@azure/identity 2.1.0-alpha.20220404.1 → 2.1.0-alpha.20220412.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of @azure/identity might be problematic. Click here for more details.
- package/CHANGELOG.md +12 -0
- package/dist/index.js +150 -205
- package/dist/index.js.map +1 -1
- package/dist-esm/src/client/identityClient.js +34 -45
- package/dist-esm/src/client/identityClient.js.map +1 -1
- package/dist-esm/src/constants.js +4 -0
- package/dist-esm/src/constants.js.map +1 -1
- package/dist-esm/src/credentials/authorizationCodeCredential.js +2 -2
- package/dist-esm/src/credentials/authorizationCodeCredential.js.map +1 -1
- package/dist-esm/src/credentials/azureCliCredential.js +32 -36
- package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
- package/dist-esm/src/credentials/azurePowerShellCredential.js +2 -2
- package/dist-esm/src/credentials/azurePowerShellCredential.js.map +1 -1
- package/dist-esm/src/credentials/chainedTokenCredential.js +27 -32
- package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
- package/dist-esm/src/credentials/clientCertificateCredential.js +2 -2
- package/dist-esm/src/credentials/clientCertificateCredential.js.map +1 -1
- package/dist-esm/src/credentials/clientSecretCredential.browser.js +31 -38
- package/dist-esm/src/credentials/clientSecretCredential.browser.js.map +1 -1
- package/dist-esm/src/credentials/clientSecretCredential.js +2 -2
- package/dist-esm/src/credentials/clientSecretCredential.js.map +1 -1
- package/dist-esm/src/credentials/deviceCodeCredential.js +3 -3
- package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
- package/dist-esm/src/credentials/environmentCredential.js +2 -2
- package/dist-esm/src/credentials/environmentCredential.js.map +1 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js +3 -3
- package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map +1 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.js +3 -3
- package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js +37 -48
- package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/index.js +7 -8
- package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +1 -1
- package/dist-esm/src/credentials/onBehalfOfCredential.js +2 -2
- package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist-esm/src/credentials/usernamePasswordCredential.browser.js +4 -5
- package/dist-esm/src/credentials/usernamePasswordCredential.browser.js.map +1 -1
- package/dist-esm/src/credentials/usernamePasswordCredential.js +2 -2
- package/dist-esm/src/credentials/usernamePasswordCredential.js.map +1 -1
- package/dist-esm/src/util/tracing.js +5 -36
- package/dist-esm/src/util/tracing.js.map +1 -1
- package/package.json +4 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# Release History
|
|
2
2
|
|
|
3
|
+
## 2.1.0-beta.3 (Unknown)
|
|
4
|
+
|
|
5
|
+
### Features Added
|
|
6
|
+
|
|
7
|
+
### Breaking Changes
|
|
8
|
+
|
|
9
|
+
### Bugs Fixed
|
|
10
|
+
|
|
11
|
+
### Other Changes
|
|
12
|
+
|
|
13
|
+
- Upgraded to `@azure/core-tracing` version `^1.0.0`.
|
|
14
|
+
|
|
3
15
|
## 2.1.0-beta.2 (2022-03-22)
|
|
4
16
|
|
|
5
17
|
### Features Added
|
package/dist/index.js
CHANGED
|
@@ -3,11 +3,11 @@
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
5
|
var msalNode = require('@azure/msal-node');
|
|
6
|
-
var coreTracing = require('@azure/core-tracing');
|
|
7
6
|
var coreClient = require('@azure/core-client');
|
|
8
7
|
var coreUtil = require('@azure/core-util');
|
|
9
8
|
var coreRestPipeline = require('@azure/core-rest-pipeline');
|
|
10
9
|
var abortController = require('@azure/abort-controller');
|
|
10
|
+
var coreTracing = require('@azure/core-tracing');
|
|
11
11
|
var logger$l = require('@azure/logger');
|
|
12
12
|
var msalCommon = require('@azure/msal-common');
|
|
13
13
|
var uuid = require('uuid');
|
|
@@ -186,6 +186,10 @@ function getIdentityTokenEndpointSuffix(tenantId) {
|
|
|
186
186
|
|
|
187
187
|
// Copyright (c) Microsoft Corporation.
|
|
188
188
|
// Licensed under the MIT license.
|
|
189
|
+
/**
|
|
190
|
+
* Current version of the `@azure/identity` package.
