public async Task ProbeBeAvailableWhenInitial429ReturnedFromManagedIdentityServiceAsync()
{
var handler = new MockManagedIdentityHttpMessageHandler();
handler.Responders.Add(new Responder
{
Matcher = (req, state) =>
{
var tokenEndpoint = Constants.ManagedIdentityTokenEndpoint;
var apiVersion = Constants.ManagedIdentityVMApiVersion;
return(req.RequestUri.ToString() == tokenEndpoint + "?resource=https://management.azure.com/&api-version=" + apiVersion);
},
MockResponse = (req, state) =>
{
if (state.Keys.Contains("error"))
{
var resp = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new MockJsonContent(AzureManagementVMManagedIdentityJson)
};
return(resp);
}
else
{
state["error"] = true;
return(new HttpResponseMessage((HttpStatusCode)429));
}
}
});
var client = new HttpClient(handler);
var provider = new ManagedIdentityTokenProvider(httpClient: client, config: FakeConfiguration());
Assert.IsTrue(await provider.IsAvailableAsync().ConfigureAwait(false));
}
public async Task ProbeShouldFetchTokenFromAppServiceManagedIdentityWithResourceUriAsync()
{
var handler = new MockManagedIdentityHttpMessageHandler();
handler.Responders.Add(new Responder
{
Matcher = (req, state) =>
{
var apiVersion = Constants.ManagedIdentityAppServiceApiVersion;
return(req.RequestUri.ToString() == "http://127.0.0.1/foo?resource=https://management.azure.com/&api-version=" + apiVersion &&
req.Headers.GetValues("Secret").FirstOrDefault() == "secret");
},
MockResponse = (req, state) =>
{
var resp = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new MockJsonContent(AzureAppServiceManagedIdentityJson)
};
return(resp);
}
});
var client = new HttpClient(handler);
var config = FakeConfiguration(new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>(Constants.ManagedIdentityEndpointEnvName, "http://127.0.0.1/foo"),
new KeyValuePair <string, string>(Constants.ManagedIdentitySecretEnvName, "secret")
});
var provider = new ManagedIdentityTokenProvider(httpClient: client, config: config);
var token = await provider.GetTokenWithResourceUriAsync("https://management.azure.com/").ConfigureAwait(false);
Assert.IsNotNull(token);
Assert.AreEqual(DateTimeOffset.Parse("4/10/19 6:27:14 AM +00:00", CultureInfo.InvariantCulture), token.ExpiresOn);
Assert.AreEqual(AccessToken, token.AccessToken);
}
public async Task ProviderShouldFetchTokenWithServicePrincipalAndSecretAsync()
{
const string authority = "https://login.microsoftonline.com/tenantid/";
var handler = new MockManagedIdentityHttpMessageHandler();
handler.Responders.Add(DiscoveryResponder);
handler.Responders.Add(TenantDiscoveryResponder(authority));
handler.Responders.Add(ClientCredentialTokenResponder);
var clientFactory = new ClientFactory(new HttpClient(handler));
var clientId = Guid.NewGuid();
var provider = new InternalServicePrincipalTokenProvider(authority, "tenantid", clientId.ToString(), "someSecret", clientFactory);
var scopes = new List <string> {
@"https://management.azure.com//.default"
};
var token = await provider.GetTokenAsync(scopes, CancellationToken.None)
.ConfigureAwait(false);
Assert.IsNotNull(token);
}
public async Task ProbeNotBeAvailableWhen400ReturnedFromManagedIdentityServiceAsync()
{
var handler = new MockManagedIdentityHttpMessageHandler();
handler.Responders.Add(new Responder
{
Matcher = (req, state) =>
{
var tokenEndpoint = Constants.ManagedIdentityTokenEndpoint;
var apiVersion = Constants.ManagedIdentityVMApiVersion;
return(req.RequestUri.ToString() == tokenEndpoint + "?resource=https://management.azure.com/&api-version=" + apiVersion);
},
MockResponse = (req, state) => new HttpResponseMessage(HttpStatusCode.BadRequest)
});
var client = new HttpClient(handler);
var provider = new ManagedIdentityTokenProvider(httpClient: client, config: FakeConfiguration());
Assert.IsFalse(await provider.IsAvailableAsync().ConfigureAwait(false));
}
public async Task ProbeShouldFetchTokenWithClientIdFromManagedIdentityServiceAsync()
{
var handler = new MockManagedIdentityHttpMessageHandler();
handler.Responders.Add(new Responder
{
Matcher = (req, state) =>
{
var tokenEndpoint = Constants.ManagedIdentityTokenEndpoint;
var apiVersion = Constants.ManagedIdentityVMApiVersion;
return(req.RequestUri.ToString() == tokenEndpoint + "?resource=https://management.azure.com/&client_id=foo&api-version=" + apiVersion);
},
MockResponse = (req, state) =>
{
var resp = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new MockJsonContent(AzureManagementVMManagedIdentityJson)
};
return(resp);
}
});
var client = new HttpClient(handler);
var config = FakeConfiguration(new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>(Constants.AzureClientIdEnvName, "foo"),
});
var provider = new ManagedIdentityTokenProvider(httpClient: client, config: config);
var token = await provider.GetTokenAsync(new List <string> {
"https://management.azure.com/.default"
}).ConfigureAwait(false);
Assert.IsNotNull(token);
var seconds = double.Parse(ExpiresOn, CultureInfo.InvariantCulture);
var startOfUnixTime = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
Assert.AreEqual(token.ExpiresOn, startOfUnixTime.AddSeconds(seconds));
Assert.AreEqual(AccessToken, token.AccessToken);
}
