npm - @azure/identity - Versions diffs - 4.11.2 → 4.12.1-alpha.20251006.1 - Mend

@azure/identity 4.11.2 → 4.12.1-alpha.20251006.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (193) hide show

package/dist/workerd/credentials/azureDeveloperCliCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azureDeveloperCliCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAElF,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,aAAa,MAAM,eAAe,CAAC;AAC1C,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,+BAA+B,EAAE,MAAM,uBAAuB,CAAC;AAExE,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG;IAC7C;;OAEG;IACH,iBAAiB;QACf,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAI,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACrE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,CAAC,QAAQ,CAAC,OAAO,CACrB,sHAAsH,CACvH,CAAC;gBAEF,UAAU,GAAG,aAAa,CAAC;YAC7B,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CACrB,MAAgB,EAChB,QAAiB,EACjB,OAAgB;QAEhB,IAAI,aAAa,GAAa,EAAE,CAAC;QACjC,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG;oBACX,MAAM;oBACN,OAAO;oBACP,UAAU;oBACV,MAAM;oBACN,GAAG,MAAM,CAAC,MAAM,CACd,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAC1D,EAAE,CACH;oBACD,GAAG,aAAa;iBACjB,CAAC;gBACF,MAAM,OAAO,GAAG,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC3C,aAAa,CAAC,IAAI,CAChB,OAAO,EACP;oBACE,GAAG,EAAE,+BAA+B,CAAC,iBAAiB,EAAE;oBACxD,OAAO;iBACR,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;oBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBACrC,CAAC,CACF,CAAC;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,OAAO,2BAA2B;IAC9B,QAAQ,CAAU;IAClB,4BAA4B,CAAW;IACvC,OAAO,CAAU;IAEzB;;;;;;;OAOG;IACH,YAAY,OAA4C;QACtD,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,EAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;QACF,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,SAAmB,CAAC;QACxB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,SAAS,GAAG,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,CAAC;QACrB,CAAC;QACD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,oBAAoB,MAAM,EAAE,CAAC,CAAC;QAEnD,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YACrF,IAAI,CAAC;gBACH,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBAC1B,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBACjD,CAAC,CAAC,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,+BAA+B,CAAC,iBAAiB,CACjE,SAAS,EACT,QAAQ,EACR,IAAI,CAAC,OAAO,CACb,CAAC;gBACF,MAAM,kBAAkB,GACtB,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,yCAAyC,CAAC;oBAC5D,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,8CAA8C,CAAC,CAAC;gBACpE,MAAM,iBAAiB,GACrB,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,mBAAmB,CAAC;oBACtC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,yBAAyB,CAAC,CAAC;gBAEpD,IAAI,iBAAiB,IAAI,CAAC,GAAG,CAAC,KAAK,IAAK,GAAG,CAAC,KAAa,CAAC,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;oBAC7E,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,wKAAwK,CACzK,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBAED,IAAI,kBAAkB,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,+NAA+N,CAChO,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,IAAI,GAAyC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,IAAI,CAAC,KAAK;wBACjB,kBAAkB,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;wBACtD,SAAS,EAAE,QAAQ;qBACL,CAAC;gBACnB,CAAC;gBAAC,OAAO,CAAM,EAAE,CAAC;oBAChB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;wBACf,MAAM,IAAI,0BAA0B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBACnD,CAAC;oBACD,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,KAAK,GACT,GAAG,CAAC,IAAI,KAAK,4BAA4B;oBACvC,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,IAAI,0BAA0B,CAC3B,GAAa,CAAC,OAAO,IAAI,yDAAyD,CACpF,CAAC;gBACR,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging.js\";\nimport type { AzureDeveloperCliCredentialOptions } from \"./azureDeveloperCliCredentialOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport child_process from \"child_process\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport { ensureValidScopeForDevTimeCreds } from \"../util/scopeUtils.js\";\n\nconst logger = credentialLogger(\"AzureDeveloperCliCredential\");\n\n/*\n Mockable reference to the Developer CLI credential cliCredentialFunctions\n * @internal\n /\nexport const developerCliCredentialInternals = {\n /\n @internal\n /\n getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n let systemRoot = process.env.SystemRoot \|\| process.env[\"SYSTEMROOT\"];\n if (!systemRoot) {\n logger.getToken.warning(\n \"The SystemRoot environment variable is not set. This may cause issues when using the Azure Developer CLI credential.\",\n );\n\n systemRoot = \"C:\\\\Windows\";\n }\n\n return systemRoot;\n } else {\n return \"/bin\";\n }\n },\n\n /\n Gets the access token from Azure Developer CLI\n * @param scopes - The scopes to use when getting the token\n * @internal\n /\n async getAzdAccessToken(\n scopes: string[],\n tenantId?: string,\n timeout?: number,\n ): Promise<{ stdout: string; stderr: string; error: Error \| null }> {\n let tenantSection: string[] = [];\n if (tenantId) {\n tenantSection = [\"--tenant-id\", tenantId];\n }\n return new Promise((resolve, reject) => {\n try {\n const args = [\n \"auth\",\n \"token\",\n \"--output\",\n \"json\",\n ...scopes.reduce<string[]>(\n (previous, current) => previous.concat(\"--scope\", current),\n [],\n ),\n ...tenantSection,\n ];\n const command = [\"azd\", ...args].join(\" \");\n child_process.exec(\n command,\n {\n cwd: developerCliCredentialInternals.getSafeWorkingDir(),\n timeout,\n },\n (error, stdout, stderr) => {\n resolve({ stdout, stderr, error });\n },\n );\n } catch (err: any) {\n reject(err);\n }\n });\n },\n};\n\n/\n Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy\n * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific\n * to Azure developers. It allows users to authenticate as a user and/or a service principal against\n * <a href=\"https://learn.microsoft.com/entra/fundamentals/\">Microsoft Entra ID</a>. The\n * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of\n * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or\n * service principal and executes an Azure CLI command underneath to authenticate the application against\n * Microsoft Entra ID.\n \n <h2> Configure AzureDeveloperCliCredential </h2>\n \n To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the\n * commands below:\n \n <ol>\n * <li>Run \"azd auth login\" in Azure Developer CLI to authenticate interactively as a user.</li>\n * <li>Run \"azd auth login --client-id clientID --client-secret clientSecret\n * --tenant-id tenantID\" to authenticate as a service principal.</li>\n * </ol>\n \n You may need to repeat this process after a certain time period, depending on the refresh token validity in your\n * organization. Generally, the refresh token validity period is a few weeks to a few months.\n * AzureDeveloperCliCredential will prompt you to sign in again.\n /\nexport class AzureDeveloperCliCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /\n Creates an instance of the {@link AzureDeveloperCliCredential}.\n \n To use this credential, ensure that you have already logged\n * in via the 'azd' tool using the command \"azd auth login\" from the commandline.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzureDeveloperCliCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n );\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n let scopeList: string[];\n if (typeof scopes === \"string\") {\n scopeList = [scopes];\n } else {\n scopeList = scopes;\n }\n logger.getToken.info(`Using the scopes ${scopes}`);\n\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n try {\n scopeList.forEach((scope) => {\n ensureValidScopeForDevTimeCreds(scope, logger);\n });\n const obj = await developerCliCredentialInternals.getAzdAccessToken(\n scopeList,\n tenantId,\n this.timeout,\n );\n const isNotLoggedInError =\n obj.stderr?.match(\"not logged in, run `azd login` to login\") \|\|\n obj.stderr?.match(\"not logged in, run `azd auth login` to login\");\n const isNotInstallError =\n obj.stderr?.match(\"azd:(.)not found\") \|\|\n obj.stderr?.startsWith(\"'azd' is not recognized\");\n\n if (isNotInstallError \|\| (obj.error && (obj.error as any).code === \"ENOENT\")) {\n const error = new CredentialUnavailableError(\n \"Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n if (isNotLoggedInError) {\n const error = new CredentialUnavailableError(\n \"Please run 'azd auth login' from a command prompt to authenticate before using this credential. For more information, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n try {\n const resp: { token: string; expiresOn: string } = JSON.parse(obj.stdout);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: resp.token,\n expiresOnTimestamp: new Date(resp.expiresOn).getTime(),\n tokenType: \"Bearer\",\n } as AccessToken;\n } catch (e: any) {\n if (obj.stderr) {\n throw new CredentialUnavailableError(obj.stderr);\n }\n throw e;\n }\n } catch (err: any) {\n const error =\n err.name === \"CredentialUnavailableError\"\n ? err\n : new CredentialUnavailableError(\n (err as Error).message \|\| \"Unknown error while trying to retrieve the access token\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n });\n }\n}\n"]}
1	+ {"version":3,"file":"azureDeveloperCliCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAElF,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,aAAa,MAAM,eAAe,CAAC;AAC1C,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,+BAA+B,EAAE,MAAM,uBAAuB,CAAC;AAExE,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;GAGG;AACH,MAAM,CAAC,MAAM,oCAAoC,GAAG;IAClD,YAAY,EACV,wKAAwK;IAC1K,KAAK,EACH,+NAA+N;IACjO,OAAO,EAAE,yDAAyD;IAClE,KAAK,EACH,gIAAgI;CACnI,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG;IAC7C;;OAEG;IACH,iBAAiB;QACf,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAI,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACrE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,CAAC,QAAQ,CAAC,OAAO,CACrB,sHAAsH,CACvH,CAAC;gBAEF,UAAU,GAAG,aAAa,CAAC;YAC7B,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CACrB,MAAgB,EAChB,QAAiB,EACjB,OAAgB,EAChB,MAAe;QAEf,IAAI,aAAa,GAAa,EAAE,CAAC;QACjC,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,cAAc,GAAa,EAAE,CAAC;QAClC,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;YACnC,cAAc,GAAG,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG;oBACX,MAAM;oBACN,OAAO;oBACP,UAAU;oBACV,MAAM;oBACN,aAAa;oBACb,GAAG,MAAM,CAAC,MAAM,CACd,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAC1D,EAAE,CACH;oBACD,GAAG,aAAa;oBAChB,GAAG,cAAc;iBAClB,CAAC;gBACF,MAAM,OAAO,GAAG,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC3C,aAAa,CAAC,IAAI,CAChB,OAAO,EACP;oBACE,GAAG,EAAE,+BAA+B,CAAC,iBAAiB,EAAE;oBACxD,OAAO;iBACR,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;oBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBACrC,CAAC,CACF,CAAC;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,OAAO,2BAA2B;IAC9B,QAAQ,CAAU;IAClB,4BAA4B,CAAW;IACvC,OAAO,CAAU;IAEzB;;;;;;;OAOG;IACH,YAAY,OAA4C;QACtD,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,EAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;QACF,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,SAAmB,CAAC;QACxB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,SAAS,GAAG,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,CAAC;QACrB,CAAC;QACD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,oBAAoB,MAAM,EAAE,CAAC,CAAC;QAEnD,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YACrF,IAAI,CAAC;gBACH,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBAC1B,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBACjD,CAAC,CAAC,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,+BAA+B,CAAC,iBAAiB,CACjE,SAAS,EACT,QAAQ,EACR,IAAI,CAAC,OAAO,EACZ,OAAO,CAAC,MAAM,CACf,CAAC;gBACF,MAAM,kBAAkB,GACtB,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,sCAAsC,CAAC;oBACzD,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,2BAA2B,CAAC,CAAC;gBACjD,MAAM,kBAAkB,GACtB,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,yCAAyC,CAAC;oBAC5D,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,8CAA8C,CAAC,CAAC;gBACpE,MAAM,iBAAiB,GACrB,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,mBAAmB,CAAC;oBACtC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,yBAAyB,CAAC,CAAC;gBACpD,IAAI,iBAAiB,IAAI,CAAC,GAAG,CAAC,KAAK,IAAK,GAAG,CAAC,KAAa,CAAC,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;oBAC7E,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,oCAAoC,CAAC,YAAY,CAClD,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBAED,IAAI,kBAAkB,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,oCAAoC,CAAC,KAAK,CAAC,CAAC;oBACzF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,IAAI,kBAAkB,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAG,SAAS;yBACpB,MAAM,CAAW,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC;yBAChF,IAAI,CAAC,GAAG,CAAC,CAAC;oBACb,MAAM,QAAQ,GAAG,kBAAkB,KAAK,EAAE,CAAC;oBAC3C,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,GAAG,oCAAoC,CAAC,KAAK,IAAI,QAAQ,EAAE,CAC5D,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,IAAI,GAAyC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,IAAI,CAAC,KAAK;wBACjB,kBAAkB,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;wBACtD,SAAS,EAAE,QAAQ;qBACL,CAAC;gBACnB,CAAC;gBAAC,OAAO,CAAM,EAAE,CAAC;oBAChB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;wBACf,MAAM,IAAI,0BAA0B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBACnD,CAAC;oBACD,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,KAAK,GACT,GAAG,CAAC,IAAI,KAAK,4BAA4B;oBACvC,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,IAAI,0BAA0B,CAC3B,GAAa,CAAC,OAAO,IAAI,oCAAoC,CAAC,OAAO,CACvE,CAAC;gBACR,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging.js\";\nimport type { AzureDeveloperCliCredentialOptions } from \"./azureDeveloperCliCredentialOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport child_process from \"child_process\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport { ensureValidScopeForDevTimeCreds } from \"../util/scopeUtils.js\";\n\nconst logger = credentialLogger(\"AzureDeveloperCliCredential\");\n\n/*\n Messages to use when throwing in this credential.\n * @internal\n /\nexport const azureDeveloperCliPublicErrorMessages = {\n notInstalled:\n \"Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\",\n login:\n \"Please run 'azd auth login' from a command prompt to authenticate before using this credential. For more information, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\",\n unknown: \"Unknown error while trying to retrieve the access token\",\n claim:\n \"This credential doesn't support claims challenges. To authenticate with the required claims, please run the following command:\",\n};\n\n/\n Mockable reference to the Developer CLI credential cliCredentialFunctions\n * @internal\n /\nexport const developerCliCredentialInternals = {\n /\n @internal\n /\n getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n let systemRoot = process.env.SystemRoot \|\| process.env[\"SYSTEMROOT\"];\n if (!systemRoot) {\n logger.getToken.warning(\n \"The SystemRoot environment variable is not set. This may cause issues when using the Azure Developer CLI credential.\",\n );\n\n systemRoot = \"C:\\\\Windows\";\n }\n\n return systemRoot;\n } else {\n return \"/bin\";\n }\n },\n\n /\n Gets the access token from Azure Developer CLI\n * @param scopes - The scopes to use when getting the token\n * @internal\n /\n async getAzdAccessToken(\n scopes: string[],\n tenantId?: string,\n timeout?: number,\n claims?: string,\n ): Promise<{ stdout: string; stderr: string; error: Error \| null }> {\n let tenantSection: string[] = [];\n if (tenantId) {\n tenantSection = [\"--tenant-id\", tenantId];\n }\n\n let claimsSections: string[] = [];\n if (claims) {\n const encodedClaims = btoa(claims);\n claimsSections = [\"--claims\", encodedClaims];\n }\n return new Promise((resolve, reject) => {\n try {\n const args = [\n \"auth\",\n \"token\",\n \"--output\",\n \"json\",\n \"--no-prompt\",\n ...scopes.reduce<string[]>(\n (previous, current) => previous.concat(\"--scope\", current),\n [],\n ),\n ...tenantSection,\n ...claimsSections,\n ];\n const command = [\"azd\", ...args].join(\" \");\n child_process.exec(\n command,\n {\n cwd: developerCliCredentialInternals.getSafeWorkingDir(),\n timeout,\n },\n (error, stdout, stderr) => {\n resolve({ stdout, stderr, error });\n },\n );\n } catch (err: any) {\n reject(err);\n }\n });\n },\n};\n\n/\n Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy\n * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific\n * to Azure developers. It allows users to authenticate as a user and/or a service principal against\n * <a href=\"https://learn.microsoft.com/entra/fundamentals/\">Microsoft Entra ID</a>. The\n * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of\n * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or\n * service principal and executes an Azure CLI command underneath to authenticate the application against\n * Microsoft Entra ID.\n \n <h2> Configure AzureDeveloperCliCredential </h2>\n \n To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the\n * commands below:\n \n <ol>\n * <li>Run \"azd auth login\" in Azure Developer CLI to authenticate interactively as a user.</li>\n * <li>Run \"azd auth login --client-id clientID --client-secret clientSecret\n * --tenant-id tenantID\" to authenticate as a service principal.</li>\n * </ol>\n \n You may need to repeat this process after a certain time period, depending on the refresh token validity in your\n * organization. Generally, the refresh token validity period is a few weeks to a few months.\n * AzureDeveloperCliCredential will prompt you to sign in again.\n /\nexport class AzureDeveloperCliCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /\n Creates an instance of the {@link AzureDeveloperCliCredential}.\n \n To use this credential, ensure that you have already logged\n * in via the 'azd' tool using the command \"azd auth login\" from the commandline.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzureDeveloperCliCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n );\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n let scopeList: string[];\n if (typeof scopes === \"string\") {\n scopeList = [scopes];\n } else {\n scopeList = scopes;\n }\n logger.getToken.info(`Using the scopes ${scopes}`);\n\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n try {\n scopeList.forEach((scope) => {\n ensureValidScopeForDevTimeCreds(scope, logger);\n });\n const obj = await developerCliCredentialInternals.getAzdAccessToken(\n scopeList,\n tenantId,\n this.timeout,\n options.claims,\n );\n const isMFARequiredError =\n obj.stderr?.match(\"must use multi-factor authentication\") \|\|\n obj.stderr?.match(\"reauthentication required\");\n const isNotLoggedInError =\n obj.stderr?.match(\"not logged in, run `azd login` to login\") \|\|\n obj.stderr?.match(\"not logged in, run `azd auth login` to login\");\n const isNotInstallError =\n obj.stderr?.match(\"azd:(.)not found\") \|\|\n obj.stderr?.startsWith(\"'azd' is not recognized\");\n if (isNotInstallError \|\| (obj.error && (obj.error as any).code === \"ENOENT\")) {\n const error = new CredentialUnavailableError(\n azureDeveloperCliPublicErrorMessages.notInstalled,\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n if (isNotLoggedInError) {\n const error = new CredentialUnavailableError(azureDeveloperCliPublicErrorMessages.login);\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n if (isMFARequiredError) {\n const scope = scopeList\n .reduce<string[]>((previous, current) => previous.concat(\"--scope\", current), [])\n .join(\" \");\n const loginCmd = `azd auth login ${scope}`;\n const error = new CredentialUnavailableError(\n `${azureDeveloperCliPublicErrorMessages.claim} ${loginCmd}`,\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n try {\n const resp: { token: string; expiresOn: string } = JSON.parse(obj.stdout);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: resp.token,\n expiresOnTimestamp: new Date(resp.expiresOn).getTime(),\n tokenType: \"Bearer\",\n } as AccessToken;\n } catch (e: any) {\n if (obj.stderr) {\n throw new CredentialUnavailableError(obj.stderr);\n }\n throw e;\n }\n } catch (err: any) {\n const error =\n err.name === \"CredentialUnavailableError\"\n ? err\n : new CredentialUnavailableError(\n (err as Error).message \|\| azureDeveloperCliPublicErrorMessages.unknown,\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n });\n }\n}\n"]}