|
|
191
|
+
*/
|
|
192
|
+
const SDK_VERSION = `2.1.0-beta.3`;
|
|
189
193
|
/**
|
|
190
194
|
* The default client ID for authentication
|
|
191
195
|
* @internal
|
|
@@ -231,43 +235,11 @@ const DefaultAuthorityHost = exports.AzureAuthorityHosts.AzurePublicCloud;
|
|
|
231
235
|
* Creates a span using the global tracer.
|
|
232
236
|
* @internal
|
|
233
237
|
*/
|
|
234
|
-
const
|
|
235
|
-
packagePrefix: "",
|
|
238
|
+
const tracingClient = coreTracing.createTracingClient({
|
|
236
239
|
namespace: "Microsoft.AAD",
|
|
240
|
+
packageName: "@azure/identity",
|
|
241
|
+
packageVersion: SDK_VERSION,
|
|
237
242
|
});
|
|
238
|
-
/**
|
|
239
|
-
* From: https://github.com/Azure/azure-sdk-for-js/blob/46139daa3317a0d12e8b55b02b9d9cdf1b2e762a/sdk/appconfiguration/app-configuration/src/internal/tracingHelpers.ts
|
|
240
|
-
* Traces an operation and properly handles reporting start, end and errors for a given span
|
|
241
|
-
*
|
|
242
|
-
* @param operationName - Name of a method in the TClient type
|
|
243
|
-
* @param options - An options class, typically derived from \@azure/core-rest-pipeline/RequestOptionsBase
|
|
244
|
-
* @param fn - The function to call with an options class that properly propagates the span context
|
|
245
|
-
*
|
|
246
|
-
* @internal
|
|
247
|
-
*/
|
|
248
|
-
async function trace(operationName, options, fn, createSpanFn = createSpan) {
|
|
249
|
-
const { updatedOptions, span } = createSpanFn(operationName, options);
|
|
250
|
-
try {
|
|
251
|
-
// NOTE: we really do need to await on this function here so we can handle any exceptions thrown and properly
|
|
252
|
-
// close the span.
|
|
253
|
-
const result = await fn(updatedOptions, span);
|
|
254
|
-
// otel 0.16+ needs this or else the code ends up being set as UNSET
|
|
255
|
-
span.setStatus({
|
|
256
|
-
code: coreTracing.SpanStatusCode.OK,
|
|
257
|
-
});
|
|
258
|
-
return result;
|
|
259
|
-
}
|
|
260
|
-
catch (err) {
|
|
261
|
-
span.setStatus({
|
|
262
|
-
code: coreTracing.SpanStatusCode.ERROR,
|
|
263
|
-
message: err.message,
|
|
264
|
-
});
|
|
265
|
-
throw err;
|
|
266
|
-
}
|
|
267
|
-
finally {
|
|
268
|
-
span.end();
|
|
269
|
-
}
|
|
270
|
-
}
|
|
271
243
|
|
|
272
244
|
// Copyright (c) Microsoft Corporation.
|
|
273
245
|
/**
|
|
@@ -368,7 +340,7 @@ function getIdentityClientAuthorityHost(options) {
|
|
|
368
340
|
class IdentityClient extends coreClient.ServiceClient {
|
|
369
341
|
constructor(options) {
|
|
370
342
|
var _a, _b;
|
|
371
|
-
const packageDetails = `azsdk-js-identity
|
|
343
|
+
const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;
|
|
372
344
|
const userAgentPrefix = ((_a = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a === void 0 ? void 0 : _a.userAgentPrefix)
|
|
373
345
|
? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
|
|
374
346
|
: `${packageDetails}`;
|
|
@@ -415,12 +387,11 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
415
387
|
throw error;
|
|
416
388
|
}
|
|
417
389
|
}
|
|
418
|
-
async refreshAccessToken(tenantId, clientId, scopes, refreshToken, clientSecret, expiresOnParser, options) {
|
|
390
|
+
async refreshAccessToken(tenantId, clientId, scopes, refreshToken, clientSecret, expiresOnParser, options = {}) {
|
|
419
391
|
if (refreshToken === undefined) {
|
|
420
392
|
return null;
|
|
421
393
|
}
|
|
422
394
|
logger$k.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
|
|
423
|
-
const { span, updatedOptions } = createSpan("IdentityClient-refreshAccessToken", options);
|
|
424
395
|
const refreshParams = {
|
|
425
396
|
grant_type: "refresh_token",
|
|
426
397
|
client_id: clientId,
|
|
@@ -431,48 +402,39 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
431
402
|
refreshParams.client_secret = clientSecret;
|
|
432
403
|
}
|
|
433
404
|
const query = new URLSearchParams(refreshParams);
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
const response = await this.sendTokenRequest(request, expiresOnParser);
|
|
448
|
-
logger$k.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
|
|
449
|
-
return response;
|
|
450
|
-
}
|
|
451
|
-
catch (err) {
|
|
452
|
-
if (err.name === AuthenticationErrorName &&
|
|
453
|
-
err.errorResponse.error === "interaction_required") {
|
|
454
|
-
// It's likely that the refresh token has expired, so
|
|
455
|
-
// return null so that the credential implementation will
|
|
456
|
-
// initiate the authentication flow again.
