npm - @azure/keyvault-admin - Versions diffs - 4.2.1-alpha.20220330.1 → 4.2.1 - Mend

@azure/keyvault-admin 4.2.1-alpha.20220330.1 → 4.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

package/dist-esm/keyvault-admin/src/tracing.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tracing.js","sourceRoot":"","sources":["../../../src/tracing.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAE1D,MAAM,CAAC,MAAM,aAAa,GAAG,mBAAmB,CAAC;IAC/C,SAAS,EAAE,oBAAoB;IAC/B,WAAW,EAAE,uBAAuB;IACpC,cAAc,EAAE,WAAW;CAC5B,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { SDK_VERSION } from \"./constants\";\nimport { createTracingClient } from \"@azure/core-tracing\";\n\nexport const tracingClient = createTracingClient({\n namespace: \"Microsoft.KeyVault\",\n packageName: \"@azure/keyvault-admin\",\n packageVersion: SDK_VERSION,\n});\n"]}

package/dist-esm/keyvault-common/src/challengeBasedAuthenticationPolicy.js CHANGED Viewed

@@ -1,169 +1,88 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-/* eslint-disable @azure/azure-sdk/ts-use-interface-parameters */
-import { ExpiringAccessTokenCache } from "@azure/core-http";
-import { BaseRequestPolicy, } from "@azure/core-http";
 import { parseWWWAuthenticate } from "./parseWWWAuthenticate";
-import { Constants } from "@azure/core-http";
 /**
- * Representation of the Authentication Challenge
- */
-export class AuthenticationChallenge {
-    constructor(authorization, scope, tenantId) {
-        this.authorization = authorization;
-        this.scope = scope;
-        this.tenantId = tenantId;
-    }
-    /**
-     * Checks that this AuthenticationChallenge is equal to another one given.
-     * Only compares the scope.
-     * This is exactly what C# is doing, as we can see here:
-     * https://github.com/Azure/azure-sdk-for-net/blob/70e54b878ff1d01a45266fb3674a396b4ab9c1d2/sdk/keyvault/Azure.Security.KeyVault.Shared/src/ChallengeBasedAuthenticationPolicy.cs#L143-L147
-     * @param other - The other AuthenticationChallenge
-     */
-    equalTo(other) {
-        var _a, _b;
-        return other
-            ? this.scope.toLowerCase() === other.scope.toLowerCase() &&
-                this.authorization.toLowerCase() === other.authorization.toLowerCase() &&
-                ((_a = this.tenantId) === null || _a === void 0 ? void 0 : _a.toLowerCase()) === ((_b = other.tenantId) === null || _b === void 0 ? void 0 : _b.toLowerCase())
-            : false;
-    }
-}
-/**
- * Helps keep a copy of any previous authentication challenges,
- * so that we can compare on any further request.
- */
-export class AuthenticationChallengeCache {
-    setCachedChallenge(challenge) {
-        this.challenge = challenge;
-    }
-}
-/**
- * Creates a new ChallengeBasedAuthenticationPolicy factory.
+ * @internal
  *
- * @param credential - The TokenCredential implementation that can supply the challenge token.
- */
-export function challengeBasedAuthenticationPolicy(credential) {
-    const tokenCache = new ExpiringAccessTokenCache();
-    const challengeCache = new AuthenticationChallengeCache();
-    return {
-        create: (nextPolicy, options) => {
-            return new ChallengeBasedAuthenticationPolicy(nextPolicy, options, credential, tokenCache, challengeCache);
-        },
-    };
-}
-/**
+ * Creates challenge callback handlers to manage CAE lifecycle in Azure Key Vault.
+ *
+ * Key Vault supports other authentication schemes, but we ensure challenge authentication
+ * is used by first sending a copy of the request, without authorization or content.
  *
- * Provides a RequestPolicy that can request a token from a TokenCredential
- * implementation and then apply it to the Authorization header of a request
- * as a Bearer token.
+ * when the challenge is received, it will be authenticated and used to send the original
+ * request with authorization.
  *
+ * Following the first request of a client, follow-up requests will get the cached token
+ * if possible.
  */
-export class ChallengeBasedAuthenticationPolicy extends BaseRequestPolicy {
-    /**
-     * Creates a new ChallengeBasedAuthenticationPolicy object.
-     *
-     * @param nextPolicy - The next RequestPolicy in the request pipeline.
-     * @param options - Options for this RequestPolicy.
-     * @param credential - The TokenCredential implementation that can supply the bearer token.
-     * @param tokenCache - The cache for the most recent AccessToken returned by the TokenCredential.
-     */
-    constructor(nextPolicy, options, credential, tokenCache, challengeCache) {
-        super(nextPolicy, options);
-        this.credential = credential;
-        this.tokenCache = tokenCache;
-        this.challengeCache = challengeCache;
-        this.parseWWWAuthenticate = parseWWWAuthenticate;
-    }
-    /**
-     * Gets or updates the token from the token cache into the headers of the received web resource.
-     */
-    async loadToken(webResource) {
-        let accessToken = this.tokenCache.getCachedToken();
-        // If there's no cached token in the cache, we try to get a new one.
-        if (accessToken === undefined) {
-            const receivedToken = await this.credential.getToken(this.challengeCache.challenge.scope, {
-                tenantId: this.challengeCache.challenge.tenantId,
-            });
-            accessToken = receivedToken || undefined;
-            this.tokenCache.setCachedToken(accessToken);
-        }
-        if (accessToken) {
-            webResource.headers.set(Constants.HeaderConstants.AUTHORIZATION, `Bearer ${accessToken.token}`);
-        }
+export function createChallengeCallbacks() {
+    let challengeState = { status: "none" };
+    function requestToOptions(request) {
+        return {
+            abortSignal: request.abortSignal,
+            requestOptions: {
+                timeout: request.timeout,
+            },
+            tracingOptions: request.tracingOptions,
+        };
     }
-    /**
-     * Parses the given WWW-Authenticate header, generates a new AuthenticationChallenge,
