npm - @azure/keyvault-admin - Versions diffs - 4.2.0 → 4.2.1-alpha.20220705.4 - Mend

@azure/keyvault-admin 4.2.0 → 4.2.1-alpha.20220705.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/dist/index.js CHANGED Viewed

@@ -5,8 +5,8 @@ Object.defineProperty(exports, '__esModule', { value: true });
 var tslib = require('tslib');
 var coreClient = require('@azure/core-client');
 var coreRestPipeline = require('@azure/core-rest-pipeline');
-var coreTracing = require('@azure/core-tracing');
 var logger$1 = require('@azure/logger');
+var coreTracing = require('@azure/core-tracing');
 var uuid = require('uuid');
 var coreLro = require('@azure/core-lro');
@@ -30,21 +30,6 @@ function _interopNamespace(e) {
 var coreClient__namespace = /*#__PURE__*/_interopNamespace(coreClient);
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-/**
- * Current version of the Key Vault Admin SDK.
- */
-const SDK_VERSION = "4.2.0";
-/**
- * The latest supported Key Vault service API version.
- */
-const LATEST_API_VERSION = "7.3";
-/**
- * Authentication scopes
- */
-const authenticationScopes = ["https://managedhsm.azure.net/.default"];
 /*
  * Copyright (c) Microsoft Corporation.
  * Licensed under the MIT License.
@@ -1260,7 +1245,7 @@ class KeyVaultClientContext extends coreClient__namespace.ServiceClient {
         const defaults = {
             requestContentType: "application/json; charset=utf-8"
         };
-        const packageDetails = `azsdk-js-keyvault-admin/4.2.0`;
+        const packageDetails = `azsdk-js-keyvault-admin/4.2.1`;
         const userAgentPrefix = options.userAgentOptions && options.userAgentOptions.userAgentPrefix
             ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
             : `${packageDetails}`;
@@ -1430,6 +1415,17 @@ const selectiveKeyRestoreOperationOperationSpec = {
     serializer
 };
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Current version of the Key Vault Admin SDK.
+ */
+const SDK_VERSION = "4.2.1";
+/**
+ * The latest supported Key Vault service API version.
+ */
+const LATEST_API_VERSION = "7.3";
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 /**
@@ -1509,7 +1505,7 @@ function createChallengeCallbacks() {
         };
     }
     async function authorizeRequest(options) {
-        const { scopes, request } = options;
+        const { request } = options;
         const requestOptions = requestToOptions(request);
         switch (challengeState.status) {
             case "none":
@@ -1522,7 +1518,7 @@ function createChallengeCallbacks() {
             case "started":
                 break; // Retry, we should not overwrite the original body
             case "complete": {
-                const token = await options.getAccessToken(scopes, requestOptions);
+                const token = await options.getAccessToken(challengeState.scopes, requestOptions);
                 if (token) {
                     request.headers.set("authorization", `Bearer ${token.token}`);
                 }
@@ -1532,7 +1528,7 @@ function createChallengeCallbacks() {
         return Promise.resolve();
     }
     async function authorizeRequestOnChallenge(options) {
-        const { scopes, request, response } = options;
+        const { request, response } = options;
         if (request.body === null && challengeState.status === "started") {
             // Reset the original body before doing anything else.
             // Note: If successful status will be "complete", otherwise "none" will
@@ -1544,14 +1540,21 @@ function createChallengeCallbacks() {
         if (!challenge) {
             throw new Error("Missing challenge.");
         }
-        const parsedChallenge = parseWWWAuthenticate(challenge) || [];
-        const accessToken = await options.getAccessToken(parsedChallenge.scope ? [parsedChallenge.scope] : scopes, Object.assign(Object.assign({}, getTokenOptions), { tenantId: parsedChallenge.tenantId }));
+        const parsedChallenge = parseWWWAuthenticate(challenge) || {};
+        const scope = parsedChallenge.resource
+            ? parsedChallenge.resource + "/.default"
+            : parsedChallenge.scope;
+        if (!scope) {
+            throw new Error("Missing scope.");
+        }
+        const accessToken = await options.getAccessToken([scope], Object.assign(Object.assign({}, getTokenOptions), { tenantId: parsedChallenge.tenantId }));
         if (!accessToken) {
             return false;
         }
         options.request.headers.set("Authorization", `Bearer ${accessToken.token}`);
         challengeState = {
             status: "complete",
+            scopes: [scope],
         };
         return true;
     }
@@ -1561,46 +1564,6 @@ function createChallengeCallbacks() {
     };
 }
-// Copyright (c) Microsoft Corporation.
-/**
- * Returns a function that can be used for tracing options.
- *
- * @param prefix - The prefix to use, likely the name of the class / client.
