public async Task ValidateClientSecretCredentialSucceededEvents()
{
var mockMsalClient = new MockMsalConfidentialClient(AuthenticationResultFactory.Create());
var credential = InstrumentClient(new ClientSecretCredential(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), CredentialPipeline.GetInstance(null), mockMsalClient));
var method = "ClientSecretCredential.GetToken";
await AssertCredentialGetTokenSucceededAsync(credential, method);
}
[RunOnlyOnPlatforms(Windows = true, OSX = true)] // Comment this attribute to run this tests on Linux with Libsecret enabled
public async Task AuthenticateWithVscCredential()
{
var tenantId = GetTenantId();
var cloudName = Guid.NewGuid().ToString();
var fileSystem = CreateTestFileSystemService(cloudName: cloudName);
using IDisposable fixture = await CreateRefreshTokenFixtureAsync(tenantId, cloudName);
TokenCredentialOptions options = Recording.InstrumentClientOptions(new TokenCredentialOptions());
VisualStudioCodeCredential credential = InstrumentClient(new VisualStudioCodeCredential(tenantId, CredentialPipeline.GetInstance(options), fileSystem, default));
AccessToken token = await credential.GetTokenAsync(new TokenRequestContext(new[] { ".default" }), CancellationToken.None);
Assert.IsNotNull(token.Token);
}
public MockDefaultAzureCredentialFactory(CredentialPipeline pipeline) : base(pipeline)
{
}
public void ValidateAllUnavailable([Values(true, false)] bool excludeEnvironmentCredential,
[Values(true, false)] bool excludeManagedIdentityCredential,
[Values(true, false)] bool excludeSharedTokenCacheCredential,
[Values(true, false)] bool excludeVisualStudioCredential,
[Values(true, false)] bool excludeVisualStudioCodeCredential,
[Values(true, false)] bool excludeCliCredential,
[Values(true, false)] bool excludePowerShellCredential,
[Values(true, false)] bool excludeInteractiveBrowserCredential)
{
if (excludeEnvironmentCredential && excludeManagedIdentityCredential && excludeSharedTokenCacheCredential && excludeVisualStudioCredential && excludeVisualStudioCodeCredential && excludeCliCredential && excludeInteractiveBrowserCredential)
{
Assert.Pass();
}
var credFactory = new MockDefaultAzureCredentialFactory(CredentialPipeline.GetInstance(null));
void SetupMockForException <T>(Mock <T> mock) where T : TokenCredential =>
mock.Setup(m => m.GetTokenAsync(It.IsAny <TokenRequestContext>(), It.IsAny <CancellationToken>()))
.Throws(new CredentialUnavailableException($"{typeof(T).Name} Unavailable"));
credFactory.OnCreateEnvironmentCredential = c =>
SetupMockForException(c);
credFactory.OnCreateInteractiveBrowserCredential = (_, c) =>
SetupMockForException(c);
credFactory.OnCreateManagedIdentityCredential = (_, c) =>
SetupMockForException(c);
credFactory.OnCreateSharedTokenCacheCredential = (_, _, c) =>
SetupMockForException(c);
credFactory.OnCreateAzureCliCredential = c =>
SetupMockForException(c);
credFactory.OnCreateAzurePowerShellCredential = c =>
SetupMockForException(c);
credFactory.OnCreateVisualStudioCredential = (_, c) =>
SetupMockForException(c);
credFactory.OnCreateVisualStudioCodeCredential = (_, c) =>
SetupMockForException(c);
var options = new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = excludeEnvironmentCredential,
ExcludeManagedIdentityCredential = excludeManagedIdentityCredential,
ExcludeSharedTokenCacheCredential = excludeSharedTokenCacheCredential,
ExcludeVisualStudioCredential = excludeVisualStudioCredential,
ExcludeVisualStudioCodeCredential = excludeVisualStudioCodeCredential,
ExcludeAzureCliCredential = excludeCliCredential,
ExcludeAzurePowerShellCredential = excludePowerShellCredential,
ExcludeInteractiveBrowserCredential = excludeInteractiveBrowserCredential
};
var cred = new DefaultAzureCredential(credFactory, options);
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
if (!excludeEnvironmentCredential)
{
Assert.True(ex.Message.Contains("EnvironmentCredential Unavailable"));
}
if (!excludeManagedIdentityCredential)
{
Assert.True(ex.Message.Contains("ManagedIdentityCredential Unavailable"));
}
if (!excludeSharedTokenCacheCredential)
{
Assert.True(ex.Message.Contains("SharedTokenCacheCredential Unavailable"));
}
if (!excludeCliCredential)
{
Assert.True(ex.Message.Contains("CliCredential Unavailable"));
}
if (!excludePowerShellCredential)
{
Assert.True(ex.Message.Contains("PowerShellCredential Unavailable"));
}
if (!excludeInteractiveBrowserCredential)
{
Assert.True(ex.Message.Contains("InteractiveBrowserCredential Unavailable"));
