public static void Initialize()
{
AzureSession.Instance.DataStore = new MemoryDataStore();
AzureRmProfileProvider.Instance.Profile = new AzureRmProfile();
PowerShellTokenCacheProvider tokenCacheProvider = new InMemoryTokenCacheProvider();
AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => tokenCacheProvider);
IAuthenticatorBuilder builder = new DefaultAuthenticatorBuilder();
AzureSession.Instance.RegisterComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, () => builder);
AzureSession.Instance.RegisterComponent(nameof(AzureCredentialFactory), () => new AzureCredentialFactory());
AzureSession.Instance.RegisterComponent(nameof(MsalAccessTokenAcquirerFactory), () => new MsalAccessTokenAcquirerFactory());
}
private void InitializeSession()
{
AzureSessionInitializer.CreateOrReplaceSession(new MemoryDataStore());
AzureSession.Instance.ARMContextSaveMode = ContextSaveMode.Process;
PowerShellTokenCacheProvider cacheProvider = new InMemoryTokenCacheProvider();
AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => cacheProvider, true);
if (!AzureSession.Instance.TryGetComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, out IAuthenticatorBuilder builder))
{
builder = new DefaultAuthenticatorBuilder();
AzureSession.Instance.RegisterComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, () => builder);
}
var profile = new AzureRmProfile
{
DefaultContext = defaultContext
};
cmdlet.profileClient = new RMProfileClient(profile);
}
public void CanAuthenticateWithAccessToken()
{
AzureSessionInitializer.InitializeAzureSession();
IAuthenticatorBuilder authenticatorBuilder = new DefaultAuthenticatorBuilder();
AzureSession.Instance.RegisterComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, () => authenticatorBuilder);
PowerShellTokenCacheProvider factory = new InMemoryTokenCacheProvider();
AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => factory);
string tenant = Guid.NewGuid().ToString();
string userId = "*****@*****.**";
var armToken = Guid.NewGuid().ToString();
var graphToken = Guid.NewGuid().ToString();
var kvToken = Guid.NewGuid().ToString();
var account = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.AccessToken
};
account.SetTenants(tenant);
account.SetAccessToken(armToken);
account.SetProperty(AzureAccount.Property.GraphAccessToken, graphToken);
account.SetProperty(AzureAccount.Property.KeyVaultAccessToken, kvToken);
var authFactory = new AuthenticationFactory();
var environment = AzureEnvironment.PublicEnvironments.Values.First();
var checkArmToken = authFactory.Authenticate(account, environment, tenant, new System.Security.SecureString(), "Never", null);
VerifyToken(checkArmToken, armToken, userId, tenant);
checkArmToken = authFactory.Authenticate(account, environment, tenant, new System.Security.SecureString(), "Never", null, environment.ActiveDirectoryServiceEndpointResourceId);
VerifyToken(checkArmToken, armToken, userId, tenant);
var checkGraphToken = authFactory.Authenticate(account, environment, tenant, new System.Security.SecureString(), "Never", null, AzureEnvironment.Endpoint.GraphEndpointResourceId);
VerifyToken(checkGraphToken, graphToken, userId, tenant);
checkGraphToken = authFactory.Authenticate(account, environment, tenant, new System.Security.SecureString(), "Never", null, environment.GraphEndpointResourceId);
VerifyToken(checkGraphToken, graphToken, userId, tenant);
var checkKVToken = authFactory.Authenticate(account, environment, tenant, new System.Security.SecureString(), "Never", null, environment.AzureKeyVaultServiceEndpointResourceId);
VerifyToken(checkKVToken, kvToken, userId, tenant);
checkKVToken = authFactory.Authenticate(account, environment, tenant, new System.Security.SecureString(), "Never", null, AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId);
VerifyToken(checkKVToken, kvToken, userId, tenant);
}
public void CanGetServiceClientCredentialsWithAccessToken()
{
AzureSessionInitializer.InitializeAzureSession();
IAuthenticatorBuilder authenticatorBuilder = new DefaultAuthenticatorBuilder();
AzureSession.Instance.RegisterComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, () => authenticatorBuilder);
PowerShellTokenCacheProvider factory = new InMemoryTokenCacheProvider();
AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => factory);
string tenant = Guid.NewGuid().ToString();
string userId = "*****@*****.**";
var armToken = Guid.NewGuid().ToString();
var graphToken = Guid.NewGuid().ToString();
var kvToken = Guid.NewGuid().ToString();
var account = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.AccessToken
};
account.SetTenants(tenant);
account.SetAccessToken(armToken);
account.SetProperty(AzureAccount.Property.GraphAccessToken, graphToken);
account.SetProperty(AzureAccount.Property.KeyVaultAccessToken, kvToken);
var authFactory = new AuthenticationFactory();
var environment = AzureEnvironment.PublicEnvironments.Values.First();
var mockContext = new AzureContext()
{
Account = account
};
var credentials = authFactory.GetServiceClientCredentials(mockContext);
VerifyAccessTokenInServiceClientCredentials(credentials, armToken);
credentials = authFactory.GetServiceClientCredentials(mockContext, AzureEnvironment.Endpoint.Graph);
VerifyAccessTokenInServiceClientCredentials(credentials, graphToken);
credentials = authFactory.GetServiceClientCredentials(mockContext, AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId);
VerifyAccessTokenInServiceClientCredentials(credentials, kvToken);
}
public void CanAuthenticateUsingMSIObjectId()
{
AzureSessionInitializer.InitializeAzureSession();
IAuthenticatorBuilder authenticatorBuilder = new DefaultAuthenticatorBuilder();
AzureSession.Instance.RegisterComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, () => authenticatorBuilder);
PowerShellTokenCacheProvider factory = new InMemoryTokenCacheProvider();
AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => factory);
string expectedAccessToken = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for ARM URI: {0}", expectedAccessToken);
string expectedToken2 = Guid.NewGuid().ToString();
string tenant = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for graph URI: {0}", expectedToken2);
string userId = Guid.NewGuid().ToString();
var account = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.ManagedService
};
var environment = AzureEnvironment.PublicEnvironments["AzureCloud"];
var expectedResource = environment.ActiveDirectoryServiceEndpointResourceId;
var builder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
builder.Query = $"resource={Uri.EscapeDataString(environment.ActiveDirectoryServiceEndpointResourceId)}&object_id={userId}&api-version=2018-02-01";
var defaultUri = builder.Uri.ToString();
var customBuilder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
customBuilder.Query = $"resource={Uri.EscapeDataString(environment.GraphEndpointResourceId)}&object_id={userId}&api-version=2018-02-01";
var customUri = customBuilder.Uri.ToString();
var responses = new Dictionary <string, ManagedServiceTokenInfo>(StringComparer.OrdinalIgnoreCase)
{
{ defaultUri, new ManagedServiceTokenInfo {
AccessToken = expectedAccessToken, ExpiresIn = 3600, Resource = expectedResource
} },
{ customUri, new ManagedServiceTokenInfo {
AccessToken = expectedToken2, ExpiresIn = 3600, Resource = environment.GraphEndpointResourceId
} }
};
AzureSession.Instance.RegisterComponent(HttpClientOperationsFactory.Name, () => TestHttpOperationsFactory.Create(responses, _output), true);
var authFactory = new AuthenticationFactory();
IRenewableToken token = (IRenewableToken)authFactory.Authenticate(account, environment, tenant, null, null, null);
_output.WriteLine($"Received access token for default Uri ${token.AccessToken}");
Assert.Equal(expectedAccessToken, token.AccessToken);
Assert.Equal(3600, Math.Round(token.ExpiresOn.Subtract(DateTimeOffset.Now).TotalSeconds));
var account2 = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.ManagedService
};
var token2 = authFactory.Authenticate(account2, environment, tenant, null, null, null, AzureEnvironment.Endpoint.GraphEndpointResourceId);
_output.WriteLine($"Received access token for custom Uri ${token2.AccessToken}");
Assert.Equal(expectedToken2, token2.AccessToken);
var token3 = authFactory.Authenticate(account, environment, tenant, null, null, null, "bar");
Assert.Throws <InvalidOperationException>(() => token3.AccessToken);
