public async Task DefaultAzureCredential_UseAzureCliCredential()
{
var options = Recording.InstrumentClientOptions(new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = true,
ExcludeInteractiveBrowserCredential = true,
ExcludeSharedTokenCacheCredential = true,
VisualStudioCodeTenantId = TestEnvironment.TestTenantId
});
var(expectedToken, expectedExpiresOn, processOutput) = CredentialTestHelpers.CreateTokenForAzureCli();
var testProcess = new TestProcess {
Output = processOutput
};
var vscAdapter = new TestVscAdapter(ExpectedServiceName, "Azure", null);
var fileSystem = CredentialTestHelpers.CreateFileSystemForVisualStudioCode(TestEnvironment);
var factory = new TestDefaultAzureCredentialFactory(options, fileSystem, new TestProcessService(testProcess), vscAdapter);
var credential = InstrumentClient(new DefaultAzureCredential(factory, options));
AccessToken token = await credential.GetTokenAsync(new TokenRequestContext(new[] { "https://vault.azure.net/.default" }), CancellationToken.None);
Assert.AreEqual(token.Token, expectedToken);
Assert.AreEqual(token.ExpiresOn, expectedExpiresOn);
}
public async Task AuthenticateWithCliCredential(
[Values(null, TenantIdHint)] string tenantId,
[Values(true)] bool allowMultiTenantAuthentication,
[Values(null, TenantId)] string explicitTenantId)
{
var context = new TokenRequestContext(new[] { Scope }, tenantId: tenantId);
var options = new AzureCliCredentialOptions {
TenantId = explicitTenantId, AllowMultiTenantAuthentication = allowMultiTenantAuthentication
};
string expectedTenantId = TenantIdResolver.Resolve(explicitTenantId, context, options.AllowMultiTenantAuthentication);
var(expectedToken, expectedExpiresOn, processOutput) = CredentialTestHelpers.CreateTokenForAzureCli();
var testProcess = new TestProcess {
Output = processOutput
};
AzureCliCredential credential =
InstrumentClient(new AzureCliCredential(CredentialPipeline.GetInstance(null), new TestProcessService(testProcess, true), options));
AccessToken actualToken = await credential.GetTokenAsync(context);
Assert.AreEqual(expectedToken, actualToken.Token);
Assert.AreEqual(expectedExpiresOn, actualToken.ExpiresOn);
var expectTenantId = expectedTenantId != null;
if (expectTenantId)
{
Assert.That(testProcess.StartInfo.Arguments, Does.Contain($"-tenant {expectedTenantId}"));
}
else
{
Assert.That(testProcess.StartInfo.Arguments, Does.Not.Contain("-tenant"));
}
}
public async Task AuthenticateWithCliCredential()
{
var(expectedToken, expectedExpiresOn, processOutput) = CredentialTestHelpers.CreateTokenForAzureCli();
var testProcess = new TestProcess {
Output = processOutput
};
AzureCliCredential credential = InstrumentClient(new AzureCliCredential(CredentialPipeline.GetInstance(null), new TestProcessService(testProcess)));
AccessToken actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.AreEqual(expectedToken, actualToken.Token);
Assert.AreEqual(expectedExpiresOn, actualToken.ExpiresOn);
}
public override TokenCredential GetTokenCredential(TokenCredentialOptions options)
{
var azCliOptions = new AzureCliCredentialOptions
{
Diagnostics = { IsAccountIdentifierLoggingEnabled = options.Diagnostics.IsAccountIdentifierLoggingEnabled }
};
var(_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzureCli();
var testProcess = new TestProcess {
Output = processOutput
};
return(InstrumentClient(new AzureCliCredential(CredentialPipeline.GetInstance(null), new TestProcessService(testProcess, true), azCliOptions)));
}
public async Task DefaultAzureCredential_UseAzureCliCredential_ParallelCalls()
{
var options = InstrumentClientOptions(new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = true,
ExcludeInteractiveBrowserCredential = true,
ExcludeSharedTokenCacheCredential = true,
VisualStudioCodeTenantId = TestEnvironment.TestTenantId
});
var(expectedToken, expectedExpiresOn, processOutput) = CredentialTestHelpers.CreateTokenForAzureCli();
var processService = new TestProcessService {
CreateHandler = psi => new TestProcess {
Output = processOutput
}
};
var vscAdapter = new TestVscAdapter(ExpectedServiceName, "AzureCloud", null);
var fileSystem = CredentialTestHelpers.CreateFileSystemForVisualStudioCode(TestEnvironment);
var factory = new TestDefaultAzureCredentialFactory(options, fileSystem, processService, vscAdapter)
{
ManagedIdentitySourceFactory = () => default
};
var credential = InstrumentClient(new DefaultAzureCredential(factory, options));
var tasks = new List <Task <AccessToken> >();
for (int i = 0; i < 10; i++)
{
tasks.Add(Task.Run(async() => await credential.GetTokenAsync(new TokenRequestContext(new[] { "https://vault.azure.net/.default" }), CancellationToken.None)));
}
await Task.WhenAll(tasks);
foreach (Task <AccessToken> task in tasks)
{
Assert.AreEqual(task.Result.Token, expectedToken);
Assert.AreEqual(task.Result.ExpiresOn, expectedExpiresOn);
}
}
public async Task DefaultAzureCredential_UseAzureCliCredential()
{
var options = InstrumentClientOptions(new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = true,
ExcludeInteractiveBrowserCredential = true,
ExcludeSharedTokenCacheCredential = true,
VisualStudioCodeTenantId = TestEnvironment.TestTenantId
});
var(expectedToken, expectedExpiresOn, processOutput) = CredentialTestHelpers.CreateTokenForAzureCli();
var testProcess = new TestProcess {
Output = processOutput
};
var vscAdapter = new TestVscAdapter(ExpectedServiceName, "AzureCloud", null);
var fileSystem = CredentialTestHelpers.CreateFileSystemForVisualStudioCode(TestEnvironment);
var factory = new TestDefaultAzureCredentialFactory(options, fileSystem, new TestProcessService(testProcess), vscAdapter)
{
ManagedIdentitySourceFactory = () => default
};
var credential = InstrumentClient(new DefaultAzureCredential(factory, options));
AccessToken token;
List <ClientDiagnosticListener.ProducedDiagnosticScope> scopes;
using (ClientDiagnosticListener diagnosticListener = new ClientDiagnosticListener(s => s.StartsWith("Azure.Identity")))
{
token = await credential.GetTokenAsync(new TokenRequestContext(new[] { "https://vault.azure.net/.default" }), CancellationToken.None);
scopes = diagnosticListener.Scopes;
}
Assert.AreEqual(token.Token, expectedToken);
Assert.AreEqual(token.ExpiresOn, expectedExpiresOn);
Assert.AreEqual(2, scopes.Count);
Assert.AreEqual($"{nameof(DefaultAzureCredential)}.{nameof(DefaultAzureCredential.GetToken)}", scopes[0].Name);
Assert.AreEqual($"{nameof(AzureCliCredential)}.{nameof(AzureCliCredential.GetToken)}", scopes[1].Name);
}
