@microsoft/vscode-azext-azureauth 1.0.0

package/LICENSE.md

@@ -0,0 +1,21 @@
+    MIT License
+
+    Copyright (c) Microsoft Corporation. All rights reserved.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE

package/README.md

@@ -0,0 +1,93 @@
+# VSCode Azure SDK for Node.js - Azure Auth
+
+[![Build Status](https://dev.azure.com/ms-azuretools/AzCode/_apis/build/status/vscode-azuretools)](https://dev.azure.com/ms-azuretools/AzCode/_build/latest?definitionId=17)
+
+This package provides a simple way to authenticate to Azure and receive Azure subscription information.
+
+## Azure Subscription Provider
+
+The `AzureSubscriptionProvider` interface describes the functions of this package.
+
+```typescript
+/**
+ * An interface for obtaining Azure subscription information
+ */
+export interface AzureSubscriptionProvider {
+    /**
+     * Gets a list of Azure subscriptions available to the user.
+     *
+     * @param filter - Whether to filter the list returned, according to the list returned
+     * by `getTenantFilters()` and `getSubscriptionFilters()`. Optional, default true.
+     *
+     * @returns A list of Azure subscriptions.
+     *
+     * @throws A {@link NotSignedInError} If the user is not signed in to Azure.
+     * Use {@link isSignedIn} and/or {@link signIn} before this method to ensure
+     * the user is signed in.
+     */
+    getSubscriptions(filter: boolean): Promise<AzureSubscription[]>;
+
+    /**
+     * Checks to see if a user is signed in.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     */
+    isSignedIn(): Promise<boolean>;
+
+    /**
+     * Asks the user to sign in or pick an account to use.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     */
+    signIn(): Promise<boolean>;
+
+    /**
+     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
+     */
+    onDidSignIn: vscode.Event<void>;
+
+    /**
+     * Signs the user out
+     *
+     * @deprecated Not currently supported by VS Code auth providers
+     *
+     * @throws Throws an {@link Error} every time
+     */
+    signOut(): Promise<void>;
+
+    /**
+     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
+     */
+    onDidSignOut: vscode.Event<void>;
+}
+```
+
+If the caller calls `getSubscriptions()` when the user is not signed in, a `NotSignedInError` will be thrown. You can check to see if a caught error is an instance of this error with `isNotSignedInError()`.
+
+## Azure Cloud Configuration
+Two methods are available for controlling the VSCode settings that determine what cloud is connected to when enumerating subscriptions.
+
+```typescript
+/**
+ * Gets the configured Azure environment.
+ *
+ * @returns The configured Azure environment from the `microsoft-sovereign-cloud.endpoint` setting.
+ */
+export declare function getConfiguredAzureEnv(): azureEnv.Environment & {
+    isCustomCloud: boolean;
+};
+
+/**
+ * Sets the configured Azure cloud.
+ *
+ * @param cloud Use `'AzureCloud'` for public Azure cloud, `'AzureChinaCloud'` for Azure China, or `'AzureUSGovernment'` for Azure US Government.
+ * These are the same values as the cloud names in `@azure/ms-rest-azure-env`. For a custom cloud, use an instance of the `@azure/ms-rest-azure-env` `EnvironmentParameters`.
+ *
+ * @param target (Optional) The configuration target to use, by default {@link vscode.ConfigurationTarget.Global}.
+ */
+export declare function setConfiguredAzureEnv(cloud: string | azureEnv.EnvironmentParameters, target?: vscode.ConfigurationTarget): Promise<void>;
+```
+
+## License
+
+[MIT](LICENSE.md)

package/out/src/AzureAuthentication.d.ts

@@ -0,0 +1,14 @@
+import type * as vscode from 'vscode';
+/**
+ * Represents a means of obtaining authentication data for an Azure subscription.
+ */
+export interface AzureAuthentication {
+    /**
+     * Gets a VS Code authentication session for an Azure subscription.
+     *
+     * @param scopes - The scopes for which the authentication is needed.
+     *
+     * @returns A VS Code authentication session or undefined, if none could be obtained.
+     */
+    getSession(scopes?: string[]): vscode.ProviderResult<vscode.AuthenticationSession>;
+}

package/out/src/AzureAuthentication.js

@@ -0,0 +1,7 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=AzureAuthentication.js.map

