CAE support

ChangeLog.md

@@ -8,12 +8,13 @@
 |`@autorest/modelerfour` | `4.19.1`
 |`azure-core` dep of generated code | `1.16.0`
 |`msrest` dep of generated code | `0.6.21`
-|`azure-mgmt-core` dep of generated code (If generating mgmt plane code) | `1.2.1`
+|`azure-mgmt-core` dep of generated code (If generating mgmt plane code) | `1.3.0`
 
 **New Features**
 
 - We have added a **provisional** `rest` layer to our generated code. We have also added the following **provisional** flags listed [here](https://github.com/Azure/autorest.python/wiki/Generating-Low-Level-Client#generate-a-low-level-client). #875
 - With this new release, we are also dropping support for Python 3.5 + async.  #875
+- For mgmt plan SDK, default policy changes from `BearerTokenCredentialPolicy` to `ARMChallengeAuthenticationPolicy`.
 
 ### 2021-07-13 - 5.8.4
 

README.md

@@ -152,7 +152,7 @@ help-content:
         description: Specify if you don't want pkgutil-style namespace folders. Defaults to `false`.
         type: bool
       - key: credential-default-policy-type
-        description: Specify the default credential policy (authentication policy) for your client. Use in conjunction with `--add-credential`. Currently only supports `BearerTokenCredentialPolicy` and `AzureKeyCredentialPolicy`. Default value is `BearerTokenCredentialPolicy`. `--credential-scopes` is tied with `BearerTokenCredentialPolicy`, do not pass them in if you want `AzureKeyCredentialPolicy`.
+        description: Specify the default credential policy (authentication policy) for your client. Use in conjunction with `--add-credential`. Currently only supports `BearerTokenCredentialPolicy`, `ARMChallengeAuthenticationPolicy` and `AzureKeyCredentialPolicy`. Default value is `BearerTokenCredentialPolicy`(data-plan)/`ARMChallengeAuthenticationPolicy`(mgmt-plan). `--credential-scopes` is tied with `BearerTokenCredentialPolicy` and `ARMChallengeAuthenticationPolicy`, do not pass them in if you want `AzureKeyCredentialPolicy`.
         type: string
       - key: credential-key-header-name
         description: The name of the header which will pass the credential. Use if you have `--credential-default-policy-type` set to `AzureKeyCredentialPolicy`. For example, if generating cognitive services code, you might use `--credential-key-header-name=Ocp-Apim-Subscription-Key`

autorest/codegen/models/code_model.py

@@ -9,7 +9,7 @@
 
 from .base_schema import BaseSchema
 from .credential_schema_policy import (
-    BearerTokenCredentialPolicy, CredentialSchemaPolicy
+    ARMChallengeAuthenticationPolicy, BearerTokenCredentialPolicy, CredentialSchemaPolicy
 )
 from .enum_schema import EnumSchema
 from .object_schema import ObjectSchema
@@ -208,7 +208,7 @@ def _lookup_operation(yaml_id: int) -> Operation:
 
     @property
     def default_authentication_policy(self) -> Type[CredentialSchemaPolicy]:
-        return BearerTokenCredentialPolicy
+        return ARMChallengeAuthenticationPolicy if self.options.get('azure_arm', False) else BearerTokenCredentialPolicy
 
     @property
     def credential_schema_policy(self) -> CredentialSchemaPolicy:

autorest/codegen/models/credential_schema_policy.py

@@ -21,6 +21,25 @@ def name(cls):
         return cls.__name__
 
 
+class ARMChallengeAuthenticationPolicy(CredentialSchemaPolicy):
+
+    def __init__(
+        self,
+        credential: CredentialSchema,
+        credential_scopes: List[str]
+    ) -> None:
+        super().__init__(credential)
+        self._credential_scopes = credential_scopes
+
+    @property
+    def credential_scopes(self):
+        return self._credential_scopes
+
+    def call(self, async_mode: bool) -> str:
+        policy_name = f"Async{self.name()}" if async_mode else self.name()
+        return f"{policy_name}(self.credential, *self.credential_scopes, **kwargs)"
+
+
 class BearerTokenCredentialPolicy(CredentialSchemaPolicy):
 