}
if (!excludeVisualStudioCredential)
{
Assert.True(ex.Message.Contains("VisualStudioCredential Unavailable"));
}
if (!excludeVisualStudioCodeCredential)
{
Assert.True(ex.Message.Contains("VisualStudioCodeCredential Unavailable"));
}
}
public void EnvironmentCredentialUnavailableException()
{
var credential = InstrumentClient(new EnvironmentCredential(CredentialPipeline.GetInstance(null), null));
Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
}
public void AuthenticateWithAzurePowerShellCredential_PwshNotInstalled([Values("'pwsh' is not recognized", "pwsh: command not found", "pwsh: not found")] string errorMessage)
{
var testProcess = new TestProcess {
Error = errorMessage
};
AzurePowerShellCredential credential = InstrumentClient(new AzurePowerShellCredential(new AzurePowerShellCredentialOptions(), CredentialPipeline.GetInstance(null), new TestProcessService(testProcess)));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(AzurePowerShellCredential.PowerShellNotInstalledError, ex.Message);
}
public void ValidateEmptyEnvironmentBasedOptionsNotPassedToCredentials([Values] bool clientIdSpecified, [Values] bool usernameSpecified, [Values] bool tenantIdSpecified)
{
var expClientId = clientIdSpecified ? string.Empty : null;
var expUsername = usernameSpecified ? string.Empty : null;
var expTenantId = tenantIdSpecified ? string.Empty : null;
bool onCreateSharedCalled = false;
bool onCreatedManagedCalled = false;
bool onCreateInteractiveCalled = false;
bool onCreateVsCalled = false;
bool onCreateVsCodeCalled = false;
using (new TestEnvVar(new Dictionary <string, string>
{
{ "AZURE_CLIENT_ID", expClientId },
{ "AZURE_USERNAME", expUsername },
{ "AZURE_TENANT_ID", expTenantId }
}))
{
var credFactory = new MockDefaultAzureCredentialFactory(CredentialPipeline.GetInstance(null));
credFactory.OnCreateManagedIdentityCredential = (clientId, _) =>
{
onCreatedManagedCalled = true;
Assert.IsNull(clientId);
};
credFactory.OnCreateSharedTokenCacheCredential = (tenantId, username, _) =>
{
onCreateSharedCalled = true;
Assert.IsNull(tenantId);
Assert.IsNull(username);
};
credFactory.OnCreateInteractiveBrowserCredential = (tenantId, _) =>
{
onCreateInteractiveCalled = true;
Assert.IsNull(tenantId);
};
credFactory.OnCreateVisualStudioCredential = (tenantId, _) =>
{
onCreateVsCalled = true;
Assert.IsNull(tenantId);
};
credFactory.OnCreateVisualStudioCodeCredential = (tenantId, _) =>
{
onCreateVsCodeCalled = true;
Assert.IsNull(tenantId);
};
var options = new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = true,
ExcludeManagedIdentityCredential = false,
ExcludeSharedTokenCacheCredential = false,
ExcludeVisualStudioCredential = false,
ExcludeVisualStudioCodeCredential = false,
ExcludeAzureCliCredential = true,
ExcludeInteractiveBrowserCredential = false
};
new DefaultAzureCredential(credFactory, options);
Assert.IsTrue(onCreateSharedCalled);
Assert.IsTrue(onCreatedManagedCalled);
Assert.IsTrue(onCreateInteractiveCalled);
Assert.IsTrue(onCreateVsCalled);
Assert.IsTrue(onCreateVsCodeCalled);
}
}
public async Task OneMatchingAccountTenantIdAndUsername()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
string tenantId = Guid.NewGuid().ToString();
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new IAccount[] { new MockAccount("*****@*****.**", Guid.NewGuid().ToString()), new MockAccount("*****@*****.**"), new MockAccount("*****@*****.**", tenantId) },
SilentAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
var credential = InstrumentClient(new SharedTokenCacheCredential(tenantId, "*****@*****.**", CredentialPipeline.GetInstance(null), mockMsalClient));
AccessToken token = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.AreEqual(expToken, token.Token);
Assert.AreEqual(expExpiresOn, token.ExpiresOn);
}
public void AuthenticateWithAzurePowerShellCredential_RunConnectAzAccount(
[Values("Run Connect-AzAccount to login")]
string errorMessage)
{
var testProcess = new TestProcess {
Error = errorMessage
};
AzurePowerShellCredential credential = InstrumentClient(
new AzurePowerShellCredential(new AzurePowerShellCredentialOptions(), CredentialPipeline.GetInstance(null), new TestProcessService(testProcess)));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(AzurePowerShellCredential.AzurePowerShellNotLogInError, ex.Message);
}
public async Task MultipleMatchingAccountsUsernameAndTenantId()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
string fakeuserTenantId = Guid.NewGuid().ToString();
