@azure/identity
Advanced tools
Comparing version 1.0.1-dev.20191122.1 to 1.0.1-dev.20191123.1
@@ -6,2 +6,3 @@ # Changelog | ||
- Fixed an issue where an authorization error occurs due to wrong access token being returned by the MSI endpoint when using a user-assigned managed identity with `ManagedIdentityCredential` ([PR #6134](https://github.com/Azure/azure-sdk-for-js/pull/6134)) | ||
- Fixed an issue in `EnvironmentCredential` where authentication silently fails when one or more of the expected environment variables is not present ([PR #6313](https://github.com/Azure/azure-sdk-for-js/pull/6313)) | ||
- Updated to use OpenTelemetry 0.2 via `@azure/core-tracing` | ||
@@ -8,0 +9,0 @@ |
@@ -6,3 +6,3 @@ // Copyright (c) Microsoft Corporation. | ||
import { createSpan } from "../util/tracing"; | ||
import { AuthenticationErrorName } from "../client/errors"; | ||
import { AuthenticationError, AuthenticationErrorName } from "../client/errors"; | ||
import { CanonicalCode } from "@opentelemetry/types"; | ||
@@ -13,2 +13,17 @@ import { logger } from "../util/logging"; | ||
/** | ||
* Contains the list of all supported environment variable names so that an | ||
* appropriate error message can be generated when no credentials can be | ||
* configured. | ||
* | ||
* @internal | ||
*/ | ||
export const AllSupportedEnvironmentVariables = [ | ||
"AZURE_TENANT_ID", | ||
"AZURE_CLIENT_ID", | ||
"AZURE_CLIENT_SECRET", | ||
"AZURE_CLIENT_CERTIFICATE_PATH", | ||
"AZURE_USERNAME", | ||
"AZURE_PASSWORD" | ||
]; | ||
/** | ||
* Enables authentication to Azure Active Directory using client secret | ||
@@ -35,3 +50,6 @@ * details configured in the following environment variables: | ||
constructor(options) { | ||
this._environmentVarsMissing = []; | ||
this._credential = undefined; | ||
// Keep track of any missing environment variables for error details | ||
this._environmentVarsMissing = AllSupportedEnvironmentVariables.filter((v) => process.env[v] === undefined); | ||
const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, clientSecret = process.env.AZURE_CLIENT_SECRET; | ||
@@ -87,5 +105,15 @@ if (tenantId && clientId && clientSecret) { | ||
} | ||
// If by this point we don't have a credential, throw an exception so that | ||
// the user knows the credential was not configured appropriately | ||
span.setStatus({ code: CanonicalCode.UNAUTHENTICATED }); | ||
span.end(); | ||
return Promise.resolve(null); | ||
throw new AuthenticationError(400, { | ||
error: "missing_environment_variables", | ||
error_description: `EnvironmentCredential cannot return a token because one or more of the following environment variables is missing: | ||
${this._environmentVarsMissing.join("\n")} | ||
To authenticate with a service principal AZURE_TENANT_ID, AZURE_CLIENT_ID, and either AZURE_CLIENT_SECRET or AZURE_CLIENT_CERTIFICATE_PATH must be set. To authenticate with a user account AZURE_TENANT_ID, AZURE_USERNAME, and AZURE_PASSWORD must be set. | ||
` | ||
}); | ||
}); | ||
@@ -92,0 +120,0 @@ } |
@@ -582,2 +582,17 @@ 'use strict'; | ||
/** | ||
* Contains the list of all supported environment variable names so that an | ||
* appropriate error message can be generated when no credentials can be | ||
* configured. | ||
* | ||
* @internal | ||
*/ | ||
const AllSupportedEnvironmentVariables = [ | ||
"AZURE_TENANT_ID", | ||
"AZURE_CLIENT_ID", | ||
"AZURE_CLIENT_SECRET", | ||
"AZURE_CLIENT_CERTIFICATE_PATH", | ||
"AZURE_USERNAME", | ||
"AZURE_PASSWORD" | ||
]; | ||
/** | ||
* Enables authentication to Azure Active Directory using client secret | ||
@@ -604,3 +619,6 @@ * details configured in the following environment variables: | ||
constructor(options) { | ||
this._environmentVarsMissing = []; | ||
this._credential = undefined; | ||
// Keep track of any missing environment variables for error details | ||
this._environmentVarsMissing = AllSupportedEnvironmentVariables.filter((v) => process.env[v] === undefined); | ||
const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, clientSecret = process.env.AZURE_CLIENT_SECRET; | ||
@@ -656,5 +674,15 @@ if (tenantId && clientId && clientSecret) { | ||
} | ||
// If by this point we don't have a credential, throw an exception so that | ||
// the user knows the credential was not configured appropriately | ||
span.setStatus({ code: types.CanonicalCode.UNAUTHENTICATED }); | ||
span.end(); | ||
return Promise.resolve(null); | ||
throw new AuthenticationError(400, { | ||
error: "missing_environment_variables", | ||
error_description: `EnvironmentCredential cannot return a token because one or more of the following environment variables is missing: | ||
${this._environmentVarsMissing.join("\n")} | ||
