@takodotid/azure-rest 0.1.6 → 1.0.0

package/dist/index.d.cts

@@ -48,14 +48,6 @@ declare class AzureClient {
      * @param options Azure client configuration (baseUrl, credential, etc)
      */
     constructor(options: AzureClientOptions);
-    /**
-     * Sends a request to the Azure REST API, handling token refresh and retries.
-     * @param path The API path (relative to baseUrl)
-     * @param options Optional fetch options
-     * @returns The fetch Response object
-     * @throws If token refresh fails after max retries
-     */
-    sendRequest(path: string, options?: RequestInit): Promise<Response>;
     /**
      * Sends a GET request to the Azure REST API.
      * @param path The API path
@@ -91,6 +83,14 @@ declare class AzureClient {
      * @returns The fetch Response object
      */
     delete(path: string, options?: Exclude<RequestInit, "method">): Promise<Response>;
+    /**
+     * Sends a request to the Azure REST API, handling token refresh and retries.
+     * @param path The API path (relative to baseUrl)
+     * @param options Optional fetch options
+     * @returns The fetch Response object
+     * @throws If token refresh fails after max retries
+     */
+    request(path: string, options?: RequestInit): Promise<Response>;
     /**
      * Refreshes the Azure access token using the provided credential helper.
      * @private
@@ -119,18 +119,32 @@ type CLITokenResponse = {
 /**
  * Options for AzureCliCredential.
  *
- * @property tenantId - The Azure tenant ID to use for authentication.
+ * @property tenantId - (Optional) The Azure tenant ID to use for authentication. If not provided, will use the current Azure CLI context.
  */
 type AzureCLICredentialOptions = {
-    tenantId: string;
+    tenantId?: string;
 };
+/**
+ * AzureCliCredential authenticates using the Azure CLI (`az`).
+ *
+ * - If `tenantId` is provided, uses it for token requests.
+ * - If not, will try `AZURE_TENANT_ID` env var, then fall back to the current Azure CLI context.
+ *
+ * Throws clear errors if the CLI is not installed or not logged in.
+ */
 declare class AzureCliCredential implements AzureCredential {
     options: AzureCLICredentialOptions;
     constructor(options: AzureCLICredentialOptions);
+    /**
+     * Instantiates AzureCliCredential using the AZURE_TENANT_ID environment variable (if set),
+     * or falls back to the current Azure CLI context.
+     * @returns AzureCliCredential instance
+     */
+    static fromEnv(): AzureCliCredential;
     /**
      * Gets an Azure access token using the Azure CLI.
-     * @param scope The resource scope for the token
-     * @returns An object with token and expiresAt
+     * @param scope The resource scope for the token (e.g. 'https://management.azure.com/.default')
+     * @returns An object with accessToken, expiresAt, and tokenType
      * @throws If CLI is not installed or not logged in
      */
     getToken(scope: string): Promise<{
@@ -139,26 +153,33 @@ declare class AzureCliCredential implements AzureCredential {
         tokenType: string;
     }>;
     /**
-     * Runs the Azure CLI to get an access token for the given scope.
+     * Runs the Azure CLI to get an access token for the given scope and tenant.
      * @param scope The resource scope
+     * @param tenantId The Azure tenant ID
      * @returns Promise resolving to CLI stdout and stderr
      * @private
      */
     private getCliToken;
+    /**
+     * Gets the current tenant ID from Azure CLI context.
+     * @returns Promise resolving to the current tenant ID string
+     * @throws If CLI is not installed or not logged in
+     */
+    private static getCurrentTenantId;
     /**
      * Parses the raw CLI output and returns a token + expiry object.
      * @param output The stdout from Azure CLI
-     * @returns An object with token and expiresAt
+     * @returns An object with accessToken, expiresAt, and tokenType
      * @private
      */
     private parseRawOutput;
     /**
-     * Instantiates AzureCliCredential using the AZURE_TENANT_ID environment variable.
-     * This expects the following environment variable to be set:
-     * - AZURE_TENANT_ID: The Azure tenant ID to use for authentication.
-     * @returns AzureCliCredential instance
+     * Checks stderr for common Azure CLI login errors.
+     * @param stderr The stderr string from CLI
+     * @returns Object with isLoginError and isNotInstallError booleans
+     * @private
      */
-    static fromEnv(): AzureCliCredential;
+    private static parseCliLoginError;
 }
 declare global {
     namespace NodeJS {
@@ -169,12 +190,12 @@ declare global {
 }
 
