Credentials accept tenant_id argument to get_token #19602
Conversation
sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py
Outdated
Show resolved
Hide resolved
| """ | ||
|
|
||
| def __init__(self, **kwargs): | ||
| self._allow_multitenant = kwargs.get("allow_multitenant_authentication", False) |
There was a problem hiding this comment.
Should we kwargs.pop here and in the sync version?
There was a problem hiding this comment.
No need, kwargs isn't used again. I should use keyword-only syntax here though.
|
This pull request is protected by Check Enforcer. What is Check Enforcer?Check Enforcer helps ensure all pull requests are covered by at least one check-run (typically an Azure Pipeline). When all check-runs associated with this pull request pass then Check Enforcer itself will pass. Why am I getting this message?You are getting this message because Check Enforcer did not detect any check-runs being associated with this pull request within five minutes. This may indicate that your pull request is not covered by any pipelines and so Check Enforcer is correctly blocking the pull request being merged. What should I do now?If the check-enforcer check-run is not passing and all other check-runs associated with this PR are passing (excluding license-cla) then you could try telling Check Enforcer to evaluate your pull request again. You can do this by adding a comment to this pull request as follows: What if I am onboarding a new service?Often, new services do not have validation pipelines associated with them, in order to bootstrap pipelines for a new service, you can issue the following command as a pull request comment: |
Co-authored-by: McCoy Patiño <[email protected]>
| @@ -43,6 +49,24 @@ def validate_tenant_id(tenant_id): | |||
| ) | |||
|
|
|||
|
|
|||
| def resolve_tenant(default_tenant, allow_multitenant, tenant_id=None, **_): | |||
There was a problem hiding this comment.
@christothes I believe this is equivalent to your TenantIdResolver but please take a look, maybe I misread that (C# pattern matching syntax is new to me).
| @@ -79,7 +84,7 @@ def _build_auth_record(response): | |||
| six.raise_from(auth_error, ex) | |||
|
|
|||
|
|
|||
| class InteractiveCredential(MsalCredential): | |||
| class InteractiveCredential(MsalCredential, ABC): | |||
There was a problem hiding this comment.
What's the reasoning for making InteractiveCredential an ABC instead of MsalCredential? I'm not too familiar with the purpose of inheriting from ABC
There was a problem hiding this comment.
A class inheriting ABC can only be instantiated if it implements every method the ABC decorates with abstractmethod. That's useful here because it enables InteractiveCredential.get_token to consolidate common code and do most of the work for subclasses while ensuring you get a runtime error when a subclass doesn't implement the one method that differs between authentication flows. With this change MsalCredential loses its only abstract method and thus its reason for inheriting ABC. InteractiveCredential still has an abstract method but was inheriting ABC through MsalCredential. So, now it must inherit ABC directly.
* Credentials accept tenant_id argument to get_token (#19602) * Update changelog for azure-identity 1.7.0b2 (#19693) * [Key Vault] Drop 3.5 support for keys (#19712) * [AutoRelease] t2-compute-2021-07-08-85328 (#19715) * CodeGen from PR 14638 in Azure/azure-rest-api-specs Move RestorePoint properties into new properties bag for restore point (#14638) * version,CHANGELOG * test Co-authored-by: SDKAuto <[email protected]> Co-authored-by: PythonSdkPipelines <PythonSdkPipelines> * debug_guide for python SDK (#19716) * Increment package version after release of azure-servicebus (#19709) * Increment package version after release of azure-identity (#19721) * Prevent DeprecationWarning in Identity tests (#19723) * move _utils.py (#19431) * move _utils.py * update * [QnA] Initial SDK (#19544) * Template + first code gen * Basic client * First tests * Added async client + tests * Added answerspan test * Added authoring APIs * Some updates * Pure generated clients * Test updates * Update test imports * Clean working recordings * Renamed directory * Removed authoring for now * Use unreleased core * Remove conversation + ci yaml * Some CI updates * update language __init__.py to not have a space in the name * Setup.py * Updated core dependency * CI fixes * Added language nspkg * Fix Python 2.7 * Added some more tests * Test fixes * Added live configuration * Bumped msrest * readme + samples * No pypi or refdocs yet * Review feedback Co-authored-by: scbedd <[email protected]> * fix broken rest due to utils movement (#19728) * handle details "null" (#19430) * handle details "null" * update * Bump aiohttp from 3.5.4 to 3.7.4 in /common/smoketest (#19330) Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.5.4 to 3.7.4. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.5.4...v3.7.4) --- updated-dependencies: - dependency-name: aiohttp dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles Lowell <[email protected]> Co-authored-by: McCoy Patiño <[email protected]> Co-authored-by: Azure CLI Bot <[email protected]> Co-authored-by: SDKAuto <[email protected]> Co-authored-by: msyyc <[email protected]> Co-authored-by: Azure SDK Bot <[email protected]> Co-authored-by: annatisch <[email protected]> Co-authored-by: scbedd <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* leave stream open in response * update * Get latest main (#19733) * Credentials accept tenant_id argument to get_token (#19602) * Update changelog for azure-identity 1.7.0b2 (#19693) * [Key Vault] Drop 3.5 support for keys (#19712) * [AutoRelease] t2-compute-2021-07-08-85328 (#19715) * CodeGen from PR 14638 in Azure/azure-rest-api-specs Move RestorePoint properties into new properties bag for restore point (#14638) * version,CHANGELOG * test Co-authored-by: SDKAuto <[email