Azure · chlowell · Jun 5, 2023 · Apr 24, 2023 · May 4, 2023 · Jun 2, 2023
@@ -38,6 +38,7 @@ var (
 	accessTokenRespSuccess    = []byte(fmt.Sprintf(`{"access_token": "%s", "expires_in": %d}`, tokenValue, tokenExpiresIn))
 	instanceDiscoveryResponse = getInstanceDiscoveryResponse(fakeTenantID)
 	tenantDiscoveryResponse   = getTenantDiscoveryResponse(fakeTenantID)
+	testTRO                   = policy.TokenRequestOptions{Scopes: []string{liveTestScope}}
 )
 
 // constants for this file

@@ -11,8 +11,6 @@ import (
 	"errors"
 	"testing"
 	"time"
-
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 )
 
 var (
@@ -38,7 +36,7 @@ func TestAzureCLICredential_GetTokenSuccess(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	at, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	at, err := cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -58,7 +56,7 @@ func TestAzureCLICredential_GetTokenInvalidToken(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Unable to create credential. Received: %v", err)
 	}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err == nil {
 		t.Fatalf("Expected an error but did not receive one.")
 	}
@@ -81,7 +79,7 @@ func TestAzureCLICredential_TenantID(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Unable to create credential. Received: %v", err)
 	}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatalf("Unexpected error: %v", err)
 	}

@@ -93,7 +93,7 @@ func TestChainedTokenCredential_GetTokenSuccess(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -118,7 +118,7 @@ func TestChainedTokenCredential_GetTokenFail(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if _, ok := err.(*AuthenticationFailedError); !ok {
 		t.Fatalf("expected AuthenticationFailedError, received %T", err)
 	}
@@ -138,7 +138,7 @@ func TestChainedTokenCredential_MultipleCredentialsGetTokenUnavailable(t *testin
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if _, ok := err.(*credentialUnavailableError); !ok {
 		t.Fatalf("expected credentialUnavailableError, received %T", err)
 	}
@@ -163,7 +163,7 @@ func TestChainedTokenCredential_MultipleCredentialsGetTokenAuthenticationFailed(
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if _, ok := err.(*AuthenticationFailedError); !ok {
 		t.Fatalf("expected AuthenticationFailedError, received %T", err)
 	}
@@ -185,7 +185,7 @@ func TestChainedTokenCredential_MultipleCredentialsGetTokenCustomName(t *testing
 		t.Fatal(err)
 	}
 	cred.name = "CustomNameCredential"
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if _, ok := err.(*credentialUnavailableError); !ok {
 		t.Fatalf("expected credentialUnavailableError, received %T", err)
 	}
@@ -208,17 +208,15 @@ func TestChainedTokenCredential_RepeatedGetTokenWithSuccessfulCredential(t *test
 		t.Fatal(err)
 	}
 
-	getTokenOptions := policy.TokenRequestOptions{Scopes: []string{liveTestScope}}
-
-	tk, err := cred.GetToken(context.Background(), getTokenOptions)
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	testGoodGetTokenResponse(t, tk, err)
 	if failedCredential.getTokenCalls != 1 {
 		t.Fatal("The failed credential getToken should have been called once")
 	}
 	if successfulCredential.getTokenCalls != 1 {
 		t.Fatalf("The successful credential getToken should have been called once")
 	}
-	tk2, err2 := cred.GetToken(context.Background(), getTokenOptions)
+	tk2, err2 := cred.GetToken(context.Background(), testTRO)
 	testGoodGetTokenResponse(t, tk2, err2)
 	if failedCredential.getTokenCalls != 1 {
 		t.Fatalf("The failed credential getToken should not have been called again")
@@ -239,17 +237,15 @@ func TestChainedTokenCredential_RepeatedGetTokenWithSuccessfulCredentialWithRetr
 		t.Fatal(err)
 	}
 