package/out/src/AzureSubscription.d.ts

@@ -0,0 +1,44 @@
+import type { TokenCredential } from '@azure/core-auth';
+import type { Environment } from '@azure/ms-rest-azure-env';
+import type { AzureAuthentication } from './AzureAuthentication';
+/**
+ * A type representing an Azure subscription ID, not including the tenant ID.
+ */
+export type SubscriptionId = string;
+/**
+ * A type representing an Azure tenant ID.
+ */
+export type TenantId = string;
+/**
+ * Represents an Azure subscription.
+ */
+export interface AzureSubscription {
+    /**
+     * Access to the authentication session associated with this subscription.
+     */
+    readonly authentication: AzureAuthentication;
+    /**
+     * The Azure environment to which this subscription belongs.
+     */
+    readonly environment: Environment;
+    /**
+     * Whether this subscription belongs to a custom cloud.
+     */
+    readonly isCustomCloud: boolean;
+    /**
+     * The display name of this subscription.
+     */
+    readonly name: string;
+    /**
+     * The ID of this subscription.
+     */
+    readonly subscriptionId: SubscriptionId;
+    /**
+     * The ID of the tenant to which this subscription belongs.
+     */
+    readonly tenantId: TenantId;
+    /**
+     * The credential for authentication to this subscription. Compatible with Azure track 2 SDKs.
+     */
+    readonly credential: TokenCredential;
+}

package/out/src/AzureSubscription.js

@@ -0,0 +1,7 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=AzureSubscription.js.map

package/out/src/AzureSubscriptionProvider.d.ts

@@ -0,0 +1,48 @@
+import type * as vscode from 'vscode';
+import type { AzureSubscription } from './AzureSubscription';
+/**
+ * An interface for obtaining Azure subscription information
+ */
+export interface AzureSubscriptionProvider {
+    /**
+     * Gets a list of Azure subscriptions available to the user.
+     *
+     * @param filter - Whether to filter the list returned, according to the list returned
+     * by `getTenantFilters()` and `getSubscriptionFilters()`. Optional, default true.
+     *
+     * @returns A list of Azure subscriptions.
+     *
+     * @throws A {@link NotSignedInError} If the user is not signed in to Azure.
+     * Use {@link isSignedIn} and/or {@link signIn} before this method to ensure
+     * the user is signed in.
+     */
+    getSubscriptions(filter: boolean): Promise<AzureSubscription[]>;
+    /**
+     * Checks to see if a user is signed in.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     */
+    isSignedIn(): Promise<boolean>;
+    /**
+     * Asks the user to sign in or pick an account to use.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     */
+    signIn(): Promise<boolean>;
+    /**
+     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
+     */
+    onDidSignIn: vscode.Event<void>;
+    /**
+     * Signs the user out
+     *
+     * @deprecated Not currently supported by VS Code auth providers
+     *
+     * @throws Throws an {@link Error} every time
+     */
+    signOut(): Promise<void>;
+    /**
+     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
+     */
+    onDidSignOut: vscode.Event<void>;
+}

package/out/src/AzureSubscriptionProvider.js

@@ -0,0 +1,7 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=AzureSubscriptionProvider.js.map

package/out/src/NotSignedInError.d.ts

@@ -0,0 +1,15 @@
+/**
+ * An error indicating the user is not signed in.
+ */
+export declare class NotSignedInError extends Error {
+    readonly isNotSignedInError = true;
+    constructor();
+}
+/**
+ * Tests if an object is a `NotSignedInError`. This should be used instead of `instanceof`.
+ *
+ * @param error The object to test
+ *
+ * @returns True if the object is a NotSignedInError, false otherwise
+ */
+export declare function isNotSignedInError(error: unknown): error is NotSignedInError;

package/out/src/NotSignedInError.js

@@ -0,0 +1,30 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isNotSignedInError = exports.NotSignedInError = void 0;
+const vscode = require("vscode");
+/**
+ * An error indicating the user is not signed in.
+ */
+class NotSignedInError extends Error {
+    constructor() {
+        super(vscode.l10n.t('You are not signed in to an Azure account. Please sign in.'));
+        this.isNotSignedInError = true;
+    }
+}
+exports.NotSignedInError = NotSignedInError;
+/**
+ * Tests if an object is a `NotSignedInError`. This should be used instead of `instanceof`.
+ *
+ * @param error The object to test
+ *
+ * @returns True if the object is a NotSignedInError, false otherwise
+ */
+function isNotSignedInError(error) {
+    return !!error && typeof error === 'object' && error.isNotSignedInError === true;
+}
+exports.isNotSignedInError = isNotSignedInError;
+//# sourceMappingURL=NotSignedInError.js.map

