[identity] The 1.1.0-preview.3 installation fails in certain environments due to a native dependency

[vjrantal]

• Package Name:

@azure/identity

• Package Version:

1.1.0-preview.3

Describe the bug

When adding a dependency to version 1.1.0-preview.3 of the package, npm install might fail unless the environment has right dependencies installed to build keytar.

To Reproduce

Steps to reproduce the behavior:

1. Create Dockerfile with following content:

FROM node:12-alpine

RUN npm install @azure/identity@1.1.0-preview.3

2. Run docker build .
3. Observe error with content like:

Step 2/2 : RUN npm install @azure/identity@1.1.0-preview.3
 ---> Running in eaa25a228d45

> keytar@5.6.0 install /node_modules/keytar
> prebuild-install || node-gyp rebuild

prebuild-install WARN install No prebuilt binaries found (target=12.16.2 runtime=node arch=x64 libc=musl platform=linux)

...

gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /node_modules/keytar
gyp ERR! node -v v12.16.2
gyp ERR! node-gyp -v v5.1.0
gyp ERR! not ok 

...

Expected behavior

Expected to be able to successfully install without a toolchain for building native binaries.

Additional context

One option might be to have keytar as optional dependency so that it can be installed if the feature that needs it is required. It is required by the VSCodeCredentials feature.

cc: @bterlson @schaabs

[slowpokex]

@vjrantal please pay attention to the doc about keytar@5.6.0, which used in @azure/identity package.json.
Doc says that we need to add libsecret package in Linux https://www.npmjs.com/package/keytar/v/5.6.0#on-linux
Because in Windows that lib uses Credential manager and in Mac that package uses Keychain.
For Linux systems we should install libsecret library

@jonathandturner can we avoid using keytar package in @azure/identity package?

[vjrantal]

It is true that it is documented how to build the package and those instructions works well.

The intent of this issue was that in a production deployment, the keytar dependency is often not needed because VSCodeCredentials is typically a development time feature. However, with the current package, a production build pipeline and runtime environment must include these additional dependencies which might be considered too much overhead for a feature that might not be needed at all.

[sophiajt]

We're currently investigating a fix for this, which we hope to be in place for the next release of the library. I'll link to more information once the fix is ready.

[sophiajt]

We've added a fix that makes the keytar dependency optional, rather than required. With this, you should be able to build and install @azure/identity even if you aren't able use keytar. If keytar is not available, we just disable the credentials that require it (currently just the VSCode credential)

More info available here: #10142

[joshfree]

@jonathandturner this issue can be closed now that #10142 has been merged, correct?

[sophiajt]

Yes, going ahead and closing as this should be available in 1.1.0-preview.5.