@microsoft/vscode-azext-azureauth 5.1.1 → 6.0.0-alpha.1

package/dist/esm/src/providers/AzureSubscriptionProviderBase.js

@@ -0,0 +1,356 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+import * as vscode from 'vscode';
+import { DefaultOptions, DefaultSignInOptions } from '../contracts/AzureSubscriptionProviderRequestOptions';
+import { getConfiguredAuthProviderId, getConfiguredAzureEnv } from '../utils/configuredAzureEnv';
+import { dedupeSubscriptions } from '../utils/dedupeSubscriptions';
+import { getSessionFromVSCode } from '../utils/getSessionFromVSCode';
+import { getSignalForToken } from '../utils/getSignalForToken';
+import { isAuthenticationWwwAuthenticateRequest } from '../utils/isAuthenticationWwwAuthenticateRequest';
+import { Limiter } from '../utils/Limiter';
+import { isNotSignedInError, NotSignedInError } from '../utils/NotSignedInError';
+import { screen } from '../utils/screen';
+import { tryGetTokenExpiration } from '../utils/tryGetTokenExpiration';
+const EventDebounce = 5 * 1000; // 5 seconds minimum between `onRefreshSuggested` events
+const EventSilenceTime = 5 * 1000; // 5 seconds after sign-in to silence `onRefreshSuggested` events
+const TenantListConcurrency = 3; // We will try to list tenants for at most 3 accounts in parallel
+const SubscriptionListConcurrency = 5; // We will try to list subscriptions for at most 5 account+tenants in parallel
+let armSubs;
+/**
+ * Base class for Azure subscription providers that use VS Code authentication.
+ * Handles actual communication with Azure via the Azure SDK, as well as
+ * controlling the firing of `onRefreshSuggested` events.
+ */
+export class AzureSubscriptionProviderBase {
+    logger;
+    sessionChangeListener;
+    refreshSuggestedEmitter = new vscode.EventEmitter();
+    lastRefreshSuggestedTime = 0;
+    suppressRefreshSuggestedEvents = false;
+    /**
+     * Constructs a new {@link AzureSubscriptionProviderBase}.
+     * @param logger (Optional) A logger to record information to
+     */
+    constructor(logger) {
+        this.logger = logger;
+    }
+    dispose() {
+        if (this.timeout) {
+            clearTimeout(this.timeout);
+            this.timeout = undefined;
+        }
+        this.sessionChangeListener?.dispose();
+        this.refreshSuggestedEmitter.dispose();
+    }
+    /**
+     * @inheritdoc
+     */
+    onRefreshSuggested(callback, thisArg, disposables) {
+        this.sessionChangeListener ??= vscode.authentication.onDidChangeSessions(evt => {
+            if (evt.provider.id === getConfiguredAuthProviderId()) {
+                this.fireRefreshSuggestedIfNeeded({ reason: 'sessionChange' });
+            }
+        });
+        return this.refreshSuggestedEmitter.event(callback, thisArg, disposables);
+    }
+    fireRefreshSuggestedIfNeeded(evtArgs) {
+        if (this.suppressRefreshSuggestedEvents || Date.now() < this.lastRefreshSuggestedTime + EventDebounce) {
+            // Suppress and/or debounce events to avoid flooding
+            return false;
+        }
+        this.log(`Firing onRefreshSuggested event due to reason: ${evtArgs.reason}`);
+        this.lastRefreshSuggestedTime = Date.now();
+        this.refreshSuggestedEmitter.fire(evtArgs);
+        return true;
+    }
+    /**
+     * @inheritdoc
+     */
+    async signIn(tenant, options = DefaultSignInOptions) {
+        const prompt = options.promptIfNeeded ?? DefaultSignInOptions.promptIfNeeded;
+        if (prompt) {
+            // If interactive, suppress without timeout until sign in is done (it can take a while when done interactively)
+            this.suppressRefreshSuggestedEvents = true;
+        }
+        else {
+            // If silent, suppress with normal timeout
+            this.silenceRefreshEvents();
+        }
+        const session = await getSessionFromVSCode(undefined, tenant?.tenantId, {
+            account: tenant?.account,
+            clearSessionPreference: options.clearSessionPreference ?? DefaultSignInOptions.clearSessionPreference,
+            createIfNone: prompt,
+            silent: !prompt,
+        });
+        if (prompt) {
