From f211c2ad4db6b71432798ec4aa0722a5a47e3f04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Rodr=C3=ADguez?= Date: Mon, 4 Oct 2021 21:11:38 -0400 Subject: [PATCH] [Identity] Disabling regional authority support (#18026) * [Identity] Disabling regional authority support * feedback from Scott Schaab --- sdk/identity/identity/CHANGELOG.md | 1 + sdk/identity/identity/review/identity.api.md | 59 ------------------- .../clientCertificateCredentialOptions.ts | 13 ++-- .../clientSecretCredentialOptions.ts | 13 ++-- sdk/identity/identity/src/index.ts | 5 +- .../identity/src/msal/nodeFlows/nodeCommon.ts | 2 +- .../node/clientCertificateCredential.spec.ts | 8 ++- .../node/clientSecretCredential.spec.ts | 8 ++- .../node/clientSecretCredential.spec.ts | 8 ++- 9 files changed, 35 insertions(+), 82 deletions(-) diff --git a/sdk/identity/identity/CHANGELOG.md b/sdk/identity/identity/CHANGELOG.md index 7c7feec79323..2c328573bfbe 100644 --- a/sdk/identity/identity/CHANGELOG.md +++ b/sdk/identity/identity/CHANGELOG.md @@ -9,6 +9,7 @@ #### Breaking Changes from 2.0.0-beta.4 - Removed the `allowMultiTenantAuthentication` option from all of the credentials. Multi-tenant authentication is now enabled by default. On Node.js, it can be disabled with the `AZURE_IDENTITY_DISABLE_MULTITENANTAUTH` environment variable. +- Removed support for specific Azure regions on `ClientSecretCredential` and `ClientCertificateCredential. This feature will be added back on the next beta. ### Bugs Fixed diff --git a/sdk/identity/identity/review/identity.api.md b/sdk/identity/identity/review/identity.api.md index 0e19256e8868..abbf46dd158b 100644 --- a/sdk/identity/identity/review/identity.api.md +++ b/sdk/identity/identity/review/identity.api.md @@ -114,7 +114,6 @@ export class ClientCertificateCredential implements TokenCredential { // @public export interface ClientCertificateCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions { - regionalAuthority?: string; sendCertificateChain?: boolean; } @@ -126,7 +125,6 @@ export class ClientSecretCredential implements TokenCredential { // @public export interface ClientSecretCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions { - regionalAuthority?: string; } // @public @@ -275,63 +273,6 @@ export interface OnBehalfOfCredentialSecretConfiguration { userAssertionToken: string; } -// @public -export enum RegionalAuthority { - AsiaEast = "eastasia", - AsiaSouthEast = "southeastasia", - AustraliaCentral = "australiacentral", - AustraliaCentral2 = "australiacentral2", - AustraliaEast = "australiaeast", - AustraliaSouthEast = "australiasoutheast", - AutoDiscoverRegion = "AutoDiscoverRegion", - BrazilSouth = "brazilsouth", - CanadaCentral = "canadacentral", - CanadaEast = "canadaeast", - ChinaEast = "chinaeast", - ChinaEast2 = "chinaeast2", - ChinaNorth = "chinanorth", - ChinaNorth2 = "chinanorth2", - EuropeNorth = "northeurope", - EuropeWest = "westeurope", - FranceCentral = "francecentral", - FranceSouth = "francesouth", - GermanyCentral = "germanycentral", - GermanyNorth = "germanynorth", - GermanyNorthEast = "germanynortheast", - GermanyWestCentral = "germanywestcentral", - GovernmentUSArizona = "usgovarizona", - GovernmentUSDodCentral = "usdodcentral", - GovernmentUSDodEast = "usdodeast", - GovernmentUSIowa = "usgoviowa", - GovernmentUSTexas = "usgovtexas", - GovernmentUSVirginia = "usgovvirginia", - IndiaCentral = "centralindia", - IndiaSouth = "southindia", - IndiaWest = "westindia", - JapanEast = "japaneast", - JapanWest = "japanwest", - KoreaCentral = "koreacentral", - KoreaSouth = "koreasouth", - NorwayEast = "norwayeast", - NorwayWest = "norwaywest", - SouthAfricaNorth = "southafricanorth", - SouthAfricaWest = "southafricawest", - SwitzerlandNorth = "switzerlandnorth", - SwitzerlandWest = "switzerlandwest", - UAECentral = "uaecentral", - UAENorth = "uaenorth", - UKSouth = "uksouth", - UKWest = "ukwest", - USCentral = "centralus", - USEast = "eastus", - USEast2 = "eastus2", - USNorthCentral = "northcentralus", - USSouthCentral = "southcentralus", - USWest = "westus", - USWest2 = "westus2", - USWestCentral = "westcentralus" -} - // @public export function serializeAuthenticationRecord(record: AuthenticationRecord): string; diff --git a/sdk/identity/identity/src/credentials/clientCertificateCredentialOptions.ts