diff --git a/sdk/identity/Azure.Identity/CHANGELOG.md b/sdk/identity/Azure.Identity/CHANGELOG.md index 9bf9e2addcf1..38f93222ce70 100644 --- a/sdk/identity/Azure.Identity/CHANGELOG.md +++ b/sdk/identity/Azure.Identity/CHANGELOG.md @@ -9,6 +9,8 @@ ### Bugs Fixed +- ManagedIdentityCredential will no longer attempt to parse invalid json payloads on responses from the managed identity endpoint. + ### Other Changes ## 1.10.0-beta.1 (2023-07-17) diff --git a/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs b/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs index 56fc2f926308..4d97adc0015a 100644 --- a/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs +++ b/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs @@ -83,12 +83,19 @@ internal static async Task GetMessageFromResponse(Response response, boo { return null; } - response.ContentStream.Position = 0; - using JsonDocument json = async - ? await JsonDocument.ParseAsync(response.ContentStream, default, cancellationToken).ConfigureAwait(false) - : JsonDocument.Parse(response.ContentStream); + try + { + response.ContentStream.Position = 0; + using JsonDocument json = async + ? await JsonDocument.ParseAsync(response.ContentStream, default, cancellationToken).ConfigureAwait(false) + : JsonDocument.Parse(response.ContentStream); - return GetMessageFromResponse(json.RootElement); + return GetMessageFromResponse(json.RootElement); + } + catch // parsing failed + { + return "Response was not in a valid json format."; + } } protected static string GetMessageFromResponse(in JsonElement root) diff --git a/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs b/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs index 412462cc8583..fccd6d426c45 100644 --- a/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs @@ -277,6 +277,24 @@ public void VerifyImdsRequestFailurePopulatesExceptionMessage() Assert.That(ex.Message, Does.Contain(expectedMessage)); } + [NonParallelizable] + [Test] + public void VerifyImdsRequestFailureWithInvalidJsonPopulatesExceptionMessage() + { + using var environment = new TestEnvVar(new() { { "MSI_ENDPOINT", null }, { "MSI_SECRET", null }, { "IDENTITY_ENDPOINT", null }, { "IDENTITY_HEADER", null }, { "AZURE_POD_IDENTITY_AUTHORITY_HOST", null } }); + + var expectedMessage = "Response was not in a valid json format."; + var response = CreateInvalidJsonResponse(502); + var mockTransport = new MockTransport(response); + var options = new TokenCredentialOptions() { Transport = mockTransport }; + var pipeline = CredentialPipeline.GetInstance(options); + + ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential("mock-client-id", pipeline)); + + var ex = Assert.ThrowsAsync(async () => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default))); + Assert.That(ex.Message, Does.Contain(expectedMessage)); + } + [NonParallelizable] [Test] [TestCase(400, ImdsManagedIdentitySource.IdentityUnavailableError)]