package/out/src/VSCodeAzureSubscriptionProvider.d.ts

@@ -0,0 +1,112 @@
+import * as vscode from 'vscode';
+import type { AzureSubscription, SubscriptionId, TenantId } from './AzureSubscription';
+import type { AzureSubscriptionProvider } from './AzureSubscriptionProvider';
+/**
+ * A class for obtaining Azure subscription information using VSCode's built-in authentication
+ * provider.
+ */
+export declare class VSCodeAzureSubscriptionProvider extends vscode.Disposable implements AzureSubscriptionProvider {
+    private readonly onDidSignInEmitter;
+    private lastSignInEventFired;
+    private suppressSignInEvents;
+    private readonly onDidSignOutEmitter;
+    private lastSignOutEventFired;
+    constructor();
+    /**
+     * Gets a list of Azure subscriptions available to the user.
+     *
+     * @param filter - Whether to filter the list returned, according to the list returned
+     * by `getTenantFilters()` and `getSubscriptionFilters()`. Optional, default true.
+     *
+     * @returns A list of Azure subscriptions.
+     *
+     * @throws A {@link NotSignedInError} If the user is not signed in to Azure.
+     * Use {@link isSignedIn} and/or {@link signIn} before this method to ensure
+     * the user is signed in.
+     */
+    getSubscriptions(filter?: boolean): Promise<AzureSubscription[]>;
+    /**
+     * Checks to see if a user is signed in.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     */
+    isSignedIn(): Promise<boolean>;
+    /**
+     * Asks the user to sign in or pick an account to use.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     */
+    signIn(): Promise<boolean>;
+    /**
+     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
+     */
+    readonly onDidSignIn: vscode.Event<void>;
+    /**
+     * Signs the user out
+     *
+     * @deprecated Not currently supported by VS Code auth providers
+     */
+    signOut(): Promise<void>;
+    /**
+     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
+     */
+    readonly onDidSignOut: vscode.Event<void>;
+    /**
+     * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
+     * and/or `getTenantFilters()` overridden.
+     *
+     * If no values are returned by `getTenantFilters()`, then all tenants will be scanned for subscriptions.
+     *
+     * @returns A list of tenant IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    protected getTenantFilters(): Promise<TenantId[]>;
+    /**
+     * Gets the subscription filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
+     * and/or `getTenantFilters()` overridden.
+     *
+     * If no values are returned by `getSubscriptionFilters()`, then all subscriptions will be returned.
+     *
+     * @returns A list of subscription IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    protected getSubscriptionFilters(): Promise<SubscriptionId[]>;
+    /**
+     * Gets the tenants available to a user.
+     *
+     * @returns The list of tenants visible to the user.
+     */
+    private getTenants;
+    /**
+     * Gets the subscriptions for a given tenant.
+     *
+     * @param tenantId The tenant ID to get subscriptions for.
+     *
+     * @returns The list of subscriptions for the tenant.
+     */
+    private getSubscriptionsForTenant;
+    /**
+     * Gets a fully-configured subscription client for a given tenant ID
+     *
+     * @param tenantId (Optional) The tenant ID to get a client for
+     *
+     * @returns A client, the credential used by the client, and the authentication function
+     */
+    private getSubscriptionClient;
+    /**
+     * Gets a normalized list of scopes
+     *
+     * @param scopes An input scope string, list, or undefined
+     * @param tenantId (Optional) The tenant ID, will be added to the scopes
+     *
+     * @returns A list of scopes, with the default scope and (optionally) the tenant scope added
+     */
+    private getScopes;
+    /**
+     * Gets the default Azure scopes required for resource management,
+     * depending on the configured endpoint
+     *
+     * @returns The default Azure scopes required
+     */
+    private getDefaultScopes;
+}

