Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-azure-identity for
openSUSE:Factory checked in at 2024-10-15 15:01:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-azure-identity (Old)
and /work/SRC/openSUSE:Factory/.python-azure-identity.new.19354 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-azure-identity"
Tue Oct 15 15:01:06 2024 rev:27 rq:1207991 version:1.19.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-azure-identity/python-azure-identity.changes
2024-09-23 15:24:32.535211930 +0200
+++
/work/SRC/openSUSE:Factory/.python-azure-identity.new.19354/python-azure-identity.changes
2024-10-15 15:01:57.213541833 +0200
@@ -1,0 +2,8 @@
+Wed Oct 9 09:35:33 UTC 2024 - John Paul Adrian Glaubitz
<[email protected]>
+
+- New upstream release
+ + Version 1.19.0
+ + For detailed information about changes see the
+ CHANGELOG.md file provided with this package
+
+-------------------------------------------------------------------
Old:
----
azure_identity-1.18.0.tar.gz
New:
----
azure_identity-1.19.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-azure-identity.spec ++++++
--- /var/tmp/diff_new_pack.ODtwZM/_old 2024-10-15 15:01:58.213583483 +0200
+++ /var/tmp/diff_new_pack.ODtwZM/_new 2024-10-15 15:01:58.213583483 +0200
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-azure-identity
-Version: 1.18.0
+Version: 1.19.0
Release: 0
Summary: Azure Identity client library for Python
License: MIT
++++++ azure_identity-1.18.0.tar.gz -> azure_identity-1.19.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_identity-1.18.0/CHANGELOG.md
new/azure_identity-1.19.0/CHANGELOG.md
--- old/azure_identity-1.18.0/CHANGELOG.md 2024-09-19 21:04:28.000000000
+0200
+++ new/azure_identity-1.19.0/CHANGELOG.md 2024-10-08 00:19:03.000000000
+0200
@@ -1,5 +1,15 @@
# Release History
+## 1.19.0 (2024-10-08)
+
+### Bugs Fixed
+
+- Fixed the request sent in `AzurePipelinesCredential` so it doesn't result in
a redirect response when an invalid system access token is provided.
([#37510](https://github.com/Azure/azure-sdk-for-python/pull/37510))
+
+### Other Changes
+
+- Deprecated `AzureAuthorityHosts.AZURE_GERMANY`
+
## 1.18.0 (2024-09-19)
### Features Added
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_identity-1.18.0/PKG-INFO
new/azure_identity-1.19.0/PKG-INFO
--- old/azure_identity-1.18.0/PKG-INFO 2024-09-19 21:06:10.673623800 +0200
+++ new/azure_identity-1.19.0/PKG-INFO 2024-10-08 00:20:49.072624400 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: azure-identity
-Version: 1.18.0
+Version: 1.19.0
Summary: Microsoft Azure Identity Library for Python
Home-page:
https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity
Author: Microsoft Corporation
@@ -87,21 +87,7 @@
### DefaultAzureCredential
-`DefaultAzureCredential` is appropriate for most applications that will run in
Azure because it combines common production credentials with development
credentials. `DefaultAzureCredential` attempts to authenticate via the
following mechanisms, in this order, stopping when one succeeds:
-
->Note: `DefaultAzureCredential` is intended to simplify getting started with
the library by handling common
->scenarios with reasonable default behaviors. Developers who want more control
or whose scenario
->isn't served by the default settings should use other credential types.
-
-
-
-1. **Environment** - `DefaultAzureCredential` reads account information
specified via [environment variables](#environment-variables "environment
variables") and uses it to authenticate.
-1. **Workload Identity** - If the application is deployed to Azure Kubernetes
Service with Managed Identity enabled, `DefaultAzureCredential` authenticates
with it.
-1. **Managed Identity** - If the application is deployed to an Azure host with
Managed Identity enabled, `DefaultAzureCredential` authenticates with it.
-1. **Azure CLI** - If a user signed in via the Azure CLI `az login` command,
`DefaultAzureCredential` authenticates as that user.
-1. **Azure PowerShell** - If a user signed in via Azure PowerShell's
`Connect-AzAccount` command, `DefaultAzureCredential` authenticates as that
user.
-1. **Azure Developer CLI** - If the developer authenticated via the Azure
Developer CLI `azd auth login` command, `DefaultAzureCredential` authenticates
with that account.
-1. **Interactive browser** - If enabled, `DefaultAzureCredential`
interactively authenticates a user via the default browser. This credential
type is disabled by default.
+`DefaultAzureCredential` simplifies authentication while developing apps that
deploy to Azure by combining credentials used in Azure hosting environments
with credentials used in local development. For more information, see
[DefaultAzureCredential overview][dac_overview].
#### Continuation policy
@@ -146,7 +132,7 @@
When enabled, `DefaultAzureCredential` falls back to interactively
authenticating via the system's default web browser when no other credential is
available.
-#### Specify a user-assigned managed identity for `DefaultAzureCredential`
+#### Specify a user-assigned managed identity with `DefaultAzureCredential`
Many Azure hosts allow the assignment of a user-assigned managed identity. To
configure `DefaultAzureCredential` to authenticate a user-assigned managed
identity, use the `managed_identity_client_id` keyword argument:
@@ -158,20 +144,7 @@
### Define a custom authentication flow with `ChainedTokenCredential`
-`DefaultAzureCredential` is generally the quickest way to get started
developing applications for Azure. For more advanced scenarios,
[ChainedTokenCredential][chain_cred_ref] links multiple credential instances to
be tried sequentially when authenticating. It tries each credential in turn
until one provides a token or fails to authenticate due to an error.
-
-The following example demonstrates creating a credential that first attempts
to authenticate using managed identity. The credential falls back to
authenticating via the Azure CLI when a managed identity is unavailable. This
example uses the `EventHubProducerClient` from the
[azure-eventhub][azure_eventhub] client library.
