From b6fc02f13f27a9e8a62fec46c2052dff170e9a70 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 12 Oct 2020 16:39:44 -0700 Subject: [PATCH 01/11] revise docstrings --- .../azure-identity/azure/identity/_credentials/browser.py | 7 ------- .../azure/identity/_credentials/certificate.py | 4 ---- .../azure/identity/_credentials/client_secret.py | 4 ---- .../azure/identity/_credentials/device_code.py | 7 ------- .../azure/identity/_credentials/shared_cache.py | 4 ---- .../azure/identity/_credentials/user_password.py | 4 ---- .../azure/identity/aio/_credentials/client_secret.py | 4 ---- .../azure/identity/aio/_credentials/shared_cache.py | 2 -- 8 files changed, 36 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/browser.py b/sdk/identity/azure-identity/azure/identity/_credentials/browser.py index 97d4104d41b2..5649acd008a1 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/browser.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/browser.py @@ -40,13 +40,6 @@ class InteractiveBrowserCredential(InteractiveCredential): Active Directory, for example "http://localhost:8400". This is only required when passing a value for `client_id`, and must match a redirect URI in the application's registration. The credential must be able to bind a socket to this URI. - :keyword AuthenticationRecord authentication_record: :class:`AuthenticationRecord` returned by :func:`authenticate` - :keyword bool disable_automatic_authentication: if True, :func:`get_token` will raise - :class:`AuthenticationRequiredError` when user interaction is required to acquire a token. Defaults to False. - :keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache shared by - other user credentials. Defaults to False. - :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache on platforms - where encryption is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False. :keyword int timeout: seconds to wait for the user to complete authentication. Defaults to 300 (5 minutes). """ diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py index 49fc06ee0f67..520f3e2a6cc5 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py @@ -33,10 +33,6 @@ class CertificateCredential(ClientCredentialBase): :keyword bool send_certificate_chain: if True, the credential will send the public certificate chain in the x5c header of each token request's JWT. This is required for Subject Name/Issuer (SNI) authentication. Defaults to False. - :keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache. Defaults to - False. - :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption - is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False. """ def __init__(self, tenant_id, client_id, certificate_path, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py index 311a6f1ef3e8..c6a871f92ca9 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py @@ -21,10 +21,6 @@ class ClientSecretCredential(ClientCredentialBase): :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com', the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts` defines authorities for other clouds. - :keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache. Defaults to - False. - :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption - is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False. """ def __init__(self, tenant_id, client_id, client_secret, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/device_code.py b/sdk/identity/azure-identity/azure/identity/_credentials/device_code.py index 8ac86bb9c0d8..7bd4644718b3 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/device_code.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/device_code.py @@ -48,13 +48,6 @@ class DeviceCodeCredential(InteractiveCredential): - ``expires_on`` (datetime.datetime) the UTC time at which the code will expire If this argument isn't provided, the credential will print instructions to stdout. :paramtype prompt_callback: Callable[str, str, ~datetime.datetime] - :keyword AuthenticationRecord authentication_record: :class:`AuthenticationRecord` returned by :func:`authenticate` - :keyword bool disable_automatic_authentication: if True, :func:`get_token` will raise - :class:`AuthenticationRequiredError` when user interaction is required to acquire a token. Defaults to False. - :keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache shared by - other user credentials. Defaults to False. - :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache on platforms - where encryption is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False. """ def __init__(self, client_id=DEVELOPER_SIGN_ON_CLIENT_ID, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py b/sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py index e36a4c1edffe..c75976dcdd35 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py @@ -40,10 +40,6 @@ class SharedTokenCacheCredential(SharedTokenCacheBase): defines authorities for other clouds. :keyword str tenant_id: an Azure Active Directory tenant ID. Used to select an account when the cache contains tokens for multiple identities. - :keyword AuthenticationRecord authentication_record: an authentication record returned by a user credential such as - :class:`DeviceCodeCredential` or :class:`InteractiveBrowserCredential` - :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption - is unavailable. Defaults to False. """ def __init__(self, username=None, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/user_password.py b/sdk/identity/azure-identity/azure/identity/_credentials/user_password.py index 1c6c1b3561d6..fa9448aa1bac 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/user_password.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/user_password.py @@ -33,10 +33,6 @@ class UsernamePasswordCredential(InteractiveCredential): defines authorities for other clouds. :keyword str tenant_id: tenant ID or a domain associated with a tenant. If not provided, defaults to the 'organizations' tenant, which supports only Azure Active Directory work or school accounts. - :keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache shared by - other user credentials. Defaults to False. - :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache on platforms - where encryption is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False. """ def __init__(self, client_id, username, password, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py index b83ac21dba5b..6ad7d3ec2972 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py @@ -23,10 +23,6 @@ class ClientSecretCredential(AsyncContextManager, ClientSecretCredentialBase): :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com', the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts` defines authorities for other clouds. - :keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache. Defaults to - False. - :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption - is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False. """ async def __aenter__(self): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/shared_cache.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/shared_cache.py index a34d56042970..86fc662801a2 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/shared_cache.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/shared_cache.py @@ -29,8 +29,6 @@ class SharedTokenCacheCredential(SharedTokenCacheBase, AsyncContextManager): defines authorities for other clouds. :keyword str tenant_id: an Azure Active Directory tenant ID. Used to select an account when the cache contains tokens for multiple identities. - :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption - is unavailable. Defaults to False. """ async def __aenter__(self): From 6b3cbc9186925b685b90ee58a78ab6ec41c27a4c Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 12 Oct 2020 16:42:43 -0700 Subject: [PATCH 02/11] authentication_record -> _authentication_record --- .../identity/_credentials/shared_cache.py | 2 +- .../identity/_credentials/user_password.py | 2 +- .../azure/identity/_internal/interactive.py | 2 +- .../samples/user_authentication.py | 2 +- .../tests/test_interactive_credential.py | 8 ++++---- .../tests/test_shared_cache_credential.py | 18 +++++++++--------- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py b/sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py index c75976dcdd35..b4270b675399 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py @@ -45,7 +45,7 @@ class SharedTokenCacheCredential(SharedTokenCacheBase): def __init__(self, username=None, **kwargs): # type: (Optional[str], **Any) -> None - self._auth_record = kwargs.pop("authentication_record", None) # type: Optional[AuthenticationRecord] + self._auth_record = kwargs.pop("_authentication_record", None) # type: Optional[AuthenticationRecord] if self._auth_record: # authenticate in the tenant that produced the record unless "tenant_id" specifies another self._tenant_id = kwargs.pop("tenant_id", None) or self._auth_record.tenant_id diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/user_password.py b/sdk/identity/azure-identity/azure/identity/_credentials/user_password.py index fa9448aa1bac..a5636855a6e1 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/user_password.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/user_password.py @@ -42,7 +42,7 @@ def __init__(self, client_id, username, password, **kwargs): # first time it's asked for a token. However, we want to ensure this first authentication is not silent, to # validate the given password. This class therefore doesn't document the authentication_record argument, and we # discard it here. - kwargs.pop("authentication_record", None) + kwargs.pop("_authentication_record", None) super(UsernamePasswordCredential, self).__init__(client_id=client_id, **kwargs) self._username = username self._password = password diff --git a/sdk/identity/azure-identity/azure/identity/_internal/interactive.py b/sdk/identity/azure-identity/azure/identity/_internal/interactive.py index 333a884e80e4..49497d3fd4b6 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/interactive.