package/dist/workerd/credentials/azurePowerShellCredential.d.ts CHANGED Viewed

@@ -21,6 +21,7 @@ export declare const powerShellErrors: {
 export declare const powerShellPublicErrorMessages: {
     login: string;
     installed: string;
+    claim: string;
     troubleshoot: string;
 };
 /**

package/dist/workerd/credentials/azurePowerShellCredential.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azurePowerShellCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AAS9F;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAMzD;AAuBD;;;GAGG;AACH,eAAO,MAAM,gBAAgB;;;CAI5B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,6BAA6B~~;;;;CAKzC~~,CAAC;AAUF;;;;GAIG;AACH,eAAO,MAAM,YAAY,UAA0B,CAAC;AAMpD;;;;GAIG;AACH,qBAAa,yBAA0B,YAAW,eAAe;IAC/D,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,OAAO,CAAC,CAAS;IAEzB;;;;;;;;;;OAUG;gBACS,OAAO,CAAC,EAAE,gCAAgC;IAWtD;;;OAGG;YACW,6BAA6B;IAwE3C;;;;;;OAMG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;~~CAwCxB~~;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAyB/C"}
1	+ {"version":3,"file":"azurePowerShellCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AAS9F;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAMzD;AAuBD;;;GAGG;AACH,eAAO,MAAM,gBAAgB;;;CAI5B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,6BAA6B;;;;;CAOzC,CAAC;AAUF;;;;GAIG;AACH,eAAO,MAAM,YAAY,UAA0B,CAAC;AAMpD;;;;GAIG;AACH,qBAAa,yBAA0B,YAAW,eAAe;IAC/D,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,OAAO,CAAC,CAAS;IAEzB;;;;;;;;;;OAUG;gBACS,OAAO,CAAC,EAAE,gCAAgC;IAWtD;;;OAGG;YACW,6BAA6B;IAwE3C;;;;;;OAMG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;CA0DxB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAyB/C"}

package/dist/workerd/credentials/azurePowerShellCredential.js CHANGED Viewed

@@ -53,6 +53,7 @@ export const powerShellErrors = {
 export const powerShellPublicErrorMessages = {
     login: "Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.",
     installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: "Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force".`,
+    claim: "This credential doesn't support claims challenges. To authenticate with the required claims, please run the following command:",
     troubleshoot: `To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`,
 };
 // PowerShell Azure User not logged in error check.
@@ -175,8 +176,20 @@ export class AzurePowerShellCredential {
      */
     async getToken(scopes, options = {}) {
         return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
-            const tenantId = processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds);
             const scope = typeof scopes === "string" ? scopes : scopes[0];
+            const claimsValue = options.claims;
+            if (claimsValue && claimsValue.trim()) {
+                const encodedClaims = btoa(claimsValue);
+                let loginCmd = `Connect-AzAccount -ClaimsChallenge ${encodedClaims}`;
+                const tenantIdFromOptions = options.tenantId;
+                if (tenantIdFromOptions) {
+                    loginCmd += ` -Tenant ${tenantIdFromOptions}`;
+                }
+                const error = new CredentialUnavailableError(`${powerShellPublicErrorMessages.claim} ${loginCmd}`);
+                logger.getToken.info(formatError(scope, error));
+                throw error;
+            }
+            const tenantId = processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds);
             if (tenantId) {
                 checkTenantId(logger, tenantId);
             }