-
-```python
-from azure.eventhub import EventHubProducerClient
-from azure.identity import AzureCliCredential, ChainedTokenCredential,
ManagedIdentityCredential
-
-managed_identity = ManagedIdentityCredential()
-azure_cli = AzureCliCredential()
-credential_chain = ChainedTokenCredential(managed_identity, azure_cli)
-
-client = EventHubProducerClient(namespace, eventhub_name, credential_chain)
-```
+While `DefaultAzureCredential` is generally the quickest way to authenticate
apps for Azure, you can create a customized chain of credentials to be
considered. `ChainedTokenCredential` enables users to combine multiple
credential instances to define a customized chain of credentials. For more
information, see [ChainedTokenCredential overview][ctc_overview].
### Async credentials
@@ -217,13 +190,42 @@
### Examples
+These examples demonstrate authenticating `SecretClient` from the
[`azure-keyvault-secrets`](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-keyvault-secrets)
library with `ManagedIdentityCredential`.
+
+
#### Authenticate with a user-assigned managed identity
+To authenticate with a user-assigned managed identity, you must specify one of
the following IDs for the managed identity.
+
+##### Client ID
+
```python
from azure.identity import ManagedIdentityCredential
from azure.keyvault.secrets import SecretClient
-credential = ManagedIdentityCredential(client_id=managed_identity_client_id)
+credential = ManagedIdentityCredential(client_id="managed_identity_client_id")
+client = SecretClient("https://my-vault.vault.azure.net";, credential)
+```
+
+##### Resource ID
+
+```python
+from azure.identity import ManagedIdentityCredential
+from azure.keyvault.secrets import SecretClient
+
+resource_id =
"/subscriptions/<id>/resourceGroups/<rg>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<mi-name>"
+
+credential = ManagedIdentityCredential(identity_config={"resource_id":
resource_id})
+client = SecretClient("https://my-vault.vault.azure.net";, credential)
+```
+
+##### Object ID
+
+```python
+from azure.identity import ManagedIdentityCredential
+from azure.keyvault.secrets import SecretClient
+
+credential = ManagedIdentityCredential(identity_config={"object_id":
"managed_identity_object_id"})
client = SecretClient("https://my-vault.vault.azure.net";, credential)
```
@@ -423,6 +425,8 @@
[cli_cred_ref]: https://aka.ms/azsdk/python/identity/azclicredential
[client_assertion_cred_ref]:
https://aka.ms/azsdk/python/identity/clientassertioncredential
[client_secret_cred_ref]:
https://aka.ms/azsdk/python/identity/clientsecretcredential
+[ctc_overview]:
https://aka.ms/azsdk/python/identity/credential-chains#chainedtokencredential-overview
+[dac_overview]:
https://aka.ms/azsdk/python/identity/credential-chains#defaultazurecredential-overview
[default_cred_ref]: https://aka.ms/azsdk/python/identity/defaultazurecredential
[device_code_cred_ref]:
https://aka.ms/azsdk/python/identity/devicecodecredential
[environment_cred_ref]:
https://aka.ms/azsdk/python/identity/environmentcredential
@@ -444,6 +448,16 @@
# Release History
+## 1.19.0 (2024-10-08)
+
+### Bugs Fixed
+
+- Fixed the request sent in `AzurePipelinesCredential` so it doesn't result in
a redirect response when an invalid system access token is provided.
([#37510](https://github.com/Azure/azure-sdk-for-python/pull/37510))
+
+### Other Changes
+
+- Deprecated `AzureAuthorityHosts.AZURE_GERMANY`
+
## 1.18.0 (2024-09-19)
### Features Added
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_identity-1.18.0/README.md
new/azure_identity-1.19.0/README.md
--- old/azure_identity-1.18.0/README.md 2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/README.md 2024-10-08 00:19:03.000000000 +0200
@@ -59,21 +59,7 @@
### DefaultAzureCredential
-`DefaultAzureCredential` is appropriate for most applications that will run in
Azure because it combines common production credentials with development
credentials. `DefaultAzureCredential` attempts to authenticate via the
following mechanisms, in this order, stopping when one succeeds:
-
->Note: `DefaultAzureCredential` is intended to simplify getting started with
the library by handling common
->scenarios with reasonable default behaviors. Developers who want more control
or whose scenario
->isn't served by the default settings should use other credential types.
-
-
-
-1. **Environment** - `DefaultAzureCredential` reads account information
specified via [environment variables](#environment-variables "environment
variables") and uses it to authenticate.
-1. **Workload Identity** - If the application is deployed to Azure Kubernetes
Service with Managed Identity enabled, `DefaultAzureCredential` authenticates
with it.
-1. **Managed Identity** - If the application is deployed to an Azure host with
Managed Identity enabled, `DefaultAzureCredential` authenticates with it.
-1. **Azure CLI** - If a user signed in via the Azure CLI `az login` command,
`DefaultAzureCredential` authenticates as that user.
-1. **Azure PowerShell** - If a user signed in via Azure PowerShell's
`Connect-AzAccount` command, `DefaultAzureCredential` authenticates as that
user.
-1. **Azure Developer CLI** - If the developer authenticated via the Azure
Developer CLI `azd auth login` command, `DefaultAzureCredential` authenticates
with that account.
-1. **Interactive browser** - If enabled, `DefaultAzureCredential`
interactively authenticates a user via the default browser. This credential
type is disabled by default.
+`DefaultAzureCredential` simplifies authentication while developing apps that
deploy to Azure by combining credentials used in Azure hosting environments
with credentials used in local development. For more information, see
[DefaultAzureCredential overview][dac_overview].
#### Continuation policy
@@ -118,7 +104,7 @@
When enabled, `DefaultAzureCredential` falls back to interactively
authenticating via the system's default web browser when no other credential is
available.
-#### Specify a user-assigned managed identity for `DefaultAzureCredential`
+#### Specify a user-assigned managed identity with `DefaultAzureCredential`
Many Azure hosts allow the assignment of a user-assigned managed identity. To
configure `DefaultAzureCredential` to authenticate a user-assigned managed
identity, use the `managed_identity_client_id` keyword argument:
@@ -130,20 +116,7 @@
### Define a custom authentication flow with `ChainedTokenCredential`
-`DefaultAzureCredential` is generally the quickest way to get started
developing applications for Azure. For more advanced scenarios,
[ChainedTokenCredential][chain_cred_ref] links multiple credential instances to
be tried sequentially when authenticating. It tries each credential in turn
until one provides a token or fails to authenticate due to an error.
