From d1b2a6275054bf474ea4e0cb370d85e06336f39d Mon Sep 17 00:00:00 2001
From: Rakshith Bhyravabhotla <sabhyrav@microsoft.com>
Date: Thu, 30 Sep 2021 15:38:06 -0700
Subject: [PATCH] Add credential Scope keyword  (#20987)

* Support for audience

* Update CHANGELOG.md

* Update sdk/monitor/azure-monitor-query/azure/monitor/query/_metrics_query_client.py
---
 sdk/monitor/azure-monitor-query/CHANGELOG.md     |  7 ++-----
 sdk/monitor/azure-monitor-query/README.md        |  4 ++++
 .../azure/monitor/query/_helpers.py              | 16 +++++++++++-----
 .../azure/monitor/query/_logs_query_client.py    | 11 ++++++++---
 .../azure/monitor/query/_metrics_query_client.py | 10 ++++++++--
 .../azure/monitor/query/aio/_helpers_asyc.py     | 14 ++++++++++----
 .../query/aio/_logs_query_client_async.py        | 10 ++++++++--
 .../query/aio/_metrics_query_client_async.py     | 10 ++++++++--
 8 files changed, 59 insertions(+), 23 deletions(-)

diff --git a/sdk/monitor/azure-monitor-query/CHANGELOG.md b/sdk/monitor/azure-monitor-query/CHANGELOG.md
index 0969530e1cbe..9079858da9fe 100644
--- a/sdk/monitor/azure-monitor-query/CHANGELOG.md
+++ b/sdk/monitor/azure-monitor-query/CHANGELOG.md
@@ -1,6 +1,6 @@
 # Release History
 
-## 1.0.0b5 (Unreleased)
+## 1.0.0b5 (2021-10-05)
 
 ### Features Added
 
@@ -9,6 +9,7 @@
 - Added `LogsQueryStatus` Enum to describe the status of a result.
 - Added a new `LogsTableRow` type that represents a single row in a table.
 - Items in `metrics` list in `MetricsResult` can now be accessed by metric names.
+- Added `audience` keyword to support providing credential scope when creating clients.
 
 ### Breaking Changes
 
@@ -19,10 +20,6 @@
 - `query_batch` API now returns a union of `LogsQueryPartialResult`, `LogsQueryError` and `LogsQueryResult`.
 - `metric_namespace` is renamed to `namespace` and is a keyword-only argument in `list_metric_definitions` API.
 
-### Bugs Fixed
-
-### Other Changes
-
 ## 1.0.0b4 (2021-09-09)
 
 ### Features Added
diff --git a/sdk/monitor/azure-monitor-query/README.md b/sdk/monitor/azure-monitor-query/README.md
index 4f1677bd6807..2dbac055aee6 100644
--- a/sdk/monitor/azure-monitor-query/README.md
+++ b/sdk/monitor/azure-monitor-query/README.md
@@ -14,6 +14,10 @@ The Azure Monitor Query client library is used to execute read-only queries agai
 - [Samples][samples]
 - [Change log][changelog]
 
+## _Disclaimer_
+
+_Azure SDK Python packages support for Python 2.7 is ending 01 January 2022. For more information and questions, please refer to https://github.com/Azure/azure-sdk-for-python/issues/20691_
+
 ## Getting started
 
 ### Prerequisites
diff --git a/sdk/monitor/azure-monitor-query/azure/monitor/query/_helpers.py b/sdk/monitor/azure-monitor-query/azure/monitor/query/_helpers.py
index 4fb0563fd3da..b23fcd8ec0c8 100644
--- a/sdk/monitor/azure-monitor-query/azure/monitor/query/_helpers.py
+++ b/sdk/monitor/azure-monitor-query/azure/monitor/query/_helpers.py
@@ -15,16 +15,19 @@
 
 
 def get_authentication_policy(
-    credential,  # type: TokenCredential
+    credential,  # type: "TokenCredential"
+    audience=None # type: str
 ):
     # type: (...) -> BearerTokenCredentialPolicy
     """Returns the correct authentication policy"""
-
+    if not audience:
+        audience = "https://api.loganalytics.io/"
+    scope = audience.rstrip('/') + "/.default"
     if credential is None:
         raise ValueError("Parameter 'credential' must not be None.")
     if hasattr(credential, "get_token"):
         return BearerTokenCredentialPolicy(
-            credential, "https://api.loganalytics.io/.default"
+            credential, scope
         )
 