|
|
457
|
-
logger$k.info(`IdentityClient: interaction required for client ID: ${clientId}`);
|
|
458
|
-
span.setStatus({
|
|
459
|
-
code: coreTracing.SpanStatusCode.ERROR,
|
|
460
|
-
message: err.message,
|
|
405
|
+
return tracingClient.withSpan("IdentityClient.refreshAccessToken", options, async (updatedOptions) => {
|
|
406
|
+
try {
|
|
407
|
+
const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);
|
|
408
|
+
const request = coreRestPipeline.createPipelineRequest({
|
|
409
|
+
url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,
|
|
410
|
+
method: "POST",
|
|
411
|
+
body: query.toString(),
|
|
412
|
+
abortSignal: options.abortSignal,
|
|
413
|
+
headers: coreRestPipeline.createHttpHeaders({
|
|
414
|
+
Accept: "application/json",
|
|
415
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
|
416
|
+
}),
|
|
417
|
+
tracingOptions: updatedOptions.tracingOptions,
|
|
461
418
|
});
|
|
462
|
-
|
|
419
|
+
const response = await this.sendTokenRequest(request, expiresOnParser);
|
|
420
|
+
logger$k.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
|
|
421
|
+
return response;
|
|
463
422
|
}
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
423
|
+
catch (err) {
|
|
424
|
+
if (err.name === AuthenticationErrorName &&
|
|
425
|
+
err.errorResponse.error === "interaction_required") {
|
|
426
|
+
// It's likely that the refresh token has expired, so
|
|
427
|
+
// return null so that the credential implementation will
|
|
428
|
+
// initiate the authentication flow again.
|
|
429
|
+
logger$k.info(`IdentityClient: interaction required for client ID: ${clientId}`);
|
|
430
|
+
return null;
|
|
431
|
+
}
|
|
432
|
+
else {
|
|
433
|
+
logger$k.warning(`IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`);
|
|
434
|
+
throw err;
|
|
435
|
+
}
|
|
471
436
|
}
|
|
472
|
-
}
|
|
473
|
-
finally {
|
|
474
|
-
span.end();
|
|
475
|
-
}
|
|
437
|
+
});
|
|
476
438
|
}
|
|
477
439
|
// Here is a custom layer that allows us to abort requests that go through MSAL,
|
|
478
440
|
// since MSAL doesn't allow us to pass options all the way through.
|
|
@@ -1438,42 +1400,38 @@ class ChainedTokenCredential {
|
|
|
1438
1400
|
* @param options - The options used to configure any requests this
|
|
1439
1401
|
* `TokenCredential` implementation might make.
