From dc1a9b2687521cad623e6044bbf0d7f940d63b2b Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Fri, 19 Jun 2020 13:29:43 -0700 Subject: [PATCH 01/32] token refresh offset --- .../_credentials/authorization_code.py | 7 +++- .../identity/_credentials/certificate.py | 2 ++ .../identity/_credentials/client_secret.py | 2 ++ .../_credentials/vscode_credential.py | 12 +++++-- .../identity/_internal/aad_client_base.py | 19 +++++++++- .../aio/_credentials/authorization_code.py | 2 ++ .../identity/aio/_credentials/certificate.py | 2 ++ .../aio/_credentials/client_secret.py | 2 ++ .../aio/_credentials/vscode_credential.py | 11 ++++-- .../tests/test_token_refresh_offset.py | 35 +++++++++++++++++++ .../tests/test_vscode_credential.py | 4 +++ .../tests/test_vscode_credential_async.py | 4 +++ 12 files changed, 96 insertions(+), 6 deletions(-) create mode 100644 sdk/identity/azure-identity/tests/test_token_refresh_offset.py diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py index 3568f8c921ce..bb66c9fa5b08 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py @@ -64,7 +64,12 @@ def get_token(self, *scopes, **kwargs): self._authorization_code = None # auth codes are single-use return token - token = self._client.get_cached_access_token(scopes) or self._redeem_refresh_token(scopes, **kwargs) + token = self._client.get_cached_access_token(scopes) + if not token: + token = self._redeem_refresh_token(scopes, **kwargs) + elif self._client.is_refresh(token): + self._redeem_refresh_token(scopes, **kwargs) + if not token: raise ClientAuthenticationError( message="No authorization code, cached access token, or refresh token available." diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py index 81adb2621a96..ada7c96133ce 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py @@ -48,6 +48,8 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument token = self._client.get_cached_access_token(scopes, query={"client_id": self._client_id}) if not token: token = self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) + elif self._client.is_refresh(token): + self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) return token def _get_auth_client(self, tenant_id, client_id, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py index 4e20c2bd900b..977d639a07e5 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py @@ -49,6 +49,8 @@ def get_token(self, *scopes, **kwargs): token = self._client.get_cached_access_token(scopes, query={"client_id": self._client_id}) if not token: token = self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) + elif self._client.is_refresh(token): + self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) return token def _get_auth_client(self, tenant_id, client_id, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py index c40636c24e96..642c2da2fe1b 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py @@ -48,9 +48,17 @@ def get_token(self, *scopes, **kwargs): token = self._client.get_cached_access_token(scopes) - if token: - return token + if not token: + token = self._redeem_refresh_token(scopes, **kwargs) + elif self._client.is_refresh(token): + try: + self._redeem_refresh_token(scopes, **kwargs) + except Exception: # pylint: disable=broad-except + pass + return token + def _redeem_refresh_token(self, scopes, **kwargs): + # type: (Sequence[str], **Any) -> Optional[AccessToken] if not self._refresh_token: self._refresh_token = get_credentials() if not self._refresh_token: diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index e1af4f949626..25c284d87465 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -48,13 +48,16 @@ def __init__(self, tenant_id, client_id, authority=None, cache=None, **kwargs): self._cache = cache or TokenCache() self._client_id = client_id self._pipeline = self._build_pipeline(**kwargs) + self._token_refresh_timeout = 30 # default 30s + self._token_refresh_offset = 120 # default 2 min + self._last_refresh_time = int(time.time()) def get_cached_access_token(self, scopes, query=None): # type: (Sequence[str], Optional[dict]) -> Optional[AccessToken] tokens = self._cache.find(TokenCache.CredentialType.ACCESS_TOKEN, target=list(scopes), query=query) for token in tokens: expires_on = int(token["expires_on"]) - if expires_on - 300 > int(time.time()): + if expires_on - 30 > int(time.time()): return AccessToken(token["secret"], expires_on) return None @@ -63,6 +66,19 @@ def get_cached_refresh_tokens(self, scopes): """Assumes all cached refresh tokens belong to the same user""" return self._cache.find(TokenCache.CredentialType.REFRESH_TOKEN, target=list(scopes)) + def is_refresh(self, token): + # type: (AccessToken) -> bool + """ check if the token needs refresh or not + """ + expires_on = int(token.expires_on) + now = int(time.time()) + if expires_on - now > self._token_refresh_offset: + return False + if now - self._last_refresh_time < self._token_refresh_offset: + return False + return True + + @abc.abstractmethod def obtain_token_by_authorization_code(self, scopes, code, redirect_uri, client_secret=None, **kwargs): pass @@ -85,6 +101,7 @@ def _build_pipeline(self, config=None, policies=None, transport=None, **kwargs): def _process_response(self, response, request_time): # type: (PipelineResponse, int) -> AccessToken + self._last_refresh_time = time.time() # no matter succeed or not, update the last refresh time content = ContentDecodePolicy.deserialize_from_http_generics(response.http_response) diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py index 0b5fbb53dc33..39c8ad7866f2 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py @@ -80,6 +80,8 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": token = self._client.get_cached_access_token(scopes) if not token: token = await self._redeem_refresh_token(scopes, **kwargs) + elif self._client.is_refresh(token): + await self._redeem_refresh_token(scopes, **kwargs) if not token: raise ClientAuthenticationError( diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py index 1b044a24c0e1..bbf1942d5326 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py @@ -54,6 +54,8 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": # py token = self._client.get_cached_access_token(scopes, query={"client_id": self._client_id}) if not token: token = await self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) + elif self._client.is_refresh(token): + await self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) return token def _get_auth_client(self, tenant_id, client_id, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py index 87b5472760e6..016ee3bcfde2 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py @@ -55,6 +55,8 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": token = self._client.get_cached_access_token(scopes, query={"client_id": self._client_id}) if not token: token = await self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) + elif self._client.is_refresh(token): + await self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) return token def _get_auth_client(self, tenant_id, client_id, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py index fcf392421294..85d3e932fa15 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py @@ -52,9 +52,16 @@ async def get_token(self, *scopes, **kwargs): raise ValueError("'get_token' requires at least one scope") token = self._client.get_cached_access_token(scopes) - if token: - return token + if not token: + token = await self._redeem_refresh_token(scopes, **kwargs) + elif self._client.is_refresh(token): + try: + await self._redeem_refresh_token(scopes, **kwargs) + except Exception: # pylint: disable=broad-except + pass + return token + async def _redeem_refresh_token(self, scopes: "Sequence[str]", **kwargs: "Any") -> "Optional[AccessToken]": if not self._refresh_token: self._refresh_token = get_credentials() if not self._refresh_token: diff --git a/sdk/identity/azure-identity/tests/test_token_refresh_offset.py b/sdk/identity/azure-identity/tests/test_token_refresh_offset.py new file mode 100644 index 000000000000..1be59e3c14a1 --- /dev/null +++ b/sdk/identity/azure-identity/tests/test_token_refresh_offset.py @@ -0,0 +1,35 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +import time +from azure.identity._internal.aad_client import AadClient +from azure.core.credentials import AccessToken +import pytest + +try: + from unittest import mock +except ImportError: # python < 3.3 + import mock + + +def test_if_refresh(): + client = AadClient("test", "test") + now = int(time.time()) + + # do not need refresh + token = AccessToken("token", now + 500) + is_refresh = client.is_refresh(token) + assert not is_refresh + + # need refresh + token = AccessToken("token", now + 100) + client._last_refresh_time = now - 500 + is_refresh = client.is_refresh(token) + assert is_refresh + + # not exceed cool down time, do not refresh + token = AccessToken("token", now + 100) + client._last_refresh_time = now - 5 + is_refresh = client.is_refresh(token) + assert not is_refresh diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential.py b/sdk/identity/azure-identity/tests/test_vscode_credential.py index a0b320410bc8..66dc3effe123 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential.py @@ -92,9 +92,13 @@ def test_cache_refresh_token(): def test_no_obtain_token_if_cached(): + def mock_is_refresh(token): + return False + expected_token = AccessToken("token", 42) mock_client = mock.Mock(spec=object) + mock_client.is_refresh = mock_is_refresh mock_client.obtain_token_by_refresh_token = mock.Mock(return_value=expected_token) mock_client.get_cached_access_token = mock.Mock(return_value="VALUE") diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py index 1f26651d45d8..5ee3bad5d2ca 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py @@ -95,9 +95,13 @@ async def test_cache_refresh_token(): @pytest.mark.asyncio async def test_no_obtain_token_if_cached(): + def mock_is_refresh(token): + return False + expected_token = AccessToken("token", 42) mock_client = mock.Mock(spec=object) + mock_client.is_refresh = mock_is_refresh token_by_refresh_token = mock.Mock(return_value=expected_token) mock_client.obtain_token_by_refresh_token = wrap_in_future(token_by_refresh_token) mock_client.get_cached_access_token = mock.Mock(return_value="VALUE") From bd7ae6148c513b13d44d5695554d72eeff8760c0 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Fri, 19 Jun 2020 13:38:25 -0700 Subject: [PATCH 02/32] update --- .../azure/identity/_credentials/authorization_code.py | 5 ++++- .../azure/identity/_credentials/certificate.py | 5 ++++- .../azure/identity/_credentials/client_secret.py | 5 ++++- .../azure/identity/aio/_credentials/authorization_code.py | 6 ++++-- .../azure/identity/aio/_credentials/certificate.py | 5 ++++- .../azure/identity/aio/_credentials/client_secret.py | 5 ++++- 6 files changed, 24 insertions(+), 7 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py index bb66c9fa5b08..96adcaedce20 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py @@ -68,7 +68,10 @@ def get_token(self, *scopes, **kwargs): if not token: token = self._redeem_refresh_token(scopes, **kwargs) elif self._client.is_refresh(token): - self._redeem_refresh_token(scopes, **kwargs) + try: + self._redeem_refresh_token(scopes, **kwargs) + except Exception: # pylint: disable=broad-except + pass if not token: raise ClientAuthenticationError( diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py index ada7c96133ce..39029c9adb61 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py @@ -49,7 +49,10 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument if not token: token = self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) elif self._client.is_refresh(token): - self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) + try: + self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) + except Exception: # pylint: disable=broad-except + pass return token def _get_auth_client(self, tenant_id, client_id, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py index 977d639a07e5..20c11156c308 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py @@ -50,7 +50,10 @@ def get_token(self, *scopes, **kwargs): if not token: token = self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) elif self._client.is_refresh(token): - self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) + try: + self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) + except Exception: # pylint: disable=broad-except + pass return token def _get_auth_client(self, tenant_id, client_id, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py index 39c8ad7866f2..0b9fc5dd6025 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py @@ -81,8 +81,10 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": if not token: token = await self._redeem_refresh_token(scopes, **kwargs) elif self._client.is_refresh(token): - await self._redeem_refresh_token(scopes, **kwargs) - + try: + await self._redeem_refresh_token(scopes, **kwargs) + except Exception: # pylint: disable=broad-except + pass if not token: raise ClientAuthenticationError( message="No authorization code, cached access token, or refresh token available." diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py index bbf1942d5326..f6d30361a7ff 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py @@ -55,7 +55,10 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": # py if not token: token = await self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) elif self._client.is_refresh(token): - await self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) + try: + await self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) + except Exception: # pylint: disable=broad-except + pass return token def _get_auth_client(self, tenant_id, client_id, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py index 016ee3bcfde2..6da8f799df59 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py @@ -56,7 +56,10 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": if not token: token = await self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) elif self._client.is_refresh(token): - await self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) + try: + await self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) + except Exception: # pylint: disable=broad-except + pass return token def _get_auth_client(self, tenant_id, client_id, **kwargs): From 6a58f5c2f91f7eea847bd19d77f548c580bb6feb Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Fri, 19 Jun 2020 16:22:36 -0700 Subject: [PATCH 03/32] update --- .../azure-identity/azure/identity/_internal/aad_client_base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index 25c284d87465..b1a1ec5c1ba4 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -74,7 +74,7 @@ def is_refresh(self, token): now = int(time.time()) if expires_on - now > self._token_refresh_offset: return False - if now - self._last_refresh_time < self._token_refresh_offset: + if now - self._last_refresh_time < self._token_refresh_timeout: return False return True From 2a94b3d7640f22c58381ac25e93cf50847f0f320 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Mon, 22 Jun 2020 13:56:43 -0700 Subject: [PATCH 04/32] rename