-     * then if the challenge is different from the one cached, resets the token and forces
-     * a re-authentication, otherwise continues with the existing challenge and token.
-     * @param wwwAuthenticate - Value of the incoming WWW-Authenticate header.
-     * @param webResource - Ongoing HTTP request.
-     */
-    async regenerateChallenge(wwwAuthenticate, webResource) {
-        var _a;
-        // The challenge based authentication will contain both:
-        // - An authorization URI with a token,
-        // - The resource to which that token is valid against (also called the scope).
-        const parsedWWWAuth = this.parseWWWAuthenticate(wwwAuthenticate);
-        const authorization = parsedWWWAuth.authorization;
-        const resource = parsedWWWAuth.resource || parsedWWWAuth.scope;
-        const tenantId = parsedWWWAuth.tenantId;
-        if (!(authorization && resource)) {
-            return this._nextPolicy.sendRequest(webResource);
-        }
-        const challenge = new AuthenticationChallenge(authorization, resource + "/.default", tenantId);
-        // Either if there's no cached challenge at this point (could have happen in parallel),
-        // or if the cached challenge has a different scope,
-        // we store the just received challenge and reset the cached token, to force a re-authentication.
-        if (!((_a = this.challengeCache.challenge) === null || _a === void 0 ? void 0 : _a.equalTo(challenge))) {
-            this.challengeCache.setCachedChallenge(challenge);
-            this.tokenCache.setCachedToken(undefined);
+    async function authorizeRequest(options) {
+        const { request } = options;
+        const requestOptions = requestToOptions(request);
+        switch (challengeState.status) {
+            case "none":
+                challengeState = {
+                    status: "started",
+                    originalBody: request.body,
+                };
+                request.body = null;
+                break;
+            case "started":
+                break; // Retry, we should not overwrite the original body
+            case "complete": {
+                const token = await options.getAccessToken(challengeState.scopes, requestOptions);
+                if (token) {
+                    request.headers.set("authorization", `Bearer ${token.token}`);
+                }
+                break;
+            }
         }
-        await this.loadToken(webResource);
-        return this._nextPolicy.sendRequest(webResource);
+        return Promise.resolve();
     }
-    /**
-     * Applies the Bearer token to the request through the Authorization header.
-     * @param webResource - Ongoing HTTP request.
-     */
-    async sendRequest(webResource) {
-        // Ensure that we're about to use a secure connection.
-        if (!webResource.url.startsWith("https:")) {
-            throw new Error("The resource address for authorization must use the 'https' protocol.");
-        }
-        // The next request will happen differently whether we have a challenge or not.
-        let response;
-        if (this.challengeCache.challenge === undefined ||
-            this.challengeCache.challenge === undefined) {
-            // If there's no challenge in cache, a blank body will start the challenge.
-            const originalBody = webResource.body;
-            webResource.body = "";
-            try {
-                response = await this._nextPolicy.sendRequest(webResource);
-            }
-            finally {
-                webResource.body = originalBody;
-            }
+    async function authorizeRequestOnChallenge(options) {
+        const { request, response } = options;
+        if (request.body === null && challengeState.status === "started") {
+            // Reset the original body before doing anything else.
+            // Note: If successful status will be "complete", otherwise "none" will
+            // restart the process.
+            request.body = challengeState.originalBody;
         }
-        else {
-            // If we did have a challenge in memory,
-            // we attempt to load the token from the cache into the request before we try to send the request.
-            await this.loadToken(webResource);
-            response = await this._nextPolicy.sendRequest(webResource);
+        const getTokenOptions = requestToOptions(request);
+        const challenge = response.headers.get("WWW-Authenticate");
+        if (!challenge) {
+            throw new Error("Missing challenge.");
         }
-        // If we don't receive a response with a 401 status code,
-        // then we can assume this response has nothing to do with the challenge authentication process.
-        if (response.status !== 401) {
-            return response;
+        const parsedChallenge = parseWWWAuthenticate(challenge) || {};
+        const scope = parsedChallenge.resource
+            ? parsedChallenge.resource + "/.default"
+            : parsedChallenge.scope;
+        if (!scope) {
+            throw new Error("Missing scope.");
         }
-        // If the response status is 401, we only re-authenticate if the WWW-Authenticate header is present.
-        const wwwAuthenticate = response.headers.get("WWW-Authenticate");
-        if (!wwwAuthenticate) {
-            return response;
+        const accessToken = await options.getAccessToken([scope], Object.assign(Object.assign({}, getTokenOptions), { tenantId: parsedChallenge.tenantId }));
+        if (!accessToken) {
+            return false;
         }
-        // We re-generate the challenge and see if we have to re-authenticate.
-        return this.regenerateChallenge(wwwAuthenticate, webResource);
+        options.request.headers.set("Authorization", `Bearer ${accessToken.token}`);
+        challengeState = {
+            status: "complete",
+            scopes: [scope],
+        };
+        return true;
     }
+    return {
+        authorizeRequest,
+        authorizeRequestOnChallenge,
+    };
 }
 //# sourceMappingURL=challengeBasedAuthenticationPolicy.js.map