     def __init__(
@@ -58,7 +77,7 @@ def call(self, async_mode: bool) -> str:
         return f'policies.AzureKeyCredentialPolicy(self.credential, "{self.credential_key_header_name}", **kwargs)'
 
 def get_credential_schema_policy_type(name):
-    policies = [BearerTokenCredentialPolicy, AzureKeyCredentialPolicy]
+    policies = [ARMChallengeAuthenticationPolicy, BearerTokenCredentialPolicy, AzureKeyCredentialPolicy]
     try:
         return next(p for p in policies if p.name().lower() == name.lower())
     except StopIteration:

autorest/codegen/serializers/general_serializer.py

@@ -18,7 +18,9 @@ def config_imports(code_model, global_parameters: ParameterList, async_mode: boo
     for gp in global_parameters:
         file_import.merge(gp.imports())
     if code_model.options["azure_arm"]:
-        file_import.add_from_import("azure.mgmt.core.policies", "ARMHttpLoggingPolicy", ImportType.AZURECORE)
+        policy = "AsyncARMChallengeAuthenticationPolicy" if async_mode else "ARMChallengeAuthenticationPolicy"
+        file_import.add_from_import("azure.mgmt.core.policies",
+        f"ARMHttpLoggingPolicy, {policy}", ImportType.AZURECORE)
     return file_import
 
 

docs/client/initializing.md

@@ -57,10 +57,11 @@ client = PetsClient(credential=AzureKeyCredential(credential))
 
 Each of these credential types also correspond to their own authentication policies that handle the credential. AutoRest automatically generates with the following default authentication policies based on the credential types:
 
-| Credential Type                              | Authentication Policy                                           |
-| -------------------------------------------- | --------------------------------------------------------------- |
-| [`TokenCredential`][aad_authentication]      | [`BearerTokenCredentialPolicy`][bearer_token_credential_policy] |
-| [`AzureKeyCredential`][azure_key_credential] | [`AzureKeyCredentialPolicy`][azure_key_credential_policy]       |
+| Credential Type                              | Authentication Policy                                                  |
+| -------------------------------------------- | ---------------------------------------------------------------------- |
+| [`TokenCredential`][aad_authentication]      | [`BearerTokenCredentialPolicy`][bearer_token_credential_policy]        |
+| [`TokenCredential`][aad_authentication]      | [`ARMChallengeAuthenticationPolicy`][ARMChallengeAuthenticationPolicy] |
+| [`AzureKeyCredential`][azure_key_credential] | [`AzureKeyCredentialPolicy`][azure_key_credential_policy]              |
 
 Currently, we only support generating credentials of type [`TokenCredential`][aad_authentication] and / or [`AzureKeyCredential`][azure_key_credential]. If you'd like to use your own custom credential,
 you can pass the custom type into the client. However, you may have to use a custom authentication policy to handle the credential. That can also be passed in to the
@@ -97,4 +98,5 @@ client = PetsClient(credential=DefaultAzureCredential(), api_version="v1")
 [default_azure_credential]: https://docs.microsoft.com/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python
 [azure_key_credential]: https://docs.microsoft.com/python/api/azure-core/azure.core.credentials.azurekeycredential?view=azure-python
 [bearer_token_credential_policy]: https://docs.microsoft.com/python/api/azure-core/azure.core.pipeline.policies.bearertokencredentialpolicy?view=azure-python
+[ARMChallengeAuthenticationPolicy]: https://docs.microsoft.com/en-us/python/api/azure-mgmt-core/azure.mgmt.core.policies.armchallengeauthenticationpolicy?view=azure-python
 [azure_key_credential_policy]: https://docs.microsoft.com/python/api/azure-core/azure.core.pipeline.policies.azurekeycredentialpolicy?view=azure-python

docs/samples/specification/management/generated/azure/mgmt/sample/_configuration.py