is_refresh to should_refresh --- .../identity/_credentials/authorization_code.py | 2 +- .../azure/identity/_credentials/certificate.py | 2 +- .../azure/identity/_credentials/client_secret.py | 2 +- .../azure/identity/_credentials/vscode_credential.py | 2 +- .../azure/identity/_internal/aad_client_base.py | 2 +- .../identity/aio/_credentials/authorization_code.py | 2 +- .../azure/identity/aio/_credentials/certificate.py | 2 +- .../azure/identity/aio/_credentials/client_secret.py | 2 +- .../identity/aio/_credentials/vscode_credential.py | 2 +- .../tests/test_token_refresh_offset.py | 12 ++++++------ .../azure-identity/tests/test_vscode_credential.py | 4 ++-- .../tests/test_vscode_credential_async.py | 4 ++-- 12 files changed, 19 insertions(+), 19 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py index 96adcaedce20..b02e64baf684 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py @@ -67,7 +67,7 @@ def get_token(self, *scopes, **kwargs): token = self._client.get_cached_access_token(scopes) if not token: token = self._redeem_refresh_token(scopes, **kwargs) - elif self._client.is_refresh(token): + elif self._client.should_refresh(token): try: self._redeem_refresh_token(scopes, **kwargs) except Exception: # pylint: disable=broad-except diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py index 39029c9adb61..d88972c75265 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py @@ -48,7 +48,7 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument token = self._client.get_cached_access_token(scopes, query={"client_id": self._client_id}) if not token: token = self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) - elif self._client.is_refresh(token): + elif self._client.should_refresh(token): try: self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) except Exception: # pylint: disable=broad-except diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py index 20c11156c308..9e5e504ed785 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py @@ -49,7 +49,7 @@ def get_token(self, *scopes, **kwargs): token = self._client.get_cached_access_token(scopes, query={"client_id": self._client_id}) if not token: token = self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) - elif self._client.is_refresh(token): + elif self._client.should_refresh(token): try: self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) except Exception: # pylint: disable=broad-except diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py index 642c2da2fe1b..d0ae1e465a6a 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py @@ -50,7 +50,7 @@ def get_token(self, *scopes, **kwargs): if not token: token = self._redeem_refresh_token(scopes, **kwargs) - elif self._client.is_refresh(token): + elif self._client.should_refresh(token): try: self._redeem_refresh_token(scopes, **kwargs) except Exception: # pylint: disable=broad-except diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index b1a1ec5c1ba4..18ccba18adb2 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -66,7 +66,7 @@ def get_cached_refresh_tokens(self, scopes): """Assumes all cached refresh tokens belong to the same user""" return self._cache.find(TokenCache.CredentialType.REFRESH_TOKEN, target=list(scopes)) - def is_refresh(self, token): + def should_refresh(self, token): # type: (AccessToken) -> bool """ check if the token needs refresh or not """ diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py index 0b9fc5dd6025..90edc002b243 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py @@ -80,7 +80,7 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": token = self._client.get_cached_access_token(scopes) if not token: token = await self._redeem_refresh_token(scopes, **kwargs) - elif self._client.is_refresh(token): + elif self._client.should_refresh(token): try: await self._redeem_refresh_token(scopes, **kwargs) except Exception: # pylint: disable=broad-except diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py index f6d30361a7ff..ade6bb8e7d8c 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py @@ -54,7 +54,7 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": # py token = self._client.get_cached_access_token(scopes, query={"client_id": self._client_id}) if not token: token = await self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) - elif self._client.is_refresh(token): + elif self._client.should_refresh(token): try: await self._client.obtain_token_by_client_certificate(scopes, self._certificate, **kwargs) except Exception: # pylint: disable=broad-except diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py index 6da8f799df59..767a80b3cf84 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py @@ -55,7 +55,7 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": token = self._client.get_cached_access_token(scopes, query={"client_id": self._client_id}) if not token: token = await self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) - elif self._client.is_refresh(token): + elif self._client.should_refresh(token): try: await self._client.obtain_token_by_client_secret(scopes, self._secret, **kwargs) except Exception: # pylint: disable=broad-except diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py index 85d3e932fa15..5d5d3f68248a 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py @@ -54,7 +54,7 @@ async def get_token(self, *scopes, **kwargs): token = self._client.get_cached_access_token(scopes) if not token: token = await self._redeem_refresh_token(scopes, **kwargs) - elif self._client.is_refresh(token): + elif self._client.should_refresh(token): try: await self._redeem_refresh_token(scopes, **kwargs) except Exception: # pylint: disable=broad-except diff --git a/sdk/identity/azure-identity/tests/test_token_refresh_offset.py b/sdk/identity/azure-identity/tests/test_token_refresh_offset.py index 1be59e3c14a1..49aedab4d8d5 100644 --- a/sdk/identity/azure-identity/tests/test_token_refresh_offset.py +++ b/sdk/identity/azure-identity/tests/test_token_refresh_offset.py @@ -19,17 +19,17 @@ def test_if_refresh(): # do not need refresh token = AccessToken("token", now + 500) - is_refresh = client.is_refresh(token) - assert not is_refresh + should_refresh = client.should_refresh(token) + assert not should_refresh # need refresh token = AccessToken("token", now + 100) client._last_refresh_time = now - 500 - is_refresh = client.is_refresh(token) - assert is_refresh + should_refresh = client.should_refresh(token) + assert should_refresh # not exceed cool down time, do not refresh token = AccessToken("token", now + 100) client._last_refresh_time = now - 5 - is_refresh = client.is_refresh(token) - assert not is_refresh + should_refresh = client.should_refresh(token) + assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential.py b/sdk/identity/azure-identity/tests/test_vscode_credential.py index 66dc3effe123..c6d3a70e45d7 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential.py @@ -92,13 +92,13 @@ def test_cache_refresh_token(): def test_no_obtain_token_if_cached(): - def mock_is_refresh(token): + def mock_should_refresh(token): return False expected_token = AccessToken("token", 42) mock_client = mock.Mock(spec=object) - mock_client.is_refresh = mock_is_refresh + mock_client.should_refresh = mock_should_refresh mock_client.obtain_token_by_refresh_token = mock.Mock(return_value=expected_token) mock_client.get_cached_access_token = mock.Mock(return_value="VALUE") diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py index 5ee3bad5d2ca..e7cee56cef4b 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py @@ -95,13 +95,13 @@ async def test_cache_refresh_token(): @pytest.mark.asyncio async def test_no_obtain_token_if_cached(): - def mock_is_refresh(token): + def mock_should_refresh(token): return False expected_token = AccessToken("token", 42) mock_client = mock.Mock(spec=object) - mock_client.is_refresh = mock_is_refresh + mock_client.should_refresh = mock_should_refresh token_by_refresh_token = mock.Mock(return_value=expected_token) mock_client.obtain_token_by_refresh_token = wrap_in_future(token_by_refresh_token) mock_client.get_cached_access_token = mock.Mock(return_value="VALUE") From 51fbed83ef4a6ecaa09ba64ddfa8d0ff54a95f5b Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 24 Jun 2020 10:06:17 -0700 Subject: [PATCH 05/32] update --- .../azure/identity/_authn_client.py | 18 ++++- .../azure/identity/_constants.py | 2 + .../identity/_credentials/managed_identity.py | 78 +++++++++++------- .../identity/_internal/aad_client_base.py | 9 ++- .../azure/identity/aio/_authn_client.py | 1 + .../aio/_credentials/managed_identity.py | 80 ++++++++++++------- .../tests/test_token_refresh_offset.py | 26 +++++- 7 files changed, 147 insertions(+), 67 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_authn_client.py b/sdk/identity/azure-identity/azure/identity/_authn_client.py index 2b165d0a0a52..94201f399224 100644 --- a/sdk/identity/azure-identity/azure/identity/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/_authn_client.py @@ -22,7 +22,7 @@ UserAgentPolicy, ) from azure.core.pipeline.transport import RequestsTransport, HttpRequest -from ._constants import AZURE_CLI_CLIENT_ID +from ._constants import AZURE_CLI_CLIENT_ID, DEFAULT_REFRESH_OFFSET, DEFAULT_REFRESH_RETRY_TIMEOUT from ._internal import get_default_authority, normalize_authority from ._internal.user_agent import USER_AGENT @@ -65,11 +65,26 @@ def __init__(self, endpoint=None, authority=None, tenant=None, **kwargs): # pyl authority = normalize_authority(authority) if authority else get_default_authority() self._auth_url = "/".join((authority, tenant.strip("/"), "oauth2/v2.0/token")) self._cache = kwargs.get("cache") or TokenCache() # type: TokenCache + self._refresh_retry_timeout = kwargs.get("refresh_retry_timeout", DEFAULT_REFRESH_RETRY_TIMEOUT) # default 30s + self._token_refresh_offset = kwargs.get("token_refresh_offset", DEFAULT_REFRESH_OFFSET) # default 2 min + self._last_refresh_time = int(time.time()) @property def auth_url(self): return self._auth_url + def should_refresh(self, token): + # type: (AccessToken) -> bool + """ check if the token needs refresh or not + """ + expires_on = int(token.expires_on) + now = int(time.time()) + if expires_on - now > self._token_refresh_offset: + return False + if now - self._last_refresh_time < self._refresh_retry_timeout: + return False + return True + def get_cached_token(self, scopes): # type: (Iterable[str]) -> Optional[AccessToken] tokens = self._cache.find(TokenCache.CredentialType.ACCESS_TOKEN, target=list(scopes)) @@ -215,6 +230,7 @@ def request_token( **kwargs # type: Any ): # type: (...) -> AccessToken + self._last_refresh_time = int(time.time()) # no matter succeed or not, update the last refresh time request = self._prepare_request(method, headers=headers, form_data=form_data, params=params) request_time = int(time.time()) response = self._pipeline.run(request, stream=False, **kwargs) diff --git a/sdk/identity/azure-identity/azure/identity/_constants.py b/sdk/identity/azure-identity/azure/identity/_constants.py index a47ebdeb9920..7947ed6bc40e 100644 --- a/sdk/identity/azure-identity/azure/identity/_constants.py +++ b/sdk/identity/azure-identity/azure/identity/_constants.py @@ -7,6 +7,8 @@ AZURE_CLI_CLIENT_ID = "04b07795-8ddb-461a-bbee-02f9e1bf7b46" AZURE_VSCODE_CLIENT_ID = "aebc6443-996d-45c2-90f0-388ff96faa56" VSCODE_CREDENTIALS_SECTION = "VS Code Azure" +DEFAULT_REFRESH_OFFSET = 120 +DEFAULT_REFRESH_RETRY_TIMEOUT = 30 class KnownAuthorities: diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py index 8d29f0aae70c..3cf055f816c1 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py @@ -170,28 +170,37 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument token = self._client.get_cached_token(scopes) if not token: - resource = scopes[0] - if resource.endswith("/.default"): - resource = resource[: -len("/.default")] - params = dict({"api-version": "2018-02-01", "resource": resource}, **self._identity_config) - + token = self._refresh_token(*scopes) + elif self._client.should_refresh(token): try: - token = self._client.request_token(scopes, method="GET", params=params) - except HttpResponseError as ex: - # 400 in response to a token request indicates managed identity is disabled, - # or the identity with the specified client_id is not available - if ex.status_code == 400: - self._endpoint_available = False - message = "ManagedIdentityCredential authentication unavailable. " - if self._identity_config: - message += "The requested identity has not been assigned to this resource." - else: - message += "No identity has been assigned to this resource." - six.raise_from(CredentialUnavailableError(message=message), ex) - - # any other error is unexpected - six.raise_from(ClientAuthenticationError(message=ex.message, response=ex.response), None) + token = self._refresh_token(*scopes) + except Exception: # pylint: disable=broad-except + pass + + return token + def _refresh_token(self, *scopes): + resource = scopes[0] + if resource.endswith("/.default"): + resource = resource[: -len("/.default")] + params = dict({"api-version": "2018-02-01", "resource": resource}, **self._identity_config) + + try: + token = self._client.request_token(scopes, method="GET", params=params) + except HttpResponseError as ex: + # 400 in response to a token request indicates managed identity is disabled, + # or the identity with the specified client_id is not available + if ex.status_code == 400: + self._endpoint_available = False + message = "ManagedIdentityCredential authentication unavailable. " + if self._identity_config: + message += "The requested identity has not been assigned to this resource." + else: + message += "No identity has been assigned to this resource." + six.raise_from(CredentialUnavailableError(message=message), ex) + + # any other error is unexpected + six.raise_from(ClientAuthenticationError(message=ex.message, response=ex.response), None) return token @@ -227,16 +236,25 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument token = self._client.get_cached_token(scopes) if not token: - resource = scopes[0] - if resource.endswith("/.default"): - resource = resource[: -len("/.default")] - secret = os.environ.get(EnvironmentVariables.MSI_SECRET) - if secret: - # MSI_ENDPOINT and MSI_SECRET set -> App Service - token = self._request_app_service_token(scopes=scopes, resource=resource, secret=secret) - else: - # only MSI_ENDPOINT set -> legacy-style MSI (Cloud Shell) - token = self._request_legacy_token(scopes=scopes, resource=resource) + token = self._refresh_token(*scopes) + elif self._client.should_refresh(token): + try: + token = self._refresh_token(*scopes) + except Exception: # pylint: disable=broad-except + pass + return token + + def _refresh_token(self, *scopes): + resource = scopes[0] + if resource.endswith("/.default"): + resource = resource[: -len("/.default")] + secret = os.environ.get(EnvironmentVariables.MSI_SECRET) + if secret: + # MSI_ENDPOINT and MSI_SECRET set -> App Service + token = self._request_app_service_token(scopes=scopes, resource=resource, secret=secret) + else: + # only MSI_ENDPOINT set -> legacy-style MSI (Cloud Shell) + token = self._request_legacy_token(scopes=scopes, resource=resource) return