+            // Interactive sign in can take a while, so silence events for a bit longer
+            this.silenceRefreshEvents();
+        }
+        return !!session;
+    }
+    /**
+     * @inheritdoc
+     */
+    async getAvailableSubscriptions(options = DefaultOptions) {
+        try {
+            const availableSubscriptions = [];
+            const tenantListLimiter = new Limiter(TenantListConcurrency);
+            const tenantListPromises = [];
+            const subscriptionListLimiter = new Limiter(SubscriptionListConcurrency);
+            const subscriptionListPromisesFlat = [];
+            let tenantsProcessed = 0;
+            const maximumTenants = options.maximumTenants ?? DefaultOptions.maximumTenants;
+            const accounts = await this.getAccounts(options);
+            for (const account of accounts) {
+                this.throwIfCancelled(options.token);
+                tenantListPromises.push(tenantListLimiter.queue(async () => {
+                    try {
+                        if (tenantsProcessed >= maximumTenants) {
+                            this.logForAccount(account, `Skipping account because maximum tenants of ${maximumTenants} has been reached`);
+                            return;
+                        }
+                        const tenants = await this.getTenantsForAccount(account, options);
+                        for (const tenant of tenants) {
+                            this.throwIfCancelled(options.token);
+                            if (tenantsProcessed >= maximumTenants) {
+                                this.logForAccount(account, `Skipping remaining tenants because maximum tenants of ${maximumTenants} has been reached`);
+                                break;
+                            }
+                            tenantsProcessed++;
+                            subscriptionListPromisesFlat.push(subscriptionListLimiter.queue(async () => {
+                                try {
+                                    const subscriptions = await this.getSubscriptionsForTenant(tenant, options);
+                                    availableSubscriptions.push(...subscriptions);
+                                }
+                                catch (err) {
+                                    if (isNotSignedInError(err)) {
+                                        this.logForTenant(tenant, 'Skipping account+tenant because it is not signed in');
+                                        return;
+                                    }
+                                    throw err;
+                                }
+                            }));
+                        }
+                    }
+                    catch (err) {
+                        if (isNotSignedInError(err)) {
+                            this.logForAccount(account, 'Skipping account because it is not signed in');
+                            return;
+                        }
+                    }
+                }));
+            }
+            await Promise.all(tenantListPromises);
+            await Promise.all(subscriptionListPromisesFlat);
+            return dedupeSubscriptions(availableSubscriptions);
+        }
+        catch (err) {
+            // Intentionally not eating NotSignedInError here, if it is thrown by getAccounts()
+            this.remapLogRethrow(err, options.token);
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getAccounts(options = DefaultOptions) {
+        try {
+            const startTime = Date.now();
+            this.log('Fetching accounts...');
+            this.silenceRefreshEvents();
+            const results = await vscode.authentication.getAccounts(getConfiguredAuthProviderId());
+            if (results.length === 0) {
+                this.log('No accounts found');
+                throw new NotSignedInError();
+            }
+            this.log(`Fetched ${results.length} accounts (before filter) in ${Date.now() - startTime}ms`);
+            return Array.from(results);
+        }
+        catch (err) {
+            // Cancellation is not actually supported by vscode.authentication.getAccounts, but just in case it is added in the future...