string mockuserTenantId = Guid.NewGuid().ToString();
string mockuserGuestTenantId = fakeuserTenantId;
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new IAccount[] { new MockAccount("*****@*****.**", fakeuserTenantId), new MockAccount("*****@*****.**", mockuserTenantId), new MockAccount("*****@*****.**", mockuserTenantId) },
SilentAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
var credential = InstrumentClient(new SharedTokenCacheCredential(mockuserTenantId, "*****@*****.**", CredentialPipeline.GetInstance(null), mockMsalClient));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(ex.Message, $"SharedTokenCacheCredential authentication unavailable. Multiple accounts matching the specified username: [email protected] tenantId: {mockuserTenantId} were found in the cache.");
await Task.CompletedTask;
}
public async Task UiRequiredException()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new IAccount[] { new MockAccount("*****@*****.**") },
SilentAuthFactory = (_) => { throw new MsalUiRequiredException("code", "message"); }
};
// with username
var credential = InstrumentClient(new SharedTokenCacheCredential(null, "*****@*****.**", CredentialPipeline.GetInstance(null), mockMsalClient));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
var expErrorMessage = "SharedTokenCacheCredential authentication unavailable. Token acquisition failed for user [email protected]. Ensure that you have authenticated with a developer tool that supports Azure single sign on.";
Assert.AreEqual(expErrorMessage, ex.Message);
await Task.CompletedTask;
}
public async Task NoAccounts()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new IAccount[] { },
SilentAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
// without username
var credential = InstrumentClient(new SharedTokenCacheCredential(null, null, CredentialPipeline.GetInstance(null), mockMsalClient));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(SharedTokenCacheCredential.NoAccountsInCacheMessage, ex.Message);
// with username
var credential2 = InstrumentClient(new SharedTokenCacheCredential(null, "*****@*****.**", CredentialPipeline.GetInstance(null), mockMsalClient));
var ex2 = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential2.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(SharedTokenCacheCredential.NoAccountsInCacheMessage, ex2.Message);
// with tenantId
var credential3 = InstrumentClient(new SharedTokenCacheCredential(Guid.NewGuid().ToString(), null, CredentialPipeline.GetInstance(null), mockMsalClient));
var ex3 = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential3.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(SharedTokenCacheCredential.NoAccountsInCacheMessage, ex3.Message);
// with tenantId and username
var credential4 = InstrumentClient(new SharedTokenCacheCredential(Guid.NewGuid().ToString(), "*****@*****.**", CredentialPipeline.GetInstance(null), mockMsalClient));
var ex4 = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential4.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(SharedTokenCacheCredential.NoAccountsInCacheMessage, ex4.Message);
await Task.CompletedTask;
}
public async Task ValidateDeviceCodeCredentialSucceededEvents()
{
var mockMsalClient = new MockMsalPublicClient()
{
DeviceCodeAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: Guid.NewGuid().ToString(), expiresOn: DateTimeOffset.UtcNow.AddMinutes(10))); }
};
var credential = InstrumentClient(new DeviceCodeCredential((_, __) => { return(Task.CompletedTask); }, Guid.NewGuid().ToString(), CredentialPipeline.GetInstance(null), mockMsalClient));
var method = "DeviceCodeCredential.GetToken";
await AssertCredentialGetTokenSucceededAsync(credential, method);
}
public async Task ValidateClientCertificateCredentialSucceededEvents()
{
var mockMsalClient = new MockMsalConfidentialClient(AuthenticationResultFactory.Create(Guid.NewGuid().ToString(), expiresOn: DateTimeOffset.Now + TimeSpan.FromMinutes(10)));
var mockAadClient = new MockAadIdentityClient(() => new AccessToken(Guid.NewGuid().ToString(), DateTimeOffset.UtcNow.AddMinutes(10)));
var credential = InstrumentClient(new ClientCertificateCredential(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), new X509Certificate2(), CredentialPipeline.GetInstance(null), mockMsalClient));
var method = "ClientCertificateCredential.GetToken";
await AssertCredentialGetTokenSucceededAsync(credential, method);
}
public void AuthenticateWithAzurePowerShellCredential_CanceledByUser()
