npm - @azure/identity - Versions diffs - 3.2.0-alpha.20230420.2 → 3.2.0-alpha.20230425.2 - Mend

@azure/identity 3.2.0-alpha.20230420.2 → 3.2.0-alpha.20230425.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (21) hide show

package/dist/index.js CHANGED Viewed

@@ -1970,9 +1970,18 @@ const SupportedWorkloadEnvironmentVariables = [
 ];
 const logger$g = credentialLogger(credentialName$3);
 /**
- * WorkloadIdentityCredential supports Azure workload identity authentication on Kubernetes.
- * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Azure Active Directory Workload Identity</a>
- * for more information.
+ * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)
+ * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity
+ * authentication, applications authenticate themselves using their own identity, rather than using a shared service
+ * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account
+ * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload
+ * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for
+ * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't
+ * need to worry about storing and securing sensitive credentials themselves.
+ * The WorkloadIdentityCredential supports Azure workload identity authentication on Azure Kubernetes and acquires
+ * a token using the SACs available in the Azure Kubernetes environment.
+ * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Azure Active Directory
+ * Workload Identity</a> for more information.
  */
 class WorkloadIdentityCredential {
     /**
@@ -1990,8 +1999,7 @@ class WorkloadIdentityCredential {
         const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;
         const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;
         this.federatedTokenFilePath =
-            workloadIdentityCredentialOptions.federatedTokenFilePath ||
-                process.env.AZURE_FEDERATED_TOKEN_FILE;
+            workloadIdentityCredentialOptions.tokenFilePath || process.env.AZURE_FEDERATED_TOKEN_FILE;
         if (tenantId) {
             checkTenantId(logger$g, tenantId);
         }
@@ -2014,7 +2022,7 @@ class WorkloadIdentityCredential {
       In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables -
       "AZURE_TENANT_ID",
       "AZURE_CLIENT_ID",
-      "AZURE_FEDERATED_TOKEN_FILE"`;
+      "AZURE_FEDERATED_TOKEN_FILE". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot  `;
             logger$g.info(errorMessage);
             throw new CredentialUnavailableError(errorMessage);
         }
@@ -2066,7 +2074,7 @@ function tokenExchangeMsi() {
         async getToken(configuration, getTokenOptions = {}) {
             const { scopes, clientId } = configuration;
             const identityClientTokenCredentialOptions = {};
-            const workloadIdentityCredential = new WorkloadIdentityCredential(Object.assign(Object.assign({ clientId, tenantId: process.env.AZURE_TENANT_ID, federatedTokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE }, identityClientTokenCredentialOptions), { disableInstanceDiscovery: true }));
+            const workloadIdentityCredential = new WorkloadIdentityCredential(Object.assign(Object.assign({ clientId, tenantId: process.env.AZURE_TENANT_ID, tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE }, identityClientTokenCredentialOptions), { disableAuthorityValidationAndInstanceDiscovery: true }));
             const token = await workloadIdentityCredential.getToken(scopes, getTokenOptions);
             return token;
         },
@@ -3419,17 +3427,36 @@ const developerCliCredentialInternals = {
 };
 const logger$4 = credentialLogger("AzureDeveloperCliCredential");
 /**
- * This credential will use the currently logged-in user login information
- * via the Azure Developer CLI ('az') commandline tool.
- * To do so, it will read the user access token and expire time
- * with Azure Developer CLI command "azd auth token".
+ * Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
+ * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
+ * to Azure developers. It allows users to authenticate as a user and/or a service principal against
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * </a>. The AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
+ * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
+ * service principal and executes an Azure CLI command underneath to authenticate the application against
+ * Azure Active Directory.
+ *
+ * <h2> Configure AzureDeveloperCliCredential </h2>
+ *
+ * To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the
+ * commands below:
+ *
+ * <ol>
+ *     <li>Run "azd auth login" in Azure Developer CLI to authenticate interactively as a user.</li>
+ *     <li>Run "azd auth login --client-id clientID --client-secret clientSecret
+ *     --tenant-id tenantID" to authenticate as a service principal.</li>
+ * </ol>
+ *
+ * You may need to repeat this process after a certain time period, depending on the refresh token validity in your