- *
- * @example const withTrace = createTraceFunction("Azure.KeyVault.Certificates.CertificateClient")
- *
- * @internal
- */
-function createTraceFunction(prefix) {
-    const createSpan = coreTracing.createSpanFunction({
-        namespace: "Microsoft.KeyVault",
-        packagePrefix: prefix,
-    });
-    return async function (operationName, options, cb) {
-        const { updatedOptions, span } = createSpan(operationName, options);
-        try {
-            // NOTE: we really do need to await on this function here so we can handle any exceptions thrown and properly
-            // close the span.
-            const result = await cb(updatedOptions, span);
-            // otel 0.16+ needs this or else the code ends up being set as UNSET
-            span.setStatus({
-                code: coreTracing.SpanStatusCode.OK,
-            });
-            return result;
-        }
-        catch (err) {
-            span.setStatus({
-                code: coreTracing.SpanStatusCode.ERROR,
-                message: err.message,
-            });
-            throw err;
-        }
-        finally {
-            span.end();
-        }
-    };
-}
 // Copyright (c) Microsoft Corporation.
 /**
  * The \@azure/logger configuration for this package.
@@ -1656,7 +1619,13 @@ const mappings = {
 };
 // Copyright (c) Microsoft Corporation.
-const withTrace$3 = createTraceFunction("Azure.KeyVault.Admin.KeyVaultAccessControlClient");
+const tracingClient = coreTracing.createTracingClient({
+    namespace: "Microsoft.KeyVault",
+    packageName: "@azure/keyvault-admin",
+    packageVersion: SDK_VERSION,
+});
+// Copyright (c) Microsoft Corporation.
 /**
  * The KeyVaultAccessControlClient provides methods to manage
  * access control and role assignments in any given Azure Key Vault instance.
@@ -1694,7 +1663,9 @@ class KeyVaultAccessControlClient {
         this.client = new KeyVaultClient(serviceVersion, clientOptions);
         this.client.pipeline.addPolicy(coreRestPipeline.bearerTokenAuthenticationPolicy({
             credential,
-            scopes: authenticationScopes,
+            // The scopes will be populated in the challenge callbacks based on the WWW-authenticate header
+            // returned by the challenge, so pass an empty array as a placeholder.
+            scopes: [],
             challengeCallbacks: createChallengeCallbacks(),
         }));
     }
@@ -1716,7 +1687,7 @@ class KeyVaultAccessControlClient {
      * @param options - The optional parameters.
      */
     createRoleAssignment(roleScope, name, roleDefinitionId, principalId, options = {}) {
-        return withTrace$3("createRoleAssignment", options, async (updatedOptions) => {
+        return tracingClient.withSpan("KeyVaultAccessControlClient.createRoleAssignment", options, async (updatedOptions) => {
             const response = await this.client.roleAssignments.create(this.vaultUrl, roleScope, name, {
                 properties: {
                     roleDefinitionId,
@@ -1741,7 +1712,7 @@ class KeyVaultAccessControlClient {
      * @param options - The optional parameters.
      */
     deleteRoleAssignment(roleScope, name, options = {}) {
-        return withTrace$3("deleteRoleAssignment", options, async (updatedOptions) => {
+        return tracingClient.withSpan("KeyVaultAccessControlClient.deleteRoleAssignment", options, async (updatedOptions) => {
             await this.client.roleAssignments.delete(this.vaultUrl, roleScope, name, updatedOptions);
         });
     }
@@ -1761,7 +1732,7 @@ class KeyVaultAccessControlClient {
      * @param options - The optional parameters.
