@takodotid/azure-rest 0.1.0

package/.github/renovate.json

@@ -0,0 +1,4 @@
+{
+	"$schema": "https://docs.renovatebot.com/renovate-schema.json",
+	"extends": ["github>takodotid/renovate-config"]
+}

package/.github/workflows/publish.yaml

@@ -0,0 +1,47 @@
+name: Publish to npm/GitHub Package registry
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        include:
+          - registry: https://registry.npmjs.org/
+            secretKey: NPM_TOKEN
+          - registry: https://npm.pkg.github.com/
+            secretKey: GITHUB_TOKEN
+    steps:
+        - name: Checkout repository
+          uses: actions/checkout@v4.2.2
+
+        - name: Setup pnpm
+          uses: pnpm/action-setup@v4.1.0
+
+        - name: Setup Node.js
+          uses: actions/setup-node@v4.4.0
+          with:
+            node-version-file: .node-version
+            registry-url: ${{ matrix.registry }}
+            cache: pnpm
+
+        - name: Install dependencies
+          run: pnpm install --frozen-lockfile
+
+        - name: Check code for linting & formatting issues
+          run: pnpm check:ci
+
+        - name: Build the project
+          run: pnpm build
+
+        - name: Publish to npm
+          run: pnpm publish --access public --no-git-checks
+          env:
+            NODE_AUTH_TOKEN: ${{ secrets[matrix.secretKey] }}

package/.github/workflows/test.yaml

@@ -0,0 +1,32 @@
+name: Lint and Build test
+
+on:
+    push:
+        branches: [main]
+    pull_request:
+        branches: [main]
+
+jobs:
+    test:
+        runs-on: ubuntu-24.04
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v4.2.2
+
+            - name: Setup pnpm
+              uses: pnpm/action-setup@v4.1.0
+
+            - name: Setup Node.js
+              uses: actions/setup-node@v4.4.0
+              with:
+                  node-version-file: .node-version
+                  cache: pnpm
+
+            - name: Install dependencies
+              run: pnpm install --frozen-lockfile
+
+            - name: Check code for linting & formatting issues
+              run: pnpm check:ci
+
+            - name: Try to build the project
+              run: pnpm build

package/.node-version

@@ -0,0 +1 @@
+22

package/.vscode/settings.json

@@ -0,0 +1,12 @@
+{
+	"typescript.tsdk": "node_modules/typescript/lib",
+	"files.eol": "\n",
+	"editor.defaultFormatter": "biomejs.biome",
+	"editor.formatOnSave": true,
+	"editor.codeActionsOnSave": {
+		"source.organizeImports.biome": "explicit"
+	},
+	"[typescript]": {
+		"editor.defaultFormatter": "biomejs.biome"
+	}
+}

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 PT Hobimu Jadi Cuan (Tako)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/biome.json

@@ -0,0 +1,56 @@
+{
+	"$schema": "https://biomejs.dev/schemas/2.0.6/schema.json",
+	"vcs": {
+		"enabled": true,
+		"clientKind": "git",
+		"useIgnoreFile": true
+	},
+	"files": {
+		"ignoreUnknown": false,
+		"includes": ["**", "!**/node_modules", "!dist/**"]
+	},
+	"formatter": {
+		"enabled": true,
+		"attributePosition": "auto",
+		"bracketSpacing": true,
+		"indentStyle": "tab",
+		"lineEnding": "lf"
+	},
+	"assist": { "actions": { "source": { "organizeImports": "on" } } },
+	"linter": {
+		"enabled": true,
+		"rules": {
+			"recommended": true,
+			"complexity": {
+				"noStaticOnlyClass": "off",
+				"useLiteralKeys": "off"
+			},
+			"suspicious": {
+				"noExplicitAny": "off"
+			},
+			"style": {
+				"noParameterAssign": "error",
+				"useAsConstAssertion": "error",
+				"useDefaultParameterLast": "error",
+				"useEnumInitializers": "error",
+				"useSelfClosingElements": "error",
+				"useSingleVarDeclarator": "error",
+				"noUnusedTemplateLiteral": "error",
+				"useNumberNamespace": "error",
+				"noInferrableTypes": "error",
+				"noUselessElse": "error"
+			}
+		}
+	},
+	"javascript": {
+		"formatter": {
+			"arrowParentheses": "asNeeded",
+			"quoteProperties": "asNeeded",
+			"semicolons": "always",
+			"trailingCommas": "none",
+			"quoteStyle": "double",
+			"indentWidth": 1,
+			"lineWidth": 200
+		}
+	}
+}