-	getTokenOptions := policy.TokenRequestOptions{Scopes: []string{liveTestScope}}
-
-	tk, err := cred.GetToken(context.Background(), getTokenOptions)
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	testGoodGetTokenResponse(t, tk, err)
 	if failedCredential.getTokenCalls != 1 {
 		t.Fatalf("The failed credential getToken should have been called once")
 	}
 	if successfulCredential.getTokenCalls != 1 {
 		t.Fatalf("The successful credential getToken should have been called once")
 	}
-	tk2, err2 := cred.GetToken(context.Background(), getTokenOptions)
+	tk2, err2 := cred.GetToken(context.Background(), testTRO)
 	testGoodGetTokenResponse(t, tk2, err2)
 	if failedCredential.getTokenCalls != 2 {
 		t.Fatalf("The failed credential getToken should have been called twice")
@@ -266,7 +262,6 @@ func TestChainedTokenCredential_Race(t *testing.T) {
 	authFailFake.SetResponse(azcore.AccessToken{}, newAuthenticationFailedError("", "", nil, nil))
 	unavailableFake := NewFakeCredential()
 	unavailableFake.SetResponse(azcore.AccessToken{}, newCredentialUnavailableError("", ""))
-	tro := policy.TokenRequestOptions{Scopes: []string{liveTestScope}}
 
 	for _, b := range []bool{true, false} {
 		t.Run(fmt.Sprintf("RetrySources_%v", b), func(t *testing.T) {
@@ -281,9 +276,9 @@ func TestChainedTokenCredential_Race(t *testing.T) {
 			)
 			for i := 0; i < 5; i++ {
 				go func() {
-					_, _ = success.GetToken(context.Background(), tro)
-					_, _ = failure.GetToken(context.Background(), tro)
-					_, _ = unavailable.GetToken(context.Background(), tro)
+					_, _ = success.GetToken(context.Background(), testTRO)
+					_, _ = failure.GetToken(context.Background(), testTRO)
+					_, _ = unavailable.GetToken(context.Background(), testTRO)
 				}()
 			}
 		})

@@ -14,7 +14,6 @@ import (
 	"testing"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/mock"
 )
 
@@ -41,15 +40,15 @@ func TestClientAssertionCredential(t *testing.T) {
 		t.Fatal(err)
 	}
 	ctx := context.WithValue(context.Background(), key, true)
-	_, err = cred.GetToken(ctx, policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(ctx, testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}
 	if calls != 1 {
 		t.Fatalf("expected 1 call, got %d", calls)
 	}
 	// silent authentication should now succeed
-	_, err = cred.GetToken(ctx, policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(ctx, testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -73,7 +72,7 @@ func TestClientAssertionCredentialCallbackError(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err == nil || !strings.Contains(err.Error(), expectedError.Error()) {
 		t.Fatalf(`unexpected error: "%v"`, err)
 	}

@@ -17,7 +17,6 @@ import (
 	"testing"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/mock"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/recording"
 )
@@ -84,7 +83,7 @@ func TestClientCertificateCredential_GetTokenSuccess(t *testing.T) {
 				t.Fatalf("Expected an empty error but received: %s", err.Error())
 			}
 			cred.client = fakeConfidentialClient{}
-			_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+			_, err = cred.GetToken(context.Background(), testTRO)
 			if err != nil {
 				t.Fatalf("Expected an empty error but received: %s", err.Error())
 			}
@@ -101,7 +100,7 @@ func TestClientCertificateCredential_GetTokenSuccess_withCertificateChain(t *tes
 				t.Fatalf("Expected an empty error but received: %s", err.Error())
 			}
 			cred.client = fakeConfidentialClient{}
-			_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+			_, err = cred.GetToken(context.Background(), testTRO)
 			if err != nil {
 				t.Fatalf("Expected an empty error but received: %s", err.Error())
 			}
@@ -124,7 +123,7 @@ func TestClientCertificateCredential_SendCertificateChain(t *testing.T) {
 			if err != nil {
 				t.Fatal(err)
 			}
-			tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+			tk, err := cred.GetToken(context.Background(), testTRO)
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -142,7 +141,7 @@ func TestClientCertificateCredential_GetTokenCheckPrivateKeyBlocks(t *testing.T)
 		t.Fatalf("Expected an empty error but received: %s", err.Error())
 	}
 	cred.client = fakeConfidentialClient{}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatalf("Expected an empty error but received: %s", err.Error())
 	}
@@ -283,7 +282,7 @@ func TestClientCertificateCredential_InvalidCertLive(t *testing.T) {
 		t.Fatalf("failed to construct credential: %v", err)
 	}
 
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if !reflect.ValueOf(tk).IsZero() {
 		t.Fatal("expected a zero value AccessToken")
 	}

@@ -12,7 +12,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/recording"
 )
 
@@ -34,7 +33,7 @@ func TestClientSecretCredential_GetTokenSuccess(t *testing.T) {
 		t.Fatalf("Unable to create credential. Received: %v", err)
 	}
 	cred.client = fakeConfidentialClient{}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatalf("Expected an empty error but received: %v", err)
 	}
@@ -84,7 +83,7 @@ func TestClientSecretCredential_InvalidSecretLive(t *testing.T) {
 	if err != nil {
 		t.Fatalf("failed to construct credential: %v", err)
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if !reflect.ValueOf(tk).IsZero() {
 		t.Fatal("expected a zero value AccessToken")
 	}

@@ -77,13 +77,16 @@ func TestDefaultAzureCredential_ConstructorErrorHandler(t *testing.T) {
 }
 
 func TestDefaultAzureCredential_ConstructorErrors(t *testing.T) {
+	// ensure NewEnvironmentCredential returns an error
+	t.Setenv(azureTenantID, "")
 	cred, err := NewDefaultAzureCredential(nil)
 	if err != nil {
 		t.Fatal(err)
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), time.Millisecond)
-	defer cancel()
-	_, err = cred.GetToken(ctx, policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	// make GetToken return an error in any runtime environment
+	ctx, cancel := context.WithCancel(context.Background())
+	cancel()
+	_, err = cred.GetToken(ctx, testTRO)
 	if err == nil {
 		t.Fatal("expected an error")
 	}
@@ -206,15 +209,15 @@ func TestDefaultAzureCredential_timeoutWrapper(t *testing.T) {
 	}
 	for i := 0; i < 2; i++ {
 		// expecting credentialUnavailableError because delay exceeds the wrapper's timeout
-		_, err = chain.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+		_, err = chain.GetToken(context.Background(), testTRO)
 		if _, ok := err.(*credentialUnavailableError); !ok {
 			t.Fatalf("expected credentialUnavailableError, got %T: %v", err, err)
 		}
 	}
 
 	// remove the delay so the credential can authenticate
 	dp.delay = 0
-	tk, err := chain.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := chain.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}

@@ -12,7 +12,6 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/recording"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
 )
@@ -35,7 +34,7 @@ func TestDeviceCodeCredential_GetTokenInvalidCredentials(t *testing.T) {
 		t.Fatalf("Unable to create credential. Received: %v", err)
 	}
 	cred.client = fakePublicClient{err: errors.New("invalid credentials")}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err == nil {
 		t.Fatalf("Expected an error but did not receive one.")
 	}
@@ -77,7 +76,7 @@ func TestDeviceCodeCredential_UserPromptError(t *testing.T) {
 			},
 		},
 	}
-	_, err = cred.GetToken(expectedCtx, policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(expectedCtx, testTRO)
 	if err == nil {
 		t.Fatal("expected an error")
 	}

@@ -15,7 +15,6 @@ import (
 	"testing"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/mock"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/recording"
 )
@@ -223,7 +222,7 @@ func TestEnvironmentCredential_SendCertificateChain(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -297,7 +296,7 @@ func TestEnvironmentCredential_InvalidClientSecretLive(t *testing.T) {
 	if err != nil {
 		t.Fatalf("failed to construct credential: %v", err)
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if !reflect.ValueOf(tk).IsZero() {
 		t.Fatal("expected a zero value AccessToken")
 	}
@@ -381,7 +380,7 @@ func TestEnvironmentCredential_InvalidPasswordLive(t *testing.T) {
 	if err != nil {
 		t.Fatalf("failed to construct credential: %v", err)
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if !reflect.ValueOf(tk).IsZero() {
 		t.Fatal("expected a zero value AccessToken")
 	}

@@ -41,7 +41,7 @@ func TestInteractiveBrowserCredential_GetTokenSuccess(t *testing.T) {
 			ExpiresOn:   time.Now().Add(1 * time.Hour),
 		},
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatalf("Expected an empty error but received: %v", err)
 	}
@@ -127,7 +127,6 @@ func TestInteractiveBrowserCredentialADFS_Live(t *testing.T) {
 	if adfsLiveUser.clientID == fakeClientID {
 		t.Skip("set ADFS_IDENTITY_TEST_CLIENT_ID environment variables to run this test live")
 	}
-	//Redirect URL is necessary
 	url := adfsLiveSP.redirectURL
 
 	cloudConfig := cloud.Configuration{ActiveDirectoryAuthorityHost: adfsAuthority}