@azure/identity 3.2.0-beta.1 → 3.2.0-beta.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of @azure/identity might be problematic. Click here for more details.
- package/dist/index.js +125 -67
- package/dist/index.js.map +1 -1
- package/dist-esm/src/client/identityClient.js +2 -2
- package/dist-esm/src/client/identityClient.js.map +1 -1
- package/dist-esm/src/constants.js +1 -1
- package/dist-esm/src/constants.js.map +1 -1
- package/dist-esm/src/credentials/azureCliCredential.js +4 -3
- package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
- package/dist-esm/src/credentials/azureCliCredentialOptions.js.map +1 -1
- package/dist-esm/src/credentials/azureDeveloperCliCredential.js +8 -3
- package/dist-esm/src/credentials/azureDeveloperCliCredential.js.map +1 -1
- package/dist-esm/src/credentials/azureDeveloperCliCredentialOptions.js.map +1 -1
- package/dist-esm/src/credentials/azurePowerShellCredential.js +9 -5
- package/dist-esm/src/credentials/azurePowerShellCredential.js.map +1 -1
- package/dist-esm/src/credentials/azurePowerShellCredentialOptions.js.map +1 -1
- package/dist-esm/src/credentials/defaultAzureCredential.js +47 -4
- package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
- package/dist-esm/src/credentials/defaultAzureCredentialOptions.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2019.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/index.js +27 -21
- package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/models.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/utils.js +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/utils.js.map +1 -1
- package/dist-esm/src/credentials/workloadIdentityCredential.js +16 -25
- package/dist-esm/src/credentials/workloadIdentityCredential.js.map +1 -1
- package/dist-esm/src/credentials/workloadIdentityCredentialOptions.js.map +1 -1
- package/dist-esm/src/index.js +1 -0
- package/dist-esm/src/index.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js +9 -2
- package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js.map +1 -1
- package/dist-esm/src/msal/utils.js +1 -1
- package/dist-esm/src/msal/utils.js.map +1 -1
- package/package.json +2 -2
- package/types/identity.d.ts +65 -7
package/dist/index.js
CHANGED
|
@@ -257,7 +257,7 @@ function credentialLogger(title, log = logger$n) {
|
|
|
257
257
|
/**
|
|
258
258
|
* Current version of the `@azure/identity` package.
|
|
259
259
|
*/
|
|
260
|
-
const SDK_VERSION = `3.2.0-beta.
|
|
260
|
+
const SDK_VERSION = `3.2.0-beta.2`;
|
|
261
261
|
/**
|
|
262
262
|
* The default client ID for authentication
|
|
263
263
|
* @internal
|
|
@@ -473,7 +473,7 @@ class MsalBaseUtilities {
|
|
|
473
473
|
}
|
|
474
474
|
// transformations.ts
|
|
475
475
|
function publicToMsal(account) {
|
|
476
|
-
const [environment] = account.authority.match(/([a-z]*\.[a-z]*\.[a-z]*)/) || [];
|
|
476
|
+
const [environment] = account.authority.match(/([a-z]*\.[a-z]*\.[a-z]*)/) || [""];
|
|
477
477
|
return Object.assign(Object.assign({}, account), { localAccountId: account.homeAccountId, environment });
|
|
478
478
|
}
|
|
479
479
|
function msalToPublic(clientId, account) {
|
|
@@ -667,7 +667,7 @@ function mapScopesToResource(scopes) {
|
|
|
667
667
|
* Given a token response, return the expiration timestamp as the number of milliseconds from the Unix epoch.
|
|
668
668
|
* @param body - A parsed response body from the authentication endpoint.
|
|
669
669
|
*/
|
|
670
|
-
function
|
|
670
|
+
function parseExpirationTimestamp(body) {
|
|
671
671
|
if (typeof body.expires_on === "number") {
|
|
672
672
|
return body.expires_on * 1000;
|
|
673
673
|
}
|
|
@@ -743,7 +743,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
743
743
|
const token = {
|
|
744
744
|
accessToken: {
|
|
745
745
|
token: parsedBody.access_token,
|
|
746
|
-
expiresOnTimestamp:
|
|
746
|
+
expiresOnTimestamp: parseExpirationTimestamp(parsedBody),
|
|
747
747
|
},
|
|
748
748
|
refreshToken: parsedBody.refresh_token,
|
|
749
749
|
};
|
|
@@ -1197,7 +1197,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
1197
1197
|
* Attempts to retrieve a token from cache.
