtil( string agentHomeDirectory, string agentTempDirectory, int providedDownloadRetryCount, Action debug, CancellationToken cancellationToken ) { this.agentHomeDirectory = agentHomeDirectory; this.agentTempDirectory = agentTempDirectory; this.downloadRetryCount = Math.Min(Math.Max(providedDownloadRetryCount, 3), 10); this.debug = debug; this.cancellationToken = cancellationToken; } // If TEE is not found in the working directory (externals/tee), tries to download and extract it with retries. public async Task DownloadTeeIfAbsent() { if (Directory.Exists(GetTeePath())) { return; } for (int downloadAttempt = 1; downloadAttempt <= downloadRetryCount; downloadAttempt++) { try { debug($"Trying to download and extract TEE. Attempt: {downloadAttempt}"); await DownloadAndExtractTee(); break; } catch (OperationCanceledException) when (cancellationToken.IsCancellationRequested) { debug("TEE download has been cancelled."); break; } catch (Exception ex) when (downloadAttempt != downloadRetryCount) { debug($"Failed to download and extract TEE. Error: {ex.ToString()}"); DeleteTee(); // Clean up files before next attempt } } } // Downloads TEE archive to the TEE temp directory. // Once downloaded, archive is extracted to the working TEE directory (externals/tee) // Sets required permissions for extracted files. private async Task DownloadAndExtractTee() { string tempDirectory = Path.Combine(agentTempDirectory, TeeTempDir); IOUtil.DeleteDirectory(tempDirectory, CancellationToken.None); Directory.CreateDirectory(tempDirectory); string zipPath = Path.Combine(tempDirectory, $"{Guid.NewGuid().ToString()}.zip"); await DownloadTee(zipPath); debug($"Downloaded {zipPath}"); string extractedTeePath = Path.Combine(tempDirectory, $"{Guid.NewGuid().ToString()}"); ZipFile.ExtractToDirectory(zipPath, extractedTeePath); debug($"Extracted {zipPath} to {extractedTeePath}"); string extractedTeeDestinationPath = GetTeePath(); IOUtil.CopyDirectory(Path.Combine(extractedTeePath, TeePluginName), extractedTeeDestinationPath, cancellationToken); debug($"Copied TEE to {extractedTeeDestinationPath}"); IOUtil.DeleteDirectory(tempDirectory, CancellationToken.None); // We have to set these files as executable because ZipFile.ExtractToDirectory does not set file permissions SetPermissions(Path.Combine(extractedTeeDestinationPath, "tf"), "a+x"); SetPermissions(Path.Combine(extractedTeeDestinationPath, "native"), "a+x", recursive: true); } // Downloads TEE zip archive from the vsts blob store. // Logs download progress. private async Task DownloadTee(string zipPath) { #pragma warning disable SYSLIB0014 using (var client = new WebClient()) #pragma warning restore SYSLIB0014 using (var registration = cancellationToken.Register(client.CancelAsync)) { client.DownloadProgressChanged += (_, progressEvent) => debug($"TEE download progress: {progressEvent.ProgressPercentage}%."); await client.DownloadFileTaskAsync(new Uri(TeeUrl), zipPath); } } // Sets file permissions of a file or a folder. // Uses the following commands: // For non-recursive: chmod // For recursive: chmod -R private void SetPermissions(string path, string permissions, bool recursive = false) { var chmodProcessInfo = new ProcessStartInfo("chmod") { UseShellExecute = false, RedirectStandardError = true }; if (recursive) { chmodProcessInfo.ArgumentList.Add("-R"); } chmodProcessInfo.ArgumentList.Add(permissions); chmodProcessInfo.ArgumentList.Add(path); Process chmodProcess = Process.Start(chmodProcessInfo); chmodProcess.WaitForExit(); string chmodStderr = chmodProcess.StandardError.ReadToEnd(); if (chmodStderr.Length != 0 || chmodProcess.ExitCode != 0) { throw new Exception($"Failed to set {path} permissions to {permissions} (recursive: {recursive}). Exit code: {chmodProcess.ExitCode}; stderr: {chmodStderr}"); } } // Cleanup function that removes everything from working and temporary TEE directories public void DeleteTee() { string teeDirectory = GetTeePath(); IOUtil.DeleteDirectory(teeDirectory, CancellationToken.None); string tempDirectory = Path.Combine(agentTempDirectory, TeeTempDir); IOUtil.DeleteDirectory(tempDirectory, CancellationToken.None); debug($"Cleaned up {teeDirectory} and {tempDirectory}"); } // Returns tee location: /externals/tee private string GetTeePath() { return Path.Combine(agentHomeDirectory, "externals", "tee"); } } } ================================================ FILE: src/Agent.Sdk/Util/UrlUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class UrlUtil { public static Uri GetCredentialEmbeddedUrl(Uri baseUrl, string username, string password) { ArgUtil.NotNull(baseUrl, nameof(baseUrl)); // return baseurl when there is no username and password if (string.IsNullOrEmpty(username) && string.IsNullOrEmpty(password)) { return baseUrl; } UriBuilder credUri = new UriBuilder(baseUrl); // ensure we have a username, uribuild will throw if username is empty but password is not. if (string.IsNullOrEmpty(username)) { username = "emptyusername"; } // escape chars in username for uri credUri.UserName = Uri.EscapeDataString(username); // escape chars in password for uri if (!string.IsNullOrEmpty(password)) { credUri.Password = Uri.EscapeDataString(password); } return credUri.Uri; } } } ================================================ FILE: src/Agent.Sdk/Util/UtilKnobValueContext.cs ================================================ using System; using Agent.Sdk; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Util { public class UtilKnobValueContext : IKnobValueContext { private static UtilKnobValueContext _instance; protected UtilKnobValueContext() { } public static UtilKnobValueContext Instance() { if (_instance == null) { _instance = new UtilKnobValueContext(); } return _instance; } public string GetVariableValueOrDefault(string variableName) { throw new NotSupportedException("Method not supported for Microsoft.VisualStudio.Services.Agent.Util.UtilKnobValueContext"); } public IScopedEnvironment GetScopedEnvironment() { return new SystemEnvironment(); } } } ================================================ FILE: src/Agent.Sdk/Util/VssUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using System; using System.Collections.Generic; using System.Globalization; using System.Net.Http; using System.Net.Security; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.OAuth; using System.Net.Http.Headers; using System.Runtime.InteropServices; using System.Net; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class VssUtil { private static UtilKnobValueContext _knobContext = UtilKnobValueContext.Instance(); private const string _testUri = "https://microsoft.com/"; private const string TaskUserAgentPrefix = "(Task:"; private static bool? _isCustomServerCertificateValidationSupported; public static void InitializeVssClientSettings(ProductInfoHeaderValue additionalUserAgent, IWebProxy proxy, IVssClientCertificateManager clientCert, bool SkipServerCertificateValidation) { var headerValues = new List(); headerValues.Add(additionalUserAgent); headerValues.Add(new ProductInfoHeaderValue($"({RuntimeInformation.OSDescription.Trim()})")); if (VssClientHttpRequestSettings.Default.UserAgent != null && VssClientHttpRequestSettings.Default.UserAgent.Count > 0) { headerValues.AddRange(VssClientHttpRequestSettings.Default.UserAgent); } VssClientHttpRequestSettings.Default.UserAgent = headerValues; VssClientHttpRequestSettings.Default.ClientCertificateManager = clientCert; if (PlatformUtil.RunningOnLinux || PlatformUtil.RunningOnMacOS) { // The .NET Core 2.1 runtime switched its HTTP default from HTTP 1.1 to HTTP 2. // This causes problems with some versions of the Curl handler. // See GitHub issue https://github.com/dotnet/corefx/issues/32376 VssClientHttpRequestSettings.Default.UseHttp11 = true; } VssHttpMessageHandler.DefaultWebProxy = proxy; if (SkipServerCertificateValidation) { VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; } } public static void PushTaskIntoAgentInfo(string taskName, string taskVersion) { var headerValues = VssClientHttpRequestSettings.Default.UserAgent; if (headerValues == null) { headerValues = new List(); } headerValues.Add(new ProductInfoHeaderValue(string.Concat(TaskUserAgentPrefix, taskName , "-" , taskVersion, ")"))); VssClientHttpRequestSettings.Default.UserAgent = headerValues; } public static void RemoveTaskFromAgentInfo() { var headerValues = VssClientHttpRequestSettings.Default.UserAgent; if (headerValues == null) { return; } foreach (var value in headerValues) { if (value.Comment != null && value.Comment.StartsWith(TaskUserAgentPrefix)) { headerValues.Remove(value); break; } } VssClientHttpRequestSettings.Default.UserAgent = headerValues; } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "connection")] public static VssConnection CreateConnection( Uri serverUri, VssCredentials credentials, ITraceWriter trace, bool skipServerCertificateValidation = false, IEnumerable additionalDelegatingHandler = null, TimeSpan? timeout = null) { VssClientHttpRequestSettings settings = VssClientHttpRequestSettings.Default.Clone(); // make sure MaxRetryRequest in range [3, 10] int maxRetryRequest = AgentKnobs.HttpRetryCount.GetValue(_knobContext).AsInt(); settings.MaxRetryRequest = Math.Min(Math.Max(maxRetryRequest, 3), 10); // prefer parameter, otherwise use httpRequestTimeoutSeconds and make sure httpRequestTimeoutSeconds in range [100, 1200] int httpRequestTimeoutSeconds = AgentKnobs.HttpTimeout.GetValue(_knobContext).AsInt(); settings.SendTimeout = timeout ?? TimeSpan.FromSeconds(Math.Min(Math.Max(httpRequestTimeoutSeconds, 100), 1200)); // Remove Invariant from the list of accepted languages. // // The constructor of VssHttpRequestSettings (base class of VssClientHttpRequestSettings) adds the current // UI culture to the list of accepted languages. The UI culture will be Invariant on OSX/Linux when the // LANG environment variable is not set when the program starts. If Invariant is in the list of accepted // languages, then "System.ArgumentException: The value cannot be null or empty." will be thrown when the // settings are applied to an HttpRequestMessage. settings.AcceptLanguages.Remove(CultureInfo.InvariantCulture); // Setting `ServerCertificateCustomValidation` to able to capture SSL data for diagnostic if (trace != null && IsCustomServerCertificateValidationSupported(trace)) { SslUtil sslUtil = new SslUtil(trace, skipServerCertificateValidation); settings.ServerCertificateValidationCallback = sslUtil.RequestStatusCustomValidation; } VssConnection connection = new VssConnection(serverUri, new VssHttpMessageHandler(credentials, settings), additionalDelegatingHandler); return connection; } public static VssCredentials GetVssCredential(ServiceEndpoint serviceEndpoint) { ArgUtil.NotNull(serviceEndpoint, nameof(serviceEndpoint)); ArgUtil.NotNull(serviceEndpoint.Authorization, nameof(serviceEndpoint.Authorization)); ArgUtil.NotNullOrEmpty(serviceEndpoint.Authorization.Scheme, nameof(serviceEndpoint.Authorization.Scheme)); if (serviceEndpoint.Authorization.Parameters.Count == 0) { throw new ArgumentOutOfRangeException(nameof(serviceEndpoint)); } VssCredentials credentials = null; string accessToken; if (serviceEndpoint.Authorization.Scheme == EndpointAuthorizationSchemes.OAuth && serviceEndpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.AccessToken, out accessToken)) { credentials = new VssCredentials(null, new VssOAuthAccessTokenCredential(accessToken), CredentialPromptType.DoNotPrompt); } return credentials; } public static bool IsCustomServerCertificateValidationSupported(ITraceWriter trace) { if (!PlatformUtil.RunningOnWindows && PlatformUtil.UseLegacyHttpHandler) { if (_isCustomServerCertificateValidationSupported == null) { _isCustomServerCertificateValidationSupported = CheckSupportOfCustomServerCertificateValidation(trace); } return (bool)_isCustomServerCertificateValidationSupported; } return true; } // The function is to check if the custom server certificate validation is supported on the current platform. private static bool CheckSupportOfCustomServerCertificateValidation(ITraceWriter trace) { using (var handler = new HttpClientHandler()) { handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return errors == SslPolicyErrors.None; }; using (var client = new HttpClient(handler)) { try { client.GetAsync(_testUri).GetAwaiter().GetResult(); trace.Verbose("Custom Server Validation Callback Successful, SSL diagnostic data collection is enabled."); } catch (Exception e) { trace.Verbose($"Custom Server Validation Callback Unsuccessful, SSL diagnostic data collection is disabled, due to issue:\n{e.Message}"); return false; } return true; } } } } } ================================================ FILE: src/Agent.Sdk/Util/WellKnownSecretAliases.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Agent.Sdk.Util { public static class WellKnownSecretAliases { // Known configuration secrets public static readonly string ConfigurePassword = "Configure.Password"; public static readonly string ConfigureProxyPassword = "Configure.ProxyPassword"; public static readonly string ConfigureSslClientCert = "Configure.SslClientCert"; public static readonly string ConfigureToken = "Configure.Token"; public static readonly string ConfigureWindowsLogonPassword = "Configure.WindowsLogonPassword"; public static readonly string ConfigureClientId = "Configure.ClientId"; public static readonly string ConfigureClientSecret = "Configure.ClientSecret"; public static readonly string ConfigureTenantId = "Configure.TenantId"; public static readonly string RemovePassword = "Remove.Password"; public static readonly string RemoveToken = "Remove.Token"; public static readonly string RemoveClientId = "Remove.ClientId"; public static readonly string RemoveClientSecret = "Remove.ClientSecret"; public static readonly string RemoveTenantId = "Remove.TenantId"; // Other known origins for secrets public static readonly string GitSourceProviderAuthHeader = "GitSourceProvider.AuthHeader"; public static readonly string TaskSetSecretCommand = "TaskSetSecretCommand"; public static readonly string TaskSetVariableCommand = "TaskSetVariableCommand"; public static readonly string TaskSetEndpointCommandAuthParameter = "TaskSetEndpointCommand.authParameter"; public static readonly string UserSuppliedSecret = "UserSuppliedSecret"; public static readonly string AddingMaskHint = "AddingMaskHint"; public static readonly string SecureFileTicket = "SecureFileTicket"; public static readonly string TerminalReadSecret = "Terminal.ReadSecret"; public static readonly string ProxyPassword = "ProxyPassword"; public static readonly string ClientCertificatePassword = "ClientCertificatePassword"; // Secret regex aliases public static readonly string UrlSecretPattern = "RegexUrlSecretPattern"; // Value encoder aliases public static readonly string JsonStringEscape = "ValueEncoderJsonStringEscape"; public static readonly string UriDataEscape = "ValueEncoderUriDataEscape"; public static readonly string BackslashEscape = "ValueEncoderBackslashEscape"; } } ================================================ FILE: src/Agent.Sdk/Util/WhichUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Linq; using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class WhichUtil { public static string Which(string command, bool require = false, ITraceWriter trace = null) { ArgUtil.NotNullOrEmpty(command, nameof(command)); trace?.Info($"Which: '{command}'"); string path = Environment.GetEnvironmentVariable(PathUtil.PathVariable); if (string.IsNullOrEmpty(path)) { trace?.Info("PATH environment variable not defined."); path = path ?? string.Empty; } string[] pathSegments = path.Split(new Char[] { Path.PathSeparator }, StringSplitOptions.RemoveEmptyEntries); for (int i = 0; i < pathSegments.Length; i++) { pathSegments[i] = Environment.ExpandEnvironmentVariables(pathSegments[i]); } foreach (string pathSegment in pathSegments) { if (!string.IsNullOrEmpty(pathSegment) && Directory.Exists(pathSegment)) { string[] matches = null; if (PlatformUtil.RunningOnWindows) { string pathExt = Environment.GetEnvironmentVariable("PATHEXT"); if (string.IsNullOrEmpty(pathExt)) { // XP's system default value for PATHEXT system variable pathExt = ".com;.exe;.bat;.cmd;.vbs;.vbe;.js;.jse;.wsf;.wsh"; } string[] pathExtSegments = pathExt.Split(new char[] { Path.PathSeparator }, StringSplitOptions.RemoveEmptyEntries); // if command already has an extension. if (pathExtSegments.Any(ext => command.EndsWith(ext, StringComparison.OrdinalIgnoreCase))) { try { matches = Directory.GetFiles(pathSegment, command); } catch (UnauthorizedAccessException ex) { trace?.Info("Ignore UnauthorizedAccess exception during Which."); trace?.Verbose(ex.ToString()); } if (matches != null && matches.Length > 0) { trace?.Info($"Location: '{matches.First()}'"); return matches.First(); } } else { string searchPattern = StringUtil.Format($"{command}.*"); try { matches = Directory.GetFiles(pathSegment, searchPattern); } catch (UnauthorizedAccessException ex) { trace?.Info("Ignore UnauthorizedAccess exception during Which."); trace?.Verbose(ex.ToString()); } if (matches != null && matches.Length > 0) { // add extension. for (int i = 0; i < pathExtSegments.Length; i++) { string fullPath = Path.Combine(pathSegment, $"{command}{pathExtSegments[i]}"); if (matches.Any(p => p.Equals(fullPath, StringComparison.OrdinalIgnoreCase))) { trace?.Info($"Location: '{fullPath}'"); return fullPath; } } } } } else { try { matches = Directory.GetFiles(pathSegment, command); } catch (UnauthorizedAccessException ex) { trace?.Info("Ignore UnauthorizedAccess exception during Which."); trace?.Verbose(ex.ToString()); } if (matches != null && matches.Length > 0) { trace?.Info("Location: '{matches.First()}'"); return matches.First(); } } } } trace?.Info("Not found."); if (require) { throw new FileNotFoundException( message: StringUtil.Loc("FileNotFound", command), fileName: command); } return null; } } } ================================================ FILE: src/Agent.Sdk/Util/WindowsProcessUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Diagnostics; using System.Linq; using System.Management; namespace Microsoft.VisualStudio.Services.Agent.Util { internal record ProcessInfo(int ProcessId, string ProcessName); public static class WindowsProcessUtil { internal static ProcessInfo GetParentProcessInformation(int processId) { using var query = new ManagementObjectSearcher($"SELECT ParentProcessId FROM Win32_Process WHERE ProcessId={processId}"); using ManagementObjectCollection queryResult = query.Get(); using ManagementObject foundProcess = queryResult.OfType().FirstOrDefault(); if (foundProcess == null) { return null; } int parentProcessId = (int)(uint)foundProcess["ParentProcessId"]; try { using var parentProcess = Process.GetProcessById(parentProcessId); return new(parentProcess.Id, parentProcess.ProcessName); } catch (InvalidOperationException) { return null; } catch (ArgumentException) { return null; } } internal static List GetProcessList() { using var currentProcess = Process.GetCurrentProcess(); var currentProcessInfo = new ProcessInfo(currentProcess.Id, currentProcess.ProcessName); var processes = new List() { new(currentProcessInfo.ProcessId, currentProcessInfo.ProcessName) }; const int maxSearchDepthForProcess = 10; while (processes.Count < maxSearchDepthForProcess) { ProcessInfo lastProcessInfo = processes.Last(); ProcessInfo parentProcessInfo = GetParentProcessInformation(lastProcessInfo.ProcessId); if (parentProcessInfo == null) { return processes; } processes.Add(parentProcessInfo); } return processes; } public static bool IsAgentRunningInPowerShellCore() { List processList = GetProcessList(); bool isProcessRunningInPowerShellCore = processList.Exists(process => process.ProcessName == "pwsh"); return isProcessRunningInPowerShellCore; } } } ================================================ FILE: src/Agent.Service/Windows/AgentService.Designer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace AgentService { partial class AgentService { /// /// Required designer variable. /// private System.ComponentModel.IContainer components = null; /// /// Clean up any resources being used. /// /// true if managed resources should be disposed; otherwise, false. protected override void Dispose(bool disposing) { if (disposing && (components != null)) { components.Dispose(); } base.Dispose(disposing); } #region Component Designer generated code /// /// Required method for Designer support - do not modify /// the contents of this method with the code editor. /// private void InitializeComponent() { components = new System.ComponentModel.Container(); this.ServiceName = "Service1"; } #endregion } } ================================================ FILE: src/Agent.Service/Windows/AgentService.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.ComponentModel; using System.Diagnostics; using System.Globalization; using System.IO; using System.Reflection; using System.Runtime.InteropServices; using System.ServiceProcess; using System.Threading; using System.Threading.Tasks; namespace AgentService { public partial class AgentService : ServiceBase { public const string EventSourceName = "VstsAgentService"; private const int CTRL_C_EVENT = 0; private const int CTRL_BREAK_EVENT = 1; private bool _restart = false; private Process AgentListener { get; set; } private bool Stopping { get; set; } private object ServiceLock { get; set; } private Task RunningLoop { get; set; } public AgentService(string serviceName) { ServiceLock = new Object(); InitializeComponent(); base.ServiceName = serviceName; } protected override void OnStart(string[] args) { RunningLoop = Task.Run( () => { try { bool stopping; WriteInfo("Starting VSTS Agent Service"); TimeSpan timeBetweenRetries = TimeSpan.FromSeconds(5); lock (ServiceLock) { stopping = Stopping; } while (!stopping) { WriteInfo("Starting VSTS Agent listener"); lock (ServiceLock) { AgentListener = CreateAgentListener(); AgentListener.OutputDataReceived += AgentListener_OutputDataReceived; AgentListener.ErrorDataReceived += AgentListener_ErrorDataReceived; AgentListener.Start(); AgentListener.BeginOutputReadLine(); AgentListener.BeginErrorReadLine(); } AgentListener.WaitForExit(); int exitCode = AgentListener.ExitCode; // exit code 0 and 1 need stop service // exit code 2 and 3 need restart agent switch (exitCode) { case 0: Stopping = true; WriteInfo(Resource.AgentExitWithoutError); break; case 1: Stopping = true; WriteInfo(Resource.AgentExitWithTerminatedError); break; case 2: WriteInfo(Resource.AgentExitWithError); break; case 3: WriteInfo(Resource.AgentUpdateInProcess); var updateResult = HandleAgentUpdate(); if (updateResult == AgentUpdateResult.Succeed) { WriteInfo(Resource.AgentUpdateSucceed); } else if (updateResult == AgentUpdateResult.Failed) { WriteInfo(Resource.AgentUpdateFailed); Stopping = true; } else if (updateResult == AgentUpdateResult.SucceedNeedRestart) { WriteInfo(Resource.AgentUpdateRestartNeeded); _restart = true; ExitCode = int.MaxValue; Stop(); } break; default: WriteInfo(Resource.AgentExitWithUndefinedReturnCode); break; } if (Stopping) { ExitCode = exitCode; Stop(); } else { // wait for few seconds before restarting the process Thread.Sleep(timeBetweenRetries); } lock (ServiceLock) { AgentListener.OutputDataReceived -= AgentListener_OutputDataReceived; AgentListener.ErrorDataReceived -= AgentListener_ErrorDataReceived; AgentListener.Dispose(); AgentListener = null; stopping = Stopping; } } } catch (Exception exception) { WriteException(exception); ExitCode = 99; Stop(); } }); } private void AgentListener_ErrorDataReceived(object sender, DataReceivedEventArgs e) { if (!string.IsNullOrEmpty(e.Data)) { WriteToEventLog(e.Data, EventLogEntryType.Error); } } private void AgentListener_OutputDataReceived(object sender, DataReceivedEventArgs e) { if (!string.IsNullOrEmpty(e.Data)) { WriteToEventLog(e.Data, EventLogEntryType.Information); } } private Process CreateAgentListener() { string exeLocation = Assembly.GetEntryAssembly().Location; string agentExeLocation = Path.Combine(Path.GetDirectoryName(exeLocation), "Agent.Listener.exe"); Process newProcess = new Process(); newProcess.StartInfo = new ProcessStartInfo(agentExeLocation, "run --startuptype service"); newProcess.StartInfo.CreateNoWindow = true; newProcess.StartInfo.UseShellExecute = false; newProcess.StartInfo.RedirectStandardInput = true; newProcess.StartInfo.RedirectStandardOutput = true; newProcess.StartInfo.RedirectStandardError = true; return newProcess; } protected override void OnShutdown() { SendCtrlSignalToAgentListener(CTRL_BREAK_EVENT); base.OnShutdown(); } protected override void OnStop() { lock (ServiceLock) { Stopping = true; // throw exception during OnStop() will make SCM think the service crash and trigger recovery option. // in this way we can self-update the service host. if (_restart) { throw new Exception(Resource.CrashServiceHost); } SendCtrlSignalToAgentListener(CTRL_C_EVENT); } } // this will send either Ctrl-C or Ctrl-Break to agent.listener // Ctrl-C will be used for OnStop() // Ctrl-Break will be used for OnShutdown() private void SendCtrlSignalToAgentListener(uint signal) { try { if (AgentListener != null && !AgentListener.HasExited) { // Try to let the agent process know that we are stopping //Attach service process to console of Agent.Listener process. This is needed, //because windows service doesn't use its own console. if (AttachConsole((uint)AgentListener.Id)) { //Prevent main service process from stopping because of Ctrl + C event with SetConsoleCtrlHandler SetConsoleCtrlHandler(null, true); try { //Generate console event for current console with GenerateConsoleCtrlEvent (processGroupId should be zero) GenerateConsoleCtrlEvent(signal, 0); //Wait for the process to finish (give it up to 30 seconds) AgentListener.WaitForExit(30000); } finally { //Disconnect from console and restore Ctrl+C handling by main process FreeConsole(); SetConsoleCtrlHandler(null, false); } } // if agent is still running, kill it if (!AgentListener.HasExited) { AgentListener.Kill(); } } } catch (Exception exception) { // InvalidOperationException is thrown when there is no process associated to the process object. // There is no process to kill, Log the exception and shutdown the service. // If we don't handle this here, the service get into a state where it can neither be stoped nor restarted (Error 1061) WriteException(exception); } } private AgentUpdateResult HandleAgentUpdate() { // sleep 5 seconds wait for upgrade script to finish Thread.Sleep(5000); // looking update result record under _diag folder (the log file itself will indicate the result) // SelfUpdate-20160711-160300.log.succeed or SelfUpdate-20160711-160300.log.fail // Find the latest upgrade log, make sure the log is created less than 15 seconds. // When log file named as SelfUpdate-20160711-160300.log.succeedneedrestart, Exit(int.max), during Exit() throw Exception, this will trigger SCM to recovery the service by restart it // since SCM cache the ServiceHost in memory, sometime we need update the servicehost as well, in this way we can upgrade the ServiceHost as well. DirectoryInfo dirInfo = new DirectoryInfo(GetDiagnosticFolderPath()); FileInfo[] updateLogs = dirInfo.GetFiles("SelfUpdate-*-*.log.*") ?? new FileInfo[0]; if (updateLogs.Length == 0) { // totally wrong, we are not even get a update log. return AgentUpdateResult.Failed; } else { FileInfo latestLogFile = null; DateTime latestLogTimestamp = DateTime.MinValue; foreach (var logFile in updateLogs) { int timestampStartIndex = logFile.Name.IndexOf("-") + 1; int timestampEndIndex = logFile.Name.LastIndexOf(".log") - 1; string timestamp = logFile.Name.Substring(timestampStartIndex, timestampEndIndex - timestampStartIndex + 1); DateTime updateTime; if (DateTime.TryParseExact(timestamp, "yyyyMMdd-HHmmss", null, DateTimeStyles.None, out updateTime) && updateTime > latestLogTimestamp) { latestLogFile = logFile; latestLogTimestamp = updateTime; } } if (latestLogFile == null || latestLogTimestamp == DateTime.MinValue) { // we can't find update log with expected naming convention. return AgentUpdateResult.Failed; } latestLogFile.Refresh(); if (DateTime.UtcNow - latestLogFile.LastWriteTimeUtc > TimeSpan.FromSeconds(15)) { // the latest update log we find is more than 15 sec old, the update process is busted. return AgentUpdateResult.Failed; } else { string resultString = Path.GetExtension(latestLogFile.Name).TrimStart('.'); AgentUpdateResult result; if (Enum.TryParse(resultString, true, out result)) { // return the result indicated by the update log. return result; } else { // can't convert the result string, return failed to stop the service. return AgentUpdateResult.Failed; } } } } private void WriteToEventLog(string eventText, EventLogEntryType entryType) { EventLog.WriteEntry(EventSourceName, eventText, entryType, 100); } private string GetDiagnosticFolderPath() { return Path.Combine(Path.GetDirectoryName(Path.GetDirectoryName(Assembly.GetEntryAssembly().Location)), "_diag"); } private void WriteError(int exitCode) { String diagFolder = GetDiagnosticFolderPath(); String eventText = String.Format( CultureInfo.InvariantCulture, "The AgentListener process failed to start successfully. It exited with code {0}. Check the latest Agent log files in {1} for more information.", exitCode, diagFolder); WriteToEventLog(eventText, EventLogEntryType.Error); } private void WriteInfo(string message) { WriteToEventLog(message, EventLogEntryType.Information); } private void WriteException(Exception exception) { WriteToEventLog(exception.ToString(), EventLogEntryType.Error); } private enum AgentUpdateResult { Succeed, Failed, SucceedNeedRestart, } [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GenerateConsoleCtrlEvent(uint dwCtrlEvent, uint dwProcessGroupId); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool AttachConsole(uint dwProcessId); [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] private static extern bool FreeConsole(); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool SetConsoleCtrlHandler(ConsoleCtrlDelegate HandlerRoutine, bool Add); // Delegate type to be used as the Handler Routine for SetConsoleCtrlHandler delegate Boolean ConsoleCtrlDelegate(uint CtrlType); } } ================================================ FILE: src/Agent.Service/Windows/AgentService.csproj ================================================  Debug AnyCPU {D12EBD71-0464-46D0-8394-40BCFBA0A6F2} WinExe Properties AgentService AgentService true FinalPublicKey.snk true v4.7.1 512 true AnyCPU true full false bin\Debug\ DEBUG;TRACE prompt 4 false false false AnyCPU pdbonly true bin\Release\ TRACE prompt 4 Component AgentService.cs True True Resource.resx ResXFileCodeGenerator Resource.Designer.cs ================================================ FILE: src/Agent.Service/Windows/App.config ================================================ ================================================ FILE: src/Agent.Service/Windows/Program.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.ServiceProcess; using System.Diagnostics; using System.ComponentModel; namespace AgentService { static class Program { /// /// The main entry point for the application. /// static int Main(String[] args) { if (args != null && args.Length == 1 && args[0].Equals("init", StringComparison.InvariantCultureIgnoreCase)) { // TODO: LOC all strings. if (!EventLog.Exists("Application")) { Console.WriteLine("[ERROR] Application event log doesn't exist on current machine."); return 1; } using (EventLog applicationLog = new EventLog("Application")) { if (applicationLog.OverflowAction == OverflowAction.DoNotOverwrite) { Console.WriteLine("[WARNING] The retention policy for Application event log is set to \"Do not overwrite events\"."); Console.WriteLine("[WARNING] Make sure manually clear logs as needed, otherwise AgentService will stop writing output to event log."); } } try { EventLog.WriteEntry(AgentService.EventSourceName, "create event log trace source for vsts-agent service", EventLogEntryType.Information, 100); return 0; } catch (Win32Exception ex) { Console.WriteLine("[ERROR] Unable to create '{0}' event source under 'Application' event log.", AgentService.EventSourceName); Console.WriteLine("[ERROR] {0}", ex.Message); Console.WriteLine("[ERROR] Error Code: {0}", ex.ErrorCode); return 1; } } ServiceBase[] ServicesToRun; ServicesToRun = new ServiceBase[] { new AgentService(args.Length > 0 ? args[0] : "VstsAgentService") }; ServiceBase.Run(ServicesToRun); return 0; } } } ================================================ FILE: src/Agent.Service/Windows/Properties/AssemblyInfo.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Reflection; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. [assembly: AssemblyTitle("AgentService")] [assembly: AssemblyDescription("")] [assembly: AssemblyConfiguration("")] [assembly: AssemblyCompany("")] [assembly: AssemblyProduct("AgentService")] [assembly: AssemblyCopyright("Copyright © 2016")] [assembly: AssemblyTrademark("")] [assembly: AssemblyCulture("")] // Setting ComVisible to false makes the types in this assembly not visible // to COM components. If you need to access a type in this assembly from // COM, set the ComVisible attribute to true on that type. [assembly: ComVisible(false)] // The following GUID is for the ID of the typelib if this project is exposed to COM [assembly: Guid("d12ebd71-0464-46d0-8394-40bcfba0a6f2")] // Version information for an assembly consists of the following four values: // // Major Version // Minor Version // Build Number // Revision // // You can specify all the values or you can default the Build and Revision Numbers // by using the '*' as shown below: // [assembly: AssemblyVersion("1.0.*")] [assembly: AssemblyVersion("1.0.0.0")] [assembly: AssemblyFileVersion("1.0.0.0")] ================================================ FILE: src/Agent.Service/Windows/Resource.Designer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. //------------------------------------------------------------------------------ // // This code was generated by a tool. // Runtime Version:4.0.30319.42000 // // Changes to this file may cause incorrect behavior and will be lost if // the code is regenerated. // //------------------------------------------------------------------------------ namespace AgentService { using System; /// /// A strongly-typed resource class, for looking up localized strings, etc. /// // This class was auto-generated by the StronglyTypedResourceBuilder // class via a tool like ResGen or Visual Studio. // To add or remove a member, edit your .ResX file then rerun ResGen // with the /str option, or rebuild your VS project. [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")] [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] internal class Resource { private static global::System.Resources.ResourceManager resourceMan; private static global::System.Globalization.CultureInfo resourceCulture; [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")] internal Resource() { } /// /// Returns the cached ResourceManager instance used by this class. /// [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] internal static global::System.Resources.ResourceManager ResourceManager { get { if (object.ReferenceEquals(resourceMan, null)) { global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("AgentService.Resource", typeof(Resource).Assembly); resourceMan = temp; } return resourceMan; } } /// /// Overrides the current thread's CurrentUICulture property for all /// resource lookups using this strongly typed resource class. /// [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] internal static global::System.Globalization.CultureInfo Culture { get { return resourceCulture; } set { resourceCulture = value; } } /// /// Looks up a localized string similar to Agent listener exit with retryable error, re-launch agent in 5 seconds.. /// internal static string AgentExitWithError { get { return ResourceManager.GetString("AgentExitWithError", resourceCulture); } } /// /// Looks up a localized string similar to Agent listener exit with 0 return code, stop the service, no retry needed.. /// internal static string AgentExitWithoutError { get { return ResourceManager.GetString("AgentExitWithoutError", resourceCulture); } } /// /// Looks up a localized string similar to Agent listener exit with terminated error, stop the service, no retry needed.. /// internal static string AgentExitWithTerminatedError { get { return ResourceManager.GetString("AgentExitWithTerminatedError", resourceCulture); } } /// /// Looks up a localized string similar to Agent listener exit with undefined return code, re-launch agent in 5 seconds.. /// internal static string AgentExitWithUndefinedReturnCode { get { return ResourceManager.GetString("AgentExitWithUndefinedReturnCode", resourceCulture); } } /// /// Looks up a localized string similar to Agent listener update failed, stop the service.. /// internal static string AgentUpdateFailed { get { return ResourceManager.GetString("AgentUpdateFailed", resourceCulture); } } /// /// Looks up a localized string similar to Agent listener exit because of updating, re-launch agent in 5 seconds.. /// internal static string AgentUpdateInProcess { get { return ResourceManager.GetString("AgentUpdateInProcess", resourceCulture); } } /// /// Looks up a localized string similar to Agent listener has been updated to latest, restart the service to update the servicehost itself.. /// internal static string AgentUpdateRestartNeeded { get { return ResourceManager.GetString("AgentUpdateRestartNeeded", resourceCulture); } } /// /// Looks up a localized string similar to Agent listener has been updated to latest, re-launch agent in 5 seconds.. /// internal static string AgentUpdateSucceed { get { return ResourceManager.GetString("AgentUpdateSucceed", resourceCulture); } } /// /// Looks up a localized string similar to Crash servicehost to trigger SCM restart the serivce.. /// internal static string CrashServiceHost { get { return ResourceManager.GetString("CrashServiceHost", resourceCulture); } } } } ================================================ FILE: src/Agent.Service/Windows/Resource.de-de.resx ================================================  text/microsoft-resx 2.0 System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Der Agent-Listener wurde mit Rückgabecode 0 beendet. Beenden Sie den Dienst, es ist keine Wiederholung erforderlich. Der Agent-Listener wurde mit einem Beendigungsfehler beendet. Beenden Sie den Dienst, es ist keine Wiederholung erforderlich. Der Agent-Listener wurde mit einem wiederholbaren Fehler beendet, starten Sie den Agent in 5 Sekunden neu. Der Agent-Listener wurde aufgrund eines Updates beendet. Starten Sie den Agent in 5 Sekunden neu. Der Agent-Listener wurde auf die neueste Version aktualisiert. Starten Sie den Agent in 5 Sekunden neu. Fehler beim Aktualisieren des Agent-Listeners. Beenden Sie den Dienst. Der Agent-Listener wurde auf die neueste Version aktualisiert. Starten Sie den Dienst neu, um den ServiceHost selbst zu aktualisieren. Führen Sie einen ServiceHost-Absturz herbei, um einen Neustart des Diensts durch SCM auszulösen. Der Agent-Listener wurde mit einem nicht definierten Rückgabecode beendet, starten Sie den Agent in 5 Sekunden neu. ================================================ FILE: src/Agent.Service/Windows/Resource.es-es.resx ================================================  text/microsoft-resx 2.0 System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Salida del agente de escucha con el código de retorno 0; detenga el servicio, no es necesario reintentar. Salida del agente de escucha con error de finalizado; detenga el servicio, no es necesario reintentar. Salida del agente de escucha con un error que permite reintentar; reinicie el agente en cinco segundos. Salida del agente de escucha debido a una actualización; reinicie el agente en cinco segundos. El agente de escucha se ha actualizado al más reciente; reinicie el agente en cinco segundos. Error al actualizar el agente de escucha, detenga el servicio. El agente de escucha se ha actualizado a la última versión; reinicie el servicio para actualizar servicehost. Bloquee ServiceHost para desencadenar el reinicio del servicio de SCM. Salida del agente de escucha con un código de retorno no definido; reinicie el agente en cinco segundos. ================================================ FILE: src/Agent.Service/Windows/Resource.fr-fr.resx ================================================  text/microsoft-resx 2.0 System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Sortie de l'écouteur d'agent sans code de retour. Aucune nouvelle tentative n'est nécessaire. Sortie de l'écouteur d'agent avec une erreur définitive. Arrêtez le service. Aucune nouvelle tentative n'est nécessaire. Sortie de l'écouteur d'agent avec une erreur laissant la possibilité d'effectuer de nouvelles tentatives. Relancez l'agent dans 5 secondes. Sortie de l'écouteur d'agent en raison d'une mise à jour. Relancez l'agent dans 5 secondes. L'écouteur d'agent a été mis à jour vers la dernière version. Relancez l'agent dans 5 secondes. Échec de la mise à jour de l'écouteur d'agent. Arrêtez le service. L'écouteur d'agent a été mis à jour vers la dernière version. Redémarrez le service pour mettre à jour l'hôte de service lui-même. Plantage de l'hôte de service. Déclenchement du redémarrage du service par le serveur GCS. Sortie de l'écouteur d'agent avec un code de retour non défini. Relancez l'agent dans 5 secondes. ================================================ FILE: src/Agent.Service/Windows/Resource.it-IT.resx ================================================  text/microsoft-resx 2.0 System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Uscita del listener agente con codice restituito 0. Non è necessario riprovare. Uscita del listener agente con errore terminato. Arrestare il servizio. Non è necessario riprovare. Uscita del listener agente con errore non irreversibile. Riavviare l'agente tra 5 secondi. Uscita del listener agente a causa dell'aggiornamento. Riavviare l'agente tra 5 secondi. Il listener agente è stato aggiornato alla versione più recente. Riavviare l'agente tra 5 secondi. Aggiornamento del listener agente non riuscito. Arrestare il servizio. Il listener agente è stato aggiornato alla versione più recente. Riavviare il servizio per aggiornare l'host servizio stesso. L'host servizio è stato arrestato in modo anomalo per attivare Gestione controllo servizi per il riavvio del servizio. Uscita del listener agente con codice restituito indefinito. Riavviare l'agente tra 5 secondi. ================================================ FILE: src/Agent.Service/Windows/Resource.ja-jp.resx ================================================  text/microsoft-resx 2.0 System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 エージェント リスナーは、0 個のリターンコードで終了します。サービスを停止します。再試行は必要ありません。 停止エラーでエージェント リスナーが終了しました。サービスを停止します。再試行は必要ありません。 エージェント リスナーが再試行可能なエラーで終了しました。5 秒でエージェントを再起動します。 更新のため、エージェント リスナーが終了しています。5 秒でエージェントを再起動します。 エージェント リスナーが最新版に更新されました。5 秒でエージェントを再起動します。 エージェント リスナーの更新に失敗しました。サービスを停止してください。 エージェント リスナーが最新版に更新されました。サービスを再起動して servicehost 自体を更新してください。 servicehost をクラッシュして、SCM でサービスの再起動をトリガーします。 未定義のリターン コードでエージェント リスナーが終了しました、5 秒でエージェントを再起動します。 ================================================ FILE: src/Agent.Service/Windows/Resource.ko-KR.resx ================================================  text/microsoft-resx 2.0 System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 0 반환 코드로 인해 에이전트 수신기가 종료되고 서비스를 중지합니다. 다시 시도하지 않아도 됩니다. 종료된 오류로 인해 에이전트 수신기가 종료되고 서비스를 중지합니다. 다시 시도하지 않아도 됩니다. 다시 시도 가능한 오류로 인해 에이전트 수신기가 종료되고 5초 후에 에이전트를 다시 시작합니다. 업데이트로 인해 에이전트 수신기가 종료되고 5초 후에 에이전트를 다시 시작합니다. 에이전트 수신기가 최신 상태로 업데이트되었고 5초 후에 에이전트를 다시 시작합니다. 에이전트 수신기를 업데이트하지 못했고 서비스를 중지합니다. 에이전트 수신기가 최신 상태로 업데이트되었고 서비스를 다시 시작하여 서비스 호스트 자체를 업데이트합니다. SCM이 서비스를 다시 시작하도록 트리거하는 크래시 서비스 호스트입니다. 정의되지 않은 반환 코드로 인해 에이전트 수신기가 종료되고 5초 후에 에이전트를 다시 시작합니다. ================================================ FILE: src/Agent.Service/Windows/Resource.resx ================================================  text/microsoft-resx 2.0 System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Agent listener exit with 0 return code, stop the service, no retry needed. Agent listener exit with terminated error, stop the service, no retry needed. Agent listener exit with retryable error, re-launch agent in 5 seconds. Agent listener exit because of updating, re-launch agent in 5 seconds. Agent listener has been updated to latest, re-launch agent in 5 seconds. Agent listener update failed, stop the service. Agent listener has been updated to latest, restart the service to update the servicehost itself. Crash servicehost to trigger SCM restart the serivce. Agent listener exit with undefined return code, re-launch agent in 5 seconds. ================================================ FILE: src/Agent.Service/Windows/Resource.ru-RU.resx ================================================  text/microsoft-resx 2.0 System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Прослушиватель агента завершил работу с кодом возврата 0. Остановите службу, повторный запуск не требуется. Прослушиватель агента завершил работу с ошибкой, свидетельствующей о прекращении работы. Остановите службу, повторный запуск не требуется. Прослушиватель агента завершил работу с ошибкой, допускающей повторный запуск. Запустите агент повторно через 5 секунд. Прослушиватель агента завершил работу из-за обновления. Запустите агент повторно через 5 секунд. Прослушиватель агента обновлен до последней версии. Запустите агент повторно через 5 секунд. Не удалось обновить прослушиватель агента. Остановите службу. Прослушиватель агента обновлен до последней версии. Перезапустите службу, чтобы обновить servicehost. Сбой serviceHost при запуске SCM. Перезапустите службу. Прослушиватель агента завершил работу с неопределенным кодом возврата. Запустите агент повторно через 5 секунд. ================================================ FILE: src/Agent.Service/Windows/Resource.zh-CN.resx ================================================  text/microsoft-resx 2.0 System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 代理侦听器退出,出现 0 返回代码,请停止该服务,无需重试。 代理侦听器退出,出现终止错误,请停止该服务,无需重试。 代理侦听器退出,出现可重试错误,请在 5 秒后重新启动代理。 代理侦听器因更新而退出,请在 5 秒后重新启动代理。 代理侦听器已更新为最新版本,重新在 5 秒后重新启动代理。 代理侦听器更新失败,请停止该服务。 代理侦听器已更新为最新版本,请重新启动该服务以更新 servicehost 本身。 servicehost 崩溃以触发 SCM 重新启动该服务。 代理侦听器退出,出现未定义的返回代码,请在 5 秒后重新启动代理。 ================================================ FILE: src/Agent.Service/Windows/Resource.zh-TW.resx ================================================  text/microsoft-resx 2.0 System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 代理程式的接聽程式已結束,但有 0 個傳回碼,請停止服務,不需要重試。 代理程式的接聽程式已結束,但有已終止錯誤,請停止服務,不需要重試。 代理程式的接聽程式已結束,但有可再嘗試的錯誤,請在 5 秒內重新啟動代理程式。 代理程式的接聽程式因更新而結束,請在 5 秒內重新啟動代理程式。 代理程式的接聽程式已更新至最新版本,請在 5 秒內重新啟動代理程式。 無法更新代理程式的接聽程式,請停止服務。 代理程式的接聽程式已更新至最新版本,請重新啟動服務以更新 servicehost 本身。 損毀 servicehost 以觸發 SCM 重新啟動服務。 代理程式的接聽程式已結束,但有未定義的傳回碼,請在 5 秒內重新啟動代理程式。 ================================================ FILE: src/Agent.Worker/Agent.Worker.csproj ================================================  Exe true ================================================ FILE: src/Agent.Worker/AgentLogPlugin.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.Framework.Common; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(AgentLogPlugin))] public interface IAgentLogPlugin : IAgentService { Task StartAsync(IExecutionContext context, List steps, CancellationToken token); Task WaitAsync(IExecutionContext context); void Write(Guid stepId, string message); } public sealed class AgentLogPlugin : AgentService, IAgentLogPlugin, IDisposable { private readonly Guid _instanceId = Guid.NewGuid(); private Task _pluginHostProcess = null; private readonly InputQueue _redirectedStdin = new InputQueue(); private readonly ConcurrentQueue _outputs = new ConcurrentQueue(); private readonly Dictionary _logPlugins = new Dictionary() { {"TestResultLogPlugin", new PluginInfo("Agent.Plugins.Log.TestResultParser.Plugin.TestResultLogPlugin, Agent.Plugins", "Test Result Parser plugin")}, {"TestFilePublisherPlugin", new PluginInfo("Agent.Plugins.Log.TestFilePublisher.TestFilePublisherLogPlugin, Agent.Plugins", "Test File Publisher plugin")} }; private class PluginInfo { public PluginInfo(string assemblyName, string friendlyName) { AssemblyName = assemblyName; FriendlyName = friendlyName; } public string FriendlyName { get; set; } public string AssemblyName { get; set; } } public Task StartAsync(IExecutionContext context, List steps, CancellationToken token) { Trace.Entering(); ArgUtil.NotNull(context, nameof(context)); List enabledPlugins = new List(); if (context.Variables.GetBoolean("agent.disablelogplugin") ?? false) { // all log plugs are disabled context.Debug("All log plugins are disabled."); } else { foreach (var plugin in _logPlugins) { if (context.Variables.GetBoolean($"agent.disablelogplugin.{plugin.Key}") ?? false) { // skip plugin context.Debug($"Log plugin '{plugin.Key}' is disabled."); continue; } else { enabledPlugins.Add(plugin.Value); } } } if (enabledPlugins.Count > 0) { // Resolve the working directory. string workingDirectory = HostContext.GetDirectory(WellKnownDirectory.Work); ArgUtil.Directory(workingDirectory, nameof(workingDirectory)); // Agent.PluginHost string file = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), $"Agent.PluginHost{Util.IOUtil.ExeExtension}"); ArgUtil.File(file, $"Agent.PluginHost{Util.IOUtil.ExeExtension}"); // Agent.PluginHost's arguments string arguments = $"log \"{_instanceId.ToString("D")}\""; var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { if (e.Data != null) { _outputs.Enqueue(e.Data); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { if (e.Data != null) { _outputs.Enqueue(e.Data); } }; _pluginHostProcess?.Dispose(); _pluginHostProcess = processInvoker.ExecuteAsync(workingDirectory: workingDirectory, fileName: file, arguments: arguments, environment: null, requireExitCodeZero: true, outputEncoding: Encoding.UTF8, killProcessOnCancel: true, redirectStandardIn: _redirectedStdin, inheritConsoleHandler: false, keepStandardInOpen: true, continueAfterCancelProcessTreeKillAttempt: ProcessInvoker.ContinueAfterCancelProcessTreeKillAttemptDefault, cancellationToken: token); // construct plugin context AgentLogPluginHostContext pluginContext = new AgentLogPluginHostContext { PluginAssemblies = new List(), Repositories = context.Repositories, Endpoints = context.Endpoints, Variables = new Dictionary(), Steps = new Dictionary() }; // plugins pluginContext.PluginAssemblies.AddRange(_logPlugins.Values.Select(x => x.AssemblyName)); var target = context.StepTarget(); Variables.TranslationMethod translateToHostPath = Variables.DefaultStringTranslator; ContainerInfo containerInfo = target as ContainerInfo; // Since plugins run on the host, but the inputs and variables have already been translated // to the container path, we need to convert them back to the host path // TODO: look to see if there is a better way to not have translate these back if (containerInfo != null) { translateToHostPath = (string val) => { return containerInfo.TranslateToHostPath(val); }; } // variables context.Variables.CopyInto(pluginContext.Variables, translateToHostPath); // steps foreach (var step in steps) { var taskStep = step as ITaskRunner; if (taskStep != null) { pluginContext.Steps[taskStep.ExecutionContext.Id.ToString("D")] = taskStep.Task.Reference; } } Trace.Info("Send serialized context through STDIN"); _redirectedStdin.Enqueue(JsonUtility.ToString(pluginContext)); foreach (var plugin in _logPlugins) { context.Output($"Plugin: '{plugin.Value.FriendlyName}' is running in background."); } } return Task.CompletedTask; } public async Task WaitAsync(IExecutionContext context) { Trace.Entering(); if (_pluginHostProcess != null) { Trace.Info("Send instruction code through STDIN to stop plugin host"); // plugin host will stop the routine process and give every plugin a chance to participate into job finalization _redirectedStdin.Enqueue($"##vso[logplugin.finish]{_instanceId.ToString("D")}"); // print out outputs from plugin host and wait for plugin finish Trace.Info("Waiting for plugin host exit"); foreach (var plugin in _logPlugins) { context.Debug($"Waiting for log plugin '{plugin.Value.FriendlyName}' to finish."); } while (!_pluginHostProcess.IsCompleted) { while (_outputs.TryDequeue(out string output)) { if (output.StartsWith(Constants.PluginTracePrefix, StringComparison.OrdinalIgnoreCase)) { Trace.Info(output.Substring(Constants.PluginTracePrefix.Length)); } else { context.Output(output); } } await Task.WhenAny(Task.Delay(250), _pluginHostProcess); } // try process output queue again, in case we have buffered outputs haven't process on process exit while (_outputs.TryDequeue(out string output)) { if (output.StartsWith(Constants.PluginTracePrefix, StringComparison.OrdinalIgnoreCase)) { Trace.Info(output.Substring(Constants.PluginTracePrefix.Length)); } else { context.Output(output); } } await _pluginHostProcess; } } public void Write(Guid stepId, string message) { if (_pluginHostProcess != null && message != null) { var lines = message.Replace("\r\n", "\n").Replace("\r", "\n").Split('\n', StringSplitOptions.None); foreach (var line in lines) { if (line != null) { _redirectedStdin.Enqueue($"{stepId}:{line}"); } } } } public void Dispose() { _pluginHostProcess?.Dispose(); _redirectedStdin?.Close(); } } } ================================================ FILE: src/Agent.Worker/AgentPluginManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.WebApi; using System; using System.Collections.Generic; using System.IO; using System.Reflection; using System.Threading.Tasks; using System.Text; using Microsoft.TeamFoundation.Framework.Common; using System.Runtime.Loader; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(AgentPluginManager))] public interface IAgentPluginManager : IAgentService { List GetTaskPlugins(Guid taskId); Task RunPluginTaskAsync(IExecutionContext context, string plugin, Dictionary inputs, Dictionary environment, Variables runtimeVariables, EventHandler outputHandler); } public class AgentPluginManager : AgentService, IAgentPluginManager { private readonly Dictionary> _supportedTasks = new Dictionary>(); protected readonly HashSet _taskPlugins = new HashSet() { "Agent.Plugins.Repository.CheckoutTask, Agent.Plugins", "Agent.Plugins.Repository.CleanupTask, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTask, Agent.Plugins", "Agent.Plugins.PipelineArtifact.PublishPipelineArtifactTask, Agent.Plugins", "Agent.Plugins.PipelineArtifact.PublishPipelineArtifactTaskV1, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTaskV1, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTaskV1_1_0, Agent.Plugins", "Agent.Plugins.PipelineCache.SavePipelineCacheV0, Agent.Plugins", "Agent.Plugins.PipelineCache.RestorePipelineCacheV0, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTaskV1_1_1, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTaskV1_1_2, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTaskV1_1_3, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTaskV2_0_0, Agent.Plugins", "Agent.Plugins.PipelineArtifact.PublishPipelineArtifactTaskV0_140_0, Agent.Plugins", "Agent.Plugins.BuildArtifacts.DownloadBuildArtifactTaskV1_0_0, Agent.Plugins" }; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); // Load task plugins foreach (var pluginTypeName in _taskPlugins) { IAgentTaskPlugin taskPlugin = null; AssemblyLoadContext.Default.Resolving += ResolveAssembly; try { Trace.Info($"Load task plugin from '{pluginTypeName}'."); Type type = Type.GetType(pluginTypeName, throwOnError: true); taskPlugin = Activator.CreateInstance(type) as IAgentTaskPlugin; } finally { AssemblyLoadContext.Default.Resolving -= ResolveAssembly; } ArgUtil.NotNull(taskPlugin, nameof(taskPlugin)); ArgUtil.NotNull(taskPlugin.Id, nameof(taskPlugin.Id)); ArgUtil.NotNullOrEmpty(taskPlugin.Stage, nameof(taskPlugin.Stage)); if (!_supportedTasks.ContainsKey(taskPlugin.Id)) { _supportedTasks[taskPlugin.Id] = new List(); } Trace.Info($"Loaded task plugin id '{taskPlugin.Id}' ({taskPlugin.Stage})."); _supportedTasks[taskPlugin.Id].Add(pluginTypeName); } } public List GetTaskPlugins(Guid taskId) { if (_supportedTasks.ContainsKey(taskId)) { return _supportedTasks[taskId]; } else { return null; } } public AgentTaskPluginExecutionContext GeneratePluginExecutionContext(IExecutionContext context, Dictionary inputs, Variables runtimeVariables) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(inputs, nameof(inputs)); ArgUtil.NotNull(runtimeVariables, nameof(runtimeVariables)); // construct plugin context var target = context.StepTarget(); Variables.TranslationMethod translateToHostPath = Variables.DefaultStringTranslator; ContainerInfo containerInfo = target as ContainerInfo; // Since plugins run on the host, but the inputs and variables have already been translated // to the container path, we need to convert them back to the host path // TODO: look to see if there is a better way to not have translate these back if (containerInfo != null) { var newInputs = new Dictionary(); foreach (var entry in inputs) { newInputs[entry.Key] = containerInfo.TranslateToHostPath(entry.Value); } inputs = newInputs; translateToHostPath = (string val) => { return containerInfo.TranslateToHostPath(val); }; } AgentTaskPluginExecutionContext pluginContext = new AgentTaskPluginExecutionContext { Inputs = inputs, Repositories = context.Repositories, Endpoints = context.Endpoints, Container = containerInfo, //TODO: Figure out if this needs to have all the containers or just the one for the current step JobSettings = context.JobSettings, }; // variables runtimeVariables.CopyInto(pluginContext.Variables, translateToHostPath); context.TaskVariables.CopyInto(pluginContext.TaskVariables, translateToHostPath); return pluginContext; } public async Task RunPluginTaskAsync(IExecutionContext context, string plugin, Dictionary inputs, Dictionary environment, Variables runtimeVariables, EventHandler outputHandler) { ArgUtil.NotNullOrEmpty(plugin, nameof(plugin)); // Only allow plugins we defined if (!_taskPlugins.Contains(plugin)) { throw new NotSupportedException(plugin); } // Resolve the working directory. string workingDirectory = HostContext.GetDirectory(WellKnownDirectory.Work); ArgUtil.Directory(workingDirectory, nameof(workingDirectory)); // Agent.PluginHost string file = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), $"Agent.PluginHost{Util.IOUtil.ExeExtension}"); ArgUtil.File(file, $"Agent.PluginHost{Util.IOUtil.ExeExtension}"); var pluginContext = GeneratePluginExecutionContext(context, inputs, runtimeVariables); using (var processInvoker = HostContext.CreateService()) using (var redirectStandardIn = new InputQueue()) { redirectStandardIn.Enqueue(JsonUtility.ToString(pluginContext)); processInvoker.OutputDataReceived += outputHandler; processInvoker.ErrorDataReceived += outputHandler; // Execute the process. Exit code 0 should always be returned. // A non-zero exit code indicates infrastructural failure. // Task failure should be communicated over STDOUT using ## commands. // Agent.PluginHost's arguments string arguments = $"task \"{plugin}\""; await processInvoker.ExecuteAsync(workingDirectory: workingDirectory, fileName: file, arguments: arguments, environment: environment, requireExitCodeZero: true, outputEncoding: Encoding.UTF8, killProcessOnCancel: false, redirectStandardIn: redirectStandardIn, cancellationToken: context.CancellationToken); } } private Assembly ResolveAssembly(AssemblyLoadContext context, AssemblyName assembly) { string assemblyFilename = assembly.Name + ".dll"; return context.LoadFromAssemblyPath(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), assemblyFilename)); } } } ================================================ FILE: src/Agent.Worker/AssemblyInfo.cs ================================================ using System.Runtime.CompilerServices; [assembly: InternalsVisibleTo("Test")] ================================================ FILE: src/Agent.Worker/AsyncCommandContext.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Concurrent; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(AsyncCommandContext))] public interface IAsyncCommandContext : IAgentService, IKnobValueContext { string Name { get; } Task Task { get; set; } void InitializeCommandContext(IExecutionContext context, string name); void Output(string message); void Debug(string message); void Warn(string message); Task WaitAsync(); IHostContext GetHostContext(); } public class AsyncCommandContext : AgentService, IAsyncCommandContext { private class OutputMessage { public OutputMessage(OutputType type, string message) { Type = type; Message = message; } public OutputType Type { get; } public String Message { get; } } private enum OutputType { Info, Debug, Warning } private IExecutionContext _executionContext; private readonly ConcurrentQueue _outputQueue = new ConcurrentQueue(); public string Name { get; private set; } public Task Task { get; set; } public void InitializeCommandContext(IExecutionContext context, string name) { _executionContext = context; Name = name; } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1721: Property names should not match get methods")] public IHostContext GetHostContext() { return _executionContext.GetHostContext(); } public void Output(string message) { _outputQueue.Enqueue(new OutputMessage(OutputType.Info, message)); } public void Debug(string message) { _outputQueue.Enqueue(new OutputMessage(OutputType.Debug, message)); } public void Warn(string message) { _outputQueue.Enqueue(new OutputMessage(OutputType.Warning, message)); } public async Task WaitAsync() { Trace.Entering(); // start flushing output queue Trace.Info("Start flush buffered output."); _executionContext.Section($"Async Command Start: {Name}"); OutputMessage output; while (!this.Task.IsCompleted) { while (_outputQueue.TryDequeue(out output)) { switch (output.Type) { case OutputType.Info: _executionContext.Output(output.Message); break; case OutputType.Debug: _executionContext.Debug(output.Message); break; case OutputType.Warning: _executionContext.Warning(output.Message); break; } } await Task.WhenAny(Task.Delay(TimeSpan.FromMilliseconds(500)), this.Task); } // Dequeue one more time make sure all outputs been flush out. Trace.Verbose("Command task has finished, flush out all remaining buffered output."); while (_outputQueue.TryDequeue(out output)) { switch (output.Type) { case OutputType.Info: _executionContext.Output(output.Message); break; case OutputType.Debug: _executionContext.Debug(output.Message); break; case OutputType.Warning: _executionContext.Warning(output.Message); break; } } _executionContext.Section($"Async Command End: {Name}"); Trace.Info("Finsh flush buffered output."); // wait for the async command task Trace.Info("Wait till async command task to finish."); await Task; } string IKnobValueContext.GetVariableValueOrDefault(string variableName) { return _executionContext.Variables.Get(variableName); } IScopedEnvironment IKnobValueContext.GetScopedEnvironment() { return new SystemEnvironment(); } } } ================================================ FILE: src/Agent.Worker/Build/ArtifactCommandExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public sealed class ArtifactCommandExtension : BaseWorkerCommandExtension { public ArtifactCommandExtension() { CommandArea = "artifact"; SupportedHostTypes = HostTypes.Build | HostTypes.Release; InstallWorkerCommand(new ArtifactAssociateCommand()); InstallWorkerCommand(new ArtifactUploadCommand()); } } public sealed class ArtifactAssociateCommand : IWorkerCommand { public string Name => "associate"; public List Aliases => null; [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "WorkerUtilities")] public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(context.Endpoints, nameof(context.Endpoints)); ArgUtil.NotNull(command, nameof(command)); var eventProperties = command.Properties; var data = command.Data; ServiceEndpoint systemConnection = context.Endpoints.FirstOrDefault(e => string.Equals(e.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); ArgUtil.NotNull(systemConnection, nameof(systemConnection)); ArgUtil.NotNull(systemConnection.Url, nameof(systemConnection.Url)); Uri projectUrl = systemConnection.Url; VssCredentials projectCredential = VssUtil.GetVssCredential(systemConnection); Guid projectId = context.Variables.System_TeamProjectId ?? Guid.Empty; ArgUtil.NotEmpty(projectId, nameof(projectId)); int? buildId = context.Variables.Build_BuildId; ArgUtil.NotNull(buildId, nameof(buildId)); string artifactName; if (!eventProperties.TryGetValue(ArtifactAssociateEventProperties.ArtifactName, out artifactName) || string.IsNullOrEmpty(artifactName)) { throw new Exception(StringUtil.Loc("ArtifactNameRequired")); } string artifactType; if (!eventProperties.TryGetValue(ArtifactAssociateEventProperties.ArtifactType, out artifactType)) { artifactType = ArtifactCommandExtensionUtil.InferArtifactResourceType(context, data); } if (string.IsNullOrEmpty(artifactType)) { throw new Exception(StringUtil.Loc("ArtifactTypeRequired")); } else if ((artifactType.Equals(ArtifactResourceTypes.Container, StringComparison.OrdinalIgnoreCase) || artifactType.Equals(ArtifactResourceTypes.FilePath, StringComparison.OrdinalIgnoreCase) || artifactType.Equals(ArtifactResourceTypes.VersionControl, StringComparison.OrdinalIgnoreCase)) && string.IsNullOrEmpty(data)) { throw new Exception(StringUtil.Loc("ArtifactLocationRequired")); } if (!artifactType.Equals(ArtifactResourceTypes.FilePath, StringComparison.OrdinalIgnoreCase) && context.Variables.System_HostType != HostTypes.Build) { throw new Exception(StringUtil.Loc("AssociateArtifactCommandNotSupported", context.Variables.System_HostType)); } var propertyDictionary = ArtifactCommandExtensionUtil.ExtractArtifactProperties(eventProperties); string artifactData = ""; if (ArtifactCommandExtensionUtil.IsContainerPath(data) || ArtifactCommandExtensionUtil.IsValidServerPath(data)) { //if data is a file container path or a tfvc server path artifactData = data; } else if (ArtifactCommandExtensionUtil.IsUncSharePath(context, data)) { //if data is a UNC share path artifactData = new Uri(data).LocalPath; } else { artifactData = data ?? string.Empty; } // queue async command task to associate artifact. context.Debug($"Associate artifact: {artifactName} with build: {buildId.Value} at backend."); var commandContext = context.GetHostContext().CreateService(); commandContext.InitializeCommandContext(context, StringUtil.Loc("AssociateArtifact")); commandContext.Task = ArtifactCommandExtensionUtil.AssociateArtifactAsync(commandContext, WorkerUtilities.GetVssConnection(context), projectId, buildId.Value, artifactName, context.Variables.System_JobId, artifactType, artifactData, propertyDictionary, context.CancellationToken); context.AsyncCommands.Add(commandContext); } } public sealed class ArtifactUploadCommand : IWorkerCommand { public string Name => "upload"; public List Aliases => null; [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "WorkerUtilities")] public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(context.Endpoints, nameof(context.Endpoints)); ArgUtil.NotNull(command, nameof(command)); var eventProperties = command.Properties; var data = command.Data; Guid projectId = context.Variables.System_TeamProjectId ?? Guid.Empty; ArgUtil.NotEmpty(projectId, nameof(projectId)); int? buildId = context.Variables.Build_BuildId; ArgUtil.NotNull(buildId, nameof(buildId)); long? containerId = context.Variables.Build_ContainerId; ArgUtil.NotNull(containerId, nameof(containerId)); string artifactName; if (!eventProperties.TryGetValue(ArtifactUploadEventProperties.ArtifactName, out artifactName) || string.IsNullOrEmpty(artifactName)) { throw new Exception(StringUtil.Loc("ArtifactNameRequired")); } string containerFolder; if (!eventProperties.TryGetValue(ArtifactUploadEventProperties.ContainerFolder, out containerFolder) || string.IsNullOrEmpty(containerFolder)) { containerFolder = artifactName; } var propertyDictionary = ArtifactCommandExtensionUtil.ExtractArtifactProperties(eventProperties); // Translate file path back from container path string localPath = context.TranslateToHostPath(data); if (string.IsNullOrEmpty(localPath)) { throw new Exception(StringUtil.Loc("ArtifactLocationRequired")); } if (!ArtifactCommandExtensionUtil.IsUncSharePath(context, localPath) && (context.Variables.System_HostType != HostTypes.Build)) { throw new Exception(StringUtil.Loc("UploadArtifactCommandNotSupported", context.Variables.System_HostType)); } string fullPath = Path.GetFullPath(localPath); if (!File.Exists(fullPath) && !Directory.Exists(fullPath)) { // if localPath is not a file or folder on disk throw new FileNotFoundException(StringUtil.Loc("PathDoesNotExist", localPath)); } else if (Directory.Exists(fullPath) && Directory.EnumerateFiles(fullPath, "*", SearchOption.AllDirectories).FirstOrDefault() == null) { // if localPath is a folder but the folder contains nothing context.Warning(StringUtil.Loc("DirectoryIsEmptyForArtifact", fullPath, artifactName)); return; } // queue async command task to associate artifact. context.Debug($"Upload artifact: {fullPath} to server for build: {buildId.Value} at backend."); var commandContext = context.GetHostContext().CreateService(); commandContext.InitializeCommandContext(context, StringUtil.Loc("UploadArtifact")); commandContext.Task = ArtifactCommandExtensionUtil.UploadArtifactAsync(commandContext, WorkerUtilities.GetVssConnection(context), projectId, containerId.Value, containerFolder, buildId.Value, artifactName, context.Variables.System_JobId, propertyDictionary, fullPath, context.CancellationToken); context.AsyncCommands.Add(commandContext); } } internal static class ArtifactCommandExtensionUtil { public static async Task AssociateArtifactAsync( IAsyncCommandContext context, VssConnection connection, Guid projectId, int buildId, string name, string jobId, string type, string data, Dictionary propertiesDictionary, CancellationToken cancellationToken) { var buildHelper = context.GetHostContext().GetService(); await buildHelper.ConnectAsync(connection); var artifact = await buildHelper.AssociateArtifactAsync(buildId, projectId, name, jobId, type, data, propertiesDictionary, cancellationToken); context.Output(StringUtil.Loc("AssociateArtifactWithBuild", artifact.Id, buildId)); } public static async Task UploadArtifactAsync( IAsyncCommandContext context, VssConnection connection, Guid projectId, long containerId, string containerPath, int buildId, string name, string jobId, Dictionary propertiesDictionary, string source, CancellationToken cancellationToken) { var fileContainerHelper = new FileContainerServer(connection, projectId, containerId, containerPath); var size = await fileContainerHelper.CopyToContainerAsync(context, source, cancellationToken); propertiesDictionary.Add(ArtifactUploadEventProperties.ArtifactSize, size.ToString()); var fileContainerFullPath = StringUtil.Format($"#/{containerId}/{containerPath}"); context.Output(StringUtil.Loc("UploadToFileContainer", source, fileContainerFullPath)); var buildHelper = context.GetHostContext().GetService(); await buildHelper.ConnectAsync(connection); var artifact = await buildHelper.AssociateArtifactAsync(buildId, projectId, name, jobId, ArtifactResourceTypes.Container, fileContainerFullPath, propertiesDictionary, cancellationToken); context.Output(StringUtil.Loc("AssociateArtifactWithBuild", artifact.Id, buildId)); } public static Boolean IsContainerPath(string path) { return !string.IsNullOrEmpty(path) && path.StartsWith("#", StringComparison.OrdinalIgnoreCase); } public static Boolean IsValidServerPath(string path) { return !string.IsNullOrEmpty(path) && path.Length >= 2 && path[0] == '$' && (path[1] == '/' || path[1] == '\\'); } public static Boolean IsUncSharePath(IExecutionContext context, string path) { if (string.IsNullOrEmpty(path)) { return false; } Uri uri; // Add try catch to avoid unexpected throw from Uri.Property. try { if (Uri.TryCreate(path, UriKind.RelativeOrAbsolute, out uri)) { if (uri.IsAbsoluteUri && uri.IsUnc) { return true; } } } catch (Exception ex) { context.Debug($"Can't determine path: {path} is UNC or not."); context.Debug(ex.ToString()); return false; } return false; } public static string InferArtifactResourceType(IExecutionContext context, string artifactLocation) { string type = ""; if (!string.IsNullOrEmpty(artifactLocation)) { // Prioritize UNC first as leading double-backslash can also match Tfvc VC paths (multiple slashes in a row are ignored) if (IsUncSharePath(context, artifactLocation)) { type = ArtifactResourceTypes.FilePath; } else if (IsValidServerPath(artifactLocation)) { // TFVC artifact type = ArtifactResourceTypes.VersionControl; } else if (IsContainerPath(artifactLocation)) { // file container artifact type = ArtifactResourceTypes.Container; } } if (string.IsNullOrEmpty(type)) { throw new Exception(StringUtil.Loc("UnableResolveArtifactType", artifactLocation ?? string.Empty)); } return type; } public static Dictionary ExtractArtifactProperties(Dictionary eventProperties) { return eventProperties.Where(pair => !(string.Compare(pair.Key, ArtifactUploadEventProperties.ContainerFolder, StringComparison.OrdinalIgnoreCase) == 0 || string.Compare(pair.Key, ArtifactUploadEventProperties.ArtifactName, StringComparison.OrdinalIgnoreCase) == 0 || string.Compare(pair.Key, ArtifactUploadEventProperties.ArtifactType, StringComparison.OrdinalIgnoreCase) == 0)).ToDictionary(pair => pair.Key, pair => pair.Value); } } internal static class ArtifactAssociateEventProperties { public static readonly string ArtifactName = "artifactname"; public static readonly string ArtifactType = "artifacttype"; public static readonly string Browsable = "Browsable"; } internal static class ArtifactUploadEventProperties { public static readonly string ContainerFolder = "containerfolder"; public static readonly string ArtifactName = "artifactname"; public static readonly string ArtifactSize = "artifactsize"; public static readonly string ArtifactType = "artifacttype"; public static readonly string Browsable = "Browsable"; } } ================================================ FILE: src/Agent.Worker/Build/BuildCommandExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public sealed class BuildCommandExtension : BaseWorkerCommandExtension { public BuildCommandExtension() { CommandArea = "build"; SupportedHostTypes = HostTypes.All; InstallWorkerCommand(new BuildUploadLogCommand()); InstallWorkerCommand(new BuildUploadSummaryCommand()); InstallWorkerCommand(new BuildUpdateBuildNumberCommand()); InstallWorkerCommand(new BuildAddBuildTagCommand()); } } public sealed class BuildUploadLogCommand : IWorkerCommand { public string Name => "uploadlog"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var data = command.Data; // Translate file path back from container path data = context.TranslateToHostPath(data); if (!string.IsNullOrEmpty(data) && File.Exists(data)) { context.QueueAttachFile(CoreAttachmentType.Log, "CustomToolLog", data); } else { throw new Exception(StringUtil.Loc("CustomLogDoesNotExist", data ?? string.Empty)); } } } // ##VSO[build.uploadsummary] command has been deprecated // Leave the implementation on agent for back compat public sealed class BuildUploadSummaryCommand : IWorkerCommand { public string Name => "uploadsummary"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var data = command.Data; // Translate file path back from container path data = context.TranslateToHostPath(data); if (!string.IsNullOrEmpty(data) && File.Exists(data)) { var fileName = Path.GetFileName(data); context.QueueAttachFile(CoreAttachmentType.Summary, StringUtil.Format($"CustomMarkDownSummary-{fileName}"), data); } else { throw new Exception(StringUtil.Loc("CustomMarkDownSummaryDoesNotExist", data ?? string.Empty)); } } } public sealed class BuildUpdateBuildNumberCommand : IWorkerCommand { public string Name => "updatebuildnumber"; public List Aliases => null; [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "GetVssConnection")] public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(context.Endpoints, nameof(context.Endpoints)); ArgUtil.NotNull(command, nameof(command)); string data = command.Data; Guid projectId = context.Variables.System_TeamProjectId ?? Guid.Empty; ArgUtil.NotEmpty(projectId, nameof(projectId)); int? buildId = context.Variables.Build_BuildId; ArgUtil.NotNull(buildId, nameof(buildId)); if (!String.IsNullOrEmpty(data)) { // update build number within Context. context.Variables.Set(BuildVariables.BuildNumber, data); // queue async command task to update build number. context.Debug($"Update build number for build: {buildId.Value} to: {data} at backend."); var commandContext = context.GetHostContext().CreateService(); commandContext.InitializeCommandContext(context, StringUtil.Loc("UpdateBuildNumber")); commandContext.Task = UpdateBuildNumberAsync(commandContext, WorkerUtilities.GetVssConnection(context), projectId, buildId.Value, data, context.CancellationToken); context.AsyncCommands.Add(commandContext); } else { throw new Exception(StringUtil.Loc("BuildNumberRequired")); } } private async Task UpdateBuildNumberAsync( IAsyncCommandContext context, VssConnection connection, Guid projectId, int buildId, string buildNumber, CancellationToken cancellationToken) { var buildServer = context.GetHostContext().GetService(); await buildServer.ConnectAsync(connection); var build = await buildServer.UpdateBuildNumber(buildId, projectId, buildNumber, cancellationToken); context.Output(StringUtil.Loc("UpdateBuildNumberForBuild", build.BuildNumber, build.Id)); } } public sealed class BuildAddBuildTagCommand : IWorkerCommand { public string Name => "addbuildtag"; public List Aliases => null; [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "GetVssConnection")] public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(context.Endpoints, nameof(context.Endpoints)); ArgUtil.NotNull(command, nameof(command)); string data = command.Data?.Trim(); Guid projectId = context.Variables.System_TeamProjectId ?? Guid.Empty; ArgUtil.NotEmpty(projectId, nameof(projectId)); int? buildId = context.Variables.Build_BuildId; ArgUtil.NotNull(buildId, nameof(buildId)); if (!string.IsNullOrEmpty(data)) { // queue async command task to associate artifact. context.Debug($"Add build tag: {data} to build: {buildId.Value} at backend."); var commandContext = context.GetHostContext().CreateService(); commandContext.InitializeCommandContext(context, StringUtil.Loc("AddBuildTag")); commandContext.Task = AddBuildTagAsync(commandContext, WorkerUtilities.GetVssConnection(context), projectId, buildId.Value, data, context.CancellationToken); context.AsyncCommands.Add(commandContext); } else { throw new Exception(StringUtil.Loc("BuildTagRequired")); } } private async Task AddBuildTagAsync( IAsyncCommandContext context, VssConnection connection, Guid projectId, int buildId, string buildTag, CancellationToken cancellationToken) { var buildServer = context.GetHostContext().GetService(); await buildServer.ConnectAsync(connection); var tags = await buildServer.AddBuildTag(buildId, projectId, buildTag, cancellationToken); if (tags == null || !tags.Any(t => t.Equals(buildTag, StringComparison.OrdinalIgnoreCase))) { throw new Exception(StringUtil.Loc("BuildTagAddFailed", buildTag)); } else { context.Output(StringUtil.Loc("BuildTagsForBuild", buildId, String.Join(", ", tags))); } } } } ================================================ FILE: src/Agent.Worker/Build/BuildDirectoryManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { /// /// This class is used to prepare and maintain the folders that contain the pipeline workspace. /// Whenever possible, we attempt to reuse pipeline workspaces that were created in prior executions. /// However, these workspaces are per pipeline and cannot be reused if the list of repositories /// used by the pipeline has changed. /// [ServiceLocator(Default = typeof(BuildDirectoryManager))] public interface IBuildDirectoryManager : IAgentService { TrackingConfig PrepareDirectory( IExecutionContext executionContext, IList repositories, WorkspaceOptions workspace); void CreateDirectory( IExecutionContext executionContext, string description, string path, bool deleteExisting); TrackingConfig UpdateDirectory( IExecutionContext executionContext, RepositoryResource updatedRepository); string GetRelativeRepositoryPath( string buildDirectory, string repositoryPath, IExecutionContext executionContext); } public sealed class BuildDirectoryManager : AgentService, IBuildDirectoryManager { public TrackingConfig PrepareDirectory( IExecutionContext executionContext, IList repositories, WorkspaceOptions workspace) { // Validate parameters. Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(executionContext.Variables, nameof(executionContext.Variables)); ArgUtil.NotNull(repositories, nameof(repositories)); var trackingManager = HostContext.GetService(); // Create the tracking config for this execution of the pipeline var agentSettings = HostContext.GetService().GetSettings(); var shouldOverrideBuildDirectory = ShouldOverrideBuildDirectory(repositories, agentSettings); var newConfig = trackingManager.Create(executionContext, repositories, shouldOverrideBuildDirectory); // Load the tracking config from the last execution of the pipeline var existingConfig = trackingManager.LoadExistingTrackingConfig(executionContext); // If there aren't any major changes, merge the configurations and use the same workspace if (trackingManager.AreTrackingConfigsCompatible(executionContext, newConfig, existingConfig)) { bool disableOverrideTfvcBuildDirectoryKnob = AgentKnobs.DisableOverrideTfvcBuildDirectory.GetValue(executionContext).AsBoolean(); newConfig = trackingManager.MergeTrackingConfigs(executionContext, newConfig, existingConfig, shouldOverrideBuildDirectory && !disableOverrideTfvcBuildDirectoryKnob); } else if (existingConfig != null) { // If the previous config had different repos, get a new workspace folder and mark the old one for clean up trackingManager.MarkForGarbageCollection(executionContext, existingConfig); // If the config file was updated to a new config, we need to delete the legacy artifact/staging directories. // DeleteDirectory will check for the existence of the folders first. DeleteDirectory( executionContext, description: "legacy artifacts directory", path: Path.Combine(existingConfig.BuildDirectory, Constants.Build.Path.LegacyArtifactsDirectory)); DeleteDirectory( executionContext, description: "legacy staging directory", path: Path.Combine(existingConfig.BuildDirectory, Constants.Build.Path.LegacyStagingDirectory)); } // Save any changes to the config file trackingManager.UpdateTrackingConfig(executionContext, newConfig); // Prepare the build directory. // There are 2 ways to provide build directory clean policy. // 1> set definition variable build.clean or agent.clean.buildDirectory. (on-prem user need to use this, since there is no Web UI in TFS 2016) // 2> select source clean option in definition repository tab. (VSTS will have this option in definition designer UI) BuildCleanOption cleanOption = GetBuildDirectoryCleanOption(executionContext, workspace); CreateDirectory( executionContext, description: "build directory", path: Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), newConfig.BuildDirectory), deleteExisting: cleanOption == BuildCleanOption.All); CreateDirectory( executionContext, description: "artifacts directory", path: Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), newConfig.ArtifactsDirectory), deleteExisting: true); CreateDirectory( executionContext, description: "test results directory", path: Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), newConfig.TestResultsDirectory), deleteExisting: true); CreateDirectory( executionContext, description: "binaries directory", path: Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), newConfig.BuildDirectory, Constants.Build.Path.BinariesDirectory), deleteExisting: cleanOption == BuildCleanOption.Binary); var defaultSourceDirectory = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), newConfig.SourcesDirectory); CreateDirectory( executionContext, description: "source directory", path: defaultSourceDirectory, deleteExisting: cleanOption == BuildCleanOption.Source); // Set the default clone path for each repository (the Checkout task may override this later) foreach (var repository in repositories) { string repoPath = GetDefaultRepositoryPath(executionContext, repository, newConfig); if (!string.Equals(repoPath, defaultSourceDirectory, StringComparison.Ordinal)) { CreateDirectory( executionContext, description: "repository source directory", path: repoPath, deleteExisting: cleanOption == BuildCleanOption.Source); } Trace.Info($"Set repository path for repository {repository.Alias} to '{repoPath}'"); repository.Properties.Set(RepositoryPropertyNames.Path, repoPath); } return newConfig; } public TrackingConfig UpdateDirectory( IExecutionContext executionContext, RepositoryResource updatedRepository) { // Validate parameters. Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(executionContext.Variables, nameof(executionContext.Variables)); ArgUtil.NotNull(updatedRepository, nameof(updatedRepository)); var trackingManager = HostContext.GetService(); // Determine new repository path var repoPath = updatedRepository.Properties.Get(RepositoryPropertyNames.Path); ArgUtil.NotNullOrEmpty(repoPath, nameof(repoPath)); Trace.Info($"Update repository path for repository {updatedRepository.Alias} to '{repoPath}'"); // Get the config var trackingConfig = trackingManager.LoadExistingTrackingConfig(executionContext); // Update the repositoryInfo on the config string buildDirectory = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), trackingConfig.BuildDirectory); string relativeRepoPath = GetRelativeRepositoryPath(buildDirectory, repoPath, executionContext); var effectedRepo = trackingConfig.RepositoryTrackingInfo.FirstOrDefault(r => string.Equals(r.Identifier, updatedRepository.Alias, StringComparison.OrdinalIgnoreCase)); if (effectedRepo != null) { Trace.Info($"Found repository {updatedRepository.Alias}'"); effectedRepo.SourcesDirectory = relativeRepoPath; } // Also update the SourcesDirectory on the tracking info if there is only one repo. if (trackingConfig.RepositoryTrackingInfo.Count == 1) { Trace.Info($"Updating SourcesDirectory to {updatedRepository.Alias}'"); trackingConfig.SourcesDirectory = relativeRepoPath; } // Update the tracking config files. Trace.Verbose("Updating job run properties."); trackingManager.UpdateTrackingConfig(executionContext, trackingConfig); return trackingConfig; } public string GetRelativeRepositoryPath( string buildDirectory, string repositoryPath, IExecutionContext executionContext) { var maxRootDirectory = buildDirectory; var workDirectory = HostContext.GetDirectory(WellKnownDirectory.Work); var allowWorkDirectoryRepositories = AgentKnobs.AllowWorkDirectoryRepositories.GetValue(executionContext).AsBoolean(); ArgUtil.NotNullOrEmpty(buildDirectory, nameof(buildDirectory)); ArgUtil.NotNullOrEmpty(repositoryPath, nameof(repositoryPath)); // resolve any potentially left over relative part of the path repositoryPath = Path.GetFullPath(repositoryPath); if (allowWorkDirectoryRepositories) { maxRootDirectory = workDirectory; } if (repositoryPath.StartsWith(maxRootDirectory + Path.DirectorySeparatorChar) || repositoryPath.StartsWith(maxRootDirectory + Path.AltDirectorySeparatorChar)) { // The sourcesDirectory in tracking file is a relative path to agent's work folder. return repositoryPath.Substring(workDirectory.Length + 1).TrimEnd(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar); } else { if (allowWorkDirectoryRepositories) { throw new ArgumentException($"Repository path '{repositoryPath}' should be located under agent's work directory '{workDirectory}'."); } else { throw new ArgumentException($"Repository path '{repositoryPath}' should be located under agent's build directory '{buildDirectory}'."); } } } private bool ShouldOverrideBuildDirectory(IList repositories, AgentSettings settings) { if (repositories?.Count == 1 && repositories[0].Type == RepositoryTypes.Tfvc) { return settings.IsMSHosted; } else { return false; } } public void CreateDirectory(IExecutionContext executionContext, string description, string path, bool deleteExisting) { ArgUtil.NotNull(executionContext, nameof(executionContext)); // Delete. if (deleteExisting) { executionContext.Debug($"Delete existing {description}: '{path}'"); DeleteDirectory(executionContext, description, path); } // Create. if (!Directory.Exists(path)) { executionContext.Debug($"Creating {description}: '{path}'"); Trace.Info($"Creating {description}."); Directory.CreateDirectory(path); } } private void DeleteDirectory(IExecutionContext executionContext, string description, string path) { Trace.Info($"Checking if {description} exists: '{path}'"); if (Directory.Exists(path)) { executionContext.Debug($"Deleting {description}: '{path}'"); IOUtil.DeleteDirectory(path, executionContext.CancellationToken); } } // Prefer variable over endpoint data when get build directory clean option. // Prefer agent.clean.builddirectory over build.clean when use variable // available value for build.clean or agent.clean.builddirectory: // Delete entire build directory if build.clean=all is set. // Recreate binaries dir if clean=binary is set. // Recreate source dir if clean=src is set. private BuildCleanOption GetBuildDirectoryCleanOption(IExecutionContext executionContext, WorkspaceOptions workspace) { BuildCleanOption? cleanOption = executionContext.Variables.Build_Clean; if (cleanOption != null) { return cleanOption.Value; } if (workspace == null) { return BuildCleanOption.None; } else { Dictionary workspaceClean = new Dictionary(StringComparer.OrdinalIgnoreCase); workspaceClean["clean"] = workspace.Clean; executionContext.Variables.ExpandValues(target: workspaceClean); VarUtil.ExpandEnvironmentVariables(HostContext, target: workspaceClean); string expandedClean = workspaceClean["clean"]; if (string.Equals(expandedClean, PipelineConstants.WorkspaceCleanOptions.All, StringComparison.OrdinalIgnoreCase)) { return BuildCleanOption.All; } else if (string.Equals(expandedClean, PipelineConstants.WorkspaceCleanOptions.Resources, StringComparison.OrdinalIgnoreCase)) { return BuildCleanOption.Source; } else if (string.Equals(expandedClean, PipelineConstants.WorkspaceCleanOptions.Outputs, StringComparison.OrdinalIgnoreCase)) { return BuildCleanOption.Binary; } else { return BuildCleanOption.None; } } } private string GetDefaultRepositoryPath( IExecutionContext executionContext, RepositoryResource repository, TrackingConfig newConfig ) { string repoPath = String.Empty; string workDirectory = HostContext.GetDirectory(WellKnownDirectory.Work); if (RepositoryUtil.HasMultipleCheckouts(executionContext.JobSettings)) { // If we have multiple checkouts they should all be rooted to the sources directory (_work/1/s/repo1) var repoSourceDirectory = newConfig?.RepositoryTrackingInfo.Where(item => string.Equals(item.Identifier, repository.Alias, StringComparison.OrdinalIgnoreCase)).Select(item => item.SourcesDirectory).FirstOrDefault(); if (repoSourceDirectory != null) { repoPath = Path.Combine(workDirectory, repoSourceDirectory); } else { repoPath = Path.Combine(workDirectory, newConfig.SourcesDirectory, RepositoryUtil.GetCloneDirectory(repository)); } } else { // For single checkouts, the repository is rooted to the sources folder (_work/1/s) repoPath = Path.Combine(workDirectory, newConfig.SourcesDirectory); } return repoPath; } } } ================================================ FILE: src/Agent.Worker/Build/BuildJobExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.IO; using System.Linq; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public sealed class BuildJobExtension : JobExtension { public override Type ExtensionType => typeof(IJobExtension); public override HostTypes HostType => HostTypes.Build; public override IStep GetExtensionPreJobStep(IExecutionContext jobContext) { return null; } public override IStep GetExtensionPostJobStep(IExecutionContext jobContext) { return null; } // 1. use source provide to solve path, if solved result is rooted, return full path. // 2. prefix default path root (build.sourcesDirectory), if result is rooted, return full path. public override string GetRootedPath(IExecutionContext context, string path) { string rootedPath = null; TryGetRepositoryInfo(context, out RepositoryInfo repoInfo); if (repoInfo.SourceProvider != null && repoInfo.PrimaryRepository != null && StringUtil.ConvertToBoolean(repoInfo.PrimaryRepository.Properties.Get("__AZP_READY"))) { path = repoInfo.SourceProvider.GetLocalPath(context, repoInfo.PrimaryRepository, path) ?? string.Empty; Trace.Info($"Build JobExtension resolving path use source provide: {path}"); if (!string.IsNullOrEmpty(path) && path.IndexOfAny(Path.GetInvalidPathChars()) < 0 && Path.IsPathRooted(path)) { try { rootedPath = Path.GetFullPath(path); Trace.Info($"Path resolved by source provider is a rooted path, return absolute path: {rootedPath}"); return rootedPath; } catch (Exception ex) { Trace.Info($"Path resolved by source provider is a rooted path, but it is not a full qualified path: {path}"); Trace.Error(ex); } } } string defaultPathRoot = null; if (RepositoryUtil.HasMultipleCheckouts(context.JobSettings)) { // If there are multiple checkouts, set the default directory to the sources root folder (_work/1/s) defaultPathRoot = context.Variables.Get(Constants.Variables.System.DefaultWorkingDirectory); Trace.Info($"The Default Path Root of Build JobExtension is system.defaultworkingdirectory: {defaultPathRoot}"); } else if (repoInfo.PrimaryRepository != null) { // If there is only one checkout/repository, set it to the repository path defaultPathRoot = repoInfo.PrimaryRepository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Trace.Info($"The Default Path Root of Build JobExtension is repository.path: {defaultPathRoot}"); } if (defaultPathRoot != null && defaultPathRoot.IndexOfAny(Path.GetInvalidPathChars()) < 0 && path != null && path.IndexOfAny(Path.GetInvalidPathChars()) < 0) { path = Path.Combine(defaultPathRoot, path); Trace.Info($"After prefix Default Path Root provide by JobExtension: {path}"); if (Path.IsPathRooted(path)) { try { rootedPath = Path.GetFullPath(path); Trace.Info($"Return absolute path after prefix DefaultPathRoot: {rootedPath}"); return rootedPath; } catch (Exception ex) { Trace.Error(ex); Trace.Info($"After prefix Default Path Root provide by JobExtension, the Path is a rooted path, but it is not full qualified, return the path: {path}."); return path; } } } return rootedPath; } public override void ConvertLocalPath(IExecutionContext context, string localPath, out string repoName, out string sourcePath) { repoName = ""; TryGetRepositoryInfoFromLocalPath(context, localPath, out RepositoryInfo repoInfo); // If no repo was found, send back an empty repo with original path. sourcePath = localPath; if (!string.IsNullOrEmpty(localPath) && File.Exists(localPath) && repoInfo.PrimaryRepository != null && repoInfo.SourceProvider != null) { // If we found a repo, calculate the relative path to the file var repoPath = repoInfo.PrimaryRepository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); if (!string.IsNullOrEmpty(repoPath)) { sourcePath = IOUtil.MakeRelative(localPath, repoPath); } } } // Prepare build directory // Set all build related variables public override void InitializeJobExtension(IExecutionContext executionContext, IList steps, Pipelines.WorkspaceOptions workspace) { // Validate args. Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); // This flag can be false for jobs like cleanup artifacts. // If syncSources = false, we will not set source related build variable, not create build folder, not sync source. bool syncSources = executionContext.Variables.Build_SyncSources ?? true; if (!syncSources) { Trace.Info($"{Constants.Variables.Build.SyncSources} = false, we will not set source related build variable, not create build folder and not sync source"); return; } // We set the variables based on the 'self' repository if (!TryGetRepositoryInfo(executionContext, out RepositoryInfo repoInfo)) { throw new Exception(StringUtil.Loc("SupportedRepositoryEndpointNotFound")); } executionContext.Debug($"Triggering repository: {repoInfo.TriggeringRepository.Properties.Get(Pipelines.RepositoryPropertyNames.Name)}. repository type: {repoInfo.TriggeringRepository.Type}"); // Set the repo variables. if (!string.IsNullOrEmpty(repoInfo.TriggeringRepository.Id)) // TODO: Move to const after source artifacts PR is merged. { executionContext.SetVariable(Constants.Variables.Build.RepoId, repoInfo.TriggeringRepository.Id); } // Repo containing the pipeline. executionContext.SetVariable(Constants.Variables.Build.PipelineRepoName, executionContext.GetVariableValueOrDefault(Constants.Variables.Build.RepoName)); executionContext.SetVariable(Constants.Variables.Build.RepoName, repoInfo.TriggeringRepository.Properties.Get(Pipelines.RepositoryPropertyNames.Name)); executionContext.SetVariable(Constants.Variables.Build.RepoProvider, ConvertToLegacyRepositoryType(repoInfo.TriggeringRepository.Type)); executionContext.SetVariable(Constants.Variables.Build.RepoUri, repoInfo.TriggeringRepository.Url?.AbsoluteUri); // Prepare the build directory. executionContext.Output(StringUtil.Loc("PrepareBuildDir")); var directoryManager = HostContext.GetService(); TrackingConfig trackingConfig = directoryManager.PrepareDirectory( executionContext, executionContext.Repositories, workspace); string _workDirectory = HostContext.GetDirectory(WellKnownDirectory.Work); string pipelineWorkspaceDirectory = Path.Combine(_workDirectory, trackingConfig.BuildDirectory); UpdateCheckoutTasksAndVariables(executionContext, steps, pipelineWorkspaceDirectory); // Get default value for RepoLocalPath variable string selfRepoPath = GetDefaultRepoLocalPathValue(executionContext, steps, trackingConfig, repoInfo); // Get the default value for working directory string defaultWorkingDirectoryPath = GetDefaultWorkingDirectoryRepoLocalPathValue(executionContext, steps, trackingConfig); // Set the directory variables. executionContext.Output(StringUtil.Loc("SetBuildVars")); executionContext.SetVariable(Constants.Variables.Agent.BuildDirectory, pipelineWorkspaceDirectory, isFilePath: true); executionContext.SetVariable(Constants.Variables.System.ArtifactsDirectory, Path.Combine(_workDirectory, trackingConfig.ArtifactsDirectory), isFilePath: true); executionContext.SetVariable(Constants.Variables.System.DefaultWorkingDirectory, Path.Combine(_workDirectory, defaultWorkingDirectoryPath), isFilePath: true); executionContext.SetVariable(Constants.Variables.Common.TestResultsDirectory, Path.Combine(_workDirectory, trackingConfig.TestResultsDirectory), isFilePath: true); executionContext.SetVariable(Constants.Variables.Build.BinariesDirectory, Path.Combine(_workDirectory, trackingConfig.BuildDirectory, Constants.Build.Path.BinariesDirectory), isFilePath: true); executionContext.SetVariable(Constants.Variables.Build.SourcesDirectory, Path.Combine(_workDirectory, trackingConfig.SourcesDirectory), isFilePath: true); executionContext.SetVariable(Constants.Variables.Build.StagingDirectory, Path.Combine(_workDirectory, trackingConfig.ArtifactsDirectory), isFilePath: true); executionContext.SetVariable(Constants.Variables.Build.ArtifactStagingDirectory, Path.Combine(_workDirectory, trackingConfig.ArtifactsDirectory), isFilePath: true); executionContext.SetVariable(Constants.Variables.Build.RepoLocalPath, Path.Combine(_workDirectory, selfRepoPath), isFilePath: true); executionContext.SetVariable(Constants.Variables.Pipeline.Workspace, pipelineWorkspaceDirectory, isFilePath: true); } private void UpdateCheckoutTasksAndVariables(IExecutionContext executionContext, IList steps, string pipelineWorkspaceDirectory) { bool? submoduleCheckout = null; // RepoClean may be set from the server, so start with the server value bool? repoCleanFromServer = executionContext.Variables.GetBoolean(Constants.Variables.Build.RepoClean); // The value for the global clean option will be set in this variable based on Self repository clean input if the global value weren't set by the server bool? repoCleanFromSelf = null; var checkoutTasks = steps.Where(x => x.IsCheckoutTask()).Select(x => x as TaskStep).ToList(); var hasOnlyOneCheckoutTask = checkoutTasks.Count == 1; foreach (var checkoutTask in checkoutTasks) { if (!checkoutTask.Inputs.TryGetValue(PipelineConstants.CheckoutTaskInputs.Repository, out string repositoryAlias)) { // If the checkout task isn't associated with a repo, just skip it Trace.Info($"Checkout task {checkoutTask.Name} does not have a repository property."); continue; } // Update the checkout "Clean" property for all repos, if the variable was set by the server. if (repoCleanFromServer.HasValue) { checkoutTask.Inputs[PipelineConstants.CheckoutTaskInputs.Clean] = repoCleanFromServer.Value.ToString(); } Trace.Info($"Checking repository name {repositoryAlias}"); // If this is the primary repository, use it to get the variable values // A repository is considered the primary one if the name is 'self' or if there is only // one checkout task. This is because Designer builds set the name of the repository something // other than 'self' if (hasOnlyOneCheckoutTask || RepositoryUtil.IsPrimaryRepositoryName(repositoryAlias)) { submoduleCheckout = checkoutTask.Inputs.ContainsKey(PipelineConstants.CheckoutTaskInputs.Submodules); if (!repoCleanFromServer.HasValue && checkoutTask.Inputs.TryGetValue(PipelineConstants.CheckoutTaskInputs.Clean, out string cleanInputValue)) { repoCleanFromSelf = Boolean.TryParse(cleanInputValue, out bool cleanValue) ? cleanValue : true; } } // Update the checkout task display name if not already set if (string.IsNullOrEmpty(checkoutTask.DisplayName) || string.Equals(checkoutTask.DisplayName, "Checkout", StringComparison.OrdinalIgnoreCase) || // this is the default for jobs string.Equals(checkoutTask.DisplayName, checkoutTask.Name, StringComparison.OrdinalIgnoreCase)) // this is the default for deployment jobs { var repository = RepositoryUtil.GetRepository(executionContext.Repositories, repositoryAlias); if (repository != null) { string repoName = repository.Properties.Get(RepositoryPropertyNames.Name); string version = RepositoryUtil.TrimStandardBranchPrefix(repository.Properties.Get(RepositoryPropertyNames.Ref)); string path = null; if (checkoutTask.Inputs.ContainsKey(PipelineConstants.CheckoutTaskInputs.Path)) { path = checkoutTask.Inputs[PipelineConstants.CheckoutTaskInputs.Path]; } else { path = IOUtil.MakeRelative(repository.Properties.Get(RepositoryPropertyNames.Path), pipelineWorkspaceDirectory); } checkoutTask.DisplayName = StringUtil.Loc("CheckoutTaskDisplayNameFormat", repoName, version, path); } else { Trace.Info($"Checkout task {checkoutTask.Name} has a repository property {repositoryAlias} that does not match any repository resource."); } } } // Set variables if (submoduleCheckout.HasValue) { executionContext.SetVariable(Constants.Variables.Build.RepoGitSubmoduleCheckout, submoduleCheckout.Value.ToString()); } // This condition is for maintaining backward compatibility. // Remove the if-else condition and keep only the context inside the 'else' to set the default value in future releases. if (AgentKnobs.DisableCleanRepoDefaultValue.GetValue(UtilKnobValueContext.Instance()).AsBoolean()) { if (repoCleanFromSelf.HasValue) { executionContext.SetVariable(Constants.Variables.Build.RepoClean, repoCleanFromSelf.Value.ToString()); } } else { executionContext.SetVariable(Constants.Variables.Build.RepoClean, repoCleanFromSelf.HasValue ? repoCleanFromSelf.Value.ToString() : "False"); } } private bool TryGetRepositoryInfoFromLocalPath(IExecutionContext executionContext, string localPath, out RepositoryInfo repoInfo) { // Return the matching repository resource and its source provider. Trace.Entering(); var repo = RepositoryUtil.GetRepositoryForLocalPath(executionContext.Repositories, localPath); repoInfo = new RepositoryInfo { PrimaryRepository = repo, SourceProvider = GetSourceProvider(executionContext, repo), }; return repoInfo.SourceProvider != null; } private bool TryGetRepositoryInfo(IExecutionContext executionContext, out RepositoryInfo repoInfo) { // Return the matching repository resource and its source provider. Trace.Entering(); var primaryRepo = RepositoryUtil.GetPrimaryRepository(executionContext.Repositories); var triggeringRepo = RepositoryUtil.GetTriggeringRepository(executionContext.Repositories); repoInfo = new RepositoryInfo { PrimaryRepository = primaryRepo, TriggeringRepository = triggeringRepo, SourceProvider = GetSourceProvider(executionContext, primaryRepo), }; return repoInfo.SourceProvider != null; } private ISourceProvider GetSourceProvider(IExecutionContext executionContext, RepositoryResource repository) { if (repository != null) { var extensionManager = HostContext.GetService(); List sourceProviders = extensionManager.GetExtensions(); var sourceProvider = sourceProviders.FirstOrDefault(x => string.Equals(x.RepositoryType, repository.Type, StringComparison.OrdinalIgnoreCase)); return sourceProvider; } return null; } private string ConvertToLegacyRepositoryType(string pipelineRepositoryType) { if (String.Equals(pipelineRepositoryType, Pipelines.RepositoryTypes.Bitbucket, StringComparison.OrdinalIgnoreCase)) { return "Bitbucket"; } else if (String.Equals(pipelineRepositoryType, Pipelines.RepositoryTypes.ExternalGit, StringComparison.OrdinalIgnoreCase)) { return "Git"; } else if (String.Equals(pipelineRepositoryType, Pipelines.RepositoryTypes.Git, StringComparison.OrdinalIgnoreCase)) { return "TfsGit"; } else if (String.Equals(pipelineRepositoryType, Pipelines.RepositoryTypes.GitHub, StringComparison.OrdinalIgnoreCase)) { return "GitHub"; } else if (String.Equals(pipelineRepositoryType, Pipelines.RepositoryTypes.GitHubEnterprise, StringComparison.OrdinalIgnoreCase)) { return "GitHubEnterprise"; } else if (String.Equals(pipelineRepositoryType, Pipelines.RepositoryTypes.Svn, StringComparison.OrdinalIgnoreCase)) { return "Svn"; } else if (String.Equals(pipelineRepositoryType, Pipelines.RepositoryTypes.Tfvc, StringComparison.OrdinalIgnoreCase)) { return "TfsVersionControl"; } else { throw new NotSupportedException(pipelineRepositoryType); } } private string GetDefaultRepoLocalPathValue(IExecutionContext executionContext, IList steps, TrackingConfig trackingConfig, RepositoryInfo repoInfo) { string selfRepoPath = null; // For saving backward compatibility with the behavior of the Build.RepoLocalPath that was before this PR https://github.com/microsoft/azure-pipelines-agent/pull/3237 // We need to change how we set the default value of this variable // We need to allow the setting of paths from RepositoryTrackingInfo for checkout tasks where path input was provided by the user // and this input is not point to the default location for this repository // This is the only case where the value of Build.RepoLocalPath variable is not pointing to the root of sources directory /s. // The new logic is not affecting single checkout jobs and jobs with multiple checkouts and default paths for Self repository if (RepositoryUtil.HasMultipleCheckouts(executionContext.JobSettings)) { // get checkout task for self repo var selfCheckoutTask = GetSelfCheckoutTask(steps); // Check if the task has path input with custom path, if so we need to set as a value of selfRepoPath the value of SourcesDirectory from RepositoryTrackingInfo if (IsCheckoutToCustomPath(trackingConfig, repoInfo, selfCheckoutTask)) { selfRepoPath = trackingConfig.RepositoryTrackingInfo .Where(repo => RepositoryUtil.IsPrimaryRepositoryName(repo.Identifier)) .Select(props => props.SourcesDirectory).FirstOrDefault(); } } // For single checkout jobs and multicheckout jobs with default paths set selfRepoPath to the default sources directory if (selfRepoPath == null) { selfRepoPath = trackingConfig.SourcesDirectory; } return selfRepoPath; } private string GetDefaultWorkingDirectoryRepoLocalPathValue(IExecutionContext executionContext, IList steps, TrackingConfig trackingConfig) { string defaultWorkingDirectoryRepoPath = null; if (RepositoryUtil.HasMultipleCheckouts(executionContext.JobSettings)) { // get checkout task for default working director repo var defaultWorkingDirectoryCheckoutTask = GetDefaultWorkingDirectoryCheckoutTask(steps); // Check if a task was found if (defaultWorkingDirectoryCheckoutTask != null && defaultWorkingDirectoryCheckoutTask.Inputs.TryGetValue(Pipelines.PipelineConstants.CheckoutTaskInputs.Repository, out string defaultWorkingDirectoryRepoAlias)) { defaultWorkingDirectoryRepoPath = trackingConfig.RepositoryTrackingInfo .Where(repo => string.Equals(repo.Identifier, defaultWorkingDirectoryRepoAlias, StringComparison.OrdinalIgnoreCase)) .Select(props => props.SourcesDirectory).FirstOrDefault(); } } // For single checkout jobs and multicheckout jobs with default paths set defaultWorkingDirectoryRepoPath to the default sources directory if (defaultWorkingDirectoryRepoPath == null) { defaultWorkingDirectoryRepoPath = trackingConfig.SourcesDirectory; } return defaultWorkingDirectoryRepoPath; } private bool IsCheckoutToCustomPath(TrackingConfig trackingConfig, RepositoryInfo repoInfo, TaskStep selfCheckoutTask) { string path; string selfRepoName = RepositoryUtil.GetCloneDirectory(repoInfo.PrimaryRepository.Properties.Get(Pipelines.RepositoryPropertyNames.Name)); string defaultRepoCheckoutPath = Path.GetFullPath(Path.Combine(trackingConfig.SourcesDirectory, selfRepoName)); return selfCheckoutTask != null && selfCheckoutTask.Inputs.TryGetValue(PipelineConstants.CheckoutTaskInputs.Path, out path) && !string.Equals(Path.GetFullPath(Path.Combine(trackingConfig.BuildDirectory, path)), defaultRepoCheckoutPath, IOUtil.FilePathStringComparison); } private TaskStep GetSelfCheckoutTask(IList steps) { return steps.Select(x => x as TaskStep) .Where(task => task.IsCheckoutTask() && task.Inputs.TryGetValue(PipelineConstants.CheckoutTaskInputs.Repository, out string repositoryAlias) && RepositoryUtil.IsPrimaryRepositoryName(repositoryAlias)).FirstOrDefault(); } public static TaskStep GetDefaultWorkingDirectoryCheckoutTask(IList steps) { return steps.Select(x => x as TaskStep) .Where(task => task.IsCheckoutTask() && task.Inputs.TryGetValue(Pipelines.PipelineConstants.CheckoutTaskInputs.WorkspaceRepo, out string isDefaultWorkingDirectoryCheckout) && StringUtil.ConvertToBoolean(isDefaultWorkingDirectoryCheckout)).FirstOrDefault(); } private class RepositoryInfo { public Pipelines.RepositoryResource PrimaryRepository { set; get; } public Pipelines.RepositoryResource TriggeringRepository { set; get; } public ISourceProvider SourceProvider { set; get; } } } } ================================================ FILE: src/Agent.Worker/Build/BuildServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.Core.WebApi; using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Build2 = Microsoft.TeamFoundation.Build.WebApi; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { [ServiceLocator(Default = typeof(BuildServer))] public interface IBuildServer : IAgentService { Task ConnectAsync(VssConnection jobConnection); Task AssociateArtifactAsync( int buildId, Guid projectId, string name, string jobId, string type, string data, Dictionary propertiesDictionary, CancellationToken cancellationToken = default(CancellationToken)); Task UpdateBuildNumber( int buildId, Guid projectId, string buildNumber, CancellationToken cancellationToken = default(CancellationToken)); Task> AddBuildTag( int buildId, Guid projectId, string buildTag, CancellationToken cancellationToken = default(CancellationToken)); } public class BuildServer : AgentService, IBuildServer { private VssConnection _connection; private Build2.BuildHttpClient _buildHttpClient; public async Task ConnectAsync(VssConnection jobConnection) { ArgUtil.NotNull(jobConnection, nameof(jobConnection)); _connection = jobConnection; int attemptCount = 5; while (!_connection.HasAuthenticated && attemptCount-- > 0) { try { await _connection.ConnectAsync(); break; } catch (Exception ex) when (attemptCount > 0) { Trace.Info($"Catch exception during connect. {attemptCount} attempt(s) left."); Trace.Error(ex); } await Task.Delay(100); } _buildHttpClient = _connection.GetClient(); } public async Task AssociateArtifactAsync( int buildId, Guid projectId, string name, string jobId, string type, string data, Dictionary propertiesDictionary, CancellationToken cancellationToken = default(CancellationToken)) { Build2.BuildArtifact artifact = new Build2.BuildArtifact() { Name = name, Source = jobId, Resource = new Build2.ArtifactResource() { Data = data, Type = type, Properties = propertiesDictionary } }; return await _buildHttpClient.CreateArtifactAsync(artifact, projectId, buildId, cancellationToken: cancellationToken); } public async Task UpdateBuildNumber( int buildId, Guid projectId, string buildNumber, CancellationToken cancellationToken = default(CancellationToken)) { Build2.Build build = new Build2.Build() { Id = buildId, BuildNumber = buildNumber, Project = new TeamProjectReference() { Id = projectId, }, }; return await _buildHttpClient.UpdateBuildAsync(build, cancellationToken: cancellationToken); } public async Task> AddBuildTag( int buildId, Guid projectId, string buildTag, CancellationToken cancellationToken = default(CancellationToken)) { return await _buildHttpClient.AddBuildTagAsync(projectId, buildId, buildTag, cancellationToken: cancellationToken); } } } ================================================ FILE: src/Agent.Worker/Build/Enums.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public enum BuildCleanOption { None, Source, Binary, All, } } ================================================ FILE: src/Agent.Worker/Build/FileContainerServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk.Knob; using Agent.Sdk.Util; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Blob; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.BlobStore.Common; using Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts; using Microsoft.VisualStudio.Services.FileContainer.Client; using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using System.Diagnostics; using Microsoft.VisualStudio.Services.WebApi; using System.Net.Http; using System.Net; using System.Net.Sockets; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public class FileContainerServer { private readonly ConcurrentQueue _fileUploadQueue = new ConcurrentQueue(); private readonly ConcurrentDictionary> _fileUploadTraceLog = new ConcurrentDictionary>(); private readonly ConcurrentDictionary> _fileUploadProgressLog = new ConcurrentDictionary>(); private readonly FileContainerHttpClient _fileContainerHttpClient; private readonly VssConnection _connection; private CancellationTokenSource _uploadCancellationTokenSource; private TaskCompletionSource _uploadFinished; private Guid _projectId; private long _containerId; private string _containerPath; private int _filesProcessed = 0; private string _sourceParentDirectory; [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "fileContainerClientConnection")] public FileContainerServer( VssConnection connection, Guid projectId, long containerId, string containerPath) { ArgUtil.NotNull(connection, nameof(connection)); this._connection = connection; _projectId = projectId; _containerId = containerId; _containerPath = containerPath; // default file upload request timeout to 600 seconds var fileContainerClientConnectionSetting = connection.Settings.Clone(); if (fileContainerClientConnectionSetting.SendTimeout < TimeSpan.FromSeconds(600)) { fileContainerClientConnectionSetting.SendTimeout = TimeSpan.FromSeconds(600); } var fileContainerClientConnection = new VssConnection(connection.Uri, connection.Credentials, fileContainerClientConnectionSetting); _fileContainerHttpClient = fileContainerClientConnection.GetClient(); } public async Task CopyToContainerAsync( IAsyncCommandContext context, String source, CancellationToken cancellationToken) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(source, nameof(source)); //set maxConcurrentUploads up to 2 until figure out how to use WinHttpHandler.MaxConnectionsPerServer modify DefaultConnectionLimit int maxConcurrentUploads = Math.Min(Environment.ProcessorCount, 2); //context.Output($"Max Concurrent Uploads {maxConcurrentUploads}"); List files; if (File.Exists(source)) { files = new List() { source }; _sourceParentDirectory = Path.GetDirectoryName(source); } else { files = Directory.EnumerateFiles(source, "*", SearchOption.AllDirectories).ToList(); _sourceParentDirectory = source.TrimEnd(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar); } context.Output(StringUtil.Loc("TotalUploadFiles", files.Count())); using (_uploadCancellationTokenSource = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken)) { // hook up reporting event from file container client. _fileContainerHttpClient.UploadFileReportTrace += UploadFileTraceReportReceived; _fileContainerHttpClient.UploadFileReportProgress += UploadFileProgressReportReceived; try { var uploadToBlob = String.Equals(context.GetVariableValueOrDefault(WellKnownDistributedTaskVariables.UploadBuildArtifactsToBlob), "true", StringComparison.InvariantCultureIgnoreCase) && !AgentKnobs.DisableBuildArtifactsToBlob.GetValue(context).AsBoolean(); // try upload all files for the first time. UploadResult uploadResult = null; if (uploadToBlob) { try { uploadResult = await BlobUploadAsync(context, files, maxConcurrentUploads, _uploadCancellationTokenSource.Token); } catch { // Fall back to FCS upload if we cannot upload to blob uploadToBlob = false; } } if (!uploadToBlob) { uploadResult = await ParallelUploadAsync(context, files, maxConcurrentUploads, _uploadCancellationTokenSource.Token); } if (uploadResult.FailedFiles.Count == 0) { // all files have been upload succeed. context.Output(StringUtil.Loc("FileUploadSucceed")); return uploadResult.TotalFileSizeUploaded; } else { context.Output(StringUtil.Loc("FileUploadFailedRetryLater", uploadResult.FailedFiles.Count)); } // Delay 1 min then retry failed files. for (int timer = 60; timer > 0; timer -= 5) { context.Output(StringUtil.Loc("FileUploadRetryInSecond", timer)); await Task.Delay(TimeSpan.FromSeconds(5), _uploadCancellationTokenSource.Token); } // Retry upload all failed files. context.Output(StringUtil.Loc("FileUploadRetry", uploadResult.FailedFiles.Count)); UploadResult retryUploadResult; if (uploadToBlob) { retryUploadResult = await BlobUploadAsync(context, uploadResult.FailedFiles, maxConcurrentUploads, _uploadCancellationTokenSource.Token); } else { retryUploadResult = await ParallelUploadAsync(context, uploadResult.FailedFiles, maxConcurrentUploads, _uploadCancellationTokenSource.Token); } if (retryUploadResult.FailedFiles.Count == 0) { // all files have been upload succeed after retry. context.Output(StringUtil.Loc("FileUploadRetrySucceed")); return uploadResult.TotalFileSizeUploaded + retryUploadResult.TotalFileSizeUploaded; } else { throw new Exception(StringUtil.Loc("FileUploadFailedAfterRetry")); } } finally { _fileContainerHttpClient.UploadFileReportTrace -= UploadFileTraceReportReceived; _fileContainerHttpClient.UploadFileReportProgress -= UploadFileProgressReportReceived; } } } private async Task ParallelUploadAsync(IAsyncCommandContext context, IReadOnlyList files, int concurrentUploads, CancellationToken token) { // return files that fail to upload and total artifact size var uploadResult = new UploadResult(); // nothing needs to upload if (files.Count == 0) { return uploadResult; } // ensure the file upload queue is empty. if (!_fileUploadQueue.IsEmpty) { throw new ArgumentOutOfRangeException(nameof(_fileUploadQueue)); } // enqueue file into upload queue. foreach (var file in files) { _fileUploadQueue.Enqueue(file); } // Start upload monitor task. _filesProcessed = 0; _uploadFinished = new TaskCompletionSource(); _fileUploadTraceLog.Clear(); _fileUploadProgressLog.Clear(); Task uploadMonitor = ReportingAsync(context, files.Count(), _uploadCancellationTokenSource.Token); // Start parallel upload tasks. List> parallelUploadingTasks = new List>(); for (int uploader = 0; uploader < concurrentUploads; uploader++) { parallelUploadingTasks.Add(UploadAsync(context, uploader, _uploadCancellationTokenSource.Token)); } // Wait for parallel upload finish. await Task.WhenAll(parallelUploadingTasks); foreach (var uploadTask in parallelUploadingTasks) { // record all failed files. uploadResult.AddUploadResult(await uploadTask); } // Stop monitor task; _uploadFinished.TrySetResult(0); await uploadMonitor; return uploadResult; } private async Task UploadAsync(IAsyncCommandContext context, int uploaderId, CancellationToken token) { List failedFiles = new List(); long uploadedSize = 0; string fileToUpload; Stopwatch uploadTimer = new Stopwatch(); while (_fileUploadQueue.TryDequeue(out fileToUpload)) { token.ThrowIfCancellationRequested(); try { string itemPath = (_containerPath.TrimEnd('/') + "/" + fileToUpload.Remove(0, _sourceParentDirectory.Length + 1)).Replace('\\', '/'); if (AgentKnobs.EnableFCSItemPathFix.GetValue(context).AsBoolean()) { string fileName = fileToUpload.Replace(_sourceParentDirectory, string.Empty).Replace("\\", string.Empty).Replace("/", string.Empty); itemPath = (_containerPath.TrimEnd('/') + "/" + fileName).Replace("\\", "/"); } uploadTimer.Restart(); bool catchExceptionDuringUpload = false; HttpResponseMessage response = null; long uploadLength = 0; try { using (FileStream fs = File.Open(fileToUpload, FileMode.Open, FileAccess.Read, FileShare.Read)) { response = await _fileContainerHttpClient.UploadFileAsync(_containerId, itemPath, fs, _projectId, cancellationToken: token, chunkSize: 4 * 1024 * 1024); uploadLength = fs.Length; } } catch (OperationCanceledException) when (token.IsCancellationRequested) { context.Output(StringUtil.Loc("FileUploadCancelled", fileToUpload)); if (response != null) { response.Dispose(); response = null; } throw; } catch (Exception ex) { catchExceptionDuringUpload = true; context.Output(StringUtil.Loc("FileUploadFailed", fileToUpload, ex.Message)); context.Output(ex.ToString()); } uploadTimer.Stop(); if (catchExceptionDuringUpload || (response != null && response.StatusCode != HttpStatusCode.Created)) { if (response != null) { context.Output(StringUtil.Loc("FileContainerUploadFailed", response.StatusCode, response.ReasonPhrase, fileToUpload, itemPath)); } // output detail upload trace for the file. ConcurrentQueue logQueue; if (_fileUploadTraceLog.TryGetValue(itemPath, out logQueue)) { context.Output(StringUtil.Loc("FileUploadDetailTrace", itemPath)); string message; while (logQueue.TryDequeue(out message)) { context.Output(message); } } // tracking file that failed to upload. failedFiles.Add(fileToUpload); } else { context.Debug(StringUtil.Loc("FileUploadFinish", fileToUpload, uploadTimer.ElapsedMilliseconds)); uploadedSize += uploadLength; // debug detail upload trace for the file. ConcurrentQueue logQueue; if (_fileUploadTraceLog.TryGetValue(itemPath, out logQueue)) { context.Debug($"Detail upload trace for file: {itemPath}"); string message; while (logQueue.TryDequeue(out message)) { context.Debug(message); } } } if (response != null) { response.Dispose(); response = null; } Interlocked.Increment(ref _filesProcessed); } catch (Exception ex) { context.Output(StringUtil.Loc("FileUploadFileOpenFailed", ex.Message, fileToUpload)); throw; } } return new UploadResult(failedFiles, uploadedSize); } public static string CreateDomainHash(IDomainId domainId, DedupIdentifier dedupId) { if (domainId != WellKnownDomainIds.DefaultDomainId) { // Only use the new format domainId,dedupId if we aren't going to the default domain as this is a breaking change: return $"{domainId.Serialize()},{dedupId.ValueString}"; } // We are still uploading to the default domain so use the don't use the new format: return dedupId.ValueString; } private async Task BlobUploadAsync(IAsyncCommandContext context, IReadOnlyList files, int concurrentUploads, CancellationToken token) { // return files that fail to upload and total artifact size var uploadResult = new UploadResult(); // nothing needs to upload if (files.Count == 0) { return uploadResult; } DedupStoreClient dedupClient = null; BlobStoreClientTelemetryTfs clientTelemetry = null; try { var verbose = String.Equals(context.GetVariableValueOrDefault("system.debug"), "true", StringComparison.InvariantCultureIgnoreCase); Action tracer = (str) => context.Output(str); var clientSettings = await BlobstoreClientSettings.GetClientSettingsAsync( _connection, Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts.Client.BuildArtifact, DedupManifestArtifactClientFactory.CreateArtifactsTracer(verbose, tracer), token); int maxParallelism = context.GetHostContext().GetService().GetSettings().MaxDedupParallelism; if (maxParallelism == 0) { // if we have a client setting for max parallelism, use that: maxParallelism = DedupManifestArtifactClientFactory.Instance.GetDedupStoreClientMaxParallelism(clientSettings, msg => context.Output(msg)); } // Check if the pipeline has an override domain set, if not, use the default domain from the client settings. string overrideDomain = AgentKnobs.SendBuildArtifactsToBlobstoreDomain.GetValue(context).AsString(); IDomainId domainId = String.IsNullOrWhiteSpace(overrideDomain) ? clientSettings.GetDefaultDomainId() : DomainIdFactory.Create(overrideDomain); (dedupClient, clientTelemetry) = DedupManifestArtifactClientFactory.Instance .CreateDedupClient( _connection, domainId, maxParallelism, clientSettings.GetRedirectTimeout(), verbose, tracer, token); // Upload to blobstore var results = await BlobStoreUtils.UploadBatchToBlobstore(verbose, files, (level, uri, type) => new BuildArtifactActionRecord(level, uri, type, nameof(BlobUploadAsync), context), tracer, dedupClient, clientTelemetry, token, enableReporting: true); // Associate with TFS context.Output(StringUtil.Loc("AssociateFiles")); var queue = new ConcurrentQueue(); foreach (var file in results.fileDedupIds) { queue.Enqueue(file); } // Start associate monitor var uploadFinished = new TaskCompletionSource(); var associateMonitor = AssociateReportingAsync(context, files.Count(), uploadFinished, token); // Start parallel associate tasks. var parallelAssociateTasks = new List>(); for (int uploader = 0; uploader < concurrentUploads; uploader++) { parallelAssociateTasks.Add(AssociateAsync(context, domainId, queue, token)); } // Wait for parallel associate tasks to finish. await Task.WhenAll(parallelAssociateTasks); foreach (var associateTask in parallelAssociateTasks) { // record all failed files. uploadResult.AddUploadResult(await associateTask); } // Stop monitor task uploadFinished.SetResult(0); await associateMonitor; // report telemetry if (!Guid.TryParse(context.GetVariableValueOrDefault(WellKnownDistributedTaskVariables.PlanId), out var planId)) { planId = Guid.Empty; } if (!Guid.TryParse(context.GetVariableValueOrDefault(WellKnownDistributedTaskVariables.JobId), out var jobId)) { jobId = Guid.Empty; } await clientTelemetry.CommitTelemetryUpload(planId, jobId); } catch (SocketException e) { ExceptionsUtil.HandleSocketException(e, this._connection.Uri.ToString(), context.Warn); throw; } catch { var blobStoreHost = dedupClient.Client.BaseAddress.Host; var allowListLink = BlobStoreWarningInfoProvider.GetAllowListLinkForCurrentPlatform(); var warningMessage = StringUtil.Loc("BlobStoreUploadWarning", blobStoreHost, allowListLink); context.Warn(warningMessage); throw; } return uploadResult; } private async Task AssociateAsync(IAsyncCommandContext context, IDomainId domainId, ConcurrentQueue associateQueue, CancellationToken token) { var uploadResult = new UploadResult(); var retryHelper = new RetryHelper(context); var uploadTimer = new Stopwatch(); while (associateQueue.TryDequeue(out var file)) { uploadTimer.Restart(); string itemPath = (_containerPath.TrimEnd('/') + "/" + file.Path.Remove(0, _sourceParentDirectory.Length + 1)).Replace('\\', '/'); if (AgentKnobs.EnableFCSItemPathFix.GetValue(context).AsBoolean()) { string fileName = file.Path.Replace(_sourceParentDirectory, string.Empty).Replace("\\", string.Empty).Replace("/", string.Empty); itemPath = (_containerPath.TrimEnd('/') + "/" + fileName).Replace("\\", "/"); } bool catchExceptionDuringUpload = false; HttpResponseMessage response = null; try { if (file.Success) { var length = (long)file.Node.TransitiveContentBytes; response = await retryHelper.Retry(async () => await _fileContainerHttpClient.CreateItemForArtifactUpload(_containerId, itemPath, _projectId, CreateDomainHash(domainId, file.DedupId), length, token), (retryCounter) => (int)Math.Pow(retryCounter, 2) * 5, (exception) => true); uploadResult.TotalFileSizeUploaded += length; } } catch (OperationCanceledException) when (token.IsCancellationRequested) { context.Output(StringUtil.Loc("FileUploadCancelled", itemPath)); if (response != null) { response.Dispose(); } throw; } catch (Exception ex) { catchExceptionDuringUpload = true; context.Output(StringUtil.Loc("FileUploadFailed", itemPath, ex.Message)); context.Output(ex.ToString()); } if (catchExceptionDuringUpload || (response != null && response.StatusCode != HttpStatusCode.Created) || !file.Success) { if (response != null) { context.Output(StringUtil.Loc("FileContainerUploadFailed", response.StatusCode, response.ReasonPhrase, file.Path, itemPath)); } if (!file.Success) { context.Output(StringUtil.Loc("FileContainerUploadFailedBlob", file.Path, itemPath)); } // tracking file that failed to upload. uploadResult.FailedFiles.Add(file.Path); } else { context.Debug(StringUtil.Loc("FileUploadFinish", file.Path, uploadTimer.ElapsedMilliseconds)); } if (response != null) { response.Dispose(); } Interlocked.Increment(ref _filesProcessed); } return uploadResult; } private async Task ReportingAsync(IAsyncCommandContext context, int totalFiles, CancellationToken token) { int traceInterval = 0; while (!_uploadFinished.Task.IsCompleted && !token.IsCancellationRequested) { bool hasDetailProgress = false; foreach (var file in _fileUploadProgressLog) { string message; while (file.Value.TryDequeue(out message)) { hasDetailProgress = true; context.Output(message); } } // trace total file progress every 25 seconds when there is no file level detail progress if (++traceInterval % 2 == 0 && !hasDetailProgress) { context.Output(StringUtil.Loc("FileUploadProgress", totalFiles, _filesProcessed, (_filesProcessed * 100) / totalFiles)); } await Task.WhenAny(_uploadFinished.Task, Task.Delay(5000, token)); } } private async Task AssociateReportingAsync(IAsyncCommandContext context, int totalFiles, TaskCompletionSource uploadFinished, CancellationToken token) { while (!uploadFinished.Task.IsCompleted && !token.IsCancellationRequested) { context.Output(StringUtil.Loc("FileAssociateProgress", totalFiles, _filesProcessed, (_filesProcessed * 100) / totalFiles)); await Task.WhenAny(uploadFinished.Task, Task.Delay(10000, token)); } } private void UploadFileTraceReportReceived(object sender, ReportTraceEventArgs e) { ConcurrentQueue logQueue = _fileUploadTraceLog.GetOrAdd(e.File, new ConcurrentQueue()); logQueue.Enqueue(e.Message); } private void UploadFileProgressReportReceived(object sender, ReportProgressEventArgs e) { ConcurrentQueue progressQueue = _fileUploadProgressLog.GetOrAdd(e.File, new ConcurrentQueue()); progressQueue.Enqueue(StringUtil.Loc("FileUploadProgressDetail", e.File, (e.CurrentChunk * 100) / e.TotalChunks)); } } } ================================================ FILE: src/Agent.Worker/Build/GitCommandManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Text.RegularExpressions; using System.Threading; using System.Threading.Tasks; using System.IO; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { [ServiceLocator(Default = typeof(GitCommandManager))] public interface IGitCommandManager : IAgentService { bool EnsureGitVersion(Version requiredVersion, bool throwOnNotMatch); bool EnsureGitLFSVersion(Version requiredVersion, bool throwOnNotMatch); (string resolvedGitPath, string resolvedGitLfsPath) GetInternalGitPaths(); // setup git execution info, git location, version, useragent, execpath Task LoadGitExecutionInfo(IExecutionContext context, bool useBuiltInGit, Dictionary gitEnv = null); // git init Task GitInit(IExecutionContext context, string repositoryPath); // git fetch --tags --prune --progress --no-recurse-submodules [--depth=15] origin [+refs/pull/*:refs/remote/pull/*] Task GitFetch(IExecutionContext context, string repositoryPath, string remoteName, int fetchDepth, bool fetchTags, List refSpec, string additionalCommandLine, CancellationToken cancellationToken); // git lfs fetch origin [ref] Task GitLFSFetch(IExecutionContext context, string repositoryPath, string remoteName, string refSpec, string additionalCommandLine, CancellationToken cancellationToken); // git checkout -f --progress Task GitCheckout(IExecutionContext context, string repositoryPath, string committishOrBranchSpec, CancellationToken cancellationToken); // git clean -ffdx Task GitClean(IExecutionContext context, string repositoryPath); // git reset --hard HEAD Task GitReset(IExecutionContext context, string repositoryPath); // get remote add Task GitRemoteAdd(IExecutionContext context, string repositoryPath, string remoteName, string remoteUrl); // get remote set-url Task GitRemoteSetUrl(IExecutionContext context, string repositoryPath, string remoteName, string remoteUrl); // get remote set-url --push Task GitRemoteSetPushUrl(IExecutionContext context, string repositoryPath, string remoteName, string remoteUrl); // git submodule foreach --recursive "git clean -ffdx" Task GitSubmoduleClean(IExecutionContext context, string repositoryPath); // git submodule foreach --recursive "git reset --hard HEAD" Task GitSubmoduleReset(IExecutionContext context, string repositoryPath); // git submodule update --init --force [--depth=15] [--recursive] Task GitSubmoduleUpdate(IExecutionContext context, string repositoryPath, int fetchDepth, string additionalCommandLine, bool recursive, CancellationToken cancellationToken); // git submodule sync [--recursive] Task GitSubmoduleSync(IExecutionContext context, string repositoryPath, bool recursive, CancellationToken cancellationToken); // git config --get remote.origin.url Task GitGetFetchUrl(IExecutionContext context, string repositoryPath); // git config Task GitConfig(IExecutionContext context, string repositoryPath, string configKey, string configValue); // git config --get-all Task GitConfigExist(IExecutionContext context, string repositoryPath, string configKey); // git config --unset-all Task GitConfigUnset(IExecutionContext context, string repositoryPath, string configKey); // git config gc.auto 0 Task GitDisableAutoGC(IExecutionContext context, string repositoryPath); // git lfs version Task GitLfsVersion(IExecutionContext context); // git lfs install --local Task GitLFSInstall(IExecutionContext context, string repositoryPath); // git lfs logs last Task GitLFSLogs(IExecutionContext context, string repositoryPath); // git repack -adfl Task GitRepack(IExecutionContext context, string repositoryPath); // git prune Task GitPrune(IExecutionContext context, string repositoryPath); // git lfs prune Task GitLFSPrune(IExecutionContext context, string repositoryPath); // git count-objects -v -H Task GitCountObjects(IExecutionContext context, string repositoryPath); // git version Task GitVersion(IExecutionContext context); // git status Task GitStatus(IExecutionContext context, string repositoryPath); } public class GitCommandManager : AgentService, IGitCommandManager { private static Encoding _encoding { get => PlatformUtil.RunningOnWindows ? Encoding.UTF8 : null; } private string _gitHttpUserAgentEnv = null; private string _gitPath = null; private Version _gitVersion = null; private string _gitLfsPath = null; private Version _gitLfsVersion = null; private Dictionary _gitEnv = new Dictionary(StringComparer.OrdinalIgnoreCase) { { "GIT_TERMINAL_PROMPT", "0" }, }; public bool EnsureGitVersion(Version requiredVersion, bool throwOnNotMatch) { ArgUtil.NotNull(_gitVersion, nameof(_gitVersion)); if (_gitPath == null) { throw new InvalidOperationException("Could not find Git installed on the system. Please make sure GIT is installed and available in the PATH."); } if (_gitVersion < requiredVersion && throwOnNotMatch) { throw new NotSupportedException(StringUtil.Loc("MinRequiredGitVersion", requiredVersion, _gitPath, _gitVersion)); } return _gitVersion >= requiredVersion; } public bool EnsureGitLFSVersion(Version requiredVersion, bool throwOnNotMatch) { ArgUtil.NotNull(_gitLfsVersion, nameof(_gitLfsVersion)); if (_gitLfsPath == null) { throw new InvalidOperationException("Could not find Git LFS installed on the system. Please make sure GIT LFS is installed and available in the PATH."); } if (_gitLfsVersion < requiredVersion && throwOnNotMatch) { throw new NotSupportedException(StringUtil.Loc("MinRequiredGitLfsVersion", requiredVersion, _gitLfsPath, _gitLfsVersion)); } return _gitLfsVersion >= requiredVersion; } public (string resolvedGitPath, string resolvedGitLfsPath) GetInternalGitPaths() { string externalsDirectoryPath = HostContext.GetDirectory(WellKnownDirectory.Externals); ArgUtil.NotNullOrEmpty(externalsDirectoryPath, nameof(WellKnownDirectory.Externals)); string gitPath = Path.Combine(externalsDirectoryPath, "git", "cmd", $"git.exe"); string gitLfsPath; if (PlatformUtil.BuiltOnX86) { gitLfsPath = Path.Combine(externalsDirectoryPath, "git", "mingw32", "bin", $"git-lfs.exe"); } else { gitLfsPath = Path.Combine(externalsDirectoryPath, "git", "mingw64", "bin", $"git-lfs.exe"); } return (gitPath, gitLfsPath); } public async Task LoadGitExecutionInfo(IExecutionContext context, bool useBuiltInGit, Dictionary gitEnv = null) { if (gitEnv != null) { foreach (var env in gitEnv) { if (!string.IsNullOrEmpty(env.Key)) { _gitEnv[env.Key] = env.Value ?? string.Empty; } } } // Resolve the location of git. if (useBuiltInGit) { _gitPath = null; // The Windows agent ships a copy of Git if (PlatformUtil.RunningOnWindows) { context.Debug("Git paths are resolving from internal dependencies"); (_gitPath, _gitLfsPath) = GetInternalGitPaths(); // Prepend the PATH. context.Output(StringUtil.Loc("Prepending0WithDirectoryContaining1", Constants.PathVariable, Path.GetFileName(_gitPath))); // We need to prepend git-lfs path first so that we call // externals/git/cmd/git.exe instead of externals/git/mingw**/bin/git.exe PathUtil.PrependPath(Path.GetDirectoryName(_gitLfsPath)); PathUtil.PrependPath(Path.GetDirectoryName(_gitPath)); context.Debug($"{Constants.PathVariable}: '{Environment.GetEnvironmentVariable(Constants.PathVariable)}'"); } } else { _gitPath = WhichUtil.Which("git", require: true, trace: Trace); _gitLfsPath = WhichUtil.Which("git-lfs", require: false, trace: Trace); } ArgUtil.File(_gitPath, nameof(_gitPath)); // Get the Git version. _gitVersion = await GitVersion(context); ArgUtil.NotNull(_gitVersion, nameof(_gitVersion)); context.Debug($"Detect git version: {_gitVersion.ToString()}."); // Get the Git-LFS version if git-lfs exist in %PATH%. if (!string.IsNullOrEmpty(_gitLfsPath)) { _gitLfsVersion = await GitLfsVersion(context); context.Debug($"Detect git-lfs version: '{_gitLfsVersion?.ToString() ?? string.Empty}'."); } // required 2.0, all git operation commandline args need min git version 2.0 Version minRequiredGitVersion = new Version(2, 0); EnsureGitVersion(minRequiredGitVersion, throwOnNotMatch: true); // suggest user upgrade to 2.17 for better git experience Version recommendGitVersion = new Version(2, 17); if (!EnsureGitVersion(recommendGitVersion, throwOnNotMatch: false)) { context.Output(StringUtil.Loc("UpgradeToLatestGit", recommendGitVersion, _gitVersion)); } // Set the user agent. _gitHttpUserAgentEnv = $"git/{_gitVersion.ToString()} (vsts-agent-git/{BuildConstants.AgentPackage.Version})"; context.Debug($"Set git useragent to: {_gitHttpUserAgentEnv}."); } // git init public async Task GitInit(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(repositoryPath, nameof(repositoryPath)); context.Debug($"Init git repository at: {repositoryPath}."); string repoRootEscapeSpace = StringUtil.Format(@"""{0}""", repositoryPath.Replace(@"""", @"\""")); return await ExecuteGitCommandAsync(context, repositoryPath, "init", StringUtil.Format($"{repoRootEscapeSpace}")); } // git fetch --tags --prune --progress --no-recurse-submodules [--depth=15] origin [+refs/pull/*:refs/remote/pull/*] public async Task GitFetch(IExecutionContext context, string repositoryPath, string remoteName, int fetchDepth, bool fetchTags, List refSpec, string additionalCommandLine, CancellationToken cancellationToken) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Fetch git repository at: {repositoryPath} remote: {remoteName}."); if (refSpec != null && refSpec.Count > 0) { refSpec = refSpec.Where(r => !string.IsNullOrEmpty(r)).ToList(); } string tags = "--tags"; if (!fetchTags) { tags = "--no-tags"; } // insert prune-tags if DisableFetchPruneTags knob is false and Git version is above 2.17 string pruneTags = string.Empty; if (EnsureGitVersion(new Version(2, 17), throwOnNotMatch: false) && !AgentKnobs.DisableFetchPruneTags.GetValue(context).AsBoolean()) { pruneTags = "--prune-tags"; } // If shallow fetch add --depth arg // If the local repository is shallowed but there is no fetch depth provide for this build, // add --unshallow to convert the shallow repository to a complete repository string depth = fetchDepth > 0 ? $"--depth={fetchDepth}" : (File.Exists(Path.Combine(repositoryPath, ".git", "shallow")) ? "--unshallow" : string.Empty); //define options for fetch string options = $"{tags} --prune {pruneTags} --progress --no-recurse-submodules {remoteName} {depth} {string.Join(" ", refSpec)}"; return await ExecuteGitCommandAsync(context, repositoryPath, "fetch", options, additionalCommandLine, cancellationToken); } // git lfs fetch origin [ref] public async Task GitLFSFetch(IExecutionContext context, string repositoryPath, string remoteName, string refSpec, string additionalCommandLine, CancellationToken cancellationToken) { ArgUtil.NotNull(context, nameof(context)); string lfsconfig = ".lfsconfig"; context.Debug($"Checkout {lfsconfig} for git repository at: {repositoryPath} remote: {remoteName}."); // default options for git checkout .lfsconfig string options = StringUtil.Format($"{refSpec} -- {lfsconfig}"); int exitCodeLfsConfigCheckout = await ExecuteGitCommandAsync(context, repositoryPath, "checkout", options, additionalCommandLine, cancellationToken); if (exitCodeLfsConfigCheckout != 0) { context.Debug("There were some issues while checkout of .lfsconfig - probably because this file does not exist (see message above for more details). Continue fetching."); } context.Debug($"Fetch LFS objects for git repository at: {repositoryPath} remote: {remoteName}."); // default options for git lfs fetch. options = StringUtil.Format($"fetch origin {refSpec}"); return await ExecuteGitCommandAsync(context, repositoryPath, "lfs", options, additionalCommandLine, cancellationToken); } // git checkout -f --progress public async Task GitCheckout(IExecutionContext context, string repositoryPath, string committishOrBranchSpec, CancellationToken cancellationToken) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Checkout {committishOrBranchSpec}."); // Git 2.7 support report checkout progress to stderr during stdout/err redirect. string options; if (_gitVersion >= new Version(2, 7)) { options = StringUtil.Format("--progress --force {0}", committishOrBranchSpec); } else { options = StringUtil.Format("--force {0}", committishOrBranchSpec); } return await ExecuteGitCommandAsync(context, repositoryPath, "checkout", options, cancellationToken); } // git clean -ffdx public async Task GitClean(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Delete untracked files/folders for repository at {repositoryPath}."); // Git 2.4 support git clean -ffdx. string options; if (_gitVersion >= new Version(2, 4)) { options = "-ffdx"; } else { options = "-fdx"; } return await ExecuteGitCommandAsync(context, repositoryPath, "clean", options); } // git reset --hard HEAD public async Task GitReset(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Undo any changes to tracked files in the working tree for repository at {repositoryPath}."); return await ExecuteGitCommandAsync(context, repositoryPath, "reset", "--hard HEAD"); } // git status public async Task GitStatus(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Show the working tree status for repository at {repositoryPath}."); return await ExecuteGitCommandAsync(context, repositoryPath, "status", string.Empty); } // get remote set-url public async Task GitRemoteAdd(IExecutionContext context, string repositoryPath, string remoteName, string remoteUrl) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Add git remote: {remoteName} to url: {remoteUrl} for repository under: {repositoryPath}."); return await ExecuteGitCommandAsync(context, repositoryPath, "remote", StringUtil.Format($"add {remoteName} {remoteUrl}")); } // get remote set-url public async Task GitRemoteSetUrl(IExecutionContext context, string repositoryPath, string remoteName, string remoteUrl) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Set git fetch url to: {remoteUrl} for remote: {remoteName}."); return await ExecuteGitCommandAsync(context, repositoryPath, "remote", StringUtil.Format($"set-url {remoteName} {remoteUrl}")); } // get remote set-url --push public async Task GitRemoteSetPushUrl(IExecutionContext context, string repositoryPath, string remoteName, string remoteUrl) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Set git push url to: {remoteUrl} for remote: {remoteName}."); return await ExecuteGitCommandAsync(context, repositoryPath, "remote", StringUtil.Format($"set-url --push {remoteName} {remoteUrl}")); } // git submodule foreach --recursive "git clean -ffdx" public async Task GitSubmoduleClean(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Delete untracked files/folders for submodules at {repositoryPath}."); // Git 2.4 support git clean -ffdx. string options; if (_gitVersion >= new Version(2, 4)) { options = "-ffdx"; } else { options = "-fdx"; } return await ExecuteGitCommandAsync(context, repositoryPath, "submodule", $"foreach --recursive \"git clean {options}\""); } // git submodule foreach --recursive "git reset --hard HEAD" public async Task GitSubmoduleReset(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Undo any changes to tracked files in the working tree for submodules at {repositoryPath}."); return await ExecuteGitCommandAsync(context, repositoryPath, "submodule", "foreach --recursive \"git reset --hard HEAD\""); } // git submodule update --init --force [--depth=15] [--recursive] public async Task GitSubmoduleUpdate(IExecutionContext context, string repositoryPath, int fetchDepth, string additionalCommandLine, bool recursive, CancellationToken cancellationToken) { ArgUtil.NotNull(context, nameof(context)); context.Debug("Update the registered git submodules."); string options = "update --init --force"; if (fetchDepth > 0) { options = options + $" --depth={fetchDepth}"; } if (recursive) { options = options + " --recursive"; } return await ExecuteGitCommandAsync(context, repositoryPath, "submodule", options, additionalCommandLine, cancellationToken); } // git submodule sync [--recursive] public async Task GitSubmoduleSync(IExecutionContext context, string repositoryPath, bool recursive, CancellationToken cancellationToken) { ArgUtil.NotNull(context, nameof(context)); context.Debug("Synchronizes submodules' remote URL configuration setting."); string options = "sync"; if (recursive) { options = options + " --recursive"; } return await ExecuteGitCommandAsync(context, repositoryPath, "submodule", options, cancellationToken); } // git config --get remote.origin.url public async Task GitGetFetchUrl(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Inspect remote.origin.url for repository under {repositoryPath}"); Uri fetchUrl = null; List outputStrings = new List(); int exitCode = await ExecuteGitCommandAsync(context, repositoryPath, "config", "--get remote.origin.url", outputStrings); if (exitCode != 0) { context.Warning($"'git config --get remote.origin.url' failed with exit code: {exitCode}, output: '{string.Join(Environment.NewLine, outputStrings)}'"); } else { // remove empty strings outputStrings = outputStrings.Where(o => !string.IsNullOrEmpty(o)).ToList(); if (outputStrings.Count == 1 && !string.IsNullOrEmpty(outputStrings.First())) { string remoteFetchUrl = outputStrings.First(); if (Uri.IsWellFormedUriString(remoteFetchUrl, UriKind.Absolute)) { context.Debug($"Get remote origin fetch url from git config: {remoteFetchUrl}"); fetchUrl = new Uri(remoteFetchUrl); } else { context.Debug($"The Origin fetch url from git config: {remoteFetchUrl} is not a absolute well formed url."); } } else { context.Debug($"Unable capture git remote fetch uri from 'git config --get remote.origin.url' command's output, the command's output is not expected: {string.Join(Environment.NewLine, outputStrings)}."); } } return fetchUrl; } // git config public async Task GitConfig(IExecutionContext context, string repositoryPath, string configKey, string configValue) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Set git config {configKey} {configValue}"); return await ExecuteGitCommandAsync(context, repositoryPath, "config", StringUtil.Format($"{configKey} {configValue}")); } // git config --get-all public async Task GitConfigExist(IExecutionContext context, string repositoryPath, string configKey) { ArgUtil.NotNull(context, nameof(context)); // git config --get-all {configKey} will return 0 and print the value if the config exist. context.Debug($"Checking git config {configKey} exist or not"); // ignore any outputs by redirect them into a string list, since the output might contains secrets. List outputStrings = new List(); int exitcode = await ExecuteGitCommandAsync(context, repositoryPath, "config", StringUtil.Format($"--get-all {configKey}"), outputStrings); return exitcode == 0; } // git config --unset-all public async Task GitConfigUnset(IExecutionContext context, string repositoryPath, string configKey) { ArgUtil.NotNull(context, nameof(context)); context.Debug($"Unset git config --unset-all {configKey}"); return await ExecuteGitCommandAsync(context, repositoryPath, "config", StringUtil.Format($"--unset-all {configKey}")); } // git config gc.auto 0 public async Task GitDisableAutoGC(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug("Disable git auto garbage collection."); return await ExecuteGitCommandAsync(context, repositoryPath, "config", "gc.auto 0"); } // git repack -adfl public async Task GitRepack(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug("Compress .git directory."); return await ExecuteGitCommandAsync(context, repositoryPath, "repack", "-adfl"); } // git prune public async Task GitPrune(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug("Delete unreachable objects under .git directory."); return await ExecuteGitCommandAsync(context, repositoryPath, "prune", "-v"); } // git lfs prune public async Task GitLFSPrune(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug("Deletes local copies of LFS files which are old, thus freeing up disk space. Prune operates by enumerating all the locally stored objects, and then deleting any which are not referenced by at least ONE of the following:"); return await ExecuteGitCommandAsync(context, repositoryPath, "lfs", "prune"); } // git count-objects -v -H public async Task GitCountObjects(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug("Inspect .git directory."); return await ExecuteGitCommandAsync(context, repositoryPath, "count-objects", "-v -H"); } // git lfs install --local public async Task GitLFSInstall(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug("Ensure git-lfs installed."); return await ExecuteGitCommandAsync(context, repositoryPath, "lfs", "install --local"); } // git lfs logs last public async Task GitLFSLogs(IExecutionContext context, string repositoryPath) { ArgUtil.NotNull(context, nameof(context)); context.Debug("Get git-lfs logs."); return await ExecuteGitCommandAsync(context, repositoryPath, "lfs", "logs last"); } // git version public async Task GitVersion(IExecutionContext context) { ArgUtil.NotNull(context, nameof(context)); context.Debug("Get git version."); Version version = null; List outputStrings = new List(); int exitCode = await ExecuteGitCommandAsync(context, HostContext.GetDirectory(WellKnownDirectory.Work), "version", null, outputStrings); context.Output($"{string.Join(Environment.NewLine, outputStrings)}"); if (exitCode == 0) { // remove any empty line. outputStrings = outputStrings.Where(o => !string.IsNullOrEmpty(o)).ToList(); if (outputStrings.Count == 1 && !string.IsNullOrEmpty(outputStrings.First())) { string verString = outputStrings.First(); // we interested about major.minor.patch version Regex verRegex = new Regex("\\d+\\.\\d+(\\.\\d+)?", RegexOptions.IgnoreCase); var matchResult = verRegex.Match(verString); if (matchResult.Success && !string.IsNullOrEmpty(matchResult.Value)) { if (!Version.TryParse(matchResult.Value, out version)) { version = null; } } } } return version; } // git lfs version public async Task GitLfsVersion(IExecutionContext context) { ArgUtil.NotNull(context, nameof(context)); context.Debug("Get git-lfs version."); Version version = null; List outputStrings = new List(); int exitCode = await ExecuteGitCommandAsync(context, HostContext.GetDirectory(WellKnownDirectory.Work), "lfs version", null, outputStrings); context.Output($"{string.Join(Environment.NewLine, outputStrings)}"); if (exitCode == 0) { // remove any empty line. outputStrings = outputStrings.Where(o => !string.IsNullOrEmpty(o)).ToList(); if (outputStrings.Count == 1 && !string.IsNullOrEmpty(outputStrings.First())) { string verString = outputStrings.First(); // we interested about major.minor.patch version Regex verRegex = new Regex("\\d+\\.\\d+(\\.\\d+)?", RegexOptions.IgnoreCase); var matchResult = verRegex.Match(verString); if (matchResult.Success && !string.IsNullOrEmpty(matchResult.Value)) { if (!Version.TryParse(matchResult.Value, out version)) { version = null; } } } } return version; } private async Task ExecuteGitCommandAsync(IExecutionContext context, string repoRoot, string command, string options, CancellationToken cancellationToken = default(CancellationToken)) { string arg = StringUtil.Format($"{command} {options}").Trim(); context.Command($"git {arg}"); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { context.Output(message.Data); }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { context.Output(message.Data); }; return await processInvoker.ExecuteAsync( workingDirectory: repoRoot, fileName: _gitPath, arguments: arg, environment: GetGitEnvironmentVariables(context), requireExitCodeZero: false, outputEncoding: _encoding, cancellationToken: cancellationToken); } private async Task ExecuteGitCommandAsync(IExecutionContext context, string repoRoot, string command, string options, IList output) { string arg = StringUtil.Format($"{command} {options}").Trim(); context.Command($"git {arg}"); if (output == null) { output = new List(); } object outputLock = new object(); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { lock (outputLock) { output.Add(message.Data); } }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { lock (outputLock) { output.Add(message.Data); } }; return await processInvoker.ExecuteAsync( workingDirectory: repoRoot, fileName: _gitPath, arguments: arg, environment: GetGitEnvironmentVariables(context), requireExitCodeZero: false, outputEncoding: _encoding, cancellationToken: default(CancellationToken)); } private async Task ExecuteGitCommandAsync(IExecutionContext context, string repoRoot, string command, string options, string additionalCommandLine, CancellationToken cancellationToken) { string arg = StringUtil.Format($"{additionalCommandLine} {command} {options}").Trim(); context.Command($"git {arg}"); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { context.Output(message.Data); }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { context.Output(message.Data); }; return await processInvoker.ExecuteAsync( workingDirectory: repoRoot, fileName: _gitPath, arguments: arg, environment: GetGitEnvironmentVariables(context), requireExitCodeZero: false, outputEncoding: _encoding, cancellationToken: cancellationToken); } private IDictionary GetGitEnvironmentVariables(IExecutionContext context) { if (!string.IsNullOrEmpty(_gitHttpUserAgentEnv)) { _gitEnv["GIT_HTTP_USER_AGENT"] = _gitHttpUserAgentEnv; } // Add the public variables. foreach (Variable variable in context.Variables.Public) { // Add the variable using the formatted name. string formattedName = VarUtil.ConvertToEnvVariableFormat(variable.Name, variable.PreserveCase); // Skip any GIT_TRACE variable since GIT_TRACE will affect ouput from every git command. // This will fail the parse logic for detect git version, remote url, etc. // Ex. // SET GIT_TRACE=true // git version // 11:39:58.295959 git.c:371 trace: built-in: git 'version' // git version 2.11.1.windows.1 if (formattedName == "GIT_TRACE" || formattedName.StartsWith("GIT_TRACE_")) { continue; } _gitEnv[formattedName] = variable.Value ?? string.Empty; } return _gitEnv; } } } ================================================ FILE: src/Agent.Worker/Build/GitSourceProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using System.IO; using System.Text.RegularExpressions; using System.Text; using System.Diagnostics; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public class ExternalGitSourceProvider : GitSourceProvider { public override string RepositoryType => TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.ExternalGit; // external git repository won't use auth header cmdline arg, since we don't know the auth scheme. public override bool GitUseAuthHeaderCmdlineArg => false; public override bool GitLfsUseAuthHeaderCmdlineArg => false; public override void RequirementCheck(IExecutionContext executionContext, ServiceEndpoint endpoint) { if (PlatformUtil.RunningOnWindows) { // check git version for SChannel SSLBackend (Windows Only) bool schannelSslBackend = HostContext.GetService().GetAgentRuntimeOptions()?.GitUseSecureChannel ?? false; if (schannelSslBackend) { _gitCommandManager.EnsureGitVersion(_minGitVersionSupportSSLBackendOverride, throwOnNotMatch: true); } } } public override bool GitSupportsConfigEnv(IExecutionContext executionContext, IGitCommandManager gitCommandManager) { return false; } public override string GenerateAuthHeader(string username, string password) { // can't generate auth header for external git. throw new NotSupportedException(nameof(ExternalGitSourceProvider.GenerateAuthHeader)); } } public abstract class AuthenticatedGitSourceProvider : GitSourceProvider { public override bool GitUseAuthHeaderCmdlineArg { get { // v2.9 git exist use auth header. ArgUtil.NotNull(_gitCommandManager, nameof(_gitCommandManager)); return _gitCommandManager.EnsureGitVersion(_minGitVersionSupportAuthHeader, throwOnNotMatch: false); } } public override bool GitLfsUseAuthHeaderCmdlineArg { get { // v2.1 git-lfs exist use auth header. ArgUtil.NotNull(_gitCommandManager, nameof(_gitCommandManager)); return _gitCommandManager.EnsureGitLFSVersion(_minGitLfsVersionSupportAuthHeader, throwOnNotMatch: false); } } public override bool GitSupportsConfigEnv(IExecutionContext executionContext, IGitCommandManager gitCommandManager) { // v2.31 git supports --config-env. return gitCommandManager.EnsureGitVersion(_minGitVersionConfigEnv, throwOnNotMatch: false); } public override void RequirementCheck(IExecutionContext executionContext, ServiceEndpoint endpoint) { if (PlatformUtil.RunningOnWindows) { // check git version for SChannel SSLBackend (Windows Only) bool schannelSslBackend = HostContext.GetService().GetAgentRuntimeOptions()?.GitUseSecureChannel ?? false; if (schannelSslBackend) { _gitCommandManager.EnsureGitVersion(_minGitVersionSupportSSLBackendOverride, throwOnNotMatch: true); } } } public override string GenerateAuthHeader(string username, string password) { // use basic auth header with username:password in base64encoding. string authHeader = $"{username ?? string.Empty}:{password ?? string.Empty}"; string base64encodedAuthHeader = Convert.ToBase64String(Encoding.UTF8.GetBytes(authHeader)); // add base64 encoding auth header into secretMasker. HostContext.SecretMasker.AddValue(base64encodedAuthHeader, WellKnownSecretAliases.GitSourceProviderAuthHeader); return $"basic {base64encodedAuthHeader}"; } } public sealed class GitHubSourceProvider : AuthenticatedGitSourceProvider { public override string RepositoryType => TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.GitHub; } public sealed class GitHubEnterpriseSourceProvider : AuthenticatedGitSourceProvider { public override string RepositoryType => TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.GitHubEnterprise; } public sealed class BitbucketSourceProvider : AuthenticatedGitSourceProvider { public override string RepositoryType => TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.Bitbucket; } public sealed class TfsGitSourceProvider : GitSourceProvider { public override string RepositoryType => TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.Git; public override bool GitUseAuthHeaderCmdlineArg { get { // v2.9 git exist use auth header for tfsgit repository. ArgUtil.NotNull(_gitCommandManager, nameof(_gitCommandManager)); return _gitCommandManager.EnsureGitVersion(_minGitVersionSupportAuthHeader, throwOnNotMatch: false); } } public override bool GitLfsUseAuthHeaderCmdlineArg { get { // v2.1 git-lfs exist use auth header for github repository. ArgUtil.NotNull(_gitCommandManager, nameof(_gitCommandManager)); return _gitCommandManager.EnsureGitLFSVersion(_minGitLfsVersionSupportAuthHeader, throwOnNotMatch: false); } } public override bool GitSupportsConfigEnv(IExecutionContext executionContext, IGitCommandManager gitCommandManager) { // v2.31 git supports --config-env. return gitCommandManager.EnsureGitVersion(_minGitVersionConfigEnv, throwOnNotMatch: false); } // When the repository is a TfsGit, figure out the endpoint is hosted vsts git or on-prem tfs git // if repository is on-prem tfs git, make sure git version greater than 2.9 // we have to use http.extraheader option to provide auth header for on-prem tfs git public override void RequirementCheck(IExecutionContext executionContext, ServiceEndpoint endpoint) { ArgUtil.NotNull(_gitCommandManager, nameof(_gitCommandManager)); var selfManageGitCreds = executionContext.Variables.GetBoolean(Constants.Variables.System.SelfManageGitCreds) ?? false; if (selfManageGitCreds) { // Customer choose to own git creds by themselves, we don't have to worry about git version anymore. return; } // Since that variable is added around TFS 2015 Qu2. // Old TFS AT will not send this variable to build agent, and VSTS will always send it to build agent. bool? onPremTfsGit = true; string onPremTfsGitString; if (endpoint.Data.TryGetValue(EndpointData.OnPremTfsGit, out onPremTfsGitString)) { onPremTfsGit = StringUtil.ConvertToBoolean(onPremTfsGitString); } // ensure git version and git-lfs version for on-prem tfsgit. if (onPremTfsGit.Value) { _gitCommandManager.EnsureGitVersion(_minGitVersionSupportAuthHeader, throwOnNotMatch: true); bool gitLfsSupport = false; if (endpoint.Data.ContainsKey("GitLfsSupport")) { gitLfsSupport = StringUtil.ConvertToBoolean(endpoint.Data["GitLfsSupport"]); } // prefer feature variable over endpoint data gitLfsSupport = executionContext.Variables.GetBoolean(Constants.Variables.Features.GitLfsSupport) ?? gitLfsSupport; if (gitLfsSupport) { _gitCommandManager.EnsureGitLFSVersion(_minGitLfsVersionSupportAuthHeader, throwOnNotMatch: true); } } if (PlatformUtil.RunningOnWindows) { // check git version for SChannel SSLBackend (Windows Only) bool schannelSslBackend = HostContext.GetService().GetAgentRuntimeOptions()?.GitUseSecureChannel ?? false; if (schannelSslBackend) { _gitCommandManager.EnsureGitVersion(_minGitVersionSupportSSLBackendOverride, throwOnNotMatch: true); } } } public override string GenerateAuthHeader(string username, string password) { // tfsgit use bearer auth header with JWToken from systemconnection. ArgUtil.NotNullOrEmpty(password, nameof(password)); return $"bearer {password}"; } } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA1505: Avoid unmaintainable code")] public abstract class GitSourceProvider : SourceProvider, ISourceProvider { // refs prefix // TODO: how to deal with limited refs? private const string _refsPrefix = "refs/heads/"; private const string _remoteRefsPrefix = "refs/remotes/origin/"; private const string _pullRefsPrefix = "refs/pull/"; private const string _remotePullRefsPrefix = "refs/remotes/pull/"; private const string _gitUseBasicAuthForProxyConfig = "-c http.proxyAuthMethod=basic"; private readonly Dictionary _configModifications = new Dictionary(); private bool _selfManageGitCreds = false; private Uri _repositoryUrlWithCred = null; private Uri _proxyUrlWithCred = null; private string _proxyUrlWithCredString = null; private Uri _gitLfsUrlWithCred = null; private bool _useSelfSignedCACert = false; private bool _useClientCert = false; private string _clientCertPrivateKeyAskPassFile = null; protected IGitCommandManager _gitCommandManager; // Minimum Git version that supports adding the extra auth header protected Version _minGitVersionSupportAuthHeader = new Version(2, 9); // Minimum Git for Windows version that supports overriding the sslBackend setting protected Version _minGitVersionSupportSSLBackendOverride = new Version(2, 14, 2); // Minimum git-lfs version that supports adding the extra auth header protected Version _minGitLfsVersionSupportAuthHeader = new Version(2, 1); // min git version that supports new way to pass config via --config-env // Info: https://github.com/git/git/commit/ce81b1da230cf04e231ce337c2946c0671ffb303 protected Version _minGitVersionConfigEnv = new Version(2, 31); public abstract bool GitUseAuthHeaderCmdlineArg { get; } public abstract bool GitLfsUseAuthHeaderCmdlineArg { get; } public abstract void RequirementCheck(IExecutionContext executionContext, ServiceEndpoint endpoint); public abstract bool GitSupportsConfigEnv(IExecutionContext executionContext, IGitCommandManager gitCommandManager); public abstract string GenerateAuthHeader(string username, string password); public async Task GetSourceAsync( IExecutionContext executionContext, ServiceEndpoint endpoint, CancellationToken cancellationToken) { Trace.Entering(); // Validate args. ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(endpoint, nameof(endpoint)); executionContext.Output($"Syncing repository: {endpoint.Name} ({RepositoryType})"); Uri repositoryUrl = endpoint.Url; if (!repositoryUrl.IsAbsoluteUri) { throw new InvalidOperationException("Repository url need to be an absolute uri."); } var agentCert = HostContext.GetService(); string targetPath = GetEndpointData(endpoint, Constants.EndpointData.SourcesDirectory); string sourceBranch = GetEndpointData(endpoint, Constants.EndpointData.SourceBranch); string sourceVersion = GetEndpointData(endpoint, Constants.EndpointData.SourceVersion); bool clean = false; if (endpoint.Data.ContainsKey(EndpointData.Clean)) { clean = StringUtil.ConvertToBoolean(endpoint.Data[EndpointData.Clean]); } bool checkoutSubmodules = false; if (endpoint.Data.ContainsKey(EndpointData.CheckoutSubmodules)) { checkoutSubmodules = StringUtil.ConvertToBoolean(endpoint.Data[EndpointData.CheckoutSubmodules]); } bool checkoutNestedSubmodules = false; if (endpoint.Data.ContainsKey(EndpointData.CheckoutNestedSubmodules)) { checkoutNestedSubmodules = StringUtil.ConvertToBoolean(endpoint.Data[EndpointData.CheckoutNestedSubmodules]); } bool acceptUntrustedCerts = false; if (endpoint.Data.ContainsKey(EndpointData.AcceptUntrustedCertificates)) { acceptUntrustedCerts = StringUtil.ConvertToBoolean(endpoint.Data[EndpointData.AcceptUntrustedCertificates]); } acceptUntrustedCerts = acceptUntrustedCerts || agentCert.SkipServerCertificateValidation; int fetchDepth = 0; if (endpoint.Data.ContainsKey(EndpointData.FetchDepth) && (!int.TryParse(endpoint.Data[EndpointData.FetchDepth], out fetchDepth) || fetchDepth < 0)) { fetchDepth = 0; } // prefer feature variable over endpoint data fetchDepth = executionContext.Variables.GetInt(Constants.Variables.Features.GitShallowDepth) ?? fetchDepth; bool gitLfsSupport = false; if (endpoint.Data.ContainsKey(EndpointData.GitLfsSupport)) { gitLfsSupport = StringUtil.ConvertToBoolean(endpoint.Data[EndpointData.GitLfsSupport]); } // prefer feature variable over endpoint data gitLfsSupport = executionContext.Variables.GetBoolean(Constants.Variables.Features.GitLfsSupport) ?? gitLfsSupport; bool exposeCred = executionContext.Variables.GetBoolean(Constants.Variables.System.EnableAccessToken) ?? false; // fetch tags unless the endpoint data explicitly says otherwise bool fetchTags = true; if (endpoint.Data.ContainsKey(EndpointData.FetchTags)) { fetchTags = StringUtil.ConvertToBoolean(endpoint.Data[EndpointData.FetchTags]); } Trace.Info($"Repository url={repositoryUrl}"); Trace.Info($"targetPath={targetPath}"); Trace.Info($"sourceBranch={sourceBranch}"); Trace.Info($"sourceVersion={sourceVersion}"); Trace.Info($"clean={clean}"); Trace.Info($"checkoutSubmodules={checkoutSubmodules}"); Trace.Info($"checkoutNestedSubmodules={checkoutNestedSubmodules}"); Trace.Info($"exposeCred={exposeCred}"); Trace.Info($"fetchDepth={fetchDepth}"); Trace.Info($"gitLfsSupport={gitLfsSupport}"); Trace.Info($"acceptUntrustedCerts={acceptUntrustedCerts}"); Trace.Info($"fetchTags={fetchTags}"); bool preferGitFromPath = true; bool schannelSslBackend = false; if (PlatformUtil.RunningOnWindows) { // on Windows, we must check for SChannel and PreferGitFromPath schannelSslBackend = HostContext.GetService().GetAgentRuntimeOptions()?.GitUseSecureChannel ?? false; Trace.Info($"schannelSslBackend={schannelSslBackend}"); // Determine which git will be use // On windows, we prefer the built-in portable git within the agent's externals folder, // set system.prefergitfrompath=true can change the behavior, agent will find git.exe from %PATH% preferGitFromPath = AgentKnobs.PreferGitFromPath.GetValue(executionContext).AsBoolean(); } // Determine do we need to provide creds to git operation _selfManageGitCreds = executionContext.Variables.GetBoolean(Constants.Variables.System.SelfManageGitCreds) ?? false; if (_selfManageGitCreds) { // Customer choose to own git creds by themselves. executionContext.Output(StringUtil.Loc("SelfManageGitCreds")); } bool gitUseSecureParameterPassing = AgentKnobs.GitUseSecureParameterPassing.GetValue(executionContext).AsBoolean(); Dictionary gitEnv = new Dictionary(StringComparer.OrdinalIgnoreCase); // Git-lfs will try to pull down asset if any of the local/user/system setting exist. // If customer didn't enable `LFS` in their pipeline definition, we will use ENV to disable LFS fetch/checkout. if (!gitLfsSupport) { gitEnv["GIT_LFS_SKIP_SMUDGE"] = "1"; executionContext.Debug("GIT_LFS_SKIP_SMUDGE variable set to 1"); } // Initialize git command manager _gitCommandManager = HostContext.GetService(); await _gitCommandManager.LoadGitExecutionInfo(executionContext, useBuiltInGit: !preferGitFromPath, gitEnv); // Make sure the build machine met all requirements for the git repository // For now, the requirement we have are: // 1. git version greater than 2.9 and git-lfs version greater than 2.1 for on-prem tfsgit // 2. git version greater than 2.14.2 if use SChannel for SSL backend (Windows only) RequirementCheck(executionContext, endpoint); // retrieve credential from endpoint. string username = string.Empty; string password = string.Empty; if (!_selfManageGitCreds && endpoint.Authorization != null) { switch (endpoint.Authorization.Scheme) { case EndpointAuthorizationSchemes.OAuth: username = EndpointAuthorizationSchemes.OAuth; if (!endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.AccessToken, out password)) { password = string.Empty; } break; case EndpointAuthorizationSchemes.PersonalAccessToken: username = EndpointAuthorizationSchemes.PersonalAccessToken; if (!endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.AccessToken, out password)) { password = string.Empty; } break; case EndpointAuthorizationSchemes.Token: username = "x-access-token"; if (!endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.AccessToken, out password)) { username = EndpointAuthorizationSchemes.Token; if (!endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.ApiToken, out password)) { password = string.Empty; } } break; case EndpointAuthorizationSchemes.UsernamePassword: if (!endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.Username, out username)) { // leave the username as empty, the username might in the url, like: http://username@repository.git username = string.Empty; } if (!endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.Password, out password)) { // we have username, but no password password = string.Empty; } break; default: executionContext.Warning($"Unsupport endpoint authorization schemes: {endpoint.Authorization.Scheme}"); break; } } // prepare credentail embedded urls _repositoryUrlWithCred = UrlUtil.GetCredentialEmbeddedUrl(repositoryUrl, username, password); var agentProxy = HostContext.GetService(); if (!string.IsNullOrEmpty(executionContext.Variables.Agent_ProxyUrl) && !agentProxy.WebProxy.IsBypassed(repositoryUrl)) { _proxyUrlWithCred = UrlUtil.GetCredentialEmbeddedUrl(new Uri(executionContext.Variables.Agent_ProxyUrl), executionContext.Variables.Agent_ProxyUsername, executionContext.Variables.Agent_ProxyPassword); // uri.absoluteuri will not contains port info if the scheme is http/https and the port is 80/443 // however, git.exe always require you provide port info, if nothing passed in, it will use 1080 as default // as result, we need prefer the uri.originalstring when it's different than uri.absoluteuri. if (string.Equals(_proxyUrlWithCred.AbsoluteUri, _proxyUrlWithCred.OriginalString, StringComparison.OrdinalIgnoreCase)) { _proxyUrlWithCredString = _proxyUrlWithCred.AbsoluteUri; } else { _proxyUrlWithCredString = _proxyUrlWithCred.OriginalString; } } // prepare askpass for client cert private key var configUrl = new Uri(HostContext.GetService().GetSettings().ServerUrl); if (Uri.Compare(repositoryUrl, configUrl, UriComponents.SchemeAndServer, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) == 0) { if (!string.IsNullOrEmpty(agentCert.CACertificateFile)) { _useSelfSignedCACert = true; } if (!string.IsNullOrEmpty(agentCert.ClientCertificateFile) && !string.IsNullOrEmpty(agentCert.ClientCertificatePrivateKeyFile)) { _useClientCert = true; // prepare askpass for client cert password if (!string.IsNullOrEmpty(agentCert.ClientCertificatePassword)) { _clientCertPrivateKeyAskPassFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Temp), $"{Guid.NewGuid()}.sh"); List askPass = new List(); askPass.Add("#!/bin/sh"); askPass.Add($"echo \"{agentCert.ClientCertificatePassword}\""); File.WriteAllLines(_clientCertPrivateKeyAskPassFile, askPass); if (!PlatformUtil.RunningOnWindows) { string toolPath = WhichUtil.Which("chmod", true); string argLine = $"775 {_clientCertPrivateKeyAskPassFile}"; executionContext.Command($"chmod {argLine}"); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { if (!string.IsNullOrEmpty(args.Data)) { executionContext.Output(args.Data); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { if (!string.IsNullOrEmpty(args.Data)) { executionContext.Output(args.Data); } }; await processInvoker.ExecuteAsync(HostContext.GetDirectory(WellKnownDirectory.Work), toolPath, argLine, null, true, CancellationToken.None); } } } } if (gitLfsSupport) { // Construct git-lfs url UriBuilder gitLfsUrl = new UriBuilder(_repositoryUrlWithCred); if (gitLfsUrl.Path.EndsWith(".git")) { gitLfsUrl.Path = gitLfsUrl.Path + "/info/lfs"; } else { gitLfsUrl.Path = gitLfsUrl.Path + ".git/info/lfs"; } _gitLfsUrlWithCred = gitLfsUrl.Uri; } // Check the current contents of the root folder to see if there is already a repo // If there is a repo, see if it matches the one we are expecting to be there based on the remote fetch url // if the repo is not what we expect, remove the folder if (!await IsRepositoryOriginUrlMatch(executionContext, targetPath, repositoryUrl)) { // Delete source folder IOUtil.DeleteDirectory(targetPath, cancellationToken); } else { // delete the index.lock file left by previous canceled build or any operation cause git.exe crash last time. string lockFile = Path.Combine(targetPath, ".git", "index.lock"); if (File.Exists(lockFile)) { try { File.Delete(lockFile); } catch (Exception ex) { executionContext.Debug($"Unable to delete the index.lock file: {lockFile}"); executionContext.Debug(ex.ToString()); } } // delete the shallow.lock file left by previous canceled build or any operation cause git.exe crash last time. string shallowLockFile = Path.Combine(targetPath, ".git", "shallow.lock"); if (File.Exists(shallowLockFile)) { try { File.Delete(shallowLockFile); } catch (Exception ex) { executionContext.Debug($"Unable to delete the shallow.lock file: {shallowLockFile}"); executionContext.Debug(ex.ToString()); } } // When repo.clean is selected for a git repo, execute git clean -ffdx and git reset --hard HEAD on the current repo. // This will help us save the time to reclone the entire repo. // If any git commands exit with non-zero return code or any exception happened during git.exe invoke, fall back to delete the repo folder. if (clean) { await RunGitStatusIfSystemDebug(executionContext, targetPath); Boolean softCleanSucceed = true; // git clean -ffdx int exitCode_clean = await _gitCommandManager.GitClean(executionContext, targetPath); if (exitCode_clean != 0) { executionContext.Debug($"'git clean -ffdx' failed with exit code {exitCode_clean}, this normally caused by:\n 1) Path too long\n 2) Permission issue\n 3) File in use\nFor futher investigation, manually run 'git clean -ffdx' on repo root: {targetPath} after each build."); softCleanSucceed = false; } // git reset --hard HEAD if (softCleanSucceed) { int exitCode_reset = await _gitCommandManager.GitReset(executionContext, targetPath); if (exitCode_reset != 0) { executionContext.Debug($"'git reset --hard HEAD' failed with exit code {exitCode_reset}\nFor futher investigation, manually run 'git reset --hard HEAD' on repo root: {targetPath} after each build."); softCleanSucceed = false; } } // git clean -ffdx and git reset --hard HEAD for each submodule if (checkoutSubmodules) { if (softCleanSucceed) { int exitCode_submoduleclean = await _gitCommandManager.GitSubmoduleClean(executionContext, targetPath); if (exitCode_submoduleclean != 0) { executionContext.Debug($"'git submodule foreach --recursve \"git clean -ffdx\"' failed with exit code {exitCode_submoduleclean}\nFor futher investigation, manually run 'git submodule foreach --recursive \"git clean -ffdx\"' on repo root: {targetPath} after each build."); softCleanSucceed = false; } } if (softCleanSucceed) { int exitCode_submodulereset = await _gitCommandManager.GitSubmoduleReset(executionContext, targetPath); if (exitCode_submodulereset != 0) { executionContext.Debug($"'git submodule foreach --recursive \"git reset --hard HEAD\"' failed with exit code {exitCode_submodulereset}\nFor futher investigation, manually run 'git submodule foreach --recursive \"git reset --hard HEAD\"' on repo root: {targetPath} after each build."); softCleanSucceed = false; } } } if (!softCleanSucceed) { //fall back executionContext.Warning("Unable to run \"git clean -ffdx\" and \"git reset --hard HEAD\" successfully, delete source folder instead."); IOUtil.DeleteDirectory(targetPath, cancellationToken); } } } // if the folder is missing, create it if (!Directory.Exists(targetPath)) { Directory.CreateDirectory(targetPath); } // if the folder contains a .git folder, it means the folder contains a git repo that matches the remote url and in a clean state. // we will run git fetch to update the repo. if (!Directory.Exists(Path.Combine(targetPath, ".git"))) { // init git repository int exitCode_init = await _gitCommandManager.GitInit(executionContext, targetPath); if (exitCode_init != 0) { throw new InvalidOperationException($"Unable to use git.exe init repository under {targetPath}, 'git init' failed with exit code: {exitCode_init}"); } int exitCode_addremote = await _gitCommandManager.GitRemoteAdd(executionContext, targetPath, "origin", repositoryUrl.AbsoluteUri); if (exitCode_addremote != 0) { throw new InvalidOperationException($"Unable to use git.exe add remote 'origin', 'git remote add' failed with exit code: {exitCode_addremote}"); } } await RunGitStatusIfSystemDebug(executionContext, targetPath); cancellationToken.ThrowIfCancellationRequested(); executionContext.Progress(0, "Starting fetch..."); // disable git auto gc int exitCode_disableGC = await _gitCommandManager.GitDisableAutoGC(executionContext, targetPath); if (exitCode_disableGC != 0) { executionContext.Warning("Unable turn off git auto garbage collection, git fetch operation may trigger auto garbage collection which will affect the performance of fetching."); } // Force Git to HTTP/1.1. Otherwise IIS will reject large pushes to Azure Repos due to the large content-length header // This is caused by these header limits - https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/requestlimits/headerlimits/ int exitCode_configHttp = await _gitCommandManager.GitConfig(executionContext, targetPath, "http.version", "HTTP/1.1"); if (exitCode_configHttp != 0) { executionContext.Warning($"Forcing Git to HTTP/1.1 failed with exit code: {exitCode_configHttp}"); } SetGitFeatureFlagsConfiguration(executionContext, _gitCommandManager, targetPath); // always remove any possible left extraheader setting from git config. if (await _gitCommandManager.GitConfigExist(executionContext, targetPath, $"http.{repositoryUrl.AbsoluteUri}.extraheader")) { executionContext.Debug("Remove any extraheader setting from git config."); await RemoveGitConfig(executionContext, targetPath, $"http.{repositoryUrl.AbsoluteUri}.extraheader", string.Empty); } // always remove any possible left proxy setting from git config, the proxy setting may contains credential if (await _gitCommandManager.GitConfigExist(executionContext, targetPath, $"http.proxy")) { executionContext.Debug("Remove any proxy setting from git config."); await RemoveGitConfig(executionContext, targetPath, $"http.proxy", string.Empty); } List additionalFetchArgs = new List(); List additionalLfsFetchArgs = new List(); if (!_selfManageGitCreds) { // v2.9 git support provide auth header as cmdline arg. // as long 2.9 git exist, VSTS repo, TFS repo and Github repo will use this to handle auth challenge. if (GitUseAuthHeaderCmdlineArg) { string configKey = "http.extraheader"; string args = ComposeGitArgs(executionContext, _gitCommandManager, configKey, username, password); additionalFetchArgs.Add(args); } else { // Otherwise, inject credential into fetch/push url // inject credential into fetch url executionContext.Debug("Inject credential into git remote url."); ArgUtil.NotNull(_repositoryUrlWithCred, nameof(_repositoryUrlWithCred)); // inject credential into fetch url executionContext.Debug("Inject credential into git remote fetch url."); int exitCode_seturl = await _gitCommandManager.GitRemoteSetUrl(executionContext, targetPath, "origin", _repositoryUrlWithCred.AbsoluteUri); if (exitCode_seturl != 0) { throw new InvalidOperationException($"Unable to use git.exe inject credential to git remote fetch url, 'git remote set-url' failed with exit code: {exitCode_seturl}"); } // inject credential into push url executionContext.Debug("Inject credential into git remote push url."); exitCode_seturl = await _gitCommandManager.GitRemoteSetPushUrl(executionContext, targetPath, "origin", _repositoryUrlWithCred.AbsoluteUri); if (exitCode_seturl != 0) { throw new InvalidOperationException($"Unable to use git.exe inject credential to git remote push url, 'git remote set-url --push' failed with exit code: {exitCode_seturl}"); } } // Prepare proxy config for fetch. if (!string.IsNullOrEmpty(executionContext.Variables.Agent_ProxyUrl) && !agentProxy.WebProxy.IsBypassed(repositoryUrl)) { executionContext.Debug($"Config proxy server '{executionContext.Variables.Agent_ProxyUrl}' for git fetch."); ArgUtil.NotNullOrEmpty(_proxyUrlWithCredString, nameof(_proxyUrlWithCredString)); additionalFetchArgs.Add($"-c http.proxy=\"{_proxyUrlWithCredString}\""); additionalLfsFetchArgs.Add($"-c http.proxy=\"{_proxyUrlWithCredString}\""); // Add proxy authentication method if Basic auth is enabled if (executionContext.Variables.Agent_UseBasicAuthForProxy == true) { executionContext.Debug("Config proxy to use Basic authentication for git fetch."); additionalFetchArgs.Add(_gitUseBasicAuthForProxyConfig); additionalLfsFetchArgs.Add(_gitUseBasicAuthForProxyConfig); } } // Prepare ignore ssl cert error config for fetch. if (acceptUntrustedCerts) { additionalFetchArgs.Add($"-c http.sslVerify=false"); additionalLfsFetchArgs.Add($"-c http.sslVerify=false"); } // Prepare self-signed CA cert config for fetch from TFS. if (_useSelfSignedCACert) { executionContext.Debug($"Use self-signed certificate '{agentCert.CACertificateFile}' for git fetch."); additionalFetchArgs.Add($"-c http.sslcainfo=\"{agentCert.CACertificateFile}\""); additionalLfsFetchArgs.Add($"-c http.sslcainfo=\"{agentCert.CACertificateFile}\""); } // Prepare client cert config for fetch from TFS. if (_useClientCert) { executionContext.Debug($"Use client certificate '{agentCert.ClientCertificateFile}' for git fetch."); if (!string.IsNullOrEmpty(_clientCertPrivateKeyAskPassFile)) { additionalFetchArgs.Add($"-c http.sslcert=\"{agentCert.ClientCertificateFile}\" -c http.sslkey=\"{agentCert.ClientCertificatePrivateKeyFile}\" -c http.sslCertPasswordProtected=true -c core.askpass=\"{_clientCertPrivateKeyAskPassFile}\""); additionalLfsFetchArgs.Add($"-c http.sslcert=\"{agentCert.ClientCertificateFile}\" -c http.sslkey=\"{agentCert.ClientCertificatePrivateKeyFile}\" -c http.sslCertPasswordProtected=true -c core.askpass=\"{_clientCertPrivateKeyAskPassFile}\""); } else { additionalFetchArgs.Add($"-c http.sslcert=\"{agentCert.ClientCertificateFile}\" -c http.sslkey=\"{agentCert.ClientCertificatePrivateKeyFile}\""); additionalLfsFetchArgs.Add($"-c http.sslcert=\"{agentCert.ClientCertificateFile}\" -c http.sslkey=\"{agentCert.ClientCertificatePrivateKeyFile}\""); } } if (PlatformUtil.RunningOnWindows && schannelSslBackend) { executionContext.Debug("Use SChannel SslBackend for git fetch."); additionalFetchArgs.Add("-c http.sslbackend=\"schannel\""); additionalLfsFetchArgs.Add("-c http.sslbackend=\"schannel\""); } // Prepare gitlfs url for fetch and checkout if (gitLfsSupport) { // Initialize git lfs by execute 'git lfs install' executionContext.Debug("Setup the local Git hooks for Git LFS."); int exitCode_lfsInstall = await _gitCommandManager.GitLFSInstall(executionContext, targetPath); if (exitCode_lfsInstall != 0) { throw new InvalidOperationException($"Git-lfs installation failed with exit code: {exitCode_lfsInstall}"); } if (GitLfsUseAuthHeaderCmdlineArg) { string authorityUrl = repositoryUrl.AbsoluteUri.Replace(repositoryUrl.PathAndQuery, string.Empty); string configKey = $"http.{authorityUrl}.extraheader"; string lfsFetchArgs = ComposeGitArgs(executionContext, _gitCommandManager, configKey, username, password); additionalLfsFetchArgs.Add(lfsFetchArgs); } else { // Inject credential into lfs fetch/push url executionContext.Debug("Inject credential into git-lfs remote url."); ArgUtil.NotNull(_gitLfsUrlWithCred, nameof(_gitLfsUrlWithCred)); // inject credential into fetch url executionContext.Debug("Inject credential into git-lfs remote fetch url."); _configModifications["remote.origin.lfsurl"] = _gitLfsUrlWithCred.AbsoluteUri; int exitCode_configlfsurl = await _gitCommandManager.GitConfig(executionContext, targetPath, "remote.origin.lfsurl", _gitLfsUrlWithCred.AbsoluteUri); if (exitCode_configlfsurl != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_configlfsurl}"); } // inject credential into push url executionContext.Debug("Inject credential into git-lfs remote push url."); _configModifications["remote.origin.lfspushurl"] = _gitLfsUrlWithCred.AbsoluteUri; int exitCode_configlfspushurl = await _gitCommandManager.GitConfig(executionContext, targetPath, "remote.origin.lfspushurl", _gitLfsUrlWithCred.AbsoluteUri); if (exitCode_configlfspushurl != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_configlfspushurl}"); } } } } // If this is a build for a pull request, then include // the pull request reference as an additional ref. List additionalFetchSpecs = new List(); if (IsPullRequest(sourceBranch)) { additionalFetchSpecs.Add("+refs/heads/*:refs/remotes/origin/*"); additionalFetchSpecs.Add(StringUtil.Format("+{0}:{1}", sourceBranch, GetRemoteRefName(sourceBranch))); } int exitCode_fetch = await _gitCommandManager.GitFetch(executionContext, targetPath, "origin", fetchDepth, fetchTags, additionalFetchSpecs, string.Join(" ", additionalFetchArgs), cancellationToken); if (exitCode_fetch != 0) { throw new InvalidOperationException($"Git fetch failed with exit code: {exitCode_fetch}"); } // Checkout // sourceToBuild is used for checkout // if sourceBranch is a PR branch or sourceVersion is null, make sure branch name is a remote branch. we need checkout to detached head. // (change refs/heads to refs/remotes/origin, refs/pull to refs/remotes/pull, or leave it as it when the branch name doesn't contain refs/...) // if sourceVersion provide, just use that for checkout, since when you checkout a commit, it will end up in detached head. cancellationToken.ThrowIfCancellationRequested(); executionContext.Progress(80, "Starting checkout..."); string sourcesToBuild; if (IsPullRequest(sourceBranch) || string.IsNullOrEmpty(sourceVersion)) { sourcesToBuild = GetRemoteRefName(sourceBranch); } else { sourcesToBuild = sourceVersion; } // fetch lfs object upfront, this will avoid fetch lfs object during checkout which cause checkout taking forever // since checkout will fetch lfs object 1 at a time, while git lfs fetch will fetch lfs object in parallel. if (gitLfsSupport) { int exitCode_lfsFetch = await _gitCommandManager.GitLFSFetch(executionContext, targetPath, "origin", sourcesToBuild, string.Join(" ", additionalLfsFetchArgs), cancellationToken); if (exitCode_lfsFetch != 0) { // git lfs fetch failed, get lfs log, the log is critical for debug. int exitCode_lfsLogs = await _gitCommandManager.GitLFSLogs(executionContext, targetPath); throw new InvalidOperationException($"Git lfs fetch failed with exit code: {exitCode_lfsFetch}. Git lfs logs returned with exit code: {exitCode_lfsLogs}."); } } // Finally, checkout the sourcesToBuild (if we didn't find a valid git object this will throw) int exitCode_checkout = await _gitCommandManager.GitCheckout(executionContext, targetPath, sourcesToBuild, cancellationToken); if (exitCode_checkout != 0) { // local repository is shallow repository, checkout may fail due to lack of commits history. // this will happen when the checkout commit is older than tip -> fetchDepth if (fetchDepth > 0) { executionContext.Warning(StringUtil.Loc("ShallowCheckoutFail", fetchDepth, sourcesToBuild)); } throw new InvalidOperationException($"Git checkout failed with exit code: {exitCode_checkout}"); } // Submodule update if (checkoutSubmodules) { cancellationToken.ThrowIfCancellationRequested(); executionContext.Progress(90, "Updating submodules..."); int exitCode_submoduleSync = await _gitCommandManager.GitSubmoduleSync(executionContext, targetPath, checkoutNestedSubmodules, cancellationToken); if (exitCode_submoduleSync != 0) { throw new InvalidOperationException($"Git submodule sync failed with exit code: {exitCode_submoduleSync}"); } List additionalSubmoduleUpdateArgs = new List(); if (!_selfManageGitCreds) { if (GitUseAuthHeaderCmdlineArg) { string authorityUrl = repositoryUrl.AbsoluteUri.Replace(repositoryUrl.PathAndQuery, string.Empty); string configKey = $"http.{authorityUrl}.extraheader"; string submoduleUpdateArgs = ComposeGitArgs(executionContext, _gitCommandManager, configKey, username, password); additionalSubmoduleUpdateArgs.Add(submoduleUpdateArgs); } // Prepare proxy config for submodule update. if (!string.IsNullOrEmpty(executionContext.Variables.Agent_ProxyUrl) && !agentProxy.WebProxy.IsBypassed(repositoryUrl)) { executionContext.Debug($"Config proxy server '{executionContext.Variables.Agent_ProxyUrl}' for git submodule update."); ArgUtil.NotNullOrEmpty(_proxyUrlWithCredString, nameof(_proxyUrlWithCredString)); additionalSubmoduleUpdateArgs.Add($"-c http.proxy=\"{_proxyUrlWithCredString}\""); // Add proxy authentication method if Basic auth is enabled if (executionContext.Variables.Agent_UseBasicAuthForProxy == true) { executionContext.Debug("Config proxy to use Basic authentication for git submodule update."); additionalSubmoduleUpdateArgs.Add(_gitUseBasicAuthForProxyConfig); } } // Prepare ignore ssl cert error config for fetch. if (acceptUntrustedCerts) { additionalSubmoduleUpdateArgs.Add($"-c http.sslVerify=false"); } // Prepare self-signed CA cert config for submodule update. if (_useSelfSignedCACert) { executionContext.Debug($"Use self-signed CA certificate '{agentCert.CACertificateFile}' for git submodule update."); string authorityUrl = repositoryUrl.AbsoluteUri.Replace(repositoryUrl.PathAndQuery, string.Empty); additionalSubmoduleUpdateArgs.Add($"-c http.{authorityUrl}.sslcainfo=\"{agentCert.CACertificateFile}\""); } // Prepare client cert config for submodule update. if (_useClientCert) { executionContext.Debug($"Use client certificate '{agentCert.ClientCertificateFile}' for git submodule update."); string authorityUrl = repositoryUrl.AbsoluteUri.Replace(repositoryUrl.PathAndQuery, string.Empty); if (!string.IsNullOrEmpty(_clientCertPrivateKeyAskPassFile)) { additionalSubmoduleUpdateArgs.Add($"-c http.{authorityUrl}.sslcert=\"{agentCert.ClientCertificateFile}\" -c http.{authorityUrl}.sslkey=\"{agentCert.ClientCertificatePrivateKeyFile}\" -c http.{authorityUrl}.sslCertPasswordProtected=true -c core.askpass=\"{_clientCertPrivateKeyAskPassFile}\""); } else { additionalSubmoduleUpdateArgs.Add($"-c http.{authorityUrl}.sslcert=\"{agentCert.ClientCertificateFile}\" -c http.{authorityUrl}.sslkey=\"{agentCert.ClientCertificatePrivateKeyFile}\""); } } if (PlatformUtil.RunningOnWindows && schannelSslBackend) { executionContext.Debug("Use SChannel SslBackend for git submodule update."); additionalSubmoduleUpdateArgs.Add("-c http.sslbackend=\"schannel\""); } } int exitCode_submoduleUpdate = await _gitCommandManager.GitSubmoduleUpdate(executionContext, targetPath, fetchDepth, string.Join(" ", additionalSubmoduleUpdateArgs), checkoutNestedSubmodules, cancellationToken); if (exitCode_submoduleUpdate != 0) { throw new InvalidOperationException($"Git submodule update failed with exit code: {exitCode_submoduleUpdate}"); } } // handle expose creds, related to 'Allow Scripts to Access OAuth Token' option if (!_selfManageGitCreds) { if (GitUseAuthHeaderCmdlineArg && exposeCred) { string configKey = $"http.{repositoryUrl.AbsoluteUri}.extraheader"; string configValue = $"\"AUTHORIZATION: {GenerateAuthHeader(username, password)}\""; _configModifications[configKey] = configValue.Trim('\"'); if (gitUseSecureParameterPassing) { await SetAuthTokenInGitConfig(executionContext, _gitCommandManager, targetPath, configKey, configValue.Trim('\"')); } else { int exitCode_config = await _gitCommandManager.GitConfig(executionContext, targetPath, configKey, configValue); if (exitCode_config != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_config}"); } } } if (!GitUseAuthHeaderCmdlineArg && !exposeCred) { // remove cached credential from origin's fetch/push url. await RemoveCachedCredential(executionContext, targetPath, repositoryUrl, "origin"); } if (exposeCred) { // save proxy setting to git config. if (!string.IsNullOrEmpty(executionContext.Variables.Agent_ProxyUrl) && !agentProxy.WebProxy.IsBypassed(repositoryUrl)) { executionContext.Debug($"Save proxy config for proxy server '{executionContext.Variables.Agent_ProxyUrl}' into git config."); ArgUtil.NotNullOrEmpty(_proxyUrlWithCredString, nameof(_proxyUrlWithCredString)); string proxyConfigKey = "http.proxy"; string proxyConfigValue = $"\"{_proxyUrlWithCredString}\""; _configModifications[proxyConfigKey] = proxyConfigValue.Trim('\"'); int exitCode_proxyconfig = await _gitCommandManager.GitConfig(executionContext, targetPath, proxyConfigKey, proxyConfigValue); if (exitCode_proxyconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_proxyconfig}"); } // Add proxy authentication method if Basic auth is enabled if (executionContext.Variables.Agent_UseBasicAuthForProxy == true) { executionContext.Debug("Save proxy authentication method 'basic' to git config."); string proxyAuthMethodKey = "http.proxyAuthMethod"; string proxyAuthMethodValue = "basic"; _configModifications[proxyAuthMethodKey] = proxyAuthMethodValue; int exitCode_proxyauth = await _gitCommandManager.GitConfig(executionContext, targetPath, proxyAuthMethodKey, proxyAuthMethodValue); if (exitCode_proxyauth != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_proxyauth}"); } } } // save ignore ssl cert error setting to git config. if (acceptUntrustedCerts) { executionContext.Debug($"Save ignore ssl cert error config into git config."); string sslVerifyConfigKey = "http.sslVerify"; string sslVerifyConfigValue = "\"false\""; _configModifications[sslVerifyConfigKey] = sslVerifyConfigValue.Trim('\"'); int exitCode_sslconfig = await _gitCommandManager.GitConfig(executionContext, targetPath, sslVerifyConfigKey, sslVerifyConfigValue); if (exitCode_sslconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_sslconfig}"); } } // save CA cert setting to git config. if (_useSelfSignedCACert) { executionContext.Debug($"Save CA cert config into git config."); string sslCaInfoConfigKey = "http.sslcainfo"; string sslCaInfoConfigValue = $"\"{agentCert.CACertificateFile}\""; _configModifications[sslCaInfoConfigKey] = sslCaInfoConfigValue.Trim('\"'); int exitCode_sslconfig = await _gitCommandManager.GitConfig(executionContext, targetPath, sslCaInfoConfigKey, sslCaInfoConfigValue); if (exitCode_sslconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_sslconfig}"); } } // save client cert setting to git config. if (_useClientCert) { executionContext.Debug($"Save client cert config into git config."); string sslCertConfigKey = "http.sslcert"; string sslCertConfigValue = $"\"{agentCert.ClientCertificateFile}\""; string sslKeyConfigKey = "http.sslkey"; string sslKeyConfigValue = $"\"{agentCert.CACertificateFile}\""; _configModifications[sslCertConfigKey] = sslCertConfigValue.Trim('\"'); _configModifications[sslKeyConfigKey] = sslKeyConfigValue.Trim('\"'); int exitCode_sslconfig = await _gitCommandManager.GitConfig(executionContext, targetPath, sslCertConfigKey, sslCertConfigValue); if (exitCode_sslconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_sslconfig}"); } exitCode_sslconfig = await _gitCommandManager.GitConfig(executionContext, targetPath, sslKeyConfigKey, sslKeyConfigValue); if (exitCode_sslconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_sslconfig}"); } // the client private key has a password if (!string.IsNullOrEmpty(_clientCertPrivateKeyAskPassFile)) { string sslCertPasswordProtectedConfigKey = "http.sslcertpasswordprotected"; string sslCertPasswordProtectedConfigValue = "true"; string askPassConfigKey = "core.askpass"; string askPassConfigValue = $"\"{_clientCertPrivateKeyAskPassFile}\""; _configModifications[sslCertPasswordProtectedConfigKey] = sslCertPasswordProtectedConfigValue.Trim('\"'); _configModifications[askPassConfigKey] = askPassConfigValue.Trim('\"'); exitCode_sslconfig = await _gitCommandManager.GitConfig(executionContext, targetPath, sslCertPasswordProtectedConfigKey, sslCertPasswordProtectedConfigValue); if (exitCode_sslconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_sslconfig}"); } exitCode_sslconfig = await _gitCommandManager.GitConfig(executionContext, targetPath, askPassConfigKey, askPassConfigValue); if (exitCode_sslconfig != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_sslconfig}"); } } } } if (gitLfsSupport) { if (GitLfsUseAuthHeaderCmdlineArg && exposeCred) { string configKey = $"http.{repositoryUrl.AbsoluteUri}.extraheader"; string configValue = $"\"AUTHORIZATION: {GenerateAuthHeader(username, password)}\""; _configModifications[configKey] = configValue.Trim('\"'); if (gitUseSecureParameterPassing) { await SetAuthTokenInGitConfig(executionContext, _gitCommandManager, targetPath, configKey, configValue.Trim('\"')); } else { int exitCode_config = await _gitCommandManager.GitConfig(executionContext, targetPath, configKey, configValue); if (exitCode_config != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_config}"); } } } if (!GitLfsUseAuthHeaderCmdlineArg && !exposeCred) { // remove cached credential from origin's lfs fetch/push url. executionContext.Debug("Remove git-lfs fetch and push url setting from git config."); await RemoveGitConfig(executionContext, targetPath, "remote.origin.lfsurl", _gitLfsUrlWithCred.AbsoluteUri); _configModifications.Remove("remote.origin.lfsurl"); await RemoveGitConfig(executionContext, targetPath, "remote.origin.lfspushurl", _gitLfsUrlWithCred.AbsoluteUri); _configModifications.Remove("remote.origin.lfspushurl"); } } if (_useClientCert && !string.IsNullOrEmpty(_clientCertPrivateKeyAskPassFile) && !exposeCred) { executionContext.Debug("Remove git.sslkey askpass file."); IOUtil.DeleteFile(_clientCertPrivateKeyAskPassFile); } } await RunGitStatusIfSystemDebug(executionContext, targetPath); } private async Task RunGitStatusIfSystemDebug(IExecutionContext executionContext, string targetPath) { if (executionContext.WriteDebug) { var exitCode_gitStatus = await _gitCommandManager.GitStatus(executionContext, targetPath); if (exitCode_gitStatus != 0) { executionContext.Warning($"git status failed with exit code: {exitCode_gitStatus}"); } } } public async Task PostJobCleanupAsync(IExecutionContext executionContext, ServiceEndpoint endpoint) { Trace.Entering(); ArgUtil.NotNull(endpoint, nameof(endpoint)); executionContext.Output($"Cleaning any cached credential from repository: {endpoint.Name} (Git)"); Uri repositoryUrl = endpoint.Url; string targetPath = GetEndpointData(endpoint, Constants.EndpointData.SourcesDirectory); executionContext.Debug($"Repository url={repositoryUrl}"); executionContext.Debug($"targetPath={targetPath}"); if (!_selfManageGitCreds) { executionContext.Debug("Remove any extraheader, proxy and client cert setting from git config."); foreach (var config in _configModifications) { await RemoveGitConfig(executionContext, targetPath, config.Key, config.Value); } await RemoveCachedCredential(executionContext, targetPath, repositoryUrl, "origin"); } // delete client cert askpass file. if (_useClientCert && !string.IsNullOrEmpty(_clientCertPrivateKeyAskPassFile)) { IOUtil.DeleteFile(_clientCertPrivateKeyAskPassFile); } } public override async Task RunMaintenanceOperations(IExecutionContext executionContext, string repositoryPath) { Trace.Entering(); // Validate args. ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNullOrEmpty(repositoryPath, nameof(repositoryPath)); executionContext.Output($"Run maintenance operation on repository: {repositoryPath}"); // Initialize git command manager _gitCommandManager = HostContext.GetService(); // On Windows, always find Git from externals // On Linux/macOS, always find Git from the path bool useBuiltInGit = PlatformUtil.RunningOnWindows; await _gitCommandManager.LoadGitExecutionInfo(executionContext, useBuiltInGit); // if the folder is missing, skip it if (!Directory.Exists(repositoryPath) || !Directory.Exists(Path.Combine(repositoryPath, ".git"))) { return; } // add a timer to track how much time we used for git-repack Stopwatch timer = Stopwatch.StartNew(); try { // git count-objects before git repack executionContext.Output("Repository status before executing 'git repack'"); int exitCode_countobjectsbefore = await _gitCommandManager.GitCountObjects(executionContext, repositoryPath); if (exitCode_countobjectsbefore != 0) { Trace.Warning($"Git count-objects failed with exit code: {exitCode_countobjectsbefore}"); Trace.Warning($"Repository is most likely in a corrupt state; delete the sources directory"); IOUtil.DeleteDirectory(repositoryPath, executionContext.CancellationToken); return; } // git repack int exitCode_repack = await _gitCommandManager.GitRepack(executionContext, repositoryPath); if (exitCode_repack != 0) { throw new InvalidOperationException($"Git repack failed with exit code: {exitCode_repack}"); } // git prune int exitCode_prune = await _gitCommandManager.GitPrune(executionContext, repositoryPath); if (exitCode_prune != 0) { throw new InvalidOperationException($"Git prune failed with exit code: {exitCode_prune}"); } // git lfs prune var lfsVersion = await _gitCommandManager.GitLfsVersion(executionContext); if (lfsVersion is null) { executionContext.Debug("Machine does not have git-lfs installed. Skipping git lfs prune"); } else { int exitCode_lFSPrune = await _gitCommandManager.GitLFSPrune(executionContext, repositoryPath); if (exitCode_lFSPrune != 0) { throw new InvalidOperationException($"Git lfs prune failed with exit code: {exitCode_lFSPrune}"); } } // git count-objects after git repack executionContext.Output("Repository status after executing 'git repack'"); int exitCode_countobjectsafter = await _gitCommandManager.GitCountObjects(executionContext, repositoryPath); if (exitCode_countobjectsafter != 0) { throw new InvalidOperationException($"Git count-objects failed with exit code: {exitCode_countobjectsafter}"); } } finally { timer.Stop(); executionContext.Output($"Total time for executing maintenance for repository '{repositoryPath}': {timer.Elapsed.TotalSeconds} seconds."); } } public async void SetGitFeatureFlagsConfiguration( IExecutionContext executionContext, IGitCommandManager gitCommandManager, string targetPath) { if (AgentKnobs.UseGitSingleThread.GetValue(executionContext).AsBoolean()) { await gitCommandManager.GitConfig(executionContext, targetPath, "pack.threads", "1"); } if (AgentKnobs.FixPossibleGitOutOfMemoryProblem.GetValue(executionContext).AsBoolean()) { await gitCommandManager.GitConfig(executionContext, targetPath, "pack.windowmemory", "256m"); await gitCommandManager.GitConfig(executionContext, targetPath, "pack.deltaCacheSize", "256m"); await gitCommandManager.GitConfig(executionContext, targetPath, "pack.packSizeLimit", "256m"); await gitCommandManager.GitConfig(executionContext, targetPath, "http.postBuffer", "524288000"); await gitCommandManager.GitConfig(executionContext, targetPath, "core.packedgitwindowsize", "256m"); await gitCommandManager.GitConfig(executionContext, targetPath, "core.packedgitlimit", "256m"); } if (AgentKnobs.UseGitLongPaths.GetValue(executionContext).AsBoolean()) { await gitCommandManager.GitConfig(executionContext, targetPath, "core.longpaths", "true"); } } public override void SetVariablesInEndpoint(IExecutionContext executionContext, ServiceEndpoint endpoint) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(endpoint, nameof(endpoint)); base.SetVariablesInEndpoint(executionContext, endpoint); endpoint.Data.Add(Constants.EndpointData.SourceBranch, executionContext.Variables.Build_SourceBranch); } private async Task IsRepositoryOriginUrlMatch(IExecutionContext context, string repositoryPath, Uri expectedRepositoryOriginUrl) { context.Debug($"Checking if the repo on {repositoryPath} matches the expected repository origin URL. expected Url: {expectedRepositoryOriginUrl.AbsoluteUri}"); if (!Directory.Exists(Path.Combine(repositoryPath, ".git"))) { // There is no repo directory context.Debug($"Repository is not found since '.git' directory does not exist under. {repositoryPath}"); return false; } Uri remoteUrl; remoteUrl = await _gitCommandManager.GitGetFetchUrl(context, repositoryPath); if (remoteUrl == null) { // origin fetch url not found. context.Debug("Repository remote origin fetch url is empty."); return false; } context.Debug($"Repository remote origin fetch url is {remoteUrl}"); // compare the url passed in with the remote url found if (expectedRepositoryOriginUrl.Equals(remoteUrl)) { context.Debug("URLs match."); return true; } else { context.Debug($"The remote.origin.url of the repository under root folder '{repositoryPath}' doesn't matches source repository url."); return false; } } private async Task RemoveGitConfig(IExecutionContext executionContext, string targetPath, string configKey, string configValue) { int exitCode_configUnset = await _gitCommandManager.GitConfigUnset(executionContext, targetPath, configKey); if (exitCode_configUnset != 0) { // if unable to use git.exe unset http.extraheader, http.proxy or core.askpass, modify git config file on disk. make sure we don't left credential. if (!string.IsNullOrEmpty(configValue)) { executionContext.Warning(StringUtil.Loc("AttemptRemoveCredFromConfig", configKey)); string gitConfig = Path.Combine(targetPath, ".git/config"); if (File.Exists(gitConfig)) { string gitConfigContent = File.ReadAllText(Path.Combine(targetPath, ".git", "config")); if (gitConfigContent.Contains(configKey)) { string setting = $"extraheader = {configValue}"; gitConfigContent = Regex.Replace(gitConfigContent, setting, string.Empty, RegexOptions.IgnoreCase); setting = $"proxy = {configValue}"; gitConfigContent = Regex.Replace(gitConfigContent, setting, string.Empty, RegexOptions.IgnoreCase); setting = $"askpass = {configValue}"; gitConfigContent = Regex.Replace(gitConfigContent, setting, string.Empty, RegexOptions.IgnoreCase); File.WriteAllText(gitConfig, gitConfigContent); } } } else { executionContext.Warning(StringUtil.Loc("FailToRemoveGitConfig", configKey, configKey, targetPath)); } } } private async Task ReplaceTokenPlaceholder(IExecutionContext executionContext, string targetPath, string configKey, string tokenPlaceholderConfigValue, string configValue) { //modify git config file on disk. if (!string.IsNullOrEmpty(configValue)) { string gitConfig = Path.Combine(targetPath, ".git", "config"); if (File.Exists(gitConfig)) { string gitConfigContent = File.ReadAllText(gitConfig); using (StreamWriter config = new StreamWriter(gitConfig)) { if (gitConfigContent.Contains(tokenPlaceholderConfigValue)) { executionContext.Debug($"Replace token placeholder in git config file"); gitConfigContent = Regex.Replace(gitConfigContent, tokenPlaceholderConfigValue, configValue, RegexOptions.IgnoreCase); } await config.WriteAsync(gitConfigContent); } } } else { executionContext.Warning(StringUtil.Loc("FailToReplaceTokenPlaceholderInGitConfig", configKey)); } } private async Task RemoveCachedCredential(IExecutionContext context, string repositoryPath, Uri repositoryUrl, string remoteName) { // there is nothing cached in repository Url. if (_repositoryUrlWithCred == null) { return; } //remove credential from fetch url context.Debug("Remove injected credential from git remote fetch url."); int exitCode_seturl = await _gitCommandManager.GitRemoteSetUrl(context, repositoryPath, remoteName, repositoryUrl.AbsoluteUri); context.Debug("Remove injected credential from git remote push url."); int exitCode_setpushurl = await _gitCommandManager.GitRemoteSetPushUrl(context, repositoryPath, remoteName, repositoryUrl.AbsoluteUri); if (exitCode_seturl != 0 || exitCode_setpushurl != 0) { // if unable to use git.exe set fetch url back, modify git config file on disk. make sure we don't left credential. context.Warning("Unable to use git.exe remove injected credential from git remote fetch url, modify git config file on disk to remove injected credential."); string gitConfig = Path.Combine(repositoryPath, ".git/config"); if (File.Exists(gitConfig)) { string gitConfigContent = File.ReadAllText(Path.Combine(repositoryPath, ".git", "config")); gitConfigContent = gitConfigContent.Replace(_repositoryUrlWithCred.AbsoluteUri, repositoryUrl.AbsoluteUri); File.WriteAllText(gitConfig, gitConfigContent); } } } private bool IsPullRequest(string sourceBranch) { return !string.IsNullOrEmpty(sourceBranch) && (sourceBranch.StartsWith(_pullRefsPrefix, StringComparison.OrdinalIgnoreCase) || sourceBranch.StartsWith(_remotePullRefsPrefix, StringComparison.OrdinalIgnoreCase)); } private string GetRemoteRefName(string refName) { if (string.IsNullOrEmpty(refName)) { // If the refName is empty return the remote name for master refName = _remoteRefsPrefix + "master"; } else if (refName.Equals("master", StringComparison.OrdinalIgnoreCase)) { // If the refName is master return the remote name for master refName = _remoteRefsPrefix + refName; } else if (refName.StartsWith(_refsPrefix, StringComparison.OrdinalIgnoreCase)) { // If the refName is refs/heads change it to the remote version of the name refName = _remoteRefsPrefix + refName.Substring(_refsPrefix.Length); } else if (refName.StartsWith(_pullRefsPrefix, StringComparison.OrdinalIgnoreCase)) { // If the refName is refs/pull change it to the remote version of the name refName = refName.Replace(_pullRefsPrefix, _remotePullRefsPrefix); } return refName; } private string ComposeGitArgs(IExecutionContext executionContext, IGitCommandManager gitCommandManager, string configKey, string username, string password) { bool gitSupportsConfigEnv = GitSupportsConfigEnv(executionContext, gitCommandManager); bool gitUseSecureParameterPassing = AgentKnobs.GitUseSecureParameterPassing.GetValue(executionContext).AsBoolean(); string configValue = $"AUTHORIZATION: {GenerateAuthHeader(username, password)}"; // if git version is v2.31 or higher and GitUseSecureParameterPassing knob is enabled if (gitSupportsConfigEnv && gitUseSecureParameterPassing) { string envVariableName = $"env_var_{configKey}"; Environment.SetEnvironmentVariable(envVariableName, configValue); executionContext.Debug($"Set environment variable {envVariableName}"); return $"--config-env={configKey}={envVariableName}"; } else { executionContext.Debug($"Use git -c option"); return $"-c {configKey}=\"{configValue}\""; } } private async Task SetAuthTokenInGitConfig(IExecutionContext executionContext, IGitCommandManager gitCommandManager, string targetPath, string configKey, string configValue) { // Configure a placeholder value. This approach avoids the credential being captured // by process creation audit events, which are commonly logged. For more information, // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing Guid tokenPlaceholder = Guid.NewGuid(); string tokenPlaceholderConfigValue = $"\"AUTHORIZATION: placeholder_{tokenPlaceholder}\""; executionContext.Debug($"Configured placeholder: {tokenPlaceholderConfigValue}"); int exitCode_config = await gitCommandManager.GitConfig(executionContext, targetPath, configKey, tokenPlaceholderConfigValue); if (exitCode_config != 0) { throw new InvalidOperationException($"Git config failed with exit code: {exitCode_config}"); } await ReplaceTokenPlaceholder(executionContext, targetPath, configKey, tokenPlaceholderConfigValue.Trim('\"'), configValue); } } } ================================================ FILE: src/Agent.Worker/Build/LegacyTrackingConfig.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Newtonsoft.Json; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public sealed class LegacyTrackingConfig : TrackingConfigBase { // The property name in the config file is misleading. The value really represents // the build folder - i.e. the folder that contains the source folder. [JsonProperty("sourceFolder")] public string BuildDirectory { get; set; } public static LegacyTrackingConfig TryParse(string content) { ArgUtil.NotNull(content, nameof(content)); // Fix the content to be valid JSON syntax. The file version 1 files // were written as: // { // "system"" : "[...]", // "collectionId"" = "[...]", // "definitionId"" = "[...]", // "repositoryUrl"" = "[...]", // "sourceFolder" = "[...]", // "hashKey" = "[...]" // } // // Furthermore, the values were not JSON-escaped. content = content // Escape special characters. .Replace(@"\", @"\\") // Change "=" to ":". .Replace(@"""collectionId"" = ", @"""collectionId"": ") .Replace(@"""definitionId"" = ", @"""definitionId"": ") .Replace(@"""repositoryUrl"" = ", @"""repositoryUrl"": ") .Replace(@"""sourceFolder"" = ", @"""sourceFolder"": ") .Replace(@"""hashKey"" = ", @"""hashKey"": "); LegacyTrackingConfig config = null; try { config = JsonConvert.DeserializeObject(content); } catch (Exception) { } if (config != null && !string.IsNullOrEmpty(config.BuildDirectory) && !string.IsNullOrEmpty(config.CollectionId) && !string.IsNullOrEmpty(config.DefinitionId) && !string.IsNullOrEmpty(config.HashKey) && !string.IsNullOrEmpty(config.RepositoryUrl) && !string.IsNullOrEmpty(config.System)) { return config; } return null; } } } ================================================ FILE: src/Agent.Worker/Build/SourceProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public interface ISourceProvider : IExtension, IAgentService { string RepositoryType { get; } Task GetSourceAsync(IExecutionContext executionContext, ServiceEndpoint endpoint, CancellationToken cancellationToken); Task PostJobCleanupAsync(IExecutionContext executionContext, ServiceEndpoint endpoint); string GetLocalPath(IExecutionContext executionContext, RepositoryResource repository, string path); void SetVariablesInEndpoint(IExecutionContext executionContext, ServiceEndpoint endpoint); Task RunMaintenanceOperations(IExecutionContext executionContext, string repositoryPath); } public abstract class SourceProvider : AgentService { public Type ExtensionType => typeof(ISourceProvider); public abstract string RepositoryType { get; } public virtual string GetLocalPath(IExecutionContext executionContext, RepositoryResource repository, string path) { return path; } public virtual void SetVariablesInEndpoint(IExecutionContext executionContext, ServiceEndpoint endpoint) { if (executionContext == null || endpoint == null) { return; } endpoint.Data.Add(Constants.EndpointData.SourcesDirectory, executionContext.Variables.Get(Constants.Variables.Build.SourcesDirectory)); endpoint.Data.Add(Constants.EndpointData.SourceVersion, executionContext.Variables.Get(Constants.Variables.Build.SourceVersion)); } public string GetEndpointData(ServiceEndpoint endpoint, string name) { ArgUtil.NotNull(endpoint, nameof(endpoint)); var trace = HostContext.GetTrace(nameof(SourceProvider)); string value; if (endpoint.Data.TryGetValue(name, out value)) { trace.Info($"Get '{name}': '{value}'"); return value; } trace.Info($"Get '{name}' (not found)"); return null; } public virtual Task RunMaintenanceOperations(IExecutionContext executionContext, string repositoryPath) { return Task.CompletedTask; } } } ================================================ FILE: src/Agent.Worker/Build/SvnCommandManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text; using System.Threading; using System.Threading.Tasks; using System.Xml.Serialization; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { [ServiceLocator(Default = typeof(SvnCommandManager))] public interface ISvnCommandManager : IAgentService { /// /// Initializes svn command path and execution environment /// /// The build commands' execution context /// The Subversion server endpoint providing URL, username/password, and untrasted certs acceptace information /// The cancellation token used to stop svn command execution void Init( IExecutionContext context, ServiceEndpoint endpoint, CancellationToken cancellationToken); /// /// Initializes svn command path and execution environment /// /// The build commands' execution context /// The Subversion repository resource providing URL, referenced service endpoint information /// The cancellation token used to stop svn command execution void Init( IExecutionContext context, RepositoryResource repository, CancellationToken cancellationToken); /// /// svn info URL --depth empty --revision --xml --username --password --non-interactive [--trust-server-cert] /// /// /// /// Task GetLatestRevisionAsync(string serverPath, string sourceRevision); /// /// Removes unused and duplicate mappings. /// /// /// Dictionary NormalizeMappings(List allMappings); /// /// Normalizes path separator for server and local paths. /// /// /// /// /// string NormalizeRelativePath(string path, char pathSeparator, char altPathSeparator); /// /// Detects old mappings (if any) and refreshes the SVN working copies to match the new mappings. /// /// /// /// /// /// /// Task UpdateWorkspace(string rootPath, Dictionary distinctMappings, bool cleanRepository, string sourceBranch, string revision); /// /// Finds a local path the provided server path is mapped to. /// /// /// /// string ResolveServerPath(string serverPath, string rootPath); } public class SvnCommandManager : AgentService, ISvnCommandManager { public void Init( IExecutionContext context, ServiceEndpoint endpoint, CancellationToken cancellationToken) { // Validation. ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(endpoint, nameof(endpoint)); ArgUtil.NotNull(cancellationToken, nameof(cancellationToken)); ArgUtil.NotNull(endpoint.Url, nameof(endpoint.Url)); ArgUtil.Equal(true, endpoint.Url.IsAbsoluteUri, nameof(endpoint.Url.IsAbsoluteUri)); ArgUtil.NotNull(endpoint.Data, nameof(endpoint.Data)); ArgUtil.NotNull(endpoint.Authorization, nameof(endpoint.Authorization)); ArgUtil.NotNull(endpoint.Authorization.Parameters, nameof(endpoint.Authorization.Parameters)); ArgUtil.Equal(EndpointAuthorizationSchemes.UsernamePassword, endpoint.Authorization.Scheme, nameof(endpoint.Authorization.Scheme)); _context = context; _endpoint = endpoint; _cancellationToken = cancellationToken; // Find svn in %Path% string svnPath = WhichUtil.Which("svn", trace: Trace); if (string.IsNullOrEmpty(svnPath)) { throw new Exception(StringUtil.Loc("SvnNotInstalled")); } else { _context.Debug($"Found svn installation path: {svnPath}."); _svn = svnPath; } // External providers may need basic auth or tokens endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.Username, out _username); endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.Password, out _password); _acceptUntrusted = endpoint.Data.ContainsKey(EndpointData.SvnAcceptUntrustedCertificates) && StringUtil.ConvertToBoolean(endpoint.Data[EndpointData.SvnAcceptUntrustedCertificates], defaultValue: false); } public void Init( IExecutionContext context, RepositoryResource repository, CancellationToken cancellationToken) { // Validation. ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(repository, nameof(repository)); ArgUtil.NotNull(cancellationToken, nameof(cancellationToken)); ArgUtil.NotNull(repository.Url, nameof(repository.Url)); ArgUtil.Equal(true, repository.Url.IsAbsoluteUri, nameof(repository.Url.IsAbsoluteUri)); ArgUtil.NotNull(repository.Endpoint, nameof(repository.Endpoint)); ServiceEndpoint endpoint = context.Endpoints.Single( x => (repository.Endpoint.Id != Guid.Empty && x.Id == repository.Endpoint.Id) || (repository.Endpoint.Id == Guid.Empty && string.Equals(x.Name, repository.Endpoint.Name.ToString(), StringComparison.OrdinalIgnoreCase))); ArgUtil.NotNull(endpoint.Data, nameof(endpoint.Data)); ArgUtil.NotNull(endpoint.Authorization, nameof(endpoint.Authorization)); ArgUtil.NotNull(endpoint.Authorization.Parameters, nameof(endpoint.Authorization.Parameters)); ArgUtil.Equal(EndpointAuthorizationSchemes.UsernamePassword, endpoint.Authorization.Scheme, nameof(endpoint.Authorization.Scheme)); _context = context; _repository = repository; _endpoint = endpoint; _cancellationToken = cancellationToken; // Find svn in %Path% string svnPath = WhichUtil.Which("svn", trace: Trace); if (string.IsNullOrEmpty(svnPath)) { throw new Exception(StringUtil.Loc("SvnNotInstalled")); } else { _context.Debug($"Found svn installation path: {svnPath}."); _svn = svnPath; } // External providers may need basic auth or tokens endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.Username, out _username); endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.Password, out _password); _acceptUntrusted = endpoint.Data.ContainsKey(EndpointData.SvnAcceptUntrustedCertificates) && StringUtil.ConvertToBoolean(endpoint.Data[EndpointData.SvnAcceptUntrustedCertificates], defaultValue: false); } public async Task UpdateWorkspace( string rootPath, Dictionary distinctMappings, bool cleanRepository, string sourceBranch, string revision) { if (cleanRepository) { // A clean build has been requested, if the $(build.Clean) variable didn't force // the BuildDirectoryManager to re-create the source directory earlier, // let's do it now explicitly. IBuildDirectoryManager buildDirectoryManager = HostContext.GetService(); BuildCleanOption? cleanOption = _context.Variables.Build_Clean; buildDirectoryManager.CreateDirectory( _context, description: "source directory", path: rootPath, deleteExisting: !(cleanOption == BuildCleanOption.All || cleanOption == BuildCleanOption.Source)); } Dictionary oldMappings = await GetOldMappings(rootPath); _context.Debug($"oldMappings.Count: {oldMappings.Count}"); oldMappings.ToList().ForEach(p => _context.Debug($" [{p.Key}] {p.Value}")); Dictionary newMappings = BuildNewMappings(rootPath, sourceBranch, distinctMappings); _context.Debug($"newMappings.Count: {newMappings.Count}"); newMappings.ToList().ForEach(p => _context.Debug($" [{p.Key}] ServerPath: {p.Value.ServerPath}, LocalPath: {p.Value.LocalPath}, Depth: {p.Value.Depth}, Revision: {p.Value.Revision}, IgnoreExternals: {p.Value.IgnoreExternals}")); CleanUpSvnWorkspace(oldMappings, newMappings); long maxRevision = 0; foreach (SvnMappingDetails mapping in newMappings.Values) { long mappingRevision = await GetLatestRevisionAsync(mapping.ServerPath, revision); if (mappingRevision > maxRevision) { maxRevision = mappingRevision; } } await UpdateToRevisionAsync(oldMappings, newMappings, maxRevision); return maxRevision > 0 ? maxRevision.ToString() : "HEAD"; } private async Task> GetOldMappings(string rootPath) { if (File.Exists(rootPath)) { throw new Exception(StringUtil.Loc("SvnFileAlreadyExists", rootPath)); } Dictionary mappings = new Dictionary(); if (Directory.Exists(rootPath)) { foreach (string workingDirectoryPath in GetSvnWorkingCopyPaths(rootPath)) { Uri url = await GetRootUrlAsync(workingDirectoryPath); if (url != null) { mappings.Add(workingDirectoryPath, url); } } } return mappings; } private List GetSvnWorkingCopyPaths(string rootPath) { if (Directory.Exists(Path.Combine(rootPath, ".svn"))) { return new List() { rootPath }; } else { ConcurrentStack candidates = new ConcurrentStack(); Directory.EnumerateDirectories(rootPath, "*", SearchOption.TopDirectoryOnly) .AsParallel() .ForAll(fld => candidates.PushRange(GetSvnWorkingCopyPaths(fld).ToArray())); return candidates.ToList(); } } private Dictionary BuildNewMappings(string rootPath, string sourceBranch, Dictionary distinctMappings) { Dictionary mappings = new Dictionary(); if (distinctMappings != null && distinctMappings.Count > 0) { foreach (KeyValuePair mapping in distinctMappings) { SvnMappingDetails mappingDetails = mapping.Value; string localPath = mappingDetails.LocalPath; string absoluteLocalPath = Path.Combine(rootPath, localPath); SvnMappingDetails newMappingDetails = new SvnMappingDetails(); newMappingDetails.ServerPath = mappingDetails.ServerPath; newMappingDetails.LocalPath = absoluteLocalPath; newMappingDetails.Revision = mappingDetails.Revision; newMappingDetails.Depth = mappingDetails.Depth; newMappingDetails.IgnoreExternals = mappingDetails.IgnoreExternals; mappings.Add(absoluteLocalPath, newMappingDetails); } } else { SvnMappingDetails newMappingDetails = new SvnMappingDetails(); newMappingDetails.ServerPath = sourceBranch; newMappingDetails.LocalPath = rootPath; newMappingDetails.Revision = "HEAD"; newMappingDetails.Depth = 3; //Infinity newMappingDetails.IgnoreExternals = true; mappings.Add(rootPath, newMappingDetails); } return mappings; } public async Task GetLatestRevisionAsync(string serverPath, string sourceRevision) { Trace.Verbose($@"Get latest revision of: '{_repository?.Url?.AbsoluteUri ?? _endpoint.Url.AbsoluteUri}' at or before: '{sourceRevision}'."); string xml = await RunPorcelainCommandAsync( "info", BuildSvnUri(serverPath), "--depth", "empty", "--revision", sourceRevision, "--xml"); // Deserialize the XML. // The command returns a non-zero exit code if the source revision is not found. // The assertions performed here should never fail. XmlSerializer serializer = new XmlSerializer(typeof(SvnInfo)); ArgUtil.NotNullOrEmpty(xml, nameof(xml)); using (StringReader reader = new StringReader(xml)) { SvnInfo info = serializer.Deserialize(reader) as SvnInfo; ArgUtil.NotNull(info, nameof(info)); ArgUtil.NotNull(info.Entries, nameof(info.Entries)); ArgUtil.Equal(1, info.Entries.Length, nameof(info.Entries.Length)); long revision = 0; long.TryParse(info.Entries[0].Commit?.Revision ?? sourceRevision, out revision); return revision; } } public string ResolveServerPath(string serverPath, string rootPath) { ArgUtil.NotNull(serverPath, nameof(serverPath)); ArgUtil.Equal(true, serverPath.StartsWith(@"^/"), nameof(serverPath)); foreach (string workingDirectoryPath in GetSvnWorkingCopyPaths(rootPath)) { try { Trace.Verbose($@"Get SVN info for the working directory path '{workingDirectoryPath}'."); string xml = RunPorcelainCommandAsync( "info", workingDirectoryPath, "--depth", "empty", "--xml").GetAwaiter().GetResult(); // Deserialize the XML. // The command returns a non-zero exit code if the local path is not a working copy. // The assertions performed here should never fail. XmlSerializer serializer = new XmlSerializer(typeof(SvnInfo)); ArgUtil.NotNullOrEmpty(xml, nameof(xml)); using (StringReader reader = new StringReader(xml)) { SvnInfo info = serializer.Deserialize(reader) as SvnInfo; ArgUtil.NotNull(info, nameof(info)); ArgUtil.NotNull(info.Entries, nameof(info.Entries)); ArgUtil.Equal(1, info.Entries.Length, nameof(info.Entries.Length)); if (serverPath.Equals(info.Entries[0].RelativeUrl, StringComparison.Ordinal) || serverPath.StartsWith(info.Entries[0].RelativeUrl + '/', StringComparison.Ordinal)) { // We've found the mapping the serverPath belongs to. int n = info.Entries[0].RelativeUrl.Length; string relativePath = serverPath.Length <= n + 1 ? string.Empty : serverPath.Substring(n + 1); return Path.Combine(workingDirectoryPath, relativePath); } } } catch (ProcessExitCodeException) { Trace.Warning($@"The path '{workingDirectoryPath}' is not an SVN working directory path."); } } Trace.Warning($@"Haven't found any suitable mapping for '{serverPath}'"); // Since the server path starts with the "^/" prefix we return the original path without these two characters. return serverPath.Substring(2); } private async Task GetRootUrlAsync(string localPath) { Trace.Verbose($@"Get URL for: '{localPath}'."); try { string xml = await RunPorcelainCommandAsync( "info", localPath, "--depth", "empty", "--xml"); // Deserialize the XML. // The command returns a non-zero exit code if the local path is not a working copy. // The assertions performed here should never fail. XmlSerializer serializer = new XmlSerializer(typeof(SvnInfo)); ArgUtil.NotNullOrEmpty(xml, nameof(xml)); using (StringReader reader = new StringReader(xml)) { SvnInfo info = serializer.Deserialize(reader) as SvnInfo; ArgUtil.NotNull(info, nameof(info)); ArgUtil.NotNull(info.Entries, nameof(info.Entries)); ArgUtil.Equal(1, info.Entries.Length, nameof(info.Entries.Length)); return new Uri(info.Entries[0].Url); } } catch (ProcessExitCodeException) { Trace.Verbose($@"The folder '{localPath}.svn' seems not to be a subversion system directory."); return null; } } private async Task UpdateToRevisionAsync(Dictionary oldMappings, Dictionary newMappings, long maxRevision) { foreach (KeyValuePair mapping in newMappings) { string localPath = mapping.Key; SvnMappingDetails mappingDetails = mapping.Value; string effectiveServerUri = BuildSvnUri(mappingDetails.ServerPath); string effectiveRevision = EffectiveRevision(mappingDetails.Revision, maxRevision); mappingDetails.Revision = effectiveRevision; if (!Directory.Exists(Path.Combine(localPath, ".svn"))) { _context.Debug(String.Format( "Checking out with depth: {0}, revision: {1}, ignore externals: {2}", mappingDetails.Depth, effectiveRevision, mappingDetails.IgnoreExternals)); mappingDetails.ServerPath = effectiveServerUri; await CheckoutAsync(mappingDetails); } else if (oldMappings.ContainsKey(localPath) && oldMappings[localPath].Equals(new Uri(effectiveServerUri))) { _context.Debug(String.Format( "Updating with depth: {0}, revision: {1}, ignore externals: {2}", mappingDetails.Depth, mappingDetails.Revision, mappingDetails.IgnoreExternals)); await UpdateAsync(mappingDetails); } else { _context.Debug(String.Format( "Switching to {0} with depth: {1}, revision: {2}, ignore externals: {3}", mappingDetails.ServerPath, mappingDetails.Depth, mappingDetails.Revision, mappingDetails.IgnoreExternals)); await SwitchAsync(mappingDetails); } } } private string EffectiveRevision(string mappingRevision, long maxRevision) { if (!mappingRevision.Equals("HEAD", StringComparison.OrdinalIgnoreCase)) { // A specific revision has been requested in mapping return mappingRevision; } else if (maxRevision == 0) { // Tip revision return "HEAD"; } else { return maxRevision.ToString(); } } private void CleanUpSvnWorkspace(Dictionary oldMappings, Dictionary newMappings) { Trace.Verbose("Clean up Svn workspace."); oldMappings.Where(m => !newMappings.ContainsKey(m.Key)) .AsParallel() .ForAll(m => { Trace.Verbose($@"Delete unmapped folder: '{m.Key}'"); IOUtil.DeleteDirectory(m.Key, CancellationToken.None); }); } /// /// svn update localPath --depth empty --revision --xml --username lin --password ideafix --non-interactive [--trust-server-cert] /// /// /// private async Task UpdateAsync(SvnMappingDetails mapping) { Trace.Verbose($@"Update '{mapping.LocalPath}'."); await RunCommandAsync( "update", mapping.LocalPath, "--revision", mapping.Revision, "--depth", ToDepthArgument(mapping.Depth), mapping.IgnoreExternals ? "--ignore-externals" : null); } /// /// svn switch localPath --depth empty --revision --xml --username lin --password ideafix --non-interactive [--trust-server-cert] /// /// /// private async Task SwitchAsync(SvnMappingDetails mapping) { Trace.Verbose($@"Switch '{mapping.LocalPath}' to '{mapping.ServerPath}'."); await RunCommandAsync( "switch", $"^/{mapping.ServerPath}", mapping.LocalPath, "--ignore-ancestry", "--revision", mapping.Revision, "--depth", ToDepthArgument(mapping.Depth), mapping.IgnoreExternals ? "--ignore-externals" : null); } /// /// svn checkout localPath --depth empty --revision --xml --username lin --password ideafix --non-interactive [--trust-server-cert] /// /// /// private async Task CheckoutAsync(SvnMappingDetails mapping) { Trace.Verbose($@"Checkout '{mapping.ServerPath}' to '{mapping.LocalPath}'."); await RunCommandAsync( "checkout", mapping.ServerPath, mapping.LocalPath, "--revision", mapping.Revision, "--depth", ToDepthArgument(mapping.Depth), mapping.IgnoreExternals ? "--ignore-externals" : null); } private string BuildSvnUri(string serverPath) { StringBuilder sb = new StringBuilder((_repository?.Url ?? _endpoint.Url).ToString()); if (!string.IsNullOrEmpty(serverPath)) { if (sb[sb.Length - 1] != '/') { sb.Append('/'); } sb.Append(serverPath); } return sb.Replace('\\', '/').ToString(); } private string FormatArgumentsWithDefaults(params string[] args) { // Format each arg. List formattedArgs = new List(); foreach (string arg in args ?? new string[0]) { if (!string.IsNullOrEmpty(arg)) { // Validate the arg. if (arg.IndexOfAny(new char[] { '"', '\r', '\n' }) >= 0) { throw new Exception(StringUtil.Loc("InvalidCommandArg", arg)); } // Add the arg. formattedArgs.Add(QuotedArgument(arg)); } } // Add the common parameters. if (_acceptUntrusted) { formattedArgs.Add("--trust-server-cert"); } if (!string.IsNullOrWhiteSpace(_username)) { formattedArgs.Add("--username"); formattedArgs.Add(QuotedArgument(_username)); } if (!string.IsNullOrWhiteSpace(_password)) { formattedArgs.Add("--password"); formattedArgs.Add(QuotedArgument(_password)); } formattedArgs.Add("--no-auth-cache"); // Do not cache credentials formattedArgs.Add("--non-interactive"); // Add proxy setting parameters var agentProxy = HostContext.GetService(); if (!string.IsNullOrEmpty(_context.Variables.Agent_ProxyUrl) && !agentProxy.WebProxy.IsBypassed(_repository?.Url ?? _endpoint.Url)) { _context.Debug($"Add proxy setting parameters to '{_svn}' for proxy server '{_context.Variables.Agent_ProxyUrl}'."); formattedArgs.Add("--config-option"); formattedArgs.Add(QuotedArgument($"servers:global:http-proxy-host={new Uri(_context.Variables.Agent_ProxyUrl).Host}")); formattedArgs.Add("--config-option"); formattedArgs.Add(QuotedArgument($"servers:global:http-proxy-port={new Uri(_context.Variables.Agent_ProxyUrl).Port}")); if (!string.IsNullOrEmpty(_context.Variables.Agent_ProxyUsername)) { formattedArgs.Add("--config-option"); formattedArgs.Add(QuotedArgument($"servers:global:http-proxy-username={_context.Variables.Agent_ProxyUsername}")); } if (!string.IsNullOrEmpty(_context.Variables.Agent_ProxyPassword)) { formattedArgs.Add("--config-option"); formattedArgs.Add(QuotedArgument($"servers:global:http-proxy-password={_context.Variables.Agent_ProxyPassword}")); } } return string.Join(" ", formattedArgs); } private string QuotedArgument(string arg) { char quote = '\"'; char altQuote = '\''; if (arg.IndexOf(quote) > -1) { quote = '\''; altQuote = '\"'; } return (arg.IndexOfAny(new char[] { ' ', altQuote }) == -1) ? arg : $"{quote}{arg}{quote}"; } private string ToDepthArgument(int depth) { switch (depth) { case 0: return "empty"; case 1: return "files"; case 2: return "immediates"; default: return "infinity"; } } private async Task RunCommandAsync(params string[] args) { // Validation. ArgUtil.NotNull(args, nameof(args)); ArgUtil.NotNull(_context, nameof(_context)); // Invoke tf. using (var processInvoker = HostContext.CreateService()) { var outputLock = new object(); processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { _context.Output(e.Data); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { _context.Output(e.Data); } }; string arguments = FormatArgumentsWithDefaults(args); _context.Command($@"{_svn} {arguments}"); await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: _svn, arguments: arguments, environment: null, requireExitCodeZero: true, cancellationToken: _cancellationToken); } } private async Task RunPorcelainCommandAsync(params string[] args) { // Validation. ArgUtil.NotNull(args, nameof(args)); ArgUtil.NotNull(_context, nameof(_context)); // Invoke tf. using (var processInvoker = HostContext.CreateService()) { var output = new List(); var outputLock = new object(); processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { _context.Debug(e.Data); output.Add(e.Data); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { _context.Debug(e.Data); output.Add(e.Data); } }; string arguments = FormatArgumentsWithDefaults(args); _context.Debug($@"{_svn} {arguments}"); // TODO: Test whether the output encoding needs to be specified on a non-Latin OS. try { await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: _svn, arguments: arguments, environment: null, requireExitCodeZero: true, cancellationToken: _cancellationToken); } catch (ProcessExitCodeException) { // The command failed. Dump the output and throw. output.ForEach(x => _context.Output(x ?? string.Empty)); throw; } // Note, string.join gracefully handles a null element within the IEnumerable. return string.Join(Environment.NewLine, output); } } public Dictionary NormalizeMappings(List allMappings) { ArgUtil.NotNull(allMappings, nameof(allMappings)); // We use Ordinal comparer because SVN is case sensetive and keys in the dictionary are URLs. Dictionary distinctMappings = new Dictionary(StringComparer.Ordinal); HashSet localPaths = new HashSet(StringComparer.Ordinal); foreach (SvnMappingDetails map in allMappings) { string localPath = NormalizeRelativePath(map.LocalPath, Path.DirectorySeparatorChar, '/'); string serverPath = NormalizeRelativePath(map.ServerPath, '/', '\\'); if (string.IsNullOrEmpty(serverPath)) { _context.Debug(StringUtil.Loc("SvnEmptyServerPath", localPath)); _context.Debug(StringUtil.Loc("SvnMappingIgnored")); distinctMappings.Clear(); distinctMappings.Add(string.Empty, map); break; } if (localPaths.Contains(localPath)) { _context.Debug(StringUtil.Loc("SvnMappingDuplicateLocal", localPath)); continue; } else { localPaths.Add(localPath); } if (distinctMappings.ContainsKey(serverPath)) { _context.Debug(StringUtil.Loc("SvnMappingDuplicateServer", serverPath)); continue; } // Put normalized values of the local and server paths back into the mapping. map.LocalPath = localPath; map.ServerPath = serverPath; distinctMappings.Add(serverPath, map); } return distinctMappings; } public string NormalizeRelativePath(string path, char pathSeparator, char altPathSeparator) { string relativePath = (path ?? string.Empty).Replace(altPathSeparator, pathSeparator); relativePath = relativePath.Trim(pathSeparator, ' '); if (relativePath.Contains(":") || relativePath.Contains("..")) { throw new Exception(StringUtil.Loc("SvnIncorrectRelativePath", relativePath)); } return relativePath; } // The cancellation token used to stop svn command execution private CancellationToken _cancellationToken; // The Subversion server endpoint providing URL, username/password, and untrasted certs acceptace information private ServiceEndpoint _endpoint; // The Subversion repository resource providing URL, referenced service endpoint information private RepositoryResource _repository; // The build commands' execution context private IExecutionContext _context; // The svn command line utility location private string _svn; // The svn user name from SVN repository connection endpoint private string _username; // The svn user password from SVN repository connection endpoint private string _password; // The acceptUntrustedCerts property from SVN repository connection endpoint private bool _acceptUntrusted; } //////////////////////////////////////////////////////////////////////////////// // svn info data objects //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "info", Namespace = "")] public sealed class SvnInfo { [XmlElement(ElementName = "entry", Namespace = "")] public SvnInfoEntry[] Entries { get; set; } } public sealed class SvnInfoEntry { [XmlAttribute(AttributeName = "kind", Namespace = "")] public string Kind { get; set; } [XmlAttribute(AttributeName = "path", Namespace = "")] public string Path { get; set; } [XmlAttribute(AttributeName = "revision", Namespace = "")] public string Revision { get; set; } [XmlElement(ElementName = "url", Namespace = "")] public string Url { get; set; } [XmlElement(ElementName = "relative-url", Namespace = "")] public string RelativeUrl { get; set; } [XmlElement(ElementName = "repository", Namespace = "")] public SvnInfoRepository[] Repository { get; set; } [XmlElement(ElementName = "wc-info", Namespace = "", IsNullable = true)] public SvnInfoWorkingCopy[] WorkingCopyInfo { get; set; } [XmlElement(ElementName = "commit", Namespace = "")] public SvnInfoCommit Commit { get; set; } } public sealed class SvnInfoRepository { [XmlElement(ElementName = "wcroot-abspath", Namespace = "")] public string AbsPath { get; set; } [XmlElement(ElementName = "schedule", Namespace = "")] public string Schedule { get; set; } [XmlElement(ElementName = "depth", Namespace = "")] public string Depth { get; set; } } public sealed class SvnInfoWorkingCopy { [XmlElement(ElementName = "root", Namespace = "")] public string Root { get; set; } [XmlElement(ElementName = "uuid", Namespace = "")] public Guid Uuid { get; set; } } public sealed class SvnInfoCommit { [XmlAttribute(AttributeName = "revision", Namespace = "")] public string Revision { get; set; } [XmlElement(ElementName = "author", Namespace = "")] public string Author { get; set; } [XmlElement(ElementName = "date", Namespace = "")] public string Date { get; set; } } } ================================================ FILE: src/Agent.Worker/Build/SvnSourceProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Newtonsoft.Json; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public sealed class SvnSourceProvider : SourceProvider, ISourceProvider { public override string RepositoryType => TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.Svn; public async Task GetSourceAsync( IExecutionContext executionContext, ServiceEndpoint endpoint, CancellationToken cancellationToken) { Trace.Entering(); // Validate args. ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(endpoint, nameof(endpoint)); ISvnCommandManager svn = HostContext.CreateService(); svn.Init(executionContext, endpoint, cancellationToken); // Determine the sources directory. string sourcesDirectory = GetEndpointData(endpoint, Constants.EndpointData.SourcesDirectory); executionContext.Debug($"sourcesDirectory={sourcesDirectory}"); ArgUtil.NotNullOrEmpty(sourcesDirectory, nameof(sourcesDirectory)); string sourceBranch = GetEndpointData(endpoint, Constants.EndpointData.SourceBranch); executionContext.Debug($"sourceBranch={sourceBranch}"); string revision = GetEndpointData(endpoint, Constants.EndpointData.SourceVersion); if (string.IsNullOrWhiteSpace(revision)) { revision = "HEAD"; } executionContext.Debug($"revision={revision}"); bool clean = endpoint.Data.ContainsKey(EndpointData.Clean) && StringUtil.ConvertToBoolean(endpoint.Data[EndpointData.Clean], defaultValue: false); executionContext.Debug($"clean={clean}"); // Get the definition mappings. executionContext.Debug(endpoint.Data[EndpointData.SvnWorkspaceMapping]); List allMappings = JsonConvert.DeserializeObject (endpoint.Data[EndpointData.SvnWorkspaceMapping]).Mappings; if (executionContext.Variables.System_Debug.HasValue && executionContext.Variables.System_Debug.Value) { allMappings.ForEach(m => executionContext.Debug($"ServerPath: {m.ServerPath}, LocalPath: {m.LocalPath}, Depth: {m.Depth}, Revision: {m.Revision}, IgnoreExternals: {m.IgnoreExternals}")); } Dictionary normalizedMappings = svn.NormalizeMappings(allMappings); if (executionContext.Variables.System_Debug.HasValue && executionContext.Variables.System_Debug.Value) { executionContext.Debug($"Normalized mappings count: {normalizedMappings.Count}"); normalizedMappings.ToList().ForEach(p => executionContext.Debug($" [{p.Key}] ServerPath: {p.Value.ServerPath}, LocalPath: {p.Value.LocalPath}, Depth: {p.Value.Depth}, Revision: {p.Value.Revision}, IgnoreExternals: {p.Value.IgnoreExternals}")); } string normalizedBranch = svn.NormalizeRelativePath(sourceBranch, '/', '\\'); executionContext.Output(StringUtil.Loc("SvnSyncingRepo", endpoint.Name)); string effectiveRevision = await svn.UpdateWorkspace( sourcesDirectory, normalizedMappings, clean, normalizedBranch, revision); executionContext.Output(StringUtil.Loc("SvnBranchCheckedOut", normalizedBranch, endpoint.Name, effectiveRevision)); Trace.Verbose("Leaving SvnSourceProvider.GetSourceAsync"); } public override string GetLocalPath(IExecutionContext executionContext, RepositoryResource repository, string path) { Trace.Verbose("Entering SvnSourceProvider.GetLocalPath"); ISvnCommandManager svn = HostContext.CreateService(); svn.Init(executionContext, repository, CancellationToken.None); // We assume that this is a server path first. string serverPath = svn.NormalizeRelativePath(path, '/', '\\').Trim(); string localPath; if (serverPath.StartsWith("^/")) { // Convert the server path to the relative one using SVN work copy mappings string sourcesDirectory = repository.Properties.Get(RepositoryPropertyNames.Path); localPath = svn.ResolveServerPath(serverPath, sourcesDirectory); } else { // normalize the path back to the local file system one. localPath = svn.NormalizeRelativePath(serverPath, Path.DirectorySeparatorChar, '/'); } Trace.Verbose("Leaving SvnSourceProvider.GetLocalPath"); return localPath; } public override void SetVariablesInEndpoint(IExecutionContext executionContext, ServiceEndpoint endpoint) { base.SetVariablesInEndpoint(executionContext, endpoint); endpoint.Data.Add(Constants.EndpointData.SourceBranch, executionContext.Variables.Build_SourceBranch); } public Task PostJobCleanupAsync(IExecutionContext executionContext, ServiceEndpoint endpoint) { return Task.CompletedTask; } } } ================================================ FILE: src/Agent.Worker/Build/TFCommandManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk.Util; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading.Tasks; using System.Xml.Serialization; using System.Text; using System.Xml; using System.Security.Cryptography.X509Certificates; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public sealed class TFCommandManager : TfsVCCommandManager, ITfsVCCommandManager { public override TfsVCFeatures Features { get { return TfsVCFeatures.DefaultWorkfoldMap | TfsVCFeatures.EscapedUrl | TfsVCFeatures.GetFromUnmappedRoot | TfsVCFeatures.LoginType | TfsVCFeatures.Scorch; } } // When output is redirected, TF.exe writes output using the current system code page // (i.e. CP_ACP or code page 0). E.g. code page 1252 on an en-US box. protected override Encoding OutputEncoding => StringUtil.GetSystemEncoding(); protected override string Switch => "/"; private string TfPath => VarUtil.GetTfDirectoryPath(ExecutionContext); public override string FilePath => Path.Combine(TfPath, "tf.exe"); private string AppConfigFile => Path.Combine(TfPath, "tf.exe.config"); private string AppConfigRestoreFile => Path.Combine(TfPath, "tf.exe.config.restore"); // TODO: Remove AddAsync after last-saved-checkin-metadata problem is fixed properly. public async Task AddAsync(string localPath) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "vc", "add", localPath); } public void CleanupProxySetting() { ArgUtil.File(AppConfigRestoreFile, "tf.exe.config.restore"); ExecutionContext.Debug("Restore default tf.exe.config."); IOUtil.DeleteFile(AppConfigFile); File.Copy(AppConfigRestoreFile, AppConfigFile); } public Task EulaAsync() { throw new NotSupportedException(); } public async Task GetAsync(string localPath) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunCommandAsync(FormatTags.OmitCollectionUrl, "vc", "get", $"/version:{SourceVersion}", "/recursive", "/overwrite", localPath); } public string ResolvePath(string serverPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); string localPath = RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "vc", "resolvePath", serverPath).GetAwaiter().GetResult(); return localPath?.Trim() ?? string.Empty; } // TODO: Fix scorch. Scorch blows up if a root mapping does not exist. // // No good workaround appears to exist. Attempting to resolve by workspace fails with // the same error. Switching to "*" instead of passing "SourcesDirectory" allows the // command to exit zero, but causes every source file to be deleted. // // The current approach taken is: allow the exception to bubble. The TfsVCSourceProvider // will catch the exception, log it as a warning, throw away the workspace, and re-clone. public async Task ScorchAsync() => await RunCommandAsync(FormatTags.OmitCollectionUrl, "vc", "scorch", SourcesDirectory, "/recursive", "/diff", "/unmapped"); public void SetupProxy(string proxyUrl, string proxyUsername, string proxyPassword) { ArgUtil.File(AppConfigFile, "tf.exe.config"); if (!File.Exists(AppConfigRestoreFile)) { Trace.Info("Take snapshot of current appconfig for restore modified appconfig."); File.Copy(AppConfigFile, AppConfigRestoreFile); } else { // cleanup any appconfig changes from previous build. CleanupProxySetting(); } if (!string.IsNullOrEmpty(proxyUrl)) { XmlDocument appConfig = new XmlDocument(); using (var appConfigStream = new FileStream(AppConfigFile, FileMode.Open, FileAccess.Read)) { appConfig.Load(appConfigStream); } var configuration = appConfig.SelectSingleNode("configuration"); ArgUtil.NotNull(configuration, "configuration"); var exist_defaultProxy = appConfig.SelectSingleNode("configuration/system.net/defaultProxy"); if (exist_defaultProxy == null) { var system_net = appConfig.SelectSingleNode("configuration/system.net"); if (system_net == null) { Trace.Verbose("Create system.net section in appconfg."); system_net = appConfig.CreateElement("system.net"); } Trace.Verbose("Create defaultProxy section in appconfg."); var defaultProxy = appConfig.CreateElement("defaultProxy"); defaultProxy.SetAttribute("useDefaultCredentials", "True"); Trace.Verbose("Create proxy section in appconfg."); var proxy = appConfig.CreateElement("proxy"); proxy.SetAttribute("proxyaddress", proxyUrl); defaultProxy.AppendChild(proxy); system_net.AppendChild(defaultProxy); configuration.AppendChild(system_net); using (var appConfigStream = new FileStream(AppConfigFile, FileMode.Open, FileAccess.ReadWrite)) { appConfig.Save(appConfigStream); } } else { //proxy setting exist. ExecutionContext.Debug("Proxy setting already exist in app.config file."); } // when tf.exe talk to any devfabric site, it will always bypass proxy. // for testing, we need set this variable to let tf.exe hit the proxy server on devfabric. if (Endpoint.Url.Host.Contains(".me.tfsallin.net") || Endpoint.Url.Host.Contains(".vsts.me")) { ExecutionContext.Debug("Set TFS_BYPASS_PROXY_ON_LOCAL on devfabric."); AdditionalEnvironmentVariables["TFS_BYPASS_PROXY_ON_LOCAL"] = "0"; } } } public void SetupClientCertificate(string clientCert, string clientCertKey, string clientCertArchive, string clientCertPassword) { ArgUtil.File(clientCert, nameof(clientCert)); // Pass null for password to maintain original behavior (certificate without password) X509Certificate2 cert = CertificateUtil.LoadCertificate(clientCert, password: null); ExecutionContext.Debug($"Set VstsClientCertificate={cert.Thumbprint} for Tf.exe to support client certificate."); AdditionalEnvironmentVariables["VstsClientCertificate"] = cert.Thumbprint; // Script Tf commands in tasks ExecutionContext.SetVariable("VstsClientCertificate", cert.Thumbprint, false, false); } public async Task ShelveAsync(string shelveset, string commentFile, bool move) { ArgUtil.NotNullOrEmpty(shelveset, nameof(shelveset)); ArgUtil.NotNullOrEmpty(commentFile, nameof(commentFile)); // TODO: Remove parameter "move" after last-saved-checkin-metadata problem is fixed properly. if (move) { await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "vc", "shelve", "/move", "/replace", "/recursive", $"/comment:@{commentFile}", shelveset, SourcesDirectory); return; } await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "vc", "shelve", "/saved", "/replace", "/recursive", $"/comment:@{commentFile}", shelveset, SourcesDirectory); } public async Task ShelvesetsAsync(string shelveset) { ArgUtil.NotNullOrEmpty(shelveset, nameof(shelveset)); string xml = await RunPorcelainCommandAsync("vc", "shelvesets", "/format:xml", shelveset); // Deserialize the XML. // The command returns a non-zero exit code if the shelveset is not found. // The assertions performed here should never fail. var serializer = new XmlSerializer(typeof(TFShelvesets)); ArgUtil.NotNullOrEmpty(xml, nameof(xml)); using (var reader = new StringReader(xml)) { var tfShelvesets = serializer.Deserialize(reader) as TFShelvesets; ArgUtil.NotNull(tfShelvesets, nameof(tfShelvesets)); ArgUtil.NotNull(tfShelvesets.Shelvesets, nameof(tfShelvesets.Shelvesets)); ArgUtil.Equal(1, tfShelvesets.Shelvesets.Length, nameof(tfShelvesets.Shelvesets.Length)); return tfShelvesets.Shelvesets[0]; } } public async Task StatusAsync(string localPath) { // It is expected that the caller only invokes this method against the sources root // directory. The "status" subcommand cannot correctly resolve the workspace from the // an unmapped root folder. For example, if a workspace contains only two mappings, // $/foo -> $(build.sourcesDirectory)\foo and $/bar -> $(build.sourcesDirectory)\bar, // then "tf status $(build.sourcesDirectory) /r" will not be able to resolve the workspace. // Therefore, the "localPath" parameter is not actually passed to the "status" subcommand - // the collection URL and workspace name are used instead. ArgUtil.Equal(SourcesDirectory, localPath, nameof(localPath)); string xml = await RunPorcelainCommandAsync("vc", "status", $"/workspace:{WorkspaceName}", "/recursive", "/nodetect", "/format:xml"); var serializer = new XmlSerializer(typeof(TFStatus)); using (var reader = new StringReader(xml ?? string.Empty)) { return serializer.Deserialize(reader) as TFStatus; } } public bool TestEulaAccepted() { throw new NotSupportedException(); } public async Task TryWorkspaceDeleteAsync(ITfsVCWorkspace workspace) { ArgUtil.NotNull(workspace, nameof(workspace)); try { await RunCommandAsync("vc", "workspace", "/delete", $"{workspace.Name};{workspace.Owner}"); return true; } catch (Exception ex) { ExecutionContext.Warning(ex.Message); return false; } } public async Task UndoAsync(string localPath) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunCommandAsync(FormatTags.OmitCollectionUrl, "vc", "undo", "/recursive", localPath); } public async Task UnshelveAsync(string shelveset) { ArgUtil.NotNullOrEmpty(shelveset, nameof(shelveset)); await RunCommandAsync(FormatTags.OmitCollectionUrl, "vc", "unshelve", shelveset); } public async Task WorkfoldCloakAsync(string serverPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); await RunCommandAsync("vc", "workfold", "/cloak", $"/workspace:{WorkspaceName}", serverPath); } public async Task WorkfoldMapAsync(string serverPath, string localPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunCommandAsync("vc", "workfold", "/map", $"/workspace:{WorkspaceName}", serverPath, localPath); } public async Task WorkfoldUnmapAsync(string serverPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); await RunCommandAsync("vc", "workfold", "/unmap", $"/workspace:{WorkspaceName}", serverPath); } public async Task WorkspaceDeleteAsync(ITfsVCWorkspace workspace) { ArgUtil.NotNull(workspace, nameof(workspace)); await RunCommandAsync("vc", "workspace", "/delete", $"{workspace.Name};{workspace.Owner}"); } public async Task WorkspaceNewAsync() { var useServerWorkspace = ExecutionContext.Variables.Build_UseServerWorkspaces ?? false; ExecutionContext.Debug($"useServerWorkspace is set to : '{useServerWorkspace}'"); if (useServerWorkspace) { await RunCommandAsync("vc", "workspace", "/new", "/location:server", "/permission:Public", WorkspaceName); } else { await RunCommandAsync("vc", "workspace", "/new", "/location:local", "/permission:Public", WorkspaceName); } } public async Task WorkspacesAsync(bool matchWorkspaceNameOnAnyComputer = false) { // Build the args. var args = new List(); args.Add("vc"); args.Add("workspaces"); if (matchWorkspaceNameOnAnyComputer) { args.Add(WorkspaceName); args.Add($"/computer:*"); } args.Add("/format:xml"); // Run the command. // Ignore STDERR from TF.exe, tf.exe use STDERR to report warning. string xml = await RunPorcelainCommandAsync(true, args.ToArray()) ?? string.Empty; // Deserialize the XML. var serializer = new XmlSerializer(typeof(TFWorkspaces)); using (var reader = new StringReader(xml)) { return (serializer.Deserialize(reader) as TFWorkspaces) ?.Workspaces ?.Cast() .ToArray(); } } public async Task WorkspacesRemoveAsync(ITfsVCWorkspace workspace) { ArgUtil.NotNull(workspace, nameof(workspace)); await RunCommandAsync("vc", "workspace", $"/remove:{workspace.Name};{workspace.Owner}"); } } //////////////////////////////////////////////////////////////////////////////// // tf shelvesets data objects //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "Shelvesets", Namespace = "")] public sealed class TFShelvesets { [XmlElement(ElementName = "Shelveset", Namespace = "")] public TFShelveset[] Shelvesets { get; set; } } public sealed class TFShelveset : ITfsVCShelveset { // Attributes. [XmlAttribute(AttributeName = "date", Namespace = "")] public string Date { get; set; } [XmlAttribute(AttributeName = "name", Namespace = "")] public string Name { get; set; } [XmlAttribute(AttributeName = "owner", Namespace = "")] public string Owner { get; set; } // Elements. [XmlElement(ElementName = "Comment", Namespace = "")] public string Comment { get; set; } } //////////////////////////////////////////////////////////////////////////////// // tf status data objects. //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "Status", Namespace = "")] public sealed class TFStatus : ITfsVCStatus { // Elements. [XmlElement(ElementName = "PendingSet", Namespace = "")] public TFPendingSet[] PendingSets { get; set; } // Interface-only properties. [XmlIgnore] public IEnumerable AllAdds { get { return PendingSets ?.SelectMany(x => x.PendingChanges ?? new TFPendingChange[0]) .Where(x => (x.ChangeType ?? string.Empty).Split(' ').Any(y => string.Equals(y, "Add", StringComparison.OrdinalIgnoreCase))); } } [XmlIgnore] public bool HasPendingChanges => PendingSets?.Any(x => x.PendingChanges?.Any() ?? false) ?? false; } public sealed class TFPendingSet { // Attributes. [XmlAttribute(AttributeName = "computer", Namespace = "")] public string Computer { get; set; } [XmlAttribute(AttributeName = "name", Namespace = "")] public string Name { get; set; } [XmlAttribute(AttributeName = "owner", Namespace = "")] public string Owner { get; set; } [XmlAttribute(AttributeName = "ownerdisp", Namespace = "")] public string OwnerDisplayName { get; set; } [XmlAttribute(AttributeName = "ownership", Namespace = "")] public string Ownership { get; set; } // Elements. [XmlArray(ElementName = "PendingChanges", Namespace = "")] [XmlArrayItem(ElementName = "PendingChange", Namespace = "")] public TFPendingChange[] PendingChanges { get; set; } } public sealed class TFPendingChange : ITfsVCPendingChange { // Attributes. [XmlAttribute(AttributeName = "chg", Namespace = "")] public string ChangeType { get; set; } [XmlAttribute(AttributeName = "date", Namespace = "")] public string Date { get; set; } [XmlAttribute(AttributeName = "enc", Namespace = "")] public string Encoding { get; set; } [XmlAttribute(AttributeName = "hash", Namespace = "")] public string Hash { get; set; } [XmlAttribute(AttributeName = "item", Namespace = "")] public string Item { get; set; } [XmlAttribute(AttributeName = "itemid", Namespace = "")] public string ItemId { get; set; } [XmlAttribute(AttributeName = "local", Namespace = "")] public string LocalItem { get; set; } [XmlAttribute(AttributeName = "pcid", Namespace = "")] public string PCId { get; set; } [XmlAttribute(AttributeName = "psn", Namespace = "")] public string Psn { get; set; } [XmlAttribute(AttributeName = "pso", Namespace = "")] public string Pso { get; set; } [XmlAttribute(AttributeName = "psod", Namespace = "")] public string Psod { get; set; } [XmlAttribute(AttributeName = "srcitem", Namespace = "")] public string SourceItem { get; set; } [XmlAttribute(AttributeName = "svrfm", Namespace = "")] public string Svrfm { get; set; } [XmlAttribute(AttributeName = "type", Namespace = "")] public string Type { get; set; } [XmlAttribute(AttributeName = "uhash", Namespace = "")] public string UHash { get; set; } [XmlAttribute(AttributeName = "ver", Namespace = "")] public string Version { get; set; } } //////////////////////////////////////////////////////////////////////////////// // tf workspaces data objects. //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "Workspaces", Namespace = "")] public sealed class TFWorkspaces { [XmlElement(ElementName = "Workspace", Namespace = "")] public TFWorkspace[] Workspaces { get; set; } } public sealed class TFWorkspace : ITfsVCWorkspace { // Attributes. [XmlAttribute(AttributeName = "computer", Namespace = "")] public string Computer { get; set; } [XmlAttribute(AttributeName = "islocal", Namespace = "")] public string IsLocal { get; set; } [XmlAttribute(AttributeName = "name", Namespace = "")] public string Name { get; set; } [XmlAttribute(AttributeName = "owner", Namespace = "")] public string Owner { get; set; } [XmlAttribute(AttributeName = "ownerdisp", Namespace = "")] public string OwnerDisplayName { get; set; } [XmlAttribute(AttributeName = "ownerid", Namespace = "")] public string OwnerId { get; set; } [XmlAttribute(AttributeName = "ownertype", Namespace = "")] public string OwnerType { get; set; } [XmlAttribute(AttributeName = "owneruniq", Namespace = "")] public string OwnerUnique { get; set; } // Elements. [XmlArray(ElementName = "Folders", Namespace = "")] [XmlArrayItem(ElementName = "WorkingFolder", Namespace = "")] public TFMapping[] TFMappings { get; set; } // Interface-only properties. [XmlIgnore] public ITfsVCMapping[] Mappings => TFMappings?.Cast().ToArray(); } public sealed class TFMapping : ITfsVCMapping { [XmlIgnore] public bool Cloak => string.Equals(Type, "Cloak", StringComparison.OrdinalIgnoreCase); [XmlAttribute(AttributeName = "depth", Namespace = "")] public string Depth { get; set; } [XmlAttribute(AttributeName = "local", Namespace = "")] public string LocalPath { get; set; } [XmlIgnore] public bool Recursive => !string.Equals(Depth, "1", StringComparison.OrdinalIgnoreCase); [XmlAttribute(AttributeName = "item", Namespace = "")] public string ServerPath { get; set; } [XmlAttribute(AttributeName = "type", Namespace = "")] public string Type { get; set; } } } ================================================ FILE: src/Agent.Worker/Build/TeeCommandManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text; using System.Threading; using System.Threading.Tasks; using System.Xml.Serialization; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public sealed class TeeCommandManager : TfsVCCommandManager, ITfsVCCommandManager { public override TfsVCFeatures Features => TfsVCFeatures.Eula; protected override string Switch => "-"; public override string FilePath => Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Externals), Constants.Path.TeeDirectory, "tf"); // TODO: Remove AddAsync after last-saved-checkin-metadata problem is fixed properly. public async Task AddAsync(string localPath) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "add", localPath); } public void CleanupProxySetting() { // no-op for TEE. } public async Task EulaAsync() { await RunCommandAsync(FormatTags.All, "eula", "-accept"); } public async Task GetAsync(string localPath) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunCommandAsync(FormatTags.OmitCollectionUrl, "get", $"-version:{SourceVersion}", "-recursive", "-overwrite", localPath); } public string ResolvePath(string serverPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); string localPath = RunPorcelainCommandAsync(true, "resolvePath", $"-workspace:{WorkspaceName}", serverPath).GetAwaiter().GetResult(); localPath = localPath?.Trim(); // Paths outside of the root mapping return empty. // Paths within a cloaked directory return "null". if (string.IsNullOrEmpty(localPath) || string.Equals(localPath, "null", StringComparison.OrdinalIgnoreCase)) { return string.Empty; } return localPath; } public Task ScorchAsync() { throw new NotSupportedException(); } public void SetupProxy(string proxyUrl, string proxyUsername, string proxyPassword) { if (!string.IsNullOrEmpty(proxyUrl)) { Uri proxy = UrlUtil.GetCredentialEmbeddedUrl(new Uri(proxyUrl), proxyUsername, proxyPassword); AdditionalEnvironmentVariables["http_proxy"] = proxy.AbsoluteUri; } } public void SetupClientCertificate(string clientCert, string clientCertKey, string clientCertArchive, string clientCertPassword) { ExecutionContext.Debug("Convert client certificate from 'pkcs' format to 'jks' format."); string toolPath = WhichUtil.Which("keytool", true, Trace); string jksFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Temp), $"{Guid.NewGuid()}.jks"); string argLine; if (!string.IsNullOrEmpty(clientCertPassword)) { argLine = $"-importkeystore -srckeystore \"{clientCertArchive}\" -srcstoretype pkcs12 -destkeystore \"{jksFile}\" -deststoretype JKS -srcstorepass \"{clientCertPassword}\" -deststorepass \"{clientCertPassword}\""; } else { argLine = $"-importkeystore -srckeystore \"{clientCertArchive}\" -srcstoretype pkcs12 -destkeystore \"{jksFile}\" -deststoretype JKS"; } ExecutionContext.Command($"{toolPath} {argLine}"); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { if (!string.IsNullOrEmpty(args.Data)) { ExecutionContext.Output(args.Data); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { if (!string.IsNullOrEmpty(args.Data)) { ExecutionContext.Output(args.Data); } }; processInvoker.ExecuteAsync(ExecutionContext.Variables.Get(Constants.Variables.System.DefaultWorkingDirectory), toolPath, argLine, null, true, CancellationToken.None).GetAwaiter().GetResult(); if (!string.IsNullOrEmpty(clientCertPassword)) { ExecutionContext.Debug($"Set TF_ADDITIONAL_JAVA_ARGS=-Djavax.net.ssl.keyStore={jksFile} -Djavax.net.ssl.keyStorePassword={clientCertPassword}"); AdditionalEnvironmentVariables["TF_ADDITIONAL_JAVA_ARGS"] = $"-Djavax.net.ssl.keyStore={jksFile} -Djavax.net.ssl.keyStorePassword={clientCertPassword}"; } else { ExecutionContext.Debug($"Set TF_ADDITIONAL_JAVA_ARGS=-Djavax.net.ssl.keyStore={jksFile}"); AdditionalEnvironmentVariables["TF_ADDITIONAL_JAVA_ARGS"] = $"-Djavax.net.ssl.keyStore={jksFile}"; } } public async Task ShelveAsync(string shelveset, string commentFile, bool move) { ArgUtil.NotNullOrEmpty(shelveset, nameof(shelveset)); ArgUtil.NotNullOrEmpty(commentFile, nameof(commentFile)); // TODO: Remove parameter move after last-saved-checkin-metadata problem is fixed properly. if (move) { await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "shelve", $"-workspace:{WorkspaceName}", "-move", "-replace", "-recursive", $"-comment:@{commentFile}", shelveset); return; } await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "shelve", $"-workspace:{WorkspaceName}", "-saved", "-replace", "-recursive", $"-comment:@{commentFile}", shelveset); } public async Task ShelvesetsAsync(string shelveset) { ArgUtil.NotNullOrEmpty(shelveset, nameof(shelveset)); string output = await RunPorcelainCommandAsync("shelvesets", "-format:xml", $"-workspace:{WorkspaceName}", shelveset); string xml = ExtractXml(output); // Deserialize the XML. // The command returns a non-zero exit code if the shelveset is not found. // The assertions performed here should never fail. var serializer = new XmlSerializer(typeof(TeeShelvesets)); ArgUtil.NotNullOrEmpty(xml, nameof(xml)); using (var reader = new StringReader(xml)) { var teeShelvesets = serializer.Deserialize(reader) as TeeShelvesets; ArgUtil.NotNull(teeShelvesets, nameof(teeShelvesets)); ArgUtil.NotNull(teeShelvesets.Shelvesets, nameof(teeShelvesets.Shelvesets)); ArgUtil.Equal(1, teeShelvesets.Shelvesets.Length, nameof(teeShelvesets.Shelvesets.Length)); return teeShelvesets.Shelvesets[0]; } } public async Task StatusAsync(string localPath) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); string output = await RunPorcelainCommandAsync(FormatTags.OmitCollectionUrl, "status", "-recursive", "-nodetect", "-format:xml", localPath); string xml = ExtractXml(output); var serializer = new XmlSerializer(typeof(TeeStatus)); using (var reader = new StringReader(xml ?? string.Empty)) { return serializer.Deserialize(reader) as TeeStatus; } } public bool TestEulaAccepted() { Trace.Entering(); // Resolve the path to the XML file containing the EULA-accepted flag. string homeDirectory = Environment.GetEnvironmentVariable("HOME"); if (!string.IsNullOrEmpty(homeDirectory) && Directory.Exists(homeDirectory)) { string tfDataDirectory = (PlatformUtil.RunningOnMacOS) ? Path.Combine("Library", "Application Support", "Microsoft") : ".microsoft"; string xmlFile = Path.Combine( homeDirectory, tfDataDirectory, "Team Foundation", "4.0", "Configuration", "TEE-Mementos", "com.microsoft.tfs.client.productid.xml"); if (File.Exists(xmlFile)) { // Load and deserialize the XML. string xml = File.ReadAllText(xmlFile, Encoding.UTF8); XmlSerializer serializer = new XmlSerializer(typeof(ProductIdData)); using (var reader = new StringReader(xml ?? string.Empty)) { var data = serializer.Deserialize(reader) as ProductIdData; return string.Equals(data?.Eula?.Value ?? string.Empty, "true", StringComparison.OrdinalIgnoreCase); } } } return false; } public async Task TryWorkspaceDeleteAsync(ITfsVCWorkspace workspace) { ArgUtil.NotNull(workspace, nameof(workspace)); try { await RunCommandAsync("workspace", "-delete", $"{workspace.Name};{workspace.Owner}"); return true; } catch (Exception ex) { ExecutionContext.Warning(ex.Message); return false; } } public async Task UndoAsync(string localPath) { ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunCommandAsync(FormatTags.OmitCollectionUrl, "undo", "-recursive", localPath); } public async Task UnshelveAsync(string shelveset) { ArgUtil.NotNullOrEmpty(shelveset, nameof(shelveset)); await RunCommandAsync("unshelve", "-format:detailed", $"-workspace:{WorkspaceName}", shelveset); } public async Task WorkfoldCloakAsync(string serverPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); await RunCommandAsync("workfold", "-cloak", $"-workspace:{WorkspaceName}", serverPath); } public async Task WorkfoldMapAsync(string serverPath, string localPath) { ArgUtil.NotNullOrEmpty(serverPath, nameof(serverPath)); ArgUtil.NotNullOrEmpty(localPath, nameof(localPath)); await RunCommandAsync("workfold", "-map", $"-workspace:{WorkspaceName}", serverPath, localPath); } public Task WorkfoldUnmapAsync(string serverPath) { throw new NotSupportedException(); } public async Task WorkspaceDeleteAsync(ITfsVCWorkspace workspace) { ArgUtil.NotNull(workspace, nameof(workspace)); await RunCommandAsync("workspace", "-delete", $"{workspace.Name};{workspace.Owner}"); } public async Task WorkspaceNewAsync() { await RunCommandAsync("workspace", "-new", "-location:local", "-permission:Public", WorkspaceName); } public async Task WorkspacesAsync(bool matchWorkspaceNameOnAnyComputer = false) { // Build the args. var args = new List(); args.Add("workspaces"); if (matchWorkspaceNameOnAnyComputer) { args.Add(WorkspaceName); args.Add($"-computer:*"); } args.Add("-format:xml"); // Run the command. TfsVCPorcelainCommandResult result = await TryRunPorcelainCommandAsync(FormatTags.None, false, args.ToArray()); ArgUtil.NotNull(result, nameof(result)); if (result.Exception != null) { // Check if the workspace name was specified and the command returned exit code 1. if (matchWorkspaceNameOnAnyComputer && result.Exception.ExitCode == 1) { // Ignore the error. This condition can indicate the workspace was not found. return new ITfsVCWorkspace[0]; } // Dump the output and throw. result.Output?.ForEach(x => ExecutionContext.Output(x ?? string.Empty)); throw result.Exception; } // Note, string.join gracefully handles a null element within the IEnumerable. string output = string.Join(Environment.NewLine, result.Output ?? new List()) ?? string.Empty; string xml = ExtractXml(output); // Deserialize the XML. var serializer = new XmlSerializer(typeof(TeeWorkspaces)); using (var reader = new StringReader(xml)) { return (serializer.Deserialize(reader) as TeeWorkspaces) ?.Workspaces ?.Cast() .ToArray(); } } public async Task WorkspacesRemoveAsync(ITfsVCWorkspace workspace) { ArgUtil.NotNull(workspace, nameof(workspace)); await RunCommandAsync("workspace", $"-remove:{workspace.Name};{workspace.Owner}"); } private static string ExtractXml(string output) { // tf commands that output XML, may contain information messages preceeding the XML content. // // For example, the workspaces subcommand returns a non-XML message preceeding the XML when there are no workspaces. // // Also for example, when JAVA_TOOL_OPTIONS is set, a message like "Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8" // may preceed the XML content. output = output ?? string.Empty; int xmlIndex = output.IndexOf(" 0) { return output.Substring(xmlIndex); } return output; } //////////////////////////////////////////////////////////////////////////////// // Product ID data objects (required for testing whether the EULA has been accepted). //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "ProductIdData", Namespace = "")] public sealed class ProductIdData { [XmlElement(ElementName = "eula-14.0", Namespace = "")] public Eula Eula { get; set; } } public sealed class Eula { [XmlAttribute(AttributeName = "value", Namespace = "")] public string Value { get; set; } } } //////////////////////////////////////////////////////////////////////////////// // tf shelvesets data objects //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "shelvesets", Namespace = "")] public sealed class TeeShelvesets { [XmlElement(ElementName = "shelveset", Namespace = "")] public TeeShelveset[] Shelvesets { get; set; } } public sealed class TeeShelveset : ITfsVCShelveset { [XmlAttribute(AttributeName = "date", Namespace = "")] public string Date { get; set; } [XmlAttribute(AttributeName = "name", Namespace = "")] public string Name { get; set; } [XmlAttribute(AttributeName = "owner", Namespace = "")] public string Owner { get; set; } [XmlElement(ElementName = "comment", Namespace = "")] public string Comment { get; set; } } //////////////////////////////////////////////////////////////////////////////// // tf status data objects. //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "status", Namespace = "")] public sealed class TeeStatus : ITfsVCStatus { // Elements. [XmlArray(ElementName = "candidate-pending-changes", Namespace = "")] [XmlArrayItem(ElementName = "pending-change", Namespace = "")] public TeePendingChange[] CandidatePendingChanges { get; set; } [XmlArray(ElementName = "pending-changes", Namespace = "")] [XmlArrayItem(ElementName = "pending-change", Namespace = "")] public TeePendingChange[] PendingChanges { get; set; } // Interface-only properties. [XmlIgnore] public IEnumerable AllAdds { get { return PendingChanges?.Where(x => string.Equals(x.ChangeType, "add", StringComparison.OrdinalIgnoreCase)); } } [XmlIgnore] public bool HasPendingChanges => PendingChanges?.Any() ?? false; } public sealed class TeePendingChange : ITfsVCPendingChange { [XmlAttribute(AttributeName = "change-type", Namespace = "")] public string ChangeType { get; set; } [XmlAttribute(AttributeName = "computer", Namespace = "")] public string Computer { get; set; } [XmlAttribute(AttributeName = "date", Namespace = "")] public string Date { get; set; } [XmlAttribute(AttributeName = "file-type", Namespace = "")] public string FileType { get; set; } [XmlAttribute(AttributeName = "local-item", Namespace = "")] public string LocalItem { get; set; } [XmlAttribute(AttributeName = "lock", Namespace = "")] public string Lock { get; set; } [XmlAttribute(AttributeName = "owner", Namespace = "")] public string Owner { get; set; } [XmlAttribute(AttributeName = "server-item", Namespace = "")] public string ServerItem { get; set; } [XmlAttribute(AttributeName = "version", Namespace = "")] public string Version { get; set; } [XmlAttribute(AttributeName = "workspace", Namespace = "")] public string Workspace { get; set; } } //////////////////////////////////////////////////////////////////////////////// // tf workspaces data objects. //////////////////////////////////////////////////////////////////////////////// [XmlRoot(ElementName = "workspaces", Namespace = "")] public sealed class TeeWorkspaces { [XmlElement(ElementName = "workspace", Namespace = "")] public TeeWorkspace[] Workspaces { get; set; } } public sealed class TeeWorkspace : ITfsVCWorkspace { // Attributes. [XmlAttribute(AttributeName = "server", Namespace = "")] public string CollectionUrl { get; set; } [XmlAttribute(AttributeName = "comment", Namespace = "")] public string Comment { get; set; } [XmlAttribute(AttributeName = "computer", Namespace = "")] public string Computer { get; set; } [XmlAttribute(AttributeName = "name", Namespace = "")] public string Name { get; set; } [XmlAttribute(AttributeName = "owner", Namespace = "")] public string Owner { get; set; } // Elements. [XmlElement(ElementName = "working-folder", Namespace = "")] public TeeMapping[] TeeMappings { get; set; } // Interface-only properties. [XmlIgnore] public ITfsVCMapping[] Mappings => TeeMappings?.Cast().ToArray(); } public sealed class TeeMapping : ITfsVCMapping { [XmlIgnore] public bool Cloak => string.Equals(MappingType, "cloak", StringComparison.OrdinalIgnoreCase); [XmlAttribute(AttributeName = "depth", Namespace = "")] public string Depth { get; set; } [XmlAttribute(AttributeName = "local-item", Namespace = "")] public string LocalPath { get; set; } [XmlAttribute(AttributeName = "type", Namespace = "")] public string MappingType { get; set; } [XmlIgnore] public bool Recursive => string.Equals(Depth, "full", StringComparison.OrdinalIgnoreCase); [XmlAttribute(AttributeName = "server-item")] public string ServerPath { get; set; } } } ================================================ FILE: src/Agent.Worker/Build/TfsVCCommandManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using System.Text; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using System.IO; using Agent.Sdk.Knob; using System.Linq; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { [ServiceLocator( PreferredOnWindows = typeof(TFCommandManager), Default = typeof(TeeCommandManager) )] public interface ITfsVCCommandManager : IAgentService { CancellationToken CancellationToken { set; } ServiceEndpoint Endpoint { set; } RepositoryResource Repository { set; } IExecutionContext ExecutionContext { set; } TfsVCFeatures Features { get; } string FilePath { get; } // TODO: Remove AddAsync after last-saved-checkin-metadata problem is fixed properly. Task AddAsync(string localPath); Task EulaAsync(); Task GetAsync(string localPath); string ResolvePath(string serverPath); Task ScorchAsync(); void SetupProxy(string proxyUrl, string proxyUsername, string proxyPassword); void CleanupProxySetting(); void SetupClientCertificate(string clientCert, string clientCertKey, string clientCertArchive, string clientCertPassword); // TODO: Remove parameter move after last-saved-checkin-metadata problem is fixed properly. Task ShelveAsync(string shelveset, string commentFile, bool move); Task ShelvesetsAsync(string shelveset); Task StatusAsync(string localPath); bool TestEulaAccepted(); Task TryWorkspaceDeleteAsync(ITfsVCWorkspace workspace); Task UndoAsync(string localPath); Task UnshelveAsync(string shelveset); Task WorkfoldCloakAsync(string serverPath); Task WorkfoldMapAsync(string serverPath, string localPath); Task WorkfoldUnmapAsync(string serverPath); Task WorkspaceDeleteAsync(ITfsVCWorkspace workspace); Task WorkspaceNewAsync(); Task WorkspacesAsync(bool matchWorkspaceNameOnAnyComputer = false); Task WorkspacesRemoveAsync(ITfsVCWorkspace workspace); } public abstract class TfsVCCommandManager : AgentService { public readonly Dictionary AdditionalEnvironmentVariables = new Dictionary(); public CancellationToken CancellationToken { protected get; set; } public ServiceEndpoint Endpoint { protected get; set; } public RepositoryResource Repository { protected get; set; } public IExecutionContext ExecutionContext { protected get; set; } public abstract TfsVCFeatures Features { get; } public abstract string FilePath { get; } protected virtual Encoding OutputEncoding => null; protected string SourceVersion { get { string version = Repository?.Version ?? GetEndpointData(Endpoint, Constants.EndpointData.SourceVersion); ArgUtil.NotNullOrEmpty(version, nameof(version)); return version; } } protected string SourcesDirectory { get { string sourcesDirectory = Repository?.Properties?.Get(RepositoryPropertyNames.Path) ?? GetEndpointData(Endpoint, Constants.EndpointData.SourcesDirectory); ArgUtil.NotNullOrEmpty(sourcesDirectory, nameof(sourcesDirectory)); return sourcesDirectory; } } protected abstract string Switch { get; } protected string WorkspaceName { get { string workspace = ExecutionContext.Variables.Build_RepoTfvcWorkspace; ArgUtil.NotNullOrEmpty(workspace, nameof(workspace)); return workspace; } } protected Task RunCommandAsync(params string[] args) { return RunCommandAsync(FormatTags.None, args); } protected async Task RunCommandAsync(FormatTags formatFlags, params string[] args) { // Validation. ArgUtil.NotNull(args, nameof(args)); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); // Invoke tf. using (var processInvoker = HostContext.CreateService()) { var outputLock = new object(); processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { ExecutionContext.Output(e.Data); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { ExecutionContext.Output(e.Data); } }; string arguments = FormatArguments(formatFlags, args); bool useSecureParameterPassing = AgentKnobs.TfVCUseSecureParameterPassing.GetValue(ExecutionContext).AsBoolean(); string temporaryFileWithCommand = ""; if (useSecureParameterPassing) { temporaryFileWithCommand = WriteCommandToFile(arguments); arguments = $"@{temporaryFileWithCommand}"; ExecutionContext.Debug($"{AgentKnobs.TfVCUseSecureParameterPassing.Name} is enabled, passing command via file"); } ExecutionContext.Command($@"tf {arguments}"); await processInvoker.ExecuteAsync( workingDirectory: SourcesDirectory, fileName: FilePath, arguments: arguments, environment: AdditionalEnvironmentVariables, requireExitCodeZero: true, outputEncoding: OutputEncoding, cancellationToken: CancellationToken); if (useSecureParameterPassing) { try { await IOUtil.DeleteFileWithRetry(Path.Combine(this.SourcesDirectory, temporaryFileWithCommand), CancellationToken); } catch (Exception ex) { Trace.Warning($"Unable to delete command via file, ex:{ex.GetType()}"); throw; } } } } protected Task RunPorcelainCommandAsync(params string[] args) { return RunPorcelainCommandAsync(FormatTags.None, args); } protected Task RunPorcelainCommandAsync(bool ignoreStderr, params string[] args) { return RunPorcelainCommandAsync(FormatTags.None, ignoreStderr, args); } protected Task RunPorcelainCommandAsync(FormatTags formatFlags, params string[] args) { return RunPorcelainCommandAsync(formatFlags, false, args); } protected async Task RunPorcelainCommandAsync(FormatTags formatFlags, bool ignoreStderr, params string[] args) { // Run the command. TfsVCPorcelainCommandResult result = await TryRunPorcelainCommandAsync(formatFlags, ignoreStderr, args); ArgUtil.NotNull(result, nameof(result)); if (result.Exception != null) { // The command failed. Dump the output and throw. result.Output?.ForEach(x => ExecutionContext.Output(x ?? string.Empty)); throw result.Exception; } // Return the output. // Note, string.join gracefully handles a null element within the IEnumerable. return string.Join(Environment.NewLine, result.Output ?? new List()); } private string WriteCommandToFile(string command) { Guid guid = Guid.NewGuid(); string temporaryName = $"tfs_cmd_{guid}.txt"; using StreamWriter sw = new StreamWriter(Path.Combine(this.SourcesDirectory, temporaryName)); sw.WriteLine(command); return temporaryName; } protected async Task TryRunPorcelainCommandAsync(FormatTags formatFlags, bool ignoreStderr, params string[] args) { // Validation. ArgUtil.NotNull(args, nameof(args)); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); // Invoke tf. using (var processInvoker = HostContext.CreateService()) { var result = new TfsVCPorcelainCommandResult(); var outputLock = new object(); processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { ExecutionContext.Debug(e.Data); result.Output.Add(e.Data); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { lock (outputLock) { if (ignoreStderr) { ExecutionContext.Output(e.Data); } else { ExecutionContext.Debug(e.Data); result.Output.Add(e.Data); } } }; string formattedArguments = FormatArguments(formatFlags, args); string arguments = ""; string cmdFileName = ""; bool useSecretParameterPassing = AgentKnobs.TfVCUseSecureParameterPassing.GetValue(ExecutionContext).AsBoolean(); ExecutionContext.Debug($@"tf {arguments}"); if (useSecretParameterPassing) { cmdFileName = WriteCommandToFile(formattedArguments); arguments = $"@{cmdFileName}"; } else { arguments = formattedArguments; } // TODO: Test whether the output encoding needs to be specified on a non-Latin OS. try { await processInvoker.ExecuteAsync( workingDirectory: SourcesDirectory, fileName: FilePath, arguments: arguments, environment: AdditionalEnvironmentVariables, requireExitCodeZero: true, outputEncoding: OutputEncoding, cancellationToken: CancellationToken); } catch (ProcessExitCodeException ex) { result.Exception = ex; } if (useSecretParameterPassing) { CleanupTfsVCOutput(ref result, formattedArguments); try { await IOUtil.DeleteFileWithRetry(Path.Combine(this.SourcesDirectory, cmdFileName), CancellationToken); } catch (Exception ex) { ExecutionContext.Output($"Unable to delete command via file, ex:{ex.GetType()}"); throw; } } return result; } } private void CleanupTfsVCOutput(ref TfsVCPorcelainCommandResult command, string executedCommand) { // tf.exe removes double quotes from the output, we also replace it in the input command to correctly find the extra output List stringsToRemove = command .Output .Where(item => item.Contains(executedCommand.Replace("\"", ""))) .ToList(); command.Output.RemoveAll(item => stringsToRemove.Contains(item)); } private string FormatArguments(FormatTags formatFlags, params string[] args) { // Validation. ArgUtil.NotNull(args, nameof(args)); ArgUtil.NotNull(Endpoint, nameof(Endpoint)); ArgUtil.NotNull(Endpoint.Authorization, nameof(Endpoint.Authorization)); ArgUtil.NotNull(Endpoint.Authorization.Parameters, nameof(Endpoint.Authorization.Parameters)); ArgUtil.Equal(EndpointAuthorizationSchemes.OAuth, Endpoint.Authorization.Scheme, nameof(Endpoint.Authorization.Scheme)); string accessToken = Endpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.AccessToken, out accessToken) ? accessToken : null; ArgUtil.NotNullOrEmpty(accessToken, EndpointAuthorizationParameters.AccessToken); ArgUtil.NotNull(Repository?.Url ?? Endpoint.Url, nameof(Endpoint.Url)); // Format each arg. var formattedArgs = new List(); foreach (string arg in args ?? new string[0]) { // Validate the arg. if (!string.IsNullOrEmpty(arg) && arg.IndexOfAny(new char[] { '"', '\r', '\n' }) >= 0) { throw new Exception(StringUtil.Loc("InvalidCommandArg", arg)); } // Add the arg. formattedArgs.Add(arg != null && arg.Contains(" ") ? $@"""{arg}""" : $"{arg}"); } // Add the common parameters. if (!formatFlags.HasFlag(FormatTags.OmitCollectionUrl)) { if (Features.HasFlag(TfsVCFeatures.EscapedUrl)) { formattedArgs.Add($"{Switch}collection:{Repository?.Url?.AbsoluteUri ?? Endpoint.Url.AbsoluteUri}"); } else { // TEE CLC expects the URL in unescaped form. string url; try { url = Uri.UnescapeDataString(Repository?.Url?.AbsoluteUri ?? Endpoint.Url.AbsoluteUri); } catch (Exception ex) { // Unlikely (impossible?), but don't fail if encountered. If we don't hear complaints // about this warning then it is likely OK to remove the try/catch altogether and have // faith that UnescapeDataString won't throw for this scenario. url = Repository?.Url?.AbsoluteUri ?? Endpoint.Url.AbsoluteUri; ExecutionContext.Warning($"{ex.Message} ({url})"); } formattedArgs.Add($"\"{Switch}collection:{url}\""); } } if (!formatFlags.HasFlag(FormatTags.OmitLogin)) { if (Features.HasFlag(TfsVCFeatures.LoginType)) { formattedArgs.Add($"{Switch}loginType:OAuth"); formattedArgs.Add($"{Switch}login:.,{accessToken}"); } else { formattedArgs.Add($"{Switch}jwt:{accessToken}"); } } if (!formatFlags.HasFlag(FormatTags.OmitNoPrompt)) { formattedArgs.Add($"{Switch}noprompt"); } return string.Join(" ", formattedArgs); } private string GetEndpointData(ServiceEndpoint endpoint, string name) { string value; if (endpoint.Data.TryGetValue(name, out value)) { Trace.Info($"Get '{name}': '{value}'"); return value; } Trace.Info($"Get '{name}' (not found)"); return null; } [Flags] protected enum FormatTags { None = 0, OmitCollectionUrl = 1, OmitLogin = 2, OmitNoPrompt = 4, All = OmitCollectionUrl | OmitLogin | OmitNoPrompt, } } [Flags] public enum TfsVCFeatures { None = 0, // Indicates whether "workspace /new" adds a default mapping. DefaultWorkfoldMap = 1, // Indicates whether the CLI accepts the collection URL in escaped form. EscapedUrl = 2, // Indicates whether the "eula" subcommand is supported. Eula = 4, // Indicates whether the "get" and "undo" subcommands will correctly resolve // the workspace from an unmapped root folder. For example, if a workspace // contains only two mappings, $/foo -> $(build.sourcesDirectory)\foo and // $/bar -> $(build.sourcesDirectory)\bar, then "tf get $(build.sourcesDirectory)" // will not be able to resolve the workspace unless this feature is supported. GetFromUnmappedRoot = 8, // Indicates whether the "loginType" parameter is supported. LoginType = 16, // Indicates whether the "scorch" subcommand is supported. Scorch = 32, } public sealed class TfsVCPorcelainCommandResult { public TfsVCPorcelainCommandResult() { Output = new List(); } public ProcessExitCodeException Exception { get; set; } public List Output { get; } } //////////////////////////////////////////////////////////////////////////////// // tf shelvesets interfaces. //////////////////////////////////////////////////////////////////////////////// public interface ITfsVCShelveset { string Comment { get; } } //////////////////////////////////////////////////////////////////////////////// // tf status interfaces. //////////////////////////////////////////////////////////////////////////////// public interface ITfsVCStatus { IEnumerable AllAdds { get; } bool HasPendingChanges { get; } } public interface ITfsVCPendingChange { string LocalItem { get; } } //////////////////////////////////////////////////////////////////////////////// // tf workspaces interfaces. //////////////////////////////////////////////////////////////////////////////// public interface ITfsVCWorkspace { string Computer { get; set; } string Name { get; } string Owner { get; } ITfsVCMapping[] Mappings { get; } } public interface ITfsVCMapping { bool Cloak { get; } string LocalPath { get; } bool Recursive { get; } string ServerPath { get; } } } ================================================ FILE: src/Agent.Worker/Build/TfsVCSourceProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text; using System.Threading; using System.Threading.Tasks; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public sealed class TfsVCSourceProvider : SourceProvider, ISourceProvider { private bool _undoShelvesetPendingChanges = false; public override string RepositoryType => TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.Tfvc; public async Task GetSourceAsync( IExecutionContext executionContext, ServiceEndpoint endpoint, CancellationToken cancellationToken) { Trace.Entering(); // Validate args. ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(endpoint, nameof(endpoint)); if (executionContext == null || endpoint == null) { return; } if (PlatformUtil.RunningOnWindows) { // Validate .NET Framework 4.6 or higher is installed. if (!NetFrameworkUtil.Test(new Version(4, 6), Trace)) { throw new Exception(StringUtil.Loc("MinimumNetFramework46")); } } // Create the tf command manager. var tf = HostContext.CreateService(); tf.CancellationToken = cancellationToken; tf.Endpoint = endpoint; tf.ExecutionContext = executionContext; // Setup proxy. var agentProxy = HostContext.GetService(); if (!string.IsNullOrEmpty(executionContext.Variables.Agent_ProxyUrl) && !agentProxy.WebProxy.IsBypassed(endpoint.Url)) { executionContext.Debug($"Configure '{tf.FilePath}' to work through proxy server '{executionContext.Variables.Agent_ProxyUrl}'."); tf.SetupProxy(executionContext.Variables.Agent_ProxyUrl, executionContext.Variables.Agent_ProxyUsername, executionContext.Variables.Agent_ProxyPassword); } // Setup client certificate. var agentCertManager = HostContext.GetService(); if (agentCertManager.SkipServerCertificateValidation) { executionContext.Debug("TF does not support ignore SSL certificate validation error."); } var configUrl = new Uri(HostContext.GetService().GetSettings().ServerUrl); if (!string.IsNullOrEmpty(agentCertManager.ClientCertificateFile) && Uri.Compare(endpoint.Url, configUrl, UriComponents.SchemeAndServer, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) == 0) { executionContext.Debug($"Configure '{tf.FilePath}' to work with client cert '{agentCertManager.ClientCertificateFile}'."); tf.SetupClientCertificate(agentCertManager.ClientCertificateFile, agentCertManager.ClientCertificatePrivateKeyFile, agentCertManager.ClientCertificateArchiveFile, agentCertManager.ClientCertificatePassword); } // Add TF to the PATH. string tfPath = tf.FilePath; ArgUtil.File(tfPath, nameof(tfPath)); executionContext.Output(StringUtil.Loc("Prepending0WithDirectoryContaining1", Constants.PathVariable, Path.GetFileName(tfPath))); PathUtil.PrependPath(Path.GetDirectoryName(tfPath)); executionContext.Debug($"{Constants.PathVariable}: '{Environment.GetEnvironmentVariable(Constants.PathVariable)}'"); if (PlatformUtil.RunningOnWindows) { // Set TFVC_BUILDAGENT_POLICYPATH string TfPath = VarUtil.GetTfDirectoryPath(executionContext); string policyDllPath = Path.Combine(TfPath, "Microsoft.TeamFoundation.VersionControl.Controls.dll"); ArgUtil.File(policyDllPath, nameof(policyDllPath)); const string policyPathEnvKey = "TFVC_BUILDAGENT_POLICYPATH"; executionContext.Output(StringUtil.Loc("SetEnvVar", policyPathEnvKey)); Environment.SetEnvironmentVariable(policyPathEnvKey, policyDllPath); } // Check if the administrator accepted the license terms of the TEE EULA when configuring the agent. AgentSettings settings = HostContext.GetService().GetSettings(); if (tf.Features.HasFlag(TfsVCFeatures.Eula) && settings.AcceptTeeEula) { // Check if the "tf eula -accept" command needs to be run for the current user. bool skipEula = false; try { skipEula = tf.TestEulaAccepted(); } catch (Exception ex) { executionContext.Debug("Unexpected exception while testing whether the TEE EULA has been accepted for the current user."); executionContext.Debug(ex.ToString()); } if (!skipEula) { // Run the command "tf eula -accept". try { await tf.EulaAsync(); } catch (Exception ex) { executionContext.Debug(ex.ToString()); executionContext.Warning(ex.Message); } } } // Get the workspaces. executionContext.Output(StringUtil.Loc("QueryingWorkspaceInfo")); ITfsVCWorkspace[] tfWorkspaces = await tf.WorkspacesAsync(); // Determine the workspace name. string buildDirectory = executionContext.Variables.Get(Constants.Variables.Agent.BuildDirectory); ArgUtil.NotNullOrEmpty(buildDirectory, nameof(buildDirectory)); string workspaceName = $"ws_{Path.GetFileName(buildDirectory)}_{settings.AgentId}"; executionContext.Variables.Set(Constants.Variables.Build.RepoTfvcWorkspace, workspaceName); // Get the definition mappings. DefinitionWorkspaceMapping[] definitionMappings = JsonConvert.DeserializeObject(endpoint.Data[EndpointData.TfvcWorkspaceMapping])?.Mappings; // Determine the sources directory. string sourcesDirectory = GetEndpointData(endpoint, Constants.EndpointData.SourcesDirectory); ArgUtil.NotNullOrEmpty(sourcesDirectory, nameof(sourcesDirectory)); // Attempt to re-use an existing workspace if the command manager supports scorch // or if clean is not specified. ITfsVCWorkspace existingTFWorkspace = null; bool clean = endpoint.Data.ContainsKey(EndpointData.Clean) && StringUtil.ConvertToBoolean(endpoint.Data[EndpointData.Clean], defaultValue: false); if (tf.Features.HasFlag(TfsVCFeatures.Scorch) || !clean) { existingTFWorkspace = WorkspaceUtil.MatchExactWorkspace( executionContext: executionContext, tfWorkspaces: tfWorkspaces, name: workspaceName, definitionMappings: definitionMappings, sourcesDirectory: sourcesDirectory); if (existingTFWorkspace != null) { if (tf.Features.HasFlag(TfsVCFeatures.GetFromUnmappedRoot)) { // Undo pending changes. ITfsVCStatus tfStatus = await tf.StatusAsync(localPath: sourcesDirectory); if (tfStatus?.HasPendingChanges ?? false) { await tf.UndoAsync(localPath: sourcesDirectory); // Cleanup remaining files/directories from pend adds. tfStatus.AllAdds .OrderByDescending(x => x.LocalItem) // Sort descending so nested items are deleted before their parent is deleted. .ToList() .ForEach(x => { executionContext.Output(StringUtil.Loc("Deleting", x.LocalItem)); IOUtil.Delete(x.LocalItem, cancellationToken); }); } } else { // Perform "undo" for each map. foreach (DefinitionWorkspaceMapping definitionMapping in definitionMappings ?? new DefinitionWorkspaceMapping[0]) { if (definitionMapping.MappingType == DefinitionMappingType.Map) { // Check the status. string localPath = definitionMapping.GetRootedLocalPath(sourcesDirectory); ITfsVCStatus tfStatus = await tf.StatusAsync(localPath: localPath); if (tfStatus?.HasPendingChanges ?? false) { // Undo. await tf.UndoAsync(localPath: localPath); // Cleanup remaining files/directories from pend adds. tfStatus.AllAdds .OrderByDescending(x => x.LocalItem) // Sort descending so nested items are deleted before their parent is deleted. .ToList() .ForEach(x => { executionContext.Output(StringUtil.Loc("Deleting", x.LocalItem)); IOUtil.Delete(x.LocalItem, cancellationToken); }); } } } } // Scorch. if (clean) { // Try to scorch. try { await tf.ScorchAsync(); } catch (ProcessExitCodeException ex) { // Scorch failed. // Warn, drop the folder, and re-clone. executionContext.Warning(ex.Message); existingTFWorkspace = null; } } } } // Create a new workspace. if (existingTFWorkspace == null) { // Remove any conflicting workspaces. await RemoveConflictingWorkspacesAsync( tf: tf, tfWorkspaces: tfWorkspaces, name: workspaceName, directory: sourcesDirectory); // Remove any conflicting workspace from a different computer. // This is primarily a hosted scenario where a registered hosted // agent can land on a different computer each time. tfWorkspaces = await tf.WorkspacesAsync(matchWorkspaceNameOnAnyComputer: true); foreach (ITfsVCWorkspace tfWorkspace in tfWorkspaces ?? new ITfsVCWorkspace[0]) { await tf.WorkspaceDeleteAsync(tfWorkspace); } // Recreate the sources directory. executionContext.Debug($"Deleting: '{sourcesDirectory}'."); IOUtil.DeleteDirectory(sourcesDirectory, cancellationToken); Directory.CreateDirectory(sourcesDirectory); // Create the workspace. await tf.WorkspaceNewAsync(); // Remove the default mapping. if (tf.Features.HasFlag(TfsVCFeatures.DefaultWorkfoldMap)) { await tf.WorkfoldUnmapAsync("$/"); } // Sort the definition mappings. definitionMappings = (definitionMappings ?? new DefinitionWorkspaceMapping[0]) .OrderBy(x => x.NormalizedServerPath?.Length ?? 0) // By server path length. .ToArray() ?? new DefinitionWorkspaceMapping[0]; // Add the definition mappings to the workspace. foreach (DefinitionWorkspaceMapping definitionMapping in definitionMappings) { switch (definitionMapping.MappingType) { case DefinitionMappingType.Cloak: // Add the cloak. await tf.WorkfoldCloakAsync(serverPath: definitionMapping.ServerPath); break; case DefinitionMappingType.Map: // Add the mapping. await tf.WorkfoldMapAsync( serverPath: definitionMapping.ServerPath, localPath: definitionMapping.GetRootedLocalPath(sourcesDirectory)); break; default: throw new NotSupportedException(); } } } if (tf.Features.HasFlag(TfsVCFeatures.GetFromUnmappedRoot)) { // Get. await tf.GetAsync(localPath: sourcesDirectory); } else { // Perform "get" for each map. foreach (DefinitionWorkspaceMapping definitionMapping in definitionMappings ?? new DefinitionWorkspaceMapping[0]) { if (definitionMapping.MappingType == DefinitionMappingType.Map) { await tf.GetAsync(localPath: definitionMapping.GetRootedLocalPath(sourcesDirectory)); } } } // Steps for shelveset/gated. string shelvesetName = GetEndpointData(endpoint, Constants.EndpointData.SourceTfvcShelveset); if (!string.IsNullOrEmpty(shelvesetName)) { // Steps for gated. ITfsVCShelveset tfShelveset = null; string gatedShelvesetName = GetEndpointData(endpoint, Constants.EndpointData.GatedShelvesetName); if (!string.IsNullOrEmpty(gatedShelvesetName)) { // Clean the last-saved-checkin-metadata for existing workspaces. // // A better long term fix is to add a switch to "tf unshelve" that completely overwrites // the last-saved-checkin-metadata, instead of merging associated work items. // // The targeted workaround for now is to create a trivial change and "tf shelve /move", // which will delete the last-saved-checkin-metadata. if (existingTFWorkspace != null) { executionContext.Output("Cleaning last saved checkin metadata."); // Find a local mapped directory. string firstLocalDirectory = (definitionMappings ?? new DefinitionWorkspaceMapping[0]) .Where(x => x.MappingType == DefinitionMappingType.Map) .Select(x => x.GetRootedLocalPath(sourcesDirectory)) .FirstOrDefault(x => Directory.Exists(x)); if (firstLocalDirectory == null) { executionContext.Warning("No mapped folder found. Unable to clean last-saved-checkin-metadata."); } else { // Create a trival change and "tf shelve /move" to clear the // last-saved-checkin-metadata. string cleanName = "__tf_clean_wksp_metadata"; string tempCleanFile = Path.Combine(firstLocalDirectory, cleanName); try { File.WriteAllText(path: tempCleanFile, contents: "clean last-saved-checkin-metadata", encoding: Encoding.UTF8); await tf.AddAsync(tempCleanFile); await tf.ShelveAsync(shelveset: cleanName, commentFile: tempCleanFile, move: true); } catch (Exception ex) { executionContext.Warning($"Unable to clean last-saved-checkin-metadata. {ex.Message}"); try { await tf.UndoAsync(tempCleanFile); } catch (Exception ex2) { executionContext.Warning($"Unable to undo '{tempCleanFile}'. {ex2.Message}"); } } finally { IOUtil.DeleteFile(tempCleanFile); } } } // Get the shelveset metadata. tfShelveset = await tf.ShelvesetsAsync(shelveset: shelvesetName); // The above command throws if the shelveset is not found, // so the following assertion should never fail. ArgUtil.NotNull(tfShelveset, nameof(tfShelveset)); } // Unshelve. await tf.UnshelveAsync(shelveset: shelvesetName); // Ensure we undo pending changes for shelveset build at the end. _undoShelvesetPendingChanges = true; if (!string.IsNullOrEmpty(gatedShelvesetName)) { // Create the comment file for reshelve. StringBuilder comment = new StringBuilder(tfShelveset.Comment ?? string.Empty); string runCi = GetEndpointData(endpoint, Constants.EndpointData.GatedRunCI); bool gatedRunCi = StringUtil.ConvertToBoolean(runCi, true); if (!gatedRunCi) { if (comment.Length > 0) { comment.AppendLine(); } comment.Append(Constants.Build.NoCICheckInComment); } string commentFile = null; try { commentFile = Path.GetTempFileName(); File.WriteAllText(path: commentFile, contents: comment.ToString(), encoding: Encoding.UTF8); // Reshelve. await tf.ShelveAsync(shelveset: gatedShelvesetName, commentFile: commentFile, move: false); } finally { // Cleanup the comment file. if (File.Exists(commentFile)) { try { await IOUtil.DeleteFileWithRetry(commentFile, cancellationToken); } catch (Exception ex) { Trace.Warning($"Unable to delete comment file, ex:{ex.GetType()}"); Trace.Error(ex); } } } } } // Cleanup proxy settings. if (!string.IsNullOrEmpty(executionContext.Variables.Agent_ProxyUrl) && !agentProxy.WebProxy.IsBypassed(endpoint.Url)) { executionContext.Debug($"Remove proxy setting for '{tf.FilePath}' to work through proxy server '{executionContext.Variables.Agent_ProxyUrl}'."); tf.CleanupProxySetting(); } } public async Task PostJobCleanupAsync(IExecutionContext executionContext, ServiceEndpoint endpoint) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(endpoint, nameof(endpoint)); if (_undoShelvesetPendingChanges) { string shelvesetName = GetEndpointData(endpoint, Constants.EndpointData.SourceTfvcShelveset); executionContext.Debug($"Undo pending changes left by shelveset '{shelvesetName}'."); // Create the tf command manager. var tf = HostContext.CreateService(); tf.CancellationToken = executionContext.CancellationToken; tf.Endpoint = endpoint; tf.ExecutionContext = executionContext; // Get the definition mappings. DefinitionWorkspaceMapping[] definitionMappings = JsonConvert.DeserializeObject(endpoint.Data[EndpointData.TfvcWorkspaceMapping])?.Mappings; // Determine the sources directory. string sourcesDirectory = GetEndpointData(endpoint, Constants.EndpointData.SourcesDirectory); ArgUtil.NotNullOrEmpty(sourcesDirectory, nameof(sourcesDirectory)); try { if (tf.Features.HasFlag(TfsVCFeatures.GetFromUnmappedRoot)) { // Undo pending changes. ITfsVCStatus tfStatus = await tf.StatusAsync(localPath: sourcesDirectory); if (tfStatus?.HasPendingChanges ?? false) { await tf.UndoAsync(localPath: sourcesDirectory); // Cleanup remaining files/directories from pend adds. tfStatus.AllAdds .OrderByDescending(x => x.LocalItem) // Sort descending so nested items are deleted before their parent is deleted. .ToList() .ForEach(x => { executionContext.Output(StringUtil.Loc("Deleting", x.LocalItem)); IOUtil.Delete(x.LocalItem, executionContext.CancellationToken); }); } } else { // Perform "undo" for each map. foreach (DefinitionWorkspaceMapping definitionMapping in definitionMappings ?? new DefinitionWorkspaceMapping[0]) { if (definitionMapping.MappingType == DefinitionMappingType.Map) { // Check the status. string localPath = definitionMapping.GetRootedLocalPath(sourcesDirectory); ITfsVCStatus tfStatus = await tf.StatusAsync(localPath: localPath); if (tfStatus?.HasPendingChanges ?? false) { // Undo. await tf.UndoAsync(localPath: localPath); // Cleanup remaining files/directories from pend adds. tfStatus.AllAdds .OrderByDescending(x => x.LocalItem) // Sort descending so nested items are deleted before their parent is deleted. .ToList() .ForEach(x => { executionContext.Output(StringUtil.Loc("Deleting", x.LocalItem)); IOUtil.Delete(x.LocalItem, executionContext.CancellationToken); }); } } } } } catch (Exception ex) { // We can't undo pending changes, log a warning and continue. executionContext.Debug(ex.ToString()); executionContext.Warning(ex.Message); } } } public override string GetLocalPath(IExecutionContext executionContext, RepositoryResource repository, string path) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(executionContext.Variables, nameof(executionContext.Variables)); ArgUtil.NotNull(repository, nameof(repository)); ArgUtil.NotNull(repository.Endpoint, nameof(repository.Endpoint)); path = path ?? string.Empty; if (path.StartsWith("$/") || path.StartsWith(@"$\")) { // Create the tf command manager. var tf = HostContext.CreateService(); tf.CancellationToken = CancellationToken.None; tf.Repository = repository; tf.Endpoint = executionContext.Endpoints.Single( x => (repository.Endpoint.Id != Guid.Empty && x.Id == repository.Endpoint.Id) || (repository.Endpoint.Id == Guid.Empty && string.Equals(x.Name, repository.Endpoint.Name.ToString(), StringComparison.OrdinalIgnoreCase))); tf.ExecutionContext = executionContext; // Attempt to resolve the path. string localPath = tf.ResolvePath(serverPath: path); if (!string.IsNullOrEmpty(localPath)) { return localPath; } } // Return the original path. return path; } public override void SetVariablesInEndpoint(IExecutionContext executionContext, ServiceEndpoint endpoint) { base.SetVariablesInEndpoint(executionContext, endpoint); endpoint.Data.Add(Constants.EndpointData.SourceTfvcShelveset, executionContext.Variables.Get(Constants.Variables.Build.SourceTfvcShelveset)); endpoint.Data.Add(Constants.EndpointData.GatedShelvesetName, executionContext.Variables.Get(Constants.Variables.Build.GatedShelvesetName)); endpoint.Data.Add(Constants.EndpointData.GatedRunCI, executionContext.Variables.Get(Constants.Variables.Build.GatedRunCI)); } private async Task RemoveConflictingWorkspacesAsync(ITfsVCCommandManager tf, ITfsVCWorkspace[] tfWorkspaces, string name, string directory) { // Validate the args. ArgUtil.NotNullOrEmpty(name, nameof(name)); ArgUtil.NotNullOrEmpty(directory, nameof(directory)); // Fixup the directory. directory = directory.TrimEnd('/', '\\'); ArgUtil.NotNullOrEmpty(directory, nameof(directory)); string directorySlash = $"{directory}{Path.DirectorySeparatorChar}"; foreach (ITfsVCWorkspace tfWorkspace in tfWorkspaces ?? new ITfsVCWorkspace[0]) { // Attempt to match the workspace by name. if (string.Equals(tfWorkspace.Name, name, StringComparison.OrdinalIgnoreCase)) { // Try deleting the workspace from the server. if (!(await tf.TryWorkspaceDeleteAsync(tfWorkspace))) { // Otherwise fallback to deleting the workspace from the local computer. await tf.WorkspacesRemoveAsync(tfWorkspace); } // Continue iterating over the rest of the workspaces. continue; } // Attempt to match the workspace by local path. foreach (ITfsVCMapping tfMapping in tfWorkspace.Mappings ?? new ITfsVCMapping[0]) { // Skip cloaks. if (tfMapping.Cloak) { continue; } if (string.Equals(tfMapping.LocalPath, directory, StringComparison.CurrentCultureIgnoreCase) || (tfMapping.LocalPath ?? string.Empty).StartsWith(directorySlash, StringComparison.CurrentCultureIgnoreCase)) { // Try deleting the workspace from the server. if (!(await tf.TryWorkspaceDeleteAsync(tfWorkspace))) { // Otherwise fallback to deleting the workspace from the local computer. await tf.WorkspacesRemoveAsync(tfWorkspace); } // Break out of this nested for loop only. // Continue iterating over the rest of the workspaces. break; } } } } public static class WorkspaceUtil { public static ITfsVCWorkspace MatchExactWorkspace( IExecutionContext executionContext, ITfsVCWorkspace[] tfWorkspaces, string name, DefinitionWorkspaceMapping[] definitionMappings, string sourcesDirectory) { ArgUtil.NotNullOrEmpty(name, nameof(name)); ArgUtil.NotNullOrEmpty(sourcesDirectory, nameof(sourcesDirectory)); // Short-circuit early if the sources directory is empty. // // Consider the sources directory to be empty if it only contains a .tf directory exists. This can // indicate the workspace is in a corrupted state and the tf commands (e.g. status) will not return // reliable information. An easy way to reproduce this is to delete the workspace directory, then // run "tf status" on that workspace. The .tf directory will be recreated but the contents will be // in a corrupted state. if (!Directory.Exists(sourcesDirectory) || !Directory.EnumerateFileSystemEntries(sourcesDirectory).Any(x => !x.EndsWith($"{Path.DirectorySeparatorChar}.tf"))) { executionContext.Debug("Sources directory does not exist or is empty."); return null; } string machineName = Environment.MachineName; executionContext.Debug($"Attempting to find a workspace: '{name}'"); foreach (ITfsVCWorkspace tfWorkspace in tfWorkspaces ?? new ITfsVCWorkspace[0]) { // Compare the workspace name. if (!string.Equals(tfWorkspace.Name, name, StringComparison.Ordinal)) { executionContext.Debug($"Skipping workspace: '{tfWorkspace.Name}'"); continue; } executionContext.Debug($"Candidate workspace: '{tfWorkspace.Name}'"); // Compare the machine name. if (!string.Equals(tfWorkspace.Computer, machineName, StringComparison.Ordinal)) { executionContext.Debug($"Expected computer name: '{machineName}'. Actual: '{tfWorkspace.Computer}'"); continue; } // Compare the number of mappings. if ((tfWorkspace.Mappings?.Length ?? 0) != (definitionMappings?.Length ?? 0)) { executionContext.Debug($"Expected number of mappings: '{definitionMappings?.Length ?? 0}'. Actual: '{tfWorkspace.Mappings?.Length ?? 0}'"); continue; } // Sort the definition mappings. List sortedDefinitionMappings = (definitionMappings ?? new DefinitionWorkspaceMapping[0]) .OrderBy(x => x.MappingType != DefinitionMappingType.Cloak) // Cloaks first .ThenBy(x => !x.Recursive) // Then recursive maps .ThenBy(x => x.NormalizedServerPath) // Then sort by the normalized server path .ToList(); for (int i = 0; i < sortedDefinitionMappings.Count; i++) { DefinitionWorkspaceMapping mapping = sortedDefinitionMappings[i]; executionContext.Debug($"Definition mapping[{i}]: cloak '{mapping.MappingType == DefinitionMappingType.Cloak}', recursive '{mapping.Recursive}', server path '{mapping.NormalizedServerPath}', local path '{mapping.GetRootedLocalPath(sourcesDirectory)}'"); } // Sort the TF mappings. List sortedTFMappings = (tfWorkspace.Mappings ?? new ITfsVCMapping[0]) .OrderBy(x => !x.Cloak) // Cloaks first .ThenBy(x => !x.Recursive) // Then recursive maps .ThenBy(x => x.ServerPath) // Then sort by server path .ToList(); for (int i = 0; i < sortedTFMappings.Count; i++) { ITfsVCMapping mapping = sortedTFMappings[i]; executionContext.Debug($"Found mapping[{i}]: cloak '{mapping.Cloak}', recursive '{mapping.Recursive}', server path '{mapping.ServerPath}', local path '{mapping.LocalPath}'"); } // Compare the mappings. bool allMatch = true; List matchTrace = new List(); for (int i = 0; i < sortedTFMappings.Count; i++) { ITfsVCMapping tfMapping = sortedTFMappings[i]; DefinitionWorkspaceMapping definitionMapping = sortedDefinitionMappings[i]; // Compare the cloak flag. bool expectedCloak = definitionMapping.MappingType == DefinitionMappingType.Cloak; if (tfMapping.Cloak != expectedCloak) { matchTrace.Add(StringUtil.Loc("ExpectedMappingCloak", i, expectedCloak, tfMapping.Cloak)); allMatch = false; break; } // Compare the recursive flag. if (!expectedCloak && tfMapping.Recursive != definitionMapping.Recursive) { matchTrace.Add(StringUtil.Loc("ExpectedMappingRecursive", i, definitionMapping.Recursive, tfMapping.Recursive)); allMatch = false; break; } // Compare the server path. Normalize the expected server path for a single-level map. string expectedServerPath = definitionMapping.NormalizedServerPath; if (!string.Equals(tfMapping.ServerPath, expectedServerPath, StringComparison.Ordinal)) { matchTrace.Add(StringUtil.Loc("ExpectedMappingServerPath", i, expectedServerPath, tfMapping.ServerPath)); allMatch = false; break; } // Compare the local path. if (!expectedCloak) { string expectedLocalPath = definitionMapping.GetRootedLocalPath(sourcesDirectory); if (!string.Equals(tfMapping.LocalPath, expectedLocalPath, StringComparison.Ordinal)) { matchTrace.Add(StringUtil.Loc("ExpectedMappingLocalPath", i, expectedLocalPath, tfMapping.LocalPath)); allMatch = false; break; } } } if (allMatch) { executionContext.Debug("Matching workspace found."); return tfWorkspace; } else { executionContext.Output(StringUtil.Loc("WorkspaceMappingNotMatched", tfWorkspace.Name)); foreach (var trace in matchTrace) { executionContext.Output(trace); } } } executionContext.Debug("Matching workspace not found."); return null; } } public sealed class DefinitionWorkspaceMappings { public DefinitionWorkspaceMapping[] Mappings { get; set; } } public sealed class DefinitionWorkspaceMapping { public string LocalPath { get; set; } public DefinitionMappingType MappingType { get; set; } /// /// Remove the trailing "/*" from the single-level mapping server path. /// If the ServerPath is "$/*", then the normalized path is returned /// as "$/" rather than "$". /// public string NormalizedServerPath { get { string path; if (!Recursive) { // Trim the last two characters (i.e. "/*") from the single-level // mapping server path. path = ServerPath.Substring(0, ServerPath.Length - 2); // Check if trimmed too much. This is important when comparing // against workspaces on disk. if (string.Equals(path, "$", StringComparison.Ordinal)) { path = "$/"; } } else { path = ServerPath ?? string.Empty; } return path; } } /// /// Returns true if the path does not end with "/*". /// public bool Recursive => !(ServerPath ?? string.Empty).EndsWith("/*"); public string ServerPath { get; set; } /// /// Gets the rooted local path and normalizes slashes. /// public string GetRootedLocalPath(string sourcesDirectory) { // TEE normalizes all slashes in a workspace mapping to match the OS. It is not // possible on OSX/Linux to have a workspace mapping with a backslash, even though // backslash is a legal file name character. string relativePath = (LocalPath ?? string.Empty) .Replace('/', Path.DirectorySeparatorChar) .Replace('\\', Path.DirectorySeparatorChar) .Trim(Path.DirectorySeparatorChar); return Path.Combine(sourcesDirectory, relativePath); } } public enum DefinitionMappingType { Cloak, Map, } } } ================================================ FILE: src/Agent.Worker/Build/TopLevelTrackingConfig.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.ComponentModel; using System.Globalization; using Newtonsoft.Json; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public sealed class TopLevelTrackingConfig { [JsonIgnore] public DateTimeOffset? LastBuildDirectoryCreatedOn { get; set; } [JsonProperty("lastBuildFolderCreatedOn")] [EditorBrowsableAttribute(EditorBrowsableState.Never)] public string LastBuildDirectoryCreatedOnString { get { return string.Format(CultureInfo.InvariantCulture, "{0}", LastBuildDirectoryCreatedOn); } set { if (string.IsNullOrEmpty(value)) { LastBuildDirectoryCreatedOn = null; return; } LastBuildDirectoryCreatedOn = DateTimeOffset.Parse(value, CultureInfo.InvariantCulture); } } [JsonProperty("lastBuildFolderNumber")] public int LastBuildDirectoryNumber { get; set; } } } ================================================ FILE: src/Agent.Worker/Build/TrackingConfig.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.ComponentModel; using System.Globalization; using System.IO; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { /// /// This class is used to keep track of which repositories are being fetched and /// where they will be fetched to. /// This information is tracked per definition. /// public sealed class TrackingConfig : TrackingConfigBase { public const string FileFormatVersionJsonProperty = "fileFormatVersion"; // The parameterless constructor is required for deserialization. public TrackingConfig() { RepositoryTrackingInfo = new List(); } public TrackingConfig( IExecutionContext executionContext, LegacyTrackingConfig copy, string sourcesDirectoryNameOnly, string repositoryType, bool useNewArtifactsDirectoryName = false) : this() { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(copy, nameof(copy)); // Set the directories. BuildDirectory = Path.GetFileName(copy.BuildDirectory); // Just take the portion after _work folder. string artifactsDirectoryNameOnly = useNewArtifactsDirectoryName ? Constants.Build.Path.ArtifactsDirectory : Constants.Build.Path.LegacyArtifactsDirectory; ArtifactsDirectory = Path.Combine(BuildDirectory, artifactsDirectoryNameOnly); SourcesDirectory = Path.Combine(BuildDirectory, sourcesDirectoryNameOnly); TestResultsDirectory = Path.Combine(BuildDirectory, Constants.Build.Path.TestResultsDirectory); // Set the other properties. CollectionId = copy.CollectionId; CollectionUrl = executionContext.Variables.System_TFCollectionUrl; DefinitionId = copy.DefinitionId; HashKey = copy.HashKey; RepositoryType = repositoryType; RepositoryUrl = copy.RepositoryUrl; System = copy.System; // Let's make sure this file gets cleaned up by the garbage collector LastRunOn = new DateTime(1, 1, 1, 0, 0, 0, DateTimeKind.Utc); } public TrackingConfig Clone() { TrackingConfig clone = this.MemberwiseClone() as TrackingConfig; clone.RepositoryTrackingInfo = new List(this.RepositoryTrackingInfo); return clone; } public TrackingConfig( IExecutionContext executionContext, IList repositories, int buildDirectory) : this() { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(repositories, nameof(repositories)); // Get the repo that we are going to checkout first to create the tracking info from. var primaryRepository = RepositoryUtil.GetPrimaryRepository(repositories); // Set the directories. BuildDirectory = buildDirectory.ToString(CultureInfo.InvariantCulture); ArtifactsDirectory = Path.Combine(BuildDirectory, Constants.Build.Path.ArtifactsDirectory); SourcesDirectory = Path.Combine(BuildDirectory, Constants.Build.Path.SourcesDirectory); TestResultsDirectory = Path.Combine(BuildDirectory, Constants.Build.Path.TestResultsDirectory); // Set the other properties. CollectionId = executionContext.Variables.System_CollectionId; DefinitionId = executionContext.Variables.System_DefinitionId; RepositoryUrl = primaryRepository?.Url.AbsoluteUri; RepositoryType = primaryRepository?.Type; System = BuildSystem; UpdateJobRunProperties(executionContext); foreach (var repo in repositories) { RepositoryTrackingInfo.Add(new Build.RepositoryTrackingInfo(repo, SourcesDirectory)); } // Now that we have all the repositories set up, we can compute the config hash HashKey = TrackingConfigHashAlgorithm.ComputeHash(CollectionId, DefinitionId, RepositoryTrackingInfo); } [JsonIgnore] public string FileLocation { get; set; } [JsonProperty("build_artifactstagingdirectory")] public string ArtifactsDirectory { get; set; } [JsonProperty("agent_builddirectory")] public string BuildDirectory { get; set; } public string CollectionUrl { get; set; } public string DefinitionName { get; set; } public List RepositoryTrackingInfo { get; set; } // For back compat, we will ignore this property if it's null or empty public bool ShouldSerializeRepositoryTrackingInfo() { return RepositoryTrackingInfo != null && RepositoryTrackingInfo.Count > 0; } [JsonProperty(FileFormatVersionJsonProperty)] public int FileFormatVersion { get { // Any time this gets updated, the agent cannot be rolled back. // Back compat is guaranteed here, forward compat is not. return 3; } set { // Version 3 changes: // CollectionName was removed. // CollectionUrl was added. switch (value) { case 3: case 2: break; default: // Should never reach here. throw new NotSupportedException(); } } } [JsonIgnore] public DateTimeOffset? LastRunOn { get; set; } [JsonProperty("lastRunOn")] [EditorBrowsableAttribute(EditorBrowsableState.Never)] public string LastRunOnString { get { return string.Format(CultureInfo.InvariantCulture, "{0}", LastRunOn); } set { if (string.IsNullOrEmpty(value)) { LastRunOn = null; return; } LastRunOn = DateTimeOffset.Parse(value, CultureInfo.InvariantCulture); } } public string RepositoryType { get; set; } [JsonIgnore] public DateTimeOffset? LastMaintenanceAttemptedOn { get; set; } [JsonProperty("lastMaintenanceAttemptedOn")] [EditorBrowsableAttribute(EditorBrowsableState.Never)] public string LastMaintenanceAttemptedOnString { get { return string.Format(CultureInfo.InvariantCulture, "{0}", LastMaintenanceAttemptedOn); } set { if (string.IsNullOrEmpty(value)) { LastMaintenanceAttemptedOn = null; return; } LastMaintenanceAttemptedOn = DateTimeOffset.Parse(value, CultureInfo.InvariantCulture); } } [JsonIgnore] public DateTimeOffset? LastMaintenanceCompletedOn { get; set; } [JsonProperty("lastMaintenanceCompletedOn")] [EditorBrowsableAttribute(EditorBrowsableState.Never)] public string LastMaintenanceCompletedOnString { get { return string.Format(CultureInfo.InvariantCulture, "{0}", LastMaintenanceCompletedOn); } set { if (string.IsNullOrEmpty(value)) { LastMaintenanceCompletedOn = null; return; } LastMaintenanceCompletedOn = DateTimeOffset.Parse(value, CultureInfo.InvariantCulture); } } [JsonProperty("build_sourcesdirectory")] public string SourcesDirectory { get; set; } [JsonProperty("common_testresultsdirectory")] public string TestResultsDirectory { get; set; } public void UpdateJobRunProperties(IExecutionContext executionContext) { ArgUtil.NotNull(executionContext, nameof(executionContext)); CollectionUrl = executionContext.Variables.System_TFCollectionUrl; DefinitionName = executionContext.Variables.Build_DefinitionName; LastRunOn = DateTimeOffset.Now; } } public class RepositoryTrackingInfo { public RepositoryTrackingInfo(RepositoryResource repositoryResource, string sourcesDirectoryRoot) { if (repositoryResource != null) { Identifier = repositoryResource.Alias; RepositoryType = repositoryResource.Type; RepositoryUrl = repositoryResource.Url.AbsoluteUri; SourcesDirectory = Path.Combine(sourcesDirectoryRoot, RepositoryUtil.GetCloneDirectory(repositoryResource)); } } public RepositoryTrackingInfo() { } public string Identifier { get; set; } public string RepositoryType { get; set; } public string RepositoryUrl { get; set; } public string SourcesDirectory { get; set; } } } ================================================ FILE: src/Agent.Worker/Build/TrackingConfigBase.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public abstract class TrackingConfigBase { protected static readonly string BuildSystem = "build"; public string CollectionId { get; set; } public string DefinitionId { get; set; } public string HashKey { get; set; } public string RepositoryUrl { get; set; } public string System { get; set; } } } ================================================ FILE: src/Agent.Worker/Build/TrackingConfigHashAlgorithm.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Security.Cryptography; using System.Text; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Cryptography", "CA5350: Do Not Use Weak Cryptographic Algorithms")] public class TrackingConfigHashAlgorithm { /// /// This method returns the hash key that combines repository hash keys. /// public static string ComputeHash(string collectionId, string definitionId, IList repositories) { // Validate parameters. ArgUtil.NotNull(collectionId, nameof(collectionId)); ArgUtil.NotNull(definitionId, nameof(definitionId)); ArgUtil.ListNotNullOrEmpty(repositories, nameof(repositories)); ArgUtil.NotNull(repositories[0].RepositoryUrl, "repositoryUrl"); string hashInput = null; if (repositories.Count == 0) { return null; } else if (repositories.Count == 1) { // For backwards compatibility, we need to maintain the old hash format for single repos hashInput = string.Format( CultureInfo.InvariantCulture, "{{{{ \r\n \"system\" : \"build\", \r\n \"collectionId\" = \"{0}\", \r\n \"definitionId\" = \"{1}\", \r\n \"repositoryUrl\" = \"{2}\", \r\n \"sourceFolder\" = \"{{0}}\",\r\n \"hashKey\" = \"{{1}}\"\r\n}}}}", collectionId, definitionId, repositories[0].RepositoryUrl); } else { // For multiple repos, we use a similar format combining all the repo identifiers into one string. // Since you may want to clone the same repo into 2 different folders we need to include the id of the repo as well as the url. hashInput = string.Format( CultureInfo.InvariantCulture, "{{{{\"system\":\"build\",\"collectionId\"=\"{0}\",\"definitionId\"=\"{1}\",\"repositories\"=\"{2}\"}}}}", collectionId, definitionId, string.Join(';', repositories.OrderBy(x => x.Identifier).Select(x => $"{x.Identifier}:{x.RepositoryUrl}"))); } return CreateHash(hashInput); } private static string CreateHash(string hashInput) { //CodeQL [SM02196] Supress - Suppressing this warning as the hash is used only in the directory name and not for security purposes. using (SHA1 sha1Hash = SHA1.Create()) { byte[] data = sha1Hash.ComputeHash(Encoding.UTF8.GetBytes(hashInput)); StringBuilder hexString = new StringBuilder(); for (int i = 0; i < data.Length; i++) { hexString.Append(data[i].ToString("x2")); } return hexString.ToString(); } } } } ================================================ FILE: src/Agent.Worker/Build/TrackingManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using Newtonsoft.Json; using System; using System.IO; using System.Collections.Generic; using System.Linq; using System.Globalization; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { /// /// This class manages the tracking config files used by the worker to determine where sources are located. /// There is a single file per pipeline. We use a hash to determine if the file needs to be updated. /// The tracking configs are "garbage collected" if any of the repositories are changed. /// I.e. the repo url is different than last build. /// The config file format has changed over time and must remain backwards compatible to avoid unneeded recloning. /// [ServiceLocator(Default = typeof(TrackingManager))] public interface ITrackingManager : IAgentService { TrackingConfig LoadExistingTrackingConfig( IExecutionContext executionContext); TrackingConfig Create( IExecutionContext executionContext, IList repositories, bool overrideBuildDirectory); bool AreTrackingConfigsCompatible( IExecutionContext executionContext, TrackingConfig newConfig, TrackingConfig previousConfig); TrackingConfig MergeTrackingConfigs( IExecutionContext executionContext, TrackingConfig newConfig, TrackingConfig previousConfig, bool overrideBuildDirectory); void UpdateTrackingConfig( IExecutionContext executionContext, TrackingConfig modifiedConfig); IEnumerable EnumerateAllTrackingConfigs(IExecutionContext executionContext); void MarkForGarbageCollection(IExecutionContext executionContext, TrackingConfig config); void MarkExpiredForGarbageCollection(IExecutionContext executionContext, TimeSpan expiration); void DisposeCollectedGarbage(IExecutionContext executionContext); void MaintenanceStarted(TrackingConfig config); void MaintenanceCompleted(TrackingConfig config); } public sealed class TrackingManager : AgentService, ITrackingManager { private TopLevelTrackingConfig topLevelConfig; public TrackingConfig Create( IExecutionContext executionContext, IList repositories, bool overrideBuildDirectory) { Trace.Entering(); EnsureTopLevelTrackingConfigLoaded(executionContext); // Determine the build directory. if (overrideBuildDirectory) { // This should only occur during hosted builds. This was added due to TFVC. // TFVC does not allow a local path for a single machine to be mapped in multiple // workspaces. The machine name for a hosted images is not unique. // // So if a customer is running two hosted builds at the same time, they could run // into the local mapping conflict. // // The workaround is to force the build directory to be different across all concurrent // hosted builds (for TFVC). The agent ID will be unique across all concurrent hosted // builds so that can safely be used as the build directory. // This line recently started causing issues described in FEEDBACKTICKET 1649233 // We think this is related to the refactor of topLevelConfig going from a local variable in this method // to being a private class variable of this object. // ArgUtil.Equal(default(int), topLevelConfig.LastBuildDirectoryNumber, nameof(topLevelConfig.LastBuildDirectoryNumber)); var configurationStore = HostContext.GetService(); AgentSettings settings = configurationStore.GetSettings(); Trace.Verbose($"Overriding LastBuildDirectoryNumber from {topLevelConfig.LastBuildDirectoryNumber} to {settings.AgentId}"); topLevelConfig.LastBuildDirectoryNumber = settings.AgentId; } else { topLevelConfig.LastBuildDirectoryNumber++; } // Create the new tracking config. TrackingConfig config = new TrackingConfig( executionContext, repositories, topLevelConfig.LastBuildDirectoryNumber); return config; } public bool AreTrackingConfigsCompatible( IExecutionContext executionContext, TrackingConfig newConfig, TrackingConfig previousConfig) { return newConfig != null && previousConfig != null && string.Equals(newConfig.HashKey, previousConfig.HashKey, StringComparison.OrdinalIgnoreCase); } public TrackingConfig MergeTrackingConfigs( IExecutionContext executionContext, TrackingConfig newConfig, TrackingConfig previousConfig, bool overrideBuildDirectory ) { /* * (Temporarily till we have automatic tests coverage for this case) for any changes in this method - please make sure to test following scenarios: * - Self-hosted agent + several sequential pipeline runs for the same repos set - make sure that Build.SourcesDirectory is set properly after last checkout */ ArgUtil.NotNull(newConfig, nameof(newConfig)); ArgUtil.NotNull(previousConfig, nameof(previousConfig)); Trace.Entering(); TrackingConfig mergedConfig = previousConfig.Clone(); // Update the sources directory if we don't have one if (string.IsNullOrEmpty(mergedConfig.SourcesDirectory)) { mergedConfig.SourcesDirectory = newConfig.SourcesDirectory; } if (overrideBuildDirectory) { mergedConfig.BuildDirectory = newConfig.BuildDirectory; } // Fill out repository type if it's not there. // repository type is a new property introduced for maintenance job if (string.IsNullOrEmpty(mergedConfig.RepositoryType)) { mergedConfig.RepositoryType = newConfig.RepositoryType; } if (string.IsNullOrEmpty(mergedConfig.CollectionUrl)) { mergedConfig.CollectionUrl = newConfig.CollectionUrl; } return mergedConfig; } public void UpdateTrackingConfig( IExecutionContext executionContext, TrackingConfig modifiedConfig) { ArgUtil.NotNull(modifiedConfig, nameof(modifiedConfig)); Trace.Entering(); Trace.Verbose("Updating job run properties."); UpdateJobRunProperties(executionContext, modifiedConfig); bool isNewFile = string.IsNullOrEmpty(modifiedConfig.FileLocation); if (isNewFile && topLevelConfig != null) { // Update the top-level tracking config. Trace.Verbose("Updating top level config."); topLevelConfig.LastBuildDirectoryCreatedOn = DateTimeOffset.Now; WriteToFile(GetTopLevelTrackingFileLocation(), topLevelConfig); } } public TrackingConfig LoadExistingTrackingConfig( IExecutionContext executionContext) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); // First, attempt to load the file from the new location (collection, definition, workspaceId) string trackingFileLocation = GetTrackingFileLocation(executionContext, true); var trackingConfig = LoadIfExists(executionContext, trackingFileLocation); if (trackingConfig == null) { // If it's not in the new location, look for it in the old location trackingFileLocation = GetTrackingFileLocation(executionContext, false); trackingConfig = LoadIfExists(executionContext, trackingFileLocation); } return trackingConfig; } public void MarkForGarbageCollection( IExecutionContext executionContext, TrackingConfig config) { Trace.Entering(); // Write a copy of the tracking config to the GC folder. WriteToFile(GetGarbageFileLocation(), config); } public void MaintenanceStarted(TrackingConfig config) { ArgUtil.NotNull(config, nameof(config)); Trace.Entering(); config.LastMaintenanceAttemptedOn = DateTimeOffset.Now; config.LastMaintenanceCompletedOn = null; WriteToFile(config.FileLocation, config); } public void MaintenanceCompleted(TrackingConfig config) { ArgUtil.NotNull(config, nameof(config)); Trace.Entering(); config.LastMaintenanceCompletedOn = DateTimeOffset.Now; WriteToFile(config.FileLocation, config); } public IEnumerable EnumerateAllTrackingConfigs(IExecutionContext executionContext) { Trace.Entering(); Trace.Info("Scan all SourceFolder tracking files."); string searchRoot = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Build.Path.SourceRootMappingDirectory); if (!Directory.Exists(searchRoot)) { Trace.Info($"Search root does not exist. searchRoot={searchRoot}"); yield break; } var allTrackingFiles = Directory.EnumerateFiles(searchRoot, Constants.Build.Path.TrackingConfigFile, SearchOption.AllDirectories); Trace.Info($"Found {allTrackingFiles.Count()} tracking files."); foreach (var trackingFile in allTrackingFiles) { TrackingConfig trackingConfig = LoadIfExists(executionContext, trackingFile); if (trackingConfig != null) { Trace.Verbose($"Found {trackingFile} and parsed correctly."); yield return trackingConfig; } else { // Return an empty config so the caller can remove the file if needed Trace.Info($"{trackingFile} could not be parsed correctly."); yield return new TrackingConfig() { FileLocation = trackingFile, HashKey = "" }; } } // End the iterator yield break; } public void MarkExpiredForGarbageCollection( IExecutionContext executionContext, TimeSpan expiration) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(expiration, nameof(expiration)); Trace.Entering(); Trace.Info("Scan all SourceFolder tracking files."); string searchRoot = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Build.Path.SourceRootMappingDirectory); if (!Directory.Exists(searchRoot)) { executionContext.Output(StringUtil.Loc("GCDirNotExist", searchRoot)); return; } executionContext.Output(StringUtil.Loc("DirExpireLimit", expiration.TotalDays)); executionContext.Output(StringUtil.Loc("CurrentUTC", DateTime.UtcNow.ToString("o"))); // scan all sourcefolder tracking file, find which folder has never been used since UTC-expiration // the scan and garbage discovery should be best effort. // if the tracking file is in old format, just delete the folder since the first time the folder been use we will convert the tracking file to new format. foreach (var config in EnumerateAllTrackingConfigs(executionContext)) { try { executionContext.Output(StringUtil.Loc("EvaluateTrackingFile", config.FileLocation)); // Check the last run on time against the expiration ArgUtil.NotNull(config.LastRunOn, nameof(config.LastRunOn)); executionContext.Output(StringUtil.Loc("BuildDirLastUseTIme", Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), config.BuildDirectory), config.LastRunOn?.ToString("u"))); if (DateTime.UtcNow - expiration > config.LastRunOn) { // The config has expired, clean it up executionContext.Output(StringUtil.Loc("GCUnusedTrackingFile", config.FileLocation, expiration.TotalDays)); MarkForGarbageCollection(executionContext, config); IOUtil.DeleteFile(config.FileLocation); } } catch (Exception ex) { Trace.Info($"config.FileLocation={config.FileLocation}; config.HashKey={config.HashKey}; config.LastRunOn={config.LastRunOn}"); executionContext.Error(StringUtil.Loc("ErrorDuringBuildGC", config.FileLocation)); executionContext.Error(ex); } } } public void DisposeCollectedGarbage(IExecutionContext executionContext) { ArgUtil.NotNull(executionContext, nameof(executionContext)); Trace.Entering(); PrintOutDiskUsage(executionContext); string gcDirectory = Path.Combine( HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Build.Path.SourceRootMappingDirectory, Constants.Build.Path.GarbageCollectionDirectory); if (!Directory.Exists(gcDirectory)) { executionContext.Output(StringUtil.Loc("GCDirNotExist", gcDirectory)); return; } IEnumerable gcTrackingFiles = Directory.EnumerateFiles(gcDirectory, "*.json"); if (gcTrackingFiles == null || !gcTrackingFiles.Any()) { executionContext.Output(StringUtil.Loc("GCDirIsEmpty", gcDirectory)); return; } Trace.Info($"Find {gcTrackingFiles.Count()} GC tracking files."); if (gcTrackingFiles.Any()) { foreach (string gcFile in gcTrackingFiles) { // maintenance has been cancelled. executionContext.CancellationToken.ThrowIfCancellationRequested(); try { var gcConfig = LoadIfExists(executionContext, gcFile) as TrackingConfig; ArgUtil.NotNull(gcConfig, nameof(TrackingConfig)); string fullPath = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), gcConfig.BuildDirectory); executionContext.Output(StringUtil.Loc("Deleting", fullPath)); IOUtil.DeleteDirectory(fullPath, executionContext.CancellationToken); executionContext.Output(StringUtil.Loc("DeleteGCTrackingFile", fullPath)); IOUtil.DeleteFile(gcFile); } catch (Exception ex) { executionContext.Error(StringUtil.Loc("ErrorDuringBuildGCDelete", gcFile)); executionContext.Error(ex); } } PrintOutDiskUsage(executionContext); } } private TrackingConfig LoadIfExists( IExecutionContext executionContext, string file) { Trace.Entering(); Trace.Verbose($"Loading {file}"); // The tracking config will not exist for a new definition. if (!File.Exists(file)) { Trace.Verbose($"Tracking file does not exist: {file}"); return null; } TrackingConfig result = null; // Load the content and distinguish between tracking config file // version 1 and file version 2. string content = File.ReadAllText(file); string fileFormatVersionJsonProperty = StringUtil.Format( @"""{0}""", TrackingConfig.FileFormatVersionJsonProperty); if (content.Contains(fileFormatVersionJsonProperty)) { // The config is the new format. Trace.Verbose("Parsing new tracking config format."); result = JsonConvert.DeserializeObject(content); if (result != null) { // if RepositoryTrackingInfo is empty, then we should create an entry so the rest // of the logic after this will act correctly if (result.RepositoryTrackingInfo.Count == 0) { result.RepositoryTrackingInfo.Add(new Build.RepositoryTrackingInfo { Identifier = RepositoryUtil.DefaultPrimaryRepositoryName, RepositoryType = result.RepositoryType, RepositoryUrl = result.RepositoryUrl, SourcesDirectory = result.SourcesDirectory, }); } } } else { // Attempt to parse the legacy format. Trace.Verbose("Parsing legacy tracking config format."); var legacyTrackingConfig = LegacyTrackingConfig.TryParse(content); if (legacyTrackingConfig == null) { executionContext.Warning(StringUtil.Loc("UnableToParseBuildTrackingConfig0", content)); } else { // Convert legacy format to the new format. result = ConvertToNewFormat( executionContext, legacyTrackingConfig, RepositoryUtil.GetCloneDirectory(legacyTrackingConfig.RepositoryUrl), RepositoryUtil.GuessRepositoryType(legacyTrackingConfig.RepositoryUrl)); } } if (result != null) { result.FileLocation = file; } return result; } private void EnsureTopLevelTrackingConfigLoaded(IExecutionContext executionContext) { // Get or create the top-level tracking config. string topLevelFile = GetTopLevelTrackingFileLocation(); TopLevelTrackingConfig topLevelConfig = null; if (!File.Exists(topLevelFile)) { Trace.Verbose($"Creating default top-level tracking config: {topLevelFile}"); topLevelConfig = new TopLevelTrackingConfig(); } else { Trace.Verbose($"Loading top-level tracking config: {topLevelFile}"); topLevelConfig = JsonConvert.DeserializeObject(File.ReadAllText(topLevelFile)); if (topLevelConfig == null) { executionContext.Warning($"Rebuild corrupted top-level tracking configure file {topLevelFile}."); // save the corruptted file in case we need to investigate more. File.Copy(topLevelFile, $"{topLevelFile}.corrupted", true); topLevelConfig = new TopLevelTrackingConfig(); DirectoryInfo workDir = new DirectoryInfo(HostContext.GetDirectory(WellKnownDirectory.Work)); foreach (var dir in workDir.EnumerateDirectories()) { // we scan the entire _work directory and find the directory with the highest integer number. if (int.TryParse(dir.Name, NumberStyles.Integer, CultureInfo.InvariantCulture, out int lastBuildNumber) && lastBuildNumber > topLevelConfig.LastBuildDirectoryNumber) { topLevelConfig.LastBuildDirectoryNumber = lastBuildNumber; } } Trace.Verbose($"Top-level tracking config was corrupted. Setting LastBuildDirectoryNumber to {topLevelConfig.LastBuildDirectoryNumber}"); } } // Put the instance of the config in the member variable. this.topLevelConfig = topLevelConfig; } private string GetTopLevelTrackingFileLocation() { return Path.Combine( HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Build.Path.SourceRootMappingDirectory, Constants.Build.Path.TopLevelTrackingConfigFile); } private string GetTrackingFileLocation(IExecutionContext executionContext, bool includeWorkspaceId) { string workspaceId = null; if (includeWorkspaceId && executionContext.JobSettings?.TryGetValue(WellKnownJobSettings.WorkspaceIdentifier, out workspaceId) == true) { return Path.Combine( HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Build.Path.SourceRootMappingDirectory, executionContext.Variables.System_CollectionId, executionContext.Variables.System_DefinitionId, workspaceId, Constants.Build.Path.TrackingConfigFile); } return Path.Combine( HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Build.Path.SourceRootMappingDirectory, executionContext.Variables.System_CollectionId, executionContext.Variables.System_DefinitionId, Constants.Build.Path.TrackingConfigFile); } private string GetGarbageFileLocation() { string gcDirectory = Path.Combine( HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Build.Path.SourceRootMappingDirectory, Constants.Build.Path.GarbageCollectionDirectory); string file = Path.Combine( gcDirectory, StringUtil.Format("{0}.json", Guid.NewGuid())); return file; } private void UpdateJobRunProperties( IExecutionContext executionContext, TrackingConfig config) { Trace.Entering(); // Update the info properties and save the file. config.UpdateJobRunProperties(executionContext); // Make sure we clean up any files in the old location (no workspace id in the path) string oldLocation = GetTrackingFileLocation(executionContext, false); if (File.Exists(oldLocation)) { try { IOUtil.DeleteFileWithRetry(oldLocation, executionContext.CancellationToken).Wait(); } catch (Exception ex) { Trace.Warning($"Unable to delete old tracking folder, ex:{ex.GetType()}"); throw; } } WriteToFile(GetTrackingFileLocation(executionContext, true), config); } private void PrintOutDiskUsage(IExecutionContext context) { // Print disk usage should be best effort, since DriveInfo can't detect usage of UNC share. try { context.Output($"Disk usage for working directory: {HostContext.GetDirectory(WellKnownDirectory.Work)}"); var workDirectoryDrive = new DriveInfo(HostContext.GetDirectory(WellKnownDirectory.Work)); long freeSpace = workDirectoryDrive.AvailableFreeSpace; long totalSpace = workDirectoryDrive.TotalSize; if (PlatformUtil.RunningOnWindows) { context.Output($"Working directory belongs to drive: '{workDirectoryDrive.Name}'"); } else { context.Output($"Information about file system on which working directory resides."); } context.Output($"Total size: '{totalSpace / 1024.0 / 1024.0} MB'"); context.Output($"Available space: '{freeSpace / 1024.0 / 1024.0} MB'"); } catch (Exception ex) { context.Warning($"Unable inspect disk usage for working directory {HostContext.GetDirectory(WellKnownDirectory.Work)}."); Trace.Error(ex); context.Debug(ex.ToString()); } } private void WriteToFile(string file, object value) { Trace.Entering(); Trace.Verbose($"Writing config to file: {file}"); // Create the directory if it does not exist. Directory.CreateDirectory(Path.GetDirectoryName(file)); IOUtil.SaveObject(value, file); } private TrackingConfig ConvertToNewFormat( IExecutionContext executionContext, LegacyTrackingConfig legacyConfig, string suggestedSourceFolderName, string repositoryType) { Trace.Entering(); if (legacyConfig == null) { return null; } // Determine the source directory name. Check if the directory is named "s" already. // Convert the source directory to be named "s" if there is a problem with the old name. string sourcesDirectoryNameOnly = Constants.Build.Path.SourcesDirectory; if (!Directory.Exists(Path.Combine(legacyConfig.BuildDirectory, sourcesDirectoryNameOnly)) && !String.Equals(suggestedSourceFolderName, Constants.Build.Path.ArtifactsDirectory, StringComparison.OrdinalIgnoreCase) && !String.Equals(suggestedSourceFolderName, Constants.Build.Path.LegacyArtifactsDirectory, StringComparison.OrdinalIgnoreCase) && !String.Equals(suggestedSourceFolderName, Constants.Build.Path.LegacyStagingDirectory, StringComparison.OrdinalIgnoreCase) && !String.Equals(suggestedSourceFolderName, Constants.Build.Path.TestResultsDirectory, StringComparison.OrdinalIgnoreCase) && !suggestedSourceFolderName.Contains("\\") && !suggestedSourceFolderName.Contains("/") && Directory.Exists(Path.Combine(legacyConfig.BuildDirectory, suggestedSourceFolderName))) { sourcesDirectoryNameOnly = suggestedSourceFolderName; } // Convert to the new format. var newConfig = new TrackingConfig( executionContext, legacyConfig, sourcesDirectoryNameOnly, repositoryType, useNewArtifactsDirectoryName: false); return newConfig; } } } ================================================ FILE: src/Agent.Worker/Build/UploadResult.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { public class UploadResult { public UploadResult() { FailedFiles = new List(); TotalFileSizeUploaded = 0; } public UploadResult(List failedFiles, long totalFileSizeUploaded) { FailedFiles = failedFiles; TotalFileSizeUploaded = totalFileSizeUploaded; } public List FailedFiles { get; set; } public long TotalFileSizeUploaded { get; set; } public void AddUploadResult(UploadResult resultToAdd) { ArgUtil.NotNull(resultToAdd, nameof(resultToAdd)); this.FailedFiles.AddRange(resultToAdd.FailedFiles); this.TotalFileSizeUploaded += resultToAdd.TotalFileSizeUploaded; } } } ================================================ FILE: src/Agent.Worker/Build/WorkspaceMaintenanceProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Linq; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Maintenance; namespace Microsoft.VisualStudio.Services.Agent.Worker.Build { /// /// This class provides 2 types of maintenance for the agent workspaces (subfolders of _work). /// The first thing is does is mark configurations for garbage collection based on the last time /// they were used. And then it triggers garbage collection. /// The second thing it does is to delegate maintenance to each workspace's source provider. This /// gives the source provider a chance to do anything special that it needs to do. /// public class WorkspaceMaintenanceProvider : AgentService, IMaintenanceServiceProvider { public string MaintenanceDescription => StringUtil.Loc("DeleteUnusedBuildDir"); public Type ExtensionType => typeof(IMaintenanceServiceProvider); public async Task RunMaintenanceOperation(IExecutionContext executionContext) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); // this might be not accurate when the agent is configured for old TFS server int totalAvailableTimeInMinutes = executionContext.Variables.GetInt(Constants.Variables.Maintenance.JobTimeout) ?? 60; // start a timer to track how much time we used Stopwatch totalTimeSpent = Stopwatch.StartNew(); // Attempt to do the garbage collection var trackingManager = HostContext.GetService(); if (!TryHandleGarbageCollection(executionContext, trackingManager)) { // Something horrible has gone wrong; don't continue return; } var trackingConfigs = GetTrackingConfigsForMaintenance(executionContext, trackingManager); // Sort the all tracking file ASC by last maintenance attempted time foreach (var trackingConfig in trackingConfigs.OrderBy(x => x.LastMaintenanceAttemptedOn)) { // Check for cancellation. executionContext.CancellationToken.ThrowIfCancellationRequested(); if (ShouldRunMaintenance(executionContext, trackingConfig, totalAvailableTimeInMinutes, totalTimeSpent)) { await RunSourceProviderMaintenance(executionContext, trackingManager, trackingConfig); } } } private static List GetTrackingConfigsForMaintenance(IExecutionContext executionContext, ITrackingManager trackingManager) { var trackingConfigs = new List(); foreach (var config in trackingManager.EnumerateAllTrackingConfigs(executionContext)) { executionContext.Output(StringUtil.Loc("EvaluateTrackingFile", config.FileLocation)); if (string.IsNullOrEmpty(config.RepositoryType)) { // repository not been set. executionContext.Output(StringUtil.Loc("SkipTrackingFileWithoutRepoType", config.FileLocation)); } else { trackingConfigs.Add(config); } } return trackingConfigs; } private bool TryHandleGarbageCollection(IExecutionContext executionContext, ITrackingManager trackingManager) { int staleBuildDirThreshold = executionContext.Variables.GetInt(Constants.Variables.Maintenance.DeleteWorkingDirectoryDaysThreshold) ?? 0; if (staleBuildDirThreshold > 0) { // scan unused build directories executionContext.Output(StringUtil.Loc("DiscoverBuildDir", staleBuildDirThreshold)); trackingManager.MarkExpiredForGarbageCollection(executionContext, TimeSpan.FromDays(staleBuildDirThreshold)); executionContext.Output(StringUtil.Loc("GCBuildDir")); // delete unused build directories trackingManager.DisposeCollectedGarbage(executionContext); } else { executionContext.Output(StringUtil.Loc("GCBuildDirNotEnabled")); } // give source provider a chance to run maintenance operation Trace.Info("Scan all SourceFolder tracking files."); string searchRoot = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Build.Path.SourceRootMappingDirectory); if (!Directory.Exists(searchRoot)) { executionContext.Output(StringUtil.Loc("GCDirNotExist", searchRoot)); return false; } return true; } private static bool ShouldRunMaintenance(IExecutionContext executionContext, TrackingConfig trackingConfig, int totalAvailableTimeInMinutes, Stopwatch totalTimeSpent) { bool runMainenance = false; if (trackingConfig.LastMaintenanceAttemptedOn == null) { // this folder never run maintenance before, we will do maintenance if there is more than half of the time remains. if (totalTimeSpent.Elapsed.TotalMinutes < totalAvailableTimeInMinutes / 2) // 50% time left { runMainenance = true; } else { executionContext.Output($"Working directory '{trackingConfig.BuildDirectory}' has never run maintenance before. Skip since we may not have enough time."); } } else if (trackingConfig.LastMaintenanceCompletedOn == null) { // this folder did finish maintenance last time, this might indicate we need more time for this working directory if (totalTimeSpent.Elapsed.TotalMinutes < totalAvailableTimeInMinutes / 4) // 75% time left { runMainenance = true; } else { executionContext.Output($"Working directory '{trackingConfig.BuildDirectory}' didn't finish maintenance last time. Skip since we may not have enough time."); } } else { // estimate time for running maintenance TimeSpan estimateTime = trackingConfig.LastMaintenanceCompletedOn.Value - trackingConfig.LastMaintenanceAttemptedOn.Value; // there is more than 10 mins left after we run maintenance on this repository directory if (totalAvailableTimeInMinutes > totalTimeSpent.Elapsed.TotalMinutes + estimateTime.TotalMinutes + 10) { runMainenance = true; } else { executionContext.Output($"Working directory '{trackingConfig.BuildDirectory}' may take about '{estimateTime.TotalMinutes}' mins to finish maintenance. It's too risky since we only have '{totalAvailableTimeInMinutes - totalTimeSpent.Elapsed.TotalMinutes}' mins left for maintenance."); } } return runMainenance; } private async Task RunSourceProviderMaintenance(IExecutionContext executionContext, ITrackingManager trackingManager, TrackingConfig trackingConfig) { var extensionManager = HostContext.GetService(); ISourceProvider sourceProvider = extensionManager.GetExtensions().FirstOrDefault(x => string.Equals(x.RepositoryType, trackingConfig.RepositoryType, StringComparison.OrdinalIgnoreCase)); if (sourceProvider != null) { try { trackingManager.MaintenanceStarted(trackingConfig); string repositoryPath = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), trackingConfig.SourcesDirectory); await sourceProvider.RunMaintenanceOperations(executionContext, repositoryPath); trackingManager.MaintenanceCompleted(trackingConfig); } catch (Exception ex) { executionContext.Error(StringUtil.Loc("ErrorDuringBuildGC", trackingConfig.FileLocation)); executionContext.Error(ex); } } } } } ================================================ FILE: src/Agent.Worker/CodeCoverage/CoberturaSummaryReader.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.TestManagement.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Xml; namespace Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage { public sealed class CoberturaSummaryReader : AgentService, ICodeCoverageSummaryReader { public Type ExtensionType => typeof(ICodeCoverageSummaryReader); public string Name => "Cobertura"; private const string _linesCovered = "Lines"; private const string _branchesCovered = "Branches"; private const string _linesCoveredTag = "lines-covered"; private const string _branchesCoveredTag = "branches-covered"; private const string _linesValidTag = "lines-valid"; private const string _branchesValidTag = "branches-valid"; public IEnumerable GetCodeCoverageSummary(IExecutionContext context, string summaryXmlLocation) { var doc = CodeCoverageUtilities.ReadSummaryFile(context, summaryXmlLocation); return ReadDataFromNodes(doc, summaryXmlLocation); } private IEnumerable ReadDataFromNodes(XmlDocument doc, string summaryXmlLocation) { var listCoverageStats = new List(); if (doc == null) { return null; } XmlNode reportNode = doc.SelectSingleNode("coverage"); if (reportNode != null) { if (reportNode.Attributes != null) { CodeCoverageStatistics coverageStatisticsForLines = GetCCStats(labelTag: _linesCovered, coveredTag: _linesCoveredTag, validTag: _linesValidTag, priorityTag: "line", summaryXmlLocation: summaryXmlLocation, reportNode: reportNode); if (coverageStatisticsForLines != null) { listCoverageStats.Add(coverageStatisticsForLines); } CodeCoverageStatistics coverageStatisticsForBranches = GetCCStats(labelTag: _branchesCovered, coveredTag: _branchesCoveredTag, validTag: _branchesValidTag, priorityTag: "branch", summaryXmlLocation: summaryXmlLocation, reportNode: reportNode); if (coverageStatisticsForBranches != null) { listCoverageStats.Add(coverageStatisticsForBranches); } } } return listCoverageStats.AsEnumerable(); } private CodeCoverageStatistics GetCCStats(string labelTag, string coveredTag, string validTag, string priorityTag, string summaryXmlLocation, XmlNode reportNode) { CodeCoverageStatistics coverageStatistics = null; if (reportNode.Attributes[coveredTag] != null && reportNode.Attributes[validTag] != null) { coverageStatistics = new CodeCoverageStatistics(); coverageStatistics.Label = labelTag; coverageStatistics.Position = CodeCoverageUtilities.GetPriorityOrder(priorityTag); coverageStatistics.Covered = (int)ParseFromXML(coveredTag, summaryXmlLocation, reportNode); coverageStatistics.Total = (int)ParseFromXML(validTag, summaryXmlLocation, reportNode); } return coverageStatistics; } private float ParseFromXML(string parseTag, string summaryXmlLocation, XmlNode reportNode) { float value; if (!float.TryParse(reportNode.Attributes[parseTag].Value, out value)) { throw new InvalidDataException(StringUtil.Loc("InvalidValueInXml", parseTag, summaryXmlLocation)); } return value; } } } ================================================ FILE: src/Agent.Worker/CodeCoverage/CodeCoverageCommands.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.TestManagement.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Net.Sockets; using System.Threading; using System.Threading.Tasks; using Agent.Sdk.Util; using Microsoft.VisualStudio.Services.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage { public sealed class CodeCoverageCommandExtension : BaseWorkerCommandExtension { public CodeCoverageCommandExtension() { CommandArea = "codecoverage"; SupportedHostTypes = HostTypes.Build; InstallWorkerCommand(new PublishCodeCoverageCommand()); } } #region publish code coverage helper methods public sealed class PublishCodeCoverageCommand : IWorkerCommand { public string Name => "publish"; public List Aliases => null; // publish code coverage inputs private int _buildId; private string _summaryFileLocation; private List _additionalCodeCoverageFiles; private string _codeCoverageTool; private string _reportDirectory; [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "GetVssConnection")] public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var eventProperties = command.Properties; _buildId = context.Variables.Build_BuildId ?? -1; if (!IsHostTypeBuild(context) || _buildId < 0) { //In case the publishing codecoverage is not applicable for current Host type we continue without publishing context.Warning(StringUtil.Loc("CodeCoveragePublishIsValidOnlyForBuild")); return; } LoadPublishCodeCoverageInputs(context, eventProperties); string project = context.Variables.System_TeamProject; long? containerId = context.Variables.Build_ContainerId; ArgUtil.NotNull(containerId, nameof(containerId)); Guid projectId = context.Variables.System_TeamProjectId ?? Guid.Empty; ArgUtil.NotEmpty(projectId, nameof(projectId)); //step 1: read code coverage summary var reader = GetCodeCoverageSummaryReader(context, _codeCoverageTool); context.Output(StringUtil.Loc("ReadingCodeCoverageSummary", _summaryFileLocation)); var coverageData = reader.GetCodeCoverageSummary(context, _summaryFileLocation); if (coverageData == null || !coverageData.Any()) { context.Warning(StringUtil.Loc("CodeCoverageDataIsNull")); } VssConnection connection = WorkerUtilities.GetVssConnection(context); var codeCoveragePublisher = context.GetHostContext().GetService(); codeCoveragePublisher.InitializePublisher(_buildId, connection); var commandContext = context.GetHostContext().CreateService(); commandContext.InitializeCommandContext(context, StringUtil.Loc("PublishCodeCoverage")); commandContext.Task = PublishCodeCoverageAsync(context, commandContext, codeCoveragePublisher, coverageData, project, projectId, containerId.Value, context.CancellationToken); context.AsyncCommands.Add(commandContext); } private async Task PublishCodeCoverageAsync( IExecutionContext executionContext, IAsyncCommandContext commandContext, ICodeCoveragePublisher codeCoveragePublisher, IEnumerable coverageData, string project, Guid projectId, long containerId, CancellationToken cancellationToken) { //step 2: publish code coverage summary to TFS if (coverageData != null && coverageData.Any()) { commandContext.Output(StringUtil.Loc("PublishingCodeCoverage")); foreach (var coverage in coverageData) { commandContext.Output(StringUtil.Format(" {0}- {1} of {2} covered.", coverage.Label, coverage.Covered, coverage.Total)); } await codeCoveragePublisher.PublishCodeCoverageSummaryAsync(commandContext, coverageData, project, cancellationToken); } // step 3: publish code coverage files as build artifacts string additionalCodeCoverageFilePath = null; string destinationSummaryFile = null; var newReportDirectory = _reportDirectory; try { var filesToPublish = new List>(); if (!Directory.Exists(newReportDirectory)) { if (!string.IsNullOrWhiteSpace(newReportDirectory)) { // user gave a invalid report directory. Write warning and continue. executionContext.Warning(StringUtil.Loc("DirectoryNotFound", newReportDirectory)); } newReportDirectory = GetCoverageDirectory(_buildId.ToString(), CodeCoverageConstants.ReportDirectory); Directory.CreateDirectory(newReportDirectory); } var summaryFileName = Path.GetFileName(_summaryFileLocation); destinationSummaryFile = Path.Combine(newReportDirectory, CodeCoverageConstants.SummaryFileDirectory + _buildId, summaryFileName); Directory.CreateDirectory(Path.GetDirectoryName(destinationSummaryFile)); File.Copy(_summaryFileLocation, destinationSummaryFile, true); commandContext.Output(StringUtil.Loc("ModifyingCoberturaIndexFile")); ModifyCoberturaIndexDotHTML(newReportDirectory, executionContext); filesToPublish.Add(new Tuple(newReportDirectory, GetCoverageDirectoryName(_buildId.ToString(), CodeCoverageConstants.ReportDirectory))); if (_additionalCodeCoverageFiles != null && _additionalCodeCoverageFiles.Count != 0) { additionalCodeCoverageFilePath = GetCoverageDirectory(_buildId.ToString(), CodeCoverageConstants.RawFilesDirectory); CodeCoverageUtilities.CopyFilesFromFileListWithDirStructure(_additionalCodeCoverageFiles, ref additionalCodeCoverageFilePath); filesToPublish.Add(new Tuple(additionalCodeCoverageFilePath, GetCoverageDirectoryName(_buildId.ToString(), CodeCoverageConstants.RawFilesDirectory))); } commandContext.Output(StringUtil.Loc("PublishingCodeCoverageFiles")); ChangeHtmExtensionToHtmlIfRequired(newReportDirectory, executionContext); await codeCoveragePublisher.PublishCodeCoverageFilesAsync(commandContext, projectId, executionContext.Variables.System_JobId, containerId, filesToPublish, File.Exists(Path.Combine(newReportDirectory, CodeCoverageConstants.DefaultIndexFile)), cancellationToken); } catch (SocketException ex) { using var vssConnection = WorkerUtilities.GetVssConnection(executionContext); ExceptionsUtil.HandleSocketException(ex, vssConnection.Uri.ToString(), executionContext.Warning); } catch (Exception ex) { executionContext.Warning(StringUtil.Loc("ErrorOccurredWhilePublishingCCFiles", ex.Message)); } finally { // clean temporary files. if (!string.IsNullOrEmpty(additionalCodeCoverageFilePath)) { if (Directory.Exists(additionalCodeCoverageFilePath)) { Directory.Delete(path: additionalCodeCoverageFilePath, recursive: true); } } if (!string.IsNullOrEmpty(destinationSummaryFile)) { var summaryFileDirectory = Path.GetDirectoryName(destinationSummaryFile); if (Directory.Exists(summaryFileDirectory)) { Directory.Delete(path: summaryFileDirectory, recursive: true); } } if (!Directory.Exists(_reportDirectory)) { if (Directory.Exists(newReportDirectory)) { //delete the generated report directory Directory.Delete(path: newReportDirectory, recursive: true); } } } } private ICodeCoverageSummaryReader GetCodeCoverageSummaryReader(IExecutionContext executionContext, string codeCoverageTool) { var extensionManager = executionContext.GetHostContext().GetService(); ICodeCoverageSummaryReader summaryReader = (extensionManager.GetExtensions()).FirstOrDefault(x => codeCoverageTool.Equals(x.Name, StringComparison.OrdinalIgnoreCase)); if (summaryReader == null) { throw new ArgumentException(StringUtil.Loc("UnknownCodeCoverageTool", codeCoverageTool)); } return summaryReader; } private bool IsHostTypeBuild(IExecutionContext context) { var hostType = context.Variables.System_HostType; if (hostType.HasFlag(HostTypes.Build)) { return true; } return false; } private void LoadPublishCodeCoverageInputs(IExecutionContext context, Dictionary eventProperties) { //validate codecoverage tool input eventProperties.TryGetValue(PublishCodeCoverageEventProperties.CodeCoverageTool, out _codeCoverageTool); if (string.IsNullOrEmpty(_codeCoverageTool)) { throw new ArgumentException(StringUtil.Loc("ArgumentNeeded", "CodeCoverageTool")); } //validate summary file input eventProperties.TryGetValue(PublishCodeCoverageEventProperties.SummaryFile, out _summaryFileLocation); if (string.IsNullOrEmpty(_summaryFileLocation)) { throw new ArgumentException(StringUtil.Loc("ArgumentNeeded", "SummaryFile")); } // Translate file path back from container path _summaryFileLocation = context.TranslateToHostPath(_summaryFileLocation); eventProperties.TryGetValue(PublishCodeCoverageEventProperties.ReportDirectory, out _reportDirectory); // Translate file path back from container path _reportDirectory = context.TranslateToHostPath(_reportDirectory); string additionalFilesInput; eventProperties.TryGetValue(PublishCodeCoverageEventProperties.AdditionalCodeCoverageFiles, out additionalFilesInput); if (!string.IsNullOrEmpty(additionalFilesInput) && additionalFilesInput.Split(',').Count() > 0) { _additionalCodeCoverageFiles = additionalFilesInput.Split(',').Select(x => context.TranslateToHostPath(x)).ToList(); } } // Changes the index.htm file to index.html if index.htm exists private void ChangeHtmExtensionToHtmlIfRequired(string reportDirectory, IExecutionContext executionContext) { var defaultIndexFile = Path.Combine(reportDirectory, CodeCoverageConstants.DefaultIndexFile); var htmIndexFile = Path.Combine(reportDirectory, CodeCoverageConstants.HtmIndexFile); // If index.html does not exist and index.htm exists, copy the .html file from .htm file. // Don't delete the .htm file as it might be referenced by other .htm/.html files. if (!File.Exists(defaultIndexFile) && File.Exists(htmIndexFile)) { try { File.Copy(sourceFileName: htmIndexFile, destFileName: defaultIndexFile); } catch (Exception ex) { // In the warning text, prefer using ex.InnerException when available, for more-specific details executionContext.Warning(StringUtil.Loc("RenameIndexFileCoberturaFailed", htmIndexFile, defaultIndexFile, _codeCoverageTool, (ex.InnerException ?? ex).ToString())); } } } /// /// This method replaces the default index.html generated by cobertura with /// the non-framed version /// /// private void ModifyCoberturaIndexDotHTML(string reportDirectory, IExecutionContext executionContext) { try { string newIndexHtml = Path.Combine(reportDirectory, CodeCoverageConstants.NewIndexFile); string indexHtml = Path.Combine(reportDirectory, CodeCoverageConstants.DefaultIndexFile); string nonFrameHtml = Path.Combine(reportDirectory, CodeCoverageConstants.DefaultNonFrameFileCobertura); if (_codeCoverageTool.Equals("cobertura", StringComparison.OrdinalIgnoreCase) && File.Exists(indexHtml) && File.Exists(nonFrameHtml)) { // duplicating frame-summary.html to index.html and renaming index.html to newindex.html try { IOUtil.DeleteFileWithRetry(newIndexHtml, executionContext.CancellationToken).Wait(); } catch (Exception ex) { executionContext.GetTraceWriter()?.Info($"Unable to delete old tracking folder, ex:{ex.GetType()}"); throw; } File.Move(indexHtml, newIndexHtml); File.Copy(nonFrameHtml, indexHtml, overwrite: true); } } catch (Exception ex) { // In the warning text, prefer using ex.InnerException when available, for more-specific details executionContext.Warning(StringUtil.Loc("RenameIndexFileCoberturaFailed", CodeCoverageConstants.DefaultNonFrameFileCobertura, CodeCoverageConstants.DefaultIndexFile, _codeCoverageTool, (ex.InnerException ?? ex).ToString())); } } private string GetCoverageDirectory(string buildId, string directoryName) { return Path.Combine(Path.GetTempPath(), GetCoverageDirectoryName(buildId, directoryName)); } private string GetCoverageDirectoryName(string buildId, string directoryName) { return directoryName + "_" + buildId; } #endregion internal static class PublishCodeCoverageEventProperties { internal static readonly string CodeCoverageTool = "codecoveragetool"; internal static readonly string SummaryFile = "summaryfile"; internal static readonly string ReportDirectory = "reportdirectory"; internal static readonly string AdditionalCodeCoverageFiles = "additionalcodecoveragefiles"; } } } ================================================ FILE: src/Agent.Worker/CodeCoverage/CodeCoverageConstants.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage { public static class CodeCoverageConstants { // version keeps updating . Make sure we use the latest version. public const string JacocoVersion = "0.7.5.201505241946"; public const string MavenAntRunPluginVersion = "1.8"; public const string CoberturaVersion = "2.7"; // Cobertura Ant #region Ant-Cobertura public const string CoberturaClassPathString = "cobertura-classpath-3d368d85-30d7-4f8f-94ec-555eed0714a8"; public const string CoberturaAntReport = @"" + @"" + @"{0}" + @"{1}" + @"{2}" + @"" + @" " + @" " + @"" + @""; public const string CoberturaTaskDef = @" "; public const string CoberturaEnvProperty = @""; public const string CoberturaClassPath = @"" + @" " + @" " + @" " + @" " + @" "; public const string CoberturaInstrumentNode = @" " + @"{2}" + @" "; #endregion #region Ant-Jacoco public const string JacocoAntReport = @"" + @"" + @" " + @" " + @" " + @"{1}" + @" " + @" " + @" " + @"{2}" + @" " + @" " + @"{3}" + @" " + @" " + @" " + @" " + @" " + @" " + @" " + @""; #endregion #region PublishCodeCoverage public const string RawFilesDirectory = "Code Coverage Files"; public const string ReportDirectory = "Code Coverage Report"; public const string SummaryFileDirectory = "summary"; public const string DefaultIndexFile = "index.html"; public const string HtmIndexFile = "index.htm"; public const string NewIndexFile = "indexnew.html"; //This file name is dependent on the outputs produced by the cobertura tool. //The name can change in future and should be updated if required public const string DefaultNonFrameFileCobertura = "frame-summary.html"; #endregion #region VerboseStrings public const string SettingAttributeTemplate = "Setting attribute '{0}' = '{1}' for '{2}' task."; public const string EnablingEditingTemplate = "Enabling '{0}' code coverage for '{1}' by editing '{2}'."; public const string InvalidXMLTemplate = "Invalid build xml '{0}'. Error '{1}' occurred while parsing the file. "; public const string MavenMultiModule = "This is a multi module project. Generating code coverage reports using ant task."; #endregion #region FeatureFlags public const string EnablePublishToTcmServiceDirectlyFromTaskFF = "TestManagement.Server.EnablePublishToTcmServiceDirectlyFromTask"; public const string TriggerCoverageMergeJobFF = "TestManagement.Server.TriggerCoverageMergeJob"; #endregion } } ================================================ FILE: src/Agent.Worker/CodeCoverage/CodeCoveragePublisher.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.TestManagement.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Microsoft.VisualStudio.Services.WebApi; using System; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage { [ServiceLocator(Default = typeof(CodeCoveragePublisher))] public interface ICodeCoveragePublisher : IAgentService { void InitializePublisher(int buildId, VssConnection connection); /// /// publish codecoverage summary data to server /// Task PublishCodeCoverageSummaryAsync(IAsyncCommandContext context, IEnumerable coverageData, string project, CancellationToken cancellationToken); /// /// publish codecoverage files to server /// Task PublishCodeCoverageFilesAsync(IAsyncCommandContext context, Guid projectId, string jobId, long containerId, List> files, bool browsable, CancellationToken cancellationToken); } public sealed class CodeCoveragePublisher : AgentService, ICodeCoveragePublisher { private ICodeCoverageServer _codeCoverageServer; private int _buildId; private VssConnection _connection; public void InitializePublisher(int buildId, VssConnection connection) { ArgUtil.NotNull(connection, nameof(connection)); _connection = connection; _buildId = buildId; _codeCoverageServer = HostContext.GetService(); } public async Task PublishCodeCoverageSummaryAsync(IAsyncCommandContext context, IEnumerable coverageData, string project, CancellationToken cancellationToken) { await _codeCoverageServer.PublishCoverageSummaryAsync(context, _connection, project, _buildId, coverageData, cancellationToken); } public async Task PublishCodeCoverageFilesAsync(IAsyncCommandContext context, Guid projectId, string jobId, long containerId, List> files, bool browsable, CancellationToken cancellationToken) { var publishCCTasks = files.Select(async file => { var browsableProperty = (browsable) ? bool.TrueString : bool.FalseString; var artifactProperties = new Dictionary { { ArtifactUploadEventProperties.ContainerFolder, file.Item2}, { ArtifactUploadEventProperties.ArtifactName, file.Item2 }, { ArtifactAssociateEventProperties.ArtifactType, ArtifactResourceTypes.Container }, { ArtifactAssociateEventProperties.Browsable, browsableProperty }, }; var fileContainerHelper = new FileContainerServer(_connection, projectId, containerId, file.Item2); await fileContainerHelper.CopyToContainerAsync(context, file.Item1, cancellationToken); var fileContainerFullPath = StringUtil.Format($"#/{containerId}/{file.Item2}"); var buildHelper = context.GetHostContext().GetService(); await buildHelper.ConnectAsync(_connection); var artifact = await buildHelper.AssociateArtifactAsync(_buildId, projectId, file.Item2, jobId, ArtifactResourceTypes.Container, fileContainerFullPath, artifactProperties, cancellationToken); context.Output(StringUtil.Loc("PublishedCodeCoverageArtifact", file.Item1, file.Item2)); }); await Task.WhenAll(publishCCTasks); } } } ================================================ FILE: src/Agent.Worker/CodeCoverage/CodeCoverageServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.TestManagement.WebApi; using Microsoft.VisualStudio.Services.FeatureAvailability.WebApi; using Microsoft.VisualStudio.Services.TestResults.WebApi; using Microsoft.VisualStudio.Services.WebApi; using System; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage { [ServiceLocator(Default = typeof(CodeCoverageServer))] public interface ICodeCoverageServer : IAgentService { /// /// Publish code coverage summary /// Task PublishCoverageSummaryAsync(IAsyncCommandContext context, VssConnection connection, string project, int buildId, IEnumerable coverageData, CancellationToken cancellationToken); } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1812: Avoid uninstantiated internal classes")] internal sealed class CodeCoverageServer : AgentService, ICodeCoverageServer { public async Task PublishCoverageSummaryAsync(IAsyncCommandContext context, VssConnection connection, string project, int buildId, IEnumerable coverageData, CancellationToken cancellationToken) { // We are currently passing BuildFlavor and BuildPlatform = "" There value are required be passed to command CodeCoverageData data = new CodeCoverageData() { BuildFlavor = "", BuildPlatform = "", CoverageStats = coverageData.ToList() }; FeatureAvailabilityHttpClient featureAvailabilityHttpClient = connection.GetClient(); if (FeatureFlagUtility.GetFeatureFlagState(featureAvailabilityHttpClient, CodeCoverageConstants.EnablePublishToTcmServiceDirectlyFromTaskFF, context)) { TestResultsHttpClient tcmClient = connection.GetClient(); await tcmClient.UpdateCodeCoverageSummaryAsync(data, project, buildId, cancellationToken: cancellationToken); } else { TestManagementHttpClient tfsClient = connection.GetClient(); await tfsClient.UpdateCodeCoverageSummaryAsync(data, project, buildId, cancellationToken: cancellationToken); } } } } ================================================ FILE: src/Agent.Worker/CodeCoverage/CodeCoverageUtilities.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Xml; using System.Xml.Linq; namespace Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage { public static class CodeCoverageUtilities { public static void CopyFilesFromFileListWithDirStructure(List files, ref string destinatonFilePath) { string commonPath = null; if (files != null) { files.RemoveAll(q => q == null); if (files.Count > 1) { files.Sort(); commonPath = SharedSubstring(files[0], files[files.Count - 1]); } foreach (var file in files) { string newFile = null; if (!string.IsNullOrEmpty(commonPath)) { newFile = file.Replace(commonPath, ""); } else { newFile = Path.GetFileName(file); } newFile = Path.Combine(destinatonFilePath, newFile); Directory.CreateDirectory(Path.GetDirectoryName(newFile)); File.Copy(file, newFile, true); } } } public static XmlDocument ReadSummaryFile(IExecutionContext context, string summaryXmlLocation) { string xmlContents = ""; //read xml contents if (!File.Exists(summaryXmlLocation)) { throw new ArgumentException(StringUtil.Loc("FileDoesNotExist", summaryXmlLocation)); } xmlContents = File.ReadAllText(summaryXmlLocation); if (string.IsNullOrWhiteSpace(xmlContents)) { return null; } XmlDocument doc = new XmlDocument(); try { var settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore }; using (XmlReader reader = XmlReader.Create(summaryXmlLocation, settings)) { doc.Load(reader); } } catch (XmlException ex) { context.Warning(StringUtil.Loc("FailedToReadFile", summaryXmlLocation, ex.Message)); return null; } return doc; } public static int GetPriorityOrder(string coverageUnit) { if (!string.IsNullOrEmpty(coverageUnit)) { switch (coverageUnit.ToLower()) { case "instruction": return (int)Priority.Instruction; case "line": return (int)Priority.Line; case "complexity": return (int)Priority.Complexity; case "class": return (int)Priority.Class; case "method": return (int)Priority.Method; default: return (int)Priority.Other; } } return (int)Priority.Other; } public static string TrimNonEmptyParam(string parameterValue, string parameterName) { if (string.IsNullOrWhiteSpace(parameterValue)) { throw new ArgumentException(StringUtil.Loc("ArgumentNeeded", parameterName)); } return parameterValue.Trim(); } public static string TrimToEmptyString(string input) { if (string.IsNullOrWhiteSpace(input)) { return string.Empty; } return input.Trim(); } private static string GetFilterSubString(string filter, int startIndex) { return filter.Substring(startIndex, filter.Length - startIndex); } private enum Priority { Class = 1, Complexity = 2, Method = 3, Line = 4, Instruction = 5, Other = 6 } private static string SharedSubstring(string string1, string string2) { string ret = string.Empty; int index = 1; while (string1.Substring(0, index) == string2.Substring(0, index)) { ret = string1.Substring(0, index); index++; } return ret; } } } ================================================ FILE: src/Agent.Worker/CodeCoverage/FeatureFlagUtility.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.FeatureAvailability.WebApi; using System; using System.Collections.Generic; using System.Text; namespace Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage { public static class FeatureFlagUtility { public static bool GetFeatureFlagState(FeatureAvailabilityHttpClient featureAvailabilityHttpClient, string FFName, IAsyncCommandContext context) { ArgUtil.NotNull(context, nameof(context)); try { var featureFlag = featureAvailabilityHttpClient?.GetFeatureFlagByNameAsync(FFName).Result; if (featureFlag != null && featureFlag.EffectiveState.Equals("Off", StringComparison.OrdinalIgnoreCase)) { return false; } } catch { context.Debug(StringUtil.Format("Failed to get FF {0} Value. By default, publishing data to TCM.", FFName)); return true; } return true; } } } ================================================ FILE: src/Agent.Worker/CodeCoverage/ICodeCoverageSummaryReader.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.TestManagement.WebApi; using System.Collections.Generic; namespace Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage { public interface ICodeCoverageSummaryReader : IExtension { /// /// Get CodeCoverageStatistics from summary file /// /// coverage summary file /// IEnumerable GetCodeCoverageSummary(IExecutionContext context, string summaryFileLocation); /// /// Result reader name /// string Name { get; } } } ================================================ FILE: src/Agent.Worker/CodeCoverage/JaCoCoSummaryReader.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.TestManagement.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Xml; namespace Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage { public sealed class JaCoCoSummaryReader : AgentService, ICodeCoverageSummaryReader { public Type ExtensionType => typeof(ICodeCoverageSummaryReader); public string Name => "JaCoCo"; private const string _covered = "covered"; private const string _missed = "missed"; public IEnumerable GetCodeCoverageSummary(IExecutionContext context, string summaryXmlLocation) { var doc = CodeCoverageUtilities.ReadSummaryFile(context, summaryXmlLocation); return ReadDataFromNodes(doc, summaryXmlLocation); } private IEnumerable ReadDataFromNodes(XmlDocument doc, string summaryXmlLocation) { var listCoverageStats = new List(); if (doc == null) { return null; } //read data from report nodes XmlNode reportNode = doc.SelectSingleNode("report"); if (reportNode != null) { XmlNodeList counterNodeList = doc.SelectNodes("/report/counter"); if (counterNodeList != null) { foreach (XmlNode counterNode in counterNodeList) { var coverageStatistics = new CodeCoverageStatistics(); if (counterNode.Attributes != null) { if (counterNode.Attributes["type"] != null) { coverageStatistics.Label = ToTitleCase(counterNode.Attributes["type"].Value); coverageStatistics.Position = CodeCoverageUtilities.GetPriorityOrder(coverageStatistics.Label); } if (counterNode.Attributes[_covered] != null) { float covered; if (!float.TryParse(counterNode.Attributes[_covered].Value, out covered)) { throw new InvalidDataException(StringUtil.Loc("InvalidValueInXml", _covered, summaryXmlLocation)); } coverageStatistics.Covered = (int)covered; if (counterNode.Attributes[_missed] != null) { float missed; if (!float.TryParse(counterNode.Attributes[_missed].Value, out missed)) { throw new InvalidDataException(StringUtil.Loc("InvalidValueInXml", _missed, summaryXmlLocation)); } coverageStatistics.Total = (int)missed + (int)covered; } } } listCoverageStats.Add(coverageStatistics); } } } return listCoverageStats.AsEnumerable(); } private string ToTitleCase(string inputString) { if (string.IsNullOrWhiteSpace(inputString)) { return inputString; } string outputString = string.Empty; var newWord = true; for (int i = 0; i < inputString.Length; i++) { if (inputString[i] == ' ') { newWord = true; outputString += inputString[i]; continue; } if (newWord) { outputString += char.ToUpper(inputString[i]); } else { outputString += char.ToLower(inputString[i]); } newWord = false; } return outputString; } } } ================================================ FILE: src/Agent.Worker/Container/ContainerDiagnosticsManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker.Container { [ServiceLocator(Default = typeof(ContainerDiagnosticsManager))] public interface IContainerDiagnosticsManager : IAgentService { Task CollectDockerExecFailureDiagnosticsAsync( Exception originalException, string dockerPath, string dockerArgs, string containerId); } public class ContainerDiagnosticsManager : AgentService, IContainerDiagnosticsManager { /// /// Collects comprehensive diagnostics when docker exec command fails /// public async Task CollectDockerExecFailureDiagnosticsAsync( Exception originalException, string dockerPath, string dockerArgs, string containerId) { var dockerManager = HostContext.GetService(); try { using (Trace.EnteringWithDuration()) { Trace.Error("Docker exec failure diagnostics started"); Trace.Error($"Exception: {originalException.GetType().Name}: {originalException.Message}"); Trace.Error($"Failed command: {dockerPath} {dockerArgs}"); // Extract exit code from exception int? exitCode = null; if (originalException is ProcessExitCodeException processEx) { exitCode = processEx.ExitCode; Trace.Error($"Exit code: {exitCode}"); } Trace.Info($"Container ID: {containerId}"); Trace.Info("Collecting system information"); await CollectBasicSystemInfo(Trace); // Run diagnostics (this collects container state internally) await RunDiagnostics(exitCode, dockerManager, containerId, dockerArgs); Trace.Info("Docker exec failure diagnostics completed"); } } catch (Exception diagEx) { Trace.Error($"Diagnostic collection failed: {diagEx.ToString()}"); } } /// /// Evidence-based diagnostics - collects all evidence first, then analyzes to determine root cause /// private async Task RunDiagnostics(int? exitCode, IDockerCommandManager dockerManager, string containerId, string dockerArgs) { try { using (Trace.EnteringWithDuration()) { Trace.Info("Starting diagnostic evidence collection"); Trace.Error($"Docker exec failed with exit code: {exitCode?.ToString() ?? "null"}"); Trace.Error($"Failed command: docker {dockerArgs}"); Trace.Info("Phase 1: Collecting diagnostic evidence"); Trace.Info("Checking container state and lifecycle"); var containerState = await GetContainerState(dockerManager, containerId, Trace); // Get containerOS from the collected state string containerOS = containerState?.OS ?? "linux"; Trace.Info("Checking resource constraints and OOM status"); var resourceState = await GetResourceState(dockerManager, containerId, Trace); Trace.Info("Retrieving container logs from time of failure"); await GetContainerLogs(dockerManager, containerId, Trace, resourceState); Trace.Info("Checking Docker daemon health"); await DiagnoseDockerDaemon(dockerManager, Trace); if (containerState != null && containerState.IsRunning) { Trace.Info("Checking command and environment availability"); await DiagnoseCommandIssues(dockerManager, containerId, Trace, containerOS); } else { Trace.Info("Skipping command availability check because container is not running"); } Trace.Info("Phase 2: Analyzing evidence to determine root cause"); AnalyzeAndReportRootCause(exitCode, containerState, resourceState, containerOS, dockerArgs, Trace); } } catch (Exception ex) { Trace.Error($"Diagnostic collection failed: {ex.ToString()}"); } } /// /// Collects basic system information /// private async Task CollectBasicSystemInfo(ITraceWriter trace) { try { trace.Info($"Platform: {System.Runtime.InteropServices.RuntimeInformation.OSDescription}"); trace.Info($"Architecture: {System.Runtime.InteropServices.RuntimeInformation.OSArchitecture}"); trace.Info($"Process Architecture: {System.Runtime.InteropServices.RuntimeInformation.ProcessArchitecture}"); if (PlatformUtil.RunningOnWindows) { await ExecuteDiagnosticCommand("systeminfo", "", trace, "System Information", maxLines: 5); } else { await ExecuteDiagnosticCommand("uname", "-a", trace, "System Information"); } } catch (Exception ex) { trace.Info($"Basic system info collection failed: {ex.Message}"); } } /// /// Diagnoses command-related issues (Exit Code 127: Command Not Found) /// private async Task DiagnoseCommandIssues(IDockerCommandManager dockerManager, string containerId, ITraceWriter trace, string containerOS) { trace.Info("Checking PATH and available commands..."); if (containerOS == "windows") { // Check PATH and common commands in Windows container await ExecuteDiagnosticCommand(dockerManager.DockerPath, $"exec {containerId} cmd /c \"echo PATH=%PATH% & where node 2^>nul ^|^| echo node not found & where npm 2^>nul ^|^| echo npm not found & where powershell 2^>nul ^|^| echo powershell not found\"", trace, "Windows PATH and Command Availability"); } else { // Check PATH and common commands in Linux container await ExecuteDiagnosticCommand(dockerManager.DockerPath, $"exec {containerId} sh -c \"echo PATH=$PATH; which node || echo 'node: not found'; which npm || echo 'npm: not found'; which bash || echo 'bash: not found'; which sh || echo 'sh: found'\"", trace, "Linux PATH and Command Availability", maxLines: 10); } } /// /// Diagnoses Docker daemon issues /// private async Task DiagnoseDockerDaemon(IDockerCommandManager dockerManager, ITraceWriter trace) { // ExecuteDiagnosticCommand handles all exceptions internally, so no try-catch needed here trace.Info("Testing Docker daemon connectivity..."); await ExecuteDiagnosticCommand(dockerManager.DockerPath, "version", trace, "Docker Version (Client & Server)", maxLines: 15); // Check if daemon is responsive await ExecuteDiagnosticCommand(dockerManager.DockerPath, "info --format \"ServerVersion={{.ServerVersion}} ContainersRunning={{.ContainersRunning}} MemTotal={{.MemTotal}}\"", trace, "Docker Daemon Status", maxLines: 15); // Check docker system resources await ExecuteDiagnosticCommand(dockerManager.DockerPath, "system df", trace, "Docker System Disk Usage", maxLines: 15); } /// /// Executes a diagnostic command and logs the result /// private async Task ExecuteDiagnosticCommand(string command, string args, ITraceWriter trace, string description, int maxLines = 15) { try { using var processInvoker = HostContext.CreateService(); var output = new List(); processInvoker.OutputDataReceived += (sender, e) => { if (!string.IsNullOrEmpty(e.Data)) output.Add(e.Data); }; processInvoker.ErrorDataReceived += (sender, e) => { if (!string.IsNullOrEmpty(e.Data)) output.Add($"ERROR: {e.Data}"); }; using var timeoutTokenSource = new CancellationTokenSource(TimeSpan.FromSeconds(60)); var exitCode = await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: command, arguments: args, environment: null, requireExitCodeZero: false, outputEncoding: null, cancellationToken: timeoutTokenSource.Token); trace.Info($"{description}: Exit Code {exitCode}"); foreach (var line in output.Take(maxLines)) { trace.Info($" {line}"); } if (output.Count > maxLines) { trace.Info($" ... ({output.Count - maxLines} more lines truncated)"); } } catch (Exception ex) { trace.Info($"Diagnostic command '{command} {args}' failed: {ex.Message}"); } } /// /// Collects comprehensive container state from docker inspect /// private async Task GetContainerState(IDockerCommandManager dockerManager, string containerId, ITraceWriter trace) { var state = new ContainerState(); try { using var processInvoker = HostContext.CreateService(); var output = new List(); processInvoker.OutputDataReceived += (sender, e) => { if (!string.IsNullOrEmpty(e.Data)) output.Add(e.Data); }; processInvoker.ErrorDataReceived += (sender, e) => { if (!string.IsNullOrEmpty(e.Data)) trace.Info($"Docker inspect stderr: {e.Data}"); }; // Get comprehensive container state in one call using var timeoutTokenSource = new CancellationTokenSource(TimeSpan.FromSeconds(60)); var exitCode = await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: dockerManager.DockerPath, arguments: $"inspect {containerId} --format \"Running={{{{.State.Running}}}}|Status={{{{.State.Status}}}}|ExitCode={{{{.State.ExitCode}}}}|Error={{{{.State.Error}}}}|StartedAt={{{{.State.StartedAt}}}}|FinishedAt={{{{.State.FinishedAt}}}}|OS={{{{.Platform}}}}\"", environment: null, requireExitCodeZero: false, outputEncoding: null, cancellationToken: timeoutTokenSource.Token); if (exitCode == 0 && output.Count > 0) { var parts = output[0].Split('|'); foreach (var part in parts) { var kv = part.Split(new[] { '=' }, 2); if (kv.Length == 2) { switch (kv[0]) { case "Running": state.IsRunning = kv[1].Equals("true", StringComparison.OrdinalIgnoreCase); break; case "Status": state.Status = kv[1]; break; case "ExitCode": if (int.TryParse(kv[1], out var code)) state.ExitCode = code; break; case "Error": state.Error = kv[1]; break; case "OS": state.OS = kv[1].Contains("windows", StringComparison.OrdinalIgnoreCase) ? "windows" : "linux"; break; default: // Ignore unexpected keys from docker inspect break; } } } trace.Info($"Container state collected: Running={state.IsRunning}, Status={state.Status}, ExitCode={state.ExitCode}, OS={state.OS}"); if (!string.IsNullOrEmpty(state.Error)) { trace.Info($"Container error message: {state.Error}"); } } } catch (Exception ex) { trace.Info($"Failed to get container state: {ex.Message}"); } return state; } /// /// Collects resource state including OOM status and memory limits /// private async Task GetResourceState(IDockerCommandManager dockerManager, string containerId, ITraceWriter trace) { var state = new ResourceState(); try { using var processInvoker = HostContext.CreateService(); var output = new List(); processInvoker.OutputDataReceived += (sender, e) => { if (!string.IsNullOrEmpty(e.Data)) output.Add(e.Data); }; processInvoker.ErrorDataReceived += (sender, e) => { if (!string.IsNullOrEmpty(e.Data)) { trace.Info($"Docker inspect stderr: {e.Data}"); } }; // Check OOM, memory limits, and logging configuration using var timeoutTokenSource = new CancellationTokenSource(TimeSpan.FromSeconds(60)); var exitCode = await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: dockerManager.DockerPath, arguments: $"inspect {containerId} --format \"OOMKilled={{{{.State.OOMKilled}}}}|MemoryLimit={{{{.HostConfig.Memory}}}}|LogDriver={{{{.HostConfig.LogConfig.Type}}}}|LogPath={{{{.LogPath}}}}\"", environment: null, requireExitCodeZero: false, outputEncoding: null, cancellationToken: timeoutTokenSource.Token); if (exitCode == 0 && output.Count > 0) { var parts = output[0].Split('|'); foreach (var part in parts) { var kv = part.Split(new[] { '=' }, 2); if (kv.Length == 2) { switch (kv[0]) { case "OOMKilled": state.OOMKilled = kv[1].Equals("true", StringComparison.OrdinalIgnoreCase); break; case "MemoryLimit": if (long.TryParse(kv[1], out var limit)) state.MemoryLimit = limit; break; case "LogDriver": state.LogDriver = kv[1]; break; case "LogPath": state.LogPath = kv[1]; break; default: // Ignore unexpected keys from docker inspect break; } } } var memoryMB = state.MemoryLimit > 0 ? $"{state.MemoryLimit / 1024 / 1024} MB" : "unlimited"; trace.Info($"Resource state collected: OOMKilled={state.OOMKilled}, MemoryLimit={memoryMB}, LogDriver={state.LogDriver}"); } } catch (Exception ex) { trace.Info($"Failed to get resource state: {ex.Message}"); } return state; } /// /// Retrieves container logs from time of failure /// private async Task GetContainerLogs(IDockerCommandManager dockerManager, string containerId, ITraceWriter trace, ResourceState resourceState) { try { trace.Info($"Log Configuration: Driver={resourceState?.LogDriver ?? "unknown"}, Path={resourceState?.LogPath ?? "unknown"}"); // Get last 50 lines of logs with timestamps using var processInvoker = HostContext.CreateService(); var output = new List(); var hasLogs = false; processInvoker.OutputDataReceived += (sender, e) => { if (!string.IsNullOrEmpty(e.Data)) { output.Add(e.Data); hasLogs = true; } }; processInvoker.ErrorDataReceived += (sender, e) => { if (!string.IsNullOrEmpty(e.Data)) trace.Info($"Docker logs stderr: {e.Data}"); }; using var timeoutTokenSource = new CancellationTokenSource(TimeSpan.FromSeconds(60)); var exitCode = await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: dockerManager.DockerPath, arguments: $"logs --tail 50 --timestamps {containerId}", environment: null, requireExitCodeZero: false, outputEncoding: null, cancellationToken: timeoutTokenSource.Token); if (hasLogs) { trace.Info("Container logs retrieved (last 50 lines):"); foreach (var line in output.Take(50)) { trace.Info($" {line}"); } } else { trace.Info("Container logs are empty. No output was written to stdout or stderr."); trace.Info("Possible reasons: Application did not write to stdout/stderr, immediate crash, or output buffering."); } } catch (Exception ex) { trace.Info($"Failed to retrieve container logs: {ex.Message}"); } } /// /// Analyzes collected evidence and reports root cause /// Uses evidence-based analysis rather than exit code matching /// private void AnalyzeAndReportRootCause(int? exitCode, ContainerState containerState, ResourceState resourceState, string containerOS, string dockerArgs, ITraceWriter trace) { // OOM killed - Most definitive evidence if (resourceState != null && resourceState.OOMKilled) { trace.Info("ROOT CAUSE: OUT OF MEMORY"); trace.Info($" OOMKilled flag: TRUE "); trace.Info($" Memory limit: {resourceState.MemoryLimit / 1024 / 1024} MB"); trace.Info($" Docker exec exit code: {exitCode}"); trace.Info($" Container OS: {containerOS}"); trace.Info(" The container exceeded its memory limit and was terminated by the system OOM (Out-Of-Memory) killer. Exit codes vary by OS:"); return; } // Container not running if (containerState != null && !containerState.IsRunning) { trace.Info("ROOT CAUSE: CONTAINER NOT RUNNING / EXITED"); trace.Info($" Container running: FALSE"); trace.Info($" Container status: {containerState.Status}"); trace.Info($" Container exit code: {containerState.ExitCode}"); trace.Info($" Docker exec exit code: {exitCode}"); if (!string.IsNullOrEmpty(containerState.Error)) { trace.Info($" Container error: {containerState.Error}"); } return; } if (!exitCode.HasValue) { trace.Info("LIKELY CAUSE: PROCESS CANCELLATION OR TIMEOUT"); trace.Info($" Exit code: NULL (no exit code returned)"); trace.Info($" Container running: {containerState?.IsRunning.ToString() ?? "unknown"}"); trace.Info($" Container status: {containerState?.Status ?? "unknown"}"); return; } // Container is running but exec failed if (containerState != null && containerState.IsRunning) { // Linux: Use exit codes for diagnosis if (containerOS == "linux") { trace.Info($" Container running: TRUE"); trace.Info($" Container status: {containerState.Status}"); if (exitCode == 127) { trace.Info("Likely Cause: COMMAND NOT FOUND"); trace.Info(" Exit code 127 typically indicates the command or executable was not found in the container."); } else if (exitCode == 137) { trace.Info("Likely Cause: PROCESS KILLED (SIGKILL)"); trace.Info(" Exit code 137 indicates process was killed with SIGKILL. Common causes: OOM killer, manual kill, or timeout"); } else if (exitCode == 126) { trace.Info("Likely Cause: PERMISSION DENIED"); trace.Info(" Exit code 126 indicates permission denied."); } else { trace.Info("Likely Cause: EXECUTION FAILURE"); trace.Info($" Exit code {exitCode} indicates the command failed."); } } else // Windows { // Windows containers lack reliable diagnostic signals for automatic root cause analysis: // 1. Exit codes are non-standard: The same failure (e.g., OOM) produces different codes // across Windows versions (-532462766, -2146232797, -1073741819, etc.) // 2. OOMKilled flag unreliable: Docker on Windows doesn't reliably detect or report OOM events // because Windows Job Objects don't expose the same memory signals as Linux cgroups // 3. Process-specific codes: .NET (COMException codes), Node.js (V8 codes), and native Win32 // processes all use different exit code schemes // 4. No standardized signals: Unlike Linux (SIGKILL=137, SIGTERM=143), Windows lacks // consistent process termination signals visible to Docker trace.Info("Collected diagnostic summary:"); trace.Info($" Docker exec exit code: {exitCode?.ToString() ?? "null"}"); trace.Info($" Container running: {containerState?.IsRunning.ToString() ?? "unknown"}"); trace.Info($" Container status: {containerState?.Status ?? "unknown"}"); trace.Info($" Container exit code: {containerState?.ExitCode.ToString() ?? "unknown"}"); trace.Info($" Container OS: {containerOS}"); trace.Info($" Failed command: docker {dockerArgs}"); } return; } // Fallback: Unable to determine specific cause trace.Info("UNABLE TO DETERMINE SPECIFIC CAUSE"); trace.Info("Collected diagnostic summary:"); trace.Info($" Docker exec exit code: {exitCode?.ToString() ?? "null"}"); trace.Info($" Container running: {containerState?.IsRunning.ToString() ?? "unknown"}"); trace.Info($" Container status: {containerState?.Status ?? "unknown"}"); trace.Info($" Container exit code: {containerState?.ExitCode.ToString() ?? "unknown"}"); trace.Info($" Container OS: {containerOS}"); trace.Info($" OOM killed: {resourceState?.OOMKilled.ToString() ?? "unknown"}"); trace.Info($" Failed command: docker {dockerArgs}"); } /// /// Container state information collected from docker inspect /// private class ContainerState { public bool IsRunning { get; set; } public string Status { get; set; } // running/exited/dead/paused public int ExitCode { get; set; } public string Error { get; set; } public DateTime? StartedAt { get; set; } public DateTime? FinishedAt { get; set; } public string OS { get; set; } // windows/linux } /// /// Resource state information for OOM and memory diagnostics /// private class ResourceState { public bool OOMKilled { get; set; } public long MemoryLimit { get; set; } public string LogDriver { get; set; } public string LogPath { get; set; } } } } ================================================ FILE: src/Agent.Worker/Container/DockerCommandManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using System; using System.Collections.Generic; using System.Linq; using System.Text.RegularExpressions; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.Framework.Common; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Container { [ServiceLocator(Default = typeof(DockerCommandManager))] public interface IDockerCommandManager : IAgentService { string DockerPath { get; } string DockerInstanceLabel { get; } Task DockerVersion(IExecutionContext context); Task DockerLogin(IExecutionContext context, string server, string username, string password); Task DockerLogout(IExecutionContext context, string server); Task DockerPull(IExecutionContext context, string image); Task DockerCreate(IExecutionContext context, ContainerInfo container); Task DockerStart(IExecutionContext context, string containerId); Task DockerLogs(IExecutionContext context, string containerId); Task> GetDockerLogs(IExecutionContext context, string containerId); Task> DockerPS(IExecutionContext context, string options); Task DockerRemove(IExecutionContext context, string containerId); Task DockerNetworkCreate(IExecutionContext context, string network); Task DockerNetworkRemove(IExecutionContext context, string network); Task DockerNetworkPrune(IExecutionContext context); Task DockerExec(IExecutionContext context, string containerId, string options, string command); Task DockerExec(IExecutionContext context, string containerId, string options, string command, List outputs); Task DockerInspect(IExecutionContext context, string dockerObject, string options); Task> DockerPort(IExecutionContext context, string containerId); Task IsContainerRunning(IExecutionContext context, string containerId); } public class DockerCommandManager : AgentService, IDockerCommandManager { public string DockerPath { get; private set; } public string DockerInstanceLabel { get; private set; } private static UtilKnobValueContext _knobContext = UtilKnobValueContext.Instance(); public override void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); DockerPath = WhichUtil.Which("docker", true, Trace); DockerInstanceLabel = IOUtil.GetPathHash(hostContext.GetDirectory(WellKnownDirectory.Root)).Substring(0, 6); } public async Task DockerVersion(IExecutionContext context) { ArgUtil.NotNull(context, nameof(context)); var action = new Func>>(async () => await ExecuteDockerCommandAsync(context, "version", "--format '{{.Server.APIVersion}}'")); const string command = "Docker version"; string serverVersionStr = (await ExecuteDockerCommandAsyncWithRetries(context, action, command)).FirstOrDefault(); ArgUtil.NotNullOrEmpty(serverVersionStr, "Docker.Server.Version"); context.Output($"Docker daemon API version: {serverVersionStr}"); string clientVersionStr = (await ExecuteDockerCommandAsync(context, "version", "--format '{{.Client.APIVersion}}'")).FirstOrDefault(); ArgUtil.NotNullOrEmpty(serverVersionStr, "Docker.Client.Version"); context.Output($"Docker client API version: {clientVersionStr}"); // we interested about major.minor.patch version Regex verRegex = new Regex("\\d+\\.\\d+(\\.\\d+)?", RegexOptions.IgnoreCase); Version serverVersion = null; var serverVersionMatchResult = verRegex.Match(serverVersionStr); if (serverVersionMatchResult.Success && !string.IsNullOrEmpty(serverVersionMatchResult.Value)) { if (!Version.TryParse(serverVersionMatchResult.Value, out serverVersion)) { serverVersion = null; } } Version clientVersion = null; var clientVersionMatchResult = verRegex.Match(clientVersionStr); if (clientVersionMatchResult.Success && !string.IsNullOrEmpty(clientVersionMatchResult.Value)) { if (!Version.TryParse(clientVersionMatchResult.Value, out clientVersion)) { clientVersion = null; } } return new DockerVersion(serverVersion, clientVersion); } public async Task DockerLogin(IExecutionContext context, string server, string username, string password) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(server, nameof(server)); ArgUtil.NotNull(username, nameof(username)); ArgUtil.NotNull(password, nameof(password)); var useDockerStdinPasswordOnWindows = AgentKnobs.UseDockerStdinPasswordOnWindows.GetValue(context).AsBoolean(); var action = new Func>(async () => PlatformUtil.RunningOnWindows && !useDockerStdinPasswordOnWindows // Wait for 17.07 to switch using stdin for docker registry password. ? await ExecuteDockerCommandAsync(context, "login", $"--username \"{username}\" --password \"{password.Replace("\"", "\\\"")}\" {server}", new List() { password }, context.CancellationToken) : await ExecuteDockerCommandAsync(context, "login", $"--username \"{username}\" --password-stdin {server}", new List() { password }, context.CancellationToken) ); const string command = "Docker login"; return await ExecuteDockerCommandAsyncWithRetries(context, action, command); } public async Task DockerLogout(IExecutionContext context, string server) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(server, nameof(server)); return await ExecuteDockerCommandAsync(context, "logout", $"{server}", context.CancellationToken); } public async Task DockerPull(IExecutionContext context, string image) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(image, nameof(image)); var action = new Func>(async () => await ExecuteDockerCommandAsync(context, "pull", image, context.CancellationToken)); const string command = "Docker pull"; return await ExecuteDockerCommandAsyncWithRetries(context, action, command); } public async Task DockerCreate(IExecutionContext context, ContainerInfo container) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(container, nameof(container)); IList dockerOptions = new List(); // OPTIONS dockerOptions.Add($"--name {container.ContainerDisplayName}"); dockerOptions.Add($"--label {DockerInstanceLabel}"); if (AgentKnobs.AddDockerInitOption.GetValue(context).AsBoolean()) { dockerOptions.Add("--init"); } if (!string.IsNullOrEmpty(container.ContainerNetwork)) { dockerOptions.Add($"--network {container.ContainerNetwork}"); } if (!string.IsNullOrEmpty(container.ContainerNetworkAlias)) { dockerOptions.Add($"--network-alias {container.ContainerNetworkAlias}"); } foreach (var port in container.UserPortMappings) { dockerOptions.Add($"-p {port.Value}"); } dockerOptions.Add($"{container.ContainerCreateOptions}"); foreach (var env in container.ContainerEnvironmentVariables) { if (String.IsNullOrEmpty(env.Value) && String.IsNullOrEmpty(context?.Variables.Get("_VSTS_DONT_RESOLVE_ENV_FROM_HOST"))) { // TODO: Remove fallback variable if stable dockerOptions.Add($"-e \"{env.Key}\""); } else { dockerOptions.Add($"-e \"{env.Key}={env.Value.Replace("\"", "\\\"")}\""); } } foreach (var volume in container?.MountVolumes) { // replace `"` with `\"` and add `"{0}"` to all path. String volumeArg; String targetVolume = container.TranslateContainerPathForImageOS(PlatformUtil.HostOS, volume.TargetVolumePath).Replace("\"", "\\\""); if (String.IsNullOrEmpty(volume.SourceVolumePath)) { // Anonymous docker volume volumeArg = $"-v \"{targetVolume}\""; } else { // Named Docker volume / host bind mount volumeArg = $"-v \"{volume.SourceVolumePath.Replace("\"", "\\\"")}\":\"{targetVolume}\""; } if (volume.ReadOnly) { volumeArg += ":ro"; } dockerOptions.Add(volumeArg); } // IMAGE dockerOptions.Add($"{container.ContainerImage}"); // COMMAND dockerOptions.Add($"{container.ContainerCommand}"); var optionsString = string.Join(" ", dockerOptions); List outputStrings = await ExecuteDockerCommandAsync(context, "create", optionsString); return outputStrings.FirstOrDefault(); } public async Task DockerStart(IExecutionContext context, string containerId) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(containerId, nameof(containerId)); if (!AgentKnobs.CheckBeforeRetryDockerStart.GetValue(context).AsBoolean()) { var action = new Func>(async () => await ExecuteDockerCommandAsync(context, "start", containerId, context.CancellationToken)); const string command = "Docker start"; return await ExecuteDockerCommandAsyncWithRetries(context, action, command); } // Use the new helper for start with retries and running-state checks return await ExecuteDockerStartWithRetriesAndCheck(context, containerId); } public async Task DockerRemove(IExecutionContext context, string containerId) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(containerId, nameof(containerId)); return await ExecuteDockerCommandAsync(context, "rm", $"--force {containerId}", context.CancellationToken); } public async Task DockerLogs(IExecutionContext context, string containerId) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(containerId, nameof(containerId)); return await ExecuteDockerCommandAsync(context, "logs", $"--details {containerId}", context.CancellationToken); } public async Task> GetDockerLogs(IExecutionContext context, string containerId) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(containerId, nameof(containerId)); return await ExecuteDockerCommandAsync(context, "logs", $"--details {containerId}"); } public async Task> DockerPS(IExecutionContext context, string options) { ArgUtil.NotNull(context, nameof(context)); return await ExecuteDockerCommandAsync(context, "ps", options); } public async Task DockerNetworkCreate(IExecutionContext context, string network) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(network, nameof(network)); var usingWindowsContainers = context.Containers.Where(x => x.ExecutionOS != PlatformUtil.OS.Windows).Count() == 0; var networkDrivers = await ExecuteDockerCommandAsync(context, "info", "-f \"{{range .Plugins.Network}}{{println .}}{{end}}\""); var valueMTU = AgentKnobs.MTUValueForContainerJobs.GetValue(_knobContext).AsString(); var driver = AgentKnobs.DockerNetworkCreateDriver.GetValue(context).AsString(); var additionalNetworCreateOptions = AgentKnobs.DockerAdditionalNetworkOptions.GetValue(context).AsString(); string optionMTU = ""; if (!String.IsNullOrEmpty(valueMTU)) { optionMTU = $"-o \"com.docker.network.driver.mtu={valueMTU}\""; } string options = $"create --label {DockerInstanceLabel} {network} {optionMTU}"; if (!String.IsNullOrEmpty(driver)) { if (networkDrivers.Contains(driver)) { options += $" --driver {driver}"; } else { string warningMessage = $"Specified '{driver}' driver not found!"; Trace.Warning(warningMessage); context.Warning(warningMessage); } } else if (usingWindowsContainers && networkDrivers.Contains("nat")) { options += $" --driver nat"; } if (!String.IsNullOrEmpty(additionalNetworCreateOptions)) { options += $" {additionalNetworCreateOptions}"; } return await ExecuteDockerCommandAsync(context, "network", options, context.CancellationToken); } public async Task DockerNetworkRemove(IExecutionContext context, string network) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(network, nameof(network)); return await ExecuteDockerCommandAsync(context, "network", $"rm {network}", context.CancellationToken); } public async Task DockerNetworkPrune(IExecutionContext context) { ArgUtil.NotNull(context, nameof(context)); return await ExecuteDockerCommandAsync(context, "network", $"prune --force --filter \"label={DockerInstanceLabel}\"", context.CancellationToken); } public async Task DockerExec(IExecutionContext context, string containerId, string options, string command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(containerId, nameof(containerId)); ArgUtil.NotNull(options, nameof(options)); ArgUtil.NotNull(command, nameof(command)); return await ExecuteDockerCommandAsync(context, "exec", $"{options} {containerId} {command}", context.CancellationToken); } public async Task DockerExec(IExecutionContext context, string containerId, string options, string command, List output) { ArgUtil.NotNull(output, nameof(output)); string arg = $"exec {options} {containerId} {command}".Trim(); context.Command($"{DockerPath} {arg}"); object outputLock = new object(); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { if (!string.IsNullOrEmpty(message.Data)) { lock (outputLock) { output.Add(message.Data); } } }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { if (!string.IsNullOrEmpty(message.Data)) { lock (outputLock) { output.Add(message.Data); } } }; return await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: DockerPath, arguments: arg, environment: null, requireExitCodeZero: false, outputEncoding: null, cancellationToken: CancellationToken.None); } public async Task DockerInspect(IExecutionContext context, string dockerObject, string options) { return (await ExecuteDockerCommandAsync(context, "inspect", $"{options} {dockerObject}")).FirstOrDefault(); } public async Task> DockerPort(IExecutionContext context, string containerId) { List portMappingLines = await ExecuteDockerCommandAsync(context, "port", containerId); return DockerUtil.ParseDockerPort(portMappingLines); } /// /// Checks if container with specified id is running /// /// Current execution context /// String representing container id /// true, if specified container is running, false otherwise. /// public async Task IsContainerRunning(IExecutionContext context, string containerId) { List filteredItems = await DockerPS(context, $"--filter id={containerId}"); // docker ps function is returning table with containers in Running state. // This table is adding to the list line by line. The first string in List is always table header. // The second string appeared only if container by specified id was found and in Running state. // Therefore, we assume that the container is running if the list contains two elements. var isContainerRunning = (filteredItems.Count == 2); return isContainerRunning; } private Task ExecuteDockerCommandAsync(IExecutionContext context, string command, string options, CancellationToken cancellationToken = default(CancellationToken)) { return ExecuteDockerCommandAsync(context, command, options, null, cancellationToken); } private async Task ExecuteDockerCommandAsync(IExecutionContext context, string command, string options, IList standardIns = null, CancellationToken cancellationToken = default(CancellationToken)) { string arg = $"{command} {options}".Trim(); context.Command($"{DockerPath} {arg}"); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { context.Output(message.Data); }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { context.Output(message.Data); }; InputQueue redirectStandardIn = null; if (standardIns != null) { redirectStandardIn = new InputQueue(); foreach (var input in standardIns) { redirectStandardIn.Enqueue(input); } } using (redirectStandardIn) { return await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: DockerPath, arguments: arg, environment: null, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, redirectStandardIn: redirectStandardIn, cancellationToken: cancellationToken); } } private async Task> ExecuteDockerCommandAsync(IExecutionContext context, string command, string options) { string arg = $"{command} {options}".Trim(); context.Command($"{DockerPath} {arg}"); List output = new List(); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { if (!string.IsNullOrEmpty(message.Data)) { output.Add(message.Data); context.Output(message.Data); } }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { if (!string.IsNullOrEmpty(message.Data)) { context.Output(message.Data); } }; await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: DockerPath, arguments: arg, environment: null, requireExitCodeZero: true, outputEncoding: null, cancellationToken: CancellationToken.None); return output; } private static async Task ExecuteDockerCommandAsyncWithRetries(IExecutionContext context, Func> action, string command) { bool dockerActionRetries = AgentKnobs.DockerActionRetries.GetValue(context).AsBoolean(); context.Output($"DockerActionRetries variable value: {dockerActionRetries}"); int retryCount = 0; int exitCode = 0; const int maxRetries = 3; TimeSpan delayInSeconds = TimeSpan.FromSeconds(10); while (retryCount < maxRetries) { exitCode = await action(); if (exitCode == 0 || !dockerActionRetries) { break; } context.Warning($"{command} failed with exit code {exitCode}, back off {delayInSeconds} seconds before retry."); await Task.Delay(delayInSeconds); retryCount++; } context.Output(StringUtil.Loc("DockerCommandFinalExitCode", command, exitCode)); return exitCode; } private static async Task> ExecuteDockerCommandAsyncWithRetries(IExecutionContext context, Func>> action, string command) { bool dockerActionRetries = AgentKnobs.DockerActionRetries.GetValue(context).AsBoolean(); context.Output($"DockerActionRetries variable value: {dockerActionRetries}"); int retryCount = 0; List output = new List(); const int maxRetries = 3; TimeSpan delayInSeconds = TimeSpan.FromSeconds(10); while (retryCount <= maxRetries) { try { output = await action(); } catch (ProcessExitCodeException) { if (!dockerActionRetries || retryCount == maxRetries) { throw; } context.Warning($"{command} failed, back off {delayInSeconds} seconds before retry."); await Task.Delay(delayInSeconds); } retryCount++; if (output != null && output.Count != 0) { break; } } return output; } /// /// Executes 'docker start' with retries, checking if the container is already running before each retry. /// Returns 0 if the container is running or started successfully, otherwise returns the last exit code. /// private async Task ExecuteDockerStartWithRetriesAndCheck(IExecutionContext context, string containerId) { bool dockerActionRetries = AgentKnobs.DockerActionRetries.GetValue(context).AsBoolean(); context.Output($"DockerActionRetries variable value: {dockerActionRetries}"); int retryCount = 0; const int maxRetries = 3; TimeSpan delayInSeconds = TimeSpan.FromSeconds(10); int exitCode = 0; while (retryCount < maxRetries) { // Check if container is already running before attempting to start if (await IsContainerRunning(context, containerId)) { context.Output($"Container {containerId} is running before attempt {retryCount + 1}."); break; } exitCode = await ExecuteDockerCommandAsync(context, "start", containerId, context.CancellationToken); if (exitCode == 0 || !dockerActionRetries) { break; } context.Warning($"Docker start failed with exit code {exitCode}, back off {delayInSeconds} seconds before retry."); retryCount++; await Task.Delay(delayInSeconds); } // handle the case where container is already running after retries but exit code is not 0 if (exitCode != 0 && await IsContainerRunning(context, containerId)) { context.Output($"Container {containerId} is already running after {retryCount} retries. but exit code was {exitCode}."); exitCode = 0; // Indicate success } // If the container is still not running after retries, log a warning if (exitCode != 0) { context.Warning($"Container {containerId} is not running after {retryCount} retries. Last exit code: {exitCode}"); } else { context.Output($"Container {containerId} started successfully after {retryCount} retries."); } //return the exit code context.Debug($"Docker start completed with exit code {exitCode}."); return exitCode; } } } ================================================ FILE: src/Agent.Worker/Container/DockerUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Text.RegularExpressions; using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Container { public class DockerUtil { public static List ParseDockerPort(IList portMappingLines) { ArgUtil.NotNull(portMappingLines, nameof(portMappingLines)); const string targetPort = "targetPort"; const string proto = "proto"; const string host = "host"; const string hostPort = "hostPort"; //"TARGET_PORT/PROTO -> HOST:HOST_PORT" string pattern = $"^(?<{targetPort}>\\d+)/(?<{proto}>\\w+) -> (?<{host}>.+):(?