package/dist/workerd/credentials/azurePowerShellCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azurePowerShellCredential.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAE,+BAA+B,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAG1F,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;AAE/C;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,GAAG,WAAW,MAAM,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,OAAO,WAAW,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,WAAW,CAAC,QAAoB,EAAE,OAAgB;IAC/D,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,EAAE,GAAG,UAAU,CAAC,GAAG,OAAO,CAAC;QACtC,MAAM,MAAM,GAAG,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YAC5D,QAAQ,EAAE,MAAM;YAChB,OAAO;SACR,CAAC,CAAW,CAAC;QAEd,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,KAAK,EAAE,gCAAgC;IACvC,SAAS,EACP,uIAAuI;CAC1I,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG;IAC3C,KAAK,EACH,8FAA8F;IAChG,SAAS,EAAE,4KAA4K;IACvL,YAAY,EAAE,4FAA4F;CAC3G,CAAC;AAEF,mDAAmD;AACnD,MAAM,YAAY,GAA4C,CAAC,GAAU,EAAE,EAAE,CAC3E,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,KAAK,MAAM,CAAC,CAAC;AAEzD,qDAAqD;AACrD,MAAM,mBAAmB,GAA4C,CAAC,GAAU,EAAE,EAAE,CAClF,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;AAEhD;;;;GAIG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAEpD,IAAI,SAAS,EAAE,CAAC;IACd,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC;AACjD,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,yBAAyB;IAC5B,QAAQ,CAAU;IAClB,4BAA4B,CAAW;IACvC,OAAO,CAAU;IAEzB;;;;;;;;;;OAUG;IACH,YAAY,OAA0C;QACpD,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,EAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,6BAA6B,CACzC,QAAgB,EAChB,QAAiB,EACjB,OAAgB;QAEhB,uDAAuD;QACvD,KAAK,MAAM,iBAAiB,IAAI,CAAC,GAAG,YAAY,CAAC,EAAE,CAAC;YAClD,IAAI,CAAC;gBACH,MAAM,WAAW,CAAC,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,gFAAgF;gBAChF,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,SAAS;YACX,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;gBAChC;oBACE,iBAAiB;oBACjB,YAAY;oBACZ,iBAAiB;oBACjB,UAAU;oBACV;yBACe,QAAQ,IAAI,EAAE;;;;;6BAKV,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAmC1B;iBACF;aACF,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC1B,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YACrF,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,QAAQ,EAAE,CAAC;gBACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAClC,CAAC;YACD,IAAI,CAAC;gBACH,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAC/C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBACjD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBACzC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC5F,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO;oBACL,KAAK,EAAE,QAAQ,CAAC,KAAK;oBACrB,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;oBAC1D,SAAS,EAAE,QAAQ;iBACL,CAAC;YACnB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,SAAS,CAAC,CAAC;oBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;gBACd,CAAC;qBAAM,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,KAAK,CAAC,CAAC;oBAClF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,GAAG,GAAG,KAAK,6BAA6B,CAAC,YAAY,EAAE,CACxD,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBAChD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAc;IAEd,MAAM,SAAS,GAAG,WAAW,CAAC;IAC9B,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACxC,IAAI,kBAAkB,GAAG,MAAM,CAAC;IAChC,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,CAAC;YACH,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;gBAC3B,IAAI,CAAC;oBACH,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBACrC,IAAI,WAAW,EAAE,KAAK,EAAE,CAAC;wBACvB,kBAAkB,GAAG,kBAAkB,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;wBAC1D,IAAI,kBAAkB,EAAE,CAAC;4BACvB,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;wBAC9C,CAAC;wBACD,OAAO,WAAW,CAAC;oBACrB,CAAC;gBACH,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,SAAS;gBACX,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,8DAA8D,MAAM,EAAE,CAAC,CAAC;QAC1F,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,yDAAyD,MAAM,EAAE,CAAC,CAAC;AACrF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging.js\";\nimport { ensureValidScopeForDevTimeCreds, getScopeResource } from \"../util/scopeUtils.js\";\n\nimport type { AzurePowerShellCredentialOptions } from \"./azurePowerShellCredentialOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport { processUtils } from \"../util/processUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst logger = credentialLogger(\"AzurePowerShellCredential\");\n\nconst isWindows = process.platform === \"win32\";\n\n/*\n Returns a platform-appropriate command name by appending \".exe\" on Windows.\n \n @internal\n /\nexport function formatCommand(commandName: string): string {\n if (isWindows) {\n return `${commandName}.exe`;\n } else {\n return commandName;\n }\n}\n\n/\n Receives a list of commands to run, executes them, then returns the outputs.\n * If anything fails, an error is thrown.\n * @internal\n /\nasync function runCommands(commands: string[][], timeout?: number): Promise<string[]> {\n const results: string[] = [];\n\n for (const command of commands) {\n const [file, ...parameters] = command;\n const result = (await processUtils.execFile(file, parameters, {\n encoding: \"utf8\",\n timeout,\n })) as string;\n\n results.push(result);\n }\n\n return results;\n}\n\n/\n Known PowerShell errors\n * @internal\n /\nexport const powerShellErrors = {\n login: \"Run Connect-AzAccount to login\",\n installed:\n \"The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory\",\n};\n\n/\n Messages to use when throwing in this credential.\n * @internal\n /\nexport const powerShellPublicErrorMessages = {\n login:\n \"Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.\",\n installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: \"Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force\".`,\n troubleshoot: `To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`,\n};\n\n// PowerShell Azure User not logged in error check.\nconst isLoginError: (err: Error) => RegExpMatchArray \| null = (err: Error) =>\n err.message.match(`(.)${powerShellErrors.login}(.)`);\n\n// Az Module not Installed in Azure PowerShell check.\nconst isNotInstalledError: (err: Error) => RegExpMatchArray \| null = (err: Error) =>\n err.message.match(powerShellErrors.installed);\n\n/\n The PowerShell commands to be tried, in order.\n \n @internal\n /\nexport const commandStack = [formatCommand(\"pwsh\")];\n\nif (isWindows) {\n commandStack.push(formatCommand(\"powershell\"));\n}\n\n/\n This credential will use the currently logged-in user information from the\n * Azure PowerShell module. To do so, it will read the user access token and\n * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`\n /\nexport class AzurePowerShellCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /\n Creates an instance of the {@link AzurePowerShellCredential}.\n \n To use this credential:\n * - Install the Azure Az PowerShell module with:\n * `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.\n * - You have already logged in to Azure PowerShell using the command\n * `Connect-AzAccount` from the command line.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzurePowerShellCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /\n Gets the access token from Azure PowerShell\n * @param resource - The resource to use when getting the token\n /\n private async getAzurePowerShellAccessToken(\n resource: string,\n tenantId?: string,\n timeout?: number,\n ): Promise<{ Token: string; ExpiresOn: string }> {\n // Clone the stack to avoid mutating it while iterating\n for (const powerShellCommand of [...commandStack]) {\n try {\n await runCommands([[powerShellCommand, \"/?\"]], timeout);\n } catch (e: any) {\n // Remove this credential from the original stack so that we don't try it again.\n commandStack.shift();\n continue;\n }\n\n const results = await runCommands([\n [\n powerShellCommand,\n \"-NoProfile\",\n \"-NonInteractive\",\n \"-Command\",\n `\n $tenantId = \"${tenantId ?? \"\"}\"\n $m = Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru\n $useSecureString = $m.Version -ge [version]'2.17.0' -and $m.Version -lt [version]'5.0.0'\n\n $params = @{\n ResourceUrl = \"${resource}\"\n }\n\n if ($tenantId.Length -gt 0) {\n $params[\"TenantId\"] = $tenantId\n }\n\n if ($useSecureString) {\n $params[\"AsSecureString\"] = $true\n }\n\n $token = Get-AzAccessToken @params\n\n $result = New-Object -TypeName PSObject\n $result \| Add-Member -MemberType NoteProperty -Name ExpiresOn -Value $token.ExpiresOn\n\n if ($token.Token -is [System.Security.SecureString]) {\n if ($PSVersionTable.PSVersion.Major -lt 7) {\n $ssPtr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($token.Token)\n try {\n $result \| Add-Member -MemberType NoteProperty -Name Token -Value ([System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ssPtr))\n }\n finally {\n [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ssPtr)\n }\n }\n else {\n $result \| Add-Member -MemberType NoteProperty -Name Token -Value ($token.Token \| ConvertFrom-SecureString -AsPlainText)\n }\n }\n else {\n $result \| Add-Member -MemberType NoteProperty -Name Token -Value $token.Token\n }\n\n Write-Output (ConvertTo-Json $result)\n `,\n ],\n ]);\n\n const result = results[0];\n return parseJsonToken(result);\n }\n throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken> {\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n );\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n try {\n ensureValidScopeForDevTimeCreds(scope, logger);\n logger.getToken.info(`Using the scope ${scope}`);\n const resource = getScopeResource(scope);\n const response = await this.getAzurePowerShellAccessToken(resource, tenantId, this.timeout);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: response.Token,\n expiresOnTimestamp: new Date(response.ExpiresOn).getTime(),\n tokenType: \"Bearer\",\n } as AccessToken;\n } catch (err: any) {\n if (isNotInstalledError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);\n logger.getToken.info(formatError(scope, error));\n throw error;\n } else if (isLoginError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n const error = new CredentialUnavailableError(\n `${err}. ${powerShellPublicErrorMessages.troubleshoot}`,\n );\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n });\n }\n}\n\n/\n \n * @internal\n /\nexport async function parseJsonToken(\n result: string,\n): Promise<{ Token: string; ExpiresOn: string }> {\n const jsonRegex = /{[^{}]}/g;\n const matches = result.match(jsonRegex);\n let resultWithoutToken = result;\n if (matches) {\n try {\n for (const item of matches) {\n try {\n const jsonContent = JSON.parse(item);\n if (jsonContent?.Token) {\n resultWithoutToken = resultWithoutToken.replace(item, \"\");\n if (resultWithoutToken) {\n logger.getToken.warning(resultWithoutToken);\n }\n return jsonContent;\n }\n } catch (e) {\n continue;\n }\n }\n } catch (e: any) {\n throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);\n }\n }\n throw new Error(`No access token found in the output. Received output: ${result}`);\n}\n"]}
1	+ {"version":3,"file":"azurePowerShellCredential.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAE,+BAA+B,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAG1F,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;AAE/C;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,GAAG,WAAW,MAAM,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,OAAO,WAAW,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,WAAW,CAAC,QAAoB,EAAE,OAAgB;IAC/D,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,EAAE,GAAG,UAAU,CAAC,GAAG,OAAO,CAAC;QACtC,MAAM,MAAM,GAAG,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YAC5D,QAAQ,EAAE,MAAM;YAChB,OAAO;SACR,CAAC,CAAW,CAAC;QAEd,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,KAAK,EAAE,gCAAgC;IACvC,SAAS,EACP,uIAAuI;CAC1I,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG;IAC3C,KAAK,EACH,8FAA8F;IAChG,SAAS,EAAE,4KAA4K;IACvL,KAAK,EACH,gIAAgI;IAClI,YAAY,EAAE,4FAA4F;CAC3G,CAAC;AAEF,mDAAmD;AACnD,MAAM,YAAY,GAA4C,CAAC,GAAU,EAAE,EAAE,CAC3E,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,KAAK,MAAM,CAAC,CAAC;AAEzD,qDAAqD;AACrD,MAAM,mBAAmB,GAA4C,CAAC,GAAU,EAAE,EAAE,CAClF,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;AAEhD;;;;GAIG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAEpD,IAAI,SAAS,EAAE,CAAC;IACd,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC;AACjD,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,yBAAyB;IAC5B,QAAQ,CAAU;IAClB,4BAA4B,CAAW;IACvC,OAAO,CAAU;IAEzB;;;;;;;;;;OAUG;IACH,YAAY,OAA0C;QACpD,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,EAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,6BAA6B,CACzC,QAAgB,EAChB,QAAiB,EACjB,OAAgB;QAEhB,uDAAuD;QACvD,KAAK,MAAM,iBAAiB,IAAI,CAAC,GAAG,YAAY,CAAC,EAAE,CAAC;YAClD,IAAI,CAAC;gBACH,MAAM,WAAW,CAAC,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,gFAAgF;gBAChF,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,SAAS;YACX,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;gBAChC;oBACE,iBAAiB;oBACjB,YAAY;oBACZ,iBAAiB;oBACjB,UAAU;oBACV;yBACe,QAAQ,IAAI,EAAE;;;;;6BAKV,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAmC1B;iBACF;aACF,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC1B,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YACrF,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAE9D,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC;YACnC,IAAI,WAAW,IAAI,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;gBACtC,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;gBACxC,IAAI,QAAQ,GAAG,sCAAsC,aAAa,EAAE,CAAC;gBAErE,MAAM,mBAAmB,GAAG,OAAO,CAAC,QAAQ,CAAC;gBAC7C,IAAI,mBAAmB,EAAE,CAAC;oBACxB,QAAQ,IAAI,YAAY,mBAAmB,EAAE,CAAC;gBAChD,CAAC;gBACD,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,GAAG,6BAA6B,CAAC,KAAK,IAAI,QAAQ,EAAE,CACrD,CAAC;gBAEF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBAChD,MAAM,KAAK,CAAC;YACd,CAAC;YAED,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,IAAI,QAAQ,EAAE,CAAC;gBACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAClC,CAAC;YACD,IAAI,CAAC;gBACH,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAC/C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBACjD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBACzC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC5F,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO;oBACL,KAAK,EAAE,QAAQ,CAAC,KAAK;oBACrB,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;oBAC1D,SAAS,EAAE,QAAQ;iBACL,CAAC;YACnB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,SAAS,CAAC,CAAC;oBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;gBACd,CAAC;qBAAM,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,KAAK,CAAC,CAAC;oBAClF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,GAAG,GAAG,KAAK,6BAA6B,CAAC,YAAY,EAAE,CACxD,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBAChD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAc;IAEd,MAAM,SAAS,GAAG,WAAW,CAAC;IAC9B,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACxC,IAAI,kBAAkB,GAAG,MAAM,CAAC;IAChC,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,CAAC;YACH,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;gBAC3B,IAAI,CAAC;oBACH,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBACrC,IAAI,WAAW,EAAE,KAAK,EAAE,CAAC;wBACvB,kBAAkB,GAAG,kBAAkB,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;wBAC1D,IAAI,kBAAkB,EAAE,CAAC;4BACvB,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;wBAC9C,CAAC;wBACD,OAAO,WAAW,CAAC;oBACrB,CAAC;gBACH,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,SAAS;gBACX,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,8DAA8D,MAAM,EAAE,CAAC,CAAC;QAC1F,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,yDAAyD,MAAM,EAAE,CAAC,CAAC;AACrF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging.js\";\nimport { ensureValidScopeForDevTimeCreds, getScopeResource } from \"../util/scopeUtils.js\";\n\nimport type { AzurePowerShellCredentialOptions } from \"./azurePowerShellCredentialOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport { processUtils } from \"../util/processUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst logger = credentialLogger(\"AzurePowerShellCredential\");\n\nconst isWindows = process.platform === \"win32\";\n\n/*\n Returns a platform-appropriate command name by appending \".exe\" on Windows.\n \n @internal\n /\nexport function formatCommand(commandName: string): string {\n if (isWindows) {\n return `${commandName}.exe`;\n } else {\n return commandName;\n }\n}\n\n/\n Receives a list of commands to run, executes them, then returns the outputs.\n * If anything fails, an error is thrown.\n * @internal\n /\nasync function runCommands(commands: string[][], timeout?: number): Promise<string[]> {\n const results: string[] = [];\n\n for (const command of commands) {\n const [file, ...parameters] = command;\n const result = (await processUtils.execFile(file, parameters, {\n encoding: \"utf8\",\n timeout,\n })) as string;\n\n results.push(result);\n }\n\n return results;\n}\n\n/\n Known PowerShell errors\n * @internal\n /\nexport const powerShellErrors = {\n login: \"Run Connect-AzAccount to login\",\n installed:\n \"The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory\",\n};\n\n/\n Messages to use when throwing in this credential.\n * @internal\n /\nexport const powerShellPublicErrorMessages = {\n login:\n \"Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.\",\n installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: \"Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force\".`,\n claim:\n \"This credential doesn't support claims challenges. To authenticate with the required claims, please run the following command:\",\n troubleshoot: `To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`,\n};\n\n// PowerShell Azure User not logged in error check.\nconst isLoginError: (err: Error) => RegExpMatchArray \| null = (err: Error) =>\n err.message.match(`(.)${powerShellErrors.login}(.)`);\n\n// Az Module not Installed in Azure PowerShell check.\nconst isNotInstalledError: (err: Error) => RegExpMatchArray \| null = (err: Error) =>\n err.message.match(powerShellErrors.installed);\n\n/\n The PowerShell commands to be tried, in order.\n \n @internal\n /\nexport const commandStack = [formatCommand(\"pwsh\")];\n\nif (isWindows) {\n commandStack.push(formatCommand(\"powershell\"));\n}\n\n/\n This credential will use the currently logged-in user information from the\n * Azure PowerShell module. To do so, it will read the user access token and\n * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`\n /\nexport class AzurePowerShellCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /\n Creates an instance of the {@link AzurePowerShellCredential}.\n \n To use this credential:\n * - Install the Azure Az PowerShell module with:\n * `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.\n * - You have already logged in to Azure PowerShell using the command\n * `Connect-AzAccount` from the command line.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzurePowerShellCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /\n Gets the access token from Azure PowerShell\n * @param resource - The resource to use when getting the token\n /\n private async getAzurePowerShellAccessToken(\n resource: string,\n tenantId?: string,\n timeout?: number,\n ): Promise<{ Token: string; ExpiresOn: string }> {\n // Clone the stack to avoid mutating it while iterating\n for (const powerShellCommand of [...commandStack]) {\n try {\n await runCommands([[powerShellCommand, \"/?\"]], timeout);\n } catch (e: any) {\n // Remove this credential from the original stack so that we don't try it again.\n commandStack.shift();\n continue;\n }\n\n const results = await runCommands([\n [\n powerShellCommand,\n \"-NoProfile\",\n \"-NonInteractive\",\n \"-Command\",\n `\n $tenantId = \"${tenantId ?? \"\"}\"\n $m = Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru\n $useSecureString = $m.Version -ge [version]'2.17.0' -and $m.Version -lt [version]'5.0.0'\n\n $params = @{\n ResourceUrl = \"${resource}\"\n }\n\n if ($tenantId.Length -gt 0) {\n $params[\"TenantId\"] = $tenantId\n }\n\n if ($useSecureString) {\n $params[\"AsSecureString\"] = $true\n }\n\n $token = Get-AzAccessToken @params\n\n $result = New-Object -TypeName PSObject\n $result \| Add-Member -MemberType NoteProperty -Name ExpiresOn -Value $token.ExpiresOn\n\n if ($token.Token -is [System.Security.SecureString]) {\n if ($PSVersionTable.PSVersion.Major -lt 7) {\n $ssPtr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($token.Token)\n try {\n $result \| Add-Member -MemberType NoteProperty -Name Token -Value ([System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ssPtr))\n }\n finally {\n [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ssPtr)\n }\n }\n else {\n $result \| Add-Member -MemberType NoteProperty -Name Token -Value ($token.Token \| ConvertFrom-SecureString -AsPlainText)\n }\n }\n else {\n $result \| Add-Member -MemberType NoteProperty -Name Token -Value $token.Token\n }\n\n Write-Output (ConvertTo-Json $result)\n `,\n ],\n ]);\n\n const result = results[0];\n return parseJsonToken(result);\n }\n throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken> {\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n\n const claimsValue = options.claims;\n if (claimsValue && claimsValue.trim()) {\n const encodedClaims = btoa(claimsValue);\n let loginCmd = `Connect-AzAccount -ClaimsChallenge ${encodedClaims}`;\n\n const tenantIdFromOptions = options.tenantId;\n if (tenantIdFromOptions) {\n loginCmd += ` -Tenant ${tenantIdFromOptions}`;\n }\n const error = new CredentialUnavailableError(\n `${powerShellPublicErrorMessages.claim} ${loginCmd}`,\n );\n\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n );\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n try {\n ensureValidScopeForDevTimeCreds(scope, logger);\n logger.getToken.info(`Using the scope ${scope}`);\n const resource = getScopeResource(scope);\n const response = await this.getAzurePowerShellAccessToken(resource, tenantId, this.timeout);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: response.Token,\n expiresOnTimestamp: new Date(response.ExpiresOn).getTime(),\n tokenType: \"Bearer\",\n } as AccessToken;\n } catch (err: any) {\n if (isNotInstalledError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);\n logger.getToken.info(formatError(scope, error));\n throw error;\n } else if (isLoginError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n const error = new CredentialUnavailableError(\n `${err}. ${powerShellPublicErrorMessages.troubleshoot}`,\n );\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n });\n }\n}\n\n/\n \n * @internal\n /\nexport async function parseJsonToken(\n result: string,\n): Promise<{ Token: string; ExpiresOn: string }> {\n const jsonRegex = /{[^{}]}/g;\n const matches = result.match(jsonRegex);\n let resultWithoutToken = result;\n if (matches) {\n try {\n for (const item of matches) {\n try {\n const jsonContent = JSON.parse(item);\n if (jsonContent?.Token) {\n resultWithoutToken = resultWithoutToken.replace(item, \"\");\n if (resultWithoutToken) {\n logger.getToken.warning(resultWithoutToken);\n }\n return jsonContent;\n }\n } catch (e) {\n continue;\n }\n }\n } catch (e: any) {\n throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);\n }\n }\n throw new Error(`No access token found in the output. Received output: ${result}`);\n}\n"]}

