npm - @azure/identity - Versions diffs - 3.2.0-alpha.20230227.4 → 3.2.0-alpha.20230302.1 - Mend

@azure/identity 3.2.0-alpha.20230227.4 → 3.2.0-alpha.20230302.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (29) hide show

package/dist-esm/src/credentials/workloadIdentityCredential.js CHANGED Viewed

@@ -2,6 +2,23 @@
 // Licensed under the MIT license.
 import { ClientAssertionCredential } from "./clientAssertionCredential";
 import { readFile } from "fs/promises";
+import { CredentialUnavailableError } from "../errors";
+import { credentialLogger, processEnvVars } from "../util/logging";
+import { checkTenantId } from "../util/tenantIdUtils";
+const credentialName = "WorkloadIdentityCredential";
+/**
+ * Contains the list of all supported environment variable names so that an
+ * appropriate error message can be generated when no credentials can be
+ * configured.
+ *
+ * @internal
+ */
+export const SupportedWorkloadEnvironmentVariables = [
+    "AZURE_TENANT_ID",
+    "AZURE_CLIENT_ID",
+    "AZURE_FEDERATED_TOKEN_FILE",
+];
+const logger = credentialLogger(credentialName);
 /**
  * WorkloadIdentityCredential supports Azure workload identity authentication on Kubernetes.
  * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Azure Active Directory Workload Identity</a>
@@ -9,18 +26,38 @@ import { readFile } from "fs/promises";
  */
 export class WorkloadIdentityCredential {
     /**
-     * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.
-     *
-     * @param options - The identity client options to use for authentication.
+     * @internal
+     * @hidden
      */
-    constructor(options = {}) {
+    constructor(options) {
         this.azureFederatedTokenFileContent = undefined;
         this.cacheDate = undefined;
-        if (!options.tenantId || !options.clientId || !options.federatedTokenFilePath) {
-            throw new Error("WorkloadIdentityCredential: tenantId, clientId, and federatedTokenFilePath are required parameters.");
+        const workloadIdentityCredentialOptions = options;
+        if (workloadIdentityCredentialOptions.clientId &&
+            workloadIdentityCredentialOptions.tenantId &&
+            workloadIdentityCredentialOptions.federatedTokenFilePath) {
+            const tenantId = workloadIdentityCredentialOptions.tenantId;
+            if (tenantId) {
+                checkTenantId(logger, tenantId);
+            }
+            this.federatedTokenFilePath = workloadIdentityCredentialOptions.federatedTokenFilePath;
+            logger.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`);
+            this.client = new ClientAssertionCredential(tenantId, workloadIdentityCredentialOptions.clientId, this.readFileContents.bind(this), options);
+        }
+        else {
+            // Keep track of any missing environment variables for error details
+            const assigned = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(", ");
+            logger.info(`Found the following environment variables: ${assigned}`);
+            const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, federatedTokenFilePath = process.env.AZURE_FEDERATED_TOKEN_FILE;
+            this.federatedTokenFilePath = federatedTokenFilePath;
+            if (tenantId) {
+                checkTenantId(logger, tenantId);
+            }
+            if (tenantId && clientId && federatedTokenFilePath) {
+                logger.info(`Invoking ClientAssertionCredential with the following environment variables tenant ID: ${tenantId}, clientId: ${clientId} and federatedTokenFilePath: [REDACTED]`);
+                this.client = new ClientAssertionCredential(tenantId, clientId, this.readFileContents.bind(this), options);
+            }
         }
-        this.federatedTokenFilePath = options.federatedTokenFilePath;
-        this.client = new ClientAssertionCredential(options.tenantId, options.clientId, this.readFileContents.bind(this), options);
     }
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
@@ -30,7 +67,17 @@ export class WorkloadIdentityCredential {
      * @param options - The options used to configure any requests this
      *                TokenCredential implementation might make.
      */
-    getToken(scopes, options) {
+    async getToken(scopes, options) {
+        if (!this.client) {
+            const errorMessage = `${credentialName}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters.
