def test_get_default_authority():
"""get_default_authority should return public cloud or the value of $AZURE_AUTHORITY_HOST, with 'https' scheme"""
# default scheme is https
for authority in ("localhost", "https://localhost"):
with patch.dict("os.environ",
{EnvironmentVariables.AZURE_AUTHORITY_HOST: authority},
clear=True):
assert get_default_authority() == "https://localhost"
# default to public cloud
for environ in ({}, {
EnvironmentVariables.AZURE_AUTHORITY_HOST:
KnownAuthorities.AZURE_PUBLIC_CLOUD
}):
with patch.dict("os.environ", environ, clear=True):
assert get_default_authority(
) == "https://" + KnownAuthorities.AZURE_PUBLIC_CLOUD
# require https
with pytest.raises(ValueError):
with patch.dict(
"os.environ",
{EnvironmentVariables.AZURE_AUTHORITY_HOST: "http://localhost"},
clear=True):
get_default_authority()
def get_account_event(username,
uid,
utid,
authority=None,
client_id="client-id",
refresh_token="refresh-token",
scopes=None,
**kwargs):
if authority:
endpoint = "https://" + "/".join((
authority,
utid,
"path",
))
else:
endpoint = get_default_authority() + "/{}/{}".format(utid, "path")
return {
"response":
build_aad_response(uid=uid,
utid=utid,
refresh_token=refresh_token,
id_token=build_id_token(aud=client_id,
username=username),
foci="1",
**kwargs),
"client_id":
client_id,
"token_endpoint":
endpoint,
"scope":
scopes or ["scope"],
}
def __init__(self, **kwargs):
# type: (**Any) -> None
self._successfull_tenant_id = None
self.authority = kwargs.pop("authority", None)
self.authority = normalize_authority(
self.authority) if self.authority else get_default_authority()
self.interactive_browser_tenant_id = kwargs.pop(
"interactive_browser_tenant_id",
os.environ.get(EnvironmentVariables.AZURE_TENANT_ID))
self.subscription_id = kwargs.pop("subscription_id",
os.environ.get("SUBSCRIPTION_ID"))
self.arm_base_url = kwargs.pop("arm_base_url",
"https://management.azure.com/")
self.managed_identity_client_id = kwargs.pop(
"managed_identity_client_id",
os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID))
self.shared_cache_username = kwargs.pop(
"shared_cache_username",
os.environ.get(EnvironmentVariables.AZURE_USERNAME))
self.shared_cache_tenant_id = kwargs.pop(
"shared_cache_tenant_id",
os.environ.get(EnvironmentVariables.AZURE_TENANT_ID))
self.vscode_tenant_id = kwargs.pop(
"visual_studio_code_tenant_id",
os.environ.get(EnvironmentVariables.AZURE_TENANT_ID))
self.exclude_token_file_credential = kwargs.pop(
"exclude_token_file_credential", False)
self.exclude_environment_credential = kwargs.pop(
"exclude_environment_credential", False)
self.exclude_managed_identity_credential = kwargs.pop(
"exclude_managed_identity_credential", False)
self.exclude_shared_token_cache_credential = kwargs.pop(
"exclude_shared_token_cache_credential", False)
self.exclude_visual_studio_code_credential = kwargs.pop(
"exclude_visual_studio_code_credential", False)
self.exclude_cli_credential = kwargs.pop("exclude_cli_credential",
False)
self.exclude_interactive_browser_credential = kwargs.pop(
"exclude_interactive_browser_credential", True)
self.exclude_device_code_credential = kwargs.pop(
"exclude_device_code_credential", False)
self.exclude_powershell_credential = kwargs.pop(
"exclude_powershell_credential", False)
# credentials will be created lazy on the first call to get_token
super(_DefaultAzureCredential, self).__init__()
def get_account_event(
username, uid, utid, authority=None, client_id="client-id", refresh_token="refresh-token", scopes=None
):
return {
"response": build_aad_response(
uid=uid,
utid=utid,
refresh_token=refresh_token,
id_token=build_id_token(aud=client_id, preferred_username=username),
foci="1",
),
"client_id": client_id,
"token_endpoint": "https://" + "/".join((authority or get_default_authority(), utid, "/path",)),
"scope": scopes or ["scope"],
}