|
|
1198
1198
|
*/
|
|
1199
1199
|
async getTokenSilent(scopes, options) {
|
|
1200
|
-
var _a, _b;
|
|
1200
|
+
var _a, _b, _c;
|
|
1201
1201
|
await this.getActiveAccount();
|
|
1202
1202
|
if (!this.account) {
|
|
1203
1203
|
throw new AuthenticationRequiredError({
|
|
@@ -1216,7 +1216,14 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
1216
1216
|
};
|
|
1217
1217
|
try {
|
|
1218
1218
|
this.logger.info("Attempting to acquire token silently");
|
|
1219
|
-
|
|
1219
|
+
/**
|
|
1220
|
+
* The following code to retrieve all accounts is done as a workaround in an attempt to force the
|
|
1221
|
+
* refresh of the token cache with the token and the account passed in through the
|
|
1222
|
+
* `authenticationRecord` parameter. See issue - https://github.com/Azure/azure-sdk-for-js/issues/24349#issuecomment-1496715651
|
|
1223
|
+
* This workaround serves as a workoaround for silent authentication not happening when authenticationRecord is passed.
|
|
1224
|
+
*/
|
|
1225
|
+
await ((_a = (this.publicApp || this.confidentialApp)) === null || _a === void 0 ? void 0 : _a.getTokenCache().getAllAccounts());
|
|
1226
|
+
const response = (_c = (await ((_b = this.confidentialApp) === null || _b === void 0 ? void 0 : _b.acquireTokenSilent(silentRequest)))) !== null && _c !== void 0 ? _c : (await this.publicApp.acquireTokenSilent(silentRequest));
|
|
1220
1227
|
return this.handleResult(scopes, this.clientId, response || undefined);
|
|
1221
1228
|
}
|
|
1222
1229
|
catch (err) {
|
|
@@ -1969,37 +1976,28 @@ const logger$g = credentialLogger(credentialName$3);
|
|
|
1969
1976
|
*/
|
|
1970
1977
|
class WorkloadIdentityCredential {
|
|
1971
1978
|
/**
|
|
1972
|
-
*
|
|
1973
|
-
*
|
|
1979
|
+
* WorkloadIdentityCredential supports Azure workload identity on Kubernetes.
|
|
1980
|
+
*
|
|
1981
|
+
* @param options - The identity client options to use for authentication.
|
|
1974
1982
|
*/
|
|
1975
1983
|
constructor(options) {
|
|
1976
1984
|
this.azureFederatedTokenFileContent = undefined;
|
|
1977
1985
|
this.cacheDate = undefined;
|
|
1986
|
+
// Logging environment variables for error details
|
|
1987
|
+
const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(", ");
|
|
1988
|
+
logger$g.info(`Found the following environment variables: ${assignedEnv}`);
|
|
1978
1989
|
const workloadIdentityCredentialOptions = options;
|
|
1979
|
-
|
|
1980
|
-
|
|
1981
|
-
|
|
1982
|
-
|
|
1983
|
-
|
|
1984
|
-
|
|
1985
|
-
|
|
1986
|
-
this.federatedTokenFilePath = workloadIdentityCredentialOptions.federatedTokenFilePath;
|
|
1987
|
-
logger$g.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`);
|
|
1988
|
-
this.client = new ClientAssertionCredential(tenantId, workloadIdentityCredentialOptions.clientId, this.readFileContents.bind(this), options);
|
|
1990
|
+
const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;
|
|
1991
|
+
const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;
|
|
1992
|
+
this.federatedTokenFilePath =
|
|
1993
|
+
workloadIdentityCredentialOptions.federatedTokenFilePath ||
|
|
1994
|
+
process.env.AZURE_FEDERATED_TOKEN_FILE;
|
|
1995
|
+
if (tenantId) {
|
|
1996
|
+
checkTenantId(logger$g, tenantId);
|
|
1989
1997
|
}
|
|
1990
|
-
|
|
1991
|
-
|
|
1992
|
-
|
|
1993
|
-
logger$g.info(`Found the following environment variables: ${assigned}`);
|
|
1994
|
-
const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, federatedTokenFilePath = process.env.AZURE_FEDERATED_TOKEN_FILE;
|
|
1995
|
-
this.federatedTokenFilePath = federatedTokenFilePath;
|
|
1996
|
-
if (tenantId) {
|
|
1997
|
-
checkTenantId(logger$g, tenantId);
|
|
1998
|
-
}
|
|
1999
|
-
if (tenantId && clientId && federatedTokenFilePath) {
|
|
2000
|
-
