npm - @microsoft/vscode-azext-azureauth - Versions diffs - 4.2.2 → 5.0.0 - Mend

@microsoft/vscode-azext-azureauth 4.2.2 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/{out → dist/cjs}/src/AzureAuthentication.d.ts RENAMED Viewed

@@ -13,9 +13,9 @@ export interface AzureAuthentication {
     /**
      * Gets a VS Code authentication session for an Azure subscription.
      *
-     * @param scopes - The scopes for which the authentication is needed.
+     * @param scopeListOrRequest - The scopes or request for which the authentication is needed.
      *
      * @returns A VS Code authentication session or undefined, if none could be obtained.
      */
-    getSessionWithScopes(scopes: string[] | vscode.AuthenticationWwwAuthenticateRequest): vscode.ProviderResult<vscode.AuthenticationSession>;
+    getSessionWithScopes(scopeListOrRequest: string[] | vscode.AuthenticationWwwAuthenticateRequest): vscode.ProviderResult<vscode.AuthenticationSession>;
 }

package/dist/cjs/src/AzureDevOpsSubscriptionProvider.js ADDED Viewed

@@ -0,0 +1,216 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AzureDevOpsSubscriptionProvider = void 0;
+exports.createAzureDevOpsSubscriptionProviderFactory = createAzureDevOpsSubscriptionProviderFactory;
+const vscode_1 = require("vscode");
+const configuredAzureEnv_1 = require("./utils/configuredAzureEnv");
+let azureDevOpsSubscriptionProvider;
+function createAzureDevOpsSubscriptionProviderFactory(initializer) {
+    return async () => {
+        azureDevOpsSubscriptionProvider ??= new AzureDevOpsSubscriptionProvider(initializer);
+        return azureDevOpsSubscriptionProvider;
+    };
+}
+/**
+ * AzureSubscriptionProvider implemented to authenticate via federated DevOps service connection, using workflow identity federation
+ * To learn how to configure your DevOps environment to use this provider, refer to the README.md
+ * NOTE: This provider is only available when running in an Azure DevOps pipeline
+ * Reference: https://learn.microsoft.com/en-us/entra/workload-id/workload-identity-federation
+ */
+class AzureDevOpsSubscriptionProvider {
+    _tokenCredential;
+    /**
+    * The resource ID of the Azure DevOps federated service connection,
+    *   which can be found on the `resourceId` field of the URL at the address bar
+    *   when viewing the service connection in the Azure DevOps portal
+    */
+    _SERVICE_CONNECTION_ID;
+    /**
+    * The `Tenant ID` field of the service connection properties
+    */
+    _DOMAIN;
+    /**
+    * The `Service Principal Id` field of the service connection properties
+    */
+    _CLIENT_ID;
+    constructor({ serviceConnectionId, domain, clientId }) {
+        if (!serviceConnectionId || !domain || !clientId) {
+            throw new Error(`Missing initializer values to identify Azure DevOps federated service connection\n
+                Values provided:\n
+                serviceConnectionId: ${serviceConnectionId ? "✅" : "❌"}\n
+                domain: ${domain ? "✅" : "❌"}\n
+                clientId: ${clientId ? "✅" : "❌"}\n
+            `);
+        }
+        this._SERVICE_CONNECTION_ID = serviceConnectionId;
+        this._DOMAIN = domain;
+        this._CLIENT_ID = clientId;
+    }
+    async getSubscriptions(_filter) {
+        // ignore the filter setting because not every consumer of this provider will use the Resources extension
+        const results = [];
+        for (const tenant of await this.getTenants()) {
+            // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+            const tenantId = tenant.tenantId;
+            results.push(...await this.getSubscriptionsForTenant(tenantId));
+        }
+        const sortSubscriptions = (subscriptions) => subscriptions.sort((a, b) => a.name.localeCompare(b.name));
+        return sortSubscriptions(results);
+    }
+    async isSignedIn() {
+        return !!this._tokenCredential;
+    }
+    async signIn() {
+        this._tokenCredential = await getTokenCredential(this._SERVICE_CONNECTION_ID, this._DOMAIN, this._CLIENT_ID);
+        return !!this._tokenCredential;
+    }
+    async signOut() {
+        this._tokenCredential = undefined;
+    }
+    async getTenants() {
+        return [{
+                tenantId: this._tokenCredential?.tenantId,
+                account: {
+                    id: "test-account-id",
+                    label: "test-account",
+                }
+            }];
+    }
+    /**
+     * Gets the subscriptions for a given tenant.