+      In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables -
+      "AZURE_TENANT_ID",
+      "AZURE_CLIENT_ID",
+      "AZURE_FEDERATED_TOKEN_FILE"`;
+            logger.info(errorMessage);
+            throw new CredentialUnavailableError(errorMessage);
+        }
+        logger.info("Invoking getToken() of Client Assertion Credential");
         return this.client.getToken(scopes, options);
     }
     async readFileContents() {
@@ -38,11 +85,14 @@ export class WorkloadIdentityCredential {
         if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {
             this.azureFederatedTokenFileContent = undefined;
         }
+        if (!this.federatedTokenFilePath) {
+            throw new CredentialUnavailableError(`${credentialName}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`);
+        }
         if (!this.azureFederatedTokenFileContent) {
             const file = await readFile(this.federatedTokenFilePath, "utf8");
             const value = file.trim();
             if (!value) {
-                throw new Error(`No content on the file ${this.federatedTokenFilePath}.`);
+                throw new CredentialUnavailableError(`${credentialName}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`);
             }
             else {
                 this.azureFederatedTokenFileContent = value;

package/dist-esm/src/credentials/workloadIdentityCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;~~AAExE~~,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;~~AAEvC~~;;;;GAIG;AACH,MAAM,OAAO,0BAA0B;~~IAMrC;;;;OAIG~~;IACH,~~YAAY~~,~~UAA6C,EAAE~~;~~QARnD~~,mCAA8B,GAAuB,SAAS,CAAC;QAC/D,cAAS,GAAuB,SAAS,CAAC;~~QAQhD~~,~~IAAI~~,CAAC,~~OAAO~~,CAAC,QAAQ,~~IAAI~~,CAAC,~~OAAO~~,CAAC,QAAQ,~~IAAI~~,CAAC,~~OAAO~~,CAAC,~~sBAAsB~~,EAAE;~~YAC7E~~,~~MAAM~~,~~IAAI~~,~~KAAK~~,~~CACb~~,~~qGAAqG~~,~~CACtG~~,CAAC;~~SACH~~;~~QAED~~,IAAI,CAAC,sBAAsB,GAAG,~~OAAO~~,CAAC,sBAAsB,CAAC;~~QAC7D~~,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,OAAO,CAAC,QAAQ,~~EAChB~~,OAAO,CAAC,QAAQ,~~EAChB~~,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,~~OAAO~~,~~CACR~~,CAAC;~~IACJ~~,CAAC;IAED;;;;;;;OAOG;~~IACH~~,~~QAAQ~~,CAAC,MAAyB,~~EAAE~~,OAAyB;~~QAC3D~~,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE;YAChF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;SACjD;QACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE;YACxC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE;gBACV,MAAM,IAAI,~~KAAK~~,~~CAAC~~,~~0BAA0B~~,IAAI,CAAC,sBAAsB,GAAG,~~CAAC~~,CAAC;~~aAC3E~~;iBAAM;gBACL,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;aAC7B;SACF;QACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;IAC7C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { ClientAssertionCredential } from \"./clientAssertionCredential\";\nimport { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions\";\nimport { readFile } from \"fs/promises\";\n\n/*\n WorkloadIdentityCredential supports Azure workload identity authentication on Kubernetes.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Azure Active Directory Workload Identity</a>\n * for more information.\n /\nexport class WorkloadIdentityCredential implements TokenCredential {\n private client: ClientAssertionCredential~~;\n private~~ ~~federatedTokenFilePath:~~ ~~string~~;\n private azureFederatedTokenFileContent: string \| undefined = undefined;\n private cacheDate: number \| undefined = undefined;\n\n /\n WorkloadIdentityCredential supports Azure workload identity on Kubernetes.\n \n @param options - The identity client options to use for authentication.\n /\n constructor(options: WorkloadIdentityCredentialOptions = {}) {\n if (!options~~.tenantId~~ \|\| ~~!options~~.clientId \|\| ~~!options~~.federatedTokenFilePath) {\n ~~throw~~ ~~new~~ ~~Error~~(\n \~~"WorkloadIdentityCredential~~: tenantId, clientId, and ~~federatedTokenFilePath~~ ~~are~~ ~~required~~ ~~parameters.\"~~\n );\n }\n\n this.federatedTokenFilePath = ~~options~~.federatedTokenFilePath;\n this.client = new ClientAssertionCredential(\n ~~options.~~tenantId,\n ~~options.~~clientId,\n this.readFileContents.bind(this),\n options\n );\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n getToken(scopes: string \| string[], options?: GetTokenOptions): Promise<AccessToken \| null> {\n return this.client.getToken(scopes, options);\n }\n\n private async readFileContents(): Promise<string> {\n // Cached assertions expire after 5 minutes\n if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 60 * 5) {\n this.azureFederatedTokenFileContent = undefined;\n }\n if (!this.azureFederatedTokenFileContent) {\n const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n const value = file.trim();\n if (!value) {\n throw new ~~Error~~(`No content on the file ${this.federatedTokenFilePath}.`);\n } else {\n this.azureFederatedTokenFileContent = value;\n this.cacheDate = Date.now();\n }\n }\n return this.azureFederatedTokenFileContent;\n }\n}\n"]}