logger$g.info(`Invoking ClientAssertionCredential with the following environment variables tenant ID: ${tenantId}, clientId: ${clientId} and federatedTokenFilePath: [REDACTED]`);
|
|
2001
|
-
this.client = new ClientAssertionCredential(tenantId, clientId, this.readFileContents.bind(this), options);
|
|
2002
|
-
}
|
|
1998
|
+
if (clientId && tenantId && this.federatedTokenFilePath) {
|
|
1999
|
+
logger$g.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`);
|
|
2000
|
+
this.client = new ClientAssertionCredential(tenantId, clientId, this.readFileContents.bind(this), options);
|
|
2003
2001
|
}
|
|
2004
2002
|
}
|
|
2005
2003
|
/**
|
|
@@ -2249,6 +2247,7 @@ class ManagedIdentityCredential {
|
|
|
2249
2247
|
constructor(clientIdOrOptions, options) {
|
|
2250
2248
|
var _a;
|
|
2251
2249
|
this.isEndpointUnavailable = null;
|
|
2250
|
+
this.isAppTokenProviderInitialized = false;
|
|
2252
2251
|
let _options;
|
|
2253
2252
|
if (typeof clientIdOrOptions === "string") {
|
|
2254
2253
|
this.clientId = clientIdOrOptions;
|
|
@@ -2357,27 +2356,32 @@ class ManagedIdentityCredential {
|
|
|
2357
2356
|
scopes: Array.isArray(scopes) ? scopes : [scopes],
|
|
2358
2357
|
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
2359
2358
|
};
|
|
2360
|
-
|
|
2361
|
-
|
|
2362
|
-
|
|
2363
|
-
|
|
2364
|
-
logger$c.info(`SetAppTokenProvider
|
|
2365
|
-
const
|
|
2366
|
-
|
|
2367
|
-
|
|
2368
|
-
|
|
2369
|
-
|
|
2370
|
-
|
|
2371
|
-
|
|
2372
|
-
|
|
2373
|
-
|
|
2374
|
-
|
|
2375
|
-
|
|
2376
|
-
|
|
2377
|
-
|
|
2378
|
-
|
|
2379
|
-
|
|
2380
|
-
|
|
2359
|
+
// Added a check to see if SetAppTokenProvider was already defined.
|
|
2360
|
+
// Don't redefine it if it's already defined, since it should be static method.
|
|
2361
|
+
if (!this.isAppTokenProviderInitialized) {
|
|
2362
|
+
this.confidentialApp.SetAppTokenProvider(async (appTokenProviderParameters = appTokenParameters) => {
|
|
2363
|
+
logger$c.info(`SetAppTokenProvider invoked with parameters- ${JSON.stringify(appTokenProviderParameters)}`);
|
|
2364
|
+
const resultToken = await this.authenticateManagedIdentity(scopes, Object.assign(Object.assign({}, updatedOptions), appTokenProviderParameters));
|
|
2365
|
+
if (resultToken) {
|
|
2366
|
+
logger$c.info(`SetAppTokenProvider has saved the token in cache`);
|
|
2367
|
+
const expiresInSeconds = (resultToken === null || resultToken === void 0 ? void 0 : resultToken.expiresOnTimestamp)
|
|
2368
|
+
? Math.floor((resultToken.expiresOnTimestamp - Date.now()) / 1000)
|
|
2369
|
+
: 0;
|
|
2370
|
+
return {
|
|
2371
|
+
accessToken: resultToken === null || resultToken === void 0 ? void 0 : resultToken.token,
|
|
2372
|
+
expiresInSeconds,
|
|
2373
|
+
};
|
|
2374
|
+
}
|
|
2375
|
+
else {
|
|
2376
|
+
logger$c.info(`SetAppTokenProvider token has "no_access_token_returned" as the saved token`);
|
|
2377
|
+
return {
|
|
2378
|
+
accessToken: "no_access_token_returned",
|
|
2379
|
+
expiresInSeconds: 0,
|
|
2380
|
+
};
|
|
2381
|
+
}
|
|
2382
|
+
});
|
|
2383
|
+
this.isAppTokenProviderInitialized = true;
|
|
2384
|
+
}
|
|
2381
2385
|
const authenticationResult = await this.confidentialApp.acquireTokenByClientCredential(Object.assign({}, appTokenParameters));
|
|
2382
2386
|
result = this.handleResult(scopes, authenticationResult || undefined);
|
|
2383
2387
|
}
|
|
@@ -2547,7 +2551,7 @@ const cliCredentialInternals = {
|
|
|
2547
2551
|
* @param resource - The resource to use when getting the token
|
|
2548
2552
|
* @internal
|
|
2549
2553
|
*/
|
|
2550
|
-
async getAzureCliAccessToken(resource, tenantId) {
|
|
2554
|
+
async getAzureCliAccessToken(resource, tenantId, timeout) {
|
|
2551
2555
|
let tenantSection = [];
|
|
2552
2556
|
if (tenantId) {
