@azure/identity
Advanced tools
Comparing version 4.1.0-alpha.20240328.2 to 4.1.0-alpha.20240409.1
@@ -18,9 +18,13 @@ // Copyright (c) Microsoft Corporation. | ||
*/ | ||
export function createDefaultManagedIdentityCredential(options) { | ||
var _a, _b, _c; | ||
const managedIdentityClientId = (_a = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _a !== void 0 ? _a : process.env.AZURE_CLIENT_ID; | ||
const workloadIdentityClientId = (_b = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _b !== void 0 ? _b : managedIdentityClientId; | ||
export function createDefaultManagedIdentityCredential(options = {}) { | ||
var _a, _b, _c, _d; | ||
(_a = options.retryOptions) !== null && _a !== void 0 ? _a : (options.retryOptions = { | ||
maxRetries: 5, | ||
retryDelayInMs: 800, | ||
}); | ||
const managedIdentityClientId = (_b = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _b !== void 0 ? _b : process.env.AZURE_CLIENT_ID; | ||
const workloadIdentityClientId = (_c = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _c !== void 0 ? _c : managedIdentityClientId; | ||
const managedResourceId = options === null || options === void 0 ? void 0 : options.managedIdentityResourceId; | ||
const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE; | ||
const tenantId = (_c = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _c !== void 0 ? _c : process.env.AZURE_TENANT_ID; | ||
const tenantId = (_d = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _d !== void 0 ? _d : process.env.AZURE_TENANT_ID; | ||
if (managedResourceId) { | ||
@@ -27,0 +31,0 @@ const managedIdentityResourceIdOptions = Object.assign(Object.assign({}, options), { resourceId: managedResourceId }); |
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT license. | ||
import { createHttpHeaders, createPipelineRequest, } from "@azure/core-rest-pipeline"; | ||
import { delay, isError } from "@azure/core-util"; | ||
import { createHttpHeaders, createPipelineRequest, } from "@azure/core-rest-pipeline"; | ||
import { imdsApiVersion, imdsEndpointPath, imdsHost } from "./constants"; | ||
import { AuthenticationError } from "../../errors"; | ||
import { credentialLogger } from "../../util/logging"; | ||
import { AuthenticationError } from "../../errors"; | ||
import { mapScopesToResource } from "./utils"; | ||
import { tracingClient } from "../../util/tracing"; | ||
import { imdsApiVersion, imdsEndpointPath, imdsHost } from "./constants"; | ||
import { mapScopesToResource } from "./utils"; | ||
const msiName = "ManagedIdentityCredential - IMDS"; | ||
@@ -55,8 +55,2 @@ const logger = credentialLogger(msiName); | ||
} | ||
// 800ms -> 1600ms -> 3200ms | ||
export const imdsMsiRetryConfig = { | ||
maxRetries: 3, | ||
startDelayInMs: 800, | ||
intervalIncrement: 2, | ||
}; | ||
/** | ||
@@ -107,3 +101,3 @@ * Defines how to determine whether the Azure IMDS MSI is available, and also how to retrieve a token from the Azure IMDS MSI. | ||
} | ||
// This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network" | ||
// This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network" or "A socket operation was attempted to an unreachable host" | ||
// rather than just timing out, as expected. | ||
@@ -114,3 +108,3 @@ logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`); | ||
if (response.status === 403) { | ||
if ((_b = response.bodyAsText) === null || _b === void 0 ? void 0 : _b.includes("A socket operation was attempted to an unreachable network")) { | ||
if ((_b = response.bodyAsText) === null || _b === void 0 ? void 0 : _b.includes("unreachable")) { | ||
logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`); | ||
@@ -134,4 +128,4 @@ logger.info(`${msiName}: ${response.bodyAsText}`); | ||
} | ||
let nextDelayInMs = imdsMsiRetryConfig.startDelayInMs; | ||
for (let retries = 0; retries < imdsMsiRetryConfig.maxRetries; retries++) { | ||
let nextDelayInMs = configuration.retryConfig.startDelayInMs; | ||
for (let retries = 0; retries < configuration.retryConfig.maxRetries; retries++) { | ||
try { | ||
@@ -145,3 +139,3 @@ const request = createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions(scopes, clientId, resourceId)), { allowInsecureConnection: true })); | ||
await delay(nextDelayInMs); | ||
nextDelayInMs *= imdsMsiRetryConfig.intervalIncrement; | ||
nextDelayInMs *= configuration.retryConfig.intervalIncrement; | ||
continue; | ||
@@ -152,5 +146,5 @@ } | ||
} | ||
throw new AuthenticationError(404, `${msiName}: Failed to retrieve IMDS token after ${imdsMsiRetryConfig.maxRetries} retries.`); | ||
throw new AuthenticationError(404, `${msiName}: Failed to retrieve IMDS token after ${configuration.retryConfig.maxRetries} retries.`); | ||
}, | ||
}; | ||
//# sourceMappingURL=imdsMsi.js.map |
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT license. | ||
import { IdentityClient } from "../../client/identityClient"; | ||
import { ConfidentialClientApplication } from "@azure/msal-node"; | ||
import { AuthenticationError, AuthenticationRequiredError, CredentialUnavailableError, } from "../../errors"; | ||