 /**
- * DefaultChainedCredential tries multiple credential providers in order until one succeeds.
+ * ChainedCredential tries multiple credential providers in order until one succeeds.
  *
  * The chain is: WorkloadIdentityCredential → ManagedIdentityCredential → ServicePrincipalCredential → AzureCliCredential.
  * Useful for local dev, CI, and cloud environments with minimal config.
  */
-declare class DefaultChainedCredential implements AzureCredential {
+declare class ChainedCredential implements AzureCredential {
     /**
      * Attempts to get an Azure access token using the first available credential in the chain.
      * @param scope The resource scope for the token
@@ -383,4 +404,4 @@ declare global {
     }
 }
 
-export { type AzureCLICredentialOptions, AzureCliCredential, AzureClient, type AzureClientOptions, AzureCredential, type CLITokenResponse, type Credential, DefaultChainedCredential, ManagedIdentityCredential, type ManagedIdentityCredentialOptions, type OAuth2TokenResponse, ServicePrincipalCredential, type ServicePrincipalCredentialOption, WorkloadIdentityCredential, type WorkloadIdentityCredentialOption };
+export { type AzureCLICredentialOptions, AzureCliCredential, AzureClient, type AzureClientOptions, AzureCredential, type CLITokenResponse, ChainedCredential, type Credential, ManagedIdentityCredential, type ManagedIdentityCredentialOptions, type OAuth2TokenResponse, ServicePrincipalCredential, type ServicePrincipalCredentialOption, WorkloadIdentityCredential, type WorkloadIdentityCredentialOption };

package/dist/index.d.ts

@@ -48,14 +48,6 @@ declare class AzureClient {
      * @param options Azure client configuration (baseUrl, credential, etc)
      */
     constructor(options: AzureClientOptions);
-    /**
-     * Sends a request to the Azure REST API, handling token refresh and retries.
-     * @param path The API path (relative to baseUrl)
-     * @param options Optional fetch options
-     * @returns The fetch Response object
-     * @throws If token refresh fails after max retries
-     */
-    sendRequest(path: string, options?: RequestInit): Promise<Response>;
     /**
      * Sends a GET request to the Azure REST API.
      * @param path The API path
@@ -91,6 +83,14 @@ declare class AzureClient {
      * @returns The fetch Response object
      */
     delete(path: string, options?: Exclude<RequestInit, "method">): Promise<Response>;
+    /**
+     * Sends a request to the Azure REST API, handling token refresh and retries.
+     * @param path The API path (relative to baseUrl)
+     * @param options Optional fetch options
+     * @returns The fetch Response object
+     * @throws If token refresh fails after max retries
+     */
+    request(path: string, options?: RequestInit): Promise<Response>;
     /**
      * Refreshes the Azure access token using the provided credential helper.
      * @private
@@ -119,18 +119,32 @@ type CLITokenResponse = {
 /**
  * Options for AzureCliCredential.
  *
- * @property tenantId - The Azure tenant ID to use for authentication.
+ * @property tenantId - (Optional) The Azure tenant ID to use for authentication. If not provided, will use the current Azure CLI context.
  */
 type AzureCLICredentialOptions = {
-    tenantId: string;
+    tenantId?: string;
 };
+/**
+ * AzureCliCredential authenticates using the Azure CLI (`az`).
+ *
+ * - If `tenantId` is provided, uses it for token requests.
+ * - If not, will try `AZURE_TENANT_ID` env var, then fall back to the current Azure CLI context.
+ *
+ * Throws clear errors if the CLI is not installed or not logged in.
+ */
 declare class AzureCliCredential implements AzureCredential {
     options: AzureCLICredentialOptions;
     constructor(options: AzureCLICredentialOptions);
+    /**
+     * Instantiates AzureCliCredential using the AZURE_TENANT_ID environment variable (if set),
+     * or falls back to the current Azure CLI context.
+     * @returns AzureCliCredential instance
+     */
+    static fromEnv(): AzureCliCredential;
     /**
      * Gets an Azure access token using the Azure CLI.
-     * @param scope The resource scope for the token
-     * @returns An object with token and expiresAt
+     * @param scope The resource scope for the token (e.g. 'https://management.azure.com/.default')
+     * @returns An object with accessToken, expiresAt, and tokenType
      * @throws If CLI is not installed or not logged in
      */
     getToken(scope: string): Promise<{
@@ -139,26 +153,33 @@ declare class AzureCliCredential implements AzureCredential {
         tokenType: string;
     }>;
     /**
-     * Runs the Azure CLI to get an access token for the given scope.
+     * Runs the Azure CLI to get an access token for the given scope and tenant.
      * @param scope The resource scope
+     * @param tenantId The Azure tenant ID
      * @returns Promise resolving to CLI stdout and stderr
      * @private
      */
     private getCliToken;
+    /**
+     * Gets the current tenant ID from Azure CLI context.
+     * @returns Promise resolving to the current tenant ID string
+     * @throws If CLI is not installed or not logged in
+     */
+    private static getCurrentTenantId;
     /**
      * Parses the raw CLI output and returns a token + expiry object.
      * @param output The stdout from Azure CLI
-     * @returns An object with token and expiresAt
+     * @returns An object with accessToken, expiresAt, and tokenType
      * @private
      */
     private parseRawOutput;
     /**
-     * Instantiates AzureCliCredential using the AZURE_TENANT_ID environment variable.
-     * This expects the following environment variable to be set:
-     * - AZURE_TENANT_ID: The Azure tenant ID to use for authentication.
-     * @returns AzureCliCredential instance
+     * Checks stderr for common Azure CLI login errors.
+     * @param stderr The stderr string from CLI
+     * @returns Object with isLoginError and isNotInstallError booleans
+     * @private
      */
-    static fromEnv(): AzureCliCredential;
+    private static parseCliLoginError;
 }
 declare global {
     namespace NodeJS {
@@ -169,12 +190,12 @@ declare global {
 }
 