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/interactive.py @@ -83,7 +83,7 @@ def _build_auth_record(response): class InteractiveCredential(MsalCredential): def __init__(self, **kwargs): self._disable_automatic_authentication = kwargs.pop("disable_automatic_authentication", False) - self._auth_record = kwargs.pop("authentication_record", None) # type: Optional[AuthenticationRecord] + self._auth_record = kwargs.pop("_authentication_record", None) # type: Optional[AuthenticationRecord] if self._auth_record: kwargs.pop("client_id", None) # authentication_record overrides client_id argument tenant_id = kwargs.pop("tenant_id", None) or self._auth_record.tenant_id diff --git a/sdk/identity/azure-identity/samples/user_authentication.py b/sdk/identity/azure-identity/samples/user_authentication.py index 2c21c2a44973..31fb53c2b3e6 100644 --- a/sdk/identity/azure-identity/samples/user_authentication.py +++ b/sdk/identity/azure-identity/samples/user_authentication.py @@ -36,7 +36,7 @@ # credentials to access data from past authentications. If the cache contains sufficient data, # this eliminates the need for your application to prompt for authentication every time it runs. deserialized_record = AuthenticationRecord.deserialize(record_json) -new_credential = InteractiveBrowserCredential(enable_persistent_cache=True, authentication_record=deserialized_record) +new_credential = InteractiveBrowserCredential(enable_persistent_cache=True, _authentication_record=deserialized_record) # This request should also succeed without prompting for authentication. client = SecretClient(VAULT_URL, new_credential) diff --git a/sdk/identity/azure-identity/tests/test_interactive_credential.py b/sdk/identity/azure-identity/tests/test_interactive_credential.py index a708b7c2c9fc..bddab8180088 100644 --- a/sdk/identity/azure-identity/tests/test_interactive_credential.py +++ b/sdk/identity/azure-identity/tests/test_interactive_credential.py @@ -81,7 +81,7 @@ def validate_app_parameters(authority, client_id, **_): app_factory = Mock(wraps=validate_app_parameters) credential = MockCredential( - authentication_record=record, disable_automatic_authentication=True, msal_app_factory=app_factory, + _authentication_record=record, disable_automatic_authentication=True, msal_app_factory=app_factory, ) with pytest.raises(AuthenticationRequiredError): credential.get_token("scope") @@ -104,7 +104,7 @@ def validate_authority(authority, **_): return Mock(get_accounts=Mock(return_value=[])) credential = MockCredential( - authentication_record=record, + _authentication_record=record, tenant_id=expected_tenant, disable_automatic_authentication=True, msal_app_factory=validate_authority, @@ -124,7 +124,7 @@ def test_disable_automatic_authentication(): ) credential = MockCredential( - authentication_record=record, + _authentication_record=record, disable_automatic_authentication=True, msal_app_factory=lambda *_, **__: msal_app, request_token=Mock(side_effect=Exception("credential shouldn't begin interactive authentication")), @@ -207,7 +207,7 @@ class CustomException(Exception): acquire_token_silent_with_error=Mock(side_effect=CustomException(expected_message)), get_accounts=Mock(return_value=[{"home_account_id": record.home_account_id}]), ) - credential = MockCredential(msal_app_factory=lambda *_, **__: msal_app, authentication_record=record) + credential = MockCredential(msal_app_factory=lambda *_, **__: msal_app, _authentication_record=record) with pytest.raises(ClientAuthenticationError) as ex: credential.get_token("scope") diff --git a/sdk/identity/azure-identity/tests/test_shared_cache_credential.py b/sdk/identity/azure-identity/tests/test_shared_cache_credential.py index 9634fe8dced6..6ddd4fcc75b6 100644 --- a/sdk/identity/azure-identity/tests/test_shared_cache_credential.py +++ b/sdk/identity/azure-identity/tests/test_shared_cache_credential.py @@ -45,16 +45,16 @@ def test_tenant_id_validation(): valid_ids = {"c878a2ab-8ef4-413b-83a0-199afb84d7fb", "contoso.onmicrosoft.com", "organizations", "common"} for tenant in valid_ids: record = AuthenticationRecord(tenant, "client-id", "authority", "home.account.id", "username") - SharedTokenCacheCredential(authentication_record=record) - SharedTokenCacheCredential(authentication_record=record, tenant_id=tenant) + SharedTokenCacheCredential(_authentication_record=record) + SharedTokenCacheCredential(_authentication_record=record, tenant_id=tenant) invalid_ids = {"", "my tenant", "my_tenant", "/", "\\", '"my-tenant"', "'my-tenant'"} for tenant in invalid_ids: record = AuthenticationRecord(tenant, "client-id", "authority", "home.account.id", "username") with pytest.raises(ValueError): - SharedTokenCacheCredential(authentication_record=record) + SharedTokenCacheCredential(_authentication_record=record) with pytest.raises(ValueError): - SharedTokenCacheCredential(authentication_record=record, tenant_id=tenant) + SharedTokenCacheCredential(_authentication_record=record, tenant_id=tenant) def test_supported(): @@ -546,7 +546,7 @@ def send(request, **_): return get_discovery_response() credential = SharedTokenCacheCredential( - authentication_record=record, transport=Mock(send=send), _cache=TokenCache() + _authentication_record=record, transport=Mock(send=send), _cache=TokenCache() ) with pytest.raises(CredentialUnavailableError): @@ -572,7 +572,7 @@ def send(request, **_): "not-" + username, "not-" + object_id, "different-" + tenant_id, client_id="not-" + client_id, ), ) - credential = SharedTokenCacheCredential(authentication_record=record, transport=Mock(send=send), _cache=cache) + credential = SharedTokenCacheCredential(_authentication_record=record, transport=Mock(send=send), _cache=cache) with pytest.raises(CredentialUnavailableError): credential.get_token("scope") @@ -599,7 +599,7 @@ def test_authentication_record(): requests=[Request(authority=authority, required_data={"refresh_token": expected_refresh_token})], responses=[mock_response(json_payload=build_aad_response(access_token=expected_access_token))], ) - credential = SharedTokenCacheCredential(authentication_record=record, transport=transport, _cache=cache) + credential = SharedTokenCacheCredential(_authentication_record=record, transport=transport, _cache=cache) token = credential.get_token("scope") assert token.token == expected_access_token @@ -636,7 +636,7 @@ def test_auth_record_multiple_accounts_for_username(): requests=[Request(authority=authority, required_data={"refresh_token": expected_refresh_token})], responses=[mock_response(json_payload=build_aad_response(access_token=expected_access_token))], ) - credential = SharedTokenCacheCredential(authentication_record=record, transport=transport, _cache=cache) + credential = SharedTokenCacheCredential(_authentication_record=record, transport=transport, _cache=cache) token = credential.get_token("scope") assert token.token == expected_access_token @@ -792,7 +792,7 @@ def mock_send(request, **_): transport = Mock(send=Mock(wraps=mock_send)) credential = SharedTokenCacheCredential( - authentication_record=record, _cache=TokenCache(), tenant_id=expected_tenant_id, transport=transport + _authentication_record=record, _cache=TokenCache(), tenant_id=expected_tenant_id, transport=transport ) with pytest.raises(CredentialUnavailableError): credential.get_token("scope") # this raises because the cache is empty From 6ff154f8cf483c3eced78a242a695c49878ffc12 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 12 Oct 2020 16:44:14 -0700 Subject: [PATCH 03/11] allow_unencrypted_cache -> _allow_unencrypted_cache --- .../identity/_internal/certificate_credential_base.py | 2 +- .../azure/identity/_internal/client_credential_base.py | 2 +- .../identity/_internal/client_secret_credential_base.py | 2 +- .../azure/identity/_internal/msal_credentials.py | 2 +- .../azure/identity/_internal/shared_token_cache.py | 2 +- .../azure-identity/tests/test_certificate_credential.py | 8 ++++---- .../tests/test_certificate_credential_async.py | 8 ++++---- .../azure-identity/tests/test_client_secret_credential.py | 8 ++++---- .../tests/test_client_secret_credential_async.py | 8 ++++---- .../azure-identity/tests/test_interactive_credential.py | 8 ++++---- .../azure-identity/tests/test_shared_cache_credential.py | 4 ++-- .../tests/test_shared_cache_credential_async.py | 4 ++-- 12 files changed, 29 insertions(+), 29 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py index 32524d3d5682..806b2878528c 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py @@ -48,7 +48,7 @@ def __init__(self, tenant_id, client_id, certificate_path, **kwargs): enable_persistent_cache = kwargs.pop("enable_persistent_cache", False) if enable_persistent_cache: - allow_unencrypted = kwargs.pop("allow_unencrypted_cache", False) + allow_unencrypted = kwargs.pop("_allow_unencrypted_cache", False) cache = load_service_principal_cache(allow_unencrypted) else: cache = TokenCache() diff --git a/sdk/identity/azure-identity/azure/identity/_internal/client_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/client_credential_base.py index 68fc0df801ea..c468de12144c 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/client_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/client_credential_base.py @@ -24,7 +24,7 @@ class ClientCredentialBase(MsalCredential, GetTokenMixin): def __init__(self, **kwargs): if kwargs.pop("enable_persistent_cache", False): - allow_unencrypted = kwargs.pop("allow_unencrypted_cache", False) + allow_unencrypted = kwargs.pop("_allow_unencrypted_cache", False) cache = load_service_principal_cache(allow_unencrypted) else: cache = msal.TokenCache() diff --git a/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py index 204b9a52ee51..bfa4b0e268b2 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py @@ -35,7 +35,7 @@ def __init__(self, tenant_id, client_id, client_secret, **kwargs): enable_persistent_cache = kwargs.pop("enable_persistent_cache", False) if enable_persistent_cache: - allow_unencrypted = kwargs.pop("allow_unencrypted_cache", False) + allow_unencrypted = kwargs.pop("_allow_unencrypted_cache", False) cache = load_service_principal_cache(allow_unencrypted) else: cache = TokenCache() diff --git a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py index bb8437453031..cc37e1a080f8 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py @@ -41,7 +41,7 @@ def __init__(self, client_id, client_credential=None, **kwargs): self._cache = kwargs.pop("_cache", None) # internal, for use in tests if not self._cache: if kwargs.pop("enable_persistent_cache", False): - allow_unencrypted = kwargs.pop("allow_unencrypted_cache", False) + allow_unencrypted = kwargs.pop("_allow_unencrypted_cache", False) self._cache = load_user_cache(allow_unencrypted) else: self._cache = msal.TokenCache() diff --git a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py index 11d42936cd57..29919ca69ef1 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py @@ -112,7 +112,7 @@ def _initialize(self): def _load_cache(self): if not self._cache and self.supported(): - allow_unencrypted = self._client_kwargs.get("allow_unencrypted_cache", False) + allow_unencrypted = self._client_kwargs.get("_allow_unencrypted_cache", False) try: self._cache = load_user_cache(allow_unencrypted) except Exception: # pylint:disable=broad-except diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential.py b/sdk/identity/azure-identity/tests/test_certificate_credential.py index d8562fd36094..428b71c1d6d2 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential.py @@ -208,7 +208,7 @@ def test_enable_persistent_cache(cert_path, cert_password): CertificateCredential(*required_arguments, password=cert_password) # allowing an unencrypted cache doesn't count as opting in to the persistent cache - CertificateCredential(*required_arguments, password=cert_password, allow_unencrypted_cache=True) + CertificateCredential(*required_arguments, password=cert_password, _allow_unencrypted_cache=True) # keyword argument opts in to persistent cache with patch(persistent_cache + ".msal_extensions") as mock_extensions: @@ -221,7 +221,7 @@ def test_enable_persistent_cache(cert_path, cert_password): CertificateCredential(*required_arguments, password=cert_password, enable_persistent_cache=True) with pytest.raises(NotImplementedError): CertificateCredential( - *required_arguments, password=cert_password, enable_persistent_cache=True, allow_unencrypted_cache=True + *required_arguments, password=cert_password, enable_persistent_cache=True, _allow_unencrypted_cache=True ) @@ -238,7 +238,7 @@ def test_persistent_cache_linux(mock_extensions, cert_path, cert_password): # the credential should prefer an