@azure/identity 2.0.2-alpha.20220106.1 → 2.0.3-alpha.20220211.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of @azure/identity might be problematic. Click here for more details.
- package/CHANGELOG.md +26 -2
- package/dist/index.js +213 -173
- package/dist/index.js.map +1 -1
- package/dist-esm/src/client/identityClient.js +1 -1
- package/dist-esm/src/client/identityClient.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js +5 -1
- package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js.map +1 -1
- package/dist-esm/src/util/logging.js +4 -0
- package/dist-esm/src/util/logging.js.map +1 -1
- package/package.json +4 -5
package/dist/index.js
CHANGED
|
@@ -2,8 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
|
-
function _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }
|
|
6
|
-
|
|
7
5
|
var msalNode = require('@azure/msal-node');
|
|
8
6
|
var coreTracing = require('@azure/core-tracing');
|
|
9
7
|
var coreClient = require('@azure/core-client');
|
|
@@ -14,17 +12,47 @@ var logger$k = require('@azure/logger');
|
|
|
14
12
|
var msalCommon = require('@azure/msal-common');
|
|
15
13
|
var uuid = require('uuid');
|
|
16
14
|
var fs = require('fs');
|
|
17
|
-
var
|
|
18
|
-
var
|
|
19
|
-
var path = _interopDefault(require('path'));
|
|
15
|
+
var os = require('os');
|
|
16
|
+
var path = require('path');
|
|
20
17
|
var child_process = require('child_process');
|
|
21
|
-
var child_process__default = _interopDefault(child_process);
|
|
22
18
|
var crypto = require('crypto');
|
|
23
19
|
var util = require('util');
|
|
24
|
-
var https =
|
|
25
|
-
var http =
|
|
26
|
-
var open =
|
|
27
|
-
var stoppable =
|
|
20
|
+
var https = require('https');
|
|
21
|
+
var http = require('http');
|
|
22
|
+
var open = require('open');
|
|
23
|
+
var stoppable = require('stoppable');
|
|
24
|
+
|
|
25
|
+
function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
|
|
26
|
+
|
|
27
|
+
function _interopNamespace(e) {
|
|
28
|
+
if (e && e.__esModule) return e;
|
|
29
|
+
var n = Object.create(null);
|
|
30
|
+
if (e) {
|
|
31
|
+
Object.keys(e).forEach(function (k) {
|
|
32
|
+
if (k !== 'default') {
|
|
33
|
+
var d = Object.getOwnPropertyDescriptor(e, k);
|
|
34
|
+
Object.defineProperty(n, k, d.get ? d : {
|
|
35
|
+
enumerable: true,
|
|
36
|
+
get: function () { return e[k]; }
|
|
37
|
+
});
|
|
38
|
+
}
|
|
39
|
+
});
|
|
40
|
+
}
|
|
41
|
+
n["default"] = e;
|
|
42
|
+
return Object.freeze(n);
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
var msalNode__namespace = /*#__PURE__*/_interopNamespace(msalNode);
|
|
46
|
+
var msalCommon__namespace = /*#__PURE__*/_interopNamespace(msalCommon);
|
|
47
|
+
var fs__default = /*#__PURE__*/_interopDefaultLegacy(fs);
|
|
48
|
+
var os__default = /*#__PURE__*/_interopDefaultLegacy(os);
|
|
49
|
+
var path__default = /*#__PURE__*/_interopDefaultLegacy(path);
|
|
50
|
+
var child_process__default = /*#__PURE__*/_interopDefaultLegacy(child_process);
|
|
51
|
+
var child_process__namespace = /*#__PURE__*/_interopNamespace(child_process);
|
|
52
|
+
var https__default = /*#__PURE__*/_interopDefaultLegacy(https);
|
|
53
|
+
var http__default = /*#__PURE__*/_interopDefaultLegacy(http);
|
|
54
|
+
var open__default = /*#__PURE__*/_interopDefaultLegacy(open);
|
|
55
|
+
var stoppable__default = /*#__PURE__*/_interopDefaultLegacy(stoppable);
|
|
28
56
|
|
|
29
57
|
// Copyright (c) Microsoft Corporation.
|
|
30
58
|
// Licensed under the MIT license.
|
|
@@ -171,6 +199,10 @@ const DeveloperSignOnClientId = "04b07795-8ddb-461a-bbee-02f9e1bf7b46";
|
|
|
171
199
|
* @internal
|
|
172
200
|
*/
|
|
173
201
|
const DefaultTenantId = "common";
|
|
202
|
+
/**
|
|
203
|
+
* A list of known Azure authority hosts
|
|
204
|
+
*/
|
|
205
|
+
exports.AzureAuthorityHosts = void 0;
|
|
174
206
|
(function (AzureAuthorityHosts) {
|
|
175
207
|
/**
|
|
176
208
|
* China-based Azure Authority Host
|
|
@@ -241,7 +273,7 @@ async function trace(operationName, options, fn, createSpanFn = createSpan) {
|
|
|
241
273
|
/**
|
|
242
274
|
* The AzureLogger used for all clients within the identity package
|
|
243
275
|
*/
|
|
244
|
-
const logger = logger$k.createClientLogger("identity");
|
|
276
|
+
const logger$j = logger$k.createClientLogger("identity");
|
|
245
277
|
/**
|
|
246
278
|
* Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.
|
|
247
279
|
* @param supportedEnvVars - List of environment variable names
|
|
@@ -281,15 +313,19 @@ function formatError(scope, error) {
|
|
|
281
313
|
* `[title] => [message]`
|
|
282
314
|
*
|
|
283
315
|
*/
|
|
284
|
-
function credentialLoggerInstance(title, parent, log = logger) {
|
|
316
|
+
function credentialLoggerInstance(title, parent, log = logger$j) {
|
|
285
317
|
const fullTitle = parent ? `${parent.fullTitle} ${title}` : title;
|
|
286
318
|
function info(message) {
|
|
287
319
|
log.info(`${fullTitle} =>`, message);
|
|
288
320
|
}
|
|
321
|
+
function warning(message) {
|
|
322
|
+
log.warning(`${fullTitle} =>`, message);
|
|
323
|
+
}
|
|
289
324
|
return {
|
|
290
325
|
title,
|
|
291
326
|
fullTitle,
|
|
292
327
|
info,
|
|
328
|
+
warning,
|
|
293
329
|
};
|
|
294
330
|
}
|
|
295
331
|
/**
|
|
@@ -302,7 +338,7 @@ function credentialLoggerInstance(title, parent, log = logger) {
|
|
|
302
338
|
* `[title] => getToken() => [message]`
|
|
303
339
|
*
|
|
304
340
|
*/
|
|
305
|
-
function credentialLogger(title, log = logger) {
|
|
341
|
+
function credentialLogger(title, log = logger$j) {
|
|
306
342
|
const credLogger = credentialLoggerInstance(title, undefined, log);
|
|
307
343
|
return Object.assign(Object.assign({}, credLogger), { parent: log, getToken: credentialLoggerInstance("=> getToken()", credLogger, log) });
|
|
308
344
|
}
|
|
@@ -332,7 +368,7 @@ function getIdentityClientAuthorityHost(options) {
|
|
|
332
368
|
class IdentityClient extends coreClient.ServiceClient {
|
|
333
369
|
constructor(options) {
|
|
334
370
|
var _a;
|
|
335
|
-
const packageDetails = `azsdk-js-identity/2.0.
|
|
371
|
+
const packageDetails = `azsdk-js-identity/2.0.3`;
|
|
336
372
|
const userAgentPrefix = ((_a = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a === void 0 ? void 0 : _a.userAgentPrefix)
|
|
337
373
|
? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
|
|
338
374
|
: `${packageDetails}`;
|
|
@@ -347,7 +383,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
347
383
|
this.abortControllers = new Map();
|
|
348
384
|
}
|
|
349
385
|
async sendTokenRequest(request, expiresOnParser) {
|
|
350
|
-
logger.info(`IdentityClient: sending token request to [${request.url}]`);
|
|
386
|
+
logger$j.info(`IdentityClient: sending token request to [${request.url}]`);
|
|
351
387
|
const response = await this.sendRequest(request);
|
|
352
388
|
expiresOnParser =
|
|
353
389
|
expiresOnParser ||
|
|
@@ -366,12 +402,12 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
366
402
|
},
|
|
367
403
|
refreshToken: parsedBody.refresh_token,
|
|
368
404
|
};
|
|
369
|
-
logger.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
|
|
405
|
+
logger$j.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
|
|
370
406
|
return token;
|
|
371
407
|
}
|
|
372
408
|
else {
|
|
373
409
|
const error = new AuthenticationError(response.status, response.bodyAsText);
|
|
374
|
-
logger.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
|
|
410
|
+
logger$j.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
|
|
375
411
|
throw error;
|
|
376
412
|
}
|
|
377
413
|
}
|
|
@@ -379,7 +415,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
379
415
|
if (refreshToken === undefined) {
|
|
380
416
|
return null;
|
|
381
417
|
}
|
|
382
|
-
logger.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
|
|
418
|
+
logger$j.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
|
|
383
419
|
const { span, updatedOptions } = createSpan("IdentityClient-refreshAccessToken", options);
|
|
384
420
|
const refreshParams = {
|
|
385
421
|
grant_type: "refresh_token",
|
|
@@ -405,7 +441,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
405
441
|
tracingOptions: updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions,
|
|
406
442
|
});
|
|
407
443
|
const response = await this.sendTokenRequest(request, expiresOnParser);
|
|
408
|
-
logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
|
|
444
|
+
logger$j.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
|
|
409
445
|
return response;
|
|
410
446
|
}
|
|
411
447
|
catch (err) {
|
|
@@ -414,7 +450,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
414
450
|
// It's likely that the refresh token has expired, so
|
|
415
451
|
// return null so that the credential implementation will
|
|
416
452
|
// initiate the authentication flow again.
