diff --git a/sdk/identity/Azure.Identity/CHANGELOG.md b/sdk/identity/Azure.Identity/CHANGELOG.md
index 008244796c2ec..1fb23c426a082 100644
--- a/sdk/identity/Azure.Identity/CHANGELOG.md
+++ b/sdk/identity/Azure.Identity/CHANGELOG.md
@@ -4,6 +4,7 @@
### Features Added
- Continuous Access Evaluation (CAE) is now configurable per-request by setting the `IsCaeEnabled` property of `TokenRequestContext` via its constructor.
+- Added `IsSupportLoggingEnabled` property to `TokenCredentialOptions` which equates to passing 'true' for the `enablePiiLogging` parameter to the 'WithLogging' method on the MSAL client builder.
### Bugs Fixed
- Fixed an issue with `TokenCachePersistenceOptions` where credentials in the same process would share the same cache, even if they had different configured names.
diff --git a/sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs b/sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs
index 8b0fbcbdcaa47..5fd8da760fbb3 100644
--- a/sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs
+++ b/sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs
@@ -365,6 +365,7 @@ public partial class TokenCredentialOptions : Azure.Core.ClientOptions
public TokenCredentialOptions() { }
public System.Uri AuthorityHost { get { throw null; } set { } }
public new Azure.Identity.TokenCredentialDiagnosticsOptions Diagnostics { get { throw null; } }
+ public bool IsSupportLoggingEnabled { get { throw null; } set { } }
}
public abstract partial class UnsafeTokenCacheOptions : Azure.Identity.TokenCachePersistenceOptions
{
diff --git a/sdk/identity/Azure.Identity/src/Credentials/AzureCliCredential.cs b/sdk/identity/Azure.Identity/src/Credentials/AzureCliCredential.cs
index 74b9a4655e0ca..569cedcfd757e 100644
--- a/sdk/identity/Azure.Identity/src/Credentials/AzureCliCredential.cs
+++ b/sdk/identity/Azure.Identity/src/Credentials/AzureCliCredential.cs
@@ -67,7 +67,7 @@ public AzureCliCredential(AzureCliCredentialOptions options)
internal AzureCliCredential(CredentialPipeline pipeline, IProcessService processService, AzureCliCredentialOptions options = null)
{
- _logPII = options?.IsLoggingPIIEnabled ?? false;
+ _logPII = options?.IsSupportLoggingEnabled ?? false;
_logAccountDetails = options?.Diagnostics?.IsAccountIdentifierLoggingEnabled ?? false;
_pipeline = pipeline;
_path = !string.IsNullOrEmpty(EnvironmentVariables.Path) ? EnvironmentVariables.Path : DefaultPath;
diff --git a/sdk/identity/Azure.Identity/src/Credentials/AzureDeveloperCliCredential.cs b/sdk/identity/Azure.Identity/src/Credentials/AzureDeveloperCliCredential.cs
index d8d82014a5434..d09ab5c4f2ba1 100644
--- a/sdk/identity/Azure.Identity/src/Credentials/AzureDeveloperCliCredential.cs
+++ b/sdk/identity/Azure.Identity/src/Credentials/AzureDeveloperCliCredential.cs
@@ -62,7 +62,7 @@ public AzureDeveloperCliCredential(AzureDeveloperCliCredentialOptions options)
internal AzureDeveloperCliCredential(CredentialPipeline pipeline, IProcessService processService, AzureDeveloperCliCredentialOptions options = null)
{
- _logPII = options?.IsLoggingPIIEnabled ?? false;
+ _logPII = options?.IsSupportLoggingEnabled ?? false;
_logAccountDetails = options?.Diagnostics?.IsAccountIdentifierLoggingEnabled ?? false;
_pipeline = pipeline;
_processService = processService ?? ProcessService.Default;
diff --git a/sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredential.cs b/sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredential.cs
index 289028a0fa480..b09b8ff91356c 100644
--- a/sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredential.cs
+++ b/sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredential.cs
@@ -60,7 +60,7 @@ public AzurePowerShellCredential(AzurePowerShellCredentialOptions options) : thi
internal AzurePowerShellCredential(AzurePowerShellCredentialOptions options, CredentialPipeline pipeline, IProcessService processService)
{
UseLegacyPowerShell = false;
- _logPII = options?.IsLoggingPIIEnabled ?? false;
+ _logPII = options?.IsSupportLoggingEnabled ?? false;
_logAccountDetails = options?.Diagnostics?.IsAccountIdentifierLoggingEnabled ?? false;
TenantId = options?.TenantId;
_pipeline = pipeline ?? CredentialPipeline.GetInstance(options);
diff --git a/sdk/identity/Azure.Identity/src/Credentials/ClientCertificateCredentialOptions.cs b/sdk/identity/Azure.Identity/src/Credentials/ClientCertificateCredentialOptions.cs
index 6076009d8da78..4189a2708eed0 100644
--- a/sdk/identity/Azure.Identity/src/Credentials/ClientCertificateCredentialOptions.cs
+++ b/sdk/identity/Azure.Identity/src/Credentials/ClientCertificateCredentialOptions.cs
@@ -11,7 +11,7 @@ namespace Azure.Identity
public class ClientCertificateCredentialOptions : TokenCredentialOptions, ISupportsTokenCachePersistenceOptions, ISupportsDisableInstanceDiscovery, ISupportsAdditionallyAllowedTenants
{
///
- /// Specifies the to be used by the credential. If not options are specified, the token cache will not be persisted to disk.
