From 0fc10fe6177cb07686988fcef32da9521f00adea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 09:46:43 -0700 Subject: [PATCH 1/6] Bump launch-editor from 2.6.1 to 2.14.1 (#2508) Bumps [launch-editor](https://github.com/vitejs/launch-editor) from 2.6.1 to 2.14.1. - [Commits](https://github.com/vitejs/launch-editor/compare/v2.6.1...v2.14.1) --- updated-dependencies: - dependency-name: launch-editor dependency-version: 2.14.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 385c69c6d..8f66432e5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22317,18 +22317,25 @@ "license": "Apache-2.0" }, "node_modules/launch-editor": { - "version": "2.6.1", + "version": "2.14.1", + "resolved": "https://registry.npmjs.org/launch-editor/-/launch-editor-2.14.1.tgz", + "integrity": "sha512-QWBrQsMpH7gPr965dsKD/3cKWiNoTjpATQf++Xq63N6sKRGMwlVXz41O1IZTMfZQgBctD/K5Zt06+/I6pP6+HA==", "dev": true, "license": "MIT", "dependencies": { - "picocolors": "^1.0.0", - "shell-quote": "^1.8.1" + "picocolors": "^1.1.1", + "shell-quote": "^1.8.4" } }, "node_modules/launch-editor/node_modules/shell-quote": { - "version": "1.8.1", + "version": "1.8.4", + "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.4.tgz", + "integrity": "sha512-VsC6n6vz1ihYYyZZwX7YZSF5l5x36ca17OC+a69h94YqB7X6XLwf+5MOgynYir2SLFUbl8gIYvBo8K8RoNQ6bQ==", "dev": true, "license": "MIT", + "engines": { + "node": ">= 0.4" + }, "funding": { "url": "https://github.com/sponsors/ljharb" } From 0f385a9058f602413286575a9932990ca9a0e29b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 14:10:46 -0700 Subject: [PATCH 2/6] Bump brace-expansion from 1.1.12 to 1.1.15 (#2507) Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.12 to 1.1.15. - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15) --- updated-dependencies: - dependency-name: brace-expansion dependency-version: 1.1.15 dependency-type: direct:development ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 9 +++++---- package.json | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8f66432e5..9edd34077 100644 --- a/package-lock.json +++ b/package-lock.json @@ -163,7 +163,7 @@ "@webpack-cli/serve": "2.0.5", "babel-jest": "29.7.0", "babel-loader": "8.1.0", - "brace-expansion": "1.1.12", + "brace-expansion": "1.1.15", "buffer": "5.1.0", "case-sensitive-paths-webpack-plugin": "2.4.0", "create-file-webpack": "1.0.2", @@ -11679,9 +11679,10 @@ } }, "node_modules/brace-expansion": { - "version": "1.1.12", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", - "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "version": "1.1.15", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz", + "integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==", + "license": "MIT", "dependencies": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" diff --git a/package.json b/package.json index 19efa3a9b..84299d2cc 100644 --- a/package.json +++ b/package.json @@ -173,7 +173,7 @@ "@webpack-cli/serve": "2.0.5", "babel-jest": "29.7.0", "babel-loader": "8.1.0", - "brace-expansion": "1.1.12", + "brace-expansion": "1.1.15", "buffer": "5.1.0", "case-sensitive-paths-webpack-plugin": "2.4.0", "create-file-webpack": "1.0.2", From a598411c0081ca8ab524726db79f3aae5bd6a445 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jun 2026 13:15:31 -0700 Subject: [PATCH 3/6] Bump qs and express (#2497) Bumps [qs](https://github.com/ljharb/qs) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together. Updates `qs` from 6.14.1 to 6.15.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](https://github.com/ljharb/qs/compare/v6.14.1...v6.15.2) Updates `express` from 4.22.1 to 4.22.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.2/History.md) - [Commits](https://github.com/expressjs/express/compare/v4.22.1...v4.22.2) --- updated-dependencies: - dependency-name: express dependency-version: 4.22.2 dependency-type: indirect - dependency-name: qs dependency-version: 6.15.