def get_token(*args, **kwargs): # pylint: disable=unused-argument
from azure.core.credentials import AccessToken
import time
fake_raw_token = 'top-secret-token-for-you'
now = int(time.time())
return AccessToken(fake_raw_token, now + 3600)
def setUpClass(cls, credential):
credential.get_token = Mock(return_value=AccessToken("some_token", datetime.now().replace(tzinfo=TZ_UTC)))
TestChatThreadClient.credential = credential
def __init__(self):
self.token = AccessToken("YOU SHALL NOT PASS", 0)
async def get_token(self, *scopes, **kwargs) -> AccessToken: # pylint: disable=unused-argument
"""
Returns an AcccesToken object.
"""
return AccessToken(self.token, self.expires_on)
def get_token(self, *scopes, **kwargs):
"""
This method is automatically called when token is about to expire.
"""
return AccessToken(self.token, self.expiry)
async def test_azure_ml():
"""Azure ML: MSI_ENDPOINT, MSI_SECRET set (like App Service 2017-09-01 but with a different response format)"""
expected_token = AccessToken("****", int(time.time()) + 3600)
url = "http://localhost:42/token"
secret = "expected-secret"
scope = "scope"
client_id = "client"
transport = async_validating_transport(
requests=[
Request(
url,
method="GET",
required_headers={
"secret": secret,
"User-Agent": USER_AGENT
},
required_params={
"api-version": "2017-09-01",
"resource": scope
},
),
Request(
url,
method="GET",
required_headers={
"secret": secret,
"User-Agent": USER_AGENT
},
required_params={
"api-version": "2017-09-01",
"resource": scope,
"clientid": client_id
},
),
],
responses=[
mock_response(
json_payload={
"access_token": expected_token.token,
"expires_in": 3600,
"expires_on": expected_token.expires_on,
"resource": scope,
"token_type": "Bearer",
})
] * 2,
)
with mock.patch.dict(
MANAGED_IDENTITY_ENVIRON,
{
EnvironmentVariables.MSI_ENDPOINT: url,
EnvironmentVariables.MSI_SECRET: secret
},
clear=True,
):
credential = ManagedIdentityCredential(transport=transport)
token = await credential.get_token(scope)
assert token.token == expected_token.token
assert token.expires_on == expected_token.expires_on
credential = ManagedIdentityCredential(transport=transport,
client_id=client_id)
token = await credential.get_token(scope)
assert token.token == expected_token.token
assert token.expires_on == expected_token.expires_on
def get_token(*scopes):
assert len(scopes) == 1
assert scopes[0] == expected_scope
return AccessToken(expected_token, 0)
async def get_token(*_, **__):
return AccessToken("***", 42)
async def get_token(self, *scopes, **kwargs):
from azure.core.credentials import AccessToken
return AccessToken("fake_token", 2527537086)
def get_token(self, *scopes, **kwargs): # pylint: disable=unused-argument
from azure.core.credentials import AccessToken
import time
now = int(time.time())
return AccessToken("access_token_from_" + self._authority, now + 3600)
def credential(self):
if self.is_live:
return DefaultAzureCredential()
return mock.Mock(
get_token=lambda *_, **__: AccessToken("secret",
time.time() + 3600))
def setUpClass(cls, credential):
credential.get_token = Mock(return_value=AccessToken(
"some_token",
_convert_datetime_to_utc_int(datetime.now().replace(
tzinfo=TZ_UTC))))
TestChatClient.credential = credential
async def get_token(*_, **__):
return AccessToken("secret", time.time() + 3600)
def create_vault_client(self, vault_uri):
if self.is_live:
credential = EnvironmentCredential()
else:
credential = Mock(get_token=lambda _: AccessToken("fake-token", 0))
return VaultClient(vault_uri, credential)
async def test_prefers_app_service_2017_09_01():
"""When the environment is configured for both App Service versions, the credential should prefer 2017-09-01
Support for 2019-08-01 was removed due to https://github.com/Azure/azure-sdk-for-python/issues/14670. This test
should be removed when that support is added back.
