[Release 5.2] ESRP federated credential update (move to AME) (#3261)

eng/pipelines/common/templates/steps/esrp-code-signing-step.yml

@@ -17,6 +17,10 @@ parameters:
     type: string
     default: $(artifactDirectory)
 
+  - name: ESRPConnectedServiceName
+    type: string
+    default: $(ESRPConnectedServiceName)
+
   - name: appRegistrationClientId
     type: string
     default: $(appRegistrationClientId)
@@ -25,29 +29,42 @@ parameters:
     type: string
     default: $(appRegistrationTenantId)
 
+  - name: AuthAKVName
+    type: string
+    default: $(AuthAKVName)
+
+  - name: AuthSignCertName
+    type: string
+    default: $(AuthSignCertName)
+
+  - name: EsrpClientId
+    type: string
+    default: $(EsrpClientId)
+
 steps:
 - ${{ if eq(parameters.artifactType, 'dll') }}:
   - task: EsrpMalwareScanning@5
     displayName: 'ESRP MalwareScanning'
     inputs:
-      ConnectedServiceName: 'ESRP Workload Identity federation service-ADO.Net'
+      ConnectedServiceName: '${{parameters.ESRPConnectedServiceName }}'
       AppRegistrationClientId: '${{parameters.appRegistrationClientId }}'
       AppRegistrationTenantId: '${{parameters.appRegistrationTenantId }}'
-      AuthAKVName: SqlClientDrivers
-      AuthCertName: 'ESRP-Release-Auth'
+      EsrpClientId: '${{parameters.EsrpClientId }}'
+      UseMSIAuthentication: true
       FolderPath: '${{parameters.sourceRoot }}'
       Pattern: '*.dll'
       CleanupTempStorage: 1
       VerboseLogin: 1
   - task: EsrpCodeSigning@5
     displayName: 'ESRP CodeSigning'
     inputs:
-      ConnectedServiceName: 'ESRP Workload Identity federation service-ADO.Net'
+      ConnectedServiceName: '${{parameters.ESRPConnectedServiceName }}'
       AppRegistrationClientId: '${{parameters.appRegistrationClientId }}'
       AppRegistrationTenantId: '${{parameters.appRegistrationTenantId }}'
-      AuthAKVName: SqlClientDrivers
-      AuthCertName: 'ESRP-Release-Auth'
-      AuthSignCertName: 'ESRP-Release-Sign2'
+      EsrpClientId: '${{parameters.EsrpClientId }}'
+      UseMSIAuthentication: true
+      AuthAKVName: '${{parameters.AuthAKVName }}'
+      AuthSignCertName: '${{parameters.AuthSignCertName }}'
       FolderPath: '${{parameters.sourceRoot }}'
       Pattern: '*.dll'
       signConfigType: inlineSignParams
@@ -94,24 +111,25 @@ steps:
   - task: EsrpMalwareScanning@5
     displayName: 'ESRP MalwareScanning Nuget Package'
     inputs:
-      ConnectedServiceName: 'ESRP Workload Identity federation service-ADO.Net'
+      ConnectedServiceName: '${{parameters.ESRPConnectedServiceName }}'
       AppRegistrationClientId: '${{parameters.appRegistrationClientId }}'
       AppRegistrationTenantId: '${{parameters.appRegistrationTenantId }}'
-      AuthAKVName: SqlClientDrivers
-      AuthCertName: 'ESRP-Release-Auth'
+      EsrpClientId: '${{parameters.EsrpClientId }}'
+      UseMSIAuthentication: true
       FolderPath: '${{parameters.artifactDirectory }}'
       Pattern: '*.*nupkg'
       CleanupTempStorage: 1
       VerboseLogin: 1
   - task: EsrpCodeSigning@5
     displayName: 'ESRP CodeSigning Nuget Package'
     inputs:
-      ConnectedServiceName: 'ESRP Workload Identity federation service-ADO.Net'
+      ConnectedServiceName: '${{parameters.ESRPConnectedServiceName }}'
       AppRegistrationClientId: '${{parameters.appRegistrationClientId }}'
       AppRegistrationTenantId: '${{parameters.appRegistrationTenantId }}'
-      AuthAKVName: SqlClientDrivers
-      AuthCertName: 'ESRP-Release-Auth'
-      AuthSignCertName: 'ESRP-Release-Sign2'
+      EsrpClientId: '${{parameters.EsrpClientId }}'
+      UseMSIAuthentication: true
+      AuthAKVName: '${{parameters.AuthAKVName }}'
+      AuthSignCertName: '${{parameters.AuthSignCertName }}'
       FolderPath: '${{parameters.artifactDirectory }}'
       Pattern: '*.*nupkg'
       signConfigType: inlineSignParams

eng/pipelines/libraries/common-variables.yml

@@ -5,6 +5,14 @@
 #################################################################################
 
 variables:
+  - group: ESRP Federated Creds (AME)
+    # ESRPConnectedServiceName
+    # ESRPClientId
+    # AppRegistrationClientId
+    # AppRegistrationTenantId
+    # AuthAKVName
+    # AuthSignCertName
+
   - name: Configuration
     value: Release
   - name: CommitHead
@@ -17,7 +25,3 @@ variables:
     value: $(REPOROOT)/symbols
   - name: artifactDirectory
     value: '$(REPOROOT)/packages'
-  - name: appRegistrationClientId
-    value: 'a0d18a38-fde1-4ba7-92e1-15be16cb6a8e'
-  - name: appRegistrationTenantId
-    value: '72f988bf-86f1-41af-91ab-2d7cd011db47'