npm - @microsoft/vscode-azext-azureauth - Versions diffs - 5.1.1 → 6.0.0-alpha.2 - Mend

@microsoft/vscode-azext-azureauth 5.1.1 → 6.0.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (85) hide show

package/dist/esm/src/{AzureSubscription.d.ts → contracts/AzureSubscription.d.ts} RENAMED Viewed

@@ -1,15 +1,15 @@
 import type { TokenCredential } from '@azure/core-auth';
 import type { Environment } from '@azure/ms-rest-azure-env';
-import type * as vscode from "vscode";
+import type { AzureAccount } from './AzureAccount';
 import type { AzureAuthentication } from './AzureAuthentication';
 /**
  * A type representing an Azure subscription ID, not including the tenant ID.
  */
-export type SubscriptionId = string;
+export type SubscriptionId = Readonly<string>;
 /**
  * A type representing an Azure tenant ID.
  */
-export type TenantId = string;
+export type TenantId = Readonly<string>;
 /**
  * Represents an Azure subscription.
  */
@@ -45,5 +45,5 @@ export interface AzureSubscription {
     /**
      * The account associated with this subscription.
      */
-    readonly account: vscode.AuthenticationSessionAccountInformation;
+    readonly account: AzureAccount;
 }

package/dist/esm/src/contracts/AzureSubscriptionProvider.d.ts ADDED Viewed

@@ -0,0 +1,112 @@
+import type * as vscode from 'vscode';
+import type { AzureAccount } from './AzureAccount';
+import type { AzureSubscription } from './AzureSubscription';
+import type { GetAccountsOptions, GetAvailableSubscriptionsOptions, GetSubscriptionsForTenantOptions, GetTenantsForAccountOptions, SignInOptions } from './AzureSubscriptionProviderRequestOptions';
+import type { AzureTenant } from './AzureTenant';
+/**
+ * An interface for obtaining Azure subscription information
+ */
+export interface AzureSubscriptionProvider {
+    /**
+     * Fires when the list of available subscriptions may have changed, and a refresh is suggested.
+     * The callback will be given a {@link RefreshSuggestedEvent} with more information.
+     * @note This will be fired at most every 5 seconds, to avoid flooding. It is also suppressed
+     * during operations this provider is performing itself, such as during sign-in.
+     */
+    onRefreshSuggested: vscode.Event<RefreshSuggestedEvent>;
+    /**
+     * Signs in to Azure, if not already signed in. This will suppress {@link onRefreshSuggested} events until the sign-in is complete.
+     *
+     * @param tenant (Optional) If provided, signs in to the specified tenant and account.
+     * @param options (Optional) Additional options for signing in.
+     *
+     * @returns True if sign-in was successful, false otherwise.
+     */
+    signIn(tenant?: TenantIdAndAccount, options?: SignInOptions): Promise<boolean>;
+    /**
+     * The easier API. Across all accounts and all tenants*, returns the list of {@link AzureSubscription}s the user can access.
+     * No additional automatic sign-in is performed; unauthenticated accounts or tenants will simply be skipped.
+     *
+     * If you aren't interested in managing multiple accounts or tenant sign ins, this is the only method you need to call.
+     *
+     * The subscriptions will be deduplicated according to the strategy in {@link dedupeSubscriptions}. If you want a different
+     * strategy, you can use request all and deduplicate according to your needs.
+     *
+     * *The number of tenants processed will be limited to `options.maximumTenants` (default 10),
+     * to avoid excessive requests.
+     *
+     * @param options (Optional) Additional options for getting the subscriptions.
+     *
+     * @throws A {@link NotSignedInError} if the user is not signed in to any accounts. It will *not* throw if
+     * at least one account is signed in, even if no subscriptions are found.
