diff --git a/sdk/identity/azure-identity/CHANGELOG.md b/sdk/identity/azure-identity/CHANGELOG.md
index d55e14662cfb..52182cd864e9 100644
--- a/sdk/identity/azure-identity/CHANGELOG.md
+++ b/sdk/identity/azure-identity/CHANGELOG.md
@@ -1,6 +1,6 @@
# Release History
-## 1.11.0b3 (Unreleased)
+## 1.11.0 (2022-08-09)
Azure-identity is supported on Python 3.7 or later. For more details, please read our page on [Azure SDK for Python version support policy](https://github.com/Azure/azure-sdk-for-python/wiki/Azure-SDKs-Python-version-support-policy).
@@ -10,9 +10,11 @@ Azure-identity is supported on Python 3.7 or later. For more details, please rea
### Breaking Changes
-### Bugs Fixed
+- Removed `VisualStudioCodeCredential` from `DefaultAzureCredential` token chain. ([#23249](https://github.com/Azure/azure-sdk-for-python/issues/23249))
-### Other Changes
+> These changes do not impact the API of stable versions such as 1.10.0.
+> Only code written against a beta version such as 1.11.0b2 may be affected.
+- `validate_authority` support is not available in 1.11.0.
## 1.11.0b2 (2022-07-05)
diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/default.py b/sdk/identity/azure-identity/azure/identity/_credentials/default.py
index 5e74900f418f..65b0698860d3 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/default.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/default.py
@@ -14,7 +14,6 @@
from .managed_identity import ManagedIdentityCredential
from .shared_cache import SharedTokenCacheCredential
from .azure_cli import AzureCliCredential
-from .vscode import VisualStudioCodeCredential
try:
@@ -41,9 +40,8 @@ class DefaultAzureCredential(ChainedTokenCredential):
3. On Windows only: a user who has signed in with a Microsoft application, such as Visual Studio. If multiple
identities are in the cache, then the value of the environment variable ``AZURE_USERNAME`` is used to select
which identity to use. See :class:`~azure.identity.SharedTokenCacheCredential` for more details.
- 4. The user currently signed in to Visual Studio Code.
- 5. The identity currently logged in to the Azure CLI.
- 6. The identity currently logged in to Azure PowerShell.
+ 4. The identity currently logged in to the Azure CLI.
+ 5. The identity currently logged in to Azure PowerShell.
This default behavior is configurable with keyword arguments.
@@ -56,8 +54,6 @@ class DefaultAzureCredential(ChainedTokenCredential):
:keyword bool exclude_managed_identity_credential: Whether to exclude managed identity from the credential.
Defaults to **False**.
:keyword bool exclude_powershell_credential: Whether to exclude Azure PowerShell. Defaults to **False**.
- :keyword bool exclude_visual_studio_code_credential: Whether to exclude stored credential from VS Code.
- Defaults to **False**.
:keyword bool exclude_shared_token_cache_credential: Whether to exclude the shared token cache. Defaults to
**False**.
:keyword bool exclude_interactive_browser_credential: Whether to exclude interactive browser authentication (see
@@ -73,10 +69,6 @@ class DefaultAzureCredential(ChainedTokenCredential):
Defaults to the value of environment variable AZURE_USERNAME, if any.
:keyword str shared_cache_tenant_id: Preferred tenant for :class:`~azure.identity.SharedTokenCacheCredential`.
Defaults to the value of environment variable AZURE_TENANT_ID, if any.
- :keyword str visual_studio_code_tenant_id: Tenant ID to use when authenticating with
- :class:`~azure.identity.VisualStudioCodeCredential`. Defaults to the "Azure: Tenant" setting in VS Code's user
- settings or, when that setting has no value, the "organizations" tenant, which supports only Azure Active
- Directory work or school accounts.