package/out/src/VSCodeAzureSubscriptionProvider.js

@@ -0,0 +1,321 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __asyncValues = (this && this.__asyncValues) || function (o) {
+    if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
+    var m = o[Symbol.asyncIterator], i;
+    return m ? m.call(o) : (o = typeof __values === "function" ? __values(o) : o[Symbol.iterator](), i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i);
+    function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; }
+    function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VSCodeAzureSubscriptionProvider = void 0;
+const vscode = require("vscode");
+const NotSignedInError_1 = require("./NotSignedInError");
+const configuredAzureEnv_1 = require("./utils/configuredAzureEnv");
+const EventDebounce = 5 * 1000; // 5 seconds
+/**
+ * A class for obtaining Azure subscription information using VSCode's built-in authentication
+ * provider.
+ */
+class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
+    constructor() {
+        const disposable = vscode.authentication.onDidChangeSessions((e) => __awaiter(this, void 0, void 0, function* () {
+            // Ignore any sign in that isn't for the configured auth provider
+            if (e.provider.id !== (0, configuredAzureEnv_1.getConfiguredAuthProviderId)()) {
+                return;
+            }
+            if (yield this.isSignedIn()) {
+                if (!this.suppressSignInEvents && Date.now() > this.lastSignInEventFired + EventDebounce) {
+                    this.lastSignInEventFired = Date.now();
+                    this.onDidSignInEmitter.fire();
+                }
+            }
+            else if (Date.now() > this.lastSignOutEventFired + EventDebounce) {
+                this.lastSignOutEventFired = Date.now();
+                this.onDidSignOutEmitter.fire();
+            }
+        }));
+        super(() => {
+            this.onDidSignInEmitter.dispose();
+            this.onDidSignOutEmitter.dispose();
+            disposable.dispose();
+        });
+        this.onDidSignInEmitter = new vscode.EventEmitter();
+        this.lastSignInEventFired = 0;
+        this.suppressSignInEvents = false;
+        this.onDidSignOutEmitter = new vscode.EventEmitter();
+        this.lastSignOutEventFired = 0;
+        /**
+         * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
+         */
+        this.onDidSignIn = this.onDidSignInEmitter.event;
+        /**
+         * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
+         */
+        this.onDidSignOut = this.onDidSignOutEmitter.event;
+    }
+    /**
+     * Gets a list of Azure subscriptions available to the user.
+     *
+     * @param filter - Whether to filter the list returned, according to the list returned
+     * by `getTenantFilters()` and `getSubscriptionFilters()`. Optional, default true.
+     *
+     * @returns A list of Azure subscriptions.
+     *
+     * @throws A {@link NotSignedInError} If the user is not signed in to Azure.
+     * Use {@link isSignedIn} and/or {@link signIn} before this method to ensure
+     * the user is signed in.
+     */
+    getSubscriptions(filter = true) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const tenantIds = yield this.getTenantFilters();
+            const tenantFilterNormalized = filter && !!tenantIds.length; // If the list is empty it is treated as "no filter"
+            const subscriptionIds = yield this.getSubscriptionFilters();
+            const subscriptionFilterNormalized = filter && !!subscriptionIds.length; // If the list is empty it is treated as "no filter"
+            const results = [];
+            try {
+                this.suppressSignInEvents = true;
+                // Get the list of tenants
+                for (const tenant of yield this.getTenants()) {
+                    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+                    const tenantId = tenant.tenantId;
+                    // If filtering is enabled, and the current tenant is not in that list, then skip it
+                    if (tenantFilterNormalized && !tenantIds.includes(tenantId)) {
+                        continue;
+                    }
+                    // For each tenant, get the list of subscriptions
+                    for (const subscription of yield this.getSubscriptionsForTenant(tenantId)) {
+                        // If filtering is enabled, and the current subscription is not in that list, then skip it
+                        if (subscriptionFilterNormalized && !subscriptionIds.includes(subscription.subscriptionId)) {
+                            continue;
+                        }
+                        results.push(subscription);
+                    }
+                }
+            }
+            finally {
+                this.suppressSignInEvents = false;
+            }
+            return results;
+        });
+    }
+    /**
+     * Checks to see if a user is signed in.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     */
+    isSignedIn() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const session = yield vscode.authentication.getSession((0, configuredAzureEnv_1.getConfiguredAuthProviderId)(), this.getDefaultScopes(), { createIfNone: false, silent: true });
+            return !!session;
+        });
+    }
+    /**
+     * Asks the user to sign in or pick an account to use.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     */
+    signIn() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const session = yield vscode.authentication.getSession((0, configuredAzureEnv_1.getConfiguredAuthProviderId)(), this.getDefaultScopes(), { createIfNone: true, clearSessionPreference: true });
+            return !!session;
+        });
+    }
+    /**
+     * Signs the user out
+     *
+     * @deprecated Not currently supported by VS Code auth providers
+     */
+    signOut() {
+        throw new Error(vscode.l10n.t('Signing out programmatically is not supported. You must sign out by selecting the account in the Accounts menu and choosing Sign Out.'));
+    }
+    /**
+     * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
+     * and/or `getTenantFilters()` overridden.
+     *
+     * If no values are returned by `getTenantFilters()`, then all tenants will be scanned for subscriptions.
+     *
+     * @returns A list of tenant IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    getTenantFilters() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const config = vscode.workspace.getConfiguration('azureResourceGroups');
+            const fullSubscriptionIds = config.get('selectedSubscriptions', []);
+            return fullSubscriptionIds.map(id => id.split('/')[0]);
+        });
+    }
+    /**