package/dist/index.cjs

@@ -0,0 +1,439 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AzureCliCredential: () => AzureCliCredential,
+  AzureClient: () => AzureClient,
+  AzureCredential: () => AzureCredential,
+  DefaultChainedCredential: () => DefaultChainedCredential,
+  ManagedIdentityCredential: () => ManagedIdentityCredential,
+  ServicePrincipalCredential: () => ServicePrincipalCredential,
+  WorkloadIdentityCredential: () => WorkloadIdentityCredential
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/AzureClient.ts
+var AzureClient = class _AzureClient {
+  /**
+   * @param options Azure client configuration (baseUrl, credential, etc)
+   */
+  constructor(options) {
+    this.options = options;
+    Object.defineProperty(this, "token", { enumerable: false });
+  }
+  static MAX_TOKEN_RETRIES = 3;
+  token = null;
+  /**
+   * Sends a request to the Azure REST API, handling token refresh and retries.
+   * @param path The API path (relative to baseUrl)
+   * @param init Optional fetch options
+   * @returns The fetch Response object
+   * @throws If token refresh fails after max retries
+   */
+  async sendRequest(path, init) {
+    for (let i = 0; i <= _AzureClient.MAX_TOKEN_RETRIES; i++) {
+      if (this.token && this.token.expiresAt > /* @__PURE__ */ new Date()) break;
+      if (i === _AzureClient.MAX_TOKEN_RETRIES) {
+        throw new Error("Failed to refresh token after multiple attempts");
+      }
+      await this.refreshToken();
+      if (i > 0) await new Promise((res) => setTimeout(res, 100 * i));
+    }
+    if (!this.token) throw new Error("Token is unexpectedly null after refresh attempts");
+    return fetch(`${this.options.baseUrl}${path}`, {
+      ...init,
+      headers: {
+        ...this.options.credential.builder ? this.options.credential.builder(this.token) : { Authorization: `Bearer ${this.token.accessToken}` },
+        ...init?.headers
+      }
+    });
+  }
+  /**
+   * Sends a GET request to the Azure REST API.
+   * @param path The API path
+   * @param init Optional fetch options
+   * @returns The fetch Response object
+   */
+  get(path, init) {
+    return this.sendRequest(path, { ...init, method: "GET" });
+  }
+  /**
+   * Sends a POST request with a JSON body to the Azure REST API.
+   * @param path The API path
+   * @param body The request body (will be JSON.stringified)
+   * @param init Optional fetch options
+   * @returns The fetch Response object
+   */
+  post(path, body, init) {
+    return this.sendRequest(path, {
+      ...init,
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        ...init?.headers
+      },
+      body: body !== void 0 ? JSON.stringify(body) : void 0
+    });
+  }
+  /**
+   * Sends a PUT request with a JSON body to the Azure REST API.
+   * @param path The API path
+   * @param body The request body (will be JSON.stringified)
+   * @param init Optional fetch options
+   * @returns The fetch Response object
+   */
+  put(path, body, init) {
+    return this.sendRequest(path, {
+      ...init,
+      method: "PUT",
+      headers: {
+        "Content-Type": "application/json",
+        ...init?.headers
+      },
+      body: body !== void 0 ? JSON.stringify(body) : void 0
+    });
+  }
+  /**
+   * Sends a PATCH request with a JSON body to the Azure REST API.
+   * @param path The API path
+   * @param body The request body (will be JSON.stringified)
+   * @param init Optional fetch options
+   * @returns The fetch Response object
+   */
+  patch(path, body, init) {
+    return this.sendRequest(path, {
+      ...init,
+      method: "PATCH",
+      headers: {
+        "Content-Type": "application/json",
+        ...init?.headers
+      },
+      body: body !== void 0 ? JSON.stringify(body) : void 0
+    });
+  }
+  /**
+   * Sends a DELETE request to the Azure REST API.
+   * @param path The API path
+   * @param init Optional fetch options
+   * @returns The fetch Response object
+   */
+  delete(path, init) {
+    return this.sendRequest(path, { ...init, method: "DELETE" });
+  }
+  /**
+   * Refreshes the Azure access token using the provided credential helper.
+   * @private
+   */
+  async refreshToken() {
+    this.token = await this.options.credential.helper.getToken(this.options.credential.scope);
+  }
+};
+
+// src/lib/AzureCliCredential.ts
+var import_node_child_process = require("child_process");
+var import_node_process = __toESM(require("process"), 1);
+var AzureCliCredential = class _AzureCliCredential {
+  constructor(options) {
+    this.options = options;
+  }
+  /**
+   * Gets an Azure access token using the Azure CLI.
+   * @param scope The resource scope for the token
+   * @returns An object with token and expiresAt
+   * @throws If CLI is not installed or not logged in