|
|
417
|
-
logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);
|
|
453
|
+
logger$j.info(`IdentityClient: interaction required for client ID: ${clientId}`);
|
|
418
454
|
span.setStatus({
|
|
419
455
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
420
456
|
message: err.message,
|
|
@@ -422,7 +458,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
422
458
|
return null;
|
|
423
459
|
}
|
|
424
460
|
else {
|
|
425
|
-
logger.warning(`IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`);
|
|
461
|
+
logger$j.warning(`IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`);
|
|
426
462
|
span.setStatus({
|
|
427
463
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
428
464
|
message: err.message,
|
|
@@ -595,16 +631,16 @@ const defaultLoggerCallback = (logger, platform = coreUtil.isNode ? "Node" : "Br
|
|
|
595
631
|
return;
|
|
596
632
|
}
|
|
597
633
|
switch (level) {
|
|
598
|
-
case
|
|
634
|
+
case msalCommon__namespace.LogLevel.Error:
|
|
599
635
|
logger.info(`MSAL ${platform} V2 error: ${message}`);
|
|
600
636
|
return;
|
|
601
|
-
case
|
|
637
|
+
case msalCommon__namespace.LogLevel.Info:
|
|
602
638
|
logger.info(`MSAL ${platform} V2 info message: ${message}`);
|
|
603
639
|
return;
|
|
604
|
-
case
|
|
640
|
+
case msalCommon__namespace.LogLevel.Verbose:
|
|
605
641
|
logger.info(`MSAL ${platform} V2 verbose message: ${message}`);
|
|
606
642
|
return;
|
|
607
|
-
case
|
|
643
|
+
case msalCommon__namespace.LogLevel.Warning:
|
|
608
644
|
logger.info(`MSAL ${platform} V2 warning: ${message}`);
|
|
609
645
|
return;
|
|
610
646
|
}
|
|
@@ -977,12 +1013,12 @@ class MsalNode extends MsalBaseUtilities {
|
|
|
977
1013
|
cachePlugin: await this.createCachePlugin(),
|
|
978
1014
|
};
|
|
979
1015
|
}
|
|
980
|
-
this.publicApp = new
|
|
1016
|
+
this.publicApp = new msalNode__namespace.PublicClientApplication(this.msalConfig);
|
|
981
1017
|
// The confidential client requires either a secret, assertion or certificate.
|
|
982
1018
|
if (this.msalConfig.auth.clientSecret ||
|
|
983
1019
|
this.msalConfig.auth.clientAssertion ||
|
|
984
1020
|
this.msalConfig.auth.clientCertificate) {
|
|
985
|
-
this.confidentialApp = new
|
|
1021
|
+
this.confidentialApp = new msalNode__namespace.ConfidentialClientApplication(this.msalConfig);
|
|
986
1022
|
}
|
|
987
1023
|
else {
|
|
988
1024
|
if (this.requiresConfidential) {
|
|
@@ -1096,7 +1132,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
1096
1132
|
// Copyright (c) Microsoft Corporation.
|
|
1097
1133
|
const CommonTenantId = "common";
|
|
1098
1134
|
const AzureAccountClientId = "aebc6443-996d-45c2-90f0-388ff96faa56"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'
|
|
1099
|
-
const logger$
|
|
1135
|
+
const logger$i = credentialLogger("VisualStudioCodeCredential");
|
|
1100
1136
|
let findCredentials = undefined;
|
|
1101
1137
|
const vsCodeCredentialControl = {
|
|
1102
1138
|
setVsCodeCredentialFinder(finder) {
|
|
@@ -1128,10 +1164,10 @@ function getPropertyFromVSCode(property) {
|
|
|
1128
1164
|
const settingsPath = ["User", "settings.json"];
|
|
1129
1165
|
// Eventually we can add more folders for more versions of VSCode.
|
|
1130
1166
|
const vsCodeFolder = "Code";
|
|
1131
|
-
const homedir =
|
|
1167
|
+
const homedir = os__default["default"].homedir();
|
|
1132
1168
|
function loadProperty(...pathSegments) {
|
|
1133
|
-
const fullPath =
|
|
1134
|
-
const settings = JSON.parse(fs__default.readFileSync(fullPath, { encoding: "utf8" }));
|
|
1169
|
+
const fullPath = path__default["default"].join(...pathSegments, vsCodeFolder, ...settingsPath);
|
|
1170
|
+
const settings = JSON.parse(fs__default["default"].readFileSync(fullPath, { encoding: "utf8" }));
|
|
1135
1171
|
return settings[property];
|
|
1136
1172
|
}
|
|
1137
1173
|
try {
|
|
@@ -1149,7 +1185,7 @@ function getPropertyFromVSCode(property) {
|
|
|
1149
1185
|
}
|
|
1150
1186
|
}
|
|
1151
1187
|
catch (e) {
|
|
1152
|
-
logger$
|
|
1188
|
+
logger$i.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);
|
|
1153
1189
|
return;
|
|
1154
1190
|
}
|
|
1155
1191
|
}
|
|
@@ -1177,7 +1213,7 @@ class VisualStudioCodeCredential {
|
|
|
1177
1213
|
const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];
|
|
1178
1214
|
this.identityClient = new IdentityClient(Object.assign({ authorityHost }, options));
|
|
1179
1215
|
if (options && options.tenantId) {
|
|
1180
|
-
checkTenantId(logger$
|
|
1216
|
+
checkTenantId(logger$i, options.tenantId);
|
|
1181
1217
|
this.tenantId = options.tenantId;
|
|
1182
1218
|
}
|
|
1183
1219
|
else {
|
|
@@ -1229,7 +1265,7 @@ class VisualStudioCodeCredential {
|
|
|
1229
1265
|
// Check to make sure the scope we get back is a valid scope
|
|
1230
1266
|
if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {
|
|
1231
1267
|
const error = new Error("Invalid scope was specified by the user or calling client");
|
|
1232
|
-
logger$
|
|
1268
|
+
logger$i.getToken.info(formatError(scopes, error));
|
|
1233
1269
|
throw error;
|
|
1234
1270
|
}
|
|
1235
1271
|
if (scopeString.indexOf("offline_access") < 0) {
|
|
@@ -1249,18 +1285,18 @@ class VisualStudioCodeCredential {
|
|
|
1249
1285
|
if (refreshToken) {
|
|
1250
1286
|
const tokenResponse = await this.identityClient.refreshAccessToken(tenantId, AzureAccountClientId, scopeString, refreshToken, undefined);
|
|
1251
1287
|
if (tokenResponse) {
|
|
1252
|
-
logger$
|
|
1288
|
+
logger$i.getToken.info(formatSuccess(scopes));
|
|
1253
1289
|
return tokenResponse.accessToken;
|
|
1254
1290
|
}
|
|
1255
1291
|
else {
|
|
1256
1292
|
const error = new CredentialUnavailableError("Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.");
|
|
1257
|
-
logger$
|
|
1293
|
+
logger$i.getToken.info(formatError(scopes, error));
|
|
1258
1294
|
throw error;
|
|
1259
1295
|
}
|
|
1260
1296
|
}
|
|
1261
1297
|
else {
|
|
1262
1298
|
const error = new CredentialUnavailableError("Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.");
|
|
1263
|
-
logger$
|
|
1299
|
+
logger$i.getToken.info(formatError(scopes, error));
|
|
1264
1300
|
throw error;
|
|
1265
1301
|
}
|
|
1266
1302
|
}
|
|
@@ -1311,7 +1347,7 @@ function useIdentityPlugin(plugin) {
|
|
|
1311
1347
|
/**
|
|
1312
1348
|
* @internal
|
|
1313
1349
|
*/
|
|
1314
|
-
const logger$
|
|
1350
|
+
const logger$h = credentialLogger("ChainedTokenCredential");
|
|
1315
1351
|
/**
|
|
1316
1352
|
* Enables multiple `TokenCredential` implementations to be tried in order
|
|
1317
1353
|
* until one of the getToken methods returns an access token.
|
|
@@ -1366,7 +1402,7 @@ class ChainedTokenCredential {
|
|
|
1366
1402
|
errors.push(err);
|
|
1367
1403
|
}
|
|
1368
1404
|
else {
|
|
1369
|
-
logger$
|
|
1405
|
+
logger$h.getToken.info(formatError(scopes, err));
|
|
1370
1406
|
throw err;
|
|
1371
1407
|
}
|
|
1372
1408
|
}
|
|
@@ -1377,11 +1413,11 @@ class ChainedTokenCredential {
|
|
|
1377
1413
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
1378
1414
|
message: err.message,
|
|
1379
1415
|
});
|
|
1380
|
-
logger$
|
|
1416
|
+
logger$h.getToken.info(formatError(scopes, err));
|
|
1381
1417
|
throw err;
|
|
1382
1418
|
}
|
|
1383
1419
|
span.end();
|
|
1384
|
-
logger$
|
|
1420
|
+
logger$h.getToken.info(`Result for ${successfulCredentialName}: ${formatSuccess(scopes)}`);
|
|
1385
1421
|
if (token === null) {
|
|
1386
1422
|
throw new CredentialUnavailableError("Failed to retrieve a valid token");
|
|
1387
1423
|
}
|
|
@@ -1441,7 +1477,7 @@ const cliCredentialInternals = {
|
|
|
1441
1477
|
}
|
|
1442
1478
|
return new Promise((resolve, reject) => {
|
|
1443
1479
|
try {
|
|
1444
|
-
child_process__default.execFile("az", [
|
|
1480
|
+
child_process__default["default"].execFile("az", [
|
|
1445
1481
|
"account",
|
|
1446
1482
|
"get-access-token",
|
|
1447
1483
|
"--output",
|
|
@@ -1459,7 +1495,7 @@ const cliCredentialInternals = {
|
|
|
1459
1495
|
});
|
|
1460
1496
|
},
|
|
1461
1497
|
};
|
|
1462
|
-
const logger$
|
|
1498
|
+
const logger$g = credentialLogger("AzureCliCredential");
|
|
1463
1499
|
/**
|
|
1464
1500
|
* This credential will use the currently logged-in user login information
|
|
1465
1501
|
* via the Azure CLI ('az') commandline tool.