package/dist-esm/keyvault-common/src/challengeBasedAuthenticationPolicy.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"challengeBasedAuthenticationPolicy.js","sourceRoot":"","sources":["../../../../keyvault-common/src/challengeBasedAuthenticationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAClC,iEAAiE;AAEjE,OAAO,EAAoB,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAC9E,OAAO,EACL,iBAAiB,GAIlB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAyB,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AACrF,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAK7C;;GAEG;AACH,MAAM,OAAO,uBAAuB;IAClC,YAAmB,aAAqB,EAAS,KAAa,EAAS,QAAiB;QAArE,kBAAa,GAAb,aAAa,CAAQ;QAAS,UAAK,GAAL,KAAK,CAAQ;QAAS,aAAQ,GAAR,QAAQ,CAAS;IAAG,CAAC;IAE5F;;;;;;OAMG;IACI,OAAO,CAAC,KAA0C;;QACvD,OAAO,KAAK;YACV,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE;gBACpD,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,aAAa,CAAC,WAAW,EAAE;gBACtE,CAAA,MAAA,IAAI,CAAC,QAAQ,0CAAE,WAAW,EAAE,OAAK,MAAA,KAAK,CAAC,QAAQ,0CAAE,WAAW,EAAE,CAAA;YAClE,CAAC,CAAC,KAAK,CAAC;IACZ,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAGhC,kBAAkB,CAAC,SAAkC;QAC1D,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,UAAU,kCAAkC,CAChD,UAA2B;IAE3B,MAAM,UAAU,GAAqB,IAAI,wBAAwB,EAAE,CAAC;IACpE,MAAM,cAAc,GAAG,IAAI,4BAA4B,EAAE,CAAC;IAC1D,OAAO;QACL,MAAM,EAAE,CAAC,UAAyB,EAAE,OAA6B,EAAE,EAAE;YACnE,OAAO,IAAI,kCAAkC,CAC3C,UAAU,EACV,OAAO,EACP,UAAU,EACV,UAAU,EACV,cAAc,CACf,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,kCAAmC,SAAQ,iBAAiB;IAIvE;;;;;;;OAOG;IACH,YACE,UAAyB,EACzB,OAA6B,EACrB,UAA2B,EAC3B,UAA4B,EAC5B,cAA4C;QAEpD,KAAK,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAJnB,eAAU,GAAV,UAAU,CAAiB;QAC3B,eAAU,GAAV,UAAU,CAAkB;QAC5B,mBAAc,GAAd,cAAc,CAA8B;QAhB9C,yBAAoB,GAC1B,oBAAoB,CAAC;IAkBvB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,SAAS,CAAC,WAAwB;QAC9C,IAAI,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;QAEnD,oEAAoE;QACpE,IAAI,WAAW,KAAK,SAAS,EAAE;YAC7B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,SAAU,CAAC,KAAK,EAAE;gBACzF,QAAQ,EAAE,IAAI,CAAC,cAAc,CAAC,SAAU,CAAC,QAAQ;aAClD,CAAC,CAAC;YACH,WAAW,GAAG,aAAa,IAAI,SAAS,CAAC;YACzC,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;SAC7C;QAED,IAAI,WAAW,EAAE;YACf,WAAW,CAAC,OAAO,CAAC,GAAG,CACrB,SAAS,CAAC,eAAe,CAAC,aAAa,EACvC,UAAU,WAAW,CAAC,KAAK,EAAE,CAC9B,CAAC;SACH;IACH,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,mBAAmB,CAC/B,eAAuB,EACvB,WAAwB;;QAExB,wDAAwD;QACxD,uCAAuC;QACvC,+EAA+E;QAC/E,MAAM,aAAa,GAAG,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC;QACjE,MAAM,aAAa,GAAG,aAAa,CAAC,aAAc,CAAC;QACnD,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAS,IAAI,aAAa,CAAC,KAAM,CAAC;QACjE,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,CAAC;QAExC,IAAI,CAAC,CAAC,aAAa,IAAI,QAAQ,CAAC,EAAE;YAChC,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;SAClD;QAED,MAAM,SAAS,GAAG,IAAI,uBAAuB,CAAC,aAAa,EAAE,QAAQ,GAAG,WAAW,EAAE,QAAQ,CAAC,CAAC;QAE/F,uFAAuF;QACvF,oDAAoD;QACpD,iGAAiG;QACjG,IAAI,CAAC,CAAA,MAAA,IAAI,CAAC,cAAc,CAAC,SAAS,0CAAE,OAAO,CAAC,SAAS,CAAC,CAAA,EAAE;YACtD,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC;YAClD,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;SAC3C;QAED,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAClC,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IACnD,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,WAAW,CAAC,WAAwB;QAC/C,sDAAsD;QACtD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACzC,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;SAC1F;QAED,+EAA+E;QAC/E,IAAI,QAA+B,CAAC;QAEpC,IACE,IAAI,CAAC,cAAc,CAAC,SAAS,KAAK,SAAS;YAC3C,IAAI,CAAC,cAAc,CAAC,SAAS,KAAK,SAAS,EAC3C;YACA,2EAA2E;YAC3E,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC;YACtC,WAAW,CAAC,IAAI,GAAG,EAAE,CAAC;YACtB,IAAI;gBACF,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;aAC5D;oBAAS;gBACR,WAAW,CAAC,IAAI,GAAG,YAAY,CAAC;aACjC;SACF;aAAM;YACL,wCAAwC;YACxC,kGAAkG;YAClG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YAClC,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;SAC5D;QAED,yDAAyD;QACzD,gGAAgG;QAChG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YAC3B,OAAO,QAAQ,CAAC;SACjB;QAED,oGAAoG;QACpG,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACjE,IAAI,CAAC,eAAe,EAAE;YACpB,OAAO,QAAQ,CAAC;SACjB;QAED,sEAAsE;QACtE,OAAO,IAAI,CAAC,mBAAmB,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;IAChE,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n/* eslint-disable @azure/azure-sdk/ts-use-interface-parameters /\n\nimport { AccessTokenCache, ExpiringAccessTokenCache } from \"@azure/core-http\";\nimport {\n BaseRequestPolicy,\n RequestPolicy,\n RequestPolicyFactory,\n RequestPolicyOptions,\n} from \"@azure/core-http\";\nimport { ParsedWWWAuthenticate, parseWWWAuthenticate } from \"./parseWWWAuthenticate\";\nimport { Constants } from \"@azure/core-http\";\nimport { HttpOperationResponse } from \"@azure/core-http\";\nimport { TokenCredential } from \"@azure/core-http\";\nimport { WebResource } from \"@azure/core-http\";\n\n/\n Representation of the Authentication Challenge\n /\nexport class AuthenticationChallenge {\n constructor(public authorization: string, public scope: string, public tenantId?: string) {}\n\n /\n Checks that this AuthenticationChallenge is equal to another one given.\n * Only compares the scope.\n * This is exactly what C# is doing, as we can see here:\n * https://github.com/Azure/azure-sdk-for-net/blob/70e54b878ff1d01a45266fb3674a396b4ab9c1d2/sdk/keyvault/Azure.Security.KeyVault.Shared/src/ChallengeBasedAuthenticationPolicy.cs#L143-L147\n * @param other - The other AuthenticationChallenge\n /\n public equalTo(other: AuthenticationChallenge \| undefined): boolean {\n return other\n ? this.scope.toLowerCase() === other.scope.toLowerCase() &&\n this.authorization.toLowerCase() === other.authorization.toLowerCase() &&\n this.tenantId?.toLowerCase() === other.tenantId?.toLowerCase()\n : false;\n }\n}\n\n/\n Helps keep a copy of any previous authentication challenges,\n * so that we can compare on any further request.