token def _request_app_service_token(self, scopes, resource, secret): diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index 18ccba18adb2..2c328608bda6 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -16,6 +16,7 @@ from azure.core.credentials import AccessToken from azure.core.exceptions import ClientAuthenticationError from . import get_default_authority, normalize_authority +from .._constants import DEFAULT_REFRESH_RETRY_TIMEOUT, DEFAULT_REFRESH_OFFSET try: from typing import TYPE_CHECKING @@ -48,8 +49,8 @@ def __init__(self, tenant_id, client_id, authority=None, cache=None, **kwargs): self._cache = cache or TokenCache() self._client_id = client_id self._pipeline = self._build_pipeline(**kwargs) - self._token_refresh_timeout = 30 # default 30s - self._token_refresh_offset = 120 # default 2 min + self._refresh_retry_timeout = kwargs.get("refresh_retry_timeout", DEFAULT_REFRESH_RETRY_TIMEOUT) # default 30s + self._token_refresh_offset = kwargs.get("token_refresh_offset", DEFAULT_REFRESH_OFFSET) # default 2 min self._last_refresh_time = int(time.time()) def get_cached_access_token(self, scopes, query=None): @@ -74,7 +75,7 @@ def should_refresh(self, token): now = int(time.time()) if expires_on - now > self._token_refresh_offset: return False - if now - self._last_refresh_time < self._token_refresh_timeout: + if now - self._last_refresh_time < self._refresh_retry_timeout: return False return True @@ -101,7 +102,7 @@ def _build_pipeline(self, config=None, policies=None, transport=None, **kwargs): def _process_response(self, response, request_time): # type: (PipelineResponse, int) -> AccessToken - self._last_refresh_time = time.time() # no matter succeed or not, update the last refresh time + self._last_refresh_time = int(time.time()) # no matter succeed or not, update the last refresh time content = ContentDecodePolicy.deserialize_from_http_generics(response.http_response) diff --git a/sdk/identity/azure-identity/azure/identity/aio/_authn_client.py b/sdk/identity/azure-identity/azure/identity/aio/_authn_client.py index 9cfe13bd9498..1e29398e92e8 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_authn_client.py @@ -73,6 +73,7 @@ async def request_token( params: "Optional[Dict[str, str]]" = None, **kwargs: "Any" ) -> AccessToken: + self._last_refresh_time = int(time.time()) # no matter succeed or not, update the last refresh time request = self._prepare_request(method, headers=headers, form_data=form_data, params=params) request_time = int(time.time()) response = await self._pipeline.run(request, stream=False, **kwargs) diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py index 5e5bf172f43e..6b17a55ada91 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py @@ -130,30 +130,39 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> AccessToken: # pyli token = self._client.get_cached_token(scopes) if not token: - resource = scopes[0] - if resource.endswith("/.default"): - resource = resource[: -len("/.default")] - params = {"api-version": "2018-02-01", "resource": resource, **self._identity_config} - + token = await self._refresh_token(*scopes) + elif self._client.should_refresh(token): try: - token = await self._client.request_token(scopes, method="GET", params=params) - except HttpResponseError as ex: - # 400 in response to a token request indicates managed identity is disabled, - # or the identity with the specified client_id is not available - if ex.status_code == 400: - self._endpoint_available = False - message = "ManagedIdentityCredential authentication unavailable. " - if self._identity_config: - message += "The requested identity has not been assigned to this resource." - else: - message += "No identity has been assigned to this resource." - raise CredentialUnavailableError(message=message) from ex - - # any other error is unexpected - raise ClientAuthenticationError(message=ex.message, response=ex.response) from None + token = await self._refresh_token(*scopes) + except Exception: # pylint: disable=broad-except + pass return token + async def _refresh_token(self, *scopes): + resource = scopes[0] + if resource.endswith("/.default"): + resource = resource[: -len("/.default")] + params = {"api-version": "2018-02-01", "resource": resource, **self._identity_config} + + try: + token = await self._client.request_token(scopes, method="GET", params=params) + except HttpResponseError as ex: + # 400 in response to a token request indicates managed identity is disabled, + # or the identity with the specified client_id is not available + if ex.status_code == 400: + self._endpoint_available = False + message = "ManagedIdentityCredential authentication unavailable. " + if self._identity_config: + message += "The requested identity has not been assigned to this resource." + else: + message += "No identity has been assigned to this resource." + raise CredentialUnavailableError(message=message) from ex + + # any other error is unexpected + raise ClientAuthenticationError(message=ex.message, response=ex.response) from None + return token + class MsiCredential(_AsyncManagedIdentityBase): """Authenticates via the MSI endpoint in an App Service or Cloud Shell environment. @@ -184,17 +193,26 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> AccessToken: # pyli token = self._client.get_cached_token(scopes) if not token: - resource = scopes[0] - if resource.endswith("/.default"): - resource = resource[: -len("/.default")] - - secret = os.environ.get(EnvironmentVariables.MSI_SECRET) - if secret: - # MSI_ENDPOINT and MSI_SECRET set -> App Service - token = await self._request_app_service_token(scopes=scopes, resource=resource, secret=secret) - else: - # only MSI_ENDPOINT set -> legacy-style MSI (Cloud Shell) - token = await self._request_legacy_token(scopes=scopes, resource=resource) + token = await self._refresh_token(*scopes) + elif self._client.should_refresh(token): + try: + token = await self._refresh_token(*scopes) + except Exception: # pylint: disable=broad-except + pass + return token + + async def _refresh_token(self, *scopes): + resource = scopes[0] + if resource.endswith("/.default"): + resource = resource[: -len("/.default")] + + secret = os.environ.get(EnvironmentVariables.MSI_SECRET) + if secret: + # MSI_ENDPOINT and MSI_SECRET set -> App Service + token = await self._request_app_service_token(scopes=scopes, resource=resource, secret=secret) + else: + # only MSI_ENDPOINT set -> legacy-style MSI (Cloud Shell) + token = await self._request_legacy_token(scopes=scopes, resource=resource) return token async def _request_app_service_token(self, scopes, resource, secret): diff --git a/sdk/identity/azure-identity/tests/test_token_refresh_offset.py b/sdk/identity/azure-identity/tests/test_token_refresh_offset.py index 49aedab4d8d5..c97e0eab14f5 100644 --- a/sdk/identity/azure-identity/tests/test_token_refresh_offset.py +++ b/sdk/identity/azure-identity/tests/test_token_refresh_offset.py @@ -4,8 +4,10 @@ # ------------------------------------ import time from azure.identity._internal.aad_client import AadClient +from azure.identity._authn_client import AuthnClient from azure.core.credentials import AccessToken import pytest +from helpers import mock_response try: from unittest import mock @@ -13,7 +15,8 @@ import mock -def test_if_refresh(): + +def test_aad_client_if_refresh(): client = AadClient("test", "test") now = int(time.time()) @@ -33,3 +36,24 @@ def test_if_refresh(): client._last_refresh_time = now - 5 should_refresh = client.should_refresh(token) assert not should_refresh + +def test_auth_client_if_refresh(): + client = AuthnClient(endpoint="http://foo") + now = int(time.time()) + + # do not need refresh + token = AccessToken("token", now + 500) + should_refresh = client.should_refresh(token) + assert not should_refresh + + # need refresh + token = AccessToken("token", now + 100) + client._last_refresh_time = now - 500 + should_refresh = client.should_refresh(token) + assert should_refresh + + # not exceed cool down time, do not refresh + token = AccessToken("token", now + 100) + client._last_refresh_time = now - 5 + should_refresh = client.should_refresh(token) + assert not should_refresh \ No newline at end of file From 9ed71f1a69c3ee90f162f92f53ecf7b54b38127b Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 24 Jun 2020 10:40:00 -0700 Subject: [PATCH 06/32] update --- .../azure-identity/azure/identity/_authn_client.py | 2 +- .../azure/identity/_credentials/authorization_code.py | 5 +++++ .../azure/identity/_credentials/certificate.py | 5 +++++ .../azure/identity/_credentials/managed_identity.py | 5 +++++ .../azure/identity/_credentials/vscode_credential.py | 8 +++++++- .../azure/identity/aio/_credentials/authorization_code.py | 5 +++++ .../azure/identity/aio/_credentials/certificate.py | 5 +++++ .../azure/identity/aio/_credentials/client_secret.py | 5 +++++ .../azure/identity/aio/_credentials/managed_identity.py | 5 +++++ .../azure/identity/aio/_credentials/vscode_credential.py | 8 +++++++- 10 files changed, 50 insertions(+), 3 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_authn_client.py b/sdk/identity/azure-identity/azure/identity/_authn_client.py index 94201f399224..bb2d8302e8ef 100644 --- a/sdk/identity/azure-identity/azure/identity/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/_authn_client.py @@ -90,7 +90,7 @@ def get_cached_token(self, scopes): tokens = self._cache.find(TokenCache.CredentialType.ACCESS_TOKEN, target=list(scopes)) for token in tokens: expires_on = int(token["expires_on"]) - if expires_on - 300 > int(time.time()): + if expires_on - 30 > int(time.time()): return AccessToken(token["secret"], expires_on) return None diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py index b02e64baf684..54aed98fd6f3 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py @@ -28,6 +28,11 @@ class AuthorizationCodeCredential(object): the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities` defines authorities for other clouds. :keyword str client_secret: One of the application's client secrets. Required only for web apps and web APIs. + :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + default to 30s. + :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry + of the token. """ def __init__(self, tenant_id, client_id, authorization_code, redirect_uri, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py index d88972c75265..915339628d49 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py @@ -28,6 +28,11 @@ class CertificateCredential(CertificateCredentialBase): False. :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False. + :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + default to 30s. + :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry + of the token. """ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py index 3cf055f816c1..623fcb38812b 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py @@ -44,6 +44,11 @@ class ManagedIdentityCredential(object): or resource ID, for example ``{"object_id": "..."}``. Check the documentation for your hosting environment to learn what values it expects. :paramtype identity_config: Mapping[str, str] + :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + default to 30s. + :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry + of the token. """ def __init__(self, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py index d0ae1e465a6a..1026dbb0e301 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py @@ -24,7 +24,13 @@ class VSCodeCredential(object): """Authenticates by redeeming a refresh token previously saved by VS Code - """ + :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + default to 30s. + :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry + of the token. + + """ def __init__(self, **kwargs): self._client = kwargs.pop("_client", None) or AadClient("organizations", AZURE_VSCODE_CLIENT_ID, **kwargs) diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py index 90edc002b243..7a5eb8b7b064 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py @@ -29,6 +29,11 @@ class AuthorizationCodeCredential(AsyncCredentialBase): the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities` defines authorities for other clouds. :keyword str client_secret: One of the application's client secrets. Required only for web apps and web APIs. + :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + default to 30s. + :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry + of the token. """ async def __aenter__(self): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py index ade6bb8e7d8c..792b5175eee6 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py @@ -26,6 +26,11 @@ class CertificateCredential(CertificateCredentialBase, AsyncCredentialBase): :keyword password: The certificate's password. If a unicode string, it will be encoded as UTF-8. If the certificate requires a different encoding, pass appropriately encoded bytes instead. :paramtype password: str or bytes + :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + default to 30s. + :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry + of the token. """ async def __aenter__(self): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py index 767a80b3cf84..88d1e10e3f41 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py @@ -27,6 +27,11 @@ class ClientSecretCredential(AsyncCredentialBase, ClientSecretCredentialBase): False. :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False. + :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + default to 30s. + :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry + of the token. """ async def __aenter__(self): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py index 6b17a55ada91..194d7f1d18ed 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py @@ -32,6 +32,11 @@ class ManagedIdentityCredential(AsyncCredentialBase): or resource ID, for example ``{"object_id": "..."