+     * @throws A {@link vscode.CancellationError} if the operation is cancelled via the provided cancellation token.
+     */
+    getAvailableSubscriptions(options?: GetAvailableSubscriptionsOptions): Promise<AzureSubscription[]>;
+    /**
+     * Returns a list of all accounts. It is up to the caller to get tenants and subscriptions if needed, and the caller
+     * is also responsible for limiting the amount of subsequent requests made.
+     *
+     * @param options (Optional) Additional options for getting the accounts.
+     *
+     * @throws A {@link NotSignedInError} if the user is not signed in to any accounts.
+     * @throws A {@link vscode.CancellationError} if the operation is cancelled via the provided cancellation token.
+     */
+    getAccounts(options?: GetAccountsOptions): Promise<AzureAccount[]>;
+    /**
+     * Returns a list of all unauthenticated tenants for a given account.
+     *
+     * @param account The account to get unauthenticated tenants for.
+     * @param options (Optional) Additional options for getting the tenants.
+     *
+     * @throws A {@link NotSignedInError} if the user is not signed in to the specified account.
+     * @throws A {@link vscode.CancellationError} if the operation is cancelled via the provided cancellation token.
+     */
+    getUnauthenticatedTenantsForAccount(account: AzureAccount, options?: Omit<GetTenantsForAccountOptions, 'filter'>): Promise<AzureTenant[]>;
+    /**
+     * Returns a list of tenants for a given account. It is up to the caller to get subscriptions if needed, and the caller
+     * is also responsible for limiting the amount of subsequent requests made.
+     *
+     * @param account The account to get tenants for.
+     * @param options (Optional) Additional options for getting the tenants.
+     *
+     * @throws A {@link NotSignedInError} if the user is not signed in to the specified account.
+     * @throws A {@link vscode.CancellationError} if the operation is cancelled via the provided cancellation token.
+     */
+    getTenantsForAccount(account: AzureAccount, options?: GetTenantsForAccountOptions): Promise<AzureTenant[]>;
+    /**
+     * Returns a list of {@link AzureSubscription}s for a given tenant and account. The caller is responsible for
+     * limiting the amount of subsequent requests made.
+     *
+     * @example
+     * ```typescript
+     * const accounts = await subscriptionProvider.getAccounts();
+     * for (const account of accounts) {
+     *     const tenants = await subscriptionProvider.getTenantsForAccount(account);
+     *     for (const tenant of tenants) {
+     *         const subscriptions = await subscriptionProvider.getSubscriptionsForTenant(tenant);
+     *         // do something with subscriptions
+     *     }
+     * }
+     * ```
+     *
+     * @param tenant The tenant (and account) to get subscriptions for.
+     * @param options (Optional) Additional options for getting the subscriptions.
+     *
+     * @throws A {@link NotSignedInError} if the user is not signed in to the specified account *and* tenant.
+     * @throws A {@link vscode.CancellationError} if the operation is cancelled via the provided cancellation token.
+     */
+    getSubscriptionsForTenant(tenant: TenantIdAndAccount, options?: GetSubscriptionsForTenantOptions): Promise<AzureSubscription[]>;
+}
+/**
+ * A type representing just the tenant ID and account information of an Azure tenant.
+ */
+export type TenantIdAndAccount = Required<Pick<AzureTenant, 'tenantId' | 'account'>>;
+/**
+ * Information included when a refresh is suggested.
+ */
+export interface RefreshSuggestedEvent {
+    /**
+     * The reason a refresh was suggested.
+     */
+    reason: 'sessionChange' | 'subscriptionFilterChange';
+}

package/dist/esm/src/contracts/AzureSubscriptionProviderRequestOptions.d.ts ADDED Viewed