-
-The following example demonstrates creating a credential that first attempts
to authenticate using managed identity. The credential falls back to
authenticating via the Azure CLI when a managed identity is unavailable. This
example uses the `EventHubProducerClient` from the
[azure-eventhub][azure_eventhub] client library.
-
-```python
-from azure.eventhub import EventHubProducerClient
-from azure.identity import AzureCliCredential, ChainedTokenCredential,
ManagedIdentityCredential
-
-managed_identity = ManagedIdentityCredential()
-azure_cli = AzureCliCredential()
-credential_chain = ChainedTokenCredential(managed_identity, azure_cli)
-
-client = EventHubProducerClient(namespace, eventhub_name, credential_chain)
-```
+While `DefaultAzureCredential` is generally the quickest way to authenticate
apps for Azure, you can create a customized chain of credentials to be
considered. `ChainedTokenCredential` enables users to combine multiple
credential instances to define a customized chain of credentials. For more
information, see [ChainedTokenCredential overview][ctc_overview].
### Async credentials
@@ -189,13 +162,42 @@
### Examples
+These examples demonstrate authenticating `SecretClient` from the
[`azure-keyvault-secrets`](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-keyvault-secrets)
library with `ManagedIdentityCredential`.
+
+
#### Authenticate with a user-assigned managed identity
+To authenticate with a user-assigned managed identity, you must specify one of
the following IDs for the managed identity.
+
+##### Client ID
+
+```python
+from azure.identity import ManagedIdentityCredential
+from azure.keyvault.secrets import SecretClient
+
+credential = ManagedIdentityCredential(client_id="managed_identity_client_id")
+client = SecretClient("https://my-vault.vault.azure.net";, credential)
+```
+
+##### Resource ID
+
+```python
+from azure.identity import ManagedIdentityCredential
+from azure.keyvault.secrets import SecretClient
+
+resource_id =
"/subscriptions/<id>/resourceGroups/<rg>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<mi-name>"
+
+credential = ManagedIdentityCredential(identity_config={"resource_id":
resource_id})
+client = SecretClient("https://my-vault.vault.azure.net";, credential)
+```
+
+##### Object ID
+
```python
from azure.identity import ManagedIdentityCredential
from azure.keyvault.secrets import SecretClient
-credential = ManagedIdentityCredential(client_id=managed_identity_client_id)
+credential = ManagedIdentityCredential(identity_config={"object_id":
"managed_identity_object_id"})
client = SecretClient("https://my-vault.vault.azure.net";, credential)
```
@@ -395,6 +397,8 @@
[cli_cred_ref]: https://aka.ms/azsdk/python/identity/azclicredential
[client_assertion_cred_ref]:
https://aka.ms/azsdk/python/identity/clientassertioncredential
[client_secret_cred_ref]:
https://aka.ms/azsdk/python/identity/clientsecretcredential
+[ctc_overview]:
https://aka.ms/azsdk/python/identity/credential-chains#chainedtokencredential-overview
+[dac_overview]:
https://aka.ms/azsdk/python/identity/credential-chains#defaultazurecredential-overview
[default_cred_ref]: https://aka.ms/azsdk/python/identity/defaultazurecredential
[device_code_cred_ref]:
https://aka.ms/azsdk/python/identity/devicecodecredential
[environment_cred_ref]:
https://aka.ms/azsdk/python/identity/environmentcredential
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_identity-1.18.0/TROUBLESHOOTING.md
new/azure_identity-1.19.0/TROUBLESHOOTING.md
--- old/azure_identity-1.18.0/TROUBLESHOOTING.md 2024-09-19
21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/TROUBLESHOOTING.md 2024-10-08
00:19:03.000000000 +0200
@@ -295,7 +295,7 @@
| --- | --- | --- |
| AADSTS900023: Specified tenant identifier `<some tenant ID>` is neither a
valid DNS name, nor a valid external domain. | The Microsoft Entra tenant ID
passed to the credential is invalid. | Verify the tenant ID is valid. If the
service connection federated identity credential (FIC) was configured via a
user-assigned managed identity, the tenant is the one in which managed identity
was registered. If the service connection FIC is configured via an app
registration, the tenant should be the one in which the app registration is
registered.
|
| No service connection found with identifier `<GUID>`. | The service
connection ID provided is incorrect. | Verify the `service_connection_id`
provided. For details on finding this value, check the [Find a service
connection ID](#find-a-service-connection-id) section. |
-| ClientAuthenticationError: OIDC token not found in response. Response =
Object moved to here. Status Code: 302. | The system access token seems to be
malformed when passing in as a parameter to the credential. |
`System.AccessToken` is a required system variable in the Azure Pipelines task
and should be provided in the pipeline task, [as mentioned in the
docs](https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#systemaccesstoken).
Verify that the system access token value provided is the predefined variable
in Azure Pipelines and isn't malformed. |
+| ClientAuthenticationError: 401 (Unauthorized) response from OIDC endpoint. |
The system access token seems to be malformed/invalid when passing in as a
parameter to the credential. | `System.AccessToken` is a required system
variable in the Azure Pipelines task and should be provided in the pipeline
task, [as mentioned in the
docs](https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#systemaccesstoken).