+ /// Specifies the to be used by the credential. If no options are specified, the token cache will not be persisted to disk.
///
public TokenCachePersistenceOptions TokenCachePersistenceOptions { get; set; }
diff --git a/sdk/identity/Azure.Identity/src/Credentials/TokenCredentialOptions.cs b/sdk/identity/Azure.Identity/src/Credentials/TokenCredentialOptions.cs
index 0f31a3429b92f..203526becde1b 100644
--- a/sdk/identity/Azure.Identity/src/Credentials/TokenCredentialOptions.cs
+++ b/sdk/identity/Azure.Identity/src/Credentials/TokenCredentialOptions.cs
@@ -32,11 +32,12 @@ public Uri AuthorityHost
}
///
- /// Gets or sets value indicating if ETW logging that contains PII content should be logged.
- /// Setting this property will not disable redaction of Content. To enable logging of sensitive
+ /// Gets or sets value indicating if ETW logging that contains potentially sensitive content should be logged.
+ /// Setting this property to true will not disable redaction of Content. To enable logging of sensitive
/// the property must be set to true.
+ /// Setting this property to `true` equates to passing 'true' for the enablePiiLogging parameter to the 'WithLogging' method on the MSAL client builder.
///
- internal bool IsLoggingPIIEnabled { get; set; }
+ public bool IsSupportLoggingEnabled { get; set; }
internal virtual T Clone()
where T : TokenCredentialOptions, new()
@@ -46,7 +47,7 @@ internal virtual T Clone()
// copy TokenCredentialOptions Properties
clone.AuthorityHost = AuthorityHost;
- clone.IsLoggingPIIEnabled = IsLoggingPIIEnabled;
+ clone.IsSupportLoggingEnabled = IsSupportLoggingEnabled;
// copy TokenCredentialDiagnosticsOptions specific options
clone.Diagnostics.IsAccountIdentifierLoggingEnabled = Diagnostics.IsAccountIdentifierLoggingEnabled;
@@ -57,7 +58,7 @@ internal virtual T Clone()
// copy ISupportsTokenCachePersistenceOptions
CloneIfImplemented(this, clone, (o, c) => c.TokenCachePersistenceOptions = o.TokenCachePersistenceOptions);
- // copy ISupportsAdditinallyAllowedTenants
+ // copy ISupportsAdditionallyAllowedTenants
CloneIfImplemented(this, clone, (o, c) => CloneListItems(o.AdditionallyAllowedTenants, c.AdditionallyAllowedTenants));
// copy base ClientOptions properties, this would be replaced by a similar method on the base class
diff --git a/sdk/identity/Azure.Identity/src/Credentials/VisualStudioCredential.cs b/sdk/identity/Azure.Identity/src/Credentials/VisualStudioCredential.cs
index 78df884eea78c..979bedba8a1a5 100644
--- a/sdk/identity/Azure.Identity/src/Credentials/VisualStudioCredential.cs
+++ b/sdk/identity/Azure.Identity/src/Credentials/VisualStudioCredential.cs
@@ -52,7 +52,7 @@ public VisualStudioCredential(VisualStudioCredentialOptions options) : this(opti
internal VisualStudioCredential(string tenantId, CredentialPipeline pipeline, IFileSystemService fileSystem, IProcessService processService, VisualStudioCredentialOptions options = null)