+     * Gets the subscription filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
+     * and/or `getTenantFilters()` overridden.
+     *
+     * If no values are returned by `getSubscriptionFilters()`, then all subscriptions will be returned.
+     *
+     * @returns A list of subscription IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    getSubscriptionFilters() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const config = vscode.workspace.getConfiguration('azureResourceGroups');
+            const fullSubscriptionIds = config.get('selectedSubscriptions', []);
+            return fullSubscriptionIds.map(id => id.split('/')[1]);
+        });
+    }
+    /**
+     * Gets the tenants available to a user.
+     *
+     * @returns The list of tenants visible to the user.
+     */
+    getTenants() {
+        var _a, e_1, _b, _c;
+        return __awaiter(this, void 0, void 0, function* () {
+            const { client } = yield this.getSubscriptionClient();
+            const tenants = [];
+            try {
+                for (var _d = true, _e = __asyncValues(client.tenants.list()), _f; _f = yield _e.next(), _a = _f.done, !_a;) {
+                    _c = _f.value;
+                    _d = false;
+                    try {
+                        const tenant = _c;
+                        tenants.push(tenant);
+                    }
+                    finally {
+                        _d = true;
+                    }
+                }
+            }
+            catch (e_1_1) { e_1 = { error: e_1_1 }; }
+            finally {
+                try {
+                    if (!_d && !_a && (_b = _e.return)) yield _b.call(_e);
+                }
+                finally { if (e_1) throw e_1.error; }
+            }
+            return tenants;
+        });
+    }
+    /**
+     * Gets the subscriptions for a given tenant.
+     *
+     * @param tenantId The tenant ID to get subscriptions for.
+     *
+     * @returns The list of subscriptions for the tenant.
+     */
+    getSubscriptionsForTenant(tenantId) {
+        var _a, e_2, _b, _c;
+        return __awaiter(this, void 0, void 0, function* () {
+            const { client, credential, authentication } = yield this.getSubscriptionClient(tenantId);
+            const environment = (0, configuredAzureEnv_1.getConfiguredAzureEnv)();
+            const subscriptions = [];
+            try {
+                for (var _d = true, _e = __asyncValues(client.subscriptions.list()), _f; _f = yield _e.next(), _a = _f.done, !_a;) {
+                    _c = _f.value;
+                    _d = false;
+                    try {
+                        const subscription = _c;
+                        subscriptions.push({
+                            authentication: authentication,
+                            environment: environment,
+                            credential: credential,
+                            isCustomCloud: environment.isCustomCloud,
+                            /* eslint-disable @typescript-eslint/no-non-null-assertion */
+                            name: subscription.displayName,
+                            subscriptionId: subscription.subscriptionId,
+                            /* eslint-enable @typescript-eslint/no-non-null-assertion */
+                            tenantId: tenantId,
+                        });
+                    }
+                    finally {
+                        _d = true;
+                    }
+                }
+            }
+            catch (e_2_1) { e_2 = { error: e_2_1 }; }
+            finally {
+                try {
+                    if (!_d && !_a && (_b = _e.return)) yield _b.call(_e);
+                }
+                finally { if (e_2) throw e_2.error; }
+            }
+            return subscriptions;
+        });
+    }
+    /**
+     * Gets a fully-configured subscription client for a given tenant ID
+     *
+     * @param tenantId (Optional) The tenant ID to get a client for
+     *
+     * @returns A client, the credential used by the client, and the authentication function
+     */
+    getSubscriptionClient(tenantId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const armSubs = yield Promise.resolve().then(() => require('@azure/arm-subscriptions'));
+            // This gets filled in when the client calls `getToken`, and then it can be returned in the `authentication` property of `AzureSubscription`
+            let session;
+            const credential = {
+                getToken: (scopes) => __awaiter(this, void 0, void 0, function* () {
+                    // TODO: change to `getSessions` when that API is available: https://github.com/microsoft/vscode/issues/152399
+                    session = yield vscode.authentication.getSession((0, configuredAzureEnv_1.getConfiguredAuthProviderId)(), this.getScopes(scopes, tenantId), { createIfNone: false, silent: true });
+                    if (!session) {
+                        throw new NotSignedInError_1.NotSignedInError();
+                    }
+                    return {
+                        token: session.accessToken,
+                        expiresOnTimestamp: 0
+                    };
+                })
+            };
+            return {
+                client: new armSubs.SubscriptionClient(credential),
+                credential: credential,
+                authentication: {
+                    getSession: () => session // Rewrapped to make TS not confused about the weird initialization pattern
+                }
+            };
+        });
+    }
+    /**
+     * Gets a normalized list of scopes
+     *
+     * @param scopes An input scope string, list, or undefined
+     * @param tenantId (Optional) The tenant ID, will be added to the scopes
+     *
+     * @returns A list of scopes, with the default scope and (optionally) the tenant scope added
+     */
+    getScopes(scopes, tenantId) {
+        const scopeSet = new Set(this.getDefaultScopes());
+        if (typeof scopes === 'string') {
+            scopeSet.add(scopes);
+        }
+        else if (Array.isArray(scopes)) {
+            scopes.forEach(scope => scopeSet.add(scope));
+        }
+        if (tenantId) {
+            scopeSet.add(`VSCODE_TENANT:${tenantId}`);
+        }
+        return Array.from(scopeSet);
+    }
+    /**
+     * Gets the default Azure scopes required for resource management,
+     * depending on the configured endpoint
+     *
+     * @returns The default Azure scopes required
+     */
+    getDefaultScopes() {
+        return [`${(0, configuredAzureEnv_1.getConfiguredAzureEnv)().resourceManagerEndpointUrl}.default`];
+    }
+}
+exports.VSCodeAzureSubscriptionProvider = VSCodeAzureSubscriptionProvider;
+//# sourceMappingURL=VSCodeAzureSubscriptionProvider.js.map

