lapolinarweb
diff --git a/‎apps/rush-lib/src/pluginFramework/PluginManager.ts
Lines changed: 11 additions & 2 deletions b/‎apps/rush-lib/src/pluginFramework/PluginManager.ts
Lines changed: 11 additions & 2 deletions
diff --git a/‎apps/rush/src/start-dev.ts
Lines changed: 6 additions & 2 deletions b/‎apps/rush/src/start-dev.ts
Lines changed: 6 additions & 2 deletions
diff --git a/‎common/changes/@microsoft/rush/rush-azure-interactive-auth-plugin_2022-04-04-21-31.json
Lines changed: 10 additions & 0 deletions b/‎common/changes/@microsoft/rush/rush-azure-interactive-auth-plugin_2022-04-04-21-31.json
Lines changed: 10 additions & 0 deletions
diff --git a/‎common/reviews/api/rush-azure-storage-build-cache-plugin.api.md
Lines changed: 1 addition & 2 deletions b/‎common/reviews/api/rush-azure-storage-build-cache-plugin.api.md
Lines changed: 1 addition & 2 deletions
diff --git a/‎rush-plugins/rush-azure-storage-build-cache-plugin/rush-plugin-manifest.json
Lines changed: 6 additions & 0 deletions b/‎rush-plugins/rush-azure-storage-build-cache-plugin/rush-plugin-manifest.json
Lines changed: 6 additions & 0 deletions
diff --git a/‎rush-plugins/rush-azure-storage-build-cache-plugin/src/AzureStorageAuthentication.ts
Lines changed: 20 additions & 4 deletions b/‎rush-plugins/rush-azure-storage-build-cache-plugin/src/AzureStorageAuthentication.ts
Lines changed: 20 additions & 4 deletions
diff --git a/‎rush-plugins/rush-azure-storage-build-cache-plugin/src/RushAzureInteractiveAuthPlugin.ts
Lines changed: 115 additions & 0 deletions b/‎rush-plugins/rush-azure-storage-build-cache-plugin/src/RushAzureInteractiveAuthPlugin.ts
Lines changed: 115 additions & 0 deletions
diff --git a/‎rush-plugins/rush-azure-storage-build-cache-plugin/src/schemas/azure-interactive-auth.schema.json
Lines changed: 49 additions & 0 deletions b/‎rush-plugins/rush-azure-storage-build-cache-plugin/src/schemas/azure-interactive-auth.schema.json
Lines changed: 49 additions & 0 deletions
@@ -53,8 +53,10 @@ export class PluginManager {
     const builtInPluginConfigurations: IBuiltInPluginConfiguration[] = options.builtInPluginConfigurations;
 
     const ownPackageJsonDependencies: Record<string, string> = require('../../package.json').dependencies;
-    function tryAddBuiltInPlugin(builtInPluginName: string): void {
-      const pluginPackageName: string = `@rushstack/${builtInPluginName}`;
+    function tryAddBuiltInPlugin(builtInPluginName: string, pluginPackageName?: string): void {
+      if (!pluginPackageName) {
+        pluginPackageName = `@rushstack/${builtInPluginName}`;
+      }
       if (ownPackageJsonDependencies[pluginPackageName]) {
         builtInPluginConfigurations.push({
           packageName: pluginPackageName,
@@ -69,6 +71,13 @@ export class PluginManager {
 
     tryAddBuiltInPlugin('rush-amazon-s3-build-cache-plugin');
     tryAddBuiltInPlugin('rush-azure-storage-build-cache-plugin');
+    // This is a secondary plugin inside the `@rushstack/rush-azure-storage-build-cache-plugin`
+    // package. Because that package comes with Rush (for now), it needs to get registered here.
+    // If the necessary config file doesn't exist, this plugin doesn't do anything.
+    tryAddBuiltInPlugin(
+      'rush-azure-interactive-auth-plugin',
+      '@rushstack/rush-azure-storage-build-cache-plugin'
+    );
 
     this._builtInPluginLoaders = builtInPluginConfigurations.map((pluginConfiguration) => {
       return new BuiltInPluginLoader({
 
@@ -11,8 +11,10 @@ import { RushCommandSelector } from './RushCommandSelector';
 
 const builtInPluginConfigurations: rushLib._IBuiltInPluginConfiguration[] = [];
 
-function includePlugin(pluginName: string): void {
-  const pluginPackageName: string = `@rushstack/${pluginName}`;
+function includePlugin(pluginName: string, pluginPackageName?: string): void {
+  if (!pluginPackageName) {<
6D40
/span>
+    pluginPackageName = `@rushstack/${pluginName}`;
+  }
   builtInPluginConfigurations.push({
     packageName: pluginPackageName,
     pluginName: pluginName,
@@ -25,6 +27,8 @@ function includePlugin(pluginName: string): void {
 
 includePlugin('rush-amazon-s3-build-cache-plugin');
 includePlugin('rush-azure-storage-build-cache-plugin');
+// Including this here so that developers can reuse it without installing the plugin a second time
+includePlugin('rush-azure-interactive-auth-plugin', '@rushstack/rush-azure-storage-build-cache-plugin');
 
 const currentPackageVersion: string = PackageJsonLookup.loadOwnPackageJson(__dirname).version;
 RushCommandSelector.execute(currentPackageVersion, rushLib, {
 
@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@microsoft/rush",
+      "comment": "Add an additional plugin to rush-azure-storage-build-cache-plugin that can be used to prompt for Azure authentication before a command runs.",
+      "type": "none"
+    }
+  ],
+  "packageName": "@microsoft/rush"
+}
@@ -43,8 +43,7 @@ export class AzureStorageAuthentication {
     tryGetCachedCredentialAsync(): Promise<string | undefined>;
     // (undocumented)
     updateCachedCredentialAsync(terminal: ITerminal, credential: string): Promise<void>;
-    // (undocumented)
-    updateCachedCredentialInteractiveAsync(terminal: ITerminal): Promise<void>;
+    updateCachedCredentialInteractiveAsync(terminal: ITerminal, onlyIfExistingCredentialExpiresAfter?: Date): Promise<void>;
 }
 
 // @public (undocumented)
 
@@ -6,6 +6,12 @@
       "description": "Rush plugin for Azure storage cloud build cache",
       "entryPoint": "lib/index.js",
       "optionsSchema": "lib/schemas/azure-blob-storage-config.schema.json"
+    },
+    {
+      "pluginName": "rush-azure-interactive-auth-plugin",
+      "description": "Rush plugin for interactive authentication to Azure",
+      "entryPoint": "lib/RushAzureInteractiveAuthPlugin.js",
+      "optionsSchema": "lib/schemas/azure-interactive-auth.schema.json"
     }
   ]
 }
@@ -96,15 +96,31 @@ export class AzureStorageAuthentication {
     );
   }
 
-  public async updateCachedCredentialInteractiveAsync(terminal: ITerminal): Promise<void> {
-    const sasQueryParameters: SASQueryParameters = await this._getSasQueryParametersAsync(terminal);
-    const sasString: string = sasQueryParameters.toString();
-
+  /**
+   * Launches an interactive flow to renew a cached credential.
+   *
+   * @param terminal - The terminal to log output to
+   * @param onlyIfExistingCredentialExpiresAfter - If specified, and a cached credential exists that is still valid
+   * after the date specified, no action will be taken.
+   */
+  public async updateCachedCredentialInteractiveAsync(terminal: ITerminal, onlyIfExistingCredentialExpiresAfter?: Date): Promise<void> {
     await CredentialCache.usingAsync(
       {
         supportEditing: true
       },
       async (credentialsCache: CredentialCache) => {
+        if (onlyIfExistingCredentialExpiresAfter) {
+          const existingCredentialExpiration: Date | undefined = credentialsCache.tryGetCacheEntry(
+            this._credentialCacheId
+          )?.expires;
+          if (existingCredentialExpiration && existingCredentialExpiration > onlyIfExistingCredentialExpiresAfter) {
+            return;
+          }
+        }
+
+        const sasQueryParameters: SASQueryParameters = await this._getSasQueryParametersAsync(terminal);
+        const sasString: string = sasQueryParameters.toString();
+
         credentialsCache.setCacheEntry(this._credentialCacheId, sasString, sasQueryParameters.expiresOn);
         await credentialsCache.saveIfModifiedAsync();
       }
 
@@ -0,0 +1,115 @@
+// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
+// See LICENSE in the project root for license information.
+
+import type { IRushPlugin, RushSession, RushConfiguration, ILogger } from '@rushstack/rush-sdk';
+import type { AzureEnvironmentNames } from './AzureStorageAuthentication';
+
+const PLUGIN_NAME: 'AzureInteractiveAuthPlugin' = 'AzureInteractiveAuthPlugin';
+
+/**
+ * @public
+ */
+export interface IAzureInteractiveAuthOptions {
+  /**
+   * The name of the the Azure storage account to authenticate to.
+   */
+  readonly storageAccountName: string;
+
+  /**
+   * The name of the container in the Azure storage account to authenticate to.
+   */
+  readonly storageContainerName: string;
+
+  /**
+   * The Azure environment the storage account exists in. Defaults to AzureCloud.
+   */
+  readonly azureEnvironment?: AzureEnvironmentNames;
+
+  /**
+   * If specified and a credential exists that will be valid for at least this many minutes from the time
+   * of execution, no action will be taken.
+   */
+  readonly minimumValidityInMinutes?: number;
+
+  /**
+   * The set of Rush global commands before which credentials should be updated.
+   */
+  readonly globalCommands?: string[];
+
+  /**
+   * The set of Rush phased commands before which credentials should be updated.
+   */
+  readonly phasedCommands?: string[];
+}
+
+/**
+ * This plugin is for performing interactive authentication to an arbitrary Azure blob storage account.
+ * It is meant to be used for scenarios where custom commands may interact with Azure blob storage beyond
+ * the scope of the build cache (for build cache, use the RushAzureStorageBuildCachePlugin).
+ *
+ * However, since the authentication has the same dependencies, if the repository already uses the build
+ * cache plugin, the additional functionality for authentication can be provided at minimal cost.
+ *
+ * @public
+ */
+export default class RushAzureInteractieAuthPlugin implements IRushPlugin {
+  private readonly _options: IAzureInteractiveAuthOptions | undefined;
+
+  public readonly pluginName: 'AzureInteractiveAuthPlugin' = PLUGIN_NAME;
+
+  public constructor(options: IAzureInteractiveAuthOptions | undefined) {
+    this._options = options;
+  }
+
+  public apply(rushSession: RushSession, rushConfig: RushConfiguration): void {
+    const options: IAzureInteractiveAuthOptions | undefined = this._options;
+
+    if (!options) {
+      // Plugin is not enabled.
+      return;
+    }
+
+    const { globalCommands, phasedCommands } = options;
+
+    const { hooks } = rushSession;
+
+    const handler: () => Promise<void> = async () => {
+      const { AzureStorageAuthentication } = await import('./AzureStorageAuthentication');
+      const {
+        storageAccountName,
+        storageContainerName,
+        azureEnvironment = 'AzurePublicCloud',
+        minimumValidityInMinutes
+      } = options;
+
+      const logger: ILogger = rushSession.getLogger(PLUGIN_NAME);
+      logger.terminal.writeLine(
+        `Authenticating to Azure container "${storageContainerName}" on account "${storageAccountName}" in environment "${azureEnvironment}".`
+      );
+
+      let minimumExpiry: Date | undefined;
+      if (typeof minimumValidityInMinutes === 'number') {
+        minimumExpiry = new Date(Date.now() + minimumValidityInMinutes * 60 * 1000);
+      }
+
+      await new AzureStorageAuthentication({