{
- _logPII = options?.IsLoggingPIIEnabled ?? false;
+ _logPII = options?.IsSupportLoggingEnabled ?? false;
_logAccountDetails = options?.Diagnostics?.IsAccountIdentifierLoggingEnabled ?? false;
TenantId = tenantId;
_pipeline = pipeline ?? CredentialPipeline.GetInstance(null);
diff --git a/sdk/identity/Azure.Identity/src/MsalClientBase.cs b/sdk/identity/Azure.Identity/src/MsalClientBase.cs
index 57f2f70fc0814..32cdced34c475 100644
--- a/sdk/identity/Azure.Identity/src/MsalClientBase.cs
+++ b/sdk/identity/Azure.Identity/src/MsalClientBase.cs
@@ -16,7 +16,7 @@ internal abstract class MsalClientBase
private readonly AsyncLockWithValue<(TClient Client, TokenCache Cache)> _clientWithCaeAsyncLock;
private readonly bool _logAccountDetails;
private readonly TokenCachePersistenceOptions _tokenCachePersistenceOptions;
- protected internal bool IsPiiLoggingEnabled { get; }
+ protected internal bool IsSupportLoggingEnabled { get; }
protected internal bool DisableInstanceDiscovery { get; }
protected string[] cp1Capabilities = new[] { "CP1" };
protected internal CredentialPipeline Pipeline { get; }
@@ -44,7 +44,7 @@ protected MsalClientBase(CredentialPipeline pipeline, string tenantId, string cl
DisableInstanceDiscovery = options is ISupportsDisableInstanceDiscovery supportsDisableInstanceDiscovery && supportsDisableInstanceDiscovery.DisableInstanceDiscovery;
ISupportsTokenCachePersistenceOptions cacheOptions = options as ISupportsTokenCachePersistenceOptions;
_tokenCachePersistenceOptions = cacheOptions?.TokenCachePersistenceOptions;
- IsPiiLoggingEnabled = options?.IsLoggingPIIEnabled ?? false;
+ IsSupportLoggingEnabled = options?.IsSupportLoggingEnabled ?? false;
Pipeline = pipeline;
TenantId = tenantId;
ClientId = clientId;
@@ -85,7 +85,7 @@ await _clientWithCaeAsyncLock.GetLockOrValueAsync(async, cancellationToken).Conf
protected void LogMsal(LogLevel level, string message, bool isPii)
{
- if (!isPii || IsPiiLoggingEnabled)
+ if (!isPii || IsSupportLoggingEnabled)
{
AzureIdentityEventSource.Singleton.LogMsal(level, message);
}
diff --git a/sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs b/sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs
index e7b5ba5ea06e0..ce2bb99db6c75 100644
--- a/sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs
+++ b/sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs
@@ -73,7 +73,7 @@ protected virtual async ValueTask CreateClientCo
ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithHttpClientFactory(new HttpPipelineClientFactory(Pipeline.HttpPipeline))
- .WithLogging(LogMsal, enablePiiLogging: IsPiiLoggingEnabled);
+ .WithLogging(LogMsal, enablePiiLogging: IsSupportLoggingEnabled);
// Special case for using appTokenProviderCallback, authority validation and instance metadata discovery should be disabled since we're not calling the STS
// The authority matches the one configured in the CredentialOptions.
