Skip to content

EnvironmentCredential correctly initializes UsernamePasswordCredential #11127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 1, 2020
Merged

EnvironmentCredential correctly initializes UsernamePasswordCredential #11127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3f8dfcf
EnvironmentCredential correctly initializes UsernamePasswordCredential
chlowell Apr 29, 2020
4872295
tests
chlowell Apr 29, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion sdk/identity/azure-identity/azure/identity/_credentials/environment.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ def __init__(self, **kwargs):
client_id=os.environ[EnvironmentVariables.AZURE_CLIENT_ID],
username=os.environ[EnvironmentVariables.AZURE_USERNAME],
password=os.environ[EnvironmentVariables.AZURE_PASSWORD],
tenant=os.environ.get(EnvironmentVariables.AZURE_TENANT_ID), # optional for username/password auth
tenant_id=os.environ.get(EnvironmentVariables.AZURE_TENANT_ID), # optional for username/password auth
**kwargs
)

Expand Down
90 changes: 90 additions & 0 deletions sdk/identity/azure-identity/tests/test_environment_credential.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,93 @@ def test_passes_authority_argument(credential_name, environment_variables):
assert mock_credential.call_count == 1
_, kwargs = mock_credential.call_args
assert kwargs["authority"] == authority


def test_client_secret_configuration():
"""the credential should pass expected values and any keyword arguments to its inner credential"""

client_id = "client-id"
client_secret = "..."
tenant_id = "tenant_id"
bar = "bar"

environment = {
EnvironmentVariables.AZURE_CLIENT_ID: client_id,
EnvironmentVariables.AZURE_CLIENT_SECRET: client_secret,
EnvironmentVariables.AZURE_TENANT_ID: tenant_id,
}
with mock.patch(EnvironmentCredential.__module__ + ".ClientSecretCredential") as mock_credential:
with mock.patch.dict("os.environ", environment, clear=True):
EnvironmentCredential(foo=bar)

assert mock_credential.call_count == 1
_, kwargs = mock_credential.call_args
assert kwargs["client_id"] == client_id
assert kwargs["client_secret"] == client_secret
assert kwargs["tenant_id"] == tenant_id
assert kwargs["foo"] == bar


def test_certificate_configuration():
"""the credential should pass expected values and any keyword arguments to its inner credential"""

client_id = "client-id"
certificate_path = "..."
tenant_id = "tenant_id"
bar = "bar"

environment = {
EnvironmentVariables.AZURE_CLIENT_ID: client_id,
EnvironmentVariables.AZURE_CLIENT_CERTIFICATE_PATH: certificate_path,
EnvironmentVariables.AZURE_TENANT_ID: tenant_id,
}
with mock.patch(EnvironmentCredential.__module__ + ".CertificateCredential") as mock_credential:
with mock.patch.dict("os.environ", environment, clear=True):
EnvironmentCredential(foo=bar)

assert mock_credential.call_count == 1
_, kwargs = mock_credential.call_args
assert kwargs["client_id"] == client_id
assert kwargs["certificate_path"] == certificate_path
assert kwargs["tenant_id"] == tenant_id
assert kwargs["foo"] == bar


def test_username_password_configuration():
"""the credential should pass expected values and any keyword arguments to its inner credential"""

client_id = "client-id"
username = "[email protected]"
password = "password"
bar = "bar"

environment = {
EnvironmentVariables.AZURE_CLIENT_ID: client_id,
EnvironmentVariables.AZURE_USERNAME: username,
EnvironmentVariables.AZURE_PASSWORD: password,
}
with mock.patch(EnvironmentCredential.__module__ + ".UsernamePasswordCredential") as mock_credential:
with mock.patch.dict("os.environ", environment, clear=True):
EnvironmentCredential(foo=bar)

assert mock_credential.call_count == 1
_, kwargs = mock_credential.call_args
assert kwargs["client_id"] == client_id
assert kwargs["username"] == username
assert kwargs["password"] == password
assert kwargs["foo"] == bar