      */
     getRoleAssignment(roleScope, name, options = {}) {
-        return withTrace$3("getRoleAssignment", options, async (updatedOptions) => {
+        return tracingClient.withSpan("KeyVaultAccessControlClient.getRoleAssignment", options, async (updatedOptions) => {
             const response = await this.client.roleAssignments.get(this.vaultUrl, roleScope, name, updatedOptions);
             return mappings.roleAssignment.generatedToPublic(response);
         });
@@ -1776,7 +1747,7 @@ class KeyVaultAccessControlClient {
         return tslib.__asyncGenerator(this, arguments, function* listRoleAssignmentsPage_1() {
             if (!continuationState.continuationToken) {
                 const optionsComplete = options || {};
-                const currentSetResponse = yield tslib.__await(withTrace$3("listRoleAssignments", optionsComplete, async (updatedOptions) => {
+                const currentSetResponse = yield tslib.__await(tracingClient.withSpan("KeyVaultAccessControlClient.listRoleAssignmentsPage", optionsComplete, async (updatedOptions) => {
                     return this.client.roleAssignments.listForScope(this.vaultUrl, roleScope, updatedOptions);
                 }));
                 continuationState.continuationToken = currentSetResponse.nextLink;
@@ -1785,7 +1756,7 @@ class KeyVaultAccessControlClient {
                 }
             }
             while (continuationState.continuationToken) {
-                const currentSetResponse = yield tslib.__await(withTrace$3("listRoleAssignments", options || {}, async (updatedOptions) => {
+                const currentSetResponse = yield tslib.__await(tracingClient.withSpan("KeyVaultAccessControlClient.listRoleAssignmentsPage", options || {}, async (updatedOptions) => {
                     return this.client.roleAssignments.listForScopeNext(this.vaultUrl, roleScope, continuationState.continuationToken, updatedOptions);
                 }));
                 continuationState.continuationToken = currentSetResponse.nextLink;
@@ -1857,14 +1828,14 @@ class KeyVaultAccessControlClient {
         return tslib.__asyncGenerator(this, arguments, function* listRoleDefinitionsPage_1() {
             if (!continuationState.continuationToken) {
                 const optionsComplete = options || {};
-                const currentSetResponse = yield tslib.__await(withTrace$3("listRoleDefinitions", optionsComplete, (updatedOptions) => this.client.roleDefinitions.list(this.vaultUrl, roleScope, updatedOptions)));
+                const currentSetResponse = yield tslib.__await(tracingClient.withSpan("KeyVaultAccessControlClient.listRoleDefinitionsPage", optionsComplete, (updatedOptions) => this.client.roleDefinitions.list(this.vaultUrl, roleScope, updatedOptions)));
                 continuationState.continuationToken = currentSetResponse.nextLink;
                 if (currentSetResponse.value) {
                     yield yield tslib.__await(currentSetResponse.value.map(mappings.roleDefinition.generatedToPublic, this));
                 }
             }
             while (continuationState.continuationToken) {
-                const currentSetResponse = yield tslib.__await(withTrace$3("listRoleDefinitions", options, (updatedOptions) => this.client.roleDefinitions.listNext(this.vaultUrl, roleScope, continuationState.continuationToken, updatedOptions)));
+                const currentSetResponse = yield tslib.__await(tracingClient.withSpan("KeyVaultAccessControlClient.listRoleDefinitionsPage", options, (updatedOptions) => this.client.roleDefinitions.listNext(this.vaultUrl, roleScope, continuationState.continuationToken, updatedOptions)));
                 continuationState.continuationToken = currentSetResponse.nextLink;
                 if (currentSetResponse.value) {
                     yield yield tslib.__await(currentSetResponse.value.map(mappings.roleDefinition.generatedToPublic, this));
@@ -1938,7 +1909,7 @@ class KeyVaultAccessControlClient {
      * @param options - The optional parameters.
      */
     getRoleDefinition(roleScope, name, options = {}) {
-        return withTrace$3("getRoleDefinition", options, async (updatedOptions) => {
+        return tracingClient.withSpan("KeyVaultAccessControlClient.getRoleDefinition", options, async (updatedOptions) => {
             const response = await this.client.roleDefinitions.get(this.vaultUrl, roleScope, name, updatedOptions);
             return mappings.roleDefinition.generatedToPublic(response);
         });
@@ -1958,7 +1929,7 @@ class KeyVaultAccessControlClient {
      * @param options - The optional parameters.
      */
     setRoleDefinition(roleScope, options = {}) {
-        return withTrace$3("setRoleDefinition", options, async (updatedOptions) => {
+        return tracingClient.withSpan("KeyVaultAccessControlClient.setRoleDefinition", options, async (updatedOptions) => {
             const response = await this.client.roleDefinitions.createOrUpdate(this.vaultUrl, roleScope, options.roleDefinitionName || uuid.v4(), {
                 properties: {
                     description: options.description,
@@ -1985,7 +1956,7 @@ class KeyVaultAccessControlClient {
      * @param options - The optional parameters.
      */
     deleteRoleDefinition(roleScope, name, options = {}) {
-        return withTrace$3("deleteRoleDefinition", options, async (updatedOptions) => {
+        return tracingClient.withSpan("KeyVaultAccessControlClient.deleteRoleDefinition", options, async (updatedOptions) => {
             await this.client.roleDefinitions.delete(this.vaultUrl, roleScope, name, updatedOptions);
         });
     }
@@ -2171,10 +2142,6 @@ class KeyVaultAdminPollOperation {
 }
 // Copyright (c) Microsoft Corporation.
-/**
- * @internal
- */
-const withTrace$2 = createTraceFunction("Azure.KeyVault.Admin.KeyVaultBackupPoller");
 /**
  * The backup Key Vault's poll operation.