package/dist/workerd/credentials/defaultAzureCredential.d.ts CHANGED Viewed

@@ -25,10 +25,27 @@ export declare class UnavailableDefaultCredential implements TokenCredential {
  * - {@link AzureCliCredential}
  * - {@link AzurePowerShellCredential}
  * - {@link AzureDeveloperCliCredential}
- * - {@link BrokerCredential}
+ * - BrokerCredential (a broker-enabled credential that requires \@azure/identity-broker is installed)
  *
  * Consult the documentation of these credential types for more information
  * on how they attempt authentication.
+ *
+ * The following example demonstrates how to use the `requiredEnvVars` option to ensure that certain environment variables are set before the `DefaultAzureCredential` is instantiated.
+ * If any of the specified environment variables are missing or empty, an error will be thrown, preventing the application from continuing execution without the necessary configuration.
+ * It also demonstrates how to set the `AZURE_TOKEN_CREDENTIALS` environment variable to control which credentials are included in the chain.
+ * ```ts snippet:defaultazurecredential_requiredEnvVars
+ * import { DefaultAzureCredential } from "@azure/identity";
+ *
+ * const credential = new DefaultAzureCredential({
+ *   requiredEnvVars: [
+ *     "AZURE_CLIENT_ID",
+ *     "AZURE_TENANT_ID",
+ *     "AZURE_CLIENT_SECRET",
+ *     "AZURE_TOKEN_CREDENTIALS",
+ *   ],
+ * });
+ * ```
  */
 export declare class DefaultAzureCredential extends ChainedTokenCredential {
     /**

package/dist/workerd/credentials/defaultAzureCredential.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"defaultAzureCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAO5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAgBxD;;;GAGG;AACH,qBAAa,4BAA6B,YAAW,eAAe;IAClE,iCAAiC,EAAE,MAAM,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;gBAEX,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAKnD,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAM1B;AAED~~;;;;;;;;;;;;;;;;;;GAkBG~~;AACH,qBAAa,sBAAuB,SAAQ,sBAAsB;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,qCAAqC;IAE3D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,uCAAuC;IAE7D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,6BAA6B;~~CAoFpD~~"}
1	+ {"version":3,"file":"defaultAzureCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAO5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAgBxD;;;GAGG;AACH,qBAAa,4BAA6B,YAAW,eAAe;IAClE,iCAAiC,EAAE,MAAM,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;gBAEX,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAKnD,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAM1B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,qBAAa,sBAAuB,SAAQ,sBAAsB;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,qCAAqC;IAE3D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,uCAAuC;IAE7D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,6BAA6B;CAyFpD"}

package/dist/workerd/credentials/defaultAzureCredential.js CHANGED Viewed

@@ -34,13 +34,31 @@ export class UnavailableDefaultCredential {
  * - {@link AzureCliCredential}
  * - {@link AzurePowerShellCredential}
  * - {@link AzureDeveloperCliCredential}
- * - {@link BrokerCredential}
+ * - BrokerCredential (a broker-enabled credential that requires \@azure/identity-broker is installed)
  *
  * Consult the documentation of these credential types for more information
  * on how they attempt authentication.
+ *
+ * The following example demonstrates how to use the `requiredEnvVars` option to ensure that certain environment variables are set before the `DefaultAzureCredential` is instantiated.
+ * If any of the specified environment variables are missing or empty, an error will be thrown, preventing the application from continuing execution without the necessary configuration.
+ * It also demonstrates how to set the `AZURE_TOKEN_CREDENTIALS` environment variable to control which credentials are included in the chain.
+ * ```ts snippet:defaultazurecredential_requiredEnvVars
+ * import { DefaultAzureCredential } from "@azure/identity";
+ *
+ * const credential = new DefaultAzureCredential({
+ *   requiredEnvVars: [
+ *     "AZURE_CLIENT_ID",
+ *     "AZURE_TENANT_ID",
+ *     "AZURE_CLIENT_SECRET",
+ *     "AZURE_TOKEN_CREDENTIALS",
+ *   ],
+ * });
+ * ```
  */
 export class DefaultAzureCredential extends ChainedTokenCredential {
     constructor(options) {
+        validateRequiredEnvVars(options);
         // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.
         const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS
             ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()
@@ -76,7 +94,11 @@ export class DefaultAzureCredential extends ChainedTokenCredential {
                     credentialFunctions = [createDefaultWorkloadIdentityCredential];
                     break;
                 case "managedidentitycredential":
-                    credentialFunctions = [createDefaultManagedIdentityCredential];
+                    // Setting `sendProbeRequest` to false to ensure ManagedIdentityCredential behavior
+                    // is consistent when used standalone in DAC chain or used directly.
+                    credentialFunctions = [
+                        () => createDefaultManagedIdentityCredential({ sendProbeRequest: false }),
+                    ];
                     break;
                 case "visualstudiocodecredential":
                     credentialFunctions = [createDefaultVisualStudioCodeCredential];
@@ -110,7 +132,7 @@ export class DefaultAzureCredential extends ChainedTokenCredential {
         // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason
         const credentials = credentialFunctions.map((createCredentialFn) => {
             try {
-                return createCredentialFn(options);
+                return createCredentialFn(options ?? {});
             }
             catch (err) {
                 logger.warning(`Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`);
@@ -120,4 +142,21 @@ export class DefaultAzureCredential extends ChainedTokenCredential {
         super(...credentials);
     }
 }
+/**
+ * This function checks that all environment variables in `options.requiredEnvVars` are set and non-empty.
+ * If any are missing or empty, it throws an error.
+ */
+function validateRequiredEnvVars(options) {
+    if (options?.requiredEnvVars) {
+        const requiredVars = Array.isArray(options.requiredEnvVars)
+            ? options.requiredEnvVars
+            : [options.requiredEnvVars];
+        const missing = requiredVars.filter((envVar) => !process.env[envVar]);
+        if (missing.length > 0) {
+            const errorMessage = `Required environment ${missing.length === 1 ? "variable" : "variables"} '${missing.join(", ")}' for DefaultAzureCredential ${missing.length === 1 ? "is" : "are"} not set or empty.`;
+            logger.warning(errorMessage);
+            throw new Error(errorMessage);
+        }
+    }
+}
 //# sourceMappingURL=defaultAzureCredential.js.map