|
|
2553
2557
|
tenantSection = ["--tenant", tenantId];
|
|
@@ -2562,7 +2566,7 @@ const cliCredentialInternals = {
|
|
|
2562
2566
|
"--resource",
|
|
2563
2567
|
resource,
|
|
2564
2568
|
...tenantSection,
|
|
2565
|
-
], { cwd: cliCredentialInternals.getSafeWorkingDir(), shell: true }, (error, stdout, stderr) => {
|
|
2569
|
+
], { cwd: cliCredentialInternals.getSafeWorkingDir(), shell: true, timeout }, (error, stdout, stderr) => {
|
|
2566
2570
|
resolve({ stdout: stdout, stderr: stderr, error });
|
|
2567
2571
|
});
|
|
2568
2572
|
}
|
|
@@ -2591,6 +2595,7 @@ class AzureCliCredential {
|
|
|
2591
2595
|
constructor(options) {
|
|
2592
2596
|
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
|
|
2593
2597
|
this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
2598
|
+
this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
|
|
2594
2599
|
}
|
|
2595
2600
|
/**
|
|
2596
2601
|
* Authenticates with Azure Active Directory and returns an access token if successful.
|
|
@@ -2609,7 +2614,7 @@ class AzureCliCredential {
|
|
|
2609
2614
|
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
|
|
2610
2615
|
var _a, _b, _c, _d;
|
|
2611
2616
|
try {
|
|
2612
|
-
const obj = await cliCredentialInternals.getAzureCliAccessToken(resource, tenantId);
|
|
2617
|
+
const obj = await cliCredentialInternals.getAzureCliAccessToken(resource, tenantId, this.timeout);
|
|
2613
2618
|
const specificScope = (_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("(.*)az login --scope(.*)");
|
|
2614
2619
|
const isLoginError = ((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("(.*)az login(.*)")) && !specificScope;
|
|
2615
2620
|
const isNotInstallError = ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.match("az:(.*)not found")) || ((_d = obj.stderr) === null || _d === void 0 ? void 0 : _d.startsWith("'az' is not recognized"));
|
|
@@ -2702,11 +2707,14 @@ function formatCommand(commandName) {
|
|
|
2702
2707
|
* If anything fails, an error is thrown.
|
|
2703
2708
|
* @internal
|
|
2704
2709
|
*/
|
|
2705
|
-
async function runCommands(commands) {
|
|
2710
|
+
async function runCommands(commands, timeout) {
|
|
2706
2711
|
const results = [];
|
|
2707
2712
|
for (const command of commands) {
|
|
2708
2713
|
const [file, ...parameters] = command;
|
|
2709
|
-
const result = (await processUtils.execFile(file, parameters, {
|
|
2714
|
+
const result = (await processUtils.execFile(file, parameters, {
|
|
2715
|
+
encoding: "utf8",
|
|
2716
|
+
timeout,
|
|
2717
|
+
}));
|
|
2710
2718
|
results.push(result);
|
|
2711
2719
|
}
|
|
2712
2720
|
return results;
|
|
@@ -2761,16 +2769,17 @@ class AzurePowerShellCredential {
|
|
|
2761
2769
|
constructor(options) {
|
|
2762
2770
|
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
|
|
2763
2771
|
this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
2772
|
+
this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
|
|
2764
2773
|
}
|
|
2765
2774
|
/**
|
|
2766
2775
|
* Gets the access token from Azure PowerShell
|
|
2767
2776
|
* @param resource - The resource to use when getting the token
|
|
2768
2777
|
*/
|
|
2769
|
-
async getAzurePowerShellAccessToken(resource, tenantId) {
|
|
2778
|
+
async getAzurePowerShellAccessToken(resource, tenantId, timeout) {
|
|
2770
2779
|
// Clone the stack to avoid mutating it while iterating
|
|
2771
2780
|
for (const powerShellCommand of [...commandStack]) {
|
|
2772
2781
|
try {
|
|
2773
|
-
await runCommands([[powerShellCommand, "/?"]]);
|
|
2782
|
+
await runCommands([[powerShellCommand, "/?"]], timeout);
|
|
2774
2783
|
}
|
|
2775
2784
|
catch (e) {
|
|
2776
2785
|
// Remove this credential from the original stack so that we don't try it again.