|
|
@@ -1489,11 +1525,11 @@ class AzureCliCredential {
|
|
|
1489
1525
|
async getToken(scopes, options) {
|
|
1490
1526
|
const tenantId = processMultiTenantRequest(this.tenantId, options);
|
|
1491
1527
|
if (tenantId) {
|
|
1492
|
-
checkTenantId(logger$
|
|
1528
|
+
checkTenantId(logger$g, tenantId);
|
|
1493
1529
|
}
|
|
1494
1530
|
const scope = typeof scopes === "string" ? scopes : scopes[0];
|
|
1495
|
-
logger$
|
|
1496
|
-
ensureValidScope(scope, logger$
|
|
1531
|
+
logger$g.getToken.info(`Using the scope ${scope}`);
|
|
1532
|
+
ensureValidScope(scope, logger$g);
|
|
1497
1533
|
const resource = getScopeResource(scope);
|
|
1498
1534
|
let responseData = "";
|
|
1499
1535
|
const { span } = createSpan(`${this.constructor.name}.getToken`, options);
|
|
@@ -1504,22 +1540,22 @@ class AzureCliCredential {
|
|
|
1504
1540
|
const isNotInstallError = obj.stderr.match("az:(.*)not found") || obj.stderr.startsWith("'az' is not recognized");
|
|
1505
1541
|
if (isNotInstallError) {
|
|
1506
1542
|
const error = new CredentialUnavailableError("Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
|
|
1507
|
-
logger$
|
|
1543
|
+
logger$g.getToken.info(formatError(scopes, error));
|
|
1508
1544
|
throw error;
|
|
1509
1545
|
}
|
|
1510
1546
|
else if (isLoginError) {
|
|
1511
1547
|
const error = new CredentialUnavailableError("Please run 'az login' from a command prompt to authenticate before using this credential.");
|
|
1512
|
-
logger$
|
|
1548
|
+
logger$g.getToken.info(formatError(scopes, error));
|
|
1513
1549
|
throw error;
|
|
1514
1550
|
}
|
|
1515
1551
|
const error = new CredentialUnavailableError(obj.stderr);
|
|
1516
|
-
logger$
|
|
1552
|
+
logger$g.getToken.info(formatError(scopes, error));
|
|
1517
1553
|
throw error;
|
|
1518
1554
|
}
|
|
1519
1555
|
else {
|
|
1520
1556
|
responseData = obj.stdout;
|
|
1521
1557
|
const response = JSON.parse(responseData);
|
|
1522
|
-
logger$
|
|
1558
|
+
logger$g.getToken.info(formatSuccess(scopes));
|
|
1523
1559
|
const returnValue = {
|
|
1524
1560
|
token: response.accessToken,
|
|
1525
1561
|
expiresOnTimestamp: new Date(response.expiresOn).getTime(),
|
|
@@ -1533,7 +1569,7 @@ class AzureCliCredential {
|
|
|
1533
1569
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
1534
1570
|
message: error.message,
|
|
1535
1571
|
});
|
|
1536
|
-
logger$
|
|
1572
|
+
logger$g.getToken.info(formatError(scopes, error));
|
|
1537
1573
|
throw error;
|
|
1538
1574
|
}
|
|
1539
1575
|
}
|
|
@@ -1551,7 +1587,7 @@ const processUtils = {
|
|
|
1551
1587
|
*/
|
|
1552
1588
|
execFile(file, params, options) {
|
|
1553
1589
|
return new Promise((resolve, reject) => {
|
|
1554
|
-
|
|
1590
|
+
child_process__namespace.execFile(file, params, options, (error, stdout, stderr) => {
|
|
1555
1591
|
if (Buffer.isBuffer(stdout)) {
|
|
1556
1592
|
stdout = stdout.toString("utf8");
|
|
1557
1593
|
}
|
|
@@ -1570,7 +1606,7 @@ const processUtils = {
|
|
|
1570
1606
|
};
|
|
1571
1607
|
|
|
1572
1608
|
// Copyright (c) Microsoft Corporation.
|
|
1573
|
-
const logger$
|
|
1609
|
+
const logger$f = credentialLogger("AzurePowerShellCredential");
|
|
1574
1610
|
const isWindows = process.platform === "win32";
|
|
1575
1611
|
/**
|
|
1576
1612
|
* Returns a platform-appropriate command name by appending ".exe" on Windows.
|
|
@@ -1701,15 +1737,15 @@ class AzurePowerShellCredential {
|
|
|
1701
1737
|
return trace(`${this.constructor.name}.getToken`, options, async () => {
|
|
1702
1738
|
const tenantId = processMultiTenantRequest(this.tenantId, options);
|
|
1703
1739
|
if (tenantId) {
|
|
1704
|
-
checkTenantId(logger$
|
|
1740
|
+
checkTenantId(logger$f, tenantId);
|
|
1705
1741
|
}
|
|
1706
1742
|
const scope = typeof scopes === "string" ? scopes : scopes[0];
|
|
1707
|
-
ensureValidScope(scope, logger$
|
|
1708
|
-
logger$
|
|
1743
|
+
ensureValidScope(scope, logger$f);
|
|
1744
|
+
logger$f.getToken.info(`Using the scope ${scope}`);
|
|
1709
1745
|
const resource = getScopeResource(scope);
|
|
1710
1746
|
try {
|
|
1711
1747
|
const response = await this.getAzurePowerShellAccessToken(resource, tenantId);
|
|
1712
|
-
logger$
|
|
1748
|
+
logger$f.getToken.info(formatSuccess(scopes));
|
|
1713
1749
|
return {
|
|
1714
1750
|
token: response.Token,
|
|
1715
1751
|
expiresOnTimestamp: new Date(response.ExpiresOn).getTime(),
|
|
@@ -1718,16 +1754,16 @@ class AzurePowerShellCredential {
|
|
|
1718
1754
|
catch (err) {
|
|
1719
1755
|
if (isNotInstalledError(err)) {
|
|
1720
1756
|
const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);
|
|
1721
|
-
logger$
|
|
1757
|
+
logger$f.getToken.info(formatError(scope, error));
|
|
1722
1758
|
throw error;
|
|
1723
1759
|
}
|
|
1724
1760
|
else if (isLoginError(err)) {
|
|
1725
1761
|
const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);
|
|
1726
|
-
logger$
|
|
1762
|
+
logger$f.getToken.info(formatError(scope, error));
|
|
1727
1763
|
throw error;
|
|
1728
1764
|
}
|
|
1729
1765
|
const error = new CredentialUnavailableError(`${err}. ${powerShellPublicErrorMessages.troubleshoot}`);
|
|
1730
|
-
logger$
|
|
1766
|
+
logger$f.getToken.info(formatError(scope, error));
|
|
1731
1767
|
throw error;
|
|
1732
1768
|
}
|
|
1733
1769
|
});
|
|
@@ -1765,7 +1801,7 @@ class MsalClientSecret extends MsalNode {
|
|
|
1765
1801
|
}
|
|
1766
1802
|
|
|
1767
1803
|
// Copyright (c) Microsoft Corporation.
|
|
1768
|
-
const logger$
|
|
1804
|
+
const logger$e = credentialLogger("ClientSecretCredential");
|
|
1769
1805
|
/**
|
|
1770
1806
|
* Enables authentication to Azure Active Directory using a client secret
|
|
1771
1807
|
* that was generated for an App Registration. More information on how
|
|
@@ -1789,7 +1825,7 @@ class ClientSecretCredential {
|
|
|
1789
1825
|
if (!tenantId || !clientId || !clientSecret) {
|
|
1790
1826
|
throw new Error("ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.");
|
|
1791
1827
|
}
|
|
1792
|
-
this.msalFlow = new MsalClientSecret(Object.assign(Object.assign({}, options), { logger: logger$
|
|
1828
|
+
this.msalFlow = new MsalClientSecret(Object.assign(Object.assign({}, options), { logger: logger$e,
|
|
1793
1829
|
clientId,
|
|
1794
1830
|
tenantId,
|
|
1795
1831
|
clientSecret, tokenCredentialOptions: options }));
|
|
@@ -1811,7 +1847,7 @@ class ClientSecretCredential {
|
|
|
1811
1847
|
}
|
|
1812
1848
|
|
|
1813
1849
|
// Copyright (c) Microsoft Corporation.
|
|
1814
|
-
const readFileAsync = util.promisify(fs.readFile);
|
|
1850
|
+
const readFileAsync$2 = util.promisify(fs.readFile);
|
|
1815
1851
|
/**
|
|
1816
1852
|
* Tries to asynchronously load a certificate from the given path.
|
|
1817
1853
|
*
|
|
@@ -1823,7 +1859,7 @@ const readFileAsync = util.promisify(fs.readFile);
|
|
|
1823
1859
|
async function parseCertificate(configuration, sendCertificateChain) {
|
|
1824
1860
|
const certificateParts = {};
|
|
1825
1861
|
certificateParts.certificateContents =
|
|
1826
|
-
configuration.certificate || (await readFileAsync(configuration.certificatePath, "utf8"));
|
|
1862
|
+
configuration.certificate || (await readFileAsync$2(configuration.certificatePath, "utf8"));
|
|
1827
1863
|
if (sendCertificateChain) {
|
|
1828
1864
|
certificateParts.x5c = certificateParts.certificateContents;
|
|
1829
1865
|
}
|
|
@@ -1894,8 +1930,8 @@ class MsalClientCertificate extends MsalNode {
|
|
|
1894
1930
|
}
|
|
1895
1931
|
|
|
1896
1932
|
// Copyright (c) Microsoft Corporation.
