Skip to content

Commit

Permalink
remove vscodecred (Azure#25493)
Browse files Browse the repository at this point in the history 
* remove vscodecred

* update

* update

* update

* update
  • Loading branch information
@xiangyan99 @wonder6845
xiangyan99 authored and wonder6845 committed Aug 22, 2022
1 parent 7164d52 commit c93bd93
Show file tree
Hide file tree
Showing 9 changed files with 18 additions and 141 deletions.
8 changes: 5 additions & 3 deletions sdk/identity/azure-identity/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Release History

## 1.11.0b3 (Unreleased)
## 1.11.0 (2022-08-09)

Azure-identity is supported on Python 3.7 or later. For more details, please read our page on [Azure SDK for Python version support policy](https://github.com/Azure/azure-sdk-for-python/wiki/Azure-SDKs-Python-version-support-policy).

Expand All @@ -10,9 +10,11 @@ Azure-identity is supported on Python 3.7 or later. For more details, please rea

### Breaking Changes

### Bugs Fixed
- Removed `VisualStudioCodeCredential` from `DefaultAzureCredential` token chain. ([#23249](https://github.com/Azure/azure-sdk-for-python/issues/23249))

### Other Changes
> These changes do not impact the API of stable versions such as 1.10.0.
> Only code written against a beta version such as 1.11.0b2 may be affected.
- `validate_authority` support is not available in 1.11.0.

## 1.11.0b2 (2022-07-05)

Expand Down
24 changes: 2 additions & 22 deletions sdk/identity/azure-identity/azure/identity/_credentials/default.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@
from .managed_identity import ManagedIdentityCredential
from .shared_cache import SharedTokenCacheCredential
from .azure_cli import AzureCliCredential
from .vscode import VisualStudioCodeCredential


try:
Expand All @@ -41,9 +40,8 @@ class DefaultAzureCredential(ChainedTokenCredential):
3. On Windows only: a user who has signed in with a Microsoft application, such as Visual Studio. If multiple
identities are in the cache, then the value of the environment variable ``AZURE_USERNAME`` is used to select
which identity to use. See :class:`~azure.identity.SharedTokenCacheCredential` for more details.
4. The user currently signed in to Visual Studio Code.
5. The identity currently logged in to the Azure CLI.
6. The identity currently logged in to Azure PowerShell.
4. The identity currently logged in to the Azure CLI.
5. The identity currently logged in to Azure PowerShell.
This default behavior is configurable with keyword arguments.
Expand All @@ -56,8 +54,6 @@ class DefaultAzureCredential(ChainedTokenCredential):
:keyword bool exclude_managed_identity_credential: Whether to exclude managed identity from the credential.
Defaults to **False**.
:keyword bool exclude_powershell_credential: Whether to exclude Azure PowerShell. Defaults to **False**.
:keyword bool exclude_visual_studio_code_credential: Whether to exclude stored credential from VS Code.
Defaults to **False**.
:keyword bool exclude_shared_token_cache_credential: Whether to exclude the shared token cache. Defaults to
**False**.
:keyword bool exclude_interactive_browser_credential: Whether to exclude interactive browser authentication (see
Expand All @@ -73,10 +69,6 @@ class DefaultAzureCredential(ChainedTokenCredential):
Defaults to the value of environment variable AZURE_USERNAME, if any.
:keyword str shared_cache_tenant_id: Preferred tenant for :class:`~azure.identity.SharedTokenCacheCredential`.
Defaults to the value of environment variable AZURE_TENANT_ID, if any.
:keyword str visual_studio_code_tenant_id: Tenant ID to use when authenticating with
:class:`~azure.identity.VisualStudioCodeCredential`. Defaults to the "Azure: Tenant" setting in VS Code's user
settings or, when that setting has no value, the "organizations" tenant, which supports only Azure Active
Directory work or school accounts.
"""

def __init__(self, **kwargs):
Expand All @@ -86,15 +78,6 @@ def __init__(self, **kwargs):

authority = kwargs.pop("authority", None)

vscode_tenant_id = kwargs.pop(
"visual_studio_code_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
)
vscode_args = dict(kwargs)
if authority:
vscode_args["authority"] = authority
if vscode_tenant_id:
vscode_args["tenant_id"] = vscode_tenant_id

authority = normalize_authority(authority) if authority else get_default_authority()

