@cognite/dune 0.3.2 → 0.3.3

package/dist/deploy/index.d.ts

@@ -7,6 +7,10 @@ type Deployment = {
     deployClientId: string;
     deploySecretName: string;
     published: boolean;
+    /** Identity provider type. Defaults to "cdf" if not specified */
+    idpType?: "cdf" | "entra_id";
+    /** Tenant ID for Entra ID authentication. Required when idpType is "entra_id" */
+    tenantId?: string;
 };
 type App = {
     externalId: string;
@@ -85,6 +89,10 @@ declare class ApplicationPackager {
 
 declare const getSdk: (deployment: Deployment, folder: string) => Promise<CogniteClient>;
 
-declare const getToken: (deployClientId: string, deploySecretName: string) => Promise<any>;
+/**
+ * Get access token for deployment using the appropriate identity provider.
+ * Supports both CDF OAuth and Entra ID (Azure AD) authentication.
+ */
+declare const getToken: (deployment: Deployment) => Promise<string>;
 
 export { type App, ApplicationPackager, CdfApplicationDeployer, type Deployment, deploy, getSdk, getToken };

package/dist/deploy/index.js

@@ -187,22 +187,39 @@ var loadSecretsFromEnv = () => {
     return {};
   }
 };
-var getToken = async (deployClientId, deploySecretName) => {
+var getSecretFromEnv = (secretEnvVarName) => {
   let deploySecret;
   if (process.env.DEPLOYMENT_SECRET) {
     deploySecret = process.env.DEPLOYMENT_SECRET;
   }
   if (!deploySecret) {
     const secrets = loadSecretsFromEnv();
-    deploySecret = secrets[deploySecretName];
+    deploySecret = secrets[secretEnvVarName];
   }
   if (!deploySecret) {
-    deploySecret = process.env[deploySecretName];
+    deploySecret = process.env[secretEnvVarName];
   }
   if (!deploySecret) {
-    throw new Error(`Deployment secret not found in environment: ${deploySecretName}`);
+    throw new Error(`Secret not found in environment: ${secretEnvVarName}`);
   }
-  const header = `Basic ${btoa(`${deployClientId}:${deploySecret}`)}`;
+  return deploySecret;
+};
+var extractClusterFromUrl = (url) => {
+  if (!url) return "";
+  try {
+    const urlObj = new URL(url);
+    const hostname = urlObj.hostname;
+    return hostname.replace(/\.cognitedata\.com$/, "");
+  } catch {
+    let cluster = url.replace(/^https?:\/\//, "");
+    cluster = cluster.split("/")[0];
+    cluster = cluster.split(":")[0];
+    cluster = cluster.replace(/\.cognitedata\.com$/, "");
+    return cluster;
+  }
+};
+var getTokenCdf = async (clientId, clientSecret) => {
+  const header = `Basic ${btoa(`${clientId}:${clientSecret}`)}`;
   const response = await fetch("https://auth.cognite.com/oauth2/token", {
     method: "POST",
     headers: {
@@ -212,15 +229,80 @@ var getToken = async (deployClientId, deploySecretName) => {
     body: new URLSearchParams({ grant_type: "client_credentials" })
   });
   if (!response.ok) {
-    throw new Error(`Failed to get token: ${response.status} ${response.statusText}`);
+    const errorText = await response.text();
+    throw new Error(
+      `Failed to get token from CDF: ${response.status} ${response.statusText}
+${errorText}`
+    );
   }
   const data = await response.json();
+  if (!data.access_token) {
+    throw new Error("No access token returned from CDF authentication");
+  }
   return data.access_token;
 };
+var getTokenEntra = async (clientId, clientSecret, tenantId, baseUrl) => {
+  if (!baseUrl) {
+    throw new Error(
+      "Entra ID authentication requires 'baseUrl' to be set in deployment configuration"
+    );
+  }
+  const cluster = extractClusterFromUrl(baseUrl);
+  if (!cluster) {
+    throw new Error(
+      `Entra ID authentication requires 'baseUrl' to be a valid CDF URL (e.g., https://cluster.cognitedata.com), got: ${baseUrl}`
+    );
+  }
+  const tokenUrl = `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`;
+  const scope = `https://${cluster}.cognitedata.com/.default`;
+  const response = await fetch(tokenUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: new URLSearchParams({
+      client_id: clientId,
+      client_secret: clientSecret,
+      scope,
+      grant_type: "client_credentials"
+    })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(
+      `Failed to get token from Entra ID: ${response.status} ${response.statusText}
+${errorText}`
+    );
+  }
+  const data = await response.json();
+  if (!data.access_token) {
+    throw new Error("No access token returned from Entra ID authentication");
+  }
+  return data.access_token;
+};
+var getToken = async (deployment) => {
+  const {
+    deployClientId,
+    deploySecretName,
+    idpType = "cdf",
+    tenantId,
+    baseUrl
+  } = deployment;
+  const deploySecret = getSecretFromEnv(deploySecretName);
+  if (idpType === "entra_id") {
+    if (!tenantId) {
+      throw new Error(
+        "Entra ID authentication requires 'tenantId' in deployment configuration"
+      );
+    }
+    return getTokenEntra(deployClientId, deploySecret, tenantId, baseUrl);
+  }
+  return getTokenCdf(deployClientId, deploySecret);
+};
 
