mirror of
https://github.com/microsoft/vscode.git
synced 2026-04-27 03:54:24 +01:00
Support sovereign/custom clouds in microsoft authentication provider (#178725)
This commit is contained in:
Brandon Waterloo [MSFT]
committed by
GitHub
GitHub
parent
d74f53ef2a
commit
f9d14d68fb
@@ -4,18 +4,105 @@
|
||||
*--------------------------------------------------------------------------------------------*/
|
||||
|
||||
import * as vscode from 'vscode';
|
||||
import { AzureActiveDirectoryService, onDidChangeSessions } from './AADHelper';
|
||||
import { AzureActiveDirectoryService, IStoredSession } from './AADHelper';
|
||||
import { BetterTokenStorage } from './betterSecretStorage';
|
||||
import { UriEventHandler } from './UriEventHandler';
|
||||
import TelemetryReporter from '@vscode/extension-telemetry';
|
||||
|
||||
async function initAzureCloudAuthProvider(context: vscode.ExtensionContext, telemetryReporter: TelemetryReporter, uriHandler: UriEventHandler, tokenStorage: BetterTokenStorage<IStoredSession>): Promise<vscode.Disposable | undefined> {
|
||||
let settingValue = vscode.workspace.getConfiguration('microsoft-sovereign-cloud').get<string | undefined>('endpoint');
|
||||
let authProviderName: string | undefined;
|
||||
if (!settingValue) {
|
||||
return undefined;
|
||||
} else if (settingValue === 'Azure China') {
|
||||
authProviderName = settingValue;
|
||||
settingValue = 'https://login.chinacloudapi.cn/';
|
||||
} else if (settingValue === 'Azure US Government') {
|
||||
authProviderName = settingValue;
|
||||
settingValue = 'https://login.microsoftonline.us/';
|
||||
}
|
||||
|
||||
// validate user value
|
||||
let uri: vscode.Uri;
|
||||
try {
|
||||
uri = vscode.Uri.parse(settingValue, true);
|
||||
} catch (e) {
|
||||
vscode.window.showErrorMessage(vscode.l10n.t('Azure Cloud login URI is not a valid URI: {0}', e.message ?? e));
|
||||
return;
|
||||
}
|
||||
|
||||
// Add trailing slash if needed
|
||||
if (!settingValue.endsWith('/')) {
|
||||
settingValue += '/';
|
||||
}
|
||||
|
||||
const azureEnterpriseAuthProvider = new AzureActiveDirectoryService(context, uriHandler, tokenStorage, settingValue);
|
||||
await azureEnterpriseAuthProvider.initialize();
|
||||
|
||||
authProviderName ||= uri.authority;
|
||||
const disposable = vscode.authentication.registerAuthenticationProvider('microsoft-sovereign-cloud', authProviderName, {
|
||||
onDidChangeSessions: azureEnterpriseAuthProvider.onDidChangeSessions,
|
||||
getSessions: (scopes: string[]) => azureEnterpriseAuthProvider.getSessions(scopes),
|
||||
createSession: async (scopes: string[]) => {
|
||||
try {
|
||||
/* __GDPR__
|
||||
"login" : {
|
||||
"owner": "TylerLeonhardt",
|
||||
"comment": "Used to determine the usage of the Azure Cloud Auth Provider.",
|
||||
"scopes": { "classification": "PublicNonPersonalData", "purpose": "FeatureInsight", "comment": "Used to determine what scope combinations are being requested." }
|
||||
}
|
||||
*/
|
||||
telemetryReporter.sendTelemetryEvent('loginAzureCloud', {
|
||||
// Get rid of guids from telemetry.