"""
def __init__(self, **kwargs):
@@ -86,15 +78,6 @@ def __init__(self, **kwargs):
authority = kwargs.pop("authority", None)
- vscode_tenant_id = kwargs.pop(
- "visual_studio_code_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
- )
- vscode_args = dict(kwargs)
- if authority:
- vscode_args["authority"] = authority
- if vscode_tenant_id:
- vscode_args["tenant_id"] = vscode_tenant_id
-
authority = normalize_authority(authority) if authority else get_default_authority()
interactive_browser_tenant_id = kwargs.pop(
@@ -114,7 +97,6 @@ def __init__(self, **kwargs):
exclude_environment_credential = kwargs.pop("exclude_environment_credential", False)
exclude_managed_identity_credential = kwargs.pop("exclude_managed_identity_credential", False)
exclude_shared_token_cache_credential = kwargs.pop("exclude_shared_token_cache_credential", False)
- exclude_visual_studio_code_credential = kwargs.pop("exclude_visual_studio_code_credential", False)
exclude_cli_credential = kwargs.pop("exclude_cli_credential", False)
exclude_interactive_browser_credential = kwargs.pop("exclude_interactive_browser_credential", True)
exclude_powershell_credential = kwargs.pop("exclude_powershell_credential", False)
@@ -133,8 +115,6 @@ def __init__(self, **kwargs):
credentials.append(shared_cache)
except Exception as ex: # pylint:disable=broad-except
_LOGGER.info("Shared token cache is unavailable: '%s'", ex)
- if not exclude_visual_studio_code_credential:
- credentials.append(VisualStudioCodeCredential(**vscode_args))
if not exclude_cli_credential:
credentials.append(AzureCliCredential())
if not exclude_powershell_credential:
diff --git a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py
index a0c9780e1eea..5c9b247aeb22 100644
--- a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py
+++ b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py
@@ -27,7 +27,7 @@ class MsalCredential(object):
def __init__(self, client_id, client_credential=None, **kwargs):
# type: (str, Optional[Union[str, Dict]], **Any) -> None
authority = kwargs.pop("authority", None)
- self._validate_authority = kwargs.pop("validate_authority", True)
+ # self._validate_authority = kwargs.pop("validate_authority", True)
self._authority = normalize_authority(authority) if authority else get_default_authority()
self._regional_authority = os.environ.get(EnvironmentVariables.AZURE_REGIONAL_AUTHORITY_NAME)
self._tenant_id = kwargs.pop("tenant_id", None) or "organizations"
@@ -73,7 +73,7 @@ def _get_app(self, **kwargs):
azure_region=self._regional_authority,
token_cache=self._cache,
http_client=self._client,
- validate_authority=self._validate_authority
+ # validate_authority=self._validate_authority
)
return self._client_applications[tenant_id]
diff --git a/sdk/identity/azure-identity/azure/identity/_version.py b/sdk/identity/azure-identity/azure/identity/_version.py
index 3edab7591195..7f70b63890f2 100644
--- a/sdk/identity/azure-identity/azure/identity/_version.py
+++ b/sdk/identity/azure-identity/azure/identity/_version.py
@@ -2,4 +2,4 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# ------------------------------------
-VERSION = "1.11.0b3"
+VERSION = "1.11.0"
diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/default.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/default.py
index f71dbea28c6b..3042cfb11a62 100644
--- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/default.py
+++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/default.py
@@ -14,7 +14,6 @@
from .environment import EnvironmentCredential
from .managed_identity import ManagedIdentityCredential
from .shared_cache import SharedTokenCacheCredential
-from .vscode import VisualStudioCodeCredential
if TYPE_CHECKING:
from typing import Any, List
@@ -36,9 +35,8 @@ class DefaultAzureCredential(ChainedTokenCredential):
3. On Windows only: a user who has signed in with a Microsoft application, such as Visual Studio. If multiple
identities are in the cache, then the value of the environment variable ``AZURE_USERNAME`` is used to select
which identity to use. See :class:`~azure.identity.aio.SharedTokenCacheCredential` for more details.
- 4. The user currently signed in to Visual Studio Code.