encrypted cache even when the user allows an unencrypted one CertificateCredential( - *required_arguments, password=cert_password, enable_persistent_cache=True, allow_unencrypted_cache=True + *required_arguments, password=cert_password, enable_persistent_cache=True, _allow_unencrypted_cache=True ) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -251,7 +251,7 @@ def test_persistent_cache_linux(mock_extensions, cert_path, cert_password): CertificateCredential(*required_arguments, password=cert_password, enable_persistent_cache=True) CertificateCredential( - *required_arguments, password=cert_password, enable_persistent_cache=True, allow_unencrypted_cache=True + *required_arguments, password=cert_password, enable_persistent_cache=True, _allow_unencrypted_cache=True ) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py index 973994be2b9c..2fc67180e74e 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py @@ -162,7 +162,7 @@ def test_enable_persistent_cache(cert_path, cert_password): CertificateCredential(*required_arguments, password=cert_password) # allowing an unencrypted cache doesn't count as opting in to the persistent cache - CertificateCredential(*required_arguments, password=cert_password, allow_unencrypted_cache=True) + CertificateCredential(*required_arguments, password=cert_password, _allow_unencrypted_cache=True) # keyword argument opts in to persistent cache with patch(persistent_cache + ".msal_extensions") as mock_extensions: @@ -175,7 +175,7 @@ def test_enable_persistent_cache(cert_path, cert_password): CertificateCredential(*required_arguments, password=cert_password, enable_persistent_cache=True) with pytest.raises(NotImplementedError): CertificateCredential( - *required_arguments, password=cert_password, enable_persistent_cache=True, allow_unencrypted_cache=True + *required_arguments, password=cert_password, enable_persistent_cache=True, _allow_unencrypted_cache=True ) @@ -192,7 +192,7 @@ def test_persistent_cache_linux(mock_extensions, cert_path, cert_password): # the credential should prefer an encrypted cache even when the user allows an unencrypted one CertificateCredential( - *required_arguments, password=cert_password, enable_persistent_cache=True, allow_unencrypted_cache=True + *required_arguments, password=cert_password, enable_persistent_cache=True, _allow_unencrypted_cache=True ) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -205,7 +205,7 @@ def test_persistent_cache_linux(mock_extensions, cert_path, cert_password): CertificateCredential(*required_arguments, password=cert_password, enable_persistent_cache=True) CertificateCredential( - *required_arguments, password=cert_password, enable_persistent_cache=True, allow_unencrypted_cache=True + *required_arguments, password=cert_password, enable_persistent_cache=True, _allow_unencrypted_cache=True ) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential.py b/sdk/identity/azure-identity/tests/test_client_secret_credential.py index 2e651c1924a0..27dc4cdd3567 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential.py @@ -129,7 +129,7 @@ def test_enable_persistent_cache(): ClientSecretCredential(*required_arguments) # allowing an unencrypted cache doesn't count as opting in to the persistent cache - ClientSecretCredential(*required_arguments, allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, _allow_unencrypted_cache=True) # keyword argument opts in to persistent cache with patch(persistent_cache + ".msal_extensions") as mock_extensions: @@ -141,7 +141,7 @@ def test_enable_persistent_cache(): with pytest.raises(NotImplementedError): ClientSecretCredential(*required_arguments, enable_persistent_cache=True) with pytest.raises(NotImplementedError): - ClientSecretCredential(*required_arguments, enable_persistent_cache=True, allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, enable_persistent_cache=True, _allow_unencrypted_cache=True) @patch("azure.identity._internal.persistent_cache.sys.platform", "linux2") @@ -155,7 +155,7 @@ def test_persistent_cache_linux(mock_extensions): required_arguments = ("tenant-id", "client-id", "secret") # the credential should prefer an encrypted cache even when the user allows an unencrypted one - ClientSecretCredential(*required_arguments, enable_persistent_cache=True, allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, enable_persistent_cache=True, _allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -166,7 +166,7 @@ def test_persistent_cache_linux(mock_extensions): with pytest.raises(ValueError): ClientSecretCredential(*required_arguments, enable_persistent_cache=True) - ClientSecretCredential(*required_arguments, enable_persistent_cache=True, allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, enable_persistent_cache=True, _allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py index 3c0bdd231941..52f3ce4aba20 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py @@ -197,7 +197,7 @@ def test_enable_persistent_cache(): ClientSecretCredential(*required_arguments) # allowing an unencrypted cache doesn't count as opting in to the persistent cache - ClientSecretCredential(*required_arguments, allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, _allow_unencrypted_cache=True) # keyword argument opts in to persistent cache with patch(persistent_cache + ".msal_extensions") as mock_extensions: @@ -209,7 +209,7 @@ def test_enable_persistent_cache(): with pytest.raises(NotImplementedError): ClientSecretCredential(*required_arguments, enable_persistent_cache=True) with pytest.raises(NotImplementedError): - ClientSecretCredential(*required_arguments, enable_persistent_cache=True, allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, enable_persistent_cache=True, _allow_unencrypted_cache=True) @patch("azure.identity._internal.persistent_cache.sys.platform", "linux2") @@ -223,7 +223,7 @@ def test_persistent_cache_linux(mock_extensions): required_arguments = ("tenant-id", "client-id", "secret") # the credential should prefer an encrypted cache even when the user allows an unencrypted one - ClientSecretCredential(*required_arguments, enable_persistent_cache=True, allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, enable_persistent_cache=True, _allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -234,7 +234,7 @@ def test_persistent_cache_linux(mock_extensions): with pytest.raises(ValueError): ClientSecretCredential(*required_arguments, enable_persistent_cache=True) - ClientSecretCredential(*required_arguments, enable_persistent_cache=True, allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, enable_persistent_cache=True, _allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) diff --git a/sdk/identity/azure-identity/tests/test_interactive_credential.py b/sdk/identity/azure-identity/tests/test_interactive_credential.py index bddab8180088..a11fcf7a4d39 100644 --- a/sdk/identity/azure-identity/tests/test_interactive_credential.py +++ b/sdk/identity/azure-identity/tests/test_interactive_credential.py @@ -237,7 +237,7 @@ def _request_token(self, *_, **__): assert credential._cache is in_memory_cache # allowing an unencrypted cache doesn't count as opting in to the persistent cache - credential = TestCredential(allow_unencrypted_cache=True) + credential = TestCredential(_allow_unencrypted_cache=True) assert credential._cache is in_memory_cache # keyword argument opts in to persistent cache @@ -250,7 +250,7 @@ def _request_token(self, *_, **__): with pytest.raises(NotImplementedError): TestCredential(enable_persistent_cache=True) with pytest.raises(NotImplementedError): - TestCredential(enable_persistent_cache=True, allow_unencrypted_cache=True) + TestCredential(enable_persistent_cache=True, _allow_unencrypted_cache=True) @patch("azure.identity._internal.persistent_cache.sys.platform", "linux2") @@ -269,7 +269,7 @@ def _request_token(self, *_, **__): pass # the credential should prefer an encrypted cache even when the user allows an unencrypted one - TestCredential(enable_persistent_cache=True, allow_unencrypted_cache=True) + TestCredential(enable_persistent_cache=True, _allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -280,7 +280,7 @@ def _request_token(self, *_, **__): with pytest.raises(ValueError): TestCredential(enable_persistent_cache=True) - TestCredential(enable_persistent_cache=True, allow_unencrypted_cache=True) + TestCredential(enable_persistent_cache=True, _allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) diff --git a/sdk/identity/azure-identity/tests/test_shared_cache_credential.py b/sdk/identity/azure-identity/tests/test_shared_cache_credential.py index 6ddd4fcc75b6..cca894350ef6 100644 --- a/sdk/identity/azure-identity/tests/test_shared_cache_credential.py +++ b/sdk/identity/azure-identity/tests/test_shared_cache_credential.py @@ -651,7 +651,7 @@ def test_allow_unencrypted_cache(mock_extensions): """ # the credential should prefer an encrypted cache even when the user allows an unencrypted one - SharedTokenCacheCredential(allow_unencrypted_cache=True) + SharedTokenCacheCredential(_allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -664,7 +664,7 @@ def test_allow_unencrypted_cache(mock_extensions): assert mock_extensions.PersistedTokenCache.call_count == 0 # still no encryption, but now we allow the unencrypted fallback - SharedTokenCacheCredential(allow_unencrypted_cache=True) + SharedTokenCacheCredential(_allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) diff --git a/sdk/identity/azure-identity/tests/test_shared_cache_credential_async.py b/sdk/identity/azure-identity/tests/test_shared_cache_credential_async.py index 7613200e97ee..28f38821765a 100644 --- a/sdk/identity/azure-identity/tests/test_shared_cache_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_shared_cache_credential_async.py @@ -603,7 +603,7 @@ async def test_allow_unencrypted_cache(): mock_extensions = msal_extensions_patch.start() # the credential should prefer an encrypted cache even when the user allows an unencrypted one - SharedTokenCacheCredential(allow_unencrypted_cache=True) + SharedTokenCacheCredential(_allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -617,7 +617,7 @@ async def test_allow_unencrypted_cache(): await credential.get_token("scope") # still no encryption, but now we allow the unencrypted fallback - SharedTokenCacheCredential(allow_unencrypted_cache=True) + SharedTokenCacheCredential(_allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) msal_extensions_patch.stop() From 31b446473cbc09c23d349a8f9695f9113427fa72 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 12 Oct 2020 16:46:31 -0700 Subject: [PATCH 04/11] disable_automatic_authentication -> _disable_automatic_authentication --- .../azure/identity/_internal/interactive.py | 2 +- .../azure-identity/tests/test_browser_credential.py | 2 +- .../tests/test_device_code_credential.py | 2 +- .../tests/test_interactive_credential.py | 10 +++++----- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_internal/interactive.py b/sdk/identity/azure-identity/azure/identity/_internal/interactive.py index 49497d3fd4b6..87dba44a4caa 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/interactive.