{
var cts = new CancellationTokenSource();
var testProcess = new TestProcess {
Timeout = 10000
};
testProcess.Started += (o, e) => cts.Cancel();
AzurePowerShellCredential credential = InstrumentClient(new AzurePowerShellCredential(new AzurePowerShellCredentialOptions(), CredentialPipeline.GetInstance(null), new TestProcessService(testProcess)));
Assert.CatchAsync <OperationCanceledException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default), cts.Token));
}
public async Task VerifyMsalClientExceptionAsync()
{
string expInnerExMessage = Guid.NewGuid().ToString();
var mockMsalClient = new MockMsalPublicClient()
{
UserPassAuthFactory = (_) => { throw new MockClientException(expInnerExMessage); }
};
var username = Guid.NewGuid().ToString();
var password = Guid.NewGuid().ToString();
var credential = InstrumentClient(new UsernamePasswordCredential(username, password, CredentialPipeline.GetInstance(null), mockMsalClient));
var ex = Assert.ThrowsAsync <AuthenticationFailedException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.IsNotNull(ex.InnerException);
Assert.IsInstanceOf(typeof(MockClientException), ex.InnerException);
Assert.AreEqual(expInnerExMessage, ex.InnerException.Message);
await Task.CompletedTask;
}
public async Task AuthenticateWithAzurePowerShellCredential()
{
var(expectedToken, expectedExpiresOn, processOutput) = CredentialTestHelpers.CreateTokenForAzurePowerShell(TimeSpan.FromSeconds(30));
var testProcess = new TestProcess {
Output = processOutput
};
AzurePowerShellCredential credential = InstrumentClient(new AzurePowerShellCredential
(new AzurePowerShellCredentialOptions(), CredentialPipeline.GetInstance(null), new TestProcessService(testProcess)));
AccessToken actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.AreEqual(expectedToken, actualToken.Token);
Assert.AreEqual(expectedExpiresOn, actualToken.ExpiresOn);
}
public MockManagedIdentityClient(CredentialPipeline pipeline)
: this(pipeline, null)
{
}
public void AuthenticateWithAzurePowerShellCredential_AzurePowerShellModuleNotInstalled([Values("NoAzAccountModule")] string message)
{
var testProcess = new TestProcess {
Output = message
};
AzurePowerShellCredential credential = InstrumentClient(new AzurePowerShellCredential(new AzurePowerShellCredentialOptions(), CredentialPipeline.GetInstance(null), new TestProcessService(testProcess)));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(AzurePowerShellCredential.AzurePowerShellModuleNotInstalledError, ex.Message);
}
public MockManagedIdentityClient(CredentialPipeline pipeline, string clientId)
: base(pipeline, clientId)
{
}
public void ValidateCtorWithExcludeOptions([Values(true, false)] bool excludeEnvironmentCredential,
[Values(true, false)] bool excludeManagedIdentityCredential,
[Values(true, false)] bool excludeSharedTokenCacheCredential,
[Values(true, false)] bool excludeVisualStudioCredential,
[Values(true, false)] bool excludeVisualStudioCodeCredential,
[Values(true, false)] bool excludeCliCredential,
[Values(true, false)] bool excludeAzurePowerShellCredential,
[Values(true, false)] bool excludeInteractiveBrowserCredential)
{
var credFactory = new MockDefaultAzureCredentialFactory(CredentialPipeline.GetInstance(null));
bool environmentCredentialIncluded = false;
bool managedIdentityCredentialIncluded = false;
bool sharedTokenCacheCredentialIncluded = false;
bool cliCredentialIncluded = false;
bool interactiveBrowserCredentialIncluded = false;
bool visualStudioCredentialIncluded = false;
bool visualStudioCodeCredentialIncluded = false;
bool powerShellCredentialsIncluded = false;
credFactory.OnCreateEnvironmentCredential = _ => environmentCredentialIncluded = true;
credFactory.OnCreateAzureCliCredential = _ => cliCredentialIncluded = true;
credFactory.OnCreateInteractiveBrowserCredential = (tenantId, _) => interactiveBrowserCredentialIncluded = true;
credFactory.OnCreateVisualStudioCredential = (tenantId, _) => visualStudioCredentialIncluded = true;
credFactory.OnCreateVisualStudioCodeCredential = (tenantId, _) => visualStudioCodeCredentialIncluded = true;
credFactory.OnCreateAzurePowerShellCredential = _ => powerShellCredentialsIncluded = true;
credFactory.OnCreateManagedIdentityCredential = (clientId, _) =>
{
managedIdentityCredentialIncluded = true;
};
credFactory.OnCreateSharedTokenCacheCredential = (tenantId, username, _) =>
{
sharedTokenCacheCredentialIncluded = true;
};
