@azure/identity 4.5.0 → 4.5.1-alpha.20241022.1
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/index.js +47 -7
- package/dist/index.js.map +1 -1
- package/dist-esm/src/constants.js +1 -1
- package/dist-esm/src/constants.js.map +1 -1
- package/dist-esm/src/credentials/azureCliCredential.js +16 -2
- package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
- package/dist-esm/src/credentials/azureCliCredentialOptions.js.map +1 -1
- package/dist-esm/src/credentials/chainedTokenCredential.js +3 -2
- package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
- package/dist-esm/src/credentials/defaultAzureCredential.js +15 -2
- package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
- package/dist-esm/src/util/subscriptionUtils.js +14 -0
- package/dist-esm/src/util/subscriptionUtils.js.map +1 -0
- package/package.json +5 -5
- package/types/identity.d.ts +27 -52
package/dist/index.js
CHANGED
|
@@ -44,7 +44,7 @@ var child_process__namespace = /*#__PURE__*/_interopNamespaceDefault(child_proce
|
|
|
44
44
|
/**
|
|
45
45
|
* Current version of the `@azure/identity` package.
|
|
46
46
|
*/
|
|
47
|
-
const SDK_VERSION = `4.5.
|
|
47
|
+
const SDK_VERSION = `4.5.1`;
|
|
48
48
|
/**
|
|
49
49
|
* The default client ID for authentication
|
|
50
50
|
* @internal
|
|
@@ -2486,6 +2486,19 @@ function getScopeResource(scope) {
|
|
|
2486
2486
|
return scope.replace(/\/.default$/, "");
|
|
2487
2487
|
}
|
|
2488
2488
|
|
|
2489
|
+
// Copyright (c) Microsoft Corporation.
|
|
2490
|
+
// Licensed under the MIT License.
|
|
2491
|
+
/**
|
|
2492
|
+
* @internal
|
|
2493
|
+
*/
|
|
2494
|
+
function checkSubscription(logger, subscription) {
|
|
2495
|
+
if (!subscription.match(/^[0-9a-zA-Z-._ ]+$/)) {
|
|
2496
|
+
const error = new Error("Invalid subscription provided. You can locate your subscription by following the instructions listed here: https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id.");
|
|
2497
|
+
logger.info(formatError("", error));
|
|
2498
|
+
throw error;
|
|
2499
|
+
}
|
|
2500
|
+
}
|
|
2501
|
+
|
|
2489
2502
|
// Copyright (c) Microsoft Corporation.
|
|
2490
2503
|
// Licensed under the MIT License.
|
|
2491
2504
|
/**
|
|
@@ -2512,11 +2525,16 @@ const cliCredentialInternals = {
|
|
|
2512
2525
|
* @param resource - The resource to use when getting the token
|
|
2513
2526
|
* @internal
|
|
2514
2527
|
*/
|
|
2515
|
-
async getAzureCliAccessToken(resource, tenantId, timeout) {
|
|
2528
|
+
async getAzureCliAccessToken(resource, tenantId, subscription, timeout) {
|
|
2516
2529
|
let tenantSection = [];
|
|
2530
|
+
let subscriptionSection = [];
|
|
2517
2531
|
if (tenantId) {
|
|
2518
2532
|
tenantSection = ["--tenant", tenantId];
|
|
2519
2533
|
}
|
|
2534
|
+
if (subscription) {
|
|
2535
|
+
// Add quotes around the subscription to handle subscriptions with spaces
|
|
2536
|
+
subscriptionSection = ["--subscription", `"${subscription}"`];
|
|
2537
|
+
}
|
|
2520
2538
|
return new Promise((resolve, reject) => {
|
|
2521
2539
|
try {
|
|
2522
2540
|
child_process.execFile("az", [
|
|
@@ -2527,6 +2545,7 @@ const cliCredentialInternals = {
|
|
|
2527
2545
|
"--resource",
|
|
2528
2546
|
resource,
|
|
2529
2547
|
...tenantSection,
|
|
2548
|
+
...subscriptionSection,
|
|
2530
2549
|
], { cwd: cliCredentialInternals.getSafeWorkingDir(), shell: true, timeout }, (error, stdout, stderr) => {
|
|
2531
2550
|
resolve({ stdout: stdout, stderr: stderr, error });
|
|
2532
2551
|
});
|
|
@@ -2558,6 +2577,10 @@ class AzureCliCredential {
|
|
|
2558
2577
|
checkTenantId(logger$d, options === null || options === void 0 ? void 0 : options.tenantId);
|
|
2559
2578
|
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
|
|
2560
2579
|
}
|
|
2580
|
+