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/interactive.py @@ -82,7 +82,7 @@ def _build_auth_record(response): class InteractiveCredential(MsalCredential): def __init__(self, **kwargs): - self._disable_automatic_authentication = kwargs.pop("disable_automatic_authentication", False) + self._disable_automatic_authentication = kwargs.pop("_disable_automatic_authentication", False) self._auth_record = kwargs.pop("_authentication_record", None) # type: Optional[AuthenticationRecord] if self._auth_record: kwargs.pop("client_id", None) # authentication_record overrides client_id argument diff --git a/sdk/identity/azure-identity/tests/test_browser_credential.py b/sdk/identity/azure-identity/tests/test_browser_credential.py index 29b02e01ea63..ecb360a0811e 100644 --- a/sdk/identity/azure-identity/tests/test_browser_credential.py +++ b/sdk/identity/azure-identity/tests/test_browser_credential.py @@ -114,7 +114,7 @@ def test_disable_automatic_authentication(): empty_cache = TokenCache() # empty cache makes silent auth impossible transport = Mock(send=Mock(side_effect=Exception("no request should be sent"))) credential = InteractiveBrowserCredential( - disable_automatic_authentication=True, transport=transport, _cache=empty_cache + _disable_automatic_authentication=True, transport=transport, _cache=empty_cache ) with patch(WEBBROWSER_OPEN, Mock(side_effect=Exception("credential shouldn't try interactive authentication"))): diff --git a/sdk/identity/azure-identity/tests/test_device_code_credential.py b/sdk/identity/azure-identity/tests/test_device_code_credential.py index ec2615570995..aed60d2c8667 100644 --- a/sdk/identity/azure-identity/tests/test_device_code_credential.py +++ b/sdk/identity/azure-identity/tests/test_device_code_credential.py @@ -107,7 +107,7 @@ def test_disable_automatic_authentication(): empty_cache = TokenCache() # empty cache makes silent auth impossible transport = Mock(send=Mock(side_effect=Exception("no request should be sent"))) credential = DeviceCodeCredential( - "client-id", disable_automatic_authentication=True, transport=transport, _cache=empty_cache + "client-id", _disable_automatic_authentication=True, transport=transport, _cache=empty_cache ) with pytest.raises(AuthenticationRequiredError): diff --git a/sdk/identity/azure-identity/tests/test_interactive_credential.py b/sdk/identity/azure-identity/tests/test_interactive_credential.py index a11fcf7a4d39..e486522ac7c0 100644 --- a/sdk/identity/azure-identity/tests/test_interactive_credential.py +++ b/sdk/identity/azure-identity/tests/test_interactive_credential.py @@ -81,7 +81,7 @@ def validate_app_parameters(authority, client_id, **_): app_factory = Mock(wraps=validate_app_parameters) credential = MockCredential( - _authentication_record=record, disable_automatic_authentication=True, msal_app_factory=app_factory, + _authentication_record=record, _disable_automatic_authentication=True, msal_app_factory=app_factory, ) with pytest.raises(AuthenticationRequiredError): credential.get_token("scope") @@ -106,7 +106,7 @@ def validate_authority(authority, **_): credential = MockCredential( _authentication_record=record, tenant_id=expected_tenant, - disable_automatic_authentication=True, + _disable_automatic_authentication=True, msal_app_factory=validate_authority, ) with pytest.raises(AuthenticationRequiredError): @@ -125,7 +125,7 @@ def test_disable_automatic_authentication(): credential = MockCredential( _authentication_record=record, - disable_automatic_authentication=True, + _disable_automatic_authentication=True, msal_app_factory=lambda *_, **__: msal_app, request_token=Mock(side_effect=Exception("credential shouldn't begin interactive authentication")), ) @@ -149,7 +149,7 @@ def validate_scopes(*scopes, **_): return REQUEST_TOKEN_RESULT request_token = Mock(wraps=validate_scopes) - credential = MockCredential(disable_automatic_authentication=True, request_token=request_token) + credential = MockCredential(_disable_automatic_authentication=True, request_token=request_token) with pytest.raises(AuthenticationRequiredError) as ex: credential.get_token(scope) @@ -191,7 +191,7 @@ def test_authenticate_ignores_disable_automatic_authentication(option): """authenticate should prompt for authentication regardless of the credential's configuration""" request_token = Mock(return_value=REQUEST_TOKEN_RESULT) - MockCredential(request_token=request_token, disable_automatic_authentication=option).authenticate() + MockCredential(request_token=request_token, _disable_automatic_authentication=option).authenticate() assert request_token.call_count == 1, "credential didn't begin interactive authentication" From 2b0e207efd6215554b77dfa83914521de9ef67bb Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 12 Oct 2020 16:48:34 -0700 Subject: [PATCH 05/11] enable_persistent_cache -> _enable_persistent_cache --- .../_internal/certificate_credential_base.py | 4 ++-- .../_internal/client_credential_base.py | 2 +- .../_internal/client_secret_credential_base.py | 4 ++-- .../identity/_internal/msal_credentials.py | 2 +- .../tests/test_certificate_credential.py | 18 +++++++++--------- .../tests/test_certificate_credential_async.py | 18 +++++++++--------- .../tests/test_client_secret_credential.py | 18 +++++++++--------- .../test_client_secret_credential_async.py | 18 +++++++++--------- .../tests/test_interactive_credential.py | 14 +++++++------- 9 files changed, 49 insertions(+), 49 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py index 806b2878528c..7b1170dddecf 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py @@ -46,8 +46,8 @@ def __init__(self, tenant_id, client_id, certificate_path, **kwargs): self._certificate = AadClientCertificate(pem_bytes, password=password) - enable_persistent_cache = kwargs.pop("enable_persistent_cache", False) - if enable_persistent_cache: + _enable_persistent_cache = kwargs.pop("_enable_persistent_cache", False) + if _enable_persistent_cache: allow_unencrypted = kwargs.pop("_allow_unencrypted_cache", False) cache = load_service_principal_cache(allow_unencrypted) else: diff --git a/sdk/identity/azure-identity/azure/identity/_internal/client_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/client_credential_base.py index c468de12144c..7d8b88920613 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/client_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/client_credential_base.py @@ -23,7 +23,7 @@ class ClientCredentialBase(MsalCredential, GetTokenMixin): """Base class for credentials authenticating a service principal with a certificate or secret""" def __init__(self, **kwargs): - if kwargs.pop("enable_persistent_cache", False): + if kwargs.pop("_enable_persistent_cache", False): allow_unencrypted = kwargs.pop("_allow_unencrypted_cache", False) cache = load_service_principal_cache(allow_unencrypted) else: diff --git a/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py index bfa4b0e268b2..6af19577ed24 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py @@ -33,8 +33,8 @@ def __init__(self, tenant_id, client_id, client_secret, **kwargs): ) validate_tenant_id(tenant_id) - enable_persistent_cache = kwargs.pop("enable_persistent_cache", False) - if enable_persistent_cache: + _enable_persistent_cache = kwargs.pop("_enable_persistent_cache", False) + if _enable_persistent_cache: allow_unencrypted = kwargs.pop("_allow_unencrypted_cache", False) cache = load_service_principal_cache(allow_unencrypted) else: diff --git a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py index cc37e1a080f8..8fd47ee20075 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py @@ -40,7 +40,7 @@ def __init__(self, client_id, client_credential=None, **kwargs): self._cache = kwargs.pop("_cache", None) # internal, for use in tests if not self._cache: - if kwargs.pop("enable_persistent_cache", False): + if kwargs.pop("_enable_persistent_cache", False): allow_unencrypted = kwargs.pop("_allow_unencrypted_cache", False) self._cache = load_user_cache(allow_unencrypted) else: diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential.py b/sdk/identity/azure-identity/tests/test_certificate_credential.py index 428b71c1d6d2..0f502aa6a54c 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential.py @@ -197,7 +197,7 @@ def validate_jwt(request, client_id, pem_bytes, expect_x5c=False): @pytest.mark.parametrize("cert_path,cert_password", BOTH_CERTS) def test_enable_persistent_cache(cert_path, cert_password): - """the credential should use the persistent cache only when given enable_persistent_cache=True""" + """the credential should use the persistent cache only when given _enable_persistent_cache=True""" persistent_cache = "azure.identity._internal.persistent_cache" required_arguments = ("tenant-id", "client-id", cert_path) @@ -212,16 +212,16 @@ def test_enable_persistent_cache(cert_path, cert_password): # keyword argument opts in to persistent cache with patch(persistent_cache + ".msal_extensions") as mock_extensions: - CertificateCredential(*required_arguments, password=cert_password, enable_persistent_cache=True) + CertificateCredential(*required_arguments, password=cert_password, _enable_persistent_cache=True) assert mock_extensions.PersistedTokenCache.call_count == 1 # opting in on an unsupported platform raises an exception with patch(persistent_cache + ".sys.platform", "commodore64"): with pytest.raises(NotImplementedError): - CertificateCredential(*required_arguments, password=cert_password, enable_persistent_cache=True) + CertificateCredential(*required_arguments, password=cert_password, _enable_persistent_cache=True) with pytest.raises(NotImplementedError): CertificateCredential( - *required_arguments, password=cert_password, enable_persistent_cache=True, _allow_unencrypted_cache=True + *required_arguments, password=cert_password, _enable_persistent_cache=True, _allow_unencrypted_cache=True ) @@ -238,7 +238,7 @@ def test_persistent_cache_linux(mock_extensions, cert_path, cert_password): # the credential should prefer an encrypted cache even when the user allows an unencrypted one CertificateCredential( - *required_arguments, password=cert_password, enable_persistent_cache=True, _allow_unencrypted_cache=True + *required_arguments, password=cert_password, _enable_persistent_cache=True, _allow_unencrypted_cache=True ) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -248,10 +248,10 @@ def test_persistent_cache_linux(mock_extensions, cert_path, cert_password): # encryption unavailable, no opt in to unencrypted cache -> credential should raise with pytest.raises(ValueError): - CertificateCredential(*required_arguments, password=cert_password, enable_persistent_cache=True) + CertificateCredential(*required_arguments, password=cert_password, _enable_persistent_cache=True) CertificateCredential( - *required_arguments, password=cert_password, enable_persistent_cache=True, _allow_unencrypted_cache=True + *required_arguments, password=cert_password, _enable_persistent_cache=True, _allow_unencrypted_cache=True ) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) @@ -273,11 +273,11 @@ def test_persistent_cache_multiple_clients(cert_path, cert_password): with patch("azure.identity._internal.persistent_cache._load_persistent_cache") as mock_cache_loader: mock_cache_loader.return_value = Mock(wraps=cache) credential_a = CertificateCredential( - "tenant", "client-a", cert_path, password=cert_password, enable_persistent_cache=True, transport=transport_a + "tenant", "client-a", cert_path, password=cert_password, _enable_persistent_cache=True, transport=transport_a ) assert mock_cache_loader.call_count == 