Verify that the system access token value provided is the predefined variable
in Azure Pipelines and isn't malformed. |
| ClientAuthenticationError: OIDC token not found in response. Response =
{"$id":"1", "innerException":null, "message":"`<ACTUAL ERROR MESSAGE>`",
"typeName":"Microsoft.VisualStudio.Services.WebApi.VssInvalidPreviewVersionException,
Microsoft.VisualStudio.Services.WebApi",
"typeKey":"VssInvalidPreviewVersionException", "errorCode":0} | When the OIDC
token request fails, the OIDC token API throws an error. More details about the
specific error are specified in the "message" field of the response. |
Mitigation usually depends on the scenario based on what [error
message](https://learn.microsoft.com/azure/devops/pipelines/release/troubleshoot-workload-identity?view=azure-devops#error-messages)
is being thrown. Make sure you use the [recommended Azure Pipelines
task](https://learn.microsoft.com/azure/devops/pipelines/release/troubleshoot-workload-identity?view=azure-devops#review-pipeline-tasks).
|
| CredentialUnavailableError: Missing value for the `SYSTEM_OIDCREQUESTURI`
environment variable. | This code isn't running inside of an Azure Pipelines
environment. You might be running this code locally or on some other
environment. | This credential is only designed to run inside the Azure
Pipelines environment for the federated identity to work. |
| AuthenticationRequiredError: unauthorized_client: 700016 - AADSTS700016:
Application with identifier `<client_id>` was not found in the directory
'Microsoft'. This error can happen if the application has not been installed by
the administrator of the tenant or consented to by any user in the tenant. You
may have sent your authentication request to the wrong tenant.| The `client_id`
provided is invalid. | Verify the client ID argument is valid. If the service
connection's federated identity was registered via a user-assigned managed
identity, the client ID of the managed identity should be provided. If the
service connection's federated identity is registered via an app registration,
the application (client) ID from your app registration should be provided. |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_identity-1.18.0/azure/identity/_constants.py
new/azure_identity-1.19.0/azure/identity/_constants.py
--- old/azure_identity-1.18.0/azure/identity/_constants.py 2024-09-19
21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/_constants.py 2024-10-08
00:19:03.000000000 +0200
@@ -2,6 +2,7 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# ------------------------------------
+import warnings
DEVELOPER_SIGN_ON_CLIENT_ID = "04b07795-8ddb-461a-bbee-02f9e1bf7b46"
AZURE_VSCODE_CLIENT_ID = "aebc6443-996d-45c2-90f0-388ff96faa56"
@@ -13,9 +14,20 @@
CACHE_CAE_SUFFIX = ".cae"
-class AzureAuthorityHosts:
+class AzureAuthorityHostsMeta(type):
+ def __getattr__(cls, name):
+ if name == "AZURE_GERMANY":
+ warnings.warn(
+ "AZURE_GERMANY is deprecated. Microsoft Cloud Germany was
closed on October 29th, 2021.",
+ DeprecationWarning,
+ stacklevel=2,
+ )
+ return "login.microsoftonline.de"
+ raise AttributeError(f"{name} not found in {cls.__name__}")
+
+
+class AzureAuthorityHosts(metaclass=AzureAuthorityHostsMeta):
AZURE_CHINA = "login.chinacloudapi.cn"
- AZURE_GERMANY = "login.microsoftonline.de"
AZURE_GOVERNMENT = "login.microsoftonline.us"
AZURE_PUBLIC_CLOUD = "login.microsoftonline.com"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/_credentials/azure_pipelines.py
new/azure_identity-1.19.0/azure/identity/_credentials/azure_pipelines.py
--- old/azure_identity-1.18.0/azure/identity/_credentials/azure_pipelines.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/_credentials/azure_pipelines.py
2024-10-08 00:19:03.000000000 +0200
@@ -24,7 +24,12 @@
def build_oidc_request(service_connection_id: str, access_token: str) ->
HttpRequest:
base_uri = os.environ[SYSTEM_OIDCREQUESTURI].rstrip("/")
url =
f"{base_uri}?api-version={OIDC_API_VERSION}&serviceConnectionId={service_connection_id}"
- headers = {"Content-Type": "application/json", "Authorization": f"Bearer
{access_token}"}
+ headers = {
+ "Content-Type": "application/json",
+ "Authorization": f"Bearer {access_token}",
+ # Prevents the service from responding with a redirect HTTP status
code (useful for automation).
+ "X-TFS-FedAuthRedirect": "Suppress",
+ }
return HttpRequest("POST", url, headers=headers)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/_credentials/chained.py
new/azure_identity-1.19.0/azure/identity/_credentials/chained.py
--- old/azure_identity-1.18.0/azure/identity/_credentials/chained.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/_credentials/chained.py
2024-10-08 00:19:03.000000000 +0200
@@ -37,7 +37,8 @@
"""A sequence of credentials that is itself a credential.
Its :func:`get_token` method calls ``get_token`` on each credential in the
sequence, in order, returning the first
- valid token received.
+ valid token received. For more information, see
+
https://aka.ms/azsdk/python/identity/credential-chains#chainedtokencredential-overview.
:param credentials: credential instances to form the chain
:type credentials: ~azure.core.credentials.TokenCredential
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/_credentials/default.py
new/azure_identity-1.19.0/azure/identity/_credentials/default.py
--- old/azure_identity-1.18.0/azure/identity/_credentials/default.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/_credentials/default.py
2024-10-08 00:19:03.000000000 +0200
@@ -24,7 +24,8 @@
class DefaultAzureCredential(ChainedTokenCredential):
- """A default credential capable of handling most Azure SDK authentication
scenarios.
+ """A credential capable of handling most Azure SDK authentication
scenarios. See
+
https://aka.ms/azsdk/python/identity/credential-chains#usage-guidance-for-defaultazurecredential.
