@azure/identity 2.0.2 → 2.0.4-alpha.20220217.2

package/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Release History
 
+## 2.0.4 (Unreleased)
+
+### Features Added
+
+### Breaking Changes
+
+### Bugs Fixed
+
+### Other Changes
+
+## 2.0.3 (2022-02-16)
+
+### Features Added
+
+- Added log warning for non-support of user assigned identity in Managed Identity credentials in Cloud Shell environments.
+
+### Bugs Fixed
+
+- Fixed bug that duplicated the tenant Id on the URI of outgoing requests when passing an `authorityHost` ending with a tenant Id.
+- `ManagedIdentityCredential` now won't retry when it tries to ping the IMDS endpoint.
+- Now we are specifying the maximum number of retries to 3 to ensure that maximum retries won't change without notice.
+
 ## 2.0.2 (2022-02-03)
 
 ### Features Added

package/dist/index.js

@@ -123,7 +123,7 @@ class AuthenticationError extends Error {
                 errorDescription: "An unknown error occurred and no additional details are available.",
             };
         }
-        super(`${errorResponse.error}(status code ${statusCode}).\nMore details:\n${errorResponse.errorDescription}`);
+        super(`${errorResponse.error} Status code: ${statusCode}\nMore details:\n${errorResponse.errorDescription}`);
         this.statusCode = statusCode;
         this.errorResponse = errorResponse;
         // Ensure that this type reports the correct name
@@ -318,10 +318,14 @@ function credentialLoggerInstance(title, parent, log = logger$j) {
     function info(message) {
         log.info(`${fullTitle} =>`, message);
     }
+    function warning(message) {
+        log.warning(`${fullTitle} =>`, message);
+    }
     return {
         title,
         fullTitle,
         info,
+        warning,
     };
 }
 /**
@@ -364,7 +368,7 @@ function getIdentityClientAuthorityHost(options) {
 class IdentityClient extends coreClient.ServiceClient {
     constructor(options) {
         var _a;
-        const packageDetails = `azsdk-js-identity/2.0.2`;
+        const packageDetails = `azsdk-js-identity/2.0.4`;
         const userAgentPrefix = ((_a = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a === void 0 ? void 0 : _a.userAgentPrefix)
             ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
             : `${packageDetails}`;
@@ -372,7 +376,9 @@ class IdentityClient extends coreClient.ServiceClient {
         if (!baseUri.startsWith("https:")) {
             throw new Error("The authorityHost address must use the 'https' protocol.");
         }
-        super(Object.assign(Object.assign({ requestContentType: "application/json; charset=utf-8" }, options), { userAgentOptions: {
+        super(Object.assign(Object.assign({ requestContentType: "application/json; charset=utf-8", retryOptions: {
+                maxRetries: 3,
+            } }, options), { userAgentOptions: {
                 userAgentPrefix,
             }, baseUri }));
         this.authorityHost = baseUri;
@@ -597,6 +603,9 @@ function getAuthority(tenantId, host) {
     if (!host) {
         host = DefaultAuthorityHost;
     }
+    if (new RegExp(`${tenantId}/?$`).test(host)) {
+        return host;
+    }
     if (host.endsWith("/")) {
         return host + tenantId;
     }
@@ -2292,6 +2301,7 @@ function prepareRequestOptions$4(scopes, clientId) {
 }
 /**
  * Defines how to determine whether the Azure Cloud Shell MSI is available, and also how to retrieve a token from the Azure Cloud Shell MSI.
+ * Since Azure Managed Identities aren't available in the Azure Cloud Shell, we log a warning for users that try to access cloud shell using user assigned identity.
  */
 const cloudShellMsi = {
     async isAvailable(scopes) {
@@ -2308,6 +2318,9 @@ const cloudShellMsi = {
     },
     async getToken(configuration, getTokenOptions = {}) {
         const { identityClient, scopes, clientId } = configuration;
+        if (clientId) {
+            logger$9.warning(`${msiName$4}: does not support user-assigned identities in the Cloud Shell environment. Argument clientId will be ignored.`);
+        }
         logger$9.info(`${msiName$4}: Using the endpoint coming form the environment variable MSI_ENDPOINT = ${process.env.MSI_ENDPOINT}.`);
         const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$4(scopes, clientId)), { 
             // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
@@ -2761,15 +2774,20 @@ class ManagedIdentityCredential {
      */
     constructor(clientIdOrOptions, options) {
         this.isEndpointUnavailable = null;
+        let _options;
         if (typeof clientIdOrOptions === "string") {
             // clientId, options constructor
             this.clientId = clientIdOrOptions;
-            this.identityClient = new IdentityClient(options);
+            _options = options;
         }
         else {
             // options only constructor
-            this.identityClient = new IdentityClient(clientIdOrOptions);
+            _options = options;
         }
+        this.identityClient = new IdentityClient(_options);
+        this.isAvailableIdentityClient = new IdentityClient(Object.assign(Object.assign({}, _options), { retryOptions: {
+                maxRetries: 0,
+            } }));
     }
     async cachedAvailableMSI(scopes, clientId, getTokenOptions) {
         if (this.cachedMSI) {
@@ -2777,7 +2795,7 @@ class ManagedIdentityCredential {
         }
         const MSIs = [fabricMsi, appServiceMsi2017, cloudShellMsi, arcMsi, tokenExchangeMsi(), imdsMsi];
         for (const msi of MSIs) {
-            if (await msi.isAvailable(scopes, this.identityClient, clientId, getTokenOptions)) {
+            if (await msi.isAvailable(scopes, this.isAvailableIdentityClient, clientId, getTokenOptions)) {
                 this.cachedMSI = msi;
                 return msi;
             }