}``. Check the documentation for your hosting environment to learn what values it expects. :paramtype identity_config: Mapping[str, str] + :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + default to 30s. + :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry of the + token. """ def __init__(self, **kwargs: "Any") -> None: diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py index 5d5d3f68248a..cb035d4aa162 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py @@ -18,7 +18,13 @@ class VSCodeCredential(AsyncCredentialBase): """Authenticates by redeeming a refresh token previously saved by VS Code - """ + :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + default to 30s. + :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry + of the token. + + """ def __init__(self, **kwargs): self._client = kwargs.pop("_client", None) or AadClient("organizations", AZURE_VSCODE_CLIENT_ID, **kwargs) From e6ab9286b0e59ea3ebe6448d50482dbf930aac3c Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 24 Jun 2020 13:36:05 -0700 Subject: [PATCH 07/32] updates --- .../azure/identity/_authn_client.py | 8 +-- .../azure/identity/_constants.py | 2 +- .../_credentials/authorization_code.py | 4 +- .../identity/_credentials/certificate.py | 4 +- .../identity/_credentials/managed_identity.py | 4 +- .../_credentials/vscode_credential.py | 4 +- .../identity/_internal/aad_client_base.py | 8 +-- .../aio/_credentials/authorization_code.py | 4 +- .../identity/aio/_credentials/certificate.py | 4 +- .../aio/_credentials/client_secret.py | 4 +- .../aio/_credentials/managed_identity.py | 4 +- .../aio/_credentials/vscode_credential.py | 6 +- .../azure-identity/tests/test_aad_client.py | 36 ++++++++++- .../tests/test_aad_client_async.py | 36 ++++++++++- .../azure-identity/tests/test_authn_client.py | 33 ++++++++++- .../tests/test_authn_client_async.py | 35 ++++++++++- .../tests/test_token_refresh_offset.py | 59 ------------------- 17 files changed, 162 insertions(+), 93 deletions(-) delete mode 100644 sdk/identity/azure-identity/tests/test_token_refresh_offset.py diff --git a/sdk/identity/azure-identity/azure/identity/_authn_client.py b/sdk/identity/azure-identity/azure/identity/_authn_client.py index bb2d8302e8ef..24397579e12b 100644 --- a/sdk/identity/azure-identity/azure/identity/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/_authn_client.py @@ -22,7 +22,7 @@ UserAgentPolicy, ) from azure.core.pipeline.transport import RequestsTransport, HttpRequest -from ._constants import AZURE_CLI_CLIENT_ID, DEFAULT_REFRESH_OFFSET, DEFAULT_REFRESH_RETRY_TIMEOUT +from ._constants import AZURE_CLI_CLIENT_ID, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT from ._internal import get_default_authority, normalize_authority from ._internal.user_agent import USER_AGENT @@ -65,9 +65,9 @@ def __init__(self, endpoint=None, authority=None, tenant=None, **kwargs): # pyl authority = normalize_authority(authority) if authority else get_default_authority() self._auth_url = "/".join((authority, tenant.strip("/"), "oauth2/v2.0/token")) self._cache = kwargs.get("cache") or TokenCache() # type: TokenCache - self._refresh_retry_timeout = kwargs.get("refresh_retry_timeout", DEFAULT_REFRESH_RETRY_TIMEOUT) # default 30s + self._token_refresh_retry_timeout = kwargs.get("token_refresh_retry_timeout", DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT) # default 30s self._token_refresh_offset = kwargs.get("token_refresh_offset", DEFAULT_REFRESH_OFFSET) # default 2 min - self._last_refresh_time = int(time.time()) + self._last_refresh_time = 0 @property def auth_url(self): @@ -81,7 +81,7 @@ def should_refresh(self, token): now = int(time.time()) if expires_on - now > self._token_refresh_offset: return False - if now - self._last_refresh_time < self._refresh_retry_timeout: + if now - self._last_refresh_time < self._token_refresh_retry_timeout: return False return True diff --git a/sdk/identity/azure-identity/azure/identity/_constants.py b/sdk/identity/azure-identity/azure/identity/_constants.py index 7947ed6bc40e..8bee456a2e8c 100644 --- a/sdk/identity/azure-identity/azure/identity/_constants.py +++ b/sdk/identity/azure-identity/azure/identity/_constants.py @@ -8,7 +8,7 @@ AZURE_VSCODE_CLIENT_ID = "aebc6443-996d-45c2-90f0-388ff96faa56" VSCODE_CREDENTIALS_SECTION = "VS Code Azure" DEFAULT_REFRESH_OFFSET = 120 -DEFAULT_REFRESH_RETRY_TIMEOUT = 30 +DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT = 30 class KnownAuthorities: diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py index 54aed98fd6f3..3a587941fe4a 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py @@ -28,9 +28,9 @@ class AuthorizationCodeCredential(object): the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities` defines authorities for other clouds. :keyword str client_secret: One of the application's client secrets. Required only for web apps and web APIs. - :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, default to 30s. - :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry of the token. """ diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py index 915339628d49..614704f0bcbc 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py @@ -28,9 +28,9 @@ class CertificateCredential(CertificateCredentialBase): False. :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False. - :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, default to 30s. - :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry of the token. """ diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py index 623fcb38812b..fb3c7668be45 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py @@ -44,9 +44,9 @@ class ManagedIdentityCredential(object): or resource ID, for example ``{"object_id": "..."}``. Check the documentation for your hosting environment to learn what values it expects. :paramtype identity_config: Mapping[str, str] - :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, default to 30s. - :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry of the token. """ diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py index 3c05ff10d079..1a505f5bd0d2 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py @@ -24,9 +24,9 @@ class VSCodeCredential(object): """Authenticates by redeeming a refresh token previously saved by VS Code - :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, default to 30s. - :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry of the token. diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index 2c328608bda6..70615de6504a 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -16,7 +16,7 @@ from azure.core.credentials import AccessToken from azure.core.exceptions import ClientAuthenticationError from . import get_default_authority, normalize_authority -from .._constants import DEFAULT_REFRESH_RETRY_TIMEOUT, DEFAULT_REFRESH_OFFSET +from .._constants import DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT, DEFAULT_REFRESH_OFFSET try: from typing import TYPE_CHECKING @@ -49,9 +49,9 @@ def __init__(self, tenant_id, client_id, authority=None, cache=None, **kwargs): self._cache = cache or TokenCache() self._client_id = client_id self._pipeline = self._build_pipeline(**kwargs) - self._refresh_retry_timeout = kwargs.get("refresh_retry_timeout", DEFAULT_REFRESH_RETRY_TIMEOUT) # default 30s + self._token_refresh_retry_timeout = kwargs.get("token_refresh_retry_timeout", DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT) # default 30s self._token_refresh_offset = kwargs.get("token_refresh_offset", DEFAULT_REFRESH_OFFSET) # default 2 min - self._last_refresh_time = int(time.time()) + self._last_refresh_time = 0 def get_cached_access_token(self, scopes, query=None): # type: (Sequence[str], Optional[dict]) -> Optional[AccessToken] @@ -75,7 +75,7 @@ def should_refresh(self, token): now = int(time.time()) if expires_on - now > self._token_refresh_offset: return False - if now - self._last_refresh_time < self._refresh_retry_timeout: + if now - self._last_refresh_time < self._token_refresh_retry_timeout: return False return True diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py index 7a5eb8b7b064..f283c6d4b11e 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py @@ -29,9 +29,9 @@ class AuthorizationCodeCredential(AsyncCredentialBase): the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities` defines authorities for other clouds. :keyword str client_secret: One of the application's client secrets. Required only for web apps and web APIs. - :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, default to 30s. - :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry of the token. """ diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py index 792b5175eee6..88be59807433 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py @@ -26,9 +26,9 @@ class CertificateCredential(CertificateCredentialBase, AsyncCredentialBase): :keyword password: The certificate's password. If a unicode string, it will be encoded as UTF-8. If the certificate requires a different encoding, pass appropriately encoded bytes instead. :paramtype password: str or bytes - :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, default to 30s. - :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry of the token. """ diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py index 88d1e10e3f41..221ab6f9ab44 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py @@ -27,9 +27,9 @@ class ClientSecretCredential(AsyncCredentialBase, ClientSecretCredentialBase): False. :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False. - :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, default to 30s. - :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry of the token. """ diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py index 194d7f1d18ed..822f947a6f3c 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py @@ -32,9 +32,9 @@ class ManagedIdentityCredential(AsyncCredentialBase): or resource ID, for example ``{"object_id": "..."}``. Check the documentation for your hosting environment to learn what values it expects. :paramtype identity_config: Mapping[str, str] - :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, default to 30s. - :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry of the token. """ diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py index 390b4c7cc3de..4aa8ca4100e0 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py @@ -16,11 +16,11 @@ class VSCodeCredential(AsyncCredentialBase): - """Authenticates by redeeming a refresh token previously saved by VS Code""" + """Authenticates by redeeming a refresh token previously saved by VS Code - :keyword int refresh_retry_timeout: the amount of time to wait before retrying a token refresh in seconds, + :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, default to 30s. - :keyword int token_refresh_offset: the amount of time to subtract from the token expiry time, whereupon + :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry of the token. diff --git a/sdk/identity/azure-identity/tests/test_aad_client.py b/sdk/identity/azure-identity/tests/test_aad_client.py index daa40c3d4659..f1a05810d9e6 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client.py +++ b/sdk/identity/azure-identity/tests/test_aad_client.py @@ -3,10 +3,11 @@ # Licensed under the MIT License. # ------------------------------------ import functools - +import time from azure.core.exceptions import ClientAuthenticationError -from azure.identity._constants import EnvironmentVariables +from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT from azure.identity._internal.aad_client import AadClient +from azure.core.credentials import AccessToken import pytest from msal import TokenCache from six.moves.urllib_parse import urlparse @@ -201,3 +202,34 @@ def send(request, **_): assert transport.send.call_count == 1 assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN)) == 1 assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN, query={"secret": invalid_token})) == 0 + + +def test_should_refresh(): + client = AadClient("test", "test") + now = int(time.time()) + + # do not need refresh + token = AccessToken("token", now + 500) + should_refresh = client.should_refresh(token) + assert not should_refresh + + # need refresh + token = AccessToken("token", now + 100) + client._last_refresh_time = now - 500 + should_refresh = client.should_refresh(token) + assert should_refresh + + # not exceed cool down time, do not refresh + token = AccessToken("token", now + 100) + client._last_refresh_time = now - 5 + should_refresh = client.should_refresh(token) + assert not should_refresh + + +def test_token_refresh_kwargs(): + client = AadClient("test", "test") + assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET + client = AadClient("test", "test", token_refresh_retry_timeout=10, token_refresh_offset=100) + assert client._token_refresh_retry_timeout == 10 + assert client._token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_aad_client_async.py b/sdk/identity/azure-identity/tests/test_aad_client_async.py index e43f70bd4369..7a06a5d26e44 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client_async.py +++ b/sdk/identity/azure-identity/tests/test_aad_client_async.py @@ -5,10 +5,11 @@ import functools from unittest.mock import Mock, patch from urllib.parse import urlparse - +import time from azure.core.exceptions import ClientAuthenticationError -from azure.identity._constants import EnvironmentVariables +from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT from azure.identity.aio._internal.aad_client import AadClient +from azure.core.credentials import AccessToken from msal import TokenCache import pytest @@ -208,3 +209,34 @@ async def send(request, **_): assert transport.send.call_count == 1 assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN)) == 1 assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN, query={"secret": invalid_token})) == 0 + + +def test_should_refresh(): + client = AadClient("test", "test") + now = int(time.time()) + + # do not need refresh + token = AccessToken("token", now + 500) + should_refresh = client.should_refresh(token) + assert not should_refresh + + # need refresh + token = AccessToken("token", now + 100) + client._last_refresh_time = now - 500 + should_refresh = client.should_refresh(token) + assert should_refresh + + # not exceed cool down time, do not refresh + token = AccessToken("token", now + 100) + client._last_refresh_time = now - 5 + should_refresh = client.should_refresh(token) + assert not should_refresh + + +def test_token_refresh_kwargs(): + client = AadClient("test", "test") + assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET + client = AadClient("test", "test", token_refresh_retry_timeout=10, token_refresh_offset=100) + assert client._token_refresh_retry_timeout == 10 + assert client._token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_authn_client.py b/sdk/identity/azure-identity/tests/test_authn_client.py index 6732d43cd4dc..2beaf1259c01 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client.py +++ b/sdk/identity/azure-identity/tests/test_authn_client.py @@ -14,7 +14,7 @@ from azure.core.credentials import AccessToken from azure.identity._authn_client import AuthnClient -from azure.identity._constants import EnvironmentVariables +from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT import pytest from six.moves.urllib_parse import urlparse from helpers import mock_response @@ -233,3 +233,34 @@ def mock_send(request, **kwargs): client.request_token(("scope",)) request = client.get_refresh_token_grant_request({"secret": "***"}, "scope") validate_url(request.url) + + +def test_should_refresh(): + client = AuthnClient(endpoint="http://foo") + now = int(time.time()) + + # do not need refresh + token = AccessToken("token", now + 500) + should_refresh = client.should_refresh(token) + assert not should_refresh + + # need refresh + token = AccessToken("token", now + 100) + client._last_refresh_time = now - 500 + should_refresh = client.should_refresh(token) + assert should_refresh + + # not exceed cool down time, do not refresh + token = AccessToken("token", now + 100) + client._last_refresh_time = now - 5 + should_refresh = client.should_refresh(token) + assert not should_refresh + + +def test_token_refresh_kwargs(): + client = AuthnClient(endpoint="http://foo") + assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET + client = AuthnClient(endpoint="http://foo", token_refresh_retry_timeout=10, token_refresh_offset=100) + assert client._token_refresh_retry_timeout == 10 + assert client._token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_authn_client_async.py b/sdk/identity/azure-identity/tests/test_authn_client_async.py index ab94c2c236c4..3bceea5487ca 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client_async.py +++ b/sdk/identity/azure-identity/tests/test_authn_client_async.py @@ -3,11 +3,13 @@ # Licensed under the MIT License. # ------------------------------------ import asyncio +import time from unittest.mock import Mock, patch from urllib.parse import urlparse import pytest -from azure.identity._constants import EnvironmentVariables +from azure.core.credentials import AccessToken +from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT from azure.identity.aio._authn_client import AsyncAuthnClient from helpers import mock_response @@ -35,3 +37,34 @@ def mock_send(request, **kwargs): with patch.dict("os.environ", {EnvironmentVariables.AZURE_AUTHORITY_HOST: authority}, clear=True): client = AsyncAuthnClient(tenant=tenant_id, transport=Mock(send=wrap_in_future(mock_send))) await client.request_token(("scope",)) + + +def test_should_refresh(): + client = AsyncAuthnClient(endpoint="http://foo") + now = int(time.time()) + + # do not need refresh + token = AccessToken("token", now + 500) + should_refresh = client.should_refresh(token) + assert not should_refresh + + # need refresh + token = AccessToken("token", now + 100) + client._last_refresh_time = now - 500 + should_refresh = client.should_refresh(token) + assert should_refresh + + # not exceed cool down time, do not refresh + token = AccessToken("token", now + 100) + client._last_refresh_time = now - 5 + should_refresh = client.should_refresh(token) + assert not should_refresh + + +def test_token_refresh_kwargs(): + client = AsyncAuthnClient(endpoint="http://foo") + assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET + client = AsyncAuthnClient(endpoint="http://foo", token_refresh_retry_timeout=10, token_refresh_offset=100) + assert client._token_refresh_retry_timeout == 10 + assert client._token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_token_refresh_offset.py b/sdk/identity/azure-identity/tests/test_token_refresh_offset.py deleted file mode 100644 index c97e0eab14f5..000000000000 --- a/sdk/identity/azure-identity/tests/test_token_refresh_offset.py +++ /dev/null @@ -1,59 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -import time -from azure.identity._internal.aad_client import AadClient -from azure.identity._authn_client import AuthnClient -from azure.core.credentials import AccessToken -import pytest -from helpers import mock_response - -try: - from unittest import mock -except ImportError: # python < 3.3 - import mock - - - -def test_aad_client_if_refresh(): - client = AadClient("test", "test") - now = int(time.time()) - - # do not need refresh - token = AccessToken("token", now + 500) - should_refresh = client.should_refresh(token) - assert not should_refresh - - # need refresh - token = AccessToken("token", now + 100) - client._last_refresh_time = now - 500 - should_refresh = client.should_refresh(token) - assert should_refresh - - # not exceed cool down time, do not refresh - token = AccessToken("token", now + 100) - client._last_refresh_time = now - 5 - should_refresh = client.should_refresh(token) - assert not should_refresh - -def test_auth_client_if_refresh(): - client = AuthnClient(endpoint="http://foo") - now = int(time.time()) - - # do not need refresh - token = AccessToken("token", now + 500) - should_refresh = client.should_refresh(token) - assert not should_refresh - - # need refresh - token = AccessToken("token", now + 100) - client._last_refresh_time = now - 500 - should_refresh = client.should_refresh(token) - assert should_refresh - - # not exceed cool down time, do not refresh - token = AccessToken("token", now + 100) - client._last_refresh_time = now - 5 - should_refresh = client.should_refresh(token) - assert not should_refresh \ No newline at end of file From e235ad22f2c9843dfd28f796479589b494bbe57d Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 24 Jun 2020 14:21:24 -0700 Subject: [PATCH 08/32] updates --- .../azure-identity/azure/identity/_internal/aad_client_base.py | 3 ++- sdk/identity/azure-identity/tests/test_aad_client_async.py | 2 +- sdk/identity/azure-identity/tests/test_authn_client_async.py | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index 70615de6504a..995e192accec 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -49,7 +49,8 @@ def __init__(self, tenant_id, client_id, authority=None, cache=None, **kwargs): self._cache = cache or TokenCache() self._client_id = client_id self._pipeline = self._build_pipeline(**kwargs) - self._token_refresh_retry_timeout = kwargs.get("token_refresh_retry_timeout", DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT) # default 30s + self._token_refresh_retry_timeout = kwargs.get("token_refresh_retry_timeout", + DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT) # default 30s self._token_refresh_offset = kwargs.get("token_refresh_offset", DEFAULT_REFRESH_OFFSET) # default 2 min self._last_refresh_time = 0 diff --git a/sdk/identity/azure-identity/tests/test_aad_client_async.py b/sdk/identity/azure-identity/tests/test_aad_client_async.py index 7a06a5d26e44..b75fc28f05f9 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client_async.py +++ b/sdk/identity/azure-identity/tests/test_aad_client_async.py @@ -211,7 +211,7 @@ async def send(request, **_): assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN, query={"secret": invalid_token})) == 0 -def test_should_refresh(): +async def test_should_refresh(): client = AadClient("test", "test") now = int(time.time()) diff --git a/sdk/identity/azure-identity/tests/test_authn_client_async.py b/sdk/identity/azure-identity/tests/test_authn_client_async.py index 3bceea5487ca..1b1acbc479a4 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client_async.py +++ b/sdk/identity/azure-identity/tests/test_authn_client_async.py @@ -39,7 +39,7 @@ def mock_send(request, **kwargs): await client.request_token(("scope",)) -def test_should_refresh(): +async def test_should_refresh(): client = AsyncAuthnClient(endpoint="http://foo") now = int(time.time()) From 6d517685ce64cc0308e9c5f9b26b1962e12a2ae0 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 24 Jun 2020 15:13:08 -0700 Subject: [PATCH 09/32] updates --- sdk/identity/azure-identity/azure/identity/_authn_client.py | 3 ++- sdk/identity/azure-identity/tests/test_aad_client_async.py | 2 +- sdk/identity/azure-identity/tests/test_authn_client_async.py | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_authn_client.py b/sdk/identity/azure-identity/azure/identity/_authn_client.py index 24397579e12b..dd271a1ab546 100644 --- a/sdk/identity/azure-identity/azure/identity/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/_authn_client.py @@ -65,7 +65,8 @@ def __init__(self, endpoint=None, authority=None, tenant=None, **kwargs): # pyl authority = normalize_authority(authority) if authority else get_default_authority() self._auth_url = "/".join((authority, tenant.strip("/"), "oauth2/v2.0/token")) self._cache = kwargs.get("cache") or TokenCache() # type: TokenCache - self._token_refresh_retry_timeout = kwargs.get("token_refresh_retry_timeout", DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT) # default 30s + self._token_refresh_retry_timeout = kwargs.get("token_refresh_retry_timeout", + DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT) # default 30s self._token_refresh_offset = kwargs.get("token_refresh_offset", DEFAULT_REFRESH_OFFSET) # default 2 min self._last_refresh_time = 0 diff --git a/sdk/identity/azure-identity/tests/test_aad_client_async.py b/sdk/identity/azure-identity/tests/test_aad_client_async.py index b75fc28f05f9..e97db39b0af2 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client_async.py +++ b/sdk/identity/azure-identity/tests/test_aad_client_async.py @@ -233,7 +233,7 @@ async def test_should_refresh(): assert not should_refresh -def test_token_refresh_kwargs(): +async def test_token_refresh_kwargs(): client = AadClient("test", "test") assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_authn_client_async.py b/sdk/identity/azure-identity/tests/test_authn_client_async.py index 1b1acbc479a4..783c4ab5cb4f 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client_async.py +++ b/sdk/identity/azure-identity/tests/test_authn_client_async.py @@ -61,7 +61,7 @@ async def test_should_refresh(): assert not should_refresh -def test_token_refresh_kwargs(): +async def test_token_refresh_kwargs(): client = AsyncAuthnClient(endpoint="http://foo") assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET From beb9027bea28e736e6097cc5b74e07b934ddc1f0 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Thu, 25 Jun 2020 10:11:17 -0700 Subject: [PATCH 10/32] updates --- .../azure-identity/tests/test_aad_client.py | 32 ++++++++++++++++--- .../tests/test_aad_client_async.py | 32 ++++++++++++++++--- .../azure-identity/tests/test_authn_client.py | 32 ++++++++++++++++--- .../tests/test_authn_client_async.py | 32 ++++++++++++++++--- 4 files changed, 112 insertions(+), 16 deletions(-) diff --git a/sdk/identity/azure-identity/tests/test_aad_client.py b/sdk/identity/azure-identity/tests/test_aad_client.py index f1a05810d9e6..e0413b2b8986 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client.py +++ b/sdk/identity/azure-identity/tests/test_aad_client.py @@ -209,7 +209,7 @@ def test_should_refresh(): now = int(time.time()) # do not need refresh - token = AccessToken("token", now + 500) + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET + 1) should_refresh = client.should_refresh(token) assert not should_refresh @@ -230,6 +230,30 @@ def test_token_refresh_kwargs(): client = AadClient("test", "test") assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET - client = AadClient("test", "test", token_refresh_retry_timeout=10, token_refresh_offset=100) - assert client._token_refresh_retry_timeout == 10 - assert client._token_refresh_offset == 100 + + test_token_refresh_retry_timeout = 10 + test_token_refresh_offset = 100 + client = AadClient("test", "test", + token_refresh_retry_timeout=test_token_refresh_retry_timeout, + token_refresh_offset=test_token_refresh_offset) + assert client._token_refresh_retry_timeout == test_token_refresh_retry_timeout + assert client._token_refresh_offset == test_token_refresh_offset + + now = int(time.time()) + + # do not need refresh + token = AccessToken("token", now + test_token_refresh_offset + 1) + should_refresh = client.should_refresh(token) + assert not should_refresh + + # need refresh + token = AccessToken("token", now + test_token_refresh_offset - 1) + client._last_refresh_time = now - test_token_refresh_retry_timeout - 1 + should_refresh = client.should_refresh(token) + assert should_refresh + + # not exceed cool down time, do not refresh + token = AccessToken("token", now + test_token_refresh_offset - 1) + client._last_refresh_time = now - test_token_refresh_retry_timeout + 1 + should_refresh = client.should_refresh(token) + assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_aad_client_async.py b/sdk/identity/azure-identity/tests/test_aad_client_async.py index e97db39b0af2..229cbfacab23 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client_async.py +++ b/sdk/identity/azure-identity/tests/test_aad_client_async.py @@ -216,7 +216,7 @@ async def test_should_refresh(): now = int(time.time()) # do not need refresh - token = AccessToken("token", now + 500) + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET + 1) should_refresh = client.should_refresh(token) assert not should_refresh @@ -237,6 +237,30 @@ async def test_token_refresh_kwargs(): client = AadClient("test", "test") assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET - client = AadClient("test", "test", token_refresh_retry_timeout=10, token_refresh_offset=100) - assert client._token_refresh_retry_timeout == 10 - assert client._token_refresh_offset == 100 + + test_token_refresh_retry_timeout = 10 + test_token_refresh_offset = 100 + client = AadClient("test", "test", + token_refresh_retry_timeout=test_token_refresh_retry_timeout, + token_refresh_offset=test_token_refresh_offset) + assert client._token_refresh_retry_timeout == test_token_refresh_retry_timeout + assert client._token_refresh_offset == test_token_refresh_offset + + now = int(time.time()) + + # do not need refresh + token = AccessToken("token", now + test_token_refresh_offset + 1) + should_refresh = client.should_refresh(token) + assert not should_refresh + + # need refresh + token = AccessToken("token", now + test_token_refresh_offset - 1) + client._last_refresh_time = now - test_token_refresh_retry_timeout - 1 + should_refresh = client.should_refresh(token) + assert should_refresh + + # not exceed cool down time, do not refresh + token = AccessToken("token", now + test_token_refresh_offset - 1) + client._last_refresh_time = now - test_token_refresh_retry_timeout + 1 + should_refresh = client.should_refresh(token) + assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client.py b/sdk/identity/azure-identity/tests/test_authn_client.py index 2beaf1259c01..2a9c61b79a5a 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client.py +++ b/sdk/identity/azure-identity/tests/test_authn_client.py @@ -240,7 +240,7 @@ def test_should_refresh(): now = int(time.time()) # do not need refresh - token = AccessToken("token", now + 500) + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET + 1) should_refresh = client.should_refresh(token) assert not should_refresh @@ -261,6 +261,30 @@ def test_token_refresh_kwargs(): client = AuthnClient(endpoint="http://foo") assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET - client = AuthnClient(endpoint="http://foo", token_refresh_retry_timeout=10, token_refresh_offset=100) - assert client._token_refresh_retry_timeout == 10 - assert client._token_refresh_offset == 100 + + test_token_refresh_retry_timeout = 10 + test_token_refresh_offset = 100 + client = AuthnClient(endpoint="http://foo", + token_refresh_retry_timeout=test_token_refresh_retry_timeout, + token_refresh_offset=test_token_refresh_offset) + assert client._token_refresh_retry_timeout == test_token_refresh_retry_timeout + assert client._token_refresh_offset == test_token_refresh_offset + + now = int(time.time()) + + # do not need refresh + token = AccessToken("token", now + test_token_refresh_offset + 1) + should_refresh = client.should_refresh(token) + assert not should_refresh + + # need refresh + token = AccessToken("token", now + test_token_refresh_offset - 1) + client._last_refresh_time = now - test_token_refresh_retry_timeout - 1 + should_refresh = client.should_refresh(token) + assert should_refresh + + # not exceed cool down time, do not refresh + token = AccessToken("token", now + test_token_refresh_offset - 1) + client._last_refresh_time = now - test_token_refresh_retry_timeout + 1 + should_refresh = client.should_refresh(token) + assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client_async.py