+        storageAccountName: storageAccountName,
+        storageContainerName: storageContainerName,
+        azureEnvironment: options.azureEnvironment,
+        isCacheWriteAllowed: true
+      }).updateCachedCredentialInteractiveAsync(logger.terminal, minimumExpiry);
+    };
+
+    if (globalCommands) {
+      for (const commandName of globalCommands) {
+        hooks.runGlobalCustomCommand.for(commandName).tapPromise(PLUGIN_NAME, handler);
+      }
+    }
+
+    if (phasedCommands) {
+      for (const commandName of phasedCommands) {
+        hooks.runPhasedCommand.for(commandName).tapPromise(PLUGIN_NAME, handler);
+      }
+    }
+  }
+}
@@ -0,0 +1,49 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "title": "Configuration for Azure interactive auth prompt",
+
+  "type": "object",
+
+  "additionalProperties": false,
+
+  "required": ["storageAccountName", "storageContainerName"],
+
+  "properties": {
+    "storageAccountName": {
+      "type": "string",
+      "description": "(Required) The name of the the Azure storage account to authenticate to."
+    },
+
+    "storageContainerName": {
+      "type": "string",
+      "description": "(Required) The name of the container in the Azure storage account to authenticate to."
+    },
+
+    "azureEnvironment": {
+      "type": "string",
+      "description": "The Azure environment the storage account exists in. Defaults to AzurePublicCloud.",
+      "enum": ["AzurePublicCloud", "AzureChina", "AzureGermany", "AzureGovernment"]
+    },
+
+    "minimumValidityInMinutes": {
+      "type": "number",
+      "description": "If specified and a credential exists that will be valid for at least this many minutes from the time of execution, no action will be taken."
+    },
+
+    "globalCommands": {
+      "type": "array",
+      "description": "The set of global rush commands before which this plugin should update credentials.",
+      "items": {
+        "type": "string"
+      }
+    },
+
+    "phasedCommands": {
+      "type": "array",
+      "description": "The set of phased rush commands before which this plugin should update credentials.",
+      "items": {
+        "type": "string"
+      }
+    }
+  }
+}
Original file line number	Diff line number	Diff line change
`@@ -43,8 +43,7 @@ export class AzureStorageAuthentication {`
`43`	`43`	`tryGetCachedCredentialAsync(): Promise<string \| undefined>;`
`44`	`44`	`// (undocumented)`
`45`	`45`	`updateCachedCredentialAsync(terminal: ITerminal, credential: string): Promise<void>;`
`46`		`- // (undocumented)`
`47`		`- updateCachedCredentialInteractiveAsync(terminal: ITerminal): Promise<void>;`
	`46`	`+ updateCachedCredentialInteractiveAsync(terminal: ITerminal, onlyIfExistingCredentialExpiresAfter?: Date): Promise<void>;`
`48`	`47`	`}`
`49`	`48`
`50`	`49`	`// @public (undocumented)`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,12 @@`
`6`	`6`	`"description": "Rush plugin for Azure storage cloud build cache",`
`7`	`7`	`"entryPoint": "lib/index.js",`
`8`	`8`	`"optionsSchema": "lib/schemas/azure-blob-storage-config.schema.json"`
	`9`	`+ },`
	`10`	`+ {`
	`11`	`+ "pluginName": "rush-azure-interactive-auth-plugin",`
	`12`	`+ "description": "Rush plugin for interactive authentication to Azure",`
	`13`	`+ "entryPoint": "lib/RushAzureInteractiveAuthPlugin.js",`
	`14`	`+ "optionsSchema": "lib/schemas/azure-interactive-auth.schema.json"`
`9`	`15`	`}`
`10`	`16`	`]`
`11`	`17`	`}`