 // src/deploy/get-sdk.ts
 var getSdk = async (deployment, folder) => {
-  const token = await getToken(deployment.deployClientId, deployment.deploySecretName);
+  const token = await getToken(deployment);
   const sdk = new CogniteClient({
     appId: folder,
     project: deployment.project,

package/dist/vite/index.d.ts

@@ -5,6 +5,7 @@ interface ViteDevServer {
         } | string | null;
         on: (event: string, callback: () => void) => void;
     } | null;
+    printUrls: () => void;
 }
 declare const fusionOpenPlugin: () => {
     name: string;

package/dist/vite/index.js

@@ -14,7 +14,7 @@ var fusionOpenPlugin = () => {
   return {
     name: "fusion-open",
     configureServer(server) {
-      server.httpServer?.on("listening", () => {
+      server.printUrls = () => {
         const address = server.httpServer?.address();
         const port = address && typeof address === "object" ? address.port : 3001;
         const appJsonPath = path.join(process.cwd(), "app.json");
@@ -26,13 +26,16 @@ var fusionOpenPlugin = () => {
             const parsedBaseUrl = baseUrl?.split("//")[1];
             if (org && project && baseUrl) {
               const fusionUrl = `https://${org}.fusion.cognite.com/${project}/streamlit-apps/dune/development/${port}?cluster=${parsedBaseUrl}&workspace=industrial-tools`;
+              console.log(`  \u279C  Fusion: ${fusionUrl}`);
               openUrl(fusionUrl);
+              return;
             }
           } catch (error) {
             console.warn("Failed to read app.json for Fusion URL", error);
           }
         }
-      });
+        console.warn("  \u279C  No valid app.json found \u2014 cannot determine Fusion URL");
+      };
     }
   };
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cognite/dune",
-  "version": "0.3.2",
+  "version": "0.3.3",
   "description": "Build and deploy React apps to Cognite Data Fusion",
   "keywords": ["cognite", "dune", "cdf", "fusion", "react", "scaffold", "deploy"],
   "license": "Apache-2.0",

package/src/deploy/get-sdk.ts

@@ -4,7 +4,7 @@ import { getToken } from './login';
 import type { Deployment } from './types';
 
 export const getSdk = async (deployment: Deployment, folder: string) => {
-  const token = await getToken(deployment.deployClientId, deployment.deploySecretName);
+  const token = await getToken(deployment);
   const sdk = new CogniteClient({
     appId: folder,
     project: deployment.project,