+            this.remapLogRethrow(err, options.token);
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getUnauthenticatedTenantsForAccount(account, options = DefaultOptions) {
+        try {
+            const startTime = Date.now();
+            const tenantListLimiter = new Limiter(TenantListConcurrency);
+            const tenantListPromises = [];
+            const allTenants = await this.getTenantsForAccount(account, { ...options, filter: false });
+            const unauthenticatedTenants = [];
+            for (const tenant of allTenants) {
+                tenantListPromises.push(tenantListLimiter.queue(async () => {
+                    this.throwIfCancelled(options.token);
+                    this.silenceRefreshEvents();
+                    const session = await getSessionFromVSCode(undefined, tenant.tenantId, {
+                        account: account,
+                        createIfNone: false,
+                        silent: true,
+                    });
+                    if (!session) {
+                        unauthenticatedTenants.push(tenant);
+                    }
+                }));
+            }
+            await Promise.all(tenantListPromises);
+            this.logForAccount(account, `Found ${unauthenticatedTenants.length} unauthenticated tenants in ${Date.now() - startTime}ms`);
+            return unauthenticatedTenants;
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getTenantsForAccount(account, options = DefaultOptions) {
+        try {
+            const startTime = Date.now();
+            this.logForAccount(account, 'Fetching tenants for account...');
+            const { client } = await this.getSubscriptionClient({ account: account, tenantId: undefined });
+            const allTenants = [];
+            for await (const tenant of client.tenants.list({ abortSignal: getSignalForToken(options.token) })) {
+                allTenants.push({
+                    ...tenant,
+                    tenantId: tenant.tenantId, // eslint-disable-line @typescript-eslint/no-non-null-assertion -- This is never null in practice
+                    account: account,
+                });
+            }
+            this.logForAccount(account, `Fetched ${allTenants.length} tenants (before filter) in ${Date.now() - startTime}ms`);
+            return allTenants;
+        }
+        catch (err) {
+            this.remapLogRethrow(err, options.token);
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getSubscriptionsForTenant(tenant, options = DefaultOptions) {
+        try {
+            const startTime = Date.now();
+            this.logForTenant(tenant, 'Fetching subscriptions for account+tenant...');
+            const { client, credential, authentication } = await this.getSubscriptionClient(tenant);
+            const environment = getConfiguredAzureEnv();
+            const allSubs = [];
+            for await (const subscription of client.subscriptions.list({ abortSignal: getSignalForToken(options.token) })) {
+                allSubs.push({
+                    authentication: authentication,
+                    environment: environment,
+                    credential: credential,
+                    isCustomCloud: environment.isCustomCloud,
+                    /* eslint-disable @typescript-eslint/no-non-null-assertion */
+                    name: subscription.displayName,
+                    subscriptionId: subscription.subscriptionId,
+                    /* eslint-enable @typescript-eslint/no-non-null-assertion */
+                    // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+                    tenantId: subscription.tenantId || tenant.tenantId, // In rare cases, a subscription may be listed but come from a different tenant
+                    account: tenant.account,
+                });
+            }
+            this.logForTenant(tenant, `Fetched ${allSubs.length} subscriptions (before filter) in ${Date.now() - startTime}ms`);
+            return allSubs;
+        }
+        catch (err) {
+            this.remapLogRethrow(err, options.token);
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * Gets a {@link SubscriptionClient} plus extras for the given account+tenant.
+     * @param tenant (Optional) The account+tenant to get a subscription client for. If not specified, the default account and home tenant
+     * will be used.
+     * @returns A {@link SubscriptionClient}, {@link TokenCredential}, and {@link AzureAuthentication} for the given account+tenant.