b/sdk/identity/azure-identity/tests/test_authn_client_async.py index 783c4ab5cb4f..20ae64f4e3e3 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client_async.py +++ b/sdk/identity/azure-identity/tests/test_authn_client_async.py @@ -44,7 +44,7 @@ async def test_should_refresh(): now = int(time.time()) # do not need refresh - token = AccessToken("token", now + 500) + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET + 1) should_refresh = client.should_refresh(token) assert not should_refresh @@ -65,6 +65,30 @@ async def test_token_refresh_kwargs(): client = AsyncAuthnClient(endpoint="http://foo") assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET - client = AsyncAuthnClient(endpoint="http://foo", token_refresh_retry_timeout=10, token_refresh_offset=100) - assert client._token_refresh_retry_timeout == 10 - assert client._token_refresh_offset == 100 + + test_token_refresh_retry_timeout = 10 + test_token_refresh_offset = 100 + client = AsyncAuthnClient(endpoint="http://foo", + token_refresh_retry_timeout=test_token_refresh_retry_timeout, + token_refresh_offset=test_token_refresh_offset) + assert client._token_refresh_retry_timeout == test_token_refresh_retry_timeout + assert client._token_refresh_offset == test_token_refresh_offset + + now = int(time.time()) + + # do not need refresh + token = AccessToken("token", now + test_token_refresh_offset + 1) + should_refresh = client.should_refresh(token) + assert not should_refresh + + # need refresh + token = AccessToken("token", now + test_token_refresh_offset - 1) + client._last_refresh_time = now - test_token_refresh_retry_timeout - 1 + should_refresh = client.should_refresh(token) + assert should_refresh + + # not exceed cool down time, do not refresh + token = AccessToken("token", now + test_token_refresh_offset - 1) + client._last_refresh_time = now - test_token_refresh_retry_timeout + 1 + should_refresh = client.should_refresh(token) + assert not should_refresh From 08fa31e27262332466a53267894049756f079237 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Fri, 26 Jun 2020 16:23:39 -0700 Subject: [PATCH 11/32] expose token_refresh_offset --- .../azure/identity/_authn_client.py | 5 +++++ .../identity/_credentials/authorization_code.py | 5 +++++ .../azure/identity/_credentials/azure_cli.py | 5 +++++ .../azure/identity/_credentials/environment.py | 5 +++++ .../identity/_credentials/managed_identity.py | 9 +++++++++ .../identity/_credentials/vscode_credential.py | 11 ++++++++--- .../azure/identity/_internal/aad_client_base.py | 5 +++++ .../_internal/certificate_credential_base.py | 5 +++++ .../_internal/client_secret_credential_base.py | 5 +++++ .../linux_vscode_adapter.py | 0 .../macos_vscode_adapter.py | 0 .../azure/identity/_internal/msal_credentials.py | 7 ++++++- .../identity/_internal/shared_token_cache.py | 7 ++++++- .../win_vscode_adapter.py | 0 .../aio/_credentials/authorization_code.py | 5 +++++ .../azure/identity/aio/_credentials/azure_cli.py | 5 +++++ .../identity/aio/_credentials/environment.py | 7 ++++++- .../aio/_credentials/managed_identity.py | 5 +++++ .../aio/_credentials/vscode_credential.py | 5 +++++ .../tests/test_certificate_credential.py | 5 +++++ .../tests/test_certificate_credential_async.py | 6 ++++++ .../azure-identity/tests/test_cli_credential.py | 6 ++++++ .../tests/test_cli_credential_async.py | 6 ++++++ .../tests/test_client_secret_credential.py | 6 +++++- .../tests/test_client_secret_credential_async.py | 7 ++++++- .../azure-identity/tests/test_imds_credential.py | 6 +++++- .../tests/test_imds_credential_async.py | 6 +++++- .../tests/test_managed_identity.py | 6 +++++- .../tests/test_managed_identity_async.py | 7 ++++++- .../azure-identity/tests/test_msi_credential.py | 10 +++++++++- .../tests/test_msi_credential_async.py | 10 +++++++++- .../tests/test_username_password_credential.py | 16 ++++++++++++++++ .../tests/test_vscode_credential.py | 6 ++++++ .../tests/test_vscode_credential_async.py | 7 +++++++ 34 files changed, 192 insertions(+), 14 deletions(-) rename sdk/identity/azure-identity/azure/identity/{_credentials => _internal}/linux_vscode_adapter.py (100%) rename sdk/identity/azure-identity/azure/identity/{_credentials => _internal}/macos_vscode_adapter.py (100%) rename sdk/identity/azure-identity/azure/identity/{_credentials => _internal}/win_vscode_adapter.py (100%) diff --git a/sdk/identity/azure-identity/azure/identity/_authn_client.py b/sdk/identity/azure-identity/azure/identity/_authn_client.py index dd271a1ab546..4d00892d2b74 100644 --- a/sdk/identity/azure-identity/azure/identity/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/_authn_client.py @@ -86,6 +86,11 @@ def should_refresh(self, token): return False return True + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._token_refresh_offset + def get_cached_token(self, scopes): # type: (Iterable[str]) -> Optional[AccessToken] tokens = self._cache.find(TokenCache.CredentialType.ACCESS_TOKEN, target=list(scopes)) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py index 3a587941fe4a..c1540177e0fd 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py @@ -94,3 +94,8 @@ def _redeem_refresh_token(self, scopes, **kwargs): if token: return token return None + + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py index 07687f8d32c1..22852c70e39c 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py @@ -17,6 +17,7 @@ from .. import CredentialUnavailableError from .._internal import _scopes_to_resource +from .._constants import DEFAULT_REFRESH_OFFSET if TYPE_CHECKING: # pylint:disable=ungrouped-imports @@ -61,6 +62,10 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=no-self-use,unused-arg return token + @property + def token_refresh_offset(self): + # type: (None) -> int + return DEFAULT_REFRESH_OFFSET def parse_token(output): """Parse output of 'az account get-access-token' to an AccessToken. diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/environment.py b/sdk/identity/azure-identity/azure/identity/_credentials/environment.py index dc37abca83c1..5dcf7770fb0d 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/environment.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/environment.py @@ -92,3 +92,8 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument ) raise CredentialUnavailableError(message=message) return self._credential.get_token(*scopes, **kwargs) + + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._credential.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py index fb3c7668be45..1c69e97c372c 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py @@ -74,6 +74,10 @@ def get_token(self, *scopes, **kwargs): raise CredentialUnavailableError(message="No managed identity endpoint found.") return self._credential.get_token(*scopes, **kwargs) + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._credential.token_refresh_offset class _ManagedIdentityBase(object): def __init__(self, endpoint, client_cls, config=None, client_id=None, **kwargs): @@ -130,6 +134,11 @@ def _create_config(**kwargs): "retry_on_status_codes": [404, 429] + list(range(500, 600)), } + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._client.token_refresh_offset + class ImdsCredential(_ManagedIdentityBase): """Authenticates with a managed identity via the IMDS endpoint. diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py index 1a505f5bd0d2..0144d085b220 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py @@ -9,11 +9,11 @@ from .._internal.aad_client import AadClient if sys.platform.startswith("win"): - from .win_vscode_adapter import get_credentials + from .._internal.win_vscode_adapter import get_credentials elif sys.platform.startswith("darwin"): - from .macos_vscode_adapter import get_credentials + from .._internal.macos_vscode_adapter import get_credentials else: - from .linux_vscode_adapter import get_credentials + from .._internal.linux_vscode_adapter import get_credentials if TYPE_CHECKING: # pylint:disable=unused-import,ungrouped-imports @@ -73,3 +73,8 @@ def _redeem_refresh_token(self, scopes, **kwargs): token = self._client.obtain_token_by_refresh_token(scopes, self._refresh_token, **kwargs) return token + + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index 995e192accec..c0513dc3ebd8 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -101,6 +101,11 @@ def obtain_token_by_refresh_token(self, scopes, refresh_token, **kwargs): def _build_pipeline(self, config=None, policies=None, transport=None, **kwargs): pass + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._token_refresh_offset + def _process_response(self, response, request_time): # type: (PipelineResponse, int) -> AccessToken self._last_refresh_time = int(time.time()) # no matter succeed or not, update the last refresh time diff --git a/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py index c13fe86d7a29..28552eaf104f 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py @@ -57,3 +57,8 @@ def __init__(self, tenant_id, client_id, certificate_path, **kwargs): @abc.abstractmethod def _get_auth_client(self, tenant_id, client_id, **kwargs): pass + + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py index 4854a396e84f..fd0a4360c21e 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py @@ -45,3 +45,8 @@ def __init__(self, tenant_id, client_id, client_secret, **kwargs): @abc.abstractmethod def _get_auth_client(self, tenant_id, client_id, **kwargs): pass + + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/linux_vscode_adapter.py b/sdk/identity/azure-identity/azure/identity/_internal/linux_vscode_adapter.py similarity index 100% rename from sdk/identity/azure-identity/azure/identity/_credentials/linux_vscode_adapter.py rename to sdk/identity/azure-identity/azure/identity/_internal/linux_vscode_adapter.py diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/macos_vscode_adapter.py b/sdk/identity/azure-identity/azure/identity/_internal/macos_vscode_adapter.py similarity index 100% rename from sdk/identity/azure-identity/azure/identity/_credentials/macos_vscode_adapter.py rename to sdk/identity/azure-identity/azure/identity/_internal/macos_vscode_adapter.py diff --git a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py index b408d37d69ac..d017c64c2140 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py @@ -19,7 +19,7 @@ from .exception_wrapper import wrap_exceptions from .msal_transport_adapter import MsalTransportAdapter from .persistent_cache import load_user_cache -from .._constants import KnownAuthorities +from .._constants import KnownAuthorities, DEFAULT_REFRESH_OFFSET from .._exceptions import AuthenticationRequiredError, CredentialUnavailableError from .._internal import get_default_authority, normalize_authority from .._auth_record import AuthenticationRecord @@ -137,6 +137,11 @@ def _create_app(self, cls): return app + @property + def token_refresh_offset(self): + # type: (None) -> int + return DEFAULT_REFRESH_OFFSET + class ConfidentialClientCredential(MsalCredential): """Wraps an MSAL ConfidentialClientApplication with the TokenCredential API""" diff --git a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py index 1cbb6f986352..ea58f99a7c3a 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py @@ -11,7 +11,7 @@ from azure.core.credentials import AccessToken from .. import CredentialUnavailableError -from .._constants import KnownAuthorities +from .._constants import KnownAuthorities, DEFAULT_REFRESH_OFFSET from .._internal import get_default_authority, normalize_authority, wrap_exceptions from .._internal.persistent_cache import load_user_cache @@ -229,6 +229,11 @@ def _get_refresh_tokens(self, account): message = "Error accessing cached data: {}".format(ex) six.raise_from(CredentialUnavailableError(message=message), ex) + @property + def token_refresh_offset(self): + # type: (None) -> int + return DEFAULT_REFRESH_OFFSET + @staticmethod def supported(): # type: () -> bool diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/win_vscode_adapter.py b/sdk/identity/azure-identity/azure/identity/_internal/win_vscode_adapter.py similarity index 100% rename from sdk/identity/azure-identity/azure/identity/_credentials/win_vscode_adapter.py rename to sdk/identity/azure-identity/azure/identity/_internal/win_vscode_adapter.py diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py index f283c6d4b11e..08b1ed79c373 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py @@ -105,3 +105,8 @@ async def _redeem_refresh_token(self, scopes: "Sequence[str]", **kwargs: "Any") if token: return token return None + + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py index a562a7831b9f..dc09da98313a 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py @@ -8,6 +8,7 @@ from azure.core.exceptions import ClientAuthenticationError from .._credentials.base import AsyncCredentialBase from ... import CredentialUnavailableError +from ..._constants import DEFAULT_REFRESH_OFFSET from ..._credentials.azure_cli import ( AzureCliCredential as _SyncAzureCliCredential, CLI_NOT_FOUND, @@ -57,6 +58,10 @@ async def get_token(self, *scopes, **kwargs): async def close(self): """Calling this method is unnecessary""" + @property + def token_refresh_offset(self): + # type: (None) -> int + return DEFAULT_REFRESH_OFFSET async def _run_command(command): if sys.platform.startswith("win"): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py index 7e1197d702c2..3dce3103d47d 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py @@ -6,7 +6,7 @@ from typing import TYPE_CHECKING from ... import CredentialUnavailableError -from ..._constants import EnvironmentVariables +from ..._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET from .certificate import CertificateCredential from .client_secret import ClientSecretCredential from .base import AsyncCredentialBase @@ -78,3 +78,8 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": ) raise CredentialUnavailableError(message=message) return await self._credential.get_token(*scopes, **kwargs) + + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._credential.