@@ -10,7 +10,7 @@
 
 from azure.core.configuration import Configuration
 from azure.core.pipeline import policies
-from azure.mgmt.core.policies import ARMHttpLoggingPolicy
+from azure.mgmt.core.policies import ARMHttpLoggingPolicy, ARMChallengeAuthenticationPolicy
 
 from ._version import VERSION
 
@@ -61,4 +61,4 @@ def _configure(
         self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs)
         self.authentication_policy = kwargs.get('authentication_policy')
         if self.credential and not self.authentication_policy:
-            self.authentication_policy = policies.BearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)
+            self.authentication_policy = ARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)

docs/samples/specification/management/generated/azure/mgmt/sample/aio/_configuration.py

@@ -10,7 +10,7 @@
 
 from azure.core.configuration import Configuration
 from azure.core.pipeline import policies
-from azure.mgmt.core.policies import ARMHttpLoggingPolicy
+from azure.mgmt.core.policies import ARMHttpLoggingPolicy, AsyncARMChallengeAuthenticationPolicy
 
 from .._version import VERSION
 
@@ -57,4 +57,4 @@ def _configure(
         self.redirect_policy = kwargs.get('redirect_policy') or policies.AsyncRedirectPolicy(**kwargs)
         self.authentication_policy = kwargs.get('authentication_policy')
         if self.credential and not self.authentication_policy:
-            self.authentication_policy = policies.AsyncBearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)
+            self.authentication_policy = AsyncARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)

docs/samples/specification/multiapi/generated/azure/multiapi/sample/_configuration.py

@@ -12,7 +12,7 @@
 
 from azure.core.configuration import Configuration
 from azure.core.pipeline import policies
-from azure.mgmt.core.policies import ARMHttpLoggingPolicy
+from azure.mgmt.core.policies import ARMHttpLoggingPolicy, ARMChallengeAuthenticationPolicy
 
 from ._version import VERSION
 
@@ -62,4 +62,4 @@ def _configure(
         self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs)
         self.authentication_policy = kwargs.get('authentication_policy')
         if self.credential and not self.authentication_policy:
-            self.authentication_policy = policies.BearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)
+            self.authentication_policy = ARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)

docs/samples/specification/multiapi/generated/azure/multiapi/sample/aio/_configuration.py

@@ -12,7 +12,7 @@
 
 from azure.core.configuration import Configuration
 from azure.core.pipeline import policies
-from azure.mgmt.core.policies import ARMHttpLoggingPolicy
+from azure.mgmt.core.policies import ARMHttpLoggingPolicy, AsyncARMChallengeAuthenticationPolicy
 
 from .._version import VERSION
 
@@ -58,4 +58,4 @@ def _configure(
         self.redirect_policy = kwargs.get('redirect_policy') or policies.AsyncRedirectPolicy(**kwargs)
         self.authentication_policy = kwargs.get('authentication_policy')
         if self.credential and not self.authentication_policy:
-            self.authentication_policy = policies.AsyncBearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)
+            self.authentication_policy = AsyncARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)

docs/samples/specification/multiapi/generated/azure/multiapi/sample/v1/_configuration.py

@@ -10,7 +10,7 @@
 
 from azure.core.configuration import Configuration
 from azure.core.pipeline import policies
-from azure.mgmt.core.policies import ARMHttpLoggingPolicy
+from azure.mgmt.core.policies import ARMHttpLoggingPolicy, ARMChallengeAuthenticationPolicy
 
 if TYPE_CHECKING:
     # pylint: disable=unused-import,ungrouped-imports
@@ -61,4 +61,4 @@ def _configure(
         self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs)
         self.authentication_policy = kwargs.get('authentication_policy')
         if self.credential and not self.authentication_policy:
-            self.authentication_policy = policies.BearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)
+            self.authentication_policy = ARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)

docs/samples/specification/multiapi/generated/azure/multiapi/sample/v1/_metadata.json