diff --git a/sdk/identity/Azure.Identity/src/MsalPublicClient.cs b/sdk/identity/Azure.Identity/src/MsalPublicClient.cs
index 1638f7b3abaaa..36417438b154c 100644
--- a/sdk/identity/Azure.Identity/src/MsalPublicClient.cs
+++ b/sdk/identity/Azure.Identity/src/MsalPublicClient.cs
@@ -43,7 +43,7 @@ protected virtual ValueTask CreateClientCoreAsync(bool
.Create(ClientId)
.WithAuthority(authorityUri)
.WithHttpClientFactory(new HttpPipelineClientFactory(Pipeline.HttpPipeline))
- .WithLogging(LogMsal, enablePiiLogging: IsPiiLoggingEnabled);
+ .WithLogging(LogMsal, enablePiiLogging: IsSupportLoggingEnabled);
if (!string.IsNullOrEmpty(RedirectUrl))
{
diff --git a/sdk/identity/Azure.Identity/tests/AuthorizationCodeCredentialTests.cs b/sdk/identity/Azure.Identity/tests/AuthorizationCodeCredentialTests.cs
index fa556a981ac52..0b9ca0be4c5ce 100644
--- a/sdk/identity/Azure.Identity/tests/AuthorizationCodeCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/AuthorizationCodeCredentialTests.cs
@@ -32,7 +32,8 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
{
Transport = config.Transport,
DisableInstanceDiscovery = config.DisableInstanceDiscovery,
- AdditionallyAllowedTenants = config.AdditionallyAllowedTenants
+ AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var pipeline = CredentialPipeline.GetInstance(options);
return InstrumentClient(
diff --git a/sdk/identity/Azure.Identity/tests/AzureCliCredentialTests.cs b/sdk/identity/Azure.Identity/tests/AzureCliCredentialTests.cs
index a2cc9215bbc18..2b190c25d4a08 100644
--- a/sdk/identity/Azure.Identity/tests/AzureCliCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/AzureCliCredentialTests.cs
@@ -32,6 +32,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
{
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
TenantId = config.TenantId,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var (_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzureCli();
var testProcess = new TestProcess { Output = processOutput };
diff --git a/sdk/identity/Azure.Identity/tests/AzureDeveloperCliCredentialTests.cs b/sdk/identity/Azure.Identity/tests/AzureDeveloperCliCredentialTests.cs
index 2584545f94a28..056e94f303e43 100644
--- a/sdk/identity/Azure.Identity/tests/AzureDeveloperCliCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/AzureDeveloperCliCredentialTests.cs
@@ -32,6 +32,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
{
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
TenantId = config.TenantId,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var (_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzureDeveloperCli();
var testProcess = new TestProcess { Output = processOutput };
diff --git a/sdk/identity/Azure.Identity/tests/AzurePowerShellCredentialsTests.cs b/sdk/identity/Azure.Identity/tests/AzurePowerShellCredentialsTests.cs
index 0688b6e61aa56..861fc582cc4a0 100644
--- a/sdk/identity/Azure.Identity/tests/AzurePowerShellCredentialsTests.cs
+++ b/sdk/identity/Azure.Identity/tests/AzurePowerShellCredentialsTests.cs
@@ -41,6 +41,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
{
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
TenantId = config.TenantId,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var (_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzurePowerShell(TimeSpan.FromSeconds(30));
var testProcess = new TestProcess { Output = processOutput };
diff --git a/sdk/identity/Azure.Identity/tests/ClientAssertionCredentialTests.cs b/sdk/identity/Azure.Identity/tests/ClientAssertionCredentialTests.cs
index 4159dbe11d177..2a69f8478c0e6 100644
--- a/sdk/identity/Azure.Identity/tests/ClientAssertionCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/ClientAssertionCredentialTests.cs
@@ -1,10 +1,7 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
-using System;
-using System.Threading.Tasks;
using Azure.Core;
-using Azure.Identity.Tests.Mock;
using NUnit.Framework;
namespace Azure.Identity.Tests
@@ -32,11 +29,14 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
{
Transport = config.Transport,
DisableInstanceDiscovery = config.DisableInstanceDiscovery,
- AdditionallyAllowedTenants = config.AdditionallyAllowedTenants
+ AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var pipeline = CredentialPipeline.GetInstance(options);