|
|
1897
|
-
const credentialName = "ClientCertificateCredential";
|
|
1898
|
-
const logger$
|
|
1933
|
+
const credentialName$2 = "ClientCertificateCredential";
|
|
1934
|
+
const logger$d = credentialLogger(credentialName$2);
|
|
1899
1935
|
/**
|
|
1900
1936
|
* Enables authentication to Azure Active Directory using a PEM-encoded
|
|
1901
1937
|
* certificate that is assigned to an App Registration. More information
|
|
@@ -1907,7 +1943,7 @@ const logger$6 = credentialLogger(credentialName);
|
|
|
1907
1943
|
class ClientCertificateCredential {
|
|
1908
1944
|
constructor(tenantId, clientId, certificatePathOrConfiguration, options = {}) {
|
|
1909
1945
|
if (!tenantId || !clientId) {
|
|
1910
|
-
throw new Error(`${credentialName}: tenantId and clientId are required parameters.`);
|
|
1946
|
+
throw new Error(`${credentialName$2}: tenantId and clientId are required parameters.`);
|
|
1911
1947
|
}
|
|
1912
1948
|
const configuration = Object.assign({}, (typeof certificatePathOrConfiguration === "string"
|
|
1913
1949
|
? {
|
|
@@ -1915,13 +1951,13 @@ class ClientCertificateCredential {
|
|
|
1915
1951
|
}
|
|
1916
1952
|
: certificatePathOrConfiguration));
|
|
1917
1953
|
if (!configuration || !(configuration.certificate || configuration.certificatePath)) {
|
|
1918
|
-
throw new Error(`${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
|
|
1954
|
+
throw new Error(`${credentialName$2}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
|
|
1919
1955
|
}
|
|
1920
1956
|
if (configuration.certificate && configuration.certificatePath) {
|
|
1921
|
-
throw new Error(`${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
|
|
1957
|
+
throw new Error(`${credentialName$2}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
|
|
1922
1958
|
}
|
|
1923
1959
|
this.msalFlow = new MsalClientCertificate(Object.assign(Object.assign({}, options), { configuration,
|
|
1924
|
-
logger: logger$
|
|
1960
|
+
logger: logger$d,
|
|
1925
1961
|
clientId,
|
|
1926
1962
|
tenantId, sendCertificateChain: options.sendCertificateChain, tokenCredentialOptions: options }));
|
|
1927
1963
|
}
|
|
@@ -1934,7 +1970,7 @@ class ClientCertificateCredential {
|
|
|
1934
1970
|
* TokenCredential implementation might make.
|
|
1935
1971
|
*/
|
|
1936
1972
|
async getToken(scopes, options = {}) {
|
|
1937
|
-
return trace(`${credentialName}.getToken`, options, async (newOptions) => {
|
|
1973
|
+
return trace(`${credentialName$2}.getToken`, options, async (newOptions) => {
|
|
1938
1974
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
1939
1975
|
return this.msalFlow.getToken(arrayScopes, newOptions);
|
|
1940
1976
|
});
|
|
@@ -1972,7 +2008,7 @@ class MsalUsernamePassword extends MsalNode {
|
|
|
1972
2008
|
}
|
|
1973
2009
|
|
|
1974
2010
|
// Copyright (c) Microsoft Corporation.
|
|
1975
|
-
const logger$
|
|
2011
|
+
const logger$c = credentialLogger("UsernamePasswordCredential");
|
|
1976
2012
|
/**
|
|
1977
2013
|
* Enables authentication to Azure Active Directory with a user's
|
|
1978
2014
|
* username and password. This credential requires a high degree of
|
|
@@ -1995,7 +2031,7 @@ class UsernamePasswordCredential {
|
|
|
1995
2031
|
if (!tenantId || !clientId || !username || !password) {
|
|
1996
2032
|
throw new Error("UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
|
|
1997
2033
|
}
|
|
1998
|
-
this.msalFlow = new MsalUsernamePassword(Object.assign(Object.assign({}, options), { logger: logger$
|
|
2034
|
+
this.msalFlow = new MsalUsernamePassword(Object.assign(Object.assign({}, options), { logger: logger$c,
|
|
1999
2035
|
clientId,
|
|
2000
2036
|
tenantId,
|
|
2001
2037
|
username,
|
|
@@ -2038,7 +2074,7 @@ const AllSupportedEnvironmentVariables = [
|
|
|
2038
2074
|
"AZURE_PASSWORD",
|
|
2039
2075
|
];
|
|
2040
2076
|
const credentialName$1 = "EnvironmentCredential";
|
|
2041
|
-
const logger$
|
|
2077
|
+
const logger$b = credentialLogger(credentialName$1);
|
|
2042
2078
|
/**
|
|
2043
2079
|
* Enables authentication to Azure Active Directory using client secret
|
|
2044
2080
|
* details configured in environment variables
|
|
@@ -2068,26 +2104,26 @@ class EnvironmentCredential {
|
|
|
2068
2104
|
// Keep track of any missing environment variables for error details
|
|
2069
2105
|
this._credential = undefined;
|
|
2070
2106
|
const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(", ");
|
|
2071
|
-
logger$
|
|
2107
|
+
logger$b.info(`Found the following environment variables: ${assigned}`);
|
|
2072
2108
|
const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, clientSecret = process.env.AZURE_CLIENT_SECRET;
|
|
2073
2109
|
if (tenantId) {
|
|
2074
|
-
checkTenantId(logger$
|
|
2110
|
+
checkTenantId(logger$b, tenantId);
|
|
2075
2111
|
}
|
|
2076
2112
|
if (tenantId && clientId && clientSecret) {
|
|
2077
|
-
logger$
|
|
2113
|
+
logger$b.info(`Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`);
|
|
2078
2114
|
this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
|
|
2079
2115
|
return;
|
|
2080
2116
|
}
|
|
2081
2117
|
const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;
|
|
2082
2118
|
if (tenantId && clientId && certificatePath) {
|
|
2083
|
-
logger$
|
|
2119
|
+
logger$b.info(`Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`);
|
|
2084
2120
|
this._credential = new ClientCertificateCredential(tenantId, clientId, { certificatePath }, options);
|
|
2085
2121
|
return;
|
|
2086
2122
|
}
|
|
2087
2123
|
const username = process.env.AZURE_USERNAME;
|
|
2088
2124
|
const password = process.env.AZURE_PASSWORD;
|
|
2089
2125
|
if (tenantId && clientId && username && password) {
|
|
2090
|
-
logger$
|
|
2126
|
+
logger$b.info(`Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`);
|
|
2091
2127
|
this._credential = new UsernamePasswordCredential(tenantId, clientId, username, password, options);
|
|
2092
2128
|
}
|
|
2093
2129
|
}
|
|
@@ -2102,7 +2138,7 @@ class EnvironmentCredential {
|
|
|
2102
2138
|
if (this._credential) {
|
|
2103
2139
|
try {
|
|
2104
2140
|
const result = await this._credential.getToken(scopes, newOptions);
|
|
2105
|
-
logger$
|
|
2141
|
+
logger$b.getToken.info(formatSuccess(scopes));
|
|
2106
2142
|
return result;
|
|
2107
2143
|
}
|
|
2108
2144
|
catch (err) {
|
|
@@ -2110,7 +2146,7 @@ class EnvironmentCredential {
|
|
|
2110
2146
|
error: `${credentialName$1} authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`,
|
|
2111
2147
|
error_description: err.message.toString().split("More details:").join(""),
|
|
2112
2148
|
});
|
|
2113
|
-
logger$
|
|
2149
|
+
logger$b.getToken.info(formatError(scopes, authenticationError));
|
|
2114
2150
|
throw authenticationError;
|
|
2115
2151
|
}
|
|
2116
2152
|
}
|
|
@@ -2156,22 +2192,22 @@ function mapScopesToResource(scopes) {
|
|
|
2156
2192
|
}
|
|
2157
2193
|
|
|
2158
2194
|
// Copyright (c) Microsoft Corporation.
|
|
2159
|
-
const msiName = "ManagedIdentityCredential - AppServiceMSI 2017";
|
|
2160
|
-
const logger$
|
|
2195
|
+
const msiName$5 = "ManagedIdentityCredential - AppServiceMSI 2017";
|
|
2196
|
+
const logger$a = credentialLogger(msiName$5);
|
|
2161
2197
|
/**
|
|
2162
2198
|
* Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.
|
|
2163
2199
|
*/
|
|
2164
|
-
function expiresOnParser(requestBody) {
|
|
2200
|
+
function expiresOnParser$2(requestBody) {
|
|
2165
2201
|
// App Service always returns string expires_on values.
|
|
2166
2202
|
return Date.parse(requestBody.expires_on);
|
|
2167
2203
|
}
|
|
2168
2204
|
/**
|
|
2169
2205
|
* Generates the options used on the request for an access token.
|
|
2170
2206
|
*/
|
|
2171
|
-
function prepareRequestOptions(scopes, clientId) {
|
|
2207
|
+
function prepareRequestOptions$5(scopes, clientId) {
|
|
2172
2208
|
const resource = mapScopesToResource(scopes);
|
|
2173
2209
|
if (!resource) {
|
|
2174
|
-
throw new Error(`${msiName}: Multiple scopes are not supported.`);
|
|
2210
|
+
throw new Error(`${msiName$5}: Multiple scopes are not supported.`);
|
|
2175
2211
|
}
|
|
2176
2212
|
const queryParameters = {
|
|
2177
2213
|
resource,
|
|
@@ -2183,10 +2219,10 @@ function prepareRequestOptions(scopes, clientId) {
|
|
|
2183
2219
|
const query = new URLSearchParams(queryParameters);
|
|
2184
2220
|
// This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.