package/out/src/index.d.ts

@@ -0,0 +1,6 @@
+export * from './AzureAuthentication';
+export * from './AzureSubscription';
+export * from './AzureSubscriptionProvider';
+export * from './NotSignedInError';
+export * from './utils/configuredAzureEnv';
+export * from './VSCodeAzureSubscriptionProvider';

package/out/src/index.js

@@ -0,0 +1,27 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./AzureAuthentication"), exports);
+__exportStar(require("./AzureSubscription"), exports);
+__exportStar(require("./AzureSubscriptionProvider"), exports);
+__exportStar(require("./NotSignedInError"), exports);
+__exportStar(require("./utils/configuredAzureEnv"), exports);
+__exportStar(require("./VSCodeAzureSubscriptionProvider"), exports);
+//# sourceMappingURL=index.js.map

package/out/src/utils/configuredAzureEnv.d.ts

@@ -0,0 +1,24 @@
+import * as azureEnv from '@azure/ms-rest-azure-env';
+import * as vscode from 'vscode';
+/**
+ * Gets the configured Azure environment.
+ *
+ * @returns The configured Azure environment from the `microsoft-sovereign-cloud.endpoint` setting.
+ */
+export declare function getConfiguredAzureEnv(): azureEnv.Environment & {
+    isCustomCloud: boolean;
+};
+/**
+ * Sets the configured Azure cloud.
+ *
+ * @param cloud Use `'AzureCloud'` for public Azure cloud, `'AzureChinaCloud'` for Azure China, or `'AzureUSGovernment'` for Azure US Government.
+ * These are the same values as the cloud names in `@azure/ms-rest-azure-env`. For a custom cloud, use an instance of the `@azure/ms-rest-azure-env` `EnvironmentParameters`.
+ *
+ * @param target (Optional) The configuration target to use, by default {@link vscode.ConfigurationTarget.Global}.
+ */
+export declare function setConfiguredAzureEnv(cloud: string | azureEnv.EnvironmentParameters, target?: vscode.ConfigurationTarget): Promise<void>;
+/**
+ * Gets the ID of the authentication provider configured to be used
+ * @returns The provider ID to use, either `'microsoft'` or `'microsoft-sovereign-cloud'`
+ */
+export declare function getConfiguredAuthProviderId(): string;

package/out/src/utils/configuredAzureEnv.js

@@ -0,0 +1,90 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getConfiguredAuthProviderId = exports.setConfiguredAzureEnv = exports.getConfiguredAzureEnv = void 0;
+const azureEnv = require("@azure/ms-rest-azure-env"); // This package is so small that it's not worth lazy loading
+const vscode = require("vscode");
+const AzureCloudName = azureEnv.Environment.AzureCloud.name;
+const AzureChinaCloudName = azureEnv.Environment.ChinaCloud.name;
+const AzureUSGovernmentCloudName = azureEnv.Environment.USGovernment.name;
+const CloudNameToEndpointSettingValue = {};
+CloudNameToEndpointSettingValue[AzureCloudName] = undefined;
+CloudNameToEndpointSettingValue[AzureChinaCloudName] = 'Azure China';
+CloudNameToEndpointSettingValue[AzureUSGovernmentCloudName] = 'Azure US Government';
+/**
+ * Gets the configured Azure environment.
+ *
+ * @returns The configured Azure environment from the `microsoft-sovereign-cloud.endpoint` setting.
+ */
+function getConfiguredAzureEnv() {
+    var _a;
+    const authProviderConfig = vscode.workspace.getConfiguration('microsoft-sovereign-cloud');
+    const endpointSettingValue = (_a = authProviderConfig.get('endpoint')) === null || _a === void 0 ? void 0 : _a.toLowerCase();
+    // The endpoint setting will accept either the environment name (either 'Azure China' or 'Azure US Government'),
+    // or an endpoint URL. Since the user could configure the same environment either way, we need to check both.
