@microsoft/vscode-azext-azureauth 5.1.1 → 6.0.0-alpha.2

package/dist/cjs/src/providers/AzureSubscriptionProviderBase.js

@@ -0,0 +1,393 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AzureSubscriptionProviderBase = void 0;
+const vscode = __importStar(require("vscode"));
+const AzureSubscriptionProviderRequestOptions_1 = require("../contracts/AzureSubscriptionProviderRequestOptions");
+const configuredAzureEnv_1 = require("../utils/configuredAzureEnv");
+const dedupeSubscriptions_1 = require("../utils/dedupeSubscriptions");
+const getSessionFromVSCode_1 = require("../utils/getSessionFromVSCode");
+const getSignalForToken_1 = require("../utils/getSignalForToken");
+const isAuthenticationWwwAuthenticateRequest_1 = require("../utils/isAuthenticationWwwAuthenticateRequest");
+const Limiter_1 = require("../utils/Limiter");
+const NotSignedInError_1 = require("../utils/NotSignedInError");
+const screen_1 = require("../utils/screen");
+const tryGetTokenExpiration_1 = require("../utils/tryGetTokenExpiration");
+const EventDebounce = 5 * 1000; // 5 seconds minimum between `onRefreshSuggested` events
+const EventSilenceTime = 5 * 1000; // 5 seconds after sign-in to silence `onRefreshSuggested` events
+const TenantListConcurrency = 3; // We will try to list tenants for at most 3 accounts in parallel
+const SubscriptionListConcurrency = 5; // We will try to list subscriptions for at most 5 account+tenants in parallel
+let armSubs;
+/**
+ * Base class for Azure subscription providers that use VS Code authentication.
+ * Handles actual communication with Azure via the Azure SDK, as well as
+ * controlling the firing of `onRefreshSuggested` events.
+ */
+class AzureSubscriptionProviderBase {
+    logger;
+    sessionChangeListener;
+    refreshSuggestedEmitter = new vscode.EventEmitter();
+    lastRefreshSuggestedTime = 0;
+    suppressRefreshSuggestedEvents = false;
+    /**
+     * Constructs a new {@link AzureSubscriptionProviderBase}.
+     * @param logger (Optional) A logger to record information to
+     */
+    constructor(logger) {
+        this.logger = logger;
+    }
+    dispose() {
+        if (this.timeout) {
+            clearTimeout(this.timeout);
+            this.timeout = undefined;
+        }
+        this.sessionChangeListener?.dispose();
+        this.refreshSuggestedEmitter.dispose();
+    }
+    /**
+     * @inheritdoc
+     */
+    onRefreshSuggested(callback, thisArg, disposables) {
+        this.sessionChangeListener ??= vscode.authentication.onDidChangeSessions(evt => {
+            if (evt.provider.id === (0, configuredAzureEnv_1.getConfiguredAuthProviderId)()) {
+                this.fireRefreshSuggestedIfNeeded({ reason: 'sessionChange' });
+            }
+        });
+        return this.refreshSuggestedEmitter.event(callback, thisArg, disposables);
+    }
+    fireRefreshSuggestedIfNeeded(evtArgs) {
+        if (this.suppressRefreshSuggestedEvents || Date.now() < this.lastRefreshSuggestedTime + EventDebounce) {
+            // Suppress and/or debounce events to avoid flooding
+            return false;
+        }
+        this.log(`Firing onRefreshSuggested event due to reason: ${evtArgs.reason}`);
+        this.lastRefreshSuggestedTime = Date.now();
+        this.refreshSuggestedEmitter.fire(evtArgs);
+        return true;
+    }
+    /**
+     * @inheritdoc
+     */
+    async signIn(tenant, options = AzureSubscriptionProviderRequestOptions_1.DefaultSignInOptions) {
+        const prompt = options.promptIfNeeded ?? AzureSubscriptionProviderRequestOptions_1.DefaultSignInOptions.promptIfNeeded;
+        if (prompt) {
+            // If interactive, suppress without timeout until sign in is done (it can take a while when done interactively)
+            this.suppressRefreshSuggestedEvents = true;
+        }
+        else {
+            // If silent, suppress with normal timeout
+            this.silenceRefreshEvents();
+        }
+        const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)(undefined, tenant?.tenantId, {
+            account: tenant?.account,
+            clearSessionPreference: options.clearSessionPreference ?? AzureSubscriptionProviderRequestOptions_1.DefaultSignInOptions.clearSessionPreference,
+            createIfNone: prompt,
+            silent: !prompt,
+        });
+        if (prompt) {
+            // Interactive sign in can take a while, so silence events for a bit longer