|
|
2185
2221
|
if (!process.env.MSI_ENDPOINT) {
|
|
2186
|
-
throw new Error(`${msiName}: Missing environment variable: MSI_ENDPOINT`);
|
|
2222
|
+
throw new Error(`${msiName$5}: Missing environment variable: MSI_ENDPOINT`);
|
|
2187
2223
|
}
|
|
2188
2224
|
if (!process.env.MSI_SECRET) {
|
|
2189
|
-
throw new Error(`${msiName}: Missing environment variable: MSI_SECRET`);
|
|
2225
|
+
throw new Error(`${msiName$5}: Missing environment variable: MSI_SECRET`);
|
|
2190
2226
|
}
|
|
2191
2227
|
return {
|
|
2192
2228
|
url: `${process.env.MSI_ENDPOINT}?${query.toString()}`,
|
|
@@ -2204,37 +2240,37 @@ const appServiceMsi2017 = {
|
|
|
2204
2240
|
async isAvailable(scopes) {
|
|
2205
2241
|
const resource = mapScopesToResource(scopes);
|
|
2206
2242
|
if (!resource) {
|
|
2207
|
-
logger$
|
|
2243
|
+
logger$a.info(`${msiName$5}: Unavailable. Multiple scopes are not supported.`);
|
|
2208
2244
|
return false;
|
|
2209
2245
|
}
|
|
2210
2246
|
const env = process.env;
|
|
2211
2247
|
const result = Boolean(env.MSI_ENDPOINT && env.MSI_SECRET);
|
|
2212
2248
|
if (!result) {
|
|
2213
|
-
logger$
|
|
2249
|
+
logger$a.info(`${msiName$5}: Unavailable. The environment variables needed are: MSI_ENDPOINT and MSI_SECRET.`);
|
|
2214
2250
|
}
|
|
2215
2251
|
return result;
|
|
2216
2252
|
},
|
|
2217
2253
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2218
2254
|
const { identityClient, scopes, clientId } = configuration;
|
|
2219
|
-
logger$
|
|
2220
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions(scopes, clientId)), {
|
|
2255
|
+
logger$a.info(`${msiName$5}: Using the endpoint and the secret coming form the environment variables: MSI_ENDPOINT=${process.env.MSI_ENDPOINT} and MSI_SECRET=[REDACTED].`);
|
|
2256
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$5(scopes, clientId)), {
|
|
2221
2257
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
2222
2258
|
allowInsecureConnection: true }));
|
|
2223
|
-
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);
|
|
2259
|
+
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser$2);
|
|
2224
2260
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
2225
2261
|
},
|
|
2226
2262
|
};
|
|
2227
2263
|
|
|
2228
2264
|
// Copyright (c) Microsoft Corporation.
|
|
2229
|
-
const msiName$
|
|
2230
|
-
const logger$
|
|
2265
|
+
const msiName$4 = "ManagedIdentityCredential - CloudShellMSI";
|
|
2266
|
+
const logger$9 = credentialLogger(msiName$4);
|
|
2231
2267
|
/**
|
|
2232
2268
|
* Generates the options used on the request for an access token.
|
|
2233
2269
|
*/
|
|
2234
|
-
function prepareRequestOptions$
|
|
2270
|
+
function prepareRequestOptions$4(scopes, clientId) {
|
|
2235
2271
|
const resource = mapScopesToResource(scopes);
|
|
2236
2272
|
if (!resource) {
|
|
2237
|
-
throw new Error(`${msiName$
|
|
2273
|
+
throw new Error(`${msiName$4}: Multiple scopes are not supported.`);
|
|
2238
2274
|
}
|
|
2239
2275
|
const body = {
|
|
2240
2276
|
resource,
|
|
@@ -2244,7 +2280,7 @@ function prepareRequestOptions$1(scopes, clientId) {
|
|
|
2244
2280
|
}
|
|
2245
2281
|
// This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.
|
|
2246
2282
|
if (!process.env.MSI_ENDPOINT) {
|
|
2247
|
-
throw new Error(`${msiName$
|
|
2283
|
+
throw new Error(`${msiName$4}: Missing environment variable: MSI_ENDPOINT`);
|
|
2248
2284
|
}
|
|
2249
2285
|
const params = new URLSearchParams(body);
|
|
2250
2286
|
return {
|
|
@@ -2260,24 +2296,28 @@ function prepareRequestOptions$1(scopes, clientId) {
|
|
|
2260
2296
|
}
|
|
2261
2297
|
/**
|
|
2262
2298
|
* Defines how to determine whether the Azure Cloud Shell MSI is available, and also how to retrieve a token from the Azure Cloud Shell MSI.
|
|
2299
|
+
* Since Azure Managed Identities aren't available in the Azure Cloud Shell, we log a warning for users that try to access cloud shell using user assigned identity.
|
|
2263
2300
|
*/
|
|
2264
2301
|
const cloudShellMsi = {
|
|
2265
2302
|
async isAvailable(scopes) {
|
|
2266
2303
|
const resource = mapScopesToResource(scopes);
|
|
2267
2304
|
if (!resource) {
|
|
2268
|
-
logger$
|
|
2305
|
+
logger$9.info(`${msiName$4}: Unavailable. Multiple scopes are not supported.`);
|
|
2269
2306
|
return false;
|
|
2270
2307
|
}
|
|
2271
2308
|
const result = Boolean(process.env.MSI_ENDPOINT);
|
|
2272
2309
|
if (!result) {
|
|
2273
|
-
logger$
|
|
2310
|
+
logger$9.info(`${msiName$4}: Unavailable. The environment variable MSI_ENDPOINT is needed.`);
|
|
2274
2311
|
}
|
|
2275
2312
|
return result;
|
|
2276
2313
|
},
|
|
2277
2314
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2278
2315
|
const { identityClient, scopes, clientId } = configuration;
|
|
2279
|
-
|
|
2280
|
-
|
|
2316
|
+
if (clientId) {
|
|
2317
|
+
logger$9.warning(`${msiName$4}: does not support user-assigned identities in the Cloud Shell environment. Argument clientId will be ignored.`);
|
|
2318
|
+
}
|
|
2319
|
+
logger$9.info(`${msiName$4}: Using the endpoint coming form the environment variable MSI_ENDPOINT = ${process.env.MSI_ENDPOINT}.`);
|
|
2320
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$4(scopes, clientId)), {
|
|
2281
2321
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
2282
2322
|
allowInsecureConnection: true }));
|
|
2283
2323
|
const tokenResponse = await identityClient.sendTokenRequest(request);
|
|
@@ -2286,8 +2326,8 @@ const cloudShellMsi = {
|
|
|
2286
2326
|
};
|
|
2287
2327
|
|
|
2288
2328
|
// Copyright (c) Microsoft Corporation.
|
|
2289
|
-
const msiName$
|
|
2290
|
-
const logger$
|
|
2329
|
+
const msiName$3 = "ManagedIdentityCredential - IMDS";
|
|
2330
|
+
const logger$8 = credentialLogger(msiName$3);
|
|
2291
2331
|
/**
|
|
2292
2332
|
* Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.
|
|
2293
2333
|
*/
|
|
@@ -2295,24 +2335,24 @@ function expiresOnParser$1(requestBody) {
|
|
|
2295
2335
|
if (requestBody.expires_on) {
|
|
2296
2336
|
// Use the expires_on timestamp if it's available
|
|
2297
2337
|
const expires = +requestBody.expires_on * 1000;
|
|
2298
|
-
logger$
|
|
2338
|
+
logger$8.info(`${msiName$3}: Using expires_on: ${expires} (original value: ${requestBody.expires_on})`);
|
|
2299
2339
|
return expires;
|
|
2300
2340
|
}
|
|
2301
2341
|
else {
|
|
2302
2342
|
// If these aren't possible, use expires_in and calculate a timestamp
|
|
2303
2343
|
const expires = Date.now() + requestBody.expires_in * 1000;
|
|
2304
|
-
logger$
|
|
2344
|
+
logger$8.info(`${msiName$3}: IMDS using expires_in: ${expires} (original value: ${requestBody.expires_in})`);
|
|
2305
2345
|
return expires;
|
|
2306
2346
|
}
|
|
2307
2347
|
}
|
|
2308
2348
|
/**
|
|
2309
2349
|
* Generates the options used on the request for an access token.
|
|
2310
2350
|
*/
|
|
2311
|
-
function prepareRequestOptions$
|
|
2351
|
+
function prepareRequestOptions$3(scopes, clientId, options) {
|
|
2312
2352
|
var _a;
|
|
2313
2353
|
const resource = mapScopesToResource(scopes);
|
|
2314
2354
|
if (!resource) {
|
|
2315
|
-
throw new Error(`${msiName$
|
|
2355
|
+
throw new Error(`${msiName$3}: Multiple scopes are not supported.`);
|
|
2316
2356
|
}
|
|
2317
2357
|
const { skipQuery, skipMetadataHeader } = options || {};
|
|
2318
2358
|
let query = "";
|
|
@@ -2359,7 +2399,7 @@ const imdsMsi = {
|
|
|
2359
2399
|
var _a, _b;
|
|
2360
2400
|
const resource = mapScopesToResource(scopes);
|
|
2361
2401
|
if (!resource) {
|
|
2362
|
-
logger$
|
|
2402
|
+
logger$8.info(`${msiName$3}: Unavailable. Multiple scopes are not supported.`);
|
|
2363
2403
|
return false;
|
|
2364
2404
|
}
|
|
2365
2405
|
const { span, updatedOptions: options } = createSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions);
|
|
@@ -2367,7 +2407,7 @@ const imdsMsi = {
|
|
|
2367
2407
|
if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {
|
|
2368
2408
|
return true;
|
|
2369
2409
|
}
|
|
2370
|
-
const requestOptions = prepareRequestOptions$
|
|
2410
|
+
const requestOptions = prepareRequestOptions$3(resource, clientId, {
|
|
2371
2411
|
skipMetadataHeader: true,
|
|
2372
2412
|
skipQuery: true,
|
|
2373
2413
|
});
|
|
@@ -2381,7 +2421,7 @@ const imdsMsi = {
|
|
|
2381
2421
|
// This MSI uses the imdsEndpoint to get the token, which only uses http://
|
|
2382
2422
|
request.allowInsecureConnection = true;
|
|
2383
2423
|
try {
|
|
2384
|
-
logger$
|
|
2424
|
+
logger$8.info(`${msiName$3}: Pinging the Azure IMDS endpoint`);
|
|
2385
2425
|
await identityClient.sendRequest(request);
|
|
2386
2426
|
}
|
|
2387
2427
|
catch (err) {
|
|
@@ -2393,7 +2433,7 @@ const imdsMsi = {
|
|
|
2393
2433
|
) {
|
|
2394
2434
|
// If the request failed, or Node.js was unable to establish a connection,
|
|
2395
2435
|
// or the host was down, we'll assume the IMDS endpoint isn't available.
