async def test_multiple_scopes():
"""The credential should raise ValueError when get_token is called with more than one scope"""
with mock.patch("os.environ", {EnvironmentVariables.MSI_ENDPOINT: "https://url"}):
credential = MsiCredential()
with pytest.raises(ValueError):
await credential.get_token("one scope", "and another")
async def test_no_scopes():
"""The credential should raise ValueError when get_token is called with no scopes"""
with mock.patch("os.environ", {EnvironmentVariables.MSI_ENDPOINT: "https://url"}):
credential = MsiCredential()
with pytest.raises(ValueError):
await credential.get_token()
async def test_close():
transport = AsyncMockTransport()
with mock.patch("os.environ", {EnvironmentVariables.MSI_ENDPOINT: "https://url"}):
credential = MsiCredential(transport=transport)
await credential.close()
assert transport.__aexit__.call_count == 1
async def test_context_manager():
transport = AsyncMockTransport()
with mock.patch("os.environ", {EnvironmentVariables.MSI_ENDPOINT: "https://url"}):
credential = MsiCredential(transport=transport)
async with credential:
assert transport.__aenter__.call_count == 1
assert transport.__aenter__.call_count == 1
assert transport.__aexit__.call_count == 1
async def test_identity_config_app_service():
param_name, param_value = "foo", "bar"
access_token = "****"
expires_on = 42
expected_token = AccessToken(access_token, expires_on)
endpoint = "http://localhost:42/token"
secret = "expected-secret"
scope = "scope"
transport = async_validating_transport(
requests=[
Request(
base_url=endpoint,
method="GET",
required_headers={
"Metadata": "true",
"secret": secret,
"User-Agent": USER_AGENT
},
required_params={
"api-version": "2017-09-01",
"resource": scope,
param_name: param_value,
},
)
],
responses=[
mock_response(
json_payload={
"access_token": access_token,
"expires_on": expires_on,
"resource": scope,
"token_type": "Bearer",
})
],
)
with mock.patch.dict(
MsiCredential.__module__ + ".os.environ",
{
EnvironmentVariables.MSI_ENDPOINT: endpoint,
EnvironmentVariables.MSI_SECRET: secret
},
clear=True,
):
credential = MsiCredential(identity_config={param_name: param_value},
transport=transport)
token = await credential.get_token(scope)
assert token == expected_token
async def test_identity_config_cloud_shell():
param_name, param_value = "foo", "bar"
access_token = "****"
expires_on = 42
expected_token = AccessToken(access_token, expires_on)
endpoint = "http://localhost:42/token"
scope = "scope"
transport = async_validating_transport(
requests=[
Request(
base_url=endpoint,
method="POST",
required_headers={
"Metadata": "true",
"User-Agent": USER_AGENT
},
required_data={
"resource": scope,
param_name: param_value
},
)
],
responses=[
mock_response(
json_payload={
"access_token": access_token,
"expires_in": 0,
"expires_on": expires_on,
"not_before": int(time.time()),
"resource": scope,
"token_type": "Bearer",
})
],
)
with mock.patch.dict(MsiCredential.__module__ + ".os.environ",
{EnvironmentVariables.MSI_ENDPOINT: endpoint},
clear=True):
credential = MsiCredential(identity_config={param_name: param_value},
transport=transport)
token = await credential.get_token(scope)
assert token == expected_token
async def test_msi_app_service():
await get_token(MsiCredential())
async def test_msi_legacy():
await get_token(MsiCredential())