+     *
+     * @param tenantId The tenant ID to get subscriptions for.
+     *
+     * @returns The list of subscriptions for the tenant.
+     */
+    async getSubscriptionsForTenant(tenantId) {
+        const { client, credential, authentication } = await this.getSubscriptionClient(tenantId);
+        const environment = (0, configuredAzureEnv_1.getConfiguredAzureEnv)();
+        const subscriptions = [];
+        for await (const subscription of client.subscriptions.list()) {
+            subscriptions.push({
+                authentication,
+                environment: environment,
+                credential: credential,
+                isCustomCloud: environment.isCustomCloud,
+                /* eslint-disable @typescript-eslint/no-non-null-assertion */
+                name: subscription.displayName,
+                subscriptionId: subscription.subscriptionId,
+                /* eslint-enable @typescript-eslint/no-non-null-assertion */
+                tenantId,
+                account: {
+                    id: "test-account-id",
+                    label: "test-account",
+                },
+            });
+        }
+        return subscriptions;
+    }
+    /**
+     * Gets a fully-configured subscription client for a given tenant ID
+     *
+     * @param tenantId (Optional) The tenant ID to get a client for
+     *
+     * @returns A client, the credential used by the client, and the authentication function
+     */
+    async getSubscriptionClient(_tenantId, scopes) {
+        const armSubs = await import('@azure/arm-resources-subscriptions');
+        if (!this._tokenCredential) {
+            throw new Error('Not signed in');
+        }
+        const accessToken = (await this._tokenCredential?.getToken("https://management.azure.com/.default"))?.token || '';
+        const getSession = () => {
+            return {
+                accessToken,
+                id: this._tokenCredential?.tenantId || '',
+                account: {
+                    id: this._tokenCredential?.tenantId || '',
+                    label: this._tokenCredential?.tenantId || '',
+                },
+                tenantId: this._tokenCredential?.tenantId || '',
+                scopes: scopes || [],
+            };
+        };
+        return {
+            client: new armSubs.SubscriptionClient(this._tokenCredential),
+            credential: this._tokenCredential,
+            authentication: {
+                getSession,
+                getSessionWithScopes: getSession,
+            }
+        };
+    }
+    onDidSignIn = () => { return new vscode_1.Disposable(() => { }); };
+    onDidSignOut = () => { return new vscode_1.Disposable(() => { }); };
+}
+exports.AzureDevOpsSubscriptionProvider = AzureDevOpsSubscriptionProvider;
+/*
+* @param serviceConnectionId The resource ID of the Azure DevOps federated service connection,
+*   which can be found on the `resourceId` field of the URL at the address bar when viewing the service connection in the Azure DevOps portal
+* @param domain The `Tenant ID` field of the service connection properties
+* @param clientId The `Service Principal Id` field of the service connection properties
+*/
+async function getTokenCredential(serviceConnectionId, domain, clientId) {
+    if (!process.env.AGENT_BUILDDIRECTORY) {
+        // Assume that AGENT_BUILDDIRECTORY is set if running in an Azure DevOps pipeline.
+        // So when not running in an Azure DevOps pipeline, throw an error since we cannot use the DevOps federated service connection credential.
