azidentity test cleanup (#22700)

Azure · Apr 8, 2024 · 644a3ac · 644a3ac
1 parent df9e916
commit 644a3ac
Show file tree

Hide file tree

Showing 10 changed files with 150 additions and 305 deletions.
diff --git a/sdk/azidentity/azidentity_test.go b/sdk/azidentity/azidentity_test.go
@@ -101,96 +101,107 @@ func (t *tokenRequestCountingPolicy) Do(req *policy.Request) (*http.Response, er
 	return req.Next()
 }
 
-func TestEmptyTenantID(t *testing.T) {
+func TestTenantID(t *testing.T) {
 	type tc struct {
-		name string
-		ctor func() (azcore.TokenCredential, error)
+		name           string
+		ctor           func(tenant string) (azcore.TokenCredential, error)
+		tenantOptional bool
 	}
-	// constructors having a tenant parameter should return an error because they require a nonempty value
 	for _, test := range []tc{
 		{
 			name: credNameAssertion,
-			ctor: func() (azcore.TokenCredential, error) {
-				return NewClientAssertionCredential("", fakeClientID, func(context.Context) (string, error) { return "", nil }, nil)
+			ctor: func(tenant string) (azcore.TokenCredential, error) {
+				return NewClientAssertionCredential(tenant, fakeClientID, func(context.Context) (string, error) { return "", nil }, nil)
 			},
 		},
 		{
-			name: credNameCert,
-			ctor: func() (azcore.TokenCredential, error) {
-				return NewClientCertificateCredential("", fakeClientID, allCertTests[0].certs, allCertTests[0].key, nil)
+			name: credNameAzureCLI,
+			ctor: func(tenant string) (azcore.TokenCredential, error) {
+				return NewAzureCLICredential(&AzureCLICredentialOptions{
+					TenantID: tenant,
+				})
 			},
+			tenantOptional: true,
 		},
 		{
-			name: credNameOBO + "/cert",
-			ctor: func() (azcore.TokenCredential, error) {
-				return NewOnBehalfOfCredentialWithCertificate("", fakeClientID, "assertion", allCertTests[0].certs, allCertTests[0].key, nil)
+			name: credNameAzureDeveloperCLI,
+			ctor: func(tenant string) (azcore.TokenCredential, error) {
+				return NewAzureDeveloperCLICredential(&AzureDeveloperCLICredentialOptions{
+					TenantID: tenant,
+				})
 			},
+			tenantOptional: true,
 		},
 		{
-			name: credNameOBO + "/secret",
-			ctor: func() (azcore.TokenCredential, error) {
-				return NewOnBehalfOfCredentialWithSecret("", fakeClientID, "assertion", fakeSecret, nil)
+			name: credNameBrowser,
+			ctor: func(tenant string) (azcore.TokenCredential, error) {
+				return NewInteractiveBrowserCredential(&InteractiveBrowserCredentialOptions{
+					TenantID: tenant,
+				})
 			},
+			tenantOptional: true,
 		},
 		{
-			name: credNameSecret,
-			ctor: func() (azcore.TokenCredential, error) {
-				return NewClientSecretCredential("", fakeClientID, fakeSecret, nil)
+			name: credNameCert,
+			ctor: func(tenant string) (azcore.TokenCredential, error) {
+				return NewClientCertificateCredential(tenant, fakeClientID, allCertTests[0].certs, allCertTests[0].key, nil)
 			},
 		},
 		{
-			name: credNameUserPassword,
-			ctor: func() (azcore.TokenCredential, error) {
