From 7548d72f62d3179bb5c3b845ee909db4380ed4a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Rodr=C3=ADguez?= Date: Mon, 4 Oct 2021 16:23:15 -0400 Subject: [PATCH] [Identity] Fixes after manual tests (#18011) * AzureCLI fix and better comments * several improvements --- sdk/identity/identity/CHANGELOG.md | 2 + .../applicationCredential.browser.ts | 7 ++- .../src/credentials/applicationCredential.ts | 20 +++---- .../authorizationCodeCredential.browser.ts | 3 ++ .../credentials/azureCliCredential.browser.ts | 7 +++ .../src/credentials/azureCliCredential.ts | 11 ++-- .../azurePowerShellCredential.browser.ts | 4 +- .../credentials/azurePowerShellCredential.ts | 12 ++--- .../clientCertificateCredential.browser.ts | 7 +++ .../src/credentials/defaultAzureCredential.ts | 26 ++++++---- .../deviceCodeCredential.browser.ts | 7 +++ .../src/credentials/deviceCodeCredential.ts | 14 +++++ .../environmentCredential.browser.ts | 7 +++ .../src/credentials/environmentCredential.ts | 18 +------ .../interactiveBrowserCredential.browser.ts | 14 ++--- .../interactiveBrowserCredential.ts | 14 ++--- .../onBehalfOfCredential.browser.ts | 6 +++ .../credentials/usernamePasswordCredential.ts | 2 - .../visualStudioCodeCredential.browser.ts | 6 +++ .../credentials/visualStudioCodeCredential.ts | 2 +- .../msal/nodeFlows/msalAuthorizationCode.ts | 2 +- .../internal/node/azureCliCredential.spec.ts | 52 ++++++++++++++----- 22 files changed, 162 insertions(+), 81 deletions(-) diff --git a/sdk/identity/identity/CHANGELOG.md b/sdk/identity/identity/CHANGELOG.md index 17e208653ba3..7c7feec79323 100644 --- a/sdk/identity/identity/CHANGELOG.md +++ b/sdk/identity/identity/CHANGELOG.md @@ -13,6 +13,8 @@ ### Bugs Fixed +- Fixed a bug that caused `AzureCliCredential` to fail when a custom tenant ID was provided. + ### Other Changes ## 2.0.0-beta.6 (2021-09-09) diff --git a/sdk/identity/identity/src/credentials/applicationCredential.browser.ts b/sdk/identity/identity/src/credentials/applicationCredential.browser.ts index 15ec08e380ca..f716c1d44ea5 100644 --- a/sdk/identity/identity/src/credentials/applicationCredential.browser.ts +++ b/sdk/identity/identity/src/credentials/applicationCredential.browser.ts @@ -16,12 +16,17 @@ const logger = credentialLogger("ApplicationCredential"); * Provides a default {@link ChainedTokenCredential} configuration for * applications that will be deployed to Azure. * - * Only available in NodeJS. + * Only available in Node.js */ export class ApplicationCredential extends ChainedTokenCredential { /** * Creates an instance of the ApplicationCredential class. * + * The ApplicationCredential provides a default {@link ChainedTokenCredential} configuration for + * applications that will be deployed to Azure. + * + * Only available in Node.js + * * @param options - Options for configuring the client which makes the authentication request. */ constructor(_tokenCredentialOptions?: TokenCredentialOptions) { diff --git a/sdk/identity/identity/src/credentials/applicationCredential.ts b/sdk/identity/identity/src/credentials/applicationCredential.ts index be7bd1506cf2..d199fc811c8f 100644 --- a/sdk/identity/identity/src/credentials/applicationCredential.ts +++ b/sdk/identity/identity/src/credentials/applicationCredential.ts @@ -39,20 +39,22 @@ export const ApplicationCredentials: ApplicationCredentialConstructor[] = [ /** * Provides a default {@link ChainedTokenCredential} configuration that should - * work for most applications that use the Azure SDK. The following credential - * types will be tried, in order: - * - * - {@link EnvironmentCredential} - * - {@link ManagedIdentityCredential} - - * - * Consult the documentation of these credential types for more information - * on how they attempt authentication. + * work for most applications that use the Azure SDK. */ export class ApplicationCredential extends ChainedTokenCredential { /** * Creates an instance of the ApplicationCredential class. * + * The ApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should + * work for most applications that use the Azure SDK. The following credential + * types will be tried, in order: + * + * - {@link EnvironmentCredential} + * - {@link ManagedIdentityCredential} + * + * Consult the documentation of these credential types for more information + * on how they attempt authentication. + * * @param options - Optional parameters. See {@link ApplicationCredentialOptions}. */ constructor(options?: ApplicationCredentialOptions) { diff --git a/sdk/identity/identity/src/credentials/authorizationCodeCredential.browser.ts