var options = new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = excludeEnvironmentCredential,
ExcludeManagedIdentityCredential = excludeManagedIdentityCredential,
ExcludeSharedTokenCacheCredential = excludeSharedTokenCacheCredential,
ExcludeAzureCliCredential = excludeCliCredential,
ExcludeInteractiveBrowserCredential = excludeInteractiveBrowserCredential,
ExcludeVisualStudioCredential = excludeVisualStudioCredential,
ExcludeVisualStudioCodeCredential = excludeVisualStudioCodeCredential,
ExcludeAzurePowerShellCredential = excludeAzurePowerShellCredential
};
if (excludeEnvironmentCredential && excludeManagedIdentityCredential && excludeSharedTokenCacheCredential && excludeVisualStudioCredential && excludeVisualStudioCodeCredential && excludeCliCredential && excludeAzurePowerShellCredential && excludeInteractiveBrowserCredential)
{
Assert.Throws <ArgumentException>(() => new DefaultAzureCredential(options));
}
else
{
new DefaultAzureCredential(credFactory, options);
Assert.AreEqual(!excludeEnvironmentCredential, environmentCredentialIncluded);
Assert.AreEqual(!excludeManagedIdentityCredential, managedIdentityCredentialIncluded);
Assert.AreEqual(!excludeSharedTokenCacheCredential, sharedTokenCacheCredentialIncluded);
Assert.AreEqual(!excludeCliCredential, cliCredentialIncluded);
Assert.AreEqual(!excludeAzurePowerShellCredential, powerShellCredentialsIncluded);
Assert.AreEqual(!excludeInteractiveBrowserCredential, interactiveBrowserCredentialIncluded);
Assert.AreEqual(!excludeVisualStudioCredential, visualStudioCredentialIncluded);
Assert.AreEqual(!excludeVisualStudioCodeCredential, visualStudioCodeCredentialIncluded);
}
}
public void ValidateAllUnavailable([Values(true, false)] bool excludeEnvironmentCredential,
[Values(true, false)] bool excludeManagedIdentityCredential,
[Values(true, false)] bool excludeSharedTokenCacheCredential,
[Values(true, false)] bool excludeVisualStudioCredential,
[Values(true, false)] bool excludeVisualStudioCodeCredential,
[Values(true, false)] bool excludeCliCredential,
[Values(true, false)] bool excludeInteractiveBrowserCredential)
{
if (excludeEnvironmentCredential && excludeManagedIdentityCredential && excludeSharedTokenCacheCredential && excludeVisualStudioCredential && excludeVisualStudioCodeCredential && excludeCliCredential && excludeInteractiveBrowserCredential)
{
Assert.Pass();
}
var credFactory = new MockDefaultAzureCredentialFactory(CredentialPipeline.GetInstance(null));
credFactory.OnCreateEnvironmentCredential = (c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new CredentialUnavailableException("EnvironmentCredential Unavailable"); };
};
credFactory.OnCreateInteractiveBrowserCredential = (_, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new CredentialUnavailableException("InteractiveBrowserCredential Unavailable"); };
};
credFactory.OnCreateManagedIdentityCredential = (clientId, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new CredentialUnavailableException("ManagedIdentityCredential Unavailable"); };
};
credFactory.OnCreateSharedTokenCacheCredential = (tenantId, username, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new CredentialUnavailableException("SharedTokenCacheCredential Unavailable"); };
};
credFactory.OnCreateAzureCliCredential = (c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new CredentialUnavailableException("CliCredential Unavailable"); };
};
credFactory.OnCreateVisualStudioCredential = (_, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new CredentialUnavailableException("VisualStudioCredential Unavailable"); };
};
credFactory.OnCreateVisualStudioCodeCredential = (_, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new CredentialUnavailableException("VisualStudioCodeCredential Unavailable"); };
};
var options = new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = excludeEnvironmentCredential,
ExcludeManagedIdentityCredential = excludeManagedIdentityCredential,
ExcludeSharedTokenCacheCredential = excludeSharedTokenCacheCredential,
ExcludeVisualStudioCredential = excludeVisualStudioCredential,
ExcludeVisualStudioCodeCredential = excludeVisualStudioCodeCredential,
ExcludeAzureCliCredential = excludeCliCredential,
ExcludeInteractiveBrowserCredential = excludeInteractiveBrowserCredential
};
var cred = new DefaultAzureCredential(credFactory, options);
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
if (!excludeEnvironmentCredential)
{
Assert.True(ex.Message.Contains("EnvironmentCredential Unavailable"));
}
