Add Azure Login support for connecting to cloud orgs

Fixes #243

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/igoravl/TfsCmdlets/issues/243?shareId=XXXX-XXXX-XXXX-XXXX).

Author: igoravl

CSharp/TfsCmdlets.SourceGenerators/Generators/Cmdlets/Generator.cs

@@ -6,5 +6,29 @@ namespace TfsCmdlets.SourceGenerators.Generators.Cmdlets
     public class CmdletGenerator : BaseGenerator<Filter, TypeProcessor>
     {
         protected override string GeneratorName => nameof(CmdletGenerator);
+
+        protected override void GenerateCmdletParameters(CmdletInfo cmdletInfo)
+        {
+            base.GenerateCmdletParameters(cmdletInfo);
+
+            if (cmdletInfo.Name.StartsWith("Connect-"))
+            {
+                cmdletInfo.Parameters.Add(new CmdletParameter
+                {
+                    Name = "AzCli",
+                    Type = "SwitchParameter",
+                    Mandatory = false,
+                    Position = -1
+                });
+
+                cmdletInfo.Parameters.Add(new CmdletParameter
+                {
+                    Name = "UseMSI",
+                    Type = "SwitchParameter",
+                    Mandatory = false,
+                    Position = -1
+                });
+            }
+        }
     }
-}
+}

CSharp/TfsCmdlets/Cmdlets/Credential/NewCredential.cs

@@ -1,4 +1,4 @@
-using System.Management.Automation;
+using System.Management.Automation;
 using Microsoft.VisualStudio.Services.Common;
 using System.Net;
 using Microsoft.VisualStudio.Services.Client;
@@ -19,6 +19,18 @@ partial class NewCredential
         /// </summary>
         [Parameter(Position = 0, Mandatory = true)]
         public Uri Url { get; set; }
+
+        /// <summary>
+        /// Specifies that the credentials should be obtained from the currently logged in Azure CLI user.
+        /// </summary>
+        [Parameter(Mandatory = false)]
+        public SwitchParameter AzCli { get; set; }
+
+        /// <summary>
+        /// Specifies that the credentials should be obtained from the Azure Managed Identity present in the current script context.
+        /// </summary>
+        [Parameter(Mandatory = false)]
+        public SwitchParameter UseMSI { get; set; }
     }
 
     [CmdletController(typeof(VssCredentials), CustomCmdletName = "NewCredential")]
@@ -27,6 +39,9 @@ partial class GetCredentialController
         [Import]
         private IInteractiveAuthentication InteractiveAuthentication { get; }
 
+        [Import]
+        private IAzCliAuthentication AzCliAuthentication { get; }
+
         protected override IEnumerable Run()
         {
             var connectionMode = ConnectionMode.CachedCredentials;
@@ -39,6 +54,10 @@ protected override IEnumerable Run()
                 connectionMode = ConnectionMode.AccessToken;
             else if (Interactive)
                 connectionMode = ConnectionMode.Interactive;
+            else if (AzCli)
+                connectionMode = ConnectionMode.AzCli;
+            else if (UseMSI)
+                connectionMode = ConnectionMode.UseMSI;
 
             NetworkCredential netCred = null;
 
@@ -124,6 +143,24 @@ protected override IEnumerable Run()
                         throw new Exception("Interactive authentication is not supported for TFS / Azure DevOps Server in PowerShell Core. Please use either a username/password credential or a Personal Access Token.");
                     }
 
+                case ConnectionMode.AzCli:
+                    {
+                        Logger.Log("Using Azure CLI credential");
+
+                        yield return new VssCredentials(
+                            new VssOAuthAccessTokenCredential(AzCliAuthentication.GetToken(Url)));
+                        break;
+                    }
+
+                case ConnectionMode.UseMSI:
+                    {
+                        Logger.Log("Using Managed Identity credential");
+
+                        yield return new VssCredentials(
+                            new VssOAuthAccessTokenCredential(AzCliAuthentication.GetToken(Url, useMsi: true)));
+                        break;
+                    }
+
                 default:
                     {
                         throw new Exception($"Invalid parameter set '{connectionMode}'");
@@ -150,7 +187,9 @@ private enum ConnectionMode
             CredentialObject,
             UserNamePassword,
             AccessToken,
-            Interactive
+            Interactive,
+            AzCli,
+            UseMSI
         }
     }
-}
+}

CSharp/TfsCmdlets/Cmdlets/Organization/ConnectOrganization.cs

@@ -47,5 +47,17 @@ partial class ConnectOrganization
         [Alias("Collection")]
         [ValidateNotNull]
         public object Organization { get; set; }
+
+        /// <summary>
+        /// Specifies that the credentials should be obtained from the currently logged in Azure CLI user.
+        /// </summary>
+        [Parameter(Mandatory = false)]
+        public SwitchParameter AzCli { get; set; }
+
+        /// <summary>
+        /// Specifies that the credentials should be obtained from the Azure Managed Identity present in the current script context.
+        /// </summary>
+        [Parameter(Mandatory = false)]
+        public SwitchParameter UseMSI { get; set; }
     }
-}
+}

