EnvironmentCredential correctly initializes UsernamePasswordCredential (#11127)

chlowell · web-flow · commit 98bb6e9c88ef · 2020-05-01T14:25:02.000-07:00
diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/environment.py b/sdk/identity/azure-identity/azure/identity/_credentials/environment.py
@@ -71,7 +71,7 @@ def __init__(self, **kwargs):
                 client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],
                 username=os.environ[EnvironmentVariables.AZURE_USERNAME],
                 password=os.environ[EnvironmentVariables.AZURE_PASSWORD],
-                tenant=os.environ.get(EnvironmentVariables.AZURE_TENANT_ID),  # optional for username/password auth
+                tenant_id=os.environ.get(EnvironmentVariables.AZURE_TENANT_ID),  # optional for username/password auth
                 **kwargs
             )
 
diff --git a/sdk/identity/azure-identity/tests/test_environment_credential.py b/sdk/identity/azure-identity/tests/test_environment_credential.py
@@ -53,3 +53,93 @@ def test_passes_authority_argument(credential_name, environment_variables):
     assert mock_credential.call_count == 1
     _, kwargs = mock_credential.call_args
     assert kwargs["authority"] == authority
+
+
+def test_client_secret_configuration():
+    """the credential should pass expected values and any keyword arguments to its inner credential"""
+
+    client_id = "client-id"
+    client_secret = "..."
+    tenant_id = "tenant_id"
+    bar = "bar"
+
+    environment = {
+        EnvironmentVariables.AZURE_CLIENT_ID: client_id,
+        EnvironmentVariables.AZURE_CLIENT_SECRET: client_secret,
+        EnvironmentVariables.AZURE_TENANT_ID: tenant_id,
+    }
+    with mock.patch(EnvironmentCredential.__module__ + ".ClientSecretCredential") as mock_credential:
+        with mock.patch.dict("os.environ", environment, clear=True):
+            EnvironmentCredential(foo=bar)
+
+    assert mock_credential.call_count == 1
+    _, kwargs = mock_credential.call_args
+    assert kwargs["client_id"] == client_id
+    assert kwargs["client_secret"] == client_secret
+    assert kwargs["tenant_id"] == tenant_id
+    assert kwargs["foo"] == bar
+
+
+def test_certificate_configuration():
+    """the credential should pass expected values and any keyword arguments to its inner credential"""
+
+    client_id = "client-id"
+    certificate_path = "..."
+    tenant_id = "tenant_id"
+    bar = "bar"
+
+    environment = {
+        EnvironmentVariables.AZURE_CLIENT_ID: client_id,
+        EnvironmentVariables.AZURE_CLIENT_CERTIFICATE_PATH: certificate_path,
+        EnvironmentVariables.AZURE_TENANT_ID: tenant_id,
+    }
+    with mock.patch(EnvironmentCredential.__module__ + ".CertificateCredential") as mock_credential:
+        with mock.patch.dict("os.environ", environment, clear=True):
+            EnvironmentCredential(foo=bar)
+
+    assert mock_credential.call_count == 1
+    _, kwargs = mock_credential.call_args
+    assert kwargs["client_id"] == client_id
+    assert kwargs["certificate_path"] == certificate_path
+    assert kwargs["tenant_id"] == tenant_id
+    assert kwargs["foo"] == bar
+
+
+def test_username_password_configuration():
+    """the credential should pass expected values and any keyword arguments to its inner credential"""
+
+    client_id = "client-id"
+    username = "me@work.com"
+    password = "password"
+    bar = "bar"
+
+    environment = {
+        EnvironmentVariables.AZURE_CLIENT_ID: client_id,
+        EnvironmentVariables.AZURE_USERNAME: username,
+        EnvironmentVariables.AZURE_PASSWORD: password,
+    }
+    with mock.patch(EnvironmentCredential.__module__ + ".UsernamePasswordCredential") as mock_credential:
+        with mock.patch.dict("os.environ", environment, clear=True):
+            EnvironmentCredential(foo=bar)
+
+    assert mock_credential.call_count == 1
+    _, kwargs = mock_credential.call_args
+    assert kwargs["client_id"] == client_id
+    assert kwargs["username"] == username
+    assert kwargs["password"] == password
+    assert kwargs["foo"] == bar
+
+    # optional tenant id should be used when set
+    tenant_id = "tenant-id"
+    environment = dict(environment, **{EnvironmentVariables.AZURE_TENANT_ID: tenant_id})
+    with mock.patch(EnvironmentCredential.__module__ + ".UsernamePasswordCredential") as mock_credential:
+        with mock.patch.dict("os.environ", environment, clear=True):
+            EnvironmentCredential(foo=bar)
+
+    assert mock_credential.call_count == 1
+    _, kwargs = mock_credential.call_args
+    assert kwargs["client_id"] == client_id
+    assert kwargs["username"] == username
+    assert kwargs["password"] == password
+    assert kwargs["tenant_id"] == tenant_id
+    assert kwargs["foo"] == bar
diff --git a/sdk/identity/azure-identity/tests/test_environment_credential_async.py b/sdk/identity/azure-identity/tests/test_environment_credential_async.py