 /**
- * DefaultChainedCredential tries multiple credential providers in order until one succeeds.
+ * ChainedCredential tries multiple credential providers in order until one succeeds.
  *
  * The chain is: WorkloadIdentityCredential → ManagedIdentityCredential → ServicePrincipalCredential → AzureCliCredential.
  * Useful for local dev, CI, and cloud environments with minimal config.
  */
-declare class DefaultChainedCredential implements AzureCredential {
+declare class ChainedCredential implements AzureCredential {
     /**
      * Attempts to get an Azure access token using the first available credential in the chain.
      * @param scope The resource scope for the token
@@ -383,4 +404,4 @@ declare global {
     }
 }
 
-export { type AzureCLICredentialOptions, AzureCliCredential, AzureClient, type AzureClientOptions, AzureCredential, type CLITokenResponse, type Credential, DefaultChainedCredential, ManagedIdentityCredential, type ManagedIdentityCredentialOptions, type OAuth2TokenResponse, ServicePrincipalCredential, type ServicePrincipalCredentialOption, WorkloadIdentityCredential, type WorkloadIdentityCredentialOption };
+export { type AzureCLICredentialOptions, AzureCliCredential, AzureClient, type AzureClientOptions, AzureCredential, type CLITokenResponse, ChainedCredential, type Credential, ManagedIdentityCredential, type ManagedIdentityCredentialOptions, type OAuth2TokenResponse, ServicePrincipalCredential, type ServicePrincipalCredentialOption, WorkloadIdentityCredential, type WorkloadIdentityCredentialOption };