|
|
@@ -2818,7 +2827,7 @@ class AzurePowerShellCredential {
|
|
|
2818
2827
|
logger$a.getToken.info(`Using the scope ${scope}`);
|
|
2819
2828
|
const resource = getScopeResource(scope);
|
|
2820
2829
|
try {
|
|
2821
|
-
const response = await this.getAzurePowerShellAccessToken(resource, tenantId);
|
|
2830
|
+
const response = await this.getAzurePowerShellAccessToken(resource, tenantId, this.timeout);
|
|
2822
2831
|
logger$a.getToken.info(formatSuccess(scopes));
|
|
2823
2832
|
return {
|
|
2824
2833
|
token: response.Token,
|
|
@@ -3376,7 +3385,7 @@ const developerCliCredentialInternals = {
|
|
|
3376
3385
|
* @param scopes - The scopes to use when getting the token
|
|
3377
3386
|
* @internal
|
|
3378
3387
|
*/
|
|
3379
|
-
async getAzdAccessToken(scopes, tenantId) {
|
|
3388
|
+
async getAzdAccessToken(scopes, tenantId, timeout) {
|
|
3380
3389
|
let tenantSection = [];
|
|
3381
3390
|
if (tenantId) {
|
|
3382
3391
|
tenantSection = ["--tenant-id", tenantId];
|
|
@@ -3390,7 +3399,11 @@ const developerCliCredentialInternals = {
|
|
|
3390
3399
|
"json",
|
|
3391
3400
|
...scopes.reduce((previous, current) => previous.concat("--scope", current), []),
|
|
3392
3401
|
...tenantSection,
|
|
3393
|
-
], {
|
|
3402
|
+
], {
|
|
3403
|
+
cwd: developerCliCredentialInternals.getSafeWorkingDir(),
|
|
3404
|
+
shell: true,
|
|
3405
|
+
timeout,
|
|
3406
|
+
}, (error, stdout, stderr) => {
|
|
3394
3407
|
resolve({ stdout, stderr, error });
|
|
3395
3408
|
});
|
|
3396
3409
|
}
|
|
@@ -3419,6 +3432,7 @@ class AzureDeveloperCliCredential {
|
|
|
3419
3432
|
constructor(options) {
|
|
3420
3433
|
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
|
|
3421
3434
|
this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
3435
|
+
this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
|
|
3422
3436
|
}
|
|
3423
3437
|
/**
|
|
3424
3438
|
* Authenticates with Azure Active Directory and returns an access token if successful.
|
|
@@ -3441,7 +3455,7 @@ class AzureDeveloperCliCredential {
|
|
|
3441
3455
|
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
|
|
3442
3456
|
var _a, _b, _c;
|
|
3443
3457
|
try {
|
|
3444
|
-
const obj = await developerCliCredentialInternals.getAzdAccessToken(scopeList, tenantId);
|
|
3458
|
+
const obj = await developerCliCredentialInternals.getAzdAccessToken(scopeList, tenantId, this.timeout);
|
|
3445
3459
|
const isNotLoggedInError = (_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("not logged in, run `azd login` to login");
|
|
3446
3460
|
const isNotInstallError = ((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("azd:(.*)not found")) ||
|
|
3447
3461
|
((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.startsWith("'azd' is not recognized"));
|
|
@@ -3516,13 +3530,56 @@ class DefaultManagedIdentityCredential extends ManagedIdentityCredential {
|
|
|
3516
3530
|
}
|
|
3517
3531
|
}
|
|
3518
3532
|
}
|
|
3533
|
+
/**
|
|
3534
|
+
* A shim around WorkloadIdentityCredential that adapts it to accept
|
|
3535
|
+
* `DefaultAzureCredentialOptions`.