if (!excludeManagedIdentityCredential)
{
Assert.True(ex.Message.Contains("ManagedIdentityCredential Unavailable"));
}
if (!excludeSharedTokenCacheCredential)
{
Assert.True(ex.Message.Contains("SharedTokenCacheCredential Unavailable"));
}
if (!excludeCliCredential)
{
Assert.True(ex.Message.Contains("CliCredential Unavailable"));
}
if (!excludeInteractiveBrowserCredential)
{
Assert.True(ex.Message.Contains("InteractiveBrowserCredential Unavailable"));
}
if (!excludeVisualStudioCredential)
{
Assert.True(ex.Message.Contains("VisualStudioCredential Unavailable"));
}
if (!excludeVisualStudioCodeCredential)
{
Assert.True(ex.Message.Contains("VisualStudioCodeCredential Unavailable"));
}
}
public MockMsalPublicClient(CredentialPipeline pipeline, string tenantId, string clientId, string redirectUrl, TokenCredentialOptions options)
: base(pipeline, tenantId, clientId, redirectUrl, options)
{
}
public void ValidateUnhandledException([Values(0, 1, 2, 3, 4, 5, 6)] int exPossition)
{
var credFactory = new MockDefaultAzureCredentialFactory(CredentialPipeline.GetInstance(null));
credFactory.OnCreateEnvironmentCredential = (c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
if (exPossition > 0)
{
throw new CredentialUnavailableException("EnvironmentCredential Unavailable");
}
else
{
throw new MockClientException("EnvironmentCredential unhandled exception");
}
};
};
credFactory.OnCreateManagedIdentityCredential = (clientId, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
if (exPossition > 1)
{
throw new CredentialUnavailableException("ManagedIdentityCredential Unavailable");
}
else
{
throw new MockClientException("ManagedIdentityCredential unhandled exception");
}
};
};
credFactory.OnCreateSharedTokenCacheCredential = (tenantId, username, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
if (exPossition > 2)
{
throw new CredentialUnavailableException("SharedTokenCacheCredential Unavailable");
}
else
{
throw new MockClientException("SharedTokenCacheCredential unhandled exception");
}
};
};
credFactory.OnCreateVisualStudioCredential = (_, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
if (exPossition > 3)
{
throw new CredentialUnavailableException("VisualStudioCredential Unavailable");
}
else
{
throw new MockClientException("VisualStudioCredential unhandled exception");
}
};
};
credFactory.OnCreateVisualStudioCodeCredential = (_, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
if (exPossition > 4)
{
throw new CredentialUnavailableException("VisualStudioCodeCredential Unavailable");
}
else
{
throw new MockClientException("VisualStudioCodeCredential unhandled exception");
}
};
};
credFactory.OnCreateAzureCliCredential = (c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
if (exPossition > 5)
{
throw new CredentialUnavailableException("CliCredential Unavailable");
}
else
{
throw new MockClientException("CliCredential unhandled exception");
}
};
};
credFactory.OnCreateInteractiveBrowserCredential = (_, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
throw new MockClientException("InteractiveBrowserCredential unhandled exception");
};
};
var options = new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = false,
ExcludeManagedIdentityCredential = false,
ExcludeSharedTokenCacheCredential = false,
ExcludeAzureCliCredential = false,
ExcludeInteractiveBrowserCredential = false
};
var cred = new DefaultAzureCredential(credFactory, options);
var ex = Assert.ThrowsAsync <AuthenticationFailedException>(async() => await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
var unhandledException = ex.InnerException is AggregateException ae?ae.InnerExceptions.Last() : ex.InnerException;
switch (exPossition)
{
case 0:
Assert.AreEqual("EnvironmentCredential unhandled exception", unhandledException.Message);
break;
case 1:
Assert.AreEqual("ManagedIdentityCredential unhandled exception", unhandledException.Message);
break;
case 2:
Assert.AreEqual("SharedTokenCacheCredential unhandled exception", unhandledException.Message);
break;
case 3:
Assert.AreEqual("VisualStudioCredential unhandled exception", unhandledException.Message);
break;
case 4:
Assert.AreEqual("VisualStudioCodeCredential unhandled exception", unhandledException.Message);
break;
case 5:
Assert.AreEqual("CliCredential unhandled exception", unhandledException.Message);
break;
case 6:
Assert.AreEqual("InteractiveBrowserCredential unhandled exception", unhandledException.Message);
break;
default:
Assert.Fail();
break;
}
}
