Skip to content

Add ConfigurableCredential test coverage for all credential types#56236

Merged
m-nash merged 1 commit intomainfrom
feature/workload-identity-configurable-credential-tests
Feb 12, 2026
Merged

Add ConfigurableCredential test coverage for all credential types#56236
m-nash merged 1 commit intomainfrom
feature/workload-identity-configurable-credential-tests

Conversation

@m-nash
Copy link
Member

@m-nash m-nash commented Feb 12, 2026

Resolves #55501

What this PR does

Adds comprehensive test coverage for creating Azure Identity credentials via IConfiguration and the internal ConfigurableCredential class, ensuring both direct instantiation and configuration-based creation paths produce identical behavior.

Changes

Source (2 files):

  • DefaultAzureCredentialOptions.cs — Added internal \IsAzureProxyEnabled\ property with IConfig reading and Clone support
  • DefaultAzureCredentialFactory.cs — Copies \IsAzureProxyEnabled\ to WIC options

Test infrastructure (3 files modified):

  • \WorkloadIdentityCredentialTests.cs\ — Added virtual factory methods for credential creation
  • \CredentialTestHelpers.cs\ — \GetMsalClientType\ unwraps \ConfigurableCredential\
  • \ConfigurableCredentialTestHelper.cs\ — Castle proxy unwrap, public config mapping, transport support

New test files (9 files):

  • \CredentialCreationTestBase\ — Shared base with \ReadProperty/\ReadField\ reflection helpers
  • Configurable \WorkloadIdentityCredentialTests\ — Credential creation via IConfiguration (54 pass, 2 skipped — matches base class)
  • 7 creation test classes validating option priority (IConfig > env var > default):
    Credential Tests Properties Covered
    WorkloadIdentity 19 TenantId, ClientId, TokenFilePath, AuthorityHost, DisableInstanceDiscovery, IsUnsafeSupportLoggingEnabled, AdditionallyAllowedTenants, IsAzureProxyEnabled
    AzureCli 15 TenantId, Subscription, ProcessTimeout, AdditionallyAllowedTenants, IsUnsafeSupportLoggingEnabled
    AzurePowerShell 12 TenantId, ProcessTimeout, AdditionallyAllowedTenants, IsUnsafeSupportLoggingEnabled
    AzureDeveloperCli 12 TenantId, ProcessTimeout, AdditionallyAllowedTenants, IsUnsafeSupportLoggingEnabled
    VisualStudio 12 TenantId, ProcessTimeout, AdditionallyAllowedTenants, IsUnsafeSupportLoggingEnabled
    VisualStudioCode 12 TenantId, AdditionallyAllowedTenants, AuthorityHost, IsUnsafeSupportLoggingEnabled
    Environment 15 TenantId, ClientId, AuthorityHost, DisableInstanceDiscovery, IsUnsafeSupportLoggingEnabled, AdditionallyAllowedTenants

Total: 92 creation tests + 56 configurable WIC tests, all passing

@m-nash
Add ConfigurableCredential test coverage for all credential types
3d10f4a 
Resolves #55501

- Add configurable WorkloadIdentityCredential tests that create credentials
  via IConfiguration and ConfigurableCredential instead of direct instantiation
- Add creation tests for all 7 credential types validating option priority:
  IConfiguration > environment variable > default
- Plumb IsAzureProxyEnabled through DefaultAzureCredentialOptions for WIC
  proxy support
- Add shared CredentialCreationTestBase<T> with reflection helpers
- Simplify helper by exposing config mapping and transport support
@m-nash m-nash requested review from a team, JonathanCrd and christothes as code owners February 12, 2026 22:54
Copilot AI reviewed Feb 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR expands Azure.Identity’s test suite to validate that all supported credential types can be created via IConfiguration (through the internal ConfigurableCredential path) with the same effective option behavior as direct instantiation—especially around option precedence (config > env vars > defaults) and Workload Identity’s Azure proxy opt-in.

Changes:

  • Added internal IsAzureProxyEnabled plumbing from IConfiguration into DefaultAzureCredentialOptions, with clone support and factory propagation into WorkloadIdentityCredentialOptions.
  • Refactored the existing WorkloadIdentityCredentialTests to introduce overridable factory methods, enabling a configurable-test variant to reuse the same base assertions.
  • Introduced a shared CredentialCreationTestBase<T> plus multiple new “creation/priority” test classes under tests/ConfigurableCredentials/ to validate configuration mapping and precedence for each credential type.

