Skip to content

auth: Watch sovereign cloud config and fire onRefreshSuggested#2248

Merged
alexweininger merged 3 commits intomainfrom
fix/sovereign-cloud-config-watcher
Mar 26, 2026
Merged

auth: Watch sovereign cloud config and fire onRefreshSuggested#2248
alexweininger merged 3 commits intomainfrom
fix/sovereign-cloud-config-watcher

Conversation

@alexweininger
Copy link
Copy Markdown
Member

@alexweininger alexweininger commented Mar 26, 2026

Summary

The auth provider now watches the microsoft-sovereign-cloud config section for changes. When the sovereign cloud environment is switched, it:

  1. Clears all cached accounts, tenants, and subscriptions
  2. Fires onRefreshSuggested with a new 'cloudChange' reason

Why

Previously, consumers (e.g. vscode-azureresourcegroups) had to manually clear caches and refresh views when the sovereign cloud changed. The auth provider already watches azureResourceGroups.selectedSubscriptions and fires refresh events — sovereign cloud changes should follow the same pattern since they fundamentally invalidate all cached auth data.

Changes

  • RefreshSuggestedEvent.reason: Added 'cloudChange' to the union type
  • VSCodeAzureSubscriptionProvider: Added cloudChangeListener that watches microsoft-sovereign-cloud config, clears all caches, and fires onRefreshSuggested({ reason: 'cloudChange' })

Consumer impact

Consumers that listen to all onRefreshSuggested events (the default) will automatically refresh on sovereign cloud changes with no code changes needed.

Consumers that filter by reason (like the Accounts & Tenants tree, which only listens for sessionChange) need to also accept cloudChange. A corresponding change is in microsoft/vscode-azureresourcegroups#1416.

@alexweininger
Watch sovereign cloud config and fire onRefreshSuggested
c650e83 
Add a config watcher for the microsoft-sovereign-cloud setting section.
When the cloud environment changes, clear all cached accounts, tenants,
and subscriptions, then fire onRefreshSuggested with a new 'cloudChange'
reason so consumers can reload their trees.

Previously, consumers had to manually handle sovereign cloud changes by
explicitly clearing caches and refreshing views. Now the auth provider
handles this automatically.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@alexweininger alexweininger requested a review from a team as a code owner March 26, 2026 19:43
Copilot AI review requested due to automatic review settings March 26, 2026 19:43
@bwateratmsft bwateratmsft changed the title Watch sovereign cloud config and fire onRefreshSuggested auth: Watch sovereign cloud config and fire onRefreshSuggested Mar 26, 2026
bwateratmsft
bwateratmsft reviewed Mar 26, 2026
View reviewed changes
bwateratmsft
bwateratmsft reviewed Mar 26, 2026
View reviewed changes
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the auth subscription provider to react to sovereign cloud configuration changes by clearing cached auth data and notifying consumers via onRefreshSuggested, aligning sovereign cloud switching behavior with existing refresh patterns in the codebase.

Changes:

  • Added 'cloudChange' to RefreshSuggestedEvent.reason.
  • Added a VS Code configuration watcher for the microsoft-sovereign-cloud section that clears caches and fires onRefreshSuggested({ reason: 'cloudChange' }).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
auth/src/providers/VSCodeAzureSubscriptionProvider.ts Watches sovereign cloud config changes, clears caches, and emits refresh suggested events.
auth/src/contracts/AzureSubscriptionProvider.ts Extends RefreshSuggestedEvent.reason union to include 'cloudChange'.
Comments suppressed due to low confidence (2)

auth/src/providers/VSCodeAzureSubscriptionProvider.ts:58

  • fireRefreshSuggestedIfNeeded debounces/suppresses events for reasons other than subscriptionFilterChange. That means a cloudChange refresh can be swallowed (e.g., within the 2s debounce window or during sign-in suppression), leaving consumers unaware they need to refresh after a cloud switch. If cloud switches should always trigger refresh, update the suppression logic (likely in AzureSubscriptionProviderBase.fireRefreshSuggestedIfNeeded) to treat cloudChange like an explicit user action.
                this.clearAllCaches();
                this.fireRefreshSuggestedIfNeeded({ reason: 'cloudChange' });
            }

auth/src/providers/VSCodeAzureSubscriptionProvider.ts:84

  • clearAllCaches clears account/tenant/subscription caches, but it doesn’t clear availableSubscriptionsPromises. If a getAvailableSubscriptions call is in-flight during a cloud switch, a subsequent call with the same coalescence key can await and return results from the previous cloud. Consider also clearing the coalescence map (and/or making the key incorporate the configured cloud) when the environment changes.
    private clearAllCaches(): void {
        this.accountCache.clear();
        this.tenantCache.clear();
        this.subscriptionCache.clear();
        this.log('Cleared all caches due to cloud environment change');

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@alexweininger alexweininger mentioned this pull request Mar 26, 2026
Merged
alexweininger and others added 2 commits March 26, 2026 15:57
@alexweininger
Address PR feedback: merge listeners, inline cache clear, centralize …
5d05e42 
…constant

- Fold sovereign cloud config listener into existing config change listener
  as an else-if branch instead of registering two separate listeners
- Inline clearAllCaches() into the event handler
- Export CustomCloudConfigurationSection from configuredAzureEnv.ts and
  import it instead of duplicating the string

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@alexweininger
Bump version to 6.0.0-alpha.8
d192558
alexweininger
alexweininger commented Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member Author

@alexweininger alexweininger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Self-review notes:

All prior review feedback has been addressed:

  • Cloud config watcher is folded into the existing onDidChangeConfiguration listener as an else if
  • Cache-clearing is inlined rather than a separate method ✅
  • CustomCloudConfigurationSection is now imported from configuredAzureEnv.ts instead of duplicated ✅

The cache invalidation correctly clears all three caches (accounts, tenants, subscriptions) before firing onRefreshSuggested. The availableSubscriptionsPromises map doesn't need clearing since it's ephemeral promise coalescence, not a persistent cache.

Minor note: the reason type on RefreshSuggestedEvent is a string union — if more reasons keep getting added, it might eventually be worth extracting to a named type alias, but not needed now.

@alexweininger alexweininger merged commit 9505a3a into main Mar 26, 2026
4 checks passed
@alexweininger alexweininger deleted the fix/sovereign-cloud-config-watcher branch March 26, 2026 20:56
@alexweininger alexweininger mentioned this pull request Mar 26, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bwateratmsft bwateratmsft bwateratmsft left review comments

Copilot code review Copilot Copilot left review comments

@nturinski nturinski nturinski approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@alexweininger @nturinski @bwateratmsft