The identity it uses depends on the environment. When an access token is
needed, it requests one using these
identities in turn, stopping when one provides a token:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/_credentials/on_behalf_of.py
new/azure_identity-1.19.0/azure/identity/_credentials/on_behalf_of.py
--- old/azure_identity-1.18.0/azure/identity/_credentials/on_behalf_of.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/_credentials/on_behalf_of.py
2024-10-08 00:19:03.000000000 +0200
@@ -136,7 +136,10 @@
if result and "access_token" in result and "expires_in" in
result:
refresh_on = int(result["refresh_on"]) if "refresh_on" in
result else None
return AccessTokenInfo(
- result["access_token"], now +
int(result["expires_in"]), refresh_on=refresh_on
+ result["access_token"],
+ now + int(result["expires_in"]),
+ token_type=result.get("token_type", "Bearer"),
+ refresh_on=refresh_on,
)
return None
@@ -157,4 +160,9 @@
pass # non-fatal; we'll use the assertion again next time instead
of a refresh token
refresh_on = int(result["refresh_on"]) if "refresh_on" in result else
None
- return AccessTokenInfo(result["access_token"], request_time +
int(result["expires_in"]), refresh_on=refresh_on)
+ return AccessTokenInfo(
+ result["access_token"],
+ request_time + int(result["expires_in"]),
+ token_type=result.get("token_type", "Bearer"),
+ refresh_on=refresh_on,
+ )
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/_credentials/silent.py
new/azure_identity-1.19.0/azure/identity/_credentials/silent.py
--- old/azure_identity-1.18.0/azure/identity/_credentials/silent.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/_credentials/silent.py
2024-10-08 00:19:03.000000000 +0200
@@ -186,8 +186,15 @@
result = client_application.acquire_token_silent_with_error(
list(scopes), account=account,
claims_challenge=kwargs.get("claims")
)
+
if result and "access_token" in result and "expires_in" in result:
- return AccessTokenInfo(result["access_token"], now +
int(result["expires_in"]))
+ refresh_on = int(result["refresh_on"]) if "refresh_on" in
result else None
+ return AccessTokenInfo(
+ result["access_token"],
+ now + int(result["expires_in"]),
+ token_type=result.get("token_type", "Bearer"),
+ refresh_on=refresh_on,
+ )
# if we get this far, the cache contained a matching account but MSAL
failed to authenticate it silently
if result:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/_credentials/vscode.py
new/azure_identity-1.19.0/azure/identity/_credentials/vscode.py
--- old/azure_identity-1.18.0/azure/identity/_credentials/vscode.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/_credentials/vscode.py
2024-10-08 00:19:03.000000000 +0200
@@ -77,8 +77,6 @@
authority = AzureAuthorityHosts.AZURE_PUBLIC_CLOUD
elif self._cloud == "AzureChinaCloud":
authority = AzureAuthorityHosts.AZURE_CHINA
- elif self._cloud == "AzureGermanCloud":
- authority = AzureAuthorityHosts.AZURE_GERMANY
elif self._cloud == "AzureUSGovernment":
authority = AzureAuthorityHosts.AZURE_GOVERNMENT
else:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/_internal/aad_client_base.py
new/azure_identity-1.19.0/azure/identity/_internal/aad_client_base.py
--- old/azure_identity-1.18.0/azure/identity/_internal/aad_client_base.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/_internal/aad_client_base.py
2024-10-08 00:19:03.000000000 +0200
@@ -95,7 +95,9 @@
expires_on = int(token["expires_on"])
if expires_on > int(time.time()):
refresh_on = int(token["refresh_on"]) if "refresh_on" in token
else None
- return AccessTokenInfo(token["secret"], expires_on,
refresh_on=refresh_on)
+ return AccessTokenInfo(
+ token["secret"], expires_on,
token_type=token.get("token_type", "Bearer"), refresh_on=refresh_on
+ )
return None
def get_cached_refresh_tokens(self, scopes: Iterable[str], **kwargs) ->
List[Dict]:
@@ -178,7 +180,9 @@
content["refresh_in"] = expires_in // 2
refresh_on = request_time + int(content["refresh_in"]) if "refresh_in"
in content else None
- token = AccessTokenInfo(content["access_token"], expires_on,
refresh_on=refresh_on)
+ token = AccessTokenInfo(
+ content["access_token"], expires_on,
token_type=content.get("token_type", "Bearer"), refresh_on=refresh_on
+ )
# caching is the final step because 'add' mutates 'content'
cache.add(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/_internal/client_credential_base.py
new/azure_identity-1.19.0/azure/identity/_internal/client_credential_base.py
---
old/azure_identity-1.18.0/azure/identity/_internal/client_credential_base.py
2024-09-19 21:04:28.000000000 +0200
+++
new/azure_identity-1.19.0/azure/identity/_internal/client_credential_base.py
2024-10-08 00:19:03.000000000 +0200
@@ -34,6 +34,7 @@
return AccessTokenInfo(
result["access_token"],
request_time + int(result["expires_in"]),
+ token_type=result.get("token_type", "Bearer"),
refresh_on=refresh_on,
)
return None
@@ -51,5 +52,6 @@
return AccessTokenInfo(
result["access_token"],
request_time + int(result["expires_in"]),
+ token_type=result.get("token_type", "Bearer"),
refresh_on=refresh_on,
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/_internal/interactive.py
new/azure_identity-1.19.0/azure/identity/_internal/interactive.py
--- old/azure_identity-1.18.0/azure/identity/_internal/interactive.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/_internal/interactive.py
2024-10-08 00:19:03.000000000 +0200
@@ -27,7 +27,6 @@
_DEFAULT_AUTHENTICATE_SCOPES = {
"https://"; + KnownAuthorities.AZURE_CHINA:
("https://management.core.chinacloudapi.cn//.default";,),
- "https://"; + KnownAuthorities.AZURE_GERMANY:
("https://management.core.cloudapi.de//.default";,),
"https://"; + KnownAuthorities.AZURE_GOVERNMENT:
("https://management.core.usgovcloudapi.net//.default";,),
"https://"; + KnownAuthorities.AZURE_PUBLIC_CLOUD:
("https://management.core.windows.net//.default";,),
}
@@ -286,7 +285,10 @@
if result and "access_token" in result and "expires_in" in
result:
refresh_on = int(result["refresh_on"]) if "refresh_on" in
result else None
return AccessTokenInfo(
- result["access_token"], now +
int(result["expires_in"]), refresh_on=refresh_on
+ result["access_token"],
+ now + int(result["expires_in"]),
+ token_type=result.get("token_type", "Bearer"),
+ refresh_on=refresh_on,
)
# if we get this far, result is either None or the content of a
Microsoft Entra ID error response
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/_internal/managed_identity_client.py
new/azure_identity-1.19.0/azure/identity/_internal/managed_identity_client.py
---
