function createAndWrapKeyVaultClient()

in lib/keyVaultConfigurationResolver.js [163:216]


function createAndWrapKeyVaultClient(options) {
  if (!options) {
    throw new Error('No options provided for the key vault resolver.');
  }
  let client = options && options.getSecret && typeof(options.getSecret) === 'function' ? options : options.client;
  if (options.credentials && !client) {
    client = new azureKeyVault.KeyVaultClient(options.credentials);
  }
  if (!client) {
    let clientId = null;
    let clientSecret = null;
    let getClientCredentials = options.getClientCredentials;
    if (!getClientCredentials) {
      if (!options.clientId) {
        throw new Error('Must provide an Azure Active Directory "clientId" value to the key vault resolver.');
      }
      if (!options.clientSecret) {
        throw new Error('Must provide an Azure Active Directory "clientSecret" value to the key vault resolver.');
      }
      clientId = options.clientId;
      clientSecret = options.clientSecret;
    }
    async function resolveIfNeeded() {
      if (getClientCredentials && (!clientId || !clientSecret)) {
        const ret = await getClientCredentials();
        if (ret) {
          clientId = ret.clientId;
          clientSecret = ret.clientSecret;
        }
        if (!clientId || !clientSecret) {
          throw new Error('After calling getClientCredentials, "clientId" and/or "clientSecret" remained unset. These values are required to authenticate with the vault.');
        }
      }
    }
    const authenticator = (challenge, authCallback) => {
      const context = new adalNode.AuthenticationContext(challenge.authorization);
      // Support optional delayed secret resolution
      return resolveIfNeeded().then(() => {
        return context.acquireTokenWithClientCredentials(challenge.resource, clientId, clientSecret, (tokenAcquisitionError, tokenResponse) => {
          if (tokenAcquisitionError) {
            return authCallback(tokenAcquisitionError);
          }
          const authorizationValue = `${tokenResponse.tokenType} ${tokenResponse.accessToken}`;
          return authCallback(null, authorizationValue);
        });
      }).catch(err => {
        return authCallback(err);
      });
    };
    const credentials = new azureKeyVault.KeyVaultCredentials(authenticator);
    client = new azureKeyVault.KeyVaultClient(credentials);
  }
  return wrapClient(client);
}