Update error message

Signed-off-by: Paul Van Eck <[email protected]>
Azure · Jun 6, 2024 · b5eebd1 · b5eebd1
1 parent 185bc27
commit b5eebd1
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 6 deletions.
diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/on_behalf_of.py b/sdk/identity/azure-identity/azure/identity/_credentials/on_behalf_of.py
@@ -28,7 +28,7 @@ class OnBehalfOfCredential(MsalCredential, GetTokenMixin):
     description of the on-behalf-of flow.
 
     :param str tenant_id: ID of the service principal's tenant. Also called its "directory" ID.
-    :param str client_id: The service principal's client ID
+    :param str client_id: The service principal's client ID.
     :keyword str client_secret: Optional. A client secret to authenticate the service principal.
         One of **client_secret**, **client_certificate**, or **client_assertion_func** must be provided.
     :keyword bytes client_certificate: Optional. The bytes of a certificate in PEM or PKCS12 format including
@@ -39,7 +39,7 @@ class OnBehalfOfCredential(MsalCredential, GetTokenMixin):
         return a valid assertion for the target resource.
     :paramtype client_assertion_func: Callable[[], str]
     :keyword str user_assertion: Required. The access token the credential will use as the user assertion when
-        requesting on-behalf-of tokens
+        requesting on-behalf-of tokens.
 
     :keyword str authority: Authority of a Microsoft Entra endpoint, for example "login.microsoftonline.com",
         the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
@@ -87,7 +87,8 @@ def __init__(
         if client_assertion_func:
             if client_certificate or client_secret:
                 raise ValueError(
-                    'Specifying both "client_assertion_func" and "client_certificate" or "client_secret" is not valid.'
+                    "It is invalid to specify more than one of the following: "
+                    '"client_assertion_func", "client_certificate" or "client_secret".'
                 )
             credential: Union[str, Dict[str, Any]] = {
                 "client_assertion": client_assertion_func,

diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/on_behalf_of.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/on_behalf_of.py
@@ -25,7 +25,7 @@ class OnBehalfOfCredential(AsyncContextManager, GetTokenMixin):
     description of the on-behalf-of flow.
 
     :param str tenant_id: ID of the service principal's tenant. Also called its "directory" ID.
-    :param str client_id: The service principal's client ID
+    :param str client_id: The service principal's client ID.
     :keyword str client_secret: Optional. A client secret to authenticate the service principal.
         One of **client_secret**, **client_certificate**, or **client_assertion_func** must be provided.
     :keyword bytes client_certificate: Optional. The bytes of a certificate in PEM or PKCS12 format including
@@ -36,7 +36,7 @@ class OnBehalfOfCredential(AsyncContextManager, GetTokenMixin):
         return a valid assertion for the target resource.
     :paramtype client_assertion_func: Callable[[], str]
     :keyword str user_assertion: Required. The access token the credential will use as the user assertion when
-        requesting on-behalf-of tokens
+        requesting on-behalf-of tokens.
 
     :keyword str authority: Authority of a Microsoft Entra endpoint, for example "login.microsoftonline.com",
         the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
@@ -80,7 +80,8 @@ def __init__(
         if client_assertion_func:
             if client_certificate or client_secret:
                 raise ValueError(
-                    'Specifying both "client_assertion_func" and "client_certificate" or "client_secret" is not valid.'
+                    "It is invalid to specify more than one of the following: "
+                    '"client_assertion_func", "client_certificate" or "client_secret".'
                 )
             self._client_credential: Union[str, AadClientCertificate, Dict[str, Any]] = {
                 "client_assertion": client_assertion_func,

diff --git a/sdk/identity/azure-identity/tests/test_obo.py b/sdk/identity/azure-identity/tests/test_obo.py
@@ -266,3 +266,16 @@ def send(request, **kwargs):
     access_token = credential.get_token("scope")
     assert access_token.token == expected_token
     assert func_call_count == 1
+
+
+def test_client_assertion_func_with_client_certificate():
+    """The credential should raise ValueError when ctoring with both client_assertion_func and client_certificate"""
+    with pytest.raises(ValueError) as ex:
+        credential = OnBehalfOfCredential(
+            "tenant-id",
+            "client-id",
+            client_assertion_func=lambda: "client-assertion",
+            client_certificate=b"certificate",
+            user_assertion="assertion",
+        )
+    assert "It is invalid to specify more than one of the following" in str(ex.value)
diff --git a/sdk/identity/azure-identity/tests/test_obo_async.py b/sdk/identity/azure-identity/tests/test_obo_async.py
@@ -343,3 +343,17 @@ async def send(request, **kwargs):
     token = await credential.get_token("scope")
     assert token.token == expected_token
     assert func_call_count == 1
+
+
+@pytest.mark.asyncio
+async def test_client_assertion_func_with_client_certificate():
+    """The credential should raise when given both client_assertion_func and client_certificate"""
+    with pytest.raises(ValueError) as ex:
+        OnBehalfOfCredential(
+            "tenant-id",
+            "client-id",
+            client_assertion_func=lambda: "client-assertion",
+            client_certificate=b"cert",
+            user_assertion="assertion",
+        )
+    assert "It is invalid to specify more than one of the following" in str(ex.value)