public async Task VerifyMSIRequest() { var pingResponse = new MockResponse(400); var response = new MockResponse(200); var expectedToken = "mock-msi-access-token"; response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": 3600 }}"); var mockTransport = new MockTransport(pingResponse, response); var options = new IdentityClientOptions() { Transport = mockTransport }; var credential = new ManagedIdentityCredential(options: options); AccessToken actualToken = await credential.GetTokenAsync(MockScopes.Default); Assert.AreEqual(expectedToken, actualToken.Token); MockRequest request = mockTransport.Requests[1]; string query = request.UriBuilder.Query; Assert.IsTrue(query.Contains("api-version=2018-02-01")); Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}")); Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string metadataValue)); Assert.AreEqual("true", metadataValue); }
public async Task VerifyAppService2019RequestWithClientIdMockAsync() { using (new TestEnvVar("IDENTITY_ENDPOINT", "https://identity.endpoint/")) using (new TestEnvVar("IDENTITY_HEADER", "mock-identity-header")) { var expectedToken = "mock-access-token"; var response = new MockResponse(200); response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"3600\" }}"); var mockTransport = new MockTransport(response); var options = new TokenCredentialOptions { Transport = mockTransport }; ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential("mock-client-id", options)); AccessToken actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)); Assert.AreEqual(expectedToken, actualToken.Token); MockRequest request = mockTransport.SingleRequest; Assert.IsTrue(request.Uri.ToString().StartsWith(EnvironmentVariables.IdentityEndpoint)); string query = request.Uri.Query; Assert.IsTrue(query.Contains("api-version=2019-08-01")); Assert.IsTrue(query.Contains("client_id=mock-client-id")); Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}")); Assert.IsTrue(request.Headers.TryGetValue("X-IDENTITY-HEADER", out string identityHeader)); Assert.AreEqual(EnvironmentVariables.IdentityHeader, identityHeader); } }
public async Task VerifyCloudShellMsiRequestWithClientIdMockAsync() { using (new TestEnvVar("MSI_ENDPOINT", "https://mock.msi.endpoint/")) using (new TestEnvVar("MSI_SECRET", null)) { var response = new MockResponse(200); var expectedToken = "mock-msi-access-token"; response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": {(DateTimeOffset.UtcNow + TimeSpan.FromSeconds(3600)).ToUnixTimeSeconds()} }}"); var mockTransport = new MockTransport(response); var options = new AzureCredentialOptions() { Transport = mockTransport }; ManagedIdentityClient client = InstrumentClient(new ManagedIdentityClient(options)); AccessToken actualToken = await client.AuthenticateAsync(MockScopes.Default, "mock-client-id"); Assert.AreEqual(expectedToken, actualToken.Token); MockRequest request = mockTransport.Requests[0]; Assert.IsTrue(request.Uri.ToString().StartsWith("https://mock.msi.endpoint/")); Assert.IsTrue(request.Content.TryComputeLength(out long contentLen)); var content = new byte[contentLen]; MemoryStream contentBuff = new MemoryStream(content); request.Content.WriteTo(contentBuff, default); string body = Encoding.UTF8.GetString(content); Assert.IsTrue(body.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}")); Assert.IsTrue(body.Contains($"client_id=mock-client-id")); Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string actMetadata)); Assert.AreEqual("true", actMetadata); } }
public async Task VerifyImdsRequestWithClientIdMockAsync() { using (new TestEnvVar("MSI_ENDPOINT", null)) using (new TestEnvVar("MSI_SECRET", null)) { var response = new MockResponse(200); var expectedToken = "mock-msi-access-token"; response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"3600\" }}"); var mockTransport = new MockTransport(response); var options = new TokenCredentialOptions() { Transport = mockTransport }; var pipeline = CredentialPipeline.GetInstance(options); var client = new MockManagedIdentityClient(pipeline, "mock-client-id") { ManagedIdentitySourceFactory = () => new ImdsManagedIdentitySource(pipeline.HttpPipeline, "mock-client-id") }; ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential(pipeline, client)); AccessToken actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)); Assert.AreEqual(expectedToken, actualToken.Token); MockRequest request = mockTransport.Requests[0]; string query = request.Uri.Query; Assert.IsTrue(query.Contains("api-version=2018-02-01")); Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}")); Assert.IsTrue(query.Contains($"client_id=mock-client-id")); Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string metadataValue)); Assert.AreEqual("true", metadataValue); } }
public async Task VerifyAppServiceMsiRequestWithClientIdMockAsync() { using (new TestEnvVar("MSI_ENDPOINT", "https://mock.msi.endpoint/")) using (new TestEnvVar("MSI_SECRET", "mock-msi-secret")) { var response = new MockResponse(200); var expectedToken = "mock-msi-access-token"; response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"{DateTimeOffset.UtcNow.ToString()}\" }}"); var mockTransport = new MockTransport(response); var options = new AzureCredentialOptions() { Transport = mockTransport }; ManagedIdentityClient client = InstrumentClient(new ManagedIdentityClient(options)); AccessToken actualToken = await client.AuthenticateAsync(MockScopes.Default, "mock-client-id"); Assert.AreEqual(expectedToken, actualToken.Token); MockRequest request = mockTransport.Requests[0]; Assert.IsTrue(request.Uri.ToString().StartsWith("https://mock.msi.endpoint/")); string query = request.Uri.Query; Assert.IsTrue(query.Contains("api-version=2017-09-01")); Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}")); Assert.IsTrue(query.Contains($"client_id=mock-client-id")); Assert.IsTrue(request.Headers.TryGetValue("secret", out string actSecretValue)); Assert.AreEqual("mock-msi-secret", actSecretValue); } }
public async Task VerifyImdsRequestWithClientIdMockAsync() { using (new TestEnvVar("MSI_ENDPOINT", null)) using (new TestEnvVar("MSI_SECRET", null)) { var response = new MockResponse(200); var expectedToken = "mock-msi-access-token"; response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"3600\" }}"); var mockTransport = new MockTransport(response, response); var options = new AzureCredentialOptions() { Transport = mockTransport }; ManagedIdentityClient client = InstrumentClient(new ManagedIdentityClient(options)); AccessToken actualToken = await client.AuthenticateAsync(MockScopes.Default, clientId : "mock-client-id"); Assert.AreEqual(expectedToken, actualToken.Token); MockRequest request = mockTransport.Requests[mockTransport.Requests.Count - 1]; string query = request.Uri.Query; Assert.IsTrue(query.Contains("api-version=2018-02-01")); Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}")); Assert.IsTrue(query.Contains($"client_id=mock-client-id")); Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string metadataValue)); Assert.AreEqual("true", metadataValue); } }