+   */
+  async getToken(scope) {
+    try {
+      const result = await this.getCliToken(scope);
+      const specificScope = result.stderr.match("(.*)az login --scope(.*)");
+      const isLoginError = result.stderr.match("(.*)az login(.*)") && !specificScope;
+      const isNotInstallError = result.stderr.match("az:(.*)not found") ?? result.stderr.startsWith("'az' is not recognized");
+      if (isNotInstallError) {
+        throw new Error("Azure CLI not found. Please install");
+      }
+      if (isLoginError) {
+        throw new Error("Please login to Azure CLI");
+      }
+      return this.parseRawOutput(result.stdout);
+    } catch (error) {
+      throw new Error(`Failed to get token: ${error.stack}`);
+    }
+  }
+  /**
+   * Runs the Azure CLI to get an access token for the given scope.
+   * @param scope The resource scope
+   * @returns Promise resolving to CLI stdout and stderr
+   * @private
+   */
+  async getCliToken(scope) {
+    return new Promise((resolve, reject) => {
+      try {
+        (0, import_node_child_process.execFile)(
+          "az",
+          ["account", "get-access-token", "--output", "json", "--resource", scope.replace(".default", ""), "--tenant", this.options.tenantId],
+          { cwd: import_node_process.default.cwd(), shell: true, timeout: 3e4 },
+          (error, stdout, stderr) => {
+            if (error) {
+              reject(new Error(`Failed to get token: ${error.stack}`));
+              return;
+            }
+            resolve({ stdout, stderr });
+          }
+        );
+      } catch (error) {
+        reject(error);
+      }
+    });
+  }
+  /**
+   * Parses the raw CLI output and returns a token + expiry object.
+   * @param output The stdout from Azure CLI
+   * @returns An object with token and expiresAt
+   * @private
+   */
+  parseRawOutput(output) {
+    const response = JSON.parse(output);
+    const token = response.accessToken;
+    const expiresOnTimestamp = Number.parseInt(response.expires_on, 10) * 1e3;
+    if (!Number.isNaN(expiresOnTimestamp)) {
+      return {
+        accessToken: token,
+        expiresAt: new Date(expiresOnTimestamp),
+        tokenType: response.tokenType
+      };
+    }
+    return {
+      accessToken: token,
+      expiresAt: new Date(response.expiresOn),
+      tokenType: response.tokenType
+    };
+  }
+  /**
+   * Instantiates AzureCliCredential using the AZURE_TENANT_ID environment variable.
+   * @returns AzureCliCredential instance
+   */
+  static fromEnv() {
+    return new _AzureCliCredential({ tenantId: import_node_process.default.env.AZURE_TENANT_ID });
+  }
+};
+
+// src/lib/AzureCredential.ts
+var AzureCredential = class {
+};
+
+// src/lib/ManagedIdentityCredential.ts
+var ManagedIdentityCredential = class _ManagedIdentityCredential {
+  /**
+   * @param options Managed identity credential options
+   */
+  constructor(options = {}) {
+    this.options = options;
+  }
+  /**
+   * Gets an Azure access token using the managed identity endpoint.
+   * @param scope The resource scope for the token
+   * @returns An object with token and expiresAt
+   * @throws If the endpoint is unavailable or token request fails
+   */
+  async getToken(scope) {
+    const endpoint = process.env.AZURE_MANAGED_IDENTITY_ENDPOINT || process.env.IDENTITY_ENDPOINT || "http://169.254.169.254/metadata/identity/oauth2/token";
+    const apiVersion = "2018-02-01";
+    const params = new URLSearchParams({
+      resource: scope.replace(".default", ""),
+      apiVersion
+    });
+    if (this.options.clientId) {
+      params.set("client_id", this.options.clientId);
+    }
+    const url = `${endpoint}?${params.toString()}`;
+    const headers = { Metadata: "true" };
+    const response = await fetch(url, { headers });
+    if (!response.ok) {
+      throw new Error(`ManagedIdentityCredential: Failed to get token: ${await response.text()}`);
+    }
+    const data = await response.json();
+    return {
+      accessToken: data.access_token,
+      clientId: data.client_id,
+      expiresAt: new Date(data.expires_on ? Number(data.expires_on) * 1e3 : Date.now() + 60 * 60 * 1e3),
+      // fallback 1h
+      tokenType: data.token_type
+    };
+  }
+  /**
+   * Instantiates ManagedIdentityCredential using environment variables.
+   * @returns ManagedIdentityCredential instance
+   */
+  static fromEnv() {
+    return new _ManagedIdentityCredential({ clientId: process.env.AZURE_CLIENT_ID });
+  }
+};
+
+// src/lib/ServicePrincipalCredential.ts
+var import_node_url = require("url");
+var ServicePrincipalCredential = class _ServicePrincipalCredential {
+  /**
+   * @param options Service principal credential options
+   */
+  constructor(options) {
+    this.options = options;