import { credentialLogger, formatError, formatSuccess } from "../../util/logging"; | ||
import { DeveloperSignOnClientId } from "../../constants"; | ||
import { IdentityClient } from "../../client/identityClient"; | ||
import { appServiceMsi2017 } from "./appServiceMsi2017"; | ||
import { tracingClient } from "../../util/tracing"; | ||
import { appServiceMsi2019 } from "./appServiceMsi2019"; | ||
import { arcMsi } from "./arcMsi"; | ||
import { cloudShellMsi } from "./cloudShellMsi"; | ||
import { fabricMsi } from "./fabricMsi"; | ||
import { getLogLevel } from "@azure/logger"; | ||
import { getMSALLogLevel } from "../../msal/utils"; | ||
import { imdsMsi } from "./imdsMsi"; | ||
import { arcMsi } from "./arcMsi"; | ||
import { tokenExchangeMsi } from "./tokenExchangeMsi"; | ||
import { fabricMsi } from "./fabricMsi"; | ||
import { appServiceMsi2019 } from "./appServiceMsi2019"; | ||
import { ConfidentialClientApplication } from "@azure/msal-node"; | ||
import { DeveloperSignOnClientId } from "../../constants"; | ||
import { getMSALLogLevel } from "../../msal/utils"; | ||
import { getLogLevel } from "@azure/logger"; | ||
import { tracingClient } from "../../util/tracing"; | ||
const logger = credentialLogger("ManagedIdentityCredential"); | ||
@@ -33,5 +33,10 @@ /** | ||
constructor(clientIdOrOptions, options) { | ||
var _a; | ||
var _a, _b; | ||
this.isEndpointUnavailable = null; | ||
this.isAppTokenProviderInitialized = false; | ||
this.msiRetryConfig = { | ||
maxRetries: 3, | ||
startDelayInMs: 800, | ||
intervalIncrement: 2, | ||
}; | ||
let _options; | ||
@@ -51,2 +56,5 @@ if (typeof clientIdOrOptions === "string") { | ||
} | ||
if (((_a = _options === null || _options === void 0 ? void 0 : _options.retryOptions) === null || _a === void 0 ? void 0 : _a.maxRetries) !== undefined) { | ||
this.msiRetryConfig.maxRetries = _options.retryOptions.maxRetries; | ||
} | ||
this.identityClient = new IdentityClient(_options); | ||
@@ -62,3 +70,3 @@ this.isAvailableIdentityClient = new IdentityClient(Object.assign(Object.assign({}, _options), { retryOptions: { | ||
authority: "https://login.microsoftonline.com/managed_identity", | ||
clientId: (_a = this.clientId) !== null && _a !== void 0 ? _a : DeveloperSignOnClientId, | ||
clientId: (_b = this.clientId) !== null && _b !== void 0 ? _b : DeveloperSignOnClientId, | ||
clientSecret: "dummy-secret", | ||
@@ -113,2 +121,3 @@ cloudDiscoveryMetadata: '{"tenant_discovery_endpoint":"https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration","api-version":"1.1","metadata":[{"preferred_network":"login.microsoftonline.com","preferred_cache":"login.windows.net","aliases":["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{"preferred_network":"login.partner.microsoftonline.cn","preferred_cache":"login.partner.microsoftonline.cn","aliases":["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{"preferred_network":"login.microsoftonline.de","preferred_cache":"login.microsoftonline.de","aliases":["login.microsoftonline.de"]},{"preferred_network":"login.microsoftonline.us","preferred_cache":"login.microsoftonline.us","aliases":["login.microsoftonline.us","login.usgovcloudapi.net"]},{"preferred_network":"login-us.microsoftonline.com","preferred_cache":"login-us.microsoftonline.com","aliases":["login-us.microsoftonline.com"]}]}', | ||
resourceId: this.resourceId, | ||
retryConfig: this.msiRetryConfig, | ||
}, updatedOptions); | ||
@@ -220,6 +229,6 @@ } | ||
} | ||
// This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network" | ||
// This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network" or "A socket operation was attempted to an unreachable host" | ||
// rather than just timing out, as expected. | ||
if (err.statusCode === 403 || err.code === 403) { | ||
if (err.message.includes("A socket operation was attempted to an unreachable network")) { | ||
if (err.message.includes("unreachable")) { | ||
const error = new CredentialUnavailableError(`${ManagedIdentityCredential.name}: Unavailable. Network unreachable. Message: ${err.message}`); | ||
@@ -226,0 +235,0 @@ logger.getToken.info(formatError(scopes, error)); |
{ | ||
"name": "@azure/identity", | ||
"sdk-type": "client", | ||
"version": "4.1.0-alpha.20240328.2", | ||
"version": "4.1.0-alpha.20240409.1", | ||
"description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID", | ||
@@ -59,3 +59,3 @@ "main": "dist/index.js", | ||
"integration-test:node": "dev-tool run test:node-ts-input -- --timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts'", | ||
"integration-test:msi": "dev-tool run test:node-ts-input -- --timeout 180000 'test/integration/**/*.spec.ts'", | ||
"integration-test:managed-identity": "dev-tool run test:node-ts-input -- --timeout 180000 'test/integration/**/*.spec.ts'", | ||
"integration-test": "npm run integration-test:node && npm run integration-test:browser", | ||
@@ -62,0 +62,0 @@ "lint:fix": "eslint package.json api-extractor.json src test --ext .ts --fix --fix-type [problem,suggestion]", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
1530590
11830
7