Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[keyvault] CAE support #31140

Merged
merged 33 commits into from
Oct 8, 2024
Merged
Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
da5b147
[keyvault] CAE support
timovv Sep 17, 2024
16b2f51
More realistic tests; add a test specifically for Base64-encoded clai…
timovv Sep 17, 2024
b85d3bb
Do not throw if scopes are missing
timovv Sep 17, 2024
899b535
CAE challenges happen after the initial challenge
timovv Sep 17, 2024
f52b4f6
Update test
timovv Sep 17, 2024
3fb0a8c
Cache the tenant ID; always pass enableCae: true and not just for CAE…
timovv Sep 18, 2024
81bd417
Add additional pipeline policy for CAE
timovv Sep 23, 2024
a8dde3f
Use new common policy in client libraries
timovv Sep 24, 2024
70c9a82
Update sdk/keyvault/keyvault-common/test/internal/challengeAuthentica…
timovv Sep 24, 2024
4ad3111
bump keyvault-common version
timovv Sep 24, 2024
f9108f9
Fix tests
timovv Sep 24, 2024
4321ff3
Custom keyVaultAuthPolicy
timovv Sep 24, 2024
97ac25c
format
timovv Sep 24, 2024
bb1b482
Place KV policy after deserializationPolicy
timovv Sep 25, 2024
944237e
Document name
timovv Sep 25, 2024
d0091c4
Comments
timovv Sep 25, 2024
1cac78e
Minor version bump for KV libraries
timovv Sep 25, 2024
52ef790
wording
timovv Sep 25, 2024
ce4983f
Undo samples change
timovv Sep 30, 2024
7be756f
Merge remote-tracking branch 'upstream/main' into keyvault/cae
timovv Sep 30, 2024
7b38818
Renames
timovv Oct 1, 2024
47d18d2
Comment to show tokenCycler is a copy
timovv Oct 1, 2024
18178da
Improve WWW-authenticate error message
timovv Oct 1, 2024
da49ada
Update assertions
timovv Oct 1, 2024
5e1eb6a
Update API doc
timovv Oct 1, 2024
50f7797
Format
timovv Oct 1, 2024
dc6aace
Add test for subsequent getToken call
timovv Oct 3, 2024
10e0c88
Update KV challenge
timovv Oct 3, 2024
19a89f5
Address feedback
timovv Oct 7, 2024
5bf7da8
Merge branch 'keyvault/cae' of https://github.com/timovv/azure-sdk-fo…
timovv Oct 7, 2024
c375f9f
Merge remote-tracking branch 'upstream/main' into keyvault/cae
timovv Oct 7, 2024
78584db
Rename test file to match new policy name
timovv Oct 7, 2024
c876100
Remove unnecessary "|| {}"
timovv Oct 8, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions sdk/keyvault/keyvault-admin/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@

### Features Added

- Add support for Continuous Access Evaluation (CAE). [#31140](https://github.com/Azure/azure-sdk-for-js/pull/31140)

### Breaking Changes

### Bugs Fixed
Expand Down
2 changes: 1 addition & 1 deletion sdk/keyvault/keyvault-admin/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@
"@azure/core-util": "^1.0.0",
"@azure/core-rest-pipeline": "^1.1.0",
"@azure/core-tracing": "^1.0.0",
"@azure/keyvault-common": "^1.0.0",
"@azure/keyvault-common": "^1.1.0",
"@azure/logger": "^1.0.0",
"tslib": "^2.2.0"
},
Expand Down
14 changes: 2 additions & 12 deletions sdk/keyvault/keyvault-admin/src/accessControlClient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,7 @@ import { LATEST_API_VERSION } from "./constants.js";
import { PagedAsyncIterableIterator } from "@azure/core-paging";
import { RoleAssignmentsListForScopeOptionalParams } from "./generated/models/index.js";
import { TokenCredential } from "@azure/core-auth";
import { bearerTokenAuthenticationPolicy } from "@azure/core-rest-pipeline";
import { createKeyVaultChallengeCallbacks } from "@azure/keyvault-common";
import { addKeyVaultAuthenticationPolicies } from "@azure/keyvault-common";
import { logger } from "./log.js";
import { mappings } from "./mappings.js";
import { tracingClient } from "./tracing.js";
Expand Down Expand Up @@ -85,16 +84,7 @@ export class KeyVaultAccessControlClient {
};