options.Pipeline = pipeline;
- return InstrumentClient(new ClientAssertionCredential(config.TenantId, ClientId, () => "assertion", options));
+ var cred = new ClientAssertionCredential(config.TenantId, ClientId, () => "assertion", options);
+ var instrumented = InstrumentClient(cred);
+ return instrumented;
}
}
}
diff --git a/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialTests.cs b/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialTests.cs
index cef6e8263fed4..4c67f76ccd904 100644
--- a/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialTests.cs
@@ -40,7 +40,8 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
{
Transport = config.Transport,
DisableInstanceDiscovery = config.DisableInstanceDiscovery,
- AdditionallyAllowedTenants = config.AdditionallyAllowedTenants
+ AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var pipeline = CredentialPipeline.GetInstance(options);
var certificatePath = Path.Combine(TestContext.CurrentContext.TestDirectory, "Data", "cert.pfx");
diff --git a/sdk/identity/Azure.Identity/tests/ClientSecretCredentialTests.cs b/sdk/identity/Azure.Identity/tests/ClientSecretCredentialTests.cs
index 70bb0a4dac2b1..3b4e467f8fc63 100644
--- a/sdk/identity/Azure.Identity/tests/ClientSecretCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/ClientSecretCredentialTests.cs
@@ -29,7 +29,8 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
{
Transport = config.Transport,
DisableInstanceDiscovery = config.DisableInstanceDiscovery,
- AdditionallyAllowedTenants = config.AdditionallyAllowedTenants
+ AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var pipeline = CredentialPipeline.GetInstance(options);
return InstrumentClient(new ClientSecretCredential(config.TenantId, ClientId, "secret", options, pipeline, null));
diff --git a/sdk/identity/Azure.Identity/tests/CredentialTestBase.cs b/sdk/identity/Azure.Identity/tests/CredentialTestBase.cs
index c9c4077c5eb8e..08b7968551549 100644
--- a/sdk/identity/Azure.Identity/tests/CredentialTestBase.cs
+++ b/sdk/identity/Azure.Identity/tests/CredentialTestBase.cs
@@ -73,6 +73,63 @@ public async Task IsAccountIdentifierLoggingEnabled([Values(true, false)] bool i
}
}
+ [Test]
+ public async Task RespectsIsSupportLoggingEnabled([Values(true, false)] bool isSupportLoggingEnabled)
+ {
+ using var _listener = new TestEventListener();
+ _listener.EnableEvents(AzureIdentityEventSource.Singleton, EventLevel.Verbose);
+
+ var token = Guid.NewGuid().ToString();
+ var idToken = CredentialTestHelpers.CreateMsalIdToken(Guid.NewGuid().ToString(), "userName", TenantId);
+ bool calledDiscoveryEndpoint = false;
+ bool isPubClient = false;
+ var mockTransport = new MockTransport(req =>
+ {
+ calledDiscoveryEndpoint |= req.Uri.Path.Contains("discovery/instance");
+
+ MockResponse response = new(200);
+ if (req.Uri.Path.EndsWith("/devicecode"))
+ {
+ response = CredentialTestHelpers.CreateMockMsalDeviceCodeResponse();
+ }
+ else if (req.Uri.Path.Contains("/userrealm/"))
+ {
+ response.SetContent(UserrealmResponse);
+ }
+ else
+ {
+ if (isPubClient || typeof(TCredOptions) == typeof(AuthorizationCodeCredentialOptions))
+ {
+ response = CredentialTestHelpers.CreateMockMsalTokenResponse(200, token, TenantId, ExpectedUsername, ObjectId);
+ }
+ else
+ {
+ response.SetContent($"{{\"token_type\": \"Bearer\",\"expires_in\": 9999,\"ext_expires_in\": 9999,\"access_token\": \"{token}\" }}");
+ }
+ }
+
+ return response;
+ });
+
+ var config = new CommonCredentialTestConfig()
+ {
+ Transport = mockTransport,
+ TenantId = TenantId,
+ IsSupportLoggingEnabled = isSupportLoggingEnabled
+ };
+ var credential = GetTokenCredential(config);
+ if (!CredentialTestHelpers.IsMsalCredential(credential))
+ {
+ Assert.Ignore($"{credential.GetType().Name} is not an MSAL credential.");
+ }
+ isPubClient = CredentialTestHelpers.IsCredentialTypePubClient(credential);
+ AccessToken actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default, null), default);
+
+ Assert.AreEqual(token, actualToken.Token);
+ string expectedPrefix = isSupportLoggingEnabled ? "True" : "False";
+ Assert.True(_listener.EventData.Any(d => d.Payload.Any(p => p.ToString().StartsWith($"{expectedPrefix} MSAL"))));
+ }
+
[Test]
[NonParallelizable]