\n /\nexport class AuthenticationChallengeCache {\n public challenge?: AuthenticationChallenge;\n\n public setCachedChallenge(challenge: AuthenticationChallenge): void {\n this.challenge = challenge;\n }\n}\n\n/\n Creates a new ChallengeBasedAuthenticationPolicy factory.\n \n @param credential - The TokenCredential implementation that can supply the challenge token.\n /\nexport function challengeBasedAuthenticationPolicy(\n credential: TokenCredential\n): RequestPolicyFactory {\n const tokenCache: AccessTokenCache = new ExpiringAccessTokenCache();\n const challengeCache = new AuthenticationChallengeCache();\n return {\n create: (nextPolicy: RequestPolicy, options: RequestPolicyOptions) => {\n return new ChallengeBasedAuthenticationPolicy(\n nextPolicy,\n options,\n credential,\n tokenCache,\n challengeCache\n );\n },\n };\n}\n\n/\n \n * Provides a RequestPolicy that can request a token from a TokenCredential\n * implementation and then apply it to the Authorization header of a request\n * as a Bearer token.\n \n /\nexport class ChallengeBasedAuthenticationPolicy extends BaseRequestPolicy {\n private parseWWWAuthenticate: (wwwAuthenticate: string) => ParsedWWWAuthenticate =\n parseWWWAuthenticate;\n\n /*\n Creates a new ChallengeBasedAuthenticationPolicy object.\n \n @param nextPolicy - The next RequestPolicy in the request pipeline.\n * @param options - Options for this RequestPolicy.\n * @param credential - The TokenCredential implementation that can supply the bearer token.\n * @param tokenCache - The cache for the most recent AccessToken returned by the TokenCredential.\n /\n constructor(\n nextPolicy: RequestPolicy,\n options: RequestPolicyOptions,\n private credential: TokenCredential,\n private tokenCache: AccessTokenCache,\n private challengeCache: AuthenticationChallengeCache\n ) {\n super(nextPolicy, options);\n }\n\n /\n Gets or updates the token from the token cache into the headers of the received web resource.\n /\n private async loadToken(webResource: WebResource): Promise<void> {\n let accessToken = this.tokenCache.getCachedToken();\n\n // If there's no cached token in the cache, we try to get a new one.\n if (accessToken === undefined) {\n const receivedToken = await this.credential.getToken(this.challengeCache.challenge!.scope, {\n tenantId: this.challengeCache.challenge!.tenantId,\n });\n accessToken = receivedToken \|\| undefined;\n this.tokenCache.setCachedToken(accessToken);\n }\n\n if (accessToken) {\n webResource.headers.set(\n Constants.HeaderConstants.AUTHORIZATION,\n `Bearer ${accessToken.token}`\n );\n }\n }\n\n /\n Parses the given WWW-Authenticate header, generates a new AuthenticationChallenge,\n * then if the challenge is different from the one cached, resets the token and forces\n * a re-authentication, otherwise continues with the existing challenge and token.\n * @param wwwAuthenticate - Value of the incoming WWW-Authenticate header.\n * @param webResource - Ongoing HTTP request.\n /\n private async regenerateChallenge(\n wwwAuthenticate: string,\n webResource: WebResource\n ): Promise<HttpOperationResponse> {\n // The challenge based authentication will contain both:\n // - An authorization URI with a token,\n // - The resource to which that token is valid against (also called the scope).\n const parsedWWWAuth = this.parseWWWAuthenticate(wwwAuthenticate);\n const authorization = parsedWWWAuth.authorization!;\n const resource = parsedWWWAuth.resource! \|\| parsedWWWAuth.scope!;\n const tenantId = parsedWWWAuth.tenantId;\n\n if (!(authorization && resource)) {\n return this._nextPolicy.sendRequest(webResource);\n }\n\n const challenge = new AuthenticationChallenge(authorization, resource + \"/.default\", tenantId);\n\n // Either if there's no cached challenge at this point (could have happen in parallel),\n // or if the cached challenge has a different scope,\n // we store the just received challenge and reset the cached token, to force a re-authentication.\n if (!this.challengeCache.challenge?.equalTo(challenge)) {\n this.challengeCache.setCachedChallenge(challenge);\n this.tokenCache.setCachedToken(undefined);\n }\n\n await this.loadToken(webResource);\n return this._nextPolicy.sendRequest(webResource);\n }\n\n /\n Applies the Bearer token to the request through the Authorization header.\n * @param webResource - Ongoing HTTP request.\n */\n public async sendRequest(webResource: WebResource): Promise<HttpOperationResponse> {\n // Ensure that we're about to use a secure connection.\n if (!webResource.url.startsWith(\"https:\")) {\n throw new Error(\"The resource address for authorization must use the 'https' protocol.\");\n }\n\n // The next request will happen differently whether we have a challenge or not.\n let response: HttpOperationResponse;\n\n if (\n this.challengeCache.challenge === undefined \|\|\n this.challengeCache.challenge === undefined\n ) {\n // If there's no challenge in cache, a blank body will start the challenge.\n const originalBody = webResource.body;\n webResource.body = \"\";\n try {\n response = await this._nextPolicy.sendRequest(webResource);\n } finally {\n webResource.body = originalBody;\n }\n } else {\n // If we did have a challenge in memory,\n // we attempt to load the token from the cache into the request before we try to send the request.\n await this.loadToken(webResource);\n response = await this._nextPolicy.sendRequest(webResource);\n }\n\n // If we don't receive a response with a 401 status code,\n // then we can assume this response has nothing to do with the challenge authentication process.\n if (response.status !== 401) {\n return response;\n }\n\n // If the response status is 401, we only re-authenticate if the WWW-Authenticate header is present.\n const wwwAuthenticate = response.headers.get(\"WWW-Authenticate\");\n if (!wwwAuthenticate) {\n return response;\n }\n\n // We re-generate the challenge and see if we have to re-authenticate.\n return this.regenerateChallenge(wwwAuthenticate, webResource);\n }\n}\n"]}
