Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auth: Add enhanced tenant support #1590

Merged
merged 3 commits into from
Sep 19, 2023
Merged

auth: Add enhanced tenant support #1590

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ad378ef
auth: Add enhanced tenant support
alexweininger Sep 19, 2023
7614c6d
Add documentation
alexweininger Sep 19, 2023
9cfd380
Remove debug filter
alexweininger Sep 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 48 additions & 1 deletion auth/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion auth/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@
},
"dependencies": {
"@azure/arm-subscriptions": "^5.1.0",
"@azure/ms-rest-azure-env": "^2.0.0"
"@azure/ms-rest-azure-env": "^2.0.0",
"cross-fetch": "^4.0.0"
}
}
13 changes: 11 additions & 2 deletions auth/src/AzureSubscriptionProvider.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,20 @@

import type * as vscode from 'vscode';
import type { AzureSubscription } from './AzureSubscription';
import { TenantIdDescription } from '@azure/arm-subscriptions';

/**
* An interface for obtaining Azure subscription information
*/
export interface AzureSubscriptionProvider {
/**
* Gets a list of tenants available to the user.
* Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
*
* @returns A list of tenants.
*/
getTenants(): Promise<TenantIdDescription[]>;
alexweininger marked this conversation as resolved.
Show resolved Hide resolved

/**
* Gets a list of Azure subscriptions available to the user.
*
Expand All @@ -29,14 +38,14 @@ export interface AzureSubscriptionProvider {
*
* @returns True if the user is signed in, false otherwise.
*/
isSignedIn(): Promise<boolean>;
isSignedIn(tenantId?: string): Promise<boolean>;

/**
* Asks the user to sign in or pick an account to use.
*
* @returns True if the user is signed in, false otherwise.
*/
signIn(): Promise<boolean>;
signIn(tenantId?: string): Promise<boolean>;

/**
* An event that is fired when the user signs in. Debounced to fire at most once every 5 seconds.
Expand Down
47 changes: 29 additions & 18 deletions auth/src/VSCodeAzureSubscriptionProvider.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import type { AzureSubscription, SubscriptionId, TenantId } from './AzureSubscri
import type { AzureSubscriptionProvider } from './AzureSubscriptionProvider';
import { NotSignedInError } from './NotSignedInError';
import { getConfiguredAuthProviderId, getConfiguredAzureEnv } from './utils/configuredAzureEnv';
import fetch from 'cross-fetch';

const EventDebounce = 5 * 1000; // 5 seconds

Expand Down Expand Up @@ -51,6 +52,22 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable implement
});
}

/**
* Gets a list of tenants available to the user.
* Use {@link isSignedIn} to check if the user is signed in to a particular tenant.
*
* @returns A list of tenants.
*/
public async getTenants(): Promise<TenantIdDescription[]> {
const listTenantsResponse = await fetch('https://management.azure.com/tenants?api-version=2022-12-01', {
headers: {
Authorization: `Bearer ${await this.getToken()}`,
}
});
const listTenantsResponseJson = await listTenantsResponse.json() as { value: TenantIdDescription[] };
return listTenantsResponseJson.value.filter(tenant => tenant.displayName?.includes('Directory'));
}

/**
* Gets a list of Azure subscriptions available to the user.
*
Expand Down Expand Up @@ -124,8 +141,8 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable implement
*
* @returns True if the user is signed in, false otherwise.
*/
public async signIn(): Promise<boolean> {
const session = await vscode.authentication.getSession(getConfiguredAuthProviderId(), this.getDefaultScopes(), { createIfNone: true, clearSessionPreference: true });
public async signIn(tenantId?: string): Promise<boolean> {
const session = await vscode.authentication.getSession(getConfiguredAuthProviderId(), this.getScopes([], tenantId), { createIfNone: true, clearSessionPreference: true });
return !!session;
}

Expand Down Expand Up @@ -179,22 +196,6 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable implement
return fullSubscriptionIds.map(id => id.split('/')[1]);
}

/**
* Gets the tenants available to a user.
*
* @returns The list of tenants visible to the user.
*/
private async getTenants(): Promise<TenantIdDescription[]> {
const { client } = await this.getSubscriptionClient();
const tenants: TenantIdDescription[] = [];

for await (const tenant of client.tenants.list()) {
tenants.push(tenant);
}

return tenants;
}

/**
* Gets the subscriptions for a given tenant.
*
Expand Down Expand Up @@ -262,6 +263,16 @@ export class VSCodeAzureSubscriptionProvider extends vscode.Disposable implement
};
}

private async getToken(tenantId?: string): Promise<string> {
const session = await vscode.authentication.getSession(getConfiguredAuthProviderId(), this.getScopes([], tenantId), { createIfNone: false, silent: true });

if (!session) {
throw new NotSignedInError();
}

return session.accessToken;
}

/**
* Gets a normalized list of scopes
*
Expand Down