package/src/deploy/login.test.ts

@@ -0,0 +1,49 @@
+import { describe, expect, it } from "vitest";
+import { extractClusterFromUrl } from "./login";
+
+describe("extractClusterFromUrl", () => {
+  it("extracts cluster name from standard CDF URL", () => {
+    expect(extractClusterFromUrl("https://az-ams-sp-002.cognitedata.com")).toBe(
+      "az-ams-sp-002"
+    );
+  });
+
+  it("extracts cluster name from URL with path", () => {
+    expect(
+      extractClusterFromUrl("https://westeurope-1.cognitedata.com/api/v1")
+    ).toBe("westeurope-1");
+  });
+
+  it("extracts cluster name from greenfield URL", () => {
+    expect(
+      extractClusterFromUrl("https://greenfield.cognitedata.com")
+    ).toBe("greenfield");
+  });
+
+  it("handles URL with port", () => {
+    expect(
+      extractClusterFromUrl("https://az-ams-sp-002.cognitedata.com:443")
+    ).toBe("az-ams-sp-002");
+  });
+
+  it("handles URL without protocol", () => {
+    expect(extractClusterFromUrl("az-ams-sp-002.cognitedata.com")).toBe(
+      "az-ams-sp-002"
+    );
+  });
+
+  it("returns empty string for empty input", () => {
+    expect(extractClusterFromUrl("")).toBe("");
+  });
+
+  it("handles malformed URL gracefully", () => {
+    // Should use fallback string manipulation
+    expect(extractClusterFromUrl("not-a-valid-url")).toBe("not-a-valid-url");
+  });
+
+  it("extracts cluster from http URL", () => {
+    expect(extractClusterFromUrl("http://az-ams-sp-002.cognitedata.com")).toBe(
+      "az-ams-sp-002"
+    );
+  });
+});

package/src/deploy/login.ts

@@ -1,3 +1,5 @@
+import type { Deployment } from "./types";
+
 /**
  * Load secrets from DEPLOYMENT_SECRETS environment variable (JSON)
  */
@@ -27,7 +29,10 @@ const loadSecretsFromEnv = (): Record<string, string> => {
   }
 };
 
-export const getToken = async (deployClientId: string, deploySecretName: string) => {
+/**
+ * Get the deployment secret from environment variables
+ */
+const getSecretFromEnv = (secretEnvVarName: string): string => {
   let deploySecret: string | undefined;
 
   // First try DEPLOYMENT_SECRET (for matrix-based deployments)
@@ -38,21 +43,54 @@ export const getToken = async (deployClientId: string, deploySecretName: string)
   // Then try to get from DEPLOYMENT_SECRETS JSON
   if (!deploySecret) {
     const secrets = loadSecretsFromEnv();
-    deploySecret = secrets[deploySecretName];
+    deploySecret = secrets[secretEnvVarName];
   }
 
   // Fall back to direct environment variable for local development
   if (!deploySecret) {
-    deploySecret = process.env[deploySecretName];
+    deploySecret = process.env[secretEnvVarName];
   }
 
   if (!deploySecret) {
-    throw new Error(`Deployment secret not found in environment: ${deploySecretName}`);
+    throw new Error(`Secret not found in environment: ${secretEnvVarName}`);
   }
 
-  const header = `Basic ${btoa(`${deployClientId}:${deploySecret}`)}`;
-  const response = await fetch('https://auth.cognite.com/oauth2/token', {
-    method: 'POST',
+  return deploySecret;
+};
+
+/**
+ * Extract cluster name from base URL
+ * @param url - Full URL like "https://az-ams-sp-002.cognitedata.com"
+ * @returns Cluster name like "az-ams-sp-002"
+ */
+export const extractClusterFromUrl = (url: string): string => {
+  if (!url) return "";
+
+  try {
+    const urlObj = new URL(url);
+    const hostname = urlObj.hostname;
+    // Remove .cognitedata.com suffix
+    return hostname.replace(/\.cognitedata\.com$/, "");
+  } catch {
+    // Fallback to simple string manipulation
+    let cluster = url.replace(/^https?:\/\//, "");
+    cluster = cluster.split("/")[0]; // Remove path
+    cluster = cluster.split(":")[0]; // Remove port
+    cluster = cluster.replace(/\.cognitedata\.com$/, "");
+    return cluster;
+  }
+};
+
+/**
+ * Get access token using CDF OAuth provider
+ */
+const getTokenCdf = async (
+  clientId: string,
+  clientSecret: string
+): Promise<string> => {
+  const header = `Basic ${btoa(`${clientId}:${clientSecret}`)}`;
+  const response = await fetch("https://auth.cognite.com/oauth2/token", {
+    method: "POST",
     headers: {
       Authorization: header,
       'Content-Type': 'application/x-www-form-urlencoded',
@@ -61,9 +99,94 @@ export const getToken = async (deployClientId: string, deploySecretName: string)
   });
 
   if (!response.ok) {
-    throw new Error(`Failed to get token: ${response.status} ${response.statusText}`);
+    const errorText = await response.text();
+    throw new Error(
+      `Failed to get token from CDF: ${response.status} ${response.statusText}\n${errorText}`
+    );
   }
 