|
||||
scopes: JSON.stringify(scopes.map(s => s.replace(/[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}/i, '{guid}'))),
|
||||
});
|
||||
|
||||
return await azureEnterpriseAuthProvider.createSession(scopes.sort());
|
||||
} catch (e) {
|
||||
/* __GDPR__
|
||||
"loginFailed" : { "owner": "TylerLeonhardt", "comment": "Used to determine how often users run into issues with the login flow." }
|
||||
*/
|
||||
telemetryReporter.sendTelemetryEvent('loginAzureCloudFailed');
|
||||
|
||||
throw e;
|
||||
}
|
||||
},
|
||||
removeSession: async (id: string) => {
|
||||
try {
|
||||
/* __GDPR__
|
||||
"logout" : { "owner": "TylerLeonhardt", "comment": "Used to determine how often users log out." }
|
||||
*/
|
||||
telemetryReporter.sendTelemetryEvent('logoutAzureCloud');
|
||||
|
||||
await azureEnterpriseAuthProvider.removeSessionById(id);
|
||||
} catch (e) {
|
||||
/* __GDPR__
|
||||
"logoutFailed" : { "owner": "TylerLeonhardt", "comment": "Used to determine how often fail to log out." }
|
||||
*/
|
||||
telemetryReporter.sendTelemetryEvent('logoutAzureCloudFailed');
|
||||
}
|
||||
}
|
||||
}, { supportsMultipleAccounts: true });
|
||||
|
||||
context.subscriptions.push(disposable);
|
||||
return disposable;
|
||||
}
|
||||
|
||||
export async function activate(context: vscode.ExtensionContext) {
|
||||
const { name, version, aiKey } = context.extension.packageJSON as { name: string; version: string; aiKey: string };
|
||||
const telemetryReporter = new TelemetryReporter(aiKey);
|
||||
|
||||
const loginService = new AzureActiveDirectoryService(context);
|
||||
const uriHandler = new UriEventHandler();
|
||||
context.subscriptions.push(uriHandler);
|
||||
context.subscriptions.push(vscode.window.registerUriHandler(uriHandler));
|
||||
|
||||
const betterSecretStorage = new BetterTokenStorage<IStoredSession>('microsoft.login.keylist', context);
|
||||
|
||||
const loginService = new AzureActiveDirectoryService(context, uriHandler, betterSecretStorage);
|
||||
await loginService.initialize();
|
||||
|
||||
context.subscriptions.push(vscode.authentication.registerAuthenticationProvider('microsoft', 'Microsoft', {
|
||||
onDidChangeSessions: onDidChangeSessions.event,
|
||||
onDidChangeSessions: loginService.onDidChangeSessions,
|
||||
getSessions: (scopes: string[]) => loginService.getSessions(scopes),
|
||||
createSession: async (scopes: string[]) => {
|
||||
try {
|
||||
@@ -31,9 +118,7 @@ export async function activate(context: vscode.ExtensionContext) {
|
||||
scopes: JSON.stringify(scopes.map(s => s.replace(/[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}/i, '{guid}'))),
|
||||
});
|
||||
|
||||
const session = await loginService.createSession(scopes.sort());
|
||||
onDidChangeSessions.fire({ added: [session], removed: [], changed: [] });
|
||||
return session;
|
||||
return await loginService.createSession(scopes.sort());
|
||||
} catch (e) {
|
||||
/* __GDPR__
|
||||
"loginFailed" : { "owner": "TylerLeonhardt", "comment": "Used to determine how often users run into issues with the login flow." }
|
||||
@@ -50,10 +135,7 @@ export async function activate(context: vscode.ExtensionContext) {
|
||||
*/
|
||||
telemetryReporter.sendTelemetryEvent('logout');
|
||||
|
||||
const session = await loginService.removeSessionById(id);
|
||||
if (session) {
|
||||
onDidChangeSessions.fire({ added: [], removed: [session], changed: [] });
|
||||
}
|
||||
await loginService.removeSessionById(id);
|
||||
} catch (e) {
|
||||
/* __GDPR__
|
||||
"logoutFailed" : { "owner": "TylerLeonhardt", "comment": "Used to determine how often fail to log out." }
|
||||
@@ -63,6 +145,15 @@ export async function activate(context: vscode.ExtensionContext) {
|
||||
}
|
||||
}, { supportsMultipleAccounts: true }));
|
||||
|
||||
let azureCloudAuthProviderDisposable = await initAzureCloudAuthProvider(context, telemetryReporter, uriHandler, betterSecretStorage);
|
||||
|
||||
context.subscriptions.push(vscode.workspace.onDidChangeConfiguration(async e => {
|
||||
if (e.affectsConfiguration('microsoft-sovereign-cloud.endpoint')) {
|
||||
azureCloudAuthProviderDisposable?.dispose();
|
||||
azureCloudAuthProviderDisposable = await initAzureCloudAuthProvider(context, telemetryReporter, uriHandler, betterSecretStorage);
|
||||
}
|
||||
}));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user