Azure · alzimmermsft · Nov 13, 2024 · Nov 5, 2024 · Nov 6, 2024 · Nov 6, 2024
@@ -74,10 +74,9 @@
   <!-- Suppress LineLength for i18n message properties -->
   <suppress checks="LineLength" files="messages.properties"/>
 
-  <!-- Identity and opentelemetry tracing are plugin packages and shouldn't be referenced -->
+  <!-- OpenTelemetry tracing are plugin packages and shouldn't be referenced -->
   <suppress checks="IllegalImport" files=".*[/\\]com[/\\]azure[/\\]monitor[/\\]opentelemetry[/\\]*"/>
   <suppress checks="IllegalImport" files=".*[/\\]com[/\\]azure[/\\]spring[/\\]cloud[/\\]autoconfigure[/\\]monitor[/\\]*"/>
-  <suppress checks="IllegalImport" files=".*[/\\]com[/\\]azure[/\\]identity[/\\]*"/>
   <suppress checks="IllegalImport" files="com.azure.messaging.eventhubs.*Sample.*java"/>
   <suppress checks="IllegalImport" files="com.azure.messaging.eventhubs.*Test.*java"/>
 
@@ -140,14 +139,6 @@
   <!-- Requires static access to logger to report errors while loading i18n messages (from within a static initializer )-->
   <suppress checks="com.azure.tools.checkstyle.checks.GoodLoggingCheck" files="Messages.java"/>
 
-  <!-- Accesses Windows native credential api, doesn't follow java style.-->
-  <suppress checks="MethodName|MemberName|VisibilityModifier|TypeName"
-            files="com.azure.identity.implementation.WindowsCredentialApi.java"/>
-
-  <!-- Need to write to stdout as the default SDK behavior here.-->
-  <suppress checks="com.azure.tools.checkstyle.checks.GoodLoggingCheck"
-            files="com.azure.identity.DeviceCodeCredentialBuilder.java"/>
-
   <!-- TODO: Synapse access control API does not support PagedResponse and Response. -->
   <!-- Checkstyle suppressions for naming issues reported in the Synapse artifacts related clients-->
   <suppress checks="com.azure.tools.checkstyle.checks.ServiceClientCheck" files=".*[/\\]synapse[/\\].*"/>
@@ -266,12 +257,6 @@
   <!-- Checkstyle suppression for Inference client APIs that use Flux instead of PagedFlux for methods that return a collection -->
   <suppress checks="com.azure.tools.checkstyle.checks.ServiceClientCheck" files="com.azure.ai.inference.(ChatCompletionsClient|ChatCompletionsAsyncClient).java"/>
 
-  <!-- jdbc sdk suppression -->
-  <suppress checks="com.azure.tools.checkstyle.checks.ExternalDependencyExposedCheck"
-            files="com.azure.identity.extensions.jdbc.(mysql|postgresql).(AzureMysqlAuthenticationPlugin|AzurePostgresqlAuthenticationPlugin).java"/>
-  <suppress checks="com.azure.tools.checkstyle.checks.ThrowFromClientLoggerCheck"
-            files="com.azure.identity.extensions.jdbc.postgresql.AzurePostgresqlAuthenticationPlugin"/>
-
   <!-- ### begin: Spring related suppression -->
   <!-- Checkstyle suppressions for azure.spring.data.cosmos package -->
   <suppress checks="[a-zA-Z0-9]*" files="[/\\]azure-spring-data-cosmos[/\\]src[/\\]test[/\\]"/>
@@ -339,9 +324,6 @@
   <!-- Issue: https://github.com/Azure/azure-sdk-for-java/issues/22117 -->
   <suppress checks="com.azure.tools.checkstyle.checks.ServiceClientCheck" files="com.azure.communication.callingserver.CallingServerAsyncClient"/>
 
-  <!-- Third party source code files, retained as is. -->
-  <suppress checks="[a-zA-Z0-9]*" files="com.azure.identity.implementation.intellij.(Aes|HashedBlockInputStream|LittleEndianDataInputStream|Salsa20)"/>
-
   <!-- Checkstyle suppressions to keep HttpPipelinePolicy in implementation folder. -->
   <suppress checks="com.azure.tools.checkstyle.checks.HttpPipelinePolicyCheck"
             files="com.azure.communication.callingserver.implementation.RedirectPolicy.java"/>
@@ -371,21 +353,12 @@
   <!-- Star import is ok in impl class - it makes it easier to import all parent APIs, etc -->
   <suppress checks="AvoidStarImport" files="com.azure.jedis.AzureJedisClient.java"/>
 
