Moves token security closest to the location where the token enters t… (#194)

jessehouwing · web-flow · commit ff6cc825dbaf · 2023-10-18T14:21:58.000+02:00
* Moves token security closest to the location where the token enters the task

* Update id-token-generator.ts
diff --git a/Tasks/TerraformTask/TerraformTaskV4/src/azure-terraform-command-handler.ts b/Tasks/TerraformTask/TerraformTaskV4/src/azure-terraform-command-handler.ts
@@ -37,7 +37,6 @@ export class TerraformCommandHandlerAzureRM extends BaseTerraformCommandHandler
                 var workloadIdentityFederationCredentials = await this.getWorkloadIdentityFederationCredentials(backendServiceName);
                 this.backendConfig.set('client_id', workloadIdentityFederationCredentials.servicePrincipalId);
                 this.backendConfig.set('oidc_token', workloadIdentityFederationCredentials.idToken);
-                console.log('##vso[task.setsecret]' + workloadIdentityFederationCredentials.idToken);
                 this.backendConfig.set('use_oidc', 'true');
                 break;
             
@@ -148,4 +147,4 @@ enum AuthorizationScheme {
     ServicePrincipal = "serviceprincipal",
     ManagedServiceIdentity = "managedserviceidentity",
     WorkloadIdentityFederation = "workloadidentityfederation"   
-}
+}
diff --git a/Tasks/TerraformTask/TerraformTaskV4/src/id-token-generator.ts b/Tasks/TerraformTask/TerraformTaskV4/src/id-token-generator.ts
@@ -11,6 +11,8 @@ export interface ITokenGenerator {
 
 export class TokenGenerator implements ITokenGenerator {
     public async generate(connectedService : string): Promise<string> {
-        return await getFederatedToken(connectedService);
+        const token = await getFederatedToken(connectedService);
+        console.log('##vso[task.setsecret]' + token);
+        return token;
     }
-}
+}