1, "credential should load the persistent cache" credential_b = CertificateCredential( - "tenant", "client-b", cert_path, password=cert_password, enable_persistent_cache=True, transport=transport_b + "tenant", "client-b", cert_path, password=cert_password, _enable_persistent_cache=True, transport=transport_b ) assert mock_cache_loader.call_count == 2, "credential should load the persistent cache" diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py index 2fc67180e74e..fed6f12a4be1 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py @@ -151,7 +151,7 @@ async def mock_send(request, **kwargs): @pytest.mark.parametrize("cert_path,cert_password", BOTH_CERTS) def test_enable_persistent_cache(cert_path, cert_password): - """the credential should use the persistent cache only when given enable_persistent_cache=True""" + """the credential should use the persistent cache only when given _enable_persistent_cache=True""" persistent_cache = "azure.identity._internal.persistent_cache" required_arguments = ("tenant-id", "client-id", cert_path) @@ -166,16 +166,16 @@ def test_enable_persistent_cache(cert_path, cert_password): # keyword argument opts in to persistent cache with patch(persistent_cache + ".msal_extensions") as mock_extensions: - CertificateCredential(*required_arguments, password=cert_password, enable_persistent_cache=True) + CertificateCredential(*required_arguments, password=cert_password, _enable_persistent_cache=True) assert mock_extensions.PersistedTokenCache.call_count == 1 # opting in on an unsupported platform raises an exception with patch(persistent_cache + ".sys.platform", "commodore64"): with pytest.raises(NotImplementedError): - CertificateCredential(*required_arguments, password=cert_password, enable_persistent_cache=True) + CertificateCredential(*required_arguments, password=cert_password, _enable_persistent_cache=True) with pytest.raises(NotImplementedError): CertificateCredential( - *required_arguments, password=cert_password, enable_persistent_cache=True, _allow_unencrypted_cache=True + *required_arguments, password=cert_password, _enable_persistent_cache=True, _allow_unencrypted_cache=True ) @@ -192,7 +192,7 @@ def test_persistent_cache_linux(mock_extensions, cert_path, cert_password): # the credential should prefer an encrypted cache even when the user allows an unencrypted one CertificateCredential( - *required_arguments, password=cert_password, enable_persistent_cache=True, _allow_unencrypted_cache=True + *required_arguments, password=cert_password, _enable_persistent_cache=True, _allow_unencrypted_cache=True ) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -202,10 +202,10 @@ def test_persistent_cache_linux(mock_extensions, cert_path, cert_password): # encryption unavailable, no opt in to unencrypted cache -> credential should raise with pytest.raises(ValueError): - CertificateCredential(*required_arguments, password=cert_password, enable_persistent_cache=True) + CertificateCredential(*required_arguments, password=cert_password, _enable_persistent_cache=True) CertificateCredential( - *required_arguments, password=cert_password, enable_persistent_cache=True, _allow_unencrypted_cache=True + *required_arguments, password=cert_password, _enable_persistent_cache=True, _allow_unencrypted_cache=True ) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) @@ -228,11 +228,11 @@ async def test_persistent_cache_multiple_clients(cert_path, cert_password): with patch("azure.identity._internal.persistent_cache._load_persistent_cache") as mock_cache_loader: mock_cache_loader.return_value = Mock(wraps=cache) credential_a = CertificateCredential( - "tenant", "client-a", cert_path, password=cert_password, enable_persistent_cache=True, transport=transport_a + "tenant", "client-a", cert_path, password=cert_password, _enable_persistent_cache=True, transport=transport_a ) assert mock_cache_loader.call_count == 1, "credential should load the persistent cache" credential_b = CertificateCredential( - "tenant", "client-b", cert_path, password=cert_password, enable_persistent_cache=True, transport=transport_b + "tenant", "client-b", cert_path, password=cert_password, _enable_persistent_cache=True, transport=transport_b ) assert mock_cache_loader.call_count == 2, "credential should load the persistent cache" diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential.py b/sdk/identity/azure-identity/tests/test_client_secret_credential.py index 27dc4cdd3567..9944a40e9ff6 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential.py @@ -118,7 +118,7 @@ def test_authority(authority): def test_enable_persistent_cache(): - """the credential should use the persistent cache only when given enable_persistent_cache=True""" + """the credential should use the persistent cache only when given _enable_persistent_cache=True""" required_arguments = ("tenant-id", "client-id", "secret") persistent_cache = "azure.identity._internal.persistent_cache" @@ -133,15 +133,15 @@ def test_enable_persistent_cache(): # keyword argument opts in to persistent cache with patch(persistent_cache + ".msal_extensions") as mock_extensions: - ClientSecretCredential(*required_arguments, enable_persistent_cache=True) + ClientSecretCredential(*required_arguments, _enable_persistent_cache=True) assert mock_extensions.PersistedTokenCache.call_count == 1 # opting in on an unsupported platform raises an exception with patch(persistent_cache + ".sys.platform", "commodore64"): with pytest.raises(NotImplementedError): - ClientSecretCredential(*required_arguments, enable_persistent_cache=True) + ClientSecretCredential(*required_arguments, _enable_persistent_cache=True) with pytest.raises(NotImplementedError): - ClientSecretCredential(*required_arguments, enable_persistent_cache=True, _allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, _enable_persistent_cache=True, _allow_unencrypted_cache=True) @patch("azure.identity._internal.persistent_cache.sys.platform", "linux2") @@ -155,7 +155,7 @@ def test_persistent_cache_linux(mock_extensions): required_arguments = ("tenant-id", "client-id", "secret") # the credential should prefer an encrypted cache even when the user allows an unencrypted one - ClientSecretCredential(*required_arguments, enable_persistent_cache=True, _allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, _enable_persistent_cache=True, _allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -164,9 +164,9 @@ def test_persistent_cache_linux(mock_extensions): # encryption unavailable, no opt in to unencrypted cache -> credential should raise with pytest.raises(ValueError): - ClientSecretCredential(*required_arguments, enable_persistent_cache=True) + ClientSecretCredential(*required_arguments, _enable_persistent_cache=True) - ClientSecretCredential(*required_arguments, enable_persistent_cache=True, _allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, _enable_persistent_cache=True, _allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) @@ -186,11 +186,11 @@ def test_persistent_cache_multiple_clients(): with patch("azure.identity._internal.persistent_cache._load_persistent_cache") as mock_cache_loader: mock_cache_loader.return_value = Mock(wraps=cache) credential_a = ClientSecretCredential( - "tenant-id", "client-a", "...", enable_persistent_cache=True, transport=transport_a + "tenant-id", "client-a", "...", _enable_persistent_cache=True, transport=transport_a ) assert mock_cache_loader.call_count == 1, "credential should load the persistent cache" credential_b = ClientSecretCredential( - "tenant-id", "client-b", "...", enable_persistent_cache=True, transport=transport_b + "tenant-id", "client-b", "...", _enable_persistent_cache=True, transport=transport_b ) assert mock_cache_loader.call_count == 2, "credential should load the persistent cache" diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py index 52f3ce4aba20..6ae2d0adba18 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py @@ -186,7 +186,7 @@ async def test_cache(): def test_enable_persistent_cache(): - """the credential should use the persistent cache only when given enable_persistent_cache=True""" + """the credential should use the persistent cache only when given _enable_persistent_cache=True""" required_arguments = ("tenant-id", "client-id", "secret") persistent_cache = "azure.identity._internal.persistent_cache" @@ -201,15 +201,15 @@ def test_enable_persistent_cache(): # keyword argument opts in to persistent cache with patch(persistent_cache + ".msal_extensions") as mock_extensions: - ClientSecretCredential(*required_arguments, enable_persistent_cache=True) + ClientSecretCredential(*required_arguments, _enable_persistent_cache=True) assert mock_extensions.PersistedTokenCache.call_count == 1 # opting in on an unsupported platform raises an exception with patch(persistent_cache + ".sys.platform", "commodore64"): with pytest.raises(NotImplementedError): - ClientSecretCredential(*required_arguments, enable_persistent_cache=True) + ClientSecretCredential(*required_arguments, _enable_persistent_cache=True) with pytest.raises(NotImplementedError): - ClientSecretCredential(*required_arguments, enable_persistent_cache=True, _allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, _enable_persistent_cache=True, _allow_unencrypted_cache=True) @patch("azure.identity._internal.persistent_cache.sys.platform", "linux2") @@ -223,7 +223,7 @@ def test_persistent_cache_linux(mock_extensions): required_arguments = ("tenant-id", "client-id", "secret") # the credential should prefer an encrypted cache even when the user allows an unencrypted one - ClientSecretCredential(*required_arguments, enable_persistent_cache=True, _allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, _enable_persistent_cache=True, _allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -232,9 +232,9 @@ def test_persistent_cache_linux(mock_extensions): # encryption unavailable, no opt in to unencrypted cache -> credential should raise with pytest.raises(ValueError): - ClientSecretCredential(*required_arguments, enable_persistent_cache=True) + ClientSecretCredential(*required_arguments, _enable_persistent_cache=True) - ClientSecretCredential(*required_arguments, enable_persistent_cache=True, _allow_unencrypted_cache=True) + ClientSecretCredential(*required_arguments, _enable_persistent_cache=True, _allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) @@ -255,11 +255,11 @@ async def test_persistent_cache_multiple_clients(): with patch("azure.identity._internal.persistent_cache._load_persistent_cache") as mock_cache_loader: mock_cache_loader.return_value = Mock(wraps=cache) credential_a = ClientSecretCredential( - "tenant-id", "client-a", "...", enable_persistent_cache=True, transport=transport_a + "tenant-id", "client-a", "...", _enable_persistent_cache=True, transport=transport_a ) assert mock_cache_loader.call_count == 1, "credential should load the persistent cache" credential_b = ClientSecretCredential( - "tenant-id", "client-b", "...", enable_persistent_cache=True, transport=transport_b + "tenant-id", "client-b", "...", _enable_persistent_cache=True, transport=transport_b ) assert mock_cache_loader.call_count == 2, "credential should load the persistent cache" diff --git a/sdk/identity/azure-identity/tests/test_interactive_credential.py b/sdk/identity/azure-identity/tests/test_interactive_credential.py index e486522ac7c0..9c7156ccd990 