package/dist/index.js

@@ -9,34 +9,6 @@ var AzureClient = class _AzureClient {
   }
   static MAX_TOKEN_RETRIES = 3;
   token = null;
-  /**
-   * Sends a request to the Azure REST API, handling token refresh and retries.
-   * @param path The API path (relative to baseUrl)
-   * @param options Optional fetch options
-   * @returns The fetch Response object
-   * @throws If token refresh fails after max retries
-   */
-  async sendRequest(path, options) {
-    for (let i = 0; i <= _AzureClient.MAX_TOKEN_RETRIES; i++) {
-      if (this.token && this.token.expiresAt > /* @__PURE__ */ new Date()) break;
-      if (i === _AzureClient.MAX_TOKEN_RETRIES) {
-        throw new Error("Failed to refresh token after multiple attempts");
-      }
-      await this.refreshToken();
-      if (i > 0) await new Promise((res) => setTimeout(res, 100 * i));
-    }
-    if (!this.token) throw new Error("Token is unexpectedly null after refresh attempts");
-    const baseUrl = this.options.baseUrl.replace(/\/+$/, "");
-    const relPath = path.replace(/^\/+/, "");
-    const url = `${baseUrl}/${relPath}`;
-    return fetch(url, {
-      ...options,
-      headers: {
-        ...this.options.credential.builder ? this.options.credential.builder(this.token) : { Authorization: `Bearer ${this.token.accessToken}` },
-        ...options?.headers
-      }
-    });
-  }
   /**
    * Sends a GET request to the Azure REST API.
    * @param path The API path
@@ -44,7 +16,7 @@ var AzureClient = class _AzureClient {
    * @returns The fetch Response object
    */
   get(path, options) {
-    return this.sendRequest(path, { ...options, method: "GET" });
+    return this.request(path, { ...options, method: "GET" });
   }
   /**
    * Sends a POST request with a JSON body to the Azure REST API.
@@ -53,7 +25,7 @@ var AzureClient = class _AzureClient {
    * @returns The fetch Response object
    */
   post(path, options) {
-    return this.sendRequest(path, {
+    return this.request(path, {
       ...options,
       method: "POST"
     });
@@ -65,7 +37,7 @@ var AzureClient = class _AzureClient {
    * @returns The fetch Response object
    */
   put(path, options) {
-    return this.sendRequest(path, {
+    return this.request(path, {
       ...options,
       method: "PUT"
     });
@@ -77,7 +49,7 @@ var AzureClient = class _AzureClient {
    * @returns The fetch Response object
    */
   patch(path, options) {
-    return this.sendRequest(path, {
+    return this.request(path, {
       ...options,
       method: "PATCH"
     });
@@ -89,7 +61,35 @@ var AzureClient = class _AzureClient {
    * @returns The fetch Response object
    */
   delete(path, options) {
-    return this.sendRequest(path, { ...options, method: "DELETE" });
+    return this.request(path, { ...options, method: "DELETE" });
+  }
+  /**
+   * Sends a request to the Azure REST API, handling token refresh and retries.
+   * @param path The API path (relative to baseUrl)
+   * @param options Optional fetch options
+   * @returns The fetch Response object
+   * @throws If token refresh fails after max retries
+   */
+  async request(path, options) {
+    for (let i = 0; i <= _AzureClient.MAX_TOKEN_RETRIES; i++) {
+      if (this.token && this.token.expiresAt > /* @__PURE__ */ new Date()) break;
+      if (i === _AzureClient.MAX_TOKEN_RETRIES) {
+        throw new Error("Failed to refresh token after multiple attempts");
+      }
+      await this.refreshToken();
+      if (i > 0) await new Promise((res) => setTimeout(res, 100 * i));
+    }
+    if (!this.token) throw new Error("Token is unexpectedly null after refresh attempts");
+    const baseUrl = this.options.baseUrl.replace(/\/+$/, "");
+    const relPath = path.replace(/^\/+/, "");
+    const url = `${baseUrl}/${relPath}`;
+    return fetch(url, {
+      ...options,
+      headers: {
+        ...this.options.credential.builder ? this.options.credential.builder(this.token) : { Authorization: `Bearer ${this.token.accessToken}` },
+        ...options?.headers
+      }
+    });
   }
   /**
    * Refreshes the Azure access token using the provided credential helper.
@@ -100,52 +100,63 @@ var AzureClient = class _AzureClient {
   }
 };
 