package/dist/workerd/credentials/defaultAzureCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAalC,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAIrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EACL,+BAA+B,EAC/B,wCAAwC,EACxC,sCAAsC,EACtC,6BAA6B,EAC7B,sCAAsC,EACtC,uCAAuC,EACvC,uCAAuC,EACvC,kCAAkC,GACnC,MAAM,sCAAsC,CAAC;AAE9C,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IACvC,iCAAiC,CAAS;IAC1C,cAAc,CAAS;IAEvB,YAAY,cAAsB,EAAE,OAAe;QACjD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iCAAiC,GAAG,OAAO,CAAC;IACnD,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,YAAY,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,iCAAiC,EAAE,CACrF,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAsBhE,YAAY,OAAuC;QACjD,2EAA2E;QAC3E,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB;YAC/D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;YAC1D,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,sBAAsB,GAAG;YAC7B,uCAAuC;YACvC,+BAA+B;YAC/B,sCAAsC;YACtC,wCAAwC;YACxC,6BAA6B;SAC9B,CAAC;QACF,MAAM,uBAAuB,GAAG;YAC9B,kCAAkC;YAClC,uCAAuC;YACvC,sCAAsC;SACvC,CAAC;QACF,IAAI,mBAAmB,GAAG,EAAE,CAAC;QAC7B,MAAM,oBAAoB,GACxB,sLAAsL,CAAC;QACzL,mFAAmF;QACnF,kIAAkI;QAClI,IAAI,qBAAqB,EAAE,CAAC;YAC1B,QAAQ,qBAAqB,EAAE,CAAC;gBAC9B,KAAK,KAAK;oBACR,mBAAmB,GAAG,sBAAsB,CAAC;oBAC7C,MAAM;gBACR,KAAK,MAAM;oBACT,mBAAmB,GAAG,uBAAuB,CAAC;oBAC9C,MAAM;gBACR,KAAK,uBAAuB;oBAC1B,mBAAmB,GAAG,CAAC,kCAAkC,CAAC,CAAC;oBAC3D,MAAM;gBACR,KAAK,4BAA4B;oBAC/B,mBAAmB,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBAChE,MAAM;gBACR,KAAK,2BAA2B;oBAC9B,mBAAmB,GAAG,CAAC,sCAAsC,CAAC,CAAC;oBAC/D,MAAM;gBACR,KAAK,4BAA4B;oBAC/B,mBAAmB,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBAChE,MAAM;gBACR,KAAK,oBAAoB;oBACvB,mBAAmB,GAAG,CAAC,+BAA+B,CAAC,CAAC;oBACxD,MAAM;gBACR,KAAK,2BAA2B;oBAC9B,mBAAmB,GAAG,CAAC,sCAAsC,CAAC,CAAC;oBAC/D,MAAM;gBACR,KAAK,6BAA6B;oBAChC,mBAAmB,GAAG,CAAC,wCAAwC,CAAC,CAAC;oBACjE,MAAM;gBACR,OAAO,CAAC,CAAC,CAAC;oBACR,6EAA6E;oBAC7E,gEAAgE;oBAChE,MAAM,YAAY,GAAG,+CAA+C,OAAO,CAAC,GAAG,CAAC,uBAAuB,oEAAoE,oBAAoB,GAAG,CAAC;oBACnM,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBAC7B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2EAA2E;YAC3E,mBAAmB,GAAG,CAAC,GAAG,uBAAuB,EAAE,GAAG,sBAAsB,CAAC,CAAC;QAChF,CAAC;QAED,gLAAgL;QAChL,8DAA8D;QAC9D,6DAA6D;QAC7D,gEAAgE;QAChE,sHAAsH;QACtH,MAAM,WAAW,GAAsB,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YACpF,IAAI,CAAC;gBACH,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CACZ,WAAW,kBAAkB,CAAC,IAAI,iDAAiD,GAAG,EAAE,CACzF,CAAC;gBACF,OAAO,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAChF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;IACxB,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n DefaultAzureCredentialClientIdOptions,\n DefaultAzureCredentialOptions,\n DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\n\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential.js\";\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport {\n createDefaultAzureCliCredential,\n createDefaultAzureDeveloperCliCredential,\n createDefaultAzurePowershellCredential,\n createDefaultBrokerCredential,\n createDefaultManagedIdentityCredential,\n createDefaultVisualStudioCodeCredential,\n createDefaultWorkloadIdentityCredential,\n createDefaultEnvironmentCredential,\n} from \"./defaultAzureCredentialFunctions.js\";\n\nconst logger = credentialLogger(\"DefaultAzureCredential\");\n\n/*\n A no-op credential that logs the reason it was skipped if getToken is called.\n * @internal\n /\nexport class UnavailableDefaultCredential implements TokenCredential {\n credentialUnavailableErrorMessage: string;\n credentialName: string;\n\n constructor(credentialName: string, message: string) {\n this.credentialName = credentialName;\n this.credentialUnavailableErrorMessage = message;\n }\n\n getToken(): Promise<null> {\n logger.getToken.info(\n `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,\n );\n return Promise.resolve(null);\n }\n}\n\n/\n Provides a default {@link ChainedTokenCredential} configuration that works for most\n * applications that use Azure SDK client libraries. For more information, see\n * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).\n \n The following credential types will be tried, in order:\n \n - {@link EnvironmentCredential}\n * - {@link WorkloadIdentityCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link VisualStudioCodeCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n * - {@link AzureDeveloperCliCredential}\n * - {@link BrokerCredential}\n \n Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n /\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n /\n Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.\n \n @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n /\n constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n /\n Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.\n \n @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n /\n constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n /\n Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.\n \n @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n */\n constructor(options?: DefaultAzureCredentialOptions);\n\n constructor(options?: DefaultAzureCredentialOptions) {\n // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS\n ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()\n : undefined;\n const devCredentialFunctions = [\n createDefaultVisualStudioCodeCredential,\n createDefaultAzureCliCredential,\n createDefaultAzurePowershellCredential,\n createDefaultAzureDeveloperCliCredential,\n createDefaultBrokerCredential,\n ];\n const prodCredentialFunctions = [\n createDefaultEnvironmentCredential,\n createDefaultWorkloadIdentityCredential,\n createDefaultManagedIdentityCredential,\n ];\n let credentialFunctions = [];\n const validCredentialNames =\n \"EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential\";\n // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.\n // The value of AZURE_TOKEN_CREDENTIALS should be either \"dev\" or \"prod\" or any one of these credentials - {validCredentialNames}.\n if (azureTokenCredentials) {\n switch (azureTokenCredentials) {\n case \"dev\":\n credentialFunctions = devCredentialFunctions;\n break;\n case \"prod\":\n credentialFunctions = prodCredentialFunctions;\n break;\n case \"environmentcredential\":\n credentialFunctions = [createDefaultEnvironmentCredential];\n break;\n case \"workloadidentitycredential\":\n credentialFunctions = [createDefaultWorkloadIdentityCredential];\n break;\n case \"managedidentitycredential\":\n credentialFunctions = [createDefaultManagedIdentityCredential];\n break;\n case \"visualstudiocodecredential\":\n credentialFunctions = [createDefaultVisualStudioCodeCredential];\n break;\n case \"azureclicredential\":\n credentialFunctions = [createDefaultAzureCliCredential];\n break;\n case \"azurepowershellcredential\":\n credentialFunctions = [createDefaultAzurePowershellCredential];\n break;\n case \"azuredeveloperclicredential\":\n credentialFunctions = [createDefaultAzureDeveloperCliCredential];\n break;\n default: {\n // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.\n // This will prevent the creation of the DefaultAzureCredential.\n const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev' or any of these credentials - ${validCredentialNames}.`;\n logger.warning(errorMessage);\n throw new Error(errorMessage);\n }\n }\n } else {\n // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n credentialFunctions = [...prodCredentialFunctions, ...devCredentialFunctions];\n }\n\n // Errors from individual credentials should not be thrown in the DefaultAzureCredential constructor, instead throwing on getToken() which is handled by ChainedTokenCredential.\n // When adding new credentials to the default chain, consider:\n // 1. Making the constructor parameters required and explicit\n // 2. Validating any required parameters in the factory function\n // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason\n const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {\n try {\n return createCredentialFn(options);\n } catch (err: any) {\n logger.warning(\n `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,\n );\n return new UnavailableDefaultCredential(createCredentialFn.name, err.message);\n }\n });\n\n super(...credentials);\n }\n}\n"]}
1	+ {"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAalC,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAIrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EACL,+BAA+B,EAC/B,wCAAwC,EACxC,sCAAsC,EACtC,6BAA6B,EAC7B,sCAAsC,EACtC,uCAAuC,EACvC,uCAAuC,EACvC,kCAAkC,GACnC,MAAM,sCAAsC,CAAC;AAE9C,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IACvC,iCAAiC,CAAS;IAC1C,cAAc,CAAS;IAEvB,YAAY,cAAsB,EAAE,OAAe;QACjD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iCAAiC,GAAG,OAAO,CAAC;IACnD,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,YAAY,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,iCAAiC,EAAE,CACrF,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAsBhE,YAAY,OAAuC;QACjD,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACjC,2EAA2E;QAC3E,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB;YAC/D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;YAC1D,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,sBAAsB,GAAG;YAC7B,uCAAuC;YACvC,+BAA+B;YAC/B,sCAAsC;YACtC,wCAAwC;YACxC,6BAA6B;SAC9B,CAAC;QACF,MAAM,uBAAuB,GAAG;YAC9B,kCAAkC;YAClC,uCAAuC;YACvC,sCAAsC;SACvC,CAAC;QACF,IAAI,mBAAmB,GAAG,EAAE,CAAC;QAC7B,MAAM,oBAAoB,GACxB,sLAAsL,CAAC;QACzL,mFAAmF;QACnF,kIAAkI;QAClI,IAAI,qBAAqB,EAAE,CAAC;YAC1B,QAAQ,qBAAqB,EAAE,CAAC;gBAC9B,KAAK,KAAK;oBACR,mBAAmB,GAAG,sBAAsB,CAAC;oBAC7C,MAAM;gBACR,KAAK,MAAM;oBACT,mBAAmB,GAAG,uBAAuB,CAAC;oBAC9C,MAAM;gBACR,KAAK,uBAAuB;oBAC1B,mBAAmB,GAAG,CAAC,kCAAkC,CAAC,CAAC;oBAC3D,MAAM;gBACR,KAAK,4BAA4B;oBAC/B,mBAAmB,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBAChE,MAAM;gBACR,KAAK,2BAA2B;oBAC9B,mFAAmF;oBACnF,oEAAoE;oBACpE,mBAAmB,GAAG;wBACpB,GAAG,EAAE,CAAC,sCAAsC,CAAC,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;qBAC1E,CAAC;oBACF,MAAM;gBACR,KAAK,4BAA4B;oBAC/B,mBAAmB,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBAChE,MAAM;gBACR,KAAK,oBAAoB;oBACvB,mBAAmB,GAAG,CAAC,+BAA+B,CAAC,CAAC;oBACxD,MAAM;gBACR,KAAK,2BAA2B;oBAC9B,mBAAmB,GAAG,CAAC,sCAAsC,CAAC,CAAC;oBAC/D,MAAM;gBACR,KAAK,6BAA6B;oBAChC,mBAAmB,GAAG,CAAC,wCAAwC,CAAC,CAAC;oBACjE,MAAM;gBACR,OAAO,CAAC,CAAC,CAAC;oBACR,6EAA6E;oBAC7E,gEAAgE;oBAChE,MAAM,YAAY,GAAG,+CAA+C,OAAO,CAAC,GAAG,CAAC,uBAAuB,oEAAoE,oBAAoB,GAAG,CAAC;oBACnM,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBAC7B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2EAA2E;YAC3E,mBAAmB,GAAG,CAAC,GAAG,uBAAuB,EAAE,GAAG,sBAAsB,CAAC,CAAC;QAChF,CAAC;QAED,gLAAgL;QAChL,8DAA8D;QAC9D,6DAA6D;QAC7D,gEAAgE;QAChE,sHAAsH;QACtH,MAAM,WAAW,GAAsB,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YACpF,IAAI,CAAC;gBACH,OAAO,kBAAkB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;YAC3C,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CACZ,WAAW,kBAAkB,CAAC,IAAI,iDAAiD,GAAG,EAAE,CACzF,CAAC;gBACF,OAAO,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAChF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;IACxB,CAAC;CACF;AAED;;;GAGG;AACH,SAAS,uBAAuB,CAAC,OAAuC;IACtE,IAAI,OAAO,EAAE,eAAe,EAAE,CAAC;QAC7B,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC;YACzD,CAAC,CAAC,OAAO,CAAC,eAAe;YACzB,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAC9B,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,YAAY,GAAG,wBAAwB,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,gCAAgC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,oBAAoB,CAAC;YAC3M,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n DefaultAzureCredentialClientIdOptions,\n DefaultAzureCredentialOptions,\n DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\n\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential.js\";\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport {\n createDefaultAzureCliCredential,\n createDefaultAzureDeveloperCliCredential,\n createDefaultAzurePowershellCredential,\n createDefaultBrokerCredential,\n createDefaultManagedIdentityCredential,\n createDefaultVisualStudioCodeCredential,\n createDefaultWorkloadIdentityCredential,\n createDefaultEnvironmentCredential,\n} from \"./defaultAzureCredentialFunctions.js\";\n\nconst logger = credentialLogger(\"DefaultAzureCredential\");\n\n/*\n A no-op credential that logs the reason it was skipped if getToken is called.\n * @internal\n /\nexport class UnavailableDefaultCredential implements TokenCredential {\n credentialUnavailableErrorMessage: string;\n credentialName: string;\n\n constructor(credentialName: string, message: string) {\n this.credentialName = credentialName;\n this.credentialUnavailableErrorMessage = message;\n }\n\n getToken(): Promise<null> {\n logger.getToken.info(\n `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,\n );\n return Promise.resolve(null);\n }\n}\n\n/\n Provides a default {@link ChainedTokenCredential} configuration that works for most\n * applications that use Azure SDK client libraries. For more information, see\n * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).\n \n The following credential types will be tried, in order:\n \n - {@link EnvironmentCredential}\n * - {@link WorkloadIdentityCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link VisualStudioCodeCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n * - {@link AzureDeveloperCliCredential}\n * - BrokerCredential (a broker-enabled credential that requires \\@azure/identity-broker is installed)\n \n Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n \n The following example demonstrates how to use the `requiredEnvVars` option to ensure that certain environment variables are set before the `DefaultAzureCredential` is instantiated.\n * If any of the specified environment variables are missing or empty, an error will be thrown, preventing the application from continuing execution without the necessary configuration.\n * It also demonstrates how to set the `AZURE_TOKEN_CREDENTIALS` environment variable to control which credentials are included in the chain.\n \n * ```ts snippet:defaultazurecredential_requiredEnvVars\n * import { DefaultAzureCredential } from \"@azure/identity\";\n \n const credential = new DefaultAzureCredential({\n * requiredEnvVars: [\n * \"AZURE_CLIENT_ID\",\n * \"AZURE_TENANT_ID\",\n * \"AZURE_CLIENT_SECRET\",\n * \"AZURE_TOKEN_CREDENTIALS\",\n * ],\n * });\n * ```\n /\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n /\n Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.\n \n @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n /\n constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n /\n Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.\n \n @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n /\n constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n /\n Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.\n \n @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n /\n constructor(options?: DefaultAzureCredentialOptions);\n\n constructor(options?: DefaultAzureCredentialOptions) {\n validateRequiredEnvVars(options);\n // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS\n ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()\n : undefined;\n const devCredentialFunctions = [\n createDefaultVisualStudioCodeCredential,\n createDefaultAzureCliCredential,\n createDefaultAzurePowershellCredential,\n createDefaultAzureDeveloperCliCredential,\n createDefaultBrokerCredential,\n ];\n const prodCredentialFunctions = [\n createDefaultEnvironmentCredential,\n createDefaultWorkloadIdentityCredential,\n createDefaultManagedIdentityCredential,\n ];\n let credentialFunctions = [];\n const validCredentialNames =\n \"EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential\";\n // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.\n // The value of AZURE_TOKEN_CREDENTIALS should be either \"dev\" or \"prod\" or any one of these credentials - {validCredentialNames}.\n if (azureTokenCredentials) {\n switch (azureTokenCredentials) {\n case \"dev\":\n credentialFunctions = devCredentialFunctions;\n break;\n case \"prod\":\n credentialFunctions = prodCredentialFunctions;\n break;\n case \"environmentcredential\":\n credentialFunctions = [createDefaultEnvironmentCredential];\n break;\n case \"workloadidentitycredential\":\n credentialFunctions = [createDefaultWorkloadIdentityCredential];\n break;\n case \"managedidentitycredential\":\n // Setting `sendProbeRequest` to false to ensure ManagedIdentityCredential behavior\n // is consistent when used standalone in DAC chain or used directly.\n credentialFunctions = [\n () => createDefaultManagedIdentityCredential({ sendProbeRequest: false }),\n ];\n break;\n case \"visualstudiocodecredential\":\n credentialFunctions = [createDefaultVisualStudioCodeCredential];\n break;\n case \"azureclicredential\":\n credentialFunctions = [createDefaultAzureCliCredential];\n break;\n case \"azurepowershellcredential\":\n credentialFunctions = [createDefaultAzurePowershellCredential];\n break;\n case \"azuredeveloperclicredential\":\n credentialFunctions = [createDefaultAzureDeveloperCliCredential];\n break;\n default: {\n // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.\n // This will prevent the creation of the DefaultAzureCredential.\n const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev' or any of these credentials - ${validCredentialNames}.`;\n logger.warning(errorMessage);\n throw new Error(errorMessage);\n }\n }\n } else {\n // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n credentialFunctions = [...prodCredentialFunctions, ...devCredentialFunctions];\n }\n\n // Errors from individual credentials should not be thrown in the DefaultAzureCredential constructor, instead throwing on getToken() which is handled by ChainedTokenCredential.\n // When adding new credentials to the default chain, consider:\n // 1. Making the constructor parameters required and explicit\n // 2. Validating any required parameters in the factory function\n // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason\n const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {\n try {\n return createCredentialFn(options ?? {});\n } catch (err: any) {\n logger.warning(\n `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,\n );\n return new UnavailableDefaultCredential(createCredentialFn.name, err.message);\n }\n });\n\n super(...credentials);\n }\n}\n\n/\n This function checks that all environment variables in `options.requiredEnvVars` are set and non-empty.\n * If any are missing or empty, it throws an error.\n */\nfunction validateRequiredEnvVars(options?: DefaultAzureCredentialOptions) {\n if (options?.requiredEnvVars) {\n const requiredVars = Array.isArray(options.requiredEnvVars)\n ? options.requiredEnvVars\n : [options.requiredEnvVars];\n const missing = requiredVars.filter((envVar) => !process.env[envVar]);\n if (missing.length > 0) {\n const errorMessage = `Required environment ${missing.length === 1 ? \"variable\" : \"variables\"} '${missing.join(\", \")}' for DefaultAzureCredential ${missing.length === 1 ? \"is\" : \"are\"} not set or empty.`;\n logger.warning(errorMessage);\n throw new Error(errorMessage);\n }\n }\n}\n"]}