100644 --- a/sdk/identity/azure-identity/tests/test_interactive_credential.py +++ b/sdk/identity/azure-identity/tests/test_interactive_credential.py @@ -216,7 +216,7 @@ class CustomException(Exception): def test_enable_persistent_cache(): - """the credential should use the persistent cache only when given enable_persistent_cache=True""" + """the credential should use the persistent cache only when given _enable_persistent_cache=True""" class TestCredential(InteractiveCredential): def __init__(self, **kwargs): @@ -242,15 +242,15 @@ def _request_token(self, *_, **__): # keyword argument opts in to persistent cache with patch(persistent_cache + ".msal_extensions") as mock_extensions: - TestCredential(enable_persistent_cache=True) + TestCredential(_enable_persistent_cache=True) assert mock_extensions.PersistedTokenCache.call_count == 1 # opting in on an unsupported platform raises an exception with patch(persistent_cache + ".sys.platform", "commodore64"): with pytest.raises(NotImplementedError): - TestCredential(enable_persistent_cache=True) + TestCredential(_enable_persistent_cache=True) with pytest.raises(NotImplementedError): - TestCredential(enable_persistent_cache=True, _allow_unencrypted_cache=True) + TestCredential(_enable_persistent_cache=True, _allow_unencrypted_cache=True) @patch("azure.identity._internal.persistent_cache.sys.platform", "linux2") @@ -269,7 +269,7 @@ def _request_token(self, *_, **__): pass # the credential should prefer an encrypted cache even when the user allows an unencrypted one - TestCredential(enable_persistent_cache=True, _allow_unencrypted_cache=True) + TestCredential(_enable_persistent_cache=True, _allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -278,9 +278,9 @@ def _request_token(self, *_, **__): # encryption unavailable, no opt in to unencrypted cache -> credential should raise with pytest.raises(ValueError): - TestCredential(enable_persistent_cache=True) + TestCredential(_enable_persistent_cache=True) - TestCredential(enable_persistent_cache=True, _allow_unencrypted_cache=True) + TestCredential(_enable_persistent_cache=True, _allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) From 420adfb5486332d84b173e62d9f6b2f74e419131 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 12 Oct 2020 16:49:54 -0700 Subject: [PATCH 06/11] remove samples --- sdk/identity/azure-identity/samples/README.md | 14 ++---- .../samples/control_interactive_prompts.py | 38 ---------------- .../samples/user_authentication.py | 43 ------------------- 3 files changed, 3 insertions(+), 92 deletions(-) delete mode 100644 sdk/identity/azure-identity/samples/control_interactive_prompts.py delete mode 100644 sdk/identity/azure-identity/samples/user_authentication.py diff --git a/sdk/identity/azure-identity/samples/README.md b/sdk/identity/azure-identity/samples/README.md index ab61f28e7cc6..72d6c19fa39f 100644 --- a/sdk/identity/azure-identity/samples/README.md +++ b/sdk/identity/azure-identity/samples/README.md @@ -12,14 +12,8 @@ urlFragment: identity-samples ## Prerequisites -You must have an [Azure subscription](https://azure.microsoft.com/free) and an -[Azure Key Vault](https://azure.microsoft.com/services/key-vault/) to run -these samples. You can create a Key Vault in the -[Azure Portal](https://portal.azure.com/#create/Microsoft.KeyVault) or with the -[Azure CLI](https://docs.microsoft.com/azure/key-vault/secrets/quick-create-cli). - -Azure Key Vault is used only to demonstrate authentication. Azure Identity has -the same API for all compatible client libraries. +You must have an [Azure subscription](https://azure.microsoft.com/free) to run +these samples. ## Setup @@ -27,12 +21,10 @@ To run these samples, first install the Azure Identity and Key Vault Secrets client libraries: ```commandline -pip install azure-identity azure-keyvault-secrets +pip install azure-identity ``` ## Contents | File | Description | |-------------|-------------| -| control_interactive_prompts.py | demonstrates controlling when interactive credentials prompt for user interaction | | custom_credentials.py | demonstrates custom credential implementation | -| user_authentication.py | demonstrates user authentication API for applications | diff --git a/sdk/identity/azure-identity/samples/control_interactive_prompts.py b/sdk/identity/azure-identity/samples/control_interactive_prompts.py deleted file mode 100644 index 10dabf65e9d2..000000000000 --- a/sdk/identity/azure-identity/samples/control_interactive_prompts.py +++ /dev/null @@ -1,38 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -"""Demonstrates controlling the timing of interactive authentication using InteractiveBrowserCredential. - -DeviceCodeCredential supports the same API. -""" - -import os -import sys -from azure.identity import AuthenticationRequiredError, InteractiveBrowserCredential -from azure.keyvault.secrets import SecretClient - - -# This sample uses Key Vault only for demonstration. Any client accepting azure-identity credentials will work the same. -VAULT_URL = os.environ.get("VAULT_URL") -if not VAULT_URL: - print("This sample expects environment variable 'VAULT_URL' to be set with the URL of a Key Vault.") - sys.exit(1) - - -# If it's important for your application to prompt for authentication only at certain times, -# create the credential with disable_automatic_authentication=True. This configures the credential to raise -# when interactive authentication is required, instead of immediately beginning that authentication. -credential = InteractiveBrowserCredential(disable_automatic_authentication=True) -client = SecretClient(VAULT_URL, credential) - -try: - secret_names = [s.name for s in client.list_properties_of_secrets()] -except AuthenticationRequiredError as ex: - # Interactive authentication is necessary to authorize the client's request. The exception carries the - # requested authentication scopes. If you pass these to 'authenticate', it will cache an access token - # for those scopes. - credential.authenticate(scopes=ex.scopes) - -# the client operation should now succeed -secret_names = [s.name for s in client.list_properties_of_secrets()] diff --git a/sdk/identity/azure-identity/samples/user_authentication.py b/sdk/identity/azure-identity/samples/user_authentication.py deleted file mode 100644 index 31fb53c2b3e6..000000000000 --- a/sdk/identity/azure-identity/samples/user_authentication.py +++ /dev/null @@ -1,43 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -"""Demonstrates user authentication using InteractiveBrowserCredential. DeviceCodeCredential supports the same API.""" - -import os -import sys -from azure.identity import AuthenticationRecord, InteractiveBrowserCredential -from azure.keyvault.secrets import SecretClient - - -# This sample uses Key Vault only for demonstration. Any client accepting azure-identity credentials will work the same. -VAULT_URL = os.environ.get("VAULT_URL") -if not VAULT_URL: - print("This sample expects environment variable 'VAULT_URL' to be set with the URL of a Key Vault.") - sys.exit(1) - - -# Persistent caching is optional. By default, interactive credentials cache in memory only. -credential = InteractiveBrowserCredential(enable_persistent_cache=True) - -# The 'authenticate' method begins interactive authentication. Call it whenever it's convenient -# for your application to authenticate a user. It returns a record of the authentication. -record = credential.authenticate() - -# The record contains no authentication secrets. You can serialize it to JSON for storage. -record_json = record.serialize() - -# An authenticated credential is ready for use with a client. This request should succeed -# without prompting for authentication again. -client = SecretClient(VAULT_URL, credential) -secret_names = [s.name for s in client.list_properties_of_secrets()] - -# With persistent caching enabled, an authentication record stored by your application enables -# credentials to access data from past authentications. If the cache contains sufficient data, -# this eliminates the need for your application to prompt for authentication every time it runs. -deserialized_record = AuthenticationRecord.deserialize(record_json) -new_credential = InteractiveBrowserCredential(enable_persistent_cache=True, _authentication_record=deserialized_record) - -# This request should also succeed without prompting for authentication. -client = SecretClient(VAULT_URL, new_credential) -secret_names = [s.name for s in client.list_properties_of_secrets()] From 2f0edcb9257d881c9228ebb44be0a598007cafcc Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 12 Oct 2020 16:59:14 -0700 Subject: [PATCH 07/11] authenticate -> _authenticate --- .../azure/identity/_internal/interactive.py | 2 +- .../azure-identity/tests/test_browser_credential.py | 2 +- .../tests/test_device_code_credential.py | 2 +- .../tests/test_interactive_credential.py | 12 ++++++------ .../tests/test_username_password_credential.py | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_internal/interactive.py b/sdk/identity/azure-identity/azure/identity/_internal/interactive.py index 87dba44a4caa..042c9e96b2d1 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/interactive.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/interactive.py @@ -151,7 +151,7 @@ def get_token(self, *scopes, **kwargs): _LOGGER.info("%s.get_token succeeded", self.__class__.__name__) return AccessToken(result["access_token"], now + int(result["expires_in"])) - def authenticate(self, **kwargs): + def _authenticate(self, **kwargs): # type: (**Any) -> AuthenticationRecord """Interactively authenticate a user. diff --git a/sdk/identity/azure-identity/tests/test_browser_credential.py b/sdk/identity/azure-identity/tests/test_browser_credential.py index ecb360a0811e..ee815fedacc1 100644 --- a/sdk/identity/azure-identity/tests/test_browser_credential.py +++ b/sdk/identity/azure-identity/tests/test_browser_credential.py @@ -95,7 +95,7 @@ def test_authenticate(): tenant_id=tenant_id, transport=transport, ) - record = credential.authenticate(scopes=(scope,)) + record = credential._authenticate(scopes=(scope,)) assert record.authority == environment assert record.home_account_id == object_id + "." + home_tenant diff --git a/sdk/identity/azure-identity/tests/test_device_code_credential.py b/sdk/identity/azure-identity/tests/test_device_code_credential.py index aed60d2c8667..65212ef6fde5 100644 --- a/sdk/identity/azure-identity/tests/test_device_code_credential.py +++ b/sdk/identity/azure-identity/tests/test_device_code_credential.py @@ -90,7 +90,7 @@ def test_authenticate(): tenant_id=tenant_id, _cache=TokenCache(), ) - record = credential.authenticate(scopes=(scope,)) + record = credential._authenticate(scopes=(scope,)) assert record.authority == environment assert record.home_account_id == object_id + "." + home_tenant assert record.tenant_id == home_tenant diff --git a/sdk/identity/azure-identity/tests/test_interactive_credential.py b/sdk/identity/azure-identity/tests/test_interactive_credential.py index 9c7156ccd990..d8edc1af0e81 100644 --- a/sdk/identity/azure-identity/tests/test_interactive_credential.py +++ b/sdk/identity/azure-identity/tests/test_interactive_credential.py @@ -153,7 +153,7 @@ def validate_scopes(*scopes, **_): with pytest.raises(AuthenticationRequiredError) as ex: credential.get_token(scope) - credential.authenticate(scopes=ex.value.scopes) + credential._authenticate(scopes=ex.value.scopes) assert request_token.call_count == 1, "validation method wasn't called" @@ -175,7 +175,7 @@ def validate_scopes(*scopes): return REQUEST_TOKEN_RESULT request_token = Mock(wraps=validate_scopes) - MockCredential(authority=authority, request_token=request_token).authenticate() + MockCredential(authority=authority, request_token=request_token)._authenticate() assert request_token.call_count == 1 @@ -183,7 +183,7 @@ def test_authenticate_unknown_cloud(): """authenticate should raise when given no scopes in an unknown cloud""" with pytest.raises(CredentialUnavailableError): - MockCredential(authority="localhost").authenticate() + MockCredential(authority="localhost")._authenticate() @pytest.mark.parametrize("option", (True, False)) @@ -191,7 +191,7 @@ def test_authenticate_ignores_disable_automatic_authentication(option): """authenticate should prompt for authentication regardless of the credential's configuration""" request_token = Mock(return_value=REQUEST_TOKEN_RESULT) - MockCredential(request_token=request_token, _disable_automatic_authentication=option).authenticate() + MockCredential(request_token=request_token, _disable_automatic_authentication=option)._authenticate() assert request_token.call_count == 1, "credential didn't begin interactive authentication" @@ -306,7 +306,7 @@ def __init__(self, **kwargs): def _request_token(self, *_, **__): return msal_response - record = TestCredential().authenticate() + record = TestCredential()._authenticate() assert record.home_account_id == "{}.