-  <!-- Field additionallyAllowedTenants is not set in constructor and can be changed using the builder option. -->
-  <suppress checks="com.azure.tools.checkstyle.checks.EnforceFinalFieldsCheck" files="com.azure.identity.DefaultAzureCredentialBuilder"/>
-
-  <suppress checks="com.azure.tools.checkstyle.checks.ThrowFromClientLoggerCheck" files=".*(DeviceCodeCredential|InteractiveBrowserCredential|AzureCliCredential|AzureDeveloperCliCredential|ClientCertificateCredential|ClientSecretCredential|EnvironmentCredential|OnBehalfOfCredential|WorkloadIdentityCredential|ChainedTokenCredential|ClientAssertionCredential|UsernamePasswordCredential).java"/>
-
   <!-- The build tool plugin checkstyle exceptions -->
   <suppress checks="com.azure.tools.checkstyle.checks.ExternalDependencyExposedCheck"
             files="com.azure.sdk.build.tool.*\.java"/>
   <suppress checks="com.azure.tools.checkstyle.checks.GoodLoggingCheck" files="ConsoleLogger.java"/>
   <suppress checks="com.azure.tools.checkstyle.checks.ThrowFromClientLoggerCheck"
             files="com.azure.sdk.build.tool.*\.java"/>
-  <!-- Identity tests use paramaterization which requires a public field -->
-  <suppress checks="VisibilityModifier" files="com.azure.identity.AzureCliCredentialNegativeTest.java"/>
-  <suppress checks="VisibilityModifier" files="com.azure.identity.AzureDeveloperCliCredentialNegativeTest.java"/>
-  <suppress checks="VisibilityModifier" files="com.azure.identity.AzureCliCredentialNegativeTest.java"/>
 
   <!-- Suppress checks for defender Easm -->
   <suppress checks="com.azure.tools.checkstyle.checks.EnforceFinalFieldsCheck" files="com.azure.analytics.defender.easm.models.CountPagedResponse"/>

@@ -46,60 +46,6 @@
     <Bug pattern="UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"/>
   </Match>
 
-  <!-- Defines native api, doesn't follow java style.-->
-  <Match>
-    <Class name="~com\.azure\.identity\.implementation\.WindowsCredentialApi(.+)"/>
-    <Bug pattern="UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD,
-      UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD,
-      NM_FIELD_NAMING_CONVENTION"/>
-  </Match>
-
-  <!-- Internal implementation details, not at risk.-->
-  <Match>
-    <Class name="~com\.azure\.identity\.implementation\.intellij\.IntelliJKdbxMetadata"/>
-    <Bug pattern="EI_EXPOSE_REP,EI_EXPOSE_REP2"/>
-  </Match>
-
-  <Match>
-    <Class name="~com\.azure\.identity\.implementation\.intellij\.IntelliJKdbxDatabase"/>
-    <Bug pattern="NP_NULL_ON_SOME_PATH"/>
-  </Match>
-
-  <!-- Third party source code files, kept as it is.-->
-  <Match>
-    <Class name="~com\.azure\.identity\.implementation\.intellij\.LittleEndianDataInputStream"/>
-    <Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT"/>
-  </Match>
-
-  <Match>
-    <Class name="~com\.azure\.identity\.implementation\.intellij\.Salsa20"/>
-    <Bug pattern="DM_DEFAULT_ENCODING"/>
-  </Match>
-
-  <!-- Exception needs to be caught here.-->
-  <Match>
-    <Class name="~com\.azure\.identity\.implementation\.VisualStudioCacheAccessor"/>
-    <Bug pattern="REC_CATCH_EXCEPTION"/>
-  </Match>
-
-  <!-- Exception needs to be caught here.-->
-  <Match>
-    <Class name="~com\.azure\.identity\.IntelliJCredential"/>
-    <Bug pattern="REC_CATCH_EXCEPTION"/>
-  </Match>
-
-  <!-- Accesses native api, doesn't follow java style.-->
-  <Match>
-    <Class name="~com\.azure\.identity\.implementation\.LinuxKeyRingAccessor(.+)"/>
-    <Bug pattern="UWF_UNWRITTEN_FIELD"/>
-  </Match>
-
-  <!-- Accesses native api, doesn't follow java style.-->
-  <Match>
-    <Class name="com.azure.identity.implementation.WindowsCredentialAccessor"/>
-    <Bug pattern="NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD"/>
-  </Match>
-
   <!-- Public field already exists in the public API surface. -->
   <Match>
     <Class name="com.microsoft.azure.batch.auth.BatchUserTokenCredentials"/>
@@ -384,13 +330,6 @@
     <Bug pattern="SE_BAD_FIELD"/>
   </Match>
 