package/dist/workerd/credentials/defaultAzureCredentialFunctions.d.ts CHANGED Viewed

@@ -23,7 +23,9 @@ export declare function createDefaultVisualStudioCodeCredential(options?: Defaul
  *
  * @internal
  */
-export declare function createDefaultManagedIdentityCredential(options?: DefaultAzureCredentialOptions | DefaultAzureCredentialResourceIdOptions | DefaultAzureCredentialClientIdOptions): TokenCredential;
+export declare function createDefaultManagedIdentityCredential(options?: (DefaultAzureCredentialOptions | DefaultAzureCredentialResourceIdOptions | DefaultAzureCredentialClientIdOptions) & {
+    sendProbeRequest?: boolean;
+}): TokenCredential;
 /**
  * Creates a {@link WorkloadIdentityCredential} from the provided options.
  * @param options - Options to configure the credential.

package/dist/workerd/credentials/defaultAzureCredentialFunctions.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"defaultAzureCredentialFunctions.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialFunctions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAe5C;;;;;;;;GAQG;AACH,wBAAgB,6BAA6B,CAC3C,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,uCAAuC,CACrD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,~~GACH~~,6BAA6B,GAC7B,uCAAuC,GACvC,~~qCAA0C~~,~~GAC7C~~,eAAe,~~CA8CjB~~;AAED;;;;;GAKG;AACH,wBAAgB,uCAAuC,CACrD,OAAO,CAAC,EAAE,6BAA6B,GAAG,qCAAqC,GAC9E,eAAe,CA4BjB;AAED;;;;;GAKG;AACH,wBAAgB,wCAAwC,CACtD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,+BAA+B,CAC7C,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,kCAAkC,CAChD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB"}
1	+ {"version":3,"file":"defaultAzureCredentialFunctions.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialFunctions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAe5C;;;;;;;;GAQG;AACH,wBAAgB,6BAA6B,CAC3C,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,uCAAuC,CACrD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GAAE,CACL,6BAA6B,GAC7B,uCAAuC,GACvC,qCAAqC,CACxC,GAAG;IAAE,gBAAgB,CAAC,EAAE,OAAO,CAAA;CAAO,GACtC,eAAe,CAkDjB;AAED;;;;;GAKG;AACH,wBAAgB,uCAAuC,CACrD,OAAO,CAAC,EAAE,6BAA6B,GAAG,qCAAqC,GAC9E,eAAe,CA4BjB;AAED;;;;;GAKG;AACH,wBAAgB,wCAAwC,CACtD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,+BAA+B,CAC7C,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,kCAAkC,CAChD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB"}

package/dist/workerd/credentials/defaultAzureCredentialFunctions.js CHANGED Viewed

@@ -40,6 +40,10 @@ export function createDefaultManagedIdentityCredential(options = {}) {
         maxRetries: 5,
         retryDelayInMs: 800,
     };
+    // ManagedIdentityCredential inside DAC chain should send a probe request by default.
+    // This is different from standalone ManagedIdentityCredential behavior
+    // or when AZURE_TOKEN_CREDENTIALS is set to only ManagedIdentityCredential.
+    options.sendProbeRequest ??= true;
     const managedIdentityClientId = options?.managedIdentityClientId ??
         process.env.AZURE_CLIENT_ID;
     const workloadIdentityClientId = options?.workloadIdentityClientId ??

