Notify STS when encryption keys are updated in azurecore (#22384)

2026-02-09 17:52:34 -05:00 · 2023-03-22 11:46:30 -07:00
parent 1e4800a60c
commit 94b3261276
8 changed files with 124 additions and 35 deletions
--- a/extensions/mssql/src/sqlToolsServer.ts
+++ b/extensions/mssql/src/sqlToolsServer.ts
@@ -9,6 +9,7 @@ import * as Constants from './constants';
 import * as vscode from 'vscode';
 import * as azdata from 'azdata';
 import * as path from 'path';
+import * as azurecore from 'azurecore';
 import { getAzureAuthenticationLibraryConfig, getCommonLaunchArgsAndCleanupOldLogFiles, getConfigTracingLevel, getEnableSqlAuthenticationProviderConfig, getOrDownloadServer, getParallelMessageProcessingConfig, TracingLevel } from './utils';
 import { TelemetryReporter, LanguageClientErrorHandler } from './telemetry';
 import { SqlOpsDataClient, ClientOptions } from 'dataprotocol-client';
@@ -19,7 +20,7 @@ import { SchemaCompareService } from './schemaCompare/schemaCompareService';
 import { AppContext } from './appContext';
 import { DacFxService } from './dacfx/dacFxService';
 import { CmsService } from './cms/cmsService';
-import { CompletionExtensionParams, CompletionExtLoadRequest } from './contracts';
+import { CompletionExtensionParams, CompletionExtLoadRequest, DidChangeEncryptionIVKeyParams, EncryptionKeysChangedNotification } from './contracts';
 import { promises as fs } from 'fs';
 import * as nls from 'vscode-nls';
 import { LanguageExtensionService } from './languageExtension/languageExtensionService';
@@ -82,6 +83,7 @@ export class SqlToolsServer {
 			statusView.text = localize('startingServiceStatusMsg', "Starting {0}", Constants.serviceName);
 			this.client.start();
 			await Promise.all([this.activateFeatures(context), clientReadyPromise]);
+			await this.handleEncryptionKeyEventNotification(this.client);
 			return this.client;
 		} catch (e) {
 			TelemetryReporter.sendTelemetryEvent('ServiceInitializingFailed');
@@ -90,6 +92,35 @@ export class SqlToolsServer {
 		}
 	}

+	/**
+	 * This is a hop notification handler to send Encryption Key and Iv information from Azure Core extension to backend
+	 * SqlToolsService. This notification is needed for Azure authentication flows to be able to read/write into
+	 * shared MSAL cache.
+	 * @param client SqlOpsDataClient instance
+	 */
+	private async handleEncryptionKeyEventNotification(client: SqlOpsDataClient) {
+		if (getAzureAuthenticationLibraryConfig() === 'MSAL' && getEnableSqlAuthenticationProviderConfig()) {
+			let onDidEncryptionKeysChanged = (await this.getAzureCoreAPI()).onEncryptionKeysUpdated;
+			// Register event listener from Azure Core extension
+			onDidEncryptionKeysChanged((keys: azurecore.CacheEncryptionKeys) => {
+				// Send client notification for updated encryption keys
+				client.sendNotification(EncryptionKeysChangedNotification.type,
+					<DidChangeEncryptionIVKeyParams>{
+						key: keys.key,
+						iv: keys.iv
+					});
+			});
+		}
+	}
+
+	private async getAzureCoreAPI(): Promise<azurecore.IExtension> {
+		const api = (await vscode.extensions.getExtension(azurecore.extension.name)?.activate()) as azurecore.IExtension;
+		if (!api) {
+			throw new Error('Azure core extension could not be activated.');
+		}
+		return api;
+	}
+
 	private async download(context: AppContext): Promise<string> {
 		const configDir = context.extensionContext.extensionPath;
 		const rawConfig = await fs.readFile(path.join(configDir, 'config.json'));