|
|
1440
1402
|
*/
|
|
1441
|
-
async getToken(scopes, options) {
|
|
1403
|
+
async getToken(scopes, options = {}) {
|
|
1442
1404
|
let token = null;
|
|
1443
1405
|
let successfulCredentialName = "";
|
|
1444
1406
|
const errors = [];
|
|
1445
|
-
|
|
1446
|
-
|
|
1447
|
-
|
|
1448
|
-
|
|
1449
|
-
|
|
1450
|
-
}
|
|
1451
|
-
catch (err) {
|
|
1452
|
-
if (err.name === "CredentialUnavailableError" ||
|
|
1453
|
-
err.name === "AuthenticationRequiredError") {
|
|
1454
|
-
errors.push(err);
|
|
1407
|
+
return tracingClient.withSpan("ChainedTokenCredential.getToken", options, async (updatedOptions) => {
|
|
1408
|
+
for (let i = 0; i < this._sources.length && token === null; i++) {
|
|
1409
|
+
try {
|
|
1410
|
+
token = await this._sources[i].getToken(scopes, updatedOptions);
|
|
1411
|
+
successfulCredentialName = this._sources[i].constructor.name;
|
|
1455
1412
|
}
|
|
1456
|
-
|
|
1457
|
-
|
|
1458
|
-
|
|
1413
|
+
catch (err) {
|
|
1414
|
+
if (err.name === "CredentialUnavailableError" ||
|
|
1415
|
+
err.name === "AuthenticationRequiredError") {
|
|
1416
|
+
errors.push(err);
|
|
1417
|
+
}
|
|
1418
|
+
else {
|
|
1419
|
+
logger$i.getToken.info(formatError(scopes, err));
|
|
1420
|
+
throw err;
|
|
1421
|
+
}
|
|
1459
1422
|
}
|
|
1460
1423
|
}
|
|
1461
|
-
|
|
1462
|
-
|
|
1463
|
-
|
|
1464
|
-
|
|
1465
|
-
|
|
1466
|
-
|
|
1467
|
-
|
|
1468
|
-
|
|
1469
|
-
|
|
1470
|
-
|
|
1471
|
-
|
|
1472
|
-
logger$i.getToken.info(`Result for ${successfulCredentialName}: ${formatSuccess(scopes)}`);
|
|
1473
|
-
if (token === null) {
|
|
1474
|
-
throw new CredentialUnavailableError("Failed to retrieve a valid token");
|
|
1475
|
-
}
|
|
1476
|
-
return token;
|
|
1424
|
+
if (!token && errors.length > 0) {
|
|
1425
|
+
const err = new AggregateAuthenticationError(errors, "ChainedTokenCredential authentication failed.");
|
|
1426
|
+
logger$i.getToken.info(formatError(scopes, err));
|
|
1427
|
+
throw err;
|
|
1428
|
+
}
|
|
1429
|
+
logger$i.getToken.info(`Result for ${successfulCredentialName}: ${formatSuccess(scopes)}`);
|
|
1430
|
+
if (token === null) {
|
|
1431
|
+
throw new CredentialUnavailableError("Failed to retrieve a valid token");
|
|
1432
|
+
}
|
|
1433
|
+
return token;
|
|
1434
|
+
});
|
|
1477
1435
|
}
|
|
1478
1436
|
}
|
|
1479
1437
|
|
|
@@ -1574,7 +1532,7 @@ class AzureCliCredential {
|
|
|
1574
1532
|
* @param options - The options used to configure any requests this
|
|
1575
1533
|
* TokenCredential implementation might make.
|
|
1576
1534
|
*/
|
|
1577
|
-
async getToken(scopes, options) {
|
|
1535
|
+
async getToken(scopes, options = {}) {
|
|
1578
1536
|
const tenantId = processMultiTenantRequest(this.tenantId, options);
|
|
1579
1537
|
if (tenantId) {
|
|
1580
1538
|
checkTenantId(logger$h, tenantId);
|
|
@@ -1584,46 +1542,43 @@ class AzureCliCredential {
|
|
|
1584
1542
|
ensureValidScope(scope, logger$h);
|
|
1585
1543
|
const resource = getScopeResource(scope);
|
|
1586
1544
|
let responseData = "";
|
|
1587
|
-
|
|
1588
|
-
|
|
1589
|
-
|
|
1590
|
-
|
|
1591
|
-
|
|
1592
|
-
|
|
1593
|
-
|
|
1594
|
-
|
|
1545
|
+
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
|
|
1546
|
+
try {
|
|
1547
|
+
const obj = await cliCredentialInternals.getAzureCliAccessToken(resource, tenantId);
|
|
1548
|
+
if (obj.stderr) {
|
|
1549
|
+
const isLoginError = obj.stderr.match("(.*)az login(.*)");
|
|
1550
|
+
const isNotInstallError = obj.stderr.match("az:(.*)not found") || obj.stderr.startsWith("'az' is not recognized");
|
|
1551
|
+
if (isNotInstallError) {
|
|
1552
|
+
const error = new CredentialUnavailableError("Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
|
|
1553
|
+
logger$h.getToken.info(formatError(scopes, error));