+  }
+  /**
+   * Gets an Azure access token using the service principal credentials.
+   * @param scope The resource scope for the token
+   * @returns An object with token and expiresAt
+   * @throws If client secret is missing or token request fails
+   */
+  async getToken(scope) {
+    if (!this.options.clientSecret) throw new Error("ServicePrincipalCredential: The client secret is not provided.");
+    const url = [this.options.authorityHost?.replace(/\/$/, "") ?? "https://login.microsoftonline.com", `${this.options.tenantId}/oauth2/v2.0/token`].join("/");
+    try {
+      const searchParams = {
+        client_id: this.options.clientId,
+        grant_type: "client_credentials",
+        scope
+      };
+      if (this.options.federated) {
+        Object.assign(searchParams, {
+          client_assertion: this.options.clientSecret,
+          client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
+        });
+      } else {
+        Object.assign(searchParams, {
+          client_secret: this.options.clientSecret
+        });
+      }
+      const response = await fetch(url, {
+        method: "POST",
+        headers: {
+          Accept: "application/json",
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: new import_node_url.URLSearchParams(searchParams)
+      });
+      if (!response.ok) {
+        throw new Error(`Failed to get token: ${await response.text()}`);
+      }
+      const data = await response.json();
+      return {
+        accessToken: data.access_token,
+        clientId: data.client_id ?? this.options.clientId,
+        expiresAt: new Date(Date.now() + data.expires_in * 1e3),
+        tokenType: data.token_type
+      };
+    } catch (error) {
+      throw new Error(`Failed to get token: ${error.stack}`);
+    }
+  }
+  /**
+   * Instantiates ServicePrincipalCredential using environment variables.
+   * @returns ServicePrincipalCredential instance
+   */
+  static fromEnv() {
+    return new _ServicePrincipalCredential({
+      clientId: process.env.AZURE_CLIENT_ID,
+      clientSecret: process.env.AZURE_CLIENT_SECRET,
+      tenantId: process.env.AZURE_TENANT_ID,
+      federated: false
+    });
+  }
+};
+
+// src/lib/WorkloadIdentityCredential.ts
+var import_node_fs = require("fs");
+var WorkloadIdentityCredential = class _WorkloadIdentityCredential {
+  /**
+   * @param options Workload identity credential options
+   */
+  constructor(options) {
+    this.options = options;
+  }
+  /**
+   * Gets an Azure access token using the federated token file.
+   * @param scope The resource scope for the token
+   * @returns An object with token and expiresAt
+   * @throws If the federated token file does not exist
+   */
+  async getToken(scope) {
+    if (!(0, import_node_fs.existsSync)(this.options.federatedTokenFile)) {
+      throw new Error("WorkloadIdentityCredential: The federated token file does not exist.");
+    }
+    const token = (0, import_node_fs.readFileSync)(this.options.federatedTokenFile, "utf-8");
+    const servicePrincipal = new ServicePrincipalCredential({ ...this.options, clientSecret: token, federated: true });
+    return servicePrincipal.getToken(scope);
+  }
+  /**
+   * Instantiates WorkloadIdentityCredential using environment variables.
+   * @returns WorkloadIdentityCredential instance
+   */
+  static fromEnv() {
+    return new _WorkloadIdentityCredential({
+      authorityHost: process.env.AZURE_AUTHORITY_HOST,
+      clientId: process.env.AZURE_CLIENT_ID,
+      federatedTokenFile: process.env.AZURE_FEDERATED_TOKEN_FILE,
+      tenantId: process.env.AZURE_TENANT_ID
+    });
+  }
+};
+
+// src/lib/DefaultChainedCredential.ts
+var credentialChain = [WorkloadIdentityCredential, ManagedIdentityCredential, ServicePrincipalCredential, AzureCliCredential];
+var DefaultChainedCredential = class {
+  /**
+   * Attempts to get an Azure access token using the first available credential in the chain.
+   * @param scope The resource scope for the token
+   * @returns An object with token and expiresAt
+   * @throws If all credential providers fail
+   */
+  async getToken(scope) {
+    const errors = [];
+    for (const Credential of credentialChain) {
+      try {
+        return await Credential.fromEnv().getToken(scope);
+      } catch (error) {
+        errors.push({ error, name: Credential.name });
+      }
+    }
+    throw new Error(`Failed to get token, errors:
+${errors.map((err) => `[${err.name}] ${err.error.message}`).join("\n")}`);
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AzureCliCredential,
+  AzureClient,
+  AzureCredential,
+  DefaultChainedCredential,
+  ManagedIdentityCredential,
+  ServicePrincipalCredential,
+  WorkloadIdentityCredential
+});
+//# sourceMappingURL=index.cjs.map