+            this.silenceRefreshEvents();
+        }
+        return !!session;
+    }
+    /**
+     * @inheritdoc
+     */
+    async getAvailableSubscriptions(options = AzureSubscriptionProviderRequestOptions_1.DefaultOptions) {
+        try {
+            const availableSubscriptions = [];
+            const tenantListLimiter = new Limiter_1.Limiter(TenantListConcurrency);
+            const tenantListPromises = [];
+            const subscriptionListLimiter = new Limiter_1.Limiter(SubscriptionListConcurrency);
+            const subscriptionListPromisesFlat = [];
+            let tenantsProcessed = 0;
+            const maximumTenants = options.maximumTenants ?? AzureSubscriptionProviderRequestOptions_1.DefaultOptions.maximumTenants;
+            const accounts = await this.getAccounts(options);
+            for (const account of accounts) {
+                this.throwIfCancelled(options.token);
+                tenantListPromises.push(tenantListLimiter.queue(async () => {
+                    try {
+                        if (tenantsProcessed >= maximumTenants) {
+                            this.logForAccount(account, `Skipping account because maximum tenants of ${maximumTenants} has been reached`);
+                            return;
+                        }
+                        const tenants = await this.getTenantsForAccount(account, options);
+                        for (const tenant of tenants) {
+                            this.throwIfCancelled(options.token);
+                            if (tenantsProcessed >= maximumTenants) {
+                                this.logForAccount(account, `Skipping remaining tenants because maximum tenants of ${maximumTenants} has been reached`);
+                                break;
+                            }
+                            tenantsProcessed++;
+                            subscriptionListPromisesFlat.push(subscriptionListLimiter.queue(async () => {
+                                try {
+                                    const subscriptions = await this.getSubscriptionsForTenant(tenant, options);
+                                    availableSubscriptions.push(...subscriptions);
+                                }
+                                catch (err) {
+                                    if ((0, NotSignedInError_1.isNotSignedInError)(err)) {
+                                        this.logForTenant(tenant, 'Skipping account+tenant because it is not signed in');
+                                        return;
+                                    }
+                                    throw err;
+                                }
+                            }));
+                        }
+                    }
+                    catch (err) {
+                        if ((0, NotSignedInError_1.isNotSignedInError)(err)) {
+                            this.logForAccount(account, 'Skipping account because it is not signed in');
+                            return;
+                        }
+                    }
+                }));
+            }
+            await Promise.all(tenantListPromises);
+            await Promise.all(subscriptionListPromisesFlat);
+            return (0, dedupeSubscriptions_1.dedupeSubscriptions)(availableSubscriptions);
+        }
+        catch (err) {
+            // Intentionally not eating NotSignedInError here, if it is thrown by getAccounts()
+            this.remapLogRethrow(err, options.token);
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getAccounts(options = AzureSubscriptionProviderRequestOptions_1.DefaultOptions) {
+        try {
+            const startTime = Date.now();
+            this.log('Fetching accounts...');
+            this.silenceRefreshEvents();
+            const results = await vscode.authentication.getAccounts((0, configuredAzureEnv_1.getConfiguredAuthProviderId)());
+            if (results.length === 0) {
+                this.log('No accounts found');
+                throw new NotSignedInError_1.NotSignedInError();
+            }
+            this.log(`Fetched ${results.length} accounts (before filter) in ${Date.now() - startTime}ms`);
+            return Array.from(results);
+        }
+        catch (err) {
+            // Cancellation is not actually supported by vscode.authentication.getAccounts, but just in case it is added in the future...