To authenticate with a service principal AZURE_TENANT_ID, AZURE_CLIENT_ID, and either AZURE_CLIENT_SECRET or AZURE_CLIENT_CERTIFICATE_PATH must be set. To authenticate with a user account AZURE_TENANT_ID, AZURE_USERNAME, and AZURE_PASSWORD must be set. | ||
` | ||
}); | ||
}); | ||
@@ -661,0 +689,0 @@ } |
{ | ||
"name": "@azure/identity", | ||
"sdk-type": "client", | ||
"version": "1.0.1-dev.20191122.1", | ||
"version": "1.0.1-dev.20191123.1", | ||
"description": "Provides credential implementations for Azure SDK libraries that can authenticate with Azure Active Directory", | ||
@@ -6,0 +6,0 @@ "main": "dist/index.js", |
@@ -104,3 +104,3 @@ ## Azure Identity client library for JS | ||
The `AuthorizationCodeCredential` takes more up-front work to use than the other credential types at this time. A full sample demonstrating how to use this credential can be found in [`samples/authorizationCodeSample.ts`](https://github.com/Azure/azure-sdk-for-js/tree/62b42b2390c40877ea0b753aa368cff994a3b8f1/sdk/identity/identity/samples/authorizationCodeSample.ts). | ||
The `AuthorizationCodeCredential` takes more up-front work to use than the other credential types at this time. A full sample demonstrating how to use this credential can be found in [`samples/authorizationCodeSample.ts`](https://github.com/Azure/azure-sdk-for-js/tree/1fd1c1ac4d4620424276550e07d590eda3760790/sdk/identity/identity/samples/authorizationCodeSample.ts). | ||
@@ -149,3 +149,3 @@ ### Chaining credentials | ||
If you'd like to contribute to this library, please read the [contributing guide](https://github.com/Azure/azure-sdk-for-js/tree/62b42b2390c40877ea0b753aa368cff994a3b8f1/CONTRIBUTING.md) to learn more about how to build and test the code. | ||
If you'd like to contribute to this library, please read the [contributing guide](https://github.com/Azure/azure-sdk-for-js/tree/1fd1c1ac4d4620424276550e07d590eda3760790/CONTRIBUTING.md) to learn more about how to build and test the code. | ||
@@ -152,0 +152,0 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). |
@@ -8,3 +8,3 @@ // Copyright (c) Microsoft Corporation. | ||
import { createSpan } from "../util/tracing"; | ||
import { AuthenticationErrorName } from "../client/errors"; | ||
import { AuthenticationError, AuthenticationErrorName } from "../client/errors"; | ||
import { CanonicalCode } from "@opentelemetry/types"; | ||
@@ -16,2 +16,18 @@ import { logger } from "../util/logging"; | ||
/** | ||
* Contains the list of all supported environment variable names so that an | ||
* appropriate error message can be generated when no credentials can be | ||
* configured. | ||
* | ||
* @internal | ||
*/ | ||
export const AllSupportedEnvironmentVariables = [ | ||
"AZURE_TENANT_ID", | ||
"AZURE_CLIENT_ID", | ||
"AZURE_CLIENT_SECRET", | ||
"AZURE_CLIENT_CERTIFICATE_PATH", | ||
"AZURE_USERNAME", | ||
"AZURE_PASSWORD" | ||
]; | ||
/** | ||
* Enables authentication to Azure Active Directory using client secret | ||
@@ -29,2 +45,3 @@ * details configured in the following environment variables: | ||
export class EnvironmentCredential implements TokenCredential { | ||
private _environmentVarsMissing: string[] = []; | ||
private _credential?: TokenCredential = undefined; | ||
@@ -40,2 +57,7 @@ /** | ||
constructor(options?: TokenCredentialOptions) { | ||
// Keep track of any missing environment variables for error details | ||
this._environmentVarsMissing = AllSupportedEnvironmentVariables.filter( | ||
(v) => process.env[v] === undefined | ||
); | ||
const tenantId = process.env.AZURE_TENANT_ID, | ||
@@ -116,6 +138,16 @@ clientId = process.env.AZURE_CLIENT_ID, | ||
// If by this point we don't have a credential, throw an exception so that | ||
// the user knows the credential was not configured appropriately | ||
span.setStatus({ code: CanonicalCode.UNAUTHENTICATED }); | ||
span.end(); | ||
return Promise.resolve(null); | ||
throw new AuthenticationError(400, { | ||
error: "missing_environment_variables", | ||
error_description: `EnvironmentCredential cannot return a token because one or more of the following environment variables is missing: | ||
${this._environmentVarsMissing.join("\n")} | ||
To authenticate with a service principal AZURE_TENANT_ID, AZURE_CLIENT_ID, and either AZURE_CLIENT_SECRET or AZURE_CLIENT_CERTIFICATE_PATH must be set. To authenticate with a user account AZURE_TENANT_ID, AZURE_USERNAME, and AZURE_PASSWORD must be set. | ||
` | ||
}); | ||
} | ||
} |
@@ -336,2 +336,3 @@ import { AccessToken } from '@azure/core-http'; | ||
export declare class EnvironmentCredential implements TokenCredential { | ||
private _environmentVarsMissing; | ||
private _credential?; | ||
@@ -338,0 +339,0 @@ /** |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
397104
5531
27