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 37 ++++++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9edd34077..06535b293 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11604,10 +11604,11 @@ } }, "node_modules/body-parser": { - "version": "1.20.4", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz", - "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==", + "version": "1.20.5", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.5.tgz", + "integrity": "sha512-3grm+/2tUOvu2cjJkvsIxrv/wVpfXQW4PsQHYm7yk4vfpu7Ekl6nEsYBoJUL6qDwZUx8wUhQ8tR2qz+ad9c9OA==", "dev": true, + "license": "MIT", "dependencies": { "bytes": "~3.1.2", "content-type": "~1.0.5", @@ -11617,7 +11618,7 @@ "http-errors": "~2.0.1", "iconv-lite": "~0.4.24", "on-finished": "~2.4.1", - "qs": "~6.14.0", + "qs": "~6.15.1", "raw-body": "~2.5.3", "type-is": "~1.6.18", "unpipe": "~1.0.0" @@ -11632,6 +11633,7 @@ "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dev": true, + "license": "MIT", "dependencies": { "ms": "2.0.0" } @@ -11641,6 +11643,7 @@ "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", "dev": true, + "license": "MIT", "dependencies": { "safer-buffer": ">= 2.1.2 < 3" }, @@ -11652,7 +11655,8 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "dev": true + "dev": true, + "license": "MIT" }, "node_modules/bonjour-service": { "version": "1.3.0", @@ -12348,6 +12352,7 @@ "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", "dev": true, + "license": "MIT", "engines": { "node": ">= 0.6" } @@ -15225,14 +15230,15 @@ } }, "node_modules/express": { - "version": "4.22.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz", - "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==", + "version": "4.22.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.22.2.tgz", + "integrity": "sha512-IuL+Elrou2ZvCFHs18/CIzy2Nzvo25nZ1/D2eIZlz7c+QUayAcYoiM2BthCjs+EBHVpjYjcuLDAiCWgeIX3X1Q==", "dev": true, + "license": "MIT", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", - "body-parser": "~1.20.3", + "body-parser": "~1.20.5", "content-disposition": "~0.5.4", "content-type": "~1.0.4", "cookie": "~0.7.1", @@ -15251,7 +15257,7 @@ "parseurl": "~1.3.3", "path-to-regexp": "~0.1.12", "proxy-addr": "~2.0.7", - "qs": "~6.14.0", + "qs": "~6.15.1", "range-parser": "~1.2.1", "safe-buffer": "5.2.1", "send": "~0.19.0", @@ -22770,6 +22776,7 @@ "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", "dev": true, + "license": "MIT", "engines": { "node": ">= 0.6" } @@ -24506,9 +24513,10 @@ } }, "node_modules/qs": { - "version": "6.14.1", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz", - "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==", + "version": "6.15.2", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz", + "integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==", + "license": "BSD-3-Clause", "dependencies": { "side-channel": "^1.1.0" }, @@ -24593,6 +24601,7 @@ "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz", "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==", "dev": true, + "license": "MIT", "dependencies": { "bytes": "~3.1.2", "http-errors": "~2.0.1", @@ -24608,6 +24617,7 @@ "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", "dev": true, + "license": "MIT", "dependencies": { "safer-buffer": ">= 2.1.2 < 3" }, @@ -27407,6 +27417,7 @@ "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", "dev": true, + "license": "MIT", "dependencies": { "media-typer": "0.3.0", "mime-types": "~2.1.24" From df87b40584639915ffa307a961695e889c2da02d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jun 2026 16:36:20 -0700 Subject: [PATCH 4/6] Bump qs from 6.14.1 to 6.15.2 in /preview (#2496) Bumps [qs](https://github.com/ljharb/qs) from 6.14.1 to 6.15.2. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](https://github.com/ljharb/qs/compare/v6.14.1...v6.15.2) --- updated-dependencies: - dependency-name: qs dependency-version: 6.15.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- preview/package-lock.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/preview/package-lock.json b/preview/package-lock.json index f2b68ac65..93cf042fd 100644 --- a/preview/package-lock.json +++ b/preview/package-lock.json @@ -695,7 +695,9 @@ } }, "node_modules/qs": { - "version": "6.14.1", + "version": "6.15.2", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz", + "integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==", "license": "BSD-3-Clause", "dependencies": { "side-channel": "^1.1.0" From 4f9a987d28231cf485fae6f079b325fa84a17a15 Mon Sep 17 00:00:00 2001 From: vchske Date: Tue, 9 Jun 2026 11:14:17 -0700 Subject: [PATCH 5/6] Removing temporary debug logging (#2509) * Adding further console logging but also fixed lines with JSON.stringify(error) * Added retry mechanism for GETs for armRequest workflow * Moved stringifyError into its own file as it was causing strict compile issues in ErrorHandlingUtils * Removing temporary debug logging * Undoing eslint change as well --- .eslintrc.js | 2 +- src/Common/ErrorHandlingUtils.ts | 1 - src/Common/dataAccess/readDatabases.ts | 51 +++++++------------ src/Explorer/Explorer.tsx | 11 ---- .../generatedClients/cosmos/sqlResources.ts | 10 +--- src/Utils/arm/request.ts | 10 ---- 6 files changed, 19 insertions(+), 66 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index d4675ee95..fb1ed3a73 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -40,7 +40,7 @@ module.exports = { }, ], rules: { - //CTODO uncomment when console debugging is reverted: "no-console": ["error", { allow: ["error", "warn", "dir"] }], + "no-console": ["error", { allow: ["error", "warn", "dir"] }], curly: "error", "@typescript-eslint/switch-exhaustiveness-check": "error", "@typescript-eslint/no-unused-vars": "error", diff --git a/src/Common/ErrorHandlingUtils.ts b/src/Common/ErrorHandlingUtils.ts index 0f205eebc..6996f19cd 100644 --- a/src/Common/ErrorHandlingUtils.ts +++ b/src/Common/ErrorHandlingUtils.ts @@ -21,7 +21,6 @@ export const handleError = ( consoleErrorPrefix?: string, options?: HandleErrorOptions, ): void => { - console.log("{{cdbp}} in handleError(): raw error: " + stringifyError(error)); //CTODO in case a stray error happens const errorMessage = getErrorMessage(error); const errorCode = error instanceof ARMError ? error.code : undefined; diff --git a/src/Common/dataAccess/readDatabases.ts b/src/Common/dataAccess/readDatabases.ts index ace64c058..e9f43e65f 100644 --- a/src/Common/dataAccess/readDatabases.ts +++ b/src/Common/dataAccess/readDatabases.ts @@ -1,4 +1,3 @@ -import { stringifyError } from "Common/stringifyError"; import { CosmosDbArtifactType } from "Contracts/FabricMessagesContract"; import { isFabric, isFabricMirroredKey, isFabricNative } from "Platform/Fabric/FabricUtil"; import { AuthType } from "../../AuthType"; @@ -27,7 +26,6 @@ export async function readDatabases(): Promise { (userContext.fabricContext?.artifactInfo as FabricArtifactInfo[CosmosDbArtifactType.MIRRORED_KEY]).resourceTokenInfo .resourceTokens ) { - console.log("{{cdbp}} in readDatabases(): isFabricMirroredKey && has resourceTokens"); //CTODO should not get here const tokensData = (userContext.fabricContext.artifactInfo as FabricArtifactInfo[CosmosDbArtifactType.MIRRORED_KEY]) .resourceTokenInfo; @@ -61,7 +59,6 @@ export async function readDatabases(): Promise { clearMessage(); return databases; } else if (isFabricNative() && userContext.fabricContext?.databaseName) { - console.log("{{cdbp}} in readDatabases(): isFabricNative"); //CTODO should not get here const databaseId = userContext.fabricContext.databaseName; databases = [ { @@ -84,15 +81,9 @@ export async function readDatabases(): Promise { userContext.apiType !