package/dist/workerd/credentials/defaultAzureCredentialFunctions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"defaultAzureCredentialFunctions.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialFunctions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAQlC,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAKnE,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAE3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD;;;;;;;;GAQG;AACH,MAAM,UAAU,6BAA6B,CAC3C,UAAyC,EAAE;IAE3C,OAAO,IAAI,gBAAgB,CAAC,OAAO,CAAC,CAAC;AACvC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uCAAuC,CACrD,UAAyC,EAAE;IAE3C,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAG4C,EAAE;IAE9C,OAAO,CAAC,YAAY,KAAK;QACvB,UAAU,EAAE,CAAC;QACb,cAAc,EAAE,GAAG;KACpB,CAAC;IACF,MAAM,uBAAuB,GAC1B,OAAiD,EAAE,uBAAuB;QAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC3B,OAAiD,EAAE,wBAAwB;QAC5E,uBAAuB,CAAC;IAC1B,MAAM,iBAAiB,GAAI,OAAmD;QAC5E,EAAE,yBAAyB,CAAC;IAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,gCAAgC,GAA+C;YACnF,GAAG,OAAO;YACV,UAAU,EAAE,iBAAiB;SAC9B,CAAC;QACF,OAAO,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,GAAkC;YACvE,GAAG,OAAO;YACV,QAAQ,EAAE,QAAQ;SACnB,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAClC,wBAAwB,EACxB,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,4BAA4B,GAA6C;YAC7E,GAAG,OAAO;YACV,QAAQ,EAAE,uBAAuB;SAClC,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAAC,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uCAAuC,CACrD,OAA+E;IAE/E,MAAM,uBAAuB,GAC1B,OAAiD,EAAE,uBAAuB;QAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC3B,OAAiD,EAAE,wBAAwB;QAC5E,uBAAuB,CAAC;IAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,GAAsC;YAC3E,GAAG,OAAO;YACV,QAAQ;YACR,QAAQ,EAAE,wBAAwB;YAClC,aAAa,EAAE,YAAY;SAC5B,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,iCAAiC,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,mCAAmC,GAAsC;YAC7E,GAAG,OAAO;YACV,QAAQ;SACT,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,mCAAmC,CAAC,CAAC;IAC7E,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wCAAwC,CACtD,UAAyC,EAAE;IAE3C,OAAO,IAAI,2BAA2B,CAAC,OAAO,CAAC,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,+BAA+B,CAC7C,UAAyC,EAAE;IAE3C,OAAO,IAAI,kBAAkB,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAAyC,EAAE;IAE3C,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kCAAkC,CAChD,UAAyC,EAAE;IAE3C,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport type {\n DefaultAzureCredentialClientIdOptions,\n DefaultAzureCredentialOptions,\n DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type {\n ManagedIdentityCredentialClientIdOptions,\n ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential/options.js\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential.js\";\nimport { BrokerCredential } from \"./brokerCredential.js\";\n\n/*\n Creates a {@link BrokerCredential} instance with the provided options.\n * This credential uses the Windows Authentication Manager (WAM) broker for authentication.\n * It will only attempt to authenticate silently using the default broker account\n \n @param options - Options for configuring the credential.\n \n @internal\n /\nexport function createDefaultBrokerCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new BrokerCredential(options);\n}\n\n/\n Creates a {@link VisualStudioCodeCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n /\nexport function createDefaultVisualStudioCodeCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new VisualStudioCodeCredential(options);\n}\n\n/\n Creates a {@link ManagedIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n /\nexport function createDefaultManagedIdentityCredential(\n options:\n \| DefaultAzureCredentialOptions\n \| DefaultAzureCredentialResourceIdOptions\n \| DefaultAzureCredentialClientIdOptions = {},\n): TokenCredential {\n options.retryOptions ??= {\n maxRetries: 5,\n retryDelayInMs: 800,\n };\n const managedIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n process.env.AZURE_CLIENT_ID;\n const workloadIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n managedIdentityClientId;\n const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n ?.managedIdentityResourceId;\n const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n if (managedResourceId) {\n const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n ...options,\n resourceId: managedResourceId,\n };\n return new ManagedIdentityCredential(managedIdentityResourceIdOptions);\n }\n\n if (workloadFile && workloadIdentityClientId) {\n const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n ...options,\n tenantId: tenantId,\n };\n\n return new ManagedIdentityCredential(\n workloadIdentityClientId,\n workloadIdentityCredentialOptions,\n );\n }\n\n if (managedIdentityClientId) {\n const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n ...options,\n clientId: managedIdentityClientId,\n };\n\n return new ManagedIdentityCredential(managedIdentityClientOptions);\n }\n\n // We may be able to return a UnavailableCredential here, but that may be a breaking change\n return new ManagedIdentityCredential(options);\n}\n\n/\n Creates a {@link WorkloadIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n /\nexport function createDefaultWorkloadIdentityCredential(\n options?: DefaultAzureCredentialOptions \| DefaultAzureCredentialClientIdOptions,\n): TokenCredential {\n const managedIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n process.env.AZURE_CLIENT_ID;\n const workloadIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n managedIdentityClientId;\n const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n if (workloadFile && workloadIdentityClientId) {\n const workloadIdentityCredentialOptions: WorkloadIdentityCredentialOptions = {\n ...options,\n tenantId,\n clientId: workloadIdentityClientId,\n tokenFilePath: workloadFile,\n };\n return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);\n }\n if (tenantId) {\n const workloadIdentityClientTenantOptions: WorkloadIdentityCredentialOptions = {\n ...options,\n tenantId,\n };\n return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);\n }\n\n // We may be able to return a UnavailableCredential here, but that may be a breaking change\n return new WorkloadIdentityCredential(options);\n}\n\n/\n Creates a {@link AzureDeveloperCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n /\nexport function createDefaultAzureDeveloperCliCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new AzureDeveloperCliCredential(options);\n}\n\n/\n Creates a {@link AzureCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n /\nexport function createDefaultAzureCliCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new AzureCliCredential(options);\n}\n\n/\n Creates a {@link AzurePowerShellCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n /\nexport function createDefaultAzurePowershellCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new AzurePowerShellCredential(options);\n}\n\n/\n Creates an {@link EnvironmentCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n */\nexport function createDefaultEnvironmentCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new EnvironmentCredential(options);\n}\n"]}
1	+ {"version":3,"file":"defaultAzureCredentialFunctions.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialFunctions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAQlC,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAKnE,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAE3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD;;;;;;;;GAQG;AACH,MAAM,UAAU,6BAA6B,CAC3C,UAAyC,EAAE;IAE3C,OAAO,IAAI,gBAAgB,CAAC,OAAO,CAAC,CAAC;AACvC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uCAAuC,CACrD,UAAyC,EAAE;IAE3C,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAIqC,EAAE;IAEvC,OAAO,CAAC,YAAY,KAAK;QACvB,UAAU,EAAE,CAAC;QACb,cAAc,EAAE,GAAG;KACpB,CAAC;IACF,qFAAqF;IACrF,uEAAuE;IACvE,4EAA4E;IAC5E,OAAO,CAAC,gBAAgB,KAAK,IAAI,CAAC;IAClC,MAAM,uBAAuB,GAC1B,OAAiD,EAAE,uBAAuB;QAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC3B,OAAiD,EAAE,wBAAwB;QAC5E,uBAAuB,CAAC;IAC1B,MAAM,iBAAiB,GAAI,OAAmD;QAC5E,EAAE,yBAAyB,CAAC;IAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,gCAAgC,GAA+C;YACnF,GAAG,OAAO;YACV,UAAU,EAAE,iBAAiB;SAC9B,CAAC;QACF,OAAO,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,GAAkC;YACvE,GAAG,OAAO;YACV,QAAQ,EAAE,QAAQ;SACnB,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAClC,wBAAwB,EACxB,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,4BAA4B,GAA6C;YAC7E,GAAG,OAAO;YACV,QAAQ,EAAE,uBAAuB;SAClC,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAAC,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uCAAuC,CACrD,OAA+E;IAE/E,MAAM,uBAAuB,GAC1B,OAAiD,EAAE,uBAAuB;QAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC3B,OAAiD,EAAE,wBAAwB;QAC5E,uBAAuB,CAAC;IAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,GAAsC;YAC3E,GAAG,OAAO;YACV,QAAQ;YACR,QAAQ,EAAE,wBAAwB;YAClC,aAAa,EAAE,YAAY;SAC5B,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,iCAAiC,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,mCAAmC,GAAsC;YAC7E,GAAG,OAAO;YACV,QAAQ;SACT,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,mCAAmC,CAAC,CAAC;IAC7E,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wCAAwC,CACtD,UAAyC,EAAE;IAE3C,OAAO,IAAI,2BAA2B,CAAC,OAAO,CAAC,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,+BAA+B,CAC7C,UAAyC,EAAE;IAE3C,OAAO,IAAI,kBAAkB,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAAyC,EAAE;IAE3C,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kCAAkC,CAChD,UAAyC,EAAE;IAE3C,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport type {\n DefaultAzureCredentialClientIdOptions,\n DefaultAzureCredentialOptions,\n DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type {\n ManagedIdentityCredentialClientIdOptions,\n ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential/options.js\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential.js\";\nimport { BrokerCredential } from \"./brokerCredential.js\";\n\n/*\n Creates a {@link BrokerCredential} instance with the provided options.\n * This credential uses the Windows Authentication Manager (WAM) broker for authentication.\n * It will only attempt to authenticate silently using the default broker account\n \n @param options - Options for configuring the credential.\n \n @internal\n /\nexport function createDefaultBrokerCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new BrokerCredential(options);\n}\n\n/\n Creates a {@link VisualStudioCodeCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n /\nexport function createDefaultVisualStudioCodeCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new VisualStudioCodeCredential(options);\n}\n\n/\n Creates a {@link ManagedIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n /\nexport function createDefaultManagedIdentityCredential(\n options: (\n \| DefaultAzureCredentialOptions\n \| DefaultAzureCredentialResourceIdOptions\n \| DefaultAzureCredentialClientIdOptions\n ) & { sendProbeRequest?: boolean } = {},\n): TokenCredential {\n options.retryOptions ??= {\n maxRetries: 5,\n retryDelayInMs: 800,\n };\n // ManagedIdentityCredential inside DAC chain should send a probe request by default.\n // This is different from standalone ManagedIdentityCredential behavior\n // or when AZURE_TOKEN_CREDENTIALS is set to only ManagedIdentityCredential.\n options.sendProbeRequest ??= true;\n const managedIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n process.env.AZURE_CLIENT_ID;\n const workloadIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n managedIdentityClientId;\n const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n ?.managedIdentityResourceId;\n const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n if (managedResourceId) {\n const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n ...options,\n resourceId: managedResourceId,\n };\n return new ManagedIdentityCredential(managedIdentityResourceIdOptions);\n }\n\n if (workloadFile && workloadIdentityClientId) {\n const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n ...options,\n tenantId: tenantId,\n };\n\n return new ManagedIdentityCredential(\n workloadIdentityClientId,\n workloadIdentityCredentialOptions,\n );\n }\n\n if (managedIdentityClientId) {\n const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n ...options,\n clientId: managedIdentityClientId,\n };\n\n return new ManagedIdentityCredential(managedIdentityClientOptions);\n }\n\n // We may be able to return a UnavailableCredential here, but that may be a breaking change\n return new ManagedIdentityCredential(options);\n}\n\n/\n Creates a {@link WorkloadIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n /\nexport function createDefaultWorkloadIdentityCredential(\n options?: DefaultAzureCredentialOptions \| DefaultAzureCredentialClientIdOptions,\n): TokenCredential {\n const managedIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n process.env.AZURE_CLIENT_ID;\n const workloadIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n managedIdentityClientId;\n const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n if (workloadFile && workloadIdentityClientId) {\n const workloadIdentityCredentialOptions: WorkloadIdentityCredentialOptions = {\n ...options,\n tenantId,\n clientId: workloadIdentityClientId,\n tokenFilePath: workloadFile,\n };\n return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);\n }\n if (tenantId) {\n const workloadIdentityClientTenantOptions: WorkloadIdentityCredentialOptions = {\n ...options,\n tenantId,\n };\n return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);\n }\n\n // We may be able to return a UnavailableCredential here, but that may be a breaking change\n return new WorkloadIdentityCredential(options);\n}\n\n/\n Creates a {@link AzureDeveloperCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n /\nexport function createDefaultAzureDeveloperCliCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new AzureDeveloperCliCredential(options);\n}\n\n/\n Creates a {@link AzureCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n /\nexport function createDefaultAzureCliCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new AzureCliCredential(options);\n}\n\n/\n Creates a {@link AzurePowerShellCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n /\nexport function createDefaultAzurePowershellCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new AzurePowerShellCredential(options);\n}\n\n/\n Creates an {@link EnvironmentCredential} from the provided options.\n * @param options - Options to configure the credential.\n \n @internal\n */\nexport function createDefaultEnvironmentCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new EnvironmentCredential(options);\n}\n"]}

package/dist/workerd/credentials/defaultAzureCredentialOptions.d.ts CHANGED Viewed