-  <!-- The fields are checked for null in the build method and throw exceptions if values for fields are not specified. -->
-  <Match>
-    <Class name="com.azure.identity.InteractiveBrowserCredentialBuilder"/>
-    <Field name="port"/>
-    <Bug pattern="UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR"/>
-  </Match>
-
   <!-- The switch cases are encoded version of all SAS query parameters, which will further be appended to a request URL it seems like. A default case wouldn't make sense -->
   <Match>
     <Class name="com.microsoft.azure.storage.blob.SASQueryParameters"/>
@@ -539,21 +478,6 @@
     <Bug pattern="NM_CONFUSING"/>
   </Match>
 
-  <!-- Retry thus does not throw.
-    SharedTokenCacheCredential needs to catch any catch exception that gets thrown.-->
-  <Match>
-    <Or>
-      <Class name="com.azure.identity.SharedTokenCacheCredential"/>
-      <Class name="com.azure.identity.implementation.msalextensions.CacheLock"/>
-    </Or>
-    <Bug pattern="REC_CATCH_EXCEPTION"/>
-  </Match>
-  <!-- Return value not needed -->
-  <Match>
-    <Class name="com.azure.identity.implementation.msalextensions.cachepersister.windows.WindowsDPAPICacheProtector"/>
-    <Bug pattern="RV_RETURN_VALUE_IGNORED_BAD_PRACTICE"/>
-  </Match>
-
   <!-- Disable some spotbugs rules on perf-tests -->
   <Match>
     <Or>
@@ -610,13 +534,6 @@
     <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE,REC_CATCH_EXCEPTION"/>
   </Match>
 
-  <!-- Exception needs to be caught here.-->
-  <Match>
-    <Class name="~com\.azure\.identity\.implementation\.IdentitySyncClient"/>
-    <Method name="authenticateWithWorkloadIdentityConfidentialClient"/>
-    <Bug pattern="REC_CATCH_EXCEPTION"/>
-  </Match>
-
   <!-- ClassLoader::getResourceAsStream can return null, ref: https://docs.oracle.com/javase/8/docs/technotes/guides/lang/resources.html -->
   <Match>
     <Class name="com.azure.cosmos.implementation.directconnectivity.RntbdTransportClient$Options$Builder"/>
@@ -1912,50 +1829,6 @@
     <Bug pattern="NP_NULL_PARAM_DEREF"/>
   </Match>
 
