@azure/identity 3.2.0-alpha.20230330.2 → 3.2.0-alpha.20230411.7

package/dist/index.js

@@ -473,7 +473,7 @@ class MsalBaseUtilities {
 }
 // transformations.ts
 function publicToMsal(account) {
-    const [environment] = account.authority.match(/([a-z]*\.[a-z]*\.[a-z]*)/) || [];
+    const [environment] = account.authority.match(/([a-z]*\.[a-z]*\.[a-z]*)/) || [""];
     return Object.assign(Object.assign({}, account), { localAccountId: account.homeAccountId, environment });
 }
 function msalToPublic(clientId, account) {
@@ -1993,37 +1993,28 @@ const logger$g = credentialLogger(credentialName$3);
  */
 class WorkloadIdentityCredential {
     /**
-     * @internal
-     * @hidden
+     * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.
+     *
+     * @param options - The identity client options to use for authentication.
      */
     constructor(options) {
         this.azureFederatedTokenFileContent = undefined;
         this.cacheDate = undefined;
+        // Logging environment variables for error details
+        const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(", ");
+        logger$g.info(`Found the following environment variables: ${assignedEnv}`);
         const workloadIdentityCredentialOptions = options;
-        if ((workloadIdentityCredentialOptions === null || workloadIdentityCredentialOptions === void 0 ? void 0 : workloadIdentityCredentialOptions.clientId) &&
-            (workloadIdentityCredentialOptions === null || workloadIdentityCredentialOptions === void 0 ? void 0 : workloadIdentityCredentialOptions.tenantId) &&
-            (workloadIdentityCredentialOptions === null || workloadIdentityCredentialOptions === void 0 ? void 0 : workloadIdentityCredentialOptions.federatedTokenFilePath)) {
-            const tenantId = workloadIdentityCredentialOptions.tenantId;
-            if (tenantId) {
-                checkTenantId(logger$g, tenantId);
-            }
-            this.federatedTokenFilePath = workloadIdentityCredentialOptions.federatedTokenFilePath;
-            logger$g.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`);
-            this.client = new ClientAssertionCredential(tenantId, workloadIdentityCredentialOptions.clientId, this.readFileContents.bind(this), options);
+        const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;
+        const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;
+        this.federatedTokenFilePath =
+            workloadIdentityCredentialOptions.federatedTokenFilePath ||
+                process.env.AZURE_FEDERATED_TOKEN_FILE;
+        if (tenantId) {
+            checkTenantId(logger$g, tenantId);
         }
-        else {
-            // Keep track of any missing environment variables for error details
-            const assigned = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(", ");
-            logger$g.info(`Found the following environment variables: ${assigned}`);
-            const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, federatedTokenFilePath = process.env.AZURE_FEDERATED_TOKEN_FILE;
-            this.federatedTokenFilePath = federatedTokenFilePath;
-            if (tenantId) {
-                checkTenantId(logger$g, tenantId);
-            }
-            if (tenantId && clientId && federatedTokenFilePath) {
-                logger$g.info(`Invoking ClientAssertionCredential with the following environment variables tenant ID: ${tenantId}, clientId: ${clientId} and federatedTokenFilePath: [REDACTED]`);
-                this.client = new ClientAssertionCredential(tenantId, clientId, this.readFileContents.bind(this), options);
-            }
+        if (clientId && tenantId && this.federatedTokenFilePath) {
+            logger$g.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`);
+            this.client = new ClientAssertionCredential(tenantId, clientId, this.readFileContents.bind(this), options);
         }
     }
     /**
@@ -3563,6 +3554,34 @@ class DefaultManagedIdentityCredential extends ManagedIdentityCredential {
         }
     }
 }
+/**
+ * A shim around WorkloadIdentityCredential that adapts it to accept
+ * `DefaultAzureCredentialOptions`.
+ *
+ * @internal
+ */
+class DefaultWorkloadIdentityCredential extends WorkloadIdentityCredential {
+    // Constructor overload with just the other default options
+    // Last constructor overload with Union of all options not required since the above two constructor overloads have optional properties
+    constructor(options) {
+        var _a, _b, _c;
+        const managedIdentityClientId = (_a = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _a !== void 0 ? _a : process.env.AZURE_CLIENT_ID;
+        const workloadIdentityClientId = (_b = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _b !== void 0 ? _b : managedIdentityClientId;
+        const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
+        const tenantId = (_c = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _c !== void 0 ? _c : process.env.AZURE_TENANT_ID;
+        if (workloadFile && workloadIdentityClientId) {
+            const workloadIdentityCredentialOptions = Object.assign(Object.assign({}, options), { tenantId, clientId: workloadIdentityClientId, federatedTokenFilePath: workloadFile });
+            super(workloadIdentityCredentialOptions);
+        }
+        else if (tenantId) {
+            const workloadIdentityClientTenantOptions = Object.assign(Object.assign({}, options), { tenantId });
+            super(workloadIdentityClientTenantOptions);
+        }
+        else {
+            super(options);
+        }
+    }
+}
 class DefaultAzureDeveloperCliCredential extends AzureDeveloperCliCredential {
     constructor(options) {
         super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.developerCredentialTimeOutInMs }, options));
@@ -3580,7 +3599,7 @@ class DefaultAzurePowershellCredential extends AzurePowerShellCredential {
 }
 const defaultCredentials = [
     EnvironmentCredential,
-    WorkloadIdentityCredential,
+    DefaultWorkloadIdentityCredential,
     DefaultManagedIdentityCredential,
     DefaultAzureDeveloperCliCredential,
     DefaultAzureCliCredential,
@@ -4135,6 +4154,7 @@ exports.AuthenticationErrorName = AuthenticationErrorName;
 exports.AuthenticationRequiredError = AuthenticationRequiredError;
 exports.AuthorizationCodeCredential = AuthorizationCodeCredential;
 exports.AzureCliCredential = AzureCliCredential;
+exports.AzureDeveloperCliCredential = AzureDeveloperCliCredential;
 exports.AzurePowerShellCredential = AzurePowerShellCredential;
 exports.ChainedTokenCredential = ChainedTokenCredential;
 exports.ClientAssertionCredential = ClientAssertionCredential;