update the logger warning to be called on getToken and updated the te…

…st to verify logger message
Azure · Feb 9, 2022 · 684ff38 · 684ff38
1 parent 830dff7
commit 684ff38
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 18 deletions.
diff --git a/sdk/identity/identity/src/credentials/managedIdentityCredential/cloudShellMsi.ts b/sdk/identity/identity/src/credentials/managedIdentityCredential/cloudShellMsi.ts
@@ -12,7 +12,7 @@ import { MSI, MSIConfiguration } from "./models";
 import { mapScopesToResource } from "./utils";
 
 const msiName = "ManagedIdentityCredential - CloudShellMSI";
-const logger = credentialLogger(msiName);
+export const logger = credentialLogger(msiName);
 
 /**
  * Generates the options used on the request for an access token.
@@ -56,18 +56,13 @@ function prepareRequestOptions(
  * Since Azure Managed Identities aren't available in the Azure Cloud Shell, we log a warning for users that try to access cloud shell using user assigned identity.
  */
 export const cloudShellMsi: MSI = {
-  async isAvailable(scopes, _identityClient, clientId): Promise<boolean> {
+  async isAvailable(scopes, _identityClient): Promise<boolean> {
     const resource = mapScopesToResource(scopes);
     if (!resource) {
       logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);
       return false;
     }
-    if (clientId) {
-      logger.warning(
-        `${msiName}: Unavailable. Azure Managed Identities aren't available in the Azure Cloud Shell.`
-      );
-      return false;
-    }
+
     const result = Boolean(process.env.MSI_ENDPOINT);
     if (!result) {
       logger.info(`${msiName}: Unavailable. The environment variable MSI_ENDPOINT is needed.`);
@@ -80,6 +75,11 @@ export const cloudShellMsi: MSI = {
   ): Promise<AccessToken | null> {
     const { identityClient, scopes, clientId } = configuration;
 
+    if (clientId) {
+      logger.warning(
+        `${msiName}: does not support user-assigned identities in the Cloud Shell environment. Argument clientId is not needed and not used.`
+      );
+    }
     logger.info(
       `${msiName}: Using the endpoint coming form the environment variable MSI_ENDPOINT = ${process.env.MSI_ENDPOINT}.`
     );

diff --git a/sdk/identity/identity/test/internal/node/managedIdentityCredential.spec.ts b/sdk/identity/identity/test/internal/node/managedIdentityCredential.spec.ts
@@ -7,6 +7,7 @@ import { tmpdir } from "os";
 import { mkdtempSync, rmdirSync, unlinkSync, writeFileSync } from "fs";
 import { RestError } from "@azure/core-rest-pipeline";
 import { ManagedIdentityCredential } from "../../../src";
+import Sinon from "sinon";
 import {
   imdsHost,
   imdsApiVersion,
@@ -20,6 +21,8 @@ import { createResponse, IdentityTestContextInterface } from "../../httpRequests
 import { IdentityTestContext } from "../../httpRequests";
 import { AzureAuthorityHosts, DefaultAuthorityHost, DefaultTenantId } from "../../../src/constants";
 import { setLogLevel } from "@azure/logger";
+import { logger } from "../../../src/credentials/managedIdentityCredential/cloudShellMsi";
+import { Context } from "mocha";
 
 describe("ManagedIdentityCredential", function () {
   let testContext: IdentityTestContextInterface;
@@ -366,29 +369,28 @@ describe("ManagedIdentityCredential", function () {
       credential: new ManagedIdentityCredential(),
       secureResponses: [createResponse(200, { access_token: "token" })],
     });
-    console.dir(authDetails);
     const authRequest = authDetails.requests[0];
     assert.equal(authRequest.method, "POST");
     assert.equal(authDetails.result!.token, "token");
   });
 
-  it("authorization request fails with client id passed in an Cloud Shell environment", async () => {
+  it("authorization request fails with client id passed in an Cloud Shell environment", async function (this: Context) {
     // Trigger Cloud Shell behavior by setting environment variables
     process.env.MSI_ENDPOINT = "https://endpoint";
+    const msiGetTokenSpy = Sinon.spy(ManagedIdentityCredential.prototype, "getToken");
+    const loggerSpy = Sinon.spy(logger, "warning");
     setLogLevel("warning");
     const authDetails = await testContext.sendCredentialRequests({
       scopes: ["https://service/.default"],
       credential: new ManagedIdentityCredential("client"),
       secureResponses: [createResponse(200, { access_token: "token" })],
     });
-    console.dir(authDetails);
-    assert.equal(authDetails.result, null);
-    assert.equal(authDetails.error?.name, "CredentialUnavailableError");
-    assert.equal(
-      authDetails.error?.message,
-      "ManagedIdentityCredential: Authentication failed. Message No responses left."
-    );
-    assert.equal(authDetails.requests.length, 0);
+    assert.equal(authDetails.result!.token, "token");
+    assert.equal(msiGetTokenSpy.called, true);
+    assert.equal(loggerSpy.calledOnce, true);
+    assert.deepEqual(loggerSpy.args[0], [
+      "ManagedIdentityCredential - CloudShellMSI: does not support user-assigned identities in the Cloud Shell environment. Argument clientId is not needed and not used.",
+    ]);
   });
 
   it("sends an authorization request correctly in an Azure Arc environment", async function (this: Mocha.Context) {