npm - @microsoft/vscode-azext-azureauth - Versions diffs - 4.2.2 → 5.0.0 - Mend

@microsoft/vscode-azext-azureauth 4.2.2 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/dist/esm/src/VSCodeAzureSubscriptionProvider.js ADDED Viewed

@@ -0,0 +1,305 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+import * as vscode from 'vscode';
+import { getSessionFromVSCode } from './getSessionFromVSCode';
+import { NotSignedInError } from './NotSignedInError';
+import { getConfiguredAuthProviderId, getConfiguredAzureEnv } from './utils/configuredAzureEnv';
+import { isAuthenticationWwwAuthenticateRequest } from './utils/isAuthenticationWwwAuthenticateRequest';
+const EventDebounce = 5 * 1000; // 5 seconds
+/**
+ * A class for obtaining Azure subscription information using VSCode's built-in authentication
+ * provider.
+ */
+export class VSCodeAzureSubscriptionProvider extends vscode.Disposable {
+    logger;
+    onDidSignInEmitter = new vscode.EventEmitter();
+    lastSignInEventFired = 0;
+    suppressSignInEvents = false;
+    onDidSignOutEmitter = new vscode.EventEmitter();
+    lastSignOutEventFired = 0;
+    // So that customers can easily share logs, try to only log PII using trace level
+    constructor(logger) {
+        const disposable = vscode.authentication.onDidChangeSessions(async (e) => {
+            // Ignore any sign in that isn't for the configured auth provider
+            if (e.provider.id !== getConfiguredAuthProviderId()) {
+                return;
+            }
+            if (await this.isSignedIn()) {
+                if (!this.suppressSignInEvents && Date.now() > this.lastSignInEventFired + EventDebounce) {
+                    this.lastSignInEventFired = Date.now();
+                    this.onDidSignInEmitter.fire();
+                }
+            }
+            else if (Date.now() > this.lastSignOutEventFired + EventDebounce) {
+                this.lastSignOutEventFired = Date.now();
+                this.onDidSignOutEmitter.fire();
+            }
+        });
+        super(() => {
+            this.onDidSignInEmitter.dispose();
+            this.onDidSignOutEmitter.dispose();
+            disposable.dispose();
+        });
+        this.logger = logger;
+    }
+    /**
+     * Gets a list of tenants available to the user.
+     * Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
+     *
+     * @param account (Optional) A specific account to get tenants for. If not provided, all accounts will be used.
+     *
+     * @returns A list of tenants.
+     */
+    async getTenants(account) {
+        const startTimeMs = Date.now();
+        const results = [];
+        for await (account of account ? [account] : await vscode.authentication.getAccounts(getConfiguredAuthProviderId())) {
+            // Added check. Without this the getSubscriptionClient function throws the NotSignedInError
+            if (await this.isSignedIn(undefined, account)) {
+                const { client } = await this.getSubscriptionClient(account, undefined, undefined);
+                for await (const tenant of client.tenants.list()) {
+                    results.push({ ...tenant, account });
+                }
+            }
+        }
+        const endTimeMs = Date.now();
+        this.logger?.debug(`auth: Got ${results.length} tenants for account "${account?.label}" in ${endTimeMs - startTimeMs}ms`);
+        return results;
+    }
+    /**
+     * Gets a list of Azure subscriptions available to the user.
+     *
+     * @param filter - Whether to filter the list returned. When:
+     * - `true`: according to the list returned by `getTenantFilters()` and `getSubscriptionFilters()`.
+     * - `false`: return all subscriptions.
+     * - `GetSubscriptionsFilter`: according to the values in the filter.
+     *
+     * Optional, default true.
+     *
+     * @returns A list of Azure subscriptions. The list is sorted by subscription name.
+     * The list can contain duplicate subscriptions if they come from different accounts.
+     *
+     * @throws A {@link NotSignedInError} If the user is not signed in to Azure.
+     * Use {@link isSignedIn} and/or {@link signIn} before this method to ensure
+     * the user is signed in.
+     */
+    async getSubscriptions(filter = true) {
+        this.logger?.debug('auth: Loading subscriptions...');
+        const startTime = Date.now();
+        const configuredTenantFilter = await this.getTenantFilters();
+        const tenantIdsToFilterBy =
+        // Only filter by the tenant ID option if it is provided
+        (typeof filter === 'object' && filter.tenantId ? [filter.tenantId] :
+            // Only filter by the configured filter if `filter` is true AND there are tenants in the configured filter
+            filter === true && configuredTenantFilter.length > 0 ? configuredTenantFilter :
+                undefined);
+        const allSubscriptions = [];
+        let accountCount; // only used for logging
+        try {
+            this.suppressSignInEvents = true;
+            // Get the list of tenants from each account (filtered or all)
+            const accounts = typeof filter === 'object' && filter.account ? [filter.account] : await vscode.authentication.getAccounts(getConfiguredAuthProviderId());
+            accountCount = accounts.length;
+            for (const account of accounts) {
+                for (const tenant of await this.getTenants(account)) {
+                    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+                    const tenantId = tenant.tenantId;
+                    if (tenantIdsToFilterBy?.includes(tenantId) === false) {
+                        continue;
+                    }
+                    // For each tenant, get the list of subscriptions
+                    allSubscriptions.push(...await this.getSubscriptionsForTenant(account, tenantId));
+                }
+                // list subscriptions for the home tenant
+                allSubscriptions.push(...await this.getSubscriptionsForTenant(account));
+            }
+        }
+        finally {
+            this.suppressSignInEvents = false;
+        }
+        // It's possible that by listing subscriptions in all tenants and the "home" tenant there could be duplicate subscriptions
+        // Thus, we remove duplicate subscriptions. However, if multiple accounts have the same subscription, we keep them.
+        const subscriptionMap = new Map();
+        allSubscriptions.forEach(sub => subscriptionMap.set(`${sub.account.id}/${sub.subscriptionId}`, sub));
+        const uniqueSubscriptions = Array.from(subscriptionMap.values());
+        const endTime = Date.now();
+        this.logger?.debug(`auth: Got ${uniqueSubscriptions.length} subscriptions from ${accountCount} accounts in ${endTime - startTime}ms`);
+        const sortSubscriptions = (subscriptions) => subscriptions.sort((a, b) => a.name.localeCompare(b.name));
+        const subscriptionIds = await this.getSubscriptionFilters();
+        if (filter === true && !!subscriptionIds.length) { // If the list is empty it is treated as "no filter"
+            return sortSubscriptions(uniqueSubscriptions.filter(sub => subscriptionIds.includes(sub.subscriptionId)));
+        }
+        return sortSubscriptions(uniqueSubscriptions);
+    }
+    /**
+     * Checks to see if a user is signed in.
+     *
+     * @param tenantId (Optional) Provide to check if a user is signed in to a specific tenant.
+     * @param account (Optional) Provide to check if a user is signed in to a specific account.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     *
+     * If no tenant or account is provided, then
+     * checks all accounts for a session.
+     */
+    async isSignedIn(tenantId, account) {
+        async function silentlyCheckForSession(tenantId, account) {
+            return !!await getSessionFromVSCode([], tenantId, { createIfNone: false, silent: true, account });
+        }
+        const innerIsSignedIn = async () => {
+            // If no tenant or account is provided, then check all accounts for a session
+            if (!account && !tenantId) {
+                const accounts = await vscode.authentication.getAccounts(getConfiguredAuthProviderId());
+                if (accounts.length === 0) {
+                    return false;
+                }
+                for (const account of accounts) {
+                    if (await silentlyCheckForSession(tenantId, account)) {
+                        // If any account has a session, then return true because the user is signed in
+                        return true;
+                    }
+                }
+            }
+            return silentlyCheckForSession(tenantId, account);
+        };
+        const result = await innerIsSignedIn();
+        this.logger?.trace(`auth: isSignedIn returned ${result} (account="${account?.label ?? 'none'}") (tenantId="${tenantId ?? 'none'}")`);
+        return result;
+    }
+    /**
+     * Asks the user to sign in or pick an account to use.
+     *
+     * @param tenantId (Optional) Provide to sign in to a specific tenant.
+     * @param account (Optional) Provide to sign in to a specific account.
+     *
+     * @returns True if the user is signed in, false otherwise.
+     */
+    async signIn(tenantId, account) {
+        this.logger?.debug(`auth: Signing in (account="${account?.label ?? 'none'}") (tenantId="${tenantId ?? 'none'}")`);
+        const session = await getSessionFromVSCode([], tenantId, {
+            createIfNone: true,
+            // If no account is provided, then clear the session preference which tells VS Code to show the account picker
+            clearSessionPreference: !account,
+            account,
+        });
+        return !!session;
+    }
+    /**
+     * An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
+     */
+    onDidSignIn = this.onDidSignInEmitter.event;
+    /**
+     * Signs the user out
+     *
+     * @deprecated Not currently supported by VS Code auth providers
+     */
+    signOut() {
+        throw new Error(vscode.l10n.t('Signing out programmatically is not supported. You must sign out by selecting the account in the Accounts menu and choosing Sign Out.'));
+    }
+    /**
+     * An event that is fired when the user signs out. Debounced to fire at most once every 5 seconds.
+     */
+    onDidSignOut = this.onDidSignOutEmitter.event;
+    /**
+     * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
+     * and/or `getTenantFilters()` overridden.
+     *
+     * If no values are returned by `getTenantFilters()`, then all tenants will be scanned for subscriptions.
+     *
+     * @returns A list of tenant IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    async getTenantFilters() {
+        const config = vscode.workspace.getConfiguration('azureResourceGroups');
+        const fullSubscriptionIds = config.get('selectedSubscriptions', []);
+        return fullSubscriptionIds.map(id => id.split('/')[0]);
+    }
+    /**
+     * Gets the subscription filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with `getSubscriptionFilters()`
+     * and/or `getTenantFilters()` overridden.
+     *
+     * If no values are returned by `getSubscriptionFilters()`, then all subscriptions will be returned.
+     *
+     * @returns A list of subscription IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    async getSubscriptionFilters() {
+        const config = vscode.workspace.getConfiguration('azureResourceGroups');
+        const fullSubscriptionIds = config.get('selectedSubscriptions', []);
+        return fullSubscriptionIds.map(id => id.split('/')[1]);
+    }
+    /**
+     * Gets the subscriptions for a given tenant.
+     *
+     * @param tenantId The tenant ID to get subscriptions for.
+     * @param account The account to get the subscriptions for.
+     *
+     * @returns The list of subscriptions for the tenant.
+     */
+    async getSubscriptionsForTenant(account, tenantId) {
+        // If the user is not signed in to this tenant or account, then return an empty list
+        // This is to prevent the NotSignedInError from being thrown in getSubscriptionClient
+        if (!await this.isSignedIn(tenantId, account)) {
+            return [];
+        }
+        const { client, credential, authentication } = await this.getSubscriptionClient(account, tenantId, undefined);
+        const environment = getConfiguredAzureEnv();
+        const subscriptions = [];
+        for await (const subscription of client.subscriptions.list()) {
+            subscriptions.push({
+                authentication: authentication,
+                environment: environment,
+                credential: credential,
+                isCustomCloud: environment.isCustomCloud,
+                /* eslint-disable @typescript-eslint/no-non-null-assertion */
+                name: subscription.displayName,
+                subscriptionId: subscription.subscriptionId,
+                tenantId: tenantId ?? subscription.tenantId,
+                /* eslint-enable @typescript-eslint/no-non-null-assertion */
+                account: account
+            });
+        }
+        return subscriptions;
+    }
+    /**
+     * Gets a fully-configured subscription client for a given tenant ID
+     *
+     * @param tenantId (Optional) The tenant ID to get a client for
+     * @param account The account that you would like to get the session for
+     *
+     * @returns A client, the credential used by the client, and the authentication function
+     */
+    async getSubscriptionClient(account, tenantId, scopes) {
+        const armSubs = await import('@azure/arm-resources-subscriptions');
+        const session = await getSessionFromVSCode(scopes, tenantId, { createIfNone: false, silent: true, account });
+        if (!session) {
+            throw new NotSignedInError();
+        }
+        const credential = {
+            getToken: async () => {
+                return {
+                    token: session.accessToken,
+                    expiresOnTimestamp: 0
+                };
+            }
+        };
+        const configuredAzureEnv = getConfiguredAzureEnv();
+        const endpoint = configuredAzureEnv.resourceManagerEndpointUrl;
+        return {
+            client: new armSubs.SubscriptionClient(credential, { endpoint }),
+            credential: credential,
+            authentication: {
+                getSession: () => session,
+                getSessionWithScopes: (scopeListOrRequest) => {
+                    // in order to handle a challenge, we must enable createIfNone so
+                    // that we can prompt the user to step-up their session with MFA
+                    // otherwise, never prompt the user
+                    return getSessionFromVSCode(scopeListOrRequest, tenantId, { ...(isAuthenticationWwwAuthenticateRequest(scopeListOrRequest) ? { createIfNone: true } : { silent: true }), account });
+                },
+            }
+        };
+    }
+}
+//# sourceMappingURL=VSCodeAzureSubscriptionProvider.js.map

package/dist/esm/src/getSessionFromVSCode.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import * as vscode from "vscode";
+/**
+ * Wraps {@link vscode.authentication.getSession} and handles:
+ * * Passing the configured auth provider id
+ * * Getting the list of scopes, adding the tenant id to the scope list if needed
+ *
+ * @param scopeOrListOrRequest - top-level resource scopes (e.g. http://management.azure.com, http://storage.azure.com) or .default scopes. All resources/scopes will be normalized to the `.default` scope for each resource.
+ * Use `vscode.AuthenticationWwwAuthenticateRequest` if you need to pass in a challenge (WWW-Authenticate header). Note: Use of `vscode.AuthenticationWwwAuthenticateRequest` requires VS Code 1.105.0 or newer.
+ * @param tenantId - (Optional) The tenant ID, will be added to the scopes
+ * @param options - see {@link vscode.AuthenticationGetSessionOptions}
+ * @returns An authentication session if available, or undefined if there are no sessions
+ */
+export declare function getSessionFromVSCode(scopeOrListOrRequest?: string | string[] | vscode.AuthenticationWwwAuthenticateRequest, tenantId?: string, options?: vscode.AuthenticationGetSessionOptions): Promise<vscode.AuthenticationSession | undefined>;

package/dist/esm/src/getSessionFromVSCode.js ADDED Viewed

@@ -0,0 +1,72 @@
+/*---------------------------------------------------------------------------------------------
+*  Copyright (c) Microsoft Corporation. All rights reserved.
+*  Licensed under the MIT License. See License.txt in the project root for license information.
+*--------------------------------------------------------------------------------------------*/
+import * as vscode from "vscode";
+import { getConfiguredAuthProviderId, getConfiguredAzureEnv } from "./utils/configuredAzureEnv";
+import { isAuthenticationWwwAuthenticateRequest } from "./utils/isAuthenticationWwwAuthenticateRequest";
+function ensureEndingSlash(value) {
+    return value.endsWith('/') ? value : `${value}/`;
+}
+function getResourceScopes(scopes) {
+    if (scopes === undefined || scopes === "" || scopes.length === 0) {
+        scopes = ensureEndingSlash(getConfiguredAzureEnv().managementEndpointUrl);
+    }
+    const arrScopes = (Array.isArray(scopes) ? scopes : [scopes])
+        .map((scope) => {
+        if (scope.endsWith('.default')) {
+            return scope;
+        }
+        else {
+            return `${scope}.default`;
+        }
+    });
+    return Array.from(new Set(arrScopes));
+}
+function addTenantIdScope(scopes, tenantId) {
+    const scopeSet = new Set(scopes);
+    scopeSet.add(`VSCODE_TENANT:${tenantId}`);
+    return Array.from(scopeSet);
+}
+function getModifiedScopes(scopes, tenantId) {
+    let scopeArr = getResourceScopes(scopes);
+    if (tenantId) {
+        scopeArr = addTenantIdScope(scopeArr, tenantId);
+    }
+    return scopeArr;
+}
+/**
+ * Deconstructs and rebuilds the scopes arg in order to use the above utils to modify the scopes array.
+ * And then returns the proper type to pass directly to vscode.authentication.getSession
+ */
+function formScopesArg(scopeOrListOrRequest, tenantId) {
+    const isChallenge = isAuthenticationWwwAuthenticateRequest(scopeOrListOrRequest);
+    let initialScopeList = undefined;
+    if (typeof scopeOrListOrRequest === 'string' && !!scopeOrListOrRequest) {
+        initialScopeList = [scopeOrListOrRequest];
+    }
+    else if (Array.isArray(scopeOrListOrRequest)) {
+        initialScopeList = scopeOrListOrRequest;
+    }
+    else if (isChallenge) {
+        // `scopeOrListOrRequest.fallbackScopes` being readonly forces us to rebuild the array
+        initialScopeList = scopeOrListOrRequest.fallbackScopes ? Array.from(scopeOrListOrRequest.fallbackScopes) : undefined;
+    }
+    const modifiedScopeList = getModifiedScopes(initialScopeList, tenantId);
+    return isChallenge ? { fallbackScopes: modifiedScopeList, wwwAuthenticate: scopeOrListOrRequest.wwwAuthenticate } : modifiedScopeList;
+}
+/**
+ * Wraps {@link vscode.authentication.getSession} and handles:
+ * * Passing the configured auth provider id
+ * * Getting the list of scopes, adding the tenant id to the scope list if needed
+ *
+ * @param scopeOrListOrRequest - top-level resource scopes (e.g. http://management.azure.com, http://storage.azure.com) or .default scopes. All resources/scopes will be normalized to the `.default` scope for each resource.
+ * Use `vscode.AuthenticationWwwAuthenticateRequest` if you need to pass in a challenge (WWW-Authenticate header). Note: Use of `vscode.AuthenticationWwwAuthenticateRequest` requires VS Code 1.105.0 or newer.
+ * @param tenantId - (Optional) The tenant ID, will be added to the scopes
+ * @param options - see {@link vscode.AuthenticationGetSessionOptions}
+ * @returns An authentication session if available, or undefined if there are no sessions
+ */
+export async function getSessionFromVSCode(scopeOrListOrRequest, tenantId, options) {
+    return await vscode.authentication.getSession(getConfiguredAuthProviderId(), formScopesArg(scopeOrListOrRequest, tenantId), options);
+}
+//# sourceMappingURL=getSessionFromVSCode.js.map

package/dist/esm/src/index.d.ts ADDED Viewed

@@ -0,0 +1,56 @@
+export * from './AzureAuthentication';
+export * from './AzureDevOpsSubscriptionProvider';
+export * from './AzureSubscription';
+export * from './AzureSubscriptionProvider';
+export * from './AzureTenant';
+export * from './NotSignedInError';
+export * from './signInToTenant';
+export * from './utils/configuredAzureEnv';
+export * from './utils/getUnauthenticatedTenants';
+export * from './VSCodeAzureSubscriptionProvider';
+declare module 'vscode' {
+    /**
+     * Represents parameters for creating a session based on a WWW-Authenticate header value.
+     * This is used when an API returns a 401 with a WWW-Authenticate header indicating
+     * that additional authentication is required. The details of which will be passed down
+     * to the authentication provider to create a session.
+     *
+     * @note The authorization provider must support handling challenges and specifically
+     * the challenges in this WWW-Authenticate value.
+     * @note For more information on WWW-Authenticate please see https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/WWW-Authenticate
+     */
+    interface AuthenticationWwwAuthenticateRequest {
+        /**
+         * The raw WWW-Authenticate header value that triggered this challenge.
+         * This will be parsed by the authentication provider to extract the necessary
+         * challenge information.
+         */
+        readonly wwwAuthenticate: string;
+        /**
+         * The fallback scopes to use if no scopes are found in the WWW-Authenticate header.
+         */
+        readonly fallbackScopes?: readonly string[];
+    }
+    /**
+     * Namespace for authentication.
+     */
+    namespace authentication {
+        /**
+         * Get an authentication session matching the desired scopes or request. Rejects if a provider with providerId is not
+         * registered, or if the user does not consent to sharing authentication information with the extension. If there
+         * are multiple sessions with the same scopes, the user will be shown a quickpick to select which account they would like to use.
+         *
+         * Built-in auth providers include:
+         * * 'github' - For GitHub.com
+         * * 'microsoft' For both personal & organizational Microsoft accounts
+         * * (less common) 'github-enterprise' - for alternative GitHub hostings, GHE.com, GitHub Enterprise Server
+         * * (less common) 'microsoft-sovereign-cloud' - for alternative Microsoft clouds
+         *
+         * @param providerId The id of the provider to use
+         * @param scopeListOrRequest A scope list of permissions requested or a WWW-Authenticate request. These are dependent on the authentication provider.
+         * @param options The {@link AuthenticationGetSessionOptions} to use
+         * @returns A thenable that resolves to an authentication session or undefined if a silent flow was used and no session was found
+         */
+        function getSession(providerId: string, scopeListOrRequest: ReadonlyArray<string> | AuthenticationWwwAuthenticateRequest, options?: AuthenticationGetSessionOptions): Thenable<AuthenticationSession | undefined>;
+    }
+}

package/{out/src/index.d.ts → dist/esm/src/index.js} RENAMED Viewed

@@ -1,10 +1,15 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
 export * from './AzureAuthentication';
 export * from './AzureDevOpsSubscriptionProvider';
-export * from './AzureTenant';
 export * from './AzureSubscription';
 export * from './AzureSubscriptionProvider';
+export * from './AzureTenant';
 export * from './NotSignedInError';
 export * from './signInToTenant';
 export * from './utils/configuredAzureEnv';
 export * from './utils/getUnauthenticatedTenants';
 export * from './VSCodeAzureSubscriptionProvider';
+//# sourceMappingURL=index.js.map

package/dist/esm/src/signInToTenant.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { AzureSubscriptionProvider } from "./AzureSubscriptionProvider";
+/**
+ * Prompts user to select from a list of unauthenticated tenants.
+ * Once selected, requests a new session from VS Code specifially for this tenant.
+ */
+export declare function signInToTenant(subscriptionProvider: AzureSubscriptionProvider): Promise<void>;

package/dist/esm/src/signInToTenant.js ADDED Viewed

@@ -0,0 +1,43 @@
+/*---------------------------------------------------------------------------------------------
+*  Copyright (c) Microsoft Corporation. All rights reserved.
+*  Licensed under the MIT License. See License.txt in the project root for license information.
+*--------------------------------------------------------------------------------------------*/
+import * as vscode from "vscode";
+import { getUnauthenticatedTenants } from "./utils/getUnauthenticatedTenants";
+/**
+ * Prompts user to select from a list of unauthenticated tenants.
+ * Once selected, requests a new session from VS Code specifially for this tenant.
+ */
+export async function signInToTenant(subscriptionProvider) {
+    const tenantId = await pickTenant(subscriptionProvider);
+    if (tenantId) {
+        await subscriptionProvider.signIn(tenantId);
+    }
+}
+async function pickTenant(subscriptionProvider) {
+    const pick = await vscode.window.showQuickPick(getPicks(subscriptionProvider), {
+        placeHolder: 'Select a Tenant (Directory) to Sign In To', // TODO: localize
+        matchOnDescription: true, // allow searching by tenantId
+        ignoreFocusOut: true,
+    });
+    return pick?.tenant.tenantId;
+}
+async function getPicks(subscriptionProvider) {
+    const unauthenticatedTenants = await getUnauthenticatedTenants(subscriptionProvider);
+    const duplicateTenants = new Set(unauthenticatedTenants
+        .filter((tenant, index, self) => index !== self.findIndex(t => t.tenantId === tenant.tenantId))
+        .map(tenant => tenant.tenantId));
+    const isDuplicate = (tenantId) => duplicateTenants.has(tenantId);
+    const picks = unauthenticatedTenants
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        .sort((a, b) => (a.displayName).localeCompare(b.displayName))
+        .map(tenant => ({
+        label: tenant.displayName ?? '',
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        description: `${tenant.tenantId}${isDuplicate(tenant.tenantId) ? ` (${tenant.account.label})` : ''}`,
+        detail: tenant.defaultDomain ?? '',
+        tenant,
+    }));
+    return picks;
+}
+//# sourceMappingURL=signInToTenant.js.map

package/dist/esm/src/utils/configuredAzureEnv.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import * as azureEnv from '@azure/ms-rest-azure-env';
+import * as vscode from 'vscode';
+/**
+ * Gets the configured Azure environment.
+ *
+ * @returns The configured Azure environment from the settings in the built-in authentication provider extension
+ */
+export declare function getConfiguredAzureEnv(): azureEnv.Environment & {
+    isCustomCloud: boolean;
+};
+/**
+ * Sets the configured Azure cloud.
+ *
+ * @param cloud Use `'AzureCloud'` or `undefined` for public Azure cloud, `'ChinaCloud'` for Azure China, or `'USGovernment'` for Azure US Government.
+ * These are the same values as the cloud names in `@azure/ms-rest-azure-env`. For a custom cloud, use an instance of the `@azure/ms-rest-azure-env` {@link azureEnv.EnvironmentParameters}.
+ *
+ * @param target (Optional) The configuration target to use, by default {@link vscode.ConfigurationTarget.Global}.
+ */
+export declare function setConfiguredAzureEnv(cloud: 'AzureCloud' | 'ChinaCloud' | 'USGovernment' | undefined | azureEnv.EnvironmentParameters, target?: vscode.ConfigurationTarget): Promise<void>;
+/**
+ * Gets the ID of the authentication provider configured to be used
+ * @returns The provider ID to use, either `'microsoft'` or `'microsoft-sovereign-cloud'`
+ */
+export declare function getConfiguredAuthProviderId(): string;

package/dist/esm/src/utils/configuredAzureEnv.js ADDED Viewed

@@ -0,0 +1,90 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+import * as azureEnv from '@azure/ms-rest-azure-env'; // This package is so small that it's not worth lazy loading
+import * as vscode from 'vscode';
+// These strings come from https://github.com/microsoft/vscode/blob/eac16e9b63a11885b538db3e0b533a02a2fb8143/extensions/microsoft-authentication/package.json#L40-L99
+const CustomCloudConfigurationSection = 'microsoft-sovereign-cloud';
+const CloudEnvironmentSettingName = 'environment';
+const CustomEnvironmentSettingName = 'customEnvironment';
+var CloudEnvironmentSettingValue;
+(function (CloudEnvironmentSettingValue) {
+    CloudEnvironmentSettingValue["ChinaCloud"] = "ChinaCloud";
+    CloudEnvironmentSettingValue["USGovernment"] = "USGovernment";
+    CloudEnvironmentSettingValue["Custom"] = "custom";
+})(CloudEnvironmentSettingValue || (CloudEnvironmentSettingValue = {}));
+/**
+ * Gets the configured Azure environment.
+ *
+ * @returns The configured Azure environment from the settings in the built-in authentication provider extension
+ */
+export function getConfiguredAzureEnv() {
+    const authProviderConfig = vscode.workspace.getConfiguration(CustomCloudConfigurationSection);
+    const environmentSettingValue = authProviderConfig.get(CloudEnvironmentSettingName);
+    if (environmentSettingValue === CloudEnvironmentSettingValue.ChinaCloud) {
+        return {
+            ...azureEnv.Environment.ChinaCloud,
+            isCustomCloud: false,
+        };
+    }
+    else if (environmentSettingValue === CloudEnvironmentSettingValue.USGovernment) {
+        return {
+            ...azureEnv.Environment.USGovernment,
+            isCustomCloud: false,
+        };
+    }
+    else if (environmentSettingValue === CloudEnvironmentSettingValue.Custom) {
+        const customCloud = authProviderConfig.get(CustomEnvironmentSettingName);
+        if (customCloud) {
+            return {
+                ...new azureEnv.Environment(customCloud),
+                isCustomCloud: true,
+            };
+        }
+        throw new Error(vscode.l10n.t('The custom cloud choice is not configured. Please configure the setting `{0}.{1}`.', CustomCloudConfigurationSection, CustomEnvironmentSettingName));
+    }
+    return {
+        ...azureEnv.Environment.get(azureEnv.Environment.AzureCloud.name),
+        isCustomCloud: false,
+    };
+}
+/**
+ * Sets the configured Azure cloud.
+ *
+ * @param cloud Use `'AzureCloud'` or `undefined` for public Azure cloud, `'ChinaCloud'` for Azure China, or `'USGovernment'` for Azure US Government.
+ * These are the same values as the cloud names in `@azure/ms-rest-azure-env`. For a custom cloud, use an instance of the `@azure/ms-rest-azure-env` {@link azureEnv.EnvironmentParameters}.
+ *
+ * @param target (Optional) The configuration target to use, by default {@link vscode.ConfigurationTarget.Global}.
+ */
+export async function setConfiguredAzureEnv(cloud, target = vscode.ConfigurationTarget.Global) {
+    const authProviderConfig = vscode.workspace.getConfiguration(CustomCloudConfigurationSection);
+    if (typeof cloud === 'undefined' || !cloud) {
+        // Use public cloud implicitly--set `environment` setting to `undefined`
+        await authProviderConfig.update(CloudEnvironmentSettingName, undefined, target);
+    }
+    else if (typeof cloud === 'string' && cloud === 'AzureCloud') {
+        // Use public cloud explicitly--set `environment` setting to `undefined`
+        await authProviderConfig.update(CloudEnvironmentSettingName, undefined, target);
+    }
+    else if (typeof cloud === 'string') {
+        // Use a sovereign cloud--set the `environment` setting to the specified value
+        await authProviderConfig.update(CloudEnvironmentSettingName, cloud, target);
+    }
+    else if (typeof cloud === 'object') {
+        // use a custom cloud--set the `environment` setting to `custom` and the `customEnvironment` setting to the specified value
+        await authProviderConfig.update(CloudEnvironmentSettingName, CloudEnvironmentSettingValue.Custom, target);
+        await authProviderConfig.update(CustomEnvironmentSettingName, cloud, target);
+    }
+    else {
+        throw new Error(`Invalid cloud value: ${JSON.stringify(cloud)}`);
+    }
+}
+/**
+ * Gets the ID of the authentication provider configured to be used
+ * @returns The provider ID to use, either `'microsoft'` or `'microsoft-sovereign-cloud'`
+ */
+export function getConfiguredAuthProviderId() {
+    return getConfiguredAzureEnv().name === azureEnv.Environment.AzureCloud.name ? 'microsoft' : 'microsoft-sovereign-cloud';
+}
+//# sourceMappingURL=configuredAzureEnv.js.map

package/dist/esm/src/utils/getUnauthenticatedTenants.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { AzureSubscriptionProvider } from "../AzureSubscriptionProvider";
+import type { AzureTenant } from "../AzureTenant";
+/**
+ * @returns list of tenants that VS Code doesn't have sessions for
+ */
+export declare function getUnauthenticatedTenants(subscriptionProvider: AzureSubscriptionProvider): Promise<AzureTenant[]>;

package/dist/esm/src/utils/getUnauthenticatedTenants.js ADDED Viewed

@@ -0,0 +1,18 @@
+/*---------------------------------------------------------------------------------------------
+*  Copyright (c) Microsoft Corporation. All rights reserved.
+*  Licensed under the MIT License. See License.txt in the project root for license information.
+*--------------------------------------------------------------------------------------------*/
+/**
+ * @returns list of tenants that VS Code doesn't have sessions for
+ */
+export async function getUnauthenticatedTenants(subscriptionProvider) {
+    const tenants = await subscriptionProvider.getTenants();
+    const unauthenticatedTenants = [];
+    for await (const tenant of tenants) {
+        if (!await subscriptionProvider.isSignedIn(tenant.tenantId, tenant.account)) {
+            unauthenticatedTenants.push(tenant);
+        }
+    }
+    return unauthenticatedTenants;
+}
+//# sourceMappingURL=getUnauthenticatedTenants.js.map