+            this.remapLogRethrow(err, options.token);
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getUnauthenticatedTenantsForAccount(account, options = AzureSubscriptionProviderRequestOptions_1.DefaultOptions) {
+        try {
+            const startTime = Date.now();
+            const tenantListLimiter = new Limiter_1.Limiter(TenantListConcurrency);
+            const tenantListPromises = [];
+            const allTenants = await this.getTenantsForAccount(account, { ...options, filter: false });
+            const unauthenticatedTenants = [];
+            for (const tenant of allTenants) {
+                tenantListPromises.push(tenantListLimiter.queue(async () => {
+                    this.throwIfCancelled(options.token);
+                    this.silenceRefreshEvents();
+                    const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)(undefined, tenant.tenantId, {
+                        account: account,
+                        createIfNone: false,
+                        silent: true,
+                    });
+                    if (!session) {
+                        unauthenticatedTenants.push(tenant);
+                    }
+                }));
+            }
+            await Promise.all(tenantListPromises);
+            this.logForAccount(account, `Found ${unauthenticatedTenants.length} unauthenticated tenants in ${Date.now() - startTime}ms`);
+            return unauthenticatedTenants;
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getTenantsForAccount(account, options = AzureSubscriptionProviderRequestOptions_1.DefaultOptions) {
+        try {
+            const startTime = Date.now();
+            this.logForAccount(account, 'Fetching tenants for account...');
+            const { client } = await this.getSubscriptionClient({ account: account, tenantId: undefined });
+            const allTenants = [];
+            for await (const tenant of client.tenants.list({ abortSignal: (0, getSignalForToken_1.getSignalForToken)(options.token) })) {
+                allTenants.push({
+                    ...tenant,
+                    tenantId: tenant.tenantId, // eslint-disable-line @typescript-eslint/no-non-null-assertion -- This is never null in practice
+                    account: account,
+                });
+            }
+            this.logForAccount(account, `Fetched ${allTenants.length} tenants (before filter) in ${Date.now() - startTime}ms`);
+            return allTenants;
+        }
+        catch (err) {
+            this.remapLogRethrow(err, options.token);
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getSubscriptionsForTenant(tenant, options = AzureSubscriptionProviderRequestOptions_1.DefaultOptions) {
+        try {
+            const startTime = Date.now();
+            this.logForTenant(tenant, 'Fetching subscriptions for account+tenant...');
+            const { client, credential, authentication } = await this.getSubscriptionClient(tenant);
+            const environment = (0, configuredAzureEnv_1.getConfiguredAzureEnv)();
+            const allSubs = [];
+            for await (const subscription of client.subscriptions.list({ abortSignal: (0, getSignalForToken_1.getSignalForToken)(options.token) })) {
+                allSubs.push({
+                    authentication: authentication,
+                    environment: environment,
+                    credential: credential,
+                    isCustomCloud: environment.isCustomCloud,
+                    /* eslint-disable @typescript-eslint/no-non-null-assertion */
+                    name: subscription.displayName,
+                    subscriptionId: subscription.subscriptionId,
+                    /* eslint-enable @typescript-eslint/no-non-null-assertion */
+                    // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+                    tenantId: subscription.tenantId || tenant.tenantId, // In rare cases, a subscription may be listed but come from a different tenant
+                    account: tenant.account,
+                });
+            }
+            this.logForTenant(tenant, `Fetched ${allSubs.length} subscriptions (before filter) in ${Date.now() - startTime}ms`);
+            return allSubs;
+        }
+        catch (err) {
+            this.remapLogRethrow(err, options.token);
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * Gets a {@link SubscriptionClient} plus extras for the given account+tenant.
+     * @param tenant (Optional) The account+tenant to get a subscription client for. If not specified, the default account and home tenant
+     * will be used.
+     * @returns A {@link SubscriptionClient}, {@link TokenCredential}, and {@link AzureAuthentication} for the given account+tenant.