public async Task DisableInstanceMetadataDiscovery([Values(true, false)] bool disable)
diff --git a/sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs b/sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs
index 28c28f1bb1c7e..02ce23e3fc3ab 100644
--- a/sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs
+++ b/sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs
@@ -17,6 +17,7 @@
using Azure.Identity.Tests.Mock;
using Microsoft.Identity.Client;
using NUnit.Framework;
+using Castle.DynamicProxy;
namespace Azure.Identity.Tests
{
diff --git a/sdk/identity/Azure.Identity/tests/DeviceCodeCredentialTests.cs b/sdk/identity/Azure.Identity/tests/DeviceCodeCredentialTests.cs
index 308b8c517ab8f..98cc65f0f4c9e 100644
--- a/sdk/identity/Azure.Identity/tests/DeviceCodeCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/DeviceCodeCredentialTests.cs
@@ -64,7 +64,8 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
{
Transport = config.Transport,
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
- DisableInstanceDiscovery = config.DisableInstanceDiscovery
+ DisableInstanceDiscovery = config.DisableInstanceDiscovery,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var pipeline = CredentialPipeline.GetInstance(options);
return InstrumentClient(new DeviceCodeCredential((code, _) =>
@@ -97,15 +98,6 @@ public async Task AuthenticateWithDeviceCodeMockAsync([Values(null, TenantIdHint
Assert.AreEqual(token.Token, expectedToken);
}
- [Test]
- public void RespectsIsPIILoggingEnabled([Values(true, false)] bool isLoggingPIIEnabled)
- {
- var credential = new DeviceCodeCredential(new DeviceCodeCredentialOptions { IsLoggingPIIEnabled = isLoggingPIIEnabled });
-
- Assert.NotNull(credential.Client);
- Assert.AreEqual(isLoggingPIIEnabled, credential.Client.IsPiiLoggingEnabled);
- }
-
[Test]
[NonParallelizable]
public async Task AuthenticateWithDeviceCodeNoCallback()
diff --git a/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientCertificateTests.cs b/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientCertificateTests.cs
index b5ef056ffd57c..669d77dc5ce62 100644
--- a/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientCertificateTests.cs
+++ b/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientCertificateTests.cs
@@ -45,7 +45,8 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
var options = new EnvironmentCredentialOptions
{
Transport = config.Transport,
- DisableInstanceDiscovery = config.DisableInstanceDiscovery
+ DisableInstanceDiscovery = config.DisableInstanceDiscovery,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var pipeline = CredentialPipeline.GetInstance(options);
diff --git a/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientSecretTests.cs b/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientSecretTests.cs
index 6905333fc973d..1b36ab812d6ef 100644
--- a/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientSecretTests.cs
+++ b/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientSecretTests.cs
@@ -45,7 +45,8 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
var options = new EnvironmentCredentialOptions
{
Transport = config.Transport,
- DisableInstanceDiscovery = config.DisableInstanceDiscovery
+ DisableInstanceDiscovery = config.DisableInstanceDiscovery,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var pipeline = CredentialPipeline.GetInstance(options);
diff --git a/sdk/identity/Azure.Identity/tests/EnvironmentCredential_UserNamePasswordTests.cs b/sdk/identity/Azure.Identity/tests/EnvironmentCredential_UserNamePasswordTests.cs
index 945e0f048d47c..58add0668a93f 100644
--- a/sdk/identity/Azure.Identity/tests/EnvironmentCredential_UserNamePasswordTests.cs
+++ b/sdk/identity/Azure.Identity/tests/EnvironmentCredential_UserNamePasswordTests.cs
@@ -47,6 +47,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
{
Transport = config.Transport,
DisableInstanceDiscovery = config.DisableInstanceDiscovery,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
return InstrumentClient(new EnvironmentCredential(options));
diff --git a/sdk/identity/Azure.Identity/tests/InteractiveBrowserCredentialTests.cs b/sdk/identity/Azure.Identity/tests/InteractiveBrowserCredentialTests.cs
index 4f4098c8112dd..c2a091fe36bd8 100644
