@azure/identity - npm Package Compare versions

Comparing version 4.1.0-alpha.20240328.2 to 4.1.0-alpha.20240409.1

dist-esm/src/credentials/defaultAzureCredential.js

@@ -18,9 +18,13 @@ // Copyright (c) Microsoft Corporation.
  */
-export function createDefaultManagedIdentityCredential(options) {
-    var _a, _b, _c;
-    const managedIdentityClientId = (_a = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _a !== void 0 ? _a : process.env.AZURE_CLIENT_ID;
-    const workloadIdentityClientId = (_b = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _b !== void 0 ? _b : managedIdentityClientId;
+export function createDefaultManagedIdentityCredential(options = {}) {
+    var _a, _b, _c, _d;
+    (_a = options.retryOptions) !== null && _a !== void 0 ? _a : (options.retryOptions = {
+        maxRetries: 5,
+        retryDelayInMs: 800,
+    });
+    const managedIdentityClientId = (_b = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _b !== void 0 ? _b : process.env.AZURE_CLIENT_ID;
+    const workloadIdentityClientId = (_c = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _c !== void 0 ? _c : managedIdentityClientId;
     const managedResourceId = options === null || options === void 0 ? void 0 : options.managedIdentityResourceId;
     const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
-    const tenantId = (_c = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _c !== void 0 ? _c : process.env.AZURE_TENANT_ID;
+    const tenantId = (_d = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _d !== void 0 ? _d : process.env.AZURE_TENANT_ID;
     if (managedResourceId) {
@@ -27,0 +31,0 @@ const managedIdentityResourceIdOptions = Object.assign(Object.assign({}, options), { resourceId: managedResourceId });

dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js

 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
+import { createHttpHeaders, createPipelineRequest, } from "@azure/core-rest-pipeline";
 import { delay, isError } from "@azure/core-util";
-import { createHttpHeaders, createPipelineRequest, } from "@azure/core-rest-pipeline";
+import { imdsApiVersion, imdsEndpointPath, imdsHost } from "./constants";
+import { AuthenticationError } from "../../errors";
 import { credentialLogger } from "../../util/logging";
-import { AuthenticationError } from "../../errors";
+import { mapScopesToResource } from "./utils";
 import { tracingClient } from "../../util/tracing";
-import { imdsApiVersion, imdsEndpointPath, imdsHost } from "./constants";
-import { mapScopesToResource } from "./utils";
 const msiName = "ManagedIdentityCredential - IMDS";
@@ -55,8 +55,2 @@ const logger = credentialLogger(msiName);
 }
-// 800ms -> 1600ms -> 3200ms
-export const imdsMsiRetryConfig = {
-    maxRetries: 3,
-    startDelayInMs: 800,
-    intervalIncrement: 2,
-};
 /**
@@ -107,3 +101,3 @@ * Defines how to determine whether the Azure IMDS MSI is available, and also how to retrieve a token from the Azure IMDS MSI.
                 }
-                // This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network"
+                // This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network" or "A socket operation was attempted to an unreachable host"
                 // rather than just timing out, as expected.
@@ -114,3 +108,3 @@ logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);
             if (response.status === 403) {
-                if ((_b = response.bodyAsText) === null || _b === void 0 ? void 0 : _b.includes("A socket operation was attempted to an unreachable network")) {
+                if ((_b = response.bodyAsText) === null || _b === void 0 ? void 0 : _b.includes("unreachable")) {
                     logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);
@@ -134,4 +128,4 @@ logger.info(`${msiName}: ${response.bodyAsText}`);
         }
-        let nextDelayInMs = imdsMsiRetryConfig.startDelayInMs;
-        for (let retries = 0; retries < imdsMsiRetryConfig.maxRetries; retries++) {
+        let nextDelayInMs = configuration.retryConfig.startDelayInMs;
+        for (let retries = 0; retries < configuration.retryConfig.maxRetries; retries++) {
             try {
@@ -145,3 +139,3 @@ const request = createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions(scopes, clientId, resourceId)), { allowInsecureConnection: true }));
                     await delay(nextDelayInMs);
-                    nextDelayInMs *= imdsMsiRetryConfig.intervalIncrement;
+                    nextDelayInMs *= configuration.retryConfig.intervalIncrement;
                     continue;
@@ -152,5 +146,5 @@ }
         }
-        throw new AuthenticationError(404, `${msiName}: Failed to retrieve IMDS token after ${imdsMsiRetryConfig.maxRetries} retries.`);
+        throw new AuthenticationError(404, `${msiName}: Failed to retrieve IMDS token after ${configuration.retryConfig.maxRetries} retries.`);
     },
 };
 //# sourceMappingURL=imdsMsi.js.map