     raise TypeError("Unsupported credential")
@@ -32,15 +35,18 @@ def get_authentication_policy(
 
 def get_metrics_authentication_policy(
     credential,  # type: TokenCredential
+    audience=None # type: str
 ):
     # type: (...) -> BearerTokenCredentialPolicy
     """Returns the correct authentication policy"""
-
+    if not audience:
+        audience = "https://management.azure.com/"
+    scope = audience.rstrip('/') + "/.default"
     if credential is None:
         raise ValueError("Parameter 'credential' must not be None.")
     if hasattr(credential, "get_token"):
         return BearerTokenCredentialPolicy(
-            credential, "https://management.azure.com/.default"
+            credential, scope
         )
 
     raise TypeError("Unsupported credential")
diff --git a/sdk/monitor/azure-monitor-query/azure/monitor/query/_logs_query_client.py b/sdk/monitor/azure-monitor-query/azure/monitor/query/_logs_query_client.py
index 1bc32db07d39..24db36531e8b 100644
--- a/sdk/monitor/azure-monitor-query/azure/monitor/query/_logs_query_client.py
+++ b/sdk/monitor/azure-monitor-query/azure/monitor/query/_logs_query_client.py
@@ -49,15 +49,20 @@ class LogsQueryClient(object):
     :type credential: ~azure.core.credentials.TokenCredential
     :keyword endpoint: The endpoint to connect to. Defaults to 'https://api.loganalytics.io'.
     :paramtype endpoint: str
+    :keyword audience: URL to use for credential authentication with AAD.
+    :paramtype audience: str
     """
 
     def __init__(self, credential, **kwargs):
         # type: (TokenCredential, Any) -> None
-
-        self._endpoint = kwargs.pop("endpoint", "https://api.loganalytics.io/v1")
+        audience = kwargs.pop("audience", None)
+        endpoint = kwargs.pop("endpoint", "https://api.loganalytics.io/v1")
+        if not endpoint.startswith("https://") and not endpoint.startswith("http://"):
+            endpoint = "https://" + endpoint
+        self._endpoint = endpoint
         self._client = MonitorQueryClient(
             credential=credential,
-            authentication_policy=get_authentication_policy(credential),
+            authentication_policy=get_authentication_policy(credential, audience),
             base_url=self._endpoint,
             **kwargs
         )
diff --git a/sdk/monitor/azure-monitor-query/azure/monitor/query/_metrics_query_client.py b/sdk/monitor/azure-monitor-query/azure/monitor/query/_metrics_query_client.py
index 171d0b495a3c..e730db1c7f26 100644
--- a/sdk/monitor/azure-monitor-query/azure/monitor/query/_metrics_query_client.py
+++ b/sdk/monitor/azure-monitor-query/azure/monitor/query/_metrics_query_client.py
@@ -44,15 +44,21 @@ class MetricsQueryClient(object):
     :type credential: ~azure.core.credentials.TokenCredential
     :keyword endpoint: The endpoint to connect to. Defaults to 'https://management.azure.com'.
     :paramtype endpoint: str
+    :keyword audience: URL to use for credential authentication with AAD.
+    :paramtype audience: str
     """
 
     def __init__(self, credential, **kwargs):
         # type: (TokenCredential, Any) -> None
+        audience = kwargs.pop("audience", None)
         endpoint = kwargs.pop("endpoint", "https://management.azure.com")
+        if not endpoint.startswith("https://") and not endpoint.startswith("http://"):
+            endpoint = "https://" + endpoint
+        self._endpoint = endpoint
         self._client = MonitorQueryClient(
             credential=credential,
-            base_url=endpoint,
-            authentication_policy=get_metrics_authentication_policy(credential),
+            base_url=self._endpoint,
+            authentication_policy=get_metrics_authentication_policy(credential, audience),
             **kwargs
         )
         self._metrics_op = self._client.metrics
diff --git a/sdk/monitor/azure-monitor-query/azure/monitor/query/aio/_helpers_asyc.py b/sdk/monitor/azure-monitor-query/azure/monitor/query/aio/_helpers_asyc.py
index ffecbec48927..033b1c3fc585 100644
--- a/sdk/monitor/azure-monitor-query/azure/monitor/query/aio/_helpers_asyc.py
+++ b/sdk/monitor/azure-monitor-query/azure/monitor/query/aio/_helpers_asyc.py
@@ -13,14 +13,17 @@
 