  */
@@ -2190,13 +2157,13 @@ class KeyVaultBackupPollOperation extends KeyVaultAdminPollOperation {
      * Tracing the fullBackup operation
      */
     fullBackup(options) {
-        return withTrace$2("fullBackup", options, (updatedOptions) => this.client.fullBackup(this.vaultUrl, updatedOptions));
+        return tracingClient.withSpan("KeyVaultBackupPoller.fullBackup", options, (updatedOptions) => this.client.fullBackup(this.vaultUrl, updatedOptions));
     }
     /**
      * Tracing the fullBackupStatus operation
      */
     fullBackupStatus(jobId, options) {
-        return withTrace$2("fullBackupStatus", options, (updatedOptions) => this.client.fullBackupStatus(this.vaultUrl, jobId, updatedOptions));
+        return tracingClient.withSpan("KeyVaultBackupPoller.fullBackupStatus", options, (updatedOptions) => this.client.fullBackupStatus(this.vaultUrl, jobId, updatedOptions));
     }
     /**
      * Reaches to the service and updates the backup's poll operation.
@@ -2268,10 +2235,6 @@ class KeyVaultBackupPoller extends KeyVaultAdminPoller {
 }
 // Copyright (c) Microsoft Corporation.
-/**
- * @internal
- */
-const withTrace$1 = createTraceFunction("Azure.KeyVault.Admin.KeyVaultRestorePoller");
 /**
  * An interface representing a restore Key Vault's poll operation.
  */
@@ -2289,13 +2252,13 @@ class KeyVaultRestorePollOperation extends KeyVaultAdminPollOperation {
      * Tracing the fullRestore operation
      */
     fullRestore(options) {
-        return withTrace$1("fullRestore", options, (updatedOptions) => this.client.fullRestoreOperation(this.vaultUrl, updatedOptions));
+        return tracingClient.withSpan("KeyVaultRestorePoller.fullRestore", options, (updatedOptions) => this.client.fullRestoreOperation(this.vaultUrl, updatedOptions));
     }
     /**
      * Tracing the restoreStatus operation.
      */
     async restoreStatus(jobId, options) {
-        return withTrace$1("restoreStatus", options, (updatedOptions) => this.client.restoreStatus(this.vaultUrl, jobId, updatedOptions));
+        return tracingClient.withSpan("KeyVaultRestorePoller.restoreStatus", options, (updatedOptions) => this.client.restoreStatus(this.vaultUrl, jobId, updatedOptions));
     }
     /**
      * Reaches to the service and updates the restore poll operation.
@@ -2370,10 +2333,6 @@ class KeyVaultRestorePoller extends KeyVaultAdminPoller {
 }
 // Copyright (c) Microsoft Corporation.
-/**
- * @internal
- */
-const withTrace = createTraceFunction("Azure.KeyVault.Admin.KeyVaultSelectiveKeyRestorePoller");
 /**
  * The selective restore Key Vault's poll operation.
  */
@@ -2389,13 +2348,13 @@ class KeyVaultSelectiveKeyRestorePollOperation extends KeyVaultAdminPollOperatio
      * Tracing the selectiveRestore operation
      */
     selectiveRestore(keyName, options) {
-        return withTrace("selectiveRestore", options, (updatedOptions) => this.client.selectiveKeyRestoreOperation(this.vaultUrl, keyName, updatedOptions));
+        return tracingClient.withSpan("KeyVaultSelectiveKeyRestorePoller.selectiveRestore", options, (updatedOptions) => this.client.selectiveKeyRestoreOperation(this.vaultUrl, keyName, updatedOptions));
     }
     /**
      * Tracing the restoreStatus operation.
      */
     restoreStatus(jobId, options) {
-        return withTrace("restoreStatus", options, (updatedOptions) => this.client.restoreStatus(this.vaultUrl, jobId, updatedOptions));
+        return tracingClient.withSpan("KeyVaultSelectiveKeyRestorePoller.restoreStatus", options, (updatedOptions) => this.client.restoreStatus(this.vaultUrl, jobId, updatedOptions));
     }
     /**
      * Reaches to the service and updates the selective restore poll operation.
@@ -2507,7 +2466,9 @@ class KeyVaultBackupClient {
         this.client = new KeyVaultClient(apiVersion, clientOptions);
         this.client.pipeline.addPolicy(coreRestPipeline.bearerTokenAuthenticationPolicy({
             credential,
-            scopes: authenticationScopes,
+            // The scopes will be populated in the challenge callbacks based on the WWW-authenticate header
+            // returned by the challenge, so pass an empty array as a placeholder.
+            scopes: [],
             challengeCallbacks: createChallengeCallbacks(),
         }));
     }