@@ -0,0 +1,103 @@
+import type * as vscode from 'vscode';
+/**
+ * Options for signing in to a tenant.
+ */
+export type SignInOptions = {
+    /**
+     * (Optional, default false) Whether to force the account picker to reappear.
+     * Equivalent to setting {@link vscode.AuthenticationGetSessionOptions.clearSessionPreference} to true.
+     */
+    clearSessionPreference?: boolean;
+    /**
+     * (Optional, default true) If true, the user will be prompted to sign in if needed.
+     * If false, the {@link AzureSubscriptionProvider.signIn} method will return false if
+     * interactive sign-in is required.
+     */
+    promptIfNeeded?: boolean;
+};
+/**
+ * Default options for signing in to a tenant
+ */
+export declare const DefaultSignInOptions: {
+    readonly clearSessionPreference: false;
+    readonly promptIfNeeded: true;
+};
+/**
+ * Options for getting items from the subscription provider
+ * @note As needed, remember to update the {@link getCoalescenceKey} function when modifying this type.
+ */
+export type BaseOptions = {
+    /**
+     * (Optional, default true) If true, only items explicitly selected by the user will be returned.
+     */
+    filter?: boolean;
+    /**
+     * (Optional, default false) Whether to bypass any cached data and refresh from the source.
+     *
+     * @note In the reference implementation, `VSCodeAzureSubscriptionProvider`, it is NOT necessary to use
+     * `noCache: true` in the following cases:
+     *     - Subscription filters have changed (caching is done before filtering)
+     *     - A new sign-in has occurred (a partial cache refill will occur automatically)
+     *
+     * It is only necessary to use `noCache: true` if you expect that the subscriptions/tenants that an
+     * account has access to have changed--e.g. a subscription is created or removed, or RBAC changes.
+     *
+     * @note When `noCache: true` is used, it applies *only to that function call*. The entire cache will
+     * not be cleared--only the data needed for that call will be refreshed.
+     */
+    noCache?: boolean;
+    /**
+     * (Optional) A cancellation token to cancel the operation.
+     */
+    token?: vscode.CancellationToken;
+};
+/**
+ * Options when requesting accounts
+ */
+export type GetAccountsOptions = BaseOptions;
+/**
+ * Options when requesting tenants for an account
+ */
+export type GetTenantsForAccountOptions = BaseOptions;
+/**
+ * Options when requesting subscriptions for a tenant+account
+ */
+export type GetSubscriptionsForTenantOptions = BaseOptions & {
+    /**
+     * (Optional, default true) Whether to deduplicate the subscriptions returned, according to the
+     * strategy in {@link dedupeSubscriptions}.
+     */
+    dedupe?: boolean;
+};
+/**
+ * Options when requesting available subscriptions across all accounts and tenants.
+ */
+export type GetAvailableSubscriptionsOptions = GetAccountsOptions & GetTenantsForAccountOptions & GetSubscriptionsForTenantOptions & {
+    /**
+     * (Optional, default 10) The maximum number of tenants for which to get subscriptions. This is
+     * necessary because each account+tenant requires a token request plus a subscription list request.
+     * No subscription list maximum is applied; once a tenant is reached, all its subscriptions are retrieved.
+     */
+    maximumTenants?: number;
+};
+/**
+ * The default options when getting available subscriptions.
+ * @note This same value also is passed as the default to all the get* methods, since it
+ * is a superset of all of the available options.
+ */
+export declare const DefaultOptions: {
+    readonly filter: true;
+    readonly noCache: false;
+    readonly token: undefined;
+    readonly dedupe: true;
+    readonly maximumTenants: 10;
+};
+/**
+ * Gets a promise coalescence key for the given {@link GetAvailableSubscriptionsOptions}.
+ * @param options The options to get the key for
+ * @returns A string key for coalescing promises, or undefined if coalescing is not applicable
+ * @internal This should not be used by external code. This is placed here so it can be adjacent
+ * to the {@link GetAvailableSubscriptionsOptions} type, but should be used only by internal
+ * implementations
+ */
+export declare function getCoalescenceKey(options: GetAvailableSubscriptionsOptions): string | undefined;

package/dist/esm/src/contracts/AzureSubscriptionProviderRequestOptions.js ADDED Viewed

@@ -0,0 +1,44 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+/**
+ * Default options for signing in to a tenant
+ */
+export const DefaultSignInOptions = {
+    clearSessionPreference: false,
+    promptIfNeeded: true,
+};
+/**
+ * The default options when getting available subscriptions.
+ * @note This same value also is passed as the default to all the get* methods, since it
+ * is a superset of all of the available options.
+ */
+export const DefaultOptions = {
+    filter: true,
+    noCache: false,
+    token: undefined,
+    dedupe: true,
+    maximumTenants: 10,
+};
+/**
+ * Gets a promise coalescence key for the given {@link GetAvailableSubscriptionsOptions}.
+ * @param options The options to get the key for
+ * @returns A string key for coalescing promises, or undefined if coalescing is not applicable
+ * @internal This should not be used by external code. This is placed here so it can be adjacent
+ * to the {@link GetAvailableSubscriptionsOptions} type, but should be used only by internal
+ * implementations
+ */
+export function getCoalescenceKey(options) {
+    // Never coalesce if there is a cancellation token--no way to do it safely
+    if (options.token) {
+        return undefined;
+    }
+    return Object
+        .keys(options)
+        .filter(k => k !== 'token') // ignore token
+        .sort()
+        .map(k => `${k}:${options[k] ?? DefaultOptions[k]}`)
+        .join(',');
+}
+//# sourceMappingURL=AzureSubscriptionProviderRequestOptions.js.map