 def get_authentication_policy(
     credential: "AsyncTokenCredential",
+    audience: str = None
 ) -> AsyncBearerTokenCredentialPolicy:
     """Returns the correct authentication policy"""
-
+    if not audience:
+        audience = "https://api.loganalytics.io/"
+    scope = audience.rstrip('/') + "/.default"
     if credential is None:
         raise ValueError("Parameter 'credential' must not be None.")
     if hasattr(credential, "get_token"):
         return AsyncBearerTokenCredentialPolicy(
-            credential, "https://api.loganalytics.io/.default"
+            credential, scope
         )
 
     raise TypeError("Unsupported credential")
@@ -28,14 +31,17 @@ def get_authentication_policy(
 
 def get_metrics_authentication_policy(
     credential: "AsyncTokenCredential",
+    audience: str = None
 ) -> AsyncBearerTokenCredentialPolicy:
     """Returns the correct authentication policy"""
-
+    if not audience:
+        audience = "https://management.azure.com/"
+    scope = audience.rstrip('/') + "/.default"
     if credential is None:
         raise ValueError("Parameter 'credential' must not be None.")
     if hasattr(credential, "get_token"):
         return AsyncBearerTokenCredentialPolicy(
-            credential, "https://management.azure.com/.default"
+            credential, scope
         )
 
     raise TypeError("Unsupported credential")
diff --git a/sdk/monitor/azure-monitor-query/azure/monitor/query/aio/_logs_query_client_async.py b/sdk/monitor/azure-monitor-query/azure/monitor/query/aio/_logs_query_client_async.py
index 92379c5d6442..4e4df78df924 100644
--- a/sdk/monitor/azure-monitor-query/azure/monitor/query/aio/_logs_query_client_async.py
+++ b/sdk/monitor/azure-monitor-query/azure/monitor/query/aio/_logs_query_client_async.py
@@ -35,13 +35,19 @@ class LogsQueryClient(object):
     :type credential: ~azure.core.credentials_async.AsyncTokenCredential
     :keyword endpoint: The endpoint to connect to. Defaults to 'https://api.loganalytics.io/v1'.
     :paramtype endpoint: str
+    :keyword audience: URL to use for credential authentication with AAD.
+    :paramtype audience: str
     """
 
     def __init__(self, credential: "AsyncTokenCredential", **kwargs: Any) -> None:
-        self._endpoint = kwargs.pop("endpoint", "https://api.loganalytics.io/v1")
+        audience = kwargs.pop("audience", None)
+        endpoint = kwargs.pop("endpoint", "https://api.loganalytics.io/v1")
+        if not endpoint.startswith("https://") and not endpoint.startswith("http://"):
+            endpoint = "https://" + endpoint
+        self._endpoint = endpoint
         self._client = MonitorQueryClient(
             credential=credential,
-            authentication_policy=get_authentication_policy(credential),
+            authentication_policy=get_authentication_policy(credential, audience),
             base_url=self._endpoint,
             **kwargs
         )
diff --git a/sdk/monitor/azure-monitor-query/azure/monitor/query/aio/_metrics_query_client_async.py b/sdk/monitor/azure-monitor-query/azure/monitor/query/aio/_metrics_query_client_async.py
index e9345743d686..707272d39ac4 100644
--- a/sdk/monitor/azure-monitor-query/azure/monitor/query/aio/_metrics_query_client_async.py
+++ b/sdk/monitor/azure-monitor-query/azure/monitor/query/aio/_metrics_query_client_async.py
@@ -32,14 +32,20 @@ class MetricsQueryClient(object):
     :type credential: ~azure.core.credentials.TokenCredential
     :keyword endpoint: The endpoint to connect to. Defaults to 'https://management.azure.com'.
     :paramtype endpoint: str
+    :keyword audience: URL to use for credential authentication with AAD.
+    :paramtype audience: str
     """
 
     def __init__(self, credential: "AsyncTokenCredential", **kwargs: Any) -> None:
+        audience = kwargs.pop("audience", None)
         endpoint = kwargs.pop("endpoint", "https://management.azure.com")
+        if not endpoint.startswith("https://") and not endpoint.startswith("http://"):
+            endpoint = "https://" + endpoint
+        self._endpoint = endpoint
         self._client = MonitorQueryClient(
             credential=credential,
-            base_url=endpoint,
-            authentication_policy=get_metrics_authentication_policy(credential),
+            base_url=self._endpoint,
+            authentication_policy=get_metrics_authentication_policy(credential, audience),
             **kwargs
         )
         self._metrics_op = self._client.metrics