+ * organization. Generally, the refresh token validity period is a few weeks to a few months.
+ * AzureDeveloperCliCredential will prompt you to sign in again.
  */
 class AzureDeveloperCliCredential {
     /**
      * Creates an instance of the {@link AzureDeveloperCliCredential}.
      *
      * To use this credential, ensure that you have already logged
-     * in via the 'azd' tool using the command "azd login" from the commandline.
+     * in via the 'azd' tool using the command "azd auth login" from the commandline.
      *
      * @param options - Options, to optionally allow multi-tenant requests.
      */
@@ -3457,19 +3484,20 @@ class AzureDeveloperCliCredential {
         }
         logger$4.getToken.info(`Using the scopes ${scopes}`);
         return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
-            var _a, _b, _c;
+            var _a, _b, _c, _d;
             try {
                 const obj = await developerCliCredentialInternals.getAzdAccessToken(scopeList, tenantId, this.timeout);
-                const isNotLoggedInError = (_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("not logged in, run `azd login` to login");
-                const isNotInstallError = ((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("azd:(.*)not found")) ||
-                    ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.startsWith("'azd' is not recognized"));
+                const isNotLoggedInError = ((_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("not logged in, run `azd login` to login")) ||
+                    ((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("not logged in, run `azd auth login` to login"));
+                const isNotInstallError = ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.match("azd:(.*)not found")) ||
+                    ((_d = obj.stderr) === null || _d === void 0 ? void 0 : _d.startsWith("'azd' is not recognized"));
                 if (isNotInstallError || (obj.error && obj.error.code === "ENOENT")) {
-                    const error = new CredentialUnavailableError("Azure Developer CLI could not be found. Please visit https://aka.ms/azure-dev for installation instructions and then, once installed, authenticate to your Azure account using 'azd login'.");
+                    const error = new CredentialUnavailableError("Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.");
                     logger$4.getToken.info(formatError(scopes, error));
                     throw error;
                 }
                 if (isNotLoggedInError) {
-                    const error = new CredentialUnavailableError("Please run 'azd login' from a command prompt to authenticate before using this credential.");
+                    const error = new CredentialUnavailableError("Please run 'azd auth login' from a command prompt to authenticate before using this credential. For more information, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.");
                     logger$4.getToken.info(formatError(scopes, error));
                     throw error;
                 }
@@ -3550,7 +3578,7 @@ class DefaultWorkloadIdentityCredential extends WorkloadIdentityCredential {
         const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
         const tenantId = (_c = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _c !== void 0 ? _c : process.env.AZURE_TENANT_ID;
         if (workloadFile && workloadIdentityClientId) {
-            const workloadIdentityCredentialOptions = Object.assign(Object.assign({}, options), { tenantId, clientId: workloadIdentityClientId, federatedTokenFilePath: workloadFile });
+            const workloadIdentityCredentialOptions = Object.assign(Object.assign({}, options), { tenantId, clientId: workloadIdentityClientId, tokenFilePath: workloadFile });
             super(workloadIdentityCredentialOptions);
         }
         else if (tenantId) {
@@ -3564,17 +3592,17 @@ class DefaultWorkloadIdentityCredential extends WorkloadIdentityCredential {
 }
 class DefaultAzureDeveloperCliCredential extends AzureDeveloperCliCredential {
     constructor(options) {
-        super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.developerCredentialTimeOutInMs }, options));
+        super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.credentialProcessTimeoutInMs }, options));
     }
 }
 class DefaultAzureCliCredential extends AzureCliCredential {
     constructor(options) {
-        super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.developerCredentialTimeOutInMs }, options));
+        super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.credentialProcessTimeoutInMs }, options));
     }
 }
 class DefaultAzurePowershellCredential extends AzurePowerShellCredential {
     constructor(options) {
-        super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.developerCredentialTimeOutInMs }, options));
+        super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.credentialProcessTimeoutInMs }, options));
     }
 }
 const defaultCredentials = [