package/dist/esm/src/contracts/AzureTenant.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { TenantIdDescription } from "@azure/arm-resources-subscriptions";
+import type { AzureAccount } from "./AzureAccount";
+/**
+ * An Azure tenant associated with a specific account
+ */
+export interface AzureTenant extends TenantIdDescription {
+    /**
+     * The account associated with this tenant
+     */
+    readonly account: AzureAccount;
+    /**
+     * @inheritdoc
+     */
+    readonly tenantId: string;
+}

package/dist/esm/src/index.d.ts CHANGED Viewed

@@ -1,11 +1,14 @@
-export * from './AzureAuthentication';
-export * from './AzureDevOpsSubscriptionProvider';
-export * from './AzureSubscription';
-export * from './AzureSubscriptionProvider';
-export * from './AzureTenant';
-export * from './getSessionFromVSCode';
-export * from './NotSignedInError';
-export * from './signInToTenant';
+export * from './contracts/AzureAccount';
+export * from './contracts/AzureAuthentication';
+export * from './contracts/AzureSubscription';
+export * from './contracts/AzureSubscriptionProvider';
+export type * from './contracts/AzureSubscriptionProviderRequestOptions';
+export * from './contracts/AzureTenant';
+export * from './providers/AzureSubscriptionProviderBase';
+export * from './providers/VSCodeAzureSubscriptionProvider';
 export * from './utils/configuredAzureEnv';
-export * from './utils/getUnauthenticatedTenants';
-export * from './VSCodeAzureSubscriptionProvider';
+export * from './utils/dedupeSubscriptions';
+export * from './utils/getMetricsForTelemetry';
+export * from './utils/getSessionFromVSCode';
+export * from './utils/NotSignedInError';
+export * from './utils/signInToTenant';

package/dist/esm/src/index.js CHANGED Viewed

@@ -2,15 +2,18 @@
  *  Copyright (c) Microsoft Corporation. All rights reserved.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
-export * from './AzureAuthentication';
-export * from './AzureDevOpsSubscriptionProvider';
-export * from './AzureSubscription';
-export * from './AzureSubscriptionProvider';
-export * from './AzureTenant';
-export * from './getSessionFromVSCode';
-export * from './NotSignedInError';
-export * from './signInToTenant';
+export * from './contracts/AzureAccount';
+export * from './contracts/AzureAuthentication';
+export * from './contracts/AzureSubscription';
+export * from './contracts/AzureSubscriptionProvider';
+export * from './contracts/AzureTenant';
+// The `AzureDevOpsSubscriptionProvider` is intentionally not exported, it must be imported from `'@microsoft/vscode-azext-azureauth/azdo'`
+export * from './providers/AzureSubscriptionProviderBase';
+export * from './providers/VSCodeAzureSubscriptionProvider';
 export * from './utils/configuredAzureEnv';
-export * from './utils/getUnauthenticatedTenants';
-export * from './VSCodeAzureSubscriptionProvider';
+export * from './utils/dedupeSubscriptions';
+export * from './utils/getMetricsForTelemetry';
+export * from './utils/getSessionFromVSCode';
+export * from './utils/NotSignedInError';
+export * from './utils/signInToTenant';
 //# sourceMappingURL=index.js.map