== "Tables" && !isFabric() ) { - console.log("{{cdbp}} in readDatabases(): authType == AAD, enableSDKOperations, apiType != Tables, !isFabric"); - console.log("{{cdbp}} in readDatabases(): databaseaccount: " + userContext.databaseAccount); - console.log("{{cdbp}} in readDatabases(): calling readDatabasesWithARM"); databases = await readDatabasesWithARM(); - console.log("{{cdbp}} in readDatabases(): done readDatabasesWithARM"); } else { - console.log("{{cdbp}} in readDatabases(): calling SDK"); const sdkResponse = await client().databases.readAll().fetchAll(); - console.log("{{cdbp}} in readDatabases(): done SDK"); databases = sdkResponse.resources as DataModels.Database[]; } } catch (error) { @@ -117,30 +108,22 @@ export async function readDatabasesWithARM(accountOverride?: { const accountName = accountOverride?.accountName ?? userContext?.databaseAccount?.name ?? ""; const apiType = accountOverride?.apiType ?? userContext.apiType; - try { - switch (apiType) { - case "SQL": - console.log("{{cdbp}} in readDatabasesWithARM(): calling listSqlDatabases"); - rpResponse = await listSqlDatabases(subscriptionId, resourceGroup, accountName); - console.log("{{cdbp}} in readDatabasesWithARM(): done listSqlDatabases"); - break; - case "Mongo": - rpResponse = await listMongoDBDatabases(subscriptionId, resourceGroup, accountName); - break; - case "Cassandra": - rpResponse = await listCassandraKeyspaces(subscriptionId, resourceGroup, accountName); - break; - case "Gremlin": - rpResponse = await listGremlinDatabases(subscriptionId, resourceGroup, accountName); - break; - default: - throw new Error(`Unsupported default experience type: ${apiType}`); - } - - console.log("{{cdbp}} in readDatabasesWithARM(): response: " + JSON.stringify(rpResponse)); - return rpResponse?.value?.map((database) => database.properties?.resource as DataModels.Database) ?? []; - } catch (error) { - console.log("{{cdbp}} in readDatabasesWithARM(): ERROR: " + stringifyError(error)); - throw error; + switch (apiType) { + case "SQL": + rpResponse = await listSqlDatabases(subscriptionId, resourceGroup, accountName); + break; + case "Mongo": + rpResponse = await listMongoDBDatabases(subscriptionId, resourceGroup, accountName); + break; + case "Cassandra": + rpResponse = await listCassandraKeyspaces(subscriptionId, resourceGroup, accountName); + break; + case "Gremlin": + rpResponse = await listGremlinDatabases(subscriptionId, resourceGroup, accountName); + break; + default: + throw new Error(`Unsupported default experience type: ${apiType}`); } + + return rpResponse?.value?.map((database) => database.properties?.resource as DataModels.Database) ?? []; } diff --git a/src/Explorer/Explorer.tsx b/src/Explorer/Explorer.tsx index 03e5e72cd..7b4ee6096 100644 --- a/src/Explorer/Explorer.tsx +++ b/src/Explorer/Explorer.tsx @@ -402,27 +402,19 @@ export default class Explorer { }, startKey, ); - console.log("{{cdbp}} in refreshAllDatabases(): done readDatabases"); const currentDatabases = useDatabases.getState().databases; - console.log("{{cdbp}} in refreshAllDatabases(): currentDatabases: " + currentDatabases); const deltaDatabases = this.getDeltaDatabases(databases, currentDatabases); - console.log("{{cdbp}} in refreshAllDatabases(): deltaDatabases: " + deltaDatabases); let updatedDatabases = currentDatabases.filter( (database) => !deltaDatabases.toDelete.some((deletedDatabase) => deletedDatabase.id() === database.id()), ); - console.log("{{cdbp}} in refreshAllDatabases(): updatedDatabases after filter: " + updatedDatabases); updatedDatabases = [...updatedDatabases, ...deltaDatabases.toAdd].sort((db1, db2) => db1.id().localeCompare(db2.id()), ); - console.log("{{cdbp}} in refreshAllDatabases(): updatedDatabases after sort: " + updatedDatabases); useDatabases.setState({ databases: updatedDatabases, databasesFetchedSuccessfully: true }); scenarioMonitor.completePhase(MetricScenario.DatabaseLoad, ApplicationMetricPhase.DatabasesFetched); - console.log("{{cdbp}} in refreshAllDatabases(): calling refreshAndExpandNewDatabases"); await this.refreshAndExpandNewDatabases(deltaDatabases.toAdd, updatedDatabases); - console.log("{{cdbp}} in refreshAllDatabases(): done refreshAndExpandNewDatabases"); } catch (error) { - console.log("{{cdbp}} in refreshAllDatabases(): ERROR: " + stringifyError(error)); //CTODO this should be logged already but just in case const errorMessage = getErrorMessage(error); TelemetryProcessor.traceFailure( Action.LoadDatabases, @@ -612,7 +604,6 @@ export default class Explorer { ? databases : databases.filter((db) => db.isDatabaseExpanded() || db.id() === Constants.SavedQueries.DatabaseName); - console.log("{{cdbp}} in refreshAndExpandNewDatabases(): databasesToLoad: " + databasesToLoad); const startKey: number = TelemetryProcessor.traceStart(Action.LoadCollections, { dataExplorerArea: Constants.Areas.ResourceTree, }); @@ -621,7 +612,6 @@ export default class Explorer { try { await Promise.all( databasesToLoad.map(async (database: ViewModels.Database) => { - console.log("{{cdbp}} in refreshAndExpandNewDatabases(): loadCollections for database: " + database.id); await database.loadCollections(true); const isNewDatabase: boolean = _.some(newDatabases, (db: ViewModels.Database) => db.id() === database.id()); if (isNewDatabase) { @@ -641,7 +631,6 @@ export default class Explorer { // Start DatabaseTreeRendered โ€” React render cycle will complete it in ResourceTree scenarioMonitor.startPhase(MetricScenario.DatabaseLoad, ApplicationMetricPhase.DatabaseTreeRendered); } catch (error) { - console.log("{{cdbp}} in refreshAndExpandNewDatabases(): ERROR: " + stringifyError(error)); //CTODO this should be logged already but just in case TelemetryProcessor.traceFailure( Action.LoadCollections, { diff --git a/src/Utils/arm/generatedClients/cosmos/sqlResources.ts b/src/Utils/arm/generatedClients/cosmos/sqlResources.ts index 2e1677950..33b7dc620 100644 --- a/src/Utils/arm/generatedClients/cosmos/sqlResources.ts +++ b/src/Utils/arm/generatedClients/cosmos/sqlResources.ts @@ -6,7 +6,6 @@ Generated from: https://raw.githubusercontent.com/Azure/azure-rest-api-specs/main/specification/cosmos-db/resource-manager/Microsoft.DocumentDB/DocumentDB/preview/2025-11-01-preview/cosmos-db.json */ -import { stringifyError } from "Common/stringifyError"; import { configContext } from "../../../../ConfigContext"; import { armRequest } from "../../request"; import * as Types from "./types"; @@ -19,14 +18,7 @@ export async function listSqlDatabases( accountName: string, ): Promise { const path = `/subscriptions/${subscriptionId}/resourceGroups/${resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/${accountName}/sqlDatabases`; - console.log("{{cdbp}} in listSqlDatabases(): path: " + path); - try { - console.log("{{cdbp}} in listSqlDatabases(): calling armRequest"); - return armRequest({ host: configContext.ARM_ENDPOINT, path, method: "GET", apiVersion }); - } catch (error) { - console.log("{{cdbp}} in listSqlDatabases(): ERROR: " + stringifyError(error)); - throw error; - } + return armRequest({ host: configContext.ARM_ENDPOINT, path, method: "GET", apiVersion }); } /* Gets the SQL database under an existing Azure Cosmos DB database account with the provided name. */ diff --git a/src/Utils/arm/request.ts b/src/Utils/arm/request.ts index f76665585..b6a927606 100644 --- a/src/Utils/arm/request.ts +++ b/src/Utils/arm/request.ts @@ -5,7 +5,6 @@ Instead, generate ARM clients that consume this function with stricter typing. */ -import { stringifyError } from "Common/stringifyError"; import promiseRetry, { AbortError } from "p-retry"; import { HttpHeaders } from "../../Common/Constants"; import { configContext } from "../../ConfigContext"; @@ -78,9 +77,6 @@ export async function armRequestWithoutPolling({ } if (!userContext?.authorizationToken && !customHeaders?.