ckaczor/azuredatastudio
1
0
Fork 0
mirror of https://github.com/ckaczor/azuredatastudio.git synced 2026-02-16 10:58:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add akv token request logic (#9556)

Browse Source 
Add support for running queries that require a decryption key from Azure Key Vault when using Always Encrypted.
This commit is contained in:
Jeff Trimmer
2020-03-19 12:49:05 -07:00
committed by GitHub
parent 5557929b08
commit 35b27f1304
10 changed files with 99 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
extensions/azurecore/src/account-provider/azureAccountProvider.ts
View File

@@ -159,7 +159,8 @@ export class AzureAccountProvider implements azdata.AccountProvider {
const resourceIdMap = new Map<azdata.AzureResource, string>([
[azdata.AzureResource.ResourceManagement, self._metadata.settings.armResource.id],
[azdata.AzureResource.Sql, self._metadata.settings.sqlResource.id],
[azdata.AzureResource.OssRdbms, self._metadata.settings.ossRdbmsResource.id]
[azdata.AzureResource.OssRdbms, self._metadata.settings.ossRdbmsResource.id],
[azdata.AzureResource.AzureKeyVault, self._metadata.settings.azureKeyVaultResource.id]
]);
let accessTokenPromises: Thenable<void>[] = [];

3
extensions/azurecore/src/account-provider/azureAccountProvider2.ts
View File

@@ -96,7 +96,8 @@ export class AzureAccountProvider implements azdata.AccountProvider {
const resourceIdMap = new Map<azdata.AzureResource, string>([
[azdata.AzureResource.ResourceManagement, this.metadata.settings.armResource.id],
[azdata.AzureResource.Sql, this.metadata.settings.sqlResource.id],
[azdata.AzureResource.OssRdbms, this.metadata.settings.ossRdbmsResource.id]
[azdata.AzureResource.OssRdbms, this.metadata.settings.ossRdbmsResource.id],
[azdata.AzureResource.AzureKeyVault, this.metadata.settings.azureKeyVaultResource.id]
]);
const tenantRefreshPromises: Promise<{ tenantId: any, securityToken: AzureAccountSecurityToken }>[] = [];
const tokenCollection: AzureAccountSecurityTokenCollection = {};

5
extensions/azurecore/src/account-provider/interfaces.ts
View File

@@ -79,6 +79,11 @@ interface Settings {
*/
ossRdbmsResource?: Resource;
/**
* Information that describes the Azure Key Vault resource
*/
azureKeyVaultResource?: Resource;
/**
* A list of tenant IDs to authenticate against. If defined, then these IDs will be used
* instead of querying the tenants endpoint of the armResource

16
extensions/azurecore/src/account-provider/providerSettings.ts
View File

@@ -33,6 +33,10 @@ const publicAzureSettings: ProviderSettings = {
id: 'https://ossrdbms-aad.database.windows.net',
endpoint: 'https://ossrdbms-aad.database.windows.net'
},
azureKeyVaultResource: {
id: 'https://vault.azure.net',
endpoint: 'https://vault.azure.net'
},
redirectUri: 'http://localhost/redirect'
}
}
@@ -56,6 +60,10 @@ const usGovAzureSettings: ProviderSettings = {
id: 'https://management.core.usgovcloudapi.net/',
endpoint: 'https://management.usgovcloudapi.net'
},
azureKeyVaultResource: {
id: 'https://vault.usgovcloudapi.net',
endpoint: 'https://vault.usgovcloudapi.net'
},
redirectUri: 'http://localhost/redirect'
}
}
@@ -79,6 +87,10 @@ const germanyAzureSettings: ProviderSettings = {
id: 'https://management.core.cloudapi.de/',
endpoint: 'https://management.microsoftazure.de'
},
azureKeyVaultResource: {
id: 'https://vault.microsoftazure.de',
endpoint: 'https://vault.microsoftazure.de'
},
redirectUri: 'http://localhost/redirect'
}
}
@@ -101,6 +113,10 @@ const chinaAzureSettings: ProviderSettings = {
id: 'https://management.core.chinacloudapi.cn/',
endpoint: 'https://managemement.chinacloudapi.net'
},
azureKeyVaultResource: {
id: 'https://vault.azure.cn',
endpoint: 'https://vault.azure.cn'
},
redirectUri: 'http://localhost/redirect'
}
}