1	+ {"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAKxE,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAChD;;;;GAIG;AACH,MAAM,OAAO,0BAA0B;IAqBrC;;;OAGG;IACH,YACE,OAAqF;QAxB/E,mCAA8B,GAAuB,SAAS,CAAC;QAC/D,cAAS,GAAuB,SAAS,CAAC;QAyBhD,MAAM,iCAAiC,GAAG,OAA4C,CAAC;QAEvF,IACE,iCAAiC,CAAC,QAAQ;YAC1C,iCAAiC,CAAC,QAAQ;YAC1C,iCAAiC,CAAC,sBAAsB,EACxD;YACA,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,CAAC;YAC5D,IAAI,QAAQ,EAAE;gBACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACjC;YACD,IAAI,CAAC,sBAAsB,GAAG,iCAAiC,CAAC,sBAAsB,CAAC;YACvF,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;YACF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,iCAAiC,CAAC,QAAQ,EAC1C,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,OAAO,CACR,CAAC;SACH;aAAM;YACL,oEAAoE;YACpE,MAAM,QAAQ,GAAG,cAAc,CAAC,qCAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3F,MAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;YAEtE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,sBAAsB,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;YAElE,IAAI,CAAC,sBAAsB,GAAG,sBAAsB,CAAC;YACrD,IAAI,QAAQ,EAAE;gBACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACjC;YAED,IAAI,QAAQ,IAAI,QAAQ,IAAI,sBAAsB,EAAE;gBAClD,MAAM,CAAC,IAAI,CACT,0FAA0F,QAAQ,eAAe,QAAQ,yCAAyC,CACnK,CAAC;gBACF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,OAAmD,CACpD,CAAC;aACH;SACF;IACH,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,MAAM,YAAY,GAAG,GAAG,cAAc;;;;mCAIT,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,MAAM,IAAI,0BAA0B,CAAC,YAAY,CAAC,CAAC;SACpD;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE;YAChF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;SACjD;QACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE;YAChC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,gDAAgD,IAAI,CAAC,sBAAsB,GAAG,CAChG,CAAC;SACH;QACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE;YACxC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE;gBACV,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,4CAA4C,IAAI,CAAC,sBAAsB,GAAG,CAC5F,CAAC;aACH;iBAAM;gBACL,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;aAC7B;SACF;QACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;IAC7C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { ClientAssertionCredential } from \"./clientAssertionCredential\";\nimport {\n WorkloadIdentityCredentialOptions,\n WorkloadIdentityDefaultCredentialOptions,\n} from \"./workloadIdentityCredentialOptions\";\nimport { readFile } from \"fs/promises\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { credentialLogger, processEnvVars } from \"../util/logging\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/*\n Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n \n @internal\n /\nexport const SupportedWorkloadEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\",\n];\nconst logger = credentialLogger(credentialName);\n/\n WorkloadIdentityCredential supports Azure workload identity authentication on Kubernetes.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Azure Active Directory Workload Identity</a>\n * for more information.\n /\nexport class WorkloadIdentityCredential implements TokenCredential {\n private client: ClientAssertionCredential \| undefined;\n private azureFederatedTokenFileContent: string \| undefined = undefined;\n private cacheDate: number \| undefined = undefined;\n private federatedTokenFilePath: string \| undefined;\n\n /\n WorkloadIdentityCredential supports Azure workload identity on Kubernetes.\n \n @param options - The identity client options to use for authentication.\n /\n constructor(options: WorkloadIdentityCredentialOptions);\n\n /\n @internal\n * @hidden\n * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.\n \n @param options - The identity client options to use for authentication.