-  const data = await response.json();
+  const data = (await response.json()) satisfies { access_token?: string };
+  if (!data.access_token) {
+    throw new Error("No access token returned from CDF authentication");
+  }
   return data.access_token;
 };
+
+/**
+ * Get access token using Entra ID (Azure AD) OAuth provider
+ */
+const getTokenEntra = async (
+  clientId: string,
+  clientSecret: string,
+  tenantId: string,
+  baseUrl: string
+): Promise<string> => {
+  if (!baseUrl) {
+    throw new Error(
+      "Entra ID authentication requires 'baseUrl' to be set in deployment configuration"
+    );
+  }
+  const cluster = extractClusterFromUrl(baseUrl);
+  if (!cluster) {
+    throw new Error(
+      `Entra ID authentication requires 'baseUrl' to be a valid CDF URL (e.g., https://cluster.cognitedata.com), got: ${baseUrl}`
+    );
+  }
+
+  const tokenUrl = `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`;
+  const scope = `https://${cluster}.cognitedata.com/.default`;
+
+  const response = await fetch(tokenUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+    },
+    body: new URLSearchParams({
+      client_id: clientId,
+      client_secret: clientSecret,
+      scope: scope,
+      grant_type: "client_credentials",
+    }),
+  });
+
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(
+      `Failed to get token from Entra ID: ${response.status} ${response.statusText}\n${errorText}`
+    );
+  }
+
+  const data = (await response.json()) satisfies { access_token?: string };
+  if (!data.access_token) {
+    throw new Error("No access token returned from Entra ID authentication");
+  }
+  return data.access_token;
+};
+
+/**
+ * Get access token for deployment using the appropriate identity provider.
+ * Supports both CDF OAuth and Entra ID (Azure AD) authentication.
+ */
+export const getToken = async (deployment: Deployment): Promise<string> => {
+  const {
+    deployClientId,
+    deploySecretName,
+    idpType = "cdf",
+    tenantId,
+    baseUrl,
+  } = deployment;
+
+  const deploySecret = getSecretFromEnv(deploySecretName);
+
+  if (idpType === "entra_id") {
+    if (!tenantId) {
+      throw new Error(
+        "Entra ID authentication requires 'tenantId' in deployment configuration"
+      );
+    }
+    return getTokenEntra(deployClientId, deploySecret, tenantId, baseUrl);
+  }
+
+  // Default: CDF provider
+  return getTokenCdf(deployClientId, deploySecret);
+};

package/src/deploy/types.ts

@@ -5,6 +5,10 @@ export type Deployment = {
   deployClientId: string;
   deploySecretName: string;
   published: boolean;
+  /** Identity provider type. Defaults to "cdf" if not specified */
+  idpType?: "cdf" | "entra_id";
+  /** Tenant ID for Entra ID authentication. Required when idpType is "entra_id" */
+  tenantId?: string;
 };
 
 export type App = {

package/src/vite/fusion-open-plugin.ts

@@ -17,13 +17,14 @@ interface ViteDevServer {
     address: () => { port: number } | string | null;
     on: (event: string, callback: () => void) => void;
   } | null;
+  printUrls: () => void;
 }
 
 export const fusionOpenPlugin = () => {
   return {
     name: 'fusion-open',
     configureServer(server: ViteDevServer) {
-      server.httpServer?.on('listening', () => {
+      server.printUrls = () => {
         const address = server.httpServer?.address();
         const port = address && typeof address === 'object' ? address.port : 3001;
 
@@ -33,19 +34,20 @@ export const fusionOpenPlugin = () => {
             const appJson = JSON.parse(fs.readFileSync(appJsonPath, 'utf-8'));
             const firstDeployment = appJson.deployments?.[0];
             const { org, project, baseUrl } = firstDeployment || {};
-
             const parsedBaseUrl = baseUrl?.split('//')[1];
 
             if (org && project && baseUrl) {
               const fusionUrl = `https://${org}.fusion.cognite.com/${project}/streamlit-apps/dune/development/${port}?cluster=${parsedBaseUrl}&workspace=industrial-tools`;
-
+              console.log(`  ➜  Fusion: ${fusionUrl}`);
               openUrl(fusionUrl);
+              return;
             }
           } catch (error) {
             console.warn('Failed to read app.json for Fusion URL', error);
           }
         }
-      });
+        console.warn('  ➜  No valid app.json found — cannot determine Fusion URL');
+      };
     },
   };
 };