|
|
1554
|
+
throw error;
|
|
1555
|
+
}
|
|
1556
|
+
else if (isLoginError) {
|
|
1557
|
+
const error = new CredentialUnavailableError("Please run 'az login' from a command prompt to authenticate before using this credential.");
|
|
1558
|
+
logger$h.getToken.info(formatError(scopes, error));
|
|
1559
|
+
throw error;
|
|
1560
|
+
}
|
|
1561
|
+
const error = new CredentialUnavailableError(obj.stderr);
|
|
1595
1562
|
logger$h.getToken.info(formatError(scopes, error));
|
|
1596
1563
|
throw error;
|
|
1597
1564
|
}
|
|
1598
|
-
else
|
|
1599
|
-
|
|
1600
|
-
|
|
1601
|
-
|
|
1565
|
+
else {
|
|
1566
|
+
responseData = obj.stdout;
|
|
1567
|
+
const response = JSON.parse(responseData);
|
|
1568
|
+
logger$h.getToken.info(formatSuccess(scopes));
|
|
1569
|
+
const returnValue = {
|
|
1570
|
+
token: response.accessToken,
|
|
1571
|
+
expiresOnTimestamp: new Date(response.expiresOn).getTime(),
|
|
1572
|
+
};
|
|
1573
|
+
return returnValue;
|
|
1602
1574
|
}
|
|
1603
|
-
|
|
1575
|
+
}
|
|
1576
|
+
catch (err) {
|
|
1577
|
+
const error = new Error(err.message || "Unknown error while trying to retrieve the access token");
|
|
1604
1578
|
logger$h.getToken.info(formatError(scopes, error));
|
|
1605
1579
|
throw error;
|
|
1606
1580
|
}
|
|
1607
|
-
|
|
1608
|
-
responseData = obj.stdout;
|
|
1609
|
-
const response = JSON.parse(responseData);
|
|
1610
|
-
logger$h.getToken.info(formatSuccess(scopes));
|
|
1611
|
-
const returnValue = {
|
|
1612
|
-
token: response.accessToken,
|
|
1613
|
-
expiresOnTimestamp: new Date(response.expiresOn).getTime(),
|
|
1614
|
-
};
|
|
1615
|
-
return returnValue;
|
|
1616
|
-
}
|
|
1617
|
-
}
|
|
1618
|
-
catch (err) {
|
|
1619
|
-
const error = new Error(err.message || "Unknown error while trying to retrieve the access token");
|
|
1620
|
-
span.setStatus({
|
|
1621
|
-
code: coreTracing.SpanStatusCode.ERROR,
|
|
1622
|
-
message: error.message,
|
|
1623
|
-
});
|
|
1624
|
-
logger$h.getToken.info(formatError(scopes, error));
|
|
1625
|
-
throw error;
|
|
1626
|
-
}
|
|
1581
|
+
});
|
|
1627
1582
|
}
|
|
1628
1583
|
}
|
|
1629
1584
|
|
|
@@ -1786,7 +1741,7 @@ class AzurePowerShellCredential {
|
|
|
1786
1741
|
* @param options - The options used to configure any requests this TokenCredential implementation might make.
|
|
1787
1742
|
*/
|
|
1788
1743
|
async getToken(scopes, options = {}) {
|
|
1789
|
-
return
|
|
1744
|
+
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
|
|
1790
1745
|
const tenantId = processMultiTenantRequest(this.tenantId, options);
|
|
1791
1746
|
if (tenantId) {
|
|
1792
1747
|
checkTenantId(logger$g, tenantId);
|
|
@@ -1891,7 +1846,7 @@ class ClientSecretCredential {
|
|
|
1891
1846
|
* TokenCredential implementation might make.
|
|
1892
1847
|
*/
|
|
1893
1848
|
async getToken(scopes, options = {}) {
|
|
1894
|
-
return
|
|
1849
|
+
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
|
|
1895
1850
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
1896
1851
|
return this.msalFlow.getToken(arrayScopes, newOptions);
|
|
1897
1852
|
});
|
|
@@ -2029,7 +1984,7 @@ class ClientCertificateCredential {
|
|
|
2029
1984
|
* TokenCredential implementation might make.
|
|
2030
1985
|
*/
|
|
2031
1986
|
async getToken(scopes, options = {}) {
|
|
2032
|
-
return
|
|
1987
|
+
return tracingClient.withSpan(`${credentialName$2}.getToken`, options, async (newOptions) => {
|
|
2033
1988
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
2034
1989
|
return this.msalFlow.getToken(arrayScopes, newOptions);
|
|
2035
1990
|
});
|
|
@@ -2109,7 +2064,7 @@ class UsernamePasswordCredential {
|
|
|
2109
2064
|
* TokenCredential implementation might make.