-  <!-- The transient fields are not used if deserialization happens. -->
-  <Match>
-    <Class name="com.azure.identity.implementation.MsalAuthenticationAccount"/>
-    <Field name="authenticationRecord"/>
-    <Bug pattern="SE_TRANSIENT_FIELD_NOT_RESTORED"/>
-  </Match>
-
-  <!-- These fields are designed to be not written. They are for deserializing. -->
-  <Match>
-    <Class name="com.azure.identity.implementation.LinuxKeyRingAccessor$GError"/>
-    <Bug pattern="UWF_UNWRITTEN_FIELD"/>
-  </Match>
-
-  <!-- These fields use File Reader with default encoding, java 8 doesn't support passing in encoding type. -->
-  <Match>
-    <Class name="com.azure.identity.implementation.IntelliJCacheAccessor"/>
-    <Or>
-      <Method name="getIntellijServicePrincipalDetails"/>
-      <Method name="getKdbxPassword"/>
-      <Method name="getCredentialFromKdbx"/>
-      <Method name="parseRefreshTokenFromJson"/>
-      <Method name="getIntelliJCredentialsFromIdentityMsalCache"/>
-    </Or>
-    <Bug pattern="DM_DEFAULT_ENCODING,
-    REC_CATCH_EXCEPTION"/>
-  </Match>
-
-  <!-- Setup in Identity Test classes, required for the tests to work properly.-->
-  <Match>
-    <Class name="com.azure.identity.ClientCertificateCredentialTest"/>
-    <Bug pattern="DMI_HARDCODED_ABSOLUTE_FILENAME"/>
-  </Match>
-
-  <Match>
-    <Or>
-      <Class name="com.azure.identity.implementation.IdentityClientTests"/>
-      <Class name="com.azure.identity.implementation.SynchronizedAccessorTests"/>
-    </Or>
-    <Or>
-      <Bug pattern="NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE"/> <!-- false positive -->
-      <Bug pattern="UI_INHERITANCE_UNSAFE_GETRESOURCE"/>
-    </Or>
-  </Match>
-
   <!-- EventGrid swagger naming -->
   <Match>
     <Or>

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE suppressions PUBLIC "-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN" "https://checkstyle.org/dtds/suppressions_1_2.dtd">
+<!-- This file is generated by the /eng/scripts/linting_suppression_generator.py script. -->
+
+<suppressions>
+  <suppress files="com.azure.identity.broker.JavaDocCodeSnippets.java" checks="IllegalImportCheck" />
+</suppressions>
@@ -19,6 +19,10 @@
     <javaModulesSurefireArgLine>
       --add-opens java.xml/jdk.xml.internal=ALL-UNNAMED
     </javaModulesSurefireArgLine>
+    <checkstyle.suppressionsLocation>checkstyle-suppressions.xml</checkstyle.suppressionsLocation>
+
+    <spotbugs.skip>false</spotbugs.skip>
+    <spotbugs.excludeFilterFile>spotbugs-exclude.xml</spotbugs.excludeFilterFile>
   </properties>
 
   <parent>

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<FindBugsFilter xmlns="https://github.com/spotbugs/filter/3.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xsi:schemaLocation="https://github.com/spotbugs/filter/3.0.0 https://raw.githubusercontent.com/spotbugs/spotbugs/3.1.0/spotbugs/etc/findbugsfilter.xsd">
+  <Match>
+    <Bug pattern="DLS_DEAD_LOCAL_STORE" />
+    <Class name="com.azure.identity.broker.JavaDocCodeSnippets" />
+  </Match>
+</FindBugsFilter>
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE suppressions PUBLIC "-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN" "https://checkstyle.org/dtds/suppressions_1_2.dtd">
+<!-- This file is generated by the /eng/scripts/linting_suppression_generator.py script. -->
+
+<suppressions>
+  <suppress files="com.azure.identity.broker.shr.resources.PopTokenTest.java" checks="IllegalImportCheck" />
+</suppressions>
@@ -22,6 +22,10 @@
       --add-exports com.azure.core/com.azure.core.implementation=com.azure.identity.broker
     </javaModulesSurefireArgLine>
     <doclintMissingInclusion>-</doclintMissingInclusion>
+    <checkstyle.suppressionsLocation>checkstyle-suppressions.xml</checkstyle.suppressionsLocation>
+
+    <spotbugs.skip>false</spotbugs.skip>
+    <spotbugs.excludeFilterFile>spotbugs-exclude.xml</spotbugs.excludeFilterFile>
   </properties>
 
   <parent>

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<FindBugsFilter xmlns="https://github.com/spotbugs/filter/3.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xsi:schemaLocation="https://github.com/spotbugs/filter/3.0.0 https://raw.githubusercontent.com/spotbugs/spotbugs/3.1.0/spotbugs/etc/findbugsfilter.xsd">
+</FindBugsFilter>
@@ -1,4 +1,7 @@
-//  Copyright (c) Microsoft Corporation. All rights reserved.
-//  Licensed under the MIT License.
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
 