@@ -79,10 +79,10 @@
     "config": {
         "credential": true,
         "credential_scopes": ["https://management.azure.com/.default"],
-        "credential_call_sync": "policies.BearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)",
-        "credential_call_async": "policies.AsyncBearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)",
-        "sync_imports": "{\"regular\": {\"azurecore\": {\"azure.core.configuration\": [\"Configuration\"], \"azure.core.pipeline\": [\"policies\"], \"azure.mgmt.core.policies\": [\"ARMHttpLoggingPolicy\"]}, \"local\": {\"._version\": [\"VERSION\"]}}, \"conditional\": {\"stdlib\": {\"typing\": [\"Any\"]}}, \"typing\": {\"azurecore\": {\"azure.core.credentials\": [\"TokenCredential\"]}}}",
-        "async_imports": "{\"regular\": {\"azurecore\": {\"azure.core.configuration\": [\"Configuration\"], \"azure.core.pipeline\": [\"policies\"], \"azure.mgmt.core.policies\": [\"ARMHttpLoggingPolicy\"]}, \"local\": {\".._version\": [\"VERSION\"]}}, \"conditional\": {\"stdlib\": {\"typing\": [\"Any\"]}}, \"typing\": {\"azurecore\": {\"azure.core.credentials_async\": [\"AsyncTokenCredential\"]}}}"
+        "credential_call_sync": "ARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)",
+        "credential_call_async": "AsyncARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)",
+        "sync_imports": "{\"regular\": {\"azurecore\": {\"azure.core.configuration\": [\"Configuration\"], \"azure.core.pipeline\": [\"policies\"], \"azure.mgmt.core.policies\": [\"ARMHttpLoggingPolicy, ARMChallengeAuthenticationPolicy\"]}, \"local\": {\"._version\": [\"VERSION\"]}}, \"conditional\": {\"stdlib\": {\"typing\": [\"Any\"]}}, \"typing\": {\"azurecore\": {\"azure.core.credentials\": [\"TokenCredential\"]}}}",
+        "async_imports": "{\"regular\": {\"azurecore\": {\"azure.core.configuration\": [\"Configuration\"], \"azure.core.pipeline\": [\"policies\"], \"azure.mgmt.core.policies\": [\"ARMHttpLoggingPolicy, AsyncARMChallengeAuthenticationPolicy\"]}, \"local\": {\".._version\": [\"VERSION\"]}}, \"conditional\": {\"stdlib\": {\"typing\": [\"Any\"]}}, \"typing\": {\"azurecore\": {\"azure.core.credentials_async\": [\"AsyncTokenCredential\"]}}}"
     },
     "operation_groups": {
         "operation_group_one": "OperationGroupOneOperations"

docs/samples/specification/multiapi/generated/azure/multiapi/sample/v1/aio/_configuration.py

@@ -10,7 +10,7 @@
 
 from azure.core.configuration import Configuration
 from azure.core.pipeline import policies
-from azure.mgmt.core.policies import ARMHttpLoggingPolicy
+from azure.mgmt.core.policies import ARMHttpLoggingPolicy, AsyncARMChallengeAuthenticationPolicy
 
 if TYPE_CHECKING:
     # pylint: disable=unused-import,ungrouped-imports
@@ -57,4 +57,4 @@ def _configure(
         self.redirect_policy = kwargs.get('redirect_policy') or policies.AsyncRedirectPolicy(**kwargs)
         self.authentication_policy = kwargs.get('authentication_policy')
         if self.credential and not self.authentication_policy:
-            self.authentication_policy = policies.AsyncBearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)
+            self.authentication_policy = AsyncARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)

docs/samples/specification/multiapi/generated/azure/multiapi/sample/v2/_configuration.py

@@ -10,7 +10,7 @@
 
 from azure.core.configuration import Configuration
 from azure.core.pipeline import policies
-from azure.mgmt.core.policies import ARMHttpLoggingPolicy
+from azure.mgmt.core.policies import ARMHttpLoggingPolicy, ARMChallengeAuthenticationPolicy
 
 if TYPE_CHECKING:
     # pylint: disable=unused-import,ungrouped-imports
@@ -61,4 +61,4 @@ def _configure(
         self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs)
         self.authentication_policy = kwargs.get('authentication_policy')
         if self.credential and not self.authentication_policy:
-            self.authentication_policy = policies.BearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)
+            self.authentication_policy = ARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)

docs/samples/specification/multiapi/generated/azure/multiapi/sample/v2/_metadata.json