package/dist/esm/src/providers/AzureDevOpsSubscriptionProvider.d.ts ADDED Viewed

@@ -0,0 +1,68 @@
+import type { SubscriptionClient } from '@azure/arm-resources-subscriptions';
+import type { TokenCredential } from '@azure/core-auth';
+import type * as vscode from 'vscode';
+import type { AzureAccount } from '../contracts/AzureAccount';
+import type { AzureAuthentication } from '../contracts/AzureAuthentication';
+import type { TenantIdAndAccount } from '../contracts/AzureSubscriptionProvider';
+import type { AzureTenant } from '../contracts/AzureTenant';
+import { AzureSubscriptionProviderBase } from './AzureSubscriptionProviderBase';
+export interface AzureDevOpsSubscriptionProviderInitializer {
+    /**
+    * The resource ID of the Azure DevOps federated service connection,
+    *   which can be found on the `resourceId` field of the URL at the address bar
+    *   when viewing the service connection in the Azure DevOps portal
+    */
+    serviceConnectionId: string;
+    /**
+     * The `Tenant ID` field of the service connection properties
+     */
+    tenantId: string;
+    /**
+    * The `Service Principal Id` field of the service connection properties
+    */
+    clientId: string;
+}
+export declare function createAzureDevOpsSubscriptionProviderFactory(initializer: AzureDevOpsSubscriptionProviderInitializer): () => Promise<AzureDevOpsSubscriptionProvider>;
+/**
+ * AzureSubscriptionProvider implemented to authenticate via federated DevOps service connection, using workflow identity federation
+ * To learn how to configure your DevOps environment to use this provider, refer to the README.md
+ * NOTE: This provider is only available when running in an Azure DevOps pipeline
+ * Reference: https://learn.microsoft.com/en-us/entra/workload-id/workload-identity-federation
+ */
+export declare class AzureDevOpsSubscriptionProvider extends AzureSubscriptionProviderBase {
+    private _tokenCredential;
+    private _serviceConnectionId;
+    private _tenantId;
+    private _clientId;
+    constructor({ serviceConnectionId, tenantId, clientId }: AzureDevOpsSubscriptionProviderInitializer, logger?: vscode.LogOutputChannel);
+    /**
+     * For {@link AzureSubscriptionProviderBase}, this event will never fire
+     */
+    onRefreshSuggested: () => {
+        dispose: () => void;
+    };
+    /**
+     * For {@link AzureSubscriptionProviderBase}, this returns a single account with a fixed ID and label
+     */
+    getAccounts(): Promise<AzureAccount[]>;
+    /**
+     * For {@link AzureSubscriptionProviderBase}, this returns an empty array
+     */
+    getUnauthenticatedTenantsForAccount(): Promise<AzureTenant[]>;
+    /**
+     * For {@link AzureSubscriptionProviderBase}, this returns a single tenant associated with the service principal
+     */
+    getTenantsForAccount(account: AzureAccount): Promise<AzureTenant[]>;
+    /**
+     * @inheritdoc
+     */
+    signIn(): Promise<boolean>;
+    /**
+     * @inheritdoc
+     */
+    protected getSubscriptionClient(tenant: TenantIdAndAccount): Promise<{
+        client: SubscriptionClient;
+        credential: TokenCredential;
+        authentication: AzureAuthentication;
+    }>;
+}