dist-esm/src/credentials/managedIdentityCredential/index.js

 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { IdentityClient } from "../../client/identityClient";
+import { ConfidentialClientApplication } from "@azure/msal-node";
 import { AuthenticationError, AuthenticationRequiredError, CredentialUnavailableError, } from "../../errors";
 import { credentialLogger, formatError, formatSuccess } from "../../util/logging";
+import { DeveloperSignOnClientId } from "../../constants";
+import { IdentityClient } from "../../client/identityClient";
 import { appServiceMsi2017 } from "./appServiceMsi2017";
-import { tracingClient } from "../../util/tracing";
+import { appServiceMsi2019 } from "./appServiceMsi2019";
+import { arcMsi } from "./arcMsi";
 import { cloudShellMsi } from "./cloudShellMsi";
+import { fabricMsi } from "./fabricMsi";
+import { getLogLevel } from "@azure/logger";
+import { getMSALLogLevel } from "../../msal/utils";
 import { imdsMsi } from "./imdsMsi";
-import { arcMsi } from "./arcMsi";
 import { tokenExchangeMsi } from "./tokenExchangeMsi";
-import { fabricMsi } from "./fabricMsi";
-import { appServiceMsi2019 } from "./appServiceMsi2019";
-import { ConfidentialClientApplication } from "@azure/msal-node";
-import { DeveloperSignOnClientId } from "../../constants";
-import { getMSALLogLevel } from "../../msal/utils";
-import { getLogLevel } from "@azure/logger";
+import { tracingClient } from "../../util/tracing";
 const logger = credentialLogger("ManagedIdentityCredential");
@@ -33,5 +33,10 @@ /**
     constructor(clientIdOrOptions, options) {
-        var _a;
+        var _a, _b;
         this.isEndpointUnavailable = null;
         this.isAppTokenProviderInitialized = false;
+        this.msiRetryConfig = {
+            maxRetries: 3,
+            startDelayInMs: 800,
+            intervalIncrement: 2,
+        };
         let _options;
@@ -51,2 +56,5 @@ if (typeof clientIdOrOptions === "string") {
         }
+        if (((_a = _options === null || _options === void 0 ? void 0 : _options.retryOptions) === null || _a === void 0 ? void 0 : _a.maxRetries) !== undefined) {
+            this.msiRetryConfig.maxRetries = _options.retryOptions.maxRetries;
+        }
         this.identityClient = new IdentityClient(_options);
@@ -62,3 +70,3 @@ this.isAvailableIdentityClient = new IdentityClient(Object.assign(Object.assign({}, _options), { retryOptions: {
                 authority: "https://login.microsoftonline.com/managed_identity",
-                clientId: (_a = this.clientId) !== null && _a !== void 0 ? _a : DeveloperSignOnClientId,
+                clientId: (_b = this.clientId) !== null && _b !== void 0 ? _b : DeveloperSignOnClientId,
                 clientSecret: "dummy-secret",
@@ -113,2 +121,3 @@ cloudDiscoveryMetadata: '{"tenant_discovery_endpoint":"https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration","api-version":"1.1","metadata":[{"preferred_network":"login.microsoftonline.com","preferred_cache":"login.windows.net","aliases":["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{"preferred_network":"login.partner.microsoftonline.cn","preferred_cache":"login.partner.microsoftonline.cn","aliases":["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{"preferred_network":"login.microsoftonline.de","preferred_cache":"login.microsoftonline.de","aliases":["login.microsoftonline.de"]},{"preferred_network":"login.microsoftonline.us","preferred_cache":"login.microsoftonline.us","aliases":["login.microsoftonline.us","login.usgovcloudapi.net"]},{"preferred_network":"login-us.microsoftonline.com","preferred_cache":"login-us.microsoftonline.com","aliases":["login-us.microsoftonline.com"]}]}',
                 resourceId: this.resourceId,
+                retryConfig: this.msiRetryConfig,
             }, updatedOptions);
@@ -220,6 +229,6 @@ }
             }
-            // This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network"
+            // This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network" or "A socket operation was attempted to an unreachable host"
             // rather than just timing out, as expected.
             if (err.statusCode === 403 || err.code === 403) {
-                if (err.message.includes("A socket operation was attempted to an unreachable network")) {
+                if (err.message.includes("unreachable")) {
                     const error = new CredentialUnavailableError(`${ManagedIdentityCredential.name}: Unavailable. Network unreachable. Message: ${err.message}`);
@@ -226,0 +235,0 @@ logger.getToken.info(formatError(scopes, error));

package.json

 {
   "name": "@azure/identity",
   "sdk-type": "client",
-  "version": "4.1.0-alpha.20240328.2",
+  "version": "4.1.0-alpha.20240409.1",
   "description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID",
@@ -59,3 +59,3 @@ "main": "dist/index.js",
     "integration-test:node": "dev-tool run test:node-ts-input -- --timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts'",
-    "integration-test:msi": "dev-tool run test:node-ts-input -- --timeout 180000 'test/integration/**/*.spec.ts'",
+    "integration-test:managed-identity": "dev-tool run test:node-ts-input -- --timeout 180000 'test/integration/**/*.spec.ts'",
     "integration-test": "npm run integration-test:node && npm run integration-test:browser",
@@ -62,0 +62,0 @@ "lint:fix": "eslint package.json api-extractor.json src test --ext .ts --fix --fix-type [problem,suggestion]",

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1530590

increased by0.17%

Lines of code

11830

increased by0.13%

Worsened metrics

Number of medium supply chain risk alerts

7

increased by16.67%

No dependency changes