<{hostPort}>\\d+)$"; List portMappings = new List(); foreach (var line in portMappingLines) { Match m = Regex.Match(line, pattern, RegexOptions.None, TimeSpan.FromSeconds(1)); if (m.Success) { portMappings.Add(new PortMapping( m.Groups[hostPort].Value, m.Groups[targetPort].Value, m.Groups[proto].Value )); } } return portMappings; } } } ================================================ FILE: src/Agent.Worker/ContainerOperationProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using Azure.Core; using Azure.Identity; using Microsoft.Identity.Client; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; using Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.Win32; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Net; using System.Net.Http; using System.ServiceProcess; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(ContainerOperationProvider))] public interface IContainerOperationProvider : IAgentService { Task StartContainersAsync(IExecutionContext executionContext, object data); Task StopContainersAsync(IExecutionContext executionContext, object data); } public class ContainerOperationProvider : AgentService, IContainerOperationProvider { private const string _nodeJsPathLabel = "com.azure.dev.pipelines.agent.handler.node.path"; private const string c_tenantId = "tenantid"; private const string c_clientId = "servicePrincipalId"; private const string c_activeDirectoryServiceEndpointResourceId = "activeDirectoryServiceEndpointResourceId"; private const string c_workloadIdentityFederationScheme = "WorkloadIdentityFederation"; private const string c_managedServiceIdentityScheme = "ManagedServiceIdentity"; private IDockerCommandManager _dockerManger; private string _containerNetwork; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _dockerManger = HostContext.GetService(); _containerNetwork = $"vsts_network_{Guid.NewGuid():N}"; } private string GetContainerNetwork(IExecutionContext executionContext) { var useHostNetwork = AgentKnobs.DockerNetworkCreateDriver.GetValue(executionContext).AsString() == "host"; return useHostNetwork ? "host" : _containerNetwork; } public async Task StartContainersAsync(IExecutionContext executionContext, object data) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); List containers = data as List; ArgUtil.NotNull(containers, nameof(containers)); containers = containers.FindAll(c => c != null); // attempt to mitigate issue #11902 filed in azure-pipelines-task repo // Check whether we are inside a container. // Our container feature requires to map working directory from host to the container. // If we are already inside a container, we will not able to find out the real working direcotry path on the host. if (PlatformUtil.RunningOnRHEL6) { // Red Hat and CentOS 6 do not support the container feature throw new NotSupportedException(StringUtil.Loc("AgentDoesNotSupportContainerFeatureRhel6")); } ThrowIfAlreadyInContainer(); ThrowIfWrongWindowsVersion(executionContext); // Check docker client/server version DockerVersion dockerVersion = await _dockerManger.DockerVersion(executionContext); ArgUtil.NotNull(dockerVersion.ServerVersion, nameof(dockerVersion.ServerVersion)); ArgUtil.NotNull(dockerVersion.ClientVersion, nameof(dockerVersion.ClientVersion)); Version requiredDockerEngineAPIVersion = PlatformUtil.RunningOnWindows ? new Version(1, 30) // Docker-EE version 17.6 : new Version(1, 35); // Docker-CE version 17.12 if (dockerVersion.ServerVersion < requiredDockerEngineAPIVersion) { throw new NotSupportedException(StringUtil.Loc("MinRequiredDockerServerVersion", requiredDockerEngineAPIVersion, _dockerManger.DockerPath, dockerVersion.ServerVersion)); } if (dockerVersion.ClientVersion < requiredDockerEngineAPIVersion) { throw new NotSupportedException(StringUtil.Loc("MinRequiredDockerClientVersion", requiredDockerEngineAPIVersion, _dockerManger.DockerPath, dockerVersion.ClientVersion)); } // Clean up containers left by previous runs executionContext.Debug($"Delete stale containers from previous jobs"); var staleContainers = await _dockerManger.DockerPS(executionContext, $"--all --quiet --no-trunc --filter \"label={_dockerManger.DockerInstanceLabel}\""); foreach (var staleContainer in staleContainers) { int containerRemoveExitCode = await _dockerManger.DockerRemove(executionContext, staleContainer); if (containerRemoveExitCode != 0) { executionContext.Warning($"Delete stale containers failed, docker rm fail with exit code {containerRemoveExitCode} for container {staleContainer}"); } } executionContext.Debug($"Delete stale container networks from previous jobs"); int networkPruneExitCode = await _dockerManger.DockerNetworkPrune(executionContext); if (networkPruneExitCode != 0) { executionContext.Warning($"Delete stale container networks failed, docker network prune fail with exit code {networkPruneExitCode}"); } // We need to pull the containers first before setting up the network foreach (var container in containers) { await PullContainerAsync(executionContext, container); } // Create local docker network for this job to avoid port conflict when multiple agents run on same machine. // All containers within a job join the same network var containerNetwork = GetContainerNetwork(executionContext); await CreateContainerNetworkAsync(executionContext, containerNetwork); containers.ForEach(container => container.ContainerNetwork = containerNetwork); foreach (var container in containers) { await StartContainerAsync(executionContext, container); } // Build JSON to expose docker container name mapping to env var containerMapping = new JObject(); foreach (var container in containers) { var containerInfo = new JObject(); containerInfo["id"] = container.ContainerId; containerMapping[container.ContainerName] = containerInfo; } executionContext.Variables.Set(Constants.Variables.Agent.ContainerMapping, containerMapping.ToString()); foreach (var container in containers.Where(c => !c.IsJobContainer)) { await ContainerHealthcheck(executionContext, container); } } public async Task StopContainersAsync(IExecutionContext executionContext, object data) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); List containers = data as List; ArgUtil.NotNull(containers, nameof(containers)); foreach (var container in containers) { await StopContainerAsync(executionContext, container); } // Remove the container network var containerNetwork = GetContainerNetwork(executionContext); await RemoveContainerNetworkAsync(executionContext, containerNetwork); } private async Task GetMSIAccessToken(IExecutionContext executionContext) { CancellationToken cancellationToken = executionContext.CancellationToken; Trace.Entering(); // Check environment variable for debugging var envVar = Environment.GetEnvironmentVariable("DEBUG_MSI_LOGIN_INFO"); // Future: Set this client id. This is the MSI client ID. ChainedTokenCredential credential = envVar == "1" ? new ChainedTokenCredential(new ManagedIdentityCredential(clientId: null), new VisualStudioCredential(), new AzureCliCredential()) : new ChainedTokenCredential(new ManagedIdentityCredential(clientId: null)); executionContext.Debug("Retrieving AAD token using MSI authentication..."); AccessToken accessToken = await credential.GetTokenAsync(new TokenRequestContext(new[] { "https://management.core.windows.net/" }), cancellationToken); return accessToken.Token.ToString(); } private async Task GetAccessTokenUsingWorkloadIdentityFederation(IExecutionContext executionContext, ServiceEndpoint registryEndpoint) { ArgumentNullException.ThrowIfNull(executionContext); ArgumentNullException.ThrowIfNull(registryEndpoint); CancellationToken cancellationToken = executionContext.CancellationToken; Trace.Entering(); var tenantId = string.Empty; if (!registryEndpoint.Authorization?.Parameters?.TryGetValue(c_tenantId, out tenantId) ?? false) { throw new InvalidOperationException($"Could not read {c_tenantId}"); } var clientId = string.Empty; if (!registryEndpoint.Authorization?.Parameters?.TryGetValue(c_clientId, out clientId) ?? false) { throw new InvalidOperationException($"Could not read {c_clientId}"); } var resourceId = string.Empty; if (!registryEndpoint.Data?.TryGetValue(c_activeDirectoryServiceEndpointResourceId, out resourceId) ?? false) { throw new InvalidOperationException($"Could not read {c_activeDirectoryServiceEndpointResourceId}"); } var app = ConfidentialClientApplicationBuilder.Create(clientId) .WithAuthority(AzureCloudInstance.AzurePublic, tenantId) .WithClientAssertion(async (AssertionRequestOptions options) => { var systemConnection = executionContext.Endpoints.SingleOrDefault(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.Ordinal)); ArgUtil.NotNull(systemConnection, nameof(systemConnection)); VssCredentials vssCredentials = VssUtil.GetVssCredential(systemConnection); var collectionUri = new Uri(executionContext.Variables.System_CollectionUrl); using VssConnection vssConnection = VssUtil.CreateConnection(collectionUri, vssCredentials, trace: Trace); TaskHttpClient taskClient = vssConnection.GetClient(); const int maxRetries = 3; for (int attempt = 1; attempt <= maxRetries + 1; attempt++) { try { var idToken = await taskClient.CreateOidcTokenAsync( scopeIdentifier: executionContext.Variables.System_TeamProjectId ?? throw new ArgumentException("Unknown team Project ID"), hubName: Enum.GetName(typeof(HostTypes), executionContext.Variables.System_HostType), planId: new Guid(executionContext.Variables.System_PlanId), jobId: new Guid(executionContext.Variables.System_JobId), serviceConnectionId: registryEndpoint.Id, claims: null, cancellationToken: cancellationToken ); Trace.Info("OIDC token created successfully"); return idToken.OidcToken; } catch (TaskOrchestrationPlanSecurityException ex) when (attempt <= maxRetries) { TimeSpan backoff = TimeSpan.FromSeconds(Math.Pow(5, attempt - 1)); executionContext.Debug($"Failed to acquire OIDC token(attempt {attempt}/{maxRetries}): {ex.Message}. Retrying in {backoff.TotalSeconds} seconds..."); await Task.Delay(backoff, cancellationToken); } } throw new InvalidOperationException("Failed to acquire OIDC token after all retry attempts."); }) .Build(); var authenticationResult = await app.AcquireTokenForClient(new string[] { $"{resourceId}/.default" }).ExecuteAsync(cancellationToken); return authenticationResult.AccessToken; } private async Task GetAcrPasswordFromAADToken(IExecutionContext executionContext, string AADToken, string tenantId, string registryServer, string loginServer) { Trace.Entering(); CancellationToken cancellationToken = executionContext.CancellationToken; Uri url = new Uri(registryServer + "/oauth2/exchange"); const int retryLimit = 5; using HttpClientHandler httpClientHandler = HostContext.CreateHttpClientHandler(); using HttpClient httpClient = new HttpClient(httpClientHandler); httpClient.DefaultRequestHeaders.TryAddWithoutValidation("Content-Type", "application/x-www-form-urlencoded"); List> keyValuePairs = new List> { new KeyValuePair("grant_type", "access_token"), new KeyValuePair("service", loginServer), new KeyValuePair("tenant", tenantId), new KeyValuePair("access_token", AADToken) }; using FormUrlEncodedContent formUrlEncodedContent = new FormUrlEncodedContent(keyValuePairs); string AcrPassword = string.Empty; int retryCount = 0; int timeElapsed = 0; int timeToWait = 0; do { executionContext.Debug("Attempting to convert AAD token to an ACR token"); var response = await httpClient.PostAsync(url, formUrlEncodedContent, cancellationToken).ConfigureAwait(false); executionContext.Debug($"Status Code: {response.StatusCode}"); if (response.StatusCode == HttpStatusCode.OK) { executionContext.Debug("Successfully converted AAD token to an ACR token"); string result = await response.Content.ReadAsStringAsync(); Dictionary list = JsonConvert.DeserializeObject>(result); AcrPassword = list["refresh_token"]; } else if (response.StatusCode == HttpStatusCode.TooManyRequests) { executionContext.Debug("Too many requests were made to get an ACR token. Retrying..."); timeElapsed = 2000 + timeToWait * 2; retryCount++; await Task.Delay(timeToWait); timeToWait = timeElapsed; } else { throw new NotSupportedException("Could not fetch access token for ACR. Please configure Managed Service Identity (MSI) for Azure Container Registry with the appropriate permissions - https://docs.microsoft.com/en-us/azure/app-service/tutorial-custom-container?pivots=container-linux#configure-app-service-to-deploy-the-image-from-the-registry."); } } while (retryCount < retryLimit && string.IsNullOrEmpty(AcrPassword)); if (string.IsNullOrEmpty(AcrPassword)) { throw new NotSupportedException("Could not acquire ACR token from given AAD token. Please check that the necessary access is provided and try again."); } // Mark retrieved password as secret HostContext.SecretMasker.AddValue(AcrPassword, origin: "AcrPassword"); return AcrPassword; } private async Task PullContainerAsync(IExecutionContext executionContext, ContainerInfo container) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(container, nameof(container)); ArgUtil.NotNullOrEmpty(container.ContainerImage, nameof(container.ContainerImage)); Trace.Info($"Container name: {container.ContainerName}"); Trace.Info($"Container image: {container.ContainerImage}"); Trace.Info($"Container registry: {container.ContainerRegistryEndpoint.ToString()}"); Trace.Info($"Container options: {container.ContainerCreateOptions}"); Trace.Info($"Skip container image pull: {container.SkipContainerImagePull}"); // Login to private docker registry string registryServer = string.Empty; if (container.ContainerRegistryEndpoint != Guid.Empty) { var registryEndpoint = executionContext.Endpoints.FirstOrDefault(x => x.Type == "dockerregistry" && x.Id == container.ContainerRegistryEndpoint); ArgUtil.NotNull(registryEndpoint, nameof(registryEndpoint)); string username = string.Empty; string password = string.Empty; string registryType = string.Empty; string authType = string.Empty; registryEndpoint.Data?.TryGetValue("registrytype", out registryType); if (string.Equals(registryType, "ACR", StringComparison.OrdinalIgnoreCase)) { try { executionContext.Debug("Attempting to get endpoint authorization scheme..."); authType = registryEndpoint.Authorization?.Scheme; if (string.IsNullOrEmpty(authType)) { executionContext.Debug("Attempting to get endpoint authorization scheme as an authorization parameter..."); registryEndpoint.Authorization?.Parameters?.TryGetValue("scheme", out authType); } } catch { executionContext.Debug("Failed to get endpoint authorization scheme as an authorization parameter. Will default authorization scheme to ServicePrincipal"); authType = "ServicePrincipal"; } string loginServer = string.Empty; registryEndpoint.Authorization?.Parameters?.TryGetValue("loginServer", out loginServer); if (loginServer != null) { loginServer = loginServer.ToLower(); } registryServer = $"https://{loginServer}"; if (string.Equals(authType, c_managedServiceIdentityScheme, StringComparison.OrdinalIgnoreCase)) { string tenantId = string.Empty; registryEndpoint.Authorization?.Parameters?.TryGetValue(c_tenantId, out tenantId); // Documentation says to pass username through this way username = Guid.Empty.ToString("D"); string AADToken = await GetMSIAccessToken(executionContext); executionContext.Debug("Successfully retrieved AAD token using the MSI authentication scheme."); // change to getting password from string password = await GetAcrPasswordFromAADToken(executionContext, AADToken, tenantId, registryServer, loginServer); } else if (string.Equals(authType, c_workloadIdentityFederationScheme, StringComparison.OrdinalIgnoreCase)) { string tenantId = string.Empty; registryEndpoint.Authorization?.Parameters?.TryGetValue(c_tenantId, out tenantId); username = Guid.Empty.ToString("D"); string AADToken = await GetAccessTokenUsingWorkloadIdentityFederation(executionContext, registryEndpoint); executionContext.Debug("Successfully retrieved AAD token using the workload identity federation authentication scheme."); password = await GetAcrPasswordFromAADToken(executionContext, AADToken, tenantId, registryServer, loginServer); } else { registryEndpoint.Authorization?.Parameters?.TryGetValue("serviceprincipalid", out username); registryEndpoint.Authorization?.Parameters?.TryGetValue("serviceprincipalkey", out password); } } else { registryEndpoint.Authorization?.Parameters?.TryGetValue("registry", out registryServer); registryEndpoint.Authorization?.Parameters?.TryGetValue("username", out username); registryEndpoint.Authorization?.Parameters?.TryGetValue("password", out password); } ArgUtil.NotNullOrEmpty(registryServer, nameof(registryServer)); ArgUtil.NotNullOrEmpty(username, nameof(username)); ArgUtil.NotNullOrEmpty(password, nameof(password)); int loginExitCode = await _dockerManger.DockerLogin( executionContext, registryServer, username, password); if (loginExitCode != 0) { throw new InvalidOperationException($"Docker login fail with exit code {loginExitCode}"); } } try { if (!container.SkipContainerImagePull) { if (!string.IsNullOrEmpty(registryServer) && registryServer.IndexOf("index.docker.io", StringComparison.OrdinalIgnoreCase) < 0) { var registryServerUri = new Uri(registryServer); if (!container.ContainerImage.StartsWith(registryServerUri.Authority, StringComparison.OrdinalIgnoreCase)) { container.ContainerImage = $"{registryServerUri.Authority}/{container.ContainerImage}"; } } int pullExitCode = await _dockerManger.DockerPull( executionContext, container.ContainerImage); if (pullExitCode != 0) { throw new InvalidOperationException($"Docker pull failed with exit code {pullExitCode}"); } } if (PlatformUtil.RunningOnMacOS) { container.ImageOS = PlatformUtil.OS.Linux; } // if running on Windows, and attempting to run linux container, require container to have node else if (PlatformUtil.RunningOnWindows) { string containerOS = await _dockerManger.DockerInspect(context: executionContext, dockerObject: container.ContainerImage, options: $"--format=\"{{{{.Os}}}}\""); executionContext.Debug($"[Container OS Detection] Detected container OS: {containerOS}"); if (string.Equals("linux", containerOS, StringComparison.OrdinalIgnoreCase)) { container.ImageOS = PlatformUtil.OS.Linux; executionContext.Debug("[Container OS Detection] Set container ImageOS to Linux"); } else if (string.Equals("windows", containerOS, StringComparison.OrdinalIgnoreCase)) { container.ImageOS = PlatformUtil.OS.Windows; executionContext.Debug("[Container OS Detection] Set container ImageOS to Windows"); } } } finally { // Logout for private registry if (!string.IsNullOrEmpty(registryServer)) { int logoutExitCode = await _dockerManger.DockerLogout(executionContext, registryServer); if (logoutExitCode != 0) { executionContext.Error($"Docker logout fail with exit code {logoutExitCode}"); } } } } [System.Diagnostics.CodeAnalysis.SuppressMessage("Maintainability", "CA1505:Avoid unmaintainable code", Justification = "Complex container startup logic with multiple fallback paths")] private async Task StartContainerAsync(IExecutionContext executionContext, ContainerInfo container) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(container, nameof(container)); ArgUtil.NotNullOrEmpty(container.ContainerImage, nameof(container.ContainerImage)); executionContext.Debug($"Starting container: {container.ContainerName} (Image: {container.ContainerImage})"); Trace.Info($"Container name: {container.ContainerName}"); Trace.Info($"Container image: {container.ContainerImage}"); Trace.Info($"Container registry: {container.ContainerRegistryEndpoint.ToString()}"); Trace.Info($"Container options: {container.ContainerCreateOptions}"); Trace.Info($"Skip container image pull: {container.SkipContainerImagePull}"); foreach (var port in container.UserPortMappings) { Trace.Info($"User provided port: {port.Value}"); } foreach (var volume in container.UserMountVolumes) { Trace.Info($"User provided volume: {volume.Value}"); } if (container.ImageOS != PlatformUtil.OS.Windows) { string workspace = executionContext.Variables.Get(Constants.Variables.Pipeline.Workspace); workspace = container.TranslateContainerPathForImageOS(PlatformUtil.HostOS, container.TranslateToContainerPath(workspace)); string mountWorkspace = container.TranslateToHostPath(workspace); executionContext.Debug($"Workspace: {workspace}"); executionContext.Debug($"Mount Workspace: {mountWorkspace}"); container.MountVolumes.Add(new MountVolume(mountWorkspace, workspace, readOnly: container.isReadOnlyVolume(Constants.DefaultContainerMounts.Work))); container.MountVolumes.Add(new MountVolume(HostContext.GetDirectory(WellKnownDirectory.Temp), container.TranslateToContainerPath(HostContext.GetDirectory(WellKnownDirectory.Temp)))); container.MountVolumes.Add(new MountVolume(HostContext.GetDirectory(WellKnownDirectory.Tasks), container.TranslateToContainerPath(HostContext.GetDirectory(WellKnownDirectory.Tasks)), readOnly: container.isReadOnlyVolume(Constants.DefaultContainerMounts.Tasks))); } else { container.MountVolumes.Add(new MountVolume(HostContext.GetDirectory(WellKnownDirectory.Work), container.TranslateToContainerPath(HostContext.GetDirectory(WellKnownDirectory.Work)), readOnly: container.isReadOnlyVolume(Constants.DefaultContainerMounts.Work))); if (AgentKnobs.AllowMountTasksReadonlyOnWindows.GetValue(executionContext).AsBoolean()) { container.MountVolumes.Add(new MountVolume(HostContext.GetDirectory(WellKnownDirectory.Tasks), container.TranslateToContainerPath(HostContext.GetDirectory(WellKnownDirectory.Tasks)), readOnly: container.isReadOnlyVolume(Constants.DefaultContainerMounts.Tasks))); } } container.MountVolumes.Add(new MountVolume(HostContext.GetDirectory(WellKnownDirectory.Tools), container.TranslateToContainerPath(HostContext.GetDirectory(WellKnownDirectory.Tools)), readOnly: container.isReadOnlyVolume(Constants.DefaultContainerMounts.Tools))); bool externalReadOnly = container.ImageOS != PlatformUtil.OS.Windows || container.isReadOnlyVolume(Constants.DefaultContainerMounts.Externals); // This code was refactored to use PlatformUtils. The previous implementation did not have the externals directory mounted read-only for Windows. // That seems wrong, but to prevent any potential backwards compatibility issues, we are keeping the same logic container.MountVolumes.Add(new MountVolume(HostContext.GetDirectory(WellKnownDirectory.Externals), container.TranslateToContainerPath(HostContext.GetDirectory(WellKnownDirectory.Externals)), externalReadOnly)); if (container.ImageOS != PlatformUtil.OS.Windows) { // Ensure .taskkey file exist so we can mount it. string taskKeyFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), ".taskkey"); if (!File.Exists(taskKeyFile)) { File.WriteAllText(taskKeyFile, string.Empty); } container.MountVolumes.Add(new MountVolume(taskKeyFile, container.TranslateToContainerPath(taskKeyFile))); } bool UseNodeVersionStrategy = AgentKnobs.UseNodeVersionStrategy.GetValue(executionContext).AsBoolean(); bool useNode20ToStartContainer = AgentKnobs.UseNode20ToStartContainer.GetValue(executionContext).AsBoolean(); bool useNode24ToStartContainer = AgentKnobs.UseNode24ToStartContainer.GetValue(executionContext).AsBoolean(); bool useAgentNode = false; string labelContainerStartupUsingNode24 = "container-startup-using-node-24"; string labelContainerStartupUsingNode20 = "container-startup-using-node-20"; string labelContainerStartupUsingNode16 = "container-startup-using-node-16"; string labelContainerStartupFailed = "container-startup-failed"; string containerNodePath(string nodeFolder) { return container.TranslateToContainerPath(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Externals), nodeFolder, "bin", $"node{IOUtil.ExeExtension}")); } string nodeContainerPath = containerNodePath(NodeHandler.NodeFolder); string node16ContainerPath = containerNodePath(NodeHandler.Node16Folder); string node20ContainerPath = containerNodePath(NodeHandler.Node20_1Folder); string node24ContainerPath = containerNodePath(NodeHandler.Node24Folder); if (container.IsJobContainer) { // Check if this container brings its own Node.js (needed for both strategies) container.CustomNodePath = await _dockerManger.DockerInspect(context: executionContext, dockerObject: container.ContainerImage, options: $"--format=\"{{{{index .Config.Labels \\\"{_nodeJsPathLabel}\\\"}}}}\""); if (UseNodeVersionStrategy) { bool isWindowsContainer = container.ContainerImage.ToLowerInvariant().Contains("windows") || container.ContainerImage.ToLowerInvariant().Contains("nanoserver") || container.ContainerImage.ToLowerInvariant().Contains("servercore"); container.ContainerCommand = isWindowsContainer ? "cmd.exe /c ping -t localhost > nul" : "sleep infinity"; } else { // Legacy approach: Use node-based startup command string nodeSetInterval(string node) { return $"'{node}' -e 'setInterval(function(){{}}, 24 * 60 * 60 * 1000);'"; } string useDoubleQuotes(string value) { return value.Replace('\'', '"'); } if (!string.IsNullOrEmpty(container.CustomNodePath)) { executionContext.Debug($"[ContainerSetup] Legacy path: Using container's custom node: {container.CustomNodePath}"); container.ContainerCommand = useDoubleQuotes(nodeSetInterval(container.CustomNodePath)); container.ResultNodePath = container.CustomNodePath; } else if (PlatformUtil.RunningOnMacOS || (PlatformUtil.RunningOnWindows && container.ImageOS == PlatformUtil.OS.Linux)) { // require container to have node if running on macOS, or if running on Windows and attempting to run Linux container executionContext.Debug($"[ContainerSetup] Legacy path: Platform requirement - using container node. MacOS: {PlatformUtil.RunningOnMacOS}, Windows+LinuxContainer: {PlatformUtil.RunningOnWindows && container.ImageOS == PlatformUtil.OS.Linux}"); container.CustomNodePath = "node"; container.ContainerCommand = useDoubleQuotes(nodeSetInterval(container.CustomNodePath)); container.ResultNodePath = container.CustomNodePath; } else { executionContext.Debug("[ContainerSetup] Legacy path: Using agent node with fallback strategy"); useAgentNode = true; string sleepCommand; if (useNode24ToStartContainer) { executionContext.Debug("[ContainerSetup] Legacy agent node: Using Node24 with fallbacks (24->20->16)"); sleepCommand = $"'{node24ContainerPath}' --version && echo '{labelContainerStartupUsingNode24}' && {nodeSetInterval(node24ContainerPath)} || '{node20ContainerPath}' --version && echo '{labelContainerStartupUsingNode20}' && {nodeSetInterval(node20ContainerPath)} || '{node16ContainerPath}' --version && echo '{labelContainerStartupUsingNode16}' && {nodeSetInterval(node16ContainerPath)} || echo '{labelContainerStartupFailed}'"; } else if (useNode20ToStartContainer) { executionContext.Debug("[ContainerSetup] Legacy agent node: Using Node20 with fallbacks (20->16)"); sleepCommand = $"'{node20ContainerPath}' --version && echo '{labelContainerStartupUsingNode20}' && {nodeSetInterval(node20ContainerPath)} || '{node16ContainerPath}' --version && echo '{labelContainerStartupUsingNode16}' && {nodeSetInterval(node16ContainerPath)} || echo '{labelContainerStartupFailed}'"; } else { executionContext.Debug($"[ContainerSetup] Legacy agent node: Using default node path: {nodeContainerPath}"); sleepCommand = nodeSetInterval(nodeContainerPath); } container.ContainerCommand = PlatformUtil.RunningOnWindows ? $"cmd.exe /c call {useDoubleQuotes(sleepCommand)}" : $"bash -c \"{sleepCommand}\""; container.ResultNodePath = nodeContainerPath; } } } container.ContainerId = await _dockerManger.DockerCreate(executionContext, container); ArgUtil.NotNullOrEmpty(container.ContainerId, nameof(container.ContainerId)); if (container.IsJobContainer) { executionContext.Variables.Set(Constants.Variables.Agent.ContainerId, container.ContainerId); } int startExitCode = await _dockerManger.DockerStart(executionContext, container.ContainerId); if (startExitCode != 0) { throw new InvalidOperationException($"Docker start fail with exit code {startExitCode}"); } try { // Make sure container is up and running var psOutputs = await _dockerManger.DockerPS(executionContext, $"--all --filter id={container.ContainerId} --filter status=running --no-trunc --format \"{{{{.ID}}}} {{{{.Status}}}}\""); if (psOutputs.FirstOrDefault(x => !string.IsNullOrEmpty(x))?.StartsWith(container.ContainerId) != true) { // container is not up and running, pull docker log for this container. await _dockerManger.DockerPS(executionContext, $"--all --filter id={container.ContainerId} --no-trunc --format \"{{{{.ID}}}} {{{{.Status}}}}\""); int logsExitCode = await _dockerManger.DockerLogs(executionContext, container.ContainerId); if (logsExitCode != 0) { executionContext.Warning($"Docker logs fail with exit code {logsExitCode}"); } executionContext.Warning($"Docker container {container.ContainerId} is not in running state."); } else if (UseNodeVersionStrategy && container.IsJobContainer) { try { SetContainerNodePathWithOrchestrator(executionContext, container); } catch (Exception ex) { executionContext.Error($"Failed to determine node path with orchestrator: {ex.Message}"); container.ResultNodePath = !string.IsNullOrEmpty(container.CustomNodePath) ? container.CustomNodePath : nodeContainerPath; executionContext.Warning($"Using fallback node path: {container.ResultNodePath}"); } } else if (useAgentNode && (useNode20ToStartContainer || useNode24ToStartContainer)) { bool containerStartupCompleted = false; int containerStartupTimeoutInMilliseconds = 10000; int delayInMilliseconds = 100; int checksCount = 0; while (true) { List containerLogs = await _dockerManger.GetDockerLogs(executionContext, container.ContainerId); foreach (string logLine in containerLogs) { if (logLine.Contains(labelContainerStartupUsingNode24)) { containerStartupCompleted = true; container.ResultNodePath = node24ContainerPath; break; } else if (logLine.Contains(labelContainerStartupUsingNode20)) { string warningMsg = useNode24ToStartContainer ? "Cannot run Node 24 in container. Falling back to Node 20 for container startup." : "Using Node 20 for container startup."; executionContext.Warning(warningMsg); containerStartupCompleted = true; container.ResultNodePath = node20ContainerPath; break; } else if (logLine.Contains(labelContainerStartupUsingNode16)) { string warningMsg = useNode24ToStartContainer ? "Cannot run Node 24 and Node 20 in container. Falling back to Node 16 for container startup." : "Cannot run Node 20 in container. Falling back to Node 16 for container startup."; executionContext.Warning(warningMsg); containerStartupCompleted = true; container.ResultNodePath = node16ContainerPath; break; } else if (logLine.Contains(labelContainerStartupFailed)) { string errorMsg = useNode24ToStartContainer ? "Cannot run Node 24, Node 20, and Node 16 in container. Container startup failed." : "Cannot run both Node 20 and Node 16 in container. Container startup failed."; executionContext.Error(errorMsg); containerStartupCompleted = true; break; } } if (containerStartupCompleted) { break; } checksCount++; if (checksCount * delayInMilliseconds > containerStartupTimeoutInMilliseconds) { executionContext.Warning($"Container startup timeout after {checksCount * delayInMilliseconds}ms. Cannot get startup status from container."); break; } await Task.Delay(delayInMilliseconds); } } } catch (Exception ex) { // pull container log is best effort. Trace.Error("Catch exception when check container log and container status."); Trace.Error(ex); } // Get port mappings of running container if (!container.IsJobContainer) { container.AddPortMappings(await _dockerManger.DockerPort(executionContext, container.ContainerId)); foreach (var port in container.PortMappings) { executionContext.Variables.Set( $"{Constants.Variables.Agent.ServicePortPrefix}.{container.ContainerNetworkAlias}.ports.{port.ContainerPort}", $"{port.HostPort}"); } } if (!PlatformUtil.RunningOnWindows) { if (container.IsJobContainer) { // Ensure bash exist in the image await DockerExec(executionContext, container.ContainerId, $"sh -c \"command -v bash\""); // Get current username container.CurrentUserName = (await ExecuteCommandAsync(executionContext, "whoami", string.Empty)).FirstOrDefault(); ArgUtil.NotNullOrEmpty(container.CurrentUserName, nameof(container.CurrentUserName)); // Get current userId container.CurrentUserId = (await ExecuteCommandAsync(executionContext, "id", $"-u {container.CurrentUserName}")).FirstOrDefault(); ArgUtil.NotNullOrEmpty(container.CurrentUserId, nameof(container.CurrentUserId)); // Get current groupId container.CurrentGroupId = (await ExecuteCommandAsync(executionContext, "id", $"-g {container.CurrentUserName}")).FirstOrDefault(); ArgUtil.NotNullOrEmpty(container.CurrentGroupId, nameof(container.CurrentGroupId)); // Get current group name container.CurrentGroupName = (await ExecuteCommandAsync(executionContext, "id", $"-gn {container.CurrentUserName}")).FirstOrDefault(); ArgUtil.NotNullOrEmpty(container.CurrentGroupName, nameof(container.CurrentGroupName)); executionContext.Output(StringUtil.Loc("CreateUserWithSameUIDInsideContainer", container.CurrentUserId)); // Create an user with same uid as the agent run as user inside the container. // All command execute in docker will run as Root by default, // this will cause the agent on the host machine doesn't have permission to any new file/folder created inside the container. // So, we create a user account with same UID inside the container and let all docker exec command run as that user. string containerUserName = string.Empty; // We need to find out whether there is a user with same UID inside the container List userNames = await DockerExec(executionContext, container.ContainerId, $"bash -c \"getent passwd {container.CurrentUserId} | cut -d: -f1 \""); if (userNames.Count > 0) { // check all potential usernames that might match the UID foreach (string username in userNames) { try { await DockerExec(executionContext, container.ContainerId, $"id -u {username}"); containerUserName = username; break; } catch (Exception ex) when (ex is InvalidOperationException) { // check next username } } } // Determinate if we need to use another primary group for container user. // The user created inside the container must have the same group ID (GID) // as the user on the host on which the agent is running. bool useHostGroupId = false; int hostGroupId; int hostUserId; if (AgentKnobs.UseHostGroupId.GetValue(executionContext).AsBoolean() && int.TryParse(container.CurrentGroupId, out hostGroupId) && int.TryParse(container.CurrentUserId, out hostUserId) && hostGroupId != hostUserId) { Trace.Info($"Host group id ({hostGroupId}) is not matching host user id ({hostUserId}), using {hostGroupId} as a primary GID inside container"); useHostGroupId = true; } bool isAlpineBasedImage = false; string detectAlpineMessage = "Alpine-based image detected."; string detectAlpineCommand = $"bash -c \"if [[ -e '/etc/alpine-release' ]]; then echo '{detectAlpineMessage}'; fi\""; List detectAlpineOutput = await DockerExec(executionContext, container.ContainerId, detectAlpineCommand); if (detectAlpineOutput.Contains(detectAlpineMessage)) { Trace.Info(detectAlpineMessage); isAlpineBasedImage = true; } // List of commands Func addGroup; Func addGroupWithId; Func addUserWithId; Func addUserWithIdAndGroup; Func addUserToGroup; bool useShadowIfAlpine = false; if (isAlpineBasedImage) { List shadowInfoOutput = await DockerExec(executionContext, container.ContainerId, "apk list --installed | grep shadow"); bool shadowPreinstalled = false; foreach (string shadowInfoLine in shadowInfoOutput) { if (shadowInfoLine.Contains("{shadow}", StringComparison.Ordinal)) { Trace.Info("The 'shadow' package is preinstalled and therefore will be used."); shadowPreinstalled = true; break; } } bool userIdIsOutsideAdduserCommandRange = Int64.Parse(container.CurrentUserId) > 256000; if (userIdIsOutsideAdduserCommandRange && !shadowPreinstalled) { Trace.Info("User ID is outside the range of the 'adduser' command, therefore the 'shadow' package will be installed and used."); try { await DockerExec(executionContext, container.ContainerId, "apk add shadow"); } catch (InvalidOperationException) { throw new InvalidOperationException(StringUtil.Loc("ApkAddShadowFailed")); } } useShadowIfAlpine = shadowPreinstalled || userIdIsOutsideAdduserCommandRange; } if (isAlpineBasedImage && !useShadowIfAlpine) { addGroup = (groupName) => $"addgroup {groupName}"; addGroupWithId = (groupName, groupId) => $"addgroup -g {groupId} {groupName}"; addUserWithId = (userName, userId) => $"adduser -D -u {userId} {userName}"; addUserWithIdAndGroup = (userName, userId, groupName) => $"adduser -D -G {groupName} -u {userId} {userName}"; addUserToGroup = (userName, groupName) => $"addgroup {userName} {groupName}"; } else { addGroup = (groupName) => $"groupadd {groupName}"; addGroupWithId = (groupName, groupId) => $"groupadd -g {groupId} {groupName}"; addUserWithId = (userName, userId) => $"useradd -m -u {userId} {userName}"; addUserWithIdAndGroup = (userName, userId, groupName) => $"useradd -m -g {groupName} -u {userId} {userName}"; addUserToGroup = (userName, groupName) => $"usermod -a -G {groupName} {userName}"; } if (string.IsNullOrEmpty(containerUserName)) { string nameSuffix = "_azpcontainer"; // Linux allows for a 32-character username containerUserName = KeepAllowedLength(container.CurrentUserName, 32, nameSuffix); // Create a new user with same UID as on the host string fallback = addUserWithId(containerUserName, container.CurrentUserId); if (useHostGroupId) { try { // Linux allows for a 32-character groupname string containerGroupName = KeepAllowedLength(container.CurrentGroupName, 32, nameSuffix); // Create a new user with the same UID and the same GID as on the host await DockerExec(executionContext, container.ContainerId, addGroupWithId(containerGroupName, container.CurrentGroupId)); await DockerExec(executionContext, container.ContainerId, addUserWithIdAndGroup(containerUserName, container.CurrentUserId, containerGroupName)); } catch (Exception ex) when (ex is InvalidOperationException) { Trace.Info($"Falling back to the '{fallback}' command."); await DockerExec(executionContext, container.ContainerId, fallback); } } else { await DockerExec(executionContext, container.ContainerId, fallback); } } executionContext.Output(StringUtil.Loc("GrantContainerUserSUDOPrivilege", containerUserName)); string sudoGroupName = "azure_pipelines_sudo"; // Create a new group for giving sudo permission await DockerExec(executionContext, container.ContainerId, addGroup(sudoGroupName)); // Add the new created user to the new created sudo group. await DockerExec(executionContext, container.ContainerId, addUserToGroup(containerUserName, sudoGroupName)); // Allow the new sudo group run any sudo command without providing password. await DockerExec(executionContext, container.ContainerId, $"su -c \"echo '%{sudoGroupName} ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers\""); if (AgentKnobs.SetupDockerGroup.GetValue(executionContext).AsBoolean()) { executionContext.Output(StringUtil.Loc("AllowContainerUserRunDocker", containerUserName)); // Get docker.sock group id on Host string statFormatOption = "-c %g"; if (PlatformUtil.RunningOnMacOS) { statFormatOption = "-f %g"; } string dockerSockGroupId = (await ExecuteCommandAsync(executionContext, "stat", $"{statFormatOption} /var/run/docker.sock")).FirstOrDefault(); // We need to find out whether there is a group with same GID inside the container string existingGroupName = null; List groupsOutput = await DockerExec(executionContext, container.ContainerId, $"bash -c \"cat /etc/group\""); if (groupsOutput.Count > 0) { // check all potential groups that might match the GID. foreach (string groupOutput in groupsOutput) { if (!string.IsNullOrEmpty(groupOutput)) { var groupSegments = groupOutput.Split(':'); if (groupSegments.Length != 4) { Trace.Warning($"Unexpected output from /etc/group: '{groupOutput}'"); } else { // the output of /etc/group should looks like `group:x:gid:` var groupName = groupSegments[0]; var groupId = groupSegments[2]; if (string.Equals(dockerSockGroupId, groupId)) { existingGroupName = groupName; break; } } } } } if (string.IsNullOrEmpty(existingGroupName)) { // create a new group with same gid existingGroupName = "azure_pipelines_docker"; await DockerExec(executionContext, container.ContainerId, addGroupWithId(existingGroupName, dockerSockGroupId)); } // Add the new created user to the docker socket group. await DockerExec(executionContext, container.ContainerId, addUserToGroup(containerUserName, existingGroupName)); // if path to node is just 'node', with no path, let's make sure it is actually there if (string.Equals(container.CustomNodePath, "node", StringComparison.OrdinalIgnoreCase)) { List nodeVersionOutput = await DockerExec(executionContext, container.ContainerId, $"bash -c \"node -v\""); if (nodeVersionOutput.Count > 0) { executionContext.Output($"Detected Node Version: {nodeVersionOutput[0]}"); Trace.Info($"Using node version {nodeVersionOutput[0]} in container {container.ContainerId}"); } else { throw new InvalidOperationException($"Unable to get node version on container {container.ContainerId}. No output from node -v"); } } } if (PlatformUtil.RunningOnLinux) { bool useNode20InUnsupportedSystem = AgentKnobs.UseNode20InUnsupportedSystem.GetValue(executionContext).AsBoolean(); bool useNode24InUnsupportedSystem = AgentKnobs.UseNode24InUnsupportedSystem.GetValue(executionContext).AsBoolean(); if (!useNode24InUnsupportedSystem) { var node24 = container.TranslateToContainerPath(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Externals), NodeHandler.Node24Folder, "bin", $"node{IOUtil.ExeExtension}")); string node24TestCmd = $"bash -c \"{node24} -v\""; List node24VersionOutput = await DockerExec(executionContext, container.ContainerId, node24TestCmd, noExceptionOnError: true); container.NeedsNode20Redirect = WorkerUtilities.IsCommandResultGlibcError(executionContext, node24VersionOutput, out string node24InfoLine); if (container.NeedsNode20Redirect) { PublishTelemetry( executionContext, new Dictionary { { "ContainerNode24to20Fallback", container.NeedsNode20Redirect.ToString() } } ); } } if (!useNode20InUnsupportedSystem && (useNode24InUnsupportedSystem || container.NeedsNode20Redirect)) { var node20 = container.TranslateToContainerPath(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Externals), NodeHandler.Node20_1Folder, "bin", $"node{IOUtil.ExeExtension}")); string node20TestCmd = $"bash -c \"{node20} -v\""; List nodeVersionOutput = await DockerExec(executionContext, container.ContainerId, node20TestCmd, noExceptionOnError: true); container.NeedsNode16Redirect = WorkerUtilities.IsCommandResultGlibcError(executionContext, nodeVersionOutput, out string nodeInfoLine); if (container.NeedsNode16Redirect) { PublishTelemetry( executionContext, new Dictionary { { "ContainerNode20to16Fallback", container.NeedsNode16Redirect.ToString() } } ); } } } if (!string.IsNullOrEmpty(containerUserName)) { container.CurrentUserName = containerUserName; } } } executionContext.Output($"Container setup complete: {container.ContainerName}"); } private async Task StopContainerAsync(IExecutionContext executionContext, ContainerInfo container) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(container, nameof(container)); if (!string.IsNullOrEmpty(container.ContainerId)) { executionContext.Output($"Stop and remove container: {container.ContainerDisplayName}"); int rmExitCode = await _dockerManger.DockerRemove(executionContext, container.ContainerId); if (rmExitCode != 0) { executionContext.Warning($"Docker rm fail with exit code {rmExitCode}"); } } } private async Task> ExecuteCommandAsync(IExecutionContext context, string command, string arg) { context.Command($"{command} {arg}"); List outputs = new List(); object outputLock = new object(); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { if (!string.IsNullOrEmpty(message.Data)) { lock (outputLock) { outputs.Add(message.Data); } } }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { if (!string.IsNullOrEmpty(message.Data)) { lock (outputLock) { outputs.Add(message.Data); } } }; await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: command, arguments: arg, environment: null, requireExitCodeZero: true, outputEncoding: null, cancellationToken: CancellationToken.None); foreach (var outputLine in outputs) { context.Output(outputLine); } return outputs; } private async Task CreateContainerNetworkAsync(IExecutionContext executionContext, string network) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); if (network != "host") { int networkExitCode = await _dockerManger.DockerNetworkCreate(executionContext, network); if (networkExitCode != 0) { throw new InvalidOperationException($"Docker network create failed with exit code {networkExitCode}"); } } else { Trace.Info("Skipping creation of a new docker network. Reusing the host network."); } // Expose docker network to env executionContext.Variables.Set(Constants.Variables.Agent.ContainerNetwork, network); } private async Task RemoveContainerNetworkAsync(IExecutionContext executionContext, string network) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(network, nameof(network)); if (network != "host") { executionContext.Output($"Remove container network: {network}"); int removeExitCode = await _dockerManger.DockerNetworkRemove(executionContext, network); if (removeExitCode != 0) { executionContext.Warning($"Docker network rm failed with exit code {removeExitCode}"); } } // Remove docker network from env executionContext.Variables.Set(Constants.Variables.Agent.ContainerNetwork, null); } private async Task ContainerHealthcheck(IExecutionContext executionContext, ContainerInfo container) { string healthCheck = "--format=\"{{if .Config.Healthcheck}}{{print .State.Health.Status}}{{end}}\""; string serviceHealth = await _dockerManger.DockerInspect(context: executionContext, dockerObject: container.ContainerId, options: healthCheck); if (string.IsNullOrEmpty(serviceHealth)) { // Container has no HEALTHCHECK return; } var retryCount = 0; while (string.Equals(serviceHealth, "starting", StringComparison.OrdinalIgnoreCase)) { TimeSpan backoff = BackoffTimerHelper.GetExponentialBackoff(retryCount, TimeSpan.FromSeconds(2), TimeSpan.FromSeconds(32), TimeSpan.FromSeconds(2)); executionContext.Output($"{container.ContainerNetworkAlias} service is starting, waiting {backoff.Seconds} seconds before checking again."); await Task.Delay(backoff, executionContext.CancellationToken); serviceHealth = await _dockerManger.DockerInspect(context: executionContext, dockerObject: container.ContainerId, options: healthCheck); retryCount++; } if (string.Equals(serviceHealth, "healthy", StringComparison.OrdinalIgnoreCase)) { executionContext.Output($"{container.ContainerNetworkAlias} service is healthy."); } else { throw new InvalidOperationException($"Failed to initialize, {container.ContainerNetworkAlias} service is {serviceHealth}."); } } private async Task> DockerExec(IExecutionContext context, string containerId, string command, bool noExceptionOnError = false) { Trace.Info($"Docker-exec is going to execute: `{command}`; container id: `{containerId}`"); List output = new List(); int exitCode = await _dockerManger.DockerExec(context, containerId, string.Empty, command, output); string commandOutput = "command does not have output"; if (output.Count > 0) { commandOutput = $"command output: `{output[0]}`"; } for (int i = 1; i < output.Count; i++) { commandOutput += $", `{output[i]}`"; } string message = $"Docker-exec executed: `{command}`; container id: `{containerId}`; exit code: `{exitCode}`; {commandOutput}"; if (exitCode != 0) { Trace.Error(message); if (!noExceptionOnError) { throw new InvalidOperationException(message); } } Trace.Info(message); return output; } private static string KeepAllowedLength(string name, int allowedLength, string suffix = "") { int keepNameLength = Math.Min(allowedLength - suffix.Length, name.Length); return $"{name.Substring(0, keepNameLength)}{suffix}"; } private static void ThrowIfAlreadyInContainer() { if (PlatformUtil.RunningOnWindows) { #pragma warning disable CA1416 // SupportedOSPlatform checks not respected in lambda usage // service CExecSvc is Container Execution Agent. ServiceController[] scServices = ServiceController.GetServices(); if (scServices.Any(x => String.Equals(x.ServiceName, "cexecsvc", StringComparison.OrdinalIgnoreCase) && x.Status == ServiceControllerStatus.Running)) { throw new NotSupportedException(StringUtil.Loc("AgentAlreadyInsideContainer")); } #pragma warning restore CA1416 } else { try { var initProcessCgroup = File.ReadLines("/proc/1/cgroup"); if (initProcessCgroup.Any(x => x.IndexOf(":/docker/", StringComparison.OrdinalIgnoreCase) >= 0)) { throw new NotSupportedException(StringUtil.Loc("AgentAlreadyInsideContainer")); } } catch (Exception ex) when (ex is FileNotFoundException || ex is DirectoryNotFoundException) { // if /proc/1/cgroup doesn't exist, we are not inside a container } } } private static void ThrowIfWrongWindowsVersion(IExecutionContext executionContext) { if (!PlatformUtil.RunningOnWindows) { return; } // Check OS version (Windows server 1803 is required) object windowsInstallationType = Registry.GetValue(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "InstallationType", defaultValue: null); ArgUtil.NotNull(windowsInstallationType, nameof(windowsInstallationType)); object windowsReleaseId = Registry.GetValue(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "ReleaseId", defaultValue: null); ArgUtil.NotNull(windowsReleaseId, nameof(windowsReleaseId)); executionContext.Debug($"Current Windows version: '{windowsReleaseId} ({windowsInstallationType})'"); if (int.TryParse(windowsReleaseId.ToString(), out int releaseId)) { if (releaseId < 1903) // >= 1903, support windows client and server { if (!windowsInstallationType.ToString().StartsWith("Server", StringComparison.OrdinalIgnoreCase) || releaseId < 1803) { throw new NotSupportedException(StringUtil.Loc("ContainerWindowsVersionRequirement")); } } } else { throw new ArgumentOutOfRangeException(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ReleaseId"); } } /// /// Creates appropriate handler data for container job based on knobs and custom node path. /// Used by orchestrator to determine the best node version for the container. /// private BaseNodeHandlerData GetJobContainerHandlerData(IExecutionContext executionContext, ContainerInfo container) { // Custom node takes highest priority if (!string.IsNullOrEmpty(container.CustomNodePath)) { return new CustomNodeHandlerData(); } // Special platform requirement: macOS or Windows with Linux containers must use container's own node if (PlatformUtil.RunningOnMacOS || (PlatformUtil.RunningOnWindows && container.ImageOS == PlatformUtil.OS.Linux)) { container.CustomNodePath = "node"; return new CustomNodeHandlerData(); } // Check knobs to determine default handler preference bool useNode24 = AgentKnobs.UseNode24ToStartContainer.GetValue(executionContext).AsBoolean(); bool useNode20 = AgentKnobs.UseNode20ToStartContainer.GetValue(executionContext).AsBoolean(); if (useNode24) { return new Node24HandlerData(); } else if (useNode20) { return new Node20_1HandlerData(); } else { return new Node20_1HandlerData(); } } /// /// Uses the NodeVersionOrchestrator to determine the optimal node version for the container. /// Sets container.ResultNodePath based on orchestrator decision. /// private void SetContainerNodePathWithOrchestrator(IExecutionContext executionContext, ContainerInfo container) { var handlerData = GetJobContainerHandlerData(executionContext, container); var taskContext = new NodeVersionStrategies.TaskContext { HandlerData = handlerData, Container = container, StepTarget = null }; var orchestrator = new NodeVersionStrategies.NodeVersionOrchestrator(executionContext, HostContext); var result = orchestrator.SelectNodeVersionForContainer(taskContext, _dockerManger); container.ResultNodePath = result.NodePath; if (!string.IsNullOrEmpty(result.Warning)) { executionContext.Warning(result.Warning); } executionContext.Output($"Container node selection: {result.NodeVersion} - {result.Reason}"); } private void PublishTelemetry( IExecutionContext executionContext, object telemetryData, string feature = nameof(ContainerOperationProvider)) { var cmd = new Command("telemetry", "publish") { Data = JsonConvert.SerializeObject(telemetryData, Formatting.None) }; cmd.Properties.Add("area", "PipelinesTasks"); cmd.Properties.Add("feature", feature); var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(HostContext); publishTelemetryCmd.ProcessCommand(executionContext, cmd); } } } ================================================ FILE: src/Agent.Worker/ContainerOperationProviderEnhanced.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using Azure.Core; using Azure.Identity; using Microsoft.Identity.Client; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.Win32; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Net; using System.Net.Http; using System.ServiceProcess; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker { public class ContainerOperationProviderEnhanced : AgentService, IContainerOperationProvider { private const string _nodeJsPathLabel = "com.azure.dev.pipelines.agent.handler.node.path"; private const string c_tenantId = "tenantid"; private const string c_clientId = "servicePrincipalId"; private const string c_activeDirectoryServiceEndpointResourceId = "activeDirectoryServiceEndpointResourceId"; private const string c_workloadIdentityFederationScheme = "WorkloadIdentityFederation"; private const string c_managedServiceIdentityScheme = "ManagedServiceIdentity"; private IDockerCommandManager _dockerManger; private string _containerNetwork; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _dockerManger = HostContext.GetService(); _containerNetwork = $"vsts_network_{Guid.NewGuid():N}"; } private string GetContainerNetwork(IExecutionContext executionContext) { var useHostNetwork = AgentKnobs.DockerNetworkCreateDriver.GetValue(executionContext).AsString() == "host"; return useHostNetwork ? "host" : _containerNetwork; } public async Task StartContainersAsync(IExecutionContext executionContext, object data) { using (Trace.EnteringWithDuration()) { ArgUtil.NotNull(executionContext, nameof(executionContext)); List containers = data as List; ArgUtil.NotNull(containers, nameof(containers)); containers = containers.FindAll(c => c != null); // attempt to mitigate issue #11902 filed in azure-pipelines-task repo // Check whether we are inside a container. // Our container feature requires to map working directory from host to the container. // If we are already inside a container, we will not able to find out the real working direcotry path on the host. if (PlatformUtil.RunningOnRHEL6) { // Red Hat and CentOS 6 do not support the container feature throw new NotSupportedException(StringUtil.Loc("AgentDoesNotSupportContainerFeatureRhel6")); } ThrowIfAlreadyInContainer(); ThrowIfWrongWindowsVersion(executionContext); // Check docker client/server version DockerVersion dockerVersion = await _dockerManger.DockerVersion(executionContext); ArgUtil.NotNull(dockerVersion.ServerVersion, nameof(dockerVersion.ServerVersion)); ArgUtil.NotNull(dockerVersion.ClientVersion, nameof(dockerVersion.ClientVersion)); Version requiredDockerEngineAPIVersion = PlatformUtil.RunningOnWindows ? new Version(1, 30) // Docker-EE version 17.6 : new Version(1, 35); // Docker-CE version 17.12 if (dockerVersion.ServerVersion < requiredDockerEngineAPIVersion) { throw new NotSupportedException(StringUtil.Loc("MinRequiredDockerServerVersion", requiredDockerEngineAPIVersion, _dockerManger.DockerPath, dockerVersion.ServerVersion)); } if (dockerVersion.ClientVersion < requiredDockerEngineAPIVersion) { throw new NotSupportedException(StringUtil.Loc("MinRequiredDockerClientVersion", requiredDockerEngineAPIVersion, _dockerManger.DockerPath, dockerVersion.ClientVersion)); } // Clean up containers left by previous runs executionContext.Debug($"Delete stale containers from previous jobs"); var staleContainers = await _dockerManger.DockerPS(executionContext, $"--all --quiet --no-trunc --filter \"label={_dockerManger.DockerInstanceLabel}\""); foreach (var staleContainer in staleContainers) { int containerRemoveExitCode = await _dockerManger.DockerRemove(executionContext, staleContainer); if (containerRemoveExitCode != 0) { executionContext.Warning($"Delete stale containers failed, docker rm fail with exit code {containerRemoveExitCode} for container {staleContainer}"); } } executionContext.Debug($"Delete stale container networks from previous jobs"); int networkPruneExitCode = await _dockerManger.DockerNetworkPrune(executionContext); if (networkPruneExitCode != 0) { executionContext.Warning($"Delete stale container networks failed, docker network prune fail with exit code {networkPruneExitCode}"); } // We need to pull the containers first before setting up the network foreach (var container in containers) { await PullContainerAsync(executionContext, container); } // Create local docker network for this job to avoid port conflict when multiple agents run on same machine. // All containers within a job join the same network var containerNetwork = GetContainerNetwork(executionContext); await CreateContainerNetworkAsync(executionContext, containerNetwork); containers.ForEach(container => container.ContainerNetwork = containerNetwork); foreach (var container in containers) { await StartContainerAsync(executionContext, container); } // Build JSON to expose docker container name mapping to env var containerMapping = new JObject(); foreach (var container in containers) { var containerInfo = new JObject(); containerInfo["id"] = container.ContainerId; containerMapping[container.ContainerName] = containerInfo; } executionContext.Variables.Set(Constants.Variables.Agent.ContainerMapping, containerMapping.ToString()); foreach (var container in containers.Where(c => !c.IsJobContainer)) { await ContainerHealthcheck(executionContext, container); } } } public async Task StopContainersAsync(IExecutionContext executionContext, object data) { using (Trace.EnteringWithDuration()) { ArgUtil.NotNull(executionContext, nameof(executionContext)); List containers = data as List; ArgUtil.NotNull(containers, nameof(containers)); foreach (var container in containers) { await StopContainerAsync(executionContext, container); } // Remove the container network var containerNetwork = GetContainerNetwork(executionContext); await RemoveContainerNetworkAsync(executionContext, containerNetwork); } } private async Task GetMSIAccessToken(IExecutionContext executionContext) { using (Trace.EnteringWithDuration()) { var trace = HostContext.GetTrace(nameof(ContainerOperationProvider)); CancellationToken cancellationToken = executionContext.CancellationToken; executionContext.Debug("Retrieving AAD token using MSI authentication"); // Check environment variable for debugging var envVar = Environment.GetEnvironmentVariable("DEBUG_MSI_LOGIN_INFO"); bool isDebugMode = envVar == "1"; trace.Info($"MSI debug mode: {isDebugMode}"); // Future: Set this client id. This is the MSI client ID. ChainedTokenCredential credential = isDebugMode ? new ChainedTokenCredential(new ManagedIdentityCredential(clientId: null), new VisualStudioCredential(), new AzureCliCredential()) : new ChainedTokenCredential(new ManagedIdentityCredential(clientId: null)); AccessToken accessToken = await credential.GetTokenAsync(new TokenRequestContext(new[] { "https://management.core.windows.net/" }), cancellationToken); executionContext.Debug("Successfully retrieved AAD token using MSI authentication"); return accessToken.Token.ToString(); } } private async Task GetAccessTokenUsingWorkloadIdentityFederation(IExecutionContext executionContext, ServiceEndpoint registryEndpoint) { using (Trace.EnteringWithDuration()) { ArgumentNullException.ThrowIfNull(executionContext); ArgumentNullException.ThrowIfNull(registryEndpoint); var trace = HostContext.GetTrace(nameof(ContainerOperationProvider)); CancellationToken cancellationToken = executionContext.CancellationToken; executionContext.Debug("Retrieving AAD token using Workload Identity Federation"); var tenantId = string.Empty; if (!registryEndpoint.Authorization?.Parameters?.TryGetValue(c_tenantId, out tenantId) ?? false) { trace.Error($"Failed to read required parameter: {c_tenantId}"); throw new InvalidOperationException($"Could not read {c_tenantId}"); } trace.Info($"Tenant ID: {tenantId}"); var clientId = string.Empty; if (!registryEndpoint.Authorization?.Parameters?.TryGetValue(c_clientId, out clientId) ?? false) { trace.Error($"Failed to read required parameter: {c_clientId}"); throw new InvalidOperationException($"Could not read {c_clientId}"); } trace.Info($"Client ID: {clientId}"); var resourceId = string.Empty; if (!registryEndpoint.Data?.TryGetValue(c_activeDirectoryServiceEndpointResourceId, out resourceId) ?? false) { trace.Error($"Failed to read required parameter: {c_activeDirectoryServiceEndpointResourceId}"); throw new InvalidOperationException($"Could not read {c_activeDirectoryServiceEndpointResourceId}"); } trace.Info($"Resource ID: {resourceId}"); trace.Info("Building MSAL ConfidentialClientApplication"); var app = ConfidentialClientApplicationBuilder.Create(clientId) .WithAuthority(AzureCloudInstance.AzurePublic, tenantId) .WithClientAssertion(async (AssertionRequestOptions options) => { trace.Info("Creating OIDC token for client assertion"); var systemConnection = executionContext.Endpoints.SingleOrDefault(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.Ordinal)); ArgUtil.NotNull(systemConnection, nameof(systemConnection)); VssCredentials vssCredentials = VssUtil.GetVssCredential(systemConnection); var collectionUri = new Uri(executionContext.Variables.System_CollectionUrl); trace.Info($"Collection URI: {collectionUri}"); using VssConnection vssConnection = VssUtil.CreateConnection(collectionUri, vssCredentials, trace: Trace); TaskHttpClient taskClient = vssConnection.GetClient(); const int maxRetries = 3; for (int attempt = 1; attempt <= maxRetries + 1; attempt++) { try { var idToken = await taskClient.CreateOidcTokenAsync( scopeIdentifier: executionContext.Variables.System_TeamProjectId ?? throw new ArgumentException("Unknown team Project ID"), hubName: Enum.GetName(typeof(HostTypes), executionContext.Variables.System_HostType), planId: new Guid(executionContext.Variables.System_PlanId), jobId: new Guid(executionContext.Variables.System_JobId), serviceConnectionId: registryEndpoint.Id, claims: null, cancellationToken: cancellationToken ); trace.Info("OIDC token created successfully"); return idToken.OidcToken; } catch (TaskOrchestrationPlanSecurityException ex) when (attempt <= maxRetries) { TimeSpan backoff = TimeSpan.FromSeconds(Math.Pow(5, attempt - 1)); executionContext.Debug($"Failed to acquire OIDC token(attempt {attempt}/{maxRetries}): {ex.Message}. Retrying in {backoff.TotalSeconds} seconds..."); await Task.Delay(backoff, cancellationToken); } } throw new InvalidOperationException("Failed to acquire OIDC token after all retry attempts."); }) .Build(); trace.Info($"Acquiring access token for resource scope: {resourceId}/.default"); var authenticationResult = await app.AcquireTokenForClient(new string[] { $"{resourceId}/.default" }).ExecuteAsync(cancellationToken); executionContext.Debug("Successfully retrieved AAD token using Workload Identity Federation"); trace.Info($"Token expires at: {authenticationResult.ExpiresOn:yyyy-MM-dd HH:mm:ss} UTC"); return authenticationResult.AccessToken; } } private async Task GetAcrPasswordFromAADToken(IExecutionContext executionContext, string AADToken, string tenantId, string registryServer, string loginServer) { using (Trace.EnteringWithDuration()) { var trace = HostContext.GetTrace(nameof(ContainerOperationProvider)); CancellationToken cancellationToken = executionContext.CancellationToken; Uri url = new Uri(registryServer + "/oauth2/exchange"); executionContext.Debug("Converting AAD token to ACR refresh token"); trace.Info($"ACR OAuth2 exchange endpoint: {url}"); trace.Info($"Login server: {loginServer}, Tenant: {tenantId}"); const int retryLimit = 5; using HttpClientHandler httpClientHandler = HostContext.CreateHttpClientHandler(); using HttpClient httpClient = new HttpClient(httpClientHandler); httpClient.DefaultRequestHeaders.TryAddWithoutValidation("Content-Type", "application/x-www-form-urlencoded"); List> keyValuePairs = new List> { new KeyValuePair("grant_type", "access_token"), new KeyValuePair("service", loginServer), new KeyValuePair("tenant", tenantId), new KeyValuePair("access_token", AADToken) }; using FormUrlEncodedContent formUrlEncodedContent = new FormUrlEncodedContent(keyValuePairs); string AcrPassword = string.Empty; int retryCount = 0; int timeElapsed = 0; int timeToWait = 0; do { executionContext.Debug("Attempting to convert AAD token to an ACR token"); var response = await httpClient.PostAsync(url, formUrlEncodedContent, cancellationToken).ConfigureAwait(false); executionContext.Debug($"Status Code: {response.StatusCode}"); if (response.StatusCode == HttpStatusCode.OK) { executionContext.Debug("Successfully converted AAD token to an ACR token"); string result = await response.Content.ReadAsStringAsync(); Dictionary list = JsonConvert.DeserializeObject>(result); AcrPassword = list["refresh_token"]; } else if (response.StatusCode == HttpStatusCode.TooManyRequests) { executionContext.Debug("Too many requests were made to get an ACR token. Retrying..."); timeElapsed = 2000 + timeToWait * 2; retryCount++; await Task.Delay(timeToWait); timeToWait = timeElapsed; } else { throw new NotSupportedException("Could not fetch access token for ACR. Please configure Managed Service Identity (MSI) for Azure Container Registry with the appropriate permissions - https://docs.microsoft.com/en-us/azure/app-service/tutorial-custom-container?pivots=container-linux#configure-app-service-to-deploy-the-image-from-the-registry."); } } while (retryCount < retryLimit && string.IsNullOrEmpty(AcrPassword)); if (string.IsNullOrEmpty(AcrPassword)) { throw new NotSupportedException("Could not acquire ACR token from given AAD token. Please check that the necessary access is provided and try again."); } // Mark retrieved password as secret executionContext.Debug("Successfully converted AAD token to ACR refresh token"); HostContext.SecretMasker.AddValue(AcrPassword, origin: "AcrPassword"); return AcrPassword; } } private async Task PullContainerAsync(IExecutionContext executionContext, ContainerInfo container) { using (Trace.EnteringWithDuration()) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(container, nameof(container)); ArgUtil.NotNullOrEmpty(container.ContainerImage, nameof(container.ContainerImage)); executionContext.Debug("PullContainerAsync initiated"); Trace.Info($"Container name: {container.ContainerName}"); Trace.Info($"Container image: {container.ContainerImage}"); Trace.Info($"Container registry: {container.ContainerRegistryEndpoint.ToString()}"); Trace.Info($"Container options: {container.ContainerCreateOptions}"); Trace.Info($"Skip container image pull: {container.SkipContainerImagePull}"); // Login to private docker registry string registryServer = string.Empty; if (container.ContainerRegistryEndpoint != Guid.Empty) { executionContext.Debug("Authenticating to private container registry"); var registryEndpoint = executionContext.Endpoints.FirstOrDefault(x => x.Type == "dockerregistry" && x.Id == container.ContainerRegistryEndpoint); ArgUtil.NotNull(registryEndpoint, nameof(registryEndpoint)); var trace = HostContext.GetTrace(nameof(ContainerOperationProvider)); trace.Info($"Registry endpoint ID: {registryEndpoint.Id}"); trace.Info($"Registry endpoint name: {registryEndpoint.Name ?? "not specified"}"); trace.Info($"Registry endpoint URL: {registryEndpoint.Url?.ToString() ?? "not specified"}"); string username = string.Empty; string password = string.Empty; string registryType = string.Empty; string authType = string.Empty; registryEndpoint.Data?.TryGetValue("registrytype", out registryType); trace.Info($"Registry type: {registryType ?? "not specified"}"); if (string.Equals(registryType, "ACR", StringComparison.OrdinalIgnoreCase)) { trace.Info("Processing Azure Container Registry (ACR) authentication"); try { authType = registryEndpoint.Authorization?.Scheme; if (string.IsNullOrEmpty(authType)) { registryEndpoint.Authorization?.Parameters?.TryGetValue("scheme", out authType); } trace.Info($"ACR authorization scheme: {authType ?? "not specified"}"); } catch (Exception ex) { trace.Info("Failed to get endpoint authorization scheme, defaulting to ServicePrincipal"); trace.Info($"Exception details: {ex.Message}"); authType = "ServicePrincipal"; } string loginServer = string.Empty; registryEndpoint.Authorization?.Parameters?.TryGetValue("loginServer", out loginServer); if (loginServer != null) { loginServer = loginServer.ToLower(); trace.Info($"ACR login server: {loginServer}"); } else { trace.Info("ACR login server not found in endpoint parameters"); } registryServer = $"https://{loginServer}"; trace.Info($"Registry server URL: {registryServer}"); if (string.Equals(authType, c_managedServiceIdentityScheme, StringComparison.OrdinalIgnoreCase)) { trace.Info("Using Managed Service Identity (MSI) authentication"); string tenantId = string.Empty; registryEndpoint.Authorization?.Parameters?.TryGetValue(c_tenantId, out tenantId); trace.Info($"Tenant ID: {tenantId ?? "not specified"}"); // Documentation says to pass username through this way username = Guid.Empty.ToString("D"); string AADToken = await GetMSIAccessToken(executionContext); password = await GetAcrPasswordFromAADToken(executionContext, AADToken, tenantId, registryServer, loginServer); } else if (string.Equals(authType, c_workloadIdentityFederationScheme, StringComparison.OrdinalIgnoreCase)) { trace.Info("Using Workload Identity Federation authentication"); string tenantId = string.Empty; registryEndpoint.Authorization?.Parameters?.TryGetValue(c_tenantId, out tenantId); trace.Info($"Tenant ID: {tenantId ?? "not specified"}"); username = Guid.Empty.ToString("D"); string AADToken = await GetAccessTokenUsingWorkloadIdentityFederation(executionContext, registryEndpoint); password = await GetAcrPasswordFromAADToken(executionContext, AADToken, tenantId, registryServer, loginServer); } else { trace.Info("Using Service Principal authentication (fallback)"); registryEndpoint.Authorization?.Parameters?.TryGetValue("serviceprincipalid", out username); registryEndpoint.Authorization?.Parameters?.TryGetValue("serviceprincipalkey", out password); trace.Info($"Service Principal ID retrieved: {(!string.IsNullOrEmpty(username) ? "Yes" : "No")}"); trace.Info($"Service Principal Key retrieved: {(!string.IsNullOrEmpty(password) ? "Yes" : "No")}"); } } else { trace.Info("Using standard registry authentication (non-ACR)"); registryEndpoint.Authorization?.Parameters?.TryGetValue("registry", out registryServer); registryEndpoint.Authorization?.Parameters?.TryGetValue("username", out username); registryEndpoint.Authorization?.Parameters?.TryGetValue("password", out password); trace.Info($"Registry server: {registryServer ?? "not found"}"); trace.Info($"Username retrieved: {(!string.IsNullOrEmpty(username) ? "Yes" : "No")}"); trace.Info($"Password retrieved: {(!string.IsNullOrEmpty(password) ? "Yes" : "No")}"); } ArgUtil.NotNullOrEmpty(registryServer, nameof(registryServer)); ArgUtil.NotNullOrEmpty(username, nameof(username)); ArgUtil.NotNullOrEmpty(password, nameof(password)); int loginExitCode = await _dockerManger.DockerLogin( executionContext, registryServer, username, password); if (loginExitCode != 0) { throw new InvalidOperationException($"Docker login fail with exit code {loginExitCode}"); } executionContext.Debug($"Successfully authenticated to container registry"); } try { var trace = HostContext.GetTrace(nameof(ContainerOperationProvider)); if (!container.SkipContainerImagePull) { executionContext.Output($"Pulling container image: {container.ContainerImage}"); // Parse image information for better logging var imageParts = container.ContainerImage.Split('/'); var imageRepo = imageParts.Length > 1 ? string.Join("/", imageParts.Take(imageParts.Length - 1)) : ""; var imageNameTag = imageParts.Last(); var tagSeparator = imageNameTag.LastIndexOf(':'); var imageName = tagSeparator > 0 ? imageNameTag.Substring(0, tagSeparator) : imageNameTag; var imageTag = tagSeparator > 0 ? imageNameTag.Substring(tagSeparator + 1) : "latest"; trace.Info($"Image repository: {imageRepo}, name: {imageName}, tag: {imageTag}"); // Handle image URL prefixing for non-Docker Hub registries var originalImage = container.ContainerImage; if (!string.IsNullOrEmpty(registryServer) && registryServer.IndexOf("index.docker.io", StringComparison.OrdinalIgnoreCase) < 0) { var registryServerUri = new Uri(registryServer); if (!container.ContainerImage.StartsWith(registryServerUri.Authority, StringComparison.OrdinalIgnoreCase)) { container.ContainerImage = $"{registryServerUri.Authority}/{container.ContainerImage}"; trace.Info($"Modified image URL from '{originalImage}' to '{container.ContainerImage}'"); } } // Execute Docker pull int pullExitCode = await _dockerManger.DockerPull( executionContext, container.ContainerImage); if (pullExitCode != 0) { throw new InvalidOperationException($"Docker pull failed with exit code {pullExitCode}"); } executionContext.Debug($"Successfully pulled container image"); } else { executionContext.Output("Skipping container image pull as requested"); } // Platform-specific container OS detection and compatibility checks if (PlatformUtil.RunningOnMacOS) { container.ImageOS = PlatformUtil.OS.Linux; trace.Info("Container will run in Linux mode on macOS host"); } // if running on Windows, and attempting to run linux container, require container to have node else if (PlatformUtil.RunningOnWindows) { string containerOS = await _dockerManger.DockerInspect(context: executionContext, dockerObject: container.ContainerImage, options: $"--format=\"{{{{.Os}}}}\""); trace.Info($"Detected container OS: {containerOS}"); if (string.Equals("linux", containerOS, StringComparison.OrdinalIgnoreCase)) { container.ImageOS = PlatformUtil.OS.Linux; trace.Info("Container will run in Linux mode on Windows host"); } else { trace.Info("Container will run in Windows mode on Windows host"); } } } finally { // Logout for private registry if (!string.IsNullOrEmpty(registryServer)) { int logoutExitCode = await _dockerManger.DockerLogout(executionContext, registryServer); if (logoutExitCode != 0) { executionContext.Error($"Docker logout fail with exit code {logoutExitCode}"); } } } } } #pragma warning disable CA1505 private async Task StartContainerAsync(IExecutionContext executionContext, ContainerInfo container) { using (Trace.EnteringWithDuration()) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(container, nameof(container)); ArgUtil.NotNullOrEmpty(container.ContainerImage, nameof(container.ContainerImage)); var trace = HostContext.GetTrace(nameof(ContainerOperationProvider)); Trace.Info($"Container name: {container.ContainerName}"); Trace.Info($"Container image: {container.ContainerImage}"); Trace.Info($"Container registry: {container.ContainerRegistryEndpoint.ToString()}"); Trace.Info($"Container options: {container.ContainerCreateOptions}"); Trace.Info($"Skip container image pull: {container.SkipContainerImagePull}"); foreach (var port in container.UserPortMappings) { Trace.Info($"User provided port: {port.Value}"); } foreach (var volume in container.UserMountVolumes) { Trace.Info($"User provided volume: {volume.Value}"); } executionContext.Debug($"Starting container setup: {container.ContainerName}"); if (container.ImageOS != PlatformUtil.OS.Windows) { trace.Info("Configuring volume mounts for Linux container"); string workspace = executionContext.Variables.Get(Constants.Variables.Pipeline.Workspace); workspace = container.TranslateContainerPathForImageOS(PlatformUtil.HostOS, container.TranslateToContainerPath(workspace)); string mountWorkspace = container.TranslateToHostPath(workspace); trace.Info($"Workspace: {workspace}, Mount workspace: {mountWorkspace}"); container.MountVolumes.Add(new MountVolume(mountWorkspace, workspace, readOnly: container.isReadOnlyVolume(Constants.DefaultContainerMounts.Work))); container.MountVolumes.Add(new MountVolume(HostContext.GetDirectory(WellKnownDirectory.Temp), container.TranslateToContainerPath(HostContext.GetDirectory(WellKnownDirectory.Temp)))); container.MountVolumes.Add(new MountVolume(HostContext.GetDirectory(WellKnownDirectory.Tasks), container.TranslateToContainerPath(HostContext.GetDirectory(WellKnownDirectory.Tasks)), readOnly: container.isReadOnlyVolume(Constants.DefaultContainerMounts.Tasks))); } else { trace.Info("Configuring volume mounts for Windows container"); container.MountVolumes.Add(new MountVolume(HostContext.GetDirectory(WellKnownDirectory.Work), container.TranslateToContainerPath(HostContext.GetDirectory(WellKnownDirectory.Work)), readOnly: container.isReadOnlyVolume(Constants.DefaultContainerMounts.Work))); if (AgentKnobs.AllowMountTasksReadonlyOnWindows.GetValue(executionContext).AsBoolean()) { trace.Info("Windows tasks mount enabled via agent knob"); container.MountVolumes.Add(new MountVolume(HostContext.GetDirectory(WellKnownDirectory.Tasks), container.TranslateToContainerPath(HostContext.GetDirectory(WellKnownDirectory.Tasks)), readOnly: container.isReadOnlyVolume(Constants.DefaultContainerMounts.Tasks))); } } container.MountVolumes.Add(new MountVolume(HostContext.GetDirectory(WellKnownDirectory.Tools), container.TranslateToContainerPath(HostContext.GetDirectory(WellKnownDirectory.Tools)), readOnly: container.isReadOnlyVolume(Constants.DefaultContainerMounts.Tools))); bool externalReadOnly = container.ImageOS != PlatformUtil.OS.Windows || container.isReadOnlyVolume(Constants.DefaultContainerMounts.Externals); // This code was refactored to use PlatformUtils. The previous implementation did not have the externals directory mounted read-only for Windows. // That seems wrong, but to prevent any potential backwards compatibility issues, we are keeping the same logic container.MountVolumes.Add(new MountVolume(HostContext.GetDirectory(WellKnownDirectory.Externals), container.TranslateToContainerPath(HostContext.GetDirectory(WellKnownDirectory.Externals)), externalReadOnly)); if (container.ImageOS != PlatformUtil.OS.Windows) { // Ensure .taskkey file exist so we can mount it. string taskKeyFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), ".taskkey"); if (!File.Exists(taskKeyFile)) { trace.Info("Creating .taskkey file for container mount"); File.WriteAllText(taskKeyFile, string.Empty); } else { trace.Info("Found existing .taskkey file for container mount"); } container.MountVolumes.Add(new MountVolume(taskKeyFile, container.TranslateToContainerPath(taskKeyFile))); } // Log complete mount configuration var mountSummary = container.MountVolumes.Select(m => $"{m.SourceVolumePath ?? "anonymous"}:{m.TargetVolumePath}{(m.ReadOnly ? ":ro" : "")}"); trace.Info($"Configured {container.MountVolumes.Count} volume mounts: {string.Join(", ", mountSummary)}"); bool useNode20ToStartContainer = AgentKnobs.UseNode20ToStartContainer.GetValue(executionContext).AsBoolean(); bool useNode24ToStartContainer = AgentKnobs.UseNode24ToStartContainer.GetValue(executionContext).AsBoolean(); bool useAgentNode = false; string labelContainerStartupUsingNode24 = "container-startup-using-node-24"; string labelContainerStartupUsingNode20 = "container-startup-using-node-20"; string labelContainerStartupUsingNode16 = "container-startup-using-node-16"; string labelContainerStartupFailed = "container-startup-failed"; string containerNodePath(string nodeFolder) { return container.TranslateToContainerPath(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Externals), nodeFolder, "bin", $"node{IOUtil.ExeExtension}")); } string nodeContainerPath = containerNodePath(NodeHandler.NodeFolder); string node16ContainerPath = containerNodePath(NodeHandler.Node16Folder); string node20ContainerPath = containerNodePath(NodeHandler.Node20_1Folder); string node24ContainerPath = containerNodePath(NodeHandler.Node24Folder); if (container.IsJobContainer) { executionContext.Debug("Configuring container Node.js runtime"); // See if this container brings its own Node.js container.CustomNodePath = await _dockerManger.DockerInspect(context: executionContext, dockerObject: container.ContainerImage, options: $"--format=\"{{{{index .Config.Labels \\\"{_nodeJsPathLabel}\\\"}}}}\""); string nodeSetInterval(string node) { return $"'{node}' -e 'setInterval(function(){{}}, 24 * 60 * 60 * 1000);'"; } string useDoubleQuotes(string value) { return value.Replace('\'', '"'); } if (!string.IsNullOrEmpty(container.CustomNodePath)) { trace.Info($"Container provides custom Node.js at: {container.CustomNodePath}"); container.ContainerCommand = useDoubleQuotes(nodeSetInterval(container.CustomNodePath)); container.ResultNodePath = container.CustomNodePath; } else if (PlatformUtil.RunningOnMacOS || (PlatformUtil.RunningOnWindows && container.ImageOS == PlatformUtil.OS.Linux)) { trace.Info("Platform requires container to provide Node.js, using 'node' command"); container.CustomNodePath = "node"; container.ContainerCommand = useDoubleQuotes(nodeSetInterval(container.CustomNodePath)); container.ResultNodePath = container.CustomNodePath; } else { useAgentNode = true; trace.Info($"Using agent-provided Node.js. Node20 enabled: {useNode20ToStartContainer}, Node24 enabled: {useNode24ToStartContainer}"); trace.Info($"Node paths - Default: {nodeContainerPath}, Node16: {node16ContainerPath}, Node20: {node20ContainerPath}, Node24: {node24ContainerPath}"); string sleepCommand; if (useNode24ToStartContainer) { sleepCommand = $"'{node24ContainerPath}' --version && echo '{labelContainerStartupUsingNode24}' && {nodeSetInterval(node24ContainerPath)} || '{node20ContainerPath}' --version && echo '{labelContainerStartupUsingNode20}' && {nodeSetInterval(node20ContainerPath)} || '{node16ContainerPath}' --version && echo '{labelContainerStartupUsingNode16}' && {nodeSetInterval(node16ContainerPath)} || echo '{labelContainerStartupFailed}'"; } else if (useNode20ToStartContainer) { sleepCommand = $"'{node20ContainerPath}' --version && echo '{labelContainerStartupUsingNode20}' && {nodeSetInterval(node20ContainerPath)} || '{node16ContainerPath}' --version && echo '{labelContainerStartupUsingNode16}' && {nodeSetInterval(node16ContainerPath)} || echo '{labelContainerStartupFailed}'"; } else { sleepCommand = nodeSetInterval(nodeContainerPath); } container.ContainerCommand = PlatformUtil.RunningOnWindows ? $"cmd.exe /c call {useDoubleQuotes(sleepCommand)}" : $"bash -c \"{sleepCommand}\""; container.ResultNodePath = nodeContainerPath; } } executionContext.Output("Creating Docker container..."); // Log resource constraints if specified if (!string.IsNullOrEmpty(container.ContainerCreateOptions)) { trace.Info($"Container create options: {container.ContainerCreateOptions}"); if (container.ContainerCreateOptions.Contains("--memory")) { trace.Info("Container has memory constraints specified"); } if (container.ContainerCreateOptions.Contains("--cpus")) { trace.Info("Container has CPU constraints specified"); } if (container.ContainerCreateOptions.Contains("--ulimit")) { trace.Info("Container has ulimit constraints specified"); } } container.ContainerId = await _dockerManger.DockerCreate(executionContext, container); ArgUtil.NotNullOrEmpty(container.ContainerId, nameof(container.ContainerId)); if (container.IsJobContainer) { executionContext.Variables.Set(Constants.Variables.Agent.ContainerId, container.ContainerId); trace.Info($"Set job container ID variable: {container.ContainerId}"); } // Start container executionContext.Output("Starting Docker container..."); int startExitCode = await _dockerManger.DockerStart(executionContext, container.ContainerId); if (startExitCode != 0) { throw new InvalidOperationException($"Docker start failed with exit code {startExitCode} for container {container.ContainerId}"); } executionContext.Output("Container started successfully"); try { trace.Info("Verifying container is running..."); // Make sure container is up and running var psOutputs = await _dockerManger.DockerPS(executionContext, $"--all --filter id={container.ContainerId} --filter status=running --no-trunc --format \"{{{{.ID}}}} {{{{.Status}}}}\""); if (psOutputs.FirstOrDefault(x => !string.IsNullOrEmpty(x))?.StartsWith(container.ContainerId) != true) { // container is not up and running, pull docker log for this container. await _dockerManger.DockerPS(executionContext, $"--all --filter id={container.ContainerId} --no-trunc --format \"{{{{.ID}}}} {{{{.Status}}}}\""); int logsExitCode = await _dockerManger.DockerLogs(executionContext, container.ContainerId); if (logsExitCode != 0) { executionContext.Warning($"Docker logs fail with exit code {logsExitCode}"); } executionContext.Warning($"Docker container {container.ContainerId} is not in running state."); } else if (useAgentNode && (useNode20ToStartContainer || useNode24ToStartContainer)) { bool containerStartupCompleted = false; int containerStartupTimeoutInMilliseconds = 10000; int delayInMilliseconds = 100; int checksCount = 0; trace.Info("Checking which Node.js version container can run..."); while (true) { List containerLogs = await _dockerManger.GetDockerLogs(executionContext, container.ContainerId); foreach (string logLine in containerLogs) { if (logLine.Contains(labelContainerStartupUsingNode24)) { executionContext.Debug("Using Node 24 for container startup."); containerStartupCompleted = true; container.ResultNodePath = node24ContainerPath; break; } else if (logLine.Contains(labelContainerStartupUsingNode20)) { string warningMsg = useNode24ToStartContainer ? "Cannot run Node 24 in container. Falling back to Node 20 for container startup." : "Using Node 20 for container startup."; executionContext.Warning(warningMsg); containerStartupCompleted = true; container.ResultNodePath = node20ContainerPath; break; } else if (logLine.Contains(labelContainerStartupUsingNode16)) { string warningMsg = useNode24ToStartContainer ? "Cannot run Node 24 and Node 20 in container. Falling back to Node 16 for container startup." : "Cannot run Node 20 in container. Falling back to Node 16 for container startup."; executionContext.Warning(warningMsg); containerStartupCompleted = true; container.ResultNodePath = node16ContainerPath; break; } else if (logLine.Contains(labelContainerStartupFailed)) { string errorMsg = useNode24ToStartContainer ? "Cannot run Node 24, Node 20, and Node 16 in container. Container startup failed." : "Cannot run both Node 20 and Node 16 in container. Container startup failed."; executionContext.Error(errorMsg); containerStartupCompleted = true; break; } } if (containerStartupCompleted) { break; } checksCount++; if (checksCount * delayInMilliseconds > containerStartupTimeoutInMilliseconds) { executionContext.Warning("Can not get startup status from container."); break; } await Task.Delay(delayInMilliseconds); } } } catch (Exception ex) { // pull container log is best effort. Trace.Error("Catch exception when check container log and container status."); Trace.Error(ex); } // Get port mappings of running container if (!container.IsJobContainer) { container.AddPortMappings(await _dockerManger.DockerPort(executionContext, container.ContainerId)); foreach (var port in container.PortMappings) { executionContext.Variables.Set( $"{Constants.Variables.Agent.ServicePortPrefix}.{container.ContainerNetworkAlias}.ports.{port.ContainerPort}", $"{port.HostPort}"); } } if (!PlatformUtil.RunningOnWindows) { if (container.IsJobContainer) { executionContext.Debug("Configuring container user account"); // Ensure bash exist in the image await DockerExec(executionContext, container.ContainerId, $"sh -c \"command -v bash\""); // Get current username trace.Info("Retrieving host user information..."); container.CurrentUserName = (await ExecuteCommandAsync(executionContext, "whoami", string.Empty)).FirstOrDefault(); ArgUtil.NotNullOrEmpty(container.CurrentUserName, nameof(container.CurrentUserName)); // Get current userId container.CurrentUserId = (await ExecuteCommandAsync(executionContext, "id", $"-u {container.CurrentUserName}")).FirstOrDefault(); ArgUtil.NotNullOrEmpty(container.CurrentUserId, nameof(container.CurrentUserId)); // Get current groupId container.CurrentGroupId = (await ExecuteCommandAsync(executionContext, "id", $"-g {container.CurrentUserName}")).FirstOrDefault(); ArgUtil.NotNullOrEmpty(container.CurrentGroupId, nameof(container.CurrentGroupId)); // Get current group name container.CurrentGroupName = (await ExecuteCommandAsync(executionContext, "id", $"-gn {container.CurrentUserName}")).FirstOrDefault(); ArgUtil.NotNullOrEmpty(container.CurrentGroupName, nameof(container.CurrentGroupName)); trace.Info($"Host user: {container.CurrentUserName} (UID: {container.CurrentUserId}, GID: {container.CurrentGroupId}, Group: {container.CurrentGroupName})"); executionContext.Output(StringUtil.Loc("CreateUserWithSameUIDInsideContainer", container.CurrentUserId)); // Create an user with same uid as the agent run as user inside the container. // All command execute in docker will run as Root by default, // this will cause the agent on the host machine doesn't have permission to any new file/folder created inside the container. // So, we create a user account with same UID inside the container and let all docker exec command run as that user. string containerUserName = string.Empty; // We need to find out whether there is a user with same UID inside the container trace.Info($"Looking for existing user with UID {container.CurrentUserId} in container..."); List userNames = await DockerExec(executionContext, container.ContainerId, $"bash -c \"getent passwd {container.CurrentUserId} | cut -d: -f1 \""); if (userNames.Count > 0) { trace.Info($"Found {userNames.Count} potential usernames for UID {container.CurrentUserId}: {string.Join(", ", userNames)}"); // check all potential usernames that might match the UID foreach (string username in userNames) { try { await DockerExec(executionContext, container.ContainerId, $"id -u {username}"); containerUserName = username; break; } catch (Exception ex) when (ex is InvalidOperationException) { trace.Info($"User {username} verification failed, checking next candidate"); // check next username } } } else { trace.Info($"No existing users found with UID {container.CurrentUserId}"); } // Determinate if we need to use another primary group for container user. // The user created inside the container must have the same group ID (GID) // as the user on the host on which the agent is running. bool useHostGroupId = false; int hostGroupId; int hostUserId; if (AgentKnobs.UseHostGroupId.GetValue(executionContext).AsBoolean() && int.TryParse(container.CurrentGroupId, out hostGroupId) && int.TryParse(container.CurrentUserId, out hostUserId) && hostGroupId != hostUserId) { Trace.Info($"Host group id ({hostGroupId}) is not matching host user id ({hostUserId}), using {hostGroupId} as a primary GID inside container"); useHostGroupId = true; } bool isAlpineBasedImage = false; string detectAlpineMessage = "Alpine-based image detected."; string detectAlpineCommand = $"bash -c \"if [[ -e '/etc/alpine-release' ]]; then echo '{detectAlpineMessage}'; fi\""; List detectAlpineOutput = await DockerExec(executionContext, container.ContainerId, detectAlpineCommand); if (detectAlpineOutput.Contains(detectAlpineMessage)) { Trace.Info(detectAlpineMessage); isAlpineBasedImage = true; } // List of commands Func addGroup; Func addGroupWithId; Func addUserWithId; Func addUserWithIdAndGroup; Func addUserToGroup; bool useShadowIfAlpine = false; if (isAlpineBasedImage) { List shadowInfoOutput = await DockerExec(executionContext, container.ContainerId, "apk list --installed | grep shadow"); bool shadowPreinstalled = false; foreach (string shadowInfoLine in shadowInfoOutput) { if (shadowInfoLine.Contains("{shadow}", StringComparison.Ordinal)) { Trace.Info("The 'shadow' package is preinstalled and therefore will be used."); shadowPreinstalled = true; break; } } bool userIdIsOutsideAdduserCommandRange = Int64.Parse(container.CurrentUserId) > 256000; if (userIdIsOutsideAdduserCommandRange && !shadowPreinstalled) { Trace.Info("User ID is outside the range of the 'adduser' command, therefore the 'shadow' package will be installed and used."); try { await DockerExec(executionContext, container.ContainerId, "apk add shadow"); } catch (InvalidOperationException) { throw new InvalidOperationException(StringUtil.Loc("ApkAddShadowFailed")); } } useShadowIfAlpine = shadowPreinstalled || userIdIsOutsideAdduserCommandRange; } if (isAlpineBasedImage && !useShadowIfAlpine) { addGroup = (groupName) => $"addgroup {groupName}"; addGroupWithId = (groupName, groupId) => $"addgroup -g {groupId} {groupName}"; addUserWithId = (userName, userId) => $"adduser -D -u {userId} {userName}"; addUserWithIdAndGroup = (userName, userId, groupName) => $"adduser -D -G {groupName} -u {userId} {userName}"; addUserToGroup = (userName, groupName) => $"addgroup {userName} {groupName}"; } else { addGroup = (groupName) => $"groupadd {groupName}"; addGroupWithId = (groupName, groupId) => $"groupadd -g {groupId} {groupName}"; addUserWithId = (userName, userId) => $"useradd -m -u {userId} {userName}"; addUserWithIdAndGroup = (userName, userId, groupName) => $"useradd -m -g {groupName} -u {userId} {userName}"; addUserToGroup = (userName, groupName) => $"usermod -a -G {groupName} {userName}"; } if (string.IsNullOrEmpty(containerUserName)) { trace.Info($"Creating new container user with UID {container.CurrentUserId}"); string nameSuffix = "_azpcontainer"; // Linux allows for a 32-character username containerUserName = KeepAllowedLength(container.CurrentUserName, 32, nameSuffix); trace.Info($"Generated container username: {containerUserName}"); // Create a new user with same UID as on the host string fallback = addUserWithId(containerUserName, container.CurrentUserId); if (useHostGroupId) { try { trace.Info($"Creating user with matching host group ID {container.CurrentGroupId}"); // Linux allows for a 32-character groupname string containerGroupName = KeepAllowedLength(container.CurrentGroupName, 32, nameSuffix); // Create a new user with the same UID and the same GID as on the host await DockerExec(executionContext, container.ContainerId, addGroupWithId(containerGroupName, container.CurrentGroupId)); await DockerExec(executionContext, container.ContainerId, addUserWithIdAndGroup(containerUserName, container.CurrentUserId, containerGroupName)); trace.Info($"Successfully created user {containerUserName} with group {containerGroupName}"); } catch (Exception ex) when (ex is InvalidOperationException) { Trace.Info($"Falling back to the '{fallback}' command."); await DockerExec(executionContext, container.ContainerId, fallback); trace.Info($"Created user using fallback command: {fallback}"); } } else { await DockerExec(executionContext, container.ContainerId, fallback); trace.Info($"Created user using standard command: {fallback}"); } } else { trace.Info($"Using existing container user: {containerUserName}"); } executionContext.Output(StringUtil.Loc("GrantContainerUserSUDOPrivilege", containerUserName)); string sudoGroupName = "azure_pipelines_sudo"; // Create a new group for giving sudo permission await DockerExec(executionContext, container.ContainerId, addGroup(sudoGroupName)); // Add the new created user to the new created sudo group. await DockerExec(executionContext, container.ContainerId, addUserToGroup(containerUserName, sudoGroupName)); // Allow the new sudo group run any sudo command without providing password. await DockerExec(executionContext, container.ContainerId, $"su -c \"echo '%{sudoGroupName} ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers\""); if (AgentKnobs.SetupDockerGroup.GetValue(executionContext).AsBoolean()) { executionContext.Debug($"Docker group setup enabled via agent knob"); executionContext.Output(StringUtil.Loc("AllowContainerUserRunDocker", containerUserName)); // Get docker.sock group id on Host string statFormatOption = "-c %g"; if (PlatformUtil.RunningOnMacOS) { statFormatOption = "-f %g"; } string dockerSockGroupId = (await ExecuteCommandAsync(executionContext, "stat", $"{statFormatOption} /var/run/docker.sock")).FirstOrDefault(); executionContext.Debug($"Host docker.sock group ID: {dockerSockGroupId}"); // We need to find out whether there is a group with same GID inside the container string existingGroupName = null; List groupsOutput = await DockerExec(executionContext, container.ContainerId, $"bash -c \"cat /etc/group\""); if (groupsOutput.Count > 0) { // check all potential groups that might match the GID. foreach (string groupOutput in groupsOutput) { if (!string.IsNullOrEmpty(groupOutput)) { var groupSegments = groupOutput.Split(':'); if (groupSegments.Length != 4) { Trace.Warning($"Unexpected output from /etc/group: '{groupOutput}'"); } else { // the output of /etc/group should looks like `group:x:gid:` var groupName = groupSegments[0]; var groupId = groupSegments[2]; if (string.Equals(dockerSockGroupId, groupId)) { existingGroupName = groupName; break; } } } } } if (string.IsNullOrEmpty(existingGroupName)) { // create a new group with same gid existingGroupName = "azure_pipelines_docker"; executionContext.Debug($"Creating new docker group '{existingGroupName}' with GID {dockerSockGroupId}"); await DockerExec(executionContext, container.ContainerId, addGroupWithId(existingGroupName, dockerSockGroupId)); } else { executionContext.Debug($"Found existing docker group '{existingGroupName}' with matching GID {dockerSockGroupId}"); } // Add the new created user to the docker socket group. await DockerExec(executionContext, container.ContainerId, addUserToGroup(containerUserName, existingGroupName)); // if path to node is just 'node', with no path, let's make sure it is actually there if (string.Equals(container.CustomNodePath, "node", StringComparison.OrdinalIgnoreCase)) { List nodeVersionOutput = await DockerExec(executionContext, container.ContainerId, $"bash -c \"node -v\""); if (nodeVersionOutput.Count > 0) { executionContext.Output($"Detected Node Version: {nodeVersionOutput[0]}"); Trace.Info($"Using node version {nodeVersionOutput[0]} in container {container.ContainerId}"); } else { throw new InvalidOperationException($"Unable to get node version on container {container.ContainerId}. No output from node -v"); } } } if (PlatformUtil.RunningOnLinux) { bool useNode20InUnsupportedSystem = AgentKnobs.UseNode20InUnsupportedSystem.GetValue(executionContext).AsBoolean(); bool useNode24InUnsupportedSystem = AgentKnobs.UseNode24InUnsupportedSystem.GetValue(executionContext).AsBoolean(); if (!useNode24InUnsupportedSystem) { var node24 = container.TranslateToContainerPath(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Externals), NodeHandler.Node24Folder, "bin", $"node{IOUtil.ExeExtension}")); string node24TestCmd = $"bash -c \"{node24} -v\""; List node24VersionOutput = await DockerExec(executionContext, container.ContainerId, node24TestCmd, noExceptionOnError: true); container.NeedsNode20Redirect = WorkerUtilities.IsCommandResultGlibcError(executionContext, node24VersionOutput, out string node24InfoLine); if (container.NeedsNode20Redirect) { PublishTelemetry( executionContext, new Dictionary { { "ContainerNode24to20Fallback", container.NeedsNode20Redirect.ToString() } } ); } } if (!useNode20InUnsupportedSystem && (useNode24InUnsupportedSystem || container.NeedsNode20Redirect)) { var node20 = container.TranslateToContainerPath(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Externals), NodeHandler.Node20_1Folder, "bin", $"node{IOUtil.ExeExtension}")); string node20TestCmd = $"bash -c \"{node20} -v\""; List nodeVersionOutput = await DockerExec(executionContext, container.ContainerId, node20TestCmd, noExceptionOnError: true); container.NeedsNode16Redirect = WorkerUtilities.IsCommandResultGlibcError(executionContext, nodeVersionOutput, out string nodeInfoLine); if (container.NeedsNode16Redirect) { PublishTelemetry( executionContext, new Dictionary { { "ContainerNode20to16Fallback", container.NeedsNode16Redirect.ToString() } } ); } } } if (!string.IsNullOrEmpty(containerUserName)) { container.CurrentUserName = containerUserName; executionContext.Debug($"Container user setup completed. Final user: {containerUserName}"); } executionContext.Debug("Container user setup completed successfully"); } } executionContext.Output("Container startup completed successfully"); Trace.Info($"StartContainerAsync completed for {container.ContainerName} ({container.ContainerId?.Substring(0, 12)})"); } } private async Task StopContainerAsync(IExecutionContext executionContext, ContainerInfo container) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(container, nameof(container)); if (!string.IsNullOrEmpty(container.ContainerId)) { executionContext.Output($"Stop and remove container: {container.ContainerDisplayName}"); int rmExitCode = await _dockerManger.DockerRemove(executionContext, container.ContainerId); if (rmExitCode != 0) { executionContext.Warning($"Docker rm fail with exit code {rmExitCode}"); } } } private async Task> ExecuteCommandAsync(IExecutionContext context, string command, string arg) { context.Command($"{command} {arg}"); List outputs = new List(); object outputLock = new object(); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { if (!string.IsNullOrEmpty(message.Data)) { lock (outputLock) { outputs.Add(message.Data); } } }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { if (!string.IsNullOrEmpty(message.Data)) { lock (outputLock) { outputs.Add(message.Data); } } }; await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: command, arguments: arg, environment: null, requireExitCodeZero: true, outputEncoding: null, cancellationToken: CancellationToken.None); foreach (var outputLine in outputs) { context.Output(outputLine); } return outputs; } private async Task CreateContainerNetworkAsync(IExecutionContext executionContext, string network) { using (Trace.EnteringWithDuration()) { ArgUtil.NotNull(executionContext, nameof(executionContext)); if (network != "host") { int networkExitCode = await _dockerManger.DockerNetworkCreate(executionContext, network); if (networkExitCode != 0) { throw new InvalidOperationException($"Docker network create failed with exit code {networkExitCode}"); } } else { Trace.Info("Skipping creation of a new docker network. Reusing the host network."); } // Expose docker network to env executionContext.Variables.Set(Constants.Variables.Agent.ContainerNetwork, network); } } private async Task RemoveContainerNetworkAsync(IExecutionContext executionContext, string network) { using (Trace.EnteringWithDuration()) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(network, nameof(network)); if (network != "host") { executionContext.Output($"Remove container network: {network}"); int removeExitCode = await _dockerManger.DockerNetworkRemove(executionContext, network); if (removeExitCode != 0) { executionContext.Warning($"Docker network rm failed with exit code {removeExitCode}"); } } // Remove docker network from env executionContext.Variables.Set(Constants.Variables.Agent.ContainerNetwork, null); } } private async Task ContainerHealthcheck(IExecutionContext executionContext, ContainerInfo container) { string healthCheck = "--format=\"{{if .Config.Healthcheck}}{{print .State.Health.Status}}{{end}}\""; string serviceHealth = await _dockerManger.DockerInspect(context: executionContext, dockerObject: container.ContainerId, options: healthCheck); if (string.IsNullOrEmpty(serviceHealth)) { // Container has no HEALTHCHECK return; } var retryCount = 0; while (string.Equals(serviceHealth, "starting", StringComparison.OrdinalIgnoreCase)) { TimeSpan backoff = BackoffTimerHelper.GetExponentialBackoff(retryCount, TimeSpan.FromSeconds(2), TimeSpan.FromSeconds(32), TimeSpan.FromSeconds(2)); executionContext.Output($"{container.ContainerNetworkAlias} service is starting, waiting {backoff.Seconds} seconds before checking again."); await Task.Delay(backoff, executionContext.CancellationToken); serviceHealth = await _dockerManger.DockerInspect(context: executionContext, dockerObject: container.ContainerId, options: healthCheck); retryCount++; } if (string.Equals(serviceHealth, "healthy", StringComparison.OrdinalIgnoreCase)) { executionContext.Output($"{container.ContainerNetworkAlias} service is healthy."); } else { throw new InvalidOperationException($"Failed to initialize, {container.ContainerNetworkAlias} service is {serviceHealth}."); } } private async Task> DockerExec(IExecutionContext context, string containerId, string command, bool noExceptionOnError = false) { Trace.Info($"Docker-exec is going to execute: `{command}`; container id: `{containerId}`"); List output = new List(); int exitCode = await _dockerManger.DockerExec(context, containerId, string.Empty, command, output); string commandOutput = "command does not have output"; if (output.Count > 0) { commandOutput = $"command output: `{output[0]}`"; } for (int i = 1; i < output.Count; i++) { commandOutput += $", `{output[i]}`"; } string message = $"Docker-exec executed: `{command}`; container id: `{containerId}`; exit code: `{exitCode}`; {commandOutput}"; if (exitCode != 0) { Trace.Error(message); if (!noExceptionOnError) { throw new InvalidOperationException(message); } } Trace.Info(message); return output; } private static string KeepAllowedLength(string name, int allowedLength, string suffix = "") { int keepNameLength = Math.Min(allowedLength - suffix.Length, name.Length); return $"{name.Substring(0, keepNameLength)}{suffix}"; } private static void ThrowIfAlreadyInContainer() { if (PlatformUtil.RunningOnWindows) { #pragma warning disable CA1416 // SupportedOSPlatform checks not respected in lambda usage // service CExecSvc is Container Execution Agent. ServiceController[] scServices = ServiceController.GetServices(); if (scServices.Any(x => String.Equals(x.ServiceName, "cexecsvc", StringComparison.OrdinalIgnoreCase) && x.Status == ServiceControllerStatus.Running)) { throw new NotSupportedException(StringUtil.Loc("AgentAlreadyInsideContainer")); } #pragma warning restore CA1416 } else { try { var initProcessCgroup = File.ReadLines("/proc/1/cgroup"); if (initProcessCgroup.Any(x => x.IndexOf(":/docker/", StringComparison.OrdinalIgnoreCase) >= 0)) { throw new NotSupportedException(StringUtil.Loc("AgentAlreadyInsideContainer")); } } catch (Exception ex) when (ex is FileNotFoundException || ex is DirectoryNotFoundException) { // if /proc/1/cgroup doesn't exist, we are not inside a container } } } private static void ThrowIfWrongWindowsVersion(IExecutionContext executionContext) { if (!PlatformUtil.RunningOnWindows) { return; } // Check OS version (Windows server 1803 is required) object windowsInstallationType = Registry.GetValue(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "InstallationType", defaultValue: null); ArgUtil.NotNull(windowsInstallationType, nameof(windowsInstallationType)); executionContext.Debug("Retrieving Windows release ID from registry..."); object windowsReleaseId = Registry.GetValue(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "ReleaseId", defaultValue: null); ArgUtil.NotNull(windowsReleaseId, nameof(windowsReleaseId)); executionContext.Debug($"Current Windows version: '{windowsReleaseId} ({windowsInstallationType})'"); if (int.TryParse(windowsReleaseId.ToString(), out int releaseId)) { if (releaseId < 1903) // >= 1903, support windows client and server { if (!windowsInstallationType.ToString().StartsWith("Server", StringComparison.OrdinalIgnoreCase) || releaseId < 1803) { throw new NotSupportedException(StringUtil.Loc("ContainerWindowsVersionRequirement")); } } } else { throw new ArgumentOutOfRangeException(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ReleaseId"); } } private void PublishTelemetry( IExecutionContext executionContext, object telemetryData, string feature = nameof(ContainerOperationProvider)) { var cmd = new Command("telemetry", "publish") { Data = JsonConvert.SerializeObject(telemetryData, Formatting.None) }; cmd.Properties.Add("area", "PipelinesTasks"); cmd.Properties.Add("feature", feature); var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(HostContext); publishTelemetryCmd.ProcessCommand(executionContext, cmd); } } } ================================================ FILE: src/Agent.Worker/DiagnosticLogManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using System; using System.Collections.Generic; using System.IO; using System.IO.Compression; using System.Text; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Capabilities; using Microsoft.Win32; using System.Diagnostics; using System.Linq; using System.Globalization; using System.Threading; using System.Threading.Tasks; using Agent.Sdk.Knob; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using System.Runtime.Versioning; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(DiagnosticLogManager))] public interface IDiagnosticLogManager : IAgentService { Task UploadDiagnosticLogsAsync(IExecutionContext executionContext, Pipelines.AgentJobRequestMessage message, DateTime jobStartTimeUtc); } // This class manages gathering data for support logs, zipping the data, and uploading it. // The files are created with the following folder structure: // ..\_layout\_work\_temp // \[job name]-support (supportRootFolder) // \files (supportFolder) // ... // support.zip public sealed class DiagnosticLogManager : AgentService, IDiagnosticLogManager { public async Task UploadDiagnosticLogsAsync(IExecutionContext executionContext, Pipelines.AgentJobRequestMessage message, DateTime jobStartTimeUtc) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(message, nameof(message)); executionContext.Debug("Starting diagnostic file upload."); // Setup folders // \_layout\_work\_temp\[jobname-support] executionContext.Debug("Setting up diagnostic log folders."); string tempDirectory = HostContext.GetDirectory(WellKnownDirectory.Temp); ArgUtil.Directory(tempDirectory, nameof(tempDirectory)); string supportRootFolder = Path.Combine(tempDirectory, message.JobName + "-support"); Directory.CreateDirectory(supportRootFolder); // \_layout\_work\_temp\[jobname-support]\files executionContext.Debug("Creating diagnostic log files folder."); string supportFilesFolder = Path.Combine(supportRootFolder, "files"); Directory.CreateDirectory(supportFilesFolder); // Create the environment file // \_layout\_work\_temp\[jobname-support]\files\environment.txt var configurationStore = HostContext.GetService(); AgentSettings settings = configurationStore.GetSettings(); int agentId = settings.AgentId; string agentName = settings.AgentName; int poolId = settings.PoolId; executionContext.Debug("Creating diagnostic log environment file."); string environmentFile = Path.Combine(supportFilesFolder, "environment.txt"); string content = await GetEnvironmentContent(agentId, agentName, message.Steps); File.WriteAllText(environmentFile, content); // Create the capabilities file var capabilitiesManager = HostContext.GetService(); Dictionary capabilities = await capabilitiesManager.GetCapabilitiesAsync(configurationStore.GetSettings(), default(CancellationToken)); executionContext.Debug("Creating capabilities file."); string capabilitiesFile = Path.Combine(supportFilesFolder, "capabilities.txt"); string capabilitiesContent = GetCapabilitiesContent(capabilities); File.WriteAllText(capabilitiesFile, capabilitiesContent); // Copy worker diag log files List workerDiagLogFiles = GetWorkerDiagLogFiles(HostContext.GetDiagDirectory(), jobStartTimeUtc); executionContext.Debug($"Copying {workerDiagLogFiles.Count()} worker diag logs from {HostContext.GetDiagDirectory()}."); foreach (string workerLogFile in workerDiagLogFiles) { ArgUtil.File(workerLogFile, nameof(workerLogFile)); string destination = Path.Combine(supportFilesFolder, Path.GetFileName(workerLogFile)); File.Copy(workerLogFile, destination); } // Copy agent diag log files - we are using the worker Host Context and we need the diag folder form the Agent. List agentDiagLogFiles = GetAgentDiagLogFiles(HostContext.GetDiagDirectory(HostType.Agent), jobStartTimeUtc); executionContext.Debug($"Copying {agentDiagLogFiles.Count()} agent diag logs from {HostContext.GetDiagDirectory(HostType.Agent)}."); foreach (string agentLogFile in agentDiagLogFiles) { ArgUtil.File(agentLogFile, nameof(agentLogFile)); string destination = Path.Combine(supportFilesFolder, Path.GetFileName(agentLogFile)); File.Copy(agentLogFile, destination); } // Read and add to logs waagent.conf settings on Linux if (PlatformUtil.RunningOnLinux) { executionContext.Debug("Dumping of waagent.conf file"); string waagentDumpFile = Path.Combine(supportFilesFolder, "waagentConf.txt"); string configFileName = "waagent.conf"; try { string filePath = Directory.GetFiles("/etc", configFileName).FirstOrDefault(); if (!string.IsNullOrWhiteSpace(filePath)) { string waagentContent = File.ReadAllText(filePath); File.AppendAllText(waagentDumpFile, "waagent.conf settings"); File.AppendAllText(waagentDumpFile, Environment.NewLine); File.AppendAllText(waagentDumpFile, waagentContent); executionContext.Debug("Dumping waagent.conf file is completed."); } else { executionContext.Debug("waagent.conf file wasn't found. Dumping was not done."); } } catch (Exception ex) { string warningMessage = $"Dumping of waagent.conf was not completed successfully. Error message: {ex.Message}"; executionContext.Warning(warningMessage); } } // Copy cloud-init log files from linux machines if (PlatformUtil.RunningOnLinux) { executionContext.Debug("Dumping cloud-init logs."); string logsFilePath = $"{HostContext.GetDiagDirectory()}/cloudinit-{jobStartTimeUtc.ToString("yyyyMMdd-HHmmss")}-logs.tar.gz"; string resultLogs = await DumpCloudInitLogs(logsFilePath); executionContext.Debug(resultLogs); if (File.Exists(logsFilePath)) { string destination = Path.Combine(supportFilesFolder, Path.GetFileName(logsFilePath)); File.Copy(logsFilePath, destination); executionContext.Debug("Cloud-init logs added to the diagnostics archive."); } else { executionContext.Debug("Cloud-init logs were not found."); } executionContext.Debug("Dumping cloud-init logs is ended."); } // Copy event logs for windows machines bool dumpJobEventLogs = AgentKnobs.DumpJobEventLogs.GetValue(executionContext).AsBoolean(); if (dumpJobEventLogs && PlatformUtil.RunningOnWindows) { executionContext.Debug("Dumping event viewer logs for current job."); try { string eventLogsFile = $"{HostContext.GetDiagDirectory()}/EventViewer-{jobStartTimeUtc.ToString("yyyyMMdd-HHmmss")}.csv"; await DumpCurrentJobEventLogs(executionContext, eventLogsFile, jobStartTimeUtc); string destination = Path.Combine(supportFilesFolder, Path.GetFileName(eventLogsFile)); File.Copy(eventLogsFile, destination); } catch (Exception ex) { executionContext.Debug("Failed to dump event viewer logs. Skipping."); executionContext.Debug($"Error message: {ex}"); } } bool dumpPackagesVerificationResult = AgentKnobs.DumpPackagesVerificationResult.GetValue(executionContext).AsBoolean(); if (dumpPackagesVerificationResult && PlatformUtil.RunningOnLinux && !PlatformUtil.RunningOnRHEL6) { executionContext.Debug("Dumping info about invalid MD5 sums of installed packages."); var debsums = WhichUtil.Which("debsums"); if (debsums == null) { executionContext.Debug("Debsums is not installed on the system. Skipping broken packages check."); } else { try { string packageVerificationResults = await GetPackageVerificationResult(debsums); IEnumerable brokenPackagesInfo = packageVerificationResults .Split("\n") .Where((line) => !String.IsNullOrEmpty(line) && !line.EndsWith("OK")); string brokenPackagesLogsPath = $"{HostContext.GetDiagDirectory()}/BrokenPackages-{jobStartTimeUtc.ToString("yyyyMMdd-HHmmss")}.log"; File.AppendAllLines(brokenPackagesLogsPath, brokenPackagesInfo); string destination = Path.Combine(supportFilesFolder, Path.GetFileName(brokenPackagesLogsPath)); File.Copy(brokenPackagesLogsPath, destination); } catch (Exception ex) { executionContext.Debug("Failed to dump broken packages logs. Skipping."); executionContext.Debug($"Error message: {ex}"); } } } else { executionContext.Debug("The platform is not based on Debian - skipping debsums check."); } try { executionContext.Debug("Starting dumping Agent Azure VM extension logs."); bool logsSuccessfullyDumped = DumpAgentExtensionLogs(executionContext, supportFilesFolder, jobStartTimeUtc); if (logsSuccessfullyDumped) { executionContext.Debug("Agent Azure VM extension logs successfully dumped."); } else { executionContext.Debug("Agent Azure VM extension logs not found. Skipping."); } } catch (Exception ex) { executionContext.Debug("Failed to dump Agent Azure VM extension logs. Skipping."); executionContext.Debug($"Error message: {ex}"); } executionContext.Debug("Zipping diagnostic files."); string buildNumber = executionContext.Variables.Build_Number ?? "UnknownBuildNumber"; string buildName = $"Build {buildNumber}"; string phaseName = executionContext.Variables.System_PhaseDisplayName ?? "UnknownPhaseName"; // zip the files string diagnosticsZipFileName = $"{buildName}-{phaseName}.zip"; string diagnosticsZipFilePath = Path.Combine(supportRootFolder, diagnosticsZipFileName); ZipFile.CreateFromDirectory(supportFilesFolder, diagnosticsZipFilePath); // upload the json metadata file executionContext.Debug("Uploading diagnostic metadata file."); string metadataFileName = $"diagnostics-{buildName}-{phaseName}.json"; string metadataFilePath = Path.Combine(supportFilesFolder, metadataFileName); string phaseResult = GetTaskResultAsString(executionContext.Result); IOUtil.SaveObject(new DiagnosticLogMetadata(agentName, agentId, poolId, phaseName, diagnosticsZipFileName, phaseResult), metadataFilePath); executionContext.QueueAttachFile(type: CoreAttachmentType.DiagnosticLog, name: metadataFileName, filePath: metadataFilePath); executionContext.QueueAttachFile(type: CoreAttachmentType.DiagnosticLog, name: diagnosticsZipFileName, filePath: diagnosticsZipFilePath); executionContext.Debug("Diagnostic file upload complete."); } /// /// Dumping Agent Azure VM extension logs to the support files folder. /// /// Execution context to write debug messages. /// Destination folder for files to be dumped. /// Date and time to create timestamp. /// true, if logs have been dumped successfully; otherwise returns false. private bool DumpAgentExtensionLogs(IExecutionContext executionContext, string supportFilesFolder, DateTime jobStartTimeUtc) { string pathToLogs = String.Empty; string archiveName = String.Empty; string timestamp = jobStartTimeUtc.ToString("yyyyMMdd-HHmmss"); if (PlatformUtil.RunningOnWindows) { // the extension creates a subfolder with a version number on Windows, and we're taking the latest one string pathToExtensionVersions = ExtensionPaths.WindowsPathToExtensionVersions; if (!Directory.Exists(pathToExtensionVersions)) { executionContext.Debug("Path to subfolders with Agent Azure VM Windows extension logs (of its different versions) does not exist."); executionContext.Debug($"(directory \"{pathToExtensionVersions}\" not found)"); return false; } string[] subDirs = Directory.GetDirectories(pathToExtensionVersions).Select(dir => Path.GetFileName(dir)).ToArray(); if (subDirs.Length == 0) { executionContext.Debug("Path to Agent Azure VM Windows extension logs (of its different versions) does not contain subfolders."); executionContext.Debug($"(directory \"{pathToExtensionVersions}\" does not contain subdirectories with logs)"); return false; } Version[] versions = subDirs.Select(dir => new Version(dir)).ToArray(); Version maxVersion = versions.Max(); pathToLogs = Path.Combine(pathToExtensionVersions, maxVersion.ToString()); archiveName = $"AgentWindowsExtensionLogs-{timestamp}-utc.zip"; } else if (PlatformUtil.RunningOnLinux) { // the extension does not create a subfolder with a version number on Linux, and we're just taking this folder pathToLogs = ExtensionPaths.LinuxPathToExtensionLogs; if (!Directory.Exists(pathToLogs)) { executionContext.Debug("Path to Agent Azure VM Linux extension logs does not exist."); executionContext.Debug($"(directory \"{pathToLogs}\" not found)"); return false; } archiveName = $"AgentLinuxExtensionLogs-{timestamp}-utc.zip"; } else { executionContext.Debug("Dumping Agent Azure VM extension logs implemented for Windows and Linux only."); return false; } executionContext.Debug($"Path to agent extension logs: {pathToLogs}"); string archivePath = Path.Combine(HostContext.GetDiagDirectory(), archiveName); executionContext.Debug($"Archiving agent extension logs to: {archivePath}"); ZipFile.CreateFromDirectory(pathToLogs, archivePath); string copyPath = Path.Combine(supportFilesFolder, archiveName); executionContext.Debug($"Copying archived agent extension logs to: {copyPath}"); File.Copy(archivePath, copyPath); return true; } /// /// Dumping cloud-init logs to diag folder of agent if cloud-init is installed on current machine. /// /// Path to collect cloud-init logs /// Returns the method execution logs private async Task DumpCloudInitLogs(string logsFile) { var builder = new StringBuilder(); string cloudInit = WhichUtil.Which("cloud-init", trace: Trace); if (string.IsNullOrEmpty(cloudInit)) { return "Cloud-init isn't found on current machine."; } string arguments = $"collect-logs -t \"{logsFile}\""; try { using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { builder.AppendLine(args.Data); }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { builder.AppendLine(args.Data); }; await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Bin), fileName: cloudInit, arguments: arguments, environment: null, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, cancellationToken: default(CancellationToken)); } } catch (Exception ex) { builder.AppendLine(ex.Message); } return builder.ToString(); } private string GetCapabilitiesContent(Dictionary capabilities) { var builder = new StringBuilder(); builder.AppendLine("Capabilities"); builder.AppendLine(""); foreach (string key in capabilities.Keys) { builder.Append(key); if (!string.IsNullOrEmpty(capabilities[key])) { builder.Append($" = {capabilities[key]}"); } builder.AppendLine(); } return builder.ToString(); } private string GetTaskResultAsString(TaskResult? taskResult) { if (!taskResult.HasValue) { return "Unknown"; } return taskResult.ToString(); } // The current solution is a hack. We need to rethink this and find a better one. // The list of worker log files isn't available from the logger. It's also nested several levels deep. // For this solution we deduce the applicable worker log files by comparing their create time to the start time of the job. private List GetWorkerDiagLogFiles(string diagFolder, DateTime jobStartTimeUtc) { // Get all worker log files with a timestamp equal or greater than the start of the job var workerLogFiles = new List(); var directoryInfo = new DirectoryInfo(diagFolder); // Sometimes the timing is off between the job start time and the time the worker log file is created. // This adds a small buffer that provides some leeway in case the worker log file was created slightly // before the time we log as job start time. int bufferInSeconds = -30; DateTime searchTimeUtc = jobStartTimeUtc.AddSeconds(bufferInSeconds); foreach (FileInfo file in directoryInfo.GetFiles().Where(f => f.Name.StartsWith($"{HostType.Worker}_"))) { // The format of the logs is: // Worker_20171003-143110-utc.log DateTime fileCreateTime = DateTime.ParseExact(s: file.Name.Substring(startIndex: 7, length: 15), format: "yyyyMMdd-HHmmss", provider: CultureInfo.InvariantCulture); if (fileCreateTime >= searchTimeUtc) { workerLogFiles.Add(file.FullName); } } return workerLogFiles; } private List GetAgentDiagLogFiles(string diagFolder, DateTime jobStartTimeUtc) { // Get the newest agent log file that created just before the start of the job var agentLogFiles = new List(); var directoryInfo = new DirectoryInfo(diagFolder); // The agent log that record the start point of the job should created before the job start time. // The agent log may get paged if it reach size limit. // We will only need upload 1 agent log file in 99%. // There might be 1% we need to upload 2 agent log files. String recentLog = null; DateTime recentTimeUtc = DateTime.MinValue; foreach (FileInfo file in directoryInfo.GetFiles().Where(f => f.Name.StartsWith($"{HostType.Agent}_"))) { // The format of the logs is: // Agent_20171003-143110-utc.log if (DateTime.TryParseExact(s: file.Name.Substring(startIndex: 6, length: 15), format: "yyyyMMdd-HHmmss", provider: CultureInfo.InvariantCulture, style: DateTimeStyles.None, result: out DateTime fileCreateTime)) { // always add log file created after the job start. if (fileCreateTime >= jobStartTimeUtc) { agentLogFiles.Add(file.FullName); } else if (fileCreateTime > recentTimeUtc) { recentLog = file.FullName; recentTimeUtc = fileCreateTime; } } } if (!String.IsNullOrEmpty(recentLog)) { agentLogFiles.Add(recentLog); } return agentLogFiles; } private async Task GetEnvironmentContent(int agentId, string agentName, IList steps) { if (PlatformUtil.RunningOnWindows) { return await GetEnvironmentContentWindows(agentId, agentName, steps); } return await GetEnvironmentContentNonWindows(agentId, agentName, steps); } [SupportedOSPlatform("windows")] private async Task GetEnvironmentContentWindows(int agentId, string agentName, IList steps) { var builder = new StringBuilder(); builder.AppendLine($"Environment file created at(UTC): {DateTime.UtcNow}"); // TODO: Format this like we do in other places. builder.AppendLine($"Agent Version: {BuildConstants.AgentPackage.Version}"); builder.AppendLine($"Agent Id: {agentId}"); builder.AppendLine($"Agent Name: {agentName}"); builder.AppendLine($"OS: {System.Runtime.InteropServices.RuntimeInformation.OSDescription}"); builder.AppendLine("Steps:"); foreach (Pipelines.TaskStep task in steps.OfType()) { builder.AppendLine($"\tName: {task.Reference.Name} Version: {task.Reference.Version}"); } // windows defender on/off builder.AppendLine($"Defender enabled: {IsDefenderEnabled()}"); // firewall on/off builder.AppendLine($"Firewall enabled: {IsFirewallEnabled()}"); // $psversiontable builder.AppendLine("Powershell Version Info:"); builder.AppendLine(await GetPsVersionInfo()); builder.AppendLine(await GetLocalGroupMembership()); return builder.ToString(); } // Returns whether or not Windows Defender is running. private bool IsDefenderEnabled() { return Process.GetProcessesByName("MsMpEng.exe").FirstOrDefault() != null; } // Returns whether or not the Windows firewall is enabled. [SupportedOSPlatform("windows")] private bool IsFirewallEnabled() { try { using (RegistryKey key = Registry.LocalMachine.OpenSubKey("System\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile")) { if (key == null) { return false; } Object o = key.GetValue("EnableFirewall"); if (o == null) { return false; } int firewall = (int)o; if (firewall == 1) { return true; } return false; } } catch { return false; } } [SupportedOSPlatform("windows")] private async Task GetPsVersionInfo() { var builder = new StringBuilder(); string powerShellExe = HostContext.GetService().GetPath(); string arguments = @"Write-Host ($PSVersionTable | Out-String)"; using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { builder.AppendLine(args.Data); }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { builder.AppendLine(args.Data); }; await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Bin), fileName: powerShellExe, arguments: arguments, environment: null, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, cancellationToken: default(CancellationToken)); } return builder.ToString(); } /// /// Gathers a list of local group memberships for the current user. /// [SupportedOSPlatform("windows")] private async Task GetLocalGroupMembership() { var builder = new StringBuilder(); string powerShellExe = HostContext.GetService().GetPath(); string scriptFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), "powershell", "Get-LocalGroupMembership.ps1").Replace("'", "''"); ArgUtil.File(scriptFile, nameof(scriptFile)); string arguments = $@"-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy RemoteSigned -Command "". '{scriptFile}'"""; try { using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { builder.AppendLine(args.Data); }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { builder.AppendLine(args.Data); }; await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Bin), fileName: powerShellExe, arguments: arguments, environment: null, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, cancellationToken: default(CancellationToken)); } } catch (Exception ex) { builder.AppendLine(ex.Message); } return builder.ToString(); } private async Task GetEnvironmentContentNonWindows(int agentId, string agentName, IList steps) { var builder = new StringBuilder(); builder.AppendLine($"Environment file created at(UTC): {DateTime.UtcNow}"); // TODO: Format this like we do in other places. builder.AppendLine($"Agent Version: {BuildConstants.AgentPackage.Version}"); builder.AppendLine($"Agent Id: {agentId}"); builder.AppendLine($"Agent Name: {agentName}"); builder.AppendLine($"OS: {System.Runtime.InteropServices.RuntimeInformation.OSDescription}"); builder.AppendLine($"User groups: {await GetUserGroupsOnNonWindows()}"); builder.AppendLine("Steps:"); foreach (Pipelines.TaskStep task in steps.OfType()) { builder.AppendLine($"\tName: {task.Reference.Name} Version: {task.Reference.Version}"); } return builder.ToString(); } /// /// Get user groups on a non-windows platform using core utility "id". /// /// Returns the string with user groups private async Task GetUserGroupsOnNonWindows() { var idUtil = WhichUtil.Which("id"); var stringBuilder = new StringBuilder(); try { using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs mes) => { stringBuilder.AppendLine(mes.Data); }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs mes) => { stringBuilder.AppendLine(mes.Data); }; await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Bin), fileName: idUtil, arguments: "-nG", environment: null, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, cancellationToken: default(CancellationToken) ); } } catch (Exception ex) { stringBuilder.AppendLine(ex.Message); } return stringBuilder.ToString(); } // Collects Windows event logs that appeared during the job execution. // Dumps the gathered info into a separate file since the logs are long. [SupportedOSPlatform("windows")] private async Task DumpCurrentJobEventLogs(IExecutionContext executionContext, string logFile, DateTime jobStartTimeUtc) { string startDate = jobStartTimeUtc.ToString("u"); string endDate = DateTime.UtcNow.ToString("u"); string powerShellExe = HostContext.GetService().GetPath(); string arguments = $@" Get-WinEvent -ListLog * | where {{ $_.RecordCount -gt 0 }} ` | ForEach-Object {{ Get-WinEvent -ErrorAction SilentlyContinue -FilterHashtable @{{ LogName=$_.LogName; StartTime='{startDate}'; EndTime='{endDate}'; }} }} ` | Export-CSV {logFile}"; using (var processInvoker = HostContext.CreateService()) { await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Bin), fileName: powerShellExe, arguments: arguments, environment: null, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, cancellationToken: default(CancellationToken)); } } /// /// Git package verification result using the "debsums" utility. /// /// String with the "debsums" output private async Task GetPackageVerificationResult(string debsumsPath) { var stringBuilder = new StringBuilder(); using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs mes) => { stringBuilder.AppendLine(mes.Data); }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs mes) => { stringBuilder.AppendLine(mes.Data); }; await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Bin), fileName: debsumsPath, arguments: string.Empty, environment: null, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, cancellationToken: default(CancellationToken) ); } return stringBuilder.ToString(); } } internal static class ExtensionPaths { public static readonly String WindowsPathToExtensionVersions = "C:\\WindowsAzure\\Logs\\Plugins\\Microsoft.VisualStudio.Services.TeamServicesAgent"; public static readonly String LinuxPathToExtensionLogs = "/var/log/azure/Microsoft.VisualStudio.Services.TeamServicesAgentLinux"; } } ================================================ FILE: src/Agent.Worker/ExecutionContext.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using System; using System.Collections.Generic; using System.Collections.Specialized; using System.IO; using System.Linq; using System.Text.RegularExpressions; using System.Threading; using System.Threading.Tasks; using System.Web; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Newtonsoft.Json; namespace Microsoft.VisualStudio.Services.Agent.Worker { public class ExecutionContextType { public static string Job = "Job"; public static string Task = "Task"; } [ServiceLocator(Default = typeof(ExecutionContext))] public interface IExecutionContext : IAgentService, IKnobValueContext { Guid Id { get; } Task ForceCompleted { get; } TaskResult? Result { get; set; } string ResultCode { get; set; } TaskResult? CommandResult { get; set; } CancellationToken CancellationToken { get; } List Endpoints { get; } List SecureFiles { get; } List Repositories { get; } Dictionary JobSettings { get; } PlanFeatures Features { get; } Variables Variables { get; } Variables TaskVariables { get; } HashSet OutputVariables { get; } List AsyncCommands { get; } List PrependPath { get; } List Containers { get; } List SidecarContainers { get; } List Restrictions { get; } // Initialize void InitializeJob(Pipelines.AgentJobRequestMessage message, CancellationToken token); void CancelToken(); IExecutionContext CreateChild(Guid recordId, string displayName, string refName, Variables taskVariables = null, bool outputForward = false, List taskRestrictions = null); // logging bool WriteDebug { get; } long Write(string tag, string message, bool canMaskSecrets = true); void QueueAttachFile(string type, string name, string filePath); ITraceWriter GetTraceWriter(); // correlation context for enhanced tracing void SetCorrelationStep(string stepId); void ClearCorrelationStep(); void SetCorrelationTask(string taskId); void ClearCorrelationTask(); string BuildCorrelationId(); // timeline record update methods void Start(string currentOperation = null); TaskResult Complete(TaskResult? result = null, string currentOperation = null, string resultCode = null); void SetVariable(string name, string value, bool isSecret = false, bool isOutput = false, bool isFilePath = false, bool isReadOnly = false, bool preserveCase = false); void SetTimeout(TimeSpan? timeout); void AddIssue(Issue issue); void Progress(int percentage, string currentOperation = null); void UpdateDetailTimelineRecord(TimelineRecord record); // others void ForceTaskComplete(); string TranslateToHostPath(string path); ExecutionTargetInfo StepTarget(); void SetStepTarget(Pipelines.StepTarget target); string TranslatePathForStepTarget(string val); IHostContext GetHostContext(); /// /// Re-initializes force completed - between next retry attempt /// /// void ReInitializeForceCompleted(); /// /// Cancel force task completion between retry attempts /// /// void CancelForceTaskCompletion(); void EmitHostNode20FallbackTelemetry(bool node20ResultsInGlibCErrorHost); void EmitHostNode24FallbackTelemetry(bool node24ResultsInGlibCErrorHost); void PublishTaskRunnerTelemetry(Dictionary taskRunnerData); } public sealed class ExecutionContext : AgentService, IExecutionContext, ICorrelationContext, IDisposable { private const int _maxIssueCount = 10; private readonly TimelineRecord _record = new TimelineRecord(); private readonly Dictionary _detailRecords = new Dictionary(); private readonly object _loggerLock = new object(); private readonly List _asyncCommands = new List(); private readonly HashSet _outputvariables = new HashSet(StringComparer.OrdinalIgnoreCase); private readonly List _restrictions = new List(); private readonly string _buildLogsFolderName = "buildlogs"; private readonly AsyncLocal _correlationStep = new AsyncLocal(); private readonly AsyncLocal _correlationTask = new AsyncLocal(); private IAgentLogPlugin _logPlugin; private IPagingLogger _logger; private IJobServerQueue _jobServerQueue; private IExecutionContext _parentExecutionContext; private bool _outputForward = false; private Guid _mainTimelineId; private Guid _detailTimelineId; private int _childTimelineRecordOrder = 0; private CancellationTokenSource _cancellationTokenSource; private CancellationTokenSource _forceCompleteCancellationTokenSource = new CancellationTokenSource(); private TaskCompletionSource _forceCompleted = new TaskCompletionSource(); private bool _throttlingReported = false; private ExecutionTargetInfo _defaultStepTarget; private ExecutionTargetInfo _currentStepTarget; private LogsStreamingOptions _logsStreamingOptions; private string _buildLogsFolderPath; private string _buildLogsFile; private FileStream _buildLogsData; private StreamWriter _buildLogsWriter; private bool emittedHostNode20FallbackTelemetry = false; private bool emittedHostNode24FallbackTelemetry = false; // only job level ExecutionContext will track throttling delay. private long _totalThrottlingDelayInMilliseconds = 0; public Guid Id => _record.Id; public Task ForceCompleted => _forceCompleted.Task; public CancellationToken CancellationToken => _cancellationTokenSource.Token; public CancellationToken ForceCompleteCancellationToken => _forceCompleteCancellationTokenSource.Token; public List Endpoints { get; private set; } public List SecureFiles { get; private set; } public List Repositories { get; private set; } public Dictionary JobSettings { get; private set; } public Variables Variables { get; private set; } public Variables TaskVariables { get; private set; } public HashSet OutputVariables => _outputvariables; public bool WriteDebug { get; private set; } public List PrependPath { get; private set; } public List Containers { get; private set; } public List SidecarContainers { get; private set; } public List Restrictions => _restrictions; public List AsyncCommands => _asyncCommands; public TaskResult? Result { get { return _record.Result; } set { _record.Result = value; } } public TaskResult? CommandResult { get; set; } private string ContextType => _record.RecordType; public string ResultCode { get { return _record.ResultCode; } set { _record.ResultCode = value; } } public PlanFeatures Features { get; private set; } public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); var agentSettings = HostContext.GetService().GetSettings(); _logsStreamingOptions = LogsStreamingOptions.StreamToServer; if (agentSettings.ReStreamLogsToFiles) { _logsStreamingOptions |= LogsStreamingOptions.StreamToFiles; } else if (agentSettings.DisableLogUploads) { _logsStreamingOptions = LogsStreamingOptions.StreamToFiles; } Trace.Info($"Logs streaming mode: {_logsStreamingOptions}"); if (_logsStreamingOptions.HasFlag(LogsStreamingOptions.StreamToFiles)) { _buildLogsFolderPath = Path.Combine(hostContext.GetDiagDirectory(), _buildLogsFolderName); Directory.CreateDirectory(_buildLogsFolderPath); } _jobServerQueue = HostContext.GetService(); // Register this ExecutionContext for enhanced correlation HostContext.CorrelationContextManager.SetCurrentExecutionContext(this); } public void CancelToken() { _cancellationTokenSource.Cancel(); } public void ForceTaskComplete() { Trace.Info("Force finish current task in 5 sec."); Task.Run(async () => { await Task.Delay(TimeSpan.FromSeconds(5), ForceCompleteCancellationToken); if (!ForceCompleteCancellationToken.IsCancellationRequested) { _forceCompleted?.TrySetResult(1); } }); } public void CancelForceTaskCompletion() { Trace.Info($"Forced completion canceled"); this._forceCompleteCancellationTokenSource.Cancel(); } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1721: Property names should not match get methods")] public IHostContext GetHostContext() { return HostContext; } public IExecutionContext CreateChild(Guid recordId, string displayName, string refName, Variables taskVariables = null, bool outputForward = false, List taskRestrictions = null) { Trace.Entering(); var child = new ExecutionContext(); child.Initialize(HostContext); child.Features = Features; child.Variables = Variables; child.Endpoints = Endpoints; child.Repositories = Repositories; child.JobSettings = JobSettings; child.SecureFiles = SecureFiles; child.TaskVariables = taskVariables; child._cancellationTokenSource = new CancellationTokenSource(); child.WriteDebug = WriteDebug; child._parentExecutionContext = this; child.PrependPath = PrependPath; child.Containers = Containers; child.SidecarContainers = SidecarContainers; child._outputForward = outputForward; child._defaultStepTarget = _defaultStepTarget; child._currentStepTarget = _currentStepTarget; if (taskRestrictions != null) { child.Restrictions.AddRange(taskRestrictions); } child.InitializeTimelineRecord(_mainTimelineId, recordId, _record.Id, ExecutionContextType.Task, displayName, refName, ++_childTimelineRecordOrder); child._logger = HostContext.CreateService(); child._logger.Setup(_mainTimelineId, recordId); return child; } public void Start(string currentOperation = null) { _record.CurrentOperation = currentOperation ?? _record.CurrentOperation; _record.StartTime = DateTime.UtcNow; _record.State = TimelineRecordState.InProgress; if (AgentKnobs.EnableImmediateTimelineRecordUpdates.GetValue(this).AsBoolean()) { //update the state immediately on server _jobServerQueue.UpdateStateOnServer(_mainTimelineId, _record); } else { _jobServerQueue.QueueTimelineRecordUpdate(_mainTimelineId, _record); } if (_logsStreamingOptions.HasFlag(LogsStreamingOptions.StreamToFiles)) { var buildLogsJobFolder = Path.Combine(_buildLogsFolderPath, _mainTimelineId.ToString()); Directory.CreateDirectory(buildLogsJobFolder); string pattern = new string(Path.GetInvalidFileNameChars()) + new string(Path.GetInvalidPathChars()); Regex regex = new Regex(string.Format("[{0}]", Regex.Escape(pattern))); var recordName = regex.Replace(_record.Name, string.Empty); _buildLogsFile = Path.Combine(buildLogsJobFolder, $"{recordName}-{_record.Id.ToString()}.log"); _buildLogsData = new FileStream(_buildLogsFile, FileMode.CreateNew); _buildLogsWriter = new StreamWriter(_buildLogsData, System.Text.Encoding.UTF8); if (_logsStreamingOptions.HasFlag(LogsStreamingOptions.StreamToServerAndFiles)) { _logger.Write(StringUtil.Loc("LogOutputMessage", _buildLogsFile)); } else { _logger.Write(StringUtil.Loc("BuildLogsMessage", _buildLogsFile)); } } } public TaskResult Complete(TaskResult? result = null, string currentOperation = null, string resultCode = null) { if (result != null) { Result = result; } if (_logsStreamingOptions.HasFlag(LogsStreamingOptions.StreamToFiles)) { _buildLogsWriter.Flush(); _buildLogsData.Flush(); //The StreamWriter object calls Dispose() on the provided Stream object when StreamWriter.Dispose is called. _buildLogsWriter.Dispose(); _buildLogsWriter = null; _buildLogsData.Dispose(); _buildLogsData = null; } // report total delay caused by server throttling. if (_totalThrottlingDelayInMilliseconds > 0) { this.Warning(StringUtil.Loc("TotalThrottlingDelay", TimeSpan.FromMilliseconds(_totalThrottlingDelayInMilliseconds).TotalSeconds)); } if (!AgentKnobs.DisableDrainQueuesAfterTask.GetValue(this).AsBoolean()) { _jobServerQueue.ForceDrainWebConsoleQueue = true; _jobServerQueue.ForceDrainTimelineQueue = true; } _record.CurrentOperation = currentOperation ?? _record.CurrentOperation; _record.ResultCode = resultCode ?? _record.ResultCode; _record.FinishTime = DateTime.UtcNow; _record.PercentComplete = 100; _record.Result = _record.Result ?? TaskResult.Succeeded; _record.State = TimelineRecordState.Completed; _jobServerQueue.QueueTimelineRecordUpdate(_mainTimelineId, _record); // complete all detail timeline records. if (_detailTimelineId != Guid.Empty && _detailRecords.Count > 0) { foreach (var record in _detailRecords) { record.Value.FinishTime = record.Value.FinishTime ?? DateTime.UtcNow; record.Value.PercentComplete = record.Value.PercentComplete ?? 100; record.Value.Result = record.Value.Result ?? TaskResult.Succeeded; record.Value.State = TimelineRecordState.Completed; _jobServerQueue.QueueTimelineRecordUpdate(_detailTimelineId, record.Value); } } _cancellationTokenSource?.Dispose(); _logger.End(); return Result.Value; } public void SetVariable(string name, string value, bool isSecret = false, bool isOutput = false, bool isFilePath = false, bool isReadOnly = false, bool preserveCase = false) { ArgUtil.NotNullOrEmpty(name, nameof(name)); if (isOutput || OutputVariables.Contains(name)) { _record.Variables[name] = new VariableValue() { Value = value, IsSecret = isSecret }; _jobServerQueue.QueueTimelineRecordUpdate(_mainTimelineId, _record); ArgUtil.NotNullOrEmpty(_record.RefName, nameof(_record.RefName)); Variables.Set($"{_record.RefName}.{name}", value, secret: isSecret, readOnly: (isOutput || isReadOnly), preserveCase: preserveCase); } else { Variables.Set(name, value, secret: isSecret, readOnly: isReadOnly, preserveCase: preserveCase); } } public void SetTimeout(TimeSpan? timeout) { if (timeout != null) { _cancellationTokenSource.CancelAfter(timeout.Value); } } public void Progress(int percentage, string currentOperation = null) { if (percentage > 100 || percentage < 0) { throw new ArgumentOutOfRangeException(nameof(percentage)); } _record.CurrentOperation = currentOperation ?? _record.CurrentOperation; _record.PercentComplete = Math.Max(percentage, _record.PercentComplete.Value); _jobServerQueue.QueueTimelineRecordUpdate(_mainTimelineId, _record); } // This is not thread safe, the caller need to take lock before calling issue() public void AddIssue(Issue issue) { ArgUtil.NotNull(issue, nameof(issue)); issue.Message = HostContext.SecretMasker.MaskSecrets(issue.Message); if (issue.Type == IssueType.Error) { // tracking line number for each issue in log file // log UI use this to navigate from issue to log if (!string.IsNullOrEmpty(issue.Message)) { long logLineNumber = Write(WellKnownTags.Error, issue.Message); issue.Data["logFileLineNumber"] = logLineNumber.ToString(); } if (_record.ErrorCount < _maxIssueCount) { _record.Issues.Add(issue); } _record.ErrorCount++; } else if (issue.Type == IssueType.Warning) { // tracking line number for each issue in log file // log UI use this to navigate from issue to log if (!string.IsNullOrEmpty(issue.Message)) { long logLineNumber = Write(WellKnownTags.Warning, issue.Message); issue.Data["logFileLineNumber"] = logLineNumber.ToString(); } if (_record.WarningCount < _maxIssueCount) { _record.Issues.Add(issue); } _record.WarningCount++; } _jobServerQueue.QueueTimelineRecordUpdate(_mainTimelineId, _record); } public void UpdateDetailTimelineRecord(TimelineRecord record) { ArgUtil.NotNull(record, nameof(record)); if (record.RecordType == ExecutionContextType.Job) { throw new ArgumentOutOfRangeException(nameof(record)); } if (_detailTimelineId == Guid.Empty) { // create detail timeline _detailTimelineId = Guid.NewGuid(); _record.Details = new Timeline(_detailTimelineId); _jobServerQueue.QueueTimelineRecordUpdate(_mainTimelineId, _record); } TimelineRecord existRecord; if (_detailRecords.TryGetValue(record.Id, out existRecord)) { existRecord.Name = record.Name ?? existRecord.Name; existRecord.RecordType = record.RecordType ?? existRecord.RecordType; existRecord.Order = record.Order ?? existRecord.Order; existRecord.ParentId = record.ParentId ?? existRecord.ParentId; existRecord.StartTime = record.StartTime ?? existRecord.StartTime; existRecord.FinishTime = record.FinishTime ?? existRecord.FinishTime; existRecord.PercentComplete = record.PercentComplete ?? existRecord.PercentComplete; existRecord.CurrentOperation = record.CurrentOperation ?? existRecord.CurrentOperation; existRecord.Result = record.Result ?? existRecord.Result; existRecord.ResultCode = record.ResultCode ?? existRecord.ResultCode; existRecord.State = record.State ?? existRecord.State; _jobServerQueue.QueueTimelineRecordUpdate(_detailTimelineId, existRecord); } else { _detailRecords[record.Id] = record; _jobServerQueue.QueueTimelineRecordUpdate(_detailTimelineId, record); } } public void InitializeJob(Pipelines.AgentJobRequestMessage message, CancellationToken token) { // Validation Trace.Entering(); ArgUtil.NotNull(message, nameof(message)); ArgUtil.NotNull(message.Resources, nameof(message.Resources)); ArgUtil.NotNull(message.Variables, nameof(message.Variables)); ArgUtil.NotNull(message.Plan, nameof(message.Plan)); _cancellationTokenSource = CancellationTokenSource.CreateLinkedTokenSource(token); // Features Features = PlanUtil.GetFeatures(message.Plan); // Endpoints Endpoints = message.Resources.Endpoints; // SecureFiles SecureFiles = message.Resources.SecureFiles; // Repositories Repositories = message.Resources.Repositories; // JobSettings var checkouts = message.Steps?.Where(x => Pipelines.PipelineConstants.IsCheckoutTask(x)).ToList(); JobSettings = new Dictionary(StringComparer.OrdinalIgnoreCase); JobSettings[WellKnownJobSettings.HasMultipleCheckouts] = Boolean.FalseString; JobSettings[WellKnownJobSettings.CommandCorrelationId] = Guid.NewGuid().ToString(); if (checkouts != null && checkouts.Count > 0) { JobSettings[WellKnownJobSettings.HasMultipleCheckouts] = checkouts.Count > 1 ? Boolean.TrueString : Boolean.FalseString; var firstCheckout = checkouts.First() as Pipelines.TaskStep; if (firstCheckout != null && Repositories != null && firstCheckout.Inputs.TryGetValue(Pipelines.PipelineConstants.CheckoutTaskInputs.Repository, out string repoAlias)) { JobSettings[WellKnownJobSettings.FirstRepositoryCheckedOut] = repoAlias; var repo = Repositories.Find(r => String.Equals(r.Alias, repoAlias, StringComparison.OrdinalIgnoreCase)); if (repo != null) { repo.Properties.Set(RepositoryUtil.IsPrimaryRepository, true); } } var defaultWorkingDirectoryCheckout = Build.BuildJobExtension.GetDefaultWorkingDirectoryCheckoutTask(message.Steps); if (Repositories != null && defaultWorkingDirectoryCheckout != null && defaultWorkingDirectoryCheckout.Inputs.TryGetValue(Pipelines.PipelineConstants.CheckoutTaskInputs.Repository, out string defaultWorkingDirectoryRepoAlias)) { var defaultWorkingDirectoryRepo = Repositories.Find(r => String.Equals(r.Alias, defaultWorkingDirectoryRepoAlias, StringComparison.OrdinalIgnoreCase)); if (defaultWorkingDirectoryRepo != null) { defaultWorkingDirectoryRepo.Properties.Set(RepositoryUtil.IsDefaultWorkingDirectoryRepository, true); JobSettings[WellKnownJobSettings.DefaultWorkingDirectoryRepository] = defaultWorkingDirectoryRepoAlias; Trace.Info($"Will set the path of the following repository to be the System.DefaultWorkingDirectory: {defaultWorkingDirectoryRepoAlias}"); } } } // Variables (constructor performs initial recursive expansion) List warnings; Variables = new Variables(HostContext, message.Variables, out warnings); Variables.StringTranslator = TranslatePathForStepTarget; if (Variables.GetBoolean("agent.useWorkspaceId") == true) { try { // We need an identifier that represents which repos make up the workspace. // This allows similar jobs in the same definition to reuse that workspace and other jobs to have their own. JobSettings[WellKnownJobSettings.WorkspaceIdentifier] = GetWorkspaceIdentifier(message); } catch (Exception ex) { Trace.Warning($"Unable to generate workspace ID: {ex.Message}"); Trace.Warning(ex.ToString()); } } // Prepend Path PrependPath = new List(); var minSecretLen = AgentKnobs.MaskedSecretMinLength.GetValue(this).AsInt(); HostContext.SecretMasker.MinSecretLength = minSecretLen; if (HostContext.SecretMasker.MinSecretLength < minSecretLen) { warnings.Add(StringUtil.Loc("MinSecretsLengtLimitWarning", HostContext.SecretMasker.MinSecretLength)); } HostContext.SecretMasker.RemoveShortSecretsFromDictionary(); // Docker (JobContainer) string imageName = Variables.Get("_PREVIEW_VSTS_DOCKER_IMAGE"); if (string.IsNullOrEmpty(imageName)) { imageName = Environment.GetEnvironmentVariable("_PREVIEW_VSTS_DOCKER_IMAGE"); } Containers = new List(); _defaultStepTarget = null; _currentStepTarget = null; if (!string.IsNullOrEmpty(imageName) && string.IsNullOrEmpty(message.JobContainer)) { var dockerContainer = new Pipelines.ContainerResource() { Alias = "vsts_container_preview" }; dockerContainer.Properties.Set("image", imageName); var defaultJobContainer = HostContext.CreateContainerInfo(dockerContainer); _defaultStepTarget = defaultJobContainer; Containers.Add(defaultJobContainer); } else if (!string.IsNullOrEmpty(message.JobContainer)) { var defaultJobContainer = HostContext.CreateContainerInfo(message.Resources.Containers.Single(x => string.Equals(x.Alias, message.JobContainer, StringComparison.OrdinalIgnoreCase))); _defaultStepTarget = defaultJobContainer; Containers.Add(defaultJobContainer); } else { _defaultStepTarget = new HostInfo(); } // Include other step containers var sidecarContainers = new HashSet(message.JobSidecarContainers.Values, StringComparer.OrdinalIgnoreCase); foreach (var container in message.Resources.Containers.Where(x => !string.Equals(x.Alias, message.JobContainer, StringComparison.OrdinalIgnoreCase) && !sidecarContainers.Contains(x.Alias))) { Containers.Add(HostContext.CreateContainerInfo(container)); } // Docker (Sidecar Containers) SidecarContainers = new List(); foreach (var sidecar in message.JobSidecarContainers) { var networkAlias = sidecar.Key; var containerResourceAlias = sidecar.Value; var containerResource = message.Resources.Containers.Single(c => string.Equals(c.Alias, containerResourceAlias, StringComparison.OrdinalIgnoreCase)); ContainerInfo containerInfo = HostContext.CreateContainerInfo(containerResource, isJobContainer: false); containerInfo.ContainerNetworkAlias = networkAlias; SidecarContainers.Add(containerInfo); } // Proxy variables var agentWebProxy = HostContext.GetService(); if (!string.IsNullOrEmpty(agentWebProxy.ProxyAddress)) { Variables.Set(Constants.Variables.Agent.ProxyUrl, agentWebProxy.ProxyAddress); Environment.SetEnvironmentVariable("VSTS_HTTP_PROXY", string.Empty); if (!string.IsNullOrEmpty(agentWebProxy.ProxyUsername)) { Variables.Set(Constants.Variables.Agent.ProxyUsername, agentWebProxy.ProxyUsername); Environment.SetEnvironmentVariable("VSTS_HTTP_PROXY_USERNAME", string.Empty); } if (!string.IsNullOrEmpty(agentWebProxy.ProxyPassword)) { Variables.Set(Constants.Variables.Agent.ProxyPassword, agentWebProxy.ProxyPassword, true); Environment.SetEnvironmentVariable("VSTS_HTTP_PROXY_PASSWORD", string.Empty); } if (agentWebProxy.ProxyBypassList.Count > 0) { Variables.Set(Constants.Variables.Agent.ProxyBypassList, JsonUtility.ToString(agentWebProxy.ProxyBypassList)); } // Set UseBasicAuthForProxy flag Variables.Set(Constants.Variables.Agent.UseBasicAuthForProxy, agentWebProxy.UseBasicAuthForProxy.ToString()); } // Certificate variables var agentCert = HostContext.GetService(); if (agentCert.SkipServerCertificateValidation) { Variables.Set(Constants.Variables.Agent.SslSkipCertValidation, bool.TrueString); } if (!string.IsNullOrEmpty(agentCert.CACertificateFile)) { Variables.Set(Constants.Variables.Agent.SslCAInfo, agentCert.CACertificateFile); } if (!string.IsNullOrEmpty(agentCert.ClientCertificateFile) && !string.IsNullOrEmpty(agentCert.ClientCertificatePrivateKeyFile) && !string.IsNullOrEmpty(agentCert.ClientCertificateArchiveFile)) { Variables.Set(Constants.Variables.Agent.SslClientCert, agentCert.ClientCertificateFile); Variables.Set(Constants.Variables.Agent.SslClientCertKey, agentCert.ClientCertificatePrivateKeyFile); Variables.Set(Constants.Variables.Agent.SslClientCertArchive, agentCert.ClientCertificateArchiveFile); if (!string.IsNullOrEmpty(agentCert.ClientCertificatePassword)) { Variables.Set(Constants.Variables.Agent.SslClientCertPassword, agentCert.ClientCertificatePassword, true); } } // Runtime option variables var runtimeOptions = HostContext.GetService().GetAgentRuntimeOptions(); if (runtimeOptions != null) { if (PlatformUtil.RunningOnWindows && runtimeOptions.GitUseSecureChannel) { Variables.Set(Constants.Variables.Agent.GitUseSChannel, runtimeOptions.GitUseSecureChannel.ToString()); } } // Job timeline record. InitializeTimelineRecord( timelineId: message.Timeline.Id, timelineRecordId: message.JobId, parentTimelineRecordId: null, recordType: ExecutionContextType.Job, displayName: message.JobDisplayName, refName: message.JobName, order: null); // The job timeline record's order is set by server. // Logger (must be initialized before writing warnings). _logger = HostContext.CreateService(); _logger.Setup(_mainTimelineId, _record.Id); // Log warnings from recursive variable expansion. warnings?.ForEach(x => this.Warning(x)); // Verbosity (from system.debug). WriteDebug = Variables.System_Debug ?? false; // Hook up JobServerQueueThrottling event, we will log warning on server tarpit. _jobServerQueue.JobServerQueueThrottling += JobServerQueueThrottling_EventReceived; } private string GetWorkspaceIdentifier(Pipelines.AgentJobRequestMessage message) { Variables.TryGetValue(Constants.Variables.System.CollectionId, out string collectionId); Variables.TryGetValue(Constants.Variables.System.DefinitionId, out string definitionId); var repoTrackingInfos = message.Resources.Repositories.Select(repo => new Build.RepositoryTrackingInfo(repo, "/")).ToList(); var workspaceIdentifier = Build.TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, repoTrackingInfos); Trace.Info($"WorkspaceIdentifier '{workspaceIdentifier}' created for repos {String.Join(',', repoTrackingInfos)}"); return workspaceIdentifier; } // Do not add a format string overload. In general, execution context messages are user facing and // therefore should be localized. Use the Loc methods from the StringUtil class. The exception to // the rule is command messages - which should be crafted using strongly typed wrapper methods. public long Write(string tag, string inputMessage, bool canMaskSecrets = true) { string message = canMaskSecrets ? HostContext.SecretMasker.MaskSecrets($"{tag}{inputMessage}") : inputMessage; long totalLines; lock (_loggerLock) { totalLines = _logger.TotalLines + 1; if (_logsStreamingOptions.HasFlag(LogsStreamingOptions.StreamToServer)) { _logger.Write(message); } if (_logsStreamingOptions.HasFlag(LogsStreamingOptions.StreamToFiles)) { //Add date time stamp to log line _buildLogsWriter.WriteLine("{0:O} {1}", DateTime.UtcNow, message); } } if (_logsStreamingOptions.HasFlag(LogsStreamingOptions.StreamToServer)) { // write to job level execution context's log file. if (_parentExecutionContext is ExecutionContext parentContext) { lock (parentContext._loggerLock) { parentContext._logger.Write(message); } } _jobServerQueue.QueueWebConsoleLine(_record.Id, message, totalLines); } // write to plugin daemon, if (_outputForward) { if (_logPlugin == null) { _logPlugin = HostContext.GetService(); } _logPlugin.Write(_record.Id, message); } return totalLines; } public void QueueAttachFile(string type, string name, string filePath) { ArgUtil.NotNullOrEmpty(type, nameof(type)); ArgUtil.NotNullOrEmpty(name, nameof(name)); ArgUtil.NotNullOrEmpty(filePath, nameof(filePath)); if (!File.Exists(filePath)) { throw new FileNotFoundException(StringUtil.Loc("AttachFileNotExist", type, name, filePath)); } _jobServerQueue.QueueFileUpload(_mainTimelineId, _record.Id, type, name, filePath, deleteSource: false); } public ITraceWriter GetTraceWriter() { return Trace; } private void InitializeTimelineRecord(Guid timelineId, Guid timelineRecordId, Guid? parentTimelineRecordId, string recordType, string displayName, string refName, int? order) { _mainTimelineId = timelineId; _record.Id = timelineRecordId; _record.RecordType = recordType; _record.Name = displayName; _record.RefName = refName; _record.Order = order; _record.PercentComplete = 0; _record.State = TimelineRecordState.Pending; _record.ErrorCount = 0; _record.WarningCount = 0; if (parentTimelineRecordId != null && parentTimelineRecordId.Value != Guid.Empty) { _record.ParentId = parentTimelineRecordId; } var configuration = HostContext.GetService(); _record.WorkerName = configuration.GetSettings().AgentName; _record.Variables.Add(TaskWellKnownItems.AgentVersionTimelineVariable, BuildConstants.AgentPackage.Version); if (AgentKnobs.EnableImmediateTimelineRecordUpdates.GetValue(this).AsBoolean()) { //update the state immediately on server _jobServerQueue.UpdateStateOnServer(_mainTimelineId, _record); } else { _jobServerQueue.QueueTimelineRecordUpdate(_mainTimelineId, _record); } } private void JobServerQueueThrottling_EventReceived(object sender, ThrottlingEventArgs data) { Interlocked.Add(ref _totalThrottlingDelayInMilliseconds, Convert.ToInt64(data.Delay.TotalMilliseconds)); if (!_throttlingReported) { this.Warning(StringUtil.Loc("ServerTarpit")); if (!String.IsNullOrEmpty(this.Variables.System_TFCollectionUrl)) { // Construct a URL to the resource utilization page, to aid the user debug throttling issues UriBuilder uriBuilder = new UriBuilder(Variables.System_TFCollectionUrl); NameValueCollection query = HttpUtility.ParseQueryString(uriBuilder.Query); DateTime endTime = DateTime.UtcNow; string queryDate = endTime.AddHours(-1).ToString("s") + "," + endTime.ToString("s"); uriBuilder.Path += (Variables.System_TFCollectionUrl.EndsWith("/") ? "" : "/") + "_usersSettings/usage"; query["tab"] = "pipelines"; query["queryDate"] = queryDate; // Global RU link uriBuilder.Query = query.ToString(); string global = StringUtil.Loc("ServerTarpitUrl", uriBuilder.ToString()); if (!String.IsNullOrEmpty(this.Variables.Build_DefinitionName)) { query["keywords"] = this.Variables.Build_Number; query["definition"] = this.Variables.Build_DefinitionName; } else if (!String.IsNullOrEmpty(this.Variables.Release_ReleaseName)) { query["keywords"] = this.Variables.Release_ReleaseId; query["definition"] = this.Variables.Release_ReleaseName; } // RU link scoped for the build/release uriBuilder.Query = query.ToString(); this.Warning($"{global}\n{StringUtil.Loc("ServerTarpitUrlScoped", uriBuilder.ToString())}"); } _throttlingReported = true; } } public string TranslateToHostPath(string path) { var stepTarget = StepTarget(); if (stepTarget != null) { return stepTarget.TranslateToHostPath(path); } return path; } public string TranslatePathForStepTarget(string val) { var stepTarget = StepTarget(); var isCheckoutType = Convert.ToBoolean(this.Variables.Get(Constants.Variables.Task.SkipTranslatorForCheckout, true)); if (stepTarget == null || (isCheckoutType && (_currentStepTarget == null || stepTarget is HostInfo))) { return val; } return stepTarget.TranslateContainerPathForImageOS(PlatformUtil.HostOS, stepTarget.TranslateToContainerPath(val)); } public ExecutionTargetInfo StepTarget() { if (_currentStepTarget != null) { return _currentStepTarget; } return _defaultStepTarget; } public void SetStepTarget(Pipelines.StepTarget target) { // When step targets are set, we need to take over control for translating paths // from the job execution context Variables.StringTranslator = TranslatePathForStepTarget; if (string.Equals(WellKnownStepTargetStrings.Host, target?.Target, StringComparison.OrdinalIgnoreCase)) { _currentStepTarget = new HostInfo(); } else { _currentStepTarget = Containers.FirstOrDefault(x => string.Equals(x.ContainerName, target?.Target, StringComparison.OrdinalIgnoreCase)); } } public string GetVariableValueOrDefault(string variableName) { string value = null; Variables.TryGetValue(variableName, out value); return value; } public IScopedEnvironment GetScopedEnvironment() { return new SystemEnvironment(); } public void ReInitializeForceCompleted() { this._forceCompleted = new TaskCompletionSource(); this._forceCompleteCancellationTokenSource = new CancellationTokenSource(); } public void EmitHostNode20FallbackTelemetry(bool node20ResultsInGlibCErrorHost) { if (!emittedHostNode20FallbackTelemetry) { PublishTelemetry(new Dictionary { { "HostNode20to16Fallback", node20ResultsInGlibCErrorHost.ToString() } }); emittedHostNode20FallbackTelemetry = true; } } public void EmitHostNode24FallbackTelemetry(bool node24ResultsInGlibCErrorHost) { if (!emittedHostNode24FallbackTelemetry) { PublishTelemetry(new Dictionary { { "HostNode24to20Fallback", node24ResultsInGlibCErrorHost.ToString() } }); emittedHostNode24FallbackTelemetry = true; } } // This overload is to handle specific types some other way. private void PublishTelemetry( Dictionary telemetryData, string feature = "TaskHandler", bool IsAgentTelemetry = false ) { // JsonConvert.SerializeObject always converts to base object. PublishTelemetry((object)telemetryData, feature, IsAgentTelemetry); } private void PublishTelemetry( object telemetryData, string feature = "TaskHandler", bool IsAgentTelemetry = false ) { var cmd = new Command("telemetry", "publish") { Data = JsonConvert.SerializeObject(telemetryData, Formatting.None) }; cmd.Properties.Add("area", "PipelinesTasks"); cmd.Properties.Add("feature", feature); var publishTelemetryCmd = new TelemetryCommandExtension(IsAgentTelemetry); publishTelemetryCmd.Initialize(HostContext); publishTelemetryCmd.ProcessCommand(this, cmd); } public void PublishTaskRunnerTelemetry(Dictionary taskRunnerData) { PublishTelemetry(taskRunnerData, IsAgentTelemetry: true); } // Correlation context methods for enhanced tracing public void SetCorrelationStep(string stepId) { _correlationStep.Value = stepId; } public void ClearCorrelationStep() { _correlationStep.Value = null; } public void SetCorrelationTask(string taskId) { _correlationTask.Value = taskId; } public void ClearCorrelationTask() { _correlationTask.Value = null; } public string BuildCorrelationId() { var step = _correlationStep.Value; var task = _correlationTask.Value; if (string.IsNullOrEmpty(step)) { return string.IsNullOrEmpty(task) ? string.Empty : $"TASK-{ShortenGuid(task)}"; } return string.IsNullOrEmpty(task) ? $"STEP-{ShortenGuid(step)}" : $"STEP-{ShortenGuid(step)}|TASK-{ShortenGuid(task)}"; } /// /// Shorten a GUID to first 12 characters for more readable logs while maintaining uniqueness /// private static string ShortenGuid(string guid) { if (string.IsNullOrEmpty(guid)) return guid; // Use first 12 characters total: 8 from first segment + 4 from second segment // This ensures consistent output length regardless of input length // e.g., "verylongstring-1234..." becomes "verylong1234" (12 chars) // e.g., "60cf5508-70a7-..." becomes "60cf550870a7" (12 chars) var parts = guid.Split('-'); if (parts.Length >= 2 && parts[0].Length >= 8 && parts[1].Length >= 4) { return parts[0].Substring(0, 8) + parts[1].Substring(0, 4); } // Fallback: remove hyphens and take first 12 chars var cleaned = guid.Replace("-", ""); return cleaned.Length > 12 ? cleaned.Substring(0, 12) : cleaned; } public void Dispose() { // Clear the correlation context registration HostContext.CorrelationContextManager.ClearCurrentExecutionContext(); _cancellationTokenSource?.Dispose(); _forceCompleteCancellationTokenSource?.Dispose(); _buildLogsWriter?.Dispose(); _buildLogsWriter = null; _buildLogsData?.Dispose(); _buildLogsData = null; } [Flags] private enum LogsStreamingOptions { None = 0, StreamToServer = 1, StreamToFiles = 2, StreamToServerAndFiles = StreamToServer | StreamToFiles } } // The Error/Warning/etc methods are created as extension methods to simplify unit testing. // Otherwise individual overloads would need to be implemented (depending on the unit test). public static class ExecutionContextExtension { public static void Error(this IExecutionContext context, Exception ex) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(ex, nameof(ex)); context.Error(ex.Message, new Dictionary { { TaskWellKnownItems.IssueSourceProperty, Constants.TaskInternalIssueSource } }); context.Debug(ex.ToString()); } // Do not add a format string overload. See comment on ExecutionContext.Write(). public static void Error(this IExecutionContext context, string message) { ArgUtil.NotNull(context, nameof(context)); context.AddIssue(new Issue() { Type = IssueType.Error, Message = message }); } public static void Error(this IExecutionContext context, string message, Dictionary properties) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(properties, nameof(properties)); var issue = new Issue() { Type = IssueType.Error, Message = message }; foreach (var property in properties.Keys) { issue.Data[property] = properties[property]; } context.AddIssue(issue); } // Do not add a format string overload. See comment on ExecutionContext.Write(). public static void Warning(this IExecutionContext context, string message) { ArgUtil.NotNull(context, nameof(context)); context.AddIssue(new Issue() { Type = IssueType.Warning, Message = message }); } // Do not add a format string overload. See comment on ExecutionContext.Write(). public static void Output(this IExecutionContext context, string message, bool canMaskSecrets = true) { ArgUtil.NotNull(context, nameof(context)); context.Write(null, message, canMaskSecrets); } // Do not add a format string overload. See comment on ExecutionContext.Write(). public static void Command(this IExecutionContext context, string message) { ArgUtil.NotNull(context, nameof(context)); context.Write(WellKnownTags.Command, message); } // Do not add a format string overload. See comment on ExecutionContext.Write(). public static void Section(this IExecutionContext context, string message) { ArgUtil.NotNull(context, nameof(context)); context.Write(WellKnownTags.Section, message); } // // Verbose output is enabled by setting System.Debug // It's meant to help the end user debug their definitions. // Why are my inputs not working? It's not meant for dev debugging which is diag // // Do not add a format string overload. See comment on ExecutionContext.Write(). public static void Debug(this IExecutionContext context, string message) { ArgUtil.NotNull(context, nameof(context)); if (context.WriteDebug) { context.Write(WellKnownTags.Debug, message); } } } public static class WellKnownTags { public static readonly string Section = "##[section]"; public static readonly string Command = "##[command]"; public static readonly string Error = "##[error]"; public static readonly string Warning = "##[warning]"; public static readonly string Debug = "##[debug]"; } public static class WellKnownStepTargetStrings { public static readonly string Host = "host"; public static readonly string Restricted = "restricted"; } } ================================================ FILE: src/Agent.Worker/ExpressionManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.Expressions; using Microsoft.TeamFoundation.DistributedTask.Logging; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections; using System.Collections.Generic; using System.Text; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(ExpressionManager))] public interface IExpressionManager : IAgentService { IExpressionNode Parse(IExecutionContext context, string condition); ConditionResult Evaluate(IExecutionContext context, IExpressionNode tree, bool hostTracingOnly = false); } public sealed class ExpressionManager : AgentService, IExpressionManager { public static IExpressionNode Always = new AlwaysNode(); public static IExpressionNode Succeeded = new SucceededNode(); public static IExpressionNode SucceededOrFailed = new SucceededOrFailedNode(); public IExpressionNode Parse(IExecutionContext executionContext, string condition) { ArgUtil.NotNull(executionContext, nameof(executionContext)); var expressionTrace = new TraceWriter(Trace, executionContext); var parser = new ExpressionParser(); var namedValues = new INamedValueInfo[] { new NamedValueInfo(name: Constants.Expressions.Variables), }; var functions = new IFunctionInfo[] { new FunctionInfo(name: Constants.Expressions.Always, minParameters: 0, maxParameters: 0), new FunctionInfo(name: Constants.Expressions.Canceled, minParameters: 0, maxParameters: 0), new FunctionInfo(name: Constants.Expressions.Failed, minParameters: 0, maxParameters: 0), new FunctionInfo(name: Constants.Expressions.Succeeded, minParameters: 0, maxParameters: 0), new FunctionInfo(name: Constants.Expressions.SucceededOrFailed, minParameters: 0, maxParameters: 0), }; return parser.CreateTree(condition, expressionTrace, namedValues, functions) ?? new SucceededNode(); } public ConditionResult Evaluate(IExecutionContext executionContext, IExpressionNode tree, bool hostTracingOnly = false) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(tree, nameof(tree)); ConditionResult result = new ConditionResult(); var expressionTrace = new TraceWriter(Trace, hostTracingOnly ? null : executionContext); // NOTE: When the non-legacy secret masker is enabled via feature // flag, this conversion will fail and we will pass null here. This // is deliberate and OK because the trace that we pass will handle // secret masking as will upstream exception handlers. var secretMasker = HostContext.SecretMasker as ISecretMasker; result.Value = tree.Evaluate(trace: expressionTrace, secretMasker, state: executionContext); result.Trace = expressionTrace.Trace; return result; } private sealed class TraceWriter : ITraceWriter { private readonly IExecutionContext _executionContext; private readonly Tracing _trace; private readonly StringBuilder _traceBuilder = new StringBuilder(); public string Trace => _traceBuilder.ToString(); bool ITraceWriter.VerboseTracing => false; public TraceWriter(Tracing trace, IExecutionContext executionContext) { ArgUtil.NotNull(trace, nameof(trace)); _trace = trace; _executionContext = executionContext; } public void Info(string message) { _trace.Info(message); _executionContext?.Debug(message); _traceBuilder.AppendLine(message); } public void Verbose(string message) { _trace.Verbose(message); _executionContext?.Debug(message); } } private sealed class AlwaysNode : FunctionNode { protected override Object EvaluateCore(EvaluationContext context) { return true; } } private sealed class CanceledNode : FunctionNode { protected sealed override object EvaluateCore(EvaluationContext evaluationContext) { var executionContext = evaluationContext.State as IExecutionContext; ArgUtil.NotNull(executionContext, nameof(executionContext)); TaskResult jobStatus = executionContext.Variables.Agent_JobStatus ?? TaskResult.Succeeded; return jobStatus == TaskResult.Canceled; } } private sealed class FailedNode : FunctionNode { protected sealed override object EvaluateCore(EvaluationContext evaluationContext) { var executionContext = evaluationContext.State as IExecutionContext; ArgUtil.NotNull(executionContext, nameof(executionContext)); TaskResult jobStatus = executionContext.Variables.Agent_JobStatus ?? TaskResult.Succeeded; return jobStatus == TaskResult.Failed; } } private sealed class SucceededNode : FunctionNode { protected sealed override object EvaluateCore(EvaluationContext evaluationContext) { var executionContext = evaluationContext.State as IExecutionContext; ArgUtil.NotNull(executionContext, nameof(executionContext)); TaskResult jobStatus = executionContext.Variables.Agent_JobStatus ?? TaskResult.Succeeded; return jobStatus == TaskResult.Succeeded || jobStatus == TaskResult.SucceededWithIssues; } } private sealed class SucceededOrFailedNode : FunctionNode { protected sealed override object EvaluateCore(EvaluationContext evaluationContext) { var executionContext = evaluationContext.State as IExecutionContext; ArgUtil.NotNull(executionContext, nameof(executionContext)); TaskResult jobStatus = executionContext.Variables.Agent_JobStatus ?? TaskResult.Succeeded; return jobStatus == TaskResult.Succeeded || jobStatus == TaskResult.SucceededWithIssues || jobStatus == TaskResult.Failed; } } private sealed class VariablesNode : NamedValueNode { protected sealed override object EvaluateCore(EvaluationContext evaluationContext) { var jobContext = evaluationContext.State as IExecutionContext; ArgUtil.NotNull(jobContext, nameof(jobContext)); return new VariablesDictionary(jobContext.Variables); } } private sealed class VariablesDictionary : IReadOnlyDictionary { private readonly Variables _variables; public VariablesDictionary(Variables variables) { _variables = variables; } // IReadOnlyDictionary members public object this[string key] => _variables.Get(key); public IEnumerable Keys => throw new NotSupportedException(); public IEnumerable Values => throw new NotSupportedException(); public bool ContainsKey(string key) { string val; return _variables.TryGetValue(key, out val); } public bool TryGetValue(string key, out object value) { string s; bool found = _variables.TryGetValue(key, out s); value = s; return found; } // IReadOnlyCollection> members public int Count => throw new NotSupportedException(); // IEnumerable> members IEnumerator> IEnumerable>.GetEnumerator() => throw new NotSupportedException(); // IEnumerable members IEnumerator IEnumerable.GetEnumerator() => throw new NotSupportedException(); } } public class ConditionResult { public ConditionResult(bool value = false, string trace = null) { this.Value = value; this.Trace = trace; } public bool Value { get; set; } public string Trace { get; set; } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2225: Operator overloads have named")] public static implicit operator ConditionResult(bool value) { return new ConditionResult(value); } } } ================================================ FILE: src/Agent.Worker/GitManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.IO.Compression; using System.Net.Http; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(GitManager))] public interface IGitManager : IAgentService { Task DownloadAsync(IExecutionContext executionContext, string version = GitManager.defaultGitVersion); } public class GitManager : AgentService, IGitManager { private const int timeout = 180; private const int defaultFileStreamBufferSize = 4096; private const int retryDelay = 10000; private const int retryLimit = 3; public const string defaultGitVersion = "2.39.4"; public async Task DownloadAsync(IExecutionContext executionContext, string version = defaultGitVersion) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNullOrEmpty(version, nameof(version)); Uri gitUrl = GitStore.GetDownloadUrl(version); var gitFileName = gitUrl.Segments[^1]; var externalsFolder = HostContext.GetDirectory(WellKnownDirectory.Externals); var gitExternalsPath = Path.Combine(externalsFolder, $"git-{version}"); var gitPath = Path.Combine(gitExternalsPath, gitFileName); if (File.Exists(gitPath)) { executionContext.Debug($"Git instance {gitFileName} already exists."); return; } var tempDirectory = Path.Combine(externalsFolder, "git_download_temp"); Directory.CreateDirectory(tempDirectory); var downloadGitPath = Path.ChangeExtension(Path.Combine(tempDirectory, gitFileName), ".completed"); if (File.Exists(downloadGitPath)) { executionContext.Debug($"Git intance {version} already downloaded."); return; } Trace.Info($@"Git zip file will be downloaded and saved as ""{downloadGitPath}"""); int retryCount = 0; while (true) { using CancellationTokenSource downloadToken = new(TimeSpan.FromSeconds(timeout)); using var downloadCancellation = CancellationTokenSource.CreateLinkedTokenSource(downloadToken.Token, executionContext.CancellationToken); try { using HttpClient client = new(); using Stream stream = await client.GetStreamAsync(gitUrl); using FileStream fs = new(downloadGitPath, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize: defaultFileStreamBufferSize, useAsync: true); await stream.CopyToAsync(fs); Trace.Info("Finished Git downloading."); await fs.FlushAsync(downloadCancellation.Token); fs.Close(); break; } catch (OperationCanceledException) when (executionContext.CancellationToken.IsCancellationRequested) { Trace.Info("Git download cancelled by user"); throw; } catch (UnauthorizedAccessException uaEx) { Trace.Error($"Access denied writing Git executable to '{downloadGitPath}'"); Trace.Error(uaEx); throw; } catch (Exception ex) { retryCount++; Trace.Info($"Git download failed (attempt {retryCount})"); Trace.Error(ex); if (retryCount >= retryLimit) { Trace.Error($"Failed to download Git after {retryLimit} attempts"); throw; } Trace.Info($"Retry Git download in {retryDelay / 1000} seconds"); await Task.Delay(retryDelay, executionContext.CancellationToken); } } try { ZipFile.ExtractToDirectory(downloadGitPath, gitExternalsPath); File.WriteAllText(downloadGitPath, DateTime.UtcNow.ToString()); Trace.Info("Git has been extracted and cleaned up"); } catch (Exception ex) { Trace.Error(ex); } } } internal class GitStore { private static readonly string baseUrl = "https://vstsagenttools.blob.core.windows.net/tools/mingit"; private static readonly string bit = PlatformUtil.BuiltOnX86 ? "32" : "64"; internal static Uri GetDownloadUrl(string version = GitManager.defaultGitVersion) { return new Uri($"{baseUrl}/{version}/MinGit-{version}-{bit}-bit.zip"); } } } ================================================ FILE: src/Agent.Worker/Handlers/AgentPluginHandler.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System.Threading.Tasks; using System; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { [ServiceLocator(Default = typeof(AgentPluginHandler))] public interface IAgentPluginHandler : IHandler { AgentPluginHandlerData Data { get; set; } } public sealed class AgentPluginHandler : Handler, IAgentPluginHandler { public AgentPluginHandlerData Data { get; set; } public async Task RunAsync() { // Validate args. Trace.Entering(); ArgUtil.NotNull(Data, nameof(Data)); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); ArgUtil.NotNull(Inputs, nameof(Inputs)); ArgUtil.NotNullOrEmpty(Data.Target, nameof(Data.Target)); // Update the env dictionary. AddPrependPathToEnvironment(); // Make sure only particular task get run as agent plugin. var agentPlugin = HostContext.GetService(); var taskPlugins = agentPlugin.GetTaskPlugins(Task.Id); ArgUtil.NotNull(taskPlugins, $"{Task.Name} ({Task.Id}/{Task.Version})"); if (!taskPlugins.Contains(Data.Target)) { throw new NotSupportedException(Data.Target); } var commandManager = HostContext.GetService(); commandManager.EnablePluginInternalCommand(true); try { await agentPlugin.RunPluginTaskAsync(ExecutionContext, Data.Target, Inputs, Environment, RuntimeVariables, OnDataReceived); } finally { commandManager.EnablePluginInternalCommand(false); } } private void OnDataReceived(object sender, ProcessDataReceivedEventArgs e) { // This does not need to be inside of a critical section. // The logging queues and command handlers are thread-safe. if (!CommandManager.TryProcessCommand(ExecutionContext, e.Data)) { ExecutionContext.Output(e.Data); } } } } ================================================ FILE: src/Agent.Worker/Handlers/Handler.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Threading.Tasks; using System.Linq; using System.IO; using Microsoft.VisualStudio.Services.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Newtonsoft.Json; using System.Runtime.Versioning; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { public interface IHandler : IAgentService { List Endpoints { get; set; } Dictionary Environment { get; set; } IExecutionContext ExecutionContext { get; set; } Variables RuntimeVariables { get; set; } IStepHost StepHost { get; set; } Dictionary Inputs { get; set; } List SecureFiles { get; set; } string TaskDirectory { get; set; } Pipelines.TaskStepDefinitionReference Task { get; set; } Task RunAsync(); void AfterExecutionContextInitialized(); } public abstract class Handler : AgentService { // On Windows, the maximum supported size of a environment variable value is 32k. // You can set environment variables greater then 32K, but Node won't be able to read them. private const int _windowsEnvironmentVariableMaximumSize = 32766; protected bool _continueAfterCancelProcessTreeKillAttempt; protected IWorkerCommandManager CommandManager { get; private set; } public List Endpoints { get; set; } public Dictionary Environment { get; set; } public Variables RuntimeVariables { get; set; } public IExecutionContext ExecutionContext { get; set; } public IStepHost StepHost { get; set; } public Dictionary Inputs { get; set; } public List SecureFiles { get; set; } public string TaskDirectory { get; set; } public Pipelines.TaskStepDefinitionReference Task { get; set; } public override void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); CommandManager = hostContext.GetService(); } public void AfterExecutionContextInitialized() { _continueAfterCancelProcessTreeKillAttempt = AgentKnobs.ContinueAfterCancelProcessTreeKillAttempt.GetValue(ExecutionContext).AsBoolean(); Trace.Info($"Handler.AfterExecutionContextInitialized _continueAfterCancelProcessTreeKillAttempt = {_continueAfterCancelProcessTreeKillAttempt}"); } protected void AddEndpointsToEnvironment() { Trace.Entering(); ArgUtil.NotNull(Endpoints, nameof(Endpoints)); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); ArgUtil.NotNull(ExecutionContext.Endpoints, nameof(ExecutionContext.Endpoints)); List endpoints = Endpoints; // Add the endpoints to the environment variable dictionary. foreach (ServiceEndpoint endpoint in endpoints) { ArgUtil.NotNull(endpoint, nameof(endpoint)); string partialKey = null; if (endpoint.Id != Guid.Empty) { partialKey = endpoint.Id.ToString(); } else if (string.Equals(endpoint.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)) { partialKey = WellKnownServiceEndpointNames.SystemVssConnection.ToUpperInvariant(); } else if (endpoint.Data == null || !endpoint.Data.TryGetValue(EndpointData.RepositoryId, out partialKey) || string.IsNullOrEmpty(partialKey)) { continue; // This should never happen. } AddEnvironmentVariable( key: $"ENDPOINT_URL_{partialKey}", value: endpoint.Url?.ToString()); AddEnvironmentVariable( key: $"ENDPOINT_AUTH_{partialKey}", // Note, JsonUtility.ToString will not null ref if the auth object is null. value: JsonUtility.ToString(endpoint.Authorization)); if (endpoint.Authorization != null && endpoint.Authorization.Scheme != null) { AddEnvironmentVariable( key: $"ENDPOINT_AUTH_SCHEME_{partialKey}", value: endpoint.Authorization.Scheme); foreach (KeyValuePair pair in endpoint.Authorization.Parameters) { AddEnvironmentVariable( key: $"ENDPOINT_AUTH_PARAMETER_{partialKey}_{VarUtil.ConvertToEnvVariableFormat(pair.Key, preserveCase: false)}", value: pair.Value); } } if (endpoint.Id != Guid.Empty) { AddEnvironmentVariable( key: $"ENDPOINT_DATA_{partialKey}", // Note, JsonUtility.ToString will not null ref if the data object is null. value: JsonUtility.ToString(endpoint.Data)); if (endpoint.Data != null) { foreach (KeyValuePair pair in endpoint.Data) { AddEnvironmentVariable( key: $"ENDPOINT_DATA_{partialKey}_{VarUtil.ConvertToEnvVariableFormat(pair.Key, preserveCase: false)}", value: pair.Value); } } } } } protected void AddSecureFilesToEnvironment() { Trace.Entering(); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); ArgUtil.NotNull(SecureFiles, nameof(SecureFiles)); List secureFiles = SecureFiles; // Add the secure files to the environment variable dictionary. foreach (SecureFile secureFile in secureFiles) { if (secureFile != null && secureFile.Id != Guid.Empty) { string partialKey = secureFile.Id.ToString(); AddEnvironmentVariable( key: $"SECUREFILE_NAME_{partialKey}", value: secureFile.Name); AddEnvironmentVariable( key: $"SECUREFILE_TICKET_{partialKey}", value: secureFile.Ticket); } } } protected void AddInputsToEnvironment() { // Validate args. Trace.Entering(); ArgUtil.NotNull(Inputs, nameof(Inputs)); // Add the inputs to the environment variable dictionary. foreach (KeyValuePair pair in Inputs) { AddEnvironmentVariable( key: $"INPUT_{VarUtil.ConvertToEnvVariableFormat(pair.Key, preserveCase: false)}", value: pair.Value); } } protected void AddVariablesToEnvironment(bool excludeNames = false, bool excludeSecrets = false) { // Validate args. Trace.Entering(); ArgUtil.NotNull(Environment, nameof(Environment)); ArgUtil.NotNull(RuntimeVariables, nameof(RuntimeVariables)); // Add the public variables. var names = new List(); foreach (Variable variable in RuntimeVariables.Public) { // Add "agent.jobstatus" using the unformatted name and formatted name. if (string.Equals(variable.Name, Constants.Variables.Agent.JobStatus, StringComparison.OrdinalIgnoreCase)) { AddEnvironmentVariable(variable.Name, variable.Value); } // Add the variable using the formatted name. string formattedName = VarUtil.ConvertToEnvVariableFormat(variable.Name, variable.PreserveCase); AddEnvironmentVariable(formattedName, variable.Value); // Store the name. names.Add(variable.Name ?? string.Empty); } // Add the public variable names. if (!excludeNames) { AddEnvironmentVariable("VSTS_PUBLIC_VARIABLES", JsonUtility.ToString(names)); } if (!excludeSecrets) { // Add the secret variables. var secretNames = new List(); foreach (Variable variable in RuntimeVariables.Private) { // Add the variable using the formatted name. string formattedName = VarUtil.ConvertToEnvVariableFormat(variable.Name, variable.PreserveCase); AddEnvironmentVariable($"SECRET_{formattedName}", variable.Value); // Store the name. secretNames.Add(variable.Name ?? string.Empty); } // Add the secret variable names. if (!excludeNames) { AddEnvironmentVariable("VSTS_SECRET_VARIABLES", JsonUtility.ToString(secretNames)); } } } protected void AddEnvironmentVariable(string key, string value) { ArgUtil.NotNullOrEmpty(key, nameof(key)); Trace.Verbose($"Setting env '{key}' to '{value}'."); Environment[key] = value ?? string.Empty; if (PlatformUtil.RunningOnWindows && Environment[key].Length > _windowsEnvironmentVariableMaximumSize) { ExecutionContext.Warning(StringUtil.Loc("EnvironmentVariableExceedsMaximumLength", key, value.Length, _windowsEnvironmentVariableMaximumSize)); } } protected void AddTaskVariablesToEnvironment() { // Validate args. Trace.Entering(); ArgUtil.NotNull(ExecutionContext.TaskVariables, nameof(ExecutionContext.TaskVariables)); foreach (Variable variable in ExecutionContext.TaskVariables.Public) { // Add the variable using the formatted name. string formattedKey = VarUtil.ConvertToEnvVariableFormat(variable.Name, variable.PreserveCase); AddEnvironmentVariable($"VSTS_TASKVARIABLE_{formattedKey}", variable.Value); } foreach (Variable variable in ExecutionContext.TaskVariables.Private) { // Add the variable using the formatted name. string formattedKey = VarUtil.ConvertToEnvVariableFormat(variable.Name, variable.PreserveCase); AddEnvironmentVariable($"VSTS_TASKVARIABLE_{formattedKey}", variable.Value); } } protected void AddPrependPathToEnvironment() { // Validate args. Trace.Entering(); ArgUtil.NotNull(ExecutionContext.PrependPath, nameof(ExecutionContext.PrependPath)); if (ExecutionContext.PrependPath.Count == 0) { return; } // Prepend path. var containerStepHost = StepHost as ContainerStepHost; if (containerStepHost != null) { List prepend = new List(); foreach (var path in ExecutionContext.PrependPath) { prepend.Add(ExecutionContext.TranslatePathForStepTarget(path)); } containerStepHost.PrependPath = string.Join(Path.PathSeparator.ToString(), prepend.Reverse()); // Set docker exec diagnostics feature flag from ExecutionContext containerStepHost.EnableDockerExecDiagnostics = AgentKnobs.EnableDockerExecDiagnostics.GetValue(ExecutionContext).AsBoolean(); } else { string prepend = string.Join(Path.PathSeparator.ToString(), ExecutionContext.PrependPath.Reverse()); string taskEnvPATH; Environment.TryGetValue(Constants.PathVariable, out taskEnvPATH); string originalPath = RuntimeVariables.Get(Constants.PathVariable) ?? // Prefer a job variable. taskEnvPATH ?? // Then a task-environment variable. System.Environment.GetEnvironmentVariable(Constants.PathVariable) ?? // Then an environment variable. string.Empty; string newPath = PathUtil.PrependPath(prepend, originalPath); AddEnvironmentVariable(Constants.PathVariable, newPath); } } [SupportedOSPlatform("windows")] protected bool PsModulePathContainsPowershellCoreLocations() { bool checkLocationsKnob = AgentKnobs.CheckPsModulesLocations.GetValue(ExecutionContext).AsBoolean(); bool isPwshCore = Inputs.TryGetValue("pwsh", out string pwsh) && StringUtil.ConvertToBoolean(pwsh); if (!PlatformUtil.RunningOnWindows || !checkLocationsKnob || isPwshCore) { return false; } const string PSModulePath = nameof(PSModulePath); bool localVariableExists = Environment.TryGetValue(PSModulePath, out string localVariable); bool localVariableContainsPwshLocations = PsModulePathUtil.ContainsPowershellCoreLocations(localVariable); // Special case when the env variable is set for local process environment // for example by vso command in a preceding pipeline step if (localVariableExists && !localVariableContainsPwshLocations) { return false; } string systemVariable = System.Environment.GetEnvironmentVariable(PSModulePath); bool systemVariableContainsPwshLocations = PsModulePathUtil.ContainsPowershellCoreLocations(systemVariable); return localVariableContainsPwshLocations || systemVariableContainsPwshLocations; } [SupportedOSPlatform("windows")] protected void RemovePSModulePathFromEnvironment() { if (PlatformUtil.RunningOnWindows == false || AgentKnobs.CleanupPSModules.GetValue(ExecutionContext).AsBoolean() == false) { return; } try { if (WindowsProcessUtil.IsAgentRunningInPowerShellCore()) { AddEnvironmentVariable("PSModulePath", ""); Trace.Info("PSModulePath is removed from environment since agent is running on Windows and in PowerShell."); } } catch (Exception ex) { Trace.Error(ex.Message); var telemetry = new Dictionary() { ["ParentProcessFinderError"] = StringUtil.Loc("ParentProcessFinderError") }; PublishTelemetry(telemetry); ExecutionContext.Error(StringUtil.Loc("ParentProcessFinderError")); } } // This overload is to handle specific types some other way. protected void PublishTelemetry( Dictionary telemetryData, string feature = "TaskHandler" ) { // JsonConvert.SerializeObject always converts to base object. PublishTelemetry((object)telemetryData, feature); } private void PublishTelemetry( object telemetryData, string feature = "TaskHandler" ) { ArgUtil.NotNull(Task, nameof(Task)); var cmd = new Command("telemetry", "publish") { Data = JsonConvert.SerializeObject(telemetryData, Formatting.None) }; cmd.Properties.Add("area", "PipelinesTasks"); cmd.Properties.Add("feature", feature); var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(HostContext); publishTelemetryCmd.ProcessCommand(ExecutionContext, cmd); } } } ================================================ FILE: src/Agent.Worker/Handlers/HandlerFactory.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using System.IO; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { [ServiceLocator(Default = typeof(HandlerFactory))] public interface IHandlerFactory : IAgentService { IHandler Create( IExecutionContext executionContext, Pipelines.TaskStepDefinitionReference task, IStepHost stepHost, List endpoints, List secureFiles, HandlerData data, Dictionary inputs, Dictionary environment, Variables runtimeVariables, string taskDirectory); } public sealed class HandlerFactory : AgentService, IHandlerFactory { public IHandler Create( IExecutionContext executionContext, Pipelines.TaskStepDefinitionReference task, IStepHost stepHost, List endpoints, List secureFiles, HandlerData data, Dictionary inputs, Dictionary environment, Variables runtimeVariables, string taskDirectory) { // Validate args. Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(stepHost, nameof(stepHost)); ArgUtil.NotNull(endpoints, nameof(endpoints)); ArgUtil.NotNull(secureFiles, nameof(secureFiles)); ArgUtil.NotNull(data, nameof(data)); ArgUtil.NotNull(inputs, nameof(inputs)); ArgUtil.NotNull(environment, nameof(environment)); ArgUtil.NotNull(runtimeVariables, nameof(runtimeVariables)); ArgUtil.NotNull(taskDirectory, nameof(taskDirectory)); // Create the handler. IHandler handler; if (data is BaseNodeHandlerData) { // Node 6 if (data is NodeHandlerData) { bool shouldShowDeprecationWarning = !AgentKnobs.DisableNode6DeprecationWarning.GetValue(executionContext).AsBoolean(); if (shouldShowDeprecationWarning) { var exceptionList = this.getTaskExceptionList(); if (!exceptionList.Contains(task.Id)) { executionContext.Warning(StringUtil.Loc("DeprecatedNode6")); } } } // Node 6 and 10. handler = HostContext.CreateService(); (handler as INodeHandler).Data = data as BaseNodeHandlerData; } else if (data is PowerShell3HandlerData) { #pragma warning disable CA1416 // PowerShell handlers are Windows only // PowerShell3. handler = HostContext.CreateService(); (handler as IPowerShell3Handler).Data = data as PowerShell3HandlerData; #pragma warning restore CA1416 } else if (data is PowerShellExeHandlerData) { #pragma warning disable CA1416 // PowerShell handlers are Windows only // PowerShellExe. handler = HostContext.CreateService(); (handler as IPowerShellExeHandler).Data = data as PowerShellExeHandlerData; #pragma warning restore CA1416 } else if (data is ProcessHandlerData) { // Process. if (AgentKnobs.UseProcessHandlerV2.GetValue(executionContext).AsBoolean()) { Trace.Info("Using ProcessHandlerV2"); handler = HostContext.CreateService(); } else { handler = HostContext.CreateService(); } (handler as IProcessHandler).Data = data as ProcessHandlerData; } else if (data is PowerShellHandlerData) { // PowerShell. handler = HostContext.CreateService(); (handler as IPowerShellHandler).Data = data as PowerShellHandlerData; } else if (data is AzurePowerShellHandlerData) { // AzurePowerShell. handler = HostContext.CreateService(); (handler as IAzurePowerShellHandler).Data = data as AzurePowerShellHandlerData; } else if (data is AgentPluginHandlerData) { // Agent plugin handler = HostContext.CreateService(); (handler as IAgentPluginHandler).Data = data as AgentPluginHandlerData; } else { // This should never happen. throw new NotSupportedException(); } handler.Endpoints = endpoints; handler.Task = task; handler.Environment = environment; handler.RuntimeVariables = runtimeVariables; handler.ExecutionContext = executionContext; handler.StepHost = stepHost; handler.Inputs = inputs; handler.SecureFiles = secureFiles; handler.TaskDirectory = taskDirectory; handler.AfterExecutionContextInitialized(); return handler; } /// /// This method provides a list of in-the-box pipeline tasks for which we don't want to display the warning about the Node6 execution handler. /// /// We need to remove this method - once Node 6 handler is dropped /// List of tasks ID private List getTaskExceptionList() { var exceptionListFile = HostContext.GetConfigFile(WellKnownConfigFile.TaskExceptionList); var exceptionList = new List(); if (File.Exists(exceptionListFile)) { try { exceptionList = IOUtil.LoadObject>(exceptionListFile); } catch (Exception ex) { Trace.Info($"Unable to deserialize exception list {ex}"); exceptionList = new List(); } } return exceptionList; } } } ================================================ FILE: src/Agent.Worker/Handlers/LegacyPowerShellHandler.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text.RegularExpressions; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.WebApi; using System.Xml; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { [ServiceLocator(Default = typeof(AzurePowerShellHandler))] public interface IAzurePowerShellHandler : IHandler { AzurePowerShellHandlerData Data { get; set; } } [ServiceLocator(Default = typeof(PowerShellHandler))] public interface IPowerShellHandler : IHandler { PowerShellHandlerData Data { get; set; } } public sealed class AzurePowerShellHandler : LegacyPowerShellHandler, IAzurePowerShellHandler { private const string _connectedServiceName = "ConnectedServiceName"; private const string _connectedServiceNameSelector = "ConnectedServiceNameSelector"; public AzurePowerShellHandlerData Data { get; set; } protected override void AddLegacyHostEnvironmentVariables(string scriptFile, string workingDirectory) { // Call the base implementation. base.AddLegacyHostEnvironmentVariables(scriptFile: scriptFile, workingDirectory: workingDirectory); // additionalStatement List>>> additionalStatement = GetAdditionalCommandsForAzurePowerShell(Inputs); if (additionalStatement.Count > 0) { AddEnvironmentVariable("VSTSPSHOSTSTATEMENTS", JsonUtility.ToString(additionalStatement)); } } protected override string GetArgumentFormat() { ArgUtil.NotNull(Data, nameof(Data)); return Data.ArgumentFormat; } protected override string GetTarget() { ArgUtil.NotNull(Data, nameof(Data)); return Data.Target; } protected override string GetWorkingDirectory() { ArgUtil.NotNull(Data, nameof(Data)); return Data.WorkingDirectory; } private List>>> GetAdditionalCommandsForAzurePowerShell(Dictionary inputs) { List>>> additionalCommands = new List>>>(); string connectedServiceNameValue = GetConnectedService(inputs); // It's OK for StorageAccount to not exist (it won't for RunAzurePowerShell or AzureWebPowerShellDeployment) // If it is empty for AzureCloudPowerShellDeployment (the UI is set up to require it), the deployment script will // fail with a message as to the problem. string storageAccountParameter; string storageAccount = string.Empty; if (inputs.TryGetValue("StorageAccount", out storageAccountParameter)) { storageAccount = storageAccountParameter; } // Initialize our Azure Support (imports the module, sets up the Azure subscription) string path = VarUtil.GetLegacyPowerShellHostDirectoryPath(ExecutionContext); string azurePSM1 = Path.Combine(path, "Microsoft.TeamFoundation.DistributedTask.Task.Deployment.Azure\\Microsoft.TeamFoundation.DistributedTask.Task.Deployment.Azure.psm1"); Trace.Verbose("AzurePowerShellHandler.UpdatePowerShellEnvironment - AddCommand(Import-Module)"); Trace.Verbose("AzurePowerShellHandler.UpdatePowerShellEnvironment - AddParameter(Name={0})", azurePSM1); Trace.Verbose("AzurePowerShellHandler.UpdatePowerShellEnvironment - AddParameter(Scope=Global)"); additionalCommands.Add(new Tuple>>("Import-Module", new List>() { new Tuple("Name", azurePSM1), new Tuple("Scope", "Global"), })); Trace.Verbose("AzurePowerShellHandler.UpdatePowerShellEnvironment - AddCommand(Initialize-AzurePowerShellSupport)"); Trace.Verbose(StringUtil.Format("AzurePowerShellHandler.UpdatePowerShellEnvironment - AddParameter({0}={1})", _connectedServiceName, connectedServiceNameValue)); Trace.Verbose("AzurePowerShellHandler.UpdatePowerShellEnvironment - AddParameter(StorageAccount={0})", storageAccount); additionalCommands.Add(new Tuple>>("Initialize-AzurePowerShellSupport", new List>() { new Tuple(_connectedServiceName, connectedServiceNameValue), new Tuple("StorageAccount", storageAccount), })); return additionalCommands; } private string GetConnectedService(Dictionary inputs) { string environment, connectedServiceSelectorValue; string connectedServiceName = _connectedServiceName; if (inputs.TryGetValue(_connectedServiceNameSelector, out connectedServiceSelectorValue)) { connectedServiceName = connectedServiceSelectorValue; Trace.Verbose(StringUtil.Format("AzurePowerShellHandler.UpdatePowerShellEnvironment - Found ConnectedServiceSelector value : {0}", connectedServiceName?.ToString())); } if (!inputs.TryGetValue(connectedServiceName, out environment)) { Trace.Verbose(StringUtil.Format("AzurePowerShellHandler.UpdatePowerShellEnvironment - Could not find {0}, so looking for DeploymentEnvironmentName.", connectedServiceName?.ToString())); if (!inputs.TryGetValue("DeploymentEnvironmentName", out environment)) { throw new ArgumentNullException($"The required {connectedServiceName} parameter was not found by the AzurePowerShellRunner."); } } string connectedServiceNameValue = environment; if (String.IsNullOrEmpty(connectedServiceNameValue)) { throw new ArgumentNullException($"The required {connectedServiceName} parameter was either null or empty. Ensure you have provisioned a Deployment Environment using services tab in Admin UI."); } return connectedServiceNameValue; } } public sealed class PowerShellHandler : LegacyPowerShellHandler, IPowerShellHandler { public PowerShellHandlerData Data { get; set; } protected override string GetArgumentFormat() { ArgUtil.NotNull(Data, nameof(Data)); return Data.ArgumentFormat; } protected override string GetTarget() { ArgUtil.NotNull(Data, nameof(Data)); return Data.Target; } protected override string GetWorkingDirectory() { ArgUtil.NotNull(Data, nameof(Data)); return Data.WorkingDirectory; } } public abstract class LegacyPowerShellHandler : Handler { private Regex _argumentMatching = new Regex("([^\" ]*(\"[^\"]*\")[^\" ]*)|[^\" ]+", RegexOptions.Compiled); private string _appConfigFileName = "LegacyVSTSPowerShellHost.exe.config"; private string _appConfigRestoreFileName = "LegacyVSTSPowerShellHost.exe.config.restore"; protected abstract string GetArgumentFormat(); protected abstract string GetTarget(); protected abstract string GetWorkingDirectory(); public async Task RunAsync() { // Validate args. Trace.Entering(); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); ArgUtil.NotNull(Inputs, nameof(Inputs)); ArgUtil.Directory(TaskDirectory, nameof(TaskDirectory)); // Warn about legacy handler. ExecutionContext.Warning($"Task '{this.Task.Name}' ({this.Task.Version}) is using deprecated task execution handler. The task should use the supported task-lib: https://aka.ms/tasklib"); // Resolve the target script. string target = GetTarget(); ArgUtil.NotNullOrEmpty(target, nameof(target)); string scriptFile = Path.Combine(TaskDirectory, target); ArgUtil.File(scriptFile, nameof(scriptFile)); // Determine the working directory. string workingDirectory = GetWorkingDirectory(); if (String.IsNullOrEmpty(workingDirectory)) { workingDirectory = Path.GetDirectoryName(scriptFile); } else { if (!Directory.Exists(workingDirectory)) { Directory.CreateDirectory(workingDirectory); } } // Copy the OM binaries into the legacy host folder. if (AgentKnobs.InstallLegacyTfExe.GetValue(ExecutionContext).AsBoolean()) { ExecutionContext.Output(StringUtil.Loc("PrepareTaskExecutionHandler")); string sourceDirectory = HostContext.GetDirectory(WellKnownDirectory.ServerOMLegacy); string targetDirectory = HostContext.GetDirectory(WellKnownDirectory.LegacyPSHostLegacy); IOUtil.CopyDirectory( source: sourceDirectory, target: targetDirectory, cancellationToken: ExecutionContext.CancellationToken); Trace.Info("Finished copying files."); } // Add the legacy ps host environment variables. AddLegacyHostEnvironmentVariables(scriptFile: scriptFile, workingDirectory: workingDirectory); AddPrependPathToEnvironment(); // Add proxy setting to LegacyVSTSPowerShellHost.exe.config var agentProxy = HostContext.GetService(); if (!string.IsNullOrEmpty(agentProxy.ProxyAddress)) { AddProxySetting(agentProxy); } // Invoke the process. using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += OnDataReceived; processInvoker.ErrorDataReceived += OnDataReceived; try { String vstsPSHostExeDirectory = VarUtil.GetLegacyPowerShellHostDirectoryPath(ExecutionContext); String vstsPSHostExe = Path.Combine(vstsPSHostExeDirectory, "LegacyVSTSPowerShellHost.exe"); Int32 exitCode = await processInvoker.ExecuteAsync(workingDirectory: workingDirectory, fileName: vstsPSHostExe, arguments: "", environment: Environment, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, redirectStandardIn: null, inheritConsoleHandler: !ExecutionContext.Variables.Retain_Default_Encoding, continueAfterCancelProcessTreeKillAttempt: _continueAfterCancelProcessTreeKillAttempt, cancellationToken: ExecutionContext.CancellationToken); // the exit code from vstsPSHost.exe indicate how many error record we get during execution // -1 exit code means infrastructure failure of Host itself. // this is to match current handler's logic. if (exitCode > 0) { if (ExecutionContext.Result != null) { ExecutionContext.Debug($"Task result already set. Not failing due to error count ({exitCode})."); } else { // We fail task and add issue. ExecutionContext.Result = TaskResult.Failed; ExecutionContext.Error(StringUtil.Loc("PSScriptError", exitCode)); } } else if (exitCode < 0) { // We fail task and add issue. ExecutionContext.Result = TaskResult.Failed; ExecutionContext.Error(StringUtil.Loc("VSTSHostNonZeroReturn", exitCode)); } } finally { processInvoker.OutputDataReceived -= OnDataReceived; processInvoker.ErrorDataReceived -= OnDataReceived; } } } protected virtual void AddLegacyHostEnvironmentVariables(string scriptFile, string workingDirectory) { // scriptName AddEnvironmentVariable("VSTSPSHOSTSCRIPTNAME", scriptFile); // workingFolder AddEnvironmentVariable("VSTSPSHOSTWORKINGFOLDER", workingDirectory); // outputPreference AddEnvironmentVariable("VSTSPSHOSTOUTPUTPREFER", ExecutionContext.WriteDebug ? "Continue" : "SilentlyContinue"); // inputParameters if (Inputs.Count > 0) { AddEnvironmentVariable("VSTSPSHOSTINPUTPARAMETER", JsonUtility.ToString(Inputs)); } List arguments = new List(); Dictionary argumentParameters = new Dictionary(); string argumentFormat = GetArgumentFormat(); if (string.IsNullOrEmpty(argumentFormat)) { // treatInputsAsArguments AddEnvironmentVariable("VSTSPSHOSTINPUTISARG", "True"); } else { MatchCollection matches = _argumentMatching.Matches(argumentFormat); if (matches[0].Value.StartsWith("-")) { String currentKey = String.Empty; foreach (Match match in matches) { if (match.Value.StartsWith("-")) { currentKey = match.Value.Trim('-'); argumentParameters.Add(currentKey, String.Empty); } else if (!match.Value.StartsWith("-") && !String.IsNullOrEmpty(currentKey)) { argumentParameters[currentKey] = match.Value; currentKey = String.Empty; } else { throw new ArgumentException($"Found value {match.Value} with no corresponding named parameter"); } } } else { foreach (Match match in matches) { arguments.Add(match.Value); } } // arguments if (arguments.Count > 0) { AddEnvironmentVariable("VSTSPSHOSTARGS", JsonUtility.ToString(arguments)); } // argumentParameters if (argumentParameters.Count > 0) { AddEnvironmentVariable("VSTSPSHOSTARGPARAMETER", JsonUtility.ToString(argumentParameters)); } } // push all variable. foreach (var variable in ExecutionContext.Variables.Public.Concat(ExecutionContext.Variables.Private)) { AddEnvironmentVariable("VSTSPSHOSTVAR_" + variable.Name, variable.Value); } // push all public variable. foreach (var variable in ExecutionContext.Variables.Public) { AddEnvironmentVariable("VSTSPSHOSTPUBVAR_" + variable.Name, variable.Value); } // push all endpoints List ids = new List(); foreach (ServiceEndpoint endpoint in ExecutionContext.Endpoints) { string partialKey = null; if (string.Equals(endpoint.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)) { partialKey = WellKnownServiceEndpointNames.SystemVssConnection.ToUpperInvariant(); AddEnvironmentVariable("VSTSPSHOSTSYSTEMENDPOINT_URL", endpoint.Url.ToString()); AddEnvironmentVariable("VSTSPSHOSTSYSTEMENDPOINT_AUTH", JsonUtility.ToString(endpoint.Authorization)); } else { if (endpoint.Id == Guid.Empty && endpoint.Data.ContainsKey("repositoryId")) { partialKey = endpoint.Data["repositoryId"].ToUpperInvariant(); } else { partialKey = endpoint.Id.ToString("D").ToUpperInvariant(); } ids.Add(partialKey); AddEnvironmentVariable("VSTSPSHOSTENDPOINT_URL_" + partialKey, endpoint.Url.ToString()); // We fixed endpoint.name to be the name of the endpoint in yaml, before endpoint.name=endpoint.id is a guid // However, for source endpoint, the endpoint.id is Guid.Empty and endpoint.name is already the name of the endpoint // The legacy PSHost use the Guid to retrive endpoint, the legacy PSHost assume `VSTSPSHOSTENDPOINT_NAME_` is the Guid. if (endpoint.Id == Guid.Empty && endpoint.Data.ContainsKey("repositoryId")) { AddEnvironmentVariable("VSTSPSHOSTENDPOINT_NAME_" + partialKey, endpoint.Name); } else { AddEnvironmentVariable("VSTSPSHOSTENDPOINT_NAME_" + partialKey, endpoint.Id.ToString()); } AddEnvironmentVariable("VSTSPSHOSTENDPOINT_TYPE_" + partialKey, endpoint.Type); AddEnvironmentVariable("VSTSPSHOSTENDPOINT_AUTH_" + partialKey, JsonUtility.ToString(endpoint.Authorization)); AddEnvironmentVariable("VSTSPSHOSTENDPOINT_DATA_" + partialKey, JsonUtility.ToString(endpoint.Data)); } } var defaultRepoName = ExecutionContext.Variables.Get(Constants.Variables.Build.RepoName); var defaultRepoType = ExecutionContext.Variables.Get(Constants.Variables.Build.RepoProvider); if (!string.IsNullOrEmpty(defaultRepoName)) { // TODO: use alias to find the trigger repo when we have the concept of triggering repo. var defaultRepo = ExecutionContext.Repositories.FirstOrDefault(x => String.Equals(x.Properties.Get(RepositoryPropertyNames.Name), defaultRepoName, StringComparison.OrdinalIgnoreCase)); if (defaultRepo != null && !ids.Exists(x => string.Equals(x, defaultRepo.Id, StringComparison.OrdinalIgnoreCase))) { ids.Add(defaultRepo.Id); AddEnvironmentVariable("VSTSPSHOSTENDPOINT_URL_" + defaultRepo.Id, defaultRepo.Url.ToString()); AddEnvironmentVariable("VSTSPSHOSTENDPOINT_NAME_" + defaultRepo.Id, defaultRepoName); AddEnvironmentVariable("VSTSPSHOSTENDPOINT_TYPE_" + defaultRepo.Id, defaultRepoType); if (defaultRepo.Endpoint != null) { var endpoint = ExecutionContext.Endpoints.FirstOrDefault(x => x.Id == defaultRepo.Endpoint.Id); if (endpoint != null) { AddEnvironmentVariable("VSTSPSHOSTENDPOINT_AUTH_" + defaultRepo.Id, JsonUtility.ToString(endpoint.Authorization)); AddEnvironmentVariable("VSTSPSHOSTENDPOINT_DATA_" + defaultRepo.Id, JsonUtility.ToString(endpoint.Data)); } } } } if (ids.Count > 0) { AddEnvironmentVariable("VSTSPSHOSTENDPOINT_IDS", JsonUtility.ToString(ids)); } } private void AddProxySetting(IVstsAgentWebProxy agentProxy) { string psHostDirectory = VarUtil.GetLegacyPowerShellHostDirectoryPath(ExecutionContext); string appConfig = Path.Combine(psHostDirectory, _appConfigFileName); ArgUtil.File(appConfig, _appConfigFileName); string appConfigRestore = Path.Combine(psHostDirectory, _appConfigRestoreFileName); if (!File.Exists(appConfigRestore)) { Trace.Info("Take snapshot of current appconfig for restore modified appconfig."); File.Copy(appConfig, appConfigRestore); } else { // cleanup any appconfig changes from previous build. ExecutionContext.Debug("Restore default LegacyVSTSPowerShellHost.exe.config."); IOUtil.DeleteFile(appConfig); File.Copy(appConfigRestore, appConfig); } XmlDocument psHostAppConfig = new XmlDocument(); using (var appConfigStream = new FileStream(appConfig, FileMode.Open, FileAccess.Read)) { psHostAppConfig.Load(appConfigStream); } var configuration = psHostAppConfig.SelectSingleNode("configuration"); ArgUtil.NotNull(configuration, "configuration"); var exist_defaultProxy = psHostAppConfig.SelectSingleNode("configuration/system.net/defaultProxy"); if (exist_defaultProxy == null) { var system_net = psHostAppConfig.SelectSingleNode("configuration/system.net"); if (system_net == null) { Trace.Verbose("Create system.net section in appconfg."); system_net = psHostAppConfig.CreateElement("system.net"); } Trace.Verbose("Create defaultProxy section in appconfg."); var defaultProxy = psHostAppConfig.CreateElement("defaultProxy"); defaultProxy.SetAttribute("useDefaultCredentials", "true"); Trace.Verbose("Create proxy section in appconfg."); var proxy = psHostAppConfig.CreateElement("proxy"); proxy.SetAttribute("proxyaddress", agentProxy.ProxyAddress); proxy.SetAttribute("bypassonlocal", "true"); if (agentProxy.ProxyBypassList != null && agentProxy.ProxyBypassList.Count > 0) { Trace.Verbose("Create bypasslist section in appconfg."); var bypass = psHostAppConfig.CreateElement("bypasslist"); foreach (string proxyBypass in agentProxy.ProxyBypassList) { Trace.Verbose($"Create bypasslist.add section for {proxyBypass} in appconfg."); var add = psHostAppConfig.CreateElement("add"); add.SetAttribute("address", proxyBypass); bypass.AppendChild(add); } defaultProxy.AppendChild(bypass); } defaultProxy.AppendChild(proxy); system_net.AppendChild(defaultProxy); configuration.AppendChild(system_net); using (var appConfigStream = new FileStream(appConfig, FileMode.Open, FileAccess.ReadWrite)) { psHostAppConfig.Save(appConfigStream); } ExecutionContext.Debug("Add Proxy setting in LegacyVSTSPowerShellHost.exe.config file."); } else { //proxy setting exist. ExecutionContext.Debug("Proxy setting already exist in LegacyVSTSPowerShellHost.exe.config file."); } } private void OnDataReceived(object sender, ProcessDataReceivedEventArgs e) { // This does not need to be inside of a critical section. // The logging queues and command handlers are thread-safe. if (!CommandManager.TryProcessCommand(ExecutionContext, e.Data)) { ExecutionContext.Output(e.Data); } } } } ================================================ FILE: src/Agent.Worker/Handlers/NodeHandler.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies; using System.IO; using System.Text; using System.Threading.Tasks; using System; using Newtonsoft.Json.Linq; using System.Text.RegularExpressions; using System.Linq; using System.Collections.Generic; using System.Threading; using StringUtil = Microsoft.VisualStudio.Services.Agent.Util.StringUtil; using Microsoft.VisualStudio.Services.Agent.Worker.Container; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { [ServiceLocator(Default = typeof(NodeHandler))] public interface INodeHandler : IHandler { // Data can be of these five types: NodeHandlerData, Node10HandlerData, Node16HandlerData, Node20_1HandlerData and Node24HandlerData BaseNodeHandlerData Data { get; set; } } [ServiceLocator(Default = typeof(NodeHandlerHelper))] public interface INodeHandlerHelper { string[] GetFilteredPossibleNodeFolders(string nodeFolderName, string[] possibleNodeFolders); string GetNodeFolderPath(string nodeFolderName, IHostContext hostContext); bool IsNodeFolderExist(string nodeFolderName, IHostContext hostContext); bool IsNodeExecutable(string nodeFolder, IHostContext HostContext, IExecutionContext ExecutionContext); } public class NodeHandlerHelper : INodeHandlerHelper { public bool IsNodeFolderExist(string nodeFolderName, IHostContext hostContext) => File.Exists(GetNodeFolderPath(nodeFolderName, hostContext)); public string GetNodeFolderPath(string nodeFolderName, IHostContext hostContext) => Path.Combine( hostContext.GetDirectory(WellKnownDirectory.Externals), nodeFolderName, "bin", $"node{IOUtil.ExeExtension}"); public string[] GetFilteredPossibleNodeFolders(string nodeFolderName, string[] possibleNodeFolders) { int nodeFolderIndex = Array.IndexOf(possibleNodeFolders, nodeFolderName); return nodeFolderIndex >= 0 ? possibleNodeFolders.Skip(nodeFolderIndex + 1).ToArray() : Array.Empty(); } public bool IsNodeExecutable(string nodeFolder, IHostContext HostContext, IExecutionContext ExecutionContext) { if (!this.IsNodeFolderExist(nodeFolder, HostContext)) { ExecutionContext.Debug($"Node folder does not exist: {nodeFolder}"); return false; } var nodePath = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Externals), nodeFolder, "bin", $"node{IOUtil.ExeExtension}"); const int NodeNotExecutableExitCode = 216; try { var processInvoker = HostContext.CreateService(); var exitCodeTask = processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: nodePath, arguments: "-v", environment: null, requireExitCodeZero: false, outputEncoding: null, cancellationToken: CancellationToken.None); int exitCode = exitCodeTask.GetAwaiter().GetResult(); return exitCode != NodeNotExecutableExitCode; } catch (Exception ex) { ExecutionContext.Debug($"Node executable test threw exception: {ex.Message}"); return false; } } } public sealed class NodeHandler : Handler, INodeHandler { private readonly INodeHandlerHelper nodeHandlerHelper; private readonly Lazy nodeVersionOrchestrator; private const string Node10Folder = "node10"; internal const string NodeFolder = "node"; internal static readonly string Node16Folder = "node16"; internal static readonly string Node20_1Folder = "node20_1"; internal static readonly string Node24Folder = "node24"; private static readonly string nodeLTS = Node16Folder; private const string useNodeKnobLtsKey = "LTS"; private const string useNodeKnobUpgradeKey = "UPGRADE"; private string[] possibleNodeFolders = { NodeFolder, Node10Folder, Node16Folder, Node20_1Folder, Node24Folder }; private static Regex _vstsTaskLibVersionNeedsFix = new Regex("^[0-2]\\.[0-9]+", RegexOptions.Compiled | RegexOptions.IgnoreCase); private static string[] _extensionsNode6 ={ "if (process.versions.node && process.versions.node.match(/^5\\./)) {", " String.prototype.startsWith = function (str) {", " return this.slice(0, str.length) == str;", " };", " String.prototype.endsWith = function (str) {", " return this.slice(-str.length) == str;", " };", "};", "String.prototype.isEqual = function (ignoreCase, str) {", " var str1 = this;", " if (ignoreCase) {", " str1 = str1.toLowerCase();", " str = str.toLowerCase();", " }", " return str1 === str;", "};" }; private bool? supportsNode20; private bool? supportsNode24; // Fallback tracking for telemetry private string fallbackReason; private bool fallbackOccurred; public NodeHandler() { this.nodeHandlerHelper = new NodeHandlerHelper(); this.nodeVersionOrchestrator = new Lazy(() => new NodeVersionOrchestrator(this.ExecutionContext, this.HostContext)); } public NodeHandler(INodeHandlerHelper nodeHandlerHelper) { this.nodeHandlerHelper = nodeHandlerHelper; this.nodeVersionOrchestrator = new Lazy(() => new NodeVersionOrchestrator(this.ExecutionContext, this.HostContext, nodeHandlerHelper)); } public BaseNodeHandlerData Data { get; set; } public async Task RunAsync() { // Validate args. Trace.Entering(); ArgUtil.NotNull(Data, nameof(Data)); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); ArgUtil.NotNull(Inputs, nameof(Inputs)); ArgUtil.Directory(TaskDirectory, nameof(TaskDirectory)); if (!PlatformUtil.RunningOnWindows && !AgentKnobs.IgnoreVSTSTaskLib.GetValue(ExecutionContext).AsBoolean()) { Dictionary telemetryData = new Dictionary { { "JobId", ExecutionContext.Variables.System_JobId.ToString()}, { "PlanId", ExecutionContext.Variables.Get(Constants.Variables.System.PlanId)}, { "AgentName", ExecutionContext.Variables.Get(Constants.Variables.Agent.Name)}, { "MachineName", ExecutionContext.Variables.Get(Constants.Variables.Agent.MachineName)}, { "AgentVersion", ExecutionContext.Variables.Get(Constants.Variables.Agent.Version)}, { "IsSelfHosted", ExecutionContext.Variables.Get(Constants.Variables.Agent.IsSelfHosted)}, { "IsAzureVM", ExecutionContext.Variables.Get(Constants.Variables.System.IsAzureVM)}, { "IsDockerContainer", ExecutionContext.Variables.Get(Constants.Variables.System.IsDockerContainer)}, { "VsoTaskLibUsed", "true" }, { "Platform", PlatformUtil.HostOS.ToString() } }; ExecutionContext.PublishTaskRunnerTelemetry(telemetryData); await VsoTaskLibManager.DownloadVsoTaskLibAsync(ExecutionContext); // Ensure compat vso-task-lib exist at the root of _work folder // This will make vsts-agent work against 2015 RTM/QU1 TFS, since tasks in those version doesn't package with task lib // Put the 0.5.5 version vso-task-lib into the root of _work/node_modules folder, so tasks are able to find those lib. if (!File.Exists(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), "node_modules", "vso-task-lib", "package.json"))) { string vsoTaskLibFromExternal = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Externals), "vso-task-lib"); string compatVsoTaskLibInWork = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), "node_modules", "vso-task-lib"); IOUtil.CopyDirectory(vsoTaskLibFromExternal, compatVsoTaskLibInWork, ExecutionContext.CancellationToken); } } // Update the env dictionary. AddInputsToEnvironment(); AddEndpointsToEnvironment(); AddSecureFilesToEnvironment(); AddVariablesToEnvironment(); AddTaskVariablesToEnvironment(); AddPrependPathToEnvironment(); // Resolve the target script. string target = Data.Target; ArgUtil.NotNullOrEmpty(target, nameof(target)); target = Path.Combine(TaskDirectory, target); ArgUtil.File(target, nameof(target)); // Resolve the working directory. string workingDirectory = Data.WorkingDirectory; if (string.IsNullOrEmpty(workingDirectory)) { workingDirectory = ExecutionContext.Variables.Get(Constants.Variables.System.DefaultWorkingDirectory); if (string.IsNullOrEmpty(workingDirectory)) { workingDirectory = HostContext.GetDirectory(WellKnownDirectory.Work); } } // fix vsts-task-lib for node 6.x // vsts-task-lib 0.6/0.7/0.8/0.9/2.0-preview implemented String.prototype.startsWith and String.prototype.endsWith since Node 5.x doesn't have them. // however the implementation is added in node 6.x, the implementation in vsts-task-lib is different. // node 6.x's implementation takes 2 parameters str.endsWith(searchString[, length]) / str.startsWith(searchString[, length]) // the implementation vsts-task-lib had only takes one parameter str.endsWith(searchString) / str.startsWith(searchString). // as long as vsts-task-lib be loaded into memory, it will overwrite the implementation node 6.x has, // so any script that use the second parameter (length) will encounter unexpected result. // to avoid customer hit this error, we will modify the file (extensions.js) under vsts-task-lib module folder when customer choose to use Node 6.x if (!AgentKnobs.IgnoreVSTSTaskLib.GetValue(ExecutionContext).AsBoolean()) { Trace.Info("Inspect node_modules folder, make sure vsts-task-lib doesn't overwrite String.startsWith/endsWith."); FixVstsTaskLibModule(); } else { Trace.Info("AZP_AGENT_IGNORE_VSTSTASKLIB enabled, ignoring fix"); } StepHost.OutputDataReceived += OnDataReceived; StepHost.ErrorDataReceived += OnDataReceived; string file; bool useNode20InUnsupportedSystem = AgentKnobs.UseNode20InUnsupportedSystem.GetValue(ExecutionContext).AsBoolean(); bool useNode24InUnsupportedSystem = AgentKnobs.UseNode24InUnsupportedSystem.GetValue(ExecutionContext).AsBoolean(); bool node20ResultsInGlibCErrorHost = false; bool node24ResultsInGlibCErrorHost = false; if (PlatformUtil.HostOS == PlatformUtil.OS.Linux) { if (!useNode20InUnsupportedSystem) { if (supportsNode20.HasValue) { node20ResultsInGlibCErrorHost = !supportsNode20.Value; } else { node20ResultsInGlibCErrorHost = await CheckIfNodeResultsInGlibCError(NodeHandler.Node20_1Folder); ExecutionContext.EmitHostNode20FallbackTelemetry(node20ResultsInGlibCErrorHost); supportsNode20 = !node20ResultsInGlibCErrorHost; } } if (!useNode24InUnsupportedSystem) { if (supportsNode24.HasValue) { node24ResultsInGlibCErrorHost = !supportsNode24.Value; } else { node24ResultsInGlibCErrorHost = await CheckIfNodeResultsInGlibCError(NodeHandler.Node24Folder); ExecutionContext.EmitHostNode24FallbackTelemetry(node24ResultsInGlibCErrorHost); supportsNode24 = !node24ResultsInGlibCErrorHost; } } } ContainerInfo container = (ExecutionContext.StepTarget() as ContainerInfo); if (container == null) { file = GetNodeLocation(node20ResultsInGlibCErrorHost, node24ResultsInGlibCErrorHost, inContainer: false); } else { file = GetNodeLocation(container.NeedsNode16Redirect, container.NeedsNode20Redirect, inContainer: true); } ExecutionContext.Debug("Using node path: " + file); // Format the arguments passed to node. // 1) Wrap the script file path in double quotes. // 2) Escape double quotes within the script file path. Double-quote is a valid // file name character on Linux. string arguments = StepHost.ResolvePathForStepHost(StringUtil.Format(@"""{0}""", target.Replace(@"""", @"\"""))); // Let .NET choose the default, except on Windows. Encoding outputEncoding = null; if (PlatformUtil.RunningOnWindows) { // It appears that node.exe outputs UTF8 when not in TTY mode. outputEncoding = Encoding.UTF8; } var enableResourceUtilizationWarnings = AgentKnobs.EnableResourceUtilizationWarnings.GetValue(ExecutionContext).AsBoolean(); var sigintTimeout = TimeSpan.FromMilliseconds(AgentKnobs.ProccessSigintTimeout.GetValue(ExecutionContext).AsInt()); var sigtermTimeout = TimeSpan.FromMilliseconds(AgentKnobs.ProccessSigtermTimeout.GetValue(ExecutionContext).AsInt()); var useGracefulShutdown = AgentKnobs.UseGracefulProcessShutdown.GetValue(ExecutionContext).AsBoolean(); var configStore = HostContext.GetService(); var agentSettings = configStore.GetSettings(); if (agentSettings.DebugMode) { var debugTask = AgentKnobs.DebugTask.GetValue(ExecutionContext).AsString(); if (!string.IsNullOrEmpty(debugTask)) { if (string.Equals(Task?.Id.ToString("D"), debugTask, StringComparison.OrdinalIgnoreCase) || string.Equals(Task?.Name, debugTask, StringComparison.OrdinalIgnoreCase)) { arguments = $"--inspect-brk {arguments}"; } } } try { // Execute the process. Exit code 0 should always be returned. // A non-zero exit code indicates infrastructural failure. // Task failure should be communicated over STDOUT using ## commands. Task step = StepHost.ExecuteAsync(workingDirectory: StepHost.ResolvePathForStepHost(workingDirectory), fileName: StepHost.ResolvePathForStepHost(file), arguments: arguments, environment: Environment, requireExitCodeZero: true, outputEncoding: outputEncoding, killProcessOnCancel: false, inheritConsoleHandler: !ExecutionContext.Variables.Retain_Default_Encoding, continueAfterCancelProcessTreeKillAttempt: _continueAfterCancelProcessTreeKillAttempt, sigintTimeout: sigintTimeout, sigtermTimeout: sigtermTimeout, useGracefulShutdown: useGracefulShutdown, cancellationToken: ExecutionContext.CancellationToken); // Wait for either the node exit or force finish through ##vso command await System.Threading.Tasks.Task.WhenAny(step, ExecutionContext.ForceCompleted); if (ExecutionContext.ForceCompleted.IsCompleted) { ExecutionContext.Debug("The task was marked as \"done\", but the process has not closed after 5 seconds. Treating the task as complete."); } else { await step; } } catch (ProcessExitCodeException ex) { if (enableResourceUtilizationWarnings && ex.ExitCode == 137) { ExecutionContext.Error(StringUtil.Loc("AgentOutOfMemoryFailure")); } throw; } finally { StepHost.OutputDataReceived -= OnDataReceived; StepHost.ErrorDataReceived -= OnDataReceived; } } private async Task CheckIfNodeResultsInGlibCError(string nodeFolder) { if (!nodeHandlerHelper.IsNodeFolderExist(nodeFolder, HostContext)) { return true; } var nodePath = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Externals), nodeFolder, "bin", $"node{IOUtil.ExeExtension}"); List nodeVersionOutput = await ExecuteCommandAsync(ExecutionContext, nodePath, "-v", requireZeroExitCode: false, showOutputOnFailureOnly: true); var nodeResultsInGlibCError = WorkerUtilities.IsCommandResultGlibcError(ExecutionContext, nodeVersionOutput, out string nodeInfoLine); return nodeResultsInGlibCError; } private string GetNodeFolderWithFallback(string preferredNodeFolder, bool node20ResultsInGlibCError, bool node24ResultsInGlibCError, bool inContainer) { switch (preferredNodeFolder) { case var folder when folder == NodeHandler.Node24Folder: // Fallback if Node24 has glibc error OR doesn't exist (e.g., win-x86) or not executable (e.g, windows 2012 R2) bool node24NotExecutable = !nodeHandlerHelper.IsNodeExecutable(NodeHandler.Node24Folder, this.HostContext, this.ExecutionContext); if (node24ResultsInGlibCError || node24NotExecutable) { // Fallback to Node20, then Node16 if Node20 also fails or doesn't exist bool node20NotAvailableForNode24Fallback = !nodeHandlerHelper.IsNodeFolderExist(NodeHandler.Node20_1Folder, HostContext); if (node20ResultsInGlibCError || node20NotAvailableForNode24Fallback) { fallbackReason = node24NotExecutable ? "NodeNotExecutable" : "GlibCError"; fallbackOccurred = true; NodeFallbackWarning("24", "16", inContainer, node24NotExecutable); return NodeHandler.Node16Folder; } else { fallbackReason = node24NotExecutable ? "NodeNotExecutable" : "GlibCError"; fallbackOccurred = true; NodeFallbackWarning("24", "20", inContainer, node24NotExecutable); return NodeHandler.Node20_1Folder; } } return NodeHandler.Node24Folder; case var folder when folder == NodeHandler.Node20_1Folder: // Fallback if Node20 has glibc error OR doesn't exist bool node20NotAvailable = !nodeHandlerHelper.IsNodeFolderExist(NodeHandler.Node20_1Folder, HostContext); if (node20ResultsInGlibCError || node20NotAvailable) { fallbackReason = node20NotAvailable ? "NodeNotAvailable" : "GlibCError"; fallbackOccurred = true; NodeFallbackWarning("20", "16", inContainer, node20NotAvailable); return NodeHandler.Node16Folder; } return NodeHandler.Node20_1Folder; default: return preferredNodeFolder; } } public string GetNodeLocation(bool node20ResultsInGlibCError, bool node24ResultsInGlibCError, bool inContainer) { bool useStrategyPattern = AgentKnobs.UseNodeVersionStrategy.GetValue(ExecutionContext).AsBoolean(); if (useStrategyPattern) { return GetNodeLocationUsingStrategy(inContainer).GetAwaiter().GetResult(); } return GetNodeLocationLegacy(node20ResultsInGlibCError, node24ResultsInGlibCError, inContainer); } private async Task GetNodeLocationUsingStrategy(bool inContainer) { try { var taskContext = new TaskContext { HandlerData = Data, Container = inContainer ? (ExecutionContext.StepTarget() as ContainerInfo) : null, StepTarget = inContainer ? null : ExecutionContext.StepTarget() }; NodeRunnerInfo result = await nodeVersionOrchestrator.Value.SelectNodeVersionForHostAsync(taskContext); return result.NodePath; } catch (Exception ex) { ExecutionContext.Error($"Strategy-based node selection failed: {ex.Message}"); ExecutionContext.Debug($"Stack trace: {ex}"); throw; } } private string GetNodeLocationLegacy(bool node20ResultsInGlibCError, bool node24ResultsInGlibCError, bool inContainer) { if (!string.IsNullOrEmpty(ExecutionContext.StepTarget()?.CustomNodePath)) { return ExecutionContext.StepTarget().CustomNodePath; } bool useNode10 = AgentKnobs.UseNode10.GetValue(ExecutionContext).AsBoolean(); bool useNode20_1 = AgentKnobs.UseNode20_1.GetValue(ExecutionContext).AsBoolean(); bool UseNode20InUnsupportedSystem = AgentKnobs.UseNode20InUnsupportedSystem.GetValue(ExecutionContext).AsBoolean(); bool useNode24 = AgentKnobs.UseNode24.GetValue(ExecutionContext).AsBoolean(); bool UseNode24withHandlerData = AgentKnobs.UseNode24withHandlerData.GetValue(ExecutionContext).AsBoolean(); bool taskHasNode6Data = Data is NodeHandlerData; bool taskHasNode10Data = Data is Node10HandlerData; bool taskHasNode16Data = Data is Node16HandlerData; bool taskHasNode20_1Data = Data is Node20_1HandlerData; bool taskHasNode24Data = Data is Node24HandlerData; string useNodeKnob = AgentKnobs.UseNode.GetValue(ExecutionContext).AsString(); //using Node20_1 as default node version string nodeFolder = NodeHandler.Node20_1Folder; if (taskHasNode24Data && UseNode24withHandlerData) { Trace.Info($"Task.json has node24 handler data: {taskHasNode24Data}"); nodeFolder = GetNodeFolderWithFallback(NodeHandler.Node24Folder, node20ResultsInGlibCError, node24ResultsInGlibCError, inContainer); } else if (taskHasNode20_1Data) { Trace.Info($"Task.json has node20_1 handler data: {taskHasNode20_1Data} node20ResultsInGlibCError = {node20ResultsInGlibCError}"); nodeFolder = GetNodeFolderWithFallback(NodeHandler.Node20_1Folder, node20ResultsInGlibCError, node24ResultsInGlibCError, inContainer); } else if (taskHasNode16Data) { Trace.Info($"Task.json has node16 handler data: {taskHasNode16Data}"); nodeFolder = NodeHandler.Node16Folder; } else if (taskHasNode10Data) { Trace.Info($"Task.json has node10 handler data: {taskHasNode10Data}"); nodeFolder = NodeHandler.Node10Folder; } else if (taskHasNode6Data) { Trace.Info($"Task.json has node6 handler data: {taskHasNode6Data}"); nodeFolder = NodeHandler.NodeFolder; } else if (PlatformUtil.RunningOnAlpine) { Trace.Info($"Detected Alpine, using node10 instead of node (6)"); nodeFolder = NodeHandler.Node10Folder; } if (useNode24) { Trace.Info($"Found UseNode24 knob, using node24 for node tasks: {useNode24}"); nodeFolder = GetNodeFolderWithFallback(NodeHandler.Node24Folder, node20ResultsInGlibCError, node24ResultsInGlibCError, inContainer); } else if (useNode20_1) { Trace.Info($"Found UseNode20_1 knob, using node20_1 for node tasks {useNode20_1} node20ResultsInGlibCError = {node20ResultsInGlibCError}"); nodeFolder = GetNodeFolderWithFallback(NodeHandler.Node20_1Folder, node20ResultsInGlibCError, node24ResultsInGlibCError, inContainer); } else if (useNode10) { Trace.Info($"Found UseNode10 knob, use node10 for node tasks: {useNode10}"); nodeFolder = NodeHandler.Node10Folder; } // Warn for deprecated node versions if ((nodeFolder == NodeHandler.NodeFolder || nodeFolder == NodeHandler.Node10Folder || nodeFolder == NodeHandler.Node16Folder) && AgentKnobs.AgentDeprecatedNodeWarnings.GetValue(ExecutionContext).AsBoolean()) { ExecutionContext.Warning(StringUtil.Loc("DeprecatedRunner", Task.Name.ToString())); } if (!nodeHandlerHelper.IsNodeFolderExist(nodeFolder, HostContext)) { string[] filteredPossibleNodeFolders = nodeHandlerHelper.GetFilteredPossibleNodeFolders(nodeFolder, possibleNodeFolders); if (!String.IsNullOrWhiteSpace(useNodeKnob) && filteredPossibleNodeFolders.Length > 0) { Trace.Info($"Found UseNode knob with value \"{useNodeKnob}\", will try to find appropriate Node Runner"); switch (useNodeKnob.ToUpper()) { case NodeHandler.useNodeKnobLtsKey: if (nodeHandlerHelper.IsNodeFolderExist(NodeHandler.nodeLTS, HostContext)) { ExecutionContext.Warning($"Configured runner {nodeFolder} is not available, latest LTS version {NodeHandler.nodeLTS} will be used. See http://aka.ms/azdo-node-runner"); Trace.Info($"Found LTS version of node installed"); return nodeHandlerHelper.GetNodeFolderPath(NodeHandler.nodeLTS, HostContext); } break; case NodeHandler.useNodeKnobUpgradeKey: string firstExistedNodeFolder = filteredPossibleNodeFolders.FirstOrDefault(nf => nodeHandlerHelper.IsNodeFolderExist(nf, HostContext)); if (firstExistedNodeFolder != null) { ExecutionContext.Warning($"Configured runner {nodeFolder} is not available, next available version will be used. See http://aka.ms/azdo-node-runner"); Trace.Info($"Found {firstExistedNodeFolder} installed"); return nodeHandlerHelper.GetNodeFolderPath(firstExistedNodeFolder, HostContext); } break; default: Trace.Error($"Value of UseNode knob cannot be recognized"); break; } } throw new FileNotFoundException(StringUtil.Loc("MissingNodePath", nodeHandlerHelper.GetNodeFolderPath(nodeFolder, HostContext))); } if (AgentKnobs.UseNewNodeHandlerTelemetry.GetValue(ExecutionContext).AsBoolean()) { try { PublishHandlerTelemetry(nodeFolder, inContainer); } catch (Exception ex) when (ex is FormatException || ex is ArgumentNullException || ex is NullReferenceException) { ExecutionContext.Debug($"NodeHandler ExecutionHandler telemetry wasn't published, because one of the variables has unexpected value."); ExecutionContext.Debug(ex.ToString()); } } return nodeHandlerHelper.GetNodeFolderPath(nodeFolder, HostContext); } private void NodeFallbackWarning(string fromVersion, string toVersion, bool inContainer, bool notExecutable = false) { string systemType = inContainer ? "container" : "agent"; string reason = notExecutable ? $"Node{fromVersion} is not executable on this platform(e.g.,node binary missing or incompatible) " : $"The {systemType} operating system doesn't support Node{fromVersion}"; ExecutionContext.Warning($"{reason}. Using Node{toVersion} instead. " + $"Please upgrade the operating system of the {systemType} to remain compatible with future updates of tasks: " + "https://github.com/nodesource/distributions"); } private void OnDataReceived(object sender, ProcessDataReceivedEventArgs e) { // drop any outputs after the task get force completed. if (ExecutionContext.ForceCompleted.IsCompleted) { return; } // This does not need to be inside of a critical section. // The logging queues and command handlers are thread-safe. if (!CommandManager.TryProcessCommand(ExecutionContext, e.Data)) { ExecutionContext.Output(e.Data); } } private void FixVstsTaskLibModule() { // to avoid modify node_module all the time, we write a .node6 file to indicate we finsihed scan and modify. // the current task is good for node 6.x if (File.Exists(TaskDirectory.TrimEnd(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar) + ".node6")) { Trace.Info("This task has already been scanned and corrected, no more operation needed."); } else { Trace.Info("Scan node_modules folder, looking for vsts-task-lib\\extensions.js"); try { foreach (var file in new DirectoryInfo(TaskDirectory).EnumerateFiles("extensions.js", SearchOption.AllDirectories)) { if (string.Equals(file.Directory.Name, "vsts-task-lib", StringComparison.OrdinalIgnoreCase) || string.Equals(file.Directory.Name, "vso-task-lib", StringComparison.OrdinalIgnoreCase)) { if (File.Exists(Path.Combine(file.DirectoryName, "package.json"))) { // read package.json, we only do the fix for 0.x->2.x JObject packageJson = JObject.Parse(File.ReadAllText(Path.Combine(file.DirectoryName, "package.json"))); JToken versionToken; if (packageJson.TryGetValue("version", StringComparison.OrdinalIgnoreCase, out versionToken)) { if (_vstsTaskLibVersionNeedsFix.IsMatch(versionToken.ToString())) { Trace.Info($"Fix extensions.js file at '{file.FullName}'. The vsts-task-lib version is '{versionToken.ToString()}'"); // take backup of the original file File.Copy(file.FullName, Path.Combine(file.DirectoryName, "extensions.js.vstsnode5")); File.WriteAllLines(file.FullName, _extensionsNode6); } } } } } File.WriteAllText(TaskDirectory.TrimEnd(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar) + ".node6", string.Empty); Trace.Info("Finished scan and correct extensions.js under vsts-task-lib"); } catch (Exception ex) { Trace.Error("Unable to scan and correct potential bug in extensions.js of vsts-task-lib."); Trace.Error(ex); } } } private async Task> ExecuteCommandAsync(IExecutionContext context, string command, string arg, bool requireZeroExitCode, bool showOutputOnFailureOnly) { string commandLog = $"{command} {arg}"; if (!showOutputOnFailureOnly) { context.Command(commandLog); } List outputs = new List(); object outputLock = new object(); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { if (!string.IsNullOrEmpty(message.Data)) { lock (outputLock) { outputs.Add(message.Data); } } }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { if (!string.IsNullOrEmpty(message.Data)) { lock (outputLock) { outputs.Add(message.Data); } } }; var exitCode = await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: command, arguments: arg, environment: null, requireExitCodeZero: requireZeroExitCode, outputEncoding: null, cancellationToken: CancellationToken.None); if ((showOutputOnFailureOnly && exitCode != 0) || !showOutputOnFailureOnly) { if (showOutputOnFailureOnly) { context.Command(commandLog); } foreach (var outputLine in outputs) { context.Output(outputLine); } } return outputs; } private void PublishHandlerTelemetry(string realHandler, bool inContainer) { var systemVersion = PlatformUtil.GetSystemVersion(); string expectedHandler = ""; expectedHandler = Data switch { Node24HandlerData => "Node24", Node20_1HandlerData => "Node20", Node16HandlerData => "Node16", Node10HandlerData => "Node10", _ => "Node6", }; Dictionary telemetryData = new Dictionary { { "TaskName", Task.Name }, { "TaskId", Task.Id.ToString() }, { "Version", Task.Version }, { "OS", PlatformUtil.GetSystemId() ?? "" }, { "OSVersion", systemVersion?.Name?.ToString() ?? "" }, { "OSBuild", systemVersion?.Version?.ToString() ?? "" }, { "Architecture", PlatformUtil.HostArchitecture.ToString() }, { "ExpectedExecutionHandler", expectedHandler }, { "RealExecutionHandler", realHandler }, { "FallbackOccurred", fallbackOccurred.ToString() }, { "FallbackReason", fallbackReason ?? "" }, { "IsContainer", inContainer.ToString() }, { "JobId", ExecutionContext.Variables.System_JobId.ToString()}, { "PlanId", ExecutionContext.Variables.Get(Constants.Variables.System.PlanId)}, { "AgentName", ExecutionContext.Variables.Get(Constants.Variables.Agent.Name)}, { "MachineName", ExecutionContext.Variables.Get(Constants.Variables.Agent.MachineName)}, { "IsSelfHosted", ExecutionContext.Variables.Get(Constants.Variables.Agent.IsSelfHosted)}, { "IsAzureVM", ExecutionContext.Variables.Get(Constants.Variables.System.IsAzureVM)}, { "IsDockerContainer", ExecutionContext.Variables.Get(Constants.Variables.System.IsDockerContainer)} }; ExecutionContext.PublishTaskRunnerTelemetry(telemetryData); } } } ================================================ FILE: src/Agent.Worker/Handlers/PowerShell3Handler.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Diagnostics; using System.IO; using System.Runtime.Versioning; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { [ServiceLocator(Default = typeof(PowerShell3Handler))] [SupportedOSPlatform("windows")] public interface IPowerShell3Handler : IHandler { PowerShell3HandlerData Data { get; set; } } [SupportedOSPlatform("windows")] public sealed class PowerShell3Handler : Handler, IPowerShell3Handler { public PowerShell3HandlerData Data { get; set; } public async Task RunAsync() { // Validate args. Trace.Entering(); ArgUtil.NotNull(Data, nameof(Data)); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); ArgUtil.NotNull(Inputs, nameof(Inputs)); ArgUtil.Directory(TaskDirectory, nameof(TaskDirectory)); // Update the env dictionary. AddInputsToEnvironment(); AddEndpointsToEnvironment(); AddSecureFilesToEnvironment(); AddVariablesToEnvironment(); AddTaskVariablesToEnvironment(); AddPrependPathToEnvironment(); RemovePSModulePathFromEnvironment(); if (PsModulePathContainsPowershellCoreLocations()) { ExecutionContext.Error(StringUtil.Loc("PSModulePathLocations")); } // Resolve the target script. ArgUtil.NotNullOrEmpty(Data.Target, nameof(Data.Target)); string scriptFile = Path.Combine(TaskDirectory, Data.Target); ArgUtil.File(scriptFile, nameof(scriptFile)); // Resolve the VSTS Task SDK module definition. string scriptDirectory = Path.GetDirectoryName(scriptFile); string moduleFile = Path.Combine(scriptDirectory, @"ps_modules", "VstsTaskSdk", "VstsTaskSdk.psd1"); ArgUtil.File(moduleFile, nameof(moduleFile)); // Craft the args to pass to PowerShell.exe. string powerShellExeArgs = string.Empty; if (AgentKnobs.UsePSScriptWrapper.GetValue(ExecutionContext).AsBoolean()) { powerShellExeArgs = StringUtil.Format( @"-NoLogo -Sta -NoProfile -ExecutionPolicy Unrestricted -Command ""{3}"" -VstsSdkPath {0} -DebugOption {1} -ScriptBlockString ""{2}""", StepHost.ResolvePathForStepHost(moduleFile).Replace("'", "''"), // nested within a single-quoted string module file name arg #0 ExecutionContext.Variables.System_Debug == true ? "Continue" : "SilentlyContinue", // system debug status variable arg #1 StepHost.ResolvePathForStepHost(scriptFile).Replace("'", "''''"), // nested within a single-quoted string within a single-quoted string arg #2 Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), "powershell", "Start-AzpTask.ps1") // path to wrapper script arg #3 ); // nested within a single-quoted string within a single-quoted string } else { powerShellExeArgs = StringUtil.Format( @"-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "". ([scriptblock]::Create('if ([Console]::InputEncoding -is [Text.UTF8Encoding] -and [Console]::InputEncoding.GetPreamble().Length -ne 0) {{ [Console]::InputEncoding = New-Object Text.UTF8Encoding $false }} if (!$PSHOME) {{ $null = Get-Item -LiteralPath ''variable:PSHOME'' }} else {{ Import-Module -Name ([System.IO.Path]::Combine($PSHOME, ''Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1'')) ; Import-Module -Name ([System.IO.Path]::Combine($PSHOME, ''Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1'')) }}')) 2>&1 | ForEach-Object {{ Write-Verbose $_.Exception.Message -Verbose }} ; Import-Module -Name '{0}' -ArgumentList @{{ NonInteractive = $true }} -ErrorAction Stop ; $VerbosePreference = '{1}' ; $DebugPreference = '{1}' ; Invoke-VstsTaskScript -ScriptBlock ([scriptblock]::Create('. ''{2}'''))""", StepHost.ResolvePathForStepHost(moduleFile).Replace("'", "''"), // nested within a single-quoted string ExecutionContext.Variables.System_Debug == true ? "Continue" : "SilentlyContinue", StepHost.ResolvePathForStepHost(scriptFile).Replace("'", "''''")); // nested within a single-quoted string within a single-quoted string } // Resolve powershell.exe. string powerShellExe = "powershell.exe"; if (StepHost is DefaultStepHost) { powerShellExe = HostContext.GetService().GetPath(); } ArgUtil.NotNullOrEmpty(powerShellExe, nameof(powerShellExe)); // Invoke the process. StepHost.OutputDataReceived += OnDataReceived; StepHost.ErrorDataReceived += OnDataReceived; var sigintTimeout = TimeSpan.FromMilliseconds(AgentKnobs.ProccessSigintTimeout.GetValue(ExecutionContext).AsInt()); var sigtermTimeout = TimeSpan.FromMilliseconds(AgentKnobs.ProccessSigtermTimeout.GetValue(ExecutionContext).AsInt()); var useGracefulShutdown = AgentKnobs.UseGracefulProcessShutdown.GetValue(ExecutionContext).AsBoolean(); // Execute the process. Exit code 0 should always be returned. // A non-zero exit code indicates infrastructural failure. // Task failure should be communicated over STDOUT using ## commands. try { await StepHost.ExecuteAsync(workingDirectory: StepHost.ResolvePathForStepHost(scriptDirectory), fileName: powerShellExe, arguments: powerShellExeArgs, environment: Environment, requireExitCodeZero: true, outputEncoding: null, killProcessOnCancel: false, inheritConsoleHandler: !ExecutionContext.Variables.Retain_Default_Encoding, continueAfterCancelProcessTreeKillAttempt: _continueAfterCancelProcessTreeKillAttempt, sigintTimeout: sigintTimeout, sigtermTimeout: sigtermTimeout, useGracefulShutdown: useGracefulShutdown, cancellationToken: ExecutionContext.CancellationToken); } finally { StepHost.OutputDataReceived -= OnDataReceived; StepHost.ErrorDataReceived -= OnDataReceived; } } private void OnDataReceived(object sender, ProcessDataReceivedEventArgs e) { // This does not need to be inside of a critical section. // The logging queues and command handlers are thread-safe. if (!CommandManager.TryProcessCommand(ExecutionContext, e.Data)) { ExecutionContext.Output(e.Data); } } } } ================================================ FILE: src/Agent.Worker/Handlers/PowerShellExeHandler.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Security.Cryptography; using System.IO; using System.Text; using System.Threading.Tasks; using System.Runtime.Versioning; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { [ServiceLocator(Default = typeof(PowerShellExeHandler))] [SupportedOSPlatform("windows")] public interface IPowerShellExeHandler : IHandler { PowerShellExeHandlerData Data { get; set; } string AccessToken { get; set; } } [SupportedOSPlatform("windows")] public sealed class PowerShellExeHandler : Handler, IPowerShellExeHandler { private const string InlineScriptType = "inlineScript"; private readonly object _outputLock = new object(); private readonly StringBuilder _errorBuffer = new StringBuilder(); private volatile int _errorCount; private bool _failOnStandardError; public PowerShellExeHandlerData Data { get; set; } public string AccessToken { get; set; } public async Task RunAsync() { // Validate args. Trace.Entering(); ArgUtil.NotNull(Data, nameof(Data)); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); ArgUtil.NotNull(Inputs, nameof(Inputs)); ArgUtil.Directory(TaskDirectory, nameof(TaskDirectory)); // Update the env dictionary. AddVariablesToEnvironment(excludeNames: true, excludeSecrets: true); AddPrependPathToEnvironment(); RemovePSModulePathFromEnvironment(); if (PsModulePathContainsPowershellCoreLocations()) { ExecutionContext.Error(StringUtil.Loc("PSModulePathLocations")); } // Add the access token to the environment variables, if the access token is set. if (!string.IsNullOrEmpty(AccessToken)) { string formattedKey = VarUtil.ConvertToEnvVariableFormat(Constants.Variables.System.AccessToken, preserveCase: false); AddEnvironmentVariable(formattedKey, AccessToken); } // Determine whether to fail on STDERR. _failOnStandardError = StringUtil.ConvertToBoolean(Data.FailOnStandardError, true); // Default to true. // Get the script file. string scriptFile = null; try { if (string.Equals(Data.ScriptType, InlineScriptType, StringComparison.OrdinalIgnoreCase)) { // TODO: Write this file under the _work folder and clean it up at the beginning of the next build? // Write the inline script to a temp file. string tempDirectory = Path.GetTempPath(); ArgUtil.Directory(tempDirectory, nameof(tempDirectory)); scriptFile = Path.Combine(tempDirectory, $"{Guid.NewGuid()}.ps1"); Trace.Info(StringUtil.Format("Writing inline script to temp file: '{0}'", scriptFile)); File.WriteAllText(scriptFile, Data.InlineScript ?? string.Empty, Encoding.UTF8); } else { // TODO: If not rooted, WHICH the file if it doesn't contain any slashes. // Assert the target file. ArgUtil.NotNullOrEmpty(Data.Target, nameof(Data.Target)); scriptFile = Data.Target; } // Define the nested expression to invoke the user-specified script file and arguments. // Use the dot operator (".") to run the script in the same scope. string nestedExpression = StringUtil.Format( ". '{0}' {1}", scriptFile.Trim('"').Replace("'", "''"), Data.ArgumentFormat); // Craft the args to pass to PowerShell.exe. The user-defined expression is jammed in // as an encrypted base 64 string to a wrapper command. This solves a couple problems: // 1) Avoids quoting issues by jamming all of the user input into a base-64 encoded. // 2) Handles setting the exit code. // // The goal here is to jam everything into a base 64 encoded string so that quoting // issues can be avoided. The data needs to be encrypted because base 64 encoding the // data circumvents the logger's secret-masking behavior. string entropy; string powerShellExeArgs = StringUtil.Format( "-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command \"try {{ $null = [System.Security.Cryptography.ProtectedData] }} catch {{ Write-Verbose 'Adding assemly: System.Security' ; Add-Type -AssemblyName 'System.Security' ; $null = [System.Security.Cryptography.ProtectedData] ; $Error.Clear() }} ; Invoke-Expression -Command ([System.Text.Encoding]::UTF8.GetString([System.Security.Cryptography.ProtectedData]::Unprotect([System.Convert]::FromBase64String('{0}'), [System.Convert]::FromBase64String('{1}'), [System.Security.Cryptography.DataProtectionScope]::CurrentUser))) ; if (!(Test-Path -LiteralPath variable:\\LastExitCode)) {{ Write-Verbose 'Last exit code is not set.' }} else {{ Write-Verbose ('$LastExitCode: {{0}}' -f $LastExitCode) ; exit $LastExitCode }}\"", Encrypt(nestedExpression, out entropy), entropy); // Resolve powershell.exe. string powerShellExe = HostContext.GetService().GetPath(); ArgUtil.NotNullOrEmpty(powerShellExe, nameof(powerShellExe)); // Determine whether the script file is rooted. // TODO: If script file begins and ends with a double-quote, trim quotes before making determination. Likewise when determining whether the file exists. bool isScriptFileRooted = false; try { // Path.IsPathRooted throws if illegal characters are in the path. isScriptFileRooted = Path.IsPathRooted(scriptFile); } catch (Exception ex) { Trace.Info($"Unable to determine whether the script file is rooted: {ex.Message}"); Trace.Info(ex.ToString()); } Trace.Info($"Script file is rooted: {isScriptFileRooted}"); // Determine the working directory. string workingDirectory; if (!string.IsNullOrEmpty(Data.WorkingDirectory)) { workingDirectory = Data.WorkingDirectory; } else { if (isScriptFileRooted && File.Exists(scriptFile)) { workingDirectory = Path.GetDirectoryName(scriptFile); } else { workingDirectory = Path.Combine(TaskDirectory, "DefaultTaskWorkingDirectory"); } } ExecutionContext.Debug($"Working directory: '{workingDirectory}'"); Directory.CreateDirectory(workingDirectory); // Invoke the process. ExecutionContext.Debug($"{powerShellExe} {powerShellExeArgs}"); ExecutionContext.Command(nestedExpression); using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += OnOutputDataReceived; processInvoker.ErrorDataReceived += OnErrorDataReceived; int exitCode = await processInvoker.ExecuteAsync(workingDirectory: workingDirectory, fileName: powerShellExe, arguments: powerShellExeArgs, environment: Environment, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, redirectStandardIn: null, inheritConsoleHandler: !ExecutionContext.Variables.Retain_Default_Encoding, continueAfterCancelProcessTreeKillAttempt: _continueAfterCancelProcessTreeKillAttempt, cancellationToken: ExecutionContext.CancellationToken); FlushErrorData(); // Fail on error count. if (_failOnStandardError && _errorCount > 0) { if (ExecutionContext.Result != null) { Trace.Info($"Task result already set. Not failing due to error count ({_errorCount})."); } else { throw new InvalidOperationException(StringUtil.Loc("ProcessCompletedWithCode0Errors1", exitCode, _errorCount)); } } // Fail on non-zero exit code. if (exitCode != 0) { throw new InvalidOperationException(StringUtil.Loc("ProcessCompletedWithExitCode0", exitCode)); } } } finally { try { if (string.Equals(Data.ScriptType, InlineScriptType, StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(scriptFile) && File.Exists(scriptFile)) { File.Delete(scriptFile); } } catch (Exception ex) { ExecutionContext.Warning(StringUtil.Loc("FailedToDeleteTempScript", scriptFile, ex.Message)); Trace.Error(ex); } } } private static String Encrypt(String str, out String entropy) { byte[] entropyBytes = new byte[16]; using (var randomNumberGenerator = RandomNumberGenerator.Create()) { randomNumberGenerator.GetBytes(entropyBytes); } entropy = Convert.ToBase64String(entropyBytes); byte[] protectedBytes = ProtectedData.Protect( userData: Encoding.UTF8.GetBytes(str), optionalEntropy: entropyBytes, scope: DataProtectionScope.CurrentUser); return Convert.ToBase64String(protectedBytes); } private void FlushErrorData() { if (_errorBuffer.Length > 0) { ExecutionContext.Error(_errorBuffer.ToString()); _errorCount++; _errorBuffer.Clear(); } } private void OnErrorDataReceived(object sender, ProcessDataReceivedEventArgs e) { lock (_outputLock) { if (_failOnStandardError) { if (!string.IsNullOrEmpty(e.Data)) { _errorBuffer.AppendLine(e.Data); } } else { ExecutionContext.Output(e.Data); } } } private void OnOutputDataReceived(object sender, ProcessDataReceivedEventArgs e) { lock (_outputLock) { FlushErrorData(); if (!CommandManager.TryProcessCommand(ExecutionContext, e.Data)) { ExecutionContext.Output(e.Data); } } } } } ================================================ FILE: src/Agent.Worker/Handlers/ProcessHandler/CmdArgsSanitizer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.Linq; using System.Text.RegularExpressions; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { public static class CmdArgsSanitizer { private const string _removedSymbolSign = "_#removed#_"; private const string _argsSplitSymbols = "^^"; private static readonly Regex _sanitizeRegExp = new("(?(); for (int i = 0; i < argsChunks.Length; i++) { var matches = _sanitizeRegExp.Matches(argsChunks[i]); if (matches.Count > 0) { matchesChunks.Add(matches); argsChunks[i] = _sanitizeRegExp.Replace(argsChunks[i], _removedSymbolSign); } } var resultArgs = string.Join(_argsSplitSymbols, argsChunks); CmdArgsSanitizingTelemetry telemetry = null; if (resultArgs != inputArgs) { var symbolsCount = matchesChunks .Select(chunk => chunk.Count) .Aggregate(0, (acc, mc) => acc + mc); telemetry = new CmdArgsSanitizingTelemetry ( RemovedSymbols: CmdArgsSanitizingTelemetry.ToSymbolsDictionary(matchesChunks), RemovedSymbolsCount: symbolsCount ); } return (resultArgs, telemetry); } } public record CmdArgsSanitizingTelemetry ( Dictionary RemovedSymbols, int RemovedSymbolsCount ) { public static Dictionary ToSymbolsDictionary(List matches) { ArgUtil.NotNull(matches, nameof(matches)); var symbolsDict = new Dictionary(); foreach (var mc in matches) { foreach (var m in mc.Cast()) { var symbol = m.Value; if (symbolsDict.TryGetValue(symbol, out _)) { symbolsDict[symbol] += 1; } else { symbolsDict[symbol] = 1; } } } return symbolsDict; } public Dictionary ToDictionary() { return new() { ["removedSymbols"] = RemovedSymbols, ["removedSymbolsCount"] = RemovedSymbolsCount, }; } } } ================================================ FILE: src/Agent.Worker/Handlers/ProcessHandler/Exceptions.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { public class InvalidScriptArgsException : Exception { public InvalidScriptArgsException(string message) : base(message) { } } } ================================================ FILE: src/Agent.Worker/Handlers/ProcessHandler/ProcessHandler.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.IO; using System.Text; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { [ServiceLocator(Default = typeof(ProcessHandler))] public interface IProcessHandler : IHandler { ProcessHandlerData Data { get; set; } } public sealed class ProcessHandler : Handler, IProcessHandler { private const string OutputDelimiter = "##ENV_DELIMITER_d8c0672b##"; private readonly object _outputLock = new object(); private readonly StringBuilder _errorBuffer = new StringBuilder(); private volatile int _errorCount; private bool _foundDelimiter; private bool _modifyEnvironment; private string _generatedScriptPath; public ProcessHandlerData Data { get; set; } public async Task RunAsync() { // Validate args. Trace.Entering(); ArgUtil.NotNull(Data, nameof(Data)); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); ArgUtil.NotNull(Inputs, nameof(Inputs)); ArgUtil.NotNull(TaskDirectory, nameof(TaskDirectory)); // Update the env dictionary. AddVariablesToEnvironment(excludeNames: true, excludeSecrets: true); AddPrependPathToEnvironment(); // Get the command. ArgUtil.NotNullOrEmpty(Data.Target, nameof(Data.Target)); // TODO: WHICH the command? string command = Data.Target; // Determine whether the command is rooted. // TODO: If command begins and ends with a double-quote, trim quotes before making determination. Likewise when determining whether the file exists. bool isCommandRooted = false; try { // Path.IsPathRooted throws if illegal characters are in the path. isCommandRooted = Path.IsPathRooted(command); } catch (Exception ex) { Trace.Info($"Unable to determine whether the command is rooted: {ex.Message}"); Trace.Info(ex.ToString()); } Trace.Info($"Command is rooted: {isCommandRooted}"); bool disableInlineExecution = StringUtil.ConvertToBoolean(Data.DisableInlineExecution); ExecutionContext.Debug($"Disable inline execution: '{disableInlineExecution}'"); if (disableInlineExecution && !File.Exists(command)) { throw new FileNotFoundException(StringUtil.Loc("FileNotFound", command)); } // Determine the working directory. string workingDirectory; if (!string.IsNullOrEmpty(Data.WorkingDirectory)) { workingDirectory = Data.WorkingDirectory; } else { if (isCommandRooted && File.Exists(command)) { workingDirectory = Path.GetDirectoryName(command); } else { workingDirectory = Path.Combine(TaskDirectory, "DefaultTaskWorkingDirectory"); } } ExecutionContext.Debug($"Working directory: '{workingDirectory}'"); Directory.CreateDirectory(workingDirectory); // Wrap the command in quotes if required. // // This is guess-work but is probably mostly accurate. The problem is that the command text // box is separate from the args text box. This implies to the user that we take care of quoting // for the command. // // The approach taken here is only to quote if it needs quotes. We should stay out of the way // as much as possible. Built-in shell commands will not work if they are quoted, e.g. RMDIR. if (command.Contains(" ") || command.Contains("%")) { if (!command.Contains("\"")) { command = StringUtil.Format("\"{0}\"", command); } } // Get the arguments. string arguments = Data.ArgumentFormat ?? string.Empty; // Get the fail on standard error flag. bool failOnStandardError = true; string failOnStandardErrorString; if (Inputs.TryGetValue("failOnStandardError", out failOnStandardErrorString)) { failOnStandardError = StringUtil.ConvertToBoolean(failOnStandardErrorString); } ExecutionContext.Debug($"Fail on standard error: '{failOnStandardError}'"); // Get the modify environment flag. _modifyEnvironment = StringUtil.ConvertToBoolean(Data.ModifyEnvironment); ExecutionContext.Debug($"Modify environment: '{_modifyEnvironment}'"); // Resolve cmd.exe. string cmdExe = System.Environment.GetEnvironmentVariable("ComSpec"); if (string.IsNullOrEmpty(cmdExe)) { cmdExe = "cmd.exe"; } bool enableSecureArguments = AgentKnobs.ProcessHandlerSecureArguments.GetValue(ExecutionContext).AsBoolean(); ExecutionContext.Debug($"Enable secure arguments: '{enableSecureArguments}'"); bool enableNewPHLogic = AgentKnobs.ProcessHandlerEnableNewLogic.GetValue(ExecutionContext).AsBoolean(); ExecutionContext.Debug($"Enable new PH sanitizing logic: '{enableNewPHLogic}'"); bool enableFileArgs = disableInlineExecution && enableSecureArguments && !enableNewPHLogic; if (enableFileArgs) { bool enableSecureArgumentsAudit = AgentKnobs.ProcessHandlerSecureArgumentsAudit.GetValue(ExecutionContext).AsBoolean(); ExecutionContext.Debug($"Enable secure arguments audit: '{enableSecureArgumentsAudit}'"); bool enableTelemetry = AgentKnobs.ProcessHandlerTelemetry.GetValue(ExecutionContext).AsBoolean(); ExecutionContext.Debug($"Enable telemetry: '{enableTelemetry}'"); if ((disableInlineExecution && (enableSecureArgumentsAudit || enableSecureArguments)) || enableTelemetry) { var (processedArgs, telemetry) = ProcessHandlerHelper.ExpandCmdEnv(arguments, Environment); if (disableInlineExecution && enableSecureArgumentsAudit) { ExecutionContext.Warning($"The following arguments will be executed: '{processedArgs}'"); } if (enableFileArgs) { GenerateScriptFile(cmdExe, command, processedArgs); } if (enableTelemetry) { ExecutionContext.Debug($"Agent PH telemetry: {JsonConvert.SerializeObject(telemetry.ToDictionary(), Formatting.None)}"); PublishTelemetry(telemetry.ToDictionary(), "ProcessHandler"); } } } else if (enableNewPHLogic) { bool shouldThrow = false; try { var (isValid, telemetry) = ProcessHandlerHelper.ValidateInputArguments(arguments, Environment, ExecutionContext); // If args are not valid - we'll throw exception. shouldThrow = !isValid; if (telemetry != null) { PublishTelemetry(telemetry, "ProcessHandler"); } } catch (Exception ex) { Trace.Error($"Failed to validate process handler input arguments. Publishing telemetry. Ex: {ex}"); var telemetry = new Dictionary { ["UnexpectedError"] = ex.Message, ["ErrorStackTrace"] = ex.StackTrace }; PublishTelemetry(telemetry, "ProcessHandler"); shouldThrow = false; } if (shouldThrow) { throw new InvalidScriptArgsException(StringUtil.Loc("ProcessHandlerInvalidScriptArgs")); } } string cmdExeArgs = PrepareCmdExeArgs(command, arguments, enableFileArgs); // Invoke the process. ExecutionContext.Debug($"{cmdExe} {cmdExeArgs}"); ExecutionContext.Command($"{cmdExeArgs}"); var sigintTimeout = TimeSpan.FromMilliseconds(AgentKnobs.ProccessSigintTimeout.GetValue(ExecutionContext).AsInt()); var sigtermTimeout = TimeSpan.FromMilliseconds(AgentKnobs.ProccessSigtermTimeout.GetValue(ExecutionContext).AsInt()); var useGracefulShutdown = AgentKnobs.UseGracefulProcessShutdown.GetValue(ExecutionContext).AsBoolean(); using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += OnOutputDataReceived; if (failOnStandardError) { processInvoker.ErrorDataReceived += OnErrorDataReceived; } else { processInvoker.ErrorDataReceived += OnOutputDataReceived; } processInvoker.SigintTimeout = sigintTimeout; processInvoker.SigtermTimeout = sigtermTimeout; processInvoker.TryUseGracefulShutdown = useGracefulShutdown; int exitCode = await processInvoker.ExecuteAsync(workingDirectory: workingDirectory, fileName: cmdExe, arguments: cmdExeArgs, environment: Environment, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, redirectStandardIn: null, inheritConsoleHandler: !ExecutionContext.Variables.Retain_Default_Encoding, continueAfterCancelProcessTreeKillAttempt: _continueAfterCancelProcessTreeKillAttempt, cancellationToken: ExecutionContext.CancellationToken); FlushErrorData(); // Fail on error count. if (_errorCount > 0) { if (ExecutionContext.Result != null) { Trace.Info($"Task result already set. Not failing due to error count ({_errorCount})."); } else { throw new Exception(StringUtil.Loc("ProcessCompletedWithCode0Errors1", exitCode, _errorCount)); } } // Fail on non-zero exit code. if (exitCode != 0) { throw new Exception(StringUtil.Loc("ProcessCompletedWithExitCode0", exitCode)); } } } private string PrepareCmdExeArgs(string command, string arguments, bool enableFileArgs) { string cmdExeArgs; if (enableFileArgs) { cmdExeArgs = $"/c \"{_generatedScriptPath}\""; } else { // Format the input to be invoked from cmd.exe to enable built-in shell commands. For example, RMDIR. cmdExeArgs = $"/c \"{command} {arguments}"; cmdExeArgs += _modifyEnvironment ? $" && echo {OutputDelimiter} && set \"" : "\""; } return cmdExeArgs; } private void GenerateScriptFile(string cmdExe, string command, string arguments) { var scriptId = Guid.NewGuid().ToString(); string inputArgsEnvVarName = VarUtil.ConvertToEnvVariableFormat("AGENT_PH_ARGS_" + scriptId[..8], preserveCase: false); System.Environment.SetEnvironmentVariable(inputArgsEnvVarName, arguments); var agentTemp = ExecutionContext.GetVariableValueOrDefault(Constants.Variables.Agent.TempDirectory); _generatedScriptPath = Path.Combine(agentTemp, $"processHandlerScript_{scriptId}.cmd"); var scriptArgs = $"/v:ON /c \"{command} !{inputArgsEnvVarName}!"; scriptArgs += _modifyEnvironment ? $" && echo {OutputDelimiter} && set \"" : "\""; using (var writer = new StreamWriter(_generatedScriptPath)) { writer.WriteLine($"{cmdExe} {scriptArgs}"); } ExecutionContext.Debug($"Generated script file: {_generatedScriptPath}"); } private void FlushErrorData() { if (_errorBuffer.Length > 0) { ExecutionContext.Error(_errorBuffer.ToString()); _errorCount++; _errorBuffer.Clear(); } } private void OnErrorDataReceived(object sender, ProcessDataReceivedEventArgs e) { lock (_outputLock) { if (!string.IsNullOrEmpty(e.Data)) { _errorBuffer.AppendLine(e.Data); } } } private void OnOutputDataReceived(object sender, ProcessDataReceivedEventArgs e) { lock (_outputLock) { FlushErrorData(); string line = e.Data ?? string.Empty; if (_modifyEnvironment) { if (_foundDelimiter) { // The line is output from the SET command. Update the environment. int index = line.IndexOf('='); if (index > 0) { string key = line.Substring(0, index); string value = line.Substring(index + 1); // Omit special environment variables: // "TF_BUILD" is set by ProcessInvoker. // "agent.jobstatus" is set by ???. if (string.Equals(key, Constants.TFBuild, StringComparison.Ordinal) || string.Equals(key, Constants.Variables.Agent.JobStatus, StringComparison.Ordinal)) { return; } ExecutionContext.Debug($"Setting env '{key}' = '{value}'"); System.Environment.SetEnvironmentVariable(key, value); } return; } // if (_foundDelimiter) // Use StartsWith() instead of Equals() to allow for trailing spaces from the ECHO command. if (line.StartsWith(OutputDelimiter, StringComparison.Ordinal)) { // The line is the output delimiter. // Set the flag and clear the environment variable dictionary. _foundDelimiter = true; return; } } // if (_modifyEnvironment) // The line is output from the process that was invoked. if (!CommandManager.TryProcessCommand(ExecutionContext, line)) { ExecutionContext.Output(line); } } } } } ================================================ FILE: src/Agent.Worker/Handlers/ProcessHandler/ProcessHandlerHelper.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { public static class ProcessHandlerHelper { private const char _escapingSymbol = '^'; private const string _envPrefix = "%"; private const string _envPostfix = "%"; public static (string, CmdTelemetry) ExpandCmdEnv(string inputArgs, Dictionary environment) { ArgUtil.NotNull(inputArgs, nameof(inputArgs)); ArgUtil.NotNull(environment, nameof(environment)); string result = inputArgs; int startIndex = 0; var telemetry = new CmdTelemetry(); while (true) { int prefixIndex = result.IndexOf(_envPrefix, startIndex); if (prefixIndex < 0) { break; } telemetry.FoundPrefixes++; if (prefixIndex > 0 && result[prefixIndex - 1] == _escapingSymbol) { telemetry.EscapingSymbolBeforeVar++; } int envStartIndex = prefixIndex + _envPrefix.Length; int envEndIndex = FindEnclosingIndex(result, prefixIndex); if (envEndIndex == 0) { telemetry.NotClosedEnvSyntaxPosition = prefixIndex; break; } string envName = result[envStartIndex..envEndIndex]; if (envName.StartsWith(_escapingSymbol)) { telemetry.VariablesStartsFromES++; } var head = result[..prefixIndex]; if (envName.Contains(_escapingSymbol, StringComparison.Ordinal)) { telemetry.VariablesWithESInside++; } // Since Windows have case-insensetive environment, and Process handler is windows-specific, we should allign this behavior. var windowsEnvironment = new Dictionary(environment, StringComparer.OrdinalIgnoreCase); // In case we don't have such variable, we just leave it as is if (!windowsEnvironment.TryGetValue(envName, out string envValue) || string.IsNullOrEmpty(envValue)) { telemetry.NotExistingEnv++; startIndex = prefixIndex + 1; continue; } var tail = result[(envEndIndex + _envPostfix.Length)..]; result = head + envValue + tail; startIndex = prefixIndex + envValue.Length; telemetry.VariablesExpanded++; continue; } return (result, telemetry); } private static int FindEnclosingIndex(string input, int targetIndex) { for (int i = 0; i < input.Length; i++) { if (input[i] == '%' && i > targetIndex) { return i; } } return 0; } public static (bool, Dictionary) ValidateInputArguments( string inputArgs, Dictionary environment, IExecutionContext context) { var enableValidation = AgentKnobs.ProcessHandlerSecureArguments.GetValue(context).AsBoolean(); context.Debug($"Enable args validation: '{enableValidation}'"); var enableAudit = AgentKnobs.ProcessHandlerSecureArgumentsAudit.GetValue(context).AsBoolean(); context.Debug($"Enable args validation audit: '{enableAudit}'"); var enableTelemetry = AgentKnobs.ProcessHandlerTelemetry.GetValue(context).AsBoolean(); context.Debug($"Enable telemetry: '{enableTelemetry}'"); if (enableValidation || enableAudit || enableTelemetry) { context.Debug("Starting args env expansion"); var (expandedArgs, envExpandTelemetry) = ExpandCmdEnv(inputArgs, environment); context.Debug($"Expanded args={expandedArgs}"); context.Debug("Starting args sanitization"); var (sanitizedArgs, sanitizeTelemetry) = CmdArgsSanitizer.SanitizeArguments(expandedArgs); Dictionary telemetry = null; if (sanitizedArgs != inputArgs) { if (enableTelemetry) { telemetry = envExpandTelemetry.ToDictionary(); if (sanitizeTelemetry != null) { telemetry.AddRange(sanitizeTelemetry.ToDictionary()); } } if (sanitizedArgs != expandedArgs) { if (enableAudit && !enableValidation) { var issue = new Issue { Type = IssueType.Warning, Message = StringUtil.Loc("ProcessHandlerInvalidScriptArgs"), }; issue.Data.Add("auditAction", "1"); // ShellTasksValidation = 1 context.AddIssue(issue); } if (enableValidation) { return (false, telemetry); } return (true, telemetry); } } return (true, null); } else { context.Debug("Args sanitization skipped."); return (true, null); } } public static (bool, Dictionary) ValidateInputArgumentsV2( IExecutionContext context, string inputArgs, Dictionary environment, bool canIncludeTelemetry) { context.Debug("Starting args env expansion"); var (expandedArgs, envExpandTelemetry) = ExpandCmdEnv(inputArgs, environment); context.Debug($"Expanded args={expandedArgs}"); context.Debug("Starting args sanitization"); var (sanitizedArgs, sanitizationTelemetry) = CmdArgsSanitizer.SanitizeArguments(expandedArgs); if (sanitizedArgs != inputArgs) { Dictionary telemetry = null; if (canIncludeTelemetry) { telemetry = envExpandTelemetry.ToDictionary(); if (sanitizationTelemetry != null) { telemetry.AddRange(sanitizationTelemetry.ToDictionary()); } } if (sanitizedArgs != expandedArgs) { return (false, telemetry); } } return (true, null); } } public class CmdTelemetry { public int FoundPrefixes { get; set; } = 0; public int VariablesExpanded { get; set; } = 0; public int EscapingSymbolBeforeVar { get; set; } = 0; public int VariablesStartsFromES { get; set; } = 0; public int VariablesWithESInside { get; set; } = 0; public int QuotesNotEnclosed { get; set; } = 0; public int NotClosedEnvSyntaxPosition { get; set; } = 0; public int NotExistingEnv { get; set; } = 0; public Dictionary ToDictionary() { return new Dictionary { ["foundPrefixes"] = FoundPrefixes, ["variablesExpanded"] = VariablesExpanded, ["escapedVariables"] = EscapingSymbolBeforeVar, ["variablesStartsFromES"] = VariablesStartsFromES, ["bariablesWithESInside"] = VariablesWithESInside, ["quotesNotEnclosed"] = QuotesNotEnclosed, ["notClosedBraceSyntaxPosition"] = NotClosedEnvSyntaxPosition, ["notExistingEnv"] = NotExistingEnv }; } }; } ================================================ FILE: src/Agent.Worker/Handlers/ProcessHandler/ProcessHandlerV2.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.IO; using System.Text; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { [ServiceLocator(Default = typeof(ProcessHandlerV2))] public interface IProcessHandlerV2 : IProcessHandler { } public sealed class ProcessHandlerV2 : Handler, IProcessHandlerV2 { private const string OutputDelimiter = "##ENV_DELIMITER_d8c0672b##"; private readonly object _outputLock = new object(); private readonly StringBuilder _errorBuffer = new StringBuilder(); private volatile int _errorCount; private bool _foundDelimiter; private bool _modifyEnvironment; public ProcessHandlerData Data { get; set; } public async Task RunAsync() { // Validate args. Trace.Entering(); ArgUtil.NotNull(Data, nameof(Data)); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); ArgUtil.NotNull(Inputs, nameof(Inputs)); ArgUtil.NotNull(TaskDirectory, nameof(TaskDirectory)); // Update the env dictionary. AddVariablesToEnvironment(excludeNames: true, excludeSecrets: true); AddPrependPathToEnvironment(); // Get the command. ArgUtil.NotNullOrEmpty(Data.Target, nameof(Data.Target)); // TODO: WHICH the command? string command = Data.Target; // Determine whether the command is rooted. // TODO: If command begins and ends with a double-quote, trim quotes before making determination. Likewise when determining whether the file exists. bool isCommandRooted = false; try { // Path.IsPathRooted throws if illegal characters are in the path. isCommandRooted = Path.IsPathRooted(command); } catch (Exception ex) { Trace.Info($"Unable to determine whether the command is rooted: {ex.Message}"); Trace.Info(ex.ToString()); } Trace.Info($"Command is rooted: {isCommandRooted}"); bool disableInlineExecution = StringUtil.ConvertToBoolean(Data.DisableInlineExecution); ExecutionContext.Debug($"Disable inline execution: '{disableInlineExecution}'"); if (disableInlineExecution && !File.Exists(command)) { throw new FileNotFoundException(StringUtil.Loc("FileNotFound", command)); } // Determine the working directory. string workingDirectory; if (!string.IsNullOrEmpty(Data.WorkingDirectory)) { workingDirectory = Data.WorkingDirectory; } else { if (isCommandRooted && File.Exists(command)) { workingDirectory = Path.GetDirectoryName(command); } else { workingDirectory = Path.Combine(TaskDirectory, "DefaultTaskWorkingDirectory"); } } ExecutionContext.Debug($"Working directory: '{workingDirectory}'"); Directory.CreateDirectory(workingDirectory); // Wrap the command in quotes if required. // // This is guess-work but is probably mostly accurate. The problem is that the command text // box is separate from the args text box. This implies to the user that we take care of quoting // for the command. // // The approach taken here is only to quote if it needs quotes. We should stay out of the way // as much as possible. Built-in shell commands will not work if they are quoted, e.g. RMDIR. if (command.Contains(" ") || command.Contains("%")) { if (!command.Contains("\"")) { command = StringUtil.Format("\"{0}\"", command); } } // Get the arguments. string arguments = Data.ArgumentFormat ?? string.Empty; // Get the fail on standard error flag. bool failOnStandardError = true; string failOnStandardErrorString; if (Inputs.TryGetValue("failOnStandardError", out failOnStandardErrorString)) { failOnStandardError = StringUtil.ConvertToBoolean(failOnStandardErrorString); } ExecutionContext.Debug($"Fail on standard error: '{failOnStandardError}'"); // Get the modify environment flag. _modifyEnvironment = StringUtil.ConvertToBoolean(Data.ModifyEnvironment); ExecutionContext.Debug($"Modify environment: '{_modifyEnvironment}'"); // Resolve cmd.exe. string cmdExe = System.Environment.GetEnvironmentVariable("ComSpec"); if (string.IsNullOrEmpty(cmdExe)) { cmdExe = "cmd.exe"; } string cmdExeArgs = GetCmdExeArgs(cmdExe, command, arguments, disableInlineExecution); var sigintTimeout = TimeSpan.FromMilliseconds(AgentKnobs.ProccessSigintTimeout.GetValue(ExecutionContext).AsInt()); var sigtermTimeout = TimeSpan.FromMilliseconds(AgentKnobs.ProccessSigtermTimeout.GetValue(ExecutionContext).AsInt()); var useGracefulShutdown = AgentKnobs.UseGracefulProcessShutdown.GetValue(ExecutionContext).AsBoolean(); // Invoke the process. ExecutionContext.Debug($"{cmdExe} {cmdExeArgs}"); ExecutionContext.Command($"{cmdExeArgs}"); using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += OnOutputDataReceived; if (failOnStandardError) { processInvoker.ErrorDataReceived += OnErrorDataReceived; } else { processInvoker.ErrorDataReceived += OnOutputDataReceived; } processInvoker.SigintTimeout = sigintTimeout; processInvoker.SigtermTimeout = sigtermTimeout; processInvoker.TryUseGracefulShutdown = useGracefulShutdown; int exitCode = await processInvoker.ExecuteAsync(workingDirectory: workingDirectory, fileName: cmdExe, arguments: cmdExeArgs, environment: Environment, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, redirectStandardIn: null, inheritConsoleHandler: !ExecutionContext.Variables.Retain_Default_Encoding, continueAfterCancelProcessTreeKillAttempt: _continueAfterCancelProcessTreeKillAttempt, cancellationToken: ExecutionContext.CancellationToken); FlushErrorData(); // Fail on error count. if (_errorCount > 0) { if (ExecutionContext.Result != null) { Trace.Info($"Task result already set. Not failing due to error count ({_errorCount})."); } else { throw new Exception(StringUtil.Loc("ProcessCompletedWithCode0Errors1", exitCode, _errorCount)); } } // Fail on non-zero exit code. if (exitCode != 0) { throw new Exception(StringUtil.Loc("ProcessCompletedWithExitCode0", exitCode)); } } } private enum ArgsProcessingMode { Basic, File, Validation } private string GetCmdExeArgs( string cmdExe, string command, string arguments, bool disableInlineExecution) { bool enableSecureArguments = AgentKnobs.ProcessHandlerSecureArguments.GetValue(ExecutionContext).AsBoolean(); ExecutionContext.Debug($"Enable secure arguments: '{enableSecureArguments}'"); bool enableSecureArgumentsAudit = AgentKnobs.ProcessHandlerSecureArgumentsAudit.GetValue(ExecutionContext).AsBoolean(); ExecutionContext.Debug($"Enable secure arguments audit: '{enableSecureArgumentsAudit}'"); bool enableTelemetry = AgentKnobs.ProcessHandlerTelemetry.GetValue(ExecutionContext).AsBoolean(); ExecutionContext.Debug($"Enable telemetry: '{enableTelemetry}'"); var argsMode = DetermineArgsProcessingMode( disableInlineExecution: disableInlineExecution, enableSecureArguments: enableSecureArguments, enableSecureArgumentsAudit: enableSecureArgumentsAudit, enableTelemetry: enableTelemetry); ExecutionContext.Debug($"Args processing mode: '{argsMode}'"); switch (argsMode) { case ArgsProcessingMode.File: return ProcessArgsAsScriptFile( cmdExe: cmdExe, command: command, arguments: arguments, enableSecureArguments: enableSecureArguments, enableSecureArgumentsAudit: enableSecureArgumentsAudit, enableTelemetry: enableTelemetry); case ArgsProcessingMode.Validation: ValidateScriptArgs( arguments: arguments, enableSecureArguments: enableSecureArguments, enableSecureArgumentsAudit: enableSecureArgumentsAudit, enableTelemetry: enableTelemetry); return GetBasicCmdExeArgs(command, arguments); case ArgsProcessingMode.Basic: default: return GetBasicCmdExeArgs(command, arguments); } } private string GetBasicCmdExeArgs(string command, string arguments) { // Format the input to be invoked from cmd.exe to enable built-in shell commands. For example, RMDIR. string cmdExeArgs = $"/c \"{command} {arguments}"; cmdExeArgs += _modifyEnvironment ? $" && echo {OutputDelimiter} && set \"" : "\""; return cmdExeArgs; } private ArgsProcessingMode DetermineArgsProcessingMode( bool disableInlineExecution, bool enableSecureArguments, bool enableSecureArgumentsAudit, bool enableTelemetry) { bool shouldProtectArgs = disableInlineExecution && (enableSecureArgumentsAudit || enableSecureArguments || enableTelemetry); if (!shouldProtectArgs) { return ArgsProcessingMode.Basic; } // Knob to determine if we should validate process script args. Makes sence only when ProcessHandlerSecureArguments enabled. bool enableNewPHLogic = AgentKnobs.ProcessHandlerEnableNewLogic.GetValue(ExecutionContext).AsBoolean(); ExecutionContext.Debug($"Enable new PH args protect logic: '{enableNewPHLogic}'"); return enableNewPHLogic ? ArgsProcessingMode.Validation : ArgsProcessingMode.File; } private void ValidateScriptArgs( string arguments, bool enableSecureArguments, bool enableSecureArgumentsAudit, bool enableTelemetry) { bool shouldThrow = false; try { var (isValid, telemetry) = ProcessHandlerHelper.ValidateInputArgumentsV2(ExecutionContext, arguments, Environment, enableTelemetry); if (!isValid) { shouldThrow = enableSecureArguments; if (!shouldThrow && enableSecureArgumentsAudit) { var issue = new Issue { Type = IssueType.Warning, Message = StringUtil.Loc("ProcessHandlerInvalidScriptArgs"), }; issue.Data.Add("auditAction", "1"); // ShellTasksValidation = 1 ExecutionContext.AddIssue(issue); } } if (enableTelemetry && telemetry != null) { PublishTelemetry(telemetry, "ProcessHandler"); } } catch (Exception ex) { Trace.Error($"Failed to validate process handler input arguments. Publishing telemetry. Ex: {ex}"); var telemetry = new Dictionary { ["UnexpectedError"] = ex.Message, ["ErrorStackTrace"] = ex.StackTrace }; PublishTelemetry(telemetry, "ProcessHandler"); shouldThrow = false; } if (shouldThrow) { throw new InvalidScriptArgsException(StringUtil.Loc("ProcessHandlerInvalidScriptArgs")); } } private string ProcessArgsAsScriptFile( string cmdExe, string command, string arguments, bool enableSecureArguments, bool enableSecureArgumentsAudit, bool enableTelemetry) { var (processedArgs, telemetry) = ProcessHandlerHelper.ExpandCmdEnv(arguments, Environment); if (enableSecureArgumentsAudit) { ExecutionContext.Warning($"The following arguments will be executed: '{processedArgs}'"); } if (enableTelemetry) { ExecutionContext.Debug($"Agent PH telemetry: {JsonConvert.SerializeObject(telemetry.ToDictionary(), Formatting.None)}"); PublishTelemetry(telemetry.ToDictionary(), "ProcessHandler"); } if (enableSecureArguments) { string argsScript = CreateArgsScriptFile(cmdExe, command, processedArgs, _modifyEnvironment); return $"/c \"{argsScript}\""; } ExecutionContext.Debug("Args file creation skipped. Using basic args."); return GetBasicCmdExeArgs(command, processedArgs); } private string CreateArgsScriptFile( string cmdExe, string command, string arguments, bool modifyEnvironment) { ExecutionContext.Debug("Creating arguments script file."); string scriptId = Guid.NewGuid().ToString(); string inputArgsEnvVarName = VarUtil.ConvertToEnvVariableFormat("AGENT_PH_ARGS_" + scriptId[..8], preserveCase: false); System.Environment.SetEnvironmentVariable(inputArgsEnvVarName, arguments); string agentTemp = HostContext.GetDirectory(WellKnownDirectory.Temp); string createdScriptPath = Path.Combine(agentTemp, $"processHandlerScript_{scriptId}.cmd"); string scriptArgs = $"/v:ON /c \"{command} !{inputArgsEnvVarName}!"; scriptArgs += modifyEnvironment ? $" && echo {OutputDelimiter} && set \"" : "\""; using (var writer = new StreamWriter(createdScriptPath)) { writer.WriteLine($"{cmdExe} {scriptArgs}"); } ExecutionContext.Debug($"Created script file: {createdScriptPath}"); return createdScriptPath; } private void FlushErrorData() { if (_errorBuffer.Length > 0) { ExecutionContext.Error(_errorBuffer.ToString()); _errorCount++; _errorBuffer.Clear(); } } private void OnErrorDataReceived(object sender, ProcessDataReceivedEventArgs e) { lock (_outputLock) { if (!string.IsNullOrEmpty(e.Data)) { _errorBuffer.AppendLine(e.Data); } } } private void OnOutputDataReceived(object sender, ProcessDataReceivedEventArgs e) { lock (_outputLock) { FlushErrorData(); string line = e.Data ?? string.Empty; if (_modifyEnvironment) { if (_foundDelimiter) { // The line is output from the SET command. Update the environment. int index = line.IndexOf('='); if (index > 0) { string key = line.Substring(0, index); string value = line.Substring(index + 1); // Omit special environment variables: // "TF_BUILD" is set by ProcessInvoker. // "agent.jobstatus" is set by ???. if (string.Equals(key, Constants.TFBuild, StringComparison.Ordinal) || string.Equals(key, Constants.Variables.Agent.JobStatus, StringComparison.Ordinal)) { return; } ExecutionContext.Debug($"Setting env '{key}' = '{value}'"); System.Environment.SetEnvironmentVariable(key, value); } return; } // if (_foundDelimiter) // Use StartsWith() instead of Equals() to allow for trailing spaces from the ECHO command. if (line.StartsWith(OutputDelimiter, StringComparison.Ordinal)) { // The line is the output delimiter. // Set the flag and clear the environment variable dictionary. _foundDelimiter = true; return; } } // if (_modifyEnvironment) // The line is output from the process that was invoked. if (!CommandManager.TryProcessCommand(ExecutionContext, line)) { ExecutionContext.Output(line); } } } } } ================================================ FILE: src/Agent.Worker/Handlers/StepHost.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using System; using System.Collections.Generic; using System.IO; using System.Text; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.Framework.Common; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Microsoft.VisualStudio.Services.WebApi; using Newtonsoft.Json; namespace Microsoft.VisualStudio.Services.Agent.Worker.Handlers { public interface IStepHost : IAgentService { event EventHandler OutputDataReceived; event EventHandler ErrorDataReceived; string ResolvePathForStepHost(string path); Task ExecuteAsync(string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, bool inheritConsoleHandler, bool continueAfterCancelProcessTreeKillAttempt, TimeSpan sigintTimeout, TimeSpan sigtermTimeout, bool useGracefulShutdown, CancellationToken cancellationToken); } [ServiceLocator(Default = typeof(ContainerStepHost))] public interface IContainerStepHost : IStepHost { ContainerInfo Container { get; set; } string PrependPath { get; set; } bool EnableDockerExecDiagnostics { get; set; } } [ServiceLocator(Default = typeof(DefaultStepHost))] public interface IDefaultStepHost : IStepHost { } public sealed class DefaultStepHost : AgentService, IDefaultStepHost { public event EventHandler OutputDataReceived; public event EventHandler ErrorDataReceived; public string ResolvePathForStepHost(string path) { return path; } public async Task ExecuteAsync(string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, bool inheritConsoleHandler, bool continueAfterCancelProcessTreeKillAttempt, TimeSpan sigintTimeout, TimeSpan sigtermTimeout, bool useGracefulShutdown, CancellationToken cancellationToken) { using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += OutputDataReceived; processInvoker.ErrorDataReceived += ErrorDataReceived; processInvoker.SigintTimeout = sigintTimeout; processInvoker.SigtermTimeout = sigtermTimeout; processInvoker.TryUseGracefulShutdown = useGracefulShutdown; return await processInvoker.ExecuteAsync(workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: outputEncoding, killProcessOnCancel: killProcessOnCancel, redirectStandardIn: null, inheritConsoleHandler: inheritConsoleHandler, continueAfterCancelProcessTreeKillAttempt: continueAfterCancelProcessTreeKillAttempt, cancellationToken: cancellationToken); } } } public sealed class ContainerStepHost : AgentService, IContainerStepHost { public ContainerInfo Container { get; set; } public string PrependPath { get; set; } public bool EnableDockerExecDiagnostics { get; set; } public event EventHandler OutputDataReceived; public event EventHandler ErrorDataReceived; public string ResolvePathForStepHost(string path) { // make sure container exist. ArgUtil.NotNull(Container, nameof(Container)); ArgUtil.NotNullOrEmpty(Container.ContainerId, nameof(Container.ContainerId)); ArgUtil.NotNull(path, nameof(path)); // remove double quotes around the path path = path.Trim('\"'); // try to resolve path inside container if the request path is part of the mount volume StringComparison sc = (PlatformUtil.RunningOnWindows) ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal; if (Container.MountVolumes.Exists(x => { if (!string.IsNullOrEmpty(x.SourceVolumePath)) { return path.StartsWith(x.SourceVolumePath, sc); } if (!string.IsNullOrEmpty(x.TargetVolumePath)) { return path.StartsWith(x.TargetVolumePath, sc); } return false; // this should not happen, but just in case bad data got into MountVolumes, we do not want to throw an exception here })) { return Container.TranslateContainerPathForImageOS(PlatformUtil.HostOS, Container.TranslateToContainerPath(path)); } else { return path; } } public async Task ExecuteAsync(string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, bool inheritConsoleHandler, bool continueAfterCancelProcessTreeKillAttempt, TimeSpan sigintTimeout, TimeSpan sigtermTimeout, bool useGracefulShutdown, CancellationToken cancellationToken) { // make sure container exist. ArgUtil.NotNull(Container, nameof(Container)); ArgUtil.NotNullOrEmpty(Container.ContainerId, nameof(Container.ContainerId)); var dockerManger = HostContext.GetService(); string containerEnginePath = dockerManger.DockerPath; ContainerStandardInPayload payload = new ContainerStandardInPayload() { ExecutionHandler = fileName, ExecutionHandlerWorkingDirectory = workingDirectory, ExecutionHandlerArguments = arguments, ExecutionHandlerEnvironment = environment, ExecutionHandlerPrependPath = PrependPath }; // copy the intermediate script (containerHandlerInvoker.js) into Agent_TempDirectory // Background: // We rely on environment variables to send task execution information from agent to task execution engine (node/powershell) // Those task execution information will include all the variables and secrets customer has. // The only way to pass environment variables to `docker exec` is through command line arguments, ex: `docker exec -e myenv=myvalue -e mysecert=mysecretvalue ...` // Since command execution may get log into system event log which might cause secret leaking. // We use this intermediate script to read everything from STDIN, then launch the task execution engine (node/powershell) and redirect STDOUT/STDERR string tempDir = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Path.TempDirectory); string targetEntryScript = Path.Combine(tempDir, "containerHandlerInvoker.js"); HostContext.GetTrace(nameof(ContainerStepHost)).Info($"Copying containerHandlerInvoker.js to {tempDir}"); File.Copy(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), "containerHandlerInvoker.js.template"), targetEntryScript, true); string entryScript = Container.TranslateContainerPathForImageOS(PlatformUtil.HostOS, Container.TranslateToContainerPath(targetEntryScript)); string userArgs = ""; string workingDirectoryParam = ""; if (!PlatformUtil.RunningOnWindows) { userArgs = $"-u {Container.CurrentUserId}"; if (Container.CurrentUserName == "root") { workingDirectoryParam = $" -w /root"; } else { workingDirectoryParam = $" -w /home/{Container.CurrentUserName}"; } } string containerExecutionArgs = $"exec -i {userArgs} {workingDirectoryParam} {Container.ContainerId} {Container.ResultNodePath} {entryScript}"; using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += OutputDataReceived; processInvoker.ErrorDataReceived += ErrorDataReceived; outputEncoding = null; // Let .NET choose the default. processInvoker.SigintTimeout = sigintTimeout; processInvoker.SigtermTimeout = sigtermTimeout; processInvoker.TryUseGracefulShutdown = useGracefulShutdown; if (PlatformUtil.RunningOnWindows) { // It appears that node.exe outputs UTF8 when not in TTY mode. outputEncoding = Encoding.UTF8; } using var redirectStandardIn = new InputQueue(); var payloadJson = JsonUtility.ToString(payload); redirectStandardIn.Enqueue(payloadJson); HostContext.GetTrace(nameof(ContainerStepHost)).Info($"Payload: {payloadJson}"); int exitCode = 0; try { exitCode = await processInvoker.ExecuteAsync(workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: containerEnginePath, arguments: containerExecutionArgs, environment: null, requireExitCodeZero: requireExitCodeZero, outputEncoding: outputEncoding, killProcessOnCancel: killProcessOnCancel, redirectStandardIn: redirectStandardIn, inheritConsoleHandler: inheritConsoleHandler, continueAfterCancelProcessTreeKillAttempt: continueAfterCancelProcessTreeKillAttempt, cancellationToken: cancellationToken); } catch (Exception ex) { // Log the exception var trace = HostContext.GetTrace(nameof(ContainerStepHost)); trace.Error($"Docker exec failed: {ex.GetType().Name}: {ex.Message}"); // Check if docker exec diagnostics feature is enabled // Value is set by the Handler from ExecutionContext if (EnableDockerExecDiagnostics) { // Collect comprehensive diagnostics when docker exec fails trace.Info("Docker exec diagnostics enabled, collecting diagnostics"); var diagnosticsManager = HostContext.GetService(); await diagnosticsManager.CollectDockerExecFailureDiagnosticsAsync(ex, containerEnginePath, containerExecutionArgs, Container.ContainerId); } else { trace.Info("Docker exec diagnostics disabled, skipping diagnostic collection"); } throw; // Re-throw the original exception } return exitCode; } } private class ContainerStandardInPayload { [JsonProperty("handler")] public String ExecutionHandler { get; set; } [JsonProperty("args")] public String ExecutionHandlerArguments { get; set; } [JsonProperty("workDir")] public String ExecutionHandlerWorkingDirectory { get; set; } [JsonProperty("environment")] public IDictionary ExecutionHandlerEnvironment { get; set; } [JsonProperty("prependPath")] public string ExecutionHandlerPrependPath { get; set; } } } } ================================================ FILE: src/Agent.Worker/JobExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.Expressions; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; using System.Linq; using System.Diagnostics; using Agent.Sdk; using Agent.Sdk.Knob; using Agent.Sdk.SecretMasking; using Newtonsoft.Json; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Microsoft.Identity.Client.TelemetryCore.TelemetryClient; namespace Microsoft.VisualStudio.Services.Agent.Worker { public interface IJobExtension : IExtension { HostTypes HostType { get; } Task> InitializeJob(IExecutionContext jobContext, Pipelines.AgentJobRequestMessage message); Task FinalizeJob(IExecutionContext jobContext); string GetRootedPath(IExecutionContext context, string path); void ConvertLocalPath(IExecutionContext context, string localPath, out string repoName, out string sourcePath); } public abstract class JobExtension : AgentService, IJobExtension { private readonly HashSet _existingProcesses = new HashSet(StringComparer.OrdinalIgnoreCase); private bool _processCleanup; private string _processLookupId = $"vsts_{Guid.NewGuid()}"; private bool _taskKeyCleanup; public abstract HostTypes HostType { get; } public abstract Type ExtensionType { get; } // Anything job extension want to do before building the steps list. public abstract void InitializeJobExtension(IExecutionContext context, IList steps, Pipelines.WorkspaceOptions workspace); // Anything job extension want to add to pre-job steps list. This will be deprecated when GetSource move to a task. public abstract IStep GetExtensionPreJobStep(IExecutionContext jobContext); // Anything job extension want to add to post-job steps list. This will be deprecated when GetSource move to a task. public abstract IStep GetExtensionPostJobStep(IExecutionContext jobContext); public abstract string GetRootedPath(IExecutionContext context, string path); public abstract void ConvertLocalPath(IExecutionContext context, string localPath, out string repoName, out string sourcePath); // download all required tasks. // make sure all task's condition inputs are valid. // build up three list of steps for jobrunner. (pre-job, job, post-job) #pragma warning disable CA1505 public async Task> InitializeJob(IExecutionContext jobContext, Pipelines.AgentJobRequestMessage message) { Trace.Entering(); ArgUtil.NotNull(jobContext, nameof(jobContext)); ArgUtil.NotNull(message, nameof(message)); // create a new timeline record node for 'Initialize job' IExecutionContext context = jobContext.CreateChild(Guid.NewGuid(), StringUtil.Loc("InitializeJob"), $"{nameof(JobExtension)}_Init"); List preJobSteps = new List(); List jobSteps = new List(); List postJobSteps = new List(); using (var register = jobContext.CancellationToken.Register(() => { context.CancelToken(); })) { try { context.Start(); context.Section(StringUtil.Loc("StepStarting", StringUtil.Loc("InitializeJob"))); if (AgentKnobs.SendSecretMaskerTelemetry.GetValue(context).AsBoolean()) { jobContext.GetHostContext().SecretMasker.StartTelemetry(_maxSecretMaskerTelemetryUniqueCorrelationIds); } PackageVersion agentVersion = new PackageVersion(BuildConstants.AgentPackage.Version); if (!AgentKnobs.Net8UnsupportedOsWarning.GetValue(context).AsBoolean()) { // Check if a system supports .NET 8 try { Trace.Verbose("Checking if your system supports .NET 8"); // Check version of the system if (!await PlatformUtil.IsNetVersionSupported("net8")) { string systemId = PlatformUtil.GetSystemId(); SystemVersion systemVersion = PlatformUtil.GetSystemVersion(); context.Warning(StringUtil.Loc("UnsupportedOsVersionByNet8", $"{systemId} {systemVersion}")); } } catch (Exception ex) { Trace.Error($"Error has occurred while checking if system supports .NET 8: {ex}"); context.Warning(ex.Message); } } if (!AgentKnobs.DisableUnsupportedOsWarningNet10.GetValue(context).AsBoolean()) { // Check if a system supports .NET 10 try { Trace.Verbose("Checking if your system supports .NET 10"); // Check version of the system if (!await PlatformUtil.IsNetVersionSupported("net10")) { string systemId = PlatformUtil.GetSystemId(); SystemVersion systemVersion = PlatformUtil.GetSystemVersion(); context.Warning(StringUtil.Loc("UnsupportedOsVersionByNet10", $"{systemId} {systemVersion}")); } } catch (Exception ex) { Trace.Error($"Error has occurred while checking if system supports .NET 10: {ex}"); context.Warning(ex.Message); } } // Set agent version variable. context.SetVariable(Constants.Variables.Agent.Version, BuildConstants.AgentPackage.Version); context.Output(StringUtil.Loc("AgentNameLog", context.Variables.Get(Constants.Variables.Agent.Name))); context.Output(StringUtil.Loc("AgentMachineNameLog", context.Variables.Get(Constants.Variables.Agent.MachineName))); context.Output(StringUtil.Loc("AgentVersion", BuildConstants.AgentPackage.Version)); // Machine specific setup info OutputSetupInfo(context); OutputImageVersion(context); PublishKnobsInfo(jobContext); context.Output(StringUtil.Loc("UserNameLog", System.Environment.UserName)); // Print proxy setting information for better diagnostic experience var agentWebProxy = HostContext.GetService(); if (!string.IsNullOrEmpty(agentWebProxy.ProxyAddress)) { context.Output(StringUtil.Loc("AgentRunningBehindProxy", agentWebProxy.ProxyAddress)); } // Give job extension a chance to initialize Trace.Info($"Run initial step from extension {this.GetType().Name}."); InitializeJobExtension(context, message?.Steps, message?.Workspace); if (AgentKnobs.ForceCreateTasksDirectory.GetValue(context).AsBoolean()) { var tasksDir = HostContext.GetDirectory(WellKnownDirectory.Tasks); try { Trace.Info($"Pre-creating {tasksDir} directory"); Directory.CreateDirectory(tasksDir); IOUtil.ValidateExecutePermission(tasksDir); } catch (Exception ex) { Trace.Error(ex); context.Error(ex); } } // Download tasks if not already in the cache Trace.Info("Downloading task definitions."); var taskManager = HostContext.GetService(); await taskManager.DownloadAsync(context, message.Steps); if (!AgentKnobs.DisableNode6Tasks.GetValue(context).AsBoolean() && !PlatformUtil.RunningOnAlpine) { Trace.Info("Downloading Node 6 runner."); var nodeUtil = new NodeJsUtil(HostContext); await nodeUtil.DownloadNodeRunnerAsync(context, register.Token); } // Parse all Task conditions. Trace.Info("Parsing all task's condition inputs."); var expression = HostContext.GetService(); Dictionary taskConditionMap = new Dictionary(); foreach (var task in message.Steps.OfType()) { IExpressionNode condition; if (!string.IsNullOrEmpty(task.Condition)) { context.Debug($"Task '{task.DisplayName}' has following condition: '{task.Condition}'."); condition = expression.Parse(context, task.Condition); } else { condition = ExpressionManager.Succeeded; } task.DisplayName = context.Variables.ExpandValue(nameof(task.DisplayName), task.DisplayName); taskConditionMap[task.Id] = condition; } context.Output("Checking job knob settings."); foreach (var knob in Knob.GetAllKnobsFor()) { var value = knob.GetValue(jobContext); if (value.Source.GetType() != typeof(BuiltInDefaultKnobSource)) { var tag = ""; if (knob.IsDeprecated) { tag = "(DEPRECATED)"; } else if (knob.IsExperimental) { tag = "(EXPERIMENTAL)"; } var stringValue = value.AsString(); if (knob is SecretKnob) { HostContext.SecretMasker.AddValue(stringValue, $"JobExtension_InitializeJob_{knob.Name}"); } var outputLine = $" Knob: {knob.Name} = {stringValue} Source: {value.Source.GetDisplayString()} {tag}"; if (knob.IsDeprecated) { context.Warning(outputLine); string deprecationInfo = (knob as DeprecatedKnob).DeprecationInfo; if (!string.IsNullOrEmpty(deprecationInfo)) { context.Warning(deprecationInfo); } } else { context.Output(outputLine); } } } context.Output("Finished checking job knob settings."); // Ensure that we send git telemetry before potential path env changes during the pipeline execution var isSelfHosted = StringUtil.ConvertToBoolean(jobContext.Variables.Get(Constants.Variables.Agent.IsSelfHosted)); if (PlatformUtil.RunningOnWindows && isSelfHosted) { try { var windowsPreinstalledGitCommand = jobContext.AsyncCommands.Find(c => c != null && c.Name == Constants.AsyncExecution.Commands.Names.WindowsPreinstalledGitTelemetry); if (windowsPreinstalledGitCommand != null) { await windowsPreinstalledGitCommand.WaitAsync(); } } catch (Exception ex) { // Log the error Trace.Info($"Caught exception from async command WindowsPreinstalledGitTelemetry: {ex}"); } } // Check if the Agent CDN is accessible if (AgentKnobs.AgentCDNConnectivityFailWarning.GetValue(context).AsBoolean()) { try { Trace.Verbose("Checking if the Agent CDN Endpoint (download.agent.dev.azure.com) is reachable"); bool isAgentCDNAccessible = await PlatformUtil.IsAgentCdnAccessibleAsync(agentWebProxy.WebProxy); if (isAgentCDNAccessible) { context.Output("Agent CDN is accessible."); } else { context.Warning(StringUtil.Loc("AgentCdnAccessFailWarning")); } PublishAgentCDNAccessStatusTelemetry(context, isAgentCDNAccessible); } catch (Exception ex) { // Handles network-level or unexpected exceptions (DNS failure, timeout, etc.) context.Warning(StringUtil.Loc("AgentCdnAccessFailWarning")); PublishAgentCDNAccessStatusTelemetry(context, false); Trace.Error($"Exception when attempting a HEAD request to Agent CDN: {ex}"); } } if (PlatformUtil.RunningOnWindows) { // This is for internal testing and is not publicly supported. This will be removed from the agent at a later time. var prepareScript = Environment.GetEnvironmentVariable("VSTS_AGENT_INIT_INTERNAL_TEMP_HACK"); ServiceEndpoint systemConnection = context.Endpoints.Single(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); if (!string.IsNullOrEmpty(prepareScript) && context.StepTarget() is HostInfo) { var prepareStep = new ManagementScriptStep( scriptPath: prepareScript, condition: ExpressionManager.Succeeded, displayName: "Agent Initialization"); Trace.Verbose($"Adding agent init script step."); prepareStep.Initialize(HostContext); prepareStep.ExecutionContext = jobContext?.CreateChild(Guid.NewGuid(), prepareStep.DisplayName, nameof(ManagementScriptStep)); prepareStep.AccessToken = systemConnection.Authorization.Parameters["AccessToken"]; prepareStep.Condition = ExpressionManager.Succeeded; preJobSteps.Add(prepareStep); } string gitVersion = null; if (AgentKnobs.UseGit2_39_4.GetValue(jobContext).AsBoolean()) { gitVersion = "2.39.4"; } else if (AgentKnobs.UseGit2_42_0_2.GetValue(jobContext).AsBoolean()) { gitVersion = "2.42.0.2"; } if (gitVersion is not null) { context.Debug($"Downloading Git v{gitVersion}"); var gitManager = HostContext.GetService(); await gitManager.DownloadAsync(context, gitVersion); } } if (AgentKnobs.InstallLegacyTfExe.GetValue(jobContext).AsBoolean()) { await TfManager.DownloadLegacyTfToolsAsync(context); } // build up 3 lists of steps, pre-job, job, post-job Stack postJobStepsBuilder = new Stack(); Dictionary taskVariablesMapping = new Dictionary(); if (context.Containers.Count > 0 || context.SidecarContainers.Count > 0) { // Get container provider - uses enhanced version if feature flag is enabled IContainerOperationProvider containerProvider; if (AgentKnobs.EnableEnhancedContainerDiagnostics.GetValue(context).AsBoolean()) { // Create and initialize enhanced provider manually since it's not registered with ServiceLocator var enhancedProvider = new ContainerOperationProviderEnhanced(); enhancedProvider.Initialize(HostContext); containerProvider = enhancedProvider; } else { containerProvider = HostContext.GetService(); } var containers = new List(); containers.AddRange(context.Containers); containers.AddRange(context.SidecarContainers); preJobSteps.Add(new JobExtensionRunner(runAsync: containerProvider.StartContainersAsync, condition: ExpressionManager.Succeeded, displayName: StringUtil.Loc("InitializeContainer"), data: containers)); postJobStepsBuilder.Push(new JobExtensionRunner(runAsync: containerProvider.StopContainersAsync, condition: ExpressionManager.Always, displayName: StringUtil.Loc("StopContainer"), data: containers)); } Dictionary> taskRestrictionsMap = new Dictionary>(); foreach (var task in message?.Steps.OfType()) { var taskDefinition = taskManager.Load(task); // Collect any task restrictions from the definition or step var restrictions = new List(); if (taskDefinition.Data.Restrictions != null) { restrictions.Add(new TaskDefinitionRestrictions(taskDefinition.Data)); } if (string.Equals(WellKnownStepTargetStrings.Restricted, task.Target?.Commands, StringComparison.OrdinalIgnoreCase)) { restrictions.Add(new TaskRestrictions() { Commands = new TaskCommandRestrictions() { Mode = TaskCommandMode.Restricted } }); } if (task.Target?.SettableVariables != null) { restrictions.Add(new TaskRestrictions() { SettableVariables = task.Target.SettableVariables }); } taskRestrictionsMap[task.Id] = restrictions; List warnings; taskVariablesMapping[task.Id] = new Variables(HostContext, new Dictionary(), out warnings); // Add pre-job steps from Tasks if (taskDefinition.Data?.PreJobExecution != null) { Trace.Info($"Adding Pre-Job {task.DisplayName}."); var taskRunner = HostContext.CreateService(); taskRunner.Task = task; taskRunner.Stage = JobRunStage.PreJob; taskRunner.Condition = taskConditionMap[task.Id]; preJobSteps.Add(taskRunner); } // Add execution steps from Tasks if (taskDefinition.Data?.Execution != null) { Trace.Verbose($"Adding {task.DisplayName}."); var taskRunner = HostContext.CreateService(); taskRunner.Task = task; taskRunner.Stage = JobRunStage.Main; taskRunner.Condition = taskConditionMap[task.Id]; jobSteps.Add(taskRunner); } // Add post-job steps from Tasks if (taskDefinition.Data?.PostJobExecution != null) { Trace.Verbose($"Adding Post-Job {task.DisplayName}."); var taskRunner = HostContext.CreateService(); taskRunner.Task = task; taskRunner.Stage = JobRunStage.PostJob; taskRunner.Condition = ExpressionManager.Always; postJobStepsBuilder.Push(taskRunner); } } // Add pre-job step from Extension Trace.Info("Adding pre-job step from extension."); var extensionPreJobStep = GetExtensionPreJobStep(jobContext); if (extensionPreJobStep != null) { preJobSteps.Add(extensionPreJobStep); } // Add post-job step from Extension Trace.Info("Adding post-job step from extension."); var extensionPostJobStep = GetExtensionPostJobStep(jobContext); if (extensionPostJobStep != null) { postJobStepsBuilder.Push(extensionPostJobStep); } ArgUtil.NotNull(jobContext, nameof(jobContext)); // I am not sure why this is needed, but static analysis flagged all uses of jobContext below this point // create execution context for all pre-job steps foreach (var step in preJobSteps) { if (PlatformUtil.RunningOnWindows && step is ManagementScriptStep) { continue; } if (step is JobExtensionRunner) { JobExtensionRunner extensionStep = step as JobExtensionRunner; ArgUtil.NotNull(extensionStep, extensionStep.DisplayName); Guid stepId = Guid.NewGuid(); extensionStep.ExecutionContext = jobContext.CreateChild(stepId, extensionStep.DisplayName, stepId.ToString("N")); } else if (step is ITaskRunner) { ITaskRunner taskStep = step as ITaskRunner; ArgUtil.NotNull(taskStep, step.DisplayName); taskStep.ExecutionContext = jobContext.CreateChild( Guid.NewGuid(), StringUtil.Loc("PreJob", taskStep.DisplayName), taskStep.Task.Name, taskVariablesMapping[taskStep.Task.Id], outputForward: true, taskRestrictions: taskRestrictionsMap[taskStep.Task.Id]); } } // create task execution context for all job steps from task foreach (var step in jobSteps) { ITaskRunner taskStep = step as ITaskRunner; ArgUtil.NotNull(taskStep, step.DisplayName); taskStep.ExecutionContext = jobContext.CreateChild( taskStep.Task.Id, taskStep.DisplayName, taskStep.Task.Name, taskVariablesMapping[taskStep.Task.Id], outputForward: true, taskRestrictions: taskRestrictionsMap[taskStep.Task.Id]); } // Add post-job steps from Tasks Trace.Info("Adding post-job steps from tasks."); while (postJobStepsBuilder.Count > 0) { postJobSteps.Add(postJobStepsBuilder.Pop()); } // create task execution context for all post-job steps from task foreach (var step in postJobSteps) { if (step is JobExtensionRunner) { JobExtensionRunner extensionStep = step as JobExtensionRunner; ArgUtil.NotNull(extensionStep, extensionStep.DisplayName); Guid stepId = Guid.NewGuid(); extensionStep.ExecutionContext = jobContext.CreateChild(stepId, extensionStep.DisplayName, stepId.ToString("N")); } else if (step is ITaskRunner) { ITaskRunner taskStep = step as ITaskRunner; ArgUtil.NotNull(taskStep, step.DisplayName); taskStep.ExecutionContext = jobContext.CreateChild( Guid.NewGuid(), StringUtil.Loc("PostJob", taskStep.DisplayName), taskStep.Task.Name, taskVariablesMapping[taskStep.Task.Id], outputForward: true, taskRestrictions: taskRestrictionsMap[taskStep.Task.Id]); } } if (PlatformUtil.RunningOnWindows) { // Add script post steps. // This is for internal testing and is not publicly supported. This will be removed from the agent at a later time. var finallyScript = Environment.GetEnvironmentVariable("VSTS_AGENT_CLEANUP_INTERNAL_TEMP_HACK"); if (!string.IsNullOrEmpty(finallyScript) && context.StepTarget() is HostInfo) { var finallyStep = new ManagementScriptStep( scriptPath: finallyScript, condition: ExpressionManager.Always, displayName: "Agent Cleanup"); Trace.Verbose($"Adding agent cleanup script step."); finallyStep.Initialize(HostContext); finallyStep.ExecutionContext = jobContext.CreateChild(Guid.NewGuid(), finallyStep.DisplayName, nameof(ManagementScriptStep)); finallyStep.Condition = ExpressionManager.Always; ServiceEndpoint systemConnection = context.Endpoints.Single(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); finallyStep.AccessToken = systemConnection.Authorization.Parameters["AccessToken"]; postJobSteps.Add(finallyStep); } } if (AgentKnobs.Rosetta2Warning.GetValue(jobContext).AsBoolean()) { using (var timeout = new CancellationTokenSource(TimeSpan.FromSeconds(5))) { if (await PlatformUtil.IsRunningOnAppleSiliconAsX64Async(timeout.Token)) { jobContext.Warning(StringUtil.Loc("Rosetta2Warning")); } } } List steps = new List(); steps.AddRange(preJobSteps); steps.AddRange(jobSteps); steps.AddRange(postJobSteps); // Start agent log plugin host process var logPlugin = HostContext.GetService(); await logPlugin.StartAsync(context, steps, jobContext.CancellationToken); // Prepare for orphan process cleanup _processCleanup = jobContext.Variables.GetBoolean("process.clean") ?? true; if (_processCleanup) { // Set the VSTS_PROCESS_LOOKUP_ID env variable. context.SetVariable(Constants.ProcessLookupId, _processLookupId, false, false); context.Output("Start tracking orphan processes."); // Take a snapshot of current running processes Dictionary processes = SnapshotProcesses(); foreach (var proc in processes) { // Pid_ProcessName _existingProcesses.Add($"{proc.Key}_{proc.Value.ProcessName}"); } } _taskKeyCleanup = jobContext.Variables.GetBoolean("process.cleanTaskKey") ?? true; return steps; } catch (OperationCanceledException ex) when (jobContext.CancellationToken.IsCancellationRequested) { // Log the exception and cancel the JobExtension Initialization. if (AgentKnobs.FailJobWhenAgentDies.GetValue(jobContext).AsBoolean() && HostContext.AgentShutdownToken.IsCancellationRequested) { PublishAgentShutdownTelemetry(jobContext, context); Trace.Error($"Caught Agent Shutdown exception from JobExtension Initialization: {ex.Message}"); context.Error(ex); context.Result = TaskResult.Failed; throw; } else { Trace.Error($"Caught cancellation exception from JobExtension Initialization: {ex}"); Trace.Error(ex); context.Error(ex); context.Result = TaskResult.Canceled; throw; } } catch (Exception ex) { // Log the error and fail the JobExtension Initialization. Trace.Error($"Caught exception from JobExtension Initialization: {ex}"); context.Error(ex); context.Result = TaskResult.Failed; throw; } finally { context.Section(StringUtil.Loc("StepFinishing", StringUtil.Loc("InitializeJob"))); context.Complete(); } } } private void PublishAgentShutdownTelemetry(IExecutionContext jobContext, IExecutionContext childContext) { var telemetryData = new Dictionary { { "JobId", childContext?.Variables?.System_JobId?.ToString() ?? string.Empty }, { "JobResult", TaskResult.Failed.ToString() }, { "TracePoint", "110" }, }; PublishTelemetry(jobContext, telemetryData, "AgentShutdown"); } public async Task FinalizeJob(IExecutionContext jobContext) { Trace.Entering(); ArgUtil.NotNull(jobContext, nameof(jobContext)); // create a new timeline record node for 'Finalize job' IExecutionContext context = jobContext.CreateChild(Guid.NewGuid(), StringUtil.Loc("FinalizeJob"), $"{nameof(JobExtension)}_Final"); using (var register = jobContext.CancellationToken.Register(() => { context.CancelToken(); })) { try { context.Start(); context.Section(StringUtil.Loc("StepStarting", StringUtil.Loc("FinalizeJob"))); PublishSecretMaskerTelemetryIfOptedIn(jobContext); // Wait for agent log plugin process exits var logPlugin = HostContext.GetService(); try { await logPlugin.WaitAsync(context); } catch (Exception ex) { // Log and ignore the error from log plugin finalization. Trace.Error($"Caught exception from log plugin finalization: {ex}"); context.Output(ex.Message); } if (_taskKeyCleanup) { context.Output("Cleaning up task key"); string taskKeyFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), ".taskkey"); if (File.Exists(taskKeyFile)) { try { File.Delete(taskKeyFile); } catch (Exception ex) { Trace.Error($"Caught exception while attempting to delete taskKey file {taskKeyFile}: {ex}"); context.Output(ex.Message); } } } if (_processCleanup) { context.Output("Start cleaning up orphan processes."); // Only check environment variable for any process that doesn't run before we invoke our process. Dictionary currentProcesses = SnapshotProcesses(); foreach (var proc in currentProcesses) { if (_existingProcesses.Contains($"{proc.Key}_{proc.Value.ProcessName}")) { Trace.Verbose($"Skip existing process. PID: {proc.Key} ({proc.Value.ProcessName})"); } else { Trace.Info($"Inspecting process environment variables. PID: {proc.Key} ({proc.Value.ProcessName})"); string lookupId = null; try { lookupId = proc.Value.GetEnvironmentVariable(HostContext, Constants.ProcessLookupId); } catch (Exception ex) { Trace.Warning($"Ignore exception during read process environment variables: {ex.Message}"); Trace.Verbose(ex.ToString()); } if (string.Equals(lookupId, _processLookupId, StringComparison.OrdinalIgnoreCase)) { context.Output($"Terminate orphan process: pid ({proc.Key}) ({proc.Value.ProcessName})"); try { proc.Value.Kill(); } catch (Exception ex) { Trace.Error("Catch exception during orphan process cleanup."); Trace.Error(ex); } } } } } } catch (Exception ex) { // Log and ignore the error from JobExtension finalization. Trace.Error($"Caught exception from JobExtension finalization: {ex}"); context.Output(ex.Message); } finally { context.Section(StringUtil.Loc("StepFinishing", StringUtil.Loc("FinalizeJob"))); context.Complete(); } } } private Dictionary SnapshotProcesses() { Dictionary snapshot = new Dictionary(); foreach (var proc in Process.GetProcesses()) { try { // On Windows, this will throw exception on error. // On Linux, this will be NULL on error. if (!string.IsNullOrEmpty(proc.ProcessName)) { snapshot[proc.Id] = proc; } } catch (Exception ex) { Trace.Verbose($"Ignore any exception during taking process snapshot of process pid={proc.Id}: '{ex.Message}'."); } } Trace.Info($"Total accessible running process: {snapshot.Count}."); return snapshot; } private void OutputImageVersion(IExecutionContext context) { string imageVersion = System.Environment.GetEnvironmentVariable(Constants.ImageVersionVariable); string jobId = context?.Variables?.System_JobId?.ToString() ?? string.Empty; if (imageVersion != null) { context.Output(StringUtil.Loc("ImageVersionLog", imageVersion)); } else { Trace.Info($"Image version for job id {jobId} is not set"); } var telemetryData = new Dictionary() { { "JobId", jobId }, { "ImageVersion", imageVersion }, }; PublishTelemetry(context, telemetryData, "ImageVersionTelemetry"); } private void OutputSetupInfo(IExecutionContext context) { try { var configurationStore = HostContext.GetService(); foreach (var info in configurationStore.GetSetupInfo()) { if (!string.IsNullOrEmpty(info.Detail)) { var groupName = info.Group; if (string.IsNullOrEmpty(groupName)) { groupName = "Machine Setup Info"; } context.Output($"##[group]{groupName}"); var multiLines = info.Detail.Replace("\r\n", "\n").TrimEnd('\n').Split('\n'); foreach (var line in multiLines) { context.Output(line); } context.Output("##[endgroup]"); } } } catch (Exception ex) { context.Output($"Fail to load and print machine setup info: {ex.Message}"); Trace.Error(ex); } } private void PublishKnobsInfo(IExecutionContext jobContext) { var telemetryData = new Dictionary() { { "JobId", jobContext?.Variables?.System_JobId } }; foreach (var knob in Knob.GetAllKnobsFor()) { var value = knob.GetValue(jobContext); if (value.Source.GetType() != typeof(BuiltInDefaultKnobSource)) { var stringValue = HostContext.SecretMasker.MaskSecrets(value.AsString()); telemetryData.Add($"{knob.Name}-{value.Source.GetDisplayString()}", stringValue); } } PublishTelemetry(jobContext, telemetryData, "KnobsStatus"); } private void PublishAgentCDNAccessStatusTelemetry(IExecutionContext context, bool isAgentCDNAccessible) { try { var telemetryData = new Dictionary { ["JobId"] = context?.Variables?.System_JobId?.ToString() ?? string.Empty, ["isAgentCDNAccessible"] = isAgentCDNAccessible.ToString() }; var cmd = new Command("telemetry", "publish") { Data = JsonConvert.SerializeObject(telemetryData) }; cmd.Properties["area"] = "PipelinesTasks"; cmd.Properties["feature"] = "CDNConnectivityCheck"; PublishTelemetry(context, telemetryData, "AgentCDNAccessStatus"); } catch (Exception ex) { Trace.Verbose($"Ignoring exception during 'AgentCDNAccessStatus' telemetry publish: '{ex.Message}'"); } } // How secret masker telemetry limits were chosen: // // - We don't want to introduce telemetry events much larger than // others we send today. // // - The KnobsStatus telemetry event is among the largest and we // routinely see it with ~2000 chars in Properties. // // - The longest rule moniker today is 73 chars. There's an issue filed // to shorten it so we should not expect longer than this in the // future. // // - C3ID is 20 chars. // // - So say max ~100 chars for "": "" // // - 10 of these is ~1000 chars / half of KnobsStatus, which leaves // plenty of buffer. // // - We also don't want to send too many events so we send at most 5. // // - This means we can send up to 50 unique C3IDs reported per job. // That's a lot for a real world scenario. More than that has a // significant chance of being malicious. private const int _maxCorrelatingIdsPerSecretMaskerTelemetryEvent = 10; private const int _maxSecretMaskerTelemetryCorrelationEvents = 5; private const int _maxSecretMaskerTelemetryUniqueCorrelationIds = _maxCorrelatingIdsPerSecretMaskerTelemetryEvent * _maxSecretMaskerTelemetryCorrelationEvents; private void PublishSecretMaskerTelemetryIfOptedIn(IExecutionContext jobContext) { try { if (AgentKnobs.SendSecretMaskerTelemetry.GetValue(jobContext).AsBoolean()) { string jobId = jobContext?.Variables?.System_JobId?.ToString() ?? string.Empty; string planId = jobContext?.Variables?.System_PlanId?.ToString() ?? string.Empty; ILoggedSecretMasker masker = jobContext.GetHostContext().SecretMasker; masker.StopAndPublishTelemetry( _maxCorrelatingIdsPerSecretMaskerTelemetryEvent, (feature, data) => { data["JobId"] = jobId; data["PlanId"] = planId; PublishTelemetry(jobContext, data, feature); }); } } catch (Exception ex) { Trace.Warning($"Unable to publish secret masker telemetry data. Exception: {ex}"); } } private void PublishTelemetry(IExecutionContext context, Dictionary telemetryData, string feature) { try { var cmd = new Command("telemetry", "publish"); cmd.Data = JsonConvert.SerializeObject(telemetryData, Formatting.None); cmd.Properties.Add("area", "PipelinesTasks"); cmd.Properties.Add("feature", feature); var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(HostContext); publishTelemetryCmd.ProcessCommand(context, cmd); } catch (Exception ex) { Trace.Warning($"Unable to publish telemetry data. Exception: {ex}"); } } } public class UnsupportedOsException : Exception { public UnsupportedOsException(string message) : base(message) { } } } ================================================ FILE: src/Agent.Worker/JobExtensionRunner.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.Expressions; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Microsoft.VisualStudio.Services.Agent.Worker { public sealed class JobExtensionRunner : IStep { private readonly object _data; private readonly Func _runAsync; public JobExtensionRunner( Func runAsync, IExpressionNode condition, string displayName, object data) { _runAsync = runAsync; Condition = condition; DisplayName = displayName; _data = data; } public IExpressionNode Condition { get; set; } public bool ContinueOnError => false; public string DisplayName { get; private set; } public bool Enabled => true; public IExecutionContext ExecutionContext { get; set; } public TimeSpan? Timeout => null; public Pipelines.StepTarget Target => null; public async Task RunAsync() { await _runAsync(ExecutionContext, _data); } } } ================================================ FILE: src/Agent.Worker/JobRunner.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using Agent.Sdk.Util; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using System; using System.Collections.Generic; using System.Globalization; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using System.Net.Http; using Newtonsoft.Json.Linq; using Newtonsoft.Json; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(JobRunner))] public interface IJobRunner : IAgentService { Task RunAsync(Pipelines.AgentJobRequestMessage message, CancellationToken jobRequestCancellationToken); void UpdateMetadata(JobMetadataMessage message); } public sealed class JobRunner : AgentService, IJobRunner { private IJobServerQueue _jobServerQueue; private ITempDirectoryManager _tempDirectoryManager; /// /// Add public accessor for _jobServerQueue to make JobRunner more testable /// See /Test/L0/Worker/JobRunnerL0.cs /// public IJobServerQueue JobServerQueue { set => _jobServerQueue = value; } public async Task RunAsync(Pipelines.AgentJobRequestMessage message, CancellationToken jobRequestCancellationToken) { using (Trace.EnteringWithDuration()) { // Validate parameters. Trace.Entering(); ArgUtil.NotNull(message, nameof(message)); ArgUtil.NotNull(message.Resources, nameof(message.Resources)); ArgUtil.NotNull(message.Variables, nameof(message.Variables)); ArgUtil.NotNull(message.Steps, nameof(message.Steps)); Trace.Entering(); DateTime jobStartTimeUtc = DateTime.UtcNow; ServiceEndpoint systemConnection = message.Resources.Endpoints.Single(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); bool skipServerCertificateValidation = HostContext.GetService().SkipServerCertificateValidation; // System.AccessToken if (message.Variables.ContainsKey(Constants.Variables.System.EnableAccessToken) && StringUtil.ConvertToBoolean(message.Variables[Constants.Variables.System.EnableAccessToken].Value)) { message.Variables[Constants.Variables.System.AccessToken] = new VariableValue(systemConnection.Authorization.Parameters["AccessToken"], false); } // back compat TfsServerUrl message.Variables[Constants.Variables.System.TFServerUrl] = systemConnection.Url.AbsoluteUri; // Make sure SystemConnection Url and Endpoint Url match Config Url base for OnPremises server // System.ServerType will always be there after M133 if (!message.Variables.ContainsKey(Constants.Variables.System.ServerType) || string.Equals(message.Variables[Constants.Variables.System.ServerType]?.Value, "OnPremises", StringComparison.OrdinalIgnoreCase)) { Trace.Info("OnPremises server detected - applying config URI base replacement"); ReplaceConfigUriBaseInJobRequestMessage(message); Trace.Info("Config URI base replacement completed for OnPremises server"); } // Setup the job server and job server queue. var jobServer = HostContext.GetService(); VssCredentials jobServerCredential = VssUtil.GetVssCredential(systemConnection); Uri jobServerUrl = systemConnection.Url; Trace.Info(StringUtil.Format("Creating job server connection [URL:{0}]", jobServerUrl)); // jobServerQueue is the throttling reporter. _jobServerQueue = HostContext.GetService(); VssConnection jobConnection = VssUtil.CreateConnection( jobServerUrl, jobServerCredential, Trace, skipServerCertificateValidation, new DelegatingHandler[] { new ThrottlingReportHandler(_jobServerQueue) } ); await jobServer.ConnectAsync(jobConnection); _jobServerQueue.Start(message); HostContext.WritePerfCounter($"WorkerJobServerQueueStarted_{message.RequestId.ToString()}"); Trace.Info(StringUtil.Format("JobServer connection established successfully [URL:{0}, ThrottlingEnabled:True]", jobServerUrl)); IExecutionContext jobContext = null; CancellationTokenRegistration? agentShutdownRegistration = null; CancellationTokenRegistration? workerTimeoutRegistration = null; VssConnection taskConnection = null; VssConnection legacyTaskConnection = null; IResourceMetricsManager resourceDiagnosticManager = null; try { // Create the job execution context. jobContext = HostContext.CreateService(); jobContext.InitializeJob(message, jobRequestCancellationToken); jobContext.Start(); jobContext.Section(StringUtil.Loc("StepStarting", message.JobDisplayName)); Trace.Info($"ExecutionContext initialized successfully. [JobName: {message.JobDisplayName}]"); EvaluateHttpTraceKnob(jobContext); EvaluateTraceVerboseKnob(jobContext); //Start Resource Diagnostics if enabled in the job message jobContext.Variables.TryGetValue("system.debug", out var systemDebug); resourceDiagnosticManager = HostContext.GetService(); resourceDiagnosticManager.SetContext(jobContext); if (string.Equals(systemDebug, "true", StringComparison.OrdinalIgnoreCase)) { if (AgentKnobs.EnableResourceMonitorDebugOutput.GetValue(jobContext).AsBoolean()) { _ = resourceDiagnosticManager.RunDebugResourceMonitorAsync(); } else { jobContext.Debug(StringUtil.Loc("ResourceUtilizationDebugOutputIsDisabled")); } } agentShutdownRegistration = HostContext.AgentShutdownToken.Register(() => { // log an issue, then agent get shutdown by Ctrl-C or Ctrl-Break. // the server will use Ctrl-Break to tells the agent that operating system is shutting down. string errorMessage; switch (HostContext.AgentShutdownReason) { case ShutdownReason.UserCancelled: errorMessage = StringUtil.Loc("UserShutdownAgent"); Trace.Warning($"Agent shutdown initiated [Reason:UserCancelled, JobId:{message.JobId}]"); break; case ShutdownReason.OperatingSystemShutdown: errorMessage = StringUtil.Loc("OperatingSystemShutdown", Environment.MachineName); Trace.Warning(StringUtil.Format("Agent shutdown initiated [Reason:OperatingSystemShutdown, JobId:{0}, Machine:{1}]", message.JobId, Environment.MachineName)); break; default: Trace.Error(StringUtil.Format("Unknown shutdown reason detected [Reason:{0}, JobId:{1}]", HostContext.AgentShutdownReason, message.JobId)); throw new ArgumentException(HostContext.AgentShutdownReason.ToString(), nameof(HostContext.AgentShutdownReason)); } jobContext.AddIssue(new Issue() { Type = IssueType.Error, Message = errorMessage }); }); // Register for worker timeout cancellation - similar to agent shutdown workerTimeoutRegistration = HostContext.WorkerShutdownForTimeout.Register(() => { Trace.Warning($"Worker shutdown for timeout triggered [JobId:{message.JobId}]"); jobContext.AddIssue(new Issue() { Type = IssueType.Error, Message = "Job cancelled due to worker timeout." }); }); // Validate directory permissions. string workDirectory = HostContext.GetDirectory(WellKnownDirectory.Work); Trace.Info($"Validating directory permissions for: '{workDirectory}'"); try { Directory.CreateDirectory(workDirectory); IOUtil.ValidateExecutePermission(workDirectory); Trace.Info(StringUtil.Format("Work directory validation successful [Path:{0}]", workDirectory)); } catch (Exception ex) { Trace.Error(ex); jobContext.Error(ex); return await CompleteJobAsync(jobServer, jobContext, message, TaskResult.Failed); } // Set agent variables. AgentSettings settings = HostContext.GetService().GetSettings(); jobContext.SetVariable(Constants.Variables.Agent.Id, settings.AgentId.ToString(CultureInfo.InvariantCulture)); jobContext.SetVariable(Constants.Variables.Agent.HomeDirectory, HostContext.GetDirectory(WellKnownDirectory.Root), isFilePath: true); jobContext.SetVariable(Constants.Variables.Agent.JobName, message.JobDisplayName); jobContext.SetVariable(Constants.Variables.Agent.CloudId, settings.AgentCloudId); jobContext.SetVariable(Constants.Variables.Agent.IsSelfHosted, settings.IsMSHosted ? "0" : "1"); jobContext.SetVariable(Constants.Variables.Agent.MachineName, Environment.MachineName); jobContext.SetVariable(Constants.Variables.Agent.Name, settings.AgentName); jobContext.SetVariable(Constants.Variables.Agent.OS, VarUtil.OS); jobContext.SetVariable(Constants.Variables.Agent.OSArchitecture, VarUtil.OSArchitecture); jobContext.SetVariable(Constants.Variables.Agent.RootDirectory, HostContext.GetDirectory(WellKnownDirectory.Work), isFilePath: true); Trace.Info($"Agent metadata populated [AgentId:{settings.AgentId}, AgentName:{settings.AgentName}, OS:{VarUtil.OS}, Architecture:{VarUtil.OSArchitecture}, SelfHosted:{!settings.IsMSHosted}, CloudId:{settings.AgentCloudId}, MachineName:{Environment.MachineName}]"); if (PlatformUtil.RunningOnWindows) { string serverOMDirectoryVariable = VarUtil.GetTfDirectoryPath(jobContext); jobContext.SetVariable(Constants.Variables.Agent.ServerOMDirectory, serverOMDirectoryVariable, isFilePath: true); } if (!PlatformUtil.RunningOnWindows) { jobContext.SetVariable(Constants.Variables.Agent.AcceptTeeEula, settings.AcceptTeeEula.ToString()); } jobContext.SetVariable(Constants.Variables.Agent.WorkFolder, HostContext.GetDirectory(WellKnownDirectory.Work), isFilePath: true); jobContext.SetVariable(Constants.Variables.System.WorkFolder, HostContext.GetDirectory(WellKnownDirectory.Work), isFilePath: true); Trace.Info("Environment detection initiated - setting up Azure VM and Docker container detection"); var azureVmCheckCommand = jobContext.GetHostContext().GetService(); azureVmCheckCommand.InitializeCommandContext(jobContext, Constants.AsyncExecution.Commands.Names.GetAzureVMMetada); azureVmCheckCommand.Task = Task.Run(() => jobContext.SetVariable(Constants.Variables.System.IsAzureVM, PlatformUtil.DetectAzureVM() ? "1" : "0")); jobContext.AsyncCommands.Add(azureVmCheckCommand); var dockerDetectCommand = jobContext.GetHostContext().GetService(); dockerDetectCommand.InitializeCommandContext(jobContext, Constants.AsyncExecution.Commands.Names.DetectDockerContainer); dockerDetectCommand.Task = Task.Run(() => jobContext.SetVariable(Constants.Variables.System.IsDockerContainer, PlatformUtil.DetectDockerContainer() ? "1" : "0")); jobContext.AsyncCommands.Add(dockerDetectCommand); string toolsDirectory = HostContext.GetDirectory(WellKnownDirectory.Tools); Directory.CreateDirectory(toolsDirectory); jobContext.SetVariable(Constants.Variables.Agent.ToolsDirectory, toolsDirectory, isFilePath: true); Trace.Info(StringUtil.Format("Tools directory initialized [Path:{0}]", toolsDirectory)); if (AgentKnobs.DisableGitPrompt.GetValue(jobContext).AsBoolean()) { jobContext.SetVariable("GIT_TERMINAL_PROMPT", "0"); } // Setup TEMP directories _tempDirectoryManager = HostContext.GetService(); _tempDirectoryManager.InitializeTempDirectory(jobContext); Trace.Info("Temporary directory manager initialized - TEMP directories configured for job execution"); // todo: task server can throw. try/catch and fail job gracefully. // prefer task definitions url, then TFS collection url, then TFS account url Trace.Info("TaskServer connection setup initiated - establishing connection for task definitions"); var taskServer = HostContext.GetService(); Uri taskServerUri = null; if (!string.IsNullOrEmpty(jobContext.Variables.System_TaskDefinitionsUri)) { taskServerUri = new Uri(jobContext.Variables.System_TaskDefinitionsUri); } else if (!string.IsNullOrEmpty(jobContext.Variables.System_TFCollectionUrl)) { taskServerUri = new Uri(jobContext.Variables.System_TFCollectionUrl); } var taskServerCredential = VssUtil.GetVssCredential(systemConnection); if (taskServerUri != null) { Trace.Info(StringUtil.Format("Creating task server [URI:{0}]", taskServerUri)); taskConnection = VssUtil.CreateConnection(taskServerUri, taskServerCredential, Trace, skipServerCertificateValidation); await taskServer.ConnectAsync(taskConnection); Trace.Info($"TaskServer connection established successfully [URI: {taskServerUri}]"); } // for back compat TFS 2015 RTM/QU1, we may need to switch the task server url to agent config url if (!string.Equals(message?.Variables.GetValueOrDefault(Constants.Variables.System.ServerType)?.Value, "Hosted", StringComparison.OrdinalIgnoreCase)) { if (taskServerUri == null || !await taskServer.TaskDefinitionEndpointExist()) { Trace.Info($"Can't determine task download url from JobMessage or the endpoint doesn't exist."); var configStore = HostContext.GetService(); taskServerUri = new Uri(configStore.GetSettings().ServerUrl); Trace.Info($"Recreate task server with configuration server url: {taskServerUri}"); legacyTaskConnection = VssUtil.CreateConnection(taskServerUri, taskServerCredential, trace: Trace, skipServerCertificateValidation); await taskServer.ConnectAsync(legacyTaskConnection); Trace.Info($"Legacy TaskServer connection established successfully - [URI: {taskServerUri}]"); } } // Expand the endpoint data values. foreach (ServiceEndpoint endpoint in jobContext.Endpoints) { jobContext.Variables.ExpandValues(target: endpoint.Data); VarUtil.ExpandEnvironmentVariables(HostContext, target: endpoint.Data); } Trace.Info($"Endpoint data expansion completed for {jobContext.Endpoints?.Count ?? 0} endpoints"); // Expand the repository property values. foreach (var repository in jobContext.Repositories) { // expand checkout option var checkoutOptions = repository.Properties.Get(Pipelines.RepositoryPropertyNames.CheckoutOptions); if (checkoutOptions != null) { checkoutOptions = jobContext.Variables.ExpandValues(target: checkoutOptions); checkoutOptions = VarUtil.ExpandEnvironmentVariables(HostContext, target: checkoutOptions); repository.Properties.Set(Pipelines.RepositoryPropertyNames.CheckoutOptions, checkoutOptions); } // expand workspace mapping var mappings = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Mappings); if (mappings != null) { mappings = jobContext.Variables.ExpandValues(target: mappings); mappings = VarUtil.ExpandEnvironmentVariables(HostContext, target: mappings); repository.Properties.Set(Pipelines.RepositoryPropertyNames.Mappings, mappings); } } Trace.Info($"Repository property expansion completed for {jobContext.Repositories?.Count ?? 0} repositories"); // Expand container properties foreach (var container in jobContext.Containers) { this.ExpandProperties(container, jobContext.Variables); } foreach (var sidecar in jobContext.SidecarContainers) { this.ExpandProperties(sidecar, jobContext.Variables); } Trace.Info($"Container property expansion completed - Containers: {jobContext.Containers?.Count ?? 0}, Sidecars: {jobContext.SidecarContainers?.Count ?? 0}"); // Send telemetry in case if git is preinstalled on windows platform var isSelfHosted = StringUtil.ConvertToBoolean(jobContext.Variables.Get(Constants.Variables.Agent.IsSelfHosted)); if (PlatformUtil.RunningOnWindows && isSelfHosted) { Trace.Info("Initiating Windows preinstalled Git telemetry collection for self-hosted agent"); var windowsPreinstalledGitCommand = jobContext.GetHostContext().GetService(); windowsPreinstalledGitCommand.InitializeCommandContext(jobContext, Constants.AsyncExecution.Commands.Names.WindowsPreinstalledGitTelemetry); windowsPreinstalledGitCommand.Task = Task.Run(() => { var hasPreinstalledGit = false; var filePath = WhichUtil.Which("git.exe", require: false, trace: null); if (!string.IsNullOrEmpty(filePath)) { hasPreinstalledGit = true; } PublishTelemetry(context: jobContext, area: "PipelinesTasks", feature: "WindowsGitTelemetry", properties: new Dictionary { { "hasPreinstalledGit", hasPreinstalledGit.ToString() } }); }); jobContext.AsyncCommands.Add(windowsPreinstalledGitCommand); } // Get the job extension. Trace.Info("Job extension initialization initiated - determining host type and loading appropriate extension"); var hostType = jobContext.Variables.System_HostType; var extensionManager = HostContext.GetService(); // We should always have one job extension IJobExtension jobExtension = (extensionManager.GetExtensions() ?? new List()) .Where(x => x.HostType.HasFlag(hostType)) .FirstOrDefault(); ArgUtil.NotNull(jobExtension, nameof(jobExtension)); Trace.Info($"Job extension loaded successfully - HostType: {hostType}, ExtensionType: {jobExtension?.GetType()?.Name}"); List jobSteps = null; try { Trace.Info("Job steps initialization initiated - parsing step definitions and resolving task references"); jobSteps = await jobExtension.InitializeJob(jobContext, message); Trace.Info($"Job extension initialization completed successfully"); } catch (OperationCanceledException ex) when (jobContext.CancellationToken.IsCancellationRequested) { // set the job to canceled // don't log error issue to job ExecutionContext, since server owns the job level issue if (AgentKnobs.FailJobWhenAgentDies.GetValue(jobContext).AsBoolean() && HostContext.AgentShutdownToken.IsCancellationRequested) { PublishTelemetry(context: jobContext, area: "PipelinesTasks", feature: "AgentShutdown", properties: new Dictionary { { "JobId", jobContext.Variables.System_JobId.ToString() }, { "JobResult", TaskResult.Failed.ToString() }, { "TracePoint", "111"}, }); Trace.Error($"Job is canceled during initialize."); Trace.Error($"Caught exception: {ex}"); return await CompleteJobAsync(jobServer, jobContext, message, TaskResult.Failed); } else { Trace.Error($"Job is canceled during initialize."); Trace.Error($"Caught exception: {ex}"); return await CompleteJobAsync(jobServer, jobContext, message, TaskResult.Canceled); } } catch (Exception ex) { // set the job to failed. // don't log error issue to job ExecutionContext, since server owns the job level issue Trace.Error($"Job initialize failed."); Trace.Error($"Caught exception from {nameof(jobExtension.InitializeJob)}: {ex}"); return await CompleteJobAsync(jobServer, jobContext, message, TaskResult.Failed); } // trace out all steps Trace.Info($"Total job steps: {jobSteps.Count}."); Trace.Verbose($"Job steps: '{string.Join(", ", jobSteps.Select(x => x.DisplayName))}'"); HostContext.WritePerfCounter($"WorkerJobInitialized_{message?.RequestId.ToString()}"); // Run all job steps Trace.Info("Run all job steps."); var stepsRunner = HostContext.GetService(); try { Trace.Info("Step execution pipeline initiated - beginning job steps execution with StepsRunner"); await stepsRunner.RunAsync(jobContext, jobSteps); Trace.Info("Step execution pipeline completed successfully - all job steps finished execution"); } catch (Exception ex) { // StepRunner should never throw exception out. // End up here mean there is a bug in StepRunner // Log the error and fail the job. Trace.Error($"Caught exception from job steps {nameof(StepsRunner)}: {ex}"); jobContext.Error(ex); return await CompleteJobAsync(jobServer, jobContext, message, TaskResult.Failed); } finally { Trace.Info("Finalize job."); await jobExtension.FinalizeJob(jobContext); } Trace.Info($"Job result after all job steps finish: {jobContext.Result ?? TaskResult.Succeeded}"); if (jobContext.Variables.GetBoolean(Constants.Variables.Agent.Diagnostic) ?? false) { Trace.Info("Support log upload initiated - Diagnostic mode enabled, uploading support logs"); IDiagnosticLogManager diagnosticLogManager = HostContext.GetService(); try { await diagnosticLogManager.UploadDiagnosticLogsAsync(executionContext: jobContext, message: message, jobStartTimeUtc: jobStartTimeUtc); Trace.Info("Support log upload completed - Diagnostic logs uploaded successfully"); } catch (Exception ex) { // Log the error but make sure we continue gracefully. Trace.Info("Error uploading support logs."); Trace.Error(ex); } } Trace.Info("Completing the job execution context."); return await CompleteJobAsync(jobServer, jobContext, message); } catch (AggregateException e) { ExceptionsUtil.HandleAggregateException((AggregateException)e, (message) => Trace.Error(message)); return TaskResult.Failed; } finally { if (agentShutdownRegistration != null) { agentShutdownRegistration.Value.Dispose(); agentShutdownRegistration = null; } if (workerTimeoutRegistration != null) { workerTimeoutRegistration.Value.Dispose(); workerTimeoutRegistration = null; } legacyTaskConnection?.Dispose(); taskConnection?.Dispose(); jobConnection?.Dispose(); await ShutdownQueue(throwOnFailure: false); Trace.Info("Job server queue shutdown completed - all resources cleaned up successfully"); } } } private void EvaluateHttpTraceKnob(IExecutionContext jobContext) { // Dynamic HTTP trace: allow pipeline variables to enable HTTP tracing for this job bool enableHttpTrace = AgentKnobs.HttpTrace.GetValue(jobContext).AsBoolean() || (jobContext.Variables.GetBoolean(Constants.Variables.Agent.Diagnostic) ?? false); if (enableHttpTrace) { Trace.Info("HTTP trace enabled via pipeline variable"); HostContext.EnableHttpTrace(); } } private void EvaluateTraceVerboseKnob(IExecutionContext jobContext) { // Dynamic worker verbose logging: allow pipeline variables or worker knob to enable verbose logging for this job bool enableWorkerVerbose = AgentKnobs.TraceVerbose.GetValue(jobContext).AsBoolean() || (jobContext.Variables.GetBoolean(Constants.Variables.Agent.Diagnostic) ?? false); if (enableWorkerVerbose) { Trace.Info("Worker verbose logging enabled via pipeline variable or worker knob"); var traceManager = HostContext.GetService(); if (traceManager?.Switch != null) { traceManager.Switch.Level = System.Diagnostics.SourceLevels.Verbose; } } } public void UpdateMetadata(JobMetadataMessage message) { if (message.PostLinesFrequencyMillis.HasValue && _jobServerQueue != null) { _jobServerQueue.UpdateWebConsoleLineRate(message.PostLinesFrequencyMillis.Value); } } public void ExpandProperties(ContainerInfo container, Variables variables) { if (container == null || variables == null) { return; } // Expand port mapping variables.ExpandValues(container.UserPortMappings); // Expand volume mounts variables.ExpandValues(container.UserMountVolumes); foreach (var volume in container.UserMountVolumes.Values) { // After mount volume variables are expanded, they are final container.MountVolumes.Add(new MountVolume(volume)); } // Expand env vars variables.ExpandValues(container.ContainerEnvironmentVariables); // Expand image and options strings container.ContainerImage = variables.ExpandValue(nameof(container.ContainerImage), container.ContainerImage); container.ContainerCreateOptions = variables.ExpandValue(nameof(container.ContainerCreateOptions), container.ContainerCreateOptions); } private async Task CompleteJobAsync(IJobServer jobServer, IExecutionContext jobContext, Pipelines.AgentJobRequestMessage message, TaskResult? taskResult = null) { Trace.Info($"Job finalization initiated - Job: '{message.JobDisplayName}', JobId: {message.JobId}"); ArgUtil.NotNull(message, nameof(message)); jobContext.Section(StringUtil.Loc("StepFinishing", message.JobDisplayName)); TaskResult result = jobContext.Complete(taskResult); Trace.Info($"Job result calculation completed - Final result: {result}"); try { await ShutdownQueue(throwOnFailure: true); Trace.Info("Job extension finalization completed - Job server queue shutdown successful"); } catch (AggregateException ex) { ExceptionsUtil.HandleAggregateException((AggregateException)ex, (message) => Trace.Error(message)); result = TaskResultUtil.MergeTaskResults(result, TaskResult.Failed); } catch (Exception ex) { Trace.Error($"Caught exception from {nameof(JobServerQueue)}.{nameof(_jobServerQueue.ShutdownAsync)}"); Trace.Error("This indicate a failure during publish output variables. Fail the job to prevent unexpected job outputs."); Trace.Error(ex); result = TaskResultUtil.MergeTaskResults(result, TaskResult.Failed); } // Clean TEMP after finish process jobserverqueue, since there might be a pending fileupload still use the TEMP dir. _tempDirectoryManager?.CleanupTempDirectory(); Trace.Info("Resource disposal completed - Temporary directory cleanup finished"); if (!jobContext.Features.HasFlag(PlanFeatures.JobCompletedPlanEvent)) { Trace.Info($"Job completion event skipped - [Plan version {message.Plan.Version}] does not support JobCompletedPlanEvent. [Final result: {result}]"); return result; } Trace.Info($"Timeline record updates initiated - Raising job completed event for JobId: {message.JobId}"); Trace.Info("Raising job completed event."); var jobCompletedEvent = new JobCompletedEvent(message.RequestId, message.JobId, result, jobContext.Variables.Get(Constants.Variables.Agent.RunMode) == Constants.Agent.CommandLine.Flags.Once); var completeJobRetryLimit = 5; var exceptions = new List(); Trace.Info($"Timeline record updates - Attempting completion event with retry limit: {completeJobRetryLimit}"); while (completeJobRetryLimit-- > 0) { try { await jobServer.RaisePlanEventAsync(message.Plan.ScopeIdentifier, message.Plan.PlanType, message.Plan.PlanId, jobCompletedEvent, default(CancellationToken)); Trace.Info($"Timeline record updates completed - Job completed event raised successfully - Final result: {result}"); return result; } catch (TaskOrchestrationPlanNotFoundException ex) { Trace.Error($"TaskOrchestrationPlanNotFoundException received, while attempting to raise JobCompletedEvent for job {message.JobId}."); Trace.Error(ex); return TaskResult.Failed; } catch (TaskOrchestrationPlanSecurityException ex) { Trace.Error($"TaskOrchestrationPlanSecurityException received, while attempting to raise JobCompletedEvent for job {message.JobId}."); Trace.Error(ex); return TaskResult.Failed; } catch (Exception ex) { Trace.Error($"Catch exception while attempting to raise JobCompletedEvent for job {message.JobId}, job request {message.RequestId}."); Trace.Error(ex); exceptions.Add(ex); } // delay 5 seconds before next retry. Trace.Info($"Timeline record updates retry delay - Waiting 5 seconds before retry {5 - completeJobRetryLimit}/5"); await Task.Delay(TimeSpan.FromSeconds(5)); } // rethrow exceptions from all attempts. Trace.Error($"Timeline record updates failed - All {5} retry attempts exhausted, throwing AggregateException"); throw new AggregateException(exceptions); } private async Task ShutdownQueue(bool throwOnFailure) { if (_jobServerQueue != null) { try { Trace.Info("Shutting down the job server queue."); await _jobServerQueue.ShutdownAsync(); } catch (AggregateException ex) { ExceptionsUtil.HandleAggregateException(ex, (msg) => Trace.Error(msg)); if (throwOnFailure) { throw; } } catch (Exception ex) when (!throwOnFailure) { Trace.Error($"Caught exception from {nameof(JobServerQueue)}.{nameof(_jobServerQueue.ShutdownAsync)}"); Trace.Error(ex); } finally { _jobServerQueue = null; // Prevent multiple attempts. } } } // the scheme://hostname:port (how the agent knows the server) is external to our server // in other words, an agent may have it's own way (DNS, hostname) of refering // to the server. it owns that. That's the scheme://hostname:port we will use. // Example: Server's notification url is http://tfsserver:8080/tfs // Agent config url is https://tfsserver.mycompany.com:9090/tfs private Uri ReplaceWithConfigUriBase(Uri messageUri) { AgentSettings settings = HostContext.GetService().GetSettings(); try { Uri result = null; Uri configUri = new Uri(settings.ServerUrl); if (Uri.TryCreate(new Uri(configUri.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped)), messageUri.PathAndQuery, out result)) { //replace the schema and host portion of messageUri with the host from the //server URI (which was set at config time) return result; } } catch (InvalidOperationException ex) { //cannot parse the Uri - not a fatal error Trace.Error(ex); } catch (UriFormatException ex) { //cannot parse the Uri - not a fatal error Trace.Error(ex); } return messageUri; } private void ReplaceConfigUriBaseInJobRequestMessage(Pipelines.AgentJobRequestMessage message) { ServiceEndpoint systemConnection = message.Resources.Endpoints.Single(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); Uri systemConnectionUrl = systemConnection.Url; // fixup any endpoint Url that match SystemConnection Url. foreach (var endpoint in message.Resources.Endpoints) { if (Uri.Compare(endpoint.Url, systemConnectionUrl, UriComponents.SchemeAndServer, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) == 0) { endpoint.Url = ReplaceWithConfigUriBase(endpoint.Url); Trace.Info($"Ensure endpoint url match config url base. {endpoint.Url}"); } } // fixup any repository Url that match SystemConnection Url. foreach (var repo in message.Resources.Repositories) { if (Uri.Compare(repo.Url, systemConnectionUrl, UriComponents.SchemeAndServer, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) == 0) { repo.Url = ReplaceWithConfigUriBase(repo.Url); Trace.Info($"Ensure repository url match config url base. {repo.Url}"); } } // fixup well known variables. (taskDefinitionsUrl, tfsServerUrl, tfsCollectionUrl) if (message.Variables.ContainsKey(WellKnownDistributedTaskVariables.TaskDefinitionsUrl)) { string taskDefinitionsUrl = message.Variables[WellKnownDistributedTaskVariables.TaskDefinitionsUrl].Value; message.Variables[WellKnownDistributedTaskVariables.TaskDefinitionsUrl] = ReplaceWithConfigUriBase(new Uri(taskDefinitionsUrl)).AbsoluteUri; Trace.Info($"Ensure System.TaskDefinitionsUrl match config url base. {message.Variables[WellKnownDistributedTaskVariables.TaskDefinitionsUrl].Value}"); } if (message.Variables.ContainsKey(WellKnownDistributedTaskVariables.TFCollectionUrl)) { string tfsCollectionUrl = message.Variables[WellKnownDistributedTaskVariables.TFCollectionUrl].Value; message.Variables[WellKnownDistributedTaskVariables.TFCollectionUrl] = ReplaceWithConfigUriBase(new Uri(tfsCollectionUrl)).AbsoluteUri; Trace.Info($"Ensure System.TFCollectionUrl match config url base. {message.Variables[WellKnownDistributedTaskVariables.TFCollectionUrl].Value}"); } if (message.Variables.ContainsKey(Constants.Variables.System.TFServerUrl)) { string tfsServerUrl = message.Variables[Constants.Variables.System.TFServerUrl].Value; message.Variables[Constants.Variables.System.TFServerUrl] = ReplaceWithConfigUriBase(new Uri(tfsServerUrl)).AbsoluteUri; Trace.Info($"Ensure System.TFServerUrl match config url base. {message.Variables[Constants.Variables.System.TFServerUrl].Value}"); } } private void PublishTelemetry(IExecutionContext context, string area, String feature, Dictionary properties) { try { var cmd = new Command("telemetry", "publish"); cmd.Data = JsonConvert.SerializeObject(properties, Formatting.None); cmd.Properties.Add("area", area); cmd.Properties.Add("feature", feature); var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(HostContext); publishTelemetryCmd.ProcessCommand(context, cmd); } catch (Exception ex) { Trace.Warning($"Unable to publish agent shutdown telemetry data. Exception: {ex}"); } } } } ================================================ FILE: src/Agent.Worker/Maintenance/MaintenanceJobExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker.Maintenance { public interface IMaintenanceServiceProvider : IExtension { string MaintenanceDescription { get; } Task RunMaintenanceOperation(IExecutionContext context); } public sealed class MaintenanceJobExtension : JobExtension { public override Type ExtensionType => typeof(IJobExtension); public override HostTypes HostType => HostTypes.PoolMaintenance; public override IStep GetExtensionPreJobStep(IExecutionContext jobContext) { return new JobExtensionRunner( runAsync: MaintainAsync, condition: ExpressionManager.Succeeded, displayName: StringUtil.Loc("Maintenance"), data: null); } public override IStep GetExtensionPostJobStep(IExecutionContext jobContext) { return null; } public override string GetRootedPath(IExecutionContext context, string path) { return path; } public override void ConvertLocalPath(IExecutionContext context, string localPath, out string repoName, out string sourcePath) { sourcePath = localPath; repoName = string.Empty; } private async Task MaintainAsync(IExecutionContext executionContext, object data) { // Validate args. Trace.Entering(); var extensionManager = HostContext.GetService(); var maintenanceServiceProviders = extensionManager.GetExtensions(); if (maintenanceServiceProviders != null && maintenanceServiceProviders.Count > 0) { foreach (var maintenanceProvider in maintenanceServiceProviders) { // all maintenance operations should be best effort. executionContext.Section(StringUtil.Loc("StartMaintenance", maintenanceProvider.MaintenanceDescription)); try { await maintenanceProvider.RunMaintenanceOperation(executionContext); } catch (Exception ex) { executionContext.Error(ex); } executionContext.Section(StringUtil.Loc("FinishMaintenance", maintenanceProvider.MaintenanceDescription)); } } } public override void InitializeJobExtension(IExecutionContext context, IList steps, WorkspaceOptions workspace) { return; } } } ================================================ FILE: src/Agent.Worker/ManagementScriptStep.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Runtime.Versioning; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.Expressions; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Microsoft.VisualStudio.Services.Agent.Worker { // This is for internal testing and is not publicly supported. This will be removed from the agent at a later time. [SupportedOSPlatform("windows")] public class ManagementScriptStep : AgentService, IStep { public ManagementScriptStep( string scriptPath, IExpressionNode condition, string displayName) { ScriptPath = scriptPath; Condition = condition; DisplayName = displayName; } public string ScriptPath { get; private set; } public IExpressionNode Condition { get; set; } public string DisplayName { get; private set; } public bool ContinueOnError => false; public bool Enabled => true; public TimeSpan? Timeout => null; public Pipelines.StepTarget Target => null; public string AccessToken { get; set; } public IExecutionContext ExecutionContext { get; set; } public async Task RunAsync() { // Validate script file. if (!File.Exists(ScriptPath)) { throw new FileNotFoundException(StringUtil.Loc("FileNotFound", ScriptPath)); } // Create the handler data. var scriptDirectory = Path.GetDirectoryName(ScriptPath); var handlerData = new PowerShellExeHandlerData() { Target = ScriptPath, WorkingDirectory = scriptDirectory, FailOnStandardError = "false" }; // Create the handler invoker var stepHost = HostContext.CreateService(); // Create the handler. var handlerFactory = HostContext.GetService(); var handler = (PowerShellExeHandler)handlerFactory.Create( executionContext: ExecutionContext, task: null, stepHost: stepHost, endpoints: ExecutionContext.Endpoints, secureFiles: new List(0), data: handlerData, inputs: new Dictionary(), environment: new Dictionary(VarUtil.EnvironmentVariableKeyComparer), runtimeVariables: ExecutionContext.Variables, taskDirectory: scriptDirectory); // Add the access token to the handler. handler.AccessToken = AccessToken; // Run the task. await handler.RunAsync(); } } } ================================================ FILE: src/Agent.Worker/NodeJsUtil.cs ================================================ using System; using System.Collections.Generic; using System.IO; using System.IO.Compression; using System.Net.Http; using System.Net.Sockets; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Util; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Newtonsoft.Json; namespace Microsoft.VisualStudio.Services.Agent.Worker { public class NodeJsUtil { public CancellationToken CancellationToken { protected get; set; } readonly Tracing Tracer; readonly IHostContext HostContext; public NodeJsUtil(IHostContext hostContext) { Tracer = hostContext.GetTrace(this.GetType().Name); HostContext = hostContext; } public async Task DownloadNodeRunnerAsync(IExecutionContext context, CancellationToken cancellationToken) { if (File.Exists(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Externals), "node", "bin", $"node{IOUtil.ExeExtension}"))) { Tracer.Info($"Node 6 runner already exist."); PublishTelemetry(context, "", true, false); return; } string downloadUrl; string urlFileName; if (PlatformUtil.RunningOnWindows) { urlFileName = $"node-v6-latest-win-{VarUtil.OSArchitecture}"; } else { urlFileName = $"node-v6-latest-{VarUtil.OS}-{VarUtil.OSArchitecture}"; } if (PlatformUtil.HostOS == PlatformUtil.OS.OSX && PlatformUtil.HostArchitecture == System.Runtime.InteropServices.Architecture.Arm64) { urlFileName = $"node-v6-latest-darwin-x64"; } urlFileName = urlFileName.ToLower(); downloadUrl = $"https://vstsagenttools.blob.core.windows.net/tools/nodejs/deprecated/{urlFileName}.zip".ToLower(); Tracer.Info($"Downloading Node 6 runner from: {downloadUrl}"); string externalsFolder = HostContext.GetDirectory(WellKnownDirectory.Externals); string filePath = Path.Combine(externalsFolder, $"node_{DateTime.Now.ToFileTime()}.zip"); var timeoutSeconds = 600; var isInstalled = false; using (var downloadTimeout = CancellationTokenSource.CreateLinkedTokenSource(CancellationToken)) { // Set a timeout because sometimes stuff gets stuck. downloadTimeout.CancelAfter(TimeSpan.FromSeconds(timeoutSeconds)); try { Tracer.Info($"Download Node 6 runner: begin download"); using (var handler = HostContext.CreateHttpClientHandler()) { handler.CheckCertificateRevocationList = true; using (var httpClient = new HttpClient(handler)) using (var fs = new FileStream(filePath, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize: 4096, useAsync: true)) using (var result = await httpClient.GetStreamAsync(downloadUrl)) { //81920 is the default used by System.IO.Stream.CopyTo and is under the large object heap threshold (85k). await result.CopyToAsync(fs, 81920, downloadTimeout.Token); await fs.FlushAsync(downloadTimeout.Token); } Tracer.Info($"Extracting downloaded archive into externals folder"); var tempFolder = Path.Combine(externalsFolder, Path.GetFileNameWithoutExtension(filePath)); ZipFile.ExtractToDirectory(filePath, tempFolder); Tracer.Info($"Move node binary into relevant folder"); var sourceFolder = Path.Combine(tempFolder, Directory.GetDirectories(tempFolder)[0], PlatformUtil.RunningOnWindows ? "node" : ""); var destFolder = Path.Combine(externalsFolder, "node"); Directory.Move(sourceFolder, destFolder); Tracer.Info($"Finished getting Node 6 runner at: {externalsFolder}."); isInstalled = true; } } catch (OperationCanceledException) when (downloadTimeout.IsCancellationRequested) { Tracer.Info($"Node 6 runner download has been canceled."); throw; } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, downloadUrl, (message) => Tracer.Warning(message)); } catch (Exception ex) { if (downloadTimeout.Token.IsCancellationRequested) { Tracer.Warning($"Node 6 runner download has timed out after {timeoutSeconds} seconds"); } Tracer.Warning($"Failed to get package '{filePath}' from '{downloadUrl}'. Exception {ex}"); } finally { try { IOUtil.DeleteDirectory(Path.Combine(externalsFolder, urlFileName), cancellationToken); // delete .zip file if (!string.IsNullOrEmpty(filePath) && File.Exists(filePath)) { Tracer.Verbose(StringUtil.Format("Deleting Node 6 runner package zip: {0}", filePath)); IOUtil.DeleteFile(filePath); IOUtil.DeleteDirectory(Path.Combine(externalsFolder, Path.GetFileNameWithoutExtension(filePath)), cancellationToken); } } catch (Exception ex) { //it is not critical if we fail to delete the .zip file Tracer.Warning(StringUtil.Format("Failed to delete Node 6 runner package zip '{0}'. Exception: {1}", filePath, ex)); } PublishTelemetry(context, downloadUrl, false, isInstalled); } } } private void PublishTelemetry(IExecutionContext context, string binaryUrl, bool node6Exist, bool downloadResult) { try { var systemVersion = PlatformUtil.GetSystemVersion(); var telemetryData = new Dictionary { { "OS", PlatformUtil.GetSystemId() ?? "" }, { "OSVersion", systemVersion?.Name?.ToString() ?? "" }, { "OSBuild", systemVersion?.Version?.ToString() ?? "" }, { "Node6Exist", node6Exist.ToString()}, { "Node6DownloadLink", binaryUrl}, { "DownloadResult", downloadResult.ToString()} }; var cmd = new Command("telemetry", "publish"); cmd.Data = JsonConvert.SerializeObject(telemetryData, Formatting.None); cmd.Properties.Add("area", "PipelinesTasks"); cmd.Properties.Add("feature", "Node6Installer"); var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(HostContext); publishTelemetryCmd.ProcessCommand(context, cmd); } catch (Exception ex) { Tracer.Warning($"Unable to publish Node 6 installation telemetry data. Exception: {ex}"); } } } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/CustomNodeStrategy.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Container; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { public sealed class CustomNodeStrategy : INodeVersionStrategy { public NodeRunnerInfo CanHandle(TaskContext context, IExecutionContext executionContext, GlibcCompatibilityInfo glibcInfo) { string customPath = null; string source = null; if (context.Container == null && context.StepTarget != null) { customPath = context.StepTarget.CustomNodePath; source = "StepTarget.CustomNodePath"; } else if (context.Container != null) { customPath = context.Container.CustomNodePath; source = "Container.CustomNodePath"; } if (string.IsNullOrWhiteSpace(customPath)) { executionContext.Debug("[CustomNodeStrategy] No custom node path found"); return null; } executionContext.Debug($"[CustomNodeStrategy] Found custom node path in {source}: {customPath}"); return new NodeRunnerInfo { NodePath = customPath, NodeVersion = NodeVersion.Custom, Reason = $"Custom Node.js path specified by user ({source})", Warning = null }; } public NodeRunnerInfo CanHandleInContainer(TaskContext context, IExecutionContext executionContext, IDockerCommandManager dockerManager) { // Use the same logic as CanHandle, but specifically for container scenarios return CanHandle(context, executionContext, null); } } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/GlibcCompatibilityInfo.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { /// /// Contains glibc compatibility information for different Node.js versions. /// public class GlibcCompatibilityInfo { /// /// True if Node24 has glibc compatibility errors (requires glibc 2.28+). /// public bool Node24HasGlibcError { get; set; } /// /// True if Node20 has glibc compatibility errors (requires glibc 2.17+). /// public bool Node20HasGlibcError { get; set; } /// /// Creates a new instance with no glibc errors (compatible system). /// public static GlibcCompatibilityInfo Compatible => new GlibcCompatibilityInfo { Node24HasGlibcError = false, Node20HasGlibcError = false }; /// /// Creates a new instance with specific compatibility information. /// public static GlibcCompatibilityInfo Create(bool node24HasGlibcError, bool node20HasGlibcError) => new GlibcCompatibilityInfo { Node24HasGlibcError = node24HasGlibcError, Node20HasGlibcError = node20HasGlibcError }; } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/GlibcCompatibilityInfoProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Threading.Tasks; using System.Threading; using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { /// /// Utility class for checking glibc compatibility with Node.js versions on Linux systems. /// public class GlibcCompatibilityInfoProvider : AgentService, IGlibcCompatibilityInfoProvider { private static bool? _supportsNode20; private static bool? _supportsNode24; public GlibcCompatibilityInfoProvider() { // Parameterless constructor for dependency injection } public GlibcCompatibilityInfoProvider(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); } /// /// Checks glibc compatibility for both Node20 and Node24. /// This method combines the behavior from NodeHandler for both Node versions. /// /// GlibcCompatibilityInfo containing compatibility results for both Node versions public virtual async Task CheckGlibcCompatibilityAsync(IExecutionContext _executionContext) { bool useNode20InUnsupportedSystem = AgentKnobs.UseNode20InUnsupportedSystem.GetValue(_executionContext).AsBoolean(); bool useNode24InUnsupportedSystem = AgentKnobs.UseNode24InUnsupportedSystem.GetValue(_executionContext).AsBoolean(); bool node20HasGlibcError = false; bool node24HasGlibcError = false; // Only perform glibc compatibility checks on Linux systems if (!IsLinuxPlatform()) { // Non-Linux systems (Windows, macOS) don't have glibc compatibility issues return GlibcCompatibilityInfo.Create(node24HasGlibcError: false, node20HasGlibcError: false); } if (!useNode20InUnsupportedSystem) { if (_supportsNode20.HasValue) { node20HasGlibcError = !_supportsNode20.Value; } else { node20HasGlibcError = await CheckIfNodeResultsInGlibCErrorAsync("node20_1", _executionContext); _executionContext.EmitHostNode20FallbackTelemetry(node20HasGlibcError); _supportsNode20 = !node20HasGlibcError; } } if (!useNode24InUnsupportedSystem) { if (_supportsNode24.HasValue) { node24HasGlibcError = !_supportsNode24.Value; } else { node24HasGlibcError = await CheckIfNodeResultsInGlibCErrorAsync("node24", _executionContext); _executionContext.EmitHostNode24FallbackTelemetry(node24HasGlibcError); _supportsNode24 = !node24HasGlibcError; } } return GlibcCompatibilityInfo.Create(node24HasGlibcError, node20HasGlibcError); } /// /// Gets glibc compatibility information based on the execution context (host vs container). /// /// The task context containing container and handler information /// Glibc compatibility information for the current execution environment public virtual async Task GetGlibcCompatibilityAsync(TaskContext context, IExecutionContext _executionContext) { ArgUtil.NotNull(context, nameof(context)); string environmentType = context.Container != null ? "Container" : "Host"; if (context.Container == null) { // Host execution - check actual glibc compatibility var glibcInfo = await CheckGlibcCompatibilityAsync(_executionContext); _executionContext.Debug($"[{environmentType}] Host glibc compatibility - Node24: {!glibcInfo.Node24HasGlibcError}, Node20: {!glibcInfo.Node20HasGlibcError}"); return glibcInfo; } else { // Container execution - use container-specific redirect information var glibcInfo = GlibcCompatibilityInfo.Create( node24HasGlibcError: context.Container.NeedsNode20Redirect, node20HasGlibcError: context.Container.NeedsNode16Redirect); _executionContext.Debug($"[{environmentType}] Container glibc compatibility - Node24: {!glibcInfo.Node24HasGlibcError}, Node20: {!glibcInfo.Node20HasGlibcError}"); return glibcInfo; } } /// /// Checks if the specified Node.js version results in glibc compatibility errors. /// /// The node folder name (e.g., "node20_1", "node24") /// True if glibc error is detected, false otherwise public virtual async Task CheckIfNodeResultsInGlibCErrorAsync(string nodeFolder, IExecutionContext _executionContext) { var nodePath = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Externals), nodeFolder, "bin", $"node{IOUtil.ExeExtension}"); if (!NodeBinaryExists(nodePath)) { return true; } List nodeVersionOutput = await ExecuteCommandAsync(_executionContext, nodePath, "-v", requireZeroExitCode: false, showOutputOnFailureOnly: true); var nodeResultsInGlibCError = WorkerUtilities.IsCommandResultGlibcError(_executionContext, nodeVersionOutput, out string nodeInfoLine); return nodeResultsInGlibCError; } protected virtual bool NodeBinaryExists(string nodePath) { return File.Exists(nodePath); } /// /// Determines if the current platform is Linux. Virtual for testing override. /// /// True if running on Linux, false otherwise protected virtual bool IsLinuxPlatform() { return PlatformUtil.HostOS == PlatformUtil.OS.Linux; } private async Task> ExecuteCommandAsync(IExecutionContext context, string command, string arg, bool requireZeroExitCode, bool showOutputOnFailureOnly) { string commandLog = $"{command} {arg}"; if (!showOutputOnFailureOnly) { context.Command(commandLog); } List outputs = new List(); object outputLock = new object(); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { if (!string.IsNullOrEmpty(message.Data)) { lock (outputLock) { outputs.Add(message.Data); } } }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { if (!string.IsNullOrEmpty(message.Data)) { lock (outputLock) { outputs.Add(message.Data); } } }; var exitCode = await processInvoker.ExecuteAsync( workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: command, arguments: arg, environment: null, requireExitCodeZero: requireZeroExitCode, outputEncoding: null, cancellationToken: System.Threading.CancellationToken.None); if (!showOutputOnFailureOnly || exitCode != 0) { if (showOutputOnFailureOnly) { context.Command(commandLog); } foreach (var outputLine in outputs) { context.Debug(outputLine); } } return outputs; } } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/IGlibcCompatibilityInfoProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Worker; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { /// /// Interface for checking glibc compatibility with Node.js versions on Linux systems. /// [ServiceLocator(Default = typeof(GlibcCompatibilityInfoProvider))] public interface IGlibcCompatibilityInfoProvider : IAgentService { /// /// Checks glibc compatibility for both Node20 and Node24. /// /// GlibcCompatibilityInfo containing compatibility results for both Node versions Task CheckGlibcCompatibilityAsync(IExecutionContext executionContext); /// /// Gets glibc compatibility information, adapting to execution context (host vs container). /// /// Task execution context for determining environment /// The execution context for logging and knob access /// GlibcCompatibilityInfo containing compatibility results for both Node versions Task GetGlibcCompatibilityAsync(TaskContext context, IExecutionContext executionContext); /// /// Checks if the specified Node.js version results in glibc compatibility errors. /// /// The node folder name (e.g., "node20_1", "node24") /// The execution context for logging and telemetry /// True if glibc error is detected, false otherwise Task CheckIfNodeResultsInGlibCErrorAsync(string nodeFolder, IExecutionContext executionContext); } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/INodeVersionStrategy.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.VisualStudio.Services.Agent.Worker.Container; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { /// /// Strategy interface for both host and container node selection. /// public interface INodeVersionStrategy { /// /// Evaluates if this strategy can handle the given context and determines the node version to use. /// Includes handler type checks, knob evaluation, EOL policy enforcement, and glibc compatibility. /// /// Context with environment, task, and glibc information /// Execution context for knob evaluation /// Glibc compatibility information for Node versions /// NodeRunnerInfo with selected version and metadata if this strategy can handle the context, null if it cannot handle /// Thrown when EOL policy prevents using any compatible version NodeRunnerInfo CanHandle(TaskContext context, IExecutionContext executionContext, GlibcCompatibilityInfo glibcInfo); /// /// Evaluates if this strategy can handle container execution and determines the node version to use. /// Only Node24, Node20, and Node16 strategies support container execution. /// /// Context with container and task information /// Execution context for knob evaluation /// Docker command manager for container operations /// NodeRunnerInfo with selected version and metadata if this strategy can handle container execution, null if it cannot handle or doesn't support containers /// Thrown when EOL policy prevents using any compatible version NodeRunnerInfo CanHandleInContainer(TaskContext context, IExecutionContext executionContext, IDockerCommandManager dockerManager) { // Default implementation: older strategies (Node10, Node6) don't support container execution return null; } } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/Node10Strategy.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { public sealed class Node10Strategy : INodeVersionStrategy { public NodeRunnerInfo CanHandle(TaskContext context, IExecutionContext executionContext, GlibcCompatibilityInfo glibcInfo) { bool eolPolicyEnabled = AgentKnobs.EnableEOLNodeVersionPolicy.GetValue(executionContext).AsBoolean(); string taskName = executionContext.Variables.Get(Constants.Variables.Task.DisplayName) ?? "Unknown Task"; if (context.EffectiveMaxVersion < 10) { executionContext.Debug($"[Node10Strategy] EffectiveMaxVersion={context.EffectiveMaxVersion} < 10, skipping"); return null; } if (eolPolicyEnabled) { throw new NotSupportedException(StringUtil.Loc("NodeEOLPolicyBlocked", "Node10")); } if (context.HandlerData is Node10HandlerData) { return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node10, Reason = "Selected for Node10 task handler", Warning = StringUtil.Loc("NodeEOLRetirementWarning", taskName) }; } bool isAlpine = PlatformUtil.RunningOnAlpine; if (isAlpine) { executionContext.Warning( "Using Node10 on Alpine Linux because Node6 is not compatible. " + "Node10 has reached End-of-Life. Please upgrade to Node20 or Node24 for continued support."); return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node10, Reason = "Selected for Alpine Linux compatibility (Node6 incompatible)", Warning = StringUtil.Loc("NodeEOLRetirementWarning", taskName) }; } return null; } } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/Node16Strategy.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Container; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { public sealed class Node16Strategy : INodeVersionStrategy { public NodeRunnerInfo CanHandle(TaskContext context, IExecutionContext executionContext, GlibcCompatibilityInfo glibcInfo) { bool eolPolicyEnabled = AgentKnobs.EnableEOLNodeVersionPolicy.GetValue(executionContext).AsBoolean(); string taskName = executionContext.Variables.Get(Constants.Variables.Task.DisplayName) ?? "Unknown Task"; if (context.EffectiveMaxVersion < 16) { executionContext.Debug($"[Node16Strategy] EffectiveMaxVersion={context.EffectiveMaxVersion} < 16, skipping"); return null; } if (eolPolicyEnabled) { executionContext.Debug(StringUtil.Loc("NodeEOLFallbackBlocked", "Node16")); throw new NotSupportedException(StringUtil.Loc("NodeEOLPolicyBlocked", "Node16")); } if (context.HandlerData is Node16HandlerData) { return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node16, Reason = "Selected for Node16 task handler", Warning = StringUtil.Loc("NodeEOLRetirementWarning", taskName) }; } return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node16, Reason = "Fallback to Node16 due to glibc issues", Warning = StringUtil.Loc("NodeEOLRetirementWarning", taskName) }; } public NodeRunnerInfo CanHandleInContainer(TaskContext context, IExecutionContext executionContext, IDockerCommandManager dockerManager) { if (context.Container == null) { executionContext.Debug("[Node16Strategy] CanHandleInContainer called but no container context provided"); return null; } bool eolPolicyEnabled = AgentKnobs.EnableEOLNodeVersionPolicy.GetValue(executionContext).AsBoolean(); if (eolPolicyEnabled) { executionContext.Debug("[Node16Strategy] Node16 blocked by EOL policy in container"); throw new NotSupportedException("No compatible Node.js version available for container execution. Node16 is blocked by EOL policy. Please update your pipeline to use Node20 or Node24 tasks."); } executionContext.Debug("[Node16Strategy] Providing Node16 as final fallback for container"); return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node16, Reason = "Final fallback to Node16 for container execution", Warning = "Using Node16 in container. Consider updating to Node20 or Node24 for better performance and security." }; } } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/Node20Strategy.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using System.Collections.Generic; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { public sealed class Node20Strategy : INodeVersionStrategy { public NodeRunnerInfo CanHandle(TaskContext context, IExecutionContext executionContext, GlibcCompatibilityInfo glibcInfo) { bool useNode20Globally = AgentKnobs.UseNode20_1.GetValue(executionContext).AsBoolean(); bool eolPolicyEnabled = AgentKnobs.EnableEOLNodeVersionPolicy.GetValue(executionContext).AsBoolean(); string taskName = executionContext.Variables.Get(Constants.Variables.Task.DisplayName) ?? "Unknown Task"; if (glibcInfo.Node20HasGlibcError) { executionContext.Debug("[Node20Strategy] Node20 has glibc compatibility issue, skipping"); return null; } if (useNode20Globally) { return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node20, Reason = "Selected via global AGENT_USE_NODE20_1 override", Warning = null }; } if (eolPolicyEnabled) { return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node20, Reason = "Upgraded from end-of-life Node version due to EOL policy", Warning = context.EffectiveMaxVersion <= NodeVersionHelper.MaxEOLNodeVersion ? StringUtil.Loc("NodeEOLUpgradeWarning", taskName) : null }; } if (context.EffectiveMaxVersion < 20) { executionContext.Debug($"[Node20Strategy] EffectiveMaxVersion={context.EffectiveMaxVersion} < 20, skipping"); return null; } if (context.HandlerData is Node20_1HandlerData) { return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node20, Reason = "Selected for Node20 task handler", Warning = null }; } return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node20, Reason = "Fallback to Node20", Warning = StringUtil.Loc("NodeGlibcFallbackWarning", "agent", "Node24", "Node20") }; } public NodeRunnerInfo CanHandleInContainer(TaskContext context, IExecutionContext executionContext, IDockerCommandManager dockerManager) { if (context.Container == null) { executionContext.Debug("[Node20Strategy] CanHandleInContainer called but no container context provided"); return null; } bool useNode20ToStartContainer = AgentKnobs.UseNode20ToStartContainer.GetValue(executionContext).AsBoolean(); if (!useNode20ToStartContainer) { executionContext.Debug("[Node20Strategy] UseNode20ToStartContainer=false, cannot handle container"); return null; } executionContext.Debug("[Node20Strategy] UseNode20ToStartContainer=true, checking Node20 availability in container"); try { if (NodeContainerTestHelper.CanExecuteNodeInContainer(context, executionContext, dockerManager, NodeVersion.Node20, "Node20Strategy")) { return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node20, Reason = "Node20 available in container via UseNode20ToStartContainer knob", Warning = null }; } else { executionContext.Debug("[Node20Strategy] Node20 test failed in container, returning null for fallback"); return null; } } catch (Exception ex) { executionContext.Warning($"[Node20Strategy] Failed to test Node20 in container: {ex.Message}"); return null; } } } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/Node24Strategy.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { public sealed class Node24Strategy : INodeVersionStrategy { private readonly INodeHandlerHelper _nodeHandlerHelper; public Node24Strategy(INodeHandlerHelper nodeHandlerHelper) { _nodeHandlerHelper = nodeHandlerHelper ?? throw new ArgumentNullException(nameof(nodeHandlerHelper)); } public NodeRunnerInfo CanHandle(TaskContext context, IExecutionContext executionContext, GlibcCompatibilityInfo glibcInfo) { bool useNode24Globally = AgentKnobs.UseNode24.GetValue(executionContext).AsBoolean(); bool useNode24WithHandlerData = AgentKnobs.UseNode24withHandlerData.GetValue(executionContext).AsBoolean(); bool eolPolicyEnabled = AgentKnobs.EnableEOLNodeVersionPolicy.GetValue(executionContext).AsBoolean(); var hostContext = executionContext.GetHostContext(); string node24Folder = NodeVersionHelper.GetFolderName(NodeVersion.Node24); string taskName = executionContext.Variables.Get(Constants.Variables.Task.DisplayName) ?? "Unknown Task"; if (!_nodeHandlerHelper.IsNodeExecutable(node24Folder, hostContext, executionContext)) { executionContext.Debug("[Node24Strategy] Node24 not executable on this platform (e.g., node binary missing or incompatible or exit code 216), checking fallback options"); return null; } if (glibcInfo.Node24HasGlibcError) { executionContext.Debug(StringUtil.Loc("NodeGlibcFallbackWarning", "agent", "Node24", "Node20")); return null; } if (useNode24Globally) { executionContext.Debug("[Node24Strategy] AGENT_USE_NODE24=true, global override"); return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node24, Reason = "Selected via global AGENT_USE_NODE24 override", Warning = null }; } if (eolPolicyEnabled) { return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node24, Reason = "Upgraded from end-of-life Node version due to EOL policy", Warning = context.EffectiveMaxVersion <= NodeVersionHelper.MaxEOLNodeVersion ? StringUtil.Loc("NodeEOLUpgradeWarning", taskName) : null }; } if (context.EffectiveMaxVersion < 24) { executionContext.Debug($"[Node24Strategy] EffectiveMaxVersion={context.EffectiveMaxVersion} < 24, skipping"); return null; } if (context.HandlerData is Node24HandlerData) { if (!useNode24WithHandlerData) { executionContext.Debug("[Node24Strategy] Node24 handler detected but UseNode24withHandlerData=false, skipping"); return null; } return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node24, Reason = "Selected for Node24 task handler", Warning = null }; } return null; } public NodeRunnerInfo CanHandleInContainer(TaskContext context, IExecutionContext executionContext, IDockerCommandManager dockerManager) { if (context.Container == null) { executionContext.Debug("[Node24Strategy] CanHandleInContainer called but no container context provided"); return null; } bool useNode24ToStartContainer = AgentKnobs.UseNode24ToStartContainer.GetValue(executionContext).AsBoolean(); if (!useNode24ToStartContainer) { executionContext.Debug("[Node24Strategy] UseNode24ToStartContainer=false, cannot handle container"); return null; } executionContext.Debug("[Node24Strategy] UseNode24ToStartContainer=true, checking Node24 availability in container"); try { if (NodeContainerTestHelper.CanExecuteNodeInContainer(context, executionContext, dockerManager, NodeVersion.Node24, "Node24Strategy")) { return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node24, Reason = "Node24 available in container via UseNode24ToStartContainer knob", Warning = null }; } else { executionContext.Debug("[Node24Strategy] Node24 test failed in container, returning null for fallback"); return null; } } catch (Exception ex) { executionContext.Warning($"[Node24Strategy] Failed to test Node24 in container: {ex.Message}"); return null; } } } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/Node6Strategy.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { public sealed class Node6Strategy : INodeVersionStrategy { public NodeRunnerInfo CanHandle(TaskContext context, IExecutionContext executionContext, GlibcCompatibilityInfo glibcInfo) { bool eolPolicyEnabled = AgentKnobs.EnableEOLNodeVersionPolicy.GetValue(executionContext).AsBoolean(); bool hasNode6Handler = context.HandlerData != null && context.HandlerData.GetType() == typeof(NodeHandlerData); string taskName = executionContext.Variables.Get(Constants.Variables.Task.DisplayName) ?? "Unknown Task"; if (eolPolicyEnabled) { throw new NotSupportedException(StringUtil.Loc("NodeEOLPolicyBlocked", "Node6")); } if (hasNode6Handler) { return new NodeRunnerInfo { NodePath = null, NodeVersion = NodeVersion.Node6, Reason = "Selected for Node6 task handler", Warning = StringUtil.Loc("NodeEOLRetirementWarning", taskName) }; } return null; } } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/NodeContainerTestHelper.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Container; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { /// /// Helper class for testing Node.js availability in containers. /// public static class NodeContainerTestHelper { /// /// Tests if a specific Node version can execute in the container. /// Cross-platform scenarios are handled earlier in the orchestrator. /// public static bool CanExecuteNodeInContainer(TaskContext context, IExecutionContext executionContext, IDockerCommandManager dockerManager, NodeVersion nodeVersion, string strategyName) { var container = context.Container; ArgUtil.NotNull(container, nameof(container)); ArgUtil.NotNull(container.ContainerId, nameof(container.ContainerId)); try { executionContext.Debug($"[{strategyName}] Testing {nodeVersion} availability in container {container.ContainerId}"); var hostContext = executionContext.GetHostContext(); string nodeFolder = NodeVersionHelper.GetFolderName(nodeVersion); string hostPath = Path.Combine(hostContext.GetDirectory(WellKnownDirectory.Externals), nodeFolder, "bin", $"node{IOUtil.ExeExtension}"); string containerNodePath = container.TranslateToContainerPath(hostPath); // Fix path and extension for target container OS if (container.ImageOS == PlatformUtil.OS.Linux) { containerNodePath = containerNodePath.Replace('\\', '/'); if (containerNodePath.EndsWith(".exe", StringComparison.OrdinalIgnoreCase)) { containerNodePath = containerNodePath.Substring(0, containerNodePath.Length - 4); } } executionContext.Debug($"[{strategyName}] Testing path: {containerNodePath}"); bool result = ExecuteNodeTestCommand(context, executionContext, dockerManager, containerNodePath, strategyName, $"agent {nodeVersion} binaries"); return result; } catch (Exception ex) { executionContext.Debug($"[{strategyName}] Exception testing {nodeVersion}: {ex.Message}"); return false; } } /// /// Executes the node --version command in the container to test Node.js availability. /// private static bool ExecuteNodeTestCommand(TaskContext context, IExecutionContext executionContext, IDockerCommandManager dockerManager, string nodePath, string strategyName, string nodeDescription) { var container = context.Container; try { var output = new List(); // Format command following the same pattern as ContainerOperationProvider startup commands string testCommand; if (PlatformUtil.RunningOnWindows) { if (container.ImageOS == PlatformUtil.OS.Windows) { testCommand = $"cmd.exe /c \"\"{nodePath}\" --version\""; } else { testCommand = $"bash -c \"{nodePath} --version\""; } } else { testCommand = $"bash -c \"{nodePath} --version\""; } executionContext.Debug($"[{strategyName}] Testing {nodeDescription} with command: {testCommand}"); int exitCode = dockerManager.DockerExec(executionContext, container.ContainerId, string.Empty, testCommand, output).Result; if (exitCode == 0 && output.Count > 0) { executionContext.Debug($"[{strategyName}] {nodeDescription} test successful: {output[0]}"); return true; } else { executionContext.Debug($"[{strategyName}] {nodeDescription} test failed with exit code {exitCode}"); return false; } } catch (Exception ex) { executionContext.Debug($"[{strategyName}] Exception testing {nodeDescription}: {ex.Message}"); return false; } } } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/NodeRunnerInfo.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { /// /// Represents the available Node.js versions supported by the agent. /// public enum NodeVersion { Node6, Node10, Node16, Node20, Node24, Custom, ContainerDefaultNode } /// /// Helper class for NodeVersion operations. /// public static class NodeVersionHelper { /// /// The highest Node version considered end-of-life. /// Tasks with EffectiveMaxVersion at or below this threshold get an EOL upgrade warning. /// public const int MaxEOLNodeVersion = 16; /// /// Gets the folder name for the specified NodeVersion. /// public static string GetFolderName(NodeVersion version) { return version switch { NodeVersion.Node6 => "node", NodeVersion.Node10 => "node10", NodeVersion.Node16 => "node16", NodeVersion.Node20 => "node20_1", NodeVersion.Node24 => "node24", NodeVersion.Custom => "custom", NodeVersion.ContainerDefaultNode => "container_default_node", _ => throw new ArgumentOutOfRangeException(nameof(version)) }; } } /// /// Result containing the selected Node path and metadata. /// Used by strategy pattern for both host and container node selection. /// public sealed class NodeRunnerInfo { /// /// Full path to the node executable. /// public string NodePath { get; set; } /// /// The node version selected. /// public NodeVersion NodeVersion { get; set; } /// /// Explanation of why this version was selected. /// Used for debugging and telemetry. /// public string Reason { get; set; } /// /// Optional warning message to display to user. /// Example: "Container OS doesn't support Node24, using Node20 instead." /// public string Warning { get; set; } } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/NodeVersionOrchestrator.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading.Tasks; using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { public sealed class NodeVersionOrchestrator { private readonly List _strategies; private readonly IExecutionContext ExecutionContext; private readonly IHostContext HostContext; private readonly IGlibcCompatibilityInfoProvider GlibcChecker; public NodeVersionOrchestrator(IExecutionContext executionContext, IHostContext hostContext) : this(executionContext, hostContext, new NodeHandlerHelper()) { } public NodeVersionOrchestrator(IExecutionContext executionContext, IHostContext hostContext, INodeHandlerHelper nodeHandlerHelper) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(hostContext, nameof(hostContext)); ArgUtil.NotNull(nodeHandlerHelper, nameof(nodeHandlerHelper)); ExecutionContext = executionContext; HostContext = hostContext; GlibcChecker = HostContext.GetService(); GlibcChecker.Initialize(hostContext); _strategies = new List(); // IMPORTANT: Strategy order determines selection priority // Add strategies in descending priority order (newest/preferred versions first) // The orchestrator will try each strategy in order until one can handle the request _strategies.Add(new CustomNodeStrategy()); _strategies.Add(new Node24Strategy(nodeHandlerHelper)); _strategies.Add(new Node20Strategy()); _strategies.Add(new Node16Strategy()); _strategies.Add(new Node10Strategy()); _strategies.Add(new Node6Strategy()); } /// /// Host-specific node version selection using CanHandle methods. /// Follows the standard strategy precedence: Custom Node → Node24 → Node20 → Node16 → Node10 → Node6. /// public async Task SelectNodeVersionForHostAsync(TaskContext context) { string environmentType = "Host"; ExecutionContext.Debug($"[{environmentType}] Starting node version selection"); ExecutionContext.Debug($"[{environmentType}] Handler type: {context.HandlerData?.GetType().Name ?? "null"}"); var glibcInfo = await GlibcChecker.GetGlibcCompatibilityAsync(context, ExecutionContext); foreach (var strategy in _strategies) { ExecutionContext.Debug($"[{environmentType}] Checking strategy: {strategy.GetType().Name}"); try { var selectionResult = strategy.CanHandle(context, ExecutionContext, glibcInfo); if (selectionResult != null) { var result = CreateNodeRunnerInfoWithPath(context, selectionResult); // Publish telemetry for monitoring node version selection via Kusto PublishNodeVersionSelectionTelemetry(result, strategy, environmentType, context); ExecutionContext.Output( $"[{environmentType}] Selected Node version: {result.NodeVersion} (Strategy: {strategy.GetType().Name})"); ExecutionContext.Debug($"[{environmentType}] Node path: {result.NodePath}"); ExecutionContext.Debug($"[{environmentType}] Reason: {result.Reason}"); if (!string.IsNullOrEmpty(result.Warning)) { ExecutionContext.Warning(result.Warning); } return result; } else { ExecutionContext.Debug($"[{environmentType}] Strategy '{strategy.GetType().Name}' cannot handle this context"); } } catch (NotSupportedException ex) { ExecutionContext.Debug($"[{environmentType}] Strategy '{strategy.GetType().Name}' blocked: {ex.Message} - trying next strategy"); } catch (Exception ex) { ExecutionContext.Warning($"[{environmentType}] Strategy '{strategy.GetType().Name}' threw unexpected exception: {ex.Message} - trying next strategy"); } } string handlerType = context.HandlerData?.GetType().Name ?? "Unknown"; ExecutionContext.Debug(StringUtil.Loc("NodeVersionNotAvailable", handlerType)); throw new NotSupportedException($"No compatible Node.js version available for host execution. Handler type: {handlerType}. This may occur if all available versions are blocked by EOL policy. Please update your pipeline to use Node20 or Node24 tasks. To temporarily disable EOL policy: Set AGENT_RESTRICT_EOL_NODE_VERSIONS=false"); } /// /// Gets strategies that support container execution (Custom node, Node24, Node20, Node16). /// Only these strategies have CanHandleInContainer implementations. /// private IEnumerable GetContainerCapableStrategies() { return _strategies.Take(4); } /// /// Container-specific node version selection using CanHandleInContainer methods. /// Follows the container knob precedence: Custom Node → Node24 → Node20 → Node16. /// public NodeRunnerInfo SelectNodeVersionForContainer(TaskContext context, IDockerCommandManager dockerManager) { string environmentType = "Container"; ExecutionContext.Debug($"[{environmentType}] Starting container node version selection"); ExecutionContext.Debug($"[{environmentType}] Handler type: {context.HandlerData?.GetType().Name ?? "null"}"); if (PlatformUtil.RunningOnMacOS || (PlatformUtil.RunningOnWindows && context.Container.ImageOS == PlatformUtil.OS.Linux)) { ExecutionContext.Debug($"[{environmentType}] Cross-platform scenario detected - using container's built-in Node.js"); ExecutionContext.Debug($"[{environmentType}] Agent OS: {(PlatformUtil.RunningOnMacOS ? "macOS" : "Windows")}, Container OS: {context.Container.ImageOS}"); var crossPlatformResult = new NodeRunnerInfo { NodePath = "node", NodeVersion = NodeVersion.ContainerDefaultNode, Reason = "Cross-platform scenario requires container's built-in Node.js" }; ExecutionContext.Output($"[{environmentType}] Selected Node version: {crossPlatformResult.NodeVersion} (Cross-platform fallback)"); ExecutionContext.Debug($"[{environmentType}] Node path: {crossPlatformResult.NodePath}"); ExecutionContext.Debug($"[{environmentType}] Reason: {crossPlatformResult.Reason}"); return crossPlatformResult; } foreach (var strategy in GetContainerCapableStrategies()) { ExecutionContext.Debug($"[{environmentType}] Checking container strategy: {strategy.GetType().Name}"); try { var selectionResult = strategy.CanHandleInContainer(context, ExecutionContext, dockerManager); if (selectionResult != null) { var result = CreateNodeRunnerInfoWithPath(context, selectionResult); PublishNodeVersionSelectionTelemetry(result, strategy, environmentType, context); ExecutionContext.Output( $"[{environmentType}] Selected Node version: {result.NodeVersion} (Strategy: {strategy.GetType().Name})"); ExecutionContext.Debug($"[{environmentType}] Node path: {result.NodePath}"); ExecutionContext.Debug($"[{environmentType}] Reason: {result.Reason}"); if (!string.IsNullOrEmpty(result.Warning)) { ExecutionContext.Warning(result.Warning); } return result; } else { ExecutionContext.Debug($"[{environmentType}] Strategy '{strategy.GetType().Name}' cannot handle this container context"); } } catch (NotSupportedException ex) { ExecutionContext.Debug($"[{environmentType}] Strategy '{strategy.GetType().Name}' threw NotSupportedException: {ex.Message}"); ExecutionContext.Error($"Container node version selection failed: {ex.Message}"); throw; } catch (Exception ex) { ExecutionContext.Warning($"[{environmentType}] Strategy '{strategy.GetType().Name}' threw unexpected exception: {ex.Message} - trying next strategy"); } } throw new NotSupportedException("No Node.js version could be selected for container execution. Please check your container knobs and node availability."); } private NodeRunnerInfo CreateNodeRunnerInfoWithPath(TaskContext context, NodeRunnerInfo selection) { if (selection.NodeVersion == NodeVersion.Custom) { return selection; } string externalsPath = HostContext.GetDirectory(WellKnownDirectory.Externals); string nodeFolder = NodeVersionHelper.GetFolderName(selection.NodeVersion); if (context.Container != null) { // Container execution: use agent binaries (cross-platform scenarios are handled earlier in SelectNodeVersionForContainer) string containerExeExtension = context.Container.ImageOS == PlatformUtil.OS.Windows ? ".exe" : ""; string hostPath = Path.Combine(externalsPath, nodeFolder, "bin", $"node{IOUtil.ExeExtension}"); string containerNodePath = context.Container.TranslateToContainerPath(hostPath); // Fix the executable extension for the container OS string finalPath = containerNodePath.Replace($"node{IOUtil.ExeExtension}", $"node{containerExeExtension}"); return new NodeRunnerInfo { NodePath = finalPath, NodeVersion = selection.NodeVersion, Reason = selection.Reason, Warning = selection.Warning }; } else { // Host execution: use host OS executable extension string hostPath = Path.Combine(externalsPath, nodeFolder, "bin", $"node{IOUtil.ExeExtension}"); return new NodeRunnerInfo { NodePath = hostPath, NodeVersion = selection.NodeVersion, Reason = selection.Reason, Warning = selection.Warning }; } } private void PublishNodeVersionSelectionTelemetry(NodeRunnerInfo result, INodeVersionStrategy strategy, string environmentType, TaskContext context) { try { var telemetryData = new Dictionary { { "NodeVersion", result.NodeVersion.ToString() }, { "Strategy", strategy.GetType().Name }, { "EnvironmentType", environmentType }, { "HandlerType", context.HandlerData?.GetType().Name ?? "Unknown" }, { "SelectionReason", result.Reason ?? "" }, { "HasWarning", (!string.IsNullOrEmpty(result.Warning)).ToString() }, { "JobId", ExecutionContext.Variables.System_JobId.ToString() }, { "PlanId", ExecutionContext.Variables.Get(Constants.Variables.System.PlanId) ?? "" }, { "AgentName", ExecutionContext.Variables.Get(Constants.Variables.Agent.Name) ?? "" }, { "IsContainer", (context.Container != null).ToString() }, { "Architecture", PlatformUtil.HostArchitecture.ToString() } }; ExecutionContext.PublishTaskRunnerTelemetry(telemetryData); } catch (Exception ex) { ExecutionContext.Debug($"Failed to publish node version selection telemetry: {ex.Message}"); } } } } ================================================ FILE: src/Agent.Worker/NodeVersionStrategies/TaskContext.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies { /// /// Context for both host and container node selection. /// Contains runtime data - strategies read their own knobs via ExecutionContext. /// public sealed class TaskContext { /// /// The handler data from the task definition. /// public BaseNodeHandlerData HandlerData { get; set; } /// /// Container information for path translation. Null for host execution. /// public ContainerInfo Container { get; set; } /// /// Step target for custom node path lookup. Null for container execution. /// public ExecutionTargetInfo StepTarget { get; set; } /// /// Returns the maximum Node version this task was authored to run on, /// derived from the handler data type. /// Strategies use this as a ceiling: if EffectiveMaxVersion is less than their version, they return null. /// Global overrides and EOL policy bypass this ceiling. /// public int EffectiveMaxVersion { get { return HandlerData switch { Node24HandlerData => 24, Node20_1HandlerData => 20, Node16HandlerData => 16, Node10HandlerData => 10, NodeHandlerData => 6, _ => 6 }; } } } } ================================================ FILE: src/Agent.Worker/NuGet.Config ================================================  ================================================ FILE: src/Agent.Worker/PluginInternalCommandExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using System; using System.Collections.Generic; using System.IO; using System.Linq; namespace Microsoft.VisualStudio.Services.Agent.Worker { public sealed class PluginInternalCommandExtension : BaseWorkerCommandExtension { public PluginInternalCommandExtension() { CommandArea = "plugininternal"; SupportedHostTypes = HostTypes.Build; InstallWorkerCommand(new PluginInternalUpdateRepositoryPathCommand()); } } public sealed class PluginInternalUpdateRepositoryPathCommand : IWorkerCommand { public string Name => "updaterepositorypath"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var eventProperties = command.Properties; var data = command.Data; String alias; if (!eventProperties.TryGetValue(PluginInternalUpdateRepositoryEventProperties.Alias, out alias) || String.IsNullOrEmpty(alias)) { throw new ArgumentNullException(StringUtil.Loc("MissingRepositoryAlias")); } var repository = context.Repositories.FirstOrDefault(x => string.Equals(x.Alias, alias, StringComparison.OrdinalIgnoreCase)); if (repository == null) { throw new ArgumentNullException(StringUtil.Loc("RepositoryNotExist")); } if (string.IsNullOrEmpty(data)) { throw new ArgumentNullException(StringUtil.Loc("MissingRepositoryPath")); } var currentPath = repository.Properties.Get(RepositoryPropertyNames.Path); if (!string.Equals(data.TrimEnd(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar), currentPath.TrimEnd(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar), IOUtil.FilePathStringComparison)) { string repositoryPath = data.TrimEnd(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar); repository.Properties.Set(RepositoryPropertyNames.Path, repositoryPath); bool isSelfRepo = RepositoryUtil.IsPrimaryRepositoryName(repository.Alias); bool hasMultipleCheckouts = RepositoryUtil.HasMultipleCheckouts(context.JobSettings); bool isDefaultWorkingDirectoryRepo = RepositoryUtil.IsWellKnownRepository(repository, RepositoryUtil.IsDefaultWorkingDirectoryRepository); var directoryManager = context.GetHostContext().GetService(); string _workDirectory = context.GetHostContext().GetDirectory(WellKnownDirectory.Work); var trackingConfig = directoryManager.UpdateDirectory(context, repository); if (isSelfRepo || !hasMultipleCheckouts) { if (hasMultipleCheckouts) { // In Multi-checkout, we don't want to reset sources dir or default working dir. // So, we will just reset the repo local path string buildDirectory = context.Variables.Get(Constants.Variables.Pipeline.Workspace); string repoRelativePath = directoryManager.GetRelativeRepositoryPath(buildDirectory, repositoryPath, context); string sourcesDirectory = context.Variables.Get(Constants.Variables.Build.SourcesDirectory); string repoLocalPath = context.Variables.Get(Constants.Variables.Build.RepoLocalPath); string newRepoLocation = Path.Combine(_workDirectory, repoRelativePath); // For saving backward compatibility with the behavior of the Build.RepoLocalPath that was before this PR https://github.com/microsoft/azure-pipelines-agent/pull/3237 // we need to deny updating of the variable in case the new path is the default location for the repository that is equal to sourcesDirectory/repository.Name // since the variable already has the right value in this case and pointing to the default sources location if (repoLocalPath == null || !string.Equals(newRepoLocation, Path.Combine(sourcesDirectory, repository.Name), IOUtil.FilePathStringComparison)) { context?.SetVariable(Constants.Variables.Build.RepoLocalPath, newRepoLocation, isFilePath: true); } } else { // If we only have a single repository, then update all the paths to point to it. context.SetVariable(Constants.Variables.Build.SourcesDirectory, repositoryPath, isFilePath: true); context.SetVariable(Constants.Variables.Build.RepoLocalPath, repositoryPath, isFilePath: true); context.SetVariable(Constants.Variables.System.DefaultWorkingDirectory, repositoryPath, isFilePath: true); } } // Set the default working directory to the new location of this repo if this repo was marked as the one being the default working directory if (isDefaultWorkingDirectoryRepo) { string buildDirectory = context.Variables.Get(Constants.Variables.Pipeline.Workspace); string repoRelativePath = directoryManager.GetRelativeRepositoryPath(buildDirectory, repositoryPath, context); string repoLocation = Path.Combine(_workDirectory, repoRelativePath); context.SetVariable(Constants.Variables.System.DefaultWorkingDirectory, repoLocation, isFilePath: true); } } repository.Properties.Set("__AZP_READY", bool.TrueString); } } internal static class PluginInternalUpdateRepositoryEventProperties { public static readonly String Alias = "alias"; } } ================================================ FILE: src/Agent.Worker/Program.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Globalization; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker { public static class Program { public static int Main(string[] args) { if (PlatformUtil.UseLegacyHttpHandler) { AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false); } using (HostContext context = new HostContext(HostType.Worker)) { Tracing trace = context.GetTrace(nameof(Program)); trace.Info(StringUtil.Format("Worker process entry point initiated [HostType:Worker, Arguments:{0}]", string.Join(" ", args ?? new string[0]))); var result = MainAsync(context, args).GetAwaiter().GetResult(); trace.Info(StringUtil.Format("Worker process entry point completed [ExitCode:{0}]", result)); return result; } } private static async Task MainAsync(IHostContext context, string[] args) { //ITerminal registers a CTRL-C handler, which keeps the Agent.Worker process running //and lets the Agent.Listener handle gracefully the exit. var term = context.GetService(); Tracing trace = context.GetTrace(nameof(Program)); try { trace.Info("Worker process initialization starting - setting up runtime environment. Version: {BuildConstants.AgentPackage.Version}, Commit: {BuildConstants.Source.CommitHash}, Culture: {CultureInfo.CurrentCulture.Name}, UI Culture: {CultureInfo.CurrentUICulture.Name}"); context.WritePerfCounter("WorkerProcessStarted"); // Validate args. ArgUtil.NotNull(args, nameof(args)); ArgUtil.Equal(3, args.Length, nameof(args.Length)); ArgUtil.NotNullOrEmpty(args[0], $"{nameof(args)}[0]"); ArgUtil.Equal("spawnclient", args[0].ToLowerInvariant(), $"{nameof(args)}[0]"); ArgUtil.NotNullOrEmpty(args[1], $"{nameof(args)}[1]"); ArgUtil.NotNullOrEmpty(args[2], $"{nameof(args)}[2]"); trace.Info(StringUtil.Format("Command validation successful [Mode:{0}, PipeIn:{1}, PipeOut:{2}]", args[0], args[1], args[2])); var worker = context.GetService(); // Run the worker. return await worker.RunAsync( pipeIn: args[1], pipeOut: args[2]); } catch (AggregateException ex) { ExceptionsUtil.HandleAggregateException((AggregateException)ex, (message) => trace.Error(message)); } catch (Exception ex) { // Populate any exception that cause worker failure back to agent. Console.WriteLine(ex.ToString()); try { trace.Error(StringUtil.Format("Worker process execution failed with unhandled exception - {0}", ex.Message)); } catch (Exception e) { // make sure we don't crash the app on trace error. // since IOException will throw when we run out of disk space. Console.WriteLine(e.ToString()); } } trace.Info("Worker process exiting with error code - job execution failed"); return 1; } } } ================================================ FILE: src/Agent.Worker/Release/AgentUtilities.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Text; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { public static class AgentUtilities { // Move this to Agent.Common.Util public static string GetPrintableEnvironmentVariables(IEnumerable variables) { StringBuilder builder = new StringBuilder(); if (variables != null) { var sortedVariables = variables.OrderBy(x => x.Name, StringComparer.OrdinalIgnoreCase); foreach (var variable in sortedVariables) { string varName = VarUtil.ConvertToEnvVariableFormat(variable.Name, variable.PreserveCase); builder.AppendFormat( "{0}\t\t\t\t[{1}] --> [{2}]", Environment.NewLine, varName, variable.Value); } } return builder.ToString(); } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/ArtifactDirectoryCreationFailedException.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. // -------------------------------------------------------------------------------------------------------------------- // // 2012-2023, All rights reserved. // // // Defines the ArtifactDirectoryCreationFailedException type. // // -------------------------------------------------------------------------------------------------------------------- using System; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts { public class ArtifactDirectoryCreationFailedException : Exception { public ArtifactDirectoryCreationFailedException() { } public ArtifactDirectoryCreationFailedException(string message) : base(message) { } public ArtifactDirectoryCreationFailedException(string message, Exception innerException) : base(message, innerException) { } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/ArtifactDownloadException.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. // -------------------------------------------------------------------------------------------------------------------- // // 2012-2023, All rights reserved. // // // Defines the ArtifactDownloadException type. // // -------------------------------------------------------------------------------------------------------------------- using System; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts { public class ArtifactDownloadException : Exception { public ArtifactDownloadException() { } public ArtifactDownloadException(string message) : base(message) { } public ArtifactDownloadException(string message, Exception innerException) : base(message, innerException) { } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/BuildArtifact.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using System; using System.Collections.Generic; using System.Globalization; using System.IO; using System.Linq; using System.Threading.Tasks; using System.Security.Principal; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine; using Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerProvider.Helpers; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Contracts; using Newtonsoft.Json; using Issue = Microsoft.TeamFoundation.DistributedTask.WebApi.Issue; using IssueType = Microsoft.TeamFoundation.DistributedTask.WebApi.IssueType; using ServerBuildArtifact = Microsoft.TeamFoundation.Build.WebApi.BuildArtifact; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts { // TODO: Write tests for this public class BuildArtifact : AgentService, IArtifactExtension { public Type ExtensionType => typeof(IArtifactExtension); public AgentArtifactType ArtifactType => AgentArtifactType.Build; private const string AllArtifacts = "*"; public async Task DownloadAsync(IExecutionContext executionContext, ArtifactDefinition artifactDefinition, string localFolderPath) { ArgUtil.NotNull(artifactDefinition, nameof(artifactDefinition)); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNullOrEmpty(localFolderPath, nameof(localFolderPath)); int buildId = Convert.ToInt32(artifactDefinition.Version, CultureInfo.InvariantCulture); if (buildId <= 0) { throw new ArgumentException("artifactDefinition.Version"); } var buildArtifactDetails = artifactDefinition.Details as BuildArtifactDetails; if (buildArtifactDetails == null) { throw new ArgumentException("artifactDefinition.Details"); } // Get the list of available artifacts from build. executionContext.Output(StringUtil.Loc("RMPreparingToGetBuildArtifactList")); bool skipServerCertificateValidation = executionContext.Variables.Agent_SslSkipCertValidation ?? false; using (var vssConnection = VssUtil.CreateConnection(buildArtifactDetails.TfsUrl, buildArtifactDetails.Credentials, trace: Trace, skipServerCertificateValidation)) { var buildClient = vssConnection.GetClient(); var xamlBuildClient = vssConnection.GetClient(); List buildArtifacts = null; EnsureVersionBelongsToLinkedDefinition(artifactDefinition, buildClient, xamlBuildClient); try { buildArtifacts = await buildClient.GetArtifactsAsync(buildArtifactDetails.Project, buildId); } catch (BuildNotFoundException) { buildArtifacts = await xamlBuildClient.GetArtifactsAsync(buildArtifactDetails.Project, buildId); } // No artifacts found in the build, add warning. if (buildArtifacts == null || !buildArtifacts.Any()) { executionContext.Warning(StringUtil.Loc("RMNoBuildArtifactsFound", buildId)); return; } // DownloadFromStream each of the artifact sequentially. // TODO: Should we download them parallely? foreach (ServerBuildArtifact buildArtifact in buildArtifacts) { if (Match(buildArtifact, artifactDefinition)) { executionContext.Output(StringUtil.Loc("RMPreparingToDownload", buildArtifact.Name)); await this.DownloadArtifactAsync(executionContext, buildArtifact, artifactDefinition, localFolderPath); } else { executionContext.Warning(StringUtil.Loc("RMArtifactMatchNotFound", buildArtifact.Name)); } } } } public IArtifactDetails GetArtifactDetails(IExecutionContext context, AgentArtifactDefinition agentArtifactDefinition) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(agentArtifactDefinition, nameof(agentArtifactDefinition)); Trace.Entering(); ServiceEndpoint vssEndpoint = context.Endpoints.FirstOrDefault(e => string.Equals(e.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); ArgUtil.NotNull(vssEndpoint, nameof(vssEndpoint)); ArgUtil.NotNull(vssEndpoint.Url, nameof(vssEndpoint.Url)); var artifactDetails = JsonConvert.DeserializeObject>(agentArtifactDefinition.Details); VssCredentials vssCredentials = VssUtil.GetVssCredential(vssEndpoint); var tfsUrl = context.Variables.Get(WellKnownDistributedTaskVariables.TFCollectionUrl); Guid projectId = context?.Variables.System_TeamProjectId ?? Guid.Empty; if (artifactDetails.ContainsKey("Project")) { Guid.TryParse(artifactDetails["Project"], out projectId); } ArgUtil.NotEmpty(projectId, nameof(projectId)); string relativePath; string accessToken; vssEndpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.AccessToken, out accessToken); if (artifactDetails.TryGetValue("RelativePath", out relativePath)) { var buildArtifactDetails = new BuildArtifactDetails { Credentials = vssCredentials, RelativePath = artifactDetails["RelativePath"], AccessToken = accessToken, Project = projectId.ToString(), TfsUrl = new Uri(tfsUrl) }; if (artifactDetails.ContainsKey("DefinitionName")) { buildArtifactDetails.DefinitionName = artifactDetails["DefinitionName"]; } if (artifactDetails.ContainsKey("DefinitionId")) { buildArtifactDetails.DefintionId = Convert.ToInt32(artifactDetails["DefinitionId"], CultureInfo.InvariantCulture); } return buildArtifactDetails; } else { throw new InvalidOperationException(StringUtil.Loc("RMArtifactDetailsIncomplete")); } } private bool Match(ServerBuildArtifact buildArtifact, ArtifactDefinition artifactDefinition) { //TODO: If editing artifactDefinitionName is not allowed then we can remove this if (string.Equals(artifactDefinition.Name, AllArtifacts, StringComparison.OrdinalIgnoreCase)) { return true; } if (string.Equals(artifactDefinition.Name, buildArtifact.Name, StringComparison.OrdinalIgnoreCase)) { return true; } return false; } private async Task DownloadArtifactAsync( IExecutionContext executionContext, ServerBuildArtifact buildArtifact, ArtifactDefinition artifactDefinition, string localFolderPath) { var downloadFolderPath = Path.Combine(localFolderPath, buildArtifact.Name); var buildArtifactDetails = artifactDefinition.Details as BuildArtifactDetails; if ((buildArtifact.Resource.Type == null && buildArtifact.Id == 0) // bug on build API Bug 378900 || string.Equals(buildArtifact.Resource.Type, ArtifactResourceTypes.FilePath, StringComparison.OrdinalIgnoreCase)) { executionContext.Output(StringUtil.Loc("RMArtifactTypeFileShare")); if (!PlatformUtil.RunningOnWindows) { throw new NotSupportedException(StringUtil.Loc("RMFileShareArtifactErrorOnNonWindowsAgent")); } string fileShare; if (buildArtifact.Id == 0) { fileShare = new Uri(buildArtifact.Resource.DownloadUrl).LocalPath; } else { fileShare = new Uri(Path.Combine(buildArtifact.Resource.DownloadUrl, buildArtifact.Name)).LocalPath; if (!Directory.Exists(fileShare)) { // download path does not exist, log and fall back var parenthPath = new Uri(buildArtifact.Resource.DownloadUrl).LocalPath; executionContext.Output(StringUtil.Loc("RMArtifactNameDirectoryNotFound", fileShare, parenthPath)); fileShare = parenthPath; } } if (!Directory.Exists(fileShare)) { // download path does not exist, raise exception throw new ArtifactDownloadException(StringUtil.Loc("RMArtifactDirectoryNotFoundError", fileShare, WindowsIdentity.GetCurrent().Name)); } executionContext.Output(StringUtil.Loc("RMDownloadingArtifactFromFileShare", fileShare, downloadFolderPath)); var fileShareArtifact = new FileShareArtifact(); await fileShareArtifact.DownloadArtifactAsync(executionContext, HostContext, artifactDefinition, fileShare, downloadFolderPath); } else if (buildArtifactDetails != null && string.Equals(buildArtifact.Resource.Type, ArtifactResourceTypes.Container, StringComparison.OrdinalIgnoreCase)) { executionContext.Output(StringUtil.Loc("RMArtifactTypeServerDrop")); // Get containerId and rootLocation for the artifact #/922702/drop string containerUrl = buildArtifact.Resource.Data; string[] parts = containerUrl.Split(new[] { '/' }, 3); if (parts.Length < 3) { throw new ArtifactDownloadException(StringUtil.Loc("RMArtifactContainerDetailsNotFoundError", buildArtifact.Name)); } int containerId; string rootLocation = parts[2]; if (!int.TryParse(parts[1], out containerId)) { throw new ArtifactDownloadException(StringUtil.Loc("RMArtifactContainerDetailsInvalidError", buildArtifact.Name)); } string rootDestinationDir = Path.Combine(localFolderPath, rootLocation); executionContext.Output(StringUtil.Loc("RMDownloadingArtifactFromFileContainer", containerUrl, rootDestinationDir)); var containerFetchEngineOptions = new ContainerFetchEngineOptions { ParallelDownloadLimit = executionContext.Variables.Release_Parallel_Download_Limit ?? ContainerFetchEngineDefaultOptions.ParallelDownloadLimit, DownloadBufferSize = executionContext.Variables.Release_Download_BufferSize ?? ContainerFetchEngineDefaultOptions.DownloadBufferSize }; executionContext.Output(StringUtil.Loc("RMParallelDownloadLimit", containerFetchEngineOptions.ParallelDownloadLimit)); executionContext.Output(StringUtil.Loc("RMDownloadBufferSize", containerFetchEngineOptions.DownloadBufferSize)); bool skipServerCertificateValidation = executionContext.Variables.Agent_SslSkipCertValidation ?? false; IContainerProvider containerProvider = new ContainerProviderFactory(buildArtifactDetails, rootLocation, containerId, executionContext).GetContainerProvider( ArtifactResourceTypes.Container, skipServerCertificateValidation); using (var engine = new ContainerFetchEngine.ContainerFetchEngine(containerProvider, rootLocation, rootDestinationDir)) { engine.ContainerFetchEngineOptions = containerFetchEngineOptions; engine.ExecutionLogger = new ExecutionLogger(executionContext); await engine.FetchAsync(executionContext.CancellationToken); } } else { executionContext.Warning(StringUtil.Loc("RMArtifactTypeNotSupported", buildArtifact.Resource.Type)); } } private void EnsureVersionBelongsToLinkedDefinition(ArtifactDefinition artifactDefinition, BuildHttpClient buildClient, XamlBuildHttpClient xamlBuildClient) { var buildArtifactDetails = artifactDefinition.Details as BuildArtifactDetails; if (buildArtifactDetails != null && buildArtifactDetails.DefintionId > 0) { var buildId = Convert.ToInt32(artifactDefinition.Version, CultureInfo.InvariantCulture); TeamFoundation.Build.WebApi.Build build = null; try { build = buildClient.GetBuildAsync(buildArtifactDetails.Project, buildId).Result; } catch (AggregateException ex) { if (ex.InnerException != null && ex.InnerException is BuildNotFoundException) { build = xamlBuildClient.GetBuildAsync(buildArtifactDetails.Project, buildId).Result; } } if (build != null && build.Definition.Id != buildArtifactDetails.DefintionId) { string errorMessage = StringUtil.Loc("RMBuildNotFromLinkedDefinition", artifactDefinition.Name, buildArtifactDetails.DefinitionName); throw new ArtifactDownloadException(errorMessage); } } } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/CommitsDownloadException.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts { public class CommitsDownloadException : Exception { public CommitsDownloadException() { } public CommitsDownloadException(string message) : base(message) { } public CommitsDownloadException(string message, Exception innerException) : base(message, innerException) { } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/CustomArtifact.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Contracts; using Microsoft.VisualStudio.Services.ServiceEndpoints.Common; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Threading.Tasks; using ServiceEndpointContracts = Microsoft.VisualStudio.Services.ServiceEndpoints.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts { public class CustomArtifact : AgentService, IArtifactExtension { public Type ExtensionType => typeof(IArtifactExtension); public AgentArtifactType ArtifactType => AgentArtifactType.Custom; public async Task DownloadAsync(IExecutionContext executionContext, ArtifactDefinition artifactDefinition, string downloadFolderPath) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(artifactDefinition, nameof(artifactDefinition)); EnsureVersionBelongsToLinkedDefinition(artifactDefinition); IRsaProvider rsaProvider = new AsnRsaProvider(); var customArtifactDetails = artifactDefinition.Details as CustomArtifactDetails; if (customArtifactDetails != null) { IEnumerable artifactDetails = new EndpointProxy().QueryEndpoint( ToServiceEndpoint(customArtifactDetails.Endpoint), customArtifactDetails.ArtifactsUrl, null, customArtifactDetails.ResultSelector, customArtifactDetails.ResultTemplate, customArtifactDetails.AuthorizationHeaders?.Select(header => ToAuthorizationHeader(header)).ToList(), customArtifactDetails.ArtifactVariables, rsaProvider); var artifactDownloadDetailList = new List(); artifactDetails.ToList().ForEach(x => artifactDownloadDetailList.Add(JToken.Parse(x).ToObject())); if (artifactDownloadDetailList.Count <= 0) { executionContext.Warning(StringUtil.Loc("NoArtifactsFound", artifactDefinition.Version)); return; } foreach (CustomArtifactDownloadDetails artifactDownloadDetails in artifactDownloadDetailList) { executionContext.Output(StringUtil.Loc("StartingArtifactDownload", artifactDownloadDetails.DownloadUrl)); await DownloadArtifact(executionContext, HostContext, downloadFolderPath, customArtifactDetails, artifactDownloadDetails); } } } public IArtifactDetails GetArtifactDetails(IExecutionContext context, AgentArtifactDefinition agentArtifactDefinition) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(agentArtifactDefinition, nameof(agentArtifactDefinition)); var artifactDetails = JsonConvert.DeserializeObject>(agentArtifactDefinition.Details); string connectionName; string relativePath = string.Empty; string customArtifactDetails = string.Empty; if (!(artifactDetails.TryGetValue("ConnectionName", out connectionName) && artifactDetails.TryGetValue("RelativePath", out relativePath) && artifactDetails.TryGetValue("ArtifactDetails", out customArtifactDetails))) { throw new InvalidOperationException(StringUtil.Loc("RMArtifactDetailsIncomplete")); } var customEndpoint = context.Endpoints.FirstOrDefault((e => string.Equals(e.Name, connectionName, StringComparison.OrdinalIgnoreCase))); if (customEndpoint == null) { throw new InvalidOperationException(StringUtil.Loc("RMCustomEndpointNotFound", agentArtifactDefinition.Name)); } var details = JToken.Parse(customArtifactDetails).ToObject(); details.RelativePath = relativePath; details.Endpoint = new ServiceEndpoint { Url = customEndpoint.Url, Authorization = customEndpoint.Authorization }; return details; } private async Task DownloadArtifact( IExecutionContext executionContext, IHostContext hostContext, string localFolderPath, CustomArtifactDetails customArtifactDetails, CustomArtifactDownloadDetails artifact) { IDictionary artifactTypeStreamMapping = customArtifactDetails.ArtifactTypeStreamMapping; string streamType = GetArtifactStreamType(artifact, artifactTypeStreamMapping); if (string.Equals(streamType, WellKnownStreamTypes.FileShare, StringComparison.OrdinalIgnoreCase)) { if (!PlatformUtil.RunningOnWindows) { throw new NotSupportedException(StringUtil.Loc("RMFileShareArtifactErrorOnNonWindowsAgent")); } var fileShareArtifact = new FileShareArtifact(); customArtifactDetails.RelativePath = artifact.RelativePath ?? string.Empty; var location = artifact.FileShareLocation ?? artifact.DownloadUrl; await fileShareArtifact.DownloadArtifactAsync(executionContext, hostContext, new ArtifactDefinition { Details = customArtifactDetails }, new Uri(location).LocalPath, localFolderPath); } else if (string.Equals(streamType, WellKnownStreamTypes.Zip, StringComparison.OrdinalIgnoreCase)) { try { IEndpointAuthorizer authorizer = SchemeBasedAuthorizerFactory.GetEndpointAuthorizer( ToServiceEndpoint(customArtifactDetails.Endpoint), customArtifactDetails.AuthorizationHeaders?.Select(header => ToAuthorizationHeader(header)).ToList(), new AsnRsaProvider()); using (HttpWebResponse webResponse = GetWebResponse(executionContext, artifact.DownloadUrl, authorizer)) { var zipStreamDownloader = HostContext.GetService(); await zipStreamDownloader.DownloadFromStream( executionContext, webResponse.GetResponseStream(), string.Empty, artifact.RelativePath ?? string.Empty, localFolderPath); } } catch (WebException) { executionContext.Output(StringUtil.Loc("ArtifactDownloadFailed", artifact.DownloadUrl)); throw; } } else { string resourceType = streamType; var warningMessage = StringUtil.Loc("RMStreamTypeNotSupported", resourceType); executionContext.Warning(warningMessage); } } private static string GetArtifactStreamType(CustomArtifactDownloadDetails artifact, IDictionary artifactTypeStreamMapping) { string streamType = artifact.StreamType; if (artifactTypeStreamMapping == null) { return streamType; } var artifactTypeStreamMappings = new Dictionary(artifactTypeStreamMapping, StringComparer.OrdinalIgnoreCase); if (artifactTypeStreamMappings.ContainsKey(artifact.StreamType)) { streamType = artifactTypeStreamMappings[artifact.StreamType]; } return streamType; } private static HttpWebResponse GetWebResponse(IExecutionContext executionContext, string url, IEndpointAuthorizer authorizer) { #pragma warning disable SYSLIB0014 var request = WebRequest.Create(url) as HttpWebRequest; #pragma warning restore SYSLIB0014 if (request == null) { string errorMessage = StringUtil.Loc("RMArtifactDownloadRequestCreationFailed", url); executionContext.Output(errorMessage); throw new InvalidOperationException(errorMessage); } if (!authorizer.TryAuthorizeRequest(request, null)) { string authError = StringUtil.Loc("RMErrorDuringArtifactDownload", $"Authorization failed for URL: {url}"); executionContext.Output(authError); throw new InvalidOperationException(authError); } var webResponse = request.GetResponseAsync().Result as HttpWebResponse; return webResponse; } private void EnsureVersionBelongsToLinkedDefinition(ArtifactDefinition artifactDefinition) { var customArtifactDetails = artifactDefinition.Details as CustomArtifactDetails; if (customArtifactDetails != null && !string.IsNullOrEmpty(customArtifactDetails.VersionsUrl)) { // Query for all artifact versions for given artifact source id, these parameters are contained in customArtifactDetails.ArtifactVariables var versionBelongsToDefinition = false; IEnumerable versions = new EndpointProxy().QueryEndpoint( ToServiceEndpoint(customArtifactDetails.Endpoint), customArtifactDetails.VersionsUrl, null, customArtifactDetails.VersionsResultSelector, customArtifactDetails.VersionsResultTemplate, customArtifactDetails.AuthorizationHeaders?.Select(header => ToAuthorizationHeader(header)).ToList(), customArtifactDetails.ArtifactVariables, new AsnRsaProvider()); foreach (var version in versions) { var versionDetails = JToken.Parse(version).ToObject(); if (versionDetails != null && versionDetails.Value.Equals(artifactDefinition.Version, StringComparison.OrdinalIgnoreCase)) { versionBelongsToDefinition = true; break; } } if (!versionBelongsToDefinition) { throw new ArtifactDownloadException( StringUtil.Loc("RMArtifactVersionNotBelongToArtifactSource", artifactDefinition.Version, customArtifactDetails.ArtifactVariables["definition"])); } } } private ServiceEndpointContracts.ServiceEndpoint ToServiceEndpoint(ServiceEndpoint legacyServiceEndpoint) { if (legacyServiceEndpoint == null) { return null; } var serviceEndpoint = new ServiceEndpointContracts.ServiceEndpoint { Authorization = ToEndpointAuthorization(legacyServiceEndpoint.Authorization), CreatedBy = legacyServiceEndpoint.CreatedBy, Data = legacyServiceEndpoint.Data, Description = legacyServiceEndpoint.Description, Id = legacyServiceEndpoint.Id, IsReady = legacyServiceEndpoint.IsReady, Name = legacyServiceEndpoint.Name, OperationStatus = legacyServiceEndpoint.OperationStatus, Type = legacyServiceEndpoint.Type, Url = legacyServiceEndpoint.Url }; return serviceEndpoint; } private static ServiceEndpointContracts.EndpointAuthorization ToEndpointAuthorization(EndpointAuthorization legacyEndpointAuthorization) { if (legacyEndpointAuthorization == null) { return null; } var endpointAuthorization = new ServiceEndpointContracts.EndpointAuthorization { Scheme = legacyEndpointAuthorization.Scheme }; foreach (var param in legacyEndpointAuthorization.Parameters) { endpointAuthorization.Parameters.Add(param.Key, param.Value); } return endpointAuthorization; } private static ServiceEndpointContracts.AuthorizationHeader ToAuthorizationHeader(AuthorizationHeader legacyAuthorizationHeader) { if (legacyAuthorizationHeader == null) { return null; } var authorizationHeader = new ServiceEndpointContracts.AuthorizationHeader { Name = legacyAuthorizationHeader.Name, Value = legacyAuthorizationHeader.Value }; return authorizationHeader; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/Definition/ArtifactDefinition.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. // -------------------------------------------------------------------------------------------------------------------- // // 2012-2023, All rights reserved. // // // Defines the ArtifactDefinition type. // // -------------------------------------------------------------------------------------------------------------------- using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Contracts; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition { public class ArtifactDefinition { public string Name { get; set; } public string Version { get; set; } public AgentArtifactType ArtifactType { get; set; } public IArtifactDetails Details { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/Definition/BuildArtifactDetails.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. // -------------------------------------------------------------------------------------------------------------------- // // 2012-2023, All rights reserved. // // // Defines the BuildArtifactDetails type. // // -------------------------------------------------------------------------------------------------------------------- using System; using Microsoft.VisualStudio.Services.Common; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition { public class BuildArtifactDetails : IArtifactDetails { public string RelativePath { get; set; } public Uri TfsUrl { get; set; } public VssCredentials Credentials { get; set; } public string Project { get; set; } public string AccessToken { get; set; } public int DefintionId { get; set; } public string DefinitionName { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/Definition/CustomArtifactDetails.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using Microsoft.TeamFoundation.DistributedTask.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition { public class CustomArtifactDetails : IArtifactDetails { public string ArtifactsUrl { get; set; } public string ResultSelector { get; set; } public string ResultTemplate { get; set; } public ServiceEndpoint Endpoint { get; set; } public string RelativePath { get; set; } public Dictionary ArtifactVariables { get; set; } public List AuthorizationHeaders { get; set; } public IDictionary ArtifactTypeStreamMapping { get; set; } public string VersionsUrl { get; set; } public string VersionsResultSelector { get; set; } public string VersionsResultTemplate { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/Definition/CustomArtifactDownloadDetails.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition { public class CustomArtifactDownloadDetails { public string Name { get; set; } public string DownloadUrl { get; set; } public string FileShareLocation { get; set; } public string StreamType { get; set; } public string RelativePath { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/Definition/CustomArtifactVersionDetails.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition { public class CustomArtifactVersionDetails { public string DisplayName { get; set; } public string Value { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/Definition/GitHubArtifactDetails.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition { public class GitHubArtifactDetails : IArtifactDetails { public string RelativePath { get; set; } public Uri CloneUrl { get; set; } public string Branch { get; set; } public string ConnectionName { get; set; } public string CheckoutNestedSubmodules { get; set; } public string CheckoutSubmodules { get; set; } public string GitLfsSupport { get; set; } public string FetchDepth { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/Definition/IArtifactDetails.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. // -------------------------------------------------------------------------------------------------------------------- // // 2012-2023, All rights reserved. // // // Defines the IArtifactDetails type. // // -------------------------------------------------------------------------------------------------------------------- namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition { public interface IArtifactDetails { // TODO: We may not need this, server may return / always, check and remove it string RelativePath { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/Definition/JenkinsArtifactDetails.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. // -------------------------------------------------------------------------------------------------------------------- // // 2012-2023, All rights reserved. // // -------------------------------------------------------------------------------------------------------------------- using System; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition { public class JenkinsArtifactDetails : IArtifactDetails { public string RelativePath { get; set; } public Uri Url { get; set; } public string AccountName { get; set; } public string AccountPassword { get; set; } public string JobName { get; set; } public int BuildId { get; set; } public bool AcceptUntrustedCertificates { get; set; } public string StartCommitArtifactVersion { get; set; } public string EndCommitArtifactVersion { get; set; } public string Alias { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/Definition/TfsGitArtifactDetails.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition { public class TfsGitArtifactDetails : IArtifactDetails { public string RelativePath { get; set; } public string ProjectId { get; set; } public string RepositoryId { get; set; } public string Branch { get; set; } public string CheckoutNestedSubmodules { get; set; } public string CheckoutSubmodules { get; set; } public string GitLfsSupport { get; set; } public string FetchDepth { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/Definition/TfsVCArtifactDetails.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition { public class TfsVCArtifactDetails : IArtifactDetails { public string RelativePath { get; set; } public string ProjectId { get; set; } public string RepositoryId { get; set; } public string Mappings { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/Definition/WellKnownStreamTypes.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition { public static class WellKnownStreamTypes { public static readonly string Zip = "Zip"; public static readonly string FileShare = "FileShare"; } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/FileShareArtifact.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts { // TODO: Add test for this public class FileShareArtifact { // This is only used by build artifact. This isn't a officially supported artifact type in RM public async Task DownloadArtifactAsync(IExecutionContext executionContext, IHostContext hostContext, ArtifactDefinition artifactDefinition, string dropLocation, string localFolderPath) { ArgUtil.NotNull(artifactDefinition, nameof(artifactDefinition)); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(hostContext, nameof(hostContext)); ArgUtil.NotNullOrEmpty(localFolderPath, nameof(localFolderPath)); ArgUtil.NotNullOrEmpty(dropLocation, nameof(dropLocation)); bool disableRobocopy = executionContext.Variables.GetBoolean(Constants.Variables.Release.DisableRobocopy) ?? false; if (disableRobocopy == false) { await DownloadArtifactUsingRobocopyAsync(executionContext, hostContext, artifactDefinition, dropLocation, localFolderPath); } else { await DownloadArtifactUsingFileSystemManagerAsync(executionContext, hostContext, artifactDefinition, dropLocation, localFolderPath); } } private async Task DownloadArtifactUsingFileSystemManagerAsync(IExecutionContext executionContext, IHostContext hostContext, ArtifactDefinition artifactDefinition, string dropLocation, string localFolderPath) { var trimChars = new[] { '\\', '/' }; var relativePath = artifactDefinition.Details.RelativePath; // If user has specified a relative folder in the drop, change the drop location itself. dropLocation = Path.Combine(dropLocation.TrimEnd(trimChars), relativePath.Trim(trimChars)); var fileSystemManager = hostContext.CreateService(); List filePaths = new DirectoryInfo(dropLocation).EnumerateFiles("*", SearchOption.AllDirectories) .Select(path => path.FullName) .ToList(); if (filePaths.Any()) { int bufferSize = executionContext.Variables.Release_Download_BufferSize ?? DefaultBufferSize; foreach (var filePath in filePaths) { string fullPath = Path.GetFullPath(filePath); if (File.Exists(fullPath)) { string filePathRelativeToDrop = filePath.Replace(dropLocation, string.Empty).Trim(trimChars); using (StreamReader fileReader = fileSystemManager.GetFileReader(filePath)) { await fileSystemManager.WriteStreamToFile( fileReader.BaseStream, Path.Combine(localFolderPath, filePathRelativeToDrop), bufferSize, executionContext.CancellationToken); } } else { executionContext.Warning(StringUtil.Loc("FileNotFound", fullPath)); } } } else { executionContext.Warning(StringUtil.Loc("RMArtifactEmpty")); } } private async Task DownloadArtifactUsingRobocopyAsync(IExecutionContext executionContext, IHostContext hostContext, ArtifactDefinition artifactDefinition, string dropLocation, string downloadFolderPath) { int? robocopyMT = executionContext.Variables.GetInt(Constants.Variables.Release.RobocopyMT); bool verbose = executionContext.Variables.GetBoolean(Constants.Variables.System.Debug) ?? false; if (robocopyMT != null) { if (robocopyMT < 1) { robocopyMT = 1; } else if (robocopyMT > 128) { robocopyMT = 128; } } executionContext.Output(StringUtil.Loc("RMDownloadingArtifactUsingRobocopy")); using (var processInvoker = hostContext.CreateService()) { // Save STDOUT from worker, worker will use STDOUT report unhandle exception. processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stdout) { if (!string.IsNullOrEmpty(stdout.Data)) { executionContext.Output(stdout.Data); } }; // Save STDERR from worker, worker will use STDERR on crash. processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stderr) { if (!string.IsNullOrEmpty(stderr.Data)) { executionContext.Error(stderr.Data); } }; var trimChars = new[] { '\\', '/' }; var relativePath = artifactDefinition.Details.RelativePath; dropLocation = Path.Combine(dropLocation.TrimEnd(trimChars), relativePath.Trim(trimChars)); downloadFolderPath = downloadFolderPath.TrimEnd(trimChars); string robocopyArguments = "\"" + dropLocation + "\" \"" + downloadFolderPath + "\" /E /Z /NP /R:3"; if (verbose != true) { robocopyArguments = robocopyArguments + " /NDL /NFL"; } if (robocopyMT != null) { robocopyArguments = robocopyArguments + " /MT:" + robocopyMT; } int exitCode = await processInvoker.ExecuteAsync( workingDirectory: "", fileName: "robocopy", arguments: robocopyArguments, environment: null, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: true, cancellationToken: executionContext.CancellationToken); executionContext.Output(StringUtil.Loc("RMRobocopyBasedArtifactDownloadExitCode", exitCode)); if (exitCode >= 8) { throw new ArtifactDownloadException(StringUtil.Loc("RMRobocopyBasedArtifactDownloadFailed", exitCode)); } } } private const int DefaultBufferSize = 8192; } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/GenericHttpClient.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Globalization; using System.Threading; using System.Net; using System.Net.Http; using System.Net.Http.Headers; using System.Text; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts { [ServiceLocator(Default = typeof(GenericHttpClient))] public interface IGenericHttpClient : IAgentService { Task GetAsync(string url, string userName, string password, bool acceptUntrustedCertifact); Task GetStringAsync(string url, string userName, string password, bool acceptUntrustedCertifact); } public class GenericHttpClient : AgentService, IGenericHttpClient { public async Task GetAsync(string url, string userName, string password, bool acceptUntrustedCertifact) { using (HttpClientHandler handler = HostContext.CreateHttpClientHandler()) { handler.ServerCertificateCustomValidationCallback = (message, certificate, chain, sslPolicyErrors) => { return acceptUntrustedCertifact; }; using (HttpClient client = new HttpClient(handler)) { SetupHttpClient(client, userName, password); return await client.GetAsync(url); } } } public async Task GetStringAsync(string url, string userName, string password, bool acceptUntrustedCertifact) { HttpResponseMessage response = GetAsync(url, userName, password, acceptUntrustedCertifact).Result; if (response.IsSuccessStatusCode) { return await response.Content.ReadAsStringAsync(); } else { throw new InvalidOperationException(StringUtil.Loc("RMApiFailure", url, response.StatusCode)); } } private static void SetupHttpClient(HttpClient httpClient, string userName, string password) { httpClient.Timeout = Timeout.InfiniteTimeSpan; httpClient.DefaultRequestHeaders.Authorization = CreateBasicAuthenticationHeader(userName, password); } private static AuthenticationHeaderValue CreateBasicAuthenticationHeader(string username, string password) { var authenticationHeader = string.Format( CultureInfo.InvariantCulture, "{0}:{1}", username ?? string.Empty, password ?? string.Empty); return new AuthenticationHeaderValue( "Basic", Convert.ToBase64String(Encoding.UTF8.GetBytes(authenticationHeader))); } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/GitHubArtifact.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Net.Sockets; using System.Threading.Tasks; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Contracts; using Newtonsoft.Json; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts { public class GitHubArtifact : AgentService, IArtifactExtension { public Type ExtensionType => typeof(IArtifactExtension); public AgentArtifactType ArtifactType => AgentArtifactType.GitHub; public async Task DownloadAsync( IExecutionContext executionContext, ArtifactDefinition artifactDefinition, string localFolderPath) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(artifactDefinition, nameof(artifactDefinition)); ArgUtil.NotNullOrEmpty(localFolderPath, nameof(localFolderPath)); var gitHubDetails = artifactDefinition.Details as GitHubArtifactDetails; ArgUtil.NotNull(gitHubDetails, nameof(gitHubDetails)); executionContext.Output(StringUtil.Loc("RMReceivedGithubArtifactDetails")); ServiceEndpoint endpoint = executionContext.Endpoints.FirstOrDefault((e => string.Equals(e.Name, gitHubDetails.ConnectionName, StringComparison.OrdinalIgnoreCase))); if (endpoint == null) { throw new InvalidOperationException(StringUtil.Loc("RMGitHubEndpointNotFound", gitHubDetails.ConnectionName)); } ServiceEndpoint gitHubEndpoint = PrepareGitHubTaskEndpoint(endpoint, gitHubDetails.CloneUrl); var extensionManager = HostContext.GetService(); ISourceProvider sourceProvider = (extensionManager.GetExtensions()).FirstOrDefault(x => x.RepositoryType == Microsoft.TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.GitHub); if (sourceProvider == null) { throw new InvalidOperationException(StringUtil.Loc("SourceArtifactProviderNotFound", Microsoft.TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.GitHub)); } gitHubEndpoint.Data.Add(Constants.EndpointData.SourcesDirectory, localFolderPath); gitHubEndpoint.Data.Add(Constants.EndpointData.SourceBranch, gitHubDetails.Branch); gitHubEndpoint.Data.Add(Constants.EndpointData.SourceVersion, artifactDefinition.Version); gitHubEndpoint.Data.Add(EndpointData.CheckoutSubmodules, gitHubDetails.CheckoutSubmodules); gitHubEndpoint.Data.Add(EndpointData.CheckoutNestedSubmodules, gitHubDetails.CheckoutNestedSubmodules); gitHubEndpoint.Data.Add("fetchDepth", gitHubDetails.FetchDepth); gitHubEndpoint.Data.Add("GitLfsSupport", gitHubDetails.GitLfsSupport); await sourceProvider.GetSourceAsync(executionContext, gitHubEndpoint, executionContext.CancellationToken); } public IArtifactDetails GetArtifactDetails( IExecutionContext context, AgentArtifactDefinition agentArtifactDefinition) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(agentArtifactDefinition, nameof(agentArtifactDefinition)); var artifactDetails = JsonConvert.DeserializeObject>(agentArtifactDefinition.Details); string connectionName; string repositoryName = string.Empty; string branch = string.Empty; if (artifactDetails.TryGetValue(ArtifactDefinitionConstants.ConnectionName, out connectionName) && artifactDetails.TryGetValue(ArtifactDefinitionConstants.RepositoryId, out repositoryName) && artifactDetails.TryGetValue(ArtifactDefinitionConstants.BranchId, out branch)) { string checkoutNestedSubmodules; string checkoutSubmodules; string gitLfsSupport; string fetchDepth; artifactDetails.TryGetValue("checkoutNestedSubmodules", out checkoutNestedSubmodules); artifactDetails.TryGetValue("checkoutSubmodules", out checkoutSubmodules); artifactDetails.TryGetValue("gitLfsSupport", out gitLfsSupport); artifactDetails.TryGetValue("fetchDepth", out fetchDepth); ServiceEndpoint gitHubEndpoint = context.Endpoints.FirstOrDefault((e => string.Equals(e.Name, connectionName, StringComparison.OrdinalIgnoreCase))); if (gitHubEndpoint == null) { throw new InvalidOperationException(StringUtil.Loc("RMGitHubEndpointNotFound", agentArtifactDefinition.Name)); } string accessToken = gitHubEndpoint.Authorization.Parameters[EndpointAuthorizationParameters.AccessToken]; GitHubRepository repository = null; try { repository = HostContext.GetService().GetUserRepo(accessToken, repositoryName); } catch (SocketException e) { ExceptionsUtil.HandleSocketException(e, "https://api.github.com", (message) => Trace.Info(message)); throw; } Trace.Info($"Found github repository url {repository.Clone_url}"); return new GitHubArtifactDetails { RelativePath = Path.DirectorySeparatorChar.ToString(), ConnectionName = connectionName, CloneUrl = new Uri(repository.Clone_url), Branch = branch, CheckoutSubmodules = checkoutSubmodules, CheckoutNestedSubmodules = checkoutNestedSubmodules, GitLfsSupport = gitLfsSupport, FetchDepth = fetchDepth }; } else { throw new InvalidOperationException(StringUtil.Loc("RMArtifactDetailsIncomplete")); } } private static ServiceEndpoint PrepareGitHubTaskEndpoint(ServiceEndpoint taskEndpoint, Uri url) { var serviceEndpoint = new ServiceEndpoint { Url = url, Authorization = taskEndpoint.Authorization, Name = taskEndpoint.Name }; serviceEndpoint.Authorization.Scheme = EndpointAuthorizationSchemes.OAuth; return serviceEndpoint; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/GitHubHttpClient.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using System; using System.Net; using System.Net.Http; using System.Runtime.Serialization; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Newtonsoft.Json; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts { [ServiceLocator(Default = typeof(GitHubHttpClient))] public interface IGitHubHttpClient : IAgentService { GitHubRepository GetUserRepo(string accessToken, string repository); } public class GitHubHttpClient : AgentService, IGitHubHttpClient { private const string GithubRepoUrlFormat = "https://api.github.com/repos/{0}"; public GitHubRepository GetUserRepo(string accessToken, string repositoryName) { string errorMessage; string url = StringUtil.Format(GithubRepoUrlFormat, repositoryName); GitHubRepository repository = QueryItem(accessToken, url, out errorMessage); if (!string.IsNullOrEmpty(errorMessage)) { throw new InvalidOperationException(errorMessage); } return repository; } private T QueryItem(string accessToken, string url, out string errorMessage) { using (var request = new HttpRequestMessage(HttpMethod.Get, url)) { request.Headers.Add("Accept", "application/vnd.GitHubData.V3+json"); request.Headers.Add("Authorization", "Token " + accessToken); request.Headers.Add("User-Agent", "VSTS-Agent/" + BuildConstants.AgentPackage.Version); if (PlatformUtil.RunningOnMacOS || PlatformUtil.RunningOnLinux) { request.Version = HttpVersion.Version11; } int httpRequestTimeoutSeconds = AgentKnobs.HttpTimeout.GetValue(HostContext).AsInt(); using (var httpClientHandler = HostContext.CreateHttpClientHandler()) using (var httpClient = new HttpClient(httpClientHandler) { Timeout = new TimeSpan(0, 0, httpRequestTimeoutSeconds) }) { errorMessage = string.Empty; Task sendAsyncTask = httpClient.SendAsync(request, HttpCompletionOption.ResponseHeadersRead); HttpResponseMessage response = sendAsyncTask.GetAwaiter().GetResult(); if (!response.IsSuccessStatusCode) { errorMessage = response.StatusCode.ToString(); return default(T); } string result = response.Content.ReadAsStringAsync().GetAwaiter().GetResult(); return JsonConvert.DeserializeObject(result); } } } } [DataContract] public class GitHubRepository { [DataMember(EmitDefaultValue = false)] public int? Id { get; set; } [DataMember(EmitDefaultValue = false)] public string Name { get; set; } [DataMember(EmitDefaultValue = false)] public string Clone_url { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/JenkinsArtifact.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Globalization; using System.IO; using System.Linq; using System.Net; using System.Net.Http; using System.Net.Http.Headers; using System.Net.Sockets; using System.Text; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Contracts; using Microsoft.VisualStudio.Services.WebApi; using Newtonsoft.Json; using Newtonsoft.Json.Linq; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts { public class JenkinsArtifact : AgentService, IArtifactExtension { public Type ExtensionType => typeof(IArtifactExtension); public AgentArtifactType ArtifactType => AgentArtifactType.Jenkins; private const char Backslash = '\\'; private const char ForwardSlash = '/'; public static int CommitDataVersion = 1; public static string CommitIdKey = "commitId"; public static string CommitDateKey = "date"; public static string AuthorKey = "author"; public static string FullNameKey = "fullName"; public static string CommitMessageKey = "msg"; public static string RepoKindKey = "kind"; public static string RemoteUrlsKey = "remoteUrls"; public static string GitRepoName = "git"; public async Task DownloadAsync( IExecutionContext executionContext, ArtifactDefinition artifactDefinition, string localFolderPath) { ArgUtil.NotNull(artifactDefinition, nameof(artifactDefinition)); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNullOrEmpty(localFolderPath, nameof(localFolderPath)); var jenkinsDetails = artifactDefinition.Details as JenkinsArtifactDetails; executionContext.Output(StringUtil.Loc("RMGotJenkinsArtifactDetails")); executionContext.Output(StringUtil.Loc("RMJenkinsJobName", jenkinsDetails.JobName)); executionContext.Output(StringUtil.Loc("RMJenkinsBuildId", jenkinsDetails.BuildId)); IGenericHttpClient client = HostContext.GetService(); if (!IsValidBuild(client, jenkinsDetails)) { throw new ArtifactDownloadException(StringUtil.Loc("RMJenkinsInvalidBuild", jenkinsDetails.BuildId)); } Stream downloadedStream = null; string downloadArtifactsUrl = string.Format( CultureInfo.InvariantCulture, "{0}/job/{1}/{2}/artifact/{3}/*zip*/", jenkinsDetails.Url, jenkinsDetails.JobName, jenkinsDetails.BuildId, jenkinsDetails.RelativePath); executionContext.Output(StringUtil.Loc("RMPrepareToGetFromJenkinsServer")); HttpResponseMessage response = client.GetAsync(downloadArtifactsUrl, jenkinsDetails.AccountName, jenkinsDetails.AccountPassword, jenkinsDetails.AcceptUntrustedCertificates).Result; if (response.IsSuccessStatusCode) { downloadedStream = response.Content.ReadAsStreamAsync().Result; } else if (response.StatusCode == HttpStatusCode.NotFound) { executionContext.Warning(StringUtil.Loc("RMJenkinsNoArtifactsFound", jenkinsDetails.BuildId)); return; } else { throw new ArtifactDownloadException(StringUtil.Loc("RMDownloadArtifactUnexpectedError")); } var parentFolder = GetParentFolderName(jenkinsDetails.RelativePath); Trace.Info($"Found parentFolder {parentFolder} for relative path {jenkinsDetails.RelativePath}"); executionContext.Output(StringUtil.Loc("RMDownloadingJenkinsArtifacts")); var zipStreamDownloader = HostContext.GetService(); await zipStreamDownloader.DownloadFromStream( executionContext, downloadedStream, string.IsNullOrEmpty(parentFolder) ? "archive" : string.Empty, parentFolder, localFolderPath); } public async Task DownloadCommitsAsync(IExecutionContext context, ArtifactDefinition artifactDefinition, string commitsWorkFolder) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(artifactDefinition, nameof(artifactDefinition)); Trace.Entering(); var jenkinsDetails = artifactDefinition.Details as JenkinsArtifactDetails; int startJobId = 0, endJobId = 0; if (!string.IsNullOrEmpty(jenkinsDetails.EndCommitArtifactVersion)) { if (int.TryParse(jenkinsDetails.EndCommitArtifactVersion, out endJobId)) { context.Output(StringUtil.Loc("RMDownloadingCommits")); if (int.TryParse(jenkinsDetails.StartCommitArtifactVersion, out startJobId)) { if (startJobId < endJobId) { context.Output(StringUtil.Loc("DownloadingJenkinsCommitsBetween", startJobId, endJobId)); } else if (startJobId > endJobId) { context.Output(StringUtil.Loc("JenkinsRollbackDeployment", startJobId, endJobId)); // swap the job IDs to fetch the roll back commits int swap = startJobId; startJobId = endJobId; endJobId = swap; } else if (startJobId == endJobId) { context.Output(StringUtil.Loc("JenkinsNoCommitsToFetch")); return; } } else { context.Debug(StringUtil.Loc("JenkinsDownloadingChangeFromCurrentBuild")); } try { IEnumerable changes = await DownloadCommits(context, jenkinsDetails, startJobId, endJobId); if (changes.Any()) { string commitsFileName = GetCommitsFileName(jenkinsDetails.Alias); string commitsFilePath = Path.Combine(commitsWorkFolder, commitsFileName); context.Debug($"Commits will be written to {commitsFilePath}"); WriteCommitsToFile(context, changes, commitsFilePath); context.Debug($"Commits written to {commitsFilePath}"); context.QueueAttachFile(CoreAttachmentType.FileAttachment, commitsFileName, commitsFilePath); } } catch (SocketException ex) { context.AddIssue(new Issue { Type = IssueType.Error, Message = $"SocketException occurred. {ex.Message}." + $"Verify whether you have (network) access to {jenkinsDetails.Url}. URLs the agent need communicate with - {BlobStoreWarningInfoProvider.GetAllowListLinkForCurrentPlatform()}." }); return; } catch (Exception ex) { context.AddIssue(new Issue { Type = IssueType.Warning, Message = StringUtil.Loc("DownloadingJenkinsCommitsFailedWithException", jenkinsDetails.Alias, ex.ToString()) }); return; } } else { context.AddIssue(new Issue { Type = IssueType.Warning, Message = StringUtil.Loc("JenkinsCommitsInvalidEndJobId", jenkinsDetails.EndCommitArtifactVersion, jenkinsDetails.Alias) }); return; } } else { context.Debug("No commit details found in the agent artifact. Not downloading the commits"); } } private string GetCommitsFileName(string artifactAlias) { return StringUtil.Format("commits_{0}_v{1}.json", artifactAlias, CommitDataVersion); } private void WriteCommitsToFile(IExecutionContext context, IEnumerable commits, string commitsFilePath) { IOUtil.DeleteFile(commitsFilePath); if (commits.Any()) { using (StreamWriter sw = File.CreateText(commitsFilePath)) using (JsonTextWriter jw = new JsonTextWriter(sw)) { jw.Formatting = Formatting.Indented; jw.WriteStartArray(); foreach (Change commit in commits) { JObject.FromObject(commit).WriteTo(jw); } jw.WriteEnd(); } } } private Change ConvertCommitToChange(IExecutionContext context, JToken token, bool isGitRepo, string rootUrl) { Trace.Entering(); // Use mustache parser? Change change = new Change(); var resultDictionary = JsonConvert.DeserializeObject>(token.ToString()); if (resultDictionary.ContainsKey(CommitIdKey)) { change.Id = resultDictionary[CommitIdKey].ToString(); } if (resultDictionary.ContainsKey(CommitMessageKey)) { change.Message = resultDictionary[CommitMessageKey].ToString(); } if (resultDictionary.ContainsKey(AuthorKey)) { string authorDetail = resultDictionary[AuthorKey].ToString(); var author = JsonConvert.DeserializeObject>(authorDetail); change.Author = new IdentityRef { DisplayName = author[FullNameKey] }; } if (resultDictionary.ContainsKey(CommitDateKey)) { DateTime value; if (DateTime.TryParse(resultDictionary[CommitDateKey].ToString(), out value)) { change.Timestamp = value; } } if (isGitRepo && !string.IsNullOrEmpty(rootUrl)) { change.DisplayUri = new Uri(StringUtil.Format("{0}/commit/{1}", rootUrl, change.Id)); } context.Debug(StringUtil.Format("Found commit {0}", change.Id)); return change; } private Tuple GetCommitJobIdIndex(IExecutionContext context, JenkinsArtifactDetails artifactDetails, int startJobId, int endJobId) { Trace.Entering(); string url = StringUtil.Format("{0}/job/{1}/api/json?tree=allBuilds[number]", artifactDetails.Url, artifactDetails.JobName); int startIndex = -1, endIndex = -1, index = 0; var listOfBuildResult = DownloadCommitsJsonContent(context, url, artifactDetails, "$.allBuilds[*].number").Result; foreach (JToken token in listOfBuildResult) { long value = 0; if (long.TryParse((string)token, out value)) { if (value == startJobId) { startIndex = index; } if (value == endJobId) { endIndex = index; } if (startIndex > 0 && endIndex > 0) { break; } index++; } } context.Debug(StringUtil.Format("Found startIndex {0} and endIndex {1}", startIndex, endIndex)); if (startIndex < 0 || endIndex < 0) { throw new CommitsDownloadException(StringUtil.Loc("JenkinsBuildDoesNotExistsForCommits", startJobId, endJobId, startIndex, endIndex)); } return Tuple.Create(startIndex, endIndex); } private async Task> DownloadCommits(IExecutionContext context, JenkinsArtifactDetails artifactDetails, int jobId) { context.Output(StringUtil.Format("Getting changeSet associated with build {0} ", jobId)); string commitsUrl = StringUtil.Format("{0}/job/{1}/{2}/api/json?tree=number,result,changeSet[items[commitId,date,msg,author[fullName]]]", artifactDetails.Url, artifactDetails.JobName, jobId); var commitsResult = await DownloadCommitsJsonContent(context, commitsUrl, artifactDetails, "$.changeSet.items[*]"); string rootUrl; bool isGitRepo = IsGitRepo(context, artifactDetails, jobId, out rootUrl); return commitsResult.Select(x => ConvertCommitToChange(context, x, isGitRepo, rootUrl)); } private async Task> DownloadCommits(IExecutionContext context, JenkinsArtifactDetails artifactDetails, int startJobId, int endJobId) { Trace.Entering(); if (startJobId == 0) { context.Debug($"StartJobId does not exist, downloading changeSet from build {endJobId}"); return await DownloadCommits(context, artifactDetails, endJobId); } //#1. Figure out the index of build numbers Tuple result = GetCommitJobIdIndex(context, artifactDetails, startJobId, endJobId); int startIndex = result.Item1; int endIndex = result.Item2; //#2. Download the commits using range string buildParameter = (startIndex >= 100 || endIndex >= 100) ? "allBuilds" : "builds"; // jenkins by default will return only 100 top builds. Have to use "allBuilds" if we are dealing with build which are older than 100 builds string commitsUrl = StringUtil.Format("{0}/job/{1}/api/json?tree={2}[number,result,changeSet[items[commitId,date,msg,author[fullName]]]]{{{3},{4}}}", artifactDetails.Url, artifactDetails.JobName, buildParameter, endIndex, startIndex); var changeSetResult = await DownloadCommitsJsonContent(context, commitsUrl, artifactDetails, StringUtil.Format("$.{0}[*].changeSet.items[*]", buildParameter)); string rootUrl; bool isGitRepo = IsGitRepo(context, artifactDetails, endJobId, out rootUrl); return changeSetResult.Select(x => ConvertCommitToChange(context, x, isGitRepo, rootUrl)); } private async Task DownloadCommitsJsonContent(IExecutionContext executionContext, string url, JenkinsArtifactDetails artifactDetails) { Trace.Entering(); executionContext.Debug($"Querying Jenkins server with the api {url}"); string result = await HostContext.GetService() .GetStringAsync(url, artifactDetails.AccountName, artifactDetails.AccountPassword, artifactDetails.AcceptUntrustedCertificates); if (!string.IsNullOrEmpty(result)) { executionContext.Debug($"Found result from Jenkins server: {result}"); } return result; } private async Task> DownloadCommitsJsonContent(IExecutionContext executionContext, string url, JenkinsArtifactDetails artifactDetails, string jsonPath) { Trace.Entering(); string result = await DownloadCommitsJsonContent(executionContext, url, artifactDetails); if (!string.IsNullOrEmpty(result)) { executionContext.Debug($"result will be filtered with {jsonPath}"); return ParseToken(result, jsonPath); } return new List(); } private bool IsGitRepo(IExecutionContext executionContext, JenkinsArtifactDetails artifactDetails, int jobId, out string rootUrl) { bool isGitRepo = false; rootUrl = string.Empty; executionContext.Debug("Checking if Jenkins job uses git scm"); string repoUrl = StringUtil.Format("{0}/job/{1}/{2}/api/json?tree=actions[remoteUrls],changeSet[kind]", artifactDetails.Url, artifactDetails.JobName, jobId); var repoResult = DownloadCommitsJsonContent(executionContext, repoUrl, artifactDetails).Result; if (repoResult != null) { executionContext.Debug($"repo query result from Jenkins api {repoResult.ToString()}"); var repoKindResult = ParseToken(repoResult.ToString(), "$.changeSet.kind"); if (repoKindResult != null && repoKindResult.Any()) { string repoKind = repoKindResult.First().ToString(); executionContext.Debug($"Parsed repo result {repoKind}"); if (!string.IsNullOrEmpty(repoKind) && repoKind.Equals(GitRepoName, StringComparison.OrdinalIgnoreCase)) { executionContext.Debug("Its a git repo, checking if it has root url"); var rootUrlResult = ParseToken(repoResult.ToString(), "$.actions[?(@.remoteUrls)]"); if (rootUrlResult != null && rootUrlResult.Any()) { var resultDictionary = JsonConvert.DeserializeObject>(rootUrlResult.First().ToString()); if (resultDictionary.ContainsKey(RemoteUrlsKey) && resultDictionary[RemoteUrlsKey].Any()) { rootUrl = resultDictionary[RemoteUrlsKey].First().ToString(); isGitRepo = true; executionContext.Debug($"Found the git repo root url {rootUrl}"); } } } } } return isGitRepo; } private IEnumerable ParseToken(string jsonResult, string jsonPath) { JObject parsedJson = JObject.Parse(jsonResult); return parsedJson.SelectTokens(jsonPath); } public IArtifactDetails GetArtifactDetails(IExecutionContext context, AgentArtifactDefinition agentArtifactDefinition) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(agentArtifactDefinition, nameof(agentArtifactDefinition)); Trace.Entering(); var artifactDetails = JsonConvert.DeserializeObject>(agentArtifactDefinition.Details); ServiceEndpoint jenkinsEndpoint = context.Endpoints.FirstOrDefault(e => string.Equals(e.Name, artifactDetails["ConnectionName"], StringComparison.OrdinalIgnoreCase)); if (jenkinsEndpoint == null) { throw new InvalidOperationException(StringUtil.Loc("RMJenkinsEndpointNotFound", agentArtifactDefinition.Name)); } string relativePath; var jobName = string.Empty; var allFieldsPresents = artifactDetails.TryGetValue("RelativePath", out relativePath) && artifactDetails.TryGetValue("JobName", out jobName); bool acceptUntrusted = jenkinsEndpoint.Data != null && jenkinsEndpoint.Data.ContainsKey("acceptUntrustedCerts") && StringUtil.ConvertToBoolean(jenkinsEndpoint.Data["acceptUntrustedCerts"]); string startCommitArtifactVersion = string.Empty; string endCommitArtifactVersion = string.Empty; artifactDetails.TryGetValue("StartCommitArtifactVersion", out startCommitArtifactVersion); artifactDetails.TryGetValue("EndCommitArtifactVersion", out endCommitArtifactVersion); if (allFieldsPresents) { return new JenkinsArtifactDetails { RelativePath = relativePath, AccountName = jenkinsEndpoint.Authorization.Parameters[EndpointAuthorizationParameters.Username], AccountPassword = jenkinsEndpoint.Authorization.Parameters[EndpointAuthorizationParameters.Password], BuildId = Convert.ToInt32(agentArtifactDefinition.Version, CultureInfo.InvariantCulture), JobName = jobName, Url = jenkinsEndpoint.Url, AcceptUntrustedCertificates = acceptUntrusted, StartCommitArtifactVersion = startCommitArtifactVersion, EndCommitArtifactVersion = endCommitArtifactVersion, Alias = agentArtifactDefinition.Alias }; } else { throw new InvalidOperationException(StringUtil.Loc("RMArtifactDetailsIncomplete")); } } private bool IsValidBuild(IGenericHttpClient client, JenkinsArtifactDetails jenkinsDetails) { var buildUrl = string.Format( CultureInfo.InvariantCulture, "{0}/job/{1}/{2}/", jenkinsDetails.Url, jenkinsDetails.JobName, jenkinsDetails.BuildId); HttpResponseMessage response = client.GetAsync(buildUrl, jenkinsDetails.AccountName, jenkinsDetails.AccountPassword, jenkinsDetails.AcceptUntrustedCertificates).Result; return response.IsSuccessStatusCode; } private static string GetParentFolderName(string relativePath) { // Sometime the Jenkins artifact relative path would be simply / indicating read from root. This will retrun empty string at such scenarios. return relativePath.TrimEnd(Backslash).TrimEnd(ForwardSlash).Replace(Backslash, ForwardSlash).Split(ForwardSlash).Last(); } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/TfsGitArtifact.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Contracts; using Newtonsoft.Json; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts { public class TfsGitArtifact : AgentService, IArtifactExtension { public Type ExtensionType => typeof(IArtifactExtension); public AgentArtifactType ArtifactType => AgentArtifactType.TFGit; public async Task DownloadAsync(IExecutionContext executionContext, ArtifactDefinition artifactDefinition, string downloadFolderPath) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(artifactDefinition, nameof(artifactDefinition)); ArgUtil.NotNullOrEmpty(downloadFolderPath, nameof(downloadFolderPath)); var gitArtifactDetails = artifactDefinition.Details as TfsGitArtifactDetails; ArgUtil.NotNull(gitArtifactDetails, nameof(gitArtifactDetails)); ServiceEndpoint endpoint = executionContext.Endpoints.FirstOrDefault((e => string.Equals(e.Name, gitArtifactDetails.RepositoryId, StringComparison.OrdinalIgnoreCase))); if (endpoint == null) { throw new InvalidOperationException(StringUtil.Loc("RMGitEndpointNotFound")); } var extensionManager = HostContext.GetService(); ISourceProvider sourceProvider = (extensionManager.GetExtensions()).FirstOrDefault(x => x.RepositoryType == Microsoft.TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.Git); if (sourceProvider == null) { throw new InvalidOperationException(StringUtil.Loc("SourceArtifactProviderNotFound", Microsoft.TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.Git)); } var tfsGitEndpoint = endpoint.Clone(); tfsGitEndpoint.Data.Add(Constants.EndpointData.SourcesDirectory, downloadFolderPath); tfsGitEndpoint.Data.Add(Constants.EndpointData.SourceBranch, gitArtifactDetails.Branch); tfsGitEndpoint.Data.Add(Constants.EndpointData.SourceVersion, artifactDefinition.Version); tfsGitEndpoint.Data.Add(EndpointData.CheckoutSubmodules, gitArtifactDetails.CheckoutSubmodules); tfsGitEndpoint.Data.Add(EndpointData.CheckoutNestedSubmodules, gitArtifactDetails.CheckoutNestedSubmodules); tfsGitEndpoint.Data.Add("fetchDepth", gitArtifactDetails.FetchDepth); tfsGitEndpoint.Data.Add("GitLfsSupport", gitArtifactDetails.GitLfsSupport); await sourceProvider.GetSourceAsync(executionContext, tfsGitEndpoint, executionContext.CancellationToken); } public IArtifactDetails GetArtifactDetails(IExecutionContext context, AgentArtifactDefinition agentArtifactDefinition) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(agentArtifactDefinition, nameof(agentArtifactDefinition)); var artifactDetails = JsonConvert.DeserializeObject>(agentArtifactDefinition.Details); var projectId = string.Empty; var repositoryId = string.Empty; var branch = string.Empty; if (artifactDetails.TryGetValue("ProjectId", out projectId) && artifactDetails.TryGetValue("RepositoryId", out repositoryId) && artifactDetails.TryGetValue("Branch", out branch)) { string checkoutNestedSubmodules; string checkoutSubmodules; string gitLfsSupport; string fetchDepth; artifactDetails.TryGetValue("checkoutNestedSubmodules", out checkoutNestedSubmodules); artifactDetails.TryGetValue("checkoutSubmodules", out checkoutSubmodules); artifactDetails.TryGetValue("gitLfsSupport", out gitLfsSupport); artifactDetails.TryGetValue("fetchDepth", out fetchDepth); return new TfsGitArtifactDetails { RelativePath = "\\", ProjectId = projectId, RepositoryId = repositoryId, Branch = branch, CheckoutNestedSubmodules = checkoutNestedSubmodules, CheckoutSubmodules = checkoutSubmodules, GitLfsSupport = gitLfsSupport, FetchDepth = fetchDepth }; } else { throw new InvalidOperationException(StringUtil.Loc("RMArtifactDetailsIncomplete")); } } } } ================================================ FILE: src/Agent.Worker/Release/Artifacts/TfsVCArtifact.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading.Tasks; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Microsoft.VisualStudio.Services.FormInput; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Contracts; using Newtonsoft.Json; using DefinitionWorkspaceMappings = Microsoft.VisualStudio.Services.Agent.Worker.Build.TfsVCSourceProvider.DefinitionWorkspaceMappings; using DefinitionWorkspaceMapping = Microsoft.VisualStudio.Services.Agent.Worker.Build.TfsVCSourceProvider.DefinitionWorkspaceMapping; using DefinitionMappingType = Microsoft.VisualStudio.Services.Agent.Worker.Build.TfsVCSourceProvider.DefinitionMappingType; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts { public class TfsVCArtifact : AgentService, IArtifactExtension { public Type ExtensionType => typeof(IArtifactExtension); public AgentArtifactType ArtifactType => AgentArtifactType.Tfvc; public async Task DownloadAsync(IExecutionContext executionContext, ArtifactDefinition artifactDefinition, string downloadFolderPath) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(artifactDefinition, nameof(artifactDefinition)); ArgUtil.NotNullOrEmpty(downloadFolderPath, nameof(downloadFolderPath)); var tfsVcArtifactDetails = artifactDefinition.Details as TfsVCArtifactDetails; ArgUtil.NotNull(tfsVcArtifactDetails, nameof(tfsVcArtifactDetails)); ServiceEndpoint endpoint = executionContext.Endpoints.FirstOrDefault((e => string.Equals(e.Name, tfsVcArtifactDetails.RepositoryId, StringComparison.OrdinalIgnoreCase))); if (endpoint == null) { throw new InvalidOperationException(StringUtil.Loc("RMTfsVCEndpointNotFound")); } var tfsVCEndpoint = endpoint.Clone(); PrepareTfsVCEndpoint(tfsVCEndpoint, tfsVcArtifactDetails); var extensionManager = HostContext.GetService(); ISourceProvider sourceProvider = (extensionManager.GetExtensions()).FirstOrDefault(x => x.RepositoryType == Microsoft.TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.Tfvc); if (sourceProvider == null) { throw new InvalidOperationException(StringUtil.Loc("SourceArtifactProviderNotFound", Microsoft.TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.Tfvc)); } var rootDirectory = Directory.GetParent(downloadFolderPath).Name; executionContext.SetVariable(Constants.Variables.Agent.BuildDirectory, rootDirectory); tfsVCEndpoint.Data.Add(Constants.EndpointData.SourcesDirectory, downloadFolderPath); tfsVCEndpoint.Data.Add(Constants.EndpointData.SourceVersion, artifactDefinition.Version); await sourceProvider.GetSourceAsync(executionContext, tfsVCEndpoint, executionContext.CancellationToken); } public IArtifactDetails GetArtifactDetails(IExecutionContext context, AgentArtifactDefinition agentArtifactDefinition) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(agentArtifactDefinition, nameof(agentArtifactDefinition)); var artifactDetails = JsonConvert.DeserializeObject>(agentArtifactDefinition.Details); var projectId = string.Empty; var repositoryId = string.Empty; var mappings = string.Empty; var mandatoryFields = artifactDetails.TryGetValue(ArtifactDefinitionConstants.ProjectId, out projectId) && artifactDetails.TryGetValue(ArtifactDefinitionConstants.RepositoryId, out repositoryId); if (!artifactDetails.TryGetValue(ArtifactDefinitionConstants.MappingsId, out mappings) || mappings == null) { string baseRepoPath = string.Join("/", "$", projectId); var defaultMapping = new List>() { new Dictionary() { { ArtifactDefinitionConstants.ServerPathId, new InputValue { Value = baseRepoPath } }, { ArtifactDefinitionConstants.MappingTypeId, new InputValue { Value = Constants.Release.Map } }, { ArtifactDefinitionConstants.LocalPathId, new InputValue { Value = string.Empty } } } }; mappings = JsonConvert.SerializeObject(defaultMapping); } if (mandatoryFields) { return new TfsVCArtifactDetails { RelativePath = "\\", ProjectId = projectId, RepositoryId = repositoryId, Mappings = mappings }; } else { throw new InvalidOperationException(StringUtil.Loc("RMArtifactDetailsIncomplete")); } } private void PrepareTfsVCEndpoint(ServiceEndpoint endpoint, TfsVCArtifactDetails tfsVcArtifactDetails) { var allMappings = JsonConvert.DeserializeObject>>(tfsVcArtifactDetails.Mappings); var distinctMapping = new Dictionary(); foreach (var map in allMappings) { InputValue mappingServerPath; InputValue mappingType; if (map.TryGetValue(ArtifactDefinitionConstants.ServerPathId, out mappingServerPath) && map.TryGetValue(ArtifactDefinitionConstants.MappingTypeId, out mappingType) && mappingServerPath != null && mappingType != null) { if (!distinctMapping.ContainsKey(mappingServerPath.Value)) { InputValue mappingLocalPath; bool isLocalPathPresent = map.TryGetValue(ArtifactDefinitionConstants.LocalPathId, out mappingLocalPath); DefinitionMappingType type; Enum.TryParse(mappingType.Value, out type); distinctMapping.Add( mappingServerPath.Value, new DefinitionWorkspaceMapping { ServerPath = mappingServerPath.Value, MappingType = type, LocalPath = isLocalPathPresent ? mappingLocalPath.Value : string.Empty }); } } } var definitionWorkspaceMappings = new DefinitionWorkspaceMappings { Mappings = distinctMapping.Values.ToArray() }; endpoint.Data.Add(EndpointData.TfvcWorkspaceMapping, JsonConvert.SerializeObject(definitionWorkspaceMappings)); endpoint.Data.Add(EndpointData.Clean, "true"); } } } ================================================ FILE: src/Agent.Worker/Release/ContainerFetchEngine/ContainerFetchEngine.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine { public class ContainerFetchEngine : FetchEngine { public ContainerFetchEngine( IContainerProvider containerProvider, string rootItemPath, string rootDestinationDir) : base(containerProvider, rootItemPath, rootDestinationDir) { } public async Task FetchAsync(CancellationToken cancellationToken) { IEnumerable containerItems = await Provider.GetItemsAsync().ConfigureAwait(false); await FetchItemsAsync(containerItems, cancellationToken).ConfigureAwait(false); } } } ================================================ FILE: src/Agent.Worker/Release/ContainerFetchEngine/ContainerFetchEngineDefaultOptions.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine { public static class ContainerFetchEngineDefaultOptions { public static readonly TimeSpan RetryInterval = TimeSpan.FromSeconds(5); public const int ParallelDownloadLimit = 4; public const int RetryLimit = 5; public const int DownloadBufferSize = 8192; } } ================================================ FILE: src/Agent.Worker/Release/ContainerFetchEngine/ContainerFetchEngineOptions.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine { public class ContainerFetchEngineOptions { public int RetryLimit { get; set; } public TimeSpan RetryInterval { get; set; } public TimeSpan GetFileAsyncTimeout { get; set; } public int ParallelDownloadLimit { get; set; } public int DownloadBufferSize { get; set; } public ContainerFetchEngineOptions() { RetryLimit = ContainerFetchEngineDefaultOptions.RetryLimit; ParallelDownloadLimit = ContainerFetchEngineDefaultOptions.ParallelDownloadLimit; RetryInterval = ContainerFetchEngineDefaultOptions.RetryInterval; DownloadBufferSize = ContainerFetchEngineDefaultOptions.DownloadBufferSize; } } } ================================================ FILE: src/Agent.Worker/Release/ContainerFetchEngine/ContainerItem.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine { public class ContainerItem { public ItemType ItemType { get; set; } public string Path { get; set; } public long FileLength { get; set; } // TODO(omeshp): Figure a way to remove these dependencies with server drop artifact public long ContainerId { get; set; } public Guid ScopeIdentifier { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/ContainerFetchEngine/FetchEngine.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; //TODO(omeshp) remove these dependencies on agent. using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine { /// /// A base class for fetch engines. Handles purging extra files in the destination directory. /// public abstract class FetchEngine : IDisposable { public IReleaseFileSystemManager FileSystemManager { private get; set; } protected IContainerProvider Provider { get; } protected FetchEngine( IContainerProvider containerProvider, string rootItemPath, string rootDestinationDir) { RootItemPath = rootItemPath; RootDestinationDir = rootDestinationDir; Provider = containerProvider; ContainerFetchEngineOptions = new ContainerFetchEngineOptions(); FileSystemManager = new ReleaseFileSystemManager(); ExecutionLogger = new NullExecutionLogger(); } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } protected virtual void Dispose(bool disposing) { if (disposing) { if (_downloadedFiles > 0) { ExecutionLogger.Output(StringUtil.Loc("RMDownloadComplete")); } LogStatistics(); } } protected async Task FetchItemsAsync(IEnumerable containerItems, CancellationToken token) { ArgUtil.NotNull(containerItems, nameof(containerItems)); var itemsToDownload = new List(); foreach (ContainerItem item in containerItems) { if (item.ItemType == ItemType.Folder) { string localDirectory = ConvertToLocalPath(item); FileSystemManager.EnsureDirectoryExists(localDirectory); } else if (item.ItemType == ItemType.File) { string localPath = ConvertToLocalPath(item); ExecutionLogger.Debug(StringUtil.Format("[File] {0} => {1}", item.Path, localPath)); _totalFiles++; if (item.FileLength == 0) { CreateEmptyFile(localPath, token); _newEmptyFiles++; } else { itemsToDownload.Add(item); } } else { throw new NotSupportedException(StringUtil.Loc("RMContainerItemNotSupported", item.ItemType)); } } if (_totalFiles == 0) { ExecutionLogger.Warning(StringUtil.Loc("RMArtifactEmpty")); } if (itemsToDownload.Count > 0) { using (var cancellationTokenSource = new CancellationTokenSource()) using (var linkedTokenSource = CancellationTokenSource.CreateLinkedTokenSource(token, cancellationTokenSource.Token)) using (var downloadThrottle = new SemaphoreSlim(ContainerFetchEngineOptions.ParallelDownloadLimit)) { CancellationToken cancellationToken = linkedTokenSource.Token; // Used to limit the number of concurrent downloads. Stopwatch watch = Stopwatch.StartNew(); LinkedList remainingDownloads = new LinkedList(); foreach (ContainerItem ticketedItem in itemsToDownload) { _bytesDownloaded += ticketedItem.FileLength; Task downloadTask = DownloadItemAsync(downloadThrottle, ticketedItem, cancellationToken); if (downloadTask.IsCompleted) { // don't wait to throw for faulted tasks. await downloadTask.ConfigureAwait(false); } else { remainingDownloads.AddLast(downloadTask); } } try { // Monitor and log the progress of the download tasks if they take over a few seconds. await LogProgressAsync(remainingDownloads).ConfigureAwait(false); } catch (Exception) { cancellationTokenSource.Cancel(); await Task.WhenAll(remainingDownloads); throw; } _elapsedDownloadTime += watch.Elapsed; } _downloadedFiles += itemsToDownload.Count; } } private void LogStatistics() { ExecutionLogger.Output(StringUtil.Loc("RMDownloadProgress", _totalFiles, _downloadedFiles, _newEmptyFiles)); if (_downloadedFiles > 0) { string message = StringUtil.Loc("RMDownloadProgressDetails", Math.Ceiling(_bytesDownloaded / (1024.0 * 1024.0)), Math.Floor(_bytesDownloaded / (1024.0 * _elapsedDownloadTime.TotalSeconds)), _elapsedDownloadTime); ExecutionLogger.Output(message); } } private async Task LogProgressAsync(LinkedList remainingTasks) { Stopwatch watch = Stopwatch.StartNew(); // Log progress until all downloads complete while (remainingTasks.Any()) { Task delayTask = Task.Delay(ProgressInterval); if (remainingTasks.Count < 20) { // temporarily add the delay task. remainingTasks.AddLast(delayTask); // wait for the delay task or a download to complete. // Task.WhenAny is probably an O(n) operation, so we only do this if there's not many downloads remaining. await Task.WhenAny(remainingTasks).ConfigureAwait(false); // remove the delay task. remainingTasks.RemoveLast(); } else { // go do something else for 5 seconds. await delayTask.ConfigureAwait(false); } // remove any download tasks that completed. LinkedListNode task = remainingTasks.First; while (task != null) { LinkedListNode nextTask = task.Next; if (task.Value.IsCompleted) { // don't wait to throw for faulted tasks. await task.Value.ConfigureAwait(false); remainingTasks.Remove(task); } task = nextTask; } // check how many downloads remain. if (remainingTasks.Count > 0) { if (watch.Elapsed > ProgressInterval) { ExecutionLogger.Output(StringUtil.Loc("RMRemainingDownloads", remainingTasks.Count)); watch.Restart(); } if (remainingTasks.Count != _previousRemainingTaskCount) { _lastTaskCompletionTime = DateTime.UtcNow; _previousRemainingTaskCount = remainingTasks.Count; } TimeSpan timeSinceLastTaskCompletion = DateTime.UtcNow - _lastTaskCompletionTime; TimeSpan timeSinceLastDiag = DateTime.UtcNow - _lastTaskDiagTime; if (timeSinceLastTaskCompletion > TaskDiagThreshold && timeSinceLastDiag > TaskDiagThreshold) { var taskStates = remainingTasks.GroupBy(dt => dt.Status); lock (_lock) { ExecutionLogger.Warning(StringUtil.Loc("RMDownloadTaskCompletedStatus", (int)timeSinceLastTaskCompletion.TotalMinutes)); foreach (IGrouping group in taskStates) { ExecutionLogger.Warning(StringUtil.Loc("RMDownloadTaskStates", group.Key, group.Count())); } } _lastTaskDiagTime = DateTime.UtcNow; } } } } private Task DownloadItemAsync( SemaphoreSlim downloadThrottle, ContainerItem ticketedItem, CancellationToken cancellationToken) { string downloadPath = ConvertToLocalPath(ticketedItem); return DownloadItemImplAsync(downloadThrottle, ticketedItem, downloadPath, cancellationToken); } private async Task DownloadItemImplAsync( SemaphoreSlim downloadThrottle, ContainerItem ticketedItem, string downloadPath, CancellationToken cancellationToken) { try { ExecutionLogger.Debug(StringUtil.Format("Acquiring semaphore to download file {0}", downloadPath)); await downloadThrottle.WaitAsync().ConfigureAwait(false); if (cancellationToken.IsCancellationRequested) { return; } // Download the file content to a temp file on the same drive. // Assumption: the build won't produce files ending in .download. string tmpDownloadPath = downloadPath + ".download"; FileSystemManager.EnsureParentDirectory(tmpDownloadPath); FileSystemManager.DeleteFile(downloadPath, cancellationToken); ExecutionLogger.Output(StringUtil.Loc("RMDownloadStartDownloadOfFile", downloadPath)); await GetFileAsync(ticketedItem, tmpDownloadPath, cancellationToken).ConfigureAwait(false); if (cancellationToken.IsCancellationRequested) { return; } // With the content successfully downloaded, move the tmp file to its permanent location. FileSystemManager.MoveFile(tmpDownloadPath, downloadPath); } finally { downloadThrottle.Release(); } } // Wraps our use of the proxy client library private async Task GetFileAsync(ContainerItem ticketedItem, string tmpDownloadPath, CancellationToken cancellationToken) { // Will get doubled on each attempt. TimeSpan timeBetweenRetries = ContainerFetchEngineOptions.RetryInterval; for (int triesRemaining = ContainerFetchEngineOptions.RetryLimit; ; triesRemaining--) { bool lastAttempt = (triesRemaining == 0); timeBetweenRetries += timeBetweenRetries; // Delete the tmp file inbetween attempts FileSystemManager.DeleteFile(tmpDownloadPath, cancellationToken); try { Task getFileTask = Provider.GetFileTask(ticketedItem, cancellationToken); ExecutionLogger.Debug(StringUtil.Format("Fetching contents of file {0}", tmpDownloadPath)); await getFileTask.ConfigureAwait(false); if (cancellationToken.IsCancellationRequested) { return; } ExecutionLogger.Debug(StringUtil.Format("Writing contents of file {0} to disk", tmpDownloadPath)); using (Stream stream = await getFileTask.ConfigureAwait(false)) { await FileSystemManager.WriteStreamToFile(stream, tmpDownloadPath, ContainerFetchEngineOptions.DownloadBufferSize, cancellationToken); } ExecutionLogger.Debug(StringUtil.Format("Finished writing contents of file {0} to disk", tmpDownloadPath)); break; } catch (Exception exception) { if (exception is AggregateException) { exception = ((AggregateException)exception).Flatten().InnerException; } if (lastAttempt) { throw new InvalidOperationException(StringUtil.Loc("RMErrorDownloadingContainerItem", tmpDownloadPath, exception)); } lock (_lock) { ExecutionLogger.Warning(StringUtil.Loc("RMReAttemptingDownloadOfContainerItem", tmpDownloadPath, exception)); } } // "Sleep" in between attempts. (Can't await inside a catch clause.) await Task.Delay(timeBetweenRetries); } } private void CreateEmptyFile(string downloadPath, CancellationToken cancellationToken) { FileSystemManager.EnsureParentDirectory(downloadPath); FileSystemManager.DeleteFile(downloadPath, cancellationToken); FileSystemManager.CreateEmptyFile(downloadPath); } private string ConvertToLocalPath(ContainerItem item) { string localRelativePath; if (item.Path.StartsWith(RootItemPath, StringComparison.OrdinalIgnoreCase)) { localRelativePath = item.Path.Substring(RootItemPath.Length).TrimStart('/'); } else { Debug.Fail(StringUtil.Loc("RMContainerItemPathDoesnotExist", RootItemPath, item.Path)); localRelativePath = item.Path; } localRelativePath = localRelativePath.Replace('/', Path.DirectorySeparatorChar); if (string.IsNullOrEmpty(localRelativePath) && item.ItemType == ItemType.File) { // // This will only happen when item path matches the RootItemPath. For directory that is fine (it happens for the root directly) but // for a file it is a little misleading. When the RootItemPath is a directory we want everything under it (but not the directory itself), // but when it is a file, we want the file. localRelativePath = FileSystemManager.GetFileName(item.Path); } return FileSystemManager.JoinPath(RootDestinationDir, localRelativePath); } public IConatinerFetchEngineLogger ExecutionLogger { get; set; } private string RootDestinationDir { get; } private string RootItemPath { get; } private int _previousRemainingTaskCount; private DateTime _lastTaskCompletionTime; private DateTime _lastTaskDiagTime; private int _totalFiles; private int _newEmptyFiles; private int _downloadedFiles; private TimeSpan _elapsedDownloadTime; private long _bytesDownloaded; private readonly object _lock = new object(); private static readonly TimeSpan ProgressInterval = TimeSpan.FromSeconds(5); private static readonly TimeSpan TaskDiagThreshold = TimeSpan.FromMinutes(1); public ContainerFetchEngineOptions ContainerFetchEngineOptions { get; set; } } } ================================================ FILE: src/Agent.Worker/Release/ContainerFetchEngine/HttpRetryOnTimeoutHandler.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using System; using System.Diagnostics; using System.Net; using System.Net.Http; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine { /// /// Re-attempt non-state changing requests on timeout, which VssHttpRetryMessageHandler doesn't consider retryable. /// public class HttpRetryOnTimeoutMessageHandler : DelegatingHandler { private readonly HttpRetryOnTimeoutOptions _retryOptions; private readonly IConatinerFetchEngineLogger _logger; public HttpRetryOnTimeoutMessageHandler(HttpRetryOnTimeoutOptions retryOptions, IConatinerFetchEngineLogger logger) { _retryOptions = retryOptions; _logger = logger; } protected override async Task SendAsync( HttpRequestMessage request, CancellationToken cancellationToken) { ArgUtil.NotNull(request, nameof(request)); if (PlatformUtil.RunningOnMacOS || PlatformUtil.RunningOnLinux) { request.Version = HttpVersion.Version11; } // Potential improvements: // 1. Calculate a max time across attempts, to avoid retries (this class) on top of retries (VssHttpRetryMessageHandler) // causing more time to pass than expected in degenerative cases. // 2. Increase the per-attempt timeout on each attempt. Instead of 5 minutes on each attempt, start low and build to 10-20 minutes. HttpResponseMessage response = null; // We can safely retry on timeout if the request isn't one that changes state. Boolean canRetry = (request.Method == HttpMethod.Get || request.Method == HttpMethod.Head || request.Method == HttpMethod.Options); if (canRetry) { Int32 attempt = 1; TimeoutException exception = null; Int32 maxAttempts = _retryOptions.MaxRetries + 1; while (attempt <= maxAttempts) { // Reset the exception so we don't have a lingering variable exception = null; Stopwatch watch = Stopwatch.StartNew(); try { response = await base.SendAsync(request, cancellationToken).ConfigureAwait(false); break; } catch (TimeoutException ex) { exception = ex; } TimeSpan backoff; if (attempt < maxAttempts) { backoff = BackoffTimerHelper.GetExponentialBackoff( attempt, _retryOptions.MinBackoff, _retryOptions.MaxBackoff, _retryOptions.BackoffCoefficient); } else { break; } string message = StringUtil.Loc("RMContainerItemRequestTimedOut", (int)watch.Elapsed.TotalSeconds, backoff.TotalSeconds, request.Method, request.RequestUri); _logger.Warning(message); attempt++; await Task.Delay(backoff, cancellationToken).ConfigureAwait(false); } if (exception != null) { throw exception; } } else { // No retries. Just pipe the request through to the other handlers. response = await base.SendAsync(request, cancellationToken).ConfigureAwait(false); } return response; } } } ================================================ FILE: src/Agent.Worker/Release/ContainerFetchEngine/HttpRetryOnTimeoutOptions.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine { /// /// Defines the options used for configuring the retry policy. /// public class HttpRetryOnTimeoutOptions { private Int32 _isReadOnly; private Int32 _maxRetries; private TimeSpan _minBackoff; private TimeSpan _maxBackoff; private TimeSpan _backoffCoefficient; private static readonly TimeSpan _defaultMinBackoff = TimeSpan.FromSeconds(10); private static readonly TimeSpan _defaultMaxBackoff = TimeSpan.FromMinutes(10); private static readonly TimeSpan _defaultBackoffCoefficient = TimeSpan.FromSeconds(1); private static readonly Lazy _defaultOptions = new Lazy(() => new HttpRetryOnTimeoutOptions().MakeReadonly()); public HttpRetryOnTimeoutOptions() { BackoffCoefficient = _defaultBackoffCoefficient; MinBackoff = _defaultMinBackoff; MaxBackoff = _defaultMaxBackoff; MaxRetries = 5; } /// /// Gets a singleton read-only instance of the default settings. /// public static HttpRetryOnTimeoutOptions Default { get { return _defaultOptions.Value; } } /// /// Gets or sets the coefficient which exponentially increases the backoff starting at . /// public TimeSpan BackoffCoefficient { get { return _backoffCoefficient; } set { ThrowIfReadonly(); _backoffCoefficient = value; } } /// /// Gets or sets the minimum backoff interval to be used. /// public TimeSpan MinBackoff { get { return _minBackoff; } set { ThrowIfReadonly(); _minBackoff = value; } } /// /// Gets or sets the maximum backoff interval to be used. /// public TimeSpan MaxBackoff { get { return _maxBackoff; } set { ThrowIfReadonly(); _maxBackoff = value; } } /// /// Gets or sets the maximum number of retries allowed. /// public Int32 MaxRetries { get { return _maxRetries; } set { ThrowIfReadonly(); _maxRetries = value; } } /// /// Ensures that no further modifications may be made to the retry options. /// /// A read-only instance of the retry options public HttpRetryOnTimeoutOptions MakeReadonly() { if (Interlocked.CompareExchange(ref _isReadOnly, 1, 0) == 0) { // Make any lists read-only here. } return this; } /// /// Throws an InvalidOperationException if this is marked as ReadOnly. /// private void ThrowIfReadonly() { if (_isReadOnly > 0) { throw new InvalidOperationException(); } } } } ================================================ FILE: src/Agent.Worker/Release/ContainerFetchEngine/IConatinerFetchEngineLogger.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine { [ServiceLocator(Default = typeof(NullExecutionLogger))] // NOTE: FetchEngine specific interface shouldn't take dependency on Agent code. public interface IConatinerFetchEngineLogger { void Warning(string message); void Output(string message); void Debug(string message); } } ================================================ FILE: src/Agent.Worker/Release/ContainerFetchEngine/IContainerProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.IO; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine { // NOTE: FetchEngine specific interface shouldn't take dependency on Agent code. public interface IContainerProvider { Task> GetItemsAsync(); Task GetFileTask(ContainerItem ticketedItem, CancellationToken token); } } ================================================ FILE: src/Agent.Worker/Release/ContainerFetchEngine/ItemType.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine { public enum ItemType { Any, Folder, File } } ================================================ FILE: src/Agent.Worker/Release/ContainerFetchEngine/NullExecutionLogger.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine { public class NullExecutionLogger : IConatinerFetchEngineLogger { public void Warning(string message) { } public void Output(string message) { } public void Debug(string message) { } } } ================================================ FILE: src/Agent.Worker/Release/ContainerProvider/FileContainerProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Linq; using System.Net.Http; using System.Net.Sockets; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine; using Microsoft.VisualStudio.Services.FileContainer; using Microsoft.VisualStudio.Services.FileContainer.Client; using Microsoft.VisualStudio.Services.WebApi; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerProvider.Helpers { public class FileContainerProvider : IContainerProvider { private readonly AsyncLazy _connection; private readonly AsyncLazy> _items; private readonly IExecutionContext _executionContext; public FileContainerProvider( long containerId, string projectId, string rootItemPath, Uri tfsUrl, string accessToken, DelegatingHandler httpRetryOnTimeoutMessageHandler, IExecutionContext executionContext, bool includeDownloadTickets = false, bool skipServerCertificateValidation = false) { this._executionContext = executionContext; // Needs to be async since we don't want to wait for connection creation and lazy since we don't want to create multiple connections. this._connection = new AsyncLazy( async () => { var data = await VssConnectionFactory.GetVssConnectionAsync( tfsUrl, accessToken, httpRetryOnTimeoutMessageHandler, this._executionContext.GetTraceWriter(), skipServerCertificateValidation) .ConfigureAwait(false); return data; }); // Even though current code items is fetch only once we cannot assume it won't be called mutiple times, so making it AsyncLazy _items = new AsyncLazy>( async delegate { var vssConnection = await GetVssConnection(); var client = vssConnection.GetClient(); if (string.IsNullOrEmpty(rootItemPath)) { executionContext.Output(StringUtil.Loc("RMCachingAllItems")); } else { executionContext.Output(StringUtil.Loc("RMCachingContainerItems", rootItemPath)); } Stopwatch watch = Stopwatch.StartNew(); List items = await client.QueryContainerItemsAsync( containerId, new Guid(projectId), rootItemPath, includeDownloadTickets: includeDownloadTickets, cancellationToken: executionContext.CancellationToken) .ConfigureAwait(false); watch.Stop(); executionContext.Output(StringUtil.Loc("RMCachingComplete", watch.ElapsedMilliseconds)); return items; }); } public async Task GetFileTask(ContainerItem ticketedItem, CancellationToken cancellationToken) { ArgUtil.NotNull(ticketedItem, nameof(ticketedItem)); this._executionContext.Debug(StringUtil.Format("Get file container client for file {0}", ticketedItem.Path)); VssConnection vssConnection = await GetVssConnection(); FileContainerHttpClient fileContainer = null; try { fileContainer = vssConnection.GetClient(); } catch (SocketException e) { ExceptionsUtil.HandleSocketException(e, vssConnection.Uri.ToString(), this._executionContext.Error); throw; } this._executionContext.Debug(StringUtil.Format("Start fetch file stream from filecontainer service for file {0}", ticketedItem.Path)); Stream stream = await fileContainer.DownloadFileAsync( ticketedItem.ContainerId, ticketedItem.Path, cancellationToken, scopeIdentifier: ticketedItem.ScopeIdentifier); this._executionContext.Debug(StringUtil.Format("Finished fetch file stream from filecontainer service for file {0}", ticketedItem.Path)); return stream; } public async Task> GetItemsAsync() { IEnumerable fileContainerItems = await _items; return fileContainerItems.Select(ConvertToContainerItem); } private static ContainerItem ConvertToContainerItem(FileContainerItem x) { return new ContainerItem { ItemType = (ItemType)(int)x.ItemType, Path = x.Path, FileLength = x.FileLength, ContainerId = x.ContainerId, ScopeIdentifier = x.ScopeIdentifier }; } private async Task GetVssConnection() { return await _connection; } } } ================================================ FILE: src/Agent.Worker/Release/ContainerProvider/Helpers/AsyncLazy.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Runtime.CompilerServices; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerProvider.Helpers { // http://blogs.msdn.com/b/pfxteam/archive/2011/01/15/10116210.aspx public class AsyncLazy : Lazy> { public AsyncLazy(Func valueFactory) : base(() => Task.Factory.StartNew(valueFactory)) { } public AsyncLazy(Func> taskFactory) : base(() => Task.Factory.StartNew(() => taskFactory()).Unwrap()) { } public TaskAwaiter GetAwaiter() { return Value.GetAwaiter(); } } } ================================================ FILE: src/Agent.Worker/Release/ContainerProvider/Helpers/ContainerProviderFactory.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerProvider.Helpers { [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA1001:Types that own disposable fields should be disposable ", MessageId = "_retryOnTimeoutMessageHandler")] public sealed class ContainerProviderFactory { private readonly BuildArtifactDetails _buildArtifactDetails; private readonly string _rootLocation; private readonly int _containerId; private readonly IExecutionContext _executionContext; private readonly HttpRetryOnTimeoutMessageHandler _retryOnTimeoutMessageHandler; public ContainerProviderFactory(BuildArtifactDetails buildArtifactDetails, string rootLocation, int containerId, IExecutionContext executionContext) { this._buildArtifactDetails = buildArtifactDetails; this._rootLocation = rootLocation; this._containerId = containerId; this._executionContext = executionContext; var executionLogger = new ExecutionLogger(executionContext); var httpRetryOnTimeoutOptions = new HttpRetryOnTimeoutOptions { MaxRetries = 5, MinBackoff = TimeSpan.FromSeconds(30), BackoffCoefficient = TimeSpan.FromSeconds(10), }; _retryOnTimeoutMessageHandler = new HttpRetryOnTimeoutMessageHandler( httpRetryOnTimeoutOptions, executionLogger); } public IContainerProvider GetContainerProvider(string containerType, bool skipServerCertificateValidation = false) { switch (containerType) { case ArtifactResourceTypes.Container: var fileContainerItemCache = new FileContainerProvider( this._containerId, this._buildArtifactDetails.Project, this._rootLocation, this._buildArtifactDetails.TfsUrl, this._buildArtifactDetails.AccessToken, this._retryOnTimeoutMessageHandler, this._executionContext, includeDownloadTickets: true, skipServerCertificateValidation); return fileContainerItemCache; default: throw new ArtifactDownloadException((StringUtil.Loc("RMArtifactTypeNotSupported", containerType))); } } } } ================================================ FILE: src/Agent.Worker/Release/ContainerProvider/Helpers/ExecutionLogger.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerProvider.Helpers { public class ExecutionLogger : IConatinerFetchEngineLogger { private readonly IExecutionContext _executionContext; public ExecutionLogger(IExecutionContext executionContext) { this._executionContext = executionContext; } public void Warning(string message) { this._executionContext.Warning(message); } public void Output(string message) { this._executionContext.Output(message); } public void Debug(string message) { this._executionContext.Debug(message); } } } ================================================ FILE: src/Agent.Worker/Release/ContainerProvider/Helpers/VssConnectionFactory.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Concurrent; using System.Net.Http; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Client; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.OAuth; using Microsoft.VisualStudio.Services.WebApi; using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerProvider { /// /// Our factory for VssConnections. Used to ensure: /// 1. consistent initialization /// 2. Connect() is called but only once for a given Uri. /// public static class VssConnectionFactory { private static readonly ConcurrentDictionary _vssConnections = new ConcurrentDictionary(); private static readonly TimeSpan _minTimeout = TimeSpan.FromMinutes(5); public static async Task GetVssConnectionAsync( Uri uri, string accessToken, DelegatingHandler retryOnTimeoutMessageHandler = null, ITraceWriter trace = null, bool skipServerCertificateValidation = false) { VssConnection connection; if (!_vssConnections.TryGetValue(uri, out connection)) { VssClientCredentials cred = GetCredentials(accessToken); DelegatingHandler[] handlers = new DelegatingHandler[] { retryOnTimeoutMessageHandler }; connection = VssUtil.CreateConnection(uri, cred, trace, skipServerCertificateValidation, handlers); connection.Settings.SendTimeout = TimeSpan.FromSeconds(Math.Max(_minTimeout.TotalSeconds, connection.Settings.SendTimeout.TotalSeconds)); await connection.ConnectAsync().ConfigureAwait(false); if (!_vssConnections.TryAdd(uri, connection)) { // first writer wins. Every caller returned the same instance. connection = _vssConnections[uri]; } } return connection; } private static VssClientCredentials GetCredentials(string accessToken) { VssClientCredentials cred; if (string.IsNullOrEmpty(accessToken)) { cred = new VssClientCredentials(federatedCredential: new VssAadCredential()); } else { cred = new VssClientCredentials(federatedCredential: new VssOAuthAccessTokenCredential(accessToken)); } cred.PromptType = CredentialPromptType.DoNotPrompt; return cred; } } } ================================================ FILE: src/Agent.Worker/Release/DeploymentJobExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { public sealed class DeploymentJobExtension : ReleaseJobExtension { public override HostTypes HostType => HostTypes.Deployment; } } ================================================ FILE: src/Agent.Worker/Release/IArtifactExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Contracts; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { public interface IArtifactExtension : IExtension { AgentArtifactType ArtifactType { get; } Task DownloadAsync(IExecutionContext executionContext, ArtifactDefinition artifactDefinition, string downloadFolderPath); IArtifactDetails GetArtifactDetails(IExecutionContext context, AgentArtifactDefinition agentArtifactDefinition); } } ================================================ FILE: src/Agent.Worker/Release/IReleaseDirectoryManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { [ServiceLocator(Default = typeof(ReleaseDirectoryManager))] public interface IReleaseDirectoryManager : IAgentService { ReleaseTrackingConfig PrepareArtifactsDirectory( string workingDirectory, string collectionId, string projectId, string releaseDefinition); } } ================================================ FILE: src/Agent.Worker/Release/ReleaseCommandExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { public sealed class ReleaseCommandExtension : BaseWorkerCommandExtension { public ReleaseCommandExtension() { CommandArea = "release"; SupportedHostTypes = HostTypes.Release | HostTypes.Deployment; InstallWorkerCommand(new ReleaseUpdateReleaseNameCommand()); } private class ReleaseUpdateReleaseNameCommand : IWorkerCommand { public string Name => "updatereleasename"; public List Aliases => null; [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "GetVssConnection")] public void Execute(IExecutionContext context, Command command) { var data = command.Data; ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(context.Endpoints, nameof(context.Endpoints)); Guid projectId = context.Variables.System_TeamProjectId ?? Guid.Empty; ArgUtil.NotEmpty(projectId, nameof(projectId)); string releaseId = context.Variables.Release_ReleaseId; ArgUtil.NotNull(releaseId, nameof(releaseId)); if (!String.IsNullOrEmpty(data)) { // queue async command task to update release name. context.Debug($"Update release name for release: {releaseId} to: {data} at backend."); var commandContext = context.GetHostContext().CreateService(); commandContext.InitializeCommandContext(context, StringUtil.Loc("RMUpdateReleaseName")); commandContext.Task = UpdateReleaseNameAsync(commandContext, context, WorkerUtilities.GetVssConnection(context), projectId, releaseId, data, context.CancellationToken); context.AsyncCommands.Add(commandContext); } else { throw new ArgumentNullException(StringUtil.Loc("RMReleaseNameRequired")); } } private async Task UpdateReleaseNameAsync( IAsyncCommandContext commandContext, IExecutionContext context, VssConnection connection, Guid projectId, string releaseId, string releaseName, CancellationToken cancellationToken) { var releaseServer = context.GetHostContext().GetService(); await releaseServer.ConnectAsync(connection); var release = await releaseServer.UpdateReleaseName(releaseId, projectId, releaseName, cancellationToken); commandContext.Output(StringUtil.Loc("RMUpdateReleaseNameForRelease", release.Name, release.Id)); context.Variables.Set("release.releaseName", release.Name); } } } } ================================================ FILE: src/Agent.Worker/Release/ReleaseDirectoryManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Newtonsoft.Json; using System; using System.IO; using System.Linq; using System.Text.RegularExpressions; using System.Threading.Tasks; using System.Diagnostics; using System.Collections.Generic; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Maintenance; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { public sealed class ReleaseDirectoryManager : AgentService, IReleaseDirectoryManager, IMaintenanceServiceProvider { public string MaintenanceDescription => StringUtil.Loc("DeleteUnusedReleaseDir"); public Type ExtensionType => typeof(IMaintenanceServiceProvider); public ReleaseTrackingConfig PrepareArtifactsDirectory( string workingDirectory, string collectionId, string projectId, string releaseDefinition) { Trace.Entering(); ArgUtil.NotNull(workingDirectory, nameof(workingDirectory)); ArgUtil.NotNull(collectionId, nameof(collectionId)); ArgUtil.NotNull(projectId, nameof(projectId)); ArgUtil.NotNull(releaseDefinition, nameof(releaseDefinition)); ReleaseTrackingConfig trackingConfig; string trackingConfigFile = Path.Combine( workingDirectory, Constants.Release.Path.RootMappingDirectory, collectionId, projectId, releaseDefinition, Constants.Release.Path.DefinitionMapping); Trace.Verbose($"Mappings file: {trackingConfigFile}"); trackingConfig = LoadIfExists(trackingConfigFile); if (trackingConfig == null || trackingConfig.LastRunOn == null) { Trace.Verbose("Mappings file does not exist or in older format. A new mapping file will be created"); var releaseDirectorySuffix = ComputeFolderInteger(workingDirectory); trackingConfig = new ReleaseTrackingConfig(); trackingConfig.ReleaseDirectory = string.Format( "{0}{1}", Constants.Release.Path.ReleaseDirectoryPrefix, releaseDirectorySuffix); trackingConfig.UpdateJobRunProperties(); WriteToFile(trackingConfigFile, trackingConfig); Trace.Verbose($"Created a new mapping file: {trackingConfigFile}"); } return trackingConfig; } public Task RunMaintenanceOperation(IExecutionContext executionContext) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); var trackingManager = HostContext.GetService(); int staleReleaseDirThreshold = executionContext.Variables.GetInt("maintenance.deleteworkingdirectory.daysthreshold") ?? 0; if (staleReleaseDirThreshold > 0) { // scan unused Release directories executionContext.Output(StringUtil.Loc("DiscoverReleaseDir", staleReleaseDirThreshold)); trackingManager.MarkExpiredForGarbageCollection(executionContext, TimeSpan.FromDays(staleReleaseDirThreshold)); } else { executionContext.Output(StringUtil.Loc("GCReleaseDirNotEnabled")); return Task.CompletedTask; } executionContext.Output(StringUtil.Loc("GCReleaseDir")); // delete unused Release directories trackingManager.DisposeCollectedGarbage(executionContext); return Task.CompletedTask; } private int ComputeFolderInteger(string workingDirectory) { Trace.Entering(); if (Directory.Exists(workingDirectory)) { Regex regex = new Regex(string.Format(@"^{0}[0-9]*$", Constants.Release.Path.ReleaseDirectoryPrefix)); var dirs = Directory.GetDirectories(workingDirectory); var folderNames = dirs.Select(Path.GetFileName).Where(name => regex.IsMatch(name)); Trace.Verbose($"Number of folder with integer names: {folderNames.Count()}"); if (folderNames.Any()) { return folderNames.Select(x => Int32.Parse(x.Substring(1))).Max() + 1; } } return 1; } private ReleaseTrackingConfig LoadIfExists(string mappingFile) { Trace.Entering(); Trace.Verbose($"Loading mapping file: {mappingFile}"); if (!File.Exists(mappingFile)) { return null; } string content = File.ReadAllText(mappingFile); return JsonConvert.DeserializeObject(content); } private void WriteToFile(string file, object value) { Trace.Entering(); Trace.Verbose($"Writing config to file: {file}"); // Create the directory if it does not exist. Directory.CreateDirectory(Path.GetDirectoryName(file)); IOUtil.SaveObject(value, file); } } } ================================================ FILE: src/Agent.Worker/Release/ReleaseFileSystemManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { [ServiceLocator(Default = typeof(ReleaseFileSystemManager))] public interface IReleaseFileSystemManager : IAgentService { StreamReader GetFileReader(string filePath); Task WriteStreamToFile(Stream stream, string filePath, int bufferSize, CancellationToken cancellationToken); void EnsureEmptyDirectory(string directoryPath, CancellationToken cancellationToken); void EnsureDirectoryExists(string directoryPath); void EnsureParentDirectory(string filePath); void DeleteFile(string filePath, CancellationToken cancellationToken); void MoveFile(string sourceFileName, string destFileName); void CreateEmptyFile(string filePath); string GetFileName(string filePath); string JoinPath(string rootDirectory, string relativePath); } public class ReleaseFileSystemManager : AgentService, IReleaseFileSystemManager { public void EnsureEmptyDirectory(string directoryPath, CancellationToken cancellationToken) { try { var path = ValidatePath(directoryPath); if (Directory.Exists(path)) { IOUtil.DeleteDirectory(path, cancellationToken); } EnsureDirectoryExists(path); } catch (Exception ex) { var exception = ex; if (ex is AggregateException) { exception = ((AggregateException)ex).Flatten().InnerException; } if (exception is DirectoryNotFoundException || exception is UnauthorizedAccessException || exception is IOException || exception is OperationCanceledException) { throw new ArtifactDirectoryCreationFailedException(StringUtil.Loc("RMFailedCreatingArtifactDirectory", directoryPath), exception); } else { throw; } } } public StreamReader GetFileReader(string filePath) { string path = Path.Combine(ValidatePath(filePath)); if (!File.Exists(path)) { throw new FileNotFoundException(StringUtil.Loc("FileNotFound", path)); } return new StreamReader(new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.Read, DefaultStreamBufferSize, true)); } private static string ValidatePath(string path) { ArgUtil.NotNullOrEmpty(path, nameof(path)); return Path.GetFullPath(path); } public void EnsureDirectoryExists(string directoryPath) { string path = ValidatePath(directoryPath); if (!Directory.Exists(path)) { Directory.CreateDirectory(path); } } public void EnsureParentDirectory(string filePath) { DirectoryInfo ensureParentDirectory = Directory.GetParent(filePath); EnsureDirectoryExists(ensureParentDirectory.FullName); } public void DeleteFile(string filePath, CancellationToken cancellationToken) { if (File.Exists(filePath)) { try { IOUtil.DeleteFileWithRetry(filePath, cancellationToken).Wait(); } catch (Exception ex) { Trace.Warning($"Unable to delete {filePath}, ex:{ex.GetType()}"); throw; } } } public void MoveFile(string sourceFileName, string destFileName) { File.Move(sourceFileName, destFileName); } public void CreateEmptyFile(string filePath) { using (new FileStream(filePath, FileMode.Create)) { } } public string GetFileName(string filePath) { return Path.GetFileName(filePath); } public string JoinPath(string rootDirectory, string relativePath) { return Path.Combine(rootDirectory, relativePath); } public async Task WriteStreamToFile(Stream stream, string filePath, int bufferSize, CancellationToken cancellationToken) { ArgUtil.NotNull(stream, nameof(stream)); ArgUtil.NotNullOrEmpty(filePath, nameof(filePath)); EnsureDirectoryExists(Path.GetDirectoryName(filePath)); using (var targetStream = new FileStream(filePath, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize, true)) { await stream.CopyToAsync(targetStream, bufferSize, cancellationToken); } } private const int DefaultStreamBufferSize = 8192; } } ================================================ FILE: src/Agent.Worker/Release/ReleaseJobExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Net.Sockets; using System.Text.RegularExpressions; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Contracts; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Newtonsoft.Json; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Agent.Sdk; using Agent.Sdk.Knob; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { public class ReleaseJobExtension : JobExtension { private const string DownloadArtifactsFailureSystemError = "DownloadArtifactsFailureSystemError"; private const string DownloadArtifactsFailureUserError = "DownloadArtifactsFailureUserError"; private static readonly Guid DownloadArtifactsTaskId = new Guid("B152FEAA-7E65-43C9-BCC4-07F6883EE793"); private int ReleaseId { get; set; } private Guid TeamProjectId { get; set; } private string ReleaseWorkingFolder { get; set; } private string ArtifactsWorkingFolder { get; set; } private bool SkipArtifactsDownload { get; set; } private IList ReleaseArtifacts { get; set; } = new List(); public override Type ExtensionType => typeof(IJobExtension); public override HostTypes HostType => HostTypes.Release; private TeeUtil teeUtil; public override IStep GetExtensionPreJobStep(IExecutionContext jobContext) { if (ReleaseArtifacts.Any()) { return new JobExtensionRunner( runAsync: DownloadArtifactsAndCommitsAsync, condition: ExpressionManager.Succeeded, displayName: StringUtil.Loc("DownloadArtifacts"), data: null); } return null; } public override IStep GetExtensionPostJobStep(IExecutionContext jobContext) { return null; } public override string GetRootedPath(IExecutionContext context, string path) { ArgUtil.NotNull(context, nameof(context)); string rootedPath = null; if (!string.IsNullOrEmpty(path) && path.IndexOfAny(Path.GetInvalidPathChars()) < 0 && Path.IsPathRooted(path)) { try { rootedPath = Path.GetFullPath(path); Trace.Info($"Path resolved by source provider is a rooted path, return absolute path: {rootedPath}"); return rootedPath; } catch (Exception ex) { Trace.Info($"Path resolved is a rooted path, but it is not fully qualified, return the path: {path}"); Trace.Error(ex); return path; } } string artifactRootPath = context.Variables.Release_ArtifactsDirectory ?? string.Empty; Trace.Info($"Artifact root path is system.artifactsDirectory: {artifactRootPath}"); if (!string.IsNullOrEmpty(artifactRootPath) && artifactRootPath.IndexOfAny(Path.GetInvalidPathChars()) < 0 && path != null && path.IndexOfAny(Path.GetInvalidPathChars()) < 0) { path = Path.Combine(artifactRootPath, path); Trace.Info($"After prefix Artifact Path Root provide by JobExtension: {path}"); if (Path.IsPathRooted(path)) { try { rootedPath = Path.GetFullPath(path); Trace.Info($"Return absolute path after prefix ArtifactPathRoot: {rootedPath}"); return rootedPath; } catch (Exception ex) { Trace.Info($"After prefix Artifact Path Root provide by JobExtension. The Path is a rooted path, but it is not fully qualified, return the path: {path}"); Trace.Error(ex); return path; } } } return rootedPath; } public override void ConvertLocalPath(IExecutionContext context, string localPath, out string repoName, out string sourcePath) { Trace.Info($"Received localpath {localPath}"); repoName = string.Empty; sourcePath = string.Empty; } private async Task DownloadArtifactsAndCommitsAsync(IExecutionContext executionContext, object data) { Trace.Entering(); try { await DownloadArtifacts(executionContext, ReleaseArtifacts, ArtifactsWorkingFolder); await DownloadCommits(executionContext, TeamProjectId, ReleaseArtifacts); } catch (SocketException ex) { LogDownloadFailureTelemetry(executionContext, ex); ExceptionsUtil.HandleSocketException(ex, WorkerUtilities.GetVssConnection(executionContext).Uri.ToString(), (message) => Trace.Error(message)); throw; } catch (Exception ex) { LogDownloadFailureTelemetry(executionContext, ex); throw; } } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "releaseServer")] private IList GetReleaseArtifacts(IExecutionContext executionContext) { try { var connection = WorkerUtilities.GetVssConnection(executionContext); var releaseServer = executionContext.GetHostContext().GetService(); releaseServer.ConnectAsync(connection).GetAwaiter().GetResult(); IList releaseArtifacts = releaseServer.GetReleaseArtifactsFromService(ReleaseId, TeamProjectId).ToList(); IList filteredReleaseArtifacts = FilterArtifactDefintions(releaseArtifacts); filteredReleaseArtifacts.ToList().ForEach(x => Trace.Info($"Found Artifact = {x.Alias} of type {x.ArtifactType}")); return filteredReleaseArtifacts; } catch (Exception ex) { LogDownloadFailureTelemetry(executionContext, ex); throw; } } private async Task DownloadCommits( IExecutionContext executionContext, Guid teamProjectId, IList agentArtifactDefinitions) { Trace.Entering(); string commitsWorkFolder = String.Empty; if (agentArtifactDefinitions?.Any(x => x.ArtifactType == AgentArtifactType.Jenkins) == true) { Trace.Info("Creating commit work folder"); commitsWorkFolder = GetCommitsWorkFolder(executionContext); } // Note: We are having an explicit type here. For other artifact types we are planning to go with tasks // Only for jenkins we are making the agent to download var extensionManager = HostContext.GetService(); JenkinsArtifact jenkinsExtension = (extensionManager.GetExtensions()).FirstOrDefault(x => x.ArtifactType == AgentArtifactType.Jenkins) as JenkinsArtifact; foreach (AgentArtifactDefinition agentArtifactDefinition in agentArtifactDefinitions) { if (agentArtifactDefinition.ArtifactType == AgentArtifactType.Jenkins) { Trace.Info($"Found supported artifact {agentArtifactDefinition.Alias} for downloading commits"); ArtifactDefinition artifactDefinition = ConvertToArtifactDefinition(agentArtifactDefinition, executionContext, jenkinsExtension); await jenkinsExtension.DownloadCommitsAsync(executionContext, artifactDefinition, commitsWorkFolder); } } } private string GetCommitsWorkFolder(IExecutionContext context) { string commitsRootDirectory = Path.Combine(ReleaseWorkingFolder, Constants.Release.Path.ReleaseTempDirectoryPrefix, Constants.Release.Path.CommitsDirectory); Trace.Info($"Ensuring commit work folder {commitsRootDirectory} exists"); var releaseFileSystemManager = HostContext.GetService(); releaseFileSystemManager.EnsureDirectoryExists(commitsRootDirectory); return commitsRootDirectory; } private async Task DownloadArtifacts(IExecutionContext executionContext, IList agentArtifactDefinitions, string artifactsWorkingFolder) { Trace.Entering(); CreateArtifactsFolder(executionContext, artifactsWorkingFolder); executionContext.Output(StringUtil.Loc("RMDownloadingArtifact")); bool isTeeUsed = PlatformUtil.RunningOnLinux && agentArtifactDefinitions.Any(x => x.ArtifactType == AgentArtifactType.Tfvc); if (isTeeUsed) { teeUtil = new TeeUtil( executionContext.GetVariableValueOrDefault("Agent.HomeDirectory"), executionContext.GetVariableValueOrDefault("Agent.TempDirectory"), AgentKnobs.TeePluginDownloadRetryCount.GetValue(executionContext).AsInt(), executionContext.Debug, executionContext.CancellationToken ); await teeUtil.DownloadTeeIfAbsent(); } if (AgentKnobs.InstallLegacyTfExe.GetValue(executionContext).AsBoolean()) { await TfManager.DownloadLegacyTfToolsAsync(executionContext); } try { foreach (AgentArtifactDefinition agentArtifactDefinition in agentArtifactDefinitions) { // We don't need to check if its old style artifact anymore. All the build data has been fixed and all the build artifact has Alias now. ArgUtil.NotNullOrEmpty(agentArtifactDefinition.Alias, nameof(agentArtifactDefinition.Alias)); var extensionManager = HostContext.GetService(); IArtifactExtension extension = (extensionManager.GetExtensions()).FirstOrDefault(x => agentArtifactDefinition.ArtifactType == x.ArtifactType); if (extension == null) { throw new InvalidOperationException(StringUtil.Loc("RMArtifactTypeNotSupported", agentArtifactDefinition.ArtifactType)); } Trace.Info($"Found artifact extension of type {extension.ArtifactType}"); executionContext.Output(StringUtil.Loc("RMStartArtifactsDownload")); ArtifactDefinition artifactDefinition = ConvertToArtifactDefinition(agentArtifactDefinition, executionContext, extension); executionContext.Output(StringUtil.Loc("RMArtifactDownloadBegin", agentArtifactDefinition.Alias, agentArtifactDefinition.ArtifactType)); // Get the local path where this artifact should be downloaded. string downloadFolderPath = Path.GetFullPath(Path.Combine(artifactsWorkingFolder, agentArtifactDefinition.Alias ?? string.Empty)); // download the artifact to this path. RetryExecutor retryExecutor = new RetryExecutor(); retryExecutor.ShouldRetryAction = (ex) => { executionContext.Output(StringUtil.Loc("RMErrorDuringArtifactDownload", ex)); bool retry = true; if (ex is ArtifactDownloadException) { retry = false; } else { executionContext.Output(StringUtil.Loc("RMRetryingArtifactDownload")); Trace.Warning(ex.ToString()); } return retry; }; await retryExecutor.ExecuteAsync( async () => { var releaseFileSystemManager = HostContext.GetService(); executionContext.Output(StringUtil.Loc("RMEnsureArtifactFolderExistsAndIsClean", downloadFolderPath)); releaseFileSystemManager.EnsureEmptyDirectory(downloadFolderPath, executionContext.CancellationToken); await extension.DownloadAsync(executionContext, artifactDefinition, downloadFolderPath); }); executionContext.Output(StringUtil.Loc("RMArtifactDownloadFinished", agentArtifactDefinition.Alias)); } executionContext.Output(StringUtil.Loc("RMArtifactsDownloadFinished")); } finally { if (isTeeUsed && !AgentKnobs.DisableTeePluginRemoval.GetValue(executionContext).AsBoolean()) { teeUtil.DeleteTee(); } } } private void CreateArtifactsFolder(IExecutionContext executionContext, string artifactsWorkingFolder) { Trace.Entering(); RetryExecutor retryExecutor = new RetryExecutor(); retryExecutor.ShouldRetryAction = (ex) => { executionContext.Output(StringUtil.Loc("RMRetryingCreatingArtifactsDirectory", artifactsWorkingFolder, ex)); Trace.Error(ex); return true; }; retryExecutor.Execute( () => { executionContext.Output(StringUtil.Loc("RMCreatingArtifactsDirectory", artifactsWorkingFolder)); var releaseFileSystemManager = HostContext.GetService(); releaseFileSystemManager.EnsureEmptyDirectory(artifactsWorkingFolder, executionContext.CancellationToken); }); executionContext.Output(StringUtil.Loc("RMCreatedArtifactsDirectory", artifactsWorkingFolder)); } public override void InitializeJobExtension(IExecutionContext executionContext, IList steps, WorkspaceOptions workspace) { ArgUtil.NotNull(executionContext, nameof(executionContext)); Trace.Entering(); executionContext.Output(StringUtil.Loc("PrepareReleasesDir")); var directoryManager = HostContext.GetService(); ReleaseId = executionContext.Variables.GetInt(Constants.Variables.Release.ReleaseId) ?? 0; TeamProjectId = executionContext.Variables.GetGuid(Constants.Variables.System.TeamProjectId) ?? Guid.Empty; SkipArtifactsDownload = executionContext.Variables.GetBoolean(Constants.Variables.Release.SkipArtifactsDownload) ?? false; string releaseDefinitionName = executionContext.Variables.Get(Constants.Variables.Release.ReleaseDefinitionName); // TODO: Should we also write to log in executionContext.Output methods? so that we don't have to repeat writing into logs? // Log these values here to debug scenarios where downloading the artifact fails. executionContext.Output($"ReleaseId={ReleaseId}, TeamProjectId={TeamProjectId}, ReleaseDefinitionName={releaseDefinitionName}"); var releaseDefinition = executionContext.Variables.Get(Constants.Variables.Release.ReleaseDefinitionId); if (string.IsNullOrEmpty(releaseDefinition)) { string pattern = new string(Path.GetInvalidFileNameChars()) + new string(Path.GetInvalidPathChars()); Regex regex = new Regex(string.Format("[{0}]", Regex.Escape(pattern))); releaseDefinition = regex.Replace(releaseDefinitionName, string.Empty); } ArgUtil.NotNull(executionContext, nameof(executionContext)); // I am not sure why this is needed, but static analysis flagged all uses of executionContext below this point var releaseTrackingConfig = directoryManager.PrepareArtifactsDirectory( HostContext.GetDirectory(WellKnownDirectory.Work), executionContext.Variables.System_CollectionId, executionContext.Variables.System_TeamProjectId.ToString(), releaseDefinition); ReleaseWorkingFolder = Path.Combine( HostContext.GetDirectory(WellKnownDirectory.Work), releaseTrackingConfig.ReleaseDirectory); ArtifactsWorkingFolder = string.IsNullOrEmpty(executionContext.Variables.Release_ArtifactsDirectory) ? Path.Combine( HostContext.GetDirectory(WellKnownDirectory.Work), releaseTrackingConfig.ReleaseDirectory, Constants.Release.Path.ArtifactsDirectory) : executionContext.Variables.Release_ArtifactsDirectory; executionContext.Output($"Release folder: {ArtifactsWorkingFolder}"); // Ensure directory exist if (!Directory.Exists(ArtifactsWorkingFolder)) { Trace.Info($"Creating {ArtifactsWorkingFolder}."); Directory.CreateDirectory(ArtifactsWorkingFolder); } SetLocalVariables(executionContext, ArtifactsWorkingFolder); // Log the environment variables available after populating the variable service with our variables LogEnvironmentVariables(executionContext); if (SkipArtifactsDownload) { // If this is the first time the agent is executing a task, we need to create the artifactsFolder // otherwise Process.StartWithCreateProcess() will fail with the error "The directory name is invalid" // because the working folder doesn't exist CreateWorkingFolderIfRequired(executionContext, ArtifactsWorkingFolder); // log the message that the user chose to skip artifact download and move on executionContext.Output(StringUtil.Loc("RMUserChoseToSkipArtifactDownload")); Trace.Info("Skipping artifact download based on the setting specified."); } else { ReleaseArtifacts = GetReleaseArtifacts(executionContext); if (!ReleaseArtifacts.Any()) { CreateArtifactsFolder(executionContext, ArtifactsWorkingFolder); Trace.Info("No artifacts found to be downloaded by agent."); } } CheckForAvailableDiskSpace(executionContext); } private void CheckForAvailableDiskSpace(IExecutionContext executionContext) { try { var root = Path.GetPathRoot(ArtifactsWorkingFolder); foreach (var drive in DriveInfo.GetDrives()) { if (string.Equals(root, drive.Name, StringComparison.OrdinalIgnoreCase)) { var availableSpaceInMB = drive.AvailableFreeSpace / (1024 * 1024); if (availableSpaceInMB < 100) { executionContext.Warning(StringUtil.Loc("RMLowAvailableDiskSpace", root)); } break; } } } catch (Exception ex) { // ignore any exceptions during checking for free disk space Trace.Error("Failed to check for available disk space: " + ex); } } private void SetLocalVariables(IExecutionContext executionContext, string artifactsDirectoryPath) { Trace.Entering(); // Always set the AgentReleaseDirectory because this is set as the WorkingDirectory of the task. executionContext.SetVariable(Constants.Variables.Release.AgentReleaseDirectory, artifactsDirectoryPath); // Set the ArtifactsDirectory even when artifacts downloaded is skipped. Reason: The task might want to access the old artifact. executionContext.SetVariable(Constants.Variables.Release.ArtifactsDirectory, artifactsDirectoryPath); executionContext.SetVariable(Constants.Variables.System.DefaultWorkingDirectory, artifactsDirectoryPath); } private void LogEnvironmentVariables(IExecutionContext executionContext) { Trace.Entering(); string stringifiedEnvironmentVariables = AgentUtilities.GetPrintableEnvironmentVariables(executionContext.Variables.Public); // Use LogMessage to ensure that the logs reach the TWA UI, but don't spam the console cmd window executionContext.Output(StringUtil.Loc("RMEnvironmentVariablesAvailable", stringifiedEnvironmentVariables)); } private void CreateWorkingFolderIfRequired(IExecutionContext executionContext, string artifactsFolderPath) { Trace.Entering(); if (!Directory.Exists(artifactsFolderPath)) { executionContext.Output($"Creating artifacts folder: {artifactsFolderPath}"); Directory.CreateDirectory(artifactsFolderPath); } } private ArtifactDefinition ConvertToArtifactDefinition(AgentArtifactDefinition agentArtifactDefinition, IExecutionContext executionContext, IArtifactExtension extension) { Trace.Entering(); ArgUtil.NotNull(agentArtifactDefinition, nameof(agentArtifactDefinition)); ArgUtil.NotNull(executionContext, nameof(executionContext)); var artifactDefinition = new ArtifactDefinition { ArtifactType = agentArtifactDefinition.ArtifactType, Name = agentArtifactDefinition.Name, Version = agentArtifactDefinition.Version }; RetryExecutor retryExecutor = new RetryExecutor(); retryExecutor.ShouldRetryAction = (ex) => { bool retry = true; if (ex is InvalidOperationException) { retry = false; } else { Trace.Warning(ex.ToString()); } return retry; }; retryExecutor.Execute( () => { artifactDefinition.Details = extension.GetArtifactDetails(executionContext, agentArtifactDefinition); }); return artifactDefinition; } private void LogDownloadFailureTelemetry(IExecutionContext executionContext, Exception ex) { var code = (ex is ArtifactDownloadException || ex is ArtifactDirectoryCreationFailedException || ex is IOException || ex is UnauthorizedAccessException) ? DownloadArtifactsFailureUserError : DownloadArtifactsFailureSystemError; var issue = new Issue { Type = IssueType.Error, Message = StringUtil.Loc("DownloadArtifactsFailed", ex) }; issue.Data.Add("AgentVersion", BuildConstants.AgentPackage.Version); issue.Data.Add("code", code); issue.Data.Add("TaskId", DownloadArtifactsTaskId.ToString()); executionContext.AddIssue(issue); } private IList FilterArtifactDefintions(IList agentArtifactDefinitions) { var definitions = new List(); foreach (var agentArtifactDefinition in agentArtifactDefinitions) { if (agentArtifactDefinition.ArtifactType != AgentArtifactType.Custom) { definitions.Add(agentArtifactDefinition); } else { string artifactType = string.Empty; var artifactDetails = JsonConvert.DeserializeObject>(agentArtifactDefinition.Details); if (artifactDetails.TryGetValue("ArtifactType", out artifactType)) { if (artifactType == null || artifactType.Equals("Build", StringComparison.OrdinalIgnoreCase)) { definitions.Add(agentArtifactDefinition); } } else { definitions.Add(agentArtifactDefinition); } } } return definitions; } } } ================================================ FILE: src/Agent.Worker/Release/ReleaseServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Net.Sockets; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Clients; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Contracts; using Microsoft.VisualStudio.Services.WebApi; using RMContracts = Microsoft.VisualStudio.Services.ReleaseManagement.WebApi; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { [ServiceLocator(Default = typeof(ReleaseServer))] public interface IReleaseServer : IAgentService { Task ConnectAsync(VssConnection jobConnection); IEnumerable GetReleaseArtifactsFromService( int releaseId, Guid projectId, CancellationToken cancellationToken = default(CancellationToken)); Task UpdateReleaseName( string releaseId, Guid projectId, string releaseName, CancellationToken cancellationToken = default(CancellationToken)); } public class ReleaseServer : AgentService, IReleaseServer { private VssConnection _connection; private ReleaseHttpClient _releaseHttpClient; public async Task ConnectAsync(VssConnection jobConnection) { ArgUtil.NotNull(jobConnection, nameof(jobConnection)); _connection = jobConnection; int attemptCount = 5; while (!_connection.HasAuthenticated && attemptCount-- > 0) { try { await _connection.ConnectAsync(); break; } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, _connection.Uri.ToString(), (message) => Trace.Error(message)); } catch (Exception ex) when (attemptCount > 0) { Trace.Info($"Catch exception during connect. {attemptCount} attemp left."); Trace.Error(ex); } await Task.Delay(100); } _releaseHttpClient = _connection.GetClient(); } public IEnumerable GetReleaseArtifactsFromService( int releaseId, Guid projectId, CancellationToken cancellationToken = default(CancellationToken)) { var artifacts = _releaseHttpClient.GetAgentArtifactDefinitionsAsync(projectId, releaseId, cancellationToken: cancellationToken).Result; return artifacts; } public async Task UpdateReleaseName( string releaseId, Guid projectId, string releaseName, CancellationToken cancellationToken = default(CancellationToken)) { RMContracts.ReleaseUpdateMetadata updateMetadata = new RMContracts.ReleaseUpdateMetadata() { Name = releaseName, Comment = StringUtil.Loc("RMUpdateReleaseNameForReleaseComment", releaseName) }; return await _releaseHttpClient.UpdateReleaseResourceAsync(updateMetadata, projectId, int.Parse(releaseId), cancellationToken: cancellationToken); } } } ================================================ FILE: src/Agent.Worker/Release/ReleaseTrackingConfig.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Newtonsoft.Json; using System; using System.ComponentModel; using System.Globalization; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { public sealed class ReleaseTrackingConfig { [JsonProperty("releaseDirectory")] public string ReleaseDirectory { get; set; } public const string FileFormatVersionJsonProperty = "fileFormatVersion"; // The parameterless constructor is required for deserialization. public ReleaseTrackingConfig() { } [JsonProperty(FileFormatVersionJsonProperty)] public int FileFormatVersion { get { return 1; } set { } } [JsonIgnore] public DateTimeOffset? LastRunOn { get; set; } [JsonProperty("lastRunOn")] [EditorBrowsableAttribute(EditorBrowsableState.Never)] public string LastRunOnString { get { return string.Format(CultureInfo.InvariantCulture, "{0}", LastRunOn); } set { if (string.IsNullOrEmpty(value)) { LastRunOn = null; return; } LastRunOn = DateTimeOffset.Parse(value, CultureInfo.InvariantCulture); } } [JsonIgnore] public DateTimeOffset? LastMaintenanceAttemptedOn { get; set; } [JsonProperty("lastMaintenanceAttemptedOn")] [EditorBrowsableAttribute(EditorBrowsableState.Never)] public string LastMaintenanceAttemptedOnString { get { return string.Format(CultureInfo.InvariantCulture, "{0}", LastMaintenanceAttemptedOn); } set { if (string.IsNullOrEmpty(value)) { LastMaintenanceAttemptedOn = null; return; } LastMaintenanceAttemptedOn = DateTimeOffset.Parse(value, CultureInfo.InvariantCulture); } } [JsonIgnore] public DateTimeOffset? LastMaintenanceCompletedOn { get; set; } [JsonProperty("lastMaintenanceCompletedOn")] [EditorBrowsableAttribute(EditorBrowsableState.Never)] public string LastMaintenanceCompletedOnString { get { return string.Format(CultureInfo.InvariantCulture, "{0}", LastMaintenanceCompletedOn); } set { if (string.IsNullOrEmpty(value)) { LastMaintenanceCompletedOn = null; return; } LastMaintenanceCompletedOn = DateTimeOffset.Parse(value, CultureInfo.InvariantCulture); } } public void UpdateJobRunProperties() { LastRunOn = DateTimeOffset.Now; } } } ================================================ FILE: src/Agent.Worker/Release/ReleaseTrackingManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using Newtonsoft.Json; using System; using System.IO; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Globalization; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { [ServiceLocator(Default = typeof(ReleaseTrackingManager))] public interface IReleaseTrackingManager : IAgentService { ReleaseTrackingConfig LoadIfExists(IExecutionContext executionContext, string file); void MarkExpiredForGarbageCollection(IExecutionContext executionContext, TimeSpan expiration); void DisposeCollectedGarbage(IExecutionContext executionContext); } public sealed class ReleaseTrackingManager : AgentService, IReleaseTrackingManager { public ReleaseTrackingConfig LoadIfExists(IExecutionContext executionContext, string file) { Trace.Entering(); // The tracking config will not exist for a new definition. if (!File.Exists(file)) { return null; } string content = File.ReadAllText(file); return JsonConvert.DeserializeObject(content); } private void MarkForGarbageCollection(IExecutionContext executionContext, ReleaseTrackingConfig config) { Trace.Entering(); // Write a copy of the tracking config to the GC folder. string gcDirectory = Path.Combine( HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Release.Path.RootMappingDirectory, Constants.Release.Path.GarbageCollectionDirectory); string file = Path.Combine( gcDirectory, StringUtil.Format("{0}.json", Guid.NewGuid())); WriteToFile(file, config); } public void MarkExpiredForGarbageCollection(IExecutionContext executionContext, TimeSpan expiration) { Trace.Entering(); Trace.Info("Scan all SourceFolder tracking files."); string searchRoot = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Release.Path.RootMappingDirectory); if (!Directory.Exists(searchRoot)) { executionContext.Output(StringUtil.Loc("GCDirNotExist", searchRoot)); return; } var allTrackingFiles = Directory.EnumerateFiles(searchRoot, Constants.Release.Path.TrackingConfigFile, SearchOption.AllDirectories); Trace.Verbose($"Find {allTrackingFiles.Count()} tracking files."); executionContext.Output(StringUtil.Loc("DirExpireLimit", expiration.TotalDays)); executionContext.Output(StringUtil.Loc("CurrentUTC", DateTime.UtcNow.ToString("o"))); // scan all sourcefolder tracking file, find which folder has never been used since UTC-expiration // the scan and garbage discovery should be best effort. // if the tracking file is in old format, just delete the folder since the first time the folder been use we will convert the tracking file to new format. foreach (var trackingFile in allTrackingFiles) { try { executionContext.Output(StringUtil.Loc("EvaluateReleaseTrackingFile", trackingFile)); ReleaseTrackingConfig tracking = LoadIfExists(executionContext, trackingFile); if (tracking.LastRunOn == null) { Trace.Verbose($"{trackingFile} is a old format tracking file."); executionContext.Output(StringUtil.Loc("GCOldFormatTrackingFile", trackingFile)); MarkForGarbageCollection(executionContext, tracking); IOUtil.DeleteFile(trackingFile); } else { Trace.Verbose($"{trackingFile} is a new format tracking file."); ArgUtil.NotNull(tracking.LastRunOn, nameof(tracking.LastRunOn)); executionContext.Output(StringUtil.Loc("ReleaseDirLastUseTime", Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), tracking.ReleaseDirectory), tracking.LastRunOn?.ToString("u"))); if (DateTime.UtcNow - expiration > tracking.LastRunOn) { executionContext.Output(StringUtil.Loc("GCUnusedTrackingFile", trackingFile, expiration.TotalDays)); MarkForGarbageCollection(executionContext, tracking); IOUtil.DeleteFile(trackingFile); } } } catch (Exception ex) { executionContext.Error(StringUtil.Loc("ErrorDuringReleaseGC", trackingFile)); executionContext.Error(ex); } } } public void DisposeCollectedGarbage(IExecutionContext executionContext) { ArgUtil.NotNull(executionContext, nameof(executionContext)); Trace.Entering(); PrintOutDiskUsage(executionContext); string gcDirectory = Path.Combine( HostContext.GetDirectory(WellKnownDirectory.Work), Constants.Release.Path.RootMappingDirectory, Constants.Release.Path.GarbageCollectionDirectory); if (!Directory.Exists(gcDirectory)) { executionContext.Output(StringUtil.Loc("GCReleaseDirNotExist", gcDirectory)); return; } IEnumerable gcTrackingFiles = Directory.EnumerateFiles(gcDirectory, "*.json"); if (gcTrackingFiles == null || !gcTrackingFiles.Any()) { executionContext.Output(StringUtil.Loc("GCReleaseDirIsEmpty", gcDirectory)); return; } Trace.Info($"Find {gcTrackingFiles.Count()} GC tracking files."); if (gcTrackingFiles.Any()) { foreach (string gcFile in gcTrackingFiles) { // maintenance has been cancelled. executionContext.CancellationToken.ThrowIfCancellationRequested(); try { var gcConfig = LoadIfExists(executionContext, gcFile) as ReleaseTrackingConfig; ArgUtil.NotNull(gcConfig, nameof(ReleaseTrackingConfig)); string fullPath = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Work), gcConfig.ReleaseDirectory); executionContext.Output(StringUtil.Loc("Deleting", fullPath)); IOUtil.DeleteDirectory(fullPath, executionContext.CancellationToken); executionContext.Output(StringUtil.Loc("DeleteGCTrackingFile", fullPath)); IOUtil.DeleteFile(gcFile); } catch (Exception ex) { executionContext.Error(StringUtil.Loc("ErrorDuringReleaseGCDelete", gcFile)); executionContext.Error(ex); } } PrintOutDiskUsage(executionContext); } } private void PrintOutDiskUsage(IExecutionContext context) { // Print disk usage should be best effort, since DriveInfo can't detect usage of UNC share. try { context.Output($"Disk usage for working directory: {HostContext.GetDirectory(WellKnownDirectory.Work)}"); var workDirectoryDrive = new DriveInfo(HostContext.GetDirectory(WellKnownDirectory.Work)); long freeSpace = workDirectoryDrive.AvailableFreeSpace; long totalSpace = workDirectoryDrive.TotalSize; if (PlatformUtil.RunningOnWindows) { context.Output($"Working directory belongs to drive: '{workDirectoryDrive.Name}'"); } else { context.Output($"Information about file system on which working directory resides."); } context.Output($"Total size: '{totalSpace / 1024.0 / 1024.0} MB'"); context.Output($"Available space: '{freeSpace / 1024.0 / 1024.0} MB'"); } catch (Exception ex) { context.Warning($"Unable inspect disk usage for working directory {HostContext.GetDirectory(WellKnownDirectory.Work)}."); Trace.Error(ex); context.Debug(ex.ToString()); } } private void WriteToFile(string file, object value) { Trace.Entering(); Trace.Verbose($"Writing config to file: {file}"); // Create the directory if it does not exist. Directory.CreateDirectory(Path.GetDirectoryName(file)); IOUtil.SaveObject(value, file); } } } ================================================ FILE: src/Agent.Worker/Release/RetryExecutor.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { public class RetryExecutor { private const int DefaultMaximumRetryCount = 5; private const int DefaultMillisecondsToSleepBetweenRetries = 1000; public int MaximumRetryCount { get; set; } public int MillisecondsToSleepBetweenRetries { get; set; } public Func ShouldRetryAction { get; set; } protected Action SleepAction { get; set; } public RetryExecutor() { MaximumRetryCount = DefaultMaximumRetryCount; MillisecondsToSleepBetweenRetries = DefaultMillisecondsToSleepBetweenRetries; ShouldRetryAction = ex => true; SleepAction = i => Task.Delay(i); } public void Execute(Action action) { ArgUtil.NotNull(action, nameof(action)); for (var retryCount = 0; retryCount < MaximumRetryCount; retryCount++) { try { action(); break; } catch (Exception ex) { if (retryCount == MaximumRetryCount - 1 || !ShouldRetryAction(ex)) { throw; } SleepAction(MillisecondsToSleepBetweenRetries); } } } public async Task ExecuteAsync(Func action) { ArgUtil.NotNull(action, nameof(action)); for (var retryCount = 0; retryCount < MaximumRetryCount; retryCount++) { try { await action(); break; } catch (Exception ex) { if (retryCount == MaximumRetryCount - 1 || !ShouldRetryAction(ex)) { throw; } SleepAction(MillisecondsToSleepBetweenRetries); } } } public async Task ExecuteAsync(Func> action, T parameter) { ArgUtil.NotNull(action, nameof(action)); var result = default(TResult); await ExecuteAsync(async () => result = await action(parameter)); return result; } } } ================================================ FILE: src/Agent.Worker/Release/ZipStreamDownloader.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.IO.Compression; using System.Linq; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Release { [ServiceLocator(Default = typeof(ZipStreamDownloader))] public interface IZipStreamDownloader : IAgentService { Task DownloadFromStream( IExecutionContext executionContext, Stream zipStream, string folderWithinStream, string relativePathWithinStream, string localFolderPath); } // TODO: Add tests for this public class ZipStreamDownloader : AgentService, IZipStreamDownloader { private const char ForwardSlash = '/'; private const char Backslash = '\\'; public Task DownloadFromStream(IExecutionContext executionContext, Stream zipStream, string folderWithinStream, string relativePathWithinStream, string localFolderPath) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNullOrEmpty(localFolderPath, nameof(localFolderPath)); ArgUtil.NotNull(folderWithinStream, nameof(folderWithinStream)); return DownloadStreams(executionContext, zipStream, localFolderPath, folderWithinStream, relativePathWithinStream); } private async Task DownloadStreams(IExecutionContext executionContext, Stream zipStream, string localFolderPath, string folderWithinStream, string relativePathWithinStream) { Trace.Entering(); int streamsDownloaded = 0; var fileSystemManager = HostContext.CreateService(); foreach (ZipEntryStream stream in GetZipEntryStreams(zipStream)) { try { // Remove leading '/'s if any var path = stream.FullName.TrimStart(ForwardSlash); Trace.Verbose($"Downloading {path}, localFolderPath {localFolderPath}, folderWithinStream {folderWithinStream}, relativePathWithinStream {relativePathWithinStream}"); if (!string.IsNullOrWhiteSpace(folderWithinStream)) { var normalizedFolderWithInStream = folderWithinStream.TrimStart(ForwardSlash).TrimEnd(ForwardSlash) + ForwardSlash; // If this zip entry does not start with the expected folderName, skip it. if (!path.StartsWith(normalizedFolderWithInStream, StringComparison.OrdinalIgnoreCase)) { continue; } path = path.Substring(normalizedFolderWithInStream.Length); } if (!string.IsNullOrWhiteSpace(relativePathWithinStream) && !relativePathWithinStream.Equals(ForwardSlash.ToString()) && !relativePathWithinStream.Equals(Backslash.ToString())) { var normalizedRelativePath = relativePathWithinStream.Replace(Backslash, ForwardSlash).TrimStart(ForwardSlash).TrimEnd(ForwardSlash) + ForwardSlash; // Remove Blob Prefix path like "FabrikamFiber.DAL/bin/debug/" from the beginning of artifact full path if (!path.StartsWith(normalizedRelativePath, StringComparison.OrdinalIgnoreCase)) { continue; } path = path.Substring(normalizedRelativePath.Length); } int bufferSize = executionContext.Variables.Release_Download_BufferSize ?? DefaultBufferSize; string destFileName = Path.GetFullPath(Path.Combine(localFolderPath, path)); string destDirPath = Path.GetFullPath(localFolderPath + Path.DirectorySeparatorChar); if (!destFileName.StartsWith(destDirPath)) { throw new InvalidOperationException(StringUtil.Loc("ZipSlipFailure", destFileName)); } Trace.Info($"Writing file to {destFileName}"); await fileSystemManager.WriteStreamToFile(stream.ZipStream, destFileName, bufferSize, executionContext.CancellationToken); streamsDownloaded++; } finally { stream.ZipStream.Dispose(); } } if (streamsDownloaded == 0) { executionContext.Warning(StringUtil.Loc("RMArtifactEmpty")); } return streamsDownloaded; } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "ZipStream")] private static IEnumerable GetZipEntryStreams(Stream zipStream) { return new ZipArchive(zipStream).Entries .Where(entry => !entry.FullName.EndsWith("/", StringComparison.OrdinalIgnoreCase)) .Select(entry => new ZipEntryStream { FullName = entry.FullName, ZipStream = entry.Open() }); } private const int DefaultBufferSize = 8192; } internal class ZipEntryStream { public string FullName { get; set; } public Stream ZipStream { get; set; } } } ================================================ FILE: src/Agent.Worker/ResourceMetricsManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.ComponentModel; using System.IO; using System.Linq; using System.Management; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(ResourceMetricsManager))] public interface IResourceMetricsManager : IAgentService { Task RunDebugResourceMonitorAsync(); Task RunMemoryUtilizationMonitorAsync(); Task RunDiskSpaceUtilizationMonitorAsync(); Task RunCpuUtilizationMonitorAsync(string taskId); void SetContext(IExecutionContext context); } public sealed class ResourceMetricsManager : AgentService, IResourceMetricsManager { #region MonitorProperties private IExecutionContext _context; private const int METRICS_UPDATE_INTERVAL = 5000; private const int ACTIVE_MODE_INTERVAL = 5000; private const int WARNING_MESSAGE_INTERVAL = 5000; private const int AVAILABLE_DISK_SPACE_PERCENTAGE_THRESHOLD = 5; private const int AVAILABLE_MEMORY_PERCENTAGE_THRESHOLD = 5; private const int CPU_UTILIZATION_PERCENTAGE_THRESHOLD = 95; private static CpuInfo _cpuInfo; private static DiskInfo _diskInfo; private static MemoryInfo _memoryInfo; private static readonly object _cpuInfoLock = new object(); private static readonly object _diskInfoLock = new object(); private static readonly object _memoryInfoLock = new object(); #endregion #region MetricStructs private struct CpuInfo { public bool IsProcRunning; public DateTime Updated; public double Usage; } private struct DiskInfo { public bool IsProcRunning; public DateTime Updated; public double TotalDiskSpaceMB; public double FreeDiskSpaceMB; public string VolumeRoot; } public struct MemoryInfo { public bool IsProcRunning; public DateTime Updated; public long TotalMemoryMB; public long UsedMemoryMB; } #endregion #region InitMethods public void SetContext(IExecutionContext context) { ArgUtil.NotNull(context, nameof(context)); _context = context; } #endregion #region MiscMethods private void PublishTelemetry(string message, string taskId) { try { Dictionary telemetryData = new Dictionary { { "TaskId", taskId }, { "JobId", _context.Variables.System_JobId.ToString() }, { "PlanId", _context.Variables.Get(Constants.Variables.System.PlanId) }, { "Warning", message } }; var cmd = new Command("telemetry", "publish") { Data = JsonConvert.SerializeObject(telemetryData, Formatting.None) }; cmd.Properties.Add("area", "AzurePipelinesAgent"); cmd.Properties.Add("feature", "ResourceUtilization"); var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(HostContext); publishTelemetryCmd.ProcessCommand(_context, cmd); } catch (Exception ex) { Trace.Warning($"Unable to publish resource utilization telemetry data. Exception: {ex.Message}"); Trace.Warning(ex.ToString()); } } #endregion #region MetricMethods private async Task GetCpuInfoAsync(CancellationToken cancellationToken) { if (_cpuInfo.Updated >= DateTime.Now - TimeSpan.FromMilliseconds(METRICS_UPDATE_INTERVAL)) { return; } lock (_cpuInfoLock) { if (_cpuInfo.IsProcRunning) { return; } _cpuInfo.IsProcRunning = true; } try { if (PlatformUtil.RunningOnWindows) { await Task.Run(() => { using var query = new ManagementObjectSearcher("SELECT PercentIdleTime FROM Win32_PerfFormattedData_PerfOS_Processor WHERE Name=\"_Total\""); ManagementObject cpuInfo = query.Get().OfType().FirstOrDefault() ?? throw new Exception("Failed to execute WMI query"); var cpuInfoIdle = Convert.ToDouble(cpuInfo["PercentIdleTime"]); lock (_cpuInfoLock) { _cpuInfo.Updated = DateTime.Now; _cpuInfo.Usage = 100 - cpuInfoIdle; } }, cancellationToken); } if (PlatformUtil.RunningOnLinux) { List samples = new(); int samplesCount = 10; // /proc/stat updates linearly in real time and shows CPU time counters during the whole system uptime // so we need to collect multiple samples to calculate CPU usage for (int i = 0; i < samplesCount + 1; i++) { string[] strings = await File.ReadAllLinesAsync("/proc/stat", cancellationToken); if (cancellationToken.IsCancellationRequested) { return; } samples.Add(strings[0] .Split(' ', StringSplitOptions.RemoveEmptyEntries) .Skip(1) .Select(float.Parse) .ToArray()); await Task.Delay(100, cancellationToken); } // The CPU time counters in the /proc/stat are: // user, nice, system, idle, iowait, irq, softirq, steal, guest, guest_nice // // We need to get deltas for idle and total CPU time using the gathered samples // and calculate the average to provide the CPU utilization in the moment double cpuUsage = 0.0; for (int i = 1; i < samplesCount + 1; i++) { double idle = samples[i][3] - samples[i - 1][3]; double total = samples[i].Sum() - samples[i - 1].Sum(); cpuUsage += 1.0 - (idle / total); } lock (_cpuInfoLock) { _cpuInfo.Updated = DateTime.Now; _cpuInfo.Usage = (cpuUsage / samplesCount) * 100; } } if (PlatformUtil.RunningOnMacOS) { using var processInvoker = HostContext.CreateService(); List outputs = new List(); processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { outputs.Add(message.Data); }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { Trace.Error($"Error on receiving CPU info: {message.Data}"); }; var filePath = "/bin/bash"; var arguments = "-c \"top -l 2 -o cpu | grep ^CPU\""; await processInvoker.ExecuteAsync( workingDirectory: string.Empty, fileName: filePath, arguments: arguments, environment: null, requireExitCodeZero: true, outputEncoding: null, killProcessOnCancel: true, cancellationToken: cancellationToken); // Use second sample for more accurate calculation var cpuInfoIdle = double.Parse(outputs[1].Split(' ', (char)StringSplitOptions.RemoveEmptyEntries)[6].Trim('%')); lock (_cpuInfoLock) { _cpuInfo.Updated = DateTime.Now; _cpuInfo.Usage = 100 - cpuInfoIdle; } } } finally { lock (_cpuInfoLock) { _cpuInfo.IsProcRunning = false; } } } private void GetDiskInfo() { if (_diskInfo.Updated >= DateTime.Now - TimeSpan.FromMilliseconds(METRICS_UPDATE_INTERVAL)) { return; } lock (_diskInfoLock) { if (_diskInfo.IsProcRunning) { return; } _diskInfo.IsProcRunning = true; } try { string root = Path.GetPathRoot(_context.GetVariableValueOrDefault(Constants.Variables.Agent.WorkFolder)); var driveInfo = new DriveInfo(root); lock (_diskInfoLock) { _diskInfo.Updated = DateTime.Now; _diskInfo.TotalDiskSpaceMB = (double)driveInfo.TotalSize / 1048576; _diskInfo.FreeDiskSpaceMB = (double)driveInfo.AvailableFreeSpace / 1048576; _diskInfo.VolumeRoot = root; } } finally { lock (_diskInfoLock) { _diskInfo.IsProcRunning = false; } } } private async Task GetMemoryInfoAsync(CancellationToken cancellationToken) { if (_memoryInfo.Updated >= DateTime.Now - TimeSpan.FromMilliseconds(METRICS_UPDATE_INTERVAL)) { return; } lock (_memoryInfoLock) { if (_memoryInfo.IsProcRunning) { return; } _memoryInfo.IsProcRunning = true; } try { if (PlatformUtil.RunningOnWindows) { await Task.Run(() => { using var query = new ManagementObjectSearcher("SELECT FreePhysicalMemory, TotalVisibleMemorySize FROM CIM_OperatingSystem"); ManagementObject memoryInfo = query.Get().OfType().FirstOrDefault() ?? throw new Exception("Failed to execute WMI query"); var freeMemory = Convert.ToInt64(memoryInfo["FreePhysicalMemory"]); var totalMemory = Convert.ToInt64(memoryInfo["TotalVisibleMemorySize"]); lock (_memoryInfoLock) { _memoryInfo.Updated = DateTime.Now; _memoryInfo.TotalMemoryMB = totalMemory / 1024; _memoryInfo.UsedMemoryMB = (totalMemory - freeMemory) / 1024; } }, cancellationToken); } if (PlatformUtil.RunningOnLinux) { string[] memoryInfo = await File.ReadAllLinesAsync("/proc/meminfo", cancellationToken); if (cancellationToken.IsCancellationRequested) { return; } // The /proc/meminfo file contains several memory counters. To calculate the available memory // we need to get the total memory and the available memory counters // The available memory contains the sum of free, cached, and buffer memory // it shows more accurate information about the memory usage than the free memory counter int totalMemory = int.Parse(memoryInfo[0].Split(" ", StringSplitOptions.RemoveEmptyEntries)[1]); int availableMemory = int.Parse(memoryInfo[2].Split(" ", StringSplitOptions.RemoveEmptyEntries)[1]); lock (_memoryInfoLock) { _memoryInfo.Updated = DateTime.Now; _memoryInfo.TotalMemoryMB = totalMemory / 1024; _memoryInfo.UsedMemoryMB = (totalMemory - availableMemory) / 1024; } } if (PlatformUtil.RunningOnMacOS) { // vm_stat allows to get the most detailed information about memory usage on MacOS // but unfortunately it returns values in pages and has no built-in arguments for custom output // so we need to parse and cast the output manually using var processInvoker = HostContext.CreateService(); List outputs = new List(); processInvoker.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { outputs.Add(message.Data); }; processInvoker.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs message) { Trace.Error($"Error on receiving memory info: {message.Data}"); }; var filePath = "vm_stat"; await processInvoker.ExecuteAsync( workingDirectory: string.Empty, fileName: filePath, arguments: string.Empty, environment: null, requireExitCodeZero: true, outputEncoding: null, killProcessOnCancel: true, cancellationToken: cancellationToken); var pageSize = int.Parse(outputs[0].Split(" ", StringSplitOptions.RemoveEmptyEntries)[7]); var pagesFree = long.Parse(outputs[1].Split(" ", StringSplitOptions.RemoveEmptyEntries)[2].Trim('.')); var pagesActive = long.Parse(outputs[2].Split(" ", StringSplitOptions.RemoveEmptyEntries)[2].Trim('.')); var pagesInactive = long.Parse(outputs[3].Split(" ", StringSplitOptions.RemoveEmptyEntries)[2].Trim('.')); var pagesSpeculative = long.Parse(outputs[4].Split(" ", StringSplitOptions.RemoveEmptyEntries)[2].Trim('.')); var pagesWiredDown = long.Parse(outputs[6].Split(" ", StringSplitOptions.RemoveEmptyEntries)[3].Trim('.')); var pagesOccupied = long.Parse(outputs[16].Split(" ", StringSplitOptions.RemoveEmptyEntries)[4].Trim('.')); var freeMemory = (pagesFree + pagesInactive) * pageSize; var usedMemory = (pagesActive + pagesSpeculative + pagesWiredDown + pagesOccupied) * pageSize; lock (_memoryInfoLock) { _memoryInfo.Updated = DateTime.Now; _memoryInfo.TotalMemoryMB = (freeMemory + usedMemory) / 1048576; _memoryInfo.UsedMemoryMB = usedMemory / 1048576; } } } finally { lock (_memoryInfoLock) { _memoryInfo.IsProcRunning = false; } } } #endregion #region StringMethods private async Task GetCpuInfoStringAsync(CancellationToken cancellationToken) { try { await GetCpuInfoAsync(cancellationToken); return StringUtil.Loc("ResourceMonitorCPUInfo", $"{_cpuInfo.Usage:0.00}"); } catch (Exception ex) { return StringUtil.Loc("ResourceMonitorCPUInfoError", ex.Message); } } private string GetDiskInfoString() { try { GetDiskInfo(); return StringUtil.Loc("ResourceMonitorDiskInfo", _diskInfo.VolumeRoot, $"{_diskInfo.FreeDiskSpaceMB:0.00}", $"{_diskInfo.TotalDiskSpaceMB:0.00}"); } catch (Exception ex) { return StringUtil.Loc("ResourceMonitorDiskInfoError", ex.Message); } } private async Task GetMemoryInfoStringAsync(CancellationToken cancellationToken) { try { await GetMemoryInfoAsync(cancellationToken); return StringUtil.Loc("ResourceMonitorMemoryInfo", $"{_memoryInfo.UsedMemoryMB:0.00}", $"{_memoryInfo.TotalMemoryMB:0.00}"); } catch (Exception ex) { return StringUtil.Loc("ResourceMonitorMemoryInfoError", ex.Message); } } #endregion #region MonitorLoops public async Task RunDebugResourceMonitorAsync() { while (!_context.CancellationToken.IsCancellationRequested) { using var timeoutTokenSource = new CancellationTokenSource(); timeoutTokenSource.CancelAfter(TimeSpan.FromMilliseconds(METRICS_UPDATE_INTERVAL)); using var linkedTokenSource = CancellationTokenSource.CreateLinkedTokenSource( _context.CancellationToken, timeoutTokenSource.Token); _context.Debug(StringUtil.Loc("ResourceMonitorAgentEnvironmentResource", GetDiskInfoString(), await GetMemoryInfoStringAsync(linkedTokenSource.Token), await GetCpuInfoStringAsync(linkedTokenSource.Token))); await Task.Delay(ACTIVE_MODE_INTERVAL, _context.CancellationToken); } } public async Task RunDiskSpaceUtilizationMonitorAsync() { while (!_context.CancellationToken.IsCancellationRequested) { try { GetDiskInfo(); var freeDiskSpacePercentage = Math.Round(((_diskInfo.FreeDiskSpaceMB / (double)_diskInfo.TotalDiskSpaceMB) * 100.0), 2); var usedDiskSpacePercentage = 100.0 - freeDiskSpacePercentage; if (freeDiskSpacePercentage <= AVAILABLE_DISK_SPACE_PERCENTAGE_THRESHOLD) { _context.Warning(StringUtil.Loc("ResourceMonitorFreeDiskSpaceIsLowerThanThreshold", _diskInfo.VolumeRoot, AVAILABLE_DISK_SPACE_PERCENTAGE_THRESHOLD, $"{usedDiskSpacePercentage:0.00}")); break; } } catch (Exception ex) { Trace.Warning($"Unable to get disk info. Exception: {ex.Message}"); Trace.Warning(ex.ToString()); break; } await Task.Delay(WARNING_MESSAGE_INTERVAL, _context.CancellationToken); } } public async Task RunMemoryUtilizationMonitorAsync() { while (!_context.CancellationToken.IsCancellationRequested) { using var timeoutTokenSource = new CancellationTokenSource(); timeoutTokenSource.CancelAfter(TimeSpan.FromMilliseconds(METRICS_UPDATE_INTERVAL)); using var linkedTokenSource = CancellationTokenSource.CreateLinkedTokenSource( _context.CancellationToken, timeoutTokenSource.Token); try { await GetMemoryInfoAsync(linkedTokenSource.Token); var usedMemoryPercentage = Math.Round(((_memoryInfo.UsedMemoryMB / (double)_memoryInfo.TotalMemoryMB) * 100.0), 2); if (100.0 - usedMemoryPercentage <= AVAILABLE_MEMORY_PERCENTAGE_THRESHOLD) { _context.Warning(StringUtil.Loc("ResourceMonitorMemorySpaceIsLowerThanThreshold", AVAILABLE_MEMORY_PERCENTAGE_THRESHOLD, $"{usedMemoryPercentage:0.00}")); break; } } catch (Exception ex) { Trace.Warning($"Unable to get memory info. Exception: {ex.Message}"); Trace.Warning(ex.ToString()); break; } await Task.Delay(WARNING_MESSAGE_INTERVAL, _context.CancellationToken); } } public async Task RunCpuUtilizationMonitorAsync(string taskId) { while (!_context.CancellationToken.IsCancellationRequested) { using var timeoutTokenSource = new CancellationTokenSource(); timeoutTokenSource.CancelAfter(TimeSpan.FromMilliseconds(METRICS_UPDATE_INTERVAL)); using var linkedTokenSource = CancellationTokenSource.CreateLinkedTokenSource( _context.CancellationToken, timeoutTokenSource.Token); try { await GetCpuInfoAsync(linkedTokenSource.Token); if (_cpuInfo.Usage >= CPU_UTILIZATION_PERCENTAGE_THRESHOLD) { string message = $"CPU utilization is higher than {CPU_UTILIZATION_PERCENTAGE_THRESHOLD}%; currently used: {_cpuInfo.Usage:0.00}%"; PublishTelemetry(message, taskId); break; } } catch (Exception ex) { Trace.Warning($"Unable to get CPU info. Exception: {ex.Message}"); Trace.Warning(ex.ToString()); break; } await Task.Delay(WARNING_MESSAGE_INTERVAL, _context.CancellationToken); } } #endregion } } ================================================ FILE: src/Agent.Worker/RetryHelper.cs ================================================ using System; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Worker { internal class RetryHelper { /// /// Returns exponential delay - depending on number of retry /// Considers that retryNumber starts from 0 /// Initial delay - 1 second /// /// public static int ExponentialDelay(int retryNumber) { return (int)(Math.Pow(retryNumber + 1, 2) * 1000); } public RetryHelper(IExecutionContext executionContext, int maxRetries = 3) { Debug = (str) => executionContext.Debug(str); Warning = (str) => executionContext.Warning(str); MaxRetries = maxRetries; ExecutionContext = executionContext; } public RetryHelper(IAsyncCommandContext commandContext, int maxRetries = 3) { Debug = (str) => commandContext.Debug(str); Warning = (str) => commandContext.Output(str); MaxRetries = maxRetries; } public async Task Retry(Func> action, Func timeDelayInterval, Func shouldRetryOnException) { int retryCounter = 0; do { using (new SimpleTimer($"RetryHelper Method:{action.Method} ", Debug)) { try { Debug($"Invoking Method: {action.Method}. Attempt count: {retryCounter}"); return await action(); } catch (Exception ex) { if (!shouldRetryOnException(ex) || ExhaustedRetryCount(retryCounter)) { throw; } Warning($"Intermittent failure attempting to call the restapis {action.Method}. Retry attempt {retryCounter}. Exception: {ex.Message} "); var delay = timeDelayInterval(retryCounter); await Task.Delay(delay); } retryCounter++; } } while (true); } /// /// Runs action with maxRetries number of retries /// /// Action to execute with retries /// Function to calculate delay between retries depending on retry number. Should take retry number as argument and consider that it starts from 0. /// public async Task RetryStep(Func action, Func timeDelayInterval) { int retryCounter = 0; do { using (new SimpleTimer($"RetryHelper Method:{action.Method} ", Debug)) { var delayInterval = timeDelayInterval(retryCounter); try { if (retryCounter > 0) { //ReInitialize _forceCompleted and _forceCompleteCancellationTokenSource ExecutionContext.ReInitializeForceCompleted(); } Debug($"Invoking Method: {action.Method}. Attempt count: {retryCounter}"); await action(); if (ExecutionContext.Result != TaskResult.Failed || ExhaustedRetryCount(retryCounter)) { return; } else { string exceptionMessage = $"Task result {ExecutionContext.Result}"; ExecutionContext.Result = null; Warning($"RetryHelper encountered task failure, will retry (attempt #: {retryCounter + 1} out of {this.MaxRetries}) after {delayInterval} ms"); } } catch (Exception ex) { if (!ShouldRetryStepOnException(ex) || ExhaustedRetryCount(retryCounter)) { throw; } Warning($"RetryHelper encountered exception, will retry (attempt #: {retryCounter + 1} {ex.Message}) afer {delayInterval} ms"); } //Cancel force task completion before the next attempt ExecutionContext.CancelForceTaskCompletion(); await Task.Delay(timeDelayInterval(retryCounter), ExecutionContext.CancellationToken); retryCounter++; } } while (true); } private bool ExhaustedRetryCount(int retryCount) { if (retryCount >= MaxRetries) { Debug($"Failure attempting to call the restapi and retry counter is exhausted"); return true; } return false; } private bool ShouldRetryStepOnException(Exception exception) { return !(exception is TimeoutException) && !(exception is OperationCanceledException); } private readonly int MaxRetries; private readonly Action Debug; private readonly Action Warning; private readonly IExecutionContext ExecutionContext; } } ================================================ FILE: src/Agent.Worker/SignatureService.cs ================================================ using System; using System.IO; using System.Threading.Tasks; using System.Threading; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(SignatureService))] public interface ISignatureService : IAgentService { Task VerifyAsync(Definition definition, CancellationToken token); } public class SignatureService : AgentService, ISignatureService { public async Task VerifyAsync(Definition definition, CancellationToken token) { ArgUtil.NotNull(definition, nameof(definition)); // This is used for the Checkout task. // We can consider it verified since it's embedded in the Agent code. if (String.IsNullOrEmpty(definition.ZipPath)) { return true; } // Find NuGet String nugetPath = WhichUtil.Which("nuget", require: true); var configurationStore = HostContext.GetService(); AgentSettings settings = configurationStore.GetSettings(); SignatureVerificationSettings verificationSettings = settings.SignatureVerification; String taskZipPath = definition.ZipPath; String taskNugetPath = definition.ZipPath.Replace(".zip", ".nupkg"); // Rename .zip to .nupkg File.Move(taskZipPath, taskNugetPath); String arguments = $"verify -Signatures \"{taskNugetPath}\" -Verbosity Detailed"; if (verificationSettings?.Fingerprints != null && verificationSettings.Fingerprints.Count > 0) { String fingerprint = String.Join(";", verificationSettings.Fingerprints); arguments += $" -CertificateFingerprint \"{fingerprint}\""; } Trace.Info($"nuget arguments: {arguments}"); // Run nuget verify using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { if (!string.IsNullOrEmpty(args.Data)) { Trace.Info(args.Data); } }; int exitCode = await processInvoker.ExecuteAsync(workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Root), fileName: nugetPath, arguments: arguments, environment: null, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, cancellationToken: token); // Rename back to zip File.Move(taskNugetPath, taskZipPath); if (exitCode != 0) { return false; } } return true; } } } ================================================ FILE: src/Agent.Worker/SimpleTimer.cs ================================================ // Copyright (c) Microsoft Corporation. All rights reserved. using System; using System.Diagnostics; using System.Globalization; namespace Microsoft.VisualStudio.Services.Agent.Worker { /// /// This is a utitily class used for recording timing /// information in the verbose trace. Its usage is /// using (SimpleTimer timer = new SimpleTimer("MyOperation")) /// { /// MyOperation... /// } /// A message is recorded in the verbose trace with the time taken /// for myoperation. /// internal class SimpleTimer : IDisposable { #region Public Methods /// /// Constructor that takes the name of the timer to be /// printed in the trace. /// public SimpleTimer(string timerName, Action debug) : this(timerName, debug, 0) { } /// /// Creates a timer with threshold. A perf message is logged only if /// the time elapsed is more than the threshold. /// public SimpleTimer(string timerName, Action debug, long thresholdInMilliseconds = Int32.MaxValue) { _name = timerName; _debug = debug; _threshold = thresholdInMilliseconds; _timer = Stopwatch.StartNew(); } /// /// Implement IDisposable /// public void Dispose() { Dispose(true); } #endregion #region Private Methods /// /// Stop the watch and log the trace message with the elapsed time. /// private void StopAndLog() { _timer.Stop(); _debug(string.Format(CultureInfo.InvariantCulture, "PERF: {0}: took {1} ms", _name, _timer.Elapsed.TotalMilliseconds)); // TODO : Currently Telemetry is not support in PublishTestResults Library. Uncomment following line of code when we start supporting Telemetry. //TelemetryLogger.AddProperties(_name + ":PerfCounter", _timer.Elapsed.TotalMilliseconds); if (_timer.Elapsed.TotalMilliseconds >= _threshold) { _debug(string.Format(CultureInfo.InvariantCulture, "PERF WARNING: {0}: took {1} ms", _name, _timer.Elapsed.TotalMilliseconds)); } } private void Dispose(bool disposing) { if (_disposed) { return; } if (disposing) { StopAndLog(); GC.SuppressFinalize(this); } _disposed = true; } #endregion #region Private Members private readonly Stopwatch _timer; private readonly string _name; private readonly long _threshold; private bool _disposed; private readonly Action _debug; #endregion } } ================================================ FILE: src/Agent.Worker/StepsRunner.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.Expressions; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Newtonsoft.Json; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; namespace Microsoft.VisualStudio.Services.Agent.Worker { public interface IStep { IExpressionNode Condition { get; set; } bool ContinueOnError { get; } string DisplayName { get; } Pipelines.StepTarget Target { get; } bool Enabled { get; } IExecutionContext ExecutionContext { get; set; } TimeSpan? Timeout { get; } Task RunAsync(); } [ServiceLocator(Default = typeof(StepsRunner))] public interface IStepsRunner : IAgentService { Task RunAsync(IExecutionContext Context, IList steps); } public sealed class StepsRunner : AgentService, IStepsRunner { // StepsRunner should never throw exception to caller public async Task RunAsync(IExecutionContext jobContext, IList steps) { using (Trace.EnteringWithDuration()) { ArgUtil.NotNull(jobContext, nameof(jobContext)); ArgUtil.NotNull(steps, nameof(steps)); Trace.Entering(); // TaskResult: // Abandoned (Server set this.) // Canceled // Failed // Skipped // Succeeded // SucceededWithIssues CancellationTokenRegistration? jobCancelRegister = null; int stepIndex = 0; jobContext.Variables.Agent_JobStatus = jobContext.Result ?? TaskResult.Succeeded; Trace.Info($"Async command completion wait initiated - processing {jobContext.AsyncCommands?.Count ?? 0} pending commands"); // Wait till all async commands finish. int successfulCommandCount = 0; foreach (var command in jobContext.AsyncCommands ?? new List()) { try { // wait async command to finish. Trace.Info($"Async command initiated [Command:{command.Name}, CommandType:{command.GetType().Name}]"); await command.WaitAsync(); successfulCommandCount++; Trace.Info($"Async command completed successfully: {command.Name}"); } catch (Exception ex) { // Log the error Trace.Info($"Async command failed during job initialization [Command:{command.Name}, JobId:{jobContext.Variables.System_JobId}, Error:{ex.Message}]"); Trace.Info(ex.ToString()); } } Trace.Info($"Async command completion wait finished - {successfulCommandCount} commands processed"); Trace.Info("Step iteration loop initiated - beginning sequential step processing"); foreach (IStep step in steps) { Trace.Info($"Processing step {stepIndex + 1}/{steps.Count}: DisplayName='{step.DisplayName}', ContinueOnError={step.ContinueOnError}, Enabled={step.Enabled}"); // Set correlation step context - will be cleared in finally block to guarantee cleanup jobContext.SetCorrelationStep(step.ExecutionContext.Id.ToString()); try { Trace.Info($"Processing step: DisplayName='{step.DisplayName}', ContinueOnError={step.ContinueOnError}, Enabled={step.Enabled}"); ArgUtil.Equal(true, step.Enabled, nameof(step.Enabled)); ArgUtil.NotNull(step.ExecutionContext, nameof(step.ExecutionContext)); ArgUtil.NotNull(step.ExecutionContext.Variables, nameof(step.ExecutionContext.Variables)); stepIndex++; Trace.Info($"ExecutionContext startup initiated for step: '{step.DisplayName}'"); // Start. step.ExecutionContext.Start(); var taskStep = step as ITaskRunner; if (taskStep != null) { HostContext.WritePerfCounter($"TaskStart_{taskStep.Task.Reference.Name}_{stepIndex}"); Trace.Info($"Task step initiated [TaskName:{taskStep.Task.Reference.Name}, TaskId:{taskStep.Task.Reference.Id}, Version:{taskStep.Task.Reference.Version}, Stage:{taskStep.Stage}]"); } else { Trace.Info($"Non-task step {step.DisplayName} started [StepType:{step.GetType().Name}, Timeout:{step.Timeout?.TotalMinutes ?? 0}min]"); } // Change the current job context to the step context. var resourceDiagnosticManager = HostContext.GetService(); resourceDiagnosticManager.SetContext(step.ExecutionContext); // Variable expansion. step.ExecutionContext.SetStepTarget(step.Target); List expansionWarnings; step.ExecutionContext.Variables.RecalculateExpanded(out expansionWarnings); expansionWarnings?.ForEach(x => step.ExecutionContext.Warning(x)); Trace.Info($"Variable expansion completed [Step:'{step.DisplayName}', Warnings:{expansionWarnings?.Count ?? 0}, Target:{step.Target?.GetType()?.Name ?? "None"}]"); var expressionManager = HostContext.GetService(); try { ArgUtil.NotNull(jobContext, nameof(jobContext)); // I am not sure why this is needed, but static analysis flagged all uses of jobContext below this point // Register job cancellation call back only if job cancellation token not been fire before each step run if (!jobContext.CancellationToken.IsCancellationRequested) { Trace.Info($"Job cancellation registration setup [Step:'{step.DisplayName}', JobCancellationRequested:False, RegistrationActive:True]"); // Test the condition again. The job was canceled after the condition was originally evaluated. jobCancelRegister = jobContext.CancellationToken.Register(() => { Trace.Info($"Job cancellation callback triggered [Step:'{step.DisplayName}', AgentShutdown:{HostContext.AgentShutdownToken.IsCancellationRequested}]"); // Mark job as cancelled jobContext.Result = TaskResult.Canceled; jobContext.Variables.Agent_JobStatus = jobContext.Result; step.ExecutionContext.Debug($"Re-evaluate condition on job cancellation for step: '{step.DisplayName}'."); ConditionResult conditionReTestResult; if (HostContext.AgentShutdownToken.IsCancellationRequested) { if (AgentKnobs.FailJobWhenAgentDies.GetValue(jobContext).AsBoolean()) { PublishTelemetry(jobContext, TaskResult.Failed.ToString(), "120"); jobContext.Result = TaskResult.Failed; jobContext.Variables.Agent_JobStatus = jobContext.Result; Trace.Info($"Agent shutdown failure applied [Step:'{step.DisplayName}', FailJobEnabled:True, JobResult:Failed]"); } step.ExecutionContext.Debug($"Skip Re-evaluate condition on agent shutdown."); conditionReTestResult = false; Trace.Info($"Condition re-evaluation skipped [Step:'{step.DisplayName}', Reason:AgentShutdown]"); } else if (AgentKnobs.EnableTimeoutLogFlushing.GetValue(step.ExecutionContext).AsBoolean() && HostContext.WorkerShutdownForTimeout.IsCancellationRequested) { jobContext.Result = TaskResult.Canceled; jobContext.Variables.Agent_JobStatus = jobContext.Result; conditionReTestResult = false; Trace.Info($"Condition re-evaluation skipped [Step:'{step.DisplayName}', Reason:WorkerTimeout]"); } else { try { Trace.Info($"Condition re-evaluation initiated [Step:'{step.DisplayName}', Expression:'{step.Condition}', HostTracingOnly:True]"); conditionReTestResult = expressionManager.Evaluate(step.ExecutionContext, step.Condition, hostTracingOnly: true); Trace.Info($"Condition re-evaluation completed [Step:'{step.DisplayName}', Result:{conditionReTestResult.Value}]"); } catch (Exception ex) { // Cancel the step since we get exception while re-evaluate step condition. Trace.Info("Caught exception from expression when re-test condition on job cancellation."); step.ExecutionContext.Error(ex); conditionReTestResult = false; } } if (!conditionReTestResult.Value) { // Cancel the step. Trace.Info($"Cancel current running step: {step.DisplayName}"); step.ExecutionContext.Error(StringUtil.Loc("StepCancelled")); step.ExecutionContext.CancelToken(); } }); } else if (AgentKnobs.FailJobWhenAgentDies.GetValue(jobContext).AsBoolean() && HostContext.AgentShutdownToken.IsCancellationRequested) { if (jobContext.Result != TaskResult.Failed) { // mark job as failed PublishTelemetry(jobContext, jobContext.Result.ToString(), "121"); jobContext.Result = TaskResult.Failed; jobContext.Variables.Agent_JobStatus = jobContext.Result; } } else { if (jobContext.Result != TaskResult.Canceled) { // mark job as cancelled jobContext.Result = TaskResult.Canceled; jobContext.Variables.Agent_JobStatus = jobContext.Result; } } // Evaluate condition. step.ExecutionContext.Debug($"Evaluating condition for step: '{step.DisplayName}'"); Exception conditionEvaluateError = null; ConditionResult conditionResult; if (HostContext.AgentShutdownToken.IsCancellationRequested) { step.ExecutionContext.Debug($"Skip evaluate condition on agent shutdown."); conditionResult = false; Trace.Info($"Condition evaluation skipped due to agent shutdown: '{step.DisplayName}'"); } else if (AgentKnobs.EnableTimeoutLogFlushing.GetValue(step.ExecutionContext).AsBoolean() && HostContext.WorkerShutdownForTimeout.IsCancellationRequested) { jobContext.Result = TaskResult.Canceled; jobContext.Variables.Agent_JobStatus = jobContext.Result; conditionResult = false; Trace.Info($"Condition evaluation skipped due to worker timeout: '{step.DisplayName}'"); } else { try { conditionResult = expressionManager.Evaluate(step.ExecutionContext, step.Condition); Trace.Info($"Condition evaluation completed - Result: {conditionResult.Value}, Step: '{step.DisplayName}'"); } catch (Exception ex) { Trace.Info("Caught exception from expression."); Trace.Error(ex); conditionResult = false; conditionEvaluateError = ex; } } // no evaluate error but condition is false if (!conditionResult.Value && conditionEvaluateError == null) { // Condition == false string skipStepMessage = "Skipping step due to condition evaluation."; Trace.Info(skipStepMessage + $"[Step: '{step.DisplayName}', Reason:ConditionFalse, Expression:'{step.Condition}', StepIndex:{stepIndex}/{steps.Count}]"); step.ExecutionContext.Output($"{skipStepMessage}\n{conditionResult.Trace}"); step.ExecutionContext.Complete(TaskResult.Skipped, resultCode: skipStepMessage); continue; } if (conditionEvaluateError != null) { // fail the step since there is an evaluate error. Trace.Error($"Condition evaluation failure context [Step:'{step.DisplayName}', Expression:'{step.Condition}', StepIndex:{stepIndex}/{steps.Count}]"); step.ExecutionContext.Error(conditionEvaluateError); step.ExecutionContext.Complete(TaskResult.Failed); } else { Trace.Info($"RunStepAsync execution initiated for step: '{step.DisplayName}'"); // Run the step with worker timeout integration. await RunStepWithTimeoutAsync(step, jobContext.CancellationToken); Trace.Info($"RunStepAsync execution completed for step: '{step.DisplayName}' - Result: {step.ExecutionContext.Result}"); } } finally { Trace.Info($"Step cancellation registration cleanup [Step:'{step.DisplayName}', RegistrationActive:{jobCancelRegister != null}]"); if (jobCancelRegister != null) { jobCancelRegister?.Dispose(); jobCancelRegister = null; } } // Update the job result. if (step.ExecutionContext.Result == TaskResult.SucceededWithIssues || step.ExecutionContext.Result == TaskResult.Failed) { Trace.Info($"Update job result with current step result - Step: '{step.DisplayName}', StepResult: {step.ExecutionContext.Result}, PreviousJobResult: {jobContext.Result}"); jobContext.Result = TaskResultUtil.MergeTaskResults(jobContext.Result, step.ExecutionContext.Result.Value); jobContext.Variables.Agent_JobStatus = jobContext.Result; Trace.Info($"Job result after merge: {jobContext.Result}"); } else { Trace.Info($"Job result unchanged - Step: '{step.DisplayName}', StepResult: {step.ExecutionContext.Result}, JobResultKept:{jobContext.Result}"); } if (taskStep != null) { HostContext.WritePerfCounter($"TaskCompleted_{taskStep.Task.Reference.Name}_{stepIndex}"); Trace.Info($"Task step completion - TaskName:{taskStep.Task.Reference.Name}, StepIndex:{stepIndex}/{steps.Count}, Result: {step.ExecutionContext.Result}, TaskStage:{taskStep.Stage}"); } Trace.Info($"Current state: job state = '{jobContext.Result}'"); } finally { // Always clear correlation step context, even if an exception occurred // This prevents context leakage and ensures proper cleanup jobContext.ClearCorrelationStep(); } } Trace.Info($"Step iteration loop completed - All {steps.Count} steps processed, Final job result: {jobContext.Result}"); } } private async Task RunStepWithTimeoutAsync(IStep step, CancellationToken jobCancellationToken) { Trace.Info($"Individual step execution initiated: '{step.DisplayName}'"); // Check if timeout log flushing feature is enabled bool timeoutLogFlushingEnabled = AgentKnobs.EnableTimeoutLogFlushing.GetValue(step.ExecutionContext).AsBoolean(); // Register for worker timeout to cancel the step only if timeout log flushing is enabled CancellationTokenRegistration? workerTimeoutRegistration = null; if (timeoutLogFlushingEnabled && !HostContext.WorkerShutdownForTimeout.IsCancellationRequested) { workerTimeoutRegistration = HostContext.WorkerShutdownForTimeout.Register(() => { Trace.Warning($"Worker timeout detected during step execution: '{step.DisplayName}' - cancelling step"); step.ExecutionContext.Error("Step cancelled due to worker timeout"); step.ExecutionContext.CancelToken(); }); Trace.Info($"Worker timeout registration active for step: '{step.DisplayName}'"); } try { await RunStepAsync(step, jobCancellationToken); } finally { // Dispose worker timeout registration if (workerTimeoutRegistration != null) { workerTimeoutRegistration.Value.Dispose(); Trace.Info($"Worker timeout registration disposed for step: '{step.DisplayName}'"); } } } private async Task RunStepAsync(IStep step, CancellationToken jobCancellationToken) { Trace.Info($"Individual step execution initiated: '{step.DisplayName}'"); // Start the step. step.ExecutionContext.Section(StringUtil.Loc("StepStarting", step.DisplayName)); step.ExecutionContext.SetTimeout(timeout: step.Timeout); step.ExecutionContext.Variables.Set(Constants.Variables.Task.SkipTranslatorForCheckout, Boolean.FalseString); Trace.Info($"UTF-8 codepage switching initiated for step: '{step.DisplayName}'"); // Windows may not be on the UTF8 codepage; try to fix that await SwitchToUtf8Codepage(step); Trace.Info($"UTF-8 codepage switching completed for step: '{step.DisplayName}'"); // updated code log - Add codepage switching context and platform info Trace.Info($"Codepage configuration [Platform:{(PlatformUtil.RunningOnWindows ? "Windows" : "Unix")}, RetainEncoding:{step.ExecutionContext.Variables.Retain_Default_Encoding}, CurrentCodepage:{Console.InputEncoding?.CodePage}]"); try { Trace.Info($"Step main execution initiated: '{step.DisplayName}'"); await step.RunAsync(); Trace.Info($"Step main execution completed successfully: '{step.DisplayName}'"); } catch (OperationCanceledException ex) { if (step.ExecutionContext.CancellationToken.IsCancellationRequested && !jobCancellationToken.IsCancellationRequested) { Trace.Error($"Caught timeout exception from step: Step: {step.DisplayName}, Exception: {ex.Message}, ConfiguredTimeout:{step.Timeout?.TotalMinutes ?? 0}min"); Trace.Error(ex); step.ExecutionContext.Error(StringUtil.Loc("StepTimedOut")); step.ExecutionContext.Result = TaskResult.Failed; } else if (AgentKnobs.FailJobWhenAgentDies.GetValue(step.ExecutionContext).AsBoolean() && HostContext.AgentShutdownToken.IsCancellationRequested) { PublishTelemetry(step.ExecutionContext, TaskResult.Failed.ToString(), "122"); Trace.Error($"Caught Agent Shutdown exception from step: Step:'{step.DisplayName}', ShutdownReason:{HostContext.AgentShutdownReason}, Exception: {ex.Message}"); Trace.Error(ex); step.ExecutionContext.Error(ex); step.ExecutionContext.Result = TaskResult.Failed; } else { // Log the exception and cancel the step. Trace.Error($"Caught cancellation exception from step: Step:{step.DisplayName}, CancellationSource:JobLevel, JobCancelled:{jobCancellationToken.IsCancellationRequested}"); Trace.Error(ex); step.ExecutionContext.Error(ex); step.ExecutionContext.Result = TaskResult.Canceled; } } catch (Exception ex) { Trace.Error($"Caught exception from step: - Step: '{step.DisplayName}', Exception: {ex}"); // Log the error and fail the step. step.ExecutionContext.Error(ex); step.ExecutionContext.Result = TaskResult.Failed; } Trace.Info($"Async command completion wait initiated for step: '{step.DisplayName}' - Commands: {step.ExecutionContext.AsyncCommands?.Count ?? 0}"); // Wait till all async commands finish. foreach (var command in step.ExecutionContext.AsyncCommands ?? new List()) { try { // wait async command to finish. // check this - add log to mark start of this call as well, also add required meatadata to log for it Trace.Info($"Step async command initiated [Command:{command.Name}, Step:'{step.DisplayName}', CommandType:{command.GetType().Name}]"); await command.WaitAsync(); Trace.Info($"Step async command completion [Command:{command.Name}]"); } catch (OperationCanceledException ex) { if (step.ExecutionContext.CancellationToken.IsCancellationRequested && !jobCancellationToken.IsCancellationRequested) { // Log the timeout error, set step result to falied if the current result is not canceled. Trace.Error($"Caught timeout exception from async command {command.Name}: {ex}"); step.ExecutionContext.Error(StringUtil.Loc("StepTimedOut")); // if the step already canceled, don't set it to failed. step.ExecutionContext.CommandResult = TaskResultUtil.MergeTaskResults(step.ExecutionContext.CommandResult, TaskResult.Failed); } else if (AgentKnobs.FailJobWhenAgentDies.GetValue(step.ExecutionContext).AsBoolean() && HostContext.AgentShutdownToken.IsCancellationRequested) { PublishTelemetry(step.ExecutionContext, TaskResult.Failed.ToString(), "123"); Trace.Error($"Caught Agent shutdown exception from async command {command.Name}: {ex}"); step.ExecutionContext.Error(ex); // if the step already canceled, don't set it to failed. step.ExecutionContext.CommandResult = TaskResultUtil.MergeTaskResults(step.ExecutionContext.CommandResult, TaskResult.Failed); } else { // log and save the OperationCanceledException, set step result to canceled if the current result is not failed. Trace.Error($"Caught cancellation exception from async command {command.Name}: {ex}"); step.ExecutionContext.Error(ex); // if the step already failed, don't set it to canceled. step.ExecutionContext.CommandResult = TaskResultUtil.MergeTaskResults(step.ExecutionContext.CommandResult, TaskResult.Canceled); } } catch (Exception ex) { // Log the error, set step result to falied if the current result is not canceled. Trace.Error($"Caught exception from async command {command.Name}: {ex}"); step.ExecutionContext.Error(ex); // if the step already canceled, don't set it to failed. step.ExecutionContext.CommandResult = TaskResultUtil.MergeTaskResults(step.ExecutionContext.CommandResult, TaskResult.Failed); } } Trace.Info($"Step async command summary [Step:'{step.DisplayName}', TotalCommands:{step.ExecutionContext.AsyncCommands?.Count ?? 0}, CommandResult:{step.ExecutionContext.CommandResult}]"); // Merge executioncontext result with command result if (step.ExecutionContext.CommandResult != null) { step.ExecutionContext.Result = TaskResultUtil.MergeTaskResults(step.ExecutionContext.Result, step.ExecutionContext.CommandResult.Value); Trace.Info($"Step result merged with command result - Step: {step.DisplayName}, CommandResult:{step.ExecutionContext.CommandResult} FinalResult: {step.ExecutionContext.Result}"); } // Fixup the step result if ContinueOnError. if (step.ExecutionContext.Result == TaskResult.Failed && step.ContinueOnError) { step.ExecutionContext.Result = TaskResult.SucceededWithIssues; Trace.Info($"Step result updated due to ContinueOnError: '{step.DisplayName}', Result: Failed -> SucceededWithIssues"); } else { Trace.Info($"Step result: '{step.DisplayName}', Result: {step.ExecutionContext.Result}"); } // Complete the step context. step.ExecutionContext.Section(StringUtil.Loc("StepFinishing", step.DisplayName)); step.ExecutionContext.Complete(); Trace.Info($"Step execution summary - Step: '{step.DisplayName}', FinalResult: {step.ExecutionContext.Result}"); } private async Task SwitchToUtf8Codepage(IStep step) { if (!PlatformUtil.RunningOnWindows) { return; } try { if (!step.ExecutionContext.Variables.Retain_Default_Encoding && Console.InputEncoding.CodePage != 65001) { using var pi = HostContext.CreateService(); using var timeoutTokenSource = new CancellationTokenSource(); // 1 minute should be enough to switch to UTF8 code page timeoutTokenSource.CancelAfter(TimeSpan.FromSeconds(60)); // Join main and timeout cancellation tokens using var linkedTokenSource = CancellationTokenSource.CreateLinkedTokenSource( step.ExecutionContext.CancellationToken, timeoutTokenSource.Token); try { // Use UTF8 code page int exitCode = await pi.ExecuteAsync(workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work), fileName: WhichUtil.Which("chcp", true, Trace), arguments: "65001", environment: null, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: false, redirectStandardIn: null, inheritConsoleHandler: true, continueAfterCancelProcessTreeKillAttempt: ProcessInvoker.ContinueAfterCancelProcessTreeKillAttemptDefault, cancellationToken: linkedTokenSource.Token); if (exitCode == 0) { Trace.Info("Successfully returned to code page 65001 (UTF8)"); } else { Trace.Warning($"'chcp 65001' failed with exit code {exitCode}"); } } catch (OperationCanceledException) { if (!timeoutTokenSource.IsCancellationRequested) { throw; } Trace.Warning("'chcp 65001' cancelled by timeout"); } } } catch (Exception ex) { Trace.Warning($"'chcp 65001' failed with exception {ex.Message}"); Trace.Warning(ex.ToString()); } } private void PublishTelemetry(IExecutionContext context, string Task_Result, string TracePoint) { try { var telemetryData = new Dictionary { { "JobId", context.Variables.System_JobId.ToString()}, { "JobResult", Task_Result }, { "TracePoint", TracePoint}, }; var cmd = new Command("telemetry", "publish"); cmd.Data = JsonConvert.SerializeObject(telemetryData, Formatting.None); cmd.Properties.Add("area", "PipelinesTasks"); cmd.Properties.Add("feature", "AgentShutdown"); var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(HostContext); publishTelemetryCmd.ProcessCommand(context, cmd); } catch (Exception ex) { Trace.Warning($"Unable to publish agent shutdown telemetry data. Exception: {ex}"); } } } } ================================================ FILE: src/Agent.Worker/TaskCommandExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Globalization; using System.IO; using System.Linq; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker { public sealed class TaskCommandExtension : BaseWorkerCommandExtension { public TaskCommandExtension() { CommandArea = "task"; SupportedHostTypes = HostTypes.All; InstallWorkerCommand(new TaskIssueCommand()); InstallWorkerCommand(new TaskProgressCommand()); InstallWorkerCommand(new TaskDetailCommand()); InstallWorkerCommand(new TaskCompleteCommand()); InstallWorkerCommand(new TaskSetSecretCommand()); InstallWorkerCommand(new TaskSetVariableCommand()); InstallWorkerCommand(new TaskAddAttachmentCommand()); InstallWorkerCommand(new TaskDebugCommand()); InstallWorkerCommand(new TaskUploadSummaryCommand()); InstallWorkerCommand(new TaskUploadFileCommand()); InstallWorkerCommand(new TaskSetTaskVariableCommand()); InstallWorkerCommand(new TaskSetEndpointCommand()); InstallWorkerCommand(new TaskPrepandPathCommand()); } } public static class TaskCommandHelper { public static void AddSecret(IExecutionContext context, string value, string origin) { if (!string.IsNullOrEmpty(value)) { context.GetHostContext().SecretMasker.AddValue(value, origin); // if DECODE_PERCENTS = false then we need to add decoded value as a secret as well to prevent its exposion in logs var unescapePercents = AgentKnobs.DecodePercents.GetValue(context).AsBoolean(); if (!unescapePercents) { context.GetHostContext().SecretMasker.AddValue(CommandStringConvertor.Unescape(value, true), origin); } } } } [CommandRestriction(AllowedInRestrictedMode = true)] public sealed class TaskDetailCommand : IWorkerCommand { public string Name => "logdetail"; public List Aliases => null; // Since we process all logging command in serialized order, everthing should be thread safe. private readonly Dictionary _timelineRecordsTracker = new Dictionary(); public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var eventProperties = command.Properties; var data = command.Data; TimelineRecord record = new TimelineRecord(); String timelineRecord; if (!eventProperties.TryGetValue(TaskDetailEventProperties.TimelineRecordId, out timelineRecord) || string.IsNullOrEmpty(timelineRecord) || new Guid(timelineRecord).Equals(Guid.Empty)) { throw new ArgumentNullException(StringUtil.Loc("MissingTimelineRecordId")); } else { record.Id = new Guid(timelineRecord); } string parentTimlineRecord; if (eventProperties.TryGetValue(TaskDetailEventProperties.ParentTimelineRecordId, out parentTimlineRecord)) { record.ParentId = new Guid(parentTimlineRecord); } String name; if (eventProperties.TryGetValue(TaskDetailEventProperties.Name, out name)) { record.Name = name; } String recordType; if (eventProperties.TryGetValue(TaskDetailEventProperties.Type, out recordType)) { record.RecordType = recordType; } String order; if (eventProperties.TryGetValue(TaskDetailEventProperties.Order, out order)) { int orderInt = 0; if (int.TryParse(order, out orderInt)) { record.Order = orderInt; } } String percentCompleteValue; if (eventProperties.TryGetValue(TaskDetailEventProperties.Progress, out percentCompleteValue)) { Int32 progress; if (Int32.TryParse(percentCompleteValue, out progress)) { record.PercentComplete = (Int32)Math.Min(Math.Max(progress, 0), 100); } } if (!String.IsNullOrEmpty(data)) { record.CurrentOperation = data; } string result; if (eventProperties.TryGetValue(TaskDetailEventProperties.Result, out result)) { record.Result = EnumUtil.TryParse(result) ?? TaskResult.Succeeded; } String startTime; if (eventProperties.TryGetValue(TaskDetailEventProperties.StartTime, out startTime)) { record.StartTime = ParseDateTime(startTime, DateTime.UtcNow); } String finishtime; if (eventProperties.TryGetValue(TaskDetailEventProperties.FinishTime, out finishtime)) { record.FinishTime = ParseDateTime(finishtime, DateTime.UtcNow); } String state; if (eventProperties.TryGetValue(TaskDetailEventProperties.State, out state)) { record.State = ParseTimelineRecordState(state, TimelineRecordState.Pending); } TimelineRecord trackingRecord; // in front validation as much as possible. // timeline record is happened in back end queue, user will not receive result of the timeline record updates. // front validation will provide user better understanding when things went wrong. if (_timelineRecordsTracker.TryGetValue(record.Id, out trackingRecord)) { // we already created this timeline record // make sure parentid does not changed. if (record.ParentId != null && record.ParentId != trackingRecord.ParentId) { throw new InvalidOperationException(StringUtil.Loc("CannotChangeParentTimelineRecord")); } else if (record.ParentId == null) { record.ParentId = trackingRecord.ParentId; } // populate default value for empty field. if (record.State == TimelineRecordState.Completed) { if (record.PercentComplete == null) { record.PercentComplete = 100; } if (record.FinishTime == null) { record.FinishTime = DateTime.UtcNow; } } } else { // we haven't created this timeline record // make sure we have name/type and parent record has created. if (string.IsNullOrEmpty(record.Name)) { throw new ArgumentNullException(StringUtil.Loc("NameRequiredForTimelineRecord")); } if (string.IsNullOrEmpty(record.RecordType)) { throw new ArgumentNullException(StringUtil.Loc("TypeRequiredForTimelineRecord")); } if (record.ParentId != null && record.ParentId != Guid.Empty) { if (!_timelineRecordsTracker.ContainsKey(record.ParentId.Value)) { throw new ArgumentNullException(StringUtil.Loc("ParentTimelineNotCreated")); } } // populate default value for empty field. if (record.StartTime == null) { record.StartTime = DateTime.UtcNow; } if (record.State == null) { record.State = TimelineRecordState.InProgress; } } context.UpdateDetailTimelineRecord(record); _timelineRecordsTracker[record.Id] = record; } private DateTime ParseDateTime(String dateTimeText, DateTime defaultValue) { DateTime dateTime; if (!DateTime.TryParse(dateTimeText, CultureInfo.CurrentCulture, DateTimeStyles.AdjustToUniversal, out dateTime)) { dateTime = defaultValue; } return dateTime; } private TimelineRecordState ParseTimelineRecordState(String timelineRecordStateText, TimelineRecordState defaultValue) { TimelineRecordState state; if (!Enum.TryParse(timelineRecordStateText, out state)) { state = defaultValue; } return state; } } public sealed class TaskUploadSummaryCommand : IWorkerCommand { public string Name => "uploadsummary"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var data = command.Data; if (!string.IsNullOrEmpty(data)) { var uploadSummaryProperties = new Dictionary(); uploadSummaryProperties.Add(TaskAddAttachmentEventProperties.Type, CoreAttachmentType.Summary); var fileName = Path.GetFileName(data); uploadSummaryProperties.Add(TaskAddAttachmentEventProperties.Name, fileName); TaskAddAttachmentCommand.AddAttachment(context, uploadSummaryProperties, data); } else { throw new InvalidOperationException(StringUtil.Loc("CannotUploadSummary")); } } } public sealed class TaskUploadFileCommand : IWorkerCommand { public string Name => "uploadfile"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var data = command.Data; if (!string.IsNullOrEmpty(data)) { var uploadFileProperties = new Dictionary(); uploadFileProperties.Add(TaskAddAttachmentEventProperties.Type, CoreAttachmentType.FileAttachment); var fileName = Path.GetFileName(data); uploadFileProperties.Add(TaskAddAttachmentEventProperties.Name, fileName); TaskAddAttachmentCommand.AddAttachment(context, uploadFileProperties, data); } else { throw new InvalidOperationException(StringUtil.Loc("CannotUploadFile")); } } } public sealed class TaskAddAttachmentCommand : IWorkerCommand { public string Name => "addattachment"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); AddAttachment(context, command.Properties, command.Data); } public static void AddAttachment(IExecutionContext context, Dictionary eventProperties, string data) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(eventProperties, nameof(eventProperties)); String type; if (!eventProperties.TryGetValue(TaskAddAttachmentEventProperties.Type, out type) || String.IsNullOrEmpty(type)) { throw new ArgumentNullException(StringUtil.Loc("MissingAttachmentType")); } String name; if (!eventProperties.TryGetValue(TaskAddAttachmentEventProperties.Name, out name) || String.IsNullOrEmpty(name)) { throw new ArgumentNullException(StringUtil.Loc("MissingAttachmentName")); } char[] s_invalidFileChars = Path.GetInvalidFileNameChars(); if (type.IndexOfAny(s_invalidFileChars) != -1) { throw new ArgumentException($"Type contains invalid characters. ({String.Join(",", s_invalidFileChars)})"); } if (name.IndexOfAny(s_invalidFileChars) != -1) { throw new ArgumentException($"Name contains invalid characters. ({String.Join(", ", s_invalidFileChars)})"); } // Translate file path back from container path string filePath = context.TranslateToHostPath(data); if (!String.IsNullOrEmpty(filePath) && File.Exists(filePath)) { // Upload attachment context.QueueAttachFile(type, name, filePath); } else { throw new ArgumentNullException(StringUtil.Loc("MissingAttachmentFile")); } } } [CommandRestriction(AllowedInRestrictedMode = true)] public sealed class TaskIssueCommand : IWorkerCommand { public string Name => "logissue"; public List Aliases => new List() { "issue" }; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var eventProperties = command.Properties; var data = command.Data; if (AgentKnobs.EnableIssueSourceValidation.GetValue(context).AsBoolean()) { ProcessIssueSource(context, command); } Issue taskIssue = null; String issueType; if (eventProperties.TryGetValue(TaskIssueEventProperties.Type, out issueType)) { taskIssue = CreateIssue(context, issueType, data, eventProperties); } if (taskIssue == null) { context.Warning("Can't create TaskIssue from logging event."); return; } context.AddIssue(taskIssue); } private void ProcessIssueSource(IExecutionContext context, Command command) { if (!WorkerUtilities.IsCommandCorrelationIdValid(context, command, out bool correlationIdPresent)) { _ = command.Properties.Remove(TaskWellKnownItems.IssueSourceProperty); if (correlationIdPresent) { context.Debug("The task provided an invalid correlation ID when using the task.issue command."); } } _ = command.Properties.Remove("correlationId"); } private Issue CreateIssue(IExecutionContext context, string issueType, String message, Dictionary properties) { Issue issue = new Issue() { Category = "General", }; if (issueType.Equals("error", StringComparison.OrdinalIgnoreCase)) { issue.Type = IssueType.Error; } else if (issueType.Equals("warning", StringComparison.OrdinalIgnoreCase)) { issue.Type = IssueType.Warning; } else { throw new ArgumentException($"issue type {issueType} is not an expected issue type."); } String sourcePath; if (properties.TryGetValue(ProjectIssueProperties.SourcePath, out sourcePath)) { issue.Category = "Code"; var extensionManager = context.GetHostContext().GetService(); var hostType = context.Variables.System_HostType; IJobExtension extension = (extensionManager.GetExtensions() ?? new List()) .Where(x => x.HostType.HasFlag(hostType)) .FirstOrDefault(); if (extension != null) { // Translate file path back from container path sourcePath = context.TranslateToHostPath(sourcePath); properties[ProjectIssueProperties.SourcePath] = sourcePath; // Get the values that represent the server path given a local path string repoName; string relativeSourcePath; extension.ConvertLocalPath(context, sourcePath, out repoName, out relativeSourcePath); // add repo info if (!string.IsNullOrEmpty(repoName)) { properties["repo"] = repoName; } if (!string.IsNullOrEmpty(relativeSourcePath)) { // replace sourcePath with the new relative path properties[ProjectIssueProperties.SourcePath] = relativeSourcePath; } String sourcePathValue; String lineNumberValue; String columnNumberValue; String messageTypeValue; String codeValue; properties.TryGetValue(TaskIssueEventProperties.Type, out messageTypeValue); properties.TryGetValue(ProjectIssueProperties.SourcePath, out sourcePathValue); properties.TryGetValue(ProjectIssueProperties.LineNumber, out lineNumberValue); properties.TryGetValue(ProjectIssueProperties.ColumNumber, out columnNumberValue); properties.TryGetValue(ProjectIssueProperties.Code, out codeValue); //ex. Program.cs(13, 18): error CS1002: ; expected message = String.Format(CultureInfo.InvariantCulture, "{0}({1},{2}): {3} {4}: {5}", sourcePathValue, lineNumberValue, columnNumberValue, messageTypeValue, codeValue, message); } } if (properties != null) { foreach (var property in properties) { issue.Data[property.Key] = property.Value; } } issue.Message = message; return issue; } } [CommandRestriction(AllowedInRestrictedMode = true)] public sealed class TaskCompleteCommand : IWorkerCommand { public string Name => "complete"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var eventProperties = command.Properties; var data = command.Data; string resultText; TaskResult result; if (!eventProperties.TryGetValue(TaskCompleteEventProperties.Result, out resultText) || String.IsNullOrEmpty(resultText) || !Enum.TryParse(resultText, out result)) { throw new ArgumentException(StringUtil.Loc("InvalidCommandResult")); } context.Result = TaskResultUtil.MergeTaskResults(context.Result, result); context.Progress(100, data); if (eventProperties.TryGetValue(TaskCompleteEventProperties.Done, out string doneText) && !String.IsNullOrEmpty(doneText) && StringUtil.ConvertToBoolean(doneText)) { context.ForceTaskComplete(); } } } [CommandRestriction(AllowedInRestrictedMode = true)] public sealed class TaskProgressCommand : IWorkerCommand { public string Name => "setprogress"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var eventProperties = command.Properties; var data = command.Data; Int32 percentComplete = 0; String processValue; if (eventProperties.TryGetValue("value", out processValue)) { Int32 progress; if (Int32.TryParse(processValue, out progress)) { percentComplete = (Int32)Math.Min(Math.Max(progress, 0), 100); } } context.Progress(percentComplete, data); } } [CommandRestriction(AllowedInRestrictedMode = true)] public sealed class TaskSetSecretCommand : IWorkerCommand { public string Name => "setsecret"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); TaskCommandHelper.AddSecret(context, command.Data, WellKnownSecretAliases.TaskSetSecretCommand); } } [CommandRestriction(AllowedInRestrictedMode = true)] public sealed class TaskSetVariableCommand : IWorkerCommand { public string Name => "setvariable"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var eventProperties = command.Properties; var data = command.Data; String name; if (!eventProperties.TryGetValue(TaskSetVariableEventProperties.Variable, out name) || String.IsNullOrEmpty(name)) { throw new ArgumentNullException(StringUtil.Loc("MissingVariableName")); } String isSecretValue; Boolean isSecret = false; if (eventProperties.TryGetValue(TaskSetVariableEventProperties.IsSecret, out isSecretValue)) { Boolean.TryParse(isSecretValue, out isSecret); } String isOutputValue; Boolean isOutput = false; if (eventProperties.TryGetValue(TaskSetVariableEventProperties.IsOutput, out isOutputValue)) { Boolean.TryParse(isOutputValue, out isOutput); } String isReadOnlyValue; Boolean isReadOnly = false; if (eventProperties.TryGetValue(TaskSetVariableEventProperties.IsReadOnly, out isReadOnlyValue)) { Boolean.TryParse(isReadOnlyValue, out isReadOnly); } String preserveCaseValue; Boolean preserveCase = false; if (eventProperties.TryGetValue(TaskSetVariableEventProperties.PreserveCase, out preserveCaseValue)) { Boolean.TryParse(preserveCaseValue, out preserveCase); } if (context.Variables.IsReadOnly(name)) { // Check FF. If it is on then throw, otherwise warn // TODO - remove this and just always throw once the feature has been fully rolled out. if (context.Variables.Read_Only_Variables) { throw new InvalidOperationException(StringUtil.Loc("ReadOnlyVariable", name)); } else { context.Warning(StringUtil.Loc("ReadOnlyVariableWarning", name)); } } if (isSecret) { if (!string.IsNullOrEmpty(data) && data.Contains(Environment.NewLine) && !AgentKnobs.AllowUnsafeMultilineSecret.GetValue(context).AsBoolean()) { throw new InvalidOperationException(StringUtil.Loc("MultilineSecret")); } var unescapePercents = AgentKnobs.DecodePercents.GetValue(context).AsBoolean(); var commandEscapeData = CommandStringConvertor.Escape(command.Data, unescapePercents); TaskCommandHelper.AddSecret(context, commandEscapeData, WellKnownSecretAliases.TaskSetVariableCommand); } var checker = context.GetHostContext().GetService(); if (checker.CheckSettableVariable(context, name)) { context.SetVariable(name, data, isSecret: isSecret, isOutput: isOutput, isReadOnly: isReadOnly, preserveCase: preserveCase); } } } [CommandRestriction(AllowedInRestrictedMode = true)] public sealed class TaskDebugCommand : IWorkerCommand { public string Name => "debug"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var data = command.Data; context.Debug(data); } } [CommandRestriction(AllowedInRestrictedMode = true)] public sealed class TaskSetTaskVariableCommand : IWorkerCommand { public string Name => "settaskvariable"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var eventProperties = command.Properties; var data = command.Data; String name; if (!eventProperties.TryGetValue(TaskSetTaskVariableEventProperties.Variable, out name) || String.IsNullOrEmpty(name)) { throw new ArgumentNullException(StringUtil.Loc("MissingTaskVariableName")); } String isSecretValue; Boolean isSecret = false; if (eventProperties.TryGetValue(TaskSetTaskVariableEventProperties.IsSecret, out isSecretValue)) { Boolean.TryParse(isSecretValue, out isSecret); } String isReadOnlyValue; Boolean isReadOnly = false; if (eventProperties.TryGetValue(TaskSetVariableEventProperties.IsReadOnly, out isReadOnlyValue)) { Boolean.TryParse(isReadOnlyValue, out isReadOnly); } String preserveCaseValue; Boolean preserveCase = false; if (eventProperties.TryGetValue(TaskSetVariableEventProperties.PreserveCase, out preserveCaseValue)) { Boolean.TryParse(preserveCaseValue, out preserveCase); } if (context.TaskVariables.IsReadOnly(name)) { // Check FF. If it is on then throw, otherwise warn // TODO - remove this and just always throw once the feature has been fully rolled out. if (context.Variables.Read_Only_Variables) { throw new InvalidOperationException(StringUtil.Loc("ReadOnlyTaskVariable", name)); } else { context.Warning(StringUtil.Loc("ReadOnlyTaskVariableWarning", name)); } } if (isSecret) { if (!string.IsNullOrEmpty(data) && data.Contains(Environment.NewLine) && !AgentKnobs.AllowUnsafeMultilineSecret.GetValue(context).AsBoolean()) { throw new InvalidOperationException(StringUtil.Loc("MultilineSecret")); } } context.TaskVariables.Set(name, data, secret: isSecret, readOnly: isReadOnly, preserveCase: preserveCase); } } public sealed class TaskSetEndpointCommand : IWorkerCommand { public string Name => "setendpoint"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var eventProperties = command.Properties; var data = command.Data; if (string.IsNullOrEmpty(data)) { throw new ArgumentNullException(StringUtil.Loc("EnterValidValueFor0", "setendpoint")); } String field; if (!eventProperties.TryGetValue(TaskSetEndpointEventProperties.Field, out field) || String.IsNullOrEmpty(field)) { throw new ArgumentNullException(StringUtil.Loc("MissingEndpointField")); } // Mask auth parameter data upfront to avoid accidental secret exposure by invalid endpoint/key/data if (String.Equals(field, "authParameter", StringComparison.OrdinalIgnoreCase)) { TaskCommandHelper.AddSecret(context, data, WellKnownSecretAliases.TaskSetEndpointCommandAuthParameter); } String endpointIdInput; if (!eventProperties.TryGetValue(TaskSetEndpointEventProperties.EndpointId, out endpointIdInput) || String.IsNullOrEmpty(endpointIdInput)) { throw new ArgumentNullException(StringUtil.Loc("MissingEndpointId")); } Guid endpointId; if (!Guid.TryParse(endpointIdInput, out endpointId)) { throw new ArgumentNullException(StringUtil.Loc("InvalidEndpointId")); } var endpoint = context.Endpoints.Find(a => a.Id == endpointId); if (endpoint == null) { throw new ArgumentNullException(StringUtil.Loc("InvalidEndpointId")); } if (String.Equals(field, "url", StringComparison.OrdinalIgnoreCase)) { Uri uri; if (!Uri.TryCreate(data, UriKind.Absolute, out uri)) { throw new ArgumentNullException(StringUtil.Loc("InvalidEndpointUrl")); } endpoint.Url = uri; return; } String key; if (!eventProperties.TryGetValue(TaskSetEndpointEventProperties.Key, out key) || String.IsNullOrEmpty(key)) { throw new ArgumentNullException(StringUtil.Loc("MissingEndpointKey")); } if (String.Equals(field, "dataParameter", StringComparison.OrdinalIgnoreCase)) { endpoint.Data[key] = data; } else if (String.Equals(field, "authParameter", StringComparison.OrdinalIgnoreCase)) { endpoint.Authorization.Parameters[key] = data; } else { throw new ArgumentException(StringUtil.Loc("InvalidEndpointField")); } } } [CommandRestriction(AllowedInRestrictedMode = true)] public sealed class TaskPrepandPathCommand : IWorkerCommand { public string Name => "prependpath"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var checker = context.GetHostContext().GetService(); if (!checker.CheckSettableVariable(context, Constants.PathVariable)) { return; } var data = command.Data; ArgUtil.NotNullOrEmpty(data, this.Name); context.PrependPath.RemoveAll(x => string.Equals(x, data, StringComparison.CurrentCulture)); context.PrependPath.Add(data); } } internal static class TaskSetVariableEventProperties { public static readonly String Variable = "variable"; public static readonly String IsSecret = "issecret"; public static readonly String IsOutput = "isoutput"; public static readonly String IsReadOnly = "isreadonly"; public static readonly String PreserveCase = "preservecase"; } internal static class TaskCompleteEventProperties { public static readonly String Result = "result"; public static readonly String Done = "done"; } internal static class TaskIssueEventProperties { public static readonly String Type = "type"; } internal static class ProjectIssueProperties { public static readonly String Code = "code"; public static readonly String ColumNumber = "columnnumber"; public static readonly String SourcePath = "sourcepath"; public static readonly String LineNumber = "linenumber"; } internal static class TaskAddAttachmentEventProperties { public static readonly String Type = "type"; public static readonly String Name = "name"; } internal static class TaskDetailEventProperties { public static readonly String TimelineRecordId = "id"; public static readonly String ParentTimelineRecordId = "parentid"; public static readonly String Type = "type"; public static readonly String Name = "name"; public static readonly String StartTime = "starttime"; public static readonly String FinishTime = "finishtime"; public static readonly String Progress = "progress"; public static readonly String State = "state"; public static readonly String Result = "result"; public static readonly String Order = "order"; } internal static class TaskSetTaskVariableEventProperties { public static readonly String Variable = "variable"; public static readonly String IsSecret = "issecret"; } internal static class TaskSetEndpointEventProperties { public static readonly String EndpointId = "id"; public static readonly String Field = "field"; public static readonly String Key = "key"; } } ================================================ FILE: src/Agent.Worker/TaskDecoratorManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(TaskDecoratorManager))] public interface ITaskDecoratorManager : IAgentService { bool IsInjectedTaskForTarget(string taskName, IExecutionContext executionContext); bool IsInjectedInputsContainsSecrets(Dictionary inputs, out List inputsWithSecrets); string GenerateTaskResultMessage(List inputsWithSecrets); } public sealed class TaskDecoratorManager : AgentService, ITaskDecoratorManager { /// /// Checks if current task is injected by decorator with posttargettask or pretargettask target. /// TaskName will be null on old versions of TFS 2017, 2015, this version of TFS doesn't support injection of post-target and pre-target decorators, /// so we could just return false value in case of null taskName /// /// Name of the task to check /// Returns `true` if task is injected by decorator for target task, otherwise `false` public bool IsInjectedTaskForTarget(string taskName, IExecutionContext executionContext) { if (taskName == null) { executionContext.Debug("The task name is null, check for the target of injected tasks skipped."); return false; } return taskName.StartsWith(InjectedTasksNamesPrefixes.PostTargetTask) || taskName.StartsWith(InjectedTasksNamesPrefixes.PreTargetTask); } /// /// Verifies that there are inputs with secrets, if secrets were found task will be marked as skipped and won't be executed /// /// Inputs presented as a dictionary with input name as key and input's value as the value of the corresponding key /// Out value that will contain the list of task inputs with secrets /// Return `true` if task contains injected inputs with secrets, otherwise `false` public bool IsInjectedInputsContainsSecrets(Dictionary inputs, out List inputsWithSecrets) { inputsWithSecrets = this.GetInputsWithSecrets(inputs); return inputsWithSecrets.Count > 0; } /// /// Generates list of inputs that should be included into task result message /// /// List of inputs with secrets, that should be included in message public string GenerateTaskResultMessage(List inputsWithSecrets) { string inputsForReport = string.Join(Environment.NewLine, inputsWithSecrets.Select(input => string.Join("\n", input))); return inputsForReport; } /// /// Used to check if provided input value contain any secret /// /// Value of input to check /// Returns `true` if provided string contain secret, otherwise `false` private bool ContainsSecret(string inputValue) { string maskedString = HostContext.SecretMasker.MaskSecrets(inputValue); return maskedString != inputValue; } /// /// Used to get list of inputs in injected task that started with target_ prefix and contain secrets, /// such inputs are autoinjected from target tasks /// /// Inputs presented as a dictionary with input name as key and input's value as the value of the corresponding key /// Returns list of inputs' names that contain secret values private List GetInputsWithSecrets(Dictionary inputs) { var inputsWithSecrets = new List(); foreach (var input in inputs) { if (input.Key.StartsWith("target_") && this.ContainsSecret(input.Value)) { inputsWithSecrets.Add(input.Key); } } return inputsWithSecrets; } } internal static class InjectedTasksNamesPrefixes { public static readonly String PostTargetTask = "__system_posttargettask_"; public static readonly String PreTargetTask = "__system_pretargettask_"; } } ================================================ FILE: src/Agent.Worker/TaskManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.IO.Compression; using System.Linq; using System.Net.Http; using System.Net.Sockets; using System.Text.RegularExpressions; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Knob; using Agent.Sdk.Util; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Microsoft.VisualStudio.Services.Common; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(TaskManager))] public interface ITaskManager : IAgentService { Task DownloadAsync(IExecutionContext executionContext, IEnumerable steps); Definition Load(Pipelines.TaskStep task); /// /// Extract a task that has already been downloaded. /// /// Current execution context. /// The task to be extracted. void Extract(IExecutionContext executionContext, Pipelines.TaskStep task); } public class TaskManager : AgentService, ITaskManager { private const int _defaultFileStreamBufferSize = 4096; //81920 is the default used by System.IO.Stream.CopyTo and is under the large object heap threshold (85k). private const int _defaultCopyBufferSize = 81920; public async Task DownloadAsync(IExecutionContext executionContext, IEnumerable steps) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(steps, nameof(steps)); executionContext.Output(StringUtil.Loc("EnsureTasksExist")); IEnumerable tasks = steps.OfType(); //remove duplicate, disabled and built-in tasks IEnumerable uniqueTasks = from task in tasks group task by new { task.Reference.Id, task.Reference.Version } into taskGrouping select taskGrouping.First(); if (!uniqueTasks.Any()) { executionContext.Debug("There is no required tasks need to download."); return; } HashSet exceptionList = GetTaskExceptionSet(); foreach (var task in uniqueTasks.Select(x => x.Reference)) { executionContext.SetCorrelationTask(task.Id.ToString()); if (task.Id == Pipelines.PipelineConstants.CheckoutTask.Id && task.Version == Pipelines.PipelineConstants.CheckoutTask.Version) { Trace.Info("Skip download checkout task."); continue; } await DownloadAsync(executionContext, task); if (AgentKnobs.CheckForTaskDeprecation.GetValue(executionContext).AsBoolean()) { CheckForTaskDeprecation(executionContext, task); } if (AgentKnobs.CheckIfTaskNodeRunnerIsDeprecated246.GetValue(executionContext).AsBoolean()) { if (!exceptionList.Contains(task.Id)) { CheckIfTaskNodeRunnerIsDeprecated(executionContext, task); } } executionContext.ClearCorrelationTask(); } } public virtual Definition Load(Pipelines.TaskStep task) { // Validate args. Trace.Entering(); ArgUtil.NotNull(task, nameof(task)); if (task.Reference.Id == Pipelines.PipelineConstants.CheckoutTask.Id && task.Reference.Version == Pipelines.PipelineConstants.CheckoutTask.Version) { var checkoutTask = new Definition() { Directory = HostContext.GetDirectory(WellKnownDirectory.Tasks), Data = new DefinitionData() { Author = Pipelines.PipelineConstants.CheckoutTask.Author, Description = Pipelines.PipelineConstants.CheckoutTask.Description, FriendlyName = Pipelines.PipelineConstants.CheckoutTask.FriendlyName, HelpMarkDown = Pipelines.PipelineConstants.CheckoutTask.HelpMarkDown, Inputs = Pipelines.PipelineConstants.CheckoutTask.Inputs.ToArray(), Execution = StringUtil.ConvertFromJson(StringUtil.ConvertToJson(Pipelines.PipelineConstants.CheckoutTask.Execution)), PostJobExecution = StringUtil.ConvertFromJson(StringUtil.ConvertToJson(Pipelines.PipelineConstants.CheckoutTask.PostJobExecution)) } }; return checkoutTask; } var definition = GetTaskDefiniton(task); // Replace the macros within the handler data sections. foreach (HandlerData handlerData in (definition.Data?.Execution?.All as IEnumerable ?? new HandlerData[0])) { handlerData?.ReplaceMacros(HostContext, definition); } return definition; } public void Extract(IExecutionContext executionContext, Pipelines.TaskStep task) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(task, nameof(task)); String zipFile = GetTaskZipPath(task.Reference); String destinationDirectory = GetDirectory(task.Reference); executionContext.Debug($"Extracting task {task.Name} from {zipFile} to {destinationDirectory}."); Trace.Verbose(StringUtil.Format("Deleting task destination folder: {0}", destinationDirectory)); IOUtil.DeleteDirectory(destinationDirectory, executionContext.CancellationToken); Directory.CreateDirectory(destinationDirectory); ZipFile.ExtractToDirectory(zipFile, destinationDirectory); Trace.Verbose("Creating watermark file to indicate the task extracted successfully."); File.WriteAllText(destinationDirectory + ".completed", DateTime.UtcNow.ToString()); } private async Task DownloadAsync(IExecutionContext executionContext, Pipelines.TaskStepDefinitionReference task) { Trace.Entering(); ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(task, nameof(task)); ArgUtil.NotNullOrEmpty(task.Version, nameof(task.Version)); var taskServer = HostContext.GetService(); // first check to see if we already have the task string destDirectory = GetDirectory(task); Trace.Info($"Ensuring task exists: ID '{task.Id}', version '{task.Version}', name '{task.Name}', directory '{destDirectory}'."); var configurationStore = HostContext.GetService(); AgentSettings settings = configurationStore.GetSettings(); Boolean signingEnabled = (settings.SignatureVerification != null && settings.SignatureVerification.Mode != SignatureVerificationMode.None); Boolean alwaysExtractTask = signingEnabled || settings.AlwaysExtractTask; if (File.Exists(destDirectory + ".completed") && !alwaysExtractTask) { executionContext.Debug($"Task '{task.Name}' already downloaded at '{destDirectory}'."); return; } String taskZipPath = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.TaskZips), $"{task.Name}_{task.Id}_{NormalizeTaskVersion(task)}.zip"); if (alwaysExtractTask && File.Exists(taskZipPath)) { executionContext.Debug($"Task '{task.Name}' already downloaded at '{taskZipPath}'."); // Extract a new zip every time IOUtil.DeleteDirectory(destDirectory, executionContext.CancellationToken); ExtractZip(taskZipPath, destDirectory); return; } // delete existing task folder. Trace.Verbose(StringUtil.Format("Deleting task destination folder: {0}", destDirectory)); IOUtil.DeleteDirectory(destDirectory, CancellationToken.None); // Inform the user that a download is taking place. The download could take a while if // the task zip is large. It would be nice to print the localized name, but it is not // available from the reference included in the job message. executionContext.Output(StringUtil.Loc("DownloadingTask0", task.Name, task.Version)); string zipFile = string.Empty; var version = new TaskVersion(task.Version); //download and extract task in a temp folder and rename it on success string tempDirectory = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Tasks), "_temp_" + Guid.NewGuid()); try { Directory.CreateDirectory(tempDirectory); int retryCount = 0; // Allow up to 20 * 60s for any task to be downloaded from service. // Base on Kusto, the longest we have on the service today is over 850 seconds. // Timeout limit can be overwrite by environment variable int timeoutSeconds = AgentKnobs.TaskDownloadTimeout.GetValue(UtilKnobValueContext.Instance()).AsInt(); int retryLimit = AgentKnobs.TaskDownloadRetryLimit.GetValue(UtilKnobValueContext.Instance()).AsInt(); while (true) { using (var taskDownloadTimeout = new CancellationTokenSource(TimeSpan.FromSeconds(timeoutSeconds))) using (var taskDownloadCancellation = CancellationTokenSource.CreateLinkedTokenSource(taskDownloadTimeout.Token, executionContext.CancellationToken)) { try { zipFile = Path.Combine(tempDirectory, string.Format("{0}.zip", Guid.NewGuid())); //open zip stream in async mode using (FileStream fs = new FileStream(zipFile, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize: _defaultFileStreamBufferSize, useAsync: true)) using (Stream result = await taskServer.GetTaskContentZipAsync(task.Id, version, taskDownloadCancellation.Token)) { Trace.Info($"The '{task.Name}' task downloading started."); await result.CopyToAsync(fs, _defaultCopyBufferSize, taskDownloadCancellation.Token); Trace.Info($"The '{task.Name}' task downloading finished."); await fs.FlushAsync(taskDownloadCancellation.Token); // download succeed, break out the retry loop. break; } } catch (OperationCanceledException) when (executionContext.CancellationToken.IsCancellationRequested) { Trace.Info($"Task download has been cancelled."); throw; } catch (Exception ex) { retryCount++; Trace.Error($"Fail to download task '{task.Id} ({task.Name}/{task.Version})' -- Attempt: {retryCount}"); Trace.Error(ex); if (taskDownloadTimeout.Token.IsCancellationRequested) { // task download didn't finish within timeout executionContext.Warning(StringUtil.Loc("TaskDownloadTimeout", task.Name, timeoutSeconds)); } else { executionContext.Warning(StringUtil.Loc("TaskDownloadFailed", task.Name, ex.Message)); if (ex.InnerException != null) { executionContext.Warning($"Inner Exception: {ex.InnerException.Message}"); } } FileInfo zipFileInfo = new FileInfo(zipFile); if (zipFileInfo.Exists) { Trace.Info($"Zip file '{zipFile}' exists; its size in bytes: {zipFileInfo.Length}"); } else { Trace.Info($"Zip file '{zipFile}' can not be found."); } if (retryCount >= retryLimit) { Trace.Info($"Retry limit to download the '{task.Name}' task reached."); throw; } } } if (String.IsNullOrEmpty(Environment.GetEnvironmentVariable("VSTS_TASK_DOWNLOAD_NO_BACKOFF"))) { var backOff = BackoffTimerHelper.GetRandomBackoff(TimeSpan.FromSeconds(10), TimeSpan.FromSeconds(30)); executionContext.Warning($"Back off {backOff.TotalSeconds} seconds before retry."); await Task.Delay(backOff); } } if (alwaysExtractTask) { Directory.CreateDirectory(HostContext.GetDirectory(WellKnownDirectory.TaskZips)); // Copy downloaded zip to the cache on disk for future extraction. executionContext.Debug($"Copying from {zipFile} to {taskZipPath}"); File.Copy(zipFile, taskZipPath); } // We need to extract the zip regardless of whether or not signing is enabled because the task.json metadata for the task is used in JobExtension.InitializeJob. // This is fine because we overwrite the contents at task run time. Directory.CreateDirectory(destDirectory); ExtractZip(zipFile, destDirectory); executionContext.Debug($"Task '{task.Name}' has been downloaded into '{(signingEnabled ? taskZipPath : destDirectory)}'."); Trace.Info("Finished getting task."); } finally { try { //if the temp folder wasn't moved -> wipe it if (Directory.Exists(tempDirectory)) { Trace.Verbose(StringUtil.Format("Deleting task temp folder: {0}", tempDirectory)); IOUtil.DeleteDirectory(tempDirectory, CancellationToken.None); // Don't cancel this cleanup and should be pretty fast. } } catch (Exception ex) { //it is not critical if we fail to delete the temp folder Trace.Warning(StringUtil.Format("Failed to delete temp folder '{0}'. Exception: {1}", tempDirectory, ex?.ToString())); executionContext.Warning(StringUtil.Loc("FailedDeletingTempDirectory0Message1", tempDirectory, ex.Message)); } } } private void CheckForTaskDeprecation(IExecutionContext executionContext, Pipelines.TaskStepDefinitionReference task) { JObject taskJson = GetTaskJson(task); var deprecated = taskJson["deprecated"]; if (deprecated != null && deprecated.Value()) { string friendlyName = taskJson["friendlyName"].Value(); int majorVersion = new Version(task.Version).Major; string commonDeprecationMessage = StringUtil.Loc("DeprecationMessage", friendlyName, majorVersion, task.Name); var removalDate = taskJson["removalDate"]; if (removalDate != null) { string whitespace = " "; string removalDateString = removalDate.Value().ToString("MMMM d, yyyy"); commonDeprecationMessage += whitespace + StringUtil.Loc("DeprecationMessageRemovalDate", removalDateString); var helpUrl = taskJson["helpUrl"]; if (helpUrl != null) { string helpUrlString = helpUrl.Value(); string category = taskJson["category"].Value().ToLower(); string urlPrefix = $"https://docs.microsoft.com/azure/devops/pipelines/tasks/{category}/"; if (helpUrlString.StartsWith(urlPrefix)) { string versionHelpUrl = $"{helpUrlString}-v{majorVersion}".Replace(urlPrefix, $"https://learn.microsoft.com/azure/devops/pipelines/tasks/reference/"); commonDeprecationMessage += whitespace + StringUtil.Loc("DeprecationMessageHelpUrl", versionHelpUrl); } } } executionContext.Warning(commonDeprecationMessage); var tailoredDeprecationMessage = taskJson["deprecationMessage"]; if (tailoredDeprecationMessage != null) { executionContext.Warning(tailoredDeprecationMessage.ToString()); } } } private void CheckIfTaskNodeRunnerIsDeprecated(IExecutionContext executionContext, Pipelines.TaskStepDefinitionReference task) { string[] deprecatedNodeRunners = { "Node", "Node10", "Node16" }; string[] approvedNodeRunners = { "Node20_1", "Node24" }; // Node runners which are not considered as deprecated string[] executionSteps = { "prejobexecution", "execution", "postjobexecution" }; JObject taskJson = GetTaskJson(task); var taskRunners = new HashSet(); foreach (var step in executionSteps) { var runners = taskJson.GetValueOrDefault(step); if (runners == null || runners is not JObject) { continue; } var runnerNames = ((JObject)runners).Properties().Select(p => p.Name); if (runnerNames.Intersect(approvedNodeRunners).Any()) { continue; // Agent never uses deprecated Node runners if there are approved Node runners } taskRunners.Add(runnerNames); } List taskNodeRunners = new(); // If we are here and task has Node runners, all of them are deprecated foreach (string runner in deprecatedNodeRunners) { if (taskRunners.Contains(runner)) { switch (runner) { case "Node": taskNodeRunners.Add("6"); // Just "Node" is Node version 6 break; default: taskNodeRunners.Add(runner[4..]); // Postfix after "Node" break; } } } if (taskNodeRunners.Count > 0) // Tasks may have only PowerShell runners and don't have Node runners at all { string friendlyName = taskJson["friendlyName"].Value(); int majorVersion = new Version(task.Version).Major; executionContext.Warning(StringUtil.Loc("DeprecatedNodeRunner", friendlyName, majorVersion, task.Name, taskNodeRunners.Last())); } } /// /// This method provides a set of in-the-box pipeline tasks for which we don't want to display Node deprecation warnings. /// /// Set of tasks ID private HashSet GetTaskExceptionSet() { string exceptionListFile = HostContext.GetConfigFile(WellKnownConfigFile.TaskExceptionList); var exceptionList = new List(); if (File.Exists(exceptionListFile)) { try { exceptionList = IOUtil.LoadObject>(exceptionListFile); } catch (Exception ex) { Trace.Info($"Unable to deserialize exception list {ex}"); exceptionList = new List(); } } return exceptionList.ToHashSet(); } private JObject GetTaskJson(Pipelines.TaskStepDefinitionReference task) { string taskJsonPath = Path.Combine(GetDirectory(task), "task.json"); string taskJsonText = File.ReadAllText(taskJsonPath); return JObject.Parse(taskJsonText); } private void ExtractZip(String zipFile, String destinationDirectory) { ZipFile.ExtractToDirectory(zipFile, destinationDirectory); Trace.Verbose("Create watermark file to indicate task download succeed."); File.WriteAllText(destinationDirectory + ".completed", DateTime.UtcNow.ToString()); } private string GetDirectory(Pipelines.TaskStepDefinitionReference task) { ArgUtil.NotEmpty(task.Id, nameof(task.Id)); ArgUtil.NotNull(task.Name, nameof(task.Name)); ArgUtil.NotNullOrEmpty(task.Version, nameof(task.Version)); return Path.Combine( HostContext.GetDirectory(WellKnownDirectory.Tasks), $"{task.Name}_{task.Id}", NormalizeTaskVersion(task)); } private string NormalizeTaskVersion(Pipelines.TaskStepDefinitionReference task) { ArgUtil.NotNullOrEmpty(task.Version, nameof(task.Version)); return task.Version.Replace("+", "_"); } private string GetTaskZipPath(Pipelines.TaskStepDefinitionReference task) { ArgUtil.NotEmpty(task.Id, nameof(task.Id)); ArgUtil.NotNull(task.Name, nameof(task.Name)); ArgUtil.NotNullOrEmpty(task.Version, nameof(task.Version)); return Path.Combine( HostContext.GetDirectory(WellKnownDirectory.TaskZips), $"{task.Name}_{task.Id}_{NormalizeTaskVersion(task)}.zip"); // TODO: Move to shared string. } private Definition GetTaskDefiniton(Pipelines.TaskStep task) { // Initialize the definition wrapper object. var definition = new Definition() { Directory = GetDirectory(task.Reference), ZipPath = GetTaskZipPath(task.Reference) }; // Deserialize the JSON. string file = Path.Combine(definition.Directory, Constants.Path.TaskJsonFile); Trace.Info($"Loading task definition '{file}'."); string json = File.ReadAllText(file); definition.Data = JsonConvert.DeserializeObject(json); return definition; } } public sealed class Definition { public DefinitionData Data { get; set; } public string Directory { get; set; } public string ZipPath { get; set; } public TaskVersion GetPowerShellSDKVersion() { var modulePath = Path.Combine(Directory, "ps_modules", "VstsTaskSdk", "VstsTaskSdk.psd1"); if (!File.Exists(modulePath)) { return null; } var versionLine = File.ReadAllLines(modulePath).FirstOrDefault(x => x.Contains("ModuleVersion")); if (string.IsNullOrEmpty(versionLine)) { return null; } var verRegex = new Regex(@"\d+\.\d+\.\d+"); if (!verRegex.IsMatch(versionLine)) { return null; } var version = new TaskVersion(verRegex.Match(versionLine).Value) { IsTest = new Regex("(?i)(preview|test)").IsMatch(versionLine) }; return version; } public TaskVersion GetNodeSDKVersion() { var modulePath = Path.Combine(Directory, "node_modules", "azure-pipelines-task-lib", "package.json"); if (!File.Exists(modulePath)) { return null; } string versionProp; try { var file = File.ReadAllText(modulePath); JObject json = JObject.Parse(file); versionProp = json["version"].ToString(); } catch { return null; } var verRegex = new Regex(@"\d+\.\d+\.\d+"); if (!verRegex.IsMatch(versionProp)) { return null; } var version = new TaskVersion(verRegex.Match(versionProp).Value) { IsTest = new Regex("(?i)(preview|test)").IsMatch(versionProp) }; return version; } } public sealed class DefinitionData { public DefinitionVersion Version { get; set; } public string Name { get; set; } public string FriendlyName { get; set; } public string Description { get; set; } public string HelpMarkDown { get; set; } public string HelpUrl { get; set; } public string Author { get; set; } public OutputVariable[] OutputVariables { get; set; } public TaskInputDefinition[] Inputs { get; set; } public ExecutionData PreJobExecution { get; set; } public ExecutionData Execution { get; set; } public ExecutionData PostJobExecution { get; set; } public TaskRestrictions Restrictions { get; set; } } public sealed class DefinitionVersion { public int Major { get; set; } public int Minor { get; set; } public int Patch { get; set; } } public sealed class OutputVariable { public string Name { get; set; } public string Description { get; set; } } public sealed class ExecutionData { private readonly List _all = new List(); private AzurePowerShellHandlerData _azurePowerShell; private NodeHandlerData _node; private Node10HandlerData _node10; private Node16HandlerData _node16; private Node20_1HandlerData _node20_1; private Node24HandlerData _node24; private PowerShellHandlerData _powerShell; private PowerShell3HandlerData _powerShell3; private PowerShellExeHandlerData _powerShellExe; private ProcessHandlerData _process; private AgentPluginHandlerData _agentPlugin; [JsonIgnore] public List All => _all; [JsonProperty(NullValueHandling = NullValueHandling.Ignore)] public AzurePowerShellHandlerData AzurePowerShell { get { return _azurePowerShell; } set { if (PlatformUtil.RunningOnWindows && !PlatformUtil.IsX86) { _azurePowerShell = value; Add(value); } } } public NodeHandlerData Node { get { return _node; } set { _node = value; Add(value); } } public Node10HandlerData Node10 { get { return _node10; } set { _node10 = value; Add(value); } } public Node16HandlerData Node16 { get { return _node16; } set { _node16 = value; Add(value); } } public Node20_1HandlerData Node20_1 { get { return _node20_1; } set { _node20_1 = value; Add(value); } } public Node24HandlerData Node24 { get { return _node24; } set { _node24 = value; Add(value); } } [JsonProperty(NullValueHandling = NullValueHandling.Ignore)] public PowerShellHandlerData PowerShell { get { return _powerShell; } set { if (PlatformUtil.RunningOnWindows && !PlatformUtil.IsX86) { _powerShell = value; Add(value); } } } [JsonProperty(NullValueHandling = NullValueHandling.Ignore)] public PowerShell3HandlerData PowerShell3 { get { return _powerShell3; } set { if (PlatformUtil.RunningOnWindows) { _powerShell3 = value; Add(value); } } } [JsonProperty(NullValueHandling = NullValueHandling.Ignore)] public PowerShellExeHandlerData PowerShellExe { get { return _powerShellExe; } set { if (PlatformUtil.RunningOnWindows) { _powerShellExe = value; Add(value); } } } [JsonProperty(NullValueHandling = NullValueHandling.Ignore)] public ProcessHandlerData Process { get { return _process; } set { if (PlatformUtil.RunningOnWindows) { _process = value; Add(value); } } } public AgentPluginHandlerData AgentPlugin { get { return _agentPlugin; } set { _agentPlugin = value; Add(value); } } private void Add(HandlerData data) { if (data != null) { _all.Add(data); } } } public abstract class HandlerData { public Dictionary Inputs { get; } public string[] Platforms { get; set; } [JsonIgnore] public abstract int Priority { get; } public string Target { get { return GetInput(nameof(Target)); } set { SetInput(nameof(Target), value); } } public HandlerData() { Inputs = new Dictionary(StringComparer.OrdinalIgnoreCase); } public bool PreferredOnPlatform(PlatformUtil.OS os) { if (os == PlatformUtil.OS.Windows) { return Platforms?.Any(x => string.Equals(x, os.ToString(), StringComparison.OrdinalIgnoreCase)) ?? false; } return false; } public void ReplaceMacros(IHostContext context, Definition definition) { ArgUtil.NotNull(definition, nameof(definition)); var handlerVariables = new Dictionary(StringComparer.OrdinalIgnoreCase); handlerVariables["currentdirectory"] = definition.Directory; VarUtil.ExpandValues(context, source: handlerVariables, target: Inputs); } protected string GetInput(string name) { string value; if (Inputs.TryGetValue(name, out value)) { return value ?? string.Empty; } return string.Empty; } protected void SetInput(string name, string value) { Inputs[name] = value; } } public abstract class BaseNodeHandlerData : HandlerData { public string WorkingDirectory { get { return GetInput(nameof(WorkingDirectory)); } set { SetInput(nameof(WorkingDirectory), value); } } } public sealed class NodeHandlerData : BaseNodeHandlerData { public override int Priority => 105; } public sealed class Node10HandlerData : BaseNodeHandlerData { public override int Priority => 104; } public sealed class Node16HandlerData : BaseNodeHandlerData { public override int Priority => 103; } public sealed class Node20_1HandlerData : BaseNodeHandlerData { public override int Priority => 102; } public sealed class Node24HandlerData : BaseNodeHandlerData { public override int Priority => 101; } public sealed class CustomNodeHandlerData : BaseNodeHandlerData { public override int Priority => 100; } public sealed class PowerShell3HandlerData : HandlerData { public override int Priority => 106; } public sealed class PowerShellHandlerData : HandlerData { public string ArgumentFormat { get { return GetInput(nameof(ArgumentFormat)); } set { SetInput(nameof(ArgumentFormat), value); } } public override int Priority => 107; public string WorkingDirectory { get { return GetInput(nameof(WorkingDirectory)); } set { SetInput(nameof(WorkingDirectory), value); } } } public sealed class AzurePowerShellHandlerData : HandlerData { public string ArgumentFormat { get { return GetInput(nameof(ArgumentFormat)); } set { SetInput(nameof(ArgumentFormat), value); } } public override int Priority => 108; public string WorkingDirectory { get { return GetInput(nameof(WorkingDirectory)); } set { SetInput(nameof(WorkingDirectory), value); } } } public sealed class PowerShellExeHandlerData : HandlerData { public string ArgumentFormat { get { return GetInput(nameof(ArgumentFormat)); } set { SetInput(nameof(ArgumentFormat), value); } } public string FailOnStandardError { get { return GetInput(nameof(FailOnStandardError)); } set { SetInput(nameof(FailOnStandardError), value); } } public string InlineScript { get { return GetInput(nameof(InlineScript)); } set { SetInput(nameof(InlineScript), value); } } public override int Priority => 108; public string ScriptType { get { return GetInput(nameof(ScriptType)); } set { SetInput(nameof(ScriptType), value); } } public string WorkingDirectory { get { return GetInput(nameof(WorkingDirectory)); } set { SetInput(nameof(WorkingDirectory), value); } } } public sealed class ProcessHandlerData : HandlerData { public string ArgumentFormat { get { return GetInput(nameof(ArgumentFormat)); } set { SetInput(nameof(ArgumentFormat), value); } } public string ModifyEnvironment { get { return GetInput(nameof(ModifyEnvironment)); } set { SetInput(nameof(ModifyEnvironment), value); } } public override int Priority => 109; public string WorkingDirectory { get { return GetInput(nameof(WorkingDirectory)); } set { SetInput(nameof(WorkingDirectory), value); } } public string DisableInlineExecution { get { return GetInput(nameof(DisableInlineExecution)); } set { SetInput(nameof(DisableInlineExecution), value); } } } public sealed class AgentPluginHandlerData : HandlerData { public override int Priority => 0; } } ================================================ FILE: src/Agent.Worker/TaskRestrictionsChecker.cs ================================================ using Agent.Sdk.Knob; using Microsoft.TeamFoundation.Common; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Microsoft.VisualStudio.Services.WebPlatform; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.Linq; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(TaskRestrictionsChecker))] public interface ITaskRestrictionsChecker : IAgentService { bool CheckCommand(IExecutionContext context, IWorkerCommand workerCommand, Command command); bool CheckSettableVariable(IExecutionContext context, string variable); } public sealed class TaskRestrictionsChecker : AgentService, ITaskRestrictionsChecker { public bool CheckCommand(IExecutionContext context, IWorkerCommand workerCommand, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(workerCommand, nameof(workerCommand)); ArgUtil.NotNull(command, nameof(command)); return Check( context, (TaskRestrictions restrictions) => restrictions.IsCommandAllowed(workerCommand), () => context.Warning(StringUtil.Loc("CommandNotAllowed", command.Area, command.Event))); } public bool CheckSettableVariable(IExecutionContext context, string variable) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(variable, nameof(variable)); return Check( context, (TaskRestrictions restrictions) => restrictions.IsSetVariableAllowed(variable), () => context.Warning(StringUtil.Loc("SetVariableNotAllowed", variable))); } private bool Check( IExecutionContext context, Func predicate, Action warn) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(predicate, nameof(predicate)); ArgUtil.NotNull(warn, nameof(warn)); var failedMatches = context.Restrictions?.Where(restrictions => !predicate(restrictions)); if (failedMatches.IsNullOrEmpty()) { return true; } else { warn(); return false; } } } } ================================================ FILE: src/Agent.Worker/TaskRestrictionsExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Minimatch; using System; namespace Microsoft.VisualStudio.Services.Agent.Worker { [AttributeUsage(AttributeTargets.Class, Inherited = false, AllowMultiple = false)] public sealed class CommandRestrictionAttribute : Attribute { public bool AllowedInRestrictedMode { get; set; } } public static class TaskRestrictionExtension { public static Boolean IsCommandAllowed(this TaskRestrictions restrictions, IWorkerCommand command) { ArgUtil.NotNull(command, nameof(command)); if (restrictions.Commands?.Mode == TaskCommandMode.Restricted) { foreach (var attr in command.GetType().GetCustomAttributes(typeof(CommandRestrictionAttribute), false)) { var cra = attr as CommandRestrictionAttribute; if (cra.AllowedInRestrictedMode) { return true; } } return false; } else { return true; } } public static Boolean IsSetVariableAllowed(this TaskRestrictions restrictions, String variable) { ArgUtil.NotNull(variable, nameof(variable)); var allowedList = restrictions.SettableVariables?.Allowed; if (allowedList == null) { return true; } var opts = new Options() { IgnoreCase = true }; foreach (String pattern in allowedList) { if (Minimatcher.Check(variable, pattern, opts)) { return true; } } return false; } } public sealed class TaskDefinitionRestrictions : TaskRestrictions { public TaskDefinitionRestrictions(DefinitionData definition) : base() { Definition = definition; Commands = definition.Restrictions?.Commands; SettableVariables = definition.Restrictions?.SettableVariables; } public DefinitionData Definition { get; } } } ================================================ FILE: src/Agent.Worker/TaskRunner.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. #pragma warning disable CA1505 using Agent.Sdk; using Agent.Sdk.Knob; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.Expressions; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Newtonsoft.Json; namespace Microsoft.VisualStudio.Services.Agent.Worker { public enum JobRunStage { PreJob, Main, PostJob, } [ServiceLocator(Default = typeof(TaskRunner))] public interface ITaskRunner : IStep, IAgentService { JobRunStage Stage { get; set; } Pipelines.TaskStep Task { get; set; } } public sealed class TaskRunner : AgentService, ITaskRunner { public JobRunStage Stage { get; set; } public IExpressionNode Condition { get; set; } public bool ContinueOnError => Task?.ContinueOnError ?? default(bool); public string DisplayName => Task?.DisplayName; public bool Enabled => Task?.Enabled ?? default(bool); public IExecutionContext ExecutionContext { get; set; } public Pipelines.TaskStep Task { get; set; } public TimeSpan? Timeout => (Task?.TimeoutInMinutes ?? 0) > 0 ? (TimeSpan?)TimeSpan.FromMinutes(Task.TimeoutInMinutes) : null; public Pipelines.StepTarget Target => Task?.Target; const int RetryCountOnTaskFailureLimit = 10; public async Task RunAsync() { using (Trace.EnteringWithDuration()) { // Validate args. Trace.Entering(); ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); ArgUtil.NotNull(ExecutionContext.Variables, nameof(ExecutionContext.Variables)); ArgUtil.NotNull(Task, nameof(Task)); Trace.Info($"Task execution initiated - Task: '{Task?.Reference?.Name}@{Task?.Reference?.Version}', Stage: {Stage}"); bool logTaskNameInUserAgent = AgentKnobs.LogTaskNameInUserAgent.GetValue(ExecutionContext).AsBoolean(); if (logTaskNameInUserAgent) { VssUtil.PushTaskIntoAgentInfo(Task.Name ?? "", Task.Reference?.Version ?? ""); } try { Trace.Info($"Core task execution initiated - transitioning to RunAsyncInternal()"); await RunAsyncInternal(); Trace.Info($"Core task execution completed successfully - Task: '{DisplayName}'"); } finally { if (logTaskNameInUserAgent) { VssUtil.RemoveTaskFromAgentInfo(); Trace.Info($"Task information removed from user agent - Task: '{DisplayName}'"); } } } } private async Task RunAsyncInternal() { Trace.Info($"Task execution pipeline initiated - Task: '{Task?.Reference?.Name}@{Task?.Reference?.Version}', Stage: {Stage}"); var taskManager = HostContext.GetService(); var handlerFactory = HostContext.GetService(); // Enable skip for string translator in case of checkout task. // It's required for support of multiply checkout tasks with repo alias "self" in container jobs. Reported in issue 3520. this.ExecutionContext.Variables.Set(Constants.Variables.Task.SkipTranslatorForCheckout, this.Task.IsCheckoutTask().ToString()); // Set the task id and display name variable. using (var scope = ExecutionContext.Variables.CreateScope()) { scope.Set(Constants.Variables.Task.DisplayName, DisplayName); scope.Set(Constants.Variables.Task.PublishTelemetry, IsTelemetryPublishRequired().ToString()); scope.Set(WellKnownDistributedTaskVariables.TaskInstanceId, Task.Id.ToString("D")); scope.Set(WellKnownDistributedTaskVariables.TaskDisplayName, DisplayName); scope.Set(WellKnownDistributedTaskVariables.TaskInstanceName, Task.Name); Trace.Info($"Task definition loading initiated - Task: '{Task.Reference.Name}@{Task.Reference.Version}', TaskId: '{Task.Reference.Id}', Stage: '{Stage}'"); // Load the task definition and choose the handler. // TODO: Add a try catch here to give a better error message. Definition definition = taskManager.Load(Task); ArgUtil.NotNull(definition, nameof(definition)); // Verify Signatures and Re-Extract Tasks if neccessary await VerifyTask(taskManager, definition); // Print out task metadata PrintTaskMetaData(definition); ExecutionData currentExecution = null; switch (Stage) { case JobRunStage.PreJob: currentExecution = definition.Data?.PreJobExecution; break; case JobRunStage.Main: currentExecution = definition.Data?.Execution; break; case JobRunStage.PostJob: currentExecution = definition.Data?.PostJobExecution; break; }; HandlerData handlerData = GetHandlerData(ExecutionContext, currentExecution, PlatformUtil.HostOS); if (handlerData == null) { Trace.Error($"Handler selection failed - No suitable handler found for platform {PlatformUtil.HostOS}({PlatformUtil.HostArchitecture})"); if (PlatformUtil.RunningOnWindows) { throw new InvalidOperationException(StringUtil.Loc("SupportedTaskHandlerNotFoundWindows", $"{PlatformUtil.HostOS}({PlatformUtil.HostArchitecture})")); } throw new InvalidOperationException(StringUtil.Loc("SupportedTaskHandlerNotFoundLinux")); } Trace.Info($"Handler selected successfully - Type: {handlerData}"); if (!AgentKnobs.UseNewNodeHandlerTelemetry.GetValue(ExecutionContext).AsBoolean()) { PublishTelemetry(definition, handlerData); } Variables runtimeVariables = ExecutionContext.Variables; IStepHost stepHost = HostContext.CreateService(); var stepTarget = ExecutionContext.StepTarget(); // Setup container stephost and the right runtime variables for running job inside container. if (stepTarget is ContainerInfo containerTarget) { Trace.Info($"Container target detected - ContainerName: '{containerTarget.ContainerName}', ContainerId: '{containerTarget.ContainerId}'"); if (Stage == JobRunStage.PostJob && AgentKnobs.SkipPostExeceutionIfTargetContainerStopped.GetValue(ExecutionContext).AsBoolean()) { try { // Check that the target container is still running, if not Skip task execution IDockerCommandManager dockerManager = HostContext.GetService(); bool isContainerRunning = await dockerManager.IsContainerRunning(ExecutionContext, containerTarget.ContainerId); if (!isContainerRunning) { ExecutionContext.Result = TaskResult.Skipped; ExecutionContext.ResultCode = $"Target container - {containerTarget.ContainerName} has been stopped, task post-execution will be skipped"; return; } } catch (Exception ex) { ExecutionContext.Write(WellKnownTags.Warning, $"Failed to check container state for task post-execution. Exception: {ex}"); } } if (handlerData is AgentPluginHandlerData) { Trace.Info($"Container target - Agent plugin handler detected, translating paths for host execution"); // plugin handler always runs on the Host, the runtime variables needs to the variable works on the Host, ex: file path variable System.DefaultWorkingDirectory Dictionary variableCopy = new Dictionary(StringComparer.OrdinalIgnoreCase); foreach (var publicVar in ExecutionContext.Variables.Public) { variableCopy[publicVar.Name] = new VariableValue(stepTarget.TranslateToHostPath(publicVar.Value)); } foreach (var secretVar in ExecutionContext.Variables.Private) { variableCopy[secretVar.Name] = new VariableValue(stepTarget.TranslateToHostPath(secretVar.Value), true); } List expansionWarnings; runtimeVariables = new Variables(HostContext, variableCopy, out expansionWarnings); expansionWarnings?.ForEach(x => ExecutionContext.Warning(x)); } else if (handlerData is BaseNodeHandlerData || handlerData is PowerShell3HandlerData) { // Only the node, node10, and powershell3 handlers support running inside container. // Make sure required container is already created. ArgUtil.NotNullOrEmpty(containerTarget.ContainerId, nameof(containerTarget.ContainerId)); var containerStepHost = HostContext.CreateService(); containerStepHost.Container = containerTarget; stepHost = containerStepHost; Trace.Info($"Container target - Node/PowerShell handler detected, Container step host configured: '{containerTarget.ContainerName}'"); } else { Trace.Error($"Container target - Unsupported handler type: {handlerData.GetType()}"); throw new NotSupportedException(String.Format("Task '{0}' is using legacy execution handler '{1}' which is not supported in container execution flow.", definition.Data.FriendlyName, handlerData.GetType().ToString())); } } // Load the default input values from the definition. var inputs = LoadDefaultInputs(definition); // Merge the instance inputs. Trace.Info($"Loading instance inputs - Processing {Task.Inputs?.Count ?? 0} instance inputs"); foreach (var input in (Task.Inputs as IEnumerable> ?? new KeyValuePair[0])) { string key = input.Key?.Trim() ?? string.Empty; if (!string.IsNullOrEmpty(key)) { if (AgentKnobs.DisableInputTrimming.GetValue(ExecutionContext).AsBoolean()) { inputs[key] = input.Value ?? string.Empty; } else { inputs[key] = input.Value?.Trim() ?? string.Empty; } Trace.Info($"Processing instance input: '{key}' : {inputs[key]}"); } } Trace.Info($"Instance input merging completed - Total processed inputs: {inputs?.Count ?? 0}"); // Expand the inputs. bool enableVariableInputTrimmingKnob = AgentKnobs.EnableVariableInputTrimming.GetValue(ExecutionContext).AsBoolean(); runtimeVariables.ExpandValues(target: inputs, enableVariableInputTrimmingKnob); // We need to verify inputs of the tasks that were injected by decorators, to check if they contain secrets, // for security reasons execution of tasks in this case should be skipped. // Target task inputs could be injected into the decorator's tasks if the decorator has post-task-tasks or pre-task-tasks targets, // such tasks will have names that start with __system_pretargettask_ or __system_posttargettask_. var taskDecoratorManager = HostContext.GetService(); if (taskDecoratorManager.IsInjectedTaskForTarget(Task.Name, ExecutionContext) && taskDecoratorManager.IsInjectedInputsContainsSecrets(inputs, out var inputsWithSecrets)) { var inputsForReport = taskDecoratorManager.GenerateTaskResultMessage(inputsWithSecrets); Trace.Warning($"Security validation failed - Secrets detected in injected task inputs: {inputsForReport}"); ExecutionContext.Result = TaskResult.Skipped; ExecutionContext.ResultCode = StringUtil.Loc("SecretsAreNotAllowedInInjectedTaskInputs", inputsForReport); return; } Trace.Info("Security validation completed - No secret injection detected"); VarUtil.ExpandEnvironmentVariables(HostContext, target: inputs); // Translate the server file path inputs to local paths. foreach (var input in definition.Data?.Inputs ?? new TaskInputDefinition[0]) { if (string.Equals(input.InputType, TaskInputType.FilePath, StringComparison.OrdinalIgnoreCase)) { Trace.Verbose($"Translating file path input '{input.Name}': '{inputs[input.Name]}'"); inputs[input.Name] = stepHost.ResolvePathForStepHost(TranslateFilePathInput(inputs[input.Name] ?? string.Empty)); Trace.Verbose($"Translated file path input '{input.Name}': '{inputs[input.Name]}'"); } } // Load the task environment. Trace.Verbose("Loading task environment."); var environment = new Dictionary(VarUtil.EnvironmentVariableKeyComparer); foreach (var env in (Task.Environment ?? new Dictionary(0))) { string key = env.Key?.Trim() ?? string.Empty; if (!string.IsNullOrEmpty(key)) { environment[key] = env.Value?.Trim() ?? string.Empty; Trace.Info($"Loading environment variable: '{key}' = '{environment[key]}'"); } } Trace.Info($"Environment setup completed - Loaded {environment?.Count ?? 0} environment variables"); // Expand the inputs. runtimeVariables.ExpandValues(target: environment); VarUtil.ExpandEnvironmentVariables(HostContext, target: environment); // Expand the handler inputs. VarUtil.ExpandValues(HostContext, source: inputs, target: handlerData.Inputs); runtimeVariables.ExpandValues(target: handlerData.Inputs); // Get each endpoint ID referenced by the task. var endpointIds = new List(); foreach (var input in definition.Data?.Inputs ?? new TaskInputDefinition[0]) { if ((input.InputType ?? string.Empty).StartsWith("connectedService:", StringComparison.OrdinalIgnoreCase)) { string inputKey = input?.Name?.Trim() ?? string.Empty; string inputValue; if (!string.IsNullOrEmpty(inputKey) && inputs.TryGetValue(inputKey, out inputValue) && !string.IsNullOrEmpty(inputValue)) { Trace.Verbose($"Processing connected service input '{inputKey}': '{inputValue}'"); foreach (string rawId in inputValue.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries)) { Guid parsedId; if (Guid.TryParse(rawId.Trim(), out parsedId) && parsedId != Guid.Empty) { endpointIds.Add(parsedId); } } } } } Trace.Info($"Service endpoint processing completed - Found {endpointIds.Count} endpoint references"); if (endpointIds.Count > 0 && (runtimeVariables.GetBoolean(WellKnownDistributedTaskVariables.RestrictSecrets) ?? false) && (runtimeVariables.GetBoolean(Microsoft.TeamFoundation.Build.WebApi.BuildVariables.IsFork) ?? false)) { Trace.Warning("Security check failed - Service endpoint access denied for fork repository"); ExecutionContext.Result = TaskResult.Skipped; ExecutionContext.ResultCode = $"References service endpoint. PRs from repository forks are not allowed to access secrets in the pipeline. For more information see https://go.microsoft.com/fwlink/?linkid=862029 "; return; } Trace.Info("Endpoint resolution initiated - Resolving endpoint references"); // Get the endpoints referenced by the task. var endpoints = (ExecutionContext.Endpoints ?? new List(0)) .Join(inner: endpointIds, outerKeySelector: (ServiceEndpoint endpoint) => endpoint.Id, innerKeySelector: (Guid endpointId) => endpointId, resultSelector: (ServiceEndpoint endpoint, Guid endpointId) => endpoint) .ToList(); // Add the system endpoint. foreach (ServiceEndpoint endpoint in (ExecutionContext.Endpoints ?? new List(0))) { if (string.Equals(endpoint.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)) { endpoints.Add(endpoint); break; } } Trace.Info($"Endpoint resolution completed - Resolved {endpoints.Count} endpoints, Endpoints: {string.Join(", ", endpoints.Select(e => e.Name))}"); Trace.Info("Secure file processing initiated - Extracting secure file references"); // Get each secure file ID referenced by the task. var secureFileIds = new List(); foreach (var input in definition.Data?.Inputs ?? new TaskInputDefinition[0]) { if (string.Equals(input.InputType ?? string.Empty, "secureFile", StringComparison.OrdinalIgnoreCase)) { string inputKey = input?.Name?.Trim() ?? string.Empty; string inputValue; if (!string.IsNullOrEmpty(inputKey) && inputs.TryGetValue(inputKey, out inputValue) && !string.IsNullOrEmpty(inputValue)) { Trace.Verbose($"Processing secure file input '{inputKey}'"); foreach (string rawId in inputValue.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries)) { Guid parsedId; if (Guid.TryParse(rawId.Trim(), out parsedId) && parsedId != Guid.Empty) { secureFileIds.Add(parsedId); } } } } } Trace.Info($"Secure file processing completed - Found {secureFileIds.Count} secure file references"); if (secureFileIds.Count > 0 && (runtimeVariables.GetBoolean(WellKnownDistributedTaskVariables.RestrictSecrets) ?? false) && (runtimeVariables.GetBoolean(Microsoft.TeamFoundation.Build.WebApi.BuildVariables.IsFork) ?? false)) { Trace.Warning("Security check failed - Secure file access denied for fork repository"); ExecutionContext.Result = TaskResult.Skipped; ExecutionContext.ResultCode = $"References secure file. PRs from repository forks are not allowed to access secrets in the pipeline. For more information see https://go.microsoft.com/fwlink/?linkid=862029"; return; } Trace.Info("Secure file resolution initiated - Resolving secure file references"); // Get the endpoints referenced by the task. var secureFiles = (ExecutionContext.SecureFiles ?? new List(0)) .Join(inner: secureFileIds, outerKeySelector: (SecureFile secureFile) => secureFile.Id, innerKeySelector: (Guid secureFileId) => secureFileId, resultSelector: (SecureFile secureFile, Guid secureFileId) => secureFile) .ToList(); Trace.Info($"Secure file resolution completed - Resolved {secureFiles.Count} secure files. Secure Files: {string.Join(", ", secureFiles.Select(f => f.Name))}"); // Set output variables. foreach (var outputVar in definition.Data?.OutputVariables ?? new OutputVariable[0]) { if (outputVar != null && !string.IsNullOrEmpty(outputVar.Name)) { Trace.Verbose($"Adding output variable: '{outputVar.Name}'"); ExecutionContext.OutputVariables.Add(outputVar.Name); } } Trace.Info($"Output variables setup completed - Configured {ExecutionContext.OutputVariables.Count} output variables"); // translate inputs inputs = inputs.ToDictionary(kvp => kvp.Key, kvp => ExecutionContext.TranslatePathForStepTarget(kvp.Value)); // Create the handler. IHandler handler = handlerFactory.Create( ExecutionContext, Task.Reference, stepHost, endpoints, secureFiles, handlerData, inputs, environment, runtimeVariables, taskDirectory: definition.Directory); Trace.Info($"Handler creation completed - Handler created: {handler.GetType().Name}"); if (AgentKnobs.EnableIssueSourceValidation.GetValue(ExecutionContext).AsBoolean()) { if (Task.IsServerOwned.HasValue && Task.IsServerOwned.Value && IsCorrelationIdRequired(handler, definition)) { environment[Constants.CommandCorrelationIdEnvVar] = ExecutionContext.JobSettings[WellKnownJobSettings.CommandCorrelationId]; } } var enableResourceUtilizationWarnings = AgentKnobs.EnableResourceUtilizationWarnings.GetValue(ExecutionContext).AsBoolean() && !AgentKnobs.DisableResourceUtilizationWarnings.GetValue(ExecutionContext).AsBoolean(); //Start Resource utility monitors IResourceMetricsManager resourceDiagnosticManager = null; resourceDiagnosticManager = HostContext.GetService(); resourceDiagnosticManager.SetContext(ExecutionContext); if (enableResourceUtilizationWarnings) { _ = resourceDiagnosticManager.RunMemoryUtilizationMonitorAsync(); _ = resourceDiagnosticManager.RunDiskSpaceUtilizationMonitorAsync(); _ = resourceDiagnosticManager.RunCpuUtilizationMonitorAsync(Task.Reference.Id.ToString()); } else { ExecutionContext.Debug(StringUtil.Loc("ResourceUtilizationWarningsIsDisabled")); } Trace.Info($"Task handler execution initiated - Task: '{DisplayName}', Retry count: {Task.RetryCountOnTaskFailure}"); // Run the task. int retryCount = this.Task.RetryCountOnTaskFailure; if (retryCount > 0) { if (retryCount > RetryCountOnTaskFailureLimit) { ExecutionContext.Warning(StringUtil.Loc("RetryCountLimitExceeded", RetryCountOnTaskFailureLimit, retryCount)); Trace.Warning($"Retry count limit exceeded - Limiting from {retryCount} to {RetryCountOnTaskFailureLimit}"); retryCount = RetryCountOnTaskFailureLimit; } Trace.Info($"Retry configuration active - Executing with retry helper, max retries: {retryCount}"); RetryHelper rh = new RetryHelper(ExecutionContext, retryCount); await rh.RetryStep(async () => await handler.RunAsync(), RetryHelper.ExponentialDelay); } else { Trace.Info("Standard execution - Running handler without retry"); await handler.RunAsync(); } Trace.Info($"Task handler execution completed - Task: '{DisplayName}'"); } } private Dictionary LoadDefaultInputs(Definition definition) { Trace.Verbose("Loading default inputs."); var inputs = new Dictionary(StringComparer.OrdinalIgnoreCase); foreach (var input in (definition.Data?.Inputs ?? new TaskInputDefinition[0])) { string key = input?.Name?.Trim() ?? string.Empty; if (!string.IsNullOrEmpty(key)) { if (AgentKnobs.DisableInputTrimming.GetValue(ExecutionContext).AsBoolean()) { inputs[key] = input.DefaultValue ?? string.Empty; } else { inputs[key] = input.DefaultValue?.Trim() ?? string.Empty; } } } Trace.Info($"Task input loading completed - {inputs?.Count ?? 0} inputs for available"); return inputs; } public async Task VerifyTask(ITaskManager taskManager, Definition definition) { // Verify task signatures if a fingerprint is configured for the Agent. var configurationStore = HostContext.GetService(); AgentSettings settings = configurationStore.GetSettings(); SignatureVerificationMode verificationMode = SignatureVerificationMode.None; if (settings.SignatureVerification != null) { verificationMode = settings.SignatureVerification.Mode; } if (verificationMode != SignatureVerificationMode.None) { ISignatureService signatureService = HostContext.CreateService(); Boolean verificationSuccessful = await signatureService.VerifyAsync(definition, ExecutionContext.CancellationToken); if (verificationSuccessful) { ExecutionContext.Output(StringUtil.Loc("TaskSignatureVerificationSucceeeded")); // Only extract if it's not the checkout task. if (!String.IsNullOrEmpty(definition.ZipPath)) { taskManager.Extract(ExecutionContext, Task); } } else { String message = StringUtil.Loc("TaskSignatureVerificationFailed"); if (verificationMode == SignatureVerificationMode.Error) { throw new InvalidOperationException(message); } else { ExecutionContext.Warning(message); } } } else if (settings.AlwaysExtractTask) { // Only extract if it's not the checkout task. if (!String.IsNullOrEmpty(definition.ZipPath)) { taskManager.Extract(ExecutionContext, Task); } } } public HandlerData GetHandlerData(IExecutionContext ExecutionContext, ExecutionData currentExecution, PlatformUtil.OS hostOS) { ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext)); Trace.Info($"Handler selection initiated - Available handlers: {currentExecution?.All?.Count ?? 0}"); if (currentExecution == null) { return null; } if ((currentExecution.All.Any(x => x is PowerShell3HandlerData)) && (currentExecution.All.Any(x => x is PowerShellHandlerData && x.Platforms != null && x.Platforms.Contains("windows", StringComparer.OrdinalIgnoreCase)))) { // When task contains both PS and PS3 implementations, we will always prefer PS3 over PS regardless of the platform pinning. Trace.Info("Ignore platform pinning for legacy PowerShell execution handler."); var legacyPShandler = currentExecution.All.Where(x => x is PowerShellHandlerData).FirstOrDefault(); legacyPShandler.Platforms = null; } var targetOS = hostOS; var stepTarget = ExecutionContext.StepTarget(); var preferPowershellHandler = true; if (!AgentKnobs.PreferPowershellHandlerOnContainers.GetValue(ExecutionContext).AsBoolean() && stepTarget != null) { targetOS = stepTarget.ExecutionOS; if (stepTarget is ContainerInfo) { if ((currentExecution.All.Any(x => x is PowerShell3HandlerData)) && (currentExecution.All.Any(x => x is BaseNodeHandlerData))) { Trace.Info($"Since we are targeting a container, we will prefer a node handler if one is available"); preferPowershellHandler = false; } } } Trace.Info($"Get handler data for target platform {targetOS.ToString()}"); return currentExecution.All .OrderBy(x => !(x.PreferredOnPlatform(targetOS) && (preferPowershellHandler || !(x is PowerShell3HandlerData)))) // Sort true to false. .ThenBy(x => x.Priority) .FirstOrDefault(); } private string TranslateFilePathInput(string inputValue) { Trace.Entering(); if (PlatformUtil.RunningOnWindows && !string.IsNullOrEmpty(inputValue)) { Trace.Verbose("Trim double quotes around filepath type input on Windows."); inputValue = inputValue.Trim('\"'); Trace.Verbose($"Replace any '{Path.AltDirectorySeparatorChar}' with '{Path.DirectorySeparatorChar}'."); inputValue = inputValue.Replace(Path.AltDirectorySeparatorChar, Path.DirectorySeparatorChar); } // if inputValue is rooted, return full path. string fullPath; if (!string.IsNullOrEmpty(inputValue) && inputValue.IndexOfAny(Path.GetInvalidPathChars()) < 0 && Path.IsPathRooted(inputValue)) { try { fullPath = Path.GetFullPath(inputValue); Trace.Info($"The original input is a rooted path, return absolute path: {fullPath}"); return fullPath; } catch (Exception ex) { Trace.Error(ex); Trace.Info($"The original input is a rooted path, but it is not full qualified, return the path: {inputValue}"); return inputValue; } } // use jobextension solve inputValue, if solved result is rooted, return full path. var extensionManager = HostContext.GetService(); IJobExtension[] extensions = (extensionManager.GetExtensions() ?? new List()) .Where(x => x.HostType.HasFlag(ExecutionContext.Variables.System_HostType)) .ToArray(); foreach (IJobExtension extension in extensions) { fullPath = extension.GetRootedPath(ExecutionContext, inputValue); if (!string.IsNullOrEmpty(fullPath)) { // Stop on the first path root found. Trace.Info($"{extension.HostType.ToString()} JobExtension resolved a rooted path:: {fullPath}"); return fullPath; } } // return original inputValue. Trace.Info("Cannot root path even by using JobExtension, return original input."); return inputValue; } private bool IsTelemetryPublishRequired() { // Publish if this is a server owned task or a task we want to track. return !Task.IsServerOwned.HasValue || (Task.IsServerOwned.HasValue && Task.IsServerOwned.Value) || WellKnownTasks.RequiredForTelemetry.Contains(Task.Reference.Id); } private void PrintTaskMetaData(Definition taskDefinition) { ArgUtil.NotNull(Task, nameof(Task)); ArgUtil.NotNull(Task.Reference, nameof(Task.Reference)); ArgUtil.NotNull(taskDefinition.Data, nameof(taskDefinition.Data)); ExecutionContext.Output("==============================================================================", false); ExecutionContext.Output($"Task : {taskDefinition.Data.FriendlyName}", false); ExecutionContext.Output($"Description : {taskDefinition.Data.Description}", false); ExecutionContext.Output($"Version : {Task.Reference.Version}", false); ExecutionContext.Output($"Author : {taskDefinition.Data.Author}", false); ExecutionContext.Output($"Help : {taskDefinition.Data.HelpUrl ?? taskDefinition.Data.HelpMarkDown}", false); ExecutionContext.Output("==============================================================================", false); } private void PublishTelemetry(Definition taskDefinition, HandlerData handlerData) { ArgUtil.NotNull(Task, nameof(Task)); ArgUtil.NotNull(Task.Reference, nameof(Task.Reference)); ArgUtil.NotNull(taskDefinition.Data, nameof(taskDefinition.Data)); try { var useNode10 = AgentKnobs.UseNode10.GetValue(ExecutionContext).AsString(); var expectedExecutionHandler = (taskDefinition.Data.Execution?.All != null) ? string.Join(", ", taskDefinition.Data.Execution.All) : ""; var systemVersion = PlatformUtil.GetSystemVersion(); Dictionary telemetryData = new Dictionary { { "TaskName", Task.Reference.Name }, { "TaskId", Task.Reference.Id.ToString() }, { "Version", Task.Reference.Version }, { "OS", PlatformUtil.GetSystemId() ?? "" }, { "OSVersion", systemVersion?.Name?.ToString() ?? "" }, { "OSBuild", systemVersion?.Version?.ToString() ?? "" }, { "ExpectedExecutionHandler", expectedExecutionHandler }, { "RealExecutionHandler", handlerData.ToString() }, { "UseNode10", useNode10 }, { "JobId", ExecutionContext.Variables.System_JobId.ToString()}, { "PlanId", ExecutionContext.Variables.Get(Constants.Variables.System.PlanId)}, { "AgentName", ExecutionContext.Variables.Get(Constants.Variables.Agent.Name)}, { "AgentPackageType", BuildConstants.AgentPackage.PackageType }, { "MachineName", ExecutionContext.Variables.Get(Constants.Variables.Agent.MachineName)}, { "IsSelfHosted", ExecutionContext.Variables.Get(Constants.Variables.Agent.IsSelfHosted)}, { "IsAzureVM", ExecutionContext.Variables.Get(Constants.Variables.System.IsAzureVM)}, { "IsDockerContainer", ExecutionContext.Variables.Get(Constants.Variables.System.IsDockerContainer)} }; var cmd = new Command("telemetry", "publish"); cmd.Data = JsonConvert.SerializeObject(telemetryData, Formatting.None); cmd.Properties.Add("area", "PipelinesTasks"); cmd.Properties.Add("feature", "ExecutionHandler"); var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(HostContext); publishTelemetryCmd.ProcessCommand(ExecutionContext, cmd); } catch (Exception ex) when (ex is FormatException || ex is ArgumentNullException || ex is NullReferenceException) { ExecutionContext.Debug($"ExecutionHandler telemetry wasn't published, because one of the variables has unexpected value."); ExecutionContext.Debug(ex.ToString()); } } private bool IsCorrelationIdRequired(IHandler handler, Definition task) { Trace.Entering(); var isIdRequired = false; if (handler is INodeHandler) { Trace.Info("Current handler is Node. Trying to determing the SDK version."); var nodeSdkVer = task.GetNodeSDKVersion(); if (nodeSdkVer == null) { Trace.Error("Unable to determine the Node SDK version."); } else { var minVer = new TaskVersion() { Major = 4, Minor = 10, Patch = 1 }; isIdRequired = (nodeSdkVer >= minVer) && !((nodeSdkVer.Major == 5) && nodeSdkVer.IsTest); Trace.Info($"Node SDK version: {nodeSdkVer}. Correlation ID is required: {isIdRequired}."); } } else if (handler is IPowerShell3Handler) { Trace.Info("Current handler is PowerShell3. Trying to determing the SDK version."); var psSdkVer = task.GetPowerShellSDKVersion(); if (psSdkVer == null) { Trace.Error("Unable to determine the PowerShell SDK version."); } else { var minVer = new TaskVersion() { Major = 0, Minor = 20, Patch = 1 }; isIdRequired = psSdkVer >= minVer; Trace.Info($"PowerShell SDK version: {psSdkVer}. Correlation ID is required: {isIdRequired}."); } } else { Trace.Info($"Current handler is {handler.GetType()}. Correlation ID is not allowed."); } Trace.Leaving(); return isIdRequired; } } } ================================================ FILE: src/Agent.Worker/Telemetry/CustomerIntelligenceServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.CustomerIntelligence.WebApi; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.WebPlatform; using Microsoft.VisualStudio.Services.Common; using System; using System.Collections.Generic; using System.Net.Http; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker.Telemetry { [ServiceLocator(Default = typeof(CustomerIntelligenceServer))] public interface ICustomerIntelligenceServer : IAgentService { void Initialize(VssConnection connection); Task PublishEventsAsync(CustomerIntelligenceEvent[] ciEvents); } // This service is used for tracking task events which are applicable for VSTS internal tasks public class CustomerIntelligenceServer : AgentService, ICustomerIntelligenceServer { private CustomerIntelligenceHttpClient _ciClient; public void Initialize(VssConnection connection) { ArgUtil.NotNull(connection, nameof(connection)); _ciClient = connection.GetClient(); } public Task PublishEventsAsync(CustomerIntelligenceEvent[] ciEvents) { return _ciClient.PublishEventsAsync(events: ciEvents); } } } ================================================ FILE: src/Agent.Worker/Telemetry/TelemetryCommandExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.WebPlatform; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.Net.Sockets; using System.Threading.Tasks; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent.Worker.Telemetry { public class TelemetryCommandExtension : BaseWorkerCommandExtension { public TelemetryCommandExtension() { CommandArea = "telemetry"; SupportedHostTypes = HostTypes.All; InstallWorkerCommand(new PublishTelemetryCommand()); } public TelemetryCommandExtension(bool IsAgentTelemetry = false) { CommandArea = "telemetry"; SupportedHostTypes = HostTypes.All; InstallWorkerCommand(new PublishTelemetryCommand(IsAgentTelemetry: IsAgentTelemetry)); } } [CommandRestriction(AllowedInRestrictedMode = true)] public sealed class PublishTelemetryCommand : IWorkerCommand { public string Name => "publish"; public List Aliases => null; public readonly bool IsAgentTelemetry = false; public PublishTelemetryCommand(bool IsAgentTelemetry = false) { this.IsAgentTelemetry = IsAgentTelemetry; } public void Execute(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); context.Variables.TryGetValue(Constants.Variables.Task.PublishTelemetry, out string publishTelemetryVar); if (bool.TryParse(publishTelemetryVar, out bool publishTelemetry) && !publishTelemetry && !IsAgentTelemetry) { return; } Dictionary eventProperties = command.Properties; string data = command.Data; string area; if (!eventProperties.TryGetValue(WellKnownEventTrackProperties.Area, out area) || string.IsNullOrEmpty(area)) { throw new ArgumentException(StringUtil.Loc("ArgumentNeeded", "Area")); } string feature; if (!eventProperties.TryGetValue(WellKnownEventTrackProperties.Feature, out feature) || string.IsNullOrEmpty(feature)) { throw new ArgumentException(StringUtil.Loc("ArgumentNeeded", "Feature")); } if (string.IsNullOrEmpty(data)) { throw new ArgumentException(StringUtil.Loc("ArgumentNeeded", "EventTrackerData")); } CustomerIntelligenceEvent ciEvent; try { var ciProperties = JsonConvert.DeserializeObject>(data); ciEvent = new CustomerIntelligenceEvent() { Area = area, Feature = feature, Properties = ciProperties }; } catch (Exception ex) { throw new ArgumentException(StringUtil.Loc("TelemetryCommandDataError", data, ex.Message)); } PublishEvent(context, ciEvent); } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "GetVssConnection")] public void PublishEvent(IExecutionContext context, CustomerIntelligenceEvent ciEvent) { ICustomerIntelligenceServer ciService; VssConnection vssConnection; try { ciService = context.GetHostContext().GetService(); vssConnection = WorkerUtilities.GetVssConnection(context); ciService.Initialize(vssConnection); } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, WorkerUtilities.GetVssConnection(context).Uri.ToString(), context.Warning); return; } catch (Exception ex) { context.Warning(StringUtil.Loc("TelemetryCommandFailed", ex.Message)); return; } var commandContext = context.GetHostContext().CreateService(); commandContext.InitializeCommandContext(context, StringUtil.Loc("Telemetry")); commandContext.Task = PublishEventsAsync(context, ciService, ciEvent); } private async Task PublishEventsAsync(IExecutionContext context, ICustomerIntelligenceServer ciService, CustomerIntelligenceEvent ciEvent) { try { await ciService.PublishEventsAsync(new CustomerIntelligenceEvent[] { ciEvent }); } catch (Exception ex) { context.Warning(StringUtil.Loc("TelemetryCommandFailed", ex.Message)); } } internal static class WellKnownEventTrackProperties { internal static readonly string Area = "area"; internal static readonly string Feature = "feature"; } } } ================================================ FILE: src/Agent.Worker/TempDirectoryManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.IO; using System.Threading; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(TempDirectoryManager))] public interface ITempDirectoryManager : IAgentService { void InitializeTempDirectory(IExecutionContext jobContext); void CleanupTempDirectory(); } public sealed class TempDirectoryManager : AgentService, ITempDirectoryManager { private string _tempDirectory; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _tempDirectory = HostContext.GetDirectory(WellKnownDirectory.Temp); } public void InitializeTempDirectory(IExecutionContext jobContext) { ArgUtil.NotNull(jobContext, nameof(jobContext)); ArgUtil.NotNullOrEmpty(_tempDirectory, nameof(_tempDirectory)); jobContext.SetVariable(Constants.Variables.Agent.TempDirectory, _tempDirectory, isFilePath: true); jobContext.Debug($"Cleaning agent temp folder: {_tempDirectory}"); try { IOUtil.DeleteDirectory(_tempDirectory, contentsOnly: true, continueOnContentDeleteError: true, cancellationToken: jobContext.CancellationToken); } catch (Exception ex) { Trace.Error(ex); } finally { // make sure folder exists Directory.CreateDirectory(_tempDirectory); } // TEMP and TMP on Windows // TMPDIR on Linux if (!AgentKnobs.OverwriteTemp.GetValue(jobContext).AsBoolean()) { jobContext.Debug($"Skipping overwrite %TEMP% environment variable"); } else { if (PlatformUtil.RunningOnWindows) { jobContext.Debug($"SET TMP={_tempDirectory}"); jobContext.Debug($"SET TEMP={_tempDirectory}"); jobContext.SetVariable("TMP", _tempDirectory, isFilePath: true); jobContext.SetVariable("TEMP", _tempDirectory, isFilePath: true); } else { jobContext.Debug($"SET TMPDIR={_tempDirectory}"); jobContext.SetVariable("TMPDIR", _tempDirectory, isFilePath: true); } } } public void CleanupTempDirectory() { ArgUtil.NotNullOrEmpty(_tempDirectory, nameof(_tempDirectory)); Trace.Info($"Cleaning agent temp folder: {_tempDirectory}"); try { IOUtil.DeleteDirectory(_tempDirectory, contentsOnly: true, continueOnContentDeleteError: true, cancellationToken: CancellationToken.None); } catch (Exception ex) { Trace.Error(ex); } } } } ================================================ FILE: src/Agent.Worker/TfManager.cs ================================================ using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using System; using System.IO; using System.IO.Compression; using System.Net.Http; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Worker { public interface IRetryOptions { int CurrentCount { get; set; } int Limit { get; init; } } public record RetryOptions : IRetryOptions { public int CurrentCount { get; set; } public int Limit { get; init; } } public static class TfManager { public static async Task DownloadLegacyTfToolsAsync(IExecutionContext executionContext) { ArgUtil.NotNull(executionContext, nameof(executionContext)); string externalsPath = Path.Combine(executionContext.GetVariableValueOrDefault("Agent.HomeDirectory"), Constants.Path.ExternalsDirectory); ArgUtil.NotNull(externalsPath, nameof(externalsPath)); string tfLegacyExternalsPath = Path.Combine(externalsPath, "tf-legacy"); var retryOptions = new RetryOptions() { CurrentCount = 0, Limit = 3 }; if (!Directory.Exists(tfLegacyExternalsPath)) { const string tfDownloadUrl = "https://vstsagenttools.blob.core.windows.net/tools/vstsom/m153_47c0856d/vstsom.zip"; string tempTfDirectory = Path.Combine(externalsPath, "tf_download_temp"); await DownloadAsync(executionContext, tfDownloadUrl, tempTfDirectory, tfLegacyExternalsPath, retryOptions); } else { executionContext.Debug($"tf-legacy download already exists at {tfLegacyExternalsPath}."); } string vstsomLegacyExternalsPath = Path.Combine(externalsPath, "vstsom-legacy"); if (!Directory.Exists(vstsomLegacyExternalsPath)) { const string vstsomDownloadUrl = "https://vstsagenttools.blob.core.windows.net/tools/vstsom/m122_887c6659/vstsom.zip"; string tempVstsomDirectory = Path.Combine(externalsPath, "vstsom_download_temp"); await DownloadAsync(executionContext, vstsomDownloadUrl, tempVstsomDirectory, vstsomLegacyExternalsPath, retryOptions); } else { executionContext.Debug($"vstsom-legacy download already exists at {vstsomLegacyExternalsPath}."); } string vstsHostLegacyExternalsPath = Path.Combine(externalsPath, "vstshost-legacy"); if (!Directory.Exists(vstsHostLegacyExternalsPath)) { const string vstsHostDownloadUrl = "https://vstsagenttools.blob.core.windows.net/tools/vstshost/m122_887c6659/vstshost.zip"; string tempVstsHostDirectory = Path.Combine(externalsPath, "vstshost_download_temp"); await DownloadAsync(executionContext, vstsHostDownloadUrl, tempVstsHostDirectory, vstsHostLegacyExternalsPath, retryOptions); } else { executionContext.Debug($"vstshost-legacy download already exists at {vstsHostLegacyExternalsPath}."); } } public static async Task DownloadAsync(IExecutionContext executionContext, string blobUrl, string tempDirectory, string extractPath, IRetryOptions retryOptions) { Directory.CreateDirectory(tempDirectory); string downloadPath = Path.ChangeExtension(Path.Combine(tempDirectory, "download"), ".completed"); string toolName = new DirectoryInfo(extractPath).Name; const int timeout = 180; const int defaultFileStreamBufferSize = 4096; const int retryDelay = 10000; try { using CancellationTokenSource downloadCts = new(TimeSpan.FromSeconds(timeout)); using CancellationTokenSource linkedTokenSource = CancellationTokenSource.CreateLinkedTokenSource(downloadCts.Token, executionContext.CancellationToken); CancellationToken cancellationToken = linkedTokenSource.Token; using HttpClient httpClient = new(); using Stream stream = await httpClient.GetStreamAsync(blobUrl, cancellationToken); using FileStream fs = new(downloadPath, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize: defaultFileStreamBufferSize, useAsync: true); while (retryOptions.CurrentCount < retryOptions.Limit) { try { executionContext.Debug($"Retry options: {retryOptions.ToString()}."); await stream.CopyToAsync(fs, cancellationToken); executionContext.Debug($"Finished downloading {toolName}."); await fs.FlushAsync(cancellationToken); fs.Close(); break; } catch (OperationCanceledException) when (cancellationToken.IsCancellationRequested) { executionContext.Debug($"{toolName} download has been cancelled."); throw; } catch (Exception) { retryOptions.CurrentCount++; if (retryOptions.CurrentCount == retryOptions.Limit) { IOUtil.DeleteDirectory(tempDirectory, CancellationToken.None); executionContext.Error($"Retry limit for {toolName} download has been exceeded."); return; } executionContext.Debug($"Failed to download {toolName}"); executionContext.Debug($"Retry {toolName} download in 10 seconds."); await Task.Delay(retryDelay, cancellationToken); } } executionContext.Debug($"Extracting {toolName}..."); ZipFile.ExtractToDirectory(downloadPath, extractPath); File.WriteAllText(downloadPath, DateTime.UtcNow.ToString()); executionContext.Debug($"{toolName} has been extracted and cleaned up"); } catch (Exception ex) { executionContext.Error(ex); } finally { IOUtil.DeleteDirectory(tempDirectory, CancellationToken.None); executionContext.Debug($"{toolName} download directory has been cleaned up."); } } } } ================================================ FILE: src/Agent.Worker/Variables.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.Linq; using Agent.Sdk.SecretMasking; using BuildWebApi = Microsoft.TeamFoundation.Build.WebApi; using Newtonsoft.Json.Linq; namespace Microsoft.VisualStudio.Services.Agent.Worker { public sealed class VariableScope : IDisposable { private Variables Data; private HashSet Names; public VariableScope(Variables data) { Data = data; Names = new HashSet(); } public void Set(string name, string val, bool secret = false) { Names.Add(name); Data.Set(name, val, secret); } public void Dispose() { foreach (string name in Names) { Data.Unset(name); } } } public sealed class Variables { private readonly IHostContext _hostContext; private readonly ConcurrentDictionary _nonexpanded = new ConcurrentDictionary(StringComparer.OrdinalIgnoreCase); private readonly ILoggedSecretMasker _secretMasker; private readonly object _setLock = new object(); private readonly Tracing _trace; private ConcurrentDictionary _expanded; public delegate string TranslationMethod(string val); public TranslationMethod StringTranslator = DefaultStringTranslator; public static string DefaultStringTranslator(string val) { return val; } public IEnumerable Public { get { return _expanded.Values .Where(x => !x.Secret) .Select(x => new Variable(x.Name, StringTranslator(x.Value), x.Secret, x.ReadOnly, x.PreserveCase)); } } public IEnumerable Private { get { return _expanded.Values .Where(x => x.Secret) .Select(x => new Variable(x.Name, StringTranslator(x.Value), x.Secret, x.ReadOnly, x.PreserveCase)); } } public Variables(IHostContext hostContext, IDictionary copy, out List warnings) { ArgUtil.NotNull(hostContext, nameof(hostContext)); // Store/Validate args. _hostContext = hostContext; _secretMasker = _hostContext.SecretMasker; _trace = _hostContext.GetTrace(nameof(Variables)); // Validate the dictionary, remove any variable with empty variable name. ArgUtil.NotNull(copy, nameof(copy)); if (copy.Keys.Any(k => string.IsNullOrWhiteSpace(k))) { _trace.Info($"Remove {copy.Keys.Count(k => string.IsNullOrWhiteSpace(k))} variables with empty variable name."); } // Initialize the variable dictionary. List variables = new List(); foreach (var variable in copy) { if (!string.IsNullOrWhiteSpace(variable.Key)) { variables.Add(new Variable(variable.Key, variable.Value.Value, variable.Value.IsSecret, variable.Value.IsReadOnly, preserveCase: false)); } } foreach (Variable variable in variables) { // Store the variable. The initial secret values have already been // registered by the Worker class. _nonexpanded[variable.Name] = variable; } // Recursively expand the variables. RecalculateExpanded(out warnings); } // DO NOT add file path variable to here. // All file path variables needs to be retrieved and set through ExecutionContext, so it can handle container file path translation. public TaskResult? Agent_JobStatus { get { return GetEnum(Constants.Variables.Agent.JobStatus); } set { Set(Constants.Variables.Agent.JobStatus, $"{value}"); } } public string Agent_ProxyUrl => Get(Constants.Variables.Agent.ProxyUrl); public bool? Agent_SslSkipCertValidation => GetBoolean(Constants.Variables.Agent.SslSkipCertValidation); public string Agent_ProxyUsername => Get(Constants.Variables.Agent.ProxyUsername); public string Agent_ProxyPassword => Get(Constants.Variables.Agent.ProxyPassword); public bool? Agent_UseBasicAuthForProxy => GetBoolean(Constants.Variables.Agent.UseBasicAuthForProxy); public int? Build_BuildId => GetInt(BuildWebApi.BuildVariables.BuildId); public string Build_BuildUri => Get(BuildWebApi.BuildVariables.BuildUri); public BuildCleanOption? Build_Clean => GetEnum(Constants.Variables.Features.BuildDirectoryClean) ?? GetEnum(Constants.Variables.Build.Clean); public long? Build_ContainerId => GetLong(BuildWebApi.BuildVariables.ContainerId); public string Build_DefinitionName => Get(Constants.Variables.Build.DefinitionName); public bool? Build_GatedRunCI => GetBoolean(Constants.Variables.Build.GatedRunCI); public string Build_GatedShelvesetName => Get(Constants.Variables.Build.GatedShelvesetName); public string Build_Number => Get(Constants.Variables.Build.Number); public string Build_RepoTfvcWorkspace => Get(Constants.Variables.Build.RepoTfvcWorkspace); public string Build_RequestedFor => Get((BuildWebApi.BuildVariables.RequestedFor)); public string Build_SourceBranch => Get(Constants.Variables.Build.SourceBranch); public string Build_SourceTfvcShelveset => Get(Constants.Variables.Build.SourceTfvcShelveset); public string Build_SourceVersion => Get(Constants.Variables.Build.SourceVersion); public bool? Build_SyncSources => GetBoolean(Constants.Variables.Build.SyncSources); public bool? Build_UseServerWorkspaces => GetBoolean(Constants.Variables.Build.UseServerWorkspaces); public string Release_ArtifactsDirectory => Get(Constants.Variables.Release.ArtifactsDirectory); public string Release_ReleaseEnvironmentUri => Get(Constants.Variables.Release.ReleaseEnvironmentUri); public string Release_ReleaseId => Get(Constants.Variables.Release.ReleaseId); public string Release_ReleaseName => Get(Constants.Variables.Release.ReleaseName); public string Release_ReleaseUri => Get(Constants.Variables.Release.ReleaseUri); public int? Release_Download_BufferSize => GetInt(Constants.Variables.Release.ReleaseDownloadBufferSize); public int? Release_Parallel_Download_Limit => GetInt(Constants.Variables.Release.ReleaseParallelDownloadLimit); public bool Retain_Default_Encoding { get { if (!PlatformUtil.RunningOnWindows) { return true; } return GetBoolean(Constants.Variables.Agent.RetainDefaultEncoding) ?? true; } } public bool Read_Only_Variables => GetBoolean(Constants.Variables.Agent.ReadOnlyVariables) ?? false; public string System_CollectionId => Get(Constants.Variables.System.CollectionId); public bool? System_Debug => GetBoolean(Constants.Variables.System.Debug); public string System_DefinitionId => Get(Constants.Variables.System.DefinitionId); public bool? System_EnableAccessToken => GetBoolean(Constants.Variables.System.EnableAccessToken); public HostTypes System_HostType => GetEnum(Constants.Variables.System.HostType) ?? HostTypes.None; public string System_PlanId => Get(Constants.Variables.System.PlanId); public string System_JobId => Get(Constants.Variables.System.JobId); public string System_PhaseDisplayName => Get(Constants.Variables.System.PhaseDisplayName); public string System_PullRequest_TargetBranch => Get(Constants.Variables.System.PullRequestTargetBranchName); public string System_TaskDefinitionsUri => Get(WellKnownDistributedTaskVariables.TaskDefinitionsUrl); public string System_TeamProject => Get(BuildWebApi.BuildVariables.TeamProject); public Guid? System_TeamProjectId => GetGuid(BuildWebApi.BuildVariables.TeamProjectId); public string System_TFCollectionUrl => Get(WellKnownDistributedTaskVariables.TFCollectionUrl); public string System_CollectionUrl => Get(WellKnownDistributedTaskVariables.CollectionUrl); public string System_StageName => Get(Constants.Variables.System.StageName); public int? System_StageAttempt => GetInt(Constants.Variables.System.StageAttempt); public string System_PhaseName => Get(Constants.Variables.System.PhaseName); public int? System_PhaseAttempt => GetInt(Constants.Variables.System.PhaseAttempt); public string System_JobName => Get(Constants.Variables.System.JobName); public int? System_JobAttempt => GetInt(Constants.Variables.System.JobAttempt); public static readonly HashSet PiiVariables = new HashSet(StringComparer.OrdinalIgnoreCase) { "Build.AuthorizeAs", "Build.QueuedBy", "Build.RequestedFor", "Build.RequestedForEmail", "Build.SourceBranch", "Build.SourceBranchName", "Build.SourceTfvcShelveset", "Build.SourceVersion", "Build.SourceVersionAuthor", "Job.AuthorizeAs", "Release.Deployment.RequestedFor", "Release.Deployment.RequestedForEmail", "Release.RequestedFor", "Release.RequestedForEmail", }; public static readonly string PiiArtifactVariablePrefix = "Release.Artifacts"; public static readonly List PiiArtifactVariableSuffixes = new List() { "SourceBranch", "SourceBranchName", "SourceVersion", "RequestedFor" }; public static readonly List VariablesVulnerableToExecution = new List { Constants.Variables.Build.SourceVersionMessage, Constants.Variables.Build.DefinitionName, Constants.Variables.Build.SourceVersionAuthor, Constants.Variables.System.SourceVersionMessage, Constants.Variables.System.DefinitionName, Constants.Variables.System.JobDisplayName, Constants.Variables.System.PhaseDisplayName, Constants.Variables.System.StageDisplayName, Constants.Variables.Release.ReleaseDefinitionName, Constants.Variables.Release.ReleaseEnvironmentName, Constants.Variables.Agent.MachineName, Constants.Variables.Agent.Name, }; public void ExpandValues(IDictionary target, bool enableVariableInputTrimming = false) { ArgUtil.NotNull(target, nameof(target)); _trace.Entering(); var source = new Dictionary(StringComparer.OrdinalIgnoreCase); foreach (Variable variable in _expanded.Values) { var value = StringTranslator(variable.Value); source[variable.Name] = value; } VarUtil.ExpandValues(_hostContext, source, target, enableVariableInputTrimming); } public string ExpandValue(string name, string value) { _trace.Entering(); var source = new Dictionary(StringComparer.OrdinalIgnoreCase); foreach (Variable variable in _expanded.Values) { source[variable.Name] = StringTranslator(variable.Value); } var target = new Dictionary(StringComparer.OrdinalIgnoreCase) { [name] = value }; VarUtil.ExpandValues(_hostContext, source, target); return target[name]; } public JToken ExpandValues(JToken target) { _trace.Entering(); var source = new Dictionary(StringComparer.OrdinalIgnoreCase); foreach (Variable variable in _expanded.Values) { source[variable.Name] = StringTranslator(variable.Value); } return VarUtil.ExpandValues(_hostContext, source, target); } public string Get(string name, bool skipTranslationPathToStepTarget = false) { Variable variable; if (_expanded.TryGetValue(name, out variable)) { var value = variable.Value; if (!skipTranslationPathToStepTarget) { value = StringTranslator(value); } _trace.Verbose($"Get '{name}': '{value}'"); return value; } _trace.Verbose($"Get '{name}' (not found)"); return null; } public bool? GetBoolean(string name) { bool val; if (bool.TryParse(Get(name), out val)) { return val; } return null; } public T? GetEnum(string name) where T : struct { return EnumUtil.TryParse(Get(name)); } public Guid? GetGuid(string name) { Guid val; if (Guid.TryParse(Get(name), out val)) { return val; } return null; } public int? GetInt(string name) { int val; if (int.TryParse(Get(name), out val)) { return val; } return null; } public long? GetLong(string name) { long val; if (long.TryParse(Get(name), out val)) { return val; } return null; } public VariableScope CreateScope() { return new VariableScope(this); } public void Unset(string name) { // Validate the args. ArgUtil.NotNullOrEmpty(name, nameof(name)); // Remove the variable. lock (_setLock) { Variable dummy; _expanded.Remove(name, out dummy); _nonexpanded.Remove(name, out dummy); _trace.Verbose($"Unset '{name}'"); } } public void Set(string name, string val, bool secret = false, bool readOnly = false, bool preserveCase = false) { // Validate the args. ArgUtil.NotNullOrEmpty(name, nameof(name)); // Add or update the variable. lock (_setLock) { // Determine whether the value should be a secret. The approach taken here is somewhat // conservative. If the previous expanded variable is a secret, then assume the new // value should be a secret as well. // // Keep in mind, the two goals of flagging variables as secret: // 1) Mask secrets from the logs. // 2) Keep secrets out of environment variables for tasks. Secrets must be passed into // tasks via inputs. It's better to take a conservative approach when determining // whether a variable should be marked secret. Otherwise nested secret values may // inadvertantly end up in public environment variables. secret = secret || (_expanded.ContainsKey(name) && _expanded[name].Secret); // Register the secret. Secret masker handles duplicates gracefully. if (secret && !string.IsNullOrEmpty(val)) { _secretMasker.AddValue(val, $"Variables_Set_{name}"); } // Also keep any variables that are already read only as read only. // This only really matters for server side system variables that get updated by something other than setVariable (e.g. updateBuildNumber). readOnly = readOnly || (_expanded.ContainsKey(name) && _expanded[name].ReadOnly); // Store the value as-is to the expanded dictionary and the non-expanded dictionary. // It is not expected that the caller needs to store an non-expanded value and then // retrieve the expanded value in the same context. var variable = new Variable(name, val, secret, readOnly, preserveCase); _expanded[name] = variable; _nonexpanded[name] = variable; _trace.Verbose($"Set '{name}' = '{val}'"); } } public bool IsReadOnly(string name) { Variable existingVariable = null; if (!_expanded.TryGetValue(name, out existingVariable)) { _nonexpanded.TryGetValue(name, out existingVariable); } return (existingVariable != null && IsReadOnly(existingVariable)); } public bool TryGetValue(string name, out string val) { Variable variable; if (_expanded.TryGetValue(name, out variable)) { val = StringTranslator(variable.Value); _trace.Verbose($"Get '{name}': '{val}'"); return true; } val = null; _trace.Verbose($"Get '{name}' (not found)"); return false; } public void RecalculateExpanded(out List warnings) { // TODO: A performance improvement could be made by short-circuiting if the non-expanded values are not dirty. It's unclear whether it would make a significant difference. // Take a lock to prevent the variables from changing while expansion is being processed. lock (_setLock) { const int MaxDepth = 50; // TODO: Validate max size? No limit on *nix. Max of 32k per env var on Windows https://msdn.microsoft.com/en-us/library/windows/desktop/ms682653%28v=vs.85%29.aspx _trace.Entering(); warnings = new List(); // Create a new expanded instance. var expanded = new ConcurrentDictionary(_nonexpanded, StringComparer.OrdinalIgnoreCase); // Process each variable in the dictionary. foreach (string name in _nonexpanded.Keys) { bool secret = _nonexpanded[name].Secret; bool readOnly = _nonexpanded[name].ReadOnly; bool preserveCase = _nonexpanded[name].PreserveCase; _trace.Verbose($"Processing expansion for variable: '{name}'"); // This algorithm handles recursive replacement using a stack. // 1) Max depth is enforced by leveraging the stack count. // 2) Cyclical references are detected by walking the stack. // 3) Additional call frames are avoided. bool exceedsMaxDepth = false; bool hasCycle = false; var stack = new Stack(); RecursionState state = new RecursionState(name: name, value: _nonexpanded[name].Value ?? string.Empty); // The outer while loop is used to manage popping items from the stack (of state objects). while (true) { // The inner while loop is used to manage replacement within the current state object. // Find the next macro within the current value. while (state.StartIndex < state.Value.Length && (state.PrefixIndex = state.Value.IndexOf(Constants.Variables.MacroPrefix, state.StartIndex, StringComparison.Ordinal)) >= 0 && (state.SuffixIndex = state.Value.IndexOf(Constants.Variables.MacroSuffix, state.PrefixIndex + Constants.Variables.MacroPrefix.Length, StringComparison.Ordinal)) >= 0) { // A candidate was found. string nestedName = state.Value.Substring( startIndex: state.PrefixIndex + Constants.Variables.MacroPrefix.Length, length: state.SuffixIndex - state.PrefixIndex - Constants.Variables.MacroPrefix.Length); if (!secret) { _trace.Verbose($"Found macro candidate: '{nestedName}'"); } Variable nestedVariable; if (!string.IsNullOrEmpty(nestedName) && _nonexpanded.TryGetValue(nestedName, out nestedVariable)) { // A matching variable was found. // Check for max depth. int currentDepth = stack.Count + 1; // Add 1 since the current state isn't on the stack. if (currentDepth == MaxDepth) { // Warn and break out of the while loops. _trace.Warning("Exceeds max depth."); exceedsMaxDepth = true; warnings.Add(StringUtil.Loc("Variable0ExceedsMaxDepth1", name, MaxDepth)); break; } // Check for a cyclical reference. else if (string.Equals(state.Name, nestedName, StringComparison.OrdinalIgnoreCase) || stack.Any(x => string.Equals(x.Name, nestedName, StringComparison.OrdinalIgnoreCase))) { // Warn and break out of the while loops. _trace.Warning("Cyclical reference detected."); hasCycle = true; warnings.Add(StringUtil.Loc("Variable0ContainsCyclicalReference", name)); break; } else { // Push the current state and start a new state. There is no need to break out // of the inner while loop. It will continue processing the new current state. secret = secret || nestedVariable.Secret; if (!secret) { _trace.Verbose($"Processing expansion for nested variable: '{nestedName}'"); } stack.Push(state); state = new RecursionState(name: nestedName, value: StringTranslator(nestedVariable.Value ?? string.Empty)); } } else { // A matching variable was not found. if (!secret) { _trace.Verbose("Macro not found."); } state.StartIndex = state.PrefixIndex + 1; } } // End of inner while loop for processing the variable. // No replacement is performed if something went wrong. if (exceedsMaxDepth || hasCycle) { break; } // Check if finished processing the stack. if (stack.Count == 0) { // Store the final value and break out of the outer while loop. if (!string.Equals(state.Value, _nonexpanded[name].Value, StringComparison.Ordinal)) { // Register the secret. if (secret && !string.IsNullOrEmpty(state.Value)) { _secretMasker.AddValue(state.Value, $"Variables_RecalculateExpanded_{state.Name}"); } // Set the expanded value. expanded[state.Name] = new Variable(state.Name, state.Value, secret, readOnly, preserveCase); _trace.Verbose($"Set '{state.Name}' = '{state.Value}'"); } break; } // Adjust and pop the parent state. if (!secret) { _trace.Verbose("Popping recursion state."); } RecursionState parent = stack.Pop(); parent.Value = string.Concat( parent.Value.Substring(0, parent.PrefixIndex), state.Value, parent.Value.Substring(parent.SuffixIndex + Constants.Variables.MacroSuffix.Length)); parent.StartIndex = parent.PrefixIndex + (state.Value).Length; state = parent; if (!secret) { _trace.Verbose($"Intermediate state '{state.Name}': '{state.Value}'"); } } // End of outer while loop for recursively processing the variable. } // End of foreach loop over each key in the dictionary. _expanded = expanded; } // End of critical section. } public void CopyInto(Dictionary target, TranslationMethod translation) { ArgUtil.NotNull(target, nameof(target)); ArgUtil.NotNull(translation, nameof(translation)); foreach (var var in this.Public) { target[var.Name] = translation(var.Value); } foreach (var var in this.Private) { target[var.Name] = new VariableValue(translation(var.Value), true); } } private Boolean IsReadOnly(Variable variable) { if (variable.ReadOnly) { return true; } return Constants.Variables.ReadOnlyVariables.Contains(variable.Name, StringComparer.OrdinalIgnoreCase); } private sealed class RecursionState { public RecursionState(string name, string value) { Name = name; Value = value; } public string Name { get; private set; } public string Value { get; set; } public int StartIndex { get; set; } public int PrefixIndex { get; set; } public int SuffixIndex { get; set; } } } public sealed class Variable { public string Name { get; private set; } public bool Secret { get; private set; } public string Value { get; private set; } public bool ReadOnly { get; private set; } public bool PreserveCase { get; private set; } public Variable(string name, string value, bool secret, bool readOnly, bool preserveCase) { ArgUtil.NotNullOrEmpty(name, nameof(name)); Name = name; Value = value ?? string.Empty; Secret = secret; ReadOnly = readOnly; PreserveCase = preserveCase; } } } ================================================ FILE: src/Agent.Worker/VsoTaskLibManager.cs ================================================ using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.IO; using System.IO.Compression; using System.Net.Http; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Worker { public static class VsoTaskLibManager { /// /// Downloads and installs vso-task-lib at runtime if not already present /// /// The execution context /// Task representing the async operation public static async Task DownloadVsoTaskLibAsync(IExecutionContext executionContext) { ArgUtil.NotNull(executionContext, nameof(executionContext)); string externalsPath = Path.Combine(executionContext.GetVariableValueOrDefault("Agent.HomeDirectory"), Constants.Path.ExternalsDirectory); ArgUtil.NotNull(externalsPath, nameof(externalsPath)); string vsoTaskLibExternalsPath = Path.Combine(externalsPath, "vso-task-lib"); var retryOptions = new RetryOptions() { CurrentCount = 0, Limit = 3 }; if (!Directory.Exists(vsoTaskLibExternalsPath)) { const string vsoTaskLibDownloadUrl = "https://vstsagenttools.blob.core.windows.net/tools/vso-task-lib/0.5.5/vso-task-lib.tar.gz"; string tempVsoTaskLibDirectory = Path.Combine(externalsPath, "vso-task-lib_download_temp"); await DownloadAsync(executionContext, vsoTaskLibDownloadUrl, tempVsoTaskLibDirectory, vsoTaskLibExternalsPath, retryOptions); } else { executionContext.Debug($"vso-task-lib download already exists at {vsoTaskLibExternalsPath}."); } } public static async Task DownloadAsync(IExecutionContext executionContext, string blobUrl, string tempDirectory, string extractPath, IRetryOptions retryOptions) { Directory.CreateDirectory(tempDirectory); Directory.CreateDirectory(extractPath); string downloadPath = Path.ChangeExtension(Path.Combine(tempDirectory, "download"), ".tar.gz"); string toolName = new DirectoryInfo(extractPath).Name; const int timeout = 180; const int bufferSize = 4096; const int retryDelay = 10000; using var downloadCts = new CancellationTokenSource(TimeSpan.FromSeconds(timeout)); using var linkedTokenSource = CancellationTokenSource.CreateLinkedTokenSource(downloadCts.Token, executionContext.CancellationToken); var cancellationToken = linkedTokenSource.Token; using var handler = executionContext.GetHostContext().CreateHttpClientHandler(); using var httpClient = new HttpClient(handler); for (; retryOptions.CurrentCount < retryOptions.Limit; retryOptions.CurrentCount++) { try { executionContext.Debug($"Downloading {toolName} (attempt {retryOptions.CurrentCount + 1}/{retryOptions.Limit})."); using var stream = await httpClient.GetStreamAsync(blobUrl, cancellationToken); using var fs = new FileStream(downloadPath, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize, true); await stream.CopyToAsync(fs, cancellationToken); executionContext.Debug($"Finished downloading {toolName}."); await fs.FlushAsync(cancellationToken); ExtractTarGz(downloadPath, extractPath, executionContext, toolName); executionContext.Debug($"{toolName} has been extracted and cleaned up"); break; } catch (OperationCanceledException) when (cancellationToken.IsCancellationRequested) { executionContext.Debug($"{toolName} download has been cancelled."); throw; } catch (Exception ex) { if (retryOptions.CurrentCount + 1 == retryOptions.Limit) { IOUtil.DeleteDirectory(tempDirectory, CancellationToken.None); executionContext.Error($"Retry limit for {toolName} download has been exceeded."); executionContext.Error(ex); return; } executionContext.Debug($"Failed to download {toolName}: {ex.Message}"); executionContext.Debug($"Retry {toolName} download in 10 seconds."); await Task.Delay(retryDelay, cancellationToken); } } IOUtil.DeleteDirectory(tempDirectory, CancellationToken.None); executionContext.Debug($"{toolName} download directory has been cleaned up."); } /// /// Extracts a .tar.gz file to the specified directory using the tar command. /// private static void ExtractTarGz(string tarGzPath, string extractPath, IExecutionContext executionContext, string toolName) { Directory.CreateDirectory(extractPath); executionContext.Debug($"Extracting {toolName} using tar..."); using (var process = new System.Diagnostics.Process { StartInfo = new System.Diagnostics.ProcessStartInfo { FileName = "tar", Arguments = $"-xzf \"{tarGzPath}\" -C \"{extractPath}\"", RedirectStandardOutput = true, RedirectStandardError = true, UseShellExecute = false, CreateNoWindow = true, } }) { process.Start(); process.WaitForExit(); if (process.ExitCode != 0) { var error = process.StandardError.ReadToEnd(); executionContext.Error($"tar extraction failed: {error}"); throw new Exception($"tar extraction failed: {error}"); } } } } } ================================================ FILE: src/Agent.Worker/Worker.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.WebApi; using Agent.Sdk.Util; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(Worker))] public interface IWorker : IAgentService { Task RunAsync(string pipeIn, string pipeOut); } public sealed class Worker : AgentService, IWorker { private readonly TimeSpan _workerStartTimeout = TimeSpan.FromSeconds(30); private static readonly char[] _quoteLikeChars = new char[] { '\'', '"' }; public async Task RunAsync(string pipeIn, string pipeOut) { using (Trace.EnteringWithDuration()) { // Validate args. ArgUtil.NotNullOrEmpty(pipeIn, nameof(pipeIn)); ArgUtil.NotNullOrEmpty(pipeOut, nameof(pipeOut)); Trace.Entering(); var agentWebProxy = HostContext.GetService(); var agentCertManager = HostContext.GetService(); VssUtil.InitializeVssClientSettings(HostContext.UserAgent, agentWebProxy.WebProxy, agentCertManager.VssClientCertificateManager, agentCertManager.SkipServerCertificateValidation); Trace.Info(StringUtil.Format("VSS client settings initialized [UserAgent:{0}, ProxyConfigured:{1}, CertValidationSkipped:{2}]", HostContext.UserAgent, agentWebProxy.WebProxy != null, agentCertManager.SkipServerCertificateValidation)); var jobRunner = HostContext.CreateService(); Trace.Info("JobRunner service created - preparing for IPC channel establishment"); using (var channel = HostContext.CreateService()) using (var jobRequestCancellationToken = CancellationTokenSource.CreateLinkedTokenSource(HostContext.AgentShutdownToken)) using (var channelTokenSource = new CancellationTokenSource()) { // Start the channel. Trace.Info(StringUtil.Format("Starting process channel client - establishing IPC communication with listener - pipeIn: {0}, pipeOut: {1}", pipeIn, pipeOut)); channel.StartClient(pipeIn, pipeOut); Trace.Info("IPC channel established successfully - communication link active with listener process"); // Wait for up to 30 seconds for a message from the channel. Trace.Info("Process channel established - waiting for job message from listener process"); HostContext.WritePerfCounter("WorkerWaitingForJobMessage"); WorkerMessage channelMessage; using (var csChannelMessage = new CancellationTokenSource(_workerStartTimeout)) { channelMessage = await channel.ReceiveAsync(csChannelMessage.Token); } // Deserialize the job message. Trace.Info("Job message received from listener - beginning deserialization and validation"); ArgUtil.Equal(MessageType.NewJobRequest, channelMessage.MessageType, nameof(channelMessage.MessageType)); ArgUtil.NotNullOrEmpty(channelMessage.Body, nameof(channelMessage.Body)); var jobMessage = JsonUtility.FromString(channelMessage.Body); ArgUtil.NotNull(jobMessage, nameof(jobMessage)); HostContext.WritePerfCounter($"WorkerJobMessageReceived_{jobMessage.RequestId.ToString()}"); Trace.Info(StringUtil.Format("Job message deserialized successfully [JobId:{0}, PlanId:{1}, RequestId:{2}]", jobMessage.JobId, jobMessage.Plan.PlanId, jobMessage.RequestId)); jobMessage = WorkerUtilities.DeactivateVsoCommandsFromJobMessageVariables(jobMessage); // Initialize the secret masker and set the thread culture. InitializeSecretMasker(jobMessage); SetCulture(jobMessage); // Start the job. Trace.Info("Job preprocessing complete - starting JobRunner execution with detailed message logging"); Trace.Info($"Job message:{Environment.NewLine} {StringUtil.ConvertToJson(WorkerUtilities.ScrubPiiData(jobMessage))}"); Task jobRunnerTask = jobRunner.RunAsync(jobMessage, jobRequestCancellationToken.Token); Trace.Info("Entering message monitoring loop - listening for cancellation and shutdown signals"); bool cancel = false; int messageLoopIteration = 0; while (!cancel) { messageLoopIteration++; // Start listening for a cancel message from the channel. Trace.Info(StringUtil.Format("Starting listener for control messages from listener process [Iteration:{0}]", messageLoopIteration)); Task channelTask = channel.ReceiveAsync(channelTokenSource.Token); // Wait for one of the tasks to complete. Trace.Info("Waiting for the job to complete or for a cancel message from the channel."); await Task.WhenAny(jobRunnerTask, channelTask); // Handle if the job completed. if (jobRunnerTask.IsCompleted) { Trace.Info("Worker process termination initiated - Cancelling channel communication"); channelTokenSource.Cancel(); // Cancel waiting for a message from the channel. var result = TaskResultUtil.TranslateToReturnCode(await jobRunnerTask); Trace.Info($"JobRunner completion detected - Job execution finished with result: {result}"); return result; } // Otherwise a message was received from the channel. channelMessage = await channelTask; Trace.Info(StringUtil.Format("Control message received from listener [Type:{0}, Iteration:{1}]", channelMessage.MessageType, messageLoopIteration)); switch (channelMessage.MessageType) { case MessageType.CancelRequest: Trace.Info("Job cancellation request received - initiating graceful job termination"); jobRequestCancellationToken.Cancel(); // Expire the host cancellation token. break; case MessageType.AgentShutdown: Trace.Info("Agent shutdown request received - terminating job and shutting down worker"); cancel = true; HostContext.ShutdownAgent(ShutdownReason.UserCancelled); break; case MessageType.OperatingSystemShutdown: Trace.Info("Operating system shutdown detected - performing emergency job termination"); cancel = true; HostContext.ShutdownAgent(ShutdownReason.OperatingSystemShutdown); break; case MessageType.JobMetadataUpdate: Trace.Info(StringUtil.Format("Metadata update message received - updating job runner metadata, Metadata: {0}", channelMessage.Body)); var metadataMessage = JsonUtility.FromString(channelMessage.Body); jobRunner.UpdateMetadata(metadataMessage); Trace.Info("Job metadata update processed successfully"); break; case MessageType.FlushLogsRequest: Trace.Info("FlushLogsRequest received in main message loop"); HostContext.ShutdownWorkerForTimeout(); break; default: throw new ArgumentOutOfRangeException(nameof(channelMessage.MessageType), channelMessage.MessageType, nameof(channelMessage.MessageType)); } } // Await the job. var workerResult = TaskResultUtil.TranslateToReturnCode(await jobRunnerTask); Trace.Info($"Worker process lifecycle completed successfully - returning with exit code: {workerResult}"); return workerResult; } } } private void AddUserSuppliedSecret(String secret) { ArgUtil.NotNull(secret, nameof(secret)); HostContext.SecretMasker.AddValue(secret, WellKnownSecretAliases.UserSuppliedSecret); // for variables, it is possible that they are used inside a shell which would strip off surrounding quotes // so, if the value is surrounded by quotes, add a quote-timmed version of the secret to our masker as well // This addresses issue #2525 foreach (var quoteChar in _quoteLikeChars) { if (secret.StartsWith(quoteChar) && secret.EndsWith(quoteChar)) { HostContext.SecretMasker.AddValue(secret.Trim(quoteChar), WellKnownSecretAliases.UserSuppliedSecret); } } // Here we add a trimmed secret value to the dictionary in case of a possible leak through external tools. var trimChars = new char[] { '\r', '\n', ' ' }; HostContext.SecretMasker.AddValue(secret.Trim(trimChars), WellKnownSecretAliases.UserSuppliedSecret); } private void InitializeSecretMasker(Pipelines.AgentJobRequestMessage message) { Trace.Entering(); Trace.Info("Secret masker initialization initiated - processing job security configuration"); ArgUtil.NotNull(message, nameof(message)); ArgUtil.NotNull(message.Resources, nameof(message.Resources)); int secretCount = 0; // Add mask hints for secret variables foreach (var variable in (message.Variables ?? new Dictionary())) { // Skip secrets which are just white spaces. if (variable.Value.IsSecret && !string.IsNullOrWhiteSpace(variable.Value.Value)) { secretCount++; AddUserSuppliedSecret(variable.Value.Value); // also, we escape some characters for variables when we print them out in debug mode. We need to // add the escaped version of these secrets as well var escapedSecret = variable.Value.Value.Replace("%", "%AZP25") .Replace("\r", "%0D") .Replace("\n", "%0A"); AddUserSuppliedSecret(escapedSecret); // Since % escaping may be turned off, also mask a version escaped with just newlines var escapedSecret2 = variable.Value.Value.Replace("\r", "%0D") .Replace("\n", "%0A"); AddUserSuppliedSecret(escapedSecret2); // We need to mask the base 64 value of the secret as well var base64Secret = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(variable.Value.Value)); // Add the base64 secret to the secret masker AddUserSuppliedSecret(base64Secret); // also, we escape some characters for variables when we print them out in debug mode. We need to // add the escaped version of these secrets as well var escapedSecret3 = base64Secret.Replace("%", "%AZP25") .Replace("\r", "%0D") .Replace("\n", "%0A"); AddUserSuppliedSecret(escapedSecret3); // Since % escaping may be turned off, also mask a version escaped with just newlines var escapedSecret4 = base64Secret.Replace("\r", "%0D") .Replace("\n", "%0A"); AddUserSuppliedSecret(escapedSecret4); } } // Add mask hints foreach (MaskHint maskHint in (message.MaskHints ?? new List())) { if (maskHint.Type == MaskType.Regex) { HostContext.SecretMasker.AddRegex(maskHint.Value, $"Worker_{WellKnownSecretAliases.AddingMaskHint}"); // We need this because the worker will print out the job message JSON to diag log // and SecretMasker has JsonEscapeEncoder hook up HostContext.SecretMasker.AddValue(maskHint.Value, WellKnownSecretAliases.AddingMaskHint); } else { // TODO: Should we fail instead? Do any additional pains need to be taken here? Should the job message not be traced? Trace.Warning($"Unsupported mask type '{maskHint.Type}'."); } } // TODO: Avoid adding redundant secrets. If the endpoint auth matches the system connection, then it's added as a value secret and as a regex secret. Once as a value secret b/c of the following code that iterates over each endpoint. Once as a regex secret due to the hint sent down in the job message. // Add masks for service endpoints int endpointSecretCount = 0; foreach (ServiceEndpoint endpoint in message.Resources.Endpoints ?? new List()) { foreach (var keyValuePair in endpoint.Authorization?.Parameters ?? new Dictionary()) { if (!string.IsNullOrEmpty(keyValuePair.Value) && MaskingUtil.IsEndpointAuthorizationParametersSecret(keyValuePair.Key)) { endpointSecretCount++; HostContext.SecretMasker.AddValue(keyValuePair.Value, $"Worker_EndpointAuthorizationParameters_{keyValuePair.Key}"); } } } // Add masks for secure file download tickets int secureFileCount = 0; foreach (SecureFile file in message.Resources.SecureFiles ?? new List()) { if (!string.IsNullOrEmpty(file.Ticket)) { secureFileCount++; HostContext.SecretMasker.AddValue(file.Ticket, WellKnownSecretAliases.SecureFileTicket); } } Trace.Info(StringUtil.Format("Secret masker initialization complete [SecretVariables:{0}, EndpointSecrets:{1}, SecureFiles:{2}]", secretCount, endpointSecretCount, secureFileCount)); } private void SetCulture(Pipelines.AgentJobRequestMessage message) { // Extract the culture name from the job's variable dictionary. // The variable does not exist for TFS 2015 RTM and Update 1. // It was introduced in Update 2. VariableValue culture; ArgUtil.NotNull(message, nameof(message)); ArgUtil.NotNull(message.Variables, nameof(message.Variables)); if (message.Variables.TryGetValue(Constants.Variables.System.Culture, out culture)) { // Set the default thread culture. HostContext.SetDefaultCulture(culture.Value); } } } } ================================================ FILE: src/Agent.Worker/WorkerCommandManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk.Knob; using Agent.Sdk.Util; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Linq; using System.Net.Sockets; using System.Collections.Generic; using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent.Worker { [ServiceLocator(Default = typeof(WorkerCommandManager))] public interface IWorkerCommandManager : IAgentService { void EnablePluginInternalCommand(bool enable); bool TryProcessCommand(IExecutionContext context, string input); } public sealed class WorkerCommandManager : AgentService, IWorkerCommandManager { private readonly Dictionary _commandExtensions = new Dictionary(StringComparer.OrdinalIgnoreCase); private IWorkerCommandExtension _pluginInternalCommandExtensions; private readonly object _commandSerializeLock = new object(); private bool _invokePluginInternalCommand = false; public override void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); // Register all command extensions var extensionManager = hostContext.GetService(); foreach (var commandExt in extensionManager.GetExtensions() ?? new List()) { Trace.Info($"Register command extension for area {commandExt.CommandArea}"); if (!string.Equals(commandExt.CommandArea, "plugininternal", StringComparison.OrdinalIgnoreCase)) { _commandExtensions[commandExt.CommandArea] = commandExt; } else { _pluginInternalCommandExtensions = commandExt; } } } public void EnablePluginInternalCommand(bool enable) { if (enable) { Trace.Info($"Enable plugin internal command extension."); _invokePluginInternalCommand = true; } else { Trace.Info($"Disable plugin internal command extension."); _invokePluginInternalCommand = false; } } public bool TryProcessCommand(IExecutionContext context, string input) { ArgUtil.NotNull(context, nameof(context)); if (string.IsNullOrEmpty(input)) { return false; } // TryParse input to Command Command command; var unescapePercents = AgentKnobs.DecodePercents.GetValue(context).AsBoolean(); if (!Command.TryParse(input, unescapePercents, out command)) { // if parse fail but input contains ##vso, print warning with DOC link if (input.IndexOf("##vso") >= 0) { context.Warning(StringUtil.Loc("CommandKeywordDetected", input)); } return false; } IWorkerCommandExtension extension = null; if (_invokePluginInternalCommand && string.Equals(command.Area, _pluginInternalCommandExtensions.CommandArea, StringComparison.OrdinalIgnoreCase)) { extension = _pluginInternalCommandExtensions; } if (extension != null || _commandExtensions.TryGetValue(command.Area, out extension)) { if (!extension.SupportedHostTypes.HasFlag(context.Variables.System_HostType)) { context.Error(StringUtil.Loc("CommandNotSupported", command.Area, context.Variables.System_HostType)); context.CommandResult = TaskResult.Failed; return false; } // process logging command in serialize order. lock (_commandSerializeLock) { try { extension.ProcessCommand(context, command); } catch (SocketException ex) { using var vssConnection = WorkerUtilities.GetVssConnection(context); ExceptionsUtil.HandleSocketException(ex, vssConnection.Uri.ToString(), context.Error); context.CommandResult = TaskResult.Failed; } catch (Exception ex) { context.Error(StringUtil.Loc("CommandProcessFailed", input)); context.Error(ex); context.CommandResult = TaskResult.Failed; } finally { // trace the ##vso command as long as the command is not a ##vso[task.debug] command. if (!(string.Equals(command.Area, "task", StringComparison.OrdinalIgnoreCase) && string.Equals(command.Event, "debug", StringComparison.OrdinalIgnoreCase))) { context.Debug($"Processed: {CommandStringConvertor.Unescape(input, unescapePercents)}"); } } } } else { context.Warning(StringUtil.Loc("CommandNotFound", command.Area)); } // Only if we've successfully parsed do we show this warning if (AgentKnobs.DecodePercents.GetValue(context).AsString() == "" && input.Contains("%AZP25")) { context.Warning("%AZP25 detected in ##vso command. In March 2021, the agent command parser will be updated to unescape this to %. To opt out of this behavior, set a job level variable DECODE_PERCENTS to false. Setting to true will force this behavior immediately. More information can be found at https://github.com/microsoft/azure-pipelines-agent/blob/master/docs/design/percentEncoding.md"); } return true; } } public interface IWorkerCommandExtension : IExtension { string CommandArea { get; } HostTypes SupportedHostTypes { get; } void ProcessCommand(IExecutionContext context, Command command); } public interface IWorkerCommand { string Name { get; } List Aliases { get; } void Execute(IExecutionContext context, Command command); } public abstract class BaseWorkerCommandExtension : AgentService, IWorkerCommandExtension { public string CommandArea { get; protected set; } public HostTypes SupportedHostTypes { get; protected set; } public Type ExtensionType => typeof(IWorkerCommandExtension); private Dictionary _commands = new Dictionary(StringComparer.OrdinalIgnoreCase); protected void InstallWorkerCommand(IWorkerCommand commandExecutor) { ArgUtil.NotNull(commandExecutor, nameof(commandExecutor)); if (_commands.ContainsKey(commandExecutor.Name)) { throw new Exception(StringUtil.Loc("CommandDuplicateDetected", commandExecutor.Name, CommandArea.ToLowerInvariant())); } _commands[commandExecutor.Name] = commandExecutor; var aliasList = commandExecutor.Aliases; if (aliasList != null) { foreach (var alias in commandExecutor.Aliases) { if (_commands.ContainsKey(alias)) { throw new Exception(StringUtil.Loc("CommandDuplicateDetected", alias, CommandArea.ToLowerInvariant())); } _commands[alias] = commandExecutor; } } } public IWorkerCommand GetWorkerCommand(String name) { _commands.TryGetValue(name, out var commandExecutor); return commandExecutor; } public void ProcessCommand(IExecutionContext context, Command command) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(command, nameof(command)); var commandExecutor = GetWorkerCommand(command.Event); if (commandExecutor == null) { throw new Exception(StringUtil.Loc("CommandNotFound2", CommandArea.ToLowerInvariant(), command.Event, CommandArea)); } var checker = context.GetHostContext().GetService(); if (checker.CheckCommand(context, commandExecutor, command)) { commandExecutor.Execute(context, command); } } } [Flags] public enum HostTypes { None = 0, Build = 1, Deployment = 2, PoolMaintenance = 4, Release = 8, All = Build | Deployment | PoolMaintenance | Release, } } ================================================ FILE: src/Agent.Worker/WorkerUtilties.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using System; using System.Collections.Generic; using System.Linq; using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent.Worker { public class WorkerUtilities { public static VssConnection GetVssConnection(IExecutionContext context) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(context.Endpoints, nameof(context.Endpoints)); ServiceEndpoint systemConnection = context.Endpoints.FirstOrDefault(e => string.Equals(e.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase)); ArgUtil.NotNull(systemConnection, nameof(systemConnection)); ArgUtil.NotNull(systemConnection.Url, nameof(systemConnection.Url)); VssCredentials credentials = VssUtil.GetVssCredential(systemConnection); ArgUtil.NotNull(credentials, nameof(credentials)); ITraceWriter trace = context.GetTraceWriter(); bool skipServerCertificateValidation = context.Variables.Agent_SslSkipCertValidation ?? false; VssConnection connection = VssUtil.CreateConnection(systemConnection.Url, credentials, trace, skipServerCertificateValidation); return connection; } public static Pipelines.AgentJobRequestMessage ScrubPiiData(Pipelines.AgentJobRequestMessage message) { ArgUtil.NotNull(message, nameof(message)); var scrubbedVariables = new Dictionary(); // Scrub the known PII variables foreach (var variable in message.Variables) { if (Variables.PiiVariables.Contains(variable.Key) || (variable.Key.StartsWith(Variables.PiiArtifactVariablePrefix, StringComparison.OrdinalIgnoreCase) && Variables.PiiArtifactVariableSuffixes.Any(varSuffix => variable.Key.EndsWith(varSuffix, StringComparison.OrdinalIgnoreCase)))) { scrubbedVariables[variable.Key] = "[PII]"; } else { scrubbedVariables[variable.Key] = variable.Value; } } var scrubbedRepositories = new List(); // Scrub the repository resources foreach (var repository in message.Resources.Repositories) { Pipelines.RepositoryResource scrubbedRepository = repository.Clone(); var versionInfo = repository.Properties.Get(Pipelines.RepositoryPropertyNames.VersionInfo); if (versionInfo != null) { scrubbedRepository.Properties.Set( Pipelines.RepositoryPropertyNames.VersionInfo, new Pipelines.VersionInfo() { Author = "[PII]" }); } scrubbedRepositories.Add(scrubbedRepository); } var scrubbedJobResources = new Pipelines.JobResources(); scrubbedJobResources.Containers.AddRange(message.Resources.Containers); scrubbedJobResources.Endpoints.AddRange(message.Resources.Endpoints); scrubbedJobResources.Repositories.AddRange(scrubbedRepositories); scrubbedJobResources.SecureFiles.AddRange(message.Resources.SecureFiles); // Reconstitute a new agent job request message from the scrubbed parts return new Pipelines.AgentJobRequestMessage( plan: message.Plan, timeline: message.Timeline, jobId: message.JobId, jobDisplayName: message.JobDisplayName, jobName: message.JobName, jobContainer: message.JobContainer, jobSidecarContainers: message.JobSidecarContainers, variables: scrubbedVariables, maskHints: message.MaskHints, jobResources: scrubbedJobResources, workspaceOptions: message.Workspace, steps: message.Steps); } // We want to prevent vso commands from running in scripts with some variables public static Pipelines.AgentJobRequestMessage DeactivateVsoCommandsFromJobMessageVariables(Pipelines.AgentJobRequestMessage message) { ArgUtil.NotNull(message, nameof(message)); ArgUtil.NotNull(message.Variables, nameof(message.Variables)); var deactivatedVariables = new Dictionary(message.Variables, StringComparer.OrdinalIgnoreCase); foreach (var variableName in Variables.VariablesVulnerableToExecution) { if (deactivatedVariables.TryGetValue(variableName, out var variable)) { var deactivatedVariable = variable ?? new VariableValue(); deactivatedVariables[variableName] = StringUtil.DeactivateVsoCommands(deactivatedVariable.Value); } } return new Pipelines.AgentJobRequestMessage( plan: message.Plan, timeline: message.Timeline, jobId: message.JobId, jobDisplayName: message.JobDisplayName, jobName: message.JobName, jobContainer: message.JobContainer, jobSidecarContainers: message.JobSidecarContainers, variables: deactivatedVariables, maskHints: message.MaskHints, jobResources: message.Resources, workspaceOptions: message.Workspace, steps: message.Steps); } public static bool IsCommandCorrelationIdValid(IExecutionContext executionContext, Command command, out bool correlationIdPresent) { ArgUtil.NotNull(executionContext, nameof(executionContext)); ArgUtil.NotNull(command, nameof(command)); correlationIdPresent = command.Properties.TryGetValue("correlationId", out string correlationId); return correlationIdPresent && correlationId.Equals(executionContext.JobSettings[WellKnownJobSettings.CommandCorrelationId], StringComparison.Ordinal); } internal static bool IsCommandResultGlibcError(IExecutionContext executionContext, List nodeVersionOutput, out string nodeInfoLineOut) { nodeInfoLineOut = ""; if (nodeVersionOutput.Count > 0) { foreach (var nodeInfoLine in nodeVersionOutput) { // detect example error from node 20 attempting to run on Ubuntu18: // /__a/externals/node20/bin/node: /lib/x86_64-linux-gnu/libm.so.6: version `GLIBC_2.27' not found (required by /__a/externals/node20/bin/node) // /__a/externals/node20/bin/node: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by /__a/externals/node20/bin/node) // /__a/externals/node20/bin/node: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by /__a/externals/node20/bin/node) if (nodeInfoLine.Contains("version `GLIBC_2.28' not found") || nodeInfoLine.Contains("version `GLIBC_2.25' not found") || nodeInfoLine.Contains("version `GLIBC_2.27' not found")) { nodeInfoLineOut = nodeInfoLine; return true; } } } return false; } } } ================================================ FILE: src/Common.props ================================================ 10.0 $(NetTargetFramework) net8.0 $(PackageRuntime) true true portable-net45+win8 NU1701;NU1603 OVERRIDE_ME OS_UNKNOWN ARCH_UNKNOWN 0.5.270-private $(CodeAnalysis) false false portable DEBUG OS_WINDOWS OS_OSX OS_LINUX X64 X86 ARM64 ARM64 X64 ARM64 X64 X64 ARM64 ARM ARM64 win-x64 win-x86 win-arm64 $(OSPlatform);$(OSArchitecture);$(DebugConstant);TRACE ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/AdditionalMaskingRegexes.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent { public static partial class AdditionalMaskingRegexes { /// /// Regexp for unreserved characters - for more details see https://datatracker.ietf.org/doc/html/rfc3986#section-2.3 /// private const string unreservedCharacters = @"[\w\.~\-]"; /// /// Regexp for percent encoded characters - for more details see https://datatracker.ietf.org/doc/html/rfc3986#section-2.1 /// private const string percentEncoded = @"(%|%AZP25)[0-9a-fA-F]{2}"; /// /// Regexp for delimeters - for more details see https://datatracker.ietf.org/doc/html/rfc3986#section-2.2 /// private const string subDelims = @"[!\$&'\(\)\*\+,;=]"; /// /// Match regexp for url /// private static string urlMatch = string.Format("({0}|{1}|{2}|:)+", unreservedCharacters, percentEncoded, subDelims); // URLs can contain secrets if they have a userinfo part // in the authority. example: https://user:pass@example.com // (see https://tools.ietf.org/html/rfc3986#section-3.2) // This regex will help filter those out of the output. // It uses a zero-width positive lookbehind to find the scheme, // the user, and the ":" and skip them. Similarly, it uses // a zero-width positive lookahead to find the "@". // It only matches on the password part. private static string urlSecretPattern = "(?<=//[^:/?#\\n]+:)" // lookbehind + urlMatch // actual match + "(?=@)"; // lookahead public static string UrlSecretPattern => urlSecretPattern; } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/AgentCertificateManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.VisualStudio.Services.Agent.Util; using System.IO; using System.Runtime.Serialization; using Microsoft.VisualStudio.Services.Common; using System.Net.Http; using Microsoft.VisualStudio.Services.WebApi; using Agent.Sdk; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(AgentCertificateManager))] public interface IAgentCertificateManager : IAgentService { bool SkipServerCertificateValidation { get; } string CACertificateFile { get; } string ClientCertificateFile { get; } string ClientCertificatePrivateKeyFile { get; } string ClientCertificateArchiveFile { get; } string ClientCertificatePassword { get; } IVssClientCertificateManager VssClientCertificateManager { get; } void SetupCertificate(bool skipCertValidation, string caCert, string clientCert, string clientCertPrivateKey, string clientCertArchive, string clientCertPassword); void SaveCertificateSetting(); void DeleteCertificateSetting(); void LoadCertificateSettings(); } public class AgentCertificateManager : AgentService, IAgentCertificateManager { private AgentClientCertificateManager _agentClientCertificateManager = new AgentClientCertificateManager(); public bool SkipServerCertificateValidation { private set; get; } public string CACertificateFile { private set; get; } public string ClientCertificateFile { private set; get; } public string ClientCertificatePrivateKeyFile { private set; get; } public string ClientCertificateArchiveFile { private set; get; } public string ClientCertificatePassword { private set; get; } public IVssClientCertificateManager VssClientCertificateManager => _agentClientCertificateManager; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); LoadCertificateSettings(); } // This should only be called from config public void SetupCertificate(bool skipCertValidation, string caCert, string clientCert, string clientCertPrivateKey, string clientCertArchive, string clientCertPassword) { Trace.Info("Setup agent certificate setting base on configuration inputs."); if (skipCertValidation) { Trace.Info("Ignore SSL server certificate validation error"); SkipServerCertificateValidation = true; VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; } if (!string.IsNullOrEmpty(caCert)) { ArgUtil.File(caCert, nameof(caCert)); Trace.Info($"Self-Signed CA '{caCert}'"); } if (!string.IsNullOrEmpty(clientCert)) { ArgUtil.File(clientCert, nameof(clientCert)); ArgUtil.File(clientCertPrivateKey, nameof(clientCertPrivateKey)); ArgUtil.File(clientCertArchive, nameof(clientCertArchive)); Trace.Info($"Client cert '{clientCert}'"); Trace.Info($"Client cert private key '{clientCertPrivateKey}'"); Trace.Info($"Client cert archive '{clientCertArchive}'"); } CACertificateFile = caCert; ClientCertificateFile = clientCert; ClientCertificatePrivateKeyFile = clientCertPrivateKey; ClientCertificateArchiveFile = clientCertArchive; ClientCertificatePassword = clientCertPassword; _agentClientCertificateManager.AddClientCertificate(ClientCertificateArchiveFile, ClientCertificatePassword); } // This should only be called from config public void SaveCertificateSetting() { string certSettingFile = HostContext.GetConfigFile(WellKnownConfigFile.Certificates); IOUtil.DeleteFile(certSettingFile); var setting = new AgentCertificateSetting(); if (SkipServerCertificateValidation) { Trace.Info($"Store Skip ServerCertificateValidation setting to '{certSettingFile}'"); setting.SkipServerCertValidation = true; } if (!string.IsNullOrEmpty(CACertificateFile)) { Trace.Info($"Store CA cert setting to '{certSettingFile}'"); setting.CACert = CACertificateFile; } if (!string.IsNullOrEmpty(ClientCertificateFile) && !string.IsNullOrEmpty(ClientCertificatePrivateKeyFile) && !string.IsNullOrEmpty(ClientCertificateArchiveFile)) { Trace.Info($"Store client cert settings to '{certSettingFile}'"); setting.ClientCert = ClientCertificateFile; setting.ClientCertPrivatekey = ClientCertificatePrivateKeyFile; setting.ClientCertArchive = ClientCertificateArchiveFile; if (!string.IsNullOrEmpty(ClientCertificatePassword)) { string lookupKey = Guid.NewGuid().ToString("D").ToUpperInvariant(); Trace.Info($"Store client cert private key password with lookup key {lookupKey}"); var credStore = HostContext.GetService(); credStore.Write($"VSTS_AGENT_CLIENT_CERT_PASSWORD_{lookupKey}", "VSTS", ClientCertificatePassword); setting.ClientCertPasswordLookupKey = lookupKey; } } if (SkipServerCertificateValidation || !string.IsNullOrEmpty(CACertificateFile) || !string.IsNullOrEmpty(ClientCertificateFile)) { IOUtil.SaveObject(setting, certSettingFile); File.SetAttributes(certSettingFile, File.GetAttributes(certSettingFile) | FileAttributes.Hidden); } } // This should only be called from unconfig public void DeleteCertificateSetting() { string certSettingFile = HostContext.GetConfigFile(WellKnownConfigFile.Certificates); if (File.Exists(certSettingFile)) { Trace.Info($"Load agent certificate setting from '{certSettingFile}'"); var certSetting = IOUtil.LoadObject(certSettingFile); if (certSetting != null && !string.IsNullOrEmpty(certSetting.ClientCertPasswordLookupKey)) { Trace.Info("Delete client cert private key password from credential store."); var credStore = HostContext.GetService(); credStore.Delete($"VSTS_AGENT_CLIENT_CERT_PASSWORD_{certSetting.ClientCertPasswordLookupKey}"); } Trace.Info($"Delete cert setting file: {certSettingFile}"); IOUtil.DeleteFile(certSettingFile); } } public void LoadCertificateSettings() { string certSettingFile = HostContext.GetConfigFile(WellKnownConfigFile.Certificates); if (File.Exists(certSettingFile)) { Trace.Info($"Load agent certificate setting from '{certSettingFile}'"); var certSetting = IOUtil.LoadObject(certSettingFile); ArgUtil.NotNull(certSetting, nameof(AgentCertificateSetting)); if (certSetting.SkipServerCertValidation) { Trace.Info("Ignore SSL server certificate validation error"); SkipServerCertificateValidation = true; VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; } if (!string.IsNullOrEmpty(certSetting.CACert)) { // make sure all settings file exist ArgUtil.File(certSetting.CACert, nameof(certSetting.CACert)); Trace.Info($"CA '{certSetting.CACert}'"); CACertificateFile = certSetting.CACert; } if (!string.IsNullOrEmpty(certSetting.ClientCert)) { // make sure all settings file exist ArgUtil.File(certSetting.ClientCert, nameof(certSetting.ClientCert)); ArgUtil.File(certSetting.ClientCertPrivatekey, nameof(certSetting.ClientCertPrivatekey)); ArgUtil.File(certSetting.ClientCertArchive, nameof(certSetting.ClientCertArchive)); Trace.Info($"Client cert '{certSetting.ClientCert}'"); Trace.Info($"Client cert private key '{certSetting.ClientCertPrivatekey}'"); Trace.Info($"Client cert archive '{certSetting.ClientCertArchive}'"); ClientCertificateFile = certSetting.ClientCert; ClientCertificatePrivateKeyFile = certSetting.ClientCertPrivatekey; ClientCertificateArchiveFile = certSetting.ClientCertArchive; if (!string.IsNullOrEmpty(certSetting.ClientCertPasswordLookupKey)) { var cerdStore = HostContext.GetService(); ClientCertificatePassword = cerdStore.Read($"VSTS_AGENT_CLIENT_CERT_PASSWORD_{certSetting.ClientCertPasswordLookupKey}").Password; HostContext.SecretMasker.AddValue(ClientCertificatePassword, WellKnownSecretAliases.ClientCertificatePassword); } _agentClientCertificateManager.AddClientCertificate(ClientCertificateArchiveFile, ClientCertificatePassword); } } else { Trace.Info("No certificate setting found."); } } } [DataContract] internal class AgentCertificateSetting { [DataMember] public bool SkipServerCertValidation { get; set; } [DataMember] public string CACert { get; set; } [DataMember] public string ClientCert { get; set; } [DataMember] public string ClientCertPrivatekey { get; set; } [DataMember] public string ClientCertArchive { get; set; } [DataMember] public string ClientCertPasswordLookupKey { get; set; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/AgentCredentialStore/LinuxAgentCredentialStore.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Threading; using Microsoft.VisualStudio.Services.Agent.Util; using System.IO; using System.Runtime.Serialization; using System.Security.Cryptography; namespace Microsoft.VisualStudio.Services.Agent { public sealed class LinuxAgentCredentialStore : AgentService, IAgentCredentialStore { // 'msftvsts' 128 bits iv private readonly byte[] iv = new byte[] { 0x36, 0x64, 0x37, 0x33, 0x36, 0x36, 0x37, 0x34, 0x37, 0x36, 0x37, 0x33, 0x37, 0x34, 0x37, 0x33 }; // 256 bits key private byte[] _symmetricKey; private string _credStoreFile; private Dictionary _credStore; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _credStoreFile = hostContext.GetConfigFile(WellKnownConfigFile.CredentialStore); if (File.Exists(_credStoreFile)) { _credStore = IOUtil.LoadObject>(_credStoreFile); } else { _credStore = new Dictionary(StringComparer.OrdinalIgnoreCase); } string machineId; if (File.Exists("/etc/machine-id")) { // try use machine-id as encryption key // this helps avoid accidental information disclosure, but isn't intended for true security machineId = File.ReadAllLines("/etc/machine-id").FirstOrDefault(); Trace.Info($"machine-id length {machineId?.Length ?? 0}."); // machine-id doesn't exist or machine-id is not 256 bits if (string.IsNullOrEmpty(machineId) || machineId.Length != 32) { Trace.Warning("Can not get valid machine id from '/etc/machine-id'."); machineId = "5f767374735f6167656e745f63726564"; //_vsts_agent_cred } } else { // /etc/machine-id not exist Trace.Warning("/etc/machine-id doesn't exist."); machineId = "5f767374735f6167656e745f63726564"; //_vsts_agent_cred } List keyBuilder = new List(); foreach (var c in machineId) { keyBuilder.Add(Convert.ToByte(c)); } _symmetricKey = keyBuilder.ToArray(); } public NetworkCredential Write(string target, string username, string password) { Trace.Entering(); ArgUtil.NotNullOrEmpty(target, nameof(target)); ArgUtil.NotNullOrEmpty(username, nameof(username)); ArgUtil.NotNullOrEmpty(password, nameof(password)); Trace.Info($"Store credential for '{target}' to cred store."); Credential cred = new Credential(username, Encrypt(password)); _credStore[target] = cred; SyncCredentialStoreFile(); return new NetworkCredential(username, password); } public NetworkCredential Read(string target) { Trace.Entering(); ArgUtil.NotNullOrEmpty(target, nameof(target)); Trace.Info($"Read credential for '{target}' from cred store."); if (_credStore.ContainsKey(target)) { Credential cred = _credStore[target]; if (!string.IsNullOrEmpty(cred.UserName) && !string.IsNullOrEmpty(cred.Password)) { Trace.Info($"Return credential for '{target}' from cred store."); return new NetworkCredential(cred.UserName, Decrypt(cred.Password)); } } throw new KeyNotFoundException(target); } public void Delete(string target) { Trace.Entering(); ArgUtil.NotNullOrEmpty(target, nameof(target)); if (_credStore.ContainsKey(target)) { Trace.Info($"Delete credential for '{target}' from cred store."); _credStore.Remove(target); SyncCredentialStoreFile(); } else { throw new KeyNotFoundException(target); } } private void SyncCredentialStoreFile() { Trace.Entering(); Trace.Info("Sync in-memory credential store with credential store file."); // delete cred store file when all creds gone if (_credStore.Count == 0) { IOUtil.DeleteFile(_credStoreFile); return; } if (!File.Exists(_credStoreFile)) { CreateCredentialStoreFile(); } IOUtil.SaveObject(_credStore, _credStoreFile); } private string Encrypt(string secret) { using (Aes aes = Aes.Create()) { aes.Key = _symmetricKey; aes.IV = iv; // Create a decrytor to perform the stream transform. ICryptoTransform encryptor = aes.CreateEncryptor(); // Create the streams used for encryption. using (MemoryStream msEncrypt = new MemoryStream()) { using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)) { using (StreamWriter swEncrypt = new StreamWriter(csEncrypt)) { swEncrypt.Write(secret); } return Convert.ToBase64String(msEncrypt.ToArray()); } } } } private string Decrypt(string encryptedText) { using (Aes aes = Aes.Create()) { aes.Key = _symmetricKey; aes.IV = iv; // Create a decrytor to perform the stream transform. ICryptoTransform decryptor = aes.CreateDecryptor(); // Create the streams used for decryption. using (MemoryStream msDecrypt = new MemoryStream(Convert.FromBase64String(encryptedText))) { using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)) { using (StreamReader srDecrypt = new StreamReader(csDecrypt)) { // Read the decrypted bytes from the decrypting stream and place them in a string. return srDecrypt.ReadToEnd(); } } } } } private void CreateCredentialStoreFile() { File.WriteAllText(_credStoreFile, ""); File.SetAttributes(_credStoreFile, File.GetAttributes(_credStoreFile) | FileAttributes.Hidden); // Try to lock down the .credentials_store file to the owner/group var chmodPath = WhichUtil.Which("chmod", trace: Trace); if (!String.IsNullOrEmpty(chmodPath)) { var arguments = $"600 {new FileInfo(_credStoreFile).FullName}"; using (var invoker = HostContext.CreateService()) { var exitCode = invoker.ExecuteAsync(HostContext.GetDirectory(WellKnownDirectory.Root), chmodPath, arguments, null, default(CancellationToken)).GetAwaiter().GetResult(); if (exitCode == 0) { Trace.Info(StringUtil.Format("Successfully set permissions for credentials store file {0}", _credStoreFile)); } else { Trace.Warning(StringUtil.Format("Unable to successfully set permissions for credentials store file {0}. Received exit code {1} from {2}", _credStoreFile, exitCode, chmodPath)); } } } else { Trace.Warning(StringUtil.Format("Unable to locate chmod to set permissions for credentials store file {0}.", _credStoreFile)); } } } [DataContract] internal class Credential { public Credential() { } public Credential(string userName, string password) { UserName = userName; Password = password; } [DataMember(IsRequired = true)] public string UserName { get; set; } [DataMember(IsRequired = true)] public string Password { get; set; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/AgentCredentialStore/MacOSAgentCredentialStore.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Text; using System.Threading; using Microsoft.VisualStudio.Services.Agent.Util; using System.IO; namespace Microsoft.VisualStudio.Services.Agent { public sealed class MacOSAgentCredentialStore : AgentService, IAgentCredentialStore { // Keychain requires a password, but this is not intended to add security private const string _osxAgentCredStoreKeyChainPassword = "A1DC2A63B3D14817A64619FDDBC92264"; private string _securityUtil; private string _agentCredStoreKeyChain; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _securityUtil = WhichUtil.Which("security", true, Trace); _agentCredStoreKeyChain = hostContext.GetConfigFile(WellKnownConfigFile.CredentialStore); // Create osx key chain if it doesn't exists. if (!File.Exists(_agentCredStoreKeyChain)) { List securityOut = new List(); List securityError = new List(); object outputLock = new object(); using (var p = HostContext.CreateService()) { p.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stdout) { if (!string.IsNullOrEmpty(stdout.Data)) { lock (outputLock) { securityOut.Add(stdout.Data); } } }; p.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stderr) { if (!string.IsNullOrEmpty(stderr.Data)) { lock (outputLock) { securityError.Add(stderr.Data); } } }; // make sure the 'security' has access to the key so we won't get prompt at runtime. int exitCode = p.ExecuteAsync(workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Root), fileName: _securityUtil, arguments: $"create-keychain -p {_osxAgentCredStoreKeyChainPassword} \"{_agentCredStoreKeyChain}\"", environment: null, cancellationToken: CancellationToken.None).GetAwaiter().GetResult(); if (exitCode == 0) { Trace.Info($"Successfully create-keychain for {_agentCredStoreKeyChain}"); } else { if (securityOut.Count > 0) { Trace.Error(string.Join(Environment.NewLine, securityOut)); } if (securityError.Count > 0) { Trace.Error(string.Join(Environment.NewLine, securityError)); } throw new InvalidOperationException($"'security create-keychain' failed with exit code {exitCode}."); } } } else { // Try unlock and lock the keychain, make sure it's still in good stage UnlockKeyChain(); LockKeyChain(); } } public NetworkCredential Write(string target, string username, string password) { Trace.Entering(); ArgUtil.NotNullOrEmpty(target, nameof(target)); ArgUtil.NotNullOrEmpty(username, nameof(username)); ArgUtil.NotNullOrEmpty(password, nameof(password)); try { UnlockKeyChain(); // base64encode username + ':' + base64encode password // OSX keychain requires you provide -s target and -a username to retrieve password // So, we will trade both username and password as 'secret' store into keychain string usernameBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(username)); string passwordBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(password)); string secretForKeyChain = $"{usernameBase64}:{passwordBase64}"; List securityOut = new List(); List securityError = new List(); object outputLock = new object(); using (var p = HostContext.CreateService()) { p.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stdout) { if (!string.IsNullOrEmpty(stdout.Data)) { lock (outputLock) { securityOut.Add(stdout.Data); } } }; p.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stderr) { if (!string.IsNullOrEmpty(stderr.Data)) { lock (outputLock) { securityError.Add(stderr.Data); } } }; // make sure the 'security' has access to the key so we won't get prompt at runtime. int exitCode = p.ExecuteAsync(workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Root), fileName: _securityUtil, arguments: $"add-generic-password -s {target} -a VSTSAGENT -w {secretForKeyChain} -T \"{_securityUtil}\" \"{_agentCredStoreKeyChain}\"", environment: null, cancellationToken: CancellationToken.None).GetAwaiter().GetResult(); if (exitCode == 0) { Trace.Info($"Successfully add-generic-password for {target} (VSTSAGENT)"); } else { if (securityOut.Count > 0) { Trace.Error(string.Join(Environment.NewLine, securityOut)); } if (securityError.Count > 0) { Trace.Error(string.Join(Environment.NewLine, securityError)); } throw new InvalidOperationException($"'security add-generic-password' failed with exit code {exitCode}."); } } return new NetworkCredential(username, password); } finally { LockKeyChain(); } } public NetworkCredential Read(string target) { Trace.Entering(); ArgUtil.NotNullOrEmpty(target, nameof(target)); try { UnlockKeyChain(); string username; string password; List securityOut = new List(); List securityError = new List(); object outputLock = new object(); using (var p = HostContext.CreateService()) { p.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stdout) { if (!string.IsNullOrEmpty(stdout.Data)) { lock (outputLock) { securityOut.Add(stdout.Data); } } }; p.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stderr) { if (!string.IsNullOrEmpty(stderr.Data)) { lock (outputLock) { securityError.Add(stderr.Data); } } }; int exitCode = p.ExecuteAsync(workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Root), fileName: _securityUtil, arguments: $"find-generic-password -s {target} -a VSTSAGENT -w -g \"{_agentCredStoreKeyChain}\"", environment: null, cancellationToken: CancellationToken.None).GetAwaiter().GetResult(); if (exitCode == 0) { string keyChainSecret = securityOut.First(); string[] secrets = keyChainSecret.Split(':'); if (secrets.Length == 2 && !string.IsNullOrEmpty(secrets[0]) && !string.IsNullOrEmpty(secrets[1])) { Trace.Info($"Successfully find-generic-password for {target} (VSTSAGENT)"); username = Encoding.UTF8.GetString(Convert.FromBase64String(secrets[0])); password = Encoding.UTF8.GetString(Convert.FromBase64String(secrets[1])); return new NetworkCredential(username, password); } else { throw new ArgumentOutOfRangeException(nameof(keyChainSecret)); } } else { if (securityOut.Count > 0) { Trace.Error(string.Join(Environment.NewLine, securityOut)); } if (securityError.Count > 0) { Trace.Error(string.Join(Environment.NewLine, securityError)); } throw new InvalidOperationException($"'security find-generic-password' failed with exit code {exitCode}."); } } } finally { LockKeyChain(); } } public void Delete(string target) { Trace.Entering(); ArgUtil.NotNullOrEmpty(target, nameof(target)); try { UnlockKeyChain(); List securityOut = new List(); List securityError = new List(); object outputLock = new object(); using (var p = HostContext.CreateService()) { p.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stdout) { if (!string.IsNullOrEmpty(stdout.Data)) { lock (outputLock) { securityOut.Add(stdout.Data); } } }; p.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stderr) { if (!string.IsNullOrEmpty(stderr.Data)) { lock (outputLock) { securityError.Add(stderr.Data); } } }; int exitCode = p.ExecuteAsync(workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Root), fileName: _securityUtil, arguments: $"delete-generic-password -s {target} -a VSTSAGENT \"{_agentCredStoreKeyChain}\"", environment: null, cancellationToken: CancellationToken.None).GetAwaiter().GetResult(); if (exitCode == 0) { Trace.Info($"Successfully delete-generic-password for {target} (VSTSAGENT)"); } else { if (securityOut.Count > 0) { Trace.Error(string.Join(Environment.NewLine, securityOut)); } if (securityError.Count > 0) { Trace.Error(string.Join(Environment.NewLine, securityError)); } throw new InvalidOperationException($"'security delete-generic-password' failed with exit code {exitCode}."); } } } finally { LockKeyChain(); } } private void UnlockKeyChain() { Trace.Entering(); ArgUtil.NotNullOrEmpty(_securityUtil, nameof(_securityUtil)); ArgUtil.NotNullOrEmpty(_agentCredStoreKeyChain, nameof(_agentCredStoreKeyChain)); List securityOut = new List(); List securityError = new List(); object outputLock = new object(); using (var p = HostContext.CreateService()) { p.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stdout) { if (!string.IsNullOrEmpty(stdout.Data)) { lock (outputLock) { securityOut.Add(stdout.Data); } } }; p.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stderr) { if (!string.IsNullOrEmpty(stderr.Data)) { lock (outputLock) { securityError.Add(stderr.Data); } } }; // make sure the 'security' has access to the key so we won't get prompt at runtime. int exitCode = p.ExecuteAsync(workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Root), fileName: _securityUtil, arguments: $"unlock-keychain -p {_osxAgentCredStoreKeyChainPassword} \"{_agentCredStoreKeyChain}\"", environment: null, cancellationToken: CancellationToken.None).GetAwaiter().GetResult(); if (exitCode == 0) { Trace.Info($"Successfully unlock-keychain for {_agentCredStoreKeyChain}"); } else { if (securityOut.Count > 0) { Trace.Error(string.Join(Environment.NewLine, securityOut)); } if (securityError.Count > 0) { Trace.Error(string.Join(Environment.NewLine, securityError)); } throw new InvalidOperationException($"'security unlock-keychain' failed with exit code {exitCode}."); } } } private void LockKeyChain() { Trace.Entering(); ArgUtil.NotNullOrEmpty(_securityUtil, nameof(_securityUtil)); ArgUtil.NotNullOrEmpty(_agentCredStoreKeyChain, nameof(_agentCredStoreKeyChain)); List securityOut = new List(); List securityError = new List(); object outputLock = new object(); using (var p = HostContext.CreateService()) { p.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stdout) { if (!string.IsNullOrEmpty(stdout.Data)) { lock (outputLock) { securityOut.Add(stdout.Data); } } }; p.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stderr) { if (!string.IsNullOrEmpty(stderr.Data)) { lock (outputLock) { securityError.Add(stderr.Data); } } }; // make sure the 'security' has access to the key so we won't get prompt at runtime. int exitCode = p.ExecuteAsync(workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Root), fileName: _securityUtil, arguments: $"lock-keychain \"{_agentCredStoreKeyChain}\"", environment: null, cancellationToken: CancellationToken.None).GetAwaiter().GetResult(); if (exitCode == 0) { Trace.Info($"Successfully lock-keychain for {_agentCredStoreKeyChain}"); } else { if (securityOut.Count > 0) { Trace.Error(string.Join(Environment.NewLine, securityOut)); } if (securityError.Count > 0) { Trace.Error(string.Join(Environment.NewLine, securityError)); } throw new InvalidOperationException($"'security lock-keychain' failed with exit code {exitCode}."); } } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/AgentCredentialStore/NoOpAgentCredentialStore.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.Net; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent { public sealed class NoOpAgentCredentialStore : AgentService, IAgentCredentialStore { public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); } public NetworkCredential Write(string target, string username, string password) { Trace.Entering(); ArgUtil.NotNullOrEmpty(target, nameof(target)); ArgUtil.NotNullOrEmpty(username, nameof(username)); ArgUtil.NotNullOrEmpty(password, nameof(password)); Trace.Info($"Attempt to store credential for '{target}' to cred store."); return new NetworkCredential(username, password); } public NetworkCredential Read(string target) { Trace.Entering(); ArgUtil.NotNullOrEmpty(target, nameof(target)); Trace.Info($"Attempt to read credential for '{target}' from cred store."); throw new KeyNotFoundException(target); } public void Delete(string target) { Trace.Entering(); ArgUtil.NotNullOrEmpty(target, nameof(target)); Trace.Info($"Attempt to delete credential for '{target}' from cred store."); throw new KeyNotFoundException(target); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/AgentCredentialStore/WindowsAgentCredentialStore.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.ComponentModel; using System.IO; using System.Net; using System.Runtime.InteropServices; using System.Runtime.Versioning; using System.Security.Cryptography; using System.Text; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent { // Windows credential store is per user. // This is a limitation for user configure the agent run as windows service, when user's current login account is different with the service run as account. // Ex: I login the box as domain\admin, configure the agent as windows service and run as domian\buildserver // domain\buildserver won't read the stored credential from domain\admin's windows credential store. // To workaround this limitation. // Anytime we try to save a credential: // 1. store it into current user's windows credential store // 2. use DP-API do a machine level encrypt and store the encrypted content on disk. // At the first time we try to read the credential: // 1. read from current user's windows credential store, delete the DP-API encrypted backup content on disk if the windows credential store read succeed. // 2. if credential not found in current user's windows credential store, read from the DP-API encrypted backup content on disk, // write the credential back the current user's windows credential store and delete the backup on disk. [SupportedOSPlatform("windows")] public sealed class WindowsAgentCredentialStore : AgentService, IAgentCredentialStore { private string _credStoreFile; private Dictionary _credStore; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _credStoreFile = hostContext.GetConfigFile(WellKnownConfigFile.CredentialStore); if (File.Exists(_credStoreFile)) { _credStore = IOUtil.LoadObject>(_credStoreFile); } else { _credStore = new Dictionary(StringComparer.OrdinalIgnoreCase); } } public NetworkCredential Write(string target, string username, string password) { Trace.Entering(); ArgUtil.NotNullOrEmpty(target, nameof(target)); ArgUtil.NotNullOrEmpty(username, nameof(username)); ArgUtil.NotNullOrEmpty(password, nameof(password)); // save to .credential_store file first, then Windows credential store string usernameBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(username)); string passwordBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(password)); // Base64Username:Base64Password -> DP-API machine level encrypt -> Base64Encoding string encryptedUsernamePassword = Convert.ToBase64String(ProtectedData.Protect(Encoding.UTF8.GetBytes($"{usernameBase64}:{passwordBase64}"), null, DataProtectionScope.LocalMachine)); Trace.Info($"Credentials for '{target}' written to credential store file."); _credStore[target] = encryptedUsernamePassword; // save to .credential_store file SyncCredentialStoreFile(); // save to Windows Credential Store return WriteInternal(target, username, password); } public NetworkCredential Read(string target) { Trace.Entering(); ArgUtil.NotNullOrEmpty(target, nameof(target)); IntPtr credPtr = IntPtr.Zero; try { if (CredRead(target, CredentialType.Generic, 0, out credPtr)) { Credential credStruct = (Credential)Marshal.PtrToStructure(credPtr, typeof(Credential)); int passwordLength = (int)credStruct.CredentialBlobSize; string password = passwordLength > 0 ? Marshal.PtrToStringUni(credStruct.CredentialBlob, passwordLength / sizeof(char)) : String.Empty; string username = Marshal.PtrToStringUni(credStruct.UserName); Trace.Info($"Credentials for '{target}' read from windows credential store."); // delete from .credential_store file since we are able to read it from windows credential store if (_credStore.Remove(target)) { Trace.Info($"Delete credentials for '{target}' from credential store file."); SyncCredentialStoreFile(); } return new NetworkCredential(username, password); } else { // Can't read from Windows Credential Store, fail back to .credential_store file if (_credStore.ContainsKey(target) && !string.IsNullOrEmpty(_credStore[target])) { Trace.Info($"Credentials for '{target}' read from credential store file."); // Base64Decode -> DP-API machine level decrypt -> Base64Username:Base64Password -> Base64Decode string decryptedUsernamePassword = Encoding.UTF8.GetString(ProtectedData.Unprotect(Convert.FromBase64String(_credStore[target]), null, DataProtectionScope.LocalMachine)); string[] credential = decryptedUsernamePassword.Split(':'); if (credential.Length == 2 && !string.IsNullOrEmpty(credential[0]) && !string.IsNullOrEmpty(credential[1])) { string username = Encoding.UTF8.GetString(Convert.FromBase64String(credential[0])); string password = Encoding.UTF8.GetString(Convert.FromBase64String(credential[1])); // store back to windows credential store for current user NetworkCredential creds = WriteInternal(target, username, password); // delete from .credential_store file since we are able to write the credential to windows credential store for current user. if (_credStore.Remove(target)) { Trace.Info($"Delete credentials for '{target}' from credential store file."); SyncCredentialStoreFile(); } return creds; } else { throw new ArgumentOutOfRangeException(nameof(decryptedUsernamePassword)); } } throw new Win32Exception(Marshal.GetLastWin32Error(), $"CredRead throw an error for '{target}'"); } } finally { if (credPtr != IntPtr.Zero) { CredFree(credPtr); } } } public void Delete(string target) { Trace.Entering(); ArgUtil.NotNullOrEmpty(target, nameof(target)); // remove from .credential_store file if (_credStore.Remove(target)) { Trace.Info($"Delete credentials for '{target}' from credential store file."); SyncCredentialStoreFile(); } // remove from windows credential store if (!CredDelete(target, CredentialType.Generic, 0)) { throw new Win32Exception(Marshal.GetLastWin32Error(), $"Failed to delete credentials for {target}"); } else { Trace.Info($"Credentials for '{target}' deleted from windows credential store."); } } private NetworkCredential WriteInternal(string target, string username, string password) { // save to Windows Credential Store Credential credential = new Credential() { Type = CredentialType.Generic, Persist = (UInt32)CredentialPersist.LocalMachine, TargetName = Marshal.StringToCoTaskMemUni(target), UserName = Marshal.StringToCoTaskMemUni(username), CredentialBlob = Marshal.StringToCoTaskMemUni(password), CredentialBlobSize = (UInt32)Encoding.Unicode.GetByteCount(password), AttributeCount = 0, Comment = IntPtr.Zero, Attributes = IntPtr.Zero, TargetAlias = IntPtr.Zero }; try { if (CredWrite(ref credential, 0)) { Trace.Info($"Credentials for '{target}' written to windows credential store."); return new NetworkCredential(username, password); } else { int error = Marshal.GetLastWin32Error(); throw new Win32Exception(error, "Failed to write credentials"); } } finally { if (credential.CredentialBlob != IntPtr.Zero) { Marshal.FreeCoTaskMem(credential.CredentialBlob); } if (credential.TargetName != IntPtr.Zero) { Marshal.FreeCoTaskMem(credential.TargetName); } if (credential.UserName != IntPtr.Zero) { Marshal.FreeCoTaskMem(credential.UserName); } } } private void SyncCredentialStoreFile() { Trace.Info("Sync in-memory credential store with credential store file."); // delete the cred store file first anyway, since it's a readonly file. IOUtil.DeleteFile(_credStoreFile); // delete cred store file when all creds gone if (_credStore.Count == 0) { return; } else { IOUtil.SaveObject(_credStore, _credStoreFile); File.SetAttributes(_credStoreFile, File.GetAttributes(_credStoreFile) | FileAttributes.Hidden); } } [DllImport("Advapi32.dll", EntryPoint = "CredDeleteW", CharSet = CharSet.Unicode, SetLastError = true)] internal static extern bool CredDelete(string target, CredentialType type, int reservedFlag); [DllImport("Advapi32.dll", EntryPoint = "CredReadW", CharSet = CharSet.Unicode, SetLastError = true)] internal static extern bool CredRead(string target, CredentialType type, int reservedFlag, out IntPtr CredentialPtr); [DllImport("Advapi32.dll", EntryPoint = "CredWriteW", CharSet = CharSet.Unicode, SetLastError = true)] internal static extern bool CredWrite([In] ref Credential userCredential, [In] UInt32 flags); [DllImport("Advapi32.dll", EntryPoint = "CredFree", SetLastError = true)] internal static extern bool CredFree([In] IntPtr cred); internal enum CredentialPersist : UInt32 { Session = 0x01, LocalMachine = 0x02 } internal enum CredentialType : uint { Generic = 0x01, DomainPassword = 0x02, DomainCertificate = 0x03 } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] internal struct Credential { public UInt32 Flags; public CredentialType Type; public IntPtr TargetName; public IntPtr Comment; public System.Runtime.InteropServices.ComTypes.FILETIME LastWritten; public UInt32 CredentialBlobSize; public IntPtr CredentialBlob; public UInt32 Persist; public UInt32 AttributeCount; public IntPtr Attributes; public IntPtr TargetAlias; public IntPtr UserName; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/AgentServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; using System.Collections.Generic; using System.Net.Sockets; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Common; using Agent.Sdk.Util; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent { public enum AgentConnectionType { Generic, MessageQueue, JobRequest } [ServiceLocator(Default = typeof(AgentServer))] public interface IAgentServer : IAgentService { Task ConnectAsync(Uri serverUrl, VssCredentials credentials); Task RefreshConnectionAsync(AgentConnectionType connectionType, TimeSpan? timeout = null); void ResetConnectionTimeout(AgentConnectionType connectionType, TimeSpan? timeout = null); // Configuration Task AddAgentAsync(Int32 agentPoolId, TaskAgent agent); Task DeleteAgentAsync(int agentPoolId, int agentId); Task> GetAgentPoolsAsync(string agentPoolName, TaskAgentPoolType poolType = TaskAgentPoolType.Automation); Task> GetAgentsAsync(int agentPoolId, string agentName = null); Task UpdateAgentAsync(int agentPoolId, TaskAgent agent); // messagequeue Task CreateAgentSessionAsync(Int32 poolId, TaskAgentSession session, CancellationToken cancellationToken); Task DeleteAgentMessageAsync(Int32 poolId, Int64 messageId, Guid sessionId, CancellationToken cancellationToken); Task DeleteAgentSessionAsync(Int32 poolId, Guid sessionId, CancellationToken cancellationToken); Task GetAgentMessageAsync(Int32 poolId, Guid sessionId, Int64? lastMessageId, CancellationToken cancellationToken); // job request Task GetAgentRequestAsync(int poolId, long requestId, CancellationToken cancellationToken); Task RenewAgentRequestAsync(int poolId, long requestId, Guid lockToken, CancellationToken cancellationToken); Task FinishAgentRequestAsync(int poolId, long requestId, Guid lockToken, DateTime finishTime, TaskResult result, CancellationToken cancellationToken); // agent package Task> GetPackagesAsync(string packageType, string platform, int top, CancellationToken cancellationToken); Task GetPackageAsync(string packageType, string platform, string version, CancellationToken cancellationToken); // agent update Task UpdateAgentUpdateStateAsync(int agentPoolId, int agentId, string currentState); } public sealed class AgentServer : AgentService, IAgentServer { private bool _hasGenericConnection; private bool _hasMessageConnection; private bool _hasRequestConnection; private VssConnection _genericConnection; private VssConnection _messageConnection; private VssConnection _requestConnection; private TaskAgentHttpClient _genericTaskAgentClient; private TaskAgentHttpClient _messageTaskAgentClient; private TaskAgentHttpClient _requestTaskAgentClient; public async Task ConnectAsync(Uri serverUrl, VssCredentials credentials) { // Establish the first connection before doing the rest in parallel to eliminate the redundant 401s. // issue: https://github.com/microsoft/azure-pipelines-agent/issues/3149 // Read timeout from environment variable (VSTS_HTTP_TIMEOUT), default to 100 seconds TimeSpan connectionTimeout = GetConnectionTimeout(AgentConnectionType.Generic, null); Task task1 = EstablishVssConnection(serverUrl, credentials, connectionTimeout); _genericConnection = await task1; // MessageQueue connection for long-polling - uses full timeout from environment variable TimeSpan messageQueueTimeout = GetConnectionTimeout(AgentConnectionType.MessageQueue, null); Task task2 = EstablishVssConnection(serverUrl, credentials, messageQueueTimeout); // JobRequest connection uses capped timeout (max 100s) to ensure job lock renewals // happen within the ~5 minute lock window. With 60s between renewals, timeout must be // < 240s to avoid lock expiration, so we cap at 100s for safety. TimeSpan jobRequestTimeout = GetConnectionTimeout(AgentConnectionType.JobRequest, null); Task task3 = EstablishVssConnection(serverUrl, credentials, jobRequestTimeout); await Task.WhenAll(task2, task3); _messageConnection = task2.Result; _requestConnection = task3.Result; _genericTaskAgentClient = _genericConnection.GetClient(); _messageTaskAgentClient = _messageConnection.GetClient(); _requestTaskAgentClient = _requestConnection.GetClient(); _hasGenericConnection = true; _hasMessageConnection = true; _hasRequestConnection = true; } // Refresh connection is best effort. it should never throw exception public async Task RefreshConnectionAsync(AgentConnectionType connectionType, TimeSpan? timeout = null) { TimeSpan actualTimeout = GetConnectionTimeout(connectionType, timeout); Trace.Info($"Refresh {connectionType} VssConnection to get on a different AFD node."); VssConnection newConnection = null; switch (connectionType) { case AgentConnectionType.MessageQueue: try { _hasMessageConnection = false; newConnection = await EstablishVssConnection(_messageConnection.Uri, _messageConnection.Credentials, actualTimeout); var client = newConnection.GetClient(); _messageConnection = newConnection; _messageTaskAgentClient = client; } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, _requestConnection.Uri.ToString(), (msg) => Trace.Error(msg)); newConnection?.Dispose(); } catch (Exception ex) { Trace.Error($"Catch exception during reset {connectionType} connection."); Trace.Error(ex); newConnection?.Dispose(); } finally { _hasMessageConnection = true; } break; case AgentConnectionType.JobRequest: try { _hasRequestConnection = false; newConnection = await EstablishVssConnection(_requestConnection.Uri, _requestConnection.Credentials, actualTimeout); var client = newConnection.GetClient(); _requestConnection = newConnection; _requestTaskAgentClient = client; } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, _requestConnection.Uri.ToString(), (msg) => Trace.Error(msg)); newConnection?.Dispose(); } catch (Exception ex) { Trace.Error($"Catch exception during reset {connectionType} connection."); Trace.Error(ex); newConnection?.Dispose(); } finally { _hasRequestConnection = true; } break; case AgentConnectionType.Generic: try { _hasGenericConnection = false; newConnection = await EstablishVssConnection(_genericConnection.Uri, _genericConnection.Credentials, actualTimeout); var client = newConnection.GetClient(); _genericConnection = newConnection; _genericTaskAgentClient = client; } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, _requestConnection.Uri.ToString(), (msg) => Trace.Error(msg)); newConnection?.Dispose(); } catch (Exception ex) { Trace.Error($"Catch exception during reset {connectionType} connection."); Trace.Error(ex); newConnection?.Dispose(); } finally { _hasGenericConnection = true; } break; default: Trace.Error($"Unexpected connection type: {connectionType}."); break; } } public void ResetConnectionTimeout(AgentConnectionType connectionType, TimeSpan? timeout = null) { TimeSpan actualTimeout = GetConnectionTimeout(connectionType, timeout); Trace.Info($"Set {connectionType} VssConnection's timeout to {actualTimeout.TotalSeconds} seconds."); switch (connectionType) { case AgentConnectionType.JobRequest: _requestConnection.Settings.SendTimeout = actualTimeout; break; case AgentConnectionType.MessageQueue: _messageConnection.Settings.SendTimeout = actualTimeout; break; case AgentConnectionType.Generic: _genericConnection.Settings.SendTimeout = actualTimeout; break; default: Trace.Error($"Unexpected connection type: {connectionType}."); break; } } private async Task EstablishVssConnection(Uri serverUrl, VssCredentials credentials, TimeSpan timeout) { Trace.Info($"Establish connection with {timeout.TotalSeconds} seconds timeout."); int attemptCount = 5; var agentCertManager = HostContext.GetService(); while (attemptCount-- > 0) { var connection = VssUtil.CreateConnection(serverUrl, credentials, timeout: timeout, trace: Trace, skipServerCertificateValidation: agentCertManager.SkipServerCertificateValidation); try { await connection.ConnectAsync(); return connection; } catch (Exception ex) when (attemptCount > 0) { Trace.Info($"Catch exception during connect. {attemptCount} attempt left."); Trace.Error(ex); await HostContext.Delay(TimeSpan.FromMilliseconds(100), CancellationToken.None); } } // should never reach here. throw new InvalidOperationException(nameof(EstablishVssConnection)); } /// /// Gets the connection timeout for the specified connection type. /// Reads from VSTS_HTTP_TIMEOUT environment variable with valid range [100, 1200] seconds. /// JobRequest connections are capped at 60s to ensure job lock renewals complete within /// the ~5 minute lock window (60s timeout + 60s delay = 120s < 300s). /// /// Type of connection /// Optional explicit timeout (overrides environment variable but not type-specific caps) /// Timeout value to use private TimeSpan GetConnectionTimeout(AgentConnectionType connectionType, TimeSpan? timeout) { TimeSpan actualTimeout; if (timeout.HasValue) { actualTimeout = timeout.Value; } else { // Read from environment variable, clamped to valid range [100, 1200] int httpRequestTimeoutSeconds = AgentKnobs.HttpTimeout.GetValue(HostContext).AsInt(); actualTimeout = TimeSpan.FromSeconds(Math.Min(Math.Max(httpRequestTimeoutSeconds, 100), 1200)); } // Cap JobRequest timeout to 60s to ensure renewals complete within job lock window // This applies to both explicit and environment variable timeouts if (connectionType == AgentConnectionType.JobRequest) { return TimeSpan.FromSeconds(Math.Min(actualTimeout.TotalSeconds, 60)); } return actualTimeout; } private void CheckConnection(AgentConnectionType connectionType) { switch (connectionType) { case AgentConnectionType.Generic: if (!_hasGenericConnection) { throw new InvalidOperationException($"SetConnection {AgentConnectionType.Generic}"); } break; case AgentConnectionType.JobRequest: if (!_hasRequestConnection) { throw new InvalidOperationException($"SetConnection {AgentConnectionType.JobRequest}"); } break; case AgentConnectionType.MessageQueue: if (!_hasMessageConnection) { throw new InvalidOperationException($"SetConnection {AgentConnectionType.MessageQueue}"); } break; default: throw new NotSupportedException(connectionType.ToString()); } } //----------------------------------------------------------------- // Configuration //----------------------------------------------------------------- public Task> GetAgentPoolsAsync(string agentPoolName, TaskAgentPoolType poolType = TaskAgentPoolType.Automation) { CheckConnection(AgentConnectionType.Generic); return _genericTaskAgentClient.GetAgentPoolsAsync(agentPoolName, poolType: poolType); } public Task AddAgentAsync(Int32 agentPoolId, TaskAgent agent) { CheckConnection(AgentConnectionType.Generic); return _genericTaskAgentClient.AddAgentAsync(agentPoolId, agent); } public Task> GetAgentsAsync(int agentPoolId, string agentName = null) { CheckConnection(AgentConnectionType.Generic); return _genericTaskAgentClient.GetAgentsAsync(agentPoolId, agentName, false); } public Task UpdateAgentAsync(int agentPoolId, TaskAgent agent) { CheckConnection(AgentConnectionType.Generic); return _genericTaskAgentClient.ReplaceAgentAsync(agentPoolId, agent); } public Task DeleteAgentAsync(int agentPoolId, int agentId) { CheckConnection(AgentConnectionType.Generic); return _genericTaskAgentClient.DeleteAgentAsync(agentPoolId, agentId); } //----------------------------------------------------------------- // MessageQueue //----------------------------------------------------------------- public Task CreateAgentSessionAsync(Int32 poolId, TaskAgentSession session, CancellationToken cancellationToken) { CheckConnection(AgentConnectionType.MessageQueue); return _messageTaskAgentClient.CreateAgentSessionAsync(poolId, session, cancellationToken: cancellationToken); } public Task DeleteAgentMessageAsync(Int32 poolId, Int64 messageId, Guid sessionId, CancellationToken cancellationToken) { CheckConnection(AgentConnectionType.MessageQueue); return _messageTaskAgentClient.DeleteMessageAsync(poolId, messageId, sessionId, cancellationToken: cancellationToken); } public Task DeleteAgentSessionAsync(Int32 poolId, Guid sessionId, CancellationToken cancellationToken) { CheckConnection(AgentConnectionType.MessageQueue); return _messageTaskAgentClient.DeleteAgentSessionAsync(poolId, sessionId, cancellationToken: cancellationToken); } public Task GetAgentMessageAsync(Int32 poolId, Guid sessionId, Int64? lastMessageId, CancellationToken cancellationToken) { CheckConnection(AgentConnectionType.MessageQueue); return _messageTaskAgentClient.GetMessageAsync(poolId, sessionId, lastMessageId, cancellationToken: cancellationToken); } //----------------------------------------------------------------- // JobRequest //----------------------------------------------------------------- public Task RenewAgentRequestAsync(int poolId, long requestId, Guid lockToken, CancellationToken cancellationToken = default(CancellationToken)) { CheckConnection(AgentConnectionType.JobRequest); return _requestTaskAgentClient.RenewAgentRequestAsync(poolId, requestId, lockToken, cancellationToken: cancellationToken); } public Task FinishAgentRequestAsync(int poolId, long requestId, Guid lockToken, DateTime finishTime, TaskResult result, CancellationToken cancellationToken = default(CancellationToken)) { CheckConnection(AgentConnectionType.JobRequest); return _requestTaskAgentClient.FinishAgentRequestAsync(poolId, requestId, lockToken, finishTime, result, cancellationToken: cancellationToken); } public Task GetAgentRequestAsync(int poolId, long requestId, CancellationToken cancellationToken = default(CancellationToken)) { CheckConnection(AgentConnectionType.JobRequest); return _requestTaskAgentClient.GetAgentRequestAsync(poolId, requestId, cancellationToken: cancellationToken); } //----------------------------------------------------------------- // Agent Package //----------------------------------------------------------------- public Task> GetPackagesAsync(string packageType, string platform, int top, CancellationToken cancellationToken) { CheckConnection(AgentConnectionType.Generic); return _genericTaskAgentClient.GetPackagesAsync(packageType, platform, top, cancellationToken: cancellationToken); } public Task GetPackageAsync(string packageType, string platform, string version, CancellationToken cancellationToken) { CheckConnection(AgentConnectionType.Generic); return _genericTaskAgentClient.GetPackageAsync(packageType, platform, version, cancellationToken: cancellationToken); } public Task UpdateAgentUpdateStateAsync(int agentPoolId, int agentId, string currentState) { CheckConnection(AgentConnectionType.Generic); return _genericTaskAgentClient.UpdateAgentUpdateStateAsync(agentPoolId, agentId, currentState); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/AgentService.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent { [AttributeUsage(AttributeTargets.Interface, Inherited = false, AllowMultiple = false)] public sealed class ServiceLocatorAttribute : Attribute { public Type Default { get; set; } public Type PreferredOnWindows { get; set; } public Type PreferredOnMacOS { get; set; } public Type PreferredOnLinux { get; set; } } public interface IAgentService { void Initialize(IHostContext context); } public abstract class AgentService { protected IHostContext HostContext { get; private set; } protected Tracing Trace { get; private set; } public string TraceName { get { return GetType().Name; } } public virtual void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); HostContext = hostContext; Trace = HostContext.GetTrace(TraceName); Trace.Entering(); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/AssemblyInfo.cs ================================================ using System.Runtime.CompilerServices; [assembly: InternalsVisibleTo("Test")] ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/AsyncManualResetEvent.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent { //Stephen Toub: http://blogs.msdn.com/b/pfxteam/archive/2012/02/11/10266920.aspx public class AsyncManualResetEvent { private volatile TaskCompletionSource m_tcs = new TaskCompletionSource(); public Task WaitAsync() { return m_tcs.Task; } public void Set() { var tcs = m_tcs; Task.Factory.StartNew(s => ((TaskCompletionSource)s).TrySetResult(true), tcs, CancellationToken.None, TaskCreationOptions.PreferFairness, TaskScheduler.Default); tcs.Task.Wait(); } public void Reset() { while (true) { var tcs = m_tcs; if (!tcs.Task.IsCompleted || Interlocked.CompareExchange(ref m_tcs, new TaskCompletionSource(), tcs) == tcs) return; } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Blob/BlobFileInfo.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using BuildXL.Cache.ContentStore.Hashing; namespace Microsoft.VisualStudio.Services.Agent.Blob { public class BlobFileInfo { public DedupNode Node { get; set; } public string Path { get; set; } public DedupIdentifier DedupId { get { return Node.GetDedupIdentifier(); } } public bool Success { get; set; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Blob/BlobStoreClientTelemetryTfs.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.Content.Common.Telemetry; using Microsoft.VisualStudio.Services.BlobStore.Common.Telemetry; namespace Microsoft.VisualStudio.Services.Agent.Blob { public class BlobStoreClientTelemetryTfs : BlobStoreClientTelemetry { private CustomerIntelligenceTelemetrySender sender; public BlobStoreClientTelemetryTfs(IAppTraceSource tracer, Uri baseAddress, VssConnection connection) : this(tracer, baseAddress, new CustomerIntelligenceTelemetrySender(connection)) { } // for testing public BlobStoreClientTelemetryTfs(IAppTraceSource tracer, Uri baseAddress, VssConnection connection, ITelemetrySender sender) : base(tracer, baseAddress, sender) { this.sender = sender as CustomerIntelligenceTelemetrySender; } private BlobStoreClientTelemetryTfs(IAppTraceSource tracer, Uri baseAddress, CustomerIntelligenceTelemetrySender sender) : base(tracer, baseAddress, sender) { this.sender = sender; } public async Task CommitTelemetryUpload(Guid planId, Guid jobId) { await (this.sender?.CommitTelemetryUpload(planId, jobId) ?? Task.CompletedTask); } public Dictionary GetArtifactDownloadTelemetry(Guid planId, Guid jobId) { return this.sender?.GetArtifactDownloadTelemetry(planId, jobId); } protected override void Dispose(bool disposing) { if (disposing) { this.sender = null; } base.Dispose(disposing); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Blob/BlobStoreUtils.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks.Dataflow; using System.Threading.Tasks; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.Content.Common; using Microsoft.VisualStudio.Services.BlobStore.Common; using Microsoft.VisualStudio.Services.Content.Common.Telemetry; using Microsoft.VisualStudio.Services.BlobStore.Common.Telemetry; namespace Microsoft.VisualStudio.Services.Agent.Blob { /// /// Util functions for uploading files chunk-dedup blob store /// public static class BlobStoreUtils { public static async Task<(List fileDedupIds, ulong length)> UploadBatchToBlobstore( bool verbose, IReadOnlyList itemPaths, Func telemetryRecordFactory, Action traceOutput, DedupStoreClient dedupClient, BlobStoreClientTelemetry clientTelemetry, CancellationToken cancellationToken, bool enableReporting = false) { // Create chunks and identifier traceOutput(StringUtil.Loc("BuildingFileTree")); var fileNodes = await GenerateHashes(itemPaths, dedupClient.HashType, cancellationToken); var rootNode = CreateNodeToUpload(fileNodes.Where(x => x.Success).Select(y => y.Node)); // If there are multiple paths to one DedupId (duplicate files) // take the last one var fileDedupIds = new Dictionary(); foreach (var file in fileNodes.Where(x => x.Success)) { // ChunkHelper uses 64k block default size var dedupId = file.Node.GetDedupIdentifier(); fileDedupIds[dedupId] = file.Path; } // Setup upload session to keep file for at mimimum one day // Blobs will need to be associated with the server with an ID ref otherwise they will be // garbage collected after one day var tracer = DedupManifestArtifactClientFactory.CreateArtifactsTracer(verbose, traceOutput); var keepUntilRef = new KeepUntilBlobReference(DateTime.UtcNow.AddDays(1)); var uploadSession = dedupClient.CreateUploadSession(keepUntilRef, tracer, FileSystem.Instance); using (var reportingCancelSrc = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken)) { // Log stats Task reportingTask = null; if (enableReporting) { reportingTask = StartReportingTask(traceOutput, (long)rootNode.TransitiveContentBytes, uploadSession, reportingCancelSrc); } // Upload the chunks var uploadRecord = clientTelemetry.CreateRecord(telemetryRecordFactory); await clientTelemetry.MeasureActionAsync( record: uploadRecord, actionAsync: async () => await AsyncHttpRetryHelper.InvokeAsync( async () => { await uploadSession.UploadAsync(rootNode, fileDedupIds, cancellationToken); return uploadSession.UploadStatistics; }, maxRetries: 3, tracer: tracer, canRetryDelegate: e => true, // this isn't great, but failing on upload stinks, so just try a couple of times cancellationToken: cancellationToken, continueOnCapturedContext: false) ); if (enableReporting) { reportingCancelSrc.Cancel(); await reportingTask; } } return (fileNodes, rootNode.TransitiveContentBytes); } private static Task StartReportingTask(Action traceOutput, long totalBytes, IDedupUploadSession uploadSession, CancellationTokenSource reportingCancel) { return Task.Run(async () => { try { while (!reportingCancel.IsCancellationRequested) { traceOutput($"Uploaded {uploadSession.UploadStatistics.TotalContentBytes:N0} out of {totalBytes:N0} bytes."); await Task.Delay(10000, reportingCancel.Token); } } catch (OperationCanceledException oce) when (oce.CancellationToken == reportingCancel.Token) { // Expected } // Print final result traceOutput($"Uploaded {uploadSession.UploadStatistics.TotalContentBytes:N0} out of {totalBytes:N0} bytes."); }); } private static async Task> GenerateHashes(IReadOnlyList filePaths, HashType hashType, CancellationToken cancellationToken) { var nodes = new BlobFileInfo[filePaths.Count]; var queue = NonSwallowingActionBlock.Create( async i => { var itemPath = filePaths[i]; try { var dedupNode = await ChunkerHelper.CreateFromFileAsync(FileSystem.Instance, itemPath, false, hashType, cancellationToken); nodes[i] = new BlobFileInfo { Path = itemPath, Node = dedupNode, Success = true }; } catch (Exception) { nodes[i] = new BlobFileInfo { Path = itemPath, Success = false }; } }, new ExecutionDataflowBlockOptions() { MaxDegreeOfParallelism = Environment.ProcessorCount, CancellationToken = cancellationToken, }); await queue.SendAllAndCompleteSingleBlockNetworkAsync(Enumerable.Range(0, filePaths.Count), cancellationToken); return nodes.ToList(); } private static DedupNode CreateNodeToUpload(IEnumerable nodes) { while (nodes.Count() > 1) { nodes = nodes .GetPages(DedupNode.MaxDirectChildrenPerNode) .Select(children => new DedupNode(children)) .ToList(); } DedupNode root = nodes.Single(); if (root.Type == DedupNode.NodeType.ChunkLeaf) { root = new DedupNode(new[] { root }); } return root; } public static async Task<(DedupIdentifier dedupId, ulong length)> UploadToBlobStore( bool verbose, string itemPath, Func telemetryRecordFactory, Action traceOutput, DedupStoreClient dedupClient, BlobStoreClientTelemetry clientTelemetry, CancellationToken cancellationToken) { // Create chunks and identifier var chunk = await ChunkerHelper.CreateFromFileAsync(FileSystem.Instance, itemPath, cancellationToken, false); var rootNode = new DedupNode(new[] { chunk }); // ChunkHelper uses 64k block default size var dedupId = rootNode.GetDedupIdentifier(); // Setup upload session to keep file for at mimimum one day // Blobs will need to be associated with the server with an ID ref otherwise they will be // garbage collected after one day var tracer = DedupManifestArtifactClientFactory.CreateArtifactsTracer(verbose, traceOutput); var keepUntilRef = new KeepUntilBlobReference(DateTime.UtcNow.AddDays(1)); var uploadSession = dedupClient.CreateUploadSession(keepUntilRef, tracer, FileSystem.Instance); // Upload the chunks var uploadRecord = clientTelemetry.CreateRecord(telemetryRecordFactory); await clientTelemetry.MeasureActionAsync( record: uploadRecord, actionAsync: async () => await AsyncHttpRetryHelper.InvokeAsync( async () => { await uploadSession.UploadAsync(rootNode, new Dictionary() { [dedupId] = itemPath }, cancellationToken); return uploadSession.UploadStatistics; }, maxRetries: 3, tracer: tracer, canRetryDelegate: e => true, // this isn't great, but failing on upload stinks, so just try a couple of times cancellationToken: cancellationToken, continueOnCapturedContext: false) ); return (dedupId, rootNode.TransitiveContentBytes); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Blob/BlobstoreClientSettings.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Knob; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.VisualStudio.Services.BlobStore.Common; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts; using Microsoft.VisualStudio.Services.Content.Common; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Blob { public class BlobstoreClientSettings { private readonly ClientSettingsInfo clientSettings; private readonly IAppTraceSource tracer; internal BlobstoreClientSettings(ClientSettingsInfo settings, IAppTraceSource tracer) { clientSettings = settings; this.tracer = tracer; } /// /// Get the client settings for the given client. /// /// This should only be called once per client type. This is intended to fail fast so it has no retries. public static async Task GetClientSettingsAsync( VssConnection connection, BlobStore.WebApi.Contracts.Client? client, IAppTraceSource tracer, CancellationToken cancellationToken) { if (client.HasValue) { try { ArtifactHttpClientFactory factory = new( connection.Credentials, connection.Settings.SendTimeout, tracer, cancellationToken); var blobUri = connection.GetClient().BaseAddress; var clientSettingsHttpClient = factory.CreateVssHttpClient(blobUri); return new BlobstoreClientSettings(await clientSettingsHttpClient.GetSettingsAsync(client.Value, userState: null, cancellationToken), tracer); } catch (Exception exception) { // Use info cause we don't want to fail builds with warnings as errors... tracer.Info($"Error while retrieving client Settings for {client}. Exception: {exception}. Falling back to defaults."); } } return new BlobstoreClientSettings(null, tracer); } public IDomainId GetDefaultDomainId() { IDomainId domainId = WellKnownDomainIds.DefaultDomainId; if (clientSettings != null && clientSettings.Properties.ContainsKey(ClientSettingsConstants.DefaultDomainId)) { try { domainId = DomainIdFactory.Create(clientSettings.Properties[ClientSettingsConstants.DefaultDomainId]); tracer.Verbose($"Using domain id '{domainId}' from client settings."); } catch (Exception exception) { tracer.Info($"Error converting the domain id '{clientSettings.Properties[ClientSettingsConstants.DefaultDomainId]}': {exception.Message}. Falling back to default."); } } else { tracer.Verbose($"No client settings found, using the default domain id '{domainId}'."); } return domainId; } public HashType GetClientHashType(AgentTaskPluginExecutionContext context) { HashType hashType = ChunkerHelper.DefaultChunkHashType; // Note: 9/6/2023 Remove the below check in couple of months. if (AgentKnobs.AgentEnablePipelineArtifactLargeChunkSize.GetValue(context).AsBoolean()) { // grab the client settings from the server first if available: if (clientSettings?.Properties.ContainsKey(ClientSettingsConstants.ChunkSize) == true) { try { HashTypeExtensions.Deserialize(clientSettings.Properties[ClientSettingsConstants.ChunkSize], out hashType); } catch (Exception exception) { tracer.Info($"Error converting the chunk size '{clientSettings.Properties[ClientSettingsConstants.ChunkSize]}': {exception.Message}. Falling back to default."); } } // now check if this pipeline has an override chunk size set, and use that if available: string overrideChunkSize = AgentKnobs.OverridePipelineArtifactChunkSize.GetValue(context).AsString(); if (!String.IsNullOrEmpty(overrideChunkSize)) { try { HashTypeExtensions.Deserialize(overrideChunkSize, out HashType overrideHashType); if (ChunkerHelper.IsHashTypeChunk(overrideHashType)) { hashType = overrideHashType; tracer.Info($"Overriding chunk size to '{overrideChunkSize}'."); } else { tracer.Info($"Override chunk size '{overrideChunkSize}' is not a valid chunk type. Falling back to client settings."); } } catch (Exception exception) { tracer.Info($"Error overriding the chunk size to '{overrideChunkSize}': {exception.Message}. Falling back to client settings."); } } } return ChunkerHelper.IsHashTypeChunk(hashType) ? hashType : ChunkerHelper.DefaultChunkHashType; } public int? GetRedirectTimeout() { if (int.TryParse(clientSettings?.Properties.GetValueOrDefault(ClientSettingsConstants.RedirectTimeout), out int redirectTimeoutSeconds)) { return redirectTimeoutSeconds; } else { return null; } } public int? GetMaxParallelism() { const string MaxParallelism = "MaxParallelism"; if (int.TryParse(clientSettings?.Properties.GetValueOrDefault(MaxParallelism), out int maxParallelism)) { return maxParallelism; } else { return null; } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Blob/BuildArtifactActionRecord.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Content.Common.Telemetry; namespace Microsoft.VisualStudio.Services.Agent.Blob { /// /// Telemetry record for use with Build Artifact events. /// public class BuildArtifactActionRecord : PipelineTelemetryRecord { public BuildArtifactActionRecord( TelemetryInformationLevel level, Uri baseAddress, string eventNamePrefix, string eventNameSuffix, IKnobValueContext context, uint attemptNumber = 1) : base(level, baseAddress, eventNamePrefix, eventNameSuffix, context, attemptNumber) { } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Blob/CustomerIntelligenceTelemetrySender.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Content.Common.Telemetry; using Microsoft.VisualStudio.Services.CustomerIntelligence.WebApi; using Microsoft.VisualStudio.Services.WebPlatform; namespace Microsoft.VisualStudio.Services.Agent.Blob { public class CustomerIntelligenceTelemetrySender : ITelemetrySender { private CustomerIntelligenceHttpClient _ciClient; // Upload private long _chunksUploaded = 0; private long _compressionBytesSaved = 0; private long _dedupUploadBytesSaved = 0; private long _logicalContentBytesUploaded = 0; private long _physicalContentBytesUploaded = 0; private long _totalNumberOfChunks = 0; // Download private long _chunksDownloaded = 0; private long _compressionBytesSavedDown = 0; private long _dedupDownloadBytesSaved = 0; private long _physicalContentBytesDownloaded = 0; private long _totalBytesDown = 0; // Telemetry is recorded in parallel. This lock is used to synchronize adds private readonly object _lock = new object(); public CustomerIntelligenceTelemetrySender(VssConnection connection) { ArgUtil.NotNull(connection, nameof(connection)); _ciClient = connection.GetClient(); } // Not used by the interface. We just want to capture successful telemetry for dedup analytics public void StartSender() { } public void StopSender() { } public void SendErrorTelemetry(ErrorTelemetryRecord errorTelemetry) { } public void SendRecord(TelemetryRecord record) { } public void SendActionTelemetry(ActionTelemetryRecord actionTelemetry) { if (actionTelemetry is IDedupRecord dedupRecord) { lock (_lock) { var uploadStats = dedupRecord.UploadStatistics; if (uploadStats != null) { this._chunksUploaded += uploadStats.ChunksUploaded; this._compressionBytesSaved += uploadStats.CompressionBytesSaved; this._dedupUploadBytesSaved += uploadStats.DedupUploadBytesSaved; this._logicalContentBytesUploaded += uploadStats.LogicalContentBytesUploaded; this._physicalContentBytesUploaded += uploadStats.PhysicalContentBytesUploaded; this._totalNumberOfChunks += uploadStats.TotalNumberOfChunks; } var downloadStats = dedupRecord.DownloadStatistics; if (downloadStats != null) { this._chunksDownloaded += downloadStats.ChunksDownloaded; this._compressionBytesSavedDown += downloadStats.CompressionBytesSaved; this._dedupDownloadBytesSaved += downloadStats.DedupDownloadBytesSaved; this._totalBytesDown += downloadStats.TotalContentBytes; this._physicalContentBytesDownloaded += downloadStats.PhysicalContentBytesDownloaded; } } } } public async Task CommitTelemetryUpload(Guid planId, Guid jobId) { var ciData = new Dictionary(); ciData.Add("PlanId", planId); ciData.Add("JobId", jobId); ciData.Add("ChunksUploaded", this._chunksUploaded); ciData.Add("CompressionBytesSaved", this._compressionBytesSaved); ciData.Add("DedupUploadBytesSaved", this._dedupUploadBytesSaved); ciData.Add("LogicalContentBytesUploaded", this._logicalContentBytesUploaded); ciData.Add("PhysicalContentBytesUploaded", this._physicalContentBytesUploaded); ciData.Add("TotalNumberOfChunks", this._totalNumberOfChunks); var ciEvent = new CustomerIntelligenceEvent { Area = "AzurePipelinesAgent", Feature = "BuildArtifacts", Properties = ciData }; await _ciClient.PublishEventsAsync(new[] { ciEvent }); } public Dictionary GetArtifactDownloadTelemetry(Guid planId, Guid jobId) { var ciData = new Dictionary(); ciData.Add("PlanId", planId); ciData.Add("JobId", jobId); ciData.Add("ChunksDownloaded", this._chunksDownloaded); ciData.Add("CompressionBytesSavedDownload", this._compressionBytesSavedDown); ciData.Add("DedupDownloadBytesSaved", this._dedupDownloadBytesSaved); ciData.Add("PhysicalContentBytesDownloaded", this._physicalContentBytesDownloaded); ciData.Add("TotalBytesDownloaded", this._totalBytesDown); return ciData; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Blob/DedupManifestArtifactClientFactory.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.BlobStore.Common; using Microsoft.VisualStudio.Services.BlobStore.Common.Telemetry; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.Content.Common; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Blob { [ServiceLocator(Default = typeof(DedupManifestArtifactClientFactory))] public interface IDedupManifestArtifactClientFactory { /// /// Creates a DedupManifestArtifactClient client. /// /// If true emit verbose telemetry. /// Action used for logging. /// VssConnection /// Maximum number of parallel threads that should be used for download. If 0 then /// use the system default. /// Cancellation token used for both creating clients and verifying client conneciton. /// Tuple of the client and the telemtery client (DedupManifestArtifactClient client, BlobStoreClientTelemetry telemetry) CreateDedupManifestClient( bool verbose, Action traceOutput, VssConnection connection, IDomainId domainId, BlobstoreClientSettings clientSettings, AgentTaskPluginExecutionContext context, CancellationToken cancellationToken); /// /// Creates a DedupManifestArtifactClient client and retrieves any client settings from the server /// Task<(DedupManifestArtifactClient client, BlobStoreClientTelemetry telemetry)> CreateDedupManifestClientAsync( bool verbose, Action traceOutput, VssConnection connection, IDomainId domainId, BlobStore.WebApi.Contracts.Client client, AgentTaskPluginExecutionContext context, CancellationToken cancellationToken); /// /// Creates a DedupStoreClient client. /// /// VssConnection /// Storage domain to use, if null pulls the default domain for the given client type. /// Maximum number of parallel threads that should be used for download. If 0 then /// use the system default. /// Number of seconds to wait for an http redirect. /// If true emit verbose telemetry. /// Action used for logging. /// Cancellation token used for both creating clients and verifying client conneciton. /// Tuple of the domain, client and the telemetry client (DedupStoreClient client, BlobStoreClientTelemetryTfs telemetry) CreateDedupClient( VssConnection connection, IDomainId domainId, int maxParallelism, int? redirectTimeoutSeconds, bool verbose, Action traceOutput, CancellationToken cancellationToken); } public class DedupManifestArtifactClientFactory : IDedupManifestArtifactClientFactory { // Old default for hosted agents was 16*2 cores = 32. // In my tests of a node_modules folder, this 32x parallelism was consistently around 47 seconds. // At 192x it was around 16 seconds and 256x was no faster. private const int DefaultDedupStoreClientMaxParallelism = 192; public static readonly DedupManifestArtifactClientFactory Instance = new(); private DedupManifestArtifactClientFactory() { } /// /// Creates a DedupManifestArtifactClient client and retrieves any client settings from the server /// public async Task<(DedupManifestArtifactClient client, BlobStoreClientTelemetry telemetry)> CreateDedupManifestClientAsync( bool verbose, Action traceOutput, VssConnection connection, IDomainId domainId, BlobStore.WebApi.Contracts.Client client, AgentTaskPluginExecutionContext context, CancellationToken cancellationToken) { var clientSettings = await BlobstoreClientSettings.GetClientSettingsAsync( connection, client, CreateArtifactsTracer(verbose, traceOutput), cancellationToken); return CreateDedupManifestClient( context.IsSystemDebugTrue(), (str) => context.Output(str), connection, domainId, clientSettings, context, cancellationToken); } public (DedupManifestArtifactClient client, BlobStoreClientTelemetry telemetry) CreateDedupManifestClient( bool verbose, Action traceOutput, VssConnection connection, IDomainId domainId, BlobstoreClientSettings clientSettings, AgentTaskPluginExecutionContext context, CancellationToken cancellationToken) { const int maxRetries = 5; var tracer = CreateArtifactsTracer(verbose, traceOutput); int maxParallelism = DedupManifestArtifactClientFactory.Instance.GetDedupStoreClientMaxParallelism(context, clientSettings); traceOutput($"Max dedup parallelism: {maxParallelism}"); traceOutput($"DomainId: {domainId}"); IDedupStoreHttpClient dedupStoreHttpClient = GetDedupStoreHttpClient(connection, domainId, maxRetries, tracer, cancellationToken); var telemetry = new BlobStoreClientTelemetry(tracer, dedupStoreHttpClient.BaseAddress); HashType hashType = clientSettings.GetClientHashType(context); if (hashType == BuildXL.Cache.ContentStore.Hashing.HashType.Dedup1024K) { dedupStoreHttpClient.RecommendedChunkCountPerCall = 10; // This is to workaround IIS limit - https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/requestlimits/ } traceOutput($"Hashtype: {hashType}"); dedupStoreHttpClient.SetRedirectTimeout(clientSettings.GetRedirectTimeout()); var dedupClient = new DedupStoreClientWithDataport(dedupStoreHttpClient, new DedupStoreClientContext(maxParallelism), hashType); return (new DedupManifestArtifactClient(telemetry, dedupClient, tracer), telemetry); } private static IDedupStoreHttpClient GetDedupStoreHttpClient(VssConnection connection, IDomainId domainId, int maxRetries, IAppTraceSource tracer, CancellationToken cancellationToken) { ArtifactHttpClientFactory factory = new ArtifactHttpClientFactory( connection.Credentials, connection.Settings.SendTimeout, tracer, cancellationToken); var helper = new HttpRetryHelper(maxRetries, e => true); IDedupStoreHttpClient dedupStoreHttpClient = helper.Invoke( () => { // since our call below is hidden, check if we are cancelled and throw if we are... cancellationToken.ThrowIfCancellationRequested(); IDedupStoreHttpClient dedupHttpclient; // this is actually a hidden network call to the location service: if (domainId == WellKnownDomainIds.DefaultDomainId) { dedupHttpclient = factory.CreateVssHttpClient(connection.GetClient().BaseAddress); } else { IDomainDedupStoreHttpClient domainClient = factory.CreateVssHttpClient(connection.GetClient().BaseAddress); dedupHttpclient = new DomainHttpClientWrapper(domainId, domainClient); } return dedupHttpclient; }); return dedupStoreHttpClient; } public (DedupStoreClient client, BlobStoreClientTelemetryTfs telemetry) CreateDedupClient( VssConnection connection, IDomainId domainId, int maxParallelism, int? redirectTimeoutSeconds, bool verbose, Action traceOutput, CancellationToken cancellationToken) { const int maxRetries = 5; var tracer = CreateArtifactsTracer(verbose, traceOutput); if (maxParallelism == 0) { maxParallelism = DefaultDedupStoreClientMaxParallelism; } traceOutput("Creating dedup client:"); traceOutput($" - Max dedup parallelism: {maxParallelism}"); traceOutput($" - Using blobstore domain: {domainId}"); traceOutput($" - Using redirect timeout: {redirectTimeoutSeconds}"); var dedupStoreHttpClient = GetDedupStoreHttpClient(connection, domainId, maxRetries, tracer, cancellationToken); dedupStoreHttpClient.SetRedirectTimeout(redirectTimeoutSeconds); var telemetry = new BlobStoreClientTelemetryTfs(tracer, dedupStoreHttpClient.BaseAddress, connection); var client = new DedupStoreClient(dedupStoreHttpClient, maxParallelism); traceOutput($" - Hash type: {client.HashType}"); return (client, telemetry); } public int GetDedupStoreClientMaxParallelism(AgentTaskPluginExecutionContext context, BlobstoreClientSettings clientSettings) { ConfigureEnvironmentVariables(context); // prefer the pipeline variable over the client settings if (context.Variables.TryGetValue(DedupParallelism, out VariableValue v)) { if (int.TryParse(v.Value, out int parallelism)) { context.Output($"Overriding default max parallelism with {parallelism}"); return parallelism; } } return GetDedupStoreClientMaxParallelism(clientSettings, msg => context.Output(msg)); } public int GetDedupStoreClientMaxParallelism(BlobstoreClientSettings clientSettings, Action logOutput) { // if we have a client setting for max parallelism, use that: int? maxParallelism = clientSettings?.GetMaxParallelism(); if (maxParallelism.HasValue) { logOutput($"Using max parallelism from client settings: {maxParallelism}"); return maxParallelism.Value; } // if we get here, nothing left to do but use the default: logOutput($"Using default max parallelism."); return DefaultDedupStoreClientMaxParallelism; } public static string DedupParallelism = "AZURE_PIPELINES_DEDUP_PARALLELISM"; private static readonly string[] EnvironmentVariables = new[] { "VSO_DEDUP_REDIRECT_TIMEOUT_IN_SEC" }; private static void ConfigureEnvironmentVariables(AgentTaskPluginExecutionContext context) { foreach (string varName in EnvironmentVariables) { if (context.Variables.TryGetValue(varName, out VariableValue v)) { if (v.Value.Equals(Environment.GetEnvironmentVariable(varName), StringComparison.Ordinal)) { context.Output($"{varName} is already set to `{v.Value}`."); } else { Environment.SetEnvironmentVariable(varName, v.Value); context.Output($"Set {varName} to `{v.Value}`."); } } } } public static IAppTraceSource CreateArtifactsTracer(bool verbose, Action traceOutput) { return new CallbackAppTraceSource( str => traceOutput(str), verbose ? System.Diagnostics.SourceLevels.Verbose : System.Diagnostics.SourceLevels.Information, includeSeverityLevel: verbose); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Blob/IDedupRecord.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.BlobStore.Common.Telemetry; namespace Microsoft.VisualStudio.Services.Agent.Blob { public interface IDedupRecord { DedupUploadStatistics UploadStatistics { get; } DedupDownloadStatistics DownloadStatistics { get; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Blob/PipelineTelemetryRecord.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Content.Common.Telemetry; using Microsoft.VisualStudio.Services.BlobStore.Common.Telemetry; using Microsoft.TeamFoundation.DistributedTask.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Blob { /// /// Generic telemetry record for use with Pipeline events. /// public abstract class PipelineTelemetryRecord : BlobStoreTelemetryRecord, IDedupRecord { public Guid PlanId { get; private set; } public Guid JobId { get; private set; } public Guid TaskInstanceId { get; private set; } public DedupUploadStatistics UploadStatistics { get; private set; } public DedupDownloadStatistics DownloadStatistics { get; private set; } public PipelineTelemetryRecord( TelemetryInformationLevel level, Uri baseAddress, string eventNamePrefix, string eventNameSuffix, IKnobValueContext context, uint attemptNumber = 1) : base(level, baseAddress, eventNamePrefix, eventNameSuffix, attemptNumber) { PlanId = new Guid(context.GetVariableValueOrDefault(WellKnownDistributedTaskVariables.PlanId) ?? Guid.Empty.ToString()); JobId = new Guid(context.GetVariableValueOrDefault(WellKnownDistributedTaskVariables.JobId) ?? Guid.Empty.ToString()); TaskInstanceId = new Guid(context.GetVariableValueOrDefault(WellKnownDistributedTaskVariables.TaskInstanceId) ?? Guid.Empty.ToString()); } public PipelineTelemetryRecord( TelemetryInformationLevel level, Uri baseAddress, string eventNamePrefix, string eventNameSuffix, Guid planId, Guid jobId, Guid taskInstanceId, uint attemptNumber = 1) : base(level, baseAddress, eventNamePrefix, eventNameSuffix, attemptNumber) { PlanId = planId; JobId = jobId; TaskInstanceId = taskInstanceId; } protected override void SetMeasuredActionResult(T value) { if (value is DedupUploadStatistics upStats) { UploadStatistics = upStats; } if (value is DedupDownloadStatistics downStats) { DownloadStatistics = downStats; } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Blob/TimelineRecordAttachmentTelemetryRecord.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Content.Common.Telemetry; using Microsoft.VisualStudio.Services.BlobStore.Common.Telemetry; using Microsoft.TeamFoundation.DistributedTask.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Blob { /// /// Generic telemetry record for use with timeline record events. /// public class TimelineRecordAttachmentTelemetryRecord : PipelineTelemetryRecord { public TimelineRecordAttachmentTelemetryRecord( TelemetryInformationLevel level, Uri baseAddress, string eventNamePrefix, string eventNameSuffix, Guid planId, Guid jobId, Guid taskInstanceId, uint attemptNumber = 1) : base(level, baseAddress, eventNamePrefix, eventNameSuffix, planId, jobId, taskInstanceId, attemptNumber) { } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Capabilities/AgentCapabilitiesProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.Win32; using System; using System.Collections.Generic; using System.Runtime.Versioning; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Capabilities { public sealed class AgentCapabilitiesProvider : AgentService, ICapabilitiesProvider { public Type ExtensionType => typeof(ICapabilitiesProvider); public int Order => 99; // Process last to override prior. public Task> GetCapabilitiesAsync(AgentSettings settings, CancellationToken cancellationToken) { ArgUtil.NotNull(settings, nameof(settings)); var capabilities = new List(); Add(capabilities, "Agent.Name", settings.AgentName ?? string.Empty); Add(capabilities, "Agent.OS", VarUtil.OS); Add(capabilities, "Agent.OSArchitecture", VarUtil.OSArchitecture); if (PlatformUtil.RunningOnWindows) { Add(capabilities, "Agent.OSVersion", GetOSVersionString()); Add(capabilities, "Cmd", Environment.GetEnvironmentVariable("comspec")); } else if (PlatformUtil.RunningOnMacOS) { Add(capabilities, "Agent.OSVersion", GetDarwinVersionString()); } Add(capabilities, "InteractiveSession", (HostContext.StartupType != StartupType.Service).ToString()); Add(capabilities, "Agent.Version", BuildConstants.AgentPackage.Version); Add(capabilities, "Agent.ComputerName", Environment.MachineName ?? string.Empty); Add(capabilities, "Agent.HomeDirectory", HostContext.GetDirectory(WellKnownDirectory.Root)); return Task.FromResult(capabilities); } private void Add(List capabilities, string name, string value) { Trace.Info($"Adding '{name}': '{value}'"); capabilities.Add(new Capability(name, value)); } [SupportedOSPlatform("windows")] private object GetHklmValue(string keyName, string valueName) { keyName = $@"HKEY_LOCAL_MACHINE\{keyName}"; object value = Registry.GetValue(keyName, valueName, defaultValue: null); if (object.ReferenceEquals(value, null)) { Trace.Info($"Key name '{keyName}', value name '{valueName}' is null."); return null; } Trace.Info($"Key name '{keyName}', value name '{valueName}': '{value}'"); return value; } [SupportedOSPlatform("windows")] private string GetOSVersionString() { // Do not use System.Environment.OSVersion.Version to resolve the OS version number. // It leverages the GetVersionEx function which may report an incorrect version // depending on the app's manifest. For details, see: // https://msdn.microsoft.com/library/windows/desktop/ms724451(v=vs.85).aspx // Attempt to retrieve the major/minor version from the new registry values added in // in Windows 10. // // The registry value "CurrentVersion" is unreliable in Windows 10. It contains the // value "6.3" instead of "10.0". object major = GetHklmValue(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion", "CurrentMajorVersionNumber"); object minor = GetHklmValue(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion", "CurrentMinorVersionNumber"); string majorMinorString; if (major != null && minor != null) { majorMinorString = StringUtil.Format("{0}.{1}", major, minor); } else { // Fallback to the registry value "CurrentVersion". majorMinorString = GetHklmValue(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion", "CurrentVersion") as string; } // Opted to use the registry value "CurrentBuildNumber" over "CurrentBuild". Based on brief // internet investigation, the only difference appears to be that on Windows XP "CurrentBuild" // was unreliable and "CurrentBuildNumber" was the correct choice. string build = GetHklmValue(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion", "CurrentBuildNumber") as string; return StringUtil.Format("{0}.{1}", majorMinorString, build); } // 10.0 covers all versions prior to Darwin 5 // Mac OS X 10.1 mapped to Darwin 5.x, and the mapping continues that way // So just subtract 4 from the Darwin version. // https://en.wikipedia.org/wiki/Darwin_%28operating_system%29 // with Big Sur Apple made the jump from 10.* to 11.* that means that // the version reported from that point is 20.1.0.0 for 11.0.1 [SupportedOSPlatform("macos")] private static string GetDarwinVersionString() { // from .net 5 onwards the runtime returns the product version instead of the darwin kernel version var version = Environment.OSVersion.Version; if (Environment.Version.Major >= 5) { return $"{version.Major}.{version.Minor}"; } if (version.Major < 5) { return "10.0"; } if (version.Major - 4 <= 15) { return $"10.{version.Major - 4}"; } else { return $"{version.Major - 9}.{(version.Minor > 0 ? version.Minor - 1 : version.Minor)}"; } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Capabilities/CapabilitiesManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Capabilities { [ServiceLocator(Default = typeof(CapabilitiesManager))] public interface ICapabilitiesManager : IAgentService { Task> GetCapabilitiesAsync(AgentSettings settings, CancellationToken token); } public sealed class CapabilitiesManager : AgentService, ICapabilitiesManager { public async Task> GetCapabilitiesAsync(AgentSettings settings, CancellationToken cancellationToken) { Trace.Entering(); ArgUtil.NotNull(settings, nameof(settings)); // Initialize a dictionary of capabilities. var capabilities = new Dictionary(StringComparer.OrdinalIgnoreCase); if (settings.SkipCapabilitiesScan) { Trace.Info("Skip capabilities scan."); return capabilities; } // Get the providers. var extensionManager = HostContext.GetService(); IEnumerable providers = extensionManager .GetExtensions() ?.OrderBy(x => x.Order); // Add each capability returned from each provider. foreach (ICapabilitiesProvider provider in providers ?? new ICapabilitiesProvider[0]) { foreach (Capability capability in await provider.GetCapabilitiesAsync(settings, cancellationToken) ?? new List()) { // Make sure we mask secrets in capabilities values. capabilities[capability.Name] = HostContext.SecretMasker.MaskSecrets(capability.Value); } } return capabilities; } } public interface ICapabilitiesProvider : IExtension { int Order { get; } Task> GetCapabilitiesAsync(AgentSettings settings, CancellationToken cancellationToken); } public sealed class Capability { public string Name { get; } public string Value { get; } public Capability(string name, string value) { ArgUtil.NotNullOrEmpty(name, nameof(name)); Name = name; Value = value ?? string.Empty; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Capabilities/EnvironmentCapabilitiesProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using System; using System.Collections; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Capabilities { public sealed class EnvironmentCapabilitiesProvider : AgentService, ICapabilitiesProvider { // Ignore env vars specified in the 'VSO_AGENT_IGNORE' env var. private const string CustomIgnore = "VSO_AGENT_IGNORE"; private const int IgnoreValueLength = 1024; private static readonly string[] s_wellKnownIgnored = new[] { "comp_wordbreaks", "ls_colors", "TERM", "TERM_PROGRAM", "TERM_PROGRAM_VERSION", "SHLVL", //This some be set by the standard powershell host initialisation. There are some //tools that set this resulting in the standard powershell initialisation failing "PSMODULEPATH", // the agent doesn't set this, but we have seen instances in the wild where // a customer has pre-configured this somehow. it's almost certain to contain // secrets that shouldn't be exposed as capabilities, so for defense in depth, // add it to the exclude list. "SYSTEM_ACCESSTOKEN", }; public Type ExtensionType => typeof(ICapabilitiesProvider); public int Order => 1; // Process first so other providers can override. public Task> GetCapabilitiesAsync(AgentSettings settings, CancellationToken cancellationToken) { Trace.Entering(); var capabilities = new List(); // Initialize the ignored hash set. var comparer = StringComparer.Ordinal; if (PlatformUtil.RunningOnWindows) { comparer = StringComparer.OrdinalIgnoreCase; } var ignored = new HashSet(s_wellKnownIgnored, comparer); // Also ignore env vars specified by the 'VSO_AGENT_IGNORE' env var. IDictionary variables = Environment.GetEnvironmentVariables(); if (variables.Contains(CustomIgnore)) { IEnumerable additionalIgnored = (variables[CustomIgnore] as string ?? string.Empty) .Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries) .Select(x => x.Trim()) .Where(x => !string.IsNullOrEmpty(x)); foreach (string ignore in additionalIgnored) { Trace.Info($"Ignore: '{ignore}'"); ignored.Add(ignore); // Handles duplicates gracefully. } } var secretKnobs = Knob.GetAllKnobsFor().Where(k => k is SecretKnob); // Get filtered env vars. IEnumerable names = variables.Keys .Cast() .Where(x => !string.IsNullOrEmpty(x)) .OrderBy(x => x.ToUpperInvariant()); foreach (string name in names) { string value = variables[name] as string ?? string.Empty; if (ignored.Contains(name) || value.Length >= IgnoreValueLength) { Trace.Info($"Skipping: '{name}'"); continue; } if (secretKnobs.Any(k => k.Source.HasSourceWithTypeEnvironmentByName(name))) { HostContext.SecretMasker.AddValue(value, $"EnvironmentCapabilitiesProvider_GetCapabilitiesAsync_{name}"); } Trace.Info($"Adding '{name}': '{value}'"); capabilities.Add(new Capability(name, value)); } return Task.FromResult(capabilities); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Capabilities/NixCapabilitiesProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.IO; using System.Runtime.Versioning; using System.Text; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Capabilities { [SupportedOSPlatform("macos")] [SupportedOSPlatform("linux")] public sealed class NixCapabilitiesProvider : AgentService, ICapabilitiesProvider { private List _capabilities; // Cache the capabilities for configure-then-run scenario. public Type ExtensionType => typeof(ICapabilitiesProvider); // Only runs on Linux/OSX. public int Order => 2; public async Task> GetCapabilitiesAsync(AgentSettings settings, CancellationToken cancellationToken) { Trace.Entering(); // Check the cache. if (_capabilities != null) { Trace.Info("Found in cached."); return _capabilities; } // Build the list of capabilities. var builder = new CapabilitiesBuilder(HostContext, cancellationToken); builder.Check( name: "AndroidSDK", fileName: "android", filePaths: new[] { Path.Combine(Environment.GetEnvironmentVariable("ANDROID_STUDIO") ?? string.Empty, "tools/android"), Path.Combine(Environment.GetEnvironmentVariable("HOME") ?? string.Empty, "Library/Developer/Xamarin/android-sdk-macosx/tools/android"), }); builder.Check(name: "ant"); builder.Check(name: "AzureGuestAgent", fileName: "waagent"); builder.Check(name: "bundler", fileName: "bundle"); builder.Check(name: "clang"); builder.Check(name: "cmake"); builder.Check(name: "curl"); builder.Check(name: "docker"); builder.Check(name: "dotnet"); builder.Check(name: "git"); builder.Check(name: "gulp"); builder.Check(name: "java"); builder.Check(name: "JDK", fileName: "javac"); builder.Check(name: "make"); builder.Check(name: "maven", fileName: "mvn"); builder.Check(name: "MSBuild", fileName: "xbuild", filePaths: new[] { "/Library/Frameworks/Mono.framework/Commands/xbuild" }); builder.Check(name: "MSBuild", fileName: "msbuild", filePaths: new[] { "/Library/Frameworks/Mono.framework/Commands/msbuild" }); builder.Check(name: "node.js", fileName: "node"); builder.Check(name: "node.js", fileName: "nodejs"); builder.Check(name: "npm"); builder.Check(name: "python"); builder.Check(name: "python3"); builder.Check(name: "sh"); builder.Check(name: "subversion", fileName: "svn"); builder.Check(name: "ruby"); builder.Check(name: "rake"); builder.Check(name: "svn"); builder.Check( name: "Xamarin.iOS", fileName: "mdtool", filePaths: new string[] { "/Applications/Xamarin Studio.app/Contents/MacOS/mdtool", "/Applications/Visual Studio.app/Contents/MacOS/vstool" }); builder.Check( name: "Xamarin.Android", fileName: "generator", filePaths: new string[] { "/Library/Frameworks/Xamarin.Android.framework/Commands/generator", "/Library/Frameworks/Xamarin.Android.framework/Versions/Current/Version"}); await builder.CheckToolOutputAsync( name: "xcode", fileName: "xcode-select", arguments: "-p"); // Cache and return the values. _capabilities = builder.ToList(); return _capabilities; } private sealed class CapabilitiesBuilder { private readonly List _capabilities = new List(); private readonly CancellationToken _cancellationToken; private readonly IHostContext _hostContext; private readonly Tracing _trace; public CapabilitiesBuilder(IHostContext hostContext, CancellationToken cancellationToken) { ArgUtil.NotNull(hostContext, nameof(hostContext)); _hostContext = hostContext; _cancellationToken = cancellationToken; _trace = _hostContext.GetTrace(this.GetType().Name); } public void Check(string name, string fileName = null, string[] filePaths = null) { ArgUtil.NotNullOrEmpty(name, nameof(name)); _cancellationToken.ThrowIfCancellationRequested(); try { // Which the file. string filePath = WhichUtil.Which(fileName ?? name, trace: _trace); if (string.IsNullOrEmpty(filePath)) { // Fallback to the well-known locations. foreach (string candidateFilePath in filePaths ?? new string[0]) { _trace.Info($"Checking file: '{candidateFilePath}'"); if (File.Exists(candidateFilePath)) { filePath = candidateFilePath; break; } } } if (!string.IsNullOrEmpty(filePath)) { _trace.Info($"Adding '{name}': '{filePath}'"); _capabilities.Add(new Capability(name, filePath)); } } catch (Exception ex) { _trace.Error(ex); } } public async Task CheckToolOutputAsync(string name, string fileName, string arguments) { _trace.Entering(); ArgUtil.NotNullOrEmpty(name, nameof(name)); ArgUtil.NotNullOrEmpty(fileName, nameof(fileName)); try { // Attempt to locate the tool. string filePath = WhichUtil.Which(fileName, trace: _trace); if (string.IsNullOrEmpty(filePath)) { return; } // Invoke the tool and capture the output. var output = new StringBuilder(); using (var processInvoker = _hostContext.CreateService()) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { if (!string.IsNullOrEmpty(args.Data)) { output.Append(args.Data); } }; await processInvoker.ExecuteAsync( workingDirectory: string.Empty, fileName: filePath, arguments: arguments ?? string.Empty, environment: null, cancellationToken: _cancellationToken); } // Add the capability. if (output.Length > 0) { string value = output.ToString(); _trace.Info($"Adding '{name}': '{value}'"); _capabilities.Add(new Capability(name, value)); } } catch (Exception ex) when (!(ex is OperationCanceledException)) { _trace.Error(ex); } } public List ToList() => new List(_capabilities); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Capabilities/PowerShellCapabilitiesProvider.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.IO; using System.Runtime.Versioning; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Capabilities { [SupportedOSPlatform("windows")] public sealed class PowerShellCapabilitiesProvider : AgentService, ICapabilitiesProvider { public Type ExtensionType => typeof(ICapabilitiesProvider); // Only runs on Windows. public int Order => 2; public async Task> GetCapabilitiesAsync(AgentSettings settings, CancellationToken cancellationToken) { Trace.Entering(); var capabilities = new List(); string powerShellExe = HostContext.GetService().GetPath(); string scriptFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), "powershell", "Add-Capabilities.ps1").Replace("'", "''"); ArgUtil.File(scriptFile, nameof(scriptFile)); string arguments = $@"-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy RemoteSigned -Command "". '{scriptFile}'"""; string enablePrereleaseVSVersions = AgentKnobs.EnableVSPreReleaseVersions.GetValue(UtilKnobValueContext.Instance()).AsString(); Environment.SetEnvironmentVariable("IncludePrereleaseVersions", enablePrereleaseVSVersions); using (var processInvoker = HostContext.CreateService()) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { Trace.Info($"STDOUT: {args.Data}"); Capability capability; if (TryParseCapability(args.Data, out capability)) { Trace.Info($"Adding '{capability.Name}': '{capability.Value}'"); capabilities.Add(capability); } }; processInvoker.ErrorDataReceived += (object sender, ProcessDataReceivedEventArgs args) => { Trace.Info($"STDERR: {args.Data}"); }; await processInvoker.ExecuteAsync( workingDirectory: Path.GetDirectoryName(scriptFile), fileName: powerShellExe, arguments: arguments, environment: null, requireExitCodeZero: false, outputEncoding: null, killProcessOnCancel: true, cancellationToken: cancellationToken); } return capabilities; } public bool TryParseCapability(string input, out Capability capability) { Command command; string name; if (Command.TryParse(input, false, out command) && string.Equals(command.Area, "agent", StringComparison.OrdinalIgnoreCase) && string.Equals(command.Event, "capability", StringComparison.OrdinalIgnoreCase) && command.Properties.TryGetValue("name", out name) && !string.IsNullOrEmpty(name)) { capability = new Capability(name, command.Data); return true; } capability = null; return false; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Capabilities/UserCapabilitiesProvider.cs ================================================ using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.IO; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Capabilities { public sealed class UserCapabilitiesProvider : AgentService, ICapabilitiesProvider { public Type ExtensionType => typeof(ICapabilitiesProvider); public int Order => 2; public Task> GetCapabilitiesAsync(AgentSettings settings, CancellationToken cancellationToken) { Trace.Entering(); var capabilities = new List(); // Location of the .capabilities file var capbabilitiesFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), ".capabilities"); if (File.Exists(capbabilitiesFile)) { // Load the file content, and parse it like the .env file. Trace.Info($"Reading capabilities from '{capbabilitiesFile}'"); var fileContents = File.ReadAllLines(capbabilitiesFile); foreach (var line in fileContents) { if (!string.IsNullOrEmpty(line) && line.IndexOf('=') > 0) { string name = line.Substring(0, line.IndexOf('=')); string value = line.Substring(line.IndexOf('=') + 1); Trace.Info($"Adding '{name}': '{value}'"); capabilities.Add(new Capability(name, value)); } } } return Task.FromResult(capabilities); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Command.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent { public sealed class Command { private const string LoggingCommandPrefix = "##vso["; private readonly Dictionary _properties = new Dictionary(StringComparer.OrdinalIgnoreCase); public Command(string area, string eventName) { ArgUtil.NotNullOrEmpty(area, nameof(area)); ArgUtil.NotNullOrEmpty(eventName, nameof(eventName)); Area = area; Event = eventName; } public string Area { get; } public string Event { get; } public Dictionary Properties => _properties; public string Data { get; set; } public static bool TryParse(string message, bool unescapePercents, out Command command) { command = null; if (string.IsNullOrEmpty(message)) { return false; } try { // Get the index of the prefix. int prefixIndex = message.IndexOf(LoggingCommandPrefix); if (prefixIndex < 0) { return false; } // Get the index of the separator between the command info and the data. int rbIndex = message.IndexOf(']', prefixIndex); if (rbIndex < 0) { return false; } // Get the command info (area.event and properties). int cmdIndex = prefixIndex + LoggingCommandPrefix.Length; string cmdInfo = message.Substring(cmdIndex, rbIndex - cmdIndex); // Get the command name (area.event). int spaceIndex = cmdInfo.IndexOf(' '); string commandName = spaceIndex < 0 ? cmdInfo : cmdInfo.Substring(0, spaceIndex); // Get the area and event. string[] areaEvent = commandName.Split(new[] { '.' }, StringSplitOptions.RemoveEmptyEntries); if (areaEvent.Length != 2) { return false; } string areaName = areaEvent[0]; string eventName = areaEvent[1]; // Initialize the command. command = new Command(areaName, eventName); // Set the properties. if (spaceIndex > 0) { string propertiesStr = cmdInfo.Substring(spaceIndex + 1); string[] splitProperties = propertiesStr.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries); foreach (string propertyStr in splitProperties) { string[] pair = propertyStr.Split(new[] { '=' }, count: 2, options: StringSplitOptions.RemoveEmptyEntries); if (pair.Length == 2) { command.Properties[pair[0]] = CommandStringConvertor.Unescape(pair[1], unescapePercents); } } } command.Data = CommandStringConvertor.Unescape(message.Substring(rbIndex + 1), unescapePercents); return true; } catch { command = null; return false; } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/ConfigurationStore.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System.Collections.Generic; using System.IO; using System.Runtime.Serialization; using System.Text; using System.Threading; namespace Microsoft.VisualStudio.Services.Agent { public enum SignatureVerificationMode { Error, Warning, None } public sealed class SignatureVerificationSettings { [DataMember(EmitDefaultValue = false)] public SignatureVerificationMode Mode { get; set; } [DataMember(EmitDefaultValue = false)] public List Fingerprints { get; set; } } // // Settings are persisted in this structure // [DataContract] public sealed class AgentSettings { [DataMember(EmitDefaultValue = false)] public bool AcceptTeeEula { get; set; } [DataMember(EmitDefaultValue = false)] public int AgentId { get; set; } [DataMember(EmitDefaultValue = false)] public string AgentCloudId { get; set; } [DataMember(EmitDefaultValue = false)] public string AgentName { get; set; } [DataMember(EmitDefaultValue = false)] public bool AlwaysExtractTask { get; set; } [DataMember(EmitDefaultValue = false)] public bool EnableServiceSidTypeUnrestricted { get; set; } [IgnoreDataMember] public bool IsMSHosted => AgentCloudId != null; [DataMember(EmitDefaultValue = false)] public string Fingerprint { // This setter is for backwards compatibility with the top level fingerprint setting set { // prefer the new config format to the old if (SignatureVerification == null && value != null) { SignatureVerification = new SignatureVerificationSettings() { Mode = SignatureVerificationMode.Error, Fingerprints = new List() { value } }; } } } [DataMember(EmitDefaultValue = false)] public string NotificationPipeName { get; set; } [DataMember(EmitDefaultValue = false)] public string NotificationSocketAddress { get; set; } [DataMember(EmitDefaultValue = false)] public bool SkipCapabilitiesScan { get; set; } [DataMember(EmitDefaultValue = false)] public bool SkipSessionRecover { get; set; } [DataMember(EmitDefaultValue = false)] public SignatureVerificationSettings SignatureVerification { get; set; } [DataMember(EmitDefaultValue = false)] public bool DisableLogUploads { get; set; } [DataMember(EmitDefaultValue = false)] public bool ReStreamLogsToFiles { get; set; } [DataMember(EmitDefaultValue = false)] public int PoolId { get; set; } [DataMember(EmitDefaultValue = false)] public string PoolName { get; set; } [DataMember(EmitDefaultValue = false)] public string ServerUrl { get; set; } [DataMember(EmitDefaultValue = false)] public string WorkFolder { get; set; } // Do not use Project Name any more to save in agent settings file. Ensure to use ProjectId. // Deployment Group scenario will not work for project rename scenario if we work with projectName [DataMember(EmitDefaultValue = false)] public string ProjectName { get; set; } [DataMember(EmitDefaultValue = false)] public int MachineGroupId { get; set; } [DataMember(EmitDefaultValue = false)] public int DeploymentGroupId { get; set; } [DataMember(EmitDefaultValue = false)] public string ProjectId { get; set; } [DataMember(EmitDefaultValue = false)] public string CollectionName { get; set; } [DataMember(EmitDefaultValue = false)] public string MonitorSocketAddress { get; set; } [DataMember(EmitDefaultValue = false)] public int EnvironmentId { get; set; } [DataMember(EmitDefaultValue = false)] public int EnvironmentVMResourceId { get; set; } [DataMember(EmitDefaultValue = false)] public string EnvironmentName { get; set; } [DataMember(EmitDefaultValue = false)] public int MaxDedupParallelism { get; set; } [DataMember(EmitDefaultValue = false)] public bool DebugMode { get; set; } } [DataContract] public sealed class AutoLogonSettings { [DataMember(EmitDefaultValue = false)] public string UserDomainName { get; set; } [DataMember(EmitDefaultValue = false)] public string UserName { get; set; } } [DataContract] public sealed class AgentRuntimeOptions { [DataMember(EmitDefaultValue = false)] /// Use SecureChannel (only valid on Windows) public bool GitUseSecureChannel { get; set; } } [DataContract] public class SetupInfo { [DataMember] public string Group { get; set; } [DataMember] public string Detail { get; set; } } [ServiceLocator(Default = typeof(ConfigurationStore))] public interface IConfigurationStore : IAgentService { string RootFolder { get; } bool IsConfigured(); bool IsServiceConfigured(); bool IsAutoLogonConfigured(); bool HasCredentials(); CredentialData GetCredentials(); AgentSettings GetSettings(); void SaveCredential(CredentialData credential); void SaveSettings(AgentSettings settings); void DeleteCredential(); void DeleteSettings(); void DeleteAutoLogonSettings(); void SaveAutoLogonSettings(AutoLogonSettings settings); AutoLogonSettings GetAutoLogonSettings(); AgentRuntimeOptions GetAgentRuntimeOptions(); IEnumerable GetSetupInfo(); void SaveAgentRuntimeOptions(AgentRuntimeOptions options); void DeleteAgentRuntimeOptions(); } public sealed class ConfigurationStore : AgentService, IConfigurationStore { private string _binPath; private string _configFilePath; private string _credFilePath; private string _serviceConfigFilePath; private string _autoLogonSettingsFilePath; private string _runtimeOptionsFilePath; private string _setupInfoFilePath; private CredentialData _creds; private AgentSettings _settings; private AutoLogonSettings _autoLogonSettings; private AgentRuntimeOptions _runtimeOptions; private IEnumerable _setupInfo; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); var currentAssemblyLocation = System.Reflection.Assembly.GetEntryAssembly().Location; Trace.Info("currentAssemblyLocation: {0}", currentAssemblyLocation); _binPath = HostContext.GetDirectory(WellKnownDirectory.Bin); Trace.Info("binPath: {0}", _binPath); RootFolder = HostContext.GetDirectory(WellKnownDirectory.Root); Trace.Info("RootFolder: {0}", RootFolder); _configFilePath = hostContext.GetConfigFile(WellKnownConfigFile.Agent); Trace.Info("ConfigFilePath: {0}", _configFilePath); _credFilePath = hostContext.GetConfigFile(WellKnownConfigFile.Credentials); Trace.Info("CredFilePath: {0}", _credFilePath); _serviceConfigFilePath = hostContext.GetConfigFile(WellKnownConfigFile.Service); Trace.Info("ServiceConfigFilePath: {0}", _serviceConfigFilePath); _autoLogonSettingsFilePath = hostContext.GetConfigFile(WellKnownConfigFile.Autologon); Trace.Info("AutoLogonSettingsFilePath: {0}", _autoLogonSettingsFilePath); _runtimeOptionsFilePath = hostContext.GetConfigFile(WellKnownConfigFile.Options); Trace.Info("RuntimeOptionsFilePath: {0}", _runtimeOptionsFilePath); _setupInfoFilePath = hostContext.GetConfigFile(WellKnownConfigFile.SetupInfo); Trace.Info("SetupInfoFilePath: {0}", _setupInfoFilePath); } public string RootFolder { get; private set; } public bool HasCredentials() { Trace.Info("HasCredentials()"); bool credsStored = (new FileInfo(_credFilePath)).Exists; Trace.Info(StringUtil.Format("stored {0}", credsStored)); return credsStored; } public bool IsConfigured() { Trace.Info("IsConfigured()"); bool configured = (new FileInfo(_configFilePath)).Exists; Trace.Info(StringUtil.Format("IsConfigured: {0}", configured)); return configured; } public bool IsServiceConfigured() { Trace.Info("IsServiceConfigured()"); bool serviceConfigured = (new FileInfo(_serviceConfigFilePath)).Exists; Trace.Info($"IsServiceConfigured: {serviceConfigured}"); return serviceConfigured; } public bool IsAutoLogonConfigured() { Trace.Entering(); bool autoLogonConfigured = (new FileInfo(_autoLogonSettingsFilePath)).Exists; Trace.Info($"IsAutoLogonConfigured: {autoLogonConfigured}"); return autoLogonConfigured; } public CredentialData GetCredentials() { if (_creds == null) { _creds = IOUtil.LoadObject(_credFilePath); } return _creds; } public AgentSettings GetSettings() { if (_settings == null) { AgentSettings configuredSettings = null; if (File.Exists(_configFilePath)) { string json = File.ReadAllText(_configFilePath, Encoding.UTF8); Trace.Info($"Read setting file: {json.Length} chars"); configuredSettings = StringUtil.ConvertFromJson(json); } ArgUtil.NotNull(configuredSettings, nameof(configuredSettings)); _settings = configuredSettings; } return _settings; } public AutoLogonSettings GetAutoLogonSettings() { if (_autoLogonSettings == null) { _autoLogonSettings = IOUtil.LoadObject(_autoLogonSettingsFilePath); } return _autoLogonSettings; } public IEnumerable GetSetupInfo() { if (_setupInfo == null) { if (File.Exists(_setupInfoFilePath)) { Trace.Info($"Load machine setup info from {_setupInfoFilePath}"); _setupInfo = IOUtil.LoadObject>(_setupInfoFilePath); } else { _setupInfo = new List(); } } return _setupInfo; } public void SaveCredential(CredentialData credential) { ArgUtil.NotNull(credential, nameof(credential)); Trace.Info(StringUtil.Format("Saving {0} credential @ {1}", credential.Scheme, _credFilePath)); if (File.Exists(_credFilePath)) { // Delete existing credential file first, since the file is hidden and not able to overwrite. Trace.Info("Delete exist agent credential file."); IOUtil.DeleteFile(_credFilePath); } IOUtil.SaveObject(credential, _credFilePath); Trace.Info("Credentials Saved."); File.SetAttributes(_credFilePath, File.GetAttributes(_credFilePath) | FileAttributes.Hidden); } public void SaveSettings(AgentSettings settings) { Trace.Info("Saving agent settings."); if (File.Exists(_configFilePath)) { // Delete existing agent settings file first, since the file is hidden and not able to overwrite. Trace.Info("Delete exist agent settings file."); IOUtil.DeleteFile(_configFilePath); } IOUtil.SaveObject(settings, _configFilePath); Trace.Info("Settings Saved."); File.SetAttributes(_configFilePath, File.GetAttributes(_configFilePath) | FileAttributes.Hidden); } public void SaveAutoLogonSettings(AutoLogonSettings autoLogonSettings) { Trace.Info("Saving autologon settings."); if (File.Exists(_autoLogonSettingsFilePath)) { // Delete existing autologon settings file first, since the file is hidden and not able to overwrite. Trace.Info("Delete existing autologon settings file."); IOUtil.DeleteFile(_autoLogonSettingsFilePath); } IOUtil.SaveObject(autoLogonSettings, _autoLogonSettingsFilePath); Trace.Info("AutoLogon settings Saved."); File.SetAttributes(_autoLogonSettingsFilePath, File.GetAttributes(_autoLogonSettingsFilePath) | FileAttributes.Hidden); } public void DeleteCredential() { IOUtil.Delete(_credFilePath, default(CancellationToken)); } public void DeleteSettings() { IOUtil.Delete(_configFilePath, default(CancellationToken)); } public void DeleteAutoLogonSettings() { IOUtil.Delete(_autoLogonSettingsFilePath, default(CancellationToken)); } public AgentRuntimeOptions GetAgentRuntimeOptions() { if (_runtimeOptions == null && File.Exists(_runtimeOptionsFilePath)) { _runtimeOptions = IOUtil.LoadObject(_runtimeOptionsFilePath); } return _runtimeOptions; } public void SaveAgentRuntimeOptions(AgentRuntimeOptions options) { Trace.Info("Saving runtime options."); if (File.Exists(_runtimeOptionsFilePath)) { // Delete existing runtime options file first, since the file is hidden and not able to overwrite. Trace.Info("Delete exist runtime options file."); IOUtil.DeleteFile(_runtimeOptionsFilePath); } IOUtil.SaveObject(options, _runtimeOptionsFilePath); Trace.Info("Options Saved."); File.SetAttributes(_runtimeOptionsFilePath, File.GetAttributes(_runtimeOptionsFilePath) | FileAttributes.Hidden); } public void DeleteAgentRuntimeOptions() { IOUtil.Delete(_runtimeOptionsFilePath, default(CancellationToken)); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Constants.