1	+ {"version":3,"file":"challengeBasedAuthenticationPolicy.js","sourceRoot":"","sources":["../../../../keyvault-common/src/challengeBasedAuthenticationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AASlC,OAAO,EAAyB,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AA6BrF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,wBAAwB;IACtC,IAAI,cAAc,GAAmB,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAExD,SAAS,gBAAgB,CAAC,OAAwB;QAChD,OAAO;YACL,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,cAAc,EAAE;gBACd,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB;YACD,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,gBAAgB,CAAC,OAAgC;QAC9D,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;QAC5B,MAAM,cAAc,GAAoB,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAElE,QAAQ,cAAc,CAAC,MAAM,EAAE;YAC7B,KAAK,MAAM;gBACT,cAAc,GAAG;oBACf,MAAM,EAAE,SAAS;oBACjB,YAAY,EAAE,OAAO,CAAC,IAAI;iBAC3B,CAAC;gBACF,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,MAAM;YACR,KAAK,SAAS;gBACZ,MAAM,CAAC,mDAAmD;YAC5D,KAAK,UAAU,CAAC,CAAC;gBACf,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,cAAc,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;gBAClF,IAAI,KAAK,EAAE;oBACT,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;iBAC/D;gBACD,MAAM;aACP;SACF;QACD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,UAAU,2BAA2B,CACxC,OAA2C;QAE3C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;QAEtC,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,IAAI,cAAc,CAAC,MAAM,KAAK,SAAS,EAAE;YAChE,sDAAsD;YACtD,uEAAuE;YACvE,uBAAuB;YACvB,OAAO,CAAC,IAAI,GAAG,cAAc,CAAC,YAAY,CAAC;SAC5C;QAED,MAAM,eAAe,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAElD,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC3D,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;SACvC;QACD,MAAM,eAAe,GAA0B,oBAAoB,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAErF,MAAM,KAAK,GAAG,eAAe,CAAC,QAAQ;YACpC,CAAC,CAAC,eAAe,CAAC,QAAQ,GAAG,WAAW;YACxC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC;QAE1B,IAAI,CAAC,KAAK,EAAE;YACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;SACnC;QAED,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,kCACnD,eAAe,KAClB,QAAQ,EAAE,eAAe,CAAC,QAAQ,IAClC,CAAC;QAEH,IAAI,CAAC,WAAW,EAAE;YAChB,OAAO,KAAK,CAAC;SACd;QAED,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;QAE5E,cAAc,GAAG;YACf,MAAM,EAAE,UAAU;YAClB,MAAM,EAAE,CAAC,KAAK,CAAC;SAChB,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,gBAAgB;QAChB,2BAA2B;KAC5B,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n AuthorizeRequestOnChallengeOptions,\n AuthorizeRequestOptions,\n ChallengeCallbacks,\n PipelineRequest,\n RequestBodyType,\n} from \"@azure/core-rest-pipeline\";\nimport { ParsedWWWAuthenticate, parseWWWAuthenticate } from \"./parseWWWAuthenticate\";\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/*\n @internal\n * Holds the state of Challenge Auth.\n * When making the first request we force Key Vault to begin a challenge\n * by clearing out the request body and storing it locally.\n \n Later on, the authorizeRequestOnChallenge callback will process the\n * challenge and, if ready to resend the original request, reset the body\n * so that it may be sent again.\n \n Once a client has succeeded once, we can start skipping CAE.\n /\ntype ChallengeState =\n \| {\n status: \"none\";\n }\n \| {\n status: \"started\";\n originalBody?: RequestBodyType;\n }\n \| {\n status: \"complete\";\n scopes: string[];\n };\n\n/\n @internal\n \n Creates challenge callback handlers to manage CAE lifecycle in Azure Key Vault.\n \n Key Vault supports other authentication schemes, but we ensure challenge authentication\n * is used by first sending a copy of the request, without authorization or content.\n \n when the challenge is received, it will be authenticated and used to send the original\n * request with authorization.\n \n Following the first request of a client, follow-up requests will get the cached token\n * if possible.\n */\nexport function createChallengeCallbacks(): ChallengeCallbacks {\n let challengeState: ChallengeState = { status: \"none\" };\n\n function requestToOptions(request: PipelineRequest): GetTokenOptions {\n return {\n abortSignal: request.abortSignal,\n requestOptions: {\n timeout: request.timeout,\n },\n tracingOptions: request.tracingOptions,\n };\n }\n\n async function authorizeRequest(options: AuthorizeRequestOptions) {\n const { request } = options;\n const requestOptions: GetTokenOptions = requestToOptions(request);\n\n switch (challengeState.status) {\n case \"none\":\n challengeState = {\n status: \"started\",\n originalBody: request.body,\n };\n request.body = null;\n break;\n case \"started\":\n break; // Retry, we should not overwrite the original body\n case \"complete\": {\n const token = await options.getAccessToken(challengeState.scopes, requestOptions);\n if (token) {\n request.headers.set(\"authorization\", `Bearer ${token.token}`);\n }\n break;\n }\n }\n return Promise.resolve();\n }\n\n async function authorizeRequestOnChallenge(\n options: AuthorizeRequestOnChallengeOptions\n ): Promise<boolean> {\n const { request, response } = options;\n\n if (request.body === null && challengeState.status === \"started\") {\n // Reset the original body before doing anything else.\n // Note: If successful status will be \"complete\", otherwise \"none\" will\n // restart the process.\n request.body = challengeState.originalBody;\n }\n\n const getTokenOptions = requestToOptions(request);\n\n const challenge = response.headers.get(\"WWW-Authenticate\");\n if (!challenge) {\n throw new Error(\"Missing challenge.\");\n }\n const parsedChallenge: ParsedWWWAuthenticate = parseWWWAuthenticate(challenge) \|\| {};\n\n const scope = parsedChallenge.resource\n ? parsedChallenge.resource + \"/.default\"\n : parsedChallenge.scope;\n\n if (!scope) {\n throw new Error(\"Missing scope.\");\n }\n\n const accessToken = await options.getAccessToken([scope], {\n ...getTokenOptions,\n tenantId: parsedChallenge.tenantId,\n });\n\n if (!accessToken) {\n return false;\n }\n\n options.request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n\n challengeState = {\n status: \"complete\",\n scopes: [scope],\n };\n\n return true;\n }\n\n return {\n authorizeRequest,\n authorizeRequestOnChallenge,\n };\n}\n"]}

