Skip to content

Commit

Permalink
[Core] Drop old Track 2 SDK authentication support (#29690)
Browse files Browse the repository at this point in the history
  • Loading branch information
jiasli authored Dec 3, 2024
1 parent b46f344 commit a287786
Show file tree
Hide file tree
Showing 5 changed files with 8 additions and 42 deletions.
4 changes: 2 additions & 2 deletions src/azure-cli-core/azure/cli/core/auth/adal_authentication.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from knack.log import get_logger
from msrestazure.azure_active_directory import MSIAuthentication

from .util import _normalize_scopes, scopes_to_resource, AccessToken
from .util import scopes_to_resource, AccessToken

logger = get_logger(__name__)

Expand Down Expand Up @@ -39,7 +39,7 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument
raise AuthenticationError("VM SSH currently doesn't support managed identity.")

# Use msrestazure to get access token
resource = scopes_to_resource(_normalize_scopes(scopes))
resource = scopes_to_resource(scopes)
if resource:
# If available, use resource provided by SDK
self.resource = resource
Expand Down
3 changes: 1 addition & 2 deletions src/azure-cli-core/azure/cli/core/auth/credential_adaptor.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from knack.log import get_logger
from knack.util import CLIError

from .util import resource_to_scopes, _normalize_scopes
from .util import resource_to_scopes

logger = get_logger(__name__)

Expand Down Expand Up @@ -62,7 +62,6 @@ def get_token(self, *scopes, **kwargs):
if 'data' in kwargs:
filtered_kwargs['data'] = kwargs['data']

scopes = _normalize_scopes(scopes)
token, _ = self._get_token(scopes, **filtered_kwargs)
return token

Expand Down
17 changes: 1 addition & 16 deletions src/azure-cli-core/azure/cli/core/auth/tests/test_util.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
# pylint: disable=protected-access

import unittest
from azure.cli.core.auth.util import scopes_to_resource, resource_to_scopes, _normalize_scopes, _generate_login_command
from azure.cli.core.auth.util import scopes_to_resource, resource_to_scopes, _generate_login_command


class TestUtil(unittest.TestCase):
Expand Down Expand Up @@ -50,21 +50,6 @@ def test_resource_to_scopes(self):
self.assertEqual(resource_to_scopes('https://managedhsm.azure.com'),
['https://managedhsm.azure.com/.default'])

def test_normalize_scopes(self):
# Test no scopes
self.assertIsNone(_normalize_scopes(()))
self.assertIsNone(_normalize_scopes([]))
self.assertIsNone(_normalize_scopes(None))

# Test multiple scopes, with the first one discarded
scopes = _normalize_scopes(("https://management.core.windows.net//.default",
"https://management.core.chinacloudapi.cn//.default"))
self.assertEqual(list(scopes), ["https://management.core.chinacloudapi.cn//.default"])

# Test single scopes (the correct usage)
scopes = _normalize_scopes(("https://management.core.chinacloudapi.cn//.default",))
self.assertEqual(list(scopes), ["https://management.core.chinacloudapi.cn//.default"])

def test_generate_login_command(self):
# No parameter is given
assert _generate_login_command() == 'az login'
Expand Down
21 changes: 0 additions & 21 deletions src/azure-cli-core/azure/cli/core/auth/util.py
Original file line number Diff line number Diff line change
Expand Up @@ -106,27 +106,6 @@ def scopes_to_resource(scopes):
return scope


def _normalize_scopes(scopes):
"""Normalize scopes to workaround some SDK issues."""

# Track 2 SDKs generated before https://github.com/Azure/autorest.python/pull/239 don't maintain
# credential_scopes and call `get_token` with empty scopes.
# As a workaround, return None so that the CLI-managed resource is used.
if not scopes:
logger.debug("No scope is provided by the SDK, use the CLI-managed resource.")
return None

# Track 2 SDKs generated before https://github.com/Azure/autorest.python/pull/745 extend default
# credential_scopes with custom credential_scopes. Instead, credential_scopes should be replaced by
# custom credential_scopes. https://github.com/Azure/azure-sdk-for-python/issues/12947
# As a workaround, remove the first one if there are multiple scopes provided.
if len(scopes) > 1:
logger.debug("Multiple scopes are provided by the SDK, discarding the first one: %s", scopes[0])
return scopes[1:]

return scopes


def check_result(result, **kwargs):
"""Parse the result returned by MSAL:
Expand Down
5 changes: 4 additions & 1 deletion src/azure-cli-testsdk/azure/cli/testsdk/patches.py
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,10 @@ class UserCredentialMock:
def __init__(self, *args, **kwargs):
super().__init__()

def get_token(*args, **kwargs): # pylint: disable=unused-argument
def get_token(self, *scopes, **kwargs): # pylint: disable=unused-argument
# Old Track 2 SDKs are no longer supported. https://github.com/Azure/azure-cli/pull/29690
assert len(scopes) == 1, "'scopes' must contain only one element."

from azure.core.credentials import AccessToken
import time
fake_raw_token = 'top-secret-token-for-you'
Expand Down

0 comments on commit a287786

Please sign in to comment.