+     */
+    async getSubscriptionClient(tenant) {
+        const credential = {
+            getToken: async (scopes, options) => {
+                this.silenceRefreshEvents();
+                // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+                const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)(scopes, options?.tenantId || tenant.tenantId, { createIfNone: false, silent: true, account: tenant.account });
+                if (!session) {
+                    throw new NotSignedInError_1.NotSignedInError();
+                }
+                return {
+                    token: session.accessToken,
+                    expiresOnTimestamp: (0, tryGetTokenExpiration_1.tryGetTokenExpiration)(session),
+                };
+            }
+        };
+        armSubs ??= await import('@azure/arm-resources-subscriptions');
+        return {
+            client: new armSubs.SubscriptionClient(credential, { endpoint: (0, configuredAzureEnv_1.getConfiguredAzureEnv)().resourceManagerEndpointUrl }),
+            credential: credential,
+            authentication: {
+                getSession: async () => {
+                    this.silenceRefreshEvents();
+                    const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)(undefined, tenant.tenantId, { createIfNone: false, silent: true, account: tenant.account });
+                    if (!session) {
+                        throw new NotSignedInError_1.NotSignedInError();
+                    }
+                    return session;
+                },
+                getSessionWithScopes: async (scopeListOrRequest) => {
+                    this.silenceRefreshEvents();
+                    // in order to handle a challenge, we must enable createIfNone so
+                    // that we can prompt the user to step-up their session with MFA
+                    // otherwise, never prompt the user
+                    const session = await (0, getSessionFromVSCode_1.getSessionFromVSCode)(scopeListOrRequest, tenant.tenantId, { ...((0, isAuthenticationWwwAuthenticateRequest_1.isAuthenticationWwwAuthenticateRequest)(scopeListOrRequest) ? { createIfNone: true } : { silent: true }), account: tenant.account });
+                    if (!session) {
+                        throw new NotSignedInError_1.NotSignedInError();
+                    }
+                    return session;
+                },
+            }
+        };
+    }
+    log(message) {
+        this.logger?.debug(`[auth] ${message}`);
+    }
+    logForAccount(account, message) {
+        this.logger?.debug(`[auth] [account: ${(0, screen_1.screen)(account)}] ${message}`);
+    }
+    logForTenant(tenant, message) {
+        this.logger?.debug(`[auth] [account: ${(0, screen_1.screen)(tenant.account)}] [tenant: ${(0, screen_1.screen)(tenant)}] ${message}`);
+    }
+    throwIfCancelled(token) {
+        if (token?.isCancellationRequested) {
+            throw new vscode.CancellationError();
+        }
+    }
+    timeout;
+    silenceRefreshEvents() {
+        this.suppressRefreshSuggestedEvents = true;
+        if (this.timeout) {
+            clearTimeout(this.timeout);
+            this.timeout = undefined;
+        }
+        this.timeout = setTimeout(() => {
+            clearTimeout(this.timeout);
+            this.timeout = undefined;
+            this.suppressRefreshSuggestedEvents = false;
+        }, EventSilenceTime);
+    }
+    remapLogRethrow(err, token) {
+        this.throwIfCancelled(token);
+        // eslint-disable-next-line @typescript-eslint/restrict-template-expressions
+        this.logger?.error(`[auth] Error occurred: ${err}`);
+        throw err;
+    }
+}
+exports.AzureSubscriptionProviderBase = AzureSubscriptionProviderBase;
+//# sourceMappingURL=AzureSubscriptionProviderBase.js.map

package/dist/cjs/src/providers/VSCodeAzureSubscriptionProvider.js

@@ -0,0 +1,269 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VSCodeAzureSubscriptionProvider = void 0;
+const vscode = __importStar(require("vscode"));
+const AzureSubscriptionProviderRequestOptions_1 = require("../contracts/AzureSubscriptionProviderRequestOptions"); // eslint-disable-line @typescript-eslint/no-unused-vars -- It is used in the doc comments
+const dedupeSubscriptions_1 = require("../utils/dedupeSubscriptions");
+const CaselessMap_1 = require("../utils/map/CaselessMap");
+const TwoKeyCaselessMap_1 = require("../utils/map/TwoKeyCaselessMap");
+const AzureSubscriptionProviderBase_1 = require("./AzureSubscriptionProviderBase");
+const ConfigPrefix = 'azureResourceGroups';
+const SelectedSubscriptionsConfigKey = 'selectedSubscriptions';
+/**
+ * Extension of {@link AzureSubscriptionProviderBase} that adds caching of accounts, tenants, and subscriptions,
+ * as well as filtering and deduplication according to configured settings. Additionally, promise
+ * coalescence is added for {@link getAvailableSubscriptions}.