+     */
+    async getSubscriptionClient(tenant) {
+        const credential = {
+            getToken: async (scopes, options) => {
+                this.silenceRefreshEvents();
+                // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+                const session = await getSessionFromVSCode(scopes, options?.tenantId || tenant.tenantId, { createIfNone: false, silent: true, account: tenant.account });
+                if (!session) {
+                    throw new NotSignedInError();
+                }
+                return {
+                    token: session.accessToken,
+                    expiresOnTimestamp: tryGetTokenExpiration(session),
+                };
+            }
+        };
+        armSubs ??= await import('@azure/arm-resources-subscriptions');
+        return {
+            client: new armSubs.SubscriptionClient(credential, { endpoint: getConfiguredAzureEnv().resourceManagerEndpointUrl }),
+            credential: credential,
+            authentication: {
+                getSession: async () => {
+                    this.silenceRefreshEvents();
+                    const session = await getSessionFromVSCode(undefined, tenant.tenantId, { createIfNone: false, silent: true, account: tenant.account });
+                    if (!session) {
+                        throw new NotSignedInError();
+                    }
+                    return session;
+                },
+                getSessionWithScopes: async (scopeListOrRequest) => {
+                    this.silenceRefreshEvents();
+                    // in order to handle a challenge, we must enable createIfNone so
+                    // that we can prompt the user to step-up their session with MFA
+                    // otherwise, never prompt the user
+                    const session = await getSessionFromVSCode(scopeListOrRequest, tenant.tenantId, { ...(isAuthenticationWwwAuthenticateRequest(scopeListOrRequest) ? { createIfNone: true } : { silent: true }), account: tenant.account });
+                    if (!session) {
+                        throw new NotSignedInError();
+                    }
+                    return session;
+                },
+            }
+        };
+    }
+    log(message) {
+        this.logger?.debug(`[auth] ${message}`);
+    }
+    logForAccount(account, message) {
+        this.logger?.debug(`[auth] [account: ${screen(account)}] ${message}`);
+    }
+    logForTenant(tenant, message) {
+        this.logger?.debug(`[auth] [account: ${screen(tenant.account)}] [tenant: ${screen(tenant)}] ${message}`);
+    }
+    throwIfCancelled(token) {
+        if (token?.isCancellationRequested) {
+            throw new vscode.CancellationError();
+        }
+    }
+    timeout;
+    silenceRefreshEvents() {
+        this.suppressRefreshSuggestedEvents = true;
+        if (this.timeout) {
+            clearTimeout(this.timeout);
+            this.timeout = undefined;
+        }
+        this.timeout = setTimeout(() => {
+            clearTimeout(this.timeout);
+            this.timeout = undefined;
+            this.suppressRefreshSuggestedEvents = false;
+        }, EventSilenceTime);
+    }
+    remapLogRethrow(err, token) {
+        this.throwIfCancelled(token);
+        // eslint-disable-next-line @typescript-eslint/restrict-template-expressions
+        this.logger?.error(`[auth] Error occurred: ${err}`);
+        throw err;
+    }
+}
+//# sourceMappingURL=AzureSubscriptionProviderBase.js.map

package/dist/esm/src/providers/VSCodeAzureSubscriptionProvider.d.ts

@@ -0,0 +1,70 @@
+import * as vscode from 'vscode';
+import type { AzureAccount } from '../contracts/AzureAccount';
+import type { AzureSubscription, SubscriptionId, TenantId } from '../contracts/AzureSubscription';
+import type { RefreshSuggestedEvent, TenantIdAndAccount } from '../contracts/AzureSubscriptionProvider';
+import { type GetAccountsOptions, type GetAvailableSubscriptionsOptions, type GetSubscriptionsForTenantOptions, type GetTenantsForAccountOptions } from '../contracts/AzureSubscriptionProviderRequestOptions';
+import type { AzureTenant } from '../contracts/AzureTenant';
+import { AzureSubscriptionProviderBase } from './AzureSubscriptionProviderBase';
+/**
+ * Extension of {@link AzureSubscriptionProviderBase} that adds caching of accounts, tenants, and subscriptions,
+ * as well as filtering and deduplication according to configured settings. Additionally, promise
+ * coalescence is added for {@link getAvailableSubscriptions}.