b/sdk/identity/identity/src/credentials/authorizationCodeCredential.browser.ts index 364afd8b852f..237b47c5a53a 100644 --- a/sdk/identity/identity/src/credentials/authorizationCodeCredential.browser.ts +++ b/sdk/identity/identity/src/credentials/authorizationCodeCredential.browser.ts @@ -12,6 +12,9 @@ const BrowserNotSupportedError = new Error( const logger = credentialLogger("AuthorizationCodeCredential"); export class AuthorizationCodeCredential implements TokenCredential { + /** + * Only available in Node.js + */ constructor( tenantId: string | "common", clientId: string, diff --git a/sdk/identity/identity/src/credentials/azureCliCredential.browser.ts b/sdk/identity/identity/src/credentials/azureCliCredential.browser.ts index 501ee08e4568..aa967ea72654 100644 --- a/sdk/identity/identity/src/credentials/azureCliCredential.browser.ts +++ b/sdk/identity/identity/src/credentials/azureCliCredential.browser.ts @@ -8,7 +8,14 @@ import { credentialLogger, formatError } from "../util/logging"; const BrowserNotSupportedError = new Error("AzureCliCredential is not supported in the browser."); const logger = credentialLogger("AzureCliCredential"); +/** + * This credential will use the currently logged-in user login information + * via the Azure CLI ('az') commandline tool. + */ export class AzureCliCredential implements TokenCredential { + /** + * Only available in Node.js + */ constructor() { logger.info(formatError("", BrowserNotSupportedError)); throw BrowserNotSupportedError; diff --git a/sdk/identity/identity/src/credentials/azureCliCredential.ts b/sdk/identity/identity/src/credentials/azureCliCredential.ts index 6485c5bf390b..e0dd2f6a84f6 100644 --- a/sdk/identity/identity/src/credentials/azureCliCredential.ts +++ b/sdk/identity/identity/src/credentials/azureCliCredential.ts @@ -7,7 +7,7 @@ import { createSpan } from "../util/tracing"; import { CredentialUnavailableError } from "../client/errors"; import { SpanStatusCode } from "@azure/core-tracing"; import { credentialLogger, formatSuccess, formatError } from "../util/logging"; -import * as child_process from "child_process"; +import child_process from "child_process"; import { ensureValidScope, getScopeResource } from "../util/scopeUtils"; import { AzureCliCredentialOptions } from "./azureCliCredentialOptions"; import { processMultiTenantRequest } from "../util/validateMultiTenant"; @@ -55,8 +55,8 @@ export const cliCredentialInternals = { "--output", "json", "--resource", - ...tenantSection, - resource + resource, + ...tenantSection ], { cwd: cliCredentialInternals.getSafeWorkingDir() }, (error, stdout, stderr) => { @@ -77,8 +77,6 @@ const logger = credentialLogger("AzureCliCredential"); * via the Azure CLI ('az') commandline tool. * To do so, it will read the user access token and expire time * with Azure CLI command "az account get-access-token". - * To be able to use this credential, ensure that you have already logged - * in via the 'az' tool using the command "az login" from the commandline. */ export class AzureCliCredential implements TokenCredential { private tenantId?: string; @@ -86,6 +84,9 @@ export class AzureCliCredential implements TokenCredential { /** * Creates an instance of the {@link AzureCliCredential}. * + * To use this credential, ensure that you have already logged + * in via the 'az' tool using the command "az login" from the commandline. + * * @param options - Options, to optionally allow multi-tenant requests. */ constructor(options?: AzureCliCredentialOptions) { diff --git a/sdk/identity/identity/src/credentials/azurePowerShellCredential.browser.ts b/sdk/identity/identity/src/credentials/azurePowerShellCredential.browser.ts index f1ddbc2b9a9e..5b3e082cbe7b 100644 --- a/sdk/identity/identity/src/credentials/azurePowerShellCredential.browser.ts +++ b/sdk/identity/identity/src/credentials/azurePowerShellCredential.browser.ts @@ -12,9 +12,11 @@ const logger = credentialLogger("AzurePowerShellCredential"); /** * This credential will use the currently-logged-in user's login information via the Azure Power Shell command line tool. - * This credential is not supported in browsers. */ export class AzurePowerShellCredential implements TokenCredential { + /** + * Only available in Node.js + */ constructor() { logger.info(formatError("", BrowserNotSupportedError)); throw BrowserNotSupportedError; diff --git a/sdk/identity/identity/src/credentials/azurePowerShellCredential.ts b/sdk/identity/identity/src/credentials/azurePowerShellCredential.ts index 8d61fc988fed..2e2a5000a184 100644 --- a/sdk/identity/identity/src/credentials/azurePowerShellCredential.ts +++ b/sdk/identity/identity/src/credentials/azurePowerShellCredential.ts @@ -87,12 +87,6 @@ if (isWindows) { * This credential will use the currently logged-in user information from the * Azure PowerShell module. To do so, it will read the user access token and * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}` - * - * To be able to use this credential: - * - Install the Azure Az PowerShell module with: - * `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`. - * - You have already logged in to Azure PowerShell using the command - * `Connect-AzAccount` from the command line. */ export class AzurePowerShellCredential implements TokenCredential { private tenantId?: string; @@ -100,6 +94,12 @@ export class AzurePowerShellCredential implements TokenCredential { /** * Creates an instance of the {@link AzurePowershellCredential}. * + * To use this credential: + * - Install the Azure Az PowerShell module with: + * `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`. + * - You have already logged in to Azure PowerShell using the command + * `Connect-AzAccount` from the command line. + * * @param options - Options, to optionally allow multi-tenant requests. */ constructor(options?: AzurePowerShellCredentialOptions) { diff --git a/sdk/identity/identity/src/credentials/clientCertificateCredential.browser.ts b/sdk/identity/identity/src/credentials/clientCertificateCredential.browser.ts index ff14581a9e50..f9a868b46dfa 100644 --- a/sdk/identity/identity/src/credentials/clientCertificateCredential.browser.ts +++ b/sdk/identity/identity/src/credentials/clientCertificateCredential.browser.ts @@ -9,7 +9,14 @@ const BrowserNotSupportedError = new Error( ); const logger = credentialLogger("ClientCertificateCredential"); +/** + * Enables authentication to Azure Active Directory using a PEM-encoded + * certificate that is assigned to an App Registration. + */ export class ClientCertificateCredential implements TokenCredential { + /** + * Only available in Node.js + */ constructor() { logger.info(formatError("", BrowserNotSupportedError)); throw BrowserNotSupportedError; diff --git a/sdk/identity/identity/src/credentials/defaultAzureCredential.ts b/sdk/identity/identity/src/credentials/defaultAzureCredential.ts index c0ff88f82231..f63dfeac0451 100644 --- a/sdk/identity/identity/src/credentials/defaultAzureCredential.ts +++ b/sdk/identity/identity/src/credentials/defaultAzureCredential.ts @@ -67,22 +67,26 @@ export const defaultCredentials: DefaultCredentialConstructor[] = [ /** * Provides a default {@link ChainedTokenCredential} configuration that should - * work for most applications that use the Azure SDK. The following credential - * types will be tried, in order: - * - * - {@link EnvironmentCredential} - * - {@link ManagedIdentityCredential} - * - {@link VisualStudioCodeCredential} - * - {@link AzureCliCredential} - * - {@link AzurePowerShellCredential} - * - * Consult the documentation of these credential types for more information - * on how they attempt authentication. + * work for most applications that use the Azure SDK. */ export class DefaultAzureCredential extends ChainedTokenCredential { /** * Creates an instance of the DefaultAzureCredential class. * + * This credential provides a default {@link ChainedTokenCredential} configuration that should + * work for most applications that use the Azure SDK. + * + * The following credential types will be tried, in order: + * + * - {@link EnvironmentCredential} + * - {@link ManagedIdentityCredential} + * - {@link VisualStudioCodeCredential} + * - {@link AzureCliCredential} + * - {@link AzurePowerShellCredential} + * + * Consult the documentation of these credential types for more information + * on how they attempt authentication. + * * **Note**: `VisualStudioCodeCredential` is provided by a plugin package: * `@azure/identity-vscode`. If this package is not installed and registered * using the plugin API (`useIdentityPlugin`), then authentication using diff --git a/sdk/identity/identity/src/credentials/deviceCodeCredential.browser.ts b/sdk/identity/identity/src/credentials/deviceCodeCredential.browser.ts index 811fba10264f..9dfb4350bbc8 100644 --- a/sdk/identity/identity/src/credentials/deviceCodeCredential.browser.ts +++ b/sdk/identity/identity/src/credentials/deviceCodeCredential.browser.ts @@ -8,7 +8,14 @@ import { credentialLogger, formatError } from "../util/logging"; const BrowserNotSupportedError = new Error("DeviceCodeCredential is not supported in the browser."); const logger = credentialLogger("DeviceCodeCredential"); +/** + * Enables authentication to Azure Active Directory using a device code + * that the user can enter into https://microsoft.com/devicelogin. + */ export class DeviceCodeCredential implements TokenCredential { + /** + * Only available in Node.js + */ constructor() { logger.info(formatError("", BrowserNotSupportedError)); throw BrowserNotSupportedError; diff --git a/sdk/identity/identity/src/credentials/deviceCodeCredential.ts b/sdk/identity/identity/src/credentials/deviceCodeCredential.ts index ce6e0f157c5c..da37fec03675 100644 --- a/sdk/identity/identity/src/credentials/deviceCodeCredential.ts +++ b/sdk/identity/identity/src/credentials/deviceCodeCredential.ts @@ -32,6 +32,20 @@ export class DeviceCodeCredential implements TokenCredential { * Creates an instance of DeviceCodeCredential with the details needed * to initiate the device code authorization flow with Azure Active Directory. * + * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin + * + * Developers can configure how this message is shown by passing a custom `userPromptCallback`: + * + * ```js + * const credential = new DeviceCodeCredential({ + * tenantId: env.AZURE_TENANT_ID, + * clientId: env.AZURE_CLIENT_ID, + * userPromptCallback: (info) => { + * console.log("CUSTOMIZED PROMPT CALLBACK", info.message); + * } + * }); + * ``` + * * @param options - Options for configuring the client which makes the authentication requests. */ constructor(options?: DeviceCodeCredentialOptions) { diff --git a/sdk/identity/identity/src/credentials/environmentCredential.browser.ts b/sdk/identity/identity/src/credentials/environmentCredential.browser.ts index 737c084eaef6..627fdeb28b07 100644 --- a/sdk/identity/identity/src/credentials/environmentCredential.browser.ts +++ b/sdk/identity/identity/src/credentials/environmentCredential.browser.ts @@ -10,7 +10,14 @@ const BrowserNotSupportedError = new Error( ); const logger = credentialLogger("EnvironmentCredential"); +/** + * Enables authentication to Azure Active Directory using client secret + * details configured in environment variables + */ export class EnvironmentCredential implements TokenCredential { + /** + * Only available in Node.js + */ constructor() { logger.info(formatError("", BrowserNotSupportedError)); throw BrowserNotSupportedError; diff --git a/sdk/identity/identity/src/credentials/environmentCredential.ts b/sdk/identity/identity/src/credentials/environmentCredential.ts index f6aee5963c89..605121126e68 100644 --- a/sdk/identity/identity/src/credentials/environmentCredential.ts +++ b/sdk/identity/identity/src/credentials/environmentCredential.ts @@ -41,23 +41,7 @@ export interface EnvironmentCredentialOptions /** * Enables authentication to Azure Active Directory using client secret - * details configured in the following environment variables: - * - * Required environment variables: - * - `AZURE_TENANT_ID`: The Azure Active Directory tenant (directory) ID. - * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant. - * - * Environment variables used for client credential authentication: - * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration. - * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret. - * - * Alternatively, users can provide environment variables for username and password authentication: - * - `AZURE_USERNAME`: Username to authenticate with. - * - `AZURE_PASSWORD`: Password to authenticate with. - * - * This credential ultimately uses a {@link ClientSecretCredential} to - * perform the authentication using these details. Please consult the - * documentation of that class for more details. + * details configured in environment variables */ export class EnvironmentCredential implements TokenCredential { private _credential?: diff --git a/sdk/identity/identity/src/credentials/interactiveBrowserCredential.browser.ts b/sdk/identity/identity/src/credentials/interactiveBrowserCredential.browser.ts index 3b5b4b1e18c0..b4f0b79ae14f 100644 --- a/sdk/identity/identity/src/credentials/interactiveBrowserCredential.browser.ts +++ b/sdk/identity/identity/src/credentials/interactiveBrowserCredential.browser.ts @@ -19,13 +19,6 @@ const logger = credentialLogger("InteractiveBrowserCredential"); /** * Enables authentication to Azure Active Directory inside of the web browser * using the interactive login flow. - * - * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow). - * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service. - * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started. - * - * It's