UNPKG

@azure/msal-node

Version:

Microsoft Authentication Library for Node

github.com/AzureAD/microsoft-authentication-library-for-js

AzureAD/microsoft-authentication-library-for-js

89 lines (86 loc) 6.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
/*! @azure/msal-node v3.6.4 2025-07-23 */ 'use strict'; import { ManagedIdentityRequestParameters } from '../../config/ManagedIdentityRequestParameters.mjs'; import { BaseManagedIdentitySource } from './BaseManagedIdentitySource.mjs'; import { ManagedIdentityEnvironmentVariableNames, ManagedIdentitySourceNames, ManagedIdentityIdType, ManagedIdentityHeaders, ManagedIdentityQueryParameters, HttpMethod } from '../../utils/Constants.mjs'; /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ const SERVICE_FABRIC_MSI_API_VERSION = "2019-07-01-preview"; /** * Original source of code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/ServiceFabricManagedIdentitySource.cs */ class ServiceFabric extends BaseManagedIdentitySource { /** * Constructs a new ServiceFabric managed identity source. * @param logger Logger instance for logging * @param nodeStorage NodeStorage instance for caching * @param networkClient Network client for HTTP requests * @param cryptoProvider Crypto provider for cryptographic operations * @param disableInternalRetries Whether to disable internal retry logic * @param identityEndpoint The Service Fabric managed identity endpoint * @param identityHeader The Service Fabric managed identity secret header */ constructor(logger, nodeStorage, networkClient, cryptoProvider, disableInternalRetries, identityEndpoint, identityHeader) { super(logger, nodeStorage, networkClient, cryptoProvider, disableInternalRetries); this.identityEndpoint = identityEndpoint; this.identityHeader = identityHeader; } /** * Retrieves the environment variables required for Service Fabric managed identity. * @returns An array containing the identity endpoint, identity header, and identity server thumbprint. */ static getEnvironmentVariables() { const identityEndpoint = process.env[ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT]; const identityHeader = process.env[ManagedIdentityEnvironmentVariableNames.IDENTITY_HEADER]; const identityServerThumbprint = process.env[ManagedIdentityEnvironmentVariableNames .IDENTITY_SERVER_THUMBPRINT]; return [identityEndpoint, identityHeader, identityServerThumbprint]; } /** * Attempts to create a ServiceFabric managed identity source if all required environment variables are present. * @param logger Logger instance for logging * @param nodeStorage NodeStorage instance for caching * @param networkClient Network client for HTTP requests * @param cryptoProvider Crypto provider for cryptographic operations * @param disableInternalRetries Whether to disable internal retry logic * @param managedIdentityId Managed identity identifier * @returns A ServiceFabric instance if environment variables are set, otherwise null */ static tryCreate(logger, nodeStorage, networkClient, cryptoProvider, disableInternalRetries, managedIdentityId) { const [identityEndpoint, identityHeader, identityServerThumbprint] = ServiceFabric.getEnvironmentVariables(); if (!identityEndpoint || !identityHeader || !identityServerThumbprint) { logger.info(`[Managed Identity] ${ManagedIdentitySourceNames.SERVICE_FABRIC} managed identity is unavailable because one or all of the '${ManagedIdentityEnvironmentVariableNames.IDENTITY_HEADER}', '${ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT}' or '${ManagedIdentityEnvironmentVariableNames.IDENTITY_SERVER_THUMBPRINT}' environment variables are not defined.`); return null; } const validatedIdentityEndpoint = ServiceFabric.getValidatedEnvVariableUrlString(ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT, identityEndpoint, ManagedIdentitySourceNames.SERVICE_FABRIC, logger); logger.info(`[Managed Identity] Environment variables validation passed for ${ManagedIdentitySourceNames.SERVICE_FABRIC} managed identity. Endpoint URI: ${validatedIdentityEndpoint}. Creating ${ManagedIdentitySourceNames.SERVICE_FABRIC} managed identity.`); if (managedIdentityId.idType !== ManagedIdentityIdType.SYSTEM_ASSIGNED) { logger.warning(`[Managed Identity] ${ManagedIdentitySourceNames.SERVICE_FABRIC} user assigned managed identity is configured in the cluster, not during runtime. See also: https://learn.microsoft.com/en-us/azure/service-fabric/configure-existing-cluster-enable-managed-identity-token-service.`); } return new ServiceFabric(logger, nodeStorage, networkClient, cryptoProvider, disableInternalRetries, identityEndpoint, identityHeader); } /** * Creates the request parameters for acquiring a token from the Service Fabric cluster. * @param resource - The resource URI for which the token is requested. * @param managedIdentityId - The managed identity ID (system-assigned or user-assigned). * @returns A ManagedIdentityRequestParameters object configured for Service Fabric. */ createRequest(resource, managedIdentityId) { const request = new ManagedIdentityRequestParameters(HttpMethod.GET, this.identityEndpoint); request.headers[ManagedIdentityHeaders.ML_AND_SF_SECRET_HEADER_NAME] = this.identityHeader; request.queryParameters[ManagedIdentityQueryParameters.API_VERSION] = SERVICE_FABRIC_MSI_API_VERSION; request.queryParameters[ManagedIdentityQueryParameters.RESOURCE] = resource; if (managedIdentityId.idType !== ManagedIdentityIdType.SYSTEM_ASSIGNED) { request.queryParameters[this.getManagedIdentityUserAssignedIdQueryParameterKey(managedIdentityId.idType)] = managedIdentityId.id; } // bodyParameters calculated in BaseManagedIdentity.acquireTokenWithManagedIdentity return request; } } export { ServiceFabric }; //# sourceMappingURL=ServiceFabric.mjs.map