@@ -79,10 +79,10 @@
     "config": {
         "credential": true,
         "credential_scopes": ["https://management.azure.com/.default"],
-        "credential_call_sync": "policies.BearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)",
-        "credential_call_async": "policies.AsyncBearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)",
-        "sync_imports": "{\"regular\": {\"azurecore\": {\"azure.core.configuration\": [\"Configuration\"], \"azure.core.pipeline\": [\"policies\"], \"azure.mgmt.core.policies\": [\"ARMHttpLoggingPolicy\"]}, \"local\": {\"._version\": [\"VERSION\"]}}, \"conditional\": {\"stdlib\": {\"typing\": [\"Any\"]}}, \"typing\": {\"azurecore\": {\"azure.core.credentials\": [\"TokenCredential\"]}}}",
-        "async_imports": "{\"regular\": {\"azurecore\": {\"azure.core.configuration\": [\"Configuration\"], \"azure.core.pipeline\": [\"policies\"], \"azure.mgmt.core.policies\": [\"ARMHttpLoggingPolicy\"]}, \"local\": {\".._version\": [\"VERSION\"]}}, \"conditional\": {\"stdlib\": {\"typing\": [\"Any\"]}}, \"typing\": {\"azurecore\": {\"azure.core.credentials_async\": [\"AsyncTokenCredential\"]}}}"
+        "credential_call_sync": "ARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)",
+        "credential_call_async": "AsyncARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)",
+        "sync_imports": "{\"regular\": {\"azurecore\": {\"azure.core.configuration\": [\"Configuration\"], \"azure.core.pipeline\": [\"policies\"], \"azure.mgmt.core.policies\": [\"ARMHttpLoggingPolicy, ARMChallengeAuthenticationPolicy\"]}, \"local\": {\"._version\": [\"VERSION\"]}}, \"conditional\": {\"stdlib\": {\"typing\": [\"Any\"]}}, \"typing\": {\"azurecore\": {\"azure.core.credentials\": [\"TokenCredential\"]}}}",
+        "async_imports": "{\"regular\": {\"azurecore\": {\"azure.core.configuration\": [\"Configuration\"], \"azure.core.pipeline\": [\"policies\"], \"azure.mgmt.core.policies\": [\"ARMHttpLoggingPolicy, AsyncARMChallengeAuthenticationPolicy\"]}, \"local\": {\".._version\": [\"VERSION\"]}}, \"conditional\": {\"stdlib\": {\"typing\": [\"Any\"]}}, \"typing\": {\"azurecore\": {\"azure.core.credentials_async\": [\"AsyncTokenCredential\"]}}}"
     },
     "operation_groups": {
         "operation_group_one": "OperationGroupOneOperations",

docs/samples/specification/multiapi/generated/azure/multiapi/sample/v2/aio/_configuration.py

@@ -10,7 +10,7 @@
 
 from azure.core.configuration import Configuration
 from azure.core.pipeline import policies
-from azure.mgmt.core.policies import ARMHttpLoggingPolicy
+from azure.mgmt.core.policies import ARMHttpLoggingPolicy, AsyncARMChallengeAuthenticationPolicy
 
 if TYPE_CHECKING:
     # pylint: disable=unused-import,ungrouped-imports
@@ -57,4 +57,4 @@ def _configure(
         self.redirect_policy = kwargs.get('redirect_policy') or policies.AsyncRedirectPolicy(**kwargs)
         self.authentication_policy = kwargs.get('authentication_policy')
         if self.credential and not self.authentication_policy:
-            self.authentication_policy = policies.AsyncBearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)
+            self.authentication_policy = AsyncARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)

docs/samples/specification/multiapi/generated/azure/multiapi/sample/v3/_configuration.py

@@ -10,7 +10,7 @@
 
 from azure.core.configuration import Configuration
 from azure.core.pipeline import policies
-from azure.mgmt.core.policies import ARMHttpLoggingPolicy
+from azure.mgmt.core.policies import ARMHttpLoggingPolicy, ARMChallengeAuthenticationPolicy
 
 if TYPE_CHECKING:
     # pylint: disable=unused-import,ungrouped-imports
@@ -61,4 +61,4 @@ def _configure(
         self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs)
         self.authentication_policy = kwargs.get('authentication_policy')
         if self.credential and not self.authentication_policy:
-            self.authentication_policy = policies.BearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)
+            self.authentication_policy = ARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs)