From 45b7ed65d14db06dfa3d2b0a4fa9fb252ecd3408 Mon Sep 17 00:00:00 2001 From: Tauhid Anjum Date: Tue, 8 Jun 2021 16:26:13 +0530 Subject: [PATCH] Encode only when decode is true (#14946) --- Tasks/AzureKeyVaultV2/Tests/L0.ts | 2 +- Tasks/AzureKeyVaultV2/Tests/downloadSelectedSecrets.ts | 1 + Tasks/AzureKeyVaultV2/operations/KeyVault.ts | 9 +++++++-- Tasks/AzureKeyVaultV2/task.json | 2 +- Tasks/AzureKeyVaultV2/task.loc.json | 2 +- 5 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Tasks/AzureKeyVaultV2/Tests/L0.ts b/Tasks/AzureKeyVaultV2/Tests/L0.ts index d67c10aa04aa..0c698ce8f291 100644 --- a/Tasks/AzureKeyVaultV2/Tests/L0.ts +++ b/Tasks/AzureKeyVaultV2/Tests/L0.ts @@ -67,7 +67,7 @@ describe('Azure Key Vault', function () { assert(tr.stdout.indexOf("##vso[task.setvariable variable=secret2;issecret=true;]secret2-value") > 0, "##vso[task.setvariable variable=secret2;issecret=true;]secret2-value"); assert(tr.stdout.indexOf("##vso[task.setvariable variable=secret3;issecret=true;]secret3/versionIdentifierGuid-value") > 0, "##vso[task.setvariable variable=secret3;issecret=true;]secret3/versionIdentifierGuid-value"); assert(tr.stdout.indexOf("##vso[task.setvariable variable=secret3/versionIdentifierGuid;issecret=true;]secret3/versionIdentifierGuid-value") > 0, "##vso[task.setvariable variable=secret3/versionIdentifierGuid;issecret=true;]secret3/versionIdentifierGuid-value"); - assert(tr.stdout.indexOf("##vso[task.setvariable variable=secret5_%AZP253B;issecret=true;]secret5_%AZP253B-value") > 0, "##vso[task.setvariable variable=secret5_%AZP253B;issecret=true;]secret5_%AZP253B-value"); + assert(tr.stdout.indexOf("##vso[task.setvariable variable=secret5_%3B;issecret=true;]secret5_%3B-value") > 0, "##vso[task.setvariable variable=secret5_%3B;issecret=true;]secret5_%3B-value"); assert(tr.stdout.indexOf("##vso[task.setvariable variable=secret4;issecret=true;]secret4-value") < 0, "secret4 value should not be set"); diff --git a/Tasks/AzureKeyVaultV2/Tests/downloadSelectedSecrets.ts b/Tasks/AzureKeyVaultV2/Tests/downloadSelectedSecrets.ts index bdfc54f7c210..df7f0a60ba92 100644 --- a/Tasks/AzureKeyVaultV2/Tests/downloadSelectedSecrets.ts +++ b/Tasks/AzureKeyVaultV2/Tests/downloadSelectedSecrets.ts @@ -24,6 +24,7 @@ process.env["ENDPOINT_DATA_AzureRMSpn_AzureKeyVaultServiceEndpointResourceId"] = process.env["ENDPOINT_URL_AzureRMSpn"] = "https://management.azure.com/"; process.env["SYSTEM_DEFAULTWORKINGDIRECTORY"] = "C:\\a\\w\\"; process.env["AGENT_TEMPDIRECTORY"] = process.cwd(); +process.env["DECODE_PERCENTS"] = "false"; tr.registerMock('azure-pipelines-task-lib/toolrunner', require('azure-pipelines-task-lib/mock-toolrunner')); tr.registerMock('./azure-arm-keyvault', require('./mock_node_modules/azure-arm-keyvault')); diff --git a/Tasks/AzureKeyVaultV2/operations/KeyVault.ts b/Tasks/AzureKeyVaultV2/operations/KeyVault.ts index 142d598b083e..4da7616ff039 100644 --- a/Tasks/AzureKeyVaultV2/operations/KeyVault.ts +++ b/Tasks/AzureKeyVaultV2/operations/KeyVault.ts @@ -6,6 +6,8 @@ import tl = require("azure-pipelines-task-lib/task"); import * as path from 'path'; import * as fs from 'fs'; +const DECODE_PERCENTS = "DECODE_PERCENTS"; + export class SecretsToErrorsMapping { public errorsMap: { [key: string]: string; }; @@ -193,8 +195,11 @@ export class KeyVault { } // Encode percent explicitely as the task lib does not encode % to %AZP25 as of now. - secretName = secretName.replace(/%/g, '%AZP25'); - secretValue = secretValue.replace(/%/g, '%AZP25'); + let decodePercents = tl.getVariable(DECODE_PERCENTS); + if (decodePercents && decodePercents.toUpperCase() === "TRUE") { + secretName = secretName.replace(/%/g, '%AZP25'); + secretValue = secretValue.replace(/%/g, '%AZP25'); + } // Support multiple stages using different key vaults with the same secret name but with different version identifiers let secretNameWithoutVersion = secretName.split("/")[0]; diff --git a/Tasks/AzureKeyVaultV2/task.json b/Tasks/AzureKeyVaultV2/task.json index d1591619ac69..53632b85cdfe 100644 --- a/Tasks/AzureKeyVaultV2/task.json +++ b/Tasks/AzureKeyVaultV2/task.json @@ -14,7 +14,7 @@ "author": "Microsoft Corporation", "version": { "Major": 2, - "Minor": 186, + "Minor": 189, "Patch": 0 }, "demands": [], diff --git a/Tasks/AzureKeyVaultV2/task.loc.json b/Tasks/AzureKeyVaultV2/task.loc.json index 5226b213c943..20fe6bb711d1 100644 --- a/Tasks/AzureKeyVaultV2/task.loc.json +++ b/Tasks/AzureKeyVaultV2/task.loc.json @@ -14,7 +14,7 @@ "author": "Microsoft Corporation", "version": { "Major": 2, - "Minor": 186, + "Minor": 189, "Patch": 0 }, "demands": [],