@backstage/integration/dist/azure/CachedAzureDevOpsCredentialsProvider.esm.js

Helpers for managing integrations towards external systems

import { ManagedIdentityCredential, ClientAssertionCredential, ClientSecretCredential } from '@azure/identity';
import { ManagedIdentityClientAssertion } from './ManagedIdentityClientAssertion.esm.js';

const tenMinutes = 1e3 * 60 * 10;
class CachedAzureDevOpsCredentialsProvider {
  constructor(credential) {
    this.credential = credential;
  }
  azureDevOpsScope = "499b84ac-1321-427f-aa17-267ca6975798/.default";
  cached;
  static fromAzureDevOpsCredential(credential) {
    switch (credential.kind) {
      case "PersonalAccessToken":
        return CachedAzureDevOpsCredentialsProvider.fromPersonalAccessTokenCredential(
          credential
        );
      case "ClientSecret":
        return CachedAzureDevOpsCredentialsProvider.fromTokenCredential(
          new ClientSecretCredential(
            credential.tenantId,
            credential.clientId,
            credential.clientSecret
          )
        );
      case "ManagedIdentityClientAssertion": {
        const clientAssertion = new ManagedIdentityClientAssertion({
          clientId: credential.managedIdentityClientId
        });
        return CachedAzureDevOpsCredentialsProvider.fromTokenCredential(
          new ClientAssertionCredential(
            credential.tenantId,
            credential.clientId,
            () => clientAssertion.getSignedAssertion()
          )
        );
      }
      case "ManagedIdentity":
        return CachedAzureDevOpsCredentialsProvider.fromTokenCredential(
          credential.clientId === "system-assigned" ? new ManagedIdentityCredential() : new ManagedIdentityCredential(credential.clientId)
        );
      default:
        throw new Error(
          `Credential kind '${credential.kind}' not supported`
        );
    }
  }
  static fromTokenCredential(credential) {
    return new CachedAzureDevOpsCredentialsProvider(credential);
  }
  static fromPersonalAccessTokenCredential(credential) {
    return new CachedAzureDevOpsCredentialsProvider(
      credential.personalAccessToken
    );
  }
  async getCredentials() {
    if (this.cached === void 0 || this.cached.expiresAt !== void 0 && Date.now() > this.cached.expiresAt) {
      if (typeof this.credential === "string") {
        this.cached = {
          headers: {
            Authorization: `Basic ${btoa(`:${this.credential}`)}`
          },
          type: "pat",
          token: this.credential
        };
      } else {
        const accessToken = await this.credential.getToken(
          this.azureDevOpsScope
        );
        if (!accessToken) {
          throw new Error("Failed to retrieve access token");
        }
        this.cached = {
          expiresAt: accessToken.expiresOnTimestamp - tenMinutes,
          headers: {
            Authorization: `Bearer ${accessToken.token}`
          },
          type: "bearer",
          token: accessToken.token
        };
      }
    }
    return this.cached;
  }
}

export { CachedAzureDevOpsCredentialsProvider };
//# sourceMappingURL=CachedAzureDevOpsCredentialsProvider.esm.js.map