{}".format(object_id, home_tenant) @@ -334,7 +334,7 @@ def __init__(self, **kwargs): def _request_token(self, *_, **__): return msal_response - record = TestCredential().authenticate() + record = TestCredential()._authenticate() assert record.authority == authority assert record.home_account_id == subject assert record.tenant_id == tenant diff --git a/sdk/identity/azure-identity/tests/test_username_password_credential.py b/sdk/identity/azure-identity/tests/test_username_password_credential.py index ffa529163209..ac19fa813a73 100644 --- a/sdk/identity/azure-identity/tests/test_username_password_credential.py +++ b/sdk/identity/azure-identity/tests/test_username_password_credential.py @@ -136,7 +136,7 @@ def test_authenticate(): tenant_id=tenant_id, transport=transport, ) - record = credential.authenticate(scopes=(scope,)) + record = credential._authenticate(scopes=(scope,)) assert record.authority == environment assert record.home_account_id == object_id + "." + home_tenant assert record.tenant_id == home_tenant From a8e2197984c36e8cdfed0fcb72f8902aad0a5102 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Tue, 13 Oct 2020 08:15:43 -0700 Subject: [PATCH 08/11] SharedTokenCacheCredential allows unencrypted cache by default --- .../azure/identity/_internal/shared_token_cache.py | 2 +- .../azure-identity/tests/test_shared_cache_credential.py | 5 +++-- .../tests/test_shared_cache_credential_async.py | 5 +++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py index 29919ca69ef1..8aa991c4d28b 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py @@ -112,7 +112,7 @@ def _initialize(self): def _load_cache(self): if not self._cache and self.supported(): - allow_unencrypted = self._client_kwargs.get("_allow_unencrypted_cache", False) + allow_unencrypted = self._client_kwargs.get("_allow_unencrypted_cache", True) try: self._cache = load_user_cache(allow_unencrypted) except Exception: # pylint:disable=broad-except diff --git a/sdk/identity/azure-identity/tests/test_shared_cache_credential.py b/sdk/identity/azure-identity/tests/test_shared_cache_credential.py index cca894350ef6..a15e6036a0ba 100644 --- a/sdk/identity/azure-identity/tests/test_shared_cache_credential.py +++ b/sdk/identity/azure-identity/tests/test_shared_cache_credential.py @@ -642,6 +642,7 @@ def test_auth_record_multiple_accounts_for_username(): assert token.token == expected_access_token +@pytest.mark.skip("in 1.5.0 allow_unencrypted_cache is private and defaults to True") @patch("azure.identity._internal.persistent_cache.sys.platform", "linux2") @patch("azure.identity._internal.persistent_cache.msal_extensions") def test_allow_unencrypted_cache(mock_extensions): @@ -651,7 +652,7 @@ def test_allow_unencrypted_cache(mock_extensions): """ # the credential should prefer an encrypted cache even when the user allows an unencrypted one - SharedTokenCacheCredential(_allow_unencrypted_cache=True) + SharedTokenCacheCredential(allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -664,7 +665,7 @@ def test_allow_unencrypted_cache(mock_extensions): assert mock_extensions.PersistedTokenCache.call_count == 0 # still no encryption, but now we allow the unencrypted fallback - SharedTokenCacheCredential(_allow_unencrypted_cache=True) + SharedTokenCacheCredential(allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) diff --git a/sdk/identity/azure-identity/tests/test_shared_cache_credential_async.py b/sdk/identity/azure-identity/tests/test_shared_cache_credential_async.py index 28f38821765a..4599be446126 100644 --- a/sdk/identity/azure-identity/tests/test_shared_cache_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_shared_cache_credential_async.py @@ -589,6 +589,7 @@ async def test_authority_environment_variable(): assert token.token == expected_access_token +@pytest.mark.skip("in 1.5.0 allow_unencrypted_cache is private and defaults to True") @pytest.mark.asyncio async def test_allow_unencrypted_cache(): """The credential should use an unencrypted cache when encryption is unavailable and the user explicitly allows it. @@ -603,7 +604,7 @@ async def test_allow_unencrypted_cache(): mock_extensions = msal_extensions_patch.start() # the credential should prefer an encrypted cache even when the user allows an unencrypted one - SharedTokenCacheCredential(_allow_unencrypted_cache=True) + SharedTokenCacheCredential(allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.LibsecretPersistence) mock_extensions.PersistedTokenCache.reset_mock() @@ -617,7 +618,7 @@ async def test_allow_unencrypted_cache(): await credential.get_token("scope") # still no encryption, but now we allow the unencrypted fallback - SharedTokenCacheCredential(_allow_unencrypted_cache=True) + SharedTokenCacheCredential(allow_unencrypted_cache=True) assert mock_extensions.PersistedTokenCache.called_with(mock_extensions.FilePersistence) msal_extensions_patch.stop() From eeb8acf4f43d7c764a763ea15ad6bc8c2403fda3 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Tue, 13 Oct 2020 10:04:01 -0700 Subject: [PATCH 09/11] remove identity_config --- .../azure/identity/_credentials/app_service.py | 2 +- .../azure/identity/_credentials/managed_identity.py | 6 +----- .../azure/identity/aio/_credentials/managed_identity.py | 4 ---- sdk/identity/azure-identity/tests/test_imds_credential.py | 2 +- .../azure-identity/tests/test_imds_credential_async.py | 2 +- sdk/identity/azure-identity/tests/test_msi_credential.py | 4 ++-- .../azure-identity/tests/test_msi_credential_async.py | 4 ++-- 7 files changed, 8 insertions(+), 16 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/app_service.py b/sdk/identity/azure-identity/azure/identity/_credentials/app_service.py index 4ef34b766dd3..fa1ce61eec61 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/app_service.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/app_service.py @@ -48,7 +48,7 @@ def _request_token(self, *scopes, **kwargs): def _get_client_args(**kwargs): # type: (dict) -> Optional[dict] - identity_config = kwargs.pop("identity_config", None) or {} + identity_config = kwargs.pop("_identity_config", None) or {} url = os.environ.get(EnvironmentVariables.MSI_ENDPOINT) secret = os.environ.get(EnvironmentVariables.MSI_SECRET) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py index a5aace15c792..2de47bdaa42e 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py @@ -44,10 +44,6 @@ class ManagedIdentityCredential(object): the keyword arguments. :keyword str client_id: a user-assigned identity's client ID. This is supported in all hosting environments. - :keyword identity_config: a mapping ``{parameter_name: value}`` specifying a user-assigned identity by its object - or resource ID, for example ``{"object_id": "..."}``. Check the documentation for your hosting environment to - learn what values it expects. - :paramtype identity_config: Mapping[str, str] """ def __init__(self, **kwargs): @@ -95,7 +91,7 @@ def get_token(self, *scopes, **kwargs): class _ManagedIdentityBase(object): def __init__(self, endpoint, client_cls, config=None, client_id=None, **kwargs): # type: (str, Type, Optional[Configuration], Optional[str], **Any) -> None - self._identity_config = kwargs.pop("identity_config", None) or {} + self._identity_config = kwargs.pop("_identity_config", None) or {} if client_id: if os.environ.get(EnvironmentVariables.MSI_ENDPOINT) and os.environ.get(EnvironmentVariables.MSI_SECRET): # App Service: version 2017-09-1 accepts client ID as parameter "clientid" diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py index aad7bd4b3ba1..2c3eeedc0c51 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py @@ -32,10 +32,6 @@ class ManagedIdentityCredential(AsyncContextManager): the keyword arguments. :keyword str client_id: a user-assigned identity's client ID. This is supported in all hosting environments. - :keyword identity_config: a mapping ``{parameter_name: value}`` specifying a user-assigned identity by its object - or resource ID, for example ``{"object_id": "..."}``. Check the documentation for your hosting environment to - learn what values it expects. - :paramtype identity_config: Mapping[str, str] """ def __init__(self, **kwargs: "Any") -> None: diff --git a/sdk/identity/azure-identity/tests/test_imds_credential.py b/sdk/identity/azure-identity/tests/test_imds_credential.py index 95f53088b11a..8b040b769f55 100644 --- a/sdk/identity/azure-identity/tests/test_imds_credential.py +++ b/sdk/identity/azure-identity/tests/test_imds_credential.py @@ -169,7 +169,7 @@ def test_identity_config(): ], ) - credential = ImdsCredential(identity_config={param_name: param_value}, transport=transport) + credential = ImdsCredential(_identity_config={param_name: param_value}, transport=transport) token = credential.get_token(scope) assert token == expected_token diff --git a/sdk/identity/azure-identity/tests/test_imds_credential_async.py b/sdk/identity/azure-identity/tests/test_imds_credential_async.py index a4d056f399fc..8c42e643a855 100644 --- a/sdk/identity/azure-identity/tests/test_imds_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_imds_credential_async.py @@ -198,7 +198,7 @@ async def test_identity_config(): ], ) - credential = ImdsCredential(client_id=client_id, identity_config={param_name: param_value}, transport=transport) + credential = ImdsCredential(client_id=client_id, _identity_config={param_name: param_value}, transport=transport) token = await credential.get_token(scope) assert token == expected_token diff --git a/sdk/identity/azure-identity/tests/test_msi_credential.py b/sdk/identity/azure-identity/tests/test_msi_credential.py index 7536688774e2..28f67a357790 100644 --- a/sdk/identity/azure-identity/tests/test_msi_credential.py +++ b/sdk/identity/azure-identity/tests/test_msi_credential.py @@ -68,7 +68,7 @@ def test_identity_config_app_service(): {EnvironmentVariables.MSI_ENDPOINT: endpoint, EnvironmentVariables.MSI_SECRET: secret}, clear=True, ): - credential = MsiCredential(identity_config={param_name: param_value}, transport=transport) + credential = MsiCredential(_identity_config={param_name: param_value}, transport=transport) token = credential.get_token(scope) assert token == expected_token @@ -107,7 +107,7 @@ def test_identity_config_cloud_shell(): with mock.patch.dict( MsiCredential.