["Authorization"]) { - console.log( - "{{cdbp}} in armRequestWithoutPolling(): condition '!userContext?.authorizationToken && !customHeaders?.['Authorization']' met, throwing 'No authority token provided' error", - ); throw new Error("No authority token provided"); } @@ -98,9 +94,6 @@ export async function armRequestWithoutPolling({ }; const effectiveTimeoutMs = timeoutMs ?? DEFAULT_ARM_TIMEOUT_MS; - console.log( - `{{cdbp}} in armRequestWithoutPolling(): calling fetchWithRetry (method=${method}, timeoutMs=${effectiveTimeoutMs}, hasSignal=${!!signal})`, - ); const response = await fetchWithRetry(url.href, fetchInit, method, effectiveTimeoutMs, signal); if (!response.ok) { @@ -115,11 +108,9 @@ export async function armRequestWithoutPolling({ error.code = errorResponse.code; } } catch (error) { - console.log("{{cdbp}} in armRequestWithoutPolling(): ERROR: " + stringifyError(error)); throw new Error(await response.text()); } - console.log("{{cdbp}} in armRequestWithoutPolling(): ERROR: " + stringifyError(error)); throw error; } @@ -184,7 +175,6 @@ async function fetchWithRetry( (attemptNumber: number) => { const attemptTimeoutMs = timeoutMs * RETRY_TIMEOUT_MULTIPLIERS[Math.min(attemptNumber - 1, RETRY_TIMEOUT_MULTIPLIERS.length - 1)]; - console.log(`{{cdbp}} in fetchWithRetry(): calling fetchWithTimeout: attempt=${attemptNumber} url=${url}`); return fetchWithTimeout(url, fetchInit, attemptTimeoutMs); }, { From 40e8dee3570c5da9ed91732917fea2807bdfeb04 Mon Sep 17 00:00:00 2001 From: sunghyunkang1111 <114709653+sunghyunkang1111@users.noreply.github.com> Date: Thu, 11 Jun 2026 10:59:06 -0500 Subject: [PATCH 6/6] Fix playwright token leak (#2512) * ci: route Playwright reports through private Azure Storage container Replaces the public `/playwright-reports/*` static-website uploads and all GitHub Actions artifact uploads for Playwright traces/videos/blob-reports with uploads to a new private container `playwright-reports` on the same storage account. PR comments now link to an Azure Portal blob-properties deep link (requires AAD sign-in) instead of the previously anonymous static-site URL. Fixes MSRC finding: Playwright traces captured on test failure embed Authorization: Bearer headers, and the existing publish path made them anonymously downloadable. The new private container is RBAC-gated (Storage Blob Data Reader/Contributor at container scope) and the storage account already has anonymous blob access and shared-key access disabled. * ci: TEMP smoke-test single Playwright spec to validate MSRC plumbing Reduces the Playwright matrix to 1 shard and restricts the run to a single test in the searchableDropdown component fixture on Chrome. The fixture hits the local dev server only, so no Cosmos auth and no token captures happen \u2014 isolates the smoke test to the new Azure Storage upload/download/zip/PR-comment plumbing. REVERT THIS COMMIT before merging the parent PR. * ci: grant id-token: write to merge-playwright-reports job The merge job overrides workflow-level permissions with its own block (contents: read, pull-requests: write), which silently drops the workflow-level id-token: write. Without it, Azure/login@v2 cannot fetch the federated OIDC token and fails. Bug introduced when the Az login was relocated from the deleted publish-playwright-report job (which had id-token: write) into the merge job. * ci: trigger