old/azure_identity-1.18.0/azure/identity/_internal/managed_identity_client.py
2024-09-19 21:04:28.000000000 +0200
+++
new/azure_identity-1.19.0/azure/identity/_internal/managed_identity_client.py
2024-10-08 00:19:03.000000000 +0200
@@ -76,7 +76,12 @@
content["refresh_in"] = expires_in // 2
refresh_on = request_time + int(content["refresh_in"]) if "refresh_in"
in content else None
- token = AccessTokenInfo(content["access_token"],
content["expires_on"], refresh_on=refresh_on)
+ token = AccessTokenInfo(
+ content["access_token"],
+ content["expires_on"],
+ token_type=content.get("token_type", "Bearer"),
+ refresh_on=refresh_on,
+ )
# caching is the final step because TokenCache.add mutates its "event"
self._cache.add(
@@ -93,7 +98,9 @@
expires_on = int(token["expires_on"])
refresh_on = int(token["refresh_on"]) if "refresh_on" in token
else None
if expires_on > now and (not refresh_on or refresh_on > now):
- return AccessTokenInfo(token["secret"], expires_on,
refresh_on=refresh_on)
+ return AccessTokenInfo(
+ token["secret"], expires_on,
token_type=token.get("token_type", "Bearer"), refresh_on=refresh_on
+ )
return None
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/_internal/msal_managed_identity_client.py
new/azure_identity-1.19.0/azure/identity/_internal/msal_managed_identity_client.py
---
old/azure_identity-1.18.0/azure/identity/_internal/msal_managed_identity_client.py
2024-09-19 21:04:28.000000000 +0200
+++
new/azure_identity-1.19.0/azure/identity/_internal/msal_managed_identity_client.py
2024-10-08 00:19:03.000000000 +0200
@@ -53,7 +53,12 @@
now = int(time.time())
if result and "access_token" in result and "expires_in" in result:
refresh_on = int(result["refresh_on"]) if "refresh_on" in result
else None
- return AccessTokenInfo(result["access_token"], now +
int(result["expires_in"]), refresh_on=refresh_on)
+ return AccessTokenInfo(
+ result["access_token"],
+ now + int(result["expires_in"]),
+ token_type=result.get("token_type", "Bearer"),
+ refresh_on=refresh_on,
+ )
if result and "error" in result:
error_desc = cast(str, result["error"])
error_message = self.get_unavailable_message(error_desc)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/_internal/shared_token_cache.py
new/azure_identity-1.19.0/azure/identity/_internal/shared_token_cache.py
--- old/azure_identity-1.18.0/azure/identity/_internal/shared_token_cache.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/_internal/shared_token_cache.py
2024-10-08 00:19:03.000000000 +0200
@@ -243,7 +243,9 @@
expires_on = int(token["expires_on"])
refresh_on = int(token["refresh_on"]) if "refresh_on" in token
else None
if expires_on - 300 > int(time.time()):
- return AccessTokenInfo(token["secret"], expires_on,
refresh_on=refresh_on)
+ return AccessTokenInfo(
+ token["secret"], expires_on,
token_type=token.get("token_type", "Bearer"), refresh_on=refresh_on
+ )
except Exception as ex: # pylint:disable=broad-except
message = "Error accessing cached data: {}".format(ex)
raise CredentialUnavailableError(message=message) from ex
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_identity-1.18.0/azure/identity/_version.py
new/azure_identity-1.19.0/azure/identity/_version.py
--- old/azure_identity-1.18.0/azure/identity/_version.py 2024-09-19
21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/_version.py 2024-10-08
00:19:03.000000000 +0200
@@ -2,4 +2,4 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# ------------------------------------
-VERSION = "1.18.0"
+VERSION = "1.19.0"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/aio/_credentials/chained.py
new/azure_identity-1.19.0/azure/identity/aio/_credentials/chained.py
--- old/azure_identity-1.18.0/azure/identity/aio/_credentials/chained.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/aio/_credentials/chained.py
2024-10-08 00:19:03.000000000 +0200
@@ -21,7 +21,8 @@
"""A sequence of credentials that is itself a credential.
Its :func:`get_token` method calls ``get_token`` on each credential in the
sequence, in order, returning the first
- valid token received.
+ valid token received. For more information, see
+
https://aka.ms/azsdk/python/identity/credential-chains#chainedtokencredential-overview.
:param credentials: credential instances to form the chain
:type credentials: ~azure.core.credentials.AsyncTokenCredential
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure/identity/aio/_credentials/default.py
new/azure_identity-1.19.0/azure/identity/aio/_credentials/default.py
--- old/azure_identity-1.18.0/azure/identity/aio/_credentials/default.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/azure/identity/aio/_credentials/default.py
2024-10-08 00:19:03.000000000 +0200
@@ -25,7 +25,8 @@
class DefaultAzureCredential(ChainedTokenCredential):
- """A default credential capable of handling most Azure SDK authentication
scenarios.
+ """A credential capable of handling most Azure SDK authentication
scenarios. See
+
https://aka.ms/azsdk/python/identity/credential-chains#usage-guidance-for-defaultazurecredential.
The identity it uses depends on the environment. When an access token is
needed, it requests one using these
identities in turn, stopping when one provides a token:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/azure_identity.egg-info/PKG-INFO
new/azure_identity-1.19.0/azure_identity.egg-info/PKG-INFO
--- old/azure_identity-1.18.0/azure_identity.egg-info/PKG-INFO 2024-09-19
21:06:10.000000000 +0200
+++ new/azure_identity-1.19.0/azure_identity.egg-info/PKG-INFO 2024-10-08
00:20:48.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: azure-identity
-Version: 1.18.0
+Version: 1.19.0
Summary: Microsoft Azure Identity Library for Python
Home-page:
https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity
Author: Microsoft Corporation
@@ -87,21 +87,7 @@
### DefaultAzureCredential
-`DefaultAzureCredential` is appropriate for most applications that will run in
Azure because it combines common production credentials with development
credentials. `DefaultAzureCredential` attempts to authenticate via the
following mechanisms, in this order, stopping when one succeeds:
-
->Note: `DefaultAzureCredential` is intended to simplify getting started with
the library by handling common
->scenarios with reasonable default behaviors. Developers who want more control
or whose scenario
->isn't served by the default settings should use other credential types.
-
-
-
-1. **Environment** - `DefaultAzureCredential` reads account information
specified via [environment variables](#environment-variables "environment
variables") and uses it to authenticate.