-				return NewUsernamePasswordCredential("", fakeClientID, "username", "password", nil)
+			name: credNameDeviceCode,
+			ctor: func(tenant string) (azcore.TokenCredential, error) {
+				return NewDeviceCodeCredential(&DeviceCodeCredentialOptions{
+					TenantID: tenant,
+				})
 			},
+			tenantOptional: true,
 		},
 		{
-			name: credNameWorkloadIdentity,
-			ctor: func() (azcore.TokenCredential, error) {
-				t.Setenv(azureTenantID, "")
-				return NewWorkloadIdentityCredential(&WorkloadIdentityCredentialOptions{
-					ClientID:      fakeClientID,
-					TokenFilePath: "...",
-				})
+			name: credNameOBO + "/cert",
+			ctor: func(tenant string) (azcore.TokenCredential, error) {
+				return NewOnBehalfOfCredentialWithCertificate(tenant, fakeClientID, "assertion", allCertTests[0].certs, allCertTests[0].key, nil)
 			},
 		},
-	} {
-		t.Run(test.name, func(t *testing.T) {
-			_, err := test.ctor()
-			require.ErrorContains(t, err, "tenant")
-		})
-	}
-
-	// constructors having a tenant option should not return an error
-	for _, test := range []tc{
 		{
-			name: credNameAzureCLI,
-			ctor: func() (azcore.TokenCredential, error) {
-				return NewAzureCLICredential(nil)
+			name: credNameOBO + "/secret",
+			ctor: func(tenant string) (azcore.TokenCredential, error) {
+				return NewOnBehalfOfCredentialWithSecret(tenant, fakeClientID, "assertion", fakeSecret, nil)
 			},
 		},
 		{
-			name: credNameAzureDeveloperCLI,
-			ctor: func() (azcore.TokenCredential, error) {
-				return NewAzureDeveloperCLICredential(nil)
+			name: credNameSecret,
+			ctor: func(tenant string) (azcore.TokenCredential, error) {
+				return NewClientSecretCredential(tenant, fakeClientID, fakeSecret, nil)
 			},
 		},
 		{
-			name: credNameBrowser,
-			ctor: func() (azcore.TokenCredential, error) {
-				return NewInteractiveBrowserCredential(nil)
+			name: credNameUserPassword,
+			ctor: func(tenant string) (azcore.TokenCredential, error) {
+				return NewUsernamePasswordCredential(tenant, fakeClientID, "username", "password", nil)
 			},
 		},
 		{
-			name: credNameDeviceCode,
-			ctor: func() (azcore.TokenCredential, error) {
-				return NewDeviceCodeCredential(nil)
+			name: credNameWorkloadIdentity,
+			ctor: func(tenant string) (azcore.TokenCredential, error) {
+				t.Setenv(azureTenantID, tenant)
+				return NewWorkloadIdentityCredential(&WorkloadIdentityCredentialOptions{
+					ClientID:      fakeClientID,
+					TokenFilePath: "...",
+				})
 			},
 		},
 	} {
-		t.Run(test.name, func(t *testing.T) {
-			_, err := test.ctor()
-			require.NoError(t, err)
+		t.Run(test.name+"/empty", func(t *testing.T) {
+			_, err := test.ctor("")
+			if test.tenantOptional {
+				require.NoError(t, err)
+			} else {
+				require.ErrorContains(t, err, "tenant")
+			}
+		})
+		t.Run(test.name+"/invalid", func(t *testing.T) {
+			_, err := test.ctor(badTenantID)
+			require.ErrorContains(t, err, "tenant")
 		})
 	}
 }
@@ -273,7 +284,7 @@ func TestUserAuthentication(t *testing.T) {
 				_, err = cred.Authenticate(context.Background(), nil)
 				require.NoError(t, err)
 