+/**
+ * Package containing implementation classes for the Identity broker.
+ */
 package com.azure.identity.broker.implementation;
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE suppressions PUBLIC "-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN" "https://checkstyle.org/dtds/suppressions_1_2.dtd">
+<!-- This file is generated by the /eng/scripts/linting_suppression_generator.py script. -->
+
+<suppressions>
+  <suppress files="com.azure.identity.extensions.implementation.credential.TokenCredentialProviderOptions.java" checks="MissingJavadocMethodCheck" />
+  <suppress files="com.azure.identity.extensions.implementation.credential.provider.TokenCredentialProvider.java" checks="MissingJavadocMethodCheck" />
+  <suppress files="com.azure.identity.extensions.implementation.credential.provider.TokenCredentialProviders.java" checks="MissingJavadocMethodCheck" />
+  <suppress files="com.azure.identity.extensions.implementation.token.AccessTokenResolver.java" checks="MissingJavadocMethodCheck" />
+  <suppress files="com.azure.identity.extensions.implementation.token.AccessTokenResolverImpl.java" checks="MissingJavadocMethodCheck" />
+  <suppress files="com.azure.identity.extensions.implementation.token.AccessTokenResolverOptions.java" checks="MissingJavadocMethodCheck" />
+  <suppress files="com.azure.identity.extensions.jdbc.mysql.AzureMysqlAuthenticationPlugin.java" checks="com.azure.tools.checkstyle.checks.ExternalDependencyExposedCheck" />
+  <suppress files="com.azure.identity.extensions.jdbc.postgresql.AzurePostgresqlAuthenticationPlugin.java" checks="com.azure.tools.checkstyle.checks.ExternalDependencyExposedCheck" />
+  <suppress files="com.azure.identity.extensions.implementation.exception.AzureInstantiateException.java" checks="com.azure.tools.checkstyle.checks.JavaDocFormatting" />
+  <suppress files="com.azure.identity.extensions.jdbc.postgresql.AzurePostgresqlAuthenticationPlugin.java" checks="com.azure.tools.checkstyle.checks.ThrowFromClientLoggerCheck" />
+</suppressions>
@@ -18,6 +18,13 @@
   <description>This package provides the ability of authenticating with Azure AD and returning a token as a password.</description>
   <url>https://github.com/azure/azure-sdk-for-java</url>
 
+  <properties>
+    <checkstyle.suppressionsLocation>checkstyle-suppressions.xml</checkstyle.suppressionsLocation>
+
+    <spotbugs.skip>false</spotbugs.skip>
+    <spotbugs.excludeFilterFile>spotbugs-exclude.xml</spotbugs.excludeFilterFile>
+  </properties>
+
   <dependencies>
     <dependency>
       <groupId>com.mysql</groupId>

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<FindBugsFilter xmlns="https://github.com/spotbugs/filter/3.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xsi:schemaLocation="https://github.com/spotbugs/filter/3.0.0 https://raw.githubusercontent.com/spotbugs/spotbugs/3.1.0/spotbugs/etc/findbugsfilter.xsd">
+  <Match>
+    <Bug pattern="EI_EXPOSE_REP2" />
+    <Or>
+      <Class name="com.azure.identity.extensions.implementation.token.AccessTokenResolverImpl" />
+      <Class name="com.azure.identity.extensions.jdbc.mysql.AzureMysqlAuthenticationPlugin" />
+    </Or>
+  </Match>
+</FindBugsFilter>
@@ -0,0 +1,7 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+/**
+ * Package containing implementation credential classes.
+ */
+package com.azure.identity.extensions.implementation.credential;
@@ -0,0 +1,7 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+/**
+ * Package containing implementation credential provider classes.
+ */
+package com.azure.identity.extensions.implementation.credential.provider;
@@ -0,0 +1,7 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+/**
+ * Package containing implementation enums.
+ */
+package com.azure.identity.extensions.implementation.enums;
@@ -0,0 +1,7 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+/**
+ * Package containing implementation exceptions.
+ */
+package com.azure.identity.extensions.implementation.exception;
@@ -0,0 +1,7 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+/**
+ * Package containing implementation template classes.
+ */
+package com.azure.identity.extensions.implementation.template;
@@ -0,0 +1,7 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+/**
+ * Package containing implementation token classes.
+ */
+package com.azure.identity.extensions.implementation.token;
@@ -0,0 +1,7 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+/**
+ * Package containing implementation utility classes.
+ */
+package com.azure.identity.extensions.implementation.utils;