|
|
2110
2065
|
*/
|
|
2111
2066
|
async getToken(scopes, options = {}) {
|
|
2112
|
-
return
|
|
2067
|
+
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
|
|
2113
2068
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
2114
2069
|
return this.msalFlow.getToken(arrayScopes, newOptions);
|
|
2115
2070
|
});
|
|
@@ -2193,7 +2148,7 @@ class EnvironmentCredential {
|
|
|
2193
2148
|
* @param options - Optional parameters. See {@link GetTokenOptions}.
|
|
2194
2149
|
*/
|
|
2195
2150
|
async getToken(scopes, options = {}) {
|
|
2196
|
-
return
|
|
2151
|
+
return tracingClient.withSpan(`${credentialName$1}.getToken`, options, async (newOptions) => {
|
|
2197
2152
|
if (this._credential) {
|
|
2198
2153
|
try {
|
|
2199
2154
|
const result = await this._credential.getToken(scopes, newOptions);
|
|
@@ -2466,14 +2421,12 @@ const imdsMsiRetryConfig = {
|
|
|
2466
2421
|
* Defines how to determine whether the Azure IMDS MSI is available, and also how to retrieve a token from the Azure IMDS MSI.
|
|
2467
2422
|
*/
|
|
2468
2423
|
const imdsMsi = {
|
|
2469
|
-
async isAvailable({ scopes, identityClient, clientId, resourceId, getTokenOptions, }) {
|
|
2470
|
-
var _a, _b;
|
|
2424
|
+
async isAvailable({ scopes, identityClient, clientId, resourceId, getTokenOptions = {}, }) {
|
|
2471
2425
|
const resource = mapScopesToResource(scopes);
|
|
2472
2426
|
if (!resource) {
|
|
2473
2427
|
logger$9.info(`${msiName$4}: Unavailable. Multiple scopes are not supported.`);
|
|
2474
2428
|
return false;
|
|
2475
2429
|
}
|
|
2476
|
-
const { span, updatedOptions: options } = createSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions);
|
|
2477
2430
|
// if the PodIdentityEndpoint environment variable was set no need to probe the endpoint, it can be assumed to exist
|
|
2478
2431
|
if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {
|
|
2479
2432
|
return true;
|
|
@@ -2485,53 +2438,45 @@ const imdsMsi = {
|
|
|
2485
2438
|
skipMetadataHeader: true,
|
|
2486
2439
|
skipQuery: true,
|
|
2487
2440
|
});
|
|
2488
|
-
|
|
2489
|
-
|
|
2490
|
-
|
|
2491
|
-
// not having a "Metadata" header should cause an error to be
|
|
2492
|
-
// returned quickly from the endpoint, proving its availability.
|
|
2493
|
-
const request = coreRestPipeline.createPipelineRequest(requestOptions);
|
|
2494
|
-
request.timeout = (_b = (_a = options.requestOptions) === null || _a === void 0 ? void 0 : _a.timeout) !== null && _b !== void 0 ? _b : 300;
|
|
2495
|
-
// This MSI uses the imdsEndpoint to get the token, which only uses http://
|
|
2496
|
-
request.allowInsecureConnection = true;
|
|
2441
|
+
return tracingClient.withSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions, async (options) => {
|
|
2442
|
+
var _a, _b;
|
|
2443
|
+
requestOptions.tracingOptions = options.tracingOptions;
|
|
2497
2444
|
try {
|
|
2498
|
-
|
|
2499
|
-
|
|
2445
|
+
// Create a request with a timeout since we expect that
|
|
2446
|
+
// not having a "Metadata" header should cause an error to be
|
|
2447
|
+
// returned quickly from the endpoint, proving its availability.
|
|
2448
|
+
const request = coreRestPipeline.createPipelineRequest(requestOptions);
|
|
2449
|
+
request.timeout = (_b = (_a = options.requestOptions) === null || _a === void 0 ? void 0 : _a.timeout) !== null && _b !== void 0 ? _b : 300;
|
|
2450
|
+
// This MSI uses the imdsEndpoint to get the token, which only uses http://
|
|
2451
|
+
request.allowInsecureConnection = true;
|
|
2452
|
+
try {
|
|
2453
|
+
logger$9.info(`${msiName$4}: Pinging the Azure IMDS endpoint`);
|
|
2454
|
+
await identityClient.sendRequest(request);
|
|
2455
|
+
}
|
|
2456
|
+
catch (err) {
|
|
2457
|
+
if ((err.name === "RestError" && err.code === coreRestPipeline.RestError.REQUEST_SEND_ERROR) ||
|
|
2458
|
+
err.name === "AbortError" ||
|
|
2459
|
+
err.code === "ENETUNREACH" || // Network unreachable
|
|
2460
|
+
err.code === "ECONNREFUSED" || // connection refused
|
|
2461
|
+
err.code === "EHOSTDOWN" // host is down
|
|
2462
|
+
) {
|
|
2463
|
+
// If the request failed, or Node.js was unable to establish a connection,
|
|
2464
|
+
// or the host was down, we'll assume the IMDS endpoint isn't available.