package/dist-esm/keyvault-common/src/index.js CHANGED Viewed

@@ -2,6 +2,5 @@
 // Licensed under the MIT license.
 export * from "./challengeBasedAuthenticationPolicy";
 export * from "./parseKeyvaultIdentifier";
-export * from "./tracingHelpers";
 export * from "./parseWWWAuthenticate";
 //# sourceMappingURL=index.js.map

package/dist-esm/keyvault-common/src/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../keyvault-common/src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,cAAc,sCAAsC,CAAC;AACrD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,~~kBAAkB,CAAC;AACjC,cAAc,~~wBAAwB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport * from \"./challengeBasedAuthenticationPolicy\";\nexport * from \"./parseKeyvaultIdentifier\";\nexport * from \"./~~tracingHelpers\";\nexport * from \"./~~parseWWWAuthenticate\";\n"]}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../keyvault-common/src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,cAAc,sCAAsC,CAAC;AACrD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport * from \"./challengeBasedAuthenticationPolicy\";\nexport * from \"./parseKeyvaultIdentifier\";\nexport * from \"./parseWWWAuthenticate\";\n"]}

package/dist-esm/keyvault-common/src/parseKeyvaultIdentifier.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"parseKeyvaultIdentifier.js","sourceRoot":"","sources":["../../../../keyvault-common/src/parseKeyvaultIdentifier.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,GAAG,MAAM,KAAK,CAAC;AAgB3B,MAAM,UAAU,uBAAuB,CACrC,UAAkB,EAClB,UAA8B;IAE9B,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE;QACvE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE;QACvE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAC;IACZ,IAAI;QACF,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;KAC7C;IAAC,OAAO,~~CAAC~~,EAAE;~~QACV~~,MAAM,IAAI,KAAK,CAAC,WAAW,UAAU,gBAAgB,UAAU,mBAAmB,CAAC,CAAC;KACrF;IAED,mDAAmD;IACnD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QAClD,MAAM,IAAI,KAAK,CACb,WAAW,UAAU,gBAAgB,UAAU,6BAA6B,QAAQ,CAAC,MAAM,EAAE,CAC9F,CAAC;KACH;IAED,IAAI,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE;QAC9B,MAAM,IAAI,KAAK,CACb,WAAW,UAAU,gBAAgB,UAAU,4BAA4B,UAAU,aAAa,QAAQ,CAAC,CAAC,CAAC,GAAG,CACjH,CAAC;KACH;IAED,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,IAAI,EAAE,CAAC;IACxD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAChE,OAAO;QACL,QAAQ;QACR,IAAI;QACJ,OAAO;KACR,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as url from \"url\";\n\nexport interface ParsedKeyVaultEntityIdentifier {\n /*\n The vault URI.\n /\n vaultUrl: string;\n /\n The version of key/secret/certificate. May be undefined.\n /\n version?: string;\n /\n The name of key/secret/certificate.\n */\n name: string;\n}\nexport function parseKeyvaultIdentifier(\n collection: string,\n identifier: string \| undefined\n): ParsedKeyVaultEntityIdentifier {\n if (typeof collection !== \"string\" \|\| !(collection = collection.trim())) {\n throw new Error(\"Invalid collection argument\");\n }\n\n if (typeof identifier !== \"string\" \|\| !(identifier = identifier.trim())) {\n throw new Error(\"Invalid identifier argument\");\n }\n\n let baseUri;\n try {\n baseUri = url.parse(identifier, true, true);\n } catch (e) {\n throw new Error(`Invalid ${collection} identifier: ${identifier}. Not a valid URI`);\n }\n\n // Path is of the form '/collection/name[/version]'\n const segments = (baseUri.pathname \|\| \"\").split(\"/\");\n if (segments.length !== 3 && segments.length !== 4) {\n throw new Error(\n `Invalid ${collection} identifier: ${identifier}. Bad number of segments: ${segments.length}`\n );\n }\n\n if (collection !== segments[1]) {\n throw new Error(\n `Invalid ${collection} identifier: ${identifier}. segment [1] should be \"${collection}\", found \"${segments[1]}\"`\n );\n }\n\n const vaultUrl = `${baseUri.protocol}//${baseUri.host}`;\n const name = segments[2];\n const version = segments.length === 4 ? segments[3] : undefined;\n return {\n vaultUrl,\n name,\n version,\n };\n}\n"]}
1	+ {"version":3,"file":"parseKeyvaultIdentifier.js","sourceRoot":"","sources":["../../../../keyvault-common/src/parseKeyvaultIdentifier.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,GAAG,MAAM,KAAK,CAAC;AAgB3B,MAAM,UAAU,uBAAuB,CACrC,UAAkB,EAClB,UAA8B;IAE9B,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE;QACvE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE;QACvE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAC;IACZ,IAAI;QACF,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;KAC7C;IAAC,OAAO,CAAM,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,WAAW,UAAU,gBAAgB,UAAU,mBAAmB,CAAC,CAAC;KACrF;IAED,mDAAmD;IACnD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QAClD,MAAM,IAAI,KAAK,CACb,WAAW,UAAU,gBAAgB,UAAU,6BAA6B,QAAQ,CAAC,MAAM,EAAE,CAC9F,CAAC;KACH;IAED,IAAI,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE;QAC9B,MAAM,IAAI,KAAK,CACb,WAAW,UAAU,gBAAgB,UAAU,4BAA4B,UAAU,aAAa,QAAQ,CAAC,CAAC,CAAC,GAAG,CACjH,CAAC;KACH;IAED,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,IAAI,EAAE,CAAC;IACxD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAChE,OAAO;QACL,QAAQ;QACR,IAAI;QACJ,OAAO;KACR,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as url from \"url\";\n\nexport interface ParsedKeyVaultEntityIdentifier {\n /*\n The vault URI.\n /\n vaultUrl: string;\n /\n The version of key/secret/certificate. May be undefined.\n /\n version?: string;\n /\n The name of key/secret/certificate.\n */\n name: string;\n}\nexport function parseKeyvaultIdentifier(\n collection: string,\n identifier: string \| undefined\n): ParsedKeyVaultEntityIdentifier {\n if (typeof collection !== \"string\" \|\| !(collection = collection.trim())) {\n throw new Error(\"Invalid collection argument\");\n }\n\n if (typeof identifier !== \"string\" \|\| !(identifier = identifier.trim())) {\n throw new Error(\"Invalid identifier argument\");\n }\n\n let baseUri;\n try {\n baseUri = url.parse(identifier, true, true);\n } catch (e: any) {\n throw new Error(`Invalid ${collection} identifier: ${identifier}. Not a valid URI`);\n }\n\n // Path is of the form '/collection/name[/version]'\n const segments = (baseUri.pathname \|\| \"\").split(\"/\");\n if (segments.length !== 3 && segments.length !== 4) {\n throw new Error(\n `Invalid ${collection} identifier: ${identifier}. Bad number of segments: ${segments.length}`\n );\n }\n\n if (collection !== segments[1]) {\n throw new Error(\n `Invalid ${collection} identifier: ${identifier}. segment [1] should be \"${collection}\", found \"${segments[1]}\"`\n );\n }\n\n const vaultUrl = `${baseUri.protocol}//${baseUri.host}`;\n const name = segments[2];\n const version = segments.length === 4 ? segments[3] : undefined;\n return {\n vaultUrl,\n name,\n version,\n };\n}\n"]}

package/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "@azure/keyvault-admin",
   "sdk-type": "client",
   "author": "Microsoft Corporation",
-  "version": "4.2.1-alpha.20220330.1",
+  "version": "4.2.1",
   "license": "MIT",
   "description": "Isomorphic client library for Azure KeyVault's administrative functions.",
   "homepage": "https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/keyvault/keyvault-admin/README.md",
@@ -74,7 +74,7 @@
     "constantPaths": [
       {
         "path": "src/generated/keyVaultClientContext.ts",
-        "prefix": "packageVersion"
+        "prefix": "packageDetails"
       },
       {
         "path": "src/constants.ts",
@@ -109,7 +109,7 @@
     "@azure/core-lro": "^2.2.0",
     "@azure/core-paging": "^1.1.1",
     "@azure/core-rest-pipeline": "^1.1.0",
-    "@azure/core-tracing": "1.0.0-preview.13",
+    "@azure/core-tracing": "^1.0.0",
     "@azure/logger": "^1.0.0",
     "@types/uuid": "^8.0.0",
     "tslib": "^2.2.0",
@@ -117,20 +117,20 @@
   },
   "devDependencies": {
     "@azure/abort-controller": "^1.0.0",
-    "@azure/core-util": "^1.0.0-beta.1",
-    "@azure/dev-tool": ">=1.0.0-alpha <1.0.0-alphb",
-    "@azure/eslint-plugin-azure-sdk": ">=3.0.0-alpha <3.0.0-alphb",
+    "@azure/core-util": "^1.0.0",
+    "@azure/dev-tool": "^1.0.0",
+    "@azure/eslint-plugin-azure-sdk": "^3.0.0",
     "@azure/identity": "^2.0.1",
     "@azure/keyvault-keys": "^4.2.1",
-    "@azure/test-utils": ">=1.0.0-alpha <1.0.0-alphb",
+    "@azure/test-utils": "^1.0.0",
     "@azure-tools/test-recorder": "^1.0.0",
-    "@microsoft/api-extractor": "^7.18.11",
+    "@microsoft/api-extractor": "7.18.11",
     "@types/mocha": "^7.0.2",
     "@types/node": "^12.0.0",
     "@types/sinon": "^9.0.4",
     "cross-env": "^7.0.2",
     "dotenv": "^8.2.0",
-    "eslint": "^7.15.0",
+    "eslint": "^8.0.0",
     "esm": "^3.2.18",
     "mocha": "^7.1.1",
     "mocha-junit-reporter": "^2.0.0",
@@ -139,6 +139,6 @@
     "rimraf": "^3.0.0",
     "sinon": "^9.0.2",
     "source-map-support": "^0.5.9",
-    "typescript": "~4.2.0"
+    "typescript": "~4.6.0"
   }
 }