"""
access_token = "****"
expires_on = 42
expected_token = AccessToken(access_token, expires_on)
url = "http://localhost:42/token"
secret = "expected-secret"
scope = "scope"
transport = async_validating_transport(
requests=[
Request(
url,
method="GET",
required_headers={
"secret": secret,
"User-Agent": USER_AGENT
},
required_params={
"api-version": "2017-09-01",
"resource": scope
},
)
] * 2,
responses=[
mock_response(
json_payload={
"access_token": access_token,
"expires_on": "01/01/1970 00:00:{} +00:00".format(
expires_on), # linux format
"resource": scope,
"token_type": "Bearer",
}),
mock_response(
json_payload={
"access_token": access_token,
"expires_on": "1/1/1970 12:00:{} AM +00:00".format(
expires_on), # windows format
"resource": scope,
"token_type": "Bearer",
}),
],
)
with mock.patch.dict(
MANAGED_IDENTITY_ENVIRON,
{
EnvironmentVariables.IDENTITY_ENDPOINT: url,
EnvironmentVariables.IDENTITY_HEADER: secret,
EnvironmentVariables.MSI_ENDPOINT: url,
EnvironmentVariables.MSI_SECRET: secret,
},
clear=True,
):
credential = ManagedIdentityCredential(transport=transport)
token = await credential.get_token(scope)
assert token == expected_token
assert token.expires_on == expires_on
credential = ManagedIdentityCredential(transport=transport)
token = await credential.get_token(scope)
assert token == expected_token
assert token.expires_on == expires_on
except ImportError: # python < 3.3
from mock import Mock, patch # type: ignore
import pytest
import time
def _convert_datetime_to_utc_int(input):
epoch = time.mktime(datetime(1970, 1, 1).timetuple())
input_datetime_as_int = epoch - time.mktime(input.timetuple())
return input_datetime_as_int
credential = Mock()
credential.get_token = Mock(return_value=AccessToken(
"some_token",
_convert_datetime_to_utc_int(datetime.now().replace(tzinfo=TZ_UTC))))
@pytest.mark.asyncio
async def test_create_chat_thread():
thread_id = "19:[email protected]"
async def mock_send(*_, **__):
return mock_response(
status_code=201,
json_payload={
"chatThread": {
"id":
thread_id,
"topic":
async def test_app_service_2017_09_01():
"""test parsing of App Service MSI 2017-09-01's eccentric platform-dependent expires_on strings"""
access_token = "****"
expires_on = 42
expected_token = AccessToken(access_token, expires_on)
url = "http://localhost:42/token"
secret = "expected-secret"
scope = "scope"
transport = async_validating_transport(
requests=[
Request(
url,
method="GET",
required_headers={
"secret": secret,
"User-Agent": USER_AGENT
},
required_params={
"api-version": "2017-09-01",
"resource": scope
},
)
] * 2,
responses=[
mock_response(
json_payload={
"access_token": access_token,
"expires_on": "01/01/1970 00:00:{} +00:00".format(
expires_on), # linux format
"resource": scope,
"token_type": "Bearer",
}),
mock_response(
json_payload={
"access_token": access_token,
"expires_on": "1/1/1970 12:00:{} AM +00:00".format(
expires_on), # windows format
"resource": scope,
"token_type": "Bearer",
}),
],
)
with mock.patch.dict(
MANAGED_IDENTITY_ENVIRON,
{
EnvironmentVariables.MSI_ENDPOINT: url,
EnvironmentVariables.MSI_SECRET: secret
},
clear=True,
):
token = await ManagedIdentityCredential(transport=transport
).get_token(scope)
assert token == expected_token
assert token.expires_on == expires_on
token = await ManagedIdentityCredential(transport=transport
).get_token(scope)
assert token == expected_token
assert token.expires_on == expires_on
async def mock_get_token():
return AccessToken(
"some_token",
_convert_datetime_to_utc_int(datetime.now().replace(tzinfo=TZ_UTC)))
def __init__(self):
self.token = AccessToken("YOU SHALL NOT PASS", 0)
self.get_token_count = 0
def get_token(self, *scopes, **kwargs):
return AccessToken("dummytoken", 0)
def get_token(*_, **__):
return AccessToken(token, 0)
def get_token(self, *scopes, **kwargs):
r = requests.post(AUTHSERVER + "/oauth2/v2.0/token")
access_token = r.json()["access_token"]
return AccessToken(access_token, 1)
def get_token(self, *scopes, **kwargs):
from azure.core.credentials import AccessToken
return AccessToken("fake-token", 0)
def get_token(self, *scopes, **kwargs):
# type: (*str, **Any) -> AccessToken
"""Request an access token for `scopes`.