interactive_browser_tenant_id = kwargs.pop(
Expand All @@ -114,7 +97,6 @@ def __init__(self, **kwargs):
exclude_environment_credential = kwargs.pop("exclude_environment_credential", False)
exclude_managed_identity_credential = kwargs.pop("exclude_managed_identity_credential", False)
exclude_shared_token_cache_credential = kwargs.pop("exclude_shared_token_cache_credential", False)
exclude_visual_studio_code_credential = kwargs.pop("exclude_visual_studio_code_credential", False)
exclude_cli_credential = kwargs.pop("exclude_cli_credential", False)
exclude_interactive_browser_credential = kwargs.pop("exclude_interactive_browser_credential", True)
exclude_powershell_credential = kwargs.pop("exclude_powershell_credential", False)
Expand All @@ -133,8 +115,6 @@ def __init__(self, **kwargs):
credentials.append(shared_cache)
except Exception as ex: # pylint:disable=broad-except
_LOGGER.info("Shared token cache is unavailable: '%s'", ex)
if not exclude_visual_studio_code_credential:
credentials.append(VisualStudioCodeCredential(**vscode_args))
if not exclude_cli_credential:
credentials.append(AzureCliCredential())
if not exclude_powershell_credential:
Expand Down
4 changes: 2 additions & 2 deletions sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ class MsalCredential(object):
def __init__(self, client_id, client_credential=None, **kwargs):
# type: (str, Optional[Union[str, Dict]], **Any) -> None
authority = kwargs.pop("authority", None)
self._validate_authority = kwargs.pop("validate_authority", True)
# self._validate_authority = kwargs.pop("validate_authority", True)
self._authority = normalize_authority(authority) if authority else get_default_authority()
self._regional_authority = os.environ.get(EnvironmentVariables.AZURE_REGIONAL_AUTHORITY_NAME)
self._tenant_id = kwargs.pop("tenant_id", None) or "organizations"
Expand Down Expand Up @@ -73,7 +73,7 @@ def _get_app(self, **kwargs):
azure_region=self._regional_authority,
token_cache=self._cache,
http_client=self._client,
validate_authority=self._validate_authority
# validate_authority=self._validate_authority
)

return self._client_applications[tenant_id]
2 changes: 1 addition & 1 deletion sdk/identity/azure-identity/azure/identity/_version.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# ------------------------------------
VERSION = "1.11.0b3"
VERSION = "1.11.0"
28 changes: 2 additions & 26 deletions sdk/identity/azure-identity/azure/identity/aio/_credentials/default.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@
from .environment import EnvironmentCredential
from .managed_identity import ManagedIdentityCredential
from .shared_cache import SharedTokenCacheCredential
from .vscode import VisualStudioCodeCredential

if TYPE_CHECKING:
from typing import Any, List
Expand All @@ -36,9 +35,8 @@ class DefaultAzureCredential(ChainedTokenCredential):
3. On Windows only: a user who has signed in with a Microsoft application, such as Visual Studio. If multiple
identities are in the cache, then the value of the environment variable ``AZURE_USERNAME`` is used to select
which identity to use. See :class:`~azure.identity.aio.SharedTokenCacheCredential` for more details.
4. The user currently signed in to Visual Studio Code.
5. The identity currently logged in to the Azure CLI.
6. The identity currently logged in to Azure PowerShell.
4. The identity currently logged in to the Azure CLI.
5. The identity currently logged in to Azure PowerShell.
This default behavior is configurable with keyword arguments.
Expand All @@ -49,8 +47,6 @@ class DefaultAzureCredential(ChainedTokenCredential):
:keyword bool exclude_environment_credential: Whether to exclude a service principal configured by environment
variables from the credential. Defaults to **False**.
:keyword bool exclude_powershell_credential: Whether to exclude Azure PowerShell. Defaults to **False**.
:keyword bool exclude_visual_studio_code_credential: Whether to exclude stored credential from VS Code.
Defaults to **False**.
:keyword bool exclude_managed_identity_credential: Whether to exclude managed identity from the credential.
Defaults to **False**.
:keyword bool exclude_shared_token_cache_credential: Whether to exclude the shared token cache. Defaults to
Expand All @@ -61,10 +57,6 @@ class DefaultAzureCredential(ChainedTokenCredential):
Defaults to the value of environment variable AZURE_USERNAME, if any.
:keyword str shared_cache_tenant_id: Preferred tenant for :class:`~azure.identity.aio.SharedTokenCacheCredential`.
Defaults to the value of environment variable AZURE_TENANT_ID, if any.
:keyword str visual_studio_code_tenant_id: Tenant ID to use when authenticating with
:class:`~azure.identity.aio.VisualStudioCodeCredential`. Defaults to the "Azure: Tenant" setting in VS Code's
user settings or, when that setting has no value, the "organizations" tenant, which supports only Azure Active
Directory work or school accounts.
"""

def __init__(self, **kwargs: "Any") -> None:
Expand All @@ -73,15 +65,6 @@ def __init__(self, **kwargs: "Any") -> None:

authority = kwargs.pop("authority", None)

vscode_tenant_id = kwargs.pop(
"visual_studio_code_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
)
vscode_args = dict(kwargs)
if authority:
vscode_args["authority"] = authority
if vscode_tenant_id:
vscode_args["tenant_id"] = vscode_tenant_id

authority = normalize_authority(authority) if authority else get_default_authority()

shared_cache_username = kwargs.pop("shared_cache_username", os.environ.get(EnvironmentVariables.AZURE_USERNAME))
Expand All @@ -93,11 +76,6 @@ def __init__(self, **kwargs: "Any") -> None:
"managed_identity_client_id", os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)
)

vscode_tenant_id = kwargs.pop(
"visual_studio_code_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
)

exclude_visual_studio_code_credential = kwargs.pop("exclude_visual_studio_code_credential", False)
exclude_cli_credential = kwargs.pop("exclude_cli_credential", False)
exclude_environment_credential = kwargs.pop("exclude_environment_credential", False)
exclude_managed_identity_credential = kwargs.pop("exclude_managed_identity_credential", False)
Expand All @@ -118,8 +96,6 @@ def __init__(self, **kwargs: "Any") -> None:
credentials.append(shared_cache)
except Exception as ex: # pylint:disable=broad-except
_LOGGER.info("Shared token cache is unavailable: '%s'", ex)
if not exclude_visual_studio_code_credential:
credentials.append(VisualStudioCodeCredential(**vscode_args))
if not exclude_cli_credential:
credentials.append(AzureCliCredential())
if not exclude_powershell_credential:
Expand Down
11 changes: 5 additions & 6 deletions sdk/identity/azure-identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,15 @@
%% 2. Run command: mmdc -i DefaultAzureCredentialAuthFlow.md -o DefaultAzureCredentialAuthFlow.svg
flowchart LR;
A(Environment):::deployed ==> B(Managed Identity):::deployed ==> C(VS Code):::developer ==> D(Azure CLI):::developer ==> E(Azure PowerShell):::developer ==> F(Interactive browser):::interactive;
A(Environment):::deployed ==> B(Managed Identity):::deployed ==> C(Azure CLI):::developer ==> D(Azure PowerShell):::developer ==> E(Interactive browser):::interactive;
subgraph CREDENTIAL TYPES;
direction LR;
Deployed(Deployed service):::deployed ==> Developer(Developer):::developer ==> Interactive(Interactive developer):::interactive;
%% Hide links between boxes in the legend by setting width to 0. The integers after "linkStyle" represent link indices.
linkStyle 4 stroke-width:0px;
linkStyle 5 stroke-width:0px;
linkStyle 6 stroke-width:0px;
end;
%% Define styles for credential type boxes
Expand All @@ -24,8 +24,7 @@ flowchart LR;
%% Add API ref links to credential type boxes
click A "https://docs.microsoft.com/python/api/azure-identity/azure.identity.environmentcredential?view=azure-python" _blank;
click B "https://docs.microsoft.com/python/api/azure-identity/azure.identity.managedidentitycredential?view=azure-python" _blank;
click C "https://docs.microsoft.com/python/api/azure-identity/azure.identity.visualstudiocodecredential?view=azure-python" _blank;
click D "https://docs.microsoft.com/python/api/azure-identity/azure.identity.azureclicredential?view=azure-python" _blank;
click E "https://docs.microsoft.com/python/api/azure-identity/azure.identity.azurepowershellcredential?view=azure-python" _blank;
click F "https://docs.microsoft.com/python/api/azure-identity/azure.identity.interactivebrowsercredential?view=azure-python" _blank;
click C "https://docs.microsoft.com/python/api/azure-identity/azure.identity.azureclicredential?view=azure-python" _blank;
click D "https://docs.microsoft.com/python/api/azure-identity/azure.identity.azurepowershellcredential?view=azure-python" _blank;
click E "https://docs.microsoft.com/python/api/azure-identity/azure.identity.interactivebrowsercredential?view=azure-python" _blank;
```
2 changes: 1 addition & 1 deletion sdk/identity/azure-identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
40 changes: 0 additions & 40 deletions sdk/identity/azure-identity/tests/test_default.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,46 +252,6 @@ def test_shared_cache_username():