package/CHANGELOG.md DELETED Viewed

@@ -1,116 +0,0 @@
-# Release History
-## 4.2.1 (Unreleased)
-### Features Added
-### Breaking Changes
-### Bugs Fixed
-### Other Changes
-## 4.2.0 (2022-03-24)
-### Other Changes
-- This release updates `BackupClient` and `AccessControlClient` to support service version 7.3 by default.
-## 4.2.0-beta.2 (2021-11-09)
-### Features Added
-- Support multi-tenant authentication against Key Vault and Managed HSM when using @azure/identity 2.0.0 or newer.
-### Other Changes
-- Updated the latest service version to 7.3.
-## 4.2.0-beta.1 (2021-08-10)
-- Move generated client to use @azure/core-rest-pipeline. For more information about Core V2, please refer to [the documentation](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/core#core-v1-and-core-v2).
-  - With this change, the response types no longer contain the raw response `_response`. To access the raw response, an `onResponse` callback has to be passed in the request options bag.
-    ```typescript
-    let rawResponse: FullOperationResponse | undefined;
-    await client.getRoleDefinition(globalScope, "roleDefinitionName", {
-      onResponse: (response) => (rawResponse = response),
-    });
-    ```
-## 4.1.0 (2021-07-29)
-### New Features
-- Support for Node.js 8 and IE 11 has been dropped. Please see our [support policy](https://github.com/Azure/azure-sdk-for-js/blob/main/SUPPORT.md) for more details.
-- Changed TS compilation target to ES2017 to produce smaller bundles and use more native platform features.
-- Updated our internal core package dependencies to their latest versions to add support for Opentelemetry 1.0.0, which is compatible with the latest versions of our other client libraries.
-## 4.1.0-beta.1 (2021-07-07)
-### Features Added
-- With the dropping of support for Node.js versions that are no longer in LTS, the dependency on `@types/node` has been updated to version 12. Read our [support policy](https://github.com/Azure/azure-sdk-for-js/blob/main/SUPPORT.md) for more details.
-## 4.0.1 (2021-06-15)
-### Bug Fixes
-- Fixed an issue where bundling could fail when importing this library due to an incorrectly set import.
-## 4.0.0 (2021-06-15)
-This release marks the general availability of the `@azure/keyvault-admin` package.
-### New Features
-- The `KeyVaultAccessControlClient` provides support for managing role-based access control (RBAC) operations.
-  - Both role assignments and custom role definitions are supported with the ability to create, read, update, and delete custom role definitions and assignments.
-- The `KeyVaultBackupClient` provides support for back up and restore operations for the entire Key Vault Managed HSM instance.
-  - Full Managed HSM backup and restore operations are supported.
-  - Selective Key Restore from a previous backup is also supported.
-### Changes since 4.0.0-beta.3:
-- Added the "KeyVault" prefix to all of the Key Vault Admin client operations.
-- Made the AesGcmDecryptParameters authenticationTag required.
-- Collapsed `KeyVaultRoleAssignmentPropertiesWithScope` to `KeyVaultRoleAssignmentProperties`.
-- Renamed `KeyVaultKeyId` to `KeyVaultKeyIdentifier`.
-- Renamed `beginRestore`'s `blobStorageUri` to `folderUri`.
-- Removed `folderName` from `beginRestore`. Now the folder name will be inferred from the `folderUri`.
-- Renamed `beginSelectiveRestore`'s `blobStorageUri` to `folderUri`.
-- Removed `folderName` from `beginSelectiveRestore`. Now the folder name will be inferred from the `folderUri`.
-- Reordered the parameters of `beginSelectiveRestore` to `keyName`, `folderUrl`, `sasToken`, `[options]`.
-- Renamed `KeyVaultBackupResult`'s `backupFolderUri` to `folderUri`.
-- Renamed `beginSelectiveRestore` to `beginSelectiveKeyRestore`.
-- Renamed `KeyVaultBeginSelectiveRestoreOptions` to `KeyVaultBeginSelectiveKeyRestoreOptions`.
-- Renamed `KeyVaultSelectiveRestoreOperationState` to `KeyVaultSelectiveKeyRestoreOperationState`.
-- Renamed `KeyVaultSelectiveRestoreResult` to `KeyVaultSelectiveKeyRestoreResult`.
-- `deleteRoleAssignment` and `deleteRoleDefinition` will no longer throw an exception when the resource no longer exist and return no result.
-## 4.0.0-beta.3 (2021-04-06)
-- Updated the Latest service version to 7.2.
-- Long Running Operations will now use the `status` field to determine whether the operation failed.
-- Improved tracing across the various KeyVault libraries. By switching to a consistent naming convention, ensuring spans are always closed appropriately, and setting the correct status when an operation errors developers can expect an improved experience when enabling distributed tracing.
-  - We now ensure tracing spans are properly closed with an appropriate status when an operation throws an exception.
-  - If a traced operation throws an exception we will now properly record the exception message in the tracing span.
-  - Finally, naming conventions have been standardized across the KeyVault libraries taking the format of `Azure.KeyVault.<PACKAGE NAME>.<CLIENT NAME>`.
-- Fixed an issue where retrying a failed initial Key Vault request may result in an empty body.
-## 4.0.0-beta.2 (2021-02-09)
-- [Breaking] Removed `dist-browser` from the published package. To bundle the Azure SDK libraries for the browsers, please read our bundling guide: [link](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/Bundling.md).
-- Updated the Key Vault Admin Long Running Operation Pollers to follow a more compact and meaningful approach moving forward.
-- Bug fix: The logging of HTTP requests wasn't properly working - now it has been fixed and tests have been written that verify the fix.
-- [Breaking] Return `BackupResult` and `RestoreResult` from backup/restore long running operations which will contain additional information about the operation as well any relevant data.
-- Backup / Restore polling will now correctly propagate any errors to the awaited call.
-- Add support for custom role definitions - creating, updating, and deleting role definitions are now supported.
-## 4.0.0-beta.1 (2020-09-11)
-The @azure/keyvault-admin package provides two clients, `KeyVaultAccessControlClient` and `KeyVaultBackupClient`.
-- The `KeyVaultAccessControlClient` allows working with role-based access control (RBAC) operations, meaning assigning, deleting and retrieving role assignments, and retrieving role definitions.
-- The `KeyVaultBackupClient` allows generating full backups and restores of Key Vault instances, and selective restores of keys.

package/dist-esm/keyvault-admin/src/challengeAuthenticationCallbacks.js DELETED Viewed

@@ -1,81 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { parseWWWAuthenticate } from "../../keyvault-common/src";
-/**
- * @internal
- *
- * Creates challenge callback handlers to manage CAE lifecycle in Azure Key Vault.
- *
- * Key Vault supports other authentication schemes, but we ensure challenge authentication
- * is used by first sending a copy of the request, without authorization or content.
- *
- * when the challenge is received, it will be authenticated and used to send the original
- * request with authorization.
- *
- * Following the first request of a client, follow-up requests will get the cached token
- * if possible.
- */
-export function createChallengeCallbacks() {
-    let challengeState = { status: "none" };
-    function requestToOptions(request) {
-        return {
-            abortSignal: request.abortSignal,
-            requestOptions: {
-                timeout: request.timeout,
-            },
-            tracingOptions: request.tracingOptions,
-        };
-    }
-    async function authorizeRequest(options) {
-        const { scopes, request } = options;
-        const requestOptions = requestToOptions(request);
-        switch (challengeState.status) {
-            case "none":
-                challengeState = {
-                    status: "started",
-                    originalBody: request.body,
-                };
-                request.body = null;
-                break;
-            case "started":
-                break; // Retry, we should not overwrite the original body
-            case "complete": {
-                const token = await options.getAccessToken(scopes, requestOptions);
-                if (token) {
-                    request.headers.set("authorization", `Bearer ${token.token}`);
-                }
-                break;
-            }
-        }
-        return Promise.resolve();
-    }
-    async function authorizeRequestOnChallenge(options) {
-        const { scopes, request, response } = options;
-        if (request.body === null && challengeState.status === "started") {
-            // Reset the original body before doing anything else.
-            // Note: If successful status will be "complete", otherwise "none" will
-            // restart the process.
-            request.body = challengeState.originalBody;
-        }
-        const getTokenOptions = requestToOptions(request);
-        const challenge = response.headers.get("WWW-Authenticate");
-        if (!challenge) {
-            throw new Error("Missing challenge.");
-        }
-        const parsedChallenge = parseWWWAuthenticate(challenge) || [];
-        const accessToken = await options.getAccessToken(parsedChallenge.scope ? [parsedChallenge.scope] : scopes, Object.assign(Object.assign({}, getTokenOptions), { tenantId: parsedChallenge.tenantId }));
-        if (!accessToken) {
-            return false;
-        }
-        options.request.headers.set("Authorization", `Bearer ${accessToken.token}`);
-        challengeState = {
-            status: "complete",
-        };
-        return true;
-    }
-    return {
-        authorizeRequest,
-        authorizeRequestOnChallenge,
-    };
-}
-//# sourceMappingURL=challengeAuthenticationCallbacks.js.map