- 5. The identity currently logged in to the Azure CLI.
- 6. The identity currently logged in to Azure PowerShell.
+ 4. The identity currently logged in to the Azure CLI.
+ 5. The identity currently logged in to Azure PowerShell.
This default behavior is configurable with keyword arguments.
@@ -49,8 +47,6 @@ class DefaultAzureCredential(ChainedTokenCredential):
:keyword bool exclude_environment_credential: Whether to exclude a service principal configured by environment
variables from the credential. Defaults to **False**.
:keyword bool exclude_powershell_credential: Whether to exclude Azure PowerShell. Defaults to **False**.
- :keyword bool exclude_visual_studio_code_credential: Whether to exclude stored credential from VS Code.
- Defaults to **False**.
:keyword bool exclude_managed_identity_credential: Whether to exclude managed identity from the credential.
Defaults to **False**.
:keyword bool exclude_shared_token_cache_credential: Whether to exclude the shared token cache. Defaults to
@@ -61,10 +57,6 @@ class DefaultAzureCredential(ChainedTokenCredential):
Defaults to the value of environment variable AZURE_USERNAME, if any.
:keyword str shared_cache_tenant_id: Preferred tenant for :class:`~azure.identity.aio.SharedTokenCacheCredential`.
Defaults to the value of environment variable AZURE_TENANT_ID, if any.
- :keyword str visual_studio_code_tenant_id: Tenant ID to use when authenticating with
- :class:`~azure.identity.aio.VisualStudioCodeCredential`. Defaults to the "Azure: Tenant" setting in VS Code's
- user settings or, when that setting has no value, the "organizations" tenant, which supports only Azure Active
- Directory work or school accounts.
"""
def __init__(self, **kwargs: "Any") -> None:
@@ -73,15 +65,6 @@ def __init__(self, **kwargs: "Any") -> None:
authority = kwargs.pop("authority", None)
- vscode_tenant_id = kwargs.pop(
- "visual_studio_code_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
- )
- vscode_args = dict(kwargs)
- if authority:
- vscode_args["authority"] = authority
- if vscode_tenant_id:
- vscode_args["tenant_id"] = vscode_tenant_id
-
authority = normalize_authority(authority) if authority else get_default_authority()
shared_cache_username = kwargs.pop("shared_cache_username", os.environ.get(EnvironmentVariables.AZURE_USERNAME))
@@ -93,11 +76,6 @@ def __init__(self, **kwargs: "Any") -> None:
"managed_identity_client_id", os.environ.get(EnvironmentVariables.AZURE_CLIENT_ID)
)
- vscode_tenant_id = kwargs.pop(
- "visual_studio_code_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
- )
-
- exclude_visual_studio_code_credential = kwargs.pop("exclude_visual_studio_code_credential", False)
exclude_cli_credential = kwargs.pop("exclude_cli_credential", False)
exclude_environment_credential = kwargs.pop("exclude_environment_credential", False)
exclude_managed_identity_credential = kwargs.pop("exclude_managed_identity_credential", False)
@@ -118,8 +96,6 @@ def __init__(self, **kwargs: "Any") -> None:
credentials.append(shared_cache)
except Exception as ex: # pylint:disable=broad-except
_LOGGER.info("Shared token cache is unavailable: '%s'", ex)
- if not exclude_visual_studio_code_credential:
- credentials.append(VisualStudioCodeCredential(**vscode_args))
if not exclude_cli_credential:
credentials.append(AzureCliCredential())
if not exclude_powershell_credential:
diff --git a/sdk/identity/azure-identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.md b/sdk/identity/azure-identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.md
index d0f50b429806..f4fd2a80e8a0 100644
--- a/sdk/identity/azure-identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.md
+++ b/sdk/identity/azure-identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.md
@@ -5,15 +5,15 @@
%% 2. Run command: mmdc -i DefaultAzureCredentialAuthFlow.md -o DefaultAzureCredentialAuthFlow.svg
flowchart LR;
- A(Environment):::deployed ==> B(Managed Identity):::deployed ==> C(VS Code):::developer ==> D(Azure CLI):::developer ==> E(Azure PowerShell):::developer ==> F(Interactive browser):::interactive;
+ A(Environment):::deployed ==> B(Managed Identity):::deployed ==> C(Azure CLI):::developer ==> D(Azure PowerShell):::developer ==> E(Interactive browser):::interactive;
subgraph CREDENTIAL TYPES;
direction LR;
Deployed(Deployed service):::deployed ==> Developer(Developer):::developer ==> Interactive(Interactive developer):::interactive;
%% Hide links between boxes in the legend by setting width to 0. The integers after "linkStyle" represent link indices.