+ *
+ * @note See important notes about caching on {@link BaseOptions.noCache}
+ */
+class VSCodeAzureSubscriptionProvider extends AzureSubscriptionProviderBase_1.AzureSubscriptionProviderBase {
+    accountCache = new CaselessMap_1.CaselessMap(); // Key is the account ID
+    tenantCache = new CaselessMap_1.CaselessMap(); // Key is the account ID
+    subscriptionCache = new TwoKeyCaselessMap_1.TwoKeyCaselessMap(); // Keys are account ID and tenant ID
+    availableSubscriptionsPromises = new Map(); // Key is from getOptionsCoalescenceKey
+    configChangeListener;
+    dispose() {
+        this.configChangeListener?.dispose();
+        super.dispose();
+    }
+    /**
+     * @inheritdoc
+     */
+    onRefreshSuggested(callback, thisArg, disposables) {
+        this.configChangeListener ??= vscode.workspace.onDidChangeConfiguration(e => {
+            if (e.affectsConfiguration(`${ConfigPrefix}.${SelectedSubscriptionsConfigKey}`)) {
+                this.fireRefreshSuggestedIfNeeded({ reason: 'subscriptionFilterChange' });
+            }
+        });
+        return super.onRefreshSuggested(callback, thisArg, disposables);
+    }
+    fireRefreshSuggestedIfNeeded(evtArgs) {
+        const actuallyFired = super.fireRefreshSuggestedIfNeeded(evtArgs);
+        if (actuallyFired && evtArgs.reason === 'sessionChange') {
+            // Clear just the account cache--tenants and subscriptions are probably still valid,
+            // but the session change event may been have fired due to account sign out
+            this.accountCache.clear();
+        }
+        return actuallyFired;
+    }
+    /**
+     * @inheritdoc
+     */
+    async getAvailableSubscriptions(options = AzureSubscriptionProviderRequestOptions_1.DefaultOptions) {
+        try {
+            const key = (0, AzureSubscriptionProviderRequestOptions_1.getCoalescenceKey)(options);
+            if (key && this.availableSubscriptionsPromises.has(key)) {
+                return await this.availableSubscriptionsPromises.get(key); // eslint-disable-line @typescript-eslint/no-non-null-assertion -- We just checked it has the key
+            }
+            else {
+                try {
+                    const promise = super.getAvailableSubscriptions(options);
+                    if (key) {
+                        this.availableSubscriptionsPromises.set(key, promise);
+                    }
+                    return await promise;
+                }
+                finally {
+                    if (key) {
+                        this.availableSubscriptionsPromises.delete(key);
+                    }
+                }
+            }
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getAccounts(options = AzureSubscriptionProviderRequestOptions_1.DefaultOptions) {
+        try {
+            if (options.noCache ?? AzureSubscriptionProviderRequestOptions_1.DefaultOptions.noCache) {
+                this.accountCache.clear();
+            }
+            // If needed, refill the cache
+            if (this.accountCache.size === 0) {
+                const accounts = await super.getAccounts(options);
+                accounts.forEach(account => this.accountCache.set(account.id, account));
+                this.log(`Cached ${accounts.length} accounts`);
+            }
+            else {
+                this.log('Using cached accounts');
+            }
+            let results = Array.from(this.accountCache.values());
+            // If needed, filter according to configured filters
+            if (options.filter ?? AzureSubscriptionProviderRequestOptions_1.DefaultOptions.filter) {
+                const accountFilters = await this.getAccountFilters();
+                if (accountFilters.length > 0) {
+                    this.log(`Filtering accounts to ${accountFilters.length} configured accounts`);
+                    results = results.filter(account => accountFilters.includes(account.id.toLowerCase()));
+                }
+            }
+            this.log(`Returning ${results.length} accounts.`);
+            return results.sort((a, b) => a.label.localeCompare(b.label));
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getTenantsForAccount(account, options = AzureSubscriptionProviderRequestOptions_1.DefaultOptions) {
+        try {
+            // If needed, delete the cache for this account
+            if (options.noCache ?? AzureSubscriptionProviderRequestOptions_1.DefaultOptions.noCache) {
+                this.tenantCache.delete(account.id);
+            }
+            // If needed, refill the cache
+            if (!this.tenantCache.has(account.id)) {
+                const tenants = await super.getTenantsForAccount(account, options);
+                this.tenantCache.set(account.id, tenants);
+                this.logForAccount(account, `Cached ${tenants.length} tenants for account`);
+            }
+            else {
+                this.logForAccount(account, 'Using cached tenants for account');
+            }
+            let results = this.tenantCache.get(account.id); // eslint-disable-line @typescript-eslint/no-non-null-assertion -- We just filled it
+            // If needed, filter according to configured filters
+            if (options.filter ?? AzureSubscriptionProviderRequestOptions_1.DefaultOptions.filter) {
+                const tenantFilters = await this.getTenantFilters();