--- a/sdk/identity/Azure.Identity/tests/InteractiveBrowserCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/InteractiveBrowserCredentialTests.cs
@@ -42,6 +42,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
TokenCachePersistenceOptions = tokenCacheOptions,
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
AuthenticationRecord = new AuthenticationRecord(ExpectedUsername, "login.windows.net", $"{ObjectId}.{resolvedTenantId}", resolvedTenantId, ClientId),
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var pipeline = CredentialPipeline.GetInstance(options);
return InstrumentClient(new InteractiveBrowserCredential(config.TenantId, ClientId, options, pipeline, null));
@@ -67,15 +68,6 @@ public async Task InteractiveBrowserAcquireTokenInteractiveException()
await Task.CompletedTask;
}
- [Test]
- public void RespectsIsPIILoggingEnabled([Values(true, false)] bool isLoggingPIIEnabled)
- {
- var credential = new InteractiveBrowserCredential(new InteractiveBrowserCredentialOptions { IsLoggingPIIEnabled = isLoggingPIIEnabled });
-
- Assert.NotNull(credential.Client);
- Assert.AreEqual(isLoggingPIIEnabled, credential.Client.IsPiiLoggingEnabled);
- }
-
[Test]
public async Task InteractiveBrowserAcquireTokenSilentException()
{
diff --git a/sdk/identity/Azure.Identity/tests/MsalClientBaseTests.cs b/sdk/identity/Azure.Identity/tests/MsalClientBaseTests.cs
index bed187cc6a326..a392cbe46ac6c 100644
--- a/sdk/identity/Azure.Identity/tests/MsalClientBaseTests.cs
+++ b/sdk/identity/Azure.Identity/tests/MsalClientBaseTests.cs
@@ -39,15 +39,15 @@ public void LogPiiIsEnforcedPerInstance([Values(true, false)] bool logPii)
new CredentialPipeline(new HttpPipeline(new MockTransport()), new ClientDiagnostics(Moq.Mock.Of())),
"tenant",
"client",
- new InteractiveBrowserCredentialOptions(){ IsLoggingPIIEnabled = logPii });
+ new InteractiveBrowserCredentialOptions(){ IsSupportLoggingEnabled = logPii });
var client_2 = new MockMsalClient(
new CredentialPipeline(new HttpPipeline(new MockTransport()), new ClientDiagnostics(Moq.Mock.Of())),
"tenant",
"client",
- new InteractiveBrowserCredentialOptions(){ IsLoggingPIIEnabled = false }); // never log PII
+ new InteractiveBrowserCredentialOptions(){ IsSupportLoggingEnabled = false }); // never log PII
- Assert.AreEqual(logPii, client_1.IsPiiLoggingEnabled);
+ Assert.AreEqual(logPii, client_1.IsSupportLoggingEnabled);
client_1.Log(client1Message, true);
client_2.Log(client2Message, true);
diff --git a/sdk/identity/Azure.Identity/tests/OnBehalfOfCredentialTests.cs b/sdk/identity/Azure.Identity/tests/OnBehalfOfCredentialTests.cs
index 783d908ae3e8a..3ad7dd4de7e1f 100644
--- a/sdk/identity/Azure.Identity/tests/OnBehalfOfCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/OnBehalfOfCredentialTests.cs
@@ -52,7 +52,8 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
{
Transport = config.Transport,
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
- DisableInstanceDiscovery = config.DisableInstanceDiscovery
+ DisableInstanceDiscovery = config.DisableInstanceDiscovery,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var pipeline = CredentialPipeline.GetInstance(options);
return InstrumentClient(
diff --git a/sdk/identity/Azure.Identity/tests/SharedTokenCacheCredentialTests.cs b/sdk/identity/Azure.Identity/tests/SharedTokenCacheCredentialTests.cs
index ad4ae9630da97..2a4e317bb65d5 100644
--- a/sdk/identity/Azure.Identity/tests/SharedTokenCacheCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/SharedTokenCacheCredentialTests.cs
@@ -33,7 +33,8 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
var options = new SharedTokenCacheCredentialOptions(tokenCacheOptions)
{
Transport = config.Transport,
- DisableInstanceDiscovery = config.DisableInstanceDiscovery
+ DisableInstanceDiscovery = config.DisableInstanceDiscovery,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var pipeline = CredentialPipeline.GetInstance(options);
return InstrumentClient(new SharedTokenCacheCredential(config.TenantId, null, options, pipeline, null));
@@ -82,15 +83,6 @@ public async Task VerifyAuthenticationRecordOption()
Assert.IsTrue(acquireTokenSilentCalled);
}
- [Test]
- public void RespectsIsPIILoggingEnabled([Values(true, false)] bool isLoggingPIIEnabled)
- {
