def test_exclude_options(): def assert_credentials_not_present(chain, *credential_classes): actual = {c.__class__ for c in chain.credentials} assert len(actual) # no unexpected credential is in the chain excluded = set(credential_classes) assert len(actual & excluded) == 0 # only excluded credentials have been excluded from the default default = {c.__class__ for c in DefaultAzureCredential().credentials} assert actual <= default # n.b. we know actual is non-empty assert default - actual <= excluded # when exclude_managed_identity_credential is set to True, check if ManagedIdentityCredential instance is not present credential = DefaultAzureCredential( exclude_managed_identity_credential=True) assert_credentials_not_present(credential, ManagedIdentityCredential) if SharedTokenCacheCredential.supported(): credential = DefaultAzureCredential( exclude_shared_token_cache_credential=True) assert_credentials_not_present(credential, SharedTokenCacheCredential) credential = DefaultAzureCredential(exclude_cli_credential=True) assert_credentials_not_present(credential, AzureCliCredential) credential = DefaultAzureCredential( exclude_visual_studio_code_credential=True) assert_credentials_not_present(credential, VSCodeCredential)
def test_exclude_options(): def assert_credentials_not_present(chain, *credential_classes): actual = {c.__class__ for c in chain.credentials} assert len(actual) # no unexpected credential is in the chain excluded = set(credential_classes) assert len(actual & excluded) == 0 # only excluded credentials have been excluded from the default default = {c.__class__ for c in DefaultAzureCredential().credentials} assert actual <= default # n.b. we know actual is non-empty assert default - actual <= excluded # with no environment variables set, ManagedIdentityCredential = ImdsCredential with patch("os.environ", {}): credential = DefaultAzureCredential( exclude_managed_identity_credential=True) assert_credentials_not_present(credential, ImdsCredential, MsiCredential) # with $MSI_ENDPOINT set, ManagedIdentityCredential = MsiCredential with patch("os.environ", {"MSI_ENDPOINT": "spam"}): credential = DefaultAzureCredential( exclude_managed_identity_credential=True) assert_credentials_not_present(credential, ImdsCredential, MsiCredential) if SharedTokenCacheCredential.supported(): credential = DefaultAzureCredential( exclude_shared_token_cache_credential=True) assert_credentials_not_present(credential, SharedTokenCacheCredential)
def _initialize_credentials(self): if self.subscription_id is not None \ and self.arm_base_url is not None: if self.vscode_tenant_id is None: self.vscode_tenant_id = self._get_tenant_id( arm_base_url=self.arm_base_url, subscription_id=self.subscription_id) if self.shared_cache_tenant_id is None: self.shared_cache_tenant_id = self._get_tenant_id( arm_base_url=self.arm_base_url, subscription_id=self.subscription_id) if self.interactive_browser_tenant_id is None: self.interactive_browser_tenant_id = self._get_tenant_id( arm_base_url=self.arm_base_url, subscription_id=self.subscription_id) credentials = [] # type: List[AsyncTokenCredential] if not self.exclude_token_file_credential: credentials.append(_TokenFileCredential()) if not self.exclude_environment_credential: credentials.append(EnvironmentCredential(authority=self.authority)) if not self.exclude_managed_identity_credential: credentials.append( ManagedIdentityCredential( client_id=self.managed_identity_client_id)) if not self.exclude_shared_token_cache_credential and SharedTokenCacheCredential.supported( ): try: # username and/or tenant_id are only required when the cache contains tokens for multiple identities shared_cache = SharedTokenCacheCredential( username=self.shared_cache_username, tenant_id=self.shared_cache_tenant_id, authority=self.authority) credentials.append(shared_cache) except Exception as ex: # pylint:disable=broad-except _LOGGER.info("Shared token cache is unavailable: '%s'", ex) if not self.exclude_visual_studio_code_credential: credentials.append( VisualStudioCodeCredential(tenant_id=self.vscode_tenant_id)) if not self.exclude_cli_credential: credentials.append(AzureCliCredential()) if not self.exclude_powershell_credential: credentials.append(AzurePowerShellCredential()) if not self.exclude_interactive_browser_credential: credentials.append( InteractiveBrowserCredential( tenant_id=self.interactive_browser_tenant_id)) if not self.exclude_device_code_credential: credentials.append( DeviceCodeCredential( tenant_id=self.interactive_browser_tenant_id)) self.credentials = credentials
def test_supported(): """the cache is supported on Linux, macOS, Windows, so this should pass unless you're developing on e.g. FreeBSD""" assert SharedTokenCacheCredential.supported()