+ linkStyle 4 stroke-width:0px;
linkStyle 5 stroke-width:0px;
- linkStyle 6 stroke-width:0px;
end;
%% Define styles for credential type boxes
@@ -24,8 +24,7 @@ flowchart LR;
%% Add API ref links to credential type boxes
click A "https://docs.microsoft.com/python/api/azure-identity/azure.identity.environmentcredential?view=azure-python" _blank;
click B "https://docs.microsoft.com/python/api/azure-identity/azure.identity.managedidentitycredential?view=azure-python" _blank;
- click C "https://docs.microsoft.com/python/api/azure-identity/azure.identity.visualstudiocodecredential?view=azure-python" _blank;
- click D "https://docs.microsoft.com/python/api/azure-identity/azure.identity.azureclicredential?view=azure-python" _blank;
- click E "https://docs.microsoft.com/python/api/azure-identity/azure.identity.azurepowershellcredential?view=azure-python" _blank;
- click F "https://docs.microsoft.com/python/api/azure-identity/azure.identity.interactivebrowsercredential?view=azure-python" _blank;
+ click C "https://docs.microsoft.com/python/api/azure-identity/azure.identity.azureclicredential?view=azure-python" _blank;
+ click D "https://docs.microsoft.com/python/api/azure-identity/azure.identity.azurepowershellcredential?view=azure-python" _blank;
+ click E "https://docs.microsoft.com/python/api/azure-identity/azure.identity.interactivebrowsercredential?view=azure-python" _blank;
```
diff --git a/sdk/identity/azure-identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.svg b/sdk/identity/azure-identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.svg
index 563718197cb8..3ef6a503e51b 100644
--- a/sdk/identity/azure-identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.svg
+++ b/sdk/identity/azure-identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.svg
@@ -1 +1 @@
-
\ No newline at end of file
+
\ No newline at end of file
diff --git a/sdk/identity/azure-identity/tests/test_default.py b/sdk/identity/azure-identity/tests/test_default.py
index 19e5f0afb334..c63c5cf6a5fc 100644
--- a/sdk/identity/azure-identity/tests/test_default.py
+++ b/sdk/identity/azure-identity/tests/test_default.py
@@ -252,46 +252,6 @@ def test_shared_cache_username():
assert token.token == expected_access_token
-def test_vscode_arguments(monkeypatch):
- monkeypatch.delenv(EnvironmentVariables.AZURE_AUTHORITY_HOST, raising=False)
- monkeypatch.delenv(EnvironmentVariables.AZURE_TENANT_ID, raising=False)
-
- credential = DefaultAzureCredential.__module__ + ".VisualStudioCodeCredential"
-
- # DefaultAzureCredential shouldn't specify a default authority or tenant to VisualStudioCodeCredential
- with patch(credential) as mock_credential:
- DefaultAzureCredential()
- mock_credential.assert_called_once_with()
-
- tenant = {"tenant_id": "the-tenant"}
-
- with patch(credential) as mock_credential:
- DefaultAzureCredential(visual_studio_code_tenant_id=tenant["tenant_id"])
- mock_credential.assert_called_once_with(**tenant)
-
- # tenant id can also be specified in $AZURE_TENANT_ID
- with patch.dict(os.environ, {EnvironmentVariables.AZURE_TENANT_ID: tenant["tenant_id"]}):
- with patch(credential) as mock_credential:
- DefaultAzureCredential()
- mock_credential.assert_called_once_with(**tenant)
-
- # keyword argument should override environment variable