package/dist-esm/keyvault-admin/src/challengeAuthenticationCallbacks.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"challengeAuthenticationCallbacks.js","sourceRoot":"","sources":["../../../src/challengeAuthenticationCallbacks.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AASlC,OAAO,EAAyB,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AA4BxF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,wBAAwB;IACtC,IAAI,cAAc,GAAmB,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAExD,SAAS,gBAAgB,CAAC,OAAwB;QAChD,OAAO;YACL,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,cAAc,EAAE;gBACd,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB;YACD,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,gBAAgB,CAAC,OAAgC;QAC9D,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;QACpC,MAAM,cAAc,GAAoB,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAElE,QAAQ,cAAc,CAAC,MAAM,EAAE;YAC7B,KAAK,MAAM;gBACT,cAAc,GAAG;oBACf,MAAM,EAAE,SAAS;oBACjB,YAAY,EAAE,OAAO,CAAC,IAAI;iBAC3B,CAAC;gBACF,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,MAAM;YACR,KAAK,SAAS;gBACZ,MAAM,CAAC,mDAAmD;YAC5D,KAAK,UAAU,CAAC,CAAC;gBACf,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;gBACnE,IAAI,KAAK,EAAE;oBACT,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;iBAC/D;gBACD,MAAM;aACP;SACF;QACD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,UAAU,2BAA2B,CACxC,OAA2C;QAE3C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;QAE9C,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,IAAI,cAAc,CAAC,MAAM,KAAK,SAAS,EAAE;YAChE,sDAAsD;YACtD,uEAAuE;YACvE,uBAAuB;YACvB,OAAO,CAAC,IAAI,GAAG,cAAc,CAAC,YAAY,CAAC;SAC5C;QAED,MAAM,eAAe,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAElD,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC3D,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;SACvC;QACD,MAAM,eAAe,GAA0B,oBAAoB,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAErF,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,cAAc,CAC9C,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,kCACnD,eAAe,KAAE,QAAQ,EAAE,eAAe,CAAC,QAAQ,IACzD,CAAC;QAEF,IAAI,CAAC,WAAW,EAAE;YAChB,OAAO,KAAK,CAAC;SACd;QAED,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;QAE5E,cAAc,GAAG;YACf,MAAM,EAAE,UAAU;SACnB,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,gBAAgB;QAChB,2BAA2B;KAC5B,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n AuthorizeRequestOnChallengeOptions,\n AuthorizeRequestOptions,\n ChallengeCallbacks,\n PipelineRequest,\n RequestBodyType,\n} from \"@azure/core-rest-pipeline\";\nimport { ParsedWWWAuthenticate, parseWWWAuthenticate } from \"../../keyvault-common/src\";\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * @internal\n * Holds the state of Challenge Auth.\n * When making the first request we force Key Vault to begin a challenge\n * by clearing out the request body and storing it locally.\n *\n * Later on, the authorizeRequestOnChallenge callback will process the\n * challenge and, if ready to resend the original request, reset the body\n * so that it may be sent again.\n *\n * Once a client has succeeded once, we can start skipping CAE.\n */\ntype ChallengeState =\n | {\n status: \"none\";\n }\n | {\n status: \"started\";\n originalBody?: RequestBodyType;\n }\n | {\n status: \"complete\";\n };\n\n/**\n * @internal\n *\n * Creates challenge callback handlers to manage CAE lifecycle in Azure Key Vault.\n *\n * Key Vault supports other authentication schemes, but we ensure challenge authentication\n * is used by first sending a copy of the request, without authorization or content.\n *\n * when the challenge is received, it will be authenticated and used to send the original\n * request with authorization.\n *\n * Following the first request of a client, follow-up requests will get the cached token\n * if possible.\n */\nexport function createChallengeCallbacks(): ChallengeCallbacks {\n let challengeState: ChallengeState = { status: \"none\" };\n\n function requestToOptions(request: PipelineRequest): GetTokenOptions {\n return {\n abortSignal: request.abortSignal,\n requestOptions: {\n timeout: request.timeout,\n },\n tracingOptions: request.tracingOptions,\n };\n }\n\n async function authorizeRequest(options: AuthorizeRequestOptions) {\n const { scopes, request } = options;\n const requestOptions: GetTokenOptions = requestToOptions(request);\n\n switch (challengeState.status) {\n case \"none\":\n challengeState = {\n status: \"started\",\n originalBody: request.body,\n };\n request.body = null;\n break;\n case \"started\":\n break; // Retry, we should not overwrite the original body\n case \"complete\": {\n const token = await options.getAccessToken(scopes, requestOptions);\n if (token) {\n request.headers.set(\"authorization\", `Bearer ${token.token}`);\n }\n break;\n }\n }\n return Promise.resolve();\n }\n\n async function authorizeRequestOnChallenge(\n options: AuthorizeRequestOnChallengeOptions\n ): Promise<boolean> {\n const { scopes, request, response } = options;\n\n if (request.body === null && challengeState.status === \"started\") {\n // Reset the original body before doing anything else.\n // Note: If successful status will be \"complete\", otherwise \"none\" will\n // restart the process.\n request.body = challengeState.originalBody;\n }\n\n const getTokenOptions = requestToOptions(request);\n\n const challenge = response.headers.get(\"WWW-Authenticate\");\n if (!challenge) {\n throw new Error(\"Missing challenge.\");\n }\n const parsedChallenge: ParsedWWWAuthenticate = parseWWWAuthenticate(challenge) || [];\n\n const accessToken = await options.getAccessToken(\n parsedChallenge.scope ? [parsedChallenge.scope] : scopes,\n { ...getTokenOptions, tenantId: parsedChallenge.tenantId }\n );\n\n if (!accessToken) {\n return false;\n }\n\n options.request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n\n challengeState = {\n status: \"complete\",\n };\n\n return true;\n }\n\n return {\n authorizeRequest,\n authorizeRequestOnChallenge,\n };\n}\n"]}