b/sdk/identity/identity/src/credentials/clientCertificateCredentialOptions.ts index 42dc5a0d6910..b4d53a2ecadf 100644 --- a/sdk/identity/identity/src/credentials/clientCertificateCredentialOptions.ts +++ b/sdk/identity/identity/src/credentials/clientCertificateCredentialOptions.ts @@ -15,10 +15,11 @@ export interface ClientCertificateCredentialOptions * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim */ sendCertificateChain?: boolean; - /** - * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values. - * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint. - * If the property is not specified, the credential uses the global authority endpoint. - */ - regionalAuthority?: string; + // TODO: Export again once we're ready to release this feature. + // /** + // * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values. + // * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint. + // * If the property is not specified, the credential uses the global authority endpoint. + // */ + // regionalAuthority?: string; } diff --git a/sdk/identity/identity/src/credentials/clientSecretCredentialOptions.ts b/sdk/identity/identity/src/credentials/clientSecretCredentialOptions.ts index 8cc4e68c1d50..5637affc2e66 100644 --- a/sdk/identity/identity/src/credentials/clientSecretCredentialOptions.ts +++ b/sdk/identity/identity/src/credentials/clientSecretCredentialOptions.ts @@ -10,10 +10,11 @@ import { CredentialPersistenceOptions } from "./credentialPersistenceOptions"; export interface ClientSecretCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions { - /** - * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values. - * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint. - * If the property is not specified, the credential uses the global authority endpoint. - */ - regionalAuthority?: string; + // TODO: Export again once we're ready to release this feature. + // /** + // * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values. + // * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint. + // * If the property is not specified, the credential uses the global authority endpoint. + // */ + // regionalAuthority?: string; } diff --git a/sdk/identity/identity/src/index.ts b/sdk/identity/identity/src/index.ts index f0a825f2c3c7..d824ede795d9 100644 --- a/sdk/identity/identity/src/index.ts +++ b/sdk/identity/identity/src/index.ts @@ -12,7 +12,10 @@ export { AuthenticationRecord } from "./msal/types"; export { AuthenticationRequiredError } from "./msal/errors"; export { serializeAuthenticationRecord, deserializeAuthenticationRecord } from "./msal/utils"; export { TokenCredentialOptions } from "./client/identityClient"; -export { RegionalAuthority } from "./regionalAuthority"; + +// TODO: Export again once we're ready to release this feature. +// export { RegionalAuthority } from "./regionalAuthority"; + export { InteractiveCredentialOptions } from "./credentials/interactiveCredentialOptions"; export { ChainedTokenCredential } from "./credentials/chainedTokenCredential"; diff --git a/sdk/identity/identity/src/msal/nodeFlows/nodeCommon.ts b/sdk/identity/identity/src/msal/nodeFlows/nodeCommon.ts index 974f6353a73b..340063d483c1 100644 --- a/sdk/identity/identity/src/msal/nodeFlows/nodeCommon.ts +++ b/sdk/identity/identity/src/msal/nodeFlows/nodeCommon.ts @@ -23,8 +23,8 @@ import { publicToMsal } from "../utils"; import { TokenCachePersistenceOptions } from "./tokenCachePersistenceOptions"; -import { RegionalAuthority } from "../../regionalAuthority"; import { processMultiTenantRequest } from "../../util/validateMultiTenant"; +import { RegionalAuthority } from "../../regionalAuthority"; /** * Union of the constructor parameters that all MSAL flow types for Node. diff --git a/sdk/identity/identity/test/internal/node/clientCertificateCredential.spec.ts b/sdk/identity/identity/test/internal/node/clientCertificateCredential.spec.ts index ac9eb61dd798..308bc6ddb8a2 100644 --- a/sdk/identity/identity/test/internal/node/clientCertificateCredential.spec.ts +++ b/sdk/identity/identity/test/internal/node/clientCertificateCredential.spec.ts @@ -9,7 +9,7 @@ import * as path from "path"; import { AbortController } from "@azure/abort-controller"; import { env, isPlaybackMode, delay } from "@azure-tools/test-recorder"; import { ConfidentialClientApplication } from "@azure/msal-node"; -import { ClientCertificateCredential, RegionalAuthority } from "../../../src"; +import { ClientCertificateCredential } from "../../../src"; import { MsalTestCleanup, msalNodeTestSetup } from "../../msalTestUtils"; import { MsalNode } from "../../../src/msal/nodeFlows/nodeCommon"; import { Context } from "mocha"; @@ -121,13 +121,15 @@ describe("ClientCertificateCredential (internal)", function() { assert.equal(doGetTokenSpy.callCount, 2); }); - it("supports specifying the regional authority", async function() { + // TODO: Enable again once we're ready to release this feature. + it.skip("supports specifying the regional authority", async function() { const credential = new ClientCertificateCredential( env.AZURE_TENANT_ID, env.AZURE_CLIENT_ID, certificatePath, { - regionalAuthority: RegionalAuthority.AutoDiscoverRegion + // TODO: Uncomment once we're ready to release this feature. + // regionalAuthority: RegionalAuthority.AutoDiscoverRegion } ); diff --git a/sdk/identity/identity/test/internal/node/clientSecretCredential.spec.ts b/sdk/identity/identity/test/internal/node/clientSecretCredential.spec.ts index 2b56aa7cee78..53fd67c3ca5e 100644 --- a/sdk/identity/identity/test/internal/node/clientSecretCredential.spec.ts +++ b/sdk/identity/identity/test/internal/node/clientSecretCredential.spec.ts @@ -8,7 +8,7 @@ import { assert } from "chai"; import { AbortController } from "@azure/abort-controller"; import { env, delay } from "@azure-tools/test-recorder"; import { ConfidentialClientApplication } from "@azure/msal-node"; -import { ClientSecretCredential, RegionalAuthority } from "../../../src"; +import { ClientSecretCredential } from "../../../src"; import { MsalTestCleanup, msalNodeTestSetup } from "../../msalTestUtils"; import { MsalNode } from "../../../src/msal/nodeFlows/nodeCommon"; import { Context } from "mocha"; @@ -85,13 +85,15 @@ describe("ClientSecretCredential (internal)", function() { assert.equal(doGetTokenSpy.callCount, 1); }); - it("supports specifying the regional authority", async function() { + // TODO: Enable again once we're ready to release this feature. + it.skip("supports specifying the regional authority", async function() { const credential = new ClientSecretCredential( env.AZURE_TENANT_ID, env.AZURE_CLIENT_ID, env.AZURE_CLIENT_SECRET, { - regionalAuthority: RegionalAuthority.AutoDiscoverRegion + // TODO: Uncomment once we're ready to release this feature. + // regionalAuthority: RegionalAuthority.AutoDiscoverRegion } ); diff --git a/sdk/identity/identity/test/public/node/clientSecretCredential.spec.ts b/sdk/identity/identity/test/public/node/clientSecretCredential.spec.ts index 85cab8218ad5..f34671245ba6 100644 --- a/sdk/identity/identity/test/public/node/clientSecretCredential.spec.ts +++ b/sdk/identity/identity/test/public/node/clientSecretCredential.spec.ts @@ -7,7 +7,7 @@ import { assert } from "chai"; import { env, delay, isRecordMode } from "@azure-tools/test-recorder"; import { AbortController } from "@azure/abort-controller"; import { MsalTestCleanup, msalNodeTestSetup, testTracing } from "../../msalTestUtils"; -import { ClientSecretCredential, RegionalAuthority } from "../../../src"; +import { ClientSecretCredential } from "../../../src"; import { Context } from "mocha"; describe("ClientSecretCredential", function() { @@ -81,7 +81,8 @@ describe("ClientSecretCredential", function() { }) ); - it("supports specifying the regional authority", async function(this: Context) { + // TODO: Enable again once we're ready to release this feature. + it.skip("supports specifying the regional authority", async function(this: Context) { // This test is extremely slow. Let's skip it for now. // I've tried Sinon's clock and it doesn't affect it. // We have internal tests that check that the parameters are properly sent to MSAL, which should be enough from the perspective of the SDK. @@ -94,7 +95,8 @@ describe("ClientSecretCredential", function() { env.AZURE_CLIENT_ID, env.AZURE_CLIENT_SECRET, { - regionalAuthority: RegionalAuthority.AutoDiscoverRegion + // TODO: Uncomment again once we're ready to release this feature. + // regionalAuthority: RegionalAuthority.AutoDiscoverRegion } );