- with patch.dict(os.environ, {EnvironmentVariables.AZURE_TENANT_ID: "not-" + tenant["tenant_id"]}):
- with patch(credential) as mock_credential:
- DefaultAzureCredential(visual_studio_code_tenant_id=tenant["tenant_id"])
- mock_credential.assert_called_once_with(**tenant)
-
- # DefaultAzureCredential should pass the authority kwarg along
- authority = {"authority": "the-authority"}
- with patch(credential) as mock_credential:
- DefaultAzureCredential(**authority)
- mock_credential.assert_called_once_with(**authority)
-
- with patch(credential) as mock_credential:
- DefaultAzureCredential(visual_studio_code_tenant_id=tenant["tenant_id"], **authority)
- mock_credential.assert_called_once_with(**dict(authority, **tenant))
-
-
@patch(DefaultAzureCredential.__module__ + ".SharedTokenCacheCredential")
def test_default_credential_shared_cache_use(mock_credential):
mock_credential.supported = Mock(return_value=False)
diff --git a/sdk/identity/azure-identity/tests/test_default_async.py b/sdk/identity/azure-identity/tests/test_default_async.py
index 6d8223efdc55..16dee3217d4f 100644
--- a/sdk/identity/azure-identity/tests/test_default_async.py
+++ b/sdk/identity/azure-identity/tests/test_default_async.py
@@ -212,46 +212,6 @@ async def test_shared_cache_username():
assert token.token == expected_access_token
-def test_vscode_arguments(monkeypatch):
- monkeypatch.delenv(EnvironmentVariables.AZURE_AUTHORITY_HOST, raising=False)
- monkeypatch.delenv(EnvironmentVariables.AZURE_TENANT_ID, raising=False)
-
- credential = DefaultAzureCredential.__module__ + ".VisualStudioCodeCredential"
-
- # DefaultAzureCredential shouldn't specify a default authority or tenant to VisualStudioCodeCredential
- with patch(credential) as mock_credential:
- DefaultAzureCredential()
- mock_credential.assert_called_once_with()
-
- tenant = {"tenant_id": "the-tenant"}
-
- with patch(credential) as mock_credential:
- DefaultAzureCredential(visual_studio_code_tenant_id=tenant["tenant_id"])
- mock_credential.assert_called_once_with(**tenant)
-
- # tenant id can also be specified in $AZURE_TENANT_ID
- with patch.dict(os.environ, {EnvironmentVariables.AZURE_TENANT_ID: tenant["tenant_id"]}):
- with patch(credential) as mock_credential:
- DefaultAzureCredential()
- mock_credential.assert_called_once_with(**tenant)
-
- # keyword argument should override environment variable
- with patch.dict(os.environ, {EnvironmentVariables.AZURE_TENANT_ID: "not-" + tenant["tenant_id"]}):
- with patch(credential) as mock_credential:
- DefaultAzureCredential(visual_studio_code_tenant_id=tenant["tenant_id"])
- mock_credential.assert_called_once_with(**tenant)
-
- # DefaultAzureCredential should pass the authority kwarg along
- authority = {"authority": "the-authority"}
- with patch(credential) as mock_credential:
- DefaultAzureCredential(**authority)
- mock_credential.assert_called_once_with(**authority)
-
- with patch(credential) as mock_credential:
- DefaultAzureCredential(visual_studio_code_tenant_id=tenant["tenant_id"], **authority)
- mock_credential.assert_called_once_with(**dict(authority, **tenant))
-
-
@pytest.mark.asyncio
async def test_default_credential_shared_cache_use():
with patch(DefaultAzureCredential.__module__ + ".SharedTokenCacheCredential") as mock_credential: