Update to latest keyvault APIs (#318)

packages/publisher/package.json

@@ -7,22 +7,21 @@
   "description": "Publish DefinitelyTyped definitions to NPM",
   "dependencies": {
     "@azure/functions": "^1.2.3",
+    "@azure/identity": "^1.5.2",
+    "@azure/keyvault-secrets": "^4.3.0",
     "@definitelytyped/definitions-parser": "^0.0.89-next.0",
     "@definitelytyped/header-parser": "^0.0.88",
     "@definitelytyped/retag": "^0.0.89-next.0",
     "@definitelytyped/typescript-versions": "^0.0.88",
     "@definitelytyped/utils": "^0.0.89-next.0",
     "@octokit/rest": "^16.1.0",
-    "adal-node": "^0.1.22",
     "applicationinsights": "^1.0.7",
-    "azure-keyvault": "^3.0.4",
     "fs-extra": "^9.1.0",
     "fstream": "^1.0.12",
     "hh-mm-ss": "^1.2.0",
     "longjohn": "^0.2.11",
     "oboe": "^2.1.3",
     "source-map-support": "^0.4.0",
-    "travis-fold": "^0.1.2",
     "typescript": "^4.1.0",
     "yargs": "15.3.1"
   },
@@ -32,7 +31,6 @@
     "@types/mz": "^0.0.31",
     "@types/oboe": "^2.0.28",
     "@types/source-map-support": "^0.4.0",
-    "@types/travis-fold": "^0.1.0",
     "@types/yargs": "^15.0.4"
   },
   "scripts": {

packages/publisher/src/lib/secrets.ts

@@ -1,6 +1,6 @@
-import { AuthenticationContext } from "adal-node";
-import { KeyVaultClient, KeyVaultCredentials } from "azure-keyvault";
-import { mapDefined } from "@definitelytyped/utils";
+import { DefaultAzureCredential } from "@azure/identity";
+import { SecretClient } from "@azure/keyvault-secrets";
+import { assertDefined, mapDefined } from "@definitelytyped/utils";
 import { azureKeyvault } from "./settings";
 
 export enum Secret {
@@ -31,33 +31,19 @@ export const allSecrets: Secret[] = mapDefined(Object.keys(Secret), key => {
   return typeof value === "number" ? value : undefined; // tslint:disable-line strict-type-predicates (tslint bug)
 });
 
-export async function getSecret(secret: Secret): Promise<string> {
-  const clientId = process.env.TYPES_PUBLISHER_CLIENT_ID;
-  const clientSecret = process.env.TYPES_PUBLISHER_CLIENT_SECRET;
-  if (!(clientId && clientSecret)) {
-    throw new Error("Must set the TYPES_PUBLISHER_CLIENT_ID and TYPES_PUBLISHER_CLIENT_SECRET environment variables.");
+export async function getSecret(secretId: Secret): Promise<string> {
+  const clientId = process.env.AZURE_CLIENT_ID;
+  const clientSecret = process.env.AZURE_CLIENT_SECRET;
+  const tenantId = process.env.AZURE_TENANT_ID;
+  if (!(clientId && clientSecret && tenantId)) {
+    throw new Error("Must set the AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID environment variables.");
   }
 
-  // Copied from example usage at https://www.npmjs.com/package/azure-keyvault
-  const credentials = new KeyVaultCredentials((challenge, callback) => {
-    const context = new AuthenticationContext(challenge.authorization);
-    context.acquireTokenWithClientCredentials(challenge.resource, clientId, clientSecret, (error, tokenResponse) => {
-      if (error) {
-        throw error;
-      }
-      callback(undefined, `${tokenResponse!.tokenType} ${tokenResponse!.accessToken}`);
-    });
-  });
-
-  const client = new KeyVaultClient(credentials);
+  const credential = new DefaultAzureCredential();
+  const client = new SecretClient(azureKeyvault, credential);
 
   // Convert `AZURE_STORAGE_ACCESS_KEY` to `azure-storage-access-key` -- for some reason, Azure wouldn't allow secret names with underscores.
-  const azureSecretName = Secret[secret].toLowerCase().replace(/_/g, "-");
-  // console.log("Getting secret versions for: " + azureSecretName);
-  const versions = await client.getSecretVersions(azureKeyvault, azureSecretName);
-  versions.sort((a, b) => (a.attributes.created.getTime() < b.attributes.created.getTime() ? 1 : -1));
-  // console.log(versions);
-  const urlParts = versions[0].id.split("/");
-  const latest = urlParts[urlParts.length - 1];
-  return (await client.getSecret(azureKeyvault, azureSecretName, latest)).value;
+  const azureSecretName = Secret[secretId].toLowerCase().replace(/_/g, "-");
+  const secret = await client.getSecret(azureSecretName);
+  return assertDefined(secret.value);
 }