}
/// <summary>
/// Load global aliases for ARM
/// </summary>
public void OnImport()
{
#if DEBUG
try
{
#endif
AzureSessionInitializer.InitializeAzureSession();
AzureSessionInitializer.MigrateAdalCache(AzureSession.Instance, GetAzureContextContainer, WriteInitializationWarnings);
#if DEBUG
if (!TestMockSupport.RunningMocked)
{
#endif
AzureSession.Instance.DataStore = new DiskDataStore();
#if DEBUG
}
#endif
var autoSaveEnabled = AzureSession.Instance.ARMContextSaveMode == ContextSaveMode.CurrentUser;
var autosaveVariable = System.Environment.GetEnvironmentVariable(AzureProfileConstants.AzureAutosaveVariable);
if (bool.TryParse(autosaveVariable, out bool localAutosave))
{
autoSaveEnabled = localAutosave;
}
try
{
if (autoSaveEnabled && !TokenCachePersistenceChecker.Verify())
{
// If token cache persistence is not supported, fall back to plain text persistence, and print a warning
// We cannot just throw an exception here because this is called when importing the module
WriteInitializationWarnings(Resources.TokenCacheEncryptionNotSupportedWithFallback);
}
}
catch (Exception ex)
{
//Likely the exception is related permission, fall back context save mode to process
autoSaveEnabled = false;
AzureSession.Instance.ARMContextSaveMode = ContextSaveMode.Process;
WriteInitializationWarnings(Resources.FallbackContextSaveModeDueCacheCheckError.FormatInvariant(ex.Message));
}
if (!InitializeProfileProvider(autoSaveEnabled))
{
AzureSession.Instance.ARMContextSaveMode = ContextSaveMode.Process;
autoSaveEnabled = false;
}
IServicePrincipalKeyStore keyStore =
new AzureRmServicePrincipalKeyStore(AzureRmProfileProvider.Instance.Profile);
AzureSession.Instance.RegisterComponent(ServicePrincipalKeyStore.Name, () => keyStore);
IAuthenticatorBuilder builder = null;
if (!AzureSession.Instance.TryGetComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, out builder))
{
builder = new DefaultAuthenticatorBuilder();
AzureSession.Instance.RegisterComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, () => builder);
}
PowerShellTokenCacheProvider provider = null;
if (autoSaveEnabled)
{
provider = new SharedTokenCacheProvider();
}
else // if autosave is disabled, or the shared factory fails to initialize, we fallback to in memory
{
provider = new InMemoryTokenCacheProvider();
}
var tokenCache = provider.GetTokenCache();
IAzureEventListenerFactory azureEventListenerFactory = new AzureEventListenerFactory();
AzureSession.Instance.RegisterComponent(nameof(CommonUtilities), () => new CommonUtilities());
AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => provider);
AzureSession.Instance.RegisterComponent(nameof(IAzureEventListenerFactory), () => azureEventListenerFactory);
AzureSession.Instance.RegisterComponent(nameof(PowerShellTokenCache), () => tokenCache);
AzureSession.Instance.RegisterComponent(nameof(AzureCredentialFactory), () => new AzureCredentialFactory());
AzureSession.Instance.RegisterComponent(nameof(MsalAccessTokenAcquirerFactory), () => new MsalAccessTokenAcquirerFactory());
#if DEBUG
}
catch (Exception) when(TestMockSupport.RunningMocked)
{
// This will throw exception for tests, ignore.
}
#endif
}
/// <summary>
/// Load global aliases for ARM
/// </summary>
public void OnImport()
{
#if DEBUG
try
{
#endif
AzureSessionInitializer.InitializeAzureSession();
AzureSessionInitializer.MigrateAdalCache(AzureSession.Instance, GetAzureContextContainer, WriteInitializationWarnings);
#if DEBUG
if (!TestMockSupport.RunningMocked)
{
#endif
AzureSession.Instance.DataStore = new DiskDataStore();
#if DEBUG
}
#endif
var autoSaveEnabled = AzureSession.Instance.ARMContextSaveMode == ContextSaveMode.CurrentUser;
var autosaveVariable = System.Environment.GetEnvironmentVariable(AzureProfileConstants.AzureAutosaveVariable);
if (bool.TryParse(autosaveVariable, out bool localAutosave))
{
autoSaveEnabled = localAutosave;
}
try
{
if (autoSaveEnabled && !TokenCachePersistenceChecker.Verify())
{
if (!RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
{
// In Windows and macOS platforms, unknown errors are discovered that fails the persistence check.
// Disable context autosaving before msal library provide a fallback method for the case.