+        throw new Error(`Cannot create DevOps federated service connection credential outside of an Azure DevOps pipeline.`);
+    }
+    else {
+        console.log(`Creating DevOps federated service connection credential for service connection..`);
+        // Pre-defined DevOps variable reference: https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops
+        const systemAccessToken = process.env.SYSTEM_ACCESSTOKEN;
+        const teamFoundationCollectionUri = process.env.SYSTEM_TEAMFOUNDATIONCOLLECTIONURI;
+        const teamProjectId = process.env.SYSTEM_TEAMPROJECTID;
+        const planId = process.env.SYSTEM_PLANID;
+        const jobId = process.env.SYSTEM_JOBID;
+        if (!systemAccessToken || !teamFoundationCollectionUri || !teamProjectId || !planId || !jobId) {
+            throw new Error(`Azure DevOps environment variables are not set.\n
+            process.env.SYSTEM_ACCESSTOKEN: ${process.env.SYSTEM_ACCESSTOKEN ? "✅" : "❌"}\n
+            process.env.SYSTEM_TEAMFOUNDATIONCOLLECTIONURI: ${process.env.SYSTEM_TEAMFOUNDATIONCOLLECTIONURI ? "✅" : "❌"}\n
+            process.env.SYSTEM_TEAMPROJECTID: ${process.env.SYSTEM_TEAMPROJECTID ? "✅" : "❌"}\n
+            process.env.SYSTEM_PLANID: ${process.env.SYSTEM_PLANID ? "✅" : "❌"}\n
+            process.env.SYSTEM_JOBID: ${process.env.SYSTEM_JOBID ? "✅" : "❌"}\n
+            REMEMBER: process.env.SYSTEM_ACCESSTOKEN must be explicitly mapped!\n
+            https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#systemaccesstoken
+        `);
+        }
+        const oidcRequestUrl = `${teamFoundationCollectionUri}${teamProjectId}/_apis/distributedtask/hubs/build/plans/${planId}/jobs/${jobId}/oidctoken?api-version=7.1-preview.1&serviceConnectionId=${serviceConnectionId}`;
+        const { ClientAssertionCredential } = await import("@azure/identity");
+        return new ClientAssertionCredential(domain, clientId, async () => await requestOidcToken(oidcRequestUrl, systemAccessToken));
+    }
+}
+/**
+ * API reference: https://learn.microsoft.com/en-us/rest/api/azure/devops/distributedtask/oidctoken/create
+ */
+async function requestOidcToken(oidcRequestUrl, systemAccessToken) {
+    const { ServiceClient } = await import('@azure/core-client');
+    const { createHttpHeaders, createPipelineRequest } = await import('@azure/core-rest-pipeline');
+    const genericClient = new ServiceClient();
+    const request = createPipelineRequest({
+        url: oidcRequestUrl,
+        method: "POST",
+        headers: createHttpHeaders({
+            "Content-Type": "application/json",
+            "Authorization": `Bearer ${systemAccessToken}`
+        })
+    });
+    const response = await genericClient.sendRequest(request);
+    const body = response.bodyAsText?.toString() || "";
+    if (response.status !== 200) {
+        throw new Error(`Failed to get OIDC token:\n
+            Response status: ${response.status}\n
+            Response body: ${body}\n
+            Response headers: ${JSON.stringify(response.headers.toJSON())}
+        `);
+    }
+    else {
+        console.log(`Successfully got OIDC token with status ${response.status}`);
+    }
+    return JSON.parse(body).oidcToken;
+}
+//# sourceMappingURL=AzureDevOpsSubscriptionProvider.js.map

package/dist/cjs/src/NotSignedInError.js ADDED Viewed

@@ -0,0 +1,63 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NotSignedInError = void 0;
+exports.isNotSignedInError = isNotSignedInError;
+const vscode = __importStar(require("vscode"));
+/**
+ * An error indicating the user is not signed in.
+ */
+class NotSignedInError extends Error {
+    isNotSignedInError = true;
+    constructor() {
+        super(vscode.l10n.t('You are not signed in to an Azure account. Please sign in.'));
+    }
+}
+exports.NotSignedInError = NotSignedInError;
+/**
+ * Tests if an object is a `NotSignedInError`. This should be used instead of `instanceof`.