package/dist/esm/src/providers/AzureDevOpsSubscriptionProvider.js ADDED Viewed

@@ -0,0 +1,140 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+import * as azureEnv from '@azure/ms-rest-azure-env'; // This package is so small that it's not worth lazy loading
+import * as crypto from 'crypto';
+import { isAuthenticationWwwAuthenticateRequest } from '../utils/isAuthenticationWwwAuthenticateRequest';
+import { NotSignedInError } from '../utils/NotSignedInError';
+import { AzureSubscriptionProviderBase } from './AzureSubscriptionProviderBase';
+let azureDevOpsSubscriptionProvider;
+export function createAzureDevOpsSubscriptionProviderFactory(initializer) {
+    return () => {
+        azureDevOpsSubscriptionProvider ??= new AzureDevOpsSubscriptionProvider(initializer);
+        return Promise.resolve(azureDevOpsSubscriptionProvider);
+    };
+}
+let armSubs;
+let azIdentity;
+/**
+ * AzureSubscriptionProvider implemented to authenticate via federated DevOps service connection, using workflow identity federation
+ * To learn how to configure your DevOps environment to use this provider, refer to the README.md
+ * NOTE: This provider is only available when running in an Azure DevOps pipeline
+ * Reference: https://learn.microsoft.com/en-us/entra/workload-id/workload-identity-federation
+ */
+export class AzureDevOpsSubscriptionProvider extends AzureSubscriptionProviderBase {
+    _tokenCredential;
+    _serviceConnectionId;
+    _tenantId;
+    _clientId;
+    constructor({ serviceConnectionId, tenantId, clientId }, logger) {
+        super(logger);
+        if (!serviceConnectionId || !tenantId || !clientId) {
+            throw new Error(`Missing initializer values to identify Azure DevOps federated service connection\n
+                Values provided:\n
+                serviceConnectionId: ${serviceConnectionId ? "✅" : "❌"}\n
+                tenantId: ${tenantId ? "✅" : "❌"}\n
+                clientId: ${clientId ? "✅" : "❌"}\n
+            `);
+        }
+        this._serviceConnectionId = serviceConnectionId;
+        this._tenantId = tenantId;
+        this._clientId = clientId;
+    }
+    /**
+     * For {@link AzureSubscriptionProviderBase}, this event will never fire
+     */
+    onRefreshSuggested = () => { return { dispose: () => { } }; };
+    /**
+     * For {@link AzureSubscriptionProviderBase}, this returns a single account with a fixed ID and label
+     */
+    getAccounts() {
+        return Promise.resolve([
+            {
+                id: 'test-account-id',
+                label: 'test-account',
+            }
+        ]);
+    }
+    /**
+     * For {@link AzureSubscriptionProviderBase}, this returns an empty array
+     */
+    getUnauthenticatedTenantsForAccount() {
+        // For DevOps federated service connection, there is only one tenant associated with the service principal, and we will be authenticated
+        return Promise.resolve([]);
+    }
+    /**
+     * For {@link AzureSubscriptionProviderBase}, this returns a single tenant associated with the service principal
+     */
+    getTenantsForAccount(account) {
+        return Promise.resolve([{
+                tenantId: this._tenantId,
+                account: account,
+            }]);
+    }
+    /**
+     * @inheritdoc
+     */
+    async signIn() {
+        this._tokenCredential ??= await getTokenCredential(this._serviceConnectionId, this._tenantId, this._clientId);
+        return !!this._tokenCredential;
+    }
+    /**
+     * @inheritdoc
+     */
+    async getSubscriptionClient(tenant) {
+        if (!this._tokenCredential) {
+            throw new NotSignedInError();
+        }
+        const getSessionWithScopes = async (scopes) => {
+            if (isAuthenticationWwwAuthenticateRequest(scopes)) {
+                throw new Error('Getting session with challenge is not supported in AzureDevOpsSubscriptionProvider.');
+            }
+            const token = await this._tokenCredential?.getToken(scopes);
+            if (!token) {
+                throw new NotSignedInError();
+            }
+            return {
+                accessToken: token.token,
+                id: crypto.randomUUID(),
+                account: tenant.account,
+                scopes: scopes,
+            };
+        };
+        armSubs ??= await import('@azure/arm-resources-subscriptions');
+        return {
+            client: new armSubs.SubscriptionClient(this._tokenCredential),
+            credential: this._tokenCredential,
+            authentication: {
+                getSession: () => {
+                    return getSessionWithScopes([azureEnv.Environment.AzureCloud.managementEndpointUrl + '/.default']);
+                },
+                getSessionWithScopes: getSessionWithScopes,
+            }
+        };
+    }
+}
+/**
+* @param serviceConnectionId The resource ID of the Azure DevOps federated service connection,
+*   which can be found on the `resourceId` field of the URL at the address bar when viewing the service connection in the Azure DevOps portal
+* @param tenantId The `Tenant ID` field of the service connection properties
+* @param clientId The `Service Principal Id` field of the service connection properties
+*/
+async function getTokenCredential(serviceConnectionId, tenantId, clientId) {
+    if (!process.env.AGENT_BUILDDIRECTORY) {
+        // Assume that AGENT_BUILDDIRECTORY is set if running in an Azure DevOps pipeline.
+        // So when not running in an Azure DevOps pipeline, throw an error since we cannot use the DevOps federated service connection credential.
+        throw new Error('Cannot create DevOps federated service connection credential outside of an Azure DevOps pipeline.');
+    }
+    else if (!process.env.SYSTEM_ACCESSTOKEN) {
+        throw new Error('Cannot create DevOps federated service connection credential because the SYSTEM_ACCESSTOKEN environment variable is not set.');
+    }
+    else {
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore @azure/identity contains a bug where this type mismatches between CJS and ESM, we must ignore it. We also can't do @ts-expect-error because the error only happens when building CJS.
+        azIdentity ??= await import('@azure/identity');
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion, @typescript-eslint/no-unnecessary-type-assertion
+        return new azIdentity.AzurePipelinesCredential(tenantId, clientId, serviceConnectionId, process.env.SYSTEM_ACCESSTOKEN);
+    }
+}
+//# sourceMappingURL=AzureDevOpsSubscriptionProvider.js.map

