Beispiel #1
0
        public async Task VerifyMSIRequest()
        {
            var pingResponse = new MockResponse(400);

            var response = new MockResponse(200);

            var expectedToken = "mock-msi-access-token";

            response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": 3600 }}");

            var mockTransport = new MockTransport(pingResponse, response);

            var options = new IdentityClientOptions()
            {
                Transport = mockTransport
            };

            var credential = new ManagedIdentityCredential(options: options);

            AccessToken actualToken = await credential.GetTokenAsync(MockScopes.Default);

            Assert.AreEqual(expectedToken, actualToken.Token);

            MockRequest request = mockTransport.Requests[1];

            string query = request.UriBuilder.Query;

            Assert.IsTrue(query.Contains("api-version=2018-02-01"));

            Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}"));

            Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string metadataValue));

            Assert.AreEqual("true", metadataValue);
        }
Beispiel #2
0
        public async Task VerifyAppService2019RequestWithClientIdMockAsync()
        {
            using (new TestEnvVar("IDENTITY_ENDPOINT", "https://identity.endpoint/"))
                using (new TestEnvVar("IDENTITY_HEADER", "mock-identity-header"))
                {
                    var expectedToken = "mock-access-token";
                    var response      = new MockResponse(200);
                    response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"3600\" }}");

                    var mockTransport = new MockTransport(response);
                    var options       = new TokenCredentialOptions {
                        Transport = mockTransport
                    };

                    ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential("mock-client-id", options));
                    AccessToken actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));

                    Assert.AreEqual(expectedToken, actualToken.Token);

                    MockRequest request = mockTransport.SingleRequest;
                    Assert.IsTrue(request.Uri.ToString().StartsWith(EnvironmentVariables.IdentityEndpoint));

                    string query = request.Uri.Query;
                    Assert.IsTrue(query.Contains("api-version=2019-08-01"));
                    Assert.IsTrue(query.Contains("client_id=mock-client-id"));
                    Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}"));
                    Assert.IsTrue(request.Headers.TryGetValue("X-IDENTITY-HEADER", out string identityHeader));

                    Assert.AreEqual(EnvironmentVariables.IdentityHeader, identityHeader);
                }
        }
        public async Task VerifyCloudShellMsiRequestWithClientIdMockAsync()
        {
            using (new TestEnvVar("MSI_ENDPOINT", "https://mock.msi.endpoint/"))
                using (new TestEnvVar("MSI_SECRET", null))
                {
                    var response = new MockResponse(200);

                    var expectedToken = "mock-msi-access-token";

                    response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": {(DateTimeOffset.UtcNow + TimeSpan.FromSeconds(3600)).ToUnixTimeSeconds()} }}");

                    var mockTransport = new MockTransport(response);

                    var options = new AzureCredentialOptions()
                    {
                        Transport = mockTransport
                    };

                    ManagedIdentityClient client = InstrumentClient(new ManagedIdentityClient(options));

                    AccessToken actualToken = await client.AuthenticateAsync(MockScopes.Default, "mock-client-id");

                    Assert.AreEqual(expectedToken, actualToken.Token);

                    MockRequest request = mockTransport.Requests[0];

                    Assert.IsTrue(request.Uri.ToString().StartsWith("https://mock.msi.endpoint/"));

                    Assert.IsTrue(request.Content.TryComputeLength(out long contentLen));

                    var content = new byte[contentLen];

                    MemoryStream contentBuff = new MemoryStream(content);

                    request.Content.WriteTo(contentBuff, default);

                    string body = Encoding.UTF8.GetString(content);

                    Assert.IsTrue(body.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}"));

                    Assert.IsTrue(body.Contains($"client_id=mock-client-id"));

                    Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string actMetadata));

                    Assert.AreEqual("true", actMetadata);
                }
        }
Beispiel #4
0
        public async Task VerifyImdsRequestWithClientIdMockAsync()
        {
            using (new TestEnvVar("MSI_ENDPOINT", null))
                using (new TestEnvVar("MSI_SECRET", null))
                {
                    var response = new MockResponse(200);

                    var expectedToken = "mock-msi-access-token";

                    response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"3600\" }}");

                    var mockTransport = new MockTransport(response);

                    var options = new TokenCredentialOptions()
                    {
                        Transport = mockTransport
                    };

                    var pipeline = CredentialPipeline.GetInstance(options);

                    var client = new MockManagedIdentityClient(pipeline, "mock-client-id")
                    {
                        ManagedIdentitySourceFactory = () => new ImdsManagedIdentitySource(pipeline.HttpPipeline, "mock-client-id")
                    };

                    ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential(pipeline, client));

                    AccessToken actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));

                    Assert.AreEqual(expectedToken, actualToken.Token);

                    MockRequest request = mockTransport.Requests[0];

                    string query = request.Uri.Query;

                    Assert.IsTrue(query.Contains("api-version=2018-02-01"));

                    Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}"));

                    Assert.IsTrue(query.Contains($"client_id=mock-client-id"));

                    Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string metadataValue));

                    Assert.AreEqual("true", metadataValue);
                }
        }
        public async Task VerifyAppServiceMsiRequestWithClientIdMockAsync()
        {
            using (new TestEnvVar("MSI_ENDPOINT", "https://mock.msi.endpoint/"))
                using (new TestEnvVar("MSI_SECRET", "mock-msi-secret"))
                {
                    var response = new MockResponse(200);

                    var expectedToken = "mock-msi-access-token";

                    response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"{DateTimeOffset.UtcNow.ToString()}\" }}");

                    var mockTransport = new MockTransport(response);

                    var options = new AzureCredentialOptions()
                    {
                        Transport = mockTransport
                    };

                    ManagedIdentityClient client = InstrumentClient(new ManagedIdentityClient(options));

                    AccessToken actualToken = await client.AuthenticateAsync(MockScopes.Default, "mock-client-id");

                    Assert.AreEqual(expectedToken, actualToken.Token);

                    MockRequest request = mockTransport.Requests[0];

                    Assert.IsTrue(request.Uri.ToString().StartsWith("https://mock.msi.endpoint/"));

                    string query = request.Uri.Query;

                    Assert.IsTrue(query.Contains("api-version=2017-09-01"));

                    Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}"));

                    Assert.IsTrue(query.Contains($"client_id=mock-client-id"));

                    Assert.IsTrue(request.Headers.TryGetValue("secret", out string actSecretValue));

                    Assert.AreEqual("mock-msi-secret", actSecretValue);
                }
        }
        public async Task VerifyImdsRequestWithClientIdMockAsync()
        {
            using (new TestEnvVar("MSI_ENDPOINT", null))
                using (new TestEnvVar("MSI_SECRET", null))
                {
                    var response = new MockResponse(200);

                    var expectedToken = "mock-msi-access-token";

                    response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"3600\" }}");

                    var mockTransport = new MockTransport(response, response);

                    var options = new AzureCredentialOptions()
                    {
                        Transport = mockTransport
                    };

                    ManagedIdentityClient client = InstrumentClient(new ManagedIdentityClient(options));

                    AccessToken actualToken = await client.AuthenticateAsync(MockScopes.Default, clientId : "mock-client-id");

                    Assert.AreEqual(expectedToken, actualToken.Token);

                    MockRequest request = mockTransport.Requests[mockTransport.Requests.Count - 1];

                    string query = request.Uri.Query;

                    Assert.IsTrue(query.Contains("api-version=2018-02-01"));

                    Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}"));

                    Assert.IsTrue(query.Contains($"client_id=mock-client-id"));

                    Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string metadataValue));

                    Assert.AreEqual("true", metadataValue);
                }
        }