@@ -30,6 +30,10 @@ export interface DefaultAzureCredentialResourceIdOptions extends DefaultAzureCre
      */
     managedIdentityResourceId: string;
 }
+/**
+ * The commonly supported environment variables for the {@link DefaultAzureCredential} class.
+ */
+export type DefaultAzureCredentialEnvVars = "AZURE_TOKEN_CREDENTIALS" | "AZURE_CLIENT_ID" | "AZURE_TENANT_ID" | "AZURE_CLIENT_SECRET" | "AZURE_CLIENT_CERTIFICATE_PATH" | "AZURE_CLIENT_CERTIFICATE_PASSWORD" | "AZURE_ADDITIONALLY_ALLOWED_TENANTS" | "AZURE_CLIENT_SEND_CERTIFICATE_CHAIN" | "AZURE_FEDERATED_TOKEN_FILE";
 /**
  * Provides options to configure the {@link DefaultAzureCredential} class.
  */
@@ -45,5 +49,13 @@ export interface DefaultAzureCredentialOptions extends MultiTenantTokenCredentia
      * Process timeout for credentials should be provided in milliseconds.
      */
     processTimeoutInMs?: number;
+    /**
+     * List of environment variables that must be defined at runtime.
+     * If any variable in this list is missing or set to an empty value,
+     * {@link DefaultAzureCredential} constructor will throw an error.
+     * Use this to enforce that your application has the necessary environment configuration before
+     * continuing execution.
+     */
+    requiredEnvVars?: DefaultAzureCredentialEnvVars | DefaultAzureCredentialEnvVars[];
 }
 //# sourceMappingURL=defaultAzureCredentialOptions.d.ts.map

package/dist/workerd/credentials/defaultAzureCredentialOptions.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"defaultAzureCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;;GAGG;AACH,MAAM,WAAW,qCAAsC,SAAQ,6BAA6B;IAC1F;;;OAGG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC;;;OAGG;IACH,wBAAwB,CAAC,EAAE,MAAM,CAAC;CACnC;AAED;;;GAGG;AACH,MAAM,WAAW,uCAAwC,SAAQ,6BAA6B;IAC5F;;;;;;OAMG;IACH,yBAAyB,EAAE,MAAM,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,6BACf,SAAQ,iCAAiC,EACvC,0BAA0B;IAC5B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;~~CAC7B~~"}
1	+ {"version":3,"file":"defaultAzureCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;;GAGG;AACH,MAAM,WAAW,qCAAsC,SAAQ,6BAA6B;IAC1F;;;OAGG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC;;;OAGG;IACH,wBAAwB,CAAC,EAAE,MAAM,CAAC;CACnC;AAED;;;GAGG;AACH,MAAM,WAAW,uCAAwC,SAAQ,6BAA6B;IAC5F;;;;;;OAMG;IACH,yBAAyB,EAAE,MAAM,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,MAAM,6BAA6B,GACrC,yBAAyB,GACzB,iBAAiB,GACjB,iBAAiB,GACjB,qBAAqB,GACrB,+BAA+B,GAC/B,mCAAmC,GACnC,oCAAoC,GACpC,qCAAqC,GACrC,4BAA4B,CAAC;AAEjC;;GAEG;AACH,MAAM,WAAW,6BACf,SAAQ,iCAAiC,EACvC,0BAA0B;IAC5B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;;;;OAMG;IACH,eAAe,CAAC,EAAE,6BAA6B,GAAG,6BAA6B,EAAE,CAAC;CACnF"}

package/dist/workerd/credentials/defaultAzureCredentialOptions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"defaultAzureCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/*\n Provides options to configure the {@link DefaultAzureCredential} class.\n * This variation supports `managedIdentityClientId` and not `managedIdentityResourceId`, since only one of both is supported.\n /\nexport interface DefaultAzureCredentialClientIdOptions extends DefaultAzureCredentialOptions {\n /\n Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.\n * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n /\n managedIdentityClientId?: string;\n /\n Optionally pass in a user assigned client ID to be used by the {@link WorkloadIdentityCredential}.\n * This client ID can also be passed through to the {@link WorkloadIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n /\n workloadIdentityClientId?: string;\n}\n\n/\n Provides options to configure the {@link DefaultAzureCredential} class.\n * This variation supports `managedIdentityResourceId` and not `managedIdentityClientId`, since only one of both is supported.\n /\nexport interface DefaultAzureCredentialResourceIdOptions extends DefaultAzureCredentialOptions {\n /\n Optionally pass in a resource ID to be used by the {@link ManagedIdentityCredential}.\n * In scenarios such as when user assigned identities are created using an ARM template,\n * where the resource Id of the identity is known but the client Id can't be known ahead of time,\n * this parameter allows programs to use these user assigned identities\n * without having to first determine the client Id of the created identity.\n /\n managedIdentityResourceId: string;\n}\n\n/\n Provides options to configure the {@link DefaultAzureCredential} class.\n /\nexport interface DefaultAzureCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions {\n /\n Optionally pass in a Tenant ID to be used as part of the credential.\n * By default it may use a generic tenant ID depending on the underlying credential.\n /\n tenantId?: string;\n\n /\n Timeout configurable for making token requests for developer credentials, namely, {@link AzurePowershellCredential},\n * {@link AzureDeveloperCliCredential} and {@link AzureCliCredential}.\n * Process timeout for credentials should be provided in milliseconds.\n */\n processTimeoutInMs?: number;\n}\n"]}
1	+ {"version":3,"file":"defaultAzureCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/*\n Provides options to configure the {@link DefaultAzureCredential} class.\n * This variation supports `managedIdentityClientId` and not `managedIdentityResourceId`, since only one of both is supported.\n /\nexport interface DefaultAzureCredentialClientIdOptions extends DefaultAzureCredentialOptions {\n /\n Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.\n * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n /\n managedIdentityClientId?: string;\n /\n Optionally pass in a user assigned client ID to be used by the {@link WorkloadIdentityCredential}.\n * This client ID can also be passed through to the {@link WorkloadIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n /\n workloadIdentityClientId?: string;\n}\n\n/\n Provides options to configure the {@link DefaultAzureCredential} class.\n * This variation supports `managedIdentityResourceId` and not `managedIdentityClientId`, since only one of both is supported.\n /\nexport interface DefaultAzureCredentialResourceIdOptions extends DefaultAzureCredentialOptions {\n /\n Optionally pass in a resource ID to be used by the {@link ManagedIdentityCredential}.\n * In scenarios such as when user assigned identities are created using an ARM template,\n * where the resource Id of the identity is known but the client Id can't be known ahead of time,\n * this parameter allows programs to use these user assigned identities\n * without having to first determine the client Id of the created identity.\n /\n managedIdentityResourceId: string;\n}\n\n/\n The commonly supported environment variables for the {@link DefaultAzureCredential} class.\n /\nexport type DefaultAzureCredentialEnvVars =\n \| \"AZURE_TOKEN_CREDENTIALS\"\n \| \"AZURE_CLIENT_ID\"\n \| \"AZURE_TENANT_ID\"\n \| \"AZURE_CLIENT_SECRET\"\n \| \"AZURE_CLIENT_CERTIFICATE_PATH\"\n \| \"AZURE_CLIENT_CERTIFICATE_PASSWORD\"\n \| \"AZURE_ADDITIONALLY_ALLOWED_TENANTS\"\n \| \"AZURE_CLIENT_SEND_CERTIFICATE_CHAIN\"\n \| \"AZURE_FEDERATED_TOKEN_FILE\";\n\n/\n Provides options to configure the {@link DefaultAzureCredential} class.\n /\nexport interface DefaultAzureCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions {\n /\n Optionally pass in a Tenant ID to be used as part of the credential.\n * By default it may use a generic tenant ID depending on the underlying credential.\n /\n tenantId?: string;\n\n /\n Timeout configurable for making token requests for developer credentials, namely, {@link AzurePowershellCredential},\n * {@link AzureDeveloperCliCredential} and {@link AzureCliCredential}.\n * Process timeout for credentials should be provided in milliseconds.\n /\n processTimeoutInMs?: number;\n /\n List of environment variables that must be defined at runtime.\n * If any variable in this list is missing or set to an empty value,\n * {@link DefaultAzureCredential} constructor will throw an error.\n * Use this to enforce that your application has the necessary environment configuration before\n * continuing execution.\n */\n requiredEnvVars?: DefaultAzureCredentialEnvVars \| DefaultAzureCredentialEnvVars[];\n}\n"]}

package/dist/workerd/credentials/managedIdentityCredential/index.d.ts CHANGED Viewed

@@ -17,6 +17,7 @@ export declare class ManagedIdentityCredential implements TokenCredential {
     private objectId?;
     private msiRetryConfig;
     private isAvailableIdentityClient;
+    private sendProbeRequest;
     /**
      * Creates an instance of ManagedIdentityCredential with the client ID of a
      * user-assigned identity, or app registration (when working with AKS pod-identity).

package/dist/workerd/credentials/managedIdentityCredential/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/index.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEtF,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AAc9E,OAAO,KAAK,~~EACV~~,wCAAwC,EACxC,wCAAwC,EACxC,0CAA0C,EAC3C,MAAM,cAAc,CAAC;AAItB;;;;;;;GAOG;AACH,qBAAa,yBAA0B,YAAW,eAAe;IAC/D,OAAO,CAAC,kBAAkB,CAA6B;IACvD,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,cAAc,CAIpB;IACF,OAAO,CAAC,yBAAyB,CAAiB;~~IAElD~~;;;;;;OAMG;gBACS,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,sBAAsB;IAC9D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,wCAAwC;IAC9D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,0CAA0C;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,wCAAwC;~~IAwH9D~~;;;;;;;;OAQG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;~~IAyGvB~~;;OAEG;IACH,OAAO,CAAC,oBAAoB;CAuB7B"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/index.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEtF,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AAc9E,OAAO,KAAK,EAEV,wCAAwC,EACxC,wCAAwC,EACxC,0CAA0C,EAC3C,MAAM,cAAc,CAAC;AAItB;;;;;;;GAOG;AACH,qBAAa,yBAA0B,YAAW,eAAe;IAC/D,OAAO,CAAC,kBAAkB,CAA6B;IACvD,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,cAAc,CAIpB;IACF,OAAO,CAAC,yBAAyB,CAAiB;IAClD,OAAO,CAAC,gBAAgB,CAAU;IAElC;;;;;;OAMG;gBACS,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,sBAAsB;IAC9D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,wCAAwC;IAC9D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,0CAA0C;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,wCAAwC;IAyH9D;;;;;;;;OAQG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;IA0GvB;;OAEG;IACH,OAAO,CAAC,oBAAoB;CAuB7B"}

package/dist/workerd/credentials/managedIdentityCredential/index.js CHANGED Viewed

@@ -32,6 +32,7 @@ export class ManagedIdentityCredential {
         intervalIncrement: 2,
     };
     isAvailableIdentityClient;
+    sendProbeRequest;
     /**
      * @internal
      * @hidden
@@ -48,6 +49,8 @@ export class ManagedIdentityCredential {
         }
         this.resourceId = _options?.resourceId;
         this.objectId = _options?.objectId;
+        this.sendProbeRequest =
+            _options?.sendProbeRequest ?? false;
         // For JavaScript users.
         const providedIds = [
             { key: "clientId", value: this.clientId },
@@ -159,7 +162,7 @@ export class ManagedIdentityCredential {
                     }
                     return result;
                 }
-                else if (isImdsMsi) {
+                else if (isImdsMsi && this.sendProbeRequest) {
                     // In the IMDS scenario we will probe the IMDS endpoint to ensure it's available before trying to get a token.
                     // If the IMDS endpoint is not available and this is the source that MSAL will use, we will fail-fast with an error that tells DAC to move to the next credential.
                     logger.getToken.info("Using the IMDS endpoint to probe for availability.");
@@ -176,7 +179,8 @@ export class ManagedIdentityCredential {
                 }
                 // If we got this far, it means:
                 // - This is not a tokenExchangeMsi,
-                // - We already probed for IMDS endpoint availability and failed-fast if it's unreachable.
+                // - We already probed for IMDS endpoint availability and failed-fast if it's unreachable,
+                // or we skip probing because the credential is set in DAC.
                 // We can proceed normally by calling MSAL for a token.
                 logger.getToken.info("Calling into MSAL for managed identity token.");
                 const token = await this.managedIdentityApp.acquireToken({