-1. **Workload Identity** - If the application is deployed to Azure Kubernetes
Service with Managed Identity enabled, `DefaultAzureCredential` authenticates
with it.
-1. **Managed Identity** - If the application is deployed to an Azure host with
Managed Identity enabled, `DefaultAzureCredential` authenticates with it.
-1. **Azure CLI** - If a user signed in via the Azure CLI `az login` command,
`DefaultAzureCredential` authenticates as that user.
-1. **Azure PowerShell** - If a user signed in via Azure PowerShell's
`Connect-AzAccount` command, `DefaultAzureCredential` authenticates as that
user.
-1. **Azure Developer CLI** - If the developer authenticated via the Azure
Developer CLI `azd auth login` command, `DefaultAzureCredential` authenticates
with that account.
-1. **Interactive browser** - If enabled, `DefaultAzureCredential`
interactively authenticates a user via the default browser. This credential
type is disabled by default.
+`DefaultAzureCredential` simplifies authentication while developing apps that
deploy to Azure by combining credentials used in Azure hosting environments
with credentials used in local development. For more information, see
[DefaultAzureCredential overview][dac_overview].
#### Continuation policy
@@ -146,7 +132,7 @@
When enabled, `DefaultAzureCredential` falls back to interactively
authenticating via the system's default web browser when no other credential is
available.
-#### Specify a user-assigned managed identity for `DefaultAzureCredential`
+#### Specify a user-assigned managed identity with `DefaultAzureCredential`
Many Azure hosts allow the assignment of a user-assigned managed identity. To
configure `DefaultAzureCredential` to authenticate a user-assigned managed
identity, use the `managed_identity_client_id` keyword argument:
@@ -158,20 +144,7 @@
### Define a custom authentication flow with `ChainedTokenCredential`
-`DefaultAzureCredential` is generally the quickest way to get started
developing applications for Azure. For more advanced scenarios,
[ChainedTokenCredential][chain_cred_ref] links multiple credential instances to
be tried sequentially when authenticating. It tries each credential in turn
until one provides a token or fails to authenticate due to an error.
-
-The following example demonstrates creating a credential that first attempts
to authenticate using managed identity. The credential falls back to
authenticating via the Azure CLI when a managed identity is unavailable. This
example uses the `EventHubProducerClient` from the
[azure-eventhub][azure_eventhub] client library.
-
-```python
-from azure.eventhub import EventHubProducerClient
-from azure.identity import AzureCliCredential, ChainedTokenCredential,
ManagedIdentityCredential
-
-managed_identity = ManagedIdentityCredential()
-azure_cli = AzureCliCredential()
-credential_chain = ChainedTokenCredential(managed_identity, azure_cli)
-
-client = EventHubProducerClient(namespace, eventhub_name, credential_chain)
-```
+While `DefaultAzureCredential` is generally the quickest way to authenticate
apps for Azure, you can create a customized chain of credentials to be
considered. `ChainedTokenCredential` enables users to combine multiple
credential instances to define a customized chain of credentials. For more
information, see [ChainedTokenCredential overview][ctc_overview].
### Async credentials
@@ -217,13 +190,42 @@
### Examples
+These examples demonstrate authenticating `SecretClient` from the
[`azure-keyvault-secrets`](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-keyvault-secrets)
library with `ManagedIdentityCredential`.
+
+
#### Authenticate with a user-assigned managed identity
+To authenticate with a user-assigned managed identity, you must specify one of
the following IDs for the managed identity.
+
+##### Client ID
+
```python
from azure.identity import ManagedIdentityCredential
from azure.keyvault.secrets import SecretClient
-credential = ManagedIdentityCredential(client_id=managed_identity_client_id)
+credential = ManagedIdentityCredential(client_id="managed_identity_client_id")
+client = SecretClient("https://my-vault.vault.azure.net";, credential)
+```
+
+##### Resource ID
+
+```python
+from azure.identity import ManagedIdentityCredential
+from azure.keyvault.secrets import SecretClient
+
+resource_id =
"/subscriptions/<id>/resourceGroups/<rg>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<mi-name>"
+
+credential = ManagedIdentityCredential(identity_config={"resource_id":
resource_id})
+client = SecretClient("https://my-vault.vault.azure.net";, credential)
+```
+
+##### Object ID
+
+```python
+from azure.identity import ManagedIdentityCredential
+from azure.keyvault.secrets import SecretClient
+
+credential = ManagedIdentityCredential(identity_config={"object_id":
"managed_identity_object_id"})
client = SecretClient("https://my-vault.vault.azure.net";, credential)
```
@@ -423,6 +425,8 @@
[cli_cred_ref]: https://aka.ms/azsdk/python/identity/azclicredential
[client_assertion_cred_ref]:
https://aka.ms/azsdk/python/identity/clientassertioncredential
[client_secret_cred_ref]:
https://aka.ms/azsdk/python/identity/clientsecretcredential
+[ctc_overview]:
https://aka.ms/azsdk/python/identity/credential-chains#chainedtokencredential-overview
+[dac_overview]:
https://aka.ms/azsdk/python/identity/credential-chains#defaultazurecredential-overview
[default_cred_ref]: https://aka.ms/azsdk/python/identity/defaultazurecredential
[device_code_cred_ref]:
https://aka.ms/azsdk/python/identity/devicecodecredential
[environment_cred_ref]:
https://aka.ms/azsdk/python/identity/environmentcredential
@@ -444,6 +448,16 @@
# Release History
+## 1.19.0 (2024-10-08)
+
+### Bugs Fixed
+
+- Fixed the request sent in `AzurePipelinesCredential` so it doesn't result in
a redirect response when an invalid system access token is provided.