assert token.token == expected_access_token


def test_vscode_arguments(monkeypatch):
monkeypatch.delenv(EnvironmentVariables.AZURE_AUTHORITY_HOST, raising=False)
monkeypatch.delenv(EnvironmentVariables.AZURE_TENANT_ID, raising=False)

credential = DefaultAzureCredential.__module__ + ".VisualStudioCodeCredential"

# DefaultAzureCredential shouldn't specify a default authority or tenant to VisualStudioCodeCredential
with patch(credential) as mock_credential:
DefaultAzureCredential()
mock_credential.assert_called_once_with()

tenant = {"tenant_id": "the-tenant"}

with patch(credential) as mock_credential:
DefaultAzureCredential(visual_studio_code_tenant_id=tenant["tenant_id"])
mock_credential.assert_called_once_with(**tenant)

# tenant id can also be specified in $AZURE_TENANT_ID
with patch.dict(os.environ, {EnvironmentVariables.AZURE_TENANT_ID: tenant["tenant_id"]}):
with patch(credential) as mock_credential:
DefaultAzureCredential()
mock_credential.assert_called_once_with(**tenant)

# keyword argument should override environment variable
with patch.dict(os.environ, {EnvironmentVariables.AZURE_TENANT_ID: "not-" + tenant["tenant_id"]}):
with patch(credential) as mock_credential:
DefaultAzureCredential(visual_studio_code_tenant_id=tenant["tenant_id"])
mock_credential.assert_called_once_with(**tenant)

# DefaultAzureCredential should pass the authority kwarg along
authority = {"authority": "the-authority"}
with patch(credential) as mock_credential:
DefaultAzureCredential(**authority)
mock_credential.assert_called_once_with(**authority)

with patch(credential) as mock_credential:
DefaultAzureCredential(visual_studio_code_tenant_id=tenant["tenant_id"], **authority)
mock_credential.assert_called_once_with(**dict(authority, **tenant))


@patch(DefaultAzureCredential.__module__ + ".SharedTokenCacheCredential")
def test_default_credential_shared_cache_use(mock_credential):
mock_credential.supported = Mock(return_value=False)
Expand Down
40 changes: 0 additions & 40 deletions sdk/identity/azure-identity/tests/test_default_async.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,46 +212,6 @@ async def test_shared_cache_username():
assert token.token == expected_access_token


def test_vscode_arguments(monkeypatch):
monkeypatch.delenv(EnvironmentVariables.AZURE_AUTHORITY_HOST, raising=False)
monkeypatch.delenv(EnvironmentVariables.AZURE_TENANT_ID, raising=False)

credential = DefaultAzureCredential.__module__ + ".VisualStudioCodeCredential"

# DefaultAzureCredential shouldn't specify a default authority or tenant to VisualStudioCodeCredential
with patch(credential) as mock_credential:
DefaultAzureCredential()
mock_credential.assert_called_once_with()

tenant = {"tenant_id": "the-tenant"}

with patch(credential) as mock_credential:
DefaultAzureCredential(visual_studio_code_tenant_id=tenant["tenant_id"])
mock_credential.assert_called_once_with(**tenant)

# tenant id can also be specified in $AZURE_TENANT_ID
with patch.dict(os.environ, {EnvironmentVariables.AZURE_TENANT_ID: tenant["tenant_id"]}):
with patch(credential) as mock_credential:
DefaultAzureCredential()
mock_credential.assert_called_once_with(**tenant)

# keyword argument should override environment variable
with patch.dict(os.environ, {EnvironmentVariables.AZURE_TENANT_ID: "not-" + tenant["tenant_id"]}):
with patch(credential) as mock_credential:
DefaultAzureCredential(visual_studio_code_tenant_id=tenant["tenant_id"])
mock_credential.assert_called_once_with(**tenant)

# DefaultAzureCredential should pass the authority kwarg along
authority = {"authority": "the-authority"}
with patch(credential) as mock_credential:
DefaultAzureCredential(**authority)
mock_credential.assert_called_once_with(**authority)

with patch(credential) as mock_credential:
DefaultAzureCredential(visual_studio_code_tenant_id=tenant["tenant_id"], **authority)
mock_credential.assert_called_once_with(**dict(authority, **tenant))


@pytest.mark.asyncio
async def test_default_credential_shared_cache_use():
with patch(DefaultAzureCredential.__module__ + ".SharedTokenCacheCredential") as mock_credential:
Expand Down

0 comments on commit c93bd93

Please sign in to comment.