|
|
2465
|
+
logger$9.info(`${msiName$4}: The Azure IMDS endpoint is unavailable`);
|
|
2466
|
+
return false;
|
|
2467
|
+
}
|
|
2468
|
+
}
|
|
2469
|
+
// If we received any response, the endpoint is available
|
|
2470
|
+
logger$9.info(`${msiName$4}: The Azure IMDS endpoint is available`);
|
|
2471
|
+
return true;
|
|
2500
2472
|
}
|
|
2501
2473
|
catch (err) {
|
|
2502
|
-
|
|
2503
|
-
|
|
2504
|
-
|
|
2505
|
-
|
|
2506
|
-
err.code === "EHOSTDOWN" // host is down
|
|
2507
|
-
) {
|
|
2508
|
-
// If the request failed, or Node.js was unable to establish a connection,
|
|
2509
|
-
// or the host was down, we'll assume the IMDS endpoint isn't available.
|
|
2510
|
-
logger$9.info(`${msiName$4}: The Azure IMDS endpoint is unavailable`);
|
|
2511
|
-
span.setStatus({
|
|
2512
|
-
code: coreTracing.SpanStatusCode.ERROR,
|
|
2513
|
-
message: err.message,
|
|
2514
|
-
});
|
|
2515
|
-
return false;
|
|
2516
|
-
}
|
|
2474
|
+
// createWebResource failed.
|
|
2475
|
+
// This error should bubble up to the user.
|
|
2476
|
+
logger$9.info(`${msiName$4}: Error when creating the WebResource for the Azure IMDS endpoint: ${err.message}`);
|
|
2477
|
+
throw err;
|
|
2517
2478
|
}
|
|
2518
|
-
|
|
2519
|
-
logger$9.info(`${msiName$4}: The Azure IMDS endpoint is available`);
|
|
2520
|
-
return true;
|
|
2521
|
-
}
|
|
2522
|
-
catch (err) {
|
|
2523
|
-
// createWebResource failed.
|
|
2524
|
-
// This error should bubble up to the user.
|
|
2525
|
-
logger$9.info(`${msiName$4}: Error when creating the WebResource for the Azure IMDS endpoint: ${err.message}`);
|
|
2526
|
-
span.setStatus({
|
|
2527
|
-
code: coreTracing.SpanStatusCode.ERROR,
|
|
2528
|
-
message: err.message,
|
|
2529
|
-
});
|
|
2530
|
-
throw err;
|
|
2531
|
-
}
|
|
2532
|
-
finally {
|
|
2533
|
-
span.end();
|
|
2534
|
-
}
|
|
2479
|
+
});
|
|
2535
2480
|
},
|
|
2536
2481
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2537
2482
|
const { identityClient, scopes, clientId, resourceId } = configuration;
|
|
@@ -2979,7 +2924,7 @@ class ManagedIdentityCredential {
|
|
|
2979
2924
|
throw new CredentialUnavailableError(`${ManagedIdentityCredential.name} - No MSI credential available`);
|
|
2980
2925
|
}
|
|
2981
2926
|
async authenticateManagedIdentity(scopes, getTokenOptions) {
|
|
2982
|
-
const { span, updatedOptions } =
|
|
2927
|
+
const { span, updatedOptions } = tracingClient.startSpan(`${ManagedIdentityCredential.name}.authenticateManagedIdentity`, getTokenOptions);
|
|
2983
2928
|
try {
|
|
2984
2929
|
// Determining the available MSI, and avoiding checking for other MSIs while the program is running.