|
|
2396
|
-
logger$
|
|
2436
|
+
logger$8.info(`${msiName$3}: The Azure IMDS endpoint is unavailable`);
|
|
2397
2437
|
span.setStatus({
|
|
2398
2438
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
2399
2439
|
message: err.message,
|
|
@@ -2402,13 +2442,13 @@ const imdsMsi = {
|
|
|
2402
2442
|
}
|
|
2403
2443
|
}
|
|
2404
2444
|
// If we received any response, the endpoint is available
|
|
2405
|
-
logger$
|
|
2445
|
+
logger$8.info(`${msiName$3}: The Azure IMDS endpoint is available`);
|
|
2406
2446
|
return true;
|
|
2407
2447
|
}
|
|
2408
2448
|
catch (err) {
|
|
2409
2449
|
// createWebResource failed.
|
|
2410
2450
|
// This error should bubble up to the user.
|
|
2411
|
-
logger$
|
|
2451
|
+
logger$8.info(`${msiName$3}: Error when creating the WebResource for the Azure IMDS endpoint: ${err.message}`);
|
|
2412
2452
|
span.setStatus({
|
|
2413
2453
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
2414
2454
|
message: err.message,
|
|
@@ -2421,11 +2461,11 @@ const imdsMsi = {
|
|
|
2421
2461
|
},
|
|
2422
2462
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2423
2463
|
const { identityClient, scopes, clientId } = configuration;
|
|
2424
|
-
logger$
|
|
2464
|
+
logger$8.info(`${msiName$3}: Using the Azure IMDS endpoint coming from the environment variable MSI_ENDPOINT=${process.env.MSI_ENDPOINT}, and using the cloud shell to proceed with the authentication.`);
|
|
2425
2465
|
let nextDelayInMs = imdsMsiRetryConfig.startDelayInMs;
|
|
2426
2466
|
for (let retries = 0; retries < imdsMsiRetryConfig.maxRetries; retries++) {
|
|
2427
2467
|
try {
|
|
2428
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$
|
|
2468
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$3(scopes, clientId)), { allowInsecureConnection: true }));
|
|
2429
2469
|
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser$1);
|
|
2430
2470
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
2431
2471
|
}
|
|
@@ -2438,20 +2478,20 @@ const imdsMsi = {
|
|
|
2438
2478
|
throw error;
|
|
2439
2479
|
}
|
|
2440
2480
|
}
|
|
2441
|
-
throw new AuthenticationError(404, `${msiName$
|
|
2481
|
+
throw new AuthenticationError(404, `${msiName$3}: Failed to retrieve IMDS token after ${imdsMsiRetryConfig.maxRetries} retries.`);
|
|
2442
2482
|
},
|
|
2443
2483
|
};
|
|
2444
2484
|
|
|
2445
2485
|
// Copyright (c) Microsoft Corporation.
|
|
2446
|
-
const msiName$
|
|
2447
|
-
const logger$
|
|
2486
|
+
const msiName$2 = "ManagedIdentityCredential - Azure Arc MSI";
|
|
2487
|
+
const logger$7 = credentialLogger(msiName$2);
|
|
2448
2488
|
/**
|
|
2449
2489
|
* Generates the options used on the request for an access token.
|
|
2450
2490
|
*/
|
|
2451
|
-
function prepareRequestOptions$
|
|
2491
|
+
function prepareRequestOptions$2(scopes) {
|
|
2452
2492
|
const resource = mapScopesToResource(scopes);
|
|
2453
2493
|
if (!resource) {
|
|
2454
|
-
throw new Error(`${msiName$
|
|
2494
|
+
throw new Error(`${msiName$2}: Multiple scopes are not supported.`);
|
|
2455
2495
|
}
|
|
2456
2496
|
const queryParameters = {
|
|
2457
2497
|
resource,
|
|
@@ -2460,7 +2500,7 @@ function prepareRequestOptions$3(scopes) {
|
|
|
2460
2500
|
const query = new URLSearchParams(queryParameters);
|
|
2461
2501
|
// This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.
|
|
2462
2502
|
if (!process.env.IDENTITY_ENDPOINT) {
|
|
2463
|
-
throw new Error(`${msiName$
|
|
2503
|
+
throw new Error(`${msiName$2}: Missing environment variable: IDENTITY_ENDPOINT`);
|
|
2464
2504
|
}
|
|
2465
2505
|
return coreRestPipeline.createPipelineRequest({
|
|
2466
2506
|
// Should be similar to: http://localhost:40342/metadata/identity/oauth2/token
|
|
@@ -2494,7 +2534,7 @@ async function filePathRequest(identityClient, requestPrepareOptions) {
|
|
|
2494
2534
|
if (response.bodyAsText) {
|
|
2495
2535
|
message = ` Response: ${response.bodyAsText}`;
|
|
2496
2536
|
}
|
|
2497
|
-
throw new AuthenticationError(response.status, `${msiName$
|
|
2537
|
+
throw new AuthenticationError(response.status, `${msiName$2}: To authenticate with Azure Arc MSI, status code 401 is expected on the first request. ${message}`);
|
|
2498
2538
|
}
|
|
2499
2539
|
const authHeader = response.headers.get("www-authenticate") || "";
|
|
2500
2540
|
try {
|
|
@@ -2511,26 +2551,26 @@ const arcMsi = {
|
|
|
2511
2551
|
async isAvailable(scopes) {
|
|
2512
2552
|
const resource = mapScopesToResource(scopes);
|
|
2513
2553
|
if (!resource) {
|
|
2514
|
-
logger$
|
|
2554
|
+
logger$7.info(`${msiName$2}: Unavailable. Multiple scopes are not supported.`);
|
|
2515
2555
|
return false;
|
|
2516
2556
|
}
|
|
2517
2557
|
const result = Boolean(process.env.IMDS_ENDPOINT && process.env.IDENTITY_ENDPOINT);
|
|
2518
2558
|
if (!result) {
|
|
2519
|
-
logger$
|
|
2559
|
+
logger$7.info(`${msiName$2}: The environment variables needed are: IMDS_ENDPOINT and IDENTITY_ENDPOINT`);
|
|
2520
2560
|
}
|
|
2521
2561
|
return result;
|
|
2522
2562
|
},
|
|
2523
2563
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2524
2564
|
var _a;
|
|
2525
2565
|
const { identityClient, scopes, clientId } = configuration;
|
|
2526
|
-
logger$
|
|
2566
|
+
logger$7.info(`${msiName$2}: Authenticating.`);
|
|
2527
2567
|
if (clientId) {
|
|
2528
|
-
throw new Error(`${msiName$
|
|
2568
|
+
throw new Error(`${msiName$2}: User assigned identity is not supported by the Azure Arc Managed Identity Endpoint. To authenticate with the system assigned identity, omit the client id when constructing the ManagedIdentityCredential, or if authenticating with the DefaultAzureCredential ensure the AZURE_CLIENT_ID environment variable is not set.`);
|
|
2529
2569
|
}
|
|
2530
|
-
const requestOptions = Object.assign(Object.assign({ disableJsonStringifyOnBody: true, deserializationMapper: undefined, abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$
|
|
2570
|
+
const requestOptions = Object.assign(Object.assign({ disableJsonStringifyOnBody: true, deserializationMapper: undefined, abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$2(scopes)), { allowInsecureConnection: true });
|
|
2531
2571
|
const filePath = await filePathRequest(identityClient, requestOptions);
|
|
2532
2572
|
if (!filePath) {
|
|
2533
|
-
throw new Error(`${msiName$
|
|
2573
|
+
throw new Error(`${msiName$2}: Failed to find the token file.`);
|
|
2534
2574
|
}
|
|
2535
2575
|
const key = await readFileAsync$1(filePath, { encoding: "utf-8" });
|
|
2536
2576
|
(_a = requestOptions.headers) === null || _a === void 0 ? void 0 : _a.set("Authorization", `Basic ${key}`);
|
|
@@ -2543,13 +2583,13 @@ const arcMsi = {
|
|
|
2543
2583
|
};
|
|
2544
2584
|
|
|
2545
2585
|
// Copyright (c) Microsoft Corporation.
|
|
2546
|
-
const msiName$
|
|
2547
|
-
const logger$
|
|
2548
|
-
const readFileAsync
|
|
2586
|
+
const msiName$1 = "ManagedIdentityCredential - Token Exchange";
|
|
2587
|
+
const logger$6 = credentialLogger(msiName$1);
|
|
2588
|
+
const readFileAsync = util.promisify(fs__default["default"].readFile);
|
|
2549
2589
|
/**
|
|
2550
2590
|
* Generates the options used on the request for an access token.