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py index 822f947a6f3c..d7bf2c6e2666 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py @@ -69,6 +69,10 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": raise CredentialUnavailableError(message="No managed identity endpoint found.") return await self._credential.get_token(*scopes, **kwargs) + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._credential.token_refresh_offset class _AsyncManagedIdentityBase(_ManagedIdentityBase, AsyncCredentialBase): def __init__(self, endpoint: str, **kwargs: "Any") -> None: @@ -227,3 +231,4 @@ async def _request_app_service_token(self, scopes, resource, secret): async def _request_legacy_token(self, scopes, resource): form_data = {"resource": resource, **self._identity_config} return await self._client.request_token(scopes, method="POST", form_data=form_data) + diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py index 4aa8ca4100e0..7709b5d08691 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py @@ -75,3 +75,8 @@ async def _redeem_refresh_token(self, scopes: "Sequence[str]", **kwargs: "Any") token = await self._client.obtain_token_by_refresh_token(scopes, self._refresh_token, **kwargs) return token + + @property + def token_refresh_offset(self): + # type: (None) -> int + return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential.py b/sdk/identity/azure-identity/tests/test_certificate_credential.py index af0eee63c580..f8ec6f00f723 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential.py @@ -9,6 +9,7 @@ from azure.identity import CertificateCredential from azure.identity._constants import EnvironmentVariables from azure.identity._internal.user_agent import USER_AGENT +from azure.identity._constants import DEFAULT_REFRESH_OFFSET from cryptography import x509 from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes @@ -240,3 +241,7 @@ def test_persistent_cache_multiple_clients(cert_path, cert_password): token_b = credential_b.get_token(scope) assert token_b.token == access_token_b assert transport_b.send.call_count == 1 + +def test_token_refresh_offset(): + credential = CertificateCredential("tenant-id", "client-id", CERT_PATH) + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py index 01d2839fc2cc..bcb697927552 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py @@ -9,6 +9,7 @@ from azure.identity._constants import EnvironmentVariables from azure.identity._internal.user_agent import USER_AGENT from azure.identity.aio import CertificateCredential +from azure.identity._constants import DEFAULT_REFRESH_OFFSET from msal import TokenCache import pytest @@ -233,3 +234,8 @@ async def test_persistent_cache_multiple_clients(cert_path, cert_password): token_b = await credential_b.get_token(scope) assert token_b.token == access_token_b assert transport_b.send.call_count == 1 + +@pytest.mark.asyncio +async def test_token_refresh_offset(): + credential = CertificateCredential("tenant-id", "client-id", CERT_PATH) + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_cli_credential.py b/sdk/identity/azure-identity/tests/test_cli_credential.py index 3467a451356a..ac066df580e7 100644 --- a/sdk/identity/azure-identity/tests/test_cli_credential.py +++ b/sdk/identity/azure-identity/tests/test_cli_credential.py @@ -8,6 +8,7 @@ from azure.identity import AzureCliCredential, CredentialUnavailableError from azure.identity._credentials.azure_cli import CLI_NOT_FOUND, NOT_LOGGED_IN from azure.core.exceptions import ClientAuthenticationError +from azure.identity._constants import DEFAULT_REFRESH_OFFSET import subprocess import pytest @@ -137,3 +138,8 @@ def test_subprocess_error_does_not_expose_token(output): assert "secret value" not in str(ex.value) assert "secret value" not in repr(ex.value) + + +def test_token_refresh_offset(): + credential = AzureCliCredential() + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_cli_credential_async.py b/sdk/identity/azure-identity/tests/test_cli_credential_async.py index ae9dec90a341..58bfc83adafc 100644 --- a/sdk/identity/azure-identity/tests/test_cli_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_cli_credential_async.py @@ -11,6 +11,7 @@ from azure.identity.aio import AzureCliCredential from azure.identity._credentials.azure_cli import CLI_NOT_FOUND, NOT_LOGGED_IN from azure.core.exceptions import ClientAuthenticationError +from azure.identity._constants import DEFAULT_REFRESH_OFFSET import pytest from helpers_async import get_completed_future @@ -169,3 +170,8 @@ async def test_subprocess_error_does_not_expose_token(output): assert "secret value" not in str(ex.value) assert "secret value" not in repr(ex.value) + + +async def test_token_refresh_offset(): + credential = AzureCliCredential() + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential.py b/sdk/identity/azure-identity/tests/test_client_secret_credential.py index ea3362a3f0ff..18ed751a6a29 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential.py @@ -7,7 +7,7 @@ from azure.core.credentials import AccessToken from azure.core.pipeline.policies import ContentDecodePolicy, SansIOHTTPPolicy from azure.identity import ClientSecretCredential -from azure.identity._constants import EnvironmentVariables +from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET from azure.identity._internal.user_agent import USER_AGENT from msal import TokenCache import pytest @@ -233,3 +233,7 @@ def test_persistent_cache_multiple_clients(): token_b = credential_b.get_token(scope) assert token_b.token == access_token_b assert transport_b.send.call_count == 1 + +def test_token_refresh_offset(): + credential = ClientSecretCredential("tenant-id", "client-id", "client-secret") + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py index 4731f1cb7bc2..04330652c6fa 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py @@ -8,7 +8,7 @@ from azure.core.credentials import AccessToken from azure.core.pipeline.policies import ContentDecodePolicy, SansIOHTTPPolicy -from azure.identity._constants import EnvironmentVariables +from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET from azure.identity._internal.user_agent import USER_AGENT from azure.identity.aio import ClientSecretCredential from msal import TokenCache @@ -260,3 +260,8 @@ async def test_persistent_cache_multiple_clients(): token_b = await credential_b.get_token(scope) assert token_b.token == access_token_b assert transport_b.send.call_count == 1 + +@pytest.mark.asyncio +async def test_token_refresh_offset(): + credential = ClientSecretCredential("tenant-id", "client-id", "client-secret") + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_imds_credential.py b/sdk/identity/azure-identity/tests/test_imds_credential.py index 95f53088b11a..c6cd46fad261 100644 --- a/sdk/identity/azure-identity/tests/test_imds_credential.py +++ b/sdk/identity/azure-identity/tests/test_imds_credential.py @@ -8,7 +8,7 @@ from azure.core.exceptions import ClientAuthenticationError from azure.identity import CredentialUnavailableError -from azure.identity._constants import Endpoints +from azure.identity._constants import Endpoints, DEFAULT_REFRESH_OFFSET from azure.identity._credentials.managed_identity import ImdsCredential import pytest from azure.identity._internal.user_agent import USER_AGENT @@ -173,3 +173,7 @@ def test_identity_config(): token = credential.get_token(scope) assert token == expected_token + +def test_token_refresh_offset(): + credential = ImdsCredential() + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_imds_credential_async.py b/sdk/identity/azure-identity/tests/test_imds_credential_async.py index a4d056f399fc..fe7f9af9fee1 100644 --- a/sdk/identity/azure-identity/tests/test_imds_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_imds_credential_async.py @@ -9,7 +9,7 @@ from azure.core.credentials import AccessToken from azure.core.exceptions import ClientAuthenticationError from azure.identity import CredentialUnavailableError -from azure.identity._constants import Endpoints +from azure.identity._constants import Endpoints, DEFAULT_REFRESH_OFFSET from azure.identity._internal.user_agent import USER_AGENT from azure.identity.aio._credentials.managed_identity import ImdsCredential import pytest @@ -202,3 +202,7 @@ async def test_identity_config(): token = await credential.get_token(scope) assert token == expected_token + +async def test_token_refresh_offset(): + credential = ImdsCredential() + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_managed_identity.py b/sdk/identity/azure-identity/tests/test_managed_identity.py index 668fb6519b8c..b4a69e482e4e 100644 --- a/sdk/identity/azure-identity/tests/test_managed_identity.py +++ b/sdk/identity/azure-identity/tests/test_managed_identity.py @@ -11,7 +11,7 @@ from azure.core.credentials import AccessToken from azure.identity import ManagedIdentityCredential -from azure.identity._constants import Endpoints, EnvironmentVariables +from azure.identity._constants import Endpoints, EnvironmentVariables, DEFAULT_REFRESH_OFFSET from azure.identity._internal.user_agent import USER_AGENT from helpers import validating_transport, mock_response, Request @@ -298,3 +298,7 @@ def test_imds_user_assigned_identity(): with mock.patch.dict("os.environ", clear=True): token = ManagedIdentityCredential(client_id=client_id, transport=transport).get_token(scope) assert token == expected_token + +def test_token_refresh_offset(): + credential = ManagedIdentityCredential() + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_managed_identity_async.py b/sdk/identity/azure-identity/tests/test_managed_identity_async.py index 3654044a2288..623b6543d9c4 100644 --- a/sdk/identity/azure-identity/tests/test_managed_identity_async.py +++ b/sdk/identity/azure-identity/tests/test_managed_identity_async.py @@ -7,7 +7,7 @@ from azure.core.credentials import AccessToken from azure.identity.aio import ManagedIdentityCredential -from azure.identity._constants import Endpoints, EnvironmentVariables +from azure.identity._constants import Endpoints, EnvironmentVariables, DEFAULT_REFRESH_OFFSET from azure.identity._internal.user_agent import USER_AGENT import pytest @@ -304,3 +304,8 @@ async def test_imds_user_assigned_identity(): with mock.patch.dict("os.environ", clear=True): token = await ManagedIdentityCredential(client_id=client_id, transport=transport).get_token(scope) assert token == expected_token + +@pytest.mark.asyncio +async def test_token_refresh_offset(): + credential = ManagedIdentityCredential() + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_msi_credential.py b/sdk/identity/azure-identity/tests/test_msi_credential.py index 7536688774e2..bfe1f6e729fe 100644 --- a/sdk/identity/azure-identity/tests/test_msi_credential.py +++ b/sdk/identity/azure-identity/tests/test_msi_credential.py @@ -5,7 +5,7 @@ import time from azure.core.credentials import AccessToken -from azure.identity._constants import EnvironmentVariables +from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET from azure.identity._credentials.managed_identity import MsiCredential from azure.identity._internal.user_agent import USER_AGENT import pytest @@ -111,3 +111,11 @@ def test_identity_config_cloud_shell(): token = credential.get_token(scope) assert token == expected_token + +def test_token_refresh_offset(): + endpoint = "http://localhost:42/token" + with mock.patch.dict( + MsiCredential.__module__ + ".os.environ", {EnvironmentVariables.MSI_ENDPOINT: endpoint}, clear=True + ): + credential = MsiCredential() + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_msi_credential_async.py b/sdk/identity/azure-identity/tests/test_msi_credential_async.py index dfa038963536..09d9c32f78cd 100644 --- a/sdk/identity/azure-identity/tests/test_msi_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_msi_credential_async.py @@ -6,7 +6,7 @@ from unittest import mock from azure.core.credentials import AccessToken -from azure.identity._constants import EnvironmentVariables +from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET from azure.identity._internal.user_agent import USER_AGENT from azure.identity.aio._credentials.managed_identity import MsiCredential import pytest @@ -139,3 +139,11 @@ async def test_identity_config_cloud_shell(): token = await credential.get_token(scope) assert token == expected_token + +async def test_token_refresh_offset(): + endpoint = "http://localhost:42/token" + with mock.patch.dict( + MsiCredential.__module__ + ".os.environ", {EnvironmentVariables.MSI_ENDPOINT: endpoint}, clear=True + ): + credential = MsiCredential() + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_username_password_credential.py b/sdk/identity/azure-identity/tests/test_username_password_credential.py index f82d251090b0..75b66c89b83e 100644 --- a/sdk/identity/azure-identity/tests/test_username_password_credential.py +++ b/sdk/identity/azure-identity/tests/test_username_password_credential.py @@ -5,6 +5,7 @@ from azure.core.pipeline.policies import SansIOHTTPPolicy from azure.identity import UsernamePasswordCredential from azure.identity._internal.user_agent import USER_AGENT +from azure.identity._constants import DEFAULT_REFRESH_OFFSET import pytest from helpers import ( @@ -134,3 +135,18 @@ def test_authenticate(): # credential should have a cached access token for the scope passed to authenticate token = credential.get_token(scope) assert token.token == access_token + +def test_token_refresh_offset(): + client_id = "client-id" + environment = "localhost" + issuer = "https://" + environment + tenant_id = "some-tenant" + username = "me@work.com" + credential = UsernamePasswordCredential( + username=username, + password="1234", + authority=environment, + client_id=client_id, + tenant_id=tenant_id, + ) + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential.py b/sdk/identity/azure-identity/tests/test_vscode_credential.py index c6d3a70e45d7..ca5b2bf0fd00 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential.py @@ -9,6 +9,7 @@ from azure.core.pipeline.policies import SansIOHTTPPolicy from azure.identity._internal.user_agent import USER_AGENT from azure.identity._credentials.vscode_credential import get_credentials +from azure.identity._constants import DEFAULT_REFRESH_OFFSET import pytest from helpers import build_aad_response, mock_response, Request, validating_transport @@ -128,3 +129,8 @@ def test_mac_keychain_error(): credential = VSCodeCredential() with pytest.raises(CredentialUnavailableError): token = credential.get_token("scope") + + +def test_token_refresh_offset(): + credential = VSCodeCredential() + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py index e7cee56cef4b..21134a3d468f 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py @@ -10,6 +10,7 @@ from azure.identity.aio import VSCodeCredential from azure.identity._internal.user_agent import USER_AGENT from azure.core.pipeline.policies import SansIOHTTPPolicy +from azure.identity._constants import DEFAULT_REFRESH_OFFSET import pytest from helpers import build_aad_response, mock_response, Request @@ -110,3 +111,9 @@ def mock_should_refresh(token): credential = VSCodeCredential(_client=mock_client) token = await credential.get_token("scope") assert token_by_refresh_token.call_count == 0 + + +@pytest.mark.asyncio +async def test_token_refresh_offset(): + credential = VSCodeCredential() + assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET From 2bec84fead44ff7335bc0d608c52c3d73765b957 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Fri, 26 Jun 2020 16:45:40 -0700 Subject: [PATCH 12/32] update --- .../azure/identity/aio/_credentials/environment.py | 2 +- sdk/identity/azure-identity/tests/test_vscode_credential.