__module__ + ".os.environ", {EnvironmentVariables.MSI_ENDPOINT: endpoint}, clear=True ): - credential = MsiCredential(identity_config={param_name: param_value}, transport=transport) + credential = MsiCredential(_identity_config={param_name: param_value}, transport=transport) token = credential.get_token(scope) assert token == expected_token diff --git a/sdk/identity/azure-identity/tests/test_msi_credential_async.py b/sdk/identity/azure-identity/tests/test_msi_credential_async.py index dfa038963536..b9ff2bf114f8 100644 --- a/sdk/identity/azure-identity/tests/test_msi_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_msi_credential_async.py @@ -96,7 +96,7 @@ async def test_identity_config_app_service(): {EnvironmentVariables.MSI_ENDPOINT: endpoint, EnvironmentVariables.MSI_SECRET: secret}, clear=True, ): - credential = MsiCredential(identity_config={param_name: param_value}, transport=transport) + credential = MsiCredential(_identity_config={param_name: param_value}, transport=transport) token = await credential.get_token(scope) assert token == expected_token @@ -135,7 +135,7 @@ async def test_identity_config_cloud_shell(): with mock.patch.dict( MsiCredential.__module__ + ".os.environ", {EnvironmentVariables.MSI_ENDPOINT: endpoint}, clear=True ): - credential = MsiCredential(identity_config={param_name: param_value}, transport=transport) + credential = MsiCredential(_identity_config={param_name: param_value}, transport=transport) token = await credential.get_token(scope) assert token == expected_token From def9d52e1f5a052b8a5ee1413f3689a1d3bd3ae5 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Tue, 13 Oct 2020 13:14:47 -0700 Subject: [PATCH 10/11] remove AuthenticationRecord and AuthenticationRequiredError from public API --- sdk/identity/azure-identity/azure/identity/__init__.py | 5 +---- .../azure/identity/_credentials/shared_cache.py | 2 +- .../azure-identity/azure/identity/_internal/interactive.py | 2 -- sdk/identity/azure-identity/tests/test_auth_record.py | 2 +- sdk/identity/azure-identity/tests/test_browser_credential.py | 3 ++- .../azure-identity/tests/test_device_code_credential.py | 3 ++- .../azure-identity/tests/test_interactive_credential.py | 4 ++-- .../azure-identity/tests/test_shared_cache_credential.py | 2 +- 8 files changed, 10 insertions(+), 13 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/__init__.py b/sdk/identity/azure-identity/azure/identity/__init__.py index 3819005a9e63..a749d3510112 100644 --- a/sdk/identity/azure-identity/azure/identity/__init__.py +++ b/sdk/identity/azure-identity/azure/identity/__init__.py @@ -4,8 +4,7 @@ # ------------------------------------ """Credentials for Azure SDK clients.""" -from ._auth_record import AuthenticationRecord -from ._exceptions import AuthenticationRequiredError, CredentialUnavailableError +from ._exceptions import CredentialUnavailableError from ._constants import AzureAuthorityHosts, KnownAuthorities from ._credentials import ( AzureCliCredential, @@ -25,8 +24,6 @@ __all__ = [ - "AuthenticationRecord", - "AuthenticationRequiredError", "AuthorizationCodeCredential", "AzureAuthorityHosts", "AzureCliCredential", diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py b/sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py index b4270b675399..daaa48d89e1b 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py @@ -24,7 +24,7 @@ if TYPE_CHECKING: # pylint:disable=unused-import,ungrouped-imports from typing import Any, Optional - from .. import AuthenticationRecord + from .._auth_record import AuthenticationRecord from .._internal import AadClientBase diff --git a/sdk/identity/azure-identity/azure/identity/_internal/interactive.py b/sdk/identity/azure-identity/azure/identity/_internal/interactive.py index 042c9e96b2d1..8bf446ee5064 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/interactive.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/interactive.py @@ -108,8 +108,6 @@ def get_token(self, *scopes, **kwargs): required data, state, or platform support :raises ~azure.core.exceptions.ClientAuthenticationError: authentication failed. The error's ``message`` attribute gives a reason. - :raises AuthenticationRequiredError: user interaction is necessary to acquire a token, and the credential is - configured not to begin this automatically. Call :func:`authenticate` to begin interactive authentication. """ if not scopes: message = "'get_token' requires at least one scope" diff --git a/sdk/identity/azure-identity/tests/test_auth_record.py b/sdk/identity/azure-identity/tests/test_auth_record.py index 5daef9c5dec4..5b4ec83d6da2 100644 --- a/sdk/identity/azure-identity/tests/test_auth_record.py +++ b/sdk/identity/azure-identity/tests/test_auth_record.py @@ -4,7 +4,7 @@ # ------------------------------------ import json -from azure.identity import AuthenticationRecord +from azure.identity._auth_record import AuthenticationRecord def test_serialization(): diff --git a/sdk/identity/azure-identity/tests/test_browser_credential.py b/sdk/identity/azure-identity/tests/test_browser_credential.py index ee815fedacc1..500006325f40 100644 --- a/sdk/identity/azure-identity/tests/test_browser_credential.py +++ b/sdk/identity/azure-identity/tests/test_browser_credential.py @@ -10,7 +10,8 @@ from azure.core.exceptions import ClientAuthenticationError from azure.core.pipeline.policies import SansIOHTTPPolicy -from azure.identity import AuthenticationRequiredError, CredentialUnavailableError, InteractiveBrowserCredential +from azure.identity import CredentialUnavailableError, InteractiveBrowserCredential +from azure.identity._exceptions import AuthenticationRequiredError from azure.identity._internal import AuthCodeRedirectServer from azure.identity._internal.user_agent import USER_AGENT from msal import TokenCache diff --git a/sdk/identity/azure-identity/tests/test_device_code_credential.py b/sdk/identity/azure-identity/tests/test_device_code_credential.py index 65212ef6fde5..48761174a2ca 100644 --- a/sdk/identity/azure-identity/tests/test_device_code_credential.py +++ b/sdk/identity/azure-identity/tests/test_device_code_credential.py @@ -6,7 +6,8 @@ from azure.core.exceptions import ClientAuthenticationError from azure.core.pipeline.policies import SansIOHTTPPolicy -from azure.identity import AuthenticationRequiredError, DeviceCodeCredential +from azure.identity import DeviceCodeCredential +from azure.identity._exceptions import AuthenticationRequiredError from azure.identity._internal.user_agent import USER_AGENT from msal import TokenCache import pytest diff --git a/sdk/identity/azure-identity/tests/test_interactive_credential.py b/sdk/identity/azure-identity/tests/test_interactive_credential.py index d8edc1af0e81..f8f725275af2 100644 --- a/sdk/identity/azure-identity/tests/test_interactive_credential.py +++ b/sdk/identity/azure-identity/tests/test_interactive_credential.py @@ -4,11 +4,11 @@ # ------------------------------------ from azure.core.exceptions import ClientAuthenticationError from azure.identity import ( - AuthenticationRequiredError, - AuthenticationRecord, KnownAuthorities, CredentialUnavailableError, ) +from azure.identity._auth_record import AuthenticationRecord +from azure.identity._exceptions import AuthenticationRequiredError from azure.identity._internal import InteractiveCredential from msal import TokenCache import pytest diff --git a/sdk/identity/azure-identity/tests/test_shared_cache_credential.py b/sdk/identity/azure-identity/tests/test_shared_cache_credential.py index a15e6036a0ba..f8a4b97b1109 100644 --- a/sdk/identity/azure-identity/tests/test_shared_cache_credential.py +++ b/sdk/identity/azure-identity/tests/test_shared_cache_credential.py @@ -5,10 +5,10 @@ from azure.core.exceptions import ClientAuthenticationError from azure.core.pipeline.policies import SansIOHTTPPolicy from azure.identity import ( - AuthenticationRecord, CredentialUnavailableError, SharedTokenCacheCredential, ) +from azure.identity._auth_record import AuthenticationRecord from azure.identity._constants import DEVELOPER_SIGN_ON_CLIENT_ID, EnvironmentVariables from azure.identity._internal.shared_token_cache import ( KNOWN_ALIASES, From 143302fccbe93e92a7a521c83b8cdbc3e3aa8437 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Tue, 13 Oct 2020 09:53:59 -0700 Subject: [PATCH 11/11] update changelog --- sdk/identity/azure-identity/CHANGELOG.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/sdk/identity/azure-identity/CHANGELOG.md b/sdk/identity/azure-identity/CHANGELOG.md index ba324f2c110a..ba5cd58502bf 100644 --- a/sdk/identity/azure-identity/CHANGELOG.md +++ b/sdk/identity/azure-identity/CHANGELOG.md @@ -4,6 +4,21 @@ ### Breaking Changes - Renamed optional `CertificateCredential` keyword argument `send_certificate` to `send_certificate_chain` +- Removed application authentication APIs added in prior betas. These will be + reintroduced in 1.6.0b1. Passing the keyword arguments below + generally won't cause a runtime error, but the arguments have no effect. + - Removed `authenticate` method from `DeviceCodeCredential`, + `InteractiveBrowserCredential`, and `UsernamePasswordCredential` + - Removed `allow_unencrypted_cache` and `enable_persistent_cache` keyword + arguments from `CertificateCredential`, `ClientSecretCredential`, + `DeviceCodeCredential`, `InteractiveBrowserCredential`, and + `UsernamePasswordCredential` + - Removed `disable_automatic_authentication` keyword argument from + `DeviceCodeCredential` and `InteractiveBrowserCredential` + - Removed `allow_unencrypted_cache` keyword argument from + `SharedTokenCacheCredential` + - Removed classes `AuthenticationRecord` and `AuthenticationRequiredError` +- Removed `identity_config` keyword argument from `ManagedIdentityCredential` ### Changed - `DeviceCodeCredential` parameter `client_id` is now optional. When not @@ -47,7 +62,7 @@ ([#11346](https://github.com/Azure/azure-sdk-for-python/issues/11346)) - `DefaultAzureCredential` allows specifying the client ID of a user-assigned managed identity via keyword argument `managed_identity_client_id` - ([#12991](https://github.com/Azure/azure-sdk-for-python/issues/12991)) + ([#12991](https://github.com/Azure/azure-sdk-for-python/issues/12991)) - `CertificateCredential` supports Subject Name/Issuer authentication when created with `send_certificate=True`. The async `CertificateCredential` (`azure.identity.aio.CertificateCredential`) will support this in a @@ -63,7 +78,7 @@ ([#12696](https://github.com/Azure/azure-sdk-for-python/issues/12696)) - `InteractiveBrowserCredential` keyword argument `redirect_uri` enables authentication with a user-specified application having a custom redirect URI - ([#13344](https://github.com/Azure/azure-sdk-for-python/issues/13344)) + ([#13344](https://github.com/Azure/azure-sdk-for-python/issues/13344)) ### Breaking changes - Removed `authentication_record` keyword argument from the async