|
|
2551
2591
|
*/
|
|
2552
|
-
function prepareRequestOptions$
|
|
2592
|
+
function prepareRequestOptions$1(scopes, clientAssertion, clientId) {
|
|
2553
2593
|
var _a;
|
|
2554
2594
|
const bodyParams = {
|
|
2555
2595
|
scope: Array.isArray(scopes) ? scopes.join(" ") : scopes,
|
|
@@ -2583,7 +2623,7 @@ function tokenExchangeMsi() {
|
|
|
2583
2623
|
azureFederatedTokenFileContent = undefined;
|
|
2584
2624
|
}
|
|
2585
2625
|
if (!azureFederatedTokenFileContent) {
|
|
2586
|
-
const file = await readFileAsync
|
|
2626
|
+
const file = await readFileAsync(azureFederatedTokenFilePath, "utf8");
|
|
2587
2627
|
const value = file.trim();
|
|
2588
2628
|
if (!value) {
|
|
2589
2629
|
throw new Error(`No content on the file ${azureFederatedTokenFilePath}, indicated by the environment variable AZURE_FEDERATED_TOKEN_FILE`);
|
|
@@ -2600,21 +2640,21 @@ function tokenExchangeMsi() {
|
|
|
2600
2640
|
const env = process.env;
|
|
2601
2641
|
const result = Boolean((clientId || env.AZURE_CLIENT_ID) && env.AZURE_TENANT_ID && azureFederatedTokenFilePath);
|
|
2602
2642
|
if (!result) {
|
|
2603
|
-
logger$
|
|
2643
|
+
logger$6.info(`${msiName$1}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`);
|
|
2604
2644
|
}
|
|
2605
2645
|
return result;
|
|
2606
2646
|
},
|
|
2607
2647
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2608
2648
|
const { identityClient, scopes, clientId } = configuration;
|
|
2609
|
-
logger$
|
|
2649
|
+
logger$6.info(`${msiName$1}: Using the client assertion coming from environment variables.`);
|
|
2610
2650
|
let assertion;
|
|
2611
2651
|
try {
|
|
2612
2652
|
assertion = await readAssertion();
|
|
2613
2653
|
}
|
|
2614
2654
|
catch (err) {
|
|
2615
|
-
throw new Error(`${msiName$
|
|
2655
|
+
throw new Error(`${msiName$1}: Failed to read ${azureFederatedTokenFilePath}, indicated by the environment variable AZURE_FEDERATED_TOKEN_FILE`);
|
|
2616
2656
|
}
|
|
2617
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$
|
|
2657
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$1(scopes, assertion, clientId || process.env.AZURE_CLIENT_ID)), {
|
|
2618
2658
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
2619
2659
|
allowInsecureConnection: true }));
|
|
2620
2660
|
const tokenResponse = await identityClient.sendTokenRequest(request);
|
|
@@ -2634,22 +2674,22 @@ function tokenExchangeMsi() {
|
|
|
2634
2674
|
//
|
|
2635
2675
|
// curl --insecure $IDENTITY_ENDPOINT'?api-version=2019-07-01-preview&resource=https://vault.azure.net/' -H "Secret: $IDENTITY_HEADER"
|
|
2636
2676
|
//
|
|
2637
|
-
const msiName
|
|
2638
|
-
const logger$
|
|
2677
|
+
const msiName = "ManagedIdentityCredential - Fabric MSI";
|
|
2678
|
+
const logger$5 = credentialLogger(msiName);
|
|
2639
2679
|
/**
|
|
2640
2680
|
* Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.
|
|
2641
2681
|
*/
|
|
2642
|
-
function expiresOnParser
|
|
2682
|
+
function expiresOnParser(requestBody) {
|
|
2643
2683
|
// Parses a string representation of the milliseconds since epoch into a number value
|
|
2644
2684
|
return Number(requestBody.expires_on);
|
|
2645
2685
|
}
|
|
2646
2686
|
/**
|
|
2647
2687
|
* Generates the options used on the request for an access token.
|
|
2648
2688
|
*/
|
|
2649
|
-
function prepareRequestOptions
|
|
2689
|
+
function prepareRequestOptions(scopes, clientId) {
|
|
2650
2690
|
const resource = mapScopesToResource(scopes);
|
|
2651
2691
|
if (!resource) {
|
|
2652
|
-
throw new Error(`${msiName
|
|
2692
|
+
throw new Error(`${msiName}: Multiple scopes are not supported.`);
|
|
2653
2693
|
}
|
|
2654
2694
|
const queryParameters = {
|
|
2655
2695
|
resource,
|
|
@@ -2682,38 +2722,38 @@ const fabricMsi = {
|
|
|
2682
2722
|
async isAvailable(scopes) {
|
|
2683
2723
|
const resource = mapScopesToResource(scopes);
|
|
2684
2724
|
if (!resource) {
|
|
2685
|
-
logger$
|
|
2725
|
+
logger$5.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);
|
|
2686
2726
|
return false;
|
|
2687
2727
|
}
|
|
2688
2728
|
const env = process.env;
|
|
2689
2729
|
const result = Boolean(env.IDENTITY_ENDPOINT && env.IDENTITY_HEADER && env.IDENTITY_SERVER_THUMBPRINT);
|
|
2690
2730
|
if (!result) {
|
|
2691
|
-
logger$
|
|
2731
|
+
logger$5.info(`${msiName}: Unavailable. The environment variables needed are: IDENTITY_ENDPOINT, IDENTITY_HEADER and IDENTITY_SERVER_THUMBPRINT`);
|
|
2692
2732
|
}
|
|
2693
2733
|
return result;
|
|
2694
2734
|
},
|
|
2695
2735
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2696
2736
|
const { scopes, identityClient, clientId } = configuration;
|
|
2697
|
-
logger$
|
|
2698
|
-
`${msiName
|
|
2737
|
+
logger$5.info([
|
|
2738
|
+
`${msiName}:`,
|
|
2699
2739
|
"Using the endpoint and the secret coming from the environment variables:",
|
|
2700
2740
|
`IDENTITY_ENDPOINT=${process.env.IDENTITY_ENDPOINT},`,
|
|
2701
2741
|
"IDENTITY_HEADER=[REDACTED] and",
|
|
2702
2742
|
"IDENTITY_SERVER_THUMBPRINT=[REDACTED].",
|
|
2703
2743
|
].join(" "));
|
|
2704
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions
|
|
2705
|
-
request.agent = new
|
|
2744
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions(scopes, clientId)));
|
|
2745
|
+
request.agent = new https__default["default"].Agent({
|
|
2706
2746
|
// This is necessary because Service Fabric provides a self-signed certificate.
|
|
2707
2747
|
// The alternative path is to verify the certificate using the IDENTITY_SERVER_THUMBPRINT env variable.
|
|
2708
2748
|
rejectUnauthorized: false,
|
|
2709
2749
|
});
|
|
2710
|
-
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser
|
|
2750
|
+
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);
|
|
2711
2751
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
2712
2752
|
},
|
|
2713
2753
|
};
|
|
2714
2754
|
|
|
2715
2755
|
// Copyright (c) Microsoft Corporation.
|
|
2716
|
-
const logger$
|
|
2756
|
+
const logger$4 = credentialLogger("ManagedIdentityCredential");
|
|
2717
2757
|
/**
|
|
2718
2758
|
* Attempts authentication using a managed identity available at the deployment environment.
|
|
2719
2759
|
* This authentication type works in Azure VMs, App Service instances, Azure Functions applications,
|
|
@@ -2800,7 +2840,7 @@ class ManagedIdentityCredential {
|
|
|
2800
2840
|
// It also means that the endpoint answered with either 200 or 201 (see the sendTokenRequest method),
|
|
2801
2841
|
// yet we had no access token. For this reason, we'll throw once with a specific message:
|
|
2802
2842
|
const error = new CredentialUnavailableError("The managed identity endpoint was reached, yet no tokens were received.");
|
|
2803
|
-
logger$
|
|
2843
|
+
logger$4.getToken.info(formatError(scopes, error));
|
|
2804
2844
|
throw error;
|
|
2805
2845
|
}
|
|
2806
2846
|
// Since `authenticateManagedIdentity` didn't throw, and the result was not null,
|
|
@@ -2812,10 +2852,10 @@ class ManagedIdentityCredential {
|
|
|
2812
2852
|
// We've previously determined that the endpoint was unavailable,
|
|
2813
2853
|
// either because it was unreachable or permanently unable to authenticate.
|
|
2814
2854
|
const error = new CredentialUnavailableError("The managed identity endpoint is not currently available");
|
|
2815
|
-
logger$
|
|
2855
|
+
logger$4.getToken.info(formatError(scopes, error));
|
|
2816
2856
|
throw error;
|
|
2817
2857
|
}
|
|
2818
|
-
logger$
|
|
2858
|
+
logger$4.getToken.info(formatSuccess(scopes));
|
|
2819
2859
|
return result;
|
|
2820
2860
|
}
|
|
2821
2861
|
catch (err) {
|
|
@@ -2837,14 +2877,14 @@ class ManagedIdentityCredential {
|
|
|
2837
2877
|
// we can safely assume the credential is unavailable.
|
|
2838
2878
|
if (err.code === "ENETUNREACH") {
|
|
2839
2879
|
const error = new CredentialUnavailableError(`${ManagedIdentityCredential.name}: Unavailable. Network unreachable. Message: ${err.message}`);
|
|
2840
|
-
logger$
|
|
2880
|
+
logger$4.getToken.info(formatError(scopes, error));
|
|
2841
2881
|
throw error;
|
|
2842
2882
|
}
|
|
2843
2883
|
// If either the host was unreachable,
|
|
2844
2884
|
// we can safely assume the credential is unavailable.