-				os.Setenv(azureAuthorityHost, cc.ActiveDirectoryAuthorityHost)
+				t.Setenv(azureAuthorityHost, cc.ActiveDirectoryAuthorityHost)
 				cred, err = credential.new(nil, azcore.ClientOptions{Transport: &sts}, AuthenticationRecord{}, false)
 				require.NoError(t, err)
 				_, err = cred.Authenticate(context.Background(), nil)
@@ -447,19 +458,38 @@ func Test_DefaultAuthorityHost(t *testing.T) {
 	}
 }
 
-func Test_GetTokenRequiresScopes(t *testing.T) {
+func TestGetTokenRequiresScopes(t *testing.T) {
 	for _, ctor := range []func() (azcore.TokenCredential, error){
 		func() (azcore.TokenCredential, error) { return NewAzureCLICredential(nil) },
+		func() (azcore.TokenCredential, error) { return NewAzureDeveloperCLICredential(nil) },
+		func() (azcore.TokenCredential, error) {
+			return NewClientAssertionCredential(
+				fakeTenantID, fakeClientID, func(context.Context) (string, error) { return "", nil }, nil,
+			)
+		},
 		func() (azcore.TokenCredential, error) {
-			return NewClientCertificateCredential("tenantID", "clientID", allCertTests[0].certs, allCertTests[0].key, nil)
+			return NewClientCertificateCredential(
+				fakeTenantID, fakeClientID, allCertTests[0].certs, allCertTests[0].key, nil,
+			)
 		},
 		func() (azcore.TokenCredential, error) {
-			return NewClientSecretCredential("tenantID", "clientID", fakeSecret, nil)
+			return NewClientSecretCredential(fakeTenantID, fakeClientID, fakeSecret, nil)
 		},
 		func() (azcore.TokenCredential, error) { return NewDeviceCodeCredential(nil) },
 		func() (azcore.TokenCredential, error) { return NewInteractiveBrowserCredential(nil) },
+		func() (azcore.TokenCredential, error) { return NewManagedIdentityCredential(nil) },
+		func() (azcore.TokenCredential, error) {
+			return NewOnBehalfOfCredentialWithSecret(
+				fakeTenantID, fakeClientID, "assertion", fakeSecret, nil,
+			)
+		},
+		func() (azcore.TokenCredential, error) {
+			return NewUsernamePasswordCredential(fakeTenantID, fakeClientID, fakeUsername, "password", nil)
+		},
 		func() (azcore.TokenCredential, error) {
-			return NewUsernamePasswordCredential("tenantID", "clientID", "username", "password", nil)
+			return NewWorkloadIdentityCredential(&WorkloadIdentityCredentialOptions{
+				ClientID: fakeClientID, TokenFilePath: ".", TenantID: fakeTenantID,
+			})
 		},
 	} {
 		cred, err := ctor()

diff --git a/sdk/azidentity/azure_cli_credential_test.go b/sdk/azidentity/azure_cli_credential_test.go
@@ -40,7 +40,7 @@ func mockAzTokenProviderFailure(context.Context, []string, string, string) ([]by
 	return nil, newAuthenticationFailedError(credNameAzureCLI, "mock provider error", nil, nil)
 }
 
-func mockAzTokenProviderSuccess(ctx context.Context, scopes []string, tenant, subscription string) ([]byte, error) {
+func mockAzTokenProviderSuccess(context.Context, []string, string, string) ([]byte, error) {
 	return azTokenOutput("2001-02-03 04:05:06.000007", 0), nil
 }
 

diff --git a/sdk/azidentity/client_certificate_credential_test.go b/sdk/azidentity/client_certificate_credential_test.go
@@ -63,33 +63,6 @@ func TestParseCertificates_Error(t *testing.T) {
 	}
 }
 
-func TestClientCertificateCredential_InvalidTenantID(t *testing.T) {
-	test := allCertTests[0]
-	cred, err := NewClientCertificateCredential(badTenantID, fakeClientID, test.certs, test.key, nil)
-	if err == nil {
-		t.Fatal("Expected an error but received none")
-	}
-	if cred != nil {
-		t.Fatalf("Expected a nil credential value. Received: %v", cred)
-	}
-}
-
-func TestClientCertificateCredential_GetTokenSuccess(t *testing.T) {
-	for _, test := range allCertTests {
-		t.Run(test.name, func(t *testing.T) {
-			cred, err := NewClientCertificateCredential(fakeTenantID, fakeClientID, test.certs, test.key, nil)
-			if err != nil {
-				t.Fatalf("Expected an empty error but received: %s", err.Error())
-			}
-			cred.client.noCAE = fakeConfidentialClient{}
-			_, err = cred.GetToken(context.Background(), testTRO)
-			if err != nil {
-				t.Fatalf("Expected an empty error but received: %s", err.Error())
-			}
-		})
-	}
-}
-
 func TestClientCertificateCredential_SendCertificateChain(t *testing.T) {
 	for _, test := range allCertTests {
 		t.Run(test.name, func(t *testing.T) {
@@ -114,19 +87,6 @@ func TestClientCertificateCredential_SendCertificateChain(t *testing.T) {
 	}
 }
 