CSharp/TfsCmdlets/Cmdlets/Team/ConnectTeam.cs

@@ -17,6 +17,18 @@ partial class ConnectTeam
         [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true)]
         [ValidateNotNull()]
         public object Team { get; set; }
+
+        /// <summary>
+        /// Specifies that the credentials should be obtained from the currently logged in Azure CLI user.
+        /// </summary>
+        [Parameter(Mandatory = false)]
+        public SwitchParameter AzCli { get; set; }
+
+        /// <summary>
+        /// Specifies that the credentials should be obtained from the Azure Managed Identity present in the current script context.
+        /// </summary>
+        [Parameter(Mandatory = false)]
+        public SwitchParameter UseMSI { get; set; }
     }
 
     [CmdletController(typeof(Models.Team))]
@@ -36,4 +48,4 @@ protected override IEnumerable Run()
             yield return Team;
         }
     }
-}
+}

CSharp/TfsCmdlets/Cmdlets/TeamProject/ConnectTeamProject.cs

@@ -15,6 +15,18 @@ partial class ConnectTeamProject
         [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true)]
         [ValidateNotNull()]
         public object Project { get; set; }
+
+        /// <summary>
+        /// Specifies that the credentials should be obtained from the currently logged in Azure CLI user.
+        /// </summary>
+        [Parameter(Mandatory = false)]
+        public SwitchParameter AzCli { get; set; }
+
+        /// <summary>
+        /// Specifies that the credentials should be obtained from the Azure Managed Identity present in the current script context.
+        /// </summary>
+        [Parameter(Mandatory = false)]
+        public SwitchParameter UseMSI { get; set; }
     }
 
     [CmdletController(typeof(WebApiTeamProject))]
@@ -35,4 +47,4 @@ protected override IEnumerable Run()
         [Import]
         private ICurrentConnections CurrentConnections { get; }
     }
-}
+}

CSharp/TfsCmdlets/Cmdlets/TeamProjectCollection/ConnectTeamProjectCollection.cs

@@ -49,6 +49,18 @@ partial class ConnectTeamProjectCollection
         [Alias("Organization")]
         [ValidateNotNull]
         public object Collection { get; set; }
+
+        /// <summary>
+        /// Specifies that the credentials should be obtained from the currently logged in Azure CLI user.
+        /// </summary>
+        [Parameter(Mandatory = false)]
+        public SwitchParameter AzCli { get; set; }
+
+        /// <summary>
+        /// Specifies that the credentials should be obtained from the Azure Managed Identity present in the current script context.
+        /// </summary>
+        [Parameter(Mandatory = false)]
+        public SwitchParameter UseMSI { get; set; }
     }
 
     [CmdletController(typeof(Connection))]
@@ -57,6 +69,9 @@ partial class ConnectTeamProjectCollectionController
         [Import]
         private ICurrentConnections CurrentConnections { get; }
 
+        [Import]
+        private IAzCliAuthentication AzCliAuthentication { get; }
+
         protected override IEnumerable Run()
         {
             var tpc = Data.GetCollection(new { Collection = Collection ?? Parameters.Get<object>("Organization") });
@@ -75,4 +90,4 @@ protected override IEnumerable Run()
             yield return tpc;
         }
     }
-}
+}

CSharp/TfsCmdlets/Services/IAzCliAuthentication.cs

@@ -0,0 +1,7 @@
+namespace TfsCmdlets.Services
+{
+    public interface IAzCliAuthentication
+    {
+        string GetToken(Uri uri, bool useMsi = false);
+    }
+}

CSharp/TfsCmdlets/Services/Impl/AzCliAuthenticationImpl.cs

@@ -0,0 +1,35 @@
+using System;
+using System.Threading.Tasks;
+using Azure.Core;
+using Azure.Identity;
+
+namespace TfsCmdlets.Services.Impl
+{
+    [Export(typeof(IAzCliAuthentication)), Shared]
+    public class AzCliAuthenticationImpl : IAzCliAuthentication
+    {
+        private const string AzureDevOpsResourceId = "499b84ac-1321-427f-aa17-267ca6975798";
+
+        public string GetToken(Uri uri, bool useMsi = false)
+        {
+            var token = useMsi ? GetMsiTokenAsync().Result : GetAzCliTokenAsync().Result;
+            return token;
+        }
+
+        private async Task<string> GetAzCliTokenAsync()
+        {
+            var credential = new DefaultAzureCredential();
+            var tokenRequestContext = new TokenRequestContext(new[] { $"{AzureDevOpsResourceId}/.default" });
+            var token = await credential.GetTokenAsync(tokenRequestContext);
+            return token.Token;
+        }
+
+        private async Task<string> GetMsiTokenAsync()
+        {
+            var credential = new ManagedIdentityCredential();
+            var tokenRequestContext = new TokenRequestContext(new[] { $"{AzureDevOpsResourceId}/.default" });
+            var token = await credential.GetTokenAsync(tokenRequestContext);
+            return token.Token;
+        }
+    }
+}