@@ -47,3 +47,53 @@ def test_passes_authority_argument(credential_name, environment_variables):
     assert mock_credential.call_count == 1
     _, kwargs = mock_credential.call_args
     assert kwargs["authority"] == authority
+
+
+def test_client_secret_configuration():
+    """the credential should pass expected values and any keyword arguments to its inner credential"""
+
+    client_id = "client-id"
+    client_secret = "..."
+    tenant_id = "tenant_id"
+    bar = "bar"
+
+    environment = {
+        EnvironmentVariables.AZURE_CLIENT_ID: client_id,
+        EnvironmentVariables.AZURE_CLIENT_SECRET: client_secret,
+        EnvironmentVariables.AZURE_TENANT_ID: tenant_id,
+    }
+    with mock.patch(EnvironmentCredential.__module__ + ".ClientSecretCredential") as mock_credential:
+        with mock.patch.dict("os.environ", environment, clear=True):
+            EnvironmentCredential(foo=bar)
+
+    assert mock_credential.call_count == 1
+    _, kwargs = mock_credential.call_args
+    assert kwargs["client_id"] == client_id
+    assert kwargs["client_secret"] == client_secret
+    assert kwargs["tenant_id"] == tenant_id
+    assert kwargs["foo"] == bar
+
+
+def test_certificate_configuration():
+    """the credential should pass expected values and any keyword arguments to its inner credential"""
+
+    client_id = "client-id"
+    certificate_path = "..."
+    tenant_id = "tenant_id"
+    bar = "bar"
+
+    environment = {
+        EnvironmentVariables.AZURE_CLIENT_ID: client_id,
+        EnvironmentVariables.AZURE_CLIENT_CERTIFICATE_PATH: certificate_path,
+        EnvironmentVariables.AZURE_TENANT_ID: tenant_id,
+    }
+    with mock.patch(EnvironmentCredential.__module__ + ".CertificateCredential") as mock_credential:
+        with mock.patch.dict("os.environ", environment, clear=True):
+            EnvironmentCredential(foo=bar)
+
+    assert mock_credential.call_count == 1
+    _, kwargs = mock_credential.call_args
+    assert kwargs["client_id"] == client_id
+    assert kwargs["certificate_path"] == certificate_path
+    assert kwargs["tenant_id"] == tenant_id
+    assert kwargs["foo"] == bar
diff --git a/sdk/identity/azure-identity/tests/test_identity.py b/sdk/identity/azure-identity/tests/test_identity.py
@@ -244,53 +244,3 @@ def test_default_credential_shared_cache_use(mock_credential):
     assert mock_credential.call_count == 1
     assert mock_credential.supported.call_count == 1
     mock_credential.supported.reset_mock()
-
-
-def test_username_password_environment_credential():
-    client_id = "fake-client-id"
-    username = "foo@bar.com"
-    password = "password"
-    expected_token = "***"
-
-    create_transport = functools.partial(
-        validating_transport,
-        requests=[Request()] * 3,  # not validating requests because they're formed by MSAL
-        responses=[
-            # tenant discovery
-            mock_response(json_payload={"authorization_endpoint": "https://a/b", "token_endpoint": "https://a/b"}),
-            # user realm discovery, interests MSAL only when the response body contains account_type == "Federated"
-            mock_response(json_payload={}),
-            # token request
-            mock_response(
-                json_payload={
-                    "access_token": expected_token,
-                    "expires_in": 42,
-                    "token_type": "Bearer",
-                    "ext_expires_in": 42,
-                }
-            ),
-        ],
-    )
-
-    environment = {
-        EnvironmentVariables.AZURE_CLIENT_ID: client_id,
-        EnvironmentVariables.AZURE_USERNAME: username,
-        EnvironmentVariables.AZURE_PASSWORD: password,
-    }
-    with patch("os.environ", environment):
-        token = EnvironmentCredential(transport=create_transport()).get_token("scope")
-
-    # not validating expires_on because doing so requires monkeypatching time, and this is tested elsewhere
-    assert token.token == expected_token
-
-    # now with a tenant id
-    environment = {
-        EnvironmentVariables.AZURE_CLIENT_ID: client_id,
-        EnvironmentVariables.AZURE_USERNAME: username,
-        EnvironmentVariables.AZURE_PASSWORD: password,
-        EnvironmentVariables.AZURE_TENANT_ID: "tenant_id",
-    }
-    with patch("os.environ", environment):
-        token = EnvironmentCredential(transport=create_transport()).get_token("scope")
-
-    assert token.token == expected_token

Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ def __init__(self, **kwargs):`
`71`	`71`	`client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],`
`72`	`72`	`username=os.environ[EnvironmentVariables.AZURE_USERNAME],`
`73`	`73`	`password=os.environ[EnvironmentVariables.AZURE_PASSWORD],`
`74`		`- tenant=os.environ.get(EnvironmentVariables.AZURE_TENANT_ID), # optional for username/password auth`
	`74`	`+ tenant_id=os.environ.get(EnvironmentVariables.AZURE_TENANT_ID), # optional for username/password auth`
`75`	`75`	`**kwargs`
`76`	`76`	`)`
`77`	`77`