readd , , and

ansemb · ansemb · commit 279265f7d67e · 2026-01-13T16:34:03.000Z
diff --git a/src/artifacts-helper/scripts/az b/src/artifacts-helper/scripts/az
@@ -2,14 +2,8 @@
 # Azure CLI shim for GitHub Codespaces
 # Intercepts 'az account get-access-token' requests and uses azure-auth-helper
 # to acquire tokens via the ado-codespaces-auth VS Code extension.
-#
-# This enables DefaultAzureCredential's AzureCliCredential to work in Codespaces
-# without requiring 'az login' (which times out waiting for browser auth).
-#
-# To install: Copy this to /usr/local/share/codespace-shims/az
-# The shims directory should already be in PATH for Codespaces.
 
-# If ACTIONS_ID_TOKEN_REQUEST_URL is set, we're in GitHub Actions - skip interception
+# If ACTIONS_ID_TOKEN_REQUEST_URL is set, we are in GitHub Actions - skip interception
 if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then
     source "$(dirname $0)"/resolve-shim.sh
     AZ_EXE="$(resolve_shim)"
@@ -31,23 +25,16 @@ declare -A RESOURCE_TYPE_MAP=(
 
 # Check if this is a get-access-token request that we should intercept
 if [[ "$1" == "account" && "$2" == "get-access-token" ]]; then
-    # Parse arguments to extract --resource, --scope, or --resource-type
     resource=""
     scope=""
     resource_type=""
     prev=""
-    
+
     for arg in "${@:3}"; do
         case "$prev" in
-            --resource)
-                resource="$arg"
-                ;;
-            --scope)
-                scope="$arg"
-                ;;
-            --resource-type)
-                resource_type="$arg"
-                ;;
+            --resource) resource="$arg" ;;
+            --scope) scope="$arg" ;;
+            --resource-type) resource_type="$arg" ;;
         esac
         prev="$arg"
     done
@@ -58,12 +45,10 @@ if [[ "$1" == "account" && "$2" == "get-access-token" ]]; then
     fi
 
     # Determine the scope to request
-    # Priority: explicit --scope > --resource/.default > --resource-type/.default
     request_scope=""
     if [[ -n "$scope" ]]; then
         request_scope="$scope"
     elif [[ -n "$resource" ]]; then
-        # Append /.default if not already present
         if [[ "$resource" == *"/.default" ]]; then
             request_scope="$resource"
         else
@@ -73,21 +58,33 @@ if [[ "$1" == "account" && "$2" == "get-access-token" ]]; then
 
     # If we have a scope and azure-auth-helper exists, use it
     if [[ -n "$request_scope" && -f "${HOME}/azure-auth-helper" ]]; then
-        # Get token from azure-auth-helper
         token=$("${HOME}/azure-auth-helper" get-access-token "$request_scope" 2>/dev/null)
-        exit_code=$?
+        if [[ $? -eq 0 && -n "$token" ]]; then
+            # Calculate expiry timestamps (conservative 1 hour estimate)
+            # expires_on = POSIX timestamp, expiresOn = local datetime
+            if date --version >/dev/null 2>&1; then
+                # GNU date (Linux)
+                expires_on=$(date -d "+1 hour" "+%s")
+                expires_on_datetime=$(date -d "+1 hour" "+%Y-%m-%d %H:%M:%S.000000")
+            else
+                # BSD date (macOS)
+                expires_on=$(date -v+1H "+%s")
+                expires_on_datetime=$(date -v+1H "+%Y-%m-%d %H:%M:%S.000000")
+            fi
 
-        if [[ $exit_code -eq 0 && -n "$token" ]]; then
-            # Return in az CLI JSON format
+            # Return in az CLI JSON format (matching real az CLI output)
             cat <<EOF
 {
   "accessToken": "${token}",
+  "expiresOn": "${expires_on_datetime}",
+  "expires_on": ${expires_on},
+  "subscription": "",
+  "tenant": "",
   "tokenType": "Bearer"
 }
 EOF
             exit 0
         fi
-        # Fall through to real az CLI if azure-auth-helper fails
     fi
 fi
 