this.client = new KeyVaultClient(serviceVersion, clientOptions);

this.client.pipeline.addPolicy(
bearerTokenAuthenticationPolicy({
credential,
// The scopes will be populated in the challenge callbacks based on the WWW-authenticate header
// returned by the challenge, so pass an empty array as a placeholder.
scopes: [],
challengeCallbacks: createKeyVaultChallengeCallbacks(options),
}),
);
addKeyVaultAuthenticationPolicies(this.client.pipeline, credential);
}

/**
Expand Down
13 changes: 2 additions & 11 deletions sdk/keyvault/keyvault-admin/src/backupClient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,7 @@ import { KeyVaultSelectiveKeyRestorePoller } from "./lro/selectiveKeyRestore/pol
import { LATEST_API_VERSION } from "./constants.js";
import { PollerLike } from "@azure/core-lro";
import { TokenCredential } from "@azure/core-auth";
import { bearerTokenAuthenticationPolicy } from "@azure/core-rest-pipeline";
import { createKeyVaultChallengeCallbacks } from "@azure/keyvault-common";
import { addKeyVaultAuthenticationPolicies } from "@azure/keyvault-common";
import { logger } from "./log.js";
import { mappings } from "./mappings.js";

Expand Down Expand Up @@ -89,15 +88,7 @@ export class KeyVaultBackupClient {
};

this.client = new KeyVaultClient(apiVersion, clientOptions);
this.client.pipeline.addPolicy(
bearerTokenAuthenticationPolicy({
credential,
// The scopes will be populated in the challenge callbacks based on the WWW-authenticate header
// returned by the challenge, so pass an empty array as a placeholder.
scopes: [],
challengeCallbacks: createKeyVaultChallengeCallbacks(options),
}),
);
addKeyVaultAuthenticationPolicies(this.client.pipeline, credential);
}

/**
Expand Down
11 changes: 2 additions & 9 deletions sdk/keyvault/keyvault-admin/src/settingsClient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,7 @@
// Licensed under the MIT License.

import { TokenCredential } from "@azure/core-auth";
import { bearerTokenAuthenticationPolicy } from "@azure/core-rest-pipeline";
import { createKeyVaultChallengeCallbacks } from "@azure/keyvault-common";
import { addKeyVaultAuthenticationPolicies } from "@azure/keyvault-common";
import { LATEST_API_VERSION } from "./constants.js";
import { KeyVaultClient, Setting as GeneratedSetting } from "./generated/index.js";
import { logger } from "./log.js";
Expand Down Expand Up @@ -91,13 +90,7 @@ export class KeyVaultSettingsClient {
};

this.client = new KeyVaultClient(apiVersion, clientOptions);
this.client.pipeline.addPolicy(
bearerTokenAuthenticationPolicy({
credential,
scopes: [],
challengeCallbacks: createKeyVaultChallengeCallbacks(options),
}),
);
addKeyVaultAuthenticationPolicies(this.client.pipeline, credential);
}

/**
Expand Down
2 changes: 2 additions & 0 deletions sdk/keyvault/keyvault-certificates/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@

### Features Added

- Add support for Continuous Access Evaluation (CAE). [#31140](https://github.com/Azure/azure-sdk-for-js/pull/31140)