package/dist/esm/src/providers/AzureSubscriptionProviderBase.d.ts ADDED Viewed

@@ -0,0 +1,74 @@
+import type { SubscriptionClient } from '@azure/arm-resources-subscriptions';
+import type { TokenCredential } from '@azure/core-auth';
+import * as vscode from 'vscode';
+import type { AzureAccount } from '../contracts/AzureAccount';
+import type { AzureAuthentication } from '../contracts/AzureAuthentication';
+import type { AzureSubscription } from '../contracts/AzureSubscription';
+import type { AzureSubscriptionProvider, RefreshSuggestedEvent, TenantIdAndAccount } from '../contracts/AzureSubscriptionProvider';
+import { type GetAccountsOptions, type GetAvailableSubscriptionsOptions, type GetSubscriptionsForTenantOptions, type GetTenantsForAccountOptions, type SignInOptions } from '../contracts/AzureSubscriptionProviderRequestOptions';
+import type { AzureTenant } from '../contracts/AzureTenant';
+/**
+ * Base class for Azure subscription providers that use VS Code authentication.
+ * Handles actual communication with Azure via the Azure SDK, as well as
+ * controlling the firing of `onRefreshSuggested` events.
+ */
+export declare abstract class AzureSubscriptionProviderBase implements AzureSubscriptionProvider, vscode.Disposable {
+    private readonly logger?;
+    private sessionChangeListener;
+    private readonly refreshSuggestedEmitter;
+    private lastRefreshSuggestedTime;
+    private suppressRefreshSuggestedEvents;
+    /**
+     * Constructs a new {@link AzureSubscriptionProviderBase}.
+     * @param logger (Optional) A logger to record information to
+     */
+    constructor(logger?: vscode.LogOutputChannel | undefined);
+    dispose(): void;
+    /**
+     * @inheritdoc
+     */
+    onRefreshSuggested(callback: (evtArgs: RefreshSuggestedEvent) => unknown, thisArg?: unknown, disposables?: vscode.Disposable[]): vscode.Disposable;
+    protected fireRefreshSuggestedIfNeeded(evtArgs: RefreshSuggestedEvent): boolean;
+    /**
+     * @inheritdoc
+     */
+    signIn(tenant?: Partial<TenantIdAndAccount>, options?: SignInOptions): Promise<boolean>;
+    /**
+     * @inheritdoc
+     */
+    getAvailableSubscriptions(options?: GetAvailableSubscriptionsOptions): Promise<AzureSubscription[]>;
+    /**
+     * @inheritdoc
+     */
+    getAccounts(options?: GetAccountsOptions): Promise<AzureAccount[]>;
+    /**
+     * @inheritdoc
+     */
+    getUnauthenticatedTenantsForAccount(account: AzureAccount, options?: Omit<GetTenantsForAccountOptions, 'filter'>): Promise<AzureTenant[]>;
+    /**
+     * @inheritdoc
+     */
+    getTenantsForAccount(account: AzureAccount, options?: GetTenantsForAccountOptions): Promise<AzureTenant[]>;
+    /**
+     * @inheritdoc
+     */
+    getSubscriptionsForTenant(tenant: TenantIdAndAccount, options?: GetSubscriptionsForTenantOptions): Promise<AzureSubscription[]>;
+    /**
+     * Gets a {@link SubscriptionClient} plus extras for the given account+tenant.
+     * @param tenant (Optional) The account+tenant to get a subscription client for. If not specified, the default account and home tenant
+     * will be used.
+     * @returns A {@link SubscriptionClient}, {@link TokenCredential}, and {@link AzureAuthentication} for the given account+tenant.
+     */
+    protected getSubscriptionClient(tenant: Partial<TenantIdAndAccount>): Promise<{
+        client: SubscriptionClient;
+        credential: TokenCredential;
+        authentication: AzureAuthentication;
+    }>;
+    protected log(message: string): void;
+    protected logForAccount(account: AzureAccount, message: string): void;
+    protected logForTenant(tenant: TenantIdAndAccount, message: string): void;
+    protected throwIfCancelled(token: vscode.CancellationToken | undefined): void;
+    private timeout;
+    private silenceRefreshEvents;
+    private remapLogRethrow;
+}