public async Task EnvironmentCredentialAuthenticationFailedException()
{
string expectedInnerExMessage = Guid.NewGuid().ToString();
var mockAadClient = new MockAadIdentityClient(() => { throw new MockClientException(expectedInnerExMessage); });
ClientSecretCredential innerCred = new ClientSecretCredential(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), CredentialPipeline.GetInstance(null), mockAadClient);
var credential = InstrumentClient(new EnvironmentCredential(CredentialPipeline.GetInstance(null), innerCred));
var ex = Assert.ThrowsAsync <AuthenticationFailedException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.IsInstanceOf(typeof(MockClientException), ex.InnerException);
Assert.AreEqual(expectedInnerExMessage, ex.InnerException.Message);
await Task.CompletedTask;
}
public async Task ValidateSelectedCredentialCaching([Values(typeof(EnvironmentCredential), typeof(ManagedIdentityCredential), typeof(SharedTokenCacheCredential), typeof(VisualStudioCredential), typeof(VisualStudioCodeCredential), typeof(AzureCliCredential), typeof(InteractiveBrowserCredential))] Type availableCredential)
{
var expToken = new AccessToken(Guid.NewGuid().ToString(), DateTimeOffset.MaxValue);
var credFactory = new MockDefaultAzureCredentialFactory(CredentialPipeline.GetInstance(null));
List <Type> calledCredentials = new List <Type>();
credFactory.OnCreateEnvironmentCredential = (c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
calledCredentials.Add(typeof(EnvironmentCredential));
return((availableCredential == typeof(EnvironmentCredential)) ? expToken : throw new CredentialUnavailableException("Unavailable"));
};
};
credFactory.OnCreateManagedIdentityCredential = (clientId, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
calledCredentials.Add(typeof(ManagedIdentityCredential));
return((availableCredential == typeof(ManagedIdentityCredential)) ? expToken : throw new CredentialUnavailableException("Unavailable"));
};
};
credFactory.OnCreateSharedTokenCacheCredential = (tenantId, username, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
calledCredentials.Add(typeof(SharedTokenCacheCredential));
return((availableCredential == typeof(SharedTokenCacheCredential)) ? expToken : throw new CredentialUnavailableException("Unavailable"));
};
};
credFactory.OnCreateAzureCliCredential = (c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
calledCredentials.Add(typeof(AzureCliCredential));
return((availableCredential == typeof(AzureCliCredential)) ? expToken : throw new CredentialUnavailableException("Unavailable"));
};
};
credFactory.OnCreateInteractiveBrowserCredential = (_, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
calledCredentials.Add(typeof(InteractiveBrowserCredential));
return((availableCredential == typeof(InteractiveBrowserCredential)) ? expToken : throw new CredentialUnavailableException("Unavailable"));
};
};
credFactory.OnCreateVisualStudioCredential = (_, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
calledCredentials.Add(typeof(VisualStudioCredential));
return((availableCredential == typeof(VisualStudioCredential)) ? expToken : throw new CredentialUnavailableException("Unavailable"));
};
};
credFactory.OnCreateVisualStudioCodeCredential = (_, c) =>
{
((MockTokenCredential)c).TokenFactory = (context, cancel) =>
{
calledCredentials.Add(typeof(VisualStudioCodeCredential));
return((availableCredential == typeof(VisualStudioCodeCredential)) ? expToken : throw new CredentialUnavailableException("Unavailable"));
};
};
var options = new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = false,
ExcludeManagedIdentityCredential = false,
ExcludeSharedTokenCacheCredential = false,
ExcludeAzureCliCredential = false,
ExcludeInteractiveBrowserCredential = false
};
var cred = new DefaultAzureCredential(credFactory, options);
AccessToken actToken = await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.AreEqual(expToken.Token, actToken.Token);
// assert that the available credential was the last credential called
Assert.AreEqual(calledCredentials[calledCredentials.Count - 1], availableCredential);
calledCredentials.Clear();
actToken = await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.AreEqual(expToken.Token, actToken.Token);
// assert that the available credential was the only credential called
Assert.AreEqual(calledCredentials.Count, 1);
Assert.AreEqual(calledCredentials[0], availableCredential);
}
public async Task AuthenticateWithVscCredential_BrokenSettingsFile()
{