|
|
3536
|
+
*
|
|
3537
|
+
* @internal
|
|
3538
|
+
*/
|
|
3539
|
+
class DefaultWorkloadIdentityCredential extends WorkloadIdentityCredential {
|
|
3540
|
+
// Constructor overload with just the other default options
|
|
3541
|
+
// Last constructor overload with Union of all options not required since the above two constructor overloads have optional properties
|
|
3542
|
+
constructor(options) {
|
|
3543
|
+
var _a, _b, _c;
|
|
3544
|
+
const managedIdentityClientId = (_a = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _a !== void 0 ? _a : process.env.AZURE_CLIENT_ID;
|
|
3545
|
+
const workloadIdentityClientId = (_b = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _b !== void 0 ? _b : managedIdentityClientId;
|
|
3546
|
+
const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
|
|
3547
|
+
const tenantId = (_c = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _c !== void 0 ? _c : process.env.AZURE_TENANT_ID;
|
|
3548
|
+
if (workloadFile && workloadIdentityClientId) {
|
|
3549
|
+
const workloadIdentityCredentialOptions = Object.assign(Object.assign({}, options), { tenantId, clientId: workloadIdentityClientId, federatedTokenFilePath: workloadFile });
|
|
3550
|
+
super(workloadIdentityCredentialOptions);
|
|
3551
|
+
}
|
|
3552
|
+
else if (tenantId) {
|
|
3553
|
+
const workloadIdentityClientTenantOptions = Object.assign(Object.assign({}, options), { tenantId });
|
|
3554
|
+
super(workloadIdentityClientTenantOptions);
|
|
3555
|
+
}
|
|
3556
|
+
else {
|
|
3557
|
+
super(options);
|
|
3558
|
+
}
|
|
3559
|
+
}
|
|
3560
|
+
}
|
|
3561
|
+
class DefaultAzureDeveloperCliCredential extends AzureDeveloperCliCredential {
|
|
3562
|
+
constructor(options) {
|
|
3563
|
+
super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.developerCredentialTimeOutInMs }, options));
|
|
3564
|
+
}
|
|
3565
|
+
}
|
|
3566
|
+
class DefaultAzureCliCredential extends AzureCliCredential {
|
|
3567
|
+
constructor(options) {
|
|
3568
|
+
super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.developerCredentialTimeOutInMs }, options));
|
|
3569
|
+
}
|
|
3570
|
+
}
|
|
3571
|
+
class DefaultAzurePowershellCredential extends AzurePowerShellCredential {
|
|
3572
|
+
constructor(options) {
|
|
3573
|
+
super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.developerCredentialTimeOutInMs }, options));
|
|
3574
|
+
}
|
|
3575
|
+
}
|
|
3519
3576
|
const defaultCredentials = [
|
|
3520
3577
|
EnvironmentCredential,
|
|
3521
|
-
|
|
3578
|
+
DefaultWorkloadIdentityCredential,
|
|
3522
3579
|
DefaultManagedIdentityCredential,
|
|
3523
|
-
|
|
3524
|
-
|
|
3525
|
-
|
|
3580
|
+
DefaultAzureDeveloperCliCredential,
|
|
3581
|
+
DefaultAzureCliCredential,
|
|
3582
|
+
DefaultAzurePowershellCredential,
|
|
3526
3583
|
];
|
|
3527
3584
|
/**
|
|
3528
3585
|
* Provides a default {@link ChainedTokenCredential} configuration that should
|
|
@@ -4073,6 +4130,7 @@ exports.AuthenticationErrorName = AuthenticationErrorName;
|
|
|
4073
4130
|
exports.AuthenticationRequiredError = AuthenticationRequiredError;
|
|
4074
4131
|
exports.AuthorizationCodeCredential = AuthorizationCodeCredential;
|
|
4075
4132
|
exports.AzureCliCredential = AzureCliCredential;
|
|
4133
|
+
exports.AzureDeveloperCliCredential = AzureDeveloperCliCredential;
|
|
4076
4134
|
exports.AzurePowerShellCredential = AzurePowerShellCredential;
|
|
4077
4135
|
exports.ChainedTokenCredential = ChainedTokenCredential;
|
|
4078
4136
|
exports.ClientAssertionCredential = ClientAssertionCredential;
|