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Sdk; using System.Collections.Generic; namespace Microsoft.VisualStudio.Services.Agent { public enum WellKnownDirectory { Bin, Externals, LegacyPSHost, Root, ServerOM, Tasks, TaskZips, Tee, Temp, Tf, Tools, Update, Work, TfLegacy, TfLatest, ServerOMLegacy, LegacyPSHostLegacy } public enum WellKnownConfigFile { Agent, Credentials, RSACredentials, Service, CredentialStore, Certificates, Proxy, ProxyCredentials, ProxyBypass, Autologon, Options, SetupInfo, TaskExceptionList // We need to remove this config file - once Node 6 handler is dropped } public static class WellKnownTasks { public static class PluginTaskIds { // We need have the ID for the checkout task for now since it is not present in the azure-pipelines-tasks repo. public static readonly Guid CheckoutTask = new Guid("6d15af64-176c-496d-b583-fd2ae21d4df4"); } public static class MicrosoftExtensionTaskIds { public static readonly Guid GooglePlayIncreaseRolloutTask = new Guid("f8c97cf9-4e17-4244-b0fb-f540cea78153"); public static readonly Guid GooglePlayPromoteTask = new Guid("4dae1f76-29d3-482f-97d5-e3189a8347c2"); public static readonly Guid GooglePlayReleaseTask = new Guid("8cf7cac0-620b-11e5-b4cf-8565e60f4d27"); public static readonly Guid GooglePlayStatusUpdateTask = new Guid("92e6c372-4193-44e5-9db7-58d7d253f4d8"); public static readonly Guid AppStorePromoteTask = new Guid("cbbf7f14-c386-4c1f-80a3-fe500e2bd976"); public static readonly Guid AppStoreReleaseTask = new Guid("2e371150-da5e-11e5-83da-0943b1acc572"); public static readonly Guid IpaResignTask = new Guid("cbbf7f14-c386-4c1f-80a3-fe500e2bd977"); // ms.advancedsecurity-tasks public static readonly Guid AdvancedSecurityPublishTask = new Guid("a95ad3e1-3950-494f-a460-963e3f5f6928"); public static readonly Guid AdvancedSecurityCodeqlAnalyze = new Guid("a9efc1ef-3900-494f-a460-963e3f5f6928"); public static readonly Guid AdvancedSecurityCodeqlAutobuild = new Guid("a63ec2fb-3600-494f-a460-963e3f5f6928"); public static readonly Guid AdvancedSecurityCodeqlInit = new Guid("a34f8529-3300-494f-a460-963e3f5f6928"); public static readonly Guid AdvancedSecurityDependencyScanning = new Guid("f97aace4-962a-441b-9141-b842d806b9c7"); // advancedsecurity.iac-tasks public static readonly Guid TemplateAnalyzerSarif = new Guid("2ff4011a-8c38-46ae-9654-29d7d45ce875"); public static readonly Guid TerrascanSarif = new Guid("f1af679c-4cbf-4952-98c9-c772c8eb9920"); public static readonly Guid TrivySarif = new Guid("93e29b44-e118-445d-b809-ae3c7907bee7"); } public static List RequiredForTelemetry = new() { PluginTaskIds.CheckoutTask, MicrosoftExtensionTaskIds.GooglePlayIncreaseRolloutTask, MicrosoftExtensionTaskIds.GooglePlayPromoteTask, MicrosoftExtensionTaskIds.GooglePlayReleaseTask, MicrosoftExtensionTaskIds.GooglePlayStatusUpdateTask, MicrosoftExtensionTaskIds.AppStorePromoteTask, MicrosoftExtensionTaskIds.AppStoreReleaseTask, MicrosoftExtensionTaskIds.IpaResignTask, MicrosoftExtensionTaskIds.AdvancedSecurityPublishTask, MicrosoftExtensionTaskIds.AdvancedSecurityCodeqlAnalyze, MicrosoftExtensionTaskIds.AdvancedSecurityCodeqlAutobuild, MicrosoftExtensionTaskIds.AdvancedSecurityCodeqlInit, MicrosoftExtensionTaskIds.AdvancedSecurityDependencyScanning, MicrosoftExtensionTaskIds.TemplateAnalyzerSarif, MicrosoftExtensionTaskIds.TerrascanSarif, MicrosoftExtensionTaskIds.TrivySarif }; } public static class Constants { /// Name of environment variable holding the path. public static string PathVariable { get => PlatformUtil.RunningOnWindows ? "Path" : "PATH"; } public static string TFBuild = "TF_BUILD"; public static string ProcessLookupId = "VSTS_PROCESS_LOOKUP_ID"; public static string PluginTracePrefix = "##[plugin.trace]"; public static readonly int AgentDownloadRetryMaxAttempts = 3; public const string projectName = "projectName"; public const string CommandCorrelationIdEnvVar = "COMMAND_CORRELATION_ID"; public const string TaskInternalIssueSource = "TaskInternal"; // Environment variable set on hosted Azure Pipelines images to // store the version of the image public static readonly string ImageVersionVariable = "ImageVersion"; public static class DefaultContainerMounts { public static readonly string Externals = "externals"; public static readonly string Work = "work"; public static readonly string Tasks = "tasks"; public static readonly string Tools = "tools"; } public static class AsyncExecution { public static class Commands { public static class Names { public static readonly string DetectDockerContainer = "DetectDockerContainer"; public static readonly string GetAzureVMMetada = "GetAzureVMMetada"; public static readonly string WindowsPreinstalledGitTelemetry = "WindowsPreinstalledGitTelemetry"; } } } public static class Agent { public static readonly TimeSpan ExitOnUnloadTimeout = TimeSpan.FromSeconds(30); public static class CommandLine { //if you are adding a new arg, please make sure you update the //validArgs array as well present in the CommandSettings.cs public static class Args { public const string Agent = "agent"; public const string Auth = "auth"; public const string CollectionName = "collectionname"; public const string DeploymentGroupName = "deploymentgroupname"; public const string DeploymentPoolName = "deploymentpoolname"; public const string DeploymentGroupTags = "deploymentgrouptags"; public const string EnvironmentName = "environmentname"; public const string EnvironmentVMResourceTags = "virtualmachineresourcetags"; public const string MachineGroupName = "machinegroupname"; public const string MachineGroupTags = "machinegrouptags"; public const string MonitorSocketAddress = "monitorsocketaddress"; public const string NotificationPipeName = "notificationpipename"; public const string NotificationSocketAddress = "notificationsocketaddress"; public const string Pool = "pool"; public const string ProjectName = "projectname"; public const string ProxyUrl = "proxyurl"; public const string ProxyUserName = "proxyusername"; public const string SslCACert = "sslcacert"; public const string SslClientCert = "sslclientcert"; public const string SslClientCertKey = "sslclientcertkey"; public const string SslClientCertArchive = "sslclientcertarchive"; public const string StartupType = "startuptype"; public const string Url = "url"; public const string UserName = "username"; public const string WindowsLogonAccount = "windowslogonaccount"; public const string Work = "work"; public const string ClientId = "clientid"; public const string TenantId = "tenantid"; // Secret args. Must be added to the "Secrets" getter as well. public const string Password = "password"; public const string ProxyPassword = "proxypassword"; public const string SslClientCertPassword = "sslclientcertpassword"; public const string Token = "token"; public const string WindowsLogonPassword = "windowslogonpassword"; public const string ClientSecret = "clientsecret"; public static string[] Secrets => new[] { Password, ProxyPassword, SslClientCertPassword, Token, WindowsLogonPassword, ClientSecret, }; } public static class Commands { public const string Configure = "configure"; public const string Remove = "remove"; public const string Run = "run"; public const string Warmup = "warmup"; public const string ReAuth = "reauth"; } //if you are adding a new flag, please make sure you update the //validFlags array as well present in the CommandSettings.cs public static class Flags { public const string AcceptTeeEula = "acceptteeeula"; public const string AddDeploymentGroupTags = "adddeploymentgrouptags"; public const string AddMachineGroupTags = "addmachinegrouptags"; public const string AddEnvironmentVirtualMachineResourceTags = "addvirtualmachineresourcetags"; public const string AlwaysExtractTask = "alwaysextracttask"; public const string Commit = "commit"; public const string DeploymentGroup = "deploymentgroup"; public const string DeploymentPool = "deploymentpool"; public const string Diagnostics = "diagnostics"; public const string Environment = "environment"; public const string OverwriteAutoLogon = "overwriteautologon"; public const string GitUseSChannel = "gituseschannel"; public const string Help = "help"; public const string DisableLogUploads = "disableloguploads"; public const string ReStreamLogsToFiles = "restreamlogstofiles"; public const string MachineGroup = "machinegroup"; public const string Replace = "replace"; public const string NoRestart = "norestart"; public const string LaunchBrowser = "launchbrowser"; public const string Once = "once"; public const string DebugMode = "debug"; public const string RunAsAutoLogon = "runasautologon"; public const string RunAsService = "runasservice"; public const string PreventServiceStart = "preventservicestart"; public const string SslSkipCertValidation = "sslskipcertvalidation"; public const string Unattended = "unattended"; public const string Version = "version"; public const string EnableServiceSidTypeUnrestricted = "enableservicesidtypeunrestricted"; public const string UseBasicAuthForProxy = "usebasicauthforproxy"; } } public static class ReturnCode { public const int Success = 0; public const int TerminatedError = 1; public const int RetryableError = 2; public const int AgentUpdating = 3; public const int RunOnceAgentUpdating = 4; } public static class AgentConfigurationProvider { public static readonly string BuildReleasesAgentConfiguration = "BuildReleasesAgentConfiguration"; public static readonly string DeploymentAgentConfiguration = "DeploymentAgentConfiguration"; public static readonly string SharedDeploymentAgentConfiguration = "SharedDeploymentAgentConfiguration"; public static readonly string EnvironmentVMResourceConfiguration = "EnvironmentVMResourceConfiguration"; } } public static class Build { public static readonly string NoCICheckInComment = "***NO_CI***"; public static class Path { public static readonly string ArtifactsDirectory = "a"; public static readonly string BinariesDirectory = "b"; public static readonly string GarbageCollectionDirectory = "GC"; public static readonly string LegacyArtifactsDirectory = "artifacts"; public static readonly string LegacyStagingDirectory = "staging"; public static readonly string SourceRootMappingDirectory = "SourceRootMapping"; public static readonly string SourcesDirectory = "s"; public static readonly string TestResultsDirectory = "TestResults"; public static readonly string TopLevelTrackingConfigFile = "Mappings.json"; public static readonly string TrackingConfigFile = "SourceFolder.json"; } } public static class Configuration { public static readonly string AAD = "AAD"; public static readonly string PAT = "PAT"; public static readonly string Alternate = "ALT"; public static readonly string Negotiate = "Negotiate"; public static readonly string Integrated = "Integrated"; public static readonly string OAuth = "OAuth"; public static readonly string ServiceIdentity = "ServiceIdentity"; public static readonly string ServicePrincipal = "SP"; } public static class EndpointData { public static readonly string SourcesDirectory = "SourcesDirectory"; public static readonly string SourceVersion = "SourceVersion"; public static readonly string SourceBranch = "SourceBranch"; public static readonly string SourceTfvcShelveset = "SourceTfvcShelveset"; public static readonly string GatedShelvesetName = "GatedShelvesetName"; public static readonly string GatedRunCI = "GatedRunCI"; } public static class Expressions { public static readonly string Always = "always"; public static readonly string Canceled = "canceled"; public static readonly string Failed = "failed"; public static readonly string Succeeded = "succeeded"; public static readonly string SucceededOrFailed = "succeededOrFailed"; public static readonly string Variables = "variables"; } public static class Path { public static readonly string BinDirectory = "bin"; public static readonly string DiagDirectory = "_diag"; public static readonly string ExternalsDirectory = "externals"; public static readonly string LegacyPSHostDirectory = "vstshost"; public static readonly string LegacyPSHostLegacyDirectory = "vstshost-legacy"; public static readonly string ServerOMDirectory = "tf"; public static readonly string ServerOMLegacyDirectory = "vstsom-legacy"; public static readonly string TempDirectory = "_temp"; public static readonly string TeeDirectory = "tee"; public static readonly string TfDirectory = "tf"; public static readonly string TfLegacyDirectory = "tf-legacy"; public static readonly string TfLatestDirectory = "tf-latest"; public static readonly string ToolDirectory = "_tool"; public static readonly string TaskJsonFile = "task.json"; public static readonly string TasksDirectory = "_tasks"; public static readonly string TaskZipsDirectory = "_taskzips"; public static readonly string UpdateDirectory = "_update"; public static readonly string WorkDirectory = "_work"; } public static class Release { public static readonly string Map = "Map"; public static class Path { public static readonly string ArtifactsDirectory = "a"; public static readonly string CommitsDirectory = "c"; public static readonly string DefinitionMapping = "DefinitionMapping.json"; public static readonly string ReleaseDirectoryPrefix = "r"; public static readonly string ReleaseTempDirectoryPrefix = "t"; public static readonly string RootMappingDirectory = "ReleaseRootMapping"; public static readonly string TrackingConfigFile = "DefinitionMapping.json"; public static readonly string GarbageCollectionDirectory = "GC"; } } // Related to definition variables. public static class Variables { public static readonly string MacroPrefix = "$("; public static readonly string MacroSuffix = ")"; public static class Agent { // // Keep alphabetical. If you add or remove a variable here, do the same in ReadOnlyVariables // public static readonly string AcceptTeeEula = "agent.acceptteeeula"; public static readonly string BuildDirectory = "agent.builddirectory"; public static readonly string CloudId = "agent.cloudid"; public static readonly string ContainerId = "agent.containerid"; public static readonly string ContainerMapping = "agent.containermapping"; public static readonly string ContainerNetwork = "agent.containernetwork"; public static readonly string Diagnostic = "agent.diagnostic"; public static readonly string FixPossibleGitOutOfMemoryProblem = "FIX_POSSIBLE_GIT_OUT_OF_MEMORY_PROBLEM"; public static readonly string HomeDirectory = "agent.homedirectory"; public static readonly string Id = "agent.id"; public static readonly string IsSelfHosted = "agent.isselfhosted"; public static readonly string GitUseSChannel = "agent.gituseschannel"; public static readonly string JobName = "agent.jobname"; public static readonly string JobStatus = "agent.jobstatus"; public static readonly string MachineName = "agent.machinename"; public static readonly string Name = "agent.name"; public static readonly string OS = "agent.os"; public static readonly string OSArchitecture = "agent.osarchitecture"; public static readonly string OSVersion = "agent.osversion"; public static readonly string ProxyUrl = "agent.proxyurl"; public static readonly string ProxyUsername = "agent.proxyusername"; public static readonly string ProxyPassword = "agent.proxypassword"; public static readonly string ProxyBypassList = "agent.proxybypasslist"; public static readonly string UseBasicAuthForProxy = "agent.usebasicauthforproxy"; public static readonly string RetainDefaultEncoding = "agent.retainDefaultEncoding"; public static readonly string ReadOnlyVariables = "agent.readOnlyVariables"; public static readonly string RootDirectory = "agent.RootDirectory"; public static readonly string RunMode = "agent.runMode"; public static readonly string ServerOMDirectory = "agent.ServerOMDirectory"; public static readonly string ServicePortPrefix = "agent.services"; public static readonly string SslCAInfo = "agent.cainfo"; public static readonly string SslClientCert = "agent.clientcert"; public static readonly string SslClientCertKey = "agent.clientcertkey"; public static readonly string SslClientCertArchive = "agent.clientcertarchive"; public static readonly string SslClientCertPassword = "agent.clientcertpassword"; public static readonly string SslSkipCertValidation = "agent.skipcertvalidation"; public static readonly string TempDirectory = "agent.TempDirectory"; public static readonly string ToolsDirectory = "agent.ToolsDirectory"; public static readonly string UseGitLongPaths = "USE_GIT_LONG_PATHS"; public static readonly string UseGitSingleThread = "USE_GIT_SINGLE_THREAD"; public static readonly string Version = "agent.version"; public static readonly string WorkFolder = "agent.workfolder"; public static readonly string WorkingDirectory = "agent.WorkingDirectory"; } public static class Build { // // Keep alphabetical. If you add or remove a variable here, do the same in ReadOnlyVariables // public static readonly string ArtifactStagingDirectory = "build.artifactstagingdirectory"; public static readonly string BinariesDirectory = "build.binariesdirectory"; public static readonly string Clean = "build.clean"; public static readonly string DefinitionName = "build.definitionname"; public static readonly string GatedRunCI = "build.gated.runci"; public static readonly string GatedShelvesetName = "build.gated.shelvesetname"; public static readonly string Number = "build.buildNumber"; public static readonly string RepoClean = "build.repository.clean"; public static readonly string RepoGitSubmoduleCheckout = "build.repository.git.submodulecheckout"; public static readonly string RepoId = "build.repository.id"; public static readonly string RepoLocalPath = "build.repository.localpath"; public static readonly string PipelineRepoName = "pipeline.repository.name"; public static readonly string RepoName = "build.Repository.name"; public static readonly string RepoProvider = "build.repository.provider"; public static readonly string RepoTfvcWorkspace = "build.repository.tfvc.workspace"; public static readonly string RepoUri = "build.repository.uri"; public static readonly string SourceBranch = "build.sourcebranch"; public static readonly string SourceTfvcShelveset = "build.sourcetfvcshelveset"; public static readonly string SourceVersion = "build.sourceversion"; public static readonly string SourceVersionAuthor = "build.sourceversionauthor"; public static readonly string SourceVersionMessage = "build.sourceVersionMessage"; public static readonly string SourcesDirectory = "build.sourcesdirectory"; public static readonly string StagingDirectory = "build.stagingdirectory"; public static readonly string SyncSources = "build.syncSources"; public static readonly string UseServerWorkspaces = "build.useserverworkspaces"; } public static class Common { // // Keep alphabetical. If you add or remove a variable here, do the same in ReadOnlyVariables // public static readonly string TestResultsDirectory = "common.testresultsdirectory"; } public static class Features { // // Keep alphabetical. If you add or remove a variable here, do the same in ReadOnlyVariables // public static readonly string BuildDirectoryClean = "agent.clean.buildDirectory"; public static readonly string GitLfsSupport = "agent.source.git.lfs"; public static readonly string GitShallowDepth = "agent.source.git.shallowFetchDepth"; public static readonly string SkipSyncSource = "agent.source.skip"; } public static class Maintenance { // // Keep alphabetical. If you add or remove a variable here, do the same in ReadOnlyVariables // public static readonly string DeleteWorkingDirectoryDaysThreshold = "maintenance.deleteworkingdirectory.daysthreshold"; public static readonly string JobTimeout = "maintenance.jobtimeoutinminutes"; } public static class Pipeline { // // Keep alphabetical. If you add or remove a variable here, do the same in ReadOnlyVariables // public static readonly string Workspace = "pipeline.workspace"; } public static class Release { // // Keep alphabetical. If you add or remove a variable here, do the same in ReadOnlyVariables // public static readonly string AgentReleaseDirectory = "agent.releaseDirectory"; public static readonly string ArtifactsDirectory = "system.artifactsDirectory"; public static readonly string AttemptNumber = "release.attemptNumber"; public static readonly string DisableRobocopy = "release.disableRobocopy"; public static readonly string ReleaseDefinitionId = "release.definitionId"; public static readonly string ReleaseDefinitionName = "release.definitionName"; public static readonly string ReleaseDescription = "release.releaseDescription"; public static readonly string ReleaseDownloadBufferSize = "release.artifact.download.buffersize"; public static readonly string ReleaseEnvironmentName = "release.environmentName"; public static readonly string ReleaseEnvironmentUri = "release.environmentUri"; public static readonly string ReleaseId = "release.releaseId"; public static readonly string ReleaseName = "release.releaseName"; public static readonly string ReleaseParallelDownloadLimit = "release.artifact.download.parallellimit"; public static readonly string ReleaseRequestedForId = "release.requestedForId"; public static readonly string ReleaseUri = "release.releaseUri"; public static readonly string ReleaseWebUrl = "release.releaseWebUrl"; public static readonly string RequestorId = "release.requestedFor"; public static readonly string RobocopyMT = "release.robocopyMT"; public static readonly string SkipArtifactsDownload = "release.skipartifactsDownload"; } public static class System { // // Keep alphabetical. If you add or remove a variable here, do the same in ReadOnlyVariables // public static readonly string AccessToken = "system.accessToken"; public static readonly string ArtifactsDirectory = "system.artifactsdirectory"; public static readonly string CollectionId = "system.collectionid"; public static readonly string Culture = "system.culture"; public static readonly string Debug = "system.debug"; public static readonly string DefaultWorkingDirectory = "system.defaultworkingdirectory"; public static readonly string DefinitionId = "system.definitionid"; public static readonly string DefinitionName = "system.definitionName"; public static readonly string EnableAccessToken = "system.enableAccessToken"; public static readonly string HostType = "system.hosttype"; public static readonly string IsAzureVM = "system.isazurevm"; public static readonly string IsDockerContainer = "system.isdockercontainer"; public static readonly string JobAttempt = "system.jobAttempt"; public static readonly string JobDisplayName = "system.jobDisplayName"; public static readonly string JobId = "system.jobId"; public static readonly string JobName = "system.jobName"; public static readonly string PhaseAttempt = "system.phaseAttempt"; public static readonly string PhaseDisplayName = "system.phaseDisplayName"; public static readonly string PhaseName = "system.phaseName"; public static readonly string PlanId = "system.planId"; public static readonly string PreferGitFromPath = "system.prefergitfrompath"; public static readonly string PullRequestTargetBranchName = "system.pullrequest.targetbranch"; public static readonly string SelfManageGitCreds = "system.selfmanagegitcreds"; public static readonly string ServerType = "system.servertype"; public static readonly string SourceVersionMessage = "system.sourceVersionMessage"; public static readonly string StageAttempt = "system.stageAttempt"; public static readonly string StageDisplayName = "system.stageDisplayName"; public static readonly string StageName = "system.stageName"; public static readonly string TFServerUrl = "system.TeamFoundationServerUri"; // back compat variable, do not document public static readonly string TeamProject = "system.teamproject"; public static readonly string TeamProjectId = "system.teamProjectId"; public static readonly string WorkFolder = "system.workfolder"; } public static class Task { // // Keep alphabetical. If you add or remove a variable here, do the same in ReadOnlyVariables // public static readonly string DisplayName = "task.displayname"; /// /// Declares requirement to skip translating of strings into checkout tasks. /// It's required to prevent translating of agent system paths in container jobs. /// This is for internal agent usage, set up during task execution and is not indented to be used in /// cross-service communication/obtained by users. /// public static readonly string SkipTranslatorForCheckout = "task.skipTranslatorForCheckout"; /// /// Declares requirement to publish telemetry for task or not. This is based on the IsServedOwned field in the TaskStep info /// which the agent obtains from the execution plan (AgentJobRequestMessage) and also some certain that required for telemetry. /// The main idea is to avoid publishing telemetry from the customer's tasks that is installed using TFS-CLI tool. /// public static readonly string PublishTelemetry = "task.publishTelemetry"; } public static List ReadOnlyVariables = new List(){ // Agent variables Agent.AcceptTeeEula, Agent.BuildDirectory, Agent.CloudId, Agent.ContainerId, Agent.ContainerMapping, Agent.ContainerNetwork, Agent.Diagnostic, Agent.FixPossibleGitOutOfMemoryProblem, Agent.GitUseSChannel, Agent.HomeDirectory, Agent.Id, Agent.IsSelfHosted, Agent.JobName, Agent.JobStatus, Agent.MachineName, Agent.Name, Agent.OS, Agent.OSArchitecture, Agent.OSVersion, Agent.UseBasicAuthForProxy, Agent.ProxyBypassList, Agent.ProxyPassword, Agent.ProxyUrl, Agent.ProxyUsername, Agent.ReadOnlyVariables, Agent.RetainDefaultEncoding, Agent.RootDirectory, Agent.RunMode, Agent.ServerOMDirectory, Agent.ServicePortPrefix, Agent.SslCAInfo, Agent.SslClientCert, Agent.SslClientCertArchive, Agent.SslClientCertKey, Agent.SslClientCertPassword, Agent.SslSkipCertValidation, Agent.TempDirectory, Agent.ToolsDirectory, Agent.UseGitLongPaths, Agent.UseGitSingleThread, Agent.Version, Agent.WorkFolder, Agent.WorkingDirectory, // Build variables Build.ArtifactStagingDirectory, Build.BinariesDirectory, Build.Clean, Build.DefinitionName, Build.GatedRunCI, Build.GatedShelvesetName, Build.Number, Build.PipelineRepoName, Build.RepoClean, Build.RepoGitSubmoduleCheckout, Build.RepoId, Build.RepoLocalPath, Build.RepoName, Build.RepoProvider, Build.RepoTfvcWorkspace, Build.RepoUri, Build.SourceBranch, Build.SourceTfvcShelveset, Build.SourceVersion, Build.SourceVersionAuthor, Build.SourceVersionMessage, Build.SourcesDirectory, Build.StagingDirectory, Build.SyncSources, Build.UseServerWorkspaces, // Common variables Common.TestResultsDirectory, // Feature variables Features.BuildDirectoryClean, Features.GitLfsSupport, Features.GitShallowDepth, Features.SkipSyncSource, // Pipeline variables Pipeline.Workspace, // Release variables Release.AgentReleaseDirectory, Release.ArtifactsDirectory, Release.AttemptNumber, Release.DisableRobocopy, Release.ReleaseDefinitionId, Release.ReleaseDefinitionName, Release.ReleaseDescription, Release.ReleaseDownloadBufferSize, Release.ReleaseEnvironmentName, Release.ReleaseEnvironmentUri, Release.ReleaseId, Release.ReleaseName, Release.ReleaseParallelDownloadLimit, Release.ReleaseRequestedForId, Release.ReleaseUri, Release.ReleaseWebUrl, Release.RequestorId, Release.RobocopyMT, Release.SkipArtifactsDownload, // System variables System.AccessToken, System.ArtifactsDirectory, System.CollectionId, System.Culture, System.Debug, System.DefaultWorkingDirectory, System.DefinitionId, System.DefinitionName, System.EnableAccessToken, System.HostType, System.IsAzureVM, System.IsDockerContainer, System.JobAttempt, System.JobDisplayName, System.JobId, System.JobName, System.PhaseAttempt, System.PhaseDisplayName, System.PhaseName, System.PlanId, System.PreferGitFromPath, System.PullRequestTargetBranchName, System.SelfManageGitCreds, System.ServerType, System.SourceVersionMessage, System.StageAttempt, System.StageDisplayName, System.StageName, System.TFServerUrl, System.TeamProject, System.TeamProjectId, System.WorkFolder, // Task variables Task.DisplayName, Task.SkipTranslatorForCheckout, Task.PublishTelemetry }; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/CorrelationContextManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading; namespace Microsoft.VisualStudio.Services.Agent { /// /// Interface for objects that can provide correlation IDs /// public interface ICorrelationContext { /// /// Builds the correlation ID for this context /// string BuildCorrelationId(); } /// /// Manages correlation context for tracking logs across steps and tasks. /// [ServiceLocator(Default = typeof(CorrelationContextManager))] public interface ICorrelationContextManager : IDisposable { /// /// Sets the current execution context for correlation tracking /// void SetCurrentExecutionContext(ICorrelationContext executionContext); /// /// Clears the current execution context /// void ClearCurrentExecutionContext(); /// /// Builds the correlation ID from the current context /// string BuildCorrelationId(); } /// /// Implementation of correlation context manager using AsyncLocal for async flow /// internal sealed class CorrelationContextManager : ICorrelationContextManager { private readonly AsyncLocal _currentExecutionContext = new AsyncLocal(); public void SetCurrentExecutionContext(ICorrelationContext executionContext) { _currentExecutionContext.Value = executionContext; } public void ClearCurrentExecutionContext() { _currentExecutionContext.Value = null; } public string BuildCorrelationId() { var currentContext = _currentExecutionContext.Value; return currentContext?.BuildCorrelationId() ?? string.Empty; } public void Dispose() { // Clear context on disposal _currentExecutionContext.Value = null; } } /// /// No-op implementation of ICorrelationContextManager for backward compatibility. /// Used when IHostContext is not available but correlation functionality is requested. /// This prevents breaking existing code while gracefully disabling enhanced logging correlation. /// internal sealed class NoOpCorrelationContextManager : ICorrelationContextManager { public void SetCurrentExecutionContext(ICorrelationContext executionContext) { // No-op: Do nothing when correlation context is not supported } public void ClearCurrentExecutionContext() { // No-op: Do nothing when correlation context is not supported } public string BuildCorrelationId() { // Return empty string when correlation is not available return string.Empty; } public void Dispose() { // No-op: Nothing to dispose } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/CredentialData.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; namespace Microsoft.VisualStudio.Services.Agent { public sealed class CredentialData { public string Scheme { get; set; } public Dictionary Data { get { if (_data == null) { _data = new Dictionary(StringComparer.OrdinalIgnoreCase); } return _data; } } private Dictionary _data; } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/DeploymentGroupServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; using System.Collections.Generic; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.WebApi; using System.Linq; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(DeploymentGroupServer))] public interface IDeploymentGroupServer : IAgentService { Task ConnectAsync(VssConnection agentConnection); // Configuration Task> GetDeploymentGroupsAsync(string projectName, string machineGroupName); // Update Machine Group ( Used for adding tags) Task> UpdateDeploymentTargetsAsync(Guid projectId, int deploymentGroupId, List deploymentMachine); // Add Deployment Machine Task AddDeploymentTargetAsync(Guid projectId, int deploymentGroupId, DeploymentMachine machine); // Replace Deployment Machine Task ReplaceDeploymentTargetAsync(Guid projectId, int deploymentGroupId, int machineId, DeploymentMachine machine); // Delete Deployment Machine Task DeleteDeploymentTargetAsync(string projectName, int deploymentGroupId, int machineId); Task DeleteDeploymentTargetAsync(Guid projectId, int deploymentGroupId, int machineId); // Get Deployment Machines Task> GetDeploymentTargetsAsync(string projectName, int deploymentGroupId, string machineName); Task> GetDeploymentTargetsAsync(Guid projectGuid, int deploymentGroupId, string machineName); } public sealed class DeploymentGroupServer : AgentService, IDeploymentGroupServer { private bool _hasConnection; private VssConnection _connection; private TaskAgentHttpClient _taskAgentClient; public async Task ConnectAsync(VssConnection agentConnection) { ArgUtil.NotNull(agentConnection, nameof(agentConnection)); _connection = agentConnection; if (!_connection.HasAuthenticated) { await _connection.ConnectAsync(); } _taskAgentClient = _connection.GetClient(); _hasConnection = true; } private void CheckConnection() { if (!_hasConnection) { throw new InvalidOperationException("SetConnection"); } } //----------------------------------------------------------------- // Configuration //----------------------------------------------------------------- public Task> GetDeploymentGroupsAsync(string projectName, string machineGroupName) { CheckConnection(); return _taskAgentClient.GetDeploymentGroupsAsync(projectName, machineGroupName); } public Task AddDeploymentTargetAsync(Guid projectId, int deploymentGroupId, DeploymentMachine machine) { CheckConnection(); return _taskAgentClient.AddDeploymentTargetAsync(projectId, deploymentGroupId, machine); } public Task ReplaceDeploymentTargetAsync(Guid projectId, int deploymentGroupId, int machineId, DeploymentMachine machine) { CheckConnection(); return _taskAgentClient.ReplaceDeploymentTargetAsync(projectId, deploymentGroupId, machineId, machine); } public Task DeleteDeploymentTargetAsync(string projectName, int deploymentGroupId, int machineId) { CheckConnection(); return _taskAgentClient.DeleteDeploymentTargetAsync(projectName, deploymentGroupId, machineId); } public Task DeleteDeploymentTargetAsync(Guid projectId, int deploymentGroupId, int machineId) { CheckConnection(); return _taskAgentClient.DeleteDeploymentTargetAsync(projectId, deploymentGroupId, machineId); } public Task> GetDeploymentTargetsAsync(string projectName, int deploymentGroupId, string machineName) { CheckConnection(); return _taskAgentClient.GetDeploymentTargetsAsync(projectName, deploymentGroupId, tags: null, name: machineName); } public Task> GetDeploymentTargetsAsync(Guid projectGuid, int deploymentGroupId, string machineName) { CheckConnection(); return _taskAgentClient.GetDeploymentTargetsAsync(projectGuid, deploymentGroupId, tags: null, name: machineName); } //----------------------------------------------------------------- // Update //----------------------------------------------------------------- public Task> UpdateDeploymentTargetsAsync(Guid projectId, int deploymentGroupId, List deploymentMachine) { CheckConnection(); var deploymentTargetUpdateParameter = deploymentMachine.Select(machine => new DeploymentTargetUpdateParameter { Id = machine.Id, Tags = machine.Tags }).ToList(); return _taskAgentClient.UpdateDeploymentTargetsAsync(projectId, deploymentGroupId, deploymentTargetUpdateParameter); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/EnhancedTracing.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Diagnostics; using System.Runtime.CompilerServices; using Agent.Sdk.SecretMasking; namespace Microsoft.VisualStudio.Services.Agent { public sealed class EnhancedTracing : Tracing { private readonly ICorrelationContextManager _correlationContextManager; public EnhancedTracing(string name, ILoggedSecretMasker secretMasker, ICorrelationContextManager correlationContextManager, SourceSwitch sourceSwitch, HostTraceListener traceListener) : base(name, secretMasker, sourceSwitch, traceListener) { _correlationContextManager = correlationContextManager ?? throw new ArgumentNullException(nameof(correlationContextManager)); } // Override ALL base methods to ensure enhanced logging for any call signature public override void Info(string message, [CallerMemberName] string operation = "") { LogWithOperation(TraceEventType.Information, message, operation); } public override void Info(object item, [CallerMemberName] string operation = "") { LogWithOperation(TraceEventType.Information, item?.ToString() ?? "null", operation); } // Override ALL Error methods to ensure enhanced logging public override void Error(Exception exception, [CallerMemberName] string operation = "") { ArgUtil.NotNull(exception, nameof(exception)); LogWithOperation(TraceEventType.Error, exception.ToString(), operation); } public override void Error(string message, [CallerMemberName] string operation = "") { LogWithOperation(TraceEventType.Error, message, operation); } // Override ALL Warning methods to ensure enhanced logging public override void Warning(string message, [CallerMemberName] string operation = "") { LogWithOperation(TraceEventType.Warning, message, operation); } // Override ALL Verbose methods to ensure enhanced logging public override void Verbose(string message, [CallerMemberName] string operation = "") { LogWithOperation(TraceEventType.Verbose, message, operation); } public override void Verbose(object item, [CallerMemberName] string operation = "") { LogWithOperation(TraceEventType.Verbose, item?.ToString() ?? "null", operation); } public override void Entering([CallerMemberName] string name = "") { LogWithOperation(TraceEventType.Verbose, $"Entering {name}", name); } public override IDisposable EnteringWithDuration([CallerMemberName] string name = "") { LogWithOperation(TraceEventType.Verbose, $"Entering {name}", name); return new MethodTimer(this, name); } public override void Leaving([CallerMemberName] string name = "") { LogWithOperation(TraceEventType.Verbose, $"Leaving {name}", name); } internal void LogLeavingWithDuration(string methodName, TimeSpan duration) { var formattedDuration = FormatDuration(duration); var message = $"Leaving {methodName} (Duration: {formattedDuration})"; LogWithOperation(TraceEventType.Verbose, message, methodName); } private void LogWithOperation(TraceEventType eventType, string message, string operation) { var enhancedMessage = FormatEnhancedLogMessage(message, operation); base.Trace(eventType, enhancedMessage); } private string FormatEnhancedLogMessage(string message, string operation) { var correlation = GetCorrelationId(); var correlationPart = !string.IsNullOrEmpty(correlation) ? $"[{correlation}]" : ""; var operationPart = !string.IsNullOrEmpty(operation) ? $"[{operation}]" : ""; return $"{operationPart} {message} {correlationPart}".TrimEnd(); } private string GetCorrelationId() { return _correlationContextManager.BuildCorrelationId(); } private string FormatDuration(TimeSpan duration) { if (duration.TotalHours >= 1) return $"{(int)duration.TotalHours}h {duration.Minutes}m {duration.Seconds}.{duration.Milliseconds:D3}s"; if (duration.TotalMinutes >= 1) return $"{duration.Minutes}m {duration.Seconds}.{duration.Milliseconds:D3}s"; if (duration.TotalSeconds >= 1) return $"{duration.TotalSeconds:F3}s"; return $"{duration.TotalMilliseconds:F2}ms"; } private sealed class MethodTimer : IDisposable { private readonly EnhancedTracing _tracing; private readonly string _methodName; private readonly Stopwatch _stopwatch; private bool _disposed = false; public MethodTimer(EnhancedTracing tracing, string methodName) { _tracing = tracing; _methodName = methodName; _stopwatch = Stopwatch.StartNew(); } public void Dispose() { if (!_disposed) { _disposed = true; _stopwatch.Stop(); _tracing.LogLeavingWithDuration(_methodName, _stopwatch.Elapsed); } } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/EnvironmentsServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Threading.Tasks; using Microsoft.Azure.Pipelines.Environments.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(EnvironmentsServer))] public interface IEnvironmentsServer : IAgentService { Task ConnectAsync(VssConnection agentConnection); // Configuration Task> GetEnvironmentsAsync(string projectName, string environmentName); // Update Machine Group ( Used for adding tags) Task UpdateEnvironmentVMsAsync(Guid projectId, int environmentId, VirtualMachineResource virtualMachineResource); // Add Deployment Machine Task AddEnvironmentVMAsync(Guid projectId, int environmentId, VirtualMachineResource virtualMachineResource); // Replace Deployment Machine Task ReplaceEnvironmentVMAsync(Guid projectId, int environmentId, VirtualMachineResource virtualMachineResource); // Delete Deployment Machine Task DeleteEnvironmentVMAsync(string projectName, int environmentId, int virtualMachineId); Task DeleteEnvironmentVMAsync(Guid projectId, int environmentId, int virtualMachineId); Task> GetEnvironmentVMsAsync(string projectName, int environmentId, string virtualMachine); Task> GetEnvironmentVMsAsync(Guid projectGuid, int environmentId, string virtualMachine); Task GetEnvironmentPoolAsync(Guid projectGuid, int environmentId); } public sealed class EnvironmentsServer : AgentService, IEnvironmentsServer { private bool _hasConnection; private VssConnection _connection; private EnvironmentsHttpClient _environmentsHttpClient; public async Task ConnectAsync(VssConnection agentConnection) { ArgUtil.NotNull(agentConnection, nameof(agentConnection)); _connection = agentConnection; if (!_connection.HasAuthenticated) { await _connection.ConnectAsync(); } _environmentsHttpClient = _connection.GetClient(); _hasConnection = true; } public Task> GetEnvironmentsAsync(string projectName, string environmentName) { CheckConnection(); return _environmentsHttpClient.GetEnvironmentsAsync(projectName, environmentName); } public Task UpdateEnvironmentVMsAsync(Guid projectId, int environmentId, VirtualMachineResource virtualMachineResource) { CheckConnection(); return _environmentsHttpClient.UpdateVirtualMachineResourceAsync(projectId, environmentId, virtualMachineResource); } public Task AddEnvironmentVMAsync(Guid projectId, int environmentId, VirtualMachineResource virtualMachineResource) { CheckConnection(); var virtualMachineResourceCreateParameters = new VirtualMachineResourceCreateParameters(); virtualMachineResourceCreateParameters.virtualMachineResource = virtualMachineResource; return _environmentsHttpClient.AddVirtualMachineResourceAsync(projectId.ToString(), environmentId, virtualMachineResourceCreateParameters); } public Task ReplaceEnvironmentVMAsync(Guid projectId, int environmentId, VirtualMachineResource virtualMachineResource) { CheckConnection(); return _environmentsHttpClient.ReplaceVirtualMachineResourceAsync(projectId, environmentId, virtualMachineResource); } public Task DeleteEnvironmentVMAsync(string projectName, int environmentId, int virtualMachineId) { CheckConnection(); return _environmentsHttpClient.DeleteVirtualMachineResourceAsync(projectName, environmentId, virtualMachineId); } public Task DeleteEnvironmentVMAsync(Guid projectId, int environmentId, int virtualMachineId) { CheckConnection(); return _environmentsHttpClient.DeleteVirtualMachineResourceAsync(projectId, environmentId, virtualMachineId); } public Task> GetEnvironmentVMsAsync(string projectName, int environmentId, string virtualMachine) { CheckConnection(); return _environmentsHttpClient.GetVirtualMachineResourcesAsync(projectName, environmentId, virtualMachine); } public Task> GetEnvironmentVMsAsync(Guid projectGuid, int environmentId, string virtualMachine) { CheckConnection(); return _environmentsHttpClient.GetVirtualMachineResourcesAsync(projectGuid, environmentId, virtualMachine); } public Task GetEnvironmentPoolAsync(Guid projectGuid, int environmentId) { CheckConnection(); return _environmentsHttpClient.GetLinkedPoolAsync(projectGuid, environmentId); } private void CheckConnection() { if (!_hasConnection) { throw new InvalidOperationException("SetConnection"); } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Exceptions.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.VisualStudio.Services.Agent { public class NonRetryableException : Exception { public NonRetryableException() : base() { } public NonRetryableException(string message) : base(message) { } public NonRetryableException(string message, Exception inner) : base(message, inner) { } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/ExtensionManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.Linq; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(ExtensionManager))] public interface IExtensionManager : IAgentService { List GetExtensions() where T : class, IExtension; } public sealed class ExtensionManager : AgentService, IExtensionManager { private readonly ConcurrentDictionary> _cache = new ConcurrentDictionary>(); public List GetExtensions() where T : class, IExtension { Trace.Info("Getting extensions for interface: '{0}'", typeof(T).FullName); List extensions = _cache.GetOrAdd( key: typeof(T), valueFactory: (Type key) => { return LoadExtensions(); }); return extensions.Select(x => x as T).ToList(); } // // We will load extensions from assembly // once AssemblyLoadContext.Resolving event is able to // resolve dependency recursively // private List LoadExtensions() where T : class, IExtension { var extensions = new List(); switch (typeof(T).FullName) { // Listener capabilities providers. case "Microsoft.VisualStudio.Services.Agent.Capabilities.ICapabilitiesProvider": Add(extensions, "Microsoft.VisualStudio.Services.Agent.Capabilities.AgentCapabilitiesProvider, Microsoft.VisualStudio.Services.Agent"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Capabilities.EnvironmentCapabilitiesProvider, Microsoft.VisualStudio.Services.Agent"); if (PlatformUtil.RunningOnLinux || PlatformUtil.RunningOnMacOS) { Add(extensions, "Microsoft.VisualStudio.Services.Agent.Capabilities.NixCapabilitiesProvider, Microsoft.VisualStudio.Services.Agent"); } if (PlatformUtil.RunningOnWindows) { Add(extensions, "Microsoft.VisualStudio.Services.Agent.Capabilities.PowerShellCapabilitiesProvider, Microsoft.VisualStudio.Services.Agent"); } Add(extensions, "Microsoft.VisualStudio.Services.Agent.Capabilities.UserCapabilitiesProvider, Microsoft.VisualStudio.Services.Agent"); break; // Listener agent configuration providers case "Microsoft.VisualStudio.Services.Agent.Listener.Configuration.IConfigurationProvider": Add(extensions, "Microsoft.VisualStudio.Services.Agent.Listener.Configuration.BuildReleasesAgentConfigProvider, Agent.Listener"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Listener.Configuration.DeploymentGroupAgentConfigProvider, Agent.Listener"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Listener.Configuration.SharedDeploymentAgentConfigProvider, Agent.Listener"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Listener.Configuration.EnvironmentVMResourceConfigProvider, Agent.Listener"); break; // Worker job extensions. case "Microsoft.VisualStudio.Services.Agent.Worker.IJobExtension": Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Build.BuildJobExtension, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Release.ReleaseJobExtension, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Release.DeploymentJobExtension, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Maintenance.MaintenanceJobExtension, Agent.Worker"); break; // Worker command extensions. case "Microsoft.VisualStudio.Services.Agent.Worker.IWorkerCommandExtension": Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.TaskCommandExtension, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Build.ArtifactCommandExtension, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Build.BuildCommandExtension, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage.CodeCoverageCommandExtension, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.TestResults.ResultsCommandExtension, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Telemetry.TelemetryCommandExtension, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Release.ReleaseCommandExtension, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.PluginInternalCommandExtension, Agent.Worker"); break; // Worker build source providers. case "Microsoft.VisualStudio.Services.Agent.Worker.Build.ISourceProvider": Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Build.ExternalGitSourceProvider, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Build.GitHubSourceProvider, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Build.GitHubEnterpriseSourceProvider, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Build.BitbucketSourceProvider, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Build.SvnSourceProvider, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Build.TfsGitSourceProvider, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Build.TfsVCSourceProvider, Agent.Worker"); break; // Worker release artifact extensions. case "Microsoft.VisualStudio.Services.Agent.Worker.Release.IArtifactExtension": Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.BuildArtifact, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.JenkinsArtifact, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.GitHubArtifact, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.TfsGitArtifact, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.TfsVCArtifact, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.CustomArtifact, Agent.Worker"); break; // Worker test result readers. case "Microsoft.VisualStudio.Services.Agent.Worker.LegacyTestResults.IResultReader": Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.LegacyTestResults.JUnitResultReader, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.LegacyTestResults.NUnitResultReader, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.LegacyTestResults.CTestResultReader, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.LegacyTestResults.TrxResultReader, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.LegacyTestResults.XUnitResultReader, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.LegacyTestResults.ContainerStructureTestResultReader, Agent.Worker"); break; // Worker test result parser. case "Microsoft.VisualStudio.Services.Agent.Worker.TestResults.IParser": Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.TestResults.JUnitParser, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.TestResults.NUnitParser, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.TestResults.CTestParser, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.TestResults.TrxParser, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.TestResults.XUnitParser, Agent.Worker"); break; // Worker code coverage summary reader extensions. case "Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage.ICodeCoverageSummaryReader": Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage.JaCoCoSummaryReader, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage.CoberturaSummaryReader, Agent.Worker"); break; // Worker maintenance service provider extensions. case "Microsoft.VisualStudio.Services.Agent.Worker.Maintenance.IMaintenanceServiceProvider": Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Build.WorkspaceMaintenanceProvider, Agent.Worker"); Add(extensions, "Microsoft.VisualStudio.Services.Agent.Worker.Release.ReleaseDirectoryManager, Agent.Worker"); break; default: // This should never happen. throw new NotSupportedException($"Unexpected extension type: '{typeof(T).FullName}'"); } return extensions; } private void Add(List extensions, string assemblyQualifiedName) where T : class, IExtension { Trace.Info($"Creating instance: {assemblyQualifiedName}"); Type type = Type.GetType(assemblyQualifiedName, throwOnError: true); var extension = Activator.CreateInstance(type) as T; ArgUtil.NotNull(extension, nameof(extension)); extension.Initialize(HostContext); extensions.Add(extension); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Extensions.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent { //this code is documented on http://blogs.msdn.com/b/pfxteam/archive/2012/10/05/how-do-i-cancel-non-cancelable-async-operations.aspx public static class Extensions { public static async Task WithCancellation(this Task task, CancellationToken cancellationToken) { var tcs = new TaskCompletionSource(); using (cancellationToken.Register( s => ((TaskCompletionSource)s).TrySetResult(true), tcs)) if (task != await Task.WhenAny(task, tcs.Task)) throw new OperationCanceledException(cancellationToken); return await task; } public static async Task WithCancellation(this Task task, CancellationToken cancellationToken) { var tcs = new TaskCompletionSource(); using (cancellationToken.Register( s => ((TaskCompletionSource)s).TrySetResult(true), tcs)) if (task != await Task.WhenAny(task, tcs.Task)) throw new OperationCanceledException(cancellationToken); await task; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/HostContext.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.Globalization; using System.IO; using System.Linq; using System.Reflection; using System.Runtime.Loader; using System.Threading; using System.Threading.Tasks; using System.Diagnostics; using System.Net.Http; using System.Diagnostics.Tracing; using System.Net.Http.Headers; using Agent.Sdk.SecretMasking; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Agent.Sdk.Util; using Microsoft.TeamFoundation.DistributedTask.Logging; using Microsoft.Security.Utilities; namespace Microsoft.VisualStudio.Services.Agent { public interface IHostContext : IDisposable, IKnobValueContext { StartupType StartupType { get; set; } CancellationToken AgentShutdownToken { get; } ShutdownReason AgentShutdownReason { get; } ILoggedSecretMasker SecretMasker { get; } ICorrelationContextManager CorrelationContextManager { get; } ProductInfoHeaderValue UserAgent { get; } string GetDirectory(WellKnownDirectory directory); string GetDiagDirectory(HostType hostType = HostType.Undefined); string GetConfigFile(WellKnownConfigFile configFile); Tracing GetTrace(string name); Task Delay(TimeSpan delay, CancellationToken cancellationToken); T CreateService() where T : class, IAgentService; T GetService() where T : class, IAgentService; void SetDefaultCulture(string name); event EventHandler Unloading; void ShutdownAgent(ShutdownReason reason); void WritePerfCounter(string counter); void EnableHttpTrace(); ContainerInfo CreateContainerInfo(Pipelines.ContainerResource container, Boolean isJobContainer = true); // Added for flush logs support CancellationToken WorkerShutdownForTimeout { get; } void ShutdownWorkerForTimeout(); } public enum StartupType { Manual, Service, AutoStartup } public enum HostType { Undefined, // Default value, used when getting the current hostContext type Worker, Agent } public class HostContext : EventListener, IObserver, IObserver>, IHostContext { private const int _defaultLogPageSize = 8; //MB private static int _defaultLogRetentionDays = 30; private static int[] _vssHttpMethodEventIds = new int[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 24 }; private static int[] _vssHttpCredentialEventIds = new int[] { 11, 13, 14, 15, 16, 17, 18, 20, 21, 22, 27, 29 }; private readonly ConcurrentDictionary _serviceInstances = new ConcurrentDictionary(); protected readonly ConcurrentDictionary ServiceTypes = new ConcurrentDictionary(); private ILoggedSecretMasker _secretMasker; private ICorrelationContextManager _correlationContextManager; private readonly ProductInfoHeaderValue _userAgent = new ProductInfoHeaderValue($"VstsAgentCore-{BuildConstants.AgentPackage.PackageName}", BuildConstants.AgentPackage.Version); private CancellationTokenSource _agentShutdownTokenSource = new CancellationTokenSource(); private CancellationTokenSource _workerShutdownForTimeout = new CancellationTokenSource(); private object _perfLock = new object(); private Tracing _trace; private Tracing _vssTrace; private Tracing _httpTrace; private ITraceManager _traceManager; private AssemblyLoadContext _loadContext; private IDisposable _httpTraceSubscription; private IDisposable _diagListenerSubscription; private StartupType _startupType; private string _perfFile; private HostType _hostType; public event EventHandler Unloading; public CancellationToken AgentShutdownToken => _agentShutdownTokenSource.Token; public CancellationToken WorkerShutdownForTimeout => _workerShutdownForTimeout.Token; public ShutdownReason AgentShutdownReason { get; private set; } public ILoggedSecretMasker SecretMasker => _secretMasker; public ICorrelationContextManager CorrelationContextManager => _correlationContextManager; public ProductInfoHeaderValue UserAgent => _userAgent; public HostContext(HostType hostType, string logFile = null) { // Validate args. if (hostType == HostType.Undefined) { throw new ArgumentException(message: $"HostType cannot be {HostType.Undefined}"); } _hostType = hostType; _loadContext = AssemblyLoadContext.GetLoadContext(typeof(HostContext).GetTypeInfo().Assembly); _loadContext.Unloading += LoadContext_Unloading; _secretMasker = CreateSecretMasker(); _correlationContextManager = new CorrelationContextManager(); // Create the trace manager. if (string.IsNullOrEmpty(logFile)) { int logPageSize; string logSizeEnv = Environment.GetEnvironmentVariable($"{_hostType.ToString().ToUpperInvariant()}_LOGSIZE"); if (!string.IsNullOrEmpty(logSizeEnv) || !int.TryParse(logSizeEnv, out logPageSize)) { logPageSize = _defaultLogPageSize; } int logRetentionDays; string logRetentionDaysEnv = Environment.GetEnvironmentVariable($"{_hostType.ToString().ToUpperInvariant()}_LOGRETENTION"); if (!string.IsNullOrEmpty(logRetentionDaysEnv) || !int.TryParse(logRetentionDaysEnv, out logRetentionDays)) { logRetentionDays = _defaultLogRetentionDays; } // this should give us _diag folder under agent root directory as default value for diagLogDirctory string diagLogPath = GetDiagDirectory(_hostType); _traceManager = new TraceManager(new HostTraceListener(diagLogPath, hostType.ToString(), logPageSize, logRetentionDays), this.SecretMasker, this, hostType); // Make the trace manager available via the service locator. _serviceInstances.TryAdd(typeof(ITraceManager), _traceManager); } else { _traceManager = new TraceManager(new HostTraceListener(logFile), this.SecretMasker, this, hostType); // Make the trace manager available via the service locator. _serviceInstances.TryAdd(typeof(ITraceManager), _traceManager); } _trace = GetTrace(nameof(HostContext)); this.SecretMasker.SetTrace(_trace); _vssTrace = GetTrace(nameof(VisualStudio) + nameof(VisualStudio.Services)); // VisualStudioService // Enable Http trace - check environment variable directly during initialization // (RuntimeKnobSource not available during HostContext initialization) string httpTraceEnvVar = Environment.GetEnvironmentVariable("VSTS_AGENT_HTTPTRACE"); _trace.Info($"HTTP Trace Environment Variable: '{httpTraceEnvVar}'"); if (!string.IsNullOrEmpty(httpTraceEnvVar) && StringUtil.ConvertToBoolean(httpTraceEnvVar)) { _trace.Info("Enabling HTTP trace via environment variable"); PrintHttpTraceWarning(); _httpTrace = GetTrace("HttpTrace"); _diagListenerSubscription = DiagnosticListener.AllListeners.Subscribe(this); } else { _trace.Info("HTTP trace not enabled - environment variable not set or false"); } // Enable perf counter trace string perfCounterLocation = AgentKnobs.AgentPerflog.GetValue(this).AsString(); if (!string.IsNullOrEmpty(perfCounterLocation)) { try { Directory.CreateDirectory(perfCounterLocation); _perfFile = Path.Combine(perfCounterLocation, $"{hostType}.perf"); } catch (Exception ex) { _trace.Error(ex); } } } private ILoggedSecretMasker CreateSecretMasker() { // When enabled, use the new OSS package-provided secret masker from // Microsoft.Security.Utilities.Core. Otherwise, use the legacy // secret masker from VSO. This will also add additional // 'PreciselyClassifiedSecurityKeys' regexes. This class of pattern // effectively admits no false positives and is strongly oriented on // detecting the latest Azure provider API key formats. bool enableNewMaskerAndRegexes = AgentKnobs.EnableNewMaskerAndRegexes.GetValue(this).AsBoolean(); #pragma warning disable CA2000 // Dispose objects before losing scope. False positive: LoggedSecretMasker takes ownership. IRawSecretMasker rawSecretMasker; if (enableNewMaskerAndRegexes) { rawSecretMasker = new OssSecretMasker(WellKnownRegexPatterns.PreciselyClassifiedSecurityKeys); } else { rawSecretMasker = new LegacySecretMasker(); } ILoggedSecretMasker secretMasker = LoggedSecretMasker.Create(rawSecretMasker); #pragma warning restore CA2000 // Dispose objects before losing scope. secretMasker.AddValueEncoder(ValueEncoders.JsonStringEscape, $"HostContext_{WellKnownSecretAliases.JsonStringEscape}"); secretMasker.AddValueEncoder(ValueEncoders.UriDataEscape, $"HostContext_{WellKnownSecretAliases.UriDataEscape}"); secretMasker.AddValueEncoder(ValueEncoders.BackslashEscape, $"HostContext_{WellKnownSecretAliases.UriDataEscape}"); // NOTE: URL credentials are always masked by regex, by both the new // OSS masker and the legacy masker. // // When using the new masker, we could use its `UrlCredentials` // pattern instead of this built-in regex, but there are some // differences in behavior that we need to reconcile first: // https://github.com/microsoft/security-utilities/issues/175 secretMasker.AddRegex(AdditionalMaskingRegexes.UrlSecretPattern, $"HostContext_{WellKnownSecretAliases.UrlSecretPattern}"); return secretMasker; } public virtual string GetDirectory(WellKnownDirectory directory) { string path; switch (directory) { case WellKnownDirectory.Bin: path = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location); break; case WellKnownDirectory.Externals: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), Constants.Path.ExternalsDirectory); break; case WellKnownDirectory.LegacyPSHost: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.LegacyPSHostDirectory); break; case WellKnownDirectory.LegacyPSHostLegacy: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.LegacyPSHostLegacyDirectory); break; case WellKnownDirectory.Root: path = new DirectoryInfo(GetDirectory(WellKnownDirectory.Bin)).Parent.FullName; break; case WellKnownDirectory.ServerOM: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.ServerOMDirectory); break; case WellKnownDirectory.ServerOMLegacy: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.ServerOMLegacyDirectory); break; case WellKnownDirectory.Tf: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.TfDirectory); break; case WellKnownDirectory.TfLegacy: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.TfLegacyDirectory); break; case WellKnownDirectory.TfLatest: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.TfLatestDirectory); break; case WellKnownDirectory.Tee: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.TeeDirectory); break; case WellKnownDirectory.Temp: path = Path.Combine( GetDirectory(WellKnownDirectory.Work), Constants.Path.TempDirectory); break; case WellKnownDirectory.Tasks: path = Path.Combine( GetDirectory(WellKnownDirectory.Work), Constants.Path.TasksDirectory); break; case WellKnownDirectory.TaskZips: path = Path.Combine( GetDirectory(WellKnownDirectory.Work), Constants.Path.TaskZipsDirectory); break; case WellKnownDirectory.Tools: path = AgentKnobs.AgentToolsDirectory.GetValue(this).AsString(); if (string.IsNullOrEmpty(path)) { path = Path.Combine( GetDirectory(WellKnownDirectory.Work), Constants.Path.ToolDirectory); } break; case WellKnownDirectory.Update: path = Path.Combine( GetDirectory(WellKnownDirectory.Work), Constants.Path.UpdateDirectory); break; case WellKnownDirectory.Work: var configurationStore = GetService(); AgentSettings settings = configurationStore.GetSettings(); ArgUtil.NotNull(settings, nameof(settings)); ArgUtil.NotNullOrEmpty(settings.WorkFolder, nameof(settings.WorkFolder)); path = Path.GetFullPath(Path.Combine( GetDirectory(WellKnownDirectory.Root), settings.WorkFolder)); break; default: throw new NotSupportedException($"Unexpected well known directory: '{directory}'"); } _trace.Info($"Well known directory '{directory}': '{path}'"); return path; } public string GetDiagDirectory(HostType hostType = HostType.Undefined) { return hostType switch { HostType.Undefined => GetDiagDirectory(_hostType), HostType.Agent => GetDiagOrDefault(AgentKnobs.AgentDiagLogPath.GetValue(this).AsString()), HostType.Worker => GetDiagOrDefault(AgentKnobs.WorkerDiagLogPath.GetValue(this).AsString()), _ => throw new NotSupportedException($"Unexpected host type: '{hostType}'"), }; } private string GetDiagOrDefault(string diagFolder) { if (!string.IsNullOrEmpty(diagFolder)) { return diagFolder; } return Path.Combine( new DirectoryInfo(Path.GetDirectoryName(Assembly.GetEntryAssembly().Location)).Parent.FullName, Constants.Path.DiagDirectory); } public string GetConfigFile(WellKnownConfigFile configFile) { string path; switch (configFile) { case WellKnownConfigFile.Agent: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".agent"); break; case WellKnownConfigFile.Credentials: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".credentials"); break; case WellKnownConfigFile.RSACredentials: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".credentials_rsaparams"); break; case WellKnownConfigFile.Service: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".service"); break; case WellKnownConfigFile.CredentialStore: if (PlatformUtil.RunningOnMacOS) { path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".credential_store.keychain"); } else { path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".credential_store"); } break; case WellKnownConfigFile.Certificates: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".certificates"); break; case WellKnownConfigFile.Proxy: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".proxy"); break; case WellKnownConfigFile.ProxyCredentials: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".proxycredentials"); break; case WellKnownConfigFile.ProxyBypass: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".proxybypass"); break; case WellKnownConfigFile.Autologon: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".autologon"); break; case WellKnownConfigFile.Options: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".options"); break; case WellKnownConfigFile.SetupInfo: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".setup_info"); break; // We need to remove this config file - once Node 6 handler is dropped case WellKnownConfigFile.TaskExceptionList: path = Path.Combine( GetDirectory(WellKnownDirectory.Bin), "tasks-exception-list.json"); break; default: throw new NotSupportedException($"Unexpected well known config file: '{configFile}'"); } _trace.Info($"Well known config file '{configFile}': '{path}'"); return path; } public Tracing GetTrace(string name) { return _traceManager[name]; } public async Task Delay(TimeSpan delay, CancellationToken cancellationToken) { await Task.Delay(delay, cancellationToken); } /// /// Creates a new instance of T. /// public T CreateService() where T : class, IAgentService { Type target = null; Type defaultTarget = null; Type platformTarget = null; if (!ServiceTypes.TryGetValue(typeof(T), out target)) { // Infer the concrete type from the ServiceLocatorAttribute. CustomAttributeData attribute = typeof(T) .GetTypeInfo() .CustomAttributes .FirstOrDefault(x => x.AttributeType == typeof(ServiceLocatorAttribute)); if (!(attribute is null)) { foreach (CustomAttributeNamedArgument arg in attribute.NamedArguments) { if (string.Equals(arg.MemberName, nameof(ServiceLocatorAttribute.Default), StringComparison.Ordinal)) { defaultTarget = arg.TypedValue.Value as Type; } if (PlatformUtil.RunningOnWindows && string.Equals(arg.MemberName, nameof(ServiceLocatorAttribute.PreferredOnWindows), StringComparison.Ordinal)) { platformTarget = arg.TypedValue.Value as Type; } else if (PlatformUtil.RunningOnMacOS && string.Equals(arg.MemberName, nameof(ServiceLocatorAttribute.PreferredOnMacOS), StringComparison.Ordinal)) { platformTarget = arg.TypedValue.Value as Type; } else if (PlatformUtil.RunningOnLinux && string.Equals(arg.MemberName, nameof(ServiceLocatorAttribute.PreferredOnLinux), StringComparison.Ordinal)) { platformTarget = arg.TypedValue.Value as Type; } } } target = platformTarget ?? defaultTarget; if (target is null) { throw new KeyNotFoundException(string.Format(CultureInfo.InvariantCulture, "Service mapping not found for key '{0}'.", typeof(T).FullName)); } ServiceTypes.TryAdd(typeof(T), target); target = ServiceTypes[typeof(T)]; } // Create a new instance. T svc = Activator.CreateInstance(target) as T; svc.Initialize(this); return svc; } /// /// Gets or creates an instance of T. /// public T GetService() where T : class, IAgentService { // Return the cached instance if one already exists. object instance; if (_serviceInstances.TryGetValue(typeof(T), out instance)) { return instance as T; } // Otherwise create a new instance and try to add it to the cache. _serviceInstances.TryAdd(typeof(T), CreateService()); // Return the instance from the cache. return _serviceInstances[typeof(T)] as T; } public void SetDefaultCulture(string name) { ArgUtil.NotNull(name, nameof(name)); _trace.Verbose($"Setting default culture and UI culture to: '{name}'"); CultureInfo.DefaultThreadCurrentCulture = new CultureInfo(name); CultureInfo.DefaultThreadCurrentUICulture = new CultureInfo(name); } public void ShutdownAgent(ShutdownReason reason) { ArgUtil.NotNull(reason, nameof(reason)); _trace.Info($"Agent will be shutdown for {reason.ToString()}"); AgentShutdownReason = reason; _agentShutdownTokenSource.Cancel(); } public void ShutdownWorkerForTimeout() { _trace.Info($"Worker will be shutdown"); _workerShutdownForTimeout.Cancel(); } public ContainerInfo CreateContainerInfo(Pipelines.ContainerResource container, Boolean isJobContainer = true) { ContainerInfo containerInfo = new ContainerInfo(container, isJobContainer); Dictionary pathMappings = new Dictionary(); if (PlatformUtil.RunningOnWindows) { pathMappings[this.GetDirectory(WellKnownDirectory.Tools)] = "C:\\__t"; // Tool cache folder may come from ENV, so we need a unique folder to avoid collision pathMappings[this.GetDirectory(WellKnownDirectory.Work)] = "C:\\__w"; pathMappings[this.GetDirectory(WellKnownDirectory.Root)] = "C:\\__a"; // add -v '\\.\pipe\docker_engine:\\.\pipe\docker_engine' when they are available (17.09) } else { pathMappings[this.GetDirectory(WellKnownDirectory.Tools)] = "/__t"; // Tool cache folder may come from ENV, so we need a unique folder to avoid collision pathMappings[this.GetDirectory(WellKnownDirectory.Work)] = "/__w"; pathMappings[this.GetDirectory(WellKnownDirectory.Root)] = "/__a"; } if (containerInfo.IsJobContainer && containerInfo.MapDockerSocket) { containerInfo.MountVolumes.Add(new MountVolume("/var/run/docker.sock", "/var/run/docker.sock")); } containerInfo.AddPathMappings(pathMappings); return containerInfo; } public sealed override void Dispose() { Dispose(true); GC.SuppressFinalize(this); } public StartupType StartupType { get { return _startupType; } set { _startupType = value; } } public void WritePerfCounter(string counter) { ArgUtil.NotNull(counter, nameof(counter)); if (!string.IsNullOrEmpty(_perfFile)) { string normalizedCounter = counter.Replace(':', '_'); lock (_perfLock) { try { File.AppendAllLines(_perfFile, new[] { $"{normalizedCounter}:{DateTime.UtcNow.ToString("O")}" }); } catch (Exception ex) { _trace.Error(ex); } } } } private void PrintHttpTraceWarning() { _trace.Warning("*****************************************************************************************"); _trace.Warning("** **"); _trace.Warning("** Http trace is enabled, all your http traffic will be dumped into agent diag log. **"); _trace.Warning("** DO NOT share the log in public place! The trace may contains secrets in plain text. **"); _trace.Warning("** **"); _trace.Warning("*****************************************************************************************"); } public void EnableHttpTrace() { if (_httpTrace != null && _diagListenerSubscription != null) { _trace.Info("HTTP trace is already enabled"); return; } PrintHttpTraceWarning(); _httpTrace = GetTrace("HttpTrace"); _diagListenerSubscription = DiagnosticListener.AllListeners.Subscribe(this); _trace.Info("HTTP trace enabled dynamically via pipeline variable"); } string IKnobValueContext.GetVariableValueOrDefault(string variableName) { throw new NotSupportedException("Method not supported for Microsoft.VisualStudio.Services.Agent.HostContext"); } IScopedEnvironment IKnobValueContext.GetScopedEnvironment() { return new SystemEnvironment(); } protected virtual void Dispose(bool disposing) { // TODO: Dispose the trace listener also. if (disposing) { if (_loadContext != null) { _loadContext.Unloading -= LoadContext_Unloading; _loadContext = null; } _httpTraceSubscription?.Dispose(); _diagListenerSubscription?.Dispose(); _traceManager?.Dispose(); _traceManager = null; _vssTrace?.Dispose(); _vssTrace = null; _trace?.Dispose(); _trace = null; _httpTrace?.Dispose(); _httpTrace = null; _secretMasker?.Dispose(); _secretMasker = null; _correlationContextManager?.Dispose(); _correlationContextManager = null; _agentShutdownTokenSource?.Dispose(); _agentShutdownTokenSource = null; _workerShutdownForTimeout?.Dispose(); _workerShutdownForTimeout = null; base.Dispose(); } } private void LoadContext_Unloading(AssemblyLoadContext obj) { if (Unloading != null) { Unloading(this, null); } } void IObserver.OnCompleted() { _httpTrace.Info("DiagListeners finished transmitting data."); } void IObserver.OnError(Exception error) { _httpTrace.Error(error); } void IObserver.OnNext(DiagnosticListener listener) { if (listener.Name == "HttpHandlerDiagnosticListener" && _httpTraceSubscription == null) { _httpTraceSubscription = listener.Subscribe(this); } } void IObserver>.OnCompleted() { _httpTrace.Info("HttpHandlerDiagnosticListener finished transmitting data."); } void IObserver>.OnError(Exception error) { _httpTrace.Error(error); } void IObserver>.OnNext(KeyValuePair value) { _httpTrace.Info($"Trace {value.Key} event:{Environment.NewLine}{value.Value.ToString()}"); } protected override void OnEventSourceCreated(EventSource source) { ArgUtil.NotNull(source, nameof(source)); if (source.Name.Equals("Microsoft-VSS-Http")) { EnableEvents(source, EventLevel.Verbose); } } protected override void OnEventWritten(EventWrittenEventArgs eventData) { if (eventData == null || string.IsNullOrEmpty(eventData.Message)) { return; } string message = eventData.Message; object[] payload = new object[0]; if (eventData.Payload != null && eventData.Payload.Count > 0) { payload = eventData.Payload.ToArray(); } try { if (_vssHttpMethodEventIds.Contains(eventData.EventId)) { payload[0] = Enum.Parse(typeof(VssHttpMethod), ((int)payload[0]).ToString()); } else if (_vssHttpCredentialEventIds.Contains(eventData.EventId)) { payload[0] = Enum.Parse(typeof(VisualStudio.Services.Common.VssCredentialsType), ((int)payload[0]).ToString()); } if (payload.Length > 0) { message = String.Format(eventData.Message.Replace("%n", Environment.NewLine), payload); } switch (eventData.Level) { case EventLevel.Critical: case EventLevel.Error: _vssTrace.Error(message); break; case EventLevel.Warning: _vssTrace.Warning(message); break; case EventLevel.Informational: _vssTrace.Info(message); break; default: _vssTrace.Verbose(message); break; } } catch (Exception ex) { _vssTrace.Error(ex); _vssTrace.Info(eventData.Message); _vssTrace.Info(string.Join(", ", eventData.Payload?.ToArray() ?? new string[0])); } } // Copied from VSTS code base, used for EventData translation. internal enum VssHttpMethod { UNKNOWN, DELETE, HEAD, GET, OPTIONS, PATCH, POST, PUT, } } public static class HostContextExtension { public static HttpClientHandler CreateHttpClientHandler(this IHostContext context) { ArgUtil.NotNull(context, nameof(context)); HttpClientHandler clientHandler = new HttpClientHandler(); var agentWebProxy = context.GetService(); clientHandler.Proxy = agentWebProxy.WebProxy; var agentCertManager = context.GetService(); if (agentCertManager.SkipServerCertificateValidation) { clientHandler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; } return clientHandler; } } public enum ShutdownReason { UserCancelled = 0, OperatingSystemShutdown = 1, } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/HostTraceListener.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Diagnostics; using System.Globalization; using System.IO; using System.Text; namespace Microsoft.VisualStudio.Services.Agent { public sealed class HostTraceListener : TextWriterTraceListener { public bool DisableConsoleReporting { get; set; } private const string _logFileNamingPattern = "{0}_{1:yyyyMMdd-HHmmss}-utc.log"; private string _logFileDirectory; private string _logFilePrefix; private bool _enablePageLog = false; private bool _enableLogRetention = false; private int _currentPageSize; private int _pageSizeLimit; private int _retentionDays; private bool _diagErrorDetected = false; private string _logFilePath; private bool _disposed = false; public HostTraceListener(string logFileDirectory, string logFilePrefix, int pageSizeLimit, int retentionDays) : base() { ArgUtil.NotNullOrEmpty(logFileDirectory, nameof(logFileDirectory)); ArgUtil.NotNullOrEmpty(logFilePrefix, nameof(logFilePrefix)); _logFileDirectory = logFileDirectory; _logFilePrefix = logFilePrefix; Directory.CreateDirectory(_logFileDirectory); if (pageSizeLimit > 0) { _enablePageLog = true; _pageSizeLimit = pageSizeLimit * 1024 * 1024; _currentPageSize = 0; } if (retentionDays > 0) { _enableLogRetention = true; _retentionDays = retentionDays; } Writer = CreatePageLogWriter(); } public HostTraceListener(string logFile) : base() { ArgUtil.NotNullOrEmpty(logFile, nameof(logFile)); _logFilePath = logFile; Directory.CreateDirectory(Path.GetDirectoryName(_logFilePath)); // Use StreamWriter constructor that handles FileStream internally Writer = new StreamWriter(_logFilePath, append: false, Encoding.UTF8, bufferSize: 4096); } // Copied and modified slightly from .Net Core source code. Modification was required to make it compile. // There must be some TraceFilter extension class that is missing in this source code. public override void TraceEvent(TraceEventCache eventCache, string source, TraceEventType eventType, int id, string message) { if (Filter != null && !Filter.ShouldTrace(eventCache, source, eventType, id, message, null, null, null)) { return; } WriteHeader(source, eventType, id); WriteLine(message); WriteFooter(eventCache); if (!_diagErrorDetected && !DisableConsoleReporting && eventType < TraceEventType.Warning) { Console.WriteLine(StringUtil.Loc("FoundErrorInTrace", eventType.ToString(), _logFilePath)); _diagErrorDetected = true; } } public override void WriteLine(string message) { base.WriteLine(message); if (_enablePageLog) { int messageSize = UTF8Encoding.UTF8.GetByteCount(message); _currentPageSize += messageSize; if (_currentPageSize > _pageSizeLimit) { Flush(); if (Writer != null && !_disposed) { Writer.Dispose(); Writer = null; } if (!_disposed) { Writer = CreatePageLogWriter(); _currentPageSize = 0; } } } Flush(); } public override void Write(string message) { base.Write(message); if (_enablePageLog) { int messageSize = UTF8Encoding.UTF8.GetByteCount(message); _currentPageSize += messageSize; } Flush(); } internal bool IsEnabled(TraceOptions opts) { return (opts & TraceOutputOptions) != 0; } // Altered from the original .Net Core implementation. private void WriteHeader(string source, TraceEventType eventType, int id) { string type = null; switch (eventType) { case TraceEventType.Critical: type = "CRIT"; break; case TraceEventType.Error: type = "ERR "; break; case TraceEventType.Warning: type = "WARN"; break; case TraceEventType.Information: type = "INFO"; break; case TraceEventType.Verbose: type = "VERB"; break; default: type = eventType.ToString(); break; } Write(StringUtil.Format("[{0:u} {1} {2}] ", DateTime.UtcNow, type, source)); } // Copied and modified slightly from .Net Core source code to make it compile. The original code // accesses a private indentLevel field. In this code it has been modified to use the getter/setter. private void WriteFooter(TraceEventCache eventCache) { if (eventCache == null) return; IndentLevel++; if (IsEnabled(TraceOptions.ProcessId)) WriteLine("ProcessId=" + eventCache.ProcessId); if (IsEnabled(TraceOptions.ThreadId)) WriteLine("ThreadId=" + eventCache.ThreadId); if (IsEnabled(TraceOptions.DateTime)) WriteLine("DateTime=" + eventCache.DateTime.ToString("o", CultureInfo.InvariantCulture)); if (IsEnabled(TraceOptions.Timestamp)) WriteLine("Timestamp=" + eventCache.Timestamp); IndentLevel--; } private StreamWriter CreatePageLogWriter() { if (_enableLogRetention) { DirectoryInfo diags = new DirectoryInfo(_logFileDirectory); var logs = diags.GetFiles($"{_logFilePrefix}*.log"); foreach (var log in logs) { if (log.LastWriteTimeUtc.AddDays(_retentionDays) < DateTime.UtcNow) { try { log.Delete(); } catch (Exception) { // catch Exception and continue // we shouldn't block logging and fail the agent if the agent can't delete an older log file. } } } } string fileName = StringUtil.Format(_logFileNamingPattern, _logFilePrefix, DateTime.UtcNow); _logFilePath = Path.Combine(_logFileDirectory, fileName); // Use StreamWriter constructor that handles FileStream internally // This eliminates the dual resource management issue if (File.Exists(_logFilePath)) { return new StreamWriter(_logFilePath, append: true, Encoding.UTF8, bufferSize: 4096); } else { return new StreamWriter(_logFilePath, append: false, Encoding.UTF8, bufferSize: 4096); } } protected override void Dispose(bool disposing) { if (!_disposed && disposing) { _disposed = true; // Safely dispose the current writer if it exists // No exception handling needed - we control the state Writer?.Dispose(); Writer = null; } base.Dispose(disposing); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/IAgentCredentialStore.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Net; namespace Microsoft.VisualStudio.Services.Agent { // Store and retrieve user's credential for agent configuration. [ServiceLocator( PreferredOnWindows = typeof(WindowsAgentCredentialStore), PreferredOnMacOS = typeof(MacOSAgentCredentialStore), PreferredOnLinux = typeof(LinuxAgentCredentialStore), Default = typeof(NoOpAgentCredentialStore) )] public interface IAgentCredentialStore : IAgentService { NetworkCredential Write(string target, string username, string password); // throw exception when target not found from cred store NetworkCredential Read(string target); // throw exception when target not found from cred store void Delete(string target); } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/IExtension.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; namespace Microsoft.VisualStudio.Services.Agent { public interface IExtension : IAgentService { Type ExtensionType { get; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/ITracingProxy.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Diagnostics; namespace Microsoft.VisualStudio.Services.Agent { // Interface for TracingProxy to allow TraceManager to use an abstraction. [ServiceLocator(Default = typeof(TracingProxy))] public interface ITracingProxy : IDisposable { Tracing ExchangeInner(Tracing newInner); void ReplaceInner(Func factory); void Info(string message, string operation = ""); void Info(object item, string operation = ""); #pragma warning disable CA1716 // Identifiers should not match keywords - maintaining compatibility void Error(Exception exception, string operation = ""); void Error(string message, string operation = ""); void Warning(string message, string operation = ""); void Verbose(string message, string operation = ""); void Verbose(object item, string operation = ""); void Entering(string name = ""); void Leaving(string name = ""); } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/JobNotification.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.IO.Pipes; using System.Net; using System.Net.Sockets; using System.Text; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(JobNotification))] public interface IJobNotification : IAgentService, IDisposable { Task JobStarted(Guid jobId, string accessToken, Uri serverUrl, Guid planId, string identifier, string definitionId, string planType); Task JobCompleted(Guid jobId); void StartClient(string pipeName, string monitorSocketAddress, CancellationToken cancellationToken); void StartClient(string socketAddress, string monitorSocketAddress); } public sealed class JobNotification : AgentService, IJobNotification { private NamedPipeClientStream _outClient; private StreamWriter _writeStream; private Socket _socket; private Socket _monitorSocket; private bool _configured = false; private bool _useSockets = false; private bool _isMonitorConfigured = false; public async Task JobStarted(Guid jobId, string accessToken, Uri serverUrl, Guid planId, string identifier, string definitionId, string planType) { Trace.Info("Entering JobStarted Notification"); ArgUtil.NotNull(jobId, nameof(jobId)); ArgUtil.NotNull(accessToken, nameof(accessToken)); ArgUtil.NotNull(serverUrl, nameof(serverUrl)); ArgUtil.NotNull(planId, nameof(planId)); StartMonitor(jobId, accessToken, serverUrl, planId, identifier, definitionId, planType); if (_configured) { String message = $"Starting job: {jobId.ToString()}"; if (_useSockets) { try { Trace.Info("Writing JobStarted to socket"); _socket.Send(Encoding.UTF8.GetBytes(message)); Trace.Info("Finished JobStarted writing to socket"); } catch (SocketException e) { Trace.Error($"Failed sending message \"{message}\" on socket!"); Trace.Error(e); } } else { Trace.Info("Writing JobStarted to pipe"); await _writeStream.WriteLineAsync(message); await _writeStream.FlushAsync(); Trace.Info("Finished JobStarted writing to pipe"); } } } public async Task JobCompleted(Guid jobId) { Trace.Info("Entering JobCompleted Notification"); await EndMonitor(); if (_configured) { String message = $"Finished job: {jobId.ToString()}"; if (_useSockets) { try { Trace.Info("Writing JobCompleted to socket"); _socket.Send(Encoding.UTF8.GetBytes(message)); Trace.Info("Finished JobCompleted writing to socket"); } catch (SocketException e) { Trace.Error($"Failed sending message \"{message}\" on socket!"); Trace.Error(e); } } else { Trace.Info("Writing JobCompleted to pipe"); await _writeStream.WriteLineAsync(message); await _writeStream.FlushAsync(); Trace.Info("Finished JobCompleted writing to pipe"); } } } public async void StartClient(string pipeName, string monitorSocketAddress, CancellationToken cancellationToken) { if (pipeName != null && !_configured) { Trace.Info("Connecting to named pipe {0}", pipeName); _outClient = new NamedPipeClientStream(".", pipeName, PipeDirection.Out, PipeOptions.Asynchronous); await _outClient.ConnectAsync(cancellationToken); _writeStream = new StreamWriter(_outClient, Encoding.UTF8); _configured = true; Trace.Info("Connection successful to named pipe {0}", pipeName); } ConnectMonitor(monitorSocketAddress); } public void StartClient(string socketAddress, string monitorSocketAddress) { ArgUtil.NotNull(socketAddress, nameof(socketAddress)); ConnectMonitor(monitorSocketAddress); if (!_configured) { try { string[] splitAddress = socketAddress.Split(':'); if (splitAddress.Length != 2) { Trace.Error("Invalid socket address {0}. Job Notification will be disabled.", socketAddress); return; } IPAddress address; try { address = IPAddress.Parse(splitAddress[0]); } catch (FormatException e) { Trace.Error("Invalid socket ip address {0}. Job Notification will be disabled", splitAddress[0]); Trace.Error(e); return; } int port = -1; Int32.TryParse(splitAddress[1], out port); if (port < IPEndPoint.MinPort || port > IPEndPoint.MaxPort) { Trace.Error("Invalid tcp socket port {0}. Job Notification will be disabled.", splitAddress[1]); return; } _socket = new Socket(SocketType.Stream, ProtocolType.Tcp); _socket.Connect(address, port); Trace.Info("Connection successful to socket {0}", socketAddress); _useSockets = true; _configured = true; } catch (SocketException e) { Trace.Error("Connection to socket {0} failed!", socketAddress); Trace.Error(e); } } } private void StartMonitor(Guid jobId, string accessToken, Uri serverUri, Guid planId, string identifier, string definitionId, string planType) { if (String.IsNullOrEmpty(accessToken)) { Trace.Info("No access token could be retrieved to start the monitor."); return; } try { Trace.Info("Entering StartMonitor"); if (_isMonitorConfigured) { String message = $"Start {jobId.ToString()} {accessToken} {serverUri.ToString()} {System.Diagnostics.Process.GetCurrentProcess().Id} {planId.ToString()} {identifier} {definitionId} {planType}"; Trace.Info("Writing StartMonitor to socket"); _monitorSocket.Send(Encoding.UTF8.GetBytes(message)); Trace.Info("Finished StartMonitor writing to socket"); } } catch (SocketException e) { Trace.Error($"Failed sending StartMonitor message on socket!"); Trace.Error(e); } catch (Exception e) { Trace.Error($"Unexpected error occured while sending StartMonitor message on socket!"); Trace.Error(e); } } private async Task EndMonitor() { try { Trace.Info("Entering EndMonitor"); if (_isMonitorConfigured) { String message = $"End {System.Diagnostics.Process.GetCurrentProcess().Id}"; Trace.Info("Writing EndMonitor to socket"); _monitorSocket.Send(Encoding.UTF8.GetBytes(message)); Trace.Info("Finished EndMonitor writing to socket"); await Task.Delay(TimeSpan.FromSeconds(2)); } } catch (SocketException e) { Trace.Error($"Failed sending end message on socket!"); Trace.Error(e); } catch (Exception e) { Trace.Error($"Unexpected error occured while sending StartMonitor message on socket!"); Trace.Error(e); } } private void ConnectMonitor(string monitorSocketAddress) { int port = -1; if (!_isMonitorConfigured && !String.IsNullOrEmpty(monitorSocketAddress)) { try { string[] splitAddress = monitorSocketAddress.Split(':'); if (splitAddress.Length != 2) { Trace.Error("Invalid socket address {0}. Unable to connect to monitor.", monitorSocketAddress); return; } IPAddress address; try { address = IPAddress.Parse(splitAddress[0]); } catch (FormatException e) { Trace.Error("Invalid socket IP address {0}. Unable to connect to monitor.", splitAddress[0]); Trace.Error(e); return; } Int32.TryParse(splitAddress[1], out port); if (port < IPEndPoint.MinPort || port > IPEndPoint.MaxPort) { Trace.Error("Invalid TCP socket port {0}. Unable to connect to monitor.", splitAddress[1]); return; } Trace.Verbose(StringUtil.Format("Trying to connect to monitor at port {0}", port)); _monitorSocket = new Socket(SocketType.Stream, ProtocolType.Tcp); _monitorSocket.Connect(address, port); Trace.Info(StringUtil.Format("Connection successful to local port {0}", port)); _isMonitorConfigured = true; } catch (Exception e) { Trace.Error(StringUtil.Format("Connection to monitor port {0} failed!", port)); Trace.Error(e); } } } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } private void Dispose(bool disposing) { if (disposing) { _outClient?.Dispose(); _writeStream?.Dispose(); if (_socket != null) { _socket.Send(Encoding.UTF8.GetBytes("")); _socket.Shutdown(SocketShutdown.Both); _socket.Dispose(); _socket = null; } if (_monitorSocket != null) { _monitorSocket.Send(Encoding.UTF8.GetBytes("")); _monitorSocket.Shutdown(SocketShutdown.Both); _monitorSocket.Dispose(); _monitorSocket = null; } } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/JobServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; using System.Collections.Generic; using System.IO; using System.Net.Sockets; using System.Threading; using System.Threading.Tasks; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Agent.Blob; using Microsoft.VisualStudio.Services.Agent.Util; using BlobIdentifierWithBlocks = Microsoft.VisualStudio.Services.BlobStore.Common.BlobIdentifierWithBlocks; using VsoHash = Microsoft.VisualStudio.Services.BlobStore.Common.VsoHash; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.Content.Common; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Agent.Sdk.Util; using Microsoft.VisualStudio.Services.BlobStore.Common; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(JobServer))] public interface IJobServer : IAgentService { Task ConnectAsync(VssConnection jobConnection); // logging and console Task AppendLogContentAsync(Guid scopeIdentifier, string hubName, Guid planId, int logId, Stream uploadStream, CancellationToken cancellationToken); Task AppendTimelineRecordFeedAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, Guid stepId, IList lines, long startLine, CancellationToken cancellationToken); Task CreateAttachmentAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, String type, String name, Stream uploadStream, CancellationToken cancellationToken); Task AssosciateAttachmentAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, string type, string name, DedupIdentifier dedupId, long length, CancellationToken cancellationToken); Task CreateLogAsync(Guid scopeIdentifier, string hubName, Guid planId, TaskLog log, CancellationToken cancellationToken); Task CreateTimelineAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, CancellationToken cancellationToken); Task> UpdateTimelineRecordsAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, IEnumerable records, CancellationToken cancellationToken); Task RaisePlanEventAsync(Guid scopeIdentifier, string hubName, Guid planId, T eventData, CancellationToken cancellationToken) where T : JobEvent; Task GetTimelineAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, CancellationToken cancellationToken); Task AssociateLogAsync(Guid scopeIdentifier, string hubName, Guid planId, int logId, BlobIdentifierWithBlocks blobBlockId, int lineCount, CancellationToken cancellationToken); Task UploadLogToBlobStore(Stream blob, string hubName, Guid planId, int logId); Task<(DedupIdentifier dedupId, ulong length)> UploadAttachmentToBlobStore(bool verbose, string itemPath, Guid planId, Guid jobId, CancellationToken cancellationToken); } public sealed class JobServer : AgentService, IJobServer { private bool _hasConnection; private VssConnection _connection; private TaskHttpClient _taskClient; public async Task ConnectAsync(VssConnection jobConnection) { ArgUtil.NotNull(jobConnection, nameof(jobConnection)); _connection = jobConnection; int attemptCount = 5; while (!_connection.HasAuthenticated && attemptCount-- > 0) { try { await _connection.ConnectAsync(); break; } catch (Exception ex) when (attemptCount > 0) { Trace.Info($"Catch exception during connect. {attemptCount} attemp left."); Trace.Error(ex); } await Task.Delay(100); } try { _taskClient = _connection.GetClient(); } catch (SocketException e) { ExceptionsUtil.HandleSocketException(e, _connection.Uri.ToString(), (msg) => Trace.Error(msg)); throw; } _hasConnection = true; } private void CheckConnection() { if (!_hasConnection) { throw new InvalidOperationException("SetConnection"); } } //----------------------------------------------------------------- // Feedback: WebConsole, TimelineRecords and Logs //----------------------------------------------------------------- public Task AppendLogContentAsync(Guid scopeIdentifier, string hubName, Guid planId, int logId, Stream uploadStream, CancellationToken cancellationToken) { CheckConnection(); return _taskClient.AppendLogContentAsync(scopeIdentifier, hubName, planId, logId, uploadStream, cancellationToken: cancellationToken); } public Task AppendTimelineRecordFeedAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, Guid stepId, IList lines, long startLine, CancellationToken cancellationToken) { CheckConnection(); return _taskClient.AppendTimelineRecordFeedAsync(scopeIdentifier, hubName, planId, timelineId, timelineRecordId, stepId, lines, startLine, cancellationToken: cancellationToken); } public Task CreateAttachmentAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, string type, string name, Stream uploadStream, CancellationToken cancellationToken) { CheckConnection(); return _taskClient.CreateAttachmentAsync(scopeIdentifier, hubName, planId, timelineId, timelineRecordId, type, name, uploadStream, cancellationToken: cancellationToken); } public Task AssosciateAttachmentAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, string type, string name, DedupIdentifier dedupId, long length, CancellationToken cancellationToken) { CheckConnection(); return _taskClient.CreateAttachmentFromArtifactAsync(scopeIdentifier, hubName, planId, timelineId, timelineRecordId, type, name, dedupId.ValueString, length, cancellationToken: cancellationToken); } public Task CreateLogAsync(Guid scopeIdentifier, string hubName, Guid planId, TaskLog log, CancellationToken cancellationToken) { CheckConnection(); return _taskClient.CreateLogAsync(scopeIdentifier, hubName, planId, log, cancellationToken: cancellationToken); } public Task CreateTimelineAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, CancellationToken cancellationToken) { CheckConnection(); return _taskClient.CreateTimelineAsync(scopeIdentifier, hubName, planId, new Timeline(timelineId), cancellationToken: cancellationToken); } public Task> UpdateTimelineRecordsAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, IEnumerable records, CancellationToken cancellationToken) { CheckConnection(); return _taskClient.UpdateTimelineRecordsAsync(scopeIdentifier, hubName, planId, timelineId, records, cancellationToken: cancellationToken); } public Task RaisePlanEventAsync(Guid scopeIdentifier, string hubName, Guid planId, T eventData, CancellationToken cancellationToken) where T : JobEvent { CheckConnection(); return _taskClient.RaisePlanEventAsync(scopeIdentifier, hubName, planId, eventData, cancellationToken: cancellationToken); } public Task GetTimelineAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, CancellationToken cancellationToken) { CheckConnection(); return _taskClient.GetTimelineAsync(scopeIdentifier, hubName, planId, timelineId, includeRecords: true, cancellationToken: cancellationToken); } public Task AssociateLogAsync(Guid scopeIdentifier, string hubName, Guid planId, int logId, BlobIdentifierWithBlocks blobBlockId, int lineCount, CancellationToken cancellationToken) { CheckConnection(); return _taskClient.AssociateLogAsync(scopeIdentifier, hubName, planId, logId, blobBlockId.Serialize(), lineCount, cancellationToken: cancellationToken); } public async Task UploadLogToBlobStore(Stream blob, string hubName, Guid planId, int logId) { CheckConnection(); BlobIdentifier blobId = VsoHash.CalculateBlobIdentifierWithBlocks(blob).BlobId; // Since we read this while calculating the hash, the position needs to be reset before we send this blob.Position = 0; using (var blobClient = CreateArtifactsClient(_connection, default(CancellationToken))) { return await blobClient.UploadBlocksForBlobAsync(blobId, blob, default(CancellationToken)); } } public async Task<(DedupIdentifier dedupId, ulong length)> UploadAttachmentToBlobStore(bool verbose, string itemPath, Guid planId, Guid jobId, CancellationToken cancellationToken) { var clientSettings = await BlobstoreClientSettings.GetClientSettingsAsync( _connection, client: null, DedupManifestArtifactClientFactory.CreateArtifactsTracer(verbose, (str) => Trace.Info(str)), cancellationToken); int maxParallelism = HostContext.GetService().GetSettings().MaxDedupParallelism; if (maxParallelism == 0) { // if we have a client setting for max parallelism, use that - this won't log anything: maxParallelism = DedupManifestArtifactClientFactory.Instance.GetDedupStoreClientMaxParallelism(clientSettings, msg => { }); } var (dedupClient, clientTelemetry) = DedupManifestArtifactClientFactory.Instance .CreateDedupClient( _connection, WellKnownDomainIds.DefaultDomainId, maxParallelism, clientSettings.GetRedirectTimeout(), verbose, (str) => Trace.Info(str), cancellationToken); var results = await BlobStoreUtils.UploadToBlobStore(verbose, itemPath, (level, uri, type) => new TimelineRecordAttachmentTelemetryRecord(level, uri, type, nameof(UploadAttachmentToBlobStore), planId, jobId, Guid.Empty), (str) => Trace.Info(str), dedupClient, clientTelemetry, cancellationToken); await clientTelemetry.CommitTelemetryUpload(planId, jobId); return results; } private IBlobStoreHttpClient CreateArtifactsClient(VssConnection connection, CancellationToken cancellationToken) { var tracer = new CallbackAppTraceSource(str => Trace.Info(str), System.Diagnostics.SourceLevels.Information); ArtifactHttpClientFactory factory = new ArtifactHttpClientFactory( connection.Credentials, TimeSpan.FromSeconds(50), tracer, default(CancellationToken)); return factory.CreateVssHttpClient(connection.GetClient().BaseAddress); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/JobServerQueue.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Collections.Concurrent; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.WebApi; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(JobServerQueue))] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1711: Identifiers should not have incorrect suffix")] public interface IJobServerQueue : IAgentService, IThrottlingReporter { bool ForceDrainWebConsoleQueue { get; set; } bool ForceDrainTimelineQueue { get; set; } event EventHandler JobServerQueueThrottling; Task ShutdownAsync(); Task SendTimelineRecordUpdateAsync(Guid timelineId, TimelineRecord timelineRecord); void Start(Pipelines.AgentJobRequestMessage jobRequest); void QueueWebConsoleLine(Guid stepRecordId, string line, long lineNumber); void QueueFileUpload(Guid timelineId, Guid timelineRecordId, string type, string name, string path, bool deleteSource); void QueueTimelineRecordUpdate(Guid timelineId, TimelineRecord timelineRecord); void UpdateStateOnServer(Guid timelineId, TimelineRecord timelineRecord); void UpdateWebConsoleLineRate(Int32 rateInMillis); } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1711: Identifiers should not have incorrect suffix")] public sealed class JobServerQueue : AgentService, IJobServerQueue { // Default delay for Dequeue process private static readonly TimeSpan _aggressiveDelayForWebConsoleLineDequeue = TimeSpan.FromMilliseconds(500); private static readonly TimeSpan _delayForWebConsoleLineDequeueDefault = TimeSpan.FromMilliseconds(1000); private static readonly TimeSpan _delayForTimelineUpdateDequeue = TimeSpan.FromMilliseconds(500); private static readonly TimeSpan _delayForFileUploadDequeue = TimeSpan.FromMilliseconds(1000); // Job message information private Guid _scopeIdentifier; private string _hubName; private Guid _planId; private Guid _jobTimelineId; private Guid _jobTimelineRecordId; // queue for web console line private readonly ConcurrentQueue _webConsoleLineQueue = new ConcurrentQueue(); // queue for file upload (log file or attachment) private readonly ConcurrentQueue _fileUploadQueue = new ConcurrentQueue(); // queue for timeline or timeline record update (one queue per timeline) private readonly ConcurrentDictionary> _timelineUpdateQueue = new ConcurrentDictionary>(); // indicate how many timelines we have, we will process _timelineUpdateQueue base on the order of timeline in this list private readonly List _allTimelines = new List(); // bufferd timeline records that fail to update private readonly Dictionary> _bufferedRetryRecords = new Dictionary>(); // Task for each queue's dequeue process private Task _webConsoleLineDequeueTask; private Task _fileUploadDequeueTask; private Task _timelineUpdateDequeueTask; // common private IJobServer _jobServer; private Task[] _allDequeueTasks; private readonly TaskCompletionSource _jobCompletionSource = new TaskCompletionSource(); private bool _queueInProcess = false; public event EventHandler JobServerQueueThrottling; // Web console dequeue will start with process queue every 500ms for the first 15*2 times (~15 seconds). // Then the dequeue will happen every 1s or whatever the server tells us // In this way, customer still can get instance live console output on job start, // at the same time we can cut the load to server after the build run for more than 60s private int _webConsoleLineAggressiveDequeueCount = 0; private int _webConsoleLineUpdateRate = (int)_delayForWebConsoleLineDequeueDefault.TotalMilliseconds; private const int _webConsoleLineAggressiveDequeueLimit = 2 * 15; private bool _webConsoleLineAggressiveDequeue = true; private TaskCompletionSource _webConsoleLinesDequeueNow = new TaskCompletionSource(); private bool _firstConsoleOutputs = true; private bool _writeToBlobStoreLogs = false; private bool _writeToBlobStoreAttachments = false; private bool _debugMode = false; public bool ForceDrainWebConsoleQueue { get; set; } public bool ForceDrainTimelineQueue { get; set; } public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _jobServer = hostContext.GetService(); } public void Start(Pipelines.AgentJobRequestMessage jobRequest) { Trace.Entering(); if (_queueInProcess) { Trace.Info("No-opt, all queue process tasks are running."); return; } ArgUtil.NotNull(jobRequest, nameof(jobRequest)); ArgUtil.NotNull(jobRequest.Plan, nameof(jobRequest.Plan)); ArgUtil.NotNull(jobRequest.Timeline, nameof(jobRequest.Timeline)); _scopeIdentifier = jobRequest.Plan.ScopeIdentifier; _hubName = jobRequest.Plan.PlanType; _planId = jobRequest.Plan.PlanId; _jobTimelineId = jobRequest.Timeline.Id; _jobTimelineRecordId = jobRequest.JobId; if (jobRequest.Variables.TryGetValue(WellKnownDistributedTaskVariables.LogToBlobstorageService, out var logToBlob)) { Boolean.TryParse(logToBlob.Value, out _writeToBlobStoreLogs); } if (jobRequest.Variables.TryGetValue(WellKnownDistributedTaskVariables.UploadTimelineAttachmentsToBlob, out var attachToBlob)) { Boolean.TryParse(attachToBlob.Value, out _writeToBlobStoreAttachments); } if (jobRequest.Variables.TryGetValue(WellKnownDistributedTaskVariables.PostLinesSpeed, out var postLinesSpeed)) { if (!Int32.TryParse(postLinesSpeed.Value, out _webConsoleLineUpdateRate)) { _webConsoleLineUpdateRate = (int)_delayForWebConsoleLineDequeueDefault.TotalMilliseconds; } } if (jobRequest.Variables.TryGetValue(Constants.Variables.System.Debug, out var debug)) { Boolean.TryParse(debug.Value, out _debugMode); } // Server already create the job timeline _timelineUpdateQueue[_jobTimelineId] = new ConcurrentQueue(); _allTimelines.Add(_jobTimelineId); // Start three dequeue task Trace.Info("Start process web console line queue."); _webConsoleLineDequeueTask = ProcessWebConsoleLinesQueueAsync(); Trace.Info("Start process file upload queue."); _fileUploadDequeueTask = ProcessFilesUploadQueueAsync(); Trace.Info("Start process timeline update queue."); _timelineUpdateDequeueTask = ProcessTimelinesUpdateQueueAsync(); _allDequeueTasks = new Task[] { _webConsoleLineDequeueTask, _fileUploadDequeueTask, _timelineUpdateDequeueTask }; _queueInProcess = true; } // WebConsoleLine queue and FileUpload queue are always best effort // TimelineUpdate queue error will become critical when timeline records contain output variabls. public async Task ShutdownAsync() { if (!_queueInProcess) { Trace.Info("No-op, all queue process tasks have been stopped."); } Trace.Info("Fire signal to shutdown all queues."); _jobCompletionSource.TrySetResult(0); await Task.WhenAll(_allDequeueTasks); _queueInProcess = false; Trace.Info("All queue process task stopped."); // Drain the queue // ProcessWebConsoleLinesQueueAsync() will never throw exception, live console update is always best effort. Trace.Verbose("Draining web console line queue."); await ProcessWebConsoleLinesQueueAsync(runOnce: true); Trace.Info("Web console line queue drained."); // ProcessFilesUploadQueueAsync() will never throw exception, log file upload is always best effort. Trace.Verbose("Draining file upload queue."); await ProcessFilesUploadQueueAsync(runOnce: true); Trace.Info("File upload queue drained."); // ProcessTimelinesUpdateQueueAsync() will throw exception during shutdown // if there is any timeline records that failed to update contains output variables. Trace.Verbose("Draining timeline update queue."); await ProcessTimelinesUpdateQueueAsync(runOnce: true); Trace.Info("Timeline update queue drained."); Trace.Info("All queue process tasks have been stopped, and all queues are drained."); } public void QueueWebConsoleLine(Guid stepRecordId, string line, long lineNumber) { Trace.Verbose("Enqueue web console line queue: {0}", line); _webConsoleLineQueue.Enqueue(new ConsoleLineInfo(stepRecordId, line, lineNumber)); } public void QueueFileUpload(Guid timelineId, Guid timelineRecordId, string type, string name, string path, bool deleteSource) { ArgUtil.NotEmpty(timelineId, nameof(timelineId)); ArgUtil.NotEmpty(timelineRecordId, nameof(timelineRecordId)); // all parameter not null, file path exist. var newFile = new UploadFileInfo() { TimelineId = timelineId, TimelineRecordId = timelineRecordId, Type = type, Name = name, Path = path, DeleteSource = deleteSource }; Trace.Verbose(StringUtil.Format("Enqueue file upload queue: file '{0}' attach to record {1}", newFile.Path, timelineRecordId)); _fileUploadQueue.Enqueue(newFile); } public void QueueTimelineRecordUpdate(Guid timelineId, TimelineRecord timelineRecord) { ArgUtil.NotEmpty(timelineId, nameof(timelineId)); ArgUtil.NotNull(timelineRecord, nameof(timelineRecord)); ArgUtil.NotEmpty(timelineRecord.Id, nameof(timelineRecord.Id)); _timelineUpdateQueue.TryAdd(timelineId, new ConcurrentQueue()); Trace.Verbose(StringUtil.Format("Enqueue timeline {0} update queue: {1}", timelineId, timelineRecord.Id)); _timelineUpdateQueue[timelineId].Enqueue(timelineRecord.Clone()); } public void UpdateStateOnServer(Guid timelineId, TimelineRecord timelineRecord) { ArgUtil.NotEmpty(timelineId, nameof(timelineId)); ArgUtil.NotNull(timelineRecord, nameof(timelineRecord)); ArgUtil.NotEmpty(timelineRecord.Id, nameof(timelineRecord.Id)); //sending immediate server update for the job timeline records to server if (string.Equals(timelineRecord.RecordType, "Job", StringComparison.OrdinalIgnoreCase)) { try { // Attempting to send immediate update for job records SendTimelineRecordUpdateAsync(timelineId, timelineRecord).GetAwaiter().GetResult(); } catch (Exception ex) { Trace.Warning($"Failed to send immediate timeline record update: {ex.Message}. Falling back to queue mechanism."); Trace.Warning(ex.ToString()); QueueTimelineRecordUpdate(timelineId, timelineRecord); } } else { // All other record types use queue mechanism QueueTimelineRecordUpdate(timelineId, timelineRecord); Trace.Verbose($"Timeline record {timelineRecord.Id} queued for update (RecordType: {timelineRecord.RecordType})"); } } public async Task SendTimelineRecordUpdateAsync(Guid timelineId, TimelineRecord timelineRecord) { ArgUtil.NotEmpty(timelineId, nameof(timelineId)); ArgUtil.NotNull(timelineRecord, nameof(timelineRecord)); ArgUtil.NotEmpty(timelineRecord.Id, nameof(timelineRecord.Id)); var jobtimelinerecord = new List { timelineRecord.Clone() }; await _jobServer.UpdateTimelineRecordsAsync(_scopeIdentifier, _hubName, _planId, timelineId, jobtimelinerecord, CancellationToken.None); string stateValue = timelineRecord.State?.ToString() ?? "Unknown"; Trace.Info($"Job timeline record {timelineRecord.Id} (state: {stateValue}) sent successfully to server"); } public void ReportThrottling(TimeSpan delay, DateTime expiration) { Trace.Info($"Receive server throttling report, expect delay {delay} milliseconds till {expiration}"); var throttlingEvent = JobServerQueueThrottling; if (throttlingEvent != null) { throttlingEvent(this, new ThrottlingEventArgs(delay, expiration)); } } private async Task ProcessWebConsoleLinesQueueAsync(bool runOnce = false) { while (!_jobCompletionSource.Task.IsCompleted || runOnce) { bool shouldDrain = ForceDrainWebConsoleQueue; if (ForceDrainWebConsoleQueue) { ForceDrainWebConsoleQueue = false; } if (_webConsoleLineAggressiveDequeue && ++_webConsoleLineAggressiveDequeueCount > _webConsoleLineAggressiveDequeueLimit) { Trace.Info("Stop aggressive process web console line queue."); _webConsoleLineAggressiveDequeue = false; } // Group consolelines by timeline record of each step Dictionary> stepsConsoleLines = new Dictionary>(); List stepRecordIds = new List(); // We need to keep lines in order int linesCounter = 0; ConsoleLineInfo lineInfo; while (_webConsoleLineQueue.TryDequeue(out lineInfo)) { if (!stepsConsoleLines.ContainsKey(lineInfo.StepRecordId)) { stepsConsoleLines[lineInfo.StepRecordId] = new List(); stepRecordIds.Add(lineInfo.StepRecordId); } if (lineInfo.Line?.Length > 1024) { Trace.Verbose("Web console line is more than 1024 chars, truncate to first 1024 chars"); lineInfo.Line = $"{lineInfo.Line.Substring(0, 1024)}..."; } stepsConsoleLines[lineInfo.StepRecordId].Add(new TimelineRecordLogLine(lineInfo.Line, lineInfo.LineNumber)); linesCounter++; // process at most about 500 lines of web console line during regular timer dequeue task. // Send the first line of output to the customer right away // It might take a while to reach 500 line outputs, which would cause delays before customers see the first line if ((!runOnce && !shouldDrain && linesCounter > 500) || _firstConsoleOutputs) { break; } } // Batch post consolelines for each step timeline record foreach (var stepRecordId in stepRecordIds) { // Split consolelines into batch, each batch will container at most 100 lines. int batchCounter = 0; List> batchedLines = new List>(); foreach (var line in stepsConsoleLines[stepRecordId]) { var currentBatch = batchedLines.ElementAtOrDefault(batchCounter); if (currentBatch == null) { batchedLines.Add(new List()); currentBatch = batchedLines.ElementAt(batchCounter); } currentBatch.Add(line); if (currentBatch.Count >= 100) { batchCounter++; } } if (batchedLines.Count > 0) { // When job finish, web console lines becomes less interesting to customer // We batch and produce 500 lines of web console output every 500ms // If customer's task produce massive of outputs, then the last queue drain run might take forever. // So we will only upload the last 200 lines of each step from all buffered web console lines. if ((runOnce || shouldDrain) && batchedLines.Count > 2) { Trace.Info($"Skip {batchedLines.Count - 2} batches web console lines for last run"); batchedLines = batchedLines.TakeLast(2).ToList(); } int errorCount = 0; foreach (var batch in batchedLines) { try { // we will not requeue failed batch, since the web console lines are time sensitive. await _jobServer.AppendTimelineRecordFeedAsync(_scopeIdentifier, _hubName, _planId, _jobTimelineId, _jobTimelineRecordId, stepRecordId, batch.Select(x => x.Line).ToList(), batch[0].LineNumber, default(CancellationToken)); if (_firstConsoleOutputs) { _firstConsoleOutputs = false; HostContext.WritePerfCounter("WorkerJobServerQueueAppendFirstConsoleOutput"); } } catch (Exception ex) { Trace.Info("Catch exception during append web console line, keep going since the process is best effort."); Trace.Error(ex); errorCount++; } } Trace.Info(StringUtil.Format("Try to append {0} batches web console lines for record '{1}', success rate: {2}/{3}.", batchedLines.Count, stepRecordId, batchedLines.Count - errorCount, batchedLines.Count)); } } if (runOnce) { break; } else { _webConsoleLinesDequeueNow = new TaskCompletionSource(); await Task.WhenAny( Task.Delay(_webConsoleLineAggressiveDequeue ? _aggressiveDelayForWebConsoleLineDequeue : TimeSpan.FromMilliseconds(_webConsoleLineUpdateRate)), _webConsoleLinesDequeueNow.Task); } } } public void UpdateWebConsoleLineRate(Int32 rateInMillis) { _webConsoleLineUpdateRate = rateInMillis; // Start running the dequeue task immediately _webConsoleLinesDequeueNow?.SetResult(true); } private async Task ProcessFilesUploadQueueAsync(bool runOnce = false) { while (!_jobCompletionSource.Task.IsCompleted || runOnce) { List filesToUpload = new List(); UploadFileInfo dequeueFile; while (_fileUploadQueue.TryDequeue(out dequeueFile)) { filesToUpload.Add(dequeueFile); // process at most 10 file upload. if (!runOnce && filesToUpload.Count > 10) { break; } } if (filesToUpload.Count > 0) { if (runOnce) { Trace.Info($"Uploading {filesToUpload.Count} files in one shot."); } // TODO: upload all file in parallel int errorCount = 0; foreach (var file in filesToUpload) { try { await UploadFile(file); } catch (Exception ex) { Trace.Info("Catch exception during log or attachment file upload, keep going since the process is best effort."); Trace.Error(ex); errorCount++; // put the failed upload file back to queue. // TODO: figure out how should we retry paging log upload. //lock (_fileUploadQueueLock) //{ // _fileUploadQueue.Enqueue(file); //} } } Trace.Info(StringUtil.Format("Try to upload {0} log files or attachments, success rate: {1}/{2}.", filesToUpload.Count, filesToUpload.Count - errorCount, filesToUpload.Count)); } if (runOnce) { break; } else { await Task.Delay(_delayForFileUploadDequeue); } } } private async Task ProcessTimelinesUpdateQueueAsync(bool runOnce = false) { while (!_jobCompletionSource.Task.IsCompleted || runOnce) { bool shouldDrain = ForceDrainTimelineQueue; var pendingUpdates = new List(); foreach (var timeline in _allTimelines) { if (_timelineUpdateQueue.TryGetValue(timeline, out ConcurrentQueue recordQueue)) { var records = new List(); while (recordQueue.TryDequeue(out TimelineRecord record)) { records.Add(record); // process at most 25 timeline records update for each timeline. if (!runOnce && !shouldDrain && records.Count > 25) { break; } } if (records.Count > 0) { pendingUpdates.Add(new PendingTimelineRecord() { TimelineId = timeline, PendingRecords = records.ToList() }); } } } // we need track whether we have new sub-timeline been created on the last run. // if so, we need continue update timeline record even we on the last run. bool pendingSubtimelineUpdate = false; List mainTimelineRecordsUpdateErrors = new List(); if (pendingUpdates.Count > 0) { foreach (var update in pendingUpdates) { if (_bufferedRetryRecords.TryGetValue(update.TimelineId, out List bufferedRecords)) { update.PendingRecords.InsertRange(0, bufferedRecords); } update.PendingRecords = MergeTimelineRecords(update.PendingRecords); foreach (var detailTimeline in update.PendingRecords.Where(r => r.Details != null)) { if (!_allTimelines.Contains(detailTimeline.Details.Id)) { try { Timeline newTimeline = await _jobServer.CreateTimelineAsync(_scopeIdentifier, _hubName, _planId, detailTimeline.Details.Id, CancellationToken.None); _allTimelines.Add(newTimeline.Id); pendingSubtimelineUpdate = true; } catch (TimelineExistsException) { Trace.Info("Catch TimelineExistsException during timeline creation. Ignore the error since server already had this timeline."); _allTimelines.Add(detailTimeline.Details.Id); } catch (Exception ex) { Trace.Error(ex); } } } try { await _jobServer.UpdateTimelineRecordsAsync(_scopeIdentifier, _hubName, _planId, update.TimelineId, update.PendingRecords, CancellationToken.None); if (_bufferedRetryRecords.Remove(update.TimelineId)) { Trace.Verbose(StringUtil.Format("Cleanup buffered timeline record for timeline: {0}.", update.TimelineId)); } } catch (Exception ex) { Trace.Info("Catch exception during update timeline records, try to update these timeline records next time."); Trace.Error(ex); _bufferedRetryRecords[update.TimelineId] = update.PendingRecords; if (update.TimelineId == _jobTimelineId) { mainTimelineRecordsUpdateErrors.Add(ex); } } } } if (runOnce || shouldDrain) { // continue process timeline records update, // we might have more records need update, // since we just create a new sub-timeline if (pendingSubtimelineUpdate) { continue; } else { if (ForceDrainTimelineQueue) { ForceDrainTimelineQueue = false; } } } if (runOnce) { if (mainTimelineRecordsUpdateErrors.Count > 0 && _bufferedRetryRecords.ContainsKey(_jobTimelineId) && _bufferedRetryRecords[_jobTimelineId] != null && _bufferedRetryRecords[_jobTimelineId].Any(r => r.Variables.Count > 0)) { Trace.Info("Fail to update timeline records with output variables. Throw exception to fail the job since output variables are critical to downstream jobs."); throw new AggregateException(StringUtil.Loc("OutputVariablePublishFailed"), mainTimelineRecordsUpdateErrors); } break; } await Task.Delay(_delayForTimelineUpdateDequeue); } } private List MergeTimelineRecords(List timelineRecords) { if (timelineRecords == null || timelineRecords.Count <= 1) { return timelineRecords; } Dictionary dict = new Dictionary(); foreach (TimelineRecord rec in timelineRecords) { if (rec == null) { continue; } TimelineRecord timelineRecord; if (dict.TryGetValue(rec.Id, out timelineRecord)) { // Merge rec into timelineRecord timelineRecord.CurrentOperation = rec.CurrentOperation ?? timelineRecord.CurrentOperation; timelineRecord.Details = rec.Details ?? timelineRecord.Details; timelineRecord.FinishTime = rec.FinishTime ?? timelineRecord.FinishTime; timelineRecord.Log = rec.Log ?? timelineRecord.Log; timelineRecord.Name = rec.Name ?? timelineRecord.Name; timelineRecord.RefName = rec.RefName ?? timelineRecord.RefName; timelineRecord.PercentComplete = rec.PercentComplete ?? timelineRecord.PercentComplete; timelineRecord.RecordType = rec.RecordType ?? timelineRecord.RecordType; timelineRecord.Result = rec.Result ?? timelineRecord.Result; timelineRecord.ResultCode = rec.ResultCode ?? timelineRecord.ResultCode; timelineRecord.StartTime = rec.StartTime ?? timelineRecord.StartTime; timelineRecord.State = rec.State ?? timelineRecord.State; timelineRecord.WorkerName = rec.WorkerName ?? timelineRecord.WorkerName; if (rec.ErrorCount != null && rec.ErrorCount > 0) { timelineRecord.ErrorCount = rec.ErrorCount; } if (rec.WarningCount != null && rec.WarningCount > 0) { timelineRecord.WarningCount = rec.WarningCount; } if (rec.Issues.Count > 0) { timelineRecord.Issues.Clear(); timelineRecord.Issues.AddRange(rec.Issues.Select(i => i.Clone())); } if (rec.Variables.Count > 0) { foreach (var variable in rec.Variables) { timelineRecord.Variables[variable.Key] = variable.Value.Clone(); } } } else { dict.Add(rec.Id, rec); } } var mergedRecords = dict.Values.ToList(); Trace.Verbose("Merged Timeline records"); foreach (var record in mergedRecords) { Trace.Verbose($" Record: t={record.RecordType}, n={record.Name}, s={record.State}, st={record.StartTime}, {record.PercentComplete}%, ft={record.FinishTime}, r={record.Result}: {record.CurrentOperation}"); if (record.Issues != null && record.Issues.Count > 0) { foreach (var issue in record.Issues) { String source; issue.Data.TryGetValue("sourcepath", out source); Trace.Verbose($" Issue: c={issue.Category}, t={issue.Type}, s={source ?? string.Empty}, m={issue.Message}"); } } if (record.Variables != null && record.Variables.Count > 0) { foreach (var variable in record.Variables) { Trace.Verbose($" Variable: n={variable.Key}, secret={variable.Value.IsSecret}"); } } } return mergedRecords; } private async Task UploadFile(UploadFileInfo file) { bool uploadSucceed = false; try { if (String.Equals(file.Type, CoreAttachmentType.Log, StringComparison.OrdinalIgnoreCase)) { // Create the log var taskLog = await _jobServer.CreateLogAsync(_scopeIdentifier, _hubName, _planId, new TaskLog(String.Format(@"logs\{0:D}", file.TimelineRecordId)), default(CancellationToken)); using (FileStream fs = File.Open(file.Path, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) { if (_writeToBlobStoreLogs) { try { var blobBlockId = await _jobServer.UploadLogToBlobStore(fs, _hubName, _planId, taskLog.Id); int lineCount = File.ReadLines(file.Path).Count(); // Notify TFS await _jobServer.AssociateLogAsync(_scopeIdentifier, _hubName, _planId, taskLog.Id, blobBlockId, lineCount, default(CancellationToken)); } catch { // Fall back to FCS fs.Position = 0; await _jobServer.AppendLogContentAsync(_scopeIdentifier, _hubName, _planId, taskLog.Id, fs, default(CancellationToken)); } } else { await _jobServer.AppendLogContentAsync(_scopeIdentifier, _hubName, _planId, taskLog.Id, fs, default(CancellationToken)); } } // Create a new record and only set the Log field var attachmentUpdataRecord = new TimelineRecord() { Id = file.TimelineRecordId, Log = taskLog }; QueueTimelineRecordUpdate(file.TimelineId, attachmentUpdataRecord); } else { if (_writeToBlobStoreAttachments) { try { var (dedupId, length) = await _jobServer.UploadAttachmentToBlobStore(_debugMode, file.Path, _planId, _jobTimelineRecordId, default(CancellationToken)); // Notify TFS await _jobServer.AssosciateAttachmentAsync(_scopeIdentifier, _hubName, _planId, file.TimelineId, file.TimelineRecordId, file.Type, file.Name, dedupId, (long)length, default(CancellationToken)); } catch { // Fall back to file-based FCS using (FileStream fs = File.Open(file.Path, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) { var result = await _jobServer.CreateAttachmentAsync(_scopeIdentifier, _hubName, _planId, file.TimelineId, file.TimelineRecordId, file.Type, file.Name, fs, default(CancellationToken)); } } } else { // Create attachment using (FileStream fs = File.Open(file.Path, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) { var result = await _jobServer.CreateAttachmentAsync(_scopeIdentifier, _hubName, _planId, file.TimelineId, file.TimelineRecordId, file.Type, file.Name, fs, default(CancellationToken)); } } } uploadSucceed = true; } finally { if (uploadSucceed && file.DeleteSource) { try { File.Delete(file.Path); } catch (Exception ex) { Trace.Info("Catch exception during delete success uploaded file."); Trace.Error(ex); } } } } } internal class PendingTimelineRecord { public Guid TimelineId { get; set; } public List PendingRecords { get; set; } } internal class UploadFileInfo { public Guid TimelineId { get; set; } public Guid TimelineRecordId { get; set; } public string Type { get; set; } public string Name { get; set; } public string Path { get; set; } public bool DeleteSource { get; set; } } internal class ConsoleLineInfo { public ConsoleLineInfo(Guid recordId, string line, long lineNumber) { this.StepRecordId = recordId; this.Line = line; this.LineNumber = lineNumber; } public Guid StepRecordId { get; set; } public string Line { get; set; } public long LineNumber { get; set; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/LocationServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Net.Sockets; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Location.Client; using Microsoft.VisualStudio.Services.Location; using Microsoft.VisualStudio.Services.Agent.Util; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(LocationServer))] public interface ILocationServer : IAgentService { Task ConnectAsync(VssConnection jobConnection); Task GetConnectionDataAsync(); } public sealed class LocationServer : AgentService, ILocationServer { private bool _hasConnection; private VssConnection _connection; private LocationHttpClient _locationClient; public async Task ConnectAsync(VssConnection jobConnection) { ArgUtil.NotNull(jobConnection, nameof(jobConnection)); _connection = jobConnection; try { await _connection.ConnectAsync(); } catch (SocketException ex) { ExceptionsUtil.HandleSocketException(ex, _connection.Uri.ToString(), (msg) => Trace.Error(msg)); throw; } catch (Exception ex) { Trace.Info($"Unable to connect to {_connection.Uri}."); Trace.Error(ex); throw; } _locationClient = _connection.GetClient(); _hasConnection = true; } private void CheckConnection() { if (!_hasConnection) { throw new InvalidOperationException("SetConnection"); } } public async Task GetConnectionDataAsync() { CheckConnection(); return await _locationClient.GetConnectionDataAsync(ConnectOptions.None, 0); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Logging.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(PagingLogger))] public interface IPagingLogger : IAgentService { long TotalLines { get; } void Setup(Guid timelineId, Guid timelineRecordId); void Write(string message); [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1716: Identifiers should not match keywords")] void End(); } public class PagingLogger : AgentService, IPagingLogger, IDisposable { public static string PagingFolder = "pages"; // 8 MB public const int PageSize = 8 * 1024 * 1024; private Guid _timelineId; private Guid _timelineRecordId; private string _pageId; private StreamWriter _pageWriter; private int _byteCount; private int _pageCount; private long _totalLines; private string _dataFileName; private string _pagesFolder; private IJobServerQueue _jobServerQueue; private const string groupStartTag = "##[group]"; private const string groupEndTag = "##[endgroup]"; private bool _groupOpened = false; public long TotalLines => _totalLines; public override void Initialize(IHostContext hostContext) { ArgUtil.NotNull(hostContext, nameof(hostContext)); base.Initialize(hostContext); _totalLines = 0; _pageId = Guid.NewGuid().ToString(); _pagesFolder = Path.Combine(hostContext.GetDiagDirectory(), PagingFolder); _jobServerQueue = HostContext.GetService(); Directory.CreateDirectory(_pagesFolder); } public void Setup(Guid timelineId, Guid timelineRecordId) { _timelineId = timelineId; _timelineRecordId = timelineRecordId; } // // Write a metadata file with id etc, point to pages on disk. // Each page is a guid_#. As a page rolls over, it events it's done // and the consumer queues it for upload // Ensure this is lazy. Create a page on first write // public void Write(string message) { // lazy creation on write if (_pageWriter == null) { Create(); } if (message.Contains(groupStartTag, StringComparison.OrdinalIgnoreCase)) { _groupOpened = true; } if (_groupOpened && message.Contains(groupEndTag, StringComparison.OrdinalIgnoreCase)) { // Ignore group end tag only if group was opened, otherwise it is a normal message // because in web console ##[endgroup] becomes empty line without ##[group] tag _groupOpened = false; _totalLines--; } string line = $"{DateTime.UtcNow.ToString("O")} {message}"; _pageWriter.WriteLine(line); _totalLines++; if (line.IndexOf('\n') != -1) { foreach (char c in line) { if (c == '\n') { _totalLines++; } } } _byteCount += System.Text.Encoding.UTF8.GetByteCount(line); if (_byteCount >= PageSize) { NewPage(); } } public void End() { // Prevent multiple disposal attempts - only call EndPage if writer still exists // This is important because both End() and Dispose() can be called during cleanup if (_pageWriter != null) { EndPage(); } } private void Create() { NewPage(); } private void NewPage() { EndPage(); _byteCount = 0; _dataFileName = Path.Combine(_pagesFolder, $"{_pageId}_{++_pageCount}.log"); // Create StreamWriter directly with file path - it will handle the FileStream internally _pageWriter = new StreamWriter(_dataFileName, append: false, System.Text.Encoding.UTF8); } private void EndPage() { if (_pageWriter != null) { // StreamWriter manages the underlying file handle across all platforms // This avoids platform-specific disposal timing issues (like "Bad file descriptor" on macOS) try { _pageWriter.Flush(); } catch (ObjectDisposedException) { // StreamWriter was already disposed - this is safe to ignore // Can happen during shutdown or cleanup scenarios } catch (IOException) { // File handle may be invalid (e.g., "Bad file descriptor" on POSIX systems) // This can happen if the underlying file was closed externally // Safe to ignore as we're disposing anyway } _pageWriter.Dispose(); _pageWriter = null; _jobServerQueue.QueueFileUpload(_timelineId, _timelineRecordId, "DistributedTask.Core.Log", "CustomToolLog", _dataFileName, true); } } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } protected virtual void Dispose(bool disposing) { if (disposing && _pageWriter != null) { // Only call EndPage if we haven't already disposed the writer // This prevents double-disposal which causes "Bad file descriptor" on macOS/Linux EndPage(); } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Microsoft.VisualStudio.Services.Agent.csproj ================================================  Library true ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/NuGet.Config ================================================  ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/ProcessChannel.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.IO.Pipes; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent { [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1711: Identifiers should not have incorrect suffix")] public delegate void StartProcessDelegate(string pipeHandleOut, string pipeHandleIn); [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1008: Enums should have zero value")] public enum MessageType { NotInitialized = -1, NewJobRequest = 1, CancelRequest = 2, AgentShutdown = 3, OperatingSystemShutdown = 4, JobMetadataUpdate = 5, FlushLogsRequest = 9999, } public struct WorkerMessage { public MessageType MessageType; public string Body; public WorkerMessage(MessageType messageType, string body) { MessageType = messageType; Body = body; } } [ServiceLocator(Default = typeof(ProcessChannel))] public interface IProcessChannel : IDisposable, IAgentService { void StartServer(StartProcessDelegate startProcess, bool disposeClient = true); void StartClient(string pipeNameInput, string pipeNameOutput); Task SendAsync(MessageType messageType, string body, CancellationToken cancellationToken); Task ReceiveAsync(CancellationToken cancellationToken); } public sealed class ProcessChannel : AgentService, IProcessChannel { private AnonymousPipeServerStream _inServer; private AnonymousPipeServerStream _outServer; private AnonymousPipeClientStream _inClient; private AnonymousPipeClientStream _outClient; private StreamString _writeStream; private StreamString _readStream; public void StartServer(StartProcessDelegate startProcess, bool disposeLocalClientHandle = true) { ArgUtil.NotNull(startProcess, nameof(startProcess)); _outServer = new AnonymousPipeServerStream(PipeDirection.Out, HandleInheritability.Inheritable); _inServer = new AnonymousPipeServerStream(PipeDirection.In, HandleInheritability.Inheritable); _readStream = new StreamString(_inServer); _writeStream = new StreamString(_outServer); startProcess(_outServer.GetClientHandleAsString(), _inServer.GetClientHandleAsString()); if (disposeLocalClientHandle) { _outServer.DisposeLocalCopyOfClientHandle(); _inServer.DisposeLocalCopyOfClientHandle(); } } public void StartClient(string pipeNameInput, string pipeNameOutput) { _inClient = new AnonymousPipeClientStream(PipeDirection.In, pipeNameInput); _outClient = new AnonymousPipeClientStream(PipeDirection.Out, pipeNameOutput); _readStream = new StreamString(_inClient); _writeStream = new StreamString(_outClient); } public async Task SendAsync(MessageType messageType, string body, CancellationToken cancellationToken) { await _writeStream.WriteInt32Async((int)messageType, cancellationToken); await _writeStream.WriteStringAsync(body, cancellationToken); } public async Task ReceiveAsync(CancellationToken cancellationToken) { WorkerMessage result = new WorkerMessage(MessageType.NotInitialized, string.Empty); result.MessageType = (MessageType)await _readStream.ReadInt32Async(cancellationToken); result.Body = await _readStream.ReadStringAsync(cancellationToken); return result; } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } private void Dispose(bool disposing) { if (disposing) { _inServer?.Dispose(); _outServer?.Dispose(); _inClient?.Dispose(); _outClient?.Dispose(); } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/ProcessExtensions.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Threading; namespace Microsoft.VisualStudio.Services.Agent { public static class ProcessExtensions { public static string GetEnvironmentVariable(this Process process, IHostContext hostContext, string variable) { ArgUtil.NotNull(process, nameof(process)); ArgUtil.NotNull(hostContext, nameof(hostContext)); ArgUtil.NotNull(variable, nameof(variable)); switch (PlatformUtil.HostOS) { case PlatformUtil.OS.Linux: return GetEnvironmentVariableLinux(process, hostContext, variable); case PlatformUtil.OS.OSX: return GetEnvironmentVariableUsingPs(process, hostContext, variable); case PlatformUtil.OS.Windows: return WindowsEnvVarHelper.GetEnvironmentVariable(process, hostContext, variable); } throw new NotImplementedException($"Cannot look up environment variables on {PlatformUtil.HostOS}"); } private static string GetEnvironmentVariableLinux(Process process, IHostContext hostContext, string variable) { var trace = hostContext.GetTrace(nameof(ProcessExtensions)); if (!Directory.Exists("/proc")) { return GetEnvironmentVariableUsingPs(process, hostContext, variable); } Dictionary env = new Dictionary(); string envFile = $"/proc/{process.Id}/environ"; trace.Info($"Read env from {envFile}"); string envContent = File.ReadAllText(envFile); if (!string.IsNullOrEmpty(envContent)) { // on linux, environment variables are seprated by '\0' var envList = envContent.Split('\0', StringSplitOptions.RemoveEmptyEntries); foreach (var envStr in envList) { // split on the first '=' var keyValuePair = envStr.Split('=', 2); if (keyValuePair.Length == 2) { env[keyValuePair[0]] = keyValuePair[1]; trace.Verbose($"PID:{process.Id} ({keyValuePair[0]}={keyValuePair[1]})"); } } } if (env.TryGetValue(variable, out string envVariable)) { return envVariable; } else { return null; } } private static string GetEnvironmentVariableUsingPs(Process process, IHostContext hostContext, string variable) { // On OSX, there is no /proc folder for us to read environment for given process, // So we have call `ps e -p -o command` to print out env to STDOUT, // However, the output env are not format in a parseable way, it's just a string that concatenate all envs with space, // It doesn't escape '=' or ' ', so we can't parse the output into a dictionary of all envs. // So we only look for the env you request, in the format of variable=value. (it won't work if you variable contains = or space) var trace = hostContext.GetTrace(nameof(ProcessExtensions)); trace.Info($"Read env from output of `ps e -p {process.Id} -o command`"); Dictionary env = new Dictionary(); List psOut = new List(); object outputLock = new object(); using (var p = hostContext.CreateService()) { p.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stdout) { if (!string.IsNullOrEmpty(stdout.Data)) { lock (outputLock) { psOut.Add(stdout.Data); } } }; p.ErrorDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stderr) { if (!string.IsNullOrEmpty(stderr.Data)) { lock (outputLock) { trace.Error(stderr.Data); } } }; int exitCode = p.ExecuteAsync(workingDirectory: hostContext.GetDirectory(WellKnownDirectory.Root), fileName: "ps", arguments: $"e -p {process.Id} -o command", environment: null, cancellationToken: CancellationToken.None).GetAwaiter().GetResult(); if (exitCode == 0) { trace.Info($"Successfully dump environment variables for {process.Id}"); if (psOut.Count > 0) { string psOutputString = string.Join(" ", psOut); trace.Verbose($"ps output: '{psOutputString}'"); int varStartIndex = psOutputString.IndexOf(variable, StringComparison.Ordinal); if (varStartIndex >= 0) { string rightPart = psOutputString.Substring(varStartIndex + variable.Length + 1); if (rightPart.IndexOf(' ') > 0) { string value = rightPart.Substring(0, rightPart.IndexOf(' ')); env[variable] = value; } else { env[variable] = rightPart; } trace.Verbose($"PID:{process.Id} ({variable}={env[variable]})"); } } } } if (env.TryGetValue(variable, out string envVariable)) { return envVariable; } else { return null; } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/ProcessInvoker.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Generic; using System.Text; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.Framework.Common; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(ProcessInvokerWrapper))] public interface IProcessInvoker : IDisposable, IAgentService { event EventHandler OutputDataReceived; event EventHandler ErrorDataReceived; TimeSpan SigintTimeout { get; set; } TimeSpan SigtermTimeout { get; set; } bool TryUseGracefulShutdown { get; set; } Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, CancellationToken cancellationToken); Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, CancellationToken cancellationToken); Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, CancellationToken cancellationToken); Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, CancellationToken cancellationToken); Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, CancellationToken cancellationToken); Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, bool inheritConsoleHandler, bool continueAfterCancelProcessTreeKillAttempt, CancellationToken cancellationToken); Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, bool inheritConsoleHandler, bool keepStandardInOpen, bool continueAfterCancelProcessTreeKillAttempt, CancellationToken cancellationToken); Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, bool inheritConsoleHandler, bool keepStandardInOpen, bool highPriorityProcess, bool continueAfterCancelProcessTreeKillAttempt, CancellationToken cancellationToken); } // The implementation of the process invoker does not hook up DataReceivedEvent and ErrorReceivedEvent of Process, // instead, we read both STDOUT and STDERR stream manually on seperate thread. // The reason is we find a huge perf issue about process STDOUT/STDERR with those events. // // Missing functionalities: // 1. Cancel/Kill process tree // 2. Make sure STDOUT and STDERR not process out of order public sealed class ProcessInvokerWrapper : AgentService, IProcessInvoker { private ProcessInvoker _invoker; public bool DisableWorkerCommands { get; set; } public TimeSpan SigintTimeout { get => _invoker.SigintTimeout; set => _invoker.SigintTimeout = value; } public TimeSpan SigtermTimeout { get => _invoker.SigtermTimeout; set => _invoker.SigtermTimeout = value; } public bool TryUseGracefulShutdown { get => _invoker.TryUseGracefulShutdown; set => _invoker.TryUseGracefulShutdown = value; } public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _invoker = new ProcessInvoker(Trace, DisableWorkerCommands); } public event EventHandler OutputDataReceived; public event EventHandler ErrorDataReceived; public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: false, cancellationToken: cancellationToken); } public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: null, cancellationToken: cancellationToken); } public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: outputEncoding, killProcessOnCancel: false, cancellationToken: cancellationToken); } public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: outputEncoding, killProcessOnCancel: killProcessOnCancel, redirectStandardIn: null, cancellationToken: cancellationToken); } public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: outputEncoding, killProcessOnCancel: killProcessOnCancel, redirectStandardIn: redirectStandardIn, inheritConsoleHandler: false, continueAfterCancelProcessTreeKillAttempt: ProcessInvoker.ContinueAfterCancelProcessTreeKillAttemptDefault, cancellationToken: cancellationToken ); } public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, bool inheritConsoleHandler, bool continueAfterCancelProcessTreeKillAttempt, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: outputEncoding, killProcessOnCancel: killProcessOnCancel, redirectStandardIn: redirectStandardIn, inheritConsoleHandler: inheritConsoleHandler, keepStandardInOpen: false, continueAfterCancelProcessTreeKillAttempt: continueAfterCancelProcessTreeKillAttempt, cancellationToken: cancellationToken ); } public Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, bool inheritConsoleHandler, bool keepStandardInOpen, bool continueAfterCancelProcessTreeKillAttempt, CancellationToken cancellationToken) { return ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: outputEncoding, killProcessOnCancel: killProcessOnCancel, redirectStandardIn: redirectStandardIn, inheritConsoleHandler: inheritConsoleHandler, keepStandardInOpen: keepStandardInOpen, highPriorityProcess: false, continueAfterCancelProcessTreeKillAttempt: continueAfterCancelProcessTreeKillAttempt, cancellationToken: cancellationToken ); } public async Task ExecuteAsync( string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, bool inheritConsoleHandler, bool keepStandardInOpen, bool highPriorityProcess, bool continueAfterCancelProcessTreeKillAttempt, CancellationToken cancellationToken) { _invoker.ErrorDataReceived += this.ErrorDataReceived; _invoker.OutputDataReceived += this.OutputDataReceived; return await _invoker.ExecuteAsync( workingDirectory: workingDirectory, fileName: fileName, arguments: arguments, environment: environment, requireExitCodeZero: requireExitCodeZero, outputEncoding: outputEncoding, killProcessOnCancel: killProcessOnCancel, redirectStandardIn: redirectStandardIn, inheritConsoleHandler: inheritConsoleHandler, keepStandardInOpen: keepStandardInOpen, highPriorityProcess: highPriorityProcess, continueAfterCancelProcessTreeKillAttempt: continueAfterCancelProcessTreeKillAttempt, cancellationToken: cancellationToken); } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } private void Dispose(bool disposing) { if (disposing) { if (_invoker != null) { _invoker.Dispose(); _invoker = null; } } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/StreamString.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. // Defines the data protocol for reading and writing strings on our stream using System; using System.IO; using System.Text; using System.Threading; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent { public class StreamString { private Stream _ioStream; private UnicodeEncoding streamEncoding; public StreamString(Stream ioStream) { _ioStream = ioStream; streamEncoding = new UnicodeEncoding(); } public async Task ReadInt32Async(CancellationToken cancellationToken) { byte[] readBytes = new byte[sizeof(Int32)]; int dataread = 0; while (sizeof(Int32) - dataread > 0 && (!cancellationToken.IsCancellationRequested)) { Task op = _ioStream.ReadAsync(readBytes, dataread, sizeof(Int32) - dataread, cancellationToken); int newData = 0; newData = await op.WithCancellation(cancellationToken); dataread += newData; if (0 == newData) { await Task.Delay(100, cancellationToken); } } cancellationToken.ThrowIfCancellationRequested(); return BitConverter.ToInt32(readBytes, 0); } public async Task WriteInt32Async(Int32 value, CancellationToken cancellationToken) { byte[] int32Bytes = BitConverter.GetBytes(value); Task op = _ioStream.WriteAsync(int32Bytes, 0, sizeof(Int32), cancellationToken); await op.WithCancellation(cancellationToken); } const int MaxStringSize = 50 * 1000000; public async Task ReadStringAsync(CancellationToken cancellationToken) { Int32 len = await ReadInt32Async(cancellationToken); if (len == 0) { return string.Empty; } if (len < 0 || len > MaxStringSize) { throw new InvalidDataException(); } byte[] inBuffer = new byte[len]; int dataread = 0; while (len - dataread > 0 && (!cancellationToken.IsCancellationRequested)) { Task op = _ioStream.ReadAsync(inBuffer, dataread, len - dataread, cancellationToken); int newData = 0; newData = await op.WithCancellation(cancellationToken); dataread += newData; if (0 == newData) { await Task.Delay(100, cancellationToken); } } return streamEncoding.GetString(inBuffer); } public async Task WriteStringAsync(string outString, CancellationToken cancellationToken) { byte[] outBuffer = streamEncoding.GetBytes(outString); Int32 len = outBuffer.Length; if (len > MaxStringSize) { throw new ArgumentOutOfRangeException(); } await WriteInt32Async(len, cancellationToken); cancellationToken.ThrowIfCancellationRequested(); Task op = _ioStream.WriteAsync(outBuffer, 0, len, cancellationToken); await op.WithCancellation(cancellationToken); op = _ioStream.FlushAsync(cancellationToken); await op.WithCancellation(cancellationToken); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/TaskServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(TaskServer))] public interface ITaskServer : IAgentService { Task ConnectAsync(VssConnection jobConnection); // task download Task GetTaskContentZipAsync(Guid taskId, TaskVersion taskVersion, CancellationToken token); Task TaskDefinitionEndpointExist(); } public sealed class TaskServer : AgentService, ITaskServer { private bool _hasConnection; private VssConnection _connection; private TaskAgentHttpClient _taskAgentClient; public async Task ConnectAsync(VssConnection jobConnection) { ArgUtil.NotNull(jobConnection, nameof(jobConnection)); _connection = jobConnection; int attemptCount = 5; while (!_connection.HasAuthenticated && attemptCount-- > 0) { try { await _connection.ConnectAsync(); break; } catch (Exception ex) when (attemptCount > 0) { Trace.Info($"Catch exception during connect. {attemptCount} attempt left."); Trace.Error(ex); } await Task.Delay(100); } _taskAgentClient = _connection.GetClient(); _hasConnection = true; } private void CheckConnection() { if (!_hasConnection) { throw new InvalidOperationException("SetConnection"); } } //----------------------------------------------------------------- // Task Manager: Query and Download Task //----------------------------------------------------------------- public Task GetTaskContentZipAsync(Guid taskId, TaskVersion taskVersion, CancellationToken token) { CheckConnection(); return _taskAgentClient.GetTaskContentZipAsync( taskId, versionString: taskVersion, visibility: null, scopeLocal: null, userState: null, cancellationToken: token ); } public async Task TaskDefinitionEndpointExist() { CheckConnection(); try { // D9BAFED4-0B18-4F58-968D-86655B4D2CE9 -> CommandLine task var definitions = await _taskAgentClient.GetTaskDefinitionsAsync(new Guid("D9BAFED4-0B18-4F58-968D-86655B4D2CE9")); } catch (VssResourceNotFoundException) { return false; } catch (TaskDefinitionNotFoundException) { // ignore task not found exception // this exception means the task definition is not in the DB, but the rest endpoint exists. } return true; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Terminal.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Text; using Agent.Sdk.Knob; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent { // // Abstracts away interactions with the terminal which allows: // (1) Console writes also go to trace for better context in the trace // (2) Reroute in tests // [ServiceLocator(Default = typeof(Terminal))] public interface ITerminal : IAgentService, IDisposable { event EventHandler CancelKeyPress; bool Silent { get; set; } string ReadLine(); string ReadSecret(); void Write(string message); void WriteLine(); void WriteLine(string line); void WriteError(Exception ex); void WriteError(string line); } public sealed class Terminal : AgentService, ITerminal { public bool Silent { get; set; } public event EventHandler CancelKeyPress; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); Console.CancelKeyPress += Console_CancelKeyPress; var terminalEncoding = Encoding.UTF8; var endEncodingName = AgentKnobs.AgentTerminalEncoding.GetValue(hostContext).AsString(); try { if (!string.IsNullOrEmpty(endEncodingName)) { terminalEncoding = Encoding.GetEncoding(endEncodingName); } } catch (Exception ex) { Trace.Error($@"Encoding ""{endEncodingName}"" not found:"); Trace.Error(ex); } try { Console.OutputEncoding = terminalEncoding; Console.InputEncoding = terminalEncoding; } catch (Exception ex) { Trace.Warning($"Failed to set console output encoding to '{terminalEncoding.WebName}': {ex.Message}"); Trace.Verbose(ex.ToString()); } } private void Console_CancelKeyPress(object sender, ConsoleCancelEventArgs e) { e.Cancel = true; CancelKeyPress?.Invoke(this, e); } public string ReadLine() { // Read and trace the value. Trace.Info("READ LINE"); string value = Console.ReadLine(); Trace.Info($"Read value: '{value}'"); return value; } // TODO: Consider using SecureString. public string ReadSecret() { Trace.Info("READ SECRET"); var chars = new List(); while (true) { ConsoleKeyInfo key = Console.ReadKey(intercept: true); if (key.Key == ConsoleKey.Enter) { Console.WriteLine(); break; } else if (key.Key == ConsoleKey.Backspace) { if (chars.Count > 0) { chars.RemoveAt(chars.Count - 1); Console.Write("\b \b"); } } else if (key.KeyChar > 0) { chars.Add(key.KeyChar); Console.Write("*"); } } // Trace whether a value was entered. string val = new String(chars.ToArray()); if (!string.IsNullOrEmpty(val)) { HostContext.SecretMasker.AddValue(val, WellKnownSecretAliases.TerminalReadSecret); } Trace.Info($"Read value: '{val}'"); return val; } public void Write(string message) { Trace.Info($"WRITE: {message}"); if (!Silent) { Console.Write(message); } } public void WriteLine() { WriteLine(string.Empty); } // Do not add a format string overload. Terminal messages are user facing and therefore // should be localized. Use the Loc method in the StringUtil class. public void WriteLine(string line) { Trace.Info($"WRITE LINE: {line}"); if (!Silent) { Console.WriteLine(line); } } public void WriteError(Exception ex) { Trace.Error("WRITE ERROR (exception):"); Trace.Error(ex); if (!Silent) { Console.Error.WriteLine(ex.Message); } } // Do not add a format string overload. Terminal messages are user facing and therefore // should be localized. Use the Loc method in the StringUtil class. public void WriteError(string line) { Trace.Error($"WRITE ERROR: {line}"); if (!Silent) { Console.Error.WriteLine(line); } } private void Dispose(bool disposing) { if (disposing) { Console.CancelKeyPress -= Console_CancelKeyPress; } } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/ThrottlingReportHandler.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Net.Http; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common.Internal; namespace Microsoft.VisualStudio.Services.Agent { public class ThrottlingEventArgs : EventArgs { public ThrottlingEventArgs(TimeSpan delay, DateTime expiration) { Delay = delay; Expiration = expiration; } public TimeSpan Delay { get; private set; } public DateTime Expiration { get; private set; } } public interface IThrottlingReporter { void ReportThrottling(TimeSpan delay, DateTime expiration); } public class ThrottlingReportHandler : DelegatingHandler { private IThrottlingReporter _throttlingReporter; public ThrottlingReportHandler(IThrottlingReporter throttlingReporter) : base() { ArgUtil.NotNull(throttlingReporter, nameof(throttlingReporter)); _throttlingReporter = throttlingReporter; } protected async override Task SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { // Call the inner handler. var response = await base.SendAsync(request, cancellationToken).ConfigureAwait(false); // Inspect whether response has throttling information IEnumerable vssRequestDelayed = null; IEnumerable vssRequestQuotaReset = null; if (response.Headers.TryGetValues(HttpHeaders.VssRateLimitDelay, out vssRequestDelayed) && response.Headers.TryGetValues(HttpHeaders.VssRateLimitReset, out vssRequestQuotaReset) && !string.IsNullOrEmpty(vssRequestDelayed.FirstOrDefault()) && !string.IsNullOrEmpty(vssRequestQuotaReset.FirstOrDefault())) { TimeSpan delay = TimeSpan.FromSeconds(double.Parse(vssRequestDelayed.First())); int expirationEpoch = int.Parse(vssRequestQuotaReset.First()); DateTime expiration = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(expirationEpoch); _throttlingReporter.ReportThrottling(delay, expiration); } return response; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/TraceManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Concurrent; using System.Diagnostics; using Agent.Sdk.SecretMasking; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(TraceManager))] public interface ITraceManager : IAgentService, IDisposable { SourceSwitch Switch { get; } Tracing this[string name] { get; } void SetEnhancedLoggingEnabled(bool enabled); } public sealed class TraceManager : AgentService, ITraceManager { private readonly ConcurrentDictionary _sources = new(StringComparer.OrdinalIgnoreCase); private readonly HostTraceListener _hostTraceListener; private readonly TraceSetting _traceSetting; private readonly ILoggedSecretMasker _secretMasker; private readonly IKnobValueContext _knobValueContext; private readonly ICorrelationContextManager _correlationContextManager; // Enhanced logging state (affects new and existing trace sources) private volatile bool _enhancedLoggingEnabled; private readonly object _switchLock = new(); public TraceManager(HostTraceListener traceListener, ILoggedSecretMasker secretMasker, IKnobValueContext knobValueContext) : this(traceListener, new TraceSetting(HostType.Undefined, knobValueContext), secretMasker, knobValueContext) { } public TraceManager(HostTraceListener traceListener, ILoggedSecretMasker secretMasker, IKnobValueContext knobValueContext, HostType hostType) : this(traceListener, new TraceSetting(hostType, knobValueContext), secretMasker, knobValueContext) { } public TraceManager(HostTraceListener traceListener, TraceSetting traceSetting, ILoggedSecretMasker secretMasker, IKnobValueContext knobValueContext) { ArgUtil.NotNull(traceListener, nameof(traceListener)); ArgUtil.NotNull(traceSetting, nameof(traceSetting)); ArgUtil.NotNull(secretMasker, nameof(secretMasker)); ArgUtil.NotNull(knobValueContext, nameof(knobValueContext)); _hostTraceListener = traceListener; _traceSetting = traceSetting; _secretMasker = secretMasker; _knobValueContext = knobValueContext; // Get correlation context manager from HostContext if (knobValueContext is IHostContext hostContext) { _correlationContextManager = hostContext.CorrelationContextManager; // Initialize from knob (which may be set via environment at process start) // Only check knob if we have IHostContext _enhancedLoggingEnabled = AgentKnobs.UseEnhancedLogging.GetValue(_knobValueContext).AsBoolean(); } else { // Log warning and use no-op implementation for backward compatibility // Enhanced logging correlation will be unavailable but won't break agent System.Diagnostics.Trace.WriteLine("Warning: knobValueContext is not IHostContext. Enhanced logging correlation will be unavailable."); _correlationContextManager = new NoOpCorrelationContextManager(); _enhancedLoggingEnabled = false; // Disable enhanced logging when context is not available } Switch = new SourceSwitch("VSTSAgentSwitch") { Level = _traceSetting.DefaultTraceLevel.ToSourceLevels() }; } public SourceSwitch Switch { get; private set; } public Tracing this[string name] => (Tracing)_sources.GetOrAdd(name, CreateTracingProxy); /// /// Toggle enhanced logging across all existing sources if state changed. /// public void SetEnhancedLoggingEnabled(bool enabled) { lock (_switchLock) { if (_enhancedLoggingEnabled == enabled) { return; // no-op } _enhancedLoggingEnabled = enabled; SwitchExistingTraceSources(enabled); } } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } private void Dispose(bool disposing) { if (!disposing) { return; } foreach (var traceSource in _sources.Values) { var oldInner = traceSource.ExchangeInner(null); oldInner?.Dispose(); traceSource.Dispose(); } _sources.Clear(); // Dispose the HostTraceListener to prevent "Bad file descriptor" errors on POSIX systems _hostTraceListener?.Dispose(); // Dispose correlation context manager to clean up AsyncLocal resources _correlationContextManager?.Dispose(); } private ITracingProxy CreateTracingProxy(string name) { var sourceSwitch = GetSourceSwitch(name); var proxy = new TracingProxy(name, _secretMasker, sourceSwitch, _hostTraceListener); var inner = CreateInnerTracing(name, sourceSwitch, _enhancedLoggingEnabled); proxy.ExchangeInner(inner); return proxy; } private Tracing CreateInnerTracing(string name, SourceSwitch sourceSwitch, bool enhanced) { return enhanced ? new EnhancedTracing(name, _secretMasker, _correlationContextManager, sourceSwitch, _hostTraceListener) : new Tracing(name, _secretMasker, sourceSwitch, _hostTraceListener); } private SourceSwitch GetSourceSwitch(string name) { if (_traceSetting.DetailTraceSetting.TryGetValue(name, out TraceLevel sourceTraceLevel)) { return new SourceSwitch("VSTSAgentSubSwitch") { Level = sourceTraceLevel.ToSourceLevels() }; } return Switch; } /// /// Switches existing trace sources to match the specified enhanced logging state. /// private void SwitchExistingTraceSources(bool shouldUseEnhanced) { foreach (var kvp in _sources) { var name = kvp.Key; var proxy = kvp.Value; var sourceSwitch = GetSourceSwitch(name); proxy.ReplaceInner(() => CreateInnerTracing(name, sourceSwitch, shouldUseEnhanced)); } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/TraceSetting.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Diagnostics; using System.Runtime.Serialization; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent { [DataContract] public class TraceSetting { private static UtilKnobValueContext _knobContext = UtilKnobValueContext.Instance(); public TraceSetting(HostType hostType, IKnobValueContext knobContext = null) { if (hostType == HostType.Agent) { DefaultTraceLevel = TraceLevel.Verbose; return; } DefaultTraceLevel = TraceLevel.Info; #if DEBUG DefaultTraceLevel = TraceLevel.Verbose; #endif if (hostType == HostType.Worker) { var contextToUse = knobContext ?? _knobContext; try { bool vstsAgentTrace = AgentKnobs.TraceVerbose.GetValue(contextToUse).AsBoolean(); if (vstsAgentTrace) { DefaultTraceLevel = TraceLevel.Verbose; } } catch (NotSupportedException) { // Some knob sources (like RuntimeKnobSource) aren't supported by all contexts // (e.g., UtilKnobValueContext). In that case, ignore and fall back to defaults. } } } [DataMember(EmitDefaultValue = false)] public TraceLevel DefaultTraceLevel { get; set; } public Dictionary DetailTraceSetting { get { if (m_detailTraceSetting == null) { m_detailTraceSetting = new Dictionary(StringComparer.OrdinalIgnoreCase); } return m_detailTraceSetting; } } [DataMember(EmitDefaultValue = false, Name = "DetailTraceSetting")] private Dictionary m_detailTraceSetting; } [DataContract] public enum TraceLevel { [EnumMember] Off = 0, [EnumMember] Critical = 1, [EnumMember] Error = 2, [EnumMember] Warning = 3, [EnumMember] Info = 4, [EnumMember] Verbose = 5, } public static class TraceLevelExtensions { public static SourceLevels ToSourceLevels(this TraceLevel traceLevel) { switch (traceLevel) { case TraceLevel.Off: return SourceLevels.Off; case TraceLevel.Critical: return SourceLevels.Critical; case TraceLevel.Error: return SourceLevels.Error; case TraceLevel.Warning: return SourceLevels.Warning; case TraceLevel.Info: return SourceLevels.Information; case TraceLevel.Verbose: return SourceLevels.Verbose; default: return SourceLevels.Information; } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Tracing.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using Newtonsoft.Json; using System; using System.Diagnostics; using System.Runtime.CompilerServices; using Agent.Sdk; using Agent.Sdk.SecretMasking; namespace Microsoft.VisualStudio.Services.Agent { public class Tracing : ITraceWriter, IDisposable { private readonly ILoggedSecretMasker _secretMasker; private readonly TraceSource _traceSource; public Tracing(string name, ILoggedSecretMasker secretMasker, SourceSwitch sourceSwitch, HostTraceListener traceListener) { ArgUtil.NotNull(secretMasker, nameof(secretMasker)); _secretMasker = secretMasker; _traceSource = new TraceSource(name); _traceSource.Switch = sourceSwitch; // Remove the default trace listener. if (_traceSource.Listeners.Count > 0 && _traceSource.Listeners[0] is DefaultTraceListener) { _traceSource.Listeners.RemoveAt(0); } _traceSource.Listeners.Add(traceListener); } public virtual void Info(string message, [CallerMemberName] string operation = "") { Trace(TraceEventType.Information, message); } public virtual void Info(object item, [CallerMemberName] string operation = "") { string json = JsonConvert.SerializeObject(item, Formatting.Indented); Trace(TraceEventType.Information, json); } #pragma warning disable CA1716 // Identifiers should not match keywords - maintaining compatibility public virtual void Error(Exception exception, [CallerMemberName] string operation = "") { ArgUtil.NotNull(exception, nameof(exception)); Trace(TraceEventType.Error, exception.ToString()); } // Do not remove the non-format overload. public virtual void Error(string message, [CallerMemberName] string operation = "") { Trace(TraceEventType.Error, message); } // Do not remove the non-format overload. public virtual void Warning(string message, [CallerMemberName] string operation = "") { Trace(TraceEventType.Warning, message); } // Do not remove the non-format overload. public virtual void Verbose(string message, [CallerMemberName] string operation = "") { Trace(TraceEventType.Verbose, message); } public virtual void Verbose(object item, [CallerMemberName] string operation = "") { string json = item?.ToString() ?? "null"; Trace(TraceEventType.Verbose, json); } public virtual void Entering([CallerMemberName] string name = "") { Trace(TraceEventType.Verbose, $"Entering {name}"); } public virtual void Leaving([CallerMemberName] string name = "") { Trace(TraceEventType.Verbose, $"Leaving {name}"); } public virtual IDisposable EnteringWithDuration([CallerMemberName] string name = "") { Entering(name); return null; } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } protected virtual void Trace(TraceEventType eventType, string message) { ArgUtil.NotNull(_traceSource, nameof(_traceSource)); _traceSource.TraceEvent( eventType: eventType, id: 0, message: _secretMasker.MaskSecrets(message) ); } protected virtual void Dispose(bool disposing) { if (disposing) { // Important: do not close the TraceSource here because it will close // the shared HostTraceListener used across the entire process. // Closing the shared listener from one Tracing instance would stop all logging. _traceSource.Flush(); } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/TracingProxy.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Diagnostics; using System.Runtime.CompilerServices; using Agent.Sdk.SecretMasking; namespace Microsoft.VisualStudio.Services.Agent { // A stable Tracing handle that forwards to a swappable inner Tracing implementation. // This lets callers keep their Tracing reference while TraceManager switches // between standard and enhanced tracing at runtime. public sealed class TracingProxy : Tracing, ITracingProxy { private volatile Tracing _inner; private readonly object _swapLock = new object(); public TracingProxy(string name, ILoggedSecretMasker secretMasker, SourceSwitch sourceSwitch, HostTraceListener traceListener) : base(name, secretMasker, sourceSwitch, traceListener) { } // Create and swap inner using a factory, ensuring proper disposal on all paths. public void ReplaceInner(Func factory) { if (factory == null) throw new ArgumentNullException(nameof(factory)); Tracing newInner = null; Tracing oldInner = null; try { newInner = factory(); oldInner = ExchangeInner(newInner); // Ownership transferred to proxy newInner = null; } finally { newInner?.Dispose(); } oldInner?.Dispose(); } // Swap the inner implementation and return the previous one for disposal by the caller. public Tracing ExchangeInner(Tracing newInner) { lock (_swapLock) { var prev = _inner; _inner = newInner; return prev; } } // Override all public logging methods to forward to the current inner implementation // so that enhanced formatting (or standard) is applied consistently. public override void Info(string message, [CallerMemberName] string operation = "") { var inner = _inner; if (inner is null) { return; } inner.Info(message, operation); } public override void Info(object item, [CallerMemberName] string operation = "") { var inner = _inner; if (inner is null) { return; } inner.Info(item, operation); } public override void Error(Exception exception, [CallerMemberName] string operation = "") { var inner = _inner; if (inner is null) { return; } inner.Error(exception, operation); } public override void Error(string message, [CallerMemberName] string operation = "") { var inner = _inner; if (inner is null) { return; } inner.Error(message, operation); } public override void Warning(string message, [CallerMemberName] string operation = "") { var inner = _inner; if (inner is null) { return; } inner.Warning(message, operation); } public override void Verbose(string message, [CallerMemberName] string operation = "") { var inner = _inner; if (inner is null) { return; } inner.Verbose(message, operation); } public override void Verbose(object item, [CallerMemberName] string operation = "") { var inner = _inner; if (inner is null) { return; } inner.Verbose(item, operation); } public override void Entering([CallerMemberName] string name = "") { var inner = _inner; if (inner is null) { return; } inner.Entering(name); } public override void Leaving([CallerMemberName] string name = "") { var inner = _inner; if (inner is null) { return; } inner.Leaving(name); } public override IDisposable EnteringWithDuration([CallerMemberName] string name = "") { var inner = _inner; if (inner is null) { return new NoOpDisposable(); } return inner.EnteringWithDuration(name); } protected override void Dispose(bool disposing) { // Do not dispose the inner here; TraceManager owns inner lifetimes. base.Dispose(disposing); } } internal sealed class NoOpDisposable : IDisposable { public void Dispose() { } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Util/EnumUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Util { using System; public static class EnumUtil { public static T? TryParse(string value) where T : struct { T val; if (Enum.TryParse(value ?? string.Empty, ignoreCase: true, result: out val)) { return val; } return null; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Util/PlanUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Globalization; using System.Net.Http; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using System.Net.Http.Headers; using System.Runtime.InteropServices; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class PlanUtil { public static PlanFeatures GetFeatures(TaskOrchestrationPlanReference plan) { ArgUtil.NotNull(plan, nameof(plan)); PlanFeatures features = PlanFeatures.None; if (plan.Version >= 8) { features |= PlanFeatures.JobCompletedPlanEvent; } return features; } } [Flags] public enum PlanFeatures { None = 0, JobCompletedPlanEvent = 1, } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Util/PowerShellExeUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.Win32; using System; using System.Collections.Generic; using System.Globalization; using System.IO; using System.Linq; using System.Runtime.Versioning; namespace Microsoft.VisualStudio.Services.Agent.Util { [ServiceLocator(Default = typeof(PowerShellExeUtil))] [SupportedOSPlatform("windows")] public interface IPowerShellExeUtil : IAgentService { string GetPath(); } [SupportedOSPlatform("windows")] public sealed class PowerShellExeUtil : AgentService, IPowerShellExeUtil { private static readonly Version MinimumVersion = new Version(3, 0); public string GetPath() { Trace.Entering(); var infos = new List(); // Get all generation subkeys. string[] generations; using (RegistryKey powerShellKey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\PowerShell")) { generations = (powerShellKey?.GetSubKeyNames() ?? new string[0]) // Filter out non-integers. .Where(x => { Trace.Verbose($"Candidate generation: '{x}'"); int generationInt; return int.TryParse(x, NumberStyles.None, NumberFormatInfo.InvariantInfo, out generationInt); }) .ToArray(); } foreach (string generation in generations) { // Create a new generation info data class. Trace.Info($"Generation: '{generation}'"); var info = new PowerShellInfo(); // Get the engine version. string versionString = GetHklmValue($@"SOFTWARE\Microsoft\PowerShell\{generation}\PowerShellEngine", "PowerShellVersion") as string; if (string.IsNullOrEmpty(versionString) || !Version.TryParse(versionString, out info.Version)) { Trace.Info("Unable to determine the Powershell engine version. Possibly Powershell is not installed."); continue; } // Check the minimum version. if (info.Version < MinimumVersion) { Trace.Info("Unsupported version. Skipping."); continue; } // Get the console host directory. string applicationBase = GetHklmValue($@"SOFTWARE\Microsoft\PowerShell\{generation}\PowerShellEngine", "ApplicationBase") as string; if (string.IsNullOrEmpty(applicationBase)) { Trace.Warning("Unable to locate application base. Skipping."); continue; } // Check the file path. info.Path = Path.Combine(applicationBase, "powershell.exe"); if (!File.Exists(info.Path)) { Trace.Warning($"Console host does not exist at expected location: '{info.Path}'"); continue; } ArgUtil.NotNullOrEmpty(info.Path, nameof(info.Path)); ArgUtil.NotNull(info.Version, nameof(info.Version)); infos.Add(info); } // Throw if not found. PowerShellInfo latest = infos.OrderByDescending(x => x.Version).FirstOrDefault(); if (latest == null) { throw new InvalidOperationException(StringUtil.Loc("PowerShellNotInstalledMinVersion0", MinimumVersion)); } return latest.Path; } private object GetHklmValue(string keyName, string valueName) { keyName = $@"HKEY_LOCAL_MACHINE\{keyName}"; object value = Registry.GetValue(keyName, valueName, defaultValue: null); if (object.ReferenceEquals(value, null)) { Trace.Info($"Key name '{keyName}', value name '{valueName}' is null."); return null; } Trace.Info($"Key name '{keyName}', value name '{valueName}': '{value}'"); return value; } private sealed class PowerShellInfo { public string Path; public Version Version; // This is a field so it can be passed as an out param to TryParse. } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Util/ServerUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Util { public class DeploymentTypeNotDeterminedException : Exception { public DeploymentTypeNotDeterminedException() { } public DeploymentTypeNotDeterminedException(string message) : base(message) { } public DeploymentTypeNotDeterminedException(string message, Exception inner) : base(message, inner) { } } public class DeploymentTypeNotRecognizedException : Exception { public DeploymentTypeNotRecognizedException() { } public DeploymentTypeNotRecognizedException(string message) : base(message) { } public DeploymentTypeNotRecognizedException(string message, Exception inner) : base(message, inner) { } } public class ServerUtil { private DeploymentFlags _deploymentType; private Tracing _trace; public ServerUtil(Tracing trace = null) { _trace = trace; } /// /// Returns true if server deployment type is Hosted. /// An exception will be thrown if the type was not determined before. /// public bool IsDeploymentTypeHostedIfDetermined() { switch (_deploymentType) { case DeploymentFlags.Hosted: return true; case DeploymentFlags.OnPremises: return false; case DeploymentFlags.None: throw new DeploymentTypeNotDeterminedException($"Deployment type has not been determined."); default: throw new DeploymentTypeNotRecognizedException($"Unable to recognize deployment type: '{_deploymentType}'"); } } /// /// Returns true if server deployment type was determined; otherwise, returns false and makes IsHosted equals to false. /// Makes IsHosted equals to true if server deployment type was determined as Hosted; otherwise, makes IsHosted equals to false. /// public bool TryGetDeploymentType(out bool IsHosted) { try { IsHosted = IsDeploymentTypeHostedIfDetermined(); return true; } catch (DeploymentTypeNotDeterminedException) { IsHosted = false; return false; } } /// /// Determine server deployment type based on connection data (Hosted/OnPremises) if it has not been determined yet. /// public async Task DetermineDeploymentType(string serverUrl, VssCredentials credentials, ILocationServer locationServer, bool skipServerCertificateValidation = false) { // Check if deployment type has not been determined yet if (_deploymentType == DeploymentFlags.None) { // Determine the service deployment type based on connection data. (Hosted/OnPremises) var connectionData = await GetConnectionData(serverUrl, credentials, locationServer, skipServerCertificateValidation); _deploymentType = connectionData.DeploymentType; } } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "locationServer")] private async Task GetConnectionData(string serverUrl, VssCredentials credentials, ILocationServer locationServer, bool skipServerCertificateValidation) { VssConnection connection = VssUtil.CreateConnection(new Uri(serverUrl), credentials, trace: _trace, skipServerCertificateValidation); await locationServer.ConnectAsync(connection); return await locationServer.GetConnectionDataAsync(); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Util/TaskResultUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class TaskResultUtil { private static readonly int _returnCodeOffset = 100; public static bool IsValidReturnCode(int returnCode) { int resultInt = returnCode - _returnCodeOffset; return Enum.IsDefined(typeof(TaskResult), resultInt); } public static int TranslateToReturnCode(TaskResult result) { return _returnCodeOffset + (int)result; } public static TaskResult TranslateFromReturnCode(int returnCode) { int resultInt = returnCode - _returnCodeOffset; if (Enum.IsDefined(typeof(TaskResult), resultInt)) { return (TaskResult)resultInt; } else { return TaskResult.Failed; } } // Merge 2 TaskResults get the worst result. // Succeeded -> SucceededWithIssues -> Failed/Canceled/Skipped/Abandoned // SucceededWithIssues -> Failed/Canceled/Skipped/Abandoned // Failed -> Failed/Canceled // Canceled -> Canceled // Skipped -> Skipped // Abandoned -> Abandoned public static TaskResult MergeTaskResults(TaskResult? currentResult, TaskResult comingResult) { if (currentResult == null) { return comingResult; } // current result is Canceled/Skip/Abandoned if (currentResult > TaskResult.Failed) { return currentResult.Value; } // comming result is bad than current result if (comingResult >= currentResult) { return comingResult; } return currentResult.Value; } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Util/UnixUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent.Util { [ServiceLocator(Default = typeof(UnixUtil))] public interface IUnixUtil : IAgentService { Task ExecAsync(string workingDirectory, string toolName, string argLine); Task ChmodAsync(string mode, string file); Task ChownAsync(string owner, string group, string file); } public sealed class UnixUtil : AgentService, IUnixUtil { private ITerminal _term; public override void Initialize(IHostContext hostContext) { base.Initialize(hostContext); _term = hostContext.GetService(); } public async Task ChmodAsync(string mode, string file) { Trace.Entering(); await ExecAsync(HostContext.GetDirectory(WellKnownDirectory.Root), "chmod", $"{mode} \"{file}\""); } public async Task ChownAsync(string owner, string group, string file) { Trace.Entering(); await ExecAsync(HostContext.GetDirectory(WellKnownDirectory.Root), "chown", $"{owner}:{group} \"{file}\""); } public async Task ExecAsync(string workingDirectory, string toolName, string argLine) { Trace.Entering(); string toolPath = WhichUtil.Which(toolName, trace: Trace); Trace.Info($"Running {toolPath} {argLine}"); var processInvoker = HostContext.CreateService(); processInvoker.OutputDataReceived += OnOutputDataReceived; processInvoker.ErrorDataReceived += OnErrorDataReceived; try { using (var cs = new CancellationTokenSource(TimeSpan.FromSeconds(45))) { await processInvoker.ExecuteAsync(workingDirectory, toolPath, argLine, null, true, cs.Token); } } finally { processInvoker.OutputDataReceived -= OnOutputDataReceived; processInvoker.ErrorDataReceived -= OnErrorDataReceived; } } private void OnOutputDataReceived(object sender, ProcessDataReceivedEventArgs e) { if (!string.IsNullOrEmpty(e.Data)) { _term.WriteLine(e.Data); } } private void OnErrorDataReceived(object sender, ProcessDataReceivedEventArgs e) { if (!string.IsNullOrEmpty(e.Data)) { _term.WriteLine(e.Data); } } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/Util/VarUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using System; using System.Collections; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using Microsoft.VisualStudio.Services.WebApi; using Newtonsoft.Json.Linq; using System.IO; namespace Microsoft.VisualStudio.Services.Agent.Util { public static class VarUtil { public static StringComparer EnvironmentVariableKeyComparer { get { if (PlatformUtil.RunningOnWindows) { return StringComparer.OrdinalIgnoreCase; } return StringComparer.Ordinal; } } public static string OS { get { switch (PlatformUtil.HostOS) { case PlatformUtil.OS.Linux: return "Linux"; case PlatformUtil.OS.OSX: return "Darwin"; case PlatformUtil.OS.Windows: return Environment.GetEnvironmentVariable("OS"); default: throw new NotSupportedException(); // Should never reach here. } } } public static string OSArchitecture { get { switch (PlatformUtil.HostArchitecture) { case Architecture.X86: return "X86"; case Architecture.X64: return "X64"; case Architecture.Arm: return "ARM"; case Architecture.Arm64: return "ARM64"; default: throw new NotSupportedException(); // Should never reach here. } } } /// /// Returns value in environment variables format. /// Example: env.var -> ENV_VAR /// /// /// /// public static string ConvertToEnvVariableFormat(string value, bool preserveCase) { string envVar = value?.Replace('.', '_').Replace(' ', '_') ?? string.Empty; return preserveCase ? envVar : envVar.ToUpperInvariant(); } public static JToken ExpandEnvironmentVariables(IHostContext context, JToken target) { var mapFuncs = new Dictionary> { { JTokenType.String, (t)=> { var token = new Dictionary() { { "token", t.ToString() } }; ExpandEnvironmentVariables(context, token); return token["token"]; } } }; return target.Map(mapFuncs); } public static void ExpandEnvironmentVariables(IHostContext context, IDictionary target) { ArgUtil.NotNull(context, nameof(context)); Tracing trace = context.GetTrace(nameof(VarUtil)); trace.Entering(); // Copy the environment variables into a dictionary that uses the correct comparer. var source = new Dictionary(EnvironmentVariableKeyComparer); IDictionary environment = Environment.GetEnvironmentVariables(); foreach (DictionaryEntry entry in environment) { string key = entry.Key as string ?? string.Empty; string val = entry.Value as string ?? string.Empty; source[key] = val; } // Expand the target values. ExpandValues(context, source, target); } public static JToken ExpandValues(IHostContext context, IDictionary source, JToken target) { var mapFuncs = new Dictionary> { { JTokenType.String, (t)=> { var token = new Dictionary() { { "token", t.ToString() } }; ExpandValues(context, source, token); return token["token"]; } } }; return target.Map(mapFuncs); } public static void ExpandValues(IHostContext context, IDictionary source, IDictionary target, bool enableVariableInputTrimming = false) { ArgUtil.NotNull(context, nameof(context)); ArgUtil.NotNull(source, nameof(source)); Tracing trace = context.GetTrace(nameof(VarUtil)); trace.Entering(); target = target ?? new Dictionary(); // This algorithm does not perform recursive replacement. // Process each key in the target dictionary. foreach (string targetKey in target.Keys.ToArray()) { trace.Verbose($"Processing expansion for: '{targetKey}'"); int startIndex = 0; int prefixIndex; int suffixIndex; string targetValue = target[targetKey] ?? string.Empty; // Find the next macro within the target value. while (startIndex < targetValue.Length && (prefixIndex = targetValue.IndexOf(Constants.Variables.MacroPrefix, startIndex, StringComparison.Ordinal)) >= 0 && (suffixIndex = targetValue.IndexOf(Constants.Variables.MacroSuffix, prefixIndex + Constants.Variables.MacroPrefix.Length, StringComparison.Ordinal)) >= 0) { // A candidate was found. string variableKey = targetValue.Substring( startIndex: prefixIndex + Constants.Variables.MacroPrefix.Length, length: suffixIndex - prefixIndex - Constants.Variables.MacroPrefix.Length); trace.Verbose($"Found macro candidate: '{variableKey}'"); string variableValue; if (!string.IsNullOrEmpty(variableKey) && TryGetValue(trace, source, variableKey, out variableValue)) { // A matching variable was found. // Update the target value. trace.Verbose("Macro found."); targetValue = string.Concat( targetValue.Substring(0, prefixIndex), variableValue ?? string.Empty, targetValue.Substring(suffixIndex + Constants.Variables.MacroSuffix.Length)); targetValue = enableVariableInputTrimming ? targetValue?.Trim() ?? string.Empty : targetValue ?? string.Empty; // Bump the start index to prevent recursive replacement. startIndex = prefixIndex + (variableValue ?? string.Empty).Length; } else { // A matching variable was not found. trace.Verbose("Macro not found."); startIndex = prefixIndex + 1; } } target[targetKey] = targetValue ?? string.Empty; } } private static bool TryGetValue(Tracing trace, IDictionary source, string name, out string val) { if (source.TryGetValue(name, out val)) { val = val ?? string.Empty; trace.Verbose($"Get '{name}': '{val}'"); return true; } val = null; trace.Verbose($"Get '{name}' (not found)"); return false; } public static string GetTfDirectoryPath(IKnobValueContext context) { var (useLatest, useLegacy, externalsPath) = GetKnobsAndExternalsPath(context); return useLatest ? Path.Combine(externalsPath, Constants.Path.TfLatestDirectory) : useLegacy ? Path.Combine(externalsPath, Constants.Path.TfLegacyDirectory) : Path.Combine(externalsPath, Constants.Path.ServerOMDirectory); } public static string GetLegacyPowerShellHostDirectoryPath(IKnobValueContext context) { var (useLatest, useLegacy, externalsPath) = GetKnobsAndExternalsPath(context); return !useLatest && useLegacy ? Path.Combine(externalsPath, Constants.Path.LegacyPSHostLegacyDirectory) : Path.Combine(externalsPath, Constants.Path.LegacyPSHostDirectory); } private static (bool useLatest, bool useLegacy, string externalsPath) GetKnobsAndExternalsPath(IKnobValueContext context) { ArgUtil.NotNull(context, nameof(context)); bool useLatest = AgentKnobs.UseLatestTfExe.GetValue(context).AsBoolean(); bool useLegacy = AgentKnobs.InstallLegacyTfExe.GetValue(context).AsBoolean(); string agentHomeDirectory = context.GetVariableValueOrDefault(Constants.Variables.Agent.HomeDirectory); string externalsPath = Path.Combine(agentHomeDirectory, Constants.Path.ExternalsDirectory); return (useLatest, useLegacy, externalsPath); } } } ================================================ FILE: src/Microsoft.VisualStudio.Services.Agent/VstsAgentWebProxy.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Linq; using System.Net; using System.IO; using System.Collections.Generic; using System.Text.RegularExpressions; using Agent.Sdk; using Agent.Sdk.Knob; using Agent.Sdk.Util; namespace Microsoft.VisualStudio.Services.Agent { [ServiceLocator(Default = typeof(VstsAgentWebProxy))] public interface IVstsAgentWebProxy : IAgentService { string ProxyAddress { get; } string ProxyUsername { get; } string ProxyPassword { get; } bool UseBasicAuthForProxy { get; } List ProxyBypassList { get; } IWebProxy WebProxy { get; } void SetupProxy(string proxyAddress, string proxyUsername, string proxyPassword); void SetupProxy(string proxyAddress, string proxyUsername, string proxyPassword, bool useBasicAuthForProxy); void SaveProxySetting(); void LoadProxyBypassList(); void DeleteProxySetting(); } public class VstsAgentWebProxy : AgentService, IVstsAgentWebProxy { private readonly List _bypassList = new List(); private AgentWebProxy _agentWebProxy = new AgentWebProxy(); public string ProxyAddress { get; private set; } public string ProxyUsername { get; private set; } public string ProxyPassword { get; private set; } public bool UseBasicAuthForProxy { get; private set; } public List ProxyBypassList => _bypassList; public IWebProxy WebProxy => _agentWebProxy; public override void Initialize(IHostContext context) { base.Initialize(context); LoadProxySetting(); } // This should only be called from config public void SetupProxy(string proxyAddress, string proxyUsername, string proxyPassword) { SetupProxy(proxyAddress, proxyUsername, proxyPassword, false); } // This should only be called from config public void SetupProxy(string proxyAddress, string proxyUsername, string proxyPassword, bool useBasicAuthForProxy) { ArgUtil.NotNullOrEmpty(proxyAddress, nameof(proxyAddress)); Trace.Info($"Update proxy setting from '{ProxyAddress ?? string.Empty}' to '{proxyAddress}'"); ProxyAddress = proxyAddress; ProxyUsername = proxyUsername; ProxyPassword = proxyPassword; UseBasicAuthForProxy = useBasicAuthForProxy; if (string.IsNullOrEmpty(ProxyUsername) || string.IsNullOrEmpty(ProxyPassword)) { Trace.Info($"Config proxy use DefaultNetworkCredentials."); } else { Trace.Info($"Config authentication proxy as: {ProxyUsername}."); } if (useBasicAuthForProxy) { Trace.Info("Config proxy to use Basic authentication from command line."); } // Ensure proxy bypass list is loaded during the agent config LoadProxyBypassList(); _agentWebProxy.Update(ProxyAddress, ProxyUsername, ProxyPassword, ProxyBypassList, useBasicAuthForProxy); } // This should only be called from config public void SaveProxySetting() { if (!string.IsNullOrEmpty(ProxyAddress)) { string proxyConfigFile = HostContext.GetConfigFile(WellKnownConfigFile.Proxy); IOUtil.DeleteFile(proxyConfigFile); Trace.Info($"Store proxy configuration to '{proxyConfigFile}' for proxy '{ProxyAddress}'"); // Store proxy address and basic auth flag in the same file var proxyContent = ProxyAddress; if (UseBasicAuthForProxy) { proxyContent += Environment.NewLine + "basicauth=true"; } File.WriteAllText(proxyConfigFile, proxyContent); File.SetAttributes(proxyConfigFile, File.GetAttributes(proxyConfigFile) | FileAttributes.Hidden); string proxyCredFile = HostContext.GetConfigFile(WellKnownConfigFile.ProxyCredentials); IOUtil.DeleteFile(proxyCredFile); if (!string.IsNullOrEmpty(ProxyUsername) && !string.IsNullOrEmpty(ProxyPassword)) { string lookupKey = Guid.NewGuid().ToString("D").ToUpperInvariant(); Trace.Info($"Store proxy credential lookup key '{lookupKey}' to '{proxyCredFile}'"); File.WriteAllText(proxyCredFile, lookupKey); File.SetAttributes(proxyCredFile, File.GetAttributes(proxyCredFile) | FileAttributes.Hidden); var credStore = HostContext.GetService(); credStore.Write($"VSTS_AGENT_PROXY_{lookupKey}", ProxyUsername, ProxyPassword); } } else { Trace.Info("No proxy configuration exist."); } } // This should only be called from unconfig public void DeleteProxySetting() { string proxyCredFile = HostContext.GetConfigFile(WellKnownConfigFile.ProxyCredentials); if (File.Exists(proxyCredFile)) { Trace.Info("Delete proxy credential from credential store."); string lookupKey = File.ReadAllLines(proxyCredFile).FirstOrDefault(); if (!string.IsNullOrEmpty(lookupKey)) { var credStore = HostContext.GetService(); credStore.Delete($"VSTS_AGENT_PROXY_{lookupKey}"); } Trace.Info($"Delete .proxycredentials file: {proxyCredFile}"); IOUtil.DeleteFile(proxyCredFile); } string proxyBypassFile = HostContext.GetConfigFile(WellKnownConfigFile.ProxyBypass); if (File.Exists(proxyBypassFile)) { Trace.Info($"Delete .proxybypass file: {proxyBypassFile}"); IOUtil.DeleteFile(proxyBypassFile); } string proxyConfigFile = HostContext.GetConfigFile(WellKnownConfigFile.Proxy); Trace.Info($"Delete .proxy file: {proxyConfigFile}"); IOUtil.DeleteFile(proxyConfigFile); } public void LoadProxyBypassList() { string proxyBypassFile = HostContext.GetConfigFile(WellKnownConfigFile.ProxyBypass); if (File.Exists(proxyBypassFile)) { Trace.Verbose($"Try read proxy bypass list from file: {proxyBypassFile}."); foreach (string bypass in File.ReadAllLines(proxyBypassFile).Where(value => !string.IsNullOrWhiteSpace(value)).Select(value => value.Trim())) { Trace.Info($"Bypass proxy for: {bypass}."); ProxyBypassList.Add(bypass.Trim()); } } var proxyBypassEnv = AgentKnobs.NoProxy.GetValue(HostContext).AsString(); foreach (string bypass in proxyBypassEnv.Split(new[] { ',', ';' }).Where(value => !string.IsNullOrWhiteSpace(value)).Select(value => value.Trim())) { var saveRegexString = ProcessProxyByPassFromEnv(bypass); Trace.Info($"Bypass proxy for: {saveRegexString}."); ProxyBypassList.Add(saveRegexString); } } private void LoadProxySetting() { string proxyConfigFile = HostContext.GetConfigFile(WellKnownConfigFile.Proxy); if (File.Exists(proxyConfigFile)) { // Read all lines from the proxy config file Trace.Verbose($"Try read proxy setting from file: {proxyConfigFile}."); var lines = File.ReadAllLines(proxyConfigFile); // First line is the proxy URL ProxyAddress = lines.FirstOrDefault() ?? string.Empty; ProxyAddress = ProxyAddress.Trim(); Trace.Verbose($"{ProxyAddress}"); // Check for basic auth flag in subsequent lines UseBasicAuthForProxy = lines.Any(line => line.Trim().Equals("basicauth=true", StringComparison.OrdinalIgnoreCase)); } if (string.IsNullOrEmpty(ProxyAddress)) { ProxyAddress = AgentKnobs.ProxyAddress.GetValue(HostContext).AsString(); Trace.Verbose($"Proxy address: {ProxyAddress}"); } if (!string.IsNullOrEmpty(ProxyAddress) && !Uri.IsWellFormedUriString(ProxyAddress, UriKind.Absolute)) { Trace.Error($"The proxy url is not a well formed absolute uri string: {ProxyAddress}."); ProxyAddress = string.Empty; } if (!string.IsNullOrEmpty(ProxyAddress)) { Trace.Info($"Config proxy at: {ProxyAddress}."); string proxyCredFile = HostContext.GetConfigFile(WellKnownConfigFile.ProxyCredentials); if (File.Exists(proxyCredFile)) { string lookupKey = File.ReadAllLines(proxyCredFile).FirstOrDefault(); if (!string.IsNullOrEmpty(lookupKey)) { var credStore = HostContext.GetService(); var proxyCred = credStore.Read($"VSTS_AGENT_PROXY_{lookupKey}"); ProxyUsername = proxyCred.UserName; ProxyPassword = proxyCred.Password; } } if (string.IsNullOrEmpty(ProxyUsername)) { ProxyUsername = AgentKnobs.ProxyUsername.GetValue(HostContext).AsString(); } if (string.IsNullOrEmpty(ProxyPassword)) { ProxyPassword = AgentKnobs.ProxyPassword.GetValue(HostContext).AsString(); } // If basic auth not explicitly set from config file, check environment if (!UseBasicAuthForProxy) { UseBasicAuthForProxy = AgentKnobs.UseBasicAuthForProxy.GetValue(HostContext).AsBoolean(); } if (!string.IsNullOrEmpty(ProxyPassword)) { HostContext.SecretMasker.AddValue(ProxyPassword, WellKnownSecretAliases.ProxyPassword); } if (string.IsNullOrEmpty(ProxyUsername) || string.IsNullOrEmpty(ProxyPassword)) { Trace.Info($"Config proxy use DefaultNetworkCredentials."); } else { Trace.Info($"Config authentication proxy as: {ProxyUsername}."); } LoadProxyBypassList(); _agentWebProxy.Update(ProxyAddress, ProxyUsername, ProxyPassword, ProxyBypassList, UseBasicAuthForProxy); } else { Trace.Info($"No proxy setting found."); } } /// /// Used to escape dots in proxy bypass hosts that was recieved from no_proxy variable /// It is requred since we convert host string to the regular expression pattern and /// all the dots that are parts of domains will be interpreted as special symbol in regular expression while converting /// this leads to false positive matches while check the patterns for bepassing. /// We don't escape dots that are parts of .* wildcard. /// Also, we don't escape dots that are already prepended by escaping symbols. /// private string ProcessProxyByPassFromEnv(string bypass) { var regExp = new Regex("(? _EnvToDictionary(byte[] env) { var result = new Dictionary(StringComparer.OrdinalIgnoreCase); int len = env.Length; if (len < 4) return result; int n = len - 3; for (int i = 0; i < n; ++i) { byte c1 = env[i]; byte c2 = env[i + 1]; byte c3 = env[i + 2]; byte c4 = env[i + 3]; if (c1 == 0 && c2 == 0 && c3 == 0 && c4 == 0) { len = i + 3; break; } } char[] environmentCharArray = Encoding.Unicode.GetChars(env, 0, len); for (int i = 0; i < environmentCharArray.Length; i++) { int startIndex = i; while ((environmentCharArray[i] != '=') && (environmentCharArray[i] != '\0')) { i++; } if (environmentCharArray[i] != '\0') { if ((i - startIndex) == 0) { while (environmentCharArray[i] != '\0') { i++; } } else { string str = new string(environmentCharArray, startIndex, i - startIndex); i++; int num3 = i; while (environmentCharArray[i] != '\0') { i++; } string str2 = new string(environmentCharArray, num3, i - num3); result[str] = str2; } } } return result; } private static IntPtr ReadIntPtr32(IntPtr hProcess, IntPtr ptr) { IntPtr readPtr = IntPtr.Zero; IntPtr data = Marshal.AllocHGlobal(sizeof(Int32)); try { IntPtr res_len = IntPtr.Zero; if (!ReadProcessMemory(hProcess, ptr, data, new IntPtr(sizeof(Int32)), ref res_len)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } if (res_len.ToInt32() != sizeof(Int32)) { throw new ArgumentOutOfRangeException(nameof(ReadProcessMemory)); } readPtr = new IntPtr(Marshal.ReadInt32(data)); } finally { Marshal.FreeHGlobal(data); } return readPtr; } private static IntPtr ReadIntPtr64(IntPtr hProcess, IntPtr ptr) { IntPtr readPtr = IntPtr.Zero; IntPtr data = Marshal.AllocHGlobal(IntPtr.Size); try { IntPtr res_len = IntPtr.Zero; if (!ReadProcessMemory(hProcess, ptr, data, new IntPtr(sizeof(Int64)), ref res_len)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } if (res_len.ToInt32() != IntPtr.Size) { throw new ArgumentOutOfRangeException(nameof(ReadProcessMemory)); } readPtr = Marshal.ReadIntPtr(data); } finally { Marshal.FreeHGlobal(data); } return readPtr; } private enum PROCESSINFOCLASS : int { ProcessBasicInformation = 0 }; [StructLayout(LayoutKind.Sequential)] private struct MEMORY_BASIC_INFORMATION { public IntPtr BaseAddress; public IntPtr AllocationBase; public int AllocationProtect; public IntPtr RegionSize; public int State; public int Protect; public int Type; } [StructLayout(LayoutKind.Sequential)] private struct PROCESS_BASIC_INFORMATION64 { public long ExitStatus; public long PebBaseAddress; public long AffinityMask; public long BasePriority; public long UniqueProcessId; public long InheritedFromUniqueProcessId; }; [StructLayout(LayoutKind.Sequential)] private struct PROCESS_BASIC_INFORMATION32 { public int ExitStatus; public int PebBaseAddress; public int AffinityMask; public int BasePriority; public int UniqueProcessId; public int InheritedFromUniqueProcessId; }; [DllImport("ntdll.dll", SetLastError = true, EntryPoint = "NtQueryInformationProcess")] private static extern int NtQueryInformationProcess64(IntPtr processHandle, PROCESSINFOCLASS processInformationClass, ref PROCESS_BASIC_INFORMATION64 processInformation, int processInformationLength, ref int returnLength); [DllImport("ntdll.dll", SetLastError = true, EntryPoint = "NtQueryInformationProcess")] private static extern int NtQueryInformationProcess32(IntPtr processHandle, PROCESSINFOCLASS processInformationClass, ref PROCESS_BASIC_INFORMATION32 processInformation, int processInformationLength, ref int returnLength); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool IsWow64Process(IntPtr processHandle, out bool wow64Process); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, IntPtr dwSize, ref IntPtr lpNumberOfBytesRead); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, IntPtr dwSize, ref IntPtr lpNumberOfBytesRead); [DllImport("kernel32.dll")] private static extern int VirtualQueryEx(IntPtr processHandle, IntPtr baseAddress, ref MEMORY_BASIC_INFORMATION memoryInformation, int memoryInformationLength); } } ================================================ FILE: src/Misc/BuildConstants.ch ================================================ /////////////////////////////////////////////////////////////////////////////////////////////////// // // DO NOT CHECKIN THE GENERATED .cs version of this file // /////////////////////////////////////////////////////////////////////////////////////////////////// namespace Microsoft.VisualStudio.Services.Agent { public static class BuildConstants { public static class Source { public static readonly string CommitHash = "_COMMIT_HASH_"; } public static class AgentPackage { public static readonly string PackageName = "_PACKAGE_NAME_"; } } } ================================================ FILE: src/Misc/InstallAgentPackage.template.xml ================================================ ================================================ FILE: src/Misc/Publish.template.ps1 ================================================ $ErrorActionPreference = 'Stop' if ($pwd -notlike '*tfsgheus20') { # primary packages Add-DistributedTaskPackage -PackageType agent -Platform win-x64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//vsts-agent-win-x64-.zip -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename vsts-agent-win-x64-.zip Add-DistributedTaskPackage -PackageType agent -Platform win-x86 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//vsts-agent-win-x86-.zip -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename vsts-agent-win-x86-.zip Add-DistributedTaskPackage -PackageType agent -Platform win-arm64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//vsts-agent-win-arm64-.zip -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename vsts-agent-win-arm64-.zip Add-DistributedTaskPackage -PackageType agent -Platform osx-x64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//vsts-agent-osx-x64-.tar.gz -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename vsts-agent-osx-x64-.tar.gz Add-DistributedTaskPackage -PackageType agent -Platform linux-x64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//vsts-agent-linux-x64-.tar.gz -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename vsts-agent-linux-x64-.tar.gz Add-DistributedTaskPackage -PackageType agent -Platform linux-arm -Version -DownloadUrl https://download.agent.dev.azure.com/agent//vsts-agent-linux-arm-.tar.gz -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename vsts-agent-linux-arm-.tar.gz Add-DistributedTaskPackage -PackageType agent -Platform linux-arm64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//vsts-agent-linux-arm64-.tar.gz -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename vsts-agent-linux-arm64-.tar.gz Add-DistributedTaskPackage -PackageType agent -Platform linux-musl-x64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//vsts-agent-linux-musl-x64-.tar.gz -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename vsts-agent-linux-musl-x64-.tar.gz Add-DistributedTaskPackage -PackageType agent -Platform linux-musl-arm64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//vsts-agent-linux-musl-arm64-.tar.gz -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename vsts-agent-linux-musl-arm64-.tar.gz Add-DistributedTaskPackage -PackageType agent -Platform osx-arm64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//vsts-agent-osx-arm64-.tar.gz -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename vsts-agent-osx-arm64-.tar.gz # alternate packages Add-DistributedTaskPackage -PackageType pipelines-agent -Platform win-x64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//pipelines-agent-win-x64-.zip -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename pipelines-agent-win-x64-.zip Add-DistributedTaskPackage -PackageType pipelines-agent -Platform win-x86 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//pipelines-agent-win-x86-.zip -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename pipelines-agent-win-x86-.zip Add-DistributedTaskPackage -PackageType pipelines-agent -Platform win-arm64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//pipelines-agent-win-arm64-.zip -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename pipelines-agent-win-arm64-.zip Add-DistributedTaskPackage -PackageType pipelines-agent -Platform osx-x64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//pipelines-agent-osx-x64-.tar.gz -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename pipelines-agent-osx-x64-.tar.gz Add-DistributedTaskPackage -PackageType pipelines-agent -Platform linux-x64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//pipelines-agent-linux-x64-.tar.gz -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename pipelines-agent-linux-x64-.tar.gz Add-DistributedTaskPackage -PackageType pipelines-agent -Platform linux-arm -Version -DownloadUrl https://download.agent.dev.azure.com/agent//pipelines-agent-linux-arm-.tar.gz -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename pipelines-agent-linux-arm-.tar.gz Add-DistributedTaskPackage -PackageType pipelines-agent -Platform linux-arm64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//pipelines-agent-linux-arm64-.tar.gz -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename pipelines-agent-linux-arm64-.tar.gz Add-DistributedTaskPackage -PackageType pipelines-agent -Platform osx-arm64 -Version -DownloadUrl https://download.agent.dev.azure.com/agent//pipelines-agent-osx-arm64-.tar.gz -HashValue -InfoUrl https://go.microsoft.com/fwlink/?LinkId=798199 -Filename pipelines-agent-osx-arm64-.tar.gz } ================================================ FILE: src/Misc/UpdateAgentPackage.template.xml ================================================ ================================================ FILE: src/Misc/check-symlinks.sh ================================================ cd $(dirname $0)/../../_layout brokenSymlinks=$(find . -type l ! -exec test -e {} \; -print) if [[ $brokenSymlinks != "" ]]; then printf "Broken symlinks exist in the agent build:\n$brokenSymlinks\n" exit 1 fi echo "Broken symlinks not found in the agent build." ================================================ FILE: src/Misc/externals.sh ================================================ #!/bin/bash PACKAGERUNTIME=$1 PRECACHE=$2 LAYOUT_DIR=$3 L1_MODE=$4 INCLUDE_NODE6=${INCLUDE_NODE6:-true} INCLUDE_NODE10=${INCLUDE_NODE10:-true} INCLUDE_NODE24=${INCLUDE_NODE24:-true} CONTAINER_URL=https://vstsagenttools.blob.core.windows.net/tools NODE_URL=https://nodejs.org/dist NODE_UNOFFICIAL_URL=https://unofficial-builds.nodejs.org/download/release if [[ "$PACKAGERUNTIME" == "linux-musl-x64" ]]; then NODE_URL=https://unofficial-builds.nodejs.org/download/release INCLUDE_NODE6=false fi if [[ "$PACKAGERUNTIME" == "win-arm64" ]]; then INCLUDE_NODE6=false INCLUDE_NODE10=false; fi if [[ "$PACKAGERUNTIME" == "linux-arm" ]]; then INCLUDE_NODE24=false fi NODE_VERSION="6.17.1" NODE10_VERSION="10.24.1" NODE16_VERSION="16.20.2" NODE16_WIN_ARM64_VERSION="16.9.1" NODE20_VERSION="20.20.0" NODE24_VERSION="24.13.0" MINGIT_VERSION="2.53.0" LFS_VERSION="3.4.0" get_abs_path() { # exploits the fact that pwd will print abs path when no args echo "$(cd "$(dirname "$1")" && pwd)/$(basename "$1")" } DOWNLOAD_DIR="$(get_abs_path "$(dirname $0)/../../_downloads")/$PACKAGERUNTIME/netcore2x" if [[ "$LAYOUT_DIR" == "" ]]; then LAYOUT_DIR=$(get_abs_path "$(dirname $0)/../../_layout/$PACKAGERUNTIME") else LAYOUT_DIR=$(get_abs_path "$(dirname $0)/../../$LAYOUT_DIR") fi function failed() { local error=${1:-Undefined error} local command_identifier=$2 echo "Failed: $error" >&2 if [[ $command_identifier == 'download_node_alpine_arm64' ]]; then echo "Node for Alpine ARM64 not found in blob storage. If the version of Node (for tasks execution) has been updated, it should be built for Alpine ARM64 and uploaded to blob storage. Read documentation about the agent release for more info." fi exit 1 } function checkRC() { local rc=$? local command_identifier=$2 if [ $rc -ne 0 ]; then failed "${1} failed with return code $rc" $command_identifier fi } function acquireExternalTool() { local download_source=$1 # E.g. https://vstsagenttools.blob.core.windows.net/tools/pdbstr/1/pdbstr.zip local target_dir="$LAYOUT_DIR/externals/$2" # E.g. $LAYOUT_DIR/externals/pdbstr local fix_nested_dir=$3 # Flag that indicates whether to move nested contents up one directory. E.g. TEE-CLC-14.0.4.zip # directly contains only a nested directory TEE-CLC-14.0.4. When this flag is set, the contents # of the nested TEE-CLC-14.0.4 directory are moved up one directory, and then the empty directory # TEE-CLC-14.0.4 is removed. local dont_uncompress=$4 local tool_name=$5 # Extract the portion of the URL after the protocol. E.g. vstsagenttools.blob.core.windows.net/tools/pdbstr/1/pdbstr.zip local relative_url="${download_source#*://}" # Check if the download already exists. local download_target="$DOWNLOAD_DIR/$relative_url" local download_basename="$(basename "$download_target")" local download_dir="$(dirname "$download_target")" if [[ "$PRECACHE" != "" ]]; then if [ -f "$download_target" ]; then echo "Download exists: $download_basename" else # Delete any previous partial file. local partial_target="$DOWNLOAD_DIR/partial/$download_basename" mkdir -p "$(dirname "$partial_target")" || checkRC 'mkdir' if [ -f "$partial_target" ]; then rm "$partial_target" || checkRC 'rm' fi # Download from source to the partial file. echo "Downloading $download_source" mkdir -p "$(dirname "$download_target")" || checkRC 'mkdir' # curl -f Fail silently (no output at all) on HTTP errors (H) # -k Allow connections to SSL sites without certs (H) # -S Show error. With -s, make curl show errors when they occur # -L Follow redirects (H) # -o FILE Write to FILE instead of stdout curl --retry 10 -fkSL -o "$partial_target" "$download_source" 2>"${download_target}_download.log" || checkRC 'curl' "download_${tool_name}" # Move the partial file to the download target. mv "$partial_target" "$download_target" || checkRC 'mv' # Extract to current directory # Ensure we can extract those files # We might use them during dev.sh local extract_dir="$download_dir/$download_basename.extract" mkdir -p "$extract_dir" || checkRC 'mkdir' if [[ "$download_basename" == *.zip ]]; then # Extract the zip. echo "Testing zip" unzip "$download_target" -d "$extract_dir" > /dev/null local rc=$? if [[ $rc -ne 0 && $rc -ne 1 ]]; then failed "unzip failed with return code $rc" fi elif [[ "$download_basename" == *.tar.gz ]]; then # Extract the tar gz. echo "Testing tar gz" tar xzf "$download_target" -C "$extract_dir" > /dev/null || checkRC 'tar' fi if [[ "$download_basename" == node-v*.tar.gz ]]; then echo "Cleaning Node.js distribution extract - removing unused npm/lib" find "$extract_dir" -path "*/lib/node_modules" -type d -exec rm -rf {} + 2>/dev/null || true find "$extract_dir" \( -name "npm" -o -name "npx" -o -name "corepack" \) -not -type d -delete 2>/dev/null || true find "$extract_dir" -path "*/include" -type d -exec rm -rf {} + 2>/dev/null || true find "$extract_dir" -path "*/share" -type d -exec rm -rf {} + 2>/dev/null || true find "$extract_dir" \( -name "CHANGELOG.md" -o -name "README.md" \) -delete 2>/dev/null || true fi fi else # Extract to layout. mkdir -p "$target_dir" || checkRC 'mkdir' local nested_dir="" if [[ "$download_basename" == *.zip && "$dont_uncompress" != "dont_uncompress" ]]; then # Extract the zip. echo "Extracting zip from $download_target to $target_dir" unzip "$download_target" -d "$target_dir" > /dev/null local rc=$? if [[ $rc -ne 0 && $rc -ne 1 ]]; then failed "unzip failed with return code $rc" fi # Capture the nested directory path if the fix_nested_dir flag is set. if [[ "$fix_nested_dir" == "fix_nested_dir" ]]; then nested_dir="${download_basename%.zip}" # Remove the trailing ".zip". fi elif [[ "$download_basename" == *.tar.gz && "$dont_uncompress" != "dont_uncompress" ]]; then # Extract the tar gz. echo "Extracting tar gz from $download_target to $target_dir" tar xzf "$download_target" -C "$target_dir" > /dev/null || checkRC 'tar' # Capture the nested directory path if the fix_nested_dir flag is set. if [[ "$fix_nested_dir" == "fix_nested_dir" ]]; then nested_dir="${download_basename%.tar.gz}" # Remove the trailing ".tar.gz". fi else # Copy the file. echo "Copying from $download_target to $target_dir" cp "$download_target" "$target_dir/" || checkRC 'cp' fi # Fixup the nested directory. if [[ "$nested_dir" != "" ]]; then if [ -d "$target_dir/$nested_dir" ]; then mv "$target_dir/$nested_dir"/* "$target_dir/" || checkRC 'mv' rmdir "$target_dir/$nested_dir" || checkRC 'rmdir' fi fi fi } echo "PACKAGE RUNTIME: $PACKAGERUNTIME" if [[ "$PACKAGERUNTIME" == "win-x"* ]]; then # Download external tools for Windows. BIT="32" if [[ "$PACKAGERUNTIME" == "win-x64" ]]; then BIT="64" acquireExternalTool "$CONTAINER_URL/azcopy/1/azcopy.zip" azcopy acquireExternalTool "$CONTAINER_URL/vstshost/m122_887c6659_binding_redirect_patched/vstshost.zip" vstshost fi # Node.js dropped official support for Windows 32-bit (win-x86) starting with Node.js 20 # See: https://github.com/nodejs/node/blob/main/BUILDING.md#platform-list # Node 24 is not available for win-x86, so we exclude it for this runtime if [[ "$PACKAGERUNTIME" == "win-x86" ]]; then INCLUDE_NODE24=false echo "INFO: Node 24 is not available for win-x86. Node-based tasks will fall back to Node 20 or Node 16." fi acquireExternalTool "$CONTAINER_URL/mingit/${MINGIT_VERSION}/MinGit-${MINGIT_VERSION}-${BIT}-bit.zip" git acquireExternalTool "$CONTAINER_URL/git-lfs/${LFS_VERSION}/x${BIT}/git-lfs.exe" "git/mingw${BIT}/bin" acquireExternalTool "$CONTAINER_URL/pdbstr/1/pdbstr.zip" pdbstr acquireExternalTool "$CONTAINER_URL/symstore/1/symstore.zip" symstore acquireExternalTool "$CONTAINER_URL/vstsom/m153_47c0856d_adhoc/vstsom.zip" tf acquireExternalTool "$CONTAINER_URL/vstsom/dev17.11vs_c0748e6e/vstsom.zip" tf-latest if [[ "$PACKAGERUNTIME" == "win-x64" ]]; then # Copy tf to vstshost for default PowerShell handler behavior cp -r "$LAYOUT_DIR/externals/tf/"* "$LAYOUT_DIR/externals/vstshost/" fi acquireExternalTool "$CONTAINER_URL/vswhere/2_8_4/vswhere.zip" vswhere acquireExternalTool "https://dist.nuget.org/win-x86-commandline/v4.6.4/nuget.exe" nuget if [[ "$INCLUDE_NODE6" == "true" ]]; then acquireExternalTool "${NODE_URL}/v${NODE_VERSION}/${PACKAGERUNTIME}/node.exe" node/bin acquireExternalTool "${NODE_URL}/v${NODE_VERSION}/${PACKAGERUNTIME}/node.lib" node/bin fi if [[ "$INCLUDE_NODE10" == "true" ]]; then acquireExternalTool "${NODE_URL}/v${NODE10_VERSION}/${PACKAGERUNTIME}/node.exe" node10/bin acquireExternalTool "${NODE_URL}/v${NODE10_VERSION}/${PACKAGERUNTIME}/node.lib" node10/bin fi acquireExternalTool "${NODE_URL}/v${NODE16_VERSION}/${PACKAGERUNTIME}/node.exe" node16/bin acquireExternalTool "${NODE_URL}/v${NODE16_VERSION}/${PACKAGERUNTIME}/node.lib" node16/bin acquireExternalTool "${NODE_URL}/v${NODE20_VERSION}/${PACKAGERUNTIME}/node.exe" node20_1/bin acquireExternalTool "${NODE_URL}/v${NODE20_VERSION}/${PACKAGERUNTIME}/node.lib" node20_1/bin if [[ "$INCLUDE_NODE24" == "true" ]]; then acquireExternalTool "${NODE_URL}/v${NODE24_VERSION}/${PACKAGERUNTIME}/node.exe" node24/bin acquireExternalTool "${NODE_URL}/v${NODE24_VERSION}/${PACKAGERUNTIME}/node.lib" node24/bin fi elif [[ "$PACKAGERUNTIME" == "win-arm64" || "$PACKAGERUNTIME" == "win-arm32" ]]; then # Download external tools for Windows ARM BIT="32" if [[ "$PACKAGERUNTIME" == "win-arm64" ]]; then BIT="64" # acquireExternalTool "$CONTAINER_URL/azcopy/1/azcopy.zip" azcopy # Unavailable for Win ARM 64 - https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10?tabs=dnf#download-the-azcopy-portable-binary acquireExternalTool "$CONTAINER_URL/vstshost/m122_887c6659_binding_redirect_patched/vstshost.zip" vstshost # Custom package. Will the same work for Win ARM 64? fi acquireExternalTool "$CONTAINER_URL/mingit/${MINGIT_VERSION}/MinGit-${MINGIT_VERSION}-${BIT}-bit.zip" git # Unavailable for Win ARM 64 - https://github.com/git-for-windows/git/releases acquireExternalTool "$CONTAINER_URL/git-lfs/${LFS_VERSION}/win-arm${BIT}/git-lfs.exe" "git/mingw${BIT}/bin" acquireExternalTool "$CONTAINER_URL/pdbstr/win-arm${BIT}/1/pdbstr.zip" pdbstr acquireExternalTool "$CONTAINER_URL/symstore/win-arm${BIT}/1/symstore.zip" symstore acquireExternalTool "$CONTAINER_URL/vstsom/m153_47c0856d_adhoc/vstsom.zip" tf acquireExternalTool "$CONTAINER_URL/vstsom/dev17.11vs_c0748e6e/vstsom.zip" tf-latest if [[ "$PACKAGERUNTIME" == "win-arm64" ]]; then # Copy tf to vstshost for default PowerShell handler behavior cp -r "$LAYOUT_DIR/externals/tf/"* "$LAYOUT_DIR/externals/vstshost/" fi acquireExternalTool "$CONTAINER_URL/vswhere/2_8_4/vswhere.zip" vswhere acquireExternalTool "https://dist.nuget.org/win-x86-commandline/v4.6.4/nuget.exe" nuget if [[ "$INCLUDE_NODE6" == "true" ]]; then acquireExternalTool "${NODE_URL}/v${NODE_VERSION}/${PACKAGERUNTIME}/node.exe" node/bin # Not available for Windows ARM acquireExternalTool "${NODE_URL}/v${NODE_VERSION}/${PACKAGERUNTIME}/node.lib" node/bin # Not available for Windows ARM fi if [[ "$INCLUDE_NODE10" == "true" ]]; then acquireExternalTool "${NODE_URL}/v${NODE10_VERSION}/${PACKAGERUNTIME}/node.exe" node10/bin # Not available for Windows ARM acquireExternalTool "${NODE_URL}/v${NODE10_VERSION}/${PACKAGERUNTIME}/node.lib" node10/bin # Not available for Windows ARM fi # Unofficial distribution of Node contains Node 16 for Windows ARM acquireExternalTool "${NODE_UNOFFICIAL_URL}/v${NODE16_WIN_ARM64_VERSION}/${PACKAGERUNTIME}/node.exe" node16/bin acquireExternalTool "${NODE_UNOFFICIAL_URL}/v${NODE16_WIN_ARM64_VERSION}/${PACKAGERUNTIME}/node.lib" node16/bin # Official distribution of Node contains Node 20 for Windows ARM acquireExternalTool "${NODE_URL}/v${NODE20_VERSION}/${PACKAGERUNTIME}/node.exe" node20_1/bin acquireExternalTool "${NODE_URL}/v${NODE20_VERSION}/${PACKAGERUNTIME}/node.lib" node20_1/bin # Official distribution of Node contains Node 24 for Windows ARM acquireExternalTool "${NODE_URL}/v${NODE24_VERSION}/${PACKAGERUNTIME}/node.exe" node24/bin acquireExternalTool "${NODE_URL}/v${NODE24_VERSION}/${PACKAGERUNTIME}/node.lib" node24/bin else # Download external tools for Linux and OSX. if [[ "$PACKAGERUNTIME" == "osx-arm64" ]]; then ARCH="darwin-x64" if [[ "$INCLUDE_NODE6" == "true" ]]; then acquireExternalTool "${NODE_URL}/v${NODE_VERSION}/node-v${NODE_VERSION}-${ARCH}.tar.gz" node fix_nested_dir fi if [[ "$INCLUDE_NODE10" == "true" ]]; then acquireExternalTool "${NODE_URL}/v${NODE10_VERSION}/node-v${NODE10_VERSION}-${ARCH}.tar.gz" node10 fix_nested_dir fi ARCH="darwin-arm64" acquireExternalTool "${NODE_URL}/v${NODE16_VERSION}/node-v${NODE16_VERSION}-${ARCH}.tar.gz" node16 fix_nested_dir acquireExternalTool "${NODE_URL}/v${NODE20_VERSION}/node-v${NODE20_VERSION}-${ARCH}.tar.gz" node20_1 fix_nested_dir acquireExternalTool "${NODE_URL}/v${NODE24_VERSION}/node-v${NODE24_VERSION}-${ARCH}.tar.gz" node24 fix_nested_dir elif [[ "$PACKAGERUNTIME" == "linux-musl-arm64" ]]; then ARCH="linux-arm64-musl" if [[ "$INCLUDE_NODE10" == "true" ]]; then acquireExternalTool "${CONTAINER_URL}/nodejs/${ARCH}/node-v${NODE10_VERSION}-${ARCH}.tar.gz" node10/bin fix_nested_dir false node_alpine_arm64 fi acquireExternalTool "${CONTAINER_URL}/nodejs/${ARCH}/node-v${NODE16_VERSION}-${ARCH}.tar.gz" node16/bin fix_nested_dir false node_alpine_arm64 acquireExternalTool "${CONTAINER_URL}/nodejs/${ARCH}/node-v${NODE20_VERSION}-${ARCH}.tar.gz" node20_1/bin fix_nested_dir false node_alpine_arm64 acquireExternalTool "${CONTAINER_URL}/nodejs/${ARCH}/node-v${NODE24_VERSION}-${ARCH}.tar.gz" node24/bin fix_nested_dir false node_alpine_arm64 else case $PACKAGERUNTIME in "linux-musl-x64") ARCH="linux-x64-musl";; "linux-x64") ARCH="linux-x64";; "linux-arm") ARCH="linux-armv7l";; "linux-arm64") ARCH="linux-arm64";; "osx-x64") ARCH="darwin-x64";; *) echo "Unknown PACKAGERUNTIME: ${PACKAGERUNTIME}"; exit 1;; esac if [[ "$INCLUDE_NODE6" == "true" ]]; then acquireExternalTool "${NODE_URL}/v${NODE_VERSION}/node-v${NODE_VERSION}-${ARCH}.tar.gz" node fix_nested_dir fi if [[ "$INCLUDE_NODE10" == "true" ]]; then acquireExternalTool "${NODE_URL}/v${NODE10_VERSION}/node-v${NODE10_VERSION}-${ARCH}.tar.gz" node10 fix_nested_dir fi acquireExternalTool "${NODE_URL}/v${NODE16_VERSION}/node-v${NODE16_VERSION}-${ARCH}.tar.gz" node16 fix_nested_dir acquireExternalTool "${NODE_URL}/v${NODE20_VERSION}/node-v${NODE20_VERSION}-${ARCH}.tar.gz" node20_1 fix_nested_dir if [[ "$INCLUDE_NODE24" == "true" ]]; then acquireExternalTool "${NODE_URL}/v${NODE24_VERSION}/node-v${NODE24_VERSION}-${ARCH}.tar.gz" node24 fix_nested_dir fi fi # remove `npm`, `npx`, `corepack`, and related `node_modules` from the `externals/node*` agent directory # they are installed along with node, but agent does not use them rm -rf "$LAYOUT_DIR/externals/node/lib" rm "$LAYOUT_DIR/externals/node/bin/npm" rm -rf "$LAYOUT_DIR/externals/node10/lib" rm "$LAYOUT_DIR/externals/node10/bin/npm" rm "$LAYOUT_DIR/externals/node10/bin/npx" rm -rf "$LAYOUT_DIR/externals/node16/lib" rm "$LAYOUT_DIR/externals/node16/bin/npm" rm "$LAYOUT_DIR/externals/node16/bin/npx" rm "$LAYOUT_DIR/externals/node16/bin/corepack" rm -rf "$LAYOUT_DIR/externals/node20_1/lib" rm "$LAYOUT_DIR/externals/node20_1/bin/npm" rm "$LAYOUT_DIR/externals/node20_1/bin/npx" rm "$LAYOUT_DIR/externals/node20_1/bin/corepack" if [[ "$INCLUDE_NODE24" == "true" ]]; then rm -rf "$LAYOUT_DIR/externals/node24/lib" rm "$LAYOUT_DIR/externals/node24/bin/npm" rm "$LAYOUT_DIR/externals/node24/bin/npx" rm "$LAYOUT_DIR/externals/node24/bin/corepack" fi fi if [[ "$L1_MODE" != "" || "$PRECACHE" != "" ]]; then # cmdline node20 task acquireExternalTool "$CONTAINER_URL/l1Tasks/b9bafed4-0b18-4f58-968d-86655b4d2ce9.zip" "Tasks" false dont_uncompress fi ================================================ FILE: src/Misc/layoutbin/AgentService.js ================================================ #!/usr/bin/env node // Copyright (c) Microsoft. All rights reserved. // Licensed under the MIT license. See LICENSE file in the project root for full license information. var childProcess = require("child_process"); var path = require("path") var supported = ['linux', 'darwin'] if (supported.indexOf(process.platform) == -1) { console.log('Unsupported platform: ' + process.platform); console.log('Supported platforms are: ' + supported.toString()); process.exit(1); } var stopping = false; var listener = null; var runService = function() { var listenerExePath = path.join(__dirname, '../bin/Agent.Listener'); var interactive = process.argv[2] === "interactive"; if(!stopping) { try { if (interactive) { console.log('Starting Agent listener interactively'); // skip all paramters before interactive (inclusive) listenerArgs = ['run'].concat(process.argv.slice(3)); } else { console.log('Starting Agent listener with startup type: service'); listenerArgs = ['run', '--startuptype', 'service'].concat(process.argv.slice(2)) } listener = childProcess.spawn(listenerExePath, listenerArgs, { env: process.env }); console.log('Started listener process'); listener.stdout.on('data', (data) => { process.stdout.write(data.toString('utf8')); }); listener.stderr.on('data', (data) => { process.stdout.write(data.toString('utf8')); }); listener.on('close', (code) => { console.log(`Agent listener exited with error code ${code}`); if (code === 0) { console.log('Agent listener exit with 0 return code, stop the service, no retry needed.'); stopping = true; } else if (code === 1) { console.log('Agent listener exit with terminated error, stop the service, no retry needed.'); stopping = true; } else if (code === 2) { console.log('Agent listener exit with retryable error, re-launch agent in 5 seconds.'); } else if (code === 3) { console.log('Agent listener exit because of updating, re-launch agent in 5 seconds.'); } else { console.log('Agent listener exit with undefined return code, re-launch agent in 5 seconds.'); } if(!stopping) { setTimeout(runService, 5000); } }); } catch(ex) { console.log(ex); } } } runService(); console.log('Started running service'); var gracefulShutdown = function(code) { console.log('Shutting down agent listener'); stopping = true; if (listener) { console.log('Sending SIGINT to agent listener to stop'); listener.kill('SIGINT'); // TODO wait for 30 seconds and send a SIGKILL } } process.on('SIGINT', () => { gracefulShutdown(0); }); process.on('SIGTERM', () => { gracefulShutdown(0); }); ================================================ FILE: src/Misc/layoutbin/containerHandlerInvoker.js.template ================================================ const { spawn } = require('child_process'); const debug = log => console.log(`##vso[task.debug]${log}`); let stdinString = ''; process.stdin.on('data', chunk => stdinString += chunk); process.stdin.on('end', () => { const { handler, args: handlerArg, workDir: handlerWorkDir, prependPath, environment } = JSON.parse(stdinString); debug(`Handler: ${handler}`); debug(`HandlerArg: ${handlerArg}`); debug(`HandlerWorkDir: ${handlerWorkDir}`); for (const key in environment) { const value = environment[key].toString().replace(/\r/g, '%0D').replace(/\n/g, '%0A'); debug(`Set env: ${key}=${value}`); process.env[key] = environment[key]; } const options = { stdio: 'inherit', cwd: handlerWorkDir }; const isWindows = process.platform == 'win32'; if (isWindows) { options.argv0 = `"${handler}"`; options.windowsVerbatimArguments = true; } if (prependPath && prependPath.length > 0) { const currentPath = process.env['PATH']; process.env['PATH'] = prependPath; if (currentPath && currentPath.length > 0) { process.env['PATH'] += `${isWindows ? ';' : ':'}${currentPath}`; } debug(`Prepend Path: ${process.env['PATH']}`); } process.env['TF_BUILD'] = 'True'; debug(`Handler Setup Complete`); const launch = spawn(handler, [handlerArg], options); launch.on('exit', code => { debug(`Handler exit code: ${code}`); if (code != 0) { process.exit(code); } }); }); ================================================ FILE: src/Misc/layoutbin/darwin.svc.sh.template ================================================ #!/bin/bash SVC_NAME="{{SvcNameVar}}" SVC_DESCRIPTION="{{SvcDescription}}" user_id=`id -u` # launchctl should not run as sudo for launch agents if [ $user_id -eq 0 ]; then echo "Must not run with sudo" exit 1 fi SVC_CMD=$1 AGENT_ROOT=`pwd` LAUNCH_PATH="${HOME}/Library/LaunchAgents" PLIST_PATH="${LAUNCH_PATH}/${SVC_NAME}.plist" TEMPLATE_PATH=./bin/vsts.agent.plist.template TEMP_PATH=./bin/vsts.agent.plist.temp CONFIG_PATH=.service function failed() { local error=${1:-Undefined error} echo "Failed: $error" >&2 exit 1 } if [ ! -f "${TEMPLATE_PATH}" ]; then failed "Must run from agent root or install is corrupt" fi function install() { echo "Creating launch agent in ${PLIST_PATH}" if [ ! -d "${LAUNCH_PATH}" ]; then mkdir ${LAUNCH_PATH} fi if [ -f "${PLIST_PATH}" ]; then failed "error: exists ${PLIST_PATH}" fi if [ -f "${TEMP_PATH}" ]; then rm "${TEMP_PATH}" || failed "failed to delete ${TEMP_PATH}" fi log_path="${HOME}/Library/Logs/${SVC_NAME}" echo "Creating ${log_path}" mkdir -p "${log_path}" || failed "failed to create ${log_path}" echo Creating ${PLIST_PATH} sed "s/{{User}}/${SUDO_USER:-$USER}/g; s/{{SvcName}}/$SVC_NAME/g; s@{{AgentRoot}}@${AGENT_ROOT}@g; s@{{UserHome}}@$HOME@g;" "${TEMPLATE_PATH}" > "${TEMP_PATH}" || failed "failed to create replacement temp file" mv "${TEMP_PATH}" "${PLIST_PATH}" || failed "failed to copy plist" # Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user. echo Creating runsvc.sh cp ./bin/runsvc.sh ./runsvc.sh || failed "failed to copy runsvc.sh" chmod u+x ./runsvc.sh || failed "failed to set permission for runsvc.sh" echo Creating ${CONFIG_PATH} echo "${PLIST_PATH}" > ${CONFIG_PATH} || failed "failed to create .Service file" echo "svc install complete" } function start() { echo "starting ${SVC_NAME}" launchctl load -w "${PLIST_PATH}" || failed "failed to load ${PLIST_PATH}" status } function stop() { echo "stopping ${SVC_NAME}" launchctl unload "${PLIST_PATH}" || failed "failed to unload ${PLIST_PATH}" status } function uninstall() { echo "uninstalling ${SVC_NAME}" stop rm "${PLIST_PATH}" || failed "failed to delete ${PLIST_PATH}" if [ -f "${CONFIG_PATH}" ]; then rm "${CONFIG_PATH}" || failed "failed to delete ${CONFIG_PATH}" fi } function status() { echo "status ${SVC_NAME}:" if [ -f "${PLIST_PATH}" ]; then echo echo "${PLIST_PATH}" else echo echo "not installed" echo return fi echo status_out=`launchctl list | grep "${SVC_NAME}"` if [ ! -z "$status_out" ]; then echo Started: echo $status_out echo else echo Stopped echo fi } function usage() { echo echo Usage: echo "./svc.sh [install, start, stop, status, uninstall]" echo } case $SVC_CMD in "install") install;; "status") status;; "uninstall") uninstall;; "start") start;; "stop") stop;; *) usage;; esac exit 0 ================================================ FILE: src/Misc/layoutbin/de-DE/strings.json ================================================ { "AcceptTeeEula": "(J/N) Team Explorer Everywhere-Lizenzvertrag jetzt akzeptieren?", "AccessDenied": "Zugriff verweigert", "AccessDeniedSettingDelayedStartOption": "Zugriff verweigert, während die Autostartoptionen durch die Einstellung des Dienstes verzögert wurden.", "AccessDeniedSettingRecoveryOption": "Beim Festlegen der Optionen für die Dienstwiederherstellung wurde der Zugriff verweigert.", "AccessDeniedSettingSidType": "Beim Festlegen des Dienst-SID-Typs wurde der Zugriff verweigert.", "AddAgentFailed": "Fehler beim Hinzufügen des Agents. Versuchen Sie es noch einmal, oder drücken Sie STRG+C, um den Vorgang zu beenden.", "AddBuildTag": "Buildtag hinzufügen", "AddDeploymentGroupTagsFlagDescription": "Bereitstellungsgruppentags für Agent? (J/N)", "AddEnvironmentVMResourceTags": "Umgebungstags für VM-Ressourcen? (J/N)", "AgentAddedSuccessfully": "Der Agent wurde erfolgreich hinzugefügt.", "AgentAlreadyInsideContainer": "Das Containerfeature wird nicht unterstützt, wenn Agent darin bereits ausgeführt wird. Schlagen Sie in der Dokumentation (https://go.microsoft.com/fwlink/?linkid=875268) nach.", "AgentCdnAccessFailWarning": "Aktion erforderlich: Der Azure Pipelines-Agent kann die neue CDN-URL nicht erreichen. Setzen Sie jetzt „download.agent.dev.azure.com“ auf die Positivliste, um Pipelinefehler zu vermeiden. Details: https://devblogs.microsoft.com/devops/cdn-domain-url-change-for-agents-in-pipelines/", "AgentDoesNotSupportContainerFeatureRhel6": "Der Agent bietet unter Red Hat Enterprise Linux 6 oder CentOS 6 keine Unterstützung für das Containerfeature.", "AgentDowngrade": "Der Agent wird auf eine niedrigere Version herabgestuft. Die ist in der Regel auf einen Rollback des aktuell veröffentlichten Agents zur Fehlerkorrektur zurückzuführen. Um dieses Verhalten zu deaktivieren, legen Sie die Umgebungsvariable AZP_AGENT_DOWNGRADE_DISABLED auf TRUE fest, bevor Sie Ihren Agent starten.", "AgentExit": "Der Agent wird kurzzeitig für die Aktualisierung beendet. Er sollte innerhalb von 10 Sekunden wieder online sein.", "AgentIsNotConfigured": "Der Agent ist nicht konfiguriert.", "AgentMachineNameLog": "Name des Agentcomputers: „{0}“", "AgentMachinePoolNameLabel": "Agentpool", "AgentName": "Agent-Name", "AgentNameLog": "Agentname: „{0}“", "AgentOutOfMemoryFailure": "Der Agent-Worker wurde mit Code 137 beendet, was bedeutet, dass nicht genügend Arbeitsspeicher verfügbar war. Stellen Sie sicher, dass für den Agenthost (Containerhost) ausreichend Arbeitsspeicher konfiguriert ist.", "AgentReplaced": "Der Agent wurde erfolgreich ersetzt.", "agentRootFolderCheckError": "Die Zugriffsregeln für den Stammordner des Agents können nicht überprüft werden. Weitere Informationen finden Sie im Protokoll.", "agentRootFolderInsecure": "Sicherheitswarnung! Die Gruppe „{0}“ hat Zugriff zum Schreiben/Ändern des Agentordners. Weitere Informationen finden Sie im Protokoll.", "AgentRunningBehindProxy": "Der Agent wird hinter dem Proxyserver „{0}“ ausgeführt.", "AgentVersion": "Aktuelle Agentversion: „{0}“", "AgentWithSameNameAlreadyExistInPool": "Der Pool {0} enthält bereits einen Agenten mit der Bezeichnung {1}.", "AllowContainerUserRunDocker": "Der Benutzer „{0}“ kann einen beliebigen Docker-Befehl ohne SUDO ausführen.", "AlreadyConfiguredError": "Der Agent kann nicht konfiguriert werden, da er bereits konfiguriert ist. Um den Agent neu zu konfigurieren, führen Sie zuerst „config.cmd remove“ oder „./config.sh remove“ aus.", "ApkAddShadowFailed": "Die Benutzer-ID liegt außerhalb des Bereichs des Befehls \"adduser\". Der alternative Befehl \"useradd\" kann nicht verwendet werden, da das \"shadow\"-Paket nicht vorinstalliert ist und beim Versuch, dieses Paket zu installieren, ein Fehler aufgetreten ist. Überprüfen Sie die Netzwerkverfügbarkeit, oder verwenden Sie ein Dockerimage, bei dem das \"shadow\"-Paket vorinstalliert ist.", "ArgumentNeeded": "„{0}“ muss angegeben werden.", "ArtifactCustomPropertiesNotJson": "Die benutzerdefinierten Artefakteigenschaften sind kein gültiger JSON-Code: „{0}“", "ArtifactCustomPropertyInvalid": "Benutzerdefinierten Artefakteigenschaften muss das Präfix „user-“ vorangestellt werden. Ungültige Eigenschaft: „{0}“", "ArtifactDownloadFailed": "Fehler beim Herunterladen des Artefakts aus {0}.", "ArtifactLocationRequired": "Der Artefaktspeicherort ist erforderlich.", "ArtifactNameIsNotValid": "Der Artefaktname ist ungültig: {0}. Er darf keines der folgenden Zeichen enthalten: '\\', /', \"', ':', '<', '>', '|', '*' und '?'", "ArtifactNameRequired": "Der Artefaktname ist erforderlich.", "ArtifactTypeRequired": "Der Artefakttyp ist erforderlich.", "AssociateArtifact": "Artefakt zuordnen", "AssociateArtifactCommandNotSupported": "Das Zuordnen eines Serverartefakts wird in „{0}“ nicht unterstützt.", "AssociateArtifactWithBuild": "Zugeordnetes Artefakt {0} mit Build {1}", "AssociateFiles": "Dateien zuordnen", "AttachFileNotExist": "Die Datei (Typ: {0} Name:{1}) kann nicht angefügt werden: {2}. Die Datei ist nicht vorhanden.", "AttachmentExceededMaximum": "Die Anlage wird übersprungen, da sie die maximal zulässige Größe von 75 MB überschreitet: {0}", "AttemptRemoveCredFromConfig": "Der Versuch mithilfe der Git-Befehlszeile „{0}“ aus der Git-Konfiguration zu entfernen ist fehlgeschlagen. Es wird versucht, die Git-Konfigurationsdatei direkt zu ändern, um die Anmeldeinformationen zu entfernen.", "AuthenticationType": "Authentifizierungstyp", "AutoLogonAccountGmsaHint": "Wenn Sie versuchen, ein gMSA-Konto zu verwenden, fügen Sie am Ende des Kontonamens ein Dollarzeichen ($) an.", "AutoLogonAccountNameDescription": "Benutzerkonto, das für die automatische Anmeldung verwendet werden soll", "AutoLogonOverwriteDeniedError": "Die automatische Anmeldung kann nicht konfiguriert werden, da sie bereits für einen anderen Benutzer ({0}) auf dem Computer konfiguriert ist. Verwenden Sie „--overwriteautologon“, wenn Sie die Konfiguration überschreiben möchten.", "AutoLogonPolicies_LegalNotice": "Rechtliche Hinweise", "AutoLogonPolicies_ShutdownReason": "Grund für das Herunterfahren", "AutoLogonPoliciesInspection": "Es wird nach Richtlinien gesucht, die möglicherweise verhindern, dass die automatische Anmeldung ordnungsgemäß funktioniert.", "AutoLogonPoliciesWarningsHeader": "Die folgenden Richtlinien können sich auf die automatische Anmeldung auswirken:", "BeginArtifactItemsIntegrityCheck": "Integritätsprüfung für Artefaktelement wird gestartet", "BlobStoreDownloadWarning": "Fehler beim Herunterladen des Artefakts aus Blobstore, Fallback auf TFS wird ausgeführt. Hierdurch wird die Downloadleistung reduziert. Überprüfen Sie, ob Ihre Firewallregeln den Zugriff auf {0} zulassen. Stellen Sie sicher, dass Ihre Agent-Firewall ordnungsgemäß konfiguriert ist: {1}", "BlobStoreUploadWarning": "Fehler beim Hochladen des Artefakts in Blobstore, Fallback auf TFS wird ausgeführt. Dieses Fallback wird in einem zukünftigen Release entfernt. Überprüfen Sie, ob Ihre Firewallregeln den Zugriff auf {0} zulassen. Stellen Sie sicher, dass Ihre Agent-Firewall ordnungsgemäß konfiguriert ist: {1}", "BuildDirLastUseTIme": "Das zuletzt verwendete Buildverzeichnis „{0}“ ist: {1}", "BuildIdIsNotAvailable": "Es wird versucht, das Pipelineartefakt in der {0}-Umgebung herunterzuladen, jedoch ist die Build-ID nicht vorhanden. Ein Pipelineartefakt kann nur in der {1}-Umgebung heruntergeladen werden, wenn das Artefakt ein Build ist.", "BuildIdIsNotValid": "Die Build-ID ist ungültig: {0}", "BuildingFileTree": "Dateistruktur wird erstellt", "BuildLogsMessage": "Der Agent hat das Hochladen von Protokollen deaktiviert. Nach Abschluss des Auftrags können Sie die Protokolle dieses Schritts unter {0} auf dem Agent abrufen.", "BuildNumberRequired": "Die Buildnummer ist erforderlich.", "BuildsDoesNotExist": "In der angegebenen Pipelinedefinition sind aktuell keine Builds vorhanden.", "BuildTagAddFailed": "Das Buildtag „{0}“ wurde nicht erfolgreich hinzugefügt.", "BuildTagRequired": "Das Buildtag ist erforderlich.", "BuildTagsForBuild": "Der Build „{0}“ weist jetzt die folgenden Tags auf: {1}", "CannotChangeParentTimelineRecord": "Der übergeordnete Zeitachsendatensatz eines vorhandenen Zeitachsendatensatzes kann nicht geändert werden.", "CannotDownloadFromCurrentEnvironment": "Ein Pipelineartefakt kann aus der {0}-Umgebung nicht heruntergeladen werden.", "CannotFindHostName": "Der Name der VSTS-Organisation aus der Server-URL wurde nicht gefunden: „{0}“", "CanNotFindService": "Der Dienst {0} wurde nicht gefunden.", "CanNotGrantPermission": "Dem Benutzer {0} kann die Berechtigung „LogonAsService“ nicht erteilt werden.", "CanNotStartService": "Der Dienst kann nicht gestartet werden. Weitere Informationen finden Sie in den Protokollen.", "CanNotStopService": "Der Dienst {0} kann nicht rechtzeitig beendet werden.", "CannotUploadFile": "Die Datei kann nicht hochgeladen werden, da kein Dateispeicherort angegeben ist.", "CannotUploadFromCurrentEnvironment": "Das Hochladen aus der {0}-Umgebung in ein Pipelineartefakt ist nicht möglich.", "CannotUploadSummary": "Die Zusammenfassungsdatei kann nicht hochgeladen werden. Der Speicherort der Zusammenfassungsdatei wurde nicht angegeben.", "CheckoutTaskDisplayNameFormat": "Check-Out {0}@{1} nach {2}", "CleaningDestinationFolder": "Der Zielordner wird bereinigt: {0}", "ClientId": "Client(App)-ID", "ClientSecret": "Geheimer Clientschlüssel", "ClockSkewStopRetry": "Der Wiederholungsversuch der OAuth-Tokenanforderungsausnahme wurde nach {0} Sekunden beendet.", "CodeCoverageDataIsNull": "Es wurden keine Abdeckungsdaten gefunden. Weitere Informationen finden Sie in den Buildfehlern/-warnungen.", "CodeCoveragePublishIsValidOnlyForBuild": "Die Veröffentlichung von Code Coverage funktioniert nur für „build“.", "CollectionName": "Sammlungsname", "CommandDuplicateDetected": "Der Befehl „{0}“ ist für den Bereich „{1}“ bereits installiert.", "CommandKeywordDetected": "„{0}“ enthält das Protokollierungsbefehl-Schlüsselwort „##vso“, ist aber kein zulässiger Befehl. Eine Liste der akzeptierten Befehle finden Sie hier: https://go.microsoft.com/fwlink/?LinkId=817296", "CommandLineHelp": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "Befehle:", " .{0}config.{1} Konfiguriert den Agent", " .{0}config.{1} remove Hebt die Konfiguration des Agents auf", " .{0}run.{1} Führt den Agent interaktiv aus", " .{0}run.{1} --once Führt den Agent aus und akzeptiert höchstens einen Auftrag, bevor er heruntergefahren wird", "", "Optionen:", " --version Gibt die Agent-Version aus", " --commit Gibt den Agent-Commit aus", " --Hilfe Gibt die Hilfe für jeden Befehl aus" ], "CommandLineHelp_Common": [ "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Allgemeine Optionen:", " --url URL des Servers. Beispiel: https://myaccount.visualstudio.com oder", " http://onprem:8080/tfs", " --auth Authentifizierungstyp. Gültige Werte sind:", " PAT (Persönliches Zugriffstoken)", " Aushandeln (Kerberos oder NTLM)", " ALT (Standardauthentifizierung)", " integriert (Windows-Standardanmeldeinformationen)", " sp (Dienstprinzipal)", " --token Wird mit --auth pat verwendet. Persönliches Zugriffstoken.", " --userName Wird mit „--auth negotiate“ oder „--auth alt“ verwendet. Geben Sie den Windows-Benutzer an.", " Name im Format: Domäne\\Benutzername oder userName@domain.com", " --password Wird mit „--auth negotiate“ oder „--auth alt“ verwendet.", " --unattended Unbeaufsichtigte Konfiguration. Sie erhalten keine Eingabeaufforderung. Alle Antworten müssen", " an die Befehlszeile übergeben.", " --version Gibt die Agent-Version aus", " --commit Gibt den Agent-Commit aus", " --help Druckt die Hilfe" ], "CommandLineHelp_Configure": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", ".{0}config.{1} [Optionen]", "", "Hilfe zum Aufheben der Konfiguration finden Sie unter: .{0}config.{1} remove --help", "", "{2}", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Optionen konfigurieren:", " --pool Poolname für den Agent, der beitreten soll", " --agent Agentname", " --replace Ersetzen des Agent in einem Pool. Wenn ein anderer Agent darauf lauscht", " Name, er wird mit einem Konflikt fehlschlagen.", " --work Arbeitsverzeichnis, in dem Auftragsdaten gespeichert werden. Standardmäßig auf _work festgelegt unter dem", " Stamm des Agent-Verzeichnisses. Das Arbeitsverzeichnis befindet sich im Besitz eines bestimmten", " Agent und sollte nicht zwischen mehreren Agents freigegeben werden.", " --acceptTeeEula nur macOS und Linux. Akzeptiert den TEE-Endbenutzerlizenzvertrag.", " --gitUseSChannel Nur Windows. Weist Git an, den nativen Zertifikatspeicher von Windows zu verwenden.", " --alwaysExtractTask Führt eine Entzippen für Aufgaben für jeden Pipelineschritt aus.", " --disableLogUploads Streamen oder senden Sie keine Konsolenprotokollausgabe an den Server. Stattdessen können Sie sie nach Abschluss des Auftrags aus dem Dateisystem des Agenthosts abrufen. HINWEIS: Kann nicht mit \"--reStreamLogsToFiles\" verwendet werden. Dies führt zu einem Fehler.", " --reStreamLogsToFiles Streamen oder senden Sie die Konsolenprotokollausgabe an den Server sowie eine Protokolldatei im Dateisystem des Agenthosts. HINWEIS: Kann nicht mit \"--disableLogUploads\" verwendet werden. Dies führt zu einem Fehler.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Startoptionen (nur Windows):", " --runAsService Konfigurieren des Agent für die Ausführung als Windows-Dienst. Erfordert", " Administratorberechtigung.", " --preventServiceStart Konfigurieren des Windows-Diensts so, dass er nicht sofort nach der Konfiguration ausgeführt wird.", " --runAsAutoLogon Konfigurieren der automatischen Anmeldung, und ausführen des Agent beim Start. Erfordert", " Administratorberechtigung.", " --windowsLogonAccount Wird mit --runAsService oder --runAsAutoLogon verwendet. Windows-Benutzer angeben", " Name im Format: Domäne\\Benutzername oder userName@domain.com", " --windowsLogonPassword Wird mit --runAsService oder --runAsAutoLogon verwendet. Windows-Anmeldekennwort.", " --overwriteAutoLogon Wird mit --runAsAutoLogon verwendet. Überschreibt alle vorhandenen automatischen Anmeldungen auf der", " Computer.", " --noRestart Wird mit --runAsAutoLogon verwendet. Nach der Konfiguration nicht neu starten", " wird beendet.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Bereitstellungsgruppenoptionen:", " --deploymentGroup Konfigurieren des Agent als Bereitstellungsgruppen-Agent.", " --projectName Wird mit --deploymentGroup verwendet. Name des Teamprojekts.", " --addDeploymentGroupTags Wird mit --deploymentGroup verwendet. Angeben, um Bereitstellungsgruppentags hinzuzufügen.", " --deploymentGroupName Wird mit --deploymentGroup verwendet. Bereitstellungsgruppe, welcher der Agent beitreten soll.", " --deploymentGroupTags Wird mit --addDeploymentGroupTags verwendet. Eine durch Kommas getrennte Liste von Tags für", " der Bereitstellungsgruppen-Agent. Beispiel: „web, db“.", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "Beispiele für die unbeaufsichtigte Konfiguration:", "", "VSTS-Authentifizierung", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --acceptTeeEula", "", "Lokaler TFS mit integrierter Authentifizierung (nur Windows)", ".\\config.cmd --unattended --url http://mylocaltfsserver:8080/tfs --auth integrated --pool default --agent myAgent", "", "Lokales TFS mit Aushandlungsauthentifizierung", ".{0}config.{1} --unattended --url http://mylocaltfsserver:8080/tfs --auth negotiate --userName myDomain\\myUserName --password myPassword --pool default --agent myAgent --acceptTeeEula", "", "Vorhandenen Agent durch einen Agent mit dem gleichen Namen ersetzen", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --replace --acceptTeeEula", "", "Angeben des Agent-Arbeitsverzeichnisses (Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work D:\\agent_work", "", "Angeben des Agent-Arbeitsverzeichnisses (macOS und Linux)", "./config.sh --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work usr/local/agent_work", "", "Als Windows-Dienst ausführen, der sich als NetworkService anmeldet (nur Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService", "", "Als Windows-Dienst ausführen, der sich als Domänenkonto anmeldet (nur Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "Als Windows-Dienst ausführen, der sich als Domänenkonto anmeldet (nur Windows) und den Dienst nicht sofort startet", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --preventServiceStart --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword ", "", "Ausführen als Agent für die automatische Anmeldung (nur Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "Als Agent für die automatische Anmeldung ausführen und nach der Konfiguration nicht neu starten (nur Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword --noRestart", "", "Der Bereitstellungsgruppen-Agent wird als Windows-Dienst ausgeführt, der sich als lokales System anmeldet (nur Windows).", ".\\config.cmd --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\"", "", "Bereitstellungsgruppen-Agent mit Tags", ".{0}config.{1} --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\" --acceptTeeEula" ], "CommandLineHelp_Env": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "Umgebungsvariablen:", "Jedes Befehlszeilenargument kann als Umgebungsvariable angegeben werden. Verwenden Sie das Format", "VSTS_AGENT_INPUT_.Beispiel: VSTS_AGENT_INPUT_PASSWORD" ], "CommandLineHelp_Remove": [ ".{0}config.{1} remove [Optionen]", "", "{2}", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "Beispiele für unbeaufsichtigtes Entfernen:", "", "VSTS", ".{0}config.{1} remove --unattended --auth pat --token myToken", "", "Lokaler TFS mit integrierter Authentifizierung (nur Windows)", ".{0}config.{1} remove --unattended --auth integrated", "", "Lokaler TFS mit integrierter Authentifizierung", ".{0}config.{1} remove --unattended --auth negotiate --username myDomain\\myUserName --password myPassword" ], "CommandNotAllowed": "##vso[{0}.{1}] ist in diesem Schritt aufgrund von Richtlinieneinschränkungen unzulässig. Bitte lesen Sie die Dokumentation (http://go.microsoft.com/fwlink/?LinkId=817296).", "CommandNotFound": "Die Befehlserweiterung für ##vso[{0}.command]. wurde nicht gefunden. Bitte lesen Sie die Dokumentation (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound2": "##vso[{0}.{1}] wird nicht als Befehl für die Befehlserweiterung {2} erkannt. Bitte lesen Sie die Dokumentation (http://go.microsoft.com/fwlink/?LinkId=817296).", "CommandNotSupported": "{0}-Befehle werden für {1} nicht unterstützt. Bitte lesen Sie die Dokumentation (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandProcessFailed": "Der Befehl „{0}“ kann nicht erfolgreich verarbeitet werden. Bitte lesen Sie die Dokumentation (http://go.microsoft.com/fwlink/?LinkId=817296)", "ConnectingToServer": "Verbindung mit dem Server wird hergestellt ...", "ConnectSectionHeader": "Verbinden", "ConnectToServer": "Verbindung zum Server wird hergestellt.", "ContainerWindowsVersionRequirement": "Das Containerfeature erfordert Windows Server 1803 oder höher. Weitere Informationen finden Sie in der Dokumentation (https://go.microsoft.com/fwlink/?linkid=875268).", "CopyFileComplete": "Artefakte wurden erfolgreich in {0} veröffentlicht.", "CopyFileToDestination": "Datei \"{0}\" in \"{1}\" kopieren", "CorruptedArtifactItemsList": "Die folgenden Elemente haben die Integritätsprüfung nicht bestanden:", "CouldNotRemoveService": "Der Dienst \"{0}\" konnte nicht gelöscht werden.", "CreateUserWithSameUIDInsideContainer": "Versuchen Sie, einen Benutzer mit der UID \"{0}\" im Container zu erstellen.", "CurrentUTC": "Aktuelle UTC: {0}", "CustomLogDoesNotExist": "Der Protokolldateipfad wurde nicht angegeben, oder die Datei ist nicht vorhanden: \"{0}\"", "CustomMarkDownSummaryDoesNotExist": "Der Pfad der Markdownzusammenfassungsdatei wurde nicht angegeben, oder die Datei ist nicht vorhanden: \"{0}\"", "DeleteGCTrackingFile": "GC-Nachverfolgungsdatei löschen, nachdem \"{0}\" gelöscht wurde.", "DeleteUnusedBuildDir": "Nicht verwendete Buildverzeichnisse löschen", "DeleteUnusedReleaseDir": "Nicht verwendete Verzeichnisse löschen", "Deleting": "Wird gelöscht: {0}", "DeletingCredentials": "Entfernen von .credentials", "DeletingSettings": "Entfernen von .agent", "DeploymentGroupName": "Name der Bereitstellungsgruppe", "DeploymentGroupNotFound": "Die Bereitstellungsgruppe wurde nicht gefunden: \"{0}\"", "DeploymentGroupTags": "Kommagetrennte Liste mit Tags (z. B. web, db)", "DeploymentGroupTagsAddedMsg": "Tags erfolgreich hinzugefügt", "DeploymentMachineWithSameNameAlreadyExistInDeploymentGroup": "DeploymentGroup {0} enthält bereits einen Computer mit dem Namen {1}.", "DeploymentPoolName": "Name des Bereitstellungspools", "DeploymentPoolNotFound": "Bereitstellungspool nicht gefunden: \"{0}\"", "DeprecatedNode6": "Dieser Task verwendet den Node 6-Ausführungshandler, der am 31. März 2022 entfernt wird. Wenn Sie der Entwickler der Aufgabe sind, beachten Sie die Migrationsrichtlinie zum Knoten 10-Handler: https://aka.ms/migrateTaskNode10 (überprüfen Sie diese Seite auch, wenn Sie Warnungen zu veralteten Knoten 6 deaktivieren möchten). Wenn Sie der Benutzer sind, können Sie sich an die Besitzer dieser Aufgabe wenden, um mit der Migration fortzufahren.", "DeprecatedNodeRunner": "Die Task '{0}' Version {1} ({2}@{1}) ist von einer Knotenversion ({3}) abhängig, bei der es sich um ein Ende der Lebensdauer handelt. Wenden Sie sich an den Besitzer der Erweiterung, um eine aktualisierte Version der Aufgabe zu erhalten. Task-Maintainer sollten sich den Knotenupgradeleitfaden ansehen: https://aka.ms/node-runner-guidance", "DeprecatedRunner": "Die Aufgabe „{0}“ ist von einer Aufgabenausführung abhängig, die das Ende der Lebensdauer erreicht hat und in Zukunft entfernt wird. Autoren finden weitere Informationen im Leitfaden zum Knotenupgrade: https://aka.ms/node-runner-guidance.", "DeprecationMessage": "Die Aufgabe „{0}“, Version {1} ({2}@{1}) ist veraltet.", "DeprecationMessageHelpUrl": "Weitere Informationen zu dieser Aufgabe finden Sie unter {0}.", "DeprecationMessageRemovalDate": "Diese Aufgabe wird entfernt. Ab {0} ist sie möglicherweise nicht mehr verfügbar.", "DirectoryHierarchyUnauthorized": "Die Berechtigung zum Lesen der Verzeichnisinhalte ist für \"{0}\" und jedes Verzeichnis in der Hierarchie erforderlich. {1}", "DirectoryIsEmptyForArtifact": "Das Verzeichnis \"{0}\" ist leer. Dem Buildartefakt \"{1}\" wird nichts hinzugefügt.", "DirectoryNotFound": "Verzeichnis nicht gefunden: \"{0}\"", "DirExpireLimit": "Ablauflimit des Verzeichnisses: {0} Tage.", "DiscoverBuildDir": "Veraltete Buildverzeichnisse ermitteln, die nicht mehr als {0} Tage verwendet wurden.", "DiscoverReleaseDir": "Ermitteln Sie veraltete Releaseverzeichnisse, die seit mehr als {0} Tagen nicht mehr verwendet wurden.", "DockerCommandFinalExitCode": "Endgültiger Exitcode für {0}: {1}", "DownloadAgent": "{0}-Agent wird heruntergeladen.", "DownloadArtifactFinished": "Das Herunterladen des Artefakts wurde abgeschlossen.", "DownloadArtifacts": "Artefakte herunterladen", "DownloadArtifactsFailed": "Fehler beim Herunterladen von Artefakten: {0}", "DownloadArtifactTo": "Artefakt herunterladen in: {0}", "DownloadArtifactWarning": "Verwenden Sie den Task \"Buildartefakt herunterladen\", um {0} Artefakt herunterzuladen. https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/download-build-artifacts?view=azure-devops", "DownloadingFromBuild": "Download aus dem angegebenen Build: #{0}", "DownloadingJenkinsCommitsBetween": "Commits zwischen Auftrag {0} werden in {1} heruntergeladen", "DownloadingJenkinsCommitsFailedWithException": "Fehler beim Herunterladen von Commits für das Jenkins-Artefakt {0}. Ausnahme: {1}", "DownloadingMultiplePipelineArtifacts": "{0} Pipelineartefakte werden heruntergeladen...", "DownloadingTask0": "Aufgabe wird heruntergeladen: {0} ({1})", "EnableServiceSidTypeUnrestricted": "SERVICE_SID_TYPE_UNRESTRICTED für den Agent-Dienst (J/N) aktivieren", "EnsureJobFinished": "Es wird auf die Ausführung des aktuellen Auftrags gewartet.", "EnsureTasksExist": "Laden Sie alle erforderlichen Aufgaben herunter.", "EnterValidValueFor0": "Geben Sie einen gültigen Wert für \"{0}\" ein.", "EnvironmentName": "Umgebungsname", "EnvironmentNotFound": "Die Umgebung wurde nicht gefunden: \"{0}\"", "EnvironmentVariableExceedsMaximumLength": "Die Umgebungsvariable \"{0}\" überschreitet die maximal unterstützte Länge. Umgebungsvariable Länge: {1}, Maximal unterstützte Länge: {2}", "EnvironmentVMResourceTags": "Kommagetrennte Liste mit Tags (z. B. web, db)", "ErrorDuringBuildGC": "Der Speicherbereinigungsvorgang kann nicht basierend auf \"{0}\" ermittelt werden. Probieren Sie es das nächste Mal aus.", "ErrorDuringBuildGCDelete": "GC kann, basierend auf \"{0}\" nicht abgeschlossen werden. Probieren Sie es das nächste Mal aus.", "ErrorDuringReleaseGC": "Der Speicherbereinigungsvorgang kann nicht basierend auf \"{0}\" ermittelt werden. Probieren Sie es das nächste Mal aus.", "ErrorDuringReleaseGCDelete": "GC kann, basierend auf \"{0}\" nicht abgeschlossen werden. Probieren Sie es das nächste Mal aus.", "ErrorOccurred": "Ein Fehler ist aufgetreten: {0}", "ErrorOccurredWhilePublishingCCFiles": "Fehler beim Veröffentlichen von Code Coverage-Dateien. Fehler: {0}", "EulasSectionHeader": "Endbenutzer-Lizenzverträge", "EvaluateReleaseTrackingFile": "ReleaseDirectory-Nachverfolgungsdatei auswerten: {0}", "EvaluateTrackingFile": "BuildDirectory-Nachverfolgungsdatei auswerten: {0}", "Exiting": "Wird beendet...", "ExpectedMappingCloak": "Erwartete Zuordnung[{0}] Cloak: \"{1}\". Tatsächlich: \"{2}\"", "ExpectedMappingLocalPath": "Erwartete Zuordnung[{0}] lokaler Pfad: \"{1}\". Tatsächlich: \"{2}\"", "ExpectedMappingRecursive": "Erwartete Zuordnung[{0}] rekursiv: \"{1}\". Tatsächlich: \"{2}\"", "ExpectedMappingServerPath": "Erwarteter Zuordnungspfad[{0}] Serverpfad: \"{1}\". Tatsächlich: \"{2}\"", "Failed": "Fehler: ", "FailedDeletingTempDirectory0Message1": "Fehler beim Löschen des temporären Verzeichnisses \"{0}\". {1}", "FailedTestsInResults": "Es wurde mindestens ein Testfehler in den Ergebnisdateien erkannt. Eine detaillierte Zusammenfassung der veröffentlichten Testergebnisse kann auf der Registerkarte \"Tests\" angezeigt werden.", "FailedToAddTags": "Fehler beim Anwenden von Tags auf den Agent. Versuchen Sie es erneut, oder drücken Sie STRG+C, um den Vorgang zu beenden. Alternativ können Sie zur Webseite der Bereitstellungsgruppe wechseln, um Tags hinzuzufügen.", "FailedToConnect": "Fehler beim Herstellen einer Verbindung. Versuchen Sie es noch mal, oder drücken Sie STRG+C, um den Vorgang zu beenden.", "FailedToDeleteTempScript": "Fehler beim Löschen der temporären Inlineskriptdatei \"{0}\". {1}", "FailedToFindDeploymentGroup": "Fehler beim Suchen der Bereitstellungsgruppe. Versuchen Sie es noch mal, oder drücken Sie STRG+C, um den Vorgang zu beenden.", "FailedToFindEnvironment": "Die Umgebung wurde nicht gefunden. Versuchen Sie es nochmal, oder beenden Sie den Vorgang mit STRG+C.", "FailedToFindPool": "Fehler beim Suchen des Poolnamens. Versuchen Sie es noch mal, oder drücken Sie STRG+C, um den Vorgang zu beenden.", "FailedToLockServiceDB": "Fehler beim Sperren der Dienstdatenbank für Schreibvorgänge.", "FailedToOpenSCM": "Fehler beim Öffnen des Dienststeuerungs-Managers.", "FailedToOpenSCManager": "Fehler beim Öffnen des Dienststeuerungs-Managers.", "FailedToPublishTestResults": "Fehler beim Veröffentlichen der Testergebnisse: {0}.", "FailedToReadFile": "Fehler beim Lesen von {0}. Fehler: {1}.", "FailedToReplaceAgent": "Fehler beim Ersetzen des Agents. Versuchen Sie es noch mal, oder drücken Sie STRG+C, um den Vorgang zu beenden.", "FailToRemoveGitConfig": "\"{0}\" kann nicht aus der Git-Konfiguration entfernt werden. Um die Anmeldeinformationen zu entfernen, führen Sie \"git config --unset-all {0}\" aus dem Repositorystamm \"{1}\" aus.", "FailToReplaceTokenPlaceholderInGitConfig": "Der Platzhalter für \"{0}\" in der Git-Konfigurationsdatei kann nicht ersetzt werden.", "FileAssociateProgress": "Dateien gesamt: {0} ---- Zugeordnete Dateien: {1} ({2}%)", "FileContainerUploadFailed": "Die Datei kann nicht auf den Server StatusCode={0} kopiert werden: {1}. Quelldateipfad: {2}. Zielserverpfad: {3}", "FileContainerUploadFailedBlob": "Die Datei kann nicht in das Blob hochgeladen werden. Quelldateipfad: {0}. Zielserverpfad: {1}", "FileDoesNotExist": "Die Datei \"{0}\" ist nicht vorhanden oder nicht zugänglich.", "FileNotFound": "Datei nicht gefunden: '{0}'", "FilePathNotFound": "Der Dateipfad für \"{0}\" wurde nicht gefunden.", "FileShareOperatingSystemNotSupported": "Das Veröffentlichen von Artefakten von einem Linux- oder macOS-Agent in einer Dateifreigabe wird nicht unterstützt. Ändern Sie den Artefakttyp in \"Azure Pipelines\", oder verwenden Sie einen Windows-Agent.", "FileUploadCancelled": "Der Dateiupload wurde während des Uploads abgebrochen: \"{0}\".", "FileUploadDetailTrace": "Detaillierte Uploadablaufverfolgung für Datei, die nicht hochgeladen werden kann: {0}", "FileUploadFailed": "Fehler beim Hochladen von \"{0}\" aufgrund von \"{1}\".", "FileUploadFailedAfterRetry": "Fehler beim Hochladen der Datei auch nach einem erneuten Versuch.", "FileUploadFailedRetryLater": "{0} Dateien konnten nicht hochgeladen werden. Wiederholen Sie diesen Vorgang nach einer Minute erneut.", "FileUploadFileOpenFailed": "Dateifehler \"{0}\" beim Hochladen der Datei \"{1}\".", "FileUploadFinish": "Datei: \"{0}\" benötigte {1} Millisekunden, um den Upload abzuschließen.", "FileUploadProgress": "Gesamtdatei: {0} ---- Verarbeitete Datei: {1} ({2}%)", "FileUploadProgressDetail": "\"{0}\" ({1}%) wird hochgeladen", "FileUploadRetry": "Wiederholen Sie den Vorgang {0} fehlgeschlagene Dateiuploads.", "FileUploadRetryInSecond": "Wiederholen Sie den Dateiupload nach {0} Sekunden.", "FileUploadRetrySucceed": "Der Dateiupload war nach dem erneuten Versuch erfolgreich.", "FileUploadSucceed": "Dateiupload erfolgreich.", "FinalizeJob": "Auftrag abschließen", "FinishMaintenance": "Wartung abgeschlossen: {0}", "FoundErrorInTrace": [ "{0} in Diagnoseprotokollen gemeldet. Untersuchen Sie das Protokoll, um weitere Informationen zu erhalten.", " – {1}" ], "GCBuildDir": "Löschen Sie das verwaiste und veraltete Buildverzeichnis.", "GCBuildDirNotEnabled": "Die Option „Verwaistes und veraltetes Buildverzeichnis löschen“ ist nicht aktiviert.", "GCDirIsEmpty": "Kein Buildverzeichnis muss GC sein. „{0}“ verfügt über keine Nachverfolgungsdatei.", "GCDirNotExist": "Kein Buildverzeichnis muss GC sein. „{0}“ ist nicht vorhanden.", "GCOldFormatTrackingFile": "Markieren Sie die Nachverfolgungsdatei „{0}“ für die automatische Speicherbereinigung, da sie nie verwendet wurde.", "GCReleaseDir": "Verwaiste und veraltete Versionsverzeichnisse löschen.", "GCReleaseDirIsEmpty": "Kein Buildverzeichnis muss GC sein. „{0}“ verfügt über keine Nachverfolgungsdatei.", "GCReleaseDirNotEnabled": "Die Option zum Löschen verwaister und veralteter Versionsverzeichnisse ist nicht aktiviert.", "GCReleaseDirNotExist": "Kein Versionsverzeichnis muss GC sein. „{0}“ ist nicht vorhanden.", "GCUnusedTrackingFile": "Markieren Sie die Nachverfolgungsdatei „{0}“ für die automatische Speicherbereinigung, da sie seit {1} Tagen nicht verwendet wurde.", "GenerateAndRunUpdateScript": "Generieren sie ein Updateskript, und führen Sie es aus.", "GrantContainerUserSUDOPrivilege": "Gewähren Sie dem Benutzer „{0}“ die SUDO-Berechtigung, und lassen Sie die Ausführung beliebiger Befehle ohne Authentifizierung zu.", "GrantingFilePermissions": "„{0}“ werden Dateiberechtigungen erteilt.", "GroupDoesNotExists": "Die Gruppe „{0}“ ist nicht vorhanden.", "ImageVersionLog": "Aktuelle Imageversion: „{0}“", "InitializeContainer": "Container initialisieren", "InitializeJob": "Auftrag initialisieren", "IntegrityCheckNotPassed": "Fehler beim Überprüfen der Artefaktelement-Integrität", "IntegrityCheckPassed": "Die Integritätsüberprüfung der Artefaktelement wurde erfolgreich abgeschlossen.", "InvalidAutoLogonCredential": "Für die automatische Anmeldung wurden ungültige Windows-Anmeldeinformationen eingegeben. Stellen Sie sicher, dass die angegebenen Anmeldeinformationen gültig sind und über interaktive Anmelderechte auf dem Computer verfügen. Versuchen Sie es noch einmal, oder drücken Sie STRG+C, um den Vorgang zu beenden.", "InvalidCommandArg": "Das Befehlsargument „{0}“ enthält mindestens eines der folgenden ungültigen Zeichen: \", \\r, \\n", "InvalidCommandResult": "Der Befehl weist keinen gültigen Ergebniswert auf.", "InvalidCompletedDate": "Die Dauer jedes Testlaufs wird für die Zeitberechnung verwendet, weil das aus der Testergebnisdatei abgerufene maximale Abschlussdatum {0} größer als das Mindeststartdatum {1} ist.", "InvalidConfigFor0TerminatingUnattended": "Für {0} wurde eine ungültige Konfiguration angegeben. Die unbeaufsichtigte Konfiguration wird beendet.", "InvalidDateFormat": "Die Dauer jedes Testlaufs wird für die Zeitberechnung verwendet, weil ein ungültiges Datumsformat aus der Ergebnisdatei abgerufen wurde: {0} (Startdatum: {1}, Abschlussdatum: {2}).", "InvalidEndpointField": "Ungültiges Endpunktfeld. Gültige Werte sind url, dataParameter und authParameter", "InvalidEndpointId": "Ungültige Endpunkt-ID.", "InvalidEndpointUrl": "Ungültige Endpunkt-Url.", "InvalidFileFormat": "Ungültiges Dateiformat.", "InvalidGroupName": "Ungültiger Gruppenname – {0}", "InvalidMember": "Ein neues Mitglied konnte keiner lokalen Gruppe hinzugefügt werden, da das Mitglied den falschen Kontotyp aufweist. Wenn Sie die Konfiguration auf einem Domänencontroller durchführen, können integrierte Computerkonten nicht zu lokalen Gruppen hinzugefügt werden. Sie müssen stattdessen ein Domänenbenutzerkonto verwenden.", "InvalidResultFiles": "Ungültige Ergebnisdatei. Stellen Sie sicher, dass das Ergebnisformat der Datei „{0}“ mit dem Testergebnisformat „{1}“ übereinstimmt.", "InvalidSIDForUser": "Ungültige Sicherheits-ID für den Benutzer {0}\\{1} beim Konfigurieren/Aufheben der Konfiguration der automatischen Anmeldung. Weitere Informationen finden Sie in den Protokollen.", "InvalidValueInXml": "Der Wert für „{0}“ kann nicht aus der Zusammenfassungsdatei „{1}“ abgerufen werden. Überprüfen Sie, ob die Zusammenfassungsdatei wohlgeformt ist, und versuchen Sie es noch einmal.", "InvalidWindowsCredential": "Ungültige Windows-Anmeldeinformationen eingegeben. Versuchen Sie es noch einmal, oder drücken Sie STRG-C, um den Vorgang zu beenden.", "JenkinsBuildDoesNotExistsForCommits": "Der Buildindex für Jenkins-Builds „{0}“ und „{1}“ wurde nicht gefunden. Gefundene Indizes sind „{2}“ und „{3}“. Wahrscheinlich ist der Build nicht vorhanden.", "JenkinsCommitsInvalidEndJobId": "Die EndJobId „{0}“, die dem Jenkins-Artefakt „{1}“ zugeordnet ist, ist ungültig. Commits werden nicht heruntergeladen.", "JenkinsDownloadingChangeFromCurrentBuild": "„EndJobId“ wurde nicht gefunden. Das Changeset des aktuellen Builds wird abgerufen.", "JenkinsNoCommitsToFetch": "Derselbe Build wird bereitgestellt. Nichts zum Abrufen vorhanden.", "JenkinsRollbackDeployment": "Zwischen Auftrag {0} bis {1} werden für die Rollbackbereitstellung Commits heruntergeladen.", "JobCompleted": "{0:u}: Der Auftrag „{1}“ wurde mit folgendem Ergebnis abgeschlossen: {2}", "LaunchBrowser": "zum Starten des Browsers für den AAD-Gerätecodeflow? (J/N)", "ListenForJobs": "{0:u}: Auf Aufträge lauschen", "LocalClockSkewed": "Die Uhr des lokalen Computers weicht möglicherweise um mehr als fünf Minuten von der Serverzeit ab. Synchronisieren Sie Ihre Uhr mit Ihrer Domäne oder Internetzeit, und versuchen Sie es noch einmal.", "LocalSystemAccountNotFound": "Das lokale Systemkonto wurde nicht gefunden.", "LogOutputMessage": "Der Agent hat das Hochladen von Protokollen sowie das Speichern des Protokolls in eine Datei aktiviert. Nach Abschluss des Auftrags können Sie die Protokolle dieses Schritts unter {0} auf dem Agent abrufen.", "Maintenance": "Wartung", "MaxHierarchyLevelReached": "Die Hierarchieebene übersteigt den unterstützten Grenzwert von {0}. Niedrigere Hierarchie wird abgeschnitten.", "MaxSubResultLimitReached": "Die Anzahl der Unterergebnisse im Testfall „{0}“ überschreitet den unterstützten Grenzwert von {1}. Die restlichen werden abgeschnitten.", "MemberDoesNotExists": "Das Mitglied „{0}“ ist nicht vorhanden.", "MinimumNetFramework": ".NET Framework x64 4.5 oder höher ist erforderlich.", "MinimumNetFramework46": ".NET Framework x64 4.6 oder höher ist erforderlich.", "MinimumNetFrameworkTfvc": [ ".NET Framework x64 4.6 oder höher ist nicht installiert.", "", ".NET Framework x64 4.6 oder höher ist erforderlich, um TFVC-Repositorys zu synchronisieren. Git-Repositorys müssen nicht synchronisiert werden." ], "MinRequiredDockerClientVersion": "Die mindestens erforderliche Clientversion für die Docker-Engine-API ist „{0}“, Ihre Clientversion für Docker („{1}“) lautet „{2}“.", "MinRequiredDockerServerVersion": "Die mindestens erforderliche Serverversion für die Docker-Engine-API ist „{0}“, Ihre Serverversion für Docker („{1}“) lautet „{2}“.", "MinRequiredGitLfsVersion": "Die mindestens erforderliche Git-lfs-Version ist „{0}“. Ihre Git-lfs-Version („{1}“) ist „{2}“.", "MinRequiredGitVersion": "Die mindestens erforderliche Git-Version ist „{0}“. Ihre Git-Version („{1}“) ist „{2}“.", "MinSecretsLengtLimitWarning": "Der Wert der Mindestlänge der Geheimnisse ist zu hoch. Maximalwert ist festgelegt auf: {0}", "MissingAgent": "Der Agent ist auf dem Server nicht mehr vorhanden. Konfigurieren Sie den Agent neu.", "MissingAttachmentFile": "Die Aufgabenanlagendatei kann nicht hochgeladen werden. Der Speicherort der Anlagendatei wurde nicht angegeben, oder die Anlagendatei ist nicht auf dem Datenträger vorhanden.", "MissingAttachmentName": "Die Aufgabenanlage kann nicht hinzugefügt werden. Der Anlagenname ist nicht angegeben.", "MissingAttachmentType": "Die Aufgabenanlage kann nicht hinzugefügt werden. Der Anlagentyp ist nicht angegeben.", "MissingConfig": "Es kann keine Verbindung mit dem Server hergestellt werden, da Konfigurationsdateien fehlen. Die Entfernung des Agents vom Server wird übersprungen.", "MissingEndpointField": "Das erforderliche Feld 'field' fehlt im Befehl ##vso[task.setendpoint].", "MissingEndpointId": "Das erforderliche Feld „id“ fehlt im Befehl ##vso[task.setendpoint].", "MissingEndpointKey": "Das erforderliche Feld 'key' fehlt im Befehl ##vso[task.setendpoint].", "MissingNodePath": "Für diesen Schritt ist eine Knotenversion erforderlich, die nicht im Agent-Dateisystem vorhanden ist. Pfad: {0}", "MissingRepositoryAlias": "Das Repository kann nicht aktualisiert werden, es wurde kein Repositoryalias angegeben.", "MissingRepositoryPath": "Das Repository kann nicht aktualisiert werden, es wurde kein Repositorypfad angegeben.", "MissingTaskVariableName": "Das erforderliche Feld „variable“ fehlt im Befehl „##vso[task.settaskvariable]“.", "MissingTimelineRecordId": "Der Zeitachsendatensatz kann nicht aktualisiert werden. Die ID des Zeitachsendatensatzes wurde nicht angegeben.", "MissingVariableName": "Das erforderliche Feld „variable“ fehlt im Befehl „##vso[task.setvariable]“.", "ModifyingCoberturaIndexFile": "Cobertura-Indexdatei ändern", "MultilineSecret": "Geheimnisse dürfen nicht mehrere Zeilen enthalten", "N": "N", "NameRequiredForTimelineRecord": "Für diesen neuen Zeitachsendatensatz ist ein Name erforderlich.", "NeedAdminForAutologonCapability": "Benötigt Administratorrechte zum Konfigurieren des Agents mit automatischer Anmeldung.", "NeedAdminForAutologonRemoval": "Zum Aufheben der Konfiguration eines Agents, der mit der Funktion für die automatische Anmeldung ausgeführt wird, sind Administratorrechte erforderlich.", "NeedAdminForConfigAgentWinService": "Benötigt Administratorrechte zum Konfigurieren des Agents als Windows-Dienst.", "NeedAdminForUnconfigWinServiceAgent": "Zum Aufheben der Konfiguration eines Agents, der als Windows-Dienst ausgeführt wird, sind Administratorrechte erforderlich.", "NetworkServiceNotFound": "Das Netzwerkdienstkonto wurde nicht gefunden.", "NoArtifactsFound": "In der Version „{0}“ sind keine Artefakte verfügbar.", "NoFolderToClean": "Der angegebene Reinigungsordner wurde nicht gefunden. Keine zu bereinigenden Elemente", "NoRestart": "Computer zu einem späteren Zeitpunkt neu starten? (J/N)", "NoRestartSuggestion": "Bei der Agent-Konfiguration wurde die automatische Anmeldung aktiviert. Starten Sie den Computer neu, damit die Einstellungen für die automatische Anmeldung wirksam werden.", "NoResultFound": "Es wurde kein Ergebnis zum Veröffentlichen von \"{0}\" gefunden.", "OnPremIsNotSupported": "Die Aufgabe für Pipelineartefakte wird lokal nicht unterstützt. Verwenden Sie stattdessen die Aufgabe \"Artefakt erstellen\".", "OperatingSystemShutdown": "Das Betriebssystem wird für den Computer „{0}“ heruntergefahren.", "OperationFailed": "Fehler: Fehler beim Vorgang {0} mit Rückgabecode {1}.", "OutputVariablePublishFailed": "Fehler beim Veröffentlichen von Ausgabevariablen.", "OverwriteAutoLogon": "Möchten Sie die vorhandenen Einstellungen für die automatische Anmeldung überschreiben, da die automatische Anmeldung für den Benutzer „{0}“ bereits aktiviert ist? (J/N)", "ParentProcessFinderError": "Fehler beim Überprüfen, ob der Agent in PowerShell Core ausgeführt wird.", "ParentTimelineNotCreated": "Der übergeordnete Zeitachsendatensatz wurde für diesen neuen Zeitachsendatensatz nicht erstellt.", "Password": "Kennwort", "PathDoesNotExist": "Der Pfad ist nicht vorhanden: {0}", "PersonalAccessToken": "Persönliches Zugriffstoken", "PipelineDoesNotExist": "Die folgende Pipeline ist nicht vorhanden: {0}. Überprüfen Sie den Namen der Pipeline.", "PoolNotFound": "Agentpool nicht gefunden: „{0}“", "PostJob": "Post-Auftrag: {0}", "PowerOptionsConfigError": "Fehler beim Konfigurieren der Energieoptionen. Weitere Informationen finden Sie in den Protokollen.", "PowerShellNotInstalledMinVersion0": "PowerShell ist nicht installiert. Mindestens erforderliche Version: {0}", "PreJob": "Vorauftrag: {0}", "PrepareBuildDir": "Buildverzeichnis vorbereiten.", "PrepareReleasesDir": "Vorbereiten des Releaseverzeichnisses.", "PrepareTaskExecutionHandler": "Der Taskausführungshandler wird vorbereitet.", "Prepending0WithDirectoryContaining1": "Vorangestellte {0}-Umgebungsvariable mit Verzeichnis, das „{1}“ enthält.", "PrerequisitesSectionHeader": "Voraussetzungen", "PreventServiceStartDescription": "ob verhindert werden soll, dass der Dienst sofort nach Abschluss der Konfiguration gestartet wird? (J/N)", "ProcessCompletedWithCode0Errors1": "Der Prozess wurde mit dem Exitcode {0} abgeschlossen, und {1} Fehler wurden in den Fehlerdatenstrom geschrieben.", "ProcessCompletedWithExitCode0": "Der Prozess wurde mit dem Exitcode {0} abgeschlossen.", "ProcessExitCode": "Exitcode {0} wurde vom Prozess zurückgegeben: Dateiname „{1}“, Argumente „{2}“.", "ProcessHandlerInvalidScriptArgs": "Erkannte Zeichen in Argumenten, die von der Shell möglicherweise nicht ordnungsgemäß ausgeführt werden. Weitere Informationen finden Sie hier: https://aka.ms/ado/75787", "ProfileLoadFailure": "Das Benutzerprofil für die AutoLogon-Konfiguration für den Benutzer {0}\\{1} kann nicht geladen werden.", "ProjectName": "Projektname", "Prompt0": "{0} eingeben", "Prompt0Default1": "Geben Sie {0} ein (drücken Sie die EINGABETASTE für {1})", "PSModulePathLocations": "Die Umgebungsvariable PSModulePath enthält modulspezifische Speicherorte für PowerShell Core. Wenn Sie Windows PowerShell-Aufgaben in Ihrer Pipeline verwenden möchten, können Fehler auftreten. Um dieses Problem zu beheben, starten Sie den Agent nicht unter PowerShell Core (pwsh).", "PSScriptError": "Das PowerShell-Skript wurde mit {0} Fehlern abgeschlossen.", "PublishCodeCoverage": "Code Coverage veröffentlichen", "PublishedCodeCoverageArtifact": "„{0}“ wurde als Artefakt „{1}“ veröffentlicht", "PublishingArtifactUsingRobocopy": "Hochladen von Artefakten mithilfe von Robocopy.", "PublishingCodeCoverage": "Die Zusammenfassungsdaten der Abdeckung werden auf dem TFS-Server veröffentlicht.", "PublishingCodeCoverageFiles": "Code Coverage-Dateien werden auf dem TFS-Server veröffentlicht.", "PublishingTestResults": "Die Testergebnisse für den Testlauf „{0}“ werden veröffentlicht", "PublishTestResults": "Testergebnisse veröffentlichen", "QueryingWorkspaceInfo": "Arbeitsbereichsinformationen werden abgefragt.", "QueueConError": "{0:u}: Agent-Verbindungsfehler: {1}. Das Herstellen der Verbindung wird solange versucht, bis die Verbindung erneut hergestellt ist.", "QueueConnected": "{0:u}: Agent erneut verbunden.", "QuietCheckoutModeRequested": "Modus für unbeaufsichtigtes Auschecken: weniger Ausgabe an die Konsole.", "ReadingCodeCoverageSummary": "Die Code Coverage-Zusammenfassung von „{0}“ wird gelesen.", "ReadOnlyTaskVariable": "Das Überschreiben der schreibgeschützten Aufgabenvariablen „{0}“ ist unzulässig. Weitere Informationen finden Sie unter https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "ReadOnlyTaskVariableWarning": "Die schreibgeschützte Aufgabenvariable „{0}“ wird überschrieben. Dieses Verhalten wird in Zukunft deaktiviert. Weitere Informationen finden Sie unter https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "ReadOnlyVariable": "Das Überschreiben der schreibgeschützten Variablen „{0}“ ist unzulässig. Weitere Informationen finden Sie unter https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "ReadOnlyVariableWarning": "Die schreibgeschützte Variable „{0}“ wird überschrieben. Dieses Verhalten wird in Zukunft deaktiviert. Weitere Informationen finden Sie unter https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "RegisterAgentSectionHeader": "Agent registrieren", "ReleaseDirLastUseTime": "Das zuletzt verwendete Releaseverzeichnis „{0}“ lautet: {1}", "RenameIndexFileCoberturaFailed": "Fehler beim Umbenennen von „{0}“ in „{1}“ beim Veröffentlichen von Code Coverage-Dateien für „{2}“. Innere Ausnahme: „{3}“", "Replace": "Ersetzen? (J/N)", "RepositoryNotExist": "Das Repository kann nicht aktualisiert werden. Das Repository ist nicht vorhanden.", "ResourceMonitorAgentEnvironmentResource": "Agent-Umgebungsressourcen – {0}, {1}, {2}", "ResourceMonitorCPUInfo": "CPU: Auslastung {0} %", "ResourceMonitorCPUInfoError": "CPU-Informationen können nicht abgerufen werden, Ausnahme: {0}", "ResourceMonitorDiskInfo": "Datenträger: {0} Verfügbar {1} MB von {2} MB", "ResourceMonitorDiskInfoError": "Datenträgerinformationen können nicht abgerufen werden. Ausnahme: {0}", "ResourceMonitorFreeDiskSpaceIsLowerThanThreshold": "Der freie Speicherplatz auf {0} ist kleiner als {1} %. Derzeit verwendet: {2} %", "ResourceMonitorMemoryInfo": "Arbeitsspeicher: {0} MB von {1} MB verwendet", "ResourceMonitorMemoryInfoError": "Arbeitsspeicherinformationen können nicht abgerufen werden. Ausnahme: {0}", "ResourceMonitorMemorySpaceIsLowerThanThreshold": "Der freie Arbeitsspeicher ist kleiner als {0} %. Derzeit verwendet: {1} %", "ResourceUtilizationDebugOutputIsDisabled": "Die Ausgabe der Ressourcenverwendung für Debugausführungen ist deaktiviert. Legen Sie die Variable \"AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT\" auf \"true\" fest, wenn Sie sie aktivieren möchten.", "ResourceUtilizationWarningsIsDisabled": "Ressourcenverwendungswarnungen sind deaktiviert. Legen Sie die Variable \"DISABLE_RESOURCE_UTILIZATION_WARNINGS\" auf \"false\" fest, wenn Sie sie aktivieren möchten.", "RestartIn15SecMessage": "Der Computer wird in 15 Sekunden neu gestartet...", "RestartMessage": "Starten Sie den Computer neu, um den Agent zu starten und damit die Einstellungen für die automatische Anmeldung wirksam werden.", "ReStreamLogsToFilesError": "Sie können \"--disableloguploads\" und \"--reStreamLogsToFiles\" nicht gleichzeitig verwenden.", "RetryCountLimitExceeded": "Die maximal zulässige Anzahl von Versuchen ist {0}. Es gab jedoch {1} Versuche. Die Anzahl der Wiederholungsversuche wird auf {0}verringert.", "RetryingReplaceAgent": "Es wird erneut versucht, den Agenten zu ersetzen (Versuch {0} von {1}). Warten Sie {2} Sekunden vor dem nächsten Versuch …", "RMApiFailure": "API {0} ist einem Fehlercode {1} fehlgeschlagen", "RMArtifactContainerDetailsInvalidError": "Das Artefakt verfügt über keine gültigen Containerdetails: {0}", "RMArtifactContainerDetailsNotFoundError": "Das Artefakt enthält keine Containerdetails: {0}", "RMArtifactDetailsIncomplete": "Die erforderlichen Informationen zum Herunterladen des Artefakts wurden nicht gefunden", "RMArtifactDirectoryNotFoundError": "Das Artefaktverzeichnis ist nicht vorhanden: {0}. Dies kann vorkommen, wenn das Kennwort des Kontos {1} kürzlich geändert wurde und für den Agent nicht aktualisiert wurde. Wenn dies der Fall ist, sollten Sie die Neukonfiguration des Agents in Betracht ziehen.", "RMArtifactDownloadBegin": "Verknüpftes Artefakt {0} vom Typ {1} wird heruntergeladen...", "RMArtifactDownloadFinished": "Verknüpftes Artefakt {0} wurde heruntergeladen", "RMArtifactDownloadRequestCreationFailed": "Fehler beim Erstellen der Anforderung zum Herunterladen des Artefakts von der URL: {0}", "RMArtifactEmpty": "Das Artefakt enthält keine herunterzuladenden Dateien.", "RMArtifactMatchNotFound": "Das Buildartefakt „{0}“ stimmt nicht mit keinem Benennungsmuster überein, der Download wird übersprungen", "RMArtifactNameDirectoryNotFound": "Das Verzeichnis „{0}“ ist nicht vorhanden. Fallback auf das übergeordnete Verzeichnis: {1}", "RMArtifactsDownloadFinished": "Der Download von Artefakten wurde abgeschlossen.", "RMArtifactTypeFileShare": "Artefakttyp: FileShare", "RMArtifactTypeNotSupported": "Die Releaseverwaltung unterstützt das Herunterladen des Artefakttyps {0} in der aktuellen Version nicht", "RMArtifactTypeServerDrop": "Artefakttyp: ServerDrop", "RMArtifactVersionNotBelongToArtifactSource": "Die Artefaktversion mit der ID {0} gehört nicht zur verknüpften Artefaktquelle mit der ID {1}.", "RMBuildNotFromLinkedDefinition": "Der Build {0} gehört nicht zur verknüpften Builddefinition {1}.", "RMCachingAllItems": "Alle Elemente im Dateicontainer werden zwischengespeichert...", "RMCachingComplete": "Zwischenspeicherung ist abgeschlossen. ({0} ms)", "RMCachingContainerItems": "Elemente unter „{0}“ werden im Dateicontainer zwischengespeichert...", "RMContainerItemNotSupported": "Der Containerelementtyp „{0}“ wird nicht unterstützt.", "RMContainerItemPathDoesnotExist": "Der Pfad des Dateicontainerelements beginnt nicht mit {0}: {1}", "RMContainerItemRequestTimedOut": "Timeout bei der Anforderung nach {0} Sekunden; im Ruhezustand für {1} Sekunden und erneuter Versuch. Anforderung: {2} {3}", "RMCreatedArtifactsDirectory": "Erstelltes Artefaktverzeichnis: {0}", "RMCreatingArtifactsDirectory": "Artefaktverzeichnis wird erstellt: {0}", "RMCustomEndpointNotFound": "Im Auftrag zum Herunterladen des benutzerdefinierten Artefakts wurden die erforderlichen Informationen nicht gefunden: {0}", "RMDownloadArtifactUnexpectedError": "Unerwarteter Fehler beim Herunterladen von Artefakten", "RMDownloadBufferSize": "Downloadpuffergröße: {0}", "RMDownloadComplete": "Der Download ist abgeschlossen.", "RMDownloadingArtifact": "Das Artefakt wird heruntergeladen", "RMDownloadingArtifactFromFileContainer": "Das Artefakt wird aus dem Dateicontainer {0} zum Ziel {1} heruntergeladen", "RMDownloadingArtifactFromFileShare": "Das Artefakt wird aus der Dateifreigabe {0} zum Ziel {1} heruntergeladen", "RMDownloadingArtifactUsingRobocopy": "Das Artefakt wird mithilfe von Robocopy heruntergeladen.", "RMDownloadingCommits": "Commits werden heruntergeladen", "RMDownloadingJenkinsArtifacts": "Die Artefakte werden vom Jenkins-Server heruntergeladen", "RMDownloadProgress": "{0} abgelegte Datei(en): {1} heruntergeladen, {2} leer", "RMDownloadProgressDetails": "{0} MB heruntergeladen mit {1} KB/s. Downloadzeit: {2}.", "RMDownloadStartDownloadOfFile": "Datei {0} wird heruntergeladen", "RMDownloadTaskCompletedStatus": "In {0} Minuten wurden keine Downloadaufgaben abgeschlossen. Verbleibende Vorgangsstatus:", "RMDownloadTaskStates": " {0}: \t{1} Aufgabe(n).", "RMEnsureArtifactFolderExistsAndIsClean": "Sicherstellen, dass der Artefaktordner {0} vorhanden und bereinigt ist.", "RMEnvironmentVariablesAvailable": "Die verfügbaren Umgebungsvariablen sind unten aufgeführt. Beachten Sie, dass auf diese Umgebungsvariablen in der Aufgabe (in der ReleaseDefinition) verwiesen werden kann, indem „_“ mit „.“ ersetzt wird. Beispielsweise kann die Umgebungsvariable AGENT_NAME mithilfe von Agent.Name in ReleaseDefinition referenziert werden: {0}", "RMErrorDownloadingContainerItem": "Fehler beim Herunterladen von {0}: {1}", "RMErrorDuringArtifactDownload": "Fehler beim Herunterladen: {0}", "RMFailedCreatingArtifactDirectory": "Fehler beim Erstellen des Releaseartefaktverzeichnisses „{0}“.", "RMFileShareArtifactErrorOnNonWindowsAgent": "Artefakte können nicht von einer Dateifreigabe mit dem OSX- oder Linux-Agent heruntergeladen werden. Sie können das Artefakt vom Server herunterladen oder einen Windows-Agent verwenden.", "RMGitEndpointNotFound": "Im Auftrag zum Herunterladen des Git-Artefakts der Team Foundation wurden die erforderlichen Informationen nicht gefunden.", "RMGitHubEndpointNotFound": "Im Auftrag zum Herunterladen des GitHub-Artefakts wurden die erforderlichen Informationen nicht gefunden: {0}", "RMGotJenkinsArtifactDetails": "Jenkins-Artefaktdetails empfangen", "RMJenkinsBuildId": "BuildId: {0}", "RMJenkinsEndpointNotFound": "Im Auftrag zum Herunterladen des Jenkins-Artefakts wurden die erforderlichen Informationen nicht gefunden: {0}", "RMJenkinsInvalidBuild": "Der Jenkins-Build {0} ist ungültig.", "RMJenkinsJobName": "Auftragsname: {0}", "RMJenkinsNoArtifactsFound": "Im Jenkins-Build {0} sind keine Artefakte verfügbar.", "RMLowAvailableDiskSpace": "Laufwerk {0} enthält zu wenig Speicherplatz, es sind weniger als 100 MB verfügbar.", "RMNoBuildArtifactsFound": "Im Build {0} sind keine Artefakte verfügbar.", "RMParallelDownloadLimit": "Limit für parallele Downloads: {0}", "RMPrepareToGetFromJenkinsServer": "Das Abrufen von Artefaktinformationen vom Jenkins-Server wird vorbereitet", "RMPreparingToDownload": "Das Herunterladen des Artefakts wird vorbereitet: {0}", "RMPreparingToGetBuildArtifactList": "Das Abrufen der Liste der verfügbaren Artefakte aus dem Build wird vorbereitet", "RMReAttemptingDownloadOfContainerItem": "Es wird erneut versucht, {0} herunterzuladen. Fehler: {1}", "RMReceivedGithubArtifactDetails": "GitHub-Artefaktdetails empfangen", "RMReleaseNameRequired": "Der Releasename ist erforderlich.", "RMRemainingDownloads": "{0} Downloads verbleiben.", "RMRetryingArtifactDownload": "Download wird wiederholt...", "RMRetryingCreatingArtifactsDirectory": "Fehler beim Erstellen des Releaseartefaktverzeichnisses {0} mit einer Ausnahme {1}. Die Erstellung des Releaseartefaktverzeichnisses wird wiederholt.", "RMRobocopyBasedArtifactDownloadExitCode": "Robocopy-Exitcode: {0}", "RMRobocopyBasedArtifactDownloadFailed": "Fehler beim Robocopy-basierten Download. Exitcode: {0}", "RMStartArtifactsDownload": "Download der Artefakte wird gestartet...", "RMStreamTypeNotSupported": "Die Releaseverwaltung unterstützt das Herunterladen des Datenstromtyps {0} in der aktuellen Version nicht", "RMTfsVCEndpointNotFound": "Im Auftrag zum Herunterladen des Artefakts der Team Foundation-Versionskontrolle wurden die erforderlichen Informationen nicht gefunden.", "RMUpdateReleaseName": "Aktualisieren Sie den Versionsnamen.", "RMUpdateReleaseNameForRelease": "Aktualisieren Sie den Namen der Version „{0}“ auf „{1}“.", "RMUpdateReleaseNameForReleaseComment": "Der Releasename wird mit dem Befehl zur Aufgabenprotokollierung auf „{0}“ aktualisiert.", "RMUserChoseToSkipArtifactDownload": "Der Artefaktdownload wird basierend auf der angegebenen Einstellung übersprungen.", "RobocopyBasedPublishArtifactTaskExitCode": "Robocopy-Exitcode: {0}", "RobocopyBasedPublishArtifactTaskFailed": "Fehler bei der Robocopy-basierten Veröffentlichung. Exitcode: {0}", "Rosetta2Warning": "Es ist bekannt, dass die X64-Emulation zu Unterbrechungen im Agent-Prozess führt. Verwenden Sie den nativen Agent (ARM).", "RSAKeyFileNotFound": "Die RSA-Schlüsseldatei „{0}“ wurde nicht gefunden.", "RunAgentAsServiceDescription": "Agent als Dienst ausführen? (J/N)", "RunAsAutoLogonDescription": "Automatische Anmeldung konfigurieren und Agent beim Start ausführen? (J/N)", "RunIDNotValid": "Die Ausführungs-ID ist ungültig: {0}", "RunningJob": "{0:u}: {1} wird ausgeführt", "SavedSettings": "{0:u}: Einstellungen wurden gespeichert.", "ScanToolCapabilities": "Toolfunktionen werden gesucht.", "ScreenSaverPoliciesInspection": "Es wird nach Richtlinien gesucht, die verhindern können, dass der Bildschirmschoner deaktiviert wird.", "ScreenSaverPolicyWarning": "Die Bildschirmschonerrichtlinie ist auf dem Computer definiert. Aus diesem Grund wird der Bildschirmschoner möglicherweise erneut aktiviert. Ein aktiver Bildschirmschoner wirkt sich womöglich auf Softwarevorgänge aus. Zum Beispiel können bei automatisierten Softwaretests Fehler auftreten.", "SecretsAreNotAllowedInInjectedTaskInputs": "Die Aufgabe versucht, auf die folgenden Eingaben einer Zielaufgabe zuzugreifen, die geheimnisse enthalten:\n{0}\nEs ist nicht zulässig, Eingaben, die Geheimnisse enthalten, an die von Decoratoren eingefügten Aufgaben zu übergeben.", "SelfManageGitCreds": "Sie befinden sich im Selbstverwaltungsmodus der Git-Anmeldeinformationen. Stellen Sie sicher, dass Ihr Agenthostcomputer alle Git-Authentifizierungsabfragen umgehen kann.", "ServerTarpit": "Der Auftrag wird zurzeit vom Server eingeschränkt. Möglicherweise treten Verzögerungen bei der Konsolenzeilenausgabe, bei der Auftragsstatusberichterstellung und beim Hochladen des Aufgabenprotokolls auf.", "ServerTarpitUrl": "Link zur Seite „Ressourcennutzung“ (globale 1-Stunden-Ansicht): {0}.", "ServerTarpitUrlScoped": "Link zur Seite zur Ressourcennutzung (1-Stunden-Ansicht nach Pipeline): {0}.", "ServerUrl": "Server-URL", "ServiceAlreadyExists": "Der Dienst ist bereits vorhanden: {0}. Er wird er ersetzt.", "ServiceConfigured": "Der Dienst „{0}“ wurde erfolgreich konfiguriert.", "ServiceDelayedStartOptionSet": "Der Dienst „{0}“ für verzögerten Autostart wurde erfolgreich festgelegt.", "ServiceInstalled": "Der Dienst „{0}“ wurde erfolgreich installiert.", "ServiceLockErrorRetry": "Fehler bei der Dienstdatenbanksperre. Code {0}. Wiederholung nach {1} Sekunden...", "ServiceRecoveryOptionSet": "Der Dienst „{0}“ hat die Wiederherstellungsoption erfolgreich festgelegt.", "ServiceSidTypeSet": "Der Dienst „{0}“ hat den SID-Typ erfolgreich festgelegt.", "ServiceStartedSuccessfully": "Der Dienst „{0}“ wurde gestartet.", "SessionCreateFailed": "Fehler beim Erstellen der Sitzung. {0}", "SessionExist": "Für diesen Agent ist bereits eine Sitzung vorhanden.", "SessionExistStopRetry": "Beenden Sie den Wiederholungsversuch für SessionConflictException, nachdem es {0} Sekunden lang versucht wurde.", "SetBuildVars": "Legen Sie Buildvariablen fest.", "SetEnvVar": "Die Umgebungsvariable „{0}“ wird erstellt.", "SetVariableNotAllowed": "Das Festlegen der Variablen „{0}“ wurde durch die Aufgaben- oder Builddefinition deaktiviert.", "ShallowCheckoutFail": "Fehler bei Git-Check-Out im flachen Repository. Dies liegt möglicherweise daran, dass der Git-Abruf mit der Tiefe „{0}“ nicht den Check-Out-Commit „{1}“ umfasst. Weitere Informationen finden Sie in der Dokumentation (http://go.microsoft.com/fwlink/?LinkId=829603).", "ShallowLfsFetchFail": "Fehler beim Abrufen von Git-lfs im flachen Repository. Dies liegt möglicherweise daran, dass der Git-Abruf mit der Tiefe „{0}“ nicht den lfs-Abruf-Commit „{1}“ umfasst. Weitere Informationen finden Sie in der Dokumentation (http://go.microsoft.com/fwlink/?LinkId=829603).", "ShutdownMessage": "Der Computer wird neu gestartet, um den Agent im interaktiven Modus zu starten.", "Skipping": "Ist nicht vorhanden. Überspringen ", "SkipTrackingFileWithoutRepoType": "Die Nachverfolgungsdatei „{0}“ wird überspringen. Der Repository-Typ wurde noch nicht aktualisiert.", "SourceArtifactProviderNotFound": "Der Quellanbieter für das Artefakt vom Typ „{0}“ wurde nicht gefunden.", "StartingArtifactDownload": "Herunterladen von {0} wird gestartet.", "StartMaintenance": "Wartung starten: {0}", "StepCancelled": "Der Vorgang wird abgebrochen. Die nächsten Schritte enthalten möglicherweise keine erwarteten Protokolle.", "StepFinishing": "{0} wird fertiggstellt", "StepStarting": "{0} wird gestartet.", "StepTimedOut": "Timeout für die Aufgabe.", "StopContainer": "Container beenden", "Success": "Erfolgreich: ", "SupportedRepositoryEndpointNotFound": "Dem unterstützten Quellanbieter konnten keine Quellrepositoryendpunkte zugeordnet werden.", "SupportedTaskHandlerNotFoundLinux": "Das aktuelle Betriebssystem kann diesen Task nicht ausführen. Dies bedeutet normalerweise, dass der Task nur für Windows geschrieben wurde. Zum Beispiel für Windows Desktop PowerShell.", "SupportedTaskHandlerNotFoundWindows": "Es wurde kein unterstützter Taskausführungshandler gefunden. Die Aufgabe weist keine Implementierung auf, die mit Ihrem aktuellen Betriebssystem „{0}“ kompatibel ist. Wenden Sie sich an den Autor, um mehr zu erfahren.", "SvnBranchCheckedOut": "Branch {0} für Repository {1} bei Revision {2} wurde ausgecheckt.", "SvnEmptyServerPath": "Der leere relative Serverpfad ist „{0}“ zugeordnet.", "SvnFileAlreadyExists": "Die Datei „{0}“ ist bereits vorhanden.", "SvnIncorrectRelativePath": "Es wurde ein falscher relativer Pfad \"{0}\" angegebenen.", "SvnMappingDuplicateLocal": "Die doppelte Zuordnung für den lokalen Pfad={0} wird ignoriert.", "SvnMappingDuplicateServer": "Die doppelte Zuordnung für Serverpfad={0} wird ignoriert.", "SvnMappingIgnored": "Der gesamte Zuordnungssatz wird ignoriert. Die vollständige Branchzuordnung wird fortgesetzt.", "SvnNotInstalled": "Das installierte SVN-Befehlszeilenhilfsprogramm wurde nicht gefunden.", "SvnSyncingRepo": "Repository wird synchronisiert: {0} (Svn)", "TarExtraction": "Tar-Archiv wird extrahiert: {0}", "TarExtractionError": "Fehler beim Extrahieren des tar-Archivs „{0}“: {1}", "TarExtractionNotSupportedInWindows": "Die Tar-Extraktion wird unter Windows nicht unterstützt", "TarSearchStart": "Die Suche nach tar-Archiven, die extrahiert werden sollen, wird gestartet.", "TarsFound": "Es wurden {0} zu extrahierende tar-Archive gefunden.", "TarsNotFound": "Es wurden keine Tar-Archive zum Extrahieren gefunden.", "TaskDownloadFailed": "Fehler beim Herunterladen der Aufgabe „{0}“. Fehler: {1}", "TaskDownloadTimeout": "Die Aufgabe „{0}“ hat den Download nicht innerhalb von {1} Sekunden abgeschlossen.", "TaskSignatureVerificationFailed": "Fehler beim Verifizieren der Aufgabensignatur.", "TaskSignatureVerificationSucceeeded": "Die Aufgabensignatur wurde erfolgreich verifiziert.", "TeeEula": [ "Um Quellen aus einem TFVC-Repository zu erstellen, muss die Team Explorer Everywhere-Endbenutzer-Lizenzbedingungen akzeptiert werden. Dieser Schritt ist nicht erforderlich, um Quellen aus Git-Repositorys zu erstellen.", "", "Eine Kopie des Team Explorer Everywhere-Lizenzvertrags finden Sie unter:", " {0}" ], "Telemetry": "Telemetrie", "TelemetryCommandDataError": "Telemetriedaten „{0}“ können nicht analysiert werden. Fehler: {1}", "TelemetryCommandFailed": "Fehler beim Veröffentlichen von Telemetriedaten. Fehler: {0}", "TenantId": "Mandanten-ID", "TestAgentConnection": "Agentverbindung wird getestet.", "TestAttachmentNotExists": "Die Anlage wird übersprungen, da sie auf dem Datenträger nicht vorhanden ist: {0}", "TestResultsRemaining": "Verbleibende Testergebnisse: {0}. Testlauf-ID: {1}", "Tfs2015NotSupported": "Dieser Agent wird unter Windows für TFS 2015 nicht unterstützt. Der TFS 2015-Windows-Agent kann von der Verwaltungsseite für Agentpools heruntergeladen werden.", "TotalThrottlingDelay": "Für den Auftrag ist aufgrund der Servereinschränkung eine Verzögerung von {0} Sekunden aufgetreten.", "TotalUploadFiles": "{0} Dateien werden hochgeladen.", "TypeRequiredForTimelineRecord": "Für diesen neuen Zeitachsendatensatz ist ein Typ erforderlich.", "UnableResolveArtifactType": "Der Artefakttyp kann nicht vom Artefaktspeicherort abgeleitet werden: {0}.", "UnableToArchiveResults": "Die Testergebnisse können nicht archiviert werden: {0}.", "UnableToParseBuildTrackingConfig0": "Die Konfiguration der Legacybuildnachverfolgung kann nicht analysiert werden. Stattdessen wird ein neues Buildverzeichnis erstellt. Das vorherige Verzeichnis befindet sich möglicherweise in einem nicht freigegebenen Zustand. Legacykonfigurationsinhalte: {0}", "UnconfigAutologon": "Einstellungen für die automatische Anmeldung werden entfernt.", "UnconfigureOSXService": "Konfiguration des Diensts zuerst gemäß „https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-osx“ aufheben", "UnconfigureServiceDService": "Konfiguration des Diensts zuerst gemäß „https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-linux“ aufheben", "UnexpectedParallelCount": "Nicht unterstützte parallele Anzahl „%s“. Geben Sie eine Zahl zwischen 1 und 128 ein.", "UninstallingService": "Dienst wird entfernt", "UnknownCodeCoverageTool": "Das Code Coverage-Tool „{0}“ wird nicht unterstützt.", "UnrecognizedCmdArgs": "Unbekannte Eingabeargumente für die Befehlszeile: „{0}“. Informationen zur Verwendung finden Sie unter: „.\\config.cmd --help“ oder „./config.sh --help“", "UnregisteringAgent": "Der Agent wird vom Server entfernt", "UnsupportedGitLfsVersion": "Ihre aktuelle Git-LFS-Version ist „{0}“; diese Version wird vom Agent nicht unterstützt. Führen Sie ein Upgrade auf mindestens Version „{1}“ durch. Weitere Informationen finden Sie unter „https://github.com/git-lfs/git-lfs/issues/3571“.", "UnsupportedOsVersionByNet8": "Die Betriebssystemversion, auf der dieser Agent ausgeführt wird ({0}), wird bei einem bevorstehenden Update des Pipelines Agent nicht unterstützt. Unterstützte Betriebssystemversionen finden Sie unter https://aka.ms/azdo-pipeline-agent-net8.", "UpdateBuildNumber": "Buildnummer aktualisieren", "UpdateBuildNumberForBuild": "Buildnummer für Build „{1}“ auf {0} aktualisieren", "UpdateInProgress": "Agent wird aktualisiert. Fahren Sie den Agent nicht herunter.", "UpgradeToLatestGit": "Um eine bessere Git-Erfahrung zu erhalten, aktualisieren Sie Ihre Git-Software auf mindestens Version „{0}“. Ihre aktuelle Git-Version ist „{1}“.", "UploadArtifact": "Artefakt hochladen", "UploadArtifactCommandNotSupported": "Das Hochladen des Serverartefakts wird in „{0}“ nicht unterstützt.", "UploadArtifactFinished": "Das Hochladen des Pipelineartefakts wurde abgeschlossen.", "UploadingPipelineArtifact": "Pipelineartefakt wird aus „{0}“ für Build #{1} hochgeladen", "UploadToFileContainer": "„{0}“ in Dateicontainer „{1}“ hochladen", "UserName": "Benutzername", "UserNameLog": "Agent wird ausgeführt als „{0}“", "UserShutdownAgent": "Der Agent hat ein Signal zum Herunterfahren empfangen. Dies kann vorkommen, wenn der Agentdienst beendet oder ein manuell gestarteter Agent abgebrochen wird.", "Variable0ContainsCyclicalReference": "Die Variable „{0}“ kann nicht erweitert werden. Ein zyklischer Verweis wurde erkannt.", "Variable0ExceedsMaxDepth1": "Die Variable „{0}“ kann nicht erweitert werden. Die maximale Erweiterungstiefe ({1}) wurde überschritten.", "VMResourceWithSameNameAlreadyExistInEnvironment": "Die Umgebung mit der ID „{0}“ enthält bereits eine VM-Ressource mit dem Namen „{1}“.", "VSTSHostNonZeroReturn": "„LegacyVSTSPowerShellHost.exe“ wurde mit folgendem Rückgabecode abgeschlossen: {0}.", "WaitForServiceToStop": "Es wird auf das Beenden des Diensts gewartet...", "WindowsLogonAccountNameDescription": "Benutzerkonto, das für den Dienst verwendet werden soll", "WindowsLogonPasswordDescription": "Das Kennwort für das Konto {0}", "WorkFolderDescription": "Arbeitsordner", "WorkspaceMappingNotMatched": "Arbeitsbereichszuordnungen stimmen für den Arbeitsbereich „{0}“ nicht überein", "Y": "Y", "ZipSlipFailure": "Der Eintrag befindet sich außerhalb des Zielverzeichnisses „{0}“" } ================================================ FILE: src/Misc/layoutbin/en-US/strings.json ================================================ { "AcceptTeeEula": "(Y/N) Accept the Team Explorer Everywhere license agreement now?", "AccessDenied": "Access Denied", "AccessDeniedSettingDelayedStartOption": "Access Denied while setting service delayed auto start options.", "AccessDeniedSettingRecoveryOption": "Access Denied while setting service recovery options.", "AccessDeniedSettingSidType": "Access Denied while setting service SID type.", "AddAgentFailed": "Failed to add the agent. Try again or ctrl-c to quit", "AddBuildTag": "Add Build Tag", "AddDeploymentGroupTagsFlagDescription": "deployment group tags for agent? (Y/N)", "AddEnvironmentVMResourceTags": "Environment Virtual Machine resource tags? (Y/N)", "AgentAddedSuccessfully": "Successfully added the agent", "AgentAlreadyInsideContainer": "Container feature is not supported when agent is already running inside container. Please reference documentation (https://go.microsoft.com/fwlink/?linkid=875268)", "AgentCdnAccessFailWarning": "Action Required: Azure Pipelines Agent cannot reach the new CDN URL. Allowlist 'download.agent.dev.azure.com' now to prevent pipeline failures. Details: https://devblogs.microsoft.com/devops/cdn-domain-url-change-for-agents-in-pipelines/", "AgentDoesNotSupportContainerFeatureRhel6": "Agent does not support the container feature on Red Hat Enterprise Linux 6 or CentOS 6.", "AgentDowngrade": "Downgrading agent to a lower version. This is usually due to a rollback of the currently published agent for a bug fix. To disable this behavior, set environment variable AZP_AGENT_DOWNGRADE_DISABLED=true before launching your agent.", "AgentExit": "Agent will exit shortly for update, should back online within 10 seconds.", "AgentIsNotConfigured": "Agent is not configured.", "AgentMachineNameLog": "Agent machine name: '{0}'", "AgentMachinePoolNameLabel": "agent pool", "AgentName": "agent name", "AgentNameLog": "Agent name: '{0}'", "AgentOutOfMemoryFailure": "The agent worker exited with code 137, which means it ran out of memory. Make sure the agent (container) host has sufficient memory configured.", "AgentReplaced": "Successfully replaced the agent", "agentRootFolderCheckError": "Unable to check access rules of the agent root folder. Please examine the log for more details.", "agentRootFolderInsecure": "Security warning! The group {0} has access to write/modify the agent folder. Please examine the log for more details.", "AgentRunningBehindProxy": "Agent is running behind proxy server: '{0}'", "AgentVersion": "Current agent version: '{0}'", "AgentWithSameNameAlreadyExistInPool": "Pool {0} already contains an agent with name {1}.", "AllowContainerUserRunDocker": "Allow user '{0}' run any docker command without SUDO.", "AlreadyConfiguredError": "Cannot configure the agent because it is already configured. To reconfigure the agent, run 'config.cmd remove' or './config.sh remove' first.", "ApkAddShadowFailed": "The user ID is outside the range of the 'adduser' command. The alternative command 'useradd' cannot be used because the 'shadow' package is not preinstalled and the attempt to install this package failed. Check network availability or use a docker image with the 'shadow' package preinstalled.", "ArgumentNeeded": "'{0}' has to be specified.", "ArtifactCustomPropertiesNotJson": "Artifact custom properties is not valid JSON: '{0}'", "ArtifactCustomPropertyInvalid": "Artifact custom properties must be prefixed with 'user-'. Invalid property: '{0}'", "ArtifactDownloadFailed": "Failed to download the artifact from {0}.", "ArtifactLocationRequired": "Artifact location is required.", "ArtifactNameIsNotValid": "Artifact name is not valid: {0}. It cannot contain '\\', /', \"', ':', '<', '>', '|', '*', and '?'", "ArtifactNameRequired": "Artifact Name is required.", "ArtifactTypeRequired": "Artifact Type is required.", "AssociateArtifact": "Associate Artifact", "AssociateArtifactCommandNotSupported": "Associating server artifact is not supported in {0}.", "AssociateArtifactWithBuild": "Associated artifact {0} with build {1}", "AssociateFiles": "Associating files", "AttachFileNotExist": "Can't attach (type:{0} name:{1}) file: {2}. File does not exist.", "AttachmentExceededMaximum": "Skipping attachment as it exceeded the maximum allowed size 75MB: {0}", "AttemptRemoveCredFromConfig": "An unsuccessful attempt was made using git command line to remove \"{0}\" from the git config. Attempting to modify the git config file directly to remove the credential.", "AuthenticationType": "authentication type", "AutoLogonAccountGmsaHint": "If you are trying to use a gMSA account, please put a dollar sign ($) at the end of the account name)", "AutoLogonAccountNameDescription": "User account to use for autologon", "AutoLogonOverwriteDeniedError": "Unable to configure autologon as it is already configured for a different user ({0}) on the machine. Use '--overwriteautologon' if you wish to overwrite.", "AutoLogonPolicies_LegalNotice": "Legal Notice", "AutoLogonPolicies_ShutdownReason": "Shutdown reason", "AutoLogonPoliciesInspection": "Checking for policies that may prevent autologon from working correctly.", "AutoLogonPoliciesWarningsHeader": "Following policies may affect the autologon:", "BeginArtifactItemsIntegrityCheck": "Starting artifact items integrity check", "BlobStoreDownloadWarning": "Artifact download from Blobstore failed, falling back to TFS. This will reduce download performance. Check that access to {0} is allowed by your firewall rules. Please ensure your agent firewall is configured properly: {1}", "BlobStoreUploadWarning": "Artifact upload to Blobstore failed, falling back to TFS. This fallback will be removed in a future release. Check that access to {0} is allowed by your firewall rules. Please ensure your agent firewall is configured properly: {1}", "BuildDirLastUseTIme": "The last time build directory '{0}' been used is: {1}", "BuildIdIsNotAvailable": "Trying to download pipeline artifact in '{0}' environment but build id is not present. Can only download a pipeline artifact in '{1}' environment if the artifact is a build.", "BuildIdIsNotValid": "Build Id is not valid: {0}", "BuildingFileTree": "Building file tree", "BuildLogsMessage": "The agent has disabled uploading logs. After the job completes, you can retrieve this step's logs at {0} on the agent.", "BuildNumberRequired": "Build number is required.", "BuildsDoesNotExist": "No builds currently exist in the pipeline definition supplied.", "BuildTagAddFailed": "Build tag '{0}' was not added successfully.", "BuildTagRequired": "Build tag is required.", "BuildTagsForBuild": "Build '{0}' has following tags now: {1}", "CannotChangeParentTimelineRecord": "Can't change parent timeline record of an existing timeline record.", "CannotDownloadFromCurrentEnvironment": "Cannot download a pipeline artifact from {0} environment.", "CannotFindHostName": "Cannot find VSTS organization name from server url: '{0}'", "CanNotFindService": "Cannot find service {0}", "CanNotGrantPermission": "Cannot grant LogonAsService permission to the user {0}", "CanNotStartService": "Cannot start the service. Check the logs for more details.", "CanNotStopService": "Cannot stop the service {0} in a timely fashion.", "CannotUploadFile": "Cannot upload file because file location is not specified.", "CannotUploadFromCurrentEnvironment": "Cannot upload to a pipeline artifact from {0} environment.", "CannotUploadSummary": "Cannot upload summary file, summary file location is not specified.", "CheckoutTaskDisplayNameFormat": "Checkout {0}@{1} to {2}", "CleaningDestinationFolder": "Cleaning destination folder: {0}", "ClientId": "Client(App) ID", "ClientSecret": "Client secret", "ClockSkewStopRetry": "Stopped retrying OAuth token request exception after {0} seconds.", "CodeCoverageDataIsNull": "No coverage data found. Check the build errors/warnings for more details.", "CodeCoveragePublishIsValidOnlyForBuild": "Publishing code coverage works only for 'build'.", "CollectionName": "Collection Name", "CommandDuplicateDetected": "Command {0} already installed for area {1}", "CommandKeywordDetected": "'{0}' contains logging command keyword '##vso', but it's not a legal command. Please see the list of accepted commands: https://go.microsoft.com/fwlink/?LinkId=817296", "CommandLineHelp": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "Commands:", " .{0}config.{1} Configures the agent", " .{0}config.{1} remove Unconfigures the agent", " .{0}run.{1} Runs the agent interactively", " .{0}run.{1} --once Runs the agent, accepting at most one job before shutting down", "", "Options:", " --version Prints the agent version", " --commit Prints the agent commit", " --help Prints the help for each command" ], "CommandLineHelp_Common": [ "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Common options:", " --url URL of the server. For example: https://myaccount.visualstudio.com or", " http://onprem:8080/tfs", " --auth Authentication type. Valid values are:", " pat (Personal access token)", " negotiate (Kerberos or NTLM)", " alt (Basic authentication)", " integrated (Windows default credentials)", " sp (Service Principal)", " --token Used with --auth pat. Personal access token.", " --userName Used with --auth negotiate or --auth alt. Specify the Windows user", " name in the format: domain\\userName or userName@domain.com", " --password Used with --auth negotiate or --auth alt.", " --unattended Unattended configuration. You will not be prompted. All answers must", " be supplied to the command line.", " --version Prints the agent version", " --commit Prints the agent commit", " --help Prints the help" ], "CommandLineHelp_Configure": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", ".{0}config.{1} [options]", "", "For unconfigure help, see: .{0}config.{1} remove --help", "", "{2}", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Configure options:", " --pool Pool name for the agent to join", " --agent Agent name", " --replace Replace the agent in a pool. If another agent is listening by that", " name, it will start failing with a conflict.", " --work Work directory where job data is stored. Defaults to _work under the", " root of the agent directory. The work directory is owned by a given", " agent and should not share between multiple agents.", " --acceptTeeEula macOS and Linux only. Accept the TEE end user license agreement.", " --gitUseSChannel Windows only. Tell Git to use Windows' native cert store.", " --alwaysExtractTask Perform an unzip for tasks for each pipeline step.", " --disableLogUploads Don't stream or send console log output to the server. Instead, you may retrieve them from the agent host's filesystem after the job completes. NOTE: Cannot be used with --reStreamLogsToFiles, it will cause an error.", " --reStreamLogsToFiles Stream or send console log output to the server as well as a log file on the agent host's filesystem. NOTE: Cannot be used with --disableLogUploads, it will cause an error.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Startup options (Windows only):", " --runAsService Configure the agent to run as a Windows service. Requires", " administrator permission.", " --preventServiceStart Configure Windows service to not run immediately after configuration.", " --runAsAutoLogon Configure auto logon and run the agent on startup. Requires", " administrator permission.", " --windowsLogonAccount Used with --runAsService or --runAsAutoLogon. Specify the Windows user", " name in the format: domain\\userName or userName@domain.com", " --windowsLogonPassword Used with --runAsService or --runAsAutoLogon. Windows logon password.", " --overwriteAutoLogon Used with --runAsAutoLogon. Overwrite any existing auto logon on the", " machine.", " --noRestart Used with --runAsAutoLogon. Do not restart after configuration", " completes.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Deployment group options:", " --deploymentGroup Configure the agent as a deployment group agent.", " --projectName Used with --deploymentGroup. Team project name.", " --addDeploymentGroupTags Used with --deploymentGroup. Specify to add deployment group tags.", " --deploymentGroupName Used with --deploymentGroup. Deployment group for the agent to join.", " --deploymentGroupTags Used with --addDeploymentGroupTags. A comma separated list of tags for", " the deployment group agent. For example \"web, db\".", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "Unattended configuration examples:", "", "VSTS authentication", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --acceptTeeEula", "", "On-premises TFS with integrated authentication (Windows only)", ".\\config.cmd --unattended --url http://mylocaltfsserver:8080/tfs --auth integrated --pool default --agent myAgent", "", "On-premises TFS with negotiate authentication", ".{0}config.{1} --unattended --url http://mylocaltfsserver:8080/tfs --auth negotiate --userName myDomain\\myUserName --password myPassword --pool default --agent myAgent --acceptTeeEula", "", "Replace existing agent with the same agent name", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --replace --acceptTeeEula", "", "Specify the agent work directory (Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work D:\\agent_work", "", "Specify the agent work directory (macOS and Linux)", "./config.sh --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work usr/local/agent_work", "", "Run as a Windows service that logs on as NetworkService (Windows only)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService", "", "Run as a Windows service that logs on as a domain account (Windows only)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "Run as a Windows service that logs on as a domain account (Windows only) and doesn't start service immediately", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --preventServiceStart --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword ", "", "Run as an auto logon agent (Windows only)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "Run as an auto logon agent and do not restart after configuration (Windows only)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword --noRestart", "", "Deployment group agent run as Windows service that logs on as Local System (Windows only)", ".\\config.cmd --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\"", "", "Deployment group agent with tags", ".{0}config.{1} --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\" --acceptTeeEula" ], "CommandLineHelp_Env": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "Environment variables:", "Any command line argument can be specified as an environment variable. Use the format", "VSTS_AGENT_INPUT_. For example: VSTS_AGENT_INPUT_PASSWORD" ], "CommandLineHelp_Remove": [ ".{0}config.{1} remove [options]", "", "{2}", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "Unattended remove examples:", "", "VSTS", ".{0}config.{1} remove --unattended --auth pat --token myToken", "", "On-premises TFS with integrated authentication (Windows only)", ".{0}config.{1} remove --unattended --auth integrated", "", "On-premises TFS with integrated authentication", ".{0}config.{1} remove --unattended --auth negotiate --username myDomain\\myUserName --password myPassword" ], "CommandNotAllowed": "##vso[{0}.{1}] is not allowed in this step due to policy restrictions. Please reference documentation (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound": "Cannot find command extension for ##vso[{0}.command]. Please reference documentation (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound2": "##vso[{0}.{1}] is not a recognized command for {2} command extension. Please reference documentation (http://go.microsoft.com/fwlink/?LinkId=817296).", "CommandNotSupported": "{0} commands are not supported for {1} flow. Please reference documentation (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandProcessFailed": "Unable to process command '{0}' successfully. Please reference documentation (http://go.microsoft.com/fwlink/?LinkId=817296)", "ConnectingToServer": "Connecting to server ...", "ConnectSectionHeader": "Connect", "ConnectToServer": "Connecting to the server.", "ContainerWindowsVersionRequirement": "Container feature requires Windows Server 1803 or higher. Please reference documentation (https://go.microsoft.com/fwlink/?linkid=875268)", "CopyFileComplete": "Successfully published artifacts to {0}", "CopyFileToDestination": "Copy file '{0}' to '{1}'", "CorruptedArtifactItemsList": "The following items did not pass the integrity check:", "CouldNotRemoveService": "Could not delete service '{0}'", "CreateUserWithSameUIDInsideContainer": "Try to create a user with UID '{0}' inside the container.", "CurrentUTC": "Current UTC: {0}", "CustomLogDoesNotExist": "Log file path is not provided or file doesn't exist: '{0}'", "CustomMarkDownSummaryDoesNotExist": "Markdown summary file path is not provided or file doesn't exist: '{0}'", "DeleteGCTrackingFile": "Delete gc tracking file after delete '{0}'", "DeleteUnusedBuildDir": "Delete unused build directories", "DeleteUnusedReleaseDir": "Delete unused release directories", "Deleting": "Deleting: {0}", "DeletingCredentials": "Removing .credentials", "DeletingSettings": "Removing .agent", "DeploymentGroupName": "Deployment Group name", "DeploymentGroupNotFound": "Deployment Group not found: '{0}'", "DeploymentGroupTags": "Comma separated list of tags (e.g web, db)", "DeploymentGroupTagsAddedMsg": "Tags added successfully", "DeploymentMachineWithSameNameAlreadyExistInDeploymentGroup": "DeploymentGroup {0} already contains a machine with name {1}.", "DeploymentPoolName": "Deployment Pool name", "DeploymentPoolNotFound": "Deployment pool not found: '{0}'", "DeprecatedNode6": "This task uses Node 6 execution handler, which will be removed March 31st 2022. If you are the developer of the task - please consider the migration guideline to Node 10 handler - https://aka.ms/migrateTaskNode10 (check this page also if you would like to disable Node 6 deprecation warnings). If you are the user - feel free to reach out to the owners of this task to proceed on migration.", "DeprecatedNodeRunner": "Task '{0}' version {1} ({2}@{1}) is dependent on a Node version ({3}) that is end-of-life. Contact the extension owner for an updated version of the task. Task maintainers should review Node upgrade guidance: https://aka.ms/node-runner-guidance", "DeprecatedRunner": "Task '{0}' is dependent on a task runner that is end-of-life and will be removed in the future. Authors should review Node upgrade guidance: https://aka.ms/node-runner-guidance.", "DeprecationMessage": "Task '{0}' version {1} ({2}@{1}) is deprecated.", "DeprecationMessageHelpUrl": "Please see {0} for more information about this task.", "DeprecationMessageRemovalDate": "This task will be removed. From {0}, onwards it may no longer be available.", "DirectoryHierarchyUnauthorized": "Permission to read the directory contents is required for '{0}' and each directory up the hierarchy. {1}", "DirectoryIsEmptyForArtifact": "Directory '{0}' is empty. Nothing will be added to build artifact '{1}'.", "DirectoryNotFound": "Directory not found: '{0}'", "DirExpireLimit": "Directory expiration limit: {0} days.", "DiscoverBuildDir": "Discover stale build directories that haven't been used for more than {0} days.", "DiscoverReleaseDir": "Discover stale release directories that haven't been used for more than {0} days.", "DockerCommandFinalExitCode": "Final exit code for {0}: {1}", "DownloadAgent": "Downloading {0} agent", "DownloadArtifactFinished": "Downloading artifact finished.", "DownloadArtifacts": "Download Artifacts", "DownloadArtifactsFailed": "Downloading artifacts failed: {0}", "DownloadArtifactTo": "Download artifact to: {0}", "DownloadArtifactWarning": "Please use Download Build Artifact task for downloading {0} type artifact. https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/download-build-artifacts?view=azure-devops", "DownloadingFromBuild": "Download from the specified build: #{0}", "DownloadingJenkinsCommitsBetween": "Downloading commits between job {0} to {1}", "DownloadingJenkinsCommitsFailedWithException": "Downloading commits for jenkins artifact {0} failed. Exception: {1}", "DownloadingMultiplePipelineArtifacts": "Downloading {0} pipeline artifacts...", "DownloadingTask0": "Downloading task: {0} ({1})", "EnableServiceSidTypeUnrestricted": "enable SERVICE_SID_TYPE_UNRESTRICTED for agent service (Y/N)", "EnsureJobFinished": "Waiting for current job finish running.", "EnsureTasksExist": "Download all required tasks.", "EnterValidValueFor0": "Enter a valid value for {0}.", "EnvironmentName": "Environment Name", "EnvironmentNotFound": "Environment not found: '{0}'", "EnvironmentVariableExceedsMaximumLength": "Environment variable '{0}' exceeds the maximum supported length. Environment variable length: {1} , Maximum supported length: {2}", "EnvironmentVMResourceTags": "Comma separated list of tags (e.g web, db)", "ErrorDuringBuildGC": "Unable to discover garbage based on '{0}'. Try it next time.", "ErrorDuringBuildGCDelete": "Unable to finish GC based on '{0}'. Try it next time.", "ErrorDuringReleaseGC": "Unable to discover garbage based on '{0}'. Try it next time.", "ErrorDuringReleaseGCDelete": "Unable to finish GC based on '{0}'. Try it next time.", "ErrorOccurred": "An error occurred: {0}", "ErrorOccurredWhilePublishingCCFiles": "Error occurred while publishing code coverage files. Error: {0}", "EulasSectionHeader": "End User License Agreements", "EvaluateReleaseTrackingFile": "Evaluate ReleaseDirectory tracking file: {0}", "EvaluateTrackingFile": "Evaluate BuildDirectory tracking file: {0}", "Exiting": "Exiting...", "ExpectedMappingCloak": "Expected mapping[{0}] cloak: '{1}'. Actual: '{2}'", "ExpectedMappingLocalPath": "Expected mapping[{0}] local path: '{1}'. Actual: '{2}'", "ExpectedMappingRecursive": "Expected mapping[{0}] recursive: '{1}'. Actual: '{2}'", "ExpectedMappingServerPath": "Expected mapping[{0}] server path: '{1}'. Actual: '{2}'", "Failed": "Failed: ", "FailedDeletingTempDirectory0Message1": "Failed to delete temporary directory '{0}'. {1}", "FailedTestsInResults": "There are one or more test failures detected in result files. Detailed summary of published test results can be viewed in the Tests tab.", "FailedToAddTags": "Failed to apply tags to agent. Try again or ctrl-c to quit. Alternatively you may go to deployment group web page to add tags", "FailedToConnect": "Failed to connect. Try again or ctrl-c to quit", "FailedToDeleteTempScript": "Failed to delete temporary inline script file '{0}'. {1}", "FailedToFindDeploymentGroup": "Failed to find deployment group. Try again or ctrl-c to quit", "FailedToFindEnvironment": "Failed to find environment. Try again or ctrl-c to quit", "FailedToFindPool": "Failed to find pool name. Try again or ctrl-c to quit", "FailedToLockServiceDB": "Failed to Lock Service Database for Write", "FailedToOpenSCM": "Failed to Open Service Control Manager", "FailedToOpenSCManager": "Failed to Open Service Control Manager", "FailedToPublishTestResults": "Failed to publish test results: {0}", "FailedToReadFile": "Failed to read {0}. Error : {1}.", "FailedToReplaceAgent": "Failed to replace the agent. Try again or ctrl-c to quit", "FailToRemoveGitConfig": "Unable to remove \"{0}\" from the git config. To remove the credential, execute \"git config --unset-all {0}\" from the repository root \"{1}\".", "FailToReplaceTokenPlaceholderInGitConfig": "Unable to replace placeholder for \"{0}\" in the git config file.", "FileAssociateProgress": "Total files: {0} ---- Associated files: {1} ({2}%)", "FileContainerUploadFailed": "Unable to copy file to server StatusCode={0}: {1}. Source file path: {2}. Target server path: {3}", "FileContainerUploadFailedBlob": "Unable to upload file to blob. Source file path: {0}. Target server path: {1}", "FileDoesNotExist": "File '{0}' does not exist or is not accessible.", "FileNotFound": "File not found: '{0}'", "FilePathNotFound": "Cannot find the file path for '{0}'.", "FileShareOperatingSystemNotSupported": "Publishing artifacts from a Linux or macOS agent to a file share is not supported. Change the artifact type to `Azure Pipelines` or use a Windows agent.", "FileUploadCancelled": "File upload has been cancelled during upload file: '{0}'.", "FileUploadDetailTrace": "Detail upload trace for file that fail to upload: {0}", "FileUploadFailed": "Fail to upload '{0}' due to '{1}'.", "FileUploadFailedAfterRetry": "File upload failed even after retry.", "FileUploadFailedRetryLater": "{0} files failed to upload, retry these files after a minute.", "FileUploadFileOpenFailed": "File error '{0}' when uploading file '{1}'.", "FileUploadFinish": "File: '{0}' took {1} milliseconds to finish upload", "FileUploadProgress": "Total file: {0} ---- Processed file: {1} ({2}%)", "FileUploadProgressDetail": "Uploading '{0}' ({1}%)", "FileUploadRetry": "Start retry {0} failed files upload.", "FileUploadRetryInSecond": "Retry file upload after {0} seconds.", "FileUploadRetrySucceed": "File upload succeed after retry.", "FileUploadSucceed": "File upload succeed.", "FinalizeJob": "Finalize Job", "FinishMaintenance": "Maintenance finished: {0}", "FoundErrorInTrace": [ "{0} reported in diagnostic logs. Please examine the log for more details.", " - {1}" ], "GCBuildDir": "Delete orphan and stale build directory.", "GCBuildDirNotEnabled": "Delete orphan and stale build directory option is not enabled.", "GCDirIsEmpty": "No build directory need to be GC. '{0}' doesn't have any tracking file.", "GCDirNotExist": "No build directory need to be GC. '{0}' doesn't exist.", "GCOldFormatTrackingFile": "Mark tracking file '{0}' for GC, since it never been used.", "GCReleaseDir": "Delete orphan and stale release directory.", "GCReleaseDirIsEmpty": "No release directory need to be GC. '{0}' doesn't have any tracking file.", "GCReleaseDirNotEnabled": "Delete orphan and stale release directory option is not enabled.", "GCReleaseDirNotExist": "No release directory need to be GC. '{0}' doesn't exist.", "GCUnusedTrackingFile": "Mark tracking file '{0}' for GC, since it hasn't been used for {1} days.", "GenerateAndRunUpdateScript": "Generate and execute update script.", "GrantContainerUserSUDOPrivilege": "Grant user '{0}' SUDO privilege and allow it run any command without authentication.", "GrantingFilePermissions": "Granting file permissions to '{0}'.", "GroupDoesNotExists": "Group: {0} does not Exist", "ImageVersionLog": "Current image version: '{0}'", "InitializeContainer": "Initialize containers", "InitializeJob": "Initialize job", "IntegrityCheckNotPassed": "Artifact items integrity check failed", "IntegrityCheckPassed": "Artifact items integrity check successfully finished", "InvalidAutoLogonCredential": "Invalid windows credentials entered for AutoLogon. Please make sure that the provided credentials are valid and have interactive logon rights on the machine. Try again or ctrl-c to quit", "InvalidCommandArg": "Command argument '{0}' contains one or more of the following invalid characters: \", \\r, \\n", "InvalidCommandResult": "Command doesn't have valid result value.", "InvalidCompletedDate": "Duration of each test run will be used for time calculation as, Maximum Completed Date {0} obtained from test results file is greater than Minimum Start Date {1}", "InvalidConfigFor0TerminatingUnattended": "Invalid configuration provided for {0}. Terminating unattended configuration.", "InvalidDateFormat": "Duration of each test run will be used for time calculation as, invalid date format obtained from results file: {0} (Start Date: {1}, Completed Date: {2}", "InvalidEndpointField": "Invalid endpoint field. Valid values are url, dataParameter and authParameter", "InvalidEndpointId": "Invalid endpoint id.", "InvalidEndpointUrl": "Invalid endpoint Url.", "InvalidFileFormat": "Invalid file format.", "InvalidGroupName": "Invalid Group Name - {0}", "InvalidMember": "A new member could not be added to a local group because the member has the wrong account type. If you are configuring on a domain controller, built-in machine accounts cannot be added to local groups. You must use a domain user account instead", "InvalidResultFiles": "Invalid results file. Make sure the result format of the file '{0}' matches '{1}' test results format.", "InvalidSIDForUser": "Invalid Security Identifier for the user {0}\\{1} while configuring/unconfiguring AutoLogon. Refer logs for more details.", "InvalidValueInXml": "Unable to retrieve value for '{0}' from the summary file '{1}'. Verify the summary file is well-formed and try again.", "InvalidWindowsCredential": "Invalid windows credentials entered. Try again or ctrl-c to quit", "JenkinsBuildDoesNotExistsForCommits": "Cannot find build index for jenkins builds {0} and {1}. Found indexes are {2} and {3}. Probably the build does not exist", "JenkinsCommitsInvalidEndJobId": "EndJobId {0} associated with the jenkins artifact {1} is invalid. Commits will not be downloaded.", "JenkinsDownloadingChangeFromCurrentBuild": "Cannot find endJobId, will be fetching the current build's changeset", "JenkinsNoCommitsToFetch": "Deploying same build. Nothing to fetch", "JenkinsRollbackDeployment": "Downloading commits for Rollback Deployment between job {0} to {1}", "JobCompleted": "{0:u}: Job {1} completed with result: {2}", "LaunchBrowser": "to launch browser for AAD Device Code Flow? (Y/N)", "ListenForJobs": "{0:u}: Listening for Jobs", "LocalClockSkewed": "The local machine's clock may be out of sync with the server time by more than five minutes. Please sync your clock with your domain or internet time and try again.", "LocalSystemAccountNotFound": "Cannot find local system account", "LogOutputMessage": "The agent has enabled uploading logs as well as saving log to file. After the job completes, you can retrieve this step's logs at {0} on the agent.", "Maintenance": "Maintenance", "MaxHierarchyLevelReached": "Hierarchy level is more than supported limit {0}, truncating lower hierarchy.", "MaxSubResultLimitReached": "Number of subresults in test case '{0}' is more than the supported limit of {1}, truncating remaining ones.", "MemberDoesNotExists": "Member: {0} does not Exist", "MinimumNetFramework": ".NET Framework x64 4.5 or higher is required.", "MinimumNetFramework46": ".NET Framework x64 4.6 or higher is required.", "MinimumNetFrameworkTfvc": [ ".NET Framework x64 4.6 or higher is not installed.", "", ".NET Framework x64 4.6 or higher is required to sync TFVC repositories. It is not required to sync Git repositories." ], "MinRequiredDockerClientVersion": "Min required docker engine API client version is '{0}', your docker ('{1}') client version is '{2}'", "MinRequiredDockerServerVersion": "Min required docker engine API server version is '{0}', your docker ('{1}') server version is '{2}'", "MinRequiredGitLfsVersion": "Min required git-lfs version is '{0}', your git-lfs ('{1}') version is '{2}'", "MinRequiredGitVersion": "Min required git version is '{0}', your git ('{1}') version is '{2}'", "MinSecretsLengtLimitWarning": "The value of the minimum length of the secrets is too high. Maximum value is set: {0}", "MissingAgent": "The agent no longer exists on the server. Please reconfigure the agent.", "MissingAttachmentFile": "Cannot upload task attachment file, attachment file location is not specified or attachment file does not exist on disk.", "MissingAttachmentName": "Can't add task attachment, attachment name is not provided.", "MissingAttachmentType": "Can't add task attachment, attachment type is not provided.", "MissingConfig": "Cannot connect to server, because config files are missing. Skipping removing agent from the server.", "MissingEndpointField": "Required field 'field' is missing in ##vso[task.setendpoint] command.", "MissingEndpointId": "Required field 'id' is missing in ##vso[task.setendpoint] command.", "MissingEndpointKey": "Required field 'key' is missing in ##vso[task.setendpoint] command.", "MissingNodePath": "This step requires a node version that does not exist in the agent filesystem. Path: {0}", "MissingRepositoryAlias": "Can't update repository, repository alias is not provided.", "MissingRepositoryPath": "Can't update repository, repository path is not provided.", "MissingTaskVariableName": "Required field 'variable' is missing in ##vso[task.settaskvariable] command.", "MissingTimelineRecordId": "Can't update timeline record, timeline record id is not provided.", "MissingVariableName": "Required field 'variable' is missing in ##vso[task.setvariable] command.", "ModifyingCoberturaIndexFile": "Modifying Cobertura Index file", "MultilineSecret": "Secrets cannot contain multiple lines", "N": "N", "NameRequiredForTimelineRecord": "Name is required for this new timeline record.", "NeedAdminForAutologonCapability": "Needs Administrator privileges for configuring agent with autologon.", "NeedAdminForAutologonRemoval": "Needs Administrator privileges to unconfigure an agent running with autologon capability.", "NeedAdminForConfigAgentWinService": "Needs Administrator privileges for configuring agent as windows service.", "NeedAdminForUnconfigWinServiceAgent": "Needs Administrator privileges for unconfiguring agent that running as windows service.", "NetworkServiceNotFound": "Cannot find network service account", "NoArtifactsFound": "No artifacts are available in the version '{0}'.", "NodeEOLFallbackBlocked": "Would fallback to {0} (EOL) but EOL policy is enabled", "NodeEOLPolicyBlocked": "Task requires {0} which has reached End-of-Life. This is blocked by organization policy. Please upgrade task to Node20 or Node24. To temporarily disable this check: Set AGENT_RESTRICT_EOL_NODE_VERSIONS=false", "NodeEOLRetirementWarning": "Task {0} relies on an unsupported version of Node.js. Unsupported Node versions (6, 10, and 16) are being retired, and any pipelines using tasks dependent on these versions will begin to fail. Learn More https://aka.ms/node-runner-guidance", "NodeEOLUpgradeWarning": "Task {0} relies on an unsupported version of Node.js. To avoid use of unsupported Node.js the task is being run on the latest available version of Node.js. The task may fail or work unexpectedly. Learn More https://aka.ms/node-runner-guidance", "NodeGlibcFallbackWarning": "The {0} operating system doesn't support {1}. Using {2} instead. Please upgrade the operating system to remain compatible with future updates.", "NodeVersionNotAvailable": "No compatible Node.js version available for host execution. Handler type: {0}. This may occur if all available versions are blocked by EOL policy. Please update your pipeline to use Node20 or Node24 tasks. To temporarily disable EOL policy: Set AGENT_RESTRICT_EOL_NODE_VERSIONS=false", "NoFolderToClean": "Specified cleaning folder was not found. Nothing to clean", "NoRestart": "Restart the machine at a later time? (Y/N)", "NoRestartSuggestion": "AutoLogon was enabled during agent configuration. It is recommended that the machine be restarted for AutoLogon settings to take effect.", "NoResultFound": "No Result Found to Publish '{0}'.", "OnPremIsNotSupported": "Pipeline Artifact Task is not supported in on-premises. Please use Build Artifact Task instead.", "OperatingSystemShutdown": "Operating system is shutting down for computer '{0}'", "OperationFailed": "Error: Operation {0} failed with return code {1}", "OutputVariablePublishFailed": "Failed to publish output variables.", "OverwriteAutoLogon": "Want to overwrite the existing autologon settings as autologon is already enabled for the user '{0}'? (Y/N)", "ParentProcessFinderError": "Error occurred while checking if agent is running in PowerShell Core.", "ParentTimelineNotCreated": "Parent timeline record has not been created for this new timeline record.", "Password": "password", "PathDoesNotExist": "Path does not exist: {0}", "PersonalAccessToken": "personal access token", "PipelineDoesNotExist": "The following pipeline does not exist: {0}. Please verify the name of the pipeline.", "PoolNotFound": "Agent pool not found: '{0}'", "PostJob": "Post-job: {0}", "PowerOptionsConfigError": "Error occurred while configuring power options. Please refer logs for more details.", "PowerShellNotInstalledMinVersion0": "PowerShell is not installed. Minimum required version: {0}", "PreJob": "Pre-job: {0}", "PrepareBuildDir": "Prepare build directory.", "PrepareReleasesDir": "Prepare release directory.", "PrepareTaskExecutionHandler": "Preparing task execution handler.", "Prepending0WithDirectoryContaining1": "Prepending {0} environment variable with directory containing '{1}'.", "PrerequisitesSectionHeader": "Prerequisites", "PreventServiceStartDescription": "whether to prevent service starting immediately after configuration is finished? (Y/N)", "ProcessCompletedWithCode0Errors1": "Process completed with exit code {0} and had {1} error(s) written to the error stream.", "ProcessCompletedWithExitCode0": "Process completed with exit code {0}.", "ProcessExitCode": "Exit code {0} returned from process: file name '{1}', arguments '{2}'.", "ProcessHandlerInvalidScriptArgs": "Detected characters in arguments that may not be executed correctly by the shell. More information is available here: https://aka.ms/ado/75787", "ProfileLoadFailure": "Unable to load the user profile for the user {0}\\{1} AutoLogon configuration is not possible.", "ProjectName": "Project name", "Prompt0": "Enter {0}", "Prompt0Default1": "Enter {0} (press enter for {1})", "PSModulePathLocations": "Environment variable PSModulePath contains module locations specific to PowerShell Core. Please take note that if you are going to use Windows PowerShell tasks in your pipeline you may experience errors. To resolve this issue do not start the Agent under PowerShell Core (pwsh).", "PSScriptError": "PowerShell script completed with {0} errors.", "PublishCodeCoverage": "Publish code coverage", "PublishedCodeCoverageArtifact": "Published '{0}' as artifact '{1}'", "PublishingArtifactUsingRobocopy": "Uploading artifacts using robocopy.", "PublishingCodeCoverage": "Publishing coverage summary data to TFS server.", "PublishingCodeCoverageFiles": "Publishing code coverage files to TFS server.", "PublishingTestResults": "Publishing test results to test run '{0}'", "PublishTestResults": "Publish test results", "QueryingWorkspaceInfo": "Querying workspace information.", "QueueConError": "{0:u}: Agent connect error: {1}. Retrying until reconnected.", "QueueConnected": "{0:u}: Agent reconnected.", "QuietCheckoutModeRequested": "Quiet checkout mode: less will be printed to the console.", "ReadingCodeCoverageSummary": "Reading code coverage summary from '{0}'", "ReadOnlyTaskVariable": "Overwriting readonly task variable '{0}' is not permitted. See https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md for details.", "ReadOnlyTaskVariableWarning": "Overwriting readonly task variable '{0}'. This behavior will be disabled in the future. See https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md for details.", "ReadOnlyVariable": "Overwriting readonly variable '{0}' is not permitted. See https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md for details.", "ReadOnlyVariableWarning": "Overwriting readonly variable '{0}'. This behavior will be disabled in the future. See https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md for details.", "RegisterAgentSectionHeader": "Register Agent", "ReleaseDirLastUseTime": "The last time release directory '{0}' has been used is: {1}", "RenameIndexFileCoberturaFailed": "Renaming '{0}' to '{1}' failed while publishing code coverage files for '{2}'. Inner Exception: '{3}'", "Replace": "replace? (Y/N)", "RepositoryNotExist": "Can't update repository, the repository does not exist.", "ResourceMonitorAgentEnvironmentResource": "Agent environment resources - {0}, {1}, {2}", "ResourceMonitorCPUInfo": "CPU: Usage {0}%", "ResourceMonitorCPUInfoError": "Unable to get CPU info, exception: {0}", "ResourceMonitorDiskInfo": "Disk: {0} Available {1} MB out of {2} MB", "ResourceMonitorDiskInfoError": "Unable to get disk info, exception: {0}", "ResourceMonitorFreeDiskSpaceIsLowerThanThreshold": "Free disk space on {0} is lower than {1}%; Currently used: {2}%", "ResourceMonitorMemoryInfo": "Memory: Used {0} MB out of {1} MB", "ResourceMonitorMemoryInfoError": "Unable to get memory info, exception: {0}", "ResourceMonitorMemorySpaceIsLowerThanThreshold": "Free memory is lower than {0}%; Currently used: {1}%", "ResourceUtilizationDebugOutputIsDisabled": "Resource Utilization output for debug runs is disabled, switch \"AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT\" variable to \"true\" if you want to enable it", "ResourceUtilizationWarningsIsDisabled": "Resource Utilization warnings is disabled, switch \"DISABLE_RESOURCE_UTILIZATION_WARNINGS\" variable to \"false\" if you want to enable it", "RestartIn15SecMessage": "Restarting the machine in 15 seconds...", "RestartMessage": "Restart the machine to launch agent and for autologon settings to take effect.", "ReStreamLogsToFilesError": "You cannot use --disableloguploads and --reStreamLogsToFiles at the same time!", "RetryCountLimitExceeded": "The maximum allowed number of attempts is {0} but got {1}. Retry attempts count will be decreased to {0}.", "RetryingReplaceAgent": "Retrying to replace agent (attempt {0} of {1}). Waiting {2} seconds before next attempt...", "RMApiFailure": "Api {0} failed with an error code {1}", "RMArtifactContainerDetailsInvalidError": "The artifact does not have valid container details: {0}", "RMArtifactContainerDetailsNotFoundError": "The artifact does not contain container details: {0}", "RMArtifactDetailsIncomplete": "Cannot find the required information to download the artifact", "RMArtifactDirectoryNotFoundError": "The artifact directory does not exist: {0}. It can happen if the password of the account {1} is changed recently and is not updated for the agent. If this is the case, please consider re-configuring the agent.", "RMArtifactDownloadBegin": "Downloading linked artifact {0} of type {1}...", "RMArtifactDownloadFinished": "Downloaded linked artifact {0}", "RMArtifactDownloadRequestCreationFailed": "Failed to create request to download artifact from URL: {0}", "RMArtifactEmpty": "Artifact does not contain any files to download.", "RMArtifactMatchNotFound": "The build artifact '{0}' does not match any naming patterns, skipping download", "RMArtifactNameDirectoryNotFound": "Directory '{0}' does not exist. Falling back to parent directory: {1}", "RMArtifactsDownloadFinished": "Finished artifacts download", "RMArtifactTypeFileShare": "Artifact Type: FileShare", "RMArtifactTypeNotSupported": "Release management does not support download of artifact type {0} in the current version", "RMArtifactTypeServerDrop": "Artifact Type: ServerDrop", "RMArtifactVersionNotBelongToArtifactSource": "The artifact version with ID {0} does not belong to the linked artifact source with ID {1}.", "RMBuildNotFromLinkedDefinition": "The build {0} does not belong to the linked build definition {1}", "RMCachingAllItems": "Caching all items in the file container...", "RMCachingComplete": "Caching complete. ({0} ms)", "RMCachingContainerItems": "Caching items under '{0}' in the file container...", "RMContainerItemNotSupported": "Container Item type '{0}' not supported.", "RMContainerItemPathDoesnotExist": "File container item path doesn't start with {0}: {1}", "RMContainerItemRequestTimedOut": "Request timed out after {0} seconds; sleeping for {1} seconds and attempting again. Request: {2} {3}", "RMCreatedArtifactsDirectory": "Created artifacts directory: {0}", "RMCreatingArtifactsDirectory": "Creating artifacts directory: {0}", "RMCustomEndpointNotFound": "Cannot find required information in the job to download the Custom artifact: {0}", "RMDownloadArtifactUnexpectedError": "Unexpected error occurred while downloading artifacts", "RMDownloadBufferSize": "Download buffer size: {0}", "RMDownloadComplete": "Download complete.", "RMDownloadingArtifact": "Downloading artifact", "RMDownloadingArtifactFromFileContainer": "Downloading artifact from file container: {0} to target: {1}", "RMDownloadingArtifactFromFileShare": "Downloading artifact from file share: {0} to target: {1}", "RMDownloadingArtifactUsingRobocopy": "Downloading artifact using robocopy.", "RMDownloadingCommits": "Downloading commits", "RMDownloadingJenkinsArtifacts": "Downloading the artifacts from Jenkins server", "RMDownloadProgress": "{0} placed file(s): {1} downloaded, {2} empty", "RMDownloadProgressDetails": "{0} MB downloaded at {1} KB/sec. Download time: {2}.", "RMDownloadStartDownloadOfFile": "Downloading file {0}", "RMDownloadTaskCompletedStatus": "No download tasks have completed in {0} minutes. Remaining task statuses:", "RMDownloadTaskStates": " {0}: \t{1} task(s).", "RMEnsureArtifactFolderExistsAndIsClean": "Ensuring artifact folder {0} exists and is clean.", "RMEnvironmentVariablesAvailable": "Environment variables available are below. Note that these environment variables can be referred to in the task (in the ReleaseDefinition) by replacing \"_\" with \".\" e.g. AGENT_NAME environment variable can be referenced using Agent.Name in the ReleaseDefinition: {0}", "RMErrorDownloadingContainerItem": "Error downloading {0}: {1}", "RMErrorDuringArtifactDownload": "An error occurred during download: {0}", "RMFailedCreatingArtifactDirectory": "Failed to create Release artifact directory '{0}'.", "RMFileShareArtifactErrorOnNonWindowsAgent": "Cannot download artifacts from a file share using OSX or Linux agent. You can download artifact from server or use a Windows agent.", "RMGitEndpointNotFound": "Cannot find required information in the job to download the Team Foundation Git artifact.", "RMGitHubEndpointNotFound": "Cannot find required information in the job to download the GitHub artifact: {0}", "RMGotJenkinsArtifactDetails": "Received Jenkins Artifact Details", "RMJenkinsBuildId": "BuildId: {0}", "RMJenkinsEndpointNotFound": "Cannot find required information in the job to download the Jenkins artifact: {0}", "RMJenkinsInvalidBuild": "Jenkins build {0} is invalid.", "RMJenkinsJobName": "Job Name: {0}", "RMJenkinsNoArtifactsFound": "No artifacts are available in the Jenkins build {0}.", "RMLowAvailableDiskSpace": "Low disk space on {0} drive, less than 100 MB is available.", "RMNoBuildArtifactsFound": "No artifacts are available in the build {0}.", "RMParallelDownloadLimit": "Parallel download limit: {0}", "RMPrepareToGetFromJenkinsServer": "Preparing to get artifacts info from Jenkins server", "RMPreparingToDownload": "Preparing to download artifact: {0}", "RMPreparingToGetBuildArtifactList": "Preparing to get the list of available artifacts from build", "RMReAttemptingDownloadOfContainerItem": "Re-attempting download of {0}. Error: {1}", "RMReceivedGithubArtifactDetails": "Received GitHub artifact Details", "RMReleaseNameRequired": "Release name is required.", "RMRemainingDownloads": "{0} downloads remaining.", "RMRetryingArtifactDownload": "Retrying download...", "RMRetryingCreatingArtifactsDirectory": "Failed to create Release artifact directory {0} with an exception {1}. Retrying the creation of Release artifact directory.", "RMRobocopyBasedArtifactDownloadExitCode": "Robocopy exit code: {0}", "RMRobocopyBasedArtifactDownloadFailed": "Robocopy based download failed with exit code: {0}", "RMStartArtifactsDownload": "Starting artifacts download...", "RMStreamTypeNotSupported": "Release management does not support download of stream type {0} in the current version", "RMTfsVCEndpointNotFound": "Cannot find required information in the job to download the Team Foundation Version Control artifact.", "RMUpdateReleaseName": "Update Release Name.", "RMUpdateReleaseNameForRelease": "Update release name to {0} for release {1}.", "RMUpdateReleaseNameForReleaseComment": "Updating release name to {0} using task logging command", "RMUserChoseToSkipArtifactDownload": "Skipping artifact download based on the setting specified.", "RobocopyBasedPublishArtifactTaskExitCode": "Robocopy exit code: {0}", "RobocopyBasedPublishArtifactTaskFailed": "Robocopy based publish failed with exit code: {0}", "Rosetta2Warning": "X64 emulation is known to cause hangs in the Agent process. Please use the native (ARM) Agent.", "RSAKeyFileNotFound": "RSA key file {0} was not found", "RunAgentAsServiceDescription": "run agent as service? (Y/N)", "RunAsAutoLogonDescription": "configure autologon and run agent on startup? (Y/N)", "RunIDNotValid": "Run Id is not valid: {0}", "RunningJob": "{0:u}: Running job: {1}", "SavedSettings": "{0:u}: Settings Saved.", "ScanToolCapabilities": "Scanning for tool capabilities.", "ScreenSaverPoliciesInspection": "Checking for policies that may prevent screensaver from being disabled.", "ScreenSaverPolicyWarning": "Screensaver policy is defined on the machine. This may lead to screensaver being enabled again. Active screensaver may impact UI operations, for e.g., automated UI tests may fail.", "SecretsAreNotAllowedInInjectedTaskInputs": "Task is trying to access the following inputs of a target task which contain secrets:\n{0}\nIt is not allowed to pass inputs that contain secrets to the tasks injected by decorators.", "SelfManageGitCreds": "You are in self manage git creds mode. Make sure your agent host machine can bypass any git authentication challenge.", "ServerTarpit": "The job is currently being throttled by the server. You may experience delays in console line output, job status reporting, and task log uploads.", "ServerTarpitUrl": "Link to resource utilization page (global 1-hour view): {0}.", "ServerTarpitUrlScoped": "Link to resource utilization page (1-hour view by pipeline): {0}.", "ServerUrl": "server URL", "ServiceAlreadyExists": "The service already exists: {0}, it will be replaced", "ServiceConfigured": "Service {0} successfully configured", "ServiceDelayedStartOptionSet": "Service {0} successfully set to delayed auto start", "ServiceInstalled": "Service {0} successfully installed", "ServiceLockErrorRetry": "Service DB lock failed with code {0}. Retrying after {1} seconds...", "ServiceRecoveryOptionSet": "Service {0} successfully set recovery option", "ServiceSidTypeSet": "Service {0} successfully set SID type", "ServiceStartedSuccessfully": "Service {0} started successfully", "SessionCreateFailed": "Failed to create session. {0}", "SessionExist": "A session for this agent already exists.", "SessionExistStopRetry": "Stop retry on SessionConflictException after retried for {0} seconds.", "SetBuildVars": "Set build variables.", "SetEnvVar": "Setting environment variable {0}", "SetVariableNotAllowed": "Setting variable '{0}' has been disabled by the task or build definition.", "ShallowCheckoutFail": "Git checkout failed on shallow repository, this might because of git fetch with depth '{0}' doesn't include the checkout commit '{1}'. Please reference documentation (http://go.microsoft.com/fwlink/?LinkId=829603)", "ShallowLfsFetchFail": "Git lfs fetch failed on shallow repository, this might because of git fetch with depth '{0}' doesn't include the lfs fetch commit '{1}'. Please reference documentation (http://go.microsoft.com/fwlink/?LinkId=829603)", "ShutdownMessage": "Restarting the machine in order to launch agent in interactive mode.", "Skipping": "Does not exist. Skipping ", "SkipTrackingFileWithoutRepoType": "Skip tracking file '{0}', repository type hasn't been updated yet.", "SourceArtifactProviderNotFound": "Cannot find source provider for artifact of type {0}", "StartingArtifactDownload": "Starting download {0}", "StartMaintenance": "Start maintenance: {0}", "StepCancelled": "The Operation will be canceled. The next steps may not contain expected logs.", "StepFinishing": "Finishing: {0}", "StepStarting": "Starting: {0}", "StepTimedOut": "The task has timed out.", "StopContainer": "Stop Containers", "Success": "Succeeded: ", "SupportedRepositoryEndpointNotFound": "Unable to match any source repository endpoints with any of the supported source providers.", "SupportedTaskHandlerNotFoundLinux": "The current operating system is not capable of running this task. That typically means the task was written for Windows only. For example, written for Windows Desktop PowerShell.", "SupportedTaskHandlerNotFoundWindows": "A supported task execution handler was not found. The task does not carry an implementation that is compatible with your current operating system '{0}'. Contact the task author for more details.", "SvnBranchCheckedOut": "Checked out branch {0} for repository {1} at revision {2}", "SvnEmptyServerPath": "The empty relative server path is mapped to '{0}'.", "SvnFileAlreadyExists": "The file {0} already exists", "SvnIncorrectRelativePath": "Incorrect relative path '{0}' specified.", "SvnMappingDuplicateLocal": "Ignoring duplicate mapping for local path={0}", "SvnMappingDuplicateServer": "Ignoring duplicate mapping for server path={0}", "SvnMappingIgnored": "The entire mapping set is ignored. Proceeding with the full branch mapping.", "SvnNotInstalled": "Can't find installed svn command line utility", "SvnSyncingRepo": "Syncing repository: {0} (Svn)", "TarExtraction": "Extracting tar archive: {0}", "TarExtractionError": "Failed to extract tar archive {0}: {1}", "TarExtractionNotSupportedInWindows": "Tar extraction is not supported on Windows", "TarSearchStart": "Starting to search for tar archives to extract", "TarsFound": "Found {0} tar archives to extract", "TarsNotFound": "No tar archives were found to extract", "TaskDownloadFailed": "Failed to download task '{0}'. Error {1}", "TaskDownloadTimeout": "Task '{0}' didn't finish download within {1} seconds.", "TaskSignatureVerificationFailed": "Task signature verification failed.", "TaskSignatureVerificationSucceeeded": "Task signature verification successful.", "TeeEula": [ "Building sources from a TFVC repository requires accepting the Team Explorer Everywhere End User License Agreement. This step is not required for building sources from Git repositories.", "", "A copy of the Team Explorer Everywhere license agreement can be found at:", " {0}" ], "Telemetry": "Telemetry", "TelemetryCommandDataError": "Unable to parse telemetry data {0}. Error: {1}", "TelemetryCommandFailed": "Failed to publish telemetry data. Error {0}", "TenantId": "Tenant ID", "TestAgentConnection": "Testing agent connection.", "TestAttachmentNotExists": "Skipping attachment as it is not available on disk: {0}", "TestResultsRemaining": "Test results remaining: {0}. Test run id: {1}", "Tfs2015NotSupported": "This agent is not supported on Windows against TFS 2015. The TFS 2015 Windows agent can be downloaded from the agent pools administration page.", "TotalThrottlingDelay": "The job has experienced {0} seconds total delay caused by server throttling.", "TotalUploadFiles": "Uploading {0} files", "TypeRequiredForTimelineRecord": "Type is required for this new timeline record.", "UnableResolveArtifactType": "Can't infer artifact type from artifact location: {0}.", "UnableToArchiveResults": "Unable to archive the test results: {0}", "UnableToParseBuildTrackingConfig0": "Unable to parse the legacy build tracking configuration. A new build directory will be created instead. The previous directory may be left in an unreclaimed state. Legacy configuration contents: {0}", "UnconfigAutologon": "Removing autologon settings", "UnconfigureOSXService": "Unconfigure service first according to https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-osx", "UnconfigureServiceDService": "Unconfigure service first according to https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-linux", "UnexpectedParallelCount": "Unsupported parallel count '%s'. Enter a number between 1 and 128.", "UninstallingService": "Removing service", "UnknownCodeCoverageTool": "Code coverage tool '{0}' is not supported.", "UnrecognizedCmdArgs": "Unrecognized command-line input arguments: '{0}'. For usage refer to: .\\config.cmd --help or ./config.sh --help", "UnregisteringAgent": "Removing agent from the server", "UnsupportedGitLfsVersion": "Your current Git LFS version is '{0}', which is unsupported by the agent. Please upgrade to at least version '{1}'. See https://github.com/git-lfs/git-lfs/issues/3571 for more details.", "UnsupportedOsVersionByNet10": "The operating system version this agent is running on ({0}) is not supported per Net10 requirements and will not be supported in an upcoming update to the Pipelines Agent. For supported operating system versions, see https://aka.ms/azdo-pipeline-agent-net10.", "UnsupportedOsVersionByNet8": "The operating system version this agent is running on ({0}) is not supported per Net8 requirements and will not be supported in an upcoming update to the Pipelines Agent. For supported operating system versions, see https://aka.ms/azdo-pipeline-agent-net8.", "UpdateBuildNumber": "Update Build Number", "UpdateBuildNumberForBuild": "Update build number to {0} for build {1}", "UpdateInProgress": "Agent update in progress, do not shutdown agent.", "UpgradeToLatestGit": "To get a better Git experience, upgrade your Git to at least version '{0}'. Your current Git version is '{1}'.", "UploadArtifact": "Upload Artifact", "UploadArtifactCommandNotSupported": "Uploading server artifact is not supported in {0}.", "UploadArtifactFinished": "Uploading pipeline artifact finished.", "UploadingPipelineArtifact": "Uploading pipeline artifact from {0} for build #{1}", "UploadToFileContainer": "Upload '{0}' to file container: '{1}'", "UserName": "user name", "UserNameLog": "Agent running as: '{0}'", "UserShutdownAgent": "The agent has received a shutdown signal. This can happen when the agent service is stopped, or a manually started agent is canceled.", "Variable0ContainsCyclicalReference": "Unable to expand variable '{0}'. A cyclical reference was detected.", "Variable0ExceedsMaxDepth1": "Unable to expand variable '{0}'. The max expansion depth ({1}) was exceeded.", "VMResourceWithSameNameAlreadyExistInEnvironment": "Environment with id '{0}' already contains a virtual machine resource with name '{1}'.", "VSTSHostNonZeroReturn": "LegacyVSTSPowerShellHost.exe completed with return code: {0}.", "WaitForServiceToStop": "Waiting for service to stop...", "WindowsLogonAccountNameDescription": "User account to use for the service", "WindowsLogonPasswordDescription": "Password for the account {0}", "WorkFolderDescription": "work folder", "WorkspaceMappingNotMatched": "Workspace mappings are not matched for workspace {0}", "Y": "Y", "ZipSlipFailure": "Entry is outside of the target dir: {0}" } ================================================ FILE: src/Misc/layoutbin/es-ES/strings.json ================================================ { "AcceptTeeEula": "(S/N) ¿Acepta el contrato de licencia de Team Explorer Everywhere ahora?", "AccessDenied": "Acceso denegado", "AccessDeniedSettingDelayedStartOption": "Acceso denegado mientras se establecían opciones de inicio automático retrasado para el servicio.", "AccessDeniedSettingRecoveryOption": "Acceso denegado al establecer las opciones de recuperación del servicio.", "AccessDeniedSettingSidType": "Acceso denegado al establecer el tipo de SID del servicio.", "AddAgentFailed": "No se pudo agregar el agente. Inténtelo de nuevo o use Ctrl-C para salir", "AddBuildTag": "Agregar etiqueta de compilación", "AddDeploymentGroupTagsFlagDescription": "¿etiquetas de grupo de implementación para el agente? (S/N)", "AddEnvironmentVMResourceTags": "¿Etiquetas de recursos de máquina virtual del entorno? (S/N)", "AgentAddedSuccessfully": "El agente se agregó correctamente", "AgentAlreadyInsideContainer": "No se admite la característica de contenedor cuando el agente ya se está ejecutando en un contenedor. Consulte la documentación (https://go.microsoft.com/fwlink/?linkid=875268).", "AgentCdnAccessFailWarning": "Acción necesaria: el agente de Azure Pipelines no puede acceder a la nueva URL de CDN. Permite \"download.agent.dev.azure.com\" ahora para evitar fallos en las canalizaciones. Más información: https://devblogs.microsoft.com/devops/cdn-domain-url-change-for-agents-in-pipelines/", "AgentDoesNotSupportContainerFeatureRhel6": "El agente no admite la característica de contenedor en Red Hat Enterprise Linux 6 o CentOS 6.", "AgentDowngrade": "Cambiando el agente a una versión anterior. Esto suele deberse a una reversión del agente publicado actualmente para corregir un error. Para deshabilitar este comportamiento, establezca la variable de entorno AZP_AGENT_DOWNGRADE_DISABLED=true antes de iniciar el agente.", "AgentExit": "El agente se cerrará en breve para la actualización, debería volver a estar en línea en 10 segundos.", "AgentIsNotConfigured": "El agente no está configurado.", "AgentMachineNameLog": "Nombre de la máquina del agente: '{0}'", "AgentMachinePoolNameLabel": "grupo de agentes", "AgentName": "nombre del agente", "AgentNameLog": "Nombre del agente: '{0}'", "AgentOutOfMemoryFailure": "El trabajo del agente se cerró con el código 137, lo que significa que se quedó sin memoria. Asegúrese de que el host del agente (contenedor) tenga suficiente memoria configurada.", "AgentReplaced": "El agente se reemplazó correctamente", "agentRootFolderCheckError": "No se pueden comprobar las reglas de acceso de la carpeta raíz del agente. Examine el registro para obtener más detalles.", "agentRootFolderInsecure": "Advertencia de seguridad: El grupo {0} tiene acceso para escribir o modificar la carpeta del agente. Examine el registro para obtener más detalles.", "AgentRunningBehindProxy": "El agente se está ejecutando detrás del servidor proxy: '{0}'", "AgentVersion": "Versión actual del agente: '{0}'", "AgentWithSameNameAlreadyExistInPool": "El grupo {0} ya contiene un agente con el nombre {1}.", "AllowContainerUserRunDocker": "Permitir al usuario '{0}' ejecutar cualquier comando de Docker sin SUDO.", "AlreadyConfiguredError": "No se puede configurar el agente porque ya está configurado. Para volver a configurar el agente, ejecute primero 'config.cmd remove' o './config.sh remove'.", "ApkAddShadowFailed": "El id. de usuario está fuera del rango del comando \"adduser\". No se puede usar el comando alternativo \"useradd\" porque el paquete \"shadow\" no está preinstalado y se ha producido un error al intentar instalarlo. Compruebe la disponibilidad de red o use una imagen de Docker con el paquete \"shadow\" preinstalado.", "ArgumentNeeded": "'{0}' debe especificarse.", "ArtifactCustomPropertiesNotJson": "Las propiedades personalizadas del artefacto no son JSON válidas: '{0}'", "ArtifactCustomPropertyInvalid": "Las propiedades personalizadas del artefacto deben tener el prefijo 'user-'. Propiedad no válida: '{0}'", "ArtifactDownloadFailed": "No se pudo descargar el artefacto desde {0}.", "ArtifactLocationRequired": "Se requiere la ubicación del artefacto.", "ArtifactNameIsNotValid": "El nombre del artefacto no es válido: {0}. No puede contener '\\', /', \"', ':', '<', '>', '|', '*' y '?'", "ArtifactNameRequired": "El nombre del artefacto es obligatorio.", "ArtifactTypeRequired": "Se requiere el tipo de artefacto.", "AssociateArtifact": "Asociar artefacto", "AssociateArtifactCommandNotSupported": "No se admite la asociación de artefactos de servidor en {0}.", "AssociateArtifactWithBuild": "Artefacto asociado {0} con la compilación {1}", "AssociateFiles": "Asociando archivos", "AttachFileNotExist": "No se puede adjuntar (tipo:{0} nombre:{1}): {2}. El archivo no existe.", "AttachmentExceededMaximum": "Omitiendo datos adjuntos porque superan el tamaño máximo permitido de 75 MB: {0}", "AttemptRemoveCredFromConfig": "Se intentó sin éxito usar la línea de comandos de Git para quitar \"{0}\" de la configuración de Git. Intentando modificar el archivo de configuración de Git directamente para quitar la credencial.", "AuthenticationType": "tipo de autenticación", "AutoLogonAccountGmsaHint": "Si está intentando usar una cuenta gMSA, coloque un signo de dólar ($) al final del nombre de la cuenta).", "AutoLogonAccountNameDescription": "Cuenta de usuario que se usará para el inicio de sesión automático", "AutoLogonOverwriteDeniedError": "No se puede configurar el inicio de sesión automático porque ya está configurado para otro usuario ({0}) en el equipo. Use '--overwriteautologon' si quiere sobrescribir.", "AutoLogonPolicies_LegalNotice": "Aviso legal", "AutoLogonPolicies_ShutdownReason": "Motivo del apagado", "AutoLogonPoliciesInspection": "Comprobando si hay directivas que puedan impedir que el inicio de sesión automático funcione correctamente.", "AutoLogonPoliciesWarningsHeader": "Las siguientes directivas pueden afectar al inicio de sesión automático:", "BeginArtifactItemsIntegrityCheck": "Iniciando la comprobación de integridad de los elementos del artefacto", "BlobStoreDownloadWarning": "Error en la descarga de artefactos de Blobstore, revirtiendo a TFS. Esto reducirá el rendimiento de la descarga. Compruebe que las reglas de firewall permiten el acceso a {0}. Asegúrese de que el firewall del agente está configurado correctamente: {1}", "BlobStoreUploadWarning": "Error al cargar el artefacto en Blobstore, revirtiendo a TFS. Esta reserva se quitará en una versión futura. Compruebe que las reglas de firewall permiten el acceso a {0}. Asegúrese de que el firewall del agente está configurado correctamente: {1}", "BuildDirLastUseTIme": "La última vez que se usó el directorio de compilación '{0}' fue: {1}", "BuildIdIsNotAvailable": "Se está intentando descargar un artefacto de canalización en el entorno '{0}', pero no hay ningún id. de compilación. Solo se puede descargar un artefacto de canalización en el entorno '{1}' si el artefacto es una compilación.", "BuildIdIsNotValid": "Identificador de compilación no válido: {0}", "BuildingFileTree": "Compilando árbol de archivos", "BuildLogsMessage": "El agente ha deshabilitado la carga de registros. Una vez completado el trabajo, puede recuperar los registros de este paso en {0} en el agente.", "BuildNumberRequired": "Se requiere el número de compilación.", "BuildsDoesNotExist": "Actualmente no existe ninguna compilación en la definición de canalización que se ha proporcionado.", "BuildTagAddFailed": "La etiqueta de compilación '{0}' no se agregó correctamente.", "BuildTagRequired": "Se requiere la etiqueta de compilación.", "BuildTagsForBuild": "La compilación '{0}' tiene ahora las siguientes etiquetas: {1}", "CannotChangeParentTimelineRecord": "No se puede cambiar el registro de escala de tiempo primario de un registro de escala de tiempo existente.", "CannotDownloadFromCurrentEnvironment": "No se puede descargar un artefacto de canalización del entorno {0}.", "CannotFindHostName": "No se encuentra el nombre de organización de VSTS en la dirección URL de servidor: '{0}'", "CanNotFindService": "No se encuentra el servicio {0}", "CanNotGrantPermission": "No se puede conceder el permiso LogonAsService al usuario {0}", "CanNotStartService": "No se puede iniciar el servicio. Consulte los registros para obtener más detalles.", "CanNotStopService": "No se puede detener el servicio {0} a tiempo.", "CannotUploadFile": "No se puede cargar el archivo porque no se especificó la ubicación del archivo.", "CannotUploadFromCurrentEnvironment": "No se puede cargar en un artefacto de canalización desde el entorno {0}.", "CannotUploadSummary": "No se puede cargar el archivo de resumen, no se ha especificado la ubicación del archivo de resumen.", "CheckoutTaskDisplayNameFormat": "Restaurar {0}@{1} a {2}", "CleaningDestinationFolder": "Limpiando carpeta de destino: {0}", "ClientId": "Id. de cliente(aplicación)", "ClientSecret": "Secreto de cliente", "ClockSkewStopRetry": "Se detuvo el reintento de la excepción de solicitud de token de OAuth después de {0} segundos.", "CodeCoverageDataIsNull": "No se encontraron datos de cobertura. Compruebe los errores o advertencias de compilación para obtener más detalles.", "CodeCoveragePublishIsValidOnlyForBuild": "La cobertura de código de publicación solo funciona para 'build'.", "CollectionName": "Nombre de la colección", "CommandDuplicateDetected": "El comando {0} ya está instalado para el área {1}", "CommandKeywordDetected": "'{0}' contiene la palabra clave del comando de registro '##vso', pero no es un comando válido. Consulte la lista de comandos aceptados: https://go.microsoft.com/fwlink/?LinkId=817296", "CommandLineHelp": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "Comandos:", " .{0}config.{1} Configura el agente", " .{0}config.{1} remove Quita la configuración del agente", " .{0}run.{1} Ejecuta el agente de forma interactiva", " .{0}run.{1} --once Ejecuta el agente y acepta como máximo un trabajo antes de apagarlo.", "", "Opciones:", " --version Imprime la versión del agente", " --commit Imprime la confirmación del agente", " --help Imprime la ayuda de cada comando" ], "CommandLineHelp_Common": [ "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Opciones comunes:", " --url dirección URL del servidor. Por ejemplo: https://myaccount.visualstudio.com o", " http://onprem:8080/tfs", " --auth tipo de autenticación. Los valores válidos son:", " pat (Token de acceso personal)", " negociar (Kerberos o NTLM)", " alt (Autenticación básica)", " integrado (credenciales predeterminadas de Windows)", " sp (entidad de servicio)", " --token Se usa con --auth pat. Token de acceso personal.", " --userName Se usa con --auth negotiate o --auth alt. Especificar el usuario de Windows", " nombre con el formato: domain\\userName o userName@domain.com", " --password Se usa con --auth negotiate o --auth alt.", " --unattended Configuración desatendida. No se le pedirá confirmación. Todas las respuestas deben", " se proporciona a la línea de comandos.", " --version Imprime la versión del agente", " --commit Imprime la confirmación del agente", " --help Imprime la ayuda" ], "CommandLineHelp_Configure": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", ".{0}config.{1} [options]", "", "Para obtener ayuda para quitar la configuración, vea: .{0}config.{1} quitar --help", "", "{2}", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Configurar opciones:", " --pool Nombre del grupo al que se unirá el agente", " --agent Nombre del agente", " --replace Reemplaza el agente en un grupo. Si otro agente está escuchando eso", " nombre, se iniciará un error con un conflicto.", " --work Directorio de trabajo donde se almacenan los datos del trabajo. El valor predeterminado es _work en el", " raíz del directorio del agente. El directorio de trabajo es propiedad de un determinado", " agente y no debe compartirse entre varios agentes.", " --acceptTeeEula solo macOS y Linux. Acepte el contrato de licencia para el usuario final de TEE.", " --gitUseSChannel Solo Windows. Indique a GIT que use el almacén de certificados nativo de Windows.", " --alwaysExtractTask Realiza una operación unzip para las tareas de cada paso de canalización.", " --disableLogUploads No transmita ni envíe la salida del registro de la consola al servidor. En su lugar, puede recuperarlos del sistema de archivos del host del agente una vez completado el trabajo. NOTA: no se puede usar con --reStreamLogsToFiles; provocará un error.", " --reStreamLogsToFiles Transmita o envíe la salida del registro de la consola al servidor, así como un archivo de registro en el sistema de archivos del host del agente. NOTA: No se puede usar con --disableLogUploads; provocará un error.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Opciones de inicio (solo Windows):", " --runAsService Configure el agente para que se ejecute como un servicio de Windows. Requiere", " permiso de administrador.", " --preventServiceStart Configurar el servicio de Windows para que no se ejecute inmediatamente después de la configuración.", " --runAsAutoLogon Configure el inicio de sesión automático y ejecute el agente al iniciar. Requiere", " permiso de administrador.", " --windowsLogonAccount Se usa con --runAsService o --runAsAutoLogon. Especificar el usuario de Windows", " nombre con el formato: domain\\userName o userName@domain.com", " --windowsLogonPassword Se usa con --runAsService or --runAsAutoLogon. Contraseña de inicio de sesión de Windows.", " --overwriteAutoLogon Se usa con --runAsAutoLogon. Sobrescribir cualquier inicio de sesión automático existente en el", " máquina.", " --noRestart Se usa con --runAsAutoLogon. No reiniciar después de la configuración", " completa.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Opciones del grupo de implementación:", " --deploymentGroup Configure el agente como agente de grupo de implementación.", " --projectName Se usa con --deploymentGroup. Nombre del proyecto de equipo.", " --addDeploymentGroupTags Se usa con --deploymentGroup. Especifique para agregar etiquetas de grupo de implementación.", " --deploymentGroupName Se usa con --deploymentGroup. Grupo de implementación al que se unirá el agente.", " --deploymentGroupTags Se usa con --addDeploymentGroupTags. Lista separada por comas de etiquetas para", " el agente del grupo de implementación. Por ejemplo, \"web, db\".", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "Ejemplos de configuración desatendida:", "", "Autenticación de VSTS", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --acceptTeeEula", "", "TFS local con autenticación integrada (solo Windows)", ".\\config.cmd --unattended --url http://mylocaltfsserver:8080/tfs --auth integrated --pool default --agent myAgent", "", "TFS local con autenticación de negociación", ".{0}config.{1} --unattended --url http://mylocaltfsserver:8080/tfs --auth negotiate --userName myDomain\\myUserName --password myPassword --pool default --agent myAgent --acceptTeeEula", "", "Reemplazar el agente existente por el mismo nombre de agente", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --replace --acceptTeeEula", "", "Especificar el directorio de trabajo del agente (Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work D:\\agent_work", "", "Especificar el directorio de trabajo del agente (macOS y Linux)", "./config.sh --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work usr/local/agent_work", "", "Ejecutar como un servicio de Windows que inicia sesión como servicio de red (solo Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService", "", "Ejecutar como un servicio de Windows que inicia sesión como una cuenta de dominio (solo Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "Ejecutar como un servicio de Windows que inicia sesión como una cuenta de dominio (solo Windows) y no inicia el servicio inmediatamente", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --preventServiceStart --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword ", "", "Ejecutar como agente de inicio de sesión automático (solo Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "Ejecutar como agente de inicio de sesión automático y no reiniciar después de la configuración (solo Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword --noRestart", "", "El agente del grupo de implementación se ejecuta como servicio de Windows que inicia sesión como sistema local (solo Windows)", ".\\config.cmd --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\"", "", "Agente de grupo de implementación con etiquetas", ".{0}config.{1} --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\" --acceptTeeEula" ], "CommandLineHelp_Env": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "Variables de entorno:", "Cualquier argumento de línea de comandos se puede especificar como una variable de entorno. Usar el formato", "VSTS_AGENT_INPUT_. Por ejemplo: VSTS_AGENT_INPUT_PASSWORD" ], "CommandLineHelp_Remove": [ ".{0}config.{1} quitar [options]", "", "{2}", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "Ejemplos de eliminación desatendida:", "", "VSTS", ".{0}config.{1} quitar --auth pat --token myToken", "", "TFS local con autenticación integrada (solo Windows)", ".{0}config.{1} quitar --unattended --auth integrado", "", "TFS local con autenticación integrada", ".{0}config.{1} remove --unattended --auth negotiate --username myDomain\\myUserName --password myPassword" ], "CommandNotAllowed": "##vso[{0}.{1}] no se permite en este paso debido a las restricciones de directiva. Consulte la documentación de referencia (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound": "No se encuentra la extensión del comando para ##vso[{0}.command]. Consulte la documentación de referencia (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound2": "##vso[{0}.{1}] no es un comando reconocido para la extensión de comando {2}. Consulte la documentación de referencia (http://go.microsoft.com/fwlink/?LinkId=817296).", "CommandNotSupported": "Los comandos {0} no se admiten para el flujo de {1}. Consulte la documentación (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandProcessFailed": "No se puede procesar correctamente el comando \"{0}\". Consulte la documentación (http://go.microsoft.com/fwlink/?LinkId=817296)", "ConnectingToServer": "Conectando con el servidor...", "ConnectSectionHeader": "Conectar", "ConnectToServer": "Conectando al servidor.", "ContainerWindowsVersionRequirement": "La característica de contenedor requiere Windows Server 1803 o posterior. Consulte la documentación (https://go.microsoft.com/fwlink/?linkid=875268).", "CopyFileComplete": "Los artefactos se publicaron correctamente en {0}", "CopyFileToDestination": "Copiar archivo '{0}' en '{1}'", "CorruptedArtifactItemsList": "Los siguientes elementos no superaron la comprobación de integridad:", "CouldNotRemoveService": "No se pudo eliminar el servicio '{0}'", "CreateUserWithSameUIDInsideContainer": "Intente crear un usuario con el UID '{0}' dentro del contenedor.", "CurrentUTC": "UTC actual: {0}", "CustomLogDoesNotExist": "No se proporcionó la ruta de acceso del archivo de registro o el archivo no existe: '{0}'", "CustomMarkDownSummaryDoesNotExist": "No se ha proporcionado la ruta de acceso del archivo de resumen de Markdown o el archivo no existe: '{0}'", "DeleteGCTrackingFile": "Elimine el archivo de seguimiento de GC después de eliminar '{0}'", "DeleteUnusedBuildDir": "Eliminar directorios de compilación sin usar", "DeleteUnusedReleaseDir": "Eliminar directorios de versión sin usar", "Deleting": "Eliminando: {0}", "DeletingCredentials": "Quitando .credentials", "DeletingSettings": "Quitando .agent", "DeploymentGroupName": "Nombre del grupo de implementación", "DeploymentGroupNotFound": "No se encontró el grupo de implementación: '{0}'", "DeploymentGroupTags": "Lista de etiquetas separadas por comas (por ejemplo, web, db)", "DeploymentGroupTagsAddedMsg": "Etiquetas agregadas correctamente", "DeploymentMachineWithSameNameAlreadyExistInDeploymentGroup": "DeploymentGroup {0} ya contiene una máquina con el nombre {1}.", "DeploymentPoolName": "Nombre del conjunto de implementación", "DeploymentPoolNotFound": "No se encontró el grupo de implementación: '{0}'", "DeprecatedNode6": "Esta tarea usa el controlador de ejecución de Node 6, que se quitará el 31 de marzo de 2022. Si es el desarrollador de la tarea, tenga en cuenta la guía de migración al controlador de Node 10 https://aka.ms/migrateTaskNode10 (compruebe también esta página si quiere deshabilitar las advertencias de desuso de Node 6). Si es el usuario, no dude en ponerse en contacto con los propietarios de esta tarea para continuar con la migración.", "DeprecatedNodeRunner": "La versión {1} de la tarea '{0}' ({2}@{1}) depende de una versión de Node ({3}) que finaliza su ciclo de vida. Póngase en contacto con el propietario de la extensión para obtener una versión actualizada de la tarea. Los mantenedores de tareas deben revisar la guía de actualización de Node: https://aka.ms/node-runner-guidance", "DeprecatedRunner": "La tarea \"{0}\" depende de un ejecutor de tareas que está al final del ciclo de vida y se quitará en el futuro. Los autores deben revisar la guía de actualización de Node: https://aka.ms/node-runner-guidance.", "DeprecationMessage": "La versión '{0}' de la tarea {1} ({2}@{1}) está en desuso.", "DeprecationMessageHelpUrl": "Consulte {0} para obtener más información acerca de esta tarea.", "DeprecationMessageRemovalDate": "Esta tarea se quitará. A partir de {0}, es posible que ya no esté disponible.", "DirectoryHierarchyUnauthorized": "Se requiere permiso para leer el contenido del directorio para '{0}' y cada directorio en la jerarquía. {1}", "DirectoryIsEmptyForArtifact": "El directorio '{0}' está vacío. No se agregará nada al artefacto de compilación '{1}'.", "DirectoryNotFound": "Directorio no encontrado: '{0}'", "DirExpireLimit": "Límite de expiración del directorio: {0} días.", "DiscoverBuildDir": "Descubra directorios de compilación obsoletos que no se han usado durante más de {0} días.", "DiscoverReleaseDir": "Descubra directorios de versión obsoletos que no se han usado durante más de {0} días.", "DockerCommandFinalExitCode": "Código de salida final para {0}: {1}", "DownloadAgent": "Descargando {0} agente", "DownloadArtifactFinished": "La descarga del artefacto ha finalizado.", "DownloadArtifacts": "Descargar artefactos", "DownloadArtifactsFailed": "Error al descargar los artefactos: {0}", "DownloadArtifactTo": "Descargar artefacto en: {0}", "DownloadArtifactWarning": "Para descargar el artefacto de tipo {0}, use la tarea Descargar artefacto de compilación. https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/download-build-artifacts?view=azure-devops", "DownloadingFromBuild": "Descargar de la compilación especificada: #{0}", "DownloadingJenkinsCommitsBetween": "Descargando confirmaciones entre el trabajo {0} y {1}", "DownloadingJenkinsCommitsFailedWithException": "Error al descargar confirmaciones para el artefacto de Jenkins {0}. Excepción: {1}", "DownloadingMultiplePipelineArtifacts": "Descargando {0} artefactos de canalización...", "DownloadingTask0": "Descargando tarea: {0} ({1})", "EnableServiceSidTypeUnrestricted": "habilitar SERVICE_SID_TYPE_UNRESTRICTED para el servicio de agente (S/N)", "EnsureJobFinished": "Esperando a que finalice la ejecución del trabajo actual.", "EnsureTasksExist": "Descargue todas las tareas necesarias.", "EnterValidValueFor0": "Escriba un valor válido para {0}.", "EnvironmentName": "Nombre del entorno", "EnvironmentNotFound": "No se encontró el entorno: '{0}'", "EnvironmentVariableExceedsMaximumLength": "La variable de entorno '{0}' supera la longitud máxima admitida. Longitud variable de entorno: {1}, longitud máxima admitida: {2}", "EnvironmentVMResourceTags": "Lista de etiquetas separadas por comas (por ejemplo, web, db)", "ErrorDuringBuildGC": "No se pueden detectar elementos no utilizados según \"{0}\". Inténtelo la próxima vez.", "ErrorDuringBuildGCDelete": "No se puede finalizar el proceso de GC según \"{0}\". Inténtelo la próxima vez.", "ErrorDuringReleaseGC": "No se pueden detectar elementos no utilizados según \"{0}\". Inténtelo la próxima vez.", "ErrorDuringReleaseGCDelete": "No se puede finalizar el proceso de GC según \"{0}\". Inténtelo la próxima vez.", "ErrorOccurred": "Se ha producido un error: {0}", "ErrorOccurredWhilePublishingCCFiles": "Error al publicar archivos de cobertura de código. Error: {0}", "EulasSectionHeader": "Contratos de licencia para el usuario final", "EvaluateReleaseTrackingFile": "Evaluar el archivo de seguimiento ReleaseDirectory: {0}", "EvaluateTrackingFile": "Evaluar el archivo de seguimiento BuildDirectory: {0}", "Exiting": "Saliendo...", "ExpectedMappingCloak": "Se esperaba el ocultamiento del elemento de asignación [{0}]: '{1}'. Real: '{2}'", "ExpectedMappingLocalPath": "Se esperaba la ruta de acceso local de asignación [{0}]: '{1}'. Actual: '{2}'", "ExpectedMappingRecursive": "Asignación esperada [{0}] recursiva: '{1}'. Real: '{2}'", "ExpectedMappingServerPath": "Se esperaba la ruta de acceso del servidor de asignación [{0}]: '{1}'. Real: '{2}'", "Failed": "Con error: ", "FailedDeletingTempDirectory0Message1": "No se pudo eliminar el directorio temporal '{0}'. {1}", "FailedTestsInResults": "Se han detectado uno o varios errores de prueba en los archivos de resultados. En la pestaña Pruebas puede ver un resumen detallado de los resultados de pruebas publicados.", "FailedToAddTags": "No se pudieron aplicar etiquetas en el agente. Vuelva a intentarlo o presione Ctrl-C para salir. También puede ir a la página web del grupo de implementación para agregar etiquetas.", "FailedToConnect": "No se pudo conectar. Inténtelo de nuevo o use Ctrl-C para salir", "FailedToDeleteTempScript": "No se pudo eliminar el archivo de script insertado temporal '{0}'. {1}", "FailedToFindDeploymentGroup": "No se pudo encontrar el grupo de implementación. Inténtelo de nuevo o use Ctrl-C para salir.", "FailedToFindEnvironment": "No se encontró el entorno. Vuelva a intentarlo o presione Ctrl-C para salir.", "FailedToFindPool": "No se pudo encontrar el nombre del grupo. Inténtalo de nuevo o Ctrl-C para salir.", "FailedToLockServiceDB": "No se pudo bloquear la base de datos del servicio para escritura", "FailedToOpenSCM": "No se pudo abrir el Administrador de control de servicios", "FailedToOpenSCManager": "No se pudo abrir el Administrador de control de servicios", "FailedToPublishTestResults": "No se pudieron publicar los resultados de la prueba: {0}", "FailedToReadFile": "No se pudo leer {0}. Error: {1}.", "FailedToReplaceAgent": "No se pudo reemplazar el agente. Inténtalo de nuevo o use Ctrl-C para salir.", "FailToRemoveGitConfig": "No se puede quitar \"{0}\" de la configuración de Git. Para quitar la credencial, ejecute \"git config --unset-all {0}\" desde la raíz del repositorio \"{1}\".", "FailToReplaceTokenPlaceholderInGitConfig": "No se puede reemplazar el marcador de posición por \"{0}\" en el archivo de configuración de Git.", "FileAssociateProgress": "Total de archivos: {0} ---- Archivos asociados: {1} ({2} %)", "FileContainerUploadFailed": "No se puede copiar el archivo en el servidor StatusCode={0}: {1}. Ruta de acceso del archivo de origen: {2}. Ruta de acceso del servidor de destino: {3}", "FileContainerUploadFailedBlob": "No se puede cargar el archivo en el blob. Ruta de acceso del archivo de origen: {0}. Ruta de acceso del servidor de destino: {1}", "FileDoesNotExist": "El archivo '{0}' no existe o no está accesible.", "FileNotFound": "Archivo no encontrado: '{0}'", "FilePathNotFound": "No se encuentra la ruta de acceso del archivo para '{0}'.", "FileShareOperatingSystemNotSupported": "No se admite la publicación de artefactos de un agente de Linux o macOS en un recurso compartido de archivos. Cambie el tipo de artefacto a \"Azure Pipelines\" o use un agente de Windows.", "FileUploadCancelled": "Se canceló la carga del archivo durante la carga: '{0}'.", "FileUploadDetailTrace": "Seguimiento de carga detallado del archivo que no se puede cargar: {0}", "FileUploadFailed": "No se puede cargar '{0}' debido a '{1}'.", "FileUploadFailedAfterRetry": "Error al cargar el archivo incluso después de reintentar.", "FileUploadFailedRetryLater": "{0} archivos no se pudieron cargar, vuelva a intentar estos archivos después de un minuto.", "FileUploadFileOpenFailed": "Error de archivo '{0}' al cargar el archivo '{1}'.", "FileUploadFinish": "El archivo '{0}' tardó {1} milisegundos en finalizar la carga", "FileUploadProgress": "Archivo total: {0} ---- Archivo procesado: {1} ({2} %)", "FileUploadProgressDetail": "Cargando '{0}' ({1} %)", "FileUploadRetry": "Iniciar el reintento de carga de {0} archivos con errores.", "FileUploadRetryInSecond": "Vuelva a intentar cargar el archivo después de {0} segundos.", "FileUploadRetrySucceed": "La carga de archivos se realizó correctamente después de reintentar.", "FileUploadSucceed": "La carga de archivos se realizó correctamente.", "FinalizeJob": "Finalizar trabajo", "FinishMaintenance": "Mantenimiento finalizado: {0}", "FoundErrorInTrace": [ "Notificación de {0} en los registros de diagnóstico. Examine el registro para obtener más detalles.", " - {1}" ], "GCBuildDir": "Elimine el directorio de compilación huérfano y obsoleto.", "GCBuildDirNotEnabled": "La opción para eliminar el directorio de compilación huérfano y obsoleto no está habilitada.", "GCDirIsEmpty": "No es necesario el proceso GC en ningún directorio de compilación. \"{0}\" no tiene ningún archivo de seguimiento.", "GCDirNotExist": "No es necesario el proceso GC en ningún directorio de compilación. \"{0}\" no existe.", "GCOldFormatTrackingFile": "Marque el archivo de seguimiento \"{0}\" para GC, ya que nunca se ha usado.", "GCReleaseDir": "Eliminar el directorio de versión huérfano y obsoleto.", "GCReleaseDirIsEmpty": "No es necesario el proceso GC en ningún directorio de versión. \"{0}\" no tiene ningún archivo de seguimiento.", "GCReleaseDirNotEnabled": "La opción para eliminar el directorio de versión huérfano y obsoleto no está habilitada.", "GCReleaseDirNotExist": "No es necesario el proceso GC en ningún directorio de versión. \"{0}\" no existe.", "GCUnusedTrackingFile": "Marque el archivo de seguimiento \"{0}\" para GC, ya que no se ha usado durante {1} días.", "GenerateAndRunUpdateScript": "Generar y ejecutar script de actualización.", "GrantContainerUserSUDOPrivilege": "Conceder el privilegio de SUDO \"{0}\" al usuario y permitirle ejecutar cualquier comando sin autenticación.", "GrantingFilePermissions": "Conceder permisos de archivo a \"{0}\".", "GroupDoesNotExists": "Grupo: {0} no existe", "ImageVersionLog": "Versión actual de la imagen: \"{0}\"", "InitializeContainer": "Inicializar contenedores", "InitializeJob": "Inicializar trabajo", "IntegrityCheckNotPassed": "Se ha producido un error al comprobar la integridad de los elementos del artefacto", "IntegrityCheckPassed": "La comprobación de integridad de elementos de artefacto finalizó correctamente", "InvalidAutoLogonCredential": "Se especificaron credenciales de Windows no válidas para el inicio de sesión automático. Asegúrese de que las credenciales proporcionadas sean válidas y de que tengan derechos de inicio de sesión interactivos en el equipo. Vuelva a intentarlo o presione ctrl-c para salir", "InvalidCommandArg": "El argumento de comando \"{0}\" contiene uno o varios de los siguientes caracteres no válidos: \", \\r, \\n", "InvalidCommandResult": "El comando no tiene un valor de resultado válido.", "InvalidCompletedDate": "La duración de cada serie de pruebas se usará para calcular el tiempo, ya que la fecha de finalización máxima {0} obtenida del archivo de resultados de pruebas es mayor que la fecha de inicio mínima {1}", "InvalidConfigFor0TerminatingUnattended": "Se proporcionó una configuración no válida para {0}. Terminando la configuración desatendida.", "InvalidDateFormat": "La duración de cada serie de pruebas se usará para calcular el tiempo, ya que se obtuvo un formato de fecha no válido de obtenido del archivo de resultados: {0} (Fecha de inicio {1}. Fecha de finalización: {2}).", "InvalidEndpointField": "Campo de punto de conexión no válido. Los valores válidos son url, dataParameter y authParameter.", "InvalidEndpointId": "Id. de punto de conexión no válido.", "InvalidEndpointUrl": "Dirección URL de punto de conexión no válida.", "InvalidFileFormat": "Formato de archivo no válido.", "InvalidGroupName": "Nombre de grupo no válido: {0}", "InvalidMember": "No se pudo agregar un nuevo miembro a un grupo local porque tiene un tipo de cuenta incorrecto. Si está configurando en un controlador de dominio, las cuentas de máquina integradas no se pueden agregar a grupos locales. En su lugar, debe usar una cuenta de usuario de dominio", "InvalidResultFiles": "Archivo de resultados no válido. Asegúrese de que el formato de resultado del archivo \"{0}\" coincide con el formato de resultados de la prueba \"{1}\".", "InvalidSIDForUser": "Identificador de seguridad no válido para el usuario {0}\\{1} al configurar o quitar la configuración del inicio de sesión automático. Consulte los registros para obtener más detalles.", "InvalidValueInXml": "No se puede recuperar el valor de \"{0}\" del archivo de resumen \"{1}\". Compruebe que el archivo de resumen tiene el formato correcto e inténtelo de nuevo.", "InvalidWindowsCredential": "Se especificaron credenciales de Windows no válidas. Inténtelo de nuevo o pulse ctrl-c para salir", "JenkinsBuildDoesNotExistsForCommits": "No se encuentra el índice de compilación para las compilaciones de Jenkins {0} y {1}. Los índices encontrados son {2} y {3}. Probablemente la compilación no existe", "JenkinsCommitsInvalidEndJobId": "El {0} de EndJobId asociado con el {1} de artefacto de Jenkins no es válido. No se descargarán las confirmaciones.", "JenkinsDownloadingChangeFromCurrentBuild": "No se encuentra endJobId, se capturará el conjunto de cambios de la compilación actual.", "JenkinsNoCommitsToFetch": "Implementando la misma compilación. No hay nada que capturar", "JenkinsRollbackDeployment": "Descargando confirmaciones para la implementación de reversión entre el trabajo {0} en {1}", "JobCompleted": "{0:u}: el trabajo {1} se completó con el resultado: {2}", "LaunchBrowser": "¿Quiere iniciar el explorador para el flujo de código del dispositivo de AAD? (S/N)", "ListenForJobs": "{0:u}: Escuchando trabajos", "LocalClockSkewed": "Es posible que el reloj de la máquina local no esté sincronizado con la hora del servidor con una diferencia de más de cinco minutos. Sincronice el reloj con la hora de su dominio o internet e inténtelo de nuevo.", "LocalSystemAccountNotFound": "No se encuentra la cuenta del sistema local", "LogOutputMessage": "El agente ha habilitado la carga de registros y el guardado del registro en el archivo. Una vez completado el trabajo, puede recuperar los registros de este paso en{0} en el agente.", "Maintenance": "Mantenimiento", "MaxHierarchyLevelReached": "El nivel de jerarquía es mayor que el límite admitido de {0}, se truncará la jerarquía inferior.", "MaxSubResultLimitReached": "El número de subresultados en el caso de prueba \"{0}\" supera el límite admitido de {1}, truncando los restantes.", "MemberDoesNotExists": "Miembro: {0} no existe", "MinimumNetFramework": "Se requiere .NET Framework x64 4.5 o superior.", "MinimumNetFramework46": "Se requiere .NET Framework x64 4.6 o superior.", "MinimumNetFrameworkTfvc": [ "No está instalado .NET Framework x64 4.6 o posterior.", "", ".NET Framework x64 4.6 o posterior es necesario para sincronizar los repositorios de TFVC. No es necesario sincronizar repositorios Git." ], "MinRequiredDockerClientVersion": "La versión mínima requerida del cliente de API del motor de Docker es \"{0}\"; su versión del cliente de Docker (\"{1}\") es \"{2}\"", "MinRequiredDockerServerVersion": "La versión mínima requerida del servidor de API del motor de Docker es \"{0}\"; su versión del servidor de Docker (\"{1}\") es \"{2}\"", "MinRequiredGitLfsVersion": "La versión mínima de Git-lfs requerida es \"{0}\", su versión de Git-lfs (\"{1}\") es \"{2}\"", "MinRequiredGitVersion": "La versión mínima de Git requerida es \"{0}\", su versión de Git (\"{1}\") es \"{2}\"", "MinSecretsLengtLimitWarning": "El valor de la longitud mínima de los secretos es demasiado alto. Se ha establecido el valor máximo: {0}.", "MissingAgent": "El agente ya no existe en el servidor. Vuelva a configurar el agente.", "MissingAttachmentFile": "No se puede cargar el archivo de datos adjuntos de la tarea, no se ha especificado la ubicación del archivo adjunto o el archivo adjunto no existe en el disco", "MissingAttachmentName": "No se pueden agregar datos adjuntos de tarea, no se proporciona el nombre de datos adjuntos.", "MissingAttachmentType": "No se pueden agregar datos adjuntos de tarea, no se proporciona el tipo de datos adjuntos.", "MissingConfig": "No se puede conectar con el servidor porque faltan archivos de configuración. Omitiendo la eliminación del agente del servidor.", "MissingEndpointField": "Falta el campo obligatorio \"field\" en el comando ##vso[task.setendpoint].", "MissingEndpointId": "Falta el campo obligatorio \"id\" en el comando ##vso[task.setendpoint].", "MissingEndpointKey": "Falta el campo obligatorio \"key\" en el comando ##vso[task.setendpoint].", "MissingNodePath": "Este paso requiere una versión de nodo que no existe en el sistema de archivos del agente. Ruta de acceso: {0}", "MissingRepositoryAlias": "No se puede actualizar el repositorio porque no se ha proporcionado el alias de este.", "MissingRepositoryPath": "No se puede actualizar el repositorio porque no se ha proporcionado la ruta de acceso a este.", "MissingTaskVariableName": "Falta el campo obligatorio \"variable\" en el comando ##vso[task.settaskvariable].", "MissingTimelineRecordId": "No se puede actualizar el registro de escala de tiempo, no se proporciona el identificador del registro de escala de tiempo.", "MissingVariableName": "Falta el campo obligatorio \"variable\" en el comando ##vso[task.setvariable].", "ModifyingCoberturaIndexFile": "Modificando archivo de índice cobertura", "MultilineSecret": "Los secretos no pueden contener varias líneas.", "N": "N", "NameRequiredForTimelineRecord": "Se requiere un nombre para este nuevo registro de escala de tiempo.", "NeedAdminForAutologonCapability": "Necesita privilegios de administrador para configurar el agente con el inicio de sesión automático.", "NeedAdminForAutologonRemoval": "Necesita privilegios de administrador para anular la configuración de un agente que se ejecuta con la funcionalidad de inicio de sesión automático.", "NeedAdminForConfigAgentWinService": "Necesita privilegios de administrador para configurar el agente como servicio de Windows.", "NeedAdminForUnconfigWinServiceAgent": "Necesita privilegios de administrador para quitar la configuración del agente que se ejecuta como servicio de Windows.", "NetworkServiceNotFound": "No se encuentra la cuenta de servicio de red", "NoArtifactsFound": "No hay artefactos disponibles en la versión \"{0}\".", "NoFolderToClean": "No se ha encontrado la carpeta de limpieza especificada. No hay nada que limpiar", "NoRestart": "¿Quiere reiniciar la máquina más tarde? (S/N)", "NoRestartSuggestion": "Se ha habilitado el inicio de sesión automático durante la configuración del agente. Se recomienda reiniciar la máquina para que surta efecto la configuración de inicio de sesión automático.", "NoResultFound": "No se encontró ningún resultado para publicar \"{0}\".", "OnPremIsNotSupported": "No se admite la tarea de artefacto de canalización en el entorno local. En su lugar, use la tarea de artefacto de compilación.", "OperatingSystemShutdown": "El sistema operativo se está cerrando para el equipo \"{0}\"", "OperationFailed": "Error: error en la operación {0} con el código de retorno {1}", "OutputVariablePublishFailed": "Error al publicar las variables de salida.", "OverwriteAutoLogon": "¿Desea sobrescribir la configuración de inicio de sesión automático existente porque el inicio de sesión automático ya está habilitado para el usuario \"{0}\"? (S/N)", "ParentProcessFinderError": "Error al comprobar si el agente se está ejecutando en PowerShell Core.", "ParentTimelineNotCreated": "No se ha creado el registro de escala de tiempo primario para este nuevo registro de escala de tiempo.", "Password": "contraseña", "PathDoesNotExist": "La ruta de acceso no existe: {0}", "PersonalAccessToken": "token de acceso personal", "PipelineDoesNotExist": "La siguiente canalización no existe: {0}. Compruebe el nombre de la canalización.", "PoolNotFound": "No se encontró el grupo de agentes: “{0}”", "PostJob": "Posterior al trabajo: {0}", "PowerOptionsConfigError": "Error al configurar las opciones de energía. Consulte los registros para obtener más detalles.", "PowerShellNotInstalledMinVersion0": "PowerShell no está instalado. Versión mínima requerida: {0}", "PreJob": "Previo al trabajo: {0}", "PrepareBuildDir": "Prepare el directorio de compilación.", "PrepareReleasesDir": "Prepare el directorio de versión.", "PrepareTaskExecutionHandler": "Preparando controlador de ejecución de tareas.", "Prepending0WithDirectoryContaining1": "Anteponiendo la variable de entorno {0} con el directorio que contiene “{1}”.", "PrerequisitesSectionHeader": "Requisitos previos", "PreventServiceStartDescription": "si se impide que el servicio se inicie inmediatamente después de finalizar la configuración? (S/N)", "ProcessCompletedWithCode0Errors1": "El proceso se completó con el código de salida {0} y se escribieron {1} error(es) en la secuencia de errores.", "ProcessCompletedWithExitCode0": "El proceso se completó con el código de salida {0}.", "ProcessExitCode": "El proceso devolvió el código de salida {0}: nombre de archivo “{1}”, argumentos “{2}”.", "ProcessHandlerInvalidScriptArgs": "Se detectaron caracteres en argumentos que el shell no puede ejecutar correctamente. Puede encontrar más información aquí: https://aka.ms/ado/75787", "ProfileLoadFailure": "No se puede cargar el perfil de usuario para el usuario {0}\\{1} la configuración de inicio de sesión automático no es posible.", "ProjectName": "Nombre del proyecto", "Prompt0": "Escribir {0}", "Prompt0Default1": "Entrar {0} (presione Entrar para {1})", "PSModulePathLocations": "La variable de entorno PSModulePath contiene ubicaciones de módulo específicas de PowerShell Core. Tenga en cuenta que, si va a usar tareas de Windows PowerShell en la canalización, podría experimentar errores. Para resolver este problema, no inicie el agente en PowerShell Core (pwsh).", "PSScriptError": "El script de PowerShell se completó con {0} errores.", "PublishCodeCoverage": "Publicar cobertura de código", "PublishedCodeCoverageArtifact": "Se publicó “{0}” como artefacto “{1}”", "PublishingArtifactUsingRobocopy": "Cargando artefactos con Robocopy.", "PublishingCodeCoverage": "Publicando datos de resumen de cobertura en el servidor TFS.", "PublishingCodeCoverageFiles": "Publicando archivos de cobertura de código en el servidor TFS.", "PublishingTestResults": "Publicación de resultados de pruebas en la serie de pruebas “{0}”", "PublishTestResults": "Publicar resultados de la prueba", "QueryingWorkspaceInfo": "Consultando información del área de trabajo.", "QueueConError": "{0:u}: error de conexión del agente: {1}. Reintentando hasta que se vuelva a conectar.", "QueueConnected": "{0:u}: agente reconectado.", "QuietCheckoutModeRequested": "Modo de restauración silencioso: se imprimirá menos en la consola.", "ReadingCodeCoverageSummary": "Leyendo resumen de cobertura de código de \"{0}\"", "ReadOnlyTaskVariable": "No se permite sobrescribir la variable de tarea readonly \"{0}\". Consulte https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md para obtener más detalles.", "ReadOnlyTaskVariableWarning": "Sobrescribiendo la variable de tarea readonly \"{0}\". Este comportamiento se deshabilitará en el futuro. Consulte https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md para obtener más detalles.", "ReadOnlyVariable": "No se permite sobrescribir la variable readonly \"{0}\". Consulte https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md para obtener más detalles.", "ReadOnlyVariableWarning": "Sobrescribiendo la variable readonly \"{0}\". Este comportamiento se deshabilitará en el futuro. Consulte https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md para obtener más detalles.", "RegisterAgentSectionHeader": "Registrar agente", "ReleaseDirLastUseTime": "La última vez que se usó el directorio de versión \"{0}\" fue: {1}", "RenameIndexFileCoberturaFailed": "Error al cambiar el nombre de \"{0}\" a \"{1}\" al publicar archivos de cobertura de código para \"{2}\". Excepción interna: \"{3}\"", "Replace": "¿Reemplazar? (S/N)", "RepositoryNotExist": "No se puede actualizar el repositorio porque no existe.", "ResourceMonitorAgentEnvironmentResource": "Recursos del entorno del agente: {0}, {1}, {2}", "ResourceMonitorCPUInfo": "CPU: utilización {0} %", "ResourceMonitorCPUInfoError": "No se puede obtener la información de CPU, excepción: {0}", "ResourceMonitorDiskInfo": "Disco: {0} disponible {1} MB de {2} MB", "ResourceMonitorDiskInfoError": "No se puede obtener la información del disco, excepción: {0}", "ResourceMonitorFreeDiskSpaceIsLowerThanThreshold": "El espacio libre en disco en {0} es inferior al {1} %; usado actualmente: {2} %", "ResourceMonitorMemoryInfo": "Memoria: Usado {0} MB de {1} MB", "ResourceMonitorMemoryInfoError": "No se puede obtener la información de memoria, excepción: {0}", "ResourceMonitorMemorySpaceIsLowerThanThreshold": "La memoria libre es inferior al {0} %; Actualmente usado: {1} %", "ResourceUtilizationDebugOutputIsDisabled": "La salida de uso de recursos para las ejecuciones de depuración está deshabilitada. Cambie la variable \"AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT\" a \"true\" si desea habilitarla.", "ResourceUtilizationWarningsIsDisabled": "Las advertencias de uso de recursos están deshabilitadas. Cambie la variable \"DISABLE_RESOURCE_UTILIZATION_WARNINGS\" a \"false\" si desea habilitarla.", "RestartIn15SecMessage": "Reiniciando la máquina en 15 segundos...", "RestartMessage": "Reinicie la máquina para iniciar el agente y para que la configuración de inicio de sesión automático surta efecto.", "ReStreamLogsToFilesError": "No puede usar --disableloguploads y --reStreamLogsToFiles al mismo tiempo.", "RetryCountLimitExceeded": "El número máximo permitido de intentos es {0} pero se obtuvo {1}. El número de reintentos se disminuirá a {0}.", "RetryingReplaceAgent": "Reintentar reemplazar al agente (intento {0} de {1}). Esperando {2} segundos antes del siguiente intento...", "RMApiFailure": "Error de API {0} con un código de error {1}", "RMArtifactContainerDetailsInvalidError": "El artefacto no tiene detalles de contenedor válidos: {0}", "RMArtifactContainerDetailsNotFoundError": "El artefacto no contiene detalles del contenedor: {0}", "RMArtifactDetailsIncomplete": "No se encuentra la información necesaria para descargar el artefacto", "RMArtifactDirectoryNotFoundError": "El directorio de artefactos no existe: {0}. Puede ocurrir si la contraseña de la cuenta {1} ha cambiado recientemente y no se ha actualizado para el agente. Si es así, considere la posibilidad de volver a configurar el agente.", "RMArtifactDownloadBegin": "Descargando artefacto vinculado {0} de tipo {1}...", "RMArtifactDownloadFinished": "Artefacto vinculado descargado {0}", "RMArtifactDownloadRequestCreationFailed": "No se pudo crear la solicitud para descargar el artefacto desde la dirección URL: {0}", "RMArtifactEmpty": "El artefacto no contiene ningún archivo para descargar.", "RMArtifactMatchNotFound": "El artefacto de compilación “{0}” no coincide con ningún patrón de nomenclatura; se omitirá la descarga", "RMArtifactNameDirectoryNotFound": "El directorio \"{0}\" no existe. Se usa el directorio primario: {1}", "RMArtifactsDownloadFinished": "Descarga de artefactos finalizada", "RMArtifactTypeFileShare": "Tipo de artefacto: recurso compartido de archivos", "RMArtifactTypeNotSupported": "La administración de versiones no admite la descarga del tipo de artefacto {0} en la versión actual.", "RMArtifactTypeServerDrop": "Tipo de artefacto: ServerDrop", "RMArtifactVersionNotBelongToArtifactSource": "La versión del artefacto con el id. {0} no pertenece al origen del artefacto vinculado con el id. {1}.", "RMBuildNotFromLinkedDefinition": "La compilación {0} no pertenece a la definición de compilación vinculada {1}", "RMCachingAllItems": "Almacenando en caché todos los elementos del contenedor de archivos...", "RMCachingComplete": "Almacenamiento en caché completado. ({0} ms)", "RMCachingContainerItems": "Almacenando elementos en caché en “{0}” en el contenedor de archivos...", "RMContainerItemNotSupported": "No se admite el tipo de elemento de contenedor “{0}”.", "RMContainerItemPathDoesnotExist": "La ruta de acceso del elemento de contenedor de archivos no empieza por {0}: {1}", "RMContainerItemRequestTimedOut": "Se agotó el tiempo de espera de la solicitud después de {0} segundos; suspenda durante {1} segundos y se intentará de nuevo. Solicitud: {2} {3}", "RMCreatedArtifactsDirectory": "Directorio de artefactos creado: {0}", "RMCreatingArtifactsDirectory": "Creando directorio de artefactos: {0}", "RMCustomEndpointNotFound": "No se encuentra la información necesaria en el trabajo para descargar el artefacto personalizado: {0}", "RMDownloadArtifactUnexpectedError": "Error inesperado al descargar artefactos", "RMDownloadBufferSize": "Tamaño del búfer de descarga: {0}", "RMDownloadComplete": "Descarga completada.", "RMDownloadingArtifact": "Descargando el artefacto", "RMDownloadingArtifactFromFileContainer": "Descargando artefacto del contenedor de archivos: {0} al destino: {1}", "RMDownloadingArtifactFromFileShare": "Descargando artefacto del recurso compartido de archivos: {0} al destino: {1}", "RMDownloadingArtifactUsingRobocopy": "Descargando artefacto con Robocopy.", "RMDownloadingCommits": "Descargando confirmaciones", "RMDownloadingJenkinsArtifacts": "Descargando los artefactos del servidor Jenkins", "RMDownloadProgress": "{0} archivo(s) colocado(s): {1} descargado(s), {2} vacío(s)", "RMDownloadProgressDetails": "{0} MB descargados a {1} KB/s. Tiempo de descarga: {2}.", "RMDownloadStartDownloadOfFile": "Descargando archivo {0}", "RMDownloadTaskCompletedStatus": "No se completó ninguna tarea de descarga en {0} minutos. Estados de tarea restante:", "RMDownloadTaskStates": " {0}: \t{1} tarea(s).", "RMEnsureArtifactFolderExistsAndIsClean": "Asegurando que la carpeta de artefactos {0} exista y esté limpia.", "RMEnvironmentVariablesAvailable": "A continuación se muestran las variables de entorno disponibles. Tenga en cuenta que se puede hacer referencia a estas variables de entorno en la tarea (en ReleaseDefinition) reemplazando \"_\" por \".\", por ejemplo, se puede hacer referencia a la variable de entorno AGENT_NAME mediante Agent.Name en ReleaseDefinition: {0}", "RMErrorDownloadingContainerItem": "Error al descargar {0}: {1}", "RMErrorDuringArtifactDownload": "Error durante la descarga: {0}", "RMFailedCreatingArtifactDirectory": "No se pudo crear el directorio de artefactos de la versión “{0}”.", "RMFileShareArtifactErrorOnNonWindowsAgent": "No se pueden descargar artefactos de un recurso compartido de archivos mediante un agente de OSX o Linux. Puede descargar el artefacto del servidor o usar un agente de Windows.", "RMGitEndpointNotFound": "No se encuentra la información necesaria en el trabajo para descargar el artefacto de GIT de Team Foundation.", "RMGitHubEndpointNotFound": "No se encuentra la información necesaria en el trabajo para descargar el artefacto de GitHub: {0}", "RMGotJenkinsArtifactDetails": "Detalles del artefacto de Jenkins recibidos", "RMJenkinsBuildId": "BuildId: {0}", "RMJenkinsEndpointNotFound": "No se encuentra la información necesaria en el trabajo para descargar el artefacto de Jenkins: {0}", "RMJenkinsInvalidBuild": "La compilación de Jenkins {0} no es válida.", "RMJenkinsJobName": "Nombre del trabajo: {0}", "RMJenkinsNoArtifactsFound": "No hay artefactos disponibles en la compilación de Jenkins {0}.", "RMLowAvailableDiskSpace": "Poco espacio en disco en la unidad {0}; hay menos de 100 MB disponibles.", "RMNoBuildArtifactsFound": "No hay artefactos disponibles en la compilación {0}.", "RMParallelDownloadLimit": "Límite de descargas paralelas: {0}", "RMPrepareToGetFromJenkinsServer": "Preparando la obtención de información de artefactos del servidor Jenkins", "RMPreparingToDownload": "Preparando la descarga del artefacto: {0}", "RMPreparingToGetBuildArtifactList": "Preparando la obtención de la lista de artefactos disponibles de la compilación", "RMReAttemptingDownloadOfContainerItem": "Intentando de nuevo la descarga de {0}. Error: {1}", "RMReceivedGithubArtifactDetails": "Detalles del artefacto de GitHub recibido", "RMReleaseNameRequired": "El nombre de versión es necesario.", "RMRemainingDownloads": "{0} descargas restantes.", "RMRetryingArtifactDownload": "Reintentando la descarga...", "RMRetryingCreatingArtifactsDirectory": "No se pudo crear el directorio de artefactos de versión {0} con una excepción {1}. Reintentando la creación del directorio de artefactos de versión.", "RMRobocopyBasedArtifactDownloadExitCode": "Código de salida de Robocopy: {0}", "RMRobocopyBasedArtifactDownloadFailed": "Error en la descarga basada en Robocopy con el código de salida: {0}", "RMStartArtifactsDownload": "Iniciando descarga de artefactos...", "RMStreamTypeNotSupported": "La administración de versiones no admite la descarga del tipo de secuencia {0} en la versión actual", "RMTfsVCEndpointNotFound": "No se encuentra la información necesaria en el trabajo para descargar el artefacto de Control de versiones de Team Foundation.", "RMUpdateReleaseName": "Actualizar el nombre de la versión.", "RMUpdateReleaseNameForRelease": "Actualice el nombre de la versión a {0} para la versión {1}.", "RMUpdateReleaseNameForReleaseComment": "Actualización del nombre de versión a {0} mediante el comando de registro de tareas", "RMUserChoseToSkipArtifactDownload": "Omitiendo la descarga de artefactos en función de la configuración especificada.", "RobocopyBasedPublishArtifactTaskExitCode": "Código de salida de Robocopy: {0}", "RobocopyBasedPublishArtifactTaskFailed": "Error en la publicación basada en Robocopy con el código de salida: {0}", "Rosetta2Warning": "Se sabe que la emulación X64 provoca bloqueos en el proceso del agente. Use el agente nativo (ARM).", "RSAKeyFileNotFound": "No se encontró el archivo de clave RSA {0}", "RunAgentAsServiceDescription": "¿Ejecutar el agente como servicio? (S/N)", "RunAsAutoLogonDescription": "¿Configurar el inicio de sesión automático y ejecutar el agente al iniciar? (S/N)", "RunIDNotValid": "El id. de ejecución no es válido: {0}", "RunningJob": "{0:u}: Ejecutando el trabajo: {1}", "SavedSettings": "{0:u}: Configuración guardada.", "ScanToolCapabilities": "Examinando las capacidades de la herramienta.", "ScreenSaverPoliciesInspection": "Comprobando si hay directivas que puedan impedir que se deshabilite el protector de pantalla.", "ScreenSaverPolicyWarning": "La máquina tiene definida una directiva de protector de pantalla, por lo que puede volverse a habilitar el protector de pantalla y que esto afecte a las operaciones de la interfaz de usuario; por ejemplo, las pruebas de interfaz de usuario automatizadas pueden dar error.", "SecretsAreNotAllowedInInjectedTaskInputs": "La tarea está intentando acceder a las siguientes entradas de una tarea de destino que contienen secretos:\n{0}\nNo se permite pasar entradas que contienen secretos a las tareas insertadas por los decoradores.", "SelfManageGitCreds": "Está en modo de credenciales de GIT de administración automática. Asegúrese de que la máquina host del agente puede omitir cualquier desafío de autenticación de Git.", "ServerTarpit": "El servidor está limitando actualmente el trabajo. Puede experimentar retrasos en la salida de la línea de consola, los informes de estado del trabajo y las cargas de registros de tareas.", "ServerTarpitUrl": "Vínculo a la página de uso de recursos (vista global de una hora): {0}.", "ServerTarpitUrlScoped": "Vínculo a la página de uso de recursos (vista de una hora por canalización): {0}.", "ServerUrl": "dirección URL del servidor", "ServiceAlreadyExists": "El servicio ya existe: {0}, se reemplazará", "ServiceConfigured": "El servicio {0} se configuró correctamente", "ServiceDelayedStartOptionSet": "El inicio automático retrasado se ha establecido correctamente para el servicio {0}.", "ServiceInstalled": "Ha instalado correctamente el servicio {0}", "ServiceLockErrorRetry": "Error en el bloqueo de la base de datos de servicio con el código {0}. Reintentando después de {1} segundos...", "ServiceRecoveryOptionSet": "El servicio {0} estableció correctamente la opción de recuperación", "ServiceSidTypeSet": "El servicio {0} estableció correctamente el tipo de SID", "ServiceStartedSuccessfully": "El servicio {0} se inició correctamente.", "SessionCreateFailed": "No se pudo crear la sesión. {0}", "SessionExist": "Ya existe una sesión para este agente.", "SessionExistStopRetry": "Detenga el reintento en SessionConflictException después de reintentar durante {0} segundos.", "SetBuildVars": "Establecer variables de compilación.", "SetEnvVar": "Configurando la variable de entorno {0}", "SetVariableNotAllowed": "La definición de tarea o compilación ha deshabilitado la configuración de la variable \"{0}\".", "ShallowCheckoutFail": "Error en la desprotección de Git en el repositorio superficial. Esto puede deberse a que la captura de Git con profundidad \"{0}\" no incluye la confirmación de desprotección \"{1}\". Consulte la documentación (http://go.microsoft.com/fwlink/?LinkId=829603)", "ShallowLfsFetchFail": "Error de captura de Git lfs en el repositorio superficial. Esto puede deberse a que la captura de Git con profundidad \"{0}\" no incluye la confirmación de recuperación de cambios lfs \"{1}\". Consulte la documentación (http://go.microsoft.com/fwlink/?LinkId=829603)", "ShutdownMessage": "Reiniciando la máquina para iniciar el agente en modo interactivo.", "Skipping": "No existe. Saltar ", "SkipTrackingFileWithoutRepoType": "Omita el archivo de seguimiento \"{0}\". Aún no se ha actualizado el tipo de repositorio.", "SourceArtifactProviderNotFound": "No se encuentra el proveedor de origen para el artefacto de tipo {0}", "StartingArtifactDownload": "Iniciando descarga {0}", "StartMaintenance": "Iniciar mantenimiento: {0}", "StepCancelled": "Se cancelará la operación. Es posible que los pasos siguientes no contengan los registros esperados.", "StepFinishing": "Finalizando: {0}", "StepStarting": "Iniciando: {0}", "StepTimedOut": "Se agotó el tiempo de espera de la tarea.", "StopContainer": "Detener contenedores", "Success": "Operación correcta: ", "SupportedRepositoryEndpointNotFound": "No se puede hacer coincidir ningún punto de conexión del repositorio de origen con ninguno de los proveedores de origen admitidos.", "SupportedTaskHandlerNotFoundLinux": "El sistema operativo actual no puede ejecutar esta tarea. Normalmente, esto significa que la tarea se ha escrito solo para Windows. Por ejemplo, para PowerShell en el escritorio de Windows.", "SupportedTaskHandlerNotFoundWindows": "No se encontró un controlador de ejecución de tareas admitido. La tarea no incluye una implementación compatible con el sistema operativo actual \"{0}\". Póngase en contacto con el autor de la tarea para obtener más detalles.", "SvnBranchCheckedOut": "Se extrajo la rama {0} para el repositorio {1} en la revisión {2}", "SvnEmptyServerPath": "La ruta de acceso del servidor relativa vacía se asigna a \"{0}\".", "SvnFileAlreadyExists": "El archivo {0} ya existe.", "SvnIncorrectRelativePath": "Se especificó una ruta de acceso relativa '{0}' incorrecta.", "SvnMappingDuplicateLocal": "Omitiendo asignación duplicada para la ruta de acceso local={0}", "SvnMappingDuplicateServer": "Omitiendo asignación duplicada para la ruta de acceso del servidor={0}", "SvnMappingIgnored": "Se omite todo el conjunto de asignaciones. Continuar con la asignación de rama completa.", "SvnNotInstalled": "No se encuentra la utilidad de línea de comandos svn instalada", "SvnSyncingRepo": "Sincronizando repositorio: {0} (Svn)", "TarExtraction": "Extrayendo archivo tar: {0}", "TarExtractionError": "No se pudo extraer el archivo tar {0}: {1}", "TarExtractionNotSupportedInWindows": "La extracción de tar no es compatible con Windows", "TarSearchStart": "Iniciando la búsqueda de archivos tar para extraer", "TarsFound": "Se encontraron {0} archivos tar para extraer", "TarsNotFound": "No se encontraron archivos tar para extraer", "TaskDownloadFailed": "No se pudo descargar la tarea \"{0}\". Error {1}", "TaskDownloadTimeout": "La tarea \"{0}\" no terminó de descargarse en {1} segundos.", "TaskSignatureVerificationFailed": "Error en la comprobación de la firma de la tarea.", "TaskSignatureVerificationSucceeeded": "La comprobación de la firma de la tarea se realizó correctamente.", "TeeEula": [ "La compilación de orígenes desde un repositorio TFVC requiere la aceptación del Team Explorer Everywhere contrato de licencia para el usuario final. Este paso no es necesario para compilar orígenes desde repositorios Git.", "", "Puede encontrar una copia del contrato de licencia Team Explorer Everywhere en:", " {0}" ], "Telemetry": "Telemetría", "TelemetryCommandDataError": "No se pueden analizar los datos de telemetría {0}. Error: {1}", "TelemetryCommandFailed": "No se pudieron publicar los datos de telemetría. Error {0}", "TenantId": "Id. del inquilino", "TestAgentConnection": "Probando la conexión del agente.", "TestAttachmentNotExists": "Omitiendo datos adjuntos porque no están disponibles en el disco: {0}", "TestResultsRemaining": "Resultados restantes de la prueba: {0}. Id. de serie de pruebas: {1}", "Tfs2015NotSupported": "Este agente no se admite en Windows en TFS 2015. El agente de Windows de TFS 2015 se puede descargar desde la página de administración de grupos de agentes.", "TotalThrottlingDelay": "El trabajo ha experimentado un retraso total de {0} segundos causado por la limitación del servidor.", "TotalUploadFiles": "Cargando {0} archivos", "TypeRequiredForTimelineRecord": "El tipo es necesario para este nuevo registro de escala de tiempo.", "UnableResolveArtifactType": "No se puede inferir el tipo de artefacto de la ubicación del artefacto: {0}.", "UnableToArchiveResults": "No se pudieron archivar los resultados de la prueba: {0}", "UnableToParseBuildTrackingConfig0": "No se puede analizar la configuración de seguimiento de compilación heredada. En su lugar, se creará un nuevo directorio de compilación. El directorio anterior se puede dejar en un estado no corregido. Contenido de configuración heredado: {0}", "UnconfigAutologon": "Quitando la configuración de inicio de sesión automático", "UnconfigureOSXService": "Quite primero la configuración del servicio según https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-osx", "UnconfigureServiceDService": "Quite primero la configuración del servicio según https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-linux", "UnexpectedParallelCount": "Recuento de elementos \"%s\" en paralelo no admitido. Especifique un número entre 1 y 128.", "UninstallingService": "Quitando servicio", "UnknownCodeCoverageTool": "No se admite la herramienta de cobertura de código \"{0}\".", "UnrecognizedCmdArgs": "Argumentos de entrada de la línea de comandos no reconocidos: \"{0}\". Para obtener información sobre el uso, consulte: .\\config.cmd --help o ./config.sh --help", "UnregisteringAgent": "Eliminando agente del servidor", "UnsupportedGitLfsVersion": "Su versión actual de Git LFS es \"{0}\", que no es compatible con el agente. Actualice al menos a la versión \"{1}\". Consulte https://github.com/git-lfs/git-lfs/issues/3571 para obtener más detalles.", "UnsupportedOsVersionByNet8": "La versión del sistema operativo en la que se está ejecutando este agente ({0}) no se admite en una próxima actualización del agente de pipelines. Para ver las versiones de sistema operativo compatibles, consulte https://aka.ms/azdo-pipeline-agent-net8.", "UpdateBuildNumber": "Actualizar número de compilación", "UpdateBuildNumberForBuild": "Actualice el número de compilación a {0} para la compilación {1}", "UpdateInProgress": "Actualización del agente en curso, no apague el agente.", "UpgradeToLatestGit": "Para obtener una mejor experiencia de Git, actualice el Git a al menos la versión \"{0}\". La versión actual de Git es \"{1}\".", "UploadArtifact": "Cargar artefacto", "UploadArtifactCommandNotSupported": "No se admite la carga del artefacto de servidor en {0}.", "UploadArtifactFinished": "La carga del artefacto de canalización ha finalizado.", "UploadingPipelineArtifact": "Cargando el artefacto de canalización desde {0} para la compilación #{1}", "UploadToFileContainer": "Cargue \"{0}\" en el contenedor de archivos \"{1}\"", "UserName": "nombre de usuario", "UserNameLog": "Agente que se ejecuta como \"{0}\"", "UserShutdownAgent": "El agente ha recibido una señal de apagado. Esto puede ocurrir cuando se detiene el servicio del agente o se cancela un agente iniciado manualmente.", "Variable0ContainsCyclicalReference": "No se puede expandir la variable \"{0}\". Se detectó una referencia cíclica.", "Variable0ExceedsMaxDepth1": "No se puede expandir la variable \"{0}\". Se superó la profundidad de expansión máxima ({1}).", "VMResourceWithSameNameAlreadyExistInEnvironment": "El entorno con el identificador \"{0}\" ya contiene un recurso de máquina virtual con el nombre \"{1}\".", "VSTSHostNonZeroReturn": "LegacyVSTSPowerShellHost.exe se completó con el código de retorno: {0}.", "WaitForServiceToStop": "Esperando a que se detenga el servicio...", "WindowsLogonAccountNameDescription": "Cuenta de usuario que se va a usar para el servicio", "WindowsLogonPasswordDescription": "Contraseña de la cuenta {0}", "WorkFolderDescription": "carpeta de trabajo", "WorkspaceMappingNotMatched": "Las asignaciones de área de trabajo no coinciden para el área de trabajo {0}", "Y": "Y", "ZipSlipFailure": "La entrada está fuera del directorio de destino: {0}" } ================================================ FILE: src/Misc/layoutbin/fr-FR/strings.json ================================================ { "AcceptTeeEula": "(O/N) Accepter le contrat de licence Team Explorer Everywhere maintenant ?", "AccessDenied": "Accès refusé", "AccessDeniedSettingDelayedStartOption": "Accès refusé durant la configuration des options de démarrage automatique différé du service.", "AccessDeniedSettingRecoveryOption": "Accès refusé lors de la définition des options de récupération du service.", "AccessDeniedSettingSidType": "Accès refusé lors de la définition du type SID du service.", "AddAgentFailed": "Échec de l’ajout de l’agent. Réessayez ou ctrl-c pour quitter", "AddBuildTag": "Ajouter une balise de build", "AddDeploymentGroupTagsFlagDescription": "balises de groupe de déploiement pour l’agent ? (O/N)", "AddEnvironmentVMResourceTags": "Étiquettes de ressources de la machine virtuelle d'environnement ? (O/N)", "AgentAddedSuccessfully": "L’agent a été ajouté", "AgentAlreadyInsideContainer": "La fonctionnalité de conteneur n'est pas prise en charge quand l'agent est déjà en cours d'exécution dans le conteneur. Consultez la documentation de référence (https://go.microsoft.com/fwlink/?linkid=875268)", "AgentCdnAccessFailWarning": "Action requise : L’agent Azure Pipelines ne peut pas atteindre la nouvelle URL CDN. Ajoutez « download.agent.dev.azure.com » à la liste d’autorisation dès maintenant pour éviter les échecs du pipeline. Détails : https://devblogs.microsoft.com/devops/cdn-domain-url-change-for-agents-in-pipelines/", "AgentDoesNotSupportContainerFeatureRhel6": "L'agent ne prend pas en charge la fonction de conteneur sur Red Hat Enterprise Linux 6 ou CentOS 6.", "AgentDowngrade": "Passage de l'agent à une version antérieure. Cela est généralement dû à une restauration de l'agent publié pour une résolution de bogue. Pour désactiver ce comportement, définissez la variable d'environnement AZP_AGENT_DOWNGRADE_DISABLED=true avant de lancer votre agent.", "AgentExit": "L’agent va se fermer sous peu pour la mise à jour, doit être de nouveau en ligne dans un délai de 10 secondes.", "AgentIsNotConfigured": "L’agent n’est pas configuré.", "AgentMachineNameLog": "Nom de l’ordinateur de l’agent : '{0}'", "AgentMachinePoolNameLabel": "pool d'agents", "AgentName": "nom de l’agent", "AgentNameLog": "Nom de l’agent : «{0}»", "AgentOutOfMemoryFailure": "Le worker de l’agent s’est arrêté avec le code 137, ce qui signifie qu’il est arrivé à court de mémoire. Assurez-vous que la mémoire de l’hôte de l’agent (conteneur) est suffisante.", "AgentReplaced": "Agent remplacé", "agentRootFolderCheckError": "Impossible de vérifier les règles d’accès du dossier racine de l’agent. Pour plus d’informations, consultez le journal.", "agentRootFolderInsecure": "Avertissement de sécurité ! Le groupe {0} a accès à l’écriture/modification du dossier de l’agent. Pour plus d’informations, consultez le journal.", "AgentRunningBehindProxy": "L’agent s’exécute derrière le serveur proxy : '{0}'", "AgentVersion": "Version actuelle de l’agent : «{0}»", "AgentWithSameNameAlreadyExistInPool": "Le pool {0} contient déjà un agent nommé {1}.", "AllowContainerUserRunDocker": "Autorisez l’utilisateur «{0}» à exécuter une commande Docker sans SUDO.", "AlreadyConfiguredError": "Impossible de configurer l’agent, car il est déjà configuré. Pour reconfigurer l’agent, exécutez d’abord 'config.cmd remove' ou './config.sh remove'.", "ApkAddShadowFailed": "L’ID utilisateur est en dehors de la plage de la commande « adduser ». Impossible d’utiliser la commande de remplacement « useradd », car le package « shadow » n’est pas préinstallé et la tentative d’installation de ce package a échoué. Vérifiez la disponibilité du réseau ou utilisez une image Docker avec le package « shadow » préinstallé.", "ArgumentNeeded": "'{0}' doit être spécifié.", "ArtifactCustomPropertiesNotJson": "Les propriétés personnalisées de l’artefact ne sont pas valides au format JSON : '{0}'", "ArtifactCustomPropertyInvalid": "Les propriétés personnalisées de l’artefact doivent être précédées du préfixe « user- ». Propriété non valide : '{0}'", "ArtifactDownloadFailed": "Échec du téléchargement de l’artefact à partir de {0}.", "ArtifactLocationRequired": "L’emplacement de l’artefact est obligatoire.", "ArtifactNameIsNotValid": "Le nom de l’artefact n’est pas valide : {0}. Il ne peut pas contenir '\\', /', « ', ':', '<', '>', '|', '*' et '?'", "ArtifactNameRequired": "Le nom de l’artefact est obligatoire.", "ArtifactTypeRequired": "Le type d’artefact est obligatoire.", "AssociateArtifact": "Associer un artefact", "AssociateArtifactCommandNotSupported": "L’association d’artefact de serveur n’est pas prise en charge dans {0}.", "AssociateArtifactWithBuild": "{0} d’artefacts associés à {1}de build", "AssociateFiles": "Association des fichiers", "AttachFileNotExist": "Impossible d’attacher (type :{0} nom :{1}) fichier : {2}. Le fichier n’existe pas.", "AttachmentExceededMaximum": "La pièce jointe est ignorée, car elle dépasse la taille maximale autorisée fixée à 75 Mo : {0}", "AttemptRemoveCredFromConfig": "Une tentative infructueuse a été effectuée à l’aide de la ligne de commande git pour supprimer «{0}» de la configuration git. Tentative de modification directe du fichier de configuration Git pour supprimer les informations d’identification.", "AuthenticationType": "type d’authentification", "AutoLogonAccountGmsaHint": "Si vous essayez d’utiliser un compte gMSA, placez un symbole dollar ($) à la fin du nom du compte)", "AutoLogonAccountNameDescription": "Compte d’utilisateur à utiliser pour l’ouverture de session automatique", "AutoLogonOverwriteDeniedError": "Impossible de configurer l’ouverture de session automatique, car elle est déjà configurée pour un autre utilisateur ({0}) sur l’ordinateur. Utilisez « --overwriteautologon » si vous souhaitez le remplacer.", "AutoLogonPolicies_LegalNotice": "Mention légale", "AutoLogonPolicies_ShutdownReason": "Raison de l’arrêt", "AutoLogonPoliciesInspection": "Recherche de stratégies susceptibles d’empêcher le bon fonctionnement de l’autologon.", "AutoLogonPoliciesWarningsHeader": "Les stratégies suivantes peuvent affecter le journal automatique :", "BeginArtifactItemsIntegrityCheck": "Démarrage de la vérification de l’intégrité des éléments d’artefacts", "BlobStoreDownloadWarning": "Échec du téléchargement de l’artefact à partir de Blobstore, revenir à TFS. Cela réduit les performances de téléchargement. Vérifiez que l’accès à {0} est autorisé par vos règles de pare-feu. Vérifiez que votre pare-feu d’agent est configuré correctement : {1}", "BlobStoreUploadWarning": "Échec du chargement de l’artefact dans Blobstore, en rebasculant vers TFS. Cette solution de secours sera supprimée dans une version ultérieure. Vérifiez que l’accès à {0} est autorisé par vos règles de pare-feu. Vérifiez que votre pare-feu d’agent est configuré correctement : {1}", "BuildDirLastUseTIme": "La dernière fois que le répertoire de build «{0}» a été utilisé est : {1}", "BuildIdIsNotAvailable": "Tentative de téléchargement de l’artefact de pipeline dans l’environnement «{0}», mais l’ID de build n’est pas présent. Peut télécharger un artefact de pipeline uniquement dans l’environnement «{1}» si l’artefact est une build.", "BuildIdIsNotValid": "L’ID de build n’est pas valide : {0}", "BuildingFileTree": "Génération de l’arborescence de fichiers", "BuildLogsMessage": "L’agent a désactivé le chargement des journaux. Une fois le travail terminé, vous pouvez récupérer les journaux de cette étape à {0} sur l’agent.", "BuildNumberRequired": "Le numéro de build est obligatoire.", "BuildsDoesNotExist": "Il n'existe aucune build dans la définition de pipeline fournie.", "BuildTagAddFailed": "La balise de build «{0}» n’a pas été ajoutée.", "BuildTagRequired": "La balise de build est obligatoire.", "BuildTagsForBuild": "La build «{0}» comporte les balises suivantes : {1}", "CannotChangeParentTimelineRecord": "Impossible de modifier l’enregistrement de chronologie parent d’un enregistrement de chronologie existant.", "CannotDownloadFromCurrentEnvironment": "Impossible de télécharger un artefact de pipeline à partir de l’environnement {0}.", "CannotFindHostName": "Impossible de trouver le nom de l’organisation VSTS à partir de l’URL du serveur : «{0}»", "CanNotFindService": "Service introuvable {0}", "CanNotGrantPermission": "Impossible d’accorder l’autorisation LogonAsService à l’utilisateur {0}", "CanNotStartService": "Impossible de démarrer le service. Pour plus d’informations, consultez les journaux.", "CanNotStopService": "Impossible d’arrêter le service {0} dans le délai imparti.", "CannotUploadFile": "Impossible de charger le fichier, car l’emplacement du fichier n’est pas spécifié.", "CannotUploadFromCurrentEnvironment": "Impossible de charger vers un artefact de pipeline à partir de {0} environnement.", "CannotUploadSummary": "Impossible de charger le fichier récapitulatif, l’emplacement du fichier récapitulatif n’est pas spécifié.", "CheckoutTaskDisplayNameFormat": "Extraire {0}@{1} pour {2}", "CleaningDestinationFolder": "Nettoyage du dossier de destination : {0}", "ClientId": "ID de l’application cliente", "ClientSecret": "Clé secrète client", "ClockSkewStopRetry": "Nouvelle tentative d’exception de demande de jeton OAuth arrêtée après {0} secondes.", "CodeCoverageDataIsNull": "Données de couverture introuvables. Pour plus d’informations, consultez les erreurs/avertissements de build.", "CodeCoveragePublishIsValidOnlyForBuild": "La couverture du code de publication fonctionne uniquement pour « build ».", "CollectionName": "Nom de la collection", "CommandDuplicateDetected": "La commande {0} est déjà installé pour la zone {1}", "CommandKeywordDetected": "'{0}' contient le mot clé de commande de journalisation '##vso', mais il ne s’agit pas d’une commande légale. Consultez la liste des commandes acceptées : https://go.microsoft.com/fwlink/?LinkId=817296", "CommandLineHelp": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "Commandes :", " .{0}configuration.{1} configure l’agent", " .{0}configuration.{1} supprimer annule la configuration de l’agent", " .{0}exécuter.{1} exécute l’agent de manière interactive", " .{0}exécuter.{1} --une fois exécute l’agent, en acceptant au plus un travail avant d’arrêter", "", "Options :", " --version Imprime la version de l’agent", " --commit Imprime la validation de l’agent", " --help Imprime l’aide de chaque commande" ], "CommandLineHelp_Common": [ "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Options courantes :", " --url URL du serveur. Par exemple : https://myaccount.visualstudio.com ou", " http://onprem:8080/tfs", " --auth type d’authentification. Les valeurs valides sont les suivantes :", " pat (jeton d’accès personnel)", " négocier (Kerberos ou NTLM)", " alt (authentification de base)", " intégré (informations d’identification Windows par défaut)", " sp (principal du service)", " --token Utilisé avec --auth pat. Jeton d’accès personnel.", " --userName Utilisé avec --auth negotiate ou --auth alt. Spécifier l’utilisateur Windows", " nom au format : domaine\\userName ou userName@domain.com", " --password Utilisé avec --auth negotiate ou --auth alt.", " --unattended Configuration sans assistance. Vous ne serez pas invité. Toutes les réponses doivent", " être fourni à la ligne de commande.", " --version Imprime la version de l’agent", " --commit Imprime la validation de l’agent", " --help Imprime l’aide" ], "CommandLineHelp_Configure": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", ".{0}configuration.{1} [options]", "", "Pour obtenir de l’aide sur la désconfiguration, consultez : .{0}configuration.{1} supprimer --help", "", "{2}", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Configurer les options :", " --pool Nom du pool que l’agent doit joindre", " --agent Nom de l’agent", " --replace Remplacez l’agent dans un pool. Si un autre agent écoute cela", " nom, il va commencer à échouer avec un conflit.", " --work Répertoire de travail où sont stockées les données du travail. La valeur par défaut est _work sous le", " racine du répertoire de l’agent. Le répertoire de travail appartient à un", " et ne doit pas être partagé entre plusieurs agents.", " --acceptTeeEula macOS et Linux uniquement. Acceptez le contrat de licence utilisateur final TEE.", " --gitUseSChannel Windows uniquement. Demandez à Git d’utiliser le magasin de certificats natif de Windows.", " --alwaysExtractTask Effectuer un décompression pour les tâches pour chaque étape de pipeline.", " --disableLogUploads Ne diffuse pas en continu ou n’envoie pas la sortie du journal de la console au serveur. Vous pouvez plutôt les récupérer du système de fichiers de l’hôte de l’agent une fois le travail terminé. REMARQUE : impossible d’utiliser --reStreamLogsToFiles, cela provoquera une erreur.", " --reStreamLogsToFiles Stream ou envoyer la sortie du journal de la console au serveur, ainsi qu’un fichier journal sur le système de fichiers de l’hôte de l’agent. REMARQUE : impossible d’utiliser --disableLogUploads, cela provoquera une erreur.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Options de démarrage (Windows uniquement) :", " --runAsService Configure l’agent pour qu’il s’exécute en tant que service Windows. Exige", " autorisation d’administrateur.", " --preventServiceStart Configurer le service Windows pour qu’il ne s’exécute pas immédiatement après la configuration.", " --runAsAutoLogon Configure l’ouverture de session automatique et exécute l’agent au démarrage. Exige", " autorisation d’administrateur.", " --windowsLogonAccount Utilisé avec --runAsService ou --runAsAutoLogon. Spécifier l’utilisateur Windows", " nom au format : domaine\\userName ou userName@domain.com", " --windowsLogonPassword Utilisé avec --runAsService ou --runAsAutoLogon. Mot de passe d’ouverture de session Windows.", " --overwriteAutoLogon utilisé avec --runAsAutoLogon. Remplacer toute ouverture de session automatique existante sur le", " machine.", " --noRestart utilisé avec --runAsAutoLogon. Ne pas redémarrer après la configuration", " complète.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Options du groupe de déploiement :", " --deploymentGroup Configurez l’agent en tant qu’agent de groupe de déploiement.", " --projectName Utilisé avec --deploymentGroup. Nom du projet d’équipe.", " --addDeploymentGroupTags utilisé avec --deploymentGroup. Spécifiez pour ajouter des balises de groupe de déploiement.", " --deploymentGroupName Utilisé avec --deploymentGroup. Groupe de déploiement auquel l’agent doit se joindre.", " --deploymentGroupTags Utilisé avec --addDeploymentGroupTags. Liste de balises séparées par des virgules pour", " l’agent de groupe de déploiement. Par exemple, « web, db ».", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "Exemples de configuration sans assistance :", "", "Authentification VSTS", ".{0}configuration.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --acceptTeeEula", "", "TFS local avec authentification intégrée (Windows uniquement)", ".\\config.cmd --unattended --url http://mylocaltfsserver:8080/tfs --auth integrated --pool default --agent myAgent", "", "TFS local avec authentification par négociation", ".{0}config.{1} --unattended --url http://mylocaltfsserver:8080/tfs --auth negotiate --userName myDomain\\myUserName --password myPassword --pool default --agent myAgent --acceptTeeEula", "", "Remplacer l’agent existant par le même nom d’agent", ".{0}configuration.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --replace --acceptTeeEula", "", "Spécifier le répertoire de travail de l’agent (Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work D:\\agent_work", "", "Spécifier le répertoire de travail de l’agent (macOS et Linux)", "./config.sh --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work usr/local/agent_work", "", "Exécuter en tant que service Windows qui ouvre une session en tant que Service réseau (Windows uniquement)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService", "", "Exécuter en tant que service Windows qui ouvre une session en tant que compte de domaine (Windows uniquement)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "Exécuter en tant que service Windows qui ouvre une session en tant que compte de domaine (Windows uniquement) et ne démarre pas le service immédiatement", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --preventServiceStart --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword ", "", "Exécuter en tant qu’agent d’ouverture de session automatique (Windows uniquement)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "Exécuter en tant qu’agent d’ouverture de session automatique et ne pas redémarrer après la configuration (Windows uniquement)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword --noRestart", "", "L’agent du groupe de déploiement s’exécute en tant que service Windows qui ouvre une session en tant que système local (Windows uniquement)", ".\\config.cmd --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\"", "", "Agent de groupe de déploiement avec étiquettes", ".{0}config.{1} --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\" --acceptTeeEula" ], "CommandLineHelp_Env": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "Variables d’environnement :", "Tout argument de ligne de commande peut être spécifié en tant que variable d’environnement. Utiliser le format", "VSTS_AGENT_INPUT_. Par exemple : VSTS_AGENT_INPUT_PASSWORD" ], "CommandLineHelp_Remove": [ ".{0}config.{1} supprimer [options]", "", "{2}", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "Exemples de suppression sans assistance :", "", "VSTS", ".{0}configuration.{1} supprimer --unattended --auth pat --token myToken", "", "TFS local avec authentification intégrée (Windows uniquement)", ".{0}configuration.{1} supprimer --sans assistance --auth intégré", "", "TFS local avec authentification intégrée", ".{0}config.{1} remove --unattended --auth negotiate --username myDomain\\myUserName --password myPassword" ], "CommandNotAllowed": "##vso[{0}.{1}] n’est pas autorisé dans cette étape en raison de restrictions de stratégie. Référencez la documentation (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound": "Extension de commande introuvable pour ##vso[{0}.command]. Référencez la documentation (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound2": "##vso[{0}.