throw new PSInvalidOperationException(Resources.TokenCachePersistenceCheckError);
}
// If token cache persistence is not supported, fall back to plain text persistence, and print a warning
// We cannot just throw an exception here because this is called when importing the module
WriteInitializationWarnings(Resources.TokenCacheEncryptionNotSupportedWithFallback);
}
}
catch (Exception ex)
{
//Likely the exception is related permission, fall back context save mode to process
autoSaveEnabled = false;
AzureSession.Instance.ARMContextSaveMode = ContextSaveMode.Process;
WriteInitializationWarnings(Resources.FallbackContextSaveModeDueCacheCheckError.FormatInvariant(ex.Message));
}
if (!InitializeProfileProvider(autoSaveEnabled))
{
AzureSession.Instance.ARMContextSaveMode = ContextSaveMode.Process;
autoSaveEnabled = false;
}
#pragma warning disable CS0618 // Type or member is obsolete
var keyStore = new AzKeyStore(AzureRmProfileProvider.Instance.Profile);
#pragma warning restore CS0618 // Type or member is obsolete
AzureSession.Instance.RegisterComponent(AzKeyStore.Name, () => keyStore);
IAuthenticatorBuilder builder = null;
if (!AzureSession.Instance.TryGetComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, out builder))
{
builder = new DefaultAuthenticatorBuilder();
AzureSession.Instance.RegisterComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, () => builder);
}
PowerShellTokenCacheProvider provider = null;
if (autoSaveEnabled)
{
provider = new SharedTokenCacheProvider();
}
else // if autosave is disabled, or the shared factory fails to initialize, we fallback to in memory
{
provider = new InMemoryTokenCacheProvider();
}
IAzureEventListenerFactory azureEventListenerFactory = new AzureEventListenerFactory();
AzureSession.Instance.RegisterComponent(nameof(CommonUtilities), () => new CommonUtilities());
// It's tricky to register a component as an Interface
// Make sure componentInitializer return the Interface, not the derived type
AzureSession.Instance.RegisterComponent(nameof(ISharedUtilities), () => new AzureRmSharedUtilities() as ISharedUtilities);
AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => provider);
AzureSession.Instance.RegisterComponent(nameof(IAzureEventListenerFactory), () => azureEventListenerFactory);
AzureSession.Instance.RegisterComponent(nameof(AzureCredentialFactory), () => new AzureCredentialFactory());
AzureSession.Instance.RegisterComponent(nameof(MsalAccessTokenAcquirerFactory), () => new MsalAccessTokenAcquirerFactory());
AzureSession.Instance.RegisterComponent <ISshCredentialFactory>(nameof(ISshCredentialFactory), () => new SshCredentialFactory());
#if DEBUG
}
catch (Exception) when(TestMockSupport.RunningMocked)
{
// This will throw exception for tests, ignore.
}
#endif
}
public void CanAuthenticateUsingMSIDefault()
{
AzureSessionInitializer.InitializeAzureSession();
IAuthenticatorBuilder authenticatorBuilder = new DefaultAuthenticatorBuilder();
AzureSession.Instance.RegisterComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, () => authenticatorBuilder);
PowerShellTokenCacheProvider factory = new InMemoryTokenCacheProvider();
AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => factory);
var msalAccessTokenAcquirerFactory = new MsalAccessTokenAcquirerFactory();
AzureSession.Instance.RegisterComponent(nameof(MsalAccessTokenAcquirerFactory), () => msalAccessTokenAcquirerFactory, true);
string expectedAccessToken = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for default URI: {0}", expectedAccessToken);
var mockAzureCredentialFactory = new MockAzureCredentialFactory();
MockManagedIdentityCredential mockManagedIdentityCredential = null;
mockAzureCredentialFactory.CredentialFactory = (clientId) =>
{
return(mockManagedIdentityCredential = new MockManagedIdentityCredential(clientId)
{
TokenFactory = () => new AccessToken(expectedAccessToken, DateTimeOffset.Now)
});
};
AzureSession.Instance.RegisterComponent(nameof(AzureCredentialFactory), () => (AzureCredentialFactory)mockAzureCredentialFactory, true);
string expectedToken2 = Guid.NewGuid().ToString();
string tenant = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for custom URI: {0}", expectedToken2);
string userId = Constants.DefaultMsiAccountIdPrefix + "12345";
var account = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.ManagedService
};
var environment = AzureEnvironment.PublicEnvironments["AzureCloud"];
var expectedResource = environment.ActiveDirectoryServiceEndpointResourceId;
var builder = new UriBuilder(AuthenticationFactory.DefaultBackupMSILoginUri);
//builder.Query = $"resource={Uri.EscapeDataString(environment.ActiveDirectoryServiceEndpointResourceId)}&api-version=2018-02-01";
//var defaultUri = builder.Uri.ToString();
//var responses = new Dictionary<string, ManagedServiceTokenInfo>(StringComparer.OrdinalIgnoreCase)
//{
// {defaultUri, new ManagedServiceTokenInfo { AccessToken = expectedAccessToken, ExpiresIn = 3600, Resource=expectedResource}},
// {"http://*****:*****@foo.com";
var account2 = new AzureAccount
{
Id = userId2,
Type = AzureAccount.AccountType.ManagedService
};
//account2.SetProperty(AzureAccount.Property.MSILoginUri, "http://myfunkyurl:10432/oauth2/token");
expectedAccessToken = expectedToken2;
var token2 = authFactory.Authenticate(account2, environment, tenant, null, null, null, "foo");
_output.WriteLine($"Received access token for custom Uri ${token2.AccessToken}");
Assert.Equal(expectedToken2, token2.AccessToken);
Assert.Equal(userId2, mockManagedIdentityCredential.AccountId);
//var token3 = authFactory.Authenticate(account, environment, tenant, null, null, null, "bar");
//Assert.Throws<InvalidOperationException>(() => token3.AccessToken);
}