re-run after RBAC propagation * ci: trigger re-run after E2E_TESTS_CLIENT_ID SP grant * ci: flatten downloaded shard reports before merge az storage blob download-batch preserves the full blob path, but playwright merge-reports expects .zip files directly in the target directory. Flatten with find + mv after download. * ci: switch PR comment to ContainerMenuBlade deep link BlobPropertiesBladeV2 requires undocumented 'tabToload' and 'isDeleted' params we couldn't get past the Portal's grammar validator. ContainerMenuBlade has no required params and drops users directly into the playwright-reports container, where they navigate to \{run_id}-{attempt}/report.zip\ (one extra click vs. blob-direct). * ci: make report path more prominent in PR comment Surface the {run_id}-{attempt}/report.zip path on its own line so reviewers can copy-paste it into the Portal search instead of scanning the navigation prose. * Revert "ci: TEMP smoke-test single Playwright spec to validate MSRC plumbing" This reverts commit 308005f02ba9ea7c4abc5d9f4f6c089e2ff96a85. * ci: refresh OIDC token before shard upload GitHub OIDC client assertions are valid for only 5 minutes (JWT iat -> exp window). Playwright shards that take >5 min exhaust the validity window before the upload step runs, causing AADSTS700024 'Client assertion is not within its valid time range'. Add a fresh Azure/login@v2 step right before the upload to mint a new OIDC token. --- .github/workflows/ci.yml | 125 +++++++++++++++++++++++---------------- 1 file changed, 73 insertions(+), 52 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a3ced85dc..7d58ebe85 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -299,13 +299,26 @@ jobs: run: npx playwright test --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }} --list - name: Run test shard ${{ matrix['shardIndex'] }} of ${{ matrix['shardTotal']}} run: npx playwright test --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }} --workers=3 - - name: Upload blob report to GitHub Actions Artifacts + - name: "Re-auth for upload (refresh OIDC token)" if: ${{ !cancelled() }} - uses: actions/upload-artifact@v4 + uses: Azure/login@v2 with: - name: blob-report-${{ matrix.shardIndex }} - path: blob-report - retention-days: 1 + client-id: ${{ secrets.E2E_TESTS_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Upload shard blob-report to Azure Storage + if: ${{ !cancelled() }} + env: + KEY: ${{ github.run_id }}-${{ github.run_attempt }} + SHARD: ${{ matrix.shardIndex }} + run: | + az storage blob upload-batch \ + --account-name ${{ secrets.PREVIEW_STORAGE_ACCOUNT_NAME }} \ + --auth-mode login \ + -d playwright-reports \ + -s blob-report \ + --destination-path "${KEY}/shards/shard-${SHARD}" \ + --overwrite true merge-playwright-reports: name: "Merge Playwright Reports" @@ -317,6 +330,7 @@ jobs: permissions: contents: read pull-requests: write + id-token: write steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 @@ -325,29 +339,67 @@ jobs: - name: Install dependencies run: npm ci - - name: Download blob reports from GitHub Actions Artifacts - uses: actions/download-artifact@v4 + - name: "Az CLI login" + uses: Azure/login@v2 with: - path: all-blob-reports - pattern: blob-report-* - merge-multiple: true + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.PREVIEW_SUBSCRIPTION_ID }} + + - name: Download all shard reports from Azure Storage + env: + KEY: ${{ github.run_id }}-${{ github.run_attempt }} + run: | + mkdir -p all-blob-reports + az storage blob download-batch \ + --account-name ${{ secrets.PREVIEW_STORAGE_ACCOUNT_NAME }} \ + --auth-mode login \ + -s playwright-reports \ + --pattern "${KEY}/shards/*" \ + -d ./all-blob-reports + find ./all-blob-reports -type f -name "*.zip" -exec mv -t ./all-blob-reports {} + + find ./all-blob-reports -type d -empty -delete + ls -la ./all-blob-reports - name: Merge into HTML Report run: npx playwright merge-reports --reporter html ./all-blob-reports - - name: Upload HTML report - uses: actions/upload-artifact@v4 - with: - name: html-report--attempt-${{ github.run_attempt }} - path: playwright-report - retention-days: 14 + - name: Bundle merged report into a single zip + run: | + cd playwright-report + zip -r ../report.zip . + cd .. + + - name: Upload report.zip to Azure Storage + env: + KEY: ${{ github.run_id }}-${{ github.run_attempt }} + run: | + az storage blob upload \ + --account-name ${{ secrets.PREVIEW_STORAGE_ACCOUNT_NAME }} \ + --auth-mode login \ + -c playwright-reports \ + -n "${KEY}/report.zip" \ + -f report.zip \ + --overwrite + + - name: Clean up shard intermediates from Azure Storage + if: ${{ always() }} + env: + KEY: ${{ github.run_id }}-${{ github.run_attempt }} + run: | + az storage blob delete-batch \ + --account-name ${{ secrets.PREVIEW_STORAGE_ACCOUNT_NAME }} \ + --auth-mode login \ + -s playwright-reports \ + --pattern "${KEY}/shards/*" - name: Comment Playwright results on PR if: ${{ !cancelled() && github.event_name == 'pull_request' }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} PR: ${{ github.event.pull_request.number }} - REPORT_URL: https://dataexplorerpreview.z5.web.core.windows.net/playwright-reports/${{ github.run_id }}-${{ github.run_attempt }}/index.html + SA_ID: /subscriptions/${{ secrets.PREVIEW_SUBSCRIPTION_ID }}/resourceGroups/dataexplorer-preview/providers/Microsoft.Storage/storageAccounts/dataexplorerpreview + KEY: ${{ github.run_id }}-${{ github.run_attempt }} RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} run: | PLAYWRIGHT_JSON_OUTPUT_NAME=results.json npx playwright merge-reports --reporter json ./all-blob-reports @@ -355,6 +407,8 @@ jobs: BROKEN=$(gh api "repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}/jobs" \ --jq '[.jobs[] | select(.name | startswith("Run Playwright Tests")) | select(.conclusion == "failure")] | length') if [ "$FAILED" -gt 0 ] || [ "$BROKEN" -gt 0 ]; then ICON="โŒ failed"; else ICON="โœ… passed"; fi + SA_ENC=$(printf '%s' "$SA_ID" | jq -sRr @uri) + CONTAINER_URL="https://portal.azure.com/#view/Microsoft_Azure_Storage/ContainerMenuBlade/~/overview/storageAccountId/${SA_ENC}/path/playwright-reports" NOTE="" [ "$BROKEN" -gt 0 ] && NOTE=" @@ -365,38 +419,5 @@ jobs: | :---: | :---: | :---: | :---: | | $PASSED | $FAILED | $FLAKY | ${DURATION}s | - ๐Ÿ“Š [Open full report]($REPORT_URL) ยท [Workflow run]($RUN_URL)$NOTE" - - publish-playwright-report: - name: "Publish Playwright Report to Blob" - if: ${{ !cancelled() }} - needs: [merge-playwright-reports] - - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - steps: - - name: Download HTML report artifact - uses: actions/download-artifact@v4 - with: - name: html-report--attempt-${{ github.run_attempt }} - path: playwright-report - - - name: "Az CLI login" - uses: Azure/login@v2 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.PREVIEW_SUBSCRIPTION_ID }} - - - name: Upload Playwright report to blob storage - env: - KEY: ${{ github.run_id }}-${{ github.run_attempt }} - BASE: https://dataexplorerpreview.z5.web.core.windows.net - run: | - az storage blob upload-batch -d '$web' -s playwright-report \ - --destination-path "playwright-reports/${KEY}" \ - --account-name ${{ secrets.PREVIEW_STORAGE_ACCOUNT_NAME }} \ - --auth-mode login --overwrite true - echo "๐Ÿ“Š [Open Playwright report](${BASE}/playwright-reports/${KEY}/index.html)" >> $GITHUB_STEP_SUMMARY + ๐Ÿ“ **Report:** \`${KEY}/report.zip\` + [Open container]($CONTAINER_URL) (Azure sign-in required) โ†’ click into \`${KEY}\` folder โ†’ click \`report.zip\` โ†’ **Download** โ†’ unzip โ†’ open \`index.html\` ยท [Workflow run]($RUN_URL)$NOTE"