+ *
+ * @param error The object to test
+ *
+ * @returns True if the object is a NotSignedInError, false otherwise
+ */
+function isNotSignedInError(error) {
+    return !!error && typeof error === 'object' && error.isNotSignedInError === true;
+}
+//# sourceMappingURL=NotSignedInError.js.map

package/dist/cjs/src/VSCodeAzureSubscriptionProvider.js ADDED Viewed

@@ -0,0 +1,342 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VSCodeAzureSubscriptionProvider = void 0;
+const vscode = __importStar(require("vscode"));
+const getSessionFromVSCode_1 = require("./getSessionFromVSCode");
+const NotSignedInError_1 = require("./NotSignedInError");
+const configuredAzureEnv_1 = require("./utils/configuredAzureEnv");
+const isAuthenticationWwwAuthenticateRequest_1 = require("./utils/isAuthenticationWwwAuthenticateRequest");
+const EventDebounce = 5 * 1000; // 5 seconds
+/**
+ * A class for obtaining Azure subscription information using VSCode's built-in authentication
+ * provider.
+ */
+class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
+    logger;
+    onDidSignInEmitter = new vscode.EventEmitter();
+    lastSignInEventFired = 0;
+    suppressSignInEvents = false;
+    onDidSignOutEmitter = new vscode.EventEmitter();
+    lastSignOutEventFired = 0;
+    // So that customers can easily share logs, try to only log PII using trace level
+    constructor(logger) {
+        const disposable = vscode.authentication.onDidChangeSessions(async (e) => {
+            // Ignore any sign in that isn't for the configured auth provider
+            if (e.provider.id !== (0, configuredAzureEnv_1.getConfiguredAuthProviderId)()) {
+                return;
+            }
+            if (await this.isSignedIn()) {
+                if (!this.suppressSignInEvents && Date.now() > this.lastSignInEventFired + EventDebounce) {
+                    this.lastSignInEventFired = Date.now();
+                    this.onDidSignInEmitter.fire();
+                }
+            }
+            else if (Date.now() > this.lastSignOutEventFired + EventDebounce) {
+                this.lastSignOutEventFired = Date.now();
+                this.onDidSignOutEmitter.fire();
+            }
+        });
+        super(() => {
+            this.onDidSignInEmitter.dispose();
+            this.onDidSignOutEmitter.dispose();
+            disposable.dispose();
+        });
+        this.logger = logger;
+    }
+    /**
+     * Gets a list of tenants available to the user.
+     * Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
+     *
+     * @param account (Optional) A specific account to get tenants for. If not provided, all accounts will be used.
+     *
+     * @returns A list of tenants.
+     */
+    async getTenants(account) {
+        const startTimeMs = Date.now();
+        const results = [];
+        for await (account of account ? [account] : await vscode.authentication.getAccounts((0, configuredAzureEnv_1.getConfiguredAuthProviderId)())) {
+            // Added check. Without this the getSubscriptionClient function throws the NotSignedInError
+            if (await this.isSignedIn(undefined, account)) {
+                const { client } = await this.getSubscriptionClient(account, undefined, undefined);
+                for await (const tenant of client.tenants.list()) {
+                    results.push({ ...tenant, account });
+                }
+            }
+        }
+        const endTimeMs = Date.now();
+        this.logger?.debug(`auth: Got ${results.length} tenants for account "${account?.label}" in ${endTimeMs - startTimeMs}ms`);
+        return results;
+    }
+    /**
+     * Gets a list of Azure subscriptions available to the user.
+     *
+     * @param filter - Whether to filter the list returned. When:
+     * - `true`: according to the list returned by `getTenantFilters()` and `getSubscriptionFilters()`.
+     * - `false`: return all subscriptions.
+     * - `GetSubscriptionsFilter`: according to the values in the filter.
+     *
+     * Optional, default true.
+     *
+     * @returns A list of Azure subscriptions. The list is sorted by subscription name.
+     * The list can contain duplicate subscriptions if they come from different accounts.
+     *
+     * @throws A {@link NotSignedInError} If the user is not signed in to Azure.
+     * Use {@link isSignedIn} and/or {@link signIn} before this method to ensure
+     * the user is signed in.
+     */
+    async getSubscriptions(filter = true) {
+        this.logger?.debug('auth: Loading subscriptions...');
+        const startTime = Date.now();
+        const configuredTenantFilter = await this.getTenantFilters();
+        const tenantIdsToFilterBy =
+        // Only filter by the tenant ID option if it is provided
+        (typeof filter === 'object' && filter.tenantId ? [filter.tenantId] :
+            // Only filter by the configured filter if `filter` is true AND there are tenants in the configured filter
+            filter === true && configuredTenantFilter.length > 0 ? configuredTenantFilter :
+                undefined);
+        const allSubscriptions = [];
+        let accountCount; // only used for logging
+        try {
+            this.suppressSignInEvents = true;
+            // Get the list of tenants from each account (filtered or all)
+            const accounts = typeof filter === 'object' && filter.account ? [filter.account] : await vscode.authentication.getAccounts((0, configuredAzureEnv_1.getConfiguredAuthProviderId)());
+            accountCount = accounts.length;
+            for (const account of accounts) {
+                for (const tenant of await this.getTenants(account)) {
+                    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+                    const tenantId = tenant.tenantId;
+                    if (tenantIdsToFilterBy?.includes(tenantId) === false) {
+                        continue;
+                    }
+                    // For each tenant, get the list of subscriptions
+                    allSubscriptions.push(...await this.getSubscriptionsForTenant(account, tenantId));
+                }
+                // list subscriptions for the home tenant
+                allSubscriptions.push(...await this.getSubscriptionsForTenant(account));
+            }
+        }
+        finally {
+            this.suppressSignInEvents = false;
+        }
+        // It's possible that by listing subscriptions in all tenants and the "home" tenant there could be duplicate subscriptions
+        // Thus, we remove duplicate subscriptions. However, if multiple accounts have the same subscription, we keep them.
+        const subscriptionMap = new Map();
+        allSubscriptions.forEach(sub => subscriptionMap.set(`${sub.account.id}/${sub.subscriptionId}`, sub));
+        const uniqueSubscriptions = Array.from(subscriptionMap.values());
+        const endTime = Date.now();
+        this.logger?.debug(`auth: Got ${uniqueSubscriptions.length} subscriptions from ${accountCount} accounts in ${endTime - startTime}ms`);
+        const sortSubscriptions = (subscriptions) => subscriptions.sort((a, b) => a.name.localeCompare(b.name));
+        const subscriptionIds = await this.getSubscriptionFilters();
+        if (filter === true && !!subscriptionIds.length) { // If the list is empty it is treated as "no filter"
+            return sortSubscriptions(uniqueSubscriptions.filter(sub => subscriptionIds.includes(sub.subscriptionId)));
+        }
+        return sortSubscriptions(uniqueSubscriptions);
+    }
+    /**
+     * Checks to see if a user is signed in.
+     *
+     * @param tenantId (Optional) Provide to check if a user is signed in to a specific tenant.
+     * @param account (Optional) Provide to check if a user is signed in to a specific account.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     *
+     * If no tenant or account is provided, then
+     * checks all accounts for a session.
+     */
+    async isSignedIn(tenantId, account) {
+        async function silentlyCheckForSession(tenantId, account) {
+            return !!await (0, getSessionFromVSCode_1.getSessionFromVSCode)([], tenantId, { createIfNone: false, silent: true, account });
+        }
+        const innerIsSignedIn = async () => {
+            // If no tenant or account is provided, then check all accounts for a session
+            if (!account && !tenantId) {
+                const accounts = await vscode.authentication.getAccounts((0, configuredAzureEnv_1.getConfiguredAuthProviderId)());
+                if (accounts.length === 0) {
+                    return false;
+                }
+                for (const account of accounts) {
+                    if (await silentlyCheckForSession(tenantId, account)) {
+                        // If any account has a session, then return true because the user is signed in
+                        return true;
+                    }
+                }
+            }
+            return silentlyCheckForSession(tenantId, account);
+        };
+        const result = await innerIsSignedIn();
+        this.logger?.trace(`auth: isSignedIn returned ${result} (account="${account?.label ?? 'none'}") (tenantId="${tenantId ?? 'none'}")`);
+        return result;
+    }
+    /**
+     * Asks the user to sign in or pick an account to use.
+     *
+     * @param tenantId (Optional) Provide to sign in to a specific tenant.
+     * @param account (Optional) Provide to sign in to a specific account.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     */
+    async signIn(tenantId, account) {
+        this.logger?.debug(`auth: Signing in (account="${account?.label ?? 'none'}") (tenantId="${tenantId ?? 'none'}")`);
+        const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)([], tenantId, {
+            createIfNone: true,
+            // If no account is provided, then clear the session preference which tells VS Code to show the account picker
+            clearSessionPreference: !account,
+            account,
+        });
+        return !!session;
+    }
+    /**
+     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
+     */
+    onDidSignIn = this.onDidSignInEmitter.event;
+    /**
+     * Signs the user out
+     *
+     * @deprecated Not currently supported by VS Code auth providers
+     */
+    signOut() {
+        throw new Error(vscode.l10n.t('Signing out programmatically is not supported. You must sign out by selecting the account in the Accounts menu and choosing Sign Out.'));
+    }
+    /**
+     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
+     */
+    onDidSignOut = this.onDidSignOutEmitter.event;
+    /**
+     * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
+     * and/or `getTenantFilters()` overridden.
+     *
+     * If no values are returned by `getTenantFilters()`, then all tenants will be scanned for subscriptions.
+     *
+     * @returns A list of tenant IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    async getTenantFilters() {
+        const config = vscode.workspace.getConfiguration('azureResourceGroups');
+        const fullSubscriptionIds = config.get('selectedSubscriptions', []);
+        return fullSubscriptionIds.map(id => id.split('/')[0]);
+    }
+    /**
+     * Gets the subscription filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
+     * and/or `getTenantFilters()` overridden.
+     *
+     * If no values are returned by `getSubscriptionFilters()`, then all subscriptions will be returned.
+     *
+     * @returns A list of subscription IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    async getSubscriptionFilters() {
+        const config = vscode.workspace.getConfiguration('azureResourceGroups');
+        const fullSubscriptionIds = config.get('selectedSubscriptions', []);
+        return fullSubscriptionIds.map(id => id.split('/')[1]);
+    }
+    /**
+     * Gets the subscriptions for a given tenant.
+     *
+     * @param tenantId The tenant ID to get subscriptions for.
+     * @param account The account to get the subscriptions for.
+     *
+     * @returns The list of subscriptions for the tenant.