([#37510](https://github.com/Azure/azure-sdk-for-python/pull/37510))
+
+### Other Changes
+
+- Deprecated `AzureAuthorityHosts.AZURE_GERMANY`
+
## 1.18.0 (2024-09-19)
### Features Added
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/tests/test_azure_pipelines_credential.py
new/azure_identity-1.19.0/tests/test_azure_pipelines_credential.py
--- old/azure_identity-1.18.0/tests/test_azure_pipelines_credential.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/tests/test_azure_pipelines_credential.py
2024-10-08 00:19:03.000000000 +0200
@@ -8,6 +8,7 @@
import pytest
from azure.core.rest import HttpRequest
+from azure.core.exceptions import ClientAuthenticationError
from azure.identity import (
AzurePipelinesCredential,
ChainedTokenCredential,
@@ -134,3 +135,29 @@
token = getattr(credential, get_token_method)(scope)
assert token.token
assert isinstance(token.expires_on, int)
+
+
[email protected]_test_only("Requires Azure Pipelines environment with
configured service connection")
[email protected]("get_token_method", GET_TOKEN_METHODS)
+def
test_azure_pipelines_credential_authentication_invalid_token(get_token_method):
+ system_access_token = "invalid"
+ service_connection_id = os.environ.get("AZURE_SERVICE_CONNECTION_ID", "")
+ tenant_id = os.environ.get("AZURE_SERVICE_CONNECTION_TENANT_ID", "")
+ client_id = os.environ.get("AZURE_SERVICE_CONNECTION_CLIENT_ID", "")
+
+ scope = "https://vault.azure.net/.default";
+
+ if not all([service_connection_id, tenant_id, client_id]):
+ pytest.skip("This test requires environment variables to be set")
+
+ credential = AzurePipelinesCredential(
+ system_access_token=system_access_token,
+ tenant_id=tenant_id,
+ client_id=client_id,
+ service_connection_id=service_connection_id,
+ )
+
+ with pytest.raises(ClientAuthenticationError) as ex:
+ getattr(credential, get_token_method)(scope)
+
+ assert ex.value.status_code == 401
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/tests/test_azure_pipelines_credential_async.py
new/azure_identity-1.19.0/tests/test_azure_pipelines_credential_async.py
--- old/azure_identity-1.18.0/tests/test_azure_pipelines_credential_async.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/tests/test_azure_pipelines_credential_async.py
2024-10-08 00:19:03.000000000 +0200
@@ -7,6 +7,7 @@
from unittest.mock import AsyncMock, patch
import pytest
+from azure.core.exceptions import ClientAuthenticationError
from azure.identity import CredentialUnavailableError
from azure.identity._credentials.azure_pipelines import SYSTEM_OIDCREQUESTURI
from azure.identity.aio import AzurePipelinesCredential,
ChainedTokenCredential, ClientAssertionCredential
@@ -117,3 +118,30 @@
token = await getattr(credential, get_token_method)(scope)
assert token.token
assert isinstance(token.expires_on, int)
+
+
[email protected]
[email protected]_test_only("Requires Azure Pipelines environment with
configured service connection")
[email protected]("get_token_method", GET_TOKEN_METHODS)
+async def
test_azure_pipelines_credential_authentication_invalid_token(get_token_method):
+ system_access_token = "invalid"
+ service_connection_id = os.environ.get("AZURE_SERVICE_CONNECTION_ID", "")
+ tenant_id = os.environ.get("AZURE_SERVICE_CONNECTION_TENANT_ID", "")
+ client_id = os.environ.get("AZURE_SERVICE_CONNECTION_CLIENT_ID", "")
+
+ scope = "https://vault.azure.net/.default";
+
+ if not all([service_connection_id, tenant_id, client_id]):
+ pytest.skip("This test requires environment variables to be set")
+
+ credential = AzurePipelinesCredential(
+ system_access_token=system_access_token,
+ tenant_id=tenant_id,
+ client_id=client_id,
+ service_connection_id=service_connection_id,
+ )
+
+ with pytest.raises(ClientAuthenticationError) as ex:
+ await getattr(credential, get_token_method)(scope)
+
+ assert ex.value.status_code == 401
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/tests/test_interactive_credential.py
new/azure_identity-1.19.0/tests/test_interactive_credential.py
--- old/azure_identity-1.18.0/tests/test_interactive_credential.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/tests/test_interactive_credential.py
2024-10-08 00:19:03.000000000 +0200
@@ -183,7 +183,6 @@
"authority,expected_scope",
(
(KnownAuthorities.AZURE_CHINA,
"https://management.core.chinacloudapi.cn//.default";),
- (KnownAuthorities.AZURE_GERMANY,
"https://management.core.cloudapi.de//.default";),
(KnownAuthorities.AZURE_GOVERNMENT,
"https://management.core.usgovcloudapi.net//.default";),
(KnownAuthorities.AZURE_PUBLIC_CLOUD,
"https://management.core.windows.net//.default";),
),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/tests/test_vscode_credential.py
new/azure_identity-1.19.0/tests/test_vscode_credential.py
--- old/azure_identity-1.18.0/tests/test_vscode_credential.py 2024-09-19
21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/tests/test_vscode_credential.py 2024-10-08
00:19:03.000000000 +0200
@@ -256,7 +256,6 @@
(
("AzureCloud", AzureAuthorityHosts.AZURE_PUBLIC_CLOUD),
("AzureChinaCloud", AzureAuthorityHosts.AZURE_CHINA),
- ("AzureGermanCloud", AzureAuthorityHosts.AZURE_GERMANY),
("AzureUSGovernment", AzureAuthorityHosts.AZURE_GOVERNMENT),
),
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_identity-1.18.0/tests/test_vscode_credential_async.py
new/azure_identity-1.19.0/tests/test_vscode_credential_async.py
--- old/azure_identity-1.18.0/tests/test_vscode_credential_async.py
2024-09-19 21:04:28.000000000 +0200
+++ new/azure_identity-1.19.0/tests/test_vscode_credential_async.py
2024-10-08 00:19:03.000000000 +0200
@@ -244,7 +244,6 @@
(
("AzureCloud", AzureAuthorityHosts.AZURE_PUBLIC_CLOUD),
("AzureChinaCloud", AzureAuthorityHosts.AZURE_CHINA),
- ("AzureGermanCloud", AzureAuthorityHosts.AZURE_GERMANY),
("AzureUSGovernment", AzureAuthorityHosts.AZURE_GOVERNMENT),
),
)