\n /\n constructor(options?: WorkloadIdentityDefaultCredentialOptions);\n /\n @internal\n * @hidden\n /\n constructor(\n options: WorkloadIdentityDefaultCredentialOptions \| WorkloadIdentityCredentialOptions\n ) {\n const workloadIdentityCredentialOptions = options as WorkloadIdentityCredentialOptions;\n\n if (\n workloadIdentityCredentialOptions.clientId &&\n workloadIdentityCredentialOptions.tenantId &&\n workloadIdentityCredentialOptions.federatedTokenFilePath\n ) {\n const tenantId = workloadIdentityCredentialOptions.tenantId;\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n this.federatedTokenFilePath = workloadIdentityCredentialOptions.federatedTokenFilePath;\n logger.info(\n `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`\n );\n this.client = new ClientAssertionCredential(\n tenantId,\n workloadIdentityCredentialOptions.clientId,\n this.readFileContents.bind(this),\n options\n );\n } else {\n // Keep track of any missing environment variables for error details\n const assigned = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assigned}`);\n\n const tenantId = process.env.AZURE_TENANT_ID,\n clientId = process.env.AZURE_CLIENT_ID,\n federatedTokenFilePath = process.env.AZURE_FEDERATED_TOKEN_FILE;\n\n this.federatedTokenFilePath = federatedTokenFilePath;\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n\n if (tenantId && clientId && federatedTokenFilePath) {\n logger.info(\n `Invoking ClientAssertionCredential with the following environment variables tenant ID: ${tenantId}, clientId: ${clientId} and federatedTokenFilePath: [REDACTED]`\n );\n this.client = new ClientAssertionCredential(\n tenantId,\n clientId,\n this.readFileContents.bind(this),\n options as WorkloadIdentityDefaultCredentialOptions\n );\n }\n }\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n if (!this.client) {\n const errorMessage = `${credentialName}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters. \n In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\"`;\n logger.info(errorMessage);\n throw new CredentialUnavailableError(errorMessage);\n }\n logger.info(\"Invoking getToken() of Client Assertion Credential\");\n return this.client.getToken(scopes, options);\n }\n\n private async readFileContents(): Promise<string> {\n // Cached assertions expire after 5 minutes\n if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 60 * 5) {\n this.azureFederatedTokenFileContent = undefined;\n }\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`\n );\n }\n if (!this.azureFederatedTokenFileContent) {\n const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n const value = file.trim();\n if (!value) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`\n );\n } else {\n this.azureFederatedTokenFileContent = value;\n this.cacheDate = Date.now();\n }\n }\n return this.azureFederatedTokenFileContent;\n }\n}\n"]}

package/dist-esm/src/credentials/workloadIdentityCredentialOptions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"workloadIdentityCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/*\n Options for the {@link WorkloadIdentityCredential}\n /\nexport interface WorkloadIdentityCredentialOptions\n extends ~~MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions~~ {\n /\n ID of the application's Azure Active Directory tenant. Also called its directory ID.\n /\n tenantId?: string;\n /\n The client ID of an Azure AD app registration.\n /\n clientId?: string;\n /\n The path to a file containing a Kubernetes service account token that authenticates the identity.\n */\n federatedTokenFilePath?: string;\n}\n"]}
1	+ {"version":3,"file":"workloadIdentityCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential\";\n\n/*\n Options for the {@link WorkloadIdentityCredential}\n /\nexport interface WorkloadIdentityCredentialOptions\n extends WorkloadIdentityDefaultCredentialOptions {\n /\n ID of the application's Azure Active Directory tenant. Also called its directory ID.\n /\n tenantId: string;\n /\n The client ID of an Azure AD app registration.\n /\n clientId: string;\n /\n The path to a file containing a Kubernetes service account token that authenticates the identity.\n /\n federatedTokenFilePath: string;\n}\n\n/\n @internal\n * @hidden\n */\nexport interface WorkloadIdentityDefaultCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions {}\n"]}

package/dist-esm/src/util/processMultiTenantRequest.js CHANGED Viewed

@@ -1,5 +1,6 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
+import { CredentialUnavailableError } from "../errors";
 function createConfigurationErrorMessage(tenantId) {
     return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add "*" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;
 }
@@ -9,7 +10,7 @@ function createConfigurationErrorMessage(tenantId) {
  * or unless the original tenant Id is `adfs`.