### Breaking Changes

### Bugs Fixed
Expand Down
2 changes: 1 addition & 1 deletion sdk/keyvault/keyvault-certificates/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@
"@azure/core-paging": "^1.1.1",
"@azure/core-util": "^1.6.1",
"@azure/core-tracing": "^1.0.0",
"@azure/keyvault-common": "^1.0.0",
"@azure/keyvault-common": "^1.1.0",
"@azure/logger": "^1.0.0",
"tslib": "^2.2.0"
},
Expand Down
11 changes: 2 additions & 9 deletions sdk/keyvault/keyvault-certificates/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
/// <reference lib="esnext.asynciterable" />

import { InternalClientPipelineOptions } from "@azure/core-client";
import { bearerTokenAuthenticationPolicy } from "@azure/core-rest-pipeline";

import { TokenCredential } from "@azure/core-auth";

Expand Down Expand Up @@ -100,7 +99,7 @@ import {
} from "./generated/models/index.js";
import { KeyVaultClient } from "./generated/keyVaultClient.js";
import { PageSettings, PagedAsyncIterableIterator } from "@azure/core-paging";
import { createKeyVaultChallengeCallbacks } from "@azure/keyvault-common";
import { addKeyVaultAuthenticationPolicies } from "@azure/keyvault-common";
import { CreateCertificatePoller } from "./lro/create/poller.js";
import { CertificateOperationPoller } from "./lro/operation/poller.js";
import { DeleteCertificatePoller } from "./lro/delete/poller.js";
Expand Down Expand Up @@ -247,12 +246,6 @@ export class CertificateClient {
) {
this.vaultUrl = vaultUrl;

const authPolicy = bearerTokenAuthenticationPolicy({
credential,
scopes: [],
challengeCallbacks: createKeyVaultChallengeCallbacks(clientOptions),
});

const internalClientPipelineOptions: InternalClientPipelineOptions = {
...clientOptions,
loggingOptions: {
Expand All @@ -269,7 +262,7 @@ export class CertificateClient {
clientOptions.serviceVersion || LATEST_API_VERSION,
internalClientPipelineOptions,
);
this.client.pipeline.addPolicy(authPolicy);
addKeyVaultAuthenticationPolicies(this.client.pipeline, credential);
}

private async *listPropertiesOfCertificatesPage(
Expand Down
5 changes: 4 additions & 1 deletion sdk/keyvault/keyvault-common/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
# Release History

## 1.0.1 (Unreleased)
## 1.1.0 (Unreleased)

### Features Added

- Add support for Continuous Access Evaluation (CAE).
- To take advantage of this support, `addKeyVaultAuthenticationPolicies` should be used to add the correct policies to the pipeline.

### Breaking Changes

### Bugs Fixed
Expand Down
1 change: 1 addition & 0 deletions sdk/keyvault/keyvault-common/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@
"@azure/core-tracing": "^1.0.0",
"@azure/core-auth": "^1.3.0",
"@azure/abort-controller": "^2.0.0",
"@azure/logger": "^1.1.5",
"tslib": "^2.2.0"
},
"devDependencies": {
Expand Down
9 changes: 9 additions & 0 deletions sdk/keyvault/keyvault-common/review/keyvault-common.api.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,19 @@

```ts

import { BearerTokenAuthenticationPolicyOptions } from '@azure/core-rest-pipeline';
import { ChallengeCallbacks } from '@azure/core-rest-pipeline';
import { Pipeline } from '@azure/core-rest-pipeline';
import { RequestBodyType } from '@azure/core-rest-pipeline';
import { TokenCredential } from '@azure/core-auth';

// @public
export function addKeyVaultAuthenticationPolicies(pipeline: Pipeline, credential: TokenCredential, options?: Omit<BearerTokenAuthenticationPolicyOptions, "credential" | "scopes"> & CreateChallengeCallbacksOptions): void;

// @public
export interface CreateChallengeCallbacksOptions {
// Warning: (ae-forgotten-export) The symbol "ChallengeStateContainer" needs to be exported by the entry point index.d.ts
challengeState?: ChallengeStateContainer;
disableChallengeResourceVerification?: boolean;
}

Expand Down
Loading
Loading