+                if (tenantFilters.length > 0) {
+                    this.logForAccount(account, `Filtering tenants for account to ${tenantFilters.length} configured tenants`);
+                    results = results.filter(tenant => tenantFilters.includes(tenant.tenantId.toLowerCase()));
+                }
+            }
+            this.logForAccount(account, `Returning ${results.length} tenants for account`);
+            // Finally, sort
+            return results.sort((a, b) => {
+                if (a.displayName && b.displayName) {
+                    return a.displayName.localeCompare(b.displayName);
+                }
+                return a.tenantId.localeCompare(b.tenantId);
+            });
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    async getSubscriptionsForTenant(tenant, options = AzureSubscriptionProviderRequestOptions_1.DefaultOptions) {
+        try {
+            // If needed, delete the cache for this account+tenant
+            if (options.noCache ?? AzureSubscriptionProviderRequestOptions_1.DefaultOptions.noCache) {
+                this.subscriptionCache.delete(tenant.account.id, tenant.tenantId);
+            }
+            // If needed, refill the cache
+            if (!this.subscriptionCache.has(tenant.account.id, tenant.tenantId)) {
+                const subscriptions = await super.getSubscriptionsForTenant(tenant, options);
+                this.subscriptionCache.set(tenant.account.id, tenant.tenantId, subscriptions);
+                this.logForTenant(tenant, `Cached ${subscriptions.length} subscriptions for account+tenant`);
+            }
+            else {
+                this.logForTenant(tenant, 'Using cached subscriptions for account+tenant');
+            }
+            let results = this.subscriptionCache.get(tenant.account.id, tenant.tenantId); // eslint-disable-line @typescript-eslint/no-non-null-assertion -- We just filled it
+            // If needed, filter according to configured filters
+            if (options.filter ?? AzureSubscriptionProviderRequestOptions_1.DefaultOptions.filter) {
+                const subscriptionFilters = await this.getSubscriptionFilters();
+                if (subscriptionFilters.length > 0) {
+                    this.logForTenant(tenant, `Filtering subscriptions for account+tenant to ${subscriptionFilters.length} configured subscriptions`);
+                    results = results.filter(sub => subscriptionFilters.includes(sub.subscriptionId.toLowerCase()));
+                }
+            }
+            // If needed, dedupe according to options
+            if (options.dedupe ?? AzureSubscriptionProviderRequestOptions_1.DefaultOptions.dedupe) {
+                this.logForTenant(tenant, 'Deduping subscriptions for account+tenant');
+                results = (0, dedupeSubscriptions_1.dedupeSubscriptions)(results);
+            }
+            this.logForTenant(tenant, `Returning ${results.length} subscriptions for account+tenant`);
+            // Finally, sort
+            return results.sort((a, b) => a.name.localeCompare(b.name));
+        }
+        finally {
+            this.throwIfCancelled(options.token);
+        }
+    }
+    /**
+     * Gets the account filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with filter methods overridden.
+     *
+     * If no values are returned by `getAccountFilters()`, then all accounts will be scanned for subscriptions.
+     *
+     * @returns A list of account IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    getAccountFilters() {
+        // TODO: implement account filtering based on configuration if needed
+        return Promise.resolve([]);
+    }
+    /**
+     * Gets the tenant filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with filter methods overridden.
+     *
+     * If no values are returned by `getTenantFilters()`, then all tenants will be scanned for subscriptions.
+     *
+     * @returns A list of unique tenant IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    getTenantFilters() {
+        const config = vscode.workspace.getConfiguration(ConfigPrefix);
+        const fullSubscriptionIds = config.get(SelectedSubscriptionsConfigKey, []);
+        const tenantIds = fullSubscriptionIds.map(id => id.split('/')[0].toLowerCase());
+        return Promise.resolve(Array.from(new Set(tenantIds)));
+    }
+    /**
+     * Gets the subscription filters that are configured in `azureResourceGroups.selectedSubscriptions`. To
+     * override the settings with a custom filter, implement a child class with filter methods overridden.
+     *
+     * If no values are returned by `getSubscriptionFilters()`, then all subscriptions will be scanned.
+     *
+     * @returns A list of unique subscription IDs that are configured in `azureResourceGroups.selectedSubscriptions`.
+     */
+    getSubscriptionFilters() {
+        const config = vscode.workspace.getConfiguration(ConfigPrefix);
+        const fullSubscriptionIds = config.get(SelectedSubscriptionsConfigKey, []);
+        const subscriptionIds = fullSubscriptionIds.map(id => id.split('/')[1].toLowerCase());
+        return Promise.resolve(Array.from(new Set(subscriptionIds)));
+    }
+}
+exports.VSCodeAzureSubscriptionProvider = VSCodeAzureSubscriptionProvider;
+//# sourceMappingURL=VSCodeAzureSubscriptionProvider.js.map