-// src/lib/AzureCliCredential.ts
+// src/credentials/AzureCliCredential.ts
 import { execFile } from "child_process";
 import process2 from "process";
 var AzureCliCredential = class _AzureCliCredential {
   constructor(options) {
     this.options = options;
   }
+  /**
+   * Instantiates AzureCliCredential using the AZURE_TENANT_ID environment variable (if set),
+   * or falls back to the current Azure CLI context.
+   * @returns AzureCliCredential instance
+   */
+  static fromEnv() {
+    const tenantId = process2.env.AZURE_TENANT_ID;
+    return new _AzureCliCredential(tenantId ? { tenantId } : {});
+  }
   /**
    * Gets an Azure access token using the Azure CLI.
-   * @param scope The resource scope for the token
-   * @returns An object with token and expiresAt
+   * @param scope The resource scope for the token (e.g. 'https://management.azure.com/.default')
+   * @returns An object with accessToken, expiresAt, and tokenType
    * @throws If CLI is not installed or not logged in
    */
   async getToken(scope) {
     try {
-      const result = await this.getCliToken(scope);
-      const specificScope = result.stderr.match("(.*)az login --scope(.*)");
-      const isLoginError = result.stderr.match("(.*)az login(.*)") && !specificScope;
-      const isNotInstallError = result.stderr.match("az:(.*)not found") ?? result.stderr.startsWith("'az' is not recognized");
-      if (isNotInstallError) {
-        throw new Error("Azure CLI not found. Please install");
-      }
-      if (isLoginError) {
-        throw new Error("Please login to Azure CLI");
-      }
+      const tenantId = this.options.tenantId ?? await _AzureCliCredential.getCurrentTenantId();
+      const result = await this.getCliToken(scope, tenantId);
       return this.parseRawOutput(result.stdout);
     } catch (error) {
-      throw new Error(`Failed to get token: ${error.stack}`);
+      throw new Error(`Failed to get token: ${error.message}`);
     }
   }
   /**
-   * Runs the Azure CLI to get an access token for the given scope.
+   * Runs the Azure CLI to get an access token for the given scope and tenant.
    * @param scope The resource scope
+   * @param tenantId The Azure tenant ID
    * @returns Promise resolving to CLI stdout and stderr
    * @private
    */
-  async getCliToken(scope) {
+  async getCliToken(scope, tenantId) {
     return new Promise((resolve, reject) => {
       try {
         execFile(
           "az",
-          ["account", "get-access-token", "--output", "json", "--resource", scope.replace(".default", ""), "--tenant", this.options.tenantId],
+          ["account", "get-access-token", "--output", "json", "--resource", scope.replace(".default", ""), "--tenant", tenantId],
           { cwd: process2.cwd(), shell: true, timeout: 3e4 },
           (error, stdout, stderr) => {
+            const { isLoginError, isNotInstallError } = _AzureCliCredential.parseCliLoginError(stderr);
+            if (isNotInstallError) {
+              reject(new Error("Azure CLI not found. Please install"));
+              return;
+            }
+            if (isLoginError) {
+              reject(new Error("Please login to Azure CLI"));
+              return;
+            }
             if (error) {
-              reject(new Error(`Failed to get token: ${error.stack}`));
+              reject(new Error(`Failed to get token: ${error.message}`));
               return;
             }
             resolve({ stdout, stderr });
@@ -156,10 +167,40 @@ var AzureCliCredential = class _AzureCliCredential {
       }
     });
   }
+  /**
+   * Gets the current tenant ID from Azure CLI context.
+   * @returns Promise resolving to the current tenant ID string
+   * @throws If CLI is not installed or not logged in
+   */
+  static async getCurrentTenantId() {
+    return new Promise((resolve, reject) => {
+      execFile("az", ["account", "show", "--query", "tenantId", "--output", "tsv"], { cwd: process2.cwd(), shell: true, timeout: 1e4 }, (error, stdout, stderr) => {
+        const { isLoginError, isNotInstallError } = _AzureCliCredential.parseCliLoginError(stderr);
+        if (isNotInstallError) {
+          reject(new Error("Azure CLI not found. Please install"));
+          return;
+        }
+        if (isLoginError) {
+          reject(new Error("Please login to Azure CLI"));
+          return;
+        }
+        if (error) {
+          reject(new Error(`Failed to detect tenantId from Azure CLI context: ${stderr}`));
+          return;
+        }
+        const tenantId = stdout.trim();
+        if (!tenantId) {
+          reject(new Error("Could not detect tenantId from Azure CLI context."));
+          return;
+        }
+        resolve(tenantId);
+      });
+    });
+  }
   /**
    * Parses the raw CLI output and returns a token + expiry object.
    * @param output The stdout from Azure CLI
-   * @returns An object with token and expiresAt
+   * @returns An object with accessToken, expiresAt, and tokenType
    * @private
    */
   parseRawOutput(output) {
@@ -180,21 +221,27 @@ var AzureCliCredential = class _AzureCliCredential {
     };
   }
   /**
-   * Instantiates AzureCliCredential using the AZURE_TENANT_ID environment variable.
-   * This expects the following environment variable to be set:
-   * - AZURE_TENANT_ID: The Azure tenant ID to use for authentication.
-   * @returns AzureCliCredential instance
+   * Checks stderr for common Azure CLI login errors.
+   * @param stderr The stderr string from CLI
+   * @returns Object with isLoginError and isNotInstallError booleans
+   * @private
    */
-  static fromEnv() {
-    return new _AzureCliCredential({ tenantId: process2.env.AZURE_TENANT_ID });
+  static parseCliLoginError(stderr) {
+    const specificScope = stderr.match("(.*)az login --scope(.*)");
+    const isLoginError = stderr.match("(.*)az login(.*)") && !specificScope;
+    const isNotInstallError = stderr.match("az:(.*)not found") ?? stderr.startsWith("'az' is not recognized");
+    return {
+      isLoginError: Boolean(isLoginError),
+      isNotInstallError: Boolean(isNotInstallError)
+    };
   }
 };
 
