Enable Azure Active Directory MFA authentication (#3125)

2026-02-16 18:46:40 -05:00 · 2018-11-27 11:13:47 -08:00
parent d646b4729b
commit cb72865dcc
33 changed files with 369 additions and 109 deletions
--- a/extensions/azurecore/src/azureResource/commands.ts
+++ b/extensions/azurecore/src/azureResource/commands.ts
@@ -6,7 +6,7 @@
 'use strict';

 import { window, QuickPickItem } from 'vscode';
-import { IConnectionProfile } from 'sqlops';
+import * as sqlops from 'sqlops';
 import { generateGuid } from './utils';
 import { ApiWrapper } from '../apiWrapper';
 import { TreeNode } from '../treeNodes';
@@ -30,7 +30,7 @@ export function registerAzureResourceCommands(apiWrapper: ApiWrapper, tree: Azur

 		let subscriptions = await accountNode.getCachedSubscriptions();
 		if (!subscriptions || subscriptions.length === 0) {
-			const credentials = await servicePool.credentialService.getCredentials(accountNode.account);
+			const credentials = await servicePool.credentialService.getCredentials(accountNode.account, sqlops.AzureResource.ResourceManagement);
 			subscriptions = await servicePool.subscriptionService.getSubscriptions(accountNode.account, credentials);
 		}

@@ -71,7 +71,7 @@ export function registerAzureResourceCommands(apiWrapper: ApiWrapper, tree: Azur
 	});

 	apiWrapper.registerCommand('azureresource.connectsqldb', async (node?: TreeNode) => {
-		let connectionProfile: IConnectionProfile = {
+		let connectionProfile: sqlops.IConnectionProfile = {
 			id: generateGuid(),
 			connectionName: undefined,
 			serverName: undefined,
--- a/extensions/azurecore/src/azureResource/interfaces.ts
+++ b/extensions/azurecore/src/azureResource/interfaces.ts
@@ -6,29 +6,29 @@
 'use strict';

 import { ServiceClientCredentials } from 'ms-rest';
-import { Account, DidChangeAccountsParams } from 'sqlops';
+import * as sqlops from 'sqlops';
 import { Event } from 'vscode';

 import { AzureResourceSubscription, AzureResourceDatabaseServer, AzureResourceDatabase } from './models';

 export interface IAzureResourceAccountService {
-	getAccounts(): Promise<Account[]>;
+	getAccounts(): Promise<sqlops.Account[]>;

-	readonly onDidChangeAccounts: Event<DidChangeAccountsParams>;
+	readonly onDidChangeAccounts: Event<sqlops.DidChangeAccountsParams>;
 }

 export interface IAzureResourceCredentialService {
-	getCredentials(account: Account): Promise<ServiceClientCredentials[]>;
+	getCredentials(account: sqlops.Account, resource: sqlops.AzureResource): Promise<ServiceClientCredentials[]>;
 }

 export interface IAzureResourceSubscriptionService {
-	getSubscriptions(account: Account, credentials: ServiceClientCredentials[]): Promise<AzureResourceSubscription[]>;
+	getSubscriptions(account: sqlops.Account, credentials: ServiceClientCredentials[]): Promise<AzureResourceSubscription[]>;
 }

 export interface IAzureResourceSubscriptionFilterService {
-	getSelectedSubscriptions(account: Account): Promise<AzureResourceSubscription[]>;
+	getSelectedSubscriptions(account: sqlops.Account): Promise<AzureResourceSubscription[]>;

-	saveSelectedSubscriptions(account: Account, selectedSubscriptions: AzureResourceSubscription[]): Promise<void>;
+	saveSelectedSubscriptions(account: sqlops.Account, selectedSubscriptions: AzureResourceSubscription[]): Promise<void>;
 }

 export interface IAzureResourceDatabaseServerService {
--- a/extensions/azurecore/src/azureResource/services/credentialService.ts
+++ b/extensions/azurecore/src/azureResource/services/credentialService.ts
@@ -5,7 +5,7 @@

 'use strict';

-import { Account } from 'sqlops';
+import * as sqlops from 'sqlops';
 import { TokenCredentials, ServiceClientCredentials } from 'ms-rest';
 import { ApiWrapper } from '../../apiWrapper';
 import * as nls from 'vscode-nls';
@@ -21,10 +21,10 @@ export class AzureResourceCredentialService implements IAzureResourceCredentialS
 		this._apiWrapper = apiWrapper;
 	}

-	public async getCredentials(account: Account): Promise<ServiceClientCredentials[]> {
+	public async getCredentials(account: sqlops.Account, resource: sqlops.AzureResource): Promise<ServiceClientCredentials[]> {
 		try {
 			let credentials: TokenCredentials[] = [];
-			let tokens = await this._apiWrapper.getSecurityToken(account);
+			let tokens = await this._apiWrapper.getSecurityToken(account, resource);

 			for (let tenant of account.properties.tenants) {
 				let token = tokens[tenant.id].token;
--- a/extensions/azurecore/src/azureResource/tree/baseTreeNodes.ts
+++ b/extensions/azurecore/src/azureResource/tree/baseTreeNodes.ts
@@ -5,7 +5,7 @@

 'use strict';

-import { Account } from 'sqlops';
+import * as sqlops from 'sqlops';
 import { ServiceClientCredentials } from 'ms-rest';
 import { TreeNode } from '../../treeNodes';

@@ -28,7 +28,7 @@ export abstract class AzureResourceTreeNodeBase extends TreeNode {

 export abstract class AzureResourceContainerTreeNodeBase extends AzureResourceTreeNodeBase {
 	public constructor(
-		public readonly account: Account,
+		public readonly account: sqlops.Account,
 		treeChangeHandler: IAzureResourceTreeChangeHandler,
 		parent: TreeNode
 	) {
@@ -45,7 +45,7 @@ export abstract class AzureResourceContainerTreeNodeBase extends AzureResourceTr

 	protected async getCredentials(): Promise<ServiceClientCredentials[]> {
 		try {
-			return await this.servicePool.credentialService.getCredentials(this.account);
+			return await this.servicePool.credentialService.getCredentials(this.account, sqlops.AzureResource.ResourceManagement);
 		} catch (error) {
 			if (error instanceof AzureResourceCredentialError) {
 				this.servicePool.contextService.showErrorMessage(error.message);