Feedback

AlitzelMendez · azure-sdk · commit a8c58f1a492f · 2025-12-09T01:23:33.000Z
diff --git a/eng/common/pipelines/templates/steps/create-apireview.yml b/eng/common/pipelines/templates/steps/create-apireview.yml
@@ -26,9 +26,6 @@ parameters:
   - name: PackageInfoFiles
     type: object
     default: []
-  - name: AzureServiceConnection
-    type: string
-    default: 'APIView prod deployment'
 
 steps:
   # Automatic API review is generated for a package when pipeline runs irrespective of how pipeline gets triggered.
@@ -42,7 +39,7 @@ steps:
 
     - task: AzureCLI@2
       inputs:
-        azureSubscription: ${{ parameters.AzureServiceConnection }}
+        azureSubscription: 'APIView prod deployment'
         scriptType: pscore
         scriptLocation: scriptPath
         scriptPath: ${{ parameters.SourceRootPath }}/eng/common/scripts/Create-APIReview.ps1
diff --git a/eng/common/scripts/Create-APIReview.ps1 b/eng/common/scripts/Create-APIReview.ps1
@@ -23,17 +23,19 @@ Set-StrictMode -Version 3
 . (Join-Path $PSScriptRoot Helpers ApiView-Helpers.ps1)
 
 # Get Bearer token for APIView authentication
+# In Azure DevOps, this uses the service connection's Managed Identity/Service Principal
 function Get-ApiViewBearerToken()
 {
-    $audience = "api://apiview"
     try {
-        $tokenResponse = az account get-access-token --resource $audience --output json 2>$null | ConvertFrom-Json
-        if ($tokenResponse -and $tokenResponse.accessToken) {
-            return $tokenResponse.accessToken
+        $tokenResponse = az account get-access-token --resource "api://apiview" --output json 2>&1
+        if ($LASTEXITCODE -ne 0) {
+            Write-Error "Failed to acquire access token: $tokenResponse"
+            return $null
         }
-        return $null
+        return ($tokenResponse | ConvertFrom-Json).accessToken
     }
     catch {
+        Write-Error "Failed to acquire access token: $($_.Exception.Message)"
         return $null
     }
 }
@@ -99,7 +101,7 @@ function Upload-SourceArtifact($filePath, $apiLabel, $releaseStatus, $packageVer
     $bearerToken = Get-ApiViewBearerToken
     if (-not $bearerToken) {
         Write-Error "Failed to acquire Bearer token for APIView authentication."
-        return 401
+        return [System.Net.HttpStatusCode]::Unauthorized
     }
     
     $headers = @{
@@ -150,7 +152,7 @@ function Upload-ReviewTokenFile($packageName, $apiLabel, $releaseStatus, $review
     $bearerToken = Get-ApiViewBearerToken
     if (-not $bearerToken) {
         Write-Error "Failed to acquire Bearer token for APIView authentication."
-        return 401
+        return [System.Net.HttpStatusCode]::Unauthorized
     }
     
     $headers = @{

Original file line number	Diff line number	Diff line change
`@@ -23,17 +23,19 @@ Set-StrictMode -Version 3`
`23`	`23`	`. (Join-Path $PSScriptRoot Helpers ApiView-Helpers.ps1)`
`24`	`24`
`25`	`25`	`# Get Bearer token for APIView authentication`
	`26`	`+# In Azure DevOps, this uses the service connection's Managed Identity/Service Principal`
`26`	`27`	`function Get-ApiViewBearerToken()`
`27`	`28`	`{`
`28`		`- $audience = "api://apiview"`
`29`	`29`	`try {`
`30`		`- $tokenResponse = az account get-access-token --resource $audience --output json 2>$null \| ConvertFrom-Json`
`31`		`- if ($tokenResponse -and $tokenResponse.accessToken) {`
`32`		`- return $tokenResponse.accessToken`
	`30`	`+ $tokenResponse = az account get-access-token --resource "api://apiview" --output json 2>&1`
	`31`	`+ if ($LASTEXITCODE -ne 0) {`
	`32`	`+ Write-Error "Failed to acquire access token: $tokenResponse"`
	`33`	`+ return $null`
`33`	`34`	`}`
`34`		`- return $null`
	`35`	`+ return ($tokenResponse \| ConvertFrom-Json).accessToken`
`35`	`36`	`}`
`36`	`37`	`catch {`
	`38`	`+ Write-Error "Failed to acquire access token: $($_.Exception.Message)"`
`37`	`39`	`return $null`
`38`	`40`	`}`
`39`	`41`	`}`
`@@ -99,7 +101,7 @@ function Upload-SourceArtifact($filePath, $apiLabel, $releaseStatus, $packageVer`
`99`	`101`	`$bearerToken = Get-ApiViewBearerToken`
`100`	`102`	`if (-not $bearerToken) {`
`101`	`103`	`Write-Error "Failed to acquire Bearer token for APIView authentication."`
`102`		`- return 401`
	`104`	`+ return [System.Net.HttpStatusCode]::Unauthorized`
`103`	`105`	`}`
`104`	`106`
`105`	`107`	`$headers = @{`
`@@ -150,7 +152,7 @@ function Upload-ReviewTokenFile($packageName, $apiLabel, $releaseStatus, $review`
`150`	`152`	`$bearerToken = Get-ApiViewBearerToken`
`151`	`153`	`if (-not $bearerToken) {`
`152`	`154`	`Write-Error "Failed to acquire Bearer token for APIView authentication."`
`153`		`- return 401`
	`155`	`+ return [System.Net.HttpStatusCode]::Unauthorized`
`154`	`156`	`}`
`155`	`157`
`156`	`158`	`$headers = @{`