+    // We'll also throw to lowercase just to maximize the chance of success.
+    /* eslint-disable @typescript-eslint/no-non-null-assertion */
+    if (endpointSettingValue === CloudNameToEndpointSettingValue[AzureChinaCloudName].toLowerCase() || endpointSettingValue === azureEnv.Environment.ChinaCloud.activeDirectoryEndpointUrl.toLowerCase()) {
+        return Object.assign(Object.assign({}, azureEnv.Environment.get(azureEnv.Environment.ChinaCloud.name)), { isCustomCloud: false });
+    }
+    else if (endpointSettingValue === CloudNameToEndpointSettingValue[AzureUSGovernmentCloudName].toLowerCase() || endpointSettingValue === azureEnv.Environment.USGovernment.activeDirectoryEndpointUrl.toLowerCase()) {
+        return Object.assign(Object.assign({}, azureEnv.Environment.get(azureEnv.Environment.USGovernment.name)), { isCustomCloud: false });
+    }
+    else if (endpointSettingValue) {
+        const rgConfig = vscode.workspace.getConfiguration('azureResourceGroups');
+        const customCloud = rgConfig.get('customCloud'); // TODO: final setting name
+        if (customCloud) {
+            return Object.assign(Object.assign({}, new azureEnv.Environment(customCloud)), { isCustomCloud: true });
+        }
+        throw new Error(vscode.l10n.t('The custom cloud choice is not configured. Please configure the setting `azureResourceGroups.customCloud`.')); // TODO: final setting name
+    }
+    /* eslint-enable @typescript-eslint/no-non-null-assertion */
+    return Object.assign(Object.assign({}, azureEnv.Environment.get(azureEnv.Environment.AzureCloud.name)), { isCustomCloud: false });
+}
+exports.getConfiguredAzureEnv = getConfiguredAzureEnv;
+/**
+ * Sets the configured Azure cloud.
+ *
+ * @param cloud Use `'AzureCloud'` for public Azure cloud, `'AzureChinaCloud'` for Azure China, or `'AzureUSGovernment'` for Azure US Government.
+ * These are the same values as the cloud names in `@azure/ms-rest-azure-env`. For a custom cloud, use an instance of the `@azure/ms-rest-azure-env` `EnvironmentParameters`.
+ *
+ * @param target (Optional) The configuration target to use, by default {@link vscode.ConfigurationTarget.Global}.
+ */
+function setConfiguredAzureEnv(cloud, target = vscode.ConfigurationTarget.Global) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const authProviderConfig = vscode.workspace.getConfiguration('microsoft-sovereign-cloud');
+        if (typeof cloud === 'string' && cloud in CloudNameToEndpointSettingValue) {
+            yield authProviderConfig.update('endpoint', CloudNameToEndpointSettingValue[cloud], target);
+        }
+        else if (typeof cloud === 'object' && 'activeDirectoryEndpointUrl' in cloud) {
+            yield authProviderConfig.update('endpoint', cloud.activeDirectoryEndpointUrl, target);
+            const rgConfig = vscode.workspace.getConfiguration('azureResourceGroups');
+            yield rgConfig.update('customCloud', cloud, target); // TODO: final setting name
+        }
+        else {
+            throw new Error(`Invalid cloud value: ${JSON.stringify(cloud)}`);
+        }
+    });
+}
+exports.setConfiguredAzureEnv = setConfiguredAzureEnv;
+/**
+ * Gets the ID of the authentication provider configured to be used
+ * @returns The provider ID to use, either `'microsoft'` or `'microsoft-sovereign-cloud'`
+ */
+function getConfiguredAuthProviderId() {
+    return getConfiguredAzureEnv().name === AzureCloudName ? 'microsoft' : 'microsoft-sovereign-cloud';
+}
+exports.getConfiguredAuthProviderId = getConfiguredAuthProviderId;
+//# sourceMappingURL=configuredAzureEnv.js.map