if (options === null || options === void 0 ? void 0 : options.subscription) {
|
|
2581
|
+
checkSubscription(logger$d, options === null || options === void 0 ? void 0 : options.subscription);
|
|
2582
|
+
this.subscription = options === null || options === void 0 ? void 0 : options.subscription;
|
|
2583
|
+
}
|
|
2561
2584
|
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
2562
2585
|
this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
|
|
2563
2586
|
}
|
|
@@ -2574,6 +2597,9 @@ class AzureCliCredential {
|
|
|
2574
2597
|
if (tenantId) {
|
|
2575
2598
|
checkTenantId(logger$d, tenantId);
|
|
2576
2599
|
}
|
|
2600
|
+
if (this.subscription) {
|
|
2601
|
+
checkSubscription(logger$d, this.subscription);
|
|
2602
|
+
}
|
|
2577
2603
|
const scope = typeof scopes === "string" ? scopes : scopes[0];
|
|
2578
2604
|
logger$d.getToken.info(`Using the scope ${scope}`);
|
|
2579
2605
|
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
|
|
@@ -2581,7 +2607,7 @@ class AzureCliCredential {
|
|
|
2581
2607
|
try {
|
|
2582
2608
|
ensureValidScopeForDevTimeCreds(scope, logger$d);
|
|
2583
2609
|
const resource = getScopeResource(scope);
|
|
2584
|
-
const obj = await cliCredentialInternals.getAzureCliAccessToken(resource, tenantId, this.timeout);
|
|
2610
|
+
const obj = await cliCredentialInternals.getAzureCliAccessToken(resource, tenantId, this.subscription, this.timeout);
|
|
2585
2611
|
const specificScope = (_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("(.*)az login --scope(.*)");
|
|
2586
2612
|
const isLoginError = ((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("(.*)az login(.*)")) && !specificScope;
|
|
2587
2613
|
const isNotInstallError = ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.match("az:(.*)not found")) || ((_d = obj.stderr) === null || _d === void 0 ? void 0 : _d.startsWith("'az' is not recognized"));
|
|
@@ -3081,8 +3107,9 @@ async function parseJsonToken(result) {
|
|
|
3081
3107
|
*/
|
|
3082
3108
|
const logger$a = credentialLogger("ChainedTokenCredential");
|
|
3083
3109
|
/**
|
|
3084
|
-
* Enables multiple `TokenCredential` implementations to be tried in order
|
|
3085
|
-
*
|
|
3110
|
+
* Enables multiple `TokenCredential` implementations to be tried in order until
|
|
3111
|
+
* one of the getToken methods returns an access token. For more information, see
|
|
3112
|
+
* [ChainedTokenCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-chainedtokencredential-for-granularity).
|
|
3086
3113
|
*/
|
|
3087
3114
|
class ChainedTokenCredential {
|
|
3088
3115
|
/**
|
|
@@ -3623,8 +3650,21 @@ class UnavailableDefaultCredential {
|
|
|
3623
3650
|
}
|
|
3624
3651
|
}
|
|
3625
3652
|
/**
|
|
3626
|
-
* Provides a default {@link ChainedTokenCredential} configuration that
|
|
3627
|
-
*
|
|
3653
|
+
* Provides a default {@link ChainedTokenCredential} configuration that works for most
|
|
3654
|
+
* applications that use Azure SDK client libraries. For more information, see
|
|
3655
|
+
* [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).
|
|
3656
|
+
*
|
|
3657
|
+
* The following credential types will be tried, in order:
|
|
3658
|
+
*
|
|
3659
|
+
* - {@link EnvironmentCredential}
|
|
3660
|
+
* - {@link WorkloadIdentityCredential}
|
|
3661
|
+
* - {@link ManagedIdentityCredential}
|
|
3662
|
+
* - {@link AzureCliCredential}
|
|
3663
|
+
* - {@link AzurePowerShellCredential}
|
|
3664
|
+
* - {@link AzureDeveloperCliCredential}
|
|
3665
|
+
*
|
|
3666
|
+
* Consult the documentation of these credential types for more information
|
|
3667
|
+
* on how they attempt authentication.
|
|
3628
3668
|
*/
|
|
3629
3669
|
class DefaultAzureCredential extends ChainedTokenCredential {
|
|
3630
3670
|
constructor(options) {
|