{1}] n’est pas une commande reconnue pour {2} extension de commande. Veuillez référencer la documentation (http://go.microsoft.com/fwlink/?LinkId=817296).", "CommandNotSupported": "Les commandes{0} ne sont pas prises en charge pour {1} flux. Référencez la documentation (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandProcessFailed": "Impossible de traiter la commande «{0}» avec succès. Référencez la documentation (http://go.microsoft.com/fwlink/?LinkId=817296)", "ConnectingToServer": "Connexion au serveur...", "ConnectSectionHeader": "Connexion", "ConnectToServer": "Connexion au serveur.", "ContainerWindowsVersionRequirement": "La fonctionnalité de conteneur nécessite Windows Server 1803 ou version ultérieure. Veuillez consulter la documentation de référence (https://go.microsoft.com/fwlink/?linkid=875268)", "CopyFileComplete": "Artefacts publiés sur {0}", "CopyFileToDestination": "Copier le fichier « {0} » dans « {1} »", "CorruptedArtifactItemsList": "Les éléments suivants n’ont pas réussi la vérification d’intégrité :", "CouldNotRemoveService": "Impossible de supprimer le service « {0} »", "CreateUserWithSameUIDInsideContainer": "Essayez de créer un utilisateur avec l’UID « {0} » à l’intérieur du conteneur.", "CurrentUTC": "UTC actuel : {0}", "CustomLogDoesNotExist": "Le chemin d'accès du fichier journal n’est pas fourni ou le fichier n’existe pas : « {0} »", "CustomMarkDownSummaryDoesNotExist": "Le chemin du fichier récapitulatif Markdown n’est pas fourni ou le fichier n’existe pas : « {0} »", "DeleteGCTrackingFile": "Supprimer le fichier de suivi gc après la suppression de « {0} »", "DeleteUnusedBuildDir": "Supprimer les répertoires de build inutilisés", "DeleteUnusedReleaseDir": "Supprimer les répertoires de version inutilisés", "Deleting": "Suppression de {0}", "DeletingCredentials": "Suppression des informations d’identification", "DeletingSettings": "Suppression de .agent", "DeploymentGroupName": "Nom du groupe de déploiement", "DeploymentGroupNotFound": "Groupe de déploiement introuvable : « {0} »", "DeploymentGroupTags": "Liste d'étiquettes séparées par une virgule (exemple : web, db)", "DeploymentGroupTagsAddedMsg": "Balises ajoutées", "DeploymentMachineWithSameNameAlreadyExistInDeploymentGroup": "Le DeploymentGroup {0} contient déjà une machine nommée {1}.", "DeploymentPoolName": "Nom du pool de déploiement", "DeploymentPoolNotFound": "Pool de déploiement introuvable : « {0} »", "DeprecatedNode6": "Cette tâche utilise le gestionnaire d’exécution Node 6, qui sera supprimé le 31 mars 2022. Si vous êtes le développeur de la tâche, veuillez consulter les instructions de migration vers le gestionnaire Node 10 – https://aka.ms/migrateTaskNode10 (consultez cette page également si vous souhaitez désactiver les avertissements de dépréciation de Node 6). Si vous êtes l’utilisateur, n’hésitez pas à contacter les propriétaires de cette tâche pour poursuivre la migration.", "DeprecatedNodeRunner": "La version {1} ({2}@{1}) de la tâche « {0} » dépend d’une version de nœud ({3}) qui est en fin de vie. Contactez le propriétaire de l’extension pour obtenir une version actualisée de la tâche. Les chargés de maintenance des tâches doivent consulter les conseils de mise à niveau du nœud : https://aka.ms/node-runner-guidance", "DeprecatedRunner": "Le ’{0}’ de tâche dépend d’un exécuteur de tâches en fin de vie et sera supprimé à l’avenir. Les auteurs doivent consulter les instructions de mise à niveau du nœud : https://aka.ms/node-runner-guidance.", "DeprecationMessage": "La {0} de la version '{1}' de la tâche ({2}@{1}) est dépréciée.", "DeprecationMessageHelpUrl": "Pour plus d’informations sur cette tâche, consultez {0} .", "DeprecationMessageRemovalDate": "Cette tâche va être supprimée. À partir de {0}, il est possible qu’il ne soit plus disponible.", "DirectoryHierarchyUnauthorized": "L’autorisation de lire le contenu du répertoire est requise pour « {0} » et chaque répertoire dans la hiérarchie. {1}", "DirectoryIsEmptyForArtifact": "Le répertoire « {0} » est vide. Rien n'est ajouté à l'artefact de build « {1} ».", "DirectoryNotFound": "Répertoire introuvable : « {0} »", "DirExpireLimit": "Limite d’expiration du répertoire : {0} jours.", "DiscoverBuildDir": "Découvrez les répertoires de versions périmés qui n'ont pas été utilisés pendant plus de {0} jours.", "DiscoverReleaseDir": "Découvrez les répertoires de version périmés qui n'ont pas été utilisés pendant plus de {0} jours.", "DockerCommandFinalExitCode": "Code de sortie final pour {0}: {1}", "DownloadAgent": "Téléchargement de l’agent {0}", "DownloadArtifactFinished": "Fin du téléchargement de l'artefact.", "DownloadArtifacts": "Télécharger les artefacts", "DownloadArtifactsFailed": "Échec du téléchargement des artefacts : {0}", "DownloadArtifactTo": "Télécharger l'artefact sur : {0}", "DownloadArtifactWarning": "Utilisez la tâche Télécharger un artefact de build pour le téléchargement de l'artefact de type {0}. https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/download-build-artifacts?view=azure-devops", "DownloadingFromBuild": "Télécharger à partir de la build spécifiée : #{0}", "DownloadingJenkinsCommitsBetween": "Téléchargement des validations entre le travail {0} et {1}", "DownloadingJenkinsCommitsFailedWithException": "Échec du téléchargement des validations pour l’artefact Jenkins {0}. Exception : {1}", "DownloadingMultiplePipelineArtifacts": "Téléchargement de {0} artefacts de pipeline...", "DownloadingTask0": "Téléchargement de la tâche : {0} ({1})", "EnableServiceSidTypeUnrestricted": "activer SERVICE_SID_TYPE_UNRESTRICTED pour le service d’agent (O/N)", "EnsureJobFinished": "En attente de la fin de l’exécution du travail actuel.", "EnsureTasksExist": "Téléchargez toutes les tâches requises.", "EnterValidValueFor0": "Entrez une valeur valide pour {0}.", "EnvironmentName": "Nom de l'environnement", "EnvironmentNotFound": "Environnement introuvable : « {0} »", "EnvironmentVariableExceedsMaximumLength": "La variable d'environnement « {0} » dépasse la longueur maximale prise en charge. Longueur de la variable d'environnement : {1}, longueur maximale prise en charge : {2}", "EnvironmentVMResourceTags": "Liste d'étiquettes séparées par une virgule (exemple : web, db)", "ErrorDuringBuildGC": "Impossible de découvrir la mémoire à nettoyer d'après « {0} ». Réessayez une autre fois.", "ErrorDuringBuildGCDelete": "Impossible de finir l'opération GC basée sur « {0} ». Réessayez une autre fois.", "ErrorDuringReleaseGC": "Impossible de découvrir la mémoire à nettoyer d'après « {0} ». Réessayez une autre fois.", "ErrorDuringReleaseGCDelete": "Impossible de finir l'opération GC basée sur « {0} ». Réessayez une autre fois.", "ErrorOccurred": "Une erreur s'est produite : {0}", "ErrorOccurredWhilePublishingCCFiles": "Une erreur s’est produite lors de la publication des fichiers de couverture du code. Erreur : {0}", "EulasSectionHeader": "Contrats de licence utilisateur final", "EvaluateReleaseTrackingFile": "Évaluer le fichier de suivi ReleaseDirectory : {0}", "EvaluateTrackingFile": "Évaluer le fichier de suivi BuildDirectory : {0}", "Exiting": "Sortie...", "ExpectedMappingCloak": "Mappage attendu[{2}], masquage : « {0} ». Réel : « {1} »", "ExpectedMappingLocalPath": "Mappage attendu[{0}], chemin local : « {1} ». Réel : « {2} »", "ExpectedMappingRecursive": "Mappage attendu[{0}], récursif : « {1} ». Réel : « {2} »", "ExpectedMappingServerPath": "Mappage attendu[{0}], chemin du serveur : « {1} ». Réel : « {2} »", "Failed": "Échec : ", "FailedDeletingTempDirectory0Message1": "Échec de la suppression du répertoire temporaire « {0} ». {1}", "FailedTestsInResults": "Un ou plusieurs échecs de tests ont été détectés dans les fichiers de résultats. Vous pouvez consulter un récapitulatif détaillé de la publication des résultats des tests sous l'onglet Tests.", "FailedToAddTags": "Échec de l’application des balises à l’agent. Réessayez ou appuyez sur Ctrl-C pour quitter. Vous pouvez également accéder à la page web du groupe de déploiement pour ajouter des balises.", "FailedToConnect": "Échec de la connexion. Réessayez ou appuyez sur Ctrl-C pour quitter.", "FailedToDeleteTempScript": "Échec de la suppression du fichier de script inclus temporaire « {0} ». {1}", "FailedToFindDeploymentGroup": "Groupe de déploiement introuvable. Réessayez ou appuyez sur Ctrl-C pour quitter.", "FailedToFindEnvironment": "Échec de la localisation de l'environnement. Réessayez ou appuyez sur Ctrl+C pour quitter.", "FailedToFindPool": "Le nom du pool est introuvable. Réessayez ou appuyez sur Ctrl-C pour quitter.", "FailedToLockServiceDB": "Échec du verrouillage de la base de données de service en écriture", "FailedToOpenSCM": "Échec de l’ouverture du Gestionnaire de contrôle des services", "FailedToOpenSCManager": "Échec de l’ouverture du Gestionnaire de contrôle des services", "FailedToPublishTestResults": "Échec de la publication des résultats des tests : {0}", "FailedToReadFile": "Échec de la lecture de {0}. Erreur : {1}.", "FailedToReplaceAgent": "Échec du remplacement de l’agent. Réessayez ou appuyez sur Ctrl-C pour quitter.", "FailToRemoveGitConfig": "Impossible de supprimer « {0} » de la configuration git. Pour supprimer les informations d’identification, exécutez « git config --unset-all {0} » à partir de la racine du référentiel « {1} ».", "FailToReplaceTokenPlaceholderInGitConfig": "Impossible de remplacer l’espace réservé pour « {0} » dans le fichier de configuration git.", "FileAssociateProgress": "Nombre total de fichiers : {0} ---- Fichiers associés : {1} ({2} %)", "FileContainerUploadFailed": "Impossible de copier le fichier sur le serveur StatusCode={0}: {1}. Chemin du fichier source : {2}. Chemin du serveur cible : {3}.", "FileContainerUploadFailedBlob": "Impossible de charger le fichier dans l’objet blob. Chemin du fichier source : {0}. Chemin du serveur cible : {1}", "FileDoesNotExist": "Le fichier « {0} » n'existe pas ou n'est pas accessible.", "FileNotFound": "Fichier introuvable : '{0}'", "FilePathNotFound": "Impossible de trouver le chemin d’accès au fichier « {0} ».", "FileShareOperatingSystemNotSupported": "La publication d'artefacts d'un agent Linux ou macOS vers un partage de fichiers n'est pas prise en charge. Changez le type d'artefact en « Azure Pipelines » ou utilisez un agent Windows.", "FileUploadCancelled": "Le chargement du fichier a été annulé : « {0} ».", "FileUploadDetailTrace": "Trace de chargement détaillée du fichier dont le chargement a échoué : {0}", "FileUploadFailed": "Échec du chargement de « {0} » en raison de « {1} ».", "FileUploadFailedAfterRetry": "Échec du chargement du fichier même après une nouvelle tentative.", "FileUploadFailedRetryLater": "{0} fichiers n’ont pas pu être chargés. Réessayez de les charger au bout d’une minute.", "FileUploadFileOpenFailed": "Erreur de fichier « {0} » durant le chargement du fichier « {1} ».", "FileUploadFinish": "Le chargement du fichier : « {0} » a pris {1} millisecondes", "FileUploadProgress": "Fichier total : {0} ---- Fichier traité : {1} ({2} %)", "FileUploadProgressDetail": "Chargement de « {0} » ({1} %).", "FileUploadRetry": "Démarrez la nouvelle tentative de chargement des {0} fichiers ayant échoué.", "FileUploadRetryInSecond": "Réessayez le chargement du fichier après {0} secondes.", "FileUploadRetrySucceed": "Le chargement du fichier a réussi après une nouvelle tentative.", "FileUploadSucceed": "Fichier chargé.", "FinalizeJob": "Finaliser le travail", "FinishMaintenance": "Maintenance terminée : {0}", "FoundErrorInTrace": [ "{0} signalé dans les journaux de diagnostic. Pour plus d'informations, examinez les journaux.", " - {1}" ], "GCBuildDir": "Supprimez le répertoire de build orphelin et obsolète.", "GCBuildDirNotEnabled": "L'option de suppression de répertoire de build orphelin et obsolète n'est pas activée.", "GCDirIsEmpty": "Aucun répertoire de build ne doit faire l'objet d'une opération GC. '{0}' n'a aucun fichier de suivi.", "GCDirNotExist": "Aucun répertoire de build ne doit être GC. '{0}' n’existe pas.", "GCOldFormatTrackingFile": "Marquer le fichier de suivi '{0}' pour GC, car il n’a jamais été utilisé.", "GCReleaseDir": "Supprimez le répertoire de mise en production orphelin et obsolète.", "GCReleaseDirIsEmpty": "Aucun répertoire de mise en production ne doit faire l'objet d'une opération GC. '{0}' n'a aucun fichier de suivi.", "GCReleaseDirNotEnabled": "L'option de suppression de répertoire de mise en production orphelin et obsolète n'est pas activée.", "GCReleaseDirNotExist": "Aucun répertoire de mise en production ne doit faire l'objet d'une opération GC. '{0}' n'existe pas.", "GCUnusedTrackingFile": "Marquer le fichier de suivi '{0}' pour GC, car il n’a pas été utilisé depuis {1} jours.", "GenerateAndRunUpdateScript": "Générez et exécutez le script de mise à jour.", "GrantContainerUserSUDOPrivilege": "Accordez le privilège SUDO à l'utilisateur '{0}' et autorisez-le à exécuter n'importe quelle commande sans authentification.", "GrantingFilePermissions": "Octroi d’autorisations de fichier à '{0}'.", "GroupDoesNotExists": "Groupe {0} inexistant", "ImageVersionLog": "Version actuelle de l'image : '{0}'", "InitializeContainer": "Initialiser des conteneurs", "InitializeJob": "Initialiser le travail", "IntegrityCheckNotPassed": "Échec de la vérification de l’intégrité des objets d’artefacts", "IntegrityCheckPassed": "Vérification de l’intégrité des objets d’artefacts terminée", "InvalidAutoLogonCredential": "Informations d’identification Windows non valides entrées pour l’ouverture de session automatique. Vérifiez que les informations d’identification fournies sont valides et que vous disposez de droits d’ouverture de session interactifs sur l’ordinateur. Réessayez ou CTRL-C pour quitter", "InvalidCommandArg": "L’argument de commande '{0}' contient un ou plusieurs caractères non valides suivants : \", \\r, \\n", "InvalidCommandResult": "La commande n’a pas de valeur de résultat valide.", "InvalidCompletedDate": "La durée de chaque série de tests va être utilisée pour le calcul des durées, car la date de fin maximale {0} obtenue à partir du fichier de résultats des tests est postérieure à la date de début minimale {1}", "InvalidConfigFor0TerminatingUnattended": "Configuration non valide fournie pour {0}. Fin de la configuration sans assistance.", "InvalidDateFormat": "La durée de chaque série de tests va être utilisée pour le calcul des durées, car un format de date non valide a été obtenu à partir du fichier de résultats : {0} (Date de début : {1}, Date de fin : {2}).", "InvalidEndpointField": "Champ de point de terminaison non valide. Les valeurs valides sont url, dataParameter et authParameter", "InvalidEndpointId": "ID de point de terminaison non valide.", "InvalidEndpointUrl": "URL de point de terminaison non valide.", "InvalidFileFormat": "Format de fichier non valide.", "InvalidGroupName": "Nom de groupe non valide : {0}", "InvalidMember": "Un nouveau membre n’a pas pu être ajouté à un groupe local, car le membre a un type de compte incorrect. Si vous configurez un contrôleur de domaine, les comptes d’ordinateur intégrés ne peuvent pas être ajoutés aux groupes locaux. Vous devez utiliser un compte d’utilisateur de domaine à la place", "InvalidResultFiles": "Fichier de résultats non valide. Assurez-vous que le format de résultat du fichier '{0}' correspond au format '{1}' des résultats des tests.", "InvalidSIDForUser": "Identificateur de sécurité non valide pour l’utilisateur {0}\\{1} lors de la configuration/de l’annulation de la configuration de l’ouverture de session automatique. Pour plus d’informations, consultez les journaux.", "InvalidValueInXml": "Impossible de récupérer la valeur de '{0}' à partir du fichier récapitulatif '{1}'. Vérifiez que le fichier récapitulatif est bien formé et réessayez.", "InvalidWindowsCredential": "Informations d’identification Windows non valides entrées. Réessayez ou CTRL-C pour quitter", "JenkinsBuildDoesNotExistsForCommits": "Index de build introuvable pour les builds Jenkins {0} et {1}. Les index trouvés sont {2} et {3}. La build n’existe probablement pas", "JenkinsCommitsInvalidEndJobId": "EndJobId {0} associé à l’artefact Jenkins {1} n’est pas valide. Les validations ne seront pas téléchargées.", "JenkinsDownloadingChangeFromCurrentBuild": "EndJobId est introuvable. Récupération de l’ensemble de modifications de la build actuelle", "JenkinsNoCommitsToFetch": "Déploiement de la même build. Aucun élément à récupérer", "JenkinsRollbackDeployment": "Téléchargement des validations pour le déploiement de restauration entre le travail {0} vers {1}", "JobCompleted": "{0:u} : le travail {1} est terminé avec le résultat : {2}", "LaunchBrowser": "afin de lancer le navigateur pour le flux de code d'appareil AAD ? (O/N)", "ListenForJobs": "{0:u} : à l’écoute des travaux", "LocalClockSkewed": "L’horloge de l’ordinateur local n’est peut-être pas synchronisée avec l’heure du serveur de plus de cinq minutes. Veuillez synchroniser votre horloge avec votre domaine ou l’heure Internet et réessayer.", "LocalSystemAccountNotFound": "Compte système local introuvable", "LogOutputMessage": "L’agent a activé le chargement des journaux et l’enregistrement du journal dans un fichier. Une fois le travail terminé, vous pouvez récupérer les journaux de cette étape à {0} sur l’agent.", "Maintenance": "Maintenance", "MaxHierarchyLevelReached": "Le niveau de hiérarchie est supérieur à la limite prise en charge {0}, troncation de la hiérarchie inférieure.", "MaxSubResultLimitReached": "Le nombre de sous-résultats dans le cas de test '{0}' est supérieur à la limite prise en charge de {1}, ce qui tronque les autres.", "MemberDoesNotExists": "Le membre {0} n'existe pas", "MinimumNetFramework": ".NET Framework x64 4.5 ou version ultérieure est obligatoire.", "MinimumNetFramework46": ".NET Framework x64 4.6 ou version ultérieure est obligatoire.", "MinimumNetFrameworkTfvc": [ ".NET Framework x64 4.6 ou version ultérieure n’est pas installé.", "", ".NET Framework x64 4.6 ou ultérieur est nécessaire pour synchroniser les référentiels TFVC. La synchronisation des dépôts Git n’est pas requise." ], "MinRequiredDockerClientVersion": "La version minimale nécessaire du client d'API du moteur Docker est la version '{0}', votre version du client Docker ('{1}') correspond à la version '{2}'", "MinRequiredDockerServerVersion": "La version minimale nécessaire du serveur d'API du moteur Docker est la version '{0}', votre version du serveur Docker ('{1}') correspond à la version '{2}'", "MinRequiredGitLfsVersion": "La version minimale requise de Git-Ifs est '{0}', votre version Git-Ifs ('{1}') est '{2}'", "MinRequiredGitVersion": "La version minimale requise de Git est '{0}', votre version Git ('{1}') est '{2}'", "MinSecretsLengtLimitWarning": "La valeur de la longueur minimale des secrets est trop élevée. La valeur maximale est définie : {0}", "MissingAgent": "L’agent n’existe plus sur le serveur. Reconfigurez l’agent.", "MissingAttachmentFile": "Impossible de charger le fichier de pièce jointe de la tâche, l’emplacement du fichier joint n’est pas spécifié ou le fichier de pièce jointe n’existe pas sur le disque.", "MissingAttachmentName": "Impossible d’ajouter une pièce jointe de travail, le nom de pièce jointe n’est pas fourni.", "MissingAttachmentType": "Impossible d’ajouter une pièce jointe de travail, le type de pièce jointe n’est pas fourni.", "MissingConfig": "Impossible de se connecter au serveur, car des fichiers de configuration sont manquants. Suppression de l’agent du serveur ignorée.", "MissingEndpointField": "Le champ obligatoire 'field' est manquant dans la commande ##vso[task.setendpoint].", "MissingEndpointId": "Le champ obligatoire 'id' est manquant dans la commande ##vso[task.setendpoint].", "MissingEndpointKey": "Le champ obligatoire 'key' est manquant dans la commande ##vso[task.setendpoint].", "MissingNodePath": "Cette étape nécessite une version de nœud qui n’existe pas dans le système de fichiers de l’agent. Chemin d’accès : {0}", "MissingRepositoryAlias": "Impossible de mettre à jour le référentiel, car son alias n'est pas fourni.", "MissingRepositoryPath": "Impossible de mettre à jour le référentiel, le chemin du référentiel n'est pas fourni.", "MissingTaskVariableName": "Le champ obligatoire « variable » est manquant dans la commande ##vso[task.settaskvariable].", "MissingTimelineRecordId": "Impossible de mettre à jour l’enregistrement de chronologie, l’ID d’enregistrement de chronologie n’est pas fourni.", "MissingVariableName": "Le champ obligatoire « variable » est manquant dans la commande ##vso[task.setvariable].", "ModifyingCoberturaIndexFile": "Modification du fichier d’index Cobertura", "MultilineSecret": "Les secrets ne peuvent pas contenir plusieurs lignes", "N": "N", "NameRequiredForTimelineRecord": "Le nom est obligatoire pour ce nouvel enregistrement de chronologie.", "NeedAdminForAutologonCapability": "Des privilèges d’administrateur sont nécessaires pour configurer l’agent avec l’ouverture de session automatique.", "NeedAdminForAutologonRemoval": "Des privilèges d’administrateur sont nécessaires pour annuler la configuration d’un agent s’exécutant avec la fonctionnalité d’ouverture de session automatique.", "NeedAdminForConfigAgentWinService": "Des privilèges d’administrateur sont nécessaires pour configurer l’agent en tant que service Windows.", "NeedAdminForUnconfigWinServiceAgent": "Des privilèges d’administrateur sont nécessaires pour annuler la configuration de l’agent s’exécutant en tant que service Windows.", "NetworkServiceNotFound": "Compte de service réseau introuvable", "NoArtifactsFound": "Aucun artefact n’est disponible dans la version '{0}'.", "NoFolderToClean": "Le dossier de nettoyage spécifié est introuvable. Rien à nettoyer", "NoRestart": "Redémarrer la machine plus tard ? (O/N)", "NoRestartSuggestion": "L'ouverture de session automatique a été activée durant la configuration de l'agent. Il est recommandé de redémarrer la machine pour que les paramètres d'ouverture de session automatique soient pris en compte.", "NoResultFound": "Résultat introuvable pour la publication de '{0}'.", "OnPremIsNotSupported": "La tâche d'artefact de pipeline n'est pas prise en charge localement. Utilisez la tâche d'artefact de build à la place.", "OperatingSystemShutdown": "Le système d’exploitation est en cours d’arrêt pour l’ordinateur '{0}'", "OperationFailed": "Erreur : l’opération {0} a échoué avec le code de retour {1}", "OutputVariablePublishFailed": "Échec de la publication des variables de sortie.", "OverwriteAutoLogon": "Voulez-vous remplacer les paramètres d’ouverture de session automatique existants, car l’ouverture de session automatique est déjà activée pour l’utilisateur '{0}' ? (O/N)", "ParentProcessFinderError": "Une erreur s’est produite lors de la vérification de l’exécution de l’agent dans PowerShell Core.", "ParentTimelineNotCreated": "L’enregistrement de chronologie parent n’a pas été créé pour ce nouvel enregistrement de chronologie.", "Password": "mot de passe", "PathDoesNotExist": "Le chemin '{0}' n'existe pas.", "PersonalAccessToken": "jeton d'accès personnel", "PipelineDoesNotExist": "Le pipeline suivant n’existe pas : {0}. Vérifiez le nom du pipeline.", "PoolNotFound": "Pool d’agents introuvable : « {0} »", "PostJob": "Post-travail : {0}", "PowerOptionsConfigError": "Une erreur s’est produite lors de la configuration des options d’alimentation. Pour plus d’informations, veuillez consulter les journaux.", "PowerShellNotInstalledMinVersion0": "PowerShell n’est pas installé. Version minimale requise : {0}", "PreJob": "Pré-travail : {0}", "PrepareBuildDir": "Préparez le répertoire de build.", "PrepareReleasesDir": "Préparez le répertoire de version.", "PrepareTaskExecutionHandler": "Préparation du gestionnaire d’exécution de tâches.", "Prepending0WithDirectoryContaining1": "Préfixation de la variable d’environnement {0} avec le répertoire contenant « {1} ».", "PrerequisitesSectionHeader": "Prérequis", "PreventServiceStartDescription": "Empêcher le démarrage du service immédiatement après la fin de la configuration ? (O/N)", "ProcessCompletedWithCode0Errors1": "Le processus s’est terminé avec le code de sortie {0} et présentait {1} erreurs écrites dans le flux d’erreurs.", "ProcessCompletedWithExitCode0": "Tâche effectuée avec le code de sortie {0}.", "ProcessExitCode": "Code de sortie {0} retourné par le processus : nom de fichier « {1} », arguments « {2} ».", "ProcessHandlerInvalidScriptArgs": "Caractères détectés dans les arguments qui peuvent ne pas être exécutés correctement par le shell. Plus d'informations sont disponibles ici : https://aka.ms/ado/75787", "ProfileLoadFailure": "Impossible de charger le profil utilisateur pour l’utilisateur {0}\\{1} La configuration AutoLogon n’est pas possible.", "ProjectName": "Nom du projet", "Prompt0": "Entrez {0}", "Prompt0Default1": "Entrez {0} (appuyez sur Entrée pour {1})", "PSModulePathLocations": "La variable d’environnement PSModulePath contient des emplacements de module spécifiques à PowerShell Core. Veuillez noter que si vous comptez utiliser des tâches Windows PowerShell dans votre pipeline, vous risquez de rencontrer des erreurs. Pour résoudre ce problème, ne démarrez pas l’agent sous PowerShell Core (pwsh).", "PSScriptError": "Script PowerShell terminé avec {0} erreurs.", "PublishCodeCoverage": "Publier la couverture du code", "PublishedCodeCoverageArtifact": "« {0} » publié en tant qu’artefact « {1} »", "PublishingArtifactUsingRobocopy": "Chargement d'artefacts à l'aide de robocopy.", "PublishingCodeCoverage": "Publication des données de synthèse de couverture sur le serveur TFS.", "PublishingCodeCoverageFiles": "Publication des fichiers de couverture du code sur le serveur TFS.", "PublishingTestResults": "Publication des résultats de la série de tests « {0} ».", "PublishTestResults": "Publier les résultats des tests", "QueryingWorkspaceInfo": "Interrogation des informations de l’espace de travail.", "QueueConError": "{0:u} : erreur de connexion de l'agent : {1}. Nouvelle tentative jusqu'à la reconnexion.", "QueueConnected": "{0:u} : agent reconnecté.", "QuietCheckoutModeRequested": "Mode de basculement sur une branche silencieux : moins d'informations sont affichées sur la console.", "ReadingCodeCoverageSummary": "Lecture du résumé de couverture du code à partir de « {0} »", "ReadOnlyTaskVariable": "Le remplacement de la variable de tâche en lecture seule « {0} » n'est pas autorisé. Pour plus d'informations, consultez https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "ReadOnlyTaskVariableWarning": "Remplacement de la variable de tâche en lecture seule « {0} ». Ce comportement va être désactivé à l'avenir. Pour plus d'informations, consultez https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "ReadOnlyVariable": "Le remplacement de la variable en lecture seule « {0} » n'est pas autorisé. Pour plus d'informations, consultez https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "ReadOnlyVariableWarning": "Remplacement de la variable en lecture seule « {0} ». Ce comportement va être désactivé à l'avenir. Pour plus d'informations, consultez https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "RegisterAgentSectionHeader": "Inscrire l’agent", "ReleaseDirLastUseTime": "Dernière utilisation du répertoire de mise en production « {0} » : {1}", "RenameIndexFileCoberturaFailed": "Échec du changement de nom de « {0} » en « {1} » lors de la publication des fichiers de couverture du code pour « {2} ». Exception interne : « {3} »", "Replace": "Remplacer ? (O/N)", "RepositoryNotExist": "Impossible de mettre à jour le dépôt, car celui-ci n'existe pas.", "ResourceMonitorAgentEnvironmentResource": "Ressources d’environnement de l’agent – {0}, {1}, {2}", "ResourceMonitorCPUInfo": "Utilisation de l’UC : {0} %", "ResourceMonitorCPUInfoError": "Impossible d’obtenir les informations sur l’UC, exception : {0}", "ResourceMonitorDiskInfo": "Disque : {0} {1} Mo disponible(s) sur {2} Mo", "ResourceMonitorDiskInfoError": "Impossible d’obtenir les informations sur le disque, exception : {0}", "ResourceMonitorFreeDiskSpaceIsLowerThanThreshold": "L’espace disque disponible sur {0} est inférieur à {1} % ; espace actuellement utilisé : {2} %", "ResourceMonitorMemoryInfo": "Mémoire : {0} Mo utilisé(s) sur {1} Mo", "ResourceMonitorMemoryInfoError": "Impossible d’obtenir les informations sur la mémoire, exception : {0}", "ResourceMonitorMemorySpaceIsLowerThanThreshold": "La mémoire disponible est inférieure à {0} % ; mémoire actuellement utilisée : {1} %", "ResourceUtilizationDebugOutputIsDisabled": "La sortie d’utilisation des ressources pour les exécutions de débogage est désactivée, basculez la variable « AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT » sur « true » si vous voulez l’activer", "ResourceUtilizationWarningsIsDisabled": "Les avertissements d’utilisation des ressources sont désactivés, remplacez la variable « DISABLE_RESOURCE_UTILIZATION_WARNINGS » par « false » si vous souhaitez l’activer", "RestartIn15SecMessage": "Redémarrage de la machine dans 15 secondes...", "RestartMessage": "Redémarrez la machine pour lancer l’agent et pour que les paramètres d’ouverture de session automatique prennent effet.", "ReStreamLogsToFilesError": "Vous ne pouvez pas utiliser --disableloguploads et --reStreamLogsToFiles en même temps !", "RetryCountLimitExceeded": "Le nombre maximal autorisé de tentatives est {0} mais a obtenu {1}. Le nombre de tentatives sera réduit à {0}.", "RetryingReplaceAgent": "Nouvelle tentative de remplacement de l’agent (tentative {0} de {1}). Attendez {2} secondes avant la prochaine tentative...", "RMApiFailure": "Échec de l’API {0} avec le code d’erreur {1}", "RMArtifactContainerDetailsInvalidError": "L’artefact n’a pas de détails de conteneur valides : {0}", "RMArtifactContainerDetailsNotFoundError": "L’artefact ne contient pas les détails du conteneur : {0}", "RMArtifactDetailsIncomplete": "Impossible de trouver les informations requises pour télécharger l’artefact", "RMArtifactDirectoryNotFoundError": "Le répertoire d’artefact n’existe pas : {0}. Cela peut se produire si le mot de passe du compte {1} a été modifié récemment et n’est pas mis à jour pour l’agent. Si c’est le cas, veuillez envisager de reconfigurer l’agent.", "RMArtifactDownloadBegin": "Téléchargement de l’artefact lié {0} de type {1}...", "RMArtifactDownloadFinished": "Artefact {0} lié téléchargé", "RMArtifactDownloadRequestCreationFailed": "Échec de la création de la demande de téléchargement de l’artefact à partir de l’URL : {0}", "RMArtifactEmpty": "L’artefact ne contient aucun fichier à télécharger.", "RMArtifactMatchNotFound": "L’artefact de build « {0} » ne correspond à aucun modèle de nommage. Téléchargement ignoré", "RMArtifactNameDirectoryNotFound": "Le répertoire « {0} » n'existe pas. Retour au répertoire parent : {1}", "RMArtifactsDownloadFinished": "Téléchargement des artefacts terminé", "RMArtifactTypeFileShare": "Type d’artefact : partage de fichiers", "RMArtifactTypeNotSupported": "Release Management ne prend pas en charge le téléchargement du type d'artefact {0} dans la version actuelle", "RMArtifactTypeServerDrop": "Type d’artefact : ServerDrop", "RMArtifactVersionNotBelongToArtifactSource": "La version de l’artefact avec l’ID {0} n’appartient pas à la source d’artefact liée avec l’ID {1}.", "RMBuildNotFromLinkedDefinition": "La build {0} ne fait pas partie de la définition de build liée {1}.", "RMCachingAllItems": "Mise en cache de tous les éléments dans le conteneur de fichiers...", "RMCachingComplete": "Mise en cache terminée. ({0} ms)", "RMCachingContainerItems": "Mise en cache des éléments sous « {0} » dans le conteneur de fichiers...", "RMContainerItemNotSupported": "Le type d’élément de conteneur « {0} » n’est pas pris en charge.", "RMContainerItemPathDoesnotExist": "Le chemin d’accès de l’élément de conteneur de fichiers ne commence pas par {0} : {1}", "RMContainerItemRequestTimedOut": "La demande a expiré après {0} secondes; en veille pendant {1} secondes et nouvelle tentative en cours. Demande : {2} {3}", "RMCreatedArtifactsDirectory": "Répertoire d’artefacts créé : {0}", "RMCreatingArtifactsDirectory": "Création du répertoire d’artefacts : {0}", "RMCustomEndpointNotFound": "Impossible de trouver les informations requises dans le travail pour télécharger l’artefact personnalisé : {0}", "RMDownloadArtifactUnexpectedError": "Une erreur inattendue s’est produite lors du téléchargement des artefacts", "RMDownloadBufferSize": "Taille de la mémoire tampon de téléchargement : {0}", "RMDownloadComplete": "Téléchargement terminé.", "RMDownloadingArtifact": "Téléchargement de l'artefact", "RMDownloadingArtifactFromFileContainer": "Téléchargement de l’artefact à partir du conteneur de fichiers : {0} vers la cible : {1}", "RMDownloadingArtifactFromFileShare": "Téléchargement de l’artefact à partir du partage de fichiers : {0} vers la cible : {1}", "RMDownloadingArtifactUsingRobocopy": "Téléchargement de l’artefact à l’aide de robocopy.", "RMDownloadingCommits": "Téléchargement des validations", "RMDownloadingJenkinsArtifacts": "Téléchargement des artefacts à partir du serveur Jenkins", "RMDownloadProgress": "{0} fichier(s) placé(s) : {1} téléchargé(s), {2} vide(s)", "RMDownloadProgressDetails": "{0} Mo téléchargé à {1} Ko/s. Temps de téléchargement : {2}.", "RMDownloadStartDownloadOfFile": "Téléchargement du fichier {0}", "RMDownloadTaskCompletedStatus": "Aucune tâche de téléchargement n’a été effectuée en {0} minutes. État des tâches restantes :", "RMDownloadTaskStates": " {0} : \t{1} tâche(s).", "RMEnsureArtifactFolderExistsAndIsClean": "Vérification de l’existence et du nettoyage du dossier d’artefacts {0}.", "RMEnvironmentVariablesAvailable": "Les variables d’environnement disponibles sont ci-dessous. Notez que ces variables d’environnement peuvent être référencées dans la tâche (dans ReleaseDefinition) en remplaçant « _ » par « . » Par exemple, la variable d’environnement AGENT_NAME peut être référencée à l’aide d’Agent.Name dans ReleaseDefinition : {0}", "RMErrorDownloadingContainerItem": "Erreur lors du téléchargement de {0} : {1}", "RMErrorDuringArtifactDownload": "Une erreur s'est produite lors du téléchargement : {0}", "RMFailedCreatingArtifactDirectory": "Échec de la création du répertoire d’artefact de version « {0} ».", "RMFileShareArtifactErrorOnNonWindowsAgent": "Impossible de télécharger des artefacts à partir d’un partage de fichiers à l’aide d’un agent OSX ou Linux. Vous pouvez télécharger l’artefact à partir du serveur ou utiliser un agent Windows.", "RMGitEndpointNotFound": "Impossible de trouver les informations requises dans le travail pour télécharger l’artefact Git Team Foundation.", "RMGitHubEndpointNotFound": "Impossible de trouver les informations requises dans le travail pour télécharger l’artefact GitHub : {0}", "RMGotJenkinsArtifactDetails": "Détails de l’artefact Jenkins reçus", "RMJenkinsBuildId": "BuildId : {0}", "RMJenkinsEndpointNotFound": "Impossible de trouver les informations requises dans le travail pour télécharger l’artefact Jenkins : {0}", "RMJenkinsInvalidBuild": "La build Jenkins {0} n’est pas valide.", "RMJenkinsJobName": "Nom du travail : {0}", "RMJenkinsNoArtifactsFound": "Aucun artefact n’est disponible dans la build Jenkins {0}.", "RMLowAvailableDiskSpace": "Espace disque insuffisant sur le lecteur {0}. Moins de 100 Mo d'espace disponible.", "RMNoBuildArtifactsFound": "Aucun artefact n’est disponible dans la build {0}.", "RMParallelDownloadLimit": "Limite de téléchargements en parallèle : {0}", "RMPrepareToGetFromJenkinsServer": "Préparation de l’obtention des informations sur les artefacts à partir du serveur Jenkins", "RMPreparingToDownload": "Préparation du téléchargement de l’artefact : {0}", "RMPreparingToGetBuildArtifactList": "Préparation de la récupération de la liste des artefacts disponibles à partir de la build", "RMReAttemptingDownloadOfContainerItem": "Nouvelle tentative de téléchargement de {0}. Erreur : {1}", "RMReceivedGithubArtifactDetails": "Détails de l’artefact GitHub reçus", "RMReleaseNameRequired": "Le nom de version est obligatoire.", "RMRemainingDownloads": "{0} téléchargements restants.", "RMRetryingArtifactDownload": "Nouvelle tentative de téléchargement...", "RMRetryingCreatingArtifactsDirectory": "Échec de la création du répertoire d’artefact de version {0} avec une exception {1}. Nouvelle tentative de création du répertoire d’artefact de version.", "RMRobocopyBasedArtifactDownloadExitCode": "Code de sortie robocopy : {0}", "RMRobocopyBasedArtifactDownloadFailed": "Échec du téléchargement basé sur Robocopy avec le code de sortie : {0}", "RMStartArtifactsDownload": "Démarrage du téléchargement des artefacts...", "RMStreamTypeNotSupported": "Release Management ne prend pas en charge le téléchargement du type de flux {0} dans la version actuelle", "RMTfsVCEndpointNotFound": "Impossible de trouver les informations requises dans le travail pour télécharger l’artefact Team Foundation Version Control.", "RMUpdateReleaseName": "Mettez à jour le nom de mise en production.", "RMUpdateReleaseNameForRelease": "Mettez à jour le nom de mise en production en utilisant {0} pour la mise en production {1}.", "RMUpdateReleaseNameForReleaseComment": "Mise à jour du nom de version vers {0} à l'aide de la commande de journalisation des tâches", "RMUserChoseToSkipArtifactDownload": "Le téléchargement de l’artefact est ignoré en fonction du paramètre spécifié.", "RobocopyBasedPublishArtifactTaskExitCode": "Code de sortie robocopy : {0}", "RobocopyBasedPublishArtifactTaskFailed": "Échec de la publication basée sur robocopy. Code de sortie : {0}", "Rosetta2Warning": "L’émulation X64 est connue pour provoquer des blocages dans le processus de l’agent. Veuillez utiliser l’agent natif (ARM).", "RSAKeyFileNotFound": "Fichier de clé RSA {0} introuvable", "RunAgentAsServiceDescription": "exécuter l’agent en tant que service ? (O/N)", "RunAsAutoLogonDescription": "configurer l’ouverture de session automatique et exécuter l’agent au démarrage ? (O/N)", "RunIDNotValid": "L'ID d'exécution est non valide : {0}", "RunningJob": "{0:u} : travail en cours d’exécution : {1}", "SavedSettings": "{0:u} : paramètres enregistrés.", "ScanToolCapabilities": "Recherche des fonctionnalités de l’outil.", "ScreenSaverPoliciesInspection": "Vérification des stratégies susceptibles d’empêcher la désactivation de l'économiseur d'écran.", "ScreenSaverPolicyWarning": "La stratégie relative à l'écran de veille est définie sur la machine. Cela peut entraîner la réactivation de l'écran de veille. Un écran de veille actif peut impacter les opérations d'IU. Cela peut entraîner l'échec des tests d'IU automatisés, par exemple.", "SecretsAreNotAllowedInInjectedTaskInputs": "La tâche tente d’accéder aux entrées suivantes d’une tâche cible qui contient des secrets :\n{0}\nIl n’est pas autorisé de passer des entrées contenant des secrets aux tâches injectées par les éléments décoratifs.", "SelfManageGitCreds": "Vous êtes en mode d'autogestion des crédits git. Assurez-vous que la machine hôte de votre agent peut contourner tout défi d'authentification git.", "ServerTarpit": "Le travail est actuellement limité par le serveur. Vous pouvez rencontrer des retards dans la sortie de ligne de console, les rapports d’état des tâches et les chargements du journal des tâches.", "ServerTarpitUrl": "Lien vers la page d'utilisation des ressources (vue globale d'une heure) : {0}.", "ServerTarpitUrlScoped": "Lien vers la page d'utilisation des ressources (vue par pipeline d'une heure) : {0}.", "ServerUrl": "URL serveur", "ServiceAlreadyExists": "Le service existe déjà : {0}, il sera remplacé", "ServiceConfigured": "Le service {0} correctement configuré", "ServiceDelayedStartOptionSet": "Service {0} correctement configuré pour le démarrage automatique différé", "ServiceInstalled": "Le service {0} installé", "ServiceLockErrorRetry": "Le verrouillage de la base de données de service a échoué avec le code {0}. Nouvelle tentative après {1} quelques secondes...", "ServiceRecoveryOptionSet": "Le Service {0} a défini avec succès l'option de récupération", "ServiceSidTypeSet": "Le service {0} défini avec succès le type SID", "ServiceStartedSuccessfully": "Le service {0} a démarré avec succès", "SessionCreateFailed": "Échec de création de la session. {0}", "SessionExist": "Une session existe déjà pour cet agent.", "SessionExistStopRetry": "Arrêtez la nouvelle tentative sur SessionConflictException après avoir réessayé pendant {0} secondes.", "SetBuildVars": "Définissez les variables de build.", "SetEnvVar": "Définition de la variable d'environnement {0}", "SetVariableNotAllowed": "La définition de la variable « {0} » a été désactivée par la définition de tâche ou de build.", "ShallowCheckoutFail": "Échec de l’extraction git sur le référentiel superficiel. Il est possible que git fetch avec la profondeur « {0} » n'inclue pas la validation de l’extraction « {1} ». Consultez la documentation de référence (http://go.microsoft.com/fwlink/?LinkId=829603)", "ShallowLfsFetchFail": "Échec de git lfs fetch sur le dépôt superficiel. Il est possible que git fetch avec la profondeur « {0} » n'inclue pas la validation lfs fetch « {1} ». Consultez la documentation de référence (http://go.microsoft.com/fwlink/?LinkId=829603)", "ShutdownMessage": "Redémarrage de l’ordinateur afin de lancer l’agent en mode interactif.", "Skipping": "N’existe pas. En cours d’abandon ", "SkipTrackingFileWithoutRepoType": "Ignorez le fichier de suivi «{0}». Le type de référentiel n’a pas encore été mis à jour.", "SourceArtifactProviderNotFound": "Fournisseur source introuvable pour l’artefact de type {0}", "StartingArtifactDownload": "Démarrage du téléchargement {0}", "StartMaintenance": "Démarrer la maintenance : {0}", "StepCancelled": "L’opération va être annulée. Les étapes suivantes peuvent ne pas contenir les journaux attendus.", "StepFinishing": "Fin : {0}", "StepStarting": "Démarrage : {0}", "StepTimedOut": "La tâche a expiré.", "StopContainer": "Arrêter les conteneurs", "Success": "Opération réussie : ", "SupportedRepositoryEndpointNotFound": "Impossible de faire correspondre des points de terminaison de référentiel source à l’un des fournisseurs sources pris en charge.", "SupportedTaskHandlerNotFoundLinux": "Le système d'exploitation actuel ne peut pas exécuter cette tâche. Cela signifie généralement que la tâche a été écrite pour Windows uniquement. Par exemple, la tâche a été écrite pour Windows Desktop PowerShell.", "SupportedTaskHandlerNotFoundWindows": "Le gestionnaire d'exécution de tâches pris en charge est introuvable. La tâche n'effectue pas une implémentation compatible avec votre système d'exploitation actuel « {0} ». Pour plus d'informations, contactez l'auteur de la tâche.", "SvnBranchCheckedOut": "Extraction effectuée de la branche {0} pour le référentiel {1} à la révision {2}", "SvnEmptyServerPath": "Le chemin d’accès au serveur relatif vide est mappé à « {0} ».", "SvnFileAlreadyExists": "Le fichier {0} existe déjà", "SvnIncorrectRelativePath": "Chemin d'accès relatif incorrect '{0}' spécifié.", "SvnMappingDuplicateLocal": "Mappage dupliqué ignoré pour le chemin d’accès local={0}", "SvnMappingDuplicateServer": "Mappage dupliqué ignoré pour le chemin d’accès du serveur={0}", "SvnMappingIgnored": "L'ensemble du jeu de mappage est ignoré. On procède au mappage de la branche complète.", "SvnNotInstalled": "Utilitaire de ligne de commande svn installé introuvable", "SvnSyncingRepo": "Synchronisation du référentiel : {0} (Svn)", "TarExtraction": "Extraction de l’archive tar : {0}", "TarExtractionError": "Échec de l’extraction du d’archive tar {0} : {1}", "TarExtractionNotSupportedInWindows": "L’extraction par extraction d’extraction n’est pas prise en charge sur Windows", "TarSearchStart": "Démarrage de la recherche d’archives tar à extraire", "TarsFound": "Nous avons trouvé {0} archives tar à extraire", "TarsNotFound": "Aucune archive archivée n’a été trouvée pour extraire", "TaskDownloadFailed": "Échec du téléchargement de la tâche « {0} ». Erreur {1}", "TaskDownloadTimeout": "La tâche « {0} » n'a pas fini le téléchargement en {1} secondes.", "TaskSignatureVerificationFailed": "Échec de la vérification de la signature de la tâche.", "TaskSignatureVerificationSucceeeded": "Vérification réussie de la signature de la tâche.", "TeeEula": [ "La création de sources à partir d’un référentiel TFVC nécessite l’acceptation du Contrat de Licence Utilisateur Final Team Explorer Everywhere. Cette étape n’est pas nécessaire pour la création de sources à partir de référentiels Git.", "", "Vous trouverez une copie du contrat de licence Team Explorer Everywhere à l’adresse suivante :", " {0}" ], "Telemetry": "Télémétrie", "TelemetryCommandDataError": "Impossible d’analyser les données de télémétrie {0}. Erreur : {1}.", "TelemetryCommandFailed": "Échec de la publication des données de télémétrie. Erreur {0}", "TenantId": "ID de locataire", "TestAgentConnection": "Test de la connexion de l’agent.", "TestAttachmentNotExists": "La pièce jointe est ignorée, car elle n'est pas disponible sur le disque : {0}.", "TestResultsRemaining": "Résultats des tests restants : {0}. ID de série de tests : {1}.", "Tfs2015NotSupported": "Cet agent n’est pas pris en charge sur Windows par rapport à TFS 2015. L'agent TFS 2015 pour Windows peut être téléchargé à partir de la page d'administration des pools d'agents.", "TotalThrottlingDelay": "Le travail a connu {0} secondes de retard total dû à la limitation du serveur.", "TotalUploadFiles": "Chargement de {0} fichiers", "TypeRequiredForTimelineRecord": "Le type est obligatoire pour ce nouvel enregistrement de chronologie.", "UnableResolveArtifactType": "Impossible de déduire le type d’artefact à partir de l’emplacement de l’artefact : {0}.", "UnableToArchiveResults": "Impossible d'archiver les résultats des tests : {0}", "UnableToParseBuildTrackingConfig0": "Impossible d’analyser la configuration de suivi de build héritée. Un nouveau répertoire de build sera créé à la place. Le répertoire précédent peut rester dans un état non revendiqué. Contenu de la configuration héritée : {0}", "UnconfigAutologon": "Suppression des paramètres d’ouverture de session automatique", "UnconfigureOSXService": "Annuler la configuration du service en fonction de https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-osx", "UnconfigureServiceDService": "Annuler la configuration du service en fonction de https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-linux", "UnexpectedParallelCount": "Nombre parallèle '%s' non pris en charge. Entrez un nombre compris entre 1 et 128.", "UninstallingService": "Suppression du service", "UnknownCodeCoverageTool": "L’outil de couverture du code « {0} » n’est pas pris en charge.", "UnrecognizedCmdArgs": "Arguments d’entrée de ligne de commande non reconnus : « {0} ». Pour plus d’informations sur l’utilisation, consultez : .\\config.cmd --help ou ./config.sh --help", "UnregisteringAgent": "Suppression de l’agent du serveur", "UnsupportedGitLfsVersion": "Votre version actuelle de Git LFS est la version « {0} », et n'est pas prise en charge par l'agent. Effectuez une mise à niveau au moins vers la version « {1} ». Pour plus d'informations, consultez https://github.com/git-lfs/git-lfs/issues/3571.", "UnsupportedOsVersionByNet8": "La version du système d’exploitation sur laquelle cet agent s’exécute ({0}) n’est pas prise en charge lors d’une mise à jour à venir de l’agent pipelines. Pour connaître les versions de système d’exploitation prises en charge, voir https://aka.ms/azdo-pipeline-agent-net8.", "UpdateBuildNumber": "Mettre à jour le numéro de build", "UpdateBuildNumberForBuild": "Mettre à jour le numéro de build à {0} pour la build {1}", "UpdateInProgress": "Mise à jour de l’agent en cours, ne pas arrêter l’agent.", "UpgradeToLatestGit": "Pour bénéficier d’une meilleure expérience Git, mettez à niveau votre git vers au moins la version « {0}». Votre version actuelle de Git est « {1} ».", "UploadArtifact": "Charger l’artefact", "UploadArtifactCommandNotSupported": "Le chargement de l’artefact de serveur n’est pas prise en charge dans {0}.", "UploadArtifactFinished": "Fin du chargement de l'artefact de pipeline.", "UploadingPipelineArtifact": "Chargement de l'artefact de pipeline à partir de {0} pour la build n° {1}", "UploadToFileContainer": "Charger « {0} » dans le conteneur de fichiers : « {1} »", "UserName": "nom d'utilisateur", "UserNameLog": "Agent s'exécutant en tant que « {0} »", "UserShutdownAgent": "L’agent a reçu un signal d’arrêt. Cela peut se produire lorsque le service de l’agent est arrêté ou qu’un agent démarré manuellement est annulé.", "Variable0ContainsCyclicalReference": "Impossible de développer la variable « {0} ». Une référence cyclique a été détectée.", "Variable0ExceedsMaxDepth1": "Impossible de développer la variable « {0} ». La profondeur d’expansion maximale ({1}) a été dépassée.", "VMResourceWithSameNameAlreadyExistInEnvironment": "L'environnement ayant l'ID « {0} » contient déjà une ressource de machine virtuelle nommée « {1} ».", "VSTSHostNonZeroReturn": "LegacyVSTSPowerShellHost.exe s'est terminé avec un code de retour : {0}.", "WaitForServiceToStop": "Attente de l'arrêt du service...", "WindowsLogonAccountNameDescription": "Compte d’utilisateur à utiliser pour le service", "WindowsLogonPasswordDescription": "Mot de passe du compte {0}", "WorkFolderDescription": "dossier de travail", "WorkspaceMappingNotMatched": "Les mappages d'espace de travail ne correspondent pas pour l'espace de travail {0}", "Y": "Y", "ZipSlipFailure": "L'entrée se situe en dehors du répertoire cible : {0}" } ================================================ FILE: src/Misc/layoutbin/installdependencies.sh ================================================ #!/bin/bash user_id=`id -u` if [ $user_id -ne 0 ]; then echo "Need to run with sudo privilege" exit 1 fi # Determine OS type # Debian based OS (Debian, Ubuntu, Linux Mint) has /etc/debian_version # Fedora based OS (Fedora, Redhat, Centos, Oracle Linux 7) has /etc/redhat-release # SUSE based OS (OpenSUSE, SUSE Enterprise) has ID_LIKE=suse in /etc/os-release # Mariner based OS (CBL-Mariner) has /etc/mariner-release function print_repositories_and_deps_warning() { echo "Please make sure that required repositories are connected for relevant package installer." echo "For issues with dependencies installation (like 'dependency was not found in repository' or 'problem retrieving the repository index file') - you can reach out to distribution owner for futher support." } function print_errormessage() { echo "Can't install dotnet core dependencies." print_repositories_and_deps_warning echo "You can manually install all required dependencies based on following documentation" echo "https://docs.microsoft.com/dotnet/core/install/linux" } function print_rhel6message() { echo "We did our best effort to install dotnet core dependencies" echo "However, there are some dependencies which require manual installation" print_repositories_and_deps_warning echo "You can install all remaining required dependencies based on the following documentation" echo "https://github.com/dotnet/core/blob/main/Documentation/build-and-install-rhel6-prerequisites.md" } function print_rhel6errormessage() { echo "We couldn't install dotnet core dependencies" print_repositories_and_deps_warning echo "You can manually install all required dependencies based on following documentation" echo "https://docs.microsoft.com/dotnet/core/install/linux" echo "In addition, there are some dependencies which require manual installation. Please follow this documentation" echo "https://github.com/dotnet/core/blob/main/Documentation/build-and-install-rhel6-prerequisites.md" } function print_rhel6depricationmessage() { echo "Detected Operation System is not supported by .NET 6 which is required to run this software" echo "You can check supported OS on the following documentation: https://github.com/dotnet/core/blob/main/release-notes/6.0/supported-os.md" } if [ -e /etc/os-release ] then filepath='/etc/os-release' else filepath='/usr/lib/os-release' fi if [ -e $filepath ] then echo "--------OS Information--------" cat $filepath echo "------------------------------" if [ -e /etc/debian_version ] then echo "The current OS is Debian based" echo "--------Debian Version--------" cat /etc/debian_version echo "------------------------------" # prefer apt over apt-get command -v apt if [ $? -eq 0 ] then apt update && apt install -y libkrb5-3 zlib1g debsums && (apt install -y liblttng-ust1 || apt install -y liblttng-ust0) if [ $? -ne 0 ] then echo "'apt' failed with exit code '$?'" print_errormessage exit 1 fi # debian 10 uses libssl1.1 # debian 9 uses libssl1.0.2 # other debian linux use libssl1.0.0 if ! apt install -y libssl3 && ! apt install -y libssl1.1 && ! apt install -y libssl1.0.2 && ! apt install -y libssl1.0.0; then package=$(wget -qO- http://security.ubuntu.com/ubuntu/pool/main/o/openssl/ | grep -oP '(libssl1.1_1.1.1f.*?_amd64.deb)' | head -1) wget "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/${package}" && dpkg -i $package if [ $? -ne 0 ] then echo "'apt' failed with exit code '$?'" print_errormessage exit 1 fi fi # libicu versions: libicu76 -> libicu74 -> libicu70 -> libicu67 -> libicu66 -> libicu63 -> libicu60 -> libicu57 -> libicu55 -> libicu52 apt install -y libicu76 || apt install -y libicu74 || apt install -y libicu70 || apt install -y libicu67 || apt install -y libicu66 || apt install -y libicu63 || apt install -y libicu60 || apt install -y libicu57 || apt install -y libicu55 || apt install -y libicu52 if [ $? -ne 0 ] then echo "'apt' failed with exit code '$?'" print_errormessage exit 1 fi else command -v apt-get if [ $? -eq 0 ] then apt-get update && apt-get install -y libkrb5-3 zlib1g debsums && (apt-get install -y liblttng-ust1 || apt-get install -y liblttng-ust0) if [ $? -ne 0 ] then echo "'apt-get' failed with exit code '$?'" print_errormessage exit 1 fi # debian 10 uses libssl1.1 # debian 9 uses libssl1.0.2 # other debian linux use libssl1.0.0 if ! apt-get install -y libssl3 && ! apt-get install -y libssl1.1 && ! apt-get install -y libssl1.0.2 && ! apt-get install -y libssl1.0.0; then package=$(wget -qO- http://security.ubuntu.com/ubuntu/pool/main/o/openssl/ | grep -oP '(libssl1.1_1.1.1f.*?_amd64.deb)' | head -1) wget "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/${package}" && dpkg -i $package if [ $? -ne 0 ] then echo "'apt-get' failed with exit code '$?'" print_errormessage exit 1 fi fi # libicu versions: libicu76 -> libicu74 -> libicu70 -> libicu67 -> libicu66 -> libicu63 -> libicu60 -> libicu57 -> libicu55 -> libicu52 apt-get install -y libicu76 || apt-get install -y libicu74 || apt-get install -y libicu70 || apt-get install -y libicu67 || apt-get install -y libicu66 || apt-get install -y libicu63 || apt-get install -y libicu60 || apt-get install -y libicu57 || apt-get install -y libicu55 || apt-get install -y libicu52 if [ $? -ne 0 ] then echo "'apt-get' failed with exit code '$?'" print_errormessage exit 1 fi else echo "Can not find 'apt' or 'apt-get'" print_errormessage exit 1 fi fi elif [ -e /etc/alpine-release ] then echo "The current OS is Alpine based" echo "--------Alpine Version--------" cat /etc/alpine-release echo "------------------------------" command -v apk if [ $? -eq 0 ] then apk add icu-libs else echo "Can not find 'apk'" print_errormessage exit 1 fi elif [ -e /etc/redhat-release ] then echo "The current OS is Fedora based" echo "--------Redhat Version--------" cat /etc/redhat-release echo "------------------------------" # use dnf on fedora # use yum on centos and redhat if [ -e /etc/fedora-release ] then command -v dnf if [ $? -eq 0 ] then useCompatSsl=0 grep -i 'fedora release 28' /etc/fedora-release if [ $? -eq 0 ] then useCompatSsl=1 else grep -i 'fedora release 27' /etc/fedora-release if [ $? -eq 0 ] then useCompatSsl=1 else grep -i 'fedora release 26' /etc/fedora-release if [ $? -eq 0 ] then useCompatSsl=1 fi fi fi if [ $useCompatSsl -eq 1 ] then echo "Use compat-openssl10-devel instead of openssl-devel for Fedora 27/28 (dotnet core requires openssl 1.0.x)" dnf install -y compat-openssl10 if [ $? -ne 0 ] then echo "'dnf' failed with exit code '$?'" print_errormessage exit 1 fi else dnf install -y openssl-libs if [ $? -ne 0 ] then echo "'dnf' failed with exit code '$?'" print_errormessage exit 1 fi fi dnf install -y lttng-ust krb5-libs zlib libicu if [ $? -ne 0 ] then echo "'dnf' failed with exit code '$?'" print_errormessage exit 1 fi else echo "Can not find 'dnf'" print_errormessage exit 1 fi else command -v yum if [ $? -eq 0 ] then yum install -y openssl-libs krb5-libs zlib libicu if [ $? -ne 0 ] then echo "'yum' failed with exit code '$?'" print_errormessage exit 1 fi # install lttng-ust separately since it's not part of offical package repository, try installing from local package first, then add repo if it's missing if ! yum install -y lttng-ust then yum install -y wget ca-certificates && wget -P /etc/yum.repos.d/ https://packages.efficios.com/repo.files/EfficiOS-RHEL7-x86-64.repo && rpmkeys --import https://packages.efficios.com/rhel/repo.key && yum updateinfo -y && yum install -y lttng-ust fi if [ $? -ne 0 ] then echo "'lttng-ust' installation failed with exit code '$?'" print_errormessage exit 1 fi else echo "Can not find 'yum'" print_errormessage exit 1 fi fi else # we might on OpenSUSE, check is it sles even if it's suse OSTYPE=$(grep ^ID_LIKE $filepath | cut -f2 -d=) if ([[ -z $OSTYPE ]] || [[ $OSTYPE == *"suse"* ]]) then OSTYPE=$(grep ^ID $filepath | cut -f2 -d=) fi echo $OSTYPE # is_sles=1 if it is a SLES OS if ([[ -n $OSTYPE ]] && ([[ $OSTYPE == *"sles"* ]] || [[ $OSTYPE == *"sles_sap"* ]])) then is_sles=1 fi if ([[ -n $OSTYPE ]] && ([[ $OSTYPE == *"suse"* ]] || ([[ -n $is_sles ]] && [[ $is_sles == 1 ]]))) then echo "The current OS is SUSE based" command -v zypper if [ $? -eq 0 ] then if [[ -n $is_sles ]] then zypper -n install lttng-ust libopenssl1_1 krb5 zlib libicu else zypper -n install lttng-ust libopenssl1_0_0 krb5 zlib libicu fi if [ $? -ne 0 ] then echo "'zypper' failed with exit code '$?'" print_errormessage exit 1 fi else echo "Can not find 'zypper'" print_errormessage exit 1 fi elif [ -e /etc/mariner-release ] then echo "The current OS is Mariner based" echo "--------Mariner Version--------" cat /etc/mariner-release echo "------------------------------" command -v yum if [ $? -eq 0 ] then yum install -y icu if [ $? -ne 0 ] then echo "'yum' failed with exit code '$?'" print_errormessage exit 1 fi else echo "Can not find 'yum'" print_errormessage exit 1 fi elif [ -e /etc/azurelinux-release ] then echo "The current OS is Azure Linux based" echo "--------Azure Linux Version--------" cat /etc/azurelinux-release echo "------------------------------" command -v tdnf if [ $? -eq 0 ] then tdnf install -y icu if [ $? -ne 0 ] then echo "'tdnf' failed with exit code '$?'" print_errormessage exit 1 fi else echo "Can not find 'tdnf'" print_errormessage exit 1 fi else echo "Can't detect current OS type based on $filepath." print_errormessage exit 1 fi fi elif [ -e /etc/redhat-release ] # RHEL6 doesn't have an os-release file defined, read redhat-release instead # We no longer support RHEL6 then redhatRelease=$(', '|', '*', e '?'", "ArtifactNameRequired": "Il nome dell'artefatto è obbligatorio.", "ArtifactTypeRequired": "Il tipo di artefatto è obbligatorio.", "AssociateArtifact": "Associa artefatto", "AssociateArtifactCommandNotSupported": "L'associazione dell'artefatto del server non è supportata in {0}.", "AssociateArtifactWithBuild": "Artefatti associati {0} a build {1}", "AssociateFiles": "Associazione dei file", "AttachFileNotExist": "Impossibile allegare (tipo: nome{0} :{1}) file: {2}. Il file non esiste.", "AttachmentExceededMaximum": "L'allegato verrà ignorato perché supera la dimensione massima consentita di 75 MB: {0}", "AttemptRemoveCredFromConfig": "Tentativo non riuscito di utilizzare la riga di comando GIT per rimuovere \"{0}\" dalla configurazione GIT. Tentativo di modificare direttamente il file di configurazione GIT per rimuovere le credenziali.", "AuthenticationType": "tipo di autenticazione", "AutoLogonAccountGmsaHint": "Se si sta provando a usare un account GMSA, inserire un simbolo di dollaro ($) alla fine del nome dell'account)", "AutoLogonAccountNameDescription": "Account utente da usare per l'accesso automatico", "AutoLogonOverwriteDeniedError": "Non è possibile configurare l'accesso automatico perché è già configurato per un altro utente ({0}) nel computer. Usare '--overwriteautologon' per sovrascrivere.", "AutoLogonPolicies_LegalNotice": "Note legali", "AutoLogonPolicies_ShutdownReason": "Motivo dell'arresto", "AutoLogonPoliciesInspection": "È in corso la verifica della presenza di criteri che potrebbero impedire il corretto funzionamento dell'accesso automatico.", "AutoLogonPoliciesWarningsHeader": "I criteri seguenti possono influire sull'accesso automatico:", "BeginArtifactItemsIntegrityCheck": "Avvio del controllo di integrità degli artefatti", "BlobStoreDownloadWarning": "Download dell'artefatto da Blobstore non riuscito. Fallback a TFS. In questo modo si riducono le prestazioni di download. Verificare che l'accesso a {0} sia consentito dalle regole del firewall. Assicurarsi che il firewall dell'agente sia configurato correttamente: {1}", "BlobStoreUploadWarning": "Caricamento dell'artefatto in Blobstore non riuscito. Fallback a TFS. Questo fallback verrà rimosso in una versione futura. Verificare che l'accesso a {0} sia consentito dalle regole del firewall. Assicurarsi che il firewall dell'agente sia configurato correttamente: {1}", "BuildDirLastUseTIme": "L'ultima volta che è stata usata la directory di compilazione '{0}' è: {1}", "BuildIdIsNotAvailable": "Si sta provando a scaricare l'artefatto della pipeline nell'ambiente '{0}', ma l'ID compilazione non è presente. È possibile scaricare un artefatto della pipeline nell'ambiente '{1}' solo se l'artefatto è una compilazione.", "BuildIdIsNotValid": "L'ID compilazione non è valido: {0}", "BuildingFileTree": "Compilazione dell'albero dei file", "BuildLogsMessage": "L'agente ha disabilitato il caricamento dei log. Al termine del processo, è possibile recuperare i log di questo passaggio in {0} nell'agente.", "BuildNumberRequired": "Il numero di build è obbligatorio.", "BuildsDoesNotExist": "Non esiste attualmente alcuna compilazione nella definizione di pipeline fornita.", "BuildTagAddFailed": "Il tag di compilazione '{0}' non è stato aggiunto.", "BuildTagRequired": "Il tag di compilazione è obbligatorio.", "BuildTagsForBuild": "La compilazione '{0}' include ora i tag seguenti: {1}", "CannotChangeParentTimelineRecord": "Non è possibile modificare il record della sequenza temporale padre di un record della sequenza temporale esistente.", "CannotDownloadFromCurrentEnvironment": "Non è possibile scaricare un artefatto della pipeline dall'ambiente {0}.", "CannotFindHostName": "Non è possibile trovare alcun nome di organizzazione di VSTS dall'URL del server: '{0}'", "CanNotFindService": "Non è possibile trovare il servizio {0}", "CanNotGrantPermission": "Impossibile concedere l'autorizzazione LogonAsService all'utente {0}", "CanNotStartService": "Impossibile avviare il servizio. Per altri dettagli, vedere i log.", "CanNotStopService": "Non è possibile arrestare il servizio {0} in modo tempestivo.", "CannotUploadFile": "Non è possibile caricare il file perché il percorso del file non è specificato.", "CannotUploadFromCurrentEnvironment": "Non è possibile eseguire l'upload in un artefatto della pipeline dall'ambiente {0}.", "CannotUploadSummary": "Non è possibile caricare il file di riepilogo. Il percorso del file di riepilogo non è specificato.", "CheckoutTaskDisplayNameFormat": "Esegui checkout {0}@{1} in {2}", "CleaningDestinationFolder": "Pulizia della cartella di destinazione in corso: {0}", "ClientId": "ID client (app)", "ClientSecret": "Segreto client", "ClockSkewStopRetry": "Il nuovo tentativo di eccezione della richiesta di token OAuth è stato interrotto dopo {0} secondi.", "CodeCoverageDataIsNull": "Non sono stati trovati dati di copertura. Per altri dettagli, controllare gli errori o gli avvisi di compilazione.", "CodeCoveragePublishIsValidOnlyForBuild": "La pubblicazione code coverage funziona solo per 'build'.", "CollectionName": "Nome raccolta", "CommandDuplicateDetected": "Il comando {0} è già installato per l'area {1}", "CommandKeywordDetected": "'{0}' contiene la parola chiave del comando di registrazione '##vso', ma non è un comando valido. Vedere l'elenco dei comandi accettati: https://go.microsoft.com/fwlink/?LinkId=817296", "CommandLineHelp": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "Comandi:", " .{0}config.{1} Configura l'agente", " .{0}config.{1} rimuovere Annulla la configurazione dell'agente", " .{0}run.{1} Esegue l'agente in modo interattivo", " .{0}run.{1} --once Esegue l'agente accettando al massimo un processo prima dell'arresto", "", "Opzioni:", " --version Stampa la versione dell'agente", " --commit Stampa il commit dell'agente", " --help Stampa la Guida per ogni comando" ], "CommandLineHelp_Common": [ "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Opzioni comuni:", " --url URL del server. Ad esempio: https://myaccount.visualstudio.com o", " http://onprem:8080/tfs", " --auth Tipo di autenticazione. I valori validi sono:", " pat (personal access token, token di accesso personale)", " negoziare (Kerberos o NTLM)", " alt (autenticazione di base)", " integrata (credenziali predefinite di Windows)", " sp (entità servizio)", " --token Usato con --auth pat. Token di accesso personale.", " --userName Usato con --auth negotiate o --auth alt. Specificare l'utente Windows", " nome nel formato: dominio\\nomeutente o userName@domain.com", " --password Usato con --auth negotiate o --auth alt.", " --unattended Configurazione automatica. Non verrà visualizzata alcuna richiesta. Tutte le risposte devono", " essere fornito alla riga di comando.", " --version Stampa la versione dell'agente", " --commit Stampa il commit dell'agente", " --help Stampa la Guida" ], "CommandLineHelp_Configure": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", ".{0}config.{1} [options]", "", "Per l'annullamento della configurazione della Guida, vedere: .{0}config.{1} remove --help", "", "{2}", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Configura opzioni:", " --pool Nome del pool a cui aggiungere l'agente", " --agent Nome dell'agente", " --replace Sostituisci l'agente in un pool. Se un altro agente è in ascolto da tale", " nome, inizierà con errori e un conflitto.", " --work Directory di lavoro in cui sono archiviati i dati del processo. L'impostazione predefinita è _work in", " radice della directory dell'agente. La directory di lavoro è di proprietà di un determinato", " agente e non deve essere condivisa tra più agenti.", " --acceptTeeEula solo macOS e Linux. Accetta il contratto di licenza con l'utente finale di TEE.", " --gitUseSChannel solo Windows. Indica a GIT di usare l'archivio certificati nativo di Windows.", " --alwaysExtractTask Eseguire una decompressione per le attività di ciascun passaggio della pipeline.", " --disableLogUploads Non esegue lo streaming o invia l'output del log della console al server. È invece possibile recuperarli dal file system dell'agente host una volta completato il processo. NOTA: non può essere usato con --reStreamLogsToFiles. Verrà generato un errore.", " --reStreamLogsToFiles Trasmette o invia l'output del registro della console al server, nonché un file di log nel file system dell'host dell'agente. NOTA: non può essere usato con --disableLogUploads. Verrà generato un errore.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Opzioni di avvio (solo Windows):", " --runAsService Configura l'agente per l'esecuzione come servizio Windows. Richiede", " autorizzazione di amministratore.", " --preventServiceStart Configura il servizio di Windows in modo che non venga eseguito immediatamente dopo la configurazione.", " --runAsAutoLogon Configura l'accesso automatico ed esegui l'agente all'avvio. Richiede", " autorizzazione di amministratore.", " --windowsLogonAccount Usato con --runAsService o --runAsAutoLogon. Specificare l'utente Windows", " nome nel formato: dominio\\nomeutente o userName@domain.com", " --windowsLogonPassword Utilizzato con --runAsService o --runAsAutoLogon. Password di accesso a Windows.", " --overwriteAutoLogon Usato con --runAsAutoLogon. Sovrascrivi qualsiasi accesso automatico esistente in", " computer.", " --noRestart Usato con --runAsAutoLogon. Non riavviare dopo la configurazione", " completa.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Opzioni del gruppo di distribuzione:", " --deploymentGroup Configura l'agente come un agente del gruppo di distribuzione.", " --projectName Usato con --deploymentGroup. Nome del progetto team.", " --addDeploymentGroupTags Usato con --deploymentGroup. Specificare per aggiungere i tag del gruppo di distribuzione.", " --deploymentGroupName Usato con --deploymentGroup. Gruppo di distribuzione a cui aggiungere l'agente.", " --deploymentGroupTags Usato con --addDeploymentGroupTags. Elenco dei tag delimitati da virgole per", " l'agente del gruppo di distribuzione. Ad esempio \"web, db\".", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "Esempi di configurazione automatica:", "", "Autenticazione VSTS", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --acceptTeeEula", "", "TFS locale con autenticazione integrata (solo Windows)", ".\\config.cmd --unattended --url http://mylocaltfsserver:8080/tfs --auth integrated --pool default --agent myAgent", "", "TFS locale con autenticazione negoziata", ".{0}config.{1} --unattended --url http://mylocaltfsserver:8080/tfs --auth negotiate --userName myDomain\\myUserName --password myPassword --pool default --agent myAgent --acceptTeeEula", "", "Sostituisci l'agente esistente con lo stesso nome agente", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --replace --acceptTeeEula", "", "Specificare la directory di lavoro dell'agente (Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work D:\\agent_work", "", "Specificare la directory di lavoro dell'agente (macOS e Linux)", "./config.sh --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work usr/local/agent_work", "", "Esegui come servizio di Windows che accede come NetworkService (solo Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService", "", "Esegui come servizio di Windows che accede come account di dominio (solo Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "Esegui come servizio di Windows che accede come account di dominio (solo Windows) e non avvia immediatamente il servizio", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --preventServiceStart --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword ", "", "Esegui come agente di accesso automatico (solo Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "Esegui come agente di accesso automatico e non riavviare dopo la configurazione (solo Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword --noRestart", "", "Agente del gruppo di distribuzione eseguito come servizio di Windows che accede come sistema locale (solo Windows)", ".\\config.cmd --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\"", "", "Agente del gruppo di distribuzione con tag", ".{0}config.{1} --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\" --acceptTeeEula" ], "CommandLineHelp_Env": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "Variabili di ambiente:", "Qualsiasi argomento della riga di comando può essere specificato come variabile di ambiente. Usa il formato", "VSTS_AGENT_INPUT_. Ad esempio: VSTS_AGENT_INPUT_PASSWORD" ], "CommandLineHelp_Remove": [ ".{0}config.{1} rimuovi [options]", "", "{2}", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "Esempi di rimozione automatica:", "", "VSTS", ".{0}config.{1} remove --unattended --auth pat --token myToken", "", "TFS locale con autenticazione integrata (solo Windows)", ".{0}config.{1} remove --unattended --auth integrated", "", "TFS locale con autenticazione integrata", ".{0}config.{1} remove --unattended --auth negotiate --username myDomain\\myUserName --password myPassword" ], "CommandNotAllowed": "##vso[{0}.{1}] non è consentito in questo passaggio a causa di restrizioni dei criteri. Vedere la documentazione (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound": "Non è possibile trovare l'estensione del comando per ##vso[{0}.command]. Vedere la documentazione (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound2": "##vso[{0}.{1}] non è un comando riconosciuto per {2} l'estensione del comando. Vedere la documentazione (http://go.microsoft.com/fwlink/?LinkId=817296).", "CommandNotSupported": "{0} comandi non sono supportati per {1} flusso. Vedere la documentazione (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandProcessFailed": "Impossibile elaborare correttamente il comando '{0}'. Vedere la documentazione (http://go.microsoft.com/fwlink/?LinkId=817296)", "ConnectingToServer": "Connessione al server...", "ConnectSectionHeader": "Connetti", "ConnectToServer": "Connessione al server.", "ContainerWindowsVersionRequirement": "La funzionalità del contenitore richiede Windows Server 1803 o versione successiva. Vedere la documentazione (https://go.microsoft.com/fwlink/?linkid=875268)", "CopyFileComplete": "Gli artefatti sono stati pubblicati correttamente in {0}", "CopyFileToDestination": "Copia file '{0}' in '{1}'", "CorruptedArtifactItemsList": "Gli elementi seguenti non hanno superato il controllo di integrità:", "CouldNotRemoveService": "Non è stato possibile eliminare il server '{0}'.", "CreateUserWithSameUIDInsideContainer": "Provare a creare un utente con UID '{0}' all'interno del contenitore.", "CurrentUTC": "Ora UTC corrente: {0}", "CustomLogDoesNotExist": "Il percorso del file di log non è stato specificato o il file non esiste: '{0}'", "CustomMarkDownSummaryDoesNotExist": "Il percorso del file di riepilogo markdown non è stato specificato o il file non esiste: '{0}'", "DeleteGCTrackingFile": "Elimina file di rilevamento Garbage Collection dopo l'eliminazione '{0}'", "DeleteUnusedBuildDir": "Elimina directory di compilazione inutilizzate", "DeleteUnusedReleaseDir": "Elimina le directory di versione inutilizzate", "Deleting": "Eliminazione: {0}", "DeletingCredentials": "Rimozione delle credenziali", "DeletingSettings": "Rimozione .agent", "DeploymentGroupName": "Nome del gruppo di distribuzione", "DeploymentGroupNotFound": "Gruppo di distribuzione non trovato: '{0}'", "DeploymentGroupTags": "Elenco di tag delimitati da virgole (ad esempio web, db)", "DeploymentGroupTagsAddedMsg": "I tag sono stati aggiunti correttamente", "DeploymentMachineWithSameNameAlreadyExistInDeploymentGroup": "DeploymentGroup {0} contiene già un computer denominato {1}.", "DeploymentPoolName": "Nome del pool di distribuzione", "DeploymentPoolNotFound": "Il pool di distribuzione non è stato trovato: '{0}'", "DeprecatedNode6": "Questa attività usa il gestore di esecuzione Node 6, che verrà rimosso il 31 marzo 2022. È consigliabile agli sviluppatore dell'attività di prendere in considerazione le linee guida di migrazione per il gestore Node 10 - https://aka.ms/migrateTaskNode10 (controllare questa pagina anche se si vogliono disabilitare gli avvisi di deprecazione di Node 6). Gli utenti possono contattare i proprietari di questa attività per procedere con la migrazione.", "DeprecatedNodeRunner": "Versione '{0}' dell'attività '{1}' ({2}@{1}) dipende da una versione del nodo ({3}) che è la fine del ciclo di vita. Contattare il proprietario dell'estensione per ottenere una versione aggiornata dell'attività. I gestori attività devono rivedere le indicazioni per l'aggiornamento del nodo: https://aka.ms/node-runner-guidance", "DeprecatedRunner": "Il task '{0}' dipende da un uno strumento di esecuzione attività a fine vita che verrà rimosso in futuro. Gli autori dovrebbero rivedere le linee guida sugli aggiornamenti dei nodi: https://aka.ms/node-runner-guidance.", "DeprecationMessage": "La versione '{0}' dell'attività {1} ({2}@{1}) è deprecata.", "DeprecationMessageHelpUrl": "Vedere {0} per ulteriori informazioni su questa attività.", "DeprecationMessageRemovalDate": "Questa attività sarà rimossa. A partire da {0}, potrebbe non essere più disponibile.", "DirectoryHierarchyUnauthorized": "L'autorizzazione di lettura dei contenuti della directory è necessaria per '{0}' e ogni directory all'interno della gerarchia. {1}", "DirectoryIsEmptyForArtifact": "La directory '{0}' è vuota. Non verrà aggiunto alcun elemento all'artefatto della compilazione '{1}'.", "DirectoryNotFound": "Directory non trovata: '{0}'", "DirExpireLimit": "Limite di scadenza della directory: {0} giorni.", "DiscoverBuildDir": "Rileva le directory di compilazione non aggiornate che non sono state usate per più di {0} giorni.", "DiscoverReleaseDir": "Rileva le directory di versione non aggiornate che non sono state usate per più di {0} giorni.", "DockerCommandFinalExitCode": "Codice di uscita finale per {0}: {1}", "DownloadAgent": "Download dell'agente {0}", "DownloadArtifactFinished": "Il download dell'artefatto è stato completato.", "DownloadArtifacts": "Scarica artefatti", "DownloadArtifactsFailed": "Non è stato possibile completare il download degli artefatti:{0}", "DownloadArtifactTo": "Scarica l'artefatto in: {0}", "DownloadArtifactWarning": "Usare l'attività Scarica artefatto di compilazione per scaricare l'artefatto di tipo {{0}}. https://docs.microsoft.com/it-it/azure/devops/pipelines/tasks/utility/download-build-artifacts?view=azure-devops", "DownloadingFromBuild": "Esegui il download dalla compilazione specificata: n. {0}", "DownloadingJenkinsCommitsBetween": "Download dei commit tra il processo {0} e {1}", "DownloadingJenkinsCommitsFailedWithException": "Il download dei commit per l'artefatto Jenkins {0} non è stato completato. Eccezione: {1}", "DownloadingMultiplePipelineArtifacts": "Download degli artefatti della pipeline {0} in corso...", "DownloadingTask0": "Download dell'attività: {0} ({1})", "EnableServiceSidTypeUnrestricted": "abilita SERVICE_SID_TYPE_UNRESTRICTED per il servizio agente (S/N)", "EnsureJobFinished": "In attesa del completamento dell'esecuzione del processo corrente.", "EnsureTasksExist": "Eseguire il download di tutte le attività necessarie.", "EnterValidValueFor0": "Specificare un valore valido per {0}.", "EnvironmentName": "Nome ambiente", "EnvironmentNotFound": "Ambiente non trovato: '{0}'", "EnvironmentVariableExceedsMaximumLength": "La variabile di ambiente '{0}' supera la lunghezza massima supportata. Lunghezza della variabile di ambiente: {1} Lunghezza massima supportata: {2}", "EnvironmentVMResourceTags": "Elenco di tag delimitati da virgole (ad esempio web, db)", "ErrorDuringBuildGC": "Non è possibile individuare gli elementi da sottoporre a Garbage Collection sulla base di '{0}'. Provare la prossima volta.", "ErrorDuringBuildGCDelete": "Non è possibile completare la Garbage Collection sulla base di '{0}'. Provare la prossima volta.", "ErrorDuringReleaseGC": "Non è possibile individuare gli elementi da sottoporre a Garbage Collection sulla base di '{0}'. Provare la prossima volta.", "ErrorDuringReleaseGCDelete": "Non è possibile completare la Garbage Collection sulla base di '{0}'. Provare la prossima volta.", "ErrorOccurred": "Si è verificato un errore: {0}", "ErrorOccurredWhilePublishingCCFiles": "Si è verificato un errore durante la pubblicazione dei file code coverage. Errore: {0}", "EulasSectionHeader": "Contratto di licenza con l'utente finale", "EvaluateReleaseTrackingFile": "Valuta il file di verifica della directory di versione: {0}", "EvaluateTrackingFile": "Valutare file di verifica BuildDirectory: {0}", "Exiting": "Uscita in corso...", "ExpectedMappingCloak": "Mascheramento mapping[{0}] previsto: '{1}'. Effettivo: '{2}'", "ExpectedMappingLocalPath": "Percorso locale di mapping[{0}] previsto: '{1}'. Effettivo: '{2}'", "ExpectedMappingRecursive": "Previsto mapping[{0}] ricorsivo: '{1}'. Effettivo: '{2}'", "ExpectedMappingServerPath": "Percorso server di mapping[{2}] previsto: '{0}'. Effettivo: '{1}'", "Failed": "Operazione non completata: ", "FailedDeletingTempDirectory0Message1": "L'eliminazione della directory temporanea non è stata completata '{0}'. {1}", "FailedTestsInResults": "Sono stati rilevati uno o più errori di test nei file dei risultati. Il riepilogo dettagliato dei risultati del test pubblicati può essere visualizzato nella scheda Test.", "FailedToAddTags": "Non è stato possibile applicare i tag all'agente. Riprovare o premere CTRL+C per uscire. In alternativa, è possibile passare alla pagina Web del gruppo di distribuzione per aggiungere tag", "FailedToConnect": "Non è stato possibile connettersi. Riprovare o premere CTRL+C per uscire", "FailedToDeleteTempScript": "Non è stato possibile eliminare il file di script inline temporaneo '{0}'. {1}", "FailedToFindDeploymentGroup": "Il gruppo di distribuzione non è stato trovato. Riprovare o premere CTRL+C per uscire", "FailedToFindEnvironment": "Non è stato possibile trovare l'ambiente. Riprovare o premere CTRL+C per uscire", "FailedToFindPool": "Non è stato possibile trovare il nome del pool. Riprovare o premere CTRL+C per uscire", "FailedToLockServiceDB": "Non è stato possibile bloccare il database del servizio per la scrittura", "FailedToOpenSCM": "Non è stato possibile aprire Gestione controllo servizi", "FailedToOpenSCManager": "Non è stato possibile aprire Gestione controllo servizi", "FailedToPublishTestResults": "Non è stato possibile pubblicare i risultati del test: {0}", "FailedToReadFile": "Non è stato possibile leggere {0}. Errore: {1}.", "FailedToReplaceAgent": "Non è stato possibile sostituire l'agente. Riprovare o premere CTRL+C per uscire", "FailToRemoveGitConfig": "Non è possibile rimuovere \"{0}\" dalla configurazione GIT. Per rimuovere le credenziali, eseguire \"git config --unset-all {0}\" dalla radice del repository \"{1}\".", "FailToReplaceTokenPlaceholderInGitConfig": "Non è possibile sostituire il segnaposto per \"{0}\" nel file di configurazione GIT.", "FileAssociateProgress": "File totali: {0} ---- file associati: {1} ({2}%)", "FileContainerUploadFailed": "Impossibile copiare il file nel server StatusCode={0}: {1}. Percorso file di origine: {2}. Percorso server di destinazione: {3}", "FileContainerUploadFailedBlob": "Non è possibile caricare il file nel BLOB. Percorso file di origine: {0}. Percorso server di destinazione: {1}", "FileDoesNotExist": "Il file '{0}' non esiste o non è accessibile.", "FileNotFound": "Impossibile trovare il file: \"{0}\"", "FilePathNotFound": "Non è possibile trovare il percorso del file per '{0}'.", "FileShareOperatingSystemNotSupported": "La pubblicazione di artefatti da un agente Linux o macOS in una condivisione file non è supportata. Modificare il tipo di artefatto in `Azure Pipelines` oppure usare un agente Windows.", "FileUploadCancelled": "Il caricamento del file è stato annullato durante il caricamento del file: '{0}'.", "FileUploadDetailTrace": "Traccia di caricamento dettagli per il file che non è stato caricato: {0}", "FileUploadFailed": "Non è stato possibile caricare '{0}' a causa di '{1}'.", "FileUploadFailedAfterRetry": "Il caricamento del file non è stato completato anche dopo un nuovo tentativo.", "FileUploadFailedRetryLater": "Non è stato possibile caricare {0} file, riprovare tra un minuto.", "FileUploadFileOpenFailed": "Errore del file '{0}' durante il caricamento del file '{1}'.", "FileUploadFinish": "File: '{0}' ha impiegato {1} millisecondi per completare il caricamento", "FileUploadProgress": "File totali: {0} ---- File elaborati: {1} ({2}%)", "FileUploadProgressDetail": "Caricamento di '{0}' ({1}%).", "FileUploadRetry": "Avviare nuovo tentativo di caricamento {0} file con errori.", "FileUploadRetryInSecond": "Ripetere il caricamento del file dopo {0} secondi.", "FileUploadRetrySucceed": "Il caricamento del file è stato completato dopo il nuovo tentativo.", "FileUploadSucceed": "Il caricamento del file è stato completato.", "FinalizeJob": "Finalizzare il processo", "FinishMaintenance": "Manutenzione completata: {0}", "FoundErrorInTrace": [ "{0}segnalato nei log di diagnostica. Per maggiori dettagli, esaminare il log.", " - {1}" ], "GCBuildDir": "Elimina la directory di compilazione orfana e non aggiornata.", "GCBuildDirNotEnabled": "L'opzione Elimina le directory di compilazioni orfane e non aggiornate non è abilitata.", "GCDirIsEmpty": "Non è necessario sottoporre a Garbage Collection alcuna directory di compilazione. Per '{0}' non esiste alcun file di verifica.", "GCDirNotExist": "Nessuna directory di compilazione deve essere GC. '{0}' non esiste.", "GCOldFormatTrackingFile": "Contrassegnare il file di rilevamento '{0}' per GC, perché non è mai stato usato.", "GCReleaseDir": "Elimina le directory di versione orfane e non aggiornate.", "GCReleaseDirIsEmpty": "Non è necessario sottoporre a Garbage Collection alcuna directory di versione. Per '{0}' non esiste alcun file di verifica.", "GCReleaseDirNotEnabled": "L'opzione Elimina le directory di versione orfane e non aggiornate non è abilitata.", "GCReleaseDirNotExist": "Non è necessario sottoporre a Garbage Collection alcuna directory di versione. '{0}' non esiste.", "GCUnusedTrackingFile": "Contrassegnare il file di rilevamento '{0}' per GC, perché non è stato usato per {1} giorni.", "GenerateAndRunUpdateScript": "Generare ed eseguire lo script di aggiornamento.", "GrantContainerUserSUDOPrivilege": "Concede all'utente il privilegio '{0}' e consente di eseguire qualsiasi comando senza autenticazione.", "GrantingFilePermissions": "Concessione delle autorizzazioni per il file a '{0}'.", "GroupDoesNotExists": "Gruppo: {0} non esiste", "ImageVersionLog": "Versione corrente dell'immagine: '{0}'", "InitializeContainer": "Inizializza i contenitori", "InitializeJob": "Inizializza il processo", "IntegrityCheckNotPassed": "Controllo di integrità degli artefatti non riuscito", "IntegrityCheckPassed": "Controllo di integrità degli artefatti completato", "InvalidAutoLogonCredential": "Credenziali di Windows non valide immesse per l'accesso automatico. Assicurarsi che le credenziali specificate siano valide e che dispongano dei diritti di accesso interattivo nel computer. Riprovare o premere CTRL+C per uscire", "InvalidCommandArg": "L'argomento del comando '{0}' contiene uno o più dei caratteri non validi seguenti: \", \\r, \\n", "InvalidCommandResult": "Il comando non ha un valore di risultato valido.", "InvalidCompletedDate": "Per il calcolo del tempo verrà usata la durata di ogni esecuzione dei test perché il valore della data di completamento massima {0} ottenuta dal file dei risultati del test è maggiore di quello della data di inizio minima {1}", "InvalidConfigFor0TerminatingUnattended": "Configurazione non valida specificata per {0}. Terminazione della configurazione automatica.", "InvalidDateFormat": "Per il calcolo del tempo verrà usata la durata di ogni esecuzione dei test perché il formato della data ottenuto da dal file di risultati: {0} (data di inizio: {1}, data di completamento: {2}", "InvalidEndpointField": "Campo dell'endpoint non valido. I valori validi sono url, dataParameter e authParameter", "InvalidEndpointId": "ID endpoint non valido.", "InvalidEndpointUrl": "URL dell'endpoint non valido.", "InvalidFileFormat": "Il formato di file non è valido.", "InvalidGroupName": "Nome gruppo non valido - {0}", "InvalidMember": "Non è stato possibile aggiungere un nuovo membro a un gruppo locale perché il tipo di account del membro è errato. Se si esegue la configurazione in un controller di dominio, non è possibile aggiungere account computer predefiniti ai gruppi locali. È invece necessario usare un account utente di dominio", "InvalidResultFiles": "File di risultati non valido. Verificare che il formato dei risultati del file '{0}' corrisponda al formato dei risultati del test '{1}'.", "InvalidSIDForUser": "Identificatore di sicurezza non valido per l'utente {0}\\{1} durante la configurazione/annullamento della configurazione dell'accesso automatico. Per altri dettagli, vedere i log.", "InvalidValueInXml": "Impossibile recuperare il valore per '{0}' dal file di riepilogo '{1}'. Verificare che il formato del file di riepilogo sia corretto e riprovare.", "InvalidWindowsCredential": "Le credenziali di Windows immesse non sono valide. Riprovare o premere CTRL+C per uscire", "JenkinsBuildDoesNotExistsForCommits": "Non è possibile trovare l'indice di compilazione per le compilazioni Jenkins {0} e {1}. Gli indici trovati sono {2} e {3}. Probabilmente la compilazione non esiste", "JenkinsCommitsInvalidEndJobId": "Il {0} EndJobId associato al {1} dell'artefatto jenkins non è valido. I commit non verranno scaricati.", "JenkinsDownloadingChangeFromCurrentBuild": "Non è possibile trovare endJobId. Verrà recuperato l'insieme di modifiche della compilazione corrente", "JenkinsNoCommitsToFetch": "Distribuzione della stessa compilazione. Nessun elemento da recuperare", "JenkinsRollbackDeployment": "Download dei commit per la distribuzione di rollback tra il processo {0} in {1}", "JobCompleted": "{0:u}: processo {1} completato con risultato: {2}", "LaunchBrowser": "per avviare il browser per Flusso di codice del dispositivo di AAD? (S/N)", "ListenForJobs": "{0:u}: ascolto dei processi", "LocalClockSkewed": "L'orologio del computer locale potrebbe non essere sincronizzato con l'ora del server di più di cinque minuti. Sincronizzare l'orologio con il dominio o l'ora Internet e riprovare.", "LocalSystemAccountNotFound": "Impossibile trovare l'account di sistema locale", "LogOutputMessage": "L'agente ha abilitato il caricamento dei log e il salvataggio del log nel file. Al termine del processo, è possibile recuperare i log di questo passaggio in {0} sull'agente.", "Maintenance": "Manutenzione", "MaxHierarchyLevelReached": "Il livello gerarchia è maggiore del limite supportato {0}. La gerarchia inferiore verrà troncata.", "MaxSubResultLimitReached": "Il numero di risultati secondari in test case '{0}' è superiore al limite supportato di {1}, troncando quelli rimanenti.", "MemberDoesNotExists": "Membro: {0} non esiste", "MinimumNetFramework": "È necessario .NET Framework x64 4.5 o versione successiva.", "MinimumNetFramework46": "È necessario .NET Framework x64 4.6 o versione successiva.", "MinimumNetFrameworkTfvc": [ ".NET Framework x64 4.6 o versione successiva non è installato.", "", "È necessario.NET Framework x64 4.6 o versione successiva per sincronizzare i repository del controllo della versione di Team Foundation. Non è necessario sincronizzare i repository GIT." ], "MinRequiredDockerClientVersion": "La versione minima richiesta del client dell'API del motore Docker è '{0}', mentre la versione corrente del client di Docker ('{1}') è '{2}'", "MinRequiredDockerServerVersion": "La versione minima richiesta del server dell'API del motore Docker è '{0}', mentre la versione corrente del server di Docker ('{1}') è '{2}'", "MinRequiredGitLfsVersion": "La versione minima richiesta di git-lfs è '{0}', la versione di git-lfs ('{1}') è '{2}'", "MinRequiredGitVersion": "La versione minima richiesta del GIT è '{0}', la versione git ('{1}') è '{2}'", "MinSecretsLengtLimitWarning": "Il valore della lunghezza minima dei segreti è troppo alto. Valore massimo impostato: {0}", "MissingAgent": "L'agente non esiste più nel server. Riconfigurare l'agente.", "MissingAttachmentFile": "Non è possibile caricare il file allegato dell'attività. Il percorso del file allegato non è specificato o il file allegato non esiste sul disco.", "MissingAttachmentName": "Non è possibile aggiungere l'allegato dell'attività. Il nome dell'allegato non è specificato.", "MissingAttachmentType": "Non è possibile aggiungere l'allegato dell'attività. Il tipo di allegato non è stato specificato.", "MissingConfig": "Impossibile connettersi al server. File di configurazione mancanti. La rimozione dell'agente dal server verrà ignorata.", "MissingEndpointField": "Nel comando ##vso[task.setendpoint] manca il campo obbligatorio 'field'.", "MissingEndpointId": "Nel comando ##vso[task.setendpoint] manca il campo obbligatorio 'id'.", "MissingEndpointKey": "Nel comando ##vso[task.setendpoint] manca il campo obbligatorio 'key'.", "MissingNodePath": "Questo passaggio richiede una versione del nodo che non esiste nel file system dell'agente. Percorso: {0}", "MissingRepositoryAlias": "Non è possibile aggiornare il repository. L'alias del repository non è specificato.", "MissingRepositoryPath": "Non è possibile aggiornare il repository. Il percorso del repository non è specificato.", "MissingTaskVariableName": "Nel comando ##vso[task.settaskvariable] manca il campo obbligatorio 'variable'.", "MissingTimelineRecordId": "Non è possibile aggiornare il record della sequenza temporale. L'ID del record della sequenza temporale non è stato specificato.", "MissingVariableName": "Nel comando ##vso[task.setvariable] manca il campo obbligatorio 'variable'.", "ModifyingCoberturaIndexFile": "Modifica del file di indice Cobertura", "MultilineSecret": "I segreti non possono contenere più righe", "N": "N", "NameRequiredForTimelineRecord": "Il nome è obbligatorio per questo nuovo record della sequenza temporale.", "NeedAdminForAutologonCapability": "Per configurare l'agente come servizio di Windows, sono necessari i privilegi di amministratore.", "NeedAdminForAutologonRemoval": "Per annullare la configurazione di un agente in esecuzione con la funzionalità di accesso automatico, sono necessari i privilegi di amministratore.", "NeedAdminForConfigAgentWinService": "Per configurare l'agente come servizio di Windows, sono necessari i privilegi di amministratore.", "NeedAdminForUnconfigWinServiceAgent": "Per annullare la configurazione dell'agente in esecuzione come servizio di Windows, sono necessari i privilegi di amministratore.", "NetworkServiceNotFound": "Impossibile trovare l'account del servizio di rete", "NoArtifactsFound": "Non sono disponibili artefatti nella versione '{0}'.", "NoFolderToClean": "La cartella di pulizia specificata non è stata trovata. Nulla da pulire", "NoRestart": "Riavviare il computer in un secondo momento? (S/N)", "NoRestartSuggestion": "Durante la configurazione dell'agente è stato abilitato l'accesso automatico. È consigliabile riavviare il computer per rendere effettive le impostazioni di accesso automatico.", "NoResultFound": "Non sono stati trovati risultati per pubblicare '{0}'.", "OnPremIsNotSupported": "L'attività dell'artefatto della pipeline non è supportato in locale. In alternativa, usare l'attività dell'artefatto della compilazione.", "OperatingSystemShutdown": "Arresto del sistema operativo in corso per il computer '{0}'", "OperationFailed": "Errore: operazione {0} non riuscita con codice restituito {1}", "OutputVariablePublishFailed": "Non è stato possibile pubblicare le variabili di output.", "OverwriteAutoLogon": "Sovrascrivere le impostazioni di accesso automatico esistenti perché l'accesso automatico è già abilitato per l'utente '{0}'? (S/N)", "ParentProcessFinderError": "Si è verificato un errore durante il controllo dell'esecuzione dell'agente in PowerShell Core.", "ParentTimelineNotCreated": "Il record della sequenza temporale padre non è stato creato per questo nuovo record della sequenza temporale.", "Password": "password", "PathDoesNotExist": "Il percorso non esiste: {0}", "PersonalAccessToken": "token di accesso personale", "PipelineDoesNotExist": "La pipeline seguente non esiste: {0}. Verificare il nome della pipeline.", "PoolNotFound": "Pool di agenti non trovato: '{0}'", "PostJob": "Post-processo: {0}", "PowerOptionsConfigError": "Errore durante la configurazione delle opzioni di risparmio energia. Per altri dettagli, vedere i log.", "PowerShellNotInstalledMinVersion0": "PowerShell non è installato. Versione minima richiesta: {0}", "PreJob": "Pre-processo: {0}", "PrepareBuildDir": "Prepara la directory di compilazione.", "PrepareReleasesDir": "Preparare la directory della versione.", "PrepareTaskExecutionHandler": "Preparazione del gestore di esecuzione dell'attività.", "Prepending0WithDirectoryContaining1": "Anteporre {0} alla variabile di ambiente con la directory contenente '{1}'.", "PrerequisitesSectionHeader": "Prerequisiti", "PreventServiceStartDescription": "se impedire l'avvio del servizio subito dopo il completamento della configurazione? (S/N)", "ProcessCompletedWithCode0Errors1": "Processo completato con codice di uscita {0} e {1} errori scritti nel flusso errore.", "ProcessCompletedWithExitCode0": "Processo completato con codice di uscita {0}.", "ProcessExitCode": "Codice di uscita {0} restituito dal processo: nome file '{1}', argomenti '{2}'.", "ProcessHandlerInvalidScriptArgs": "Sono stati rilevati caratteri negli argomenti che potrebbero non essere eseguiti correttamente dalla shell. Ulteriori informazioni sono disponibili qui: https://aka.ms/ado/75787", "ProfileLoadFailure": "Non è possibile caricare il profilo utente per l'utente {0}\\{1} la configurazione di accesso automatico non è consentita.", "ProjectName": "Nome progetto", "Prompt0": "Immettere {0}", "Prompt0Default1": "Immettere {0} (premere INVIO per {1})", "PSModulePathLocations": "La variabile di ambiente PSModulePath contiene percorsi di moduli specifici per PowerShell Core. Tenere presente che se si intende usare attività Windows PowerShell nella pipeline, potrebbero verificarsi errori. Per risolvere il problema, non avviare l'agente in PowerShell Core (pwsh).", "PSScriptError": "Script di PowerShell completato con {0} errori.", "PublishCodeCoverage": "Pubblica code coverage", "PublishedCodeCoverageArtifact": "'{0}' pubblicato come artefatto '{1}'", "PublishingArtifactUsingRobocopy": "Caricamento degli artefatti con robocopy.", "PublishingCodeCoverage": "Pubblicazione dei dati di riepilogo della copertura nel server TFS.", "PublishingCodeCoverageFiles": "Pubblicazione dei file code coverage nel server TFS.", "PublishingTestResults": "Pubblicazione dei risultati dei test per l'esecuzione dei test '{0}'", "PublishTestResults": "Pubblica risultati dei test", "QueryingWorkspaceInfo": "Esecuzione di query sulle informazioni dell'area di lavoro.", "QueueConError": "{0:u}: errore di connessione dell'agente: {1}. Verrà effettuato un nuovo tentativo fino alla riconnessione.", "QueueConnected": "{0:u}: l'agente è stato riconnesso.", "QuietCheckoutModeRequested": "Modalità checkout non interattiva: nella console verranno stampate meno informazioni.", "ReadingCodeCoverageSummary": "Lettura del riepilogo code coverage da '{0}'", "ReadOnlyTaskVariable": "La sovrascrittura della variabile di attività di sola lettura '{0}' non è consentita. Per dettagli, vedere https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "ReadOnlyTaskVariableWarning": "La variabile di attività di sola lettura '{0}' verrà sovrascritta. Questo comportamento verrà disabilitato in futuro. Per dettagli, vedere https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "ReadOnlyVariable": "La sovrascrittura della variabile di sola lettura '{0}' non è consentita. Per dettagli, vedere https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "ReadOnlyVariableWarning": "La variabile di sola lettura '{0}' verrà sovrascritta. Questo comportamento verrà disabilitato in futuro. Per dettagli, vedere https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "RegisterAgentSectionHeader": "Registrare agente", "ReleaseDirLastUseTime": "Data dell'ultimo utilizzo della directory di versione '{0}': {1}", "RenameIndexFileCoberturaFailed": "La ridenominazione di '{0}' in '{1}' non è riuscita durante la pubblicazione dei file di code coverage per '{2}'. Eccezione interna: '{3}'", "Replace": "sostituire? (S/N)", "RepositoryNotExist": "Non è possibile aggiornare il repository. Il repository non esiste.", "ResourceMonitorAgentEnvironmentResource": "Risorse ambiente agente: {0}, {1}, {2}", "ResourceMonitorCPUInfo": "CPU: utilizzo - {0}%", "ResourceMonitorCPUInfoError": "Non è possibile ottenere le informazioni sulla CPU. Eccezione: {0}", "ResourceMonitorDiskInfo": "Disco: {0} - {1} MB disponibili su {2} MB", "ResourceMonitorDiskInfoError": "Non è possibile ottenere le informazioni sul disco. Eccezione: {0}", "ResourceMonitorFreeDiskSpaceIsLowerThanThreshold": "Lo spazio su disco disponibile {0} è inferiore al {1}%; Attualmente in uso: {2}%", "ResourceMonitorMemoryInfo": "Memoria: {0} MB utilizzati su {1} MB", "ResourceMonitorMemoryInfoError": "Impossibile ottenere le informazioni sulla memoria. Eccezione: {0}", "ResourceMonitorMemorySpaceIsLowerThanThreshold": "La memoria disponibile è inferiore al {0}%; Attualmente in uso: {1}%", "ResourceUtilizationDebugOutputIsDisabled": "L'output di utilizzo delle risorse per le esecuzioni di debug è disabilitato, impostare la variabile \"AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT\" su \"true\" per abilitarla", "ResourceUtilizationWarningsIsDisabled": "Gli avvisi sull'utilizzo delle risorse sono disabilitati, impostare la variabile \"DISABLE_RESOURCE_UTILIZATION_WARNINGS\" su \"false\" per abilitarla", "RestartIn15SecMessage": "Riavvio del computer tra 15 secondi...", "RestartMessage": "Riavviare il computer per avviare l'agente e rendere effettive le impostazioni di accesso automatico.", "ReStreamLogsToFilesError": "Non è possibile usare --disableloguploads e --reStreamLogsToFiles contemporaneamente.", "RetryCountLimitExceeded": "Il numero massimo consentito di tentativi è {0}, ma è stato ottenuto {1}. Il numero di tentativi verrà ridotto a {0}.", "RetryingReplaceAgent": "Nuovo tentativo di sostituzione dell'agente (tentativo {0} di {1}). In attesa di {2} secondi prima del prossimo tentativo...", "RMApiFailure": "API {0} non riuscita con codice di errore {1}", "RMArtifactContainerDetailsInvalidError": "L'artefatto non contiene dettagli del contenitore valido: {0}", "RMArtifactContainerDetailsNotFoundError": "L'artefatto non contiene i dettagli del contenitore: {0}", "RMArtifactDetailsIncomplete": "Non è possibile trovare le informazioni necessarie per scaricare l'artefatto", "RMArtifactDirectoryNotFoundError": "La directory dell’artefatto non esiste: {0}. È possibile che la password dell'account {1} sia stata modificata di recente e non sia aggiornata per l'agente. In questo caso, provare a riconfigurare l'agente.", "RMArtifactDownloadBegin": "Download dell’artefatto collegato {0} di tipo {1}...", "RMArtifactDownloadFinished": "È stato scaricato il {0} di artefatti collegati", "RMArtifactDownloadRequestCreationFailed": "Non è stato possibile creare la richiesta di download dell'artefatto dall'URL: {0}", "RMArtifactEmpty": "L'artefatto non contiene file da scaricare.", "RMArtifactMatchNotFound": "L'artefatto della compilazione '{0}' non corrisponde ad alcun criterio di denominazione. Il download verrà ignorato", "RMArtifactNameDirectoryNotFound": "La directory '{0}' non esiste. Verrà eseguito il fallback alla directory padre: {1}", "RMArtifactsDownloadFinished": "Download artefatti completato", "RMArtifactTypeFileShare": "Tipo di elemento: FileShare", "RMArtifactTypeNotSupported": "Release Management non supporta il download del tipo di artefatto {0} nella versione corrente", "RMArtifactTypeServerDrop": "Tipo di elemento: ServerDrop", "RMArtifactVersionNotBelongToArtifactSource": "La versione dell'artefatto con ID {0} non appartiene all'origine artefatto collegata con ID {1}.", "RMBuildNotFromLinkedDefinition": "La compilazione {0} non appartiene alla definizione di compilazione collegata {1}", "RMCachingAllItems": "Memorizzazione nella cache di tutti gli elementi nel contenitore di file...", "RMCachingComplete": "Memorizzazione nella cache completata. ({0} ms)", "RMCachingContainerItems": "Memorizzazione nella cache degli elementi in '{0}' nel contenitore di file...", "RMContainerItemNotSupported": "Il tipo di elemento contenitore '{0}' non è supportato.", "RMContainerItemPathDoesnotExist": "Il percorso dell'elemento del contenitore di file non inizia con {0}: {1}", "RMContainerItemRequestTimedOut": "Timeout della richiesta dopo {0} secondi; sospensione per {1} secondi e nuovo tentativo. Richiesta: {2} {3}", "RMCreatedArtifactsDirectory": "Directory degli artefatti creati: {0}", "RMCreatingArtifactsDirectory": "Creazione della directory degli artefatti: {0}", "RMCustomEndpointNotFound": "Non è possibile trovare le informazioni necessarie nel processo per scaricare l'artefatto personalizzato: {0}", "RMDownloadArtifactUnexpectedError": "Si è verificato un errore imprevisto durante il download degli artefatti", "RMDownloadBufferSize": "Dimensioni del buffer di download: {0}", "RMDownloadComplete": "Download completato.", "RMDownloadingArtifact": "Download dell'artefatto", "RMDownloadingArtifactFromFileContainer": "Download dell'artefatto dal contenitore di file: {0} alla destinazione: {1}", "RMDownloadingArtifactFromFileShare": "Download dell'artefatto dalla condivisione file: {0} alla destinazione: {1}", "RMDownloadingArtifactUsingRobocopy": "Download dell'artefatto con robocopy.", "RMDownloadingCommits": "Download dei commit", "RMDownloadingJenkinsArtifacts": "Download degli artefatti dal server Jenkins", "RMDownloadProgress": "{0} file inseriti: {1} scaricati, {2} vuoti", "RMDownloadProgressDetails": "{0} MB scaricati a {1} KB/sec. Ora di download: {2}.", "RMDownloadStartDownloadOfFile": "Download del file {0}", "RMDownloadTaskCompletedStatus": "Non sono state completate attività di download in {0} minuti. Stati attività rimanenti:", "RMDownloadTaskStates": " {0}: \t{1} attività.", "RMEnsureArtifactFolderExistsAndIsClean": "Verificare che la cartella dell'artefatto {0} esista e sia pulita.", "RMEnvironmentVariablesAvailable": "Di seguito sono riportate le variabili di ambiente disponibili. Si noti che è possibile fare riferimento a queste variabili di ambiente nell'attività (in ReleaseDefinition) sostituendo \"_\" con \".\", ad esempio è possibile fare riferimento alla variabile di ambiente AGENT_NAME usando Agent.Name in ReleaseDefinition: {0}", "RMErrorDownloadingContainerItem": "Errore durante il download del {0}: {1}", "RMErrorDuringArtifactDownload": "Errore durante il download: {0}", "RMFailedCreatingArtifactDirectory": "Non è stato possibile creare la directory degli artefatti della versione '{0}'.", "RMFileShareArtifactErrorOnNonWindowsAgent": "Non è possibile scaricare gli artefatti da una condivisione file usando OSX o l'agente Linux. È possibile scaricare l'artefatto dal server o usare un agente Windows.", "RMGitEndpointNotFound": "Non è possibile trovare le informazioni necessarie nel processo per scaricare l'artefatto Git di Team Foundation.", "RMGitHubEndpointNotFound": "Non è possibile trovare le informazioni necessarie nel processo per scaricare l'artefatto GitHub: {0}", "RMGotJenkinsArtifactDetails": "Dettagli artefatto Jenkins ricevuti", "RMJenkinsBuildId": "BuildId: {0}", "RMJenkinsEndpointNotFound": "Non è possibile trovare le informazioni necessarie nel processo per scaricare l'artefatto Jenkins: {0}", "RMJenkinsInvalidBuild": "La compilazione {0} Jenkins non è valida.", "RMJenkinsJobName": "Nome processo: {0}", "RMJenkinsNoArtifactsFound": "Non sono disponibili artefatti nella build Jenkins {0}.", "RMLowAvailableDiskSpace": "Spazio su disco insufficiente nell'unità {0}. Sono disponibili meno di 100 MB.", "RMNoBuildArtifactsFound": "Non sono disponibili artefatti nella build {0}.", "RMParallelDownloadLimit": "Limite download parallelo: {0}", "RMPrepareToGetFromJenkinsServer": "Preparazione del recupero delle informazioni degli artefatti dal server Jenkins", "RMPreparingToDownload": "Preparazione del download dell'artefatto: {0}", "RMPreparingToGetBuildArtifactList": "Sono in corso le operazioni di preparazione per ottenere l'elenco degli artefatti disponibili dalla compilazione.", "RMReAttemptingDownloadOfContainerItem": "Nuovo tentativo di download di {0}. Errore: {1}", "RMReceivedGithubArtifactDetails": "Sono stati ricevuti i dettagli dell'artefatto GitHub", "RMReleaseNameRequired": "Il nome della versione è obbligatorio.", "RMRemainingDownloads": "{0} download rimanenti.", "RMRetryingArtifactDownload": "Nuovo tentativo di download...", "RMRetryingCreatingArtifactsDirectory": "Non è stato possibile creare la directory {0} della versione dell'artefatto, con un'eccezione {1}. Nuovo tentativo di creazione della directory della versione dell’artefatto.", "RMRobocopyBasedArtifactDownloadExitCode": "Codice di uscita di robocopy: {0}", "RMRobocopyBasedArtifactDownloadFailed": "Download basato su robocopy non riuscito con codice di uscita: {0}", "RMStartArtifactsDownload": "Avvio del download degli artefatti...", "RMStreamTypeNotSupported": "Release Management non supporta il download del tipo di flusso {0} nella versione corrente", "RMTfsVCEndpointNotFound": "Non è possibile trovare le informazioni necessarie nel processo per scaricare l'artefatto controllo della versione di Team Foundation.", "RMUpdateReleaseName": "Aggiorna il nome della versione.", "RMUpdateReleaseNameForRelease": "Aggiorna il nome della versione in {0} per la versione {1}.", "RMUpdateReleaseNameForReleaseComment": "Aggiornamento del nome della versione in {0} con il comando di registrazione attività", "RMUserChoseToSkipArtifactDownload": "Il download dell'artefatto verrà ignorato in base all'impostazione specificata.", "RobocopyBasedPublishArtifactTaskExitCode": "Codice di uscita di robocopy: {0}", "RobocopyBasedPublishArtifactTaskFailed": "Pubblicazione basata su robocopy non riuscita con codice di uscita: {0}", "Rosetta2Warning": "L'emulazione X64 è nota per causare blocchi nel processo dell'agente. Usare l'agente nativo (ARM).", "RSAKeyFileNotFound": "Il file di chiave {0} non è stato trovato", "RunAgentAsServiceDescription": "eseguire l'agente come servizio? (S/N)", "RunAsAutoLogonDescription": "configurare l'accesso automatico ed eseguire l'agente all'avvio? (S/N)", "RunIDNotValid": "L'ID esecuzione non è valido: {0}", "RunningJob": "{0:u}: Esecuzione del processo in corso: {1}", "SavedSettings": "{0:u}: impostazioni salvate.", "ScanToolCapabilities": "Analisi delle funzionalità degli strumenti.", "ScreenSaverPoliciesInspection": "È in corso la verifica della presenza di criteri che potrebbero impedire la disabilitazione dello screensaver.", "ScreenSaverPolicyWarning": "I criteri di screen saver sono definiti nel computer. È possibile che lo screen saver venga di nuovo abilitato. L'attivazione dello screen saver può influire sulle operazioni dell'interfaccia utente, ad esempio sulla riuscita dei test dell'interfaccia utente automatizzati.", "SecretsAreNotAllowedInInjectedTaskInputs": "L'attività sta tentando di accedere agli input seguenti che contengono segreti di un'attività di destinazione:\n{0}\nNon è consentito passare input contenenti segreti alle attività inserite dagli elementi Decorator.", "SelfManageGitCreds": "Si è in modalità di gestione automatica delle credenziali GIT. Assicurarsi che il computer host dell'agente possa ignorare qualsiasi richiesta di autenticazione GIT.", "ServerTarpit": "Il processo è attualmente limitato dal server. È possibile che si verifichino ritardi nell'output della riga della console, nella creazione di report sullo stato del processo e nei caricamenti del log attività.", "ServerTarpitUrl": "Collegamento alla pagina di utilizzo delle risorse (visualizzazione globale di 1 ora):{0}.", "ServerTarpitUrlScoped": "Collegamento alla pagina di utilizzo delle risorse (visualizzazione di 1 ora per pipeline): {0}.", "ServerUrl": "URL server", "ServiceAlreadyExists": "Il servizio esiste già: {0}, verrà sostituito", "ServiceConfigured": "Configurazione del servizio {0} completata", "ServiceDelayedStartOptionSet": "Il servizio {0} è stato impostato per l'avvio automatico ritardato", "ServiceInstalled": "Installazione del servizio {0} completata", "ServiceLockErrorRetry": "Blocco del database del servizio non riuscito con codice {0}. Nuovo tentativo tra {1} secondi...", "ServiceRecoveryOptionSet": "Il servizio {0} ha impostato correttamente l'opzione di ripristino", "ServiceSidTypeSet": "Il servizio {0} ha impostato correttamente il tipo di SID", "ServiceStartedSuccessfully": "Il servizio {0} è stato avviato.", "SessionCreateFailed": "Non è stato possibile creare la sessione. {0}", "SessionExist": "Esiste già una sessione per questo agente.", "SessionExistStopRetry": "Interrompere il nuovo tentativo in SessionConflictException dopo un nuovo tentativo per {0} secondi.", "SetBuildVars": "Consente di impostare le variabili di compilazione.", "SetEnvVar": "Impostazione della variabile di ambiente {0}", "SetVariableNotAllowed": "L'impostazione della variabile '{0}' è stata disabilitata dall'attività o dalla definizione di compilazione.", "ShallowCheckoutFail": "Il checkout git lfs fetch non è riuscito su un repository superficiale. Questo problema potrebbe essersi verificato perché git fetch con profondità '{0}' non include il commit di checkourt '{1}'. Vedere la documentazione (http://go.microsoft.com/fwlink/?LinkId=829603)", "ShallowLfsFetchFail": "Il comando git lfs fetch non è riuscito su un repository superficiale. Questo problema potrebbe essersi verificato perché git fetch con profondità '{0}' non include il commit di lfs fetch '{1}'. Vedere la documentazione (http://go.microsoft.com/fwlink/?LinkId=829603)", "ShutdownMessage": "Riavvio del computer per avviare l'agente in modalità interattiva.", "Skipping": "Non esiste. Saltare ", "SkipTrackingFileWithoutRepoType": "La verifica del file '{0}' verrà ignorata. Il tipo di repository non è stato ancora aggiornato.", "SourceArtifactProviderNotFound": "Non è possibile trovare il provider di origine per l'artefatto di tipo {0}", "StartingArtifactDownload": "Avvio del download {0}", "StartMaintenance": "Avvia manutenzione: {0}", "StepCancelled": "L'operazione verrà annullata. I passaggi successivi potrebbero non contenere i log previsti.", "StepFinishing": "Completamento: {0}", "StepStarting": "In fase di avvio: {0}", "StepTimedOut": "Timeout dell'attività.", "StopContainer": "Arresta contenitori", "Success": "Completata: ", "SupportedRepositoryEndpointNotFound": "Non è possibile trovare una corrispondenza tra gli endpoint del repository di origine e i provider di origine supportati.", "SupportedTaskHandlerNotFoundLinux": "Il sistema operativo corrente non è in grado di eseguire questa attività. Questo significa in genere che l'attività è stata scritta solo per Windows, ad esempio per PowerShell di Windows Desktop.", "SupportedTaskHandlerNotFoundWindows": "Non è stato trovato alcun gestore di esecuzione attività supportato. All'attività non è associata un'implementazione compatibile con il sistema operativo corrente '{0}'. Per altri dettagli, contattare l'autore dell'attività.", "SvnBranchCheckedOut": "Ramo estratto {0} per reposity {1} alla revisione {2}", "SvnEmptyServerPath": "Il percorso del server relativo vuoto è mappato a '{0}'.", "SvnFileAlreadyExists": "Il file {0} esiste già", "SvnIncorrectRelativePath": "Il percorso relativo specificato '{0}' non è corretto.", "SvnMappingDuplicateLocal": "Il mapping duplicato per il percorso locale={0}verrà ignorato", "SvnMappingDuplicateServer": "Il mapping duplicato per il percorso server={0} verrà ignorato", "SvnMappingIgnored": "L'intero set di mapping viene ignorato. Si procede con il mapping completo dei rami.", "SvnNotInstalled": "Impossibile trovare l'utilità della riga di comando svn installata", "SvnSyncingRepo": "Sincronizzazione del repository: {0} (Svn)", "TarExtraction": "Estrazione archivio TAR: {0}", "TarExtractionError": "Impossibile estrarre l'archivio tar {0}: {1}", "TarExtractionNotSupportedInWindows": "L'estrazione di tar non è supportata in Windows", "TarSearchStart": "Avvio della ricerca degli archivi TAR da estrarre", "TarsFound": "Sono stati trovati {0} archivi TAR da estrarre", "TarsNotFound": "Non sono stati trovati archivi tar da estrarre", "TaskDownloadFailed": "Non è stato possibile scaricare l'attività '{0}'. Errore: {1}", "TaskDownloadTimeout": "Il download dell'attività '{0}' non è stato completato entro {1} secondi.", "TaskSignatureVerificationFailed": "Verifica della firma dell'attività non riuscita.", "TaskSignatureVerificationSucceeeded": "Verifica della firma dell'attività completata.", "TeeEula": [ "La compilazione di origini da un repository TFVC richiede l'accettazione del Contratto di licenza con l'utente finale Team Explorer Everywhere. Questo passaggio non è necessario per la compilazione di origini da repository Git.", "", "Per una copia del contratto di licenza Team Explorer Everywhere, vedere:", " {0}" ], "Telemetry": "Telemetria", "TelemetryCommandDataError": "Impossibile analizzare i dati di telemetria {0}. Errore: {1}", "TelemetryCommandFailed": "Non è stato possibile pubblicare i dati di telemetria. Errore {0}", "TenantId": "ID tenant", "TestAgentConnection": "Test della connessione dell'agente.", "TestAttachmentNotExists": "L'allegato verrà ignorato perché non è disponibile sul disco: {0}", "TestResultsRemaining": "Risultati del test rimanenti: {0}. ID esecuzione dei test:{1}.", "Tfs2015NotSupported": "Questo agente non è supportato in Windows in TFS 2015. L'agente Windows di TFS 2015 può essere scaricato dalla pagina di amministrazione dei pool di agenti.", "TotalThrottlingDelay": "Il processo ha riscontrato un ritardo totale di {0} secondi causato dalla limitazione delle richieste del server.", "TotalUploadFiles": "Caricamento di file {0}", "TypeRequiredForTimelineRecord": "Il tipo è obbligatorio per questo nuovo record della sequenza temporale.", "UnableResolveArtifactType": "Non è possibile dedurre il tipo di artefatto dal percorso dell'artefatto: {0}.", "UnableToArchiveResults": "Non è possibile archiviare i risultati del test: {0}", "UnableToParseBuildTrackingConfig0": "Non è possibile analizzare la configurazione di rilevamento della compilazione legacy. Verrà invece creata una nuova directory di compilazione. La directory precedente potrebbe essere lasciata in uno stato non richiesto. Contenuto della configurazione legacy: {0}", "UnconfigAutologon": "Rimozione delle impostazioni di accesso automatico", "UnconfigureOSXService": "Annullare prima la configurazione del servizio in base a https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-osx", "UnconfigureServiceDService": "Annullare prima la configurazione del servizio in base a https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-linux", "UnexpectedParallelCount": "Conteggio parallelo '%s' non supportato. Immettere un numero compreso tra 1 e 128.", "UninstallingService": "Rimozione del servizio", "UnknownCodeCoverageTool": "Lo strumento di code coverage '{0}' non è supportato.", "UnrecognizedCmdArgs": "Argomenti di input della riga di comando non riconosciuti: '{0}'. Per informazioni sull'utilizzo, vedere. .\\config.cmd --help o ./config.sh --help", "UnregisteringAgent": "Rimozione dell'agente dal server", "UnsupportedGitLfsVersion": "La versione LFS corrente di GIT è '{0}', ma non è supportata dall'agente. Eseguire l'aggiornamento almeno alla versione '{1}'. Per maggiori dettagli, vedere https://github.com/git-lfs/git-lfs/issues/3571.", "UnsupportedOsVersionByNet8": "La versione del sistema operativo in cui è in esecuzione l'agente ({0}) non è supportata in un prossimo aggiornamento dell'agente Pipelines. Per le versioni del sistema operativo supportate, vedere https://aka.ms/azdo-pipeline-agent-net8.", "UpdateBuildNumber": "Aggiorna il numero di build", "UpdateBuildNumberForBuild": "Aggiornare il numero di build in {0} per la compilazione {1}", "UpdateInProgress": "Aggiornamento dell'agente in corso. Non arrestare l'agente.", "UpgradeToLatestGit": "Per ottenere un'esperienza Git migliore, aggiornare Git almeno alla versione '{0}'. La versione corrente di Git è '{1}'.", "UploadArtifact": "Carica artefatto", "UploadArtifactCommandNotSupported": "Il caricamento dell'artefatto del server non è supportata in {0}.", "UploadArtifactFinished": "Il caricamento dell'artefatto della pipeline è stato completato.", "UploadingPipelineArtifact": "Caricamento dell'artefatto della pipeline da {0}per la compilazione n.{1}.", "UploadToFileContainer": "Caricare '{0}' nel contenitore di file: '{1}'", "UserName": "Nome utente", "UserNameLog": "Agente in esecuzione come: '{0}'", "UserShutdownAgent": "L'agente ha ricevuto un segnale di arresto. Questo problema può verificarsi quando il servizio agente viene arrestato o un agente avviato manualmente viene annullato.", "Variable0ContainsCyclicalReference": "Impossibile espandere la variabile '{0}'. È stato rilevato un riferimento ciclico.", "Variable0ExceedsMaxDepth1": "Impossibile espandere la variabile '{0}'. È stata superata la profondità massima di espansione ({1}).", "VMResourceWithSameNameAlreadyExistInEnvironment": "L'ambiente con ID '{0}' contiene già una risorsa di macchina virtuale denominata '{1}'.", "VSTSHostNonZeroReturn": "LegacyVSTSPowerShellHost.exe completato con codice restituito: {0}.", "WaitForServiceToStop": "Attesa per l'interruzione del servizio", "WindowsLogonAccountNameDescription": "Account utente da usare per il servizio", "WindowsLogonPasswordDescription": "Password per l'account {0}", "WorkFolderDescription": "cartella di lavoro", "WorkspaceMappingNotMatched": "I mapping area di lavoro non sono abbinati per l'area di lavoro {0}", "Y": "S", "ZipSlipFailure": "Il valore immesso non è compreso nella directory di destinazione: {0}" } ================================================ FILE: src/Misc/layoutbin/ja-JP/strings.json ================================================ { "AcceptTeeEula": "(Y/N) Team Explorer Everywhere 使用許諾契約書に今すぐ同意しますか?", "AccessDenied": "アクセスが拒否されました", "AccessDeniedSettingDelayedStartOption": "サービス遅延自動開始オプションの設定中にアクセスが拒否されました。", "AccessDeniedSettingRecoveryOption": "サービス回復オプションの設定中にアクセスが拒否されました。", "AccessDeniedSettingSidType": "サービス SID の種類の設定中にアクセスが拒否されました。", "AddAgentFailed": "エージェントを追加できませんでした。 もう一度試すか、Ctrl キー + c で終了します", "AddBuildTag": "ビルド タスクの追加...", "AddDeploymentGroupTagsFlagDescription": "エージェントの配置グループ タグですか? (Y/N)", "AddEnvironmentVMResourceTags": "環境の仮想マシン リソース タグですか? (Y/N)", "AgentAddedSuccessfully": "ユーザーが正常に追加されました。", "AgentAlreadyInsideContainer": "エージェントが既にコンテナー内で実行されている場合、コンテナーの機能はサポートされません。ドキュメント (https://go.microsoft.com/fwlink/?linkid=875268) を参照してください", "AgentCdnAccessFailWarning": "操作が必要です: Azure Pipelines エージェントが新しい CDN URL に到達できません。パイプラインの失敗を防ぐため、今すぐ 'download.agent.dev.azure.com' を許可リストに追加してください。詳細情報: https://devblogs.microsoft.com/devops/cdn-domain-url-change-for-agents-in-pipelines/", "AgentDoesNotSupportContainerFeatureRhel6": "エージェントは、Red Hat Enterprise Linux 6 または CentOS 6 のコンテナー機能をサポートしていません。", "AgentDowngrade": "エージェントを下位バージョンにダウングレードします。これは通常、バグ修正のために現在発行されているエージェントのロールバックが原因です。この動作を無効にするには、エージェントを起動する前に環境変数 AZP_AGENT_DOWNGRADE_DISABLED=true を設定します。", "AgentExit": "エージェントは間もなく更新のために終了します。10 秒以内にオンラインに戻ります。", "AgentIsNotConfigured": "エージェントが構成されていません。", "AgentMachineNameLog": "エージェント マシン名: '{0}'", "AgentMachinePoolNameLabel": "エージェント プール", "AgentName": "エージェント名", "AgentNameLog": "エージェント名: `{0}`", "AgentOutOfMemoryFailure": "エージェント ワーカーがコード 137 で終了しました。これはメモリ不足を意味しています。エージェント (コンテナー) ホストに十分なメモリが構成されていることを確認します。", "AgentReplaced": "エージェントが正常に置き換えられました", "agentRootFolderCheckError": "エージェント ルート フォルダーのアクセス規則を確認できません。詳細については、ログを確認してください。", "agentRootFolderInsecure": "セキュリティ警告! グループ {0} は、エージェント フォルダーの書き込み/変更にアクセスできます。詳細については、ログを確認してください。", "AgentRunningBehindProxy": "エージェントはプロキシ サーバーの背後で実行されています: '{0}'", "AgentVersion": "現在のエージェントのバージョン: '{0}'", "AgentWithSameNameAlreadyExistInPool": "プール {0} には、{1} という名前のエージェントが既に含まれています。", "AllowContainerUserRunDocker": "ユーザー '{0}' が SUDO なしで Docker コマンドを実行することを許可します。", "AlreadyConfiguredError": "エージェントは既に構成されているため、構成できません。エージェントを再構成するには、最初に 'config.cmd remove' または './config.sh remove' を実行します。", "ApkAddShadowFailed": "ユーザー ID が 'adduser' コマンドの範囲外です。'shadow' パッケージがプレインストールされておらず、このパッケージのインストールに失敗したため、代替コマンド 'useradd' を使用できません。ネットワークの可用性を確認するか、'shadow' パッケージがプレインストールされている Docker イメージを使用します。", "ArgumentNeeded": "'{0}' を指定する必要があります。", "ArtifactCustomPropertiesNotJson": "成果物のカスタム プロパティが有効な JSON ではありません: '{0}'", "ArtifactCustomPropertyInvalid": "成果物のカスタム プロパティの前に 'user-' を付ける必要があります。無効なプロパティ: '{0}'", "ArtifactDownloadFailed": "{0} から成果物をダウンロードできませんでした。", "ArtifactLocationRequired": "成果物の場所が必要です。", "ArtifactNameIsNotValid": "成果物名が有効ではありません: {0}。'\\'、'/'、\"'、':'、'<'、'>'、'|'、'*'、'?' を含めることはできません", "ArtifactNameRequired": "成果物名は必須です。", "ArtifactTypeRequired": "連絡先の種類は必須です。", "AssociateArtifact": "成果物の関連付け", "AssociateArtifactCommandNotSupported": "サーバー成果物の関連付けは、{0} ではサポートされていません。", "AssociateArtifactWithBuild": "ビルド {1} に関連付けられた成果物 {0}", "AssociateFiles": "ファイルを関連付け中", "AttachFileNotExist": "(type:{0} name:{1}) ファイルを添付できません: {2}。ファイルが存在しません。", "AttachmentExceededMaximum": "添付ファイルが最大許容サイズ 75 MB を超えたため、添付をスキップしています: {0}", "AttemptRemoveCredFromConfig": "git コマンド ラインを使用して git 構成から \"{0}\" を削除しようとして失敗しました。資格情報を削除するために Git 構成ファイルを直接変更しようとしています。", "AuthenticationType": "認証の種類", "AutoLogonAccountGmsaHint": "gMSA アカウントを使用しようとしている場合は、アカウント名の末尾にドル記号 ($) を入力してください)", "AutoLogonAccountNameDescription": "自動ログオンに使用するユーザー アカウント", "AutoLogonOverwriteDeniedError": "自動ログオンは、コンピューター上の別のユーザー ({0}) に対して既に構成されているため、構成できません。上書きする場合は、'--overwriteautologon' を使用してください。", "AutoLogonPolicies_LegalNotice": "法的通知", "AutoLogonPolicies_ShutdownReason": "シャットダウンの理由", "AutoLogonPoliciesInspection": "自動ログオンが正しく動作しなくなる可能性のあるポリシーを確認しています。", "AutoLogonPoliciesWarningsHeader": "次のポリシーは自動ログオンに影響する可能性があります:", "BeginArtifactItemsIntegrityCheck": "成果物アイテムの整合性チェックを開始しています", "BlobStoreDownloadWarning": "BLOB ストアからの成果物のダウンロードに失敗しました。TFS にフォールバックします。このフォールバックは将来のリリースで削除されます。{0} へのアクセスがファイアウォール規則によって許可されていることを確認してください。エージェント ファイアウォールが正しく構成されていることを確認してください: {1}", "BlobStoreUploadWarning": "BLOB ストアへの成果物のアップロードに失敗しました。TFS にフォールバックします。このフォールバックは将来のリリースで削除されます。{0} へのアクセスがファイアウォール規則によって許可されていることを確認してください。エージェント ファイアウォールが正しく構成されていることを確認してください: {1}", "BuildDirLastUseTIme": "ビルド ディレクトリ '{0}' が最後に使用された時刻: {1}", "BuildIdIsNotAvailable": "'{0}' 環境でパイプライン成果物をダウンロードしようとしましたが、ビルド ID が存在しません。成果物がビルドの場合にのみ、'{1}' 環境でパイプライン成果物をダウンロードできます。", "BuildIdIsNotValid": "ビルド ID が無効です: {0}", "BuildingFileTree": "ファイル ツリーを構築しています", "BuildLogsMessage": "エージェントがログのアップロードを無効にしました。ジョブが完了したら、エージェントの {0} でこのステップのログを取得できます。", "BuildNumberRequired": "ビルド番号は必須です。", "BuildsDoesNotExist": "現在、指定されたパイプライン定義にビルドが存在しません。", "BuildTagAddFailed": "ビルド タグ '{0}' が正常に追加されませんでした。", "BuildTagRequired": "ビルド タグが必要です。", "BuildTagsForBuild": "ビルド '{0}' に次のタグが現在含まれています: {1}", "CannotChangeParentTimelineRecord": "既存のタイムライン レコードの親タイムライン レコードは変更できません。", "CannotDownloadFromCurrentEnvironment": "{0} 環境からパイプライン成果物をダウンロードできません。", "CannotFindHostName": "サーバー URL に VSTS 組織名が見つかりません: '{0}'", "CanNotFindService": "サービス {0}が見つかりません", "CanNotGrantPermission": "ユーザー {0} に LogonAsService アクセス許可を付与できません", "CanNotStartService": "サービスを開始できません。詳細については、ログを確認してください。", "CanNotStopService": "サービス {0} をタイムリーに停止できません。", "CannotUploadFile": "ファイルの場所が指定されていないため、ファイルをアップロードできません。", "CannotUploadFromCurrentEnvironment": "{0} 環境からパイプライン成果物にアップロードできません。", "CannotUploadSummary": "概要ファイルをアップロードできません。概要ファイルの場所が指定されていません。", "CheckoutTaskDisplayNameFormat": "{2} へのチェックアウト {0}@{1}", "CleaningDestinationFolder": "宛先フォルダー: {0} をクリーンアップしています", "ClientId": "Client(App) ID", "ClientSecret": "クライアント シークレット", "ClockSkewStopRetry": "{0} 秒後に OAuth トークン要求例外の再試行を停止しました。", "CodeCoverageDataIsNull": "カバレッジ データが見つかりません。詳細については、ビルド エラー/警告を確認してください。", "CodeCoveragePublishIsValidOnlyForBuild": "コード カバレッジの公開は 'build' でのみ機能します。", "CollectionName": "コレクション名", "CommandDuplicateDetected": "区分 {1} に対してコマンド {0} が既にインストールされています", "CommandKeywordDetected": "'{0}' にログ コマンド キーワード '##vso' が含まれていますが、これは有効なコマンドではありません。受け入れられるコマンドのリストを参照してください: https://go.microsoft.com/fwlink/?LinkId=817296", "CommandLineHelp": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "コマンド:", " .{0}config.{1} エージェントを構成します", " .{0}config.{1} remove エージェントの構成を解除します", " .{0}run.{1} エージェントを対話的に実行します", " .{0}run.{1} --once エージェントを実行し、シャットダウンする前に最大 1 つのジョブを受け入れます", "", "オプション:", " --version エージェントのバージョンを出力します", " --commit エージェントのコミットを出力します", " --help 各コマンドのヘルプを出力します" ], "CommandLineHelp_Common": [ "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "共通オプション:", " --url サーバーの URL です。例: https://myaccount.visualstudio.com または", " http://onprem:8080/tfs", " --auth 認証の種類です。有効な値:", " pat (個人用アクセス トークン)", " ネゴシエート (Kerberos または NTLM)", " alt (Basic 認証)", " 統合 (Windows の既定の資格情報)", "sp (サービス プリンシパル)", " --token --auth pat と共に使用します。個人用アクセス トークン。", " --userName --auth negotiate または --auth alt と共に使用されます。Windows ユーザーの指定", " 以下の形式で命名します: domain\\userName または userName@domain.com", " --password --auth negotiate または --auth alt と共に使用されます。", " --unattended 無人構成。確認メッセージは表示されません。すべての回答が必要です", " コマンド ラインに指定する必要があります。", " --version エージェントのバージョンを出力します", " --commit エージェントのコミットを出力します", " --help ヘルプを出力します" ], "CommandLineHelp_Configure": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", ".{0}config.{1} [オプション]", "", "構成解除のヘルプについては、.{0}config.{1} remove --help を参照してください", "", "{2}", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "オプションの構成:", " --pool 結合するエージェントのプール名", " --agent エージェント名", " --replace プール内のエージェントを置き換えます。別のエージェントがそのエージェントによってリッスンしている場合", " 名前を指定すると、競合が発生して失敗し始めます。", " --work ジョブ データが格納されている作業ディレクトリ。既定では、次のディレクトリの _work", " エージェント ディレクトリのルート。作業ディレクトリは、指定されたディレクトリが所有します", " エージェントを作成し、複数のエージェント間で共有することはできません。", " --acceptTeeEula macOS と Linux のみ。TEE エンド ユーザー使用許諾契約書に同意します。", " --gitUseSChannel Windows のみ。Windows のネイティブ証明書ストアを使用するように Git に指示します。", " --alwaysExtractTask パイプライン ステップごとにタスクの解凍を実行します。", " --disableLogUploads コンソール ログ出力をサーバーにストリーミングまたは送信しません。代わりに、ジョブの完了後にエージェント ホストのファイル システムから取得できます。注: --reStreamLogsToFiles と一緒に使用することはできません。エラーが発生します。", " --reStreamLogsToFiles コンソール ログ出力をサーバーおよびエージェント ホストのファイル システム上のログ ファイルにストリーミングまたは送信します。注: --disableLogUploads と一緒に使用することはできません。エラーが発生します。", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "スタートアップ オプション (Windows のみ):", " --runAsService Windows サービスとして実行するようにエージェントを構成します。必要", " 管理者のアクセス許可。", " --preventServiceStart 構成直後に実行されないように Windows サービスを構成します。", " --runAsAutoLogon 自動ログオンを構成し、起動時にエージェントを実行します。必要", " 管理者のアクセス許可。", " --windowsLogonAccount --runAsService または --runAsAutoLogon と共に使用されます。Windows ユーザーの指定", " 以下の形式で命名します: domain\\userName または userName@domain.com", " --windowsLogonPassword --runAsService または --runAsAutoLogon と共に使用します。Windows ログオン パスワード。", " --overwriteAutoLogon --runAsAutoLogon と共に使用します。既存の自動ログオンを上書きする", " マシン。", " --noRestart --runAsAutoLogon と共に使用されます。構成後に再起動しないでください", " 完了。", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "配置グループのオプション:", " --deploymentGroup エージェントを展開グループ エージェントとして構成します。", " --projectName --deploymentGroup と共に使用します。チーム プロジェクト名。", " --addDeploymentGroupTags --deploymentGroup と共に使用します。配置グループ タグを追加するように指定します。", " --deploymentGroupName --deploymentGroup と共に使用します。参加するエージェントの配置グループ。", " --deploymentGroupTags --addDeploymentGroupTags と共に使用されます。次のタグのコンマ区切りのリスト", " 配置グループ エージェント。例: \"web, db\"。", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "無人構成の例:", "", "VSTS 認証", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --acceptTeeEula", "", "統合認証を使用したオンプレミス TFS (Windows のみ)", ".\\config.cmd --unattended --url http://mylocaltfsserver:8080/tfs --auth integrated --pool default --agent myAgent", "", "ネゴシエート認証付きのオンプレミス TFS", ".{0}config.{1} --unattended --url http://mylocaltfsserver:8080/tfs --auth negotiate --userName myDomain\\myUserName --password myPassword --pool default --agent myAgent --acceptTeeEula", "", "既存のエージェントを同じエージェント名で置き換える", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --replace --acceptTeeEula", "", "エージェントの作業ディレクトリの指定 (Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work D:\\agent_work", "", "エージェントの作業ディレクトリ (macOS および Linux) を指定します", "./config.sh --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work usr/local/agent_work", "", "NetworkService としてログオンする Windows サービスとして実行する (Windows のみ)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService", "", "ドメイン アカウントとしてログオンする Windows サービスとして実行する (Windows のみ)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "ドメイン アカウント (Windows のみ) としてログオンし、サービスをすぐに開始しない Windows サービスとして実行する", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --preventServiceStart --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword ", "", "自動ログオン エージェントとして実行する (Windows のみ)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "自動ログオン エージェントとして実行し、構成後に再起動しないでください (Windows のみ)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword --noRestart", "", "配置グループ エージェントは、ローカル システムとしてログオンする Windows サービスとして実行されます (Windows のみ)", ".\\config.cmd --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\"", "", "タグ付きの配置グループ エージェント", ".{0}config.{1} --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\" --acceptTeeEula" ], "CommandLineHelp_Env": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "環境変数:", "任意のコマンド ライン引数を環境変数として指定できます。以下の形式を使用します", "VSTS_AGENT_INPUT_。例: VSTS_AGENT_INPUT_PASSWORD" ], "CommandLineHelp_Remove": [ ".{0}config.{1} [オプション]の削除", "", "{2}", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "無人削除の例:", "", "VSTS", ".{0}config.{1} remove --unattended --auth pat --token myToken", "", "統合認証を使用したオンプレミス TFS (Windows のみ)", ".{0}config.{1} remove --unattended --auth integrated", "", "統合認証を使用したオンプレミス TFS", ".{0}config.{1} remove --unattended --auth negotiate --username myDomain\\myUserName --password myPassword" ], "CommandNotAllowed": "##vso[{0}.{1}] は、ポリシーの制限により、この手順では許可されていません。ドキュメント (http://go.microsoft.com/fwlink/?LinkId=817296) を参照してください", "CommandNotFound": "##vso[{0}.command] のコマンド拡張機能が見つかりません。ドキュメント (http://go.microsoft.com/fwlink/?LinkId=817296) を参照してください", "CommandNotFound2": "##vso[{0}.{1}] は、{2} コマンド拡張機能で認識されるコマンドではありません。ドキュメント (http://go.microsoft.com/fwlink/?LinkId=817296) を参照してください。", "CommandNotSupported": "{0} コマンドは、{1} フローではサポートされていません。ドキュメント (http://go.microsoft.com/fwlink/?LinkId=817296) を参照してください", "CommandProcessFailed": "コマンド '{0}' を正常に処理できません。ドキュメントを (http://go.microsoft.com/fwlink/?LinkId=817296) を参照してください", "ConnectingToServer": "サーバーに接続しています...", "ConnectSectionHeader": "接続", "ConnectToServer": "サーバーに接続しています...", "ContainerWindowsVersionRequirement": "コンテナーの機能には、Windows Server 1803 以降が必要です。ドキュメント (https://go.microsoft.com/fwlink/?linkid=875268) を参照してください", "CopyFileComplete": "成果物が {0} に正常に公開されました", "CopyFileToDestination": "ファイル '{0}' を '{1}' にコピーします", "CorruptedArtifactItemsList": "次の項目は整合性チェックに合格しませんでした:", "CouldNotRemoveService": "サーバー '{0}' を削除できませんでした", "CreateUserWithSameUIDInsideContainer": "コンテナー内に UID '{0}' を持つユーザーを作成してみてください。", "CurrentUTC": "現在の UTC: {0}", "CustomLogDoesNotExist": "ログ ファイルのパスが指定されていないか、ファイルが存在しません: '{0}'", "CustomMarkDownSummaryDoesNotExist": "Markdown サマリー ファイルのパスが指定されていないか、ファイルが存在しません: '{0}'", "DeleteGCTrackingFile": "'{0}' の削除後に GC 追跡ファイルを削除する", "DeleteUnusedBuildDir": "未使用のビルド ディレクトリの削除", "DeleteUnusedReleaseDir": "未使用のリリース ディレクトリを削除", "Deleting": "削除中: {0}", "DeletingCredentials": ".credentials を削除しています", "DeletingSettings": ".agent を削除しています", "DeploymentGroupName": "配置グループ名", "DeploymentGroupNotFound": "配置グループが見つかりません: '{0}'", "DeploymentGroupTags": "タグのコンマ区切りリスト (例: web, db)", "DeploymentGroupTagsAddedMsg": "タグが正常に追加されました", "DeploymentMachineWithSameNameAlreadyExistInDeploymentGroup": "DeploymentGroup {0} には、{1} という名前のコンピューターが既に含まれています。", "DeploymentPoolName": "配置プール名", "DeploymentPoolNotFound": "配置プールが見つかりません: '{0}'", "DeprecatedNode6": "このタスクでは Node 6 実行ハンドラーが使用されています。これは 2022 年 3 月 31 日に削除されます。タスクの開発者である場合は、Node 10 ハンドラーへの移行ガイドラインを検討してください - https://aka.ms/migrateTaskNode10 (Node 6 の非推奨化に関する警告を無効にする場合は、このページも確認してください)。ユーザーの場合は、移行を続行するために、このタスクの所有者に連絡してください。", "DeprecatedNodeRunner": "タスク '{0}' のバージョン {1} ({2}@{1}) は、有効期間の終了となるノードのバージョン ({3}) に依存しています。タスクの更新されたバージョンについては、拡張機能の所有者にお問い合わせください。タスクの保守管理者は、Node のアップグレード ガイダンスを確認する必要があります: https://aka.ms/node-runner-guidance", "DeprecatedRunner": "タスク '{0}' は、有効期限が切れたタスク ランナーに依存しており、今後削除される予定です。作成者は Node のアップグレード ガイダンスを確認する必要があります: https://aka.ms/node-runner-guidance。", "DeprecationMessage": "タスク '{0}' バージョン {1} ({2}@{1}) は非推奨です。", "DeprecationMessageHelpUrl": "このタスクの詳細については、{0} を参照してください。", "DeprecationMessageRemovalDate": "このタスクは削除されます。{0} 以降、使用できなくなる可能性があります。", "DirectoryHierarchyUnauthorized": "'{0}' および階層上の各ディレクトリには、ディレクトリ コンテンツを読み取るためのアクセス許可が必要です。{1}", "DirectoryIsEmptyForArtifact": "ディレクトリ '{0}' が空です。ビルド成果物 '{1}' には何も追加されません。", "DirectoryNotFound": "ディレクトリが見つかりません: '{0}'", "DirExpireLimit": "ディレクトリの有効期限: {0}日。", "DiscoverBuildDir": "{0} 日以上使用されていない古いビルド ディレクトリを検出します。", "DiscoverReleaseDir": "{0} 日以上使用されていない古いリリース ディレクトリを検出します。", "DockerCommandFinalExitCode": "{0} の最終終了コード: {1}", "DownloadAgent": "{0} エージェントをダウンロードしています", "DownloadArtifactFinished": "成果物のダウンロードが完了しました。", "DownloadArtifacts": "成果物のダウンロード", "DownloadArtifactsFailed": "成果物のダウンロードに失敗しました: {0}", "DownloadArtifactTo": "成果物のダウンロード先: {0}", "DownloadArtifactWarning": "{0} 種類の成果物をダウンロードするには [ビルド成果物のダウンロード] タスクを使用してください。https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/download-build-artifacts?view=azure-devops", "DownloadingFromBuild": "指定したビルドからダウンロード: #{0}", "DownloadingJenkinsCommitsBetween": "ジョブ {0} から {1} へのコミットをダウンロードしています", "DownloadingJenkinsCommitsFailedWithException": "jenkins 成果物 {0} のコミットをダウンロードできませんでした。例外: {1}", "DownloadingMultiplePipelineArtifacts": "{0} パイプライン成果物をダウンロードしています...", "DownloadingTask0": "タスクのダウンロード: {0} ({1})", "EnableServiceSidTypeUnrestricted": "エージェント サービスの SERVICE_SID_TYPE_UNRESTRICTED を有効にしますか (Y/N)", "EnsureJobFinished": "現在のジョブの実行が完了するのを待機しています。", "EnsureTasksExist": "必要なすべてのタスクをダウンロードします。", "EnterValidValueFor0": "{0} に有効な値を入力してください。", "EnvironmentName": "環境名", "EnvironmentNotFound": "環境が見つかりません: '{0}'", "EnvironmentVariableExceedsMaximumLength": "環境変数 '{0}' がサポートされている最大長を超えています。環境変数の長さ: {1}、サポートされる最大長: {2}", "EnvironmentVMResourceTags": "タグのコンマ区切りリスト (例: web, db)", "ErrorDuringBuildGC": "'{0}' に基づいてガベージを検出できませんでした。次回お試しください。", "ErrorDuringBuildGCDelete": "'{0}' に基づいて GC を終了できませんでした。次回お試しください。", "ErrorDuringReleaseGC": "'{0}' に基づいてガベージを検出できませんでした。次回お試しください。", "ErrorDuringReleaseGCDelete": "'{0}' に基づいて GC を終了できませんでした。次回お試しください。", "ErrorOccurred": "エラーが発生しました: {0}", "ErrorOccurredWhilePublishingCCFiles": "コード カバレッジ ファイルの公開中にエラーが発生しました。エラー: {0}", "EulasSectionHeader": "エンドユーザー ライセンス契約", "EvaluateReleaseTrackingFile": "ReleaseDirectory 追跡ファイルの評価: {0}", "EvaluateTrackingFile": "BuildDirectory 追跡ファイルの評価: {0}", "Exiting": "終了しています...", "ExpectedMappingCloak": "予期されるマッピング[{0}] クローク: '{1}'。実際: '{2}'", "ExpectedMappingLocalPath": "予期されたマッピング[{0}] ローカル パス: '{1}'。実際: '{2}'", "ExpectedMappingRecursive": "予期されたマッピング[{0}] 再帰: '{1}'。実際: '{2}'", "ExpectedMappingServerPath": "予期されたマッピング[{0}] サーバー パス: '{1}'。実際: '{2}'", "Failed": "失敗しました: ", "FailedDeletingTempDirectory0Message1": "一時ディレクトリ '{0}' を削除できませんでした。 {1}", "FailedTestsInResults": "結果ファイルで 1 つ以上のテスト エラーが検出されました。公開されたテスト結果の詳細な概要は、[テスト] タブで確認できます。", "FailedToAddTags": "エージェントにタグを適用できませんでした。もう一度やり直すか、Ctrl + C で終了してください。または、配置グループの Web ページに移動してタグを追加することもできます", "FailedToConnect": "接続できませんでした。 もう一度試すか、Ctrl + c で終了してください", "FailedToDeleteTempScript": "一時インライン スクリプト ファイル '{0}' を削除できませんでした。 {1}", "FailedToFindDeploymentGroup": "配置グループが見つかりませんでした。もう一度試すか、Ctrl + C で終了してください", "FailedToFindEnvironment": "環境が見つかりませんでした。もう一度試すか、Ctrl + C キーで終了してください", "FailedToFindPool": "プール名が見つかりませんでした。もう一度試すか、Ctrl + c キーで終了してください", "FailedToLockServiceDB": "書き込み用のサービス データベースをロックできませんでした", "FailedToOpenSCM": "サービス コントロール マネージャーを開けませんでした", "FailedToOpenSCManager": "サービス コントロール マネージャーを開けませんでした", "FailedToPublishTestResults": "テスト結果を公開できませんでした: {0}", "FailedToReadFile": "{0} の読み取りに失敗しました。エラー: {1}。", "FailedToReplaceAgent": "エージェントを置き換えられませんでした。 もう一度試すか、Ctrl キー + c で終了します", "FailToRemoveGitConfig": "Git 構成から \"{0}\" を削除できません。資格情報を削除するには、リポジトリ ルート \"{1}\" から \"git config --unset-all{0}\" を実行します。", "FailToReplaceTokenPlaceholderInGitConfig": "Git 構成ファイル内の \"{0}\" のプレースホルダーを置き換えることができません。", "FileAssociateProgress": "ファイルの合計: {0} ---- 関連ファイル: {1} ({2}%)", "FileContainerUploadFailed": "ファイルをサーバーにコピーできません StatusCode={0}: {1}。ソース ファイルのパス: {2}。ターゲット サーバーのパス: {3}", "FileContainerUploadFailedBlob": "BLOB にファイルをアップロードできません。ソース ファイルパス: {0}。ターゲット サーバー パス: {1}", "FileDoesNotExist": "ファイル '{0}' は存在しないか、またはアクセスできません。", "FileNotFound": "ファイル '{0}' が見つかりませんでした。", "FilePathNotFound": "'{0}' のファイル パスが見つかりません。", "FileShareOperatingSystemNotSupported": "Linux または macOS エージェントからファイル共有への成果物の公開はサポートされていません。成果物の種類を `Azure Pipelines` に変更するか、Windows エージェントをご使用ください。", "FileUploadCancelled": "ファイルのアップロード中にファイルのアップロードが取り消されました: '{0}'。", "FileUploadDetailTrace": "アップロードに失敗したファイルの詳細アップロード トレース: {0}", "FileUploadFailed": "'{1}' が原因で '{0}' をアップロードできませんでした。", "FileUploadFailedAfterRetry": "再試行後もファイルのアップロードに失敗しました。", "FileUploadFailedRetryLater": "{0} ファイルをアップロードできませんでした。1 分後にこれらのファイルをもう一度お試しください。", "FileUploadFileOpenFailed": "ファイル '{1}' をアップロードしているときにファイル エラー '{0}' が発生しました。", "FileUploadFinish": "ファイル: '{0}' のアップロードの完了に {1} ミリ秒かかりました", "FileUploadProgress": "ファイルの合計: {0} ---- 処理されたファイル: {1} ({2}%)", "FileUploadProgressDetail": "'{0}' をアップロードしています ({1}%)", "FileUploadRetry": "{0} 件の失敗したファイルのアップロードの再試行を開始します。", "FileUploadRetryInSecond": "{0} 秒後にファイルのアップロードを再試行します。", "FileUploadRetrySucceed": "ファイルのアップロードは再試行後に成功しました。", "FileUploadSucceed": "ファイルのアップロードに失敗しました。", "FinalizeJob": "ジョブの最終処理", "FinishMaintenance": "メンテナンスが完了しました: {0}", "FoundErrorInTrace": [ "診断ログに {0} が報告されました。詳細については、ログを確認してください。", " - {1}" ], "GCBuildDir": "孤立した古いビルド ディレクトリを削除します。", "GCBuildDirNotEnabled": "[孤立した古いリリース ディレクトリの削除] オプションが無効です。", "GCDirIsEmpty": "ビルド ディレクトリを GC にする必要はありません。'{0}' には追跡ファイルがありません。", "GCDirNotExist": "GC である必要があるビルド ディレクトリはありません。'{0}' が存在しません。", "GCOldFormatTrackingFile": "追跡ファイル '{0}' を GC 用にマークします。このファイルは一度も使用されていないためです。", "GCReleaseDir": "孤立した古いリリース ディレクトリを削除します。", "GCReleaseDirIsEmpty": "GC であるべきリリース ディレクトリはありません。'{0}' に追跡ファイルがありません。", "GCReleaseDirNotEnabled": "孤立した古いリリース ディレクトリの削除オプションが無効です。", "GCReleaseDirNotExist": "リリース ディレクトリを GC にする必要はありません。'{0}' は存在しません。", "GCUnusedTrackingFile": "追跡ファイル '{0}' を GC 用にマークします。これは、 {1} 日間使用されていないためです。", "GenerateAndRunUpdateScript": "更新スクリプトを生成して実行します。", "GrantContainerUserSUDOPrivilege": "ユーザー '{0}' に SUDO 特権を付与し、認証なしでコマンドを実行できるようにします。", "GrantingFilePermissions": "ファイルに '{0}' へのアクセス許可を付与しています。", "GroupDoesNotExists": "グループ {0} が存在しません", "ImageVersionLog": "現在のイメージ バージョン: '{0}'", "InitializeContainer": "コンテナーの初期化", "InitializeJob": "ジョブの初期化", "IntegrityCheckNotPassed": "成果物アイテムの整合性チェックに失敗しました", "IntegrityCheckPassed": "成果物アイテムの整合性チェックが正常に完了しました", "InvalidAutoLogonCredential": "AutoLogon に無効な Windows 資格情報が入力されました。指定された資格情報が有効であり、コンピューターに対する対話型ログオン権限があることを確認してください。もう一度試すか、Ctrl + c で終了します。", "InvalidCommandArg": "コマンド '{0}' には次の無効な文字が 1 つまたは複数含まれています: \"、\\r、\\n", "InvalidCommandResult": "コマンドに有効な結果値がありません。", "InvalidCompletedDate": "テスト結果ファイルから取得した完了日の最大値 {0} が開始日の最小値 {1} より大きいので、各テストの実行期間が時間の計算に使用されます", "InvalidConfigFor0TerminatingUnattended": "{0} に指定された構成が無効です。無人構成を終了しています。", "InvalidDateFormat": "各テスト実行の期間は、結果ファイルから取得された無効な日付形式として、時間の計算に使用されます: {0} (開始日: {1}、完了日: {2}", "InvalidEndpointField": "無効なエンドポイント フィールド。有効な値は url、dataParameter、authParameter です。", "InvalidEndpointId": "無効なエンドポイント ID。", "InvalidEndpointUrl": "無効なエンドポイント URL。", "InvalidFileFormat": "無効なファイル形式です。", "InvalidGroupName": "グループ名が無効です - {0}", "InvalidMember": "メンバーのアカウントの種類が正しくないため、新しいメンバーをローカル グループに追加できませんでした。ドメイン コントローラーで構成している場合、組み込みのコンピューター アカウントをローカル グループに追加することはできません。代わりにドメイン ユーザー アカウントを使用する必要があります", "InvalidResultFiles": "結果ファイルが無効です。ファイル '{0}' の結果形式がテスト結果が '{1}' のテスト結果形式と一致することを確認してください。", "InvalidSIDForUser": "AutoLogon の構成中または構成解除中に、ユーザー {0}\\{1} のセキュリティ識別子が無効です。詳細については、ログを参照してください。", "InvalidValueInXml": "概要ファイル '{0}' から '{1}' の値を取得できません。概要ファイルが整形式であることを確認してから、もう一度お試しください。", "InvalidWindowsCredential": "無効な Windows 資格情報が入力されました。もう一度試すか、Ctrl + c で終了します。", "JenkinsBuildDoesNotExistsForCommits": "jenkins ビルド {0} と {1} のビルド インデックスが見つかりません。見つかったインデックスは {2} と {3} です。ビルドが存在しない可能性があります", "JenkinsCommitsInvalidEndJobId": "jenkins 成果物 {1} に関連付けられている EndJobId {0} が無効です。コミットはダウンロードされません。", "JenkinsDownloadingChangeFromCurrentBuild": "endJobId が見つかりません。現在のビルドの変更セットをフェッチします", "JenkinsNoCommitsToFetch": "同じビルドをデプロイしています。フェッチするものはありません", "JenkinsRollbackDeployment": "ジョブ {0} から {1} へのロールバック展開のコミットをダウンロードしています", "JobCompleted": "{0:u}: ジョブ {1} が完了しました。結果: {2}", "LaunchBrowser": "AAD デバイス コード フロー用にブラウザーを起動しますか? (Y/N)", "ListenForJobs": "{0:u}: ジョブをリッスンしています", "LocalClockSkewed": "ローカル コンピューターの時計が、サーバー時刻と 5 分以上非同期である可能性があります。時計をドメインまたはインターネットの時刻と同期して、もう一度お試しください。", "LocalSystemAccountNotFound": "ローカル システム アカウントが見つかりません", "LogOutputMessage": "エージェントはログのアップロードとログのファイルへの保存を有効にしました。ジョブが完了したら、エージェントの{0} でこのステップのログを取得できます。", "Maintenance": "メンテナンス", "MaxHierarchyLevelReached": "階層レベルがサポートされている制限 {0} を超えているため、下位階層が切り捨てられます。", "MaxSubResultLimitReached": "テスト ケース '{0}' のサブ結果の数が、サポートされている {1} の制限を超えています。残りの値は切り捨てられます。", "MemberDoesNotExists": "メンバー: {0} が存在しません。", "MinimumNetFramework": ".NET Framework x64 4.5 以上が必要です。", "MinimumNetFramework46": ".NET Framework x64 4.6 以上が必要です。", "MinimumNetFrameworkTfvc": [ ".NET Framework x64 4.6 以上がインストールされていません。", "", "TFVC リポジトリを同期するには、.NET FRAMEWORK x64 4.6 以上が必要です。Git リポジトリを同期する必要はありません。" ], "MinRequiredDockerClientVersion": "必要とされる Docker エンジン API クライアントの最小バージョンは '{0}' ですが、お使いの Docker ('{1}') クライアント バージョンは '{2}' です", "MinRequiredDockerServerVersion": "最低限必要な Docker エンジン API サーバーのバージョンは '{0}'、docker ('{1}') サーバーのバージョンは '{2}' です", "MinRequiredGitLfsVersion": "最低限必要な Git バージョンは '{0}'、Git ('{1}') バージョンは '{2}' です", "MinRequiredGitVersion": "最低限必要な Git バージョンは '{0}'、Git ('{1}') バージョンは '{2}'", "MinSecretsLengtLimitWarning": "シークレットの最小長の値が大きすぎます。最大値が設定されています: {0}", "MissingAgent": "エージェントはサーバーに存在しません。エージェントを再構成してください。", "MissingAttachmentFile": "タスク添付ファイルをアップロードできません。添付ファイルの場所が指定されていないか、添付ファイルがディスクに存在しません", "MissingAttachmentName": "タスクの添付ファイルを追加できません。添付ファイル名が指定されていません。", "MissingAttachmentType": "タスクの添付ファイルを追加できません。添付ファイルの種類が指定されていません。", "MissingConfig": "構成ファイルが見つからないため、サーバーに接続できません。サーバーからのエージェントの削除をスキップしています。", "MissingEndpointField": "##vso[task.setendpoint] コマンドの必須フィールド 'field' がありません。", "MissingEndpointId": "##vso[task.setendpoint] コマンドの必須フィールド 'ID' が指定されていません。", "MissingEndpointKey": "##vso[task.setendpoint] コマンドの必須フィールド 'key' が指定されていません。", "MissingNodePath": "この手順には、エージェント ファイル システムに存在しないノード バージョンが必要です。パス: {0}", "MissingRepositoryAlias": "リポジトリを更新できません。リポジトリのエイリアスが指定されていません。", "MissingRepositoryPath": "リポジトリを更新できません。リポジトリ パスが指定されていません。", "MissingTaskVariableName": "必須フィールド 'variable' が ##vso[task.settaskvariable] コマンドにありません。", "MissingTimelineRecordId": "タイムライン レコードを更新できません。タイムライン レコード ID が指定されていません。", "MissingVariableName": "必須フィールド 'variable' が ##vso[task.setvariable] コマンドにありません。", "ModifyingCoberturaIndexFile": "Cobertura インデックス ファイルを変更しています", "MultilineSecret": "シークレットに複数の行を含めることはできません", "N": "N", "NameRequiredForTimelineRecord": "この新しいタイムライン レコードには名前が必要です。", "NeedAdminForAutologonCapability": "自動ログオンを使用してエージェントを構成するには管理者特権が必要です。", "NeedAdminForAutologonRemoval": "自動ログオン機能で実行されているエージェントの構成を解除するには、管理者特権が必要です。", "NeedAdminForConfigAgentWinService": "エージェントを Windows サービスとして構成するには管理者特権が必要です。", "NeedAdminForUnconfigWinServiceAgent": "Windows サービスとして実行されているエージェントを構成解除するための管理者特権が必要です。", "NetworkServiceNotFound": "ネットワーク サービス アカウントが見つかりません", "NoArtifactsFound": "バージョン '{0}' で使用できる成果物がありません。", "NoFolderToClean": "指定されたクリーンアップ対象フォルダーが見つかりませんでした。クリーンアップするものがありません", "NoRestart": "後でマシンを再起動しますか? (Y/N)", "NoRestartSuggestion": "エージェントの構成中に AutoLogon が有効になりました。AutoLogon の設定を有効にするには、コンピューターを再起動することをお勧めします。", "NoResultFound": "'{0}' を公開するための結果が見つかりませんでした。", "OnPremIsNotSupported": "パイプライン成果物タスクはオンプレミスではサポートされていません。代わりにビルド成果物タスクを使用してください。", "OperatingSystemShutdown": "コンピューター '{0}' のオペレーティング システムをシャットダウンしています", "OperationFailed": "エラー: 操作 {0} がリターン コード {1} で失敗しました", "OutputVariablePublishFailed": "出力変数を公開できませんでした。", "OverwriteAutoLogon": "ユーザー '{0}' に対して自動ログオンが既に有効になっているため、既存の自動ログオン設定を上書きしますか? (Y/N)", "ParentProcessFinderError": "エージェントがPowerShell Coreで実行されているかどうかを確認中にエラーが発生しました。", "ParentTimelineNotCreated": "この新しいタイムライン レコードの親タイムライン レコードが作成されていません。", "Password": "パスワード", "PathDoesNotExist": "パスが存在しません: {0}", "PersonalAccessToken": "個人用アクセス トークン", "PipelineDoesNotExist": "次のパイプラインは存在しません: {0}。パイプラインの名前を確認してください。", "PoolNotFound": "エージェント プールが見つかりません: '{0}'", "PostJob": "ジョブ後: {0}", "PowerOptionsConfigError": "電源オプションの構成中にエラーが発生しました。詳細については、ログを参照してください。", "PowerShellNotInstalledMinVersion0": "PowerShell がインストールされていません。最低限必要なバージョン: {0}", "PreJob": "ジョブ前: {0}", "PrepareBuildDir": "ビルド ディレクトリの準備", "PrepareReleasesDir": "リリース ディレクトリを準備します。", "PrepareTaskExecutionHandler": "タスク実行ハンドラーを準備しています。", "Prepending0WithDirectoryContaining1": "'{1}' を含むディレクトリを持つ環境変数 {0} を先頭に追加しています。", "PrerequisitesSectionHeader": "前提条件", "PreventServiceStartDescription": "構成が完了した直後にサービスを開始できないようにするかどうか? (Y/N)", "ProcessCompletedWithCode0Errors1": "プロセスは終了コード {0} で完了し、エラー ストリームに {1} 個のエラーが書き込まれました。", "ProcessCompletedWithExitCode0": "終了コード {0} でプロセスが完了しました。", "ProcessExitCode": "プロセスから終了コード {0} が返されました: ファイル名 '{1}'、引数 '{2}'。", "ProcessHandlerInvalidScriptArgs": "シェルによって正しく実行されない可能性のある引数の文字が検出されました。詳細についてはこちら: https://aka.ms/ado/75787", "ProfileLoadFailure": "ユーザー {0}\\{1} AutoLogon 構成のユーザー プロファイルを読み込めません。", "ProjectName": "プロジェクト名", "Prompt0": "{0} の入力", "Prompt0Default1": "{0} を入力します ({1} の場合は Enter キーを押します)", "PSModulePathLocations": "環境変数 PSModulePath には、PowerShell Coreに固有のモジュールの場所が含まれています。パイプラインで Windows PowerShell タスクを使用する場合は、エラーが発生する可能性があることにご注意ください。この問題を解決するには、PowerShell Core (pwsh) でエージェントを開始しないでください。", "PSScriptError": "PowerShell スクリプトが完了しましたが、{0} エラーが発生しました。", "PublishCodeCoverage": "コード カバレッジを公開する", "PublishedCodeCoverageArtifact": "'{0}' を成果物 '{1}' として公開しました", "PublishingArtifactUsingRobocopy": "robocopy を使用して成果物をアップロードしています。", "PublishingCodeCoverage": "カバレッジの集計データを TFS サーバーに公開しています。", "PublishingCodeCoverageFiles": "コード カバレッジ ファイルを TFS サーバーに公開しています。", "PublishingTestResults": "'{0}' をテスト実行するためにテスト結果を公開しています", "PublishTestResults": "テスト結果の公開", "QueryingWorkspaceInfo": "ワークスペース情報のクエリを実行しています。", "QueueConError": "{0:u}: エージェントの接続エラー: {1}。再接続されるまで再試行しています。", "QueueConnected": "{0:u}: エージェントが再接続されました。", "QuietCheckoutModeRequested": "非通知チェックアウト モード: 少なければ、コンソールに出力されます。", "ReadingCodeCoverageSummary": "'{0}' からコード カバレッジの概要を読み取っています", "ReadOnlyTaskVariable": "読み取り専用タスク変数 '{0}' を上書きすることは許可されていません。詳細については、https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md を参照してください。", "ReadOnlyTaskVariableWarning": "読み取り専用タスク変数 '{0}' を上書きしています。今後、この動作は無効になります。詳細については、https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md を参照してください。", "ReadOnlyVariable": "読み取り専用変数 '{0}' を上書きすることは許可されていません。詳細については、https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md を参照してください。", "ReadOnlyVariableWarning": "読み取り専用変数 '{0}' を上書きしています。今後、この動作は無効になります。詳細については、https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md を参照してください。", "RegisterAgentSectionHeader": "エージェントの登録", "ReleaseDirLastUseTime": "リリース ディレクトリ '{0}' が前回使用されたのは {1} です", "RenameIndexFileCoberturaFailed": "'{2}' のコード カバレッジ ファイルを公開中に '{0}' を '{1}' に名前変更できませんでした。内部例外: '{3}'", "Replace": "置き換えますか? (Y/N)", "RepositoryNotExist": "リポジトリを更新できません。リポジトリが存在しません。", "ResourceMonitorAgentEnvironmentResource": "エージェント環境リソース - {0}、{1}、{2}", "ResourceMonitorCPUInfo": "CPU 使用率 - {0}%", "ResourceMonitorCPUInfoError": "CPU 情報を取得できません。例外: {0}", "ResourceMonitorDiskInfo": "ディスク: {0} - {2} MB 中 {1} MB が使用可能です", "ResourceMonitorDiskInfoError": "ディスク情報を取得できません。例外: {0}", "ResourceMonitorFreeDiskSpaceIsLowerThanThreshold": "{0} の空きディスク領域が {1}% 未満です。現在の使用率: {2}%", "ResourceMonitorMemoryInfo": "メモリ: {1} MB 中 {0} MB 使用済み", "ResourceMonitorMemoryInfoError": "メモリ情報を取得できません。例外: {0}", "ResourceMonitorMemorySpaceIsLowerThanThreshold": "空きメモリが {0}% 未満です。現在の使用率: {1}%", "ResourceUtilizationDebugOutputIsDisabled": "デバッグ実行のリソース使用率の出力が無効になっています。有効にする場合は、\"AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT\" 変数を \"true\" に切り替えます", "ResourceUtilizationWarningsIsDisabled": "リソース使用率の警告が無効になっています。有効にする場合は、\"DISABLE_RESOURCE_UTILIZATION_WARNINGS\" 変数を \"false\" に切り替えます", "RestartIn15SecMessage": "15 秒後にマシンを再起動します...", "RestartMessage": "マシンを再起動してエージェントを起動し、自動ログオン設定を有効にします。", "ReStreamLogsToFilesError": "--disableloguploads と --reStreamLogsToFiles を同時に使用することはできません。", "RetryCountLimitExceeded": "許可されている最大試行回数は {0} ですが、{1} を取得しました。再試行回数が {0} に減ります。", "RetryingReplaceAgent": "エージェントの置換を再試行しています (試行 {0}/{1})。次の試行までの待機時間、{2} 秒...", "RMApiFailure": "API {0} がエラー コード {1} で失敗しました", "RMArtifactContainerDetailsInvalidError": "成果物に有効なコンテナーの詳細がありません: {0}", "RMArtifactContainerDetailsNotFoundError": "成果物にコンテナーの詳細が含まれていません: {0}", "RMArtifactDetailsIncomplete": "成果物をダウンロードするために必要な情報が見つかりません", "RMArtifactDirectoryNotFoundError": "成果物ディレクトリが存在しません: {0}。アカウント {1} のパスワードが最近変更され、エージェントのパスワードが更新されていない場合に発生する可能性があります。その場合は、エージェントの再構成を検討してください。", "RMArtifactDownloadBegin": "{1} 種類のリンクされた成果物 {0} をダウンロードしています...", "RMArtifactDownloadFinished": "リンクされた成果物 {0} をダウンロードしました", "RMArtifactDownloadRequestCreationFailed": "URL から成果物をダウンロードする要求を作成できませんでした: {0}", "RMArtifactEmpty": "成果物にはダウンロードするファイルが含まれていません。", "RMArtifactMatchNotFound": "ビルド成果物 '{0}' はどの名前付けパターンとも一致しません。ダウンロードはスキップされます", "RMArtifactNameDirectoryNotFound": "ディレクトリ '{0}' は存在しません。親ディレクトリへのフォールバック: {1}", "RMArtifactsDownloadFinished": "成果物のダウンロードが完了しました", "RMArtifactTypeFileShare": "成果物の種類: FileShare", "RMArtifactTypeNotSupported": "リリース管理では、現在のバージョンの成果物の種類 {0} のダウンロードはサポートされていません", "RMArtifactTypeServerDrop": "成果物の種類: ServerDrop", "RMArtifactVersionNotBelongToArtifactSource": "ID {0} の成果物バージョンは、ID {1} のリンクされた成果物ソースに属していません。", "RMBuildNotFromLinkedDefinition": "ビルド {0} は、リンクされたビルド定義 {1} に属していません", "RMCachingAllItems": "ファイル コンテナー内のすべての項目をキャッシュしています...", "RMCachingComplete": "キャッシュが完了しました。({0} ミリ秒)", "RMCachingContainerItems": "ファイル コンテナーの '{0}' の下の項目をキャッシュしています...", "RMContainerItemNotSupported": "コンテナー 項目の種類' {0}' はサポートされていません。", "RMContainerItemPathDoesnotExist": "ファイル コンテナー アイテムのパスが {0} で始まっていません: {1}", "RMContainerItemRequestTimedOut": "要求が {0} 秒後にタイムアウトしました; {1}秒間スリープ状態にしてから、もう一度お試しください。要求: {2} {3}", "RMCreatedArtifactsDirectory": "作成された成果物ディレクトリ: {0}", "RMCreatingArtifactsDirectory": "成果物ディレクトリを作成しています: {0}", "RMCustomEndpointNotFound": "カスタム成果物をダウンロードするために必要な情報がジョブに見つかりません: {0}", "RMDownloadArtifactUnexpectedError": "成果物のダウンロード中に予期しないエラーが発生しました", "RMDownloadBufferSize": "ダウンロード バッファー サイズ: {0}", "RMDownloadComplete": "ダウンロードが完了しました。", "RMDownloadingArtifact": "成果物をダウンロードしています", "RMDownloadingArtifactFromFileContainer": "ファイル コンテナーから成果物をダウンロードしています: ターゲットに {0}: {1}", "RMDownloadingArtifactFromFileShare": "ファイル共有から成果物のダウンロード: ターゲットに {0} : {1}", "RMDownloadingArtifactUsingRobocopy": "robocopy を使用して成果物をダウンロードしています。", "RMDownloadingCommits": "コミットをダウンロードしています", "RMDownloadingJenkinsArtifacts": "Jenkins サーバーから成果物をダウンロードしています", "RMDownloadProgress": "配置されたファイル {0}: ダウンロード {1}、空 {2}", "RMDownloadProgressDetails": "{0} MB が {1} KB/秒でダウンロードされました。ダウンロード時刻: {2}。", "RMDownloadStartDownloadOfFile": "ファイル {0} をダウンロードしています", "RMDownloadTaskCompletedStatus": "{0} 分以内に完了したダウンロード タスクはありません。残りのタスクの状態:", "RMDownloadTaskStates": " {0}: \t{1} タスク。", "RMEnsureArtifactFolderExistsAndIsClean": "成果物フォルダー {0} が存在し、クリーンであることを確認しています。", "RMEnvironmentVariablesAvailable": "使用可能な環境変数を次に示します。 これらの環境変数は、(ReleaseDefinition の) タスクで参照できることに注意してください。たとえば \"_\" を \".\" に置き換えることで、環境変数 AGENT_NAME ReleaseDefinition の Agent.Name を使用して参照できます。 {0}", "RMErrorDownloadingContainerItem": "{0} のダウンロード中にエラーが発生しました: {1}", "RMErrorDuringArtifactDownload": "ダウンロード中にエラーが発生しました: {0}", "RMFailedCreatingArtifactDirectory": "リリース成果物ディレクトリ '{0}' を作成できませんでした。", "RMFileShareArtifactErrorOnNonWindowsAgent": "OSX または Linux エージェントを使用してファイル共有から成果物をダウンロードすることはできません。成果物はサーバーからダウンロードすることも、Windows エージェントを使用することもできます。", "RMGitEndpointNotFound": "Team Foundation Git 成果物をダウンロードするために必要な情報がジョブに見つかりません。", "RMGitHubEndpointNotFound": "GitHub 成果物をダウンロードするために必要な情報がジョブに見つかりません: {0}", "RMGotJenkinsArtifactDetails": "Jenkins 成果物の詳細を受信しました", "RMJenkinsBuildId": "BuildId: {0}", "RMJenkinsEndpointNotFound": "Jenkins 成果物をダウンロードするために必要な情報がジョブに見つかりません: {0}", "RMJenkinsInvalidBuild": "Jenkins ビルド {0} が無効です。", "RMJenkinsJobName": "ジョブ名: {0}", "RMJenkinsNoArtifactsFound": "Jenkins ビルド {0} で使用できる成果物はありません。", "RMLowAvailableDiskSpace": "{0} ドライブのディスク領域が不足しています。使用可能な領域が 100 MB 未満です。", "RMNoBuildArtifactsFound": "ビルド {0} で使用できる成果物はありません。", "RMParallelDownloadLimit": "並列ダウンロードの制限: {0}", "RMPrepareToGetFromJenkinsServer": "Jenkins サーバーから成果物情報を取得する準備をしています", "RMPreparingToDownload": "成果物をダウンロードする準備をしています: {0}", "RMPreparingToGetBuildArtifactList": "ビルドから利用可能な成果物のリストを取得する準備をしています。", "RMReAttemptingDownloadOfContainerItem": "{0} のダウンロードを再試行しています。エラー: {1}", "RMReceivedGithubArtifactDetails": "GitHub 成果物の詳細を受信しました", "RMReleaseNameRequired": "リリース名が必要です。", "RMRemainingDownloads": "残り {0} 件のダウンロードがあります。", "RMRetryingArtifactDownload": "ダウンロードを再試行しています...", "RMRetryingCreatingArtifactsDirectory": "例外 {1} で Release アーティファクト ディレクトリ {0} を作成できませんでした。リリース成果物ディレクトリの作成を再試行しています。", "RMRobocopyBasedArtifactDownloadExitCode": "Robocopy の終了コード: {0}", "RMRobocopyBasedArtifactDownloadFailed": "Robocopy ベースのダウンロードが失敗しました。終了コード: {0}", "RMStartArtifactsDownload": "成果物のダウンロードを開始しています...", "RMStreamTypeNotSupported": "リリース管理では、現在のバージョンでストリームの種類 {0} のダウンロードはサポートされていません", "RMTfsVCEndpointNotFound": "Team Foundation バージョン管理成果物をダウンロードするために必要な情報がジョブに見つかりません。", "RMUpdateReleaseName": "リリース名を更新します。", "RMUpdateReleaseNameForRelease": "リリース {1} のリリース名を {0} に更新します。", "RMUpdateReleaseNameForReleaseComment": "タスクのログ コマンドを使用してリリース名を {0} に更新しています", "RMUserChoseToSkipArtifactDownload": "指定された設定に基づいて成果物のダウンロードをスキップしています。", "RobocopyBasedPublishArtifactTaskExitCode": "Robocopy の終了コード: {0}", "RobocopyBasedPublishArtifactTaskFailed": "Robocopy ベースの公開が失敗しました。終了コード: {0}", "Rosetta2Warning": "X64 エミュレーションは、エージェント プロセスでハングの原因となることがわかっています。ネイティブ (ARM) エージェントを使用してください。", "RSAKeyFileNotFound": "RSA キー ファイル {0} が見つかりませんでした。", "RunAgentAsServiceDescription": "エージェントをサービスとして実行しますか? (Y/N)", "RunAsAutoLogonDescription": "自動ログオンを構成し、起動時にエージェントを実行しますか? (Y/N)", "RunIDNotValid": "実行 ID が無効です: {0}", "RunningJob": "{0:u}: ジョブ '{1}' を実行中です", "SavedSettings": "{0:u}: 設定が保存されました。", "ScanToolCapabilities": "ツール機能をスキャンしています。", "ScreenSaverPoliciesInspection": "スクリーンセーバーを無効にできない可能性があるポリシーを確認しています。", "ScreenSaverPolicyWarning": "このマシンにはスクリーンセーバー ポリシーが定義されています。これにより、スクリーンセーバーが再び有効になる可能性があります。アクティブなスクリーンセーバーは UI 操作に影響を与える可能性があります。たとえば、自動 UI テストが失敗する可能性があります。", "SecretsAreNotAllowedInInjectedTaskInputs": "タスクは、シークレットを含むターゲット タスクの次の入力にアクセスしようとしています:\n{0}\nデコレーターによって挿入されたタスクにシークレットを含む入力を渡すことが許可されていません。", "SelfManageGitCreds": "Git 資格情報の自己管理モードです。エージェント ホスト マシンが Git 認証チャレンジをバイパスできることを確認してください。", "ServerTarpit": "ジョブは現在サーバーによって調整されています。コンソール行の出力、ジョブの状態レポート、タスク ログのアップロードで遅延が発生する可能性があります。", "ServerTarpitUrl": "リソース使用率ページへのリンク (1 時間のグローバル ビュー): {0}。", "ServerTarpitUrlScoped": "リソース使用率ページへのリンク (パイプラインごとの 1 時間のビュー): {0}。", "ServerUrl": "サーバー URL", "ServiceAlreadyExists": "サービスは既に存在します: {0}、置き換えられます", "ServiceConfigured": "サービス {0} が正常に構成されました", "ServiceDelayedStartOptionSet": "サービス {0} が正常に遅延自動開始に設定されました", "ServiceInstalled": "サービス {0} は正しくインストールされました。", "ServiceLockErrorRetry": "サービス DB のロックがコード {0} で失敗しました。{1} 秒後に再試行しています...", "ServiceRecoveryOptionSet": "サービス {0} の回復オプションが正常に設定されました", "ServiceSidTypeSet": "サービス {0} では、SID の型が正常に設定されました", "ServiceStartedSuccessfully": "サービス {0} が正常に開始しました。", "SessionCreateFailed": "セッションを作成できませんでした: {0}", "SessionExist": "このエージェントのセッションは既に存在します。", "SessionExistStopRetry": "{0} 秒間再試行した後、SessionConflictException での再試行を停止します。", "SetBuildVars": "ビルド変数を設定します。", "SetEnvVar": "環境編集 {0} を設定しています", "SetVariableNotAllowed": "設定変数 '{0}' は、タスクまたはビルド定義によって無効にされています。", "ShallowCheckoutFail": "浅いリポジトリでの Git チェックアウトに失敗しました。これは、深度 '{0}' の Git のフェッチに lfs フェッチのコミット '{1}' が含まれていないためと考えられます。ドキュメント (http://go.microsoft.com/fwlink/?LinkId=829603) を参照してください", "ShallowLfsFetchFail": "浅いリポジトリでの Git lfs フェッチに失敗しました。これは、深度 '{0}' の Git のフェッチに lfs フェッチのコミット '{1}' が含まれていないためと考えられます。ドキュメント (http://go.microsoft.com/fwlink/?LinkId=829603) を参照してください", "ShutdownMessage": "エージェントを対話モードで起動するためにマシンを再起動しています。", "Skipping": "存在しません。スキップしています ", "SkipTrackingFileWithoutRepoType": "追跡ファイル '{0}' をスキップします。リポジトリの種類がまだ更新されていません。", "SourceArtifactProviderNotFound": "型が {0} の成果物のソース プロバイダーが見つかりません", "StartingArtifactDownload": "{0} のダウンロードを開始しています", "StartMaintenance": "メンテナンスを開始する: {0}", "StepCancelled": "操作は取り消されます。次の手順には、予期されるログが含まれていない可能性があります。", "StepFinishing": "終了しています: {0}", "StepStarting": "{0} を開始しています", "StepTimedOut": "タスクがタイムアウトしました。", "StopContainer": "コンテナーの停止", "Success": "成功: ", "SupportedRepositoryEndpointNotFound": "どのソース リポジトリ エンドポイントも、サポートされているどのソース プロバイダーとも一致しません。", "SupportedTaskHandlerNotFoundLinux": "現在のオペレーティング システムではこのタスクを実行できません。これは通常、タスクが Windows 用にのみ作成されていることを意味します。たとえば、Windows Desktop PowerShell 用に作成されています。", "SupportedTaskHandlerNotFoundWindows": "サポートされているタスクの実行ハンドラーが見つかりませんでした。タスクに現在のオペレーティング システム '{0}' と互換性がある実装がありません。詳細については、タスク作成者にお問い合わせください。", "SvnBranchCheckedOut": "リビジョン {2} でリポジトリ {1} のブランチ {0} をチェックアウトしました", "SvnEmptyServerPath": "空の相対サーバー パスが '{0}' にマップされています。", "SvnFileAlreadyExists": "ファイル {0} は既に存在します。", "SvnIncorrectRelativePath": "無効な相対パス '{0}' が指定されました。", "SvnMappingDuplicateLocal": "ローカル パス={0} の重複するマッピングを無視します", "SvnMappingDuplicateServer": "サーバー パス={0} の重複するマッピングを無視します", "SvnMappingIgnored": "マッピング セット全体が無視されます。完全なブランチ マッピングを続行しています。", "SvnNotInstalled": "インストールされている svn コマンド ライン ユーティリティが見つかりません", "SvnSyncingRepo": "リポジトリを同期しています: {0} (Svn)", "TarExtraction": "tar アーカイブを抽出しています: {0}", "TarExtractionError": "tar アーカイブ {0} を抽出できませんでした: {1}", "TarExtractionNotSupportedInWindows": "Tar 抽出は Windows でサポートされていません", "TarSearchStart": "抽出する tar アーカイブの検索を開始しています", "TarsFound": "抽出する {0} tar アーカイブが見つかりました", "TarsNotFound": "抽出する tar アーカイブが見つかりませんでした", "TaskDownloadFailed": "タスク '{0}' をダウンロードできませんでした。エラー {1}", "TaskDownloadTimeout": "タスク '{0}' は {1} 秒以内にダウンロードを完了しませんでした。", "TaskSignatureVerificationFailed": "タスクの署名の確認に失敗しました。", "TaskSignatureVerificationSucceeeded": "タスクの署名の確認に成功しました。", "TeeEula": [ "TFVC リポジトリからソースをビルドするには、Team Explorer Everywhere エンド ユーザー ライセンス契約に同意する必要があります。この手順は、Git リポジトリからソースをビルドする場合には必要ありません。", "", "Team Explorer Everywhere ライセンス契約のコピーは次の場所にあります:", " {0}" ], "Telemetry": "テレメトリ", "TelemetryCommandDataError": "テレメトリ データ {0} を分析できません。エラー: {1}", "TelemetryCommandFailed": "テレメトリ データを公開できませんでした。エラー {0}", "TenantId": "テナント ID", "TestAgentConnection": "エージェント接続をテストしています。", "TestAttachmentNotExists": "ディスク {0} では使用できないため添付ファイルをスキップしています", "TestResultsRemaining": "残りのテスト結果: {0}。テストの実行 ID: {1}。", "Tfs2015NotSupported": "このエージェントは、TFS 2015 に対して Windows ではサポートされていません。TFS 2015 Windows エージェントは、エージェント プールの管理ページからダウンロードできます。", "TotalThrottlingDelay": "サーバーの調整によって、ジョブの合計遅延 {0} 秒が発生しました。", "TotalUploadFiles": "{0} ファイルをアップロードしています", "TypeRequiredForTimelineRecord": "この新しいタイムライン レコードには型が必要です。", "UnableResolveArtifactType": "成果物の場所から成果物の種類を推測できません: {0}。", "UnableToArchiveResults": "テスト結果をアーカイブできません: {0}", "UnableToParseBuildTrackingConfig0": "レガシ ビルド追跡構成を解析できません。代わりに新しいビルド ディレクトリが作成されます。前のディレクトリは、回復されていない状態のままである可能性があります。レガシ構成の内容: {0}", "UnconfigAutologon": "自動ログオン設定を削除しています", "UnconfigureOSXService": "https://www.visualstudio.com/ja-jp/docs/build/admin/agents/v2-linux に従って、まずサービスの構成を解除する", "UnconfigureServiceDService": "https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-linux に従って、まずサービスの構成を解除する", "UnexpectedParallelCount": "サポートされていない並列カウント '%s'。1 ~ 128 の数値を入力します。", "UninstallingService": "サービスの削除", "UnknownCodeCoverageTool": "コード カバレッジ ツール '{0}' はサポートされていません。", "UnrecognizedCmdArgs": "認識されないコマンド ライン入力引数: '{0}'。使用法については、.\\config.cmd --help または ./config.sh --help を参照してください。", "UnregisteringAgent": "サーバーからエージェントを削除しています", "UnsupportedGitLfsVersion": "現在の Git LFS バージョンは '{0}' で、エージェントではサポートされていません。少なくともバージョン '{1}' にアップグレードしてください。詳細については、「https://github.com/git-lfs/git-lfs/issues/3571」を参照してください。", "UnsupportedOsVersionByNet8": "このエージェントが実行されているオペレーティング システムのバージョン ({0}) は、Pipelines エージェントの今後の更新ではサポートされていません。サポートされているオペレーティング システムのバージョンについては、「https://aka.ms/azdo-pipeline-agent-net8」を参照してください。", "UpdateBuildNumber": "ビルド番号の更新", "UpdateBuildNumberForBuild": "ビルド {1} のビルド番号を {0}に更新する", "UpdateInProgress": "エージェントの更新進行中、エージェントをシャットダウンしないでください。", "UpgradeToLatestGit": "Git エクスペリエンスを向上させるには、Git を少なくともバージョン '{0} にアップグレードしてください。現在の Git バージョンは '{1}' です。", "UploadArtifact": "成果物のアップロード", "UploadArtifactCommandNotSupported": "サーバー成果物のアップロードは、{0} ではサポートされていません。", "UploadArtifactFinished": "パイプライン成果物のアップロードが完了しました。", "UploadingPipelineArtifact": "ビルド # {1} の{0}からのパイプライン成果物のアップロード", "UploadToFileContainer": "'{0}' をファイル コンテナーにアップロードします: '{1}'", "UserName": "ユーザー名", "UserNameLog": "実行中のエージェント: '{0}'", "UserShutdownAgent": "エージェントがシャットダウンシグナルを受信しました。これは、エージェント サービスが停止したとき、または手動で開始されたエージェントが取り消されたときに発生する可能性があります。", "Variable0ContainsCyclicalReference": "変数 '{0}' を展開できません。循環参照が検出されました。", "Variable0ExceedsMaxDepth1": "変数 '{0}' を展開できません。最大拡張深度 ({1}) を超えました。", "VMResourceWithSameNameAlreadyExistInEnvironment": "ID '{0}' の環境には、'{1}' という名前の仮想マシン リソースが既に含まれています。", "VSTSHostNonZeroReturn": "LegacyVSTSPowerShellHost.exe はリターン コード: {0} で完了しました。", "WaitForServiceToStop": "サービスの停止を待機しています...", "WindowsLogonAccountNameDescription": "サービスに使用するユーザー アカウント", "WindowsLogonPasswordDescription": "アカウント {0}のパスワード", "WorkFolderDescription": "作業フォルダー", "WorkspaceMappingNotMatched": "ワークスペースのマッピングがワークスペース {0} に一致しません", "Y": "Y", "ZipSlipFailure": "エントリがターゲット ディレクトリの外部にあります: {0}" } ================================================ FILE: src/Misc/layoutbin/ko-KR/strings.json ================================================ { "AcceptTeeEula": "(Y/N) 지금 Team Explorer Everywhere 라이선스 계약에 동의하시겠습니까?", "AccessDenied": "액세스 거부", "AccessDeniedSettingDelayedStartOption": "서비스 설정이 자동 시작 옵션을 지연하는 동안 액세스가 거부되었습니다.", "AccessDeniedSettingRecoveryOption": "서비스 복구 옵션을 설정하는 동안 액세스가 거부되었습니다.", "AccessDeniedSettingSidType": "서비스 SID 유형을 설정하는 동안 액세스가 거부되었습니다.", "AddAgentFailed": "에이전트를 추가하지 못했습니다. 다시 시도하거나 Ctrl-C를 눌러 종료하세요.", "AddBuildTag": "빌드 태그 추가", "AddDeploymentGroupTagsFlagDescription": "에이전트에 대한 배포 그룹 태그입니까? (예/아니요)", "AddEnvironmentVMResourceTags": "환경 가상 머신 리소스 태그입니까? (예/아니요)", "AgentAddedSuccessfully": "에이전트를 추가했습니다.", "AgentAlreadyInsideContainer": "컨테이너 내에서 에이전트가 이미 실행 중인 경우 컨테이너 기능은 지원되지 않습니다. 설명서(https://go.microsoft.com/fwlink/?linkid=875268)를 참조하세요.", "AgentCdnAccessFailWarning": "작업 필요: Azure Pipelines 에이전트가 새 CDN URL에 연결할 수 없습니다. 이제 파이프라인 오류를 방지하려면 'download.agent.dev.azure.com'을 허용 목록에 추가하세요. 세부 정보: https://devblogs.microsoft.com/devops/cdn-domain-url-change-for-agents-in-pipelines/", "AgentDoesNotSupportContainerFeatureRhel6": "에이전트는 Red Hat Enterprise Linux 6 또는 CentOS 6의 컨테이너 기능을 지원하지 않습니다.", "AgentDowngrade": "에이전트를 낮은 버전으로 다운그레이드합니다. 이 오류는 일반적으로 버그 수정에 대해 현재 게시된 에이전트의 롤백 때문에 발생합니다. 이 동작을 사용하지 않도록 설정하려면 에이전트를 시작하기 전에 환경 변수 AZP_AGENT_DOWNGRADE_DISABLED=true로 설정하세요.", "AgentExit": "에이전트가 업데이트를 위해 곧 종료되며 10초 이내에 다시 온라인 상태가 되어야 합니다.", "AgentIsNotConfigured": "에이전트가 구성되지 않았습니다.", "AgentMachineNameLog": "에이전트 시스템 이름: '{0}'", "AgentMachinePoolNameLabel": "에이전트 풀", "AgentName": "에이전트 이름", "AgentNameLog": "에이전트 이름: '{0}'", "AgentOutOfMemoryFailure": "에이전트 작업자가 코드 137로 종료되었습니다. 즉, 메모리가 부족합니다. 에이전트(컨테이너) 호스트에 충분한 메모리가 구성되어 있는지 확인합니다.", "AgentReplaced": "에이전트를 교체했습니다.", "agentRootFolderCheckError": "에이전트 루트 폴더의 접근 규칙을 확인할 수 없습니다. 자세한 내용은 로그를 확인하세요.", "agentRootFolderInsecure": "보안 경고! {0} 그룹은 에이전트 폴더를 작성/수정할 수 있는 액세스 권한이 있습니다. 자세한 내용은 로그를 확인하세요.", "AgentRunningBehindProxy": "에이전트가 프록시 서버 '{0}' 뒤에서 실행 중입니다.", "AgentVersion": "현재 에이전트 버전: '{0}'", "AgentWithSameNameAlreadyExistInPool": "{0} 풀에 {1} 이름을 가진 에이전트가 이미 포함되어 있습니다.", "AllowContainerUserRunDocker": "사용자 '{0}'이(가) SUDO 없이 모든 Docker 명령을 실행할 수 있도록 허용합니다.", "AlreadyConfiguredError": "에이전트가 이미 구성되어 있으므로 구성할 수 없습니다. 에이전트를 다시 구성하려면 먼저 'config.cmd remove' 또는 './config.sh remove'를 실행합니다.", "ApkAddShadowFailed": "사용자 ID가 'adduser' 명령 범위를 벗어났습니다. 'shadow' 패키지가 사전 설치되어 있지 않고 이 패키지를 설치하려는 시도가 실패했으므로 대체 명령 'useradd'를 사용할 수 없습니다. 네트워크 가용성을 확인하거나 'shadow' 패키지가 사전 설치된 Docker 이미지를 사용하세요.", "ArgumentNeeded": "'{0}'을(를) 지정해야 합니다.", "ArtifactCustomPropertiesNotJson": "아티팩트 사용자 지정 속성이 유효한 JSON이 아닙니다: '{0}'", "ArtifactCustomPropertyInvalid": "아티팩트 사용자 지정 속성에는 'user-' 접두사가 있어야 합니다. 잘못된 속성: '{0}'", "ArtifactDownloadFailed": "{0}에서 아티팩트를 다운로드하지 못했습니다.", "ArtifactLocationRequired": "아티팩트 위치는 필수 항목입니다.", "ArtifactNameIsNotValid": "아티팩트 이름이 유효하지 않습니다: {0}. '\\', /', \"', ':', '<', '>', '|', '*' 및 '?'를 포함할 수 없습니다.", "ArtifactNameRequired": "아티팩트 이름은 필수 항목입니다.", "ArtifactTypeRequired": "아티팩트 유형은 필수 항목입니다.", "AssociateArtifact": "아티팩트 연관", "AssociateArtifactCommandNotSupported": "서버 아티팩트 연결은 {0}에서 지원되지 않습니다.", "AssociateArtifactWithBuild": "빌드 {1}과(와) 연결된 아티팩트 {0}", "AssociateFiles": "파일 연결 중", "AttachFileNotExist": "첨부할 수 없습니다(유형:{0} 이름:{1}) 파일: {2}. 파일이 없습니다.", "AttachmentExceededMaximum": "첨부 파일이 허용된 최대 크기 75MB를 초과하므로 첨부 파일을 건너뜁니다. {0}", "AttemptRemoveCredFromConfig": "git 명령줄을 사용하여 git 구성에서 \"{0}\"을(를) 제거하려는 시도가 실패했습니다. 자격 증명을 제거하기 위해 git 구성 파일을 직접 수정하려고 합니다.", "AuthenticationType": "인증 유형", "AutoLogonAccountGmsaHint": "gMSA 계정을 사용하려는 경우 계정 이름 끝에 달러 기호($)를 입력하세요.", "AutoLogonAccountNameDescription": "자동 로그온에 사용할 사용자 계정", "AutoLogonOverwriteDeniedError": "시스템의 다른 사용자({0})에 대해 이미 구성되어 있으므로 자동 로그온을 구성할 수 없습니다. 덮어쓰려면 '--overwriteautologon'을 사용하세요.", "AutoLogonPolicies_LegalNotice": "법적 고지 사항", "AutoLogonPolicies_ShutdownReason": "종료 이유", "AutoLogonPoliciesInspection": "자동 로그온이 올바르게 작동하지 못하게 하는 정책을 확인합니다.", "AutoLogonPoliciesWarningsHeader": "다음 정책은 자동 로그온에 영향을 줄 수 있습니다.", "BeginArtifactItemsIntegrityCheck": "아티팩트 항목 무결성 검사를 시작하는 중", "BlobStoreDownloadWarning": "Blobstore에서 아티팩트 다운로드에 실패하여 TFS로 대체되었습니다. 다운로드 성능이 저하됩니다. 방화벽 규칙에 따라 {0}에 대한 액세스가 허용되는지 확인하세요. 에이전트 방화벽이 올바르게 구성되었는지 확인하세요. {1}", "BlobStoreUploadWarning": "Blobstore에 대한 아티팩트 업로드가 실패하여 TFS로 대체되었습니다. 이 대체는 향후 릴리스에서 제거됩니다. 방화벽 규칙에 따라 {0}에 대한 액세스가 허용되는지 확인하세요. 에이전트 방화벽이 올바르게 구성되었는지 확인하세요. {1}", "BuildDirLastUseTIme": "빌드 디렉터리 '{0}'이(가) 마지막으로 사용된 시간: {1}", "BuildIdIsNotAvailable": "'{0}' 환경에서 파이프라인 아티팩트를 다운로드하려고 시도하지만 빌드 ID가 없습니다. 아티팩트가 빌드인 경우 '{1}' 환경에서만 파이프라인 아티팩트를 다운로드할 수 있습니다.", "BuildIdIsNotValid": "빌드 ID가 유효하지 않음: {0}", "BuildingFileTree": "파일 트리 빌드 중", "BuildLogsMessage": "에이전트가 로그 업로드를 비활성화했습니다. 작업이 완료된 후 에이전트의 {0}에서 이 단계의 로그를 검색할 수 있습니다.", "BuildNumberRequired": "빌드 번호는 필수 항목입니다.", "BuildsDoesNotExist": "제공된 파이프라인 정의에 현재 빌드가 없습니다.", "BuildTagAddFailed": "빌드 태그 '{0}'이(가) 추가되지 않았습니다.", "BuildTagRequired": "빌드 태그가 필요합니다.", "BuildTagsForBuild": "빌드 '{0}'에 현재 다음 태그가 있습니다. {1}", "CannotChangeParentTimelineRecord": "기존 타임라인 레코드의 상위 타임라인 레코드를 변경할 수 없습니다.", "CannotDownloadFromCurrentEnvironment": "{0} 환경에서 파이프라인 아티팩트를 다운로드할 수 없습니다.", "CannotFindHostName": "서버 URL '{0}'에서 VSTS 조직 이름을 찾을 수 없습니다.", "CanNotFindService": "서비스 {0}을(를) 찾을 수 없습니다.", "CanNotGrantPermission": "{0} 사용자에게 LogonAsService 권한을 부여할 수 없습니다.", "CanNotStartService": "서비스를 시작할 수 없습니다. 자세한 내용은 로그를 확인하세요.", "CanNotStopService": "적시에 서비스 {0}을(를) 중지할 수 없습니다.", "CannotUploadFile": "파일 위치가 지정되지 않아 파일을 업로드할 수 없습니다.", "CannotUploadFromCurrentEnvironment": "{0} 환경에서 파이프라인 아티팩트로 업로드할 수 없습니다.", "CannotUploadSummary": "요약 파일을 업로드할 수 없습니다. 요약 파일 위치가 지정되지 않았습니다.", "CheckoutTaskDisplayNameFormat": "{0}@{1}에서 {2} 결제", "CleaningDestinationFolder": "정리 대상 폴더: {0}", "ClientId": "클라이언트(앱) ID", "ClientSecret": "클라이언트 암호", "ClockSkewStopRetry": "{0}초 후에 OAuth 토큰 요청 예외 다시 시도를 중지했습니다.", "CodeCoverageDataIsNull": "적용 범위 데이터를 찾을 수 없습니다. 자세한 내용은 빌드 오류/경고를 확인하세요.", "CodeCoveragePublishIsValidOnlyForBuild": "코드 적용 범위 게시는 '빌드'에서만 작동합니다.", "CollectionName": "컬렉션 이름", "CommandDuplicateDetected": "{1} 영역에 대해 명령 {0}이(가) 이미 설치되었습니다.", "CommandKeywordDetected": "'{0}'에 로깅 명령 키워드 '##vso'가 포함되어 있지만 올바른 명령이 아닙니다. 허용된 명령 목록을 확인하세요. https://go.microsoft.com/fwlink/?LinkId=817296", "CommandLineHelp": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "명령:", " .{0}config.{1} 에이전트를 구성합니다.", " .{0}config.{1} remove 에이전트를 구성 해제합니다.", " .{0}run.{1} 에이전트를 대화식으로 실행합니다.", " .{0}run.{1} --once 종료하기 전에 최대 하나의 작업을 수락하고 에이전트를 실행합니다.", "", "옵션:", " --version 에이전트 버전을 인쇄합니다.", " --commit 에이전트 커밋을 인쇄합니다.", " --help 각 명령에 대한 도움말을 인쇄합니다." ], "CommandLineHelp_Common": [ "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "일반 옵션:", " --url 서버의 URL입니다. 예: https://myaccount.visualstudio.com 또는", " http://onprem:8080/tfs", " --auth 인증 유형입니다. 유효한 값은 다음과 같습니다.", " pat (개인용 액세스 토큰)", " negotiate (Kerberos 또는 NTLM)", " alt (기본 인증)", " integrated (Windows 기본 자격 증명)", " sp(서비스 주체)", " --token --auth pat과 함께 사용됩니다. 개인용 액세스 토큰입니다.", " --userName --auth 협상 또는 --auth alt와 함께 사용됩니다. Windows 사용자를 지정합니다", " 이름을 domain\\userName 또는 userName@domain.com 형식으로 지정합니다.", " --password --auth 협상 또는 --auth Alt와 함께 사용됩니다.", " --unattended 무인 구성. 메시지가 표시되지 않습니다. 모든 답변은 다음을 충족해야 합니다", " 명령줄에 제공됩니다.", " --version 에이전트 버전을 인쇄합니다.", " --commit 에이전트 커밋을 인쇄합니다.", " --help 도움말 인쇄" ], "CommandLineHelp_Configure": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", ".{0}config.{1} [options]", "", "구성 해제 도움이 필요한 경우 .{0}config.{1} remove --help 참조", "", "{2}", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "옵션 구성:", " --pool 조인할 에이전트의 풀 이름", " --agent 에이전트 이름", " --replace 풀의 에이전트를 대체합니다. 다른 에이전트가 해당 이름으로", " 수신 대기 중인 경우 충돌이 발생하여 실패하기 시작합니다.", " --work 작업 데이터가 저장되는 작업 디렉터리입니다. 기본값은", " 에이전트 디렉터리의 루트 내 _work입니다. 작업 디렉터리는 지정된", " 에이전트의 소유이며 여러 에이전트 간에 공유해서는 안 됩니다.", " --acceptTeeEula macOS 및 Linux만 해당합니다. TEE 최종 사용자 라이선스 계약에 동의합니다.", " --gitUseSChannel Windows만 해당합니다. Git에 Windows의 네이티브 인증서 저장소를 사용하도록 지시합니다.", " --alwaysExtractTask 각 파이프라인 단계의 작업에 대해 압축 풀기 작업을 수행합니다.", " --disableLogUploads 서버로 콘솔 로그 출력을 스트리밍하거나 보내지 않습니다. 대신 작업이 완료된 후 에이전트 호스트의 파일 시스템에서 검색할 수 있습니다. 참고: --reStreamLogsToFiles와 함께 사용할 수 없으므로 오류가 발생합니다.", " --reStreamLogsToFiles 콘솔 로그 출력을 서버로 스트리밍하거나 전송하고 에이전트 호스트의 파일 시스템에 있는 로그 파일을 전송합니다. 참고: --disableLogUploads와 함께 사용할 수 없으므로 오류가 발생합니다.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "시작 옵션(Windows만 해당):", " --runAsService Windows 서비스로 실행되도록 에이전트를 구성합니다.", " 관리자 권한이 필요합니다.", " --preventServiceStart 구성 후 즉시 실행되지 않도록 Windows 서비스를 구성합니다.", " --runAsAutoLogon 자동 로그온을 구성하고 시작 시 에이전트를 실행합니다.", " 관리자 권한이 필요합니다.", " --windowsLogonAccount --runAsService 또는 --runAsAutoLogon과 함께 사용됩니다. Windows 사용자", " 이름을 domain\\userName 또는 userName@domain.com 형식으로 지정합니다.", " --windowsLogonPassword --runAsService 또는 --runAsAutoLogon과 함께 사용됩니다. Windows 로그온 암호입니다.", " --overwriteAutoLogon --runAsAutoLogon과 함께 사용됩니다. 컴퓨터에 대한 모든 기존 자동 로그온을", " 덮어씁니다.", " --noRestart --runAsAutoLogon과 함께 사용됩니다. 구성 완료 후 다시 시작하지", " 않습니다.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "배포 그룹 옵션:", " --deploymentGroup 에이전트를 배포 그룹 에이전트로 구성합니다.", " --projectName --deploymentGroup과 함께 사용됩니다. 팀 프로젝트 이름입니다.", " --addDeploymentGroupTags --deploymentGroup과 함께 사용됩니다. 배포 그룹 태그를 추가하도록 지정합니다.", " --deploymentGroupName --deploymentGroup과 함께 사용됩니다. 에이전트가 조인할 배포 그룹입니다.", " --deploymentGroupTags --addDeploymentGroupTags와 함께 사용됩니다. 쉼표로 구분된", " 배포 그룹 에이전트의 태그 목록입니다. 예: \"web, db\".", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "무인 구성 예:", "", "VSTS 인증", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --acceptTeeEula", "", "통합 인증이 포함된 온-프레미스 TFS(Windows만 해당)", ".\\config.cmd --unattended --url http://mylocaltfsserver:8080/tfs --auth integrated --pool default --agent myAgent", "", "협상 인증이 포함된 온-프레미스 TFS", ".{0}config.{1} --unattended --url http://mylocaltfsserver:8080/tfs --auth negotiate --userName myDomain\\myUserName --password myPassword --pool default --agent myAgent --acceptTeeEula", "", "기존 에이전트를 동일한 에이전트 이름으로 바꾸기", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --replace --acceptTeeEula", "", "에이전트 작업 디렉터리 지정(Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work D:\\agent_work", "", "에이전트 작업 디렉터리 지정(macOS 및 Linux)", "./config.sh --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work usr/local/agent_work", "", "NetworkService로 로그온하는 Windows 서비스로 실행(Windows만 해당)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService", "", "도메인 계정으로 로그온하는 Windows 서비스로 실행(Windows만 해당)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "도메인 계정으로 로그온하고(Windows만 해당) 서비스를 즉시 시작하지 않는 Windows 서비스로 실행", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --preventServiceStart --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword ", "", "자동 로그온 에이전트로 실행(Windows만 해당)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "자동 로그온 에이전트로 실행하고 구성 후 다시 시작 안 함(Windows만 해당)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword --noRestart", "", "로컬 시스템으로 로그온하는 Windows 서비스로 실행되는 배포 그룹 에이전트(Windows만 해당)", ".\\config.cmd --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\"", "", "태그가 있는 배포 그룹 에이전트", ".{0}config.{1} --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\" --acceptTeeEula" ], "CommandLineHelp_Env": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "환경 변수:", "명령줄 인수를 환경 변수로 지정할 수 있습니다. 사용 형식은", "VSTS_AGENT_INPUT_입니다. 예: VSTS_AGENT_INPUT_PASSWORD" ], "CommandLineHelp_Remove": [ ".{0}config.{1} remove [options]", "", "{2}", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "무인 제거 예:", "", "VSTS", ".{0}config.{1} remove --unattended --auth pat --token myToken", "", "통합 인증이 포함된 온-프레미스 TFS(Windows만 해당)", ".{0}config.{1} remove --unattended --auth integrated", "", "통합 인증이 포함된 온-프레미스 TFS", ".{0}config.{1} remove --unattended --auth negotiate --username myDomain\\myUserName --password myPassword" ], "CommandNotAllowed": "정책 제한으로 인해 이 단계에서 ##vso[{0}.{1}]를 사용할 수 없습니다. 설명서(http://go.microsoft.com/fwlink/?LinkId=817296)를 참조하세요.", "CommandNotFound": "##vso[{0}.command]에 대한 명령 확장을 찾을 수 없습니다. 설명서(http://go.microsoft.com/fwlink/?LinkId=817296)를 참조하세요.", "CommandNotFound2": "##vso[{0}.{1}]는 {2} 명령 확장에 대해 인식되는 명령이 아닙니다. 설명서(http://go.microsoft.com/fwlink/?LinkId=817296)를 참조하세요.", "CommandNotSupported": "{1} 흐름에는 {0} 명령이 지원되지 않습니다. 설명서(http://go.microsoft.com/fwlink/?LinkId=817296)를 참조하세요.", "CommandProcessFailed": "'{0}' 명령을 처리할 수 없습니다. 설명서(http://go.microsoft.com/fwlink/?LinkId=817296)를 참조하세요.", "ConnectingToServer": "서버에 연결하는 중...", "ConnectSectionHeader": "연결", "ConnectToServer": "서버에 연결 중입니다.", "ContainerWindowsVersionRequirement": "컨테이너 기능에는 Windows Server 1803 이상이 필요합니다. 설명서(https://go.microsoft.com/fwlink/?linkid=875268)를 참조하세요.", "CopyFileComplete": "아티팩트를 {0}에 게시함", "CopyFileToDestination": "'{0}' 파일을 '{1}'에 복사", "CorruptedArtifactItemsList": "다음 항목이 무결성 검사를 통과하지 못했습니다.", "CouldNotRemoveService": "'{0}' 서비스를 삭제하지 못했습니다.", "CreateUserWithSameUIDInsideContainer": "컨테이너 내에 UID '{0}'(으)로 사용자를 만들어 보세요.", "CurrentUTC": "현재 UTC: {0}", "CustomLogDoesNotExist": "로그 파일 경로가 제공되지 않았거나 파일이 없음: '{0}'", "CustomMarkDownSummaryDoesNotExist": "Markdown 요약 파일 경로가 제공되지 않았거나 파일이 없음: '{0}'", "DeleteGCTrackingFile": "'{0}' 삭제 후 gc 추적 파일 삭제", "DeleteUnusedBuildDir": "사용하지 않는 빌드 디렉터리 삭제", "DeleteUnusedReleaseDir": "사용하지 않는 릴리스 디렉터리 삭제", "Deleting": "삭제 중: {0}", "DeletingCredentials": ".credentials를 제거하는 중", "DeletingSettings": ".agent를 제거하는 중", "DeploymentGroupName": "배포 그룹 이름", "DeploymentGroupNotFound": "배포 그룹을 찾을 수 없음: '{0}'", "DeploymentGroupTags": "쉼표로 구분된 태그 목록(예: web, db)", "DeploymentGroupTagsAddedMsg": "태그 추가 완료", "DeploymentMachineWithSameNameAlreadyExistInDeploymentGroup": "DeploymentGroup {0}에 이름이 {1}인 컴퓨터가 이미 포함되어 있습니다.", "DeploymentPoolName": "배포 풀 이름", "DeploymentPoolNotFound": "배포 풀을 찾을 수 없음: {0}", "DeprecatedNode6": "이 작업은 2022년 3월 31일에 제거될 노드 6 실행 처리기를 사용합니다. 작업의 개발자인 경우 Node 10 처리기에 대한 마이그레이션 지침(https://aka.ms/migrateTaskNode10)을 고려해 보세요(노드 6 사용 중단 경고를 비활성화하려는 경우에도 이 페이지 확인). 사용자인 경우 이 작업의 소유자에게 연락하여 마이그레이션을 계속 진행할 수 있습니다.", "DeprecatedNodeRunner": "작업 '{0}' 버전 {1}({2}@{1})은 수명이 끝나는 노드 버전({3})에 따라 다릅니다. 업데이트된 버전의 작업에 대해서는 확장 소유자에게 문의하세요. 작업 유지 관리자는 노드 업그레이드 지침을 검토해야 합니다. https://aka.ms/node-runner-guidance", "DeprecatedRunner": "작업 '{0}'은(는) 수명이 종료된 작업 실행기에 종속되며 나중에 제거될 예정입니다. 작성자는 노드 업그레이드 지침(https://aka.ms/node-runner-guidance)을 검토해야 합니다.", "DeprecationMessage": "'{0}' 작업 {1} 버전({2}@{1})이 더 이상 사용되지 않습니다.", "DeprecationMessageHelpUrl": "이 작업에 대한 자세한 내용은 {0}을(를) 참조하세요.", "DeprecationMessageRemovalDate": "이 작업이 제거됩니다. {0}부터 더 이상 사용할 수 없습니다.", "DirectoryHierarchyUnauthorized": "'{0}' 및 해당 계층까지의 각 디렉터리에 디렉터리 내용을 읽을 수 있는 권한이 필요합니다. {1}", "DirectoryIsEmptyForArtifact": "'{0}' 디렉터리가 비어 있습니다. 빌드 아티팩트 '{1}'에 아무것도 추가되지 않습니다.", "DirectoryNotFound": "디렉터리를 찾지 못함: '{0}'", "DirExpireLimit": "디렉터리 만료 제한: {0}일.", "DiscoverBuildDir": "{0}일 이상 사용되지 않은 오래된 빌드 디렉터리를 검색합니다.", "DiscoverReleaseDir": "{0}일 이상 사용되지 않은 오래된 릴리스 디렉터리를 검색합니다.", "DockerCommandFinalExitCode": "{0}에 대한 최종 종료 코드: {1}", "DownloadAgent": "{0} 에이전트 다운로드 중", "DownloadArtifactFinished": "아티팩트 다운로드가 완료되었습니다.", "DownloadArtifacts": "아티팩트 다운로드", "DownloadArtifactsFailed": "아티팩트 다운로드 실패: {0}", "DownloadArtifactTo": "아티팩트를 {0}에 다운로드합니다.", "DownloadArtifactWarning": "{0} 형식 아티팩트를 다운로드하려면 빌드 아티팩트 다운로드 작업을 사용하세요. https://docs.microsoft.com/ko-kr/azure/devops/pipelines/tasks/utility/download-build-artifacts?view=azure-devops", "DownloadingFromBuild": "지정된 다음 빌드에서 다운로드: #{0}", "DownloadingJenkinsCommitsBetween": "작업 {0}에서 {1}(으)로 커밋 다운로드 중", "DownloadingJenkinsCommitsFailedWithException": "Jenkins 아티팩트 {0}에 대한 커밋을 다운로드하지 못했습니다. 예외: {1}", "DownloadingMultiplePipelineArtifacts": "{0} 파이프라인 아티팩트를 다운로드하는 중...", "DownloadingTask0": "작업 다운로드 중: {0}({1})", "EnableServiceSidTypeUnrestricted": "에이전트 서비스에 대해 SERVICE_SID_TYPE_UNRESTRICTED 사용(Y/N)", "EnsureJobFinished": "현재 작업이 실행 완료될 때까지 기다리는 중입니다.", "EnsureTasksExist": "필요한 모든 작업을 다운로드합니다.", "EnterValidValueFor0": "{0}에 대한 올바른 값을 입력하세요.", "EnvironmentName": "환경 이름", "EnvironmentNotFound": "환경을 찾을 수 없음: '{0}'", "EnvironmentVariableExceedsMaximumLength": "'{0}' 환경 변수가 최대 지원 길이를 초과합니다. 환경 변수 길이: {1}, 최대 지원 길이: {2}", "EnvironmentVMResourceTags": "쉼표로 구분된 태그 목록(예: web, db)", "ErrorDuringBuildGC": "'{0}'을(를) 기반으로 가비지를 검색할 수 없습니다. 다음에 시도해 보세요.", "ErrorDuringBuildGCDelete": "'{0}'을(를) 기반으로 GC를 완료할 수 없습니다. 다음에 시도해 보세요.", "ErrorDuringReleaseGC": "'{0}'을(를) 기반으로 가비지를 검색할 수 없습니다. 다음에 시도해 보세요.", "ErrorDuringReleaseGCDelete": "'{0}'을(를) 기반으로 GC를 완료할 수 없습니다. 다음에 시도해 보세요.", "ErrorOccurred": "오류가 발생했습니다: {0}", "ErrorOccurredWhilePublishingCCFiles": "코드 검사 파일을 게시하는 동안 오류가 발생했습니다. 오류: {0}", "EulasSectionHeader": "최종 사용자 라이선스 계약", "EvaluateReleaseTrackingFile": "ReleaseDirectory 추적 파일 평가: {0}", "EvaluateTrackingFile": "BuildDirectory 추적 파일 평가: {0}", "Exiting": "종료하는 중...", "ExpectedMappingCloak": "예상되는 매핑[{0}] 숨김: '{1}'. 실제: '{2}'", "ExpectedMappingLocalPath": "예상되는 매핑[{0}] 로컬 경로: '{1}'. 실제: '{2}'", "ExpectedMappingRecursive": "예상되는 매핑[{0}] 재귀: '{1}'. 실제: '{2}'", "ExpectedMappingServerPath": "예상되는 매핑[{0}] 서버 경로: '{1}'. 실제: '{2}'", "Failed": "실패: ", "FailedDeletingTempDirectory0Message1": "'{0}' 임시 디렉터리를 삭제하지 못했습니다. {1}", "FailedTestsInResults": "결과 파일에서 테스트 오류가 하나 이상 검색되었습니다. 테스트 탭에서 게시된 테스트 결과의 자세한 요약을 볼 수 있습니다.", "FailedToAddTags": "에이전트에 태그를 적용하지 못했습니다. 다시 시도하거나 Ctrl-C를 눌러 종료하세요. 아니면 배포 그룹 웹 페이지로 이동하여 태그를 추가할 수도 있습니다.", "FailedToConnect": "연결하지 못했습니다. 다시 시도하거나 Ctrl-C를 눌러 종료하세요.", "FailedToDeleteTempScript": "임시 인라인 스크립트 파일 '{0}'을(를) 삭제하지 못했습니다. {1}", "FailedToFindDeploymentGroup": "배포 그룹을 찾지 못했습니다. 다시 시도하거나 Ctrl-C를 눌러 종료하세요.", "FailedToFindEnvironment": "환경을 찾지 못했습니다. 다시 시도하거나 Ctrl-C를 눌러 종료하세요.", "FailedToFindPool": "풀 이름을 찾지 못했습니다. 다시 시도하거나 Ctrl-C를 눌러 종료하세요.", "FailedToLockServiceDB": "서비스 데이터베이스를 쓰기용으로 잠그지 못함", "FailedToOpenSCM": "서비스 제어 관리자를 열지 못했습니다.", "FailedToOpenSCManager": "서비스 제어 관리자를 열지 못했습니다.", "FailedToPublishTestResults": "테스트 결과를 게시하지 못했습니다. {0}", "FailedToReadFile": "{0}을(를) 읽지 못했습니다. 오류: {1}.", "FailedToReplaceAgent": "에이전트를 바꾸지 못했습니다. 다시 시도하거나 Ctrl-C를 눌러 종료하세요.", "FailToRemoveGitConfig": "git 구성에서 \"{0}\"을(를) 제거할 수 없습니다. 자격 증명을 제거하려면 리포지토리 루트 \"{1}\"에서 \"git config --unset-all {0}\"을(를) 실행하세요.", "FailToReplaceTokenPlaceholderInGitConfig": "git 구성 파일에서 \"{0}\"에 대한 자리 표시자를 바꿀 수 없습니다.", "FileAssociateProgress": "총 파일 수: {0} ---- 관련 파일: {1}({2}%)", "FileContainerUploadFailed": "서버에 파일을 복사할 수 없음 StatusCode={0}: {1}. 원본 파일 경로: {2}. 대상 서버 경로: {3}", "FileContainerUploadFailedBlob": "Blob에 파일을 업로드할 수 없습니다. 원본 파일 경로: {0}. 대상 서버 경로: {1}", "FileDoesNotExist": "'{0}' 파일이 없거나 액세스할 수 없습니다.", "FileNotFound": "파일을 찾을 수 없습니다: '{0}'", "FilePathNotFound": "'{0}'의 파일 경로를 찾을 수 없습니다.", "FileShareOperatingSystemNotSupported": "Linux 또는 macOS 에이전트의 아티팩트를 파일 공유에 게시할 수 없습니다. 아티팩트 형식을 `Azure Pipelines`로 변경하거나 Windows 에이전트를 사용하세요.", "FileUploadCancelled": "'{0}' 파일 업로드 중 파일 업로드가 취소되었습니다.", "FileUploadDetailTrace": "업로드하지 못한 파일에 대한 세부 업로드 추적: {0}", "FileUploadFailed": "'{1}'(으)로 인해 '{0}'을(를) 업로드하지 못했습니다.", "FileUploadFailedAfterRetry": "재시도 후에도 파일을 업로드하지 못했습니다.", "FileUploadFailedRetryLater": "파일 {0}개를 업로드하지 못했습니다. 1분 후에 이 파일들을 다시 시도하세요.", "FileUploadFileOpenFailed": "'{1}' 파일을 업로드하는 동안 '{0}' 파일 오류가 발생했습니다.", "FileUploadFinish": "파일 '{0}'의 업로드를 완료하는 데 {1}밀리초가 걸렸습니다.", "FileUploadProgress": "총 파일: {0} ---- 처리된 파일: {1}({2}%)", "FileUploadProgressDetail": "'{0}' 업로드 중({1}%)", "FileUploadRetry": "실패한 파일 {0}개의 업로드 재시도를 시작합니다.", "FileUploadRetryInSecond": "{0}초 후에 파일 업로드를 다시 시도하세요.", "FileUploadRetrySucceed": "재시도 후 파일 업로드에 성공했습니다.", "FileUploadSucceed": "파일을 업로드했습니다.", "FinalizeJob": "작업 완료", "FinishMaintenance": "유지 보수 완료: {0}", "FoundErrorInTrace": [ "진단 로그에 보고된 {0}. 자세한 내용은 로그를 확인하세요.", " - {1}" ], "GCBuildDir": "고아 및 부실 빌드 디렉터리를 삭제합니다.", "GCBuildDirNotEnabled": "고아 및 부실 빌드 디렉터리 삭제 옵션이 활성화되어 있지 않습니다.", "GCDirIsEmpty": "빌드 디렉터리가 GC일 필요는 없습니다. '{0}'에는 추적 파일이 없습니다.", "GCDirNotExist": "빌드 디렉터리가 GC일 필요는 없습니다. '{0}'이(가) 존재하지 않습니다.", "GCOldFormatTrackingFile": "추적 파일 '{0}'은(는) 사용되지 않았으므로 GC에 표시하세요.", "GCReleaseDir": "고아 및 부실 릴리스 디렉터리를 삭제하세요.", "GCReleaseDirIsEmpty": "릴리스 디렉터리는 GC가 아니어도 됩니다. '{0}'에 추적 파일이 없습니다.", "GCReleaseDirNotEnabled": "고아 및 부실 릴리스 디렉터리 삭제 옵션이 활성화되어 있지 않습니다.", "GCReleaseDirNotExist": "릴리스 디렉터리는 GC일 필요가 없습니다. '{0}'이(가) 존재하지 않습니다.", "GCUnusedTrackingFile": "추적 파일 '{0}'은(는) {1}일 동안 사용되지 않았기 때문에 GC에 대해 표시합니다.", "GenerateAndRunUpdateScript": "업데이트 스크립트를 생성하고 실행합니다.", "GrantContainerUserSUDOPrivilege": "사용자 '{0}'에게 SUDO 권한을 부여하고 인증 없이 모든 명령을 실행하도록 허용합니다.", "GrantingFilePermissions": "'{0}'에 파일 권한을 부여하는 중입니다.", "GroupDoesNotExists": "그룹 {0}이(가) 없습니다.", "ImageVersionLog": "현재 이미지 버전: '{0}'", "InitializeContainer": "컨테이너 초기화", "InitializeJob": "작업 초기화", "IntegrityCheckNotPassed": "아티팩트 무결성 검사에 실패했습니다", "IntegrityCheckPassed": "아티팩트 항목 무결성 검사가 완료되었습니다", "InvalidAutoLogonCredential": "자동 로그온에 대해 잘못된 Windows 자격 증명을 입력했습니다. 제공된 자격 증명이 유효하고 컴퓨터에 대한 대화형 로그온 권한이 있는지 확인하세요. 다시 시도하거나 Ctrl-C를 눌러 종료하세요.", "InvalidCommandArg": "명령 인수 '{0}'에 잘못된 문자 \", \\r, \\n이 하나 이상 포함되어 있습니다.", "InvalidCommandResult": "명령에 유효한 결과 값이 없습니다.", "InvalidCompletedDate": "각 테스트 실행 기간은 테스트 결과 파일에서 얻은 최대 완료 날짜 {0}이(가) 최소 시작 날짜 {1}보다 이후 시간 계산에 사용됩니다.", "InvalidConfigFor0TerminatingUnattended": "{0}에 잘못된 구성이 제공되었습니다. 무인 구성을 종료합니다.", "InvalidDateFormat": "각 테스트 실행 기간은 다음과 같이 시간 계산에 사용됩니다. 결과 파일에서 가져온 잘못된 날짜 형식: {0}(시작 날짜: {1}, 완료 날짜: {2}", "InvalidEndpointField": "잘못된 엔드포인트 필드입니다. 유효한 값은 url, dataParameter 및 authParameter입니다.", "InvalidEndpointId": "잘못된 엔드포인트 ID입니다.", "InvalidEndpointUrl": "잘못된 엔드포인트 URL입니다.", "InvalidFileFormat": "잘못된 파일 형식입니다.", "InvalidGroupName": "잘못된 그룹 이름 - {0}", "InvalidMember": "구성원의 계정 유형이 잘못되어 새 구성원을 로컬 그룹에 추가할 수 없습니다. 도메인 컨트롤러에서 구성하는 경우 기본 제공 컴퓨터 계정을 로컬 그룹에 추가할 수 없습니다. 대신 도메인 사용자 계정을 사용해야 합니다.", "InvalidResultFiles": "잘못된 결과 파일입니다. '{0}' 파일의 결과 형식이 '{1}' 테스트 결과 형식과 일치하는지 확인하세요.", "InvalidSIDForUser": "AutoLogon을 구성/구성 해제하는 동안 사용자 {0}\\{1}에 대한 보안 식별자가 잘못되었습니다. 자세한 내용은 로그를 참조하세요.", "InvalidValueInXml": "요약 파일 '{1}'에서 '{0}'에 대한 값을 검색할 수 없습니다. 요약 파일의 형식이 올바른지 확인하고 다시 시도하세요.", "InvalidWindowsCredential": "잘못된 Windows 자격 증명을 입력했습니다. 다시 시도하거나 Ctrl-C를 눌러 종료하세요.", "JenkinsBuildDoesNotExistsForCommits": "jenkins 빌드 {0} 및 {1}에 대한 빌드 인덱스를 찾을 수 없습니다. 발견된 인덱스는 {2} 및 {3}입니다. 아마도 빌드가 존재하지 않을 것입니다.", "JenkinsCommitsInvalidEndJobId": "Jenkins 아티팩트 {1}과(와) 연결된 EndJobId {0}이(가) 잘못되었습니다. 커밋이 다운로드되지 않습니다.", "JenkinsDownloadingChangeFromCurrentBuild": "endJobId를 찾을 수 없습니다. 현재 빌드의 변경 집합을 가져오는 중입니다.", "JenkinsNoCommitsToFetch": "동일한 빌드를 배포합니다. 가져올 것이 없습니다.", "JenkinsRollbackDeployment": "작업 {0}에서 {1} 사이의 롤백 배포에 대한 커밋 다운로드", "JobCompleted": "{0:u}: {1} 작업이 완료되었으며 결과: {2}", "LaunchBrowser": "AAD Device Code Flow용 브라우저를 시작하려면? (예/아니요)", "ListenForJobs": "{0:u}: 작업 수신 대기", "LocalClockSkewed": "로컬 컴퓨터의 시계는 서버 시간과 5분 이상 동기화되지 않을 수 있습니다. 시계를 도메인 또는 인터넷 시간과 동기화하고 다시 시도하세요.", "LocalSystemAccountNotFound": "로컬 시스템 계정을 찾을 수 없습니다", "LogOutputMessage": "에이전트가 로그를 업로드하고 로그를 파일에 저장할 수 있도록 설정했습니다. 작업이 완료된 후 에이전트의 {0}에서 이 단계의 로그를 검색할 수 있습니다.", "Maintenance": "유지 관리", "MaxHierarchyLevelReached": "계층 구조 수준이 지원되는 제한 {0}보다 많습니다. 낮은 계층 구조를 자릅니다.", "MaxSubResultLimitReached": "테스트 케이스 '{0}'의 하위 결과 수가 지원되는 제한인 {1}개를 초과하여 나머지 결과를 자릅니다.", "MemberDoesNotExists": "구성원: {0}이(가) 존재하지 않습니다.", "MinimumNetFramework": ".NET Framework x64 4.5 이상이 필요합니다.", "MinimumNetFramework46": ".NET Framework x64 4.6 이상이 필요합니다.", "MinimumNetFrameworkTfvc": [ ".NET Framework x64 4.6 이상이 설치되어 있지 않습니다.", "", "TFVC 리포지토리를 동기화하려면 .NET Framework x64 4.6 이상이 필요합니다. Git 리포지토리를 동기화할 필요는 없습니다." ], "MinRequiredDockerClientVersion": "최소 필수 Docker 엔진 API 클라이언트 버전은 '{0}'이고 도커('{1}') 클라이언트 버전은 '{2}'입니다.", "MinRequiredDockerServerVersion": "최소 필수 도커 엔진 API 서버 버전은 '{0}'이고 Docker('{1}') 서버 버전은 '{2}'입니다.", "MinRequiredGitLfsVersion": "최소 필수 git-lfs 버전은 '{0}'이고 git-lfs('{1}') 버전은 '{2}'입니다.", "MinRequiredGitVersion": "최소 필수 git 버전은 '{0}'이고 git('{1}') 버전은 '{2}'입니다.", "MinSecretsLengtLimitWarning": "비밀의 최소 길이 값이 너무 큽니다. 설정한 최대값은 {0}입니다.", "MissingAgent": "에이전트가 더 이상 서버에 존재하지 않습니다. 에이전트를 다시 구성하세요.", "MissingAttachmentFile": "작업 첨부 파일을 업로드할 수 없습니다. 첨부 파일 위치가 지정되지 않았거나 첨부 파일이 디스크에 없습니다.", "MissingAttachmentName": "작업 첨부 파일을 추가할 수 없습니다. 첨부 파일 이름이 제공되지 않았습니다.", "MissingAttachmentType": "작업 첨부 파일을 추가할 수 없습니다. 첨부 파일 유형이 제공되지 않았습니다.", "MissingConfig": "구성 파일이 없기 때문에 서버에 연결할 수 없습니다. 서버에서 에이전트 제거를 건너뜁니다.", "MissingEndpointField": "##vso[task.setendpoint] 명령에서 필수 필드 '필드'가 누락되었습니다.", "MissingEndpointId": "##vso[task.setendpoint] 명령에 필수 필드 'id'가 누락되었습니다.", "MissingEndpointKey": "필수 필드 'key'가 ##vso[task.setendpoint] 명령에 없습니다.", "MissingNodePath": "이 단계에는 에이전트 파일 시스템에 없는 노드 버전이 필요합니다. 경로: {0}", "MissingRepositoryAlias": "리포지토리를 업데이트할 수 없습니다. 리포지토리 별칭이 제공되지 않았습니다.", "MissingRepositoryPath": "리포지토리를 업데이트할 수 없습니다. 리포지토리 경로가 제공되지 않았습니다.", "MissingTaskVariableName": "##vso[task.settaskvariable] 명령에 필수 필드 '변수'가 누락되었습니다.", "MissingTimelineRecordId": "타임라인 레코드를 업데이트할 수 없습니다. 타임라인 레코드 ID가 제공되지 않았습니다.", "MissingVariableName": "##vso[task.setvariable] 명령에서 필수 필드 '변수'가 누락되었습니다.", "ModifyingCoberturaIndexFile": "Cobertura 인덱스 파일 수정", "MultilineSecret": "비밀은 여러 줄을 포함할 수 없습니다.", "N": "N", "NameRequiredForTimelineRecord": "이 새 타임라인 레코드에는 이름이 필요합니다.", "NeedAdminForAutologonCapability": "자동 로그온을 사용하여 에이전트를 구성하려면 관리자 권한이 필요합니다.", "NeedAdminForAutologonRemoval": "자동 로그온 기능으로 실행 중인 에이전트를 구성 해제하려면 관리자 권한이 필요합니다.", "NeedAdminForConfigAgentWinService": "에이전트를 Windows 서비스로 구성하려면 관리자 권한이 필요합니다.", "NeedAdminForUnconfigWinServiceAgent": "Windows 서비스로 실행되는 에이전트를 구성 해제하려면 관리자 권한이 필요합니다.", "NetworkServiceNotFound": "네트워크 서비스 계정을 찾을 수 없습니다", "NoArtifactsFound": "버전 '{0}'에서 사용할 수 있는 아티팩트가 없습니다.", "NoFolderToClean": "지정한 정리 폴더를 찾을 수 없습니다. 정리할 항목 없음", "NoRestart": "나중에 컴퓨터를 다시 시작하시겠습니까? (Y/N)", "NoRestartSuggestion": "에이전트를 구성하는 동안 자동 로그온이 활성화되었습니다. 자동 로그온 설정을 적용하려면 컴퓨터를 다시 시작하는 것이 좋습니다.", "NoResultFound": "'{0}'을(를) 게시하기 위해 결과를 찾을 수 없습니다.", "OnPremIsNotSupported": "파이프라인 아티팩트 작업은 온-프레미스에서 지원되지 않습니다. 대신 빌드 아티팩트 작업을 사용하세요.", "OperatingSystemShutdown": "컴퓨터 '{0}'의 운영 체제가 종료되고 있습니다.", "OperationFailed": "오류: {0} 작업이 반환 코드 {1}과(와) 함께 실패했습니다.", "OutputVariablePublishFailed": "출력 변수를 게시하지 못했습니다.", "OverwriteAutoLogon": "사용자 '{0}'에 대해 자동 로그온이 이미 활성화되어 있으므로 기존 자동 로그온 설정을 덮어쓰시겠습니까? (예/아니요)", "ParentProcessFinderError": "에이전트가 PowerShell Core에서 실행 중인지 확인하는 동안 오류가 발생했습니다.", "ParentTimelineNotCreated": "이 새 타임라인 레코드에 대해 상위 타임라인 레코드가 생성되지 않았습니다.", "Password": "암호", "PathDoesNotExist": "경로가 존재하지 않습니다: {0}", "PersonalAccessToken": "개인용 액세스 토큰", "PipelineDoesNotExist": "다음 파이프라인이 존재하지 않습니다: {0}. 파이프라인의 이름을 확인하세요.", "PoolNotFound": "에이전트 풀을 찾을 수 없음: '{0}'", "PostJob": "사후 작업: {0}", "PowerOptionsConfigError": "전원 옵션을 구성하는 동안 오류가 발생했습니다. 자세한 내용은 로그를 참조하세요.", "PowerShellNotInstalledMinVersion0": "PowerShell이 ​​설치되지 않았습니다. 최소 필수 버전: {0}", "PreJob": "사전 작업: {0}", "PrepareBuildDir": "빌드 디렉터리를 준비합니다.", "PrepareReleasesDir": "릴리스 디렉터리를 준비합니다.", "PrepareTaskExecutionHandler": "작업 실행 처리기를 준비 중입니다.", "Prepending0WithDirectoryContaining1": "'{1}'이(가) 포함된 디렉터리 앞에 {0} 환경 변수가 추가되었습니다.", "PrerequisitesSectionHeader": "필수 구성 요소", "PreventServiceStartDescription": "구성이 완료된 직후 서비스 시작을 방지할지 여부 (예/아니요)", "ProcessCompletedWithCode0Errors1": "종료 코드 {0}로 프로세스가 완료되었으며 오류 스트림에 {1}개의 오류가 기록되었습니다.", "ProcessCompletedWithExitCode0": "종료 코드 {0}(으)로 프로세스가 완료되었습니다.", "ProcessExitCode": "프로세스에서 반환된 종료 코드 {0}: 파일 이름 '{1}', 인수 '{2}'.", "ProcessHandlerInvalidScriptArgs": "셸에서 올바르게 실행되지 않을 수 있는 인수에서 검색된 문자입니다. 자세한 내용은 https://aka.ms/ado/75787을 참조하세요.", "ProfileLoadFailure": "사용자 {0}\\{1}에 대한 사용자 프로필을 로드할 수 없습니다. 자동 로그온 구성이 불가능합니다.", "ProjectName": "프로젝트 이름", "Prompt0": "{0} 입력", "Prompt0Default1": "{0} 입력({1}의 경우 Enter 키를 누름)", "PSModulePathLocations": "환경 변수 PSModulePath에는 PowerShell Core에 관련된 모듈 위치가 포함되어 있습니다. 파이프라인에서 Windows PowerShell 작업을 사용하려는 경우 오류가 발생할 수 있습니다. 이 문제를 해결하려면 PowerShell Core(pwsh)에서 에이전트를 시작하지 마세요.", "PSScriptError": "PowerShell 스크립트가 {0} 오류와 함께 완료되었습니다.", "PublishCodeCoverage": "코드 적용 범위 게시", "PublishedCodeCoverageArtifact": "'{0}'을(를) 아티팩트 '{1}'(으)로 게시했습니다.", "PublishingArtifactUsingRobocopy": "robocopy를 사용하여 아티팩트 업로드.", "PublishingCodeCoverage": "적용 범위 요약 데이터를 TFS 서버에 게시합니다.", "PublishingCodeCoverageFiles": "코드 검사 파일을 TFS 서버에 게시합니다.", "PublishingTestResults": "'{0}' 테스트 실행에 테스트 결과 게시", "PublishTestResults": "테스트 결과 게시", "QueryingWorkspaceInfo": "작업 영역 정보를 쿼리합니다.", "QueueConError": "{0:u}: 에이전트 연결 오류: {1}. 다시 연결될 때까지 다시 시도합니다.", "QueueConnected": "{0:u}: 에이전트가 다시 연결되었습니다.", "QuietCheckoutModeRequested": "자동 체크 아웃 모드: 콘솔에 LESS가 인쇄됩니다.", "ReadingCodeCoverageSummary": "'{0}'에서 코드 적용 요약 읽기", "ReadOnlyTaskVariable": "읽기 전용 작업 변수 '{0}'을(를) 덮어쓸 수 없습니다. 자세한 내용은 https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md를 참조하세요.", "ReadOnlyTaskVariableWarning": "읽기 전용 작업 변수 '{0}'을(를) 덮어씁니다. 이 동작은 앞으로 비활성화됩니다. 자세한 내용은 https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md를 참조하세요.", "ReadOnlyVariable": "읽기 전용 변수 '{0}'을(를) 덮어쓸 수 없습니다. 자세한 내용은 https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md를 참조하세요.", "ReadOnlyVariableWarning": "읽기 전용 변수 '{0}'을(를) 덮어씁니다. 이 동작은 앞으로 비활성화됩니다. 자세한 내용은 https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md를 참조하세요.", "RegisterAgentSectionHeader": "에이전트 등록", "ReleaseDirLastUseTime": "릴리스 디렉터리 '{0}'이(가) 마지막으로 사용된 시간: {1}", "RenameIndexFileCoberturaFailed": "'{2}'에 대한 코드 검사 파일을 게시하는 동안 '{0}'의 이름을 '{1}'(으)로 바꾸지 못했습니다. 내부 예외: '{3}'", "Replace": "바꾸시겠습니까? (예/아니요)", "RepositoryNotExist": "리포지토리를 업데이트할 수 없습니다. 리포지토리가 없습니다.", "ResourceMonitorAgentEnvironmentResource": "에이전트 환경 리소스 - {0}, {1}, {2}", "ResourceMonitorCPUInfo": "CPU: 사용량 {0}%", "ResourceMonitorCPUInfoError": "CPU 정보를 가져올 수 없습니다. 예외: {0}", "ResourceMonitorDiskInfo": "디스크: {0} - {2}MB 중 {1}MB 사용 가능", "ResourceMonitorDiskInfoError": "디스크 정보를 가져올 수 없습니다. 예외: {0}", "ResourceMonitorFreeDiskSpaceIsLowerThanThreshold": "{0}의 사용 가능한 디스크 공간이 {1}% 미만입니다. 현재 사용됨: {2}%", "ResourceMonitorMemoryInfo": "메모리: {1}MB 중 {0}MB 사용됨", "ResourceMonitorMemoryInfoError": "메모리 정보를 가져올 수 없습니다. 예외: {0}", "ResourceMonitorMemorySpaceIsLowerThanThreshold": "사용 가능한 메모리가 {0}% 미만입니다. 현재 사용됨: {1}%", "ResourceUtilizationDebugOutputIsDisabled": "디버그 실행에 대한 리소스 사용률 출력을 사용할 수 없습니다. 사용하도록 설정하려면 \"AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT\" 변수를 \"true\"로 전환하세요.", "ResourceUtilizationWarningsIsDisabled": "리소스 사용률 경고가 비활성화된 경우 활성화하려면 \"DISABLE_RESOURCE_UTILIZATION_WARNINGS\" 변수를 \"false\"로 전환하세요.", "RestartIn15SecMessage": "15초 후에 장치를 다시 시작합니다...", "RestartMessage": "에이전트를 시작하고 자동 로그온 설정을 적용하려면 머신을 다시 시작하세요.", "ReStreamLogsToFilesError": "--disableloguploads 및 --reStreamLogsToFiles를 동시에 사용할 수 없습니다.", "RetryCountLimitExceeded": "허용되는 최대 시도 횟수는 {0}이지만 {1}회를 받았습니다. 다시 시도 횟수는 {0}회로 줄어듭니다.", "RetryingReplaceAgent": "에이전트 교체 다시 시도 중({0}/{1} 시도). 다음 시도 전까지 {2}초 대기 중...", "RMApiFailure": "API {0}이(가) 오류 코드 {1}과(와) 함께 실패했습니다.", "RMArtifactContainerDetailsInvalidError": "아티팩트에 유효한 컨테이너 세부 정보가 없습니다. {0}", "RMArtifactContainerDetailsNotFoundError": "아티팩트에 컨테이너 세부 정보가 포함되어 있지 않습니다. {0}", "RMArtifactDetailsIncomplete": "아티팩트를 다운로드하는 데 필요한 정보를 찾을 수 없습니다.", "RMArtifactDirectoryNotFoundError": "아티팩트 디렉터리가 존재하지 않습니다: {0}. {1} 계정의 암호가 최근에 변경되었고 에이전트에 대해 업데이트되지 않은 경우 발생할 수 있습니다. 이 경우 에이전트를 다시 구성하는 것이 좋습니다.", "RMArtifactDownloadBegin": "{1} 유형의 연결된 아티팩트 {0} 다운로드 중...", "RMArtifactDownloadFinished": "다운로드된 연결된 아티팩트 {0}", "RMArtifactDownloadRequestCreationFailed": "URL에서 아티팩트 다운로드 요청 생성 실패: {0}", "RMArtifactEmpty": "아티팩트에는 다운로드할 파일이 없습니다.", "RMArtifactMatchNotFound": "빌드 아티팩트 '{0}'이(가) 이름 지정 패턴과 일치하지 않아 다운로드를 건너뜁니다.", "RMArtifactNameDirectoryNotFound": "디렉터리 '{0}'이(가) 존재하지 않습니다. 상위 디렉터리로 대체: {1}", "RMArtifactsDownloadFinished": "완성된 아티팩트 다운로드", "RMArtifactTypeFileShare": "아티팩트 유형: FileShare", "RMArtifactTypeNotSupported": "릴리스 관리는 현재 버전에서 아티팩트 유형 {0}의 다운로드를 지원하지 않습니다.", "RMArtifactTypeServerDrop": "아티팩트 유형: ServerDrop", "RMArtifactVersionNotBelongToArtifactSource": "ID가 {0}인 아티팩트 버전은 ID가 {1}인 연결된 아티팩트 원본에 속하지 않습니다.", "RMBuildNotFromLinkedDefinition": "빌드 {0}은(는) 연결된 빌드 정의 {1}에 속하지 않습니다.", "RMCachingAllItems": "파일 컨테이너의 모든 항목을 캐싱하는 중...", "RMCachingComplete": "캐싱이 완료되었습니다. ({0}ms)", "RMCachingContainerItems": "파일 컨테이너의 '{0}' 아래 항목 캐싱 중...", "RMContainerItemNotSupported": "컨테이너 항목 유형 '{0}'이(가) 지원되지 않습니다.", "RMContainerItemPathDoesnotExist": "파일 컨테이너 항목 경로가 {0}(으)로 시작하지 않음: {1}", "RMContainerItemRequestTimedOut": "{0}초 후에 요청 시간이 초과되었습니다. {1}초 동안 잠자고 다시 시도합니다. 요청: {2} {3}", "RMCreatedArtifactsDirectory": "생성된 아티팩트 디렉터리: {0}", "RMCreatingArtifactsDirectory": "아티팩트 디렉터리 생성: {0}", "RMCustomEndpointNotFound": "작업에서 사용자 지정 아티팩트를 다운로드하는 데 필요한 정보를 찾을 수 없음: {0}", "RMDownloadArtifactUnexpectedError": "아티팩트를 다운로드하는 동안 예기치 않은 오류가 발생했습니다.", "RMDownloadBufferSize": "다운로드 버퍼 크기: {0}", "RMDownloadComplete": "다운로드를 완료하였습니다.", "RMDownloadingArtifact": "아티팩트 다운로드 중", "RMDownloadingArtifactFromFileContainer": "파일 컨테이너: {0}에서 대상: {1}(으)로 아티팩트 다운로드 중", "RMDownloadingArtifactFromFileShare": "파일 공유: {0}에서 대상: {1}(으)로 아티팩트 다운로드 중", "RMDownloadingArtifactUsingRobocopy": "robocopy를 사용하여 아티팩트 다운로드.", "RMDownloadingCommits": "커밋 다운로드", "RMDownloadingJenkinsArtifacts": "Jenkins 서버에서 아티팩트 다운로드", "RMDownloadProgress": "배치된 파일 {0}개: {1} 다운로드됨, {2} 비어 있음", "RMDownloadProgressDetails": "{0}MB가 {1}KB/초로 다운로드되었습니다. 다운로드 시간: {2}.", "RMDownloadStartDownloadOfFile": "파일 다운로드 중 {0}", "RMDownloadTaskCompletedStatus": "{0}분 동안 완료된 다운로드 작업이 없습니다. 남은 작업 상태:", "RMDownloadTaskStates": " {0}: {1} 작업.", "RMEnsureArtifactFolderExistsAndIsClean": "아티팩트 폴더 {0}이(가) 존재하고 깨끗한지 확인합니다.", "RMEnvironmentVariablesAvailable": "사용 가능한 환경 변수는 다음과 같습니다. 이러한 환경 변수는 \"_\"를 \".\"로 바꿔 작업(ReleaseDefinition에서)에서 참조할 수 있습니다. 예를 들어 AGENT_NAME 환경 변수는 ReleaseDefinition의 Agent.Name을 사용하여 참조할 수 있습니다. {0}", "RMErrorDownloadingContainerItem": "{0} 다운로드 오류: {1}", "RMErrorDuringArtifactDownload": "다운로드 중 오류 발생: {0}", "RMFailedCreatingArtifactDirectory": "릴리스 아티팩트 디렉터리 '{0}'을(를) 생성하지 못했습니다.", "RMFileShareArtifactErrorOnNonWindowsAgent": "OSX 또는 Linux 에이전트를 사용하여 파일 공유에서 아티팩트를 다운로드할 수 없습니다. 서버에서 아티팩트를 다운로드하거나 Windows 에이전트를 사용할 수 있습니다.", "RMGitEndpointNotFound": "작업에서 Team Foundation Git 아티팩트를 다운로드하는 데 필요한 정보를 찾을 수 없습니다.", "RMGitHubEndpointNotFound": "작업에서 GitHub 아티팩트를 다운로드하는 데 필요한 정보를 찾을 수 없음: {0}", "RMGotJenkinsArtifactDetails": "Jenkins 아티팩트 세부 정보 수신", "RMJenkinsBuildId": "빌드 ID: {0}", "RMJenkinsEndpointNotFound": "작업에서 Jenkins 아티팩트를 다운로드하는 데 필요한 정보를 찾을 수 없음: {0}", "RMJenkinsInvalidBuild": "Jenkins 빌드 {0}이(가) 잘못되었습니다.", "RMJenkinsJobName": "작업 이름: {0}", "RMJenkinsNoArtifactsFound": "Jenkins 빌드 {0}에서 사용할 수 있는 아티팩트가 없습니다.", "RMLowAvailableDiskSpace": "{0} 드라이브의 디스크 공간이 부족합니다. 사용 가능한 공간은 100MB 미만입니다.", "RMNoBuildArtifactsFound": "빌드 {0}에서 사용할 수 있는 아티팩트가 없습니다.", "RMParallelDownloadLimit": "병렬 다운로드 제한: {0}", "RMPrepareToGetFromJenkinsServer": "Jenkins 서버에서 아티팩트 정보 가져오기 준비", "RMPreparingToDownload": "아티팩트 다운로드 준비 중: {0}", "RMPreparingToGetBuildArtifactList": "빌드에서 사용 가능한 아티팩트 목록 가져오기 준비", "RMReAttemptingDownloadOfContainerItem": "{0} 다운로드를 다시 시도합니다. 오류: {1}", "RMReceivedGithubArtifactDetails": "받은 GitHub 아티팩트 세부 정보", "RMReleaseNameRequired": "릴리스 이름은 필수 항목입니다.", "RMRemainingDownloads": "남은 다운로드 수는 {0}회입니다.", "RMRetryingArtifactDownload": "다운로드 다시 시도 중...", "RMRetryingCreatingArtifactsDirectory": "{1} 예외와 함께 릴리스 아티팩트 디렉터리 {0}을(를) 생성하지 못했습니다. 릴리스 아티팩트 디렉터리 생성을 다시 시도합니다.", "RMRobocopyBasedArtifactDownloadExitCode": "Robocopy 종료 코드: {0}", "RMRobocopyBasedArtifactDownloadFailed": "종료 코드: {0}(으)로 인해 Robocopy 기반 다운로드에 실패했습니다.", "RMStartArtifactsDownload": "아티팩트 다운로드 시작 중...", "RMStreamTypeNotSupported": "릴리스 관리는 현재 버전에서 스트림 유형 {0}의 다운로드를 지원하지 않습니다.", "RMTfsVCEndpointNotFound": "Team Foundation 버전 제어 아티팩트를 다운로드하는 데 필요한 정보를 작업에서 찾을 수 없습니다.", "RMUpdateReleaseName": "릴리스 이름을 업데이트합니다.", "RMUpdateReleaseNameForRelease": "릴리스 {1}의 릴리스 이름을 {0}(으)로 업데이트합니다.", "RMUpdateReleaseNameForReleaseComment": "작업 로깅 명령을 사용하여 릴리스 이름을 {0}(으)로 업데이트", "RMUserChoseToSkipArtifactDownload": "지정된 설정에 따라 아티팩트 다운로드를 건너뜁니다.", "RobocopyBasedPublishArtifactTaskExitCode": "Robocopy 종료 코드: {0}", "RobocopyBasedPublishArtifactTaskFailed": "Robocopy 기반 게시 실패: 종료 코드: {0}", "Rosetta2Warning": "X64 에뮬레이션은 에이전트 프로세스에서 중단을 일으키는 것으로 알려져 있습니다. 네이티브(ARM) 에이전트를 사용하세요.", "RSAKeyFileNotFound": "RSA 키 파일 {0}을(를) 찾을 수 없습니다.", "RunAgentAsServiceDescription": "에이전트를 서비스로 실행하시겠습니까? (예/아니요)", "RunAsAutoLogonDescription": "자동 로그온을 구성하고 시작할 때 에이전트를 실행하시겠습니까? (예/아니요)", "RunIDNotValid": "실행 ID가 유효하지 않음: {0}", "RunningJob": "{0:u}: 실행 중인 작업: {1}", "SavedSettings": "{0:u}: 설정이 저장되었습니다.", "ScanToolCapabilities": "도구 기능을 검색합니다.", "ScreenSaverPoliciesInspection": "화면 보호기가 비활성화되는 것을 방지할 수 있는 정책을 확인 중입니다.", "ScreenSaverPolicyWarning": "화면 보호기 정책이 머신에 정의되었습니다. 이는 화면 보호기를 다시 사용할 수 있도록 설정합니다. 활성 화면 보호기는 UI 작업에 영향을 줄 수 있습니다(예: 자동화된 UI 테스트가 실패할 수 있음).", "SecretsAreNotAllowedInInjectedTaskInputs": "작업이 비밀이 포함된 대상 작업의 다음 입력에 액세스하려고 합니다.\n{0}\n비밀이 포함된 입력을 데코레이터가 삽입한 작업에 전달할 수 없습니다.", "SelfManageGitCreds": "자체 관리 git creds 모드에 있습니다. 에이전트 호스트 시스템이 모든 git 인증 챌린지를 우회할 수 있는지 확인하세요.", "ServerTarpit": "작업이 현재 서버에 의해 조절되고 있습니다. 콘솔 라인 출력, 작업 상태 보고 및 작업 로그 업로드가 지연될 수 있습니다.", "ServerTarpitUrl": "리소스 사용률 페이지 링크(전역 1시간 보기): {0}.", "ServerTarpitUrlScoped": "리소스 사용률 페이지 링크(파이프라인별 1시간 보기): {0}.", "ServerUrl": "서버 URL", "ServiceAlreadyExists": "서비스가 이미 존재합니다: {0}, 대체됩니다.", "ServiceConfigured": "서비스 {0}이(가) 성공적으로 구성되었습니다.", "ServiceDelayedStartOptionSet": "서비스 {0}이(가) 지연된 자동 시작으로 설정되었습니다.", "ServiceInstalled": "서비스 {0}이(가) 설치되었습니다.", "ServiceLockErrorRetry": "코드 {0}(으)로 서비스 DB 잠금이 실패했습니다. {1}초 후에 다시 시도합니다.", "ServiceRecoveryOptionSet": "서비스 {0}이(가) 복구 옵션을 성공적으로 설정했습니다.", "ServiceSidTypeSet": "서비스 {0}이(가) SID 유형을 성공적으로 설정했습니다.", "ServiceStartedSuccessfully": "서비스 {0}이(가) 시작되었습니다.", "SessionCreateFailed": "세션을 생성하지 못했습니다. {0}", "SessionExist": "이 에이전트에 대한 세션이 이미 있습니다.", "SessionExistStopRetry": "{0}초 동안 다시 시도한 후 SessionConflictException에서 다시 시도를 중지합니다.", "SetBuildVars": "빌드 변수를 설정합니다.", "SetEnvVar": "환경 변수 {0} 설정", "SetVariableNotAllowed": "작업 또는 빌드 정의에 의해 설정 변수 '{0}'이(가) 비활성화되었습니다.", "ShallowCheckoutFail": "단순 복사 리포지토리에서 git 체크 아웃이 실패했습니다. 수준이 '{0}'인 git fetch가 체크 아웃 커밋 '{1}'을(를) 포함하지 않기 때문입니다. 설명서(http://go.microsoft.com/fwlink/?LinkId=829603)를 참조하세요.", "ShallowLfsFetchFail": "단순 복사 리포지토리에서 git lfs fetch가 실패했습니다. 수준이 '{0}'인 git fetch가 lfs fetch 커밋 '{1}'을(를) 포함하지 않기 때문입니다. 설명서(http://go.microsoft.com/fwlink/?LinkId=829603)를 참조하세요.", "ShutdownMessage": "대화형 모드에서 에이전트를 시작하기 위해 컴퓨터를 다시 시작합니다.", "Skipping": "존재하지 않습니다. 건너뛰는 중 ", "SkipTrackingFileWithoutRepoType": "'{0}' 추적 파일을 건너뛰세요. 리포지토리 유형이 아직 업데이트되지 않았습니다.", "SourceArtifactProviderNotFound": "{0} 유형의 아티팩트에 대한 원본 공급자를 찾을 수 없습니다.", "StartingArtifactDownload": "다운로드 시작 중 {0}", "StartMaintenance": "유지 관리 시작: {0}", "StepCancelled": "작업이 취소됩니다. 다음 단계에는 예상되는 로그가 포함되어 있지 않을 수 있습니다.", "StepFinishing": "완료 중: {0}", "StepStarting": "시작: {0}", "StepTimedOut": "작업 시간이 초과되었습니다.", "StopContainer": "컨테이너 중지", "Success": "성공: ", "SupportedRepositoryEndpointNotFound": "지원되는 원본 공급자와 원본 리포지토리 엔드포인트를 일치시킬 수 없습니다.", "SupportedTaskHandlerNotFoundLinux": "현재 운영 체제에서 이 작업을 실행할 수 없습니다. 이는 일반적으로 작업이 Windows만을 위해 작성되었음을 나타냅니다(예: Windows Desktop PowerShell을 위해 작성됨).", "SupportedTaskHandlerNotFoundWindows": "지원되는 작업 실행 처리기가 없습니다. 해당 작업이 현재 운영 체제 '{0}'과(와) 호환되는 구현을 수행하지 않습니다. 자세한 내용은 작업 작성자에게 문의하세요.", "SvnBranchCheckedOut": "{2} 개정판에서 {1} 리포지토리의 {0} 분기를 체크 아웃했습니다.", "SvnEmptyServerPath": "빈 상대 서버 경로는 '{0}'에 매핑됩니다.", "SvnFileAlreadyExists": "파일 {0}이(가) 이미 있습니다.", "SvnIncorrectRelativePath": "잘못된 상대 경로 '{0}'이(가) 지정되었습니다.", "SvnMappingDuplicateLocal": "로컬 경로={0}에 대한 중복 매핑 무시", "SvnMappingDuplicateServer": "서버 경로={0}에 대한 중복 매핑 무시", "SvnMappingIgnored": "전체 매핑 세트가 무시됩니다. 전체 분기 매핑을 진행합니다.", "SvnNotInstalled": "설치된 svn 명령줄 유틸리티를 찾을 수 없음", "SvnSyncingRepo": "리포지토리 동기화 중: {0}(Svn)", "TarExtraction": "tar 압축 파일 추출 중: {0}", "TarExtractionError": "tar 압축 파일 {0} 추출 실패: {1}", "TarExtractionNotSupportedInWindows": "Windows에서는 tar 압축 풀기가 지원되지 않습니다", "TarSearchStart": "추출할 tar 압축 파일 검색 시작 중", "TarsFound": "추출할 tar 압축 파일 {0}개를 찾았습니다.", "TarsNotFound": "압축을 풀 tar 보관함이 없습니다", "TaskDownloadFailed": "작업 '{0}'을(를) 다운로드하지 못했습니다. 오류 {1}", "TaskDownloadTimeout": "작업 '{0}'이(가) {1}초 내에 다운로드를 완료하지 못했습니다.", "TaskSignatureVerificationFailed": "작업 서명 확인에 실패했습니다.", "TaskSignatureVerificationSucceeeded": "작업 서명을 확인했습니다.", "TeeEula": [ "TFVC 리포지토리에서 소스를 빌드하려면 Team Explorer Everywhere 최종 사용자 라이선스 계약에 동의해야 합니다. 이 단계는 Git 리포지토리에서 소스를 빌드하는 데 필요하지 않습니다.", "", "Team Explorer Everywhere 라이선스 계약의 사본은 다음에서 찾을 수 있습니다.", " {0}" ], "Telemetry": "원격 분석", "TelemetryCommandDataError": "원격 분석 데이터 {0}을(를) 구문 분석할 수 없습니다. 오류: {1}", "TelemetryCommandFailed": "원격 분석 데이터를 게시하지 못했습니다. 오류 {0}", "TenantId": "테넌트 ID", "TestAgentConnection": "에이전트 연결을 테스트 중입니다.", "TestAttachmentNotExists": "디스크에서 사용할 수 없으므로 첨부 파일 건너뛰기: {0}", "TestResultsRemaining": "남은 테스트 결과: {0}. 테스트 실행 ID: {1}", "Tfs2015NotSupported": "이 에이전트는 Windows에서 TFS 2015에 대해 지원되지 않습니다. TFS 2015 Windows 에이전트는 에이전트 풀 관리 페이지에서 다운로드할 수 있습니다.", "TotalThrottlingDelay": "서버 조절로 인해 작업에 총 {0}초 지연이 발생했습니다.", "TotalUploadFiles": "{0} 파일 업로드 중", "TypeRequiredForTimelineRecord": "이 새 타임라인 레코드에는 유형이 필요합니다.", "UnableResolveArtifactType": "아티팩트 위치: {0}에서 아티팩트 유형을 유추할 수 없습니다.", "UnableToArchiveResults": "테스트 결과를 보관할 수 없음: {0}", "UnableToParseBuildTrackingConfig0": "레거시 빌드 추적 구성을 구문 분석할 수 없습니다. 대신 새 빌드 디렉터리가 생성됩니다. 이전 디렉터리는 회수되지 않은 상태로 남을 수 있습니다. 기존 구성 콘텐츠: {0}", "UnconfigAutologon": "자동 로그온 설정 제거", "UnconfigureOSXService": "https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-osx에 따라 먼저 서비스 구성을 해제합니다.", "UnconfigureServiceDService": "https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-linux에 따라 먼저 서비스 구성을 해제하세요.", "UnexpectedParallelCount": "지원되지 않는 병렬 개수 '%s'입니다. 1에서 128 사이의 숫자를 입력하세요.", "UninstallingService": "서비스를 제거하는 중", "UnknownCodeCoverageTool": "코드 검사 도구 '{0}'은(는) 지원되지 않습니다.", "UnrecognizedCmdArgs": "인식할 수 없는 명령줄 입력 인수: '{0}'. 사용법은 .\\config.cmd --help 또는 ./config.sh --help를 참조하세요.", "UnregisteringAgent": "서버에서 에이전트 제거", "UnsupportedGitLfsVersion": "현재 Git LFS 버전은 에이전트에서 지원하지 않는 '{0}'입니다. 최소한 '{1}' 버전으로 업그레이드하세요. 자세한 내용은 https://github.com/git-lfs/git-lfs/issues/3571을 참조하세요.", "UnsupportedOsVersionByNet8": "이 에이전트가 실행 중인 운영 체제 버전({0})은 파이프라인 에이전트에 대한 향후 업데이트에서 지원되지 않습니다. 지원되는 운영 체제 버전은 https://aka.ms/azdo-pipeline-agent-net8을 참조하세요.", "UpdateBuildNumber": "빌드 번호 업데이트", "UpdateBuildNumberForBuild": "빌드 {1}의 빌드 번호를 {0}(으)로 업데이트", "UpdateInProgress": "에이전트 업데이트가 진행 중입니다. 에이전트를 종료하지 마세요.", "UpgradeToLatestGit": "더 나은 Git 경험을 얻으려면 Git을 '{0}' 버전 이상으로 업그레이드하세요. 현재 Git 버전은 '{1}'입니다.", "UploadArtifact": "아티팩트 업로드", "UploadArtifactCommandNotSupported": "서버 아티팩트 업로드는 {0}에서 지원되지 않습니다.", "UploadArtifactFinished": "파이프라인 아티팩트 업로드가 완료되었습니다.", "UploadingPipelineArtifact": "빌드 #{1}에 대해 {0}에서 파이프라인 아티팩트 업로드 중", "UploadToFileContainer": "파일 컨테이너에 '{0}' 업로드: '{1}'", "UserName": "사용자 이름", "UserNameLog": "에이전트 실행: '{0}'", "UserShutdownAgent": "에이전트가 종료 신호를 받았습니다. 이는 에이전트 서비스가 중지되거나 수동으로 시작된 에이전트가 취소된 경우 발생할 수 있습니다.", "Variable0ContainsCyclicalReference": "변수 '{0}'을(를) 확장할 수 없습니다. 순환 참조가 감지되었습니다.", "Variable0ExceedsMaxDepth1": "변수 '{0}'을(를) 확장할 수 없습니다. 최대 확장 깊이({1})를 초과했습니다.", "VMResourceWithSameNameAlreadyExistInEnvironment": "ID가 '{0}'인 환경에 이미 이름이 '{1}'인 가상 머신 리소스가 있습니다.", "VSTSHostNonZeroReturn": "LegacyVSTSPowerShellHost.exe가 반환 코드로 완료됨: {0}.", "WaitForServiceToStop": "서비스 중지를 기다리는 중...", "WindowsLogonAccountNameDescription": "서비스에 사용할 사용자 계정", "WindowsLogonPasswordDescription": "계정 {0}의 암호", "WorkFolderDescription": "작업 폴더", "WorkspaceMappingNotMatched": "작업 영역 매핑이 작업공간 {0}에 대해 일치하지 않습니다.", "Y": "Y", "ZipSlipFailure": "항목이 대상 디렉토리 외부에 있습니다: {0}" } ================================================ FILE: src/Misc/layoutbin/powershell/Add-AndroidSdkCapabilities.ps1 ================================================ [CmdletBinding()] param() function Get-AndroidSdkPath { # Get ANDROID_HOME environment variable. $machineVars = [System.Environment]::GetEnvironmentvariables([System.EnvironmentVariableTarget]::Machine); if ($androidHome = $machineVars['ANDROID_HOME']) { Write-Host "Found ANDROID_HOME from machine environment." return $androidHome } $userVars = [System.Environment]::GetEnvironmentvariables([System.EnvironmentVariableTarget]::User); if ($androidHome = $userVars['ANDROID_HOME']) { Write-Host "Found ANDROID_HOME from user environment." return $androidHome } # Get the SDK path from the Android SDK registry info. # The Android SDK is always x86. If running as a 32-bit process, checking # the SOFTWARE node will suffice. Otherwise, if running as a 64-bit process, # we need to check under Wow6432Node. $hiveViewPairs = @( @{ Hive = 'CurrentUser' ; View = 'Default' } @{ Hive = 'LocalMachine' ; View = 'Registry64' } @{ Hive = 'LocalMachine' ; View = 'Registry32' } ) foreach ($pair in $hiveViewPairs) { $sdkPath = Get-RegistryValue -Hive $pair.Hive -View $pair.View -KeyName "SOFTWARE\Android SDK Tools" -ValueName 'Path' $sdkPath = "$sdkPath".Trim() if ($sdkPath) { return $sdkPath } } } # Check for the SDK path. $sdkPath = Get-AndroidSdkPath if (!$sdkPath) { return } # Output the capability. Write-Capability -Name 'AndroidSDK' -Value $sdkPath # Check if the platforms directory exists. $platformsDirectory = [System.IO.Path]::Combine($sdkPath, "platforms") if (!(Test-Container -LiteralPath $platformsDirectory)) { return } # Go through installed platforms and add each to capabilities. foreach ($item in (Get-ChildItem -LiteralPath $platformsDirectory)) { if ($item -is [System.IO.DirectoryInfo]) { $sdkName = $item.Name.Replace("android-", "AndroidSDK_") Write-Capability -Name $sdkName -Value $item.FullName } } ================================================ FILE: src/Misc/layoutbin/powershell/Add-AntCapabilities.ps1 ================================================ [CmdletBinding()] param() Add-CapabilityFromEnvironment -Name 'ant' -VariableName 'ANT_HOME' ================================================ FILE: src/Misc/layoutbin/powershell/Add-ApplicationCapabilities.ps1 ================================================ [CmdletBinding()] param() Add-CapabilityFromApplication -Name 'npm' -ApplicationName 'npm' Add-CapabilityFromApplication -Name 'gulp' -ApplicationName 'gulp' Add-CapabilityFromApplication -Name 'node.js' -ApplicationName 'node' Add-CapabilityFromApplication -Name 'bower' -ApplicationName 'bower' Add-CapabilityFromApplication -Name 'grunt' -ApplicationName 'grunt' Add-CapabilityFromApplication -Name 'svn' -ApplicationName 'svn' Add-CapabilityFromApplication -Name 'cmake' -ApplicationName 'cmake' Add-CapabilityFromApplication -Name 'docker' -ApplicationName 'docker' ================================================ FILE: src/Misc/layoutbin/powershell/Add-AzureGuestAgentCapabilities.ps1 ================================================ [CmdletBinding()] param() @(Get-Process -Name 'WindowsAzureGuestAgent' -ErrorAction Ignore) | Select-Object -First 1 | ForEach-Object { Write-Capability -Name 'AzureGuestAgent' -Value $_.Path } ================================================ FILE: src/Misc/layoutbin/powershell/Add-AzurePowerShellCapabilities.ps1 ================================================ [CmdletBinding()] param() $script:capabilityName = "AzurePS" function Get-FromModulePath { [CmdletBinding()] param([string]$ModuleName) # Valid ModuleName values are Az.Accounts, AzureRM and Azure # We are looking for Az.Accounts module because "Get-Module -Name Az" is not working due to a known PowerShell bug. if (($ModuleName -ne "Az.Accounts") -and ($ModuleName -ne "AzureRM") -and ($ModuleName -ne "Azure")) { Write-Host "Attempting to find invalid module." return $false } # Attempt to resolve the module. Write-Host "Attempting to find the module '$ModuleName' from the module path." $module = Get-Module -Name $ModuleName -ListAvailable | Select-Object -First 1 if (!$module) { Write-Host "Not found." return $false } if ($ModuleName -eq "AzureRM") { # For AzureRM, validate the AzureRM.profile module can be found as well. $profileName = "AzureRM.profile" Write-Host "Attempting to find the module $profileName" $profileModule = Get-Module -Name $profileName -ListAvailable | Select-Object -First 1 if (!$profileModule) { Write-Host "Not found." return $false } } # Add the capability. Write-Capability -Name $script:capabilityName -Value $module.Version return $true } function Get-FromSdkPath { [CmdletBinding()] param([switch]$Classic) if ($Classic) { $partialPath = 'Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Azure.psd1' } else { $partialPath = 'Microsoft SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager\AzureRM.Profile\AzureRM.Profile.psd1' } foreach ($programFiles in @(${env:ProgramFiles(x86)}, $env:ProgramFiles)) { if (!$programFiles) { continue } $path = [System.IO.Path]::Combine($programFiles, $partialPath) Write-Host "Checking if path exists: $path" if (Test-Path -LiteralPath $path -PathType Leaf) { $directory = [System.IO.Path]::GetDirectoryName($path) $fileNameOnly = [System.IO.Path]::GetFileNameWithoutExtension($path) # Prepend the module path. Write-Host "Temporarily adjusting module path." $originalPSModulePath = $env:PSModulePath if ($env:PSModulePath) { $env:PSModulePath = ";$env:PSModulePath" } $env:PSModulePath = "$directory$env:PSModulePath" Write-Host "Env:PSModulePath: '$env:PSModulePath'" try { # Get the module. Write-Host "Get-Module -Name $fileNameOnly -ListAvailable" $module = Get-Module -Name $fileNameOnly -ListAvailable | Select-Object -First 1 } finally { # Revert the module path adjustment. Write-Host "Reverting module path adjustment." $env:PSModulePath = $originalPSModulePath Write-Host "Env:PSModulePath: '$env:PSModulePath'" } # Add the capability. Write-Capability -Name $script:capabilityName -Value $module.Version return $true } } return $false } Write-Host "Env:PSModulePath: '$env:PSModulePath'" $null = (Get-FromModulePath -ModuleName:"Az.Accounts") -or (Get-FromModulePath -ModuleName:"AzureRM") -or (Get-FromSdkPath -Classic:$false) -or (Get-FromModulePath -ModuleName:"Azure") -or (Get-FromSdkPath -Classic:$true) ================================================ FILE: src/Misc/layoutbin/powershell/Add-Capabilities.ps1 ================================================ [CmdletBinding()] param() Import-Module -Name 'Microsoft.PowerShell.Management' Import-Module -Name 'Microsoft.PowerShell.Utility' $ErrorActionPreference = 'Stop' Import-Module -Name $PSScriptRoot\CapabilityHelpers # Run each capability script. foreach ($item in (Get-ChildItem -LiteralPath "$PSScriptRoot" -Filter "Add-*Capabilities.ps1")) { if ($item.Name -eq ([System.IO.Path]::GetFileName($PSCommandPath))) { continue; } Write-Host "& $($item.FullName)" try { & $item.FullName } catch { Write-Host ($_ | Out-String) } } ================================================ FILE: src/Misc/layoutbin/powershell/Add-ChefCapabilities.ps1 ================================================ [CmdletBinding()] param() function Get-ChefVersionFromRegistry { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [ref]$DisplayVersion) $uninstallPath = @( 'HKLM:Software\Microsoft\Windows\CurrentVersion\Uninstall' 'HKLM:Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall' ) foreach ($uninstallPath in $uninstallPaths) { Write-Host "Checking: '$uninstallPath'" $subKeyNames = Get-ChildItem -LiteralPath $uninstallKeyName -ErrorAction Ignore | Where-Object { $_.Property -contains 'DisplayName' } ForEach-Object { $_.PSChildName } foreach ($subKeyName in $subKeyNames) { $subKeyPath = "$uninstallPath\$subKeyName" $displayName = (Get-ItemProperty -LiteralPath $subKeyPath -Property DisplayName -ErrorAction Ignore).DisplayName if (!$displayName -or ($displayName.IndexOf('Chef Development Kit', 'OrdinalIgnoreCase' -lt 0))) { continue } $DisplayVersion.Value = (Get-ItemProperty -LiteralPath $subKeyPath -Property DisplayVersion -ErrorAction Ignore).DisplayVersion Write-Host "Found: '$DisplayVersion'" return $true } } Write-Host "Not found." return $false } function Get-ChefDirectoryFromPath { $cdkBin = "$env:PATH".Split(';') | ForEach-Object { "$_".Trim() } Where-Object { "$_" -clike "*chefdk\bin*" } Select-Object -First 1 if (!$cdkBin) { return } if (!(Test-Container -LiteralPath $cdkBin)) { return } return [System.IO.Directory]::GetParent($cdkBin.TrimEnd([System.IO.Path]::DirectorySeparatorChar)).FullName } function Add-KnifeCapabilities { [Parameter(Mandatory = $true)] [string]$ChefDirectory # Get the gems directory. $gemsDirectory = [System.IO.Path]::Combine($ChefDirectory, 'embedded\lib\ruby\gems') if (!(Test-Container -LiteralPath $gemsDirectory)) { return } # Get the Knife Reporting gem file. Write-Host "Searching for Knife Reporting gem." $file = Get-ChildItem -LiteralPath $gemsDirectory -Filter "*.gem" -Recurse | Where-Object { $_ -is [System.IO.FileInfo] } | ForEach-Object { Write-Host "Candidate: '$($_.FullName)'" } | Where-Object { $_.FullName -clike '*knife-reporting*' } | Select-Object -First 1 if (!$file) { Write-Host "Not found." return } # Get the file name without the extension. $baseName = $file.BaseName # Get the version from the file name. $segments = $baseName.Split('-') $versionString = $segments[-1] $versionObject = $null if ($segments.Length -gt 1 -and ([Systme.Version]::TryParse($versionString, [ref]$versionObject))) { $versionString = $versionObject.ToString() } else { $versionString = '0.0' } # Add the capability. Write-Capability -Name 'KnifeReporting' -Value $versionString } # Get the version from the registry. $version = $null if (!(Get-ChefVersionFromRegistry -DisplayVersion ([ref]$version))) { return } # Determine the Chef directory from the PATH. $chefDirectory = Get-ChefDirectoryFromPath if (!$chefDirectory) { return } # Add the capabilities. Write-Capability -Name 'Chef' -Value $version Add-KnifeCapabilities -ChefDirectory $chefDirectory ================================================ FILE: src/Misc/layoutbin/powershell/Add-DotNetFrameworkCapabilities.ps1 ================================================ [CmdletBinding()] param() # See http://msdn.microsoft.com/en-us/library/hh925568(v=vs.110).aspx for details on how to detect framework versions # Also see http://support.microsoft.com/kb/318785 function Add-Versions { [CmdletBinding()] param( [string]$NameFormat, [Parameter(Mandatory = $true)] [string]$View, [Parameter(Mandatory = $true)] [ref]$LatestValue) # Get the install root from the registry. $installRoot = Get-RegistryValue -Hive 'LocalMachine' -View $View -KeyName 'Software\Microsoft\.NETFramework' -ValueName 'InstallRoot' if (!$installRoot) { return } # Get the version sub key names. $ndpKeyName = 'Software\Microsoft\NET Framework Setup\NDP' $versionSubKeyNames = Get-RegistrySubKeyNames -Hive 'LocalMachine' -View $View -KeyName $ndpKeyName | Where-Object { $_ -like 'v*' } foreach ($versionSubKeyName in $versionSubKeyNames) { # Get the version. $versionKeyName = "$ndpKeyName\$versionSubKeyName" $version = Get-RegistryValue -Hive 'LocalMachine' -View $View -KeyName $versionKeyName -ValueName 'Version' if ($version) { # Check if installed. $install = Get-RegistryValue -Hive 'LocalMachine' -View $View -KeyName $versionKeyName -ValueName 'Install' if ($install -ne 1) { continue } # Verify the expected install path. $version $installPath = [System.IO.Path]::Combine($installRoot, $versionSubKeyName) if (!(Test-Container -LiteralPath $installPath)) { continue } # Parse the version from the sub key name. $versionObject = [System.Version]::Parse($versionSubKeyName.Substring(1)) $capabilityName = ($NameFormat -f "$($versionObject.Major).$($versionObject.Minor)") # Add the capability. Write-Capability -Name $capabilityName -Value $installPath $LatestValue.Value = $installPath continue } # Check if deprecated. $default = Get-RegistryValue -Hive 'LocalMachine' -View $View -KeyName $versionKeyName -ValueName '' if ($default -eq 'deprecated') { continue } # Get the profile key names. $profileKeyNames = Get-RegistrySubKeyNames -Hive 'LocalMachine' -View $View -KeyName $versionKeyName | ForEach-Object { "$versionKeyName\$_" } foreach ($profileKeyName in $profileKeyNames) { # Skip if version not found. $version = Get-RegistryValue -Hive 'LocalMachine' -View $View -KeyName $profileKeyName -ValueName 'Version' if (!$version) { continue } # Skip if not installed. $install = Get-RegistryValue -Hive 'LocalMachine' -View $View -KeyName $profileKeyName -ValueName 'Install' if ($install -ne 1) { continue } # Skip if install path value not found. $installPath = Get-RegistryValue -Hive 'LocalMachine' -View $View -KeyName $profileKeyName -ValueName 'InstallPath' $installPath = "$installPath".TrimEnd([System.IO.Path]::DirectorySeparatorChar) if (!$installPath) { continue } # Determine the version string. $release = Get-RegistryValue -Hive 'LocalMachine' -View $View -KeyName $profileKeyName -ValueName 'Release' $versionString = switch ($release) { # We put the releaseVersion into version range, since customer might install beta/preview version .NET Framework. # These magic values come from: https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed 378389 { "4.5.0" } { $_ -gt 378389 -and $_ -le 378758 } { "4.5.1" } { $_ -gt 378758 -and $_ -le 379893 } { "4.5.2" } { $_ -gt 379893 -and $_ -le 380995 } { "4.5.3" } { $_ -gt 380995 -and $_ -le 393297 } { "4.6.0" } { $_ -gt 393297 -and $_ -le 394271 } { "4.6.1" } { $_ -gt 394271 -and $_ -le 394806 } { "4.6.2" } { $_ -gt 394806 -and $_ -le 460805 } { "4.7.0" } { $_ -gt 460805 -and $_ -le 461310 } { "4.7.1" } { $_ -gt 461310 -and $_ -le 461814 } { "4.7.2" } { $_ -gt 461814 } { "4.8.0"} } if (!$versionString) { continue } Write-Capability -Name ($NameFormat -f $versionString) -Value $installPath $LatestValue.Value = $installPath } } } $latest = $null Add-Versions -NameFormat 'DotNetFramework_{0}' -View 'Registry32' -LatestValue ([ref]$latest) Add-Versions -NameFormat 'DotNetFramework_{0}_x64' -View 'Registry64' -LatestValue ([ref]$latest) if ($latest) { Write-Capability -Name 'DotNetFramework' -Value $latest } ================================================ FILE: src/Misc/layoutbin/powershell/Add-JavaCapabilities.ps1 ================================================ [CmdletBinding()] param() # Define the JRE/JDK key names. $jre6KeyName = "Software\JavaSoft\Java Runtime Environment\1.6" $jre7KeyName = "Software\JavaSoft\Java Runtime Environment\1.7" $jre8KeyName = "Software\JavaSoft\Java Runtime Environment\1.8" $jdk6KeyName = "Software\JavaSoft\Java Development Kit\1.6" $jdk7KeyName = "Software\JavaSoft\Java Development Kit\1.7" $jdk8KeyName = "Software\JavaSoft\Java Development Kit\1.8" # JRE/JDK keys for major version >= 9 $jdk9AndGreaterNameOracle = "Software\JavaSoft\JDK" $jre9AndGreaterNameOracle = "Software\JavaSoft\JRE" $jre9AndGreaterName = "Software\JavaSoft\Java Runtime Environment" $jdk9AndGreaterName = "Software\JavaSoft\Java Development Kit" $minimumMajorVersion9 = 9 # JRE/JDK keys for AdoptOpenJDK $jdk9AndGreaterNameAdoptOpenJDK = "Software\AdoptOpenJDK\JDK" $jdk9AndGreaterNameAdoptOpenJRE = "Software\AdoptOpenJDK\JRE" # These keys required for several previous versions of AdoptOpenJDK that were published under the name Eclipse Foundation $jdk9AndGreaterNameAdoptOpenJDKEclipseFoundation = "Software\Eclipse Foundation\JDK" $jdk9AndGreaterNameAdoptOpenJREEclipseFoundation = "Software\Eclipse Foundation\JRE" # These keys required for latest versions of AdoptOpenJDK since they started to publish under Eclipse Adoptium name from 22th October 2021 https://blog.adoptopenjdk.net/2021/03/transition-to-eclipse-an-update/ $jdk9AndGreaterNameAdoptOpenJDKEclipseAdoptium = "Software\Eclipse Adoptium\JDK" $jdk9AndGreaterNameAdoptOpenJREEclipseAdoptium = "Software\Eclipse Adoptium\JRE" # JRE/JDK keys for AdoptOpenJDK with openj9 runtime $jdk9AndGreaterNameAdoptOpenJDKSemeru = "Software\Semeru\JDK" $jdk9AndGreaterNameAdoptOpenJRESemeru = "Software\Semeru\JRE" # JVM subdirectories for AdoptOpenJDK, since it could be ditributed with two different JVM versions, which are located in different subdirectories inside version directory $jvmHotSpot = "hotspot\MSI" $jvmOpenj9 = "openj9\MSI" # Check for JRE. $latestJre = $null $null = Add-CapabilityFromRegistry -Name 'java_6' -Hive 'LocalMachine' -View 'Registry32' -KeyName $jre6KeyName -ValueName 'JavaHome' -Value ([ref]$latestJre) $null = Add-CapabilityFromRegistry -Name 'java_7' -Hive 'LocalMachine' -View 'Registry32' -KeyName $jre7KeyName -ValueName 'JavaHome' -Value ([ref]$latestJre) $null = Add-CapabilityFromRegistry -Name 'java_8' -Hive 'LocalMachine' -View 'Registry32' -KeyName $jre8KeyName -ValueName 'JavaHome' -Value ([ref]$latestJre) $null = Add-CapabilityFromRegistry -Name 'java_6_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jre6KeyName -ValueName 'JavaHome' -Value ([ref]$latestJre) $null = Add-CapabilityFromRegistry -Name 'java_7_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jre7KeyName -ValueName 'JavaHome' -Value ([ref]$latestJre) $null = Add-CapabilityFromRegistry -Name 'java_8_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jre8KeyName -ValueName 'JavaHome' -Value ([ref]$latestJre) if (-not (Test-Path env:DISABLE_JAVA_CAPABILITY_HIGHER_THAN_9)) { try { $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'java_' -Hive 'LocalMachine' -View 'Registry32' -KeyName $jre9AndGreaterName -ValueName 'JavaHome' -Value ([ref]$latestJre) -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'java_' -Hive 'LocalMachine' -View 'Registry32' -KeyName $jre9AndGreaterNameOracle -ValueName 'JavaHome' -Value ([ref]$latestJre) -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'java_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jre9AndGreaterName -ValueName 'JavaHome' -Value ([ref]$latestJre) -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'java_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jre9AndGreaterNameOracle -ValueName 'JavaHome' -Value ([ref]$latestJre) -MinimumMajorVersion $minimumMajorVersion9 } catch { Write-Host "An error occured while trying to check if there are JRE >= 9" Write-Host $_ } } # Check default reg keys for AdoptOpenJDK in case we didn't find JRE in JavaSoft if (-not $latestJre) { # AdoptOpenJDK section $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'java_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk9AndGreaterNameAdoptOpenJRE -ValueName 'Path' -Value ([ref]$latestJre) -VersionSubdirectory $jvmHotSpot -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'java_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk9AndGreaterNameAdoptOpenJRE -ValueName 'Path' -Value ([ref]$latestJre) -VersionSubdirectory $jvmOpenj9 -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'java_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk9AndGreaterNameAdoptOpenJREEclipseAdoptium -ValueName 'Path' -Value ([ref]$latestJre) -VersionSubdirectory $jvmHotSpot -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'java_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk9AndGreaterNameAdoptOpenJREEclipseFoundation -ValueName 'Path' -Value ([ref]$latestJre) -VersionSubdirectory $jvmHotSpot -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'java_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk9AndGreaterNameAdoptOpenJRESemeru -ValueName 'Path' -Value ([ref]$latestJre) -VersionSubdirectory $jvmOpenj9 -MinimumMajorVersion $minimumMajorVersion9 } if ($latestJre) { # Favor x64. Write-Capability -Name 'java' -Value $latestJre } # Check for JDK. $latestJdk = $null $null = Add-CapabilityFromRegistry -Name 'jdk_6' -Hive 'LocalMachine' -View 'Registry32' -KeyName $jdk6KeyName -ValueName 'JavaHome' -Value ([ref]$latestJdk) $null = Add-CapabilityFromRegistry -Name 'jdk_7' -Hive 'LocalMachine' -View 'Registry32' -KeyName $jdk7KeyName -ValueName 'JavaHome' -Value ([ref]$latestJdk) $null = Add-CapabilityFromRegistry -Name 'jdk_8' -Hive 'LocalMachine' -View 'Registry32' -KeyName $jdk8KeyName -ValueName 'JavaHome' -Value ([ref]$latestJdk) $null = Add-CapabilityFromRegistry -Name 'jdk_6_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk6KeyName -ValueName 'JavaHome' -Value ([ref]$latestJdk) $null = Add-CapabilityFromRegistry -Name 'jdk_7_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk7KeyName -ValueName 'JavaHome' -Value ([ref]$latestJdk) $null = Add-CapabilityFromRegistry -Name 'jdk_8_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk8KeyName -ValueName 'JavaHome' -Value ([ref]$latestJdk) if (-not (Test-Path env:DISABLE_JAVA_CAPABILITY_HIGHER_THAN_9)) { try { $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'jdk_' -Hive 'LocalMachine' -View 'Registry32' -KeyName $jdk9AndGreaterName -ValueName 'JavaHome' -Value ([ref]$latestJdk) -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'jdk_' -Hive 'LocalMachine' -View 'Registry32' -KeyName $jdk9AndGreaterNameOracle -ValueName 'JavaHome' -Value ([ref]$latestJdk) -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'jdk_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk9AndGreaterName -ValueName 'JavaHome' -Value ([ref]$latestJdk) -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'jdk_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk9AndGreaterNameOracle -ValueName 'JavaHome' -Value ([ref]$latestJdk) -MinimumMajorVersion $minimumMajorVersion9 } catch { Write-Host "An error occured while trying to check if there are JDK >= 9" Write-Host $_ } } # Check default reg keys for AdoptOpenJDK in case we didn't find JDK in JavaSoft if (-not $latestJdk) { # AdoptOpenJDK section $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'jdk_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk9AndGreaterNameAdoptOpenJDK -ValueName 'Path' -Value ([ref]$latestJdk) -VersionSubdirectory $jvmHotSpot -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'jdk_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk9AndGreaterNameAdoptOpenJDK -ValueName 'Path' -Value ([ref]$latestJdk) -VersionSubdirectory $jvmOpenj9 -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'jdk_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk9AndGreaterNameAdoptOpenJDKEclipseAdoptium -ValueName 'Path' -Value ([ref]$latestJdk) -VersionSubdirectory $jvmHotSpot -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'jdk_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk9AndGreaterNameAdoptOpenJDKEclipseFoundation -ValueName 'Path' -Value ([ref]$latestJdk) -VersionSubdirectory $jvmHotSpot -MinimumMajorVersion $minimumMajorVersion9 $null = Add-CapabilityFromRegistryWithLastVersionAvailable -PrefixName 'jdk_' -PostfixName '_x64' -Hive 'LocalMachine' -View 'Registry64' -KeyName $jdk9AndGreaterNameAdoptOpenJDKSemeru -ValueName 'Path' -Value ([ref]$latestJdk) -VersionSubdirectory $jvmOpenj9 -MinimumMajorVersion $minimumMajorVersion9 } if ($latestJdk) { # Favor x64. Write-Capability -Name 'jdk' -Value $latestJdk if (!($latestJre)) { Write-Capability -Name 'java' -Value $latestJdk } } ================================================ FILE: src/Misc/layoutbin/powershell/Add-MSBuildCapabilities.ps1 ================================================ [CmdletBinding()] param() function Get-MSBuildCapabilities { param ( [Parameter(Mandatory = $true)] [int]$MajorVersion, [switch]$Add_x64 ) $vs = Get-VisualStudio -MajorVersion $MajorVersion $capabilitySuffix = [string]::Empty if($Add_x64) { $msbuildInstallationPath = 'MSBuild\Current\Bin\amd64' $capabilitySuffix = "_x64" } else { $msbuildInstallationPath = 'MSBuild\Current\Bin' } if ($vs -and $vs.installationPath) { # Add MSBuild_$($MajorVersion).0. # End with "\" for consistency with old MSBuildToolsPath value. $msbuild = ([System.IO.Path]::Combine($vs.installationPath, $msbuildInstallationPath)) + '\' if ((Test-Leaf -LiteralPath "$($msbuild)MSBuild.exe")) { Write-Capability -Name "MSBuild_$($MajorVersion).0$($capabilitySuffix)" -Value $msbuild $latest = $msbuild } } if ($latest) { Write-Capability -Name "MSBuild$($capabilitySuffix)" -Value $latest } } # Define the key names. $keyName20 = "Software\Microsoft\MSBuild\ToolsVersions\2.0" $keyName35 = "Software\Microsoft\MSBuild\ToolsVersions\3.5" $keyName40 = "Software\Microsoft\MSBuild\ToolsVersions\4.0" $keyName12 = "Software\Microsoft\MSBuild\ToolsVersions\12.0" $keyName14 = "Software\Microsoft\MSBuild\ToolsVersions\14.0" # Add 32-bit. $latest = $null $null = Add-CapabilityFromRegistry -Name "MSBuild_2.0" -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName20 -ValueName 'MSBuildToolsPath' -Value ([ref]$latest) $null = Add-CapabilityFromRegistry -Name "MSBuild_3.5" -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName35 -ValueName 'MSBuildToolsPath' -Value ([ref]$latest) $null = Add-CapabilityFromRegistry -Name "MSBuild_4.0" -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName40 -ValueName 'MSBuildToolsPath' -Value ([ref]$latest) $null = Add-CapabilityFromRegistry -Name "MSBuild_12.0" -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName12 -ValueName 'MSBuildToolsPath' -Value ([ref]$latest) $null = Add-CapabilityFromRegistry -Name "MSBuild_14.0" -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName14 -ValueName 'MSBuildToolsPath' -Value ([ref]$latest) $vs15 = Get-VisualStudio -MajorVersion 15 if ($vs15 -and $vs15.installationPath) { # Add MSBuild_15.0. # End with "\" for consistency with old MSBuildToolsPath value. $msbuild15 = ([System.IO.Path]::Combine($vs15.installationPath, 'MSBuild\15.0\Bin')) + '\' if ((Test-Leaf -LiteralPath "$($msbuild15)MSBuild.exe")) { Write-Capability -Name 'MSBuild_15.0' -Value $msbuild15 $latest = $msbuild15 } } Get-MSBuildCapabilities -MajorVersion 16 Get-MSBuildCapabilities -MajorVersion 17 Get-MSBuildCapabilities -MajorVersion 18 # Add 64-bit. $latest = $null $null = Add-CapabilityFromRegistry -Name "MSBuild_2.0_x64" -Hive 'LocalMachine' -View 'Registry64' -KeyName $keyName20 -ValueName 'MSBuildToolsPath' -Value ([ref]$latest) $null = Add-CapabilityFromRegistry -Name "MSBuild_3.5_x64" -Hive 'LocalMachine' -View 'Registry64' -KeyName $keyName35 -ValueName 'MSBuildToolsPath' -Value ([ref]$latest) $null = Add-CapabilityFromRegistry -Name "MSBuild_4.0_x64" -Hive 'LocalMachine' -View 'Registry64' -KeyName $keyName40 -ValueName 'MSBuildToolsPath' -Value ([ref]$latest) $null = Add-CapabilityFromRegistry -Name "MSBuild_12.0_x64" -Hive 'LocalMachine' -View 'Registry64' -KeyName $keyName12 -ValueName 'MSBuildToolsPath' -Value ([ref]$latest) $null = Add-CapabilityFromRegistry -Name "MSBuild_14.0_x64" -Hive 'LocalMachine' -View 'Registry64' -KeyName $keyName14 -ValueName 'MSBuildToolsPath' -Value ([ref]$latest) if ($vs15 -and $vs15.installationPath) { # Add MSBuild_15.0_x64. # End with "\" for consistency with old MSBuildToolsPath value. $msbuild15 = ([System.IO.Path]::Combine($vs15.installationPath, 'MSBuild\15.0\Bin\amd64')) + '\' if ((Test-Leaf -LiteralPath "$($msbuild15)MSBuild.exe")) { Write-Capability -Name 'MSBuild_15.0_x64' -Value $msbuild15 $latest = $msbuild15 } } Get-MSBuildCapabilities -MajorVersion 16 -Add_x64 Get-MSBuildCapabilities -MajorVersion 17 -Add_x64 Get-MSBuildCapabilities -MajorVersion 18 -Add_x64 ================================================ FILE: src/Misc/layoutbin/powershell/Add-MavenCapabilities.ps1 ================================================ [CmdletBinding()] param() Write-Host "Checking: env:JAVA_HOME" if (!$env:JAVA_HOME) { Write-Host "Value not found or empty." return } if($env:M2_HOME) { Add-CapabilityFromEnvironment -Name 'maven' -VariableName 'M2_HOME' } else { Write-Host "M2_HOME not set. Checking in PATH" Add-CapabilityFromApplication -Name 'maven' -ApplicationName 'mvn' } ================================================ FILE: src/Misc/layoutbin/powershell/Add-PowerShellCapabilities.ps1 ================================================ [CmdletBinding()] param() Write-Capability -Name 'PowerShell' -Value $PSVersionTable.PSVersion ================================================ FILE: src/Misc/layoutbin/powershell/Add-ScvmmAdminConsoleCapabilities.ps1 ================================================ [CmdletBinding()] param() foreach ($view in @('Registry64', 'Registry32')) { if ((Add-CapabilityFromRegistry -Name 'SCVMMAdminConsole' -Hive 'LocalMachine' -View $view -KeyName 'Software\Microsoft\Microsoft System Center Virtual Machine Manager Administrator Console\Setup' -ValueName 'InstallPath')) { break } } ================================================ FILE: src/Misc/layoutbin/powershell/Add-SqlPackageCapabilities.ps1 ================================================ [CmdletBinding()] param() function Get-MaxInfoFromSqlServer { [CmdletBinding()] param() $sqlServerKeyName = 'Software\Microsoft\Microsoft SQL Server' foreach ($view in @( 'Registry32', 'Registry64' )) { $versions = Get-RegistrySubKeyNames -Hive 'LocalMachine' -View $view -KeyName $sqlServerKeyName | # Filter to include integer key names only. ForEach-Object { $i = 0 if (([int]::TryParse($_, [ref]$i))) { $i } } | Sort-Object -Descending foreach ($version in $versions) { # Get the install directory. $verSpecificRootDir = Get-RegistryValue -Hive 'LocalMachine' -View $view -KeyName "$sqlServerKeyName\$version" -Value 'VerSpecificRootDir' if (!$verSpecificRootDir) { continue } # Test for SqlPackage.exe. $file = [System.IO.Path]::Combine($verSpecificRootDir, 'Dac', 'bin', 'SqlPackage.exe') if (!(Test-Leaf -LiteralPath $file)) { continue } # Return the info as an object with properties (for sorting). return New-Object psobject -Property @{ File = $file Version = $version } } } } function Get-MaxInfoFromSqlServerDtaf { [CmdletBinding()] param() $dtafKeyName = 'Software\Microsoft\Microsoft SQL Server\Data-Tier Application Framework' foreach ($view in @( 'Registry32', 'Registry64' )) { $versions = Get-RegistrySubKeyNames -Hive 'LocalMachine' -View $view -KeyName $dtafKeyName | # Filter to include integer key names only. ForEach-Object { $i = 0 if (([int]::TryParse($_, [ref]$i))) { $i } } | Sort-Object -Descending foreach ($version in $versions) { # Get the install directory. $installDir = Get-RegistryValue -Hive 'LocalMachine' -View $view -KeyName "$dtafKeyName\$version" -Value 'InstallDir' if (!$installDir) { continue } # Test for SqlPackage.exe. $file = [System.IO.Path]::Combine($installDir, 'SqlPackage.exe') if (!(Test-Leaf -LiteralPath $file)) { continue } # Return the info as an object with properties (for sorting). return New-Object psobject -Property @{ File = $file Version = $version } } } } function Get-MaxInfoFromVisualStudio_15_0 { [CmdletBinding()] param() $vs15 = Get-VisualStudio -MajorVersion 15 if ($vs15 -and $vs15.installationPath) { # End with "\" for consistency with old ShellFolder values. $shellFolder15 = $vs15.installationPath.TrimEnd('\'[0]) + "\" # Test for the DAC directory. $dacDirectory = [System.IO.Path]::Combine($shellFolder15, 'Common7', 'IDE', 'Extensions', 'Microsoft', 'SQLDB', 'DAC') $sqlPacakgeInfo = Get-SqlPacakgeFromDacDirectory -dacDirectory $dacDirectory if($sqlPacakgeInfo -and $sqlPacakgeInfo.File) { return $sqlPacakgeInfo } } } function Get-MaxInfoFromVisualStudio_16_0 { [CmdletBinding()] param() $vs16 = Get-VisualStudio -MajorVersion 16 if ($vs16 -and $vs16.installationPath) { # End with "\" for consistency with old ShellFolder values. $shellFolder16 = $vs16.installationPath.TrimEnd('\'[0]) + "\" # Test for the DAC directory. $dacDirectory = [System.IO.Path]::Combine($shellFolder16, 'Common7', 'IDE', 'Extensions', 'Microsoft', 'SQLDB', 'DAC') $sqlPacakgeInfo = Get-SqlPacakgeFromDacDirectory -dacDirectory $dacDirectory if($sqlPacakgeInfo -and $sqlPacakgeInfo.File) { return $sqlPacakgeInfo } } } function Get-MaxInfoFromVisualStudio { [CmdletBinding()] param() $visualStudioKeyName = 'Software\Microsoft\VisualStudio' foreach ($view in @( 'Registry32', 'Registry64' )) { $versions = Get-RegistrySubKeyNames -Hive 'LocalMachine' -View $view -KeyName $visualStudioKeyName | # Filter to include integer key names only. ForEach-Object { $d = 0 if (([decimal]::TryParse($_, [ref]$d))) { $d } } | Sort-Object -Descending foreach ($version in $versions) { # Get the install directory. $installDir = Get-RegistryValue -Hive 'LocalMachine' -View $view -KeyName "$visualStudioKeyName\$version" -Value 'InstallDir' if (!$installDir) { continue } # Test for the DAC directory. $dacDirectory = [System.IO.Path]::Combine($installDir, 'Extensions', 'Microsoft', 'SQLDB', 'DAC') $sqlPacakgeInfo = Get-SqlPacakgeFromDacDirectory -dacDirectory $dacDirectory if($sqlPacakgeInfo -and $sqlPacakgeInfo.File) { return $sqlPacakgeInfo } } } } function Get-SqlPacakgeFromDacDirectory { [CmdletBinding()] param([string] $dacDirectory) if (!(Test-Container -LiteralPath $dacDirectory)) { return } # Get the DAC version folders. $dacVersions = Get-ChildItem -LiteralPath $dacDirectory | Where-Object { $_ -is [System.IO.DirectoryInfo] } # Filter to include integer key names only. ForEach-Object { $i = 0 if (([int]::TryParse($_.Name, [ref]$i))) { $i } } | Sort-Object -Descending foreach ($dacVersion in $dacVersions) { # Test for SqlPackage.exe. $file = [System.IO.Path]::Combine($dacDirectory, $dacVersion, 'SqlPackage.exe') if (!(Test-Leaf -LiteralPath $file)) { continue } # Return the info as an object with properties (for sorting). return New-Object psobject -Property @{ File = $file Version = $dacVersion } } } $sqlPackageInfo = @( ) $sqlPackageInfo += (Get-MaxInfoFromSqlServer) $sqlPackageInfo += (Get-MaxInfoFromSqlServerDtaf) $sqlPackageInfo += (Get-MaxInfoFromVisualStudio) $sqlPackageInfo += (Get-MaxInfoFromVisualStudio_15_0) $sqlPackageInfo += (Get-MaxInfoFromVisualStudio_16_0) $sqlPackageInfo | Sort-Object -Property Version -Descending | Select -First 1 | ForEach-Object { Write-Capability -Name 'SqlPackage' -Value $_.File } ================================================ FILE: src/Misc/layoutbin/powershell/Add-VisualStudioCapabilities.ps1 ================================================ [CmdletBinding()] param() function Add-TestCapability { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Name, [Parameter(Mandatory = $true)] $ShellPath, [Parameter(Mandatory = $true)] [ref]$Value) $directory = [System.IO.Path]::Combine($ShellPath, 'Common7\IDE\CommonExtensions\Microsoft\TestWindow') if (!(Test-Container -LiteralPath $directory)) { return } [string]$file = [System.IO.Path]::Combine($directory, 'vstest.console.exe') if (!(Test-Leaf -LiteralPath $file)) { return } Write-Capability -Name $Name -Value $directory $Value.Value = $directory } function Get-VSCapabilities { param ( [Parameter(Mandatory = $true)] [ValidateSet(15, 16, 17, 18)] [int]$MajorVersion, [Parameter(Mandatory = $true)] [string]$keyName ) $vs = Get-VisualStudio -MajorVersion $MajorVersion if ($vs -and $vs.installationPath) { # Add VisualStudio_$($MajorVersion).0. # End with "\" for consistency with old ShellFolder values. $shellFolder = $vs.installationPath.TrimEnd('\'[0]) + "\" Write-Capability -Name "VisualStudio_$($MajorVersion).0" -Value $shellFolder $latestVS = $shellFolder # Add VisualStudio_IDE_$($MajorVersion).0. # End with "\" for consistency with old InstallDir values. $installDir = ([System.IO.Path]::Combine($shellFolder, 'Common7', 'IDE')) + '\' if ((Test-Container -LiteralPath $installDir)) { Write-Capability -Name "VisualStudio_IDE_$($MajorVersion).0" -Value $installDir $latestIde = $installDir } # Add VSTest_$($MajorVersion).0. $testWindowDir = [System.IO.Path]::Combine($installDir, 'CommonExtensions\Microsoft\TestWindow') $vstestConsole = [System.IO.Path]::Combine($testWindowDir, 'vstest.console.exe') if ((Test-Leaf -LiteralPath $vstestConsole)) { Write-Capability -Name "VSTest_$($MajorVersion).0" -Value $testWindowDir $latestTest = $testWindowDir } } else { if ((Add-CapabilityFromRegistry -Name "VisualStudio_$($MajorVersion).0" -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName -ValueName 'ShellFolder' -Value ([ref]$latestVS))) { $null = Add-CapabilityFromRegistry -Name "VisualStudio_IDE_$($MajorVersion).0" -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName -ValueName 'InstallDir' -Value ([ref]$latestIde) Add-TestCapability -Name "VSTest_$($MajorVersion).0" -ShellPath $latestVS -Value ([ref]$latestTest) } } if ($latestVS) { Write-Capability -Name 'VisualStudio' -Value $latestVS } if ($latestIde) { Write-Capability -Name 'VisualStudio_IDE' -Value $latestIde } if ($latestTest) { Write-Capability -Name 'VSTest' -Value $latestTest } } # Define the key names. $keyName10 = 'Software\Microsoft\VisualStudio\10.0' $keyName11 = 'Software\Microsoft\VisualStudio\11.0' $keyName12 = 'Software\Microsoft\VisualStudio\12.0' $keyName14 = 'Software\Microsoft\VisualStudio\14.0' $keyName15 = 'Software\Microsoft\VisualStudio\15.0' $keyName16 = 'Software\Microsoft\VisualStudio\16.0' $keyName17 = 'Software\Microsoft\VisualStudio\17.0' $keyName18 = 'Software\Microsoft\VisualStudio\18.0' # Add the capabilities. $latestVS = $null $latestIde = $null $latestTest = $null $null = Add-CapabilityFromRegistry -Name 'VisualStudio_10.0' -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName10 -ValueName 'ShellFolder' -Value ([ref]$latestVS) $null = Add-CapabilityFromRegistry -Name 'VisualStudio_IDE_10.0' -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName10 -ValueName 'InstallDir' -Value ([ref]$latestIde) $null = Add-CapabilityFromRegistry -Name 'VisualStudio_11.0' -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName11 -ValueName 'ShellFolder' -Value ([ref]$latestVS) $null = Add-CapabilityFromRegistry -Name 'VisualStudio_IDE_11.0' -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName11 -ValueName 'InstallDir' -Value ([ref]$latestIde) if ((Add-CapabilityFromRegistry -Name 'VisualStudio_12.0' -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName12 -ValueName 'ShellFolder' -Value ([ref]$latestVS))) { $null = Add-CapabilityFromRegistry -Name 'VisualStudio_IDE_12.0' -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName12 -ValueName 'InstallDir' -Value ([ref]$latestIde) Add-TestCapability -Name 'VSTest_12.0' -ShellPath $latestVS -Value ([ref]$latestTest) } if ((Add-CapabilityFromRegistry -Name 'VisualStudio_14.0' -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName14 -ValueName 'ShellFolder' -Value ([ref]$latestVS))) { $null = Add-CapabilityFromRegistry -Name 'VisualStudio_IDE_14.0' -Hive 'LocalMachine' -View 'Registry32' -KeyName $keyName14 -ValueName 'InstallDir' -Value ([ref]$latestIde) Add-TestCapability -Name 'VSTest_14.0' -ShellPath $latestVS -Value ([ref]$latestTest) } Get-VSCapabilities -MajorVersion 15 -keyName $keyName15 Get-VSCapabilities -MajorVersion 16 -keyName $keyName16 Get-VSCapabilities -MajorVersion 17 -keyName $keyName17 Get-VSCapabilities -MajorVersion 18 -keyName $keyName18 ================================================ FILE: src/Misc/layoutbin/powershell/Add-WindowsKitCapabilities.ps1 ================================================ [CmdletBinding()] param() $rootsKeyName = 'Software\Microsoft\Windows Kits\Installed Roots' $valueNames = Get-RegistryValueNames -Hive 'LocalMachine' -View 'Registry32' -KeyName $rootsKeyName $versionInfos = @( ) foreach ($valueName in $valueNames) { if (!"$valueName".StartsWith('KitsRoot', 'OrdinalIgnoreCase')) { continue } $installDirectory = Get-RegistryValue -Hive 'LocalMachine' -View 'Registry32' -KeyName $rootsKeyName -ValueName $valueName $splitInstallDirectory = "$installDirectory".Split(@( ([System.IO.Path]::DirectorySeparatorChar) ) ) | ForEach-Object { "$_".Trim() } | Where-Object { $_ } $splitInstallDirectory = @( $splitInstallDirectory ) if ($splitInstallDirectory.Length -eq 0) { continue } $version = $null if (!([System.Version]::TryParse($splitInstallDirectory[-1], [ref]$version))) { continue } Write-Capability -Name "WindowsKit_$($version.Major).$($version.Minor)" -Value $installDirectory $versionInfos += @{ Version = $version InstallDirectory = $installDirectory } } if ($versionInfos.Length) { $maxInfo = $versionInfos | Sort-Object -Descending -Property Version | Select-Object -First 1 Write-Capability -Name "WindowsKit" -Value $maxInfo.InstallDirectory } ================================================ FILE: src/Misc/layoutbin/powershell/Add-WindowsSdkCapabilities.ps1 ================================================ [CmdletBinding()] param() $windowsSdks = @( ) # Get the Windows SDK version sub-key names. $windowsSdkKeyName = 'Software\Microsoft\Microsoft SDKs\Windows' $versionSubKeyNames = Get-RegistrySubKeyNames -Hive 'LocalMachine' -View 'Registry32' -KeyName $windowsSdkKeyName | Where-Object { $_ -clike 'v*A' -or $_ -clike 'v10*' } foreach ($versionSubKeyName in $versionSubKeyNames) { # Parse the version. $version = $null if ($versionSubKeyName -clike '*A') { if (!([System.Version]::TryParse($versionSubKeyName.Substring(1, $versionSubKeyName.Length - 2), [ref]$version))) { continue } } else { if (!([System.Version]::TryParse($versionSubKeyName.Substring(1, $versionSubKeyName.Length - 1), [ref]$version))) { continue } } # Get the installation folder. $versionKeyName = "$windowsSdkKeyName\$versionSubKeyName" $installationFolder = Get-RegistryValue -Hive 'LocalMachine' -View 'Registry32' -KeyName $versionKeyName -Value 'InstallationFolder' if (!$installationFolder) { continue } # Add the Windows SDK capability. $installationFolder = $installationFolder.TrimEnd([System.IO.Path]::DirectorySeparatorChar) $windowsSdkCapabilityName = ("WindowsSdk_{0}.{1}" -f $version.Major, $version.Minor) Write-Capability -Name $windowsSdkCapabilityName -Value $installationFolder # Add the Windows SDK info as an object with properties (for sorting). $windowsSdks += New-Object psobject -Property @{ InstallationFolder = $installationFolder Version = $version } # Get the NetFx sub-key names. $netFxSubKeyNames = Get-RegistrySubKeyNames -Hive 'LocalMachine' -View 'Registry32' -KeyName $versionKeyName | Where-Object { $_ -clike '*NetFx*x86' -or $_ -clike '*NetFx*x64' } foreach ($netFxSubKeyName in $netFxSubKeyNames) { # Get the installation folder. $netFxKeyName = "$versionKeyName\$netFxSubKeyName" $installationFolder = Get-RegistryValue -Hive 'LocalMachine' -View 'Registry32' -KeyName $netFxKeyName -Value 'InstallationFolder' if (!$installationFolder) { continue } $installationFolder = $installationFolder.TrimEnd([System.IO.Path]::DirectorySeparatorChar) # Add the NetFx tool capability. $toolName = $netFxSubKeyName.Substring($netFxSubKeyName.IndexOf('NetFx')) # Trim before "NetFx". $toolName = $toolName.Substring(0, $toolName.Length - '-x86'.Length) # Trim the trailing "-x86"/"-x64". if ($netFxSubKeyName -clike '*x86') { $netFxCapabilityName = "$($windowsSdkCapabilityName)_$toolName" } else { $netFxCapabilityName = "$($windowsSdkCapabilityName)_$($toolName)_x64" } Write-Capability -Name $netFxCapabilityName -Value $installationFolder } } # Add a capability for the max. $maxWindowsSdk = $windowsSdks | Sort-Object -Property Version -Descending | Select-Object -First 1 if ($maxWindowsSdk) { Write-Capability -Name 'WindowsSdk' -Value $maxWindowsSdk.InstallationFolder } ================================================ FILE: src/Misc/layoutbin/powershell/Add-XamarinAndroidCapabilities.ps1 ================================================ [CmdletBinding()] param() if (!(Add-CapabilityFromRegistry -Name 'Xamarin.Android' -Hive 'LocalMachine' -View 'Registry32' -KeyName 'Software\Novell\Mono for Android' -ValueName 'InstalledVersion')) { foreach ($vsver in @(17, 16, 15)) { $vs = Get-VisualStudio -MajorVersion $vsver if ($vs -and $vs.installationPath) { # End with "\" for consistency with old ShellFolder values. $shellFolder = $vs.installationPath.TrimEnd('\'[0]) + "\" $xamarinAndroidDir = ([System.IO.Path]::Combine($shellFolder, 'MSBuild', 'Xamarin', 'Android')) + '\' if ((Test-Container -LiteralPath $xamarinAndroidDir)) { # Xamarin.Android 7 has a Version file, and this file is renamed to Version.txt in Xamarin.Android 8.x $found = $false foreach ($file in @('Version', 'Version.txt')) { $versionFile = ([System.IO.Path]::Combine($xamarinAndroidDir, $file)) $version = Get-Content -ErrorAction ignore -TotalCount 1 -LiteralPath $versionFile if ($version) { Write-Capability -Name 'Xamarin.Android' -Value $version.trim() $found = $true break } } if ($found) { break } } } } } ================================================ FILE: src/Misc/layoutbin/powershell/CapabilityHelpers/CapabilityFunctions.ps1 ================================================ function Add-CapabilityFromApplication { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Name, [Parameter(Mandatory = $true)] [string]$ApplicationName) Write-Host "Checking for application: '$ApplicationName'" $application = Get-Command -Name $ApplicationName -CommandType Application -ErrorAction Ignore | Select-Object -First 1 if (!$application) { Write-Host "Not found." return } Write-Capability -Name $Name -Value $application.Path } function Add-CapabilityFromEnvironment { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Name, [Parameter(Mandatory = $true)] [string]$VariableName, [ref]$Value) $path = "env:$VariableName" Write-Host "Checking: '$path'" $val = (Get-Item -LiteralPath $path -ErrorAction Ignore).Value if (!$val) { Write-Host "Value not found or is empty." return } Write-Capability -Name $Name -Value $val if ($Value) { $Value.Value = $val } } function Add-CapabilityFromRegistry { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Name, [Parameter(Mandatory = $true)] [ValidateSet('CurrentUser', 'LocalMachine')] [string]$Hive, [Parameter(Mandatory = $true)] [ValidateSet('Default', 'Registry32', 'Registry64')] [string]$View, [Parameter(Mandatory = $true)] [string]$KeyName, [Parameter(Mandatory = $true)] [string]$ValueName, [ref]$Value) $val = Get-RegistryValue -Hive $Hive -View $View -KeyName $KeyName -ValueName $ValueName if ($val -eq $null) { return $false } if ($val -is [string] -and $val -eq '') { return $false } Write-Capability -Name $Name -Value $val if ($Value) { $Value.Value = $val } return $true } function Add-CapabilityFromRegistryWithLastVersionAvailableForSubkey { <# .SYNOPSIS Retrieves capability from registry for specified key and subkey. Considers that subkey has semver format #> [CmdletBinding()] param( # Prefix name of capability [Parameter(Mandatory = $true)] [string]$PrefixName, # Postfix name of capability [Parameter(Mandatory = $false)] [string]$PostfixName, [Parameter(Mandatory = $true)] [ValidateSet('CurrentUser', 'LocalMachine')] [string]$Hive, [Parameter(Mandatory = $true)] [ValidateSet('Default', 'Registry32', 'Registry64')] [string]$View, # Registry key [Parameter(Mandatory = $true)] [string]$KeyName, [Parameter(Mandatory = $true)] [string]$ValueName, # Registry subkey [Parameter(Mandatory = $true)] [string]$Subkey, # Regkey subdirectory inside particular version [Parameter(Mandatory = $false)] [string]$VersionSubdirectory, # Major version of tool to be added as capability [Parameter(Mandatory = $true)] [int]$MajorVersion, # Minimum major version of tool to be added as capability. All versions detected less than this version - will be ignored. # This is helpful for backward compatibility with already existing logic for previous versions [Parameter(Mandatory = $false)] [int]$MinimumMajorVersion, [ref]$Value) try { Write-Host $MajorVersion $MinimumMajorVersion if ($MajorVersion -lt $MinimumMajorVersion) { return $false } $wholeKey = "" if ( -not [string]::IsNullOrEmpty($VersionSubdirectory)) { $versionDir = Join-Path -Path $KeyName -ChildPath $Subkey $wholeKey = Join-Path -Path $versionDir -ChildPath $VersionSubdirectory } else { $wholeKey = Join-Path -Path $KeyName -ChildPath $Subkey } $capabilityValue = Get-RegistryValue -Hive $Hive -View $View -KeyName $wholeKey -ValueName $ValueName if ([string]::IsNullOrEmpty($capabilityValue)) { return $false } $capabilityName = $PrefixName + $MajorVersion + $PostfixName Write-Capability -Name $capabilityName -Value $capabilityValue if ($Value) { $Value.Value = $capabilityValue } return $true } catch { return $false } } function Add-CapabilityFromRegistryWithLastVersionAvailable { <# .SYNOPSIS Retrieves capability from registry with last version. Considers that subkeys for specified key name are versions (in semver format like 1.2.3) This is useful to detect last version of tools as agent capabilities .EXAMPLE If KeyName = 'SOFTWARE\JavaSoft\JDK', and this registry key contains subkeys: 14.0.1, 16.0 - it will write the last one as specified capability #> [CmdletBinding()] param( # Prefix name of capability [Parameter(Mandatory = $true)] [string]$PrefixName, # Postfix name of capability [Parameter(Mandatory = $false)] [string]$PostfixName, [Parameter(Mandatory = $true)] [ValidateSet('CurrentUser', 'LocalMachine')] [string]$Hive, [Parameter(Mandatory = $true)] [ValidateSet('Default', 'Registry32', 'Registry64')] [string]$View, # Registry key [Parameter(Mandatory = $true)] [string]$KeyName, # Regkey subdirectory inside particular version [Parameter(Mandatory = $false)] [string]$VersionSubdirectory, [Parameter(Mandatory = $true)] [string]$ValueName, # Minimum major version of tool to be added as capability. All versions detected less than this version - will be ignored. # This is helpful for backward compatibility with already existing logic for previous versions [Parameter(Mandatory = $false)] [string]$MinimumMajorVersion, [ref]$Value) try { $subkeys = Get-RegistrySubKeyNames -Hive $Hive -View $View -KeyName $KeyName | Sort-Object $versionSubkeys = $subkeys | ForEach {[tuple]::Create((Parse-Version -Version $_), $_)} | Where { ![string]::IsNullOrEmpty($_.Item1)} $sortedVersionSubkeys = $versionSubkeys | Sort-Object -Property @{Expression = {$_.Item1}; Descending = $False} Write-Host $sortedVersionSubkeys[-1].Item1.Major $res = Add-CapabilityFromRegistryWithLastVersionAvailableForSubkey -PrefixName $PrefixName -PostfixName $PostfixName -Hive $Hive -View $View -KeyName $KeyName -ValueName $ValueName -Subkey $sortedVersionSubkeys[-1].Item2 -VersionSubdirectory $VersionSubdirectory -MajorVersion $sortedVersionSubkeys[-1].Item1.Major -Value $Value -MinimumMajorVersion $MinimumMajorVersion if (!$res) { Write-Host "An error occured while trying to get last available version for capability: " $PrefixName + "" + $PostfixName Write-Host $_ $major = (Parse-Version -Version $subkeys[-1]).Major $res = Add-CapabilityFromRegistryWithLastVersionAvailableForSubkey -PrefixName $PrefixName -PostfixName $PostfixName -Hive $Hive -View $View -KeyName $KeyName -ValueName $ValueName -Subkey $subkeys[-1] -MajorVersion $major -Value $Value -MinimumMajorVersion $MinimumMajorVersion if(!$res) { Write-Host "An error occured while trying to set capability for first found subkey: " $subkeys[-1] Write-Host $_ return $false } } return $true } catch { Write-Host "An error occured while trying to sort subkeys for capability as versions: " $PrefixName + "" + $PostfixName Write-Host $_ return $false } } function Write-Capability { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Name, [string]$Value) $escapeMappings = @( # TODO: WHAT ABOUT "="? WHAT ABOUT "%"? New-Object psobject -Property @{ Token = ';' ; Replacement = '%3B' } New-Object psobject -Property @{ Token = "`r" ; Replacement = '%0D' } New-Object psobject -Property @{ Token = "`n" ; Replacement = '%0A' } ) $formattedName = "$Name" $formattedValue = "$Value" foreach ($mapping in $escapeMappings) { $formattedName = $formattedName.Replace($mapping.Token, $mapping.Replacement) $formattedValue = $formattedValue.Replace($mapping.Token, $mapping.Replacement) } Write-Host "##vso[agent.capability name=$formattedName]$formattedValue" } ================================================ FILE: src/Misc/layoutbin/powershell/CapabilityHelpers/CapabilityHelpers.psm1 ================================================ [CmdletBinding()] param() $ErrorActionPreference = 'Stop' # Import the helper functions. . $PSScriptRoot\CapabilityFunctions . $PSScriptRoot\PathFunctions . $PSScriptRoot\RegistryFunctions . $PSScriptRoot\VisualStudioFunctions . $PSScriptRoot\VersionFunctions # Export the public functions. Export-ModuleMember -Function @( # Capability functions. 'Add-CapabilityFromApplication' 'Add-CapabilityFromEnvironment' 'Add-CapabilityFromRegistry' 'Add-CapabilityFromRegistryWithLastVersionAvailable' 'Write-Capability' # File system functions with tracing built-in. 'Test-Container' 'Test-Leaf' # Registry functions. 'Get-RegistrySubKeyNames' 'Get-RegistryValue' 'Get-RegistryValueNames' # Visual Studio functions. 'Get-VisualStudio' ) ================================================ FILE: src/Misc/layoutbin/powershell/CapabilityHelpers/PathFunctions.ps1 ================================================ function Test-Container { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$LiteralPath) Write-Host "Testing container: '$LiteralPath'" if ((Test-Path -LiteralPath $LiteralPath -PathType Container)) { Write-Host 'Exists.' return $true } Write-Host 'Does not exist.' return $false } function Test-Leaf { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$LiteralPath) Write-Host "Testing leaf: '$LiteralPath'" if ((Test-Path -LiteralPath $LiteralPath -PathType Leaf)) { Write-Host 'Exists.' return $true } Write-Host 'Does not exist.' return $false } ================================================ FILE: src/Misc/layoutbin/powershell/CapabilityHelpers/RegistryFunctions.ps1 ================================================ function Get-RegistrySubKeyNames { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [ValidateSet('CurrentUser', 'LocalMachine')] [string]$Hive, [Parameter(Mandatory = $true)] [ValidateSet('Default', 'Registry32', 'Registry64')] [string]$View, [Parameter(Mandatory = $true)] [string]$KeyName) Write-Host "Checking: hive '$Hive', view '$View', key name '$KeyName'" if ($View -eq 'Registry64' -and !([System.Environment]::Is64BitOperatingSystem)) { Write-Host "Skipping." return } $baseKey = $null $subKey = $null try { # Open the base key. $baseKey = [Microsoft.Win32.RegistryKey]::OpenBaseKey($Hive, $View) # Open the sub key as read-only. $subKey = $baseKey.OpenSubKey($KeyName, $false) # Check if the sub key was found. if (!$subKey) { Write-Host "Key not found." return } # Get the sub-key names. $subKeyNames = $subKey.GetSubKeyNames() Write-Host "Sub keys:" foreach ($subKeyName in $subKeyNames) { Write-Host " '$subKeyName'" } return $subKeyNames } finally { # Dispose the sub key. if ($subKey) { $null = $subKey.Dispose() } # Dispose the base key. if ($baseKey) { $null = $baseKey.Dispose() } } } function Get-RegistryValue { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [ValidateSet('CurrentUser', 'LocalMachine')] [string]$Hive, [Parameter(Mandatory = $true)] [ValidateSet('Default', 'Registry32', 'Registry64')] [string]$View, [Parameter(Mandatory = $true)] [string]$KeyName, [string]$ValueName) Write-Host "Checking: hive '$Hive', view '$View', key name '$KeyName', value name '$ValueName'" if ($View -eq 'Registry64' -and !([System.Environment]::Is64BitOperatingSystem)) { Write-Host "Skipping." return } $baseKey = $null $subKey = $null try { # Open the base key. $baseKey = [Microsoft.Win32.RegistryKey]::OpenBaseKey($Hive, $View) # Open the sub key as read-only. $subKey = $baseKey.OpenSubKey($KeyName, $false) # Check if the sub key was found. if (!$subKey) { Write-Host "Key not found." return } # Get the value. $value = $subKey.GetValue($ValueName) # Check if the value was not found or is empty. if ([System.Object]::ReferenceEquals($value, $null) -or ($value -is [string] -and !$value)) { Write-Host "Value not found or is empty." return } # Return the value. Write-Host "Found $($value.GetType().Name) value: '$value'" return $value } finally { # Dispose the sub key. if ($subKey) { $null = $subKey.Dispose() } # Dispose the base key. if ($baseKey) { $null = $baseKey.Dispose() } } } function Get-RegistryValueNames { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [ValidateSet('CurrentUser', 'LocalMachine')] [string]$Hive, [Parameter(Mandatory = $true)] [ValidateSet('Default', 'Registry32', 'Registry64')] [string]$View, [Parameter(Mandatory = $true)] [string]$KeyName) Write-Host "Checking: hive '$Hive', view '$View', key name '$KeyName', value name '$ValueName'" if ($View -eq 'Registry64' -and !([System.Environment]::Is64BitOperatingSystem)) { Write-Host "Skipping." return } $baseKey = $null $subKey = $null try { # Open the base key. $baseKey = [Microsoft.Win32.RegistryKey]::OpenBaseKey($Hive, $View) # Open the sub key as read-only. $subKey = $baseKey.OpenSubKey($KeyName, $false) # Check if the sub key was found. if (!$subKey) { Write-Host "Key not found." return } # Get the value names. $valueNames = $subKey.GetValueNames() Write-Host "Value names:" foreach ($valueName in $valueNames) { Write-Host " '$valueName'" } return $valueNames } finally { # Dispose the sub key. if ($subKey) { $null = $subKey.Dispose() } # Dispose the base key. if ($baseKey) { $null = $baseKey.Dispose() } } } ================================================ FILE: src/Misc/layoutbin/powershell/CapabilityHelpers/VersionFunctions.ps1 ================================================ function Parse-Version { <# .SYNOPSIS Parses version from provided. Allows incomplete versions like 16.0. Returns empty string if there is more than 4 numbers divided by dot or string is not in semver format .EXAMPLE Parse-Version -Version "1.3.5" #> [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Version) if ($Version.IndexOf(".") -lt 0) { return [System.Version]::Parse("$($Version).0") } try { $res = [System.Version]::Parse($Version) return $res } catch { return "" } } ================================================ FILE: src/Misc/layoutbin/powershell/CapabilityHelpers/VisualStudioFunctions.ps1 ================================================ function Get-VisualStudio { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [ValidateSet(15, 16, 17, 18)] [int]$MajorVersion ) try { # Query for the latest 15.*/16.*/17.*/18.* version. # # Note, the capability is registered as VisualStudio_15.0/VisualStudio_16.0/VisualStudio_17.0/VisualStudio_18.0 however the actual # version may something like 15.2/16.2. $preReleaseFlag = [string]::Empty; if ($env:IncludePrereleaseVersions -eq $true) { $preReleaseFlag = "-prerelease" } Write-Host "Getting latest Visual Studio $MajorVersion setup instance." $output = New-Object System.Text.StringBuilder Write-Host "& $PSScriptRoot\..\..\..\externals\vswhere\vswhere.exe -version '[$MajorVersion.0,$($MajorVersion+1).0)' -latest $($preReleaseFlag) -format json" & $PSScriptRoot\..\..\..\externals\vswhere\vswhere.exe -version "[$MajorVersion.0,$($MajorVersion+1).0)" -latest $preReleaseFlag -format json 2>&1 | ForEach-Object { if ($_ -is [System.Management.Automation.ErrorRecord]) { Write-Host "STDERR: $($_.Exception.Message)" } else { Write-Host $_ $null = $output.AppendLine($_) } } Write-Host "Exit code: $LASTEXITCODE" if ($LASTEXITCODE -eq 0) { $instance = (ConvertFrom-Json -InputObject $output.ToString()) | Select-Object -First 1 if (!$instance) { Write-Host "Getting latest BuildTools $MajorVersion setup instance." $output = New-Object System.Text.StringBuilder Write-Host "& $PSScriptRoot\..\..\..\externals\vswhere\vswhere.exe -version '[$MajorVersion.0,$($MajorVersion+1).0)' -products Microsoft.VisualStudio.Product.BuildTools -latest $preReleaseFlag -format json" & $PSScriptRoot\..\..\..\externals\vswhere\vswhere.exe -version "[$MajorVersion.0,$($MajorVersion+1).0)" -products Microsoft.VisualStudio.Product.BuildTools -latest $preReleaseFlag -format json 2>&1 | ForEach-Object { if ($_ -is [System.Management.Automation.ErrorRecord]) { Write-Host "STDERR: $($_.Exception.Message)" } else { Write-Host $_ $null = $output.AppendLine($_) } } Write-Host "Exit code: $LASTEXITCODE" if ($LASTEXITCODE -eq 0) { $instance = (ConvertFrom-Json -InputObject $output.ToString()) | Select-Object -First 1 } } return $instance } } catch { Write-Host ($_ | Out-String) } } ================================================ FILE: src/Misc/layoutbin/powershell/Get-LocalGroupMembership.ps1 ================================================ <# .SYNOPSIS Get a list of local groups the current Windows user belongs to. .DESCRIPTION The Get-LocalGroupMembership.ps1 script gets the current Windows user and prints the local group memberships for that user. If Get-LocalGroupMember cmdlet failed to list group members, it tries to check membership using ADSI adapter. #> [CmdletBinding()] param() function Test-LocalGroupMembershipADSI { <# .SYNOPSIS Checks if a user is a member of a local group using ADSI. Returns $true if the user is a member of the group. .EXAMPLE Test-LocalGroupMembershipADSI -Group "Users" -UserName "Domain/UserName" #> [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Group, [Parameter(Mandatory = $true)] [string]$UserName ) # Get a group object using ADSI adapter $groupObject = [ADSI]"WinNT://./$Group" $groupMemberPaths = @($groupObject.Invoke('Members') | ForEach-Object { ([ADSI]$_).path }) $groupMembers = $groupMemberPaths | ForEach-Object { [regex]::match($_, '^WinNT://(.*)').groups[1].value } # Format names as group members are returned with a forward slashes $names = $groupMembers.Replace("`/", "`\") return ($names -contains $UserName) } $user = [Security.Principal.WindowsIdentity]::GetCurrent() Write-Host "Local group membership for current user: $($user.Name)" $userGroups = @() foreach ($group in Get-LocalGroup) { # The usernames are returned in the following string format "domain\username" try { if (Get-LocalGroupMember -ErrorAction Stop -Group $group | Where-Object name -like $user.Name) { $userGroups += $group.name } } catch { try { # There is a known issue with Get-LocalGroupMember cmdlet: https://github.com/PowerShell/PowerShell/issues/2996 # Trying to overcome the issue using ADSI if (Test-LocalGroupMembershipADSI -Group $group -UserName $user.Name) { $userGroups += $group.name } } catch { Write-Warning "Unable to get local group members for group $group" Write-Host $_.Exception } } } $userGroups ================================================ FILE: src/Misc/layoutbin/powershell/Start-AzpTask.ps1 ================================================ <# A PowerShell script that is used to invoke a VSTS task script. This script is used by the VSTS task runner to invoke the task script. This script replaces some legacy stuff in PowerShell3Handler.cs and turns it into a dedicated signed script. since it is parameterized it can be signed and trusted for WDAC and CLM. #> param ( [Parameter(mandatory = $true)] [string]$VstsSdkPath, [Parameter(mandatory = $true)] [string]$DebugOption, [Parameter(mandatory = $true)] [string]$ScriptBlockString ) function Get-ClmStatus { # This is new functionality to detect if we are running in a constrained language mode. # This is only used to display debug data if the device is in CLM mode by default. # Create a temp file and add the command which not allowed in constrained language mode. $tempFileGuid = New-Guid | Select-Object -Expand Guid $tempFile = "$($env:AGENT_TEMPDIRECTORY)\$($tempFileGuid).ps1" Write-Output '$null = New-Object -TypeName System.Collections.ArrayList' | Out-File -FilePath $tempFile try { . $tempFile $status = "FullLanguage" } catch [System.Management.Automation.PSNotSupportedException] { $status = "ConstrainedLanguage" } Remove-Item $tempFile return $status } $VerbosePreference = $DebugOption $DebugPreference = $DebugOption if (!$PSHOME) { Write-Error -Message "The execution cannot be continued since the PSHOME variable is not defined." -ErrorAction Stop } # Check if the device is in CLM mode by default. $clmResults = Get-ClmStatus Write-Verbose "PowerShell Language mode: $($clmResults)" if ([Console]::InputEncoding -is [Text.UTF8Encoding] -and [Console]::InputEncoding.GetPreamble().Length -ne 0) { [Console]::InputEncoding = New-Object Text.UTF8Encoding $false } Import-Module -Name ([System.IO.Path]::Combine($PSHOME, 'Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1')) Import-Module -Name ([System.IO.Path]::Combine($PSHOME, 'Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1')) $importSplat = @{ Name = $VstsSdkPath ErrorAction = 'Stop' } # Import the module and catch any errors try { Import-Module @importSplat } catch { Write-Verbose $_.Exception.Message -Verbose throw $_.Exception } # Now create the task and hand of to the task script try { Invoke-VstsTaskScript -ScriptBlock ([scriptblock]::Create( $ScriptBlockString )) } # We want to add improved error handling here - if the error is "xxx\powershell.ps1 is not recognized as the name of a cmdlet, function, script file, or operable program" # catch { Write-Verbose "Invoke-VstsTaskScript -ScriptBlock ([scriptblock]::Create( $ScriptBlockString ))" Write-Verbose $_.Exception.Message -Verbose throw $_.Exception } # ================================================ FILE: src/Misc/layoutbin/ru-RU/strings.json ================================================ { "AcceptTeeEula": "(Да/Нет) Принять лицензионное соглашение Team Explorer Everywhere?", "AccessDenied": "Доступ запрещен", "AccessDeniedSettingDelayedStartOption": "Отказано в доступе, так как при настройке службы произошла задержка для параметров автоматического запуска.", "AccessDeniedSettingRecoveryOption": "Отказано в доступе при настройке параметров восстановления службы.", "AccessDeniedSettingSidType": "Отказано в доступе при настройке типа SID службы.", "AddAgentFailed": "Не удалось добавить агент. Повторите попытку или нажмите CTRL-C для выхода", "AddBuildTag": "Добавить тег сборки", "AddDeploymentGroupTagsFlagDescription": "теги группы развертывания для агента? (Да/Нет)", "AddEnvironmentVMResourceTags": "Теги ресурсов виртуальной машины среды? (Да/Нет)", "AgentAddedSuccessfully": "Агент успешно добавлен", "AgentAlreadyInsideContainer": "Функция контейнера не поддерживается, если агент уже работает в контейнере. Обратитесь к документации (https://go.microsoft.com/fwlink/?linkid=875268).", "AgentCdnAccessFailWarning": "Требуется действие: агенту Azure Pipelines не удается получить доступ к новому URL-адресу CDN. Добавьте \"download.agent.dev.azure.com\" в список разрешений, чтобы предотвратить сбои в работе конвейера. Сведения: https://devblogs.microsoft.com/devops/cdn-domain-url-change-for-agents-in-pipelines/", "AgentDoesNotSupportContainerFeatureRhel6": "Агент не поддерживает функцию контейнера в Red Hat Enterprise Linux 6 или CentOS 6.", "AgentDowngrade": "Понижение версии агента до более ранней. Обычно это обусловлено откатом текущего опубликованного агента для исправления ошибки. Чтобы отключить это поведение, задайте для переменной среды AZP_AGENT_DOWNGRADE_DISABLED значение true перед запуском агента.", "AgentExit": "Агент скоро завершит работу для обновления. Он должен снова заработать в течение 10 секунд.", "AgentIsNotConfigured": "Агент не настроен.", "AgentMachineNameLog": "Имя компьютера агента: ''{0}''", "AgentMachinePoolNameLabel": "пул агентов", "AgentName": "имя агента", "AgentNameLog": "Имя агента: ''{0}''", "AgentOutOfMemoryFailure": "Рабочая роль агента завершила работу с кодом 137. Это означает, что ей недостаточно памяти. Настройте в узле агента (контейнера) достаточный объем памяти.", "AgentReplaced": "Агент успешно заменен", "agentRootFolderCheckError": "Не удается проверить правила доступа к корневой папке агента. Дополнительные сведения см. в журнале.", "agentRootFolderInsecure": "Предупреждение системы безопасности! Группа \"{0}\" имеет доступ для записи или изменения папки агента. Дополнительные сведения см. в журнале.", "AgentRunningBehindProxy": "Агент работает за прокси-сервером: ''{0}''", "AgentVersion": "Текущая версия агента: ''{0}''", "AgentWithSameNameAlreadyExistInPool": "Пул {0} уже содержит агент с именем {1}.", "AllowContainerUserRunDocker": "Разрешить пользователю ''{0}'' запускать любую команду Docker без SUDO.", "AlreadyConfiguredError": "Не удалось настроить агент, так как он уже настроен. Чтобы перенастроить агент, сначала запустите команду ''config.cmd remove'' или ''./config.sh remove''.", "ApkAddShadowFailed": "Идентификатор пользователя находится за пределами диапазона команды \"adduser\". Не удается использовать альтернативную команду \"useradd\", так как пакет \"shadow\" не предустановлен и попытка установить этот пакет не удалась. Проверьте доступность сети или используйте образ Docker с предустановленным пакетом \"shadow\".", "ArgumentNeeded": "Следует указать ''{0}''.", "ArtifactCustomPropertiesNotJson": "Настраиваемые свойства артефакта не имеют допустимого формата JSON: ''{0}''", "ArtifactCustomPropertyInvalid": "Настраиваемые свойства артефакта должны иметь префикс \"user-\". Недопустимое свойство: ''{0}''", "ArtifactDownloadFailed": "Не удалось скачать артефакт из {0}.", "ArtifactLocationRequired": "Требуется расположение артефакта.", "ArtifactNameIsNotValid": "Недопустимое имя артефакта: {0}. Оно не может содержать символы \"\\\", \"/\", \"'\", \":\", \"<\", \">\", \"|\", \"*\" и \"?\".", "ArtifactNameRequired": "Требуется имя артефакта.", "ArtifactTypeRequired": "Требуется указать тип артефакта.", "AssociateArtifact": "Сопоставить артефакт", "AssociateArtifactCommandNotSupported": "Связывание артефакта сервера не поддерживается в {0}.", "AssociateArtifactWithBuild": "Связанный артефакт {0} со сборкой {1}", "AssociateFiles": "Сопоставление файлов", "AttachFileNotExist": "Не удалось присоединить (тип:{0} имя:{1}) файл: {2}. Файл не существует.", "AttachmentExceededMaximum": "Выполняется пропуск вложений, так как превышен максимально допустимый размер в 75 МБ: {0}", "AttemptRemoveCredFromConfig": "Состоялась неудачная попытка с помощью командной строки Git удалить \"{0}\" из конфигурации Git. Производится попытка изменить файл конфигурации Git напрямую для удаления учетных данных.", "AuthenticationType": "тип проверки подлинности", "AutoLogonAccountGmsaHint": "Если вы пытаетесь использовать учетную запись gMSA, поместите знак доллара ($) в конец имени учетной записи)", "AutoLogonAccountNameDescription": "Учетная запись пользователя, используемая для автоматического входа", "AutoLogonOverwriteDeniedError": "Не удалось настроить автоматический вход, так как он уже настроен для другого пользователя ({0}) на компьютере. Для перезаписи используйте \"--overwriteautologon\".", "AutoLogonPolicies_LegalNotice": "Официальное уведомление", "AutoLogonPolicies_ShutdownReason": "Причина завершения работы", "AutoLogonPoliciesInspection": "Проверка наличия политик, которые могут препятствовать правильной работе автоматического входа.", "AutoLogonPoliciesWarningsHeader": "Следующие политики могут повлиять на автоматический вход:", "BeginArtifactItemsIntegrityCheck": "Запуск проверки целостности элементов артефактов", "BlobStoreDownloadWarning": "Не удалось скачать артефакт из хранилища BLOB-объектов. Выполняется возврат к TFS. Это приведет к снижению производительности скачивания. Проверьте, разрешен ли доступ к {0} правилами брандмауэра. Убедитесь, что брандмауэр агента настроен правильно: {1}", "BlobStoreUploadWarning": "Не удалось отправить артефакт в хранилище BLOB-объектов. Выполняется возврат к TFS. Это резервное действие будет удалено в будущем выпуске. Проверьте, разрешен ли доступ к {0} правилами брандмауэра. Убедитесь, что брандмауэр агента настроен правильно: {1}", "BuildDirLastUseTIme": "Последнее использование каталога сборки ''{0}'': {1}", "BuildIdIsNotAvailable": "Была предпринята попытка скачать артефакт конвейера в среде \"{0}\", но идентификатор сборки не указан. Вы можете скачивать артефакты конвейера в среде \"{1}\" только в том случае, если артефакт является сборкой.", "BuildIdIsNotValid": "Недопустимый идентификатор сборки: {0}", "BuildingFileTree": "Построение дерева файлов", "BuildLogsMessage": "Агент отключил отправку журналов. После завершения задания можно получить журналы этого шага по адресу {0} в агенте.", "BuildNumberRequired": "Требуется номер сборки.", "BuildsDoesNotExist": "В указанном определении конвейера сейчас нет сборок.", "BuildTagAddFailed": "Не удалось добавить тег сборки ''{0}''.", "BuildTagRequired": "Требуется тег сборки.", "BuildTagsForBuild": "Теперь сборка ''{0}'' имеет следующие теги: {1}", "CannotChangeParentTimelineRecord": "Не удалось изменить родительскую запись временной шкалы для существующей записи временной шкалы.", "CannotDownloadFromCurrentEnvironment": "Не удалось скачать артефакт конвейера из среды {0}.", "CannotFindHostName": "Не удалось найти имя организации VSTS в URL-адресе сервера: \"{0}\".", "CanNotFindService": "Не удалось найти службу {0}", "CanNotGrantPermission": "Не удалось предоставить разрешение LogonAsService пользователю {0}", "CanNotStartService": "Не удалось запустить службу. Дополнительные сведения см. в журналах.", "CanNotStopService": "Не удалось своевременно остановить службу {0}.", "CannotUploadFile": "Не удалось отправить файл, так как не указано расположение файла.", "CannotUploadFromCurrentEnvironment": "Не удалось отправить артефакт конвейера из среды {0}.", "CannotUploadSummary": "Не удалось отправить файл сводки, расположение файла сводки не указано.", "CheckoutTaskDisplayNameFormat": "Извлечение {0}@{1} в {2}", "CleaningDestinationFolder": "Очистка конечной папки: {0}", "ClientId": "Идентификатор клиента (приложения)", "ClientSecret": "Секрет клиента", "ClockSkewStopRetry": "Повторная попытка исключения запроса токена OAuth прекращена через {0} с.", "CodeCoverageDataIsNull": "Данные об объеме протестированного кода не найдены. Дополнительные сведения см. в сообщениях об ошибках и предупреждениях сборки.", "CodeCoveragePublishIsValidOnlyForBuild": "Публикация объема протестированного кода работает только для \"build\".", "CollectionName": "Имя коллекции", "CommandDuplicateDetected": "Команда {0} уже установлена для области {1}", "CommandKeywordDetected": "\"{0}\" содержит зарезервированное слово команды ведения журнала \"##vso\", но не является допустимой командой. Список допустимых команд см. на странице https://go.microsoft.com/fwlink/?LinkId=817296.", "CommandLineHelp": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "Команды:", " .{0}config.{1} Настраивает агент", " .{0}config.{1} remove Отменяет настройку агента", " .{0}run.{1} Запускает агент в интерактивном режиме", " .{0}run.{1} --once Запускает агент, принимая не более одного задания перед завершением работы", "", "Параметры:", " --version Печать версии агента", " --commit Печать фиксации агента", " --help Вывод справки по каждой команде" ], "CommandLineHelp_Common": [ "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Общие параметры", " --url URL-адрес сервера. Например: https://myaccount.visualstudio.com или", " http://onprem:8080/tfs", " --auth тип проверки подлинности. Допустимые значения:", " pat (маркер личного доступа)", " согласование (Kerberos или NTLM)", " alt (базовая проверка подлинности)", " интегрированные (учетные данные Windows по умолчанию)", " sp (субъект-служба)", " --token Используется с --auth pat. Токен личного доступа.", " --userName <имя_пользователя> Используется с --auth negotiate или --auth alt. Укажите имя пользователя Windows", " имя в формате: домен\\имя_пользователя или имя_пользователя@домен.com", " --password <пароль> Используется с --auth negotiate или --auth alt.", " --unattended Автоматическая конфигурация. Без отображения запроса. Все ответы должны быть", " необходимо указать в командной строке.", " --version Печать версии агента", " --commit Печать фиксации агента", " --help Вывод справки" ], "CommandLineHelp_Configure": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", ".{0}config.{1} [options]", "", "Справку по отмене настройки см. по адресу .{0}config.{1} remove --help", "", "{2}", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Настройка параметров", " --pool Имя пула, к которому присоединится агент", " --agent имя агента", " --replace Замените агента в пуле. Если другой агент прослушивает этот", " имя, оно начнется с ошибкой конфликта.", " --work Рабочий каталог, в котором хранятся данные задания. По умолчанию _work под", " корневой каталог агента. Рабочий каталог принадлежит заданному", " агент и не должен использоваться совместно несколькими агентами.", " --acceptTeeEula только для macOS и Linux. Принять лицензионное соглашение TEE.", " --gitUseSChannel Только Windows. Попросите Git использовать собственное хранилище сертификатов Windows.", " --alwaysExtractTask Выполнить распаковку задач для каждого шага конвейера.", " --disableLogUploads Не выполняйте потоковую передачу и не отправляйте вывод журнала консоли на сервер. Вместо этого вы можете извлечь их из файловой системы узла агента после завершения задания. ЗАМЕТКА. Нельзя использовать с --reStreamLogsToFiles, это вызовет ошибку.", " --reStreamLogsToFiles Выполните потоковую передачу или отправьте вывод журнала консоли на сервер, а также файл журнала в файловую систему узла агента. ЗАМЕТКА. Нельзя использовать с --disableLogUploads, это вызовет ошибку.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Параметры запуска (только Windows):", " --runAsService Настройка агента для запуска в качестве службы Windows. Требует", " разрешения администратора.", " --preventServiceStart Настройте службу Windows, чтобы она не запускалась сразу после настройки.", " --runAsAutoLogon Настройка автоматического входа в систему и запуск агента при запуске. Требует", " разрешения администратора.", " --windowsLogonAccount используется с --runAsService или --runAsAutoLogon. Укажите пользователя Windows", " имя в формате: домен\\имя_пользователя или имя_пользователя@домен.com", " --windowsLogonPassword Используется с --runAsService или --runAsAutoLogon. Пароль для входа в Windows.", " --overwriteAutoLogon Используется с --runAsAutoLogon. Перезаписать все существующие автоматические входы в", " компьютер.", " --noRestart Используется с --runAsAutoLogon. Не перезапускать после настройки", " выполнение.", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "Обзор группы развертывания", " --deploymentGroup Настройте агент как агент группы развертывания.", " --projectName используется с --deploymentGroup. Имя командного проекта.", " --addDeploymentGroupTags Используется с --deploymentGroup. Укажите, чтобы добавить теги группы развертывания.", " --deploymentGroupName Используется с --deploymentGroup. Группа развертывания, к которой должен присоединиться агент.", " --deploymentGroupTags используется с --addDeploymentGroupTags. Разделенный запятыми список тегов для", " агента группы развертывания. Например, \"web, db\".", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "Примеры автоматической конфигурации:", "", "Проверка подлинности VSTS", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --acceptTeeEula", "", "Локальное TFS с встроенной проверкой подлинности (только для Windows)", ".\\config.cmd --unattended --url http://mylocaltfsserver:8080/tfs --auth integrated --pool default --agent myAgent", "", "Локальная TFS с согласованием аутентификации", ".{0}config.{1} --unattended --url http://mylocaltfsserver:8080/tfs --auth negotiate --userName myDomain\\myUserName --password myPassword --pool default --agent myAgent --acceptTeeEula", "", "Замена существующего агента тем же именем агента", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --replace --acceptTeeEula", "", "Укажите рабочий каталог агента (Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work D:\\agent_work", "", "Укажите рабочий каталог агента (macOS и Linux)", "./config.sh --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work usr/local/agent_work", "", "Запускать как службу Windows, которая используется для входа в networkService (только Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService", "", "Запуск от имени службы Windows, которая входит в систему как учетная запись домена (только для Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "Запуск в качестве службы Windows, которая входит в систему с учетной записью домена (только для Windows) и не запускает службу немедленно", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --preventServiceStart --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword ", "", "Запускать как агент автоматического входа (только Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "Запускать как агент автоматического входа и не перезапускать после настройки (только Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword --noRestart", "", "Агент группы развертывания работает как служба Windows, которая входит в систему как локализованная система (только Windows)", ".\\config.cmd --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\"", "", "Агент группы развертывания с тегами", ".{0}config.{1} --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\" --acceptTeeEula" ], "CommandLineHelp_Env": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "Переменные среды:", "Любой аргумент командной строки может быть указан как переменная среды. Использовать формат", "VSTS_AGENT_INPUT_. Например: VSTS_AGENT_INPUT_PASSWORD" ], "CommandLineHelp_Remove": [ ".{0}config.{1} remove [options]", "", "{2}", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "Примеры автоматического удаления:", "", "VSTS", ".{0}config.{1} remove --unattended --auth pat --token myToken", "", "Локальное TFS с встроенной проверкой подлинности (только для Windows)", ".{0}config.{1} remove --unattended --auth integrated", "", "Локальное TFS с встроенной проверкой подлинности", ".{0}config.{1} remove --unattended --auth negotiate --username myDomain\\myUserName --password myPassword" ], "CommandNotAllowed": "##vso[{0}.{1}] запрещен на этом шаге из-за ограничений политики. Обратитесь к документации (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound": "Не удается найти расширение команды для ##vso[{0}.command]. Справочная документация (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound2": "##vso[{0}.{1}] не является распознаемой командой для расширения {2} команды. Справочная документация (http://go.microsoft.com/fwlink/?LinkId=817296).", "CommandNotSupported": "{0} команды не поддерживаются для {1} потока. Справочная документация (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandProcessFailed": "Не удалось обработать команду '{0}' успешно. Обратитесь к документации (http://go.microsoft.com/fwlink/?LinkId=817296)", "ConnectingToServer": "Соединение с сервером ...", "ConnectSectionHeader": "Подключить", "ConnectToServer": "Подключение к серверу.", "ContainerWindowsVersionRequirement": "Для использования контейнеров требуется Windows Server 1803 или более поздней версии. Обратитесь к документации (https://go.microsoft.com/fwlink/?linkid=875268).", "CopyFileComplete": "Артефакты успешно опубликованы в {0}", "CopyFileToDestination": "Копирование файла {0} в {1}", "CorruptedArtifactItemsList": "Следующие элементы не прошли проверку целостности:", "CouldNotRemoveService": "Не удалось удалить службу {0}", "CreateUserWithSameUIDInsideContainer": "Попробуйте создать пользователя с идентификатором пользователя {0} внутри контейнера.", "CurrentUTC": "Текущее время в формате UTC: {0}", "CustomLogDoesNotExist": "Путь к файлу журнала не указан, или файл не существует: {0}", "CustomMarkDownSummaryDoesNotExist": "Путь к файлу сводки Markdown не указан или файл не существует: {0}", "DeleteGCTrackingFile": "Удалить файл отслеживания GC после удаления {0}", "DeleteUnusedBuildDir": "Удалить неиспользуемые каталоги сборки", "DeleteUnusedReleaseDir": "Удалить неиспользуемые каталоги выпуска", "Deleting": "Удаление: {0}", "DeletingCredentials": "Удаление .credentials", "DeletingSettings": "Удаление .agent", "DeploymentGroupName": "Имя группы развертывания", "DeploymentGroupNotFound": "Группа развертывания не найдена: {0}", "DeploymentGroupTags": "Список тегов, разделенный запятыми (например, web, db)", "DeploymentGroupTagsAddedMsg": "Теги успешно добавлены", "DeploymentMachineWithSameNameAlreadyExistInDeploymentGroup": "DeploymentGroup {0} уже содержит компьютер с именем {1}.", "DeploymentPoolName": "Имя пула развертывания", "DeploymentPoolNotFound": "Пул развертывания не найден: \"{0}\"", "DeprecatedNode6": "В этой задаче используется обработчик выполнения Node 6, который будет удален 31 марта 2022 г. Если вы являетесь разработчиком задачи, ознакомьтесь с руководством по переходу на обработчик Node 10 — https://aka.ms/migrateTaskNode10 (также проверьте эту страницу, если вы хотите отключить предупреждения об устаревании Node 6). Если вы являетесь пользователем, не стесняйтесь обращаться к владельцам этой задачи, чтобы продолжить миграцию.", "DeprecatedNodeRunner": "Версия {1} ({2}@{1}) задачи “{0}“ зависит от версии Node ({3}), срок службы которой истек. Обратитесь к владельцу расширения для получения обновленной версии задачи. Специалистам по обслуживанию задач следует ознакомиться с руководством по обновлению Node: https://aka.ms/node-runner-guidance", "DeprecatedRunner": "Задача \"{0}\" зависит от исполнителя задач, срок службы которого истек и который будет удален в будущем. Авторам следует ознакомиться с руководством по обновлению Node: https://aka.ms/node-runner-guidance.", "DeprecationMessage": "Задача \"{0}\" версии {1} ({2}@{1}) больше не рекомендуется.", "DeprecationMessageHelpUrl": "Дополнительные сведения об этой задаче см. в разделе {0}.", "DeprecationMessageRemovalDate": "Эта задача будет удалена. Начиная с {0} она может быть недоступна.", "DirectoryHierarchyUnauthorized": "Разрешение на чтение содержимого каталога требуется для {0} и каждого каталога выше по иерархии. {1}", "DirectoryIsEmptyForArtifact": "Каталог {0} пуст. Ничего не будет добавлено в артефакт сборки {1}.", "DirectoryNotFound": "Каталог не найден: {0}", "DirExpireLimit": "Окончание срока действия каталога: {0} дней.", "DiscoverBuildDir": "Обнаружение устаревших каталогов сборки, которые не использовались дольше {0} дн.", "DiscoverReleaseDir": "Обнаружение устаревших каталогов выпуска, которые не использовались дольше {0} дн.", "DockerCommandFinalExitCode": "Окончательный код завершения для {0}: {1}", "DownloadAgent": "Загрузка агента {0}", "DownloadArtifactFinished": "Скачивание артефакта завершено.", "DownloadArtifacts": "Скачать артефакты", "DownloadArtifactsFailed": "Не удалось скачать артефакты: {0}", "DownloadArtifactTo": "Скачать артефакт в каталог: {0}", "DownloadArtifactWarning": "Используйте задачу \"Скачать артефакт сборки\" для скачивания артефакта типа {0}. https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/download-build-artifacts?view=azure-devops", "DownloadingFromBuild": "Скачать из указанной сборки: #{0}", "DownloadingJenkinsCommitsBetween": "Скачивание фиксаций между заданиями {0} в {1}", "DownloadingJenkinsCommitsFailedWithException": "Не удалось скачать фиксации для артефакта Jenkins {0}. Исключение: {1}", "DownloadingMultiplePipelineArtifacts": "Скачивание артефактов конвейера {0}...", "DownloadingTask0": "Выполняется скачивание задачи: {0} ({1})", "EnableServiceSidTypeUnrestricted": "включить SERVICE_SID_TYPE_UNRESTRICTED для службы агента (Да/Нет)", "EnsureJobFinished": "Ожидание завершения текущего задания.", "EnsureTasksExist": "Скачайте все необходимые задачи.", "EnterValidValueFor0": "Введите допустимое значение для {0}.", "EnvironmentName": "Имя среды", "EnvironmentNotFound": "Среда не найдена: {0}", "EnvironmentVariableExceedsMaximumLength": "Переменная среды \"{0}\" имеет максимально допустимую длину. Длина переменной среды: {1}, максимально допустимая длина: {2}", "EnvironmentVMResourceTags": "Список тегов, разделенный запятыми (например, web, db)", "ErrorDuringBuildGC": "Не удалось обнаружить мусор на основе \"{0}\". Повторите попытку позже.", "ErrorDuringBuildGCDelete": "Не удалось завершить сборку мусора на основе \"{0}\". Повторите попытку позже.", "ErrorDuringReleaseGC": "Не удалось обнаружить мусор на основе \"{0}\". Повторите попытку позже.", "ErrorDuringReleaseGCDelete": "Не удалось завершить сборку мусора на основе \"{0}\". Повторите попытку позже.", "ErrorOccurred": "Произошла ошибка: {0}", "ErrorOccurredWhilePublishingCCFiles": "Произошла ошибка при публикации файлов объема протестированного кода. Ошибка: {0}", "EulasSectionHeader": "Лицензионные соглашения конечного пользователя", "EvaluateReleaseTrackingFile": "Оценка файла отслеживания ReleaseDirectory: {0}", "EvaluateTrackingFile": "Оценка файла отслеживания BuildDirectory: {0}", "Exiting": "Выполняется выход...", "ExpectedMappingCloak": "Ожидаемое сопоставление[{0}] Маскировка: \"{1}\". Фактическое: \"{2}\".", "ExpectedMappingLocalPath": "Ожидаемое сопоставление[{0}] Локальный путь: \"{1}\". Фактическое: {2}", "ExpectedMappingRecursive": "Ожидаемое сопоставление[{0}] Рекурсивное: \"{1}\". Фактическое: \"{2}\".", "ExpectedMappingServerPath": "Ожидаемое сопоставление[{0}] Путь к серверу: \"{1}\". Фактическое: \"{2}\".", "Failed": "Сбой: ", "FailedDeletingTempDirectory0Message1": "Не удалось удалить временный каталог \"{0}\". {1}", "FailedTestsInResults": "В файлах результатов обнаружен один или несколько сбоев тестов. Подробные сведения об опубликованных результатах тестов можно просмотреть на вкладке \"Тесты\".", "FailedToAddTags": "Не удалось применить теги к агенту. Повторите попытку или нажмите CTRL-C, чтобы выйти. Вы также можете перейти на веб-страницу группы развертывания, чтобы добавить теги", "FailedToConnect": "Не удалось подключиться. Повторите попытку или нажмите CTRL-C, чтобы выйти", "FailedToDeleteTempScript": "Не удалось удалить временный встроенный файл сценария \"{0}\". {1}", "FailedToFindDeploymentGroup": "Не удалось найти группу развертывания. Повторите попытку или нажмите CTRL-C, чтобы выйти", "FailedToFindEnvironment": "Не удалось найти среду. Повторите попытку или нажмите CTRL+C для выхода", "FailedToFindPool": "Не удалось найти имя пула. Повторите попытку или нажмите CTRL+C для выхода", "FailedToLockServiceDB": "Не удалось заблокировать базу данных службы для записи", "FailedToOpenSCM": "Не удалось открыть диспетчер служб", "FailedToOpenSCManager": "Не удалось открыть диспетчер служб", "FailedToPublishTestResults": "Не удалось опубликовать результаты теста: {0}", "FailedToReadFile": "Не удалось прочесть {0}. Ошибка: {1}.", "FailedToReplaceAgent": "Не удалось заменить агент. Повторите попытку или нажмите CTRL-C, чтобы выйти", "FailToRemoveGitConfig": "Не удалось удалить \"{0}\" из конфигурации Git. Чтобы удалить учетные данные, выполните команду \"git config --unset-all {0}\" из корня репозитория \"{1}\".", "FailToReplaceTokenPlaceholderInGitConfig": "Не удалось заменить заполнитель для \"{0}\" в файле конфигурации Git.", "FileAssociateProgress": "Всего файлов: {0} ---- Связанные файлы: {1} ({2}%)", "FileContainerUploadFailed": "Не удалось скопировать файл на сервер StatusCode={0}: {1}. Путь к исходному файлу: {2}. Путь к целевому серверу: {3}", "FileContainerUploadFailedBlob": "Не удалось отправить файл в BLOB-объект. Путь к исходному файлу: {0}. Путь к целевому серверу: {1}", "FileDoesNotExist": "Файл {0} не существует или недоступен.", "FileNotFound": "Файл не найден: \"{0}\"", "FilePathNotFound": "Не удается найти путь к файлу {0}.", "FileShareOperatingSystemNotSupported": "Публикация артефактов из агента Linux или macOS в общей папке не поддерживается. Измените тип артефакта на \"Azure Pipelines\" или используйте агент Windows.", "FileUploadCancelled": "Отправка файла была отменена во время отправки файла: {0}.", "FileUploadDetailTrace": "Трассировка отправки подробных сведений для файла, который не удалось отправить: {0}", "FileUploadFailed": "Не удалось отправить {0} из-за {1}.", "FileUploadFailedAfterRetry": "Не удалось отправить файл даже после повторной попытки.", "FileUploadFailedRetryLater": "Не удалось отправить файлы {0}. Повторите попытку через минуту.", "FileUploadFileOpenFailed": "Ошибка файла \"{0}\" при отправке файла \"{1}\".", "FileUploadFinish": "Файл: {0} потребовалось {1} миллисекунд для завершения загрузки", "FileUploadProgress": "Общий файл: {0} ---- Обработанный файл: {1} ({2}%)", "FileUploadProgressDetail": "Отправка {0} ({1}%)", "FileUploadRetry": "Начать повторную попытку {0} загрузки файлов.", "FileUploadRetryInSecond": "Повторите отправку файла через {0} секунд.", "FileUploadRetrySucceed": "Файл успешно отправлен после повторной попытки.", "FileUploadSucceed": "Отправка файла успешно.", "FinalizeJob": "Завершить задание", "FinishMaintenance": "Обслуживание завершено: {0}", "FoundErrorInTrace": [ "{0} в журналах диагностики. Дополнительные сведения см. в журнале.", " - {1}" ], "GCBuildDir": "Удалить потерянный и устаревший каталог сборки.", "GCBuildDirNotEnabled": "Параметр удаления потерянного и устаревшего каталога сборки не включен.", "GCDirIsEmpty": "Для сборки мусора не должен использоваться каталог сборки. В ''{0}'' нет ни одного файла отслеживания.", "GCDirNotExist": "Каталог сборки не должен использоваться для сборки мусора. ''{0}'' не существует.", "GCOldFormatTrackingFile": "Пометьте файл ''{0}'' для сборки мусора, так как он никогда не использовался.", "GCReleaseDir": "Удалить потерянный и устаревший каталог выпуска.", "GCReleaseDirIsEmpty": "Для сборки мусора не должен использоваться каталог выпуска. В ''{0}'' нет ни одного файла отслеживания.", "GCReleaseDirNotEnabled": "Параметр \"Удалить потерянный объект и устаревший каталог выпуска\" не установлен.", "GCReleaseDirNotExist": "Для сборки мусора не должен использоваться каталог выпуска. ''{0}'' не существует.", "GCUnusedTrackingFile": "Пометьте файл ''{0}'' для сборки мусора, так как он не использовался в течение {1} дней.", "GenerateAndRunUpdateScript": "Создать и выполнить сценарий обновления.", "GrantContainerUserSUDOPrivilege": "Предоставить пользователю \"{0}\" привилегию SUDO и разрешить этому пользователю выполнять любые команды без проверки подлинности.", "GrantingFilePermissions": "Предоставление разрешений на доступ к ''{0}''.", "GroupDoesNotExists": "Группа: {0} не существует", "ImageVersionLog": "Текущая версия образа: ''{0}''", "InitializeContainer": "Инициализация контейнеров", "InitializeJob": "Инициализировать задание", "IntegrityCheckNotPassed": "Проверка целостности элементов артефактов не пройдена", "IntegrityCheckPassed": "Проверка целостности элементов артефактов завершена", "InvalidAutoLogonCredential": "Введены недопустимые учетные данные Windows для автоматического входа. Убедитесь, что указанные учетные данные действительны и имеют права интерактивного входа в систему на компьютере. Повторите попытку или нажмите CTRL-C для выхода", "InvalidCommandArg": "Аргумент команды \"{0}\" содержит следующие недопустимые символы: \", \\r, \\n", "InvalidCommandResult": "Команда не имеет допустимого значения результата.", "InvalidCompletedDate": "Максимальная дата завершения {0}, полученная из файла результатов теста, превышает минимальную дату начала {1}, поэтому для вычисления времени будет использована продолжительность каждого тестового запуска", "InvalidConfigFor0TerminatingUnattended": "Указана недопустимая конфигурация {0}. Завершение автоматической конфигурации.", "InvalidDateFormat": "Даты, полученные из файла результатов: {0} (дата начала: {1}, дата завершения: {2}) имеют недопустимый формат, поэтому для вычисления времени будет использована продолжительность каждого тестового запуска.", "InvalidEndpointField": "Недопустимое значение в поле конечной точки. Допустимые значения: url, dataParameter и authParameter.", "InvalidEndpointId": "Недопустимый идентификатор конечной точки.", "InvalidEndpointUrl": "Недопустимый URL-адрес конечной точки.", "InvalidFileFormat": "Недопустимый формат файла.", "InvalidGroupName": "Недопустимое имя группы — {0}.", "InvalidMember": "Не удалось добавить нового участника в локальную группу, так как у него неправильный тип учетной записи. При настройке контроллера домена встроенные учетные записи компьютера невозможно добавить в локальные группы. Вместо этого необходимо использовать учетную запись пользователя домена", "InvalidResultFiles": "Недопустимый файл результатов. Убедитесь, что формат результатов файла ''{0}'' совпадает с форматом результатов теста ''{1}''.", "InvalidSIDForUser": "Недопустимый идентификатор безопасности для пользователя {0}\\{1} при настройке или отмене настройки автоматического входа. Дополнительные сведения см. в журналах.", "InvalidValueInXml": "Не удалось получить значение для ''{0}'' из файла сводки '{1}''. Проверьте формат файла сводки и повторите попытку.", "InvalidWindowsCredential": "Введены недопустимые учетные данные Windows. Повторите попытку или нажмите CTRL-C для выхода", "JenkinsBuildDoesNotExistsForCommits": "Не удалось найти индекс сборки для сборок Jenkins {0} и {1}. Найденные индексы: {2} и {3}. Возможно, сборка не существует", "JenkinsCommitsInvalidEndJobId": "Идентификатор EndJobId{0} связанный с артефактом Jenkins{1}, недопустим. Фиксации не будут скачаны.", "JenkinsDownloadingChangeFromCurrentBuild": "Не удалось найти идентификатор endJobId, будет получен набор изменений текущей сборки", "JenkinsNoCommitsToFetch": "Развертывание той же сборки. Нет данных для получения", "JenkinsRollbackDeployment": "Скачивание фиксаций для развертывания отката между заданием {0} и {1}", "JobCompleted": "{0:u}: задание {1} выполнено с результатом: {2}", "LaunchBrowser": "запустить браузер для потока кода устройства AAD? (Да/Нет)", "ListenForJobs": "{0:u}: прослушивание заданий", "LocalClockSkewed": "Часы локального компьютера могут быть не синхронизированы с серверным временем более чем на пять минут. Синхронизируйте часы с доменом или интернет-службой времени и повторите попытку.", "LocalSystemAccountNotFound": "Не удалось найти учетную запись локальной системы", "LogOutputMessage": "Агент включил отправку журналов, а также сохранение журналов в файл. После завершения задания вы можете получить журналы этого шага по адресу {0} в агенте.", "Maintenance": "Обслуживание", "MaxHierarchyLevelReached": "Уровень иерархии превышает поддерживаемый предел ({0}). Нижестоящая иерархия будет усечена.", "MaxSubResultLimitReached": "Число вложенных результатов в тестовом случае ''{0}'' превышает поддерживаемый предел {1}, остальные удаляются.", "MemberDoesNotExists": "Элемент: {0} не существует", "MinimumNetFramework": "Требуется платформа .NET Framework x64 4.5 или более поздней версии.", "MinimumNetFramework46": "Требуется платформа .NET Framework x64 4.6 или более поздней версии.", "MinimumNetFrameworkTfvc": [ "Платформа .NET Framework x64 4.6 или более поздней версии не установлена.", "", "Для синхронизации репозиториев TFVC требуется платформа .NET Framework x64 4.6 или более поздней версии. Она не нужна для синхронизации репозиториев Git." ], "MinRequiredDockerClientVersion": "Минимальная требуемая версия клиента API подсистемы Docker — \"{0}\", ваша версия клиента Docker (\"{1}\") — \"{2}\".", "MinRequiredDockerServerVersion": "Минимальная требуемая версия сервера API подсистемы Docker — \"{0}\", ваша версия сервера Docker (\"{1}\") — \"{2}\".", "MinRequiredGitLfsVersion": "Минимальная требуемая версия Git-lfs — ''{0}'', ваша версия Git-lfs (''{1}'') — ''{2}''", "MinRequiredGitVersion": "Минимальная требуемая версия Git — ''{0}'', ваша версия Git (''{1}'') — ''{2}''", "MinSecretsLengtLimitWarning": "Слишком большое значение минимальной длины секретов. Настроенное максимальное значение: {0}", "MissingAgent": "Агент больше не существует на сервере. Перенастройте агент.", "MissingAttachmentFile": "Не удалось отправить файл вложения задачи, расположение файла вложения не указано, или файла вложения нет на диске.", "MissingAttachmentName": "Не удалось добавить вложение задачи, не указано имя вложения.", "MissingAttachmentType": "Не удалось добавить вложение задачи, не указан тип вложения.", "MissingConfig": "Не удалось подключиться к серверу, так как отсутствуют файлы конфигурации. Пропускается удаление агента с сервера.", "MissingEndpointField": "Обязательное поле \"field\" отсутствует в команде ##vso[task.setendpoint].", "MissingEndpointId": "Обязательное поле \"id\" отсутствует в команде ##vso[task.setendpoint].", "MissingEndpointKey": "Обязательное поле \"key\" отсутствует в команде ##vso[task.setendpoint].", "MissingNodePath": "Для этого шага требуется версия узла, которая не существует в файловой системе агента. Путь: {0}", "MissingRepositoryAlias": "Не удалось обновить репозиторий, не указан псевдоним репозитория.", "MissingRepositoryPath": "Не удалось обновить репозиторий, путь к репозиторию не указан.", "MissingTaskVariableName": "Обязательное поле ''variable'' отсутствует в команде ##vso[task.settaskvariable].", "MissingTimelineRecordId": "Не удалось обновить запись временной шкалы, идентификатор записи временной шкалы не указан.", "MissingVariableName": "Обязательное поле ''variable'' отсутствует в команде ##vso[task.setvariable].", "ModifyingCoberturaIndexFile": "Изменение файла индекса Cobertura", "MultilineSecret": "Секрет не может быть многострочным", "N": "О", "NameRequiredForTimelineRecord": "Для этой новой записи временной шкалы требуется имя.", "NeedAdminForAutologonCapability": "Требуются права администратора для настройки агента с автоматическим входом.", "NeedAdminForAutologonRemoval": "Для отмены настройки агента, выполняемого с возможностью автоматического входа, требуются права администратора.", "NeedAdminForConfigAgentWinService": "Требуются права администратора для настройки агента в качестве службы Windows.", "NeedAdminForUnconfigWinServiceAgent": "Для отмены настройки агента, запущенного как служба Windows, требуются права администратора.", "NetworkServiceNotFound": "Не удалось найти учетную запись сетевой службы", "NoArtifactsFound": "Нет доступных артефактов в версии ''{0}''.", "NoFolderToClean": "Указанная папка очистки не найдена. Нет элементов для очистки", "NoRestart": "Перезагрузить компьютер позже? (Да/Нет)", "NoRestartSuggestion": "Во время настройки агента был включен автоматический вход в систему. Рекомендуется перезагрузить компьютер, чтобы параметры автоматического входа в систему вступили в силу.", "NoResultFound": "Не найден результат для публикации \"{0}\".", "OnPremIsNotSupported": "Задача артефакта конвейера не поддерживается в локальной среде. Вместо этого используйте задачу сборки артефакта.", "OperatingSystemShutdown": "Операционная система на компьютере ''{0}'' завершает работу", "OperationFailed": "Ошибка: сбой операции {0} с кодом возврата {1}", "OutputVariablePublishFailed": "Не удалось опубликовать выходные переменные.", "OverwriteAutoLogon": "Перезаписать существующие параметры автоматического входа, так как автоматический вход уже включен для пользователя ''{0}''? (Да/Нет)", "ParentProcessFinderError": "Произошла ошибка при проверке того, запущен ли агент в PowerShell Core.", "ParentTimelineNotCreated": "Для этой новой записи временной шкалы не создана родительская запись временной шкалы.", "Password": "пароль", "PathDoesNotExist": "Путь не существует: {0}", "PersonalAccessToken": "личный маркер доступа", "PipelineDoesNotExist": "Следующий конвейер не существует: {0}. Проверьте имя конвейера.", "PoolNotFound": "Пул агентов не найден: '{0}'", "PostJob": "После задания: {0}", "PowerOptionsConfigError": "Произошла ошибка при настройке параметров питания. Пожалуйста, обратитесь к журналам для получения более подробной информации.", "PowerShellNotInstalledMinVersion0": "PowerShell не установлен. Минимальная требуемая версия: {0}", "PreJob": "Предварительное задание: {0}", "PrepareBuildDir": "Подготовка каталога сборки.", "PrepareReleasesDir": "Подготовка каталога выпуска.", "PrepareTaskExecutionHandler": "Подготовка обработчика выполнения задачи.", "Prepending0WithDirectoryContaining1": "Предварительная {0} переменная среды с каталогом, содержащим '{1}'.", "PrerequisitesSectionHeader": "Предварительные требования", "PreventServiceStartDescription": "следует ли запретить запуск службы сразу после завершения настройки? (Y/N)", "ProcessCompletedWithCode0Errors1": "Процесс завершен с кодом выхода {0} и {1} ошибки записаны в поток ошибок.", "ProcessCompletedWithExitCode0": "Процесс завершен с кодом выхода {0}.", "ProcessExitCode": "Код завершения {0} из процесса: имя файла '{1}', аргументы '{2}'.", "ProcessHandlerInvalidScriptArgs": "В аргументах обнаружены символы, которые могут быть неправильно интерпретированы оболочкой. Дополнительные сведения см. по адресу: https://aka.ms/ado/75787", "ProfileLoadFailure": "Не удалось загрузить профиль пользователя {0}\\{1} Настройка автоматического входа в систему невозможна.", "ProjectName": "Имя проекта", "Prompt0": "Введите \"{0}\"", "Prompt0Default1": "Введите {0} (нажмите клавишу ВВОД для {1})", "PSModulePathLocations": "Переменная среды PSModulePath содержит расположения модулей, относящиеся к PowerShell Core. Обратите внимание, что если вы собираетесь использовать задачи Windows PowerShell в своем конвейере, могут возникать ошибки. Чтобы устранить эту проблему, не запускайте агент в PowerShell Core (pwsh).", "PSScriptError": "Сценарий PowerShell выполнен с {0} ошибками.", "PublishCodeCoverage": "Публикация покрытия кода", "PublishedCodeCoverageArtifact": "Опубликовано '{0}' как артефакт '{1}'", "PublishingArtifactUsingRobocopy": "Отправка артефактов с помощью robocopy.", "PublishingCodeCoverage": "Публикация сводных данных о покрытии на сервер TFS.", "PublishingCodeCoverageFiles": "Публикация файлов покрытия кода на сервере TFS.", "PublishingTestResults": "Публикация результатов теста для тестового запуска \"{0}\".", "PublishTestResults": "Публикация результатов теста", "QueryingWorkspaceInfo": "Запрос сведений о рабочей области.", "QueueConError": "{0:u}: Ошибка подключения агента: {1}. Выполняется повторное подключение до тех пор, пока соединение не будет установлено.", "QueueConnected": "{0:u}: агент повторно подключен.", "QuietCheckoutModeRequested": "Режим тихого извлечения: на консоли будет напечатано меньше.", "ReadingCodeCoverageSummary": "Чтение сводки объема протестированного кода {0}", "ReadOnlyTaskVariable": "Перезапись переменной задачи только для чтения {0} не разрешена. Подробнее см. https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "ReadOnlyTaskVariableWarning": "Перезапись переменной задачи только для чтения {0}. Это поведение будет отключено в будущем. Дополнительные сведения см. в https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md for details.", "ReadOnlyVariable": "Перезапись переменной только для чтения {0} не разрешена. Подробнее см. https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "ReadOnlyVariableWarning": "Перезапись переменной только для чтения {0}. Это поведение будет отключено в будущем. Подробнее см. в https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md.", "RegisterAgentSectionHeader": "Зарегистрировать агент", "ReleaseDirLastUseTime": "Последнее использования каталога выпуска \"{0}\": {1}", "RenameIndexFileCoberturaFailed": "Не удалось переименовать {0} в {1} при публикации файлов объема протестированного кода для {2}. Внутреннее исключение: '{3}", "Replace": "Заменить? (Да/Нет)", "RepositoryNotExist": "Не удается обновить репозиторий, так как репозиторий не существует.", "ResourceMonitorAgentEnvironmentResource": "Ресурсы среды агента — {0}, {1}, {2}", "ResourceMonitorCPUInfo": "Использование ЦП: {0} %", "ResourceMonitorCPUInfoError": "Не удалось получить сведения о ЦП, исключение: {0}", "ResourceMonitorDiskInfo": "Диск: {0} — доступно {1} МБ из {2} МБ", "ResourceMonitorDiskInfoError": "Не удалось получить сведения о диске, исключение: {0}", "ResourceMonitorFreeDiskSpaceIsLowerThanThreshold": "Свободного места на диске в {0} меньше {1} %. Сейчас используется: {2} %", "ResourceMonitorMemoryInfo": "Память: использовано {0} МБ из {1} МБ", "ResourceMonitorMemoryInfoError": "Не удалось получить сведения о памяти, исключение: {0}", "ResourceMonitorMemorySpaceIsLowerThanThreshold": "Объем свободной памяти меньше {0} %. Сейчас используется: {1} %", "ResourceUtilizationDebugOutputIsDisabled": "Вывод данных об использовании ресурсов для отладочных запусков отключен. Если вам нужно включить эту функцию, измените значение переменной \"AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT\" на \"true\".", "ResourceUtilizationWarningsIsDisabled": "Предупреждения об использовании ресурсов отключены. Если вам нужно включить их, измените значение переменной \"DISABLE_RESOURCE_UTILIZATION_WARNINGS\" на \"false\".", "RestartIn15SecMessage": "Перезапуск компьютера через 15 секунд...", "RestartMessage": "Перезагрузите компьютер, чтобы запустить агент и чтобы параметры автоматического входа вступили в силу.", "ReStreamLogsToFilesError": "Одновременное использование --disableloguploads и --reStreamLogsToFiles невозможно!", "RetryCountLimitExceeded": "Максимально допустимое количество попыток равно{0}, но имело{1}. Количество повторных попыток будет уменьшено до {0}.", "RetryingReplaceAgent": "Попытка заменить агента (попытка {0} из {1}). Подождите {2} с перед следующей попыткой...", "RMApiFailure": "Сбой {0} API с кодом ошибки: {1}", "RMArtifactContainerDetailsInvalidError": "Артефакт не содержит допустимые сведения о контейнере: {0}", "RMArtifactContainerDetailsNotFoundError": "Артефакт не содержит сведений о контейнере: {0}", "RMArtifactDetailsIncomplete": "Не удается найти необходимые сведения для скачивания артефакта", "RMArtifactDirectoryNotFoundError": "Каталог артефактов не существует: {0}. Это может произойти, если пароль учетной записи {1} был недавно изменен и не был обновлен для агента. Если это так, попробуйте перенастроить агент.", "RMArtifactDownloadBegin": "Скачивание связанного артефакта {0} типа {1}...", "RMArtifactDownloadFinished": "Загружен связанный артефакт {0}", "RMArtifactDownloadRequestCreationFailed": "Не удалось создать запрос на скачивание артефакта с URL-адреса: {0}", "RMArtifactEmpty": "Артефакт не содержит файлов для скачивания.", "RMArtifactMatchNotFound": "Имя артефакта сборки '{0}' не соответствует ни одному шаблону именования, скачивание пропускается", "RMArtifactNameDirectoryNotFound": "Каталог '{0}' не существует. Вернуться к родительскому каталогу: {1}", "RMArtifactsDownloadFinished": "Скачивание артефактов завершено", "RMArtifactTypeFileShare": "Тип артефакта: FileShare", "RMArtifactTypeNotSupported": "Управление выпусками не поддерживает скачивание типа {0} в текущей версии", "RMArtifactTypeServerDrop": "Тип артефакта: ServerDrop", "RMArtifactVersionNotBelongToArtifactSource": "Версия артефакта с идентификатором {0} не принадлежит связанному источнику артефактов с идентификатором {1}.", "RMBuildNotFromLinkedDefinition": "Сборка {0} не относится к связанному определению сборки {1}", "RMCachingAllItems": "Кэширование всех элементов в контейнере файлов...", "RMCachingComplete": "Кэширование завершено. ({0} мс)", "RMCachingContainerItems": "Кэширование элементов '{0}' в контейнере файлов...", "RMContainerItemNotSupported": "Тип элемента контейнера '{0}' не поддерживается.", "RMContainerItemPathDoesnotExist": "Путь к элементу контейнера файлов не начинается с {0}: {1}", "RMContainerItemRequestTimedOut": "Время ожидания запроса истекло через {0} секунд; в спящем режиме {1} секунд и повторная попытка. Запрос: {2} {3}", "RMCreatedArtifactsDirectory": "Каталог созданных артефактов: {0}", "RMCreatingArtifactsDirectory": "Создание каталога артефактов: {0}", "RMCustomEndpointNotFound": "Не удается найти в задание необходимые сведения для скачивания пользовательского артефакта: {0}", "RMDownloadArtifactUnexpectedError": "Непредвиденная ошибка при загрузке артефактов", "RMDownloadBufferSize": "Размер буфера загрузки: {0}", "RMDownloadComplete": "Скачивание завершено.", "RMDownloadingArtifact": "Скачивание артефакта", "RMDownloadingArtifactFromFileContainer": "Скачивание артефакта из контейнера файлов: {0} целевому объекту: {1}", "RMDownloadingArtifactFromFileShare": "Скачивание артефакта из файловой папки: {0} целевому объекту: {1}", "RMDownloadingArtifactUsingRobocopy": "Скачивание артефакта с помощью robocopy.", "RMDownloadingCommits": "Скачивание фиксаций", "RMDownloadingJenkinsArtifacts": "Скачивание артефактов с сервера Jenkins", "RMDownloadProgress": "{0} помещенных файлов: {1} скачано, {2} пустых", "RMDownloadProgressDetails": "{0} МБ загружено на скорости {1} КБ/сек. Время скачивания: {2}.", "RMDownloadStartDownloadOfFile": "Загрузка файла: \"{0}\"", "RMDownloadTaskCompletedStatus": "Задачи скачивания не завершены за {0} минут. Оставшиеся состояния задач:", "RMDownloadTaskStates": " {0}: \t{1} задач.", "RMEnsureArtifactFolderExistsAndIsClean": "Убедитесь, что папка артефактов {0} существует и является чистой.", "RMEnvironmentVariablesAvailable": "Доступные переменные среды приведены ниже. Обратите внимание, что на эти переменные среды можно ссылаться в задаче (в ReleaseDefinition), заменив \"_\" на \".\" например На переменную среды AGENT_NAME можно ссылаться с помощью агента. Имя в ReleaseDefinition: {0}", "RMErrorDownloadingContainerItem": "Ошибка при скачивании {0}: {1}", "RMErrorDuringArtifactDownload": "Произошла ошибка при скачивании: {0}", "RMFailedCreatingArtifactDirectory": "Не удалось создать каталог артефактов выпуска '{0}'.", "RMFileShareArtifactErrorOnNonWindowsAgent": "Не удается загрузить артефакты из общей папки с помощью агента OSX или Linux. Вы можете загрузить артефакт с сервера или использовать агент Windows.", "RMGitEndpointNotFound": "Не удается найти необходимую информацию в задании для загрузки артефакта Team Foundation Git.", "RMGitHubEndpointNotFound": "Не удается найти необходимые сведения в задании для скачивания артефакта GitHub: {0}", "RMGotJenkinsArtifactDetails": "Получены сведения об артефакте Jenkins", "RMJenkinsBuildId": "Идентификатор сборки: {0}", "RMJenkinsEndpointNotFound": "Не удается найти в задание необходимые сведения для скачивания артефакта Jenkins: {0}", "RMJenkinsInvalidBuild": "Недопустимый сборка {0} Jenkins.", "RMJenkinsJobName": "Имя задания: {0}", "RMJenkinsNoArtifactsFound": "В сборке Jenkins нет доступных артефактов {0}.", "RMLowAvailableDiskSpace": "На диске {0} мало места, доступно менее 100 МБ.", "RMNoBuildArtifactsFound": "В сборке нет доступных артефактов {0}.", "RMParallelDownloadLimit": "Ограничение параллельного скачивания: {0}", "RMPrepareToGetFromJenkinsServer": "Подготовка к получению информации об артефактах с сервера Jenkins", "RMPreparingToDownload": "Подготовка к скачиванию артефакта: {0}", "RMPreparingToGetBuildArtifactList": "Идет подготовка к получению списка доступных артефактов из сборки.", "RMReAttemptingDownloadOfContainerItem": "Повторная попытка скачивания {0}. Ошибка: {1}", "RMReceivedGithubArtifactDetails": "Получены сведения об артефакте GitHub", "RMReleaseNameRequired": "Необходимо указать имя выпуска.", "RMRemainingDownloads": "{0} оставшихся загрузок.", "RMRetryingArtifactDownload": "Повторная попытка скачивания...", "RMRetryingCreatingArtifactsDirectory": "Не удалось создать каталог артефактов выпуска {0} с исключением {1}. Повторная попытка создания каталога артефактов выпуска.", "RMRobocopyBasedArtifactDownloadExitCode": "Код выхода Robocopy: {0}", "RMRobocopyBasedArtifactDownloadFailed": "Сбой скачивания на основе Robocopy. Код выхода: {0}", "RMStartArtifactsDownload": "Запуск скачивания артефактов...", "RMStreamTypeNotSupported": "Управление выпусками не поддерживает скачивание типа {0} в текущей версии", "RMTfsVCEndpointNotFound": "Не удается найти необходимую информацию в задании для загрузки артефакта управления версиями Team Foundation.", "RMUpdateReleaseName": "Обновить имя выпуска.", "RMUpdateReleaseNameForRelease": "Обновить имя выпуска {0} для выпуска {1}.", "RMUpdateReleaseNameForReleaseComment": "Обновление имени выпуска на {0} с помощью команды ведения журнала задачи", "RMUserChoseToSkipArtifactDownload": "Пропуск загрузки артефакта в соответствии с указанным параметром.", "RobocopyBasedPublishArtifactTaskExitCode": "Код выхода из команды Robocopy: {0}", "RobocopyBasedPublishArtifactTaskFailed": "Не удалось выполнить публикацию с помощью команды Robocopy. Код завершения: {0}", "Rosetta2Warning": "Известно, что эмуляция X64 приводит к зависаниям в процессе агента. Используйте собственный агент (ARM).", "RSAKeyFileNotFound": "Файл ключа RSA {0} не найден", "RunAgentAsServiceDescription": "запустить агент как службу? (Да/Нет)", "RunAsAutoLogonDescription": "настроить автоматический вход и запустить агент при запуске? (Да/Нет)", "RunIDNotValid": "Неверный идентификатор запуска: {0}", "RunningJob": "{0:u}: Запуск задания: {1}", "SavedSettings": "{0:u}: параметры сохранены.", "ScanToolCapabilities": "Поиск возможностей инструмента.", "ScreenSaverPoliciesInspection": "Проверка наличия политик, которые могут препятствовать отключению заставки.", "ScreenSaverPolicyWarning": "На этом компьютере определена политика экранной заставки. Это может привести к повторному включению экранной заставки. Активная экранная заставка может влиять на операции пользовательского интерфейса, например, автоматизированные тесты пользовательского интерфейса могут завершиться неудачно.", "SecretsAreNotAllowedInInjectedTaskInputs": "Задача пытается получить доступ к следующим входным данным целевой задачи, которые содержат секреты:\n{0}\nНе разрешено передавать входные данные, содержащие секреты, задачам, внедренным декораторами.", "SelfManageGitCreds": "Вы находитесь в режиме самоуправления учетными данными git. Убедитесь, что хост-компьютер вашего агента может обойти любую проверку подлинности git.", "ServerTarpit": "В настоящее время задание регулируется сервером. Вы можете столкнуться с задержками в выводе строки консоли, отчетах о состоянии заданий и загрузке журнала задач.", "ServerTarpitUrl": "Ссылка на страницу использования ресурсов (глобальный просмотр за 1 час): {0}.", "ServerTarpitUrlScoped": "Ссылка на страницу использования ресурсов (просмотр за 1 час по воронке продаж): {0}.", "ServerUrl": "URL-адрес сервера", "ServiceAlreadyExists": "Служба уже существует: {0}, она будет заменена", "ServiceConfigured": "Служба {0} успешно настроена", "ServiceDelayedStartOptionSet": "Задержка автоматического запуска для службы {0} успешно установлена.", "ServiceInstalled": "Служба {0} успешно установлена", "ServiceLockErrorRetry": "Сбой блокировки службы базы данных. Код: {0}. Повтор через {1} сек...", "ServiceRecoveryOptionSet": "Служба {0} успешно установила параметр восстановления", "ServiceSidTypeSet": "Служба {0} успешно установила тип идентификатора безопасности", "ServiceStartedSuccessfully": "Служба {0} успешно запущена", "SessionCreateFailed": "Не удалось создать сеанс: {0}", "SessionExist": "Сеанс для этого агента уже существует.", "SessionExistStopRetry": "Остановите повтор сеанса SessionConflictException после повторной попытки в течение {0} секунд.", "SetBuildVars": "Задайте переменные сборки.", "SetEnvVar": "Настройка переменной среды {0}", "SetVariableNotAllowed": "Переменная установки {0} была отключена заданием или определением сборки.", "ShallowCheckoutFail": "Не удалось выполнить команду Git checkout в неполном репозитории. Это может быть вызвано тем, что команда git fetch с глубиной \"{0}\" не включает фиксацию checkout \"{1}\". Обратитесь к документации (http://go.microsoft.com/fwlink/?LinkId=829603).", "ShallowLfsFetchFail": "Не удалось выполнить команду Git lfs fetch в неполном репозитории. Это может быть вызвано тем, что команда git fetch с глубиной \"{0}\" не включает фиксацию lfs fetch \"{1}\". Обратитесь к документации (http://go.microsoft.com/fwlink/?LinkId=829603).", "ShutdownMessage": "Перезапуск компьютера для запуска агента в интерактивном режиме.", "Skipping": "Не существует. Пропуск ", "SkipTrackingFileWithoutRepoType": "Пропуск файла отслеживания \"{0}\", тип репозитория еще не был обновлен.", "SourceArtifactProviderNotFound": "Не удается найти поставщика источника для артефакта типа {0}", "StartingArtifactDownload": "Начинается скачивание {0}", "StartMaintenance": "Начать обслуживание: {0}", "StepCancelled": "Операция будет отменена. Дальнейшие действия могут не содержать ожидаемых журналов.", "StepFinishing": "Завершение: {0}", "StepStarting": "Запуск: {0}", "StepTimedOut": "Время ожидания задачи истекло.", "StopContainer": "Остановить контейнеры", "Success": "Выполнено: ", "SupportedRepositoryEndpointNotFound": "Не удалось сопоставить конечные точки исходного репозитория ни с одним из поддерживаемых поставщиков источника.", "SupportedTaskHandlerNotFoundLinux": "Текущая операционная система не поддерживает выполнение этой задачи. Как правило, это означает, что эта задача предназначена только для Windows. Например, задача была написана для PowerShell для рабочего стола Windows.", "SupportedTaskHandlerNotFoundWindows": "Поддерживаемый обработчик выполнения задач не найден. Задача не содержит реализацию, совместимую с текущей операционной системой \"{0}\". За дополнительными сведениями обратитесь к автору задачи.", "SvnBranchCheckedOut": "Извлечена ветвь {0} для репозитория {1} в редакции {2}", "SvnEmptyServerPath": "Пустой относительный путь к серверу сопоставляется с {0}.", "SvnFileAlreadyExists": "Файл {0} уже существует", "SvnIncorrectRelativePath": "Указан неправильный относительный путь \"{0}\".", "SvnMappingDuplicateLocal": "Пропуск повторяющегося сопоставления для локального пути={0}", "SvnMappingDuplicateServer": "Пропуск повторяющегося сопоставления для пути к серверу={0}", "SvnMappingIgnored": "Весь набор сопоставлений игнорируется. Выполняется полное сопоставление ветвей.", "SvnNotInstalled": "Не удается найти установленную программу командной строки SVN", "SvnSyncingRepo": "Синхронизация репозитория: {0} (Svn)", "TarExtraction": "Извлечение tar-архива: {0}", "TarExtractionError": "Не удалось извлечь tar-архив {0}: {1}", "TarExtractionNotSupportedInWindows": "Извлечение из TAR-архива не поддерживается в Windows", "TarSearchStart": "Начинается поиск tar-архивов для извлечения", "TarsFound": "Найдены tar-архивы {0} для извлечения", "TarsNotFound": "TAR-архивы для извлечения не найдены", "TaskDownloadFailed": "Не удалось загрузить задачу \"{0}\". Ошибка: {1}", "TaskDownloadTimeout": "Скачивание задачи \"{0}\" не было завершено в течение {1} с.", "TaskSignatureVerificationFailed": "Сбой проверки подписи задачи.", "TaskSignatureVerificationSucceeeded": "Подпись задачи проверена.", "TeeEula": [ "Для создания исходников из репозитория TFVC необходимо принять лицензионное соглашение с конечным пользователем Team Explorer Everywhere. Это действие не требуется для сборки исходников из репозиториев Git.", "", "Копию лицензионного соглашения Team Explorer Everywhere можно найти по адресу:", " {0}" ], "Telemetry": "Телеметрия", "TelemetryCommandDataError": "Не удается проанализировать данные телеметрии {0}. Ошибка: {1}", "TelemetryCommandFailed": "Не удалось опубликовать данные телеметрии. Ошибка: {0}", "TenantId": "Идентификатор клиента", "TestAgentConnection": "Подключение агента тестирования.", "TestAttachmentNotExists": "Вложение пропущено, так как оно недоступно на диске: {0}", "TestResultsRemaining": "Оставшиеся результаты теста: {0}. Идентификатор тестового запуска: {1}", "Tfs2015NotSupported": "Этот агент не поддерживается в Windows для TFS 2015. Агент TFS 2015 для Windows можно загрузить со страницы администрирования пулов агентов.", "TotalThrottlingDelay": "Общая задержка задания, вызванная регулированием скорости сервера, составила {0} секунд.", "TotalUploadFiles": "Отправка файлов {0}", "TypeRequiredForTimelineRecord": "Для этой новой записи временной шкалы требуется тип.", "UnableResolveArtifactType": "Не удается определить тип артефакта по расположению артефакта: {0}.", "UnableToArchiveResults": "Не удается заархивировать результаты теста: {0}", "UnableToParseBuildTrackingConfig0": "Не удалось проанализировать устаревшую конфигурацию отслеживания сборки. Вместо этого будет создан новый каталог сборки. Предыдущий каталог может остаться в невостребованном состоянии. Содержимое устаревшей конфигурации: {0}", "UnconfigAutologon": "Удаление параметров автоматического входа", "UnconfigureOSXService": "Сначала отмените настройку службы в соответствии с https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-osx", "UnconfigureServiceDService": "Сначала отмените настройку службы в соответствии с https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-linux", "UnexpectedParallelCount": "Неподдерживаемое значение счетчика параллелизма \"%s\". Введите число от 1 до 128.", "UninstallingService": "Удаление службы", "UnknownCodeCoverageTool": "Средство оценки объема протестированного кода \"{0}\" не поддерживается.", "UnrecognizedCmdArgs": "Нераспознанные входные аргументы командной строки: \"{0}\". Сведения об использовании: .\\config.cmd --help или ./config.sh --help", "UnregisteringAgent": "Удаление агента с сервера", "UnsupportedGitLfsVersion": "Агент не поддерживает текущую версию Git LFS \"{0}\". Выполните обновление до версии не ниже \"{1}\". Дополнительные сведения: https://github.com/git-lfs/git-lfs/issues/3571.", "UnsupportedOsVersionByNet8": "Версия операционной системы, на которой работает этот агент ({0}), не поддерживается в предстоящем обновлении Pipelines Agent. Поддерживаемые версии операционных систем см. на сайте https://aka.ms/azdo-pipeline-agent-net8.", "UpdateBuildNumber": "Обновление номера сборки", "UpdateBuildNumberForBuild": "Обновите номер сборки до {0} для сборки {1}", "UpdateInProgress": "Выполняется обновление агента, не завершайте его работу.", "UpgradeToLatestGit": "Чтобы улучшить интерфейс Git, обновите Git до версии не ниже \"{0}\". Текущая версия Git: \"{1}\".", "UploadArtifact": "Отправка артефакта", "UploadArtifactCommandNotSupported": "Отправка артефакта сервера не поддерживается в {0}.", "UploadArtifactFinished": "Отправка артефакта конвейера завершена.", "UploadingPipelineArtifact": "Отправка артефакта конвейера из {0} для сборки #{1}", "UploadToFileContainer": "Отправьте \"{0}\" в контейнер файлов: \"{1}\"", "UserName": "имя пользователя", "UserNameLog": "Агент выполняется как: \"{0}\"", "UserShutdownAgent": "Агент получил сигнал к завершению работы. Это может происходить при остановке службы агента или отмене агента, запускаемого вручную.", "Variable0ContainsCyclicalReference": "Не удается развернуть переменную \"{0}\". Обнаружена циклическая ссылка.", "Variable0ExceedsMaxDepth1": "Не удается развернуть переменную \"{0}\". Превышена максимальная глубина расширения ({1}).", "VMResourceWithSameNameAlreadyExistInEnvironment": "Среда с идентификатором \"{0}\" уже содержит ресурс виртуальной машины с именем \"{1}\".", "VSTSHostNonZeroReturn": "Файл LegacyVSTSPowerShellHost.exe выполнен с кодом возврата: {0}.", "WaitForServiceToStop": "Ожидание остановки службы…", "WindowsLogonAccountNameDescription": "Учетная запись пользователя, используемая для службы", "WindowsLogonPasswordDescription": "Пароль для учетной записи {0}", "WorkFolderDescription": "рабочая папка", "WorkspaceMappingNotMatched": "Сопоставления рабочей области не совпадают для рабочей области {0}", "Y": "Y", "ZipSlipFailure": "Запись находится за пределами целевого каталога: {0}" } ================================================ FILE: src/Misc/layoutbin/runsvc.sh ================================================ #!/bin/bash # convert SIGTERM signal to SIGINT # for more info on how to propagate SIGTERM to a child process see: http://veithen.github.io/2014/11/16/sigterm-propagation.html trap 'kill -INT $PID' TERM INT if [ -f ".path" ]; then # configure export PATH=`cat .path` echo ".path=${PATH}" fi # insert anything to setup env when running as a service # fallback on Node16 if Node20 is not supported by the host ./externals/node20_1/bin/node --version if [ $? == 0 ]; then NODE_VER="node20_1" else NODE_VER="node16" fi # run the host process which keep the listener alive ./externals/"$NODE_VER"/bin/node ./bin/AgentService.js & PID=$! wait $PID trap - TERM INT wait $PID ================================================ FILE: src/Misc/layoutbin/systemd.svc.sh.template ================================================ #!/bin/bash SVC_NAME=`systemd-escape --path "{{SvcNameVar}}"` SVC_DESCRIPTION="{{SvcDescription}}" SVC_CMD=$1 arg_2=${2} AGENT_ROOT=`pwd` UNIT_PATH=/etc/systemd/system/${SVC_NAME} TEMPLATE_PATH=./bin/vsts.agent.service.template TEMP_PATH=./bin/vsts.agent.service.temp CONFIG_PATH=.service user_id=`id -u` # systemctl must run as sudo # this script is a convenience wrapper around systemctl if [ $user_id -ne 0 ]; then echo "Must run as sudo" exit 1 fi function failed() { local error=${1:-Undefined error} echo "Failed: $error" >&2 exit 1 } if [ ! -f "${TEMPLATE_PATH}" ]; then failed "Must run from agent root or install is corrupt" fi #check if we run as root if [[ $(id -u) != "0" ]]; then echo "Failed: This script requires to run with sudo." >&2 exit 1 fi function install() { echo "Creating launch agent in ${UNIT_PATH}" if [ -f "${UNIT_PATH}" ]; then failed "error: exists ${UNIT_PATH}" fi if [ -f "${TEMP_PATH}" ]; then rm "${TEMP_PATH}" || failed "failed to delete ${TEMP_PATH}" fi # can optionally use username supplied run_as_user=${arg_2:-$SUDO_USER} echo "Run as user: ${run_as_user}" run_as_uid=$(id -u ${run_as_user}) || failed "User does not exist" echo "Run as uid: ${run_as_uid}" run_as_gid=$(id -g ${run_as_user}) || failed "Group not available" echo "gid: ${run_as_gid}" sed "s/{{User}}/${run_as_user}/g; s/{{Description}}/$(echo ${SVC_DESCRIPTION} | sed -e 's/[\/&]/\\&/g')/g; s/{{AgentRoot}}/$(echo ${AGENT_ROOT} | sed -e 's/[\/&]/\\&/g')/g;" "${TEMPLATE_PATH}" > "${TEMP_PATH}" || failed "failed to create replacement temp file" mv "${TEMP_PATH}" "${UNIT_PATH}" || failed "failed to copy unit file" # unit file should not be executable and world writable chmod 664 "${UNIT_PATH}" || failed "failed to set permissions on ${UNIT_PATH}" command -v sestatus && sestatus | grep "SELinux status: *enabled" is_selinux_enabled=$? if [ $is_selinux_enabled -eq 0 ]; then # SELinux is enabled, we must ensure the system context for the unit file matches the expected systemd_unit_file context. chcon system_u:object_r:systemd_unit_file_t:s0 "${UNIT_PATH}" fi systemctl daemon-reload || failed "failed to reload daemons" # Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user. cp ./bin/runsvc.sh ./runsvc.sh || failed "failed to copy runsvc.sh" chown ${run_as_uid}:${run_as_gid} ./runsvc.sh || failed "failed to set owner for runsvc.sh" chmod 755 ./runsvc.sh || failed "failed to set permission for runsvc.sh" if [ $is_selinux_enabled -eq 0 ]; then # SELinux is enabled, we must ensure the shell scripts matches the expected context. chcon system_u:object_r:usr_t:s0 runsvc.sh fi systemctl enable ${SVC_NAME} || failed "failed to enable ${SVC_NAME}" echo "${SVC_NAME}" > ${CONFIG_PATH} || failed "failed to create .service file" chown ${run_as_uid}:${run_as_gid} ${CONFIG_PATH} || failed "failed to set permission for ${CONFIG_PATH}" } function start() { systemctl start ${SVC_NAME} || failed "failed to start ${SVC_NAME}" status } function stop() { systemctl stop ${SVC_NAME} || failed "failed to stop ${SVC_NAME}" status } function uninstall() { stop systemctl disable ${SVC_NAME} || failed "failed to disable ${SVC_NAME}" rm "${UNIT_PATH}" || failed "failed to delete ${UNIT_PATH}" if [ -f "${CONFIG_PATH}" ]; then rm "${CONFIG_PATH}" || failed "failed to delete ${CONFIG_PATH}" fi systemctl daemon-reload || failed "failed to reload daemons" } function status() { if [ -f "${UNIT_PATH}" ]; then echo echo "${UNIT_PATH}" else echo echo "not installed" echo return fi systemctl --no-pager status ${SVC_NAME} } function usage() { echo echo Usage: echo "./svc.sh [install, start, stop, status, uninstall]" echo "Commands:" echo " install [user]: Install agent service as Root or specified user." echo " start: Manually start the agent service." echo " stop: Manually stop the agent service." echo " status: Display status of agent service." echo " uninstall: Uninstall agent service." echo } case $SVC_CMD in "install") install;; "status") status;; "uninstall") uninstall;; "start") start;; "stop") stop;; "status") status;; *) usage;; esac exit 0 ================================================ FILE: src/Misc/layoutbin/tasks-exception-list.json ================================================ [ "769D88CB-515B-4456-A045-D9A4E11C90E3", "B832BEC5-8C27-4FEF-9FB8-6BEC8524AD8A", "B832BEC5-8C27-4FEF-9FB8-6BEC8524AD8A", "B832BEC5-8C27-4FEF-9FB8-6BEC8524AD8A", "AD5CD22A-BE4E-48BB-ADCE-181A32432DA5", "1d876d40-9aa7-11e7-905d-f541cc882994", "39bc2c9b-55b7-4835-89cd-6cc699ef7220", "5BFB729A-A7C8-4A78-A7C3-8D717BB7C13C", "E3CF3806-AD30-4EC4-8F1E-8ECD98771AA0", "97411e3d-0241-4b1f-9607-2d2c04b4df51", "9fac244b-8d7c-4d8e-a003-2097daa3270f", "263abc27-4582-4174-8789-af599697778e", "86c37a92-59a7-444b-93c7-220fcf91e29c", "ad884ca2-732e-4b85-b2d3-ed71bcbd2788", "333b11bd-d341-40d9-afcf-b32d5ce6f23b", "333b11bd-d341-40d9-afcf-b32d5ce6f23b", "333b11bd-d341-40d9-afcf-b32d5ce6f25b", "333b11bd-d341-40d9-afcf-b32d5ce6f23b", "2C65196A-54FD-4A02-9BE8-D9D1837B7C5D", "2C65196A-54FD-4A02-9BE8-D9D1837B7C5D", "2661B7E5-00F9-4DE1-BA41-04E68D70B528", "50817E39-E160-45E1-A825-1C746B7D2EB2", "5e3feff0-c5ae-11e8-a7d0-4bd3b8229800", "5e3feff0-c5ae-11e8-a7d0-4bd3b8229800", "2A7EBC54-C13E-490E-81A5-D7561AB7CD97", "0B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1", "2d8a1d60-8ccd-11e7-a792-11ac56e9f553", "e4d58330-c771-11e8-8f8f-81fbb42e2824", "e4d58330-c771-11e8-8f8f-81fbb42e2824", "e0b79640-8625-11e8-91be-db2878ff888a", "2C65196A-54FD-4A02-9BE8-D9D1837B7111", "EF087383-EE5E-42C7-9A53-AB56C98420F9", "049918CB-1488-48EB-85E8-C318ECCAAA74" ] ================================================ FILE: src/Misc/layoutbin/update.cmd.template ================================================ @echo off rem agent will replace key words in the template and generate a batch script to run. rem Keywords: rem PROCESSID = pid rem AGENTPROCESSNAME = agent.listener[.exe] rem ROOTFOLDER = ./ rem EXISTAGENTVERSION = 2.100.0 rem DOWNLOADAGENTVERSION = 2.101.0 rem UPDATELOG = _diag/SelfUpdate-UTC.log rem RESTARTINTERACTIVEAGENT = 0/1 setlocal set agentpid=_PROCESS_ID_ set agentprocessname=_AGENT_PROCESS_NAME_ set rootfolder=_ROOT_FOLDER_ set existagentversion=_EXIST_AGENT_VERSION_ set downloadagentversion=_DOWNLOAD_AGENT_VERSION_ set logfile=_UPDATE_LOG_ set restartinteractiveagent=_RESTART_INTERACTIVE_AGENT_ rem log user who run the script echo [%date% %time%] --------whoami-------- >> "%logfile%" 2>&1 whoami >> "%logfile%" 2>&1 echo [%date% %time%] --------whoami-------- >> "%logfile%" 2>&1 rem wait for agent process to exit. echo [%date% %time%] Waiting for %agentprocessname% (%agentpid%) to complete >> "%logfile%" 2>&1 :loop tasklist /fi "pid eq %agentpid%" | find /I "%agentprocessname%" >> "%logfile%" 2>&1 if ERRORLEVEL 1 ( goto copy ) echo [%date% %time%] Process %agentpid% still running, check again after 1 second. >> "%logfile%" 2>&1 ping -n 2 127.0.0.1 >nul goto loop rem start re-organize folders :copy echo [%date% %time%] Process %agentpid% finished running >> "%logfile%" 2>&1 echo [%date% %time%] Sleep 1 more second to make sure process exited >> "%logfile%" 2>&1 ping -n 2 127.0.0.1 >nul echo [%date% %time%] Re-organize folders >> "%logfile%" 2>&1 rem the folder structure under agent root will be rem ./bin -> bin.2.100.0 (junction folder) rem ./externals -> externals.2.100.0 (junction folder) rem ./bin.2.100.0 rem ./externals.2.100.0 rem ./bin.2.99.0 rem ./externals.2.99.0 rem by using the junction folder we can avoid file in use problem. rem if the bin/externals junction point already exist, we just need to delete the junction point then re-create to point to new bin/externals folder. rem if the bin/externals still are real folders, we need to rename the existing folder to bin.version format then create junction point to new bin/externals folder. rem check bin folder rem we do findstr /C:" bin" since in migration mode, we create a junction folder from agent to bin. rem as result, dir /AL | findstr "bin" will return the agent folder. output looks like (07/27/2016 05:21 PM agent [E:\bin]) dir "%rootfolder%" /AL 2>&1 | findstr /C:" bin" >> "%logfile%" 2>&1 if ERRORLEVEL 1 ( rem return code 1 means it cannot find a bin folder that is a junction folder rem so we need to move the current bin folder to bin.2.99.0 folder. echo [%date% %time%] move "%rootfolder%\bin" "%rootfolder%\bin.%existagentversion%" >> "%logfile%" 2>&1 move "%rootfolder%\bin" "%rootfolder%\bin.%existagentversion%" >> "%logfile%" 2>&1 if ERRORLEVEL 1 ( echo [%date% %time%] Cannot move "%rootfolder%\bin" to "%rootfolder%\bin.%existagentversion%" >> "%logfile%" 2>&1 goto fail ) ) else ( rem otherwise it find a bin folder that is a junction folder rem we just need to delete the junction point. echo [%date% %time%] Delete existing junction bin folder >> "%logfile%" 2>&1 rmdir "%rootfolder%\bin" >> "%logfile%" 2>&1 if ERRORLEVEL 1 ( echo [%date% %time%] Cannot delete existing junction bin folder >> "%logfile%" 2>&1 goto fail ) ) rem check externals folder dir "%rootfolder%" /AL 2>&1 | findstr "externals" >> "%logfile%" 2>&1 if ERRORLEVEL 1 ( rem return code 1 means it cannot find a externals folder that is a junction folder rem so we need to move the current externals folder to externals.2.99.0 folder. echo [%date% %time%] move "%rootfolder%\externals" "%rootfolder%\externals.%existagentversion%" >> "%logfile%" 2>&1 move "%rootfolder%\externals" "%rootfolder%\externals.%existagentversion%" >> "%logfile%" 2>&1 if ERRORLEVEL 1 ( echo [%date% %time%] Cannot move "%rootfolder%\externals" to "%rootfolder%\externals.%existagentversion%" >> "%logfile%" 2>&1 goto fail ) ) else ( rem otherwise it find a externals folder that is a junction folder rem we just need to delete the junction point. echo [%date% %time%] Delete existing junction externals folder >> "%logfile%" 2>&1 rmdir "%rootfolder%\externals" >> "%logfile%" 2>&1 if ERRORLEVEL 1 ( echo [%date% %time%] Cannot delete existing junction externals folder >> "%logfile%" 2>&1 goto fail ) ) rem create junction bin folder echo [%date% %time%] Create junction bin folder >> "%logfile%" 2>&1 mklink /J "%rootfolder%\bin" "%rootfolder%\bin.%downloadagentversion%" >> "%logfile%" 2>&1 if ERRORLEVEL 1 ( echo [%date% %time%] Cannot create junction bin folder >> "%logfile%" 2>&1 goto fail ) rem create junction externals folder echo [%date% %time%] Create junction externals folder >> "%logfile%" 2>&1 mklink /J "%rootfolder%\externals" "%rootfolder%\externals.%downloadagentversion%" >> "%logfile%" 2>&1 if ERRORLEVEL 1 ( echo [%date% %time%] Cannot create junction externals folder >> "%logfile%" 2>&1 goto fail ) echo [%date% %time%] Update succeed >> "%logfile%" 2>&1 rem rename the update log file with %logfile%.succeed/.failed/succeedneedrestart rem agent service host can base on the log file name determin the result of the agent update echo [%date% %time%] Rename "%logfile%" to be "%logfile%.succeed" >> "%logfile%" 2>&1 move "%logfile%" "%logfile%.succeed" >nul rem restart interactive agent if needed if %restartinteractiveagent% equ 1 ( echo [%date% %time%] Restart interactive agent >> "%logfile%.succeed" 2>&1 endlocal start "Vsts Agent" cmd.exe /k "%rootfolder%\run.cmd" ) else ( endlocal ) goto :eof :fail echo [%date% %time%] Rename "%logfile%" to be "%logfile%.failed" >> "%logfile%" 2>&1 move "%logfile%" "%logfile%.failed" >nul goto :eof ================================================ FILE: src/Misc/layoutbin/update.sh.template ================================================ #!/bin/bash # agent will replace key words in the template and generate a batch script to run. # Keywords: # PROCESSID = pid # AGENTPROCESSNAME = agent.listener[.exe] # ROOTFOLDER = ./ # EXISTAGENTVERSION = 2.100.0 # DOWNLOADAGENTVERSION = 2.101.0 # UPDATELOG = _diag/SelfUpdate-UTC.log # RESTARTINTERACTIVEAGENT = 0/1 agentpid=_PROCESS_ID_ agentprocessname=_AGENT_PROCESS_NAME_ rootfolder="_ROOT_FOLDER_" existagentversion=_EXIST_AGENT_VERSION_ downloadagentversion=_DOWNLOAD_AGENT_VERSION_ logfile="_UPDATE_LOG_" restartinteractiveagent=_RESTART_INTERACTIVE_AGENT_ # log user who run the script date "+[%F %T-%4N] --------whoami--------" >> "$logfile" 2>&1 whoami >> "$logfile" 2>&1 date "+[%F %T-%4N] --------whoami--------" >> "$logfile" 2>&1 # wait for agent process to exit. date "+[%F %T-%4N] Waiting for $agentprocessname ($agentpid) to complete" >> "$logfile" 2>&1 while [ -e /proc/$agentpid ] do date "+[%F %T-%4N] Process $agentpid still running" >> "$logfile" 2>&1 # explicitly setting interval to 1 sec since it is possible for a host to have a different # default interval value ping -c 2 -i 1 127.0.0.1 > /dev/null done date "+[%F %T-%4N] Process $agentpid finished running" >> "$logfile" 2>&1 # start re-organize folders date "+[%F %T-%4N] Sleep 1 more second to make sure process exited" >> "$logfile" 2>&1 ping -c 2 -i 1 127.0.0.1 > /dev/null # the folder structure under agent root will be # ./bin -> bin.2.100.0 (junction folder) # ./externals -> externals.2.100.0 (junction folder) # ./bin.2.100.0 # ./externals.2.100.0 # ./bin.2.99.0 # ./externals.2.99.0 # by using the junction folder we can avoid file in use problem. # if the bin/externals junction point already exist, we just need to delete the junction point then re-create to point to new bin/externals folder. # if the bin/externals still are real folders, we need to rename the existing folder to bin.version format then create junction point to new bin/externals folder. # check bin folder if [[ -L "$rootfolder/bin" && -d "$rootfolder/bin" ]] then # return code 0 means it find a bin folder that is a junction folder # we just need to delete the junction point. date "+[%F %T-%4N] Delete existing junction bin folder" >> "$logfile" 2>&1 rm -f "$rootfolder/bin" >> "$logfile" 2>&1 if [ $? -ne 0 ] then date "+[%F %T-%4N] Cannot delete existing junction bin folder" >> "$logfile" 2>&1 mv -fv "$logfile" "$logfile.failed" exit 1 fi else # otherwise, we need to move the current bin folder to bin.2.99.0 folder. date "+[%F %T-%4N] move $rootfolder/bin $rootfolder/bin.$existagentversion" >> "$logfile" 2>&1 mv -fv "$rootfolder/bin" "$rootfolder/bin.$existagentversion" >> "$logfile" 2>&1 if [ $? -ne 0 ] then date "+[%F %T-%4N] Cannot move $rootfolder/bin to $rootfolder/bin.$existagentversion" >> "$logfile" 2>&1 mv -fv "$logfile" "$logfile.failed" exit 1 fi fi # check externals folder if [[ -L "$rootfolder/externals" && -d "$rootfolder/externals" ]] then # the externals folder is already a junction folder # we just need to delete the junction point. date "+[%F %T-%4N] Delete existing junction externals folder" >> "$logfile" 2>&1 rm -f "$rootfolder/externals" >> "$logfile" 2>&1 if [ $? -ne 0 ] then date "+[%F %T-%4N] Cannot delete existing junction externals folder" >> "$logfile" 2>&1 mv -fv "$logfile" "$logfile.failed" exit 1 fi else # otherwise, we need to move the current externals folder to externals.2.99.0 folder. date "+[%F %T-%4N] move $rootfolder/externals $rootfolder/externals.$existagentversion" >> "$logfile" 2>&1 mv -fv "$rootfolder/externals" "$rootfolder/externals.$existagentversion" >> "$logfile" 2>&1 if [ $? -ne 0 ] then date "+[%F %T-%4N] Cannot move $rootfolder/externals to $rootfolder/externals.$existagentversion" >> "$logfile" 2>&1 mv -fv "$logfile" "$logfile.failed" exit 1 fi fi # create junction bin folder date "+[%F %T-%4N] Create junction bin folder" >> "$logfile" 2>&1 ln -s "$rootfolder/bin.$downloadagentversion" "$rootfolder/bin" >> "$logfile" 2>&1 if [ $? -ne 0 ] then date "+[%F %T-%4N] Cannot create junction bin folder" >> "$logfile" 2>&1 mv -fv "$logfile" "$logfile.failed" exit 1 fi # create junction externals folder date "+[%F %T-%4N] Create junction externals folder" >> "$logfile" 2>&1 ln -s "$rootfolder/externals.$downloadagentversion" "$rootfolder/externals" >> "$logfile" 2>&1 if [ $? -ne 0 ] then date "+[%F %T-%4N] Cannot create junction externals folder" >> "$logfile" 2>&1 mv -fv "$logfile" "$logfile.failed" exit 1 fi date "+[%F %T-%4N] Update succeed" >> "$logfile" 2>&1 # rename the update log file with %logfile%.succeed/.failed/succeedneedrestart # agent service host can base on the log file name determin the result of the agent update date "+[%F %T-%4N] Rename $logfile to be $logfile.succeed" >> "$logfile" 2>&1 mv -fv "$logfile" "$logfile.succeed" # restart interactive agent if needed if [ $restartinteractiveagent -ne 0 ] then date "+[%F %T-%4N] Restarting interactive agent" >> "$logfile.succeed" 2>&1 "$rootfolder/run.sh" & fi ================================================ FILE: src/Misc/layoutbin/vsts.agent.plist.template ================================================ Label {{SvcName}} ProgramArguments {{AgentRoot}}/runsvc.sh UserName {{User}} WorkingDirectory {{AgentRoot}} RunAtLoad StandardOutPath {{UserHome}}/Library/Logs/{{SvcName}}/stdout.log StandardErrorPath {{UserHome}}/Library/Logs/{{SvcName}}/stderr.log EnvironmentVariables VSTS_AGENT_SVC 1 ================================================ FILE: src/Misc/layoutbin/vsts.agent.service.template ================================================ [Unit] Description={{Description}} After=network.target [Service] ExecStart={{AgentRoot}}/runsvc.sh User={{User}} WorkingDirectory={{AgentRoot}} KillMode=process KillSignal=SIGTERM TimeoutStopSec=5min [Install] WantedBy=multi-user.target ================================================ FILE: src/Misc/layoutbin/zh-CN/strings.json ================================================ { "AcceptTeeEula": "是否现在接受 Team Explorer Everywhere 许可协议? (Y/N)", "AccessDenied": "拒绝访问", "AccessDeniedSettingDelayedStartOption": "设置服务延迟自动启动选项时访问被拒绝。", "AccessDeniedSettingRecoveryOption": "设置服务恢复选项时拒绝访问。", "AccessDeniedSettingSidType": "设置服务 SID 类型时拒绝访问。", "AddAgentFailed": "无法添加代理。请重试或按 Ctrl-c 退出", "AddBuildTag": "添加生成标记", "AddDeploymentGroupTagsFlagDescription": "代理的部署组标记? (Y/N)", "AddEnvironmentVMResourceTags": "环境虚拟机资源标记? (是/否)", "AgentAddedSuccessfully": "已成功添加代理。", "AgentAlreadyInsideContainer": "代理已在容器内运行时,不支持容器功能。请参考文档(https://go.microsoft.com/fwlink/?linkid=875268)", "AgentCdnAccessFailWarning": "所需操作: Azure Pipelines 代理无法访问新的 CDN URL。立即将 'download.agent.dev.azure.com' 加入允许列表,以防止管道故障。详细信息: https://devblogs.microsoft.com/devops/cdn-domain-url-change-for-agents-in-pipelines/", "AgentDoesNotSupportContainerFeatureRhel6": "代理不支持 Red Hat Enterprise Linux 6 或 CentOS 6 上的容器功能。", "AgentDowngrade": "正在将代理降级到较低的版本。这通常是由于当前为 bug 修复而发布的代理回退所导致的。若要禁用此行为,请在启动代理之前设置环境变量 AZP_AGENT_DOWNGRADE_DISABLED=true。", "AgentExit": "代理将很快退出以进行更新,应该会在 10 秒内重新联机。", "AgentIsNotConfigured": "未配置代理。", "AgentMachineNameLog": "代理计算机名称:“{0}”", "AgentMachinePoolNameLabel": "代理池", "AgentName": "代理名称", "AgentNameLog": "代理名称: \"{0}\"", "AgentOutOfMemoryFailure": "代理辅助角色已退出,代码为 137,这意味着内存不足。确保代理(容器)主机配置了足够的内存。", "AgentReplaced": "已成功替换代理", "agentRootFolderCheckError": "无法检查代理根文件夹的访问规则。有关更多详细信息,请查看日志。", "agentRootFolderInsecure": "安全警告! 组 {0} 有权写入/修改代理文件夹。有关更多详细信息,请查看日志。", "AgentRunningBehindProxy": "代理在代理服务器后面运行:“{0}”", "AgentVersion": "当前代理版本: \"{0}\"", "AgentWithSameNameAlreadyExistInPool": "池 {0} 已包含一个名为 {1} 的代理。", "AllowContainerUserRunDocker": "允许用户“{0}”在没有 SUDO 的情况下运行任何 docker 命令。", "AlreadyConfiguredError": "无法配置代理,因为它已配置。若要重新配置代理,请先运行“config.cmd remove”或“./config.sh remove”。", "ApkAddShadowFailed": "用户 ID 超出 'adduser' 命令的范围。无法使用替代命令 'useradd',因为未预安装 'shadow' 包,并且尝试安装此包失败。检查网络可用性或使用预安装了 'shadow' 包的 docker 映像。", "ArgumentNeeded": "必须指定 “{0}”。", "ArtifactCustomPropertiesNotJson": "项目自定义属性不是有效的 JSON:“{0}”", "ArtifactCustomPropertyInvalid": "项目自定义属性必须以“user-”作为前缀。无效属性:“{0}”", "ArtifactDownloadFailed": "无法从 {0} 下载项目。", "ArtifactLocationRequired": "项目位置是必需的。", "ArtifactNameIsNotValid": "工件名称无效: {0}。它不能包含 \"\\\"、\"/\"、'、\":\"、\"<', '>\"、\"|\"、\"*\" 和 \"?\"", "ArtifactNameRequired": "项目名称是必需的。", "ArtifactTypeRequired": "项目类型是必需的。", "AssociateArtifact": "关联项目", "AssociateArtifactCommandNotSupported": "{0} 不支持关联服务器项目。", "AssociateArtifactWithBuild": "与生成 {1} 关联的项目 {0}", "AssociateFiles": "关联文件", "AttachFileNotExist": "无法附加 (type:{0} name:{1}) 文件: {2}。文件不存在。", "AttachmentExceededMaximum": "正在跳过附件,因为它超出了允许的最大大小 75MB: {0}", "AttemptRemoveCredFromConfig": "尝试使用 git 命令行从 git 配置中删除“{0}”失败。正在尝试直接修改 git 配置文件以删除凭据。", "AuthenticationType": "身份验证类型", "AutoLogonAccountGmsaHint": "如果尝试使用 gMSA 帐户,请在帐户名称末尾放一个美元符号($))", "AutoLogonAccountNameDescription": "用于自动登录的用户帐户", "AutoLogonOverwriteDeniedError": "无法配置 autologon,因为它已在计算机上为其他用户({0})配置。如果要覆盖,请使用“--overwriteautologon”。", "AutoLogonPolicies_LegalNotice": "法律声明", "AutoLogonPolicies_ShutdownReason": "关闭原因", "AutoLogonPoliciesInspection": "检查可能阻止自动登录正常工作的策略。", "AutoLogonPoliciesWarningsHeader": "以下策略可能会影响自动登录:", "BeginArtifactItemsIntegrityCheck": "启动项目完整性检查", "BlobStoreDownloadWarning": "从 Blobstore 下载项目失败,回退到 TFS。这将降低下载性能。检查防火墙规则是否允许访问 {0}。请确保代理防火墙配置正确: {1}", "BlobStoreUploadWarning": "项目上传到 Blobstore 失败,回退到 TFS。此回退将在将来的版本中删除。检查防火墙规则是否允许访问 {0}。请确保代理防火墙配置正确: {1}", "BuildDirLastUseTIme": "上次使用生成目录“{0}”的时间为: {1}", "BuildIdIsNotAvailable": "尝试下载“{0}”环境中的管道工件,但生成 ID 不存在。如果工件是生成,只能下载“{1}”环境中的管道工件。", "BuildIdIsNotValid": "生成 ID 无效: {0}", "BuildingFileTree": "生成文件树", "BuildLogsMessage": "代理已禁用上传日志。作业完成后,可以在代理上的 {0} 检索此步骤的日志。", "BuildNumberRequired": "生成号是必需的。", "BuildsDoesNotExist": "提供的管道定义中当前没有任何生成。", "BuildTagAddFailed": "未成功添加生成标记“{0}”。", "BuildTagRequired": "生成标记是必需的。", "BuildTagsForBuild": "生成“{0}”具有以下标记: {1}", "CannotChangeParentTimelineRecord": "无法更改现有时间线记录的父时间线记录。", "CannotDownloadFromCurrentEnvironment": "无法从 {0} 环境下载管道工件。", "CannotFindHostName": "从服务器 URL 中找不到 VSTS 组织名称:“{0}”", "CanNotFindService": "找不到服务 {0}", "CanNotGrantPermission": "无法向用户授予 LogonAsService 权限 {0}", "CanNotStartService": "无法启动服务。有关更多详细信息,请查看日志。", "CanNotStopService": "无法及时停止服务 {0}。", "CannotUploadFile": "无法上传文件,因为未指定文件位置。", "CannotUploadFromCurrentEnvironment": "无法从 {0} 环境上传到管道工件。", "CannotUploadSummary": "无法上传摘要文件,未指定摘要文件位置。", "CheckoutTaskDisplayNameFormat": "签出 {0}@{1} 到 {2}", "CleaningDestinationFolder": "正在清理目标文件夹: {0}", "ClientId": "客户端 (App) ID", "ClientSecret": "客户端密码", "ClockSkewStopRetry": "在 {0} 秒后停止重试 OAuth 令牌请求异常。", "CodeCoverageDataIsNull": "未找到覆盖率数据。有关更多详细信息,请检查生成错误/警告。", "CodeCoveragePublishIsValidOnlyForBuild": "发布代码覆盖率仅适用于“build”。", "CollectionName": "集合名称", "CommandDuplicateDetected": "已为区域 {0} 安装命令 {1}", "CommandKeywordDetected": "“{0}”包含日志记录命令关键字 \"##vso\",但它不是合法的命令。请查看已接受的命令的列表: https://go.microsoft.com/fwlink/?LinkId=817296", "CommandLineHelp": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "命令:", " .{0}config.{1} 配置代理", " .{0}config.{1} remove 取消配置代理", " .{0}run.{1} 以交互方式运行代理", " .{0}run.{1} --once 运行代理后,在关闭前最多接受一个作业", "", "选项:", " --version 打印代理版本", " --commit 打印代理提交", " --help 打印每个命令的帮助" ], "CommandLineHelp_Common": [ "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "常用选项:", "--url 服务器的 URL。例如: https://myaccount.visualstudio.com 或", " http://onprem:8080/tfs", "--auth 身份验证类型。有效值为:", " pat (个人访问令牌)", " 协商 (Kerberos 或 NTLM)", " alt (基本身份验证)", " 集成(Windows 默认凭据)", "sp (服务主体)", "--token 与 --auth pat 一起使用。个人访问令牌。", " --userName 与 --auth negotiate 或 --auth alt 一起使用。指定 Windows 用户", " 名称格式: domain\\userName 或 userName@domain.com", " --password 与 --auth negotiate 或 --auth alt 一起使用。", " --unattended 无人参与配置。系统不会提示你。所有答案都必须", " 将提供给命令行。", " --version 打印代理版本", " --commit 打印代理提交", "--help 打印帮助" ], "CommandLineHelp_Configure": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", ".{0}config.{1} [options]", "", "有关未配置的帮助,请参阅: .{0}config.{1} 删除 --help", "", "{2}", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "配置选项:", "--pool 要加入的代理的池名称", "--agent 代理名称", "--replace 替换池中的代理。如果另一个代理正在侦听", " 名称,它将开始失败并出现冲突。", "--work 存储作业数据的工作目录。默认设置为_work", " 代理目录的根目录。工作目录归给定目录所有", " 代理,不应在多个代理之间共享。", "--acceptTeeEula macOS 和 Linux。接受 TEE 最终用户许可协议。", "--gitUseSChannel 仅 Windows。让 Git 使用 Windows 的本机证书存储。", "--alwaysExtractTask 为每个管道步骤的任务执行解压缩。", " --disableLogUploads 不要将控制台日志流式输出或发送到服务器。相反,你可以在作业完成后从代理主机的文件系统中检索它们。注意:不能与 --reStreamLogsToFiles 一起使用,这将导致错误。", " --reStreamLogsToFiles 将控制台日志输出流式传输或发送到服务器以及代理主机的文件系统上的日志文件。注意:不能与 --disableLogUploads 一起使用,这将导致错误。", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "启动选项(仅限 Windows):", "--runAsService 将代理配置为作为 Windows 服务运行。需要", " 管理员权限。", "--preventServiceStart 将 Windows 服务配置为在配置后不立即运行。", "--runAsAutoLogon 配置自动登录并在启动时运行代理。需要", " 管理员权限。", "--windowsLogonAccount 与 --runAsService 或 --runAsAutoLogon 一起使用。指定 Windows 用户", " 名称格式: domain\\userName 或 userName@domain.com", " --windowsLogonPassword 与 --runAsService 或 --runAsAutoLogon一起使用。Windows 登陆密码。", "--overwriteAutoLogon 与 --runAsAutoLogon 一起使用。覆盖任何现有自动登录", " 计算机。", " --noRestart 与 --runAsAutoLogon 一起使用。请勿在配置后重启", " 完成。", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "部署组选项:", "--deploymentGroup 将代理配置为部署组代理。", "--projectName 与 --deploymentGroup 一起使用。团队项目名称。", "--addDeploymentGroupTags 与 --deploymentGroup 一起使用。指定以添加部署组标记。", " --deploymentGroupName 与 --deploymentGroup 一起使用。为代理部署组以加入。", " --deploymentGroupTags 与 --addDeploymentGroupTags 一起使用。以逗号分隔的标记列表", " 部署组代理。例如“web, db”。", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "无人参与配置示例:", "", "VSTS 身份验证", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --acceptTeeEula", "", "具有集成身份验证的本地 TFS(仅 Windows)", ".\\config.cmd --unattended --url http://mylocaltfsserver:8080/tfs --auth integrated --pool default --agent myAgent", "", "具有协商身份验证的本地 TFS", ".{0}config.{1} --unattended --url http://mylocaltfsserver:8080/tfs --auth negotiate --userName myDomain\\myUserName --password myPassword --pool default --agent myAgent --acceptTeeEula", "", "将现有代理替换为相同的代理名称", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --replace --acceptTeeEula", "", "指定代理工作目录(Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work D:\\agent_work", "", "指定代理工作目录(macOS 和 Linux)", "./config.sh --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work usr/local/agent_work", "", "作为作为 NetworkService 登录的 Windows 服务运行(仅 Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService", "", "作为以域帐户登录的 Windows 服务运行(仅 Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "作为以域帐户(仅 Windows)登录且不会立即启动服务的 Windows 服务运行", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --preventServiceStart --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword ", "", "以自动登录代理身份运行(仅 Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "作为自动登录代理运行,在配置后不重启(仅 Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword --noRestart", "", "部署组代理作为作为本地系统登录的 Windows 服务运行(仅 Windows)", ".\\config.cmd --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\"", "", "具有标记的部署组代理", ".{0}config.{1} --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\" --acceptTeeEula" ], "CommandLineHelp_Env": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "环境变量:", "可以将任何命令行参数指定为环境变量。使用格式", "VSTS_AGENT_INPUT_。例如: VSTS_AGENT_INPUT_PASSWORD" ], "CommandLineHelp_Remove": [ ".{0}config.{1} 删除 [options]", "", "{2}", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "无人参与删除示例:", "", "VSTS", ".{0}config.{1} remove --unattended --auth pat --token myToken", "", "具有集成身份验证的本地 TFS(仅 Windows)", ".{0}config.{1} remove --unattended --auth integrated", "", "具有集成身份验证的本地 TFS", ".{0}config.{1} remove --unattended --auth negotiate --username myDomain\\myUserName --password myPassword" ], "CommandNotAllowed": "由于策略限制,此步骤中不允许使用 ##vso[{0}.{1}]。请参考文档(http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound": "找不到 ##vso[{0}.command] 的命令扩展。请参考文档(http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound2": "对于 {2} 命令扩展来说,##vso[{0}.{1}] 不是已识别的命令。请参阅参考文档(http://go.microsoft.com/fwlink/?LinkId=817296)。", "CommandNotSupported": "{0} 命令不支持 {1} 流。请参考文档(http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandProcessFailed": "无法成功处理命令“{0}”。请参考文档(http://go.microsoft.com/fwlink/?LinkId=817296)", "ConnectingToServer": "正在连接服务器...", "ConnectSectionHeader": "连接", "ConnectToServer": "正在连接到服务器。", "ContainerWindowsVersionRequirement": "容器功能需要 Windows Server 1803 或更高版本。请参考文档(https://go.microsoft.com/fwlink/?linkid=875268)", "CopyFileComplete": "已成功将项目发布到 {0}", "CopyFileToDestination": "将文件 \"{0}\" 复制到 \"{1}\"", "CorruptedArtifactItemsList": "以下项未通过完整性检查:", "CouldNotRemoveService": "无法删除服务 \"{0}\"", "CreateUserWithSameUIDInsideContainer": "尝试在容器中创建 UID 为 \"{0}\" 的用户。", "CurrentUTC": "当前 UTC: {0}", "CustomLogDoesNotExist": "未提供日志文件路径或文件不存在: \"{0}\"", "CustomMarkDownSummaryDoesNotExist": "未提供 Markdown 摘要文件路径或文件不存在: \"{0}\"", "DeleteGCTrackingFile": "删除 \"{0}\" 后删除 gc 跟踪文件", "DeleteUnusedBuildDir": "删除未使用的生成目录", "DeleteUnusedReleaseDir": "删除未使用的发布目录", "Deleting": "正在删除: {0}", "DeletingCredentials": "正在删除 .credentials", "DeletingSettings": "正在删除 .agent", "DeploymentGroupName": "部署组名", "DeploymentGroupNotFound": "找不到部署组: \"{0}\"", "DeploymentGroupTags": "逗号分隔的标记列表(例如 web, db)", "DeploymentGroupTagsAddedMsg": "已成功添加标记", "DeploymentMachineWithSameNameAlreadyExistInDeploymentGroup": "DeploymentGroup {0} 已包含名为 {1} 的计算机。", "DeploymentPoolName": "部署池名称", "DeploymentPoolNotFound": "未找到部署池: \"{0}\"", "DeprecatedNode6": "此任务使用节点 6 执行处理程序,它将于 2022 年 3 月 31 日移除。如果你是该任务的开发人员,请查看向节点 10 处理程序迁移的指南–https://aka.ms/migrateTaskNode10 (如果要禁用节点 6 弃用警告,请查看此页)。如果你是用户,请随时与此任务的所有者联系以继续迁移。", "DeprecatedNodeRunner": "任务“{0}”'版本 {1} ({2}@{1})依赖于生命周期已结束的 Node 版本({3})。请与扩展所有者联系以获取任务的更新版本。任务维护人员应查看 Node 升级指南: https://aka.ms/node-runner-guidance", "DeprecatedRunner": "任务“{0}”依赖于生命周期结束且将来将被删除的任务运行程序。作者应查看节点升级指南: https://aka.ms/node-runner-guidance。", "DeprecationMessage": "任务“{0}”版本 {1} ({2}@{1})已弃用。", "DeprecationMessageHelpUrl": "有关此任务的详细信息,请参阅 {0}。", "DeprecationMessageRemovalDate": "此任务将被删除。从 {0} 起,它可能不再可用。", "DirectoryHierarchyUnauthorized": "\"{0}\" 以及层次结构上的每个目录都需要读取目录内容的权限。{1}", "DirectoryIsEmptyForArtifact": "目录 \"{0}\" 为空。没有要添加到生成工件 \"{1}\" 的内容。", "DirectoryNotFound": "找不到目录: \"{0}\"", "DirExpireLimit": "目录过期限制: {0} 天。", "DiscoverBuildDir": "发现超过 {0} 天未使用的过时生成目录。", "DiscoverReleaseDir": "发现超过 {{0}} 天未使用的过时发布目录。", "DockerCommandFinalExitCode": "{0} 的最终退出代码: {1}", "DownloadAgent": "正在下载 {0} 代理", "DownloadArtifactFinished": "下载项目已完成。", "DownloadArtifacts": "下载项目", "DownloadArtifactsFailed": "下载项目失败: {0}", "DownloadArtifactTo": "将项目下载到: {0}", "DownloadArtifactWarning": "请使用“下载生成工件”任务下载 {0} 类型生成工件。https://docs.microsoft.com/zh-cn/azure/devops/pipelines/tasks/utility/download-build-artifacts?view=azure-devops", "DownloadingFromBuild": "从指定的生成下载: #{0}", "DownloadingJenkinsCommitsBetween": "正在下载作业 {0} 到 {1} 之间的提交", "DownloadingJenkinsCommitsFailedWithException": "下载 Jenkins 项目 {0} 的提交失败。异常: {1}", "DownloadingMultiplePipelineArtifacts": "正在下载 {0} 个管道工件...", "DownloadingTask0": "正在下载任务: {0} ({1})", "EnableServiceSidTypeUnrestricted": "为代理服务启用 SERVICE_SID_TYPE_UNRESTRICTED (Y/N)", "EnsureJobFinished": "正在等待当前作业完成运行。", "EnsureTasksExist": "下载所有必需的任务。", "EnterValidValueFor0": "为 {0} 输入一个有效值。", "EnvironmentName": "环境名", "EnvironmentNotFound": "找不到环境: \"{0}\"", "EnvironmentVariableExceedsMaximumLength": "环境变量 \"{0}\" 超出了支持的最大长度。环境变量长度: {1},支持的最大长度: {2}", "EnvironmentVMResourceTags": "逗号分隔的标记列表(例如 web, db)", "ErrorDuringBuildGC": "无法根据“{0}”发现垃圾。请下次再试。", "ErrorDuringBuildGCDelete": "无法根据“{0}”完成垃圾回收。请下次再试。", "ErrorDuringReleaseGC": "无法根据“{0}”发现垃圾。请下次再试。", "ErrorDuringReleaseGCDelete": "无法根据“{0}”完成垃圾回收。请下次再试。", "ErrorOccurred": "发生错误: {0}", "ErrorOccurredWhilePublishingCCFiles": "发布代码覆盖率文件时出错。错误: {0}", "EulasSectionHeader": "最终用户许可协议", "EvaluateReleaseTrackingFile": "评估 ReleaseDirectory 跟踪文件: {0}", "EvaluateTrackingFile": "评估 BuildDirectory 跟踪文件: {0}", "Exiting": "正在退出...", "ExpectedMappingCloak": "预期的映射[{0}] 掩蔽: \"{1}\"。实际: \"{2}\"", "ExpectedMappingLocalPath": "预期的映射[{0}] 本地路径: \"{1}\"。实际: \"{2}\"", "ExpectedMappingRecursive": "预期的映射[{0}] 递归: \"{1}\"。实际: \"{2}\"", "ExpectedMappingServerPath": "预期的映射[{0}] 服务器路径: \"{1}\"。实际: \"{2}\"", "Failed": "失败: ", "FailedDeletingTempDirectory0Message1": "无法删除临时目录 \"{0}\"。{1}", "FailedTestsInResults": "在结果文件中检测到一个或多个测试失败。可以在“测试”选项卡中查看已发布测试结果的详细摘要。", "FailedToAddTags": "无法将标记应用到代理。请重试或按 Ctrl-c 退出。或者,可以转到部署组网页来添加标记", "FailedToConnect": "无法连接。请重试或按 Ctrl-c 退出", "FailedToDeleteTempScript": "无法删除临时内联脚本文件 \"{0}\"。{1}", "FailedToFindDeploymentGroup": "找不到部署组。请重试或按 Ctrl-c 退出", "FailedToFindEnvironment": "找不到环境。请重试或按 Ctrl-C 退出", "FailedToFindPool": "找不到池名。请重试或按 Ctrl-c 退出", "FailedToLockServiceDB": "无法锁定服务数据库以进行写入", "FailedToOpenSCM": "无法打开服务控制管理器", "FailedToOpenSCManager": "无法打开服务控制管理器", "FailedToPublishTestResults": "未能发布测试结果: {0}", "FailedToReadFile": "未能读取 {0}。错误: {1}。", "FailedToReplaceAgent": "无法替换代理。请重试或按 Ctrl-c 退出", "FailToRemoveGitConfig": "无法从 git 配置中删除 \"{0}\"。若要删除凭据,请从存储库根路径 \"{1}\" 执行 \"git config --unset-all {0}\"。", "FailToReplaceTokenPlaceholderInGitConfig": "无法替换 git 配置文件中 \"{0}\" 的占位符。", "FileAssociateProgress": "文件总数: {0} ----关联的文件: {1} ({2}%)", "FileContainerUploadFailed": "无法将文件复制到服务器 StatusCode={0}: {1}。源文件路径: {2}。目标服务器路径: {3}", "FileContainerUploadFailedBlob": "无法将文件上传到 Blob。源文件路径: {0}。目标服务器路径: {1}", "FileDoesNotExist": "文件 \"{0}\" 不存在或不可访问。", "FileNotFound": "找不到文件:“{0}”", "FilePathNotFound": "找不到 \"{0}\" 的文件路径。", "FileShareOperatingSystemNotSupported": "不支持将项目从 Linux 或 macOS 代理发布到文件共享。请将项目类型更改为 `Azure Pipelines` 或使用 Windows 代理。", "FileUploadCancelled": "上传文件期间已取消文件上传: \"{0}\"。", "FileUploadDetailTrace": "无法上传的文件的详细上传跟踪: {0}", "FileUploadFailed": "由于 \"{1}\",无法上传 \"{0}\"。", "FileUploadFailedAfterRetry": "重试后文件上传依然失败。", "FileUploadFailedRetryLater": "{0} 个文件上传失败,请在一分钟后重试这些文件。", "FileUploadFileOpenFailed": "上传文件 \"{1}\" 时出现文件错误 \"{0}\" 。", "FileUploadFinish": "文件: \"{0}\" 花费了 {1} 毫秒完成上传", "FileUploadProgress": "文件总数: {0} ----已处理的文件: {1} ({2}%)", "FileUploadProgressDetail": "正在上传 \"{0}\" ({1}%)。", "FileUploadRetry": "开始重试 {0} 个失败的文件上传。", "FileUploadRetryInSecond": "{0} 秒后重试文件上传。", "FileUploadRetrySucceed": "重试后文件上传成功。", "FileUploadSucceed": "文件上传成功。", "FinalizeJob": "完成作业", "FinishMaintenance": "维护已完成: {0}", "FoundErrorInTrace": [ "在诊断日志中报告了 {0}。有关更多详细信息,请查看日志。", " - {1}" ], "GCBuildDir": "删除孤立和过时的生成目录。", "GCBuildDirNotEnabled": "未启用删除孤立和过时的生成目录选项。", "GCDirIsEmpty": "生成目录无需为 GC。\"{0}\" 不含任何跟踪文件。", "GCDirNotExist": "生成目录不需要为 GC。\"{0}\" 不存在。", "GCOldFormatTrackingFile": "为 GC 标记跟踪文件 \"{0}\",因为它从未使用过。", "GCReleaseDir": "删除孤立或过时的发布目录。", "GCReleaseDirIsEmpty": "发布目录无需为 GC。\"{0}\" 不含任何跟踪文件。", "GCReleaseDirNotEnabled": "未启用删除孤立和过时的发布目录的选项。", "GCReleaseDirNotExist": "发布目录无需为 GC。\"{0}\" 不存在。", "GCUnusedTrackingFile": "为 GC 标记跟踪文件 \"{0}\",因为它已 {1} 天未使用。", "GenerateAndRunUpdateScript": "生成并执行更新脚本。", "GrantContainerUserSUDOPrivilege": "授予用户 \"{0}\" SUDO 特权,然后允许其运行任何命令而无需进行身份验证。", "GrantingFilePermissions": "正在向 \"{0}\" 授予文件权限。", "GroupDoesNotExists": "组: {0} 不存在", "ImageVersionLog": "当前映像版本: \"{0}\"", "InitializeContainer": "初始化容器", "InitializeJob": "初始化作业", "IntegrityCheckNotPassed": "项目完整性检查失败", "IntegrityCheckPassed": "已成功完成项目完整性检查", "InvalidAutoLogonCredential": "为 AutoLogon 输入的 Windows 凭据无效。请确保提供的凭据有效,并且在计算机上具有交互式登录权限。重试或按 Ctrl-c 退出", "InvalidCommandArg": "命令 \"{0}\" 包含一个或多个以下无效字符: \"、\\r、\\n。", "InvalidCommandResult": "命令没有有效的结果值。", "InvalidCompletedDate": "每个测试运行的持续时间将用作时间计算,因为从测试结果文件获得的最晚完成日期 {0} 晚于最早开始日期 {1}", "InvalidConfigFor0TerminatingUnattended": "为 {0} 提供的配置无效。正在终止无人参与的配置。", "InvalidDateFormat": "每个测试运行的持续时间将用作时间计算,因为从结果文件 {0} 获得的日期格式无效(开始日期: {1},完成日期: {2})。", "InvalidEndpointField": "终结点字段无效。有效的值为 URL、dataParameter、authParameter", "InvalidEndpointId": "终结点 ID 无效。", "InvalidEndpointUrl": "终结点 URL 无效。", "InvalidFileFormat": "文件格式无效。", "InvalidGroupName": "组名无效–{0}。", "InvalidMember": "无法将新成员添加到本地组,因为该成员的帐户类型错误。如果在域控制器上配置,则无法将内置计算机帐户添加到本地组。必须改用域用户帐户", "InvalidResultFiles": "结果文件无效。请确保文件 \"{0}\" 的结果格式与 \"{1}\" 测试结果格式匹配。", "InvalidSIDForUser": "配置/取消配置自动登录时,用户 {0}\\{1} 的安全标识符无效。有关更多详细信息,请参阅日志。", "InvalidValueInXml": "无法从摘要文件 \"{1}\" 中检索 \"{0}\" 的值。请验证摘要文件的格式是否标准,然后重试。", "InvalidWindowsCredential": "输入的 Windows 凭据无效。请重试或按 Ctrl-c 退出", "JenkinsBuildDoesNotExistsForCommits": "找不到 Jenkins 生成 {0} 和 {1} 的生成索引。找到的索引为 {2} 和 {3}。生成可能不存在", "JenkinsCommitsInvalidEndJobId": "与 Jenkins 项目 {1} 关联的 EndJobId {0} 无效。不会下载提交。", "JenkinsDownloadingChangeFromCurrentBuild": "找不到 endJobId,将提取当前生成的变更集", "JenkinsNoCommitsToFetch": "正在部署相同的生成。无需提取任何内容", "JenkinsRollbackDeployment": "正在下载作业 {0} 到 {1} 之间的回滚部署提交", "JobCompleted": "{0:u}: 作业 {1} 已完成,结果为: {2}", "LaunchBrowser": "要启动用于 AAD 设备代码流的浏览器? (是/否)", "ListenForJobs": "{0:u}: 正在侦听作业", "LocalClockSkewed": "本地计算机的时钟可能与服务器时间不同步,不同步的时间超过五分钟。请将时钟与域或 Internet 时间同步,然后重试。", "LocalSystemAccountNotFound": "找不到本地系统帐户", "LogOutputMessage": "代理已启用日志上传以及将日志保存到文件。作业完成后,你可以在代理的 {0} 上检索此步骤的日志。", "Maintenance": "维护", "MaxHierarchyLevelReached": "层次结构级别已超过支持的限制 {0},导致较低的层次结构被截断。", "MaxSubResultLimitReached": "测试用例 \"{0}\" 中的子结果数超过了支持上限 {1},正在截断剩余的子结果。", "MemberDoesNotExists": "成员: {0} 不存在", "MinimumNetFramework": "需要 .NET Framework x64 4.5 或更高版本。", "MinimumNetFramework46": "需要 .NET Framework x64 4.6 或更高版本。", "MinimumNetFrameworkTfvc": [ "未安装.NET Framework x64 4.6 或更高版本。", "", "同步 TFVC 存储库需要 .NET Framework x64 4.6 或更高版本。不需要同步 Git 存储库。" ], "MinRequiredDockerClientVersion": "所需的 Docker 引擎 API 客户端最低版本为 \"{0}\",而你的 Docker (\"{1}\")客户端版本为 \"{2}\"", "MinRequiredDockerServerVersion": "所需的 Docker 引擎 API 服务器最低版本为 \"{0}\",而你的 Docker (\"{1}\")服务器版本为 \"{2}\"", "MinRequiredGitLfsVersion": "所需的最低 git-lfs 版本为 \"{0}\",你的 git-lfs (\"{1}\")版本为 \"{2}\"", "MinRequiredGitVersion": "所需的 git 最低版本为 \"{0}\",你的 git (\"{1}\")版本为 \"{2}\"", "MinSecretsLengtLimitWarning": "机密的最小长度值太高。已设置最大值:{0}", "MissingAgent": "服务器上不再存在代理。请重新配置代理。", "MissingAttachmentFile": "无法上传任务附件文件,附件文件位置未指定或磁盘上不存在附件文件。", "MissingAttachmentName": "无法添加任务附件,未提供附件名。", "MissingAttachmentType": "无法添加任务附件,未提供附件类型。", "MissingConfig": "无法连接到服务器,因为缺少配置文件。正在跳过从服务器删除代理的过程。", "MissingEndpointField": "##vso[task.setendpoint] 命令中缺少必需的字段 \"field\"。", "MissingEndpointId": "##vso[task.setendpoint] 命令中缺少必填字段 \"ID\"。", "MissingEndpointKey": "##vso[task.setendpoint] 命令中缺少必需的字段 \"key\"。", "MissingNodePath": "此步骤需要代理文件系统中不存在的节点版本。路径: {0}", "MissingRepositoryAlias": "未提供存储库别名,因此无法更新存储库。", "MissingRepositoryPath": "未提供存储库路径,因此无法更新存储库。", "MissingTaskVariableName": "##vso[task.settaskvariable] 命令中缺少必填字段 \"variable\"。", "MissingTimelineRecordId": "无法更新时间线记录,未提供时间线记录 ID。", "MissingVariableName": "##vso[task.setvariable] 命令中缺少必填字段 \"variable\"。", "ModifyingCoberturaIndexFile": "正在修改 Cobertura 索引文件", "MultilineSecret": "密码不能包含多个行", "N": "N", "NameRequiredForTimelineRecord": "此新时间线记录需要名称。", "NeedAdminForAutologonCapability": "需要管理员权限才能使用自动登录配置代理。", "NeedAdminForAutologonRemoval": "需要管理员特权才能取消配置使用自动登录功能运行的代理。", "NeedAdminForConfigAgentWinService": "需要管理员权限才能将代理配置为 Windows 服务。", "NeedAdminForUnconfigWinServiceAgent": "需要管理员特权才能取消配置作为 Windows 服务运行的代理。", "NetworkServiceNotFound": "找不到网络服务帐户", "NoArtifactsFound": "版本 \"{0}\" 中没有可用的项目。", "NoFolderToClean": "未找到指定的清理文件夹。没有要清理的文件", "NoRestart": "稍后重启计算机? (是/否)", "NoRestartSuggestion": "代理配置过程中启用了自动登录。建议重新启动计算机,使自动登录设置生效。", "NoResultFound": "找不到发布“{0}”的结果。", "OnPremIsNotSupported": "本地不支持管道工件任务。请改用生成工件任务。", "OperatingSystemShutdown": "正在关闭计算机 \"{0}\" 的操作系统", "OperationFailed": "错误: 操作 {0} 失败,返回代码为 {1}", "OutputVariablePublishFailed": "未能发布输出变量。", "OverwriteAutoLogon": "因为已为用户 \"{0}\" 启用了自动登录,是否要覆盖现有自动登录设置? (Y/N)", "ParentProcessFinderError": "检查代理是否正在 PowerShell Core 中运行时出错。", "ParentTimelineNotCreated": "尚未为此新的时间线记录创建父时间线记录。", "Password": "密码", "PathDoesNotExist": "路径不存在: {0}", "PersonalAccessToken": "个人访问令牌", "PipelineDoesNotExist": "以下管道不存在: {0}。请验证管道的名称。", "PoolNotFound": "找不到代理池: \"{0}\"", "PostJob": "作业后: {0}", "PowerOptionsConfigError": "配置电源选项时出错。有关更多详细信息,请参阅日志。", "PowerShellNotInstalledMinVersion0": "未安装 PowerShell。所需的最低版本: {0}", "PreJob": "作业前: {0}", "PrepareBuildDir": "准备生成目录。", "PrepareReleasesDir": "准备发布目录。", "PrepareTaskExecutionHandler": "正在准备任务执行处理程序。", "Prepending0WithDirectoryContaining1": "正在具有包含 \"{1}\" 的目录的 {0} 环境变量前追加。", "PrerequisitesSectionHeader": "先决条件", "PreventServiceStartDescription": "是否阻止在配置完成后立即启动服务? (Y/N)", "ProcessCompletedWithCode0Errors1": "进程已完成,退出代码为 {0},{1} 个错误写入了错误流。", "ProcessCompletedWithExitCode0": "进程已完成,退出代码为 {0}。", "ProcessExitCode": "从进程返回的退出代码 {0}: 文件名 \"{1}\",参数 \"{2}\"。", "ProcessHandlerInvalidScriptArgs": "在参数中检测到可能无法由 shell 正确执行的字符。有关详细信息,请访问此处: https://aka.ms/ado/75787", "ProfileLoadFailure": "无法加载用户 {0}\\{1} 的用户配置文件,AutoLogon 配置不可用。", "ProjectName": "项目名称", "Prompt0": "输入 {0}", "Prompt0Default1": "输入 {0} (按 Enter 进行{1})", "PSModulePathLocations": "环境变量 PSModulePath 包含特定于 PowerShell Core 的模块位置。请注意,如果要在管道中使用 Windows PowerShell 任务,则可能会遇到错误。要解决此问题,请勿在 PowerShell Core (pwsh)下启动代理。", "PSScriptError": "PowerShell 脚本已完成,出现 {0} 个错误。", "PublishCodeCoverage": "发布代码覆盖率", "PublishedCodeCoverageArtifact": "已将 \"{0}\" 发布为项目 \"{1}\"", "PublishingArtifactUsingRobocopy": "正在使用 robocopy 上传项目。", "PublishingCodeCoverage": "正在将覆盖率摘要数据发布到 TFS 服务器。", "PublishingCodeCoverageFiles": "正在将代码覆盖率文件发布到 TFS 服务器。", "PublishingTestResults": "正在向测试运行 \"{0}\" 发布测试结果。", "PublishTestResults": "发布测试结果", "QueryingWorkspaceInfo": "正在查询工作区信息。", "QueueConError": "{0:u}: 代理连接错误: {1}。正在重试,直到重新连接。", "QueueConnected": "{0:u}: 代理已重新连接。", "QuietCheckoutModeRequested": "安静签出模式: 将更少的内容打印到控制台。", "ReadingCodeCoverageSummary": "正在从 \"{0}\" 读取代码覆盖率摘要", "ReadOnlyTaskVariable": "不允许覆盖只读任务变量 \"{0}\"。有关详细信息,请参阅 https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md for details。", "ReadOnlyTaskVariableWarning": "正在覆盖只读任务变量 \"{0}\"。之后将禁用此行为。有关详细信息,请参阅 https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md for details。", "ReadOnlyVariable": "不允许覆盖只读变量 \"{0}\"。有关详细信息,请参阅 https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md for details。", "ReadOnlyVariableWarning": "正在覆盖只读变量 \"{0}\"。之后将禁用此行为。有关详细信息,请参阅 https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md for details。", "RegisterAgentSectionHeader": "注册代理", "ReleaseDirLastUseTime": "上次使用的发布目录 \"{0}\" 是: {1}", "RenameIndexFileCoberturaFailed": "在发布 \"{2}\" 的代码覆盖率文件时将 \"{0}\" 重命名为 \"{1}\" 失败。内部异常: \"{3}\"", "Replace": "替换? (Y/N)", "RepositoryNotExist": "存储库不存在,无法更新它。", "ResourceMonitorAgentEnvironmentResource": "环境资源 - {0},{1},{2}", "ResourceMonitorCPUInfo": "CPU: 使用率 {0}%", "ResourceMonitorCPUInfoError": "无法获取 CPU 信息,异常: {0}", "ResourceMonitorDiskInfo": "磁盘: {0} {1} MB 可用(共 {2} MB)", "ResourceMonitorDiskInfoError": "无法获取磁盘信息,异常: {0}", "ResourceMonitorFreeDiskSpaceIsLowerThanThreshold": "{0} 上的可用磁盘空间低于 {1}%;当前已使用: {2}%", "ResourceMonitorMemoryInfo": "内存: 已使用 {0} MB (共 {1} MB)", "ResourceMonitorMemoryInfoError": "无法获取内存信息,异常: {0}", "ResourceMonitorMemorySpaceIsLowerThanThreshold": "可用内存低于 {0}%;当前已使用: {1}%", "ResourceUtilizationDebugOutputIsDisabled": "已禁用调试运行的资源利用率输出,如果要启用“AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT”变量,请将其切换为“true”", "ResourceUtilizationWarningsIsDisabled": "资源利用率警告已禁用,如果想要启用它,请将“DISABLE_RESOURCE_UTILIZATION_WARNINGS”变量切换为“true”", "RestartIn15SecMessage": "在 15 秒后重新启动计算机...", "RestartMessage": "重启计算机以启动代理,并使自动登录设置生效。", "ReStreamLogsToFilesError": "不能同时使用 --disableloguploads 和 --reStreamLogsToFiles!", "RetryCountLimitExceeded": "允许的最大尝试次数为 {0} 但结果为 {1}。重试尝试计数将减少到 {0}。", "RetryingReplaceAgent": "正在重试替换代理(第 {0} 次尝试/共 {1} 次)。下次尝试前等待 {2} 秒...", "RMApiFailure": "API {0} 失败,错误代码 {1}", "RMArtifactContainerDetailsInvalidError": "项目没有有效的容器详细信息: {0}", "RMArtifactContainerDetailsNotFoundError": "项目不包含容器详细信息: {0}", "RMArtifactDetailsIncomplete": "找不到下载项目所需的信息", "RMArtifactDirectoryNotFoundError": "项目目录不存在: {0}。如果最近更改了帐户 {1} 的密码,并且代理未更新,则可能会发生这种情况。如果是这种情况,请考虑重新配置代理。", "RMArtifactDownloadBegin": "正在下载类型 {1} 的链接项目 {0}...", "RMArtifactDownloadFinished": "下载的链接项目 {0}", "RMArtifactDownloadRequestCreationFailed": "无法创建从 URL 下载项目的请求: {0}", "RMArtifactEmpty": "项目不包含任何要下载的文件。", "RMArtifactMatchNotFound": "生成工件 \"{0}\" 不匹配任何命名模式,正在跳过下载", "RMArtifactNameDirectoryNotFound": "目录 \"{0}\" 不存在。正在回退到父目录: {1}", "RMArtifactsDownloadFinished": "已完成项目下载", "RMArtifactTypeFileShare": "项目类型: FileShare", "RMArtifactTypeNotSupported": "发布管理不支持在当前版本中下载项目类型 {0}", "RMArtifactTypeServerDrop": "项目类型: ServerDrop", "RMArtifactVersionNotBelongToArtifactSource": "ID 为 {0} 的项目版本不属于 ID 为 {1} 的链接项目源。", "RMBuildNotFromLinkedDefinition": "生成 {0} 不属于链接的生成定义 {1}。", "RMCachingAllItems": "正在缓存文件容器中的所有项...", "RMCachingComplete": "缓存完成。({0}ms)", "RMCachingContainerItems": "正在文件容器中缓存 \"{0}\" 下的项...", "RMContainerItemNotSupported": "不支持容器项目类型 \"{0}\"。", "RMContainerItemPathDoesnotExist": "文件容器项路径不以 {0} 开头: {1}", "RMContainerItemRequestTimedOut": "请求在 {0} 秒后超时,将睡眠 {1} 秒,然后重试。请求: {2} {3}", "RMCreatedArtifactsDirectory": "创建的项目目录: {0}", "RMCreatingArtifactsDirectory": "正在创建项目目录: {0}", "RMCustomEndpointNotFound": "在作业中找不到下载自定义项目所需的信息: {0}", "RMDownloadArtifactUnexpectedError": "下载项目时出现意外错误", "RMDownloadBufferSize": "下载缓冲区大小: {0}", "RMDownloadComplete": "下载完毕。", "RMDownloadingArtifact": "正在下载项目", "RMDownloadingArtifactFromFileContainer": "正在从文件容器 {0} 向目标 {1} 下载项目", "RMDownloadingArtifactFromFileShare": "正在从文件共享 {0} 将项目下载到目标 {1}", "RMDownloadingArtifactUsingRobocopy": "正在使用 robocopy 下载项目。", "RMDownloadingCommits": "正在下载提交", "RMDownloadingJenkinsArtifacts": "正在从 Jenkins 服务器下载项目", "RMDownloadProgress": "{0} 个放置的文件: {1} 个已下载,{2} 个为空", "RMDownloadProgressDetails": "{0} MB,下载速度 {1} KB/秒。下载时间: {2}。", "RMDownloadStartDownloadOfFile": "正在下载文件 {0}", "RMDownloadTaskCompletedStatus": "{0} 分钟内未完成任何下载任务。剩余任务状态:", "RMDownloadTaskStates": " {0}: \t{1} 个任务。", "RMEnsureArtifactFolderExistsAndIsClean": "正在确保项目文件夹 {0} 存在且干净。", "RMEnvironmentVariablesAvailable": "下面是可用的环境变量。请注意,可以通过将 \"_\" 替换为 \".\" 在任务(在 ReleaseDefinition 中)中引用这些环境变量,例如,可以使用 ReleaseDefinition 中的 Agent.Name 引用 AGENT_NAME 环境变量: {0}", "RMErrorDownloadingContainerItem": "下载 {0} 时出错: {1}", "RMErrorDuringArtifactDownload": "下载期间发生错误: {0}", "RMFailedCreatingArtifactDirectory": "无法创建发布项目目录 \"{0}\"。", "RMFileShareArtifactErrorOnNonWindowsAgent": "无法使用 OSX 或 Linux 代理从文件共享下载项目。可以从服务器下载项目或使用 Windows 代理。", "RMGitEndpointNotFound": "在作业中找不到下载 Team Foundation Git 项目所需的信息。", "RMGitHubEndpointNotFound": "在作业中找不到下载 GitHub 项目所需的信息: {0}", "RMGotJenkinsArtifactDetails": "已收到 Jenkins 项目详细信息", "RMJenkinsBuildId": "BuildId: {0}", "RMJenkinsEndpointNotFound": "在作业中找不到下载 Jenkins 项目所需的信息: {0}", "RMJenkinsInvalidBuild": "Jenkins 生成 {0} 无效。", "RMJenkinsJobName": "作业名: {0}", "RMJenkinsNoArtifactsFound": "Jenkins 生成 {0} 中没有任何项目。", "RMLowAvailableDiskSpace": "{0} 驱动器上的磁盘空间不足,可用空间小于 100 MB。", "RMNoBuildArtifactsFound": "生成 {0} 中没有可用的项目。", "RMParallelDownloadLimit": "并行下载限制: {0}", "RMPrepareToGetFromJenkinsServer": "正在准备从 Jenkins 服务器获取项目信息", "RMPreparingToDownload": "正在准备下载项目: {0}", "RMPreparingToGetBuildArtifactList": "正在准备从生成中获取可用项目列表", "RMReAttemptingDownloadOfContainerItem": "正在重新尝试下载 {0}。错误: {1}", "RMReceivedGithubArtifactDetails": "已收到 GitHub 项目详细信息", "RMReleaseNameRequired": "需要发布名。", "RMRemainingDownloads": "剩余 {0} 个下载。", "RMRetryingArtifactDownload": "正在重试下载...", "RMRetryingCreatingArtifactsDirectory": "无法创建发布项目目录 {0},出现异常 {1}。正在重试创建发布项目目录。", "RMRobocopyBasedArtifactDownloadExitCode": "Robocopy 退出代码: {0}", "RMRobocopyBasedArtifactDownloadFailed": "基于 Robocopy 的下载失败,退出代码: {0}", "RMStartArtifactsDownload": "正在启动项目下载...", "RMStreamTypeNotSupported": "发布管理不支持在当前版本中下载流类型 {0}", "RMTfsVCEndpointNotFound": "在作业中找不到下载 Team Foundation 版本控制项目所需的信息。", "RMUpdateReleaseName": "更新发布名。", "RMUpdateReleaseNameForRelease": "将发布 {1} 的发布名更新为 {0}。", "RMUpdateReleaseNameForReleaseComment": "正在使用任务日志记录命令将发布名更新为 {0}", "RMUserChoseToSkipArtifactDownload": "正在根据指定的设置跳过项目下载。", "RobocopyBasedPublishArtifactTaskExitCode": "Robocopy 退出代码: {0}", "RobocopyBasedPublishArtifactTaskFailed": "基于 robocopy 的发布失败,退出代码为: {0}", "Rosetta2Warning": "已知 X64 仿真会导致在代理进程中挂起。请使用本机(ARM)代理。", "RSAKeyFileNotFound": "找不到 RSA 密钥文件 {0}", "RunAgentAsServiceDescription": "是否将代理作为服务运行? (Y/N)", "RunAsAutoLogonDescription": "是否在启动时配置自动登录并运行代理? (Y/N)", "RunIDNotValid": "运行 ID 无效: {0}", "RunningJob": "{0:u}: 正在运行作业: {1}", "SavedSettings": "{0:u}: 已保存设置。", "ScanToolCapabilities": "正在扫描工具功能。", "ScreenSaverPoliciesInspection": "正在检查可能阻止禁用屏幕保护程序的策略。", "ScreenSaverPolicyWarning": "计算机上已定义屏幕保护程序策略。这可能导致屏幕保护程序再次启用。活动的屏幕保护程序可能会影响 UI 操作,例如,自动的 UI 测试可能会失败。", "SecretsAreNotAllowedInInjectedTaskInputs": "任务正在尝试访问包含机密的目标任务的以下输入: \n{0}\n。不允许将包含机密的输入传递给修饰器注入的任务。", "SelfManageGitCreds": "你处于自管理 git creds 模式。请确保代理主机可以绕过任何 git 身份验证质询。", "ServerTarpit": "服务器当前正在限制此作业。控制台行输出、作业状态报告和任务日志上传可能会出现延迟。", "ServerTarpitUrl": "链接到资源利用率页面(全局 1 小时视图): {0}。", "ServerTarpitUrlScoped": "链接到资源利用率页面(1 小时视图,按管道排列): {0}。", "ServerUrl": "服务器 URL", "ServiceAlreadyExists": "服务已存在: {0},它将被替换", "ServiceConfigured": "服务 {0} 已成功配置", "ServiceDelayedStartOptionSet": "服务 {0} 已成功设置为延迟自动启动", "ServiceInstalled": "已成功安装服务 {0}", "ServiceLockErrorRetry": "服务数据库锁定失败,代码 {0}。{1} 秒后重试...", "ServiceRecoveryOptionSet": "服务 {0} 已成功设置恢复选项", "ServiceSidTypeSet": "服务 {0} 已成功设置 SID 类型", "ServiceStartedSuccessfully": "服务 {0} 已成功启动", "SessionCreateFailed": "创建会话失败。{0}", "SessionExist": "此代理的会话已存在。", "SessionExistStopRetry": "在重试 {0} 秒后停止对 SessionConflictException 的重试。", "SetBuildVars": "设置生成变量。", "SetEnvVar": "正在设置环境变量 {0}", "SetVariableNotAllowed": "任务或生成定义已禁用设置变量 \"{0}\"。", "ShallowCheckoutFail": "Git 在浅存储库上签出失败,这可能是因为深度为 \"{0}\" 的 Git 提取不包括签出提交 \"{1}\"。请参考文档(http://go.microsoft.com/fwlink/?LinkId=829603)", "ShallowLfsFetchFail": "浅存储库上的 Git lfs 提取失败,这可能是因为深度为 \"{0}\" 的 Git 提取不包含 lfs 提取提交 \"{1}\"。请参考文档(http://go.microsoft.com/fwlink/?LinkId=829603)", "ShutdownMessage": "重启计算机以在交互模式下启动代理。", "Skipping": "不存在。正在跳过", "SkipTrackingFileWithoutRepoType": "跳过跟踪文件“{0}”,存储库类型尚未更新。", "SourceArtifactProviderNotFound": "找不到类型 {0} 的项目的源提供程序", "StartingArtifactDownload": "即将开始下载 {0}", "StartMaintenance": "开始维护: {0}", "StepCancelled": "将取消该操作。后续步骤不能包含预期日志。", "StepFinishing": "即将完成: {0}", "StepStarting": "正在启动: {0}", "StepTimedOut": "任务已超时。", "StopContainer": "停止容器", "Success": "成功: ", "SupportedRepositoryEndpointNotFound": "无法将任何源存储库终结点与任何受支持的源提供程序匹配。", "SupportedTaskHandlerNotFoundLinux": "当前操作系统不能运行此任务。这通常意味着该任务专为 Windows 编写。例如,专为 Windows 桌面 PowerShell 编写。", "SupportedTaskHandlerNotFoundWindows": "找不到支持的任务执行处理程序。任务不会携带与当前操作系统 \"{0}\" 兼容的实现。有关详细信息,请与任务创建者联系。", "SvnBranchCheckedOut": "已在修订版 {2} 签出存储库 {1} 的分支 {0}", "SvnEmptyServerPath": "空的相对服务器路径已映射到 \"{0}\"。", "SvnFileAlreadyExists": "文件 {0} 已存在", "SvnIncorrectRelativePath": "指定的相对路径“{0}”不正确。", "SvnMappingDuplicateLocal": "正在忽略本地路径={0} 的重复映射", "SvnMappingDuplicateServer": "正在忽略服务器路径={0} 的重复映射", "SvnMappingIgnored": "忽略了整个映射集。正在继续执行全部分支映射。", "SvnNotInstalled": "找不到已安装的 svn 命令行实用工具", "SvnSyncingRepo": "正在同步存储库: {0} (Svn)", "TarExtraction": "正在提取 tar 存档: {0}", "TarExtractionError": "无法提取 tar 存档 {0}: {1}", "TarExtractionNotSupportedInWindows": "Windows 不支持存档提取", "TarSearchStart": "即将开始搜索要提取的 tar 存档", "TarsFound": "找到了要提取的 {0} tar 存档", "TarsNotFound": "没有找到要提取的任何存档", "TaskDownloadFailed": "未能下载任务 \"{0}\"。错误 {1}", "TaskDownloadTimeout": "任务 \"{0}\" 未在 {1} 秒内完成下载。", "TaskSignatureVerificationFailed": "任务签名验证失败。", "TaskSignatureVerificationSucceeeded": "任务签名验证成功。", "TeeEula": [ "要从 TFVC 存储库生成源,需要接受 Team Explorer Everywhere 最终用户许可协议。从 Git 存储库生成源不需要此步骤。", "", "可在以下位置找到 Team Explorer Everywhere 许可协议的副本:", " {0}" ], "Telemetry": "遥测", "TelemetryCommandDataError": "无法分析遥测数据 {0}。错误: {1}", "TelemetryCommandFailed": "无法发布遥测数据。错误 {0}", "TenantId": "租户 ID", "TestAgentConnection": "正在测试代理连接。", "TestAttachmentNotExists": "正在跳过附件,因为它在磁盘上不可用: {0}", "TestResultsRemaining": "剩余测试结果: {0}。测试运行 ID: {1}。", "Tfs2015NotSupported": "对于 TFS 2015,Windows 不支持此代理。可以从代理池管理页下载 TFS 2015 Windows 代理。", "TotalThrottlingDelay": "作业遇到了由服务器限制导致的 {0} 秒总延迟。", "TotalUploadFiles": "正在上传 {0} 文件", "TypeRequiredForTimelineRecord": "类型对此新时间线记录是必需的。", "UnableResolveArtifactType": "无法从项目位置 {0} 推断项目类型。", "UnableToArchiveResults": "无法对测试结果进行存档: {0}", "UnableToParseBuildTrackingConfig0": "无法分析旧的生成跟踪配置。将改为创建新的生成目录。上一个目录可能处于未认领状态。旧配置内容: {0}", "UnconfigAutologon": "正在删除自动登录设置", "UnconfigureOSXService": "首先根据 https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-osx 取消配置服务", "UnconfigureServiceDService": "首先根据 https://www.visualstudio.com/en-us/docs/build/admin/agents/v2-linux 取消配置服务", "UnexpectedParallelCount": "并行计数“%s”不受支持。输入介于 1 到 128 之间的数字。", "UninstallingService": "正在删除服务", "UnknownCodeCoverageTool": "不支持代码覆盖率工具“{0}”。", "UnrecognizedCmdArgs": "无法识别的命令行输入参数:“{0}”。有关用法,请参阅:.\\config.cmd --help 或 ./config.sh --help", "UnregisteringAgent": "正在从服务器中删除代理", "UnsupportedGitLfsVersion": "当前的 Git LFS 版本为“{0}”,但代理不支持该版本。请至少升级到版本“{1}”。有关更多详细信息,请参阅 https://github.com/git-lfs/git-lfs/issues/3571。", "UnsupportedOsVersionByNet8": "管道代理即将更新的版本不支持此代理目前在其中运行的操作系统版本 ({0})。有关支持的操作系统版本,请参阅 https://aka.ms/azdo-pipeline-agent-net8。", "UpdateBuildNumber": "更新生成号", "UpdateBuildNumberForBuild": "为生成将内部版本号更新为 {0} 以生成 {1}", "UpdateInProgress": "代理更新正在进行中,请勿关闭代理。", "UpgradeToLatestGit": "若要获得更好的 Git 体验,请将 Git 升级到至少版本“{0}”。当前 Git 版本为“{1}”。", "UploadArtifact": "上传项目", "UploadArtifactCommandNotSupported": "不支持在 {0} 中上传服务器项目。", "UploadArtifactFinished": "管道工件上传完毕。", "UploadingPipelineArtifact": "从生成 #{1} 的 {0} 上传管道工件", "UploadToFileContainer": "将“{0}”上传到文件容器:“{1}”", "UserName": "用户名", "UserNameLog": "代理运行身份:“{0}”", "UserShutdownAgent": "代理已收到关闭信号。当代理服务停止或手动启动的代理被取消时,可能会发生这种情况。", "Variable0ContainsCyclicalReference": "无法展开变量“{0}”。检测到循环引用。", "Variable0ExceedsMaxDepth1": "无法展开变量“{0}”。已超过最大扩展深度({1})。", "VMResourceWithSameNameAlreadyExistInEnvironment": "ID 为“{0}”的环境已包含名为“{1}”的虚拟机资源。", "VSTSHostNonZeroReturn": "LegacyVSTSPowerShellHost.exe 已完成,返回代码为: {0}。", "WaitForServiceToStop": "正在等待服务停止...", "WindowsLogonAccountNameDescription": "用于服务的用户帐户", "WindowsLogonPasswordDescription": "帐户的密码 {0}", "WorkFolderDescription": "工作文件夹", "WorkspaceMappingNotMatched": "工作区 {0} 的工作区映射不匹配", "Y": "Y", "ZipSlipFailure": "条目在目标目录之外: {0}" } ================================================ FILE: src/Misc/layoutbin/zh-TW/strings.json ================================================ { "AcceptTeeEula": "(Y/N) 現在就接受 Team Explorer Everywhere 授權合約嗎?", "AccessDenied": "拒絕存取", "AccessDeniedSettingDelayedStartOption": "在設定服務延遲自動啟動選項時存取遭拒。", "AccessDeniedSettingRecoveryOption": "設定服務復原選項時存取遭拒。", "AccessDeniedSettingSidType": "設定服務 SID 類型時存取遭拒。", "AddAgentFailed": "無法新增代理程式。請再試一次,或按 Ctrl-C 結束", "AddBuildTag": "新增建置標籤", "AddDeploymentGroupTagsFlagDescription": "代理程式的部署群組標籤? (Y/N)", "AddEnvironmentVMResourceTags": "環境虛擬機器資源標籤? (是/否)", "AgentAddedSuccessfully": "已成功新增代理程式", "AgentAlreadyInsideContainer": "當代理程式已在容器中執行時,不支援容器功能。請參閱文件 (https://go.microsoft.com/fwlink/?linkid=875268)", "AgentCdnAccessFailWarning": "需要動作:Azure Pipelines 代理程式無法觸達新的 CDN URL。允許清單 'download.agent.dev.azure.com' 現在可防止管線失敗。詳細資料:https://devblogs.microsoft.com/devops/cdn-domain-url-change-for-agents-in-pipelines/", "AgentDoesNotSupportContainerFeatureRhel6": "代理程式不支援 Red Hat Enterprise Linux 6 或 CentOS 6 上的容器功能。", "AgentDowngrade": "將代理程式降級至較舊的版本。這通常是因為目前發佈的代理程式進行復原,以修正錯誤。若要停用此行為,請在啟動代理程式之前,設定環境變數 AZP_AGENT_DOWNGRADE_DISABLED=true。", "AgentExit": "代理程式即將結束以進行更新,應會在 10 秒內重新上線。", "AgentIsNotConfigured": "未設定代理程式。", "AgentMachineNameLog": "代理程式機器名稱: '{0}'", "AgentMachinePoolNameLabel": "代理程式集區", "AgentName": "代理程式名稱", "AgentNameLog": "代理程式名稱: '{0}'", "AgentOutOfMemoryFailure": "代理程式背景工作角色已結束,代碼為 137,這表示記憶體不足。請確定代理程式 (容器) 主機已設定足夠的記憶體。", "AgentReplaced": "已成功取代代理程式", "agentRootFolderCheckError": "無法檢查代理程式根資料夾的存取規則。如需詳細資料,請檢查記錄。", "agentRootFolderInsecure": "安全性警告! 群組 {0} 具有寫入/修改代理程式資料夾的存取。如需詳細資料,請檢查記錄。", "AgentRunningBehindProxy": "代理程式在 Proxy 伺服器後面執行: '{0}'", "AgentVersion": "目前的代理程式版本: '{0}'", "AgentWithSameNameAlreadyExistInPool": "集區 {0} 已經包含名為 {1} 的代理程式。", "AllowContainerUserRunDocker": "允許使用者 '{0}' 執行所有 Docker 命令,而不需使用 SUDO。", "AlreadyConfiguredError": "無法設定代理程式,因為它已設定。若要重新設定代理程式,請先執行 'config.cmd remove' 或 './config.sh remove'。", "ApkAddShadowFailed": "使用者識別碼超出 'adduser' 命令的範圍。無法使用替代命令 'useradd',因為未預先安裝 'shadow' 套件,而且嘗試安裝此套件失敗。檢查網路可用性,或使用預先安裝 'shadow' 套件的 Docker 映像。", "ArgumentNeeded": "必須指定 '{0}'。", "ArtifactCustomPropertiesNotJson": "成品自訂屬性不是有效的 JSON: '{0}'", "ArtifactCustomPropertyInvalid": "成品自訂屬性的首碼必須是 'user-'。不正確屬性: '{0}'", "ArtifactDownloadFailed": "無法從 {0} 下載成品。", "ArtifactLocationRequired": "需要成品位置。", "ArtifactNameIsNotValid": "成品名稱無效: {0}。名稱不可包含 '\\'、/'、\"'、':'、'<'、'>'、'|'、'*' 以及 '?'", "ArtifactNameRequired": "需要成品名稱。", "ArtifactTypeRequired": "需要成品類型。", "AssociateArtifact": "關聯成品", "AssociateArtifactCommandNotSupported": "在 {0} 中不支援正在產生關聯的伺服器成品。", "AssociateArtifactWithBuild": "與組建 {1} 產生關聯的成品 {0}", "AssociateFiles": "正在產生檔案的關聯", "AttachFileNotExist": "無法附加 (類型:{0} 名稱: {1}) 檔案: {2}。檔案不存在。", "AttachmentExceededMaximum": "因為附件的大小超過允許的大小上限 75 MB,所以將會跳過: {0}", "AttemptRemoveCredFromConfig": "嘗試使用 Git 命令列從 Git 設定移除 \"{0}\" 失敗。嘗試直接修改 Git 設定檔案以移除認證。", "AuthenticationType": "驗證類型", "AutoLogonAccountGmsaHint": "如果您嘗試使用 gMSA 帳戶,請將貨幣符號 ($) 放在帳戶名稱結尾)", "AutoLogonAccountNameDescription": "要用於自動登入的使用者帳戶", "AutoLogonOverwriteDeniedError": "無法設定自動登入,因為它已在機器上設定了不同的使用者 ({0})。如果您想要覆寫,請使用 '--overwriteautologon'。", "AutoLogonPolicies_LegalNotice": "法律聲明", "AutoLogonPolicies_ShutdownReason": "關機原因", "AutoLogonPoliciesInspection": "正在檢查可能造成自動登入無法正常運作的原則。", "AutoLogonPoliciesWarningsHeader": "下列原則可能會影響自動登入:", "BeginArtifactItemsIntegrityCheck": "正在啟動成品項目完整性檢查", "BlobStoreDownloadWarning": "成品下載到 Blobstore 失敗,回到 TFS。此後援將在未來的版本中移除。檢查您的防火牆規則是否允許存取 {0}。請確定您的代理程式防火牆已正確設定: {1}", "BlobStoreUploadWarning": "成品上傳到 Blobstore 失敗,回到 TFS。此後援將在未來的版本中移除。檢查您的防火牆規則是否允許存取 {0}。請確定您的代理程式防火牆已正確設定: {1}", "BuildDirLastUseTIme": "上次使用組建目錄 '{0}' 為: {1}", "BuildIdIsNotAvailable": "嘗試在 '{0}' 環境中下載管線成品,但組建識別碼不存在。若成品為組建,只可在 '{1}' 環境中下載管線成品。", "BuildIdIsNotValid": "組建識別碼無效: {0}", "BuildingFileTree": "正在建置檔案樹狀目錄", "BuildLogsMessage": "代理程式已停用上傳記錄。工作完成後,您可以在代理程式的 {0} 擷取此步驟的記錄。", "BuildNumberRequired": "需要組建編號。", "BuildsDoesNotExist": "目前提供的管線定義中不存在任何組建。", "BuildTagAddFailed": "未成功新增組建標籤 '{0}'。", "BuildTagRequired": "需要組建標籤。", "BuildTagsForBuild": "組建 '{0}' 現在有下列標籤: {1}", "CannotChangeParentTimelineRecord": "無法變更現有時程表記錄的父代時間軸記錄。", "CannotDownloadFromCurrentEnvironment": "無法從 {0} 環境下載管線成品。", "CannotFindHostName": "在伺服器 URL: '{0}' 中找不到 VSTS 組織名稱", "CanNotFindService": "找不到服務 {0}", "CanNotGrantPermission": "無法將 LogonAsService 權限授與使用者 {0}", "CanNotStartService": "無法啟動服務。如需詳細資料,請查看記錄。", "CanNotStopService": "無法及時停止服務 {0}。", "CannotUploadFile": "無法上傳檔案,因為未指定檔案位置。", "CannotUploadFromCurrentEnvironment": "無法從 {0} 環境上傳至管線成品。", "CannotUploadSummary": "無法上傳摘要檔案,未指定摘要檔案位置。", "CheckoutTaskDisplayNameFormat": "將 {0}@{1} 簽出至 {2}", "CleaningDestinationFolder": "正在清除目的地資料夾: {0}", "ClientId": "用戶端 (應用程式) 識別碼", "ClientSecret": "用戶端密碼", "ClockSkewStopRetry": "已在 {0} 秒後停止重試 OAuth 權杖要求例外狀況。", "CodeCoverageDataIsNull": "找不到涵蓋範圍資料。如需詳細資料,請檢查建置錯誤/警告。", "CodeCoveragePublishIsValidOnlyForBuild": "僅為 'build' 發佈程式碼涵蓋範圍工作。", "CollectionName": "集合名稱", "CommandDuplicateDetected": "已為區域 {1} 安裝了命令 {0}", "CommandKeywordDetected": "'{0}' 包含記錄命令關鍵字 '##vso',但其並非合法的命令。請參閱接受的命令清單: https://go.microsoft.com/fwlink/?LinkId=817296", "CommandLineHelp": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "命令:", " .{0}config.{1} 設定代理程式", " .{0}config.{1} 移除 取消設定代理程式", " .{0}run.{1} 以互動方式執行代理程式", " .{0}run.{1} --once 執行代理程式,在關機前最多接受一個工作", "", "選項:", " --version 列印代理程式版本", " --commit 列印代理程式認可", " --help 列印每個命令的說明" ], "CommandLineHelp_Common": [ "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "一般選項:", " --url 伺服器的 URL。例如: https://myaccount.visualstudio.com 或", " http://onprem:8080/tfs", " --auth 驗證類型。有效值為:", " pat (個人存取權杖)", " 交涉 (Kerberos 或 NTLM)", " alt (基本驗證)", " 整合式 (Windows 預設認證)", "sp (服務主體)", " --token 與 --auth pat. 搭配使用。個人存取權杖。", " --userName 與 --auth 協商或 --auth alt 搭配使用。指定 Windows 使用者", " 名稱的格式: domain\\userName 或 userName@domain.com", " --password 與 --auth 協商或 --auth alt 搭配使用。", " --unattended 自動設定。將不會提示您。所有答案都必須", " 提供給命令列。", " --version 列印代理程式版本", " --commit 列印代理程式認可", " --help 列印說明" ], "CommandLineHelp_Configure": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", ".{0}config.{1} [options]", "", "如需取消設定說明,請參閱 .{0}config.{1} remove --help", "", "{2}", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "設定選項:", " --pool 代理程式要加入的集區名稱", " --agent 代理程式名稱", " --replace 取代集區中的代理程式。如果另一個代理程式正由該代理程式接聽", " 名稱,它會因為衝突而開始失敗。", " --work 儲存工作資料的工作目錄。預設為 _work under the", " 代理程式目錄的根。工作目錄由以下指定項目所擁有:", " 代理程式,且不應在多個代理程式之間共用。", " --acceptTeeEula 僅限 macOS 和 Linux。接受 TEE 使用者授權合約。", " --gitUseSChannel 僅限 Windows。告知 Git 使用 Windows 的原生憑證存放區。", " --alwaysExtractTask 為每個管線步驟的工作執行解壓縮。", " --disableLogUploads 不要串流或傳送控制台記錄輸出到伺服器。相反地,您可以在工作完成後,從代理程式主機的文件系統擷取它們。注意: 無法與 --reStreamLogsToFiles 搭配使用,這樣會造成錯誤。", " --reStreamLogsToFiles Stream 或傳送控制台記錄輸出到伺服器,以及代理程式主機文件系統上的記錄檔。注意: 無法與 --disableLogUploads 搭配使用,這樣會造成錯誤。", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "啟動選項 (僅限 Windows):", " --runAsService 設定代理程式以 Windows 服務的身分執行。需要", " 系統管理員權限。", " --preventServiceStart 設定 Windows 服務不要在設定之後立即執行。", " --runAsAutoLogon 設定自動登入,並在啟動時執行代理程式。需要", " 系統管理員權限。", " --windowsLogonAccount 與 --runAsService 或 --runAsAutoLogon 搭配使用。指定 Windows 使用者", " 名稱的格式: domain\\userName 或 userName@domain.com", " --windowsLogonPassword 與 --runAsService 或 --runAsAutoLogon 搭配使用。Windows 登入密碼。", " --overwriteAutoLogon 與 --runAsAutoLogon 搭配使用。於下列位置覆寫任何現有的自動登入: ", " 機器。", " --noRestart 與 --runAsAutoLogon 搭配使用。設定後請勿重新啟動", " 完成。", "", "CLI-WIDTH-OPTIONS-(35-CHARS)-------CLI-WIDTH-DESCRIPTION-(70-CHARS)--------------------------------------", "部署群組選項:", " --deploymentGroup 將代理程式設定為部署群組代理程式。", " --projectName 與 --deploymentGroup 搭配使用。小組專案名稱。", " --addDeploymentGroupTags 與 --deploymentGroup 搭配使用。指定以新增部署群組標籤。", " --deploymentGroupName 與 --deploymentGroup 搭配使用。代理程式要加入的部署群組。", " --deploymentGroupTags 與 --addDeploymentGroupTags 搭配使用。為以下項目之以逗號分隔的標籤清單: ", " 部署群組代理程式。例如 \"web, db\"。", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "自動設定範例:", "", "VSTS 驗證", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --acceptTeeEula", "", "具有整合式驗證的內部部署 TFS (僅限 Windows)", ".\\config.cmd --unattended --url http://mylocaltfsserver:8080/tfs --auth integrated --pool default --agent myAgent", "", "具有交涉驗證的內部部署 TFS", ".{0}config.{1} --unattended --url http://mylocaltfsserver:8080/tfs --auth negotiate --userName myDomain\\myUserName --password myPassword --pool default --agent myAgent --acceptTeeEula", "", "以相同的代理程式名稱取代現有的代理程式", ".{0}config.{1} --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --replace --acceptTeeEula", "", "指定代理程式工作目錄 (Windows)", "\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work D:\\agent_work", "", "指定代理程式工作目錄 (macOS 和 Linux)", "./config.sh --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --work usr/local/agent_work", "", "以登入為 NetworkService (僅限 Windows) 的 Windows 服務身分執行", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService", "", "以登入為網域帳戶 (僅限 Windows) 的 Windows 服務身分執行", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "以登入為網域帳戶 (僅限 Windows) 的 Windows 服務身分執行,且不立即啟動服務", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsService --preventServiceStart --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword ", "", "以自動登入代理程式身分執行 (僅限 Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword", "", "以自動登入代理程式身分執行,且設定後請勿重新啟動 (僅限 Windows)", ".\\config.cmd --unattended --url https://myaccount.visualstudio.com --auth pat --token myToken --pool default --agent myAgent --runAsAutoLogon --windowsLogonAccount myDomain\\myUserName --windowsLogonPassword myPassword --noRestart", "", "以登入為本機系統 (僅限 Windows) 之 Windows 服務身分的部署群組代理程式執行", ".\\config.cmd --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\"", "", "具有標籤的部署群組代理程式", ".{0}config.{1} --unattended --deploymentGroup --url https://myaccount.visualstudio.com --auth pat --token myToken --projectName myProject --deploymentGroupName myDeploymentGroup --agent myAgent --addDeploymentGroupTags --deploymentGroupTags \"web, db\" --runAsService --windowsLogonAccount \"NT AUTHORITY\\SYSTEM\" --acceptTeeEula" ], "CommandLineHelp_Env": [ "CLI-WIDTH-TOTAL-(105-CHARS)------------------------------------------------------------------------------", "環境變數:", "可將任何命令列引數指定為環境變數。使用格式", "VSTS_AGENT_INPUT_. For example: VSTS_AGENT_INPUT_PASSWORD" ], "CommandLineHelp_Remove": [ ".{0}config.{1} remove [options]", "", "{2}", "", "{3}", "", "CLI-WIDTH-UNLIMITED-FOR-EXAMPLES-----", "自動移除範例:", "", "VSTS", ".{0}config.{1} remove --unattended --auth pat --token myToken", "", "具有整合式驗證的內部部署 TFS (僅限 Windows)", ".{0}config.{1} remove --unattended --auth integrated", "", "具有整合式驗證的內部部署 TFS", ".{0}config.{1} remove --unattended --auth negotiate --username myDomain\\myUserName --password myPasswor" ], "CommandNotAllowed": "因為受限於原則限制,所以此步驟中不允許##vso[{0}.{1}]。請參閱文件 (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound": "找不到 ##vso[{0}.command] 的命令延伸模組。請參閱文件 (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandNotFound2": "{2} 命令延伸模組無法辨識 ##vso[{0}.{1}]。請參閱文件(http://go.microsoft.com/fwlink/?LinkId=817296)。", "CommandNotSupported": "{1} 流程不支援 {0} 命令。請參考文件 (http://go.microsoft.com/fwlink/?LinkId=817296)", "CommandProcessFailed": "無法成功處理命令 '{0}'。請參考文件 (http://go.microsoft.com/fwlink/?LinkId=817296)", "ConnectingToServer": "正在連線到伺服器 ...", "ConnectSectionHeader": "連線", "ConnectToServer": "正在連線至伺服器。", "ContainerWindowsVersionRequirement": "容器功能需要 Windows Server 1803 或更高版本。請參閱文件 (https://go.microsoft.com/fwlink/?linkid=875268)", "CopyFileComplete": "已成功將成品發佈至 {0}", "CopyFileToDestination": "將檔案 '{0}' 複製到 '{1}'", "CorruptedArtifactItemsList": "下列項目未通過完整性檢查:", "CouldNotRemoveService": "無法刪除伺服器 '{0}'", "CreateUserWithSameUIDInsideContainer": "嘗試在容器內建立 UID 為 '{0}' 的使用者。", "CurrentUTC": "目前的 UTC: {0}", "CustomLogDoesNotExist": "未提供記錄檔路徑或檔案不存在: '{0}'", "CustomMarkDownSummaryDoesNotExist": "未提供 Markdown 摘要檔案路徑或檔案不存在: '{0}'", "DeleteGCTrackingFile": "刪除 GC 追蹤檔案後刪除 '{0}'", "DeleteUnusedBuildDir": "刪除未使用的組建目錄", "DeleteUnusedReleaseDir": "刪除未使用的版本目錄", "Deleting": "正在刪除: {0}", "DeletingCredentials": "正在移除 .credentials", "DeletingSettings": "正在移除 .agent", "DeploymentGroupName": "部署群組名稱", "DeploymentGroupNotFound": "找不到部署群組: '{0}'", "DeploymentGroupTags": "逗點分隔標籤清單 (例如 web, db)", "DeploymentGroupTagsAddedMsg": "已成功新增標籤", "DeploymentMachineWithSameNameAlreadyExistInDeploymentGroup": "DeploymentGroup {0} 已包含名稱為 {1} 的機器。", "DeploymentPoolName": "部署集區名稱", "DeploymentPoolNotFound": "找不到部署集區: '{0}'", "DeprecatedNode6": "此工作使用 Node 6 執行處理常式,其將於 2022 年 3 月 31 日移除。如果您是工作的開發人員,請參考 Node 10 處理常式的移轉指南,https://aka.ms/migrateTaskNode10 (英文) (如果您想要停用 Node 6 淘汰警告,請同時查看此頁面)。如果您是使用者,請隨時與此工作的擁有者連絡, 以繼續進行移轉。", "DeprecatedNodeRunner": "工作 '{0}' 版本 {1} ({2}@{1}) 依存於生命週期結束的 Node 版本 ({3})。請連絡延伸模組擁有者以取得更新的工作版本。工作維護者應檢閱 Node 升級指導: https://aka.ms/node-runner-guidance", "DeprecatedRunner": "工作 '{0}' 相依於生命週期結束且未來將移除的工作執行器。作者應檢閱節點升級指引: https://aka.ms/node-runner-guidance。", "DeprecationMessage": "工作 '{0}' 版本 {1} ({2}@{1}) 已遭取代。", "DeprecationMessageHelpUrl": "如需此工作的詳細資訊,請參閱 {0}。", "DeprecationMessageRemovalDate": "將移除此工作。從 {0} 開始,可能無法再使用。", "DirectoryHierarchyUnauthorized": "需要使用權限以讀取 '{0}' 的目錄內容,以及階層的每個目錄。{1}", "DirectoryIsEmptyForArtifact": "目錄 '{0}' 是空的。將不會新增任何內容到組建成品 '{1}'。", "DirectoryNotFound": "找不到目錄: '{0}'", "DirExpireLimit": "目錄到期限制: {0} 天。", "DiscoverBuildDir": "探索超過 {0} 天未曾使用的過時組建目錄。", "DiscoverReleaseDir": "探索超過 {0} 天未曾使用的過時版本目錄。", "DockerCommandFinalExitCode": "{0} 的最終結束代碼: {1}", "DownloadAgent": "正在下載 {0} 代理程式", "DownloadArtifactFinished": "成品已下載完成。", "DownloadArtifacts": "下載成品", "DownloadArtifactsFailed": "下載成品失敗: {0}", "DownloadArtifactTo": "將成品下載至: {0}", "DownloadArtifactWarning": "請使用 [下載組建成品工作] 來下載 {0} 類型的成品。https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/download-build-artifacts?view=azure-devops", "DownloadingFromBuild": "從指定的組建下載: #{0}", "DownloadingJenkinsCommitsBetween": "正在將作業 {0} 之間的認可下載到 {1}", "DownloadingJenkinsCommitsFailedWithException": "下載 Jenkins 成品 {0} 的認可失敗。例外狀況: {1}", "DownloadingMultiplePipelineArtifacts": "正在下載 {0} 管線成品...", "DownloadingTask0": "正在下載工作: {0} ({1})", "EnableServiceSidTypeUnrestricted": "啟用代理程式服務的SERVICE_SID_TYPE_UNRESTRICTED (是/否)", "EnsureJobFinished": "正在等候目前的工作完成執行。", "EnsureTasksExist": "下載所有必要的工作。", "EnterValidValueFor0": "請輸入 {0} 的有效值。", "EnvironmentName": "環境名稱", "EnvironmentNotFound": "找不到環境: '{0}'", "EnvironmentVariableExceedsMaximumLength": "環境變數 '{0}' 超過支援的長度上限。環境變數長度: {1},支援的長度上限: {2}", "EnvironmentVMResourceTags": "逗點分隔標籤清單 (例如 web, db)", "ErrorDuringBuildGC": "無法根據 '{0}' 探索記憶體回收。請下次再試。", "ErrorDuringBuildGCDelete": "無法根據 '{0}' 完成記憶體回收。請下次再試。", "ErrorDuringReleaseGC": "無法根據 '{0}' 探索記憶體回收。請下次再試。", "ErrorDuringReleaseGCDelete": "無法根據 '{0}' 完成記憶體回收。請下次再試。", "ErrorOccurred": "發生錯誤: {0}", "ErrorOccurredWhilePublishingCCFiles": "發佈程式碼涵蓋範圍檔案時發生錯誤。錯誤: {0}", "EulasSectionHeader": "終端使用者授權合約", "EvaluateReleaseTrackingFile": "評估 ReleaseDirectory 追蹤檔案: {0}", "EvaluateTrackingFile": "評估 BuildDirectory 追蹤檔案: {0}", "Exiting": "正在結束...", "ExpectedMappingCloak": "必須是對應[{0}] 隱匿: '{1}'。實際是: '{2}'", "ExpectedMappingLocalPath": "必須是對應[{0}] 本機路徑: '{1}'。實際是: '{2}'", "ExpectedMappingRecursive": "必須是對應[{0}] 遞迴: '{1}'。實際是: '{2}'", "ExpectedMappingServerPath": "必須是對應[{0}] 伺服器路徑: '{1}'。實際是: '{2}'", "Failed": "失敗: ", "FailedDeletingTempDirectory0Message1": "無法刪除暫存目錄 '{0}'。{1}", "FailedTestsInResults": "在測試檔案中偵測到一或多個測試失敗。您可於 [測試] 索引標籤檢視已發佈測試結果的詳細摘要。", "FailedToAddTags": "無法將標籤套用至代理程式。請再試一次,或按 Ctrl-C 結束。或者,您可以移至部署群組網頁以新增標籤", "FailedToConnect": "無法連線。請再試一次,或按 Ctrl-C 結束", "FailedToDeleteTempScript": "無法刪除暫存的內嵌指令檔 '{0}'。 {1}", "FailedToFindDeploymentGroup": "找不到部署群組。請再試一次,或按 Ctrl-C 結束", "FailedToFindEnvironment": "找不到環境。請再試一次,或按 Ctrl-C 結束", "FailedToFindPool": "找不到集區名稱。請再試一次,或按 Ctrl-C 結束", "FailedToLockServiceDB": "無法鎖定服務資料庫進行寫入", "FailedToOpenSCM": "無法開啟服務控制管理員", "FailedToOpenSCManager": "無法開啟服務控制管理員", "FailedToPublishTestResults": "無法發佈測試結果: {0}", "FailedToReadFile": "無法讀取 {0}。錯誤: {1}。", "FailedToReplaceAgent": "無法取代代理程式。請再試一次,或按 Ctrl-C 結束", "FailToRemoveGitConfig": "無法從 Git 設定移除 \"{0}\"。若要移除認證,請從儲存機制根路徑 \"{1}\" 執行 「git config --unset-all {0}」。", "FailToReplaceTokenPlaceholderInGitConfig": "無法取代 Git 設定檔中 \"{0}\" 的預留位置。", "FileAssociateProgress": "檔案總數: {0} ----關聯的檔案: {1} ({2}%)", "FileContainerUploadFailed": "無法將檔案複製到伺服器 StatusCode={0}: {1}。來源檔案路徑: {2}。目標伺服器路徑: {3}", "FileContainerUploadFailedBlob": "無法將檔案上傳到 Blob。來源檔案路徑: {0}。目標伺服器路徑: {1}", "FileDoesNotExist": "檔案 '{0}' 不存在或無法存取。", "FileNotFound": "找不到檔案: '{0}'", "FilePathNotFound": "找不到 '{0}' 的檔案路徑。", "FileShareOperatingSystemNotSupported": "不支援將成品從 Linux 或 macOS 代理程式發佈到檔案共用。請將成品類型變更為 `Azure Pipelines` 或使用 Windows 代理程式。", "FileUploadCancelled": "上傳檔案期間已取消檔案上傳: '{0}'。", "FileUploadDetailTrace": "無法上傳檔案的詳細上傳追蹤: {0}", "FileUploadFailed": "因為 '{1}',無法上傳 '{0}'。", "FileUploadFailedAfterRetry": "檔案上傳失敗,重試後仍失敗。", "FileUploadFailedRetryLater": "{0} 個檔案無法上傳,請在一分鐘後重試這些檔案。", "FileUploadFileOpenFailed": "上傳檔案 '{1}' 時發生檔案錯誤 '{0}'。", "FileUploadFinish": "檔案: '{0}' 花費了 {1} 毫秒完成上傳", "FileUploadProgress": "檔案總計: {0} ---- 已處理的檔案: {1} ({2}%)", "FileUploadProgressDetail": "正在上傳 '{0}' ({1}%)。", "FileUploadRetry": "開始重試 {0} 檔案上傳失敗。", "FileUploadRetryInSecond": "請在 {0} 秒後重試檔案上傳。", "FileUploadRetrySucceed": "再重試之後,檔案上傳成功。", "FileUploadSucceed": "檔案上傳成功。", "FinalizeJob": "完成工作", "FinishMaintenance": "維修已完成: {0}", "FoundErrorInTrace": [ "診斷記錄中回報了 {0}。如需詳細資料,請查看記錄檔。", " - {1}" ], "GCBuildDir": "刪除孤列和過時的組建目錄。", "GCBuildDirNotEnabled": "未啟用 [刪除孤立及過時的組建目錄] 選項。", "GCDirIsEmpty": "沒有組建目錄需要 GC。'{0}' 沒有任何追蹤檔案。", "GCDirNotExist": "沒有組建目錄需要 GC。'{0}' 不存在。", "GCOldFormatTrackingFile": "將追蹤檔案 '{0}' 標示為 GC,因為它從未使用過。", "GCReleaseDir": "刪除孤立及過時的版本目錄。", "GCReleaseDirIsEmpty": "沒有版本目錄需要 GC。'{0}' 沒有任何追蹤檔案。", "GCReleaseDirNotEnabled": "未啟用 [刪除孤立及過時的版本目錄] 選項。", "GCReleaseDirNotExist": "沒有版本目錄需要 GC。'{0}' 不存在。", "GCUnusedTrackingFile": "將追蹤檔案 '{0}' 標示為 GC,因為它已有 {1} 天未使用過。", "GenerateAndRunUpdateScript": "產生並執行更新指令碼。", "GrantContainerUserSUDOPrivilege": "將 SUDO 權限授予使用者 '{0}',並允許其執行任何命令而不需經過驗證。", "GrantingFilePermissions": "正在將檔案權限授與給 '{0}'。", "GroupDoesNotExists": "群組: {0} 不存在", "ImageVersionLog": "目前的映像版本: '{0}'", "InitializeContainer": "初始化容器", "InitializeJob": "初始化工作", "IntegrityCheckNotPassed": "成品項目完整性檢查失敗", "IntegrityCheckPassed": "成品項目完整性檢查已成功完成", "InvalidAutoLogonCredential": "為 AutoLogon 輸入的 Windows 認證無效。請確定提供的認證有效,且具有電腦的互動式登入權限。請再試一次,或按 Ctrl-C 結束", "InvalidCommandArg": "命令引數 '{0}' 包含下列一或多個無效的字元: \", \\r, \\n", "InvalidCommandResult": "命令沒有有效的結果值。", "InvalidCompletedDate": "因為從測試結果檔案取得的最晚完成日期 {0} 大於最早開始日期 {1},所以在計算時間時,將會計入每個測試回合的持續時間", "InvalidConfigFor0TerminatingUnattended": "為 {0} 提供的設定無效。正在終止自動設定。", "InvalidDateFormat": "因為從結果檔案 {0} 取得的日期格式無效 (開始日期: {1},完成日期: {2}),所以在計算時間時,將會計入每個測試回合的持續時間。", "InvalidEndpointField": "端點欄位無效。有效值為 url、dataParameter 和 authParameter", "InvalidEndpointId": "端點識別碼無效。", "InvalidEndpointUrl": "端點 URL 無效。", "InvalidFileFormat": "檔案格式無效。", "InvalidGroupName": "無效的群組名稱 - {0}", "InvalidMember": "無法將新成員新增至本機群組,因為成員的帳戶類型錯誤。如果您是在網域控制站上設定,則無法將內建電腦帳戶新增至本機群組。您必須改用網域使用者帳戶", "InvalidResultFiles": "無效的結果檔案。請確定檔案 '{0}' 的結果格式與測試結果格式 '{1}' 相符。", "InvalidSIDForUser": "設定/取消設定自動登入時,使用者 {0}\\{1} 的安全識別碼無效。如需詳細資料,請參閱記錄。", "InvalidValueInXml": "無法從摘要檔案 '{1}' 擷取 '{0}' 的值。請確認摘要檔案的語式正確,然後再試一次。", "InvalidWindowsCredential": "輸入的 Windows 認證無效。請再試一次,或按 Ctrl-C 結束", "JenkinsBuildDoesNotExistsForCommits": "找不到 Jenkins 組建 {0} 和 {1} 的組建索引。找到的索引為 {2} 和 {3}。這可能是組建不存在", "JenkinsCommitsInvalidEndJobId": "與 Jenkins 成品 {1} 相關聯的 EndJobId {0} 無效。系統將不會下載認可。", "JenkinsDownloadingChangeFromCurrentBuild": "找不到 endJobId,將會擷取目前組建的變更集", "JenkinsNoCommitsToFetch": "正在部署相同的組建。沒有要擷取的內容", "JenkinsRollbackDeployment": "正在將工作{0} 之間的復原部署認可下載到 {1}", "JobCompleted": "{0:u}: 工作 {1} 已完成,結果為: {2}", "LaunchBrowser": "啟動 AAD 裝置程式碼流程的瀏覽器嗎? (是/否)", "ListenForJobs": "{0:u}: 正在聆聽工作", "LocalClockSkewed": "本機電腦的時鐘可能與伺服器時間不同步 (可能超過五分鐘)。請將您的時鐘與網域或網際網路時間同步,然後再試一次。", "LocalSystemAccountNotFound": "找不到本機系統帳戶", "LogOutputMessage": "代理程式已啟用上傳記錄以及將記錄儲存至檔案。工作完成後,您可以在代理程式的 {0} 擷取此步驟的記錄。", "Maintenance": "維修", "MaxHierarchyLevelReached": "階層層級大於支援的限制 {0},因此會截斷較低的階層。", "MaxSubResultLimitReached": "測試案例中的子結果數目 '{0}' 超過支援的限制 {1},正在截斷其餘的子結果。", "MemberDoesNotExists": "成員: {0} 不存在。", "MinimumNetFramework": "需要 .NET Framework x64 4.5 或更新版本。", "MinimumNetFramework46": "需要 .NET Framework x64 4.6 或更新版本。", "MinimumNetFrameworkTfvc": [ "未安裝 .NET Framework x64 4.6 或更新版本。", "", "同步處理 TFVC 存放庫需要 .NET Framework x64 4.6 或更新版本。無需同步處理 Git 存放庫。" ], "MinRequiredDockerClientVersion": "至少需要 Docker 引擎 API 用戶端版本 '{0}',但您的 Docker ('{1}') 用戶端版本為 '{2}'", "MinRequiredDockerServerVersion": "至少需要 Docker 引擎 API 伺服器版本 '{0}',但您的 Docker ('{1}') 用戶端版本為 '{2}'", "MinRequiredGitLfsVersion": "至少需要 Git LFS 版本 '{0}',但您的 Git LFS ('{1}') 版本為 '{2}'", "MinRequiredGitVersion": "至少需要 Git 版本 '{0}',但您的 Git ('{1}') 版本為 '{2}'", "MinSecretsLengtLimitWarning": "祕密的長度下限值太高。設定的最大值: {0}", "MissingAgent": "代理程式已不存在於伺服器上。請重新設定代理程式。", "MissingAttachmentFile": "無法上傳工作附件檔案,附件檔案位置未指定,或是附件檔案不存在於磁碟上。", "MissingAttachmentName": "無法新增工作附件,因為未提供附件名稱。", "MissingAttachmentType": "無法新增工作附件,因為未提供附件類型。", "MissingConfig": "無法連線到伺服器,因為設定檔遺失。正在略過從伺服器移除代理程式。", "MissingEndpointField": "##vso[task.setendpoint] 命令中缺少必要欄位 'field'。", "MissingEndpointId": "##vso[task.setendpoint] 命令中缺少必要欄位 'id'。", "MissingEndpointKey": "##vso[task.setendpoint] 命令中缺少必要欄位 'key'。", "MissingNodePath": "此步驟需要不存在於代理程式檔案系統中的節點版本。路徑: {0}", "MissingRepositoryAlias": "無法更新存放庫,因為未提供存放庫別名。", "MissingRepositoryPath": "無法更新存放庫,因為未提供存放庫路徑。", "MissingTaskVariableName": "##vso[task.settaskvariable] 命令中遺漏必要欄位 'variable'。", "MissingTimelineRecordId": "無法更新時間軸記錄,因為未提供時間軸記錄識別碼。", "MissingVariableName": "##vso[task.setvariable] 命令中遺漏必要欄位 'variable'。", "ModifyingCoberturaIndexFile": "正在修改 Cobertura 索引檔案", "MultilineSecret": "祕密不得包含多個行", "N": "N", "NameRequiredForTimelineRecord": "這個新的時間軸記錄需要名稱。", "NeedAdminForAutologonCapability": "需要系統管理員權限,才能設定具有自動登入的代理程式。", "NeedAdminForAutologonRemoval": "需要系統管理員權限,才能取消使用自動登出功能執行之代理程式。", "NeedAdminForConfigAgentWinService": "需要系統管理員權限,才能將代理程式設定為 Windows 服務。", "NeedAdminForUnconfigWinServiceAgent": "需要系統管理員權限,才能取消以 Windows 服務執行之代理程式。", "NetworkServiceNotFound": "找不到網路服務帳戶", "NoArtifactsFound": "版本 '{0}' 中沒有可用的成品。", "NoFolderToClean": "找不到指定的清除資料夾。沒有可清除的項目", "NoRestart": "要稍後重新啟動電腦嗎? (是/否)", "NoRestartSuggestion": "自動登入已在代理程式組態期間啟用。建議您重新啟動電腦,自動登入設定才會生效。", "NoResultFound": "找不到任何發佈 '{0}' 的結果。", "OnPremIsNotSupported": "內部部署不支援管線成品工作。請改用組建成品工作。", "OperatingSystemShutdown": "電腦 '{0}' 的作業系統正在關閉", "OperationFailed": "錯誤: 作業 {0} 失敗,傳回碼為 {1}", "OutputVariablePublishFailed": "無法發佈輸出變數。", "OverwriteAutoLogon": "因為使用者 '{0}' 已啟用自動登入,所以想要覆寫現有的自動登入設定嗎? (是/否)", "ParentProcessFinderError": "檢查代理程式是否正在 PowerShell Core 中執行時發生錯誤。", "ParentTimelineNotCreated": "尚未建立此新時間軸記錄的父時間軸記錄。", "Password": "密碼", "PathDoesNotExist": "路徑不存在: {0}", "PersonalAccessToken": "個人存取權杖", "PipelineDoesNotExist": "下列管線不存在: {0}。請確認管線的名稱。", "PoolNotFound": "找不到代理程式集區: '{0}'", "PostJob": "工作後: {0}", "PowerOptionsConfigError": "設定電源選項時發生錯誤。如需詳細資料,請參閱記錄。", "PowerShellNotInstalledMinVersion0": "未安裝 PowerShell。所需的最低版本: {0}", "PreJob": "工作前: {0}", "PrepareBuildDir": "準備組建目錄。", "PrepareReleasesDir": "準備發行目錄。", "PrepareTaskExecutionHandler": "正在準備工作執行處理常式。", "Prepending0WithDirectoryContaining1": "正使用包含 '{1}' 的目錄前置 {0} 環境變數。", "PrerequisitesSectionHeader": "必要元件", "PreventServiceStartDescription": "是否要防止服務在設定完成後立即啟動? (Y/N)", "ProcessCompletedWithCode0Errors1": "已完成流程,結束代碼 {0},寫入錯誤資料流時發生 {1} 個錯誤。", "ProcessCompletedWithExitCode0": "流程已完成,結束代碼為 {0}。", "ProcessExitCode": "從流程傳回的結束代碼 {0}: 檔案名稱 '{1}'、引數 '{2}'。", "ProcessHandlerInvalidScriptArgs": "偵測到引數中可能無法由殼層正確執行的字元。如需詳細資訊,請參閱: https://aka.ms/ado/75787", "ProfileLoadFailure": "無法載入使用者的使用者設定檔 {0}\\{1} 無法使用自動登入設定。", "ProjectName": "專案名稱", "Prompt0": "請輸入 {0}", "Prompt0Default1": "輸入 {0} (按 Enter 以取得 {1})", "PSModulePathLocations": "環境變數 PSModulePath 包含 PowerShell Core 特定的模組位置。請注意,如果您要在管線中使用 Windows PowerShell 工作,可能會遇到錯誤。若要解決此問題,請勿在 PowerShell Core (pwsh) 下啟動代理程式。", "PSScriptError": "PowerShell 指令碼已完成,但發生 {0} 錯誤。", "PublishCodeCoverage": "發佈程式碼涵蓋範圍", "PublishedCodeCoverageArtifact": "已發佈 '{0}' 做為成品 '{1}'", "PublishingArtifactUsingRobocopy": "正在使用 Robocopy 上傳成品。", "PublishingCodeCoverage": "正在將涵蓋範圍摘要資料發佈至 TFS 伺服器。", "PublishingCodeCoverageFiles": "正在將程式碼涵蓋範圍檔案發佈至 TFS 伺服器。", "PublishingTestResults": "正在將測試結果發佈到測試回合 '{0}'", "PublishTestResults": "發佈測試結果", "QueryingWorkspaceInfo": "正在查詢工作區資訊。", "QueueConError": "{0:u}: 代理程式連線錯誤: {1}。正在重試,直到重新連線為止。", "QueueConnected": "{0:u}: 代理程式已重新連線。", "QuietCheckoutModeRequested": "無訊息簽出模式: 列印到主控台的內容較少。", "ReadingCodeCoverageSummary": "正在從 '{0}' 讀取程式碼涵蓋範圍摘要", "ReadOnlyTaskVariable": "不允許覆寫唯讀工作變數 '{0}'。如需詳細資料,請參閱 https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md。", "ReadOnlyTaskVariableWarning": "正在覆寫唯讀工作變數 '{0}'。未來將會停用此行為。如需詳細資料,請參閱 https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md。", "ReadOnlyVariable": "不允許覆寫唯讀變數 '{0}'。如需詳細資料,請參閱 https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md。", "ReadOnlyVariableWarning": "正在覆寫唯讀變數 '{0}'。未來將會停用此行為。如需詳細資料,請參閱 https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/readonly-variables.md。", "RegisterAgentSectionHeader": "註冊代理程式", "ReleaseDirLastUseTime": "上次使用版本目錄 '{0}' 的時間為: {1}", "RenameIndexFileCoberturaFailed": "發佈 '{2}' 的程式碼涵蓋範圍檔案時,無法將 '{0}' 重新命名為 '{1}'。內部例外狀況: '{3}'", "Replace": "取代嗎? (是/否)", "RepositoryNotExist": "無法更新存放庫,該存放庫不存在。", "ResourceMonitorAgentEnvironmentResource": "代理程式環境資源 - {0}、{1}、{2}", "ResourceMonitorCPUInfo": "CPU: 使用量 {0}%", "ResourceMonitorCPUInfoError": "無法取得 CPU 資訊,例外狀況: {0}", "ResourceMonitorDiskInfo": "磁碟: {0} 可用空間 {1}/{2} MB", "ResourceMonitorDiskInfoError": "無法取得磁碟資訊,例外狀況: {0}", "ResourceMonitorFreeDiskSpaceIsLowerThanThreshold": "{0} 上的可用磁碟空間低於 {1}%; 目前已使用: {2}%", "ResourceMonitorMemoryInfo": "記憶體:已使用 {0}/{1} MB", "ResourceMonitorMemoryInfoError": "無法取得記憶體資訊,例外狀況: {0}", "ResourceMonitorMemorySpaceIsLowerThanThreshold": "可用記憶體低於 {0}%;目前使用: {1}%", "ResourceUtilizationDebugOutputIsDisabled": "已停用針對偵錯執行的資源使用量輸出,如果您想要啟用 \"AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT\",將 \"AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT\" 變數切換為 \"true\"", "ResourceUtilizationWarningsIsDisabled": "資源使用量警告已停用,如果您想要啟用它,請將 \"DISABLE_RESOURCE_UTILIZATION_WARNINGS\" 變數切換為 \"false\"", "RestartIn15SecMessage": "在 15 秒後重新開機電腦...", "RestartMessage": "重新啟動電腦以啟動代理程式,並讓自動登入設定生效。", "ReStreamLogsToFilesError": "您不能同時使用 --disableloguploads 和 --reStreamLogsToFiles!", "RetryCountLimitExceeded": "允許的嘗試次數上限為 {0} 但結果為 {1}。請重試將嘗試次數將減少為 {0}。", "RetryingReplaceAgent": "重試取代代理程式 (嘗試 {0} / {1})。在下次嘗試前等待 {2} 秒...", "RMApiFailure": "Api {0} 失敗,錯誤碼 {1}", "RMArtifactContainerDetailsInvalidError": "成品沒有有效的容器詳細資料: {0}", "RMArtifactContainerDetailsNotFoundError": "成品未包含容器詳細資料: {0}", "RMArtifactDetailsIncomplete": "找不到下載成品所需的資訊", "RMArtifactDirectoryNotFoundError": "成品目錄不存在: {0}。若帳戶 {1} 的密碼最近已變更,且未針對代理程式更新,就可能發生此情況。如果是這種情況,請考慮重新設定代理程式。", "RMArtifactDownloadBegin": "正在下載類型為 {1} 的連結成品 {0}...", "RMArtifactDownloadFinished": "已下載連結成品 {0}", "RMArtifactDownloadRequestCreationFailed": "無法建立從 URL 下載成品的要求: {0}", "RMArtifactEmpty": "成品未包含任何要下載的檔案。", "RMArtifactMatchNotFound": "組建成品 '{0}' 不符合任何命名模式,正在略過下載", "RMArtifactNameDirectoryNotFound": "目錄 '{0}' 不存在。正在回復到父代目錄: {1}", "RMArtifactsDownloadFinished": "完成的成品下載", "RMArtifactTypeFileShare": "成品類型: FileShare", "RMArtifactTypeNotSupported": "發行管理不支援下載目前版本中的成品類型 {0}", "RMArtifactTypeServerDrop": "成品類型: ServerDrop", "RMArtifactVersionNotBelongToArtifactSource": "識別碼為 {0} 的成品版本不屬於識別碼為 {1} 的連結成品來源。", "RMBuildNotFromLinkedDefinition": "組建 {0} 不屬於所連結的組建定義 {1}", "RMCachingAllItems": "正在快取檔案容器中的所有項目...", "RMCachingComplete": "快取完成。({0} 毫秒)", "RMCachingContainerItems": "正在快取檔案容器中 '{0}' 下的項目...", "RMContainerItemNotSupported": "不支援容器項目類型 '{0}'。", "RMContainerItemPathDoesnotExist": "檔案容器項目路徑的開頭不是 {0}: {1}", "RMContainerItemRequestTimedOut": "要求在 {0} 秒後逾時;睡眠 {1} 秒鐘,然後再試一次。要求: {2} {3}", "RMCreatedArtifactsDirectory": "已建立的成品目錄: {0}", "RMCreatingArtifactsDirectory": "正在建立成品目錄: {0}", "RMCustomEndpointNotFound": "在作業中找不到下載自訂成品所需的資訊: {0}", "RMDownloadArtifactUnexpectedError": "下載成品時發生未預期的錯誤", "RMDownloadBufferSize": "下載緩衝區大小: {0}", "RMDownloadComplete": "下載完成。", "RMDownloadingArtifact": "正在下載成品", "RMDownloadingArtifactFromFileContainer": "正在從檔案容器下載成品: {0} 到目標: {1}", "RMDownloadingArtifactFromFileShare": "正在從檔案共用下載成品: {0} 到目標: {1}", "RMDownloadingArtifactUsingRobocopy": "正在使用 Robocopy 下載成品。", "RMDownloadingCommits": "正在下載認可", "RMDownloadingJenkinsArtifacts": "正在從 Jenkins 伺服器下載成品", "RMDownloadProgress": "{0} 個放置檔案: 已下載 {1} 個,{2} 個空白", "RMDownloadProgressDetails": "以每秒 {0} KB下載 {1} MB。下載時間: {2}。", "RMDownloadStartDownloadOfFile": "正在下載檔案 '{0}'", "RMDownloadTaskCompletedStatus": "在 {0} 分鐘內未完成任何下載工作。剩餘任務狀態:", "RMDownloadTaskStates": " {0}: \t{1} 個工作", "RMEnsureArtifactFolderExistsAndIsClean": "確定成品資料夾 {0} 存在且乾淨。", "RMEnvironmentVariablesAvailable": "可用的環境變數如下。 請注意,這些環境變數可以在工作中參考 (在 ReleaseDefinition 中),方法是以「.」取代「_」,例如,您可以使用 ReleaseDefinition 中的 Agent.Name 參考 AGENT_NAME 環境變數: {0}", "RMErrorDownloadingContainerItem": "下載時發生錯誤 {0}: {1}", "RMErrorDuringArtifactDownload": "下載期間發生錯誤: {0}", "RMFailedCreatingArtifactDirectory": "無法建立發行成品目錄 '{0}'。", "RMFileShareArtifactErrorOnNonWindowsAgent": "無法使用 OSX 或 Linux 代理程式從檔案共用下載成品。您可以從伺服器下載成品或使用 Windows 代理程式。", "RMGitEndpointNotFound": "在作業中找不到必要的資訊,無法下載 Team Foundation Git 成品。", "RMGitHubEndpointNotFound": "在作業中找不到下載 GitHub 成品所需的資訊: {0}", "RMGotJenkinsArtifactDetails": "已接收 Jenkins 成品詳細資料", "RMJenkinsBuildId": "BuildId: {0}", "RMJenkinsEndpointNotFound": "在作業中找不到下載 Jenkins 成品所需的資訊: {0}", "RMJenkinsInvalidBuild": "Jenkins 組建 {0} 無效。", "RMJenkinsJobName": "作業名稱: {0}", "RMJenkinsNoArtifactsFound": "Jenkins 組建 {0} 中沒有可用的成品。", "RMLowAvailableDiskSpace": "{0} 磁碟機上的磁碟空間不足,可用空間小於 100 MB。", "RMNoBuildArtifactsFound": "組建 {0} 中沒有可用的成品。", "RMParallelDownloadLimit": "平行下載限制: {0}", "RMPrepareToGetFromJenkinsServer": "正在準備從 Jenkins 伺服器取得成品資訊", "RMPreparingToDownload": "正在準備下載成品: {0}", "RMPreparingToGetBuildArtifactList": "正在準備從組建取得可用成品清單。", "RMReAttemptingDownloadOfContainerItem": "正在重新嘗試下載 {0}。錯誤: {1}", "RMReceivedGithubArtifactDetails": "已收到 GitHub 成品詳細資料", "RMReleaseNameRequired": "版本名稱為必要。", "RMRemainingDownloads": "剩下 {0} 個下載。", "RMRetryingArtifactDownload": "正在重試下載...", "RMRetryingCreatingArtifactsDirectory": "無法建立發行成品目錄 {0},發生例外狀況 {1}。正在重試建立發行成品目錄。", "RMRobocopyBasedArtifactDownloadExitCode": "Robocopy 結束代碼: {0}", "RMRobocopyBasedArtifactDownloadFailed": "以 Robocopy 方式下載失敗,結束代碼為: {0}", "RMStartArtifactsDownload": "正在開始成品下載...", "RMStreamTypeNotSupported": "發行管理不支援下載目前版本中的資料流類型 {0}", "RMTfsVCEndpointNotFound": "在作業中找不到必要的資訊,無法下載 Team Foundation 版本控制成品。", "RMUpdateReleaseName": "更新版本名稱。", "RMUpdateReleaseNameForRelease": "將版本 {1} 的版本名稱更新為 {0}。", "RMUpdateReleaseNameForReleaseComment": "正在使用工作記錄命令將版本名稱更新為 {0}", "RMUserChoseToSkipArtifactDownload": "正在根據指定的設定略過成品下載。", "RobocopyBasedPublishArtifactTaskExitCode": "Robocopy 結束代碼: {0}", "RobocopyBasedPublishArtifactTaskFailed": "以 Robocopy 方式發佈失敗,結束代碼為: {0}", "Rosetta2Warning": "已知 X64 模擬會導致代理程式停止回應。請使用原生 (ARM) 代理程式。", "RSAKeyFileNotFound": "找不到 RSA 金鑰檔案 {0}。", "RunAgentAsServiceDescription": "將代理程式作為服務執行? (是/否)", "RunAsAutoLogonDescription": "設定自動登入並在啟動時執行代理程式? (是/否)", "RunIDNotValid": "執行識別碼無效: {0}", "RunningJob": "{0:u}: 執行中的工作: {1}", "SavedSettings": "{0:u}: 已儲存設定。", "ScanToolCapabilities": "正在掃描工具功能。", "ScreenSaverPoliciesInspection": "正在檢查可能導致螢幕保護裝置停用的原則。", "ScreenSaverPolicyWarning": "螢幕保護裝置原則定義在電腦上。這可能會造成再次啟用螢幕保護裝置。作用中的螢幕保護裝置可能會影響 UI 作業,例如自動化的 UI 測試可能會失敗。", "SecretsAreNotAllowedInInjectedTaskInputs": "工作正在嘗試存取包含秘密之目標工作的下列輸入:\n{0}\n不允許將包含秘密的輸入傳遞給裝飾項目所插入的工作。", "SelfManageGitCreds": "您目前處於自我管理 Git 認證模式。請確定您的代理程式主機可以略過任何 Git 驗證查問。", "ServerTarpit": "伺服器目前正在進行節流工作。您可能會在主機線路輸出、作業狀態報吿及工作記錄檔上傳時遇到延遲。", "ServerTarpitUrl": "連結至 [資源使用率] 頁面 (顯示全域 1 小時): {0}。", "ServerTarpitUrlScoped": "連結至 [資源使用率] 頁面 (依管線顯示 1 小時): {0}。", "ServerUrl": "伺服器 URL", "ServiceAlreadyExists": "服務已經存在: {0},它將被取代", "ServiceConfigured": "已成功設定服務 {0}", "ServiceDelayedStartOptionSet": "服務 {0} 已成功設定為延遲自動啟動", "ServiceInstalled": "已成功安裝服務 {0}。", "ServiceLockErrorRetry": "服務 DB 鎖定失敗,代碼為 {0}。{1}秒後重試...", "ServiceRecoveryOptionSet": "服務 {0} 已順利設定復原選項", "ServiceSidTypeSet": "服務 {0} 成功設定 SID 類型", "ServiceStartedSuccessfully": "已經成功啟動服務 {0}", "SessionCreateFailed": "無法建立工作階段。{0}", "SessionExist": "此代理程式的工作階段已存在。", "SessionExistStopRetry": "在重試 {0} 秒後,停止對 SessionConflictException 的重試。", "SetBuildVars": "設定組建變數。", "SetEnvVar": "正在設定環境變數 {0}", "SetVariableNotAllowed": "工作或組建定義已停用設定變數 '{0}'。", "ShallowCheckoutFail": "淺層存放庫的 Git lfs 失敗,原因可能是深度為 '{0}' 的 Git 簽出未包含簽出認可 '{1}'。請參閱文件 (http://go.microsoft.com/fwlink/?LinkId=829603)", "ShallowLfsFetchFail": "淺層存放庫的 Git lfs 失敗,原因可能是深度為 '{0}' 的 Git 擷取未包含 lfs 擷取認可 '{1}'。請參閱文件 (http://go.microsoft.com/fwlink/?LinkId=829603)", "ShutdownMessage": "正在將電腦重新啟動,以在互動模式中啟動代理程式。", "Skipping": "不存在。正在跳過 ", "SkipTrackingFileWithoutRepoType": "略過追蹤檔案 '{0}',尚未更新存放庫類型。", "SourceArtifactProviderNotFound": "找不到類型為 {0} 之成品的來源提供者", "StartingArtifactDownload": "正在開始下載 {0}", "StartMaintenance": "啟動維護: {0}", "StepCancelled": "將取消作業。後續步驟可能不包含預期的記錄。", "StepFinishing": "正在完成: {0}", "StepStarting": "正在啟動: {0}", "StepTimedOut": "工作已逾時。", "StopContainer": "停止容器", "Success": "已成功: ", "SupportedRepositoryEndpointNotFound": "無法將任何來源存放庫端點與任何支援的來源提供者進行比對。", "SupportedTaskHandlerNotFoundLinux": "目前的作業系統無法執行此工作。這通常表示所撰寫的工作只適用於 Windows。例如為 Windows Desktop PowerShell 所撰寫。", "SupportedTaskHandlerNotFoundWindows": "找不到支援的工作執行處理常式。該工作所含的實作與您目前的作業系統 '{0}' 不相容。如需詳細資料,請連絡工作作者。", "SvnBranchCheckedOut": "已在修訂版 {2} 中將存放庫 {1} 的分支 {0} 簽出", "SvnEmptyServerPath": "空的相對伺服器路徑對應至 '{0}'。", "SvnFileAlreadyExists": "檔案 {0} 已存在", "SvnIncorrectRelativePath": "指定的相對路徑 '{0}' 不正確。", "SvnMappingDuplicateLocal": "正在忽略本地路徑={0} 的重複對應", "SvnMappingDuplicateServer": "正在忽略伺服器路徑={0} 的重複對應", "SvnMappingIgnored": "已忽略整個對應集。正在繼續執行完整分支對應。", "SvnNotInstalled": "找不到已安裝的 svn 命令列公用程式", "SvnSyncingRepo": "正在同步處理存放庫: {0} (Svn)", "TarExtraction": "正在解壓縮 tar 封存: {0}", "TarExtractionError": "無法擷取 tar 封存 {0}: {1}", "TarExtractionNotSupportedInWindows": "Windows 不支援 tar 解壓縮", "TarSearchStart": "開始搜尋要擷取的 tar 封存", "TarsFound": "找到要擷取的 {0} tar 封存", "TarsNotFound": "找不到要解壓縮的 tar 封存", "TaskDownloadFailed": "無法下載工作 '{0}'。錯誤 {1}", "TaskDownloadTimeout": "工作 '{0}' 未在 {1} 秒內完成下載。", "TaskSignatureVerificationFailed": "工作簽章驗證失敗。", "TaskSignatureVerificationSucceeeded": "工作簽章驗證成功。", "TeeEula": [ "從 TFVC 存放庫建立來源時,必須接受 Team Explorer Everywhere 使用者授權合約。從 Git 存放庫建立來源則不需要此步驟。", "", "您可以在下列位置找到 Team Explorer Everywhere 授權合約複本:", " {0}" ], "Telemetry": "遙測", "TelemetryCommandDataError": "無法剖析遙測資料 {0}。錯誤: {1}。", "TelemetryCommandFailed": "無法發佈遙測資料。錯誤 {0}", "TenantId": "租用戶識別碼", "TestAgentConnection": "正在測試代理程式連線。", "TestAttachmentNotExists": "因為附件無法在磁碟上使用,所以正在略過: {0}", "TestResultsRemaining": "剩餘的測試結果: {0}。測試回合識別碼: {1}", "Tfs2015NotSupported": "針對 TFS 2015,Windows 不支援此代理程式。您可以從代理程式集區管理頁面下載 TFS 2015 Windows 代理程式。", "TotalThrottlingDelay": "工作因伺服器節流而發生 {0} 秒的延遲總計。", "TotalUploadFiles": "正在上傳 {0} 個檔案", "TypeRequiredForTimelineRecord": "這個新的時間軸記錄需要類型。", "UnableResolveArtifactType": "無法從成品位置推斷成品類型: {0}。", "UnableToArchiveResults": "無法封存測試結果: {0}", "UnableToParseBuildTrackingConfig0": "無法剖析舊版組建追蹤設定。系統將會改為建立新的組建目錄。上一個目錄可能處於未被認領的狀態。舊版設定內容: {0}", "UnconfigAutologon": "正在移除自動登入設定", "UnconfigureOSXService": "請先根據 https://www.visualstudio.com/zh-tw/docs/build/admin/agents/v2-osx (部分機器翻譯) 取消設定服務", "UnconfigureServiceDService": "請先根據 https://www.visualstudio.com/zh-tw/docs/build/admin/agents/v2-linux (部分機器翻譯) 將服務取消設定", "UnexpectedParallelCount": "不支援的平行計數 '%s'。請輸入介於 1 到 128 之間的數字。", "UninstallingService": "正在移除服務", "UnknownCodeCoverageTool": "不支援程式碼涵蓋範圍工具 '{0}'。", "UnrecognizedCmdArgs": "無法辨識的命令列輸入引數: '{0}'。如需使用方式,請參閱: .\\config.cmd --help 或 ./config.sh --help", "UnregisteringAgent": "正在從伺服器移除代理程式", "UnsupportedGitLfsVersion": "您目前的 Git LFS 版本為 '{0}',代理程式不支援此版本。請升級至 '{1}' 以上的版本。如需詳細資料,請參閱 https://github.com/git-lfs/git-lfs/issues/3571。", "UnsupportedOsVersionByNet8": "管線代理程式即將更新時,不支援此代理程式在 ({0}) 上執行的操作系統版本。如需支援的操作系統版本,請參閱 https://aka.ms/azdo-pipeline-agent-net8.", "UpdateBuildNumber": "更新組建編號", "UpdateBuildNumberForBuild": "將組建 {1} 的組建編號更新為 {0}", "UpdateInProgress": "代理程式更新進行中,請勿關閉代理程式。", "UpgradeToLatestGit": "若要獲得更佳的 Git 體驗,請將您的 Git 升級到至少版本 '{0}'。您目前的 Git 版本為 '{1}'。", "UploadArtifact": "上傳成品", "UploadArtifactCommandNotSupported": "在 {0} 中不支援上傳伺服器成品。", "UploadArtifactFinished": "管線成品上傳已完成。", "UploadingPipelineArtifact": "正在從 {0} 為組建 #{1} 上傳管線成品", "UploadToFileContainer": "將 '{0}' 上傳至檔案容器: '{1}'", "UserName": "使用者名稱", "UserNameLog": "代理程式執行身分: '{0}'", "UserShutdownAgent": "代理程式已收到關機訊號。當代理程式服務停止,或手動啟動的代理程式遭到取消時,則可能會發生此情況。", "Variable0ContainsCyclicalReference": "無法展開變數' {0}'。系統偵測到循環參考。", "Variable0ExceedsMaxDepth1": "無法展開變數 '{0}'。已超過最大展開深度 ({1})。", "VMResourceWithSameNameAlreadyExistInEnvironment": "識別碼為 '{0}' 的環境已經包含名為 '{1}' 的虛擬機器資源。", "VSTSHostNonZeroReturn": "已完成 LegacyVSTSPowerShellHost.exe,傳回碼為: {0}。", "WaitForServiceToStop": "正在等候服務停止...", "WindowsLogonAccountNameDescription": "用於服務的使用者帳戶", "WindowsLogonPasswordDescription": "帳戶密碼 {0}", "WorkFolderDescription": "工作資料夾", "WorkspaceMappingNotMatched": "工作區 {0} 的工作區對應不相符", "Y": "Y", "ZipSlipFailure": "項目位於目標目錄外部: {0}" } ================================================ FILE: src/Misc/layoutroot/config.cmd ================================================ @echo off rem ******************************************************************************** rem Unblock specific files. rem ******************************************************************************** setlocal if defined VERBOSE_ARG ( set VERBOSE_ARG='Continue' ) else ( set VERBOSE_ARG='SilentlyContinue' ) rem Unblock the following types of files: rem 1) The files in the root of the layout folder. E.g. .cmd files. rem rem 2) The PowerShell scripts delivered with the agent. E.g. capability scan scripts under "bin\" rem and legacy handler scripts under "externals\vstshost\". rem rem 3) The DLLs potentially loaded from a PowerShell script (e.g. DLLs in Agent.ServerOMDirectory). rem Otherwise, Add-Type may result in the following error: rem Add-Type : Could not load file or assembly 'file:///[...].dll' or one of its dependencies. rem Operation is not supported. rem Reproduced on Windows 8 in PowerShell 4. Changing the execution policy did not appear to make rem a difference. The error reproduced even with the execution policy set to Bypass. It may be a rem a policy setting. powershell.exe -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "$VerbosePreference = %VERBOSE_ARG% ; Get-ChildItem -LiteralPath '%~dp0' | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; Get-ChildItem -Recurse -LiteralPath '%~dp0bin', '%~dp0externals' | Where-Object { $_ -match '\.(ps1|psd1|psm1)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; if (Test-Path -LiteralPath '%~dp0externals\vstshost' -PathType Container) { Get-ChildItem -LiteralPath '%~dp0externals\vstshost' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null } if (Test-Path -LiteralPath '%~dp0externals\tf' -PathType Container) { Get-ChildItem -LiteralPath '%~dp0externals\tf' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null } if (Test-Path -LiteralPath '%~dp0externals\tf-latest' -PathType Container) { Get-ChildItem -LiteralPath '%~dp0externals\tf-latest' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null }" if /i "%~1" equ "remove" ( rem ******************************************************************************** rem Unconfigure the agent. rem ******************************************************************************** "%~dp0bin\Agent.Listener.exe" %* ) else ( rem ******************************************************************************** rem Configure the agent. rem ******************************************************************************** "%~dp0bin\Agent.Listener.exe" configure %* ) ================================================ FILE: src/Misc/layoutroot/config.sh ================================================ #!/bin/bash user_id="$(id -u)" # we want to snapshot the environment of the config user if [ $user_id -eq 0 -a -z "$AGENT_ALLOW_RUNASROOT" ]; then echo "Must not run with sudo" exit 1 fi # Check dotnet core 6.0 dependencies for Linux if [[ "$(uname)" == "Linux" ]]; then if [ -e /etc/redhat-release ]; then redhatRelease=$(grep -oE "[0-9]+" /etc/redhat-release | awk "NR==1") if [[ "${redhatRelease}" -lt 7 ]]; then echo "RHEL supported for version 7 and higher." exit 1 fi fi command -v ldd > /dev/null if [ $? -ne 0 ]; then echo "Can not find 'ldd'. Please install 'ldd' and try again." exit 1 fi ldd ./bin/libcoreclr.so | grep -E "not found|No such" if [ $? -eq 0 ]; then echo "Dependencies is missing for .NET Core 6.0" echo "Execute ./bin/installdependencies.sh to install any missing dependencies." exit 1 fi ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep -E "not found|No such" if [ $? -eq 0 ]; then echo "Dependencies missing for .NET 6.0" echo "Execute ./bin/installdependencies.sh to install any missing dependencies." exit 1 fi ldd ./bin/libSystem.IO.Compression.Native.so | grep -E "not found|No such" if [ $? -eq 0 ]; then echo "Dependencies missing for .NET 6.0" echo "Execute ./bin/installdependencies.sh to install any missing dependencies." exit 1 fi if [ -e /etc/alpine-release ]; then if [ -z "$(apk info 2>&1 | grep icu-libs)" ]; then echo "icu-libs are missing" echo "Execute ./bin/installdependencies.sh to install any missing dependencies." exit 1 fi else LDCONFIG="ldconfig" if ! [ -x "$(command -v $LDCONFIG)" ]; then LDCONFIG="/sbin/ldconfig" if ! [ -x "$LDCONFIG" ]; then echo "Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again." exit 1 fi fi libpath="${LD_LIBRARY_PATH:-}" $LDCONFIG -NXv "${libpath//:/}" 2>&1 | grep libicu >/dev/null 2>&1 if [ $? -ne 0 ]; then echo "libicu's dependencies missing for .NET 6" echo "Execute ./bin/installdependencies.sh to install any missing dependencies." exit 1 fi fi fi # Change directory to the script root directory # https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within SOURCE="${BASH_SOURCE[0]}" while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" SOURCE="$(readlink "$SOURCE")" [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located done DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" cd $DIR source ./env.sh shopt -s nocasematch if [[ "$1" == "remove" ]]; then ./bin/Agent.Listener "$@" else ./bin/Agent.Listener configure "$@" fi ================================================ FILE: src/Misc/layoutroot/env.sh ================================================ #!/bin/bash varCheckList=( 'LANG' 'JAVA_HOME' 'ANT_HOME' 'M2_HOME' 'ANDROID_HOME' 'GRADLE_HOME' 'NVM_BIN' 'NVM_PATH' 'VSTS_HTTP_PROXY' 'VSTS_HTTP_PROXY_USERNAME' 'VSTS_HTTP_PROXY_PASSWORD' 'LD_LIBRARY_PATH' 'PERL5LIB' 'AGENT_TOOLSDIRECTORY' ) envContents="" if [ -f ".env" ]; then envContents=`cat .env` else touch .env fi function writeVar() { checkVar="$1" checkDelim="${1}=" if test "${envContents#*$checkDelim}" = "$envContents" then if [ ! -z "${!checkVar}" ]; then echo "${checkVar}=${!checkVar}">>.env fi fi } echo $PATH>.path for var_name in ${varCheckList[@]} do writeVar "${var_name}" done ================================================ FILE: src/Misc/layoutroot/license.html ================================================ MICROSOFT SOFTWARE LICENSE TERMS - MICROSOFT TEAM EXPLORER EVERYWHERE

