Merge dev into master (#2090)

Bump Microsoft.IO.RecyclableMemoryStream from 3.0.0 to 3.0.1 (#2085)

Make docs permissions pipeline 1ES compliant (#2084)

Bump Microsoft.OpenApi from 1.6.14 to 1.6.15 (#2087)

Bump Microsoft.OpenApi.Readers from 1.6.14 to 1.6.15 (#2088)

Task: Use managed identities to access the blob (#2089)

CodeSnippetsReflection.OpenAPI/CodeSnippetsReflection.OpenAPI.csproj

@@ -7,7 +7,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.ApplicationInsights" Version="2.22.0" />
-    <PackageReference Include="Microsoft.OpenApi.Readers" Version="1.6.14" />
+    <PackageReference Include="Microsoft.OpenApi.Readers" Version="1.6.15" />
     <PackageReference Include="System.Text.Json" Version="8.0.3" />
   </ItemGroup>
 

FileService/FileService.csproj

@@ -5,6 +5,8 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Azure.Identity" Version="1.12.0" />
+    <PackageReference Include="Azure.Storage.Blobs" Version="12.20.0" />
     <PackageReference Include="Microsoft.Extensions.Configuration" Version="8.0.0" />
     <PackageReference Include="WindowsAzure.Storage" Version="9.3.3" />
   </ItemGroup>

FileService/Services/AzureBlobStorageUtility.cs

@@ -2,14 +2,15 @@
 //  Copyright (c) Microsoft Corporation.  All Rights Reserved.  Licensed under the MIT License.  See License in the project root for license information.
 // ------------------------------------------------------------------------------------------------------------------------------------------------------
 
+using Azure.Identity;
 using FileService.Common;
 using FileService.Interfaces;
 using Microsoft.Extensions.Configuration;
-using Microsoft.WindowsAzure.Storage;
-using Microsoft.WindowsAzure.Storage.Blob;
 using System;
 using System.IO;
 using System.Threading.Tasks;
+using Azure.Storage.Blobs;
+
 
 namespace FileService.Services
 {
@@ -19,13 +20,16 @@ namespace FileService.Services
     public class AzureBlobStorageUtility : IFileUtility
     {
         private readonly IConfiguration _configuration;
-        private readonly string _connectionString;
+        private readonly BlobServiceClient _blobServiceClient;
 
         public AzureBlobStorageUtility(IConfiguration configuration)
         {
             _configuration = configuration
-               ?? throw new ArgumentNullException(nameof(configuration), $"Value cannot be null: { nameof(configuration) }");
-            _connectionString = _configuration["BlobStorage:AzureConnectionString"];
+                   ?? throw new ArgumentNullException(nameof(configuration), $"Value cannot be null: {nameof(configuration)}");
+
+            var managedIdentityCredential = new ManagedIdentityCredential(_configuration["BlobStorage:Identity"]);
+            _blobServiceClient = new BlobServiceClient(new Uri($"https://{_configuration["BlobStorage:AccountName"]}.blob.core.windows.net"), 
+                managedIdentityCredential);
         }
 
         /// <summary>
@@ -40,30 +44,29 @@ public async Task<string> ReadFromFile(string filePathSource)
 
             (var containerName, var blobName) = FileServiceHelper.RetrieveFilePathSourceValues(filePathSource);
 
-            if (CloudStorageAccount.TryParse(_connectionString, out CloudStorageAccount storageAccount))
+            var containerClient = _blobServiceClient.GetBlobContainerClient(containerName);
+
+            if (await containerClient.ExistsAsync())
             {
-                CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
-                CloudBlobContainer container = blobClient.GetContainerReference(containerName);
+                var blobClient = containerClient.GetBlobClient(blobName);
 
-                if (await container.ExistsAsync())
+                if (await blobClient.ExistsAsync())
                 {
-                    CloudBlockBlob blob = container.GetBlockBlobReference(blobName);
-
-                    if (await blob.ExistsAsync())
+                    var response = await blobClient.DownloadAsync();
+                    using (var streamReader = new StreamReader(response.Value.Content))
                     {
-                        return await blob.DownloadTextAsync();
-                    }
-                    else
-                    {
-                        throw new IOException($"The '{blobName}' blob doesn't exist.");
+                        return await streamReader.ReadToEndAsync();
                     }
                 }
                 else
                 {
-                    throw new IOException($"The '{containerName}' container doesn't exist.");
+                    throw new IOException($"The '{blobName}' blob doesn't exist.");
                 }
             }
-
+            else
+            {
+                throw new IOException($"The '{containerName}' container doesn't exist.");
+            }
             throw new IOException("Failed to connect to the blob storage account.");
         }
 