- var credential = new SharedTokenCacheCredential(new SharedTokenCacheCredentialOptions { IsLoggingPIIEnabled = isLoggingPIIEnabled });
-
- Assert.NotNull(credential.Client);
- Assert.AreEqual(isLoggingPIIEnabled, credential.Client.IsPiiLoggingEnabled);
- }
-
[Test]
public void RespectsTokenCachePersistenceOptions()
{
diff --git a/sdk/identity/Azure.Identity/tests/TokenCredentialOptionsTests.cs b/sdk/identity/Azure.Identity/tests/TokenCredentialOptionsTests.cs
index 0df244d165599..585f0833ccb12 100644
--- a/sdk/identity/Azure.Identity/tests/TokenCredentialOptionsTests.cs
+++ b/sdk/identity/Azure.Identity/tests/TokenCredentialOptionsTests.cs
@@ -250,7 +250,7 @@ public static T CreatePopulatedOptions(bool setTransport)
DisableInstanceDiscovery = true,
TokenCachePersistenceOptions = new TokenCachePersistenceOptions(),
AuthorityHost = AzureAuthorityHosts.AzureChina,
- IsLoggingPIIEnabled = true,
+ IsSupportLoggingEnabled = true,
Retry =
{
MaxRetries = 15,
diff --git a/sdk/identity/Azure.Identity/tests/UsernamePasswordCredentialTests.cs b/sdk/identity/Azure.Identity/tests/UsernamePasswordCredentialTests.cs
index 8b0c821c0aac8..875112b5008aa 100644
--- a/sdk/identity/Azure.Identity/tests/UsernamePasswordCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/UsernamePasswordCredentialTests.cs
@@ -34,7 +34,8 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
{
Transport = config.Transport,
DisableInstanceDiscovery = config.DisableInstanceDiscovery,
- AdditionallyAllowedTenants = config.AdditionallyAllowedTenants
+ AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
var pipeline = CredentialPipeline.GetInstance(options);
return InstrumentClient(new UsernamePasswordCredential("user", "password", config.TenantId, ClientId, options, pipeline, null));
@@ -65,27 +66,6 @@ public async Task VerifyMsalClientExceptionAsync()
await Task.CompletedTask;
}
- [Test]
- public void RespectsIsPIILoggingEnabled([Values(true, false)] bool isLoggingPIIEnabled)
- {
- var username = Guid.NewGuid().ToString();
- var password = Guid.NewGuid().ToString();
- var clientId = Guid.NewGuid().ToString();
- var tenantId = Guid.NewGuid().ToString();
-
- var credential = new UsernamePasswordCredential(
- username,
- password,
- clientId,
- tenantId,
- new TokenCredentialOptions { IsLoggingPIIEnabled = isLoggingPIIEnabled },
- default,
- null);
-
- Assert.NotNull(credential.Client);
- Assert.AreEqual(isLoggingPIIEnabled, credential.Client.IsPiiLoggingEnabled);
- }
-
[Test]
public async Task UsesTenantIdHint([Values(null, TenantIdHint)] string tenantId, [Values(true)] bool allowMultiTenantAuthentication)
{
diff --git a/sdk/identity/Azure.Identity/tests/VisualStudioCodeCredentialTests.cs b/sdk/identity/Azure.Identity/tests/VisualStudioCodeCredentialTests.cs
index 0c09f36bfdb09..25e5f43adaf89 100644
--- a/sdk/identity/Azure.Identity/tests/VisualStudioCodeCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/VisualStudioCodeCredentialTests.cs
@@ -70,15 +70,6 @@ public async Task AuthenticateWithVsCodeCredential([Values(null, TenantIdHint)]
Assert.AreEqual(expiresOn, actualToken.ExpiresOn, "expiresOn should match");
}
- [Test]
- public void RespectsIsPIILoggingEnabled([Values(true, false)] bool isLoggingPIIEnabled)
- {
- var credential = new VisualStudioCodeCredential(new VisualStudioCodeCredentialOptions { IsLoggingPIIEnabled = isLoggingPIIEnabled });
-
- Assert.NotNull(credential.Client);
- Assert.AreEqual(isLoggingPIIEnabled, credential.Client.IsPiiLoggingEnabled);
- }
-
[Test]
public void AdfsTenantThrowsCredentialUnavailable()
{
diff --git a/sdk/identity/Azure.Identity/tests/VisualStudioCredentialTests.cs b/sdk/identity/Azure.Identity/tests/VisualStudioCredentialTests.cs
index 8bf32d2c96dad..7deb61fe51ec9 100644
--- a/sdk/identity/Azure.Identity/tests/VisualStudioCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/VisualStudioCredentialTests.cs
@@ -38,6 +38,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
var vsOptions = new VisualStudioCredentialOptions
{
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
+ IsSupportLoggingEnabled = config.IsSupportLoggingEnabled,
};
return InstrumentClient(new VisualStudioCredential(config.TenantId, default, fileSystem, new TestProcessService(testProcess, true), vsOptions));
}