protected]> Co-authored-by: PythonSdkPipelines <PythonSdkPipelines> * debug_guide for python SDK (#19716) * Increment package version after release of azure-servicebus (#19709) * Increment package version after release of azure-identity (#19721) * Prevent DeprecationWarning in Identity tests (#19723) * move _utils.py (#19431) * move _utils.py * update * [QnA] Initial SDK (#19544) * Template + first code gen * Basic client * First tests * Added async client + tests * Added answerspan test * Added authoring APIs * Some updates * Pure generated clients * Test updates * Update test imports * Clean working recordings * Renamed directory * Removed authoring for now * Use unreleased core * Remove conversation + ci yaml * Some CI updates * update language __init__.py to not have a space in the name * Setup.py * Updated core dependency * CI fixes * Added language nspkg * Fix Python 2.7 * Added some more tests * Test fixes * Added live configuration * Bumped msrest * readme + samples * No pypi or refdocs yet * Review feedback Co-authored-by: scbedd <[email protected]> * fix broken rest due to utils movement (#19728) * handle details "null" (#19430) * handle details "null" * update * Bump aiohttp from 3.5.4 to 3.7.4 in /common/smoketest (#19330) Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.5.4 to 3.7.4. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.5.4...v3.7.4) --- updated-dependencies: - dependency-name: aiohttp dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles Lowell <[email protected]> Co-authored-by: McCoy Patiño <[email protected]> Co-authored-by: Azure CLI Bot <[email protected]> Co-authored-by: SDKAuto <[email protected]> Co-authored-by: msyyc <[email protected]> Co-authored-by: Azure SDK Bot <[email protected]> Co-authored-by: annatisch <[email protected]> Co-authored-by: scbedd <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles Lowell <[email protected]> Co-authored-by: McCoy Patiño <[email protected]> Co-authored-by: Azure CLI Bot <[email protected]> Co-authored-by: SDKAuto <[email protected]> Co-authored-by: msyyc <[email protected]> Co-authored-by: Azure SDK Bot <[email protected]> Co-authored-by: annatisch <[email protected]> Co-authored-by: scbedd <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* leave stream open in response * update * Get latest main (Azure#19733) * Credentials accept tenant_id argument to get_token (Azure#19602) * Update changelog for azure-identity 1.7.0b2 (Azure#19693) * [Key Vault] Drop 3.5 support for keys (Azure#19712) * [AutoRelease] t2-compute-2021-07-08-85328 (Azure#19715) * CodeGen from PR 14638 in Azure/azure-rest-api-specs Move RestorePoint properties into new properties bag for restore point (Azure#14638) * version,CHANGELOG * test Co-authored-by: SDKAuto <[email protected]> Co-authored-by: PythonSdkPipelines <PythonSdkPipelines> * debug_guide for python SDK (Azure#19716) * Increment package version after release of azure-servicebus (Azure#19709) * Increment package version after release of azure-identity (Azure#19721) * Prevent DeprecationWarning in Identity tests (Azure#19723) * move _utils.py (Azure#19431) * move _utils.py * update * [QnA] Initial SDK (Azure#19544) * Template + first code gen * Basic client * First tests * Added async client + tests * Added answerspan test * Added authoring APIs * Some updates * Pure generated clients * Test updates * Update test imports * Clean working recordings * Renamed directory * Removed authoring for now * Use unreleased core * Remove conversation + ci yaml * Some CI updates * update language __init__.py to not have a space in the name * Setup.py * Updated core dependency * CI fixes * Added language nspkg * Fix Python 2.7 * Added some more tests * Test fixes * Added live configuration * Bumped msrest * readme + samples * No pypi or refdocs yet * Review feedback Co-authored-by: scbedd <[email protected]> * fix broken rest due to utils movement (Azure#19728) * handle details "null" (Azure#19430) * handle details "null" * update * Bump aiohttp from 3.5.4 to 3.7.4 in /common/smoketest (Azure#19330) Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.5.4 to 3.7.4. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.5.4...v3.7.4) --- updated-dependencies: - dependency-name: aiohttp dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles Lowell <[email protected]> Co-authored-by: McCoy Patiño <[email protected]> Co-authored-by: Azure CLI Bot <[email protected]> Co-authored-by: SDKAuto <[email protected]> Co-authored-by: msyyc <[email protected]> Co-authored-by: Azure SDK Bot <[email protected]> Co-authored-by: annatisch <[email protected]> Co-authored-by: scbedd <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles Lowell <[email protected]> Co-authored-by: McCoy Patiño <[email protected]> Co-authored-by: Azure CLI Bot <[email protected]> Co-authored-by: SDKAuto <[email protected]> Co-authored-by: msyyc <[email protected]> Co-authored-by: Azure SDK Bot <[email protected]> Co-authored-by: annatisch <[email protected]> Co-authored-by: scbedd <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This is the first step in enabling clients to implement tenant discovery via authentication challenges. Credentials which can in principle authenticate in multiple tenants (i.e. not ManagedIdentityCredential) receive a new parameter,
allow_multitenant_authentication. When this is True, these credentials will honor atenant_idkeyword argument toget_token. When it's False, which is the default,get_tokenraises an exception when given a tenant that doesn't match the credential's configured tenant (i.e. the one set at instantiation), unless environment variable AZURE_IDENTITY_ENABLE_LEGACY_TENANT_SELECTION is set (because raising this exception may be a breaking change for some applications). When that environment variable is setget_tokenwill use the credential's configured tenant, ignoring atenant_idkeyword argument.Closes #17979, closes #19300