GraphWebApi/appsettings.json

@@ -19,6 +19,8 @@
   },
   "BlobStorage": {
     "AzureConnectionString": "ENTER_AZURE_STORAGE_CONNECTION_STRING",
+    "AccountName": "ENTER_AZURE_STORAGE_ACCOUNT_NAME",
+    "Identity": "ENTER_AZURE_STORAGE_IDENTITY",
     "GithubHost": "https://raw.githubusercontent.com/",
     "RepoName": "/microsoft-graph-devx-content/",
     "Containers": {

OpenAPIService.Test/OpenAPIService.Test.csproj

@@ -27,7 +27,7 @@
     </PackageReference>
       <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="8.0.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="Microsoft.OpenApi" Version="1.6.14" />
+    <PackageReference Include="Microsoft.OpenApi" Version="1.6.15" />
     <PackageReference Include="xunit" Version="2.8.1" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.8.1">
       <PrivateAssets>all</PrivateAssets>

OpenAPIService/OpenAPIService.csproj

@@ -8,11 +8,11 @@
     <PackageReference Include="Humanizer" Version="2.14.1" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="8.0.0" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="8.0.1" />
-    <PackageReference Include="Microsoft.IO.RecyclableMemoryStream" Version="3.0.0" />
+    <PackageReference Include="Microsoft.IO.RecyclableMemoryStream" Version="3.0.1" />
     <PackageReference Include="Microsoft.OData.Edm" Version="7.21.3" />
-    <PackageReference Include="Microsoft.OpenApi" Version="1.6.14" />
+    <PackageReference Include="Microsoft.OpenApi" Version="1.6.15" />
     <PackageReference Include="Microsoft.OpenApi.OData" Version="1.6.6" />
-    <PackageReference Include="Microsoft.OpenApi.Readers" Version="1.6.14" />
+    <PackageReference Include="Microsoft.OpenApi.Readers" Version="1.6.15" />
   </ItemGroup>
 
   <ItemGroup>

pipelines/docs-permissions.yml

@@ -10,99 +10,108 @@ schedules:
     displayName: Every weekday MS Graph docs permissions tables updates
     branches:
       include:
-      - master
+        - master
     always: true
 
 resources:
- repositories:
-   - repository: microsoft-graph-docs
-     type: github
-     endpoint: microsoftgraphdocs
-     name: microsoftgraph/microsoft-graph-docs
-     ref: main
-   - repository: api-doctor
-     type: github
-     endpoint: microsoftgraphdocs
-     name: OneDrive/apidoctor
-     ref: master
-
-pool:
-  vmImage: 'ubuntu-latest'
-
+  repositories:
+    - repository: microsoft-graph-docs
+      type: github
+      endpoint: microsoftgraphdocs
+      name: microsoftgraph/microsoft-graph-docs
+      ref: main
+    - repository: api-doctor
+      type: github
+      endpoint: microsoftgraphdocs
+      name: OneDrive/apidoctor
+      ref: master
+    - repository: 1ESPipelineTemplates
+      type: git
+      name: 1ESPipelineTemplates/1ESPipelineTemplates
+      ref: refs/tags/release
+
 parameters:
   - name: permissionsSourceFilePath
-    default: 'https://raw.githubusercontent.com/microsoftgraph/microsoft-graph-devx-content/master/permissions/new/permissions.json'
-    displayName: 'The file path or URL to permissions in JSON format to be consumed by Kibali'
+    default: "https://raw.githubusercontent.com/microsoftgraph/microsoft-graph-devx-content/master/permissions/new/permissions.json"
+    displayName: "The file path or URL to permissions in JSON format to be consumed by Kibali"
   - name: bootstrappingOnly
     type: boolean
     default: false
-    displayName: 'Only move permissions table in reference document to own file without updating contents of permissions table'
-    
+    displayName: "Only move permissions table in reference document to own file without updating contents of permissions table"
+
 variables:
-  buildConfiguration: 'Release'
-  apidoctorProjects: 'apidoctor/**/*.csproj'
+  buildConfiguration: "Release"
+  apidoctorProjects: "apidoctor/**/*.csproj"
   permissionsSourceFilePath: ${{ parameters.permissionsSourceFilePath }}
   ${{ if eq(parameters.bootstrappingOnly, true) }}:
-    bootstrappingOnly: '--bootstrapping-only'
+    bootstrappingOnly: "--bootstrapping-only"
   ${{ else }}:
-    bootstrappingOnly: ''
-
-steps:
-- checkout: api-doctor
-  displayName: Checkout API Doctor
-  fetchDepth: 1
-  submodules: recursive
-  persistCredentials: true
-
-- checkout: microsoft-graph-docs
-  displayName: Checkout Microsoft Graph docs
-  fetchDepth: 1
-  persistCredentials: true
-
-- pwsh: |
-    # override branch prefix incase the run is manually triggered
-    $branchPrefix = if ($env:BUILD_REASON -eq 'Manual') { "preview-permissions-tables-update" } else { "permissions-tables-update" }
-    Write-Host "##vso[task.setvariable variable=branchPrefix]$branchPrefix"
-    Write-Host "Branch prefix is $branchPrefix"
-  displayName: 'Evaluate branch prefix to use'
-
-- pwsh: |
-    # set commit message to use when there are changes to push
-    $commitMessage = "Update generated permissions tables with build $env:BUILD_BUILDID"
-    Write-Host "##vso[task.setvariable variable=commitMessage]$commitMessage"
-  displayName: 'Set commit message to use'
-
-- template: templates/git-config.yml
-
-- task: UseDotNet@2
-  displayName: 'Install .NET Core SDK 6'
-  inputs:
-    version: 6.x
-
-- task: UseDotNet@2
-  displayName: 'Install .NET Core SDK 8'
-  inputs:
-    version: 8.x
-
-- task: DotNetCoreCLI@2
-  displayName: 'Restore packages for APIDoctor'
-  inputs:
-    command: 'restore'
-    projects: '$(Build.SourcesDirectory)/$(apidoctorProjects)'
-
-- task: DotNetCoreCLI@2
-  displayName: 'Build APIDoctor'
-  inputs:
-    command: 'build'
-    projects: '$(Build.SourcesDirectory)/$(apidoctorProjects)'
-    arguments: '--configuration $(buildConfiguration)'
-
-- pwsh: |
-    $apidoctorPath = (Get-ChildItem $env:BUILD_SOURCESDIRECTORY/apidoctor/ApiDoctor.Console/bin/Release apidoc -Recurse).FullName
-    Write-Host "Path to apidoctor tool: $apidoctorPath"
-    
-    . $apidoctorPath generate-permission-files --ignore-warnings $(bootstrappingOnly) --path . --permissions-source-file $(permissionsSourceFilePath) --git-path "/bin/git"
-  displayName: 'Generate permissions tables'
-  workingDirectory: microsoft-graph-docs
-
-- template: templates/commit-changes.yml
+    bootstrappingOnly: ""
+
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
+  parameters:
+    pool:
+      name: Azure-Pipelines-1ESPT-ExDShared
+      image: windows-2022
+      os: windows
+    customBuildTags:
+      - ES365AIMigrationTooling
+    stages:
+      - stage: Generate permissions tables
+        jobs:
+          - job: "Run API Doctor script"
+            steps:
+              - checkout: api-doctor
+                displayName: Checkout API Doctor
+                fetchDepth: 1
+                submodules: recursive
+                persistCredentials: true
+
+              - checkout: microsoft-graph-docs
+                displayName: Checkout Microsoft Graph docs
+                fetchDepth: 1
+                persistCredentials: true
+
+              - pwsh: |
+                  # override branch prefix incase the run is manually triggered
+                  $branchPrefix = if ($env:BUILD_REASON -eq 'Manual') { "preview-permissions-tables-update" } else { "permissions-tables-update" }
+                  Write-Host "##vso[task.setvariable variable=branchPrefix]$branchPrefix"
+                  Write-Host "Branch prefix is $branchPrefix"
+                displayName: "Evaluate branch prefix to use"
+
+              - pwsh: |
+                  # set commit message to use when there are changes to push
+                  $commitMessage = "Update generated permissions tables with build $env:BUILD_BUILDID"
+                  Write-Host "##vso[task.setvariable variable=commitMessage]$commitMessage"
+                displayName: "Set commit message to use"
+
+              - template: templates/git-config.yml@self
+
+              - task: UseDotNet@2
+                displayName: "Install .NET Core SDK 8"
+                inputs:
+                  version: 8.x
+
+              - task: DotNetCoreCLI@2
+                displayName: "Restore packages for APIDoctor"
+                inputs:
+                  command: "restore"
+                  projects: "$(Build.SourcesDirectory)/$(apidoctorProjects)"
+
+              - task: DotNetCoreCLI@2
+                displayName: "Build APIDoctor"
+                inputs:
+                  command: "build"
+                  projects: "$(Build.SourcesDirectory)/$(apidoctorProjects)"
+                  arguments: "--configuration $(buildConfiguration)"
+
+              - pwsh: |
+                  $apidoctorPath = (Get-ChildItem $env:BUILD_SOURCESDIRECTORY/apidoctor/ApiDoctor.Console/bin/Release apidoc -Recurse).FullName
+                  Write-Host "Path to apidoctor tool: $apidoctorPath"
+
+                  . $apidoctorPath generate-permission-files --ignore-warnings $(bootstrappingOnly) --path . --permissions-source-file $(permissionsSourceFilePath) --git-path "/bin/git"
+                displayName: "Generate permissions tables"
+                workingDirectory: microsoft-graph-docs
+
+              - template: templates/commit-changes.yml@self