@azure/identity 3.0.0-alpha.20220804.2 → 3.0.0-alpha.20220914.2

package/README.md

@@ -88,7 +88,7 @@ If interactive authentication cannot be supported in the session, then the `-Use
 
 #### Authenticate via Visual Studio Code
 
-Developers using Visual Studio Code can use the [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) to authenticate via the editor. Apps using `DefaultAzureCredential` or `VisualStudioCodeCredential` can then use this account to authenticate calls in their app when running locally.
+Developers using Visual Studio Code can use the [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) to authenticate via the editor. Apps using `VisualStudioCodeCredential` can then use this account to authenticate calls in their app when running locally.
 
 To authenticate in Visual Studio Code, ensure the Azure Account extension is installed. Once installed, open the **Command Palette** and run the **Azure: Sign In** command.
 
@@ -124,11 +124,13 @@ If used from Node.js, the `DefaultAzureCredential` will attempt to authenticate
 
 1. **Environment** - The `DefaultAzureCredential` will read account information specified via [environment variables](#environment-variables) and use it to authenticate.
 1. **Managed Identity** - If the application is deployed to an Azure host with Managed Identity enabled, the `DefaultAzureCredential` will authenticate with that account.
-1. **Visual Studio Code** - If the developer has authenticated with the [Visual Studio Code Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account), the `DefaultAzureCredential` will authenticate using that account.
-   - In `@azure/identity` version 2.0 or later, the [`@azure/identity-vscode`](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity-vscode) package must be installed for the Visual Studio Code authentication to work.
 1. **Azure CLI** - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.
 1. **Azure PowerShell** - If the developer has authenticated using the Azure PowerShell module `Connect-AzAccount` command, the `DefaultAzureCredential` will authenticate with that account.
 
+#### Note about `VisualStudioCodeCredential`
+
+Due to a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500), `VisualStudioCodeCredential` has been removed from the `DefaultAzureCredential` token chain. When the issue is resolved in a future release it will return.
+
 ## Plugins
 
 Azure Identity for JavaScript provides a plugin API that allows us to provide certain functionality through separate _plugin packages_. The `@azure/identity` package exports a top-level function (`useIdentityPlugin`) that can be used to enable a plugin. We provide two plugin packages:

package/dist/index.js

@@ -293,11 +293,15 @@ function credentialLoggerInstance(title, parent, log = logger$l) {
     function warning(message) {
         log.warning(`${fullTitle} =>`, message);
     }
+    function verbose(message) {
+        log.verbose(`${fullTitle} =>`, message);
+    }
     return {
         title,
         fullTitle,
         info,
         warning,
+        verbose,
     };
 }
 /**
@@ -1279,6 +1283,7 @@ class VisualStudioCodeCredential {
                 "You must install the identity-vscode plugin package (`npm install --save-dev @azure/identity-vscode`)",
                 "and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",
                 "`useIdentityPlugin(vsCodePlugin)` before creating a `VisualStudioCodeCredential`.",
+                "To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.",
             ].join(" "));
         }
         let scopeString = typeof scopes === "string" ? scopes : scopes.join(" ");
@@ -2470,48 +2475,43 @@ const imdsMsi = {
             skipQuery: true,
         });
         return tracingClient.withSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions, async (options) => {
-            var _a, _b;
+            var _a;
             requestOptions.tracingOptions = options.tracingOptions;
+            // Create a request with a timeout since we expect that
+            // not having a "Metadata" header should cause an error to be
+            // returned quickly from the endpoint, proving its availability.
+            const request = coreRestPipeline.createPipelineRequest(requestOptions);
+            // Default to 300 if the default of 0 is used.
+            // Negative values can still be used to disable the timeout.
+            request.timeout = ((_a = options.requestOptions) === null || _a === void 0 ? void 0 : _a.timeout) || 300;
+            // This MSI uses the imdsEndpoint to get the token, which only uses http://
+            request.allowInsecureConnection = true;
             try {
-                // Create a request with a timeout since we expect that
-                // not having a "Metadata" header should cause an error to be
-                // returned quickly from the endpoint, proving its availability.
-                const request = coreRestPipeline.createPipelineRequest(requestOptions);
-                request.timeout = (_b = (_a = options.requestOptions) === null || _a === void 0 ? void 0 : _a.timeout) !== null && _b !== void 0 ? _b : 300;
-                // This MSI uses the imdsEndpoint to get the token, which only uses http://
-                request.allowInsecureConnection = true;
-                try {
-                    logger$a.info(`${msiName$4}: Pinging the Azure IMDS endpoint`);
-                    await identityClient.sendRequest(request);
-                }
-                catch (err) {
-                    if ((err.name === "RestError" && err.code === coreRestPipeline.RestError.REQUEST_SEND_ERROR) ||
-                        err.name === "AbortError" ||
-                        err.code === "ENETUNREACH" || // Network unreachable
-                        err.code === "ECONNREFUSED" || // connection refused
-                        err.code === "EHOSTDOWN" // host is down
-                    ) {
-                        // If the request failed, or Node.js was unable to establish a connection,
-                        // or the host was down, we'll assume the IMDS endpoint isn't available.
-                        logger$a.info(`${msiName$4}: The Azure IMDS endpoint is unavailable`);
-                        return false;
-                    }
-                }
-                // If we received any response, the endpoint is available
-                logger$a.info(`${msiName$4}: The Azure IMDS endpoint is available`);
-                return true;
+                logger$a.info(`${msiName$4}: Pinging the Azure IMDS endpoint`);
+                await identityClient.sendRequest(request);
             }
             catch (err) {
-                // createWebResource failed.
-                // This error should bubble up to the user.
-                logger$a.info(`${msiName$4}: Error when creating the WebResource for the Azure IMDS endpoint: ${err.message}`);
-                throw err;
+                // If the request failed, or Node.js was unable to establish a connection,
+                // or the host was down, we'll assume the IMDS endpoint isn't available.
+                if (coreUtil.isError(err)) {
+                    logger$a.verbose(`${msiName$4}: Caught error ${err.name}: ${err.message}`);
+                }
+                logger$a.info(`${msiName$4}: The Azure IMDS endpoint is unavailable`);
+                return false;
             }
+            // If we received any response, the endpoint is available
+            logger$a.info(`${msiName$4}: The Azure IMDS endpoint is available`);
+            return true;
         });
     },
     async getToken(configuration, getTokenOptions = {}) {
         const { identityClient, scopes, clientId, resourceId } = configuration;
-        logger$a.info(`${msiName$4}: Using the Azure IMDS endpoint coming from the environment variable MSI_ENDPOINT=${process.env.MSI_ENDPOINT}, and using the cloud shell to proceed with the authentication.`);
+        if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {
+            logger$a.info(`${msiName$4}: Using the Azure IMDS endpoint coming from the environment variable AZURE_POD_IDENTITY_AUTHORITY_HOST=${process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST}.`);
+        }
+        else {
+            logger$a.info(`${msiName$4}: Using the default Azure IMDS endpoint ${imdsHost}.`);
+        }
         let nextDelayInMs = imdsMsiRetryConfig.startDelayInMs;
         for (let retries = 0; retries < imdsMsiRetryConfig.maxRetries; retries++) {
             try {
@@ -3103,7 +3103,6 @@ class DefaultManagedIdentityCredential extends ManagedIdentityCredential {
 const defaultCredentials = [
     EnvironmentCredential,
     DefaultManagedIdentityCredential,
-    VisualStudioCodeCredential,
     AzureCliCredential,
     AzurePowerShellCredential,
 ];