# optional tenant id should be used when set
tenant_id = "tenant-id"
environment = dict(environment, **{EnvironmentVariables.AZURE_TENANT_ID: tenant_id})
with mock.patch(EnvironmentCredential.__module__ + ".UsernamePasswordCredential") as mock_credential:
with mock.patch.dict("os.environ", environment, clear=True):
EnvironmentCredential(foo=bar)

assert mock_credential.call_count == 1
_, kwargs = mock_credential.call_args
assert kwargs["client_id"] == client_id
assert kwargs["username"] == username
assert kwargs["password"] == password
assert kwargs["tenant_id"] == tenant_id
assert kwargs["foo"] == bar
50 changes: 50 additions & 0 deletions sdk/identity/azure-identity/tests/test_environment_credential_async.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,53 @@ def test_passes_authority_argument(credential_name, environment_variables):
assert mock_credential.call_count == 1
_, kwargs = mock_credential.call_args
assert kwargs["authority"] == authority


def test_client_secret_configuration():
"""the credential should pass expected values and any keyword arguments to its inner credential"""

client_id = "client-id"
client_secret = "..."
tenant_id = "tenant_id"
bar = "bar"

environment = {
EnvironmentVariables.AZURE_CLIENT_ID: client_id,
EnvironmentVariables.AZURE_CLIENT_SECRET: client_secret,
EnvironmentVariables.AZURE_TENANT_ID: tenant_id,
}
with mock.patch(EnvironmentCredential.__module__ + ".ClientSecretCredential") as mock_credential:
with mock.patch.dict("os.environ", environment, clear=True):
EnvironmentCredential(foo=bar)

assert mock_credential.call_count == 1
_, kwargs = mock_credential.call_args
assert kwargs["client_id"] == client_id
assert kwargs["client_secret"] == client_secret
assert kwargs["tenant_id"] == tenant_id
assert kwargs["foo"] == bar


def test_certificate_configuration():
"""the credential should pass expected values and any keyword arguments to its inner credential"""

client_id = "client-id"
certificate_path = "..."
tenant_id = "tenant_id"
bar = "bar"

environment = {
EnvironmentVariables.AZURE_CLIENT_ID: client_id,
EnvironmentVariables.AZURE_CLIENT_CERTIFICATE_PATH: certificate_path,
EnvironmentVariables.AZURE_TENANT_ID: tenant_id,
}
with mock.patch(EnvironmentCredential.__module__ + ".CertificateCredential") as mock_credential:
with mock.patch.dict("os.environ", environment, clear=True):
EnvironmentCredential(foo=bar)

assert mock_credential.call_count == 1
_, kwargs = mock_credential.call_args
assert kwargs["client_id"] == client_id
assert kwargs["certificate_path"] == certificate_path
assert kwargs["tenant_id"] == tenant_id
assert kwargs["foo"] == bar
50 changes: 0 additions & 50 deletions sdk/identity/azure-identity/tests/test_identity.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,53 +244,3 @@ def test_default_credential_shared_cache_use(mock_credential):
assert mock_credential.call_count == 1
assert mock_credential.supported.call_count == 1
mock_credential.supported.reset_mock()


def test_username_password_environment_credential():
client_id = "fake-client-id"
username = "[email protected]"
password = "password"
expected_token = "***"

create_transport = functools.partial(
validating_transport,
requests=[Request()] * 3, # not validating requests because they're formed by MSAL
responses=[
# tenant discovery
mock_response(json_payload={"authorization_endpoint": "https://a/b", "token_endpoint": "https://a/b"}),
# user realm discovery, interests MSAL only when the response body contains account_type == "Federated"
mock_response(json_payload={}),
# token request
mock_response(
json_payload={
"access_token": expected_token,
"expires_in": 42,
"token_type": "Bearer",
"ext_expires_in": 42,
}
),
],
)

environment = {
EnvironmentVariables.AZURE_CLIENT_ID: client_id,
EnvironmentVariables.AZURE_USERNAME: username,
EnvironmentVariables.AZURE_PASSWORD: password,
}
with patch("os.environ", environment):
token = EnvironmentCredential(transport=create_transport()).get_token("scope")

# not validating expires_on because doing so requires monkeypatching time, and this is tested elsewhere
assert token.token == expected_token

# now with a tenant id
environment = {
EnvironmentVariables.AZURE_CLIENT_ID: client_id,
EnvironmentVariables.AZURE_USERNAME: username,
EnvironmentVariables.AZURE_PASSWORD: password,
EnvironmentVariables.AZURE_TENANT_ID: "tenant_id",
}
with patch("os.environ", environment):
token = EnvironmentCredential(transport=create_transport()).get_token("scope")

assert token.token == expected_token