package/package.json

@@ -0,0 +1,57 @@
+{
+    "name": "@microsoft/vscode-azext-azureauth",
+    "author": "Microsoft Corporation",
+    "version": "1.0.0",
+    "description": "Azure authentication helpers for Visual Studio Code",
+    "tags": [
+        "azure",
+        "vscode"
+    ],
+    "keywords": [
+        "azure",
+        "vscode"
+    ],
+    "main": "out/src/index.js",
+    "types": "out/src/index.d.ts",
+    "license": "MIT",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/Microsoft/vscode-azuretools"
+    },
+    "bugs": {
+        "url": "https://github.com/Microsoft/vscode-azuretools/issues"
+    },
+    "homepage": "https://github.com/Microsoft/vscode-azuretools/blob/main/auth/README.md",
+    "scripts": {
+        "build": "tsc -p ./",
+        "compile": "tsc -watch -p ./",
+        "lint": "eslint --ext .ts .",
+        "lint-fix": "eslint --ext .ts . --fix",
+        "test": "node ./out/test/runTest.js",
+        "package": "npm pack"
+    },
+    "devDependencies": {
+        "@azure/core-auth": "^1.4.0",
+        "@microsoft/eslint-config-azuretools": "^0.2.1",
+        "@types/glob": "^8.1.0",
+        "@types/html-to-text": "^8.1.0",
+        "@types/mocha": "^7.0.2",
+        "@types/node": "^16.0.0",
+        "@types/semver": "^7.3.9",
+        "@types/uuid": "^9.0.1",
+        "@types/vscode": "1.76.0",
+        "@typescript-eslint/eslint-plugin": "^5.53.0",
+        "@vscode/test-electron": "^2.1.5",
+        "eslint": "^8.34.0",
+        "eslint-plugin-import": "^2.22.1",
+        "glob": "^7.1.6",
+        "mocha": "^9.1.3",
+        "mocha-junit-reporter": "^2.0.2",
+        "mocha-multi-reporters": "^1.1.7",
+        "typescript": "^4.9.4"
+    },
+    "dependencies": {
+        "@azure/arm-subscriptions": "^5.1.0",
+        "@azure/ms-rest-azure-env": "^2.0.0"
+    }
+}