var tenantId = GetTenantId();
var refreshToken = await GetRefreshTokenAsync(tenantId);
var fileSystemService = new TestFileSystemService {
ReadAllHandler = s => "{a,}"
};
var vscAdapter = new TestVscAdapter(ExpectedServiceName, "Azure", refreshToken);
TokenCredentialOptions options = Recording.InstrumentClientOptions(new TokenCredentialOptions());
VisualStudioCodeCredential credential = InstrumentClient(new VisualStudioCodeCredential(tenantId, CredentialPipeline.GetInstance(options), fileSystemService, vscAdapter));
AccessToken token = await credential.GetTokenAsync(new TokenRequestContext(new[] { ".default" }), CancellationToken.None);
Assert.IsNotNull(token.Token);
}
public void AuthenticateWithAzurePowerShellCredential_AzurePowerShellUnknownError()
{
string mockResult = "mock-result";
var testProcess = new TestProcess {
Error = mockResult
};
AzurePowerShellCredential credential = InstrumentClient(new AzurePowerShellCredential(new AzurePowerShellCredentialOptions(), CredentialPipeline.GetInstance(null), new TestProcessService(testProcess)));
Assert.ThrowsAsync <AuthenticationFailedException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
}
public void ValidateUnhandledException([Values(0, 1, 2, 3)] int exPossition)
{
var credFactory = new MockDefaultAzureCredentialFactory(CredentialPipeline.GetInstance(null));
credFactory.OnCreateEnvironmentCredential = (c) =>
{
((MockExtendedTokenCredential)c).TokenFactory = (context, cancel) =>
{
if (exPossition > 0)
{
return(new ExtendedAccessToken(new CredentialUnavailableException("EnvironmentCredential Unavailable")));
}
else
{
return(new ExtendedAccessToken(new MockClientException("EnvironmentCredential unhandled exception")));
}
};
};
credFactory.OnCreateManagedIdentityCredential = (clientId, c) =>
{
((MockExtendedTokenCredential)c).TokenFactory = (context, cancel) =>
{
if (exPossition > 1)
{
return(new ExtendedAccessToken(new CredentialUnavailableException("ManagedIdentityCredential Unavailable")));
}
else
{
return(new ExtendedAccessToken(new MockClientException("ManagedIdentityCredential unhandled exception")));
}
};
};
credFactory.OnCreateSharedTokenCacheCredential = (username, c) =>
{
((MockExtendedTokenCredential)c).TokenFactory = (context, cancel) =>
{
if (exPossition > 2)
{
return(new ExtendedAccessToken(new CredentialUnavailableException("SharedTokenCacheCredential Unavailable")));
}
else
{
return(new ExtendedAccessToken(new MockClientException("SharedTokenCacheCredential unhandled exception")));
}
};
};
credFactory.OnCreateInteractiveBrowserCredential = (c) =>
{
((MockExtendedTokenCredential)c).TokenFactory = (context, cancel) =>
{
return(new ExtendedAccessToken(new MockClientException("InteractiveBrowserCredential unhandled exception")));
};
};
var options = new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = false,
ExcludeManagedIdentityCredential = false,
ExcludeSharedTokenCacheCredential = false,
ExcludeInteractiveBrowserCredential = false
};
var cred = new DefaultAzureCredential(credFactory, options);
var ex = Assert.ThrowsAsync <AuthenticationFailedException>(async() => await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
if (exPossition > 0)
{
Assert.True(ex.Message.Contains("EnvironmentCredential Unavailable"));
}
if (exPossition > 1)
{
Assert.True(ex.Message.Contains("ManagedIdentityCredential Unavailable"));
}
if (exPossition > 2)
{
Assert.True(ex.Message.Contains("SharedTokenCacheCredential Unavailable"));
}
switch (exPossition)
{
case 0:
Assert.True(ex.Message.Contains("EnvironmentCredential unhandled exception"));
break;
case 1:
Assert.True(ex.Message.Contains("ManagedIdentityCredential unhandled exception"));
break;
case 2:
Assert.True(ex.Message.Contains("SharedTokenCacheCredential unhandled exception"));
break;
case 3:
Assert.True(ex.Message.Contains("InteractiveBrowserCredential unhandled exception"));
break;
default:
Assert.Fail();
break;
}
}
public async Task ValidateSharedTokenCacheCredentialFailedEvents()
{
var expExMessage = Guid.NewGuid().ToString();
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new IAccount[] { new MockAccount("*****@*****.**") },
SilentAuthFactory = (_) => throw new MockClientException(expExMessage)
};
var credential = InstrumentClient(new SharedTokenCacheCredential(null, "*****@*****.**", CredentialPipeline.GetInstance(null), mockMsalClient));
var method = "SharedTokenCacheCredential.GetToken";
await AssertCredentialGetTokenFailedAsync(credential, method, expExMessage);
}