recommended that the AAD Applications used are configured to authenticate using Single Page Applications. - * More information here: [link](https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow). */ export class InteractiveBrowserCredential implements TokenCredential { private msalFlow: MsalFlow; @@ -36,6 +29,13 @@ export class InteractiveBrowserCredential implements TokenCredential { * details needed to authenticate against Azure Active Directory with * a user identity. * + * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow). + * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service. + * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started. + * + * It's recommended that the AAD Applications used are configured to authenticate using Single Page Applications. + * More information here: [link](https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow). + * * @param options - Options for configuring the client which makes the authentication request. */ constructor( diff --git a/sdk/identity/identity/src/credentials/interactiveBrowserCredential.ts b/sdk/identity/identity/src/credentials/interactiveBrowserCredential.ts index 1991a1503316..12ea80bcab64 100644 --- a/sdk/identity/identity/src/credentials/interactiveBrowserCredential.ts +++ b/sdk/identity/identity/src/credentials/interactiveBrowserCredential.ts @@ -20,13 +20,6 @@ const logger = credentialLogger("InteractiveBrowserCredential"); /** * Enables authentication to Azure Active Directory inside of the web browser * using the interactive login flow. - * - * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow). - * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service. - * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started. - * - * For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a "Mobile and desktop applications" redirect endpoint. - * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris). */ export class InteractiveBrowserCredential implements TokenCredential { private msalFlow: MsalFlow; @@ -35,6 +28,13 @@ export class InteractiveBrowserCredential implements TokenCredential { /** * Creates an instance of InteractiveBrowserCredential with the details needed. * + * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow). + * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service. + * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started. + * + * For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a "Mobile and desktop applications" redirect endpoint. + * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris). + * * @param options - Options for configuring the client which makes the authentication requests. */ constructor( diff --git a/sdk/identity/identity/src/credentials/onBehalfOfCredential.browser.ts b/sdk/identity/identity/src/credentials/onBehalfOfCredential.browser.ts index 85f654626b74..fab29d0dc3ae 100644 --- a/sdk/identity/identity/src/credentials/onBehalfOfCredential.browser.ts +++ b/sdk/identity/identity/src/credentials/onBehalfOfCredential.browser.ts @@ -8,7 +8,13 @@ const credentialName = "OnBehalfOfCredential"; const BrowserNotSupportedError = new Error(`${credentialName}: Not supported in the browser.`); const logger = credentialLogger(credentialName); +/** + * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow). + */ export class OnBehalfOfCredential implements TokenCredential { + /** + * Only available in Node.js + */ constructor() { logger.info(formatError("", BrowserNotSupportedError)); throw BrowserNotSupportedError; diff --git a/sdk/identity/identity/src/credentials/usernamePasswordCredential.ts b/sdk/identity/identity/src/credentials/usernamePasswordCredential.ts index 08061c03b9de..6cf85eab6638 100644 --- a/sdk/identity/identity/src/credentials/usernamePasswordCredential.ts +++ b/sdk/identity/identity/src/credentials/usernamePasswordCredential.ts @@ -17,8 +17,6 @@ const logger = credentialLogger("UsernamePasswordCredential"); * trust so you should only use it when other, more secure credential * types can't be used. */ -// We'll be using InteractiveCredential as the base of this class, which requires us to support authenticate(), -// to reduce the number of times we send the password over the network. export class UsernamePasswordCredential implements TokenCredential { private msalFlow: MsalFlow; diff --git a/sdk/identity/identity/src/credentials/visualStudioCodeCredential.browser.ts b/sdk/identity/identity/src/credentials/visualStudioCodeCredential.browser.ts index 2dc8ee3e51d3..f8eeec48dfc3 100644 --- a/sdk/identity/identity/src/credentials/visualStudioCodeCredential.browser.ts +++ b/sdk/identity/identity/src/credentials/visualStudioCodeCredential.browser.ts @@ -18,7 +18,13 @@ export const vsCodeCredentialControl = { } }; +/** + * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'. + */ export class VisualStudioCodeCredential implements TokenCredential { + /** + * Only available in Node.js + */ constructor() { logger.info(formatError("", BrowserNotSupportedError)); throw BrowserNotSupportedError; diff --git a/sdk/identity/identity/src/credentials/visualStudioCodeCredential.ts b/sdk/identity/identity/src/credentials/visualStudioCodeCredential.ts index 574f822c2962..48f33dfaee76 100644 --- a/sdk/identity/identity/src/credentials/visualStudioCodeCredential.ts +++ b/sdk/identity/identity/src/credentials/visualStudioCodeCredential.ts @@ -95,7 +95,7 @@ export interface VisualStudioCodeCredentialOptions extends TokenCredentialOption } /** - * Connect to Azure using the credential provided by the VSCode extension 'Azure Account'. + * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'. * Once the user has logged in via the extension, this credential can share the same refresh token * that is cached by the extension. */ diff --git a/sdk/identity/identity/src/msal/nodeFlows/msalAuthorizationCode.ts b/sdk/identity/identity/src/msal/nodeFlows/msalAuthorizationCode.ts index fa19e7df2382..a0630b566fca 100644 --- a/sdk/identity/identity/src/msal/nodeFlows/msalAuthorizationCode.ts +++ b/sdk/identity/identity/src/msal/nodeFlows/msalAuthorizationCode.ts @@ -27,7 +27,7 @@ export class MsalAuthorizationCode extends MsalNode { constructor(options: MSALAuthorizationCodeOptions) { super(options); - this.logger = credentialLogger("NodeJS MSAL Authorization Code"); + this.logger = credentialLogger("Node.js MSAL Authorization Code"); this.redirectUri = options.redirectUri; this.authorizationCode = options.authorizationCode; if (options.clientSecret) { diff --git a/sdk/identity/identity/test/internal/node/azureCliCredential.spec.ts b/sdk/identity/identity/test/internal/node/azureCliCredential.spec.ts index f4e77b5f6ebf..2416c0070487 100644 --- a/sdk/identity/identity/test/internal/node/azureCliCredential.spec.ts +++ b/sdk/identity/identity/test/internal/node/azureCliCredential.spec.ts @@ -1,29 +1,30 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT license. +import child_process from "child_process"; import { assert } from "chai"; import Sinon, { createSandbox } from "sinon"; -import { - AzureCliCredential, - cliCredentialInternals -} from "../../../src/credentials/azureCliCredential"; +import { AzureCliCredential } from "../../../src/credentials/azureCliCredential"; describe("AzureCliCredential (internal)", function() { let sandbox: Sinon.SinonSandbox | undefined; let stdout: string = ""; let stderr: string = ""; + let azParams: string[][] = []; beforeEach(async function() { sandbox = createSandbox(); - sandbox - .stub(cliCredentialInternals, "getAzureCliAccessToken") - .callsFake(async function( - _resource: string - ): Promise<{ stdout: string; stderr: string; error: Error | null }> { - return new Promise((resolve) => { - resolve({ stdout, stderr, error: null }); - }); - }); + azParams = []; + sandbox.stub(child_process, "execFile").callsFake( + (_file, args, _options, callback): child_process.ChildProcess => { + azParams.push(args as string[]); + if (callback) { + callback(null, stdout, stderr); + } + // Bypassing the type check. We don't use this return value in our code. + return {} as child_process.ChildProcess; + } + ); }); afterEach(async function() { @@ -36,6 +37,31 @@ describe("AzureCliCredential (internal)", function() { const credential = new AzureCliCredential(); const actualToken = await credential.getToken("https://service/.default"); assert.equal(actualToken!.token, "token"); + assert.deepEqual(azParams, [ + ["account", "get-access-token", "--output", "json", "--resource", "https://service"] + ]); + }); + + it("get access token with custom tenantId without error", async function() { + stdout = '{"accessToken": "token","expiresOn": "01/01/1900 00:00:00 +00:00"}'; + stderr = ""; + const credential = new AzureCliCredential({ + tenantId: "tenantId" + }); + const actualToken = await credential.getToken("https://service/.default"); + assert.equal(actualToken!.token, "token"); + assert.deepEqual(azParams, [ + [ + "account", + "get-access-token", + "--output", + "json", + "--resource", + "https://service", + "--tenant", + "tenantId" + ] + ]); }); it("get access token when azure cli not installed", async () => {