Skip to content

PAT Migration: dn-bot-dnceng-public-build-r (telemetry) #6489

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
missymessa wants to merge 5 commits into
base: main
Choose a base branch
from
Open

PAT Migration: dn-bot-dnceng-public-build-r (telemetry) #6489

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ccd03a1
PAT Migration: dn-bot-dnceng-build-r (telemetry)
missymessa Mar 18, 2026
17cb36a
Merge branch 'main' of https://github.com/dotnet/dnceng
missymessa Mar 19, 2026
60997b5
PAT Migration: dn-bot-dnceng-public-build-r (telemetry) AB#10138
missymessa Mar 31, 2026
64ecf7c
Resolve merge conflict in telemetry-secrets.yaml
missymessa Mar 31, 2026
61b536c
Merge branch 'main' into missymessa-10138
missymessa Apr 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 5 additions & 7 deletions .vault-config/shared/telemetry-secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
## DEPRECATED — Migrated to Managed Identity (telemetry-service-identity) in AB#10138.
## The telemetry service now uses Entra bearer tokens for dnceng-public.
## Remove this entry and the corresponding Key Vault secrets after production validation.
dn-bot-dnceng-public-build-r:
type: azure-devops-access-token
type: text
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
organizations: dnceng-public
scopes: build
description: "DEPRECATED: replaced by telemetry-service-identity MI (AB#10138)"
29 changes: 29 additions & 0 deletions src/Telemetry/AzureDevOpsClient.PostDeploymentTests/TelemetryManagedIdentityTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,35 @@ public async Task ManagedIdentity_CanListBuilds_FromDncengInternal()
}
}

/// <summary>
/// Validates that the Managed Identity can acquire a bearer token for
/// Azure DevOps and successfully list builds from dnceng-public/public.
/// </summary>
[Test]
public async Task ManagedIdentity_CanListBuilds_FromDncengPublic()
{
var options = new AzureDevOpsClientOptions
{
Organization = "dnceng-public",
ManagedIdentityClientId = "placeholder-activates-bearer-path",
MaxParallelRequests = 1,
};

var client = new AzureDevOpsClient(options, _logger, new SimpleHttpClientFactory(), _credential);

var builds = await client.ListBuilds("public", CancellationToken.None, limit: 3);

Assert.That(builds, Is.Not.Null);
Assert.That(builds.Length, Is.GreaterThan(0),
"Expected at least one build from dnceng-public/public using bearer token auth");

TestContext.Out.WriteLine($"Retrieved {builds.Length} build(s) from dnceng-public via Managed Identity:");
foreach (var build in builds)
{
TestContext.Out.WriteLine($" Build #{build.Id} — {build.Definition?.Name} — {build.Status}");
}
}

/// <summary>
/// Validates that the Managed Identity can read build timeline data,
/// which is the core operation the telemetry service performs.
Expand Down
3 changes: 3 additions & 0 deletions src/Telemetry/AzureDevOpsTimeline/.config/settings.Production.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@
"AzureDevOpsSettings": {
"dnceng": {
"ManagedIdentityClientId": "13eb78dc-2e79-4ae1-afbf-f95c5b1d2a4c"
},
"dnceng-public": {
"ManagedIdentityClientId": "13eb78dc-2e79-4ae1-afbf-f95c5b1d2a4c"
}
},
"KustoTimelineTelemetry": {
Expand Down
3 changes: 3 additions & 0 deletions src/Telemetry/AzureDevOpsTimeline/.config/settings.Staging.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@
"AzureDevOpsSettings": {
"dnceng": {
"ManagedIdentityClientId": "c05abe9e-b183-4c19-a7c3-6512f976548f"
},
"dnceng-public": {
"ManagedIdentityClientId": "c05abe9e-b183-4c19-a7c3-6512f976548f"
}
},
"KustoTimelineTelemetry": {
Expand Down
1 change: 0 additions & 1 deletion src/Telemetry/AzureDevOpsTimeline/.config/settings.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@
},
"dnceng-public": {
"Organization": "dnceng-public",
"AccessToken": "[vault(dn-bot-dnceng-public-build-r]",
"MaxParallelRequests": 4
}
}
Expand Down