|
|
2845
2885
|
if (err.code === "EHOSTUNREACH") {
|
|
2846
2886
|
const error = new CredentialUnavailableError(`${ManagedIdentityCredential.name}: Unavailable. No managed identity endpoint found. Message: ${err.message}`);
|
|
2847
|
-
logger$
|
|
2887
|
+
logger$4.getToken.info(formatError(scopes, error));
|
|
2848
2888
|
throw error;
|
|
2849
2889
|
}
|
|
2850
2890
|
// If err.statusCode has a value of 400, it comes from sendTokenRequest,
|
|
@@ -2938,7 +2978,7 @@ class DefaultAzureCredential extends ChainedTokenCredential {
|
|
|
2938
2978
|
* @internal
|
|
2939
2979
|
*/
|
|
2940
2980
|
const interactiveBrowserMockable = {
|
|
2941
|
-
open,
|
|
2981
|
+
open: open__default["default"],
|
|
2942
2982
|
};
|
|
2943
2983
|
/**
|
|
2944
2984
|
* This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`
|
|
@@ -3020,8 +3060,8 @@ class MsalOpenBrowser extends MsalNode {
|
|
|
3020
3060
|
cleanup();
|
|
3021
3061
|
});
|
|
3022
3062
|
};
|
|
3023
|
-
const app =
|
|
3024
|
-
const server =
|
|
3063
|
+
const app = http__default["default"].createServer(requestListener);
|
|
3064
|
+
const server = stoppable__default["default"](app);
|
|
3025
3065
|
const listen = app.listen(this.port, this.hostname, () => this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`));
|
|
3026
3066
|
function cleanup() {
|
|
3027
3067
|
if (listen) {
|
|
@@ -3068,7 +3108,7 @@ class MsalOpenBrowser extends MsalNode {
|
|
|
3068
3108
|
}
|
|
3069
3109
|
async openAuthCodeUrl(scopeArray, options) {
|
|
3070
3110
|
// Initialize CryptoProvider instance
|
|
3071
|
-
const cryptoProvider = new
|
|
3111
|
+
const cryptoProvider = new msalNode__namespace.CryptoProvider();
|
|
3072
3112
|
// Generate PKCE Codes before starting the authorization flow
|
|
3073
3113
|
this.pkceCodes = await cryptoProvider.generatePkceCodes();
|
|
3074
3114
|
const authCodeUrlParameters = {
|
|
@@ -3092,7 +3132,7 @@ class MsalOpenBrowser extends MsalNode {
|
|
|
3092
3132
|
}
|
|
3093
3133
|
|
|
3094
3134
|
// Copyright (c) Microsoft Corporation.
|
|
3095
|
-
const logger$
|
|
3135
|
+
const logger$3 = credentialLogger("InteractiveBrowserCredential");
|
|
3096
3136
|
/**
|
|
3097
3137
|
* Enables authentication to Azure Active Directory inside of the web browser
|
|
3098
3138
|
* using the interactive login flow.
|
|
@@ -3114,7 +3154,7 @@ class InteractiveBrowserCredential {
|
|
|
3114
3154
|
const redirectUri = typeof options.redirectUri === "function"
|
|
3115
3155
|
? options.redirectUri()
|
|
3116
3156
|
: options.redirectUri || "http://localhost";
|
|
3117
|
-
this.msalFlow = new MsalOpenBrowser(Object.assign(Object.assign({}, options), { tokenCredentialOptions: options, logger: logger$
|
|
3157
|
+
this.msalFlow = new MsalOpenBrowser(Object.assign(Object.assign({}, options), { tokenCredentialOptions: options, logger: logger$3,
|
|
3118
3158
|
redirectUri }));
|
|
3119
3159
|
this.disableAutomaticAuthentication = options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication;
|
|
3120
3160
|
}
|
|
@@ -3193,7 +3233,7 @@ class MsalDeviceCode extends MsalNode {
|
|
|
3193
3233
|
}
|
|
3194
3234
|
|
|
3195
3235
|
// Copyright (c) Microsoft Corporation.
|
|
3196
|
-
const logger$
|
|
3236
|
+
const logger$2 = credentialLogger("DeviceCodeCredential");
|
|
3197
3237
|
/**
|
|
3198
3238
|
* Method that logs the user code from the DeviceCodeCredential.
|
|
3199
3239
|
* @param deviceCodeInfo - The device code.
|
|
@@ -3227,7 +3267,7 @@ class DeviceCodeCredential {
|
|
|
3227
3267
|
* @param options - Options for configuring the client which makes the authentication requests.
|
|
3228
3268
|
*/
|
|
3229
3269
|
constructor(options) {
|
|
3230
|
-
this.msalFlow = new MsalDeviceCode(Object.assign(Object.assign({}, options), { logger: logger$
|
|
3270
|
+
this.msalFlow = new MsalDeviceCode(Object.assign(Object.assign({}, options), { logger: logger$2, userPromptCallback: (options === null || options === void 0 ? void 0 : options.userPromptCallback) || defaultDeviceCodePromptCallback, tokenCredentialOptions: options || {} }));
|
|
3231
3271
|
this.disableAutomaticAuthentication = options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication;
|
|
3232
3272
|
}
|
|
3233
3273
|
/**
|
|
@@ -3309,7 +3349,7 @@ class MsalAuthorizationCode extends MsalNode {
|
|
|
3309
3349
|
}
|
|
3310
3350
|
|
|
3311
3351
|
// Copyright (c) Microsoft Corporation.
|
|
3312
|
-
const logger$
|
|
3352
|
+
const logger$1 = credentialLogger("AuthorizationCodeCredential");
|
|
3313
3353
|
/**
|
|
3314
3354
|
* Enables authentication to Azure Active Directory using an authorization code
|
|
3315
3355
|
* that was obtained through the authorization code flow, described in more detail
|
|
@@ -3323,7 +3363,7 @@ class AuthorizationCodeCredential {
|
|
|
3323
3363
|
* @internal
|
|
3324
3364
|
*/
|
|
3325
3365
|
constructor(tenantId, clientId, clientSecretOrAuthorizationCode, authorizationCodeOrRedirectUri, redirectUriOrOptions, options) {
|
|
3326
|
-
checkTenantId(logger$
|
|
3366
|
+
checkTenantId(logger$1, tenantId);
|
|
3327
3367
|
let clientSecret = clientSecretOrAuthorizationCode;
|
|
3328
3368
|
if (typeof redirectUriOrOptions === "string") {
|
|
3329
3369
|
// the clientId+clientSecret constructor
|
|
@@ -3339,7 +3379,7 @@ class AuthorizationCodeCredential {
|
|
|
3339
3379
|
options = redirectUriOrOptions;
|
|
3340
3380
|
}
|
|
3341
3381
|
this.msalFlow = new MsalAuthorizationCode(Object.assign(Object.assign({}, options), { clientSecret,
|
|
3342
|
-
clientId, tokenCredentialOptions: options || {}, logger: logger$
|
|
3382
|
+
clientId, tokenCredentialOptions: options || {}, logger: logger$1, redirectUri: this.redirectUri, authorizationCode: this.authorizationCode }));
|
|
3343
3383
|
}
|
|
3344
3384
|
/**
|
|
3345
3385
|
* Authenticates with Azure Active Directory and returns an access token if successful.
|
|
@@ -3411,8 +3451,8 @@ class MsalOnBehalfOf extends MsalNode {
|
|
|
3411
3451
|
}
|
|
3412
3452
|
|
|
3413
3453
|
// Copyright (c) Microsoft Corporation.
|
|
3414
|
-
const credentialName
|
|
3415
|
-
const logger
|
|
3454
|
+
const credentialName = "OnBehalfOfCredential";
|
|
3455
|
+
const logger = credentialLogger(credentialName);
|
|
3416
3456
|
/**
|
|
3417
3457
|
* Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
|
|
3418
3458
|
*/
|
|
@@ -3444,9 +3484,9 @@ class OnBehalfOfCredential {
|
|
|
3444
3484
|
const { certificatePath } = options;
|
|
3445
3485
|
const { tenantId, clientId, userAssertionToken } = options;
|
|
3446
3486
|
if (!tenantId || !clientId || !(clientSecret || certificatePath) || !userAssertionToken) {
|
|
3447
|
-
throw new Error(`${credentialName
|
|
3487
|
+
throw new Error(`${credentialName}: tenantId, clientId, clientSecret (or certificatePath) and userAssertionToken are required parameters.`);
|
|
3448
3488
|
}
|
|
3449
|
-
this.msalFlow = new MsalOnBehalfOf(Object.assign(Object.assign({}, this.options), { logger
|
|
3489
|
+
this.msalFlow = new MsalOnBehalfOf(Object.assign(Object.assign({}, this.options), { logger, tokenCredentialOptions: this.options }));
|
|
3450
3490
|
}
|
|
3451
3491
|
/**
|
|
3452
3492
|
* Authenticates with Azure Active Directory and returns an access token if successful.
|
|
@@ -3456,7 +3496,7 @@ class OnBehalfOfCredential {
|
|
|
3456
3496
|
* @param options - The options used to configure the underlying network requests.
|
|
3457
3497
|
*/
|
|
3458
3498
|
async getToken(scopes, options = {}) {
|
|
3459
|
-
return trace(`${credentialName
|
|
3499
|
+
return trace(`${credentialName}.getToken`, options, async (newOptions) => {
|
|
3460
3500
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
3461
3501
|
return this.msalFlow.getToken(arrayScopes, newOptions);
|
|
3462
3502
|
});
|
|
@@ -3494,7 +3534,7 @@ exports.UsernamePasswordCredential = UsernamePasswordCredential;
|
|
|
3494
3534
|
exports.VisualStudioCodeCredential = VisualStudioCodeCredential;
|
|
3495
3535
|
exports.deserializeAuthenticationRecord = deserializeAuthenticationRecord;
|
|
3496
3536
|
exports.getDefaultAzureCredential = getDefaultAzureCredential;
|
|
3497
|
-
exports.logger = logger;
|
|
3537
|
+
exports.logger = logger$j;
|
|
3498
3538
|
exports.serializeAuthenticationRecord = serializeAuthenticationRecord;
|
|
3499
3539
|
exports.useIdentityPlugin = useIdentityPlugin;
|
|
3500
3540
|
//# sourceMappingURL=index.js.map
|