  * @internal
  */
-export function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds = []) {
+export function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds = [], logger) {
     var _a;
     let resolvedTenantId;
     if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {
@@ -21,12 +22,15 @@ export function processMultiTenantRequest(tenantId, getTokenOptions, additionall
     else {
         resolvedTenantId = (_a = getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId) !== null && _a !== void 0 ? _a : tenantId;
     }
-    console.log(resolvedTenantId);
+    console.log("resolved tenant =", resolvedTenantId);
+    console.log("tenantId =", tenantId);
     if (tenantId &&
         resolvedTenantId !== tenantId &&
         !additionallyAllowedTenantIds.includes("*") &&
         !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId) === 0)) {
-        throw new Error(createConfigurationErrorMessage(tenantId));
+        const message = createConfigurationErrorMessage(tenantId);
+        logger === null || logger === void 0 ? void 0 : logger.info(message);
+        throw new CredentialUnavailableError(message);
     }
     return resolvedTenantId;
 }

package/dist-esm/src/util/processMultiTenantRequest.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"processMultiTenantRequest.js","sourceRoot":"","sources":["../../../src/util/processMultiTenantRequest.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;~~AAIlC~~,SAAS,+BAA+B,CAAC,QAAgB;IACvD,OAAO,yEAAyE,QAAQ,qMAAqM,CAAC;AAChS,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAiB,EACjB,eAAiC,EACjC,+BAAyC,EAAE;;~~IAE3C~~,IAAI,gBAAoC,CAAC;IACzC,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE;QACtD,gBAAgB,GAAG,QAAQ,CAAC;KAC7B;SAAM,IAAI,QAAQ,KAAK,MAAM,EAAE;QAC9B,gBAAgB,GAAG,QAAQ,CAAC;KAC7B;SAAM;QACL,gBAAgB,GAAG,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,mCAAI,QAAQ,CAAC;KAC1D;IACD,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;~~IAC9B~~,IACE,QAAQ;QACR,gBAAgB,KAAK,QAAQ;QAC7B,CAAC,4BAA4B,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC3C,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,gBAAiB,CAAC,KAAK,CAAC,CAAC,EACnF;QACA,MAAM,~~IAAI~~,~~KAAK,CAAC~~,+BAA+B,CAAC,QAAQ,CAAC,CAAC,CAAC;~~KAC5D~~;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\nfunction createConfigurationErrorMessage(tenantId: string): string {\n return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add \"\" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;\n}\n\n/\n Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n /\nexport function processMultiTenantRequest(\n tenantId?: string,\n getTokenOptions?: GetTokenOptions,\n additionallyAllowedTenantIds: string[] = []\n): string \| undefined {\n let resolvedTenantId: string \| undefined;\n if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {\n resolvedTenantId = tenantId;\n } else if (tenantId === \"adfs\") {\n resolvedTenantId = tenantId;\n } else {\n resolvedTenantId = getTokenOptions?.tenantId ?? tenantId;\n }\n console.log(resolvedTenantId);\n if (\n tenantId &&\n resolvedTenantId !== tenantId &&\n !additionallyAllowedTenantIds.includes(\"\") &&\n !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId!) === 0)\n ) {\n ~~throw~~ ~~new~~ ~~Error(~~createConfigurationErrorMessage(tenantId));\n }\n\n return resolvedTenantId;\n}\n"]}
1	+ {"version":3,"file":"processMultiTenantRequest.js","sourceRoot":"","sources":["../../../src/util/processMultiTenantRequest.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AAGvD,SAAS,+BAA+B,CAAC,QAAgB;IACvD,OAAO,yEAAyE,QAAQ,qMAAqM,CAAC;AAChS,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAiB,EACjB,eAAiC,EACjC,+BAAyC,EAAE,EAC3C,MAAyB;;IAEzB,IAAI,gBAAoC,CAAC;IACzC,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE;QACtD,gBAAgB,GAAG,QAAQ,CAAC;KAC7B;SAAM,IAAI,QAAQ,KAAK,MAAM,EAAE;QAC9B,gBAAgB,GAAG,QAAQ,CAAC;KAC7B;SAAM;QACL,gBAAgB,GAAG,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,mCAAI,QAAQ,CAAC;KAC1D;IACD,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IACpC,IACE,QAAQ;QACR,gBAAgB,KAAK,QAAQ;QAC7B,CAAC,4BAA4B,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC3C,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,gBAAiB,CAAC,KAAK,CAAC,CAAC,EACnF;QACA,MAAM,OAAO,GAAG,+BAA+B,CAAC,QAAQ,CAAC,CAAC;QAC1D,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACtB,MAAM,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;KAC/C;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { CredentialLogger } from \"./logging\";\n\nfunction createConfigurationErrorMessage(tenantId: string): string {\n return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add \"\" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;\n}\n\n/\n Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n /\nexport function processMultiTenantRequest(\n tenantId?: string,\n getTokenOptions?: GetTokenOptions,\n additionallyAllowedTenantIds: string[] = [],\n logger?: CredentialLogger\n): string \| undefined {\n let resolvedTenantId: string \| undefined;\n if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {\n resolvedTenantId = tenantId;\n } else if (tenantId === \"adfs\") {\n resolvedTenantId = tenantId;\n } else {\n resolvedTenantId = getTokenOptions?.tenantId ?? tenantId;\n }\n console.log(\"resolved tenant =\", resolvedTenantId);\n console.log(\"tenantId =\", tenantId);\n if (\n tenantId &&\n resolvedTenantId !== tenantId &&\n !additionallyAllowedTenantIds.includes(\"\") &&\n !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId!) === 0)\n ) {\n const message = createConfigurationErrorMessage(tenantId);\n logger?.info(message);\n throw new CredentialUnavailableError(message);\n }\n\n return resolvedTenantId;\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@azure/identity",
   "sdk-type": "client",
-  "version": "3.2.0-alpha.20230227.4",
+  "version": "3.2.0-alpha.20230302.1",
   "description": "Provides credential implementations for Azure SDK libraries that can authenticate with Azure Active Directory",
   "main": "dist/index.js",
   "module": "dist-esm/src/index.js",
@@ -122,7 +122,7 @@
     "uuid": "^8.3.0"
   },
   "devDependencies": {
-    "@azure-tools/test-recorder": "^2.0.0",
+    "@azure-tools/test-recorder": ">=3.0.0-alpha <3.0.0-alphb",
     "@azure/dev-tool": ">=1.0.0-alpha <1.0.0-alphb",
     "@azure/eslint-plugin-azure-sdk": ">=3.0.0-alpha <3.0.0-alphb",
     "@azure/keyvault-keys": "^4.2.0",

package/types/identity.d.ts CHANGED Viewed

@@ -657,6 +657,11 @@ export declare interface DefaultAzureCredentialClientIdOptions extends DefaultAz
      * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
      */
     managedIdentityClientId?: string;
+    /**
+     * Optionally pass in a user assigned client ID to be used by the {@link WorkloadIdentityCredential}.
+     * This client ID can also be passed through to the {@link WorkloadIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
+     */
+    workloadIdentityClientId?: string;
 }
 /**
@@ -1449,15 +1454,16 @@ export declare interface VisualStudioCodeCredentialOptions extends MultiTenantTo
  */
 export declare class WorkloadIdentityCredential implements TokenCredential {
     private client;
-    private federatedTokenFilePath;
     private azureFederatedTokenFileContent;
     private cacheDate;
+    private federatedTokenFilePath;
     /**
      * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.
      *
      * @param options - The identity client options to use for authentication.
      */
-    constructor(options?: WorkloadIdentityCredentialOptions);
+    constructor(options: WorkloadIdentityCredentialOptions);
+    /* Excluded from this release type: __constructor */
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -1473,19 +1479,21 @@ export declare class WorkloadIdentityCredential implements TokenCredential {
 /**
  * Options for the {@link WorkloadIdentityCredential}
  */
-export declare interface WorkloadIdentityCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
+export declare interface WorkloadIdentityCredentialOptions extends WorkloadIdentityDefaultCredentialOptions {
     /**
      * ID of the application's Azure Active Directory tenant. Also called its directory ID.
      */
-    tenantId?: string;
+    tenantId: string;
     /**
      * The client ID of an Azure AD app registration.
      */
-    clientId?: string;
+    clientId: string;
     /**
      * The path to a file containing a Kubernetes service account token that authenticates the identity.
      */
-    federatedTokenFilePath?: string;
+    federatedTokenFilePath: string;
 }
+/* Excluded from this release type: WorkloadIdentityDefaultCredentialOptions */
 export { }