MICROSOFT SOFTWARE LICENSE TERMS

MICROSOFT TEAM EXPLORER EVERYWHERE

These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to the software named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft

  • updates,
  • supplements,
  • Internet-based services, and
  • support services

for this software, unless other terms accompany those items. If so, those terms apply.

BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE.

IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE PERPETUAL RIGHTS BELOW.

1. INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices for your use solely with Visual Studio Team Foundation Server or Visual Studio Team Services.

2. THIRD PARTY NOTICES. Additional copyright notices and license terms applicable to portions of the software are set forth in the ThirdPartyNotices file accompanying the Microsoft software. In addition to any terms and conditions of any third party license identified in the ThirdPartyNotices file, the disclaimer of warranty and limitation on and exclusion of remedies and damages provisions of this agreement shall apply to all software in this distribution.

3. SCOPE OF LICENSE. The software is licensed, not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not

  • work around any technical limitations in the software;
  • reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;
  • make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;
  • publish the software for others to copy;
  • rent, lease or lend the software;
  • transfer the software or this agreement to any third party; or
  • use the software for commercial software hosting services.

4. BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.

5. DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal, reference purposes.

6. EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting.

7. SUPPORT SERVICES. Because this software is “as is,” we may not provide support services for it.

8. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.

9. PRIVACY STATEMENT. The Microsoft Visual Studio Product Family Privacy Statement describes the privacy statement of this software.

10. APPLICABLE LAW.

a. United States. If you acquired the software in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.

b. Outside the United States. If you acquired the software in any other country, the laws of that country apply.

11. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the software. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.

12. DISCLAIMER OF WARRANTY. THE SOFTWARE IS LICENSED “AS-IS.” YOU BEAR THE RISK OF USING IT. MICROSOFT GIVES NO EXPRESS WARRANTIES, GUARANTEES OR CONDITIONS. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS OR STATUTORY GUARANTEES UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT EXCLUDES THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

FOR AUSTRALIA – YOU HAVE STATUTORY GUARANTEES UNDER THE AUSTRALIAN CONSUMER LAW AND NOTHING IN THESE TERMS IS INTENDED TO AFFECT THOSE RIGHTS.

13. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.

This limitation applies to

  • anything related to the software, services, content (including code) on third party Internet sites, or third party programs; and
  • claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.

It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.

Please note: As this software is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French.

Remarque : Ce logiciel étant distribué au Québec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en français.

EXONÉRATION DE GARANTIE. Le logiciel visé par une licence est offert « tel quel ». Toute utilisation de ce logiciel est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection des consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues.

LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices.

Cette limitation concerne :

tout ce qui est relié au logiciel, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers ; et

les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité stricte, de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur.

Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre égard.

EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas.