Reviewed changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated no comments.

Show a summary per file
File Description
sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs Reads IsAzureProxyEnabled from config and preserves it during cloning for config-based credential creation.
sdk/identity/Azure.Identity/src/DefaultAzureCredentialFactory.cs Propagates IsAzureProxyEnabled into WorkloadIdentityCredentialOptions when creating a WIC via DAC/config path.
sdk/identity/Azure.Identity/tests/WorkloadIdentityCredentialTests.cs Adds virtual factory methods and exposes temp-file helper to enable reuse by configurable credential tests.
sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs Updates MSAL-client-type detection to unwrap ConfigurableCredential so shared MSAL-oriented base tests work with configurable credentials.
sdk/identity/Azure.Identity/tests/ConfigurableCredentials/ConfigurableCredentialTestHelper.cs Adds Castle proxy unwrapping and transport injection support for configurable credential tests.
sdk/identity/Azure.Identity/tests/ConfigurableCredentials/CredentialCreationTestBase.cs New shared base for config-driven credential creation + reflection helpers used by option-precedence tests.
sdk/identity/Azure.Identity/tests/ConfigurableCredentials/WorkloadIdentityCredentialTests.cs New configurable variant of the WIC test suite that creates credentials via IConfiguration.
sdk/identity/Azure.Identity/tests/ConfigurableCredentials/WorkloadIdentityCredentialCreationTests.cs New option precedence and mapping tests for WorkloadIdentityCredentialOptions (including Azure proxy behavior).
sdk/identity/Azure.Identity/tests/ConfigurableCredentials/AzureCliCredentialCreationTests.cs New option precedence tests for Azure CLI credential creation via config.
sdk/identity/Azure.Identity/tests/ConfigurableCredentials/AzurePowerShellCredentialCreationTests.cs New option precedence tests for Azure PowerShell credential creation via config.
sdk/identity/Azure.Identity/tests/ConfigurableCredentials/AzureDeveloperCliCredentialCreationTests.cs New option precedence tests for Azure Developer CLI credential creation via config.
sdk/identity/Azure.Identity/tests/ConfigurableCredentials/VisualStudioCredentialCreationTests.cs New option precedence tests for Visual Studio credential creation via config.
sdk/identity/Azure.Identity/tests/ConfigurableCredentials/VisualStudioCodeCredentialCreationTests.cs New option precedence tests for Visual Studio Code credential creation via config.
sdk/identity/Azure.Identity/tests/ConfigurableCredentials/EnvironmentCredentialCreationTests.cs New option precedence tests for Environment credential creation via config (authority host, tenants, etc.).

@m-nash
Copy link
Member Author

m-nash commented Feb 12, 2026

/check-enforcer override

@m-nash m-nash merged commit 53ae365 into main Feb 12, 2026
36 of 37 checks passed
@m-nash m-nash deleted the feature/workload-identity-configurable-credential-tests branch February 12, 2026 23:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jsquire jsquire jsquire approved these changes

@christothes christothes Awaiting requested review from christothes christothes is a code owner

@JonathanCrd JonathanCrd Awaiting requested review from JonathanCrd JonathanCrd is a code owner

@joshfree joshfree Awaiting requested review from joshfree joshfree is a code owner automatically assigned from Azure/azure-sdk-write-identity

@pvaneck pvaneck Awaiting requested review from pvaneck pvaneck is a code owner automatically assigned from Azure/azure-sdk-write-identity

@KarishmaGhiya KarishmaGhiya Awaiting requested review from KarishmaGhiya KarishmaGhiya is a code owner automatically assigned from Azure/azure-sdk-write-identity

@anannya03 anannya03 Awaiting requested review from anannya03 anannya03 is a code owner automatically assigned from Azure/azure-sdk-write-identity

@minhanh-phan minhanh-phan Awaiting requested review from minhanh-phan minhanh-phan is a code owner automatically assigned from Azure/azure-sdk-write-identity

Assignees

No one assigned

Labels

Azure.Identity

Projects

Azure Identity SDK Improvements
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Azure.Identity: Add WorkloadIdentityCredential Support

3 participants

@m-nash @jsquire