|
|
2985
2930
|
const availableMSI = await this.cachedAvailableMSI(scopes, updatedOptions);
|
|
@@ -2992,8 +2937,8 @@ class ManagedIdentityCredential {
|
|
|
2992
2937
|
}
|
|
2993
2938
|
catch (err) {
|
|
2994
2939
|
span.setStatus({
|
|
2995
|
-
|
|
2996
|
-
|
|
2940
|
+
status: "error",
|
|
2941
|
+
error: err,
|
|
2997
2942
|
});
|
|
2998
2943
|
throw err;
|
|
2999
2944
|
}
|
|
@@ -3012,7 +2957,7 @@ class ManagedIdentityCredential {
|
|
|
3012
2957
|
*/
|
|
3013
2958
|
async getToken(scopes, options) {
|
|
3014
2959
|
let result = null;
|
|
3015
|
-
const { span, updatedOptions } =
|
|
2960
|
+
const { span, updatedOptions } = tracingClient.startSpan(`${ManagedIdentityCredential.name}.getToken`, options);
|
|
3016
2961
|
try {
|
|
3017
2962
|
// isEndpointAvailable can be true, false, or null,
|
|
3018
2963
|
// If it's null, it means we don't yet know whether
|
|
@@ -3057,8 +3002,8 @@ class ManagedIdentityCredential {
|
|
|
3057
3002
|
// if the status code was 400, it means that the endpoint is working,
|
|
3058
3003
|
// but no identity is available.
|
|
3059
3004
|
span.setStatus({
|
|
3060
|
-
|
|
3061
|
-
|
|
3005
|
+
status: "error",
|
|
3006
|
+
error: err,
|
|
3062
3007
|
});
|
|
3063
3008
|
// If either the network is unreachable,
|
|
3064
3009
|
// we can safely assume the credential is unavailable.
|
|
@@ -3343,7 +3288,7 @@ class InteractiveBrowserCredential {
|
|
|
3343
3288
|
* TokenCredential implementation might make.
|
|
3344
3289
|
*/
|
|
3345
3290
|
async getToken(scopes, options = {}) {
|
|
3346
|
-
return
|
|
3291
|
+
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
|
|
3347
3292
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
3348
3293
|
return this.msalFlow.getToken(arrayScopes, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
|
|
3349
3294
|
});
|
|
@@ -3362,7 +3307,7 @@ class InteractiveBrowserCredential {
|
|
|
3362
3307
|
* TokenCredential implementation might make.
|
|
3363
3308
|
*/
|
|
3364
3309
|
async authenticate(scopes, options = {}) {
|
|
3365
|
-
return
|
|
3310
|
+
return tracingClient.withSpan(`${this.constructor.name}.authenticate`, options, async (newOptions) => {
|
|
3366
3311
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
3367
3312
|
await this.msalFlow.getToken(arrayScopes, newOptions);
|
|
3368
3313
|
return this.msalFlow.getActiveAccount();
|
|
@@ -3453,7 +3398,7 @@ class DeviceCodeCredential {
|
|
|
3453
3398
|
* TokenCredential implementation might make.
|
|
3454
3399
|
*/
|
|
3455
3400
|
async getToken(scopes, options = {}) {
|
|
3456
|
-
return
|
|
3401
|
+
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
|
|
3457
3402
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
3458
3403
|
return this.msalFlow.getToken(arrayScopes, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
|
|
3459
3404
|
});
|
|
@@ -3469,7 +3414,7 @@ class DeviceCodeCredential {
|
|
|
3469
3414
|
* TokenCredential implementation might make.
|
|
3470
3415
|
*/
|
|
3471
3416
|
async authenticate(scopes, options = {}) {
|
|
3472
|
-
return
|
|
3417
|
+
return tracingClient.withSpan(`${this.constructor.name}.authenticate`, options, async (newOptions) => {
|
|
3473
3418
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
3474
3419
|
await this.msalFlow.getToken(arrayScopes, newOptions);
|
|
3475
3420
|
return this.msalFlow.getActiveAccount();
|
|
@@ -3560,7 +3505,7 @@ class AuthorizationCodeCredential {
|
|
|
3560
3505
|
* TokenCredential implementation might make.
|
|
3561
3506
|
*/
|
|
3562
3507
|
async getToken(scopes, options = {}) {
|
|
3563
|
-
return
|
|
3508
|
+
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
|
|
3564
3509
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
3565
3510
|
return this.msalFlow.getToken(arrayScopes, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
|
|
3566
3511
|
});
|
|
@@ -3645,7 +3590,7 @@ class OnBehalfOfCredential {
|
|
|
3645
3590
|
* @param options - The options used to configure the underlying network requests.
|
|
3646
3591
|
*/
|
|
3647
3592
|
async getToken(scopes, options = {}) {
|
|
3648
|
-
return
|
|
3593
|
+
return tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {
|
|
3649
3594
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
3650
3595
|
return this.msalFlow.getToken(arrayScopes, newOptions);
|
|
3651
3596
|
});
|