-func TestClientCertificateCredential_GetTokenCheckPrivateKeyBlocks(t *testing.T) {
-	test := allCertTests[0]
-	cred, err := NewClientCertificateCredential(fakeTenantID, fakeClientID, test.certs, test.key, nil)
-	if err != nil {
-		t.Fatalf("Expected an empty error but received: %s", err.Error())
-	}
-	cred.client.noCAE = fakeConfidentialClient{}
-	_, err = cred.GetToken(context.Background(), testTRO)
-	if err != nil {
-		t.Fatalf("Expected an empty error but received: %s", err.Error())
-	}
-}
-
 func TestClientCertificateCredential_NoData(t *testing.T) {
 	var key crypto.PrivateKey
 	_, err := NewClientCertificateCredential(fakeTenantID, fakeClientID, []*x509.Certificate{}, key, nil)

diff --git a/sdk/azidentity/client_secret_credential_test.go b/sdk/azidentity/client_secret_credential_test.go
@@ -17,28 +17,6 @@ import (
 
 const fakeSecret = "secret"
 
-func TestClientSecretCredential_InvalidTenantID(t *testing.T) {
-	cred, err := NewClientSecretCredential(badTenantID, fakeClientID, fakeSecret, nil)
-	if err == nil {
-		t.Fatal("Expected an error but received none")
-	}
-	if cred != nil {
-		t.Fatalf("Expected a nil credential value. Received: %v", cred)
-	}
-}
-
-func TestClientSecretCredential_GetTokenSuccess(t *testing.T) {
-	cred, err := NewClientSecretCredential(fakeTenantID, fakeClientID, fakeSecret, nil)
-	if err != nil {
-		t.Fatalf("Unable to create credential. Received: %v", err)
-	}
-	cred.client.noCAE = fakeConfidentialClient{}
-	_, err = cred.GetToken(context.Background(), testTRO)
-	if err != nil {
-		t.Fatalf("Expected an empty error but received: %v", err)
-	}
-}
-
 func TestClientSecretCredential_Live(t *testing.T) {
 	for _, disabledID := range []bool{true, false} {
 		name := "default options"

diff --git a/sdk/azidentity/confidential_client.go b/sdk/azidentity/confidential_client.go
@@ -91,7 +91,7 @@ func (c *confidentialClient) GetToken(ctx context.Context, tro policy.TokenReque
 		}
 		tro.TenantID = tenant
 	}
-	client, mu, err := c.client(ctx, tro)
+	client, mu, err := c.client(tro)
 	if err != nil {
 		return azcore.AccessToken{}, err
 	}
@@ -121,7 +121,7 @@ func (c *confidentialClient) GetToken(ctx context.Context, tro policy.TokenReque
 	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
 }
 
-func (c *confidentialClient) client(ctx context.Context, tro policy.TokenRequestOptions) (msalConfidentialClient, *sync.Mutex, error) {
+func (c *confidentialClient) client(tro policy.TokenRequestOptions) (msalConfidentialClient, *sync.Mutex, error) {
 	c.clientMu.Lock()
 	defer c.clientMu.Unlock()
 	if tro.EnableCAE {

diff --git a/sdk/azidentity/device_code_credential_test.go b/sdk/azidentity/device_code_credential_test.go
@@ -16,18 +16,6 @@ import (
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
 )
 
-func TestDeviceCodeCredential_InvalidTenantID(t *testing.T) {
-	options := DeviceCodeCredentialOptions{}
-	options.TenantID = badTenantID
-	cred, err := NewDeviceCodeCredential(&options)
-	if err == nil {
-		t.Fatal("Expected an error but received none")
-	}
-	if cred != nil {
-		t.Fatalf("Expected a nil credential value. Received: %v", cred)
-	}
-}
-
 func TestDeviceCodeCredential_GetTokenInvalidCredentials(t *testing.T) {
 	cred, err := NewDeviceCodeCredential(nil)
 	if err != nil {