+ *
+ * @note See important notes about caching on {@link BaseOptions.noCache}
+ */
+export declare class VSCodeAzureSubscriptionProvider extends AzureSubscriptionProviderBase {
+    private readonly accountCache;
+    private readonly tenantCache;
+    private readonly subscriptionCache;
+    private readonly availableSubscriptionsPromises;
+    private configChangeListener;
+    dispose(): void;
+    /**
+     * @inheritdoc
+     */
+    onRefreshSuggested(callback: (reason: RefreshSuggestedEvent) => unknown, thisArg?: unknown, disposables?: vscode.Disposable[]): vscode.Disposable;
+    protected fireRefreshSuggestedIfNeeded(evtArgs: RefreshSuggestedEvent): boolean;
+    /**
+     * @inheritdoc
+     */
+    getAvailableSubscriptions(options?: GetAvailableSubscriptionsOptions): Promise<AzureSubscription[]>;
+    /**
+     * @inheritdoc
+     */
+    getAccounts(options?: GetAccountsOptions): Promise<AzureAccount[]>;
+    /**
+     * @inheritdoc
+     */
+    getTenantsForAccount(account: AzureAccount, options?: GetTenantsForAccountOptions): Promise<AzureTenant[]>;
+    /**
+     * @inheritdoc
+     */
+    getSubscriptionsForTenant(tenant: TenantIdAndAccount, options?: GetSubscriptionsForTenantOptions): Promise<AzureSubscription[]>;
+    /**
+     * Gets the account filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with filter methods overridden.
+     *
+     * If no values are returned by `getAccountFilters()`, then all accounts will be scanned for subscriptions.
+     *
+     * @returns A list of account IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    protected getAccountFilters(): Promise<string[]>;
+    /**
+     * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with filter methods overridden.
+     *
+     * If no values are returned by `getTenantFilters()`, then all tenants will be scanned for subscriptions.
+     *
+     * @returns A list of unique tenant IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    protected getTenantFilters(): Promise<TenantId[]>;
+    /**
+     * Gets the subscription filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with filter methods overridden.
+     *
+     * If no values are returned by `getSubscriptionFilters()`, then all subscriptions will be scanned.
+     *
+     * @returns A list of unique subscription IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    protected getSubscriptionFilters(): Promise<SubscriptionId[]>;
+}

package/dist/esm/src/providers/VSCodeAzureSubscriptionProvider.js

@@ -0,0 +1,232 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+import * as vscode from 'vscode';
+import { DefaultOptions, getCoalescenceKey } from '../contracts/AzureSubscriptionProviderRequestOptions'; // eslint-disable-line @typescript-eslint/no-unused-vars -- It is used in the doc comments
+import { dedupeSubscriptions } from '../utils/dedupeSubscriptions';
+import { CaselessMap } from '../utils/map/CaselessMap';
+import { TwoKeyCaselessMap } from '../utils/map/TwoKeyCaselessMap';
+import { AzureSubscriptionProviderBase } from './AzureSubscriptionProviderBase';
+const ConfigPrefix = 'azureResourceGroups';
+const SelectedSubscriptionsConfigKey = 'selectedSubscriptions';
+/**
+ * Extension of {@link AzureSubscriptionProviderBase} that adds caching of accounts, tenants, and subscriptions,
+ * as well as filtering and deduplication according to configured settings. Additionally, promise
+ * coalescence is added for {@link getAvailableSubscriptions}.
+ *
+ * @note See important notes about caching on {@link BaseOptions.noCache}
+ */
+export class VSCodeAzureSubscriptionProvider extends AzureSubscriptionProviderBase {
+    accountCache = new CaselessMap(); // Key is the account ID
+    tenantCache = new CaselessMap(); // Key is the account ID
+    subscriptionCache = new TwoKeyCaselessMap(); // Keys are account ID and tenant ID
+    availableSubscriptionsPromises = new Map(); // Key is from getOptionsCoalescenceKey
+    configChangeListener;
+    dispose() {
+        this.configChangeListener?.dispose();
+        super.dispose();
+    }
+    /**
+     * @inheritdoc
+     */
+    onRefreshSuggested(callback, thisArg, disposables) {
+        this.configChangeListener ??= vscode.workspace.onDidChangeConfiguration(e => {
+            if (e.affectsConfiguration(`${ConfigPrefix}.${SelectedSubscriptionsConfigKey}`)) {
+                this.fireRefreshSuggestedIfNeeded({ reason: 'subscriptionFilterChange' });
+            }
+        });
+        return super.onRefreshSuggested(callback, thisArg, disposables);
+    }
+    fireRefreshSuggestedIfNeeded(evtArgs) {
+        const actuallyFired = super.fireRefreshSuggestedIfNeeded(evtArgs);
+        if (actuallyFired && evtArgs.reason === 'sessionChange') {
+            // Clear just the account cache--tenants and subscriptions are probably still valid,
+            // but the session change event may been have fired due to account sign out
+            this.accountCache.clear();
+        }
+        return actuallyFired;
+    }
+    /**
+     * @inheritdoc
+     */
+    async getAvailableSubscriptions(options = DefaultOptions) {
+        try {
+            const key = getCoalescenceKey(options);
+            if (key && this.availableSubscriptionsPromises.has(key)) {
+                return await this.availableSubscriptionsPromises.get(key); // eslint-disable-line @typescript-eslint/no-non-null-assertion -- We just checked it has the key
+            }
+            else {
+                try {
+                    const promise = super.getAvailableSubscriptions(options);
+                    if (key) {
+                        this.availableSubscriptionsPromises.set(key, promise);
+                    }
+                    return await promise;
+                }
+                finally {
+                    if (key) {
+                        this.availableSubscriptionsPromises.delete(key);
+                    }
+                }
+            }
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getAccounts(options = DefaultOptions) {
+        try {
+            if (options.noCache ?? DefaultOptions.noCache) {
+                this.accountCache.clear();
+            }
+            // If needed, refill the cache
+            if (this.accountCache.size === 0) {
+                const accounts = await super.getAccounts(options);
+                accounts.forEach(account => this.accountCache.set(account.id, account));
+                this.log(`Cached ${accounts.length} accounts`);
+            }
+            else {
+                this.log('Using cached accounts');
+            }
+            let results = Array.from(this.accountCache.values());
+            // If needed, filter according to configured filters
+            if (options.filter ?? DefaultOptions.filter) {
+                const accountFilters = await this.getAccountFilters();
+                if (accountFilters.length > 0) {
+                    this.log(`Filtering accounts to ${accountFilters.length} configured accounts`);
+                    results = results.filter(account => accountFilters.includes(account.id.toLowerCase()));
+                }
+            }
+            this.log(`Returning ${results.length} accounts.`);
+            return results.sort((a, b) => a.label.localeCompare(b.label));
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getTenantsForAccount(account, options = DefaultOptions) {
+        try {
+            // If needed, delete the cache for this account
+            if (options.noCache ?? DefaultOptions.noCache) {
+                this.tenantCache.delete(account.id);
+            }
+            // If needed, refill the cache
+            if (!this.tenantCache.has(account.id)) {
+                const tenants = await super.getTenantsForAccount(account, options);
+                this.tenantCache.set(account.id, tenants);
+                this.logForAccount(account, `Cached ${tenants.length} tenants for account`);
+            }
+            else {
+                this.logForAccount(account, 'Using cached tenants for account');
+            }
+            let results = this.tenantCache.get(account.id); // eslint-disable-line @typescript-eslint/no-non-null-assertion -- We just filled it
+            // If needed, filter according to configured filters
+            if (options.filter ?? DefaultOptions.filter) {
+                const tenantFilters = await this.getTenantFilters();
+                if (tenantFilters.length > 0) {
+                    this.logForAccount(account, `Filtering tenants for account to ${tenantFilters.length} configured tenants`);
+                    results = results.filter(tenant => tenantFilters.includes(tenant.tenantId.toLowerCase()));
+                }
+            }
+            this.logForAccount(account, `Returning ${results.length} tenants for account`);
+            // Finally, sort
+            return results.sort((a, b) => {
+                if (a.displayName && b.displayName) {
+                    return a.displayName.localeCompare(b.displayName);
+                }
+                return a.tenantId.localeCompare(b.tenantId);
+            });
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getSubscriptionsForTenant(tenant, options = DefaultOptions) {
+        try {
+            // If needed, delete the cache for this account+tenant
+            if (options.noCache ?? DefaultOptions.noCache) {
+                this.subscriptionCache.delete(tenant.account.id, tenant.tenantId);
+            }
+            // If needed, refill the cache
+            if (!this.subscriptionCache.has(tenant.account.id, tenant.tenantId)) {
+                const subscriptions = await super.getSubscriptionsForTenant(tenant, options);
+                this.subscriptionCache.set(tenant.account.id, tenant.tenantId, subscriptions);
+                this.logForTenant(tenant, `Cached ${subscriptions.length} subscriptions for account+tenant`);
+            }
+            else {
+                this.logForTenant(tenant, 'Using cached subscriptions for account+tenant');
+            }
+            let results = this.subscriptionCache.get(tenant.account.id, tenant.tenantId); // eslint-disable-line @typescript-eslint/no-non-null-assertion -- We just filled it
+            // If needed, filter according to configured filters
+            if (options.filter ?? DefaultOptions.filter) {
+                const subscriptionFilters = await this.getSubscriptionFilters();
+                if (subscriptionFilters.length > 0) {
+                    this.logForTenant(tenant, `Filtering subscriptions for account+tenant to ${subscriptionFilters.length} configured subscriptions`);
+                    results = results.filter(sub => subscriptionFilters.includes(sub.subscriptionId.toLowerCase()));
+                }
+            }
+            // If needed, dedupe according to options
+            if (options.dedupe ?? DefaultOptions.dedupe) {
+                this.logForTenant(tenant, 'Deduping subscriptions for account+tenant');
+                results = dedupeSubscriptions(results);
+            }
+            this.logForTenant(tenant, `Returning ${results.length} subscriptions for account+tenant`);
+            // Finally, sort
+            return results.sort((a, b) => a.name.localeCompare(b.name));
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * Gets the account filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with filter methods overridden.
+     *
+     * If no values are returned by `getAccountFilters()`, then all accounts will be scanned for subscriptions.
+     *
+     * @returns A list of account IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    getAccountFilters() {
+        // TODO: implement account filtering based on configuration if needed
+        return Promise.resolve([]);
+    }
+    /**
+     * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with filter methods overridden.
+     *
+     * If no values are returned by `getTenantFilters()`, then all tenants will be scanned for subscriptions.
+     *
+     * @returns A list of unique tenant IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    getTenantFilters() {
+        const config = vscode.workspace.getConfiguration(ConfigPrefix);
+        const fullSubscriptionIds = config.get(SelectedSubscriptionsConfigKey, []);
+        const tenantIds = fullSubscriptionIds.map(id => id.split('/')[0].toLowerCase());
+        return Promise.resolve(Array.from(new Set(tenantIds)));
+    }
+    /**
+     * Gets the subscription filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with filter methods overridden.
+     *
+     * If no values are returned by `getSubscriptionFilters()`, then all subscriptions will be scanned.
+     *
+     * @returns A list of unique subscription IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    getSubscriptionFilters() {
+        const config = vscode.workspace.getConfiguration(ConfigPrefix);
+        const fullSubscriptionIds = config.get(SelectedSubscriptionsConfigKey, []);
+        const subscriptionIds = fullSubscriptionIds.map(id => id.split('/')[1].toLowerCase());
+        return Promise.resolve(Array.from(new Set(subscriptionIds)));
+    }
+}
+//# sourceMappingURL=VSCodeAzureSubscriptionProvider.js.map

package/dist/esm/src/utils/Limiter.d.ts

@@ -0,0 +1,9 @@
+export declare class Limiter<T> {
+    private runningPromises;
+    private maxDegreeOfParalellism;
+    private outstandingPromises;
+    constructor(maxDegreeOfParalellism: number);
+    queue(factory: () => Promise<T>): Promise<T>;
+    private consume;
+    private consumed;
+}