-// src/lib/AzureCredential.ts
+// src/credentials/AzureCredential.ts
 var AzureCredential = class {
 };
 
-// src/lib/ManagedIdentityCredential.ts
+// src/credentials/ManagedIdentityCredential.ts
 var ManagedIdentityCredential = class _ManagedIdentityCredential {
   /**
    * @param options Managed identity credential options
@@ -265,7 +312,7 @@ var ManagedIdentityCredential = class _ManagedIdentityCredential {
   }
 };
 
-// src/lib/ServicePrincipalCredential.ts
+// src/credentials/ServicePrincipalCredential.ts
 import { URLSearchParams as URLSearchParams2 } from "url";
 var ServicePrincipalCredential = class _ServicePrincipalCredential {
   /**
@@ -341,7 +388,7 @@ var ServicePrincipalCredential = class _ServicePrincipalCredential {
   }
 };
 
-// src/lib/WorkloadIdentityCredential.ts
+// src/credentials/WorkloadIdentityCredential.ts
 import { readFile } from "fs/promises";
 var WorkloadIdentityCredential = class _WorkloadIdentityCredential {
   /**
@@ -387,9 +434,9 @@ var WorkloadIdentityCredential = class _WorkloadIdentityCredential {
   }
 };
 
-// src/lib/DefaultChainedCredential.ts
+// src/credentials/ChainedCredential.ts
 var credentialChain = [WorkloadIdentityCredential, ManagedIdentityCredential, ServicePrincipalCredential, AzureCliCredential];
-var DefaultChainedCredential = class {
+var ChainedCredential = class {
   /**
    * Attempts to get an Azure access token using the first available credential in the chain.
    * @param scope The resource scope for the token
@@ -400,7 +447,7 @@ var DefaultChainedCredential = class {
     const errors = [];
     const debug = process.env.DEBUG?.includes("tako-azure-rest:credentials") || process.env.DEBUG?.includes("tako-azure-rest:*");
     for (const Credential of credentialChain) {
-      const label = `[DefaultChainedCredential] ${Credential.name}`;
+      const label = `[ChainedCredential] ${Credential.name}`;
       let start;
       if (debug) {
         start = Date.now();
@@ -429,7 +476,7 @@ export {
   AzureCliCredential,
   AzureClient,
   AzureCredential,
-  DefaultChainedCredential,
+  ChainedCredential,
   ManagedIdentityCredential,
   ServicePrincipalCredential,
   WorkloadIdentityCredential