================================================ FILE: src/Misc/layoutroot/reauth.cmd ================================================ @echo off rem ******************************************************************************** rem Unblock specific files. rem ******************************************************************************** setlocal if defined VERBOSE_ARG ( set VERBOSE_ARG='Continue' ) else ( set VERBOSE_ARG='SilentlyContinue' ) rem Unblock the following types of files: rem 1) The files in the root of the layout folder. E.g. .cmd files. rem rem 2) The PowerShell scripts delivered with the agent. E.g. capability scan scripts under "bin\" rem and legacy handler scripts under "externals\vstshost\". rem rem 3) The DLLs potentially loaded from a PowerShell script (e.g. DLLs in Agent.ServerOMDirectory). rem Otherwise, Add-Type may result in the following error: rem Add-Type : Could not load file or assembly 'file:///[...].dll' or one of its dependencies. rem Operation is not supported. rem Reproduced on Windows 8 in PowerShell 4. Changing the execution policy did not appear to make rem a difference. The error reproduced even with the execution policy set to Bypass. It may be a rem a policy setting. powershell.exe -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "$VerbosePreference = %VERBOSE_ARG% ; Get-ChildItem -LiteralPath '%~dp0' | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; Get-ChildItem -Recurse -LiteralPath '%~dp0bin', '%~dp0externals' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; if (Test-Path -LiteralPath '%~dp0externals\vstshost' -PathType Container) { Get-ChildItem -LiteralPath '%~dp0externals\vstshost' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null } if (Test-Path -LiteralPath '%~dp0externals\tf' -PathType Container) { Get-ChildItem -LiteralPath '%~dp0externals\tf' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null } if (Test-Path -LiteralPath '%~dp0externals\tf-latest' -PathType Container) { Get-ChildItem -LiteralPath '%~dp0externals\tf-latest' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null }" rem ******************************************************************************** rem Reauthenticate the agent. rem ******************************************************************************** "%~dp0bin\Agent.Listener.exe" reauth %* ================================================ FILE: src/Misc/layoutroot/reauth.sh ================================================ #!/bin/bash user_id="$(id -u)" # we want to snapshot the environment of the config user if [ $user_id -eq 0 -a -z "$AGENT_ALLOW_RUNASROOT" ]; then echo "Must not run with sudo" exit 1 fi # Check dotnet core 6.0 dependencies for Linux if [[ "$(uname)" == "Linux" ]]; then if [ -e /etc/redhat-release ]; then redhatRelease=$(grep -oE "[0-9]+" /etc/redhat-release | awk "NR==1") if [[ "${redhatRelease}" -lt 7 ]]; then echo "RHEL supported for version 7 and higher." exit 1 fi fi command -v ldd > /dev/null if [ $? -ne 0 ]; then echo "Can not find 'ldd'. Please install 'ldd' and try again." exit 1 fi ldd ./bin/libcoreclr.so | grep -E "not found|No such" if [ $? -eq 0 ]; then echo "Dependencies is missing for .NET Core 6.0" echo "Execute ./bin/installdependencies.sh to install any missing dependencies." exit 1 fi ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep -E "not found|No such" if [ $? -eq 0 ]; then echo "Dependencies missing for .NET 6.0" echo "Execute ./bin/installdependencies.sh to install any missing dependencies." exit 1 fi ldd ./bin/libSystem.IO.Compression.Native.so | grep -E "not found|No such" if [ $? -eq 0 ]; then echo "Dependencies missing for .NET 6.0" echo "Execute ./bin/installdependencies.sh to install any missing dependencies." exit 1 fi if [ -e /etc/alpine-release ]; then if [ -z "$(apk info 2>&1 | grep icu-libs)" ]; then echo "icu-libs are missing" echo "Execute ./bin/installdependencies.sh to install any missing dependencies." exit 1 fi else LDCONFIG="ldconfig" if ! [ -x "$(command -v $LDCONFIG)" ]; then LDCONFIG="/sbin/ldconfig" if ! [ -x "$LDCONFIG" ]; then echo "Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again." exit 1 fi fi libpath="${LD_LIBRARY_PATH:-}" $LDCONFIG -NXv "${libpath//:/}" 2>&1 | grep libicu >/dev/null 2>&1 if [ $? -ne 0 ]; then echo "libicu's dependencies missing for .NET 6" echo "Execute ./bin/installdependencies.sh to install any missing dependencies." exit 1 fi fi fi # Change directory to the script root directory # https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within SOURCE="${BASH_SOURCE[0]}" while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" SOURCE="$(readlink "$SOURCE")" [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located done DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" cd $DIR source ./env.sh shopt -s nocasematch if [[ "$1" == "remove" ]]; then ./bin/Agent.Listener "$@" else ./bin/Agent.Listener reauth "$@" fi ================================================ FILE: src/Misc/layoutroot/run-docker.sh ================================================ #!/bin/bash function delay { time=${1:-1} if [ -x "$(command -v sleep)" ]; then sleep $time >/dev/null elif [ -x "$(command -v ping)" ]; then ping -n $time 127.0.0.1 >nul else count=0 while [[ $count != $[$time*25000] ]]; do echo "sleep" >/dev/null count=$[$count+1] done fi } # Validate not sudo user_id=`id -u` if [ $user_id -eq 0 -a -z "$AGENT_ALLOW_RUNASROOT" ]; then echo "Must not run interactively with sudo" exit 1 fi # Change directory to the script root directory # https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within SOURCE="${BASH_SOURCE[0]}" while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" SOURCE="$(readlink "$SOURCE")" [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located done DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" # Do not "cd $DIR". For localRun, the current directory is expected to be the repo location on disk. # Run shopt -s nocasematch # Determining if the "--once" flag was passed ONCE=false for a in $*; do if [[ "$a" == "--once" ]]; then ONCE=true fi done FIRST_ARG=$1 ARGUMENTS=$* # Function process arguments, start the agent with the correct flags and handle exit codes on updating function runAgent { if [[ "$FIRST_ARG" == "localRun" ]]; then "$DIR"/bin/Agent.Listener $ARGUMENTS else if [[ "$ONCE" = true ]]; then "$DIR"/bin/Agent.Listener run $ARGUMENTS else echo "Starting Agent listener with startup type: service - to prevent running of an agent in a separate process after self-update" "$DIR"/bin/Agent.Listener run --startuptype service $ARGUMENTS fi # Return code 3 or 4 means the agent received an update message. # Sleep at least 5 seconds (to allow the update process to start) and # at most 20 seconds (to allow it to finish) then run the new agent # again. returnCode=$? echo "Agent exit code $returnCode" if [[ $returnCode == 3 || $returnCode == 4 ]]; then delay 5 retry=0 while [[ $retry != 15 ]] && [ ! -x "$DIR"/bin/Agent.Listener ]; do delay 1 retry=$[retry+1] done if [ ! -x "$DIR"/bin/Agent.Listener ]; then echo "Failed to update within 20 seconds." >&2 exit 1 fi runAgent else exit $returnCode fi fi } runAgent ================================================ FILE: src/Misc/layoutroot/run.cmd ================================================ @echo off rem ******************************************************************************** rem Unblock specific files. rem ******************************************************************************** setlocal if defined VERBOSE_ARG ( set VERBOSE_ARG='Continue' ) else ( set VERBOSE_ARG='SilentlyContinue' ) rem Unblock the following types of files: rem 1) The files in the root of the layout folder. E.g. .cmd files. rem rem 2) The PowerShell scripts delivered with the agent. E.g. capability scan scripts under "bin\" rem and legacy handler scripts under "externals\vstshost\". rem rem 3) The DLLs potentially loaded from a PowerShell script (e.g. DLLs in Agent.ServerOMDirectory). rem Otherwise, Add-Type may result in the following error: rem Add-Type : Could not load file or assembly 'file:///[...].dll' or one of its dependencies. rem Operation is not supported. rem Reproduced on Windows 8 in PowerShell 4. Changing the execution policy did not appear to make rem a difference. The error reproduced even with the execution policy set to Bypass. It may be a rem a policy setting. powershell.exe -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "$VerbosePreference = %VERBOSE_ARG% ; Get-ChildItem -LiteralPath '%~dp0' | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; Get-ChildItem -Recurse -LiteralPath '%~dp0bin', '%~dp0externals' | Where-Object { $_ -match '\.(ps1|psd1|psm1)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; if (Test-Path -LiteralPath '%~dp0externals\vstshost' -PathType Container) { Get-ChildItem -LiteralPath '%~dp0externals\vstshost' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null } if (Test-Path -LiteralPath '%~dp0externals\tf' -PathType Container) { Get-ChildItem -LiteralPath '%~dp0externals\tf' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null } if (Test-Path -LiteralPath '%~dp0externals\tf-latest' -PathType Container) { Get-ChildItem -LiteralPath '%~dp0externals\tf-latest' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null }" if /i "%~1" equ "localRun" ( rem ******************************************************************************** rem Local run. rem ******************************************************************************** "%~dp0bin\Agent.Listener.exe" %* ) else ( rem ******************************************************************************** rem Run. rem ******************************************************************************** "%~dp0bin\Agent.Listener.exe" run %* rem Return code 4 means the run once agent received an update message. rem Sleep 5 seconds to wait for the update process finish and run the agent again. if ERRORLEVEL 4 ( timeout /t 5 /nobreak > NUL "%~dp0bin\Agent.Listener.exe" run %* ) ) ================================================ FILE: src/Misc/layoutroot/run.sh ================================================ #!/bin/bash function delay { time=${1:-1} if [ -x "$(command -v sleep)" ]; then sleep $time >/dev/null elif [ -x "$(command -v ping)" ]; then ping -n $time 127.0.0.1 >nul else count=0 while [[ $count != $[$time*25000] ]]; do echo "sleep" >/dev/null count=$[$count+1] done fi } # Validate not sudo user_id=`id -u` if [ $user_id -eq 0 -a -z "$AGENT_ALLOW_RUNASROOT" ]; then echo "Must not run interactively with sudo" exit 1 fi # Change directory to the script root directory # https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within SOURCE="${BASH_SOURCE[0]}" while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" SOURCE="$(readlink "$SOURCE")" [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located done DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" # Do not "cd $DIR". For localRun, the current directory is expected to be the repo location on disk. # Run shopt -s nocasematch if [[ "$1" == "localRun" ]]; then "$DIR"/bin/Agent.Listener $* else "$DIR"/bin/Agent.Listener run $* # Return code 4 means the run once agent received an update message. # Sleep at least 5 seconds (to allow the update process to start) and # at most 20 seconds (to allow it to finish) then run the new agent # again. returnCode=$? if [[ $returnCode == 4 ]]; then delay 5 retry=0 while [[ $retry != 15 ]] && [ ! -x "$DIR"/bin/Agent.Listener ]; do delay 1 retry=$[retry+1] done if [ ! -x "$DIR"/bin/Agent.Listener ]; then echo "Failed to update within 20 seconds." >&2 exit 1 fi "$DIR"/bin/Agent.Listener run $* else exit $returnCode fi fi ================================================ FILE: src/Misc/osxsvclayout.txt ================================================ Agent: -rwxr--r-- 1 bryanmac staff 309 May 6 08:14 .agent -rwxr--r-- 1 bryanmac staff 106 May 6 08:14 .credentials -rwxr-xr-x 1 bryanmac staff 2052 May 6 08:14 svc.sh -=B=- ~/Testing/2100$ ls -la ~/Library/LaunchAgents/vsts.agent.btest.2100.plist -rw-r--r-- 1 bryanmac staff 1265 May 6 08:14 /Users/bryanmac/Library/LaunchAgents/vsts.agent.btest.2100.plist -=B=- ~/Testing/2100$ ls -la ~/Library/Logs/vsts.agent.btest.2100/ -rw-r--r-- 1 bryanmac staff 205 May 6 08:15 stdout.log -=B=- ~/Testing/2100$ cat ~/Library/LaunchAgents/vsts.agent.btest.2100.plist Label vsts.agent.btest.2100 ProgramArguments /Users/bryanmac/Testing/2100/externals/node/bin/node /Users/bryanmac/Testing/2100/bin/AgentService.js UserName bryanmac WorkingDirectory /Users/bryanmac/Testing/2100 RunAtLoad StandardOutPath /Users/bryanmac/Library/Logs/vsts.agent.btest.2100/stdout.log StandardErrorPath /Users/bryanmac/Library/Logs/vsts.agent.btest.2100/stdout.log EnvironmentVariables PATH /Users/bryanmac/.nvm/versions/node/v5.10.1/bin:/Library/Frameworks/Python.framework/Versions/3.4/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/X11/bin:/usr/local/share/dotnet/bin VSTS_AGENT_SVC 1 ================================================ FILE: src/NuGet.Config ================================================  ================================================ FILE: src/Test/CodeCoverage.runsettings ================================================ .*buildxl.* .*System.* .*ncrontab.* .*runtimecontracts\.dll .*test\.dll .*system\.identitymodel\.tokens\.jwt\.dll .*microsoft\..*\.dll ================================================ FILE: src/Test/L0/ConstantGenerationL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class ConstantGenerationL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void BuildConstantGenerateSucceed() { List validPackageNames = new List() { "win-x64", "win-x86", "win-arm64", "linux-x64", "linux-arm", "linux-arm64", "linux-musl-x64", "linux-musl-arm64", "osx-x64", "osx-arm64" }; Assert.True(BuildConstants.Source.CommitHash.Length == 40, $"CommitHash should be SHA-1 hash {BuildConstants.Source.CommitHash}"); Assert.True(validPackageNames.Contains(BuildConstants.AgentPackage.PackageName), $"PackageName should be one of the following '{string.Join(", ", validPackageNames)}', current PackageName is '{BuildConstants.AgentPackage.PackageName}'"); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void ReleaseBuiltFromGitNotFromTarball() { #if !DEBUG // don't ship an agent with an empty commit ID Assert.True(BuildConstants.Source.CommitHash != new string('0', 40), $"CommitHash should be non-empty"); #endif } } } ================================================ FILE: src/Test/L0/Container/ContainerDiagnosticsManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Microsoft.VisualStudio.Services.Agent.Util; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Container { public sealed class ContainerDiagnosticsManagerL0 { private readonly Mock _dockerManager; private readonly Mock _processInvoker; public ContainerDiagnosticsManagerL0() { _dockerManager = new Mock(); _processInvoker = new Mock(); _processInvoker.Setup(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("inspect")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny())) .ReturnsAsync(0); } private bool IsDockerAvailable() { // Check if Docker is available try { WhichUtil.Which("docker", true); return true; } catch (FileNotFoundException) { // Docker not available return false; } } private TestHostContext CreateTestContext([System.Runtime.CompilerServices.CallerMemberName] string testName = "") { var hc = new TestHostContext(this, testName); // Register the mock docker manager as a singleton hc.SetSingleton(_dockerManager.Object); // Enqueue process invoker instances for the diagnostic calls for (int i = 0; i < 10; i++) { hc.EnqueueInstance(_processInvoker.Object); } return hc; } [InlineData(137, "SIGKILL")] [InlineData(1, "Generic failure")] [InlineData(127, "Command not found")] [InlineData(126, "Permission denied")] [InlineData(0, "Success")] [InlineData(-1073741819, "Windows error")] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task CollectDockerExecFailureDiagnostics_VariousExitCodes_DoesNotThrow(int exitCode, string description) { if (!IsDockerAvailable()) return; using (TestHostContext hc = CreateTestContext()) { // Arrange var diagnosticsManager = new ContainerDiagnosticsManager(); diagnosticsManager.Initialize(hc); var dockerPath = "docker"; var dockerArgs = $"exec -i container{exitCode} bash"; var containerId = $"container{exitCode}"; var exception = new ProcessExitCodeException(exitCode, "docker", dockerArgs); // Act & Assert - Should not throw regardless of exit code await diagnosticsManager.CollectDockerExecFailureDiagnosticsAsync( exception, dockerPath, dockerArgs, containerId); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task CollectDockerExecFailureDiagnostics_OperationCanceledException_DoesNotThrow() { if (!IsDockerAvailable()) return; using (TestHostContext hc = CreateTestContext()) { // Arrange var diagnosticsManager = new ContainerDiagnosticsManager(); diagnosticsManager.Initialize(hc); var dockerPath = "docker"; var dockerArgs = "exec -i containerdef bash"; var containerId = "containerdef"; var exception = new OperationCanceledException("The operation was canceled"); // Act & Assert - Should handle cancellation gracefully await diagnosticsManager.CollectDockerExecFailureDiagnosticsAsync( exception, dockerPath, dockerArgs, containerId); } } [Theory] [InlineData(null, "null")] [InlineData("", "empty")] [InlineData("abc123", "short")] [InlineData("ec520c5e3e951156a1b28bd423c3cb363ec0a4b2c97843fcec178c49b041306c", "long 64-char")] [InlineData("special-container_123", "special characters")] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task CollectDockerExecFailureDiagnostics_VariousContainerIds_DoesNotThrow(string containerId, string description) { if (!IsDockerAvailable()) return; using (TestHostContext hc = CreateTestContext()) { // Arrange var diagnosticsManager = new ContainerDiagnosticsManager(); diagnosticsManager.Initialize(hc); var dockerPath = "docker"; var dockerArgs = $"exec -i {containerId ?? "somecontainer"} bash"; var exception = new ProcessExitCodeException(137, "docker", dockerArgs); // Act & Assert - Should handle {description} container ID gracefully await diagnosticsManager.CollectDockerExecFailureDiagnosticsAsync( exception, dockerPath, dockerArgs, containerId); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task CollectDockerExecFailureDiagnostics_GenericException_DoesNotThrow() { if (!IsDockerAvailable()) return; using (TestHostContext hc = CreateTestContext()) { // Arrange var diagnosticsManager = new ContainerDiagnosticsManager(); diagnosticsManager.Initialize(hc); var dockerPath = "docker"; var dockerArgs = "exec -i container999 bash"; var containerId = "container999"; var exception = new Exception("Some generic error"); // Act & Assert - Should handle generic exceptions await diagnosticsManager.CollectDockerExecFailureDiagnosticsAsync( exception, dockerPath, dockerArgs, containerId); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task CollectDockerExecFailureDiagnostics_VerifiesDockerInspectCalled() { if (!IsDockerAvailable()) return; using (TestHostContext hc = CreateTestContext()) { // Arrange var diagnosticsManager = new ContainerDiagnosticsManager(); diagnosticsManager.Initialize(hc); var dockerPath = "docker"; var dockerArgs = "exec -i testcontainer bash"; var containerId = "testcontainer"; var exception = new ProcessExitCodeException(137, "docker", dockerArgs); // Act await diagnosticsManager.CollectDockerExecFailureDiagnosticsAsync( exception, dockerPath, dockerArgs, containerId); // Assert - Verify docker inspect was called for container state _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("inspect") && args.Contains("State")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny()), Times.AtLeastOnce()); // Assert - Verify docker inspect was called for resource state _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("inspect") && args.Contains("HostConfig")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny()), Times.AtLeastOnce()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task CollectDockerExecFailureDiagnostics_VerifiesDockerLogsCalled() { if (!IsDockerAvailable()) return; using (TestHostContext hc = CreateTestContext()) { // Arrange var diagnosticsManager = new ContainerDiagnosticsManager(); diagnosticsManager.Initialize(hc); var dockerPath = "docker"; var dockerArgs = "exec -i logcontainer bash"; var containerId = "logcontainer"; var exception = new ProcessExitCodeException(137, "docker", dockerArgs); // Act await diagnosticsManager.CollectDockerExecFailureDiagnosticsAsync( exception, dockerPath, dockerArgs, containerId); // Assert - Verify docker logs was called _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("logs")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny()), Times.AtLeastOnce()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task CollectDockerExecFailureDiagnostics_VerifiesDockerVersionCalled() { if (!IsDockerAvailable()) return; using (TestHostContext hc = CreateTestContext()) { // Arrange var diagnosticsManager = new ContainerDiagnosticsManager(); diagnosticsManager.Initialize(hc); var dockerPath = "docker"; var dockerArgs = "exec -i versioncontainer bash"; var containerId = "versioncontainer"; var exception = new ProcessExitCodeException(137, "docker", dockerArgs); // Act await diagnosticsManager.CollectDockerExecFailureDiagnosticsAsync( exception, dockerPath, dockerArgs, containerId); // Assert - Verify docker version was called for daemon health check _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("version")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny()), Times.AtLeastOnce()); } } // Scenario-based tests verifying diagnostics are collected for specific failure modes [Theory] [InlineData(137, "node script.js", "OOM killed (SIGKILL)")] [InlineData(127, "node --version", "Command not found")] [InlineData(126, "bash -c 'cat /secure/file'", "Permission denied")] [InlineData(1, "failing-command", "Generic docker exec failure")] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task WhenDockerExecFails_DiagnosticsCollectedForScenario(int exitCode, string command, string scenario) { if (!IsDockerAvailable()) return; using (TestHostContext hc = CreateTestContext()) { // Arrange var diagnosticsManager = new ContainerDiagnosticsManager(); diagnosticsManager.Initialize(hc); var dockerPath = "docker"; var dockerArgs = $"exec -i testcontainer {command}"; var containerId = "testcontainer"; var exception = new ProcessExitCodeException(exitCode, "docker", dockerArgs); // Act await diagnosticsManager.CollectDockerExecFailureDiagnosticsAsync( exception, dockerPath, dockerArgs, containerId); // Assert - Verify diagnostic commands were called for scenario _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("inspect")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny()), Times.AtLeastOnce(), $"Should inspect container for scenario: {scenario}"); _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("logs")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny()), Times.AtLeastOnce(), $"Should collect container logs for scenario: {scenario}"); _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("version")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny()), Times.AtLeastOnce(), $"Should verify Docker daemon health for scenario: {scenario}"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task WhenCancellationRequested_DiagnosticsHandledGracefully() { if (!IsDockerAvailable()) return; using (TestHostContext hc = CreateTestContext()) { // Arrange var diagnosticsManager = new ContainerDiagnosticsManager(); diagnosticsManager.Initialize(hc); var dockerPath = "docker"; var dockerArgs = "exec -i cancelcontainer long-running-command"; var containerId = "cancelcontainer"; var exception = new OperationCanceledException("Pipeline execution was canceled"); await diagnosticsManager.CollectDockerExecFailureDiagnosticsAsync( exception, dockerPath, dockerArgs, containerId); } } } } ================================================ FILE: src/Test/L0/Container/ContainerInfoL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.IO; using System.Collections.Generic; using System.Runtime.CompilerServices; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Xunit; using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Container { public sealed class ContainerInfoL0 { private class MountVolumeTest { private string Input; private MountVolume Expected; private string Title; public MountVolumeTest(string input, MountVolume expected, string title = "") { this.Input = input; this.Expected = expected; this.Title = title; } public void run() { MountVolume got = new MountVolume(Input); Assert.True(Expected.SourceVolumePath == got.SourceVolumePath, $"{Title} - testing property SourceVolumePath. Expected: '{Expected.SourceVolumePath}' Got: '{got.SourceVolumePath}' "); Assert.True(Expected.TargetVolumePath == got.TargetVolumePath, $"{Title} - testing property TargetVolumePath. Expected: '{Expected.TargetVolumePath}' Got: '{got.TargetVolumePath}'"); Assert.True(Expected.ReadOnly == got.ReadOnly, $"{Title} - testing property ReadOnly. Expected: '{Expected.ReadOnly}' Got: '{got.ReadOnly}'"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void MountVolumeConstructorParsesStringInput() { List tests = new List { // Unix style paths new MountVolumeTest("/dst/dir", new MountVolume(null, "/dst/dir", false), "Maps anonymous Docker volume into target dir"), new MountVolumeTest("/src/dir:/dst/dir", new MountVolume("/src/dir", "/dst/dir", false), "Maps source to target dir"), new MountVolumeTest("/dst/dir:ro", new MountVolume(null, "/dst/dir", true), "Maps anonymous Docker volume read-only into target dir"), new MountVolumeTest("/dst/dir:RO", new MountVolume(null, "/dst/dir", true), "Maps anonymous Docker volume read-only (RO) into target dir"), new MountVolumeTest("/dst/dir:rw", new MountVolume(null, "/dst/dir", false), "Maps anonymous Docker volume read-write into target dir"), new MountVolumeTest("/dst/dir:RW", new MountVolume(null, "/dst/dir", false), "Maps anonymous Docker volume read-write (RW) into target dir"), new MountVolumeTest("/src/dir:/dst/dir:ro", new MountVolume("/src/dir", "/dst/dir", true), "Maps source to read-only target dir"), new MountVolumeTest(":/dst/dir", new MountVolume(null, "/dst/dir", false), "Maps anonymous Docker volume into target dir with leading colon"), new MountVolumeTest("/c/src/dir:/c/dst/dir", new MountVolume("/c/src/dir", "/c/dst/dir", false), "Maps source to target dir prefixed with /c/"), new MountVolumeTest("/src/dir\\:with\\:escaped\\:colons:/dst/dir\\:with\\:escaped\\:colons", new MountVolume("/src/dir:with:escaped:colons", "/dst/dir:with:escaped:colons", false), "Maps source to target dir prefixed with escaped colons"), new MountVolumeTest("/src/dir:/dst/dir:rw", new MountVolume("/src/dir", "/dst/dir", false), "Maps source to explicit read-write target dir"), new MountVolumeTest("/src/dir:/dst/dir:garbage", new MountVolume("/src/dir", "/dst/dir", false), "Maps source to target dir with bad options"), // Windows style paths new MountVolumeTest("c:\\dst\\dir", new MountVolume(null, "c:\\dst\\dir", false), "Maps anonymous Docker volume into target dir using Windows-style paths"), new MountVolumeTest("c:\\src\\dir:c:\\dst\\dir", new MountVolume("c:\\src\\dir", "c:\\dst\\dir", false), "Maps source to target dir using Windows-style paths"), new MountVolumeTest("c:\\dst\\dir:ro", new MountVolume(null, "c:\\dst\\dir", true), "Maps anonymous Docker volume read-only into target dir using Windows-style paths"), new MountVolumeTest("c:\\dst\\dir:rw", new MountVolume(null, "c:\\dst\\dir", false), "Maps anonymous Docker volume read-write into target dir using Windows-style paths"), new MountVolumeTest("c:\\src\\dir:c:\\dst\\dir:ro", new MountVolume("c:\\src\\dir", "c:\\dst\\dir", true), "Maps source to read-only target dir using Windows-style paths"), new MountVolumeTest("c\\:\\src\\dir:c\\:\\dst\\dir:ro", new MountVolume("c:\\src\\dir", "c:\\dst\\dir", true), "Maps source to read-only target dir using Windows-style paths and explicit escape"), new MountVolumeTest("c:\\src\\dir:c:\\dst\\dir:rw", new MountVolume("c:\\src\\dir", "c:\\dst\\dir", false), "Maps source to explicit read-write target dir using Windows-style paths"), new MountVolumeTest("c:\\src\\dir:c:\\dst\\dir:garbage", new MountVolume("c:\\src\\dir", "c:\\dst\\dir", false), "Maps source to target dir using Windows-style paths with bad options"), }; foreach (var test in tests) { test.run(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DefaultContainerInfoMappings() { var dockerContainer = new Pipelines.ContainerResource() { Alias = "vsts_container_preview", Image = "foo" }; using (TestHostContext hc = CreateTestContext()) { ContainerInfo info = hc.CreateContainerInfo(dockerContainer, isJobContainer: false); Assert.True(info.TranslateToContainerPath(hc.GetDirectory(WellKnownDirectory.Tools)).EndsWith($"{Path.DirectorySeparatorChar}__t"), "Tools directory maps"); Assert.True(info.TranslateToContainerPath(hc.GetDirectory(WellKnownDirectory.Work)).EndsWith($"{Path.DirectorySeparatorChar}__w"), "Work directory maps"); Assert.True(info.TranslateToContainerPath(hc.GetDirectory(WellKnownDirectory.Root)).EndsWith($"{Path.DirectorySeparatorChar}__a"), "Root directory maps"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void TranslateContainerPathForImageOSTestsWindowsToLinux() { var dockerContainer = new Pipelines.ContainerResource() { Alias = "vsts_container_preview", Image = "foo" }; using (TestHostContext hc = CreateTestContext()) { ContainerInfo info = hc.CreateContainerInfo(dockerContainer, isJobContainer: false); info.ImageOS = PlatformUtil.OS.Linux; foreach (var test in new string[][] { new string [] { "C:\\path\\for\\linux", "/path/for/linux" }, new string [] { "c:\\path\\for\\linux", "/path/for/linux" }, new string [] { "D:\\path\\for\\linux", "/path/for/linux" }, new string [] { "C:\\", "/" }, new string [] { "/path/for/linux", "/path/for/linux" }, new string [] { "", "" }, new string [] { null, null }, }) { var winPath = test[0]; var linPath = test[1]; var got = info.TranslateContainerPathForImageOS(PlatformUtil.OS.Windows, winPath); Assert.True(string.Equals(got, linPath), $"Converted {winPath} expected {linPath}, got {got}"); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void TranslateContainerPathForImageOSTestsUnixLikeToLinux() { var dockerContainer = new Pipelines.ContainerResource() { Alias = "vsts_container_preview", Image = "foo" }; using (TestHostContext hc = CreateTestContext()) { ContainerInfo info = hc.CreateContainerInfo(dockerContainer, isJobContainer: false); info.ImageOS = PlatformUtil.OS.Linux; foreach (var os in new PlatformUtil.OS[] { PlatformUtil.OS.Linux, PlatformUtil.OS.OSX }) { foreach (var test in new string[][] { new string [] { "/path/for/linux", "/path/for/linux" }, new string [] { "/", "/" }, new string [] { "", "" }, new string [] { null, null }, }) { var origPath = test[0]; var linPath = test[1]; var got = info.TranslateContainerPathForImageOS(os, origPath); Assert.True(string.Equals(got, linPath), $"Converted {origPath} expected {linPath}, got {got}"); } } } } private TestHostContext CreateTestContext([CallerMemberName] string testName = "") { TestHostContext hc = new TestHostContext(this, testName); return hc; } } } ================================================ FILE: src/Test/L0/Container/DockerCommandManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.Framework.Common; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Microsoft.VisualStudio.Services.Agent.Util; using Moq; using System; using System.Collections.Generic; using System.IO; using System.Threading; using System.Threading.Tasks; using Xunit; using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Container { public sealed class DockerCommandManagerL0 { private readonly Mock _processInvoker; private readonly Mock _ec; private readonly Mock _configurationStore; private readonly Mock _jobServerQueue; private readonly Mock _hostContext; public DockerCommandManagerL0() { _processInvoker = new Mock(); _ec = new Mock(); _configurationStore = new Mock(); _jobServerQueue = new Mock(); _hostContext = new Mock(); // Setup basic host context functionality _hostContext.Setup(x => x.GetTrace(It.IsAny())).Returns((Tracing)null); // Setup basic configuration store mocks _configurationStore.Setup(x => x.IsConfigured()).Returns(true); _configurationStore.Setup(x => x.GetSettings()).Returns(new AgentSettings()); } private bool IsDockerAvailable() { // Check if Docker is available try { WhichUtil.Which("docker", true); return true; } catch (FileNotFoundException) { // Docker not available return false; } } private DockerCommandManager CreateDockerCommandManager() { var dockerManager = new DockerCommandManager(); var processInvokerProperty = typeof(DockerCommandManager) .GetField("_processInvoker", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance); processInvokerProperty?.SetValue(dockerManager, _processInvoker.Object); return dockerManager; } private void SetupDockerPsForRunningContainer(string containerId) { Console.WriteLine($"[TEST SETUP] Setting up container '{containerId}' state: RUNNING"); // Mock the ExecuteAsync call for docker ps _processInvoker.Setup(x => x.ExecuteAsync( It.IsAny(), // workingDirectory It.IsAny(), // fileName It.Is(args => args.Contains("ps") && args.Contains(containerId)), // arguments It.IsAny>(), // environment It.IsAny(), // requireExitCodeZero It.IsAny(), // outputEncoding It.IsAny())) // cancellationToken .Callback, bool, System.Text.Encoding, CancellationToken>( (workDir, fileName, args, env, requireZero, encoding, token) => { // Simulate docker ps output for running container (header + container line = 2 lines) _processInvoker.Raise(x => x.OutputDataReceived += null, _processInvoker.Object, new ProcessDataReceivedEventArgs("CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES")); _processInvoker.Raise(x => x.OutputDataReceived += null, _processInvoker.Object, new ProcessDataReceivedEventArgs($"{containerId} test-image \"test\" 1 min ago Up 1 min 0.0.0.0:8080->80/tcp test-container")); }) .ReturnsAsync(0); } private void SetupDockerPsForStoppedContainer(string containerId) { Console.WriteLine($"[TEST SETUP] Setting up container '{containerId}' state: STOPPED"); // Mock the ExecuteAsync call for docker ps _processInvoker.Setup(x => x.ExecuteAsync( It.IsAny(), // workingDirectory It.IsAny(), // fileName It.Is(args => args.Contains("ps") && args.Contains(containerId)), // arguments It.IsAny>(), // environment It.IsAny(), // requireExitCodeZero It.IsAny(), // outputEncoding It.IsAny())) // cancellationToken .Callback, bool, System.Text.Encoding, CancellationToken>( (workDir, fileName, args, env, requireZero, encoding, token) => { // Simulate docker ps output for stopped container (header only = 1 line) _processInvoker.Raise(x => x.OutputDataReceived += null, _processInvoker.Object, new ProcessDataReceivedEventArgs("CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES")); }) .ReturnsAsync(0); } private void SetupEnvironmentVariables(string dockerActionRetries, string checkBeforeRetryDockerStart) { var environment = new SystemEnvironment(); environment.SetEnvironmentVariable("VSTSAGENT_DOCKER_ACTION_RETRIES", dockerActionRetries); environment.SetEnvironmentVariable("AGENT_CHECK_BEFORE_RETRY_DOCKER_START", checkBeforeRetryDockerStart); _ec.Setup(x => x.GetScopedEnvironment()).Returns(environment); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task DockerStart_WithCheckBeforeRetryFalse_UsesStandardRetryLogic() { if (!IsDockerAvailable()) return; // Arrange var containerId = "test-container-id"; var exitCode = 0; using (var hc = new TestHostContext(this)) { var dockerManager = CreateDockerCommandManager(); hc.SetSingleton(_configurationStore.Object); hc.SetSingleton(_jobServerQueue.Object); dockerManager.Initialize(hc); for (int i = 0; i < 10; i++) { hc.EnqueueInstance(_processInvoker.Object); } // Setup environment variables using helper method SetupEnvironmentVariables("true", "false"); // Setup process invoker to return success _processInvoker.Setup(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("start") && args.Contains(containerId)), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny())) .ReturnsAsync(exitCode); // Act var result = await dockerManager.DockerStart(_ec.Object, containerId); // Assert Assert.Equal(exitCode, result); _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny()), Times.Once); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task DockerStart_WithCheckBeforeRetryTrue_ContainerAlreadyRunning_ReturnsSuccess() { if (!IsDockerAvailable()) return; // Arrange var containerId = "test-container-id"; using (var hc = new TestHostContext(this)) { var dockerManager = CreateDockerCommandManager(); hc.SetSingleton(_configurationStore.Object); hc.SetSingleton(_jobServerQueue.Object); dockerManager.Initialize(hc); for (int i = 0; i < 10; i++) { hc.EnqueueInstance(_processInvoker.Object); } // Setup environment variables using helper method SetupEnvironmentVariables("true", "true"); // Setup process invoker for docker ps to indicate container is running (2 lines) SetupDockerPsForRunningContainer(containerId); // Act var result = await dockerManager.DockerStart(_ec.Object, containerId); // Assert Assert.Equal(0, result); // Verify docker ps was called but docker start was not called since container was already running _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("ps")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny()), Times.AtLeastOnce); _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("start")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task DockerStart_WithCheckBeforeRetryTrue_StartSucceedsFirstAttempt_ReturnsSuccess() { if (!IsDockerAvailable()) return; // Arrange var containerId = "test-container-id"; using (var hc = new TestHostContext(this)) { var dockerManager = CreateDockerCommandManager(); hc.SetSingleton(_configurationStore.Object); hc.SetSingleton(_jobServerQueue.Object); dockerManager.Initialize(hc); for (int i = 0; i < 10; i++) { hc.EnqueueInstance(_processInvoker.Object); } // Setup environment variables using helper method SetupEnvironmentVariables("true", "true"); // Setup process invoker for docker ps to indicate container is NOT running initially SetupDockerPsForStoppedContainer(containerId); // Setup process invoker for docker start to succeed _processInvoker.Setup(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("start") && args.Contains(containerId)), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny())) .ReturnsAsync(0); // Act var result = await dockerManager.DockerStart(_ec.Object, containerId); // Assert Assert.Equal(0, result); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task DockerStart_WithCheckBeforeRetryTrue_AllRetriesFail_ReturnsFailure() { if (!IsDockerAvailable()) return; // Arrange var containerId = "test-container-id"; using (var hc = new TestHostContext(this)) { var dockerManager = CreateDockerCommandManager(); hc.SetSingleton(_configurationStore.Object); hc.SetSingleton(_jobServerQueue.Object); dockerManager.Initialize(hc); for (int i = 0; i < 10; i++) { hc.EnqueueInstance(_processInvoker.Object); } // Setup environment variables using helper method SetupEnvironmentVariables("true", "true"); // Setup process invoker for docker ps to always indicate container is NOT running SetupDockerPsForStoppedContainer(containerId); // Setup process invoker for docker start to always fail _processInvoker.Setup(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("start") && args.Contains(containerId)), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny())) .ReturnsAsync(1); // Always fail // Act var result = await dockerManager.DockerStart(_ec.Object, containerId); // Assert Assert.Equal(1, result); // Verify docker start was called multiple times (retries) _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("start")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny()), Times.Exactly(3)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task DockerStart_WithCheckBeforeRetryTrue_NoRetriesEnabled_FailsImmediately() { if (!IsDockerAvailable()) return; // Arrange var containerId = "test-container-id"; using (var hc = new TestHostContext(this)) { var dockerManager = CreateDockerCommandManager(); hc.SetSingleton(_configurationStore.Object); hc.SetSingleton(_jobServerQueue.Object); dockerManager.Initialize(hc); for (int i = 0; i < 10; i++) { hc.EnqueueInstance(_processInvoker.Object); } // Setup environment variables using helper method - retries disabled SetupEnvironmentVariables("false", "true"); // Setup process invoker for docker ps to indicate container is NOT running SetupDockerPsForStoppedContainer(containerId); // Setup process invoker for docker start to fail _processInvoker.Setup(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("start") && args.Contains(containerId)), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny())) .ReturnsAsync(1); // Act var result = await dockerManager.DockerStart(_ec.Object, containerId); // Assert Assert.Equal(1, result); // Should only attempt docker start once (no retries) _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("start")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny()), Times.Once); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task DockerStart_WithCheckBeforeRetryTrue_RetriesWithBackoff() { if (!IsDockerAvailable()) return; // Arrange var containerId = "test-container-id"; using (var hc = new TestHostContext(this)) { var dockerManager = CreateDockerCommandManager(); hc.SetSingleton(_configurationStore.Object); hc.SetSingleton(_jobServerQueue.Object); dockerManager.Initialize(hc); for (int i = 0; i < 10; i++) { hc.EnqueueInstance(_processInvoker.Object); } // Setup environment variables using helper method SetupEnvironmentVariables("true", "true"); // Setup process invoker for docker ps to indicate container is NOT running SetupDockerPsForStoppedContainer(containerId); var startCallCount = 0; // Setup process invoker for docker start to fail twice, then succeed _processInvoker.Setup(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("start") && args.Contains(containerId)), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny())) .Callback(() => startCallCount++) .ReturnsAsync(() => startCallCount <= 2 ? 1 : 0); // Fail twice, then succeed // Act var result = await dockerManager.DockerStart(_ec.Object, containerId); // Assert Assert.Equal(0, result); // Verify docker start was called multiple times _processInvoker.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.Is(args => args.Contains("start")), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny()), Times.Exactly(3)); } } } } ================================================ FILE: src/Test/L0/Container/DockerUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Container { public sealed class DockerUtilL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void RegexParsesDockerPort() { // Arrange var dockerPortOutput0 = new List(); var dockerPortOutput1 = new List { "80/tcp -> 0.0.0.0:32881" }; var dockerPortOutput1Empty = new List { "" }; var dockerPortOutput2 = new List { "80/tcp -> 0.0.0.0:32881", "6379/tcp -> 0.0.0.0:32882" }; // Act var result0 = DockerUtil.ParseDockerPort(dockerPortOutput0); var result1 = DockerUtil.ParseDockerPort(dockerPortOutput1); var result1Empty = DockerUtil.ParseDockerPort(dockerPortOutput1Empty); var result2 = DockerUtil.ParseDockerPort(dockerPortOutput2); // Assert Assert.NotNull(result0); Assert.Equal(result0.Count, 0); Assert.NotNull(result1); Assert.Equal(result1.Count, 1); var result1Port80Mapping = result1.Find(pm => string.Equals(pm.ContainerPort, "80") && string.Equals(pm.HostPort, "32881") && string.Equals(pm.Protocol, "tcp", StringComparison.OrdinalIgnoreCase) ); Assert.NotNull(result1Port80Mapping); Assert.NotNull(result1Empty); Assert.Equal(result1Empty.Count, 0); Assert.NotNull(result2); Assert.Equal(result2.Count, 2); var result2Port80Mapping = result2.Find(pm => string.Equals(pm.ContainerPort, "80") && string.Equals(pm.HostPort, "32881") && string.Equals(pm.Protocol, "tcp", StringComparison.OrdinalIgnoreCase) ); Assert.NotNull(result2Port80Mapping); var result2Port6379Mapping = result2.Find(pm => string.Equals(pm.ContainerPort, "6379") && string.Equals(pm.HostPort, "32882") && string.Equals(pm.Protocol, "tcp", StringComparison.OrdinalIgnoreCase) ); Assert.NotNull(result2Port6379Mapping); } } } ================================================ FILE: src/Test/L0/CorrelationContextManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading.Tasks; using Xunit; using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Worker; namespace Microsoft.VisualStudio.Services.Agent.Tests { /// /// Unit tests for ICorrelationContextManager and CorrelationContextManager /// Tests the core correlation context functionality at the service layer /// public sealed class CorrelationContextManagerL0 { /// /// Mock execution context for correlation testing. /// Provides BuildCorrelationId() method without requiring full ExecutionContext initialization. /// private class MockCorrelationContext : ICorrelationContext { public string StepId { get; set; } public string TaskId { get; set; } public string BuildCorrelationId() { if (string.IsNullOrEmpty(StepId) && string.IsNullOrEmpty(TaskId)) { return string.Empty; } var parts = new System.Collections.Generic.List(); if (!string.IsNullOrEmpty(StepId)) { parts.Add($"STEP-{StepId}"); } if (!string.IsNullOrEmpty(TaskId)) { parts.Add($"TASK-{TaskId}"); } return string.Join("|", parts); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CorrelationContextManager_BasicLifecycle_WorksCorrectly() { // Arrange using var manager = new CorrelationContextManager(); // Act - Should not throw manager.SetCurrentExecutionContext(null); var result1 = manager.BuildCorrelationId(); manager.ClearCurrentExecutionContext(); var result2 = manager.BuildCorrelationId(); // Assert Assert.Equal(string.Empty, result1); Assert.Equal(string.Empty, result2); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CorrelationContextManager_WithValidExecutionContext_ReturnsCorrelationId() { // Arrange using var manager = new CorrelationContextManager(); var mockEc = new MockCorrelationContext { StepId = "test-step-123" }; // Act manager.SetCurrentExecutionContext(mockEc); var correlationId = manager.BuildCorrelationId(); // Assert Assert.NotEmpty(correlationId); Assert.StartsWith("STEP-", correlationId); Assert.Contains("test-step-123", correlationId); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CorrelationContextManager_AfterClear_ReturnsEmptyString() { // Arrange using var manager = new CorrelationContextManager(); var mockEc = new MockCorrelationContext { StepId = "test-step-456" }; manager.SetCurrentExecutionContext(mockEc); // Act var beforeClear = manager.BuildCorrelationId(); manager.ClearCurrentExecutionContext(); var afterClear = manager.BuildCorrelationId(); // Assert Assert.NotEmpty(beforeClear); Assert.Equal(string.Empty, afterClear); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CorrelationContextManager_WithNullContext_ReturnsEmpty() { // Arrange using var manager = new CorrelationContextManager(); // Act manager.SetCurrentExecutionContext(null); var correlationId = manager.BuildCorrelationId(); // Assert Assert.Equal(string.Empty, correlationId); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CorrelationContextManager_AsyncLocalFlow_PreservesContextAcrossAsyncBoundaries() { // Arrange using var manager = new CorrelationContextManager(); var mockEc = new MockCorrelationContext { StepId = "async-test-789" }; manager.SetCurrentExecutionContext(mockEc); // Act & Assert - Use async/await to test AsyncLocal flow var task = Task.Run(async () => { // Context should flow to async continuation await Task.Delay(10); return manager.BuildCorrelationId(); }); var result = task.Result; // Note: With MockCorrelationContext, the manager is captured by reference // So the correlation ID is available even in Task.Run // This tests the manager's ability to be accessed across async boundaries Assert.NotEmpty(result); Assert.Contains("async-test-789", result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async Task CorrelationContextManager_AsyncLocalFlow_PreservesInSameContext() { // Arrange using var manager = new CorrelationContextManager(); var mockEc = new MockCorrelationContext { StepId = "same-context-test" }; manager.SetCurrentExecutionContext(mockEc); var before = manager.BuildCorrelationId(); // Act - Continue in same async context await Task.Delay(10); var after = manager.BuildCorrelationId(); // Assert - Should preserve context in same async flow Assert.Equal(before, after); Assert.NotEmpty(after); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CorrelationContextManager_MultipleContexts_IsolatedProperly() { // Arrange using var manager1 = new CorrelationContextManager(); using var manager2 = new CorrelationContextManager(); var mockEc1 = new MockCorrelationContext { StepId = "context-1" }; var mockEc2 = new MockCorrelationContext { StepId = "context-2" }; // Act manager1.SetCurrentExecutionContext(mockEc1); manager2.SetCurrentExecutionContext(mockEc2); var result1 = manager1.BuildCorrelationId(); var result2 = manager2.BuildCorrelationId(); // Assert - Each manager maintains independent context Assert.Contains("context-1", result1); Assert.Contains("context-2", result2); Assert.NotEqual(result1, result2); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CorrelationContextManager_Dispose_ClearsContext() { // Arrange var manager = new CorrelationContextManager(); var mockEc = new MockCorrelationContext { StepId = "dispose-test" }; manager.SetCurrentExecutionContext(mockEc); var beforeDispose = manager.BuildCorrelationId(); // Act manager.Dispose(); var afterDispose = manager.BuildCorrelationId(); // Assert Assert.NotEmpty(beforeDispose); Assert.Equal(string.Empty, afterDispose); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CorrelationContextManager_UpdateContext_ReflectsNewValue() { // Arrange using var manager = new CorrelationContextManager(); var mockEc = new MockCorrelationContext { StepId = "initial-step" }; manager.SetCurrentExecutionContext(mockEc); // Act - Update correlation through mock context var initial = manager.BuildCorrelationId(); mockEc.StepId = "updated-step"; var updated = manager.BuildCorrelationId(); // Assert Assert.Contains("initial-step", initial); Assert.Contains("updated-step", updated); Assert.NotEqual(initial, updated); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CorrelationContextManager_WithStepAndTask_ReturnsCombinedId() { // Arrange using var manager = new CorrelationContextManager(); var mockEc = new MockCorrelationContext { StepId = "test-step", TaskId = "test-task" }; manager.SetCurrentExecutionContext(mockEc); // Act var correlationId = manager.BuildCorrelationId(); // Assert Assert.Contains("STEP-", correlationId); Assert.Contains("TASK-", correlationId); Assert.Contains("|", correlationId); // Should contain separator } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CorrelationContextManager_ExceptionInBuildCorrelationId_Throws() { // Arrange using var manager = new CorrelationContextManager(); // Create a context with a BuildCorrelationId method that throws var throwingContext = new ThrowingCorrelationContext(); // Act & Assert - Exception should propagate (no more reflection try-catch) manager.SetCurrentExecutionContext(throwingContext); Assert.Throws(() => manager.BuildCorrelationId()); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CorrelationContextManager_HostContextIntegration_WorksEndToEnd() { // Arrange & Act using var hc = new TestHostContext(this); var manager = hc.CorrelationContextManager; var mockEc = new MockCorrelationContext { StepId = "integration-test" }; manager.SetCurrentExecutionContext(mockEc); var correlationId = manager.BuildCorrelationId(); // Assert Assert.NotNull(manager); Assert.NotEmpty(correlationId); Assert.Contains("integration-test", correlationId); } // Helper class for testing error handling private class ThrowingCorrelationContext : ICorrelationContext { public string BuildCorrelationId() { throw new InvalidOperationException("Simulated error in BuildCorrelationId"); } } } } ================================================ FILE: src/Test/L0/EnhancedTracingCorrelationL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. #pragma warning disable CA2000 // Dispose objects before losing scope - test files manage disposal appropriately using System; using System.IO; using System.Diagnostics; using System.Threading.Tasks; using Xunit; using Agent.Sdk.SecretMasking; using Microsoft.VisualStudio.Services.Agent.Worker; namespace Microsoft.VisualStudio.Services.Agent.Tests { /// /// Mock execution context for testing correlation without full ExecutionContext initialization /// internal class MockCorrelationContext : ICorrelationContext { public string StepId { get; set; } public string TaskId { get; set; } public string BuildCorrelationId() { var parts = new System.Collections.Generic.List(); if (!string.IsNullOrEmpty(StepId)) { parts.Add($"STEP-{StepId}"); } if (!string.IsNullOrEmpty(TaskId)) { parts.Add($"TASK-{TaskId}"); } return parts.Count > 0 ? string.Join("|", parts) : string.Empty; } } /// /// Tests for EnhancedTracing with correlation context integration /// Verifies that correlation IDs appear correctly in log output /// public sealed class EnhancedTracingCorrelationL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void EnhancedTracing_WithCorrelation_IncludesCorrelationInLogs() { // Arrange string logPath = Path.Combine(Path.GetTempPath(), $"trace_corr_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); using var hc = new TestHostContext(this); // Create a mock execution context for correlation var mockEc = new MockCorrelationContext { StepId = "test-step-123" }; hc.CorrelationContextManager.SetCurrentExecutionContext(mockEc); var sourceSwitch = new SourceSwitch("TestSwitch", "Verbose"); var trace = new EnhancedTracing("TestTrace", masker, hc.CorrelationContextManager, sourceSwitch, listener); try { // Act trace.Info("Test message with correlation"); // Dispose in proper order trace.Dispose(); listener.Dispose(); masker.Dispose(); // Wait for file handles to be released Task.Delay(200).Wait(); // Assert Assert.True(File.Exists(logPath), "Log file should exist"); var logContent = File.ReadAllText(logPath); Assert.Contains("Test message with correlation", logContent); Assert.Contains("[STEP-test-step-123]", logContent); } finally { // Wait before attempting to delete Task.Delay(100).Wait(); if (File.Exists(logPath)) { try { File.Delete(logPath); } catch (IOException) { // File still locked, ignore cleanup error } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void EnhancedTracing_WithStepAndTask_IncludesBothInLogs() { // Arrange string logPath = Path.Combine(Path.GetTempPath(), $"trace_both_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); using var hc = new TestHostContext(this); // Create a mock execution context for correlation with both step and task var mockEc = new MockCorrelationContext { StepId = "step-abc", TaskId = "task-xyz" }; hc.CorrelationContextManager.SetCurrentExecutionContext(mockEc); var sourceSwitch = new SourceSwitch("TestSwitch", "Verbose"); var trace = new EnhancedTracing("TestTrace", masker, hc.CorrelationContextManager, sourceSwitch, listener); try { // Act trace.Info("Message with both step and task"); trace.Dispose(); listener.Dispose(); masker.Dispose(); Task.Delay(200).Wait(); // Assert var logContent = File.ReadAllText(logPath); Assert.Contains("Message with both step and task", logContent); Assert.Contains("STEP-step-abc", logContent); Assert.Contains("TASK-task-xyz", logContent); } finally { Task.Delay(100).Wait(); if (File.Exists(logPath)) { try { File.Delete(logPath); } catch (IOException) { } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void EnhancedTracing_WithoutCorrelation_NoCorrelationIdInLogs() { // Arrange string logPath = Path.Combine(Path.GetTempPath(), $"trace_nocorr_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); using var hc = new TestHostContext(this); var sourceSwitch = new SourceSwitch("TestSwitch", "Verbose"); var trace = new EnhancedTracing("TestTrace", masker, hc.CorrelationContextManager, sourceSwitch, listener); try { // Act - No execution context set trace.Info("Message without correlation"); trace.Dispose(); listener.Dispose(); masker.Dispose(); Task.Delay(200).Wait(); // Assert var logContent = File.ReadAllText(logPath); Assert.Contains("Message without correlation", logContent); Assert.DoesNotContain("[STEP-", logContent); Assert.DoesNotContain("[TASK-", logContent); } finally { Task.Delay(100).Wait(); if (File.Exists(logPath)) { try { File.Delete(logPath); } catch (IOException) { } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void EnhancedTracing_DifferentLogLevels_AllIncludeCorrelation() { // Arrange string logPath = Path.Combine(Path.GetTempPath(), $"trace_levels_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); using var hc = new TestHostContext(this); // Create a mock execution context for correlation var mockEc = new MockCorrelationContext { StepId = "level-test" }; hc.CorrelationContextManager.SetCurrentExecutionContext(mockEc); var sourceSwitch = new SourceSwitch("TestSwitch", "Verbose"); var trace = new EnhancedTracing("TestTrace", masker, hc.CorrelationContextManager, sourceSwitch, listener); try { // Act - Test different log levels trace.Info("Info message"); trace.Warning("Warning message"); trace.Error("Error message"); trace.Verbose("Verbose message"); trace.Dispose(); listener.Dispose(); masker.Dispose(); Task.Delay(200).Wait(); // Assert var logContent = File.ReadAllText(logPath); // All log levels should include correlation var expectedMessages = new[] { "Info message", "Warning message", "Error message", "Verbose message" }; foreach (var msg in expectedMessages) { Assert.Contains(msg, logContent); // Verify correlation appears near the message (implementation dependent) } Assert.Contains("[STEP-level-test]", logContent); } finally { if (File.Exists(logPath)) { try { File.Delete(logPath); } catch (IOException) { } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void EnhancedTracing_WithException_IncludesCorrelation() { // Arrange string logPath = Path.Combine(Path.GetTempPath(), $"trace_exception_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); using var hc = new TestHostContext(this); // Create a mock execution context for correlation var mockEc = new MockCorrelationContext { StepId = "exception-test" }; hc.CorrelationContextManager.SetCurrentExecutionContext(mockEc); var sourceSwitch = new SourceSwitch("TestSwitch", "Verbose"); var trace = new EnhancedTracing("TestTrace", masker, hc.CorrelationContextManager, sourceSwitch, listener); try { // Act var exception = new InvalidOperationException("Test exception"); trace.Error(exception); trace.Dispose(); listener.Dispose(); masker.Dispose(); Task.Delay(200).Wait(); // Assert var logContent = File.ReadAllText(logPath); Assert.Contains("Test exception", logContent); Assert.Contains("[STEP-exception-test]", logContent); } finally { if (File.Exists(logPath)) { try { File.Delete(logPath); } catch (IOException) { } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void EnhancedTracing_CorrelationChanges_ReflectsInSubsequentLogs() { // Arrange string logPath = Path.Combine(Path.GetTempPath(), $"trace_change_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); using var hc = new TestHostContext(this); var sourceSwitch = new SourceSwitch("TestSwitch", "Verbose"); var trace = new EnhancedTracing("TestTrace", masker, hc.CorrelationContextManager, sourceSwitch, listener); try { // Act - Log with first correlation var mockEc1 = new MockCorrelationContext { StepId = "first-step" }; hc.CorrelationContextManager.SetCurrentExecutionContext(mockEc1); trace.Info("Message from first step"); // Change correlation var mockEc2 = new MockCorrelationContext { StepId = "second-step" }; hc.CorrelationContextManager.SetCurrentExecutionContext(mockEc2); trace.Info("Message from second step"); trace.Dispose(); listener.Dispose(); masker.Dispose(); Task.Delay(200).Wait(); // Assert var logContent = File.ReadAllText(logPath); Assert.Contains("Message from first step", logContent); Assert.Contains("Message from second step", logContent); Assert.Contains("[STEP-first-step]", logContent); Assert.Contains("[STEP-second-step]", logContent); } finally { if (File.Exists(logPath)) { try { File.Delete(logPath); } catch (IOException) { } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void EnhancedTracing_WithDurationTracking_IncludesCorrelation() { // Arrange string logPath = Path.Combine(Path.GetTempPath(), $"trace_duration_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); using var hc = new TestHostContext(this); // Create a mock execution context for correlation var mockEc = new MockCorrelationContext { StepId = "duration-test" }; hc.CorrelationContextManager.SetCurrentExecutionContext(mockEc); var sourceSwitch = new SourceSwitch("TestSwitch", "Verbose"); var trace = new EnhancedTracing("TestTrace", masker, hc.CorrelationContextManager, sourceSwitch, listener); try { // Act - Use duration tracking using (trace.EnteringWithDuration("TestMethod")) { Task.Delay(10).Wait(); } trace.Dispose(); listener.Dispose(); masker.Dispose(); Task.Delay(200).Wait(); // Assert var logContent = File.ReadAllText(logPath); Assert.Contains("Entering TestMethod", logContent); Assert.Contains("Leaving TestMethod", logContent); Assert.Contains("[STEP-duration-test]", logContent); } finally { if (File.Exists(logPath)) { try { File.Delete(logPath); } catch (IOException) { } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void EnhancedTracing_NullCorrelationManager_ThrowsArgumentNullException() { // Arrange string logPath = Path.Combine(Path.GetTempPath(), $"trace_null_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); var sourceSwitch = new SourceSwitch("TestSwitch", "Verbose"); try { // Act & Assert var exception = Assert.Throws(() => { new EnhancedTracing("TestTrace", masker, null, sourceSwitch, listener); }); Assert.Equal("correlationContextManager", exception.ParamName); } finally { listener.Dispose(); if (File.Exists(logPath)) { try { File.Delete(logPath); } catch (IOException) { } } } } } } ================================================ FILE: src/Test/L0/EnhancedTracingL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Threading.Tasks; using Xunit; using Agent.Sdk.SecretMasking; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Tests.TracingSpecs { public sealed class EnhancedTracingL0 { private static (TraceManager mgr, string logPath, Tracing trace, ILoggedSecretMasker masker, HostTraceListener listener) Create(string name) { // Force enhanced logging via environment knob var prev = Environment.GetEnvironmentVariable("AZP_USE_ENHANCED_LOGGING"); Environment.SetEnvironmentVariable("AZP_USE_ENHANCED_LOGGING", "true"); string logPath = Path.Combine(Path.GetTempPath(), $"etrace_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; #pragma warning disable CA2000 var ossMasker = new OssSecretMasker(); #pragma warning restore CA2000 var masker = LoggedSecretMasker.Create(ossMasker); try { using var ctx = new TestHostContext(new object()); var mgr = new TraceManager(listener, masker, ctx); var trace = mgr[name]; return (mgr, logPath, trace, masker, listener); } finally { // restore environment in caller Environment.SetEnvironmentVariable("AZP_USE_ENHANCED_LOGGING", prev); // Do not dispose masker here; let the test own disposal order } } private static string ReadAll(string path) { Task.Delay(25).Wait(); return File.Exists(path) ? File.ReadAllText(path) : string.Empty; } } } ================================================ FILE: src/Test/L0/ExtensionManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using System; using System.Collections.Generic; using System.Linq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class ExtensionManagerL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void LoadsTypeFromString() { using (TestHostContext tc = new TestHostContext(this)) { // Arrange. var manager = new ExtensionManager(); manager.Initialize(tc); // Act. List extensions = manager.GetExtensions(); // Assert. Assert.True( extensions.Any(x => x is BuildJobExtension), $"Expected {nameof(BuildJobExtension)} extension to be returned as a job extension."); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void LoadsTypes() { using (TestHostContext tc = new TestHostContext(this)) { // Arrange. var manager = new ExtensionManager(); manager.Initialize(tc); // Act/Assert. AssertContains( manager, concreteType: typeof(Microsoft.VisualStudio.Services.Agent.Capabilities.AgentCapabilitiesProvider)); AssertContains( manager, concreteType: typeof(Microsoft.VisualStudio.Services.Agent.Worker.Build.BuildJobExtension)); AssertContains( manager, concreteType: typeof(Microsoft.VisualStudio.Services.Agent.Worker.TaskCommandExtension)); AssertContains( manager, concreteType: typeof(Microsoft.VisualStudio.Services.Agent.Worker.Build.ExternalGitSourceProvider)); AssertContains( manager, concreteType: typeof(Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.BuildArtifact)); AssertContains( manager, concreteType: typeof(Microsoft.VisualStudio.Services.Agent.Worker.LegacyTestResults.JUnitResultReader)); AssertContains( manager, concreteType: typeof(Microsoft.VisualStudio.Services.Agent.Worker.Build.WorkspaceMaintenanceProvider)); AssertContains( manager, concreteType: typeof(Microsoft.VisualStudio.Services.Agent.Worker.Release.ReleaseDirectoryManager)); } } private static void AssertContains(ExtensionManager manager, Type concreteType) where T : class, IExtension { // Act. List extensions = manager.GetExtensions(); // Assert. Assert.True( extensions.Any(x => x.GetType() == concreteType), $"Expected '{typeof(T).FullName}' extensions to contain concrete type '{concreteType.FullName}'."); } } } ================================================ FILE: src/Test/L0/HostContextExtensionL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Reflection; using System.Runtime.CompilerServices; using Xunit; using Moq; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class HostContextExtensionL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope")] public void CreateHttpClientHandlerForCertValidationSkipCert() { // Arrange. using (var _hc = Setup(true)) { // Act. var httpHandler = _hc.CreateHttpClientHandler(); // Assert. Assert.NotNull(httpHandler.ServerCertificateCustomValidationCallback); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope")] public void CreateHttpClientHandlerForCertValidationDontSkipCert() { // Arrange. using (var _hc = Setup(false)) { // Act. var httpHandler = _hc.CreateHttpClientHandler(); // Assert. Assert.Null(httpHandler.ServerCertificateCustomValidationCallback); } } public TestHostContext Setup(bool skipServerCertificateValidation, [CallerMemberName] string testName = "") { var _hc = new TestHostContext(this, testName); var certService = new Mock(); var proxyConfig = new Mock(); certService.Setup(x => x.SkipServerCertificateValidation).Returns(skipServerCertificateValidation); _hc.SetSingleton(proxyConfig.Object); _hc.SetSingleton(certService.Object); return _hc; } } } ================================================ FILE: src/Test/L0/HostContextL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Reflection; using System.Runtime.CompilerServices; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class HostContextL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CreateServiceReturnsNewInstance() { // Arrange. using (var _hc = Setup()) { // Act. var reference1 = _hc.CreateService(); var reference2 = _hc.CreateService(); // Assert. Assert.NotNull(reference1); Assert.IsType(reference1); Assert.NotNull(reference2); Assert.IsType(reference2); Assert.False(object.ReferenceEquals(reference1, reference2)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetServiceReturnsSingleton() { // Arrange. using (var _hc = Setup()) { // Act. var reference1 = _hc.GetService(); var reference2 = _hc.GetService(); // Assert. Assert.NotNull(reference1); Assert.IsType(reference1); Assert.NotNull(reference2); Assert.True(object.ReferenceEquals(reference1, reference2)); } } private static readonly (string, string)[] _urlSecretCases = new[] { // Some URLs with secrets to mask. // // Note that even the new masker will use *** as the redaction token // because the URL pattern does not match high-entropy secrets for // which a C3ID can be computed. ("https://user:pass@example.com/path", "https://user:***@example.com/path"), ("http://user:pass@example.com/path", "http://user:***@example.com/path"), ("ftp://user:pass@example.com/path", "ftp://user:***@example.com/path"), ("https://user:pass@example.com/weird:thing@path", "https://user:***@example.com/weird:thing@path"), ("https://user:pass@example.com:8080/path", "https://user:***@example.com:8080/path"), ("https://user:pass@example.com:8080/path\nhttps://user2:pass2@example.com:8080/path", "https://user:***@example.com:8080/path\nhttps://user2:***@example.com:8080/path"), ("https://user@example.com:8080/path\nhttps://user2:pass2@example.com:8080/path", "https://user@example.com:8080/path\nhttps://user2:***@example.com:8080/path"), ("https://user:pass@example.com:8080/path\nhttps://user2@example.com:8080/path", "https://user:***@example.com:8080/path\nhttps://user2@example.com:8080/path"), // These two cases stress differences between the URL secret regex // in this repo and the one provided by the UrlCredentials pattern in // Microsoft.Security.Utilities.Core. We always use the one in this // repo but https://github.com/microsoft/security-utilities/issues/175 // tracks reconciling this. This might land on changing the expected // behavior of these cases. ("ssh://user:pass@example.com/path", "ssh://user:***@example.com/path"), ("//user:pass@example.com/path", "//user:***@example.com/path"), // Some URLs without secrets to mask ("https://example.com/path", null), ("http://example.com/path", null), ("ftp://example.com/path", null), ("ssh://example.com/path", null), ("https://example.com/@path", null), ("https://example.com/weird:thing@path", null), ("https://example.com:8080/path", null), }; public static readonly SecretCases UrlSecrets_NewMasker = new(_urlSecretCases, useNewMaskerAndRegexes: true); public static readonly SecretCases UrlSecrets_LegacyMasker = new(_urlSecretCases, useNewMaskerAndRegexes: false); [Theory] [Trait("Level", "L0")] [Trait("Category", "Common")] [MemberData(nameof(UrlSecrets_NewMasker))] public void UrlSecrets_NewMasker_Masked(string input, string expected) { TestSecretMasking(input, expected, useNewMaskerAndRegexes: true); } [Theory] [Trait("Level", "L0")] [Trait("Category", "Common")] [MemberData(nameof(UrlSecrets_LegacyMasker))] public void UrlSecrets_LegacyMasker_Masked(string input, string expected) { TestSecretMasking(input, expected, useNewMaskerAndRegexes: false); } private static readonly (string, string)[] _escapedSecretCases = new[] { // backslash escape ("before Mask\\This after", "before *** after"), ("before Mask\\\\This after", "before *** after"), // uri escape ("before Mask%20This after", "before *** after"), ("before Mask This after", "before *** after"), // json escape ("before Mask\tThis after", "before *** after"), ("before Mask\\tThis after", "before *** after"), }; private static readonly string[] _unescapedSecretValues = new[] { @"Mask\This", @"Mask This", @"Mask\tThis", }; public static readonly SecretCases EscapedSecrets_NewMasker = new(_escapedSecretCases, useNewMaskerAndRegexes: true); public static readonly SecretCases EscapedSecrets_LegacyMasker = new(_escapedSecretCases, useNewMaskerAndRegexes: false); [Theory] [Trait("Level", "L0")] [Trait("Category", "Common")] [MemberData(nameof(EscapedSecrets_NewMasker))] public void EscapedSecrets_NewMasker_Masked(string input, string expected) { TestSecretMasking(input, expected, useNewMaskerAndRegexes: true, _unescapedSecretValues); } [Theory] [Trait("Level", "L0")] [Trait("Category", "Common")] [MemberData(nameof(EscapedSecrets_LegacyMasker))] public void EscapedSecrets_LegacyMasker_Masked(string input, string expected) { TestSecretMasking(input, expected, useNewMaskerAndRegexes: false, _unescapedSecretValues); } private static readonly (string, string)[] _secretsRequiringNewMasker = new[] { // Some secrets that the new masker with its added regexes SHOULD // suppress, but the legacy masker will not suppress. NOTE: String // concat used to highlight signatures and avoid false positives // from push protection. ("deaddeaddeaddeaddeaddeaddeaddeadde/dead+deaddeaddeaddeaddeaddeaddeaddeaddead" + "APIM" + "do9bzQ==", "SEC101/181:AQYnVRHEp9bsvtiS75Hw"), ("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "ACDb" + "OpqrYA==", "SEC101/160:cgAuNarRt3XE67OyFKtT"), ("deaddeaddeaddeaddeaddeaddeaddeadde/dead+deaddeaddeaddeaddeaddeaddeaddeaddead" + "+ABa" + "cEmI0Q==", "SEC101/163:hV8JHmDwlzKVQLDQ4aVz"), ("deaddeaddeaddeaddeaddeaddeaddeadde/dead+deaddeaddeaddeaddeaddeaddeaddeaddead" + "+AMC" + "IBB+lg==", "SEC101/170:vGkdeeXzDdYpZG/P/N+U"), ("deaddeaddeaddeaddeaddeaddeaddeadde/dead+deaddeaddeaddeaddeaddeaddeaddeaddead" + "+ASt" + "aCQW6A==", "SEC101/152:iFwwHb6GCjF+WxbWkhIp"), ("deaddeaddeaddeaddeaddeaddeaddeaddeaddeaddead" + "AzFu" + "FakD8w==", "SEC101/158:DI3pIolg4mUyaYvnQJ9s"), ("deaddeaddeaddeaddeaddeaddeaddeaddeaddeadxx" + "AzSe" + "CyiycA", "SEC101/166:ws3fLn9rYjxet8tPxeei"), ("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "+ACR" + "C5W7f3", "SEC101/176:gfxbCiSbZlGd1NSqkoQg"), ("oy2" + "mdeaddeaddeadeadqdeaddeadxxxezodeaddeadwxuq", "SEC101/031:G47Z8IeLmqos+/TXkWoH"), ("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "AIoT" + "Oumzco=", "SEC101/178:oCE/hp1BfeSLXPJgMqTz"), ("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "+ASb" + "HpHeAI=", "SEC101/171:ujJlDjBUPI6u49AyMCXk"), ("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "+AEh" + "G2s/8w=", "SEC101/172:7aH00tlYEZcu0yhnxhm6"), ("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "+ARm" + "D7h+qo=", "SEC101/173:73UIu7xCGv6ofelm1yqH"), ("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "AzCa" + "JM04l8=", "SEC101/154:Elbi036ZI8k03jlXzG52"), ("xxx" + "8Q~" + "dead.dead.DEAD-DEAD-dead~deadxxxxx", "SEC101/156:vcocI2kI5E2ycoG55kza"), ("npm_" + "deaddeaddeaddeaddeaddeaddeaddeaddead", "SEC101/050:bUOMn/+Dx0jUK71D+nHu"), ("xxx" + "7Q~" + "dead.dead.DEAD-DEAD-dead~deadxx", "SEC101/156:WNRIG2TMMQjdUEGSNRIQ"), ("xxx" + "7Q~" + "dead.dead.DEAD-DEAD-dead~deadxx", "SEC101/156:WNRIG2TMMQjdUEGSNRIQ"), }; public static readonly SecretCases SecretsRequiringNewMasker_NewMasker = new(_secretsRequiringNewMasker, useNewMaskerAndRegexes: true, requireNewMaskerAndRegexes: true); public static readonly SecretCases SecretsRequiringNewMasker_LegacyMasker = new(_secretsRequiringNewMasker, useNewMaskerAndRegexes: false, requireNewMaskerAndRegexes: true); [Theory] [Trait("Level", "L0")] [Trait("Category", "Common")] [MemberData(nameof(SecretsRequiringNewMasker_NewMasker))] public void SecretsRequiringNewMasker_NewMasker_Masked(string input, string expected) { TestSecretMasking(input, expected, useNewMaskerAndRegexes: true); } [Theory] [Trait("Level", "L0")] [Trait("Category", "Common")] [MemberData(nameof(SecretsRequiringNewMasker_LegacyMasker))] public void SecretsRequiringNewMasker_LegacyMasker_NotMasked(string input, string expected) { TestSecretMasking(input, expected, useNewMaskerAndRegexes: false); } private static readonly (string, string)[] _nonSecrets = new (string, string)[] { // Some non-secrets that the scanner should NOT suppress. ("SSdtIGEgY29tcGxldGVseSBpbm5vY3VvdXMgc3RyaW5nLg==", null), ("The password is knock knock knock", null), }; public static readonly SecretCases NonSecrets_NewMasker = new(_nonSecrets, useNewMaskerAndRegexes: true); public static readonly SecretCases NonSecrets_LegacyMasker = new(_nonSecrets, useNewMaskerAndRegexes: false); [Theory] [Trait("Level", "L0")] [Trait("Category", "Common")] [MemberData(nameof(NonSecrets_NewMasker))] public void NonSecrets_NewMasker_NotMasked(string input, string expected) { TestSecretMasking(input, expected, useNewMaskerAndRegexes: true); } [Theory] [Trait("Level", "L0")] [Trait("Category", "Common")] [MemberData(nameof(NonSecrets_LegacyMasker))] public void NonSecrets_LegacyMasker_NotMasked(string input, string expected) { TestSecretMasking(input, expected, useNewMaskerAndRegexes: false); } [Theory] [Trait("Level", "L0")] [Trait("Category", "Common")] [MemberData(nameof(SecretsRequiringNewMasker_NewMasker))] public void UserSecretsThatMatchOSSRules_NewMasker_MaskWithStarsNotId(string secret, string expectedIfNotAlsoALiteral) { _ = expectedIfNotAlsoALiteral; // Unused since this is not the expectatation in this case. string input = $"The secret is '{secret}', mask it with stars even if it matches a rule."; string expected = "The secret is '***', mask it with stars even if it matches a rule."; TestSecretMasking(input, expected, useNewMaskerAndRegexes: true, values: new[] { secret }); } public sealed class SecretCases : TheoryData { public SecretCases((string, string)[] cases, bool useNewMaskerAndRegexes, bool requireNewMaskerAndRegexes = false) { foreach ((string secret, string redaction) in cases) { string expected; if (redaction == null || (requireNewMaskerAndRegexes && !useNewMaskerAndRegexes)) { expected = secret; } else { expected = redaction; } Add(secret, expected); } } } private void TestSecretMasking(string input, string expected, bool useNewMaskerAndRegexes, string[] values = null, [CallerMemberName] string testName = "") { // Arrange. try { Environment.SetEnvironmentVariable("AZP_ENABLE_NEW_MASKER_AND_REGEXES", useNewMaskerAndRegexes.ToString()); using (var _hc = Setup(testName)) { if (values != null) { foreach (string value in values) { _hc.SecretMasker.AddValue(value, origin: "Test"); } } // Act. var result = _hc.SecretMasker.MaskSecrets(input); // Assert. Assert.Equal(expected, result); } } finally { Environment.SetEnvironmentVariable("AZP_ENABLE_NEW_MASKER_AND_REGEXES", null); } } [Fact] public void LogFileChangedAccordingToEnvVariable() { try { var newPath = Path.Combine(Path.GetDirectoryName(Assembly.GetEntryAssembly().Location), "logs"); Environment.SetEnvironmentVariable("AGENT_DIAGLOGPATH", newPath); using (var _hc = new HostContext(HostType.Agent)) { // Act. var diagFolder = _hc.GetDiagDirectory(); // Assert Assert.Equal(Path.Combine(newPath, Constants.Path.DiagDirectory), diagFolder); Directory.Exists(diagFolder); } } finally { Environment.SetEnvironmentVariable("AGENT_DIAGLOGPATH", null); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetDirectory_ResolvesNewTfLatestDirectory() { using (var _hc = Setup()) { var tfLatestPath = _hc.GetDirectory(WellKnownDirectory.TfLatest); var externalsPath = _hc.GetDirectory(WellKnownDirectory.Externals); var expected = Path.Combine(externalsPath, "tf-latest"); Assert.Equal(expected, tfLatestPath); } } public HostContext Setup([CallerMemberName] string testName = "") { // Use a unique log file name per invocation to avoid collisions across parallel theory runs string dir = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location); string unique = Guid.NewGuid().ToString("N"); string logFile = Path.Combine(dir, $"trace_{nameof(HostContextL0)}_{testName}_{unique}.log"); var hc = new HostContext(hostType: HostType.Agent, logFile: logFile); return hc; } } } ================================================ FILE: src/Test/L0/KnobL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Sdk; using Agent.Sdk.Knob; using Microsoft.VisualStudio.Services.Agent.Worker; using Xunit; using Moq; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class KnobL0 { public class TestKnobs { public static Knob A = new Knob("A", "Test Knob", new RuntimeKnobSource("A"), new EnvironmentKnobSource("A"), new BuiltInDefaultKnobSource("false")); public static Knob B = new DeprecatedKnob("B", "Deprecated Knob", new BuiltInDefaultKnobSource("true")); public static Knob C = new ExperimentalKnob("C", "Experimental Knob", new BuiltInDefaultKnobSource("foo")); public static Knob D = new ExperimentalKnob("D", "Test knob only with default", new BuiltInDefaultKnobSource("foo")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void HasAgentKnobs() { Assert.True(Knob.GetAllKnobsFor().Count == 4, "GetAllKnobsFor returns the right amount"); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void BasicKnobTests() { Assert.True(!TestKnobs.A.IsDeprecated, "A is NOT Deprecated"); Assert.True(!TestKnobs.A.IsExperimental, "A is NOT Experimental"); var environment = new LocalEnvironment(); var executionContext = new Mock(); executionContext .Setup(x => x.GetScopedEnvironment()) .Returns(environment); { var knobValue = TestKnobs.A.GetValue(executionContext.Object); Assert.True(knobValue.Source.GetType() == typeof(BuiltInDefaultKnobSource)); } environment.SetEnvironmentVariable("A", "true"); { var knobValue = TestKnobs.A.GetValue(executionContext.Object); Assert.True(knobValue.Source.GetType() == typeof(EnvironmentKnobSource)); Assert.True(knobValue.AsBoolean()); Assert.True(string.Equals(knobValue.AsString(), "true", StringComparison.OrdinalIgnoreCase)); } environment.SetEnvironmentVariable("A", "false"); { var knobValue = TestKnobs.A.GetValue(executionContext.Object); Assert.True(knobValue.Source.GetType() == typeof(EnvironmentKnobSource)); Assert.True(!knobValue.AsBoolean()); Assert.True(string.Equals(knobValue.AsString(), "false", StringComparison.OrdinalIgnoreCase)); } environment.SetEnvironmentVariable("A", null); executionContext.Setup(x => x.GetVariableValueOrDefault(It.Is(s => string.Equals(s, "A")))).Returns("true"); { var knobValue = TestKnobs.A.GetValue(executionContext.Object); Assert.True(knobValue.Source.GetType() == typeof(RuntimeKnobSource)); Assert.True(knobValue.AsBoolean()); Assert.True(string.Equals(knobValue.AsString(), "true", StringComparison.OrdinalIgnoreCase)); } executionContext.Setup(x => x.GetVariableValueOrDefault(It.Is(s => string.Equals(s, "A")))).Returns("false"); { var knobValue = TestKnobs.A.GetValue(executionContext.Object); Assert.True(knobValue.Source.GetType() == typeof(RuntimeKnobSource)); Assert.True(!knobValue.AsBoolean()); Assert.True(string.Equals(knobValue.AsString(), "false", StringComparison.OrdinalIgnoreCase)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void DeprecatedKnobTests() { Assert.True(TestKnobs.B.IsDeprecated, "B is Deprecated"); Assert.True(!TestKnobs.B.IsExperimental, "B is NOT Experimental"); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ExperimentalKnobTests() { Assert.True(TestKnobs.C.IsExperimental, "C is Experimental"); Assert.True(!TestKnobs.C.IsDeprecated, "C is NOT Deprecated"); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetSpecificKnobValueBySpecificType() { var environment = new LocalEnvironment(); var executionContext = new Mock(); executionContext .Setup(x => x.GetScopedEnvironment()) .Returns(environment); environment.SetEnvironmentVariable("A", "true"); var knobValue = TestKnobs.A.GetValue(executionContext.Object); Assert.True(knobValue.Source.GetType() == typeof(BuiltInDefaultKnobSource)); Assert.Equal("false", knobValue.AsString()); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void SpecificKnobTypeNotPresentTest() { var environment = new LocalEnvironment(); var executionContext = new Mock(); executionContext .Setup(x => x.GetScopedEnvironment()) .Returns(environment); var knobValue = TestKnobs.D.GetValue(executionContext.Object); Assert.Equal(null, knobValue); knobValue = TestKnobs.D.GetValue(executionContext.Object); Assert.True(knobValue.Source.GetType() == typeof(BuiltInDefaultKnobSource)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void SpecificKnobTypeByInterfaceRestrictedTest() { var environment = new LocalEnvironment(); var executionContext = new Mock(); executionContext .Setup(x => x.GetScopedEnvironment()) .Returns(environment); environment.SetEnvironmentVariable("A", "true"); var knobValue = TestKnobs.A.GetValue(executionContext.Object); Assert.Equal(null, knobValue); knobValue = TestKnobs.A.GetValue(executionContext.Object); Assert.True(knobValue.Source.GetType() == typeof(EnvironmentKnobSource)); Assert.Equal("true", knobValue.AsString()); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void NotRightKnobTypeSetTest() { var environment = new LocalEnvironment(); var executionContext = new Mock(); executionContext .Setup(x => x.GetScopedEnvironment()) .Returns(environment); var knobValue = TestKnobs.A.GetValue(executionContext.Object); Assert.Equal(null, knobValue); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void PipelineFeatureKnobTest() { var executionContext = new Mock(); executionContext .Setup(x => x.GetVariableValueOrDefault("DistributedTask.Agent.TestFeature")) .Returns("true"); var knob = new Knob("TestKnob", "Pipeline Feature Knob", new PipelineFeatureSource("TestFeature")); var knobValue = knob.GetValue(executionContext.Object); Assert.True(knobValue.AsBoolean()); } } } ================================================ FILE: src/Test/L0/Listener/AgentL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Listener; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Moq; using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Xunit; using Microsoft.VisualStudio.Services.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Listener.Telemetry; using Agent.Listener.Configuration; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener { public sealed class AgentL0 { private Mock _configurationManager; private Mock _jobNotification; private Mock _messageListener; private Mock _promptManager; private Mock _jobDispatcher; private Mock _agentServer; private Mock _term; private Mock _configStore; private Mock _proxy; private Mock _cert; private Mock _updater; private Mock _listenerTelemetryPublisher; private Mock _featureFlagProvider; public AgentL0() { _configurationManager = new Mock(); _jobNotification = new Mock(); _messageListener = new Mock(); _promptManager = new Mock(); _jobDispatcher = new Mock(); _agentServer = new Mock(); _term = new Mock(); _configStore = new Mock(); _proxy = new Mock(); _cert = new Mock(); _updater = new Mock(); _listenerTelemetryPublisher = new Mock(); _featureFlagProvider = new Mock(); } private AgentJobRequestMessage CreateJobRequestMessage(string jobName) { TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = null; JobEnvironment environment = new JobEnvironment(); List tasks = new List(); Guid JobId = Guid.NewGuid(); var jobRequest = new AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, environment, tasks); return jobRequest as AgentJobRequestMessage; } private JobCancelMessage CreateJobCancelMessage() { var message = new JobCancelMessage(Guid.NewGuid(), TimeSpan.FromSeconds(0)); return message; } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] //process 2 new job messages, and one cancel message [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope")] public async void TestRunAsync() { using (var hc = new TestHostContext(this)) using (var agent = new Agent.Listener.Agent()) { //Arrange hc.SetSingleton(_configurationManager.Object); hc.SetSingleton(_jobNotification.Object); hc.SetSingleton(_messageListener.Object); hc.SetSingleton(_promptManager.Object); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_configStore.Object); hc.SetSingleton(_listenerTelemetryPublisher.Object); hc.SetSingleton(_featureFlagProvider.Object); agent.Initialize(hc); var settings = new AgentSettings { PoolId = 43242 }; var message = new TaskAgentMessage() { Body = JsonUtility.ToString(CreateJobRequestMessage("job1")), MessageId = 4234, MessageType = JobRequestMessageTypes.AgentJobRequest }; var messages = new Queue(); messages.Enqueue(message); var signalWorkerComplete = new SemaphoreSlim(0, 1); _configurationManager.Setup(x => x.LoadSettings()) .Returns(settings); _configurationManager.Setup(x => x.IsConfigured()) .Returns(true); _messageListener.Setup(x => x.CreateSessionAsync(It.IsAny())) .Returns(Task.FromResult(true)); _messageListener.Setup(x => x.GetNextMessageAsync(It.IsAny())) .Returns(async () => { if (0 == messages.Count) { signalWorkerComplete.Release(); await Task.Delay(2000, hc.AgentShutdownToken); } return messages.Dequeue(); }); _messageListener.Setup(x => x.DeleteSessionAsync()) .Returns(Task.CompletedTask); _messageListener.Setup(x => x.DeleteMessageAsync(It.IsAny())) .Returns(Task.CompletedTask); _jobDispatcher.Setup(x => x.Run(It.IsAny(), It.IsAny())) .Callback(() => { }); _jobNotification.Setup(x => x.StartClient(It.IsAny(), It.IsAny(), It.IsAny())) .Callback(() => { }); _jobNotification.Setup(x => x.StartClient(It.IsAny(), It.IsAny())) .Callback(() => { }); hc.EnqueueInstance(_jobDispatcher.Object); _configStore.Setup(x => x.IsServiceConfigured()).Returns(false); //Act var command = new CommandSettings(hc, new string[] { "run" }); Task agentTask = agent.ExecuteCommand(command); //Assert //wait for the agent to run one job if (!await signalWorkerComplete.WaitAsync(2000)) { Assert.True(false, $"{nameof(_messageListener.Object.GetNextMessageAsync)} was not invoked."); } else { //Act hc.ShutdownAgent(ShutdownReason.UserCancelled); //stop Agent //Assert Task[] taskToWait2 = { agentTask, Task.Delay(2000) }; //wait for the Agent to exit await Task.WhenAny(taskToWait2); Assert.True(agentTask.IsCompleted, $"{nameof(agent.ExecuteCommand)} timed out."); Assert.True(!agentTask.IsFaulted, agentTask.Exception?.ToString()); Assert.True(agentTask.IsCanceled); _jobDispatcher.Verify(x => x.Run(It.IsAny(), It.IsAny()), Times.Once(), $"{nameof(_jobDispatcher.Object.Run)} was not invoked."); _messageListener.Verify(x => x.GetNextMessageAsync(It.IsAny()), Times.AtLeastOnce()); _messageListener.Verify(x => x.CreateSessionAsync(It.IsAny()), Times.Once()); _messageListener.Verify(x => x.DeleteSessionAsync(), Times.Once()); _messageListener.Verify(x => x.DeleteMessageAsync(It.IsAny()), Times.AtLeastOnce()); } } } public static TheoryData RunAsServiceTestData = new TheoryData() { // staring with run command, configured as run as service, should start the agent { new [] { "run" }, true, Times.Once() }, // starting with no argument, configured not to run as service, should start agent interactively { new [] { "run" }, false, Times.Once() } }; [Theory] [MemberData("RunAsServiceTestData")] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestExecuteCommandForRunAsService(string[] args, bool configureAsService, Times expectedTimes) { using (var hc = new TestHostContext(this)) using (var agent = new Agent.Listener.Agent()) { hc.SetSingleton(_configurationManager.Object); hc.SetSingleton(_promptManager.Object); hc.SetSingleton(_messageListener.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_configStore.Object); hc.SetSingleton(_listenerTelemetryPublisher.Object); hc.SetSingleton(_featureFlagProvider.Object); var command = new CommandSettings(hc, args); _configurationManager.Setup(x => x.IsConfigured()).Returns(true); _configurationManager.Setup(x => x.LoadSettings()) .Returns(new AgentSettings { }); _configStore.Setup(x => x.IsServiceConfigured()).Returns(configureAsService); _messageListener.Setup(x => x.CreateSessionAsync(It.IsAny())) .Returns(Task.FromResult(false)); agent.Initialize(hc); await agent.ExecuteCommand(command); _messageListener.Verify(x => x.CreateSessionAsync(It.IsAny()), expectedTimes); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] //process 2 new job messages, and one cancel message public async void TestMachineProvisionerCLI() { using (var hc = new TestHostContext(this)) using (var agent = new Agent.Listener.Agent()) { hc.SetSingleton(_configurationManager.Object); hc.SetSingleton(_promptManager.Object); hc.SetSingleton(_messageListener.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_configStore.Object); hc.SetSingleton(_listenerTelemetryPublisher.Object); hc.SetSingleton(_featureFlagProvider.Object); var command = new CommandSettings(hc, new[] { "run" }); _configurationManager.Setup(x => x.IsConfigured()). Returns(true); _configurationManager.Setup(x => x.LoadSettings()) .Returns(new AgentSettings { }); _configStore.Setup(x => x.IsServiceConfigured()) .Returns(false); _messageListener.Setup(x => x.CreateSessionAsync(It.IsAny())) .Returns(Task.FromResult(false)); agent.Initialize(hc); await agent.ExecuteCommand(command); _messageListener.Verify(x => x.CreateSessionAsync(It.IsAny()), Times.Once()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] //process 2 new job messages, and one cancel message public async void TestMachineProvisionerCLICompat() { using (var hc = new TestHostContext(this)) using (var agent = new Agent.Listener.Agent()) { hc.SetSingleton(_configurationManager.Object); hc.SetSingleton(_promptManager.Object); hc.SetSingleton(_messageListener.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_configStore.Object); hc.SetSingleton(_listenerTelemetryPublisher.Object); hc.SetSingleton(_featureFlagProvider.Object); var command = new CommandSettings(hc, new string[] { }); _configurationManager.Setup(x => x.IsConfigured()). Returns(true); _configurationManager.Setup(x => x.LoadSettings()) .Returns(new AgentSettings { }); _configStore.Setup(x => x.IsServiceConfigured()) .Returns(false); _messageListener.Setup(x => x.CreateSessionAsync(It.IsAny())) .Returns(Task.FromResult(false)); agent.Initialize(hc); await agent.ExecuteCommand(command); _messageListener.Verify(x => x.CreateSessionAsync(It.IsAny()), Times.Once()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestRunOnce() { using (var hc = new TestHostContext(this)) using (var agent = new Agent.Listener.Agent()) { //Arrange hc.SetSingleton(_configurationManager.Object); hc.SetSingleton(_jobNotification.Object); hc.SetSingleton(_messageListener.Object); hc.SetSingleton(_promptManager.Object); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_configStore.Object); hc.SetSingleton(_listenerTelemetryPublisher.Object); hc.SetSingleton(_featureFlagProvider.Object); agent.Initialize(hc); var settings = new AgentSettings { PoolId = 43242 }; var message = new TaskAgentMessage() { Body = JsonUtility.ToString(CreateJobRequestMessage("job1")), MessageId = 4234, MessageType = JobRequestMessageTypes.AgentJobRequest }; var messages = new Queue(); messages.Enqueue(message); _configurationManager.Setup(x => x.LoadSettings()) .Returns(settings); _configurationManager.Setup(x => x.IsConfigured()) .Returns(true); _messageListener.Setup(x => x.CreateSessionAsync(It.IsAny())) .Returns(Task.FromResult(true)); _messageListener.Setup(x => x.GetNextMessageAsync(It.IsAny())) .Returns(async () => { if (0 == messages.Count) { await Task.Delay(2000); } return messages.Dequeue(); }); _messageListener.Setup(x => x.DeleteSessionAsync()) .Returns(Task.CompletedTask); _messageListener.Setup(x => x.DeleteMessageAsync(It.IsAny())) .Returns(Task.CompletedTask); var runOnceJobCompleted = new TaskCompletionSource(); _jobDispatcher.Setup(x => x.RunOnceJobCompleted) .Returns(runOnceJobCompleted); _jobDispatcher.Setup(x => x.Run(It.IsAny(), It.IsAny())) .Callback(() => { runOnceJobCompleted.TrySetResult(true); }); _jobNotification.Setup(x => x.StartClient(It.IsAny(), It.IsAny(), It.IsAny())) .Callback(() => { }); _jobNotification.Setup(x => x.StartClient(It.IsAny(), It.IsAny())) .Callback(() => { }); hc.EnqueueInstance(_jobDispatcher.Object); _configStore.Setup(x => x.IsServiceConfigured()).Returns(false); //Act var command = new CommandSettings(hc, new string[] { "run", "--once" }); Task agentTask = agent.ExecuteCommand(command); //Assert //wait for the agent to run one job and exit await Task.WhenAny(agentTask, Task.Delay(30000)); Assert.True(agentTask.IsCompleted, $"{nameof(agent.ExecuteCommand)} timed out."); Assert.True(!agentTask.IsFaulted, agentTask.Exception?.ToString()); Assert.True(agentTask.Result == Constants.Agent.ReturnCode.Success); _jobDispatcher.Verify(x => x.Run(It.IsAny(), true), Times.Once(), $"{nameof(_jobDispatcher.Object.Run)} was not invoked."); _messageListener.Verify(x => x.GetNextMessageAsync(It.IsAny()), Times.AtLeastOnce()); _messageListener.Verify(x => x.CreateSessionAsync(It.IsAny()), Times.Once()); _messageListener.Verify(x => x.DeleteSessionAsync(), Times.Once()); _messageListener.Verify(x => x.DeleteMessageAsync(It.IsAny()), Times.AtLeastOnce()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestRunOnceOnlyTakeOneJobMessage() { using (var hc = new TestHostContext(this)) using (var agent = new Agent.Listener.Agent()) { //Arrange hc.SetSingleton(_configurationManager.Object); hc.SetSingleton(_jobNotification.Object); hc.SetSingleton(_messageListener.Object); hc.SetSingleton(_promptManager.Object); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_configStore.Object); hc.SetSingleton(_listenerTelemetryPublisher.Object); hc.SetSingleton(_featureFlagProvider.Object); agent.Initialize(hc); var settings = new AgentSettings { PoolId = 43242 }; var message1 = new TaskAgentMessage() { Body = JsonUtility.ToString(CreateJobRequestMessage("job1")), MessageId = 4234, MessageType = JobRequestMessageTypes.AgentJobRequest }; var message2 = new TaskAgentMessage() { Body = JsonUtility.ToString(CreateJobRequestMessage("job1")), MessageId = 4235, MessageType = JobRequestMessageTypes.AgentJobRequest }; var messages = new Queue(); messages.Enqueue(message1); messages.Enqueue(message2); _configurationManager.Setup(x => x.LoadSettings()) .Returns(settings); _configurationManager.Setup(x => x.IsConfigured()) .Returns(true); _messageListener.Setup(x => x.CreateSessionAsync(It.IsAny())) .Returns(Task.FromResult(true)); _messageListener.Setup(x => x.GetNextMessageAsync(It.IsAny())) .Returns(async () => { if (0 == messages.Count) { await Task.Delay(2000); } return messages.Dequeue(); }); _messageListener.Setup(x => x.DeleteSessionAsync()) .Returns(Task.CompletedTask); _messageListener.Setup(x => x.DeleteMessageAsync(It.IsAny())) .Returns(Task.CompletedTask); var runOnceJobCompleted = new TaskCompletionSource(); _jobDispatcher.Setup(x => x.RunOnceJobCompleted) .Returns(runOnceJobCompleted); _jobDispatcher.Setup(x => x.Run(It.IsAny(), It.IsAny())) .Callback(() => { runOnceJobCompleted.TrySetResult(true); }); _jobNotification.Setup(x => x.StartClient(It.IsAny(), It.IsAny(), It.IsAny())) .Callback(() => { }); _jobNotification.Setup(x => x.StartClient(It.IsAny(), It.IsAny())) .Callback(() => { }); hc.EnqueueInstance(_jobDispatcher.Object); _configStore.Setup(x => x.IsServiceConfigured()).Returns(false); //Act var command = new CommandSettings(hc, new string[] { "run", "--once" }); Task agentTask = agent.ExecuteCommand(command); //Assert //wait for the agent to run one job and exit await Task.WhenAny(agentTask, Task.Delay(30000)); Assert.True(agentTask.IsCompleted, $"{nameof(agent.ExecuteCommand)} timed out."); Assert.True(!agentTask.IsFaulted, agentTask.Exception?.ToString()); Assert.True(agentTask.Result == Constants.Agent.ReturnCode.Success); _jobDispatcher.Verify(x => x.Run(It.IsAny(), true), Times.Once(), $"{nameof(_jobDispatcher.Object.Run)} was not invoked."); _messageListener.Verify(x => x.GetNextMessageAsync(It.IsAny()), Times.AtLeastOnce()); _messageListener.Verify(x => x.CreateSessionAsync(It.IsAny()), Times.Once()); _messageListener.Verify(x => x.DeleteSessionAsync(), Times.Once()); _messageListener.Verify(x => x.DeleteMessageAsync(It.IsAny()), Times.Once()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestRunOnceHandleUpdateMessage() { using (var hc = new TestHostContext(this)) using (var agent = new Agent.Listener.Agent()) { //Arrange hc.SetSingleton(_configurationManager.Object); hc.SetSingleton(_jobNotification.Object); hc.SetSingleton(_messageListener.Object); hc.SetSingleton(_promptManager.Object); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_configStore.Object); hc.SetSingleton(_updater.Object); hc.SetSingleton(_listenerTelemetryPublisher.Object); hc.SetSingleton(_featureFlagProvider.Object); agent.Initialize(hc); var settings = new AgentSettings { PoolId = 43242, AgentId = 5678 }; var message1 = new TaskAgentMessage() { Body = JsonUtility.ToString(new AgentRefreshMessage(settings.AgentId, "2.123.0")), MessageId = 4234, MessageType = AgentRefreshMessage.MessageType }; var messages = new Queue(); messages.Enqueue(message1); _updater.Setup(x => x.SelfUpdate(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(true)); _configurationManager.Setup(x => x.LoadSettings()) .Returns(settings); _configurationManager.Setup(x => x.IsConfigured()) .Returns(true); _messageListener.Setup(x => x.CreateSessionAsync(It.IsAny())) .Returns(Task.FromResult(true)); _messageListener.Setup(x => x.GetNextMessageAsync(It.IsAny())) .Returns(async () => { if (0 == messages.Count) { await Task.Delay(2000); } return messages.Dequeue(); }); _messageListener.Setup(x => x.DeleteSessionAsync()) .Returns(Task.CompletedTask); _messageListener.Setup(x => x.DeleteMessageAsync(It.IsAny())) .Returns(Task.CompletedTask); _jobNotification.Setup(x => x.StartClient(It.IsAny(), It.IsAny(), It.IsAny())) .Callback(() => { }); _jobNotification.Setup(x => x.StartClient(It.IsAny(), It.IsAny())) .Callback(() => { }); hc.EnqueueInstance(_jobDispatcher.Object); _configStore.Setup(x => x.IsServiceConfigured()).Returns(false); //Act var command = new CommandSettings(hc, new string[] { "run", "--once" }); Task agentTask = agent.ExecuteCommand(command); //Assert //wait for the agent to exit with right return code await Task.WhenAny(agentTask, Task.Delay(30000)); Assert.True(agentTask.IsCompleted, $"{nameof(agent.ExecuteCommand)} timed out."); Assert.True(!agentTask.IsFaulted, agentTask.Exception?.ToString()); Assert.True(agentTask.Result == Constants.Agent.ReturnCode.RunOnceAgentUpdating); _updater.Verify(x => x.SelfUpdate(It.IsAny(), It.IsAny(), false, It.IsAny()), Times.Once); _jobDispatcher.Verify(x => x.Run(It.IsAny(), true), Times.Never()); _messageListener.Verify(x => x.GetNextMessageAsync(It.IsAny()), Times.AtLeastOnce()); _messageListener.Verify(x => x.CreateSessionAsync(It.IsAny()), Times.Once()); _messageListener.Verify(x => x.DeleteSessionAsync(), Times.Once()); _messageListener.Verify(x => x.DeleteMessageAsync(It.IsAny()), Times.Once()); } } [Theory] [Trait("Level", "L0")] [Trait("Category", "Agent")] [InlineData("--help")] [InlineData("--version")] [InlineData("--commit")] [InlineData("--bad-argument", Constants.Agent.ReturnCode.TerminatedError)] public async void TestInfoArgumentsCLI(string arg, int expected = Constants.Agent.ReturnCode.Success) { using (var hc = new TestHostContext(this)) { hc.SetSingleton(_configurationManager.Object); hc.SetSingleton(_promptManager.Object); hc.SetSingleton(_messageListener.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_configStore.Object); hc.SetSingleton(_listenerTelemetryPublisher.Object); hc.SetSingleton(_featureFlagProvider.Object); var command = new CommandSettings(hc, new[] { arg }); _configurationManager.Setup(x => x.IsConfigured()). Returns(true); _configurationManager.Setup(x => x.LoadSettings()) .Returns(new AgentSettings { }); _configStore.Setup(x => x.IsServiceConfigured()) .Returns(false); using (var agent = new Agent.Listener.Agent()) { agent.Initialize(hc); var status = await agent.ExecuteCommand(command); Assert.True(status == expected, $"Expected {arg} to return {expected} exit code. Got: {status}"); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestExitsIfUnconfigured() { using (var hc = new TestHostContext(this)) { hc.SetSingleton(_configurationManager.Object); hc.SetSingleton(_promptManager.Object); hc.SetSingleton(_messageListener.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_configStore.Object); var command = new CommandSettings(hc, new[] { "run" }); _configurationManager.Setup(x => x.IsConfigured()). Returns(false); _configurationManager.Setup(x => x.LoadSettings()) .Returns(new AgentSettings { }); _configStore.Setup(x => x.IsServiceConfigured()) .Returns(false); using (var agent = new Agent.Listener.Agent()) { agent.Initialize(hc); var status = await agent.ExecuteCommand(command); Assert.True(status != Constants.Agent.ReturnCode.Success, $"Expected to return unsuccessful exit code if not configured. Got: {status}"); } } } [Theory] [Trait("Level", "L0")] [Trait("Category", "Agent")] [InlineData("configure", false)] [InlineData("configure", true)] //TODO: this passes. If already configured, probably should error out asked to configure again [InlineData("remove", false)] //TODO: this passes. If already not configured, probably should error out [InlineData("remove", true)] public async void TestConfigureCLI(string arg, bool IsConfigured, int expected = Constants.Agent.ReturnCode.Success) { using (var hc = new TestHostContext(this)) { hc.SetSingleton(_configurationManager.Object); hc.SetSingleton(_promptManager.Object); hc.SetSingleton(_messageListener.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_configStore.Object); var command = new CommandSettings(hc, new[] { arg }); _configurationManager.Setup(x => x.IsConfigured()). Returns(IsConfigured); _configurationManager.Setup(x => x.LoadSettings()) .Returns(new AgentSettings { }); _configurationManager.Setup(x => x.ConfigureAsync(It.IsAny())) .Returns(Task.CompletedTask); _configurationManager.Setup(x => x.UnconfigureAsync(It.IsAny())) .Returns(Task.CompletedTask); _configStore.Setup(x => x.IsServiceConfigured()) .Returns(false); using (var agent = new Agent.Listener.Agent()) { agent.Initialize(hc); var status = await agent.ExecuteCommand(command); Assert.True(status == expected, $"Expected to return {expected} exit code after {arg}. Got: {status}"); // config/unconfig throw exceptions _configurationManager.Setup(x => x.ConfigureAsync(It.IsAny())) .Throws(new Exception("Test Exception During Configure")); _configurationManager.Setup(x => x.UnconfigureAsync(It.IsAny())) .Throws(new Exception("Test Exception During Unconfigure")); } using (var agent2 = new Agent.Listener.Agent()) { agent2.Initialize(hc); var status2 = await agent2.ExecuteCommand(command); Assert.True(status2 == Constants.Agent.ReturnCode.TerminatedError, $"Expected to return terminated exit code when handling exception after {arg}. Got: {status2}"); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] //process 1 job message and one metadata message [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope")] public async void TestMetadataUpdate() { using (var hc = new TestHostContext(this)) using (var agent = new Agent.Listener.Agent()) { //Arrange hc.SetSingleton(_configurationManager.Object); hc.SetSingleton(_jobNotification.Object); hc.SetSingleton(_messageListener.Object); hc.SetSingleton(_promptManager.Object); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_configStore.Object); hc.SetSingleton(_listenerTelemetryPublisher.Object); hc.SetSingleton(_featureFlagProvider.Object); agent.Initialize(hc); var settings = new AgentSettings { PoolId = 43242 }; var message = new TaskAgentMessage() { Body = JsonUtility.ToString(CreateJobRequestMessage("job1")), MessageId = 4234, MessageType = JobRequestMessageTypes.AgentJobRequest }; var metadataMessage = new TaskAgentMessage() { Body = JsonUtility.ToString(new JobMetadataMessage() { PostLinesFrequencyMillis = 500 }), MessageId = 4235, MessageType = JobEventTypes.JobMetadataUpdate }; var messages = new Queue(); messages.Enqueue(message); messages.Enqueue(metadataMessage); var signalWorkerComplete = new SemaphoreSlim(0, 1); _configurationManager.Setup(x => x.LoadSettings()) .Returns(settings); _configurationManager.Setup(x => x.IsConfigured()) .Returns(true); _messageListener.Setup(x => x.CreateSessionAsync(It.IsAny())) .Returns(Task.FromResult(true)); _messageListener.Setup(x => x.GetNextMessageAsync(It.IsAny())) .Returns(async () => { if (0 == messages.Count) { signalWorkerComplete.Release(); await Task.Delay(2000, hc.AgentShutdownToken); } return messages.Dequeue(); }); _messageListener.Setup(x => x.DeleteSessionAsync()) .Returns(Task.CompletedTask); _messageListener.Setup(x => x.DeleteMessageAsync(It.IsAny())) .Returns(Task.CompletedTask); _jobDispatcher.Setup(x => x.Run(It.IsAny(), It.IsAny())) .Callback(() => { }); _jobNotification.Setup(x => x.StartClient(It.IsAny(), It.IsAny(), It.IsAny())) .Callback(() => { }); _jobNotification.Setup(x => x.StartClient(It.IsAny(), It.IsAny())) .Callback(() => { }); hc.EnqueueInstance(_jobDispatcher.Object); _configStore.Setup(x => x.IsServiceConfigured()).Returns(false); //Act var command = new CommandSettings(hc, new string[] { "run" }); Task agentTask = agent.ExecuteCommand(command); //Assert //wait for the agent to run one job if (!await signalWorkerComplete.WaitAsync(2000)) { Assert.True(false, $"{nameof(_messageListener.Object.GetNextMessageAsync)} was not invoked."); } else { //Act hc.ShutdownAgent(ShutdownReason.UserCancelled); //stop Agent //Assert Task[] taskToWait2 = { agentTask, Task.Delay(2000) }; //wait for the Agent to exit await Task.WhenAny(taskToWait2); Assert.True(agentTask.IsCompleted, $"{nameof(agent.ExecuteCommand)} timed out."); Assert.True(!agentTask.IsFaulted, agentTask.Exception?.ToString()); Assert.True(agentTask.IsCanceled); _jobDispatcher.Verify(x => x.Run(It.IsAny(), It.IsAny()), Times.Once(), $"{nameof(_jobDispatcher.Object.Run)} was not invoked."); _messageListener.Verify(x => x.GetNextMessageAsync(It.IsAny()), Times.AtLeastOnce()); _messageListener.Verify(x => x.CreateSessionAsync(It.IsAny()), Times.Once()); _messageListener.Verify(x => x.DeleteSessionAsync(), Times.Once()); _messageListener.Verify(x => x.DeleteMessageAsync(It.IsAny()), Times.AtLeastOnce()); } } } } } ================================================ FILE: src/Test/L0/Listener/CommandSettingsL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Listener; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.Agent.Util; using Moq; using System; using System.Linq; using System.Runtime.CompilerServices; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class CommandSettingsL0 { private readonly Mock _promptManager = new Mock(); // It is sufficient to test one arg only. All individual args are tested by the PromptsFor___ methods. // The PromptsFor___ methods suffice to cover the interesting differences between each of the args. [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsArg() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--agent", "some agent" }); // Act. string actual = command.GetAgentName(); // Assert. Assert.Equal("some agent", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsArgCaseInsensitive() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--AgenT", "some agent" }); // Act. string actual = command.GetAgentName(); // Assert. Assert.Equal("some agent", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsArgFromEnvVar() { using (TestHostContext hc = CreateTestContext()) { var envVarName = "VSTS_AGENT_INPUT_AGENT"; var expected = "some agent"; var environment = new LocalEnvironment(); // Arrange. environment.SetEnvironmentVariable(envVarName, expected); var command = new CommandSettings(hc, args: new string[] { "configure" }, environmentScope: environment); // Act. var actual = command.GetAgentName(); // Assert. Assert.Equal(expected, actual); Assert.Equal(string.Empty, environment.GetEnvironmentVariable(envVarName) ?? string.Empty); // Should remove. Assert.Equal(hc.SecretMasker.MaskSecrets(expected), expected); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsArgSecretFromEnvVar() { using (TestHostContext hc = CreateTestContext()) { var envVarName = "VSTS_AGENT_INPUT_TOKEN"; var expected = "some secret token value"; var environment = new LocalEnvironment(); // Arrange. environment.SetEnvironmentVariable(envVarName, expected); var command = new CommandSettings(hc, args: new string[] { "configure" }, environmentScope: environment); // Act. var actual = command.GetToken(); // Assert. Assert.Equal(expected, actual); Assert.Equal(string.Empty, environment.GetEnvironmentVariable(envVarName) ?? string.Empty); // Should remove. Assert.Equal(hc.SecretMasker.MaskSecrets(expected), "***"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsCommandConfigure() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); // Act. bool actual = command.IsConfigureCommand(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsCommandRun() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "run" }); // Act. bool actual = command.IsRunCommand(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsCommandDiagnostics() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "--diagnostics" }); // Act. bool actual = command.IsDiagnostics(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsCommandRunWithoutRun() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[0]); // Act. bool actual = command.IsRunCommand(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsCommandIsRunWithFlag() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "--version" }); // Act. bool actual = command.IsRunCommand(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsCommandUnconfigure() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "remove" }); // Act. bool actual = command.IsRemoveCommand(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsCommandWarmup() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "warmup" }); // Act. bool actual = command.IsWarmupCommand(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsCommandReAuth() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "reauth" }); // Act. bool actual = command.IsReAuthCommand(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsFlagAcceptTeeEula() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--acceptteeeula" }); // Act. bool actual = command.GetAcceptTeeEula(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsFlagCommit() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "run", "--commit" }); // Act. bool actual = command.IsCommit(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsFlagHelp() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "run", "--help" }); // Act. bool actual = command.IsHelp(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsFlagReplace() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--replace" }); // Act. bool actual = command.GetReplace(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsStartUpType() { using (TestHostContext hc = CreateTestContext()) { string expected = "test"; // Arrange. var command = new CommandSettings(hc, args: new string[] { "run", "--startuptype", expected }); // Act. string actual = command.GetStartupType(); // Assert. Assert.Equal(expected, actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsFlagRunAsService() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--runasservice" }); // Act. bool actual = command.GetRunAsService(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsFlagUnattended() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--unattended" }); // Act. bool actual = command.Unattended(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsFlagUnattendedFromEnvVar() { using (TestHostContext hc = CreateTestContext()) { var envVarName = "VSTS_AGENT_INPUT_UNATTENDED"; var environment = new LocalEnvironment(); // Arrange. environment.SetEnvironmentVariable(envVarName, "true"); var command = new CommandSettings(hc, args: new string[] { "configure" }, environmentScope: environment); // Act. bool actual = command.Unattended(); // Assert. Assert.Equal(true, actual); Assert.Equal(string.Empty, environment.GetEnvironmentVariable(envVarName) ?? string.Empty); // Should remove. } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsFlagVersion() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "run", "--version" }); // Act. bool actual = command.IsVersion(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PassesUnattendedToReadBool() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--unattended" }); _promptManager .Setup(x => x.ReadBool( Constants.Agent.CommandLine.Flags.AcceptTeeEula, // argName StringUtil.Loc("AcceptTeeEula"), // description false, // defaultValue true)) // unattended .Returns(true); // Act. bool actual = command.GetAcceptTeeEula(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PassesUnattendedToReadValue() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--unattended" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.Agent, // argName StringUtil.Loc("AgentName"), // description false, // secret Environment.MachineName, // defaultValue Validators.NonEmptyValidator, // validator true)) // unattended .Returns("some agent"); // Act. string actual = command.GetAgentName(); // Assert. Assert.Equal("some agent", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForAcceptTeeEula() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadBool( Constants.Agent.CommandLine.Flags.AcceptTeeEula, // argName StringUtil.Loc("AcceptTeeEula"), // description false, // defaultValue false)) // unattended .Returns(true); // Act. bool actual = command.GetAcceptTeeEula(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForAgent() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.Agent, // argName StringUtil.Loc("AgentName"), // description false, // secret Environment.MachineName, // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("some agent"); // Act. string actual = command.GetAgentName(); // Assert. Assert.Equal("some agent", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForAuth() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.Auth, // argName StringUtil.Loc("AuthenticationType"), // description false, // secret "some default auth", // defaultValue Validators.AuthSchemeValidator, // validator false)) // unattended .Returns("some auth"); // Act. string actual = command.GetAuth("some default auth"); // Assert. Assert.Equal("some auth", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForPassword() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.Password, // argName StringUtil.Loc("Password"), // description true, // secret string.Empty, // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("some password"); // Act. string actual = command.GetPassword(); // Assert. Assert.Equal("some password", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForPool() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.Pool, // argName StringUtil.Loc("AgentMachinePoolNameLabel"), // description false, // secret "default", // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("some pool"); // Act. string actual = command.GetPool(); // Assert. Assert.Equal("some pool", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForReplace() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadBool( Constants.Agent.CommandLine.Flags.Replace, // argName StringUtil.Loc("Replace"), // description false, // defaultValue false)) // unattended .Returns(true); // Act. bool actual = command.GetReplace(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForRunAsService() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadBool( Constants.Agent.CommandLine.Flags.RunAsService, // argName StringUtil.Loc("RunAgentAsServiceDescription"), // description false, // defaultValue false)) // unattended .Returns(true); // Act. bool actual = command.GetRunAsService(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForToken() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.Token, // argName StringUtil.Loc("PersonalAccessToken"), // description true, // secret string.Empty, // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("some token"); // Act. string actual = command.GetToken(); // Assert. Assert.Equal("some token", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForUrl() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.Url, // argName StringUtil.Loc("ServerUrl"), // description false, // secret string.Empty, // defaultValue Validators.ServerUrlValidator, // validator false)) // unattended .Returns("some url"); // Act. string actual = command.GetUrl(); // Assert. Assert.Equal("some url", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForUserName() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.UserName, // argName StringUtil.Loc("UserName"), // description false, // secret string.Empty, // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("some user name"); // Act. string actual = command.GetUserName(); // Assert. Assert.Equal("some user name", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForWindowsLogonAccount() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.WindowsLogonAccount, // argName StringUtil.Loc("WindowsLogonAccountNameDescription"), // description false, // secret "some default account", // defaultValue Validators.NTAccountValidator, // validator false)) // unattended .Returns("some windows logon account"); // Act. string actual = command.GetWindowsLogonAccount("some default account", StringUtil.Loc("WindowsLogonAccountNameDescription")); // Assert. Assert.Equal("some windows logon account", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForWindowsLogonPassword() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); string accountName = "somewindowsaccount"; _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.WindowsLogonPassword, // argName StringUtil.Loc("WindowsLogonPasswordDescription", accountName), // description true, // secret string.Empty, // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("some windows logon password"); // Act. string actual = command.GetWindowsLogonPassword(accountName); // Assert. Assert.Equal("some windows logon password", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForWork() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.Work, // argName StringUtil.Loc("WorkFolderDescription"), // description false, // secret "_work", // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("some work"); // Act. string actual = command.GetWork(); // Assert. Assert.Equal("some work", actual); } } // It is sufficient to test one arg only. All individual args are tested by the PromptsFor___ methods. // The PromptsFor___ methods suffice to cover the interesting differences between each of the args. [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsWhenEmpty() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--url", "" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.Url, // argName StringUtil.Loc("ServerUrl"), // description false, // secret string.Empty, // defaultValue Validators.ServerUrlValidator, // validator false)) // unattended .Returns("some url"); // Act. string actual = command.GetUrl(); // Assert. Assert.Equal("some url", actual); } } // It is sufficient to test one arg only. All individual args are tested by the PromptsFor___ methods. // The PromptsFor___ methods suffice to cover the interesting differences between each of the args. [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsWhenInvalid() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--url", "notValid" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.Url, // argName StringUtil.Loc("ServerUrl"), // description false, // secret string.Empty, // defaultValue Validators.ServerUrlValidator, // validator false)) // unattended .Returns("some url"); // Act. string actual = command.GetUrl(); // Assert. Assert.Equal("some url", actual); } } /* * Deployment Agent Tests */ [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsFlagDeploymentAgentWithBackCompat() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--machinegroup" }); // Act. bool actual = command.GetDeploymentOrMachineGroup(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsFlagDeploymentAgent() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--deploymentgroup" }); // Act. bool actual = command.GetDeploymentOrMachineGroup(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsFlagAddDeploymentGroupTagsBackCompat() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--addmachinegrouptags" }); // Act. bool actual = command.GetDeploymentGroupTagsRequired(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void GetsFlagAddDeploymentGroupTags() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--adddeploymentgrouptags" }); // Act. bool actual = command.GetDeploymentGroupTagsRequired(); // Assert. Assert.True(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForProjectName() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.ProjectName, // argName StringUtil.Loc("ProjectName"), // description false, // secret string.Empty, // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("TestProject"); // Act. string actual = command.GetProjectName(string.Empty); // Assert. Assert.Equal("TestProject", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForCollectionName() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.CollectionName, // argName StringUtil.Loc("CollectionName"), // description false, // secret "DefaultCollection", // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("TestCollection"); // Act. string actual = command.GetCollectionName(); // Assert. Assert.Equal("TestCollection", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForDeploymentGroupName() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.DeploymentGroupName, // argName StringUtil.Loc("DeploymentGroupName"), // description false, // secret string.Empty, // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("Test Deployment Group"); // Act. string actual = command.GetDeploymentGroupName(); // Assert. Assert.Equal("Test Deployment Group", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForDeploymentPoolName() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.DeploymentPoolName, // argName StringUtil.Loc("DeploymentPoolName"), // description false, // secret string.Empty, // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("Test Deployment Pool Name"); // Act. string actual = command.GetDeploymentPoolName(); // Assert. Assert.Equal("Test Deployment Pool Name", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void DeploymentGroupNameBackCompat() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings( hc, new[] { "configure", "--machinegroupname", "Test-MachineGroupName", "--deploymentgroupname", "Test-DeploymentGroupName" }); _promptManager.Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.DeploymentGroupName, // argName StringUtil.Loc("DeploymentGroupName"), // description false, // secret string.Empty, // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("This Method should not get called!"); // Act. string actual = command.GetDeploymentGroupName(); // Validate if --machinegroupname parameter is working Assert.Equal("Test-MachineGroupName", actual); // Validate Read Value should not get invoked. _promptManager.Verify(x => x.ReadValue(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void PromptsForDeploymentGroupTags() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure" }); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.DeploymentGroupTags, // argName StringUtil.Loc("DeploymentGroupTags"), // description false, // secret string.Empty, // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("Test-Tag1,Test-Tg2"); // Act. string actual = command.GetDeploymentGroupTags(); // Assert. Assert.Equal("Test-Tag1,Test-Tg2", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void DeploymentGroupTagsBackCompat() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings( hc, new[] { "configure", "--machinegrouptags", "Test-MachineGrouptag1,Test-MachineGrouptag2", "--deploymentgrouptags", "Test-DeploymentGrouptag1,Test-DeploymentGrouptag2" }); _promptManager.Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.DeploymentGroupTags, // argName StringUtil.Loc("DeploymentGroupTags"), // description false, // secret string.Empty, // defaultValue Validators.NonEmptyValidator, // validator false)) // unattended .Returns("This Method should not get called!"); // Act. string actual = command.GetDeploymentGroupTags(); // Validate if --machinegrouptags parameter is working fine Assert.Equal("Test-MachineGrouptag1,Test-MachineGrouptag2", actual); // Validate Read Value should not get invoked. _promptManager.Verify(x => x.ReadValue(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void ValidateCommands() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "badcommand" }); // Assert. Assert.True(command.ParseErrors.Any()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void ValidateFlags() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "--badflag" }); // Assert. Assert.True(command.ParseErrors.Any()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void ValidateArgs() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "--badargname", "bad arg value" }); // Assert. Assert.True(command.ParseErrors.Any()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void ValidateGoodCommandline() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--unattended", "--agent", "test agent" }); // Assert. Assert.True(command.ParseErrors == null); } } [Fact] [Trait("Level", "L0")] [Trait("Category", nameof(CommandSettings))] public void ValidatePasswordCanStartWithDash() { using (TestHostContext hc = CreateTestContext()) { string password = "-pass^word"; // Arrange. var command = new CommandSettings(hc, args: new string[] { "configure", "--windowslogonpassword=" + password}); // Assert. Assert.Equal(password, command.GetWindowsLogonPassword(string.Empty)); Assert.True(command.ParseErrors == null); } } private TestHostContext CreateTestContext([CallerMemberName] string testName = "") { TestHostContext hc = new TestHostContext(this, testName); hc.SetSingleton(_promptManager.Object); return hc; } } } ================================================ FILE: src/Test/L0/Listener/Configuration/AgentAutoLogonTestL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.Agent.Listener; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.Win32; using Moq; using System; using System.Collections.Generic; using System.Diagnostics; using System.Threading; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener { [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public sealed class AgentAutoLogonTestL0 { private Mock _windowsServiceHelper; private Mock _promptManager; private Mock _processInvoker; private Mock _store; private MockRegistryManager _mockRegManager; private AutoLogonSettings _autoLogonSettings; private CommandSettings _command; private string _sid = "001"; private string _sidForDifferentUser = "007"; private string _userName = "ironMan"; private string _domainName = "avengers"; private string _runOnce = ""; private bool _powerCfgCalledForACOption = false; private bool _powerCfgCalledForDCOption = false; [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestAutoLogonConfiguration() { using (var hc = new TestHostContext(this)) { _domainName = "avengers"; _runOnce = ""; SetupTestEnv(hc, _sid); var iConfigManager = new AutoLogonManager(); iConfigManager.Initialize(hc); await iConfigManager.ConfigureAsync(_command); VerifyRegistryChanges(_sid); Assert.True(_powerCfgCalledForACOption); Assert.True(_powerCfgCalledForDCOption); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestAutoLogonRunOnce() { using (var hc = new TestHostContext(this)) { _domainName = "avengers"; _runOnce = "--once"; SetupTestEnv(hc, _sid); SetupRegistrySettings(_sid); var iConfigManager = new AutoLogonManager(); iConfigManager.Initialize(hc); await iConfigManager.ConfigureAsync(_command); VerifyRegistryChanges(_sid); iConfigManager.Unconfigure(); //original values were reverted RegistryVerificationForUnConfigure(_sid); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestAutoLogonConfigurationForDotAsDomainName() { using (var hc = new TestHostContext(this)) { // Set the domain name to '.' _domainName = "."; _runOnce = ""; SetupTestEnv(hc, _sid); var iConfigManager = new AutoLogonManager(); iConfigManager.Initialize(hc); await iConfigManager.ConfigureAsync(_command); // Domain should have been set to Environment.Machine name in case the value passsed was '.' _domainName = Environment.MachineName; VerifyRegistryChanges(_sid); Assert.True(_powerCfgCalledForACOption); Assert.True(_powerCfgCalledForDCOption); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestAutoLogonConfigurationForDifferentUser() { using (var hc = new TestHostContext(this)) { _domainName = "avengers"; SetupTestEnv(hc, _sidForDifferentUser); var iConfigManager = new AutoLogonManager(); iConfigManager.Initialize(hc); await iConfigManager.ConfigureAsync(_command); VerifyRegistryChanges(_sidForDifferentUser); Assert.True(_powerCfgCalledForACOption); Assert.True(_powerCfgCalledForDCOption); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestAutoLogonUnConfigure() { //strategy- //1. fill some existing values in the registry //2. run configure //3. unconfigure //4. make sure the autologon settings are reset using (var hc = new TestHostContext(this)) { _domainName = "avengers"; SetupTestEnv(hc, _sid); SetupRegistrySettings(_sid); var iConfigManager = new AutoLogonManager(); iConfigManager.Initialize(hc); await iConfigManager.ConfigureAsync(_command); // Debugger.Launch(); iConfigManager.Unconfigure(); //original values were reverted RegistryVerificationForUnConfigure(_sid); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestAutoLogonUnConfigureForDifferentUser() { //strategy- //1. fill some existing values in the registry //2. run configure //3. make sure the old values are there in the backup //4. unconfigure //5. make sure original values are reverted back using (var hc = new TestHostContext(this)) { _domainName = "avengers"; SetupTestEnv(hc, _sidForDifferentUser); SetupRegistrySettings(_sidForDifferentUser); var iConfigManager = new AutoLogonManager(); iConfigManager.Initialize(hc); await iConfigManager.ConfigureAsync(_command); iConfigManager.Unconfigure(); //original values were reverted RegistryVerificationForUnConfigure(_sidForDifferentUser); } } private void RegistryVerificationForUnConfigure(string securityId) { //screen saver (user specific) ValidateRegistryValue(RegistryHive.Users, $"{securityId}\\{RegistryConstants.UserSettings.SubKeys.ScreenSaver}", RegistryConstants.UserSettings.ValueNames.ScreenSaver, "1"); //when done with reverting back the original settings we need to make sure we dont leave behind any extra setting //user specific ValidateRegistryValue(RegistryHive.Users, $"{securityId}\\{RegistryConstants.UserSettings.SubKeys.StartupProcess}", RegistryConstants.UserSettings.ValueNames.StartupProcess, null); } private void SetupRegistrySettings(string securityId) { //screen saver (user specific) _mockRegManager.SetValue(RegistryHive.Users, $"{securityId}\\{RegistryConstants.UserSettings.SubKeys.ScreenSaver}", RegistryConstants.UserSettings.ValueNames.ScreenSaver, "1"); } private void SetupTestEnv(TestHostContext hc, string securityId) { _powerCfgCalledForACOption = _powerCfgCalledForDCOption = false; _autoLogonSettings = null; _windowsServiceHelper = new Mock(); hc.SetSingleton(_windowsServiceHelper.Object); _promptManager = new Mock(); hc.SetSingleton(_promptManager.Object); _promptManager .Setup(x => x.ReadValue( Constants.Agent.CommandLine.Args.WindowsLogonAccount, // argName It.IsAny(), // description It.IsAny(), // secret It.IsAny(), // defaultValue Validators.NTAccountValidator, // validator It.IsAny())) // unattended .Returns(string.Format(@"{0}\{1}", _domainName, _userName)); _windowsServiceHelper.Setup(x => x.IsValidAutoLogonCredential(It.IsAny(), It.IsAny(), It.IsAny())).Returns(true); _windowsServiceHelper.Setup(x => x.SetAutoLogonPassword(It.IsAny())); _windowsServiceHelper.Setup(x => x.GetSecurityId(It.IsAny(), It.IsAny())).Returns(() => securityId); _windowsServiceHelper.Setup(x => x.IsRunningInElevatedMode()).Returns(true); _processInvoker = new Mock(); hc.EnqueueInstance(_processInvoker.Object); hc.EnqueueInstance(_processInvoker.Object); _processInvoker.Setup(x => x.ExecuteAsync( It.IsAny(), "powercfg.exe", "/Change monitor-timeout-ac 0", null, It.IsAny())).Returns(Task.FromResult(SetPowerCfgFlags(true))); _processInvoker.Setup(x => x.ExecuteAsync( It.IsAny(), "powercfg.exe", "/Change monitor-timeout-dc 0", null, It.IsAny())).Returns(Task.FromResult(SetPowerCfgFlags(false))); _mockRegManager = new MockRegistryManager(); hc.SetSingleton(_mockRegManager); _command = new CommandSettings( hc, new[] { "configure", "--windowslogonaccount", "wont be honored", "--windowslogonpassword", "sssh", "--norestart", _runOnce }); _store = new Mock(); _store.Setup(x => x.SaveAutoLogonSettings(It.IsAny())) .Callback((AutoLogonSettings settings) => { _autoLogonSettings = settings; }); _store.Setup(x => x.IsAutoLogonConfigured()).Returns(() => _autoLogonSettings != null); _store.Setup(x => x.GetAutoLogonSettings()).Returns(() => _autoLogonSettings); hc.SetSingleton(_store.Object); hc.SetSingleton(new AutoLogonRegistryManager()); } private int SetPowerCfgFlags(bool isForACOption) { if (isForACOption) { _powerCfgCalledForACOption = true; } else { _powerCfgCalledForDCOption = true; } return 0; } public void VerifyRegistryChanges(string securityId) { ValidateRegistryValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogon, "1"); ValidateRegistryValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonUserName, _userName); ValidateRegistryValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonDomainName, _domainName); ValidateRegistryValue(RegistryHive.LocalMachine, RegistryConstants.MachineSettings.SubKeys.AutoLogon, RegistryConstants.MachineSettings.ValueNames.AutoLogonPassword, null); ValidateRegistryValue(RegistryHive.Users, $"{securityId}\\{RegistryConstants.UserSettings.SubKeys.ScreenSaver}", RegistryConstants.UserSettings.ValueNames.ScreenSaver, "0"); // verify the startup process key is defined and contains --once if appropriate var startup = _mockRegManager.GetValue( RegistryHive.Users, $"{securityId}\\{RegistryConstants.UserSettings.SubKeys.StartupProcess}", RegistryConstants.UserSettings.ValueNames.StartupProcess); Assert.False(String.IsNullOrEmpty(startup), "Startup key should not be empty"); Assert.True(startup.Contains(_runOnce), "Startup key should match the runOnce setting"); } public void ValidateRegistryValue(RegistryHive hive, string subKeyName, string name, string expectedValue) { var actualValue = _mockRegManager.GetValue(hive, subKeyName, name); var validationPassed = string.Equals(expectedValue, actualValue, StringComparison.OrdinalIgnoreCase); Assert.True(validationPassed, $"Validation failed for '{subKeyName}\\{name}'. Expected - {expectedValue} Actual - {actualValue}"); } } public class MockRegistryManager : AgentService, IWindowsRegistryManager { private Dictionary _regStore; public MockRegistryManager() { _regStore = new Dictionary(); } public string GetValue(RegistryHive hive, string subKeyName, string name) { var key = string.Concat(hive.ToString(), subKeyName, name); return _regStore.ContainsKey(key) ? _regStore[key] : null; } public void SetValue(RegistryHive hive, string subKeyName, string name, string value) { var key = string.Concat(hive.ToString(), subKeyName, name); if (_regStore.ContainsKey(key)) { _regStore[key] = value; } else { _regStore.Add(key, value); } } public void DeleteValue(RegistryHive hive, string subKeyName, string name) { var key = string.Concat(hive.ToString(), subKeyName, name); _regStore.Remove(key); } public bool SubKeyExists(RegistryHive hive, string subKeyName) { return true; } } } ================================================ FILE: src/Test/L0/Listener/Configuration/AgentCapabilitiesProviderTestL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Capabilities; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Moq; using System; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener { public sealed class AgentCapabilitiesProviderTestL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestGetCapabilities() { using (var hc = new TestHostContext(this)) using (var tokenSource = new CancellationTokenSource()) { Mock configurationManager = new Mock(); hc.SetSingleton(configurationManager.Object); // Arrange var provider = new AgentCapabilitiesProvider(); provider.Initialize(hc); var settings = new AgentSettings() { AgentName = "IAmAgent007" }; // Act List capabilities = await provider.GetCapabilitiesAsync(settings, tokenSource.Token); // Assert Assert.NotNull(capabilities); Capability agentNameCapability = capabilities.SingleOrDefault(x => string.Equals(x.Name, "Agent.Name", StringComparison.Ordinal)); Assert.NotNull(agentNameCapability); Assert.Equal("IAmAgent007", agentNameCapability.Value); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestInteractiveSessionCapability() { using (var hc = new TestHostContext(this)) using (var tokenSource = new CancellationTokenSource()) { hc.StartupType = StartupType.AutoStartup; await VerifyInteractiveSessionCapability(hc, true, tokenSource.Token); hc.StartupType = StartupType.Service; await VerifyInteractiveSessionCapability(hc, false, tokenSource.Token); hc.StartupType = StartupType.Manual; await VerifyInteractiveSessionCapability(hc, true, tokenSource.Token); } } private async Task VerifyInteractiveSessionCapability(IHostContext hc, bool expectedValue, CancellationToken token) { // Arrange var provider = new AgentCapabilitiesProvider(); provider.Initialize(hc); var settings = new AgentSettings() { AgentName = "IAmAgent007" }; // Act List capabilities = await provider.GetCapabilitiesAsync(settings, token); // Assert Assert.NotNull(capabilities); Capability iSessionCapability = capabilities.SingleOrDefault(x => string.Equals(x.Name, "InteractiveSession", StringComparison.Ordinal)); Assert.NotNull(iSessionCapability); bool.TryParse(iSessionCapability.Value, out bool isInteractive); Assert.Equal(expectedValue, isInteractive); } } } ================================================ FILE: src/Test/L0/Listener/Configuration/AgentCredentialL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Listener; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.Client; using Microsoft.VisualStudio.Services.Common; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener.Configuration { public class TestAgentCredential : CredentialProvider { public TestAgentCredential() : base("TEST") { } public override VssCredentials GetVssCredentials(IHostContext context) { Tracing trace = context.GetTrace("PersonalAccessToken"); trace.Info("GetVssCredentials()"); VssBasicCredential loginCred = new VssBasicCredential("test", "password"); VssCredentials creds = new VssClientCredentials(federatedCredential: loginCred); trace.Verbose("cred created"); return creds; } public override void EnsureCredential(IHostContext context, CommandSettings command, string serverUrl) { } } } ================================================ FILE: src/Test/L0/Listener/Configuration/ArgumentValidatorTestsL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener.Configuration { public sealed class ArgumentValidatorTestsL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "ArgumentValidator")] public void ServerUrlValidator() { using (TestHostContext hc = new TestHostContext(this)) { Assert.True(Validators.ServerUrlValidator("http://servername")); Assert.False(Validators.ServerUrlValidator("Fail")); Assert.False(Validators.ServerUrlValidator("ftp://servername")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "ArgumentValidator")] public void AuthSchemeValidator() { using (TestHostContext hc = new TestHostContext(this)) { Assert.True(Validators.AuthSchemeValidator("pat")); Assert.False(Validators.AuthSchemeValidator("Fail")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "ArgumentValidator")] public void NonEmptyValidator() { using (TestHostContext hc = new TestHostContext(this)) { Assert.True(Validators.NonEmptyValidator("test")); Assert.False(Validators.NonEmptyValidator(string.Empty)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "ArgumentValidator")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public void WindowsLogonAccountValidator() { using (TestHostContext hc = new TestHostContext(this)) { Assert.False(Validators.NTAccountValidator(string.Empty)); Assert.True(Validators.NTAccountValidator("NT AUTHORITY\\LOCAL SERVICE")); } } } } ================================================ FILE: src/Test/L0/Listener/Configuration/ConfigurationManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Listener; using Microsoft.VisualStudio.Services.Agent.Capabilities; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.WebApi; using Moq; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.CompilerServices; using System.Security.Cryptography; using System.Threading.Tasks; using Xunit; using Microsoft.VisualStudio.Services.Location; using Microsoft.VisualStudio.Services.Common; using Agent.Listener.Configuration; using Agent.Sdk; using System.Threading; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener.Configuration { public sealed class ConfigurationManagerL0 : IDisposable { private Mock _agentServer; private Mock _locationServer; private Mock _credMgr; private Mock _promptManager; private Mock _store; private Mock _extnMgr; private Mock _machineGroupServer; private Mock _environmentsServer; private Mock _vstsAgentWebProxy; private Mock _cert; private Mock _windowsServiceControlManager; private Mock _linuxServiceControlManager; private Mock _macServiceControlManager; private Mock _rsaKeyManager; private Mock _featureFlagProvider; private ICapabilitiesManager _capabilitiesManager; private DeploymentGroupAgentConfigProvider _deploymentGroupAgentConfigProvider; private string _expectedToken = "expectedToken"; private string _expectedServerUrl = "https://localhost"; private string _expectedVSTSServerUrl = "https://L0ConfigTest.visualstudio.com"; private string _expectedAgentName = "expectedAgentName"; private string _expectedPoolName = "poolName"; private string _expectedCollectionName = "testCollectionName"; private string _expectedProjectName = "testProjectName"; private string _expectedProjectId = "edf3f94e-d251-49df-bfce-602d6c967409"; private string _expectedMachineGroupName = "testMachineGroupName"; private string _expectedAuthType = "pat"; private string _expectedWorkFolder = "_work"; private int _expectedPoolId = 1; private int _expectedDeploymentMachineId = 81; private int _expectedEnvironmentVMResourceId = 71; private RSACryptoServiceProvider rsa = null; private AgentSettings _configMgrAgentSettings = new AgentSettings(); public ConfigurationManagerL0() { _agentServer = new Mock(); _locationServer = new Mock(); _credMgr = new Mock(); _promptManager = new Mock(); _store = new Mock(); _extnMgr = new Mock(); _rsaKeyManager = new Mock(); _machineGroupServer = new Mock(); _environmentsServer = new Mock(); _vstsAgentWebProxy = new Mock(); _cert = new Mock(); _windowsServiceControlManager = new Mock(); _linuxServiceControlManager = new Mock(); _macServiceControlManager = new Mock(); _capabilitiesManager = new CapabilitiesManager(); _featureFlagProvider = new Mock(); var expectedAgent = new TaskAgent(_expectedAgentName) { Id = 1 }; var expectedDeploymentMachine = new DeploymentMachine() { Agent = expectedAgent, Id = _expectedDeploymentMachineId }; expectedAgent.Authorization = new TaskAgentAuthorization { ClientId = Guid.NewGuid(), AuthorizationUrl = new Uri("http://localhost:8080/tfs"), }; var connectionData = new ConnectionData() { InstanceId = Guid.NewGuid(), DeploymentType = DeploymentFlags.Hosted, DeploymentId = Guid.NewGuid() }; _agentServer.Setup(x => x.ConnectAsync(It.IsAny(), It.IsAny())).Returns(Task.FromResult(null)); _locationServer.Setup(x => x.ConnectAsync(It.IsAny())).Returns(Task.FromResult(null)); _locationServer.Setup(x => x.GetConnectionDataAsync()).Returns(Task.FromResult(connectionData)); _machineGroupServer.Setup(x => x.ConnectAsync(It.IsAny())).Returns(Task.FromResult(null)); _machineGroupServer.Setup(x => x.UpdateDeploymentTargetsAsync(It.IsAny(), It.IsAny(), It.IsAny>())); _machineGroupServer.Setup(x => x.AddDeploymentTargetAsync(It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(expectedDeploymentMachine)); _machineGroupServer.Setup(x => x.ReplaceDeploymentTargetAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(expectedDeploymentMachine)); _machineGroupServer.Setup(x => x.GetDeploymentTargetsAsync(It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(new List() { })); _machineGroupServer.Setup(x => x.DeleteDeploymentTargetAsync(It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(null)); _store.Setup(x => x.IsConfigured()).Returns(false); _store.Setup(x => x.HasCredentials()).Returns(false); _store.Setup(x => x.GetSettings()).Returns(() => _configMgrAgentSettings); _store.Setup(x => x.SaveSettings(It.IsAny())) .Callback((AgentSettings settings) => { _configMgrAgentSettings = settings; }); _credMgr.Setup(x => x.GetCredentialProvider(It.IsAny())).Returns(new TestAgentCredential()); _linuxServiceControlManager.Setup(x => x.GenerateScripts(It.IsAny())); _macServiceControlManager.Setup(x => x.GenerateScripts(It.IsAny())); var expectedPools = new List() { new TaskAgentPool(_expectedPoolName) { Id = _expectedPoolId } }; _agentServer.Setup(x => x.GetAgentPoolsAsync(It.IsAny(), It.IsAny())).Returns(Task.FromResult(expectedPools)); var expectedAgents = new List(); _agentServer.Setup(x => x.GetAgentsAsync(It.IsAny(), It.IsAny())).Returns(Task.FromResult(expectedAgents)); _agentServer.Setup(x => x.AddAgentAsync(It.IsAny(), It.IsAny())).Returns(Task.FromResult(expectedAgent)); _agentServer.Setup(x => x.UpdateAgentAsync(It.IsAny(), It.IsAny())).Returns(Task.FromResult(expectedAgent)); rsa = new RSACryptoServiceProvider(2048); _rsaKeyManager.Setup(x => x.CreateKey(It.IsAny(), It.IsAny())).Returns(rsa); _featureFlagProvider.Setup(x => x.GetFeatureFlagWithCred(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(new FeatureAvailability.FeatureFlag("", "", "", "Off", "Off"))); } private TestHostContext CreateTestContext([CallerMemberName] String testName = "") { TestHostContext tc = new TestHostContext(this, testName); tc.SetSingleton(_credMgr.Object); tc.SetSingleton(_promptManager.Object); tc.SetSingleton(_store.Object); tc.SetSingleton(_extnMgr.Object); tc.SetSingleton(_agentServer.Object); tc.SetSingleton(_locationServer.Object); tc.SetSingleton(_machineGroupServer.Object); tc.SetSingleton(_environmentsServer.Object); tc.SetSingleton(_capabilitiesManager); tc.SetSingleton(_vstsAgentWebProxy.Object); tc.SetSingleton(_cert.Object); tc.SetSingleton(_windowsServiceControlManager.Object); tc.SetSingleton(_linuxServiceControlManager.Object); tc.SetSingleton(_macServiceControlManager.Object); tc.SetSingleton(_rsaKeyManager.Object); tc.SetSingleton(_featureFlagProvider.Object); return tc; } [Fact] [Trait("Level", "L0")] [Trait("Category", "ConfigurationManagement")] public async Task CanEnsureConfigure() { using (TestHostContext tc = CreateTestContext()) { Tracing trace = tc.GetTrace(); trace.Info("Creating config manager"); IConfigurationManager configManager = new ConfigurationManager(); configManager.Initialize(tc); trace.Info("Preparing command line arguments"); var command = new CommandSettings( tc, new[] { "configure", "--acceptteeeula", "--url", _expectedServerUrl, "--agent", _expectedAgentName, "--pool", _expectedPoolName, "--work", _expectedWorkFolder, "--auth", _expectedAuthType, "--token", _expectedToken }); trace.Info("Constructed."); _store.Setup(x => x.IsConfigured()).Returns(false); _configMgrAgentSettings = null; _extnMgr.Setup(x => x.GetExtensions()).Returns(GetConfigurationProviderList(tc)); trace.Info("Ensuring all the required parameters are available in the command line parameter"); await configManager.ConfigureAsync(command); _store.Setup(x => x.IsConfigured()).Returns(true); trace.Info("Configured, verifying all the parameter value"); var s = configManager.LoadSettings(); Assert.NotNull(s); Assert.True(s.ServerUrl.Equals(_expectedServerUrl)); Assert.True(s.AgentName.Equals(_expectedAgentName)); Assert.True(s.PoolId.Equals(_expectedPoolId)); Assert.True(s.WorkFolder.Equals(_expectedWorkFolder)); // validate GetAgentPoolsAsync gets called once with automation pool type _agentServer.Verify(x => x.GetAgentPoolsAsync(It.IsAny(), It.Is(p => p == TaskAgentPoolType.Automation)), Times.Once); // validate GetAgentPoolsAsync not called with deployment pool type _agentServer.Verify(x => x.GetAgentPoolsAsync(It.IsAny(), It.Is(p => p == TaskAgentPoolType.Deployment)), Times.Never); // For build and release agent / deployment pool, tags logic should not get trigger; _machineGroupServer.Verify(x => x.UpdateDeploymentTargetsAsync(It.IsAny(), It.IsAny(), It.IsAny>()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "ConfigurationManagement")] public async Task CanEnsureConfigureForDeploymentPool() { using (TestHostContext tc = CreateTestContext()) { Tracing trace = tc.GetTrace(); trace.Info("Creating config manager"); IConfigurationManager configManager = new ConfigurationManager(); configManager.Initialize(tc); trace.Info("Preparing command line arguments"); var command = new CommandSettings( tc, new[] { "configure", "--acceptteeeula", "--url", _expectedServerUrl, "--agent", _expectedAgentName, "--deploymentpoolname", _expectedPoolName, "--work", _expectedWorkFolder, "--auth", _expectedAuthType, "--token", _expectedToken, "--deploymentpool" }); trace.Info("Constructed."); _store.Setup(x => x.IsConfigured()).Returns(false); _configMgrAgentSettings = null; _extnMgr.Setup(x => x.GetExtensions()).Returns(GetConfigurationProviderList(tc)); trace.Info("Ensuring all the required parameters are available in the command line parameter"); await configManager.ConfigureAsync(command); _store.Setup(x => x.IsConfigured()).Returns(true); trace.Info("Configured, verifying all the parameter value"); var s = configManager.LoadSettings(); Assert.NotNull(s); Assert.True(s.ServerUrl.Equals(_expectedServerUrl)); Assert.True(s.AgentName.Equals(_expectedAgentName)); Assert.True(s.PoolId.Equals(_expectedPoolId)); Assert.True(s.WorkFolder.Equals(_expectedWorkFolder)); // validate GetAgentPoolsAsync gets called once with deployment pool type _agentServer.Verify(x => x.GetAgentPoolsAsync(It.IsAny(), It.Is(p => p == TaskAgentPoolType.Deployment)), Times.Once); // validate GetAgentPoolsAsync not called with Automation pool type _agentServer.Verify(x => x.GetAgentPoolsAsync(It.IsAny(), It.Is(p => p == TaskAgentPoolType.Automation)), Times.Never); // For build and release agent / deployment pool, tags logic should not get trigger; _machineGroupServer.Verify(x => x.UpdateDeploymentTargetsAsync(It.IsAny(), It.IsAny(), It.IsAny>()), Times.Never); } } /* * Agent configuartion as deployment agent against VSTS account * Collectioion name is not required */ [Fact] [Trait("Level", "L0")] [Trait("Category", "ConfigurationManagement")] public async Task CanEnsureMachineGroupAgentConfigureVSTSScenario() { using (TestHostContext tc = CreateTestContext()) { Tracing trace = tc.GetTrace(); trace.Info("Creating config manager"); IConfigurationManager configManager = new ConfigurationManager(); configManager.Initialize(tc); trace.Info("Preparing command line arguments for vsts scenario"); var command = new CommandSettings( tc, new[] { "configure", "--acceptteeeula", "--machinegroup", "--url", _expectedVSTSServerUrl, "--agent", _expectedAgentName, "--projectname", _expectedProjectName, "--machinegroupname", _expectedMachineGroupName, "--work", _expectedWorkFolder, "--auth", _expectedAuthType, "--token", _expectedToken }); trace.Info("Constructed."); _store.Setup(x => x.IsConfigured()).Returns(false); _configMgrAgentSettings = null; _extnMgr.Setup(x => x.GetExtensions()).Returns(GetConfigurationProviderList(tc)); _machineGroupServer.Setup(x => x.GetDeploymentGroupsAsync(It.IsAny(), It.IsAny())).Returns(Task.FromResult(GetDeploymentGroups(18, 27))); trace.Info("Ensuring all the required parameters are available in the command line parameter"); await configManager.ConfigureAsync(command); _store.Setup(x => x.IsConfigured()).Returns(true); trace.Info("Configured, verifying all the parameter value"); var s = configManager.LoadSettings(); Assert.NotNull(s); Assert.True(s.ServerUrl.Equals(_expectedVSTSServerUrl, StringComparison.CurrentCultureIgnoreCase)); Assert.True(s.AgentName.Equals(_expectedAgentName)); Assert.True(s.PoolId.Equals(27)); Assert.True(s.WorkFolder.Equals(_expectedWorkFolder)); Assert.True(s.MachineGroupId.Equals(0)); Assert.True(s.DeploymentGroupId.Equals(18)); Assert.Null(s.ProjectName); Assert.True(s.ProjectId.Equals(_expectedProjectId)); // Tags logic should not get trigger _machineGroupServer.Verify(x => x.UpdateDeploymentTargetsAsync(It.IsAny(), It.IsAny(), It.IsAny>()), Times.Never); } } /* * Agent configuartion as deployment agent against on prem tfs * Collectioion name is required */ [Fact] [Trait("Level", "L0")] [Trait("Category", "ConfigurationManagement")] public async Task CanEnsureMachineGroupAgentConfigureOnPremScenario() { using (TestHostContext tc = CreateTestContext()) { Tracing trace = tc.GetTrace(); trace.Info("Creating config manager"); IConfigurationManager configManager = new ConfigurationManager(); configManager.Initialize(tc); var onPremTfsUrl = "http://localtfs:8080/tfs"; trace.Info("Preparing command line arguments for vsts scenario"); var command = new CommandSettings( tc, new[] { "configure", "--acceptteeeula", "--deploymentgroup", "--url", onPremTfsUrl, "--agent", _expectedAgentName, "--collectionname", _expectedCollectionName, "--projectname", _expectedProjectName, "--deploymentgroupname", _expectedMachineGroupName, "--work", _expectedWorkFolder, "--auth", _expectedAuthType, "--token", _expectedToken }); trace.Info("Constructed."); _store.Setup(x => x.IsConfigured()).Returns(false); _configMgrAgentSettings = null; _extnMgr.Setup(x => x.GetExtensions()).Returns(GetConfigurationProviderList(tc)); _machineGroupServer.Setup(x => x.GetDeploymentGroupsAsync(It.IsAny(), It.IsAny())).Returns(Task.FromResult(GetDeploymentGroups(3, 7))); trace.Info("Ensuring all the required parameters are available in the command line parameter"); await configManager.ConfigureAsync(command); _store.Setup(x => x.IsConfigured()).Returns(true); trace.Info("Configured, verifying all the parameter value"); var s = configManager.LoadSettings(); Assert.NotNull(s); Assert.True(s.ServerUrl.Equals(onPremTfsUrl)); Assert.True(s.AgentName.Equals(_expectedAgentName)); Assert.True(s.PoolId.Equals(7)); Assert.True(s.WorkFolder.Equals(_expectedWorkFolder)); Assert.True(s.MachineGroupId.Equals(0)); Assert.True(s.DeploymentGroupId.Equals(3)); Assert.Null(s.ProjectName); Assert.True(s.ProjectId.Equals(_expectedProjectId)); // Tags logic should not get trigger _machineGroupServer.Verify(x => x.UpdateDeploymentTargetsAsync(It.IsAny(), It.IsAny(), It.IsAny>()), Times.Never); } } /* * Agent configuartion as deployment agent against VSTS account * Collectioion name is not required */ [Fact] [Trait("Level", "L0")] [Trait("Category", "ConfigurationManagement")] public async Task CanEnsureMachineGroupAgentConfigureVSTSScenarioWithTags() { Guid receivedProjectId = Guid.Empty; string expectedProcessedTags = string.Empty; string tags = "Tag3, ,, Tag4 , , , Tag1, , tag3 "; string expectedTags = "Tag3,Tag4,Tag1"; int receivedMachineId = -1; int expectedDeploymentGroupId = 7; int receivedDeploymentGroupId = -1; _machineGroupServer.Setup(x => x.UpdateDeploymentTargetsAsync(It.IsAny(), It.IsAny(), It.IsAny>())).Callback((Guid project, int deploymentGroupId, List deploymentMachine) => { receivedProjectId = project; expectedProcessedTags = string.Join(",", deploymentMachine.FirstOrDefault().Tags.ToArray()); receivedMachineId = deploymentMachine.FirstOrDefault().Id; receivedDeploymentGroupId = deploymentGroupId; } ); using (TestHostContext tc = CreateTestContext()) { Tracing trace = tc.GetTrace(); trace.Info("Creating config manager"); IConfigurationManager configManager = new ConfigurationManager(); configManager.Initialize(tc); trace.Info("Preparing command line arguments for vsts scenario"); var command = new CommandSettings( tc, new[] { "configure", "--acceptteeeula", "--machinegroup", "--adddeploymentgrouptags", "--url", _expectedVSTSServerUrl, "--agent", _expectedAgentName, "--projectname", _expectedProjectName, "--deploymentgroupname", _expectedMachineGroupName, "--work", _expectedWorkFolder, "--auth", _expectedAuthType, "--token", _expectedToken, "--deploymentgrouptags", tags }); trace.Info("Constructed."); _store.Setup(x => x.IsConfigured()).Returns(false); _configMgrAgentSettings = null; _extnMgr.Setup(x => x.GetExtensions()).Returns(GetConfigurationProviderList(tc)); _machineGroupServer.Setup(x => x.GetDeploymentGroupsAsync(It.IsAny(), It.IsAny())).Returns(Task.FromResult(GetDeploymentGroups(expectedDeploymentGroupId, 3))); trace.Info("Ensuring all the required parameters are available in the command line parameter"); await configManager.ConfigureAsync(command); _store.Setup(x => x.IsConfigured()).Returns(true); trace.Info("Configured, verifying all the parameter value"); var s = configManager.LoadSettings(); Assert.NotNull(s); Assert.True(s.ServerUrl.Equals(_expectedVSTSServerUrl, StringComparison.CurrentCultureIgnoreCase)); Assert.True(s.AgentName.Equals(_expectedAgentName)); Assert.True(s.PoolId.Equals(3)); Assert.True(s.DeploymentGroupId.Equals(7)); Assert.True(s.WorkFolder.Equals(_expectedWorkFolder)); Assert.True(s.MachineGroupId.Equals(0)); Assert.Null(s.ProjectName); Assert.True(s.ProjectId.Equals(_expectedProjectId)); Assert.True(receivedProjectId.Equals(new Guid(_expectedProjectId)), "UpdateDeploymentMachinesGroupAsync should get call with correct project name"); Assert.True(expectedTags.Equals(expectedProcessedTags), "Before applying the tags, should get processed ( Trim, Remove duplicate)"); Assert.True(receivedMachineId.Equals(_expectedDeploymentMachineId), "UpdateDeploymentMachinesGroupAsync should get call with correct machine id"); Assert.True(receivedDeploymentGroupId.Equals(expectedDeploymentGroupId), "UpdateDeploymentMachinesGroupAsync should get call with correct deployment group id"); // Tags logic should get trigger _machineGroupServer.Verify(x => x.UpdateDeploymentTargetsAsync(It.IsAny(), It.IsAny(), It.IsAny>()), Times.Once); } } /* * Agent configuartion as deployment agent against VSTS account * Collectioion name is not required */ [Fact] [Trait("Level", "L0")] [Trait("Category", "ConfigurationManagement")] public async Task CanEnsureEnvironmentVMResourceConfigureVSTSScenario() { SetEnvironmentVMResourceMocks(); var projectId = Guid.NewGuid(); using (TestHostContext tc = CreateTestContext()) { Tracing trace = tc.GetTrace(); trace.Info("Creating config manager"); IConfigurationManager configManager = new ConfigurationManager(); configManager.Initialize(tc); trace.Info("Preparing command line arguments for Environment VM resource config vsts scenario"); var command = new CommandSettings( tc, new[] { "configure", "--acceptteeeula", "--environment", "--url", _expectedVSTSServerUrl, "--agent", "environmentVMResourceName", "--projectname", "environmentPrj", "--environmentname", "env1", "--work", _expectedWorkFolder, "--auth", _expectedAuthType, "--token", _expectedToken }); trace.Info("Constructed."); _store.Setup(x => x.IsConfigured()).Returns(false); _configMgrAgentSettings = null; _extnMgr.Setup(x => x.GetExtensions()).Returns(GetConfigurationProviderList(tc)); _environmentsServer.Setup(x => x.GetEnvironmentsAsync(It.IsAny(), It.IsAny())).Returns(Task.FromResult(GetEnvironments("environmentPrj", projectId))); trace.Info("Ensuring all the required parameters are available in the command line parameter"); await configManager.ConfigureAsync(command); _store.Setup(x => x.IsConfigured()).Returns(true); trace.Info("Configured, verifying all the parameter value"); var s = configManager.LoadSettings(); Assert.NotNull(s); Assert.True(s.ServerUrl.Equals(_expectedVSTSServerUrl, StringComparison.CurrentCultureIgnoreCase)); Assert.True(s.AgentName.Equals("environmentVMResourceName")); Assert.True(s.AgentId.Equals(35)); Assert.True(s.PoolId.Equals(57)); Assert.True(s.WorkFolder.Equals(_expectedWorkFolder)); Assert.True(s.MachineGroupId.Equals(0)); Assert.True(s.DeploymentGroupId.Equals(0)); Assert.True(s.EnvironmentId.Equals(54)); Assert.True(s.ProjectName.Equals("environmentPrj")); Assert.True(s.ProjectId.Equals(projectId.ToString())); Assert.True(s.EnvironmentVMResourceId.Equals(_expectedEnvironmentVMResourceId)); // Validate mock calls _environmentsServer.Verify(x => x.ConnectAsync(It.IsAny()), Times.Once); _environmentsServer.Verify(x => x.AddEnvironmentVMAsync(It.IsAny(), It.Is(e => e == 54), It.Is(v => v.Agent.Name == "environmentVMResourceName")), Times.Once); _environmentsServer.Verify(x => x.GetEnvironmentVMsAsync(It.IsAny(), It.Is(e => e == 54), It.Is(v => v == "environmentVMResourceName")), Times.Once); _environmentsServer.Verify(x => x.GetEnvironmentsAsync(It.IsAny(), It.Is(e => e == "env1")), Times.Once); _environmentsServer.Verify(x => x.GetEnvironmentPoolAsync(It.Is(p => p == projectId), It.Is(e => e == 54)), Times.Once); } } private void SetEnvironmentVMResourceMocks() { var expectedAgent = new TaskAgent("environmentVMResourceName") { Id = 35 }; expectedAgent.Authorization = new TaskAgentAuthorization { ClientId = Guid.NewGuid(), AuthorizationUrl = new Uri("http://localhost:8080/tfs"), }; var environmentPool = new TaskAgentPoolReference { Id = 57 }; var expectedEnvironmentVMResource = new VirtualMachineResource { Agent = expectedAgent, Id = _expectedEnvironmentVMResourceId, Name = "environmentVMResourceName" }; _environmentsServer.Setup(x => x.ConnectAsync(It.IsAny())).Returns(Task.FromResult(null)); _environmentsServer.Setup(x => x.AddEnvironmentVMAsync(It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(expectedEnvironmentVMResource)); _environmentsServer.Setup(x => x.ReplaceEnvironmentVMAsync(It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(expectedEnvironmentVMResource)); _environmentsServer.Setup(x => x.GetEnvironmentVMsAsync(It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(new List() { })); _environmentsServer.Setup(x => x.DeleteEnvironmentVMAsync(It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(null)); _environmentsServer.Setup(x => x.GetEnvironmentPoolAsync(It.IsAny(), It.IsAny())).Returns(Task.FromResult(environmentPool)); } private List GetDeploymentGroups(int dgId, int poolId) { var dgJson = "{'id':" + dgId.ToString() + ",'project':{'id':'" + _expectedProjectId + "','name':'Test-Project1'},'name':'ch-test','pool':{'id':" + poolId.ToString() + ",'scope':'0efb4611-d565-4cd1-9a64-7d6cb6d7d5f0'}}"; var deploymentGroup = JsonConvert.DeserializeObject(dgJson); return new List() { deploymentGroup }; } private List GetEnvironments(string projectName, Guid projectId) { var environmentJson = "{'id':54, 'project':{'id':'" + projectId + "','name':'" + projectName + "'},'name':'env1'}"; var env = JsonConvert.DeserializeObject(environmentJson); return new List { env }; } // Init the Agent Config Provider private List GetConfigurationProviderList(TestHostContext tc) { IConfigurationProvider buildReleasesAgentConfigProvider = new BuildReleasesAgentConfigProvider(); buildReleasesAgentConfigProvider.Initialize(tc); _deploymentGroupAgentConfigProvider = new DeploymentGroupAgentConfigProvider(); _deploymentGroupAgentConfigProvider.Initialize(tc); IConfigurationProvider sharedDeploymentAgentConfiguration = new SharedDeploymentAgentConfigProvider(); sharedDeploymentAgentConfiguration.Initialize(tc); IConfigurationProvider environmentVMResourceConfiguration = new EnvironmentVMResourceConfigProvider(); environmentVMResourceConfiguration.Initialize(tc); return new List { buildReleasesAgentConfigProvider, _deploymentGroupAgentConfigProvider, sharedDeploymentAgentConfiguration, environmentVMResourceConfiguration }; } // TODO Unit Test for IsConfigured - Rename config file and make sure it returns false public void Dispose() { rsa?.Dispose(); } [Fact] [Trait("Level", "L0")] [Trait("Category", "ConfigurationManagement")] public void SetupVstsProxySettingWithBasicAuth() { using (TestHostContext tc = CreateTestContext()) { Tracing trace = tc.GetTrace(); trace.Info("Creating config manager"); var configManager = new ConfigurationManager(); configManager.Initialize(tc); // Test with proxy basic auth flag var commandWithBasicAuth = new CommandSettings( tc, new[] { "configure", "--proxyurl", "http://proxy.example.com:8080", "--proxyusername", "testuser", "--proxypassword", "testpass", "--usebasicauthforproxy" }); // Use reflection to call private SetupVstsProxySetting method var method = typeof(ConfigurationManager).GetMethod("SetupVstsProxySetting", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance); bool result = (bool)method.Invoke(configManager, new object[] { _vstsAgentWebProxy.Object, commandWithBasicAuth }); Assert.True(result); _vstsAgentWebProxy.Verify(x => x.SetupProxy("http://proxy.example.com:8080", "testuser", "testpass", true), Times.Once); // Test without proxy basic auth flag (default behavior) var commandWithoutBasicAuth = new CommandSettings( tc, new[] { "configure", "--proxyurl", "http://proxy2.example.com:8080", "--proxyusername", "testuser2", "--proxypassword", "testpass2" }); // Should call SetupProxy with basicAuth=false (default) bool result2 = (bool)method.Invoke(configManager, new object[] { _vstsAgentWebProxy.Object, commandWithoutBasicAuth }); Assert.True(result2); _vstsAgentWebProxy.Verify(x => x.SetupProxy("http://proxy2.example.com:8080", "testuser2", "testpass2", false), Times.Once); } } } } ================================================ FILE: src/Test/L0/Listener/Configuration/Mocks/MockNativeWindowsServiceHelper.cs ================================================ using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using System; using System.Collections.Generic; using System.Text; namespace Test.L0.Listener.Configuration.Mocks { /// /// Mock class for NativeWindowsServiceHelper /// Use this to mock any functions of this class /// public class MockNativeWindowsServiceHelper : NativeWindowsServiceHelper { public bool ShouldAccountBeManagedService { get; set; } public bool ShouldErrorHappenDuringManagedServiceAccoutCheck { get; set; } public override uint CheckNetIsServiceAccount(string ServerName, string AccountName, out bool isServiceAccount) { isServiceAccount = this.ShouldAccountBeManagedService; if (ShouldErrorHappenDuringManagedServiceAccoutCheck) { return 1; } else { return 0; } } } } ================================================ FILE: src/Test/L0/Listener/Configuration/NativeWindowsServiceHelperL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Moq; using Xunit; using System.Security.Principal; using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Tests; using Test.L0.Listener.Configuration.Mocks; using System.ComponentModel; namespace Test.L0.Listener.Configuration { [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public class NativeWindowsServiceHelperL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "ConfigurationManagement")] public void EnsureGetDefaultServiceAccountShouldReturnNetworkServiceAccount() { using (TestHostContext tc = new TestHostContext(this, "EnsureGetDefaultServiceAccountShouldReturnNetworkServiceAccount")) { Tracing trace = tc.GetTrace(); trace.Info("Creating an instance of the NativeWindowsServiceHelper class"); var windowsServiceHelper = new NativeWindowsServiceHelper(); trace.Info("Trying to get the Default Service Account when a BuildRelease Agent is being configured"); var defaultServiceAccount = windowsServiceHelper.GetDefaultServiceAccount(); Assert.True(defaultServiceAccount.ToString().Equals(@"NT AUTHORITY\NETWORK SERVICE"), "If agent is getting configured as build-release agent, default service accout should be 'NT AUTHORITY\\NETWORK SERVICE'"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "ConfigurationManagement")] public void EnsureGetDefaultAdminServiceAccountShouldReturnLocalSystemAccount() { using (TestHostContext tc = new TestHostContext(this, "EnsureGetDefaultAdminServiceAccountShouldReturnLocalSystemAccount")) { Tracing trace = tc.GetTrace(); trace.Info("Creating an instance of the NativeWindowsServiceHelper class"); var windowsServiceHelper = new NativeWindowsServiceHelper(); trace.Info("Trying to get the Default Service Account when a DeploymentAgent is being configured"); var defaultServiceAccount = windowsServiceHelper.GetDefaultAdminServiceAccount(); Assert.True(defaultServiceAccount.ToString().Equals(@"NT AUTHORITY\SYSTEM"), "If agent is getting configured as deployment agent, default service accout should be 'NT AUTHORITY\\SYSTEM'"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "ConfigurationManagement")] public void EnsureIsManagedServiceAccount_TrueForManagedAccount() { using (TestHostContext tc = new TestHostContext(this, "EnsureIsManagedServiceAccount_TrueForManagedAccount")) { Tracing trace = tc.GetTrace(); trace.Info("Creating an instance of the MockNativeWindowsServiceHelper class"); var windowsServiceHelper = new MockNativeWindowsServiceHelper(); windowsServiceHelper.ShouldAccountBeManagedService = true; var isManagedServiceAccount = windowsServiceHelper.IsManagedServiceAccount("managedServiceAccount$"); Assert.True(isManagedServiceAccount, "Account should be properly determined as managed service"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "ConfigurationManagement")] public void EnsureIsManagedServiceAccount_FalseForNonManagedAccount() { using (TestHostContext tc = new TestHostContext(this, "EnsureIsManagedServiceAccount_TrueForManagedAccount")) { Tracing trace = tc.GetTrace(); trace.Info("Creating an instance of the MockNativeWindowsServiceHelper class"); var windowsServiceHelper = new MockNativeWindowsServiceHelper(); windowsServiceHelper.ShouldAccountBeManagedService = false; var isManagedServiceAccount = windowsServiceHelper.IsManagedServiceAccount("managedServiceAccount$"); Assert.True(!isManagedServiceAccount, "Account should be properly determined as not managed service"); } } } } ================================================ FILE: src/Test/L0/Listener/Configuration/PromptManagerTestsL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.Agent.Util; using Moq; using System; using System.Collections.Generic; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener.Configuration { public class PromptManagerTestsL0 { private readonly string _argName = "SomeArgName"; private readonly string _description = "Some description"; private readonly PromptManager _promptManager = new PromptManager(); private readonly Mock _terminal = new Mock(); private readonly string _unattendedExceptionMessage = StringUtil.Loc("InvalidConfigFor0TerminatingUnattended", "SomeArgName"); [Fact] [Trait("Level", "L0")] [Trait("Category", "PromptManager")] public void FallsBackToDefault() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. _terminal .Setup(x => x.ReadLine()) .Returns(string.Empty); _terminal .Setup(x => x.ReadSecret()) .Throws(); hc.SetSingleton(_terminal.Object); _promptManager.Initialize(hc); // Act. string actual = ReadValue(defaultValue: "Some default value"); // Assert. Assert.Equal("Some default value", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PromptManager")] public void FallsBackToDefaultWhenTrimmed() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. _terminal .Setup(x => x.ReadLine()) .Returns(" "); _terminal .Setup(x => x.ReadSecret()) .Throws(); hc.SetSingleton(_terminal.Object); _promptManager.Initialize(hc); // Act. string actual = ReadValue(defaultValue: "Some default value"); // Assert. Assert.Equal("Some default value", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PromptManager")] public void FallsBackToDefaultWhenUnattended() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. _terminal .Setup(x => x.ReadLine()) .Throws(); _terminal .Setup(x => x.ReadSecret()) .Throws(); hc.SetSingleton(_terminal.Object); _promptManager.Initialize(hc); // Act. string actual = ReadValue( defaultValue: "Some default value", unattended: true); // Assert. Assert.Equal("Some default value", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PromptManager")] public void Prompts() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. _terminal .Setup(x => x.ReadLine()) .Returns("Some prompt value"); _terminal .Setup(x => x.ReadSecret()) .Throws(); hc.SetSingleton(_terminal.Object); _promptManager.Initialize(hc); // Act. string actual = ReadValue(); // Assert. Assert.Equal("Some prompt value", actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PromptManager")] public void PromptsAgainWhenEmpty() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var readLineValues = new Queue(new[] { string.Empty, "Some prompt value" }); _terminal .Setup(x => x.ReadLine()) .Returns(() => readLineValues.Dequeue()); _terminal .Setup(x => x.ReadSecret()) .Throws(); hc.SetSingleton(_terminal.Object); _promptManager.Initialize(hc); // Act. string actual = ReadValue(); // Assert. Assert.Equal("Some prompt value", actual); _terminal.Verify(x => x.ReadLine(), Times.Exactly(2)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PromptManager")] public void PromptsAgainWhenFailsValidation() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var readLineValues = new Queue(new[] { "Some invalid prompt value", "Some valid prompt value" }); _terminal .Setup(x => x.ReadLine()) .Returns(() => readLineValues.Dequeue()); _terminal .Setup(x => x.ReadSecret()) .Throws(); hc.SetSingleton(_terminal.Object); _promptManager.Initialize(hc); // Act. string actual = ReadValue(validator: x => x == "Some valid prompt value"); // Assert. Assert.Equal("Some valid prompt value", actual); _terminal.Verify(x => x.ReadLine(), Times.Exactly(2)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PromptManager")] public void ThrowsWhenUnattended() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. _terminal .Setup(x => x.ReadLine()) .Throws(); _terminal .Setup(x => x.ReadSecret()) .Throws(); hc.SetSingleton(_terminal.Object); _promptManager.Initialize(hc); try { // Act. string actual = ReadValue(unattended: true); // Assert. throw new InvalidOperationException(); } catch (ArgumentNullException ex) { // Assert. Assert.True(ex.Message.Contains(_unattendedExceptionMessage)); } } } private string ReadValue( bool secret = false, string defaultValue = null, Func validator = null, bool unattended = false) { return _promptManager.ReadValue( argName: _argName, description: _description, secret: secret, defaultValue: defaultValue, validator: validator ?? DefaultValidator, unattended: unattended); } private static bool DefaultValidator(string val) { return true; } } } ================================================ FILE: src/Test/L0/Listener/Configuration/ServiceControlManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using System; using System.Runtime.CompilerServices; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener.Configuration { public class ServiceControlManagerL0 { private class ServiceNameTest { public String TestName; public String ExpectedServiceName; public String ExpectedServiceDisplayName; public String ServiceNamePattern; public String ServiceDisplayPattern; public String AgentName; public String PoolName; public String EnvironmentName; public String ServerUrl; } [Fact] [Trait("Level", "L0")] [Trait("Category", "ConfigurationManagement")] public void CalculateServiceNameL0() { using (TestHostContext tc = CreateTestContext()) { Tracing trace = tc.GetTrace(); trace.Info("Creating service control manager"); ServiceControlManager scm = new ServiceControlManager(); scm.Initialize(tc); ServiceNameTest[] tests = new ServiceNameTest[] { new ServiceNameTest { TestName = "SystemD Test", ServiceNamePattern = "vsts.agent.{0}.{1}.{2}.service", ServiceDisplayPattern = "Azure Pipelines Agent ({0}.{1}.{2})", AgentName = "foo", PoolName = "pool1", ServerUrl = "https://dev.azure.com/bar", ExpectedServiceName = "vsts.agent.bar.pool1.foo.service", ExpectedServiceDisplayName = "Azure Pipelines Agent (bar.pool1.foo)" }, new ServiceNameTest { TestName = "Long Agent/Pool Test", ServiceNamePattern = "vsts.agent.{0}.{1}.{2}.service", ServiceDisplayPattern = "Azure Pipelines Agent ({0}.{1}.{2})", AgentName = new string('X', 40), PoolName = new string('Y', 40), ServerUrl = "https://dev.azure.com/bar", ExpectedServiceName = "vsts.agent.bar.YYYYYYYYYYYYYYYYYYYYYYYYY.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.service", ExpectedServiceDisplayName = "Azure Pipelines Agent (bar.YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)" }, new ServiceNameTest { TestName = "Pool With Unicode Dash Test", ServiceNamePattern = "vsts.agent.{0}.{1}.{2}.service", ServiceDisplayPattern = "Azure Pipelines Agent ({0}.{1}.{2})", AgentName = "foo", PoolName = "pool" + "\u002D" + "1", ServerUrl = "https://dev.azure.com/bar", ExpectedServiceName = "vsts.agent.bar.pool-1.foo.service", ExpectedServiceDisplayName = "Azure Pipelines Agent (bar.pool-1.foo)" }, new ServiceNameTest { TestName = "Agent For Environment Test", ServiceNamePattern = "vsts.agent.{0}.{1}.{2}.service", ServiceDisplayPattern = "Azure Pipelines Agent ({0}.{1}.{2})", AgentName = new string('X', 40), EnvironmentName = new string('Y',40), ServerUrl = "https://dev.azure.com/bar", ExpectedServiceName = "vsts.agent.bar.YYYYYYYYYYYYYYYYYYYYYYYYY.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.service", ExpectedServiceDisplayName = "Azure Pipelines Agent (bar.YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)" }, }; foreach (var test in tests) { AgentSettings settings = new AgentSettings(); settings.ServerUrl = test.ServerUrl; settings.AgentName = test.AgentName; settings.PoolName = test.PoolName; settings.EnvironmentName = test.EnvironmentName; scm.CalculateServiceName(settings, test.ServiceNamePattern, test.ServiceDisplayPattern, out string serviceName, out string serviceDisplayName); Assert.True(string.Equals(serviceName, test.ExpectedServiceName), $"{test.TestName} Service Name Expected: {test.ExpectedServiceName}, Got: {serviceName}"); Assert.True(serviceName.Length <= 80, $"{test.TestName} Service Name is <= 80"); Assert.True(string.Equals(serviceDisplayName, test.ExpectedServiceDisplayName), $"{test.TestName} Service Display Name Expected: {test.ExpectedServiceDisplayName}, Got: {serviceDisplayName}"); } } } private TestHostContext CreateTestContext([CallerMemberName] String testName = "") { TestHostContext tc = new TestHostContext(this, testName); return tc; } } } ================================================ FILE: src/Test/L0/Listener/Configuration/UserCapabilitiesProviderTestL0.cs ================================================ using Microsoft.VisualStudio.Services.Agent.Capabilities; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Moq; using System; using System.IO; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener { public sealed class UserCapabilitiesProviderTestL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestGetCapabilitiesWithDotCapabilities() { using (var hc = new TestHostContext(this)) using (var tokenSource = new CancellationTokenSource()) { var capFile = Path.Combine(hc.GetDirectory(WellKnownDirectory.Root), ".capabilities"); try { File.WriteAllText(capFile, "User.Capability=My Value"); Mock configurationManager = new Mock(); hc.SetSingleton(configurationManager.Object); // Arrange var provider = new UserCapabilitiesProvider(); provider.Initialize(hc); var settings = new AgentSettings(); // Act List capabilities = await provider.GetCapabilitiesAsync(settings, tokenSource.Token); // Assert Assert.NotNull(capabilities); Capability myCapability = capabilities.SingleOrDefault(x => string.Equals(x.Name, "User.Capability", StringComparison.Ordinal)); Assert.NotNull(myCapability); Assert.Equal("My Value", myCapability.Value); Assert.Equal(1, capabilities.Count); } finally { File.Delete(capFile); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void TestGetCapabilitiesWithoutDotCapabilities() { using (var hc = new TestHostContext(this)) using (var tokenSource = new CancellationTokenSource()) { Mock configurationManager = new Mock(); hc.SetSingleton(configurationManager.Object); // Arrange var provider = new UserCapabilitiesProvider(); provider.Initialize(hc); var settings = new AgentSettings() { AgentName = "IAmAgent007" }; // Act List capabilities = await provider.GetCapabilitiesAsync(settings, tokenSource.Token); // Assert Assert.NotNull(capabilities); Assert.Empty(capabilities); } } } } ================================================ FILE: src/Test/L0/Listener/JobDispatcherL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Reflection; using System.Threading; using System.Threading.Tasks; using Agent.Listener.Configuration; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Listener; using Microsoft.VisualStudio.Services.WebApi; using Moq; using Xunit; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener { public sealed class JobDispatcherL0 { private Mock _processChannel; private Mock _processInvoker; private Mock _agentServer; private Mock _configurationStore; private Mock _featureFlagProvider; public JobDispatcherL0() { _processChannel = new Mock(); _processInvoker = new Mock(); _agentServer = new Mock(); _configurationStore = new Mock(); _featureFlagProvider = new Mock(); } private Pipelines.AgentJobRequestMessage CreateJobRequestMessage() { TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = null; JobEnvironment environment = new JobEnvironment(); List tasks = new List(); Guid JobId = Guid.NewGuid(); var jobRequest = new AgentJobRequestMessage(plan, timeline, JobId, "someJob", "someJob", environment, tasks); return Pipelines.AgentJobRequestMessageUtil.Convert(jobRequest); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void DispatchesJobRequest() { //Arrange using (var hc = new TestHostContext(this)) { var jobDispatcher = new JobDispatcher(); hc.SetSingleton(_configurationStore.Object); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_featureFlagProvider.Object); hc.EnqueueInstance(_processChannel.Object); hc.EnqueueInstance(_processInvoker.Object); _configurationStore.Setup(x => x.GetSettings()).Returns(new AgentSettings() { PoolId = 1 }); jobDispatcher.Initialize(hc); Pipelines.AgentJobRequestMessage message = CreateJobRequestMessage(); string strMessage = JsonUtility.ToString(message); _processInvoker.Setup(x => x.ExecuteAsync(It.IsAny(), It.IsAny(), "spawnclient 1 2", null, It.IsAny())) .Returns(Task.FromResult(56)); _processChannel.Setup(x => x.StartServer(It.IsAny(), It.IsAny())) .Callback((StartProcessDelegate startDel, bool disposeClient) => { startDel("1", "2"); }); _processChannel.Setup(x => x.SendAsync(MessageType.NewJobRequest, It.Is(s => s.Equals(strMessage)), It.IsAny())) .Returns(Task.CompletedTask); var request = new TaskAgentJobRequest(); PropertyInfo sessionIdProperty = request.GetType().GetProperty("LockedUntil", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(sessionIdProperty); sessionIdProperty.SetValue(request, DateTime.UtcNow.AddMinutes(5)); _agentServer.Setup(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(request)); _agentServer.Setup(x => x.FinishAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(new TaskAgentJobRequest())); //Actt jobDispatcher.Run(message); //Assert await jobDispatcher.WaitAsync(CancellationToken.None); Assert.False(jobDispatcher.RunOnceJobCompleted.Task.IsCompleted, "JobDispatcher should not set task complete token for regular agent."); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope")] public async void DispatcherRenewJobRequest() { //Arrange using (var hc = new TestHostContext(this)) { int poolId = 1; Int64 requestId = 1000; int count = 0; var trace = hc.GetTrace(nameof(DispatcherRenewJobRequest)); TaskCompletionSource firstJobRequestRenewed = new TaskCompletionSource(); CancellationTokenSource cancellationTokenSource = new CancellationTokenSource(); TaskAgentJobRequest request = new TaskAgentJobRequest(); PropertyInfo lockUntilProperty = request.GetType().GetProperty("LockedUntil", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(lockUntilProperty); lockUntilProperty.SetValue(request, DateTime.UtcNow.AddMinutes(5)); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_configurationStore.Object); _configurationStore.Setup(x => x.GetSettings()).Returns(new AgentSettings() { PoolId = 1 }); _agentServer.Setup(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(() => { count++; if (!firstJobRequestRenewed.Task.IsCompletedSuccessfully) { trace.Info("First renew happens."); } if (count < 5) { return Task.FromResult(request); } else if (count == 5) { cancellationTokenSource.Cancel(); return Task.FromResult(request); } else { throw new InvalidOperationException("Should not reach here."); } }); var jobDispatcher = new JobDispatcher(); jobDispatcher.Initialize(hc); await jobDispatcher.RenewJobRequestAsync(poolId, requestId, Guid.Empty, firstJobRequestRenewed, cancellationTokenSource.Token); Assert.True(firstJobRequestRenewed.Task.IsCompletedSuccessfully); _agentServer.Verify(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny()), Times.Exactly(5)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope")] public async void DispatcherRenewJobRequestStopOnJobNotFoundExceptions() { //Arrange using (var hc = new TestHostContext(this)) { int poolId = 1; Int64 requestId = 1000; int count = 0; var trace = hc.GetTrace(nameof(DispatcherRenewJobRequestStopOnJobNotFoundExceptions)); TaskCompletionSource firstJobRequestRenewed = new TaskCompletionSource(); CancellationTokenSource cancellationTokenSource = new CancellationTokenSource(); TaskAgentJobRequest request = new TaskAgentJobRequest(); PropertyInfo lockUntilProperty = request.GetType().GetProperty("LockedUntil", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(lockUntilProperty); lockUntilProperty.SetValue(request, DateTime.UtcNow.AddMinutes(5)); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_configurationStore.Object); _configurationStore.Setup(x => x.GetSettings()).Returns(new AgentSettings() { PoolId = 1 }); _agentServer.Setup(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(() => { count++; if (!firstJobRequestRenewed.Task.IsCompletedSuccessfully) { trace.Info("First renew happens."); } if (count < 5) { return Task.FromResult(request); } else if (count == 5) { cancellationTokenSource.CancelAfter(10000); throw new TaskAgentJobNotFoundException(""); } else { throw new InvalidOperationException("Should not reach here."); } }); var jobDispatcher = new JobDispatcher(); jobDispatcher.Initialize(hc); await jobDispatcher.RenewJobRequestAsync(poolId, requestId, Guid.Empty, firstJobRequestRenewed, cancellationTokenSource.Token); Assert.True(firstJobRequestRenewed.Task.IsCompletedSuccessfully, "First renew should succeed."); Assert.False(cancellationTokenSource.IsCancellationRequested); _agentServer.Verify(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny()), Times.Exactly(5)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope")] public async void DispatcherRenewJobRequestStopOnJobTokenExpiredExceptions() { //Arrange using (var hc = new TestHostContext(this)) { int poolId = 1; Int64 requestId = 1000; int count = 0; var trace = hc.GetTrace(nameof(DispatcherRenewJobRequestStopOnJobTokenExpiredExceptions)); TaskCompletionSource firstJobRequestRenewed = new TaskCompletionSource(); CancellationTokenSource cancellationTokenSource = new CancellationTokenSource(); TaskAgentJobRequest request = new TaskAgentJobRequest(); PropertyInfo lockUntilProperty = request.GetType().GetProperty("LockedUntil", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(lockUntilProperty); lockUntilProperty.SetValue(request, DateTime.UtcNow.AddMinutes(5)); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_configurationStore.Object); _configurationStore.Setup(x => x.GetSettings()).Returns(new AgentSettings() { PoolId = 1 }); _agentServer.Setup(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(() => { count++; if (!firstJobRequestRenewed.Task.IsCompletedSuccessfully) { trace.Info("First renew happens."); } if (count < 5) { return Task.FromResult(request); } else if (count == 5) { cancellationTokenSource.CancelAfter(10000); throw new TaskAgentJobTokenExpiredException(""); } else { throw new InvalidOperationException("Should not reach here."); } }); var jobDispatcher = new JobDispatcher(); jobDispatcher.Initialize(hc); await jobDispatcher.RenewJobRequestAsync(poolId, requestId, Guid.Empty, firstJobRequestRenewed, cancellationTokenSource.Token); Assert.True(firstJobRequestRenewed.Task.IsCompletedSuccessfully, "First renew should succeed."); Assert.False(cancellationTokenSource.IsCancellationRequested); _agentServer.Verify(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny()), Times.Exactly(5)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope")] public async void DispatcherRenewJobRequestRecoverFromExceptions() { //Arrange using (var hc = new TestHostContext(this)) { int poolId = 1; Int64 requestId = 1000; int count = 0; var trace = hc.GetTrace(nameof(DispatcherRenewJobRequestRecoverFromExceptions)); TaskCompletionSource firstJobRequestRenewed = new TaskCompletionSource(); CancellationTokenSource cancellationTokenSource = new CancellationTokenSource(); TaskAgentJobRequest request = new TaskAgentJobRequest(); PropertyInfo lockUntilProperty = request.GetType().GetProperty("LockedUntil", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(lockUntilProperty); lockUntilProperty.SetValue(request, DateTime.UtcNow.AddMinutes(5)); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_configurationStore.Object); _configurationStore.Setup(x => x.GetSettings()).Returns(new AgentSettings() { PoolId = 1 }); _agentServer.Setup(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(() => { count++; if (!firstJobRequestRenewed.Task.IsCompletedSuccessfully) { trace.Info("First renew happens."); } if (count < 5) { return Task.FromResult(request); } else if (count == 5 || count == 6 || count == 7) { throw new TimeoutException(""); } else { cancellationTokenSource.Cancel(); return Task.FromResult(request); } }); var jobDispatcher = new JobDispatcher(); jobDispatcher.Initialize(hc); await jobDispatcher.RenewJobRequestAsync(poolId, requestId, Guid.Empty, firstJobRequestRenewed, cancellationTokenSource.Token); Assert.True(firstJobRequestRenewed.Task.IsCompletedSuccessfully, "First renew should succeed."); Assert.True(cancellationTokenSource.IsCancellationRequested); _agentServer.Verify(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny()), Times.Exactly(8)); _agentServer.Verify(x => x.RefreshConnectionAsync(AgentConnectionType.JobRequest, It.IsAny()), Times.Exactly(3)); _agentServer.Verify(x => x.ResetConnectionTimeout(AgentConnectionType.JobRequest, It.IsAny()), Times.Once); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope")] public async void DispatcherRenewJobRequestFirstRenewRetrySixTimes() { //Arrange using (var hc = new TestHostContext(this)) { int poolId = 1; Int64 requestId = 1000; int count = 0; var trace = hc.GetTrace(nameof(DispatcherRenewJobRequestFirstRenewRetrySixTimes)); TaskCompletionSource firstJobRequestRenewed = new TaskCompletionSource(); CancellationTokenSource cancellationTokenSource = new CancellationTokenSource(); TaskAgentJobRequest request = new TaskAgentJobRequest(); PropertyInfo lockUntilProperty = request.GetType().GetProperty("LockedUntil", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(lockUntilProperty); lockUntilProperty.SetValue(request, DateTime.UtcNow.AddMinutes(5)); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_configurationStore.Object); _configurationStore.Setup(x => x.GetSettings()).Returns(new AgentSettings() { PoolId = 1 }); _agentServer.Setup(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(() => { count++; if (!firstJobRequestRenewed.Task.IsCompletedSuccessfully) { trace.Info("First renew happens."); } if (count <= 5) { throw new TimeoutException(""); } else { cancellationTokenSource.CancelAfter(10000); throw new InvalidOperationException("Should not reach here."); } }); var jobDispatcher = new JobDispatcher(); jobDispatcher.Initialize(hc); await jobDispatcher.RenewJobRequestAsync(poolId, requestId, Guid.Empty, firstJobRequestRenewed, cancellationTokenSource.Token); Assert.False(firstJobRequestRenewed.Task.IsCompletedSuccessfully, "First renew should failed."); Assert.False(cancellationTokenSource.IsCancellationRequested); _agentServer.Verify(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny()), Times.Exactly(6)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope")] public async void DispatcherRenewJobRequestStopOnExpiredRequest() { //Arrange using (var hc = new TestHostContext(this)) { int poolId = 1; Int64 requestId = 1000; int count = 0; var trace = hc.GetTrace(nameof(DispatcherRenewJobRequestStopOnExpiredRequest)); TaskCompletionSource firstJobRequestRenewed = new TaskCompletionSource(); CancellationTokenSource cancellationTokenSource = new CancellationTokenSource(); TaskAgentJobRequest request = new TaskAgentJobRequest(); PropertyInfo lockUntilProperty = request.GetType().GetProperty("LockedUntil", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(lockUntilProperty); lockUntilProperty.SetValue(request, DateTime.UtcNow.AddMinutes(5)); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_configurationStore.Object); _configurationStore.Setup(x => x.GetSettings()).Returns(new AgentSettings() { PoolId = 1 }); _agentServer.Setup(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(() => { count++; if (!firstJobRequestRenewed.Task.IsCompletedSuccessfully) { trace.Info("First renew happens."); } if (count == 1) { return Task.FromResult(request); } else if (count < 5) { throw new TimeoutException(""); } else if (count == 5) { lockUntilProperty.SetValue(request, DateTime.UtcNow.Subtract(TimeSpan.FromMinutes(11))); throw new TimeoutException(""); } else { cancellationTokenSource.CancelAfter(10000); throw new InvalidOperationException("Should not reach here."); } }); var jobDispatcher = new JobDispatcher(); jobDispatcher.Initialize(hc); await jobDispatcher.RenewJobRequestAsync(poolId, requestId, Guid.Empty, firstJobRequestRenewed, cancellationTokenSource.Token); Assert.True(firstJobRequestRenewed.Task.IsCompletedSuccessfully, "First renew should succeed."); Assert.False(cancellationTokenSource.IsCancellationRequested); _agentServer.Verify(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny()), Times.Exactly(5)); _agentServer.Verify(x => x.RefreshConnectionAsync(AgentConnectionType.JobRequest, It.IsAny()), Times.Exactly(3)); _agentServer.Verify(x => x.ResetConnectionTimeout(AgentConnectionType.JobRequest, It.IsAny()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async void DispatchesOneTimeJobRequest() { //Arrange using (var hc = new TestHostContext(this)) { var jobDispatcher = new JobDispatcher(); hc.SetSingleton(_configurationStore.Object); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_featureFlagProvider.Object); hc.EnqueueInstance(_processChannel.Object); hc.EnqueueInstance(_processInvoker.Object); _configurationStore.Setup(x => x.GetSettings()).Returns(new AgentSettings() { PoolId = 1 }); jobDispatcher.Initialize(hc); Pipelines.AgentJobRequestMessage message = CreateJobRequestMessage(); string strMessage = JsonUtility.ToString(message); _processInvoker.Setup(x => x.ExecuteAsync(It.IsAny(), It.IsAny(), "spawnclient 1 2", null, It.IsAny())) .Returns(Task.FromResult(56)); _processChannel.Setup(x => x.StartServer(It.IsAny(), It.IsAny())) .Callback((StartProcessDelegate startDel, bool disposeClient) => { startDel("1", "2"); }); _processChannel.Setup(x => x.SendAsync(MessageType.NewJobRequest, It.Is(s => s.Equals(strMessage)), It.IsAny())) .Returns(Task.CompletedTask); var request = new TaskAgentJobRequest(); PropertyInfo sessionIdProperty = request.GetType().GetProperty("LockedUntil", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(sessionIdProperty); sessionIdProperty.SetValue(request, DateTime.UtcNow.AddMinutes(5)); _agentServer.Setup(x => x.RenewAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(request)); _agentServer.Setup(x => x.FinishAgentRequestAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(new TaskAgentJobRequest())); //Act jobDispatcher.Run(message, true); //Assert await jobDispatcher.WaitAsync(CancellationToken.None); Assert.True(jobDispatcher.RunOnceJobCompleted.Task.IsCompleted, "JobDispatcher should set task complete token for one time agent."); Assert.True(jobDispatcher.RunOnceJobCompleted.Task.Result, "JobDispatcher should set task complete token to 'TRUE' for one time agent."); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async Task HandleWorkerTimeoutAsync_AlwaysSendsFlushLogsRequest() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange var jobDispatcher = new JobDispatcher(); _configurationStore.Setup(x => x.GetSettings()).Returns(new AgentSettings() { PoolId = 1 }); hc.SetSingleton(_configurationStore.Object); hc.SetSingleton(_agentServer.Object); hc.SetSingleton(_processInvoker.Object); hc.SetSingleton(_processChannel.Object); hc.SetSingleton(_featureFlagProvider.Object); jobDispatcher.Initialize(hc); var message = CreateJobRequestMessage(); var workerProcessTask = Task.FromResult(0); using var workerProcessCancelTokenSource = new CancellationTokenSource(); using var workerCancelTimeoutTokenSource = new CancellationTokenSource(); var workerCancelTimeoutKillToken = workerCancelTimeoutTokenSource.Token; _processChannel.Setup(x => x.SendAsync( MessageType.FlushLogsRequest, string.Empty, It.IsAny())) .Returns(Task.CompletedTask); // Use reflection to access the private HandleWorkerTimeoutAsync method var method = typeof(JobDispatcher).GetMethod("HandleWorkerTimeoutAsync", BindingFlags.NonPublic | BindingFlags.Instance); Assert.NotNull(method); // Act var task = (Task)method.Invoke(jobDispatcher, new object[] { message.JobId, _processChannel.Object, workerProcessTask, workerProcessCancelTokenSource, workerCancelTimeoutKillToken }); await task; // Assert - HandleWorkerTimeoutAsync always sends FlushLogsRequest _processChannel.Verify(x => x.SendAsync( MessageType.FlushLogsRequest, string.Empty, It.IsAny()), Times.Once); } } // Note: HandleWorkerTimeoutAsync always sends FlushLogsRequest when called. // The timeout log flushing feature control happens at a higher level // determining whether HandleWorkerTimeoutAsync is called at all. [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void JobDispatcher_HasHandleWorkerTimeoutAsyncMethod() { // Arrange & Act var method = typeof(JobDispatcher).GetMethod("HandleWorkerTimeoutAsync", BindingFlags.NonPublic | BindingFlags.Instance); // Assert - Verify that the timeout log flushing method exists Assert.NotNull(method); var parameters = method.GetParameters(); Assert.Equal(5, parameters.Length); Assert.Equal("jobId", parameters[0].Name); Assert.Equal("processChannel", parameters[1].Name); Assert.Equal("workerProcessTask", parameters[2].Name); Assert.Equal("workerProcessCancelTokenSource", parameters[3].Name); Assert.Equal("workerCancelTimeoutKillToken", parameters[4].Name); } } } ================================================ FILE: src/Test/L0/Listener/ListenerCorrelationIntegrationL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. #pragma warning disable CA2000 // Dispose objects before losing scope - test files manage disposal appropriately using System; using System.IO; using System.Threading; using System.Threading.Tasks; using Xunit; using Microsoft.VisualStudio.Services.Agent.Listener; using Microsoft.VisualStudio.Services.Agent.Worker; using Agent.Sdk.SecretMasking; using Agent.Sdk.Knob; using Agent.Sdk; using ExecutionContext = Microsoft.VisualStudio.Services.Agent.Worker.ExecutionContext; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener { /// /// Integration tests for correlation context in Listener scenarios /// Tests correlation tracking from agent listener perspective /// public sealed class ListenerCorrelationIntegrationL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Listener")] public void Listener_HostContext_ProvidesCorrelationManager() { // Arrange & Act using var hc = new TestHostContext(this); var manager = hc.CorrelationContextManager; // Assert Assert.NotNull(manager); Assert.IsAssignableFrom(manager); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Listener")] public void Listener_HostContext_CorrelationManagerDisposedWithContext() { // Arrange ICorrelationContextManager manager; // Act using (var hc = new TestHostContext(this)) { manager = hc.CorrelationContextManager; using var ec = new ExecutionContext(); ec.Initialize(hc); ec.SetCorrelationStep("test"); var beforeDispose = manager.BuildCorrelationId(); Assert.NotEmpty(beforeDispose); } // HostContext disposed // Assert - After HostContext disposal, manager should be cleared var afterDispose = manager.BuildCorrelationId(); Assert.Equal(string.Empty, afterDispose); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Listener")] public void Listener_TraceManager_UsesCorrelationFromHostContext() { // Arrange string logPath = Path.Combine(Path.GetTempPath(), $"listener_trace_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); using var hc = new TestHostContext(this); try { // Act - Create TraceManager which should get correlation manager from HostContext var traceManager = new TraceManager(listener, masker, hc); // Assert - Should not throw Assert.NotNull(traceManager); traceManager.Dispose(); } finally { listener.Dispose(); if (File.Exists(logPath)) { File.Delete(logPath); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Listener")] public void Listener_TraceManager_GracefullyHandlesNonHostContext() { // Arrange string logPath = Path.Combine(Path.GetTempPath(), $"listener_throw_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); // Create a mock knob context that is NOT IHostContext var notHostContext = new MockKnobValueContext(); try { // Act - should NOT throw, but instead use NoOpCorrelationContextManager // This tests the graceful fallback behavior requested by code review var traceManager = new TraceManager(listener, masker, notHostContext); // Assert - TraceManager should be created successfully with NoOp correlation manager Assert.NotNull(traceManager); // Enhanced logging will be disabled, but agent won't crash // This is the "default behaviour" requested in PR review comment } finally { listener.Dispose(); if (File.Exists(logPath)) { File.Delete(logPath); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Listener")] public void Listener_EnhancedTracing_CreatedWithCorrelationManager() { // Arrange string logPath = Path.Combine(Path.GetTempPath(), $"listener_enhanced_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); using var hc = new TestHostContext(this); // Enable enhanced logging Environment.SetEnvironmentVariable("AZP_USE_ENHANCED_LOGGING", "true"); try { // Act var traceManager = new TraceManager(listener, masker, hc); traceManager.SetEnhancedLoggingEnabled(true); var trace = traceManager["ListenerTest"]; // Create execution context with correlation using var ec = new ExecutionContext(); ec.Initialize(hc); ec.SetCorrelationStep("listener-trace-test"); trace.Info("Test message from listener"); // Dispose in proper order traceManager.Dispose(); listener.Dispose(); masker.Dispose(); // Wait for file handles to be released Task.Delay(200).Wait(); // Assert if (File.Exists(logPath)) { var logContent = File.ReadAllText(logPath); Assert.Contains("Test message from listener", logContent); // Enhanced tracing should include correlation (hyphens removed by ShortenGuid) Assert.Contains("listenertrac", logContent); // "listener-trace-test" becomes "listenertrac" (first 12 chars) } } finally { Environment.SetEnvironmentVariable("AZP_USE_ENHANCED_LOGGING", null); // Wait before attempting to delete Task.Delay(100).Wait(); if (File.Exists(logPath)) { try { File.Delete(logPath); } catch (IOException) { // File still locked, ignore cleanup error } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Listener")] public void Listener_MultipleTraceSources_ShareCorrelationManager() { // Arrange using var hc = new TestHostContext(this); var manager = hc.CorrelationContextManager; string logPath = Path.Combine(Path.GetTempPath(), $"listener_multi_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); try { var traceManager = new TraceManager(listener, masker, hc); var trace1 = traceManager["Source1"]; var trace2 = traceManager["Source2"]; // Act - Set correlation once using var ec = new ExecutionContext(); ec.Initialize(hc); ec.SetCorrelationStep("shared-correlation"); var correlation1 = manager.BuildCorrelationId(); var correlation2 = manager.BuildCorrelationId(); // Assert - Both should see the same correlation (hyphens removed by ShortenGuid) Assert.Equal(correlation1, correlation2); Assert.Contains("sharedcorrel", correlation1); // "shared-correlation" becomes "sharedcorrel" (first 12 chars) traceManager.Dispose(); } finally { listener.Dispose(); if (File.Exists(logPath)) { File.Delete(logPath); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Listener")] public void Listener_HostContext_CorrelationManagerSingleton() { // Arrange & Act using var hc = new TestHostContext(this); var manager1 = hc.CorrelationContextManager; var manager2 = hc.CorrelationContextManager; // Assert - Should be same instance Assert.Same(manager1, manager2); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Listener")] public void Listener_AgentShutdown_ClearsCorrelationContext() { // Arrange using var hc = new TestHostContext(this); var manager = hc.CorrelationContextManager; using var ec = new ExecutionContext(); ec.Initialize(hc); ec.SetCorrelationStep("shutdown-test"); var beforeShutdown = manager.BuildCorrelationId(); // Act - Simulate shutdown hc.ShutdownAgent(ShutdownReason.UserCancelled); // ExecutionContext disposal should clear correlation ec.Dispose(); var afterShutdown = manager.BuildCorrelationId(); // Assert Assert.NotEmpty(beforeShutdown); Assert.Equal(string.Empty, afterShutdown); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Listener")] public async Task Listener_ConcurrentExecutionContexts_IsolatedCorrelation() { // Arrange using var hc = new TestHostContext(this); var manager = hc.CorrelationContextManager; // Act - Simulate concurrent job dispatches var task1 = Task.Run(() => { using var ec1 = new ExecutionContext(); ec1.Initialize(hc); ec1.SetCorrelationStep("job-1"); Thread.Sleep(50); return manager.BuildCorrelationId(); }); var task2 = Task.Run(() => { using var ec2 = new ExecutionContext(); ec2.Initialize(hc); ec2.SetCorrelationStep("job-2"); Thread.Sleep(50); return manager.BuildCorrelationId(); }); var results = await Task.WhenAll(task1, task2); // Assert - Each task sees its own correlation ID // ExecutionContext.Initialize() registers with the shared manager, // and the last registration wins in the shared AsyncLocal Assert.All(results, r => Assert.NotEmpty(r)); Assert.Contains(results, r => r.Contains("job1") || r.Contains("job2")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Listener")] public void Listener_TraceManagerSwitch_PreservesCorrelation() { // Arrange string logPath = Path.Combine(Path.GetTempPath(), $"listener_switch_{Guid.NewGuid():N}.log"); var listener = new HostTraceListener(logPath) { DisableConsoleReporting = true }; using var ossMasker = new OssSecretMasker(); var masker = LoggedSecretMasker.Create(ossMasker); using var hc = new TestHostContext(this); try { var traceManager = new TraceManager(listener, masker, hc); using var ec = new ExecutionContext(); ec.Initialize(hc); ec.SetCorrelationStep("switch-test"); // Act - Switch enhanced logging on and off traceManager.SetEnhancedLoggingEnabled(true); var trace1 = traceManager["Test"]; trace1.Info("Message with enhanced logging"); traceManager.SetEnhancedLoggingEnabled(false); var trace2 = traceManager["Test"]; trace2.Info("Message without enhanced logging"); traceManager.SetEnhancedLoggingEnabled(true); var trace3 = traceManager["Test"]; trace3.Info("Message with enhanced logging again"); traceManager.Dispose(); listener.Dispose(); Task.Delay(50).Wait(); // Assert if (File.Exists(logPath)) { var logContent = File.ReadAllText(logPath); Assert.Contains("Message with enhanced logging", logContent); Assert.Contains("Message without enhanced logging", logContent); Assert.Contains("Message with enhanced logging again", logContent); } } finally { if (File.Exists(logPath)) { File.Delete(logPath); } } } // Mock implementation for testing TraceManager validation private class MockKnobValueContext : IKnobValueContext { public IScopedEnvironment GetScopedEnvironment() { return null; } public string GetVariableValueOrDefault(string variableName) { _ = variableName; return null; } } } } ================================================ FILE: src/Test/L0/Listener/MessageListenerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Listener.Configuration; using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Listener; using Microsoft.VisualStudio.Services.Agent.Capabilities; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.Common; using Moq; using System; using System.Runtime.CompilerServices; using System.Security.Cryptography; using System.Threading.Tasks; using Xunit; using System.Threading; using System.Reflection; using System.Collections.Generic; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener { public sealed class MessageListenerL0 : IDisposable { private AgentSettings _settings; private Mock _config; private Mock _agentServer; private Mock _credMgr; private Mock _capabilitiesManager; private Mock _featureFlagProvider; private Mock _rsaKeyManager; private readonly RSACryptoServiceProvider rsa; public MessageListenerL0() { _settings = new AgentSettings { AgentId = 1, AgentName = "myagent", PoolId = 123, PoolName = "default", ServerUrl = "http://myserver", WorkFolder = "_work" }; _config = new Mock(); _config.Setup(x => x.LoadSettings()).Returns(_settings); _agentServer = new Mock(); _credMgr = new Mock(); _capabilitiesManager = new Mock(); _featureFlagProvider = new Mock(); _rsaKeyManager = new Mock(); _featureFlagProvider.Setup(x => x.GetFeatureFlagAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(new FeatureAvailability.FeatureFlag("", "", "", "Off", "Off"))); _featureFlagProvider.Setup(x => x.GetFeatureFlagWithCred(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())).Returns(Task.FromResult(new FeatureAvailability.FeatureFlag("", "", "", "Off", "Off"))); rsa = new RSACryptoServiceProvider(2048); _rsaKeyManager.Setup(x => x.CreateKey(It.IsAny(), It.IsAny())).Returns(rsa); } private TestHostContext CreateTestContext([CallerMemberName] String testName = "") { TestHostContext tc = new TestHostContext(this, testName); tc.SetSingleton(_config.Object); tc.SetSingleton(_agentServer.Object); tc.SetSingleton(_credMgr.Object); tc.SetSingleton(_capabilitiesManager.Object); tc.SetSingleton(_featureFlagProvider.Object); tc.SetSingleton(_rsaKeyManager.Object); return tc; } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async Task CreatesSession() { using (TestHostContext tc = CreateTestContext()) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = tc.GetTrace(); // Arrange. var expectedSession = new TaskAgentSession(); _agentServer .Setup(x => x.CreateAgentSessionAsync( _settings.PoolId, It.Is(y => y != null), tokenSource.Token)) .Returns(Task.FromResult(expectedSession)); _capabilitiesManager.Setup(x => x.GetCapabilitiesAsync(_settings, It.IsAny())).Returns(Task.FromResult(new Dictionary())); _credMgr.Setup(x => x.LoadCredentials()).Returns(new Common.VssCredentials()); // Act. MessageListener listener = new MessageListener(); listener.Initialize(tc); bool result = await listener.CreateSessionAsync(tokenSource.Token); trace.Info($"result: {result}"); // Assert. Assert.True(result); _agentServer .Verify(x => x.CreateAgentSessionAsync( _settings.PoolId, It.Is(y => y != null), tokenSource.Token), Times.Once()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async Task DeleteSession() { using (TestHostContext tc = CreateTestContext()) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = tc.GetTrace(); // Arrange. var expectedSession = new TaskAgentSession(); PropertyInfo sessionIdProperty = expectedSession.GetType().GetProperty("SessionId", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(sessionIdProperty); sessionIdProperty.SetValue(expectedSession, Guid.NewGuid()); _agentServer .Setup(x => x.CreateAgentSessionAsync( _settings.PoolId, It.Is(y => y != null), tokenSource.Token)) .Returns(Task.FromResult(expectedSession)); _capabilitiesManager.Setup(x => x.GetCapabilitiesAsync(_settings, It.IsAny())).Returns(Task.FromResult(new Dictionary())); _credMgr.Setup(x => x.LoadCredentials()).Returns(new Common.VssCredentials()); // Act. MessageListener listener = new MessageListener(); listener.Initialize(tc); bool result = await listener.CreateSessionAsync(tokenSource.Token); Assert.True(result); _agentServer .Setup(x => x.DeleteAgentSessionAsync( _settings.PoolId, expectedSession.SessionId, It.IsAny())) .Returns(Task.CompletedTask); await listener.DeleteSessionAsync(); //Assert _agentServer .Verify(x => x.DeleteAgentSessionAsync( _settings.PoolId, expectedSession.SessionId, It.IsAny()), Times.Once()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async Task GetNextMessage() { using (TestHostContext tc = CreateTestContext()) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = tc.GetTrace(); // Arrange. var expectedSession = new TaskAgentSession(); PropertyInfo sessionIdProperty = expectedSession.GetType().GetProperty("SessionId", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(sessionIdProperty); sessionIdProperty.SetValue(expectedSession, Guid.NewGuid()); _agentServer .Setup(x => x.CreateAgentSessionAsync( _settings.PoolId, It.Is(y => y != null), tokenSource.Token)) .Returns(Task.FromResult(expectedSession)); _capabilitiesManager.Setup(x => x.GetCapabilitiesAsync(_settings, It.IsAny())).Returns(Task.FromResult(new Dictionary())); _credMgr.Setup(x => x.LoadCredentials()).Returns(new Common.VssCredentials()); // Act. MessageListener listener = new MessageListener(); listener.Initialize(tc); bool result = await listener.CreateSessionAsync(tokenSource.Token); Assert.True(result); var arMessages = new TaskAgentMessage[] { new TaskAgentMessage { Body = "somebody1", MessageId = 4234, MessageType = JobRequestMessageTypes.AgentJobRequest }, new TaskAgentMessage { Body = "somebody2", MessageId = 4235, MessageType = JobCancelMessage.MessageType }, null, //should be skipped by GetNextMessageAsync implementation null, new TaskAgentMessage { Body = "somebody3", MessageId = 4236, MessageType = JobRequestMessageTypes.AgentJobRequest } }; var messages = new Queue(arMessages); _agentServer .Setup(x => x.GetAgentMessageAsync( _settings.PoolId, expectedSession.SessionId, It.IsAny(), tokenSource.Token)) .Returns(async (Int32 poolId, Guid sessionId, Int64? lastMessageId, CancellationToken cancellationToken) => { await Task.Yield(); return messages.Dequeue(); }); TaskAgentMessage message1 = await listener.GetNextMessageAsync(tokenSource.Token); TaskAgentMessage message2 = await listener.GetNextMessageAsync(tokenSource.Token); TaskAgentMessage message3 = await listener.GetNextMessageAsync(tokenSource.Token); Assert.Equal(arMessages[0], message1); Assert.Equal(arMessages[1], message2); Assert.Equal(arMessages[4], message3); //Assert _agentServer .Verify(x => x.GetAgentMessageAsync( _settings.PoolId, expectedSession.SessionId, It.IsAny(), tokenSource.Token), Times.Exactly(arMessages.Length)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async Task CreateSessionUsesExponentialBackoffWhenFlagEnabled() { using (TestHostContext tc = CreateTestContext()) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = tc.GetTrace(); try { int callCount = 0; _agentServer .Setup(x => x.CreateAgentSessionAsync(_settings.PoolId, It.Is(y => y != null), tokenSource.Token)) .Returns(() => { callCount++; // Fail first 5 attempts to check delay at attempt 5 if (callCount <= 5) { throw new Exception("Temporary failure"); } return Task.FromResult(new TaskAgentSession()); }); _capabilitiesManager.Setup(x => x.GetCapabilitiesAsync(_settings, It.IsAny())).Returns(Task.FromResult(new Dictionary())); _credMgr.Setup(x => x.LoadCredentials()).Returns(new Common.VssCredentials()); // Act MessageListener listener = new MessageListener(); listener.Initialize(tc); // Arrange - Set environment variable (simulating Agent.cs setting it after fetching FF) Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", "true"); bool result = await listener.CreateSessionAsync(tokenSource.Token); trace.Info($"result: {result}"); // Assert Assert.True(result); Assert.True(tc.CapturedDelays.Count >= 5, $"Should have at least 5 delays, got {tc.CapturedDelays.Count}"); // Check the 5th delay (index 4) var delayAtAttempt5 = tc.CapturedDelays[4].TotalSeconds; trace.Info($"Delay at attempt 5: {delayAtAttempt5:F1}s (expected >30s for exponential backoff)"); // Exponential should be > 30s (constant is 30s) Assert.True(delayAtAttempt5 > 30, $"Expected exponential (>30s), got {delayAtAttempt5:F1}s. This means the FF codepath was not executed even though the FF is enabled."); } finally { Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", null); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async Task CreateSessionUsesConstantBackoffWhenFlagDisabled() { using (TestHostContext tc = CreateTestContext()) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = tc.GetTrace(); try { int callCount = 0; _agentServer .Setup(x => x.CreateAgentSessionAsync(_settings.PoolId, It.Is(y => y != null), tokenSource.Token)) .Returns(() => { callCount++; // Fail first 5 attempts if (callCount <= 5) { throw new Exception("Temporary failure"); } return Task.FromResult(new TaskAgentSession()); }); _capabilitiesManager.Setup(x => x.GetCapabilitiesAsync(_settings, It.IsAny())).Returns(Task.FromResult(new Dictionary())); _credMgr.Setup(x => x.LoadCredentials()).Returns(new Common.VssCredentials()); // Act MessageListener listener = new MessageListener(); listener.Initialize(tc); // Arrange - Ensure environment variable is not set (simulating FF being off) Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", "false"); bool result = await listener.CreateSessionAsync(tokenSource.Token); // Assert Assert.True(result); Assert.True(tc.CapturedDelays.Count >= 5, $"Should have at least 5 delays, got {tc.CapturedDelays.Count}"); // Check the 5th delay (index 4) var delayAtAttempt5 = tc.CapturedDelays[4].TotalSeconds; trace.Info($"Delay at attempt 5: {delayAtAttempt5:F1}s (expected ~30s for constant backoff)"); // Constant should be exactly 30s Assert.True(delayAtAttempt5 >= 29 && delayAtAttempt5 <= 31, $"Expected ~30s (constant), got {delayAtAttempt5:F1}s. This proves FF codepath was executed even though the FF is disabled."); } finally { Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", null); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async Task GetNextMessageUsesExponentialBackoffWhenFlagEnabled() { using (TestHostContext tc = CreateTestContext()) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = tc.GetTrace(); try { // Create session first var session = new TaskAgentSession(); PropertyInfo sessionIdProperty = session.GetType().GetProperty("SessionId", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(sessionIdProperty); sessionIdProperty.SetValue(session, Guid.NewGuid()); _agentServer .Setup(x => x.CreateAgentSessionAsync(_settings.PoolId, It.Is(y => y != null), tokenSource.Token)) .Returns(Task.FromResult(session)); int callCount = 0; _agentServer .Setup(x => x.GetAgentMessageAsync(_settings.PoolId, session.SessionId, It.IsAny(), tokenSource.Token)) .Returns(() => { callCount++; // Fail first 6 attempts to check delay at attempt 6 if (callCount <= 6) { throw new Exception("Temporary failure"); } return Task.FromResult(new TaskAgentMessage { MessageId = 123, MessageType = JobRequestMessageTypes.AgentJobRequest, Body = "test" }); }); _capabilitiesManager.Setup(x => x.GetCapabilitiesAsync(_settings, It.IsAny())).Returns(Task.FromResult(new Dictionary())); _credMgr.Setup(x => x.LoadCredentials()).Returns(new Common.VssCredentials()); // Act MessageListener listener = new MessageListener(); listener.Initialize(tc); await listener.CreateSessionAsync(tokenSource.Token); // Clear delays from CreateSession - we only want GetNextMessage delays tc.CapturedDelays.Clear(); // Arrange - Set environment variable (simulating Agent.cs setting it after fetching FF) Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", "true"); TaskAgentMessage message = await listener.GetNextMessageAsync(tokenSource.Token); // Assert - Check captured delays Assert.NotNull(message); Assert.True(tc.CapturedDelays.Count >= 12, $"Should have at least 12 delays (6 backoffs + 6 random), got {tc.CapturedDelays.Count}"); // Check the 6th delay (index 10) var delayAtAttempt6 = tc.CapturedDelays[10].TotalSeconds; trace.Info($"Delay at attempt 6: {delayAtAttempt6:F1}s (expected >60s for exponential backoff)"); // Exponential should be > 60s (random is [30,60]s) Assert.True(delayAtAttempt6 > 60, $"Expected exponential (>60s), got {delayAtAttempt6:F1}s. This means the FF codepath was not executed even though the FF is enabled."); } finally { Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", null); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async Task GetNextMessageUsesRandomBackoffWhenFlagDisabled() { using (TestHostContext tc = CreateTestContext()) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = tc.GetTrace(); try { //create session first var session = new TaskAgentSession(); PropertyInfo sessionIdProperty = session.GetType().GetProperty("SessionId", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(sessionIdProperty); sessionIdProperty.SetValue(session, Guid.NewGuid()); _agentServer .Setup(x => x.CreateAgentSessionAsync(_settings.PoolId, It.Is(y => y != null), tokenSource.Token)) .Returns(Task.FromResult(session)); int callCount = 0; _agentServer .Setup(x => x.GetAgentMessageAsync(_settings.PoolId, session.SessionId, It.IsAny(), tokenSource.Token)) .Returns(() => { callCount++; // Fail first 6 attempts if (callCount <= 6) { throw new Exception("Temporary failure"); } return Task.FromResult(new TaskAgentMessage { MessageId = 456, MessageType = JobRequestMessageTypes.AgentJobRequest, Body = "test" }); }); _capabilitiesManager.Setup(x => x.GetCapabilitiesAsync(_settings, It.IsAny())).Returns(Task.FromResult(new Dictionary())); _credMgr.Setup(x => x.LoadCredentials()).Returns(new Common.VssCredentials()); // Act MessageListener listener = new MessageListener(); listener.Initialize(tc); await listener.CreateSessionAsync(tokenSource.Token); // Clear delays from CreateSession - we only want GetNextMessage delays tc.CapturedDelays.Clear(); // Arrange - Ensure environment variable is not set (simulating FF being off) Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", "false"); TaskAgentMessage message = await listener.GetNextMessageAsync(tokenSource.Token); // Assert - Check captured delays Assert.NotNull(message); Assert.True(tc.CapturedDelays.Count >= 12, $"Should have at least 12 delays (6 backoffs + 6 random), got {tc.CapturedDelays.Count}"); // Check the 6th delay (index 10) var delayAtAttempt6 = tc.CapturedDelays[10].TotalSeconds; trace.Info($"Delay at attempt 6: {delayAtAttempt6:F1}s (expected [30,60]s for random backoff)"); // Random should be in [30,60]s range Assert.True(delayAtAttempt6 >= 30 && delayAtAttempt6 <= 60, $"Expected [30,60]s (random), got {delayAtAttempt6:F1}s. This proves FF codepath was executed even though the FF is disabled."); } finally { Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", null); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async Task KeepAliveUsesExponentialBackoffWhenFlagEnabled() { using (TestHostContext tc = CreateTestContext()) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = tc.GetTrace(); try { // Create session first var session = new TaskAgentSession(); PropertyInfo sessionIdProperty = session.GetType().GetProperty("SessionId", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); Assert.NotNull(sessionIdProperty); sessionIdProperty.SetValue(session, Guid.NewGuid()); _agentServer .Setup(x => x.CreateAgentSessionAsync(_settings.PoolId, It.Is(y => y != null), tokenSource.Token)) .Returns(Task.FromResult(session)); _capabilitiesManager.Setup(x => x.GetCapabilitiesAsync(_settings, It.IsAny())).Returns(Task.FromResult(new Dictionary())); _credMgr.Setup(x => x.LoadCredentials()).Returns(new Common.VssCredentials()); int callCount = 0; // Setup GetAgentMessageAsync to track KeepAlive calls _agentServer .Setup(x => x.GetAgentMessageAsync(_settings.PoolId, session.SessionId, null, tokenSource.Token)) .Returns(() => { callCount++; // Fail first 5 attempts to check delay at attempt 5 if (callCount <= 5) { throw new Exception("KeepAlive failure"); } // Cancel after success to stop the infinite loop tokenSource.Cancel(); return Task.FromResult(null); }); // Act MessageListener listener = new MessageListener(); listener.Initialize(tc); await listener.CreateSessionAsync(tokenSource.Token); // Clear delays from CreateSession - we only want KeepAlive delays tc.CapturedDelays.Clear(); // Arrange - Set environment variable (simulating Agent.cs setting it after fetching FF) Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", "true"); // Start KeepAlive in a task and let it run until cancellation var keepAliveTask = listener.KeepAlive(tokenSource.Token); try { await keepAliveTask; } catch (OperationCanceledException) { // Expected when token is cancelled } // Assert - Check captured delays Assert.True(tc.CapturedDelays.Count >= 5, $"Should have at least 5 delays, got {tc.CapturedDelays.Count}"); // Check the 5th delay (index 4) var delayAtAttempt5 = tc.CapturedDelays[4].TotalSeconds; trace.Info($"KeepAlive delay at attempt 5: {delayAtAttempt5:F1}s (expected >30s for exponential backoff)"); // Exponential should be > 30s (constant is 30s) Assert.True(delayAtAttempt5 > 30, $"Expected exponential (>30s), got {delayAtAttempt5:F1}s. This means the FF codepath was not executed even though the FF is enabled."); } finally { Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", null); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public async Task KeepAliveUsesConstantBackoffWhenFlagDisabled() { using (TestHostContext tc = CreateTestContext()) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = tc.GetTrace(); try { var session = new TaskAgentSession(); var sessionIdProperty = session.GetType().GetProperty("SessionId", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public); sessionIdProperty.SetValue(session, Guid.NewGuid()); _agentServer .Setup(x => x.CreateAgentSessionAsync(_settings.PoolId, It.Is(y => y != null), tokenSource.Token)) .Returns(Task.FromResult(session)); _capabilitiesManager.Setup(x => x.GetCapabilitiesAsync(_settings, It.IsAny())).Returns(Task.FromResult(new Dictionary())); _credMgr.Setup(x => x.LoadCredentials()).Returns(new Common.VssCredentials()); var callTimes = new List(); int callCount = 0; // Setup GetAgentMessageAsync to track KeepAlive calls _agentServer .Setup(x => x.GetAgentMessageAsync(_settings.PoolId, session.SessionId, null, tokenSource.Token)) .Returns(() => { callTimes.Add(DateTime.UtcNow); callCount++; // Fail first 5 attempts if (callCount <= 5) { throw new Exception("KeepAlive failure"); } // Cancel after success to stop the infinite loop tokenSource.Cancel(); return Task.FromResult(null); }); // Act MessageListener listener = new MessageListener(); listener.Initialize(tc); await listener.CreateSessionAsync(tokenSource.Token); // Clear delays from CreateSession - we only want KeepAlive delays tc.CapturedDelays.Clear(); // Arrange - Ensure environment variable is not set (simulating FF being off) Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", "false"); // Start KeepAlive in a task and let it run until cancellation var keepAliveTask = listener.KeepAlive(tokenSource.Token); try { await keepAliveTask; } catch (OperationCanceledException) { // Expected when token is cancelled } // Assert - Check captured delays Assert.True(tc.CapturedDelays.Count >= 5, $"Should have at least 5 delays, got {tc.CapturedDelays.Count}"); // Check the 5th delay (index 4) var delayAtAttempt5 = tc.CapturedDelays[4].TotalSeconds; trace.Info($"KeepAlive delay at attempt 5: {delayAtAttempt5:F1}s (expected ~30s for constant backoff)"); // Constant should be exactly 30s Assert.True(delayAtAttempt5 >= 29 && delayAtAttempt5 <= 31, $"Expected ~30s (constant), got {delayAtAttempt5:F1}s. This proves FF codepath was executed even though the FF is disabled."); } finally { Environment.SetEnvironmentVariable("AGENT_ENABLE_PROGRESSIVE_RETRY_BACKOFF", null); } } } public void Dispose() { rsa.Dispose(); } } } ================================================ FILE: src/Test/L0/Listener/PipelineParserL0.cs ================================================ using Microsoft.VisualStudio.Services.Agent.Util; // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Globalization; using System.IO; using System.Runtime.CompilerServices; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Listener; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Xunit; using YamlDotNet.Core; using Yaml = Microsoft.TeamFoundation.DistributedTask.Orchestration.Server.Pipelines.Yaml; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener { public sealed class PipelineParserL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void TaskStep() { using (CreateTestContext()) { // Arrange. String expected = @" steps: - task: myTask@1 - task: myOtherTask@2 name: Fancy task enabled: false condition: always() continueOnError: true timeoutInMinutes: 123 inputs: myInput: input value env: MY_VAR: val "; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "taskStep.yml")] = expected; // Act. String actual = m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "taskStep.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.Equal(expected.Trim(), actual.Trim()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void ScriptStep() { using (CreateTestContext()) { // Arrange. String expected = @" steps: - script: echo hello from script 1 - script: echo hello from script 2 name: Fancy script enabled: false condition: always() continueOnError: true timeoutInMinutes: 123 failOnStderr: $(failOnStderrVariable) workingDirectory: $(workingDirectoryVariable) env: MY_VAR: value "; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "scriptStep.yml")] = expected; // Act. String actual = m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "scriptStep.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.Equal(expected.Trim(), actual.Trim()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void BashStep() { using (CreateTestContext()) { // Arrange. String expected = @" steps: - bash: echo hello from bash - bash: echo hello again from bash name: Fancy script enabled: false condition: always() continueOnError: true timeoutInMinutes: 123 failOnStderr: $(failOnStderrVariable) workingDirectory: $(workingDirectoryVariable) env: MY_VAR: value "; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "bashStep.yml")] = expected; // Act. String actual = m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "bashStep.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.Equal(expected.Trim(), actual.Trim()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void PowerShellStep() { using (CreateTestContext()) { // Arrange. String expected = @" steps: - powershell: write-host 'hello from powershell' - powershell: write-host 'hello again from powershell' name: Fancy script enabled: false condition: always() continueOnError: true timeoutInMinutes: 123 errorActionPreference: $(errorActionPreferenceVariable) failOnStderr: $(failOnStderrVariable) ignoreLASTEXITCODE: $(ignoreLASTEXITCODEVariable) workingDirectory: $(workingDirectoryVariable) env: MY_VAR: value "; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "powershellStep.yml")] = expected; // Act. String actual = m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "powershellStep.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.Equal(expected.Trim(), actual.Trim()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void CheckoutStep() { using (CreateTestContext()) { // Arrange. String expected = @" phases: - name: phase1 steps: - checkout: none - name: phase2 steps: - checkout: self - name: phase3 steps: - checkout: self clean: $(cleanVariable) fetchDepth: $(fetchDepthVariable) lfs: $(fetchDepthVariable) "; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "checkoutStep.yml")] = expected; // Act. String actual = m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "checkoutStep.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.Equal(expected.Trim(), actual.Trim()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void CheckoutStep_RepoDefined() { using (CreateTestContext()) { // Arrange. String expected = @" resources: - repo: self clean: true phases: - name: phase1 steps: - checkout: none - name: phase2 steps: - checkout: self - name: phase3 steps: - checkout: self clean: $(cleanVariable) fetchDepth: $(fetchDepthVariable) lfs: $(fetchDepthVariable) "; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "checkoutStep_repoDefined.yml")] = expected; // Act. String actual = m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "checkoutStep_repoDefined.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.Equal(expected.Trim(), actual.Trim()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void Phase() { using (CreateTestContext()) { // Arrange. String expected = @" phases: - name: phase1 steps: - script: echo hello - name: phase2 dependsOn: phase1 condition: always() continueOnError: $(continueOnErrorVariable) enableAccessToken: $(enableAccessTokenVariable) queue: myQueue variables: var1: val1 steps: - script: echo hello - name: phase3 dependsOn: - phase1 - phase2 queue: demands: a -eq b steps: - script: echo hello "; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "phase.yml")] = expected; // Act. String actual = m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "phase.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.Equal(expected.Trim(), actual.Trim()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void PhaseDeploymentTarget() { using (CreateTestContext()) { // Arrange. String expected = @" phases: - name: deployPhase1 deployment: myDeploymentGroup steps: - script: echo hello - name: deployPhase2 deployment: group: myDeploymentGroup tags: myTag steps: - script: echo hello - name: deployPhase3 deployment: group: myDeploymentGroup continueOnError: $(continueOnErrorVariable) healthOption: percentage percentage: 50 timeoutInMinutes: $(timeoutInMinutesVariable) tags: - myTag1 - myTag2 steps: - script: echo hello "; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "phaseDeploymentTarget.yml")] = expected; // Act. String actual = m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "phaseDeploymentTarget.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.Equal(expected.Trim(), actual.Trim()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void PhaseQueueTarget() { using (CreateTestContext()) { // Arrange. String expected = @" phases: - name: buildPhase1 steps: - script: echo hello - name: buildPhase2 queue: myQueue steps: - script: echo hello - name: buildPhase3 queue: demands: a -eq b steps: - script: echo hello - name: buildPhase4 queue: name: myQueue continueOnError: $(continueOnErrorVariable) parallel: $(parallelVariable) timeoutInMinutes: $(timeoutInMinutesVariable) demands: - a -eq b - c -eq d matrix: x64_release: arch: x64 config: release x86_debug: arch: x86 config: debug steps: - script: echo hello "; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "phaseQueueTarget.yml")] = expected; // Act. String actual = m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "phaseQueueTarget.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.Equal(expected.Trim(), actual.Trim()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void PhaseServerTarget() { using (CreateTestContext()) { // Arrange. String expected = @" phases: - name: serverPhase1 server: true steps: - task: myServerTask@1 - name: serverPhase2 server: timeoutInMinutes: $(timeoutInMinutesVariable) steps: - task: myServerTask@1 - name: serverPhase3 server: continueOnError: $(continueOnErrorVariable) parallel: $(parallelVariable) timeoutInMinutes: $(timeoutInMinutesVariable) matrix: x64_release: arch: x64 config: release x86_debug: arch: x86 config: debug steps: - task: myServerTask@1 "; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "phaseServerTarget.yml")] = expected; // Act. String actual = m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "phaseServerTarget.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.Equal(expected.Trim(), actual.Trim()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void PhaseVariables_Simple() { using (CreateTestContext()) { // Arrange. String expected = @" variables: var1: val1 steps: - script: echo hello "; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "phaseVariables_simple.yml")] = expected; // Act. String actual = m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "phaseVariables_simple.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.Equal(expected.Trim(), actual.Trim()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void PhaseVariables_NameValue() { using (CreateTestContext()) { // Arrange. String content = @" variables: - name: var1 value: val1 steps: - script: echo hello "; String expected = @" variables: var1: val1 steps: - script: echo hello "; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "phaseVariables_nameValue.yml")] = content; // Act. String actual = m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "phaseVariables_nameValue.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.Equal(expected.Trim(), actual.Trim()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void MaxObjectDepth_Mapping() { using (CreateTestContext()) { // Arrange - sanity test allowed threshold String contentFormat = @" resources: - endpoint: someEndpoint myProperty: {0}"; String allowedObject = "{a: {a: {a: {a: {a: {a: {a: {a: {a: {a: \"b\"} } } } } } } } } }"; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "maxObjectDepth_mapping_allowed.yml")] = String.Format(CultureInfo.InvariantCulture, contentFormat, allowedObject); m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "maxObjectDepth_mapping_allowed.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Arrange - setup exceeding threshold String unallowedObject = "{a: " + allowedObject + " }"; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "maxObjectDepth_mapping_unallowed.yml")] = String.Format(CultureInfo.InvariantCulture, contentFormat, unallowedObject); try { // Act. m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "maxObjectDepth_mapping_unallowed.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.True(false, "Should have thrown syntax error exception"); } catch (SyntaxErrorException ex) { // Assert. Assert.Contains("Max object depth of 10 exceeded", ex.Message); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void MaxObjectDepth_Sequence() { using (CreateTestContext()) { // Arrange - sanity test allowed threshold String contentFormat = @" resources: - endpoint: someEndpoint myProperty: {0}"; String allowedObject = "[ [ [ [ [ [ [ [ [ [ \"a\" ] ] ] ] ] ] ] ] ] ]"; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "maxObjectDepth_sequence_allowed.yml")] = String.Format(CultureInfo.InvariantCulture, contentFormat, allowedObject); m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "maxObjectDepth_sequence_allowed.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Arrange - setup exceeding threshold String unallowedObject = "[ " + allowedObject + " ]"; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "maxObjectDepth_sequence_unallowed.yml")] = String.Format(CultureInfo.InvariantCulture, contentFormat, unallowedObject); try { // Act. m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "maxObjectDepth_sequence_unallowed.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.True(false, "Should have thrown syntax error exception"); } catch (SyntaxErrorException ex) { // Assert. Assert.Contains("Max object depth of 10 exceeded", ex.Message); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void MaxObjectDepth_Mixed() { using (CreateTestContext()) { // Arrange - sanity test allowed threshold String contentFormat = @" resources: - endpoint: someEndpoint myProperty: {0}"; String allowedObject = "{a: [ {a: [ {a: [ {a: [ {a: [ \"a\" ] } ] } ] } ] } ] }"; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "maxObjectDepth_mixed_allowed.yml")] = String.Format(CultureInfo.InvariantCulture, contentFormat, allowedObject); m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "maxObjectDepth_mixed_allowed.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Arrange - setup exceeding threshold String unallowedObject = "[ " + allowedObject + " ]"; m_fileProvider.FileContent[Path.Combine(c_defaultRoot, "maxObjectDepth_mixed_unallowed.yml")] = String.Format(CultureInfo.InvariantCulture, contentFormat, unallowedObject); try { // Act. m_pipelineParser.DeserializeAndSerialize( c_defaultRoot, "maxObjectDepth_mixed_unallowed.yml", mustacheContext: null, cancellationToken: CancellationToken.None); // Assert. Assert.True(false, "Should have thrown syntax error exception"); } catch (SyntaxErrorException ex) { // Assert. Assert.Contains("Max object depth of 10 exceeded", ex.Message); } } } private TestHostContext CreateTestContext([CallerMemberName] string testName = "") { TestHostContext hc = new TestHostContext(this, testName); m_fileProvider = new YamlFileProvider(); m_pipelineParser = new Yaml.PipelineParser( new YamlTraceWriter(hc), m_fileProvider, new Yaml.ParseOptions() { MaxFiles = 10, MustacheEvaluationMaxResultLength = 512 * 1024, // 512k string length MustacheEvaluationTimeout = TimeSpan.FromSeconds(10), MustacheMaxDepth = 5, }); Yaml.ITraceWriter traceWriter = new YamlTraceWriter(hc); return hc; } private sealed class YamlFileProvider : Yaml.IFileProvider { public Dictionary FileContent => m_fileContent; public Yaml.FileData GetFile(String path) { return new Yaml.FileData { Name = Path.GetFileName(path), Directory = Path.GetDirectoryName(path), Content = m_fileContent[path], }; } public String ResolvePath(String defaultRoot, String path) { return Path.Combine(defaultRoot, path); } private readonly Dictionary m_fileContent = new Dictionary(); } private sealed class YamlTraceWriter : Yaml.ITraceWriter { public YamlTraceWriter(TestHostContext hostContext) { m_trace = hostContext.GetTrace(nameof(YamlTraceWriter)); } public void Info(String format, params Object[] args) { m_trace.Info(StringUtil.Format(format, args)); } public void Verbose(String format, params Object[] args) { m_trace.Verbose(StringUtil.Format(format, args)); } private readonly Tracing m_trace; } private const String c_defaultRoot = @"C:\TestYamlFiles"; private Yaml.PipelineParser m_pipelineParser; private YamlFileProvider m_fileProvider; } } ================================================ FILE: src/Test/L0/LocStringsL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text.RegularExpressions; using Xunit; using System; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class LocStringsL0 { private static readonly Regex ValidKeyRegex = new Regex("^[_a-zA-Z0-9]+$"); [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void IsNotMissingCommonLocStrings() { ValidateLocStrings(new TestHostContext(this), project: "Microsoft.VisualStudio.Services.Agent"); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void IsNotMissingListenerLocStrings() { ValidateLocStrings(new TestHostContext(this), project: "Agent.Listener"); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void IsNotMissingWorkerLocStrings() { ValidateLocStrings(new TestHostContext(this), project: "Agent.Worker"); } [Fact] [Trait("Level", "L0")] [Trait("Category", "LocString")] public void IsLocStringsPrettyPrint() { // Load the strings. string stringsFile = Path.Combine(TestUtil.GetSrcPath(), "Misc", "layoutbin", "en-US", "strings.json"); Assert.True(File.Exists(stringsFile), $"File does not exist: {stringsFile}"); var resourceDictionary = IOUtil.LoadObject>(stringsFile); // sort the dictionary. Dictionary sortedResourceDictionary = new Dictionary(); foreach (var res in resourceDictionary.OrderBy(r => r.Key)) { sortedResourceDictionary[res.Key] = res.Value; } // print to file. string prettyStringsFile = Path.Combine(TestUtil.GetSrcPath(), "Misc", "layoutbin", "en-US", "strings.json.pretty"); IOUtil.SaveObject(sortedResourceDictionary, prettyStringsFile); Assert.True(string.Equals(File.ReadAllText(stringsFile), File.ReadAllText(prettyStringsFile)), $"Orginal string.json file: {stringsFile} is not pretty printed, replace it with: {prettyStringsFile}"); // delete file on succeed File.Delete(prettyStringsFile); } [Fact] [Trait("Level", "L0")] [Trait("Category", "LocString")] public void FindExtraLocStrings() { // Load the strings. string stringsFile = Path.Combine(TestUtil.GetSrcPath(), "Misc", "layoutbin", "en-US", "strings.json"); Assert.True(File.Exists(stringsFile), $"File does not exist: {stringsFile}"); var resourceDictionary = IOUtil.LoadObject>(stringsFile); // Find all loc string key in source file. // // Note, narrow the search to each project folder only. Otherwise intermittent errors occur // when recursively searching due to parallel tests are deleting temp folders (DirectoryNotFoundException). var keys = new List(); string[] sourceFiles = Directory.GetFiles(TestUtil.GetProjectPath("Microsoft.VisualStudio.Services.Agent"), "*.cs", SearchOption.AllDirectories) .Concat(Directory.GetFiles(TestUtil.GetProjectPath("Agent.Listener"), "*.cs", SearchOption.AllDirectories)) .Concat(Directory.GetFiles(TestUtil.GetProjectPath("Agent.Worker"), "*.cs", SearchOption.AllDirectories)) .Concat(Directory.GetFiles(TestUtil.GetProjectPath("Agent.Plugins"), "*.cs", SearchOption.AllDirectories)) .Concat(Directory.GetFiles(TestUtil.GetProjectPath("Agent.Sdk"), "*.cs", SearchOption.AllDirectories)) .ToArray(); foreach (string sourceFile in sourceFiles) { // Skip files in the obj directory. if (sourceFile.Contains(StringUtil.Format("{0}obj{0}", Path.DirectorySeparatorChar))) { continue; } foreach (string line in File.ReadAllLines(sourceFile)) { // Search for calls to the StringUtil.Loc method within the line. const string Pattern = "StringUtil.Loc("; int searchIndex = 0; int patternIndex; while (searchIndex < line.Length && (patternIndex = line.IndexOf(Pattern, searchIndex)) >= 0) { // Bump the search index in preparation for the for the next iteration within the same line. searchIndex = patternIndex + Pattern.Length; // Extract the resource key. int keyStartIndex = patternIndex + Pattern.Length; int keyEndIndex; if (keyStartIndex + 2 < line.Length && // Key should start with a ", be followed by at least line[keyStartIndex] == '"' && // one character, and end with a ". (keyEndIndex = line.IndexOf('"', keyStartIndex + 1)) > 0) { // Remove the first and last double quotes. keyStartIndex++; keyEndIndex--; string key = line.Substring( startIndex: keyStartIndex, length: keyEndIndex - keyStartIndex + 1); if (ValidKeyRegex.IsMatch(key)) { // A valid key was extracted. keys.Add(key); continue; } } } } } // find extra loc strings. var extraKeys = resourceDictionary.Keys.Where(x => !keys.Contains(x))?.ToList(); if (extraKeys != null) { Assert.True(extraKeys.Count == 0, $"Please save company's money by removing extra loc strings:{Environment.NewLine}{string.Join(Environment.NewLine, extraKeys)}"); } } private void ValidateLocStrings(TestHostContext hc, string project) { using (hc) { Tracing trace = hc.GetTrace(); var keys = new List(); var badLines = new List(); // Search for source files within the project. trace.Verbose("Searching source files:"); string[] sourceFiles = Directory.GetFiles( TestUtil.GetProjectPath(project), "*.cs", SearchOption.AllDirectories); foreach (string sourceFile in sourceFiles) { // Skip files in the obj directory. if (sourceFile.Contains(StringUtil.Format("{0}obj{0}", Path.DirectorySeparatorChar))) { continue; } trace.Verbose($" {sourceFile}"); foreach (string line in File.ReadAllLines(sourceFile)) { // Search for calls to the StringUtil.Loc method within the line. const string Pattern = "StringUtil.Loc("; int searchIndex = 0; int patternIndex; while (searchIndex < line.Length && (patternIndex = line.IndexOf(Pattern, searchIndex)) >= 0) { // Bump the search index in preparation for the for the next iteration within the same line. searchIndex = patternIndex + Pattern.Length; // Extract the resource key. int keyStartIndex = patternIndex + Pattern.Length; int keyEndIndex; if (keyStartIndex + 2 < line.Length && // Key should start with a ", be followed by at least line[keyStartIndex] == '"' && // one character, and end with a ". (keyEndIndex = line.IndexOf('"', keyStartIndex + 1)) > 0) { // Remove the first and last double quotes. keyStartIndex++; keyEndIndex--; string key = line.Substring( startIndex: keyStartIndex, length: keyEndIndex - keyStartIndex + 1); if (ValidKeyRegex.IsMatch(key)) { // A valid key was extracted. keys.Add(key); continue; } } // Something went wrong. The pattern was found, but the resource key could not be determined. badLines.Add(new BadLineInfo { File = sourceFile, Line = line }); } } } // Load the strings. string stringsFile = Path.Combine(TestUtil.GetSrcPath(), "Misc", "layoutbin", "en-US", "strings.json"); Assert.True(File.Exists(stringsFile), $"File does not exist: {stringsFile}"); var resourceDictionary = IOUtil.LoadObject>(stringsFile); // Find missing keys. string[] missingKeys = keys .Where(x => !resourceDictionary.ContainsKey(x)) .OrderBy(x => x) .ToArray(); if (missingKeys.Length > 0) { trace.Error("One or more resource keys missing from resources file:"); foreach (string missingKey in missingKeys) { trace.Error($" {missingKey}"); } } // Validate whether resource keys couldn't be interpreted. if (badLines.Count > 0) { trace.Error("Bad lines detected. Unable to interpret resource key(s)."); IEnumerable> badLineGroupings = badLines .GroupBy(x => x.File) .OrderBy(x => x.Key) .ToArray(); foreach (IGrouping badLineGrouping in badLineGroupings) { trace.Error($"File: {badLineGrouping.First().File}"); foreach (BadLineInfo badLine in badLineGrouping) { trace.Error($" Line: {badLine.Line}"); } } } Assert.True(missingKeys.Length == 0, $"One or more resource keys missing from resources files. Consult the trace log: {hc.TraceFileName}"); Assert.True(badLines.Count == 0, $"Unable to determine one or more resource keys. Consult the trace log: {hc.TraceFileName}"); } } private sealed class BadLineInfo { public string File { get; set; } public string Line { get; set; } } } } ================================================ FILE: src/Test/L0/NodeHandler.GlibcTest.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Text; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies; using Moq; using Xunit; using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent.Tests { public class NodeHandlerGlibcTest : IDisposable { private bool disposed = false; private class TestableGlibcCompatibilityInfoProvider : GlibcCompatibilityInfoProvider { public TestableGlibcCompatibilityInfoProvider(IHostContext hostContext) : base(hostContext) { } protected override bool IsLinuxPlatform() => true; protected override bool NodeBinaryExists(string nodePath) => true; } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } protected virtual void Dispose(bool disposing) { if (!disposed) { disposed = true; } } [Fact] [Trait("Level", "L0")] [Trait("Category", "GlibcChecker")] public async Task GlibcCompatibilityInfoProvider_Node24GlibcError_ReturnsCorrectStatus() { ResetGlibcCompatibilityInfoProviderCache(); using (var hc = new TestHostContext(this)) { var (processInvokerMock, executionContextMock) = SetupTestEnvironment(hc); SetupNodeProcessInvocation(processInvokerMock, "node24", shouldHaveGlibcError: true); SetupNodeProcessInvocation(processInvokerMock, "node20_1", shouldHaveGlibcError: false); var glibcChecker = new TestableGlibcCompatibilityInfoProvider(hc); var result = await glibcChecker.CheckGlibcCompatibilityAsync(executionContextMock.Object); Assert.True(result.Node24HasGlibcError); Assert.False(result.Node20HasGlibcError); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "GlibcChecker")] public async Task GlibcCompatibilityInfoProvider_BothVersionsSuccess_ReturnsCorrectStatus() { ResetGlibcCompatibilityInfoProviderCache(); using (var hc = new TestHostContext(this)) { var (processInvokerMock, executionContextMock) = SetupTestEnvironment(hc); SetupNodeProcessInvocation(processInvokerMock, "node24", shouldHaveGlibcError: false); SetupNodeProcessInvocation(processInvokerMock, "node20_1", shouldHaveGlibcError: false); var glibcChecker = new TestableGlibcCompatibilityInfoProvider(hc); var result = await glibcChecker.CheckGlibcCompatibilityAsync(executionContextMock.Object); Assert.False(result.Node24HasGlibcError); Assert.False(result.Node20HasGlibcError); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "GlibcChecker")] public async Task GlibcCompatibilityInfoProvider_UseNode20InUnsupportedSystem_SkipsNode20Check() { ResetGlibcCompatibilityInfoProviderCache(); using (var hc = new TestHostContext(this)) { var knobs = new Dictionary { ["AGENT_USE_NODE20_IN_UNSUPPORTED_SYSTEM"] = "true" }; var (processInvokerMock, executionContextMock) = SetupTestEnvironment(hc, knobs); SetupNodeProcessInvocation(processInvokerMock, "node24", shouldHaveGlibcError: true); var glibcChecker = new TestableGlibcCompatibilityInfoProvider(hc); var result = await glibcChecker.CheckGlibcCompatibilityAsync(executionContextMock.Object); Assert.True(result.Node24HasGlibcError); Assert.False(result.Node20HasGlibcError); VerifyProcessNotCalled(processInvokerMock, "node20_1"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "GlibcChecker")] public async Task GlibcCompatibilityInfoProvider_UseNode24InUnsupportedSystem_SkipsNode24Check() { ResetGlibcCompatibilityInfoProviderCache(); using (var hc = new TestHostContext(this)) { var knobs = new Dictionary { ["AGENT_USE_NODE24_IN_UNSUPPORTED_SYSTEM"] = "true" }; var (processInvokerMock, executionContextMock) = SetupTestEnvironment(hc, knobs); SetupNodeProcessInvocation(processInvokerMock, "node20_1", shouldHaveGlibcError: true); var glibcChecker = new TestableGlibcCompatibilityInfoProvider(hc); var result = await glibcChecker.CheckGlibcCompatibilityAsync(executionContextMock.Object); Assert.False(result.Node24HasGlibcError); Assert.True(result.Node20HasGlibcError); VerifyProcessNotCalled(processInvokerMock, "node24"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "GlibcChecker")] public async Task GlibcCompatibilityInfoProvider_BothUnsupportedSystemKnobs_SkipsBothChecks() { ResetGlibcCompatibilityInfoProviderCache(); using (var hc = new TestHostContext(this)) { var knobs = new Dictionary { ["AGENT_USE_NODE20_IN_UNSUPPORTED_SYSTEM"] = "true", ["AGENT_USE_NODE24_IN_UNSUPPORTED_SYSTEM"] = "true" }; var (processInvokerMock, executionContextMock) = SetupTestEnvironment(hc, knobs); var glibcChecker = new TestableGlibcCompatibilityInfoProvider(hc); var result = await glibcChecker.CheckGlibcCompatibilityAsync(executionContextMock.Object); Assert.False(result.Node24HasGlibcError); Assert.False(result.Node20HasGlibcError); VerifyNoProcessesCalled(processInvokerMock); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "GlibcChecker")] public async Task GlibcCompatibilityInfoProvider_StaticCaching_WorksCorrectly() { ResetGlibcCompatibilityInfoProviderCache(); using (var hc = new TestHostContext(this)) { var (processInvokerMock, executionContextMock) = SetupTestEnvironment(hc); SetupNodeProcessInvocation(processInvokerMock, "node24", shouldHaveGlibcError: false); SetupNodeProcessInvocation(processInvokerMock, "node20_1", shouldHaveGlibcError: false); var glibcChecker = new TestableGlibcCompatibilityInfoProvider(hc); var result1 = await glibcChecker.CheckGlibcCompatibilityAsync(executionContextMock.Object); var result2 = await glibcChecker.CheckGlibcCompatibilityAsync(executionContextMock.Object); Assert.False(result1.Node24HasGlibcError); Assert.False(result1.Node20HasGlibcError); Assert.False(result2.Node24HasGlibcError); Assert.False(result2.Node20HasGlibcError); VerifyProcessCalledOnce(processInvokerMock, "node24"); VerifyProcessCalledOnce(processInvokerMock, "node20_1"); } } #region Helper Methods /// /// Sets up the common test environment with process invoker and execution context mocks. /// /// Test host context /// Optional knob settings to configure /// Tuple of (processInvokerMock, executionContextMock) private (Mock, Mock) SetupTestEnvironment(TestHostContext hc, Dictionary knobs = null) { var processInvokerMock = new Mock(); var executionContextMock = new Mock(); for (int i = 0; i < 10; i++) { hc.EnqueueInstance(processInvokerMock.Object); } var variables = new Dictionary(); if (knobs != null) { foreach (var knob in knobs) { variables[knob.Key] = new VariableValue(knob.Value); } } List warnings = new List(); executionContextMock .Setup(x => x.Variables) .Returns(new Variables(hc, copy: variables, warnings: out warnings)); executionContextMock .Setup(x => x.GetScopedEnvironment()) .Returns(new SystemEnvironment()); executionContextMock .Setup(x => x.GetVariableValueOrDefault(It.IsAny())) .Returns((string variableName) => { if (variables.TryGetValue(variableName, out VariableValue value)) { return value.Value; } return Environment.GetEnvironmentVariable(variableName); }); executionContextMock.Setup(x => x.EmitHostNode20FallbackTelemetry(It.IsAny())); executionContextMock.Setup(x => x.EmitHostNode24FallbackTelemetry(It.IsAny())); return (processInvokerMock, executionContextMock); } /// /// Verifies that a specific node process was never called. /// private void VerifyProcessNotCalled(Mock processInvokerMock, string nodeFolder) { processInvokerMock.Verify(x => x.ExecuteAsync( It.IsAny(), It.Is(fileName => fileName.Contains(nodeFolder)), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny()), Times.Never); } /// /// Verifies that no processes were called at all. /// private void VerifyNoProcessesCalled(Mock processInvokerMock) { processInvokerMock.Verify(x => x.ExecuteAsync( It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny()), Times.Never); } /// /// Verifies that a specific node process was called exactly once. /// private void VerifyProcessCalledOnce(Mock processInvokerMock, string nodeFolder) { processInvokerMock.Verify(x => x.ExecuteAsync( It.IsAny(), It.Is(fileName => fileName.Contains(nodeFolder)), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny(), It.IsAny()), Times.Once); } private void SetupNodeProcessInvocation(Mock processInvokerMock, string nodeFolder, bool shouldHaveGlibcError) { string nodeExePath = Path.Combine("externals", nodeFolder, "bin", $"node{IOUtil.ExeExtension}"); processInvokerMock.Setup(x => x.ExecuteAsync( It.IsAny(), It.Is(fileName => fileName.Contains(nodeExePath)), "-v", It.IsAny>(), false, It.IsAny(), It.IsAny())) .Callback, bool, Encoding, CancellationToken>( (wd, fn, args, env, reqZero, enc, ct) => { if (shouldHaveGlibcError) { processInvokerMock.Raise(x => x.ErrorDataReceived += null, processInvokerMock.Object, new ProcessDataReceivedEventArgs("node: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found")); } else { processInvokerMock.Raise(x => x.OutputDataReceived += null, processInvokerMock.Object, new ProcessDataReceivedEventArgs($"v{(nodeFolder.Contains("24") ? "24" : "20")}.0.0")); } }) .ReturnsAsync(shouldHaveGlibcError ? 1 : 0); } private void ResetGlibcCompatibilityInfoProviderCache() { var glibcType = typeof(GlibcCompatibilityInfoProvider); var supportsNode20Field = glibcType.GetField("_supportsNode20", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Static); var supportsNode24Field = glibcType.GetField("_supportsNode24", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Static); supportsNode20Field?.SetValue(null, null); supportsNode24Field?.SetValue(null, null); } #endregion } } ================================================ FILE: src/Test/L0/NodeHandlerCollections.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { /// /// Single collection for ALL NodeHandler tests (legacy and unified). /// This ensures sequential execution to prevent environment variable conflicts. /// [CollectionDefinition("Unified NodeHandler Tests")] public class UnifiedNodeHandlerTestFixture : ICollectionFixture { // This class is never instantiated, it's just a collection marker } } ================================================ FILE: src/Test/L0/NodeHandlerL0.AllSpecs.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Linq; using System.Runtime.InteropServices; using Agent.Sdk; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { /// /// Unified test runner for ALL NodeHandler test specifications. /// Executes every scenario defined in NodeHandlerTestSpecs.AllScenarios. /// [Trait("Level", "L0")] [Trait("Category", "NodeHandler")] [Collection("Unified NodeHandler Tests")] public sealed class NodeHandlerL0AllSpecs : NodeHandlerTestBase { [Theory] [MemberData(nameof(GetAllNodeHandlerScenarios))] public void NodeHandler_AllScenarios_on_legacy(TestScenario scenario) { RunScenarioAndAssert(scenario, useStrategy: false); } [Theory] [MemberData(nameof(GetAllNodeHandlerScenarios))] public void NodeHandler_AllScenarios_on_strategy(TestScenario scenario) { RunScenarioAndAssert(scenario, useStrategy: true); } public static object[][] GetAllNodeHandlerScenarios() { var scenarios = NodeHandlerTestSpecs.AllScenarios.ToList(); // Skip container tests on macOS since they always use cross-platform logic // This is expected behavior - macOS agent binaries cannot run in typical Linux containers if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { scenarios = scenarios.Where(s => !s.InContainer).ToList(); } return scenarios .Select(scenario => new object[] { scenario }) .ToArray(); } } } ================================================ FILE: src/Test/L0/NodeHandlerL0.TestSpecifications.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; namespace Microsoft.VisualStudio.Services.Agent.Tests { public static class NodeHandlerTestSpecs { public static readonly TestScenario[] AllScenarios = new[] { // ============================================ // GROUP 0: CUSTOM NODE SCENARIOS // ============================================ new TestScenario( name: "CustomNode_Host_OverridesHandlerData", description: "Custom node path takes priority over handler data type", handlerData: typeof(Node20_1HandlerData), customNodePath: "/usr/local/custom/node", inContainer: false, expectedNode: "/usr/local/custom/node" ), new TestScenario( name: "CustomNode_Host_BypassesAllKnobs", description: "Custom node path ignores all global node version knobs", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_USE_NODE24"] = "true", ["AGENT_USE_NODE20_1"] = "true", ["AGENT_USE_NODE10"] = "true" }, customNodePath: "/opt/my-node/bin/node", inContainer: false, expectedNode: "/opt/my-node/bin/node" ), new TestScenario( name: "CustomNode_Host_BypassesEOLPolicy", description: "Custom node path bypasses EOL policy restrictions", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, customNodePath: "/legacy/node6/bin/node", inContainer: false, expectedNode: "/legacy/node6/bin/node" ), new TestScenario( name: "CustomNode_HighestPriority_OverridesEverything", description: "Custom path has highest priority - overrides all knobs, EOL policy, and glibc errors", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_USE_NODE24"] = "true", ["AGENT_USE_NODE20_1"] = "true", ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true", ["AGENT_USE_NODE24_WITH_HANDLER_DATA"] = "false" }, node20GlibcError: true, node24GlibcError: true, customNodePath: "/ultimate/override/node", inContainer: false, expectedNode: "/ultimate/override/node" ), new TestScenario( name: "CustomNode_NullPath_FallsBackToNormalLogic", description: "Null custom node path falls back to standard node selection", handlerData: typeof(Node24HandlerData), knobs: new() { ["AGENT_USE_NODE24_WITH_HANDLER_DATA"] = "true" }, customNodePath: null, inContainer: false, expectedNode: "node24" ), new TestScenario( name: "CustomNode_EmptyString_IgnoredFallsBackToNormalLogic", description: "Empty custom node path is ignored, falls back to normal handler logic", handlerData: typeof(Node20_1HandlerData), customNodePath: "", inContainer: false, expectedNode: "node20_1" ), new TestScenario( name: "CustomNode_WhitespaceOnly_IgnoredFallsBackToNormalLogic", description: "Whitespace-only custom node path is ignored, falls back to normal handler logic", handlerData: typeof(Node16HandlerData), customNodePath: " ", inContainer: false, expectedNode: "node16" ), // ======================================================================================== // GROUP 1: NODE6 SCENARIOS (Node6HandlerData - EOL) // ======================================================================================== new TestScenario( name: "Node6_DefaultBehavior", description: "Node6 handler works when in default behavior (EOL policy disabled)", handlerData: typeof(NodeHandlerData), knobs: new() {}, expectedNode: "node" ), new TestScenario( name: "Node6_DefaultBehavior_EOLPolicyDisabled", description: "Node6 handler works when EOL policy is disabled", handlerData: typeof(NodeHandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "false" }, expectedNode: "node" ), new TestScenario( name: "Node6_EOLPolicyEnabled_UpgradesToNode24", description: "Node6 handler with EOL policy: legacy allows Node6, strategy-based upgrades to Node24", handlerData: typeof(NodeHandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, legacyExpectedNode: "node", strategyExpectedNode: "node24", strategyExpectedWarning: "NodeEOLUpgradeWarning" ), new TestScenario( name: "Node6_WithGlobalUseNode10Knob", description: "Node6 handler with global Node10 knob: legacy uses Node10, strategy-based ignores deprecated knob and uses Node6", handlerData: typeof(NodeHandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "true" }, legacyExpectedNode: "node10", strategyExpectedNode: "node" ), new TestScenario( name: "Node6_WithGlobalUseNode20Knob", description: "Global Node20 knob overrides Node6 handler data", handlerData: typeof(NodeHandlerData), knobs: new() { ["AGENT_USE_NODE20_1"] = "true" }, expectedNode: "node20_1" ), new TestScenario( name: "Node6_WithGlobalUseNode24Knob", description: "Global Node24 knob overrides Node6 handler data", handlerData: typeof(NodeHandlerData), knobs: new() { ["AGENT_USE_NODE24"] = "true" }, expectedNode: "node24" ), new TestScenario( name: "Node6_PriorityTest_UseNode24OverridesUseNode20", description: "Node24 global knob takes priority over Node20 global knob with Node6 handler", handlerData: typeof(NodeHandlerData), knobs: new() { ["AGENT_USE_NODE20_1"] = "true", ["AGENT_USE_NODE24"] = "true" }, expectedNode: "node24" ), new TestScenario( name: "Node6_PriorityTest_UseNode20OverridesUseNode10", description: "Node20 global knob takes priority over Node10 global knob with Node6 handler", handlerData: typeof(NodeHandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "true", ["AGENT_USE_NODE20_1"] = "true" }, expectedNode: "node20_1" ), new TestScenario( name: "Node6_MultipleKnobs_GlobalWins", description: "Global Node24 knob takes highest priority when multiple knobs are set with Node6 handler", handlerData: typeof(NodeHandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "true", ["AGENT_USE_NODE20_1"] = "true", ["AGENT_USE_NODE24"] = "true" }, expectedNode: "node24" ), new TestScenario( name: "Node6_AllGlobalKnobsDisabled_UsesHandler", description: "Node6 handler uses handler data when all global knobs are disabled", handlerData: typeof(NodeHandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "false", ["AGENT_USE_NODE20_1"] = "false", ["AGENT_USE_NODE24"] = "false" }, expectedNode: "node" ), new TestScenario( name: "Node6_EOLPolicy_Node24GlibcError_FallsBackToNode20", description: "Node6 handler with EOL policy and Node24 glibc error: legacy allows Node6, strategy-based falls back to Node20", handlerData: typeof(NodeHandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, node24GlibcError: true, legacyExpectedNode: "node", strategyExpectedNode: "node20_1", strategyExpectedWarning: "NodeEOLUpgradeWarning" ), new TestScenario( name: "Node6_EOLPolicy_BothNode24AndNode20GlibcErrors_ThrowsError", description: "Node6 handler with EOL policy and both newer versions having glibc errors: legacy allows Node6, strategy-based throws error", handlerData: typeof(NodeHandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, node24GlibcError: true, node20GlibcError: true, legacyExpectedNode: "node", expectedErrorType: typeof(NotSupportedException), strategyExpectedError: "No compatible Node.js version available for host execution. Handler type: NodeHandlerData. This may occur if all available versions are blocked by EOL policy. Please update your pipeline to use Node20 or Node24 tasks. To temporarily disable EOL policy: Set AGENT_RESTRICT_EOL_NODE_VERSIONS=false" ), // ======================================================================================== // GROUP 2: NODE10 SCENARIOS (Node10HandlerData - EOL) // ======================================================================================== new TestScenario( name: "Node10_DefaultBehavior", description: "Node10 handler uses Node10", handlerData: typeof(Node10HandlerData), knobs: new() {}, expectedNode: "node10" ), new TestScenario( name: "Node10_DefaultBehavior_EOLPolicyDisabled", description: "Node10 handler uses Node10 when EOL policy is disabled", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "false" }, expectedNode: "node10" ), new TestScenario( name: "Node10_EOLPolicyEnabled_UpgradesToNode24", description: "Node10 handler with EOL policy: legacy allows Node10, strategy-based upgrades to Node24", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, legacyExpectedNode: "node10", strategyExpectedNode: "node24", strategyExpectedWarning: "NodeEOLUpgradeWarning" ), new TestScenario( name: "Node10_WithGlobalUseNode10Knob", description: "Global Node10 knob reinforces Node10 handler data", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "true" }, expectedNode: "node10" ), new TestScenario( name: "Node10_WithGlobalUseNode20Knob", description: "Global Node20 knob overrides Node10 handler data", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_USE_NODE20_1"] = "true" }, expectedNode: "node20_1" ), new TestScenario( name: "Node10_WithGlobalUseNode24Knob", description: "Global Node24 knob overrides Node10 handler data", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_USE_NODE24"] = "true" }, expectedNode: "node24" ), new TestScenario( name: "Node10_PriorityTest_UseNode24OverridesUseNode20", description: "Node24 global knob takes priority over Node20 global knob with Node10 handler", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_USE_NODE20_1"] = "true", ["AGENT_USE_NODE24"] = "true" }, expectedNode: "node24" ), new TestScenario( name: "Node10_PriorityTest_UseNode20OverridesUseNode10", description: "Node20 global knob takes priority over Node10 global knob with Node10 handler", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "true", ["AGENT_USE_NODE20_1"] = "true" }, expectedNode: "node20_1" ), new TestScenario( name: "Node10_MultipleKnobs_GlobalWins", description: "Global Node24 knob takes highest priority when multiple knobs are set with Node10 handler", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "true", ["AGENT_USE_NODE20_1"] = "true", ["AGENT_USE_NODE24"] = "true" }, expectedNode: "node24" ), new TestScenario( name: "Node10_AllGlobalKnobsDisabled_UsesHandler", description: "Node10 handler uses handler data when all global knobs are disabled", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "false", ["AGENT_USE_NODE20_1"] = "false", ["AGENT_USE_NODE24"] = "false" }, expectedNode: "node10" ), new TestScenario( name: "Node10_EOLPolicy_Node24GlibcError_FallsBackToNode20", description: "Node10 handler with EOL policy and Node24 glibc error: legacy allows Node10, strategy-based falls back to Node20", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, node24GlibcError: true, legacyExpectedNode: "node10", strategyExpectedNode: "node20_1", strategyExpectedWarning: "NodeEOLUpgradeWarning" ), new TestScenario( name: "Node10_EOLPolicy_BothNode24AndNode20GlibcErrors_ThrowsError", description: "Node10 handler with EOL policy and both newer versions having glibc errors: legacy allows Node10, strategy-based throws error", handlerData: typeof(Node10HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, node24GlibcError: true, node20GlibcError: true, legacyExpectedNode: "node10", expectedErrorType: typeof(NotSupportedException), strategyExpectedError: "No compatible Node.js version available for host execution. Handler type: Node10HandlerData. This may occur if all available versions are blocked by EOL policy. Please update your pipeline to use Node20 or Node24 tasks. To temporarily disable EOL policy: Set AGENT_RESTRICT_EOL_NODE_VERSIONS=false" ), // ======================================================================================== // GROUP 3: NODE16 SCENARIOS (Node16HandlerData) // ======================================================================================== new TestScenario( name: "Node16_DefaultBehavior_EOLPolicyDisabled", description: "Node16 handler uses Node16 when EOL policy is disabled", handlerData: typeof(Node16HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "false" }, expectedNode: "node16" ), new TestScenario( name: "Node16_DefaultEOLPolicy_AllowsNode16", description: "Node16 handler uses Node16 when EOL policy is default (disabled)", handlerData: typeof(Node16HandlerData), knobs: new() { }, expectedNode: "node16" ), new TestScenario( name: "Node16_EOLPolicyEnabled_UpgradesToNode24", description: "Node16 handler with EOL policy: legacy allows Node16, strategy-based upgrades to Node24", handlerData: typeof(Node16HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, legacyExpectedNode: "node16", strategyExpectedNode: "node24", strategyExpectedWarning: "NodeEOLUpgradeWarning" ), new TestScenario( name: "Node16_EOLPolicy_Node24GlibcError_FallsBackToNode20", description: "Node16 handler with EOL policy and Node24 glibc error: legacy allows Node16, strategy-based falls back to Node20", handlerData: typeof(Node16HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, node24GlibcError: true, legacyExpectedNode: "node16", strategyExpectedNode: "node20_1", strategyExpectedWarning: "NodeEOLUpgradeWarning" ), new TestScenario( name: "Node16_EOLPolicy_BothNode24AndNode20GlibcErrors_ThrowsError", description: "Node16 handler with EOL policy and both newer versions having glibc errors: legacy allows Node16, strategy-based throws error", handlerData: typeof(Node16HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, node24GlibcError: true, node20GlibcError: true, legacyExpectedNode: "node16", expectedErrorType: typeof(NotSupportedException), strategyExpectedError: "No compatible Node.js version available for host execution. Handler type: Node16HandlerData. This may occur if all available versions are blocked by EOL policy. Please update your pipeline to use Node20 or Node24 tasks. To temporarily disable EOL policy: Set AGENT_RESTRICT_EOL_NODE_VERSIONS=false" ), // ======================================================================================== // GROUP 4: NODE20 SCENARIOS (Node20_1HandlerData) // ======================================================================================== new TestScenario( name: "Node20_DefaultBehavior_WithHandler", description: "Node20 handler uses Node20 by default", handlerData: typeof(Node20_1HandlerData), knobs: new() { }, expectedNode: "node20_1" ), new TestScenario( name: "Node20_WithGlobalUseNode20Knob", description: "Global Node20 knob forces Node20 regardless of handler type", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AGENT_USE_NODE20_1"] = "true" }, expectedNode: "node20_1" ), new TestScenario( name: "Node20_GlibcError_EOLPolicy_UpgradesToNode24", description: "Node20 with glibc error and EOL policy: legacy falls back to Node16, strategy-based upgrades to Node24", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, node20GlibcError: true, legacyExpectedNode: "node16", strategyExpectedNode: "node24", strategyExpectedWarning: "" ), new TestScenario( name: "Node20_WithGlobalUseNode24Knob", description: "Global Node24 knob overrides Node20 handler data", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AGENT_USE_NODE24"] = "true" }, expectedNode: "node24" ), new TestScenario( name: "Node20_WithUseNode10Knob", description: "Node20 handler ignores deprecated Node10 knob in strategy-based approach", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "true" }, legacyExpectedNode: "node10", strategyExpectedNode: "node20_1" ), new TestScenario( name: "Node20_MultipleKnobs_GlobalWins", description: "Global Node24 knob takes highest priority when multiple knobs are set with Node20 handler", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "true", ["AGENT_USE_NODE20_1"] = "true", ["AGENT_USE_NODE24"] = "true" }, expectedNode: "node24" ), new TestScenario( name: "Node20_GlibcError_Node24GlibcError_EOLPolicy_ThrowsError", description: "Node20 and Node24 with glibc error and EOL policy enabled throws error (cannot fallback to Node16), legacy picks Node16", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, node20GlibcError: true, node24GlibcError: true, legacyExpectedNode: "node16", expectedErrorType: typeof(NotSupportedException), strategyExpectedError: "No compatible Node.js version available for host execution. Handler type: Node20_1HandlerData. This may occur if all available versions are blocked by EOL policy. Please update your pipeline to use Node20 or Node24 tasks. To temporarily disable EOL policy: Set AGENT_RESTRICT_EOL_NODE_VERSIONS=false" ), new TestScenario( name: "Node20_PriorityTest_UseNode20OverridesUseNode10", description: "Node20 global knob takes priority over Node10 global knob", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "true", ["AGENT_USE_NODE20_1"] = "true" }, expectedNode: "node20_1" ), new TestScenario( name: "Node20_PriorityTest_UseNode24OverridesUseNode20", description: "Node24 global knob takes priority over Node20 global knob", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AGENT_USE_NODE20_1"] = "true", ["AGENT_USE_NODE24"] = "true" }, expectedNode: "node24" ), // ======================================================================================== // GROUP 5: CONTAINER-SPECIFIC EOL SCENARIOS // ======================================================================================== new TestScenario( name: "Node20_AllGlobalKnobsDisabled_UsesHandler", description: "Node20 handler uses handler data when all global knobs are disabled", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "false", ["AGENT_USE_NODE20_1"] = "false", ["AGENT_USE_NODE24"] = "false" }, expectedNode: "node20_1" ), // ======================================================================================== // GROUP 6: NODE24 SCENARIOS (Node24HandlerData) // ======================================================================================== new TestScenario( name: "Node24_DefaultBehavior_WithKnobEnabled", description: "Node24 handler uses Node24 when handler-specific knob is enabled", handlerData: typeof(Node24HandlerData), knobs: new() { ["AGENT_USE_NODE24_WITH_HANDLER_DATA"] = "true" }, expectedNode: "node24" ), new TestScenario( name: "Node24_WithHandlerDataKnobDisabled_FallsBackToNode20", description: "Node24 handler falls back to Node20 when AGENT_USE_NODE24_WITH_HANDLER_DATA=false", handlerData: typeof(Node24HandlerData), knobs: new() { ["AGENT_USE_NODE24_WITH_HANDLER_DATA"] = "false" }, expectedNode: "node20_1" ), new TestScenario( name: "Node24_WithGlobalUseNode24Knob", description: "Global Node24 knob overrides handler-specific knob setting", handlerData: typeof(Node24HandlerData), knobs: new() { ["AGENT_USE_NODE24"] = "true" }, expectedNode: "node24" ), new TestScenario( name: "Node24_WithUseNode10Knob", description: "Node24 handler ignores deprecated Node10 knob in strategy-based approach", handlerData: typeof(Node24HandlerData), knobs: new() { ["AGENT_USE_NODE24_WITH_HANDLER_DATA"] = "true", ["AGENT_USE_NODE10"] = "true" }, legacyExpectedNode: "node10", strategyExpectedNode: "node24" ), new TestScenario( name: "Node24_WithUseNode20Knob", description: "Node24 handler ignores deprecated Node20 knob in strategy-based approach", handlerData: typeof(Node24HandlerData), knobs: new() { ["AGENT_USE_NODE24_WITH_HANDLER_DATA"] = "true", ["AGENT_USE_NODE20_1"] = "true" }, legacyExpectedNode: "node20_1", strategyExpectedNode: "node24" ), new TestScenario( name: "Node24_GlibcError_FallsBackToNode20", description: "Node24 with glibc compatibility error falls back to Node20", handlerData: typeof(Node24HandlerData), knobs: new() { ["AGENT_USE_NODE24_WITH_HANDLER_DATA"] = "true" }, node24GlibcError: true, expectedNode: "node20_1" ), new TestScenario( name: "Node24_GlibcError_Node20GlibcError_FallsBackToNode16", description: "Node24 with both Node24 and Node20 glibc errors falls back to Node16", handlerData: typeof(Node24HandlerData), knobs: new() { ["AGENT_USE_NODE24_WITH_HANDLER_DATA"] = "true" }, node24GlibcError: true, node20GlibcError: true, expectedNode: "node16" ), new TestScenario( name: "Node24_GlibcError_Node20GlibcError_EOLPolicy_ThrowsError", description: "Node24 with all glibc errors and EOL policy throws error (strategy-based) or falls back to Node16 (legacy)", handlerData: typeof(Node24HandlerData), knobs: new() { ["AGENT_USE_NODE24_WITH_HANDLER_DATA"] = "true", ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, node24GlibcError: true, node20GlibcError: true, legacyExpectedNode: "node16", expectedErrorType: typeof(NotSupportedException), strategyExpectedError: "No compatible Node.js version available for host execution. Handler type: Node24HandlerData. This may occur if all available versions are blocked by EOL policy. Please update your pipeline to use Node20 or Node24 tasks. To temporarily disable EOL policy: Set AGENT_RESTRICT_EOL_NODE_VERSIONS=false" ), new TestScenario( name: "Node24_PriorityTest_UseNode24OverridesUseNode20", description: "Node24 global knob takes priority over Node20 global knob", handlerData: typeof(Node24HandlerData), knobs: new() { ["AGENT_USE_NODE20_1"] = "true", ["AGENT_USE_NODE24"] = "true" }, expectedNode: "node24" ), new TestScenario( name: "Node24NotExecutable_fallsBackToNode20_1", description: "Node24 handler with Node24 not executable: falls back to Node20_1 in container", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AGENT_USE_NODE24_WITH_HANDLER_DATA"] = "true" }, node24Executable: false, expectedNode: "node20_1" ), // ======================================================================================== // GROUP 7: EDGE CASES AND ERROR SCENARIOS // ======================================================================================== new TestScenario( name: "Node16_EOLPolicy_WithUseNode10Knob_UpgradesToNode24", description: "Node16 handler with deprecated Node10 knob upgrades to Node24 when EOL policy is enabled (strategy-based) or uses Node10 (legacy)", handlerData: typeof(Node16HandlerData), knobs: new() { ["AGENT_USE_NODE10"] = "true", ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, legacyExpectedNode: "node10", strategyExpectedNode: "node24", strategyExpectedWarning: "NodeEOLUpgradeWarning" ), // ======================================================================================== // GROUP 8: CONTAINER SCENARIOS // ======================================================================================== new TestScenario( name: "CustomNode_Container_OverridesHandlerData", description: "Container custom node path overrides task handler data", handlerData: typeof(Node24HandlerData), customNodePath: "/container/node20/bin/node", inContainer: true, expectedNode: "/container/node20/bin/node" ), new TestScenario( name: "CustomNode_Container_OverridesContainerKnobs", description: "Container custom node path overrides container-specific knobs", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AZP_AGENT_USE_NODE24_TO_START_CONTAINER"] = "true", ["AZP_AGENT_USE_NODE20_TO_START_CONTAINER"] = "true" }, customNodePath: "/container/custom/node", inContainer: true, expectedNode: "/container/custom/node" ), new TestScenario( name: "CustomNode_Container_OverridesContainerNode20Knobs", description: "Container custom node path overrides node20 knob to start container", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AZP_AGENT_USE_NODE20_TO_START_CONTAINER"] = "true" }, customNodePath: "/container/custom/node", inContainer: true, expectedNode: "/container/custom/node" ), new TestScenario( name: "CustomNode_Container_OverridesContainerNode24Knobs", description: "Container custom node path overrides node24 knob to start container", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AZP_AGENT_USE_NODE24_TO_START_CONTAINER"] = "true", }, customNodePath: "/container/custom/node", inContainer: true, expectedNode: "/container/custom/node" ), new TestScenario( name: "Container_EOLPolicyDisabled_AllowsNode16Fallback", description: "Container with EOL policy disabled allows fallback to Node16 when container knobs are disabled", handlerData: typeof(Node16HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "false", ["AZP_AGENT_USE_NODE20_TO_START_CONTAINER"] = "false", ["AZP_AGENT_USE_NODE24_TO_START_CONTAINER"] = "false" }, expectedNode: "node16", inContainer: true ), new TestScenario( name: "Container_EOLPolicy_UpgradesToNode24", description: "Container with EOL policy upgrades to Node24 when Node24 container knob is enabled", handlerData: typeof(Node16HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true", ["AZP_AGENT_USE_NODE24_TO_START_CONTAINER"] = "true" }, expectedNode: "node24", inContainer: true ), new TestScenario( name: "Container_Node20Enabled_DefaultBehavior", description: "Container with Node20 enabled works correctly when Node24 is disabled", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AZP_AGENT_USE_NODE20_TO_START_CONTAINER"] = "true", ["AZP_AGENT_USE_NODE24_TO_START_CONTAINER"] = "false" }, expectedNode: "node20_1", inContainer: true ), new TestScenario( name: "Container_Node24Enabled_DefaultBehavior", description: "Container with Node24 enabled works correctly", handlerData: typeof(Node24HandlerData), knobs: new() { ["AZP_AGENT_USE_NODE24_TO_START_CONTAINER"] = "true" }, expectedNode: "node24", inContainer: true ), new TestScenario( name: "Container_EOLPolicy_Node24Preferred_GlibcError_FallsBackToNode20", description: "Container with EOL policy, Node24 preferred but has glibc error: falls back to Node20", handlerData: typeof(Node16HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true", ["AZP_AGENT_USE_NODE20_TO_START_CONTAINER"] = "true", ["AZP_AGENT_USE_NODE24_TO_START_CONTAINER"] = "true" }, node24GlibcError: true, inContainer: true, expectedNode: "node20_1" ), new TestScenario( name: "Container_Node20Preferred_GlibcError_FallsBackToNode16", description: "Container with Node20 preferred but has glibc error: falls back to Node16 when EOL policy disabled", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "false", ["AZP_AGENT_USE_NODE20_TO_START_CONTAINER"] = "true", ["AZP_AGENT_USE_NODE24_TO_START_CONTAINER"] = "false" }, node20GlibcError: true, expectedNode: "node16", inContainer: true ), new TestScenario( name: "Container_Node24Enabled_GlibcError_EOLPolicy_FallsBackToNode20", description: "Container with Node24 enabled but has glibc error: falls back to Node20 when EOL policy prevents Node16", handlerData: typeof(Node24HandlerData), knobs: new() { ["AGENT_USE_NODE24_WITH_HANDLER_DATA"] = "true", ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true", ["AZP_AGENT_USE_NODE20_TO_START_CONTAINER"] = "true" }, node24GlibcError: true, expectedNode: "node20_1", inContainer: true ), new TestScenario( name: "Container_EOLPolicy_AllModernNodesFailGlibc_ThrowsError", description: "Container with EOL policy and both Node24/Node20 glibc errors: cannot use Node16 due to policy, throws error", handlerData: typeof(Node16HandlerData), knobs: new() { ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, node24GlibcError: true, node20GlibcError: true, inContainer: true, legacyExpectedNode: "node16", expectedErrorType: typeof(NotSupportedException), strategyExpectedError: "No compatible Node.js version available for container execution. Node16 is blocked by EOL policy. Please update your pipeline to use Node20 or Node24 tasks." ), new TestScenario( name: "Container_AllModernVersionsFailGlibc_EOLPolicy_ThrowsError", description: "Container with all modern Node.js versions having glibc errors and EOL policy: throws error (strategy-based) or falls back to Node16 (legacy)", handlerData: typeof(Node24HandlerData), knobs: new() { ["AGENT_USE_NODE24_WITH_HANDLER_DATA"] = "true", ["AGENT_RESTRICT_EOL_NODE_VERSIONS"] = "true" }, node24GlibcError: true, node20GlibcError: true, legacyExpectedNode: "node16", expectedErrorType: typeof(NotSupportedException), strategyExpectedError: "No compatible Node.js version available for container execution. Node16 is blocked by EOL policy. Please update your pipeline to use Node20 or Node24 tasks.", inContainer: true ), new TestScenario( name: "Container_GlobalNode24Knob_OverridesContainerDefaults", description: "Global Node24 knob with container Node24 knob enabled uses Node24 in container", handlerData: typeof(Node20_1HandlerData), knobs: new() { ["AGENT_USE_NODE24"] = "true", ["AZP_AGENT_USE_NODE24_TO_START_CONTAINER"] = "true" }, expectedNode: "node24", inContainer: true ) }; } /// /// Test scenario specification. /// public class TestScenario { // Identification public string Name { get; set; } public string Description { get; set; } // Test inputs - Handler Configuration public Type HandlerDataType { get; set; } public Dictionary Knobs { get; set; } = new(); public bool Node20GlibcError { get; set; } public bool Node24GlibcError { get; set; } public bool InContainer { get; set; } public string CustomNodePath { get; set; } public bool Node24Executable { get; set; } // Expected results (for equivalent scenarios) public string ExpectedNode { get; set; } // Expected results (for divergent scenarios) public string LegacyExpectedNode { get; set; } public string StrategyExpectedNode { get; set; } public string StrategyExpectedError { get; set; } public string StrategyExpectedWarning { get; set; } public Type ExpectedErrorType { get; set; } public TestScenario( string name, string description, Type handlerData, Dictionary knobs = null, string expectedNode = null, string legacyExpectedNode = null, string strategyExpectedNode = null, string strategyExpectedError = null, string strategyExpectedWarning = null, Type expectedErrorType = null, bool node20GlibcError = false, bool node24GlibcError = false, bool node24Executable = true, bool inContainer = false, string customNodePath = null ) { Name = name; Description = description; HandlerDataType = handlerData ?? throw new ArgumentNullException(nameof(handlerData)); Knobs = knobs ?? new Dictionary(); ExpectedNode = expectedNode; LegacyExpectedNode = legacyExpectedNode ?? expectedNode; StrategyExpectedNode = strategyExpectedNode ?? expectedNode; StrategyExpectedError = strategyExpectedError; StrategyExpectedWarning = strategyExpectedWarning; ExpectedErrorType = expectedErrorType; Node20GlibcError = node20GlibcError; Node24GlibcError = node24GlibcError; Node24Executable = node24Executable; InContainer = inContainer; CustomNodePath = customNodePath; } } } ================================================ FILE: src/Test/L0/NodeHandlerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Runtime.CompilerServices; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; using Moq; using Xunit; using Agent.Sdk; using System.Threading; using System.Threading.Tasks; using System.Text; namespace Microsoft.VisualStudio.Services.Agent.Tests { [Collection("Unified NodeHandler Tests")] public sealed class NodeHandlerL0 { private Mock nodeHandlerHalper; public NodeHandlerL0() { nodeHandlerHalper = GetMockedNodeHandlerHelper(); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void UseNodeForNodeHandlerEnvVarNotSet() { ResetNodeKnobs(); var agentUseNode10 = Environment.GetEnvironmentVariable("AGENT_USE_NODE10"); Environment.SetEnvironmentVariable("AGENT_USE_NODE10", null); using (TestHostContext thc = CreateTestHostContext()) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); NodeHandler nodeHandler = new NodeHandler(nodeHandlerHalper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc); nodeHandler.Data = new NodeHandlerData(); string nodeVersion = "node"; // version 6 if (PlatformUtil.RunningOnAlpine) { nodeVersion = "node10"; // version 6 does not exist on Alpine } string actualLocation = nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false); string expectedLocation = Path.Combine(thc.GetDirectory(WellKnownDirectory.Externals), nodeVersion, "bin", $"node{IOUtil.ExeExtension}"); Assert.Equal(expectedLocation, actualLocation); } Environment.SetEnvironmentVariable("AGENT_USE_NODE10", agentUseNode10); } [Theory] [InlineData("node")] [InlineData("node10")] [InlineData("node16")] [InlineData("node20_1")] [InlineData("node24")] [Trait("Level", "L0")] [Trait("Category", "Common")] public void UseNewNodeForNewNodeHandler(string nodeVersion) { ResetNodeKnobs(); // For node24, set the required knob if (nodeVersion == "node24") { Environment.SetEnvironmentVariable("AGENT_USE_NODE24_WITH_HANDLER_DATA", "true"); } try { // Use a unique test name per data row to avoid sharing the same trace file across parallel runs using (TestHostContext thc = CreateTestHostContext($"{nameof(UseNewNodeForNewNodeHandler)}_{nodeVersion}")) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); var processInvokerMock = new Mock(); for (int i = 0; i < 10; i++) { thc.EnqueueInstance(processInvokerMock.Object); } SetupNodeProcessInvocation(processInvokerMock, nodeVersion, true); NodeHandler nodeHandler = new NodeHandler(nodeHandlerHalper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc); nodeHandler.Data = nodeVersion switch { "node" => new NodeHandlerData(), "node10" => new Node10HandlerData(), "node16" => new Node16HandlerData(), "node20_1" => new Node20_1HandlerData(), "node24" => new Node24HandlerData(), _ => throw new Exception("Invalid node version"), }; string actualLocation = nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false); string expectedLocation = Path.Combine(thc.GetDirectory(WellKnownDirectory.Externals), nodeVersion, "bin", $"node{IOUtil.ExeExtension}"); Assert.Equal(expectedLocation, actualLocation); } } finally { if (nodeVersion == "node24") { Environment.SetEnvironmentVariable("AGENT_USE_NODE24_WITH_HANDLER_DATA", null); } } } //test the AGENT_USE_NODE24_WITH_HANDLER_DATA knob [Theory] [InlineData("node")] [InlineData("node10")] [InlineData("node16")] [InlineData("node20_1")] [InlineData("node24")] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ForceUseNode24Knob(string nodeVersion) { ResetNodeKnobs(); Environment.SetEnvironmentVariable("AGENT_USE_NODE24", "true"); try { // Use a unique test name per data row to avoid sharing the same trace file across parallel runs using (TestHostContext thc = CreateTestHostContext($"{nameof(ForceUseNode24Knob)}_{nodeVersion}")) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); var processInvokerMock = new Mock(); for (int i = 0; i < 10; i++) { thc.EnqueueInstance(processInvokerMock.Object); } SetupNodeProcessInvocation(processInvokerMock, nodeVersion, true); NodeHandler nodeHandler = new NodeHandler(nodeHandlerHalper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc); nodeHandler.Data = nodeVersion switch { "node" => new NodeHandlerData(), "node10" => new Node10HandlerData(), "node16" => new Node16HandlerData(), "node20_1" => new Node20_1HandlerData(), "node24" => new Node24HandlerData(), _ => throw new Exception("Invalid node version"), }; string actualLocation = nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false); string expectedLocation = Path.Combine(thc.GetDirectory(WellKnownDirectory.Externals), "node24", "bin", $"node{IOUtil.ExeExtension}"); Assert.Equal(expectedLocation, actualLocation); } } finally { Environment.SetEnvironmentVariable("AGENT_USE_NODE24", null); } } [Theory] [InlineData("node24")] [Trait("Level", "L0")] [Trait("Category", "Common")] public void Node24NotExecutable(string nodeVersion) { ResetNodeKnobs(); Environment.SetEnvironmentVariable("AGENT_USE_NODE24_WITH_HANDLER_DATA", "true"); try { // Use a unique test name per data row to avoid sharing the same trace file across parallel runs using (TestHostContext thc = CreateTestHostContext($"{nameof(Node24NotExecutable)}_{nodeVersion}")) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); var processInvokerMock = new Mock(); for (int i = 0; i < 10; i++) { thc.EnqueueInstance(processInvokerMock.Object); } SetupNodeProcessInvocation(processInvokerMock, nodeVersion, false); nodeHandlerHalper .Setup(x => x.IsNodeExecutable( It.Is(folder => folder == "node24"), It.IsAny(), It.IsAny())) .Returns(false); NodeHandler nodeHandler = new NodeHandler(nodeHandlerHalper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc); nodeHandler.Data = nodeVersion switch { "node" => new NodeHandlerData(), "node10" => new Node10HandlerData(), "node16" => new Node16HandlerData(), "node20_1" => new Node20_1HandlerData(), "node24" => new Node24HandlerData(), _ => throw new Exception("Invalid node version"), }; string actualLocation = nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false); string expectedLocation = Path.Combine(thc.GetDirectory(WellKnownDirectory.Externals), "node20_1", "bin", $"node{IOUtil.ExeExtension}"); Assert.Equal(expectedLocation, actualLocation); } } finally { Environment.SetEnvironmentVariable("AGENT_USE_NODE24_WITH_HANDLER_DATA", null); } } //tests that Node24 is NOT used when handler data exists but knob is false [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void DoNotUseNode24WhenHandlerDataKnobIsFalse() { ResetNodeKnobs(); Environment.SetEnvironmentVariable("AGENT_USE_NODE24_WITH_HANDLER_DATA", "false"); try { using (TestHostContext thc = CreateTestHostContext()) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); NodeHandler nodeHandler = new NodeHandler(nodeHandlerHalper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc); // Task has Node24HandlerData but knob is false nodeHandler.Data = new Node24HandlerData(); string actualLocation = nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false); // Should fall back to Node20_1 (the default) string expectedLocation = Path.Combine(thc.GetDirectory(WellKnownDirectory.Externals), "node20_1", "bin", $"node{IOUtil.ExeExtension}"); Assert.Equal(expectedLocation, actualLocation); } } finally { Environment.SetEnvironmentVariable("AGENT_USE_NODE24_WITH_HANDLER_DATA", null); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void UseNewNodeForNodeHandlerEnvVarSet() { try { Environment.SetEnvironmentVariable("AGENT_USE_NODE10", "true"); using (TestHostContext thc = CreateTestHostContext()) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); NodeHandler nodeHandler = new NodeHandler(nodeHandlerHalper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc); nodeHandler.Data = new Node10HandlerData(); string actualLocation = nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false); string expectedLocation = Path.Combine(thc.GetDirectory(WellKnownDirectory.Externals), "node10", "bin", $"node{IOUtil.ExeExtension}"); Assert.Equal(expectedLocation, actualLocation); } } finally { Environment.SetEnvironmentVariable("AGENT_USE_NODE10", null); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void UseNewNodeForNodeHandlerHostContextVarSet() { using (TestHostContext thc = CreateTestHostContext()) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); var variables = new Dictionary(); variables.Add("AGENT_USE_NODE10", new VariableValue("true")); NodeHandler nodeHandler = new NodeHandler(nodeHandlerHalper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc, variables); nodeHandler.Data = new Node10HandlerData(); string actualLocation = nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false); string expectedLocation = Path.Combine(thc.GetDirectory(WellKnownDirectory.Externals), "node10", "bin", $"node{IOUtil.ExeExtension}"); Assert.Equal(expectedLocation, actualLocation); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void UseNewNodeForNewNodeHandlerHostContextVarUnset() { ResetNodeKnobs(); using (TestHostContext thc = CreateTestHostContext()) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); var variables = new Dictionary(); // Explicitly set variable feature flag to false variables.Add("AGENT_USE_NODE10", new VariableValue("false")); NodeHandler nodeHandler = new NodeHandler(nodeHandlerHalper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc, variables); nodeHandler.Data = new Node10HandlerData(); string actualLocation = nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false); string expectedLocation = Path.Combine(thc.GetDirectory(WellKnownDirectory.Externals), "node10", "bin", $"node{IOUtil.ExeExtension}"); Assert.Equal(expectedLocation, actualLocation); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void UseLTSNodeIfUseNodeKnobIsLTS() { using (TestHostContext thc = CreateTestHostContext()) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); Mock mockedNodeHandlerHelper = GetMockedNodeHandlerHelper(); mockedNodeHandlerHelper .SetupSequence(x => x.IsNodeFolderExist(It.IsAny(), It.IsAny())) .Returns(false) .Returns(true); mockedNodeHandlerHelper .Setup(x => x.GetFilteredPossibleNodeFolders(It.IsAny(), It.IsAny())) .Returns(new string[] { "node16" }); var variables = new Dictionary(); variables.Add("AGENT_USE_NODE", new VariableValue("lts")); NodeHandler nodeHandler = new NodeHandler(mockedNodeHandlerHelper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc, variables); nodeHandler.Data = new Node10HandlerData(); string actualLocation = nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false); string expectedLocation = Path.Combine(thc.GetDirectory(WellKnownDirectory.Externals), "node16", "bin", $"node{IOUtil.ExeExtension}"); Assert.Equal(expectedLocation, actualLocation); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ThrowExceptionIfUseNodeKnobIsLTSAndLTSNotAvailable() { using (TestHostContext thc = CreateTestHostContext()) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); Mock mockedNodeHandlerHelper = GetMockedNodeHandlerHelper(); mockedNodeHandlerHelper .SetupSequence(x => x.IsNodeFolderExist(It.IsAny(), It.IsAny())) .Returns(false) .Returns(false); mockedNodeHandlerHelper .Setup(x => x.GetFilteredPossibleNodeFolders(It.IsAny(), It.IsAny())) .Returns(new string[] { "node16" }); var variables = new Dictionary(); variables.Add("AGENT_USE_NODE", new VariableValue("lts")); NodeHandler nodeHandler = new NodeHandler(mockedNodeHandlerHelper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc, variables); nodeHandler.Data = new Node10HandlerData(); Assert.Throws(() => nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ThrowExceptionIfUseNodeKnobIsLTSAndFilteredPossibleNodeFoldersEmpty() { using (TestHostContext thc = CreateTestHostContext()) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); Mock mockedNodeHandlerHelper = GetMockedNodeHandlerHelper(); mockedNodeHandlerHelper .Setup(x => x.IsNodeFolderExist(It.IsAny(), It.IsAny())) .Returns(false); var variables = new Dictionary(); variables.Add("AGENT_USE_NODE", new VariableValue("lts")); NodeHandler nodeHandler = new NodeHandler(mockedNodeHandlerHelper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc, variables); nodeHandler.Data = new Node10HandlerData(); Assert.Throws(() => nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void UseFirstAvailableNodeIfUseNodeKnobIsUpgrade() { using (TestHostContext thc = CreateTestHostContext()) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); Mock mockedNodeHandlerHelper = GetMockedNodeHandlerHelper(); mockedNodeHandlerHelper .SetupSequence(x => x.IsNodeFolderExist(It.IsAny(), It.IsAny())) .Returns(false) .Returns(true); mockedNodeHandlerHelper .Setup(x => x.GetFilteredPossibleNodeFolders(It.IsAny(), It.IsAny())) .Returns(new string[] { "nextAvailableNode1", "nextAvailableNode2" }); var variables = new Dictionary(); variables.Add("AGENT_USE_NODE", new VariableValue("upgrade")); NodeHandler nodeHandler = new NodeHandler(mockedNodeHandlerHelper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc, variables); nodeHandler.Data = new Node10HandlerData(); string actualLocation = nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false); string expectedLocation = Path.Combine(thc.GetDirectory(WellKnownDirectory.Externals), "nextAvailableNode1", "bin", $"node{IOUtil.ExeExtension}"); Assert.Equal(expectedLocation, actualLocation); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void UseSecondAvailableNodeIfUseNodeKnobIsUpgradeFilteredNodeFoldersFirstNotAvailable() { using (TestHostContext thc = CreateTestHostContext()) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); Mock mockedNodeHandlerHelper = GetMockedNodeHandlerHelper(); mockedNodeHandlerHelper .SetupSequence(x => x.IsNodeFolderExist(It.IsAny(), It.IsAny())) .Returns(false) .Returns(false) .Returns(true); mockedNodeHandlerHelper .Setup(x => x.GetFilteredPossibleNodeFolders(It.IsAny(), It.IsAny())) .Returns(new string[] { "nextAvailableNode1", "nextAvailableNode2" }); var variables = new Dictionary(); variables.Add("AGENT_USE_NODE", new VariableValue("upgrade")); NodeHandler nodeHandler = new NodeHandler(mockedNodeHandlerHelper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc, variables); nodeHandler.Data = new Node10HandlerData(); string actualLocation = nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false); string expectedLocation = Path.Combine(thc.GetDirectory(WellKnownDirectory.Externals), "nextAvailableNode2", "bin", $"node{IOUtil.ExeExtension}"); Assert.Equal(expectedLocation, actualLocation); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ThrowExceptionIfUseNodeKnobIsUpgradeFilteredNodeFoldersAllNotAvailable() { using (TestHostContext thc = CreateTestHostContext()) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); Mock mockedNodeHandlerHelper = GetMockedNodeHandlerHelper(); mockedNodeHandlerHelper .SetupSequence(x => x.IsNodeFolderExist(It.IsAny(), It.IsAny())) .Returns(false) .Returns(false) .Returns(false); mockedNodeHandlerHelper .Setup(x => x.GetFilteredPossibleNodeFolders(It.IsAny(), It.IsAny())) .Returns(new string[] { "nextAvailableNode1", "nextAvailableNode2" }); var variables = new Dictionary(); variables.Add("AGENT_USE_NODE", new VariableValue("upgrade")); NodeHandler nodeHandler = new NodeHandler(mockedNodeHandlerHelper.Object); nodeHandler.Initialize(thc); nodeHandler.ExecutionContext = CreateTestExecutionContext(thc, variables); nodeHandler.Data = new Node10HandlerData(); Assert.Throws(() => nodeHandler.GetNodeLocation(node20ResultsInGlibCError: false, node24ResultsInGlibCError: false, inContainer: false)); } } private TestHostContext CreateTestHostContext([CallerMemberName] string testName = "") { return new TestHostContext(this, testName); } private IExecutionContext CreateTestExecutionContext(TestHostContext tc, Dictionary variables = null) { var trace = tc.GetTrace(); var executionContext = new Mock(); List warnings; variables = variables ?? new Dictionary(); executionContext .Setup(x => x.Variables) .Returns(new Variables(tc, copy: variables, warnings: out warnings)); executionContext .Setup(x => x.GetScopedEnvironment()) .Returns(new SystemEnvironment()); executionContext .Setup(x => x.GetVariableValueOrDefault(It.IsAny())) .Returns((string variableName) => { var value = variables.GetValueOrDefault(variableName); if (value != null) { return value.Value; } return null; }); return executionContext.Object; } private Mock GetMockedNodeHandlerHelper() { // please don't change this method since test rely on the default behavior // override the behaviour in specific test instead var nodeHandlerHelper = new Mock(); nodeHandlerHelper .Setup(x => x.IsNodeFolderExist(It.IsAny(), It.IsAny())) .Returns(true); nodeHandlerHelper .Setup(x => x.GetNodeFolderPath(It.IsAny(), It.IsAny())) .Returns((string nodeFolderName, IHostContext hostContext) => Path.Combine( hostContext.GetDirectory(WellKnownDirectory.Externals), nodeFolderName, "bin", $"node{IOUtil.ExeExtension}")); nodeHandlerHelper .Setup(x => x.GetFilteredPossibleNodeFolders(It.IsAny(), It.IsAny())) .Returns(Array.Empty); nodeHandlerHelper .Setup(x => x.IsNodeExecutable(It.IsAny(), It.IsAny(), It.IsAny())) .Returns(true); return nodeHandlerHelper; } private void SetupNodeProcessInvocation(Mock processInvokerMock, string nodeFolder, bool node24Executable) { string nodeExePath = Path.Combine("externals", nodeFolder, "bin", $"node{IOUtil.ExeExtension}"); processInvokerMock.Setup(x => x.ExecuteAsync( It.IsAny(), It.Is(fileName => fileName.Contains(nodeExePath)), "-v", It.IsAny>(), false, It.IsAny(), It.IsAny())) .ReturnsAsync(node24Executable ? 0 : 216); } private void ResetNodeKnobs() { Environment.SetEnvironmentVariable("AGENT_USE_NODE10", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE20_1", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE20_IN_UNSUPPORTED_SYSTEM", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE24", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE24_IN_UNSUPPORTED_SYSTEM", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE24_WITH_HANDLER_DATA", null); } } } ================================================ FILE: src/Test/L0/NodeHandlerTestBase.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Text; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; using Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies; using Moq; using Xunit; using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent.Tests { public abstract class NodeHandlerTestBase : IDisposable { protected Mock NodeHandlerHelper { get; private set; } protected List CapturedWarnings { get; private set; } = new List(); private bool disposed = false; protected NodeHandlerTestBase() { NodeHandlerHelper = GetMockedNodeHandlerHelper(); ResetEnvironment(); } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } protected virtual void Dispose(bool disposing) { if (!disposed) { if (disposing) { ResetEnvironment(); } disposed = true; } } protected void RunScenarioAndAssert(TestScenario scenario, bool useStrategy) { ResetEnvironment(); foreach (var knob in scenario.Knobs) { Environment.SetEnvironmentVariable(knob.Key, knob.Value); } Environment.SetEnvironmentVariable("AGENT_USE_NODE_STRATEGY", useStrategy ? "true" : "false"); try { using (TestHostContext thc = new TestHostContext(this, scenario.Name)) { thc.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); thc.SetSingleton(new ExtensionManager() as IExtensionManager); var glibcCheckerMock = SetupMockedGlibcCompatibilityInfoProvider(scenario); thc.SetSingleton(glibcCheckerMock.Object); var dockerManagerMock = SetupMockedDockerCommandManager(scenario); thc.SetSingleton(dockerManagerMock.Object); // Mock IProcessInvoker for node executable checks (e.g., IsNodeExecutable in Node24Strategy) var processInvokerMock = new Mock(); for (int i = 0; i < 10; i++) { thc.EnqueueInstance(processInvokerMock.Object); } SetupNodeProcessInvocation(processInvokerMock, scenario.HandlerDataType.Name, scenario.Node24Executable); var expectations = GetScenarioExpectations(scenario, useStrategy); try{ string actualLocation; if (scenario.InContainer) { actualLocation = TestActualContainerNodeSelection(thc, scenario); } else { ConfigureNodeHandlerHelper(scenario); NodeHandler nodeHandler = new NodeHandler(NodeHandlerHelper.Object); nodeHandler.Initialize(thc); var executionContextMock = CreateTestExecutionContext(thc, scenario); nodeHandler.ExecutionContext = executionContextMock.Object; nodeHandler.Data = CreateHandlerData(scenario.HandlerDataType); actualLocation = nodeHandler.GetNodeLocation( node20ResultsInGlibCError: scenario.Node20GlibcError, node24ResultsInGlibCError: scenario.Node24GlibcError, inContainer: false); } string expectedLocation = GetExpectedNodeLocation(expectations.ExpectedNode, scenario, thc); Assert.Equal(expectedLocation, actualLocation); // Assert warning expectations for strategy-based mode if (useStrategy && scenario.StrategyExpectedWarning != null) { if (string.IsNullOrEmpty(scenario.StrategyExpectedWarning)) { Assert.DoesNotContain(CapturedWarnings, w => w.Contains("NodeEOLUpgradeWarning")); } else { Assert.Contains(CapturedWarnings, w => w.Contains(scenario.StrategyExpectedWarning)); } } } catch (Exception ex) { Assert.NotNull(ex); Assert.IsType(scenario.ExpectedErrorType, ex); if (!string.IsNullOrEmpty(expectations.ExpectedError)) { Assert.Contains(expectations.ExpectedError, ex.Message); } } } } finally { ResetEnvironment(); } } /// /// Sets up a mocked GlibcCompatibilityInfoProvider for focused NodeHandler testing. /// private Mock SetupMockedGlibcCompatibilityInfoProvider(TestScenario scenario) { var glibcCheckerMock = new Mock(); var glibcInfo = GlibcCompatibilityInfo.Create( scenario.Node24GlibcError, scenario.Node20GlibcError); glibcCheckerMock .Setup(x => x.Initialize(It.IsAny())); glibcCheckerMock .Setup(x => x.CheckGlibcCompatibilityAsync(It.IsAny())) .ReturnsAsync(glibcInfo); glibcCheckerMock .Setup(x => x.GetGlibcCompatibilityAsync(It.IsAny(), It.IsAny())) .ReturnsAsync(glibcInfo); return glibcCheckerMock; } /// /// Sets up a mocked DockerCommandManager for container scenarios in NodeHandler testing. /// private Mock SetupMockedDockerCommandManager(TestScenario scenario) { var dockerManagerMock = new Mock(); dockerManagerMock .Setup(x => x.DockerInspect(It.IsAny(), It.IsAny(), It.IsAny())) .ReturnsAsync("mocked_inspect_result"); dockerManagerMock .Setup(x => x.DockerVersion(It.IsAny())) .ReturnsAsync(new DockerVersion(new Version("1.0.0"), new Version("1.0.0"))); dockerManagerMock .Setup(x => x.IsContainerRunning(It.IsAny(), It.IsAny())) .ReturnsAsync(true); dockerManagerMock .Setup(x => x.DockerExec(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>())) .Returns>((execContext, containerId, workDir, command, output) => { if (command.Contains("node") && command.Contains("--version")) { bool isNode24 = command.Contains("node24"); bool isNode20 = command.Contains("node20_1"); bool isNode16 = command.Contains("node16"); bool hasGlibcError = (isNode24 && scenario.Node24GlibcError) || (isNode20 && scenario.Node20GlibcError); if (hasGlibcError) { return Task.FromResult(127); } else { if (isNode24) output.Add("v24.0.0"); else if (isNode20) output.Add("v20.1.0"); else if (isNode16) output.Add("v16.20.2"); else output.Add("v20.1.0"); return Task.FromResult(0); } } return Task.FromResult(127); }); return dockerManagerMock; } private string TestActualContainerNodeSelection(TestHostContext thc, TestScenario scenario) { try { var executionContextMock = CreateTestExecutionContext(thc, scenario); var orchestrator = new NodeVersionOrchestrator(executionContextMock.Object, thc, NodeHandlerHelper.Object); var taskContext = new TaskContext { HandlerData = CreateHandlerData(scenario.HandlerDataType), Container = new ContainerInfo { ContainerId = "test_container", CustomNodePath = scenario.CustomNodePath, IsJobContainer = true, ImageOS = PlatformUtil.RunningOnMacOS ? PlatformUtil.OS.OSX : PlatformUtil.RunningOnWindows ? PlatformUtil.OS.Windows : PlatformUtil.OS.Linux }, StepTarget = !string.IsNullOrWhiteSpace(scenario.CustomNodePath) ? new ContainerInfo { CustomNodePath = scenario.CustomNodePath } : null }; var dockerManager = thc.GetService(); var result = orchestrator.SelectNodeVersionForContainer(taskContext, dockerManager); return result.NodePath; } catch (Exception ex) { Console.WriteLine($"TestActualContainerNodeSelection error: {ex}"); throw; } } private void ConfigureNodeHandlerHelper(TestScenario scenario) { NodeHandlerHelper.Reset(); NodeHandlerHelper .Setup(x => x.IsNodeFolderExist(It.IsAny(), It.IsAny())) .Returns(true); NodeHandlerHelper .Setup(x => x.GetNodeFolderPath(It.IsAny(), It.IsAny())) .Returns((string nodeFolderName, IHostContext hostContext) => Path.Combine( hostContext.GetDirectory(WellKnownDirectory.Externals), nodeFolderName, "bin", $"node{IOUtil.ExeExtension}")); NodeHandlerHelper .Setup(x => x.IsNodeExecutable(It.IsAny(), It.IsAny(), It.IsAny())) .Returns(scenario.Node24Executable); } private string GetExpectedNodeLocation(string expectedNode, TestScenario scenario, TestHostContext thc) { if (!string.IsNullOrWhiteSpace(scenario.CustomNodePath)) { return scenario.CustomNodePath; } if (scenario.InContainer) { string hostPath = Path.Combine( thc.GetDirectory(WellKnownDirectory.Externals), expectedNode, "bin", $"node{IOUtil.ExeExtension}"); var containerInfo = new ContainerInfo { ContainerId = "test_container", IsJobContainer = true, ImageOS = PlatformUtil.RunningOnMacOS ? PlatformUtil.OS.OSX : PlatformUtil.RunningOnWindows ? PlatformUtil.OS.Windows : PlatformUtil.OS.Linux }; string containerPath = containerInfo.TranslateToContainerPath(hostPath); string containerExeExtension = containerInfo.ImageOS == PlatformUtil.OS.Windows ? ".exe" : ""; string finalPath = containerPath.Replace($"node{IOUtil.ExeExtension}", $"node{containerExeExtension}"); return finalPath; } else { return Path.Combine( thc.GetDirectory(WellKnownDirectory.Externals), expectedNode, "bin", $"node{IOUtil.ExeExtension}"); } } protected ScenarioExpectations GetScenarioExpectations(TestScenario scenario, bool useStrategy) { // Check if this is an equivalent scenario by seeing if strategy-specific fields are populated bool isEquivalentScenario = string.IsNullOrEmpty(scenario.StrategyExpectedNode) && string.IsNullOrEmpty(scenario.LegacyExpectedNode); if (isEquivalentScenario) { // Equivalent scenarios: same behavior for both modes, use shared ExpectedNode return new ScenarioExpectations { ExpectedNode = scenario.ExpectedNode, ExpectedError = null }; } else { // Divergent scenarios: different behavior between legacy and strategy if (useStrategy) { return new ScenarioExpectations { ExpectedNode = scenario.StrategyExpectedNode, ExpectedError = scenario.StrategyExpectedError }; } else { return new ScenarioExpectations { ExpectedNode = scenario.LegacyExpectedNode, ExpectedError = null }; } } } protected BaseNodeHandlerData CreateHandlerData(Type handlerDataType) { if (handlerDataType == typeof(NodeHandlerData)) return new NodeHandlerData(); else if (handlerDataType == typeof(Node10HandlerData)) return new Node10HandlerData(); else if (handlerDataType == typeof(Node16HandlerData)) return new Node16HandlerData(); else if (handlerDataType == typeof(Node20_1HandlerData)) return new Node20_1HandlerData(); else if (handlerDataType == typeof(Node24HandlerData)) return new Node24HandlerData(); else throw new ArgumentException($"Unknown handler data type: {handlerDataType}"); } protected Mock CreateTestExecutionContext(TestHostContext tc, Dictionary knobs) { var executionContext = new Mock(); var variables = new Dictionary(); foreach (var knob in knobs) { variables[knob.Key] = new VariableValue(knob.Value); } List warnings; executionContext .Setup(x => x.Variables) .Returns(new Variables(tc, copy: variables, warnings: out warnings)); executionContext .Setup(x => x.GetScopedEnvironment()) .Returns(new SystemEnvironment()); executionContext .Setup(x => x.GetVariableValueOrDefault(It.IsAny())) .Returns((string variableName) => { if (variables.TryGetValue(variableName, out VariableValue value)) { return value.Value; } return Environment.GetEnvironmentVariable(variableName); }); executionContext .Setup(x => x.GetHostContext()) .Returns(tc); CapturedWarnings.Clear(); executionContext .Setup(x => x.AddIssue(It.Is(i => i.Type == IssueType.Warning))) .Callback(issue => CapturedWarnings.Add(issue.Message)); return executionContext; } protected Mock CreateTestExecutionContext(TestHostContext tc, TestScenario scenario) { var executionContext = CreateTestExecutionContext(tc, scenario.Knobs); if (!string.IsNullOrWhiteSpace(scenario.CustomNodePath)) { var stepTarget = CreateStepTargetObject(scenario); executionContext .Setup(x => x.StepTarget()) .Returns(stepTarget); } else { executionContext .Setup(x => x.StepTarget()) .Returns((ExecutionTargetInfo)null); } return executionContext; } private ExecutionTargetInfo CreateStepTargetObject(TestScenario scenario) { if (scenario.InContainer) { return new ContainerInfo() { CustomNodePath = scenario.CustomNodePath }; } else { return new HostInfo() { CustomNodePath = scenario.CustomNodePath }; } } private Mock GetMockedNodeHandlerHelper() { var nodeHandlerHelper = new Mock(); nodeHandlerHelper .Setup(x => x.IsNodeFolderExist(It.IsAny(), It.IsAny())) .Returns(true); nodeHandlerHelper .Setup(x => x.GetNodeFolderPath(It.IsAny(), It.IsAny())) .Returns((string nodeFolderName, IHostContext hostContext) => Path.Combine( hostContext.GetDirectory(WellKnownDirectory.Externals), nodeFolderName, "bin", $"node{IOUtil.ExeExtension}")); return nodeHandlerHelper; } protected void ResetEnvironment() { // Core Node.js strategy knobs Environment.SetEnvironmentVariable("AGENT_USE_NODE10", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE20_1", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE24", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE24_WITH_HANDLER_DATA", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE", null); Environment.SetEnvironmentVariable("AZP_AGENT_USE_NODE20_TO_START_CONTAINER", null); Environment.SetEnvironmentVariable("AZP_AGENT_USE_NODE24_TO_START_CONTAINER", null); // EOL and strategy control Environment.SetEnvironmentVariable("AGENT_RESTRICT_EOL_NODE_VERSIONS", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE_STRATEGY", null); // System-specific knobs Environment.SetEnvironmentVariable("AGENT_USE_NODE20_IN_UNSUPPORTED_SYSTEM", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE24_IN_UNSUPPORTED_SYSTEM", null); } private void SetupNodeProcessInvocation(Mock processInvokerMock, string nodeFolder, bool node24Executable) { string nodeExePath = Path.Combine("externals", nodeFolder, "bin", $"node{IOUtil.ExeExtension}"); processInvokerMock.Setup(x => x.ExecuteAsync( It.IsAny(), It.Is(fileName => fileName.Contains(nodeExePath)), "-v", It.IsAny>(), false, It.IsAny(), It.IsAny())) .ReturnsAsync(node24Executable ? 0 : 216); } } public class TestResult { public string NodePath { get; set; } public Exception Exception { get; set; } } public class ScenarioExpectations { public string ExpectedNode { get; set; } public string ExpectedError { get; set; } } } ================================================ FILE: src/Test/L0/PagingLoggerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Moq; using System; using System.IO; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Listener { public sealed class PagingLoggerL0 { private const string LogData = "messagemessagemessagemessagemessagemessagemessagemessageXPLATmessagemessagemessagemessagemessagemessagemessagemessage"; private const string LogDataWithGroup = @"messagemessagemessagemes ##[group]sage messagemessagemessagemessage ##[endgroup] XPLATmessagemessagemessagemessagemessagemessagemessagemessage"; private const string LogDataWithoutOpenGroup = @"messagemessagemessagemes messagemessagemessagemessage ##[endgroup] XPLATmessagemessagemessagemessagemessagemessagemessagemessage"; private const string LogDataWithoutCloseGroup = @"messagemessagemessagemes ##[group]sage messagemessagemessagemessage XPLATmessagemessagemessagemessagemessagemessagemessagemessage"; private const string LogDataUpperCaseGroup = @"messagemessagemessagemes ##[GROUP]sage messagemessagemessagemessage ##[ENDGROUP] XPLATmessagemessagemessagemessagemessagemessagemessagemessage"; private const int PagesToWrite = 2; private Mock _jobServerQueue; public PagingLoggerL0() { _jobServerQueue = new Mock(); PagingLogger.PagingFolder = "pages_" + Guid.NewGuid().ToString(); } private void CleanLogFolder() { using (TestHostContext hc = new TestHostContext(this)) { //clean test data if any old test forgot string pagesFolder = Path.Combine(hc.GetDiagDirectory(), PagingLogger.PagingFolder); if (Directory.Exists(pagesFolder)) { Directory.Delete(pagesFolder, true); } } } //WriteAndShipLog test will write "PagesToWrite" pages of data, //verify file content on the disk and check if API to ship data is invoked [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void WriteAndShipLog() { CleanLogFolder(); try { //Arrange using (var hc = new TestHostContext(this)) using (var pagingLogger = new PagingLogger()) { hc.SetSingleton(_jobServerQueue.Object); pagingLogger.Initialize(hc); Guid timeLineId = Guid.NewGuid(); Guid timeLineRecordId = Guid.NewGuid(); int totalBytes = PagesToWrite * PagingLogger.PageSize; int bytesWritten = 0; int logDataSize = System.Text.Encoding.UTF8.GetByteCount(LogData); _jobServerQueue.Setup(x => x.QueueFileUpload(timeLineId, timeLineRecordId, It.IsAny(), It.IsAny(), It.IsAny(), true)) .Callback((Guid timelineId, Guid timelineRecordId, string type, string name, string path, bool deleteSource) => { bool fileExists = File.Exists(path); Assert.True(fileExists); using (var freader = new StreamReader(new FileStream(path, FileMode.Open, FileAccess.Read), System.Text.Encoding.UTF8)) { string line; while ((line = freader.ReadLine()) != null) { Assert.True(line.EndsWith(LogData)); bytesWritten += logDataSize; } } File.Delete(path); }); //Act int bytesSent = 0; pagingLogger.Setup(timeLineId, timeLineRecordId); while (bytesSent < totalBytes) { pagingLogger.Write(LogData); bytesSent += logDataSize; } pagingLogger.End(); //Assert _jobServerQueue.Verify(x => x.QueueFileUpload(timeLineId, timeLineRecordId, It.IsAny(), It.IsAny(), It.IsAny(), true), Times.AtLeast(PagesToWrite)); Assert.Equal(bytesSent, bytesWritten); } } finally { //cleanup CleanLogFolder(); } } //Try to ship empty log [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ShipEmptyLog() { CleanLogFolder(); try { //Arrange using (var hc = new TestHostContext(this)) using (var pagingLogger = new PagingLogger()) { hc.SetSingleton(_jobServerQueue.Object); pagingLogger.Initialize(hc); Guid timeLineId = Guid.NewGuid(); Guid timeLineRecordId = Guid.NewGuid(); _jobServerQueue.Setup(x => x.QueueFileUpload(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), true)); //Act pagingLogger.Setup(timeLineId, timeLineRecordId); pagingLogger.End(); //Assert _jobServerQueue.Verify(x => x.QueueFileUpload(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), true), Times.Exactly(0)); } } finally { //cleanup CleanLogFolder(); } } // [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CalculateLineNumbers() { CleanLogFolder(); try { //Arrange using (var hc = new TestHostContext(this)) using (var pagingLogger = new PagingLogger()) { hc.SetSingleton(_jobServerQueue.Object); pagingLogger.Initialize(hc); Guid timeLineId = Guid.NewGuid(); Guid timeLineRecordId = Guid.NewGuid(); int totalBytes = PagesToWrite * PagingLogger.PageSize; int logDataSize = System.Text.Encoding.UTF8.GetByteCount(LogData); //Act int bytesSent = 0; int expectedLines = 0; pagingLogger.Setup(timeLineId, timeLineRecordId); while (bytesSent < totalBytes) { pagingLogger.Write(LogData); bytesSent += logDataSize; expectedLines++; } pagingLogger.End(); //Assert _jobServerQueue.Verify(x => x.QueueFileUpload(timeLineId, timeLineRecordId, It.IsAny(), It.IsAny(), It.IsAny(), true), Times.AtLeast(PagesToWrite)); Assert.Equal(pagingLogger.TotalLines, expectedLines); } } finally { //cleanup CleanLogFolder(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CalculateLineNumbersWithGroupTag() { CleanLogFolder(); try { //Arrange using (var hc = new TestHostContext(this)) using (var pagingLogger = new PagingLogger()) { hc.SetSingleton(_jobServerQueue.Object); pagingLogger.Initialize(hc); Guid timeLineId = Guid.NewGuid(); Guid timeLineRecordId = Guid.NewGuid(); int totalBytes = PagesToWrite * PagingLogger.PageSize; int logDataSize = System.Text.Encoding.UTF8.GetByteCount(LogDataWithGroup); //Act int bytesSent = 0; int expectedLines = 0; // -1 because ##[endgroup] should be ignored since it's not shown in UI and not counted in line numbers int lineCnt = LogDataWithGroup.Split('\n').Length - 1; pagingLogger.Setup(timeLineId, timeLineRecordId); while (bytesSent < totalBytes) { pagingLogger.Write(LogDataWithGroup); bytesSent += logDataSize; expectedLines += lineCnt; } pagingLogger.End(); //Assert _jobServerQueue.Verify(x => x.QueueFileUpload(timeLineId, timeLineRecordId, It.IsAny(), It.IsAny(), It.IsAny(), true), Times.AtLeast(PagesToWrite)); Assert.Equal(pagingLogger.TotalLines, expectedLines); } } finally { //cleanup CleanLogFolder(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CalculateLineNumbersWithoutOpenGroupTag() { CleanLogFolder(); try { //Arrange using (var hc = new TestHostContext(this)) using (var pagingLogger = new PagingLogger()) { hc.SetSingleton(_jobServerQueue.Object); pagingLogger.Initialize(hc); Guid timeLineId = Guid.NewGuid(); Guid timeLineRecordId = Guid.NewGuid(); int totalBytes = PagesToWrite * PagingLogger.PageSize; int logDataSize = System.Text.Encoding.UTF8.GetByteCount(LogDataWithoutOpenGroup); //Act int bytesSent = 0; int expectedLines = 0; // ##[endgroup] should be transform as empty space line, so all lines should count int lineCnt = LogDataWithoutOpenGroup.Split('\n').Length; pagingLogger.Setup(timeLineId, timeLineRecordId); while (bytesSent < totalBytes) { pagingLogger.Write(LogDataWithoutOpenGroup); bytesSent += logDataSize; expectedLines += lineCnt; } pagingLogger.End(); //Assert _jobServerQueue.Verify(x => x.QueueFileUpload(timeLineId, timeLineRecordId, It.IsAny(), It.IsAny(), It.IsAny(), true), Times.AtLeast(PagesToWrite)); Assert.Equal(pagingLogger.TotalLines, expectedLines); } } finally { //cleanup CleanLogFolder(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CalculateLineNumbersWithoutCloseGroupTag() { CleanLogFolder(); try { //Arrange using (var hc = new TestHostContext(this)) using (var pagingLogger = new PagingLogger()) { hc.SetSingleton(_jobServerQueue.Object); pagingLogger.Initialize(hc); Guid timeLineId = Guid.NewGuid(); Guid timeLineRecordId = Guid.NewGuid(); int totalBytes = PagesToWrite * PagingLogger.PageSize; int logDataSize = System.Text.Encoding.UTF8.GetByteCount(LogDataWithoutCloseGroup); //Act int bytesSent = 0; int expectedLines = 0; // ##[group] should be show as grope name and the rest will be the same, so all lines should count int lineCnt = LogDataWithoutCloseGroup.Split('\n').Length; pagingLogger.Setup(timeLineId, timeLineRecordId); while (bytesSent < totalBytes) { pagingLogger.Write(LogDataWithoutCloseGroup); bytesSent += logDataSize; expectedLines += lineCnt; } pagingLogger.End(); //Assert _jobServerQueue.Verify(x => x.QueueFileUpload(timeLineId, timeLineRecordId, It.IsAny(), It.IsAny(), It.IsAny(), true), Times.AtLeast(PagesToWrite)); Assert.Equal(pagingLogger.TotalLines, expectedLines); } } finally { //cleanup CleanLogFolder(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CalculateLineNumbersWithUpperCaseGroupTag() { CleanLogFolder(); try { //Arrange using (var hc = new TestHostContext(this)) using (var pagingLogger = new PagingLogger()) { hc.SetSingleton(_jobServerQueue.Object); pagingLogger.Initialize(hc); Guid timeLineId = Guid.NewGuid(); Guid timeLineRecordId = Guid.NewGuid(); int totalBytes = PagesToWrite * PagingLogger.PageSize; int logDataSize = System.Text.Encoding.UTF8.GetByteCount(LogDataUpperCaseGroup); //Act int bytesSent = 0; int expectedLines = 0; // -1 because ##[endgroup] should be ignored since it's not shown in UI and not counted in line numbers int lineCnt = LogDataUpperCaseGroup.Split('\n').Length - 1; pagingLogger.Setup(timeLineId, timeLineRecordId); while (bytesSent < totalBytes) { pagingLogger.Write(LogDataUpperCaseGroup); bytesSent += logDataSize; expectedLines += lineCnt; } pagingLogger.End(); //Assert _jobServerQueue.Verify(x => x.QueueFileUpload(timeLineId, timeLineRecordId, It.IsAny(), It.IsAny(), It.IsAny(), true), Times.AtLeast(PagesToWrite)); Assert.Equal(pagingLogger.TotalLines, expectedLines); } } finally { //cleanup CleanLogFolder(); } } } } ================================================ FILE: src/Test/L0/Plugin/BlobstoreClientSettingsL0.cs ================================================ using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Agent.Sdk.Knob; using BuildXL.Cache.ContentStore.Hashing; using Microsoft.VisualStudio.Services.Agent.Blob; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.BlobStore.Common; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.BlobStore.WebApi.Contracts; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.Content.Common; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.WebApi; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { public class BlobstoreClientSettingsL0 { private const string OverrideChunkSize = "OVERRIDE_PIPELINE_ARTIFACT_CHUNKSIZE"; private const string EnablePipelineArtifactLargeChunkSize = "AGENT_ENABLE_PIPELINEARTIFACT_LARGE_CHUNK_SIZE"; [Fact] public void GetDefaultDomainId_ReturnsDefault_WhenNoSettings() { // Arrange var tracer = new Mock(); var settings = new BlobstoreClientSettings(null, tracer.Object); // Act var result = settings.GetDefaultDomainId(); // Assert Assert.Equal(WellKnownDomainIds.DefaultDomainId, result); } [Fact] public void GetDefaultDomainId_ReturnsDomainId_WhenSettingsPresent() { // Arrange var tracer = new Mock(); var domainId = Guid.NewGuid().ToString(); var clientSettings = new ClientSettingsInfo { Properties = new Dictionary { { ClientSettingsConstants.DefaultDomainId, domainId } } }; var settings = new BlobstoreClientSettings(clientSettings, tracer.Object); // Act var result = settings.GetDefaultDomainId(); // Assert Assert.NotNull(result); } [Fact] public void GetClientHashType_EnablePipelineArtifactLargeChunkSize_EnablesOrDisablesChunkSizing() { // Arrange var tracer = new Mock(); var clientSettings = new ClientSettingsInfo { Properties = new Dictionary() { { ClientSettingsConstants.ChunkSize, HashType.Dedup1024K.ToString() } } }; var settings = new BlobstoreClientSettings(clientSettings, tracer.Object); var environment = new LocalEnvironment(); var context = new Mock(); context.As() .Setup(x => x.GetScopedEnvironment()) .Returns(environment); context.As() .Setup(x => x.GetVariableValueOrDefault(EnablePipelineArtifactLargeChunkSize )) .Returns("false"); environment.SetEnvironmentVariable(EnablePipelineArtifactLargeChunkSize, "false"); // Act var result = settings.GetClientHashType(context.Object); // make sure if we enable it, it uses the client settings Assert.Equal(ChunkerHelper.DefaultChunkHashType, result); context.As() .Setup(x => x.GetVariableValueOrDefault(EnablePipelineArtifactLargeChunkSize)) .Returns("true"); environment.SetEnvironmentVariable(EnablePipelineArtifactLargeChunkSize, "true"); // Act result = settings.GetClientHashType(context.Object); // Assert Assert.Equal(HashType.Dedup1024K, result); } [Fact] public void GetClientHashType_PipelineOverride() { // Arrange var tracer = new Mock(); var clientSettings = new ClientSettingsInfo { Properties = new Dictionary() { { ClientSettingsConstants.ChunkSize, HashType.Dedup64K.ToString() } } }; var settings = new BlobstoreClientSettings(clientSettings, tracer.Object); var environment = new LocalEnvironment(); var context = new Mock(); context.As() .Setup(x => x.GetScopedEnvironment()) .Returns(environment); context.As() .Setup(x => x.GetVariableValueOrDefault(EnablePipelineArtifactLargeChunkSize)) .Returns("true"); environment.SetEnvironmentVariable(EnablePipelineArtifactLargeChunkSize, "true"); context.As() .Setup(x => x.GetVariableValueOrDefault(OverrideChunkSize)) .Returns(HashType.Dedup1024K.ToString()); environment.SetEnvironmentVariable(OverrideChunkSize, HashType.Dedup1024K.ToString()); // Act var result = settings.GetClientHashType(context.Object); // we should successfully override the chunk size in the client settings: Assert.Equal(HashType.Dedup1024K, result); // now let's setup a bad override and make sure it falls back to the client settings: clientSettings.Properties[ClientSettingsConstants.ChunkSize] = HashType.Dedup1024K.ToString(); context.As() .Setup(x => x.GetVariableValueOrDefault(OverrideChunkSize)) .Returns("nonsense"); environment.SetEnvironmentVariable(OverrideChunkSize, "nonsense"); // Act result = settings.GetClientHashType(context.Object); // Assert Assert.Equal(HashType.Dedup1024K, result); } [Fact] public void GetRedirectTimeout_ReturnsNull_WhenNotPresent() { // Arrange var tracer = new Mock(); var clientSettings = new ClientSettingsInfo { Properties = new Dictionary() }; var settings = new BlobstoreClientSettings(clientSettings, tracer.Object); // Act var result = settings.GetRedirectTimeout(); // Assert Assert.Null(result); } [Fact] public void GetRedirectTimeout_ReturnsValue_WhenPresent() { // Arrange var tracer = new Mock(); var clientSettings = new ClientSettingsInfo { Properties = new Dictionary { { ClientSettingsConstants.RedirectTimeout, "42" } } }; var settings = new BlobstoreClientSettings(clientSettings, tracer.Object); // Act var result = settings.GetRedirectTimeout(); // Assert Assert.Equal(42, result); } [Fact] public void GetMaxParallelism_ReturnsNull_WhenNotPresent() { // Arrange var tracer = new Mock(); var clientSettings = new ClientSettingsInfo { Properties = new Dictionary() }; var settings = new BlobstoreClientSettings(clientSettings, tracer.Object); // Act var result = settings.GetMaxParallelism(); // Assert Assert.Null(result); } [Fact] public void GetMaxParallelism_ReturnsValue_WhenPresent() { // Arrange var tracer = new Mock(); var clientSettings = new ClientSettingsInfo { Properties = new Dictionary { { "MaxParallelism", "8" } } }; var settings = new BlobstoreClientSettings(clientSettings, tracer.Object); // Act var result = settings.GetMaxParallelism(); // Assert Assert.Equal(8, result); } } } ================================================ FILE: src/Test/L0/Plugin/ChunkerTests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using BuildXL.Cache.ContentStore.Hashing; using BuildXL.Cache.ContentStore.Interfaces.Utils; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { public class ChunkerTests { // This test relies on the DedupNodeHashAlgorithm which is from aspnetcidev. This package is apparently not being published anymore. // We should either fix this test or remove it soon. // [Theory] // [InlineData(0, "A7B5F4F67CDA9A678DE6DCBFDE1BE2902407CA2E6E899F843D4EFD1E62778D63")] // [InlineData(1, "266CCDBB8509CCADDDD739F1F0751141D154667E9C4754604EB66B1DEE133961")] // [InlineData(32 * 1024 - 1, "E697ED9F1250A079DC60AF3FD53793064E020231E96D69554028DD7C2E69D476")] // [InlineData(32 * 1024 + 0, "02BB285FBEF36871C6B7694BD684822F5A36104801379B2D225B34A6739946A0")] // [InlineData(32 * 1024 + 1, "41D54465B526473D36808AA1B1884CE98278FF1EC4BD83A84CA99590F8809818")] // [InlineData(64 * 1024 + 0, "E347F2D06AFA55AE4F928EA70A8180B37447F55B87E784EE2B31FE90B97718B0")] // [InlineData(2 * 64 * 1024 - 1, "540770B3F5DF9DD459319164D2AFCAD1B942CB24B41985AA1E0F081D6AC16639")] // [InlineData(2 * 64 * 1024 + 0, "3175B5C2595B419DBE5BDA9554208A4E39EFDBCE1FC6F7C7CB959E5B39DF2DF0")] // [InlineData(2 * 64 * 1024 + 1, "B39D401B85748FDFC41980A0ABE838BA05805BFFAE16344CE74EA638EE42DEA5")] // [Trait("Level", "L0")] // [Trait("Category", "Plugin")] // public void ChunkerIsStable(int byteCount, string expectedHash) // { // var bytes = new byte[byteCount]; // FillBufferWithTestContent(seed: 0, bytes); // using (var hasher = new DedupNodeHashAlgorithm()) // { // hasher.ComputeHash(bytes, 0, bytes.Length); // var node = hasher.GetNode(); // Assert.Equal(expectedHash, node.Hash.ToHex()); // } // } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5394: Do not use insecure randomness")] private static void FillBufferWithTestContent(int seed, byte[] bytes) { var r = new Random(seed); r.NextBytes(bytes); int startZeroes = r.Next(bytes.Length); int endZeroes = r.Next(startZeroes, bytes.Length); for (int i = startZeroes; i < endZeroes; i++) { bytes[i] = 0; } } } } ================================================ FILE: src/Test/L0/Plugin/FingerprintCreatorTests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Security.Cryptography; using Agent.Plugins.PipelineCache; using Agent.Sdk; using BuildXL.Cache.ContentStore.Interfaces.Utils; using Microsoft.VisualStudio.Services.PipelineCache.WebApi; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.PipelineCache { public class FingerprintCreatorTests { private static readonly byte[] content1; private static readonly byte[] content2; private static readonly byte[] hash1; private static readonly byte[] hash2; private static readonly string directory; private static readonly string path1; private static readonly string path2; [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5394:Do not use insecure randomness")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1810:Initialize all static fields")] static FingerprintCreatorTests() { var r = new Random(0); content1 = new byte[100 + r.Next(100)]; r.NextBytes(content1); content2 = new byte[100 + r.Next(100)]; r.NextBytes(content2); path1 = Path.GetTempFileName(); path2 = Path.GetTempFileName(); directory = Path.GetDirectoryName(path1); Assert.Equal(directory, Path.GetDirectoryName(path2)); File.WriteAllBytes(path1, content1); File.WriteAllBytes(path2, content2); using (var hasher = SHA256.Create()) { hash1 = hasher.ComputeHash(content1); hash2 = hasher.ComputeHash(content2); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void Fingerprint_ReservedFails() { using (var hostContext = new TestHostContext(this)) { var context = new AgentTaskPluginExecutionContext(hostContext.GetTrace()); Assert.Throws( () => FingerprintCreator.EvaluateKeyToFingerprint(context, directory, new[] { "*" }) ); Assert.Throws( () => FingerprintCreator.EvaluateKeyToFingerprint(context, directory, new[] { "**" }) ); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void Fingerprint_ExcludeExactMatches() { using (var hostContext = new TestHostContext(this)) { var context = new AgentTaskPluginExecutionContext(hostContext.GetTrace()); var segments = new[] { $"{Path.GetDirectoryName(path1)},!{path1}", }; Assert.Throws( () => FingerprintCreator.EvaluateKeyToFingerprint(context, directory, segments) ); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void Fingerprint_ExcludeExactMisses() { using (var hostContext = new TestHostContext(this)) { var context = new AgentTaskPluginExecutionContext(hostContext.GetTrace()); var segments = new[] { $"{path1},!{path2}", }; Fingerprint f = FingerprintCreator.EvaluateKeyToFingerprint(context, directory, segments); Assert.Equal(1, f.Segments.Length); var matchedFile = new FingerprintCreator.MatchedFile(Path.GetFileName(path1), content1.Length, hash1.ToHex()); Assert.Equal(matchedFile.GetHash(), f.Segments[0]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void Fingerprint_FileAbsolute() { using (var hostContext = new TestHostContext(this)) { var context = new AgentTaskPluginExecutionContext(hostContext.GetTrace()); var segments = new[] { $"{path1}", $"{path2}", }; Fingerprint f = FingerprintCreator.EvaluateKeyToFingerprint(context, directory, segments); var file1 = new FingerprintCreator.MatchedFile(Path.GetFileName(path1), content1.Length, hash1.ToHex()); var file2 = new FingerprintCreator.MatchedFile(Path.GetFileName(path2), content2.Length, hash2.ToHex()); Assert.Equal(2, f.Segments.Length); Assert.Equal(file1.GetHash(), f.Segments[0]); Assert.Equal(file2.GetHash(), f.Segments[1]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void Fingerprint_FileRelative() { string workingDir = Path.GetDirectoryName(path1); string relPath1 = Path.GetFileName(path1); string relPath2 = Path.GetFileName(path2); using (var hostContext = new TestHostContext(this)) { var context = new AgentTaskPluginExecutionContext(hostContext.GetTrace()); context.SetVariable( "system.defaultworkingdirectory", // Constants.Variables.System.DefaultWorkingDirectory workingDir, isSecret: false); var segments = new[] { $"{relPath1}", $"{relPath2}", }; Fingerprint f = FingerprintCreator.EvaluateKeyToFingerprint(context, directory, segments); var file1 = new FingerprintCreator.MatchedFile(relPath1, content1.Length, hash1.ToHex()); var file2 = new FingerprintCreator.MatchedFile(relPath2, content2.Length, hash2.ToHex()); Assert.Equal(2, f.Segments.Length); Assert.Equal(file1.GetHash(), f.Segments[0]); Assert.Equal(file2.GetHash(), f.Segments[1]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void Fingerprint_Str() { using (var hostContext = new TestHostContext(this)) { var context = new AgentTaskPluginExecutionContext(hostContext.GetTrace()); var segments = new[] { $"hello", }; Fingerprint f = FingerprintCreator.EvaluateKeyToFingerprint(context, directory, segments); Assert.Equal(1, f.Segments.Length); Assert.Equal($"hello", f.Segments[0]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void ParseMultilineKeyAsOld() { (bool isOldFormat, string[] keySegments, IEnumerable restoreKeys) = PipelineCacheTaskPluginBase.ParseIntoSegments( string.Empty, "gems\n$(Agent.OS)\n$(Build.SourcesDirectory)/my.gemspec", string.Empty); Assert.True(isOldFormat); Assert.Equal(new[] { "gems", "$(Agent.OS)", "$(Build.SourcesDirectory)/my.gemspec" }, keySegments); Assert.Equal(0, restoreKeys.Count()); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void ParseSingleLineAsNew() { (bool isOldFormat, string[] keySegments, IEnumerable restoreKeys) = PipelineCacheTaskPluginBase.ParseIntoSegments( string.Empty, "$(Agent.OS)", string.Empty); Assert.False(isOldFormat); Assert.Equal(new[] { "$(Agent.OS)" }, keySegments); Assert.Equal(0, restoreKeys.Count()); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void ParseMultilineWithRestoreKeys() { (bool isOldFormat, string[] keySegments, IEnumerable restoreKeys) = PipelineCacheTaskPluginBase.ParseIntoSegments( string.Empty, "$(Agent.OS) | Gemfile.lock | **/*.gemspec,!./junk/**", "$(Agent.OS) | Gemfile.lock\n$(Agent.OS)"); Assert.False(isOldFormat); Assert.Equal(new[] { "$(Agent.OS)", "Gemfile.lock", "**/*.gemspec,!./junk/**" }, keySegments); Assert.Equal(new[] { new[] { "$(Agent.OS)", "Gemfile.lock" }, new[] { "$(Agent.OS)" } }, restoreKeys); } } } ================================================ FILE: src/Test/L0/Plugin/FingerprintTests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.VisualStudio.Services.PipelineCache.WebApi; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.PipelineCache { public class FingerprintTests { private static void AssertBothOrders(Action assert, T t1, T t2) { assert(t1, t2); assert(t2, t1); } private void FingerprintEqualityWorksHelper(Fingerprint same1, Fingerprint same2, Fingerprint different) { AssertBothOrders((a, b) => Assert.False(a != null && b != null && object.ReferenceEquals(a, b)), same1, same2); AssertBothOrders((a, b) => Assert.False(a != null && b != null && object.ReferenceEquals(a, b)), same1, different); AssertBothOrders((a, b) => Assert.False(a != null && b != null && object.ReferenceEquals(a, b)), same2, different); AssertBothOrders(Assert.Equal, same1, same2); AssertBothOrders(Assert.NotEqual, same1, different); AssertBothOrders(Assert.NotEqual, same2, different); AssertBothOrders((a, b) => Assert.True(a == b), same1, same2); AssertBothOrders((a, b) => Assert.False(a == b), same1, different); AssertBothOrders((a, b) => Assert.False(a == b), same2, different); AssertBothOrders((a, b) => Assert.False(a != b), same1, same2); AssertBothOrders((a, b) => Assert.True(a != b), same1, different); AssertBothOrders((a, b) => Assert.True(a != b), same2, different); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void FingerprintEqualityWorks() { FingerprintEqualityWorksHelper( same1: new Fingerprint("same"), same2: new Fingerprint("same"), different: new Fingerprint("different")); FingerprintEqualityWorksHelper( same1: new Fingerprint("same"), same2: new Fingerprint("same"), different: null); FingerprintEqualityWorksHelper( same1: null, same2: null, different: new Fingerprint("different")); FingerprintEqualityWorksHelper( same1: new Fingerprint("a", "b"), same2: new Fingerprint("a", "b"), different: new Fingerprint("a")); } } } ================================================ FILE: src/Test/L0/Plugin/IsPathyTests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Plugins.PipelineCache; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.PipelineCache { public class IsPathyTests { [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void Fingerprint_IsPath() { Action assertPath = (path, isPath) => Assert.True(isPath == FingerprintCreator.IsPathyKeySegment(path), $"IsPathy({path}) should have returned {isPath}."); assertPath(@"''", false); assertPath(@"Windows_NT", false); assertPath(@"README.md", true); assertPath(@"This is a sentence.", false); assertPath(@"http://xkcd.com.", false); assertPath(@"""D:\README.md""", false); assertPath(@"D:\README.md", true); assertPath(@"D:\src\vsts-agent\_layout\_work\2\s/README.md", true); assertPath(@"D:\src\vsts-agent\_layout\_work\2\s/**/README.md", true); assertPath(@"/**/README.md,!./junk/**;./azure-pipelines.yml", true); assertPath(@"./**,!./.git/**", true); assertPath(@"/src/foo", true); assertPath(@"src/foo", true); // ones we don't feel great about assertPath(@"We should go to the store/mall", true); assertPath(@"KEY_SALT=5-macos-10.13-stable-x86_64-apple-darwin", true); assertPath(@"ruby:2.6.2", true); } } } ================================================ FILE: src/Test/L0/Plugin/LogPluginHostL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Moq; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.CompilerServices; using System.Threading.Tasks; using Xunit; using System.Threading; using System.Collections.ObjectModel; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Agent.Sdk; using Microsoft.TeamFoundation.TestManagement.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Tests.LogPluginHost { public sealed class LogPluginHostL0 { public class TestTrace : IAgentLogPluginTrace { private Tracing _trace; public TestTrace(TestHostContext testHostContext) { _trace = testHostContext.GetTrace(); } public List Outputs = new List(); public void Output(string message) { Outputs.Add(message); _trace.Info(message); } public void Trace(string message) { Outputs.Add(message); _trace.Info(message); } } public class TestPlugin1 : IAgentLogPlugin { public string FriendlyName => "Test1"; public Task FinalizeAsync(IAgentLogPluginContext context) { context.Output("Done"); return Task.CompletedTask; } public Task InitializeAsync(IAgentLogPluginContext context) { return Task.FromResult(true); } public Task ProcessLineAsync(IAgentLogPluginContext context, Pipelines.TaskStepDefinitionReference step, string line) { context.Output(line); return Task.CompletedTask; } } public class TestPlugin2 : IAgentLogPlugin { public string FriendlyName => "Test2"; public Task FinalizeAsync(IAgentLogPluginContext context) { context.Output("Done"); return Task.CompletedTask; } public Task InitializeAsync(IAgentLogPluginContext context) { return Task.FromResult(true); } public Task ProcessLineAsync(IAgentLogPluginContext context, Pipelines.TaskStepDefinitionReference step, string line) { context.Output(line); return Task.CompletedTask; } } public class TestPluginSlow : IAgentLogPlugin { public string FriendlyName => "TestSlow"; public Task FinalizeAsync(IAgentLogPluginContext context) { context.Output("Done"); return Task.CompletedTask; } public Task InitializeAsync(IAgentLogPluginContext context) { return Task.FromResult(true); } public async Task ProcessLineAsync(IAgentLogPluginContext context, Pipelines.TaskStepDefinitionReference step, string line) { context.Output("BLOCK"); await Task.Delay(TimeSpan.FromMilliseconds(-1)); } } public class TestPluginSlowRecover : IAgentLogPlugin { private int _counter = 0; public string FriendlyName => "TestSlowRecover"; public Task FinalizeAsync(IAgentLogPluginContext context) { context.Output("Done"); return Task.CompletedTask; } public Task InitializeAsync(IAgentLogPluginContext context) { return Task.FromResult(true); } public async Task ProcessLineAsync(IAgentLogPluginContext context, Pipelines.TaskStepDefinitionReference step, string line) { if (_counter++ < 1) { context.Output("SLOW"); await Task.Delay(400); } else { context.Output(line); } } } public class TestPluginNotInitialized : IAgentLogPlugin { public string FriendlyName => "TestNotInitialized"; public Task FinalizeAsync(IAgentLogPluginContext context) { context.Output("Done"); return Task.CompletedTask; } public Task InitializeAsync(IAgentLogPluginContext context) { return Task.FromResult(false); } public Task ProcessLineAsync(IAgentLogPluginContext context, Pipelines.TaskStepDefinitionReference step, string line) { context.Output(line); return Task.CompletedTask; } } public class PluginExceptionTest : IAgentLogPlugin { public string FriendlyName => "TestException"; public Task FinalizeAsync(IAgentLogPluginContext context) { if (context.Variables.ContainsKey("throw_finalize")) { throw new NotSupportedException(); } else { context.Output("Done"); return Task.CompletedTask; } } public Task InitializeAsync(IAgentLogPluginContext context) { if (context.Variables.ContainsKey("throw_initialize")) { throw new NotSupportedException(); } else { return Task.FromResult(true); } } public Task ProcessLineAsync(IAgentLogPluginContext context, Pipelines.TaskStepDefinitionReference step, string line) { if (context.Variables.ContainsKey("throw_process")) { throw new NotSupportedException(); } else { context.Output(line); return Task.CompletedTask; } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task LogPluginHost_RunSinglePlugin() { using (TestHostContext tc = new TestHostContext(this)) { AgentLogPluginHostContext hostContext = CreateTestLogPluginHostContext(); List plugins = new List() { new TestPlugin1() }; TestTrace trace = new TestTrace(tc); AgentLogPluginHost logPluginHost = new AgentLogPluginHost(hostContext, plugins, trace); var task = logPluginHost.Run(); for (int i = 0; i < 1000; i++) { logPluginHost.EnqueueOutput($"{Guid.Empty.ToString("D")}:{i}"); } await Task.Delay(1000); logPluginHost.Finish(); await task; Assert.True(trace.Outputs.Contains("Test1: 0")); Assert.True(trace.Outputs.Contains("Test1: 999")); Assert.True(trace.Outputs.Contains("Test1: Done")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task LogPluginHost_RunSinglePluginWithEmptyLinesInput() { using (TestHostContext tc = new TestHostContext(this)) { AgentLogPluginHostContext hostContext = CreateTestLogPluginHostContext(); List plugins = new List() { new TestPlugin1() }; TestTrace trace = new TestTrace(tc); AgentLogPluginHost logPluginHost = new AgentLogPluginHost(hostContext, plugins, trace); var task = logPluginHost.Run(); for (int i = 0; i < 100; i++) { logPluginHost.EnqueueOutput($"{Guid.Empty.ToString("D")}:{i}"); } for (int i = 0; i < 100; i++) { logPluginHost.EnqueueOutput($"{Guid.Empty.ToString("D")}:{i}"); } for (int i = 0; i < 10; i++) { logPluginHost.EnqueueOutput($"{Guid.Empty.ToString("D")}:"); } for (int i = 100; i < 200; i++) { logPluginHost.EnqueueOutput($"{Guid.Empty.ToString("D")}:{i}"); } await Task.Delay(1000); logPluginHost.Finish(); await task; Assert.True(trace.Outputs.Contains("Test1: 0")); Assert.True(trace.Outputs.Contains("Test1: 99")); Assert.True(trace.Outputs.Contains("Test1: ")); Assert.True(trace.Outputs.Contains("Test1: 100")); Assert.True(trace.Outputs.Contains("Test1: 199")); Assert.Equal(10, trace.Outputs.FindAll(x => x == "Test1: ").Count); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task LogPluginHost_RunMultiplePlugins() { using (TestHostContext tc = new TestHostContext(this)) { AgentLogPluginHostContext hostContext = CreateTestLogPluginHostContext(); List plugins = new List() { new TestPlugin1(), new TestPlugin2() }; TestTrace trace = new TestTrace(tc); AgentLogPluginHost logPluginHost = new AgentLogPluginHost(hostContext, plugins, trace); var task = logPluginHost.Run(); for (int i = 0; i < 1000; i++) { logPluginHost.EnqueueOutput($"{Guid.Empty.ToString("D")}:{i}"); } await Task.Delay(1000); logPluginHost.Finish(); await task; foreach (var fragment in new string[] { "Test1: 0", "Test1: 999", "Test1: Done", "Test2: 0", "Test2: 999", "Test2: Done" }) { Assert.True(trace.Outputs.Contains(fragment), $"Found '{fragment}' in: {trace.Outputs}"); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task LogPluginHost_ShortCircuitSlowPlugin() { using (TestHostContext tc = new TestHostContext(this)) { AgentLogPluginHostContext hostContext = CreateTestLogPluginHostContext(); List plugins = new List() { new TestPlugin1(), new TestPluginSlow() }; TestTrace trace = new TestTrace(tc); AgentLogPluginHost logPluginHost = new AgentLogPluginHost(hostContext, plugins, trace, 100, 100); var task = logPluginHost.Run(); for (int i = 0; i < 1000; i++) { logPluginHost.EnqueueOutput($"{Guid.Empty.ToString("D")}:{i}"); } await Task.Delay(1000); logPluginHost.Finish(); await task; // regular one still running Assert.True(trace.Outputs.Contains("Test1: 0")); Assert.True(trace.Outputs.Contains("Test1: 999")); Assert.True(trace.Outputs.Contains("Test1: Done")); // slow one got killed Assert.False(trace.Outputs.Contains("TestSlow: Done")); Assert.True(trace.Outputs.Exists(x => x.Contains("Plugin has been short circuited"))); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task LogPluginHost_SlowPluginRecover() { using (TestHostContext tc = new TestHostContext(this)) { AgentLogPluginHostContext hostContext = CreateTestLogPluginHostContext(); List plugins = new List() { new TestPlugin1(), new TestPluginSlowRecover() }; TestTrace trace = new TestTrace(tc); AgentLogPluginHost logPluginHost = new AgentLogPluginHost(hostContext, plugins, trace, 950, 100); var task = logPluginHost.Run(); for (int i = 0; i < 1000; i++) { logPluginHost.EnqueueOutput($"{Guid.Empty.ToString("D")}:{i}"); } await Task.Delay(2000); logPluginHost.Finish(); await task; // regular one still running Assert.True(trace.Outputs.Contains("Test1: 0")); Assert.True(trace.Outputs.Contains("Test1: 999")); Assert.True(trace.Outputs.Contains("Test1: Done")); Assert.True(trace.Outputs.Contains("TestSlowRecover: Done")); Assert.True(trace.Outputs.Exists(x => x.Contains("TestPluginSlowRecover' has too many buffered outputs."))); Assert.True(trace.Outputs.Exists(x => x.Contains("TestPluginSlowRecover' has cleared out buffered outputs."))); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task LogPluginHost_NotInitialized() { using (TestHostContext tc = new TestHostContext(this)) { AgentLogPluginHostContext hostContext = CreateTestLogPluginHostContext(); List plugins = new List() { new TestPlugin1(), new TestPluginNotInitialized() }; TestTrace trace = new TestTrace(tc); AgentLogPluginHost logPluginHost = new AgentLogPluginHost(hostContext, plugins, trace); var task = logPluginHost.Run(); for (int i = 0; i < 1000; i++) { logPluginHost.EnqueueOutput($"{Guid.Empty.ToString("D")}:{i}"); } await Task.Delay(1000); logPluginHost.Finish(); await task; // regular one still running Assert.True(trace.Outputs.Contains("Test1: 0")); Assert.True(trace.Outputs.Contains("Test1: 999")); Assert.True(trace.Outputs.Contains("Test1: Done")); Assert.True(!trace.Outputs.Contains("TestNotInitialized: 0")); Assert.True(!trace.Outputs.Contains("TestNotInitialized: Done")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void LogPluginHost_HandleProxyConfig() { using TestHostContext tc = new TestHostContext(this); TestTrace trace = new TestTrace(tc); var proxyUrl = "http://example.com:80"; var proxyUser = "proxy_user"; var proxyPassword = "proxy_password"; AgentLogPluginHostContext hostContext = new AgentLogPluginHostContext() { Endpoints = new List(), PluginAssemblies = new List(), Repositories = new List(), Variables = new Dictionary() { { AgentWebProxySettings.AgentProxyUrlKey, proxyUrl }, { AgentWebProxySettings.AgentProxyUsernameKey, proxyUser }, { AgentWebProxySettings.AgentProxyPasswordKey, proxyPassword }, }, Steps = new Dictionary() }; var systemConnection = new ServiceEndpoint() { Name = WellKnownServiceEndpointNames.SystemVssConnection, Id = Guid.NewGuid(), Url = new Uri("https://dev.azure.com/test"), Authorization = new EndpointAuthorization() { Scheme = EndpointAuthorizationSchemes.OAuth, Parameters = { { EndpointAuthorizationParameters.AccessToken, "Test" } } } }; hostContext.Endpoints.Add(systemConnection); Assert.NotNull(hostContext.VssConnection); Assert.Equal(hostContext.WebProxySettings.ProxyAddress, proxyUrl); Assert.Equal(hostContext.WebProxySettings.ProxyUsername, proxyUser); Assert.Equal(hostContext.WebProxySettings.ProxyPassword, proxyPassword); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task LogPluginHost_HandleInitialExceptions() { using (TestHostContext tc = new TestHostContext(this)) { AgentLogPluginHostContext hostContext = CreateTestLogPluginHostContext(); hostContext.Variables["throw_initialize"] = "1"; List plugins = new List() { new TestPlugin1(), new PluginExceptionTest() }; TestTrace trace = new TestTrace(tc); AgentLogPluginHost logPluginHost = new AgentLogPluginHost(hostContext, plugins, trace); var task = logPluginHost.Run(); for (int i = 0; i < 1000; i++) { logPluginHost.EnqueueOutput($"{Guid.Empty.ToString("D")}:{i}"); } await Task.Delay(1000); logPluginHost.Finish(); await task; // regular one still running Assert.True(trace.Outputs.Contains("Test1: 0")); Assert.True(trace.Outputs.Contains("Test1: 999")); Assert.True(trace.Outputs.Contains("Test1: Done")); Assert.True(!trace.Outputs.Contains("TestException: 0")); Assert.True(!trace.Outputs.Contains("TestException: Done")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task LogPluginHost_HandleProcessExceptions() { using (TestHostContext tc = new TestHostContext(this)) { AgentLogPluginHostContext hostContext = CreateTestLogPluginHostContext(); hostContext.Variables["throw_process"] = "1"; List plugins = new List() { new TestPlugin1(), new PluginExceptionTest() }; TestTrace trace = new TestTrace(tc); AgentLogPluginHost logPluginHost = new AgentLogPluginHost(hostContext, plugins, trace); var task = logPluginHost.Run(); for (int i = 0; i < 1000; i++) { logPluginHost.EnqueueOutput($"{Guid.Empty.ToString("D")}:{i}"); } await Task.Delay(1000); logPluginHost.Finish(); await task; // regular one still running Assert.True(trace.Outputs.Contains("Test1: 0")); Assert.True(trace.Outputs.Contains("Test1: 999")); Assert.True(trace.Outputs.Contains("Test1: Done")); Assert.True(!trace.Outputs.Contains("TestException: 0")); Assert.True(!trace.Outputs.Contains("TestException: 999")); Assert.True(trace.Outputs.Contains("TestException: Done")); } } // potential bug in XUnit cause the test failure. // [Fact] // [Trait("Level", "L0")] // [Trait("Category", "Plugin")] // public async Task LogPluginHost_HandleFinalizeExceptions() // { // using (TestHostContext tc = new TestHostContext(this)) // { // AgentLogPluginHostContext hostContext = CreateTestLogPluginHostContext(); // hostContext.Variables["throw_finalize"] = "1"; // List plugins = new List() { new TestPlugin1(), new TestPluginException() }; // TestTrace trace = new TestTrace(tc); // AgentLogPluginHost logPluginHost = new AgentLogPluginHost(hostContext, plugins, trace); // var task = logPluginHost.Run(); // for (int i = 0; i < 1000; i++) // { // logPluginHost.EnqueueOutput($"{Guid.Empty.ToString("D")}:{i}"); // } // await Task.Delay(1000); // logPluginHost.Finish(); // await task; // // regular one still running // Assert.True(trace.Outputs.Contains("Test1: 0")); // Assert.True(trace.Outputs.Contains("Test1: 999")); // Assert.True(trace.Outputs.Contains("Test1: Done")); // Assert.True(trace.Outputs.Contains("TestException: 0")); // Assert.True(trace.Outputs.Contains("TestException: 999")); // Assert.True(!trace.Outputs.Contains("TestException: Done")); // } // } private AgentLogPluginHostContext CreateTestLogPluginHostContext() { AgentLogPluginHostContext hostContext = new AgentLogPluginHostContext() { Endpoints = new List(), PluginAssemblies = new List(), Repositories = new List(), Variables = new Dictionary(), Steps = new Dictionary() }; hostContext.Steps[Guid.Empty.ToString("D")] = new Pipelines.TaskStepDefinitionReference() { Id = Guid.NewGuid(), Name = "Test", Version = "1.0.0." }; var systemConnection = new ServiceEndpoint() { Name = WellKnownServiceEndpointNames.SystemVssConnection, Id = Guid.NewGuid(), Url = new Uri("https://dev.azure.com/test"), Authorization = new EndpointAuthorization() { Scheme = EndpointAuthorizationSchemes.OAuth, Parameters = { { EndpointAuthorizationParameters.AccessToken, "Test" } } } }; hostContext.Endpoints.Add(systemConnection); return hostContext; } } } ================================================ FILE: src/Test/L0/Plugin/MatchingTests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Linq; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using Agent.Plugins.PipelineCache; using Agent.Sdk; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.PipelineCache { public class MatchingTests { private static readonly bool IsWindows = RuntimeInformation.IsOSPlatform(OSPlatform.Windows); private static readonly string DefaultWorkingDirectory = IsWindows ? "C:\\working" : "/working"; private static string MakeOSPath(string path) { if (IsWindows) { return path; } path = path.Replace('\\', '/'); if (path.Length >= 2 && path[1] == ':') { return path.Substring(2); } return path; } private void RunTests( string[] includePatterns, string[] excludePatterns, (string path, bool match)[] testCases, [CallerMemberName] string testName = null) { using (var hostContext = new TestHostContext(this, testName)) { var context = new AgentTaskPluginExecutionContext(hostContext.GetTrace()); includePatterns = includePatterns .Select(p => MakeOSPath(p)) .Select(p => FingerprintCreator.MakePathCanonical( DefaultWorkingDirectory, p)) .ToArray(); excludePatterns = excludePatterns .Select(p => MakeOSPath(p)) .Select(p => FingerprintCreator.MakePathCanonical( DefaultWorkingDirectory, p)) .ToArray(); Func filter = FingerprintCreator.CreateFilter( context, includePatterns, excludePatterns ); Action assertPath = (path, isMatch) => Assert.True(isMatch == filter(path), $"filter({path}) should have returned {isMatch}."); foreach ((string path, bool match) in testCases) { assertPath(MakeOSPath(path), match); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void MultipleIncludes() { RunTests( includePatterns: new[] { "good1.tmp", "good2.tmp" }, excludePatterns: new string[] { }, testCases: new[]{ ("C:\\working\\good1.tmp",true), ("C:\\working\\good2.tmp",true), ("C:\\working\\something.else",false), } ); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void AbsoluteAndRelative() { RunTests( includePatterns: new[] { "C:\\working\\good1.tmp", "good2.tmp" }, excludePatterns: new string[] { }, testCases: new[]{ ("C:\\working\\good1.tmp",true), ("C:\\working\\good2.tmp",true), ("C:\\working\\something.else",false), ("D:\\junk",false), } ); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void ExcludeSingleFile() { RunTests( includePatterns: new[] { "*.tmp" }, excludePatterns: new[] { "bad.tmp" }, testCases: new[]{ ("C:\\working\\good.tmp",true), ("C:\\working\\bad.tmp",false), ("C:\\working\\something.else",false), } ); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void ExcludeSingleFileWithDot() { RunTests( includePatterns: new[] { "./*.tmp" }, excludePatterns: new[] { "./bad.tmp" }, testCases: new[]{ ("C:\\working\\good.tmp",true), ("C:\\working\\bad.tmp",false), ("C:\\working\\something.else",false), } ); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void DoubleAsteriskAsPartOfPathSegment() { RunTests( includePatterns: new[] { "./**blah/.tmp" }, excludePatterns: new[] { "./bad.tmp" }, testCases: new[]{ ("C:\\working\\good.tmp",false), ("C:\\working\\bad.tmp",false), ("C:\\working\\something.else",false), } ); } private void AssertFileEnumeration( string includeGlobPath, string expectedEnumerateRootPath, string expectedEnumeratePattern, SearchOption expectedEnumerateDepth) { FingerprintCreator.Enumeration e = FingerprintCreator.DetermineFileEnumerationFromGlob(MakeOSPath(includeGlobPath)); Assert.Equal(MakeOSPath(expectedEnumerateRootPath), e.RootPath); Assert.Equal(MakeOSPath(expectedEnumeratePattern), e.Pattern); Assert.Equal(expectedEnumerateDepth, e.Depth); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void DetermineFileEnumerationExact() { AssertFileEnumeration( includeGlobPath: @"C:\dir\file.txt", expectedEnumerateRootPath: @"C:\dir", expectedEnumeratePattern: @"file.txt", expectedEnumerateDepth: SearchOption.TopDirectoryOnly); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void DetermineFileEnumerationTopLevel() { AssertFileEnumeration( includeGlobPath: @"C:\dir\*.txt", expectedEnumerateRootPath: @"C:\dir", expectedEnumeratePattern: @"*", expectedEnumerateDepth: SearchOption.TopDirectoryOnly); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void DetermineFileEnumerationRecursive() { AssertFileEnumeration( includeGlobPath: @"C:\dir\**\*.txt", expectedEnumerateRootPath: @"C:\dir", expectedEnumeratePattern: @"*", expectedEnumerateDepth: SearchOption.AllDirectories); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void DetermineFileEnumerationExactFileNameRecursive() { AssertFileEnumeration( includeGlobPath: @"C:\dir\node_modules\**\package-lock.json", expectedEnumerateRootPath: @"C:\dir\node_modules", expectedEnumeratePattern: @"*", expectedEnumerateDepth: SearchOption.AllDirectories); } } } ================================================ FILE: src/Test/L0/Plugin/RepositoryPluginL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using Agent.Plugins.Repository; using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Moq; using Newtonsoft.Json.Linq; using Xunit; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Microsoft.VisualStudio.Services.Agent.Tests.Plugin { public sealed class RepositoryPluginL0 { private CheckoutTask _checkoutTask; private AgentTaskPluginExecutionContext _executionContext; private Mock _sourceProvider; private Mock _sourceProviderFactory; [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_CheckoutTask_MergesCheckoutOptions_Basic() { using (TestHostContext tc = new TestHostContext(this)) { Setup(tc); var repository = _executionContext.Repositories.Single(); repository.Properties.Set( Pipelines.RepositoryPropertyNames.CheckoutOptions, new JObject { { Pipelines.PipelineConstants.CheckoutTaskInputs.Clean, "clean value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth, "fetch depth value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs, "lfs value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials, "persist credentials value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules, "submodules value" }, }); _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchFilter] = "fetch filter value"; _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchTags] = "fetch tags value"; await _checkoutTask.RunAsync(_executionContext, CancellationToken.None); Assert.Equal("clean value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Clean]); Assert.Equal("fetch depth value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth]); Assert.Equal("fetch filter value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchFilter]); Assert.Equal("fetch tags value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchTags]); Assert.Equal("lfs value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs]); Assert.Equal("persist credentials value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials]); Assert.Equal("submodules value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_CheckoutTask_MergesCheckoutOptions_CaseInsensitive() { using (TestHostContext tc = new TestHostContext(this)) { Setup(tc); var repository = _executionContext.Repositories.Single(); repository.Properties.Set( Pipelines.RepositoryPropertyNames.CheckoutOptions, new JObject { { "CLean", "clean value" }, { "FETCHdepth", "fetch depth value" }, { "LFs", "lfs value" }, { "PERSISTcredentials", "persist credentials value" }, { "SUBmodules", "submodules value" }, }); _executionContext.Inputs["FETCHfilter"] = "fetch filter value"; _executionContext.Inputs["FETCHtags"] = "fetch tags value"; await _checkoutTask.RunAsync(_executionContext, CancellationToken.None); Assert.Equal("clean value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Clean]); Assert.Equal("fetch depth value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth]); Assert.Equal("fetch filter value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchFilter]); Assert.Equal("fetch tags value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchTags]); Assert.Equal("lfs value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs]); Assert.Equal("persist credentials value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials]); Assert.Equal("submodules value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_CheckoutTask_MergesCheckoutOptions_DoesNotClobberExistingValue() { using (TestHostContext tc = new TestHostContext(this)) { Setup(tc); var repository = _executionContext.Repositories.Single(); repository.Properties.Set( Pipelines.RepositoryPropertyNames.CheckoutOptions, new JObject { { Pipelines.PipelineConstants.CheckoutTaskInputs.Clean, "clean value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth, "fetch depth value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs, "lfs value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials, "persist credentials value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules, "submodules value" }, }); _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Clean] = "existing clean value"; _executionContext.Inputs["FETCHdepth"] = "existing fetch depth value"; _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs] = string.Empty; _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials] = null; await _checkoutTask.RunAsync(_executionContext, CancellationToken.None); Assert.Equal("existing clean value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Clean]); Assert.Equal("existing fetch depth value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth]); Assert.Equal("lfs value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs]); Assert.Equal("persist credentials value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials]); Assert.Equal("submodules value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_CheckoutTask_MergesCheckoutOptions_FeatureFlagOff() { using (TestHostContext tc = new TestHostContext(this)) { Setup(tc); var repository = _executionContext.Repositories.Single(); repository.Properties.Set( Pipelines.RepositoryPropertyNames.CheckoutOptions, new JObject { { Pipelines.PipelineConstants.CheckoutTaskInputs.Clean, "clean value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth, "fetch depth value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs, "lfs value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials, "persist credentials value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules, "submodules value" }, }); _executionContext.Variables["MERGE_CHECKOUT_OPTIONS"] = "FALse"; await _checkoutTask.RunAsync(_executionContext, CancellationToken.None); Assert.False(_executionContext.Inputs.ContainsKey(Pipelines.PipelineConstants.CheckoutTaskInputs.Clean)); Assert.False(_executionContext.Inputs.ContainsKey(Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth)); Assert.False(_executionContext.Inputs.ContainsKey(Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs)); Assert.False(_executionContext.Inputs.ContainsKey(Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials)); Assert.False(_executionContext.Inputs.ContainsKey(Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_CheckoutTask_MergesCheckoutOptions_UnexpectedCheckoutOption() { using (TestHostContext tc = new TestHostContext(this)) { Setup(tc); var repository = _executionContext.Repositories.Single(); repository.Properties.Set( Pipelines.RepositoryPropertyNames.CheckoutOptions, new JObject { { Pipelines.PipelineConstants.CheckoutTaskInputs.Clean, "clean value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth, "fetch depth value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs, "lfs value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials, "persist credentials value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules, "submodules value" }, { "unexpected", "unexpected value" }, }); _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchFilter] = "fetch filter value"; _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchTags] = "fetch tags value"; await _checkoutTask.RunAsync(_executionContext, CancellationToken.None); Assert.Equal("clean value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Clean]); Assert.Equal("fetch depth value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth]); Assert.Equal("fetch filter value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchFilter]); Assert.Equal("fetch tags value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchTags]); Assert.Equal("lfs value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs]); Assert.Equal("persist credentials value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials]); Assert.Equal("submodules value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules]); Assert.False(_executionContext.Inputs.ContainsKey("unexpected")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_CleanupTask_MergesCheckoutOptions() { using (TestHostContext tc = new TestHostContext(this)) { Setup(tc); var repository = _executionContext.Repositories.Single(); repository.Properties.Set( Pipelines.RepositoryPropertyNames.CheckoutOptions, new JObject { { Pipelines.PipelineConstants.CheckoutTaskInputs.Clean, "clean value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth, "fetch depth value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs, "lfs value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials, "persist credentials value" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules, "submodules value" }, }); _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchFilter] = "fetch filter value"; _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchTags] = "fetch tags value"; await _checkoutTask.RunAsync(_executionContext, CancellationToken.None); Assert.Equal("clean value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Clean]); Assert.Equal("fetch depth value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchDepth]); Assert.Equal("fetch filter value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchFilter]); Assert.Equal("fetch tags value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.FetchTags]); Assert.Equal("lfs value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Lfs]); Assert.Equal("persist credentials value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.PersistCredentials]); Assert.Equal("submodules value", _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Submodules]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_NoPathInput() { using (TestHostContext tc = new TestHostContext(this)) { Setup(tc); var repository = _executionContext.Repositories.Single(); var currentPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Directory.CreateDirectory(currentPath); await _checkoutTask.RunAsync(_executionContext, CancellationToken.None); var actualPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Assert.Equal(actualPath, currentPath); var traceContent = tc.GetTraceContent(); Assert.True(traceContent.Contains($"##vso[plugininternal.updaterepositorypath alias=myRepo;]{actualPath}")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_PathInputMoveFolder() { using (TestHostContext tc = new TestHostContext(this)) { Setup(tc); var repository = _executionContext.Repositories.Single(); var currentPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Directory.CreateDirectory(currentPath); _executionContext.Inputs["Path"] = "test"; await _checkoutTask.RunAsync(_executionContext, CancellationToken.None); var actualPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Assert.NotEqual(actualPath, currentPath); Assert.Equal(actualPath, Path.Combine(tc.GetDirectory(WellKnownDirectory.Work), "1", "test")); Assert.True(Directory.Exists(actualPath)); Assert.False(Directory.Exists(currentPath)); var traceContent = tc.GetTraceContent(); Assert.True(traceContent.Contains($"##vso[plugininternal.updaterepositorypath alias=myRepo;]{actualPath}")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void RepositoryPlugin_HandleProxyConfig() { using TestHostContext tc = new TestHostContext(this); var proxyUrl = "http://example.com:80"; var proxyUser = "proxy_user"; var proxyPassword = "proxy_password"; AgentTaskPluginExecutionContext hostContext = new AgentTaskPluginExecutionContext() { Endpoints = new List(), Inputs = new Dictionary(StringComparer.OrdinalIgnoreCase) { }, Repositories = new List(), Variables = new Dictionary(StringComparer.OrdinalIgnoreCase) { { AgentWebProxySettings.AgentProxyUrlKey, proxyUrl }, { AgentWebProxySettings.AgentProxyUsernameKey, proxyUser }, { AgentWebProxySettings.AgentProxyPasswordKey, proxyPassword }, } }; var systemConnection = new ServiceEndpoint() { Name = WellKnownServiceEndpointNames.SystemVssConnection, Id = Guid.NewGuid(), Url = new Uri("https://dev.azure.com/test"), Authorization = new EndpointAuthorization() { Scheme = EndpointAuthorizationSchemes.OAuth, Parameters = { { EndpointAuthorizationParameters.AccessToken, "Test" } } } }; hostContext.Endpoints.Add(systemConnection); Assert.NotNull(hostContext.VssConnection); Assert.Equal(hostContext.WebProxySettings.ProxyAddress, proxyUrl); Assert.Equal(hostContext.WebProxySettings.ProxyUsername, proxyUser); Assert.Equal(hostContext.WebProxySettings.ProxyPassword, proxyPassword); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_NoPathInputMoveBackToDefault() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); Setup(tc); var repository = _executionContext.Repositories.Single(); repository.Properties.Set(Pipelines.RepositoryPropertyNames.Path, Path.Combine(tc.GetDirectory(WellKnownDirectory.Work), "1", "test")); var currentPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Directory.CreateDirectory(currentPath); await _checkoutTask.RunAsync(_executionContext, CancellationToken.None); var actualPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Assert.Equal(actualPath, Path.Combine(tc.GetDirectory(WellKnownDirectory.Work), "1", "s")); Assert.True(Directory.Exists(actualPath)); Assert.False(Directory.Exists(currentPath)); var traceContent = tc.GetTraceContent(); Assert.True(traceContent.Contains($"##vso[plugininternal.updaterepositorypath alias=myRepo;]{actualPath}")); } } public async Task RepositoryPlugin_InvalidPathInputDirectlyToBuildDirectory_DontAllowWorkingDirectoryRepository() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); Setup(tc); var repository = _executionContext.Repositories.Single(); var currentPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Directory.CreateDirectory(currentPath); _executionContext.Inputs["Path"] = $"..{Path.DirectorySeparatorChar}1"; var ex = await Assert.ThrowsAsync(async () => await _checkoutTask.RunAsync(_executionContext, CancellationToken.None)); Assert.True(ex.Message.Contains("should resolve to a directory under")); var traceContent = tc.GetTraceContent(); Assert.False(traceContent.Contains($"##vso[plugininternal.updaterepositorypath alias=myRepo;]")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_InvalidPathInputDirectlyToWorkingDirectory_AllowWorkingDirectoryRepositorie() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); Setup(tc, allowWorkDirectory: "true"); var repository = _executionContext.Repositories.Single(); var currentPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Directory.CreateDirectory(currentPath); _executionContext.Inputs["Path"] = $".."; var ex = await Assert.ThrowsAsync(async () => await _checkoutTask.RunAsync(_executionContext, CancellationToken.None)); Assert.True(ex.Message.Contains("should resolve to a directory under")); var traceContent = tc.GetTraceContent(); Assert.False(traceContent.Contains($"##vso[plugininternal.updaterepositorypath alias=myRepo;]")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_InvalidPathInput_DontAllowWorkingDirectoryRepositorie() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); Setup(tc); var repository = _executionContext.Repositories.Single(); var currentPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Directory.CreateDirectory(currentPath); _executionContext.Inputs["Path"] = $"..{Path.DirectorySeparatorChar}test{Path.DirectorySeparatorChar}foo"; var ex = await Assert.ThrowsAsync(async () => await _checkoutTask.RunAsync(_executionContext, CancellationToken.None)); Assert.True(ex.Message.Contains("should resolve to a directory under")); var traceContent = tc.GetTraceContent(); Assert.False(traceContent.Contains($"##vso[plugininternal.updaterepositorypath alias=myRepo;]")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_ValidPathInput_AllowWorkingDirectoryRepositorie() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); Setup(tc, allowWorkDirectory: "true"); var repository = _executionContext.Repositories.Single(); var currentPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Directory.CreateDirectory(currentPath); _executionContext.Inputs["Path"] = $"..{Path.DirectorySeparatorChar}test{Path.DirectorySeparatorChar}foo"; await _checkoutTask.RunAsync(_executionContext, CancellationToken.None); var actualPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Assert.NotEqual(actualPath, currentPath); Assert.Equal(actualPath, Path.Combine(tc.GetDirectory(WellKnownDirectory.Work), "test", "foo")); Assert.True(Directory.Exists(actualPath)); Assert.False(Directory.Exists(currentPath)); var traceContent = tc.GetTraceContent(); Assert.True(traceContent.Contains($"##vso[plugininternal.updaterepositorypath alias=myRepo;]{actualPath}")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_InvalidPathInput_AllowWorkingDirectoryRepositorie() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); Setup(tc, allowWorkDirectory: "true"); var repository = _executionContext.Repositories.Single(); var currentPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Directory.CreateDirectory(currentPath); _executionContext.Inputs["Path"] = $"..{Path.DirectorySeparatorChar}..{Path.DirectorySeparatorChar}test{Path.DirectorySeparatorChar}foo"; var ex = await Assert.ThrowsAsync(async () => await _checkoutTask.RunAsync(_executionContext, CancellationToken.None)); Assert.True(ex.Message.Contains("should resolve to a directory under")); var traceContent = tc.GetTraceContent(); Assert.False(traceContent.Contains($"##vso[plugininternal.updaterepositorypath alias=myRepo;]")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_UpdatePathEvenCheckoutFail() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); Setup(tc); _sourceProvider.Setup(x => x.GetSourceAsync(It.IsAny(), It.IsAny(), It.IsAny())) .Throws(new InvalidOperationException("RIGHT")); var repository = _executionContext.Repositories.Single(); var currentPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Directory.CreateDirectory(currentPath); var ex = await Assert.ThrowsAsync(async () => await _checkoutTask.RunAsync(_executionContext, CancellationToken.None)); Assert.True(ex.Message.Contains("RIGHT")); var traceContent = tc.GetTraceContent(); Assert.True(traceContent.Contains($"##vso[plugininternal.updaterepositorypath alias=myRepo;]{currentPath}")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task RepositoryPlugin_MultiCheckout_UpdatePathForAllRepos() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); var repos = new List() { GetRepository(tc, "self", "self"), GetRepository(tc, "repo2", "repo2"), GetRepository(tc, "repo3", "repo3"), }; Setup(tc, repos); foreach (var repository in _executionContext.Repositories) { var currentPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Directory.CreateDirectory(currentPath); _executionContext.Inputs[Pipelines.PipelineConstants.CheckoutTaskInputs.Repository] = repository.Alias; _executionContext.Inputs["Path"] = Path.Combine("test", repository.Alias); await _checkoutTask.RunAsync(_executionContext, CancellationToken.None); var actualPath = repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path); Assert.NotEqual(actualPath, currentPath); Assert.Equal(actualPath, Path.Combine(tc.GetDirectory(WellKnownDirectory.Work), "1", Path.Combine("test", repository.Alias))); Assert.True(Directory.Exists(actualPath)); Assert.False(Directory.Exists(currentPath)); var traceContent = tc.GetTraceContent(); Assert.True(traceContent.Contains($"##vso[plugininternal.updaterepositorypath alias={repository.Alias};]{actualPath}"), $"Repo {repository.Alias} did not get updated to {actualPath}. CurrentPath = {currentPath}"); } } } private Pipelines.RepositoryResource GetRepository(TestHostContext hostContext, String alias, String relativePath) { var workFolder = hostContext.GetDirectory(WellKnownDirectory.Work); var repo = new Pipelines.RepositoryResource() { Alias = alias, Type = Pipelines.RepositoryTypes.Git, }; repo.Properties.Set(Pipelines.RepositoryPropertyNames.Path, Path.Combine(workFolder, "1", relativePath)); return repo; } private void Setup(TestHostContext hostContext, string allowWorkDirectory = "false") { Setup(hostContext, new List() { GetRepository(hostContext, "myRepo", "s") }, allowWorkDirectory); } private void Setup(TestHostContext hostContext, List repos, string allowWorkDirectory = "false") { _executionContext = new AgentTaskPluginExecutionContext(hostContext.GetTrace()) { Endpoints = new List(), Inputs = new Dictionary(StringComparer.OrdinalIgnoreCase) { { Pipelines.PipelineConstants.CheckoutTaskInputs.Repository, "myRepo" }, }, Repositories = repos, Variables = new Dictionary(StringComparer.OrdinalIgnoreCase) { { "agent.builddirectory", Path.Combine(hostContext.GetDirectory(WellKnownDirectory.Work), "1") }, { "agent.workfolder", hostContext.GetDirectory(WellKnownDirectory.Work) }, { "agent.tempdirectory", hostContext.GetDirectory(WellKnownDirectory.Temp) }, { "AZP_AGENT_ALLOW_WORK_DIRECTORY_REPOSITORIES", allowWorkDirectory } }, JobSettings = new Dictionary() { // Set HasMultipleCheckouts to true if the number of repos is greater than 1 { WellKnownJobSettings.HasMultipleCheckouts, (repos.Count > 1).ToString() } }, }; _sourceProvider = new Mock(); _sourceProviderFactory = new Mock(); _sourceProviderFactory .Setup(x => x.GetSourceProvider(It.IsAny())) .Returns(_sourceProvider.Object); _checkoutTask = new CheckoutTask(_sourceProviderFactory.Object); } } } ================================================ FILE: src/Test/L0/Plugin/TarUtilsL0.cs ================================================ using System; using System.Threading.Tasks; using Xunit; using System.Threading; using Agent.Sdk; using Agent.Plugins.PipelineCache; using System.Diagnostics; namespace Microsoft.VisualStudio.Services.Agent.Tests.PipelineCaching { public class TarUtilsL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task UnavailableProcessDependency_ThrowsNiceError() { var startInfo = new ProcessStartInfo(); startInfo.FileName = "ThisProcessObviouslyWillFail"; await Assert.ThrowsAsync(async () => await TarUtils.RunProcessAsync(new AgentTaskPluginExecutionContext(), startInfo, (p, ct) => null, () => { }, new CancellationToken())); } } } ================================================ FILE: src/Test/L0/Plugin/TestFileContainerProvider/TestFileContainerProviderL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.Text; using System.Threading.Tasks; using Agent.Plugins; using Agent.Sdk; using Microsoft.VisualStudio.Services.FileContainer; using Minimatch; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { public class TestFileContainerProviderL0 { [Theory] [Trait("Level", "L0")] [Trait("Category", "Plugin")] [InlineData(new string[] { "**" }, 7, new string[] { "ArtifactForTest", "ArtifactForTest/File1.txt", "ArtifactForTest/Folder1", "ArtifactForTest/Folder1/File2.txt", "ArtifactForTest/Folder1/File21.txt", "ArtifactForTest/Folder1/Folder2", "ArtifactForTest/Folder1/Folder2/File3.txt" })] [InlineData(new string[] { "**", "!**/File2.txt" }, 6, new string[] { "ArtifactForTest", "ArtifactForTest/File1.txt", "ArtifactForTest/Folder1", "ArtifactForTest/Folder1/File21.txt", "ArtifactForTest/Folder1/Folder2", "ArtifactForTest/Folder1/Folder2/File3.txt" })] [InlineData(new string[] { "**", "!**/File2*" }, 5, new string[] { "ArtifactForTest", "ArtifactForTest/File1.txt", "ArtifactForTest/Folder1", "ArtifactForTest/Folder1/Folder2", "ArtifactForTest/Folder1/Folder2/File3.txt" })] [InlineData(new string[] { "**", "!**/Folder2/**" }, 6, new string[] { "ArtifactForTest", "ArtifactForTest/File1.txt", "ArtifactForTest/Folder1", "ArtifactForTest/Folder1/File2.txt", "ArtifactForTest/Folder1/File21.txt", "ArtifactForTest/Folder1/Folder2" })] [InlineData(new string[] { "**/Folder1/**", "!**/File3.txt" }, 3, new string[] { "ArtifactForTest/Folder1/File2.txt", "ArtifactForTest/Folder1/File21.txt", "ArtifactForTest/Folder1/Folder2" })] [InlineData(new string[] { "**/File*.txt", "!**/File3.txt" }, 3, new string[] { "ArtifactForTest/File1.txt", "ArtifactForTest/Folder1/File2.txt", "ArtifactForTest/Folder1/File21.txt" })] [InlineData(new string[] { "**", "!**/Folder1/**", "!!**/File3.txt" }, 4, new string[] { "ArtifactForTest", "ArtifactForTest/File1.txt", "ArtifactForTest/Folder1", "ArtifactForTest/Folder1/Folder2/File3.txt" })] [InlineData(new string[] { "**", " !**/Folder1/** ", "!!**/File3.txt" }, 4, new string[] { "ArtifactForTest", "ArtifactForTest/File1.txt", "ArtifactForTest/Folder1", "ArtifactForTest/Folder1/Folder2/File3.txt" })] [InlineData(new string[] { "**", "!**/Folder1/**", "#!**/Folder2/**", "!!**/File3.txt" }, 4, new string[] { "ArtifactForTest", "ArtifactForTest/File1.txt", "ArtifactForTest/Folder1", "ArtifactForTest/Folder1/Folder2/File3.txt" })] [InlineData(new string[] { "**", "!**/Folder1/**", " ", "!!**/File3.txt" }, 4, new string[] { "ArtifactForTest", "ArtifactForTest/File1.txt", "ArtifactForTest/Folder1", "ArtifactForTest/Folder1/Folder2/File3.txt" })] [InlineData(new string[] { "ArtifactForTest/File1.txt" }, 1, new string[] { "ArtifactForTest/File1.txt" })] public void TestGettingArtifactItemsWithMinimatchPattern(string[] pttrn, int count, string[] expectedPaths) { using (TestHostContext hostContext = new TestHostContext(this)) { AgentTaskPluginExecutionContext context = new AgentTaskPluginExecutionContext(hostContext.GetTrace()); ArtifactItemFilters filters = new ArtifactItemFilters(null, context.CreateArtifactsTracer()); List items = new List { new FileContainerItem() { ItemType = ContainerItemType.Folder, Path = "ArtifactForTest" }, new FileContainerItem() { ItemType = ContainerItemType.File, Path = "ArtifactForTest/File1.txt" }, new FileContainerItem() { ItemType = ContainerItemType.Folder, Path = "ArtifactForTest/Folder1" }, new FileContainerItem() { ItemType = ContainerItemType.File, Path = "ArtifactForTest/Folder1/File2.txt" }, new FileContainerItem() { ItemType = ContainerItemType.File, Path = "ArtifactForTest/Folder1/File21.txt" }, new FileContainerItem() { ItemType = ContainerItemType.Folder, Path = "ArtifactForTest/Folder1/Folder2" }, new FileContainerItem() { ItemType = ContainerItemType.File, Path = "ArtifactForTest/Folder1/Folder2/File3.txt" } }; List paths = new List(); foreach (FileContainerItem item in items) { paths.Add(item.Path); } string[] minimatchPatterns = pttrn; Options customMinimatchOptions = new Options() { Dot = true, NoBrace = true, AllowWindowsPaths = PlatformUtil.RunningOnWindows }; Hashtable map = filters.GetMapToFilterItems(paths, minimatchPatterns, customMinimatchOptions); List resultItems = filters.ApplyPatternsMapToContainerItems(items, map); Assert.Equal(count, resultItems.Count); string listPaths = string.Join(", ", expectedPaths); List resultPathsList = new List(); foreach (FileContainerItem item in resultItems) { resultPathsList.Add(item.Path); } string resultPaths = string.Join(", ", resultPathsList); Assert.Equal(listPaths, resultPaths); } } } } ================================================ FILE: src/Test/L0/Plugin/TestFilePublisher/TestFileFinderL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading.Tasks; using Agent.Plugins.Log.TestFilePublisher; using Xunit; namespace Test.L0.Plugin.TestFilePublisher { public class TestFileFinderL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFileFinder_FindFilesWithMatchingPattern() { var finder = new MockTestFileFinder(new List { "/tmp" }); var files = await finder.FindAsync(new List { "test-*.xml" }); Assert.True(files.Count() == 2); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFileFinder_FindFilesWithEmptySearchFolders() { var finder = new MockTestFileFinder(new List()); var files = await finder.FindAsync(new List { "test-*.xml" }); Assert.True(!files.Any()); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFileFinder_FindFilesWithEmptyPattern() { var finder = new MockTestFileFinder(new List { "/tmp" }); var files = await finder.FindAsync(new List()); Assert.True(!files.Any()); } } public class MockTestFileFinder : TestFileFinder { public MockTestFileFinder(IList searchFolders) : base(searchFolders) { } protected override IEnumerable GetFiles(string path, string[] searchPatterns, SearchOption searchOption = SearchOption.AllDirectories) { return new List { "/tmp/test-1.xml", "/tmp/test-2.xml", "/tmp/test-1.xml" }; } } } ================================================ FILE: src/Test/L0/Plugin/TestFilePublisher/TestFilePublisherL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Diagnostics; using System.Linq; using System.Threading; using System.Threading.Tasks; using Agent.Plugins.Log.TestFilePublisher; using Agent.Plugins.Log.TestResultParser.Contracts; using Microsoft.TeamFoundation.TestClient.PublishTestResults; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Moq; using Xunit; using ITestResultParser = Microsoft.TeamFoundation.TestClient.PublishTestResults.ITestResultParser; using ITestRunPublisher = Microsoft.TeamFoundation.TestClient.PublishTestResults.ITestRunPublisher; using TestRun = Microsoft.TeamFoundation.TestManagement.WebApi.TestRun; namespace Test.L0.Plugin.TestFilePublisher { public class TestFilePublisherL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisher_PublishTestFiles() { var publisher = new Agent.Plugins.Log.TestFilePublisher.TestFilePublisher(_vssConnection.Object, _pipelineConfig, _traceListener.Object, _logger.Object, _telemetry.Object, _testFileFinder.Object, _testResultParser.Object, _testRunPublisher.Object); var testFiles = new List { "/tmp/test-1.xml" }; var testRuns = new List { new TestRun() }; _testFileFinder.Setup(x => x.FindAsync(It.IsAny>())).ReturnsAsync(testFiles.AsEnumerable()); _testResultParser.Setup(x => x.ParseTestResultFiles(It.IsAny(), It.IsAny>())) .Returns(new TestDataProvider(new List { new TestData() { TestRunData = new TestRunData(null) } })); _testRunPublisher.Setup(x => x.PublishTestRunDataAsync(It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())).ReturnsAsync(testRuns); await publisher.InitializeAsync(); await publisher.PublishAsync(); _testFileFinder.Verify(x => x.FindAsync(It.IsAny>()), Times.Once); _testResultParser.Verify(x => x.ParseTestResultFiles(It.IsAny(), It.IsAny>()), Times.Once); _testRunPublisher.Verify(x => x.PublishTestRunDataAsync(It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny()), Times.Once); _logger.Verify(x => x.Info(It.Is(msg => msg.Contains("Number of files found with matching pattern 1"))), Times.Once); _logger.Verify(x => x.Info(It.Is(msg => msg.Contains("Successfully parsed 1 files"))), Times.Once); _logger.Verify(x => x.Info(It.Is(msg => msg.Contains("Successfully published 1 runs"))), Times.Once); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisher_PublishMultipleFiles() { var publisher = new Agent.Plugins.Log.TestFilePublisher.TestFilePublisher(_vssConnection.Object, _pipelineConfig, _traceListener.Object, _logger.Object, _telemetry.Object, _testFileFinder.Object, _testResultParser.Object, _testRunPublisher.Object); var testFiles = new List { "/tmp/test-1.xml", "/tmp/test-2.xml", "/tmp/test-3.xml", }; var testRuns = new List { new TestRun() }; _testFileFinder.Setup(x => x.FindAsync(It.IsAny>())).ReturnsAsync(testFiles.AsEnumerable()); _testResultParser.Setup(x => x.ParseTestResultFiles(It.IsAny(), It.IsAny>())) .Returns(new TestDataProvider(new List { new TestData { TestRunData = new TestRunData(null) }, new TestData() { TestRunData = new TestRunData(null) } })); _testRunPublisher.Setup(x => x.PublishTestRunDataAsync(It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())).ReturnsAsync(testRuns); await publisher.InitializeAsync(); await publisher.PublishAsync(); _testFileFinder.Verify(x => x.FindAsync(It.IsAny>()), Times.Once); _testResultParser.Verify(x => x.ParseTestResultFiles(It.IsAny(), It.IsAny>()), Times.Once); _testRunPublisher.Verify(x => x.PublishTestRunDataAsync(It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny()), Times.Once); _logger.Verify(x => x.Info(It.Is(msg => msg.Contains("Number of files found with matching pattern 3"))), Times.Once); _logger.Verify(x => x.Info(It.Is(msg => msg.Contains("Successfully parsed 2 files"))), Times.Once); _logger.Verify(x => x.Info(It.Is(msg => msg.Contains("Successfully published 1 runs"))), Times.Once); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisher_DontPublishWhenNoMatchingFilesFound() { var publisher = new Agent.Plugins.Log.TestFilePublisher.TestFilePublisher(_vssConnection.Object, _pipelineConfig, _traceListener.Object, _logger.Object, _telemetry.Object, _testFileFinder.Object, _testResultParser.Object, _testRunPublisher.Object); _testFileFinder.Setup(x => x.FindAsync(It.IsAny>())).ReturnsAsync(Enumerable.Empty()); _testResultParser.Setup(x => x.ParseTestResultFiles(It.IsAny(), It.IsAny>())) .Throws(); _testRunPublisher.Setup(x => x.PublishTestRunDataAsync(It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())).Throws(); await publisher.InitializeAsync(); await publisher.PublishAsync(); _testFileFinder.Verify(x => x.FindAsync(It.IsAny>()), Times.Once); _logger.Verify(x => x.Info(It.Is(msg => msg.Contains("No test result files are found"))), Times.Once); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisher_DontPublishWhenFileExceptionsAreThrown() { var publisher = new Agent.Plugins.Log.TestFilePublisher.TestFilePublisher(_vssConnection.Object, _pipelineConfig, _traceListener.Object, _logger.Object, _telemetry.Object, _testFileFinder.Object, _testResultParser.Object, _testRunPublisher.Object); _testFileFinder.Setup(x => x.FindAsync(It.IsAny>())).Throws(); _testResultParser.Setup(x => x.ParseTestResultFiles(It.IsAny(), It.IsAny>())) .Throws(); _testRunPublisher.Setup(x => x.PublishTestRunDataAsync(It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())).Throws(); await publisher.InitializeAsync(); await publisher.PublishAsync(); _testFileFinder.Verify(x => x.FindAsync(It.IsAny>()), Times.Once); _logger.Verify(x => x.Info(It.Is(msg => msg.Contains("No test result files are found"))), Times.Once); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisher_DontPublishWhenFilesAreNotValid() { var publisher = new Agent.Plugins.Log.TestFilePublisher.TestFilePublisher(_vssConnection.Object, _pipelineConfig, _traceListener.Object, _logger.Object, _telemetry.Object, _testFileFinder.Object, _testResultParser.Object, _testRunPublisher.Object); var testFiles = new List { "/tmp/test-1.xml", "/tmp/test-2.xml", "/tmp/test-3.xml", }; _testFileFinder.Setup(x => x.FindAsync(It.IsAny>())).ReturnsAsync(testFiles.AsEnumerable()); _testResultParser.Setup(x => x.ParseTestResultFiles(It.IsAny(), It.IsAny>())) .Returns(new TestDataProvider(null)); _testRunPublisher.Setup(x => x.PublishTestRunDataAsync(It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())).Throws(); await publisher.InitializeAsync(); await publisher.PublishAsync(); _testFileFinder.Verify(x => x.FindAsync(It.IsAny>()), Times.Once); _logger.Verify(x => x.Info(It.Is(msg => msg.Contains("No valid Junit test result files are found which can be parsed"))), Times.Once); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisher_WhenPublishedRunsAreNull() { var publisher = new Agent.Plugins.Log.TestFilePublisher.TestFilePublisher(_vssConnection.Object, _pipelineConfig, _traceListener.Object, _logger.Object, _telemetry.Object, _testFileFinder.Object, _testResultParser.Object, _testRunPublisher.Object); var testFiles = new List { "/tmp/test-1.xml" }; List testRuns = null; _testFileFinder.Setup(x => x.FindAsync(It.IsAny>())).ReturnsAsync(testFiles.AsEnumerable()); _testResultParser.Setup(x => x.ParseTestResultFiles(It.IsAny(), It.IsAny>())) .Returns(new TestDataProvider(new List { new TestData() { TestRunData = new TestRunData(null) } })); _testRunPublisher.Setup(x => x.PublishTestRunDataAsync(It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())).ReturnsAsync(testRuns); await publisher.InitializeAsync(); await publisher.PublishAsync(); _testFileFinder.Verify(x => x.FindAsync(It.IsAny>()), Times.Once); _testResultParser.Verify(x => x.ParseTestResultFiles(It.IsAny(), It.IsAny>()), Times.Once); _testRunPublisher.Verify(x => x.PublishTestRunDataAsync(It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny()), Times.Once); _logger.Verify(x => x.Info(It.Is(msg => msg.Contains("Number of files found with matching pattern 1"))), Times.Once); _logger.Verify(x => x.Info(It.Is(msg => msg.Contains("Successfully parsed 1 files"))), Times.Once); _logger.Verify(x => x.Info(It.Is(msg => msg.Contains("Successfully published"))), Times.Never); } private readonly Mock _logger = new Mock(); private readonly Mock _telemetry = new Mock(); private readonly Mock _vssConnection = new Mock(new Uri("http://fake"), new VssCredentials()); private readonly PipelineConfig _pipelineConfig = new PipelineConfig(); private readonly Mock _traceListener = new Mock(); private readonly Mock _testFileFinder = new Mock(); private readonly Mock _testResultParser = new Mock(); private readonly Mock _testRunPublisher = new Mock(); } } ================================================ FILE: src/Test/L0/Plugin/TestFilePublisher/TestFilePublisherLogPluginL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Threading.Tasks; using Agent.Plugins.Log.TestFilePublisher; using Agent.Plugins.Log.TestResultParser.Contracts; using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Moq; using Xunit; using Test.L0.Util; namespace Test.L0.Plugin.TestFilePublisher { public class TestFilePublisherLogPluginL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_DisableIfNotBuildPipeline() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testFilePublisher = new Mock(); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); telemetry.Setup(x => x.PublishCumulativeTelemetryAsync()).Returns(Task.FromResult(TaskResult.Succeeded)); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.hosttype", new VariableValue("release") } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_DisableWhenHostTypeNotSet() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testFilePublisher = new Mock(); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); telemetry.Setup(x => x.PublishCumulativeTelemetryAsync()).Returns(Task.FromResult(TaskResult.Succeeded)); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.hosttype", null } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_DisableWhenServerTypeNotSet() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testFilePublisher = new Mock(); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); telemetry.Setup(x => x.PublishCumulativeTelemetryAsync()).Returns(Task.FromResult(TaskResult.Succeeded)); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.servertype", null } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_DisableIfOnPremPipeline() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testFilePublisher = new Mock(); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.hosttype", new VariableValue("build") }, {"system.servertype", new VariableValue("OnPrem") } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_DisableIfPublishTaskPresent() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testFilePublisher = new Mock(); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.hosttype", new VariableValue("build") }, {"system.servertype", new VariableValue("Hosted") } }); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("0B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_DisableForInvalidBuildContext() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testFilePublisher = new Mock(); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.hosttype", new VariableValue("build") }, {"system.servertype", new VariableValue("Hosted") } }); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("1B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_DisableForInvalidSearchPattern() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testFilePublisher = new Mock(); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { { "system.hosttype", new VariableValue("build") }, { "system.servertype", new VariableValue("Hosted") }, { "build.repository.provider", new VariableValue("GitHub") }, { "build.buildId", new VariableValue("1") } }); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("1B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_DisableForInvalidSearchFolders() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testFilePublisher = new Mock(); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { { "system.hosttype", new VariableValue("build") }, { "system.servertype", new VariableValue("Hosted") }, { "build.repository.provider", new VariableValue("GitHub") }, { "build.buildId", new VariableValue("1") }, { "agent.testfilepublisher.pattern", new VariableValue("test-*.xml")} }); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("1B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_DisableForNonResolvableSearchFolders() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testFilePublisher = new Mock(); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { { "system.hosttype", new VariableValue("build") }, { "system.servertype", new VariableValue("Hosted") }, { "build.repository.provider", new VariableValue("GitHub") }, { "build.buildId", new VariableValue("1") }, { "agent.testfilepublisher.pattern", new VariableValue("test-*.xml")}, { "agent.testfilepublisher.searchfolders", new VariableValue("agent.tempdirectory")} }); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("1B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_DisableIfExceptionThrown() { var agentContext = new Mock(); var vssConnection = new Mock(new Uri("http://fake"), new VssCredentials()); var testFilePublisher = new Mock(); var telemetry = new Mock(); telemetry.Setup(x => x.PublishCumulativeTelemetryAsync()).Returns(Task.FromResult(TaskResult.Succeeded)); agentContext.Setup(x => x.VssConnection).Returns(vssConnection.Object); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("1B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { { "system.hosttype", new VariableValue("build") }, { "system.servertype", new VariableValue("Hosted") }, { "build.repository.provider", new VariableValue("GitHub") }, { "build.buildId", new VariableValue("1") }, { "agent.tempdirectory", new VariableValue("/tmp")}, { "agent.testfilepublisher.pattern", new VariableValue("test-*.xml")}, { "agent.testfilepublisher.searchfolders", new VariableValue("agent.tempdirectory")} }); testFilePublisher.Setup(x => x.InitializeAsync()).Throws(new Exception("some exception")); var plugin = new TestFilePublisherLogPlugin(null, telemetry.Object, testFilePublisher.Object); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); agentContext.Verify(x => x.Output(It.Is(msg => msg.Contains("Unable to initialize TestFilePublisher"))), Times.Once); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_EnableForBuildPipeline() { var agentContext = new Mock(); var vssConnection = new Mock(new Uri("http://fake"), new VssCredentials()); var testFilePublisher = new Mock(); var logger = new Mock(); var telemetry = new Mock(); telemetry.Setup(x => x.PublishCumulativeTelemetryAsync()).Returns(Task.FromResult(TaskResult.Succeeded)); telemetry.Setup(x => x.PublishTelemetryAsync(It.IsAny(), It.IsAny>())).Callback>((feature, props) => TelemetryPropsUtil.AssertPipelineData(props)).Returns(Task.FromResult(TaskResult.Succeeded)); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("1B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); Dictionary agentContextVariables = new Dictionary() { { "system.hosttype", new VariableValue("build") }, { "system.servertype", new VariableValue("Hosted") }, { "build.repository.provider", new VariableValue("GitHub") }, { "build.buildId", new VariableValue("1") }, { "agent.tempdirectory", new VariableValue("/tmp")}, { "agent.testfilepublisher.pattern", new VariableValue("test-*.xml")}, { "agent.testfilepublisher.searchfolders", new VariableValue("agent.tempdirectory")} }; TelemetryPropsUtil.AddPipelineDataIntoAgentContext(agentContextVariables); agentContext.Setup(x => x.VssConnection).Returns(vssConnection.Object); agentContext.Setup(x => x.Variables).Returns(agentContextVariables); testFilePublisher.Setup(x => x.InitializeAsync()).Returns(Task.CompletedTask); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == true); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_ValidateFoldersAreResolved() { var agentContext = new Mock(); var vssConnection = new Mock(new Uri("http://fake"), new VssCredentials()); var testFilePublisher = new Mock(); var logger = new Mock(); var telemetry = new Mock(); telemetry.Setup(x => x.PublishCumulativeTelemetryAsync()).Returns(Task.FromResult(TaskResult.Succeeded)); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("1B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); agentContext.Setup(x => x.VssConnection).Returns(vssConnection.Object); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { { "system.hosttype", new VariableValue("build") }, { "system.servertype", new VariableValue("Hosted") }, { "build.repository.provider", new VariableValue("GitHub") }, { "build.buildId", new VariableValue("1") }, { "agent.tempdirectory", new VariableValue("/tmp")}, { "system.defaultworkingdirectory", new VariableValue("/def")}, { "agent.testfilepublisher.pattern", new VariableValue("test-*.xml")}, { "agent.testfilepublisher.searchfolders", new VariableValue("agent.tempdirectory,system.defaultworkingdirectory")} }); testFilePublisher.Setup(x => x.InitializeAsync()).Returns(Task.CompletedTask); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == true); Assert.True(plugin.PipelineConfig.SearchFolders.Count == 2); Assert.True(plugin.PipelineConfig.SearchFolders[0].Equals("/tmp") && plugin.PipelineConfig.SearchFolders[1].Equals("/def")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_LogExceptionForFailures() { var agentContext = new Mock(); var vssConnection = new Mock(new Uri("http://fake"), new VssCredentials()); var testFilePublisher = new Mock(); var logger = new Mock(); var telemetry = new Mock(); telemetry.Setup(x => x.PublishCumulativeTelemetryAsync()).Returns(Task.FromResult(TaskResult.Succeeded)); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("1B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); agentContext.Setup(x => x.VssConnection).Returns(vssConnection.Object); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { { "system.hosttype", new VariableValue("build") }, { "system.servertype", new VariableValue("Hosted") }, { "build.repository.provider", new VariableValue("GitHub") }, { "build.buildId", new VariableValue("1") }, { "agent.tempdirectory", new VariableValue("/tmp")}, { "system.defaultworkingdirectory", new VariableValue("/def")}, { "agent.testfilepublisher.pattern", new VariableValue("test-*.xml")}, { "agent.testfilepublisher.searchfolders", new VariableValue("agent.tempdirectory,system.defaultworkingdirectory")} }); testFilePublisher.Setup(x => x.PublishAsync()).Throws(); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); await plugin.FinalizeAsync(agentContext.Object); logger.Verify(x => x.Info(It.Is(msg => msg.Contains("Error"))), Times.Once); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestFilePublisherLogPlugin_DisableIfMavenPresent() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testFilePublisher = new Mock(); var plugin = new TestFilePublisherLogPlugin(logger.Object, telemetry.Object, testFilePublisher.Object); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.hosttype", new VariableValue("build") }, {"system.servertype", new VariableValue("Hosted") } }); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("ac4ee482-65da-4485-a532-7b085873e532") } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } } } ================================================ FILE: src/Test/L0/Plugin/TestFileShareProvider/MockDedupManifestArtifactClientFactory.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading; using System.Threading.Tasks; using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Blob; using Microsoft.VisualStudio.Services.BlobStore.Common; using Microsoft.VisualStudio.Services.BlobStore.Common.Telemetry; using Microsoft.VisualStudio.Services.BlobStore.WebApi; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Microsoft.VisualStudio.Services.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Tests { public class MockDedupManifestArtifactClientFactory : IDedupManifestArtifactClientFactory { private TestTelemetrySender telemetrySender; private readonly Uri baseAddress = new Uri("http://testBaseAddress"); public Task<(DedupManifestArtifactClient client, BlobStoreClientTelemetry telemetry)> CreateDedupManifestClientAsync( bool verbose, Action traceOutput, VssConnection connection, IDomainId domainId, BlobStore.WebApi.Contracts.Client client, AgentTaskPluginExecutionContext context, CancellationToken cancellationToken) { telemetrySender = new TestTelemetrySender(); return Task.FromResult((client: (DedupManifestArtifactClient)null, telemetry: new BlobStoreClientTelemetry( NoopAppTraceSource.Instance, baseAddress, telemetrySender))); } public (DedupManifestArtifactClient client, BlobStoreClientTelemetry telemetry) CreateDedupManifestClient( bool verbose, Action traceOutput, VssConnection connection, IDomainId domainId, BlobstoreClientSettings clientSettings, AgentTaskPluginExecutionContext context, CancellationToken cancellationToken) { telemetrySender = new TestTelemetrySender(); return (client: (DedupManifestArtifactClient)null, telemetry: new BlobStoreClientTelemetry( NoopAppTraceSource.Instance, baseAddress, telemetrySender)); } public (DedupStoreClient client, BlobStoreClientTelemetryTfs telemetry) CreateDedupClient( VssConnection connection, IDomainId domainId, int maxParallelism, int? redirectTimeoutSeconds, bool verbose, Action traceOutput, CancellationToken cancellationToken) { telemetrySender = new TestTelemetrySender(); return (client: (DedupStoreClient)null, telemetry: new BlobStoreClientTelemetryTfs( NoopAppTraceSource.Instance, baseAddress, connection, telemetrySender)); } public int GetDedupStoreClientMaxParallelism(AgentTaskPluginExecutionContext context) { return 4; } } } ================================================ FILE: src/Test/L0/Plugin/TestFileShareProvider/TestFileShareProviderL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections; using System.Collections.Generic; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Security.Cryptography; using System.Threading; using System.Threading.Tasks; using Agent.Plugins; using Agent.Plugins.PipelineArtifact; using Agent.Sdk; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.VisualStudio.Services.Agent.Blob; using Microsoft.VisualStudio.Services.Agent.Tests; using Microsoft.VisualStudio.Services.Content.Common.Tracing; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { public class TestFileShareProviderL0 { private const string TestSourceFolder = "sourceFolder"; private const string TestDestFolder = "destFolder"; private const string TestDownloadSourceFolder = "sourceDownloadFolder"; [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestPublishArtifactAsync() { if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { // Robocopy only works in Windows and since agent is using Xunit, Assert.Inconclusive doesn't exist. return; } byte[] sourceContent = GenerateRandomData(); TestFile sourceFile = new TestFile(sourceContent); sourceFile.PlaceItem(Path.Combine(Directory.GetCurrentDirectory(), Path.Combine(TestSourceFolder, "test1.txt"))); using (var hostContext = new TestHostContext(this)) { var context = new AgentTaskPluginExecutionContext(hostContext.GetTrace()); context.Variables.Add("system.hosttype", "build"); var provider = new FileShareProvider(context, null, context.CreateArtifactsTracer(), new MockDedupManifestArtifactClientFactory()); // Get source directory path and destination directory path string sourcePath = Path.Combine(Directory.GetCurrentDirectory(), TestSourceFolder); string destPath = Path.Combine(Directory.GetCurrentDirectory(), TestDestFolder); await provider.PublishArtifactAsync(sourcePath, destPath, 1, CancellationToken.None); var sourceFiles = Directory.GetFiles(sourcePath); var destFiles = Directory.GetFiles(destPath); Assert.Equal(sourceFiles.Length, destFiles.Length); foreach (var file in sourceFiles) { string destFile = destFiles.FirstOrDefault(f => Path.GetFileName(f).Equals(Path.GetFileName(file))); Assert.True(StructuralComparisons.StructuralEqualityComparer.Equals(ComputeHash(file), ComputeHash(destFile))); } TestCleanup(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestDownloadArtifactAsync() { byte[] sourceContent1 = GenerateRandomData(); byte[] sourceContent2 = GenerateRandomData(); TestFile sourceFile1 = new TestFile(sourceContent1); TestFile sourceFile2 = new TestFile(sourceContent2); sourceFile1.PlaceItem(Path.Combine(Directory.GetCurrentDirectory(), Path.Combine(TestDownloadSourceFolder, "drop/test2.txt"))); sourceFile2.PlaceItem(Path.Combine(Directory.GetCurrentDirectory(), Path.Combine(TestDownloadSourceFolder, "drop/test3.txt"))); using (var hostContext = new TestHostContext(this)) { var context = new AgentTaskPluginExecutionContext(hostContext.GetTrace()); var provider = new FileShareProvider(context, null, context.CreateArtifactsTracer(), new MockDedupManifestArtifactClientFactory()); string sourcePath = Path.Combine(Directory.GetCurrentDirectory(), TestDownloadSourceFolder); string destPath = Path.Combine(Directory.GetCurrentDirectory(), TestDestFolder); ArtifactDownloadParameters downloadParameters = new ArtifactDownloadParameters(); downloadParameters.TargetDirectory = destPath; downloadParameters.MinimatchFilters = new string[] { "**" }; BuildArtifact buildArtifact = new BuildArtifact(); buildArtifact.Name = "drop"; buildArtifact.Resource = new ArtifactResource(); buildArtifact.Resource.Data = sourcePath; await provider.DownloadMultipleArtifactsAsync(downloadParameters, new List { buildArtifact }, CancellationToken.None, context); var sourceFiles = Directory.GetFiles(sourcePath); var destFiles = Directory.GetFiles(destPath); Assert.Equal(sourceFiles.Length, destFiles.Length); foreach (var file in sourceFiles) { string destFile = destFiles.FirstOrDefault(f => Path.GetFileName(f).Equals(Path.GetFileName(file))); Assert.True(StructuralComparisons.StructuralEqualityComparer.Equals(ComputeHash(file), ComputeHash(destFile))); } TestCleanup(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestDownloadArtifactAsyncWithMinimatchPattern() { byte[] sourceContent1 = GenerateRandomData(); byte[] sourceContent2 = GenerateRandomData(); TestFile sourceFile1 = new TestFile(sourceContent1); TestFile sourceFile2 = new TestFile(sourceContent2); sourceFile1.PlaceItem(Path.Combine(Directory.GetCurrentDirectory(), Path.Combine(TestDownloadSourceFolder, "drop/test2.txt"))); sourceFile2.PlaceItem(Path.Combine(Directory.GetCurrentDirectory(), Path.Combine(TestDownloadSourceFolder, "drop/test3.txt"))); using (var hostContext = new TestHostContext(this)) { var context = new AgentTaskPluginExecutionContext(hostContext.GetTrace()); var provider = new FileShareProvider(context, null, context.CreateArtifactsTracer(), new MockDedupManifestArtifactClientFactory()); string sourcePath = Path.Combine(Directory.GetCurrentDirectory(), TestDownloadSourceFolder); string destPath = Path.Combine(Directory.GetCurrentDirectory(), TestDestFolder); ArtifactDownloadParameters downloadParameters = new ArtifactDownloadParameters(); downloadParameters.TargetDirectory = destPath; downloadParameters.MinimatchFilters = new string[] { "drop/test2.txt" }; BuildArtifact buildArtifact = new BuildArtifact(); buildArtifact.Name = "drop"; buildArtifact.Resource = new ArtifactResource(); buildArtifact.Resource.Data = sourcePath; await provider.DownloadMultipleArtifactsAsync(downloadParameters, new List { buildArtifact }, CancellationToken.None, context); var sourceFiles = Directory.GetFiles(sourcePath); var destFiles = Directory.GetFiles(Path.Combine(destPath, buildArtifact.Name)); Assert.Equal(1, destFiles.Length); foreach (var file in sourceFiles) { string destFile = destFiles.FirstOrDefault(f => Path.GetFileName(f).Equals(Path.GetFileName(file))); Assert.True(StructuralComparisons.StructuralEqualityComparer.Equals(ComputeHash(file), ComputeHash(destFile))); } TestCleanup(); } } private void TestCleanup() { DirectoryInfo destDir = new DirectoryInfo(TestDestFolder); foreach (FileInfo file in destDir.GetFiles("*", SearchOption.AllDirectories)) { file.Delete(); } foreach (DirectoryInfo dir in destDir.EnumerateDirectories()) { dir.Delete(true); } } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5394:Do not use insecure randomness")] private byte[] GenerateRandomData() { byte[] data = new byte[1024]; Random rng = new Random(); rng.NextBytes(data); return data; } private byte[] ComputeHash(string filePath) { using (SHA256 sha256Hash = SHA256.Create()) { return sha256Hash.ComputeHash(File.ReadAllBytes(filePath)); } } } public class TestFile { public byte[] Content { get; protected set; } protected internal TestFile(byte[] content) { this.Content = content; } internal void PlaceItem(string path) { var dir = Path.GetDirectoryName(path); if (!Directory.Exists(dir)) { Directory.CreateDirectory(dir); } // If the file path ends in a directory (empty dir), don't attempt opening a file handle on it. if (!string.IsNullOrEmpty(Path.GetFileName(path))) { File.WriteAllBytes(path, this.Content); } } } } ================================================ FILE: src/Test/L0/Plugin/TestFileShareProvider/TestTelemetrySender.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.Linq; using Microsoft.VisualStudio.Services.Content.Common.Telemetry; namespace Microsoft.VisualStudio.Services.Agent.Tests { public class TestTelemetrySender : ITelemetrySender { private bool startThrows; private bool stopThrows; private bool sendThrows; protected Action sendCallback; public readonly ConcurrentBag RecordsSent; public bool Started { get; private set; } public bool StoppedSuccessfully { get; private set; } public TestTelemetrySender() : this(startThrows: false, stopThrows: false, sendThrows: false, sendCallback: null) { } public TestTelemetrySender(bool startThrows = false, bool stopThrows = false, bool sendThrows = false, Action sendCallback = null) { this.startThrows = startThrows; this.stopThrows = stopThrows; this.sendThrows = sendThrows; this.sendCallback = sendCallback; this.RecordsSent = new ConcurrentBag(); } private void AddRecord(TelemetryRecord record) { RecordsSent.Add(record); sendCallback(record); } public IEnumerable ActionTelemetryRecords { get { return RecordsSent.OfType().ToArray(); } } public IEnumerable ErrorTelemetryRecords { get { return RecordsSent.OfType().ToArray(); } } public void SendActionTelemetry(ActionTelemetryRecord actionTelemetry) { CheckStarted(); if (sendThrows) { throw new ApplicationException(nameof(SendActionTelemetry)); } AddRecord(actionTelemetry); } public void SendErrorTelemetry(ErrorTelemetryRecord errorTelemetry) { CheckStarted(); if (sendThrows) { throw new ApplicationException(nameof(SendErrorTelemetry)); } AddRecord(errorTelemetry); } public void SendRecord(TelemetryRecord record) { CheckStarted(); if (sendThrows) { throw new ApplicationException(nameof(SendErrorTelemetry)); } AddRecord(record); } public void StartSender() { if (startThrows) { throw new ApplicationException(nameof(StartSender)); } Started = true; StoppedSuccessfully = false; } public void StopSender() { if (stopThrows) { throw new ApplicationException(nameof(StopSender)); } Started = false; StoppedSuccessfully = true; } protected void CheckStarted() { if (!this.Started) { throw new InvalidOperationException($"This {nameof(ITelemetrySender)} has not been started"); } } } } ================================================ FILE: src/Test/L0/Plugin/TestGitCliManager/MockAgentTaskPluginExecutionContext.cs ================================================ using Agent.Sdk; using System; using System.Collections.Generic; using System.Text; namespace Test.L0.Plugin.TestGitCliManager { public class MockAgentTaskPluginExecutionContext : AgentTaskPluginExecutionContext { public MockAgentTaskPluginExecutionContext(ITraceWriter trace) : base(trace) { } public override void PrependPath(string directory) { } } } ================================================ FILE: src/Test/L0/Plugin/TestGitCliManager/MockGitCliManager.cs ================================================ using Agent.Plugins.Repository; using Agent.Sdk; using System; using System.Collections.Generic; using System.Text; using System.Threading; using System.Threading.Tasks; namespace Test.L0.Plugin.TestGitCliManager { public class MockGitCliManager : GitCliManager { public List GitCommandCallsOptions = new List(); public bool IsLfsConfigExistsing = false; protected override Task ExecuteGitCommandAsync(AgentTaskPluginExecutionContext context, string repoRoot, string command, string options, IList output) { return Task.FromResult(0); } protected override Task ExecuteGitCommandAsync(AgentTaskPluginExecutionContext context, string repoRoot, string command, string options, string additionalCommandLine, CancellationToken cancellationToken) { GitCommandCallsOptions.Add($"{repoRoot},{command},{options},{additionalCommandLine}"); if (command == "checkout" && options == "" && this.IsLfsConfigExistsing) { int returnCode = this.IsLfsConfigExistsing ? 0 : 1; return Task.FromResult(returnCode); } return Task.FromResult(0); } protected override Task ExecuteGitCommandAsync(AgentTaskPluginExecutionContext context, string repoRoot, string command, string options, CancellationToken cancellationToken = default(CancellationToken)) { return Task.FromResult(0); } public override Task GitVersion(AgentTaskPluginExecutionContext context) { return Task.FromResult(new Version("2.30.2")); } public override Task GitLfsVersion(AgentTaskPluginExecutionContext context) { return Task.FromResult(new Version("2.30.2")); } } } ================================================ FILE: src/Test/L0/Plugin/TestGitCliManager/TestGitCliManagerL0.cs ================================================ using Microsoft.VisualStudio.Services.Agent.Tests; using Microsoft.VisualStudio.Services.Agent.Util; using Moq; using System; using System.IO; using System.Threading; using System.Threading.Tasks; using Xunit; namespace Test.L0.Plugin.TestGitCliManager { public class TestGitCliManagerL0 { private readonly string gitPath = Path.Combine("agenthomedirectory", "externals", "git", "cmd", "git.exe"); private readonly string ffGitPath = Path.Combine("agenthomedirectory", "externals", "ff_git", "cmd", "git.exe"); private Tuple, MockAgentTaskPluginExecutionContext> SetupMocksForGitLfsFetchTests(TestHostContext hostContext) { Mock argUtilInstanced = new Mock() { CallBase = true }; argUtilInstanced.Setup(x => x.File(gitPath, "gitPath")).Callback(() => { }); argUtilInstanced.Setup(x => x.File(ffGitPath, "gitPath")).Callback(() => { }); argUtilInstanced.Setup(x => x.Directory("agentworkfolder", "agent.workfolder")); var context = new MockAgentTaskPluginExecutionContext(hostContext.GetTrace()); context.Variables.Add("agent.homedirectory", "agenthomedirectory"); context.Variables.Add("agent.workfolder", "agentworkfolder"); return Tuple.Create(argUtilInstanced, context); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public void TestGetInternalGitPaths() { using var hostContext = new TestHostContext(this); // Setup var originalArgUtilInstance = ArgUtil.ArgUtilInstance; var mocks = SetupMocksForGitLfsFetchTests(hostContext); var argUtilInstanced = mocks.Item1; var mockAgentTaskPluginExecutionContext = mocks.Item2; ArgUtil.ArgUtilInstance = argUtilInstanced.Object; MockGitCliManager gitCliManagerMock = new(); var (resolvedGitPath, resolvedGitLfsPath) = gitCliManagerMock.GetInternalGitPaths(mockAgentTaskPluginExecutionContext); Assert.Equal(resolvedGitPath, gitPath); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestGitLfsFetchLfsConfigDoesNotExist() { using var hostContext = new TestHostContext(this); // Setup var originalArgUtilInstance = ArgUtil.ArgUtilInstance; var mocks = SetupMocksForGitLfsFetchTests(hostContext); var argUtilInstanced = mocks.Item1; var mockAgentTaskPluginExecutionContext = mocks.Item2; try { ArgUtil.ArgUtilInstance = argUtilInstanced.Object; var gitCliManagerMock = new MockGitCliManager() { IsLfsConfigExistsing = false }; await gitCliManagerMock.LoadGitExecutionInfo(mockAgentTaskPluginExecutionContext, true); ArgUtil.NotNull(gitCliManagerMock, ""); // Action await gitCliManagerMock.GitLFSFetch(mockAgentTaskPluginExecutionContext, "repositoryPath", "remoteName", "refSpec", "additionalCmdLine", CancellationToken.None); // Assert Assert.Equal(2, gitCliManagerMock.GitCommandCallsOptions.Count); Assert.True(gitCliManagerMock.GitCommandCallsOptions.Contains("repositoryPath,checkout,refSpec -- .lfsconfig,additionalCmdLine"), "ExecuteGitCommandAsync should pass arguments properly to 'git checkout .lfsconfig' command"); Assert.True(gitCliManagerMock.GitCommandCallsOptions.Contains("repositoryPath,lfs,fetch origin refSpec,additionalCmdLine"), "ExecuteGitCommandAsync should pass arguments properly to 'git lfs fetch' command"); } finally { ArgUtil.ArgUtilInstance = originalArgUtilInstance; } } } } ================================================ FILE: src/Test/L0/Plugin/TestGitSourceProvider/GitSourceProviderL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Tests; using Xunit; using System.IO; using System; using Moq; using Agent.Plugins.Repository; using System.Collections.Generic; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; namespace Test.L0.Plugin.TestGitSourceProvider; public sealed class TestPluginGitSourceProviderL0 { private readonly Func getWorkFolder = hc => hc.GetDirectory(WellKnownDirectory.Work); private readonly string gitPath = Path.Combine("agenthomedirectory", "externals", "git", "cmd", "git.exe"); private readonly string ffGitPath = Path.Combine("agenthomedirectory", "externals", "ff_git", "cmd", "git.exe"); public static IEnumerable FeatureFlagsStatusData => new List { new object[] { true }, new object[] { false }, }; [Theory] [Trait("Level", "L0")] [Trait("Category", "Plugin")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] [MemberData(nameof(FeatureFlagsStatusData))] public void TestSetGitConfiguration(bool featureFlagsStatus) { using TestHostContext hc = new(this, $"FeatureFlagsStatus_{featureFlagsStatus}"); MockAgentTaskPluginExecutionContext tc = new(hc.GetTrace()); var gitCliManagerMock = new Mock(); var repositoryPath = Path.Combine(getWorkFolder(hc), "1", "testrepo"); var featureFlagStatusString = featureFlagsStatus.ToString(); var invocation = featureFlagsStatus ? Times.Once() : Times.Never(); tc.Variables.Add("USE_GIT_SINGLE_THREAD", featureFlagStatusString); tc.Variables.Add("USE_GIT_LONG_PATHS", featureFlagStatusString); tc.Variables.Add("FIX_POSSIBLE_GIT_OUT_OF_MEMORY_PROBLEM", featureFlagStatusString); Agent.Plugins.Repository.GitSourceProvider gitSourceProvider = new Agent.Plugins.Repository.ExternalGitSourceProvider(); gitSourceProvider.SetGitFeatureFlagsConfiguration(tc, gitCliManagerMock.Object, repositoryPath); // Assert. gitCliManagerMock.Verify(x => x.GitConfig(tc, repositoryPath, "pack.threads", "1"), invocation); gitCliManagerMock.Verify(x => x.GitConfig(tc, repositoryPath, "core.longpaths", "true"), invocation); gitCliManagerMock.Verify(x => x.GitConfig(tc, repositoryPath, "http.postBuffer", "524288000"), invocation); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void TestSetWSICConnection() { using TestHostContext hc = new(this); MockAgentTaskPluginExecutionContext tc = new(hc.GetTrace()); Mock argUtilInstanced = new Mock() { CallBase = true }; argUtilInstanced.Setup(x => x.File(gitPath, "gitPath")).Callback(() => { }); argUtilInstanced.Setup(x => x.File(ffGitPath, "gitPath")).Callback(() => { }); argUtilInstanced.Setup(x => x.Directory("agentworkfolder", "agent.workfolder")); ArgUtil.ArgUtilInstance = argUtilInstanced.Object; var endpoint = new ServiceEndpoint() { Name = EndpointAuthorizationSchemes.WorkloadIdentityFederation, Id = Guid.NewGuid(), Authorization = new EndpointAuthorization() { Scheme = EndpointAuthorizationSchemes.WorkloadIdentityFederation, Parameters = { { EndpointAuthorizationParameters.TenantId, "TestTenant"}, { EndpointAuthorizationParameters.ServicePrincipalId, "TestClientId"} } } }; var systemConnectionEndpoint = new ServiceEndpoint() { Name = WellKnownServiceEndpointNames.SystemVssConnection, Id = Guid.NewGuid(), Url = new Uri("https://dev.azure.com"), Authorization = new EndpointAuthorization() { Scheme = EndpointAuthorizationSchemes.OAuth, Parameters = { { EndpointAuthorizationParameters.AccessToken, "Test" } } } }; var repoEndpoint = new Pipelines.ServiceEndpointReference(); repoEndpoint.Id = endpoint.Id; tc.Endpoints.Add(endpoint); tc.Endpoints.Add(systemConnectionEndpoint); tc.Repositories.Add(GetRepository(hc, "myrepo", "myrepo")); tc.Repositories[0].Endpoint = repoEndpoint; tc.Variables.Add("agent.workfolder", "agentworkfolder"); tc.Variables.Add("agent.homedirectory", "agenthomedirectory"); var gitSourceProvider = new MockGitSoureProvider(); gitSourceProvider.GetSourceAsync(tc, tc.Repositories[0], System.Threading.CancellationToken.None).GetAwaiter().GetResult(); Assert.Contains("WorkloadIdentityFederation:WSICToken", tc.TaskVariables.GetValueOrDefault("repoUrlWithCred").Value); Assert.Contains("dev.azure.com/test/_git/myrepo", tc.TaskVariables.GetValueOrDefault("repoUrlWithCred").Value); } private Pipelines.RepositoryResource GetRepository(TestHostContext hostContext, String alias, String relativePath) { var workFolder = hostContext.GetDirectory(WellKnownDirectory.Work); var repo = new Pipelines.RepositoryResource() { Alias = alias, Type = Pipelines.RepositoryTypes.Git, Url = new Uri($"https://dev.azure.com/test/_git/{alias}") }; repo.Properties.Set(Pipelines.RepositoryPropertyNames.Path, Path.Combine(workFolder, "1", relativePath)); return repo; } } ================================================ FILE: src/Test/L0/Plugin/TestGitSourceProvider/MockAgentTaskPluginExecutionContext.cs ================================================ using Agent.Plugins.Repository; using Agent.Sdk; using Moq; using System.Collections.Generic; namespace Test.L0.Plugin.TestGitSourceProvider { public class MockAgentTaskPluginExecutionContext : AgentTaskPluginExecutionContext { public MockAgentTaskPluginExecutionContext(ITraceWriter trace) : base(trace) { } public override void PrependPath(string directory) { } } } ================================================ FILE: src/Test/L0/Plugin/TestGitSourceProvider/MockGitCliManager.cs ================================================ using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Agent.Plugins.Repository; using Agent.Sdk; namespace Test.L0.Plugin.TestGitSourceProvider { public class MockGitCliManager : GitCliManager { public List GitCommandCallsOptions = new List(); public bool IsLfsConfigExistsing = false; public override Task GitVersion(AgentTaskPluginExecutionContext context) { return Task.FromResult(new Version("2.30.2")); } public override Task GitLfsVersion(AgentTaskPluginExecutionContext context) { return Task.FromResult(new Version("2.30.2")); } protected override Task ExecuteGitCommandAsync(AgentTaskPluginExecutionContext context, string repoRoot, string command, string options, IList output) { return Task.FromResult(0); } protected override Task ExecuteGitCommandAsync(AgentTaskPluginExecutionContext context, string repoRoot, string command, string options, string additionalCommandLine, CancellationToken cancellationToken) { GitCommandCallsOptions.Add($"{repoRoot},{command},{options},{additionalCommandLine}"); if (command == "checkout" && options == "" && this.IsLfsConfigExistsing) { int returnCode = this.IsLfsConfigExistsing ? 0 : 1; return Task.FromResult(returnCode); } return Task.FromResult(0); } protected override Task ExecuteGitCommandAsync(AgentTaskPluginExecutionContext context, string repoRoot, string command, string options, CancellationToken cancellationToken = default(CancellationToken)) { return Task.FromResult(0); } } } ================================================ FILE: src/Test/L0/Plugin/TestGitSourceProvider/MockGitSoureProvider.cs ================================================ using Agent.Plugins.Repository; using System.Collections.Generic; using System.Threading; using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; namespace Test.L0.Plugin.TestGitSourceProvider { public class MockGitSoureProvider : GitSourceProvider { protected override GitCliManager GetCliManager(Dictionary gitEnv = null) { return new MockGitCliManager(); } protected override string GetWISCToken(ServiceEndpoint endpoint, AgentTaskPluginExecutionContext executionContext, CancellationToken cancellationToken) { return "WSICToken"; } public override bool GitLfsSupportUseAuthHeader(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager) { return false; } public override bool GitSupportsConfigEnv(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager) { return false; } public override bool GitSupportsFetchingCommitBySha1Hash(GitCliManager gitCommandManager) { return false; } public override bool GitSupportUseAuthHeader(AgentTaskPluginExecutionContext executionContext, GitCliManager gitCommandManager) { return false; } public override void RequirementCheck(AgentTaskPluginExecutionContext executionContext, RepositoryResource repository, GitCliManager gitCommandManager){ } } } ================================================ FILE: src/Test/L0/Plugin/TestResultParser/EnumerableExtensionL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Linq; using Agent.Plugins.Log.TestResultParser.Plugin; using Xunit; namespace Test.L0.Plugin.TestResultParser { public class EnumerableExtensionL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5394:Do not use insecure randomness")] public void ListShouldBeBatchedAsPerRequestedSize() { const int listSize = 2500; var rnd = new Random(); var randomList = Enumerable.Range(1, listSize).OrderBy(e => rnd.Next()).ToList(); var batchedList = randomList.Batch(1000).ToArray(); Assert.True(batchedList.Length == 3); Assert.True(batchedList[0].Count() == 1000); Assert.True(batchedList[1].Count() == 1000); Assert.True(batchedList[2].Count() == 500); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5394: Do not use insecure randomness")] public void ListShouldBeBatchedIfSizeIsLessThanBatch() { const int listSize = 50; var rnd = new Random(); var randomList = Enumerable.Range(1, listSize).OrderBy(e => rnd.Next()).ToList(); var batchedList = randomList.Batch(100).ToArray(); Assert.True(batchedList.Length == 1); Assert.True(batchedList[0].Count() == 50); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void ListShouldBeBatchedForAnEmptyList() { var rnd = new Random(); var randomList = Enumerable.Empty(); var batchedList = randomList.Batch(100).ToArray(); Assert.True(batchedList.Length == 0); } } } ================================================ FILE: src/Test/L0/Plugin/TestResultParser/LogPreProcessorL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Plugins.Log.TestResultParser.Plugin; using Xunit; namespace Test.L0.Plugin.TestResultParser { public class LogPreProcessorL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void LogPreProcessorRemovesDebugLines() { var logLine = "##[debug]some log line"; Assert.Null(new LogPreProcessor().ProcessData(logLine)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void LogPreProcessorRemovesWarningLines() { var logLine = "##[warning]some log line"; Assert.Null(new LogPreProcessor().ProcessData(logLine)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void LogPreProcessorRemovesCommandLines() { var logLine = "##[command]some log line"; Assert.Null(new LogPreProcessor().ProcessData(logLine)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void LogPreProcessorRemovesSectionLines() { var logLine = "##[section]some log line"; Assert.Null(new LogPreProcessor().ProcessData(logLine)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void LogPreProcessorRemovesErrorPrefixFromErrorLog() { var logLine = "##[error]some log line"; Assert.Equal("some log line", new LogPreProcessor().ProcessData(logLine)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public void LogPreProcessorShouldLeaveInfoLinesIntact() { var logLine = "some log line"; Assert.Equal("some log line", new LogPreProcessor().ProcessData(logLine)); } } } ================================================ FILE: src/Test/L0/Plugin/TestResultParser/PipelineTestRunPublisherL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Agent.Plugins.Log.TestResultParser.Contracts; using Agent.Plugins.Log.TestResultParser.Plugin; using Microsoft.TeamFoundation.TestManagement.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.TestResults.WebApi; using Moq; using Xunit; using TestOutcome = Agent.Plugins.Log.TestResultParser.Contracts.TestOutcome; using TestRun = Agent.Plugins.Log.TestResultParser.Contracts.TestRun; namespace Test.L0.Plugin.TestResultParser { public class PipelineTestRunPublisherL0 { private PipelineConfig _pipelineConfig; public PipelineTestRunPublisherL0() { this._pipelineConfig = new PipelineConfig() { BuildId = 1, Project = new Guid(), StageName = "Stage1", StageAttempt = 1, PhaseName = "Phase1", PhaseAttempt = 1, JobName = "Job1", JobAttempt = 1 }; } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task PipelineTestRunPublisher_PublishTestRun() { var clientFactory = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testClient = new Mock(new Uri("http://dummyurl"), new VssCredentials()); clientFactory.Setup(x => x.GetClient()).Returns(testClient.Object); testClient.Setup(x => x.CreateTestRunAsync(It.IsAny(), It.IsAny(), null, It.IsAny())) .Returns(Task.FromResult(new Microsoft.TeamFoundation.TestManagement.WebApi.TestRun())); testClient.Setup(x => x.AddTestResultsToTestRunAsync(It.IsAny(), It.IsAny(), It.IsAny(), null, It.IsAny())) .Returns(Task.FromResult(new List())); testClient.Setup(x => x.UpdateTestRunAsync(It.IsAny(), It.IsAny(), It.IsAny(), null, It.IsAny())) .Returns(Task.FromResult(new Microsoft.TeamFoundation.TestManagement.WebApi.TestRun())); var publisher = new PipelineTestRunPublisher(clientFactory.Object, this._pipelineConfig, logger.Object, telemetry.Object); await publisher.PublishAsync(new TestRun("FakeTestResultParser/1", "Fake", 1) { PassedTests = new List() { new TestResult() { Name = "pass", Outcome = TestOutcome.Passed } } }); testClient.Verify(x => x.CreateTestRunAsync(It.Is(run => run.Name.Equals("Fake test run 1 - automatically inferred results", StringComparison.OrdinalIgnoreCase) && ValidatePipelineReference(run)), It.IsAny(), null, It.IsAny())); testClient.Verify(x => x.AddTestResultsToTestRunAsync(It.Is(res => res.Length == 1), It.IsAny(), It.IsAny(), null, It.IsAny())); testClient.Verify(x => x.UpdateTestRunAsync(It.Is(run => run.State.Equals("completed", StringComparison.OrdinalIgnoreCase)), It.IsAny(), It.IsAny(), null, It.IsAny())); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task PipelineTestRunPublisher_PublishTestRun_ForBatchedResults() { var clientFactory = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testClient = new Mock(new Uri("http://dummyurl"), new VssCredentials()); clientFactory.Setup(x => x.GetClient()).Returns(testClient.Object); testClient.Setup(x => x.CreateTestRunAsync(It.IsAny(), It.IsAny(), null, It.IsAny())) .Returns(Task.FromResult(new Microsoft.TeamFoundation.TestManagement.WebApi.TestRun())); testClient.SetupSequence(x => x.AddTestResultsToTestRunAsync(It.IsAny(), It.IsAny(), It.IsAny(), null, It.IsAny())) .Returns(Task.FromResult(new List())).Returns(Task.FromResult(new List())); testClient.Setup(x => x.UpdateTestRunAsync(It.IsAny(), It.IsAny(), It.IsAny(), null, It.IsAny())) .Returns(Task.FromResult(new Microsoft.TeamFoundation.TestManagement.WebApi.TestRun())); var publisher = new PipelineTestRunPublisher(clientFactory.Object, this._pipelineConfig, logger.Object, telemetry.Object) { BatchSize = 3 }; await publisher.PublishAsync(new TestRun("FakeTestResultParser/1", "Fake", 1) { PassedTests = new List() { new TestResult() { Name = "pass", Outcome = TestOutcome.Passed }, new TestResult() { Name = "pass", Outcome = TestOutcome.Passed }, new TestResult() { Name = "pass", Outcome = TestOutcome.Passed }, new TestResult() { Name = "pass", Outcome = TestOutcome.Passed } } }); testClient.Verify(x => x.CreateTestRunAsync(It.Is(run => run.Name.Equals("Fake test run 1 - automatically inferred results", StringComparison.OrdinalIgnoreCase)), It.IsAny(), null, It.IsAny())); testClient.Verify(x => x.UpdateTestRunAsync(It.Is(run => run.State.Equals("completed", StringComparison.OrdinalIgnoreCase)), It.IsAny(), It.IsAny(), null, It.IsAny())); testClient.Verify(x => x.AddTestResultsToTestRunAsync(It.Is(res => res.Length == 3), It.IsAny(), It.IsAny(), null, It.IsAny()), Times.Once); testClient.Verify(x => x.AddTestResultsToTestRunAsync(It.Is(res => res.Length == 1), It.IsAny(), It.IsAny(), null, It.IsAny()), Times.Once); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task PipelineTestRunPublisher_PublishTestRun_ValidateTestResults() { var clientFactory = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testClient = new Mock(new Uri("http://dummyurl"), new VssCredentials()); clientFactory.Setup(x => x.GetClient()).Returns(testClient.Object); testClient.Setup(x => x.CreateTestRunAsync(It.IsAny(), It.IsAny(), null, It.IsAny())) .Returns(Task.FromResult(new Microsoft.TeamFoundation.TestManagement.WebApi.TestRun() { Id = 1 })); testClient.Setup(x => x.AddTestResultsToTestRunAsync(It.IsAny(), It.IsAny(), It.IsAny(), null, It.IsAny())) .Returns(Task.FromResult(new List())); testClient.Setup(x => x.UpdateTestRunAsync(It.IsAny(), It.IsAny(), It.IsAny(), null, It.IsAny())) .Returns(Task.FromResult(new Microsoft.TeamFoundation.TestManagement.WebApi.TestRun() { Id = 1 })); var publisher = new PipelineTestRunPublisher(clientFactory.Object, this._pipelineConfig, logger.Object, telemetry.Object); await publisher.PublishAsync(new TestRun("FakeTestResultParser/1", "Fake", 1) { PassedTests = new List() { new TestResult() { Name = "pass", Outcome = TestOutcome.Passed, ExecutionTime = TimeSpan.FromSeconds(2) } }, FailedTests = new List() { new TestResult() { Name = "fail", Outcome = TestOutcome.Failed, StackTrace = "exception", ExecutionTime = TimeSpan.Zero } }, SkippedTests = new List() { new TestResult() { Name = "skip", Outcome = TestOutcome.NotExecuted } }, }); testClient.Verify(x => x.CreateTestRunAsync(It.IsAny(), It.IsAny(), null, It.IsAny())); testClient.Verify(x => x.AddTestResultsToTestRunAsync(It.Is(res => res.Length == 3 && ValidateResult(res[0], TestOutcome.Passed) && ValidateResult(res[1], TestOutcome.Failed) && ValidateResult(res[2], TestOutcome.NotExecuted)), It.IsAny(), It.IsAny(), null, It.IsAny())); testClient.Verify(x => x.UpdateTestRunAsync(It.Is(run => run.State.Equals("completed", StringComparison.OrdinalIgnoreCase)), It.IsAny(), It.IsAny(), null, It.IsAny())); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task PipelineTestRunPublisher_PublishTestRun_EmptyTestResults() { var clientFactory = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var testClient = new Mock(new Uri("http://dummyurl"), new VssCredentials()); clientFactory.Setup(x => x.GetClient()).Returns(testClient.Object); testClient.Setup(x => x.CreateTestRunAsync(It.IsAny(), It.IsAny(), null, It.IsAny())) .Returns(Task.FromResult(new Microsoft.TeamFoundation.TestManagement.WebApi.TestRun() { Id = 1 })); testClient.Setup(x => x.AddTestResultsToTestRunAsync(It.IsAny(), It.IsAny(), It.IsAny(), null, It.IsAny())) .Throws(); testClient.Setup(x => x.UpdateTestRunAsync(It.IsAny(), It.IsAny(), It.IsAny(), null, It.IsAny())) .Returns(Task.FromResult(new Microsoft.TeamFoundation.TestManagement.WebApi.TestRun() { Id = 1 })); var publisher = new PipelineTestRunPublisher(clientFactory.Object, this._pipelineConfig, logger.Object, telemetry.Object); await publisher.PublishAsync(new TestRun("FakeTestResultParser/1", "Fake", 1)); testClient.Verify(x => x.CreateTestRunAsync(It.IsAny(), It.IsAny(), null, It.IsAny())); testClient.Verify(x => x.AddTestResultsToTestRunAsync(It.IsAny(), It.IsAny(), It.IsAny(), null, It.IsAny()), Times.Never); testClient.Verify(x => x.UpdateTestRunAsync(It.Is(run => run.State.Equals("completed", StringComparison.OrdinalIgnoreCase)), It.IsAny(), It.IsAny(), null, It.IsAny())); } private bool ValidateResult(TestCaseResult result, TestOutcome outcome) { switch (outcome) { case TestOutcome.Passed: return result.AutomatedTestName.Equals("pass") && result.TestCaseTitle.Equals("pass") && result.Outcome.Equals("passed", StringComparison.OrdinalIgnoreCase) && result.DurationInMs == TimeSpan.FromSeconds(2).TotalMilliseconds; case TestOutcome.Failed: return result.AutomatedTestName.Equals("fail") && result.TestCaseTitle.Equals("fail") && result.Outcome.Equals("failed", StringComparison.OrdinalIgnoreCase) && result.DurationInMs == TimeSpan.FromSeconds(0).TotalMilliseconds && result.StackTrace.Equals("exception"); case TestOutcome.NotExecuted: return result.AutomatedTestName.Equals("skip") && result.TestCaseTitle.Equals("skip") && result.Outcome.Equals("notexecuted", StringComparison.OrdinalIgnoreCase) && result.DurationInMs == TimeSpan.FromSeconds(0).TotalMilliseconds; } return false; } private bool ValidatePipelineReference(RunCreateModel run) { bool pipelineId = run.PipelineReference.PipelineId.Equals(1); bool stageReference = run.PipelineReference.StageReference.Attempt.Equals(1) && run.PipelineReference.StageReference.StageName.Equals("Stage1"); bool phaseReference = run.PipelineReference.PhaseReference.Attempt.Equals(1) && run.PipelineReference.PhaseReference.PhaseName.Equals("Phase1"); bool jobReference = run.PipelineReference.JobReference.Attempt.Equals(1) && run.PipelineReference.JobReference.JobName.Equals("Job1"); return pipelineId && stageReference && phaseReference && jobReference; } } } ================================================ FILE: src/Test/L0/Plugin/TestResultParser/TestResultLogPluginL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Threading.Tasks; using Agent.Plugins.Log.TestResultParser.Contracts; using Agent.Plugins.Log.TestResultParser.Plugin; using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Moq; using Xunit; using Test.L0.Util; namespace Test.L0.Plugin.TestResultParser { public class TestResultLogPluginL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestResultLogPlugin_DisableIfNotBuildPipeline() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var logParser = new Mock(); var plugin = new TestResultLogPlugin(logParser.Object, logger.Object, telemetry.Object); telemetry.Setup(x => x.PublishCumulativeTelemetryAsync()).Returns(Task.FromResult(TaskResult.Succeeded)); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.hosttype", new VariableValue("release") } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestResultLogPlugin_DisableWhenHostTypeNotSet() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var logParser = new Mock(); var plugin = new TestResultLogPlugin(logParser.Object, logger.Object, telemetry.Object); telemetry.Setup(x => x.PublishCumulativeTelemetryAsync()).Returns(Task.FromResult(TaskResult.Succeeded)); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.hosttype", null } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestResultLogPlugin_DisableWhenServerTypeNotSet() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var logParser = new Mock(); var plugin = new TestResultLogPlugin(logParser.Object, logger.Object, telemetry.Object); telemetry.Setup(x => x.PublishCumulativeTelemetryAsync()).Returns(Task.FromResult(TaskResult.Succeeded)); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.servertype", null } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestResultLogPlugin_DisableIfOnPremPipeline() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var logParser = new Mock(); var plugin = new TestResultLogPlugin(logParser.Object, logger.Object, telemetry.Object); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.hosttype", new VariableValue("build") }, {"system.servertype", new VariableValue("OnPrem") } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestResultLogPlugin_DisableIfPublishTaskPresent() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var logParser = new Mock(); var plugin = new TestResultLogPlugin(logParser.Object, logger.Object, telemetry.Object); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.hosttype", new VariableValue("build") }, {"system.servertype", new VariableValue("Hosted") } }); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("0B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestResultLogPlugin_DisableForInvalidBuildContext() { var agentContext = new Mock(); var logger = new Mock(); var telemetry = new Mock(); var logParser = new Mock(); var plugin = new TestResultLogPlugin(logParser.Object, logger.Object, telemetry.Object); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { {"system.hosttype", new VariableValue("build") }, {"system.servertype", new VariableValue("Hosted") } }); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("1B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestResultLogPlugin_DisableIfExceptionThrown() { var agentContext = new Mock(); var vssConnection = new Mock(new Uri("http://fake"), new VssCredentials()); var logParser = new Mock(); var telemetry = new Mock(); telemetry.Setup(x => x.PublishCumulativeTelemetryAsync()).Returns(Task.FromResult(TaskResult.Succeeded)); agentContext.Setup(x => x.VssConnection).Returns(vssConnection.Object); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("1B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); agentContext.Setup(x => x.Variables).Returns(new Dictionary() { { "system.hosttype", new VariableValue("build") }, { "system.servertype", new VariableValue("Hosted") }, { "build.repository.provider", new VariableValue("GitHub") }, { "build.buildId", new VariableValue("1") } }); logParser.Setup(x => x.InitializeAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Throws(new Exception("some exception")); var plugin = new TestResultLogPlugin(logParser.Object, null, telemetry.Object); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == false); agentContext.Verify(x => x.Output(It.Is(msg => msg.Contains("Unable to initialize TestResultLogParser"))), Times.Once); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestResultLogPlugin_EnableForBuildPipeline() { var agentContext = new Mock(); var vssConnection = new Mock(new Uri("http://fake"), new VssCredentials()); var logParser = new Mock(); var logger = new Mock(); var telemetry = new Mock(); telemetry.Setup(x => x.PublishCumulativeTelemetryAsync()).Returns(Task.FromResult(TaskResult.Succeeded)); telemetry.Setup(x => x.PublishTelemetryAsync(It.IsAny(), It.IsAny>())).Callback>((feature, props) => TelemetryPropsUtil.AssertPipelineData(props)).Returns(Task.FromResult(TaskResult.Succeeded)); agentContext.Setup(x => x.Steps).Returns(new List() { new TaskStepDefinitionReference() { Id = new Guid("1B0F01ED-7DDE-43FF-9CBB-E48954DAF9B1") } }); Dictionary agentContextVariables = new Dictionary() { { "system.hosttype", new VariableValue("build") }, { "system.servertype", new VariableValue("Hosted") }, { "build.repository.provider", new VariableValue("GitHub") }, { "build.buildId", new VariableValue("1") }, { "agent.tempdirectory", new VariableValue("/tmp")}, { "agent.testfilepublisher.pattern", new VariableValue("test-*.xml")}, { "agent.testfilepublisher.searchfolders", new VariableValue("agent.tempdirectory")} }; TelemetryPropsUtil.AddPipelineDataIntoAgentContext(agentContextVariables); agentContext.Setup(x => x.VssConnection).Returns(vssConnection.Object); agentContext.Setup(x => x.Variables).Returns(agentContextVariables); logParser.Setup(x => x.InitializeAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.CompletedTask); var plugin = new TestResultLogPlugin(logParser.Object, logger.Object, telemetry.Object); var result = await plugin.InitializeAsync(agentContext.Object); Assert.True(result == true); } } } ================================================ FILE: src/Test/L0/Plugin/TestResultParser/TestRunManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Threading.Tasks; using Agent.Plugins.Log.TestResultParser.Contracts; using Agent.Plugins.Log.TestResultParser.Plugin; using Moq; using Xunit; using ITestRunPublisher = Agent.Plugins.Log.TestResultParser.Contracts.ITestRunPublisher; namespace Test.L0.Plugin.TestResultParser { public class TestRunManagerL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestRunManager_PublishTestRun() { var logger = new Mock(); var publisher = new Mock(); var telemetry = new Mock(); var runManager = new TestRunManager(publisher.Object, logger.Object, telemetry.Object); var fakeRun = new TestRun("mocha/1", "somename", 1) { TestRunSummary = new TestRunSummary { TotalPassed = 5, TotalSkipped = 1, TotalFailed = 1, TotalExecutionTime = TimeSpan.FromMinutes(1), TotalTests = 7 } }; publisher.Setup(x => x.PublishAsync(It.IsAny())).Returns(Task.FromResult(GetFakePipelineTestRun(fakeRun, 1))); await runManager.PublishAsync(fakeRun); publisher.Verify(x => x.PublishAsync(It.IsAny())); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestRunManager_PublishTestRun_TestRunIsNotValid() { var logger = new Mock(); var publisher = new Mock(); var telemetry = new Mock(); var runManager = new TestRunManager(publisher.Object, logger.Object, telemetry.Object); publisher.Setup(x => x.PublishAsync(It.IsAny())); await runManager.PublishAsync(null); publisher.Verify(x => x.PublishAsync(It.IsAny()), Times.Never()); logger.Verify(x => x.Error(It.IsAny())); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestRunManager_PublishTestRun_TestSummaryIsNotValid() { var logger = new Mock(); var publisher = new Mock(); var telemetry = new Mock(); var runManager = new TestRunManager(publisher.Object, logger.Object, telemetry.Object); publisher.Setup(x => x.PublishAsync(It.IsAny())); await runManager.PublishAsync(new TestRun("fake/1", "somename", 1) { TestRunSummary = null }); publisher.Verify(x => x.PublishAsync(It.IsAny()), Times.Never()); logger.Verify(x => x.Error(It.IsAny())); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestRunManager_PublishTestRun_TestSummaryWithoutTests() { var logger = new Mock(); var publisher = new Mock(); var telemetry = new Mock(); var runManager = new TestRunManager(publisher.Object, logger.Object, telemetry.Object); publisher.Setup(x => x.PublishAsync(It.IsAny())); await runManager.PublishAsync(new TestRun("fake/1", "somename", 1)); publisher.Verify(x => x.PublishAsync(It.IsAny()), Times.Never()); logger.Verify(x => x.Error(It.IsAny())); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestRunManager_PublishTestRun_TotalTestsLessThanActual() { var logger = new Mock(); var publisher = new Mock(); var telemetry = new Mock(); var runManager = new TestRunManager(publisher.Object, logger.Object, telemetry.Object); var fakeRun = new TestRun("fake/1", "somename", 1) { TestRunSummary = new TestRunSummary { TotalPassed = 5, TotalSkipped = 1, TotalFailed = 1, TotalExecutionTime = TimeSpan.FromMinutes(1), TotalTests = 6 } }; publisher.Setup(x => x.PublishAsync(It.IsAny())).Returns(Task.FromResult(GetFakePipelineTestRun(fakeRun, 1))); await runManager.PublishAsync(fakeRun); publisher.Verify(x => x.PublishAsync(It.Is(run => run.TestRunSummary.TotalTests == 7))); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestRunManager_PublishTestRun_SummaryDoesnotMatchTestRun() { var logger = new Mock(); var publisher = new Mock(); var telemetry = new Mock(); var runManager = new TestRunManager(publisher.Object, logger.Object, telemetry.Object); var fakeRun = new TestRun("fake/1", "somename", 1) { TestRunSummary = new TestRunSummary { TotalPassed = 5, TotalFailed = 3, TotalSkipped = 2 }, PassedTests = new List { new TestResult() }, FailedTests = new List { new TestResult() }, SkippedTests = new List { new TestResult() } }; publisher.Setup(x => x.PublishAsync(It.IsAny())).Returns(Task.FromResult(GetFakePipelineTestRun(fakeRun, 1))); await runManager.PublishAsync(fakeRun); publisher.Verify(x => x.PublishAsync(It.Is(run => run.TestRunSummary.TotalTests == 10 && run.PassedTests.Count == 0 && run.FailedTests.Count == 0 && run.SkippedTests.Count == 0 && run.TestRunSummary.TotalPassed == 5 && run.TestRunSummary.TotalFailed == 3 && run.TestRunSummary.TotalSkipped == 2))); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestRunManager_PublishMultipleRuns() { var logger = new Mock(); var publisher = new Mock(); var telemetry = new Mock(); var runManager = new TestRunManager(publisher.Object, logger.Object, telemetry.Object); var fakeRun = new TestRun("mocha/1", "somename", 1) { TestRunSummary = new TestRunSummary { TotalTests = 7 } }; publisher.SetupSequence(x => x.PublishAsync(It.IsAny())).Returns(Task.FromResult(GetFakePipelineTestRun(fakeRun, 1))).Returns(Task.FromResult(GetFakePipelineTestRun(fakeRun, 2))); RunTasks(runManager, fakeRun); await runManager.FinalizeAsync(); publisher.Verify(x => x.PublishAsync(It.IsAny()), Times.Exactly(2)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Plugin")] public async Task TestRunManager_PublishMultipleRunsWithExceptions() { var logger = new Mock(); var publisher = new Mock(); var telemetry = new Mock(); var runManager = new TestRunManager(publisher.Object, logger.Object, telemetry.Object); var fakeRun = new TestRun("mocha/1", "somename", 1) { TestRunSummary = new TestRunSummary { TotalTests = 7 } }; publisher.SetupSequence(x => x.PublishAsync(It.IsAny())) .Returns(Task.FromResult(GetFakePipelineTestRun(fakeRun, 1))) .Returns(Task.FromException(new Exception("some exception "))); RunTasks(runManager, fakeRun); await runManager.FinalizeAsync(); publisher.Verify(x => x.PublishAsync(It.IsAny()), Times.Exactly(2)); logger.Verify(x => x.Error(It.IsAny()), Times.Once()); } private TestRun GetFakePipelineTestRun(TestRun testRun, int TcmRunId) { return new PipelineTestRun(testRun.ParserUri, testRun.RunNamePrefix, testRun.TestRunId, TcmRunId); } private void RunTasks(ITestRunManager runManager, TestRun testRun) { runManager.PublishAsync(testRun); runManager.PublishAsync(testRun); } } } ================================================ FILE: src/Test/L0/ProcessExtensionL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Diagnostics; using System.IO; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class ProcessExtensionL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] public async Task SuccessReadProcessEnv() { // With the latest update coming with macOS 10.5.7+ there are no more any ways to retrieve // information about the environment on the running process with ps utility. // This test should be updated accordingly, disabling it while issue is under investigation using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); string envName = Guid.NewGuid().ToString(); string envValue = Guid.NewGuid().ToString(); Process sleep = null; try { // TODO: this was formerly skipped on Windows - why? using (var processInvoker = new ProcessInvokerWrapper()) { hc.EnqueueInstance(processInvoker); // sleep 15 seconds string sleepCmd = (TestUtil.IsWindows()) ? "powershell" : "sleep"; string sleepArgs = (TestUtil.IsWindows()) ? "-Command \"Start-Sleep -s 15\"" : "15s"; var startInfo = new ProcessStartInfo(sleepCmd, sleepArgs); startInfo.Environment[envName] = envValue; sleep = Process.Start(startInfo); var timeout = Process.GetProcessById(sleep.Id); while (timeout == null) { await Task.Delay(1500); timeout = Process.GetProcessById(sleep.Id); } try { trace.Info($"Read env from {timeout.Id}"); int retries = 5; while (retries >= 0) { try { var value = timeout.GetEnvironmentVariable(hc, envName); Assert.True(string.Equals(value, envValue, StringComparison.OrdinalIgnoreCase), "Expected environment '" + envValue + "' did not match actual '" + value + "'"); break; } catch (Exception) { retries--; if (retries < 0) { throw; } trace.Info($"Unable to get the environment variable, will retry. {retries} retries remaining"); await Task.Delay(2000); } } } catch (Exception ex) { trace.Error(ex); Assert.True(false, "Fail to retrive process environment variable due to exception: " + ex.Message + "\n" + ex.StackTrace); } } } finally { try { sleep?.Kill(); } catch { } } } } } } ================================================ FILE: src/Test/L0/ProcessInvokerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Agent.Sdk.Knob; using System; using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Threading; using System.Threading.Tasks; using Xunit; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.TeamFoundation.Framework.Common; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class ProcessInvokerL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async Task SuccessExitsWithCodeZero() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); Int32 exitCode = -1; using (var processInvoker = new ProcessInvokerWrapper()) { processInvoker.Initialize(hc); exitCode = (TestUtil.IsWindows()) ? await processInvoker.ExecuteAsync("", "cmd.exe", "/c \"dir >nul\"", null, CancellationToken.None) : await processInvoker.ExecuteAsync("", "bash", "-c echo .", null, CancellationToken.None); trace.Info($"Exit Code: {exitCode}"); Assert.Equal(0, exitCode); } } } //Run a process that normally takes 20sec to finish and cancel it. [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] public async Task TestCancel() { const int SecondsToRun = 20; using (TestHostContext hc = new TestHostContext(this)) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = hc.GetTrace(); using (var processInvoker = new ProcessInvokerWrapper()) { processInvoker.Initialize(hc); Stopwatch watch = Stopwatch.StartNew(); Task execTask; if (TestUtil.IsWindows()) { execTask = processInvoker.ExecuteAsync("", "cmd", $"/c waitfor /t {SecondsToRun} pause", null, tokenSource.Token); } else { execTask = processInvoker.ExecuteAsync("", "bash", $"-c \"sleep {SecondsToRun}s\"", null, tokenSource.Token); } await Task.Delay(500); tokenSource.Cancel(); try { await execTask; } catch (OperationCanceledException) { trace.Info("Get expected OperationCanceledException."); } Assert.True(execTask.IsCompleted); Assert.True(!execTask.IsFaulted); Assert.True(execTask.IsCanceled); watch.Stop(); long elapsedSeconds = watch.ElapsedMilliseconds / 1000; // if cancellation fails, then execution time is more than 15 seconds long expectedSeconds = (SecondsToRun * 3) / 4; Assert.True(elapsedSeconds <= expectedSeconds, $"cancellation failed, because task took too long to run. {elapsedSeconds}"); } } } class ProcessInvokerWithOutKillingCancelledTask : ProcessInvoker { public ProcessInvokerWithOutKillingCancelledTask(ITraceWriter trace, bool disableWorkerCommands = false) : base(trace, disableWorkerCommands) { } // override CancelAndKillProcessTree to avoid killing the cancelled task, // so we can test that execution continues protected internal override Task CancelAndKillProcessTree(bool killProcessOnCancel) { return Task.CompletedTask; } } //Run a process that normally takes 20sec to finish and cancel it. [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] public async Task TestCancelEnsureCompletedWhenTaskNotKilled() { const int SecondsToRun = 20; using (TestHostContext hc = new TestHostContext(this)) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = hc.GetTrace(); using (var processInvoker = new ProcessInvokerWithOutKillingCancelledTask(trace, false)) { Stopwatch watch = Stopwatch.StartNew(); Task execTask; const bool continueAfterCancelProcessTreeKillAttempt = true; if (TestUtil.IsWindows()) { execTask = processInvoker.ExecuteAsync("", "cmd", $"/c \"ping 127.0.0.1 -n {SecondsToRun} > nul\"", null, false, null, false, null, false, false, false, continueAfterCancelProcessTreeKillAttempt, tokenSource.Token); } else { execTask = processInvoker.ExecuteAsync("", "bash", $"-c \"sleep {SecondsToRun}s\"", null, false, null, false, null, false, false, false, continueAfterCancelProcessTreeKillAttempt, tokenSource.Token); } await Task.Delay(500); tokenSource.Cancel(); try { await execTask; } catch (OperationCanceledException) { trace.Info("Get expected OperationCanceledException."); } Assert.True(execTask.IsCompleted); Assert.True(!execTask.IsFaulted); Assert.True(execTask.IsCanceled); watch.Stop(); long elapsedSeconds = watch.ElapsedMilliseconds / 1000; // if cancellation fails, then execution time is more than 15 seconds long expectedSeconds = (SecondsToRun * 3) / 4; Assert.True(elapsedSeconds <= expectedSeconds, $"cancellation failed, because task took too long to run. {elapsedSeconds}"); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async Task RedirectSTDINCloseStream() { using (TestHostContext hc = new TestHostContext(this)) using (var redirectSTDIN = new InputQueue()) { Tracing trace = hc.GetTrace(); Int32 exitCode = -1; List stdout = new List(); redirectSTDIN.Enqueue("Single line of STDIN"); using (var cancellationTokenSource = new CancellationTokenSource()) using (var processInvoker = new ProcessInvokerWrapper()) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { stdout.Add(e.Data); }; processInvoker.Initialize(hc); var proc = (TestUtil.IsWindows()) ? processInvoker.ExecuteAsync("", "cmd.exe", "/c more", null, false, null, false, redirectSTDIN, false, false, cancellationTokenSource.Token) : processInvoker.ExecuteAsync("", "bash", "-c \"read input; echo $input; read input; echo $input; read input; echo $input;\"", null, false, null, false, redirectSTDIN, false, false, cancellationTokenSource.Token); redirectSTDIN.Enqueue("More line of STDIN"); redirectSTDIN.Enqueue("More line of STDIN"); await Task.Delay(100); redirectSTDIN.Enqueue("More line of STDIN"); redirectSTDIN.Enqueue("More line of STDIN"); await Task.Delay(100); redirectSTDIN.Enqueue("More line of STDIN"); cancellationTokenSource.CancelAfter(100); try { exitCode = await proc; trace.Info($"Exit Code: {exitCode}"); } catch (Exception ex) { trace.Error(ex); } trace.Info($"STDOUT: {string.Join(Environment.NewLine, stdout)}"); Assert.False(stdout.Contains("More line of STDIN"), "STDIN should be closed after first input line."); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async Task RedirectSTDINKeepStreamOpen() { using (TestHostContext hc = new TestHostContext(this)) using (var redirectSTDIN = new InputQueue()) { Tracing trace = hc.GetTrace(); Int32 exitCode = -1; List stdout = new List(); redirectSTDIN.Enqueue("Single line of STDIN"); using (var cancellationTokenSource = new CancellationTokenSource()) using (var processInvoker = new ProcessInvokerWrapper()) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { stdout.Add(e.Data); }; processInvoker.Initialize(hc); var proc = (TestUtil.IsWindows()) ? processInvoker.ExecuteAsync("", "cmd.exe", "/c more", null, false, null, false, redirectSTDIN, false, true, ProcessInvoker.ContinueAfterCancelProcessTreeKillAttemptDefault, cancellationTokenSource.Token) : processInvoker.ExecuteAsync("", "bash", "-c \"read input; echo $input; read input; echo $input; read input; echo $input;\"", null, false, null, false, redirectSTDIN, false, true, ProcessInvoker.ContinueAfterCancelProcessTreeKillAttemptDefault, cancellationTokenSource.Token); redirectSTDIN.Enqueue("More line of STDIN"); redirectSTDIN.Enqueue("More line of STDIN"); await Task.Delay(100); redirectSTDIN.Enqueue("More line of STDIN"); redirectSTDIN.Enqueue("More line of STDIN"); await Task.Delay(100); redirectSTDIN.Enqueue("More line of STDIN"); cancellationTokenSource.CancelAfter(100); try { exitCode = await proc; trace.Info($"Exit Code: {exitCode}"); } catch (Exception ex) { trace.Error(ex); } trace.Info(StringUtil.Format("STDOUT: {0}", string.Join(Environment.NewLine, stdout))); Assert.True(stdout.Contains("More line of STDIN"), "STDIN should keep open and accept more inputs after first input line."); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "windows")] public async Task OomScoreAdjIsWriten_Default() { // We are on a system that supports oom_score_adj in procfs as assumed by ProcessInvoker string testProcPath = $"/proc/{Process.GetCurrentProcess().Id}/oom_score_adj"; if (File.Exists(testProcPath)) { using (TestHostContext hc = new TestHostContext(this)) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = hc.GetTrace(); using (var processInvoker = new ProcessInvokerWrapper()) { processInvoker.Initialize(hc); int oomScoreAdj = -9999; processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { oomScoreAdj = int.Parse(e.Data); tokenSource.Cancel(); }; try { var proc = await processInvoker.ExecuteAsync("", "bash", "-c \"cat /proc/$$/oom_score_adj\"", null, false, null, false, null, false, false, highPriorityProcess: false, continueAfterCancelProcessTreeKillAttempt: ProcessInvoker.ContinueAfterCancelProcessTreeKillAttemptDefault, cancellationToken: tokenSource.Token); Assert.Equal(oomScoreAdj, 500); } catch (OperationCanceledException) { trace.Info("Caught expected OperationCanceledException"); } } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "windows")] public async Task OomScoreAdjIsWriten_FromEnv() { // We are on a system that supports oom_score_adj in procfs as assumed by ProcessInvoker string testProcPath = $"/proc/{Process.GetCurrentProcess().Id}/oom_score_adj"; if (File.Exists(testProcPath)) { using (TestHostContext hc = new TestHostContext(this)) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = hc.GetTrace(); using (var processInvoker = new ProcessInvokerWrapper()) { processInvoker.Initialize(hc); int oomScoreAdj = -9999; processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { oomScoreAdj = int.Parse(e.Data); tokenSource.Cancel(); }; try { var proc = await processInvoker.ExecuteAsync("", "bash", "-c \"cat /proc/$$/oom_score_adj\"", new Dictionary { { "PIPELINE_JOB_OOMSCOREADJ", "1234" } }, false, null, false, null, false, false, highPriorityProcess: false, continueAfterCancelProcessTreeKillAttempt: ProcessInvoker.ContinueAfterCancelProcessTreeKillAttemptDefault, cancellationToken: tokenSource.Token); Assert.Equal(oomScoreAdj, 1234); } catch (OperationCanceledException) { trace.Info("Caught expected OperationCanceledException"); } } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "windows")] public async Task OomScoreAdjIsInherited() { // We are on a system that supports oom_score_adj in procfs as assumed by ProcessInvoker string testProcPath = $"/proc/{Process.GetCurrentProcess().Id}/oom_score_adj"; if (File.Exists(testProcPath)) { int testProcOomScoreAdj = 123; File.WriteAllText(testProcPath, testProcOomScoreAdj.ToString()); using (TestHostContext hc = new TestHostContext(this)) using (var tokenSource = new CancellationTokenSource()) { Tracing trace = hc.GetTrace(); using (var processInvoker = new ProcessInvokerWrapper()) { processInvoker.Initialize(hc); int oomScoreAdj = -9999; processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { oomScoreAdj = int.Parse(e.Data); tokenSource.Cancel(); }; try { var proc = await processInvoker.ExecuteAsync("", "bash", "-c \"cat /proc/$$/oom_score_adj\"", null, false, null, false, null, false, false, highPriorityProcess: true, continueAfterCancelProcessTreeKillAttempt: ProcessInvoker.ContinueAfterCancelProcessTreeKillAttemptDefault, cancellationToken: tokenSource.Token); Assert.Equal(oomScoreAdj, 123); } catch (OperationCanceledException) { trace.Info("Caught expected OperationCanceledException"); } } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async Task DisableWorkerCommands() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); Int32 exitCode = -1; List stdout = new List(); using (var processInvoker = new ProcessInvokerWrapper()) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { stdout.Add(e.Data); }; processInvoker.DisableWorkerCommands = true; processInvoker.Initialize(hc); exitCode = (TestUtil.IsWindows()) ? await processInvoker.ExecuteAsync("", "powershell.exe", $@"-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ""Write-Host '##vso somecommand'""", null, CancellationToken.None) : await processInvoker.ExecuteAsync("", "bash", "-c \"echo '##vso somecommand'\"", null, CancellationToken.None); trace.Info($"Exit Code: {exitCode}"); Assert.Equal(0, exitCode); Assert.False(stdout.Contains("##vso somecommand"), $"##vso commands should be escaped."); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async Task EnableWorkerCommandsByDefault() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); Int32 exitCode = -1; List stdout = new List(); using (var processInvoker = new ProcessInvokerWrapper()) { processInvoker.OutputDataReceived += (object sender, ProcessDataReceivedEventArgs e) => { stdout.Add(e.Data); }; processInvoker.Initialize(hc); exitCode = (TestUtil.IsWindows()) ? await processInvoker.ExecuteAsync("", "powershell.exe", $@"-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ""Write-Host '##vso somecommand'""", null, CancellationToken.None) : await processInvoker.ExecuteAsync("", "bash", "-c \"echo '##vso somecommand'\"", null, CancellationToken.None); trace.Info($"Exit Code: {exitCode}"); Assert.Equal(0, exitCode); Assert.True(stdout.Contains("##vso somecommand"), "##vso commands should not be escaped."); } } } } } ================================================ FILE: src/Test/L0/ProxyConfigL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System.Collections.Generic; using System.IO; using System.Linq; using System.Text.RegularExpressions; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class ProxyConfigL0 { private static readonly Regex NewHttpClientHandlerRegex = new Regex("New\\s+HttpClientHandler\\s*\\(", RegexOptions.Compiled | RegexOptions.IgnoreCase); private static readonly Regex NewHttpClientRegex = new Regex("New\\s+HttpClient\\s*\\(\\s*\\)", RegexOptions.Compiled | RegexOptions.IgnoreCase); private static readonly List SkippedFiles = new List() { "Microsoft.VisualStudio.Services.Agent\\HostContext.cs", "Microsoft.VisualStudio.Services.Agent/HostContext.cs" }; [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void IsNotUseRawHttpClientHandler() { List sourceFiles = Directory.GetFiles( TestUtil.GetProjectPath("Microsoft.VisualStudio.Services.Agent"), "*.cs", SearchOption.AllDirectories).ToList(); sourceFiles.AddRange(Directory.GetFiles( TestUtil.GetProjectPath("Agent.Listener"), "*.cs", SearchOption.AllDirectories)); sourceFiles.AddRange(Directory.GetFiles( TestUtil.GetProjectPath("Agent.Worker"), "*.cs", SearchOption.AllDirectories)); List badCode = new List(); foreach (string sourceFile in sourceFiles) { // Skip skipped files. if (SkippedFiles.Any(s => sourceFile.Contains(s))) { continue; } // Skip files in the obj directory. if (sourceFile.Contains(StringUtil.Format("{0}obj{0}", Path.DirectorySeparatorChar))) { continue; } int lineCount = 0; foreach (string line in File.ReadAllLines(sourceFile)) { lineCount++; if (NewHttpClientHandlerRegex.IsMatch(line)) { badCode.Add($"{sourceFile} (line {lineCount})"); } } } Assert.True(badCode.Count == 0, $"The following code is using Raw HttpClientHandler() which will not follow the proxy setting agent have. Please use HostContext.CreateHttpClientHandler() instead.\n {string.Join("\n", badCode)}"); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void IsNotUseRawHttpClient() { List sourceFiles = Directory.GetFiles( TestUtil.GetProjectPath("Microsoft.VisualStudio.Services.Agent"), "*.cs", SearchOption.AllDirectories).ToList(); sourceFiles.AddRange(Directory.GetFiles( TestUtil.GetProjectPath("Agent.Listener"), "*.cs", SearchOption.AllDirectories)); sourceFiles.AddRange(Directory.GetFiles( TestUtil.GetProjectPath("Agent.Worker"), "*.cs", SearchOption.AllDirectories)); List badCode = new List(); foreach (string sourceFile in sourceFiles) { // Skip skipped files. if (SkippedFiles.Any(s => sourceFile.Contains(s))) { continue; } // Skip files in the obj directory. if (sourceFile.Contains(StringUtil.Format("{0}obj{0}", Path.DirectorySeparatorChar))) { continue; } int lineCount = 0; foreach (string line in File.ReadAllLines(sourceFile)) { lineCount++; if (NewHttpClientRegex.IsMatch(line)) { badCode.Add($"{sourceFile} (line {lineCount})"); } } } Assert.True(badCode.Count == 0, $"The following code is using Raw HttpClient() which will not follow the proxy setting agent have. Please use New HttpClient(HostContext.CreateHttpClientHandler()) instead.\n {string.Join("\n", badCode)}"); } } } ================================================ FILE: src/Test/L0/SecretMaskerTests/LoggedSecretMaskerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Globalization; using Agent.Sdk.SecretMasking; using Microsoft.Security.Utilities; using Xunit; using Xunit.Abstractions; namespace Microsoft.VisualStudio.Services.Agent.Tests { public class OssLoggedSecretMaskerL0 : LoggedSecretMaskerL0 { private readonly ITestOutputHelper _output; public OssLoggedSecretMaskerL0(ITestOutputHelper output) { _output = output; } protected override ILoggedSecretMasker CreateSecretMasker() { #pragma warning disable CA2000 // Dispose objects before losing scope. LoggedSecretMasker takes ownership. return LoggedSecretMasker.Create(new OssSecretMasker()); #pragma warning restore CA2000 } [Theory] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] [InlineData(0, 1, 1)] [InlineData(1, 0, 1)] [InlineData(1, 1, 1)] [InlineData(10, 5, 3)] [InlineData(10, 20, 5)] public void OssLoggedSecretMasker_TelemetryEnabled_SendsTelemetry(int uniqueCorrelatingIds, int maxUniqueCorrelatingIds, int maxCorrelatingIdsPerEvent) { var pattern = new RegexPattern(id: "TEST001/001", name: "TestPattern", label: "a test", DetectionMetadata.HighEntropy, pattern: "TEST[0-9]+"); using var ossMasker = new OssSecretMasker(new[] { pattern }); using var lsm = LoggedSecretMasker.Create(ossMasker); lsm.StartTelemetry(maxUniqueCorrelatingIds); int charsScanned = 0; int stringsScanned = 0; int totalDetections = 0; var correlatingIds = new string[uniqueCorrelatingIds]; // Although this secret matches a rule, it is added and masked as a // value so we should not report its C3ID nor return more than one // detection. int largeNumber = 99999; string knownSecret = $"TEST{largeNumber}"; string inputWithKnownSecret = $"Known secret added as a value that also matches a rule: {knownSecret}"; // Add the known secret through the wrapper to avoid depending on // the underlying masker instance after Create(). This keeps the // test resilient if Create() ever changes ownership semantics. lsm.AddValue(knownSecret, origin: "test"); lsm.MaskSecrets(inputWithKnownSecret); stringsScanned++; charsScanned += inputWithKnownSecret.Length; totalDetections++; for (int i = 0; i < uniqueCorrelatingIds; i++) { string inputWithSecret = $"Hello TEST{i} World!"; lsm.MaskSecrets(inputWithSecret); lsm.MaskSecrets(inputWithSecret + "x"); string inputWithoutSecret = "Nothing to see here"; lsm.MaskSecrets(inputWithoutSecret); correlatingIds[i] = RegexPattern.GenerateCrossCompanyCorrelatingId($"TEST{i}"); stringsScanned += 3; charsScanned += 2 * inputWithSecret.Length + 1 + inputWithoutSecret.Length; totalDetections += 2; } var correlatingIdsToObserve = new HashSet(correlatingIds); var telemetry = new List<(string Feature, Dictionary Data)>(); lsm.StopAndPublishTelemetry( maxCorrelatingIdsPerEvent, (feature, data) => { _output.WriteLine($"Telemetry Event Received: {feature}"); _output.WriteLine($"Properties: ({data.Count}):"); foreach (var (key, value) in data) { _output.WriteLine($" {key}: {value}"); } _output.WriteLine(""); telemetry.Add((feature, data)); }); int expectedCorrelationEvents = (int)Math.Ceiling((double)uniqueCorrelatingIds / maxCorrelatingIdsPerEvent); int maxCorrelationEvents = (int)Math.Ceiling((double)maxUniqueCorrelatingIds / maxCorrelatingIdsPerEvent); bool maxEventsExceeded = expectedCorrelationEvents > maxCorrelationEvents; if (maxEventsExceeded) { expectedCorrelationEvents = maxCorrelationEvents; } int expectedEvents = expectedCorrelationEvents + 1; // +1 for the overall telemetry event. Assert.Equal(expectedEvents, telemetry.Count); int correlationIdsReceived = 0; for (int i = 0; i < expectedCorrelationEvents; i++) { var correlationTelemetry = telemetry[i]; var correlationData = correlationTelemetry.Data; Assert.Equal(correlationTelemetry.Feature, "SecretMaskerCorrelation"); if (i < expectedCorrelationEvents - 1) { Assert.Equal(maxCorrelatingIdsPerEvent, correlationData.Count); } else { Assert.True(correlationData.Count <= maxCorrelatingIdsPerEvent); } correlationIdsReceived += correlationData.Count; foreach (var (key, value) in correlationData) { Assert.True(correlatingIdsToObserve.Remove(key)); Assert.Equal("TEST001/001.TestPattern", value); } } Assert.Equal(Math.Min(maxUniqueCorrelatingIds, uniqueCorrelatingIds), correlationIdsReceived); if (maxEventsExceeded) { Assert.Equal(uniqueCorrelatingIds - maxUniqueCorrelatingIds, correlatingIdsToObserve.Count); } else { Assert.Equal(0, correlatingIdsToObserve.Count); } var overallTelemetry = telemetry[telemetry.Count - 1]; var overallData = overallTelemetry.Data; Assert.Equal(overallTelemetry.Feature, "SecretMasker"); Assert.Equal(Microsoft.Security.Utilities.SecretMasker.Version.ToString(), overallData["Version"]); Assert.Equal(charsScanned.ToString(CultureInfo.InvariantCulture), overallData["CharsScanned"]); Assert.Equal(stringsScanned.ToString(CultureInfo.InvariantCulture), overallData["StringsScanned"]); Assert.Equal(totalDetections.ToString(CultureInfo.InvariantCulture), overallData["TotalDetections"]); Assert.Equal(correlationIdsReceived.ToString(CultureInfo.InvariantCulture), overallData["UniqueCorrelatingIds"]); Assert.True(0.0 <= double.Parse(overallData["ElapsedMaskingTimeInMilliseconds"], CultureInfo.InvariantCulture)); Assert.Equal(maxEventsExceeded.ToString(CultureInfo.InvariantCulture), overallData["CorrelationDataIsIncomplete"]); } } public class LegacyLoggedSecretMaskerL0 : LoggedSecretMaskerL0 { protected override ILoggedSecretMasker CreateSecretMasker() { #pragma warning disable CA2000 // Dispose objects before losing scope. LoggedSecretMasker takes ownership. return LoggedSecretMasker.Create(new LegacySecretMasker()); #pragma warning restore CA2000 } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void LegacyLoggedSecretMasker_CanUseServerInterface() { using var lsm = CreateSecretMasker(); var secretMasker = (Microsoft.TeamFoundation.DistributedTask.Logging.ISecretMasker)lsm; secretMasker.AddValue("value"); secretMasker.AddRegex("regex[0-9]"); secretMasker.AddValueEncoder(v => v + "-encoded"); Assert.Equal("test *** test", secretMasker.MaskSecrets("test value test")); Assert.Equal("test *** test", secretMasker.MaskSecrets("test regex4 test")); Assert.Equal("test *** test", secretMasker.MaskSecrets("test value-encoded test")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void LegacyLoggedSecretMasker_Clone() { using var secretMasker1 = CreateSecretMasker(); secretMasker1.AddValue("value1", origin: "Test 1"); using var secretMasker2 = (ILoggedSecretMasker)(((Microsoft.TeamFoundation.DistributedTask.Logging.ISecretMasker)secretMasker1).Clone()); secretMasker2.AddValue("value2", origin: "Test 2"); secretMasker1.AddValue("value3", origin: "Test 3"); Assert.Equal("***", secretMasker1.MaskSecrets("value1")); Assert.Equal("value2", secretMasker1.MaskSecrets("value2")); Assert.Equal("***", secretMasker1.MaskSecrets("value3")); Assert.Equal("***", secretMasker2.MaskSecrets("value1")); Assert.Equal("***", secretMasker2.MaskSecrets("value2")); Assert.Equal("value3", secretMasker2.MaskSecrets("value3")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void LegacyLoggedSecretMasker_TelemetryEnabled_Ignored() { using var lsm = CreateSecretMasker(); lsm.StartTelemetry(maxUniqueCorrelatingIds: 1); // no-op: legacy VSO masker does not support telemetry. lsm.StopAndPublishTelemetry(maxCorrelatingIdsPerEvent: 1, (_, _) => Assert.True(false, "This should not be called.")); } } public abstract class LoggedSecretMaskerL0 { protected abstract ILoggedSecretMasker CreateSecretMasker(); [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void LoggedSecretMasker_TelemetryDisabled_DoesNotPublish() { using var lsm = CreateSecretMasker(); lsm.StopAndPublishTelemetry(maxCorrelatingIdsPerEvent: 1, (_, _) => Assert.True(false, "This should not be called.")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void LoggedSecretMasker_MaskingSecrets() { using var lsm = CreateSecretMasker(); lsm.MinSecretLength = 0; var inputMessage = "123"; lsm.AddValue("1", origin: "Test"); var resultMessage = lsm.MaskSecrets(inputMessage); Assert.Equal("***23", resultMessage); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void LoggedSecretMasker_ShortSecret_Removes_From_Dictionary() { using var lsm = CreateSecretMasker(); lsm.MinSecretLength = 0; var inputMessage = "123"; lsm.AddValue("1", origin: "Test"); lsm.MinSecretLength = 4; lsm.RemoveShortSecretsFromDictionary(); var resultMessage = lsm.MaskSecrets(inputMessage); Assert.Equal(inputMessage, resultMessage); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void LoggedSecretMasker_ShortSecret_Removes_From_Dictionary_BoundaryValue() { using var lsm = CreateSecretMasker(); lsm.MinSecretLength = LoggedSecretMasker.MinSecretLengthLimit; var inputMessage = "1234567"; lsm.AddValue("12345", origin: "Test"); var resultMessage = lsm.MaskSecrets(inputMessage); Assert.Equal("1234567", resultMessage); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void LoggedSecretMasker_ShortSecret_Removes_From_Dictionary_BoundaryValue2() { using var lsm = CreateSecretMasker(); lsm.MinSecretLength = LoggedSecretMasker.MinSecretLengthLimit; var inputMessage = "1234567"; lsm.AddValue("123456", origin: "Test"); var resultMessage = lsm.MaskSecrets(inputMessage); Assert.Equal("***7", resultMessage); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void LoggedSecretMasker_Skipping_ShortSecrets() { using var lsm = CreateSecretMasker(); lsm.MinSecretLength = 3; lsm.AddValue("1", origin: "Test"); var resultMessage = lsm.MaskSecrets(@"123"); Assert.Equal("123", resultMessage); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void LoggedSecretMasker_Sets_MinSecretLength_To_MaxValue() { using var lsm = CreateSecretMasker(); var expectedMinSecretsLengthValue = LoggedSecretMasker.MinSecretLengthLimit; lsm.MinSecretLength = LoggedSecretMasker.MinSecretLengthLimit + 1; Assert.Equal(expectedMinSecretsLengthValue, lsm.MinSecretLength); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void LoggedSecretMasker_NegativeValue_Passed() { using var lsm = CreateSecretMasker(); lsm.MinSecretLength = -2; var inputMessage = "12345"; lsm.AddValue("1", origin: "Test"); var resultMessage = lsm.MaskSecrets(inputMessage); Assert.Equal("***2345", resultMessage); } } } ================================================ FILE: src/Test/L0/SecretMaskerTests/SecretMaskerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Sdk.SecretMasking; using Microsoft.TeamFoundation.DistributedTask.Logging; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class LegacySecretMaskerL0 : SecretMaskerL0 { protected override IRawSecretMasker CreateSecretMasker() { var testSecretMasker = new LegacySecretMasker(); testSecretMasker.AddRegex(AdditionalMaskingRegexes.UrlSecretPattern); return testSecretMasker; } // NOTE: Clone is not supported by OssSecretMasker. [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void LegacySecretMaskerTests_Clone() { // Setup masker 1 using var secretMasker1 = (LegacySecretMasker)CreateSecretMasker(); secretMasker1.AddRegex("masker-1-regex-1_*"); secretMasker1.AddRegex("masker-1-regex-2_*"); secretMasker1.AddValue("masker-1-value-1_"); secretMasker1.AddValue("masker-1-value-2_"); secretMasker1.AddValueEncoder(x => x.Replace("_", "_masker-1-encoder-1")); secretMasker1.AddValueEncoder(x => x.Replace("_", "_masker-1-encoder-2")); // Copy and add to masker 2. using var secretMasker2 = secretMasker1.Clone(); secretMasker2.AddRegex("masker-2-regex-1_*"); secretMasker2.AddValue("masker-2-value-1_"); secretMasker2.AddValueEncoder(x => x.Replace("_", "_masker-2-encoder-1")); // Add to masker 1. secretMasker1.AddRegex("masker-1-regex-3_*"); secretMasker1.AddValue("masker-1-value-3_"); secretMasker1.AddValueEncoder(x => x.Replace("_", "_masker-1-encoder-3")); // Assert masker 1 values. Assert.Equal("***", secretMasker1.MaskSecrets("masker-1-regex-1___")); // original regex Assert.Equal("***", secretMasker1.MaskSecrets("masker-1-regex-2___")); // original regex Assert.Equal("***", secretMasker1.MaskSecrets("masker-1-regex-3___")); // new regex Assert.Equal("***", secretMasker1.MaskSecrets("masker-1-value-1_")); // original value Assert.Equal("***", secretMasker1.MaskSecrets("masker-1-value-2_")); // original value Assert.Equal("***", secretMasker1.MaskSecrets("masker-1-value-3_")); // new value Assert.Equal("***", secretMasker1.MaskSecrets("masker-1-value-1_masker-1-encoder-1")); // original value, original encoder Assert.Equal("***", secretMasker1.MaskSecrets("masker-1-value-1_masker-1-encoder-2")); // original value, original encoder Assert.Equal("***", secretMasker1.MaskSecrets("masker-1-value-1_masker-1-encoder-3")); // original value, new encoder Assert.Equal("***", secretMasker1.MaskSecrets("masker-1-value-3_masker-1-encoder-1")); // new value, original encoder Assert.Equal("***", secretMasker1.MaskSecrets("masker-1-value-3_masker-1-encoder-2")); // new value, original encoder Assert.Equal("***", secretMasker1.MaskSecrets("masker-1-value-3_masker-1-encoder-3")); // new value, new encoder Assert.Equal("masker-2-regex-1___", secretMasker1.MaskSecrets("masker-2-regex-1___")); // separate regex storage from copy Assert.Equal("masker-2-value-1_", secretMasker1.MaskSecrets("masker-2-value-1_")); // separate value storage from copy Assert.Equal("***masker-2-encoder-1", secretMasker1.MaskSecrets("masker-1-value-1_masker-2-encoder-1")); // separate encoder storage from copy // Assert masker 2 values. Assert.Equal("***", secretMasker2.MaskSecrets("masker-1-regex-1___")); // copied regex Assert.Equal("***", secretMasker2.MaskSecrets("masker-1-regex-2___")); // copied regex Assert.Equal("***", secretMasker2.MaskSecrets("masker-2-regex-1___")); // new regex Assert.Equal("***", secretMasker2.MaskSecrets("masker-1-value-1_")); // copied value Assert.Equal("***", secretMasker2.MaskSecrets("masker-1-value-2_")); // copied value Assert.Equal("***", secretMasker2.MaskSecrets("masker-2-value-1_")); // new value Assert.Equal("***", secretMasker2.MaskSecrets("masker-1-value-1_masker-1-encoder-1")); // copied value, copied encoder Assert.Equal("***", secretMasker2.MaskSecrets("masker-1-value-1_masker-1-encoder-2")); // copied value, copied encoder Assert.Equal("***", secretMasker2.MaskSecrets("masker-1-value-1_masker-2-encoder-1")); // copied value, new encoder Assert.Equal("***", secretMasker2.MaskSecrets("masker-2-value-1_masker-1-encoder-1")); // new value, copied encoder Assert.Equal("***", secretMasker2.MaskSecrets("masker-2-value-1_masker-1-encoder-2")); // new value, copied encoder Assert.Equal("***", secretMasker2.MaskSecrets("masker-2-value-1_masker-2-encoder-1")); // new value, new encoder Assert.Equal("masker-1-regex-3___", secretMasker2.MaskSecrets("masker-1-regex-3___")); // separate regex storage from original Assert.Equal("masker-1-value-3_", secretMasker2.MaskSecrets("masker-1-value-3_")); // separate value storage from original Assert.Equal("***masker-1-encoder-3", secretMasker2.MaskSecrets("masker-1-value-1_masker-1-encoder-3")); // separate encoder storage from original } } public sealed class OssSecretMaskerL0 : SecretMaskerL0 { protected override IRawSecretMasker CreateSecretMasker() { var testSecretMasker = new OssSecretMasker(); testSecretMasker.AddRegex(AdditionalMaskingRegexes.UrlSecretPattern); return testSecretMasker; } } public abstract class SecretMaskerL0 { protected abstract IRawSecretMasker CreateSecretMasker(); [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void IsSimpleUrlNotMasked() { using var testSecretMasker = CreateSecretMasker(); Assert.Equal( "https://simpledomain@example.com", testSecretMasker.MaskSecrets("https://simpledomain@example.com")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void IsComplexUrlNotMasked() { using var testSecretMasker = CreateSecretMasker(); Assert.Equal( "https://url.com:443/~user/foo=bar+42-18?what=this.is.an.example....~~many@¶m=value", testSecretMasker.MaskSecrets("https://url.com:443/~user/foo=bar+42-18?what=this.is.an.example....~~many@¶m=value")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void IsUserInfoMaskedCorrectly() { using var testSecretMasker = CreateSecretMasker(); Assert.Equal( "https://user:***@example.com", testSecretMasker.MaskSecrets("https://user:pass@example.com")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void IsUserInfoWithSpecialCharactersMaskedCorrectly() { using var testSecretMasker = CreateSecretMasker(); Assert.Equal( "https://user:***@example.com", testSecretMasker.MaskSecrets(@"https://user:pass4';.!&*()=,$-+~@example.com")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void IsUserInfoWithDigitsInNameMaskedCorrectly() { using var testSecretMasker = CreateSecretMasker(); Assert.Equal( "https://username123:***@example.com", testSecretMasker.MaskSecrets(@"https://username123:password@example.com")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void IsUserInfoWithLongPasswordAndNameMaskedCorrectly() { using var testSecretMasker = CreateSecretMasker(); Assert.Equal( "https://username_loooooooooooooooooooooooooooooooooooooooooong:***@example.com", testSecretMasker.MaskSecrets(@"https://username_loooooooooooooooooooooooooooooooooooooooooong:password_looooooooooooooooooooooooooooooooooooooooooooooooong@example.com")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void IsUserInfoWithEncodedCharactersdInNameMaskedCorrectly() { using var testSecretMasker = CreateSecretMasker(); Assert.Equal( "https://username%10%A3%F6:***@example.com", testSecretMasker.MaskSecrets(@"https://username%10%A3%F6:password123@example.com")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void IsUserInfoWithEncodedAndEscapedCharactersdInNameMaskedCorrectly() { using var testSecretMasker = CreateSecretMasker(); Assert.Equal( "https://username%AZP2510%AZP25A3%AZP25F6:***@example.com", testSecretMasker.MaskSecrets(@"https://username%AZP2510%AZP25A3%AZP25F6:password123@example.com")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_Encoder() { // Add encoder before values. using var secretMasker = CreateSecretMasker(); secretMasker.AddValueEncoder(x => x.Replace("-", "_")); secretMasker.AddValueEncoder(x => x.Replace("-", " ")); secretMasker.AddValue("value-1"); secretMasker.AddValue("value-2"); Assert.Equal("***", secretMasker.MaskSecrets("value-1")); Assert.Equal("***", secretMasker.MaskSecrets("value_1")); Assert.Equal("***", secretMasker.MaskSecrets("value 1")); Assert.Equal("***", secretMasker.MaskSecrets("value-2")); Assert.Equal("***", secretMasker.MaskSecrets("value_2")); Assert.Equal("***", secretMasker.MaskSecrets("value 2")); Assert.Equal("value-3", secretMasker.MaskSecrets("value-3")); // Add values after encoders. secretMasker.AddValue("value-3"); Assert.Equal("***", secretMasker.MaskSecrets("value-3")); Assert.Equal("***", secretMasker.MaskSecrets("value_3")); Assert.Equal("***", secretMasker.MaskSecrets("value 3")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_Encoder_JsonStringEscape() { using var secretMasker = CreateSecretMasker(); secretMasker.AddValueEncoder(ValueEncoders.JsonStringEscape); secretMasker.AddValue("carriage-return\r_newline\n_tab\t_backslash\\_double-quote\""); Assert.Equal("***", secretMasker.MaskSecrets("carriage-return\r_newline\n_tab\t_backslash\\_double-quote\"")); Assert.Equal("***", secretMasker.MaskSecrets("carriage-return\\r_newline\\n_tab\\t_backslash\\\\_double-quote\\\"")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_Encoder_BackslashEscape() { using var secretMasker = CreateSecretMasker(); secretMasker.AddValueEncoder(ValueEncoders.BackslashEscape); secretMasker.AddValue(@"abc\\def\'\""ghi\t"); Assert.Equal("***", secretMasker.MaskSecrets(@"abc\\def\'\""ghi\t")); Assert.Equal("***", secretMasker.MaskSecrets(@"abc\def'""ghi" + "\t")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_Encoder_UriDataEscape() { using var secretMasker = CreateSecretMasker(); secretMasker.AddValueEncoder(ValueEncoders.UriDataEscape); secretMasker.AddValue("hello world"); Assert.Equal("***", secretMasker.MaskSecrets("hello world")); Assert.Equal("***", secretMasker.MaskSecrets("hello%20world")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_Encoder_UriDataEscape_LargeString() { // Uri.EscapeDataString cannot receive a string longer than 65519 characters. // For unit testing we call a different overload with a smaller segment size (improve unit test speed). Func encoder = x => ValueEncoders.UriDataEscape(x); using (var secretMasker = CreateSecretMasker()) { secretMasker.AddValueEncoder(encoder); var value = String.Empty.PadRight(1, ' '); secretMasker.AddValue(value); Assert.Equal("***", secretMasker.MaskSecrets(value)); Assert.Equal("***", secretMasker.MaskSecrets(value.Replace(" ", "%20"))); } using (var secretMasker = CreateSecretMasker()) { secretMasker.AddValueEncoder(encoder); var value = String.Empty.PadRight(2, ' '); secretMasker.AddValue(value); Assert.Equal("***", secretMasker.MaskSecrets(value)); Assert.Equal("***", secretMasker.MaskSecrets(value.Replace(" ", "%20"))); } using (var secretMasker = CreateSecretMasker()) { secretMasker.AddValueEncoder(encoder); var value = String.Empty.PadRight(3, ' '); secretMasker.AddValue(value); Assert.Equal("***", secretMasker.MaskSecrets(value)); Assert.Equal("***", secretMasker.MaskSecrets(value.Replace(" ", "%20"))); } using (var secretMasker = CreateSecretMasker()) { secretMasker.AddValueEncoder(encoder); var value = String.Empty.PadRight(4, ' '); secretMasker.AddValue(value); Assert.Equal("***", secretMasker.MaskSecrets(value)); Assert.Equal("***", secretMasker.MaskSecrets(value.Replace(" ", "%20"))); } using (var secretMasker = CreateSecretMasker()) { secretMasker.AddValueEncoder(encoder); var value = String.Empty.PadRight(5, ' '); secretMasker.AddValue(value); Assert.Equal("***", secretMasker.MaskSecrets(value)); Assert.Equal("***", secretMasker.MaskSecrets(value.Replace(" ", "%20"))); } using (var secretMasker = CreateSecretMasker()) { secretMasker.AddValueEncoder(encoder); var value = String.Empty.PadRight(5, ' '); secretMasker.AddValue(value); Assert.Equal("***", secretMasker.MaskSecrets(value)); Assert.Equal("***", secretMasker.MaskSecrets(value.Replace(" ", "%20"))); } using (var secretMasker = CreateSecretMasker()) { secretMasker.AddValueEncoder(encoder); var value = String.Empty.PadRight(6, ' '); secretMasker.AddValue(value); Assert.Equal("***", secretMasker.MaskSecrets(value)); Assert.Equal("***", secretMasker.MaskSecrets(value.Replace(" ", "%20"))); } using (var secretMasker = CreateSecretMasker()) { secretMasker.AddValueEncoder(encoder); var value = String.Empty.PadRight(7, ' '); secretMasker.AddValue(value); Assert.Equal("***", secretMasker.MaskSecrets(value)); Assert.Equal("***", secretMasker.MaskSecrets(value.Replace(" ", "%20"))); } using (var secretMasker = CreateSecretMasker()) { secretMasker.AddValueEncoder(encoder); var value = "𐐷𐐷𐐷𐐷"; // surrogate pair secretMasker.AddValue(value); Assert.Equal("***", secretMasker.MaskSecrets(value)); } using (var secretMasker = CreateSecretMasker()) { secretMasker.AddValueEncoder(encoder); var value = " 𐐷𐐷𐐷𐐷"; // shift by one non-surrogate character to ensure surrogate across segment boundary handled correctly secretMasker.AddValue(value); Assert.Equal("***", secretMasker.MaskSecrets(value)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_HandlesEmptyInput() { using var secretMasker = CreateSecretMasker(); secretMasker.AddValue("abcd"); var result = secretMasker.MaskSecrets(null); Assert.Equal(string.Empty, result); result = secretMasker.MaskSecrets(string.Empty); Assert.Equal(string.Empty, result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_HandlesNoMasks() { using var secretMasker = CreateSecretMasker(); var expected = "abcdefg"; var actual = secretMasker.MaskSecrets(expected); Assert.Equal(expected, actual); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_ReplacesValue() { using var secretMasker = CreateSecretMasker(); secretMasker.AddValue("def"); var input = "abcdefg"; var result = secretMasker.MaskSecrets(input); Assert.Equal("abc***g", result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_ReplacesMultipleInstances() { using var secretMasker = CreateSecretMasker(); secretMasker.AddValue("def"); var input = "abcdefgdef"; var result = secretMasker.MaskSecrets(input); Assert.Equal("abc***g***", result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_ReplacesMultipleAdjacentInstances() { using var secretMasker = CreateSecretMasker(); secretMasker.AddValue("abc"); var input = "abcabcdef"; var result = secretMasker.MaskSecrets(input); Assert.Equal("***def", result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_ReplacesMultipleSecrets() { using var secretMasker = CreateSecretMasker(); secretMasker.AddValue("bcd"); secretMasker.AddValue("fgh"); var input = "abcdefghi"; var result = secretMasker.MaskSecrets(input); Assert.Equal("a***e***i", result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_ReplacesOverlappingSecrets() { using var secretMasker = CreateSecretMasker(); secretMasker.AddValue("def"); secretMasker.AddValue("bcd"); var input = "abcdefg"; var result = secretMasker.MaskSecrets(input); // a naive replacement would replace "def" first, and never find "bcd", resulting in "abc***g" // or it would replace "bcd" first, and never find "def", resulting in "a***efg" Assert.Equal("a***g", result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_ReplacesAdjacentSecrets() { using var secretMasker = CreateSecretMasker(); secretMasker.AddValue("efg"); secretMasker.AddValue("bcd"); var input = "abcdefgh"; var result = secretMasker.MaskSecrets(input); // two adjacent secrets are basically one big secret Assert.Equal("a***h", result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_MinLengthSetThroughConstructor() { using var secretMasker = CreateSecretMasker(); secretMasker.MinSecretLength = 9; secretMasker.AddValue("efg"); secretMasker.AddValue("bcd"); var input = "abcdefgh"; var result = secretMasker.MaskSecrets(input); // two adjacent secrets are basically one big secret Assert.Equal("abcdefgh", result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_MinLengthSetThroughProperty() { using var secretMasker = CreateSecretMasker(); secretMasker.MinSecretLength = 9; secretMasker.AddValue("efg"); secretMasker.AddValue("bcd"); var input = "abcdefgh"; var result = secretMasker.MaskSecrets(input); // two adjacent secrets are basically one big secret Assert.Equal("abcdefgh", result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_MinLengthSetThroughPropertySetTwice() { using var secretMasker = CreateSecretMasker(); var minSecretLenFirst = 9; secretMasker.MinSecretLength = minSecretLenFirst; var minSecretLenSecond = 2; secretMasker.MinSecretLength = minSecretLenSecond; Assert.Equal(secretMasker.MinSecretLength, minSecretLenSecond); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_NegativeMinSecretLengthSet() { using var secretMasker = CreateSecretMasker(); secretMasker.MinSecretLength = -3; secretMasker.AddValue("efg"); secretMasker.AddValue("bcd"); var input = "abcdefgh"; var result = secretMasker.MaskSecrets(input); Assert.Equal("a***h", result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_RemoveShortSecrets() { using var secretMasker = CreateSecretMasker(); secretMasker.MinSecretLength = 3; secretMasker.AddValue("efg"); secretMasker.AddValue("bcd"); var input = "abcdefgh"; var result = secretMasker.MaskSecrets(input); Assert.Equal("a***h", result); secretMasker.MinSecretLength = 4; secretMasker.RemoveShortSecretsFromDictionary(); var result2 = secretMasker.MaskSecrets(input); Assert.Equal(input, result2); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_RemoveShortSecretsBoundaryValues() { using var secretMasker = CreateSecretMasker(); secretMasker.MinSecretLength = 0; secretMasker.AddValue("bc"); secretMasker.AddValue("defg"); secretMasker.AddValue("h12"); var input = "abcdefgh123"; var result = secretMasker.MaskSecrets(input); Assert.Equal("a***3", result); secretMasker.MinSecretLength = 3; secretMasker.RemoveShortSecretsFromDictionary(); var result2 = secretMasker.MaskSecrets(input); Assert.Equal("abc***3", result2); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_RemoveShortRegexes() { using var secretMasker = CreateSecretMasker(); secretMasker.MinSecretLength = 0; secretMasker.AddRegex("bc"); secretMasker.AddRegex("defg"); secretMasker.AddRegex("h12"); secretMasker.MinSecretLength = 3; secretMasker.RemoveShortSecretsFromDictionary(); var input = "abcdefgh123"; var result = secretMasker.MaskSecrets(input); Assert.Equal("abc***3", result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_RemoveEncodedSecrets() { using var secretMasker = CreateSecretMasker(); secretMasker.MinSecretLength = 0; secretMasker.AddValue("1"); secretMasker.AddValue("2"); secretMasker.AddValue("3"); secretMasker.AddValueEncoder(x => x.Replace("1", "123")); secretMasker.AddValueEncoder(x => x.Replace("2", "45")); secretMasker.AddValueEncoder(x => x.Replace("3", "6789")); secretMasker.MinSecretLength = 3; secretMasker.RemoveShortSecretsFromDictionary(); var input = "123456789"; var result = secretMasker.MaskSecrets(input); Assert.Equal("***45***", result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "SecretMasker")] public void SecretMaskerTests_NotAddShortEncodedSecrets() { using var secretMasker = CreateSecretMasker(); secretMasker.MinSecretLength = 3; secretMasker.AddValueEncoder(x => x.Replace("123", "ab")); secretMasker.AddValue("123"); secretMasker.AddValue("345"); secretMasker.AddValueEncoder(x => x.Replace("345", "cd")); var input = "ab123cd345"; var result = secretMasker.MaskSecrets(input); Assert.Equal("ab***cd***", result); } } } ================================================ FILE: src/Test/L0/ServiceInterfacesL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Listener; using Microsoft.VisualStudio.Services.Agent.Blob; using Microsoft.VisualStudio.Services.Agent.Capabilities; using Microsoft.VisualStudio.Services.Agent.Listener.Configuration; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; using Microsoft.VisualStudio.Services.Agent.Worker.Release; using Microsoft.VisualStudio.Services.Agent.Worker.TestResults; using Microsoft.VisualStudio.Services.Agent.Worker.LegacyTestResults; using System; using System.Collections.Generic; using System.Linq; using System.Reflection; using Xunit; using Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine; using Microsoft.VisualStudio.Services.Agent.Worker.Maintenance; using Microsoft.VisualStudio.Services.Agent.Listener.Diagnostics; using Microsoft.VisualStudio.Services.Agent.Worker.NodeVersionStrategies; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class ServiceInterfacesL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Agent")] public void AgentInterfacesSpecifyDefaultImplementation() { // Validate all interfaces in the Listener assembly define a valid service locator attribute. // Otherwise, the interface needs to whitelisted. var whitelist = new[] { typeof(ICredentialProvider), typeof(IConfigurationProvider), typeof(IDiagnosticInfo), typeof(IDiagnosticTest) }; Validate( assembly: typeof(IMessageListener).GetTypeInfo().Assembly, whitelist: whitelist); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CommonInterfacesSpecifyDefaultImplementation() { // Validate all interfaces in the Common assembly define a valid service locator attribute. // Otherwise, the interface needs to whitelisted. var whitelist = new[] { typeof(IAgentService), typeof(ICredentialProvider), typeof(IExtension), typeof(IHostContext), typeof(ITraceManager), typeof(IThrottlingReporter), typeof(ICapabilitiesProvider), typeof(IDedupRecord), typeof(ICorrelationContext) // Marker interface for correlation ID providers, not a service }; Validate( assembly: typeof(IHostContext).GetTypeInfo().Assembly, whitelist: whitelist); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void WorkerInterfacesSpecifyDefaultImplementation() { // Validate all interfaces in the Worker assembly define a valid service locator attribute. // Otherwise, the interface needs to whitelisted. var whitelist = new[] { typeof(IArtifactDetails), typeof(IArtifactExtension), typeof(ICodeCoverageSummaryReader), typeof(IExecutionContext), typeof(IHandler), typeof(IJobExtension), typeof(ISourceProvider), typeof(IStep), typeof(IStepHost), typeof(ITfsVCMapping), typeof(ITfsVCPendingChange), typeof(ITfsVCShelveset), typeof(ITfsVCStatus), typeof(ITfsVCWorkspace), typeof(IWorkerCommandExtension), typeof(IContainerProvider), typeof(IMaintenanceServiceProvider), typeof(IDiagnosticLogManager), typeof(IParser), typeof(IResultReader), typeof(INUnitResultsXmlReader), typeof(IWorkerCommand), typeof(ITaskRestrictionsChecker), typeof(IRetryOptions), typeof(INodeVersionStrategy) }; Validate( assembly: typeof(IStepsRunner).GetTypeInfo().Assembly, whitelist: whitelist); } private static void Validate(Assembly assembly, params Type[] whitelist) { // Iterate over all non-whitelisted interfaces contained within the assembly. IDictionary w = whitelist.ToDictionary(x => x.GetTypeInfo()); foreach (TypeInfo interfaceTypeInfo in assembly.DefinedTypes.Where(x => x.IsInterface && !w.ContainsKey(x))) { // Temporary hack due to shared code copied in two places. if (interfaceTypeInfo.FullName.StartsWith("Microsoft.TeamFoundation.DistributedTask")) { continue; } if (interfaceTypeInfo.FullName.Contains("IConverter")) { continue; } // Assert the ServiceLocatorAttribute is defined on the interface. CustomAttributeData attribute = interfaceTypeInfo .CustomAttributes .SingleOrDefault(x => x.AttributeType == typeof(ServiceLocatorAttribute)); Assert.True(attribute != null, $"Missing {nameof(ServiceLocatorAttribute)} for interface '{interfaceTypeInfo.FullName}'. Add the attribute to the interface or whitelist the interface in the test."); // Assert the interface is mapped to a concrete type. // Also check platform-specific interfaces if they exist foreach (string argName in new string[] { nameof(ServiceLocatorAttribute.Default), nameof(ServiceLocatorAttribute.PreferredOnWindows), nameof(ServiceLocatorAttribute.PreferredOnMacOS), nameof(ServiceLocatorAttribute.PreferredOnLinux), }) { CustomAttributeNamedArgument arg = attribute .NamedArguments .SingleOrDefault(x => String.Equals(x.MemberName, argName, StringComparison.Ordinal)); if (arg.TypedValue.Value is null && !argName.Equals(nameof(ServiceLocatorAttribute.Default))) { // a non-"Default" attribute isn't present, which is OK continue; } Type concreteType = arg.TypedValue.Value as Type; string invalidConcreteTypeMessage = $"Invalid {argName} parameter on {nameof(ServiceLocatorAttribute)} for the interface '{interfaceTypeInfo.FullName}'. The implementation must not be null, must not be an interface, must be a class, and must implement the interface '{interfaceTypeInfo.FullName}'."; Assert.True(concreteType != null, invalidConcreteTypeMessage); TypeInfo concreteTypeInfo = concreteType.GetTypeInfo(); Assert.False(concreteTypeInfo.IsInterface, invalidConcreteTypeMessage); Assert.True(concreteTypeInfo.IsClass, invalidConcreteTypeMessage); Assert.True(concreteTypeInfo.ImplementedInterfaces.Any(x => x.GetTypeInfo() == interfaceTypeInfo), invalidConcreteTypeMessage); } } } } } ================================================ FILE: src/Test/L0/TestHostContext.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.Globalization; using System.IO; using System.Runtime.CompilerServices; using System.Threading; using System.Threading.Tasks; using System.Runtime.Loader; using System.Reflection; using Microsoft.TeamFoundation.DistributedTask.Logging; using Microsoft.TeamFoundation.DistributedTask.WebApi; using System.Net.Http.Headers; using Agent.Sdk; using Agent.Sdk.Knob; using Agent.Sdk.SecretMasking; using Moq; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class TestHostContext : IHostContext, IDisposable { private readonly ConcurrentDictionary> _serviceInstances = new ConcurrentDictionary>(); private readonly ConcurrentDictionary _serviceSingletons = new ConcurrentDictionary(); private readonly ITraceManager _traceManager; private readonly Terminal _term; private readonly ILoggedSecretMasker _secretMasker; private readonly ICorrelationContextManager _correlationContextManager; private CancellationTokenSource _agentShutdownTokenSource = new CancellationTokenSource(); private CancellationTokenSource _workerShutdownForTimeoutTokenSource = new CancellationTokenSource(); private string _suiteName; private string _testName; private Tracing _trace; private AssemblyLoadContext _loadContext; private string _tempDirectoryRoot = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString("D")); public bool UseRealDelays { get; set; } = false; // Default: skip delays for speed public List CapturedDelays { get; private set; } = new List(); private StartupType _startupType; public event EventHandler Unloading; public CancellationToken AgentShutdownToken => _agentShutdownTokenSource.Token; public CancellationToken WorkerShutdownForTimeout => _workerShutdownForTimeoutTokenSource.Token; public ShutdownReason AgentShutdownReason { get; private set; } public ILoggedSecretMasker SecretMasker => _secretMasker; public ICorrelationContextManager CorrelationContextManager => _correlationContextManager; [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope")] public TestHostContext(object testClass, [CallerMemberName] string testName = "", bool useNewSecretMasker = true) { ArgUtil.NotNull(testClass, nameof(testClass)); ArgUtil.NotNullOrEmpty(testName, nameof(testName)); _loadContext = AssemblyLoadContext.GetLoadContext(typeof(TestHostContext).GetTypeInfo().Assembly); _loadContext.Unloading += LoadContext_Unloading; _testName = testName; // Trim the test assembly's root namespace from the test class's full name. _suiteName = testClass.GetType().FullName.Replace( typeof(TestHostContext).Namespace, string.Empty, StringComparison.OrdinalIgnoreCase); if (_suiteName.StartsWith(".")) { _suiteName = _suiteName[1..]; } _suiteName = _suiteName.Replace(".", "_", StringComparison.OrdinalIgnoreCase); // Setup the trace manager. TraceFileName = Path.Combine(TestUtil.GetSrcPath(), "Test", "TestLogs", $"trace_{_suiteName}_{_testName}.log"); if (File.Exists(TraceFileName)) { try { File.Delete(TraceFileName); } catch (IOException) { // If another parallel test still holds the file open, fall back to a unique name string dir = Path.GetDirectoryName(TraceFileName); string name = Path.GetFileNameWithoutExtension(TraceFileName); string ext = Path.GetExtension(TraceFileName); TraceFileName = Path.Combine(dir, $"{name}_{Guid.NewGuid():N}{ext}"); } } var traceListener = new HostTraceListener(TraceFileName); traceListener.DisableConsoleReporting = true; _secretMasker = LoggedSecretMasker.Create(useNewSecretMasker ? new OssSecretMasker() : new LegacySecretMasker()); _secretMasker.AddValueEncoder(ValueEncoders.JsonStringEscape, origin: "Test"); _secretMasker.AddValueEncoder(ValueEncoders.UriDataEscape, origin: "Test"); _secretMasker.AddValueEncoder(ValueEncoders.BackslashEscape, origin: "Test"); _secretMasker.AddRegex(AdditionalMaskingRegexes.UrlSecretPattern, origin: "Test"); _correlationContextManager = new CorrelationContextManager(); _traceManager = new TraceManager(traceListener, _secretMasker, this); // Make the trace manager available via GetService in tests SetSingleton(_traceManager); _trace = GetTrace(nameof(TestHostContext)); _secretMasker.SetTrace(_trace); // inject a terminal in silent mode so all console output // goes to the test trace file _term = new Terminal(); _term.Silent = true; SetSingleton(_term); EnqueueInstance(_term); // Register a mock configuration store for tests that use ExecutionContext.Initialize() var configStore = new Tests.L1.Worker.FakeConfigurationStore { WorkingDirectoryName = $"test_{_suiteName}_{_testName}" }; SetSingleton(configStore); // Register a mock job server queue for tests that use ExecutionContext.Initialize() var mockJobServerQueue = new Moq.Mock(); mockJobServerQueue.Setup(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.IsAny())); SetSingleton(mockJobServerQueue.Object); // Register a mock web proxy for tests that use ExecutionContext.InitializeJob() var mockWebProxy = new Moq.Mock(); SetSingleton(mockWebProxy.Object); // Register a mock certificate manager for tests that use ExecutionContext.InitializeJob() var mockCertManager = new Moq.Mock(); SetSingleton(mockCertManager.Object); if (!TestUtil.IsWindows()) { string eulaFile = Path.Combine(GetDirectory(WellKnownDirectory.Root), "license.html"); File.WriteAllText(eulaFile, "testeulafile"); } } public CultureInfo DefaultCulture { get; private set; } public string TraceFileName { get; private set; } public StartupType StartupType { get { return _startupType; } set { _startupType = value; } } public ProductInfoHeaderValue UserAgent => new ProductInfoHeaderValue("L0Test", "0.0"); public async Task Delay(TimeSpan delay, CancellationToken token) { // Always capture the delay value for testing CapturedDelays.Add(delay); if (UseRealDelays) { await Task.Delay(delay, token); return; } await Task.Delay(TimeSpan.Zero); } public T CreateService() where T : class, IAgentService { _trace.Verbose($"Create service: '{typeof(T).Name}'"); // Dequeue a registered instance. object service; ConcurrentQueue queue; if (!_serviceInstances.TryGetValue(typeof(T), out queue) || !queue.TryDequeue(out service)) { throw new Exception($"Unable to dequeue a registered instance for type '{typeof(T).FullName}'."); } var s = service as T; s.Initialize(this); return s; } public T GetService() where T : class, IAgentService { _trace.Verbose($"Get service: '{typeof(T).Name}'"); // Get the registered singleton instance. object service; if (!_serviceSingletons.TryGetValue(typeof(T), out service)) { throw new Exception($"Singleton instance not registered for type '{typeof(T).FullName}'."); } T s = service as T; s.Initialize(this); return s; } public void EnqueueInstance(T instance) where T : class, IAgentService { // Enqueue a service instance to be returned by CreateService. if (object.ReferenceEquals(instance, null)) { throw new ArgumentNullException(nameof(instance)); } ConcurrentQueue queue = _serviceInstances.GetOrAdd( key: typeof(T), valueFactory: x => new ConcurrentQueue()); queue.Enqueue(instance); } public void SetDefaultCulture(string name) { DefaultCulture = new CultureInfo(name); } public void SetSingleton(T singleton) where T : class, IAgentService { // Set the singleton instance to be returned by GetService. if (object.ReferenceEquals(singleton, null)) { throw new ArgumentNullException(nameof(singleton)); } _serviceSingletons[typeof(T)] = singleton; } public string GetDirectory(WellKnownDirectory directory) { string path; switch (directory) { case WellKnownDirectory.Bin: path = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location); break; case WellKnownDirectory.Externals: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), Constants.Path.ExternalsDirectory); break; case WellKnownDirectory.LegacyPSHost: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.LegacyPSHostDirectory); break; case WellKnownDirectory.LegacyPSHostLegacy: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.LegacyPSHostLegacyDirectory); break; case WellKnownDirectory.Root: path = new DirectoryInfo(GetDirectory(WellKnownDirectory.Bin)).Parent.FullName; break; case WellKnownDirectory.ServerOM: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.ServerOMDirectory); break; case WellKnownDirectory.ServerOMLegacy: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.ServerOMLegacyDirectory); break; case WellKnownDirectory.Tf: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.TfDirectory); break; case WellKnownDirectory.TfLegacy: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.TfLegacyDirectory); break; case WellKnownDirectory.TfLatest: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.TfLatestDirectory); break; case WellKnownDirectory.Tee: path = Path.Combine( GetDirectory(WellKnownDirectory.Externals), Constants.Path.TeeDirectory); break; case WellKnownDirectory.Temp: path = Path.Combine( GetDirectory(WellKnownDirectory.Work), Constants.Path.TempDirectory); break; case WellKnownDirectory.Tasks: path = Path.Combine( GetDirectory(WellKnownDirectory.Work), Constants.Path.TasksDirectory); break; case WellKnownDirectory.TaskZips: path = Path.Combine( GetDirectory(WellKnownDirectory.Work), Constants.Path.TaskZipsDirectory); break; case WellKnownDirectory.Tools: path = Environment.GetEnvironmentVariable("AGENT_TOOLSDIRECTORY") ?? Environment.GetEnvironmentVariable(Constants.Variables.Agent.ToolsDirectory); if (string.IsNullOrEmpty(path)) { path = Path.Combine( GetDirectory(WellKnownDirectory.Work), Constants.Path.ToolDirectory); } break; case WellKnownDirectory.Update: path = Path.Combine( GetDirectory(WellKnownDirectory.Work), Constants.Path.UpdateDirectory); break; case WellKnownDirectory.Work: path = Path.Combine( _tempDirectoryRoot, WellKnownDirectory.Work.ToString()); break; default: throw new NotSupportedException($"Unexpected well known directory: '{directory}'"); } _trace.Info($"Well known directory '{directory}': '{path}'"); return path; } public string GetDiagDirectory(HostType hostType = HostType.Undefined) { return Path.Combine( GetDirectory(WellKnownDirectory.Root), Constants.Path.DiagDirectory); } public string GetConfigFile(WellKnownConfigFile configFile) { string path; switch (configFile) { case WellKnownConfigFile.Agent: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".agent"); break; case WellKnownConfigFile.Credentials: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".credentials"); break; case WellKnownConfigFile.RSACredentials: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".credentials_rsaparams"); break; case WellKnownConfigFile.Service: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".service"); break; case WellKnownConfigFile.CredentialStore: path = (TestUtil.IsMacOS()) ? Path.Combine( GetDirectory(WellKnownDirectory.Root), ".credential_store.keychain") : Path.Combine( GetDirectory(WellKnownDirectory.Root), ".credential_store"); break; case WellKnownConfigFile.Certificates: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".certificates"); break; case WellKnownConfigFile.Proxy: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".proxy"); break; case WellKnownConfigFile.ProxyCredentials: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".proxycredentials"); break; case WellKnownConfigFile.ProxyBypass: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".proxybypass"); break; case WellKnownConfigFile.Autologon: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".autologon"); break; case WellKnownConfigFile.Options: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".options"); break; case WellKnownConfigFile.SetupInfo: path = Path.Combine( GetDirectory(WellKnownDirectory.Root), ".setup_info"); break; case WellKnownConfigFile.TaskExceptionList: path = Path.Combine( GetDirectory(WellKnownDirectory.Bin), "tasks-exception-list.json"); break; default: throw new NotSupportedException($"Unexpected well known config file: '{configFile}'"); } _trace.Info($"Well known config file '{configFile}': '{path}'"); return path; } // simple convenience factory so each suite/test gets a different trace file per run public Tracing GetTrace() { Tracing trace = GetTrace($"{_suiteName}_{_testName}"); trace.Info($"Starting {_testName}"); return trace; } // allow tests to retrieve their tracing output and assert things about it public string GetTraceContent() { var temp = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString()); try { File.Copy(TraceFileName, temp); return File.ReadAllText(temp); } finally { File.Delete(temp); } } public Tracing GetTrace(string name) { return _traceManager[name]; } public ContainerInfo CreateContainerInfo(Pipelines.ContainerResource container, Boolean isJobContainer = true) { ContainerInfo containerInfo = new ContainerInfo(container, isJobContainer); if (TestUtil.IsWindows()) { // Tool cache folder may come from ENV, so we need a unique folder to avoid collision containerInfo.PathMappings[this.GetDirectory(WellKnownDirectory.Tools)] = "C:\\__t"; containerInfo.PathMappings[this.GetDirectory(WellKnownDirectory.Work)] = "C:\\__w"; containerInfo.PathMappings[this.GetDirectory(WellKnownDirectory.Root)] = "C:\\__a"; // add -v '\\.\pipe\docker_engine:\\.\pipe\docker_engine' when they are available (17.09) } else { // Tool cache folder may come from ENV, so we need a unique folder to avoid collision containerInfo.PathMappings[this.GetDirectory(WellKnownDirectory.Tools)] = "/__t"; containerInfo.PathMappings[this.GetDirectory(WellKnownDirectory.Work)] = "/__w"; containerInfo.PathMappings[this.GetDirectory(WellKnownDirectory.Root)] = "/__a"; if (containerInfo.IsJobContainer) { containerInfo.MountVolumes.Add(new MountVolume("/var/run/docker.sock", "/var/run/docker.sock")); } } return containerInfo; } public void ShutdownAgent(ShutdownReason reason) { ArgUtil.NotNull(reason, nameof(reason)); AgentShutdownReason = reason; _agentShutdownTokenSource.Cancel(); } public void ShutdownWorkerForTimeout() { _workerShutdownForTimeoutTokenSource.Cancel(); } public void WritePerfCounter(string counter) { } public void EnableHttpTrace() { // Test implementation - just trace that it was called _trace?.Info("EnableHttpTrace() called in test context"); } string IKnobValueContext.GetVariableValueOrDefault(string variableName) { // Return null for unknown variables to allow knob fallback to other sources return null; } IScopedEnvironment IKnobValueContext.GetScopedEnvironment() { return new SystemEnvironment(); } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } private void Dispose(bool disposing) { if (disposing) { if (_loadContext != null) { _loadContext.Unloading -= LoadContext_Unloading; _loadContext = null; } _traceManager?.Dispose(); _term?.Dispose(); _trace?.Dispose(); _secretMasker?.Dispose(); _correlationContextManager?.Dispose(); _agentShutdownTokenSource?.Dispose(); _workerShutdownForTimeoutTokenSource?.Dispose(); try { Directory.Delete(_tempDirectoryRoot); } catch (Exception) { // eat exception on dispose } } } private void LoadContext_Unloading(AssemblyLoadContext obj) { if (Unloading != null) { Unloading(this, null); } } } } ================================================ FILE: src/Test/L0/TestUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System.IO; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests { public static class TestUtil { private const string Src = "src"; private const string TestData = "TestData"; public static string GetProjectPath(string name = "Test") { ArgUtil.NotNullOrEmpty(name, nameof(name)); string projectDir = Path.Combine( GetSrcPath(), name); Assert.True(Directory.Exists(projectDir)); return projectDir; } private static string GetThisFilePath([CallerFilePath] string path = null) { return path; } public static string GetSrcPath() { string L0dir = Path.GetDirectoryName(GetThisFilePath()); string testDir = Path.GetDirectoryName(L0dir); string srcDir = Path.GetDirectoryName(testDir); ArgUtil.Directory(srcDir, nameof(srcDir)); Assert.Equal(Src, Path.GetFileName(srcDir)); return srcDir; } public static string GetTestDataPath() { string testDataDir = Path.Combine(GetProjectPath(), TestData); Assert.True(Directory.Exists(testDataDir)); return testDataDir; } public static string WriteAllTextToTempFile(string content, string extension = null) { string file = Path.GetTempFileName(); if (!string.IsNullOrEmpty(extension)) { file = Path.ChangeExtension(file, extension); } File.WriteAllText(file, content); return file; } public static bool IsLinux() => RuntimeInformation.IsOSPlatform(OSPlatform.Linux); public static bool IsMacOS() => RuntimeInformation.IsOSPlatform(OSPlatform.OSX); public static bool IsWindows() => RuntimeInformation.IsOSPlatform(OSPlatform.Windows); } } ================================================ FILE: src/Test/L0/TraceManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Threading.Tasks; using System.Linq; using Xunit; using Agent.Sdk.SecretMasking; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Tests.TracingSpecs { public sealed class TraceManagerL0 { private static (Microsoft.VisualStudio.Services.Agent.TraceManager mgr, string logPath, Microsoft.VisualStudio.Services.Agent.Tracing trace, ILoggedSecretMasker masker, Microsoft.VisualStudio.Services.Agent.HostTraceListener listener) Create(string name, bool? envEnhanced = null, IKnobValueContext knobContext = null) { string logPath = Path.Combine(Path.GetTempPath(), $"trace_{Guid.NewGuid():N}.log"); var listener = new Microsoft.VisualStudio.Services.Agent.HostTraceListener(logPath) { DisableConsoleReporting = true }; // Create OSS masker and do not dispose it here; the LoggedSecretMasker wrapper will be disposed in the test. ILoggedSecretMasker masker; // Ownership of the underlying masker is intentionally transferred to the LoggedSecretMasker wrapper. // Suppress CA2000 for tests: the wrapper will be disposed by the test cleanup. #pragma warning disable CA2000 var oss = new OssSecretMasker(); #pragma warning restore CA2000 masker = LoggedSecretMasker.Create(oss); // Control knob via environment if requested string prev = null; if (envEnhanced.HasValue) { prev = Environment.GetEnvironmentVariable("AZP_USE_ENHANCED_LOGGING"); Environment.SetEnvironmentVariable("AZP_USE_ENHANCED_LOGGING", envEnhanced.Value ? "true" : null); } try { if (knobContext != null) { var ctx = knobContext; var mgr = new Microsoft.VisualStudio.Services.Agent.TraceManager(listener, masker, ctx); var trace = mgr[name]; return (mgr, logPath, trace, masker, listener); } else { using (var ctx = new TestHostContext(new object())) { var mgr = new Microsoft.VisualStudio.Services.Agent.TraceManager(listener, masker, ctx); var trace = mgr[name]; // Note: returning ctx here would dispose it after leaving the using block, // so only return objects that do not depend on ctx after disposal. return (mgr, logPath, trace, masker, listener); } } } finally { if (envEnhanced.HasValue) { Environment.SetEnvironmentVariable("AZP_USE_ENHANCED_LOGGING", prev); } } } private static string ReadAll(string path) { // Wait a moment to let file writes flush on slower CI Task.Delay(25).Wait(); return File.Exists(path) ? File.ReadAllText(path) : string.Empty; } [Fact] [Trait("Level", "L0")] [Trait("Category", "Tracing")] public void Startup_Uses_Default_NonEnhanced_When_Knob_Not_Set() { var (mgr, path, trace, masker, listener) = Create("Startup_Default"); try { trace.Info("baseline message"); } finally { mgr.Dispose(); masker.Dispose(); listener.Dispose(); } var content = ReadAll(path); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Tracing")] public void Startup_Honors_Knob_When_Set_True() { var (mgr, path, trace, masker, listener) = Create("Startup_Knob", envEnhanced: true); try { trace.Info("enhanced at startup"); } finally { mgr.Dispose(); masker.Dispose(); listener.Dispose(); } var content = ReadAll(path); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Tracing")] public void Runtime_Switch_Upgrades_Existing_Sources() { var (mgr, path, trace, masker, listener) = Create("Runtime_Switch", envEnhanced: false); try { trace.Info("before switch"); mgr.SetEnhancedLoggingEnabled(true); trace.Info("after switch"); } finally { mgr.Dispose(); masker.Dispose(); listener.Dispose(); } var content = ReadAll(path); Assert.Contains("before switch", content); // pre-switch line present (non-enhanced) } [Fact] [Trait("Level", "L0")] [Trait("Category", "Tracing")] public void Proxy_Is_Stable_Across_Get_And_Switch() { var (mgr, path, trace, masker, listener) = Create("Proxy_Stable", envEnhanced: false); try { var t1 = mgr["component"]; // same instance as first var t2 = mgr["component"]; // should be same proxy instance Assert.Same(t1, t2); mgr.SetEnhancedLoggingEnabled(true); var t3 = mgr["component"]; // still same proxy instance Assert.Same(t1, t3); t1.Info("proxy stable message"); } finally { mgr.Dispose(); masker.Dispose(); listener.Dispose(); } var content = ReadAll(path); Assert.Contains("proxy stable message", content); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Tracing")] public void Calls_After_Dispose_Do_Not_Throw() { var (mgr, path, trace, masker, listener) = Create("PostDispose", envEnhanced: false); // Dispose the manager first (proxies lose inner), but keep the listener alive so // a forward to base doesn't hit a disposed writer. We're only asserting no throw. mgr.Dispose(); // Should not throw even though inner is gone trace.Info("after dispose no throw"); // Now dispose remaining resources masker.Dispose(); listener.Dispose(); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Tracing")] public void New_Sources_After_Switch_Use_Enhanced() { var (mgr, path, trace, masker, listener) = Create("NewSourceAfterSwitch", envEnhanced: false); try { // Switch on enhanced logging mgr.SetEnhancedLoggingEnabled(true); // Acquire a new source after the switch and log var newTrace = mgr["new-component"]; newTrace.Info("message from new source"); } finally { mgr.Dispose(); masker.Dispose(); listener.Dispose(); } var content = ReadAll(path); Assert.Contains("message from new source", content); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Tracing")] public void Disable_Enhanced_Stops_Enhanced_For_New_Messages() { var (mgr, path, trace, masker, listener) = Create("DisableEnhanced", envEnhanced: true); try { trace.Info("before disable"); // enhanced mgr.SetEnhancedLoggingEnabled(false); trace.Info("after disable"); // not enhanced } finally { mgr.Dispose(); masker.Dispose(); listener.Dispose(); } var content = ReadAll(path); var lines = content.Split(new[] { "\r\n", "\n" }, StringSplitOptions.None); var afterDisableLine = lines.FirstOrDefault(l => l.Contains("after disable")); } } } ================================================ FILE: src/Test/L0/Util/ArgUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Util { public sealed class ArgUtilL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void Equal_MatchesObjectEquality() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange. string expected = "Some string".ToLower(); // ToLower is required to avoid reference equality string actual = "Some string".ToLower(); // due to compile-time string interning. // Act/Assert. ArgUtil.Equal(expected: expected, actual: actual, name: "Some parameter"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void Equal_MatchesReferenceEquality() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange. object expected = new object(); object actual = expected; // Act/Assert. ArgUtil.Equal(expected: expected, actual: actual, name: "Some parameter"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void Equal_MatchesStructEquality() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange. int expected = 123; int actual = expected; // Act/Assert. ArgUtil.Equal(expected: expected, actual: actual, name: "Some parameter"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void Equal_ThrowsWhenActualObjectIsNull() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange. object expected = new object(); object actual = null; // Act/Assert. Assert.Throws(() => { ArgUtil.Equal(expected: expected, actual: actual, name: "Some parameter"); }); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void Equal_ThrowsWhenExpectedObjectIsNull() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange. object expected = null; object actual = new object(); // Act/Assert. Assert.Throws(() => { ArgUtil.Equal(expected: expected, actual: actual, name: "Some parameter"); }); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void Equal_ThrowsWhenObjectsAreNotEqual() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange. object expected = new object(); object actual = new object(); // Act/Assert. Assert.Throws(() => { ArgUtil.Equal(expected: expected, actual: actual, name: "Some parameter"); }); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void Equal_ThrowsWhenStructsAreNotEqual() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange. int expected = 123; int actual = 456; // Act/Assert. Assert.Throws(() => { ArgUtil.Equal(expected: expected, actual: actual, name: "Some parameter"); }); } } } } ================================================ FILE: src/Test/L0/Util/CertificateUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using Agent.Sdk.Util; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Util { /// /// Tests for CertificateUtil.LoadCertificate which works on both .NET 8 and .NET 10. /// Tests cover: Cert (DER/PEM) and PFX/PKCS#12 formats. /// public sealed class CertificateUtilL0 : IDisposable { private readonly string _tempDir; public CertificateUtilL0() { _tempDir = Path.Combine(Path.GetTempPath(), $"CertUtilTests_{Guid.NewGuid():N}"); Directory.CreateDirectory(_tempDir); } public void Dispose() { if (Directory.Exists(_tempDir)) { Directory.Delete(_tempDir, recursive: true); } } #region PFX/PKCS#12 Tests (X509ContentType.Pkcs12) [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void LoadCertificate_Pfx_WithPassword_LoadsSuccessfully() { // Arrange var (expectedThumbprint, pfxPath) = CreatePfxCertificate("test-password"); // Act using var loadedCert = CertificateUtil.LoadCertificate(pfxPath, "test-password"); // Assert Assert.NotNull(loadedCert); Assert.Equal(expectedThumbprint, loadedCert.Thumbprint); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void LoadCertificate_Pfx_WithoutPassword_LoadsSuccessfully() { // Arrange var (expectedThumbprint, pfxPath) = CreatePfxCertificate(password: null); // Act using var loadedCert = CertificateUtil.LoadCertificate(pfxPath, password: null); // Assert Assert.NotNull(loadedCert); Assert.Equal(expectedThumbprint, loadedCert.Thumbprint); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void LoadCertificate_Pfx_WrongPassword_ThrowsException() { // Arrange var (_, pfxPath) = CreatePfxCertificate("correct-password"); // Act & Assert Assert.ThrowsAny(() => CertificateUtil.LoadCertificate(pfxPath, "wrong-password")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void LoadCertificate_Pfx_PasswordProtectedButNoPasswordProvided_ThrowsException() { // Arrange var (_, pfxPath) = CreatePfxCertificate("some-password"); // Act & Assert Assert.ThrowsAny(() => CertificateUtil.LoadCertificate(pfxPath, password: null)); } #endregion #region DER Tests (X509ContentType.Cert) [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void LoadCertificate_Der_LoadsSuccessfully() { // Arrange var (expectedThumbprint, derPath) = CreateDerCertificate(); // Act using var loadedCert = CertificateUtil.LoadCertificate(derPath); // Assert Assert.NotNull(loadedCert); Assert.Equal(expectedThumbprint, loadedCert.Thumbprint); } #endregion #region PEM Tests (X509ContentType.Cert) [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void LoadCertificate_Pem_LoadsSuccessfully() { // Arrange var (expectedThumbprint, pemPath) = CreatePemCertificate(); // Act using var loadedCert = CertificateUtil.LoadCertificate(pemPath); // Assert Assert.NotNull(loadedCert); Assert.Equal(expectedThumbprint, loadedCert.Thumbprint); } #endregion #region Helper Methods /// /// Creates a test PFX/PKCS#12 certificate file (X509ContentType.Pkcs12). /// private (string thumbprint, string path) CreatePfxCertificate(string password) { using var rsa = RSA.Create(2048); var request = new CertificateRequest( "CN=TestPfxCertificate", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); using var cert = request.CreateSelfSigned( DateTimeOffset.UtcNow.AddMinutes(-5), DateTimeOffset.UtcNow.AddYears(1)); var pfxPath = Path.Combine(_tempDir, $"test_{Guid.NewGuid():N}.pfx"); var pfxBytes = cert.Export(X509ContentType.Pfx, password); File.WriteAllBytes(pfxPath, pfxBytes); return (cert.Thumbprint, pfxPath); } /// /// Creates a test DER-encoded certificate file (X509ContentType.Cert). /// private (string thumbprint, string path) CreateDerCertificate() { using var rsa = RSA.Create(2048); var request = new CertificateRequest( "CN=TestDerCertificate", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); using var cert = request.CreateSelfSigned( DateTimeOffset.UtcNow.AddMinutes(-5), DateTimeOffset.UtcNow.AddYears(1)); var derPath = Path.Combine(_tempDir, $"test_{Guid.NewGuid():N}.cer"); var derBytes = cert.Export(X509ContentType.Cert); File.WriteAllBytes(derPath, derBytes); return (cert.Thumbprint, derPath); } /// /// Creates a test PEM-encoded certificate file. /// private (string thumbprint, string path) CreatePemCertificate() { using var rsa = RSA.Create(2048); var request = new CertificateRequest( "CN=TestPemCertificate", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); using var cert = request.CreateSelfSigned( DateTimeOffset.UtcNow.AddMinutes(-5), DateTimeOffset.UtcNow.AddYears(1)); var pemPath = Path.Combine(_tempDir, $"test_{Guid.NewGuid():N}.pem"); var pemContent = cert.ExportCertificatePem(); File.WriteAllText(pemPath, pemContent); return (cert.Thumbprint, pemPath); } #endregion } } ================================================ FILE: src/Test/L0/Util/IOUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.IO; using System.Linq; using System.Threading; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Util { public sealed class IOUtilL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void Delete_DeletesDirectory() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a directory with a file. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); string file = Path.Combine(directory, "some file"); try { Directory.CreateDirectory(directory); File.WriteAllText(path: file, contents: "some contents"); // Act. IOUtil.Delete(directory, CancellationToken.None); // Assert. Assert.False(Directory.Exists(directory)); } finally { // Cleanup. if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void Delete_DeletesFile() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a directory with a file. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); string file = Path.Combine(directory, "some file"); try { Directory.CreateDirectory(directory); File.WriteAllText(path: file, contents: "some contents"); // Act. IOUtil.Delete(file, CancellationToken.None); // Assert. Assert.False(File.Exists(file)); } finally { // Cleanup. if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async void DeleteDirectory_DeleteTargetFileWithASymlink() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a directory with a file. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); string targetFile = Path.Combine(directory, "somefile"); string symlink = Path.Combine(directory, "symlink"); try { Directory.CreateDirectory(directory); File.WriteAllText(path: targetFile, contents: "some contents"); File.SetAttributes(targetFile, File.GetAttributes(targetFile) | FileAttributes.ReadOnly); await CreateFileReparsePoint(context: hc, link: symlink, target: targetFile); // Act. IOUtil.DeleteFile(targetFile); IOUtil.DeleteDirectory(directory, CancellationToken.None); // Assert. Assert.False(File.Exists(targetFile)); Assert.False(File.Exists(symlink)); } finally { // Cleanup. if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void DeleteDirectory_DeletesDirectoriesRecursively() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a directory with a grandchild directory. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); try { Directory.CreateDirectory(Path.Combine(directory, "some child directory", "some grandchild directory")); // Act. IOUtil.DeleteDirectory(directory, CancellationToken.None); // Assert. Assert.False(Directory.Exists(directory)); } finally { // Cleanup. if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async Task DeleteDirectory_DeletesDirectoryReparsePointChain() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create the following structure: // randomDir // randomDir/ -> // randomDir/ -> // randomDir/ -> // randomDir/ -> // randomDir/ -> targetDir // randomDir/targetDir // randomDir/targetDir/file.txt // // The purpose of this test is to verify that DirectoryNotFoundException is gracefully handled when // deleting a chain of reparse point directories. Since the reparse points are named in a random order, // the DirectoryNotFoundException case is likely to be encountered. string randomDir = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); try { string targetDir = Directory.CreateDirectory(Path.Combine(randomDir, "targetDir")).FullName; string file = Path.Combine(targetDir, "file.txt"); File.WriteAllText(path: file, contents: "some contents"); string linkDir1 = Path.Combine(randomDir, $"{Guid.NewGuid()}_linkDir1"); string linkDir2 = Path.Combine(randomDir, $"{Guid.NewGuid()}_linkDir2"); string linkDir3 = Path.Combine(randomDir, $"{Guid.NewGuid()}_linkDir3"); string linkDir4 = Path.Combine(randomDir, $"{Guid.NewGuid()}_linkDir4"); string linkDir5 = Path.Combine(randomDir, $"{Guid.NewGuid()}_linkDir5"); await CreateDirectoryReparsePoint(context: hc, link: linkDir1, target: linkDir2); await CreateDirectoryReparsePoint(context: hc, link: linkDir2, target: linkDir3); await CreateDirectoryReparsePoint(context: hc, link: linkDir3, target: linkDir4); await CreateDirectoryReparsePoint(context: hc, link: linkDir4, target: linkDir5); await CreateDirectoryReparsePoint(context: hc, link: linkDir5, target: targetDir); // Sanity check to verify the link was created properly: Assert.True(Directory.Exists(linkDir1)); Assert.True(new DirectoryInfo(linkDir1).Attributes.HasFlag(FileAttributes.ReparsePoint)); Assert.True(File.Exists(Path.Combine(linkDir1, "file.txt"))); // Act. IOUtil.DeleteDirectory(randomDir, CancellationToken.None); // Assert. Assert.False(Directory.Exists(linkDir1)); Assert.False(Directory.Exists(targetDir)); Assert.False(File.Exists(file)); Assert.False(Directory.Exists(randomDir)); } finally { // Cleanup. if (Directory.Exists(randomDir)) { Directory.Delete(randomDir, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async Task DeleteDirectory_DeletesDirectoryReparsePointsBeforeDirectories() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create the following structure: // randomDir // randomDir/linkDir -> targetDir // randomDir/targetDir // randomDir/targetDir/file.txt // // The accuracy of this test relies on an assumption that IOUtil sorts the directories in // descending order before deleting them - either by length or by default sort order. string randomDir = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); try { string targetDir = Directory.CreateDirectory(Path.Combine(randomDir, "targetDir")).FullName; string file = Path.Combine(targetDir, "file.txt"); File.WriteAllText(path: file, contents: "some contents"); string linkDir = Path.Combine(randomDir, "linkDir"); await CreateDirectoryReparsePoint(context: hc, link: linkDir, target: targetDir); // Sanity check to verify the link was created properly: Assert.True(Directory.Exists(linkDir)); Assert.True(new DirectoryInfo(linkDir).Attributes.HasFlag(FileAttributes.ReparsePoint)); Assert.True(File.Exists(Path.Combine(linkDir, "file.txt"))); // Act. IOUtil.DeleteDirectory(randomDir, CancellationToken.None); // Assert. Assert.False(Directory.Exists(linkDir)); Assert.False(Directory.Exists(targetDir)); Assert.False(File.Exists(file)); Assert.False(Directory.Exists(randomDir)); } finally { // Cleanup. if (Directory.Exists(randomDir)) { Directory.Delete(randomDir, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void DeleteDirectory_DeletesFilesRecursively() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a directory with a grandchild file. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); try { string file = Path.Combine(directory, "some subdirectory", "some file"); Directory.CreateDirectory(Path.GetDirectoryName(file)); File.WriteAllText(path: file, contents: "some contents"); // Act. IOUtil.DeleteDirectory(directory, CancellationToken.None); // Assert. Assert.False(Directory.Exists(directory)); } finally { // Cleanup. if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void DeleteDirectory_DeletesReadOnlyDirectories() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a directory with a read-only subdirectory. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); string subdirectory = Path.Combine(directory, "some subdirectory"); try { var subdirectoryInfo = new DirectoryInfo(subdirectory); subdirectoryInfo.Create(); subdirectoryInfo.Attributes = subdirectoryInfo.Attributes | FileAttributes.ReadOnly; // Act. IOUtil.DeleteDirectory(directory, CancellationToken.None); // Assert. Assert.False(Directory.Exists(directory)); } finally { // Cleanup. var subdirectoryInfo = new DirectoryInfo(subdirectory); if (subdirectoryInfo.Exists) { subdirectoryInfo.Attributes = subdirectoryInfo.Attributes & ~FileAttributes.ReadOnly; } if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void DeleteDirectory_DeletesReadOnlyRootDirectory() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a read-only directory. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); try { var directoryInfo = new DirectoryInfo(directory); directoryInfo.Create(); directoryInfo.Attributes = directoryInfo.Attributes | FileAttributes.ReadOnly; // Act. IOUtil.DeleteDirectory(directory, CancellationToken.None); // Assert. Assert.False(Directory.Exists(directory)); } finally { // Cleanup. var directoryInfo = new DirectoryInfo(directory); if (directoryInfo.Exists) { directoryInfo.Attributes = directoryInfo.Attributes & ~FileAttributes.ReadOnly; directoryInfo.Delete(); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async void DeleteDirectory_DeletesWithRetry_Success() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange string tempDir = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); Directory.CreateDirectory(tempDir); try { // Act await IOUtil.DeleteDirectoryWithRetry(tempDir, CancellationToken.None); // Assert Assert.False(Directory.Exists(tempDir)); } finally { // Cleanup if (Directory.Exists(tempDir)) { Directory.Delete(tempDir, true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public async void DeleteDirectory_DeletesWithRetry_CancellationRequested() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); string tempDir = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); Directory.CreateDirectory(tempDir); var tempFile = Path.Combine(tempDir, "exclusiveFile.txt"); //it blocks file inside using using (FileStream fs = File.Open(tempFile, FileMode.Create, FileAccess.Write, FileShare.None)) { // Act using (var cancellationTokenSource = new CancellationTokenSource(TimeSpan.FromSeconds(2))) await Assert.ThrowsAsync(async () => { await IOUtil.DeleteDirectoryWithRetry(tempDir, cancellationTokenSource.Token); }); } // Cleanup if (File.Exists(tempFile)) File.Delete(tempFile); if (Directory.Exists(tempDir)) Directory.Delete(tempDir, true); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async void DeleteDirectory_DeletesWithRetry_NonExistenDir() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange string nonExistentDir = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); // Act & Assert await IOUtil.DeleteDirectoryWithRetry(nonExistentDir, CancellationToken.None); // execution should not be thrown exception } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public async void DeleteDirectory_DeletesWithRetry_IOException() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange string tempDir = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); Directory.CreateDirectory(tempDir); var tempFile = Path.Combine(tempDir, "exclusiveFile.txt"); var exceptionThrown = false; //it blocks file inside using using (FileStream fs = File.Open(tempFile, FileMode.Create, FileAccess.Write, FileShare.None)) { // Act & Assert try { await IOUtil.DeleteDirectoryWithRetry(tempDir, CancellationToken.None); } catch (AggregateException ae) { // Assert that at least one inner exception is an IOException Assert.NotEmpty(ae.InnerExceptions.OfType().ToList()); exceptionThrown = true; } finally { fs.Close(); } } Assert.True(exceptionThrown, "Exceptione should be thrown when trying to delete blocked file"); if (File.Exists(tempFile)) File.Delete(tempFile); if (Directory.Exists(tempDir)) Directory.Delete(tempDir); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void DeleteDirectory_DeletesReadOnlyFiles() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a directory with a read-only file. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); string file = Path.Combine(directory, "some file"); try { Directory.CreateDirectory(directory); File.WriteAllText(path: file, contents: "some contents"); File.SetAttributes(file, File.GetAttributes(file) | FileAttributes.ReadOnly); // Act. IOUtil.DeleteDirectory(directory, CancellationToken.None); // Assert. Assert.False(Directory.Exists(directory)); } finally { // Cleanup. if (File.Exists(file)) { File.SetAttributes(file, File.GetAttributes(file) & ~FileAttributes.ReadOnly); } if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async Task DeleteDirectory_DoesNotFollowDirectoryReparsePoint() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create the following structure: // randomDir // randomDir/targetDir // randomDir/targetDir/file.txt // randomDir/linkDir -> targetDir string randomDir = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); try { string targetDir = Directory.CreateDirectory(Path.Combine(randomDir, "targetDir")).FullName; string file = Path.Combine(targetDir, "file.txt"); File.WriteAllText(path: file, contents: "some contents"); string linkDir = Path.Combine(randomDir, "linkDir"); await CreateDirectoryReparsePoint(context: hc, link: linkDir, target: targetDir); // Sanity check to verify the link was created properly: Assert.True(Directory.Exists(linkDir)); Assert.True(new DirectoryInfo(linkDir).Attributes.HasFlag(FileAttributes.ReparsePoint)); Assert.True(File.Exists(Path.Combine(linkDir, "file.txt"))); // Act. IOUtil.DeleteDirectory(linkDir, CancellationToken.None); // Assert. Assert.False(Directory.Exists(linkDir)); Assert.True(Directory.Exists(targetDir)); Assert.True(File.Exists(file)); } finally { // Cleanup. if (Directory.Exists(randomDir)) { Directory.Delete(randomDir, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async Task DeleteDirectory_DoesNotFollowNestLevel1DirectoryReparsePoint() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create the following structure: // randomDir // randomDir/targetDir // randomDir/targetDir/file.txt // randomDir/subDir // randomDir/subDir/linkDir -> ../targetDir string randomDir = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); try { string targetDir = Directory.CreateDirectory(Path.Combine(randomDir, "targetDir")).FullName; string file = Path.Combine(targetDir, "file.txt"); File.WriteAllText(path: file, contents: "some contents"); string subDir = Directory.CreateDirectory(Path.Combine(randomDir, "subDir")).FullName; string linkDir = Path.Combine(subDir, "linkDir"); await CreateDirectoryReparsePoint(context: hc, link: linkDir, target: targetDir); // Sanity check to verify the link was created properly: Assert.True(Directory.Exists(linkDir)); Assert.True(new DirectoryInfo(linkDir).Attributes.HasFlag(FileAttributes.ReparsePoint)); Assert.True(File.Exists(Path.Combine(linkDir, "file.txt"))); // Act. IOUtil.DeleteDirectory(subDir, CancellationToken.None); // Assert. Assert.False(Directory.Exists(subDir)); Assert.True(Directory.Exists(targetDir)); Assert.True(File.Exists(file)); } finally { // Cleanup. if (Directory.Exists(randomDir)) { Directory.Delete(randomDir, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async Task DeleteDirectory_DoesNotFollowNestLevel2DirectoryReparsePoint() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create the following structure: // randomDir // randomDir/targetDir // randomDir/targetDir/file.txt // randomDir/subDir1 // randomDir/subDir1/subDir2 // randomDir/subDir1/subDir2/linkDir -> ../../targetDir string randomDir = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); try { string targetDir = Directory.CreateDirectory(Path.Combine(randomDir, "targetDir")).FullName; string file = Path.Combine(targetDir, "file.txt"); File.WriteAllText(path: file, contents: "some contents"); string subDir1 = Directory.CreateDirectory(Path.Combine(randomDir, "subDir1")).FullName; string subDir2 = Directory.CreateDirectory(Path.Combine(subDir1, "subDir2")).FullName; string linkDir = Path.Combine(subDir2, "linkDir"); await CreateDirectoryReparsePoint(context: hc, link: linkDir, target: targetDir); // Sanity check to verify the link was created properly: Assert.True(Directory.Exists(linkDir)); Assert.True(new DirectoryInfo(linkDir).Attributes.HasFlag(FileAttributes.ReparsePoint)); Assert.True(File.Exists(Path.Combine(linkDir, "file.txt"))); // Act. IOUtil.DeleteDirectory(subDir1, CancellationToken.None); // Assert. Assert.False(Directory.Exists(subDir1)); Assert.True(Directory.Exists(targetDir)); Assert.True(File.Exists(file)); } finally { // Cleanup. if (Directory.Exists(randomDir)) { Directory.Delete(randomDir, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void DeleteDirectory_IgnoresFile() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a directory with a file. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); string file = Path.Combine(directory, "some file"); try { Directory.CreateDirectory(directory); File.WriteAllText(path: file, contents: "some contents"); // Act: Call "DeleteDirectory" against the file. The method should not blow up and // should simply ignore the file since it is not a directory. IOUtil.DeleteDirectory(file, CancellationToken.None); // Assert. Assert.True(File.Exists(file)); } finally { // Cleanup. if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void DeleteFile_DeletesFile() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a directory with a file. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); string file = Path.Combine(directory, "some file"); try { Directory.CreateDirectory(directory); File.WriteAllText(path: file, contents: "some contents"); // Act. IOUtil.DeleteFile(file); // Assert. Assert.False(File.Exists(file)); } finally { // Cleanup. if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void DeleteFile_DeletesReadOnlyFile() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a directory with a read-only file. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); string file = Path.Combine(directory, "some file"); try { Directory.CreateDirectory(directory); File.WriteAllText(path: file, contents: "some contents"); File.SetAttributes(file, File.GetAttributes(file) | FileAttributes.ReadOnly); // Act. IOUtil.DeleteFile(file); // Assert. Assert.False(File.Exists(file)); } finally { // Cleanup. if (File.Exists(file)) { File.SetAttributes(file, File.GetAttributes(file) & ~FileAttributes.ReadOnly); } if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void DeleteFile_IgnoresDirectory() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a directory. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); try { Directory.CreateDirectory(directory); // Act: Call "DeleteFile" against a directory. The method should not blow up and // should simply ignore the directory since it is not a file. IOUtil.DeleteFile(directory); // Assert. Assert.True(Directory.Exists(directory)); } finally { // Cleanup. if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async void DeleteFile_DeletesWithRetry_Success() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange string tempDir = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); Directory.CreateDirectory(tempDir); string file = Path.Combine(tempDir, "some file"); File.WriteAllText(path: file, contents: "some contents"); try { // Act await IOUtil.DeleteFileWithRetry(file, CancellationToken.None); // Assert Assert.False(File.Exists(file)); } finally { // Cleanup if (File.Exists(file)) { File.Delete(file); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public async void DeleteFile_DeletesWithRetry_NonExistenFile() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange string nonExistentFile = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); // Act & Assert await IOUtil.DeleteFileWithRetry(nonExistentFile, CancellationToken.None); // execution should not be thrown exception } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public async void DeleteFile_DeletesWithRetry_IOException() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange string tempDir = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); Directory.CreateDirectory(tempDir); var tempFile = Path.Combine(tempDir, "exclusiveFile.txt"); //it blocks file inside using using (FileStream fs = File.Open(tempFile, FileMode.Create, FileAccess.Write, FileShare.None)) { await Assert.ThrowsAsync(async () => { await IOUtil.DeleteFileWithRetry(tempFile, CancellationToken.None); }); } if (File.Exists(tempFile)) File.Delete(tempFile); if (Directory.Exists(tempDir)) Directory.Delete(tempDir); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public async void DeleteFile_DeletesWithRetry_CancellationRequested() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange string tempDir = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); Directory.CreateDirectory(tempDir); var tempFile = Path.Combine(tempDir, "exclusiveFile.txt"); //it blocks file inside using using (FileStream fs = File.Open(tempFile, FileMode.Create, FileAccess.Write, FileShare.None)) { using (var cancellationTokenSource = new CancellationTokenSource(TimeSpan.FromSeconds(2))) await Assert.ThrowsAsync(async () => { await IOUtil.DeleteFileWithRetry(tempFile, cancellationTokenSource.Token); }); } if (File.Exists(tempFile)) File.Delete(tempFile); if (Directory.Exists(tempDir)) Directory.Delete(tempDir); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public void GetRelativePathWindows() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); string relativePath; /// MakeRelative(@"d:\src\project\foo.cpp", @"d:\src") -> @"project\foo.cpp" // Act. relativePath = IOUtil.MakeRelative(@"d:\src\project\foo.cpp", @"d:\src"); // Assert. Assert.True(string.Equals(relativePath, @"project\foo.cpp", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); /// MakeRelative(@"d:\", @"d:\specs") -> @"d:\" // Act. relativePath = IOUtil.MakeRelative(@"d:\", @"d:\specs"); // Assert. Assert.True(string.Equals(relativePath, @"d:\", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); /// MakeRelative(@"d:\src\project\foo.cpp", @"d:\src\proj") -> @"d:\src\project\foo.cpp" // Act. relativePath = IOUtil.MakeRelative(@"d:\src\project\foo.cpp", @"d:\src\proj"); // Assert. Assert.True(string.Equals(relativePath, @"d:\src\project\foo.cpp", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); /// MakeRelative(@"d:\src\project\foo", @"d:\src") -> @"project\foo" // Act. relativePath = IOUtil.MakeRelative(@"d:\src\project\foo", @"d:\src"); // Assert. Assert.True(string.Equals(relativePath, @"project\foo", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); /// MakeRelative(@"d:\src\project\foo.cpp", @"d:\src\project\foo.cpp") -> @"" // Act. relativePath = IOUtil.MakeRelative(@"d:\src\project", @"d:\src\project"); // Assert. Assert.True(string.Equals(relativePath, string.Empty, StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); /// MakeRelative(@"d:/src/project/foo.cpp", @"d:/src") -> @"project/foo.cpp" // Act. relativePath = IOUtil.MakeRelative(@"d:/src/project/foo.cpp", @"d:/src"); // Assert. Assert.True(string.Equals(relativePath, @"project\foo.cpp", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); /// MakeRelative(@"d:/src/project/foo.cpp", @"d:\src") -> @"d:/src/project/foo.cpp" // Act. relativePath = IOUtil.MakeRelative(@"d:/src/project/foo.cpp", @"d:/src"); // Assert. Assert.True(string.Equals(relativePath, @"project\foo.cpp", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); /// MakeRelative(@"d:/src/project/foo", @"d:/src") -> @"project/foo" // Act. relativePath = IOUtil.MakeRelative(@"d:/src/project/foo", @"d:/src"); // Assert. Assert.True(string.Equals(relativePath, @"project\foo", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); /// MakeRelative(@"d\src\project", @"d:/src/project") -> @"" // Act. relativePath = IOUtil.MakeRelative(@"d:\src\project", @"d:/src/project"); // Assert. Assert.True(string.Equals(relativePath, string.Empty, StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "windows")] public void GetRelativePathNonWindows() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); string relativePath; /// MakeRelative(@"/user/src/project/foo.cpp", @"/user/src") -> @"project/foo.cpp" // Act. relativePath = IOUtil.MakeRelative(@"/user/src/project/foo.cpp", @"/user/src"); // Assert. Assert.True(string.Equals(relativePath, @"project/foo.cpp", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); /// MakeRelative(@"/user", @"/user/specs") -> @"/user" // Act. relativePath = IOUtil.MakeRelative(@"/user", @"/user/specs"); // Assert. Assert.True(string.Equals(relativePath, @"/user", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); /// MakeRelative(@"/user/src/project/foo.cpp", @"/user/src/proj") -> @"/user/src/project/foo.cpp" // Act. relativePath = IOUtil.MakeRelative(@"/user/src/project/foo.cpp", @"/user/src/proj"); // Assert. Assert.True(string.Equals(relativePath, @"/user/src/project/foo.cpp", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); /// MakeRelative(@"/user/src/project/foo", @"/user/src") -> @"project/foo" // Act. relativePath = IOUtil.MakeRelative(@"/user/src/project/foo", @"/user/src"); // Assert. Assert.True(string.Equals(relativePath, @"project/foo", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); /// MakeRelative(@"/user/src/project", @"/user/src/project") -> @"" // Act. relativePath = IOUtil.MakeRelative(@"/user/src/project", @"/user/src/project"); // Assert. Assert.True(string.Equals(relativePath, string.Empty, StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {relativePath}"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public void ResolvePathWindows() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); string resolvePath; // Act. resolvePath = IOUtil.ResolvePath(@"d:\src\project\", @"foo"); // Assert. Assert.True(string.Equals(resolvePath, @"d:\src\project\foo", StringComparison.OrdinalIgnoreCase), $"resolvePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"d:\", @"specs"); // Assert. Assert.True(string.Equals(resolvePath, @"d:\specs", StringComparison.OrdinalIgnoreCase), $"resolvePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"d:\src\project\", @"src\proj"); // Assert. Assert.True(string.Equals(resolvePath, @"d:\src\project\src\proj", StringComparison.OrdinalIgnoreCase), $"resolvePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"d:\src\project\foo", @".."); // Assert. Assert.True(string.Equals(resolvePath, @"d:\src\project", StringComparison.OrdinalIgnoreCase), $"resolvePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"d:\src\project", @"..\..\"); // Assert. Assert.True(string.Equals(resolvePath, @"d:\", StringComparison.OrdinalIgnoreCase), $"resolvePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"d:/src/project", @"../."); // Assert. Assert.True(string.Equals(resolvePath, @"d:\src", StringComparison.OrdinalIgnoreCase), $"resolvePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"d:/src/project/", @"../../foo"); // Assert. Assert.True(string.Equals(resolvePath, @"d:\foo", StringComparison.OrdinalIgnoreCase), $"resolvePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"d:/src/project/foo", @".././bar/.././../foo"); // Assert. Assert.True(string.Equals(resolvePath, @"d:\src\foo", StringComparison.OrdinalIgnoreCase), $"resolvePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"d:\", @"."); // Assert. Assert.True(string.Equals(resolvePath, @"d:\", StringComparison.OrdinalIgnoreCase), $"resolvePath does not expected: {resolvePath}"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "windows")] public void ResolvePathNonWindows() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); string resolvePath; // Act. resolvePath = IOUtil.ResolvePath(@"/user/src/project", @"foo"); // Assert. Assert.True(string.Equals(resolvePath, @"/user/src/project/foo", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"/root", @"./user/./specs"); // Assert. Assert.True(string.Equals(resolvePath, @"/root/user/specs", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"/", @"user/specs/."); // Assert. Assert.True(string.Equals(resolvePath, @"/user/specs", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"/user/src/project", @"../"); // Assert. Assert.True(string.Equals(resolvePath, @"/user/src", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"/user/src/project", @"../../"); // Assert. Assert.True(string.Equals(resolvePath, @"/user", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"/user/src/project/foo", @"../../../../user/./src"); // Assert. Assert.True(string.Equals(resolvePath, @"/user/src", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"/user/src", @"../../."); // Assert. Assert.True(string.Equals(resolvePath, @"/", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {resolvePath}"); // Act. resolvePath = IOUtil.ResolvePath(@"/", @"./"); // Assert. Assert.True(string.Equals(resolvePath, @"/", StringComparison.OrdinalIgnoreCase), $"RelativePath does not expected: {resolvePath}"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ValidateExecutePermission_DoesNotExceedFailsafe() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a directory. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); try { Directory.CreateDirectory(directory); // Act/Assert: Call "ValidateExecutePermission". The method should not blow up. IOUtil.ValidateExecutePermission(directory); } finally { // Cleanup. if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ValidateExecutePermission_ExceedsFailsafe() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange: Create a deep directory. string directory = Path.Combine(hc.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName(), "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"); try { Directory.CreateDirectory(directory); Environment.SetEnvironmentVariable("AGENT_TEST_VALIDATE_EXECUTE_PERMISSIONS_FAILSAFE", "20"); try { // Act: Call "ValidateExecutePermission". The method should throw since // it exceeds the failsafe recursion depth. IOUtil.ValidateExecutePermission(directory); // Assert. throw new Exception("Should have thrown not supported exception."); } catch (NotSupportedException) { } } finally { // Cleanup. if (Directory.Exists(directory)) { Directory.Delete(directory, recursive: true); } } } } private static async Task CreateDirectoryReparsePoint(IHostContext context, string link, string target) { string fileName = (TestUtil.IsWindows()) ? Environment.GetEnvironmentVariable("ComSpec") : "/bin/ln"; string arguments = (TestUtil.IsWindows()) ? $@"/c ""mklink /J ""{link}"" {target}""""" : $@"-s ""{target}"" ""{link}"""; ArgUtil.File(fileName, nameof(fileName)); using (var processInvoker = new ProcessInvokerWrapper()) { processInvoker.Initialize(context); await processInvoker.ExecuteAsync( workingDirectory: context.GetDirectory(WellKnownDirectory.Bin), fileName: fileName, arguments: arguments, environment: null, requireExitCodeZero: true, cancellationToken: CancellationToken.None); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1814:Prefer jagged arrays over multidimensional")] public void GetDirectoryName_LinuxStyle() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); string[,] testcases = new string[,] { {"/foo/bar", "/foo"}, {"/foo", "/"}, {"/foo\\ bar/blah", "/foo\\ bar"} }; for (int i = 0; i < testcases.GetLength(0); i++) { var path = IOUtil.GetDirectoryName(testcases[i, 0], PlatformUtil.OS.Linux); var expected = testcases[i, 1]; Assert.Equal(expected, path); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1814:Prefer jagged arrays over multidimensional")] public void GetDirectoryName_WindowsStyle() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); string[,] testcases = new string[,] { {"c:\\foo\\bar", "c:\\foo"}, {"c:/foo/bar", "c:\\foo"} }; for (int i = 0; i < testcases.GetLength(0); i++) { var path = IOUtil.GetDirectoryName(testcases[i, 0], PlatformUtil.OS.Windows); var expected = testcases[i, 1]; Assert.Equal(expected, path); } } } private static async Task CreateFileReparsePoint(IHostContext context, string link, string target) { string fileName = (TestUtil.IsWindows()) ? Environment.GetEnvironmentVariable("ComSpec") : "/bin/ln"; string arguments = (TestUtil.IsWindows()) ? $@"/c ""mklink ""{link}"" ""{target}""""" : $@"-s ""{target}"" ""{link}"""; ArgUtil.File(fileName, nameof(fileName)); using (var processInvoker = new ProcessInvokerWrapper()) { processInvoker.Initialize(context); await processInvoker.ExecuteAsync( workingDirectory: context.GetDirectory(WellKnownDirectory.Bin), fileName: fileName, arguments: arguments, environment: null, requireExitCodeZero: true, cancellationToken: CancellationToken.None); } } } } ================================================ FILE: src/Test/L0/Util/ProcessUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System.Collections.Generic; using System.Diagnostics; using System.Linq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.L0.Util { public sealed class WindowsProcessUtilL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public void Test_GetProcessList() { using TestHostContext hc = new TestHostContext(this); using Tracing trace = hc.GetTrace(); // Arrange: This test is based on the current process. Process currentProcess = Process.GetCurrentProcess(); // The first three processes in the list. // We do not take other processes since they may differ. string[] expectedProcessNames = { currentProcess.ProcessName, "dotnet", "dotnet" }; // Since VS has a different process list, we have to handle it separately. string[] vsExpectedProcessNames = { currentProcess.ProcessName, "vstest.console", "ServiceHub.TestWindowStoreHost" }; // Act. List processes = WindowsProcessUtil.GetProcessList(); string[] actualProcessNames = processes.Take(expectedProcessNames.Length) .Select(process => process.ProcessName) .ToArray(); // Assert. if (actualProcessNames[1] == "vstest.console") { Assert.Equal(vsExpectedProcessNames, actualProcessNames); } else { Assert.Equal(expectedProcessNames, actualProcessNames); } } } } ================================================ FILE: src/Test/L0/Util/RepositoryUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Util; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Util { public sealed class RepositoryUtilL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void TrimStandardBranchPrefix_should_return_correct_values() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); Assert.Equal(null, RepositoryUtil.TrimStandardBranchPrefix(null)); Assert.Equal("", RepositoryUtil.TrimStandardBranchPrefix("")); Assert.Equal("refs/branchName", RepositoryUtil.TrimStandardBranchPrefix("refs/branchName")); Assert.Equal("branchName", RepositoryUtil.TrimStandardBranchPrefix("refs/heads/branchName")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void HasMultipleCheckouts_should_not_throw() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); Assert.Equal(false, RepositoryUtil.HasMultipleCheckouts(null)); var dict = new Dictionary(StringComparer.OrdinalIgnoreCase); Assert.Equal(false, RepositoryUtil.HasMultipleCheckouts(dict)); dict.Add("x", "y"); Assert.Equal(false, RepositoryUtil.HasMultipleCheckouts(dict)); dict.Add(WellKnownJobSettings.HasMultipleCheckouts, "burger"); Assert.Equal(false, RepositoryUtil.HasMultipleCheckouts(dict)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void HasMultipleCheckouts_should_return_true_when_set_correctly() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); Assert.Equal(false, RepositoryUtil.HasMultipleCheckouts(null)); var dict = new Dictionary(StringComparer.OrdinalIgnoreCase); dict[WellKnownJobSettings.HasMultipleCheckouts] = "true"; Assert.Equal(true, RepositoryUtil.HasMultipleCheckouts(dict)); dict[WellKnownJobSettings.HasMultipleCheckouts] = "TRUE"; Assert.Equal(true, RepositoryUtil.HasMultipleCheckouts(dict)); dict[WellKnownJobSettings.HasMultipleCheckouts] = "True"; Assert.Equal(true, RepositoryUtil.HasMultipleCheckouts(dict)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void HasMultipleCheckouts_should_return_false_when_not_set_correctly() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); Assert.Equal(false, RepositoryUtil.HasMultipleCheckouts(null)); var dict = new Dictionary(StringComparer.OrdinalIgnoreCase); dict[WellKnownJobSettings.HasMultipleCheckouts] = "!true"; Assert.Equal(false, RepositoryUtil.HasMultipleCheckouts(dict)); dict[WellKnownJobSettings.HasMultipleCheckouts] = "false"; Assert.Equal(false, RepositoryUtil.HasMultipleCheckouts(dict)); dict[WellKnownJobSettings.HasMultipleCheckouts] = "FALSE"; Assert.Equal(false, RepositoryUtil.HasMultipleCheckouts(dict)); dict[WellKnownJobSettings.HasMultipleCheckouts] = "False"; Assert.Equal(false, RepositoryUtil.HasMultipleCheckouts(dict)); dict[WellKnownJobSettings.HasMultipleCheckouts] = "0"; Assert.Equal(false, RepositoryUtil.HasMultipleCheckouts(dict)); dict[WellKnownJobSettings.HasMultipleCheckouts] = "1"; Assert.Equal(false, RepositoryUtil.HasMultipleCheckouts(dict)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void IsPrimaryRepositoryName_should_work_correctly() { using (TestHostContext hc = new TestHostContext(this)) { Assert.Equal(false, RepositoryUtil.IsPrimaryRepositoryName(null)); Assert.Equal(false, RepositoryUtil.IsPrimaryRepositoryName("")); Assert.Equal(false, RepositoryUtil.IsPrimaryRepositoryName("none")); Assert.Equal(false, RepositoryUtil.IsPrimaryRepositoryName("some random string")); Assert.Equal(true, RepositoryUtil.IsPrimaryRepositoryName("self")); Assert.Equal(true, RepositoryUtil.IsPrimaryRepositoryName("SELF")); Assert.Equal(true, RepositoryUtil.IsPrimaryRepositoryName("Self")); Assert.Equal(true, RepositoryUtil.IsPrimaryRepositoryName("sELF")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetPrimaryRepository_should_return_correct_value_when_called() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); var repo1 = new RepositoryResource { Alias = "repo1", Id = "repo1", Type = "git", }; var repo2 = new RepositoryResource { Alias = "repo2", Id = "repo2", Type = "git", }; var repoSelf = new RepositoryResource { Alias = "self", Id = "repo3", Type = "git", }; // No properties set Assert.Equal(null, RepositoryUtil.GetPrimaryRepository(null)); Assert.Equal(repo1, RepositoryUtil.GetPrimaryRepository(new[] { repo1 })); Assert.Equal(repo2, RepositoryUtil.GetPrimaryRepository(new[] { repo2 })); Assert.Equal(repoSelf, RepositoryUtil.GetPrimaryRepository(new[] { repoSelf })); Assert.Equal(null, RepositoryUtil.GetPrimaryRepository(new[] { repo1, repo2 })); Assert.Equal(repoSelf, RepositoryUtil.GetPrimaryRepository(new[] { repoSelf, repo1, repo2 })); Assert.Equal(repoSelf, RepositoryUtil.GetPrimaryRepository(new[] { repo1, repoSelf, repo2 })); Assert.Equal(repoSelf, RepositoryUtil.GetPrimaryRepository(new[] { repo1, repo2, repoSelf })); // With IsPrimaryRepository set repo2.Properties.Set(RepositoryUtil.IsPrimaryRepository, Boolean.TrueString); Assert.Equal(repo2, RepositoryUtil.GetPrimaryRepository(new[] { repo1, repo2, repoSelf })); repo2.Properties.Set(RepositoryUtil.IsPrimaryRepository, Boolean.FalseString); Assert.Equal(repoSelf, RepositoryUtil.GetPrimaryRepository(new[] { repo1, repo2, repoSelf })); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetTriggeringRepository_should_return_correct_value_when_called() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); var repo1 = new RepositoryResource { Alias = "repo1", Id = "repo1", Type = "git", }; var repo2 = new RepositoryResource { Alias = "repo2", Id = "repo2", Type = "git", }; var repoSelf = new RepositoryResource { Alias = "self", Id = "repo3", Type = "git", }; // No properties set Assert.Equal(null, RepositoryUtil.GetTriggeringRepository(null)); Assert.Equal(repo1, RepositoryUtil.GetTriggeringRepository(new[] { repo1 })); Assert.Equal(repo2, RepositoryUtil.GetTriggeringRepository(new[] { repo2 })); Assert.Equal(repoSelf, RepositoryUtil.GetTriggeringRepository(new[] { repoSelf })); Assert.Equal(null, RepositoryUtil.GetTriggeringRepository(new[] { repo1, repo2 })); Assert.Equal(repoSelf, RepositoryUtil.GetTriggeringRepository(new[] { repoSelf, repo1, repo2 })); Assert.Equal(repoSelf, RepositoryUtil.GetTriggeringRepository(new[] { repo1, repoSelf, repo2 })); Assert.Equal(repoSelf, RepositoryUtil.GetTriggeringRepository(new[] { repo1, repo2, repoSelf })); // With IsPrimaryRepository set repo2.Properties.Set(RepositoryUtil.IsTriggeringRepository, Boolean.TrueString); Assert.Equal(repo2, RepositoryUtil.GetTriggeringRepository(new[] { repo1, repo2, repoSelf })); repo2.Properties.Set(RepositoryUtil.IsTriggeringRepository, Boolean.FalseString); Assert.Equal(repoSelf, RepositoryUtil.GetTriggeringRepository(new[] { repo1, repo2, repoSelf })); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetRepositoryForLocalPath_should_return_correct_values() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); var repo1 = new RepositoryResource { Alias = "repo1", Id = "repo1", Type = "git", }; repo1.Properties.Set(RepositoryPropertyNames.Path, Path.Combine("root", "1", "s", "repo1")); var repo2 = new RepositoryResource { Alias = "repo2", Id = "repo2", Type = "git", }; repo2.Properties.Set(RepositoryPropertyNames.Path, Path.Combine("root", "1", "s", "repo2")); var repo3 = new RepositoryResource { Alias = "repo3", Id = "repo3", Type = "git", }; // repo3 has no path // Make sure null is returned if nothing matches or inputs are invalid Assert.Equal(null, RepositoryUtil.GetRepositoryForLocalPath(null, null)); Assert.Equal(null, RepositoryUtil.GetRepositoryForLocalPath(null, Path.Combine("root", "1", "s", "not_a_repo"))); Assert.Equal(null, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo1, repo2, repo3 }, null)); Assert.Equal(null, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo1, repo2, repo3 }, "not a path")); Assert.Equal(null, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo1, repo2, repo3 }, Path.Combine("root", "1", "s", "not_a_repo"))); Assert.Equal(null, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo1, repo2, repo3 }, Path.Combine("root", "1", "s"))); Assert.Equal(null, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo1, repo2, repo3 }, Path.Combine("root", "1", "s", "repo3"))); // Make sure the first repo is returned if there is only one Assert.Equal(repo1, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo1 }, Path.Combine("root", "1", "s", "not_a_repo"))); Assert.Equal(repo2, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo2 }, "not a path")); Assert.Equal(repo3, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo3 }, "not a path")); // Make sure the matching repo is returned if there is more than one Assert.Equal(repo1, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo1, repo2, repo3 }, Path.Combine("root", "1", "s", "repo1"))); Assert.Equal(repo1, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo1, repo2, repo3 }, Path.Combine("root", "1", "s", "repo1", "sub", "path", "file.txt"))); Assert.Equal(repo2, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo1, repo2, repo3 }, Path.Combine("root", "1", "s", "repo2"))); Assert.Equal(repo2, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo1, repo2, repo3 }, Path.Combine("root", "1", "s", "repo2", "sub", "path", "file.txt"))); Assert.Equal(repo2, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo3, repo1, repo2 }, Path.Combine("root", "1", "s", "repo2"))); Assert.Equal(repo2, RepositoryUtil.GetRepositoryForLocalPath(new[] { repo3, repo1, repo2 }, Path.Combine("root", "1", "s", "repo2", "sub", "path", "file.txt"))); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetRepository_should_return_correct_value_when_called() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); var repo1 = new RepositoryResource { Alias = "repo1", Id = "repo1", Type = "git", }; var repo2 = new RepositoryResource { Alias = "repo2", Id = "repo2", Type = "git", }; var repoSelf = new RepositoryResource { Alias = "self", Id = "repo3", Type = "git", }; Assert.Equal(null, RepositoryUtil.GetRepository(null, null)); Assert.Equal(null, RepositoryUtil.GetRepository(null, "repo1")); Assert.Equal(null, RepositoryUtil.GetRepository(new[] { repoSelf, repo1, repo2 }, null)); Assert.Equal(null, RepositoryUtil.GetRepository(new[] { repoSelf, repo1, repo2 }, "unknown")); Assert.Equal(repo1, RepositoryUtil.GetRepository(new[] { repo1, repo2 }, "repo1")); Assert.Equal(repo2, RepositoryUtil.GetRepository(new[] { repo1, repo2 }, "repo2")); Assert.Equal(repo1, RepositoryUtil.GetRepository(new[] { repoSelf, repo1, repo2 }, "repo1")); Assert.Equal(repo2, RepositoryUtil.GetRepository(new[] { repoSelf, repo1, repo2 }, "repo2")); Assert.Equal(repoSelf, RepositoryUtil.GetRepository(new[] { repoSelf, repo1, repo2 }, "self")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GuessRepositoryType_should_return_correct_values_when_called() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); Assert.Equal(string.Empty, RepositoryUtil.GuessRepositoryType(null)); Assert.Equal(string.Empty, RepositoryUtil.GuessRepositoryType("")); Assert.Equal(string.Empty, RepositoryUtil.GuessRepositoryType("garbage")); Assert.Equal(string.Empty, RepositoryUtil.GuessRepositoryType("github")); Assert.Equal(string.Empty, RepositoryUtil.GuessRepositoryType("azuredevops")); Assert.Equal(string.Empty, RepositoryUtil.GuessRepositoryType("https://githubenterprise.com/microsoft/somerepo.git")); Assert.Equal(string.Empty, RepositoryUtil.GuessRepositoryType("https://almost.visual.studio.com/microsoft/somerepo.git")); Assert.Equal(string.Empty, RepositoryUtil.GuessRepositoryType("https://almost.dev2.azure.com/microsoft/somerepo.git")); Assert.Equal(RepositoryTypes.GitHub, RepositoryUtil.GuessRepositoryType("https://github.com/microsoft/somerepo.git")); Assert.Equal(RepositoryTypes.Git, RepositoryUtil.GuessRepositoryType("https://user1@dev.azure.com/org/project/_git/reponame")); Assert.Equal(RepositoryTypes.Git, RepositoryUtil.GuessRepositoryType("https://user1@myorg.visualstudio.com/project/_git/reponame")); Assert.Equal(RepositoryTypes.Tfvc, RepositoryUtil.GuessRepositoryType("https://user1@myorg.visualstudio.com/project")); Assert.Equal(RepositoryTypes.Tfvc, RepositoryUtil.GuessRepositoryType("https://user1@dev.azure.com/org/project")); Assert.Equal(RepositoryTypes.Bitbucket, RepositoryUtil.GuessRepositoryType("https://user1@bitbucket.org/user1/mybucket.git")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetCloneDirectory_REPO_should_throw_on_null() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); Assert.Throws(() => RepositoryUtil.GetCloneDirectory((RepositoryResource)null)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetCloneDirectory_REPO_should_return_proper_value_when_called() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); var repo = new RepositoryResource() { Alias = "alias", Id = "repo1", Type = "git", Url = null, }; // If name is not set and url is not set, then it should use alias Assert.Equal("alias", RepositoryUtil.GetCloneDirectory(repo)); // If url is set, it should choose url over alias repo.Url = new Uri("https://jpricket@codedev.ms/jpricket/MyFirstProject/_git/repo1_url"); Assert.Equal("repo1_url", RepositoryUtil.GetCloneDirectory(repo)); // If name is set, it should choose name over alias or url repo.Properties.Set(RepositoryPropertyNames.Name, "MyFirstProject/repo1_name"); Assert.Equal("repo1_name", RepositoryUtil.GetCloneDirectory(repo)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetCloneDirectory_STRING_should_throw_on_null() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); Assert.Throws(() => RepositoryUtil.GetCloneDirectory((string)null)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetCloneDirectory_STRING_should_return_proper_value_when_called() { // These test cases were inspired by the test cases that git.exe uses // see https://github.com/git/git/blob/53f9a3e157dbbc901a02ac2c73346d375e24978c/t/t5603-clone-dirname.sh#L21 using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // basic syntax with bare and non-bare variants Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("host:foo")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("host:foo.git")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("host:foo/.git")); // similar, but using ssh URL rather than host:path syntax Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("ssh://host/foo")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("ssh://host/foo.git")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("ssh://host/foo/.git")); // we should remove trailing slashes and .git suffixes Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("ssh://host/foo/")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("ssh://host/foo///")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("ssh://host/foo/.git/")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("ssh://host/foo.git/")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("ssh://host/foo.git///")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("ssh://host/foo///.git/")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("ssh://host/foo/.git///")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("host:foo/")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("host:foo///")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("host:foo.git/")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("host:foo/.git/")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("host:foo.git///")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("host:foo///.git/")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("host:foo/.git///")); Assert.Equal("foo", RepositoryUtil.GetCloneDirectory("host:foo/.git///")); Assert.Equal("repo", RepositoryUtil.GetCloneDirectory("host:foo/repo")); // omitting the path should default to the hostname Assert.Equal("host", RepositoryUtil.GetCloneDirectory("ssh://host/")); Assert.Equal("host", RepositoryUtil.GetCloneDirectory("ssh://host:1234/")); Assert.Equal("host", RepositoryUtil.GetCloneDirectory("ssh://user@host/")); Assert.Equal("host", RepositoryUtil.GetCloneDirectory("host:/")); // auth materials should be redacted Assert.Equal("host", RepositoryUtil.GetCloneDirectory("ssh://user:password@host/")); Assert.Equal("host", RepositoryUtil.GetCloneDirectory("ssh://user:password@host:1234/")); Assert.Equal("host", RepositoryUtil.GetCloneDirectory("ssh://user:passw@rd@host:1234/")); Assert.Equal("host", RepositoryUtil.GetCloneDirectory("user@host:/")); Assert.Equal("host", RepositoryUtil.GetCloneDirectory("user:password@host:/")); Assert.Equal("host", RepositoryUtil.GetCloneDirectory("user:passw@rd@host:/")); // trailing port-like numbers should not be stripped for paths Assert.Equal("1234", RepositoryUtil.GetCloneDirectory("ssh://user:password@host/test:1234")); Assert.Equal("1234", RepositoryUtil.GetCloneDirectory("ssh://user:password@host/test:1234.git")); } } } } ================================================ FILE: src/Test/L0/Util/StringUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System.Globalization; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Util { public class StringUtilL0 { [Theory] [Trait("Level", "L0")] [Trait("Category", "Common")] [InlineData("##vso[task.setvariable variable=testVar]a", "**vso[task.setvariable variable=testVar]a")] [InlineData("echo \"##vso[task.setvariable variable=testVar]a\"", "echo \"**vso[task.setvariable variable=testVar]a\"")] [InlineData("##vso a", "**vso a")] [InlineData("##vso[] a", "**vso[] a")] [InlineData("## vso", "## vso")] [InlineData("#vso", "#vso")] [InlineData("##vs", "##vs")] [InlineData("##VsO", "**vso")] [InlineData("", "")] [InlineData(null, "")] [InlineData(" ", " ")] [InlineData("gA==", "gA==")] [InlineData("test", "test")] public void DeactivateVsoCommandsFromStringTest(string input, string expected) { var result = StringUtil.DeactivateVsoCommands(input); Assert.Equal(expected, result); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void FormatAlwaysCallsFormat() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange. var variableSets = new[] { new { Format = null as string, Args = null as object[], Expected = string.Empty }, new { Format = null as string, Args = new object[0], Expected = string.Empty }, new { Format = null as string, Args = new object[] { 123 }, Expected = string.Empty }, new { Format = "Some message", Args = null as object[], Expected = "Some message" }, new { Format = "Some message", Args = new object[0], Expected = "Some message" }, new { Format = "Some message", Args = new object[] { 123 }, Expected = "Some message" }, new { Format = "Some format '{0}'", Args = null as object[], Expected = "Some format ''" }, new { Format = "Some format '{0}'", Args = new object[0], Expected = "Some format ''" }, new { Format = "Some format '{0}'", Args = new object[] { 123 }, Expected = "Some format '123'" }, }; foreach (var variableSet in variableSets) { trace.Info($"{nameof(variableSet)}:"); trace.Info(variableSet); // Act. string actual = StringUtil.Format(variableSet.Format, variableSet.Args); // Assert. Assert.Equal(variableSet.Expected, actual); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void FormatHandlesFormatException() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Arrange. var variableSets = new[] { new { Format = "Bad format { 0}", Args = null as object[], Expected = "Bad format { 0}" }, new { Format = "Bad format { 0}", Args = new object[0], Expected = "Bad format { 0} " }, new { Format = "Bad format { 0}", Args = new object[] { null }, Expected = "Bad format { 0} " }, new { Format = "Bad format { 0}", Args = new object[] { 123, 456 }, Expected = "Bad format { 0} 123, 456" }, }; foreach (var variableSet in variableSets) { trace.Info($"{nameof(variableSet)}:"); trace.Info(variableSet); // Act. string actual = StringUtil.Format(variableSet.Format, variableSet.Args); // Assert. Assert.Equal(variableSet.Expected, actual); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void FormatUsesInvariantCulture() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. CultureInfo originalCulture = CultureInfo.CurrentCulture; try { CultureInfo.CurrentCulture = new CultureInfo("it-IT"); // Act. string actual = StringUtil.Format("{0:N2}", 123456.789); // Actual Assert.Equal("123,456.79", actual); } finally { CultureInfo.CurrentCulture = originalCulture; } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ConvertNullOrEmptryStringToBool() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. string nullString = null; string emptyString = string.Empty; // Act. bool result1 = StringUtil.ConvertToBoolean(nullString); bool result2 = StringUtil.ConvertToBoolean(emptyString); // Actual Assert.False(result1, "Null String should convert to false."); Assert.False(result2, "Empty String should convert to false."); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ConvertNullOrEmptryStringToDefaultBool() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. string nullString = null; string emptyString = string.Empty; // Act. bool result1 = StringUtil.ConvertToBoolean(nullString, true); bool result2 = StringUtil.ConvertToBoolean(emptyString, true); // Actual Assert.True(result1, "Null String should convert to true since default value is set to true."); Assert.True(result2, "Empty String should convert to true since default value is set to true."); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ConvertStringToBool() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. string trueString1 = "1"; string trueString2 = "True"; string trueString3 = "$TRUE"; string falseString1 = "0"; string falseString2 = "false"; string falseString3 = "$False"; string undefineString1 = "-1"; string undefineString2 = "sometext"; string undefineString3 = "2015-03-21"; // Act. bool result1 = StringUtil.ConvertToBoolean(trueString1, false); bool result2 = StringUtil.ConvertToBoolean(trueString2); bool result3 = StringUtil.ConvertToBoolean(trueString3, true); bool result4 = StringUtil.ConvertToBoolean(falseString1, true); bool result5 = StringUtil.ConvertToBoolean(falseString2); bool result6 = StringUtil.ConvertToBoolean(falseString3, false); bool result7 = StringUtil.ConvertToBoolean(undefineString1, true); bool result8 = StringUtil.ConvertToBoolean(undefineString2); bool result9 = StringUtil.ConvertToBoolean(undefineString3, false); // Actual Assert.True(result1, $"'{trueString1}' should convert to true."); Assert.True(result2, $"'{trueString2}' should convert to true."); Assert.True(result3, $"'{trueString3}' should convert to true."); Assert.False(result4, $"'{falseString1}' should convert to false."); Assert.False(result5, $"'{falseString2}' should convert to false."); Assert.False(result6, $"'{falseString3}' should convert to false."); Assert.True(result7, $"'{undefineString1}' should convert to true, since default is true."); Assert.False(result8, $"'{undefineString2}' should convert to false."); Assert.False(result9, $"'{undefineString3}' should convert to false."); } } } } ================================================ FILE: src/Test/L0/Util/TaskResultUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Util { public class TaskResultUtilL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void TaskResultReturnCodeTranslate() { // Arrange. using (TestHostContext hc = new TestHostContext(this)) { // Act. TaskResult abandon = TaskResultUtil.TranslateFromReturnCode(TaskResultUtil.TranslateToReturnCode(TaskResult.Abandoned)); // Actual Assert.Equal(TaskResult.Abandoned, abandon); // Act. TaskResult canceled = TaskResultUtil.TranslateFromReturnCode(TaskResultUtil.TranslateToReturnCode(TaskResult.Canceled)); // Actual Assert.Equal(TaskResult.Canceled, canceled); // Act. TaskResult failed = TaskResultUtil.TranslateFromReturnCode(TaskResultUtil.TranslateToReturnCode(TaskResult.Failed)); // Actual Assert.Equal(TaskResult.Failed, failed); // Act. TaskResult skipped = TaskResultUtil.TranslateFromReturnCode(TaskResultUtil.TranslateToReturnCode(TaskResult.Skipped)); // Actual Assert.Equal(TaskResult.Skipped, skipped); // Act. TaskResult succeeded = TaskResultUtil.TranslateFromReturnCode(TaskResultUtil.TranslateToReturnCode(TaskResult.Succeeded)); // Actual Assert.Equal(TaskResult.Succeeded, succeeded); // Act. TaskResult succeededWithIssues = TaskResultUtil.TranslateFromReturnCode(TaskResultUtil.TranslateToReturnCode(TaskResult.SucceededWithIssues)); // Actual Assert.Equal(TaskResult.SucceededWithIssues, succeededWithIssues); // Act. TaskResult unknowReturnCode1 = TaskResultUtil.TranslateFromReturnCode(0); // Actual Assert.Equal(TaskResult.Failed, unknowReturnCode1); // Act. TaskResult unknowReturnCode2 = TaskResultUtil.TranslateFromReturnCode(1); // Actual Assert.Equal(TaskResult.Failed, unknowReturnCode2); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void TaskResultsMerge() { // Arrange. using (TestHostContext hc = new TestHostContext(this)) { TaskResult merged; // // No current result merge. // // Act. merged = TaskResultUtil.MergeTaskResults(null, TaskResult.Succeeded); // Actual Assert.Equal(TaskResult.Succeeded, merged); // Act. merged = TaskResultUtil.MergeTaskResults(null, TaskResult.SucceededWithIssues); // Actual Assert.Equal(TaskResult.SucceededWithIssues, merged); // Act. merged = TaskResultUtil.MergeTaskResults(null, TaskResult.Abandoned); // Actual Assert.Equal(TaskResult.Abandoned, merged); // Act. merged = TaskResultUtil.MergeTaskResults(null, TaskResult.Canceled); // Actual Assert.Equal(TaskResult.Canceled, merged); // Act. merged = TaskResultUtil.MergeTaskResults(null, TaskResult.Failed); // Actual Assert.Equal(TaskResult.Failed, merged); // Act. merged = TaskResultUtil.MergeTaskResults(null, TaskResult.Skipped); // Actual Assert.Equal(TaskResult.Skipped, merged); // // Same result merge. // // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Succeeded, TaskResult.Succeeded); // Actual Assert.Equal(TaskResult.Succeeded, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.SucceededWithIssues, TaskResult.SucceededWithIssues); // Actual Assert.Equal(TaskResult.SucceededWithIssues, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Abandoned, TaskResult.Abandoned); // Actual Assert.Equal(TaskResult.Abandoned, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Canceled, TaskResult.Canceled); // Actual Assert.Equal(TaskResult.Canceled, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Failed, TaskResult.Failed); // Actual Assert.Equal(TaskResult.Failed, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Skipped, TaskResult.Skipped); // Actual Assert.Equal(TaskResult.Skipped, merged); // // Forward result merge // // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Succeeded, TaskResult.SucceededWithIssues); // Actual Assert.Equal(TaskResult.SucceededWithIssues, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Succeeded, TaskResult.Abandoned); // Actual Assert.Equal(TaskResult.Abandoned, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Succeeded, TaskResult.Canceled); // Actual Assert.Equal(TaskResult.Canceled, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Succeeded, TaskResult.Failed); // Actual Assert.Equal(TaskResult.Failed, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Succeeded, TaskResult.Skipped); // Actual Assert.Equal(TaskResult.Skipped, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.SucceededWithIssues, TaskResult.Abandoned); // Actual Assert.Equal(TaskResult.Abandoned, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.SucceededWithIssues, TaskResult.Canceled); // Actual Assert.Equal(TaskResult.Canceled, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.SucceededWithIssues, TaskResult.Failed); // Actual Assert.Equal(TaskResult.Failed, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.SucceededWithIssues, TaskResult.Skipped); // Actual Assert.Equal(TaskResult.Skipped, merged); // // No backward merge // // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Abandoned, TaskResult.SucceededWithIssues); // Actual Assert.Equal(TaskResult.Abandoned, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Abandoned, TaskResult.Succeeded); // Actual Assert.Equal(TaskResult.Abandoned, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Canceled, TaskResult.SucceededWithIssues); // Actual Assert.Equal(TaskResult.Canceled, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Canceled, TaskResult.Succeeded); // Actual Assert.Equal(TaskResult.Canceled, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Failed, TaskResult.SucceededWithIssues); // Actual Assert.Equal(TaskResult.Failed, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Failed, TaskResult.Succeeded); // Actual Assert.Equal(TaskResult.Failed, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Skipped, TaskResult.SucceededWithIssues); // Actual Assert.Equal(TaskResult.Skipped, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Skipped, TaskResult.Succeeded); // Actual Assert.Equal(TaskResult.Skipped, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.SucceededWithIssues, TaskResult.Succeeded); // Actual Assert.Equal(TaskResult.SucceededWithIssues, merged); // // Worst result no change // // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Abandoned, TaskResult.Canceled); // Actual Assert.Equal(TaskResult.Abandoned, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Abandoned, TaskResult.Failed); // Actual Assert.Equal(TaskResult.Abandoned, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Abandoned, TaskResult.Skipped); // Actual Assert.Equal(TaskResult.Abandoned, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Canceled, TaskResult.Abandoned); // Actual Assert.Equal(TaskResult.Canceled, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Canceled, TaskResult.Failed); // Actual Assert.Equal(TaskResult.Canceled, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Canceled, TaskResult.Skipped); // Actual Assert.Equal(TaskResult.Canceled, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Failed, TaskResult.Abandoned); // Actual Assert.Equal(TaskResult.Abandoned, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Failed, TaskResult.Canceled); // Actual Assert.Equal(TaskResult.Canceled, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Failed, TaskResult.Skipped); // Actual Assert.Equal(TaskResult.Skipped, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Skipped, TaskResult.Abandoned); // Actual Assert.Equal(TaskResult.Skipped, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Skipped, TaskResult.Canceled); // Actual Assert.Equal(TaskResult.Skipped, merged); // Act. merged = TaskResultUtil.MergeTaskResults(TaskResult.Skipped, TaskResult.Failed); // Actual Assert.Equal(TaskResult.Skipped, merged); } } } } ================================================ FILE: src/Test/L0/Util/TelemetryPropsUtil.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; using System.Collections.Generic; using System.Text; using Xunit; namespace Test.L0.Util { class TelemetryPropsUtil { public static void AssertPipelineData(Dictionary telemetryProps) { Assert.True((string)(telemetryProps["StageName"]) == "Stage1"); Assert.True((string)(telemetryProps["PhaseName"]) == "Phase1"); Assert.True((string)(telemetryProps["JobName"]) == "Job1"); Assert.True((int)(telemetryProps["StageAttempt"]) == 1); Assert.True((int)(telemetryProps["PhaseAttempt"]) == 1); Assert.True((int)(telemetryProps["JobAttempt"]) == 1); } public static void AddPipelineDataIntoAgentContext(Dictionary agentContextVariable) { agentContextVariable.Add("system.stageName", new VariableValue("Stage1")); agentContextVariable.Add("system.stageAttempt", new VariableValue("1")); agentContextVariable.Add("system.phaseName", new VariableValue("Phase1")); agentContextVariable.Add("system.phaseAttempt", new VariableValue("1")); agentContextVariable.Add("system.jobName", new VariableValue("Job1")); agentContextVariable.Add("system.jobAttempt", new VariableValue("1")); } } } ================================================ FILE: src/Test/L0/Util/UrlUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.VisualStudio.Services.Agent.Util; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Util { public class UrlUtilL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetCredentialEmbeddedUrl_NoUsernameAndPassword() { // Act. Uri result = UrlUtil.GetCredentialEmbeddedUrl(new Uri("https://github.com/Microsoft/vsts-agent.git"), string.Empty, string.Empty); // Actual Assert.Equal("https://github.com/Microsoft/vsts-agent.git", result.AbsoluteUri); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetCredentialEmbeddedUrl_NoUsername() { // Act. Uri result = UrlUtil.GetCredentialEmbeddedUrl(new Uri("https://github.com/Microsoft/vsts-agent.git"), string.Empty, "password123"); // Actual Assert.Equal("https://emptyusername:password123@github.com/Microsoft/vsts-agent.git", result.AbsoluteUri); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetCredentialEmbeddedUrl_NoPassword() { // Act. Uri result = UrlUtil.GetCredentialEmbeddedUrl(new Uri("https://github.com/Microsoft/vsts-agent.git"), "user123", string.Empty); // Actual Assert.Equal("https://user123@github.com/Microsoft/vsts-agent.git", result.AbsoluteUri); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetCredentialEmbeddedUrl_HasUsernameAndPassword() { // Act. Uri result = UrlUtil.GetCredentialEmbeddedUrl(new Uri("https://github.com/Microsoft/vsts-agent.git"), "user123", "password123"); // Actual Assert.Equal("https://user123:password123@github.com/Microsoft/vsts-agent.git", result.AbsoluteUri); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void GetCredentialEmbeddedUrl_UsernameAndPasswordEncoding() { // Act. Uri result = UrlUtil.GetCredentialEmbeddedUrl(new Uri("https://github.com/Microsoft/vsts-agent.git"), "user 123", "password 123"); // Actual Assert.Equal("https://user%20123:password%20123@github.com/Microsoft/vsts-agent.git", result.AbsoluteUri); } } } ================================================ FILE: src/Test/L0/Util/VarUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using Agent.Sdk; using Agent.Sdk.Knob; using Moq; using System; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Util { public class VarUtilL0 { [Theory] [Trait("Level", "L0")] [InlineData("test.value1", "TEST_VALUE1", false)] [InlineData("test value2", "TEST_VALUE2", false)] [InlineData("tesT vaLue.3", "TEST_VALUE_3", false)] [InlineData(".tesT vaLue 4", "_TEST_VALUE_4", false)] [InlineData("TEST_VALUE_5", "TEST_VALUE_5", false)] [InlineData(".. TEST VALUE. 6", "___TEST___VALUE__6", false)] [InlineData(null, "", false)] [InlineData("", "", false)] [InlineData(" ", "_", false)] [InlineData(".", "_", false)] [InlineData("TestValue", "TestValue", true)] [InlineData("Test.Value", "Test_Value", true)] public void TestConverterToEnvVariableFormat(string input, string expected, bool preserveCase) { var result = VarUtil.ConvertToEnvVariableFormat(input, preserveCase); Assert.Equal(expected, result); } [Theory] [Trait("Level", "L0")] [InlineData("false", "false", "tf")] // Default: both false → ServerOMDirectory (tf) [InlineData("true", "false", "tf-latest")] // UseLatest only → TfLatestDirectory [InlineData("false", "true", "tf-legacy")] // UseLegacy only → TfLegacyDirectory [InlineData("true", "true", "tf-latest")] // Both true → TfLatestDirectory (latest wins) public void TestGetTfDirectoryPath(string useLatest, string useLegacy, string expectedDirectory) { // Arrange using (TestHostContext hc = new TestHostContext(this)) { try { // Set environment variables based on test parameters Environment.SetEnvironmentVariable("AGENT_USE_LATEST_TF_EXE", useLatest); Environment.SetEnvironmentVariable("AGENT_INSTALL_LEGACY_TF_EXE", useLegacy); // Create a mock IKnobValueContext that returns the Agent.HomeDirectory var mockContext = new Mock(); mockContext.Setup(x => x.GetVariableValueOrDefault(Constants.Variables.Agent.HomeDirectory)) .Returns(hc.GetDirectory(WellKnownDirectory.Root)); mockContext.Setup(x => x.GetScopedEnvironment()) .Returns(new SystemEnvironment()); // Act var result = VarUtil.GetTfDirectoryPath(mockContext.Object); // Assert Assert.NotNull(result); Assert.Contains("externals", result); Assert.Contains(expectedDirectory, result); // Ensure we don't get unexpected directories if (expectedDirectory == "tf") { Assert.DoesNotContain("tf-latest", result); Assert.DoesNotContain("tf-legacy", result); } else if (expectedDirectory == "tf-latest") { Assert.DoesNotContain("tf-legacy", result); Assert.DoesNotContain("\\tf\\", result); // Ensure it's not the base tf directory } else if (expectedDirectory == "tf-legacy") { Assert.DoesNotContain("tf-latest", result); Assert.DoesNotContain("\\tf\\", result); // Ensure it's not the base tf directory } } finally { // Clean up environment variables Environment.SetEnvironmentVariable("AGENT_USE_LATEST_TF_EXE", null); Environment.SetEnvironmentVariable("AGENT_INSTALL_LEGACY_TF_EXE", null); } } } [Theory] [Trait("Level", "L0")] [InlineData("false", "false", "vstshost")] // Default: both false → LegacyPSHostDirectory (vstshost) [InlineData("true", "false", "vstshost")] // UseLatest only → LegacyPSHostDirectory (vstshost) [InlineData("false", "true", "vstshost-legacy")] // UseLegacy only → LegacyPSHostLegacyDirectory [InlineData("true", "true", "vstshost")] // Both true → LegacyPSHostDirectory (vstshost) public void TestGetLegacyPowerShellHostDirectoryPath(string useLatest, string useLegacy, string expectedDirectory) { // Arrange using (TestHostContext hc = new TestHostContext(this)) { try { // Set environment variables based on test parameters Environment.SetEnvironmentVariable("AGENT_USE_LATEST_TF_EXE", useLatest); Environment.SetEnvironmentVariable("AGENT_INSTALL_LEGACY_TF_EXE", useLegacy); // Create a mock IKnobValueContext that returns the Agent.HomeDirectory var mockContext = new Mock(); mockContext.Setup(x => x.GetVariableValueOrDefault(Constants.Variables.Agent.HomeDirectory)) .Returns(hc.GetDirectory(WellKnownDirectory.Root)); mockContext.Setup(x => x.GetScopedEnvironment()) .Returns(new SystemEnvironment()); // Act var result = VarUtil.GetLegacyPowerShellHostDirectoryPath(mockContext.Object); // Assert Assert.NotNull(result); Assert.Contains("externals", result); Assert.Contains(expectedDirectory, result); // Ensure we don't get unexpected directories if (expectedDirectory == "vstshost") { Assert.DoesNotContain("vstshost-legacy", result); } else if (expectedDirectory == "vstshost-legacy") { Assert.DoesNotContain("\\vstshost\\", result); // Ensure it's not the base vstshost directory } } finally { // Clean up environment variables Environment.SetEnvironmentVariable("AGENT_USE_LATEST_TF_EXE", null); Environment.SetEnvironmentVariable("AGENT_INSTALL_LEGACY_TF_EXE", null); } } } [Theory] [Trait("Level", "L0")] [InlineData("false", "false", false, false)] // Default: both false [InlineData("true", "false", true, false)] // UseLatest only [InlineData("false", "true", false, true)] // UseLegacy only [InlineData("true", "true", true, true)] // Both true public void TestGetKnobsAndExternalsPath(string useLatest, string useLegacy, bool expectedUseLatest, bool expectedUseLegacy) { // Arrange using (TestHostContext hc = new TestHostContext(this)) { try { // Set environment variables based on test parameters Environment.SetEnvironmentVariable("AGENT_USE_LATEST_TF_EXE", useLatest); Environment.SetEnvironmentVariable("AGENT_INSTALL_LEGACY_TF_EXE", useLegacy); // Create a mock IKnobValueContext that returns the Agent.HomeDirectory var mockContext = new Mock(); mockContext.Setup(x => x.GetVariableValueOrDefault(Constants.Variables.Agent.HomeDirectory)) .Returns(hc.GetDirectory(WellKnownDirectory.Root)); mockContext.Setup(x => x.GetScopedEnvironment()) .Returns(new SystemEnvironment()); // Use reflection to access the private method var method = typeof(VarUtil).GetMethod("GetKnobsAndExternalsPath", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Static); Assert.NotNull(method); // Act - use the mock context instead of TestHostContext var result = method.Invoke(null, new object[] { mockContext.Object }); // Use reflection to access the tuple properties (useLatest, useLegacy, externalsPath) var resultType = result.GetType(); var useLatestProperty = resultType.GetField("Item1"); var useLegacyProperty = resultType.GetField("Item2"); var externalsPathProperty = resultType.GetField("Item3"); var actualUseLatest = (bool)useLatestProperty.GetValue(result); var actualUseLegacy = (bool)useLegacyProperty.GetValue(result); var actualExternalsPath = (string)externalsPathProperty.GetValue(result); // Assert Assert.Equal(expectedUseLatest, actualUseLatest); Assert.Equal(expectedUseLegacy, actualUseLegacy); Assert.NotNull(actualExternalsPath); Assert.Contains("externals", actualExternalsPath); Assert.True(actualExternalsPath.EndsWith("externals")); } finally { // Clean up environment variables Environment.SetEnvironmentVariable("AGENT_USE_LATEST_TF_EXE", null); Environment.SetEnvironmentVariable("AGENT_INSTALL_LEGACY_TF_EXE", null); } } } } } ================================================ FILE: src/Test/L0/Util/VssUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Common; using System; using System.Collections.Generic; using System.Net.Http.Headers; using Xunit; using System.Text.RegularExpressions; namespace Microsoft.VisualStudio.Services.Agent.Tests.Util { public sealed class VssUtilL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void VerifyOverwriteVssConnectionSetting() { Regex _serverSideAgentPlatformMatchingRegex = new Regex("vstsagentcore-(.+)(?=/)", RegexOptions.Compiled | RegexOptions.IgnoreCase); using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Act. try { trace.Info("Set httpretry to 10."); Environment.SetEnvironmentVariable("VSTS_HTTP_RETRY", "10"); trace.Info("Set httptimeout to 360."); Environment.SetEnvironmentVariable("VSTS_HTTP_TIMEOUT", "360"); using (var connect = VssUtil.CreateConnection(new Uri("https://github.com/Microsoft/vsts-agent"), new VssCredentials(), trace: null)) { // Assert. Assert.Equal(connect.Settings.MaxRetryRequest.ToString(), "10"); Assert.Equal(connect.Settings.SendTimeout.TotalSeconds.ToString(), "360"); trace.Info("Set httpretry to 100."); Environment.SetEnvironmentVariable("VSTS_HTTP_RETRY", "100"); trace.Info("Set httptimeout to 3600."); Environment.SetEnvironmentVariable("VSTS_HTTP_TIMEOUT", "3600"); } using (var connect = VssUtil.CreateConnection(new Uri("https://github.com/Microsoft/vsts-agent"), new VssCredentials(), trace: null)) { // Assert. Assert.Equal(connect.Settings.MaxRetryRequest.ToString(), "10"); Assert.Equal(connect.Settings.SendTimeout.TotalSeconds.ToString(), "1200"); } } finally { Environment.SetEnvironmentVariable("VSTS_HTTP_RETRY", ""); Environment.SetEnvironmentVariable("VSTS_HTTP_TIMEOUT", ""); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void VerifyVSSConnectionUsingLegacyHandler() { Regex _serverSideAgentPlatformMatchingRegex = new Regex("vstsagentcore-(.+)(?=/)", RegexOptions.Compiled | RegexOptions.IgnoreCase); using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); // Act. try { Environment.SetEnvironmentVariable("AZP_AGENT_USE_LEGACY_HTTP", "true"); var exception = Record.Exception(() => { var connection = VssUtil.CreateConnection( new Uri("https://github.com/Microsoft/vsts-agent"), new VssCredentials(), trace); }); Assert.Null(exception); } finally { Environment.SetEnvironmentVariable("AZP_AGENT_USE_LEGACY_HTTP", ""); } } } } } ================================================ FILE: src/Test/L0/Util/WhichUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Util; using System; using System.IO; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Util { public sealed class WhichUtilL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void UseWhichFindGit() { using (TestHostContext hc = new TestHostContext(this)) { //Arrange Tracing trace = hc.GetTrace(); // Act. string gitPath = WhichUtil.Which("git", trace: trace); trace.Info($"Which(\"git\") returns: {gitPath ?? string.Empty}"); // Assert. Assert.True(!string.IsNullOrEmpty(gitPath) && File.Exists(gitPath), $"Unable to find Git through: {nameof(WhichUtil.Which)}"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void WhichReturnsNullWhenNotFound() { using (TestHostContext hc = new TestHostContext(this)) { //Arrange Tracing trace = hc.GetTrace(); // Act. string nosuch = WhichUtil.Which("no-such-file-cf7e351f", trace: trace); trace.Info($"result: {nosuch ?? string.Empty}"); // Assert. Assert.True(string.IsNullOrEmpty(nosuch), "Path should not be resolved"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void WhichThrowsWhenRequireAndNotFound() { using (TestHostContext hc = new TestHostContext(this)) { //Arrange Tracing trace = hc.GetTrace(); // Act. try { WhichUtil.Which("no-such-file-cf7e351f", require: true, trace: trace); throw new Exception("which should have thrown"); } catch (FileNotFoundException ex) { Assert.Equal("no-such-file-cf7e351f", ex.FileName); } } } } } ================================================ FILE: src/Test/L0/VstsAgentWebProxyL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Runtime.CompilerServices; using Xunit; using Moq; namespace Microsoft.VisualStudio.Services.Agent.Tests { public sealed class VstsAgentWebProxyL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CanProcessBypassHostsFromEnvironmentCorrectly() { using (var _hc = Setup(false)) { var answers = new string[] { "127\\.0\\.0\\.1", "\\.ing\\.net", "\\.intranet", "\\.corp\\.int", ".*corp\\.int", "127\\.0\\.0\\.1" }; // Ensure clean slate: remove any file-based bypass entries and clear any existing in-memory list var proxyBypassPath = _hc.GetConfigFile(WellKnownConfigFile.ProxyBypass); if (File.Exists(proxyBypassPath)) { File.Delete(proxyBypassPath); } // Preserve and set environment; restore after var prevNoProxy = Environment.GetEnvironmentVariable("no_proxy"); try { Environment.SetEnvironmentVariable("no_proxy", "127.0.0.1,.ing.net,.intranet,.corp.int,.*corp.int,127\\.0\\.0\\.1"); var vstsAgentWebProxy = new VstsAgentWebProxy(); vstsAgentWebProxy.Initialize(_hc); // Clear any state on the instance to avoid accumulation across calls vstsAgentWebProxy.ProxyBypassList.Clear(); vstsAgentWebProxy.LoadProxyBypassList(); // Assert strictly the six env-derived patterns in order Assert.NotNull(vstsAgentWebProxy.ProxyBypassList); Assert.Equal(6, vstsAgentWebProxy.ProxyBypassList.Count); for (int i = 0; i < answers.Length; i++) { Assert.Equal(answers[i], vstsAgentWebProxy.ProxyBypassList[i]); } } finally { Environment.SetEnvironmentVariable("no_proxy", prevNoProxy); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void UseBasicAuthForProxySetupAndPersistence() { using (var _hc = Setup(false)) { var vstsAgentWebProxy = new VstsAgentWebProxy(); vstsAgentWebProxy.Initialize(_hc); // Test SetupProxy with basic auth enabled vstsAgentWebProxy.SetupProxy("http://proxy.example.com:8080", "testuser", "testpass", true); // Assert proxy properties are set correctly Assert.Equal("http://proxy.example.com:8080", vstsAgentWebProxy.ProxyAddress); Assert.Equal("testuser", vstsAgentWebProxy.ProxyUsername); Assert.Equal("testpass", vstsAgentWebProxy.ProxyPassword); Assert.True(vstsAgentWebProxy.UseBasicAuthForProxy); // Test SetupProxy with basic auth disabled (default behavior) vstsAgentWebProxy.SetupProxy("http://proxy2.example.com:8080", "testuser2", "testpass2", false); Assert.Equal("http://proxy2.example.com:8080", vstsAgentWebProxy.ProxyAddress); Assert.Equal("testuser2", vstsAgentWebProxy.ProxyUsername); Assert.Equal("testpass2", vstsAgentWebProxy.ProxyPassword); Assert.False(vstsAgentWebProxy.UseBasicAuthForProxy); // Test legacy SetupProxy method (should default to false) vstsAgentWebProxy.SetupProxy("http://proxy3.example.com:8080", "testuser3", "testpass3"); Assert.Equal("http://proxy3.example.com:8080", vstsAgentWebProxy.ProxyAddress); Assert.Equal("testuser3", vstsAgentWebProxy.ProxyUsername); Assert.Equal("testpass3", vstsAgentWebProxy.ProxyPassword); Assert.False(vstsAgentWebProxy.UseBasicAuthForProxy); // Should default to false } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void CanSetupProxyWithBasicAuthFlag() { using (var _hc = Setup(false)) { // Arrange var vstsAgentWebProxy = new VstsAgentWebProxy(); vstsAgentWebProxy.Initialize(_hc); string proxyAddress = "http://proxy.example.com:8080"; string proxyUsername = "testuser"; string proxyPassword = "testpass"; // Test basic auth enabled vstsAgentWebProxy.SetupProxy(proxyAddress, proxyUsername, proxyPassword, true); // Assert basic auth flag is set Assert.True(vstsAgentWebProxy.UseBasicAuthForProxy); Assert.Equal(proxyAddress, vstsAgentWebProxy.ProxyAddress); Assert.Equal(proxyUsername, vstsAgentWebProxy.ProxyUsername); Assert.Equal(proxyPassword, vstsAgentWebProxy.ProxyPassword); // Test basic auth disabled vstsAgentWebProxy.SetupProxy(proxyAddress, proxyUsername, proxyPassword, false); // Assert basic auth flag is false Assert.False(vstsAgentWebProxy.UseBasicAuthForProxy); // Test legacy method (should default to false) vstsAgentWebProxy.SetupProxy(proxyAddress, proxyUsername, proxyPassword); // Assert basic auth defaults to false Assert.False(vstsAgentWebProxy.UseBasicAuthForProxy); } } public TestHostContext Setup(bool skipServerCertificateValidation, [CallerMemberName] string testName = "") { var _hc = new TestHostContext(this, testName); var certService = new Mock(); certService.Setup(x => x.SkipServerCertificateValidation).Returns(skipServerCertificateValidation); _hc.SetSingleton(certService.Object); return _hc; } } } ================================================ FILE: src/Test/L0/Worker/AgentPluginManagerL0.cs ================================================ using System; using Microsoft.VisualStudio.Services.Agent.Worker; using System.Runtime.CompilerServices; using System.Threading.Tasks; using Xunit; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Agent.Plugins.PipelineArtifact; using Agent.Plugins.PipelineCache; using System.Collections.Generic; using Moq; using Agent.Sdk; using System.Linq; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class AgentPluginManagerL0 { private class AgentPluginTaskTest { public string Name; public Guid TaskGuid; public List ExpectedTaskPlugins; public void RunTest(AgentPluginManager manager) { var taskPlugins = manager.GetTaskPlugins(TaskGuid); if (ExpectedTaskPlugins == null) { Assert.True(taskPlugins == null, $"{Name} returns null task plugins"); } else { Assert.True(taskPlugins.Count == ExpectedTaskPlugins.Count, $"{Name} has {ExpectedTaskPlugins.Count} Task Plugin(s)"); foreach (var s in ExpectedTaskPlugins) { Assert.True(taskPlugins.Contains(s), $"{Name} contains '{s}'"); } } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetTaskPluginsTests() { using (TestHostContext tc = CreateTestContext()) { Tracing trace = tc.GetTrace(); var agentPluginManager = new AgentPluginManager(); agentPluginManager.Initialize(tc); List tests = new List { new AgentPluginTaskTest() { Name = "Checkout Task", TaskGuid = Pipelines.PipelineConstants.CheckoutTask.Id, ExpectedTaskPlugins = new List { "Agent.Plugins.Repository.CheckoutTask, Agent.Plugins", "Agent.Plugins.Repository.CleanupTask, Agent.Plugins", } }, new AgentPluginTaskTest() { Name = "Download Pipline Artifact Task", TaskGuid = PipelineArtifactPluginConstants.DownloadPipelineArtifactTaskId, ExpectedTaskPlugins = new List { "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTask, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTaskV1, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTaskV1_1_0, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTaskV1_1_1, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTaskV1_1_2, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTaskV1_1_3, Agent.Plugins", "Agent.Plugins.PipelineArtifact.DownloadPipelineArtifactTaskV2_0_0, Agent.Plugins", } }, new AgentPluginTaskTest() { Name = "Publish Pipeline Artifact Task", TaskGuid = PipelineArtifactPluginConstants.PublishPipelineArtifactTaskId, ExpectedTaskPlugins = new List { "Agent.Plugins.PipelineArtifact.PublishPipelineArtifactTask, Agent.Plugins", "Agent.Plugins.PipelineArtifact.PublishPipelineArtifactTaskV1, Agent.Plugins", "Agent.Plugins.PipelineArtifact.PublishPipelineArtifactTaskV0_140_0, Agent.Plugins" } }, new AgentPluginTaskTest() { Name = "Pipeline Cache Task", TaskGuid = PipelineCachePluginConstants.CacheTaskId, ExpectedTaskPlugins = new List { "Agent.Plugins.PipelineCache.SavePipelineCacheV0, Agent.Plugins", "Agent.Plugins.PipelineCache.RestorePipelineCacheV0, Agent.Plugins", } }, new AgentPluginTaskTest() { Name = "Empty Guid Tasks", TaskGuid = Guid.Empty, ExpectedTaskPlugins = null }, }; foreach (var test in tests) { test.RunTest(agentPluginManager); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public Task RunPluginTaskAsyncThrowsNotsupported() { using (TestHostContext tc = CreateTestContext()) { Tracing trace = tc.GetTrace(); var agentPluginManager = new AgentPluginManager(); agentPluginManager.Initialize(tc); var executionContext = CreateTestExecutionContext(tc); return Assert.ThrowsAsync(() => agentPluginManager.RunPluginTaskAsync(executionContext, "invalid.plugin", new Dictionary(), new Dictionary(), null, null) ); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GeneratePluginExecutionContextHostInfoTest() { using (TestHostContext tc = CreateTestContext()) { Tracing trace = tc.GetTrace(); var agentPluginManager = new AgentPluginManager(); agentPluginManager.Initialize(tc); var inputs = new Dictionary(){ { "input1", "foo" }, { "input2", tc.GetDirectory(WellKnownDirectory.Work)}, }; var variables = new Dictionary(){ { "variable1", "foo" }, { "variable2", tc.GetDirectory(WellKnownDirectory.Work)}, }; var taskVariables = new Dictionary(){ { "taskVariable1", "foo" }, { "taskVariable2", tc.GetDirectory(WellKnownDirectory.Work)}, }; var executionContext = CreateTestExecutionContext(tc, variables: variables, taskVariables: taskVariables); var pluginContext = agentPluginManager.GeneratePluginExecutionContext(executionContext, inputs, executionContext.Variables); Assert.True(pluginContext != null, "PluginContext for Host Step Target is not null"); // inputs should match exactly for Host Step Targets Assert.True(inputs.All(e => pluginContext.Inputs.Contains(e))); // variables should match exactly for Host Step Targets Assert.True(variables.All(e => pluginContext.Variables.Contains(e))); // task variables should match exactly for Host Step Targets Assert.True(taskVariables.All(e => pluginContext.TaskVariables.Contains(e))); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GeneratePluginExecutionContextContainerInfoTest() { var dockerContainer = new Pipelines.ContainerResource() { Alias = "vsts_container_preview", Image = "foo" }; using (TestHostContext tc = CreateTestContext()) { Tracing trace = tc.GetTrace(); var agentPluginManager = new AgentPluginManager(); agentPluginManager.Initialize(tc); var containerInfo = tc.CreateContainerInfo(dockerContainer, isJobContainer: false); var containerWorkPath = "/__w"; if (TestUtil.IsWindows()) { containerWorkPath = "C:\\__w"; } var inputs = new Dictionary(){ { "input1", "foo" }, { "input2", containerWorkPath}, { "input3", tc.GetDirectory(WellKnownDirectory.Work)}, }; var expectedInputs = new Dictionary(){ { "input1", "foo" }, { "input2", tc.GetDirectory(WellKnownDirectory.Work)}, { "input3", tc.GetDirectory(WellKnownDirectory.Work)}, }; var variables = new Dictionary(){ { "variable1", "foo" }, { "variable2", containerWorkPath}, { "variable3", tc.GetDirectory(WellKnownDirectory.Work)}, }; var expectedVariables = new Dictionary(){ { "variable1", "foo" }, { "variable2", tc.GetDirectory(WellKnownDirectory.Work)}, { "variable3", tc.GetDirectory(WellKnownDirectory.Work)}, }; var taskVariables = new Dictionary(){ { "taskVariable1", "foo" }, { "taskVariable2", containerWorkPath}, { "taskVariable3", tc.GetDirectory(WellKnownDirectory.Work)}, }; var expectedTaskVariables = new Dictionary(){ { "taskVariable1", "foo" }, { "taskVariable2", tc.GetDirectory(WellKnownDirectory.Work)}, { "taskVariable3", tc.GetDirectory(WellKnownDirectory.Work)}, }; var executionContext = CreateTestExecutionContext(tc, stepTarget: containerInfo, variables: variables, taskVariables: taskVariables); var pluginContext = agentPluginManager.GeneratePluginExecutionContext(executionContext, inputs, executionContext.Variables); Assert.True(pluginContext != null, "PluginContext for Container Step Target is not null"); Assert.True(expectedInputs.All(e => pluginContext.Inputs.Contains(e))); Assert.True(expectedVariables.All(e => pluginContext.Variables.Contains(e))); Assert.True(expectedTaskVariables.All(e => pluginContext.TaskVariables.Contains(e))); } } private TestHostContext CreateTestContext([CallerMemberName] String testName = "") { TestHostContext tc = new TestHostContext(this, testName); return tc; } private IExecutionContext CreateTestExecutionContext(TestHostContext tc, ExecutionTargetInfo stepTarget = null, Dictionary variables = null, Dictionary taskVariables = null) { var trace = tc.GetTrace(); var executionContext = new Mock(); List warnings; variables = variables ?? new Dictionary(); taskVariables = taskVariables ?? new Dictionary(); executionContext .Setup(x => x.Variables) .Returns(new Variables(tc, copy: variables, warnings: out warnings)); executionContext .Setup(x => x.TaskVariables) .Returns(new Variables(tc, copy: taskVariables, warnings: out warnings)); if (stepTarget == null) { executionContext .Setup(x => x.StepTarget()) .Returns(new HostInfo()); } else { executionContext .Setup(x => x.StepTarget()) .Returns(stepTarget); } return executionContext.Object; } } } ================================================ FILE: src/Test/L0/Worker/Build/BuildDirectoryManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Moq; using System; using System.Collections.Generic; using System.IO; using System.Runtime.CompilerServices; using Xunit; using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Build { public sealed class BuildDirectoryManagerL0 { private const string CollectionId = "31ffacb8-b468-4e60-b2f9-c50ce437da92"; private const string DefinitionId = "1234"; private BuildDirectoryManager _buildDirectoryManager; private Mock _ec; private Pipelines.RepositoryResource _repository; private IList _repositories; private Pipelines.WorkspaceOptions _workspaceOptions; private TrackingConfig _existingConfig; private TrackingConfig _newConfig; private string _trackingFile; private Mock _trackingManager; private Variables _variables; private string _workFolder; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CreatesBuildDirectories() { // Arrange. using (TestHostContext hc = Setup()) { SetupEnvironmentVariables(allowWorkDirectory: "false"); // Act. _buildDirectoryManager.PrepareDirectory(_ec.Object, _repositories, _workspaceOptions); // Assert. Assert.True(Directory.Exists(Path.Combine(_workFolder, _newConfig.BuildDirectory, Constants.Build.Path.ArtifactsDirectory))); Assert.True(Directory.Exists(Path.Combine(_workFolder, _newConfig.BuildDirectory, Constants.Build.Path.BinariesDirectory))); Assert.True(Directory.Exists(Path.Combine(_workFolder, _newConfig.BuildDirectory, Constants.Build.Path.TestResultsDirectory))); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CreatesNewConfig() { // Arrange. using (TestHostContext hc = Setup()) { SetupEnvironmentVariables(allowWorkDirectory: "false"); // Act. var repos = new[] { _repository }; _buildDirectoryManager.PrepareDirectory(_ec.Object, repos, _workspaceOptions); // Assert. _trackingManager.Verify(x => x.Create(_ec.Object, repos, false)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CreatesNewConfigWhenHashKeyIsDifferent() { // Arrange. using (TestHostContext hc = Setup(existingConfigKind: ExistingConfigKind.Nonmatching)) { SetupEnvironmentVariables(allowWorkDirectory: "false"); // Act. var repos = new[] { _repository }; _buildDirectoryManager.PrepareDirectory(_ec.Object, repos, _workspaceOptions); // Assert. _trackingManager.Verify(x => x.LoadExistingTrackingConfig(_ec.Object)); _trackingManager.Verify(x => x.Create(_ec.Object, repos, false)); _trackingManager.Verify(x => x.MarkForGarbageCollection(_ec.Object, _existingConfig)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DeletesSourcesDirectoryWhenCleanIsSources() { // Arrange. using (TestHostContext hc = Setup(cleanOption: BuildCleanOption.Source)) { SetupEnvironmentVariables(allowWorkDirectory: "false"); string sourcesDirectory = Path.Combine(_workFolder, _newConfig.BuildDirectory, Constants.Build.Path.SourcesDirectory); string sourceFile = Path.Combine(sourcesDirectory, "some subdirectory", "some source file"); Directory.CreateDirectory(Path.GetDirectoryName(sourceFile)); File.WriteAllText(path: sourceFile, contents: "some source contents"); // Act. _buildDirectoryManager.PrepareDirectory(_ec.Object, _repositories, _workspaceOptions); // Assert. Assert.True(Directory.Exists(sourcesDirectory)); Assert.Equal(0, Directory.GetFileSystemEntries(sourcesDirectory, "*", SearchOption.AllDirectories).Length); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void RecreatesArtifactsAndTestResultsDirectory() { // Arrange. using (TestHostContext hc = Setup()) { SetupEnvironmentVariables(allowWorkDirectory: "false"); string artifactsDirectory = Path.Combine(_workFolder, _newConfig.BuildDirectory, Constants.Build.Path.ArtifactsDirectory); string artifactFile = Path.Combine(artifactsDirectory, "some subdirectory", "some artifact file"); Directory.CreateDirectory(Path.GetDirectoryName(artifactFile)); File.WriteAllText(path: artifactFile, contents: "some artifact contents"); string testResultsDirectory = Path.Combine(_workFolder, _newConfig.BuildDirectory, Constants.Build.Path.TestResultsDirectory); string testResultsFile = Path.Combine(testResultsDirectory, "some subdirectory", "some test results file"); Directory.CreateDirectory(Path.GetDirectoryName(testResultsFile)); File.WriteAllText(path: testResultsFile, contents: "some test result contents"); // Act. _buildDirectoryManager.PrepareDirectory(_ec.Object, _repositories, _workspaceOptions); // Assert. Assert.True(Directory.Exists(artifactsDirectory)); Assert.Equal(0, Directory.GetFileSystemEntries(artifactsDirectory).Length); Assert.True(Directory.Exists(testResultsDirectory)); Assert.Equal(0, Directory.GetFileSystemEntries(testResultsDirectory).Length); } } // Recreates build directory when clean is all. [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void RecreatesBuildDirectoryWhenCleanIsAll() { // Arrange. using (TestHostContext hc = Setup(cleanOption: BuildCleanOption.All)) { SetupEnvironmentVariables(allowWorkDirectory: "false"); string buildDirectory = Path.Combine(_workFolder, _newConfig.BuildDirectory); string looseFile = Path.Combine(buildDirectory, "some loose directory", "some loose file"); Directory.CreateDirectory(Path.GetDirectoryName(looseFile)); File.WriteAllText(path: looseFile, contents: "some loose file contents"); // Act. _buildDirectoryManager.PrepareDirectory(_ec.Object, _repositories, _workspaceOptions); // Assert. Assert.Equal(4, Directory.GetFileSystemEntries(buildDirectory, "*", SearchOption.AllDirectories).Length); Assert.True(Directory.Exists(Path.Combine(_workFolder, _newConfig.BuildDirectory, Constants.Build.Path.ArtifactsDirectory))); Assert.True(Directory.Exists(Path.Combine(_workFolder, _newConfig.BuildDirectory, Constants.Build.Path.BinariesDirectory))); Assert.True(Directory.Exists(Path.Combine(_workFolder, _newConfig.BuildDirectory, Constants.Build.Path.SourcesDirectory))); Assert.True(Directory.Exists(Path.Combine(_workFolder, _newConfig.BuildDirectory, Constants.Build.Path.TestResultsDirectory))); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void RecreatesBinariesDirectoryWhenCleanIsBinary() { // Arrange. using (TestHostContext hc = Setup(cleanOption: BuildCleanOption.Binary)) { SetupEnvironmentVariables(allowWorkDirectory: "false"); string binariesDirectory = Path.Combine(_workFolder, _newConfig.BuildDirectory, Constants.Build.Path.BinariesDirectory); string binaryFile = Path.Combine(binariesDirectory, "some subdirectory", "some binary file"); Directory.CreateDirectory(Path.GetDirectoryName(binaryFile)); File.WriteAllText(path: binaryFile, contents: "some binary contents"); // Act. _buildDirectoryManager.PrepareDirectory(_ec.Object, _repositories, _workspaceOptions); // Assert. Assert.True(Directory.Exists(binariesDirectory)); Assert.Equal(0, Directory.GetFileSystemEntries(binariesDirectory).Length); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void PrepareDirectoryUpdateRepositoryPath() { // Arrange. using (TestHostContext hc = Setup()) { SetupEnvironmentVariables(allowWorkDirectory: "false"); // Act. _buildDirectoryManager.PrepareDirectory(_ec.Object, _repositories, _workspaceOptions); // Assert. Assert.Equal(Path.Combine(_workFolder, _newConfig.SourcesDirectory), _repository.Properties.Get(Pipelines.RepositoryPropertyNames.Path)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void UpdatesExistingConfig() { // Arrange. using (TestHostContext hc = Setup(existingConfigKind: ExistingConfigKind.Matching)) { SetupEnvironmentVariables(allowWorkDirectory: "false"); // Act. _buildDirectoryManager.PrepareDirectory(_ec.Object, _repositories, _workspaceOptions); // Assert. _trackingManager.Verify(x => x.LoadExistingTrackingConfig(_ec.Object)); _trackingManager.Verify(x => x.UpdateTrackingConfig(_ec.Object, _existingConfig)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void UpdateDirectory_DontAllowWorkingDirectoryRepositories() { // Arrange. using (TestHostContext hc = Setup(existingConfigKind: ExistingConfigKind.Matching)) { SetupEnvironmentVariables(allowWorkDirectory: "false"); // Act. var tracking = _buildDirectoryManager.PrepareDirectory(_ec.Object, _repositories, _workspaceOptions); _repository.Properties.Set(Pipelines.RepositoryPropertyNames.Path, Path.Combine(hc.GetDirectory(WellKnownDirectory.Work), tracking.BuildDirectory, $"test{Path.DirectorySeparatorChar}foo")); var newTracking = _buildDirectoryManager.UpdateDirectory(_ec.Object, _repository); // Assert. Assert.Equal(newTracking.SourcesDirectory, $"1{Path.DirectorySeparatorChar}test{Path.DirectorySeparatorChar}foo"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void UpdateDirectory_AllowWorkingDirectoryRepositories() { // Arrange. using (TestHostContext hc = Setup(existingConfigKind: ExistingConfigKind.Matching)) { SetupEnvironmentVariables(allowWorkDirectory: "true"); // Act. var tracking = _buildDirectoryManager.PrepareDirectory(_ec.Object, _repositories, _workspaceOptions); _repository.Properties.Set(Pipelines.RepositoryPropertyNames.Path, Path.Combine(hc.GetDirectory(WellKnownDirectory.Work), $"test{Path.DirectorySeparatorChar}foo")); var newTracking = _buildDirectoryManager.UpdateDirectory(_ec.Object, _repository); // Assert. Assert.Equal(newTracking.SourcesDirectory, $"test{Path.DirectorySeparatorChar}foo"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void UpdateDirectoryFailOnInvalidPath_DontAllowWorkingDirectoryRepositories() { // Arrange. using (TestHostContext hc = Setup(existingConfigKind: ExistingConfigKind.Matching)) { SetupEnvironmentVariables(allowWorkDirectory: "false"); // Act. var tracking = _buildDirectoryManager.PrepareDirectory(_ec.Object, _repositories, _workspaceOptions); _repository.Properties.Set(Pipelines.RepositoryPropertyNames.Path, Path.Combine(hc.GetDirectory(WellKnownDirectory.Work), "test\\foo")); var exception = Assert.Throws(() => _buildDirectoryManager.UpdateDirectory(_ec.Object, _repository)); // Assert. Assert.True(exception.Message.Contains("should be located under agent's build directory")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void UpdateDirectoryFailOnInvalidPath_AllowWorkingDirectoryRepositories() { // Arrange. using (TestHostContext hc = Setup(existingConfigKind: ExistingConfigKind.Matching)) { SetupEnvironmentVariables(allowWorkDirectory: "true"); // Act. var tracking = _buildDirectoryManager.PrepareDirectory(_ec.Object, _repositories, _workspaceOptions); _repository.Properties.Set(Pipelines.RepositoryPropertyNames.Path, Path.Combine(hc.GetDirectory(WellKnownDirectory.Work), $"..{Path.DirectorySeparatorChar}test{Path.DirectorySeparatorChar}foo")); var exception = Assert.Throws(() => _buildDirectoryManager.UpdateDirectory(_ec.Object, _repository)); // Assert. Assert.True(exception.Message.Contains("should be located under agent's work directory")); } } // TODO: Updates legacy config. private TestHostContext Setup( [CallerMemberName] string name = "", BuildCleanOption? cleanOption = null, ExistingConfigKind existingConfigKind = ExistingConfigKind.None) { // Setup the host context. TestHostContext hc = new TestHostContext(this, name); // Create a random work path. var configStore = new Mock(); _workFolder = hc.GetDirectory(WellKnownDirectory.Work); var settings = new AgentSettings() { WorkFolder = _workFolder }; configStore.Setup(x => x.GetSettings()).Returns(settings); hc.SetSingleton(configStore.Object); // Setup the execution context. _ec = new Mock(); List warnings; _variables = new Variables(hc, new Dictionary(), out warnings); _variables.Set(Constants.Variables.System.CollectionId, CollectionId); _variables.Set(Constants.Variables.System.DefinitionId, DefinitionId); _variables.Set(Constants.Variables.Build.Clean, $"{cleanOption}"); _ec.Setup(x => x.Variables).Returns(_variables); // Store the expected tracking file path. _trackingFile = Path.Combine( _workFolder, Constants.Build.Path.SourceRootMappingDirectory, _ec.Object.Variables.System_CollectionId, _ec.Object.Variables.System_DefinitionId, Constants.Build.Path.TrackingConfigFile); // Setup the endpoint. _repository = new Pipelines.RepositoryResource() { Alias = "self", Type = Pipelines.RepositoryTypes.Git, Url = new Uri("http://contoso.visualstudio.com"), }; _repository.Properties.Set(Pipelines.RepositoryPropertyNames.Name, "Some endpoint name"); _repositories = new[] { _repository }; _workspaceOptions = new Pipelines.WorkspaceOptions(); // // Setup the source provider. // _sourceProvider = new Mock(); // _sourceProvider // .Setup(x => x.GetBuildDirectoryHashKey(_ec.Object, _repository)) // .Returns(HashKey); // hc.SetSingleton(_sourceProvider.Object); // Store the existing config object. switch (existingConfigKind) { case ExistingConfigKind.Matching: _existingConfig = new TrackingConfig(_ec.Object, _repositories, 1); Assert.Equal("1", _existingConfig.BuildDirectory); break; case ExistingConfigKind.Nonmatching: _existingConfig = new TrackingConfig(_ec.Object, _repositories, 2); Assert.Equal("2", _existingConfig.BuildDirectory); break; case ExistingConfigKind.None: break; default: throw new NotSupportedException(); } // Store the new config object. if (existingConfigKind == ExistingConfigKind.Matching) { _newConfig = _existingConfig; } else { _newConfig = new TrackingConfig(_ec.Object, _repositories, 3); Assert.Equal("3", _newConfig.BuildDirectory); } // Setup the tracking manager. _trackingManager = new Mock(); _trackingManager .Setup(x => x.LoadExistingTrackingConfig(_ec.Object)) .Returns(_existingConfig); _trackingManager .Setup(x => x.Create(_ec.Object, _repositories, false)) .Returns(_newConfig); if (existingConfigKind == ExistingConfigKind.Nonmatching) { _trackingManager .Setup(x => x.MarkForGarbageCollection(_ec.Object, _existingConfig)); } else if (existingConfigKind == ExistingConfigKind.Matching) { _trackingManager .Setup(x => x.UpdateTrackingConfig(_ec.Object, _existingConfig)); } else if (existingConfigKind != ExistingConfigKind.None) { throw new NotSupportedException(); } hc.SetSingleton(_trackingManager.Object); // Setup the build directory manager. _buildDirectoryManager = new BuildDirectoryManager(); _buildDirectoryManager.Initialize(hc); return hc; } private void SetupEnvironmentVariables(string allowWorkDirectory) { var environment = new SystemEnvironment(); environment.SetEnvironmentVariable("AZP_AGENT_ALLOW_WORK_DIRECTORY_REPOSITORIES", allowWorkDirectory); _ec.Setup(x => x.GetScopedEnvironment()).Returns(environment); } private enum ExistingConfigKind { None, Matching, Nonmatching, } } } ================================================ FILE: src/Test/L0/Worker/Build/BuildJobExtensionL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Runtime.CompilerServices; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Microsoft.VisualStudio.Services.Agent.Worker.Release; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Moq; using Xunit; using Agent.Sdk; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Build { public sealed class BuildJobExtensionL0 { private Mock _ec; private Mock _extensionManager; private Mock _sourceProvider; private Mock _buildDirectoryManager; private Mock _configurationStore; private Variables _variables; private string stubWorkFolder; private BuildJobExtension buildJobExtension; private List steps; private List repositories { get; set; } private Dictionary jobSettings { get; set; } private const string CollectionId = "31ffacb8-b468-4e60-b2f9-c50ce437da92"; private const string DefinitionId = "1234"; private Pipelines.WorkspaceOptions _workspaceOptions; private char directorySeparator = Path.DirectorySeparatorChar; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CheckSingleRepoWithoutPathInput() { using (TestHostContext tc = Setup(createWorkDirectory: false, checkOutConfig: CheckoutConfigType.SingleCheckoutDefaultPath)) { buildJobExtension.InitializeJobExtension(_ec.Object, steps, _workspaceOptions); var repoLocalPath = _ec.Object.Variables.Get(Constants.Variables.Build.RepoLocalPath); Assert.NotNull(repoLocalPath); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), repoLocalPath); var sourcesDir = _ec.Object.Variables.Get(Constants.Variables.Build.SourcesDirectory); Assert.NotNull(sourcesDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), sourcesDir); var defaultWorkingDir = _ec.Object.Variables.Get(Constants.Variables.System.DefaultWorkingDirectory); Assert.NotNull(defaultWorkingDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), defaultWorkingDir); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CheckSingleRepoWithCustomPaths() { using (TestHostContext tc = Setup(createWorkDirectory: false, checkOutConfig: CheckoutConfigType.SingleCheckoutCustomPath, pathToSelfRepo: "s/CustomApplicationFolder")) { buildJobExtension.InitializeJobExtension(_ec.Object, steps, _workspaceOptions); var repoLocalPath = _ec.Object.Variables.Get(Constants.Variables.Build.RepoLocalPath); Assert.NotNull(repoLocalPath); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), repoLocalPath); var sourcesDir = _ec.Object.Variables.Get(Constants.Variables.Build.SourcesDirectory); Assert.NotNull(sourcesDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), sourcesDir); var defaultWorkingDir = _ec.Object.Variables.Get(Constants.Variables.System.DefaultWorkingDirectory); Assert.NotNull(defaultWorkingDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), defaultWorkingDir); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CheckMultiRepoWithoutPathInput() { using (TestHostContext tc = Setup(createWorkDirectory: false, checkOutConfig: CheckoutConfigType.MultiCheckoutDefaultPath)) { buildJobExtension.InitializeJobExtension(_ec.Object, steps, _workspaceOptions); var repoLocalPath = _ec.Object.Variables.Get(Constants.Variables.Build.RepoLocalPath); Assert.NotNull(repoLocalPath); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), repoLocalPath); var sourcesDir = _ec.Object.Variables.Get(Constants.Variables.Build.SourcesDirectory); Assert.NotNull(sourcesDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), sourcesDir); var defaultWorkingDir = _ec.Object.Variables.Get(Constants.Variables.System.DefaultWorkingDirectory); Assert.NotNull(defaultWorkingDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), defaultWorkingDir); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CheckMultiRepoWithoutPathInputAndWithDefaultWorkingRepo() { using (TestHostContext tc = Setup(createWorkDirectory: false, checkOutConfig: CheckoutConfigType.MultiCheckoutDefaultPath, defaultWorkingDirRepo: true)) { buildJobExtension.InitializeJobExtension(_ec.Object, steps, _workspaceOptions); var repoLocalPath = _ec.Object.Variables.Get(Constants.Variables.Build.RepoLocalPath); Assert.NotNull(repoLocalPath); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), repoLocalPath); var sourcesDir = _ec.Object.Variables.Get(Constants.Variables.Build.SourcesDirectory); Assert.NotNull(sourcesDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), sourcesDir); var defaultWorkingDir = _ec.Object.Variables.Get(Constants.Variables.System.DefaultWorkingDirectory); Assert.NotNull(defaultWorkingDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s{directorySeparator}App"), defaultWorkingDir); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CheckMultiRepoWithPathInputToCustomPath() { using (TestHostContext tc = Setup(createWorkDirectory: false, checkOutConfig: CheckoutConfigType.MultiCheckoutCustomPath, pathToSelfRepo: "s/CustomApplicationFolder")) { buildJobExtension.InitializeJobExtension(_ec.Object, steps, _workspaceOptions); var repoLocalPath = _ec.Object.Variables.Get(Constants.Variables.Build.RepoLocalPath); Assert.NotNull(repoLocalPath); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s{directorySeparator}App"), repoLocalPath); var sourcesDir = _ec.Object.Variables.Get(Constants.Variables.Build.SourcesDirectory); Assert.NotNull(sourcesDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), sourcesDir); var defaultWorkingDir = _ec.Object.Variables.Get(Constants.Variables.System.DefaultWorkingDirectory); Assert.NotNull(defaultWorkingDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), defaultWorkingDir); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CheckMultiRepoWithPathInputToCustomPathAndWithDefaultWorkingRepo() { using (TestHostContext tc = Setup(createWorkDirectory: false, checkOutConfig: CheckoutConfigType.MultiCheckoutCustomPath, pathToSelfRepo: "s/CustomApplicationFolder", defaultWorkingDirRepo: true)) { buildJobExtension.InitializeJobExtension(_ec.Object, steps, _workspaceOptions); var repoLocalPath = _ec.Object.Variables.Get(Constants.Variables.Build.RepoLocalPath); Assert.NotNull(repoLocalPath); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s{directorySeparator}App"), repoLocalPath); var sourcesDir = _ec.Object.Variables.Get(Constants.Variables.Build.SourcesDirectory); Assert.NotNull(sourcesDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), sourcesDir); var defaultWorkingDir = _ec.Object.Variables.Get(Constants.Variables.System.DefaultWorkingDirectory); Assert.NotNull(defaultWorkingDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s{directorySeparator}App"), defaultWorkingDir); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CheckMultiRepoWithPathInputToDefaultPath() { using (TestHostContext tc = Setup(createWorkDirectory: false, checkOutConfig: CheckoutConfigType.MultiCheckoutCustomPath, pathToSelfRepo: "s/App")) { buildJobExtension.InitializeJobExtension(_ec.Object, steps, _workspaceOptions); var repoLocalPath = _ec.Object.Variables.Get(Constants.Variables.Build.RepoLocalPath); Assert.NotNull(repoLocalPath); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), repoLocalPath); var sourcesDir = _ec.Object.Variables.Get(Constants.Variables.Build.SourcesDirectory); Assert.NotNull(sourcesDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), sourcesDir); var defaultWorkingDir = _ec.Object.Variables.Get(Constants.Variables.System.DefaultWorkingDirectory); Assert.NotNull(defaultWorkingDir); Assert.Equal(Path.Combine(stubWorkFolder, $"1{directorySeparator}s"), defaultWorkingDir); } } private TestHostContext Setup([CallerMemberName] string name = "", bool createWorkDirectory = true, bool defaultWorkingDirRepo = false, CheckoutConfigType checkOutConfig = CheckoutConfigType.SingleCheckoutDefaultPath, string pathToSelfRepo = "") { bool isMulticheckoutScenario = checkOutConfig == CheckoutConfigType.MultiCheckoutCustomPath || checkOutConfig == CheckoutConfigType.MultiCheckoutDefaultPath; bool isCustomPathScenario = checkOutConfig == CheckoutConfigType.SingleCheckoutCustomPath || checkOutConfig == CheckoutConfigType.MultiCheckoutCustomPath; TestHostContext hc = new TestHostContext(this, name); this.stubWorkFolder = hc.GetDirectory(WellKnownDirectory.Work); if (createWorkDirectory) { Directory.CreateDirectory(this.stubWorkFolder); } _ec = new Mock(); _extensionManager = new Mock(); _sourceProvider = new Mock(); _buildDirectoryManager = new Mock(); _workspaceOptions = new Pipelines.WorkspaceOptions(); _configurationStore = new Mock(); _configurationStore.Setup(store => store.GetSettings()).Returns(new AgentSettings { WorkFolder = this.stubWorkFolder }); steps = new List(); var selfCheckoutTask = new Pipelines.TaskStep() { Reference = new Pipelines.TaskStepDefinitionReference() { Id = Guid.Parse("6d15af64-176c-496d-b583-fd2ae21d4df4"), Name = "Checkout", Version = "1.0.0" } }; selfCheckoutTask.Inputs.Add("repository", "self"); if (defaultWorkingDirRepo) { selfCheckoutTask.Inputs.Add("workspaceRepo", "true"); } if (isCustomPathScenario) { selfCheckoutTask.Inputs.Add("path", pathToSelfRepo); } steps.Add(selfCheckoutTask); // Setup second checkout only for multicheckout jobs if (isMulticheckoutScenario) { var anotherCheckoutTask = new Pipelines.TaskStep() { Reference = new Pipelines.TaskStepDefinitionReference() { Id = Guid.Parse("6d15af64-176c-496d-b583-fd2ae21d4df4"), Name = "Checkout", Version = "1.0.0" } }; anotherCheckoutTask.Inputs.Add("repository", "BuildRepo"); anotherCheckoutTask.Inputs.Add("path", "s/BuildRepo"); steps.Add(anotherCheckoutTask); } hc.SetSingleton(_buildDirectoryManager.Object); hc.SetSingleton(_extensionManager.Object); hc.SetSingleton(_configurationStore.Object); var buildVariables = GetBuildVariables(); _variables = new Variables(hc, buildVariables, out _); _ec.Setup(x => x.Variables).Returns(_variables); repositories = new List(); repositories.Add(GetRepository(hc, "self", "App", "App")); repositories.Add(GetRepository(hc, "repo2", "BuildRepo", "BuildRepo")); _ec.Setup(x => x.Repositories).Returns(repositories); jobSettings = new Dictionary(); jobSettings.Add(WellKnownJobSettings.HasMultipleCheckouts, isMulticheckoutScenario.ToString()); _ec.Setup(x => x.JobSettings).Returns(jobSettings); _ec.Setup(x => x.SetVariable(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Callback((string varName, string varValue, bool isSecret, bool isOutput, bool isFilePath, bool isReadOnly, bool preserveCase) => { _variables.Set(varName, varValue, false); }); _extensionManager.Setup(x => x.GetExtensions()) .Returns(new List { _sourceProvider.Object }); _sourceProvider.Setup(x => x.RepositoryType) .Returns(Pipelines.RepositoryTypes.ExternalGit); _buildDirectoryManager.Setup(x => x.PrepareDirectory(_ec.Object, repositories, _workspaceOptions)) .Returns(new TrackingConfig(_ec.Object, repositories, 1)); buildJobExtension = new BuildJobExtension(); buildJobExtension.Initialize(hc); return hc; } private Dictionary GetBuildVariables() { var buildVariables = new Dictionary(); buildVariables.Add(Constants.Variables.Build.SyncSources, Boolean.TrueString); buildVariables.Add(Constants.Variables.System.CollectionId, CollectionId); buildVariables.Add(Constants.Variables.System.DefinitionId, DefinitionId); return buildVariables; } private Pipelines.RepositoryResource GetRepository(TestHostContext hostContext, String alias, String relativePath, String Name) { var workFolder = hostContext.GetDirectory(WellKnownDirectory.Work); var repo = new Pipelines.RepositoryResource() { Alias = alias, Type = Pipelines.RepositoryTypes.ExternalGit, Id = alias, Url = new Uri($"http://contoso.visualstudio.com/{Name}"), Name = Name, }; repo.Properties.Set(Pipelines.RepositoryPropertyNames.Path, Path.Combine(workFolder, "1", relativePath)); return repo; } private enum CheckoutConfigType { MultiCheckoutDefaultPath = 0, MultiCheckoutCustomPath = 1, SingleCheckoutDefaultPath = 2, SingleCheckoutCustomPath = 3, } } } ================================================ FILE: src/Test/L0/Worker/Build/GitCommandManagerL0.cs ================================================ using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Moq; using System.IO; using System.Reflection; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Build; public class TestGitCommandManagerL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public void TestGetInternalGitPaths() { using var tc = new TestHostContext(this); var trace = tc.GetTrace(); var executionContext = new Mock(); GitCommandManager gitCliManager = new(); gitCliManager.Initialize(tc); var (resolvedGitPath, resolvedGitLfsPath) = gitCliManager.GetInternalGitPaths(); string gitPath = Path.Combine(tc.GetDirectory(WellKnownDirectory.Externals), "git", "cmd", "git.exe"); var binPath = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location); var rootPath = new DirectoryInfo(binPath).Parent.FullName; var externalsDirectoryPath = Path.Combine(rootPath, Constants.Path.ExternalsDirectory); string gitLfsPath; if (PlatformUtil.BuiltOnX86) { gitLfsPath = Path.Combine(externalsDirectoryPath, "git", "mingw32", "bin", $"git-lfs.exe"); } else { gitLfsPath = Path.Combine(externalsDirectoryPath, "git", "mingw64", "bin", $"git-lfs.exe"); } Assert.Equal(resolvedGitPath, gitPath); Assert.Equal(resolvedGitLfsPath, gitLfsPath); } } ================================================ FILE: src/Test/L0/Worker/Build/GitSourceProviderL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Moq; using System; using System.Collections.Generic; using System.IO; using System.Threading; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Build { public sealed class GitSourceProviderL0 { private Mock GetDefaultGitCommandMock() { Mock _gitCommandManager = new Mock(); _gitCommandManager .Setup(x => x.EnsureGitVersion(It.IsAny(), It.IsAny())) .Returns(true); _gitCommandManager .Setup(x => x.LoadGitExecutionInfo(It.IsAny(), It.IsAny(), null)) .Returns(Task.CompletedTask); _gitCommandManager .Setup(x => x.GitInit(It.IsAny(), It.IsAny())) .Returns(Task.FromResult(0)); _gitCommandManager .Setup(x => x.GitRemoteAdd(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(0)); _gitCommandManager .Setup(x => x.GitFetch(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(0)); _gitCommandManager .Setup(x => x.GitLFSFetch(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(0)); _gitCommandManager .Setup(x => x.GitCheckout(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(0)); _gitCommandManager .Setup(x => x.GitClean(It.IsAny(), It.IsAny())) .Returns(Task.FromResult(0)); _gitCommandManager .Setup(x => x.GitReset(It.IsAny(), It.IsAny())) .Returns(Task.FromResult(0)); _gitCommandManager .Setup(x => x.GitRemoteSetUrl(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(0)); _gitCommandManager .Setup(x => x.GitRemoteSetPushUrl(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(0)); _gitCommandManager .Setup(x => x.GitSubmoduleUpdate(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(0)); _gitCommandManager .Setup(x => x.GitSubmoduleSync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(0)); _gitCommandManager .Setup(x => x.GitGetFetchUrl(It.IsAny(), It.IsAny())) .Returns(Task.FromResult(new Uri("https://github.com/microsoft/azure-pipelines-agent"))); _gitCommandManager .Setup(x => x.GitDisableAutoGC(It.IsAny(), It.IsAny())) .Returns(Task.FromResult(0)); _gitCommandManager .Setup(x => x.GitVersion(It.IsAny())) .Returns(Task.FromResult(new Version(2, 7))); return _gitCommandManager; } private Mock GetTestExecutionContext(TestHostContext tc, string sourceFolder, string sourceBranch, string sourceVersion, bool enableAuth) { var trace = tc.GetTrace(); var executionContext = new Mock(); List warnings; executionContext .Setup(x => x.Variables) .Returns(new Variables(tc, copy: new Dictionary(), warnings: out warnings)); executionContext .Setup(x => x.Write(It.IsAny(), It.IsAny(), true)) .Callback((string tag, string message, bool canMaskSecrets) => { trace.Info($"{tag}{message}"); }); executionContext .Setup(x => x.WriteDebug) .Returns(true); executionContext .Setup(x => x.GetScopedEnvironment()) .Returns(new SystemEnvironment()); executionContext.Object.Variables.Set(Constants.Variables.Build.SourcesDirectory, sourceFolder); executionContext.Object.Variables.Set(Constants.Variables.Build.SourceBranch, sourceBranch); executionContext.Object.Variables.Set(Constants.Variables.Build.SourceVersion, sourceVersion); executionContext.Object.Variables.Set(Constants.Variables.System.EnableAccessToken, enableAuth.ToString()); return executionContext; } private ServiceEndpoint GetTestSourceEndpoint( string url, bool clean = false, bool checkoutSubmodules = false, bool gitLfsSupport = false, int fetchDepth = 0) { var endpoint = new ServiceEndpoint(); endpoint.Data[EndpointData.Clean] = clean.ToString(); endpoint.Data[EndpointData.CheckoutSubmodules] = checkoutSubmodules.ToString(); endpoint.Url = new Uri(url); endpoint.Authorization = new EndpointAuthorization() { Scheme = EndpointAuthorizationSchemes.UsernamePassword }; endpoint.Authorization.Parameters[EndpointAuthorizationParameters.Username] = "someuser"; endpoint.Authorization.Parameters[EndpointAuthorizationParameters.Password] = "SomePassword!"; endpoint.Data["FetchDepth"] = fetchDepth.ToString(); endpoint.Data["GitLfsSupport"] = gitLfsSupport.ToString(); return endpoint; } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetSourceGitClone() { using (TestHostContext tc = new TestHostContext(this)) { // Arrange. string dumySourceFolder = Path.Combine(tc.GetDirectory(WellKnownDirectory.Bin), "SourceProviderL0"); var executionContext = GetTestExecutionContext(tc, dumySourceFolder, "master", "a596e13f5db8869f44574be0392fb8fe1e790ce4", false); var endpoint = GetTestSourceEndpoint("https://github.com/microsoft/azure-pipelines-agent", false, false); var _gitCommandManager = GetDefaultGitCommandMock(); tc.SetSingleton(_gitCommandManager.Object); tc.SetSingleton(new VstsAgentWebProxy()); var _configStore = new Mock(); _configStore.Setup(x => x.GetSettings()).Returns(() => new AgentSettings() { ServerUrl = "http://localhost:8080/tfs" }); tc.SetSingleton(_configStore.Object); tc.SetSingleton(new AgentCertificateManager()); GitSourceProvider gitSourceProvider = new ExternalGitSourceProvider(); gitSourceProvider.Initialize(tc); gitSourceProvider.SetVariablesInEndpoint(executionContext.Object, endpoint); // Act. gitSourceProvider.GetSourceAsync(executionContext.Object, endpoint, default(CancellationToken)).GetAwaiter().GetResult(); // Assert. _gitCommandManager.Verify(x => x.GitInit(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitRemoteAdd(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitRemoteSetUrl(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitRemoteSetPushUrl(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitCheckout(executionContext.Object, dumySourceFolder, "a596e13f5db8869f44574be0392fb8fe1e790ce4", It.IsAny())); } } public static IEnumerable FeatureFlagsStatusData => new List { new object[] { true }, new object[] { false }, }; [Theory] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] [MemberData(nameof(FeatureFlagsStatusData))] public void TestSetGitConfiguration(bool featureFlagsStatus) { var featureFlagStatusString = featureFlagsStatus.ToString(); var invocation = featureFlagsStatus ? Times.Once() : Times.Never(); using TestHostContext tc = new TestHostContext(this, $"GitFeatureFlagStatus_{featureFlagStatusString}"); using var trace = tc.GetTrace(); // Arrange. var sourceProviderL0Path = Path.Combine(tc.GetDirectory(WellKnownDirectory.Bin), "SourceProviderL0"); var executionContext = GetTestExecutionContext(tc, sourceProviderL0Path, "master", "a596e13f5db8869f44574be0392fb8fe1e790ce4", false); var environment = new LocalEnvironment(); executionContext .Setup(x => x.GetScopedEnvironment()) .Returns(environment); environment.SetEnvironmentVariable(Constants.Variables.Agent.UseGitLongPaths, featureFlagStatusString); environment.SetEnvironmentVariable(Constants.Variables.Agent.UseGitSingleThread, featureFlagStatusString); environment.SetEnvironmentVariable(Constants.Variables.Agent.FixPossibleGitOutOfMemoryProblem, featureFlagStatusString); var gitCommandManager = GetDefaultGitCommandMock(); GitSourceProvider gitSourceProvider = new ExternalGitSourceProvider(); // Act. gitSourceProvider.SetGitFeatureFlagsConfiguration(executionContext.Object, gitCommandManager.Object, sourceProviderL0Path); // Assert. gitCommandManager.Verify(x => x.GitConfig(executionContext.Object, sourceProviderL0Path, "pack.threads", "1"), invocation); gitCommandManager.Verify(x => x.GitConfig(executionContext.Object, sourceProviderL0Path, "core.packedgitlimit", "256m"), invocation); gitCommandManager.Verify(x => x.GitConfig(executionContext.Object, sourceProviderL0Path, "core.longpaths", "true"), invocation); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetSourceGitFetch() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); // Arrange. string dumySourceFolder = Path.Combine(tc.GetDirectory(WellKnownDirectory.Bin), "SourceProviderL0"); try { Directory.CreateDirectory(dumySourceFolder); string dumyGitFolder = Path.Combine(dumySourceFolder, ".git"); Directory.CreateDirectory(dumyGitFolder); string dumyGitConfig = Path.Combine(dumyGitFolder, "config"); File.WriteAllText(dumyGitConfig, "test git confg file"); var executionContext = GetTestExecutionContext(tc, dumySourceFolder, "master", "a596e13f5db8869f44574be0392fb8fe1e790ce4", false); var endpoint = GetTestSourceEndpoint("https://github.com/microsoft/azure-pipelines-agent", false, false); var _gitCommandManager = GetDefaultGitCommandMock(); tc.SetSingleton(_gitCommandManager.Object); tc.SetSingleton(new VstsAgentWebProxy()); var _configStore = new Mock(); _configStore.Setup(x => x.GetSettings()).Returns(() => new AgentSettings() { ServerUrl = "http://localhost:8080/tfs" }); tc.SetSingleton(_configStore.Object); tc.SetSingleton(new AgentCertificateManager()); GitSourceProvider gitSourceProvider = new ExternalGitSourceProvider(); gitSourceProvider.Initialize(tc); gitSourceProvider.SetVariablesInEndpoint(executionContext.Object, endpoint); // Act. gitSourceProvider.GetSourceAsync(executionContext.Object, endpoint, default(CancellationToken)).GetAwaiter().GetResult(); // Assert. _gitCommandManager.Verify(x => x.GitDisableAutoGC(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitRemoteSetUrl(executionContext.Object, dumySourceFolder, "origin", "https://someuser:SomePassword%21@github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitRemoteSetPushUrl(executionContext.Object, dumySourceFolder, "origin", "https://someuser:SomePassword%21@github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitFetch(executionContext.Object, dumySourceFolder, "origin", It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())); _gitCommandManager.Verify(x => x.GitRemoteSetUrl(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitRemoteSetPushUrl(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitCheckout(executionContext.Object, dumySourceFolder, "a596e13f5db8869f44574be0392fb8fe1e790ce4", It.IsAny())); } finally { IOUtil.DeleteDirectory(dumySourceFolder, CancellationToken.None); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetSourceGitClonePR() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); // Arrange. string dumySourceFolder = Path.Combine(tc.GetDirectory(WellKnownDirectory.Bin), "SourceProviderL0"); var executionContext = GetTestExecutionContext(tc, dumySourceFolder, "refs/pull/12345", "a596e13f5db8869f44574be0392fb8fe1e790ce4", false); var endpoint = GetTestSourceEndpoint("https://github.com/microsoft/azure-pipelines-agent", false, false); var _gitCommandManager = GetDefaultGitCommandMock(); tc.SetSingleton(_gitCommandManager.Object); tc.SetSingleton(new VstsAgentWebProxy()); var _configStore = new Mock(); _configStore.Setup(x => x.GetSettings()).Returns(() => new AgentSettings() { ServerUrl = "http://localhost:8080/tfs" }); tc.SetSingleton(_configStore.Object); tc.SetSingleton(new AgentCertificateManager()); GitSourceProvider gitSourceProvider = new ExternalGitSourceProvider(); gitSourceProvider.Initialize(tc); gitSourceProvider.SetVariablesInEndpoint(executionContext.Object, endpoint); // Act. gitSourceProvider.GetSourceAsync(executionContext.Object, endpoint, default(CancellationToken)).GetAwaiter().GetResult(); // Assert. _gitCommandManager.Verify(x => x.GitInit(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitRemoteAdd(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitFetch(executionContext.Object, dumySourceFolder, "origin", It.IsAny(), It.IsAny(), new List() { "+refs/heads/*:refs/remotes/origin/*", "+refs/pull/12345:refs/remotes/pull/12345" }, It.IsAny(), It.IsAny())); _gitCommandManager.Verify(x => x.GitRemoteSetUrl(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitRemoteSetPushUrl(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitCheckout(executionContext.Object, dumySourceFolder, It.Is(s => s.Equals("refs/remotes/pull/12345")), It.IsAny())); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetSourceGitFetchPR() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); // Arrange. string dumySourceFolder = Path.Combine(tc.GetDirectory(WellKnownDirectory.Bin), "SourceProviderL0"); try { Directory.CreateDirectory(dumySourceFolder); string dumyGitFolder = Path.Combine(dumySourceFolder, ".git"); Directory.CreateDirectory(dumyGitFolder); string dumyGitConfig = Path.Combine(dumyGitFolder, "config"); File.WriteAllText(dumyGitConfig, "test git confg file"); var executionContext = GetTestExecutionContext(tc, dumySourceFolder, "refs/pull/12345/merge", "a596e13f5db8869f44574be0392fb8fe1e790ce4", false); var endpoint = GetTestSourceEndpoint("https://github.com/microsoft/azure-pipelines-agent", false, false); var _gitCommandManager = GetDefaultGitCommandMock(); tc.SetSingleton(_gitCommandManager.Object); tc.SetSingleton(new VstsAgentWebProxy()); var _configStore = new Mock(); _configStore.Setup(x => x.GetSettings()).Returns(() => new AgentSettings() { ServerUrl = "http://localhost:8080/tfs" }); tc.SetSingleton(_configStore.Object); tc.SetSingleton(new AgentCertificateManager()); GitSourceProvider gitSourceProvider = new ExternalGitSourceProvider(); gitSourceProvider.Initialize(tc); gitSourceProvider.SetVariablesInEndpoint(executionContext.Object, endpoint); // Act. gitSourceProvider.GetSourceAsync(executionContext.Object, endpoint, default(CancellationToken)).GetAwaiter().GetResult(); // Assert. _gitCommandManager.Verify(x => x.GitDisableAutoGC(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitRemoteSetUrl(executionContext.Object, dumySourceFolder, "origin", "https://someuser:SomePassword%21@github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitRemoteSetPushUrl(executionContext.Object, dumySourceFolder, "origin", "https://someuser:SomePassword%21@github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitFetch(executionContext.Object, dumySourceFolder, "origin", It.IsAny(), It.IsAny(), new List() { "+refs/heads/*:refs/remotes/origin/*", "+refs/pull/12345/merge:refs/remotes/pull/12345/merge" }, It.IsAny(), It.IsAny())); _gitCommandManager.Verify(x => x.GitRemoteSetUrl(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitRemoteSetPushUrl(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitCheckout(executionContext.Object, dumySourceFolder, "refs/remotes/pull/12345/merge", It.IsAny())); } finally { IOUtil.DeleteDirectory(dumySourceFolder, CancellationToken.None); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetSourceReCloneOnUrlNotMatch() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); // Arrange. string dumySourceFolder = Path.Combine(tc.GetDirectory(WellKnownDirectory.Bin), "SourceProviderL0"); try { Directory.CreateDirectory(dumySourceFolder); string dumyGitFolder = Path.Combine(dumySourceFolder, ".git"); Directory.CreateDirectory(dumyGitFolder); string dumyGitConfig = Path.Combine(dumyGitFolder, "config"); File.WriteAllText(dumyGitConfig, "test git confg file"); var executionContext = GetTestExecutionContext(tc, dumySourceFolder, "refs/heads/users/user1", "", true); var endpoint = GetTestSourceEndpoint("https://github.com/microsoft/azure-pipelines-agent", false, false); var _gitCommandManager = GetDefaultGitCommandMock(); _gitCommandManager .Setup(x => x.GitGetFetchUrl(It.IsAny(), It.IsAny())) .Returns(Task.FromResult(new Uri("https://github.com/microsoft/azure-pipelines-another-agent"))); tc.SetSingleton(_gitCommandManager.Object); tc.SetSingleton(new VstsAgentWebProxy()); var _configStore = new Mock(); _configStore.Setup(x => x.GetSettings()).Returns(() => new AgentSettings() { ServerUrl = "http://localhost:8080/tfs" }); tc.SetSingleton(_configStore.Object); tc.SetSingleton(new AgentCertificateManager()); GitSourceProvider gitSourceProvider = new ExternalGitSourceProvider(); gitSourceProvider.Initialize(tc); gitSourceProvider.SetVariablesInEndpoint(executionContext.Object, endpoint); // Act. gitSourceProvider.GetSourceAsync(executionContext.Object, endpoint, default(CancellationToken)).GetAwaiter().GetResult(); // Assert. _gitCommandManager.Verify(x => x.GitInit(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitRemoteAdd(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitCheckout(executionContext.Object, dumySourceFolder, "refs/remotes/origin/users/user1", It.IsAny())); } finally { IOUtil.DeleteDirectory(dumySourceFolder, CancellationToken.None); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetSourceGitFetchWithClean() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); // Arrange. string dumySourceFolder = Path.Combine(tc.GetDirectory(WellKnownDirectory.Bin), "SourceProviderL0"); try { Directory.CreateDirectory(dumySourceFolder); string dumyGitFolder = Path.Combine(dumySourceFolder, ".git"); Directory.CreateDirectory(dumyGitFolder); string dumyGitConfig = Path.Combine(dumyGitFolder, "config"); File.WriteAllText(dumyGitConfig, "test git confg file"); var executionContext = GetTestExecutionContext(tc, dumySourceFolder, "refs/remotes/origin/master", "", false); var endpoint = GetTestSourceEndpoint("https://github.com/microsoft/azure-pipelines-agent", true, false); var _gitCommandManager = GetDefaultGitCommandMock(); tc.SetSingleton(_gitCommandManager.Object); tc.SetSingleton(new VstsAgentWebProxy()); var _configStore = new Mock(); _configStore.Setup(x => x.GetSettings()).Returns(() => new AgentSettings() { ServerUrl = "http://localhost:8080/tfs" }); tc.SetSingleton(_configStore.Object); tc.SetSingleton(new AgentCertificateManager()); GitSourceProvider gitSourceProvider = new ExternalGitSourceProvider(); gitSourceProvider.Initialize(tc); gitSourceProvider.SetVariablesInEndpoint(executionContext.Object, endpoint); // Act. gitSourceProvider.GetSourceAsync(executionContext.Object, endpoint, default(CancellationToken)).GetAwaiter().GetResult(); // Assert. _gitCommandManager.Verify(x => x.GitClean(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitReset(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitDisableAutoGC(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitRemoteSetUrl(executionContext.Object, dumySourceFolder, "origin", It.Is(s => s.Equals("https://someuser:SomePassword%21@github.com/microsoft/azure-pipelines-agent")))); _gitCommandManager.Verify(x => x.GitRemoteSetPushUrl(executionContext.Object, dumySourceFolder, "origin", It.Is(s => s.Equals("https://someuser:SomePassword%21@github.com/microsoft/azure-pipelines-agent")))); _gitCommandManager.Verify(x => x.GitFetch(executionContext.Object, dumySourceFolder, "origin", It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())); _gitCommandManager.Verify(x => x.GitRemoteSetUrl(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitRemoteSetPushUrl(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitCheckout(executionContext.Object, dumySourceFolder, "refs/remotes/origin/master", It.IsAny())); } finally { IOUtil.DeleteDirectory(dumySourceFolder, CancellationToken.None); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetSourceGitShallowFetch() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); // Arrange. string dumySourceFolder = Path.Combine(tc.GetDirectory(WellKnownDirectory.Bin), "SourceProviderL0"); try { Directory.CreateDirectory(dumySourceFolder); var executionContext = GetTestExecutionContext(tc, dumySourceFolder, "refs/remotes/origin/master", "", false); var endpoint = GetTestSourceEndpoint("https://github.com/microsoft/azure-pipelines-agent", false, false, false, 1); var _gitCommandManager = GetDefaultGitCommandMock(); tc.SetSingleton(_gitCommandManager.Object); tc.SetSingleton(new VstsAgentWebProxy()); var _configStore = new Mock(); _configStore.Setup(x => x.GetSettings()).Returns(() => new AgentSettings() { ServerUrl = "http://localhost:8080/tfs" }); tc.SetSingleton(_configStore.Object); tc.SetSingleton(new AgentCertificateManager()); GitSourceProvider gitSourceProvider = new ExternalGitSourceProvider(); gitSourceProvider.Initialize(tc); gitSourceProvider.SetVariablesInEndpoint(executionContext.Object, endpoint); // Act. gitSourceProvider.GetSourceAsync(executionContext.Object, endpoint, default(CancellationToken)).GetAwaiter().GetResult(); // Assert. _gitCommandManager.Verify(x => x.GitInit(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitRemoteAdd(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitFetch(executionContext.Object, dumySourceFolder, "origin", 1, It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())); _gitCommandManager.Verify(x => x.GitCheckout(executionContext.Object, dumySourceFolder, "refs/remotes/origin/master", It.IsAny())); } finally { IOUtil.DeleteDirectory(dumySourceFolder, CancellationToken.None); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetSourceGitFetchWithLFS() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); // Arrange. string dumySourceFolder = Path.Combine(tc.GetDirectory(WellKnownDirectory.Bin), "SourceProviderL0"); try { Directory.CreateDirectory(dumySourceFolder); var executionContext = GetTestExecutionContext(tc, dumySourceFolder, "refs/remotes/origin/master", "", false); var endpoint = GetTestSourceEndpoint("https://github.com/microsoft/azure-pipelines-agent", false, false, true); var _gitCommandManager = GetDefaultGitCommandMock(); tc.SetSingleton(_gitCommandManager.Object); tc.SetSingleton(new VstsAgentWebProxy()); var _configStore = new Mock(); _configStore.Setup(x => x.GetSettings()).Returns(() => new AgentSettings() { ServerUrl = "http://localhost:8080/tfs" }); tc.SetSingleton(_configStore.Object); tc.SetSingleton(new AgentCertificateManager()); GitSourceProvider gitSourceProvider = new ExternalGitSourceProvider(); gitSourceProvider.Initialize(tc); gitSourceProvider.SetVariablesInEndpoint(executionContext.Object, endpoint); // Act. gitSourceProvider.GetSourceAsync(executionContext.Object, endpoint, default(CancellationToken)).GetAwaiter().GetResult(); // Assert. _gitCommandManager.Verify(x => x.GitInit(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitRemoteAdd(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitLFSInstall(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitConfig(executionContext.Object, dumySourceFolder, "remote.origin.lfsurl", "https://someuser:SomePassword%21@github.com/microsoft/azure-pipelines-agent.git/info/lfs")); _gitCommandManager.Verify(x => x.GitConfig(executionContext.Object, dumySourceFolder, "remote.origin.lfspushurl", "https://someuser:SomePassword%21@github.com/microsoft/azure-pipelines-agent.git/info/lfs")); _gitCommandManager.Verify(x => x.GitLFSFetch(executionContext.Object, dumySourceFolder, "origin", It.IsAny(), It.IsAny(), It.IsAny())); _gitCommandManager.Verify(x => x.GitFetch(executionContext.Object, dumySourceFolder, "origin", It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())); _gitCommandManager.Verify(x => x.GitCheckout(executionContext.Object, dumySourceFolder, "refs/remotes/origin/master", It.IsAny())); } finally { IOUtil.DeleteDirectory(dumySourceFolder, CancellationToken.None); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetSourcePreferFeatureVariables() { using (TestHostContext tc = new TestHostContext(this)) { var trace = tc.GetTrace(); // Arrange. string dumySourceFolder = Path.Combine(tc.GetDirectory(WellKnownDirectory.Bin), "SourceProviderL0"); try { Directory.CreateDirectory(dumySourceFolder); var executionContext = GetTestExecutionContext(tc, dumySourceFolder, "refs/remotes/origin/master", "", false); executionContext.Object.Variables.Set("agent.source.git.lfs", "true"); executionContext.Object.Variables.Set("agent.source.git.shallowFetchDepth", "10"); var endpoint = GetTestSourceEndpoint("https://github.com/microsoft/azure-pipelines-agent", false, false, false, 0); var _gitCommandManager = GetDefaultGitCommandMock(); tc.SetSingleton(_gitCommandManager.Object); tc.SetSingleton(new VstsAgentWebProxy()); var _configStore = new Mock(); _configStore.Setup(x => x.GetSettings()).Returns(() => new AgentSettings() { ServerUrl = "http://localhost:8080/tfs" }); tc.SetSingleton(_configStore.Object); tc.SetSingleton(new AgentCertificateManager()); GitSourceProvider gitSourceProvider = new ExternalGitSourceProvider(); gitSourceProvider.Initialize(tc); gitSourceProvider.SetVariablesInEndpoint(executionContext.Object, endpoint); // Act. gitSourceProvider.GetSourceAsync(executionContext.Object, endpoint, default(CancellationToken)).GetAwaiter().GetResult(); // Assert. _gitCommandManager.Verify(x => x.GitInit(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitRemoteAdd(executionContext.Object, dumySourceFolder, "origin", "https://github.com/microsoft/azure-pipelines-agent")); _gitCommandManager.Verify(x => x.GitLFSInstall(executionContext.Object, dumySourceFolder)); _gitCommandManager.Verify(x => x.GitConfig(executionContext.Object, dumySourceFolder, "remote.origin.lfsurl", "https://someuser:SomePassword%21@github.com/microsoft/azure-pipelines-agent.git/info/lfs")); _gitCommandManager.Verify(x => x.GitConfig(executionContext.Object, dumySourceFolder, "remote.origin.lfspushurl", "https://someuser:SomePassword%21@github.com/microsoft/azure-pipelines-agent.git/info/lfs")); _gitCommandManager.Verify(x => x.GitLFSFetch(executionContext.Object, dumySourceFolder, "origin", It.IsAny(), It.IsAny(), It.IsAny())); _gitCommandManager.Verify(x => x.GitFetch(executionContext.Object, dumySourceFolder, "origin", 10, It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())); _gitCommandManager.Verify(x => x.GitCheckout(executionContext.Object, dumySourceFolder, "refs/remotes/origin/master", It.IsAny())); } finally { IOUtil.DeleteDirectory(dumySourceFolder, CancellationToken.None); } } } } } ================================================ FILE: src/Test/L0/Worker/Build/TfsVCCommandManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Build { public sealed class TfsVCCommandManagerL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void FeaturesEnumHasCorrectValues() { var hashtable = new HashSet(); foreach (int val in Enum.GetValues(typeof(TfsVCFeatures))) { Assert.True(hashtable.Add(val), $"Duplicate value detected: {val}"); Assert.True(val >= 0, $"Must be greater than or equal to zero: {val}"); if (val > 0) { double log = Math.Log(val, 2); Assert.True(log - Math.Floor(log) == 0, $"Must be a power of 2: {val}"); } } } } } ================================================ FILE: src/Test/L0/Worker/Build/TfsVCSourceProvider.WorkspaceUtilL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Linq; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Build { public sealed class TfsVCSourceProvider_WorkspaceUtilL0 { private TfsVCSourceProvider.DefinitionWorkspaceMapping[] _definitionMappings; private Mock _executionContext; private string _sourceFile; private string _sourcesDirectory; private Tracing _trace; private string _workspaceName; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DoesNotMatch_Cloak_ServerPath() { using (TestHostContext tc = new TestHostContext(this)) { try { // Arrange. Prepare(tc); _definitionMappings = new[] { new TfsVCSourceProvider.DefinitionWorkspaceMapping { MappingType = TfsVCSourceProvider.DefinitionMappingType.Cloak, ServerPath = "$/myProj", }, }; var tfWorkspace = new MockTfsVCWorkspace( name: _workspaceName, mappings: _definitionMappings, localRoot: _sourcesDirectory); (tfWorkspace.Mappings[0] as MockTfsVCMapping).ServerPath = "$/otherProj"; // Act. ITfsVCWorkspace actual = TfsVCSourceProvider.WorkspaceUtil.MatchExactWorkspace( executionContext: _executionContext.Object, tfWorkspaces: new[] { tfWorkspace }, name: _workspaceName, definitionMappings: _definitionMappings, sourcesDirectory: _sourcesDirectory); // Assert. Assert.Null(actual); } finally { Cleanup(); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DoesNotMatch_ComputerName() { using (TestHostContext tc = new TestHostContext(this)) { try { // Arrange. Prepare(tc); _definitionMappings = new[] { new TfsVCSourceProvider.DefinitionWorkspaceMapping { LocalPath = "", MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/myProj", }, }; var tfWorkspace = new MockTfsVCWorkspace( name: _workspaceName, mappings: _definitionMappings, localRoot: _sourcesDirectory, computer: "NON_MATCHING_COMPUTER_NAME"); // Act. ITfsVCWorkspace actual = TfsVCSourceProvider.WorkspaceUtil.MatchExactWorkspace( executionContext: _executionContext.Object, tfWorkspaces: new[] { tfWorkspace }, name: _workspaceName, definitionMappings: _definitionMappings, sourcesDirectory: _sourcesDirectory); // Assert. Assert.Null(actual); } finally { Cleanup(); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DoesNotMatch_Map_LocalPath() { using (TestHostContext tc = new TestHostContext(this)) { try { // Arrange. Prepare(tc); _definitionMappings = new[] { new TfsVCSourceProvider.DefinitionWorkspaceMapping { LocalPath = "myProj", MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/myProj", }, }; var tfWorkspace = new MockTfsVCWorkspace( name: _workspaceName, mappings: _definitionMappings, localRoot: _sourcesDirectory); (tfWorkspace.Mappings[0] as MockTfsVCMapping).LocalPath = Path.Combine(_sourcesDirectory, "otherProj"); // Act. ITfsVCWorkspace actual = TfsVCSourceProvider.WorkspaceUtil.MatchExactWorkspace( executionContext: _executionContext.Object, tfWorkspaces: new[] { tfWorkspace }, name: _workspaceName, definitionMappings: _definitionMappings, sourcesDirectory: _sourcesDirectory); // Assert. Assert.Null(actual); } finally { Cleanup(); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DoesNotMatch_Map_Recursive() { using (TestHostContext tc = new TestHostContext(this)) { try { // Arrange. Prepare(tc); _definitionMappings = new[] { new TfsVCSourceProvider.DefinitionWorkspaceMapping { LocalPath = "", MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/myProj", }, }; var tfWorkspace = new MockTfsVCWorkspace( name: _workspaceName, mappings: _definitionMappings, localRoot: _sourcesDirectory); (tfWorkspace.Mappings[0] as MockTfsVCMapping).Recursive = false; // Act. ITfsVCWorkspace actual = TfsVCSourceProvider.WorkspaceUtil.MatchExactWorkspace( executionContext: _executionContext.Object, tfWorkspaces: new[] { tfWorkspace }, name: _workspaceName, definitionMappings: _definitionMappings, sourcesDirectory: _sourcesDirectory); // Assert. Assert.Null(actual); } finally { Cleanup(); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DoesNotMatch_Map_ServerPath() { using (TestHostContext tc = new TestHostContext(this)) { try { // Arrange. Prepare(tc); _definitionMappings = new[] { new TfsVCSourceProvider.DefinitionWorkspaceMapping { LocalPath = "", MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/myProj", }, }; var tfWorkspace = new MockTfsVCWorkspace( name: _workspaceName, mappings: _definitionMappings, localRoot: _sourcesDirectory); (tfWorkspace.Mappings[0] as MockTfsVCMapping).ServerPath = "$/otherProj"; // Act. ITfsVCWorkspace actual = TfsVCSourceProvider.WorkspaceUtil.MatchExactWorkspace( executionContext: _executionContext.Object, tfWorkspaces: new[] { tfWorkspace }, name: _workspaceName, definitionMappings: _definitionMappings, sourcesDirectory: _sourcesDirectory); // Assert. Assert.Null(actual); } finally { Cleanup(); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DoesNotMatch_Map_SingleLevel() { using (TestHostContext tc = new TestHostContext(this)) { try { // Arrange. Prepare(tc); _definitionMappings = new[] { new TfsVCSourceProvider.DefinitionWorkspaceMapping { LocalPath = "", MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/myProj/*", }, }; var tfWorkspace = new MockTfsVCWorkspace( name: _workspaceName, mappings: _definitionMappings, localRoot: _sourcesDirectory); (tfWorkspace.Mappings[0] as MockTfsVCMapping).Recursive = true; // Act. ITfsVCWorkspace actual = TfsVCSourceProvider.WorkspaceUtil.MatchExactWorkspace( executionContext: _executionContext.Object, tfWorkspaces: new[] { tfWorkspace }, name: _workspaceName, definitionMappings: _definitionMappings, sourcesDirectory: _sourcesDirectory); // Assert. Assert.Null(actual); } finally { Cleanup(); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DoesNotMatch_MappingType() { using (TestHostContext tc = new TestHostContext(this)) { try { // Arrange. Prepare(tc); _definitionMappings = new[] { new TfsVCSourceProvider.DefinitionWorkspaceMapping { LocalPath = "", MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/myProj", }, }; var tfWorkspace = new MockTfsVCWorkspace( name: _workspaceName, mappings: _definitionMappings, localRoot: _sourcesDirectory); (tfWorkspace.Mappings[0] as MockTfsVCMapping).Cloak = true; // Act. ITfsVCWorkspace actual = TfsVCSourceProvider.WorkspaceUtil.MatchExactWorkspace( executionContext: _executionContext.Object, tfWorkspaces: new[] { tfWorkspace }, name: _workspaceName, definitionMappings: _definitionMappings, sourcesDirectory: _sourcesDirectory); // Assert. Assert.Null(actual); } finally { Cleanup(); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DoesNotMatch_WorkspaceName() { using (TestHostContext tc = new TestHostContext(this)) { try { // Arrange. Prepare(tc); _definitionMappings = new[] { new TfsVCSourceProvider.DefinitionWorkspaceMapping { LocalPath = "", MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/myProj", }, }; var tfWorkspace = new MockTfsVCWorkspace( name: "NON_MATCHING_WORKSPACE_NAME", mappings: _definitionMappings, localRoot: _sourcesDirectory); // Act. ITfsVCWorkspace actual = TfsVCSourceProvider.WorkspaceUtil.MatchExactWorkspace( executionContext: _executionContext.Object, tfWorkspaces: new[] { tfWorkspace }, name: _workspaceName, definitionMappings: _definitionMappings, sourcesDirectory: _sourcesDirectory); // Assert. Assert.Null(actual); } finally { Cleanup(); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Matches() { using (TestHostContext tc = new TestHostContext(this)) { try { // Arrange. Prepare(tc); var expected = new MockTfsVCWorkspace( name: _workspaceName, mappings: _definitionMappings, localRoot: _sourcesDirectory); // Act. ITfsVCWorkspace actual = TfsVCSourceProvider.WorkspaceUtil.MatchExactWorkspace( executionContext: _executionContext.Object, tfWorkspaces: new[] { expected }, name: _workspaceName, definitionMappings: _definitionMappings, sourcesDirectory: _sourcesDirectory); // Assert. Assert.Equal(expected, actual); } finally { Cleanup(); } } } private void Cleanup() { if (!string.IsNullOrEmpty(_sourcesDirectory)) { Directory.Delete(_sourcesDirectory, recursive: true); } } private void Prepare(TestHostContext hostContext) { _trace = hostContext.GetTrace(); // Prepare the sources directory. The workspace helper will not return any // matches if the sources directory does not exist with something in it. _sourcesDirectory = Path.Combine(hostContext.GetDirectory(WellKnownDirectory.Bin), Path.GetRandomFileName()); _sourceFile = Path.Combine(_sourcesDirectory, "some file"); Directory.CreateDirectory(_sourcesDirectory); File.WriteAllText(path: _sourceFile, contents: "some contents"); // Prepare a basic definition workspace. _workspaceName = "ws_1_1"; _definitionMappings = new[] { new TfsVCSourceProvider.DefinitionWorkspaceMapping { LocalPath = "", MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/*", }, new TfsVCSourceProvider.DefinitionWorkspaceMapping { LocalPath = "myProj", MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/myProj", }, new TfsVCSourceProvider.DefinitionWorkspaceMapping { LocalPath = "myProj/Drops", MappingType = TfsVCSourceProvider.DefinitionMappingType.Cloak, ServerPath = "$/myProj/Drops", }, new TfsVCSourceProvider.DefinitionWorkspaceMapping { LocalPath = "otherProj/mydir", MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/otherProj/mydir/*", }, }; _executionContext = new Mock(); _executionContext .Setup(x => x.WriteDebug) .Returns(true); _executionContext .Setup(x => x.Write(It.IsAny(), It.IsAny(), true)) .Callback((string tag, string message, bool canMaskSecrets) => _trace.Info($"[ExecutionContext]{tag} {message}")); } public sealed class MockTfsVCWorkspace : ITfsVCWorkspace { public MockTfsVCWorkspace( string name, TfsVCSourceProvider.DefinitionWorkspaceMapping[] mappings = null, string localRoot = null, string computer = null) { ArgUtil.NotNullOrEmpty(name, nameof(name)); Computer = computer != null ? computer : Environment.MachineName; Mappings = (mappings ?? new TfsVCSourceProvider.DefinitionWorkspaceMapping[0]) .Select(x => new MockTfsVCMapping(x, localRoot)) .ToArray(); Name = name; } public string Computer { get; set; } public string Name { get; set; } public string Owner { get; set; } public ITfsVCMapping[] Mappings { get; set; } } public sealed class MockTfsVCMapping : ITfsVCMapping { public MockTfsVCMapping(TfsVCSourceProvider.DefinitionWorkspaceMapping mapping, string localRoot) { ArgUtil.NotNull(mapping, nameof(mapping)); ArgUtil.NotNull(localRoot, nameof(localRoot)); Cloak = mapping.MappingType == TfsVCSourceProvider.DefinitionMappingType.Cloak; LocalPath = mapping.GetRootedLocalPath(localRoot); Recursive = mapping.Recursive; ServerPath = mapping.NormalizedServerPath; } public bool Cloak { get; set; } public string LocalPath { get; set; } public bool Recursive { get; set; } public string ServerPath { get; set; } } } } ================================================ FILE: src/Test/L0/Worker/Build/TfsVCSourceProviderL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.IO; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Build { public sealed class TfsVCSourceProviderL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void InterpretsRecursive() { using (TestHostContext tc = new TestHostContext(this)) { // Arrange. Tracing trace = tc.GetTrace(); var mapping = new TfsVCSourceProvider.DefinitionWorkspaceMapping { MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/myProj", }; // Act/Assert. Assert.True(mapping.Recursive); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void InterpretsSingleLevel() { using (TestHostContext tc = new TestHostContext(this)) { // Arrange. Tracing trace = tc.GetTrace(); var mapping = new TfsVCSourceProvider.DefinitionWorkspaceMapping { MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/myProj/*", }; // Act/Assert. Assert.False(mapping.Recursive); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void NormalizesLocalPath() { using (TestHostContext tc = new TestHostContext(this)) { // Arrange. Tracing trace = tc.GetTrace(); var mapping = new TfsVCSourceProvider.DefinitionWorkspaceMapping { MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/myProj", LocalPath = @"myProj/myDir\mySubDir", }; // Act. string actual = mapping.GetRootedLocalPath(tc.GetDirectory(WellKnownDirectory.Bin)); // Assert. string expected = Path.Combine(tc.GetDirectory(WellKnownDirectory.Bin), "myProj", "myDir", "mySubDir"); Assert.Equal(expected, actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void NormalizesRootSingleLevelServerPath() { using (TestHostContext tc = new TestHostContext(this)) { // Arrange. Tracing trace = tc.GetTrace(); var mapping = new TfsVCSourceProvider.DefinitionWorkspaceMapping { MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/*", }; // Act/Assert. Assert.Equal("$/", mapping.NormalizedServerPath); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void NormalizesSingleLevelServerPath() { using (TestHostContext tc = new TestHostContext(this)) { // Arrange. Tracing trace = tc.GetTrace(); var mapping = new TfsVCSourceProvider.DefinitionWorkspaceMapping { MappingType = TfsVCSourceProvider.DefinitionMappingType.Map, ServerPath = "$/myProj/*", }; // Act/Assert. Assert.Equal("$/myProj", mapping.NormalizedServerPath); } } } } ================================================ FILE: src/Test/L0/Worker/Build/TrackingConfigHashAlgorithmL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Build { public sealed class TrackingConfigHashAlgorithmL0 { // This test is the original test case and is kept to make sure back compat still works. [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ComputeHash_returns_correct_hash() { using (TestHostContext tc = new TestHostContext(this)) { // Arrange. var collectionId = "7aee6dde-6381-4098-93e7-50a8264cf066"; var definitionId = "7"; var executionContext = new Mock(); List warnings; executionContext .Setup(x => x.Variables) .Returns(new Variables(tc, copy: new Dictionary(), warnings: out warnings)); executionContext.Object.Variables.Set(Constants.Variables.System.CollectionId, collectionId); executionContext.Object.Variables.Set(Constants.Variables.System.DefinitionId, definitionId); var repoInfo = new RepositoryTrackingInfo { RepositoryUrl = new Uri("http://contoso:8080/tfs/DefaultCollection/gitTest/_git/gitTest").AbsoluteUri, }; // Act. string hashKey = TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repoInfo }); // Assert. Assert.Equal("5c5c3d7ac33cca6604736eb3af977f23f1cf1146", hashKey); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ComputeHash_should_throw_when_parameters_invalid() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); var repo = new RepositoryTrackingInfo() { Identifier = "MyRepo", RepositoryUrl = "https://jpricket@codedev.ms/jpricket/MyFirstProject/_git/repo1_url", }; string collectionId = "866A5D79-7735-49E3-87DA-02E76CF8D03A"; string definitionId = "123"; Assert.Throws(() => TrackingConfigHashAlgorithm.ComputeHash(null, null, null)); Assert.Throws(() => TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, null)); Assert.Throws(() => TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { new RepositoryTrackingInfo() })); Assert.Throws(() => TrackingConfigHashAlgorithm.ComputeHash(null, null, new[] { repo })); Assert.Throws(() => TrackingConfigHashAlgorithm.ComputeHash(null, definitionId, new[] { repo })); Assert.Throws(() => TrackingConfigHashAlgorithm.ComputeHash(collectionId, null, new[] { repo })); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ComputeHash_with_single_repo_should_return_correct_hash() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); var repo1 = new RepositoryTrackingInfo() { Identifier = "alias", RepositoryType = "git", RepositoryUrl = "https://jpricket@codedev.ms/jpricket/MyFirstProject/_git/repo1_url", }; var repo2 = new RepositoryTrackingInfo() { Identifier = "alias2", RepositoryType = "git2", RepositoryUrl = "https://jpricket@codedev.ms/jpricket/MyFirstProject/_git/repo1_url", }; string collectionId = "866A5D79-7735-49E3-87DA-02E76CF8D03A"; string definitionId = "123"; // Make sure that only the coll, def, and url are used in the hash Assert.Equal("9a89eaa7b8b603633ef1dd5c46464355c716268f", TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repo1 })); Assert.Equal("9a89eaa7b8b603633ef1dd5c46464355c716268f", TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repo2 })); Assert.Equal(TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repo1 }), TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repo1 })); // Make sure that different coll creates different hash Assert.Equal("2a41800cd3e7f5983a7643698f67104ed95101f3", TrackingConfigHashAlgorithm.ComputeHash("FFFA5D79-7735-49E3-87DA-02E76CF8D03A", definitionId, new[] { repo1 })); // Make sure that different def creates different hash Assert.Equal("84b4463d95631b4d358f4b67d8994fe7d5b0c013", TrackingConfigHashAlgorithm.ComputeHash(collectionId, "321", new[] { repo1 })); // Make sure that different url creates different hash repo1.RepositoryUrl = "https://jpricket@codedev.ms/jpricket/MyFirstProject/_git/new_url"; Assert.Equal("6505a9272091df39b90d6fd359e3bf39a7883e9e", TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repo1 })); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void ComputeHash_with_multi_repos_should_return_correct_hash() { using (TestHostContext hc = new TestHostContext(this)) { Tracing trace = hc.GetTrace(); var repo1 = new RepositoryTrackingInfo() { Identifier = "alias", SourcesDirectory = "path/repo1_a", RepositoryType = "git", RepositoryUrl = "https://jpricket@codedev.ms/jpricket/MyFirstProject/_git/repo1_url", }; var repo2 = new RepositoryTrackingInfo() { Identifier = "alias2", SourcesDirectory = "path/repo1_b", RepositoryType = "git2", RepositoryUrl = "https://jpricket@codedev.ms/jpricket/MyFirstProject/_git/repo1_url", }; var repo2_newPath = new RepositoryTrackingInfo() { Identifier = "alias2", SourcesDirectory = "path/repo1_c", RepositoryType = "git3", RepositoryUrl = "https://jpricket@codedev.ms/jpricket/MyFirstProject/_git/repo1_url", }; var repo1_newUrl = new RepositoryTrackingInfo() { Identifier = "alias", SourcesDirectory = "path/repo1_a", RepositoryType = "git", RepositoryUrl = "https://jpricket@codedev.ms/jpricket/MyFirstProject/_git/new_url", }; var repo1_newAlias = new RepositoryTrackingInfo() { Identifier = "alias3", SourcesDirectory = "path/repo1_a", RepositoryType = "git", RepositoryUrl = "https://jpricket@codedev.ms/jpricket/MyFirstProject/_git/repo1_url", }; string collectionId = "866A5D79-7735-49E3-87DA-02E76CF8D03A"; string definitionId = "123"; // Make sure we get the same hash every time Assert.Equal("502520817d9c9d3002a7a56526f7518709fecd6a", TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repo1, repo2 })); // Make sure that only the coll, def, identifier, and url are used in the hash Assert.Equal( TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repo1, repo2 }), TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repo1, repo2_newPath })); // Make sure that different coll creates different hash Assert.Equal("ea81feec2216d9da8adc7f29005d44eafbd12626", TrackingConfigHashAlgorithm.ComputeHash("FFFA5D79-7735-49E3-87DA-02E76CF8D03A", definitionId, new[] { repo1, repo2 })); // Make sure that different def creates different hash Assert.Equal("8742e9847224e2b9de3884beac15759cfd8403e0", TrackingConfigHashAlgorithm.ComputeHash(collectionId, "321", new[] { repo1, repo2 })); // Make sure that different url creates different hash Assert.Equal("279dd578a58faba3f6cd23c3d62d452448b1e8cc", TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repo1_newUrl, repo2 })); // Make sure that different alias creates different hash Assert.Equal("e3553307993d00df159a011b129a7f720084ee02", TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repo1_newAlias, repo2 })); // Make sure order doesn't change hash Assert.Equal( TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repo1, repo2 }), TrackingConfigHashAlgorithm.ComputeHash(collectionId, definitionId, new[] { repo2, repo1 })); } } } } ================================================ FILE: src/Test/L0/Worker/Build/TrackingConfigL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Build { public sealed class TrackingConfigL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void TrackingConfig_parameterless_ctor_should_return_almost_empty_object() { using (TestHostContext tc = new TestHostContext(this)) { // Arrange. // Act. var config = new TrackingConfig(); // Assert. Assert.Equal(3, config.FileFormatVersion); Assert.Equal(null, config.FileLocation); Assert.Equal(null, config.HashKey); Assert.NotNull(config.RepositoryTrackingInfo); Assert.Equal(false, config.ShouldSerializeRepositoryTrackingInfo()); Assert.Equal(null, config.System); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void TrackingConfig_copy_legacy_ctor_should_fill_in_fields_correctly() { using (TestHostContext tc = Setup(out Mock mockExecutionContext)) { // Arrange. var legacyConfig = new LegacyTrackingConfig { BuildDirectory = Path.Combine("path", "_work", "123"), CollectionId = CollectionId, DefinitionId = DefinitionId.ToString(), HashKey = "some_hash_key", RepositoryUrl = RepositoryUrl, System = "Build", }; // Act. var config = new TrackingConfig(mockExecutionContext.Object, legacyConfig, "s", "git", true); // Assert. Assert.Equal(Path.Combine("123", "a"), config.ArtifactsDirectory); Assert.Equal("123", config.BuildDirectory); Assert.Equal(CollectionId, config.CollectionId); Assert.Equal(CollectionUrl, config.CollectionUrl); Assert.Equal(DefinitionId.ToString(), config.DefinitionId); Assert.Equal(null, config.DefinitionName); Assert.Equal(3, config.FileFormatVersion); Assert.Equal(null, config.FileLocation); Assert.Equal("some_hash_key", config.HashKey); Assert.Equal("git", config.RepositoryType); Assert.Equal(RepositoryUrl, config.RepositoryUrl); Assert.Equal(Path.Combine("123", "s"), config.SourcesDirectory); Assert.Equal("Build", config.System); Assert.Equal(Path.Combine("123", "TestResults"), config.TestResultsDirectory); Assert.NotNull(config.RepositoryTrackingInfo); Assert.Equal(false, config.ShouldSerializeRepositoryTrackingInfo()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void TrackingConfig_ctor_should_fill_in_fields_correctly() { using (TestHostContext tc = Setup(out Mock mockExecutionContext)) { // Arrange. var repository = new RepositoryResource() { Type = RepositoryTypes.Git, Url = new Uri(RepositoryUrl) }; // Act. var config = new TrackingConfig(mockExecutionContext.Object, new[] { repository }, DefinitionId); // Assert. Assert.Equal(Path.Combine("322", "a"), config.ArtifactsDirectory); Assert.Equal("322", config.BuildDirectory); Assert.Equal(CollectionId, config.CollectionId); Assert.Equal(CollectionUrl, config.CollectionUrl); Assert.Equal(DefinitionId.ToString(), config.DefinitionId); Assert.Equal(DefinitionName, config.DefinitionName); Assert.Equal(3, config.FileFormatVersion); Assert.Equal(null, config.FileLocation); Assert.Equal("ea7c71421cca06c927f73627b66d6b4f4c3a5f4a", config.HashKey); Assert.Equal(RepositoryTypes.Git, config.RepositoryType); Assert.Equal(RepositoryUrl, config.RepositoryUrl); Assert.Equal(Path.Combine("322", "s"), config.SourcesDirectory); Assert.Equal("build", config.System); Assert.Equal(Path.Combine("322", "TestResults"), config.TestResultsDirectory); Assert.NotNull(config.RepositoryTrackingInfo); Assert.Equal(true, config.ShouldSerializeRepositoryTrackingInfo()); Assert.Equal(1, config.RepositoryTrackingInfo.Count); Assert.Equal(RepositoryUrl, config.RepositoryTrackingInfo[0].RepositoryUrl); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void TrackingConfig_clone_should_fill_in_fields_correctly() { using (TestHostContext tc = Setup(out Mock mockExecutionContext)) { // Arrange. var repository = new RepositoryResource() { Type = RepositoryTypes.Git, Url = new Uri(RepositoryUrl) }; // Act. var config = new TrackingConfig(mockExecutionContext.Object, new[] { repository }, DefinitionId); var clone = config.Clone(); // Assert. // Verify the original first Assert.Equal(Path.Combine("322", "a"), config.ArtifactsDirectory); Assert.Equal("322", config.BuildDirectory); Assert.Equal(CollectionId, config.CollectionId); Assert.Equal(CollectionUrl, config.CollectionUrl); Assert.Equal(DefinitionId.ToString(), config.DefinitionId); Assert.Equal(DefinitionName, config.DefinitionName); Assert.Equal(3, config.FileFormatVersion); Assert.Equal(null, config.FileLocation); Assert.Equal("ea7c71421cca06c927f73627b66d6b4f4c3a5f4a", config.HashKey); Assert.Equal(RepositoryTypes.Git, config.RepositoryType); Assert.Equal(RepositoryUrl, config.RepositoryUrl); Assert.Equal(Path.Combine("322", "s"), config.SourcesDirectory); Assert.Equal("build", config.System); Assert.Equal(Path.Combine("322", "TestResults"), config.TestResultsDirectory); Assert.NotNull(config.RepositoryTrackingInfo); Assert.Equal(true, config.ShouldSerializeRepositoryTrackingInfo()); Assert.Equal(1, config.RepositoryTrackingInfo.Count); Assert.Equal(RepositoryUrl, config.RepositoryTrackingInfo[0].RepositoryUrl); // Verify that the clone has the same the values Assert.Equal(Path.Combine("322", "a"), clone.ArtifactsDirectory); Assert.Equal("322", clone.BuildDirectory); Assert.Equal(CollectionId, clone.CollectionId); Assert.Equal(CollectionUrl, clone.CollectionUrl); Assert.Equal(DefinitionId.ToString(), clone.DefinitionId); Assert.Equal(DefinitionName, clone.DefinitionName); Assert.Equal(3, clone.FileFormatVersion); Assert.Equal(null, clone.FileLocation); Assert.Equal("ea7c71421cca06c927f73627b66d6b4f4c3a5f4a", clone.HashKey); Assert.Equal(RepositoryTypes.Git, clone.RepositoryType); Assert.Equal(RepositoryUrl, clone.RepositoryUrl); Assert.Equal(Path.Combine("322", "s"), clone.SourcesDirectory); Assert.Equal("build", clone.System); Assert.Equal(Path.Combine("322", "TestResults"), clone.TestResultsDirectory); Assert.NotNull(clone.RepositoryTrackingInfo); Assert.Equal(true, clone.ShouldSerializeRepositoryTrackingInfo()); Assert.Equal(1, clone.RepositoryTrackingInfo.Count); Assert.Equal(RepositoryUrl, clone.RepositoryTrackingInfo[0].RepositoryUrl); } } private TestHostContext Setup(out Mock mockExecutionContext) { var tc = new TestHostContext(this); // Setup the execution context. mockExecutionContext = new Mock(); List warnings; var variables = new Variables(tc, new Dictionary(), out warnings); variables.Set(Constants.Variables.System.CollectionId, CollectionId); variables.Set(WellKnownDistributedTaskVariables.TFCollectionUrl, CollectionUrl); variables.Set(Constants.Variables.System.DefinitionId, DefinitionId.ToString()); variables.Set(Constants.Variables.Build.DefinitionName, DefinitionName); mockExecutionContext.Setup(x => x.Variables).Returns(variables); return tc; } private const string CollectionId = "226466ab-342b-4ca4-bbee-0b87154d4936"; private const string CollectionUrl = "http://contoso:8080/tfs/DefaultCollection/"; private const int DefinitionId = 322; private const string DefinitionName = "Some definition name"; private const string RepositoryUrl = "http://contoso:8080/tfs/DefaultCollection/_git/gitTest"; } } ================================================ FILE: src/Test/L0/Worker/Build/TrackingManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Moq; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Runtime.CompilerServices; using System.Text.RegularExpressions; using Xunit; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Build { public sealed class TrackingManagerL0 { private const string CollectionId = "226466ab-342b-4ca4-bbee-0b87154d4936"; // TODO: Add a test for collection in the domain. private const string CollectionUrl = "http://contoso:8080/tfs/DefaultCollection/"; private const string DefinitionId = "1234"; private const string DefinitionName = "Some definition name"; private const string RepositoryUrl = "http://contoso:8080/tfs/DefaultCollection/_git/gitTest"; private Mock _ec; private Pipelines.RepositoryResource _repository; private TrackingManager _trackingManager; private Variables _variables; private string _workFolder; public TestHostContext Setup([CallerMemberName] string name = "") { // Setup the host context. TestHostContext hc = new TestHostContext(this, name); // Create a random work path. _workFolder = hc.GetDirectory(WellKnownDirectory.Work); // Setup the execution context. _ec = new Mock(); List warnings; _variables = new Variables(hc, new Dictionary(), out warnings); _variables.Set(Constants.Variables.System.CollectionId, CollectionId); _variables.Set(WellKnownDistributedTaskVariables.TFCollectionUrl, CollectionUrl); _variables.Set(Constants.Variables.System.DefinitionId, DefinitionId); _variables.Set(Constants.Variables.Build.DefinitionName, DefinitionName); _ec.Setup(x => x.Variables).Returns(_variables); // Setup the endpoint. _repository = new Pipelines.RepositoryResource() { Url = new Uri(RepositoryUrl) }; // Setup the tracking manager. _trackingManager = new TrackingManager(); _trackingManager.Initialize(hc); return hc; } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CreatesTopLevelTrackingConfig() { using (TestHostContext hc = Setup()) { // Arrange. string trackingFile = Path.Combine(_workFolder, "trackingconfig.json"); DateTimeOffset testStartOn = DateTimeOffset.Now; // Act. var newConfig = _trackingManager.Create(_ec.Object, new[] { _repository }, false); _trackingManager.UpdateTrackingConfig(_ec.Object, newConfig); // Assert. string topLevelFile = Path.Combine( _workFolder, Constants.Build.Path.SourceRootMappingDirectory, Constants.Build.Path.TopLevelTrackingConfigFile); var config = JsonConvert.DeserializeObject( value: File.ReadAllText(topLevelFile)); Assert.Equal(1, config.LastBuildDirectoryNumber); // Manipulate the expected seconds due to loss of granularity when the // date-time-offset is serialized in a friendly format. Assert.True(testStartOn.AddSeconds(-1) <= config.LastBuildDirectoryCreatedOn); Assert.True(DateTimeOffset.Now.AddSeconds(1) >= config.LastBuildDirectoryCreatedOn); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CreatesTrackingConfig() { using (TestHostContext hc = Setup()) { // Arrange. string trackingFile = Path.Combine(_workFolder, "trackingconfig.json"); DateTimeOffset testStartOn = DateTimeOffset.Now; // Act. var newConfig = _trackingManager.Create(_ec.Object, new[] { _repository }, false); _trackingManager.UpdateTrackingConfig(_ec.Object, newConfig); // Assert. TrackingConfig config = _trackingManager.LoadExistingTrackingConfig(_ec.Object) as TrackingConfig; Assert.Equal( Path.Combine("1", Constants.Build.Path.ArtifactsDirectory), config.ArtifactsDirectory); Assert.Equal("1", config.BuildDirectory); Assert.Equal(CollectionId, config.CollectionId); Assert.Equal(CollectionUrl, config.CollectionUrl); Assert.Equal(DefinitionId, config.DefinitionId); Assert.Equal(DefinitionName, config.DefinitionName); Assert.Equal(3, config.FileFormatVersion); // Manipulate the expected seconds due to loss of granularity when the // date-time-offset is serialized in a friendly format. Assert.True(testStartOn.AddSeconds(-1) <= config.LastRunOn); Assert.True(DateTimeOffset.Now.AddSeconds(1) >= config.LastRunOn); Assert.Equal(RepositoryUrl, config.RepositoryUrl); Assert.Equal( Path.Combine("1", Constants.Build.Path.SourcesDirectory), config.SourcesDirectory); Assert.Equal("build", config.System); Assert.Equal( Path.Combine("1", Constants.Build.Path.TestResultsDirectory), config.TestResultsDirectory); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void LoadsTrackingConfig_FileFormatVersion1() { using (TestHostContext hc = Setup()) { // Arrange. string sourceFolder = Path.Combine(_workFolder, "b00335b6"); // It doesn't matter for this test whether the line endings are CRLF or just LF. string Contents = @"{ ""system"" : ""build"", ""collectionId"" = ""7aee6dde-6381-4098-93e7-50a8264cf066"", ""definitionId"" = ""7"", ""repositoryUrl"" = ""http://contoso:8080/tfs/DefaultCollection/_git/gitTest"", ""sourceFolder"" = """ + sourceFolder + @""", ""hashKey"" = ""b00335b6923adfa64f46f3abb7da1cdc0d9bae6c"" }"; WriteConfigFile(Contents); // Act. TrackingConfig convertedConfig = _trackingManager.LoadExistingTrackingConfig(_ec.Object); // Assert. Assert.NotNull(convertedConfig); Assert.Equal(@"b00335b6", convertedConfig.BuildDirectory); Assert.Equal(@"7aee6dde-6381-4098-93e7-50a8264cf066", convertedConfig.CollectionId); Assert.Equal(@"7", convertedConfig.DefinitionId); Assert.Equal(@"b00335b6923adfa64f46f3abb7da1cdc0d9bae6c", convertedConfig.HashKey); Assert.Equal(@"http://contoso:8080/tfs/DefaultCollection/_git/gitTest", convertedConfig.RepositoryUrl); Assert.Equal(@"build", convertedConfig.System); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void LoadsTrackingConfig_FileFormatVersion1_MissingProperty() { using (TestHostContext hc = Setup()) { // Arrange. string sourceFolder = Path.Combine(_workFolder, "b00335b6"); // It doesn't matter for this test whether the line endings are CRLF or just LF. string contents = @"{ ""system"" : ""build"", ""collectionId"" = ""7aee6dde-6381-4098-93e7-50a8264cf066"", ""definitionId"" = ""7"", ""repositoryUrl"" = ""http://contoso:8080/tfs/DefaultCollection/_git/gitTest"", ""sourceFolder"" = """ + sourceFolder + @""", ""hashKey"" = """" }"; // An expected property is missing from the legacy content - the hash key - so the // file should fail to parse properly. WriteConfigFile(contents); // Act. TrackingConfigBase config = _trackingManager.LoadExistingTrackingConfig(_ec.Object); // Assert. Assert.Null(config); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void LoadsTrackingConfig_FileFormatVersion1_InvalidJson() { using (TestHostContext hc = Setup()) { // Arrange. string sourceFolder = Path.Combine(_workFolder, "b00335b6"); // It doesn't matter for this test whether the line endings are CRLF or just LF. string contents = @"{ ""system"" : ""build"", ""collectionId"" = ""7aee6dde-6381-4098-93e7-50a8264cf066"", ""definitionId"" = ""7"", ""repositoryUrl"" = ""http://contoso:8080/tfs/DefaultCollection/_git/gitTest"", ""sourceFolder"" = """ + sourceFolder + @""", ""hashKey"" = ""b00335b6923adfa64f46f3abb7da1cdc0d9bae6c"" }"; // Trim the trailing curly brace to make the legacy parser throw an exception. contents = contents.TrimEnd('}'); WriteConfigFile(contents); // Act. TrackingConfigBase config = _trackingManager.LoadExistingTrackingConfig(_ec.Object); // Assert. Assert.Null(config); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void LoadsTrackingConfig_FileFormatVersion2() { using (TestHostContext hc = Setup()) { // Arrange. // It doesn't matter for this test whether the line endings are CRLF or just LF. const string Contents = @"{ ""build_artifactstagingdirectory"": ""b00335b6\\a"", ""agent_builddirectory"": ""b00335b6"", ""collectionName"": ""DefaultCollection"", ""definitionName"": ""M87_PrintEnvVars"", ""fileFormatVersion"": 2, ""lastRunOn"": ""09/16/2015 23:56:46 -04:00"", ""build_sourcesdirectory"": ""b00335b6\\gitTest"", ""common_testresultsdirectory"": ""b00335b6\\TestResults"", ""collectionId"": ""7aee6dde-6381-4098-93e7-50a8264cf066"", ""definitionId"": ""7"", ""hashKey"": ""b00335b6923adfa64f46f3abb7da1cdc0d9bae6c"", ""repositoryUrl"": ""http://contoso:8080/tfs/DefaultCollection/_git/gitTest"", ""system"": ""build"" }"; WriteConfigFile(Contents); // Act. TrackingConfigBase baseConfig = _trackingManager.LoadExistingTrackingConfig(_ec.Object); // Assert. Assert.NotNull(baseConfig); TrackingConfig config = baseConfig as TrackingConfig; Assert.NotNull(config); Assert.Equal(@"b00335b6\a", config.ArtifactsDirectory); Assert.Equal(@"b00335b6", config.BuildDirectory); Assert.Equal(@"7aee6dde-6381-4098-93e7-50a8264cf066", config.CollectionId); Assert.Equal(@"", config.CollectionUrl ?? string.Empty); Assert.Equal(@"7", config.DefinitionId); Assert.Equal(@"M87_PrintEnvVars", config.DefinitionName); Assert.Equal(3, config.FileFormatVersion); Assert.Equal(@"b00335b6923adfa64f46f3abb7da1cdc0d9bae6c", config.HashKey); Assert.Equal(new DateTimeOffset(2015, 9, 16, 23, 56, 46, TimeSpan.FromHours(-4)), config.LastRunOn); Assert.Equal(@"http://contoso:8080/tfs/DefaultCollection/_git/gitTest", config.RepositoryUrl); Assert.Equal(@"b00335b6\gitTest", config.SourcesDirectory); Assert.Equal(@"build", config.System); Assert.Equal(@"b00335b6\TestResults", config.TestResultsDirectory); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void LoadsTrackingConfig_FileFormatVersion3() { using (TestHostContext hc = Setup()) { // Arrange. // It doesn't matter for this test whether the line endings are CRLF or just LF. const string Contents = @"{ ""build_artifactstagingdirectory"": ""b00335b6\\a"", ""agent_builddirectory"": ""b00335b6"", ""collectionUrl"": ""http://contoso:8080/tfs/DefaultCollection/"", ""definitionName"": ""M87_PrintEnvVars"", ""fileFormatVersion"": 3, ""lastRunOn"": ""09/16/2015 23:56:46 -04:00"", ""build_sourcesdirectory"": ""b00335b6\\gitTest"", ""common_testresultsdirectory"": ""b00335b6\\TestResults"", ""collectionId"": ""7aee6dde-6381-4098-93e7-50a8264cf066"", ""definitionId"": ""7"", ""hashKey"": ""b00335b6923adfa64f46f3abb7da1cdc0d9bae6c"", ""repositoryUrl"": ""http://contoso:8080/tfs/DefaultCollection/_git/gitTest"", ""system"": ""build"" }"; WriteConfigFile(Contents); // Act. TrackingConfigBase baseConfig = _trackingManager.LoadExistingTrackingConfig(_ec.Object); // Assert. Assert.NotNull(baseConfig); TrackingConfig config = baseConfig as TrackingConfig; Assert.NotNull(config); Assert.Equal(@"b00335b6\a", config.ArtifactsDirectory); Assert.Equal(@"b00335b6", config.BuildDirectory); Assert.Equal(@"7aee6dde-6381-4098-93e7-50a8264cf066", config.CollectionId); Assert.Equal(CollectionUrl, config.CollectionUrl); Assert.Equal(@"7", config.DefinitionId); Assert.Equal(@"M87_PrintEnvVars", config.DefinitionName); Assert.Equal(3, config.FileFormatVersion); Assert.Equal(@"b00335b6923adfa64f46f3abb7da1cdc0d9bae6c", config.HashKey); Assert.Equal(new DateTimeOffset(2015, 9, 16, 23, 56, 46, TimeSpan.FromHours(-4)), config.LastRunOn); Assert.Equal(@"http://contoso:8080/tfs/DefaultCollection/_git/gitTest", config.RepositoryUrl); Assert.Equal(@"b00335b6\gitTest", config.SourcesDirectory); Assert.Equal(@"build", config.System); Assert.Equal(@"b00335b6\TestResults", config.TestResultsDirectory); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void LoadsTrackingConfig_FileFormatVersion3_with_repositoryTrackingInfo() { using (TestHostContext hc = Setup()) { // Arrange. // It doesn't matter for this test whether the line endings are CRLF or just LF. const string Contents = @"{ ""build_artifactstagingdirectory"": ""b00335b6\\a"", ""agent_builddirectory"": ""b00335b6"", ""collectionUrl"": ""http://contoso:8080/tfs/DefaultCollection/"", ""definitionName"": ""M87_PrintEnvVars"", ""repositoryTrackingInfo"": [ { ""repositoryType"": ""git"", ""repositoryUrl"": ""http://contoso:8080/tfs/DefaultCollection/_git/gitTest"", ""sourcesDirectory"": ""b00335b6\\gitTest"", ""sourceDirectoryHashKey"": ""b00335b6923adfa64f46f3abb7da1cdc0d9bae6c"", } ], ""fileFormatVersion"": 3, ""lastRunOn"": ""09/16/2015 23:56:46 -04:00"", ""build_sourcesdirectory"": ""b00335b6\\gitTest"", ""common_testresultsdirectory"": ""b00335b6\\TestResults"", ""collectionId"": ""7aee6dde-6381-4098-93e7-50a8264cf066"", ""definitionId"": ""7"", ""hashKey"": ""b00335b6923adfa64f46f3abb7da1cdc0d9bae6c"", ""repositoryUrl"": ""http://contoso:8080/tfs/DefaultCollection/_git/gitTest"", ""system"": ""build"" }"; WriteConfigFile(Contents); // Act. TrackingConfigBase baseConfig = _trackingManager.LoadExistingTrackingConfig(_ec.Object); // Assert. Assert.NotNull(baseConfig); TrackingConfig config = baseConfig as TrackingConfig; Assert.NotNull(config); Assert.Equal(@"b00335b6\a", config.ArtifactsDirectory); Assert.Equal(@"b00335b6", config.BuildDirectory); Assert.Equal(@"7aee6dde-6381-4098-93e7-50a8264cf066", config.CollectionId); Assert.Equal(CollectionUrl, config.CollectionUrl); Assert.Equal(@"7", config.DefinitionId); Assert.Equal(@"M87_PrintEnvVars", config.DefinitionName); Assert.Equal(3, config.FileFormatVersion); Assert.Equal(@"b00335b6923adfa64f46f3abb7da1cdc0d9bae6c", config.HashKey); Assert.Equal(new DateTimeOffset(2015, 9, 16, 23, 56, 46, TimeSpan.FromHours(-4)), config.LastRunOn); Assert.Equal(@"http://contoso:8080/tfs/DefaultCollection/_git/gitTest", config.RepositoryUrl); Assert.Equal(@"b00335b6\gitTest", config.SourcesDirectory); Assert.Equal(@"build", config.System); Assert.Equal(@"b00335b6\TestResults", config.TestResultsDirectory); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void LoadIfExists_FileFormatVersion3_should_ignore_extra_info() { using (TestHostContext hc = Setup()) { // Arrange. // It doesn't matter for this test whether the line endings are CRLF or just LF. const string Contents = @"{ ""build_artifactstagingdirectory"": ""b00335b6\\a"", ""agent_builddirectory"": ""b00335b6"", ""collectionUrl"": ""http://contoso:8080/tfs/DefaultCollection/"", ""definitionName"": ""M87_PrintEnvVars"", ""extra_info_not_in_object"": [ { ""extra"": ""info"" } ], ""fileFormatVersion"": 3, ""lastRunOn"": ""09/16/2015 23:56:46 -04:00"", ""build_sourcesdirectory"": ""b00335b6\\gitTest"", ""common_testresultsdirectory"": ""b00335b6\\TestResults"", ""collectionId"": ""7aee6dde-6381-4098-93e7-50a8264cf066"", ""definitionId"": ""7"", ""hashKey"": ""b00335b6923adfa64f46f3abb7da1cdc0d9bae6c"", ""repositoryUrl"": ""http://contoso:8080/tfs/DefaultCollection/_git/gitTest"", ""system"": ""build"" }"; WriteConfigFile(Contents); // Act. TrackingConfigBase baseConfig = _trackingManager.LoadExistingTrackingConfig(_ec.Object); // Assert. Assert.NotNull(baseConfig); TrackingConfig config = baseConfig as TrackingConfig; Assert.NotNull(config); Assert.Equal(@"b00335b6\a", config.ArtifactsDirectory); Assert.Equal(@"b00335b6", config.BuildDirectory); Assert.Equal(@"7aee6dde-6381-4098-93e7-50a8264cf066", config.CollectionId); Assert.Equal(CollectionUrl, config.CollectionUrl); Assert.Equal(@"7", config.DefinitionId); Assert.Equal(@"M87_PrintEnvVars", config.DefinitionName); Assert.Equal(3, config.FileFormatVersion); Assert.Equal(@"b00335b6923adfa64f46f3abb7da1cdc0d9bae6c", config.HashKey); Assert.Equal(new DateTimeOffset(2015, 9, 16, 23, 56, 46, TimeSpan.FromHours(-4)), config.LastRunOn); Assert.Equal(@"http://contoso:8080/tfs/DefaultCollection/_git/gitTest", config.RepositoryUrl); Assert.Equal(@"b00335b6\gitTest", config.SourcesDirectory); Assert.Equal(@"build", config.System); Assert.Equal(@"b00335b6\TestResults", config.TestResultsDirectory); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void LoadsTrackingConfig_NotExists() { using (TestHostContext hc = Setup()) { // Act. TrackingConfigBase config = _trackingManager.LoadExistingTrackingConfig(_ec.Object); // Assert. Assert.Null(config); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void MarksTrackingConfigForGarbageCollection() { using (TestHostContext hc = Setup()) { // Arrange. // It doesn't matter for this test whether the line endings are CRLF or just LF. const string TrackingContents = @"{ ""build_artifactstagingdirectory"": ""b00335b6\\a"", ""agent_builddirectory"": ""b00335b6"", ""collectionUrl"": ""http://contoso:8080/tfs/DefaultCollection/"", ""definitionName"": ""M87_PrintEnvVars"", ""repositoryTrackingInfo"": [ { ""identifier"": ""self"", ""repositoryType"": ""tfsgit"", ""repositoryUrl"": ""http://contoso:8080/tfs/DefaultCollection/_git/gitTest"", ""sourcesDirectory"": ""b00335b6\\gitTest"" } ], ""fileFormatVersion"": 3, ""lastRunOn"": ""09/16/2015 23:56:46 -04:00"", ""repositoryType"": ""tfsgit"", ""lastMaintenanceAttemptedOn"": ""09/16/2015 23:56:46 -04:00"", ""lastMaintenanceCompletedOn"": ""09/16/2015 23:56:46 -04:00"", ""build_sourcesdirectory"": ""b00335b6\\gitTest"", ""common_testresultsdirectory"": ""b00335b6\\TestResults"", ""collectionId"": ""7aee6dde-6381-4098-93e7-50a8264cf066"", ""definitionId"": ""7"", ""hashKey"": ""b00335b6923adfa64f46f3abb7da1cdc0d9bae6c"", ""repositoryUrl"": ""http://contoso:8080/tfs/DefaultCollection/_git/gitTest"", ""system"": ""build"" }"; WriteConfigFile(TrackingContents); TrackingConfig config = _trackingManager.LoadExistingTrackingConfig(_ec.Object) as TrackingConfig; Assert.NotNull(config); // Act. _trackingManager.MarkForGarbageCollection(_ec.Object, config); // Assert. string gcDirectory = Path.Combine( _workFolder, Constants.Build.Path.SourceRootMappingDirectory, Constants.Build.Path.GarbageCollectionDirectory); Assert.True(Directory.Exists(gcDirectory)); string[] gcFiles = Directory.GetFiles(gcDirectory); Assert.Equal(1, gcFiles.Length); string gcFile = gcFiles.Single(); string gcContents = File.ReadAllText(gcFile); Assert.Equal(TrackingContents, gcContents); // File name should a GUID. Assert.True(Regex.IsMatch(Path.GetFileNameWithoutExtension(gcFile), "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$")); // File name should not be the default GUID. Assert.NotEqual("00000000-0000-0000-0000-000000000000", Path.GetFileNameWithoutExtension(gcFile)); } } // Legacy config back-compat is required for Windows only. // The legacy config files never existed on xplat in this form. [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public void MarksTrackingConfigForGarbageCollection_Legacy() { using (TestHostContext hc = Setup()) { // Arrange. string sourceFolder = Path.Combine(_workFolder, "b00335b6"); // It doesn't matter for this test whether the line endings are CRLF or just LF. string trackingContents = @"{ ""system"" : ""build"", ""collectionId"" = ""7aee6dde-6381-4098-93e7-50a8264cf066"", ""definitionId"" = ""7"", ""repositoryUrl"" = ""http://contoso:8080/tfs/DefaultCollection/_git/gitTest"", ""sourceFolder"" = """ + sourceFolder + @""", ""hashKey"" = ""b00335b6923adfa64f46f3abb7da1cdc0d9bae6c"" }"; WriteConfigFile(trackingContents); TrackingConfig config = _trackingManager.LoadExistingTrackingConfig(_ec.Object); Assert.NotNull(config); // Act. _trackingManager.MarkForGarbageCollection(_ec.Object, config); // Assert. string gcDirectory = Path.Combine( _workFolder, Constants.Build.Path.SourceRootMappingDirectory, Constants.Build.Path.GarbageCollectionDirectory); Assert.True(Directory.Exists(gcDirectory)); string[] gcFiles = Directory.GetFiles(gcDirectory); Assert.Equal(1, gcFiles.Length); string gcContents = File.ReadAllText(gcFiles.Single()); const string ExpectedGCContents = @"{ ""build_artifactstagingdirectory"": ""b00335b6\\artifacts"", ""agent_builddirectory"": ""b00335b6"", ""collectionUrl"": ""http://contoso:8080/tfs/DefaultCollection/"", ""definitionName"": null, ""fileFormatVersion"": 3, ""lastRunOn"": ""01/01/0001 00:00:00 +00:00"", ""repositoryType"": """", ""lastMaintenanceAttemptedOn"": """", ""lastMaintenanceCompletedOn"": """", ""build_sourcesdirectory"": ""b00335b6\\s"", ""common_testresultsdirectory"": ""b00335b6\\TestResults"", ""collectionId"": ""7aee6dde-6381-4098-93e7-50a8264cf066"", ""definitionId"": ""7"", ""hashKey"": ""b00335b6923adfa64f46f3abb7da1cdc0d9bae6c"", ""repositoryUrl"": ""http://contoso:8080/tfs/DefaultCollection/_git/gitTest"", ""system"": ""build"" }"; Assert.Equal(ExpectedGCContents, gcContents); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void UpdatesTopLevelTrackingConfig() { using (TestHostContext hc = Setup()) { // Arrange. var firstConfig = _trackingManager.Create(_ec.Object, new[] { _repository }, false); _trackingManager.UpdateTrackingConfig(_ec.Object, firstConfig); DateTimeOffset testStartOn = DateTimeOffset.Now; // Act. var secondConfig = _trackingManager.Create(_ec.Object, new[] { _repository }, false); _trackingManager.UpdateTrackingConfig(_ec.Object, secondConfig); // Assert. string topLevelFile = Path.Combine( _workFolder, Constants.Build.Path.SourceRootMappingDirectory, Constants.Build.Path.TopLevelTrackingConfigFile); TopLevelTrackingConfig config = JsonConvert.DeserializeObject( value: File.ReadAllText(topLevelFile)); Assert.Equal(2, config.LastBuildDirectoryNumber); // Manipulate the expected seconds due to loss of granularity when the // date-time-offset is serialized in a friendly format. Assert.True(testStartOn.AddSeconds(-1) <= config.LastBuildDirectoryCreatedOn); Assert.True(DateTimeOffset.Now.AddSeconds(1) >= config.LastBuildDirectoryCreatedOn); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void UpdatesTrackingConfigJobRunProperties() { using (TestHostContext hc = Setup()) { // Arrange. DateTimeOffset testStartOn = DateTimeOffset.Now; TrackingConfig config = new TrackingConfig(); string trackingFile = Path.Combine(_workFolder, "trackingconfig.json"); // Act. _trackingManager.UpdateTrackingConfig(_ec.Object, config); // Assert. config = _trackingManager.LoadExistingTrackingConfig(_ec.Object) as TrackingConfig; Assert.NotNull(config); Assert.Equal(CollectionUrl, config.CollectionUrl); Assert.Equal(DefinitionName, config.DefinitionName); // Manipulate the expected seconds due to loss of granularity when the // date-time-offset is serialized in a friendly format. Assert.True(testStartOn.AddSeconds(-1) <= config.LastRunOn); Assert.True(DateTimeOffset.Now.AddSeconds(1) >= config.LastRunOn); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void MergeTrackingConfig_CheckIfReturnsValidConfig() { using (TestHostContext hc = Setup()) { var config1 = GetTestConfig(1); var config2 = GetTestConfig(2); var mergedConfig = _trackingManager.MergeTrackingConfigs(_ec.Object, config2, config1, true); Assert.Equal("BuildDirectory2", mergedConfig.BuildDirectory); Assert.Equal("SourcesDirectory1", mergedConfig.SourcesDirectory); Assert.Equal("RepositoryType1", mergedConfig.RepositoryType); Assert.Equal("CollectionUrl1", mergedConfig.CollectionUrl); Assert.Equal("ArtifactsDirectory1", mergedConfig.ArtifactsDirectory); Assert.Equal("CollectionId1", mergedConfig.CollectionId); Assert.Equal("FileLocation1", mergedConfig.FileLocation); Assert.Equal("DefinitionId1", mergedConfig.DefinitionId); Assert.Equal("DefinitionName1", mergedConfig.DefinitionName); Assert.Equal("System1", mergedConfig.System); Assert.Equal("TestResultsDirectory1", mergedConfig.TestResultsDirectory); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void MergeTrackingConfig_CheckIfReturnsValidConfigIfBuildOverrideIsFalse() { using (TestHostContext hc = Setup()) { var config1 = GetTestConfig(1); var config2 = GetTestConfig(2); var mergedConfig = _trackingManager.MergeTrackingConfigs(_ec.Object, config2, config1, false); Assert.Equal("BuildDirectory1", mergedConfig.BuildDirectory); Assert.Equal("SourcesDirectory1", mergedConfig.SourcesDirectory); Assert.Equal("RepositoryType1", mergedConfig.RepositoryType); Assert.Equal("CollectionUrl1", mergedConfig.CollectionUrl); Assert.Equal("ArtifactsDirectory1", mergedConfig.ArtifactsDirectory); Assert.Equal("CollectionId1", mergedConfig.CollectionId); Assert.Equal("FileLocation1", mergedConfig.FileLocation); Assert.Equal("DefinitionId1", mergedConfig.DefinitionId); Assert.Equal("DefinitionName1", mergedConfig.DefinitionName); Assert.Equal("System1", mergedConfig.System); Assert.Equal("TestResultsDirectory1", mergedConfig.TestResultsDirectory); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void MergeTrackingConfig_EmptySourcesDirectoryOfPreviousConfig() { using (TestHostContext hc = Setup()) { var config1 = GetTestConfig(1); var config2 = GetTestConfig(2); config1.SourcesDirectory = ""; var mergedConfig = _trackingManager.MergeTrackingConfigs(_ec.Object, config2, config1, false); Assert.Equal("BuildDirectory1", mergedConfig.BuildDirectory); Assert.Equal("SourcesDirectory2", mergedConfig.SourcesDirectory); Assert.Equal("RepositoryType1", mergedConfig.RepositoryType); Assert.Equal("CollectionUrl1", mergedConfig.CollectionUrl); Assert.Equal("ArtifactsDirectory1", mergedConfig.ArtifactsDirectory); Assert.Equal("CollectionId1", mergedConfig.CollectionId); Assert.Equal("FileLocation1", mergedConfig.FileLocation); Assert.Equal("DefinitionId1", mergedConfig.DefinitionId); Assert.Equal("DefinitionName1", mergedConfig.DefinitionName); Assert.Equal("System1", mergedConfig.System); Assert.Equal("TestResultsDirectory1", mergedConfig.TestResultsDirectory); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void MergeTrackingConfig_EmptyRepositoryTypeOfPreviousConfig() { using (TestHostContext hc = Setup()) { var config1 = GetTestConfig(1); var config2 = GetTestConfig(2); config1.RepositoryType = ""; var mergedConfig = _trackingManager.MergeTrackingConfigs(_ec.Object, config2, config1, false); Assert.Equal("BuildDirectory1", mergedConfig.BuildDirectory); Assert.Equal("SourcesDirectory1", mergedConfig.SourcesDirectory); Assert.Equal("RepositoryType2", mergedConfig.RepositoryType); Assert.Equal("CollectionUrl1", mergedConfig.CollectionUrl); Assert.Equal("ArtifactsDirectory1", mergedConfig.ArtifactsDirectory); Assert.Equal("CollectionId1", mergedConfig.CollectionId); Assert.Equal("FileLocation1", mergedConfig.FileLocation); Assert.Equal("DefinitionId1", mergedConfig.DefinitionId); Assert.Equal("DefinitionName1", mergedConfig.DefinitionName); Assert.Equal("System1", mergedConfig.System); Assert.Equal("TestResultsDirectory1", mergedConfig.TestResultsDirectory); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void MergeTrackingConfig_EmptyCollectionUrlOfPreviousConfig() { using (TestHostContext hc = Setup()) { var config1 = GetTestConfig(1); var config2 = GetTestConfig(2); config1.CollectionUrl = ""; var mergedConfig = _trackingManager.MergeTrackingConfigs(_ec.Object, config2, config1, false); Assert.Equal("BuildDirectory1", mergedConfig.BuildDirectory); Assert.Equal("SourcesDirectory1", mergedConfig.SourcesDirectory); Assert.Equal("RepositoryType1", mergedConfig.RepositoryType); Assert.Equal("CollectionUrl2", mergedConfig.CollectionUrl); Assert.Equal("ArtifactsDirectory1", mergedConfig.ArtifactsDirectory); Assert.Equal("CollectionId1", mergedConfig.CollectionId); Assert.Equal("FileLocation1", mergedConfig.FileLocation); Assert.Equal("DefinitionId1", mergedConfig.DefinitionId); Assert.Equal("DefinitionName1", mergedConfig.DefinitionName); Assert.Equal("System1", mergedConfig.System); Assert.Equal("TestResultsDirectory1", mergedConfig.TestResultsDirectory); } } private TrackingConfig GetTestConfig(int index) { TrackingConfig config = new TrackingConfig(); config.BuildDirectory = $"BuildDirectory{index}"; config.ArtifactsDirectory = $"ArtifactsDirectory{index}"; config.CollectionId = $"CollectionId{index}"; config.CollectionUrl = $"CollectionUrl{index}"; config.FileLocation = $"FileLocation{index}"; config.DefinitionId = $"DefinitionId{index}"; config.DefinitionName = $"DefinitionName{index}"; config.SourcesDirectory = $"SourcesDirectory{index}"; config.System = $"System{index}"; config.RepositoryType = $"RepositoryType{index}"; config.TestResultsDirectory = $"TestResultsDirectory{index}"; return config; } private void WriteConfigFile(string contents) { string filePath = Path.Combine( _workFolder, Constants.Build.Path.SourceRootMappingDirectory, _ec.Object.Variables.System_CollectionId, _ec.Object.Variables.System_DefinitionId, Constants.Build.Path.TrackingConfigFile); Directory.CreateDirectory(Path.GetDirectoryName(filePath)); File.WriteAllText(filePath, contents); } } } ================================================ FILE: src/Test/L0/Worker/Build/WorkspaceMaintenanceProvicerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Tests; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Moq; using System; using System.Collections.Generic; using System.Runtime.CompilerServices; using System.Threading.Tasks; using Xunit; namespace Test.L0.Worker.Build { public sealed class WorkspaceMaintenanceProvicerL0 { private Mock _ec; private Mock _trackingManager; private WorkspaceMaintenanceProvider _workspaceMaintenanceProvider; private Variables _variables; private TestHostContext Setup(int daysthreshold = 0, [CallerMemberName] string name = "") { // Setup the host context. TestHostContext hc = new TestHostContext(this, name); _ec = new Mock(); _trackingManager = new Mock(); List warnings; _variables = new Variables(hc, new Dictionary(), out warnings); _variables.Set(Constants.Variables.Maintenance.JobTimeout, "0"); _variables.Set(Constants.Variables.Maintenance.DeleteWorkingDirectoryDaysThreshold, daysthreshold.ToString()); _ec.Setup(x => x.Variables).Returns(_variables); _workspaceMaintenanceProvider = new WorkspaceMaintenanceProvider(); _workspaceMaintenanceProvider.Initialize(hc); hc.SetSingleton(_trackingManager.Object); Tracing trace = hc.GetTrace(); return hc; } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] private async Task ShouldMarkExpiredForGarbageCollection() { var daysthreshold = 4; using (TestHostContext hc = Setup(daysthreshold)) { _trackingManager.Setup(x => x.MarkExpiredForGarbageCollection(_ec.Object, It.IsAny())); await _workspaceMaintenanceProvider.RunMaintenanceOperation(_ec.Object); _trackingManager.Verify(x => x.MarkExpiredForGarbageCollection(_ec.Object, TimeSpan.FromDays(daysthreshold)), Times.Once); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] private async Task ShouldNotMarkForGarbageCollectionIfThresholdIsZero() { var daysthreshold = 0; using (TestHostContext hc = Setup(daysthreshold)) { _trackingManager.Setup(x => x.MarkExpiredForGarbageCollection(_ec.Object, It.IsAny())); await _workspaceMaintenanceProvider.RunMaintenanceOperation(_ec.Object); _trackingManager.Verify(x => x.MarkExpiredForGarbageCollection(_ec.Object, It.IsAny()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] private async Task ShouldDisposeCollectedGarbage() { using (TestHostContext hc = Setup(4)) { await _workspaceMaintenanceProvider.RunMaintenanceOperation(_ec.Object); _trackingManager.Verify(x => x.DisposeCollectedGarbage(_ec.Object), Times.Once); } } } } ================================================ FILE: src/Test/L0/Worker/CodeCoverage/CoberturaSummaryReaderTests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.TeamFoundation.TestManagement.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage; using Moq; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Runtime.CompilerServices; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.CodeCoverage { public class CoberturaSummaryReaderTests { private Mock _ec; private List _warnings = new List(); private List _errors = new List(); [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void VerifyCoberturaCoverageStatisticsForValidSummaryFile() { string coberturaXml = GetPathToValidCoberturaFile(); try { SetupMocks(); var summaryReader = new CoberturaSummaryReader(); IEnumerable coverageStats = summaryReader.GetCodeCoverageSummary(_ec.Object, coberturaXml); List coverageStatsNew = coverageStats.ToList(); coverageStatsNew.Sort(new Statscomparer()); Assert.Equal(0, _errors.Count); Assert.Equal(0, _warnings.Count); VerifyLineCoverageStats(coverageStatsNew.ToList()); VerifyBranchCoverageStats(coverageStatsNew.ToList()); } finally { File.Delete(coberturaXml); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void VerifyFileDidnotExist() { SetupMocks(); var coberturaXml = CoberturaFileDidnotExist(); var summaryReader = new CoberturaSummaryReader(); Assert.Throws(() => summaryReader.GetCodeCoverageSummary(_ec.Object, coberturaXml)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void VerifyInvalidXmlFile() { var invalidXml = CoberturaInvalidXmlFile(); try { SetupMocks(); var summaryReader = new CoberturaSummaryReader(); summaryReader.GetCodeCoverageSummary(_ec.Object, invalidXml); } finally { File.Delete(invalidXml); } Assert.Equal(0, _errors.Count); Assert.Equal(1, _warnings.Count); } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void VerifyEmptyXmlFile() { var emptyXml = GetEmptyCCFile(); try { SetupMocks(); var summaryReader = new CoberturaSummaryReader(); Assert.Null(summaryReader.GetCodeCoverageSummary(_ec.Object, emptyXml)); Assert.Equal(0, _errors.Count); Assert.Equal(0, _warnings.Count); } finally { File.Delete(emptyXml); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void VerifyWrongXmlFile() { var wrongXml = CoberturaWrongXmlFile(); try { SetupMocks(); var summaryReader = new CoberturaSummaryReader(); var coverageStats = summaryReader.GetCodeCoverageSummary(_ec.Object, wrongXml); Assert.Equal(coverageStats.ToList().Count, 0); Assert.Equal(0, _errors.Count); Assert.Equal(0, _warnings.Count); } finally { File.Delete(wrongXml); } } private static string GetPathToValidCoberturaFile() { var file = Path.Combine(Path.GetTempPath(), "coberturaValid.xml"); File.WriteAllText(file, CodeCoverageTestConstants.ValidCoberturaXml); return file; } private string CoberturaFileDidnotExist() { return Path.Combine(Path.GetTempPath(), "CoberturaDidNotExist.xml"); } private string CoberturaInvalidXmlFile() { var file = Path.GetTempFileName(); File.WriteAllText(file, "This is not XML File"); return file; } private string GetEmptyCCFile() { return Path.GetTempFileName(); } private string CoberturaWrongXmlFile() { var file = Path.GetTempFileName(); File.WriteAllText(file, "\nThis is a Test"); return file; } private static void VerifyLineCoverageStats(List coverageStats) { Assert.Equal(2, coverageStats.Count); Assert.Equal(4, (int)coverageStats[0].Position); Assert.Equal("lines", coverageStats[0].Label.ToLower()); Assert.Equal(11, (int)coverageStats[0].Covered); Assert.Equal(22, (int)coverageStats[0].Total); } private static void VerifyBranchCoverageStats(List coverageStats) { Assert.Equal(2, coverageStats.Count); Assert.Equal(6, (int)coverageStats[1].Position); Assert.Equal("branches", coverageStats[1].Label.ToLower()); Assert.Equal(2, (int)coverageStats[1].Covered); Assert.Equal(8, (int)coverageStats[1].Total); } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "TestHostContext")] private void SetupMocks([CallerMemberName] string name = "") { TestHostContext hc = new TestHostContext(this, name); _ec = new Mock(); _ec.Setup(x => x.AddIssue(It.IsAny())) .Callback ((issue) => { if (issue.Type == IssueType.Warning) { _warnings.Add(issue.Message); } else if (issue.Type == IssueType.Error) { _errors.Add(issue.Message); } }); } } } ================================================ FILE: src/Test/L0/Worker/CodeCoverage/CodeCoverageCommandExtensionTests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.TeamFoundation.TestManagement.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage; using Moq; using System; using System.Collections.Generic; using System.IO; using System.Runtime.CompilerServices; using System.Threading; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.CodeCoverage { public class CodeCoverageCommandExtensionTests { private Mock _ec; private List _warnings = new List(); private List _errors = new List(); private Mock _mocksummaryReader; private Mock _mockExtensionManager; private Mock _mockCodeCoveragePublisher; private Mock _mockCommandContext; private List _codeCoverageStatistics; private Variables _variables; #region publish code coverage tests [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void PublishCodeCoverageWithNoCCTool() { using (var _hc = SetupMocks()) { var publishCCCommand = new CodeCoverageCommandExtension(); publishCCCommand.Initialize(_hc); var command = new Command("codecoverage", "publish"); command.Properties.Add("summaryfile", "a.xml"); Assert.Throws(() => publishCCCommand.ProcessCommand(_ec.Object, command)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void PublishCodeCoverageWithRelease() { using (var _hc = SetupMocks()) { var publishCCCommand = new CodeCoverageCommandExtension(); publishCCCommand.Initialize(_hc); var command = new Command("codecoverage", "publish"); _variables.Set("system.hostType", "release"); publishCCCommand.ProcessCommand(_ec.Object, command); Assert.Equal(1, _warnings.Count); Assert.Equal(0, _errors.Count); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void PublishCodeCoverageWithNoSummaryFileInput() { using (var _hc = SetupMocks()) { var publishCCCommand = new CodeCoverageCommandExtension(); publishCCCommand.Initialize(_hc); var command = new Command("codecoverage", "publish"); Assert.Throws(() => publishCCCommand.ProcessCommand(_ec.Object, command)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void PublishCodeCoverageWithInvalidCCTool() { using (var _hc = SetupMocks()) { var publishCCCommand = new CodeCoverageCommandExtension(); publishCCCommand.Initialize(_hc); var command = new Command("codecoverage", "publish"); command.Properties.Add("codecoveragetool", "InvalidTool"); command.Properties.Add("summaryfile", "a.xml"); Assert.Throws(() => publishCCCommand.ProcessCommand(_ec.Object, command)); } } [Fact] [Trait("Level", "L0")] public void Publish_CoberturaNewIndexFile() { using (var _hc = SetupMocks()) { var reportDirectory = Path.Combine(Path.GetTempPath(), "reportDirectory"); var coberturaXml = Path.Combine(reportDirectory, "coberturaValid.xml"); try { Directory.CreateDirectory(reportDirectory); File.WriteAllText(coberturaXml, CodeCoverageTestConstants.ValidCoberturaXml); File.WriteAllText((Path.Combine(reportDirectory, "index.html")), string.Empty); File.WriteAllText((Path.Combine(reportDirectory, "frame-summary.html")), string.Empty); var publishCCCommand = new CodeCoverageCommandExtension(); publishCCCommand.Initialize(_hc); var command = new Command("codecoverage", "publish"); command.Properties.Add("codecoveragetool", "cobertura"); command.Properties.Add("summaryfile", coberturaXml); command.Properties.Add("reportdirectory", reportDirectory); publishCCCommand.ProcessCommand(_ec.Object, command); Assert.Equal(0, _warnings.Count); Assert.Equal(0, _errors.Count); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageSummaryAsync(It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageFilesAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>>(), It.Is(browsable => browsable == true), It.IsAny())); Assert.True(File.Exists(Path.Combine(reportDirectory, "frame-summary.html"))); Assert.True(File.Exists(Path.Combine(reportDirectory, "indexnew.html"))); } finally { Directory.Delete(reportDirectory, true); } } } [Fact] [Trait("Level", "L0")] public void Publish_WithIndexHtmFileinReportDirectory() { using (var _hc = SetupMocks()) { var reportDirectory = Path.Combine(Path.GetTempPath(), "reportDirectory"); var summaryFile = Path.Combine(reportDirectory, "summary.xml"); try { Directory.CreateDirectory(reportDirectory); File.WriteAllText(summaryFile, "test"); File.WriteAllText((Path.Combine(reportDirectory, "index.htm")), string.Empty); var publishCCCommand = new CodeCoverageCommandExtension(); publishCCCommand.Initialize(_hc); var command = new Command("codecoverage", "publish"); command.Properties.Add("codecoveragetool", "mockCCTool"); command.Properties.Add("summaryfile", summaryFile); command.Properties.Add("reportdirectory", reportDirectory); publishCCCommand.ProcessCommand(_ec.Object, command); Assert.Equal(0, _warnings.Count); Assert.Equal(0, _errors.Count); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageSummaryAsync(It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageFilesAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>>(), It.Is(browsable => browsable == true), It.IsAny())); Assert.True(File.Exists(Path.Combine(reportDirectory, "index.html"))); Assert.True(File.Exists(Path.Combine(reportDirectory, "index.htm"))); } finally { Directory.Delete(reportDirectory, true); } } } [Fact] [Trait("Level", "L0")] public void Publish_WithIndexHtmAndHtmlFileInReportDirectory() { using (var _hc = SetupMocks()) { var reportDirectory = Path.Combine(Path.GetTempPath(), "reportDirectory"); var summaryFile = Path.Combine(reportDirectory, "summary.xml"); try { Directory.CreateDirectory(reportDirectory); File.WriteAllText(summaryFile, "test"); File.WriteAllText((Path.Combine(reportDirectory, "index.htm")), string.Empty); File.WriteAllText((Path.Combine(reportDirectory, "index.html")), string.Empty); var publishCCCommand = new CodeCoverageCommandExtension(); publishCCCommand.Initialize(_hc); var command = new Command("codecoverage", "publish"); command.Properties.Add("codecoveragetool", "mockCCTool"); command.Properties.Add("summaryfile", summaryFile); command.Properties.Add("reportdirectory", reportDirectory); publishCCCommand.ProcessCommand(_ec.Object, command); Assert.Equal(0, _warnings.Count); Assert.Equal(0, _errors.Count); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageSummaryAsync(It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageFilesAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>>(), It.Is(browsable => browsable == true), It.IsAny())); Assert.True(File.Exists(Path.Combine(reportDirectory, "index.html"))); Assert.True(File.Exists(Path.Combine(reportDirectory, "index.htm"))); } finally { Directory.Delete(reportDirectory, true); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void PublishesCCFilesWhenCodeCoverageDataIsNull() { using (var _hc = SetupMocks()) { var summaryFile = Path.GetTempFileName(); try { File.WriteAllText(summaryFile, "test"); var publishCCCommand = new CodeCoverageCommandExtension(); publishCCCommand.Initialize(_hc); var command = new Command("codecoverage", "publish"); command.Properties.Add("codecoveragetool", "mockCCTool"); command.Properties.Add("summaryfile", summaryFile); _mocksummaryReader.Setup(x => x.GetCodeCoverageSummary(It.IsAny(), It.IsAny())) .Returns((List)null); publishCCCommand.ProcessCommand(_ec.Object, command); Assert.Equal(1, _warnings.Count); Assert.Equal(0, _errors.Count); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageFilesAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>>(), It.IsAny(), It.IsAny())); } finally { File.Delete(summaryFile); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void PublishCCFilesWithOnlyReportDirectoryInput() { using (var _hc = SetupMocks()) { var reportDirectory = Path.Combine(Path.GetTempPath(), "reportDirectory"); var summaryFile = Path.Combine(reportDirectory, "summary.xml"); try { Directory.CreateDirectory(reportDirectory); File.WriteAllText(summaryFile, "test"); var publishCCCommand = new CodeCoverageCommandExtension(); publishCCCommand.Initialize(_hc); var command = new Command("codecoverage", "publish"); command.Properties.Add("codecoveragetool", "mockCCTool"); command.Properties.Add("summaryfile", summaryFile); command.Properties.Add("reportdirectory", reportDirectory); publishCCCommand.ProcessCommand(_ec.Object, command); Assert.Equal(0, _warnings.Count); Assert.Equal(0, _errors.Count); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageSummaryAsync(It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageFilesAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.Is>>(files => files.Count == 1), It.IsAny(), It.IsAny())); } finally { Directory.Delete(reportDirectory, true); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void PublishCCFilesWithOnlyAdditionalFilesInput() { using (var _hc = SetupMocks()) { var summaryFile = Path.GetTempFileName(); try { File.WriteAllText(summaryFile, "test"); var publishCCCommand = new CodeCoverageCommandExtension(); publishCCCommand.Initialize(_hc); var command = new Command("codecoverage", "publish"); command.Properties.Add("codecoveragetool", "mockCCTool"); command.Properties.Add("summaryfile", summaryFile); command.Properties.Add("additionalcodecoveragefiles", summaryFile); publishCCCommand.ProcessCommand(_ec.Object, command); Assert.Equal(0, _warnings.Count); Assert.Equal(0, _errors.Count); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageSummaryAsync(It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageFilesAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.Is>>(files => files.Count == 2), It.IsAny(), It.IsAny())); } finally { File.Delete(summaryFile); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void PublishCCWithBothReportDirectoryAndAdditioanlFilesInputs() { using (var _hc = SetupMocks()) { var reportDirectory = Path.Combine(Path.GetTempPath(), "reportDirectory"); var summaryFile = Path.Combine(reportDirectory, "summary.xml"); try { Directory.CreateDirectory(reportDirectory); File.WriteAllText(summaryFile, "test"); var publishCCCommand = new CodeCoverageCommandExtension(); publishCCCommand.Initialize(_hc); var command = new Command("codecoverage", "publish"); command.Properties.Add("codecoveragetool", "mockCCTool"); command.Properties.Add("summaryfile", summaryFile); command.Properties.Add("reportdirectory", reportDirectory); command.Properties.Add("additionalcodecoveragefiles", summaryFile); publishCCCommand.ProcessCommand(_ec.Object, command); Assert.Equal(0, _warnings.Count); Assert.Equal(0, _errors.Count); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageSummaryAsync(It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())); _mockCodeCoveragePublisher.Verify(x => x.PublishCodeCoverageFilesAsync(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.Is>>(files => files.Count == 2), It.IsAny(), It.IsAny())); } finally { Directory.Delete(reportDirectory, true); } } } #endregion private TestHostContext SetupMocks([CallerMemberName] string name = "") { var _hc = new TestHostContext(this, name); _hc.SetSingleton(new TaskRestrictionsChecker() as ITaskRestrictionsChecker); _codeCoverageStatistics = new List { new CodeCoverageStatistics { Label = "label", Covered = 10, Total = 10, Position = 1 } }; _mocksummaryReader = new Mock(); if (String.Equals(name, "Publish_CoberturaNewIndexFile")) { _mocksummaryReader.Setup(x => x.Name).Returns("cobertura"); } else _mocksummaryReader.Setup(x => x.Name).Returns("mockCCTool"); _mocksummaryReader.Setup(x => x.GetCodeCoverageSummary(It.IsAny(), It.IsAny())) .Returns(_codeCoverageStatistics); _hc.SetSingleton(_mocksummaryReader.Object); _mockExtensionManager = new Mock(); _mockExtensionManager.Setup(x => x.GetExtensions()).Returns(new List { _mocksummaryReader.Object }); _hc.SetSingleton(_mockExtensionManager.Object); _mockCodeCoveragePublisher = new Mock(); _hc.SetSingleton(_mockCodeCoveragePublisher.Object); _mockCommandContext = new Mock(); _hc.EnqueueInstance(_mockCommandContext.Object); var endpointAuthorization = new EndpointAuthorization() { Scheme = EndpointAuthorizationSchemes.OAuth }; List warnings; _variables = new Variables(_hc, new Dictionary(), out warnings); _variables.Set("build.buildId", "1"); _variables.Set("build.containerId", "1"); _variables.Set("system.teamProjectId", "46075F24-A6B9-447E-BEF0-E1D5592D9E39"); _variables.Set("system.hostType", "build"); endpointAuthorization.Parameters[EndpointAuthorizationParameters.AccessToken] = "accesstoken"; _ec = new Mock(); _ec.Setup(x => x.Restrictions).Returns(new List()); _ec.Setup(x => x.Endpoints).Returns(new List { new ServiceEndpoint { Url = new Uri("http://dummyurl"), Name = WellKnownServiceEndpointNames.SystemVssConnection, Authorization = endpointAuthorization } }); _ec.Setup(x => x.Variables).Returns(_variables); _ec.Setup(x => x.TranslateToHostPath(It.IsAny())).Returns((string x) => x); var asyncCommands = new List(); _ec.Setup(x => x.AsyncCommands).Returns(asyncCommands); _ec.Setup(x => x.GetHostContext()).Returns(_hc); _ec.Setup(x => x.AddIssue(It.IsAny())) .Callback ((issue) => { if (issue.Type == IssueType.Warning) { _warnings.Add(issue.Message); } else if (issue.Type == IssueType.Error) { _errors.Add(issue.Message); } }); return _hc; } } } ================================================ FILE: src/Test/L0/Worker/CodeCoverage/CodeCoverageConstants.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.CodeCoverage { public class CodeCoverageTestConstants { #region publish CC files public static readonly string ValidJacocoXml = @" "; public static readonly string ValidCoberturaXml = @" F:/Test/ant/TestCode/Ant/src "; #endregion #region cobertura ant files public static readonly string BuildXml = @" "; public static readonly string BuildWithCCCoberturaXml = @" "; public static readonly string BuildWithMultipleNodesXml = @" "; public static readonly string InvalidBuildXml = @" "; public static readonly string BuildWithNoTestsXml = @" "; #endregion #region jacoco ant files public static readonly string BuildWithCCJacocoXml = @" "; #endregion #region cobertura gradle files public static readonly string BuildGradle = @"apply plugin: 'java'' apply plugin: 'maven' group = 'com.mycompany.app' version = '1.0-SNAPSHOT' description = '''my-app''' sourceCompatibility = 1.5 targetCompatibility = 1.5 repositories { maven { url 'http://repo.maven.apache.org/maven2' } } dependencies { testCompile group: 'junit', name: 'junit', version: '3.8.1' }"; public static readonly string BuildWithCCCoberturaGradle = @"plugins { id 'net.saliman.cobertura' version '2.2.7' } apply plugin: 'java' apply plugin: 'maven' group = 'com.mycompany.app' version = '1.0-SNAPSHOT' description = '''my-app''' sourceCompatibility = 1.5 targetCompatibility = 1.5 repositories { maven { url 'http://repo.maven.apache.org/maven2' } } dependencies { testCompile group: 'junit', name: 'junit', version: '3.8.1' } allprojects { repositories { mavenCentral() } } dependencies { testCompile 'org.slf4j:slf4j-api:1.7.12' } cobertura { coverageFormats = [ 'xml', 'html' ] }"; public static readonly string BuildMultiModuleGradle = @"apply plugin: 'java'' apply plugin: 'maven' group = 'com.mycompany.app' version = '1.0-SNAPSHOT' description = '''my-app''' sourceCompatibility = 1.5 targetCompatibility = 1.5 repositories { maven { url 'http://repo.maven.apache.org/maven2' } } dependencies { testCompile group: 'junit', name: 'junit', version: '3.8.1' }"; public static readonly string BuildWithCCMultiModuleGradle = @"apply plugin: 'java'' apply plugin: 'maven' apply plugin: 'jacoco' group = 'com.mycompany.app' version = '1.0-SNAPSHOT' description = '''my-app''' sourceCompatibility = 1.5 targetCompatibility = 1.5 repositories { maven { url 'http://repo.maven.apache.org/maven2' } } dependencies { testCompile group: 'junit', name: 'junit', version: '3.8.1' } jacocoTestReport { reports { xml.enabled true csv.enabled false html.destination '${buildDir}/jacocoHtml' } }"; #endregion #region jacoco gradle files public static readonly string BuildWithCCJacocoGradle = @"apply plugin: 'java'' apply plugin: 'maven' apply plugin: 'jacoco' group = 'com.mycompany.app' version = '1.0-SNAPSHOT' description = '''my-app''' sourceCompatibility = 1.5 targetCompatibility = 1.5 repositories { maven { url 'http://repo.maven.apache.org/maven2' } } dependencies { testCompile group: 'junit', name: 'junit', version: '3.8.1' } jacocoTestReport { reports { xml.enabled true csv.enabled false html.destination '${buildDir}/jacocoHtml' } }"; #endregion #region cobertura maven files public static readonly string PomXml = @" 4.0.0 com.mycompany.app my-app jar 1.0-SNAPSHOT my-app http://maven.apache.org junit junit 3.8.1 test "; public static readonly string PomWithCCCoberturaXml = @" 4.0.0 com.mycompany.app my-app jar 1.0-SNAPSHOT my-app http://maven.apache.org org.codehaus.mojo cobertura-maven-plugin 2.7 xml html com.*.* app.me*.* me.*.* a.b.* my.com.*.* package-3dbd177b-1c6b-4483-ba65-988711792c3d cobertura package org.codehaus.mojo cobertura-maven-plugin 2.7 xml html com.*.* app.me*.* me.*.* a.b.* my.com.*.* package-3dbd177b-1c6b-4483-ba65-988711792c3d cobertura package junit junit 3.8.1 test org.codehaus.mojo cobertura-maven-plugin 2.7 xml html "; public static readonly string PomWithMultiModuleXml = @" 4.0.0 com.mycompany.app my-app pom 1.0-SNAPSHOT my-app http://maven.apache.org module-1 module-2 junit junit 3.8.1 test "; public static readonly string PomWithMultiModuleWithCCCoberturaXml = @" 4.0.0 com.mlesniak.jacoco module-main 1.0-SNAPSHOT pom module-1 module-2 UTF-8 org.apache.maven.plugins maven-surefire-plugin 2.15 ${surefireArgLine } org.codehaus.mojo cobertura-maven-plugin 2.7 xml html package package cobertura org.codehaus.mojo cobertura-maven-plugin 2.7 xml html junit junit 4.11 test "; public static readonly string CodeSearchPomXml = @" 4.0.0 com.microsoft.search codesearch 6.0 1.0 1.7.1-SNAPSHOT 4.11 3.3 1.7 ${project.version }.${buildNumber } http://almsearchbm:8081/artifactory central ${artifactoryUri}/libs-release false snapshots ${artifactoryUri}/libs-snapshot false central ${artifactoryUri}/plugins-release false snapshots ${artifactoryUri}/plugins-snapshot false scm:git:http://mseng.visualstudio.com//DefaultCollection/VSOnline/_git/VSO scm:git:http://mseng.visualstudio.com//DefaultCollection/VSOnline/_git/VSO HEAD http://mseng.visualstudio.com//DefaultCollection/VSOnline/_git/VSO com.google.collections google-collections ${googleCollectionVersion} org.elasticsearch elasticsearch ${elasticSearchVersion} junit junit ${junitVersion} test src/main/resources true *.properties org.apache.maven.plugins maven-compiler-plugin ${mavenCompilerVersion} ${javaVersion} ${javaVersion} org.codehaus.mojo1 buildnumber-maven-plugin 1.3 buildnumber validate create {0,number} buildNumber false false unknownbuild ${buildNumberFilePathLocation} org.apache.maven.plugins maven-jar-plugin 2.1 true ${buildNumber} >${project.groupId} ${project.artifactId}-${projectBuildVersion} "; public static readonly string LogAppenderPomXml = @" 4.0.0 com.microsoft.log4jappender ETWAppender 1.0-SNAPSHOT jar 1.7 1.2.17 2.3.2 org.slf4j nlog4j ${log4j.version } org.apache.maven.plugins maven-compiler-plugin ${mvnCompilerPlugin.version } ${jdk.version} ${jdk.version} "; #endregion #region jacoco maven files public static readonly string PomWithJacocoCCXml = @" 4.0.0 com.mycompany.app my-app jar 1.0-SNAPSHOT my-app http://maven.apache.org org.jacoco jacoco-maven-plugin 0.7.6-SNAPSHOT pre-unit-test prepare-agent jacoco1.exec surefireArgLine post-unit-test test report jacoco1.exec ${project.reporting.outputDirectory }/jacoco-ut org.jacoco jacoco-maven-plugin 0.7.6-SNAPSHOT pre-unit-test prepare-agent jacoco1.exec surefireArgLine post-unit-test test report jacoco1.exec ${project.reporting.outputDirectory }/jacoco-ut junit junit 3.8.1 test "; public static readonly string PomWithMultiModuleWithCCJacocoXml = @" 2.0.0 com.mycompany.app my-app 1.0-SNAPSHOT pom my-app http://maven.apache.org module-1 module-2 org.jacoco jacoco-maven-plugin 0.7.6-SNAPSHOT pre-unit-test prepare-agent jacoco1.exec surefireArgLine post-unit-test test report jacoco1.exec ${project.reporting.outputDirectory }/jacoco-ut junit junit 3.8.1 test "; public static readonly string PomWithInvalidCCXml = @" 4.0.0 com.mycompany.app my-app jar 1.0-SNAPSHOT my-app http://maven.apache.org org.jacoco 0.7.6-SNAPSHOT codeCoverage\jacocoexec.exec codeCoverage codeCoverage\jacocoexec.exec com.mycompany.app.App2* default-prepare-agent prepare-agent default-report1 test report junit junit 3.8.1 test "; #endregion } } ================================================ FILE: src/Test/L0/Worker/CodeCoverage/CodeCoverageUtilitiesTests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage; using Moq; using System; using System.Collections.Generic; using System.IO; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.CodeCoverage { public class CodeCoverageUtilitiesTests { private Mock _ec; private List _warnings = new List(); private List _errors = new List(); private List _outputMessages = new List(); [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void GetPriorityOrderTest() { Assert.Equal(1, CodeCoverageUtilities.GetPriorityOrder("cLaSs")); Assert.Equal(2, CodeCoverageUtilities.GetPriorityOrder("ComplexiTy")); Assert.Equal(3, CodeCoverageUtilities.GetPriorityOrder("MEthoD")); Assert.Equal(4, CodeCoverageUtilities.GetPriorityOrder("line")); Assert.Equal(5, CodeCoverageUtilities.GetPriorityOrder("InstruCtion")); Assert.Equal(6, CodeCoverageUtilities.GetPriorityOrder("invalid")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void CopyFilesWithDirectoryStructureWhenInputIsNull() { string destinationFilePath = string.Empty; CodeCoverageUtilities.CopyFilesFromFileListWithDirStructure(null, ref destinationFilePath); } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void CopyFilesWithDirectoryStructureWhenFilesWithSameNamesAreGiven() { List files = GetAdditionalCodeCoverageFilesWithSameFileName(); string destinationFilePath = Path.Combine(Path.GetTempPath(), "additional"); try { Directory.CreateDirectory(destinationFilePath); CodeCoverageUtilities.CopyFilesFromFileListWithDirStructure(files, ref destinationFilePath); Assert.True(File.Exists(Path.Combine(destinationFilePath, "A/a.xml"))); Assert.True(File.Exists(Path.Combine(destinationFilePath, "B/a.xml"))); Assert.True(File.Exists(Path.Combine(destinationFilePath, "C/b.xml"))); Assert.True(File.Exists(Path.Combine(destinationFilePath, "a.xml"))); } finally { Directory.Delete(destinationFilePath, true); Directory.Delete(Path.Combine(Path.GetTempPath(), "A"), true); Directory.Delete(Path.Combine(Path.GetTempPath(), "B"), true); Directory.Delete(Path.Combine(Path.GetTempPath(), "C"), true); File.Delete(Path.Combine(Path.GetTempPath(), "a.xml")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void CopyFilesWithDirectoryStructureWhenFilesWithDifferentNamesAreGiven() { List files = GetAdditionalCodeCoverageFilesWithDifferentFileNames(); string destinationFilePath = Path.Combine(Path.GetTempPath(), "additional"); try { Directory.CreateDirectory(destinationFilePath); CodeCoverageUtilities.CopyFilesFromFileListWithDirStructure(files, ref destinationFilePath); Assert.True(File.Exists(Path.Combine(destinationFilePath, "a.xml"))); Assert.True(File.Exists(Path.Combine(destinationFilePath, "b.xml"))); } finally { Directory.Delete(destinationFilePath, true); Directory.Delete(Path.Combine(Path.GetTempPath(), "A"), true); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "EnableCodeCoverage")] public void ThrowsIfParameterNull() { Assert.Throws(() => CodeCoverageUtilities.TrimNonEmptyParam(null, "inputName")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "EnableCodeCoverage")] public void ThrowsIfParameterIsWhiteSpace() { Assert.Throws(() => CodeCoverageUtilities.TrimNonEmptyParam(" ", "inputName")); } private void SetupMocks() { _ec = new Mock(); _ec.Setup(x => x.Write(It.IsAny(), It.IsAny(), true)) .Callback ((tag, message, canMaskSecrets) => { _outputMessages.Add(message); }); _ec.Setup(x => x.AddIssue(It.IsAny())) .Callback ((issue) => { if (issue.Type == IssueType.Warning) { _warnings.Add(issue.Message); } else if (issue.Type == IssueType.Error) { _errors.Add(issue.Message); } }); } private List GetAdditionalCodeCoverageFilesWithSameFileName() { var files = new List(); files.Add(Path.Combine(Path.GetTempPath(), "A/a.xml")); files.Add(Path.Combine(Path.GetTempPath(), "B/a.xml")); files.Add(Path.Combine(Path.GetTempPath(), "C/b.xml")); files.Add(Path.Combine(Path.GetTempPath(), "a.xml")); foreach (var file in files) { Directory.CreateDirectory(Path.GetDirectoryName(file)); File.WriteAllText(file, "Test"); } return files; } private List GetAdditionalCodeCoverageFilesWithDifferentFileNames() { var files = new List(); files.Add(Path.Combine(Path.GetTempPath(), "A/a.xml")); files.Add(Path.Combine(Path.GetTempPath(), "A/b.xml")); foreach (var file in files) { Directory.CreateDirectory(Path.GetDirectoryName(file)); File.WriteAllText(file, "Test"); } return files; } } } ================================================ FILE: src/Test/L0/Worker/CodeCoverage/JacocoSummaryReaderTests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.TeamFoundation.TestManagement.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.CodeCoverage; using Moq; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Runtime.CompilerServices; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.CodeCoverage { public class JacocoSummaryReaderTests { private Mock _ec; private List _warnings = new List(); private List _errors = new List(); [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] [Trait("DeploymentItem", "Jacoco.xml")] public void VerifyJacocoCoverageStatisticsForValidSummaryFile() { SetupMocks(); var jacocoXml = GetPathToValidJaCoCoFile(); try { JaCoCoSummaryReader summaryReader = new JaCoCoSummaryReader(); var coverageStats = summaryReader.GetCodeCoverageSummary(_ec.Object, jacocoXml); var coverageStatsNew = coverageStats.ToList(); coverageStatsNew.Sort(new Statscomparer()); Assert.Equal(0, _errors.Count); Assert.Equal(0, _warnings.Count); VerifyCoverageStats(coverageStatsNew.ToList()); } finally { File.Delete(jacocoXml); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void VerifyFileDidnotExist() { SetupMocks(); var jacocoXml = JacocoFileDidnotExist(); JaCoCoSummaryReader summaryReader = new JaCoCoSummaryReader(); Assert.Throws(() => summaryReader.GetCodeCoverageSummary(_ec.Object, jacocoXml)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void VerifyInvalidXmlFile() { var invalidXml = JacocoInvalidXmlFile(); var summaryReader = new JaCoCoSummaryReader(); try { SetupMocks(); summaryReader.GetCodeCoverageSummary(_ec.Object, invalidXml); } finally { File.Delete(invalidXml); } Assert.Equal(0, _errors.Count); Assert.Equal(1, _warnings.Count); } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void VerifyWrongXmlFile() { var wrongXml = JacocoWrongXmlFile(); var summaryReader = new JaCoCoSummaryReader(); try { SetupMocks(); var coverageStats = summaryReader.GetCodeCoverageSummary(_ec.Object, wrongXml); Assert.Equal(coverageStats.ToList().Count, 0); Assert.Equal(0, _errors.Count); Assert.Equal(0, _warnings.Count); } finally { File.Delete(wrongXml); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PublishCodeCoverage")] public void VerifyEmptyXmlFile() { var emptyXml = GetEmptyCCFile(); try { SetupMocks(); var summaryReader = new JaCoCoSummaryReader(); Assert.Null(summaryReader.GetCodeCoverageSummary(_ec.Object, emptyXml)); Assert.Equal(0, _errors.Count); Assert.Equal(0, _warnings.Count); } finally { File.Delete(emptyXml); } } private string GetPathToValidJaCoCoFile() { var file = Path.Combine(Path.GetTempPath(), "jacocoValid.xml"); File.WriteAllText(file, CodeCoverageTestConstants.ValidJacocoXml); return file; } private string JacocoFileDidnotExist() { return Path.Combine(Path.GetTempPath(), "CoberturaDidNotExist.xml"); } private string JacocoInvalidXmlFile() { var file = Path.GetTempFileName(); File.WriteAllText(file, "This is not XML File"); return file; } private string JacocoWrongXmlFile() { var file = Path.GetTempFileName(); File.WriteAllText(file, "\nThis is a Test"); return file; } private string GetEmptyCCFile() { return Path.GetTempFileName(); } private static void VerifyCoverageStats(List coverageStats) { Assert.Equal(5, coverageStats.Count); Assert.Equal(1, (int)coverageStats[0].Position); Assert.Equal("class", coverageStats[0].Label.ToLower()); Assert.Equal(2, (int)coverageStats[0].Covered); Assert.Equal(2, (int)coverageStats[0].Total); Assert.Equal(2, (int)coverageStats[1].Position); Assert.Equal("complexity", coverageStats[1].Label.ToLower()); Assert.Equal(2, (int)coverageStats[1].Covered); Assert.Equal(6, (int)coverageStats[1].Total); Assert.Equal(3, (int)coverageStats[2].Position); Assert.Equal("method", coverageStats[2].Label.ToLower()); Assert.Equal(2, (int)coverageStats[2].Covered); Assert.Equal(6, (int)coverageStats[2].Total); Assert.Equal(4, (int)coverageStats[3].Position); Assert.Equal("line", coverageStats[3].Label.ToLower()); Assert.Equal(2, (int)coverageStats[3].Covered); Assert.Equal(7, (int)coverageStats[3].Total); Assert.Equal(5, (int)coverageStats[4].Position); Assert.Equal("instruction", coverageStats[4].Label.ToLower()); Assert.Equal(8, (int)coverageStats[4].Covered); Assert.Equal(22, (int)coverageStats[4].Total); } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA2000:Dispose objects before losing scope", MessageId = "TestHostContext")] private void SetupMocks([CallerMemberName] string name = "") { TestHostContext hc = new TestHostContext(this, name); _ec = new Mock(); _ec.Setup(x => x.AddIssue(It.IsAny())) .Callback ((issue) => { if (issue.Type == IssueType.Warning) { _warnings.Add(issue.Message); } else if (issue.Type == IssueType.Error) { _errors.Add(issue.Message); } }); } } public class Statscomparer : IComparer { public int Compare(CodeCoverageStatistics x, CodeCoverageStatistics y) { return ((int)x.Position > (int)y.Position ? 1 : -1); } } } ================================================ FILE: src/Test/L0/Worker/CodeCoverage/frame-summary.html ================================================ Coverage Report
Coverage Report - All Packages
 