This method is called automatically by Azure SDK clients.
:param str scopes: desired scopes for the access token. This method requires at least one scope.
:keyword str claims: additional claims required in the token, such as those returned in a resource provider's
claims challenge following an authorization failure
:keyword str tenant_id: optional tenant to include in the token request. If **allow_multitenant_authentication**
is False, specifying a tenant with this argument may raise an exception.
:rtype: :class:`azure.core.credentials.AccessToken`
:raises CredentialUnavailableError: the credential is unable to attempt authentication because it lacks
required data, state, or platform support
:raises ~azure.core.exceptions.ClientAuthenticationError: authentication failed. The error's ``message``
attribute gives a reason.
:raises AuthenticationRequiredError: user interaction is necessary to acquire a token, and the credential is
configured not to begin this automatically. Call :func:`authenticate` to begin interactive authentication.
"""
if not scopes:
message = "'get_token' requires at least one scope"
_LOGGER.warning("%s.get_token failed: %s", self.__class__.__name__,
message)
raise ValueError(message)
allow_prompt = kwargs.pop("_allow_prompt",
not self._disable_automatic_authentication)
try:
token = self._acquire_token_silent(*scopes, **kwargs)
_LOGGER.info("%s.get_token succeeded", self.__class__.__name__)
return token
except Exception as ex: # pylint:disable=broad-except
if not (isinstance(ex, AuthenticationRequiredError)
and allow_prompt):
_LOGGER.warning(
"%s.get_token failed: %s",
self.__class__.__name__,
ex,
exc_info=_LOGGER.isEnabledFor(logging.DEBUG),
)
raise
# silent authentication failed -> authenticate interactively
now = int(time.time())
try:
result = self._request_token(*scopes, **kwargs)
if "access_token" not in result:
message = "Authentication failed: {}".format(
result.get("error_description") or result.get("error"))
response = self._client.get_error_response(result)
raise ClientAuthenticationError(message=message,
response=response)
# this may be the first authentication, or the user may have authenticated a different identity
self._auth_record = _build_auth_record(result)
except Exception as ex: # pylint:disable=broad-except
_LOGGER.warning(
"%s.get_token failed: %s",
self.__class__.__name__,
ex,
exc_info=_LOGGER.isEnabledFor(logging.DEBUG),
)
raise
_LOGGER.info("%s.get_token succeeded", self.__class__.__name__)
return AccessToken(result["access_token"],
now + int(result["expires_in"]))
async def get_token(self, *scopes: str, **kwargs: Any) -> AccessToken: # pylint:disable=unused-argument
"""
This method is automatically called when token is about to expire.
"""
signature, expiry = parse_sas_credential(self._credential)
return AccessToken(signature, expiry)
def __init__(self):
self.token = AccessToken("Fake Token", 0)
ChatThreadMember,
CommunicationUserIdentifier,
)
from unittest_helpers import mock_response
from azure.core.exceptions import HttpResponseError
try:
from unittest.mock import Mock, patch
except ImportError: # python < 3.3
from mock import Mock, patch # type: ignore
import pytest
credential = Mock()
credential.get_token = Mock(
return_value=AccessToken("some_token",
datetime.now().replace(tzinfo=TZ_UTC)))
@pytest.mark.asyncio
async def test_update_thread():
thread_id = "19:[email protected]"
raised = False
async def mock_send(*_, **__):
return mock_response(status_code=200)
chat_thread_client = ChatThreadClient("https://endpoint",
credential,
thread_id,
transport=Mock(send=mock_send))
def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument
# type: (str, Any) -> AccessToken
"""
This method is automatically called when token is about to expire.
"""
return AccessToken(self.token, self.expiry)
def get_token(self, *scopes, **kwargs):
return AccessToken('fake_token', 2527537086)
def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument
self.set_token()
return AccessToken(self.token['access_token'],
int(self.token['expires_on']))