+     */
+    async getSubscriptionsForTenant(account, tenantId) {
+        // If the user is not signed in to this tenant or account, then return an empty list
+        // This is to prevent the NotSignedInError from being thrown in getSubscriptionClient
+        if (!await this.isSignedIn(tenantId, account)) {
+            return [];
+        }
+        const { client, credential, authentication } = await this.getSubscriptionClient(account, tenantId, undefined);
+        const environment = (0, configuredAzureEnv_1.getConfiguredAzureEnv)();
+        const subscriptions = [];
+        for await (const subscription of client.subscriptions.list()) {
+            subscriptions.push({
+                authentication: authentication,
+                environment: environment,
+                credential: credential,
+                isCustomCloud: environment.isCustomCloud,
+                /* eslint-disable @typescript-eslint/no-non-null-assertion */
+                name: subscription.displayName,
+                subscriptionId: subscription.subscriptionId,
+                tenantId: tenantId ?? subscription.tenantId,
+                /* eslint-enable @typescript-eslint/no-non-null-assertion */
+                account: account
+            });
+        }
+        return subscriptions;
+    }
+    /**
+     * Gets a fully-configured subscription client for a given tenant ID
+     *
+     * @param tenantId (Optional) The tenant ID to get a client for
+     * @param account The account that you would like to get the session for
+     *
+     * @returns A client, the credential used by the client, and the authentication function
+     */
+    async getSubscriptionClient(account, tenantId, scopes) {
+        const armSubs = await import('@azure/arm-resources-subscriptions');
+        const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)(scopes, tenantId, { createIfNone: false, silent: true, account });
+        if (!session) {
+            throw new NotSignedInError_1.NotSignedInError();
+        }
+        const credential = {
+            getToken: async () => {
+                return {
+                    token: session.accessToken,
+                    expiresOnTimestamp: 0
+                };
+            }
+        };
+        const configuredAzureEnv = (0, configuredAzureEnv_1.getConfiguredAzureEnv)();
+        const endpoint = configuredAzureEnv.resourceManagerEndpointUrl;
+        return {
+            client: new armSubs.SubscriptionClient(credential, { endpoint }),
+            credential: credential,
+            authentication: {
+                getSession: () => session,
+                getSessionWithScopes: (scopeListOrRequest) => {
+                    // in order to handle a challenge, we must enable createIfNone so
+                    // that we can prompt the user to step-up their session with MFA
+                    // otherwise, never prompt the user
+                    return (0, getSessionFromVSCode_1.getSessionFromVSCode)(scopeListOrRequest, tenantId, { ...((0, isAuthenticationWwwAuthenticateRequest_1.isAuthenticationWwwAuthenticateRequest)(scopeListOrRequest) ? { createIfNone: true } : { silent: true }), account });
+                },
+            }
+        };
+    }
+}
+exports.VSCodeAzureSubscriptionProvider = VSCodeAzureSubscriptionProvider;
+//# sourceMappingURL=VSCodeAzureSubscriptionProvider.js.map

package/{out → dist/cjs}/src/getSessionFromVSCode.d.ts RENAMED Viewed

@@ -4,10 +4,10 @@ import * as vscode from "vscode";
  * * Passing the configured auth provider id
  * * Getting the list of scopes, adding the tenant id to the scope list if needed
  *
- * @param scopes - top-level resource scopes (e.g. http://management.azure.com, http://storage.azure.com) or .default scopes. All resources/scopes will be normalized to the `.default` scope for each resource.
- * Use `vscode.AuthenticationWwwAuthenticateRequest` if you need to pass in a challenge (WWW-Authenticate header). Note: Use of `vscode.AuthenticationWwwAuthenticateRequest` requires VS Code 1.104 or newer.
+ * @param scopeOrListOrRequest - top-level resource scopes (e.g. http://management.azure.com, http://storage.azure.com) or .default scopes. All resources/scopes will be normalized to the `.default` scope for each resource.
+ * Use `vscode.AuthenticationWwwAuthenticateRequest` if you need to pass in a challenge (WWW-Authenticate header). Note: Use of `vscode.AuthenticationWwwAuthenticateRequest` requires VS Code 1.105.0 or newer.
  * @param tenantId - (Optional) The tenant ID, will be added to the scopes
  * @param options - see {@link vscode.AuthenticationGetSessionOptions}
  * @returns An authentication session if available, or undefined if there are no sessions
  */
-export declare function getSessionFromVSCode(scopes?: string | string[] | vscode.AuthenticationWwwAuthenticateRequest, tenantId?: string, options?: vscode.AuthenticationGetSessionOptions): Promise<vscode.AuthenticationSession | undefined>;
+export declare function getSessionFromVSCode(scopeOrListOrRequest?: string | string[] | vscode.AuthenticationWwwAuthenticateRequest, tenantId?: string, options?: vscode.AuthenticationGetSessionOptions): Promise<vscode.AuthenticationSession | undefined>;