Package # Classes Line Coverage Branch Coverage Complexity
All Packages2
40%
2/5
N/A
N/A
1
com.mycompany.app2
40%
2/5
N/A
N/A
1
Report generated by Cobertura 2.1.1 on 5/17/16 2:44 PM.
================================================ FILE: src/Test/L0/Worker/CodeCoverage/index.html ================================================ Coverage Report <body> <p>This document is designed to be viewed using the frames feature. If you see this message, you are using a frame-incapable web client.</p> <p><a href="frame-summary.html">Click here to view a non-frame version.</a></p> </body> ================================================ FILE: src/Test/L0/Worker/ContainerOperationProviderEnhancedL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using System.Collections.Generic; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class ContainerOperationProviderEnhancedL0 : ContainerOperationProviderL0Base { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task StartContainer_WithDockerLabel_SetsNodePath() { using (var hc = new TestHostContext(this)) { System.IO.Directory.CreateDirectory(hc.GetDirectory(WellKnownDirectory.Work)); var dockerManager = CreateDockerManagerMock(NodePathFromLabel); var executionContext = CreateExecutionContextMock(hc); var container = new ContainerInfo(new Pipelines.ContainerResource() { Alias = "test", Image = "node:16" }); // Setup IProcessInvoker for non-Windows platforms if (!PlatformUtil.RunningOnWindows) { SetupProcessInvokerMock(hc); } hc.SetSingleton(dockerManager.Object); var provider = new ContainerOperationProviderEnhanced(); provider.Initialize(hc); // Act - Call main container code with mocked Docker operations await provider.StartContainersAsync(executionContext.Object, new List { container }); // Assert Assert.Equal(NodePathFromLabel, container.CustomNodePath); Assert.Equal(NodePathFromLabel, container.ResultNodePath); Assert.Contains(NodePathFromLabel, container.ContainerCommand); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "windows")] [Trait("SkipOn", "linux")] public async Task StartContainer_WithoutDockerLabel_OnMacOS_UsesDefaultNode() { // Only run on macOS if (!PlatformUtil.RunningOnMacOS) { return; } using (var hc = new TestHostContext(this)) { System.IO.Directory.CreateDirectory(hc.GetDirectory(WellKnownDirectory.Work)); var dockerManager = CreateDockerManagerMock(NodePathFromLabelEmpty); var executionContext = CreateExecutionContextMock(hc); var container = new ContainerInfo(new Pipelines.ContainerResource() { Alias = "test", Image = "node:16" }); // Setup IProcessInvoker for macOS SetupProcessInvokerMock(hc); hc.SetSingleton(dockerManager.Object); var provider = new ContainerOperationProviderEnhanced(); provider.Initialize(hc); // Act - Call main container code with mocked Docker operations await provider.StartContainersAsync(executionContext.Object, new List { container }); // Assert - macOS uses "node" from container Assert.Equal(DefaultNodeCommand, container.CustomNodePath); Assert.Equal(DefaultNodeCommand, container.ResultNodePath); Assert.Contains(DefaultNodeCommand, container.ContainerCommand); } } // Test 3: Docker label absent - Windows + Linux container only [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public async Task StartContainer_WithoutDockerLabel_OnWindowsWithLinuxContainer_UsesDefaultNode() { // Only run on Windows if (!PlatformUtil.RunningOnWindows) { return; } using (var hc = new TestHostContext(this)) { System.IO.Directory.CreateDirectory(hc.GetDirectory(WellKnownDirectory.Work)); var dockerManager = CreateDockerManagerMock(NodePathFromLabelEmpty); var executionContext = CreateExecutionContextMock(hc); var container = new ContainerInfo(new Pipelines.ContainerResource() { Alias = "test", Image = "node:16" }); // Set container to Linux OS (Windows host running Linux container) container.ImageOS = PlatformUtil.OS.Linux; hc.SetSingleton(dockerManager.Object); var provider = new ContainerOperationProviderEnhanced(); provider.Initialize(hc); // Act - Call main container code with mocked Docker operations await provider.StartContainersAsync(executionContext.Object, new List { container }); // Assert - Windows+Linux uses "node" from container Assert.Equal(DefaultNodeCommand, container.CustomNodePath); Assert.Equal(DefaultNodeCommand, container.ResultNodePath); Assert.Contains(DefaultNodeCommand, container.ContainerCommand); } } // Test 4: Docker label absent - Linux only (uses agent's mounted node from externals) [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "windows")] public async Task StartContainer_WithoutDockerLabel_OnLinux_UsesAgentNode() { // Only run on Linux if (!PlatformUtil.RunningOnLinux) { return; } using (var hc = new TestHostContext(this)) { System.IO.Directory.CreateDirectory(hc.GetDirectory(WellKnownDirectory.Work)); var dockerManager = CreateDockerManagerMock(NodePathFromLabelEmpty); var executionContext = CreateExecutionContextMock(hc); var container = new ContainerInfo(new Pipelines.ContainerResource() { Alias = "test", Image = "node:16" }); // Setup IProcessInvoker for Linux SetupProcessInvokerMock(hc); hc.SetSingleton(dockerManager.Object); var provider = new ContainerOperationProviderEnhanced(); provider.Initialize(hc); // Act - Call main container code with mocked Docker operations await provider.StartContainersAsync(executionContext.Object, new List { container }); // Assert - Linux uses agent's mounted node Assert.True(string.IsNullOrEmpty(container.CustomNodePath)); Assert.NotNull(container.ResultNodePath); Assert.NotEmpty(container.ResultNodePath); Assert.Contains(NodeFromAgentExternal, container.ResultNodePath); Assert.EndsWith("/bin/node", container.ResultNodePath); Assert.Contains(NodeFromAgentExternal, container.ContainerCommand); } } } } ================================================ FILE: src/Test/L0/Worker/ContainerOperationProviderL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using System.Collections.Generic; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class ContainerOperationProviderL0 : ContainerOperationProviderL0Base { [Fact(Skip = "The test is flaky and needs to be fixed using the new container strategy.")] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task StartContainer_WithDockerLabel_SetsNodePath() { using (var hc = new TestHostContext(this)) { System.IO.Directory.CreateDirectory(hc.GetDirectory(WellKnownDirectory.Work)); var dockerManager = CreateDockerManagerMock(NodePathFromLabel); var executionContext = CreateExecutionContextMock(hc); var container = new ContainerInfo(new Pipelines.ContainerResource() { Alias = "test", Image = "node:16" }); // Setup IProcessInvoker for non-Windows platforms if (!PlatformUtil.RunningOnWindows) { SetupProcessInvokerMock(hc); } hc.SetSingleton(dockerManager.Object); var provider = new ContainerOperationProvider(); provider.Initialize(hc); // Act - Call main container code with mocked Docker operations await provider.StartContainersAsync(executionContext.Object, new List { container }); // Assert Assert.Equal(NodePathFromLabel, container.CustomNodePath); Assert.Equal(NodePathFromLabel, container.ResultNodePath); Assert.Contains(NodePathFromLabel, container.ContainerCommand); } } [Fact(Skip = "The test is flaky and needs to be fixed using the new container strategy.")] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "windows")] [Trait("SkipOn", "linux")] public async Task StartContainer_WithoutDockerLabel_OnMacOS_UsesDefaultNode() { // Only run on macOS if (!PlatformUtil.RunningOnMacOS) { return; } using (var hc = new TestHostContext(this)) { System.IO.Directory.CreateDirectory(hc.GetDirectory(WellKnownDirectory.Work)); var dockerManager = CreateDockerManagerMock(NodePathFromLabelEmpty); var executionContext = CreateExecutionContextMock(hc); var container = new ContainerInfo(new Pipelines.ContainerResource() { Alias = "test", Image = "node:16" }); // Setup IProcessInvoker for macOS SetupProcessInvokerMock(hc); hc.SetSingleton(dockerManager.Object); var provider = new ContainerOperationProvider(); provider.Initialize(hc); typeof(ContainerOperationProvider).GetField("_dockerManger", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance) ?.SetValue(provider, dockerManager.Object); // Act - Call main container code with mocked Docker operations await provider.StartContainersAsync(executionContext.Object, new List { container }); // Assert - macOS uses "node" from container Assert.Equal(DefaultNodeCommand, container.CustomNodePath); Assert.Equal(DefaultNodeCommand, container.ResultNodePath); Assert.Contains(DefaultNodeCommand, container.ContainerCommand); } } // Test 3: Docker label absent - Windows + Linux container only [Fact(Skip = "The test is flaky and needs to be fixed using the new container strategy.")] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public async Task StartContainer_WithoutDockerLabel_OnWindowsWithLinuxContainer_UsesDefaultNode() { // Only run on Windows if (!PlatformUtil.RunningOnWindows) { return; } using (var hc = new TestHostContext(this)) { System.IO.Directory.CreateDirectory(hc.GetDirectory(WellKnownDirectory.Work)); var dockerManager = CreateDockerManagerMock(NodePathFromLabelEmpty); var executionContext = CreateExecutionContextMock(hc); var container = new ContainerInfo(new Pipelines.ContainerResource() { Alias = "test", Image = "node:16" }); // Set container to Linux OS (Windows host running Linux container) container.ImageOS = PlatformUtil.OS.Linux; hc.SetSingleton(dockerManager.Object); var provider = new ContainerOperationProvider(); provider.Initialize(hc); typeof(ContainerOperationProvider).GetField("_dockerManger", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance) ?.SetValue(provider, dockerManager.Object); // Act - Call main container code with mocked Docker operations await provider.StartContainersAsync(executionContext.Object, new List { container }); // Assert - Windows+Linux uses "node" from container Assert.Equal(DefaultNodeCommand, container.CustomNodePath); Assert.Equal(DefaultNodeCommand, container.ResultNodePath); Assert.Contains(DefaultNodeCommand, container.ContainerCommand); } } // Test 4: Docker label absent - Linux only (uses agent's mounted node from externals) [Fact(Skip = "The test is flaky and needs to be fixed using the new container strategy.")] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "windows")] public async Task StartContainer_WithoutDockerLabel_OnLinux_UsesAgentNode() { // Only run on Linux if (!PlatformUtil.RunningOnLinux) { return; } using (var hc = new TestHostContext(this)) { System.IO.Directory.CreateDirectory(hc.GetDirectory(WellKnownDirectory.Work)); var dockerManager = CreateDockerManagerMock(NodePathFromLabelEmpty); var executionContext = CreateExecutionContextMock(hc); var container = new ContainerInfo(new Pipelines.ContainerResource() { Alias = "test", Image = "node:16" }); // Setup IProcessInvoker for Linux SetupProcessInvokerMock(hc); hc.SetSingleton(dockerManager.Object); var provider = new ContainerOperationProvider(); provider.Initialize(hc); typeof(ContainerOperationProvider).GetField("_dockerManger", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance) ?.SetValue(provider, dockerManager.Object); // Act - Call main container code with mocked Docker operations await provider.StartContainersAsync(executionContext.Object, new List { container }); // Assert - Linux uses agent's mounted node Assert.True(string.IsNullOrEmpty(container.CustomNodePath)); Assert.NotNull(container.ResultNodePath); Assert.NotEmpty(container.ResultNodePath); Assert.Contains(NodeFromAgentExternal, container.ResultNodePath); Assert.EndsWith("/bin/node", container.ResultNodePath); Assert.Contains(NodeFromAgentExternal, container.ContainerCommand); } } } } ================================================ FILE: src/Test/L0/Worker/ContainerOperationProviderL0.md ================================================ ================================================ FILE: src/Test/L0/Worker/ContainerOperationProviderL0Base.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Container; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Moq; using System; using System.Collections.Generic; using System.Text; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent; using Microsoft.TeamFoundation.Framework.Common; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public abstract class ContainerOperationProviderL0Base { protected const string NodePathFromLabel = "/usr/bin/node"; protected const string NodePathFromLabelEmpty = ""; protected const string DefaultNodeCommand = "node"; protected const string NodeFromAgentExternal = "externals/node"; protected Mock CreateDockerManagerMock(string inspectResult) { var dockerManager = new Mock(); dockerManager.Setup(x => x.DockerVersion(It.IsAny())) .ReturnsAsync(new DockerVersion(new Version("1.35"), new Version("1.35"))); dockerManager.Setup(x => x.DockerPS(It.IsAny(), It.IsAny())) .ReturnsAsync(new List { "container123 Up 5 seconds" }); dockerManager.Setup(x => x.DockerNetworkCreate(It.IsAny(), It.IsAny())) .ReturnsAsync(0); dockerManager.Setup(x => x.DockerPull(It.IsAny(), It.IsAny())) .ReturnsAsync(0); dockerManager.Setup(x => x.DockerCreate(It.IsAny(), It.IsAny())) .ReturnsAsync("container123"); dockerManager.Setup(x => x.DockerStart(It.IsAny(), It.IsAny())) .ReturnsAsync(0); dockerManager.Setup(x => x.DockerInspect(It.IsAny(), It.IsAny(), It.IsAny())) .ReturnsAsync(inspectResult); dockerManager.Setup(x => x.DockerExec(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny>())) .ReturnsAsync((IExecutionContext context, string containerId, string options, string command, List output) => { if (command.Contains("node -v")) { output.Add("v16.20.2"); } return 0; }); return dockerManager; } protected Mock CreateExecutionContextMock(TestHostContext hc) { var executionContext = new Mock(); var variables = new Variables(hc, new Dictionary(), out var warnings); executionContext.Setup(x => x.Variables).Returns(variables); executionContext.Setup(x => x.CancellationToken).Returns(CancellationToken.None); executionContext.Setup(x => x.GetVariableValueOrDefault(It.IsAny())).Returns(string.Empty); executionContext.Setup(x => x.Containers).Returns(new List()); executionContext.Setup(x => x.GetScopedEnvironment()).Returns(new SystemEnvironment()); return executionContext; } protected sealed class FakeProcessInvoker : IProcessInvoker { public event EventHandler OutputDataReceived; #pragma warning disable CS0067 public event EventHandler ErrorDataReceived; #pragma warning restore CS0067 public TimeSpan SigintTimeout { get; set; } public TimeSpan SigtermTimeout { get; set; } public bool TryUseGracefulShutdown { get; set; } public void Initialize(IHostContext hostContext) { } public Task ExecuteAsync(string workingDirectory, string fileName, string arguments, IDictionary environment, CancellationToken cancellationToken) => ExecuteAsync(workingDirectory, fileName, arguments, environment, false, null, false, cancellationToken); public Task ExecuteAsync(string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, CancellationToken cancellationToken) => ExecuteAsync(workingDirectory, fileName, arguments, environment, requireExitCodeZero, null, false, cancellationToken); public Task ExecuteAsync(string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, CancellationToken cancellationToken) => ExecuteAsync(workingDirectory, fileName, arguments, environment, requireExitCodeZero, outputEncoding, false, cancellationToken); public Task ExecuteAsync(string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, CancellationToken cancellationToken) => ExecuteAsync(workingDirectory, fileName, arguments, environment, requireExitCodeZero, outputEncoding, killProcessOnCancel, null, cancellationToken); public Task ExecuteAsync(string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, CancellationToken cancellationToken) => ExecuteAsync(workingDirectory, fileName, arguments, environment, requireExitCodeZero, outputEncoding, killProcessOnCancel, redirectStandardIn, false, false, cancellationToken); public Task ExecuteAsync(string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, bool inheritConsoleHandler, bool continueAfterCancelProcessTreeKillAttempt, CancellationToken cancellationToken) => ExecuteAsync(workingDirectory, fileName, arguments, environment, requireExitCodeZero, outputEncoding, killProcessOnCancel, redirectStandardIn, inheritConsoleHandler, false, continueAfterCancelProcessTreeKillAttempt, cancellationToken); public Task ExecuteAsync(string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, bool inheritConsoleHandler, bool keepStandardInOpen, bool continueAfterCancelProcessTreeKillAttempt, CancellationToken cancellationToken) => ExecuteAsync(workingDirectory, fileName, arguments, environment, requireExitCodeZero, outputEncoding, killProcessOnCancel, redirectStandardIn, inheritConsoleHandler, keepStandardInOpen, false, continueAfterCancelProcessTreeKillAttempt, cancellationToken); public Task ExecuteAsync(string workingDirectory, string fileName, string arguments, IDictionary environment, bool requireExitCodeZero, Encoding outputEncoding, bool killProcessOnCancel, InputQueue redirectStandardIn, bool inheritConsoleHandler, bool keepStandardInOpen, bool highPriorityProcess, bool continueAfterCancelProcessTreeKillAttempt, CancellationToken cancellationToken) { if (fileName == "whoami") OutputDataReceived?.Invoke(this, new ProcessDataReceivedEventArgs("testuser")); else if (fileName == "id" && arguments.StartsWith("-u")) OutputDataReceived?.Invoke(this, new ProcessDataReceivedEventArgs("1000")); else if (fileName == "id" && arguments.StartsWith("-gn")) OutputDataReceived?.Invoke(this, new ProcessDataReceivedEventArgs("testgroup")); else if (fileName == "id" && arguments.StartsWith("-g")) OutputDataReceived?.Invoke(this, new ProcessDataReceivedEventArgs("1000")); else if (fileName == "node" && arguments.Contains("-v")) OutputDataReceived?.Invoke(this, new ProcessDataReceivedEventArgs("v16.20.2")); return Task.FromResult(0); } public void Dispose() { } } protected void SetupProcessInvokerMock(TestHostContext hc) { #pragma warning disable CA2000 var processInvoker = new FakeProcessInvoker(); #pragma warning restore CA2000 // Enqueue enough instances for all ExecuteCommandAsync calls in container operations // Each test may call: whoami, id -u, id -g, id -gn, stat, and potentially other commands // Enqueue 10 instances to ensure we don't run out during test execution for (int i = 0; i < 10; i++) { hc.EnqueueInstance(processInvoker); } } } } ================================================ FILE: src/Test/L0/Worker/ExecutionContextL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Moq; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.CompilerServices; using System.Threading; using Xunit; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Util; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class ExecutionContextL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void InitializeJob_LogsWarningsFromVariables() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); environment.Variables["v1"] = "v1-$(v2)"; environment.Variables["v2"] = "v2-$(v1)"; List tasks = new List(); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var jobRequest = Pipelines.AgentJobRequestMessageUtil.Convert(new AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, environment, tasks)); // Arrange: Setup the paging logger. var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); ec.Initialize(hc); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); // Assert. pagingLogger.Verify(x => x.Write(It.Is(y => y.IndexOf("##[warning]") >= 0)), Times.Exactly(2)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void AddIssue_CountWarningsErrors() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List tasks = new List(); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var jobRequest = Pipelines.AgentJobRequestMessageUtil.Convert(new AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, environment, tasks)); // Arrange: Setup the paging logger. var pagingLogger = new Mock(); var jobServerQueue = new Mock(); jobServerQueue.Setup(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.IsAny())); hc.EnqueueInstance(pagingLogger.Object); hc.SetSingleton(jobServerQueue.Object); ec.Initialize(hc); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Error, Message = "error" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.AddIssue(new Issue() { Type = IssueType.Warning, Message = "warning" }); ec.Complete(); // Assert. jobServerQueue.Verify(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.Is(t => t.ErrorCount == 15)), Times.AtLeastOnce); jobServerQueue.Verify(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.Is(t => t.WarningCount == 14)), Times.AtLeastOnce); jobServerQueue.Verify(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.Is(t => t.Issues.Where(i => i.Type == IssueType.Error).Count() == 10)), Times.AtLeastOnce); jobServerQueue.Verify(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.Is(t => t.Issues.Where(i => i.Type == IssueType.Warning).Count() == 10)), Times.AtLeastOnce); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void StepTarget_VerifySet() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { ec.Initialize(hc); var pipeContainer = new Pipelines.ContainerResource { Alias = "container" }; pipeContainer.Properties.Set("image", "someimage"); // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List steps = new List(); steps.Add(new Pipelines.TaskStep { Target = new Pipelines.StepTarget { Target = "container" }, Reference = new Pipelines.TaskStepDefinitionReference() }); var resources = new Pipelines.JobResources(); resources.Containers.Add(pipeContainer); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var jobRequest = new Pipelines.AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, null, new Dictionary(), new Dictionary(), new List(), resources, new Pipelines.WorkspaceOptions(), steps); // Arrange var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); ec.SetStepTarget(steps[0].Target); // Assert. Assert.IsType(ec.StepTarget()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void StepTarget_RestrictedCommands_Host() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { ec.Initialize(hc); var pipeContainer = new Pipelines.ContainerResource { Alias = "container" }; pipeContainer.Properties.Set("image", "someimage"); // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List steps = new List(); steps.Add(new Pipelines.TaskStep { Target = new Pipelines.StepTarget { Target = "host", Commands = "restricted" }, Reference = new Pipelines.TaskStepDefinitionReference() }); var resources = new Pipelines.JobResources(); resources.Containers.Add(pipeContainer); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var jobRequest = new Pipelines.AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, null, new Dictionary(), new Dictionary(), new List(), resources, new Pipelines.WorkspaceOptions(), steps); // Arrange var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); ec.SetStepTarget(steps[0].Target); // Assert. Assert.IsType(ec.StepTarget()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void StepTarget_LoadStepContainersWithoutJobContainer() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { ec.Initialize(hc); var pipeContainer = new Pipelines.ContainerResource { Alias = "container" }; pipeContainer.Properties.Set("image", "someimage"); // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List steps = new List(); steps.Add(new Pipelines.TaskStep { Target = new Pipelines.StepTarget { Target = "container" }, Reference = new Pipelines.TaskStepDefinitionReference() }); var resources = new Pipelines.JobResources(); resources.Containers.Add(pipeContainer); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var jobRequest = new Pipelines.AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, null, new Dictionary(), new Dictionary(), new List(), resources, new Pipelines.WorkspaceOptions(), steps); // Arrange: Setup command manager var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); // Assert. Assert.Equal(1, ec.Containers.Count()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SidecarContainers_VerifyNotJobContainers() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { ec.Initialize(hc); var pipeContainer = new Pipelines.ContainerResource { Alias = "container" }; var pipeContainerSidecar = new Pipelines.ContainerResource { Alias = "sidecar" }; var pipeContainerExtra = new Pipelines.ContainerResource { Alias = "extra" }; pipeContainer.Properties.Set("image", "someimage"); pipeContainerSidecar.Properties.Set("image", "someimage"); pipeContainerExtra.Properties.Set("image", "someimage"); // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List steps = new List(); steps.Add(new Pipelines.TaskStep { Reference = new Pipelines.TaskStepDefinitionReference() }); var resources = new Pipelines.JobResources(); resources.Containers.Add(pipeContainer); resources.Containers.Add(pipeContainerSidecar); resources.Containers.Add(pipeContainerExtra); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var sidecarContainers = new Dictionary(); sidecarContainers.Add("sidecar", "sidecar"); var jobRequest = new Pipelines.AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, null, sidecarContainers, new Dictionary(), new List(), resources, new Pipelines.WorkspaceOptions(), steps); // Arrange: Setup command manager var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); // Assert. Assert.Equal(2, ec.Containers.Count()); Assert.Equal(1, ec.SidecarContainers.Count()); Assert.False(ec.SidecarContainers.First().IsJobContainer); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void InitializeJob_should_set_JobSettings() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List tasks = new List(); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var jobRequest = Pipelines.AgentJobRequestMessageUtil.Convert(new AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, environment, tasks)); // Arrange: Setup the paging logger. var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); ec.Initialize(hc); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); // Assert. Assert.NotNull(ec.JobSettings); Assert.Equal(Boolean.FalseString, ec.JobSettings[WellKnownJobSettings.HasMultipleCheckouts]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void InitializeJob_should_set_JobSettings_multicheckout() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List tasks = new List(); tasks.Add(new TaskInstance() { Id = Pipelines.PipelineConstants.CheckoutTask.Id, Version = Pipelines.PipelineConstants.CheckoutTask.Version }); tasks.Add(new TaskInstance() { Id = Pipelines.PipelineConstants.CheckoutTask.Id, Version = Pipelines.PipelineConstants.CheckoutTask.Version }); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var jobRequest = Pipelines.AgentJobRequestMessageUtil.Convert(new AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, environment, tasks)); // Arrange: Setup the paging logger. var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); ec.Initialize(hc); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); // Assert. Assert.NotNull(ec.JobSettings); Assert.Equal(Boolean.TrueString, ec.JobSettings[WellKnownJobSettings.HasMultipleCheckouts]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void InitializeJob_should_mark_primary_repository() { // Note: the primary repository is defined as the first repository that is checked out in the job using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List tasks = new List(); tasks.Add(new TaskInstance() { Id = Pipelines.PipelineConstants.CheckoutTask.Id, Version = Pipelines.PipelineConstants.CheckoutTask.Version, Inputs = { { Pipelines.PipelineConstants.CheckoutTaskInputs.Repository, "repo1" } } }); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var jobRequest = Pipelines.AgentJobRequestMessageUtil.Convert(new AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, environment, tasks)); var repo1 = new Pipelines.RepositoryResource() { Alias = "repo1" }; jobRequest.Resources.Repositories.Add(repo1); // Arrange: Setup the paging logger. var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); ec.Initialize(hc); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); // Assert. Assert.NotNull(ec.JobSettings); Assert.Equal(Boolean.FalseString, ec.JobSettings[WellKnownJobSettings.HasMultipleCheckouts]); Assert.Equal("repo1", ec.JobSettings[WellKnownJobSettings.FirstRepositoryCheckedOut]); Assert.False(ec.JobSettings.ContainsKey(WellKnownJobSettings.DefaultWorkingDirectoryRepository)); Assert.Equal(Boolean.TrueString, repo1.Properties.Get(RepositoryUtil.IsPrimaryRepository)); Assert.Equal(Boolean.FalseString, repo1.Properties.Get(RepositoryUtil.IsDefaultWorkingDirectoryRepository, Boolean.FalseString)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void InitializeJob_should_mark_default_workdirectory_repository() { // Note: the primary repository is defined as the first repository that is checked out in the job using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List tasks = new List(); tasks.Add(new TaskInstance() { Id = Pipelines.PipelineConstants.CheckoutTask.Id, Version = Pipelines.PipelineConstants.CheckoutTask.Version, Inputs = { { Pipelines.PipelineConstants.CheckoutTaskInputs.Repository, "repo1" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.WorkspaceRepo, "true" } } }); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var jobRequest = Pipelines.AgentJobRequestMessageUtil.Convert(new AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, environment, tasks)); var repo1 = new Pipelines.RepositoryResource() { Alias = "repo1" }; jobRequest.Resources.Repositories.Add(repo1); // Arrange: Setup the paging logger. var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); ec.Initialize(hc); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); // Assert. Assert.NotNull(ec.JobSettings); Assert.Equal(Boolean.FalseString, ec.JobSettings[WellKnownJobSettings.HasMultipleCheckouts]); Assert.Equal("repo1", ec.JobSettings[WellKnownJobSettings.DefaultWorkingDirectoryRepository]); Assert.Equal(Boolean.TrueString, repo1.Properties.Get(RepositoryUtil.IsPrimaryRepository)); Assert.Equal(Boolean.TrueString, repo1.Properties.Get(RepositoryUtil.IsDefaultWorkingDirectoryRepository, Boolean.FalseString)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void InitializeJob_should_mark_primary_repository_in_multicheckout() { // Note: the primary repository is defined as the first repository that is checked out in the job using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List tasks = new List(); tasks.Add(new TaskInstance() { Id = Pipelines.PipelineConstants.CheckoutTask.Id, Version = Pipelines.PipelineConstants.CheckoutTask.Version, Inputs = { { Pipelines.PipelineConstants.CheckoutTaskInputs.Repository, "repo2" } } }); tasks.Add(new TaskInstance() { Id = Pipelines.PipelineConstants.CheckoutTask.Id, Version = Pipelines.PipelineConstants.CheckoutTask.Version, Inputs = { { Pipelines.PipelineConstants.CheckoutTaskInputs.Repository, "repo3" } } }); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var jobRequest = Pipelines.AgentJobRequestMessageUtil.Convert(new AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, environment, tasks)); var repo1 = new Pipelines.RepositoryResource() { Alias = "self" }; var repo2 = new Pipelines.RepositoryResource() { Alias = "repo2" }; var repo3 = new Pipelines.RepositoryResource() { Alias = "repo3" }; jobRequest.Resources.Repositories.Add(repo1); jobRequest.Resources.Repositories.Add(repo2); jobRequest.Resources.Repositories.Add(repo3); // Arrange: Setup the paging logger. var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); ec.Initialize(hc); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); // Assert. Assert.NotNull(ec.JobSettings); Assert.Equal(Boolean.TrueString, ec.JobSettings[WellKnownJobSettings.HasMultipleCheckouts]); Assert.Equal("repo2", ec.JobSettings[WellKnownJobSettings.FirstRepositoryCheckedOut]); Assert.False(ec.JobSettings.ContainsKey(WellKnownJobSettings.DefaultWorkingDirectoryRepository)); Assert.Equal(Boolean.FalseString, repo1.Properties.Get(RepositoryUtil.IsPrimaryRepository, Boolean.FalseString)); Assert.Equal(Boolean.TrueString, repo2.Properties.Get(RepositoryUtil.IsPrimaryRepository, Boolean.FalseString)); Assert.Equal(Boolean.FalseString, repo3.Properties.Get(RepositoryUtil.IsPrimaryRepository, Boolean.FalseString)); Assert.Equal(Boolean.FalseString, repo1.Properties.Get(RepositoryUtil.IsDefaultWorkingDirectoryRepository, Boolean.FalseString)); Assert.Equal(Boolean.FalseString, repo2.Properties.Get(RepositoryUtil.IsDefaultWorkingDirectoryRepository, Boolean.FalseString)); Assert.Equal(Boolean.FalseString, repo3.Properties.Get(RepositoryUtil.IsDefaultWorkingDirectoryRepository, Boolean.FalseString)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void InitializeJob_should_mark_default_workdirectory_repository_in_multicheckout() { // Note: the primary repository is defined as the first repository that is checked out in the job using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List tasks = new List(); tasks.Add(new TaskInstance() { Id = Pipelines.PipelineConstants.CheckoutTask.Id, Version = Pipelines.PipelineConstants.CheckoutTask.Version, Inputs = { { Pipelines.PipelineConstants.CheckoutTaskInputs.Repository, "self" } } }); tasks.Add(new TaskInstance() { Id = Pipelines.PipelineConstants.CheckoutTask.Id, Version = Pipelines.PipelineConstants.CheckoutTask.Version, Inputs = { { Pipelines.PipelineConstants.CheckoutTaskInputs.Repository, "repo2" }, { Pipelines.PipelineConstants.CheckoutTaskInputs.WorkspaceRepo, "true" } } }); tasks.Add(new TaskInstance() { Id = Pipelines.PipelineConstants.CheckoutTask.Id, Version = Pipelines.PipelineConstants.CheckoutTask.Version, Inputs = { { Pipelines.PipelineConstants.CheckoutTaskInputs.Repository, "repo3" } } }); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var jobRequest = Pipelines.AgentJobRequestMessageUtil.Convert(new AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, environment, tasks)); var repo1 = new Pipelines.RepositoryResource() { Alias = "self" }; var repo2 = new Pipelines.RepositoryResource() { Alias = "repo2" }; var repo3 = new Pipelines.RepositoryResource() { Alias = "repo3" }; jobRequest.Resources.Repositories.Add(repo1); jobRequest.Resources.Repositories.Add(repo2); jobRequest.Resources.Repositories.Add(repo3); // Arrange: Setup the paging logger. var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); ec.Initialize(hc); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); // Assert. Assert.NotNull(ec.JobSettings); Assert.Equal(Boolean.TrueString, ec.JobSettings[WellKnownJobSettings.HasMultipleCheckouts]); Assert.Equal("self", ec.JobSettings[WellKnownJobSettings.FirstRepositoryCheckedOut]); Assert.Equal("repo2", ec.JobSettings[WellKnownJobSettings.DefaultWorkingDirectoryRepository]); Assert.Equal(Boolean.TrueString, repo1.Properties.Get(RepositoryUtil.IsPrimaryRepository, Boolean.FalseString)); Assert.Equal(Boolean.FalseString, repo2.Properties.Get(RepositoryUtil.IsPrimaryRepository, Boolean.FalseString)); Assert.Equal(Boolean.FalseString, repo3.Properties.Get(RepositoryUtil.IsPrimaryRepository, Boolean.FalseString)); Assert.Equal(Boolean.FalseString, repo1.Properties.Get(RepositoryUtil.IsDefaultWorkingDirectoryRepository, Boolean.FalseString)); Assert.Equal(Boolean.TrueString, repo2.Properties.Get(RepositoryUtil.IsDefaultWorkingDirectoryRepository, Boolean.FalseString)); Assert.Equal(Boolean.FalseString, repo3.Properties.Get(RepositoryUtil.IsDefaultWorkingDirectoryRepository, Boolean.FalseString)); } } [Theory] [Trait("Level", "L0")] [Trait("Category", "Worker")] [InlineData(true, null, null)] [InlineData(true, null, "host")] [InlineData(true, null, "container")] [InlineData(true, "container", null)] [InlineData(true, "container", "host")] [InlineData(true, "container", "container")] [InlineData(false, null, null)] [InlineData(false, null, "host")] [InlineData(false, null, "container")] [InlineData(false, "container", null)] [InlineData(false, "container", "host")] [InlineData(false, "container", "container")] public void TranslatePathForStepTarget_should_convert_path_only_for_containers(bool isCheckout, string jobTarget, string stepTarget) { // Note: the primary repository is defined as the first repository that is checked out in the job using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { ec.Initialize(hc); // Arrange: Create a container. var pipeContainer = new Pipelines.ContainerResource { Alias = "container" }; pipeContainer.Properties.Set("image", "someimage"); // Arrange: Create a job request message. TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List steps = new List(); steps.Add(new Pipelines.TaskStep { Target = new Pipelines.StepTarget { Target = stepTarget }, Reference = new Pipelines.TaskStepDefinitionReference() }); var resources = new Pipelines.JobResources(); resources.Containers.Add(pipeContainer); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; var jobRequest = new Pipelines.AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, jobTarget, new Dictionary(), new Dictionary(), new List(), resources, new Pipelines.WorkspaceOptions(), steps); // Arrange var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); // Act. ec.InitializeJob(jobRequest, CancellationToken.None); ec.SetStepTarget(steps[0].Target); ec.Variables.Set(Constants.Variables.Task.SkipTranslatorForCheckout, isCheckout.ToString()); string stringBeforeTranslation = hc.GetDirectory(WellKnownDirectory.Work); string stringAfterTranslation = ec.TranslatePathForStepTarget(stringBeforeTranslation); // Assert. if ((stepTarget == "container") || (isCheckout is false && jobTarget == "container" && stepTarget == null)) { string stringContainer = "C:\\__w"; if (ec.StepTarget().ExecutionOS != PlatformUtil.OS.Windows) { stringContainer = "/__w"; } Assert.Equal(stringContainer, stringAfterTranslation); } else { Assert.Equal(stringBeforeTranslation, stringAfterTranslation); } } } private TestHostContext CreateTestContext([CallerMemberName] String testName = "") { var hc = new TestHostContext(this, testName); // Arrange: Setup the configation store. var configurationStore = new Mock(); configurationStore.Setup(x => x.GetSettings()).Returns(new AgentSettings()); hc.SetSingleton(configurationStore.Object); // Arrange: Setup the proxy configation. var proxy = new Mock(); hc.SetSingleton(proxy.Object); // Arrange: Setup the cert configation. var cert = new Mock(); hc.SetSingleton(cert.Object); // Arrange: Create the execution context. hc.SetSingleton(new Mock().Object); return hc; } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_WithStepOnly_ReturnsShortenedStepId() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); string stepId = "60cf5508-70a7-5ba0-b727-5dd7f6763eb4"; // Act ec.SetCorrelationStep(stepId); var correlationId = ec.BuildCorrelationId(); // Debug: Print actual values System.Console.WriteLine($"Actual correlation ID: '{correlationId}'"); System.Console.WriteLine($"Actual length: {correlationId.Length}"); // Assert Assert.Equal("STEP-60cf550870a7", correlationId); Assert.Equal(17, correlationId.Length); // "STEP-" (5) + 12 characters = 17 } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_WithTaskOnly_ReturnsShortenedTaskId() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); string taskId = "6d15af64-176c-496d-b583-fd2ae21d4df4"; // Act ec.SetCorrelationTask(taskId); var correlationId = ec.BuildCorrelationId(); // Assert Assert.Equal("TASK-6d15af64176c", correlationId); Assert.Equal(17, correlationId.Length); // "TASK-" (5) + 12 characters = 17 } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_WithStepAndTask_ReturnsCombinedShortenedIds() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); string stepId = "60cf5508-70a7-5ba0-b727-5dd7f6763eb4"; string taskId = "6d15af64-176c-496d-b583-fd2ae21d4df4"; // Act ec.SetCorrelationStep(stepId); ec.SetCorrelationTask(taskId); var correlationId = ec.BuildCorrelationId(); // Assert Assert.Equal("STEP-60cf550870a7|TASK-6d15af64176c", correlationId); Assert.Equal(35, correlationId.Length); // "STEP-" (5) + 12 + "|TASK-" (6) + 12 = 35 } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_WithNoCorrelation_ReturnsEmpty() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); // Act var correlationId = ec.BuildCorrelationId(); // Assert Assert.Equal(string.Empty, correlationId); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_WithShortGuid_ReturnsFullString() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); string shortStepId = "abc123def"; // Act ec.SetCorrelationStep(shortStepId); var correlationId = ec.BuildCorrelationId(); // Assert Assert.Equal("STEP-abc123def", correlationId); Assert.Equal(14, correlationId.Length); // "STEP-" + 9 characters } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_WithHyphenatedGuid_RemovesHyphensAndShortens() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); string stepId = "550e8400-e29b-41d4-a716-446655440000"; // Act ec.SetCorrelationStep(stepId); var correlationId = ec.BuildCorrelationId(); // Assert Assert.Equal("STEP-550e8400e29b", correlationId); Assert.True(correlationId.StartsWith("STEP-")); Assert.DoesNotContain("-", correlationId.Substring(5)); // No hyphens in the GUID part Assert.Equal(17, correlationId.Length); // "STEP-" (5) + 12 = 17 } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CorrelationContext_ClearMethods_ResetCorrectly() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); ec.SetCorrelationStep("step123"); ec.SetCorrelationTask("task456"); // Act & Assert - Clear step only ec.ClearCorrelationStep(); var correlationWithTaskOnly = ec.BuildCorrelationId(); Assert.Equal("TASK-task456", correlationWithTaskOnly); // Act & Assert - Clear task ec.ClearCorrelationTask(); var correlationEmpty = ec.BuildCorrelationId(); Assert.Equal(string.Empty, correlationEmpty); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_WithNullValues_HandlesGracefully() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); // Act - Set null values (should be handled by the method) ec.SetCorrelationStep(null); ec.SetCorrelationTask(null); var correlationId = ec.BuildCorrelationId(); // Assert Assert.Equal(string.Empty, correlationId); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_WithEmptyStrings_HandlesGracefully() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); // Act - Set empty strings ec.SetCorrelationStep(string.Empty); ec.SetCorrelationTask(string.Empty); var correlationId = ec.BuildCorrelationId(); // Assert Assert.Equal(string.Empty, correlationId); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_WithWhitespaceStrings_HandlesGracefully() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); // Act - Set whitespace strings ec.SetCorrelationStep(" "); ec.SetCorrelationTask("\t\n"); var correlationId = ec.BuildCorrelationId(); // Assert - Whitespace should be preserved in this implementation Assert.Equal("STEP- |TASK-\t\n", correlationId); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_WithMixedCaseGuid_NormalizesProperly() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); string mixedCaseGuid = "60CF5508-70a7-5BA0-b727-5dd7f6763eb4"; // Act ec.SetCorrelationStep(mixedCaseGuid); var correlationId = ec.BuildCorrelationId(); // Assert - Should handle mixed case and remove hyphens Assert.Equal("STEP-60CF550870a7", correlationId); Assert.Equal(17, correlationId.Length); // "STEP-" (5) + 12 = 17 } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_WithVariousFormats_ShorteningBehavior() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); // Test different input formats var testCases = new[] { ("60cf5508-70a7-5ba0-b727-5dd7f6763eb4", "STEP-60cf550870a7"), // Standard GUID with hyphens ("60cf550870a75ba0b7275dd7f6763eb4", "STEP-60cf550870a7"), // GUID without hyphens ("60CF5508-70A7", "STEP-60CF550870A7"), // Short string, no shortening ("abc", "STEP-abc"), // Very short string ("1234567890abcdef1234567890abcdef", "STEP-1234567890ab"), // 32-char hex string }; foreach (var (input, expected) in testCases) { // Act ec.SetCorrelationStep(input); var result = ec.BuildCorrelationId(); // Assert Assert.Equal(expected, result); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_UniquenessProperty_DifferentInputsProduceDifferentOutputs() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { // Arrange ec.Initialize(hc); var uniqueGuids = new[] { "60cf5508-70a7-5ba0-b727-5dd7f6763eb4", "70cf5508-70a7-5ba0-b727-5dd7f6763eb4", // First char different "6ba7b810-9dad-11d1-80b4-00c04fd430c8", // Completely different first 12 chars "12345678-1234-5678-9abc-123456789abc", // Different pattern }; var resultSet = new HashSet(); // Act & Assert foreach (var guid in uniqueGuids) { ec.SetCorrelationStep(guid); var result = ec.BuildCorrelationId(); // Each result should be unique (note: GUIDs that differ only after char 12 will have same shortened result) Assert.True(resultSet.Add(result), $"Duplicate result for GUID {guid}: {result}. This is expected if GUIDs differ only after position 12."); // Result should be properly formatted Assert.StartsWith("STEP-", result); Assert.Equal(17, result.Length); // "STEP-" (5) + 12 chars = 17 } // All results should be different (for our carefully chosen test data) Assert.Equal(uniqueGuids.Length, resultSet.Count); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void BuildCorrelationId_ThreadSafety_AsyncLocalIsolation() { using (TestHostContext hc = CreateTestContext()) { // This test verifies that different ExecutionContext instances // don't interfere with each other's correlation values using (var ec1 = new Agent.Worker.ExecutionContext()) using (var ec2 = new Agent.Worker.ExecutionContext()) { // Arrange ec1.Initialize(hc); ec2.Initialize(hc); // Act ec1.SetCorrelationStep("step1"); ec2.SetCorrelationStep("step2"); var result1 = ec1.BuildCorrelationId(); var result2 = ec2.BuildCorrelationId(); // Assert Assert.Equal("STEP-step1", result1); Assert.Equal("STEP-step2", result2); Assert.NotEqual(result1, result2); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Start_KnobEnabled_CallsUpdateStateOnServer() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { var jobRequest = CreateJobRequestMessage(); jobRequest.Variables["AGENT_ENABLE_IMMEDIATE_TIMELINE_RECORD_UPDATES"] = "true"; // Arrange: Setup the job server queue mock. var jobServerQueue = new Mock(); jobServerQueue.Setup(x => x.UpdateStateOnServer(It.IsAny(), It.IsAny())); jobServerQueue.Setup(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.IsAny())); // Arrange: Setup the paging logger. var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); hc.SetSingleton(jobServerQueue.Object); ec.Initialize(hc); ec.InitializeJob(jobRequest, CancellationToken.None); // Act. ec.Start(); // Assert: Knob is true, so should go to if statement (UpdateStateOnServer) jobServerQueue.Verify(x => x.UpdateStateOnServer(It.IsAny(), It.IsAny()), Times.AtLeast(1)); jobServerQueue.Verify(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.IsAny()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Start_KnobDisabled_CallsQueueTimelineRecordUpdate() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { var jobRequest = CreateJobRequestMessage(); jobRequest.Variables["AGENT_ENABLE_IMMEDIATE_TIMELINE_RECORD_UPDATES"] = "false"; // Arrange: Setup the job server queue mock. var jobServerQueue = new Mock(); jobServerQueue.Setup(x => x.UpdateStateOnServer(It.IsAny(), It.IsAny())); jobServerQueue.Setup(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.IsAny())); // Arrange: Setup the paging logger. var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); hc.SetSingleton(jobServerQueue.Object); ec.Initialize(hc); ec.InitializeJob(jobRequest, CancellationToken.None); // Act. ec.Start(); // Assert: Knob is false, so should go to else statement (QueueTimelineRecordUpdate) jobServerQueue.Verify(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.IsAny()), Times.AtLeast(1)); jobServerQueue.Verify(x => x.UpdateStateOnServer(It.IsAny(), It.IsAny()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CreateChild_KnobEnabled_CallsUpdateStateOnServer() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { var jobRequest = CreateJobRequestMessage(); jobRequest.Variables["AGENT_ENABLE_IMMEDIATE_TIMELINE_RECORD_UPDATES"] = "true"; // Arrange: Setup the job server queue mock. var jobServerQueue = new Mock(); jobServerQueue.Setup(x => x.UpdateStateOnServer(It.IsAny(), It.IsAny())); jobServerQueue.Setup(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.IsAny())); // Arrange: Setup the paging logger for both parent and child contexts var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); // First registration for parent hc.EnqueueInstance(pagingLogger.Object); // Second registration for child hc.SetSingleton(jobServerQueue.Object); ec.Initialize(hc); ec.InitializeJob(jobRequest, CancellationToken.None); // Act: Create child which triggers InitializeTimelineRecord var childEc = ec.CreateChild(Guid.NewGuid(), "test task", "testTask"); // Assert: Knob is true, so should go to if statement (UpdateStateOnServer) jobServerQueue.Verify(x => x.UpdateStateOnServer(It.IsAny(), It.IsAny()), Times.AtLeast(1)); jobServerQueue.Verify(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.IsAny()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CreateChild_KnobDisabled_CallsQueueTimelineRecordUpdate() { using (TestHostContext hc = CreateTestContext()) using (var ec = new Agent.Worker.ExecutionContext()) { var jobRequest = CreateJobRequestMessage(); jobRequest.Variables["AGENT_ENABLE_IMMEDIATE_TIMELINE_RECORD_UPDATES"] = "false"; // Arrange: Setup the job server queue mock. var jobServerQueue = new Mock(); jobServerQueue.Setup(x => x.UpdateStateOnServer(It.IsAny(), It.IsAny())); jobServerQueue.Setup(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.IsAny())); // Arrange: Setup the paging logger for both parent and child contexts var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); // First registration for parent hc.EnqueueInstance(pagingLogger.Object); // Second registration for child hc.SetSingleton(jobServerQueue.Object); ec.Initialize(hc); ec.InitializeJob(jobRequest, CancellationToken.None); // Act: Create child which triggers InitializeTimelineRecord var childEc = ec.CreateChild(Guid.NewGuid(), "test task", "testTask"); // Assert: Knob is false, so should go to else statement (QueueTimelineRecordUpdate) jobServerQueue.Verify(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.IsAny()), Times.AtLeast(1)); jobServerQueue.Verify(x => x.UpdateStateOnServer(It.IsAny(), It.IsAny()), Times.Never); } } private Pipelines.AgentJobRequestMessage CreateJobRequestMessage() { TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new TimelineReference(); JobEnvironment environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); List tasks = new List(); Guid JobId = Guid.NewGuid(); string jobName = "some job name"; return new Pipelines.AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, null, new Dictionary(), new Dictionary(), new List(), new Pipelines.JobResources(), new Pipelines.WorkspaceOptions(), new List()); } } } ================================================ FILE: src/Test/L0/Worker/ExpressionManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Runtime.CompilerServices; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Moq; using Xunit; using Microsoft.TeamFoundation.DistributedTask.Expressions; using System.IO; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class ExpressionManagerL0 { private Mock _ec; private ExpressionManager _expressionManager; private Variables _variables; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void AlwaysFunction() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new { JobStatus = (TaskResult?)null, Expected = true }, new { JobStatus = (TaskResult?)TaskResult.Canceled, Expected = true }, new { JobStatus = (TaskResult?)TaskResult.Failed, Expected = true }, new { JobStatus = (TaskResult?)TaskResult.Succeeded, Expected = true }, new { JobStatus = (TaskResult?)TaskResult.SucceededWithIssues, Expected = true }, }; foreach (var variableSet in variableSets) { InitializeExecutionContext(hc); _ec.Object.Variables.Agent_JobStatus = variableSet.JobStatus; IExpressionNode condition = _expressionManager.Parse(_ec.Object, "always()"); // Act. bool actual = _expressionManager.Evaluate(_ec.Object, condition).Value; // Assert. Assert.Equal(variableSet.Expected, actual); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void CanceledFunction() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new { JobStatus = (TaskResult?)TaskResult.Canceled, Expected = true }, new { JobStatus = (TaskResult?)null, Expected = false }, new { JobStatus = (TaskResult?)TaskResult.Failed, Expected = false }, new { JobStatus = (TaskResult?)TaskResult.Succeeded, Expected = false }, new { JobStatus = (TaskResult?)TaskResult.SucceededWithIssues, Expected = false }, }; foreach (var variableSet in variableSets) { InitializeExecutionContext(hc); _ec.Object.Variables.Agent_JobStatus = variableSet.JobStatus; IExpressionNode condition = _expressionManager.Parse(_ec.Object, "canceled()"); // Act. bool actual = _expressionManager.Evaluate(_ec.Object, condition).Value; // Assert. Assert.Equal(variableSet.Expected, actual); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void FailedFunction() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new { JobStatus = (TaskResult?)TaskResult.Failed, Expected = true }, new { JobStatus = (TaskResult?)null, Expected = false }, new { JobStatus = (TaskResult?)TaskResult.Canceled, Expected = false }, new { JobStatus = (TaskResult?)TaskResult.Succeeded, Expected = false }, new { JobStatus = (TaskResult?)TaskResult.SucceededWithIssues, Expected = false }, }; foreach (var variableSet in variableSets) { InitializeExecutionContext(hc); _ec.Object.Variables.Agent_JobStatus = variableSet.JobStatus; IExpressionNode condition = _expressionManager.Parse(_ec.Object, "failed()"); // Act. bool actual = _expressionManager.Evaluate(_ec.Object, condition).Value; // Assert. Assert.Equal(variableSet.Expected, actual); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SucceededFunction() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new { JobStatus = (TaskResult?)null, Expected = true }, new { JobStatus = (TaskResult?)TaskResult.Succeeded, Expected = true }, new { JobStatus = (TaskResult?)TaskResult.SucceededWithIssues, Expected = true }, new { JobStatus = (TaskResult?)TaskResult.Canceled, Expected = false }, new { JobStatus = (TaskResult?)TaskResult.Failed, Expected = false }, }; foreach (var variableSet in variableSets) { InitializeExecutionContext(hc); _ec.Object.Variables.Agent_JobStatus = variableSet.JobStatus; IExpressionNode condition = _expressionManager.Parse(_ec.Object, "succeeded()"); // Act. bool actual = _expressionManager.Evaluate(_ec.Object, condition).Value; // Assert. Assert.Equal(variableSet.Expected, actual); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SucceededOrFailedFunction() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new { JobStatus = (TaskResult?)null, Expected = true }, new { JobStatus = (TaskResult?)TaskResult.Succeeded, Expected = true }, new { JobStatus = (TaskResult?)TaskResult.SucceededWithIssues, Expected = true }, new { JobStatus = (TaskResult?)TaskResult.Failed, Expected = true }, new { JobStatus = (TaskResult?)TaskResult.Canceled, Expected = false }, }; foreach (var variableSet in variableSets) { InitializeExecutionContext(hc); _ec.Object.Variables.Agent_JobStatus = variableSet.JobStatus; IExpressionNode condition = _expressionManager.Parse(_ec.Object, "succeededOrFailed()"); // Act. bool actual = _expressionManager.Evaluate(_ec.Object, condition).Value; // Assert. Assert.Equal(variableSet.Expected, actual); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void VariablesNamedValue() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new { Condition = "eq(variables.someVARIABLE, 'someVALUE')", VariableName = "SOMEvariable", VariableValue = "SOMEvalue", Expected = true }, new { Condition = "eq(variables['some.VARIABLE'], 'someVALUE')", VariableName = "SOME.variable", VariableValue = "SOMEvalue", Expected = true }, new { Condition = "eq(variables.nosuch, '')", VariableName = "SomeVariable", VariableValue = "SomeValue", Expected = true }, new { Condition = "eq(variables['some.VARIABLE'], 'other value')", VariableName = "SOME.variable", VariableValue = "SOMEvalue", Expected = false }, new { Condition = "eq(variables.nosuch, 'SomeValue')", VariableName = "SomeVariable", VariableValue = "SomeValue", Expected = false }, }; foreach (var variableSet in variableSets) { InitializeExecutionContext(hc); _ec.Object.Variables.Set(variableSet.VariableName, variableSet.VariableValue); IExpressionNode condition = _expressionManager.Parse(_ec.Object, variableSet.Condition); // Act. bool actual = _expressionManager.Evaluate(_ec.Object, condition).Value; // Assert. Assert.Equal(variableSet.Expected, actual); } } } [Theory] [InlineData(true)] [InlineData(false)] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ExpressionTracingMasksSecrets(bool useNewSecretMasker) { // Arrange. using (TestHostContext hc = CreateTestContext(useNewSecretMasker: useNewSecretMasker)) { InitializeExecutionContext(hc); hc.SecretMasker.AddValue(value: "mask_this", origin: "Test"); // Act. IExpressionNode expression = _expressionManager.Parse(_ec.Object, "eq('mask_this', 'mask_this')"); ConditionResult result = _expressionManager.Evaluate(_ec.Object, expression); string traceContent = hc.GetTraceContent(); // Assert. Assert.True(result.Value); Assert.DoesNotContain("mask_this", traceContent); } } private TestHostContext CreateTestContext([CallerMemberName] String testName = "", bool useNewSecretMasker = true) { var hc = new TestHostContext(this, testName, useNewSecretMasker); _expressionManager = new ExpressionManager(); _expressionManager.Initialize(hc); return hc; } private void InitializeExecutionContext(TestHostContext hc) { List warnings; _variables = new Variables( hostContext: hc, copy: new Dictionary(), warnings: out warnings); _ec = new Mock(); _ec.SetupAllProperties(); _ec.Setup(x => x.Variables).Returns(_variables); } } } ================================================ FILE: src/Test/L0/Worker/GitManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.IO; using System.Threading; using Microsoft.VisualStudio.Services.Agent.Worker; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class GitManagerL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public async void DownloadAsync() { using var tokenSource = new CancellationTokenSource(); using var hostContext = new TestHostContext(this); GitManager gitManager = new(); gitManager.Initialize(hostContext); var executionContext = new Mock(); executionContext.Setup(x => x.CancellationToken).Returns(tokenSource.Token); await gitManager.DownloadAsync(executionContext.Object); var externalsPath = hostContext.GetDirectory(WellKnownDirectory.Externals); Assert.True(Directory.Exists(Path.Combine(externalsPath, "git-2.39.4"))); Assert.True(File.Exists(Path.Combine(externalsPath, "git-2.39.4", "cmd", "git.exe"))); } } } ================================================ FILE: src/Test/L0/Worker/Handlers/CmdArgsSanitizerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Xunit; using System.Collections.Generic; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; namespace Test.L0.Worker.Handlers { public class CmdArgsSanitizerL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void EmptyLineTest() { string argsLine = ""; string expectedArgs = ""; var (actualArgs, _) = CmdArgsSanitizer.SanitizeArguments(argsLine); Assert.Equal(expectedArgs, actualArgs); } [Theory] [InlineData("1; 2", "1_#removed#_ 2")] [InlineData("1 ^^; 2", "1 ^^_#removed#_ 2")] [InlineData("1 ; 2 && 3", "1 _#removed#_ 2 _#removed#__#removed#_ 3")] [InlineData("; & > < |", "_#removed#_ _#removed#_ _#removed#_ _#removed#_ _#removed#_")] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void SanitizeTest(string inputArgs, string expectedArgs) { var (actualArgs, _) = CmdArgsSanitizer.SanitizeArguments(inputArgs); Assert.Equal(expectedArgs, actualArgs); } [Theory] [InlineData("1 2")] [InlineData("1 ^; 2")] [InlineData("1 ^; 2 ^&^& 3 ^< ^> ^| ^^")] [InlineData(", / \\ aA zZ 09 ' \" - = : . * + ? ^ %")] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void SanitizeSkipTest(string inputArgs) { var (actualArgs, _) = CmdArgsSanitizer.SanitizeArguments(inputArgs); Assert.Equal(inputArgs, actualArgs); } [Theory] [ClassData(typeof(SanitizerTelemetryTestsData))] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void Telemetry_BasicTest(string inputArgs, int expectedRemovedSymbolsCount, Dictionary expectedRemovedSymbols) { var (_, resultTelemetry) = CmdArgsSanitizer.SanitizeArguments(inputArgs); Assert.NotNull(resultTelemetry); Assert.Equal(expectedRemovedSymbolsCount, resultTelemetry.RemovedSymbolsCount); Assert.Equal(expectedRemovedSymbols, resultTelemetry.RemovedSymbols); } public class SanitizerTelemetryTestsData : TheoryData> { public SanitizerTelemetryTestsData() { Add("; &&&;; $", 7, new() { [";"] = 3, ["&"] = 3, ["$"] = 1 }); Add("aA zZ 09;", 1, new() { [";"] = 1 }); Add("; & > < |", 5, new() { [";"] = 1, ["&"] = 1, [">"] = 1, ["<"] = 1, ["|"] = 1 }); } } [Theory] [InlineData("")] [InlineData("123")] [InlineData("1 ^; ^&")] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void Telemetry_ReturnsNull(string inputArgs) { var (_, resultTelemetry) = CmdArgsSanitizer.SanitizeArguments(inputArgs); Assert.Null(resultTelemetry); } } } ================================================ FILE: src/Test/L0/Worker/Handlers/ProcessHandlerHelperL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Xunit; using System.Collections.Generic; using Moq; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; namespace Test.L0.Worker.Handlers { public sealed class ProcessHandlerHelperL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void EmptyLineTest() { string argsLine = ""; string expectedArgs = ""; var (actualArgs, _) = ProcessHandlerHelper.ExpandCmdEnv(argsLine, new()); Assert.Equal(expectedArgs, actualArgs); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void BasicTest() { string argsLine = "%VAR1% 2"; string expectedArgs = "value1 2"; var testEnv = new Dictionary() { ["VAR1"] = "value1" }; var (actualArgs, _) = ProcessHandlerHelper.ExpandCmdEnv(argsLine, testEnv); Assert.Equal(expectedArgs, actualArgs); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void TestWithMultipleVars() { string argsLine = "1 %VAR1% %VAR2%"; string expectedArgs = "1 value1 value2"; var testEnv = new Dictionary() { ["VAR1"] = "value1", ["VAR2"] = "value2" }; var (actualArgs, _) = ProcessHandlerHelper.ExpandCmdEnv(argsLine, testEnv); Assert.Equal(expectedArgs, actualArgs); } [Theory] [InlineData("%VAR1% %VAR2%%VAR3%", "1 23")] [InlineData("%VAR1% %VAR2%_%VAR3%", "1 2_3")] [InlineData("%VAR1%%VAR2%%VAR3%", "123")] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void TestWithCloseVars(string inputArgs, string expectedArgs) { var testEnv = new Dictionary() { { "VAR1", "1" }, { "VAR2", "2" }, { "VAR3", "3" } }; var (actualArgs, _) = ProcessHandlerHelper.ExpandCmdEnv(inputArgs, testEnv); Assert.Equal(expectedArgs, actualArgs); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void NestedVariablesNotExpands() { string argsLine = "%VAR1% %VAR2%"; string expectedArgs = "%NESTED% 2"; var testEnv = new Dictionary() { { "VAR1", "%NESTED%" }, { "VAR2", "2"}, { "NESTED", "nested" } }; var (actualArgs, _) = ProcessHandlerHelper.ExpandCmdEnv(argsLine, testEnv); Assert.Equal(expectedArgs, actualArgs); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void SkipsInvalidEnv() { string argsLine = "%VAR1% 2"; var testEnv = new Dictionary() { { "VAR1", null} }; string expectedArgs = "%VAR1% 2"; var (actualArgs, _) = ProcessHandlerHelper.ExpandCmdEnv(argsLine, testEnv); Assert.Equal(expectedArgs, actualArgs); } [Theory] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] [InlineData("%var")] [InlineData("%someothervar%")] public void TestNoChanges(string input) { var testEnv = new Dictionary { { "var", "value" } }; var (output, _) = ProcessHandlerHelper.ExpandCmdEnv(input, testEnv); Assert.Equal(input, output); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public void WindowsCaseInsensetiveTest() { string argsLine = "%var1% 2"; var testEnv = new Dictionary() { { "VAR1", "value1"} }; string expandedArgs = "value1 2"; var (actualArgs, _) = ProcessHandlerHelper.ExpandCmdEnv(argsLine, testEnv); Assert.Equal(expandedArgs, actualArgs); } [Theory] [InlineData("%var%", "1 & echo 23")] [InlineData("%var%%", "1 & echo 23")] [InlineData("%%var%", "1 & echo 23")] [InlineData("1 & echo 23", "")] [InlineData("1 ; whoami", "")] [InlineData("1 | whoami", "")] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void ArgsValidation_Failes(string inputArgs, string envVarValue) { var testEnv = new Dictionary { {"var", envVarValue}, }; var mockContext = CreateMockExecContext(); var (isValid, _) = ProcessHandlerHelper.ValidateInputArgumentsV2(mockContext.Object, inputArgs, testEnv, false); Assert.False(isValid); } [Theory] [InlineData("", "")] [InlineData("%", "")] [InlineData("1 2", "")] [InlineData("1 %var%", "2")] [InlineData("1 \"2\"", "")] [InlineData("%%var%%", "1")] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void ArgsValidation_Passes(string inputArgs, string envVarValue) { var testEnv = new Dictionary { {"var", envVarValue}, }; var mockContext = CreateMockExecContext(); var (isValid, _) = ProcessHandlerHelper.ValidateInputArgumentsV2(mockContext.Object, inputArgs, testEnv, false); Assert.True(isValid); } private Mock CreateMockExecContext() { var mockContext = new Mock(); mockContext.Setup(x => x.GetVariableValueOrDefault(It.IsAny())).Returns("true"); return mockContext; } } } ================================================ FILE: src/Test/L0/Worker/Handlers/ProcessHandlerHelperTelemetryL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Xunit; using System.Collections.Generic; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; namespace Test.L0.Worker.Handlers { public sealed class ProcessHandlerHelperTelemetryL0 { [Theory] [InlineData("% % %", 3)] [InlineData("%var% %", 2)] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void FoundPrefixesTest(string inputArgs, int expectedCount) { var env = new Dictionary { { "var", "test" } }; var (_, resultTelemetry) = ProcessHandlerHelper.ExpandCmdEnv(inputArgs, env); Assert.Equal(expectedCount, resultTelemetry.FoundPrefixes); } [Theory] [InlineData("%1", 0)] [InlineData(" %1", 2)] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void NotClosedEnv(string inputArgs, int expectedPosition) { var (_, resultTelemetry) = ProcessHandlerHelper.ExpandCmdEnv(inputArgs, new()); Assert.Equal(expectedPosition, resultTelemetry.NotClosedEnvSyntaxPosition); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void NotClosedQuotes_Ignore_if_no_envVar() { string argsLine = "\" 1"; var (_, resultTelemetry) = ProcessHandlerHelper.ExpandCmdEnv(argsLine, new()); Assert.Equal(0, resultTelemetry.QuotesNotEnclosed); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] public void CountsVariablesStartFromEscSymbol() { string argsLine = "%^VAR1% \"%^VAR2%\" %^VAR3%"; var (_, resultTelemetry) = ProcessHandlerHelper.ExpandCmdEnv(argsLine, new()); Assert.Equal(3, resultTelemetry.VariablesStartsFromES); } } } ================================================ FILE: src/Test/L0/Worker/Handlers/ProcessHandlerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Xunit; using Microsoft.VisualStudio.Services.Agent.Tests; using Microsoft.VisualStudio.Services.Agent.Worker.Handlers; using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Worker; using System.IO; using Moq; using System.Collections.Generic; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Agent.Sdk; using System.Diagnostics; using System; using System.Linq; namespace Test.L0.Worker.Handlers; public class ProcessHandlerL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] [Trait("SkipOn", "linux")] [Trait("SkipOn", "darwin")] public async void ProcessHandlerV2_BasicExecution() { using var hostContext = CreateTestHostContext(); using var processInvoker = new ProcessInvokerWrapper(); hostContext.EnqueueInstance(processInvoker); using var targetScript = new TestScript( testTemp: hostContext.GetDirectory(WellKnownDirectory.Temp), scriptName: "hello.cmd" ); targetScript.WriteContent(@" @echo off echo hello"); var executionContext = CreateMockExecutionContext(hostContext); // Disable new logic for args protection. executionContext.Setup(x => x.GetVariableValueOrDefault("AZP_75787_ENABLE_NEW_LOGIC")).Returns("false"); var handler = new ProcessHandlerV2(); handler.Initialize(hostContext); hostContext.EnqueueInstance(handler); handler.Data = new ProcessHandlerData() { Target = targetScript.ScriptPath, ArgumentFormat = "", DisableInlineExecution = false.ToString() }; handler.Inputs = new(); handler.TaskDirectory = ""; handler.Environment = new(); handler.RuntimeVariables = new(hostContext, new Dictionary(), out _); handler.ExecutionContext = executionContext.Object; await handler.RunAsync(); executionContext.Verify(x => x.Write(It.IsAny(), "hello", It.IsAny()), Times.Once); executionContext.Verify(x => x.Write(null, It.IsAny(), It.IsAny()), Times.Once); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] [Trait("SkipOn", "linux")] [Trait("SkipOn", "darwin")] public async void ProcessHandlerV2_FileExecution() { using var hostContext = CreateTestHostContext(); using var processInvoker = new ProcessInvokerWrapper(); hostContext.EnqueueInstance(processInvoker); var handler = new ProcessHandlerV2(); handler.Initialize(hostContext); hostContext.EnqueueInstance(handler); string temp = hostContext.GetDirectory(WellKnownDirectory.Temp); using var targetScript = new TestScript( testTemp: temp, scriptName: "hello.cmd" ); targetScript.WriteContent(@" @echo off echo hello"); handler.Data = new ProcessHandlerData() { Target = targetScript.ScriptPath, ArgumentFormat = "", DisableInlineExecution = true.ToString() }; handler.Inputs = new(); handler.TaskDirectory = ""; handler.Environment = new(); handler.RuntimeVariables = new(hostContext, new Dictionary(), out _); var executionContext = CreateMockExecutionContext(hostContext); executionContext.Setup(x => x.GetVariableValueOrDefault("AZP_75787_ENABLE_NEW_LOGIC")).Returns("true"); // Disable new logic for args validation, use a file instead. executionContext.Setup(x => x.GetVariableValueOrDefault("AZP_75787_ENABLE_NEW_PH_LOGIC")).Returns("false"); handler.ExecutionContext = executionContext.Object; await handler.RunAsync(); var tempFiles = Directory.GetFiles(temp); Assert.True(tempFiles.Length == 2); var scriptFile = tempFiles.FirstOrDefault(f => f.Contains("processHandlerScript_", StringComparison.Ordinal)); Assert.NotNull(scriptFile); Assert.True(File.ReadAllText(scriptFile).Contains("!AGENT_PH_ARGS_", StringComparison.Ordinal)); executionContext.Verify(x => x.Write(It.IsAny(), "hello", It.IsAny()), Times.Once); executionContext.Verify(x => x.Write(null, It.IsAny(), It.IsAny()), Times.Exactly(3)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] [Trait("SkipOn", "linux")] [Trait("SkipOn", "darwin")] public async void ProcessHandlerV2_Validation_passes() { using var hostContext = CreateTestHostContext(); using var processInvoker = new ProcessInvokerWrapper(); hostContext.EnqueueInstance(processInvoker); using var targetScript = new TestScript( testTemp: hostContext.GetDirectory(WellKnownDirectory.Temp), scriptName: "hello.cmd" ); targetScript.WriteContent(@" @echo off echo hello"); var handler = new ProcessHandlerV2(); handler.Initialize(hostContext); hostContext.EnqueueInstance(handler); handler.Data = new ProcessHandlerData() { Target = targetScript.ScriptPath, // This is a valid argument format, it should pass validation. ArgumentFormat = "123", DisableInlineExecution = true.ToString() }; handler.Inputs = new(); handler.TaskDirectory = ""; handler.Environment = new(); handler.RuntimeVariables = new(hostContext, new Dictionary(), out _); var executionContext = CreateMockExecutionContext(hostContext); // Enable args protection. executionContext.Setup(x => x.GetVariableValueOrDefault("AZP_75787_ENABLE_NEW_LOGIC")).Returns("true"); // Enable args validation instead of using a file. executionContext.Setup(x => x.GetVariableValueOrDefault("AZP_75787_ENABLE_NEW_PH_LOGIC")).Returns("true"); handler.ExecutionContext = executionContext.Object; await handler.RunAsync(); executionContext.Verify(x => x.Write(It.IsAny(), "hello", It.IsAny()), Times.Once); executionContext.Verify(x => x.Write(null, It.IsAny(), It.IsAny()), Times.Once); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker.Handlers")] [Trait("SkipOn", "linux")] [Trait("SkipOn", "darwin")] public async void ProcessHandlerV2_Validation_fails() { using var hostContext = CreateTestHostContext(); using var processInvoker = new ProcessInvokerWrapper(); hostContext.EnqueueInstance(processInvoker); var handler = new ProcessHandlerV2(); handler.Initialize(hostContext); hostContext.EnqueueInstance(handler); using var targetScript = new TestScript( testTemp: hostContext.GetDirectory(WellKnownDirectory.Temp), scriptName: "hello.cmd" ); targetScript.WriteContent(@" @echo off echo hello"); handler.Data = new ProcessHandlerData() { Target = targetScript.ScriptPath, // This is an invalid argument format, it should fail validation. ArgumentFormat = "123; echo hacked", DisableInlineExecution = true.ToString() }; handler.Inputs = new(); handler.TaskDirectory = ""; handler.Environment = new(); handler.RuntimeVariables = new(hostContext, new Dictionary(), out _); var executionContext = CreateMockExecutionContext(hostContext); // Enable args protection. executionContext.Setup(x => x.GetVariableValueOrDefault("AZP_75787_ENABLE_NEW_LOGIC")).Returns("true"); // Enable args validation instead of using a file. executionContext.Setup(x => x.GetVariableValueOrDefault("AZP_75787_ENABLE_NEW_PH_LOGIC")).Returns("true"); handler.ExecutionContext = executionContext.Object; await Assert.ThrowsAsync(async () => await handler.RunAsync()); } private Mock CreateMockExecutionContext(IHostContext host) { var mockContext = new Mock(); mockContext.Setup(x => x.PrependPath).Returns(new List()); mockContext.Setup(x => x.Variables).Returns(new Variables(host, new Dictionary(), out _)); mockContext.Setup(x => x.GetScopedEnvironment()).Returns(new LocalEnvironment()); return mockContext; } private TestHostContext CreateTestHostContext() { var hostContext = new TestHostContext(this); hostContext.SetSingleton(new WorkerCommandManager() as IWorkerCommandManager); hostContext.SetSingleton(new ExtensionManager() as IExtensionManager); return hostContext; } private class TestScript : IDisposable { private readonly string _scriptName; private readonly string _testTemp; public string ScriptPath => Path.Combine(_testTemp, _scriptName); public TestScript(string testTemp, string scriptName) { _testTemp = testTemp; _scriptName = scriptName; } public void WriteContent(string content) { Directory.CreateDirectory(_testTemp); File.WriteAllText(ScriptPath, content); } public void Dispose() { if (File.Exists(ScriptPath)) { File.Delete(ScriptPath); } if (Directory.Exists(_testTemp)) { try { Directory.Delete(_testTemp); } catch (Exception ex) { Trace.Write($"Failed to delete temp directory: {_testTemp}. {ex}", "Dispose"); } } } } } ================================================ FILE: src/Test/L0/Worker/JobExtensionL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Moq; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.CompilerServices; using System.Threading.Tasks; using Xunit; using System.Text.Json; using System.Threading; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Microsoft.VisualStudio.Services.WebPlatform; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class JobExtensionL0 { private class TestJobExtension : JobExtension { public override HostTypes HostType => HostTypes.None; public override Type ExtensionType => typeof(IJobExtension); public override void ConvertLocalPath(IExecutionContext context, string localPath, out string repoName, out string sourcePath) { repoName = ""; sourcePath = ""; } public override IStep GetExtensionPostJobStep(IExecutionContext jobContext) { return null; } public override IStep GetExtensionPreJobStep(IExecutionContext jobContext) { return null; } public override string GetRootedPath(IExecutionContext context, string path) { return path; } public override void InitializeJobExtension(IExecutionContext context, IList steps, Pipelines.WorkspaceOptions workspace) { return; } } private IExecutionContext _jobEc; private Pipelines.AgentJobRequestMessage _message; private Mock _taskManager; private Mock _logPlugin; private Mock _jobServerQueue; private Mock _proxy; private Mock _cert; private Mock _config; private Mock _logger; private Mock _express; private Mock _containerProvider; private Mock _mockCiService; private Mock _asyncCommandContext; private TestHostContext CreateTestContext(CancellationTokenSource _tokenSource, [CallerMemberName] String testName = "") { // Prevent L0 tests from making a real HTTP download of Node 6 Environment.SetEnvironmentVariable("AGENT_DISABLE_NODE6_TASKS", "true"); var hc = new TestHostContext(this, testName); _jobEc = new Agent.Worker.ExecutionContext(); _taskManager = new Mock(); _jobServerQueue = new Mock(); _config = new Mock(); _logger = new Mock(); _proxy = new Mock(); _cert = new Mock(); _express = new Mock(); _containerProvider = new Mock(); _logPlugin = new Mock(); TaskRunner step1 = new TaskRunner(); TaskRunner step2 = new TaskRunner(); TaskRunner step3 = new TaskRunner(); TaskRunner step4 = new TaskRunner(); TaskRunner step5 = new TaskRunner(); TaskRunner step6 = new TaskRunner(); TaskRunner step7 = new TaskRunner(); TaskRunner step8 = new TaskRunner(); TaskRunner step9 = new TaskRunner(); TaskRunner step10 = new TaskRunner(); TaskRunner step11 = new TaskRunner(); TaskRunner step12 = new TaskRunner(); _logger.Setup(x => x.Setup(It.IsAny(), It.IsAny())); var settings = new AgentSettings { AgentId = 1, AgentName = "agent1", ServerUrl = "https://test.visualstudio.com", WorkFolder = "_work", }; _config.Setup(x => x.GetSettings()) .Returns(settings); _config.Setup(x => x.GetSetupInfo()) .Returns(new List()); _proxy.Setup(x => x.ProxyAddress) .Returns(string.Empty); TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new Timeline(Guid.NewGuid()); JobEnvironment environment = new JobEnvironment(); environment.Variables[Constants.Variables.System.Culture] = "en-US"; environment.SystemConnection = new ServiceEndpoint() { Name = WellKnownServiceEndpointNames.SystemVssConnection, Url = new Uri("https://test.visualstudio.com"), Authorization = new EndpointAuthorization() { Scheme = "Test", } }; environment.SystemConnection.Authorization.Parameters["AccessToken"] = "token"; List tasks = new List() { new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task1", }, new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task2", }, new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task3", }, new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task4", }, new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task5", }, new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task6", }, new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task7", }, }; Guid JobId = Guid.NewGuid(); _message = Pipelines.AgentJobRequestMessageUtil.Convert(new AgentJobRequestMessage(plan, timeline, JobId, testName, testName, environment, tasks)); _taskManager.Setup(x => x.DownloadAsync(It.IsAny(), It.IsAny>())) .Returns(Task.CompletedTask); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task1"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = null, Execution = new ExecutionData(), PostJobExecution = null, }, }); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task2"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = new ExecutionData(), Execution = new ExecutionData(), PostJobExecution = new ExecutionData(), }, }); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task3"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = new ExecutionData(), Execution = null, PostJobExecution = new ExecutionData(), }, }); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task4"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = new ExecutionData(), Execution = null, PostJobExecution = null, }, }); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task5"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = null, Execution = null, PostJobExecution = new ExecutionData(), }, }); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task6"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = new ExecutionData(), Execution = new ExecutionData(), PostJobExecution = null, }, }); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task7"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = null, Execution = new ExecutionData(), PostJobExecution = new ExecutionData(), }, }); hc.SetSingleton(_taskManager.Object); hc.SetSingleton(_config.Object); hc.SetSingleton(_jobServerQueue.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_express.Object); hc.SetSingleton(_containerProvider.Object); hc.SetSingleton(_logPlugin.Object); hc.EnqueueInstance(_logger.Object); // jobcontext logger hc.EnqueueInstance(_logger.Object); // init step logger hc.EnqueueInstance(_logger.Object); // step 1 hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); // step 12 hc.EnqueueInstance(step1); hc.EnqueueInstance(step2); hc.EnqueueInstance(step3); hc.EnqueueInstance(step4); hc.EnqueueInstance(step5); hc.EnqueueInstance(step6); hc.EnqueueInstance(step7); hc.EnqueueInstance(step8); hc.EnqueueInstance(step9); hc.EnqueueInstance(step10); hc.EnqueueInstance(step11); hc.EnqueueInstance(step12); _jobEc.Initialize(hc); _jobEc.InitializeJob(_message, _tokenSource.Token); return hc; } private TestHostContext CreateMSITestContext(CancellationTokenSource _tokenSource, [CallerMemberName] String testName = "") { // Prevent L0 tests from making a real HTTP download of Node 6 Environment.SetEnvironmentVariable("AGENT_DISABLE_NODE6_TASKS", "true"); TestHostContext hc = new TestHostContext(this, testName); _jobEc = new Agent.Worker.ExecutionContext(); _taskManager = new Mock(); _jobServerQueue = new Mock(); _config = new Mock(); _logger = new Mock(); _proxy = new Mock(); _cert = new Mock(); _express = new Mock(); _containerProvider = new Mock(); _logPlugin = new Mock(); _mockCiService = new Mock(); _asyncCommandContext = new Mock(); TaskRunner step1 = new TaskRunner(); TaskRunner step2 = new TaskRunner(); TaskRunner step3 = new TaskRunner(); TaskRunner step4 = new TaskRunner(); TaskRunner step5 = new TaskRunner(); TaskRunner step6 = new TaskRunner(); TaskRunner step7 = new TaskRunner(); TaskRunner step8 = new TaskRunner(); TaskRunner step9 = new TaskRunner(); TaskRunner step10 = new TaskRunner(); TaskRunner step11 = new TaskRunner(); TaskRunner step12 = new TaskRunner(); _logger.Setup(x => x.Setup(It.IsAny(), It.IsAny())); AgentSettings settings = new AgentSettings { AgentId = 1, AgentName = "agent1", ServerUrl = "https://test.visualstudio.com", WorkFolder = "_work", }; _config.Setup(x => x.GetSettings()) .Returns(settings); _config.Setup(x => x.GetSetupInfo()) .Returns(new List()); _proxy.Setup(x => x.ProxyAddress) .Returns(string.Empty); TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new Timeline(Guid.NewGuid()); JobEnvironment environment = new JobEnvironment(); environment.Variables[Constants.Variables.System.Culture] = "en-US"; environment.SystemConnection = new ServiceEndpoint() { Name = WellKnownServiceEndpointNames.SystemVssConnection, Url = new Uri("https://test.visualstudio.com"), Authorization = new EndpointAuthorization() { Scheme = "OAuth", } }; environment.SystemConnection.Authorization.Parameters["AccessToken"] = "token"; List tasks = new List() { new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task1", }, new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task2", }, new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task3", }, new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task4", }, new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task5", }, new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task6", }, new TaskInstance() { InstanceId = Guid.NewGuid(), DisplayName = "task7", }, }; Guid JobId = Guid.NewGuid(); _message = Pipelines.AgentJobRequestMessageUtil.Convert(new AgentJobRequestMessage(plan, timeline, JobId, testName, testName, environment, tasks)); _taskManager.Setup(x => x.DownloadAsync(It.IsAny(), It.IsAny>())) .Returns(Task.CompletedTask); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task1"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = null, Execution = new ExecutionData(), PostJobExecution = null, }, }); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task2"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = new ExecutionData(), Execution = new ExecutionData(), PostJobExecution = new ExecutionData(), }, }); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task3"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = new ExecutionData(), Execution = null, PostJobExecution = new ExecutionData(), }, }); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task4"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = new ExecutionData(), Execution = null, PostJobExecution = null, }, }); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task5"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = null, Execution = null, PostJobExecution = new ExecutionData(), }, }); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task6"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = new ExecutionData(), Execution = new ExecutionData(), PostJobExecution = null, }, }); _taskManager.Setup(x => x.Load(It.Is(t => t.DisplayName == "task7"))) .Returns(new Definition() { Data = new DefinitionData() { PreJobExecution = null, Execution = new ExecutionData(), PostJobExecution = new ExecutionData(), }, }); hc.SetSingleton(_taskManager.Object); hc.SetSingleton(_config.Object); hc.SetSingleton(_jobServerQueue.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_express.Object); hc.SetSingleton(_containerProvider.Object); hc.SetSingleton(_logPlugin.Object); hc.SetSingleton(_mockCiService.Object); hc.EnqueueInstance(_logger.Object); // jobcontext logger hc.EnqueueInstance(_logger.Object); // init step logger hc.EnqueueInstance(_logger.Object); // step 1 hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); // step 12 hc.EnqueueInstance(step1); hc.EnqueueInstance(step2); hc.EnqueueInstance(step3); hc.EnqueueInstance(step4); hc.EnqueueInstance(step5); hc.EnqueueInstance(step6); hc.EnqueueInstance(step7); hc.EnqueueInstance(step8); hc.EnqueueInstance(step9); hc.EnqueueInstance(step10); hc.EnqueueInstance(step11); hc.EnqueueInstance(step12); _jobEc.Initialize(hc); _jobEc.InitializeJob(_message, _tokenSource.Token); return hc; } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task JobExtensionSetupInfo() { using (CancellationTokenSource tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateTestContext(tokenSource)) { var config = hc.GetService(); var setupInfo = (List)config.GetSetupInfo(); setupInfo.Add(new SetupInfo() { Group = "Test Group", Detail = "Test Detail" }); setupInfo.Add(new SetupInfo() { Detail = "Environment: test\nVersion: 123" }); TestJobExtension testExtension = new TestJobExtension(); testExtension.Initialize(hc); await testExtension.InitializeJob(_jobEc, _message); _jobServerQueue.Verify(x => x.QueueWebConsoleLine(It.IsAny(), "##[group]Test Group", It.IsAny()), Times.Exactly(1)); _jobServerQueue.Verify(x => x.QueueWebConsoleLine(It.IsAny(), "Test Detail", It.IsAny()), Times.Exactly(1)); _jobServerQueue.Verify(x => x.QueueWebConsoleLine(It.IsAny(), "##[group]Machine Setup Info", It.IsAny()), Times.Exactly(1)); _jobServerQueue.Verify(x => x.QueueWebConsoleLine(It.IsAny(), "Environment: test", It.IsAny()), Times.Exactly(1)); _jobServerQueue.Verify(x => x.QueueWebConsoleLine(It.IsAny(), "Version: 123", It.IsAny()), Times.Exactly(1)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task JobExtensionSetupInfoMSI() { using CancellationTokenSource tokenSource = new CancellationTokenSource(); using TestHostContext hc = CreateMSITestContext(tokenSource); IConfigurationStore config = hc.GetService(); List setupInfo = (List)config.GetSetupInfo(); setupInfo.Add(new SetupInfo() { Group = "Test Group", Detail = "Test Detail" }); setupInfo.Add(new SetupInfo() { Detail = "Environment: test\nVersion: 123" }); TestJobExtension testExtension = new TestJobExtension(); testExtension.Initialize(hc); await testExtension.InitializeJob(_jobEc, _message); _jobServerQueue.Verify(x => x.QueueWebConsoleLine(It.IsAny(), "##[group]Test Group", It.IsAny()), Times.Exactly(1)); _jobServerQueue.Verify(x => x.QueueWebConsoleLine(It.IsAny(), "Test Detail", It.IsAny()), Times.Exactly(1)); _jobServerQueue.Verify(x => x.QueueWebConsoleLine(It.IsAny(), "##[group]Machine Setup Info", It.IsAny()), Times.Exactly(1)); _jobServerQueue.Verify(x => x.QueueWebConsoleLine(It.IsAny(), "Environment: test", It.IsAny()), Times.Exactly(1)); _jobServerQueue.Verify(x => x.QueueWebConsoleLine(It.IsAny(), "Version: 123", It.IsAny()), Times.Exactly(1)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task JobExtensioBuildStepsList() { using CancellationTokenSource tokenSource = new CancellationTokenSource(); using TestHostContext hc = CreateTestContext(tokenSource); TestJobExtension testExtension = new TestJobExtension(); testExtension.Initialize(hc); List result = await testExtension.InitializeJob(_jobEc, _message); var trace = hc.GetTrace(); trace.Info(string.Join(", ", result.Select(x => x.DisplayName))); Assert.Equal(12, result.Count); Assert.Equal("task2", result[0].DisplayName); Assert.Equal("task3", result[1].DisplayName); Assert.Equal("task4", result[2].DisplayName); Assert.Equal("task6", result[3].DisplayName); Assert.Equal("task1", result[4].DisplayName); Assert.Equal("task2", result[5].DisplayName); Assert.Equal("task6", result[6].DisplayName); Assert.Equal("task7", result[7].DisplayName); Assert.Equal("task7", result[8].DisplayName); Assert.Equal("task5", result[9].DisplayName); Assert.Equal("task3", result[10].DisplayName); Assert.Equal("task2", result[11].DisplayName); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task JobExtensioBuildStepsListMSI() { using CancellationTokenSource tokenSource = new CancellationTokenSource(); using TestHostContext hc = CreateMSITestContext(tokenSource); TestJobExtension testExtension = new TestJobExtension(); testExtension.Initialize(hc); List result = await testExtension.InitializeJob(_jobEc, _message); var trace = hc.GetTrace(); trace.Info(string.Join(", ", result.Select(x => x.DisplayName))); Assert.Equal(12, result.Count); Assert.Equal("task2", result[0].DisplayName); Assert.Equal("task3", result[1].DisplayName); Assert.Equal("task4", result[2].DisplayName); Assert.Equal("task6", result[3].DisplayName); Assert.Equal("task1", result[4].DisplayName); Assert.Equal("task2", result[5].DisplayName); Assert.Equal("task6", result[6].DisplayName); Assert.Equal("task7", result[7].DisplayName); Assert.Equal("task7", result[8].DisplayName); Assert.Equal("task5", result[9].DisplayName); Assert.Equal("task3", result[10].DisplayName); Assert.Equal("task2", result[11].DisplayName); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task JobExtensionIntraTaskState() { using CancellationTokenSource tokenSource = new CancellationTokenSource(); using TestHostContext hc = CreateTestContext(tokenSource); TestJobExtension testExtension = new TestJobExtension(); testExtension.Initialize(hc); List result = await testExtension.InitializeJob(_jobEc, _message); var trace = hc.GetTrace(); trace.Info(string.Join(", ", result.Select(x => x.DisplayName))); Assert.Equal(12, result.Count); result[0].ExecutionContext.TaskVariables.Set("state1", "value1", false); Assert.Equal("value1", result[5].ExecutionContext.TaskVariables.Get("state1")); Assert.Equal("value1", result[11].ExecutionContext.TaskVariables.Get("state1")); Assert.Null(result[4].ExecutionContext.TaskVariables.Get("state1")); Assert.Null(result[1].ExecutionContext.TaskVariables.Get("state1")); Assert.Null(result[2].ExecutionContext.TaskVariables.Get("state1")); Assert.Null(result[10].ExecutionContext.TaskVariables.Get("state1")); Assert.Null(result[6].ExecutionContext.TaskVariables.Get("state1")); Assert.Null(result[7].ExecutionContext.TaskVariables.Get("state1")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task JobExtensionIntraTaskStateMSI() { using CancellationTokenSource tokenSource = new CancellationTokenSource(); using TestHostContext hc = CreateMSITestContext(tokenSource); TestJobExtension testExtension = new TestJobExtension(); testExtension.Initialize(hc); List result = await testExtension.InitializeJob(_jobEc, _message); var trace = hc.GetTrace(); trace.Info(string.Join(", ", result.Select(x => x.DisplayName))); Assert.Equal(12, result.Count); result[0].ExecutionContext.TaskVariables.Set("state1", "value1", false); Assert.Equal("value1", result[5].ExecutionContext.TaskVariables.Get("state1")); Assert.Equal("value1", result[11].ExecutionContext.TaskVariables.Get("state1")); Assert.Null(result[4].ExecutionContext.TaskVariables.Get("state1")); Assert.Null(result[1].ExecutionContext.TaskVariables.Get("state1")); Assert.Null(result[2].ExecutionContext.TaskVariables.Get("state1")); Assert.Null(result[10].ExecutionContext.TaskVariables.Get("state1")); Assert.Null(result[6].ExecutionContext.TaskVariables.Get("state1")); Assert.Null(result[7].ExecutionContext.TaskVariables.Get("state1")); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public async Task JobExtensionManagementScriptStep() { using CancellationTokenSource tokenSource = new CancellationTokenSource(); using TestHostContext hc = CreateTestContext(tokenSource); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); Environment.SetEnvironmentVariable("VSTS_AGENT_INIT_INTERNAL_TEMP_HACK", "C:\\init.ps1"); Environment.SetEnvironmentVariable("VSTS_AGENT_CLEANUP_INTERNAL_TEMP_HACK", "C:\\cleanup.ps1"); Environment.SetEnvironmentVariable("DEBUG_MSI_LOGIN_INFO", "1"); try { TestJobExtension testExtension = new TestJobExtension(); testExtension.Initialize(hc); List result = await testExtension.InitializeJob(_jobEc, _message); var trace = hc.GetTrace(); trace.Info(string.Join(", ", result.Select(x => x.DisplayName))); Assert.Equal(14, result.Count); Assert.True(result[0] is ManagementScriptStep); Assert.True(result[13] is ManagementScriptStep); Assert.Equal(result[0].DisplayName, "Agent Initialization"); Assert.Equal(result[13].DisplayName, "Agent Cleanup"); } finally { Environment.SetEnvironmentVariable("VSTS_AGENT_INIT_INTERNAL_TEMP_HACK", ""); Environment.SetEnvironmentVariable("VSTS_AGENT_CLEANUP_INTERNAL_TEMP_HACK", ""); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public async Task JobExtensionManagementScriptStepMSI() { using CancellationTokenSource tokenSource = new CancellationTokenSource(); using TestHostContext hc = CreateMSITestContext(tokenSource); hc.EnqueueInstance(_logger.Object); hc.EnqueueInstance(_logger.Object); Environment.SetEnvironmentVariable("VSTS_AGENT_INIT_INTERNAL_TEMP_HACK", "C:\\init.ps1"); Environment.SetEnvironmentVariable("VSTS_AGENT_CLEANUP_INTERNAL_TEMP_HACK", "C:\\cleanup.ps1"); Environment.SetEnvironmentVariable("DEBUG_MSI_LOGIN_INFO", "1"); try { TestJobExtension testExtension = new TestJobExtension(); testExtension.Initialize(hc); List result = await testExtension.InitializeJob(_jobEc, _message); var trace = hc.GetTrace(); trace.Info(string.Join(", ", result.Select(x => x.DisplayName))); Assert.Equal(14, result.Count); Assert.True(result[0] is ManagementScriptStep); Assert.True(result[13] is ManagementScriptStep); Assert.Equal(result[0].DisplayName, "Agent Initialization"); Assert.Equal(result[13].DisplayName, "Agent Cleanup"); } finally { Environment.SetEnvironmentVariable("VSTS_AGENT_INIT_INTERNAL_TEMP_HACK", ""); Environment.SetEnvironmentVariable("VSTS_AGENT_CLEANUP_INTERNAL_TEMP_HACK", ""); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public async Task JobExtensionTelemetryPublisherSecretValue() { using CancellationTokenSource tokenSource = new CancellationTokenSource(); using TestHostContext hc = CreateMSITestContext(tokenSource); hc.EnqueueInstance(_asyncCommandContext.Object); hc.EnqueueInstance(_asyncCommandContext.Object); hc.EnqueueInstance(_asyncCommandContext.Object); hc.SetSingleton(new TaskRestrictionsChecker() as ITaskRestrictionsChecker); try { Environment.SetEnvironmentVariable("http_proxy", "http://admin:password@localhost.com"); var expectedEvent = new Dictionary() { { "JobId", null }, { "ProxyAddress-${http_proxy}", "http://admin:***@localhost.com"}, }; var actualEvents = new List(); _mockCiService.Setup(s => s.PublishEventsAsync(It.IsAny())) .Callback(actualEvents.Add) .Returns(Task.CompletedTask); TestJobExtension testExtension = new TestJobExtension(); testExtension.Initialize(hc); await testExtension.InitializeJob(_jobEc, _message); var result = actualEvents.Where(w => w[0].Properties.ContainsKey("ProxyAddress-${http_proxy}")); Assert.True(result?.Count() == 1); Assert.True( !expectedEvent.Except(result.First()[0].Properties).Any(), $"Event does not match. " + $"Expected:{JsonSerializer.Serialize(expectedEvent)};" + $"Actual:{JsonSerializer.Serialize(result.First()[0].Properties)}" ); } finally { Environment.SetEnvironmentVariable("http_proxy", ""); } } } } ================================================ FILE: src/Test/L0/Worker/JobRunnerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Moq; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.CompilerServices; using System.Threading.Tasks; using Xunit; using System.Threading; using System.Collections.ObjectModel; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class JobRunnerL0 { private IExecutionContext _jobEc; private JobRunner _jobRunner; private List _initResult = new List(); private Pipelines.AgentJobRequestMessage _message; private Mock _jobServer; private Mock _jobServerQueue; private Mock _proxyConfig; private Mock _cert; private Mock _config; private Mock _taskServer; private Mock _extensions; private Mock _stepRunner; private Mock _jobExtension; private Mock _logger; private Mock _temp; private Mock _diagnosticLogManager; private Mock _asyncCommandContext; private Mock _resourceMetricManager; private TestHostContext CreateTestContext([CallerMemberName] String testName = "") { var hc = new TestHostContext(this, testName); _jobEc = new Agent.Worker.ExecutionContext(); _config = new Mock(); _extensions = new Mock(); _jobExtension = new Mock(); _jobServer = new Mock(); _jobServerQueue = new Mock(); _proxyConfig = new Mock(); _cert = new Mock(); _taskServer = new Mock(); _stepRunner = new Mock(); _logger = new Mock(); _temp = new Mock(); _diagnosticLogManager = new Mock(); _asyncCommandContext = new Mock(); _resourceMetricManager = new Mock(); var expressionManager = new ExpressionManager(); expressionManager.Initialize(hc); hc.SetSingleton(expressionManager); _jobRunner = new JobRunner(); _jobRunner.Initialize(hc); TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new Timeline(Guid.NewGuid()); JobEnvironment environment = new JobEnvironment(); environment.Variables[Constants.Variables.System.Culture] = "en-US"; environment.SystemConnection = new ServiceEndpoint() { Name = WellKnownServiceEndpointNames.SystemVssConnection, Url = new Uri("https://test.visualstudio.com"), Authorization = new EndpointAuthorization() { Scheme = "Test", } }; environment.SystemConnection.Authorization.Parameters["AccessToken"] = "token"; List tasks = new List(); Guid JobId = Guid.NewGuid(); _message = Pipelines.AgentJobRequestMessageUtil.Convert(new AgentJobRequestMessage(plan, timeline, JobId, testName, testName, environment, tasks)); _extensions.Setup(x => x.GetExtensions()). Returns(new[] { _jobExtension.Object }.ToList()); _initResult.Clear(); _jobExtension.Setup(x => x.InitializeJob(It.IsAny(), It.IsAny())). Returns(Task.FromResult(_initResult)); _jobExtension.Setup(x => x.HostType) .Returns(null); _proxyConfig.Setup(x => x.ProxyAddress) .Returns(string.Empty); var settings = new AgentSettings { AgentId = 1, AgentName = "agent1", ServerUrl = "https://test.visualstudio.com", WorkFolder = "_work", }; _config.Setup(x => x.GetSettings()) .Returns(settings); _logger.Setup(x => x.Setup(It.IsAny(), It.IsAny())); hc.SetSingleton(_config.Object); hc.SetSingleton(_jobServer.Object); hc.SetSingleton(_jobServerQueue.Object); hc.SetSingleton(_proxyConfig.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_taskServer.Object); hc.SetSingleton(_stepRunner.Object); hc.SetSingleton(_extensions.Object); hc.SetSingleton(_temp.Object); hc.SetSingleton(_diagnosticLogManager.Object); hc.EnqueueInstance(_jobEc); hc.EnqueueInstance(_logger.Object); hc.SetSingleton(_asyncCommandContext.Object); hc.SetSingleton(_resourceMetricManager.Object); return hc; } private TestHostContext CreateMSITestContext([CallerMemberName] String testName = "") { var hc = new TestHostContext(this, testName); _jobEc = new Agent.Worker.ExecutionContext(); _config = new Mock(); _extensions = new Mock(); _jobExtension = new Mock(); _jobServer = new Mock(); _jobServerQueue = new Mock(); _proxyConfig = new Mock(); _cert = new Mock(); _taskServer = new Mock(); _stepRunner = new Mock(); _logger = new Mock(); _temp = new Mock(); _diagnosticLogManager = new Mock(); _asyncCommandContext = new Mock(); _resourceMetricManager = new Mock(); var expressionManager = new ExpressionManager(); expressionManager.Initialize(hc); hc.SetSingleton(expressionManager); _jobRunner = new JobRunner(); _jobRunner.Initialize(hc); TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference(); TimelineReference timeline = new Timeline(Guid.NewGuid()); JobEnvironment environment = new JobEnvironment(); environment.Variables[Constants.Variables.System.Culture] = "en-US"; environment.SystemConnection = new ServiceEndpoint() { Name = WellKnownServiceEndpointNames.SystemVssConnection, Url = new Uri("https://test.visualstudio.com"), Authorization = new EndpointAuthorization() { Scheme = "ManagedServiceIdentity", } }; environment.SystemConnection.Authorization.Parameters["AccessToken"] = "token"; List tasks = new List(); Guid JobId = Guid.NewGuid(); _message = Pipelines.AgentJobRequestMessageUtil.Convert(new AgentJobRequestMessage(plan, timeline, JobId, testName, testName, environment, tasks)); _extensions.Setup(x => x.GetExtensions()). Returns(new[] { _jobExtension.Object }.ToList()); _initResult.Clear(); _jobExtension.Setup(x => x.InitializeJob(It.IsAny(), It.IsAny())). Returns(Task.FromResult(_initResult)); _jobExtension.Setup(x => x.HostType) .Returns(null); _proxyConfig.Setup(x => x.ProxyAddress) .Returns(string.Empty); var settings = new AgentSettings { AgentId = 1, AgentName = "agent1", ServerUrl = "https://test.visualstudio.com", WorkFolder = "_work", }; _config.Setup(x => x.GetSettings()) .Returns(settings); _logger.Setup(x => x.Setup(It.IsAny(), It.IsAny())); hc.SetSingleton(_config.Object); hc.SetSingleton(_jobServer.Object); hc.SetSingleton(_jobServerQueue.Object); hc.SetSingleton(_proxyConfig.Object); hc.SetSingleton(_cert.Object); hc.SetSingleton(_taskServer.Object); hc.SetSingleton(_stepRunner.Object); hc.SetSingleton(_extensions.Object); hc.SetSingleton(_temp.Object); hc.SetSingleton(_diagnosticLogManager.Object); hc.EnqueueInstance(_jobEc); hc.EnqueueInstance(_logger.Object); hc.SetSingleton(_asyncCommandContext.Object); hc.SetSingleton(_resourceMetricManager.Object); return hc; } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task JobExtensionInitializeFailure() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateTestContext()) { _jobExtension.Setup(x => x.InitializeJob(It.IsAny(), It.IsAny())) .Throws(new Exception()); await _jobRunner.RunAsync(_message, _tokenSource.Token); Assert.Equal(TaskResult.Failed, _jobEc.Result); _stepRunner.Verify(x => x.RunAsync(It.IsAny(), It.IsAny>()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task JobExtensionInitializeFailureMSI() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateMSITestContext()) { _jobExtension.Setup(x => x.InitializeJob(It.IsAny(), It.IsAny())) .Throws(new Exception()); await _jobRunner.RunAsync(_message, _tokenSource.Token); Assert.Equal(TaskResult.Failed, _jobEc.Result); _stepRunner.Verify(x => x.RunAsync(It.IsAny(), It.IsAny>()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task JobExtensionInitializeCancelled() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateTestContext()) { _jobExtension.Setup(x => x.InitializeJob(It.IsAny(), It.IsAny())) .Throws(new OperationCanceledException()); _tokenSource.Cancel(); await _jobRunner.RunAsync(_message, _tokenSource.Token); Assert.Equal(TaskResult.Canceled, _jobEc.Result); _stepRunner.Verify(x => x.RunAsync(It.IsAny(), It.IsAny>()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task JobExtensionInitializeMSICancelled() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateMSITestContext()) { _jobExtension.Setup(x => x.InitializeJob(It.IsAny(), It.IsAny())) .Throws(new OperationCanceledException()); _tokenSource.Cancel(); await _jobRunner.RunAsync(_message, _tokenSource.Token); Assert.Equal(TaskResult.Canceled, _jobEc.Result); _stepRunner.Verify(x => x.RunAsync(It.IsAny(), It.IsAny>()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task EnableVerboseLoggingViaPipelineVariable() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateTestContext()) { // Set the pipeline variable to enable verbose trace _message.Variables["VSTSAGENT_TRACE"] = "true"; await _jobRunner.RunAsync(_message, _tokenSource.Token); var traceManager = hc.GetService(); Assert.NotNull(traceManager); Assert.Equal(System.Diagnostics.SourceLevels.Verbose, traceManager.Switch.Level); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task UploadDiganosticLogIfEnvironmentVariableSet() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateTestContext()) { _message.Variables[Constants.Variables.Agent.Diagnostic] = "true"; await _jobRunner.RunAsync(_message, _tokenSource.Token); _diagnosticLogManager.Verify(x => x.UploadDiagnosticLogsAsync(It.IsAny(), It.IsAny(), It.IsAny()), Times.Once); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task UploadDiganosticLogIfEnvironmentVariableSetMSI() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateMSITestContext()) { _message.Variables[Constants.Variables.Agent.Diagnostic] = "true"; await _jobRunner.RunAsync(_message, _tokenSource.Token); _diagnosticLogManager.Verify(x => x.UploadDiagnosticLogsAsync(It.IsAny(), It.IsAny(), It.IsAny()), Times.Once); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task DontUploadDiagnosticLogIfEnvironmentVariableFalse() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateTestContext()) { _message.Variables[Constants.Variables.Agent.Diagnostic] = "false"; await _jobRunner.RunAsync(_message, _tokenSource.Token); _diagnosticLogManager.Verify(x => x.UploadDiagnosticLogsAsync(It.IsAny(), It.IsAny(), It.IsAny()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task DontUploadDiagnosticLogIfEnvironmentVariableFalseMSI() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateTestContext()) { _message.Variables[Constants.Variables.Agent.Diagnostic] = "false"; await _jobRunner.RunAsync(_message, _tokenSource.Token); _diagnosticLogManager.Verify(x => x.UploadDiagnosticLogsAsync(It.IsAny(), It.IsAny(), It.IsAny()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task DontUploadDiagnosticLogIfEnvironmentVariableMissing() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateTestContext()) { await _jobRunner.RunAsync(_message, _tokenSource.Token); _diagnosticLogManager.Verify(x => x.UploadDiagnosticLogsAsync(It.IsAny(), It.IsAny(), It.IsAny()), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DontUpdateWebConsoleLineRateIfJobServerQueueIsNull() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateTestContext()) { _jobRunner.JobServerQueue = null; _jobRunner.UpdateMetadata(new JobMetadataMessage(It.IsAny(), It.IsAny())); _jobServerQueue.Verify(x => x.UpdateWebConsoleLineRate(It.IsAny()), Times.Never()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DontUpdateWebConsoleLineRateIfJobServerQueueIsNullMSI() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateMSITestContext()) { _jobRunner.JobServerQueue = null; _jobRunner.UpdateMetadata(new JobMetadataMessage(It.IsAny(), It.IsAny())); _jobServerQueue.Verify(x => x.UpdateWebConsoleLineRate(It.IsAny()), Times.Never()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void UpdateWebConsoleLineRateIfJobServerQueueIsNotNull() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateTestContext()) { _jobRunner.JobServerQueue = hc.GetService(); _jobRunner.UpdateMetadata(new JobMetadataMessage(It.IsAny(), It.IsAny())); _jobServerQueue.Verify(x => x.UpdateWebConsoleLineRate(It.IsAny()), Times.Once()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void UpdateWebConsoleLineRateIfJobServerQueueIsNotNullMSI() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateMSITestContext()) { _jobRunner.JobServerQueue = hc.GetService(); _jobRunner.UpdateMetadata(new JobMetadataMessage(It.IsAny(), It.IsAny())); _jobServerQueue.Verify(x => x.UpdateWebConsoleLineRate(It.IsAny()), Times.Once()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "linux")] [Trait("SkipOn", "darwin")] public async Task ServerOMDirectoryVariableSetCorrectlyOnWindows() { using (var _tokenSource = new CancellationTokenSource()) using (TestHostContext hc = CreateTestContext()) { await _jobRunner.RunAsync(_message, _tokenSource.Token); Assert.True(_jobEc.Variables.TryGetValue("Agent.ServerOMDirectory", out _), "ServerOM directory variable should be set on Windows platform"); } } } } ================================================ FILE: src/Test/L0/Worker/LoggingCommandL0.cs ================================================ using Microsoft.VisualStudio.Services.Agent.Util; // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Linq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public class LoggingCommandL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "LoggingCommand")] public void CommandParserTest() { //Arrange using (var hc = new TestHostContext(this)) { string vso; Command test; Command verify; //##vso[area.event k1=v1;]msg vso = "##vso[area.event k1=v1;]msg"; test = new Command("area", "event") { Data = "msg", }; test.Properties.Add("k1", "v1"); Assert.True(Command.TryParse(vso, true, out verify)); Assert.True(IsEqualCommand(hc, test, verify)); vso = ""; test = null; verify = null; //##vso[area.event] vso = "##vso[area.event]"; test = new Command("area", "event"); Assert.True(Command.TryParse(vso, true, out verify)); Assert.True(IsEqualCommand(hc, test, verify)); vso = ""; test = null; verify = null; //##vso[area.event k1=%3B=%0D=%0A=%5D;]%3B-%0D-%0A-%5D vso = "##vso[area.event k1=%3B=%0D=%0A=%5D%AZP25;]%3B-%0D-%0A-%5D%AZP253B"; test = new Command("area", "event") { Data = ";-\r-\n-]%AZP253B", }; test.Properties.Add("k1", ";=\r=\n=]%AZP25"); Assert.True(Command.TryParse(vso, false, out verify)); Assert.True(IsEqualCommand(hc, test, verify)); vso = ""; test = null; verify = null; //##vso[area.event k1=%3B=%0D=%0A=%5D;]%3B-%0D-%0A-%5D vso = "##vso[area.event k1=%3B=%0D=%0A=%5D%AZP25;]%3B-%0D-%0A-%5D%AZP253B"; test = new Command("area", "event") { Data = ";-\r-\n-]%3B", }; test.Properties.Add("k1", ";=\r=\n=]%"); Assert.True(Command.TryParse(vso, true, out verify)); Assert.True(IsEqualCommand(hc, test, verify)); vso = ""; test = null; verify = null; //##vso[area.event k1=;k2=;] vso = "##vso[area.event k1=;k2=;]"; test = new Command("area", "event"); test.Properties.Add("k1", ""); test.Properties.Add("k2", null); Assert.True(Command.TryParse(vso, true, out verify)); test = new Command("area", "event"); Assert.True(IsEqualCommand(hc, test, verify)); vso = ""; test = null; verify = null; //>>> ##vso[area.event k1=;k2=;] vso = ">>> ##vso[area.event k1=v1;]msg"; test = new Command("area", "event") { Data = "msg", }; test.Properties.Add("k1", "v1"); Assert.True(Command.TryParse(vso, true, out verify)); Assert.True(IsEqualCommand(hc, test, verify)); } } private bool IsEqualCommand(IHostContext hc, Command e1, Command e2) { try { if (!string.Equals(e1.Area, e2.Area, StringComparison.OrdinalIgnoreCase)) { hc.GetTrace("CommandEqual").Info(StringUtil.Format("Area 1={0}, Area 2={1}", e1.Area, e2.Area)); return false; } if (!string.Equals(e1.Event, e2.Event, StringComparison.OrdinalIgnoreCase)) { hc.GetTrace("CommandEqual").Info(StringUtil.Format("Event 1={0}, Event 2={1}", e1.Event, e2.Event)); return false; } if (!string.Equals(e1.Data, e2.Data, StringComparison.OrdinalIgnoreCase) && (!string.IsNullOrEmpty(e1.Data) && !string.IsNullOrEmpty(e2.Data))) { hc.GetTrace("CommandEqual").Info(StringUtil.Format("Data 1={0}, Data 2={1}", e1.Data, e2.Data)); return false; } if (e1.Properties.Count != e2.Properties.Count) { hc.GetTrace("CommandEqual").Info($"Logging events contain different numbers of Properties,{e1.Properties.Count} to {e2.Properties.Count}"); return false; } if (!e1.Properties.SequenceEqual(e2.Properties)) { hc.GetTrace("CommandEqual").Info("Logging events contain different Properties"); hc.GetTrace("CommandEqual").Info("Properties for event 1:"); foreach (var data in e1.Properties) { hc.GetTrace("CommandEqual").Info(StringUtil.Format("Key={0}, Value={1}", data.Key, data.Value)); } hc.GetTrace("CommandEqual").Info("Properties for event 2:"); foreach (var data in e2.Properties) { hc.GetTrace("CommandEqual").Info(StringUtil.Format("Key={0}, Value={1}", data.Key, data.Value)); } return false; } } catch (Exception ex) { hc.GetTrace("CommandEqual").Info("Catch Exception during compare:{0}", ex.ToString()); return false; } return true; } } } ================================================ FILE: src/Test/L0/Worker/PluginInternalUpdateRepositoryPathCommandL0.cs ================================================ using System; using System.Collections.Generic; using System.Runtime.CompilerServices; using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Tests; using Microsoft.VisualStudio.Services.Agent.Worker; using Moq; using Xunit; namespace Test.L0.Worker { public class PluginInternalUpdateRepositoryPathCommandL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "PluginInternalCommandExtension")] public void Execute_should_throw_appropriately() { using (TestHostContext hc = CreateTestContext()) { InitializeExecutionContext(hc); var updateRepoPath = new PluginInternalUpdateRepositoryPathCommand(); var command = new Microsoft.VisualStudio.Services.Agent.Command("area", "event"); // missing alias Assert.Throws(() => updateRepoPath.Execute(_ec.Object, command)); // add alias, still missing matching repository command.Properties.Add("alias", "repo1"); Assert.Throws(() => updateRepoPath.Execute(_ec.Object, command)); // add repository, still missing data _repositories.Add(new RepositoryResource() { Alias = "repo1" }); Assert.Throws(() => updateRepoPath.Execute(_ec.Object, command)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PluginInternalCommandExtension")] public void Execute_should_set_paths_appropriately_for_self_repo() { using (TestHostContext hc = CreateTestContext()) { InitializeExecutionContext(hc); var updateRepoPath = new PluginInternalUpdateRepositoryPathCommand(); var command = new Microsoft.VisualStudio.Services.Agent.Command("area", "event"); command.Properties.Add("alias", "self"); command.Data = "/1/newPath"; updateRepoPath.Execute(_ec.Object, command); Assert.Equal("/1/newPath", _selfRepo.Properties.Get(RepositoryPropertyNames.Path)); Assert.Equal("/1/otherRepo", _otherRepo.Properties.Get(RepositoryPropertyNames.Path)); Assert.Equal("/1/newPath", _variables.Get(Constants.Variables.Build.SourcesDirectory)); Assert.Equal("/1/newPath", _variables.Get(Constants.Variables.Build.RepoLocalPath)); Assert.Equal("/1/newPath", _variables.Get(Constants.Variables.System.DefaultWorkingDirectory)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PluginInternalCommandExtension")] public void Execute_should_set_paths_appropriately_for_nonSelf_repo() { using (TestHostContext hc = CreateTestContext()) { InitializeExecutionContext(hc); var updateRepoPath = new PluginInternalUpdateRepositoryPathCommand(); var command = new Microsoft.VisualStudio.Services.Agent.Command("area", "event"); command.Properties.Add("alias", "repo2"); command.Data = "/1/newPath"; updateRepoPath.Execute(_ec.Object, command); Assert.Equal("/1/s", _selfRepo.Properties.Get(RepositoryPropertyNames.Path)); Assert.Equal("/1/newPath", _otherRepo.Properties.Get(RepositoryPropertyNames.Path)); Assert.Equal("/1/newPath", _variables.Get(Constants.Variables.Build.SourcesDirectory)); Assert.Equal("/1/newPath", _variables.Get(Constants.Variables.Build.RepoLocalPath)); Assert.Equal("/1/newPath", _variables.Get(Constants.Variables.System.DefaultWorkingDirectory)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PluginInternalCommandExtension")] public void Execute_should_set_paths_appropriately_for_self_repo_with_multiple_checkouts() { using (TestHostContext hc = CreateTestContext()) { InitializeExecutionContext(hc, true); var updateRepoPath = new PluginInternalUpdateRepositoryPathCommand(); var command = new Microsoft.VisualStudio.Services.Agent.Command("area", "event"); command.Properties.Add("alias", "self"); command.Data = "/1/newPath"; updateRepoPath.Execute(_ec.Object, command); Assert.Equal("/1/newPath", _selfRepo.Properties.Get(RepositoryPropertyNames.Path)); Assert.Equal("/1/otherRepo", _otherRepo.Properties.Get(RepositoryPropertyNames.Path)); Assert.Equal(null, _variables.Get(Constants.Variables.Build.SourcesDirectory)); Assert.Equal("newPath", GetLastPathPart(_variables.Get(Constants.Variables.Build.RepoLocalPath))); Assert.Equal(null, _variables.Get(Constants.Variables.System.DefaultWorkingDirectory)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "PluginInternalCommandExtension")] public void Execute_should_set_paths_appropriately_for_nonSelf_repo_with_multiple_checkouts() { using (TestHostContext hc = CreateTestContext()) { InitializeExecutionContext(hc, true); var updateRepoPath = new PluginInternalUpdateRepositoryPathCommand(); var command = new Microsoft.VisualStudio.Services.Agent.Command("area", "event"); command.Properties.Add("alias", "repo2"); command.Data = "/1/newPath"; updateRepoPath.Execute(_ec.Object, command); Assert.Equal("/1/s", _selfRepo.Properties.Get(RepositoryPropertyNames.Path)); Assert.Equal("/1/newPath", _otherRepo.Properties.Get(RepositoryPropertyNames.Path)); Assert.Equal(null, _variables.Get(Constants.Variables.Build.SourcesDirectory)); Assert.Equal(null, GetLastPathPart(_variables.Get(Constants.Variables.Build.RepoLocalPath))); Assert.Equal(null, _variables.Get(Constants.Variables.System.DefaultWorkingDirectory)); } } private TestHostContext CreateTestContext([CallerMemberName] String testName = "") { var hc = new TestHostContext(this, testName); _expressionManager = new ExpressionManager(); _expressionManager.Initialize(hc); return hc; } private void InitializeExecutionContext(TestHostContext hc, bool isMultiCheckout = false) { List warnings; _variables = new Variables( hostContext: hc, copy: new Dictionary(), warnings: out warnings); _repositories = new List(); _selfRepo = new RepositoryResource() { Alias = "self", Id = Guid.NewGuid().ToString(), Name = "mainRepo", Type = "git", }; _selfRepo.Properties.Set(RepositoryPropertyNames.Path, "/1/s"); _otherRepo = new RepositoryResource() { Alias = "repo2", Id = Guid.NewGuid().ToString(), Name = "otherRepo", Type = "git", }; _otherRepo.Properties.Set(RepositoryPropertyNames.Path, "/1/otherRepo"); _repositories.Add(_selfRepo); _repositories.Add(_otherRepo); _ec = new Mock(); _ec.SetupAllProperties(); _ec.Setup(x => x.Variables).Returns(_variables); _ec.Setup(x => x.Repositories).Returns(_repositories); _ec.Setup(x => x.GetHostContext()).Returns(hc); _ec.Setup(x => x.SetVariable(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Callback((name, value, secret, b2, b3, readOnly, preserveCase) => _variables.Set(name, value, secret, readOnly, preserveCase)); if (isMultiCheckout) { var jobSettings = new Dictionary(StringComparer.OrdinalIgnoreCase); jobSettings.Add(Agent.Sdk.WellKnownJobSettings.HasMultipleCheckouts, Boolean.TrueString); _ec.Setup(x => x.JobSettings).Returns(jobSettings); } var directoryManager = new Mock(); directoryManager.Setup(x => x.GetRelativeRepositoryPath(It.IsAny(), It.IsAny(), It.IsAny())) .Returns((bd, path, context) => GetLastPathPart(path)); hc.SetSingleton(directoryManager.Object); } private string GetLastPathPart(string path) { return path?.Substring(path.LastIndexOfAny(new char[] { '/', '\\' }) + 1); } private RepositoryResource _selfRepo; private RepositoryResource _otherRepo; private Mock _ec; private ExpressionManager _expressionManager; private Variables _variables; private List _repositories; } } ================================================ FILE: src/Test/L0/Worker/Release/AgentUtlitiesL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Release; using Xunit; namespace Test.L0.Worker.Release { public sealed class AgentUtlitiesL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Common")] public void VetGetPrintableEnvironmentVariables() { List variables = new List { new Variable("key.B", "value1", secret: false, readOnly: false, preserveCase: false), new Variable("key A", "value2", secret: false, readOnly: false, preserveCase: false), new Variable("keyC", "value3", secret: false, readOnly: false, preserveCase: false), }; string expectedResult = $"{Environment.NewLine}\t\t\t\t[{FormatVariable(variables[1].Name)}] --> [{variables[1].Value}]" + $"{Environment.NewLine}\t\t\t\t[{FormatVariable(variables[0].Name)}] --> [{variables[0].Value}]" + $"{Environment.NewLine}\t\t\t\t[{FormatVariable(variables[2].Name)}] --> [{variables[2].Value}]"; string result = AgentUtilities.GetPrintableEnvironmentVariables(variables); Assert.Equal(expectedResult, result); } private string FormatVariable(string key) { return key.ToUpperInvariant().Replace(".", "_").Replace(" ", "_"); } } } ================================================ FILE: src/Test/L0/Worker/Release/FetchEngineL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Text; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Worker.Release; using Microsoft.VisualStudio.Services.Agent.Worker.Release.ContainerFetchEngine; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Release { public sealed class FetchEngineL0 { private readonly IEnumerable mockContainerItems = new List { DummyConatinerItem1, DummyConatinerItem2 }; private readonly byte[] mockItemContent = Encoding.UTF8.GetBytes("Item Content"); private readonly ContainerFetchEngineOptions containerFetchEngineTestOptions = new ContainerFetchEngineOptions { RetryInterval = TimeSpan.FromMilliseconds(1), RetryLimit = 1, ParallelDownloadLimit = 1, GetFileAsyncTimeout = TimeSpan.FromMilliseconds(1000), }; private static readonly ContainerItem DummyConatinerItem1 = new ContainerItem { ContainerId = 1, ItemType = ItemType.File, FileLength = 52, Path = "c:\\drop\\file1.txt" }; private static readonly ContainerItem DummyConatinerItem2 = new ContainerItem { ContainerId = 2, ItemType = ItemType.File, FileLength = 52, Path = "c:\\drop\\file2.txt" }; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void ShouldDownloadAllTheFiles() { var stubContainerProvider = new StubContainerProvider(mockContainerItems, (item1, c) => mockItemContent); using (var fetchEngine = GetFetchEngine(stubContainerProvider, CancellationToken.None)) { Task fetchAsync = fetchEngine.FetchAsync(CancellationToken.None); await fetchAsync; Assert.Equal(1, stubContainerProvider.GetItemsAsynCounter); Assert.Equal(mockContainerItems, stubContainerProvider.GetFileTaskArguments); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void ShouldNotDoParallelDownloadIfSpecified() { int concurrentAccessCount = 0; var stubContainerProvider = new StubContainerProvider(mockContainerItems, (item1, c) => { concurrentAccessCount++; Thread.Sleep(10); if (concurrentAccessCount == 1) { concurrentAccessCount = 0; } return mockItemContent; }); containerFetchEngineTestOptions.ParallelDownloadLimit = 1; using (var fetchEngine = GetFetchEngine(stubContainerProvider, CancellationToken.None)) { Task fetchAsync = fetchEngine.FetchAsync(CancellationToken.None); await fetchAsync; Assert.Equal(0, concurrentAccessCount); } } /* [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task ShouldHonorRetryLimit() { int fetchCount = 0; var stubContainerProvider = new StubContainerProvider( new List { DummyConatinerItem1 }, (item1, c) => { fetchCount++; if (fetchCount == 1) { throw new FileNotFoundException(); } return mockItemContent; }); containerFetchEngineTestOptions.RetryLimit = 2; var fetchEngine = GetFetchEngine(stubContainerProvider, CancellationToken.None); Task fetchAsync = fetchEngine.FetchAsync(CancellationToken.None); await fetchAsync; Assert.Equal(containerFetchEngineTestOptions.RetryLimit, fetchCount); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task ShouldCancelAllDownloadsOnException() { bool isTaskCancelled = false; var stubContainerProvider = new StubContainerProvider( new List { DummyConatinerItem1, DummyConatinerItem2 }, (item1, c) => { Thread.Sleep(300); if (((ContainerItem)item1).ContainerId == 1) { throw new FileNotFoundException(); } while (!c.IsCancellationRequested) { } isTaskCancelled = c.IsCancellationRequested; return mockItemContent; }); containerFetchEngineTestOptions.RetryLimit = 0; containerFetchEngineTestOptions.ParallelDownloadLimit = 2; var fetchEngine = GetFetchEngine(stubContainerProvider, CancellationToken.None); Task fetchAsync = fetchEngine.FetchAsync(CancellationToken.None); try { await fetchAsync; } catch { // ignored } Assert.Equal(isTaskCancelled, true); } */ [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task ShouldSupportCancellation() { var stubContainerProvider = new StubContainerProvider( mockContainerItems, (item1, c) => { Thread.Sleep(30); return mockItemContent; }); using (var cancellationTokenSource = new CancellationTokenSource()) using (var fetchEngine = GetFetchEngine(stubContainerProvider, CancellationToken.None)) { cancellationTokenSource.Cancel(); Task fetchAsync = fetchEngine.FetchAsync(cancellationTokenSource.Token); await fetchAsync; Assert.Equal(0, stubContainerProvider.GetFileTaskArguments.Count); } } private ContainerFetchEngine GetFetchEngine(StubContainerProvider stubContainerProvider, CancellationToken token) { return new ContainerFetchEngine(stubContainerProvider, string.Empty, "c:\\") { FileSystemManager = new Mock().Object, ContainerFetchEngineOptions = containerFetchEngineTestOptions }; } } public class StubContainerProvider : IContainerProvider { private readonly Func getItemFunc; public StubContainerProvider(IEnumerable containerItems, Func itemFunc) { Items = containerItems; getItemFunc = itemFunc; GetFileTaskArguments = new List(); } public int GetItemsAsynCounter { get; private set; } public List GetFileTaskArguments { get; private set; } public IEnumerable Items { get; private set; } public Task> GetItemsAsync() { GetItemsAsynCounter++; return Task.Run(() => Items); } public Task GetFileTask(ContainerItem item, CancellationToken cancellationToken) { GetFileTaskArguments.Add(item); Task fileTask = Task.Run( () => { Stream memoryStream = new MemoryStream(getItemFunc(item, cancellationToken)); return memoryStream; }); return fileTask; } } } ================================================ FILE: src/Test/L0/Worker/Release/GitHubArtifactL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Runtime.CompilerServices; using System.Threading; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Microsoft.VisualStudio.Services.WebApi; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Release { public sealed class GitHubArtifactL0 { private Mock _ec; private Mock _extensionManager; private Mock _sourceProvider; private ArtifactDefinition _artifactDefinition; private Variables _variables; private const string _expectedGitHubUrl = "https://api.github.com/repos/contoso"; private const string _githubConnectionName = "githubconnection"; private const string _expectedBranchName = "/refs/head/testbranch"; private const string _expectedVersion = "version"; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void MissingEndpointShouldThrowException() { using (TestHostContext tc = Setup()) { var artifact = new GitHubArtifact(); _ec.Setup(x => x.Endpoints) .Returns( new List { new ServiceEndpoint { Name = "Some endpoint name", Url = new Uri("http://contoso.visualstudio.com") } }); Assert.Throws( () => artifact.DownloadAsync(_ec.Object, _artifactDefinition, "temp").SyncResult()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void GitHubArtifactShouldCallGetSourceWithCorrectParameter() { using (TestHostContext tc = Setup()) { var gitHubArtifact = new GitHubArtifact(); gitHubArtifact.Initialize(tc); var expectedPath = "expectedLocalPath"; _ec.Setup(x => x.Endpoints) .Returns( new List { new ServiceEndpoint { Name = _githubConnectionName, Url = new Uri("http://contoso.visualstudio.com"), Authorization = new EndpointAuthorization() } }); await gitHubArtifact.DownloadAsync(_ec.Object, _artifactDefinition, expectedPath); // verify github endpoint is set correctly _sourceProvider.Verify( x => x.GetSourceAsync( It.IsAny(), It.Is(y => y.Url.Equals(new Uri(_expectedGitHubUrl)) && y.Authorization.Scheme.Equals(EndpointAuthorizationSchemes.OAuth) && y.Data.ContainsKey(Constants.EndpointData.SourcesDirectory) && y.Data.ContainsKey(Constants.EndpointData.SourceBranch) && y.Data.ContainsKey(Constants.EndpointData.SourceVersion) && y.Data.ContainsKey("fetchDepth") && y.Data.ContainsKey("GitLfsSupport") && y.Data.ContainsKey(EndpointData.CheckoutSubmodules)), It.IsAny())); } } private TestHostContext Setup([CallerMemberName] string name = "") { TestHostContext hc = new TestHostContext(this, name); _ec = new Mock(); _artifactDefinition = new ArtifactDefinition { Version = _expectedVersion, Details = new GitHubArtifactDetails { ConnectionName = _githubConnectionName, CloneUrl = new Uri(_expectedGitHubUrl), Branch = _expectedBranchName } }; _extensionManager = new Mock(); _sourceProvider = new Mock(); List warnings; _variables = new Variables(hc, new Dictionary(), out warnings); hc.SetSingleton(_extensionManager.Object); _ec.Setup(x => x.Variables).Returns(_variables); _extensionManager.Setup(x => x.GetExtensions()) .Returns(new List { _sourceProvider.Object }); _sourceProvider.Setup(x => x.RepositoryType).Returns(Microsoft.TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.GitHub); return hc; } } } ================================================ FILE: src/Test/L0/Worker/Release/JenkinsArtifactL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Runtime.CompilerServices; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Release { public sealed class JenkinsArtifactL0 { private Mock _ec; private Mock _httpClient; private Mock _extensionManager; private ArtifactDefinition _artifactDefinition; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void IfNoCommitVersionExistsInArtifactDetailsNoIssueShouldBeAdded() { using (TestHostContext tc = Setup()) { var trace = tc.GetTrace(); var artifact = new JenkinsArtifact(); artifact.Initialize(tc); await artifact.DownloadCommitsAsync(_ec.Object, _artifactDefinition, "test"); _ec.Verify(x => x.AddIssue(It.Is(y => y.Type == IssueType.Warning)), Times.Never); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void ShouldLogAnIssueIfEndVersionIsInvalidInArtifactDetail() { using (TestHostContext tc = Setup()) { var trace = tc.GetTrace(); JenkinsArtifactDetails details = _artifactDefinition.Details as JenkinsArtifactDetails; details.EndCommitArtifactVersion = "xx"; var artifact = new JenkinsArtifact(); artifact.Initialize(tc); await artifact.DownloadCommitsAsync(_ec.Object, _artifactDefinition, "test"); _ec.Verify(x => x.AddIssue(It.Is(y => y.Type == IssueType.Warning)), Times.Once); } } [Fact] [TraitAttribute("Level", "L0")] [TraitAttribute("Category", "Worker")] public async void MissingStartVersionShouldDownloadCommitsFromSingleBuild() { using (TestHostContext tc = Setup()) { JenkinsArtifactDetails details = _artifactDefinition.Details as JenkinsArtifactDetails; details.EndCommitArtifactVersion = "10"; var artifact = new JenkinsArtifact(); artifact.Initialize(tc); string expectedUrl = $"{details.Url}/job/{details.JobName}/{details.EndCommitArtifactVersion}/api/json?tree=number,result,changeSet[items[commitId,date,msg,author[fullName]]]"; await artifact.DownloadCommitsAsync(_ec.Object, _artifactDefinition, tc.GetDirectory(WellKnownDirectory.Root)); _httpClient.Verify(x => x.GetStringAsync(It.Is(y => y.StartsWith(expectedUrl)), It.IsAny(), It.IsAny(), It.IsAny()), Times.Once); } } [Fact] [TraitAttribute("Level", "L0")] [TraitAttribute("Category", "Worker")] public async void JenkinsCommitsShouldBeFetchedBetweenBuildRange() { using (TestHostContext tc = Setup()) { JenkinsArtifactDetails details = _artifactDefinition.Details as JenkinsArtifactDetails; details.StartCommitArtifactVersion = "10"; details.EndCommitArtifactVersion = "20"; var artifact = new JenkinsArtifact(); artifact.Initialize(tc); SetupBuildRangeQuery(details, "{ \"allBuilds\": [{ \"number\": 20 }, { \"number\": 10 }, { \"number\": 2 } ] }"); string expectedUrl = $"{details.Url}/job/{details.JobName}/api/json?tree=builds[number,result,changeSet[items[commitId,date,msg,author[fullName]]]]{{0,1}}"; await artifact.DownloadCommitsAsync(_ec.Object, _artifactDefinition, tc.GetDirectory(WellKnownDirectory.Root)); _httpClient.Verify(x => x.GetStringAsync(It.Is(y => y.StartsWith(expectedUrl)), It.IsAny(), It.IsAny(), It.IsAny()), Times.Once); } } [Fact] [TraitAttribute("Level", "L0")] [TraitAttribute("Category", "Worker")] public async void JenkinsRollbackCommitsShouldBeFetched() { using (TestHostContext tc = Setup()) { JenkinsArtifactDetails details = _artifactDefinition.Details as JenkinsArtifactDetails; details.StartCommitArtifactVersion = "20"; details.EndCommitArtifactVersion = "10"; var artifact = new JenkinsArtifact(); artifact.Initialize(tc); SetupBuildRangeQuery(details, "{ \"allBuilds\": [{ \"number\": 20 }, { \"number\": 10 }, { \"number\": 2 } ] }"); string expectedUrl = $"{details.Url}/job/{details.JobName}/api/json?tree=builds[number,result,changeSet[items[commitId,date,msg,author[fullName]]]]{{0,1}}"; await artifact.DownloadCommitsAsync(_ec.Object, _artifactDefinition, tc.GetDirectory(WellKnownDirectory.Root)); _httpClient.Verify(x => x.GetStringAsync(It.Is(y => y.StartsWith(expectedUrl)), It.IsAny(), It.IsAny(), It.IsAny()), Times.Once); } } [Fact] [TraitAttribute("Level", "L0")] [TraitAttribute("Category", "Worker")] public async void JenkinsCommitsShouldLogAnIssueIfBuildIsDeleted() { using (TestHostContext tc = Setup()) { JenkinsArtifactDetails details = _artifactDefinition.Details as JenkinsArtifactDetails; details.StartCommitArtifactVersion = "10"; details.EndCommitArtifactVersion = "20"; var artifact = new JenkinsArtifact(); artifact.Initialize(tc); SetupBuildRangeQuery(details, "{ \"allBuilds\": [{ \"number\": 30 }, { \"number\": 29 }, { \"number\": 28 } ] }"); await artifact.DownloadCommitsAsync(_ec.Object, _artifactDefinition, tc.GetDirectory(WellKnownDirectory.Root)); _ec.Verify(x => x.AddIssue(It.Is(y => y.Type == IssueType.Warning)), Times.Once); } } [Fact] [TraitAttribute("Level", "L0")] [TraitAttribute("Category", "Worker")] public async void CommitsShouldBeUploadedAsAttachment() { using (TestHostContext tc = Setup()) { string commitRootDirectory = Path.Combine(tc.GetDirectory(WellKnownDirectory.Work), Guid.NewGuid().ToString("D")); Directory.CreateDirectory(commitRootDirectory); try { JenkinsArtifactDetails details = _artifactDefinition.Details as JenkinsArtifactDetails; details.StartCommitArtifactVersion = "10"; details.EndCommitArtifactVersion = "20"; var artifact = new JenkinsArtifact(); artifact.Initialize(tc); SetupBuildRangeQuery(details, "{ \"allBuilds\": [{ \"number\": 20 }, { \"number\": 10 }, { \"number\": 2 } ] }"); string commitResult = " {\"builds\": [{ \"number\":9, \"result\":\"SUCCESS\", \"changeSet\": { \"items\": [{ \"commitId\" : \"2869c7ccd0b1b649ba6765e89ee5ff36ef6d4805\", \"author\": { \"fullName\" : \"testuser\" }, \"msg\":\"test\" }]}}]}"; string commitsUrl = $"{details.Url}/job/{details.JobName}/api/json?tree=builds[number,result,changeSet[items[commitId,date,msg,author[fullName]]]]{{0,1}}"; _httpClient.Setup(x => x.GetStringAsync(It.Is(y => y.StartsWith(commitsUrl)), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(commitResult)); string commitFilePath = Path.Combine(commitRootDirectory, $"commits_{details.Alias}_1.json"); await artifact.DownloadCommitsAsync(_ec.Object, _artifactDefinition, commitRootDirectory); _ec.Verify(x => x.QueueAttachFile(It.Is(y => y.Equals(CoreAttachmentType.FileAttachment)), It.IsAny(), It.IsAny()), Times.Once); } finally { IOUtil.DeleteDirectory(commitRootDirectory, CancellationToken.None); } } } [Fact] [TraitAttribute("Level", "L0")] [TraitAttribute("Category", "Worker")] public async void CommitsShoulHaveUrlIfItsGitRepo() { using (TestHostContext tc = Setup()) { string commitRootDirectory = Path.Combine(tc.GetDirectory(WellKnownDirectory.Work), Guid.NewGuid().ToString("D")); Directory.CreateDirectory(commitRootDirectory); try { JenkinsArtifactDetails details = _artifactDefinition.Details as JenkinsArtifactDetails; details.StartCommitArtifactVersion = "10"; details.EndCommitArtifactVersion = "20"; var artifact = new JenkinsArtifact(); artifact.Initialize(tc); SetupBuildRangeQuery(details, "{ \"allBuilds\": [{ \"number\": 20 }, { \"number\": 10 }, { \"number\": 2 } ] }"); string commitResult = " {\"builds\": [{ \"number\":9, \"result\":\"SUCCESS\", \"changeSet\": { \"items\": [{ \"commitId\" : \"2869c7ccd0b1b649ba6765e89ee5ff36ef6d4805\", \"author\": { \"fullName\" : \"testuser\" }, \"msg\":\"test\" }]}}]}"; string commitsUrl = $"{details.Url}/job/{details.JobName}/api/json?tree=builds[number,result,changeSet[items[commitId,date,msg,author[fullName]]]]{{0,1}}"; _httpClient.Setup(x => x.GetStringAsync(It.Is(y => y.StartsWith(commitsUrl)), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(commitResult)); string repoUrl = $"{details.Url}/job/{details.JobName}/{details.EndCommitArtifactVersion}/api/json?tree=actions[remoteUrls],changeSet[kind]"; string repoResult = "{ \"actions\": [ { \"remoteUrls\": [ \"https://github.com/TestUser/TestRepo\" ] }, ], \"changeSet\": { \"kind\": \"git\" } }"; _httpClient.Setup(x => x.GetStringAsync(It.Is(y => y.StartsWith(repoUrl)), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(repoResult)); string commitFilePath = Path.Combine(commitRootDirectory, $"commits_{details.Alias}_1.json"); string expectedCommitUrl = "https://github.com/TestUser/TestRepo/commit/2869c7ccd0b1b649ba6765e89ee5ff36ef6d4805"; await artifact.DownloadCommitsAsync(_ec.Object, _artifactDefinition, commitRootDirectory); _ec.Verify(x => x.QueueAttachFile(It.Is(y => y.Equals(CoreAttachmentType.FileAttachment)), It.IsAny(), It.Is(z => string.Join("", File.ReadAllLines(z)).Contains(expectedCommitUrl))), Times.Once); } finally { IOUtil.DeleteDirectory(commitRootDirectory, CancellationToken.None); } } } private void SetupBuildRangeQuery(JenkinsArtifactDetails details, string result) { string buildIndexUrl = $"{details.Url}/job/{details.JobName}/api/json?tree=allBuilds[number]"; _httpClient.Setup(x => x.GetStringAsync(It.Is(y => y.StartsWith(buildIndexUrl)), It.IsAny(), It.IsAny(), It.IsAny())) .Returns(Task.FromResult(result)); } private TestHostContext Setup([CallerMemberName] string name = "") { TestHostContext hc = new TestHostContext(this, name); _ec = new Mock(); _httpClient = new Mock(); _artifactDefinition = new ArtifactDefinition { Details = new JenkinsArtifactDetails { Url = new Uri("http://localhost"), JobName = "jenkins", Alias = "jenkins" } }; _extensionManager = new Mock(); hc.SetSingleton(_extensionManager.Object); hc.SetSingleton(_httpClient.Object); return hc; } } } ================================================ FILE: src/Test/L0/Worker/Release/ReleaseDirectoryManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.IO; using System.Runtime.CompilerServices; using Microsoft.VisualStudio.Services.Agent; using Microsoft.VisualStudio.Services.Agent.Tests; using Microsoft.VisualStudio.Services.Agent.Worker.Release; using Xunit; namespace Test.L0.Worker.Release { public sealed class ReleaseDirectoryManagerL0 { private const string StubCollectionId = "1234-5678"; private const string StubProjectId = "234-567"; private const string StubReleaseDefinitionId = "2024"; private string stubWorkFolder; private ReleaseDirectoryManager releaseDirectoryManager; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void PrepareArtifactsDirectoryShouldReturnValidMapIfTheWorkingDirectoryIsEmpty() { using (TestHostContext testHostContext = Initialize()) { var map = this.releaseDirectoryManager.PrepareArtifactsDirectory( this.stubWorkFolder, StubCollectionId, StubProjectId, StubReleaseDefinitionId); Assert.Equal(map.ReleaseDirectory, string.Format("{0}1", Constants.Release.Path.ReleaseDirectoryPrefix)); Assert.True(File.Exists(Path.Combine( this.stubWorkFolder, Constants.Release.Path.RootMappingDirectory, StubCollectionId, StubProjectId, StubReleaseDefinitionId, Constants.Release.Path.DefinitionMapping))); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void PrepareArtifactsDirectoryShouldReturnValidMapIfTheWorkingDirectoryContainsFolders() { using (TestHostContext testHostContext = Initialize()) { Directory.CreateDirectory(Path.Combine( this.stubWorkFolder, string.Format("{0}2", Constants.Release.Path.ReleaseDirectoryPrefix))); Directory.CreateDirectory(Path.Combine( this.stubWorkFolder, "temp")); var map = this.releaseDirectoryManager.PrepareArtifactsDirectory( this.stubWorkFolder, StubCollectionId, StubProjectId, StubReleaseDefinitionId); Assert.Equal(map.ReleaseDirectory, "r3"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void PrepareArtifactsDirectoryShouldReturnExistingMapIfItExists() { using (TestHostContext testHostContext = Initialize()) { this.releaseDirectoryManager.PrepareArtifactsDirectory( this.stubWorkFolder, StubCollectionId, StubProjectId, StubReleaseDefinitionId); var existingMap = this.releaseDirectoryManager.PrepareArtifactsDirectory( this.stubWorkFolder, StubCollectionId, StubProjectId, StubReleaseDefinitionId); Assert.Equal(existingMap.ReleaseDirectory, "r1"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void PrepareArtifactsDirectoryShouldReturnMapIfWorkDirectoryDoesNotExist() { using (TestHostContext testHostContext = Initialize(createWorkDirectory: false)) { this.releaseDirectoryManager.PrepareArtifactsDirectory( this.stubWorkFolder, StubCollectionId, StubProjectId, StubReleaseDefinitionId); var existingMap = this.releaseDirectoryManager.PrepareArtifactsDirectory( this.stubWorkFolder, StubCollectionId, StubProjectId, StubReleaseDefinitionId); Assert.Equal(existingMap.ReleaseDirectory, "r1"); } } private TestHostContext Initialize([CallerMemberName] string name = "", bool createWorkDirectory = true) { var hostContext = new TestHostContext(this, name); this.stubWorkFolder = hostContext.GetDirectory(WellKnownDirectory.Work); if (createWorkDirectory) { Directory.CreateDirectory(this.stubWorkFolder); } this.releaseDirectoryManager = new ReleaseDirectoryManager(); this.releaseDirectoryManager.Initialize(hostContext); return hostContext; } } } ================================================ FILE: src/Test/L0/Worker/Release/ReleaseJobExtensionL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Runtime.CompilerServices; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Microsoft.VisualStudio.Services.Agent.Worker.Release; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Release { public sealed class ReleaseJobExtensionL0 { private Mock _ec; private Mock _extensionManager; private Mock _sourceProvider; private Mock _releaseDirectoryManager; private Variables _variables; private string stubWorkFolder; private ReleaseJobExtension releaseJobExtension; private const int id = 10; private const int releaseId = 100; private const string releaseDefinitionName = "stubRd"; private readonly Guid projectId = new Guid("B152FEAA-7E65-43C9-BCC4-07F6883EE794"); private readonly ReleaseTrackingConfig map = new ReleaseTrackingConfig { ReleaseDirectory = "r1" }; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetRootedPathShouldReturnNullIfPathIsNull() { using (TestHostContext tc = Setup(createWorkDirectory: false)) { var result = releaseJobExtension.GetRootedPath(_ec.Object, null); Assert.Equal(null, result); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetRootedPathShouldReturnRootedPathIfPathIsResolvedBySourceProvider() { using (TestHostContext tc = Setup(createWorkDirectory: false)) { var rootedPath = Path.Combine(this.stubWorkFolder, "temp"); var result = releaseJobExtension.GetRootedPath(_ec.Object, rootedPath); Assert.Equal(rootedPath, result); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetRootedPathShouldReturnRootedPathIfPathIsRelative() { using (TestHostContext tc = Setup(createWorkDirectory: false, useReleaseDefinitionId: true, setupArtifactsDirectory: true)) { var rootedPath = Path.Combine(this.stubWorkFolder, "temp"); var result = releaseJobExtension.GetRootedPath(_ec.Object, "temp"); Assert.Equal(rootedPath, result); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void PreapreAsyncShouldInitializeAgentIfSkipArtifactDownloadIsTrue() { using (TestHostContext tc = Setup(createWorkDirectory: false)) { _releaseDirectoryManager.Setup(manager => manager.PrepareArtifactsDirectory(It.IsAny(), It.IsAny(), It.IsAny(), It.Is(s => s.Equals(id.ToString())))).Returns(map); releaseJobExtension.InitializeJobExtension(_ec.Object, null, null); Assert.Equal(Path.Combine(this.stubWorkFolder, "r1", Constants.Release.Path.ArtifactsDirectory), _ec.Object.Variables.Get(Constants.Variables.Release.AgentReleaseDirectory)); Assert.Equal(Path.Combine(this.stubWorkFolder, "r1", Constants.Release.Path.ArtifactsDirectory), _ec.Object.Variables.Get(Constants.Variables.Release.ArtifactsDirectory)); Assert.Equal(Path.Combine(this.stubWorkFolder, "r1", Constants.Release.Path.ArtifactsDirectory), _ec.Object.Variables.Get(Constants.Variables.System.DefaultWorkingDirectory)); Assert.True(Directory.Exists(this.stubWorkFolder)); _releaseDirectoryManager.VerifyAll(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void PreapreAsyncShouldInitializeAgentIfSkipArtifactDownloadIsTrueAndReleaseDefinitionIdIsNull() { using (TestHostContext tc = Setup(createWorkDirectory: false, useReleaseDefinitionId: false)) { _releaseDirectoryManager.Setup(manager => manager.PrepareArtifactsDirectory(It.IsAny(), It.IsAny(), It.IsAny(), It.Is(s => s.Equals(releaseDefinitionName)))).Returns(map); releaseJobExtension.InitializeJobExtension(_ec.Object, null, null); Assert.Equal(Path.Combine(this.stubWorkFolder, "r1", Constants.Release.Path.ArtifactsDirectory), _ec.Object.Variables.Get(Constants.Variables.Release.AgentReleaseDirectory)); Assert.Equal(Path.Combine(this.stubWorkFolder, "r1", Constants.Release.Path.ArtifactsDirectory), _ec.Object.Variables.Get(Constants.Variables.Release.ArtifactsDirectory)); Assert.Equal(Path.Combine(this.stubWorkFolder, "r1", Constants.Release.Path.ArtifactsDirectory), _ec.Object.Variables.Get(Constants.Variables.System.DefaultWorkingDirectory)); Assert.True(Directory.Exists(this.stubWorkFolder)); _releaseDirectoryManager.VerifyAll(); } } private TestHostContext Setup([CallerMemberName] string name = "", bool createWorkDirectory = true, bool useReleaseDefinitionId = true, bool setupArtifactsDirectory = false) { TestHostContext hc = new TestHostContext(this, name); this.stubWorkFolder = hc.GetDirectory(WellKnownDirectory.Work); if (createWorkDirectory) { Directory.CreateDirectory(this.stubWorkFolder); } _ec = new Mock(); _extensionManager = new Mock(); _sourceProvider = new Mock(); _releaseDirectoryManager = new Mock(); var _configurationStore = new Mock(); _configurationStore.Setup(store => store.GetSettings()).Returns(new AgentSettings { WorkFolder = this.stubWorkFolder }); List warnings; var releaseVariables = useReleaseDefinitionId ? GetReleaseVariables(id.ToString(), bool.TrueString) : GetReleaseVariables(null, bool.TrueString); if (setupArtifactsDirectory) { releaseVariables.Add(Constants.Variables.Release.ArtifactsDirectory, this.stubWorkFolder); } _variables = new Variables(hc, releaseVariables, out warnings); hc.SetSingleton(_releaseDirectoryManager.Object); hc.SetSingleton(_extensionManager.Object); hc.SetSingleton(_configurationStore.Object); _ec.Setup(x => x.Variables).Returns(_variables); _ec.Setup(x => x.SetVariable(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())).Callback((string varName, string varValue, bool isSecret, bool isOutput, bool isFilePath, bool isReadOnly, bool preserveCase) => { _variables.Set(varName, varValue, false); }); _extensionManager.Setup(x => x.GetExtensions()) .Returns(new List { _sourceProvider.Object }); _sourceProvider.Setup(x => x.RepositoryType).Returns(RepositoryTypes.TfsGit); releaseJobExtension = new ReleaseJobExtension(); releaseJobExtension.Initialize(hc); return hc; } private Dictionary GetReleaseVariables(string releaseDefinitionId, string skipArtifactDownload) { var releaseVariables = new Dictionary(); releaseVariables.Add(Constants.Variables.Release.ReleaseDefinitionName, releaseDefinitionName); releaseVariables.Add(Constants.Variables.System.TeamProjectId, projectId.ToString()); releaseVariables.Add(Constants.Variables.Release.ReleaseId, releaseId.ToString()); releaseVariables.Add(Constants.Variables.Release.SkipArtifactsDownload, skipArtifactDownload); if (releaseDefinitionId != null) { releaseVariables.Add(Constants.Variables.Release.ReleaseDefinitionId, releaseDefinitionId); } return releaseVariables; } } } ================================================ FILE: src/Test/L0/Worker/Release/TfsGitArtifactL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Runtime.CompilerServices; using System.Threading; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Microsoft.VisualStudio.Services.WebApi; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Release { public sealed class TfsGitArtifactL0 { private Mock _ec; private Mock _extensionManager; private Mock _sourceProvider; private ArtifactDefinition _artifactDefinition; private Variables _variables; private const string _expectedUrl = "https://hello.com/repos/contoso"; private const string _expectedBranchName = "/refs/head/testbranch"; private const string _expectedVersion = "version"; private const string _expectedRepositoryId = "fe0bd152-bb17-4ec4-b421-21d7e0450edb"; private const string _expectedProjectId = "ae0bd152-bb17-4ec4-b421-21d7e0450edb"; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ShouldThrowIfEndpointsDoNotContainTfsGitEndpoint() { using (TestHostContext tc = Setup()) { var artifact = new TfsGitArtifact(); _ec.Setup(x => x.Endpoints) .Returns( new List { new ServiceEndpoint { Name = "Some endpoint name", Url = new Uri("http://contoso.visualstudio.com") } }); Assert.Throws( () => artifact.DownloadAsync(_ec.Object, _artifactDefinition, "temp").SyncResult()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void TfsGitArtifactShouldCallGetSourceWithCorrectParameter() { using (TestHostContext tc = Setup()) { var tfsGitArtifact = new TfsGitArtifact(); tfsGitArtifact.Initialize(tc); var expectedPath = "expectedLocalPath"; _ec.Setup(x => x.Endpoints) .Returns( new List { new ServiceEndpoint { Name = _expectedRepositoryId, Url = new Uri(_expectedUrl), Authorization = new EndpointAuthorization { Scheme = EndpointAuthorizationSchemes.OAuth } } }); await tfsGitArtifact.DownloadAsync(_ec.Object, _artifactDefinition, expectedPath); // verify TfsGit endpoint is set correctly _sourceProvider.Verify( x => x.GetSourceAsync( It.IsAny(), It.Is(y => y.Url.Equals(new Uri(_expectedUrl)) && y.Authorization.Scheme.Equals(EndpointAuthorizationSchemes.OAuth) && y.Name.Equals(_expectedRepositoryId) && y.Data.ContainsKey(Constants.EndpointData.SourcesDirectory) && y.Data.ContainsKey(Constants.EndpointData.SourceBranch) && y.Data.ContainsKey(Constants.EndpointData.SourceVersion) && y.Data.ContainsKey("fetchDepth") && y.Data.ContainsKey("GitLfsSupport") && y.Data.ContainsKey(EndpointData.CheckoutSubmodules)), It.IsAny())); } } private TestHostContext Setup([CallerMemberName] string name = "") { TestHostContext hc = new TestHostContext(this, name); _ec = new Mock(); _artifactDefinition = new ArtifactDefinition { Version = _expectedVersion, Details = new TfsGitArtifactDetails { RepositoryId = _expectedRepositoryId, ProjectId = _expectedProjectId, Branch = _expectedBranchName } }; _extensionManager = new Mock(); _sourceProvider = new Mock(); List warnings; _variables = new Variables(hc, new Dictionary(), out warnings); hc.SetSingleton(_extensionManager.Object); _ec.Setup(x => x.Variables).Returns(_variables); _extensionManager.Setup(x => x.GetExtensions()) .Returns(new List { _sourceProvider.Object }); _sourceProvider.Setup(x => x.RepositoryType).Returns(Microsoft.TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.Git); return hc; } } } ================================================ FILE: src/Test/L0/Worker/Release/TfsVCArtifactL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.IO; using System.Reflection; using System.Runtime.CompilerServices; using System.Threading; using Microsoft.TeamFoundation.Build.WebApi; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts; using Microsoft.VisualStudio.Services.Agent.Worker.Release.Artifacts.Definition; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Contracts; using Microsoft.VisualStudio.Services.WebApi; using Moq; using Newtonsoft.Json; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Release { public sealed class TfsVCArtifactL0 { private Mock _ec; private Mock _extensionManager; private Mock _sourceProvider; private ArtifactDefinition _artifactDefinition; private Variables _variables; private string _buildDirectory = "r1"; private const string _repositoryId = "fe0bd152-bb17-4ec4-b421-21d7e0450edb"; private const string _projectId = "ke0bd152-bb17-4ec4-b421-21d7e0450edb"; private const string _expectedVersion = "version"; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void MissingEndpointShouldThrowException() { using (TestHostContext tc = Setup()) { var artifact = new TfsVCArtifact(); _ec.Setup(x => x.Endpoints) .Returns( new List { new ServiceEndpoint { Name = "Some endpoint name" } }); Assert.Throws( () => artifact.DownloadAsync(_ec.Object, _artifactDefinition, "temp").SyncResult()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void TfsVCArtifactShouldCallGetSourceWithCorrectParameter() { using (TestHostContext tc = Setup()) { var tfsVCArtifact = new TfsVCArtifact(); tfsVCArtifact.Initialize(tc); var workFolder = Path.Combine(Path.GetDirectoryName(Assembly.GetEntryAssembly().Location), $"_work_{Path.GetRandomFileName()}"); var sourcesDirectory = Path.Combine(workFolder, _buildDirectory, "temp"); _artifactDefinition.Details = tfsVCArtifact.GetArtifactDetails( _ec.Object, new AgentArtifactDefinition { Details = JsonConvert.SerializeObject(new Dictionary { {ArtifactDefinitionConstants.ProjectId, _projectId}, {ArtifactDefinitionConstants.RepositoryId, _repositoryId} }) }); _ec.Setup(x => x.Endpoints) .Returns( new List { new ServiceEndpoint { Name = _repositoryId, } }); await tfsVCArtifact.DownloadAsync(_ec.Object, _artifactDefinition, sourcesDirectory); // verify tfsvc endpoint is set correctly _sourceProvider.Verify( x => x.GetSourceAsync( It.IsAny(), It.Is(y => y.Data.ContainsKey(EndpointData.TfvcWorkspaceMapping) && y.Data.ContainsKey(EndpointData.Clean) && y.Data.ContainsKey(Constants.EndpointData.SourcesDirectory) && y.Data.ContainsKey(Constants.EndpointData.SourceVersion)), It.IsAny())); } } private TestHostContext Setup([CallerMemberName] string name = "") { TestHostContext hc = new TestHostContext(this, name); _ec = new Mock(); _artifactDefinition = new ArtifactDefinition { Version = _expectedVersion, Details = new TfsVCArtifactDetails { RepositoryId = _repositoryId, Mappings = string.Empty, ProjectId = _projectId } }; _extensionManager = new Mock(); _sourceProvider = new Mock(); List warnings; _variables = new Variables(hc, new Dictionary(), out warnings); hc.SetSingleton(_extensionManager.Object); _ec.Setup(x => x.Variables).Returns(_variables); _extensionManager.Setup(x => x.GetExtensions()) .Returns(new List { _sourceProvider.Object }); _sourceProvider.Setup(x => x.RepositoryType).Returns(Microsoft.TeamFoundation.DistributedTask.Pipelines.RepositoryTypes.Tfvc); return hc; } } } ================================================ FILE: src/Test/L0/Worker/SetVariableRestrictionsL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Linq; using System.Runtime.CompilerServices; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class SetVariableRestrictionsL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void NoRestrictions() { using (TestHostContext hc = CreateTestContext()) { var variable = "myVar"; var value = "myValue"; var setVariable = new TaskSetVariableCommand(); var command = SetVariableCommand(variable, value); setVariable.Execute(_ec.Object, command); Assert.Equal(value, _variables.Get(variable)); Assert.Equal(0, _warnings.Count); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void NullVariableRestrictions() { using (TestHostContext hc = CreateTestContext()) { _ec.Object.Restrictions.Add(new TaskRestrictions()); var variable = "myVar"; var value = "myValue"; var setVariable = new TaskSetVariableCommand(); var command = SetVariableCommand(variable, value); setVariable.Execute(_ec.Object, command); Assert.Equal(value, _variables.Get(variable)); Assert.Equal(0, _warnings.Count); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void EmptyAllowed() { using (TestHostContext hc = CreateTestContext()) { _ec.Object.Restrictions.Add(new TaskRestrictions() { SettableVariables = new TaskVariableRestrictions() }); var variable = "myVar"; var setVariable = new TaskSetVariableCommand(); var command = SetVariableCommand(variable, "myVal"); setVariable.Execute(_ec.Object, command); Assert.Equal(null, _variables.Get(variable)); Assert.Equal(1, _warnings.Count); Assert.Contains("SetVariableNotAllowed", _warnings[0]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ExactMatchAllowed() { using (TestHostContext hc = CreateTestContext()) { var restrictions = new TaskRestrictions() { SettableVariables = new TaskVariableRestrictions() }; restrictions.SettableVariables.Allowed.Add("myVar"); restrictions.SettableVariables.Allowed.Add("otherVar"); _ec.Object.Restrictions.Add(restrictions); TaskSetVariableCommand setVariable; Command command; var value = "myValue"; foreach (String variable in new String[] { "myVar", "myvar", "MYVAR", "otherVAR" }) { command = SetVariableCommand(variable, value); setVariable = new TaskSetVariableCommand(); setVariable.Execute(_ec.Object, command); Assert.Equal(value, _variables.Get(variable)); Assert.Equal(0, _warnings.Count); } var badVar = "badVar"; command = SetVariableCommand(badVar, value); setVariable = new TaskSetVariableCommand(); setVariable.Execute(_ec.Object, command); Assert.Equal(null, _variables.Get(badVar)); Assert.Equal(1, _warnings.Count); Assert.Contains("SetVariableNotAllowed", _warnings[0]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void MiniMatchAllowed() { using (TestHostContext hc = CreateTestContext()) { var restrictions = new TaskRestrictions() { SettableVariables = new TaskVariableRestrictions() }; restrictions.SettableVariables.Allowed.Add("my*"); _ec.Object.Restrictions.Add(restrictions); TaskSetVariableCommand setVariable; Command command; var value = "myValue"; foreach (String variable in new String[] { "myVar", "mything", "MY" }) { command = SetVariableCommand(variable, value); setVariable = new TaskSetVariableCommand(); setVariable.Execute(_ec.Object, command); Assert.Equal(value, _variables.Get(variable)); Assert.Equal(0, _warnings.Count); } var badVar = "badVar"; command = SetVariableCommand(badVar, value); setVariable = new TaskSetVariableCommand(); setVariable.Execute(_ec.Object, command); Assert.Equal(null, _variables.Get(badVar)); Assert.Equal(1, _warnings.Count); Assert.Contains("SetVariableNotAllowed", _warnings[0]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void MultipleRestrictionsMostRestrictive() { using (TestHostContext hc = CreateTestContext()) { // multiple sets of restrictions, such as from task.json and the pipeline yaml var restrictions1 = new TaskRestrictions() { SettableVariables = new TaskVariableRestrictions() }; restrictions1.SettableVariables.Allowed.Add("my*"); restrictions1.SettableVariables.Allowed.Add("otherVar"); _ec.Object.Restrictions.Add(restrictions1); var restrictions2 = new TaskRestrictions() { SettableVariables = new TaskVariableRestrictions() }; restrictions2.SettableVariables.Allowed.Add("myVar"); restrictions2.SettableVariables.Allowed.Add("myThing"); restrictions2.SettableVariables.Allowed.Add("extra"); _ec.Object.Restrictions.Add(restrictions2); TaskSetVariableCommand setVariable; Command command; var value = "myValue"; // settable is both allowed lists foreach (String variable in new String[] { "myVar", "myThing" }) { command = SetVariableCommand(variable, value); setVariable = new TaskSetVariableCommand(); setVariable.Execute(_ec.Object, command); Assert.Equal(value, _variables.Get(variable)); Assert.Equal(0, _warnings.Count); } // settable in only one int lastCount = _warnings.Count; foreach (String variable in new String[] { "myStuff", "otherVar", "extra", "neither" }) { command = SetVariableCommand(variable, value); setVariable = new TaskSetVariableCommand(); setVariable.Execute(_ec.Object, command); Assert.Equal(null, _variables.Get(variable)); Assert.Equal(lastCount + 1, _warnings.Count); Assert.Contains("SetVariableNotAllowed", _warnings.Last()); lastCount = _warnings.Count; } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void MultipleRestrictionsNothingAllowed() { using (TestHostContext hc = CreateTestContext()) { var restrictions1 = new TaskRestrictions() { SettableVariables = new TaskVariableRestrictions() }; restrictions1.SettableVariables.Allowed.Add("myVar"); restrictions1.SettableVariables.Allowed.Add("otherVar"); _ec.Object.Restrictions.Add(restrictions1); var restrictions2 = new TaskRestrictions() { SettableVariables = new TaskVariableRestrictions() }; _ec.Object.Restrictions.Add(restrictions2); TaskSetVariableCommand setVariable; Command command; var value = "myValue"; // nothing is settable based on the second, empty allowed list int lastCount = _warnings.Count; foreach (String variable in new String[] { "myVar", "otherVar", "neither" }) { command = SetVariableCommand(variable, value); setVariable = new TaskSetVariableCommand(); setVariable.Execute(_ec.Object, command); Assert.Equal(null, _variables.Get(variable)); Assert.Equal(lastCount + 1, _warnings.Count); Assert.Contains("SetVariableNotAllowed", _warnings.Last()); lastCount = _warnings.Count; } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void PrependPathAllowed() { using (TestHostContext hc = CreateTestContext()) { // everything allowed TaskPrepandPathCommand prependPath = new TaskPrepandPathCommand(); Command command = PrependPathCommand("path1"); prependPath.Execute(_ec.Object, command); Assert.True(_ec.Object.PrependPath.Contains("path1")); Assert.Equal(0, _warnings.Count); // disallow path var restrictions = new TaskRestrictions() { SettableVariables = new TaskVariableRestrictions() }; _ec.Object.Restrictions.Add(restrictions); prependPath = new TaskPrepandPathCommand(); command = PrependPathCommand("path2"); prependPath.Execute(_ec.Object, command); Assert.False(_ec.Object.PrependPath.Contains("path2")); Assert.Equal(1, _warnings.Count); // allow path restrictions.SettableVariables.Allowed.Add("path"); prependPath = new TaskPrepandPathCommand(); command = PrependPathCommand("path3"); prependPath.Execute(_ec.Object, command); Assert.True(_ec.Object.PrependPath.Contains("path3")); } } private TestHostContext CreateTestContext([CallerMemberName] String testName = "") { var hc = new TestHostContext(this, testName); hc.SetSingleton(new TaskRestrictionsChecker() as ITaskRestrictionsChecker); _variables = new Variables( hostContext: hc, copy: new Dictionary(), warnings: out _); _warnings = new List(); _ec = new Mock(); _ec.SetupAllProperties(); _ec.Setup(x => x.PrependPath).Returns(new List()); _ec.Setup(x => x.Restrictions).Returns(new List()); _ec.Setup(x => x.GetHostContext()).Returns(hc); _ec.Setup(x => x.Variables).Returns(_variables); _ec.Setup(x => x.SetVariable(It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny())) .Callback((name, value, secret, b2, b3, readOnly, preserveCase) => _variables.Set(name, value, secret, readOnly, preserveCase)); _ec.Setup(x => x.AddIssue(It.IsAny())) .Callback((issue) => { if (issue.Type == IssueType.Warning) { _warnings.Add(issue.Message); } }); return hc; } private Command SetVariableCommand(String name, String value) { var command = new Command("task", "setvariable"); command.Properties.Add("variable", name); command.Data = value; return command; } private Command PrependPathCommand(String value) { var command = new Command("task", "prependpath"); command.Data = value; return command; } private Mock _ec; private Variables _variables; private List _warnings; } } ================================================ FILE: src/Test/L0/Worker/StepsRunnerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Moq; using System; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Runtime.CompilerServices; using System.Threading.Tasks; using Xunit; using Microsoft.TeamFoundation.DistributedTask.Expressions; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Agent.Sdk; using Agent.Sdk.Knob; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class StepsRunnerL0 { private Mock _ec; private StepsRunner _stepsRunner; private Variables _variables; private TestHostContext CreateTestContext([CallerMemberName] String testName = "") { var hc = new TestHostContext(this, testName); var expressionManager = new ExpressionManager(); expressionManager.Initialize(hc); hc.SetSingleton(expressionManager); Dictionary variablesToCopy = new Dictionary(); variablesToCopy.Add(Constants.Variables.Agent.RetainDefaultEncoding, new VariableValue("true", false)); List warnings; _variables = new Variables( hostContext: hc, copy: variablesToCopy, warnings: out warnings); _ec = new Mock(); _ec.SetupAllProperties(); _ec.Setup(x => x.Variables).Returns(_variables); var rm = new Mock(); hc.SetSingleton(rm.Object); _stepsRunner = new StepsRunner(); _stepsRunner.Initialize(hc); return hc; } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task RunNormalStepsAllStepPass() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new[] { CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded) }, new[] { CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.SucceededOrFailed) }, new[] { CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Always) } }; foreach (var variableSet in variableSets) { _ec.Object.Result = null; // Act. await _stepsRunner.RunAsync( jobContext: _ec.Object, steps: variableSet.Select(x => x.Object).ToList()); // Assert. Assert.Equal(TaskResult.Succeeded, _ec.Object.Result ?? TaskResult.Succeeded); Assert.Equal(2, variableSet.Length); variableSet[0].Verify(x => x.RunAsync()); variableSet[1].Verify(x => x.RunAsync()); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task RunNormalStepsContinueOnError() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded, true), CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded) }, new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded, true), CreateStep(TaskResult.Succeeded, ExpressionManager.SucceededOrFailed) }, new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded, true), CreateStep(TaskResult.Succeeded, ExpressionManager.Always) }, new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded, true), CreateStep(TaskResult.Failed, ExpressionManager.Succeeded, true) }, new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded, true), CreateStep(TaskResult.Failed, ExpressionManager.SucceededOrFailed, true) }, new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded, true), CreateStep(TaskResult.Failed, ExpressionManager.Always, true) } }; foreach (var variableSet in variableSets) { _ec.Object.Result = null; // Act. await _stepsRunner.RunAsync( jobContext: _ec.Object, steps: variableSet.Select(x => x.Object).ToList()); // Assert. Assert.Equal(TaskResult.SucceededWithIssues, _ec.Object.Result); Assert.Equal(2, variableSet.Length); variableSet[0].Verify(x => x.RunAsync()); variableSet[1].Verify(x => x.RunAsync()); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task RunsAfterFailureBasedOnCondition() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new { Steps = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded) }, Expected = false, }, new { Steps = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.SucceededOrFailed) }, Expected = true, }, }; foreach (var variableSet in variableSets) { _ec.Object.Result = null; // Act. await _stepsRunner.RunAsync( jobContext: _ec.Object, steps: variableSet.Steps.Select(x => x.Object).ToList()); // Assert. Assert.Equal(TaskResult.Failed, _ec.Object.Result ?? TaskResult.Succeeded); Assert.Equal(2, variableSet.Steps.Length); variableSet.Steps[0].Verify(x => x.RunAsync()); variableSet.Steps[1].Verify(x => x.RunAsync(), variableSet.Expected ? Times.Once() : Times.Never()); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task RunsAlwaysSteps() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new { Steps = new[] { CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Always) }, Expected = TaskResult.Succeeded, }, new { Steps = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Always) }, Expected = TaskResult.Failed, }, new { Steps = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Always) }, Expected = TaskResult.Failed, }, new { Steps = new[] { CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded), CreateStep(TaskResult.Failed, ExpressionManager.Always) }, Expected = TaskResult.Failed, }, new { Steps = new[] { CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded), CreateStep(TaskResult.Failed, ExpressionManager.Always, true) }, Expected = TaskResult.SucceededWithIssues, }, }; foreach (var variableSet in variableSets) { _ec.Object.Result = null; // Act. await _stepsRunner.RunAsync( jobContext: _ec.Object, steps: variableSet.Steps.Select(x => x.Object).ToList()); // Assert. Assert.Equal(variableSet.Expected, _ec.Object.Result ?? TaskResult.Succeeded); Assert.Equal(2, variableSet.Steps.Length); variableSet.Steps[0].Verify(x => x.RunAsync()); variableSet.Steps[1].Verify(x => x.RunAsync()); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task SetsJobResultCorrectly() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new { Steps = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded) }, Expected = TaskResult.Failed }, new { Steps = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.SucceededOrFailed) }, Expected = TaskResult.Failed }, new { Steps = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Always) }, Expected = TaskResult.Failed }, new { Steps = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded, continueOnError: true), CreateStep(TaskResult.Failed, ExpressionManager.Succeeded) }, Expected = TaskResult.Failed }, new { Steps = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded, continueOnError: true), CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded) }, Expected = TaskResult.SucceededWithIssues }, new { Steps = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded, continueOnError: true), CreateStep(TaskResult.Failed, ExpressionManager.Succeeded, continueOnError: true) }, Expected = TaskResult.SucceededWithIssues }, new { Steps = new[] { CreateStep(TaskResult.Succeeded, ExpressionManager.SucceededOrFailed) }, Expected = TaskResult.Succeeded }, new { Steps = new[] { CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded), CreateStep(TaskResult.Failed, ExpressionManager.Succeeded) }, Expected = TaskResult.Failed }, new { Steps = new[] { CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded), CreateStep(TaskResult.SucceededWithIssues, ExpressionManager.Succeeded) }, Expected = TaskResult.SucceededWithIssues }, new { Steps = new[] { CreateStep(TaskResult.SucceededWithIssues, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded) }, Expected = TaskResult.SucceededWithIssues }, new { Steps = new[] { CreateStep(TaskResult.SucceededWithIssues, ExpressionManager.Succeeded), CreateStep(TaskResult.Failed, ExpressionManager.Succeeded) }, Expected = TaskResult.Failed }, // Abandoned // Canceled // Failed // Skipped // Succeeded // SucceededWithIssues }; foreach (var variableSet in variableSets) { _ec.Object.Result = null; // Act. await _stepsRunner.RunAsync( jobContext: _ec.Object, steps: variableSet.Steps.Select(x => x.Object).ToList()); // Assert. Assert.True( variableSet.Expected == (_ec.Object.Result ?? TaskResult.Succeeded), $"Expected '{variableSet.Expected}'. Actual '{_ec.Object.Result}'. Steps: {FormatSteps(variableSet.Steps)}"); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task SkipsAfterFailureOnlyBaseOnCondition() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new { Step = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded) }, Expected = false }, new { Step = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.SucceededOrFailed) }, Expected = true }, new { Step = new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Always) }, Expected = true } }; foreach (var variableSet in variableSets) { _ec.Object.Result = null; // Act. await _stepsRunner.RunAsync( jobContext: _ec.Object, steps: variableSet.Step.Select(x => x.Object).ToList()); // Assert. Assert.Equal(2, variableSet.Step.Length); variableSet.Step[0].Verify(x => x.RunAsync()); variableSet.Step[1].Verify(x => x.RunAsync(), variableSet.Expected ? Times.Once() : Times.Never()); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task AlwaysMeansAlways() { using (TestHostContext hc = CreateTestContext()) { // Arrange. var variableSets = new[] { new[] { CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Always) }, new[] { CreateStep(TaskResult.SucceededWithIssues, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Always) }, new[] { CreateStep(TaskResult.Failed, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Always) }, new[] { CreateStep(TaskResult.Canceled, ExpressionManager.Succeeded), CreateStep(TaskResult.Succeeded, ExpressionManager.Always) } }; foreach (var variableSet in variableSets) { _ec.Object.Result = null; // Act. await _stepsRunner.RunAsync( jobContext: _ec.Object, steps: variableSet.Select(x => x.Object).ToList()); // Assert. Assert.Equal(2, variableSet.Length); variableSet[0].Verify(x => x.RunAsync()); variableSet[1].Verify(x => x.RunAsync(), Times.Once()); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task TreatsConditionErrorAsFailure() { using (TestHostContext hc = CreateTestContext()) { var expressionManager = new Mock(); expressionManager.Object.Initialize(hc); hc.SetSingleton(expressionManager.Object); expressionManager.Setup(x => x.Evaluate(It.IsAny(), It.IsAny(), It.IsAny())).Throws(new Exception()); // Arrange. var variableSets = new[] { new[] { CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded) }, new[] { CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded) }, }; foreach (var variableSet in variableSets) { _ec.Object.Result = null; // Act. await _stepsRunner.RunAsync( jobContext: _ec.Object, steps: variableSet.Select(x => x.Object).ToList()); // Assert. Assert.Equal(TaskResult.Failed, _ec.Object.Result ?? TaskResult.Succeeded); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task SetStepTarget() { using (TestHostContext hc = CreateTestContext()) { var stepTarget = new Pipelines.StepTarget { Target = "container" }; var step = CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded); step.Setup(x => x.Target).Returns(stepTarget); // Override step context var stepContext = new Mock(); stepContext.SetupAllProperties(); stepContext.Setup(x => x.Variables).Returns(_variables); stepContext.Setup(x => x.Complete(It.IsAny(), It.IsAny(), It.IsAny())) .Callback((TaskResult? r, string currentOperation, string resultCode) => { if (r != null) { stepContext.Object.Result = r; } }); stepContext.Setup(x => x.GetScopedEnvironment()).Returns(new SystemEnvironment()); step.Setup(x => x.ExecutionContext).Returns(stepContext.Object); // Act. await _stepsRunner.RunAsync( jobContext: _ec.Object, steps: new[] { step.Object }); // Assert. stepContext.Verify(x => x.SetStepTarget(stepTarget), Times.Once); } } private Mock CreateStep(TaskResult result, IExpressionNode condition, Boolean continueOnError = false) { // Setup the step. var step = new Mock(); step.Setup(x => x.Condition).Returns(condition); step.Setup(x => x.ContinueOnError).Returns(continueOnError); step.Setup(x => x.Enabled).Returns(true); step.Setup(x => x.RunAsync()).Returns(Task.CompletedTask); // Setup the step execution context. var stepContext = new Mock(); stepContext.SetupAllProperties(); stepContext.Setup(x => x.Variables).Returns(_variables); stepContext.Setup(x => x.Complete(It.IsAny(), It.IsAny(), It.IsAny())) .Callback((TaskResult? r, string currentOperation, string resultCode) => { if (r != null) { stepContext.Object.Result = r; } }); stepContext.Object.Result = result; stepContext.Setup(x => x.GetScopedEnvironment()).Returns(new SystemEnvironment()); step.Setup(x => x.ExecutionContext).Returns(stepContext.Object); return step; } private string FormatSteps(IEnumerable> steps) { return String.Join( " ; ", steps.Select(x => String.Format( CultureInfo.InvariantCulture, "Returns={0},Condition=[{1}],ContinueOnError={2},Enabled={3}", x.Object.ExecutionContext.Result, x.Object.Condition, x.Object.ContinueOnError, x.Object.Enabled))); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task RunAsync_WhenTimeoutLogFlushingEnabled_RegistersWorkerShutdownForTimeout() { using (TestHostContext hc = CreateTestContext()) { // Arrange - Set environment variable before creating context Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", "true"); try { var step1 = CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded); List steps = new List() { step1.Object }; // Mock timeout scenario by making the step run longer than timeout step1.Setup(x => x.RunAsync()).Returns(async () => { // Simulate a long-running step that will timeout await Task.Delay(100); // Reduced delay for test performance return TaskResult.Succeeded; }); _ec.Setup(x => x.CancellationToken).Returns(new System.Threading.CancellationToken()); // Act await _stepsRunner.RunAsync(_ec.Object, steps); // Verify that timeout log flushing condition includes WorkerShutdownForTimeout // This is tested indirectly by ensuring the environment variable was set correctly // We just verify the test completed successfully since the StepsRunner would fail if knob access failed Assert.True(true); // Test passes if no exception was thrown during execution } finally { // Cleanup Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task RunAsync_WhenTimeoutLogFlushingDisabled_DoesNotRegisterWorkerShutdownForTimeout() { using (TestHostContext hc = CreateTestContext()) { // Arrange - Set environment variable before creating context Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", "false"); try { var step1 = CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded); List steps = new List() { step1.Object }; _ec.Setup(x => x.CancellationToken).Returns(new System.Threading.CancellationToken()); // Act await _stepsRunner.RunAsync(_ec.Object, steps); // Verify that timeout log flushing is disabled // This is tested indirectly by ensuring the test completes successfully Assert.True(true); // Test passes if no exception was thrown during execution } finally { // Cleanup Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task RunAsync_WhenTimeoutLogFlushingNotSet_DefaultsToDisabled() { using (TestHostContext hc = CreateTestContext()) { // Arrange Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); try { var step1 = CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded); List steps = new List() { step1.Object }; _ec.Setup(x => x.CancellationToken).Returns(new System.Threading.CancellationToken()); // Act await _stepsRunner.RunAsync(_ec.Object, steps); // Verify that timeout log flushing defaults to disabled // This is tested indirectly by ensuring the test completes successfully Assert.True(true); // Test passes if no exception was thrown during execution } finally { // Ensure cleanup Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task WorkerShutdownForTimeout_WhenTriggered_SetsCorrectState() { using (TestHostContext hc = CreateTestContext()) { // Arrange Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", "true"); var step1 = CreateStep(TaskResult.Succeeded, ExpressionManager.Succeeded); List steps = new List() { step1.Object }; // Simulate WorkerShutdownForTimeout being triggered hc.ShutdownWorkerForTimeout(); _ec.Setup(x => x.CancellationToken).Returns(new System.Threading.CancellationToken()); // Act await _stepsRunner.RunAsync(_ec.Object, steps); // Verify that WorkerShutdownForTimeout was triggered Assert.True(hc.WorkerShutdownForTimeout.IsCancellationRequested); // Cleanup Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); } } } } ================================================ FILE: src/Test/L0/Worker/TaskCommandExtensionL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using System.Runtime.CompilerServices; using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class TaskCommandExtensionL0 { private Mock _ec; private ServiceEndpoint _endpoint; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SetEndpointAuthParameter() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); commandExtension.Initialize(_hc); var cmd = new Command("task", "setEndpoint"); cmd.Data = "blah"; cmd.Properties.Add("field", "authParameter"); cmd.Properties.Add("id", Guid.Empty.ToString()); cmd.Properties.Add("key", "test"); commandExtension.ProcessCommand(_ec.Object, cmd); Assert.Equal(_endpoint.Authorization.Parameters["test"], "blah"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SetEndpointDataParameter() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); var cmd = new Command("task", "setEndpoint"); cmd.Data = "blah"; cmd.Properties.Add("field", "dataParameter"); cmd.Properties.Add("id", Guid.Empty.ToString()); cmd.Properties.Add("key", "test"); commandExtension.ProcessCommand(_ec.Object, cmd); Assert.Equal(_endpoint.Data["test"], "blah"); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SetEndpointUrlParameter() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); var cmd = new Command("task", "setEndpoint"); cmd.Data = "http://blah/"; cmd.Properties.Add("field", "url"); cmd.Properties.Add("id", Guid.Empty.ToString()); commandExtension.ProcessCommand(_ec.Object, cmd); Assert.Equal(_endpoint.Url.ToString(), cmd.Data); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SetEndpointWithoutValue() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); var cmd = new Command("task", "setEndpoint"); Assert.Throws(() => commandExtension.ProcessCommand(_ec.Object, cmd)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SetEndpointWithoutEndpointField() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); var cmd = new Command("task", "setEndpoint"); Assert.Throws(() => commandExtension.ProcessCommand(_ec.Object, cmd)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SetEndpointInvalidEndpointField() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); var cmd = new Command("task", "setEndpoint"); cmd.Properties.Add("field", "blah"); Assert.Throws(() => commandExtension.ProcessCommand(_ec.Object, cmd)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SetEndpointWithoutEndpointId() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); var cmd = new Command("task", "setEndpoint"); cmd.Properties.Add("field", "url"); Assert.Throws(() => commandExtension.ProcessCommand(_ec.Object, cmd)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SetEndpointInvalidEndpointId() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); var cmd = new Command("task", "setEndpoint"); cmd.Properties.Add("field", "url"); cmd.Properties.Add("id", "blah"); Assert.Throws(() => commandExtension.ProcessCommand(_ec.Object, cmd)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SetEndpointIdWithoutEndpointKey() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); var cmd = new Command("task", "setEndpoint"); cmd.Properties.Add("field", "authParameter"); cmd.Properties.Add("id", Guid.Empty.ToString()); Assert.Throws(() => commandExtension.ProcessCommand(_ec.Object, cmd)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SetEndpointUrlWithInvalidValue() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); var cmd = new Command("task", "setEndpoint"); cmd.Data = "blah"; cmd.Properties.Add("field", "url"); cmd.Properties.Add("id", Guid.Empty.ToString()); Assert.Throws(() => commandExtension.ProcessCommand(_ec.Object, cmd)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void IssueSourceValidationSuccessed() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); var testCorrelationId = Guid.NewGuid().ToString(); _ec.Setup(x => x.JobSettings).Returns(new Dictionary { { WellKnownJobSettings.CommandCorrelationId, testCorrelationId } }); var cmd = new Command("task", "issue"); cmd.Data = "test error"; cmd.Properties.Add("source", "CustomerScript"); cmd.Properties.Add("correlationId", testCorrelationId); cmd.Properties.Add("type", "error"); Issue currentIssue = null; _ec.Setup(x => x.AddIssue(It.IsAny())).Callback((Issue issue) => currentIssue = issue); _ec.Setup(x => x.GetVariableValueOrDefault("ENABLE_ISSUE_SOURCE_VALIDATION")).Returns("true"); commandExtension.ProcessCommand(_ec.Object, cmd); Assert.Equal("test error", currentIssue.Message); Assert.Equal("CustomerScript", currentIssue.Data["source"]); Assert.Equal("error", currentIssue.Data["type"]); Assert.Equal(false, currentIssue.Data.ContainsKey("correlationId")); Assert.Equal(IssueType.Error, currentIssue.Type); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void IssueSourceValidationFailedBecauseCorrelationIdWasInvalid() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); var testCorrelationId = Guid.NewGuid().ToString(); _ec.Setup(x => x.JobSettings).Returns(new Dictionary { { WellKnownJobSettings.CommandCorrelationId, testCorrelationId } }); var cmd = new Command("task", "issue"); cmd.Data = "test error"; cmd.Properties.Add("source", "CustomerScript"); cmd.Properties.Add("correlationId", Guid.NewGuid().ToString()); cmd.Properties.Add("type", "error"); Issue currentIssue = null; string debugMsg = null; _ec.Setup(x => x.AddIssue(It.IsAny())).Callback((Issue issue) => currentIssue = issue); _ec.Setup(x => x.WriteDebug).Returns(true); _ec.Setup(x => x.Write(WellKnownTags.Debug, It.IsAny(), It.IsAny())) .Callback((string tag, string message, bool maskSecrets) => debugMsg = message); _ec.Setup(x => x.GetVariableValueOrDefault("ENABLE_ISSUE_SOURCE_VALIDATION")).Returns("true"); commandExtension.ProcessCommand(_ec.Object, cmd); Assert.Equal("test error", currentIssue.Message); Assert.Equal(false, currentIssue.Data.ContainsKey("source")); Assert.Equal("error", currentIssue.Data["type"]); Assert.Equal(false, currentIssue.Data.ContainsKey("correlationId")); Assert.Equal(IssueType.Error, currentIssue.Type); Assert.Equal(debugMsg, "The task provided an invalid correlation ID when using the task.issue command."); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void IssueSourceValidationFailedBecauseCorrelationIdWasAbsent() { using (var _hc = SetupMocks()) { TaskCommandExtension commandExtension = new TaskCommandExtension(); var testCorrelationId = Guid.NewGuid().ToString(); _ec.Setup(x => x.JobSettings).Returns(new Dictionary { { WellKnownJobSettings.CommandCorrelationId, testCorrelationId } }); var cmd = new Command("task", "issue"); cmd.Data = "test error"; cmd.Properties.Add("type", "error"); cmd.Properties.Add("source", "TaskInternal"); Issue currentIssue = null; _ec.Setup(x => x.AddIssue(It.IsAny())).Callback((Issue issue) => currentIssue = issue); _ec.Setup(x => x.GetVariableValueOrDefault("ENABLE_ISSUE_SOURCE_VALIDATION")).Returns("true"); commandExtension.ProcessCommand(_ec.Object, cmd); Assert.Equal("test error", currentIssue.Message); Assert.Equal(false, currentIssue.Data.ContainsKey("source")); Assert.Equal("error", currentIssue.Data["type"]); Assert.Equal(IssueType.Error, currentIssue.Type); } } private TestHostContext SetupMocks([CallerMemberName] string name = "") { var _hc = new TestHostContext(this, name); _hc.SetSingleton(new TaskRestrictionsChecker() as ITaskRestrictionsChecker); _ec = new Mock(); _endpoint = new ServiceEndpoint() { Id = Guid.Empty, Url = new Uri("https://test.com"), Authorization = new EndpointAuthorization() { Scheme = "Test", } }; _ec.Setup(x => x.Endpoints).Returns(new List { _endpoint }); _ec.Setup(x => x.GetHostContext()).Returns(_hc); _ec.Setup(x => x.GetScopedEnvironment()).Returns(new SystemEnvironment()); return _hc; } } } ================================================ FILE: src/Test/L0/Worker/TaskDecoratorManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.VisualStudio.Services.Agent.Worker; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class TaskDecoratorManagerL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void IsInjectedTaskForTarget_TaskWithTargetPrefix() { var executionContext = new Mock(); const String PostTargetTask = "__system_posttargettask_"; const String PreTargetTask = "__system_pretargettask_"; var taskWithPreTarget = $"{PreTargetTask}TestTask"; var taskWithPostTarget = $"{PostTargetTask}TestTask"; TaskDecoratorManager decoratorManager = new TaskDecoratorManager(); Assert.True(decoratorManager.IsInjectedTaskForTarget(taskWithPostTarget, executionContext.Object)); Assert.True(decoratorManager.IsInjectedTaskForTarget(taskWithPreTarget, executionContext.Object)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void IsInjectedTaskForTarget_TaskWithoutTargetPrefix() { var executionContext = new Mock(); var taskWithoutTarget = "TestTask"; TaskDecoratorManager decoratorManager = new TaskDecoratorManager(); Assert.False(decoratorManager.IsInjectedTaskForTarget(taskWithoutTarget, executionContext.Object)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void IsInjectedTaskForTarget_NullValueInTaskName() { var executionContext = new Mock(); TaskDecoratorManager decoratorManager = new TaskDecoratorManager(); Assert.False(decoratorManager.IsInjectedTaskForTarget(null, executionContext.Object)); } } } ================================================ FILE: src/Test/L0/Worker/TaskManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Agent.Sdk; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Moq; using System; using System.Collections.Generic; using System.IO; using System.IO.Compression; using System.Runtime.CompilerServices; using System.Threading; using System.Threading.Tasks; using Xunit; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class TaskManagerL0 { private Mock _jobServer; private Mock _taskServer; private Mock _configurationStore; private Mock _ec; private TaskManager _taskManager; private string _workFolder; //Test the cancellation flow: interrupt download task via HostContext cancellation token. [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void BubblesCancellation() { try { //Arrange using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource)) { var bingTask = new Pipelines.TaskStep() { Enabled = true, Reference = new Pipelines.TaskStepDefinitionReference() { Name = "Bing", Version = "0.1.2", Id = Guid.NewGuid() } }; var pingTask = new Pipelines.TaskStep() { Enabled = true, Reference = new Pipelines.TaskStepDefinitionReference() { Name = "Ping", Version = "0.1.1", Id = Guid.NewGuid() } }; var bingVersion = new TaskVersion(bingTask.Reference.Version); var pingVersion = new TaskVersion(pingTask.Reference.Version); _taskServer .Setup(x => x.GetTaskContentZipAsync(It.IsAny(), It.IsAny(), It.IsAny())) .Returns((Guid taskId, TaskVersion taskVersion, CancellationToken token) => { tokenSource.Cancel(); tokenSource.Token.ThrowIfCancellationRequested(); return null; }); var tasks = new List(new Pipelines.TaskStep[] { bingTask, pingTask }); //Act //should initiate a download with a mocked IJobServer, which sets a cancellation token and //download task is expected to be in cancelled state Task downloadTask = _taskManager.DownloadAsync(_ec.Object, tasks); Task[] taskToWait = { downloadTask, Task.Delay(2000) }; //wait for the task to be cancelled to exit await Task.WhenAny(taskToWait); //Assert //verify task completed in less than 2sec and it is in cancelled state Assert.True(downloadTask.IsCompleted, $"{nameof(_taskManager.DownloadAsync)} timed out."); Assert.True(!downloadTask.IsFaulted, downloadTask.Exception?.ToString()); Assert.True(downloadTask.IsCanceled); //check if the task.json was not downloaded for ping and bing tasks Assert.Equal( 0, Directory.GetFiles(_hc.GetDirectory(WellKnownDirectory.Tasks), "*", SearchOption.AllDirectories).Length); //assert download was invoked only once, because the first task cancelled the second task download _taskServer .Verify(x => x.GetTaskContentZipAsync(It.IsAny(), It.IsAny(), It.IsAny()), Times.Once()); } } finally { Teardown(); } } //Test how exceptions are propagated to the caller. [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void RetryNetworkException() { try { // Arrange. using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource)) { var pingTask = new Pipelines.TaskStep() { Enabled = true, Reference = new Pipelines.TaskStepDefinitionReference() { Name = "Ping", Version = "0.1.1", Id = Guid.NewGuid() } }; var pingVersion = new TaskVersion(pingTask.Reference.Version); Exception expectedException = new System.Net.Http.HttpRequestException("simulated network error"); _taskServer .Setup(x => x.GetTaskContentZipAsync(It.IsAny(), It.IsAny(), It.IsAny())) .Returns((Guid taskId, TaskVersion taskVersion, CancellationToken token) => { throw expectedException; }); var tasks = new List(new Pipelines.TaskStep[] { pingTask }); //Act Exception actualException = null; try { await _taskManager.DownloadAsync(_ec.Object, tasks); } catch (Exception ex) { actualException = ex; } //Assert //verify task completed in less than 2sec and it is in failed state state Assert.Equal(expectedException, actualException); //assert download was invoked 3 times, because we retry on task download _taskServer .Verify(x => x.GetTaskContentZipAsync(It.IsAny(), It.IsAny(), It.IsAny()), Times.Exactly(3)); //see if the task.json was not downloaded Assert.Equal( 0, Directory.GetFiles(_hc.GetDirectory(WellKnownDirectory.Tasks), "*", SearchOption.AllDirectories).Length); } } finally { Teardown(); } } //Test how exceptions are propagated to the caller. [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void RetryStreamException() { try { // Arrange. using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource)) { var pingTask = new Pipelines.TaskStep() { Enabled = true, Reference = new Pipelines.TaskStepDefinitionReference() { Name = "Ping", Version = "0.1.1", Id = Guid.NewGuid() } }; var pingVersion = new TaskVersion(pingTask.Reference.Version); Exception expectedException = new System.Net.Http.HttpRequestException("simulated network error"); _taskServer .Setup(x => x.GetTaskContentZipAsync(It.IsAny(), It.IsAny(), It.IsAny())) .Returns((Guid taskId, TaskVersion taskVersion, CancellationToken token) => { return Task.FromResult(new ExceptionStream()); }); var tasks = new List(new Pipelines.TaskStep[] { pingTask }); //Act Exception actualException = null; try { await _taskManager.DownloadAsync(_ec.Object, tasks); } catch (Exception ex) { actualException = ex; } //Assert //verify task completed in less than 2sec and it is in failed state state Assert.Equal("NotImplementedException", actualException.GetType().Name); //assert download was invoked 3 times, because we retry on task download _taskServer .Verify(x => x.GetTaskContentZipAsync(It.IsAny(), It.IsAny(), It.IsAny()), Times.Exactly(3)); //see if the task.json was not downloaded Assert.Equal( 0, Directory.GetFiles(_hc.GetDirectory(WellKnownDirectory.Tasks), "*", SearchOption.AllDirectories).Length); } } finally { Teardown(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DeserializesPlatformSupportedHandlersOnly() { try { // Arrange. using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource)) { // Prepare the content. const string Content = @" { ""execution"": { ""Node"": { }, ""Process"": { }, } }"; // Write the task.json to disk. Pipelines.TaskStep instance; string directory; CreateTask(jsonContent: Content, instance: out instance, directory: out directory); // Act. Definition definition = _taskManager.Load(instance); // Assert. Assert.NotNull(definition); Assert.NotNull(definition.Data); Assert.NotNull(definition.Data.Execution); Assert.NotNull(definition.Data.Execution.Node); if (TestUtil.IsWindows()) { Assert.NotNull(definition.Data.Execution.Process); } else { Assert.Null(definition.Data.Execution.Process); } } } finally { Teardown(); } } //Test the normal flow, which downloads a few tasks and skips disabled, duplicate and cached tasks. [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void DownloadsTasks() { try { //Arrange using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource)) { var bingGuid = Guid.NewGuid(); string bingTaskName = "Bing"; string bingVersion = "1.21.2"; var tasks = new List { new Pipelines.TaskStep() { Enabled = true, Reference = new Pipelines.TaskStepDefinitionReference() { Name = bingTaskName, Version = bingVersion, Id = bingGuid } }, new Pipelines.TaskStep() { Enabled = true, Reference = new Pipelines.TaskStepDefinitionReference() { Name = bingTaskName, Version = bingVersion, Id = bingGuid } } }; using (var stream = GetZipStream()) { _taskServer .Setup(x => x.GetTaskContentZipAsync( bingGuid, It.Is(y => string.Equals(y.ToString(), bingVersion, StringComparison.Ordinal)), It.IsAny())) .Returns(Task.FromResult(stream)); //Act //first invocation will download and unzip the task from mocked IJobServer await _taskManager.DownloadAsync(_ec.Object, tasks); //second and third invocations should find the task in the cache and only unzip await _taskManager.DownloadAsync(_ec.Object, tasks); await _taskManager.DownloadAsync(_ec.Object, tasks); //Assert //see if the task.json was downloaded string destDirectory = Path.Combine( _hc.GetDirectory(WellKnownDirectory.Tasks), $"{bingTaskName}_{bingGuid}", bingVersion); Assert.True(File.Exists(Path.Combine(destDirectory, Constants.Path.TaskJsonFile))); //assert download has happened only once, because disabled, duplicate and cached tasks are not downloaded _taskServer .Verify(x => x.GetTaskContentZipAsync(It.IsAny(), It.IsAny(), It.IsAny()), Times.Once()); } } } finally { Teardown(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void PreservesTaskZipTaskWhenInSignatureVerification() { PreservesTaskZipTask(signatureVerification: true); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void PreservesTaskZipTaskWhenAlwaysExtractTask() { PreservesTaskZipTask(alwaysExtractTask: true); } // TODO: Add test for Extract [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ExtractsAnAlreadyDownloadedZipToTheCorrectLocationWhenInSignatureVerification() { ExtractsAnAlreadyDownloadedZipToTheCorrectLocation(signatureVerification: true); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ExtractsAnAlreadyDownloadedZipToTheCorrectLocationWhenExtractTask() { ExtractsAnAlreadyDownloadedZipToTheCorrectLocation(alwaysExtractTask: true); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void DoesNotMatchPlatform() { try { // Arrange. using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource)) { HandlerData data = new NodeHandlerData() { Platforms = new string[] { "nosuch" } }; // Act/Assert. Assert.False(data.PreferredOnPlatform(PlatformUtil.OS.Windows)); Assert.False(data.PreferredOnPlatform(PlatformUtil.OS.Linux)); Assert.False(data.PreferredOnPlatform(PlatformUtil.OS.OSX)); } } finally { Teardown(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void LoadsDefinition() { try { // Arrange. using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource)) { // Prepare the task.json content. const string Content = @" { ""inputs"": [ { ""extraInputKey"": ""Extra input value"", ""name"": ""someFilePathInput"", ""type"": ""filePath"", ""label"": ""Some file path input label"", ""defaultValue"": ""Some default file path"", ""required"": true, ""helpMarkDown"": ""Some file path input markdown"" }, { ""name"": ""someStringInput"", ""type"": ""string"", ""label"": ""Some string input label"", ""defaultValue"": ""Some default string"", ""helpMarkDown"": ""Some string input markdown"", ""required"": false, ""groupName"": ""advanced"" } ], ""execution"": { ""Node"": { ""target"": ""Some Node target"", ""extraNodeArg"": ""Extra node arg value"" }, ""Node10"": { ""target"": ""Some Node10 target"", ""extraNodeArg"": ""Extra node10 arg value"" }, ""Node16"": { ""target"": ""Some Node16 target"", ""extraNodeArg"": ""Extra node16 arg value"" }, ""Node20_1"": { ""target"": ""Some Node20_1 target"", ""extraNodeArg"": ""Extra node20_1 arg value"" }, ""Process"": { ""target"": ""Some process target"", ""argumentFormat"": ""Some process argument format"", ""workingDirectory"": ""Some process working directory"", ""extraProcessArg"": ""Some extra process arg"", ""platforms"": [ ""windows"" ] }, ""NoSuchHandler"": { ""target"": ""no such target"" } }, ""restrictions"": { ""commands"": { ""mode"": ""restricted"" }, ""settableVariables"": { ""allowed"": [ ""okVar"", ""otherVar"" ] } }, ""someExtraSection"": { ""someExtraKey"": ""Some extra value"" } }"; // Write the task.json to disk. Pipelines.TaskStep instance; string directory; CreateTask(jsonContent: Content, instance: out instance, directory: out directory); // Act. Definition definition = _taskManager.Load(instance); // Assert. Assert.NotNull(definition); Assert.Equal(directory, definition.Directory); Assert.NotNull(definition.Data); Assert.NotNull(definition.Data.Inputs); // inputs Assert.Equal(2, definition.Data.Inputs.Length); Assert.Equal("someFilePathInput", definition.Data.Inputs[0].Name); Assert.Equal("Some default file path", definition.Data.Inputs[0].DefaultValue); Assert.Equal("someStringInput", definition.Data.Inputs[1].Name); Assert.Equal("Some default string", definition.Data.Inputs[1].DefaultValue); Assert.NotNull(definition.Data.Execution); // execution if (TestUtil.IsWindows()) { // Process handler should only be deserialized on Windows. Assert.Equal(5, definition.Data.Execution.All.Count); } else { // Only the Node handlers should be deserialized on non-Windows. Assert.Equal(4, definition.Data.Execution.All.Count); } // Node handler should always be deserialized. Assert.NotNull(definition.Data.Execution.Node); // execution.Node Assert.Equal(definition.Data.Execution.Node, definition.Data.Execution.All[0]); Assert.Equal("Some Node target", definition.Data.Execution.Node.Target); // Node10 handler should always be deserialized. Assert.NotNull(definition.Data.Execution.Node10); // execution.Node10 Assert.Equal(definition.Data.Execution.Node10, definition.Data.Execution.All[1]); Assert.Equal("Some Node10 target", definition.Data.Execution.Node10.Target); // Node16 handler should always be deserialized. Assert.NotNull(definition.Data.Execution.Node16); // execution.Node16 Assert.Equal(definition.Data.Execution.Node16, definition.Data.Execution.All[2]); Assert.Equal("Some Node16 target", definition.Data.Execution.Node16.Target); // Node20_1 handler should always be deserialized. Assert.NotNull(definition.Data.Execution.Node20_1); // execution.Node20_1 Assert.Equal(definition.Data.Execution.Node20_1, definition.Data.Execution.All[3]); Assert.Equal("Some Node20_1 target", definition.Data.Execution.Node20_1.Target); if (TestUtil.IsWindows()) { // Process handler should only be deserialized on Windows. Assert.NotNull(definition.Data.Execution.Process); // execution.Process Assert.Equal(definition.Data.Execution.Process, definition.Data.Execution.All[4]); Assert.Equal("Some process argument format", definition.Data.Execution.Process.ArgumentFormat); Assert.NotNull(definition.Data.Execution.Process.Platforms); Assert.Equal(1, definition.Data.Execution.Process.Platforms.Length); Assert.Equal("windows", definition.Data.Execution.Process.Platforms[0]); Assert.Equal("Some process target", definition.Data.Execution.Process.Target); Assert.Equal("Some process working directory", definition.Data.Execution.Process.WorkingDirectory); } // restrictions Assert.NotNull(definition.Data.Restrictions); Assert.Equal(TaskCommandMode.Restricted, definition.Data.Restrictions.Commands.Mode); Assert.Equal(2, definition.Data.Restrictions.SettableVariables.Allowed.Count); Assert.Equal("okVar", definition.Data.Restrictions.SettableVariables.Allowed[0]); Assert.Equal("otherVar", definition.Data.Restrictions.SettableVariables.Allowed[1]); } } finally { Teardown(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] public void MatchesPlatform() { try { // Arrange. using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource)) { HandlerData data = new NodeHandlerData() { Platforms = new[] { "WiNdOwS" } }; // Act/Assert. Assert.True(data.PreferredOnPlatform(PlatformUtil.OS.Windows)); Assert.False(data.PreferredOnPlatform(PlatformUtil.OS.Linux)); Assert.False(data.PreferredOnPlatform(PlatformUtil.OS.OSX)); } } finally { Teardown(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ReplacesMacros() { try { // Arrange. using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource)) { const string Directory = "Some directory"; Definition definition = new Definition() { Directory = Directory }; NodeHandlerData node = new NodeHandlerData() { Target = @"$(CuRrEnTdIrEcToRy)\Some node target", WorkingDirectory = @"$(CuRrEnTdIrEcToRy)\Some node working directory", }; ProcessHandlerData process = new ProcessHandlerData() { ArgumentFormat = @"$(CuRrEnTdIrEcToRy)\Some process argument format", Target = @"$(CuRrEnTdIrEcToRy)\Some process target", WorkingDirectory = @"$(CuRrEnTdIrEcToRy)\Some process working directory", }; // Act. node.ReplaceMacros(_hc, definition); process.ReplaceMacros(_hc, definition); // Assert. Assert.Equal($@"{Directory}\Some node target", node.Target); Assert.Equal($@"{Directory}\Some node working directory", node.WorkingDirectory); Assert.Equal($@"{Directory}\Some process argument format", process.ArgumentFormat); Assert.Equal($@"{Directory}\Some process target", process.Target); Assert.Equal($@"{Directory}\Some process working directory", process.WorkingDirectory); } } finally { Teardown(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ReplacesMacrosAndPreventsInfiniteRecursion() { try { // Arrange. using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource)) { string directory = "$(currentdirectory)$(currentdirectory)"; Definition definition = new Definition() { Directory = directory }; NodeHandlerData node = new NodeHandlerData() { Target = @"$(currentDirectory)\Some node target", }; // Act. node.ReplaceMacros(_hc, definition); // Assert. Assert.Equal($@"{directory}\Some node target", node.Target); } } finally { Teardown(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ReplacesMultipleMacroInstances() { try { // Arrange. using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource)) { const string Directory = "Some directory"; Definition definition = new Definition() { Directory = Directory }; NodeHandlerData node = new NodeHandlerData() { Target = @"$(CuRrEnTdIrEcToRy)$(CuRrEnTdIrEcToRy)\Some node target", }; // Act. node.ReplaceMacros(_hc, definition); // Assert. Assert.Equal($@"{Directory}{Directory}\Some node target", node.Target); } } finally { Teardown(); } } private void CreateTask(string jsonContent, out Pipelines.TaskStep instance, out string directory) { const string TaskName = "SomeTask"; const string TaskVersion = "1.2.3"; Guid taskGuid = Guid.NewGuid(); directory = Path.Combine(_workFolder, Constants.Path.TasksDirectory, $"{TaskName}_{taskGuid}", TaskVersion); string file = Path.Combine(directory, Constants.Path.TaskJsonFile); Directory.CreateDirectory(Path.GetDirectoryName(file)); File.WriteAllText(file, jsonContent); instance = new Pipelines.TaskStep() { Reference = new Pipelines.TaskStepDefinitionReference() { Id = taskGuid, Name = TaskName, Version = TaskVersion, } }; } private Stream GetZipStream() { // Locate the test data folder containing the task.json. string sourceFolder = Path.Combine(TestUtil.GetTestDataPath(), nameof(TaskManagerL0)); Assert.True(Directory.Exists(sourceFolder), $"Directory does not exist: {sourceFolder}"); Assert.True(File.Exists(Path.Combine(sourceFolder, Constants.Path.TaskJsonFile))); // Create the zip file under the work folder so it gets cleaned up. string zipFile = Path.Combine( _workFolder, $"{Guid.NewGuid()}.zip"); Directory.CreateDirectory(_workFolder); ZipFile.CreateFromDirectory(sourceFolder, zipFile, CompressionLevel.Fastest, includeBaseDirectory: false); return new FileStream(zipFile, FileMode.Open); } private TestHostContext Setup( CancellationTokenSource _ecTokenSource, [CallerMemberName] string name = "", bool signatureVerificationEnabled = false, bool alwaysExtractTaskEnabled = false) { // Mocks. _jobServer = new Mock(); _taskServer = new Mock(); _ec = new Mock(); _ec.Setup(x => x.CancellationToken).Returns(_ecTokenSource.Token); // Test host context. var _hc = new TestHostContext(this, name); // Random work folder. _workFolder = _hc.GetDirectory(WellKnownDirectory.Work); _hc.SetSingleton(_jobServer.Object); _hc.SetSingleton(_taskServer.Object); String fingerprint = String.Empty; if (signatureVerificationEnabled) { fingerprint = "FAKEFINGERPRINT"; } _configurationStore = new Mock(); _configurationStore .Setup(x => x.GetSettings()) .Returns( new AgentSettings { Fingerprint = fingerprint, WorkFolder = _workFolder, AlwaysExtractTask = alwaysExtractTaskEnabled }); _hc.SetSingleton(_configurationStore.Object); // Instance to test. _taskManager = new TaskManager(); _taskManager.Initialize(_hc); Environment.SetEnvironmentVariable("VSTS_TASK_DOWNLOAD_NO_BACKOFF", "1"); return _hc; } private void Teardown() { if (!string.IsNullOrEmpty(_workFolder) && Directory.Exists(_workFolder)) { Directory.Delete(_workFolder, recursive: true); } } private async void PreservesTaskZipTask(bool signatureVerification = false, bool alwaysExtractTask = false) { try { //Arrange using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource, signatureVerificationEnabled: signatureVerification, alwaysExtractTaskEnabled: alwaysExtractTask)) { var bingGuid = Guid.NewGuid(); string bingTaskName = "Bing"; string bingVersion = "1.21.2"; var tasks = new List { new Pipelines.TaskStep() { Enabled = true, Reference = new Pipelines.TaskStepDefinitionReference() { Name = bingTaskName, Version = bingVersion, Id = bingGuid } }, new Pipelines.TaskStep() { Enabled = true, Reference = new Pipelines.TaskStepDefinitionReference() { Name = bingTaskName, Version = bingVersion, Id = bingGuid } } }; using (var stream = GetZipStream()) { _taskServer .Setup(x => x.GetTaskContentZipAsync( bingGuid, It.Is(y => string.Equals(y.ToString(), bingVersion, StringComparison.Ordinal)), It.IsAny())) .Returns(Task.FromResult(stream)); //Act //first invocation will download and unzip the task from mocked IJobServer await _taskManager.DownloadAsync(_ec.Object, tasks); string destDirectory = Path.Combine( _hc.GetDirectory(WellKnownDirectory.Tasks), $"{bingTaskName}_{bingGuid}", bingVersion); //see if the task.json was downloaded string zipDestDirectory = Path.Combine(_hc.GetDirectory(WellKnownDirectory.TaskZips), $"{bingTaskName}_{bingGuid}_{bingVersion}.zip"); // task.json should exist since we need it for JobExtension.InitializeJob Assert.True(File.Exists(Path.Combine(destDirectory, Constants.Path.TaskJsonFile))); // Write a test file string testFile = Path.Combine(destDirectory, "test.txt"); using (File.Create(testFile)) { } Assert.True(File.Exists(testFile)); //second and third invocations should find the task in the cache and do nothing await _taskManager.DownloadAsync(_ec.Object, tasks); // Test file should no longer exist due to a fresh unzip Assert.False(File.Exists(testFile)); await _taskManager.DownloadAsync(_ec.Object, tasks); // the zip for the task should exist on disk Assert.True(File.Exists(zipDestDirectory)); //assert download has happened only once, because disabled, duplicate and cached tasks are not downloaded _taskServer .Verify(x => x.GetTaskContentZipAsync(It.IsAny(), It.IsAny(), It.IsAny()), Times.Once()); } } } finally { Teardown(); } } private void ExtractsAnAlreadyDownloadedZipToTheCorrectLocation(bool signatureVerification = true, bool alwaysExtractTask = true) { try { // Arrange using (var tokenSource = new CancellationTokenSource()) using (var _hc = Setup(tokenSource, signatureVerificationEnabled: signatureVerification, alwaysExtractTaskEnabled: alwaysExtractTask)) { var bingGuid = Guid.NewGuid(); string bingTaskName = "Bing"; string bingVersion = "1.21.2"; var taskStep = new Pipelines.TaskStep { Name = bingTaskName, Reference = new Pipelines.TaskStepDefinitionReference { Id = bingGuid, Name = bingTaskName, Version = bingVersion } }; string zipDestDirectory = Path.Combine(_hc.GetDirectory(WellKnownDirectory.TaskZips), $"{bingTaskName}_{bingGuid}_{bingVersion}.zip"); Directory.CreateDirectory(_hc.GetDirectory(WellKnownDirectory.TaskZips)); // write stream to file using (Stream zipStream = GetZipStream()) using (var fileStream = new FileStream(zipDestDirectory, FileMode.Create, FileAccess.Write)) { zipStream.CopyTo(fileStream); } // Act _taskManager.Extract(_ec.Object, taskStep); // Assert string destDirectory = Path.Combine( _hc.GetDirectory(WellKnownDirectory.Tasks), $"{bingTaskName}_{bingGuid}", bingVersion); Assert.True(File.Exists(Path.Combine(destDirectory, Constants.Path.TaskJsonFile))); } } finally { Teardown(); } } private class ExceptionStream : Stream { public override bool CanRead => throw new NotImplementedException(); public override bool CanSeek => throw new NotImplementedException(); public override bool CanWrite => throw new NotImplementedException(); public override long Length => throw new NotImplementedException(); public override long Position { get => throw new NotImplementedException(); set => throw new NotImplementedException(); } public override void Flush() { throw new NotImplementedException(); } public override int Read(byte[] buffer, int offset, int count) { throw new NotImplementedException(); } public override long Seek(long offset, SeekOrigin origin) { throw new NotImplementedException(); } public override void SetLength(long value) { throw new NotImplementedException(); } public override void Write(byte[] buffer, int offset, int count) { throw new NotImplementedException(); } } } } ================================================ FILE: src/Test/L0/Worker/TaskRunnerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Moq; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using Xunit; using Agent.Sdk; using Microsoft.VisualStudio.Services.Agent.Worker; using System; using System.Runtime.CompilerServices; using System.Collections.Generic; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.TeamFoundation.DistributedTask.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class TaskRunnerL0 { private TestHostContext CreateTestContext([CallerMemberName] String testName = "") { var hc = new TestHostContext(this, testName); return hc; } private class GetHandlerTest { public String Name; public ExecutionData Input; public PlatformUtil.OS HostOS; public HandlerData Expected; public ExecutionTargetInfo StepTarget = null; public void RunTest(TestHostContext hc, Dictionary variables = null) { var _ec = new Mock(); _ec.Setup(x => x.StepTarget()).Returns(StepTarget); _ec.Setup(x => x.GetScopedEnvironment()).Returns(new SystemEnvironment()); _ec.Setup(x => x.GetVariableValueOrDefault("agent.preferPowerShellOnContainers")).Returns(variables?["agent.preferPowerShellOnContainers"]?.Value ?? string.Empty); if (variables is null) { variables = new Dictionary(); } List warnings; _ec.Setup(x => x.Variables) .Returns(new Variables(hc, copy: variables, warnings: out warnings)); var tr = new TaskRunner(); tr.Initialize(hc); var Got = tr.GetHandlerData(_ec.Object, Input, HostOS); // for some reason, we guard the setter of PowerShellDate in ExecutionData to only add if running on windows. // this makes testing hard if (!PlatformUtil.RunningOnWindows) { Assert.True(true, "Passively pass this test since we have no way to actually prove it"); } else { Assert.True(Got == Expected, $"{Name} - Expected {Expected} Got {Got}"); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetHandlerHostOnlyTests() { var nodeData = new NodeHandlerData() { Platforms = new string[] { "linux", "osx" } }; var nodeOnlyExecutionData = new ExecutionData(); nodeOnlyExecutionData.Node = nodeData; var powerShell3Data = new PowerShell3HandlerData() { Platforms = new string[] { "windows" } }; var ps3OnlyExecutionData = new ExecutionData(); ps3OnlyExecutionData.PowerShell3 = powerShell3Data; var mixedExecutionData = new ExecutionData(); mixedExecutionData.PowerShell3 = powerShell3Data; mixedExecutionData.Node = nodeData; foreach (var test in new GetHandlerTest[] { new GetHandlerTest() { Name="Empty Test", Input=null, Expected=null, HostOS=PlatformUtil.OS.Windows }, new GetHandlerTest() { Name="Node Only on Windows", Input=nodeOnlyExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.Windows}, new GetHandlerTest() { Name="Node Only on Linux", Input=nodeOnlyExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.Linux }, new GetHandlerTest() { Name="Node Only on OSX", Input=nodeOnlyExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.OSX }, new GetHandlerTest() { Name="PowerShell3 Only on Windows", Input=ps3OnlyExecutionData, Expected=powerShell3Data, HostOS=PlatformUtil.OS.Windows }, new GetHandlerTest() { Name="PowerShell3 Only on Linux", Input=ps3OnlyExecutionData, Expected=powerShell3Data, HostOS=PlatformUtil.OS.Linux }, new GetHandlerTest() { Name="PowerShell3 Only on OSX", Input=ps3OnlyExecutionData, Expected=powerShell3Data, HostOS=PlatformUtil.OS.OSX }, new GetHandlerTest() { Name="Mixed on Windows", Input=mixedExecutionData, Expected=powerShell3Data, HostOS=PlatformUtil.OS.Windows }, new GetHandlerTest() { Name="Mixed on Linux", Input=mixedExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.Linux }, new GetHandlerTest() { Name="Mixed on OSX", Input=mixedExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.OSX }, }) { using (TestHostContext hc = CreateTestContext(test.Name)) { test.RunTest(hc); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetHandlerContainerTargetTests() { var nodeData = new NodeHandlerData(); var nodeOnlyExecutionData = new ExecutionData(); nodeOnlyExecutionData.Node = nodeData; var powerShell3Data = new PowerShell3HandlerData() { Platforms = new string[] { "windows" } }; var ps3OnlyExecutionData = new ExecutionData(); ps3OnlyExecutionData.PowerShell3 = powerShell3Data; var mixedExecutionData = new ExecutionData(); mixedExecutionData.Node = nodeData; mixedExecutionData.PowerShell3 = powerShell3Data; ContainerInfo containerInfo = new ContainerInfo() { }; foreach (var test in new GetHandlerTest[] { new GetHandlerTest() { Name="Empty Test", Input=null, Expected=null, HostOS=PlatformUtil.OS.Windows, StepTarget=containerInfo }, new GetHandlerTest() { Name="Node Only on Windows", Input=nodeOnlyExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.Windows, StepTarget=containerInfo }, new GetHandlerTest() { Name="Node Only on Linux", Input=nodeOnlyExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.Linux, StepTarget=containerInfo }, new GetHandlerTest() { Name="Node Only on OSX", Input=nodeOnlyExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.OSX, StepTarget=containerInfo }, new GetHandlerTest() { Name="PowerShell3 Only on Windows", Input=ps3OnlyExecutionData, Expected=powerShell3Data, HostOS=PlatformUtil.OS.Windows, StepTarget=containerInfo }, new GetHandlerTest() { Name="PowerShell3 Only on Linux", Input=ps3OnlyExecutionData, Expected=powerShell3Data, HostOS=PlatformUtil.OS.Linux, StepTarget=containerInfo }, new GetHandlerTest() { Name="PowerShell3 Only on OSX", Input=ps3OnlyExecutionData, Expected=powerShell3Data, HostOS=PlatformUtil.OS.OSX, StepTarget=containerInfo }, new GetHandlerTest() { Name="Mixed on Windows", Input=mixedExecutionData, Expected=powerShell3Data, HostOS=PlatformUtil.OS.Windows, StepTarget=containerInfo }, new GetHandlerTest() { Name="Mixed on Linux", Input=mixedExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.Linux, StepTarget=containerInfo }, new GetHandlerTest() { Name="Mixed on OSX", Input=mixedExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.OSX, StepTarget=containerInfo }, }) { using (TestHostContext hc = CreateTestContext(test.Name)) { test.RunTest(hc); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetHandlerContainerTargetPreferNodeDisabledTests() { var nodeData = new NodeHandlerData(); var nodeOnlyExecutionData = new ExecutionData(); nodeOnlyExecutionData.Node = nodeData; var powerShell3Data = new PowerShell3HandlerData() { Platforms = new string[] { "windows" } }; var ps3OnlyExecutionData = new ExecutionData(); ps3OnlyExecutionData.PowerShell3 = powerShell3Data; var mixedExecutionData = new ExecutionData(); mixedExecutionData.Node = nodeData; mixedExecutionData.PowerShell3 = powerShell3Data; ContainerInfo containerInfo = new ContainerInfo() { }; foreach (var test in new GetHandlerTest[] { new GetHandlerTest() { Name="Empty Test", Input=null, Expected=null, HostOS=PlatformUtil.OS.Windows, StepTarget=containerInfo }, new GetHandlerTest() { Name="Node Only on Windows", Input=nodeOnlyExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.Windows, StepTarget=containerInfo }, new GetHandlerTest() { Name="Node Only on Linux", Input=nodeOnlyExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.Linux, StepTarget=containerInfo }, new GetHandlerTest() { Name="Node Only on OSX", Input=nodeOnlyExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.OSX, StepTarget=containerInfo }, new GetHandlerTest() { Name="PowerShell3 Only on Windows", Input=ps3OnlyExecutionData, Expected=powerShell3Data, HostOS=PlatformUtil.OS.Windows, StepTarget=containerInfo }, new GetHandlerTest() { Name="PowerShell3 Only on Linux", Input=ps3OnlyExecutionData, Expected=powerShell3Data, HostOS=PlatformUtil.OS.Linux, StepTarget=containerInfo }, new GetHandlerTest() { Name="PowerShell3 Only on OSX", Input=ps3OnlyExecutionData, Expected=powerShell3Data, HostOS=PlatformUtil.OS.OSX, StepTarget=containerInfo }, new GetHandlerTest() { Name="Mixed on Windows", Input=mixedExecutionData, Expected=powerShell3Data, HostOS=PlatformUtil.OS.Windows, StepTarget=containerInfo }, new GetHandlerTest() { Name="Mixed on Linux", Input=mixedExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.Linux, StepTarget=containerInfo }, new GetHandlerTest() { Name="Mixed on OSX", Input=mixedExecutionData, Expected=nodeData, HostOS=PlatformUtil.OS.OSX, StepTarget=containerInfo }, }) { var variables = new Dictionary(); variables.Add("agent.preferPowerShellOnContainers", "true"); using (TestHostContext hc = CreateTestContext(test.Name)) { test.RunTest(hc, variables); Environment.SetEnvironmentVariable("AGENT_PREFER_POWERSHELL_ON_CONTAINERS", "true"); test.RunTest(hc); Environment.SetEnvironmentVariable("AGENT_PREFER_POWERSHELL_ON_CONTAINERS", null); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void VerifyTasksTests() { using (TestHostContext hc = CreateTestContext()) { // Setup var taskRunner = new TaskRunner(); Mock store = new Mock(); AgentSettings settings = new AgentSettings(); settings.AlwaysExtractTask = true; store.Setup(x => x.GetSettings()).Returns(settings); hc.SetSingleton(store.Object); taskRunner.Initialize(hc); Definition definition = new Definition() { ZipPath = "test" }; Mock taskManager = new Mock(); taskManager.Setup(x => x.Extract(It.IsAny(), It.IsAny())); // Each Verify call should Extract since the ZipPath is given and AlwaysExtract = True taskRunner.VerifyTask(taskManager.Object, definition); taskManager.Verify(x => x.Extract(It.IsAny(), It.IsAny()), Times.Exactly(1)); taskRunner.VerifyTask(taskManager.Object, definition); taskManager.Verify(x => x.Extract(It.IsAny(), It.IsAny()), Times.Exactly(2)); taskRunner.VerifyTask(taskManager.Object, definition); taskManager.Verify(x => x.Extract(It.IsAny(), It.IsAny()), Times.Exactly(3)); // Verify call should not Extract since AlwaysExtract = False settings.AlwaysExtractTask = false; taskRunner.VerifyTask(taskManager.Object, definition); taskManager.Verify(x => x.Extract(It.IsAny(), It.IsAny()), Times.Exactly(3)); // Setting back to AlwaysExtract = true causes Extract to be called settings.AlwaysExtractTask = true; taskRunner.VerifyTask(taskManager.Object, definition); taskManager.Verify(x => x.Extract(It.IsAny(), It.IsAny()), Times.Exactly(4)); // Clearing the ZipPath should not Extract definition.ZipPath = null; taskRunner.VerifyTask(taskManager.Object, definition); taskManager.Verify(x => x.Extract(It.IsAny(), It.IsAny()), Times.Exactly(4)); } } } } ================================================ FILE: src/Test/L0/Worker/Telemetry/TelemetryCommandExtensionTests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Microsoft.VisualStudio.Services.WebPlatform; using Moq; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.Runtime.CompilerServices; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker.Telemetry { public class TelemetryCommandExtensionTests { private Mock _ec; private List _warnings = new List(); private List _errors = new List(); private Mock _mockCiService; private Mock _mockCommandContext; [Fact] [Trait("Level", "L0")] [Trait("Category", "Telemetry")] public void PublishTelemetryCommandWithCiProps() { using (var _hc = SetupMocks()) { var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(_hc); var data = new Dictionary() { {"key1", "valu\\e1"}, {"key2", "value2"}, {"key3", Int64.Parse("4") } }; var json = JsonConvert.SerializeObject(data, Formatting.None); var cmd = new Command("telemetry", "publish"); cmd.Data = json; cmd.Properties.Add("area", "Test"); cmd.Properties.Add("feature", "Task"); publishTelemetryCmd.ProcessCommand(_ec.Object, cmd); _mockCiService.Verify(s => s.PublishEventsAsync(It.Is(e => VerifyEvent(e, data))), Times.Once()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Telemetry")] public void PublishTelemetryCommandWithSpecialCiProps() { using (var _hc = SetupMocks()) { var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(_hc); var data = new Dictionary() { {"key1", "va@lu;çe1"} }; var json = JsonConvert.SerializeObject(data, Formatting.None); var cmd = new Command("telemetry", "publish"); cmd.Data = json; cmd.Properties.Add("area", "Test"); cmd.Properties.Add("feature", "Task"); publishTelemetryCmd.ProcessCommand(_ec.Object, cmd); _mockCiService.Verify(s => s.PublishEventsAsync(It.Is(e => VerifyEvent(e, data))), Times.Once()); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Telemetry")] public void PublishTelemetryWithoutArea() { using (var _hc = SetupMocks()) { var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(_hc); var cmd = new Command("telemetry", "publish"); cmd.Data = "key1=value1;key2=value2"; cmd.Properties.Add("feature", "Task"); Assert.Throws(() => publishTelemetryCmd.ProcessCommand(_ec.Object, cmd)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Telemetry")] public void PublishTelemetryWithoutFeature() { using (var _hc = SetupMocks()) { var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(_hc); var cmd = new Command("telemetry", "publish"); cmd.Data = "key1=value1;key2=value2"; cmd.Properties.Add("area", "Test"); Assert.Throws(() => publishTelemetryCmd.ProcessCommand(_ec.Object, cmd)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Telemetry")] public void PublishTelemetryWithoutCiData() { using (var _hc = SetupMocks()) { var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(_hc); var cmd = new Command("telemetry", "publish"); cmd.Properties.Add("area", "Test"); cmd.Properties.Add("feature", "Task"); Assert.Throws(() => publishTelemetryCmd.ProcessCommand(_ec.Object, cmd)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Telemetry")] public void PublishTelemetryWithoutCommandEvent() { using (var _hc = SetupMocks()) { var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(_hc); var cmd = new Command("telemetry", "abcxyz"); cmd.Properties.Add("area", "Test"); cmd.Properties.Add("feature", "Task"); var ex = Assert.Throws(() => publishTelemetryCmd.ProcessCommand(_ec.Object, cmd)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Telemetry")] public void PublishTelemetryCommandWithExceptionFromServer() { using (var _hc = SetupMocks()) { _mockCiService.Setup(x => x.PublishEventsAsync(It.IsAny())).Throws(); var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(_hc); var data = new Dictionary() { {"key1", "valu\\e1"}, {"key2", "value2"}, {"key3", Int64.Parse("4") } }; var json = JsonConvert.SerializeObject(data, Formatting.None); var cmd = new Command("telemetry", "publish"); cmd.Data = json; cmd.Properties.Add("area", "Test"); cmd.Properties.Add("feature", "Task"); publishTelemetryCmd.ProcessCommand(_ec.Object, cmd); _mockCiService.Verify(s => s.PublishEventsAsync(It.Is(e => VerifyEvent(e, data))), Times.Once()); Assert.True(_warnings.Count > 0); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Telemetry")] public void PublishTelemetryCommandForInBoxTask() { using (var _hc = SetupMocks()) { var ex_context = _ec.Object; ex_context.Variables.Set(Constants.Variables.Task.PublishTelemetry, true.ToString()); var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(_hc); var data = new Dictionary() { {"key1", "valu\\e1"}, {"key2", "value2"}, {"key3", Int64.Parse("4") } }; var json = JsonConvert.SerializeObject(data, Formatting.None); var cmd = new Command("telemetry", "publish"); cmd.Data = json; cmd.Properties.Add("area", "Test"); cmd.Properties.Add("feature", "Task"); publishTelemetryCmd.ProcessCommand(ex_context, cmd); _mockCiService.Verify(s => s.PublishEventsAsync(It.Is(e => VerifyEvent(e, data))), Times.Once); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Telemetry")] public void PublishTelemetryCommandForCustomerTask() { using (var _hc = SetupMocks()) { var ex_context = _ec.Object; ex_context.Variables.Set(Constants.Variables.Task.PublishTelemetry, false.ToString()); var publishTelemetryCmd = new TelemetryCommandExtension(); publishTelemetryCmd.Initialize(_hc); var data = new Dictionary() { {"key1", "valu\\e1"}, {"key2", "value2"}, {"key3", Int64.Parse("4") } }; var json = JsonConvert.SerializeObject(data, Formatting.None); var cmd = new Command("telemetry", "publish"); cmd.Data = json; cmd.Properties.Add("area", "Test"); cmd.Properties.Add("feature", "Task"); publishTelemetryCmd.ProcessCommand(ex_context, cmd); _mockCiService.Verify(s => s.PublishEventsAsync(It.Is(e => VerifyEvent(e, data))), Times.Never); } } private TestHostContext SetupMocks([CallerMemberName] string name = "") { var _hc = new TestHostContext(this, name); _hc.SetSingleton(new TaskRestrictionsChecker() as ITaskRestrictionsChecker); _mockCiService = new Mock(); _hc.SetSingleton(_mockCiService.Object); _mockCommandContext = new Mock(); _hc.EnqueueInstance(_mockCommandContext.Object); var endpointAuthorization = new EndpointAuthorization() { Scheme = EndpointAuthorizationSchemes.OAuth }; List warnings; var variables = new Variables(_hc, new Dictionary(), out warnings); endpointAuthorization.Parameters[EndpointAuthorizationParameters.AccessToken] = "accesstoken"; _ec = new Mock(); _ec.Setup(x => x.Restrictions).Returns(new List()); _ec.Setup(x => x.Endpoints).Returns(new List { new ServiceEndpoint { Url = new Uri("http://dummyurl"), Name = WellKnownServiceEndpointNames.SystemVssConnection, Authorization = endpointAuthorization } }); _ec.Setup(x => x.Variables).Returns(variables); var asyncCommands = new List(); _ec.Setup(x => x.AsyncCommands).Returns(asyncCommands); _ec.Setup(x => x.AddIssue(It.IsAny())) .Callback ((issue) => { if (issue.Type == IssueType.Warning) { _warnings.Add(issue.Message); } else if (issue.Type == IssueType.Error) { _errors.Add(issue.Message); } }); _ec.Setup(x => x.GetHostContext()).Returns(_hc); return _hc; } private bool VerifyEvent(CustomerIntelligenceEvent[] ciEvent, Dictionary eventData) { Assert.True(ciEvent.Length == 1); Assert.True(ciEvent[0].Properties.Count == eventData.Count); foreach (var key in eventData.Keys) { object eventVal; object ciVal; eventData.TryGetValue(key, out eventVal); ciEvent[0].Properties.TryGetValue(key, out ciVal); Assert.True(eventVal.Equals(ciVal), "CI properties didn't match"); } return true; } } } ================================================ FILE: src/Test/L0/Worker/TfManagerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Threading; using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Moq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class TfManagerL0 { private const string VstsomLegacy = "vstsom-legacy"; private const string TfLegacy = "tf-legacy"; private const string VstsHostLegacy = "vstshost-legacy"; [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task DownloadTfLegacyToolsAsync() { // Arrange using var tokenSource = new CancellationTokenSource(); using var hostContext = new TestHostContext(this); var executionContext = new Mock(); executionContext.Setup(x => x.CancellationToken).Returns(tokenSource.Token); executionContext.Setup(x => x.GetVariableValueOrDefault(It.Is(s => s == "Agent.HomeDirectory"))) .Returns(hostContext.GetDirectory(WellKnownDirectory.Root)); string externalsPath = hostContext.GetDirectory(WellKnownDirectory.Externals); string tfPath = Path.Combine(externalsPath, TfLegacy); string vstsomPath = Path.Combine(externalsPath, VstsomLegacy); string vstsHostPath = Path.Combine(externalsPath, VstsHostLegacy); // Pre-seed expected directories to avoid network dependency in unit tests. // TfManager will detect presence and skip download; assertions remain valid. Directory.CreateDirectory(tfPath); File.WriteAllText(Path.Combine(tfPath, "TF.exe"), string.Empty); Directory.CreateDirectory(vstsomPath); File.WriteAllText(Path.Combine(vstsomPath, "TF.exe"), string.Empty); Directory.CreateDirectory(vstsHostPath); File.WriteAllText(Path.Combine(vstsHostPath, "LegacyVSTSPowerShellHost.exe"), string.Empty); // Act await TfManager.DownloadLegacyTfToolsAsync(executionContext.Object); // Assert Assert.True(Directory.Exists(tfPath)); Assert.True(File.Exists(Path.Combine(tfPath, "TF.exe"))); Assert.False(Directory.Exists(Path.Combine(externalsPath, "tf_download_temp"))); Assert.True(Directory.Exists(vstsomPath)); Assert.True(File.Exists(Path.Combine(vstsomPath, "TF.exe"))); Assert.False(Directory.Exists(Path.Combine(externalsPath, "vstsom_download_temp"))); Assert.True(Directory.Exists(vstsHostPath)); Assert.True(File.Exists(Path.Combine(vstsHostPath, "LegacyVSTSPowerShellHost.exe"))); Assert.False(Directory.Exists(Path.Combine(externalsPath, "vstshost_download_temp"))); // Cleanup IOUtil.DeleteDirectory(tfPath, CancellationToken.None); IOUtil.DeleteDirectory(vstsomPath, CancellationToken.None); IOUtil.DeleteDirectory(vstsHostPath, CancellationToken.None); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task DownloadAsync_Retries() { // Arrange using var tokenSource = new CancellationTokenSource(); using var hostContext = new TestHostContext(this); var executionContext = new Mock(); executionContext.Setup(x => x.CancellationToken).Returns(tokenSource.Token); executionContext.Setup(x => x.GetVariableValueOrDefault(It.Is(s => s == "Agent.HomeDirectory"))) .Returns(hostContext.GetDirectory(WellKnownDirectory.Root)); var retryOptions = new Mock(); retryOptions.SetupProperty(opt => opt.CurrentCount); retryOptions.Setup(opt => opt.ToString()).Throws(); retryOptions.Setup(opt => opt.Limit).Returns(3); const string downloadUrl = "https://vstsagenttools.blob.core.windows.net/tools/vstsom/m122_887c6659/vstsom.zip"; string tempDirectory = Path.Combine(hostContext.GetDirectory(WellKnownDirectory.Externals), "temp-test"); string extractDirectory = Path.Combine(hostContext.GetDirectory(WellKnownDirectory.Externals), "test"); // Act await TfManager.DownloadAsync(executionContext.Object, downloadUrl, tempDirectory, extractDirectory, retryOptions.Object); // Assert Assert.False(Directory.Exists(tempDirectory)); Assert.False(Directory.Exists(extractDirectory)); retryOptions.VerifySet(opt => opt.CurrentCount = It.IsAny(), Times.Exactly(3)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task DownloadAsync_Cancellation() { // Arrange using var tokenSource = new CancellationTokenSource(); using var hostContext = new TestHostContext(this); var executionContext = new Mock(); executionContext.Setup(x => x.CancellationToken).Returns(tokenSource.Token); executionContext.Setup(x => x.GetVariableValueOrDefault(It.Is(s => s == "Agent.HomeDirectory"))) .Returns(hostContext.GetDirectory(WellKnownDirectory.Root)); var retryOptions = new Mock(); retryOptions.SetupProperty(opt => opt.CurrentCount); retryOptions.Setup(opt => opt.ToString()).Callback(() => tokenSource.Cancel()); retryOptions.Setup(opt => opt.Limit).Returns(3); const string downloadUrl = "https://vstsagenttools.blob.core.windows.net/tools/vstsom/m122_887c6659/vstsom.zip"; string tempDirectory = Path.Combine(hostContext.GetDirectory(WellKnownDirectory.Externals), "temp-test"); string extractDirectory = Path.Combine(hostContext.GetDirectory(WellKnownDirectory.Externals), "test"); // Act await TfManager.DownloadAsync(executionContext.Object, downloadUrl, tempDirectory, extractDirectory, retryOptions.Object); // Assert Assert.False(Directory.Exists(tempDirectory)); Assert.False(Directory.Exists(extractDirectory)); retryOptions.VerifySet(opt => opt.CurrentCount = It.IsAny(), Times.Never()); } } } ================================================ FILE: src/Test/L0/Worker/VariablesL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using System.Collections.Generic; using System.Globalization; using System.Linq; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class VariablesL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_AppliesMaskHints() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var copy = new Dictionary { { "MySecretName", new VariableValue("My secret value", true) }, { "MyPublicVariable", "My public value" }, }; List warnings; var variables = new Variables(hc, copy, out warnings); // Act. Variable[] publicVariables = variables.Public.ToArray(); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal(1, publicVariables.Length); Assert.Equal("MyPublicVariable", publicVariables[0].Name); Assert.Equal("My public value", publicVariables[0].Value); Assert.Equal("My secret value", variables.Get("MySecretName")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_DetectsAdjacentCyclicalReference() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var copy = new Dictionary { { "variable1", "1_$(variable2)" }, { "variable2", "2_$(variable3)" }, { "variable3", "3_$(variable2)" }, }; // Act. List warnings; var variables = new Variables(hc, copy, out warnings); // Assert. Assert.Equal(3, warnings.Count); Assert.True(warnings.Any(x => string.Equals(x, StringUtil.Loc("Variable0ContainsCyclicalReference", "variable1")))); Assert.True(warnings.Any(x => string.Equals(x, StringUtil.Loc("Variable0ContainsCyclicalReference", "variable2")))); Assert.True(warnings.Any(x => string.Equals(x, StringUtil.Loc("Variable0ContainsCyclicalReference", "variable3")))); Assert.Equal("1_$(variable2)", variables.Get("variable1")); Assert.Equal("2_$(variable3)", variables.Get("variable2")); Assert.Equal("3_$(variable2)", variables.Get("variable3")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_DetectsExcessiveDepth() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. const int MaxDepth = 50; var copy = new Dictionary(); copy[$"variable{MaxDepth + 1}"] = "Final value"; // Variable 51. for (int i = 1; i <= MaxDepth; i++) { copy[$"variable{i}"] = $"$(variable{i + 1})"; // Variables 1-50. } // Act. List warnings; var variables = new Variables(hc, copy, out warnings); // Assert. Assert.Equal(1, warnings.Count); Assert.Equal(warnings[0], StringUtil.Loc("Variable0ExceedsMaxDepth1", "variable1", MaxDepth)); Assert.Equal("$(variable2)", variables.Get("variable1")); // Variable 1. for (int i = 2; i <= MaxDepth + 1; i++) { Assert.Equal("Final value", variables.Get($"variable{i}")); // Variables 2-51. } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_DetectsNonadjacentCyclicalReference() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var copy = new Dictionary { { "variable1", "1_$(variable2)" }, { "variable2", "2_$(variable3)" }, { "variable3", "3_$(variable1)" }, }; // Act. List warnings; var variables = new Variables(hc, copy, out warnings); // Assert. Assert.Equal(3, warnings.Count); Assert.True(warnings.Any(x => string.Equals(x, StringUtil.Loc("Variable0ContainsCyclicalReference", "variable1")))); Assert.True(warnings.Any(x => string.Equals(x, StringUtil.Loc("Variable0ContainsCyclicalReference", "variable2")))); Assert.True(warnings.Any(x => string.Equals(x, StringUtil.Loc("Variable0ContainsCyclicalReference", "variable3")))); Assert.Equal("1_$(variable2)", variables.Get("variable1")); Assert.Equal("2_$(variable3)", variables.Get("variable2")); Assert.Equal("3_$(variable1)", variables.Get("variable3")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_InheritsSecretFlagFromDeepRecursion() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var copy = new Dictionary { { "variable1", "before $(variable2) after" }, { "variable2", "before2 $(variable3) after2" }, { "variable3", new VariableValue("some variable 3 value", true) }, }; // Act. List warnings; var variables = new Variables(hc, copy, out warnings); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal(0, variables.Public.Count()); Assert.Equal("before before2 some variable 3 value after2 after", variables.Get("variable1")); Assert.Equal("before2 some variable 3 value after2", variables.Get("variable2")); Assert.Equal("some variable 3 value", variables.Get("variable3")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_InheritsSecretFlagFromRecursion() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var copy = new Dictionary { { "variable1", "before $(variable2) after" }, { "variable2", new VariableValue("some variable 2 value", true) }, }; // Act. List warnings; var variables = new Variables(hc, copy, out warnings); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal(0, variables.Public.Count()); Assert.Equal("before some variable 2 value after", variables.Get("variable1")); Assert.Equal("some variable 2 value", variables.Get("variable2")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_ExpandsValueWithConsecutiveMacros() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var copy = new Dictionary { { "variable1", "before$(variable2)$(variable2)after" }, { "variable2", "some variable 2 value" }, }; // Act. List warnings; var variables = new Variables(hc, copy, out warnings); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal("beforesome variable 2 valuesome variable 2 valueafter", variables.Get("variable1")); Assert.Equal("some variable 2 value", variables.Get("variable2")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_ExpandsValueWithDeepRecursion() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var copy = new Dictionary { { "variable1", "before$(variable2)after" }, { "variable2", "$(variable3)world" }, { "variable3", "hello" }, }; // Act. List warnings; var variables = new Variables(hc, copy, out warnings); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal("beforehelloworldafter", variables.Get("variable1")); Assert.Equal("helloworld", variables.Get("variable2")); Assert.Equal("hello", variables.Get("variable3")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_ExpandsValueWithPreceedingPrefix() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var copy = new Dictionary { { "variable1", "before$($(variable2)after" }, { "variable2", "hello" }, }; // Act. List warnings; var variables = new Variables(hc, copy, out warnings); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal("before$(helloafter", variables.Get("variable1")); Assert.Equal("hello", variables.Get("variable2")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_HandlesNullNestedValue() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var copy = new Dictionary { { "variable1", "before $(variable2) after" }, { "variable2", new VariableValue(null, false) }, }; // Act. List warnings; var variables = new Variables(hc, copy, out warnings); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal("before after", variables.Get("variable1")); Assert.Equal(string.Empty, variables.Get("variable2")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_HandlesNullValue() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var copy = new Dictionary { { "variable1", new VariableValue(null, false) }, { "variable2", "some variable 2 value" }, }; // Act. List warnings; var variables = new Variables(hc, copy, out warnings); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal(string.Empty, variables.Get("variable1")); Assert.Equal("some variable 2 value", variables.Get("variable2")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_SetsNullAsEmpty() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var copy = new Dictionary { { "variable1", new VariableValue(null, false) }, }; // Act. var variables = new Variables(hc, copy, out warnings); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal(string.Empty, variables.Get("variable1")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_SetsOrdinalIgnoreCaseComparer() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. CultureInfo currentCulture = CultureInfo.CurrentCulture; CultureInfo currentUICulture = CultureInfo.CurrentUICulture; try { CultureInfo.CurrentCulture = new CultureInfo("tr-TR"); CultureInfo.CurrentUICulture = new CultureInfo("tr-TR"); var copy = new Dictionary { { "i", "foo" }, { "I", "foo" }, }; // Act. List warnings; var variables = new Variables(hc, copy, out warnings); // Assert. Assert.Equal(1, variables.Public.Count()); } finally { // Cleanup. CultureInfo.CurrentCulture = currentCulture; CultureInfo.CurrentUICulture = currentUICulture; } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Constructor_SkipVariableWithEmptyName() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var copy = new Dictionary { { "", "" }, { " ", "" }, { "MyPublicVariable", "My public value" }, }; List warnings; var variables = new Variables(hc, copy, out warnings); // Act. Variable[] publicVariables = variables.Public.ToArray(); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal(1, publicVariables.Length); Assert.Equal("MyPublicVariable", publicVariables[0].Name); Assert.Equal("My public value", publicVariables[0].Value); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ExpandValues_DoesNotRecurse() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange: Setup the variables. The value of the variable1 variable // should not get expanded since variable2 does not exist when the // variables class is initialized (and therefore would never get expanded). List warnings; var variableDictionary = new Dictionary { { "variable1", "$(variable2)" }, }; var variables = new Variables(hc, variableDictionary, out warnings); variables.Set("variable2", "some variable 2 value"); // Arrange: Setup the target dictionary. var targetDictionary = new Dictionary(); targetDictionary["some target key"] = "before $(variable1) after"; // Act. variables.ExpandValues(target: targetDictionary); // Assert: The variable should only have been expanded one level. Assert.Equal("before $(variable2) after", targetDictionary["some target key"]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ExpandValues_HandlesConsecutiveMacros() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange: Setup the variables. List warnings; var variableDictionary = new Dictionary { { "variable1", "some variable 1 value " }, { "variable2", "some variable 2 value" }, }; var variables = new Variables(hc, variableDictionary, out warnings); // Arrange: Setup the target dictionary. var targetDictionary = new Dictionary(); targetDictionary["some target key"] = "before $(variable1)$(variable2) after"; // Act. variables.ExpandValues(target: targetDictionary); // Assert: The consecutive macros should both have been expanded. Assert.Equal("before some variable 1 value some variable 2 value after", targetDictionary["some target key"]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ExpandValues_HandlesNullValue() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange: Setup the variables. List warnings; var variableDictionary = new Dictionary { { "variable1", "some variable 1 value " }, }; var variables = new Variables(hc, variableDictionary, out warnings); // Arrange: Setup the target dictionary. var targetDictionary = new Dictionary { { "some target key", null }, }; // Act. variables.ExpandValues(target: targetDictionary); // Assert: The consecutive macros should both have been expanded. Assert.Equal(string.Empty, targetDictionary["some target key"]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void ExpandValues_HandlesPreceedingPrefix() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange: Setup the variables. List warnings; var variableDictionary = new Dictionary { { "variable1", "some variable 1 value" }, }; var variables = new Variables(hc, variableDictionary, out warnings); // Arrange: Setup the target dictionary. var targetDictionary = new Dictionary(); targetDictionary["some target key"] = "before $($(variable1) after"; // Act. variables.ExpandValues(target: targetDictionary); // Assert: The consecutive macros should both have been expanded. Assert.Equal("before $(some variable 1 value after", targetDictionary["some target key"]); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Get_ReturnsNullIfNotFound() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); // Act. string actual = variables.Get("no such"); // Assert. Assert.Equal(null, actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetBoolean_DoesNotThrowWhenNull() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); // Act. bool? actual = variables.GetBoolean("no such"); // Assert. Assert.Null(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void GetEnum_DoesNotThrowWhenNull() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); // Act. System.IO.FileShare? actual = variables.GetEnum("no such"); // Assert. Assert.Null(actual); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void RecalculateExpanded_PerformsRecalculation() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var original = new Dictionary { { "topLevelVariable", "$(nestedVariable1) $(nestedVariable2)" }, { "nestedVariable1", "Some nested value 1" }, }; var variables = new Variables(hc, original, out warnings); Assert.Equal(0, warnings.Count); Assert.Equal(2, variables.Public.Count()); Assert.Equal("Some nested value 1 $(nestedVariable2)", variables.Get("topLevelVariable")); Assert.Equal("Some nested value 1", variables.Get("nestedVariable1")); // Act. variables.Set("nestedVariable2", "Some nested value 2", secret: false); variables.RecalculateExpanded(out warnings); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal(3, variables.Public.Count()); Assert.Equal("Some nested value 1 Some nested value 2", variables.Get("topLevelVariable")); Assert.Equal("Some nested value 1", variables.Get("nestedVariable1")); Assert.Equal("Some nested value 2", variables.Get("nestedVariable2")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void RecalculateExpanded_RetainsUpdatedSecretness() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); Assert.Equal(0, warnings.Count); variables.Set("foo", "bar"); Assert.Equal(1, variables.Public.Count()); // Act. variables.Set("foo", "baz", secret: true); variables.RecalculateExpanded(out warnings); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal(0, variables.Public.Count()); Assert.Equal("baz", variables.Get("foo")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void RecalculateExpanded_PathTranslator() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. var copy = new Dictionary { { "variable1", "run $(variable2)" }, { "variable2", "/path/to/something" }, }; List warnings; var variables = new Variables(hc, copy, out warnings); variables.StringTranslator = (str) => { if (str.StartsWith("/path/to")) { return str.Replace("/path/to", "/another/path"); } return str; }; Assert.Equal(0, warnings.Count); // Act. variables.RecalculateExpanded(out warnings); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal("run /another/path/something", variables.Get("variable1")); Assert.Equal("/another/path/something", variables.Get("variable2")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Set_CanConvertAPublicValueIntoASecretValue() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); variables.Set("foo", "bar"); Assert.Equal(1, variables.Public.Count()); // Act. variables.Set("foo", "baz", secret: true); // Assert. Assert.Equal(0, variables.Public.Count()); Assert.Equal("baz", variables.Get("foo")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Set_CannotConvertASecretValueIntoAPublicValue() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); variables.Set("foo", "bar", secret: true); Assert.Equal(0, variables.Public.Count()); Assert.Equal("bar", variables.Get("foo")); // Act. variables.Set("foo", "baz", secret: false); // Assert. Assert.Equal(0, variables.Public.Count()); Assert.Equal("baz", variables.Get("foo")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Set_CanStoreANewSecret() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); // Act. variables.Set("foo", "bar", secret: true); // Assert. Assert.Equal(0, variables.Public.Count()); Assert.Equal("bar", variables.Get("foo")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Set_CanUpdateASecret() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); // Act. variables.Set("foo", "bar", secret: true); variables.Set("foo", "baz", secret: true); // Assert. Assert.Equal(0, variables.Public.Count()); Assert.Equal("baz", variables.Get("foo")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Set_StoresNullAsEmpty() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); // Act. variables.Set("variable1", null); // Assert. Assert.Equal(0, warnings.Count); Assert.Equal(string.Empty, variables.Get("variable1")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Set_StoresValue() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); // Act. variables.Set("foo", "bar"); // Assert. Assert.Equal("bar", variables.Get("foo")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void IsReadOnly_RespectsSystemVariables() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); variables.Set(Constants.Variables.Agent.ReadOnlyVariables, "true"); variables.Set(Constants.Variables.System.AccessToken, "abc"); variables.Set(Constants.Variables.Agent.BuildDirectory, "abc"); variables.Set(Constants.Variables.Build.RepoClean, "abc"); variables.Set(Constants.Variables.Common.TestResultsDirectory, "abc"); // Assert. Assert.True(variables.IsReadOnly(Constants.Variables.System.AccessToken)); Assert.True(variables.IsReadOnly(Constants.Variables.Agent.BuildDirectory)); Assert.True(variables.IsReadOnly(Constants.Variables.Build.RepoClean)); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void IsReadOnly_RespectsUserReadOnlyVariables() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); variables.Set(Constants.Variables.Agent.ReadOnlyVariables, "true"); variables.Set("var1", "abc", secret: false, readOnly: true); variables.Set("var2", "abc", secret: false, readOnly: false); // Assert. Assert.True(variables.IsReadOnly("var1")); Assert.False(variables.IsReadOnly("var2")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void IsReadOnly_ReturnsFalseForUnsetVariables() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); variables.Set(Constants.Variables.Agent.ReadOnlyVariables, "true"); // Assert. Assert.False(variables.IsReadOnly("var1")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void IsReadOnly_ListContainsAllReadOnlyVariables() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List wellKnownSystemVariables = new List(); List wellKnownSystemVariableClasses = new List() { typeof(Constants.Variables.Agent), typeof(Constants.Variables.Build), typeof(Constants.Variables.Features), typeof(Constants.Variables.Pipeline), typeof(Constants.Variables.Release), typeof(Constants.Variables.System), typeof(Constants.Variables.Task) }; // Iterate through members of each class and add any system variables (aka prefixed with our readOnlyPrefixes) foreach (System.Type systemVariableClass in wellKnownSystemVariableClasses) { var wellKnownDistributedTaskFields = systemVariableClass.GetFields(); foreach (var field in wellKnownDistributedTaskFields) { var fieldValue = field.GetValue(systemVariableClass); if (fieldValue != null) { string value = fieldValue.ToString(); wellKnownSystemVariables.Add(value); } } } // Assert. foreach (string systemVariable in wellKnownSystemVariables) { Assert.True(Constants.Variables.ReadOnlyVariables.Contains(systemVariable), "Constants.Variables.ReadOnlyVariables should contain " + systemVariable); } } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Unset() { using (TestHostContext hc = new TestHostContext(this)) { List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); variables.Set("foo", "bar"); Assert.Equal("bar", variables.Get("foo")); variables.Unset("foo"); Assert.Equal(null, variables.Get("foo")); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Scope() { using (TestHostContext hc = new TestHostContext(this)) { List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); var scope = variables.CreateScope(); scope.Set("foo", "bar"); Assert.Equal("bar", variables.Get("foo")); scope.Dispose(); Assert.Equal(null, variables.Get("foo")); } } public void CopyInto_Basic() { using (TestHostContext hc = new TestHostContext(this)) { // Arrange. List warnings; var variables = new Variables(hc, new Dictionary(), out warnings); Dictionary dict1 = new Dictionary(); variables.CopyInto(dict1, Variables.DefaultStringTranslator); Assert.Equal(0, dict1.Count); variables.Set("foo", "bar"); variables.CopyInto(dict1, Variables.DefaultStringTranslator); Assert.Equal(1, dict1.Count); Assert.Equal("bar", dict1["foo"]); variables.Set("boo", "bah", true); variables.CopyInto(dict1, Variables.DefaultStringTranslator); Assert.Equal(2, dict1.Count); Assert.Equal("bar", dict1["foo"]); Assert.Equal(new VariableValue("bah", true), dict1["boo"]); } } } } ================================================ FILE: src/Test/L0/Worker/WorkerCommandManagerL0.cs ================================================ using System; using Microsoft.VisualStudio.Services.Agent.Worker; using System.Collections.Generic; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class WorkerCommandManagerL0 { public sealed class TestWorkerCommandExtensionL0 : BaseWorkerCommandExtension { public TestWorkerCommandExtensionL0() { CommandArea = "TestL0"; SupportedHostTypes = HostTypes.All; InstallWorkerCommand(new FooCommand()); InstallWorkerCommand(new BarCommand()); } public void InstallFoo2Command() { InstallWorkerCommand(new Foo2Command()); } } public class FooCommand : IWorkerCommand { public string Name => "foo"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { } } public class Foo2Command : IWorkerCommand { public string Name => "foo"; public List Aliases => null; public void Execute(IExecutionContext context, Command command) { } } public class BarCommand : IWorkerCommand { public string Name => "bar"; public List Aliases => new List() { "cat" }; public void Execute(IExecutionContext context, Command command) { } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void SimpleTests() { var commandExt = new TestWorkerCommandExtensionL0(); Assert.Throws(() => commandExt.InstallFoo2Command()); IWorkerCommand command = commandExt.GetWorkerCommand("foo"); Assert.Equal("foo", command.Name); Assert.IsType(command); IWorkerCommand command2 = commandExt.GetWorkerCommand("bar"); Assert.Equal("bar", command2.Name); IWorkerCommand command3 = commandExt.GetWorkerCommand("cat"); Assert.Equal("bar", command3.Name); Assert.Equal(command2, command3); } } } ================================================ FILE: src/Test/L0/Worker/WorkerCorrelationIntegrationL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Threading; using System.Threading.Tasks; using Xunit; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Moq; using System.Collections.Generic; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; using ExecutionContext = Microsoft.VisualStudio.Services.Agent.Worker.ExecutionContext; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { /// /// Integration tests for correlation context in Worker scenarios /// Tests end-to-end correlation tracking through job execution /// public sealed class WorkerCorrelationIntegrationL0 { [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Worker_ExecutionContext_AutoRegistersWithCorrelationManager() { // Arrange using var hc = new TestHostContext(this); using var ec = new ExecutionContext(); // Act ec.Initialize(hc); var manager = hc.CorrelationContextManager; // The ExecutionContext constructor should auto-register var correlationId = manager.BuildCorrelationId(); // Assert Assert.NotNull(manager); // Initially empty until correlation is set Assert.Equal(string.Empty, correlationId); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Worker_ExecutionContext_DisposeClearsCorrelation() { // Arrange using var hc = new TestHostContext(this); var manager = hc.CorrelationContextManager; string correlationBeforeDispose; // Act using (var ec = new ExecutionContext()) { ec.Initialize(hc); ec.SetCorrelationStep("dispose-test"); correlationBeforeDispose = manager.BuildCorrelationId(); } // Dispose called here var correlationAfterDispose = manager.BuildCorrelationId(); // Assert Assert.Contains("disposetest", correlationBeforeDispose); // Hyphens removed by ShortenGuid Assert.Equal(string.Empty, correlationAfterDispose); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Worker_NestedExecutionContexts_MaintainIndependentCorrelation() { // Arrange using var hc = new TestHostContext(this); var manager = hc.CorrelationContextManager; using var parentEc = new ExecutionContext(); parentEc.Initialize(hc); parentEc.SetCorrelationStep("parent-step"); var parentCorrelation = manager.BuildCorrelationId(); // Act - Create child context using (var childEc = new ExecutionContext()) { childEc.Initialize(hc); childEc.SetCorrelationStep("child-step"); var childCorrelation = manager.BuildCorrelationId(); // Assert - Child should override parent Assert.Contains("parentstep", parentCorrelation); // Hyphens removed by ShortenGuid Assert.Contains("childstep", childCorrelation); // Hyphens removed by ShortenGuid Assert.NotEqual(parentCorrelation, childCorrelation); } // After child disposal, we're back in parent context // But since child cleared the context, it should be empty var afterChildDispose = manager.BuildCorrelationId(); Assert.Equal(string.Empty, afterChildDispose); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Worker_ExecutionContext_CorrelationFlowsThroughStepExecution() { // Arrange using var hc = new TestHostContext(this); using var ec = new ExecutionContext(); var manager = hc.CorrelationContextManager; var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); var jobServerQueue = new Mock(); jobServerQueue.Setup(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.IsAny())); hc.SetSingleton(jobServerQueue.Object); ec.Initialize(hc); // Create a minimal job request var jobRequest = CreateMinimalJobRequest(); ec.InitializeJob(jobRequest, CancellationToken.None); // Act - Simulate step execution var stepId = Guid.NewGuid(); ec.SetCorrelationStep(stepId.ToString()); var correlationDuringStep = manager.BuildCorrelationId(); // Assert Assert.NotEmpty(correlationDuringStep); Assert.Contains("STEP-", correlationDuringStep); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Worker_ExecutionContext_TaskCorrelationAddsToStepCorrelation() { // Arrange using var hc = new TestHostContext(this); using var ec = new ExecutionContext(); var manager = hc.CorrelationContextManager; ec.Initialize(hc); var stepId = Guid.NewGuid(); var taskId = Guid.NewGuid(); // Act ec.SetCorrelationStep(stepId.ToString()); var stepOnly = manager.BuildCorrelationId(); ec.SetCorrelationTask(taskId.ToString()); var stepAndTask = manager.BuildCorrelationId(); // Assert Assert.Contains("STEP-", stepOnly); Assert.DoesNotContain("TASK-", stepOnly); Assert.Contains("STEP-", stepAndTask); Assert.Contains("TASK-", stepAndTask); Assert.Contains("|", stepAndTask); // Separator between step and task } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Worker_ExecutionContext_ClearCorrelationRemovesFromManager() { // Arrange using var hc = new TestHostContext(this); using var ec = new ExecutionContext(); var manager = hc.CorrelationContextManager; ec.Initialize(hc); ec.SetCorrelationStep("test-step"); ec.SetCorrelationTask("test-task"); var withBoth = manager.BuildCorrelationId(); // Act ec.ClearCorrelationTask(); var withStepOnly = manager.BuildCorrelationId(); ec.ClearCorrelationStep(); var withNone = manager.BuildCorrelationId(); // Assert Assert.Contains("STEP-", withBoth); Assert.Contains("TASK-", withBoth); Assert.Contains("STEP-", withStepOnly); Assert.DoesNotContain("TASK-", withStepOnly); Assert.Equal("TASK-testtask", withBoth.Split('|')[1]); // Hyphens removed by ShortenGuid Assert.Equal(string.Empty, withNone); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async Task Worker_ExecutionContext_CorrelationFlowsAcrossAsyncOperations() { // Arrange using var hc = new TestHostContext(this); using var ec = new ExecutionContext(); var manager = hc.CorrelationContextManager; ec.Initialize(hc); ec.SetCorrelationStep("async-test"); var beforeAsync = manager.BuildCorrelationId(); // Act - Simulate async operation await Task.Delay(10); var afterAsync = manager.BuildCorrelationId(); // Assert - Correlation should persist across await Assert.Equal(beforeAsync, afterAsync); Assert.Contains("asynctest", afterAsync); // Hyphens removed by ShortenGuid } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Worker_MultipleExecutionContexts_LastRegisteredWins() { // Arrange using var hc = new TestHostContext(this); var manager = hc.CorrelationContextManager; using var ec1 = new ExecutionContext(); using var ec2 = new ExecutionContext(); ec1.Initialize(hc); ec2.Initialize(hc); ec1.SetCorrelationStep("context-1"); // Act - ec2 registers after ec1 ec2.SetCorrelationStep("context-2"); var currentCorrelation = manager.BuildCorrelationId(); // Assert - Most recent registration wins Assert.Contains("context2", currentCorrelation); // Hyphens removed by ShortenGuid } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Worker_ExecutionContext_GuidShorteningConsistency() { // Arrange using var hc = new TestHostContext(this); using var ec = new ExecutionContext(); var manager = hc.CorrelationContextManager; ec.Initialize(hc); var fullGuid = "60cf5508-70a7-5ba0-b727-5dd7f6763eb4"; // Act ec.SetCorrelationStep(fullGuid); var correlation = manager.BuildCorrelationId(); // Assert - Should be shortened consistently Assert.Equal("STEP-60cf550870a7", correlation); Assert.Equal(17, correlation.Length); // "STEP-" (5) + 12 chars } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void Worker_ExecutionContext_CorrelationPersistsThroughJobLifecycle() { // Arrange using var hc = new TestHostContext(this); using var ec = new ExecutionContext(); var manager = hc.CorrelationContextManager; var pagingLogger = new Mock(); hc.EnqueueInstance(pagingLogger.Object); var jobServerQueue = new Mock(); jobServerQueue.Setup(x => x.QueueTimelineRecordUpdate(It.IsAny(), It.IsAny())); hc.SetSingleton(jobServerQueue.Object); ec.Initialize(hc); // Act - Simulate job lifecycle var jobRequest = CreateMinimalJobRequest(); ec.InitializeJob(jobRequest, CancellationToken.None); var jobId = jobRequest.JobId; ec.SetCorrelationStep(jobId.ToString()); var duringJob = manager.BuildCorrelationId(); // Complete job ec.Complete(); var afterComplete = manager.BuildCorrelationId(); // Assert Assert.Contains("STEP-", duringJob); Assert.Contains("STEP-", afterComplete); Assert.Equal(duringJob, afterComplete); // Should persist until disposed } // Helper method to create minimal job request private Pipelines.AgentJobRequestMessage CreateMinimalJobRequest() { var plan = new TaskOrchestrationPlanReference(); var timeline = new TimelineReference(); var environment = new JobEnvironment(); environment.SystemConnection = new ServiceEndpoint(); var tasks = new List(); var jobId = Guid.NewGuid(); var jobName = "Test Job"; var message = new AgentJobRequestMessage(plan, timeline, jobId, jobName, jobName, environment, tasks); return Pipelines.AgentJobRequestMessageUtil.Convert(message); } } } ================================================ FILE: src/Test/L0/Worker/WorkerL0.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker; using Moq; using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; using Xunit; using Microsoft.VisualStudio.Services.WebApi; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Microsoft.VisualStudio.Services.Agent.Tests.Worker { public sealed class WorkerL0 { private Mock _processChannel; private Mock _jobRunner; private Mock _proxy; private Mock _cert; public WorkerL0() { _processChannel = new Mock(); _jobRunner = new Mock(); _proxy = new Mock(); _cert = new Mock(); } private Pipelines.AgentJobRequestMessage CreateJobRequestMessage(string jobName) { TaskOrchestrationPlanReference plan = new TaskOrchestrationPlanReference() { PlanId = Guid.NewGuid() }; TimelineReference timeline = null; Dictionary variables = new Dictionary(StringComparer.OrdinalIgnoreCase); variables[Constants.Variables.System.Culture] = "en-US"; Pipelines.JobResources resources = new Pipelines.JobResources(); var serviceEndpoint = new ServiceEndpoint(); serviceEndpoint.Authorization = new EndpointAuthorization(); serviceEndpoint.Authorization.Parameters.Add("nullValue", null); resources.Endpoints.Add(serviceEndpoint); List tasks = new List(); tasks.Add(new Pipelines.TaskStep() { Id = Guid.NewGuid(), Reference = new Pipelines.TaskStepDefinitionReference() { Id = Guid.NewGuid(), Name = "TestTask", Version = "1.0.0" } }); Guid JobId = Guid.NewGuid(); var sidecarContainers = new Dictionary(StringComparer.OrdinalIgnoreCase) { ["nginx"] = "nginx" }; var jobRequest = new Pipelines.AgentJobRequestMessage(plan, timeline, JobId, jobName, jobName, "ubuntu", sidecarContainers, variables, new List(), resources, null, tasks); return jobRequest; } private JobCancelMessage CreateJobCancelMessage(Guid jobId) { return new JobCancelMessage(jobId, TimeSpan.FromSeconds(0)); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void DispatchRunNewJob() { //Arrange using (var hc = new TestHostContext(this)) using (var tokenSource = new CancellationTokenSource()) { var worker = new Microsoft.VisualStudio.Services.Agent.Worker.Worker(); hc.EnqueueInstance(_processChannel.Object); hc.EnqueueInstance(_jobRunner.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); worker.Initialize(hc); var jobMessage = CreateJobRequestMessage("job1"); var arWorkerMessages = new WorkerMessage[] { new WorkerMessage { Body = JsonUtility.ToString(jobMessage), MessageType = MessageType.NewJobRequest } }; var workerMessages = new Queue(arWorkerMessages); _processChannel .Setup(x => x.ReceiveAsync(It.IsAny())) .Returns(async () => { // Return the job message. if (workerMessages.Count > 0) { return workerMessages.Dequeue(); } // Wait for the text to run await Task.Delay(-1, tokenSource.Token); return default(WorkerMessage); }); _jobRunner.Setup(x => x.RunAsync(It.IsAny(), It.IsAny())) .Returns(Task.FromResult(TaskResult.Succeeded)); //Act await worker.RunAsync(pipeIn: "1", pipeOut: "2"); //Assert _processChannel.Verify(x => x.StartClient("1", "2"), Times.Once()); _jobRunner.Verify(x => x.RunAsync( It.Is(y => IsMessageIdentical(y, jobMessage)), It.IsAny())); tokenSource.Cancel(); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void DispatchCancellation() { //Arrange using (var hc = new TestHostContext(this)) { var worker = new Microsoft.VisualStudio.Services.Agent.Worker.Worker(); hc.EnqueueInstance(_processChannel.Object); hc.EnqueueInstance(_jobRunner.Object); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); worker.Initialize(hc); var jobMessage = CreateJobRequestMessage("job1"); var cancelMessage = CreateJobCancelMessage(jobMessage.JobId); var arWorkerMessages = new WorkerMessage[] { new WorkerMessage { Body = JsonUtility.ToString(jobMessage), MessageType = MessageType.NewJobRequest }, new WorkerMessage { Body = JsonUtility.ToString(cancelMessage), MessageType = MessageType.CancelRequest } }; var workerMessages = new Queue(arWorkerMessages); _processChannel.Setup(x => x.ReceiveAsync(It.IsAny())) .Returns(() => { if (workerMessages.Count > 0) { return Task.FromResult(workerMessages.Dequeue()); } // Return a task that will never complete to avoid queue empty exception var tcs = new TaskCompletionSource(); return tcs.Task; }); _jobRunner.Setup(x => x.RunAsync(It.IsAny(), It.IsAny())) .Returns( async (Pipelines.AgentJobRequestMessage jm, CancellationToken ct) => { await Task.Delay(-1, ct); return TaskResult.Canceled; }); //Act await Assert.ThrowsAsync( async () => await worker.RunAsync("1", "2")); //Assert _processChannel.Verify(x => x.StartClient("1", "2"), Times.Once()); _jobRunner.Verify(x => x.RunAsync( It.Is(y => IsMessageIdentical(y, jobMessage)), It.IsAny())); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void VerifyJobRequestMessagePiiDataIsScrubbed() { // Arrange Pipelines.AgentJobRequestMessage message = CreateJobRequestMessage("jobwithpiidata"); // Populate PII variables foreach (string piiVariable in Variables.PiiVariables) { message.Variables.Add(piiVariable, "MyPiiVariable"); } foreach (string piiVariableSuffix in Variables.PiiArtifactVariableSuffixes) { message.Variables.Add($"{Variables.PiiArtifactVariablePrefix}.MyArtifact.{piiVariableSuffix}", "MyPiiVariable"); } // Populate the repository PII data Pipelines.RepositoryResource repository = new Pipelines.RepositoryResource(); repository.Properties.Set( Pipelines.RepositoryPropertyNames.VersionInfo, new Pipelines.VersionInfo() { Author = "MyAuthor" }); message.Resources.Repositories.Add(repository); // Act Pipelines.AgentJobRequestMessage scrubbedMessage = WorkerUtilities.ScrubPiiData(message); // Assert foreach (string piiVariable in Variables.PiiVariables) { scrubbedMessage.Variables.TryGetValue(piiVariable, out VariableValue value); Assert.Equal("[PII]", value.Value); } foreach (string piiVariableSuffix in Variables.PiiArtifactVariableSuffixes) { scrubbedMessage.Variables.TryGetValue($"{Variables.PiiArtifactVariablePrefix}.MyArtifact.{piiVariableSuffix}", out VariableValue value); Assert.Equal("[PII]", value.Value); } Pipelines.RepositoryResource scrubbedRepo = scrubbedMessage.Resources.Repositories[0]; Pipelines.VersionInfo scrubbedInfo = scrubbedRepo.Properties.Get(Pipelines.RepositoryPropertyNames.VersionInfo); Assert.Equal("[PII]", scrubbedInfo.Author); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void VerifyJobRequestMessageVsoCommandsDeactivated() { Pipelines.AgentJobRequestMessage message = CreateJobRequestMessage("jobWithVsoCommands"); message.Variables[Constants.Variables.Build.SourceVersionMessage] = "##vso[setVariable]etc1"; message.Variables[Constants.Variables.System.SourceVersionMessage] = "##vso[setVariable]etc2"; message.Variables[Constants.Variables.Build.DefinitionName] = "##vso[setVariable]etc3"; message.Variables[Constants.Variables.System.DefinitionName] = "##vso[setVariable]etc4"; message.Variables[Constants.Variables.Release.ReleaseDefinitionName] = "##vso[setVariable]etc5"; message.Variables[Constants.Variables.Release.ReleaseEnvironmentName] = "##vso[setVariable]etc6"; message.Variables[Constants.Variables.Build.SourceVersionAuthor] = "##vso[setVariable]etc7"; message.Variables[Constants.Variables.Agent.Name] = "test"; message.Variables[Constants.Variables.Agent.MachineName] = "gA=="; var scrubbedMessage = WorkerUtilities.DeactivateVsoCommandsFromJobMessageVariables(message); Assert.Equal("**vso[setVariable]etc1", scrubbedMessage.Variables[Constants.Variables.Build.SourceVersionMessage]); Assert.Equal("**vso[setVariable]etc2", scrubbedMessage.Variables[Constants.Variables.System.SourceVersionMessage]); Assert.Equal("**vso[setVariable]etc3", scrubbedMessage.Variables[Constants.Variables.Build.DefinitionName]); Assert.Equal("**vso[setVariable]etc4", scrubbedMessage.Variables[Constants.Variables.System.DefinitionName]); Assert.Equal("**vso[setVariable]etc5", scrubbedMessage.Variables[Constants.Variables.Release.ReleaseDefinitionName]); Assert.Equal("**vso[setVariable]etc6", scrubbedMessage.Variables[Constants.Variables.Release.ReleaseEnvironmentName]); Assert.Equal("**vso[setVariable]etc7", scrubbedMessage.Variables[Constants.Variables.Build.SourceVersionAuthor]); Assert.Equal("test", scrubbedMessage.Variables[Constants.Variables.Agent.Name]); Assert.Equal("gA==", scrubbedMessage.Variables[Constants.Variables.Agent.MachineName]); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void VerifyIfOtherVariablesNotDeactivatesVsoCommands() { Pipelines.AgentJobRequestMessage message = CreateJobRequestMessage("jobWithVsoCommands"); message.Variables[Constants.Variables.Build.RepoName] = "##vso[setVariable]etc1"; message.Variables[Constants.Variables.System.JobId] = "##vso[setVariable]etc2"; var scrubbedMessage = WorkerUtilities.DeactivateVsoCommandsFromJobMessageVariables(message); Assert.Equal("##vso[setVariable]etc1", scrubbedMessage.Variables[Constants.Variables.Build.RepoName]); Assert.Equal("##vso[setVariable]etc2", scrubbedMessage.Variables[Constants.Variables.System.JobId]); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void VerifyJobRequestMessageVsoCommandsDeactivatedIfVariableCasesNotMatch() { Pipelines.AgentJobRequestMessage message = CreateJobRequestMessage("jobWithVsoCommands"); message.Variables[Constants.Variables.Build.SourceVersionMessage.ToUpper()] = "##vso[setVariable]etc1"; message.Variables[Constants.Variables.System.SourceVersionMessage.ToLower()] = "##vso[setVariable]etc2"; var scrubbedMessage = WorkerUtilities.DeactivateVsoCommandsFromJobMessageVariables(message); Assert.Equal("**vso[setVariable]etc1", scrubbedMessage.Variables[Constants.Variables.Build.SourceVersionMessage]); Assert.Equal("**vso[setVariable]etc2", scrubbedMessage.Variables[Constants.Variables.System.SourceVersionMessage]); } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public void VerifyJobRequestMessageVsoCommandsDeactivatedIfVariableCasesHandlesNullValues() { Pipelines.AgentJobRequestMessage message = CreateJobRequestMessage("jobWithVsoCommands"); message.Variables[Constants.Variables.Build.SourceVersionMessage] = ""; message.Variables[Constants.Variables.System.SourceVersionMessage] = null; message.Variables[Constants.Variables.Build.DefinitionName] = " "; var scrubbedMessage = WorkerUtilities.DeactivateVsoCommandsFromJobMessageVariables(message); Assert.Equal("", scrubbedMessage.Variables[Constants.Variables.Build.SourceVersionMessage]); Assert.Equal("", scrubbedMessage.Variables[Constants.Variables.System.SourceVersionMessage]); Assert.Equal(" ", scrubbedMessage.Variables[Constants.Variables.Build.DefinitionName]); } private bool IsMessageIdentical(Pipelines.AgentJobRequestMessage source, Pipelines.AgentJobRequestMessage target) { if (source == null && target == null) { return true; } if (source != null && target == null) { return false; } if (source == null && target != null) { return false; } if (source.JobContainer != target.JobContainer) { return false; } if (source.JobDisplayName != target.JobDisplayName) { return false; } if (source.JobId != target.JobId) { return false; } if (source.JobName != target.JobName) { return false; } if (source.MaskHints.Count != target.MaskHints.Count) { return false; } if (source.MessageType != target.MessageType) { return false; } if (source.Plan.PlanId != target.Plan.PlanId) { return false; } if (source.RequestId != target.RequestId) { return false; } if (source.Resources.Endpoints.Count != target.Resources.Endpoints.Count) { return false; } if (source.Steps.Count != target.Steps.Count) { return false; } if (source.Variables.Count != target.Variables.Count) { return false; } return true; } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void FlushLogsRequest_WhenFeatureEnabled_TriggersWorkerTimeout() { // Arrange using (var hc = new TestHostContext(this)) { // Set the timeout log flushing feature flag environment variable Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", "true"); var worker = new Agent.Worker.Worker(); worker.Initialize(hc); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.EnqueueInstance(_processChannel.Object); hc.EnqueueInstance(_jobRunner.Object); var jobMessage = CreateJobRequestMessage("job1"); var callCount = 0; var jobStarted = new TaskCompletionSource(); _processChannel.Setup(x => x.ReceiveAsync(It.IsAny())) .Returns(async () => { callCount++; if (callCount == 1) { // First call - return the job request return new WorkerMessage { Body = JsonUtility.ToString(jobMessage), MessageType = MessageType.NewJobRequest }; } else if (callCount == 2) { // Second call - wait for job to start, then return FlushLogsRequest await jobStarted.Task.ConfigureAwait(false); await Task.Delay(50); // Give job a moment to start return new WorkerMessage { Body = "", MessageType = MessageType.FlushLogsRequest }; } else { // Subsequent calls - return CancelRequest to avoid blocking await Task.Delay(10); return new WorkerMessage { MessageType = MessageType.CancelRequest, Body = "" }; } }); _jobRunner.Setup(x => x.RunAsync(It.IsAny(), It.IsAny())) .Returns(async (Pipelines.AgentJobRequestMessage msg, CancellationToken ct) => { // Signal that the job has started jobStarted.SetResult(true); // Run long enough to allow FlushLogsRequest to be processed // Use a loop with cancellation token support to be more realistic for (int i = 0; i < 100; i++) { if (ct.IsCancellationRequested || hc.WorkerShutdownForTimeout.IsCancellationRequested) { break; } await Task.Delay(50, CancellationToken.None); // Don't use ct to avoid cancellation race } return TaskResult.Succeeded; }); // Act var result = await worker.RunAsync("pipeIn", "pipeOut"); // Assert // When feature is enabled, worker should process FlushLogsRequest and complete normally Assert.Equal(100, result); // TaskResult.Succeeded translates to return code 100 // Verify that ShutdownWorkerForTimeout was called by checking if the token is cancelled Assert.True(hc.WorkerShutdownForTimeout.IsCancellationRequested); // Cleanup Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void FlushLogsRequest_WhenFeatureDisabled_IgnoresRequest() { // Arrange using (var hc = new TestHostContext(this)) { // Ensure the timeout log flushing feature flag environment variable is not set Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", "false"); var worker = new Agent.Worker.Worker(); worker.Initialize(hc); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.EnqueueInstance(_processChannel.Object); hc.EnqueueInstance(_jobRunner.Object); var jobMessage = CreateJobRequestMessage("job1"); var callCount = 0; var jobStarted = new TaskCompletionSource(); _processChannel.Setup(x => x.ReceiveAsync(It.IsAny())) .Returns(async () => { callCount++; if (callCount == 1) { // First call - return the job request return new WorkerMessage { Body = JsonUtility.ToString(jobMessage), MessageType = MessageType.NewJobRequest }; } else if (callCount == 2) { // Second call - wait for job to start, then return FlushLogsRequest await jobStarted.Task.ConfigureAwait(false); await Task.Delay(50); // Give job a moment to start return new WorkerMessage { Body = "", MessageType = MessageType.FlushLogsRequest }; } else { // Subsequent calls - return CancelRequest to avoid blocking await Task.Delay(10); return new WorkerMessage { MessageType = MessageType.CancelRequest, Body = "" }; } }); _jobRunner.Setup(x => x.RunAsync(It.IsAny(), It.IsAny())) .Returns(async (Pipelines.AgentJobRequestMessage jm, CancellationToken ct) => { // Signal that the job has started jobStarted.SetResult(true); // Run long enough to allow FlushLogsRequest to be processed // Use a loop with cancellation token support to be more realistic for (int i = 0; i < 100; i++) { if (ct.IsCancellationRequested || hc.WorkerShutdownForTimeout.IsCancellationRequested) { break; } await Task.Delay(50, CancellationToken.None); // Don't use ct to avoid cancellation race } return TaskResult.Succeeded; }); // Act var result = await worker.RunAsync("pipeIn", "pipeOut"); // Assert // When feature is disabled, FlushLogsRequest still triggers worker shutdown (simplified implementation) Assert.Equal(100, result); // TaskResult.Succeeded translates to return code 100 // Verify that ShutdownWorkerForTimeout was called (always called now regardless of feature flag) Assert.True(hc.WorkerShutdownForTimeout.IsCancellationRequested); // Cleanup Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); } } [Fact] [Trait("Level", "L0")] [Trait("Category", "Worker")] public async void FlushLogsRequest_WhenFeatureNotSet_DefaultsToDisabled() { // Arrange using (var hc = new TestHostContext(this)) { // Ensure the timeout log flushing feature flag environment variable is not set Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); var worker = new Agent.Worker.Worker(); worker.Initialize(hc); hc.SetSingleton(_proxy.Object); hc.SetSingleton(_cert.Object); hc.EnqueueInstance(_processChannel.Object); hc.EnqueueInstance(_jobRunner.Object); var jobMessage = CreateJobRequestMessage("job1"); var callCount = 0; var jobStarted = new TaskCompletionSource(); _processChannel.Setup(x => x.ReceiveAsync(It.IsAny())) .Returns(async () => { callCount++; if (callCount == 1) { // First call - return the job request return new WorkerMessage { Body = JsonUtility.ToString(jobMessage), MessageType = MessageType.NewJobRequest }; } else if (callCount == 2) { // Second call - wait for job to start, then return FlushLogsRequest await jobStarted.Task.ConfigureAwait(false); await Task.Delay(50); // Give job a moment to start return new WorkerMessage { Body = "", MessageType = MessageType.FlushLogsRequest }; } else { // Subsequent calls - return CancelRequest to avoid blocking await Task.Delay(10); return new WorkerMessage { MessageType = MessageType.CancelRequest, Body = "" }; } }); _jobRunner.Setup(x => x.RunAsync(It.IsAny(), It.IsAny())) .Returns(async (Pipelines.AgentJobRequestMessage jm, CancellationToken ct) => { // Signal that the job has started jobStarted.SetResult(true); // Run long enough to allow FlushLogsRequest to be processed // Use a loop with cancellation token support to be more realistic for (int i = 0; i < 100; i++) { if (ct.IsCancellationRequested || hc.WorkerShutdownForTimeout.IsCancellationRequested) { break; } await Task.Delay(50, CancellationToken.None); // Don't use ct to avoid cancellation race } return TaskResult.Succeeded; }); // Act var result = await worker.RunAsync("pipeIn", "pipeOut"); // Assert // When feature is not set (defaults to disabled), FlushLogsRequest still triggers worker shutdown (simplified implementation) Assert.Equal(100, result); // TaskResult.Succeeded translates to return code 100 // Verify that ShutdownWorkerForTimeout was called (always called now regardless of feature flag) Assert.True(hc.WorkerShutdownForTimeout.IsCancellationRequested); } } } } ================================================ FILE: src/Test/L1/L1HostContext.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.IO; using System.Reflection; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public class L1HostContext : HostContext { public L1HostContext(HostType hostType, string logFile = null) : base(hostType, logFile) { } public T SetupService(Type target) where T : class, IAgentService { if (!typeof(T).IsAssignableFrom(target)) { throw new ArgumentException("The target type must implement the specified interface"); } ServiceTypes.TryAdd(typeof(T), target); return GetService(); } public override string GetDirectory(WellKnownDirectory directory) { if (directory == WellKnownDirectory.Bin) { return Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); } return base.GetDirectory(directory); } } } ================================================ FILE: src/Test/L1/Mock/FakeAgentPluginManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Microsoft.VisualStudio.Services.Agent.Worker; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public class FakeAgentPluginManager : AgentPluginManager { public override void Initialize(IHostContext hostContext) { // Inject any plugin mocks here. // Each injection should be paired with a removal of the plugin being mocked. ReplacePlugin("Agent.Plugins.Repository.CheckoutTask, Agent.Plugins", "Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker.FakeCheckoutTask, Test"); base.Initialize(hostContext); } private void ReplacePlugin(string existingPlugin, string fakePlugin) { if (!_taskPlugins.Contains(existingPlugin)) { throw new Exception($"{existingPlugin} must exist in _taskPlugins in order to be replaced"); } if (_taskPlugins.Contains(fakePlugin)) { throw new Exception($"{fakePlugin} already exists in _taskPlugins"); } _taskPlugins.Remove(existingPlugin); _taskPlugins.Add(fakePlugin); } } } ================================================ FILE: src/Test/L1/Mock/FakeBuildServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Threading; using System.Threading.Tasks; using System.Collections.Generic; using System; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Build2 = Microsoft.TeamFoundation.Build.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public class FakeBuildServer : AgentService, IBuildServer { public List AssosciatedArtifacts { get; } public List BuildTags { get; } public string BuildNumber { get; internal set; } public FakeBuildServer() { AssosciatedArtifacts = new List(); BuildTags = new List(); } public Task ConnectAsync(VssConnection jobConnection) { return Task.CompletedTask; } public Task AssociateArtifactAsync( int buildId, Guid projectId, string name, string jobId, string type, string data, Dictionary propertiesDictionary, CancellationToken cancellationToken = default(CancellationToken)) { AssosciatedArtifacts.Add(data); return Task.FromResult(new Build2.BuildArtifact { Name = data }); } public Task UpdateBuildNumber( int buildId, Guid projectId, string buildNumber, CancellationToken cancellationToken = default(CancellationToken)) { BuildNumber = buildNumber; return Task.FromResult(new Build2.Build { BuildNumber = buildNumber }); } public Task> AddBuildTag( int buildId, Guid projectId, string buildTag, CancellationToken cancellationToken = default(CancellationToken)) { BuildTags.Add(buildTag); return Task.FromResult>(BuildTags); } } } ================================================ FILE: src/Test/L1/Mock/FakeConfigurationStore.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Collections.Generic; using System.IO; using System.Reflection; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public class FakeConfigurationStore : AgentService, IConfigurationStore { public string WorkingDirectoryName { get; set; } public string RootFolder => Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) + "/TestRuns/" + WorkingDirectoryName; public List setupInfo => new List(); private AgentSettings _agentSettings; public bool IsConfigured() { return true; } public bool IsServiceConfigured() { return true; } public bool IsAutoLogonConfigured() { return true; } public bool HasCredentials() { return true; } public CredentialData GetCredentials() { return null; } public IEnumerable GetSetupInfo() { return setupInfo; } public AgentSettings GetSettings() { if (_agentSettings == null) { _agentSettings = new AgentSettings { AgentName = "TestAgent", WorkFolder = RootFolder + "/w" }; } return _agentSettings; } public void UpdateSettings(AgentSettings agentSettings) { _agentSettings = agentSettings; } public void SaveCredential(CredentialData credential) { } public void SaveSettings(AgentSettings settings) { } public void DeleteCredential() { } public void DeleteSettings() { } public void DeleteAutoLogonSettings() { } public void SaveAutoLogonSettings(AutoLogonSettings settings) { } public AutoLogonSettings GetAutoLogonSettings() { return null; } public AgentRuntimeOptions GetAgentRuntimeOptions() { return null; } public void SaveAgentRuntimeOptions(AgentRuntimeOptions options) { } public void DeleteAgentRuntimeOptions() { } } } ================================================ FILE: src/Test/L1/Mock/FakeCustomerIntelligenceServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.WebPlatform; using System.Collections.Generic; using System.Threading.Tasks; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public class FakeCustomerIntelligenceServer : AgentService, ICustomerIntelligenceServer { public IList events = new List(); public void Initialize(VssConnection connection) { } public Task PublishEventsAsync(CustomerIntelligenceEvent[] ciEvents) { events.AddRange(ciEvents); return Task.CompletedTask; } } } ================================================ FILE: src/Test/L1/Mock/FakeJobServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.IO; using System.Threading; using System.Threading.Tasks; using System.Collections.Generic; using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; using System.Linq; using Microsoft.VisualStudio.Services.Agent.Blob; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.BlobStore.Common; using Microsoft.VisualStudio.Services.Content.Common; using Microsoft.VisualStudio.Services.Content.Common.Telemetry; using BuildXL.Cache.ContentStore.Hashing; using BlobIdentifierWithBlocks = Microsoft.VisualStudio.Services.BlobStore.Common.BlobIdentifierWithBlocks; using VsoHash = Microsoft.VisualStudio.Services.BlobStore.Common.VsoHash; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public class FakeJobServer : AgentService, IJobServer { public List RecordedEvents { get; } public Dictionary LogObjects { get; } public Dictionary> LogLines { get; } public Dictionary Timelines { get; } public List AttachmentsCreated { get; } public Dictionary> UploadedLogBlobs { get; } public List UploadedAttachmentBlobFiles { get; } public Dictionary> IdToBlobMapping { get; } public FakeJobServer() { RecordedEvents = new List(); Timelines = new Dictionary(); LogObjects = new Dictionary(); LogLines = new Dictionary>(); AttachmentsCreated = new List(); UploadedLogBlobs = new Dictionary>(); IdToBlobMapping = new Dictionary>(); } public Task ConnectAsync(VssConnection jobConnection) { return Task.CompletedTask; } public Task AppendLogContentAsync(Guid scopeIdentifier, string hubName, Guid planId, int logId, Stream uploadStream, CancellationToken cancellationToken) { using (var reader = new StreamReader(uploadStream)) { var text = reader.ReadToEnd(); var addedLines = text.Split("\n"); var lines = LogLines.GetValueOrDefault(logId); lines.AddRange(addedLines); return Task.FromResult(LogObjects.GetValueOrDefault(logId)); } } public Task AppendTimelineRecordFeedAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, Guid stepId, IList lines, long startLine, CancellationToken cancellationToken) { return Task.CompletedTask; } public Task CreateAttachmentAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, String type, String name, Stream uploadStream, CancellationToken cancellationToken) { AttachmentsCreated.Add(name); return Task.FromResult(new TaskAttachment(type, name)); } public Task AssosciateAttachmentAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, string type, string name, DedupIdentifier dedupId, long length, CancellationToken cancellationToken) { AttachmentsCreated.Add(name); return Task.FromResult(new TaskAttachment(type, name)); } public Task CreateLogAsync(Guid scopeIdentifier, string hubName, Guid planId, TaskLog log, CancellationToken cancellationToken) { log.Id = LogObjects.Count + 1; LogObjects.Add(log.Id, log); LogLines.Add(log.Id, new List()); IdToBlobMapping.Add(log.Id, new List()); return Task.FromResult(log); } public Task CreateTimelineAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, CancellationToken cancellationToken) { var timeline = new Timeline { Id = timelineId }; Timelines.Add(timelineId, timeline); return Task.FromResult(timeline); } public Task> UpdateTimelineRecordsAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, IEnumerable records, CancellationToken cancellationToken) { var recordDictionary = records.ToDictionary(x => x.Id); Timeline timeline = Timelines.GetValueOrDefault(timelineId); foreach (var record in timeline.Records) { if (recordDictionary.ContainsKey(record.Id)) { MergeTimelineRecords(record, recordDictionary.GetValueOrDefault(record.Id)); recordDictionary.Remove(record.Id); } } timeline.Records.AddRange(recordDictionary.Values); return Task.FromResult(records.ToList()); } public Task RaisePlanEventAsync(Guid scopeIdentifier, string hubName, Guid planId, T eventData, CancellationToken cancellationToken) where T : JobEvent { RecordedEvents.Add(eventData); return Task.CompletedTask; } public Task GetTimelineAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, CancellationToken cancellationToken) { return Task.FromResult(Timelines[timelineId]); } public Task UploadLogToBlobStore(Stream blob, string hubName, Guid planId, int logId) { var blockBlobId = VsoHash.CalculateBlobIdentifierWithBlocks(blob); blob.Position = 0; using (var reader = new StreamReader(blob)) { var text = reader.ReadToEnd(); var lines = text.Split("\n"); UploadedLogBlobs.Add(blockBlobId, lines); } return Task.FromResult(blockBlobId); } public async Task<(DedupIdentifier dedupId, ulong length)> UploadAttachmentToBlobStore(bool verbose, string itemPath, Guid planId, Guid jobId, CancellationToken cancellationToken) { UploadedAttachmentBlobFiles.Add(itemPath); var chunk = await ChunkerHelper.CreateFromFileAsync(FileSystem.Instance, itemPath, cancellationToken, false); var rootNode = new DedupNode(new[] { chunk }); var dedupId = rootNode.GetDedupIdentifier(); return (dedupId, rootNode.TransitiveContentBytes); } public Task AssociateLogAsync(Guid scopeIdentifier, string hubName, Guid planId, int logId, BlobIdentifierWithBlocks blobBlockId, int lineCount, CancellationToken cancellationToken) { var ids = IdToBlobMapping.GetValueOrDefault(logId); ids.Add(blobBlockId); return Task.FromResult(LogObjects.GetValueOrDefault(logId)); } private void MergeTimelineRecords(TimelineRecord timelineRecord, TimelineRecord rec) { timelineRecord.CurrentOperation = rec.CurrentOperation ?? timelineRecord.CurrentOperation; timelineRecord.Details = rec.Details ?? timelineRecord.Details; timelineRecord.FinishTime = rec.FinishTime ?? timelineRecord.FinishTime; timelineRecord.Log = rec.Log ?? timelineRecord.Log; timelineRecord.Name = rec.Name ?? timelineRecord.Name; timelineRecord.RefName = rec.RefName ?? timelineRecord.RefName; timelineRecord.PercentComplete = rec.PercentComplete ?? timelineRecord.PercentComplete; timelineRecord.RecordType = rec.RecordType ?? timelineRecord.RecordType; timelineRecord.Result = rec.Result ?? timelineRecord.Result; timelineRecord.ResultCode = rec.ResultCode ?? timelineRecord.ResultCode; timelineRecord.StartTime = rec.StartTime ?? timelineRecord.StartTime; timelineRecord.State = rec.State ?? timelineRecord.State; timelineRecord.WorkerName = rec.WorkerName ?? timelineRecord.WorkerName; if (rec.ErrorCount != null && rec.ErrorCount > 0) { timelineRecord.ErrorCount = rec.ErrorCount; } if (rec.WarningCount != null && rec.WarningCount > 0) { timelineRecord.WarningCount = rec.WarningCount; } if (rec.Issues.Count > 0) { timelineRecord.Issues.Clear(); timelineRecord.Issues.AddRange(rec.Issues.Select(i => i.Clone())); } if (rec.Variables.Count > 0) { foreach (var variable in rec.Variables) { timelineRecord.Variables[variable.Key] = variable.Value.Clone(); } } } } } ================================================ FILE: src/Test/L1/Mock/FakeReleaseServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Threading; using System.Threading.Tasks; using System.Collections.Generic; using System; using Microsoft.VisualStudio.Services.WebApi; using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Contracts; using Microsoft.VisualStudio.Services.Agent.Worker.Release; using RMContracts = Microsoft.VisualStudio.Services.ReleaseManagement.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public class FakeReleaseServer : AgentService, IReleaseServer { public string ReleaseName { get; internal set; } public Task ConnectAsync(VssConnection jobConnection) { return Task.CompletedTask; } public IEnumerable GetReleaseArtifactsFromService( int releaseId, Guid projectId, CancellationToken cancellationToken = default(CancellationToken)) { return new List(); } public Task UpdateReleaseName( string releaseId, Guid projectId, string releaseName, CancellationToken cancellationToken = default(CancellationToken)) { ReleaseName = releaseName; return Task.FromResult(new RMContracts.Release { Name = releaseName }); } } } ================================================ FILE: src/Test/L1/Mock/FakeResourceMetricsManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.Threading.Tasks; using Microsoft.VisualStudio.Services.Agent.Worker; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public sealed class FakeResourceMetricsManager : AgentService, IResourceMetricsManager { public Task RunDebugResourceMonitorAsync() { return Task.CompletedTask; } public Task RunMemoryUtilizationMonitorAsync() { return Task.CompletedTask; } public Task RunDiskSpaceUtilizationMonitorAsync() { return Task.CompletedTask; } public Task RunCpuUtilizationMonitorAsync(string taskId) { return Task.CompletedTask; } public void SetContext(IExecutionContext context) { } public void Dispose() { } } } ================================================ FILE: src/Test/L1/Mock/FakeTaskManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.VisualStudio.Services.Agent.Worker; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public class FakeTaskManager : TaskManager { public override Definition Load(Pipelines.TaskStep task) { Definition d = base.Load(task); if (task.Reference.Id == Pipelines.PipelineConstants.CheckoutTask.Id && task.Reference.Version == Pipelines.PipelineConstants.CheckoutTask.Version) { AgentPluginHandlerData checkoutHandlerData = new AgentPluginHandlerData(); checkoutHandlerData.Target = "Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker.FakeCheckoutTask, Test"; d.Data.Execution = new ExecutionData() { AgentPlugin = checkoutHandlerData }; } return d; } } } ================================================ FILE: src/Test/L1/Mock/FakeTaskServer.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.IO; using System.Threading; using System.Threading.Tasks; using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; using Microsoft.VisualStudio.Services.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public class FakeTaskServer : AgentService, ITaskServer { public Task ConnectAsync(VssConnection jobConnection) { return Task.CompletedTask; } public Task GetTaskContentZipAsync(Guid taskId, TaskVersion taskVersion, CancellationToken token) { String taskZip = Path.Join(HostContext.GetDirectory(WellKnownDirectory.Externals), "Tasks", taskId.ToString() + ".zip"); if (File.Exists(taskZip)) { return Task.FromResult(new FileStream(taskZip, FileMode.Open, FileAccess.Read, FileShare.Read)); } else { throw new Exception("A step specified a task which does not exist in the L1 test framework. Any tasks used by L1 tests must be added manually."); } } public Task TaskDefinitionEndpointExist() { return Task.FromResult(true); } } } ================================================ FILE: src/Test/L1/Plugins/FakeCheckoutTask.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using Agent.Plugins.Repository; using System.Collections.Generic; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public class FakeCheckoutTask : CheckoutTask { public FakeCheckoutTask() : base(new FakeSourceProviderFactory()) { } public FakeCheckoutTask(ISourceProviderFactory SourceProviderFactory) : base(new FakeSourceProviderFactory()) { } } public sealed class FakeSourceProviderFactory : SourceProviderFactory { public override ISourceProvider GetSourceProvider(string repositoryType) { ISourceProvider sourceProvider = base.GetSourceProvider(repositoryType); if (sourceProvider.GetType() == typeof(GitHubSourceProvider)) { return new FakeGitHubSourceProvider(); } else if (sourceProvider.GetType() == typeof(BitbucketGitSourceProvider)) { return new FakeBitbucketGitSourceProvider(); } else if (sourceProvider.GetType() == typeof(ExternalGitSourceProvider)) { return new FakeExternalGitSourceProvider(); } else if (sourceProvider.GetType() == typeof(TfsGitSourceProvider)) { return new FakeTfsGitSourceProvider(); } else { throw new Exception("Source provider not mocked: " + repositoryType); } } } public sealed class FakeGitHubSourceProvider : GitHubSourceProvider { protected override GitCliManager GetCliManager(Dictionary gitEnv = null) { return new FakeGitCliManager(gitEnv); } } public sealed class FakeBitbucketGitSourceProvider : BitbucketGitSourceProvider { protected override GitCliManager GetCliManager(Dictionary gitEnv = null) { return new FakeGitCliManager(gitEnv); } } public sealed class FakeExternalGitSourceProvider : ExternalGitSourceProvider { protected override GitCliManager GetCliManager(Dictionary gitEnv = null) { return new FakeGitCliManager(gitEnv); } } public sealed class FakeTfsGitSourceProvider : TfsGitSourceProvider { protected override GitCliManager GetCliManager(Dictionary gitEnv = null) { return new FakeGitCliManager(gitEnv); } } } ================================================ FILE: src/Test/L1/Plugins/FakeGitCliManager.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System; using System.Collections.Generic; using Agent.Plugins.Repository; using Agent.Sdk; using Microsoft.VisualStudio.Services.Common; using System.Threading.Tasks; using System.Threading; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public class FakeGitCliManager : GitCliManager { public FakeGitCliManager(Dictionary envs = null) : base(envs) { } public override async Task LoadGitExecutionInfo(AgentTaskPluginExecutionContext context, bool useBuiltInGit) { // There is no built-in git for OSX/Linux await Task.Delay(1); gitPath = "path/to/git"; gitVersion = await GitVersion(context); gitLfsPath = "path/to/gitlfs"; gitLfsVersion = await GitLfsVersion(context); // Set the user agent. string gitHttpUserAgentEnv = $"git/{gitVersion.ToString()} (vsts-agent-git/{context.Variables.GetValueOrDefault("agent.version")?.Value ?? "unknown"})"; context.Debug($"Set git useragent to: {gitHttpUserAgentEnv}."); gitEnv["GIT_HTTP_USER_AGENT"] = gitHttpUserAgentEnv; } public override async Task GitVersion(AgentTaskPluginExecutionContext context) { // Return very high version so no min version conflicts. await Task.Delay(1); return new Version(2, 99999); } // git lfs version public override async Task GitLfsVersion(AgentTaskPluginExecutionContext context) { // Return very high version so no min version conflicts. await Task.Delay(1); return new Version(2, 99999); } protected override async Task ExecuteGitCommandAsync(AgentTaskPluginExecutionContext context, string repoRoot, string command, string options, CancellationToken cancellationToken = default(CancellationToken)) { await Task.Delay(1); return 0; } protected override async Task ExecuteGitCommandAsync(AgentTaskPluginExecutionContext context, string repoRoot, string command, string options, IList output) { await Task.Delay(1); return 0; } protected override async Task ExecuteGitCommandAsync(AgentTaskPluginExecutionContext context, string repoRoot, string command, string options, string additionalCommandLine, CancellationToken cancellationToken) { await Task.Delay(1); return 0; } } } ================================================ FILE: src/Test/L1/Worker/CheckoutL1Tests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; using System.Linq; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { [Collection("Worker L1 Tests")] public class CheckoutL1Tests : L1TestBase { [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task NoCheckout() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); // Remove checkout for (var i = message.Steps.Count - 1; i >= 0; i--) { var step = message.Steps[i]; if (step is TaskStep && ((TaskStep)step).Reference.Name == "Checkout") { message.Steps.RemoveAt(i); } } // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); Assert.Equal(3, steps.Count()); // Init, CmdLine, Finalize Assert.Equal(0, steps.Where(x => x.Name == "Checkout").Count()); } finally { TearDown(); } } } } ================================================ FILE: src/Test/L1/Worker/ConditionsL1Tests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System.Linq; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { [Collection("Worker L1 Tests")] public class ConditionsL1Tests : L1TestBase { [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task Conditions_Failed() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); // Remove all tasks message.Steps.Clear(); // Add a normal step and one that only runs on failure message.Steps.Add(CreateScriptTask("echo This will run")); var failStep = CreateScriptTask("echo This shouldn't..."); failStep.Condition = "failed()"; message.Steps.Add(failStep); // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); Assert.Equal(4, steps.Count()); // Init, CmdLine, CmdLine, Finalize var faiLStep = steps[2]; Assert.Equal(TaskResult.Skipped, faiLStep.Result); } finally { TearDown(); } } } } ================================================ FILE: src/Test/L1/Worker/ConfigL1Tests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { [Collection("Worker L1 Tests")] public class ConfigL1Tests : L1TestBase { [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task TrackingConfigsShouldBeConsistentAcrossRuns() { try { // Arrange SetupL1(); FakeConfigurationStore fakeConfigurationStore = GetMockedService(); var message1 = LoadTemplateMessage(); // second message is the same definition but a different job with a different repository checked out var message2 = LoadTemplateMessage(jobId: "642e8db6-0794-4b7b-8fd9-33ee9202a795", jobName: "__default2", jobDisplayName: "Job2", checkoutRepoAlias: "repo2"); // Act var results1 = await RunWorker(message1); var trackingConfig1 = GetTrackingConfig(message1); AssertJobCompleted(1); Assert.Equal(TaskResult.Succeeded, results1.Result); // Act2 var results2 = await RunWorker(message2); var trackingConfig2 = GetTrackingConfig(message2); AssertJobCompleted(2); Assert.Equal(TaskResult.Succeeded, results2.Result); // Assert Assert.Equal(trackingConfig1.BuildDirectory, trackingConfig2.BuildDirectory); Assert.Equal(trackingConfig1.HashKey, trackingConfig2.HashKey); } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task TrackingConfigsShouldBeConsistentAcrossMulticheckoutRuns() { try { // Arrange SetupL1(); FakeConfigurationStore fakeConfigurationStore = GetMockedService(); var message1 = LoadTemplateMessage(additionalRepos: 2); message1.Steps.Add(CreateCheckoutTask("Repo2")); message1.Steps.Add(CreateCheckoutTask("Repo2")); // second message is the same definition but a different job with a different order of the repos being checked out in a different order var message2 = LoadTemplateMessage(jobId: "642e8db6-0794-4b7b-8fd9-33ee9202a795", jobName: "__default2", jobDisplayName: "Job2", checkoutRepoAlias: "Repo3", additionalRepos: 2); message2.Steps.Add(CreateCheckoutTask("Repo2")); message2.Steps.Add(CreateCheckoutTask("self")); // Act var results1 = await RunWorker(message1); var trackingConfig1 = GetTrackingConfig(message1); AssertJobCompleted(1); Assert.Equal(TaskResult.Succeeded, results1.Result); // Act2 var results2 = await RunWorker(message2); var trackingConfig2 = GetTrackingConfig(message2); AssertJobCompleted(2); Assert.Equal(TaskResult.Succeeded, results2.Result); // Assert Assert.Equal(trackingConfig1.BuildDirectory, trackingConfig2.BuildDirectory); Assert.Equal(trackingConfig1.HashKey, trackingConfig2.HashKey); } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task TrackingConfigsShouldBeConsistentAcrossRunsWithDifferentCheckouts() { try { // Arrange SetupL1(); FakeConfigurationStore fakeConfigurationStore = GetMockedService(); var message1 = LoadTemplateMessage(additionalRepos: 2); message1.Variables.Add("agent.useWorkspaceId", new VariableValue(Boolean.TrueString, false, true)); // second message is the same definition but a different job with a different order of the repos being checked out in a different order var message2 = LoadTemplateMessage(jobId: "642e8db6-0794-4b7b-8fd9-33ee9202a795", jobName: "__default2", jobDisplayName: "Job2", checkoutRepoAlias: "Repo2", additionalRepos: 1); message2.Variables.Add("agent.useWorkspaceId", new VariableValue(Boolean.TrueString, false, true)); // third message uses the same repos as the first var message3 = LoadTemplateMessage(additionalRepos: 2); message3.Variables.Add("agent.useWorkspaceId", new VariableValue(Boolean.TrueString, false, true)); // Act var results1 = await RunWorker(message1); var trackingConfig1 = GetTrackingConfig(message1); AssertJobCompleted(1); Assert.Equal(TaskResult.Succeeded, results1.Result); // Act2 var results2 = await RunWorker(message2); var trackingConfig2 = GetTrackingConfig(message2); AssertJobCompleted(2); Assert.Equal(TaskResult.Succeeded, results2.Result); // Act3 var results3 = await RunWorker(message3); var trackingConfig3 = GetTrackingConfig(message3); AssertJobCompleted(3); Assert.Equal(TaskResult.Succeeded, results3.Result); // Assert - the first and third runs should be consistent Assert.NotEqual(trackingConfig1.BuildDirectory, trackingConfig2.BuildDirectory); Assert.Equal(trackingConfig1.BuildDirectory, trackingConfig3.BuildDirectory); Assert.Equal(trackingConfig1.HashKey, trackingConfig3.HashKey); } finally { TearDown(); } } } } ================================================ FILE: src/Test/L1/Worker/ContainerL1Tests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; using System.Linq; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { [Collection("Worker L1 Tests")] public class ContainerL1Tests : L1TestBase { [Theory] [Trait("Level", "L1")] [Trait("Category", "Worker")] [InlineData(false)] [InlineData(true)] public async Task StepTarget_RestrictedMode(bool writeToBlobstorageService) { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); // Remove all tasks message.Steps.Clear(); var tagStep = CreateScriptTask("echo \"##vso[build.addbuildtag]sometag\""); tagStep.Target = new StepTarget { Commands = "restricted" }; message.Steps.Add(tagStep); message.Variables.Add("agent.LogToBlobstorageService", writeToBlobstorageService.ToString()); // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); Assert.Equal(3, steps.Count()); // Init, CmdLine, Finalize var log = GetTimelineLogLines(steps[1]); Assert.Equal(1, log.Where(x => x.Contains("##vso[build.addbuildtag] is not allowed in this step due to policy restrictions.")).Count()); Assert.Equal(0, GetMockedService().BuildTags.Count); } finally { TearDown(); } } } } ================================================ FILE: src/Test/L1/Worker/CoreL1Tests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; using System.Linq; using System.Runtime.InteropServices; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { [Collection("Worker L1 Tests")] public class CoreL1Tests : L1TestBase { [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task Test_Base() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); var expectedSteps = new[] { "Initialize job", "Checkout MyFirstProject@master to s", "CmdLine", "Post-job: Checkout MyFirstProject@master to s", "Finalize Job" }; Assert.Equal(5, steps.Count()); // Init, Checkout, CmdLine, Post, Finalize for (var idx = 0; idx < steps.Count; idx++) { Assert.Equal(expectedSteps[idx], steps[idx].Name); } } finally { TearDown(); } } [Theory] [Trait("Level", "L1")] [Trait("Category", "Worker")] [InlineData(false)] [InlineData(true)] public async Task Test_Base_Node20(bool writeToBlobstorageService) { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); message.Steps.Clear(); // Add variable setting tasks message.Steps.Add(CreateScriptTask("echo Hey!")); message.Variables.Add("agent.LogToBlobstorageService", writeToBlobstorageService.ToString()); // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); var expectedSteps = new[] { "Initialize job", "CmdLine", "Finalize Job" }; Assert.Equal(3, steps.Count()); // Init, CmdLine, Finalize for (var idx = 0; idx < steps.Count; idx++) { Assert.Equal(expectedSteps[idx], steps[idx].Name); } // CmdLineV2 runs on powershell on windows if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { // Assert we used Node 20 from debug logs var log = GetTimelineLogLines(steps[1]); Assert.Equal(1, log.Where(x => x.Contains("Using node path:") && x.Contains("node20")).Count()); } } finally { TearDown(); } } [Theory] [InlineData(false, false)] [InlineData(false, true)] [InlineData(true, false)] [InlineData(true, true)] [Trait("Level", "L1")] // TODO - this test currently doesn't work on Linux/Mac because the node task-lib trims the values it reads. // Remove these SkipOn traits once the task-lib is updated. [Trait("SkipOn", "darwin")] [Trait("SkipOn", "linux")] [Trait("Category", "Worker")] public async Task Input_HandlesTrailingSpace(bool disableInputTrimming, bool writeToBlobstorageService) { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); // Remove all tasks message.Steps.Clear(); // Add variable setting tasks var scriptTask = CreateScriptTask("echo "); Environment.SetEnvironmentVariable("DISABLE_INPUT_TRIMMING", disableInputTrimming.ToString()); message.Steps.Add(scriptTask); message.Variables.Add("agent.LogToBlobstorageService", writeToBlobstorageService.ToString()); // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); var steps = GetSteps(); Assert.Equal(3, steps.Count()); // Init, CmdLine, CmdLine, Finalize var outputStep = steps[1]; var log = GetTimelineLogLines(outputStep); if (disableInputTrimming) { Assert.True(log.Where(x => x.Contains("echo ")).Count() > 0, String.Join("\n", log) + " should contain \"echo \""); } else { Assert.False(log.Where(x => x.Contains("echo ")).Count() > 0, String.Join("\n", log) + " should not contain \"echo \""); } } finally { TearDown(); } } } } ================================================ FILE: src/Test/L1/Worker/CorrelationL1Tests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { /// /// L1 tests for correlation context feature /// Tests end-to-end correlation tracking through full job execution /// [Collection("Worker L1 Tests")] public class CorrelationL1Tests : L1TestBase { [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task CorrelationContext_SingleStepJob_HasCorrelationInLogs() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); message.Steps.Clear(); message.Steps.Add(CreateScriptTask("echo Testing correlation context")); // Enable enhanced logging to see correlation IDs message.Variables["AZP_USE_ENHANCED_LOGGING"] = "true"; // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); Assert.Equal(3, steps.Count); // Init, CmdLine, Finalize // Verify each step has a unique ID var stepIds = steps.Select(s => s.Id).Distinct().ToList(); Assert.Equal(3, stepIds.Count); // All step IDs should be unique // Verify correlation IDs exist in timeline records foreach (var step in steps) { Assert.NotEqual(Guid.Empty, step.Id); // Get log lines for the step var logLines = GetTimelineLogLines(step); Assert.NotEmpty(logLines); // With enhanced logging, correlation IDs should appear in logs // Note: Actual correlation ID format is STEP-{guid-first-12-chars} } } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task CorrelationContext_MultipleSteps_EachStepHasUniqueCorrelation() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); message.Steps.Clear(); // Add multiple script tasks message.Steps.Add(CreateScriptTask("echo Step 1")); message.Steps.Add(CreateScriptTask("echo Step 2")); message.Steps.Add(CreateScriptTask("echo Step 3")); message.Variables["AZP_USE_ENHANCED_LOGGING"] = "true"; // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); Assert.Equal(5, steps.Count); // Init, CmdLine, CmdLine, CmdLine, Finalize // Verify all steps have unique IDs var stepIds = steps.Select(s => s.Id).ToList(); var uniqueIds = stepIds.Distinct().ToList(); Assert.Equal(stepIds.Count, uniqueIds.Count); // All IDs should be unique // Verify each task step has different correlation var taskSteps = steps.Where(s => s.RecordType == "Task" && s.Name == "CmdLine").ToList(); Assert.Equal(3, taskSteps.Count); foreach (var step in taskSteps) { Assert.NotEqual(Guid.Empty, step.Id); var logLines = GetTimelineLogLines(step); Assert.NotEmpty(logLines); } } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task CorrelationContext_WithCheckout_CheckoutStepHasCorrelation() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); // Includes checkout by default message.Variables["AZP_USE_ENHANCED_LOGGING"] = "true"; // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); var checkoutStep = steps.FirstOrDefault(s => s.Name.Contains("Checkout")); Assert.NotNull(checkoutStep); Assert.NotEqual(Guid.Empty, checkoutStep.Id); // Verify checkout has logs with potential correlation var checkoutLogs = GetTimelineLogLines(checkoutStep); Assert.NotEmpty(checkoutLogs); } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task CorrelationContext_InitializeAndFinalize_HaveUniqueCorrelations() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); message.Steps.Clear(); message.Steps.Add(CreateScriptTask("echo test")); message.Variables["AZP_USE_ENHANCED_LOGGING"] = "true"; // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); var initStep = steps.FirstOrDefault(s => s.Name == "Initialize job"); var finalizeStep = steps.FirstOrDefault(s => s.Name == "Finalize Job"); Assert.NotNull(initStep); Assert.NotNull(finalizeStep); // Both should have unique IDs Assert.NotEqual(Guid.Empty, initStep.Id); Assert.NotEqual(Guid.Empty, finalizeStep.Id); Assert.NotEqual(initStep.Id, finalizeStep.Id); // Both should have logs var initLogs = GetTimelineLogLines(initStep); var finalizeLogs = GetTimelineLogLines(finalizeStep); Assert.NotEmpty(initLogs); Assert.NotEmpty(finalizeLogs); } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task CorrelationContext_FailedStep_HasCorrelationInErrorLogs() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); message.Steps.Clear(); // Add a step that will fail message.Steps.Add(CreateScriptTask("exit 1")); message.Variables["AZP_USE_ENHANCED_LOGGING"] = "true"; // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Failed, results.Result); var steps = GetSteps(); var failedStep = steps.FirstOrDefault(s => s.Result == TaskResult.Failed); Assert.NotNull(failedStep); Assert.NotEqual(Guid.Empty, failedStep.Id); // Verify failed step has logs with correlation var failedLogs = GetTimelineLogLines(failedStep); Assert.NotEmpty(failedLogs); } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task CorrelationContext_PostJobSteps_HaveCorrelation() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); // Includes checkout which has post-job step message.Variables["AZP_USE_ENHANCED_LOGGING"] = "true"; // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); // Look for post-job step var postJobStep = steps.FirstOrDefault(s => s.Name.StartsWith("Post-job:")); if (postJobStep != null) { Assert.NotEqual(Guid.Empty, postJobStep.Id); // Post-job steps should have logs too var postJobLogs = GetTimelineLogLines(postJobStep); Assert.NotEmpty(postJobLogs); } } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task CorrelationContext_WithoutEnhancedLogging_StillHasStepIds() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); message.Steps.Clear(); message.Steps.Add(CreateScriptTask("echo Without enhanced logging")); // Explicitly disable enhanced logging message.Variables["AZP_USE_ENHANCED_LOGGING"] = "false"; // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); // Even without enhanced logging, timeline records should have step IDs foreach (var step in steps) { Assert.NotEqual(Guid.Empty, step.Id); } // Steps should still have logs var taskStep = steps.FirstOrDefault(s => s.Name == "CmdLine"); Assert.NotNull(taskStep); var logs = GetTimelineLogLines(taskStep); Assert.NotEmpty(logs); // Without enhanced logging, correlation IDs might not appear in logs // but the infrastructure still maintains them } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task CorrelationContext_LongRunningJob_CorrelationPersistsThroughout() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); message.Steps.Clear(); // Add multiple steps with delays to simulate long-running job message.Steps.Add(CreateScriptTask("echo Starting long job")); message.Steps.Add(CreateScriptTask("echo Middle of job")); message.Steps.Add(CreateScriptTask("echo Ending long job")); message.Variables["AZP_USE_ENHANCED_LOGGING"] = "true"; // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); // Verify all steps completed and have unique IDs Assert.True(steps.Count >= 5); // Init + 3 tasks + Finalize var taskSteps = steps.Where(s => s.Name == "CmdLine").ToList(); Assert.Equal(3, taskSteps.Count); // All task steps should have completed successfully foreach (var step in taskSteps) { Assert.Equal(TaskResult.Succeeded, step.Result); Assert.NotEqual(Guid.Empty, step.Id); } } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task CorrelationContext_TimelineRecords_ContainStepIdentifiers() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); message.Steps.Clear(); message.Steps.Add(CreateScriptTask("echo Checking timeline records")); message.Variables["AZP_USE_ENHANCED_LOGGING"] = "true"; // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); // Get all timelines var timelines = GetTimelines(); Assert.NotEmpty(timelines); var timeline = timelines[0]; Assert.NotEmpty(timeline.Records); // Verify timeline records exist with unique IDs var recordIds = new HashSet(); foreach (var record in timeline.Records) { Assert.NotEqual(Guid.Empty, record.Id); Assert.NotNull(record.Name); Assert.True(recordIds.Add(record.Id), $"Duplicate record ID found: {record.Id}"); } // Verify we have the expected records (Initialize, Task, Finalize) Assert.True(recordIds.Count >= 3, $"Expected at least 3 timeline records, got {recordIds.Count}"); } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task CorrelationContext_JobWithVariables_CorrelationNotAffectedByVariables() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); message.Steps.Clear(); // Add custom variables message.Variables["CUSTOM_VAR_1"] = "value1"; message.Variables["CUSTOM_VAR_2"] = "value2"; message.Variables["AZP_USE_ENHANCED_LOGGING"] = "true"; message.Steps.Add(CreateScriptTask("echo Using custom variables")); // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); // Correlation should work regardless of custom variables foreach (var step in steps) { Assert.NotEqual(Guid.Empty, step.Id); } } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task CorrelationContext_StepWithOutput_CorrelationInOutputLogs() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); message.Steps.Clear(); message.Steps.Add(CreateScriptTask("echo This is output from step")); message.Variables["AZP_USE_ENHANCED_LOGGING"] = "true"; // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); var outputStep = steps.FirstOrDefault(s => s.Name == "CmdLine"); Assert.NotNull(outputStep); Assert.NotEqual(Guid.Empty, outputStep.Id); // Verify output logs exist var logs = GetTimelineLogLines(outputStep); Assert.NotEmpty(logs); // Should contain the echo output Assert.Contains(logs, l => l.Contains("This is output from step")); } finally { TearDown(); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task CorrelationContext_EmptyStepName_StillHasValidCorrelation() { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); message.Steps.Clear(); var scriptTask = CreateScriptTask("echo test"); scriptTask.DisplayName = ""; // Empty display name message.Steps.Add(scriptTask); message.Variables["AZP_USE_ENHANCED_LOGGING"] = "true"; // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); var taskStep = steps.FirstOrDefault(s => s.RecordType == "Task"); // Even with empty name, should have valid ID and correlation if (taskStep != null) { Assert.NotEqual(Guid.Empty, taskStep.Id); } } finally { TearDown(); } } } } ================================================ FILE: src/Test/L1/Worker/L1TestBase.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.Pipelines; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Agent.Util; using Microsoft.VisualStudio.Services.Agent.Worker; using Microsoft.VisualStudio.Services.Agent.Worker.Build; using Microsoft.VisualStudio.Services.Agent.Worker.Release; using Microsoft.VisualStudio.Services.Agent.Worker.Telemetry; using Microsoft.VisualStudio.Services.WebApi; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Reflection; using System.Runtime.CompilerServices; using System.Text; using System.Threading; using System.Threading.Tasks; using Xunit; using Pipelines = Microsoft.TeamFoundation.DistributedTask.Pipelines; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { public class TestResults { public int ReturnCode { get; internal set; } public TaskResult Result { get; internal set; } public bool TimedOut { get; internal set; } } public class L1TestBase : IDisposable { protected TimeSpan ChannelTimeout = TimeSpan.FromSeconds(100); protected TimeSpan JobTimeout = TimeSpan.FromSeconds(100); private List _mockedServices = new List(); protected List GetTimelines() { return GetMockedService().Timelines.Values.ToList(); } protected IList GetSteps() { var timeline = GetTimelines()[0]; return timeline.Records.Where(x => x.RecordType == "Task").ToList(); } protected T GetMockedService() { return _mockedServices.Where(x => x is T).Cast().Single(); } protected IList GetTimelineLogLines(TimelineRecord record) { var jobService = GetMockedService(); var lines = jobService.LogLines.GetValueOrDefault(record.Log.Id).ToList(); if (lines.Count <= 0) { lines = new List(); // Fall back to blobstore foreach (var blobId in jobService.IdToBlobMapping.GetValueOrDefault(record.Log.Id)) { lines.AddRange(jobService.UploadedLogBlobs.GetValueOrDefault(blobId)); } } return lines; } protected void AssertJobCompleted(int buildCount = 1) { Assert.Equal(buildCount, GetMockedService().RecordedEvents.Where(x => x is JobCompletedEvent).Count()); } protected static Pipelines.AgentJobRequestMessage LoadTemplateMessage(string jobId = "12f1170f-54f2-53f3-20dd-22fc7dff55f9", string jobName = "__default", string jobDisplayName = "Job", string checkoutRepoAlias = "self", int additionalRepos = 1) { var template = JobMessageTemplate; template = template.Replace("$$PLANID$$", Guid.NewGuid().ToString()); template = template.Replace("$$JOBID$$", jobId, StringComparison.OrdinalIgnoreCase); template = template.Replace("$$JOBNAME$$", jobName, StringComparison.OrdinalIgnoreCase); template = template.Replace("$$JOBDISPLAYNAME$$", jobDisplayName, StringComparison.OrdinalIgnoreCase); template = template.Replace("$$CHECKOUTREPOALIAS$$", checkoutRepoAlias, StringComparison.OrdinalIgnoreCase); var sb = new StringBuilder(); for (int i = 0; i < additionalRepos; i++) { sb.Append(GetRepoJson("Repo" + (i + 2))); } template = template.Replace("$$ADDITIONALREPOS$$", sb.ToString(), StringComparison.OrdinalIgnoreCase); return LoadJobMessageFromJSON(template); } private static string GetRepoJson(string repoAlias) { return String.Format(@", {{ 'properties': {{ 'id': '{0}', 'type': 'Git', 'version': 'cf64a69d29ae2e01a655956f67ee0332ffb730a3', 'name': '{1}', 'project': '6302cb6f-c9d9-44c2-ae60-84eff8845059', 'defaultBranch': 'refs/heads/master', 'ref': 'refs/heads/master', 'url': 'https://alpeck@codedev.ms/alpeck/MyFirstProject/_git/{1}', 'versionInfo': {{ 'author': '[PII]' }}, 'checkoutOptions': {{ }} }}, 'alias': '{1}', 'endpoint': {{ 'name': 'SystemVssConnection' }} }}", Guid.NewGuid(), repoAlias); } protected static Pipelines.AgentJobRequestMessage LoadJobMessageFromJSON(string message) { return JsonUtility.FromString(message); } protected static TaskStep CreateScriptTask(string script) { var step = new TaskStep { Reference = new TaskStepDefinitionReference { Id = Guid.Parse("b9bafed4-0b18-4f58-968d-86655b4d2ce9"), Name = "CmdLine", Version = "2.250.1" }, Name = "CmdLine", DisplayName = "CmdLine", Id = Guid.NewGuid() }; step.Inputs.Add("script", script); return step; } protected static TaskStep CreateCheckoutTask(string repoAlias) { var step = new TaskStep { Reference = new TaskStepDefinitionReference { Id = Guid.Parse("6d15af64-176c-496d-b583-fd2ae21d4df4"), Name = "Checkout", Version = "1.0.0" }, Name = "Checkout", DisplayName = "Checkout", Id = Guid.NewGuid() }; step.Inputs.Add("repository", repoAlias); return step; } public void SetupL1([CallerMemberName] string testName = "") { // Clear working directory string path = GetWorkingDirectory(testName); if (File.Exists(path)) { File.Delete(path); } // Fix localization var assemblyLocation = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); var stringFile = Path.Combine(assemblyLocation, "en-US", "strings.json"); StringUtil.LoadExternalLocalization(stringFile); _l1HostContext = new L1HostContext(HostType.Agent, GetLogFile(this, testName)); SetupMocks(_l1HostContext); // Use different working directories for each test var config = GetMockedService(); // TODO: Need to update this. can hack it for now. config.WorkingDirectoryName = testName; // Reset node knobs in case if tests cruns in the pipeline or machine set node envs ResetNodeKnobs(); } public string GetWorkingDirectory([CallerMemberName] string testName = "") { return Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) + "/TestRuns/" + testName + "/w"; } public TrackingConfig GetTrackingConfig(Pipelines.AgentJobRequestMessage message, [CallerMemberName] string testName = "") { message.Variables.TryGetValue("system.collectionId", out VariableValue collectionIdVar); message.Variables.TryGetValue("system.definitionId", out VariableValue definitionIdVar); string filename; if (message.Variables.TryGetValue("agent.useWorkspaceId", out _)) { var repoTrackingInfos = message.Resources.Repositories.Select(repo => new RepositoryTrackingInfo(repo, "/")).ToList(); var workspaceIdentifier = TrackingConfigHashAlgorithm.ComputeHash(collectionIdVar?.Value, definitionIdVar?.Value, repoTrackingInfos); filename = Path.Combine(GetWorkingDirectory(testName), Constants.Build.Path.SourceRootMappingDirectory, collectionIdVar.Value, definitionIdVar.Value, workspaceIdentifier, Constants.Build.Path.TrackingConfigFile); } else { filename = Path.Combine(GetWorkingDirectory(testName), Constants.Build.Path.SourceRootMappingDirectory, collectionIdVar.Value, definitionIdVar.Value, Constants.Build.Path.TrackingConfigFile); } string content = File.ReadAllText(filename); return JsonConvert.DeserializeObject(content); } protected L1HostContext _l1HostContext; protected async Task RunWorker(Pipelines.AgentJobRequestMessage message) { if (_l1HostContext == null) { throw new InvalidOperationException("Must call SetupL1() to initialize L1HostContext before calling RunWorker()"); } await SetupMessage(_l1HostContext, message); var cts = new CancellationTokenSource(); try { cts.CancelAfter((int)JobTimeout.TotalMilliseconds); var result = await RunWorker(_l1HostContext, message, cts.Token); // If job timed out, give it a moment to complete finalization if (result.TimedOut) { await Task.Delay(100); // Allow 100ms for cleanup to complete } return result; } finally { // Dispose after ensuring cleanup had time to complete cts?.Dispose(); } } private void SetupMocks(L1HostContext context) { _mockedServices.Add(context.SetupService(typeof(FakeConfigurationStore))); _mockedServices.Add(context.SetupService(typeof(FakeJobServer))); _mockedServices.Add(context.SetupService(typeof(FakeTaskServer))); _mockedServices.Add(context.SetupService(typeof(FakeBuildServer))); _mockedServices.Add(context.SetupService(typeof(FakeReleaseServer))); _mockedServices.Add(context.SetupService(typeof(FakeAgentPluginManager))); _mockedServices.Add(context.SetupService(typeof(FakeTaskManager))); _mockedServices.Add(context.SetupService(typeof(FakeCustomerIntelligenceServer))); _mockedServices.Add(context.SetupService(typeof(FakeResourceMetricsManager))); } private string GetLogFile(object testClass, string testMethod) { // Trim the test assembly's root namespace from the test class's full name. var suiteName = testClass.GetType().FullName.Substring( startIndex: typeof(Tests.TestHostContext).FullName.LastIndexOf(nameof(TestHostContext))); var testName = testMethod.Replace(".", "_"); // Use a unique suffix to prevent parallel runs from sharing the same log file var unique = Guid.NewGuid().ToString("N"); return Path.Combine( Path.Combine(TestUtil.GetSrcPath(), "Test", "TestLogs"), $"trace_{suiteName}_{testName}_{unique}.log"); } private async Task SetupMessage(HostContext context, Pipelines.AgentJobRequestMessage message) { // The agent assumes the server creates this var jobServer = context.GetService(); await jobServer.CreateTimelineAsync(message.Plan.ScopeIdentifier, message.Plan.PlanType, message.Plan.PlanId, message.Timeline.Id, default(CancellationToken)); } private async Task RunWorker(HostContext HostContext, Pipelines.AgentJobRequestMessage message, CancellationToken jobRequestCancellationToken) { var worker = HostContext.GetService(); Task workerTask = null; // Setup the anonymous pipes to use for communication with the worker. using (var processChannel = HostContext.CreateService()) { processChannel.StartServer(startProcess: (string pipeHandleOut, string pipeHandleIn) => { // Run the worker // Note: this happens on the same process as the test workerTask = worker.RunAsync( pipeIn: pipeHandleOut, pipeOut: pipeHandleIn); }, disposeClient: false); // Don't dispose the client because our process is both the client and the server // Send the job request message to the worker var body = JsonUtility.ToString(message); using (var csSendJobRequest = new CancellationTokenSource(ChannelTimeout)) { await processChannel.SendAsync( messageType: MessageType.NewJobRequest, body: body, cancellationToken: csSendJobRequest.Token); } // wait for worker process or cancellation token been fired. var completedTask = await Task.WhenAny(workerTask, Task.Delay(-1, jobRequestCancellationToken)); if (completedTask == workerTask) { int returnCode = await workerTask; TaskResult result = TaskResultUtil.TranslateFromReturnCode(returnCode); return new TestResults { ReturnCode = returnCode, Result = result }; } else { // Timeout occurred - give worker task a moment to complete cleanup gracefully try { // Wait up to 2 seconds for graceful shutdown after timeout using (var gracefulShutdownCts = new CancellationTokenSource(TimeSpan.FromSeconds(2))) { await workerTask.WaitAsync(gracefulShutdownCts.Token); } } catch (OperationCanceledException) { // Worker didn't complete gracefully within 2 seconds, that's expected for timeout tests } catch (Exception) { // Other exceptions during shutdown are also expected in timeout scenarios } return new TestResults { TimedOut = true }; } } } protected void TearDown() { this._l1HostContext?.Dispose(); } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } private void ResetNodeKnobs() { Environment.SetEnvironmentVariable("AGENT_USE_NODE10", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE20_1", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE20_IN_UNSUPPORTED_SYSTEM", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE24", null); Environment.SetEnvironmentVariable("AGENT_USE_NODE24_IN_UNSUPPORTED_SYSTEM", null); } protected virtual void Dispose(bool disposing) { if (disposing) { this._l1HostContext?.Dispose(); } } protected static readonly String JobMessageTemplate = @" { 'mask': [ { 'type': 'regex', 'value': 'accessTokenSecret' }, { 'type': 'regex', 'value': 'accessTokenSecret' } ], 'steps': [ { 'inputs': { 'repository': '$$CHECKOUTREPOALIAS$$' }, 'type': 'task', 'reference': { 'id': '6d15af64-176c-496d-b583-fd2ae21d4df4', 'name': 'Checkout', 'version': '1.0.0' }, 'condition': 'true', 'id': 'af08acd5-c28a-5b03-f5a9-06f9a40627bb', 'name': 'Checkout', 'displayName': 'Checkout' }, { 'inputs': { 'script': 'echo Hello World!' }, 'type': 'task', 'reference': { 'id': 'b9bafed4-0b18-4f58-968d-86655b4d2ce9', 'name': 'CmdLine', 'version': '2.250.0' }, 'id': '9c939e41-62c2-5605-5e05-fc3554afc9f5', 'name': 'CmdLine', 'displayName': 'CmdLine' } ], 'variables': { 'system': { 'value': 'build', 'isReadOnly': true }, 'system.hosttype': { 'value': 'build', 'isReadOnly': true }, 'system.servertype': { 'value': 'Hosted', 'isReadOnly': true }, 'system.culture': { 'value': 'en-US', 'isReadOnly': true }, 'system.collectionId': { 'value': '297a3210-e711-4ddf-857a-1df14915bb29', 'isReadOnly': true }, 'system.debug': { 'value': 'true', 'isReadOnly': true }, 'system.collectionUri': { 'value': 'https://codedev.ms/alpeck/', 'isReadOnly': true }, 'system.teamFoundationCollectionUri': { 'value': 'https://codedev.ms/alpeck/', 'isReadOnly': true }, 'system.taskDefinitionsUri': { 'value': 'https://codedev.ms/alpeck/', 'isReadOnly': true }, 'system.pipelineStartTime': { 'value': '2020-02-10 13:29:58-05:00', 'isReadOnly': true }, 'system.teamProject': { 'value': 'MyFirstProject', 'isReadOnly': true }, 'system.teamProjectId': { 'value': '6302cb6f-c9d9-44c2-ae60-84eff8845059', 'isReadOnly': true }, 'system.definitionId': { 'value': '2', 'isReadOnly': true }, 'build.definitionName': { 'value': 'MyFirstProject (1)', 'isReadOnly': true }, 'build.definitionVersion': { 'value': '1', 'isReadOnly': true }, 'build.queuedBy': { 'value': '[PII]', 'isReadOnly': true }, 'build.queuedById': { 'value': '00000002-0000-8888-8000-000000000000', 'isReadOnly': true }, 'build.requestedFor': { 'value': '[PII]', 'isReadOnly': true }, 'build.requestedForId': { 'value': '8546ffd5-88f3-69c1-ad8f-30c41e8ce5ad', 'isReadOnly': true }, 'build.requestedForEmail': { 'value': '[PII]', 'isReadOnly': true }, 'build.sourceVersion': { 'value': '[PII]', 'isReadOnly': true }, 'build.sourceBranch': { 'value': '[PII]', 'isReadOnly': true }, 'build.sourceBranchName': { 'value': '[PII]', 'isReadOnly': true }, 'build.reason': { 'value': 'IndividualCI', 'isReadOnly': true }, 'system.pullRequest.isFork': { 'value': 'False', 'isReadOnly': true }, 'system.jobParallelismTag': { 'value': 'Private', 'isReadOnly': true }, 'system.enableAccessToken': { 'value': 'SecretVariable', 'isReadOnly': true }, 'MSDEPLOY_HTTP_USER_AGENT': { 'value': 'VSTS_297a3210-e711-4ddf-857a-1df14915bb29_build_2_0', 'isReadOnly': true }, 'AZURE_HTTP_USER_AGENT': { 'value': 'VSTS_297a3210-e711-4ddf-857a-1df14915bb29_build_2_0', 'isReadOnly': true }, 'build.buildId': { 'value': '5', 'isReadOnly': true }, 'build.buildUri': { 'value': 'vstfs:///Build/Build/5', 'isReadOnly': true }, 'build.buildNumber': { 'value': '20200210.2', 'isReadOnly': true }, 'build.containerId': { 'value': '12', 'isReadOnly': true }, 'system.isScheduled': { 'value': 'False', 'isReadOnly': true }, 'system.definitionName': { 'value': 'MyFirstProject (1)', 'isReadOnly': true }, 'system.planId': { 'value': '$$PLANID$$', 'isReadOnly': true }, 'system.timelineId': { 'value': '$$PLANID$$', 'isReadOnly': true }, 'system.stageDisplayName': { 'value': '__default', 'isReadOnly': true }, 'system.stageId': { 'value': '96ac2280-8cb4-5df5-99de-dd2da759617d', 'isReadOnly': true }, 'system.stageName': { 'value': '__default', 'isReadOnly': true }, 'system.stageAttempt': { 'value': '1', 'isReadOnly': true }, 'system.phaseDisplayName': { 'value': 'Job', 'isReadOnly': true }, 'system.phaseId': { 'value': '3a3a2a60-14c7-570b-14a4-fa42ad92f52a', 'isReadOnly': true }, 'system.phaseName': { 'value': 'Job', 'isReadOnly': true }, 'system.phaseAttempt': { 'value': '1', 'isReadOnly': true }, 'system.jobIdentifier': { 'value': 'Job.$$JOBNAME$$', 'isReadOnly': true }, 'system.jobAttempt': { 'value': '1', 'isReadOnly': true }, 'System.JobPositionInPhase': { 'value': '1', 'isReadOnly': true }, 'System.TotalJobsInPhase': { 'value': '1', 'isReadOnly': true }, 'system.jobDisplayName': { 'value': 'Job', 'isReadOnly': true }, 'system.jobId': { 'value': '$$JOBID$$', 'isReadOnly': true }, 'system.jobName': { 'value': '$$JOBNAME$$', 'isReadOnly': true }, 'system.accessToken': { 'value': 'thisisanaccesstoken', 'isSecret': true }, 'agent.retainDefaultEncoding': { 'value': 'false', 'isReadOnly': true }, 'agent.readOnlyVariables': { 'value': 'true', 'isReadOnly': true }, 'agent.disablelogplugin.TestResultLogPlugin': { 'value': 'true', 'isReadOnly': true }, 'agent.disablelogplugin.TestFilePublisherPlugin': { 'value': 'true', 'isReadOnly': true }, 'build.repository.id': { 'value': '05bbff1a-ac43-4a40-a1c1-99f4e17e61dd', 'isReadOnly': true }, 'build.repository.name': { 'value': 'MyFirstProject', 'isReadOnly': true }, 'build.repository.uri': { 'value': 'https://alpeck@codedev.ms/alpeck/MyFirstProject/_git/MyFirstProject', 'isReadOnly': true }, 'build.sourceVersionAuthor': { 'value': '[PII]', 'isReadOnly': true }, 'build.sourceVersionMessage': { 'value': 'Update azure-pipelines-1.yml for Azure Pipelines', 'isReadOnly': true } }, 'messageType': 'PipelineAgentJobRequest', 'plan': { 'scopeIdentifier': '6302cb6f-c9d9-44c2-ae60-84eff8845059', 'planType': 'Build', 'version': 9, 'planId': '$$PLANID$$', 'planGroup': 'Build:6302cb6f-c9d9-44c2-ae60-84eff8845059:5', 'artifactUri': 'vstfs:///Build/Build/5', 'artifactLocation': null, 'definition': { '_links': { 'web': { 'href': 'https://codedev.ms/alpeck/6302cb6f-c9d9-44c2-ae60-84eff8845059/_build/definition?definitionId=2' }, 'self': { 'href': 'https://codedev.ms/alpeck/6302cb6f-c9d9-44c2-ae60-84eff8845059/_apis/build/Definitions/2' } }, 'id': 2, 'name': 'MyFirstProject (1)' }, 'owner': { '_links': { 'web': { 'href': 'https://codedev.ms/alpeck/6302cb6f-c9d9-44c2-ae60-84eff8845059/_build/results?buildId=5' }, 'self': { 'href': 'https://codedev.ms/alpeck/6302cb6f-c9d9-44c2-ae60-84eff8845059/_apis/build/Builds/5' } }, 'id': 5, 'name': '20200210.2' } }, 'timeline': { 'id': '$$PLANID$$', 'changeId': 5, 'location': null }, 'jobId': '$$JOBID$$', 'jobDisplayName': 'Job', 'jobName': '$$JOBNAME$$', 'jobContainer': null, 'requestId': 0, 'lockedUntil': '0001-01-01T00:00:00', 'resources': { 'endpoints': [ { 'data': { 'ServerId': '297a3210-e711-4ddf-857a-1df14915bb29', 'ServerName': 'alpeck' }, 'name': 'SystemVssConnection', 'url': 'https://codedev.ms/alpeck/', 'authorization': { 'parameters': { 'AccessToken': 'access' }, 'scheme': 'OAuth' }, 'isShared': false, 'isReady': true } ], 'repositories': [ { 'properties': { 'id': '05bbff1a-ac43-4a40-a1c1-99f4e17e61dd', 'type': 'Git', 'version': 'cf64a69d29ae2e01a655956f67ee0332ffb730a3', 'name': 'MyFirstProject', 'project': '6302cb6f-c9d9-44c2-ae60-84eff8845059', 'defaultBranch': 'refs/heads/master', 'ref': 'refs/heads/master', 'url': 'https://alpeck@codedev.ms/alpeck/MyFirstProject/_git/MyFirstProject', 'versionInfo': { 'author': '[PII]' }, 'checkoutOptions': {} }, 'alias': 'self', 'endpoint': { 'name': 'SystemVssConnection' } } $$ADDITIONALREPOS$$ ] }, 'workspace': {} } ".Replace("'", "\""); } } ================================================ FILE: src/Test/L1/Worker/TimeoutLogFlushingL1Tests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System; using System.Runtime.InteropServices; using System.Threading.Tasks; using Xunit; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { [Collection("Worker L1 Tests")] public class TimeoutLogFlushingL1Tests : L1TestBase { [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task TestTimeoutLogFlushingEnabled_JobCompletesSuccessfully() { try { // Arrange SetupL1(); Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", "true"); var message = LoadTemplateMessage(); message.Steps.Clear(); message.Steps.Add(CreateScriptTask("echo Testing timeout log flushing functionality")); // Act var results = await RunWorker(message); // Assert Assert.Equal(TaskResult.Succeeded, results.Result); Assert.Equal(100, results.ReturnCode); } finally { Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task TestTimeoutLogFlushingNotSet_DefaultsToDisabled() { try { // Arrange SetupL1(); Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); var message = LoadTemplateMessage(); message.Steps.Clear(); message.Steps.Add(CreateScriptTask("echo Testing default timeout log flushing behavior")); // Act var results = await RunWorker(message); // Assert - When timeout log flushing is not set, job should succeed normally // This test verifies the default behavior when the environment variable is unset Assert.Equal(TaskResult.Succeeded, results.Result); Assert.False(results.TimedOut); } finally { Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task TestTimeoutLogFlushingWithSingleStep_CompletesSuccessfully() { try { // Arrange SetupL1(); Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", "true"); var message = LoadTemplateMessage(); message.Steps.Clear(); // Use cross-platform script task (works on Windows, macOS, and Linux) message.Steps.Add(CreateScriptTask("echo Testing timeout log flushing with single step")); // Act var results = await RunWorker(message); // Assert Assert.Equal(TaskResult.Succeeded, results.Result); Assert.Equal(100, results.ReturnCode); } finally { Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task TestTimeoutLogFlushingEnvironmentVariableValues_HandlesVariousInputs() { var testCases = new[] { "true", "TRUE", "True", "1", "false", "FALSE", "False", "0", "" }; // Setup once before all test cases SetupL1(); foreach (var testValue in testCases) { try { // Arrange Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", testValue); var message = LoadTemplateMessage(); message.Steps.Clear(); message.Steps.Add(CreateScriptTask($"echo \"Testing with env value: {testValue}\"")); // Act var results = await RunWorker(message); // Assert Assert.Equal(TaskResult.Succeeded, results.Result); Assert.Equal(100, results.ReturnCode); } finally { Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); } } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task TestTimeoutLogFlushingEnabled_JobTimesOutWithExpectedResult() { try { // Arrange SetupL1(); Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", "true"); // Set a very short job timeout (5 seconds) to force timeout JobTimeout = TimeSpan.FromSeconds(5); var message = LoadTemplateMessage(); message.Steps.Clear(); // Add a script task that runs longer than the timeout // Use reliable commands that will definitely take more than 5 seconds if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { message.Steps.Add(CreateScriptTask("powershell -Command \"Start-Sleep -Seconds 10\"")); } else { if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { message.Steps.Add(CreateScriptTask("/bin/bash -c 'sleep 10'")); } else { message.Steps.Add(CreateScriptTask("/bin/sleep 10")); } } // Act var results = await RunWorker(message); // Assert - Job should timeout and have TimedOut = true Assert.True(results.TimedOut, "Job should have timed out"); } finally { Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); // Reset JobTimeout to default JobTimeout = TimeSpan.FromSeconds(100); } } [Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] [Trait("SkipOn", "darwin")] public async Task TestTimeoutLogFlushingDisabled_JobTimesOutWithExpectedResult() { try { // Arrange SetupL1(); Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", "false"); // Set a very short job timeout (5 seconds) to force timeout JobTimeout = TimeSpan.FromSeconds(5); var message = LoadTemplateMessage(); message.Steps.Clear(); // Add a script task that runs longer than the timeout (sleep for 10 seconds, timeout is 5 seconds) if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { message.Steps.Add(CreateScriptTask("powershell -Command \"Start-Sleep -Seconds 10\"")); } else { if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { message.Steps.Add(CreateScriptTask("/bin/bash -c 'sleep 10'")); } else { message.Steps.Add(CreateScriptTask("/bin/sleep 10")); } } // Act var results = await RunWorker(message); // Assert - Job should timeout and have TimedOut = true Assert.True(results.TimedOut, "Job should have timed out"); } finally { Environment.SetEnvironmentVariable("AZP_ENABLE_TIMEOUT_LOG_FLUSHING", null); // Reset JobTimeout to default JobTimeout = TimeSpan.FromSeconds(100); } } } } ================================================ FILE: src/Test/L1/Worker/VariableL1Tests.cs ================================================ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using Microsoft.TeamFoundation.DistributedTask.WebApi; using System.Linq; using System.Threading.Tasks; using Xunit; using Pipelines = Microsoft.TeamFoundation.DistributedTask.WebApi; namespace Microsoft.VisualStudio.Services.Agent.Tests.L1.Worker { [Collection("Worker L1 Tests")] public class VariableL1Tests : L1TestBase { [Theory] [Trait("Level", "L1")] [Trait("Category", "Worker")] [InlineData(false)] [InlineData(true)] public async Task SetVariable_ReadVariable(bool writeToBlobstorageService) { try { // Arrange SetupL1(); var message = LoadTemplateMessage(); // Remove all tasks message.Steps.Clear(); // Add variable setting tasks message.Steps.Add(CreateScriptTask("echo \"##vso[task.setvariable variable=testVar]b\"")); message.Steps.Add(CreateScriptTask("echo TestVar=$(testVar)")); message.Variables.Add("testVar", new Pipelines.VariableValue("a", false, false)); message.Variables.Add("agent.LogToBlobstorageService", writeToBlobstorageService.ToString()); // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Succeeded, results.Result); var steps = GetSteps(); Assert.Equal(4, steps.Count()); // Init, CmdLine, CmdLine, Finalize var outputStep = steps[2]; var log = GetTimelineLogLines(outputStep); Assert.True(log.Where(x => x.Contains("TestVar=b")).Count() > 0); } finally { TearDown(); } } // Enable this test when read only variable enforcement is added /*[Fact] [Trait("Level", "L1")] [Trait("Category", "Worker")] public async Task Readonly_Variables() { // Arrange var message = LoadTemplateMessage(); // Remove all tasks message.Steps.Clear(); // Add a normal step and one that only runs on failure message.Steps.Add(CreateScriptTask("echo ##vso[task.setvariable variable=system]someothervalue")); var alwayStep = CreateScriptTask("echo SystemVariableValue=$(system)"); alwayStep.Condition = "always()"; message.Steps.Add(alwayStep); // Act var results = await RunWorker(message); // Assert AssertJobCompleted(); Assert.Equal(TaskResult.Failed, results.Result); var steps = GetSteps(); Assert.Equal(4, steps.Count()); // Init, CmdLine, CmdLine, Finalize var failToSetStep = steps[1]; Assert.Equal(TaskResult.Failed, failToSetStep.Result); var outputStep = steps[2]; var log = GetTimelineLogLines(outputStep); Assert.True(log.Where(x => x.Contains("SystemVariableValue=build")).Count() > 0); }*/ } } ================================================ FILE: src/Test/NuGet.Config ================================================  ================================================ FILE: src/Test/Test.csproj ================================================  $(NoWarn);CA1416 true build ================================================ FILE: src/Test/TestData/TaskManagerL0/task.json ================================================ {"id":"BFC8BF76-E7AC-4A8C-9A55-A944A9F632FD","name":"BatchScript","friendlyName":"Batch Script","description":"Run a windows cmd or bat script and optionally allow it to change the environment","helpMarkDown":"[More Information](http://go.microsoft.com/fwlink/?LinkID=613733)","category":"Utility","visibility":["Build","Release"],"author":"Microsoft Corporation","version":{"Major":1,"Minor":0,"Patch":10},"demands":["Cmd"],"minimumAgentVersion":"1.83.0","groups":[{"name":"advanced","displayName":"Advanced","isExpanded":false}],"inputs":[{"name":"filename","type":"filePath","label":"Path","defaultValue":"","required":true,"helpMarkDown":"Path of the cmd or bat script to execute. Should be fully qualified path or relative to the default working directory."},{"name":"arguments","type":"string","label":"Arguments","defaultValue":"","required":false,"helpMarkDown":"Arguments passed to the cmd or bat script"},{"name":"modifyEnvironment","type":"boolean","label":"Modify Environment","defaultValue":"False","required":false,"helpMarkDown":"Determines whether environment variable modifications will affect subsequent tasks."},{"name":"workingFolder","type":"filePath","label":"Working folder","defaultValue":"","required":false,"helpMarkDown":"Current working directory when script is run. Defaults to the folder where the script is located.","groupName":"advanced"},{"name":"failOnStandardError","type":"boolean","label":"Fail on Standard Error","defaultValue":"false","required":false,"helpMarkDown":"If this is true, this task will fail if any errors are written to the StandardError stream.","groupName":"advanced"}],"instanceNameFormat":"Run script $(filename)","execution":{"Process":{"target":"$(filename)","argumentFormat":"$(arguments)","workingDirectory":"$(workingFolder)","modifyEnvironment":"$(modifyEnvironment)"}}} ================================================ FILE: src/agentversion ================================================ 3.999.999 ================================================ FILE: src/dev.cmd ================================================ @setlocal @echo off rem Check if SH_PATH is defined. if defined SH_PATH ( goto run ) rem Attempt to resolve sh.exe from the PATH. where sh.exe 1>"%TEMP%\where_sh" 2>nul set /p SH_PATH= < "%TEMP%\where_sh" del "%TEMP%\where_sh" if defined SH_PATH ( goto run ) rem Check well-known locations. set SH_PATH=C:\Program Files\Git\bin\sh.exe if exist "%SH_PATH%" ( goto run ) echo Unable to resolve location of sh.exe. 1>&2 exit /b 1 :run echo on "%SH_PATH%" "%~dp0dev.sh" %* ================================================ FILE: src/dev.sh ================================================ #!/bin/bash ############################################################################### # # ./dev.sh build/layout/test/package [Debug/Release] [optional: runtime ID] # ############################################################################### set -eo pipefail ALL_ARGS=("$@") DEV_CMD=$1 TARGET_FRAMEWORK=$2 DEV_CONFIG=$3 DEV_RUNTIME_ID=$4 DEV_TEST_FILTERS=$5 DEV_ARGS=("${ALL_ARGS[@]:5}") SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "$SCRIPT_DIR/.helpers.sh" REPO_ROOT="${SCRIPT_DIR}/.." AGENT_VERSION=$(cat "$SCRIPT_DIR/agentversion" | head -n 1 | tr -d "\n\r") DOTNET_ERROR_PREFIX="##vso[task.logissue type=error]" DOTNET_WARNING_PREFIX="##vso[task.logissue type=warning]" PACKAGE_TYPE=${PACKAGE_TYPE:-agent} # agent or pipelines-agent if [[ "$PACKAGE_TYPE" == "pipelines-agent" ]]; then export INCLUDE_NODE6="false" export INCLUDE_NODE10="false" fi pushd "$SCRIPT_DIR" DEFAULT_TARGET_FRAMEWORK="net8.0" if [[ $TARGET_FRAMEWORK == "" ]]; then TARGET_FRAMEWORK=$DEFAULT_TARGET_FRAMEWORK fi function get_net_version() { local dotnet_versions=" net8.0-sdk=8.0.418 net8.0-runtime=8.0.24 net10.0-sdk=10.0.103 net10.0-runtime=10.0.3 " echo "$dotnet_versions" | grep -o "$1=[^ ]*" | cut -d '=' -f2 } DOTNET_SDK_VERSION=$(get_net_version "${TARGET_FRAMEWORK}-sdk") DOTNET_RUNTIME_VERSION=$(get_net_version "${TARGET_FRAMEWORK}-runtime") if [[ ($DOTNET_SDK_VERSION == "") || ($DOTNET_RUNTIME_VERSION == "") ]]; then failed "Incorrect target framework is specified" fi DOTNET_DIR="${REPO_ROOT}/_dotnetsdk" NUGET_DIR="${REPO_ROOT}/_l1/externals/nuget" BUILD_CONFIG="Debug" if [[ "$DEV_CONFIG" == "Release" ]]; then BUILD_CONFIG="Release" fi restore_dotnet_install_script() { # run dotnet-install.ps1 on windows, dotnet-install.sh on linux if [[ "${CURRENT_PLATFORM}" == "windows" ]]; then ext="ps1" else ext="sh" fi DOTNET_INSTALL_SCRIPT_NAME="dotnet-install.${ext}" DOTNET_INSTALL_SCRIPT_PATH="./Misc/${DOTNET_INSTALL_SCRIPT_NAME}" if [[ ! -e "${DOTNET_INSTALL_SCRIPT_PATH}" ]]; then curl -sSL "https://builds.dotnet.microsoft.com/dotnet/scripts/v1/${DOTNET_INSTALL_SCRIPT_NAME}" -o "${DOTNET_INSTALL_SCRIPT_PATH}" fi } function restore_sdk_and_runtime() { heading "Install .NET SDK ${DOTNET_SDK_VERSION} and Runtime ${DOTNET_RUNTIME_VERSION}" if [[ "${CURRENT_PLATFORM}" == "windows" ]]; then echo "Convert ${DOTNET_DIR} to Windows style path" local dotnet_windows_dir=${DOTNET_DIR:1} dotnet_windows_dir=${dotnet_windows_dir:0:1}:${dotnet_windows_dir:1} local architecture architecture=$(echo "$RUNTIME_ID" | cut -d "-" -f2) # We compile on an x64 machine, even when targeting ARM64. Thereby we are installing the x64 version of .NET instead of the arm64 version. if [[ "$architecture" == "arm64" ]]; then architecture="x64" fi printf "\nInstalling SDK...\n" powershell -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "& \"${DOTNET_INSTALL_SCRIPT_PATH}\" -Version ${DOTNET_SDK_VERSION} -InstallDir \"${dotnet_windows_dir}\" -Architecture ${architecture} -NoPath; exit \$LastExitCode;" || checkRC "${DOTNET_INSTALL_SCRIPT_NAME} (SDK)" printf "\nInstalling Runtime...\n" powershell -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "& \"${DOTNET_INSTALL_SCRIPT_PATH}\" -Runtime dotnet -Version ${DOTNET_RUNTIME_VERSION} -InstallDir \"${dotnet_windows_dir}\" -Architecture ${architecture} -SkipNonVersionedFiles -NoPath; exit \$LastExitCode;" || checkRC "${DOTNET_INSTALL_SCRIPT_NAME} (Runtime)" else printf "\nInstalling SDK...\n" bash "${DOTNET_INSTALL_SCRIPT_PATH}" --version "${DOTNET_SDK_VERSION}" --install-dir "${DOTNET_DIR}" --no-path || checkRC "${DOTNET_INSTALL_SCRIPT_NAME} (SDK)" printf "\nInstalling Runtime...\n" bash "${DOTNET_INSTALL_SCRIPT_PATH}" --runtime dotnet --version "${DOTNET_RUNTIME_VERSION}" --install-dir "${DOTNET_DIR}" --skip-non-versioned-files --no-path || checkRC "${DOTNET_INSTALL_SCRIPT_NAME} (Runtime)" fi } function warn_about_newer_versions() { echo "" # Extract major version from TARGET_FRAMEWORK (e.g., net10.0 -> 10.0, net8.0 -> 8.0) local dotnet_major_version="${TARGET_FRAMEWORK#net}" # Use official .NET APIs to get latest versions local latest_sdk latest_runtime local sdk_outdated=false local runtime_outdated=false # Get latest SDK version from official .NET feed latest_sdk=$(curl -s "https://builds.dotnet.microsoft.com/dotnet/Sdk/${dotnet_major_version}/latest.version" 2>/dev/null | tail -n 1 | tr -d '\r\n' || echo "") if [[ -z "$latest_sdk" ]]; then # Fallback to backup feed latest_sdk=$(curl -s "https://ci.dot.net/public/Sdk/${dotnet_major_version}/latest.version" 2>/dev/null | tail -n 1 | tr -d '\r\n' || echo "$DOTNET_SDK_VERSION") fi # Get latest Runtime version from official .NET feed latest_runtime=$(curl -s "https://builds.dotnet.microsoft.com/dotnet/Runtime/${dotnet_major_version}/latest.version" 2>/dev/null | tail -n 1 | tr -d '\r\n' || echo "") if [[ -z "$latest_runtime" ]]; then # Fallback to backup feed latest_runtime=$(curl -s "https://ci.dot.net/public/Runtime/${dotnet_major_version}/latest.version" 2>/dev/null | tail -n 1 | tr -d '\r\n' || echo "$DOTNET_RUNTIME_VERSION") fi # Check SDK version if [[ -n "$latest_sdk" && "$latest_sdk" != "$DOTNET_SDK_VERSION" ]]; then sdk_outdated=true fi # Check Runtime version if [[ -n "$latest_runtime" && "$latest_runtime" != "$DOTNET_RUNTIME_VERSION" ]]; then runtime_outdated=true fi if [[ "$sdk_outdated" == "true" || "$runtime_outdated" == "true" ]]; then echo "⚠️ WARNING: Newer .NET ${dotnet_major_version} versions available:" >&2 if [[ "$sdk_outdated" == "true" ]]; then echo " SDK: $latest_sdk (currently using $DOTNET_SDK_VERSION)" >&2 fi if [[ "$runtime_outdated" == "true" ]]; then echo " Runtime: $latest_runtime (currently using $DOTNET_RUNTIME_VERSION)" >&2 fi echo " Consider updating versions in dev.sh" >&2 fi } function detect_platform_and_runtime_id() { heading "Platform / RID detection" CURRENT_PLATFORM="windows" if [[ ($(uname) == "Linux") || ($(uname) == "Darwin") ]]; then CURRENT_PLATFORM=$(uname | awk '{print tolower($0)}') fi if [[ "$CURRENT_PLATFORM" == 'windows' ]]; then local processor_type=$(detect_system_architecture) echo "Detected Process Arch: $processor_type" # Default to win-x64 DETECTED_RUNTIME_ID='win-x64' if [[ "$processor_type" == 'x86' ]]; then DETECTED_RUNTIME_ID='win-x86' elif [[ "$processor_type" == 'ARM64' ]]; then DETECTED_RUNTIME_ID='win-arm64' fi elif [[ "$CURRENT_PLATFORM" == 'linux' ]]; then DETECTED_RUNTIME_ID="linux-x64" if command -v uname >/dev/null; then local CPU_NAME=$(uname -m) case $CPU_NAME in armv7l) DETECTED_RUNTIME_ID="linux-arm" ;; aarch64) DETECTED_RUNTIME_ID="linux-arm64" ;; esac fi if [ -e /etc/redhat-release ]; then redhatRelease=$(grep -oE "[0-9]+" /etc/redhat-release | awk "NR==1") if [[ "${redhatRelease}" -lt 7 ]]; then echo "RHEL supported for version 7 and higher." exit 1 fi fi if [ -e /etc/alpine-release ]; then DETECTED_RUNTIME_ID='linux-musl-x64' if [ $(uname -m) == 'aarch64' ]; then DETECTED_RUNTIME_ID='linux-musl-arm64' fi fi elif [[ "$CURRENT_PLATFORM" == 'darwin' ]]; then DETECTED_RUNTIME_ID='osx-x64' if command -v uname >/dev/null; then local CPU_NAME=$(uname -m) case $CPU_NAME in arm64) DETECTED_RUNTIME_ID="osx-arm64" ;; esac fi fi } function make_build() { TARGET=$1 echo "MSBuild target = ${TARGET}" if [[ "$ADO_ENABLE_LOGISSUE" == "true" ]]; then dotnet msbuild -t:"${TARGET}" -p:PackageRuntime="${RUNTIME_ID}" -p:PackageType="${PACKAGE_TYPE}" -p:BUILDCONFIG="${BUILD_CONFIG}" -p:AgentVersion="${AGENT_VERSION}" -p:LayoutRoot="${LAYOUT_DIR}" -p:CodeAnalysis="true" -p:TargetFramework="${TARGET_FRAMEWORK}" -p:RuntimeFrameworkVersion="${DOTNET_RUNTIME_VERSION}" | sed -e "/\: warning /s/^/${DOTNET_WARNING_PREFIX} /;" | sed -e "/\: error /s/^/${DOTNET_ERROR_PREFIX} /;" || failed build else dotnet msbuild -t:"${TARGET}" -p:PackageRuntime="${RUNTIME_ID}" -p:PackageType="${PACKAGE_TYPE}" -p:BUILDCONFIG="${BUILD_CONFIG}" -p:AgentVersion="${AGENT_VERSION}" -p:LayoutRoot="${LAYOUT_DIR}" -p:CodeAnalysis="true" -p:TargetFramework="${TARGET_FRAMEWORK}" -p:RuntimeFrameworkVersion="${DOTNET_RUNTIME_VERSION}" || failed build fi mkdir -p "${LAYOUT_DIR}/bin/en-US" grep -v '^ *"CLI-WIDTH-' ./Misc/layoutbin/en-US/strings.json >"${LAYOUT_DIR}/bin/en-US/strings.json" } function cmd_build() { heading "Building" make_build "Build" } function cmd_layout() { heading "Creating layout" make_build "Layout" #change execution flag to allow running with sudo if [[ ("$CURRENT_PLATFORM" == "linux") || ("$CURRENT_PLATFORM" == "darwin") ]]; then chmod +x "${LAYOUT_DIR}/bin/Agent.Listener" chmod +x "${LAYOUT_DIR}/bin/Agent.Worker" chmod +x "${LAYOUT_DIR}/bin/Agent.PluginHost" chmod +x "${LAYOUT_DIR}/bin/installdependencies.sh" fi heading "Setup externals folder for $RUNTIME_ID agent's layout" bash ./Misc/externals.sh $RUNTIME_ID || checkRC externals.sh } function cmd_test_l0() { heading "Testing L0" if [[ ("$CURRENT_PLATFORM" == "linux") || ("$CURRENT_PLATFORM" == "darwin") ]]; then ulimit -n 1024 fi TestFilters="Level=L0&SkipOn!=${CURRENT_PLATFORM}" if [[ "$DEV_TEST_FILTERS" != "" ]]; then TestFilters="$TestFilters&$DEV_TEST_FILTERS" fi dotnet msbuild -t:testl0 -tl:off -p:PackageRuntime="${RUNTIME_ID}" -p:PackageType="${PACKAGE_TYPE}" -p:BUILDCONFIG="${BUILD_CONFIG}" -p:AgentVersion="${AGENT_VERSION}" -p:LayoutRoot="${LAYOUT_DIR}" -p:TestFilters="${TestFilters}" -p:TargetFramework="${TARGET_FRAMEWORK}" -p:RuntimeFrameworkVersion="${DOTNET_RUNTIME_VERSION}" "${DEV_ARGS[@]}" || failed "failed tests" } function cmd_test_l1() { heading "Clean" dotnet msbuild -t:cleanl1 -p:PackageRuntime="${RUNTIME_ID}" -p:PackageType="${PACKAGE_TYPE}" -p:BUILDCONFIG="${BUILD_CONFIG}" -p:AgentVersion="${AGENT_VERSION}" -p:LayoutRoot="${LAYOUT_DIR}" || failed build heading "Setup externals folder for $RUNTIME_ID agent's layout" bash ./Misc/externals.sh $RUNTIME_ID "" "_l1" "true" || checkRC externals.sh heading "Testing L1" if [[ ("$CURRENT_PLATFORM" == "linux") || ("$CURRENT_PLATFORM" == "darwin") ]]; then ulimit -n 1024 fi TestFilters="Level=L1&SkipOn!=${CURRENT_PLATFORM}" if [[ "$DEV_TEST_FILTERS" != "" ]]; then TestFilters="$TestFilters&$DEV_TEST_FILTERS" fi dotnet msbuild -t:testl1 -tl:off -p:PackageRuntime="${RUNTIME_ID}" -p:PackageType="${PACKAGE_TYPE}" -p:BUILDCONFIG="${BUILD_CONFIG}" -p:AgentVersion="${AGENT_VERSION}" -p:LayoutRoot="${LAYOUT_DIR}" -p:TestFilters="${TestFilters}" -p:TargetFramework="${TARGET_FRAMEWORK}" -p:RuntimeFrameworkVersion="${DOTNET_RUNTIME_VERSION}" "${DEV_ARGS[@]}" || failed "failed tests" } function cmd_test() { cmd_test_l0 cmd_test_l1 } function cmd_package() { if [ ! -d "${LAYOUT_DIR}/bin" ]; then echo "You must build first. Expecting to find ${LAYOUT_DIR}/bin" fi agent_ver="$AGENT_VERSION" || failed "version" if [[ ("$PACKAGE_TYPE" == "pipelines-agent") ]]; then agent_pkg_name="pipelines-agent-${RUNTIME_ID}-${agent_ver}" else agent_pkg_name="vsts-agent-${RUNTIME_ID}-${agent_ver}" fi # TEMPORARY - need to investigate why Agent.Listener --version is throwing an error on OS X if [ $("${LAYOUT_DIR}/bin/Agent.Listener" --version | wc -l) -gt 1 ]; then echo "Error thrown during --version call!" log_file=$("${LAYOUT_DIR}/bin/Agent.Listener" --version | head -n 2 | tail -n 1 | cut -d\ -f6) cat "${log_file}" fi # END TEMPORARY heading "Packaging ${agent_pkg_name}" rm -Rf "${LAYOUT_DIR:?}/_diag" mkdir -p "$PACKAGE_DIR" rm -Rf "${PACKAGE_DIR:?}"/* pushd "$PACKAGE_DIR" >/dev/null if [[ ("$CURRENT_PLATFORM" == "linux") || ("$CURRENT_PLATFORM" == "darwin") ]]; then tar_name="${agent_pkg_name}.tar.gz" echo "Creating $tar_name in ${PACKAGE_DIR}" tar -czf "${tar_name}" -C "${LAYOUT_DIR}" . elif [[ ("$CURRENT_PLATFORM" == "windows") ]]; then zip_name="${agent_pkg_name}.zip" echo "Convert ${LAYOUT_DIR} to Windows style path" window_path=${LAYOUT_DIR:1} window_path=${window_path:0:1}:${window_path:1} echo "Creating $zip_name in ${window_path}" powershell -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "Add-Type -Assembly \"System.IO.Compression.FileSystem\"; [System.IO.Compression.ZipFile]::CreateFromDirectory(\"${window_path}\", \"${zip_name}\")" fi popd >/dev/null } function cmd_hash() { pushd "$PACKAGE_DIR" >/dev/null files=$(ls -1) number_of_files=$(wc -l <<<"$files") if [[ number_of_files -ne 1 ]]; then echo "Expecting to find exactly one file (agent package) in $PACKAGE_DIR" exit 1 fi agent_package_file=$files rm -rf ../../_package_hash mkdir ../../_package_hash openssl dgst -sha256 $agent_package_file >>"../../_package_hash/$agent_package_file.sha256" popd >/dev/null } function cmd_report() { heading "Generating Reports" if [[ ("$CURRENT_PLATFORM" != "windows") ]]; then echo "Coverage reporting only available on Windows" exit 1 fi mkdir -p "$REPORT_DIR" LATEST_COVERAGE_FILE=$(find "${SCRIPT_DIR}/Test/TestResults" -type f -name '*.coverage' -print0 | xargs -r -0 ls -1 -t | head -1) if [[ ("$LATEST_COVERAGE_FILE" == "") ]]; then echo "No coverage file found. Skipping coverage report generation." else COVERAGE_REPORT_DIR=$REPORT_DIR/coverage mkdir -p "$COVERAGE_REPORT_DIR" rm -Rf "${COVERAGE_REPORT_DIR:?}"/* echo "Found coverage file $LATEST_COVERAGE_FILE" COVERAGE_XML_FILE="$COVERAGE_REPORT_DIR/coverage.xml" echo "Converting to XML file $COVERAGE_XML_FILE" dotnet-coverage merge "$LATEST_COVERAGE_FILE" --output "$COVERAGE_XML_FILE" --output-format xml if ! command -v reportgenerator.exe >/dev/null; then echo "reportgenerator not installed. Skipping generation of HTML reports" echo "To install: " echo " % dotnet tool install --global dotnet-reportgenerator-globaltool" exit 0 fi echo "Generating HTML report" reportgenerator.exe "-reports:$COVERAGE_XML_FILE" "-reporttypes:Html;Cobertura" "-targetdir:$COVERAGE_REPORT_DIR/coveragereport" fi } function cmd_lint() { heading "Linting source code" "${DOTNET_DIR}/dotnet" format -v diag "$REPO_ROOT/azure-pipelines-agent.sln" || checkRC "cmd_lint" } function cmd_lint_verify() { heading "Validating linted code" "${DOTNET_DIR}/dotnet" format --verify-no-changes -v diag "$REPO_ROOT/azure-pipelines-agent.sln" || checkRC "cmd_lint_verify" } function detect_system_architecture() { local processor # Variable to hold the processor type (e.g., x, ARM) local os_arch # Variable to hold the OS bitness (e.g., 64, 86) # Detect processor type using PROCESSOR_IDENTIFIER # Check for AMD64 or Intel in the variable to classify as "x" (covers x86 and x64 processors) if [[ "$PROCESSOR_IDENTIFIER" =~ "AMD64" || "$PROCESSOR_IDENTIFIER" =~ "Intel64" ]]; then processor="x" # Check for ARM64 in the variable to classify as "ARM" elif [[ "$PROCESSOR_IDENTIFIER" =~ "ARM" || "$PROCESSOR_IDENTIFIER" =~ "Arm" ]]; then processor="ARM" # Default to "x" for unknown or unhandled cases else processor="x" fi # Detect OS bitness using uname # "x86_64" indicates a 64-bit operating system if [[ "$(uname -m)" == "x86_64" ]]; then os_arch="64" # "i686" or "i386" indicates a 32-bit operating system elif [[ "$(uname -m)" == "i686" || "$(uname -m)" == "i386" ]]; then os_arch="86" # "aarch64" indicates a 64-bit ARM operating system elif [[ "$(uname -m)" == "aarch64" ]]; then os_arch="64" # Default to "64" for unknown or unhandled cases else os_arch="64" fi # Note: AMD32 does not exist as a specific label; 32-bit AMD processors are referred to as x86. # ARM32 also does not exist in this context; ARM processors are always 64-bit. # Combine processor type and OS bitness for the final result # Examples: # - "x64" for Intel/AMD 64-bit # - "x86" for Intel/AMD 32-bit # - "ARM64" for ARM 64-bit echo "${processor}${os_arch}" } detect_platform_and_runtime_id echo "Current platform: $CURRENT_PLATFORM" echo "Current runtime ID: $DETECTED_RUNTIME_ID" if [ "$DEV_RUNTIME_ID" ]; then RUNTIME_ID=$DEV_RUNTIME_ID else RUNTIME_ID=$DETECTED_RUNTIME_ID fi _VALID_RIDS='linux-x64:linux-arm:linux-arm64:linux-musl-x64:linux-musl-arm64:osx-x64:osx-arm64:win-x64:win-x86:win-arm64' if [[ ":$_VALID_RIDS:" != *:$RUNTIME_ID:* ]]; then failed "must specify a valid target runtime ID (one of: $_VALID_RIDS)" fi echo "Building for runtime ID: $RUNTIME_ID" LAYOUT_DIR="${REPO_ROOT}/_layout/${RUNTIME_ID}" DOWNLOAD_DIR="${REPO_ROOT}/_downloads/${RUNTIME_ID}/netcore2x" PACKAGE_DIR="${REPO_ROOT}/_package/${RUNTIME_ID}" REPORT_DIR="${REPO_ROOT}/_reports/${RUNTIME_ID}" restore_dotnet_install_script restore_sdk_and_runtime heading ".NET SDK to path" echo "Adding .NET SDK to PATH (${DOTNET_DIR})" export PATH=${DOTNET_DIR}/sdk/${DOTNET_SDK_VERSION}:${DOTNET_DIR}:$PATH export PATH=${NUGET_DIR}:$PATH echo "Path = $PATH" echo ".NET Version = $(dotnet --version)" heading "Pre-caching external resources for $RUNTIME_ID" mkdir -p "${LAYOUT_DIR}" >/dev/null bash ./Misc/externals.sh $RUNTIME_ID "Pre-Cache" || checkRC "externals.sh Pre-Cache" if [[ "$CURRENT_PLATFORM" == 'windows' ]]; then vswhere=$(find "$DOWNLOAD_DIR" -name vswhere.exe | head -1) vs_location=$("$vswhere" -latest -property installationPath) msbuild_location="$vs_location""\MSBuild\15.0\Bin\msbuild.exe" if [[ ! -e "${msbuild_location}" ]]; then msbuild_location="$vs_location""\MSBuild\Current\Bin\msbuild.exe" if [[ ! -e "${msbuild_location}" ]]; then failed "Can not find msbuild location, failing build" fi fi export DesktopMSBuild="$msbuild_location" fi case $DEV_CMD in "build") cmd_build ;; "b") cmd_build ;; "test") cmd_test ;; "t") cmd_test ;; "testl0") cmd_test_l0 ;; "l0") cmd_test_l0 ;; "testl1") cmd_test_l1 ;; "l1") cmd_test_l1 ;; "layout") cmd_layout ;; "l") cmd_layout ;; "package") cmd_package ;; "p") cmd_package ;; "hash") cmd_hash ;; "report") cmd_report ;; "lint") cmd_lint ;; "lint-verify") cmd_lint_verify ;; *) echo "Invalid command. Use (l)ayout, (b)uild, (t)est, test(l0), test(l1), or (p)ackage." ;; esac popd # Check for newer .NET versions at the end so it's visible warn_about_newer_versions echo echo Done. echo ================================================ FILE: src/dir.proj ================================================ $(MSBuildProjectDirectory)/../_layout/unknown $(MSBuildProjectDirectory)/../_l1 true ================================================ FILE: tools/FindAgentsNotCompatibleWithAgent/QueryAgentPoolsForCompatibleOS.ps1 ================================================ #!/usr/bin/env pwsh <# .SYNOPSIS Predict whether agents will be able to upgrade from pipeline agent v2 or v3 to agent v4 .DESCRIPTION The Azure Pipeline agent v2 uses .NET 3.1 Core, and agent v3 uses .NET 6, while agent v4 runs on .NET 8. This means agent v4 will drop support for operating systems not supported by .NET 8 (https://github.com/dotnet/core/blob/main/release-notes/8.0/supported-os.md) This script will try to predict whether an agent will be able to upgrade, using the osDescription attribute of the agent. For Linux and macOS, this contains the output of 'uname -a`. Note the Pipeline agent has more context about the operating system of the host it is running on (e.g. 'lsb_release -a' output), and is able to make a better informed decision on whether to upgrade or not. Hence the output of this script is an indication wrt what the agent will do, but will include results where there is no sufficient information to include a prediction. This script requires a PAT token with read access on 'Agent Pools' scope. For more information, go to https://aka.ms/azdo-pipeline-agent-version. .EXAMPLE ./QueryAgentPoolsForCompatibleOS.ps1 -Token "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" .EXAMPLE $env:AZURE_DEVOPS_EXT_PAT = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" ./QueryAgentPoolsForCompatibleOS.ps1 -PoolId 1234 -Filter V4InCompatible -Verbose -OpenCsv #> #Requires -Version 7.2 [CmdletBinding(DefaultParameterSetName="pool")] param ( [parameter(Mandatory=$false,ParameterSetName="pool")] [string] $OrganizationUrl=$env:AZDO_ORG_SERVICE_URL, [parameter(Mandatory=$false,ParameterSetName="pool")] [int[]] $PoolId, [parameter(Mandatory=$false,ParameterSetName="pool")] [int] $MaxPools=4096, [parameter(Mandatory=$false,HelpMessage="PAT token with read access on 'Agent Pools' scope",ParameterSetName="pool")] [string] $Token=($env:AZURE_DEVOPS_EXT_PAT ?? $env:AZDO_PERSONAL_ACCESS_TOKEN), [parameter(Mandatory=$false,ParameterSetName="os")] [string[]] $OS, [parameter(Mandatory=$false)] [parameter(ParameterSetName="pool")] [parameter(ParameterSetName="os")] [ValidateSet("All", "ExcludeMissingOS", "MissingOS", "V4Compatible", "V4CompatibilityIssues", "V4CompatibilityUnknown", "V4InCompatible")] [string] $Filter="V4CompatibilityIssues", [parameter(Mandatory=$false)] [switch] $OpenCsv=$false, [parameter(Mandatory=$false)] [switch] $IncludeMissingOSInStatistics=$false, [parameter(Mandatory=$false,HelpMessage="Do not ask for input to start processing",ParameterSetName="pool")] [switch] $Force=$false ) class ClassificationResult { hidden [int]$_sortOrder = 1 hidden [string]$_upgradeStatement = "OS (version) unknown, agent won't upgrade to v4 automatically" [ValidateSet($null, $true, $false)] hidden [object]$_v4AgentSupportsOS [ValidateSet("MissingOS", "Unsupported", "Unknown", "UnknownOS", "UnknownOSVersion", "UnsupportedOSVersion", "Supported")] hidden [string]$_v4AgentSupportsOSText = "Unknown" [string]$_reason ClassificationResult() { $this | Add-Member -Name Reason -MemberType ScriptProperty -Value { # Get return $this._reason } -SecondValue { # Set param($value) $this._reason = $value Write-Debug "ClassificationResult.Reason = ${value}" } $this | Add-Member -Name SortOrder -MemberType ScriptProperty -Value { return $this._sortOrder } $this | Add-Member -Name UpgradeStatement -MemberType ScriptProperty -Value { # Get return $this._upgradeStatement } -SecondValue { # Set param($value) $this._upgradeStatement = $value } $this | Add-Member -Name V4AgentSupportsOS -MemberType ScriptProperty -Value { # Get return $this._v4AgentSupportsOS } -SecondValue { # Set param($value) $this._v4AgentSupportsOS = $value if ($null -eq $value) { $this._sortOrder = 1 $this._v4AgentSupportsOSText = "Unknown" $this._upgradeStatement = "OS (version) unknown, agent won't upgrade to v4 automatically" } elseif ($value) { $this._sortOrder = 2 $this._v4AgentSupportsOSText = "Supported" $this._upgradeStatement = "OS supported by v4 agent, agent will automatically upgrade to v4" } else { $this._sortOrder = 0 $this._v4AgentSupportsOSText = "Unsupported" $this._upgradeStatement = "OS not supported by v4 agent, agent won't upgrade to v4" } } $this | Add-Member -Name V4AgentSupportsOSText -MemberType ScriptProperty -Value { # Get return $this._v4AgentSupportsOSText } -SecondValue { # Set param($value) $this._v4AgentSupportsOSText = $value } } } function Classify-OS ( [parameter(Mandatory=$false)][string]$AgentOS, [parameter(Mandatory=$true)][psobject]$Agent ) { Write-Debug "AgentOS: ${AgentOS}" $result = Validate-OS -OSDescription $AgentOS $Agent | Add-Member -NotePropertyName ValidationResult -NotePropertyValue $result } function Filter-Agents ( [parameter(Mandatory=$true,ValueFromPipeline=$true)][psobject[]]$Agents, [parameter(Mandatory=$true)][string]$AgentFilter ) { process { switch ($AgentFilter) { "All" { $Agents } "ExcludeMissingOS" { $Agents | Where-Object {![string]::IsNullOrWhiteSpace($_.OS)} } "MissingOS" { $Agents | Where-Object {[string]::IsNullOrWhiteSpace($_.OS)} } "V4Compatible" { $Agents | Where-Object {$_.ValidationResult.V4AgentSupportsOS -eq $true} } "V4CompatibilityIssues" { $Agents | Where-Object {$_.ValidationResult.V4AgentSupportsOS -ne $true} | Where-Object {![string]::IsNullOrWhiteSpace($_.OS)} } "V4CompatibilityUnknown" { $Agents | Where-Object {$null -eq $_.ValidationResult.V4AgentSupportsOS} } "V4InCompatible" { $Agents | Where-Object {$_.ValidationResult.V4AgentSupportsOS -eq $false} } default { $Agents } } } } function Open-Document ( [parameter(Mandatory=$true)][string]$Document ) { if ($IsMacOS) { open $Document return } if ($IsWindows) { Start-Process $Document return } } function Validate-OS { [OutputType([ClassificationResult])] param ( [parameter(Mandatory=$false)][string]$OSDescription ) $result = [ClassificationResult]::new() if (!$OSDescription) { $result = [ClassificationResult]::new() $result.UpgradeStatement = "OS description missing" $result.V4AgentSupportsOSText = "MissingOS" return $result } # Parse operating system description switch -regex ($OSDescription) { # Debian "Linux 4.9.0-16-amd64 #1 SMP Debian 4.9.272-2 (2021-07-19)" "(?im)^Linux.* Debian (?[\d]+)(\.(?[\d]+))(\.(?[\d]+))?.*$" { Write-Debug "Debian: '$OSDescription'" [version]$kernelVersion = ("{0}.{1}" -f $Matches["Major"],$Matches["Minor"]) Write-Debug "Debian Linux Kernel $($kernelVersion.ToString())" [version]$minKernelVersion = '5.10' # https://wiki.debian.org/DebianBullseye if ($kernelVersion -ge $minKernelVersion) { $result.Reason = "Supported Debian Linux kernel version: ${kernelVersion}" $result.V4AgentSupportsOS = $true return $result } else { $result.Reason = "Unsupported Debian Linux kernel version: ${kernelVersion} (see https://wiki.debian.org/DebianReleases)" $result.V4AgentSupportsOS = $false $result.V4AgentSupportsOSText = "UnsupportedOSVersion" return $result } } # Fedora "Linux 5.11.22-100.fc32.x86_64 #1 SMP Wed May 19 18:58:25 UTC 2021" "(?im)^Linux.*\.fc(?[\d]+)\..*$" { Write-Debug "Fedora: '$OSDescription'" [int]$fedoraVersion = $Matches["Major"] Write-Debug "Fedora ${fedoraVersion}" if ($fedoraVersion -ge 38) { $result.Reason = "Supported Fedora version: ${fedoraVersion}" $result.V4AgentSupportsOS = $true return $result } else { $result.Reason = "Unsupported Fedora version: ${fedoraVersion}" $result.V4AgentSupportsOS = $false $result.V4AgentSupportsOSText = "UnsupportedOSVersion" return $result } } # Red Hat / CentOS "Linux 4.18.0-425.3.1.el8.x86_64 #1 SMP Fri Sep 30 11:45:06 EDT 2022" "(?im)^Linux.*\.el(?[\d]+).*$" { Write-Debug "Red Hat / CentOS / Oracle Linux: '$OSDescription'" [int]$majorVersion = $Matches["Major"] Write-Debug "Red Hat ${majorVersion}" if ($majorVersion -ge 8) { $result.Reason = "Supported RHEL / CentOS / Oracle Linux version: ${majorVersion}" $result.V4AgentSupportsOS = $true return $result } else { $result.Reason = "Unsupported RHEL / CentOS / Oracle Linux version: ${majorVersion}" $result.V4AgentSupportsOS = $false $result.V4AgentSupportsOSText = "UnsupportedOSVersion" return $result } } # Ubuntu "Linux 4.15.0-1113-azure #126~16.04.1-Ubuntu SMP Tue Apr 13 16:55:24 UTC 2021" "(?im)^Linux.*[^\d]+((?[\d]+)((\.(?[\d]+))(\.(?[\d]+)))(\.(?[\d]+))?)-Ubuntu.*$" { Write-Debug "Ubuntu: '$OSDescription'" [int]$majorVersion = $Matches["Major"] Write-Debug "Ubuntu ${majorVersion}" if ($majorVersion -lt 20) { $result.Reason = "Unsupported Ubuntu version: ${majorVersion}" $result.V4AgentSupportsOS = $false $result.V4AgentSupportsOSText = "UnsupportedOSVersion" return $result } if (($majorVersion % 2) -ne 0) { $result.Reason = "non-LTS Ubuntu version: ${majorVersion}" $result.V4AgentSupportsOSText = "UnsupportedOSVersion" return $result } Write-Debug "Supported Ubuntu version: ${majorVersion}" $result.V4AgentSupportsOS = $true return $result } # Ubuntu "Linux 3.19.0-26-generic #28-Ubuntu SMP Tue Aug 11 14:16:32 UTC 2015" # Ubuntu 22 "Linux 5.15.0-1023-azure #29-Ubuntu SMP Wed Oct 19 22:37:08 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux" "(?im)^Linux (?[\d]+)(\.(?[\d]+)).*-Ubuntu.*$" { Write-Debug "Ubuntu (no version declared): '$OSDescription'" [version]$kernelVersion = ("{0}.{1}" -f $Matches["KernelMajor"],$Matches["KernelMinor"]) Write-Debug "Ubuntu Linux Kernel $($kernelVersion.ToString())" [version[]]$supportedKernelVersions = @( '5.4', # 20.04 '5.8', # 20.04 '5.15', # 22.04 '6.18' # 24.04 ) [version]$minKernelVersion = ($supportedKernelVersions | Measure-Object -Minimum | Select-Object -ExpandProperty Minimum) if ($kernelVersion -lt $minKernelVersion ) { $result.Reason = "Unsupported Ubuntu Linux kernel version: ${kernelVersion}` (see https://ubuntu.com/kernel/lifecycle)" $result.V4AgentSupportsOS = $false $result.V4AgentSupportsOSText = "UnsupportedOSVersion" return $result } if ($kernelVersion -in $supportedKernelVersions) { $result.Reason = "Supported Ubuntu Linux kernel version: ${kernelVersion}" $result.V4AgentSupportsOS = $true return $result } $result.Reason = "Unknown Ubuntu version: '$OSDescription'" $result.V4AgentSupportsOSText = "UnknownOSVersion" return $result } # macOS "Darwin 17.6.0 Darwin Kernel Version 17.6.0: Tue May 8 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64" "(?im)^Darwin (?[\d]+)(\.(?[\d]+)).*$" { Write-Debug "macOS (Darwin): '$OSDescription'" [version]$darwinVersion = ("{0}.{1}" -f $Matches["DarwinMajor"],$Matches["DarwinMinor"]) Write-Debug "Darwin $($darwinVersion.ToString())" [version]$minDarwinVersion = '21.0' if ($darwinVersion -ge $minDarwinVersion) { $result.Reason = "Supported Darwin (macOS) version: ${darwinVersion}" $result.V4AgentSupportsOS = $true return $result } else { $result.Reason = "Unsupported Darwin (macOS) version): ${darwinVersion} (see https://en.wikipedia.org/wiki/Darwin_(operating_system)" $result.V4AgentSupportsOS = $false $result.V4AgentSupportsOSText = "UnsupportedOSVersion" return $result } } # Windows 10 / 11 / Server 2016+ "Microsoft Windows 10.0.20348" "(?im)^(Microsoft Windows|Windows_NT) (?[\d]+)(\.(?[\d]+))(\.(?[\d]+)).*$" { [int]$windowsMajorVersion = $Matches["Major"] [int]$windowsMinorVersion = $Matches["Minor"] [int]$windowsBuild = $Matches["Build"] [version]$windowsVersion = ("{0}.{1}.{2}" -f $Matches["Major"],$Matches["Minor"],$Matches["Build"]) Write-Debug "Windows: '$OSDescription'" Write-Debug "Windows $($windowsVersion.ToString())" if (($windowsMajorVersion -eq 10) -and ($windowsMinorVersion -eq 0)) { if ($windowsBuild -eq 14393) { # Windows 10 / Windows Server 2016 $result.Reason = "Supported Windows build: ${windowsVersion}" $result.V4AgentSupportsOS = $true return $result } elseif ($windowsBuild -eq 17763) { # Windows 10 / Windows Server 2019 $result.Reason = "Supported Windows build: ${windowsVersion}" $result.V4AgentSupportsOS = $true return $result } elseif ($windowsBuild -ge 19044) { # Windows 10 / Windows Server 2022 / Windows 11 $result.Reason = "Supported Windows build: ${windowsVersion}" $result.V4AgentSupportsOS = $true return $result } else { $result.Reason = "Unsupported Windows build: ${windowsVersion}" $result.V4AgentSupportsOS = $false $result.V4AgentSupportsOSText = "UnsupportedOSVersion" return $result } } if (($windowsMajorVersion -eq 6) -and ($windowsMinorVersion -eq 2) -and ($windowsBuild -eq 9200)) { # Windows Server 2012 $result.Reason = "Supported Windows Server 2012 version: ${windowsVersion}" $result.V4AgentSupportsOS = $true return $result } if (($windowsMajorVersion -eq 6) -and ($windowsMinorVersion -eq 3) -and ($windowsBuild -eq 9600)) { # Windows Server 2012 R2 $result.Reason = "Supported Windows Server 2012-R2 version: ${windowsVersion}" $result.V4AgentSupportsOS = $true return $result } if ($windowsMajorVersion -eq 6) { # Windows 7 / 8 / Windows Server 2012 R1 $result.Reason = "Windows 7 / Windows 8 / Windows Server 2012-R1 is not supported: ${windowsVersion}" $result.V4AgentSupportsOS = $false $result.V4AgentSupportsOSText = "UnsupportedOSVersion" return $result } $result.Reason = "Unknown Windows version: '${OSDescription}'" $result.V4AgentSupportsOSText = "UnknownOSVersion" return $result } default { $result.Reason = "Unknown operating system: '$OSDescription'" $result.V4AgentSupportsOSText = "UnknownOS" return $result } } } if (!$OS -and !$OrganizationUrl) { Get-Help $MyInvocation.MyCommand.Definition return } if ($OS) { # Process OS parameter set $OS | ForEach-Object { New-Object PSObject -Property @{ OS = $_ } | Set-Variable agent Classify-OS -AgentOS $_ -Agent $agent Write-Output $agent } | Filter-Agents -AgentFilter $Filter ` | Format-Table -Property OS,` @{Label="UpgradeStatement"; Expression={ if ($_.ValidationResult.V4AgentSupportsOS -eq $null) { "$($PSStyle.Formatting.Warning)$($_.ValidationResult.UpgradeStatement)$($PSStyle.Reset)" } elseif ($_.ValidationResult.V4AgentSupportsOS) { $_.ValidationResult.UpgradeStatement } else { "$($PSStyle.Formatting.Error)$($_.ValidationResult.UpgradeStatement)$($PSStyle.Reset)" } }} | Out-Host -Paging return } # Process pool parameter set if (!$OrganizationUrl) { Write-Warning "OrganizationUrl is required. Please specify -OrganizationUrl or set the AZDO_ORG_SERVICE_URL environment variable." exit 1 } $OrganizationUrl = $OrganizationUrl -replace "/$","" # Strip trailing '/' if (!$Token) { Write-Warning "No access token found. Please specify -Token or set the AZURE_DEVOPS_EXT_PAT or AZDO_PERSONAL_ACCESS_TOKEN environment variable." exit 1 } if (!(Get-Command az -ErrorAction SilentlyContinue)) { Write-Warning "Azure CLI not found. Please install it." exit 1 } if (!(az extension list --query "[?name=='azure-devops'].version" -o tsv)) { Write-Host "Adding Azure CLI extension 'azure-devops'..." az extension add -n azure-devops -y } Write-Host "`n$($PSStyle.Formatting.FormatAccent)This script will process all self-hosted pools in organization '${OrganizationUrl}' to:$($PSStyle.Reset)" Write-Host "$($PSStyle.Formatting.FormatAccent)- Create an aggregated list of agents filtered by '${Filter}'$($PSStyle.Reset)" Write-Host "$($PSStyle.Formatting.FormatAccent)- Create a CSV export of that list (so you can walk away from the computer when this runs)$($PSStyle.Reset)" Write-Host "$($PSStyle.Formatting.FormatAccent)- Show list of agents filtered by '${Filter}' (list repeated at the end of script output)$($PSStyle.Reset)" Write-Host "$($PSStyle.Formatting.FormatAccent)Note the Pipeline agent has more context about the operating system of the host it is running on (e.g. 'lsb_release -a' output), and is able to make a better informed decision on whether to upgrade or not.$($PSStyle.Reset)" if (!$Force) { # Prompt to continue $choices = @( [System.Management.Automation.Host.ChoiceDescription]::new("&Continue", "Process pools") [System.Management.Automation.Host.ChoiceDescription]::new("&Exit", "Abort") ) $defaultChoice = 0 $decision = $Host.UI.PromptForChoice("Continue", "Do you wish to proceed retrieving data for agents in all pools in '${OrganizationUrl}'?", $choices, $defaultChoice) if ($decision -eq 0) { Write-Host "$($choices[$decision].HelpMessage)" } else { Write-Host "$($PSStyle.Formatting.Warning)$($choices[$decision].HelpMessage)$($PSStyle.Reset)" exit } } Write-Host "`nAuthenticating to organization ${OrganizationUrl}..." $Token | az devops login --organization $OrganizationUrl az devops configure --defaults organization=$OrganizationUrl if (!$PoolId) { Write-Host "Retrieving self-hosted pools for organization ${OrganizationUrl}..." az pipelines pool list --query "[?!isHosted].id" ` -o tsv ` | Set-Variable PoolId } $PoolId | Measure-Object ` | Select-Object -ExpandProperty Count ` | Set-Variable totalNumberOfPools $script:allAgents = [System.Collections.ArrayList]@() try { $poolIndex = 0; $totalNumberOfAgents = 0; $numberOfPoolsToProcess = [math]::min($MaxPools,$totalNumberOfPools) foreach ($individualPoolId in $PoolId) { $poolIndex++ if ($poolIndex -gt $MaxPools) { break } $OuterLoopProgressParameters = @{ ID = 0 Activity = "Processing pools" Status = "Pool ${poolIndex} of ${numberOfPoolsToProcess}" PercentComplete = ($poolIndex / $totalNumberOfPools) * 100 CurrentOperation = 'OuterLoop' } Write-Progress @OuterLoopProgressParameters $agents = $null $poolUrl = ("{0}/_settings/agentpools?poolId={1}" -f $OrganizationUrl,$individualPoolId) Write-Verbose "Retrieving pool with id '${individualPoolId}' in (${OrganizationUrl})..." az pipelines pool show --id $individualPoolId ` --query "name" ` -o tsv ` | Set-Variable poolName Write-Host "Retrieving v2 and v3 agents for pool '${poolName}' (${poolUrl})..." Write-Debug "az pipelines agent list --pool-id ${individualPoolId} --include-capabilities --query `"[?starts_with(version,'2.') || starts_with(version,'3.')]`"" az pipelines agent list --pool-id $individualPoolId ` --include-capabilities ` --query "[?starts_with(version,'2.') || starts_with(version,'3.')]" ` -o json ` | ConvertFrom-Json ` | Set-Variable agents if ($agents) { $agents | Measure-Object ` | Select-Object -ExpandProperty Count ` | Set-Variable totalNumberOfAgentsInPool $agentIndex = 0 $agents | ForEach-Object { $agentIndex++ $totalNumberOfAgents++ $osConsolidated = $_.osDescription $capabilityOSDescription = ("{0} {1}" -f $_.systemCapabilities."Agent.OS",$_.systemCapabilities."Agent.OSVersion") if ($capabilityOSDescription -and !$osConsolidated -and ![string]::IsNullOrWhiteSpace($capabilityOSDescription)) { $osConsolidated = $capabilityOSDescription } Write-Debug "osConsolidated: ${osConsolidated}" Write-Debug "capabilityOSDescription: ${capabilityOSDescription}" Classify-OS -AgentOS $osConsolidated -Agent $_ $agentUrl = "{0}/_settings/agentpools?agentId={2}&poolId={1}" -f $OrganizationUrl,$individualPoolId,$_.id $_ | Add-Member -NotePropertyName AgentUrl -NotePropertyValue $agentUrl $_ | Add-Member -NotePropertyName OS -NotePropertyValue $osConsolidated $_ | Add-Member -NotePropertyName PoolName -NotePropertyValue $poolName } $agents | Filter-Agents -AgentFilter $Filter ` | Format-Table -Property @{Label="Name"; Expression={$_.name}},` OS,` AgentUrl $script:allAgents.Add($agents) | Out-Null } else { Write-Host "There are no agents in pool '${poolName}' (${poolUrl})" } } } finally { Write-Progress Id 0 -Completed Write-Progress Id 1 -Completed $script:allAgents | ForEach-Object { # Flatten nested arrays $_ } ` | Set-Variable allAgents -Scope script $script:allAgents | Sort-Object -Property @{Expression = {$_.ValidationResult.SortOrder}; Descending = $false}, ` @{Expression = "PoolName"; Descending = $false}, ` @{Expression = "name"; Descending = $false} ` | Set-Variable allAgents -Scope script $exportFilePath = (Join-Path ([System.IO.Path]::GetTempPath()) "$([guid]::newguid().ToString()).csv") $script:allAgents | Filter-Agents -AgentFilter $Filter ` | Select-Object -Property @{Label="Name"; Expression={$_.name}},` @{Label="Id"; Expression={$_.id}},` @{Label="OS"; Expression={$_.OS -replace ";",""}},` @{Label="V4OS"; Expression={$_.ValidationResult.V4AgentSupportsOSText}},` @{Label="UpgradeStatement"; Expression={$_.ValidationResult.UpgradeStatement}},` @{Label="Reason"; Expression={$_.ValidationResult.Reason}},` @{Label="CreatedOn"; Expression={$_.createdOn}},` @{Label="StatusChangedOn"; Expression={$_.statusChangedOn}},` @{Label="Status"; Expression={$_.status}},` @{Label="Version"; Expression={$_.version}},` PoolName,` AgentUrl ` | Export-Csv -Path $exportFilePath if ($OpenCsv) { Open-Document -Document $exportFilePath } try { # Try block, in case the user cancels paging through results Write-Host "`nRetrieved agents with filter '${Filter}' in organization (${OrganizationUrl}) have been saved to ${exportFilePath}, and are repeated below" $script:allAgents | Filter-Agents -AgentFilter $Filter ` | Format-Table -Property @{Label="Name"; Expression={$_.name}},` OS,` @{Label="UpgradeStatement"; Expression={ if ($_.ValidationResult.V4AgentSupportsOS -eq $null) { "$($PSStyle.Formatting.Warning)$($_.ValidationResult.UpgradeStatement)$($PSStyle.Reset)" } elseif ($_.ValidationResult.V4AgentSupportsOS) { $_.ValidationResult.UpgradeStatement } else { "$($PSStyle.Formatting.Error)$($_.ValidationResult.UpgradeStatement)$($PSStyle.Reset)" } }},` @{Label="V4OS"; Expression={$_.ValidationResult.V4AgentSupportsOSText}},` PoolName,` AgentUrl ` | Out-Host -Paging } catch [System.Management.Automation.HaltCommandException] { Write-Warning "Skipped paging through results" } finally { if ($script:allAgents) { Write-Host "`nRetrieved agents with filter '${Filter}' in organization (${OrganizationUrl}) have been saved to ${exportFilePath}" Write-Host "Processed ${totalNumberOfAgents} agents in ${totalNumberOfPools} in organization '${OrganizationUrl}'" $statisticsFilter = (($Filter -ieq "All") -or $IncludeMissingOSInStatistics ? "All" : "ExcludeMissingOS") Write-Host "`nAgents by v2/v3 -> v4 compatibility (${statisticsFilter}):" $script:allAgents | Filter-Agents -AgentFilter $statisticsFilter ` | Group-Object {$_.ValidationResult.V4AgentSupportsOSText} ` | Set-Variable agentsSummary $agentsSummary | Measure-Object -Property Count -Sum | Select-Object -ExpandProperty Sum | Set-Variable totalNumberOfFilteredAgents $agentsSummary | Format-Table -Property @{Label="V4AgentSupportsOS"; Expression={$_.Name}},` Count,` @{Label="Percentage"; Expression={($_.Count / $totalNumberOfFilteredAgents).ToString("p")}} } } } ================================================ FILE: tools/FindAgentsNotCompatibleWithAgent/readme.md ================================================ # Finding Pipelines Targeting Retired Images The Azure Pipeline agent v2 uses .NET 3.1 Core, while agent v3 runs on .NET 6. This means agent v3 will drop support for operating systems no longer supported by .NET 6. For more information on the v3 agent, go to [aka.ms/azdo-pipeline-agent-version](https://aka.ms/azdo-pipeline-agent-version). This script will predict whether an agent will be able to upgrade from v2 to v3, using the operating system information of the agent. Note the Pipeline agent itself has more context about the operating system of the host it is running on, and is able to make the best informed decision on whether to upgrade or not. For more information, go to https://aka.ms/azdo-pipeline-agent-version. ## QueryAgentPoolsForCompatibleOS.ps1 usage: `.\QueryAgentPoolsForCompatibleOS.ps1 -OrganizationUrl -Token ` This script requires the [Azure CLI](https://aka.ms/install-azure-cli) to be installed locally, and a PAT token with read access on 'Agent Pools' scope. This script will produce a list of agents with compatibility concerns at the end of the script output, as well as export that to a CSV file so it can be opened in e.g. Excel. If you are using Excel, you can force it to be opened automatically to [import results](https://support.microsoft.com/office/import-or-export-text-txt-or-csv-files-5250ac4c-663c-47ce-937b-339e391393ba) using the `-OpenCsv` switch: `.\QueryAgentPoolsForCompatibleOS.ps1 -OrganizationUrl -Token -OpenCsv` For additional parameters that filter the output e.g. by pool, type: `.\QueryAgentPoolsForCompatibleOS.ps1 -?` ================================================ FILE: tools/FindPipelinesUsingRetiredImages/QueryJobHistoryForRetiredImages.ps1 ================================================ #!/usr/bin/env pwsh param ( [Parameter(Mandatory = $true)] [string] $accountUrl, [Parameter(Mandatory = $true)] [string] $pat, [Parameter(Mandatory = $false)] [string] $continuationToken ) # Create the VSTS auth header $base64authinfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$pat")) $vstsAuthHeader = @{"Authorization"="Basic $base64authinfo"} $allHeaders = $vstsAuthHeader + @{"Content-Type"="application/json"; "Accept"="application/json"} # List of deprecated images [string[]] $deprecatedImages = 'macOS-10.15', 'macOS 10.15', 'MacOS 1015', 'MacOS-1015', 'Ubuntu18', 'ubuntu-18.04', 'Ubuntu20', 'ubuntu-20.04', 'ubuntu 20.04', 'VS2017', 'vs2017 win2016', 'vs2017-win2016', 'windows-2016-vs2017', 'windows-2019', 'windows-2019-vs2019' try { $result = Invoke-WebRequest -Headers $allHeaders -Method GET "$accountUrl/_apis/DistributedTask/pools?api-version=6.1-preview" if ($result.StatusCode -ne 200) { Write-Output $result.Content throw "Failed to query pools" } $resultJson = ConvertFrom-Json $result.Content $azurePipelinesPoolId = 0 foreach($pool in $resultJson.value) { if ($pool.name -eq "Azure Pipelines") { $azurePipelinesPoolId = $pool.id break } } if ($azurePipelinesPoolId -eq 0) { throw "Failed to find Azure Pipelines pool" } Write-Host ("Azure Pipelines Pool Id: " + $azurePipelinesPoolId + "`n") $msg = 'Query next 200 jobs? (y/n)' $response = 'y' $hashJobsToDef = @{} do { if ($response -eq 'y') { Write-Output ("Querying next 200 jobs with continuation token:`n" + $continuationToken + "`n") if (!$continuationToken) { $result = Invoke-WebRequest -Headers $allHeaders -Method GET "$accountUrl/_apis/DistributedTask/pools/$($azurePipelinesPoolId)/jobrequests?api-version=5.0-preview&`$top=200" } else { $result = Invoke-WebRequest -Headers $allHeaders -Method GET "$accountUrl/_apis/DistributedTask/pools/$($azurePipelinesPoolId)/jobrequests?api-version=5.0-preview&`$top=200&continuationToken=$($continuationToken)" } if ($result.StatusCode -ne 200) { Write-Output $result.Content throw "Failed to query jobs" } $continuationToken = $result.Headers.'X-MS-ContinuationToken' $resultJson = ConvertFrom-Json $result.Content if ($resultJson.value.count -eq 0) { $response = 'n' Write-Output "Done`n" Write-Output "List of definitions targetting deprecated images:`n" Write-Output $hashJobsToDef } else { foreach($job in $resultJson.value) { if ($job.agentSpecification -and $job.agentSpecification.VMImage -and ($job.agentSpecification.VMImage -imatch ($deprecatedImages -join '|'))) { $hashJobsToDef[$job.definition.name] = $job.definition._links.web.href } } Write-Output "Current list of definitions targetting deprecated images:`n" Write-Output $hashJobsToDef Write-Output "`n" $response = Read-Host -Prompt $msg } } } until ($response -eq 'n') } catch { throw "Failed to query jobs: $_" } ================================================ FILE: tools/FindPipelinesUsingRetiredImages/readme.md ================================================ # Finding Pipelines Targeting Retired Images The scripts in this directory are intended to help customers identify Pipelines that depend on deprecated images. Customers can then navigate to and update those Pipelines. ## QueryJobHistoryForRetiredImages.ps1 usage: `.\QueryJobHistoryForRetiredImages.ps1 ` or optionally, you can pass in a continuation token from a previous run in case you need to pick up where you left off: `.\QueryJobHistoryForRetiredImages.ps1 ` This script will query the "Azure Pipelines" Agent Pool's Job History and output unique Pipelines that targeted any of the retired images. It will query the jobs 200 at a time, as this is the REST API query limit, and prompt for continuation. This is to avoid account throttling in case of a large job history. It will output the current list of distinct Pipelines each iteration, with the URL to edit that Pipeline. It will also output once it has reached the end of the job history.