def test_exclude_options():
def assert_credentials_not_present(chain, *credential_classes):
actual = {c.__class__ for c in chain.credentials}
assert len(actual)
# no unexpected credential is in the chain
excluded = set(credential_classes)
assert len(actual & excluded) == 0
# only excluded credentials have been excluded from the default
default = {c.__class__ for c in DefaultAzureCredential().credentials}
assert actual <= default # n.b. we know actual is non-empty
assert default - actual <= excluded
# when exclude_managed_identity_credential is set to True, check if ManagedIdentityCredential instance is not present
credential = DefaultAzureCredential(
exclude_managed_identity_credential=True)
assert_credentials_not_present(credential, ManagedIdentityCredential)
if SharedTokenCacheCredential.supported():
credential = DefaultAzureCredential(
exclude_shared_token_cache_credential=True)
assert_credentials_not_present(credential, SharedTokenCacheCredential)
credential = DefaultAzureCredential(exclude_cli_credential=True)
assert_credentials_not_present(credential, AzureCliCredential)
credential = DefaultAzureCredential(
exclude_visual_studio_code_credential=True)
assert_credentials_not_present(credential, VSCodeCredential)
def test_exclude_options():
def assert_credentials_not_present(chain, *credential_classes):
actual = {c.__class__ for c in chain.credentials}
assert len(actual)
# no unexpected credential is in the chain
excluded = set(credential_classes)
assert len(actual & excluded) == 0
# only excluded credentials have been excluded from the default
default = {c.__class__ for c in DefaultAzureCredential().credentials}
assert actual <= default # n.b. we know actual is non-empty
assert default - actual <= excluded
# with no environment variables set, ManagedIdentityCredential = ImdsCredential
with patch("os.environ", {}):
credential = DefaultAzureCredential(
exclude_managed_identity_credential=True)
assert_credentials_not_present(credential, ImdsCredential,
MsiCredential)
# with $MSI_ENDPOINT set, ManagedIdentityCredential = MsiCredential
with patch("os.environ", {"MSI_ENDPOINT": "spam"}):
credential = DefaultAzureCredential(
exclude_managed_identity_credential=True)
assert_credentials_not_present(credential, ImdsCredential,
MsiCredential)
if SharedTokenCacheCredential.supported():
credential = DefaultAzureCredential(
exclude_shared_token_cache_credential=True)
assert_credentials_not_present(credential, SharedTokenCacheCredential)
def _initialize_credentials(self):
if self.subscription_id is not None \
and self.arm_base_url is not None:
if self.vscode_tenant_id is None:
self.vscode_tenant_id = self._get_tenant_id(
arm_base_url=self.arm_base_url,
subscription_id=self.subscription_id)
if self.shared_cache_tenant_id is None:
self.shared_cache_tenant_id = self._get_tenant_id(
arm_base_url=self.arm_base_url,
subscription_id=self.subscription_id)
if self.interactive_browser_tenant_id is None:
self.interactive_browser_tenant_id = self._get_tenant_id(
arm_base_url=self.arm_base_url,
subscription_id=self.subscription_id)
credentials = [] # type: List[AsyncTokenCredential]
if not self.exclude_token_file_credential:
credentials.append(_TokenFileCredential())
if not self.exclude_environment_credential:
credentials.append(EnvironmentCredential(authority=self.authority))
if not self.exclude_managed_identity_credential:
credentials.append(
ManagedIdentityCredential(
client_id=self.managed_identity_client_id))
if not self.exclude_shared_token_cache_credential and SharedTokenCacheCredential.supported(
):
try:
# username and/or tenant_id are only required when the cache contains tokens for multiple identities
shared_cache = SharedTokenCacheCredential(
username=self.shared_cache_username,
tenant_id=self.shared_cache_tenant_id,
authority=self.authority)
credentials.append(shared_cache)
except Exception as ex: # pylint:disable=broad-except
_LOGGER.info("Shared token cache is unavailable: '%s'", ex)
if not self.exclude_visual_studio_code_credential:
credentials.append(
VisualStudioCodeCredential(tenant_id=self.vscode_tenant_id))
if not self.exclude_cli_credential:
credentials.append(AzureCliCredential())
if not self.exclude_powershell_credential:
credentials.append(AzurePowerShellCredential())
if not self.exclude_interactive_browser_credential:
credentials.append(
InteractiveBrowserCredential(
tenant_id=self.interactive_browser_tenant_id))
if not self.exclude_device_code_credential:
credentials.append(
DeviceCodeCredential(
tenant_id=self.interactive_browser_tenant_id))
self.credentials = credentials
def test_supported():
"""the cache is supported on Linux, macOS, Windows, so this should pass unless you're developing on e.g. FreeBSD"""
assert SharedTokenCacheCredential.supported()