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py index 3dce3103d47d..59686f64b160 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py @@ -6,7 +6,7 @@ from typing import TYPE_CHECKING from ... import CredentialUnavailableError -from ..._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET +from ..._constants import EnvironmentVariables from .certificate import CertificateCredential from .client_secret import ClientSecretCredential from .base import AsyncCredentialBase diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential.py b/sdk/identity/azure-identity/tests/test_vscode_credential.py index ca5b2bf0fd00..bb4f4570200e 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential.py @@ -111,7 +111,7 @@ def mock_should_refresh(token): @pytest.mark.skipif(not sys.platform.startswith("linux"), reason="This test only runs on Linux") def test_segfault(): - from azure.identity._credentials.linux_vscode_adapter import _get_refresh_token + from azure.identity._internal.linux_vscode_adapter import _get_refresh_token _get_refresh_token("test", "test") From 66fe30b903b0d33d3791b523eb6aec21429d0c54 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Fri, 26 Jun 2020 17:12:20 -0700 Subject: [PATCH 13/32] pylint fix --- .../azure/identity/aio/_credentials/managed_identity.py | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py index d7bf2c6e2666..c5b425a694b8 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py @@ -231,4 +231,3 @@ async def _request_app_service_token(self, scopes, resource, secret): async def _request_legacy_token(self, scopes, resource): form_data = {"resource": resource, **self._identity_config} return await self._client.request_token(scopes, method="POST", form_data=form_data) - From b2b4b434d8951ebcf4eca76076d77184aaca8cb6 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Mon, 29 Jun 2020 15:31:07 -0700 Subject: [PATCH 14/32] updates --- sdk/identity/azure-identity/azure/identity/_authn_client.py | 2 +- .../azure/identity/_credentials/authorization_code.py | 2 +- .../azure-identity/azure/identity/_credentials/azure_cli.py | 4 ---- .../azure/identity/_credentials/environment.py | 2 +- .../azure/identity/_credentials/managed_identity.py | 4 ++-- .../azure/identity/_credentials/vscode_credential.py | 2 +- .../azure/identity/_internal/aad_client_base.py | 2 +- .../azure/identity/_internal/certificate_credential_base.py | 2 +- .../identity/_internal/client_secret_credential_base.py | 2 +- .../azure/identity/_internal/msal_credentials.py | 2 +- .../azure/identity/_internal/shared_token_cache.py | 4 ++-- .../azure/identity/aio/_credentials/authorization_code.py | 2 +- .../azure/identity/aio/_credentials/azure_cli.py | 4 ---- .../azure/identity/aio/_credentials/environment.py | 2 +- .../azure/identity/aio/_credentials/managed_identity.py | 2 +- .../azure/identity/aio/_credentials/vscode_credential.py | 2 +- .../azure-identity/tests/test_certificate_credential.py | 3 +++ .../tests/test_certificate_credential_async.py | 3 +++ sdk/identity/azure-identity/tests/test_cli_credential.py | 5 ----- .../azure-identity/tests/test_cli_credential_async.py | 4 ---- .../azure-identity/tests/test_client_secret_credential.py | 3 +++ .../tests/test_client_secret_credential_async.py | 3 +++ sdk/identity/azure-identity/tests/test_imds_credential.py | 3 +++ .../azure-identity/tests/test_imds_credential_async.py | 3 +++ sdk/identity/azure-identity/tests/test_managed_identity.py | 3 +++ .../azure-identity/tests/test_managed_identity_async.py | 3 +++ sdk/identity/azure-identity/tests/test_msi_credential.py | 3 +++ .../azure-identity/tests/test_msi_credential_async.py | 3 +++ sdk/identity/azure-identity/tests/test_vscode_credential.py | 3 +++ .../azure-identity/tests/test_vscode_credential_async.py | 3 +++ 30 files changed, 52 insertions(+), 33 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_authn_client.py b/sdk/identity/azure-identity/azure/identity/_authn_client.py index 4d00892d2b74..bc7abef6cec3 100644 --- a/sdk/identity/azure-identity/azure/identity/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/_authn_client.py @@ -88,7 +88,7 @@ def should_refresh(self, token): @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._token_refresh_offset def get_cached_token(self, scopes): diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py index c1540177e0fd..81655091be8c 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py @@ -97,5 +97,5 @@ def _redeem_refresh_token(self, scopes, **kwargs): @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py index 22852c70e39c..e7577d271831 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py @@ -62,10 +62,6 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=no-self-use,unused-arg return token - @property - def token_refresh_offset(self): - # type: (None) -> int - return DEFAULT_REFRESH_OFFSET def parse_token(output): """Parse output of 'az account get-access-token' to an AccessToken. diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/environment.py b/sdk/identity/azure-identity/azure/identity/_credentials/environment.py index 5dcf7770fb0d..6ec3787325db 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/environment.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/environment.py @@ -95,5 +95,5 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._credential.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py index 1c69e97c372c..b2f57e0833a1 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py @@ -76,7 +76,7 @@ def get_token(self, *scopes, **kwargs): @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._credential.token_refresh_offset class _ManagedIdentityBase(object): @@ -136,7 +136,7 @@ def _create_config(**kwargs): @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py index 0144d085b220..6bbecf791ba4 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py @@ -76,5 +76,5 @@ def _redeem_refresh_token(self, scopes, **kwargs): @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index c0513dc3ebd8..0a14d44bd484 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -103,7 +103,7 @@ def _build_pipeline(self, config=None, policies=None, transport=None, **kwargs): @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._token_refresh_offset def _process_response(self, response, request_time): diff --git a/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py index 28552eaf104f..b26f01debd91 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py @@ -60,5 +60,5 @@ def _get_auth_client(self, tenant_id, client_id, **kwargs): @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py index fd0a4360c21e..b87c92e74e16 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py @@ -48,5 +48,5 @@ def _get_auth_client(self, tenant_id, client_id, **kwargs): @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py index d017c64c2140..9013b291ae84 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py @@ -139,7 +139,7 @@ def _create_app(self, cls): @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py index ea58f99a7c3a..bb42266fa71b 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py @@ -231,8 +231,8 @@ def _get_refresh_tokens(self, account): @property def token_refresh_offset(self): - # type: (None) -> int - return DEFAULT_REFRESH_OFFSET + # type: () -> int + return 300 @staticmethod def supported(): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py index 08b1ed79c373..fb2bf77cb7c4 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py @@ -108,5 +108,5 @@ async def _redeem_refresh_token(self, scopes: "Sequence[str]", **kwargs: "Any") @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py index dc09da98313a..52e4ab2c6923 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py @@ -58,10 +58,6 @@ async def get_token(self, *scopes, **kwargs): async def close(self): """Calling this method is unnecessary""" - @property - def token_refresh_offset(self): - # type: (None) -> int - return DEFAULT_REFRESH_OFFSET async def _run_command(command): if sys.platform.startswith("win"): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py index 59686f64b160..5e00c50667ce 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py @@ -81,5 +81,5 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._credential.token_refresh_offset diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py index c5b425a694b8..47d1562ea4e9 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py @@ -71,7 +71,7 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._credential.token_refresh_offset class _AsyncManagedIdentityBase(_ManagedIdentityBase, AsyncCredentialBase): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py index 7709b5d08691..4ea841a28824 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py @@ -78,5 +78,5 @@ async def _redeem_refresh_token(self, scopes: "Sequence[str]", **kwargs: "Any") @property def token_refresh_offset(self): - # type: (None) -> int + # type: () -> int return self._client.token_refresh_offset diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential.py b/sdk/identity/azure-identity/tests/test_certificate_credential.py index f8ec6f00f723..aa6fec0d5f04 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential.py @@ -245,3 +245,6 @@ def test_persistent_cache_multiple_clients(cert_path, cert_password): def test_token_refresh_offset(): credential = CertificateCredential("tenant-id", "client-id", CERT_PATH) assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + + credential = CertificateCredential("tenant-id", "client-id", CERT_PATH, token_refresh_offset=100) + assert credential.token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py index bcb697927552..217b50689c64 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py @@ -239,3 +239,6 @@ async def test_persistent_cache_multiple_clients(cert_path, cert_password): async def test_token_refresh_offset(): credential = CertificateCredential("tenant-id", "client-id", CERT_PATH) assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + + credential = CertificateCredential("tenant-id", "client-id", CERT_PATH, token_refresh_offset=100) + assert credential.token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_cli_credential.py b/sdk/identity/azure-identity/tests/test_cli_credential.py index ac066df580e7..b528494cd665 100644 --- a/sdk/identity/azure-identity/tests/test_cli_credential.py +++ b/sdk/identity/azure-identity/tests/test_cli_credential.py @@ -138,8 +138,3 @@ def test_subprocess_error_does_not_expose_token(output): assert "secret value" not in str(ex.value) assert "secret value" not in repr(ex.value) - - -def test_token_refresh_offset(): - credential = AzureCliCredential() - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_cli_credential_async.py b/sdk/identity/azure-identity/tests/test_cli_credential_async.py index 58bfc83adafc..c520c90c07f6 100644 --- a/sdk/identity/azure-identity/tests/test_cli_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_cli_credential_async.py @@ -171,7 +171,3 @@ async def test_subprocess_error_does_not_expose_token(output): assert "secret value" not in str(ex.value) assert "secret value" not in repr(ex.value) - -async def test_token_refresh_offset(): - credential = AzureCliCredential() - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential.py b/sdk/identity/azure-identity/tests/test_client_secret_credential.py index 18ed751a6a29..0e2a3de09d8e 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential.py @@ -237,3 +237,6 @@ def test_persistent_cache_multiple_clients(): def test_token_refresh_offset(): credential = ClientSecretCredential("tenant-id", "client-id", "client-secret") assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + + credential = ClientSecretCredential("tenant-id", "client-id", "client-secret", token_refresh_offset=100) + assert credential.token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py index 04330652c6fa..244dc1b609a4 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py @@ -265,3 +265,6 @@ async def test_persistent_cache_multiple_clients(): async def test_token_refresh_offset(): credential = ClientSecretCredential("tenant-id", "client-id", "client-secret") assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + + credential = ClientSecretCredential("tenant-id", "client-id", "client-secret", token_refresh_offset=100) + assert credential.token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_imds_credential.py b/sdk/identity/azure-identity/tests/test_imds_credential.py index c6cd46fad261..1d53e46689ad 100644 --- a/sdk/identity/azure-identity/tests/test_imds_credential.py +++ b/sdk/identity/azure-identity/tests/test_imds_credential.py @@ -177,3 +177,6 @@ def test_identity_config(): def test_token_refresh_offset(): credential = ImdsCredential() assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + + credential = ImdsCredential(token_refresh_offset=100) + assert credential.token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_imds_credential_async.py b/sdk/identity/azure-identity/tests/test_imds_credential_async.py index fe7f9af9fee1..bd30059c82c7 100644 --- a/sdk/identity/azure-identity/tests/test_imds_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_imds_credential_async.py @@ -206,3 +206,6 @@ async def test_identity_config(): async def test_token_refresh_offset(): credential = ImdsCredential() assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + + credential = ImdsCredential(token_refresh_offset=100) + assert credential.token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_managed_identity.py b/sdk/identity/azure-identity/tests/test_managed_identity.py index b4a69e482e4e..c3fdc3ba478b 100644 --- a/sdk/identity/azure-identity/tests/test_managed_identity.py +++ b/sdk/identity/azure-identity/tests/test_managed_identity.py @@ -302,3 +302,6 @@ def test_imds_user_assigned_identity(): def test_token_refresh_offset(): credential = ManagedIdentityCredential() assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + + credential = ManagedIdentityCredential(token_refresh_offset=100) + assert credential.token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_managed_identity_async.py b/sdk/identity/azure-identity/tests/test_managed_identity_async.py index 623b6543d9c4..f9c416ad8d3c 100644 --- a/sdk/identity/azure-identity/tests/test_managed_identity_async.py +++ b/sdk/identity/azure-identity/tests/test_managed_identity_async.py @@ -309,3 +309,6 @@ async def test_imds_user_assigned_identity(): async def test_token_refresh_offset(): credential = ManagedIdentityCredential() assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + + credential = ManagedIdentityCredential(token_refresh_offset=100) + assert credential.token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_msi_credential.py b/sdk/identity/azure-identity/tests/test_msi_credential.py index bfe1f6e729fe..11b69426b793 100644 --- a/sdk/identity/azure-identity/tests/test_msi_credential.py +++ b/sdk/identity/azure-identity/tests/test_msi_credential.py @@ -119,3 +119,6 @@ def test_token_refresh_offset(): ): credential = MsiCredential() assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + + credential = MsiCredential(token_refresh_offset=100) + assert credential.token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_msi_credential_async.py b/sdk/identity/azure-identity/tests/test_msi_credential_async.py index 09d9c32f78cd..61d7553e9ccb 100644 --- a/sdk/identity/azure-identity/tests/test_msi_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_msi_credential_async.py @@ -147,3 +147,6 @@ async def test_token_refresh_offset(): ): credential = MsiCredential() assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + + credential = MsiCredential(token_refresh_offset=100) + assert credential.token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential.py b/sdk/identity/azure-identity/tests/test_vscode_credential.py index bb4f4570200e..5677cd5d70c4 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential.py @@ -134,3 +134,6 @@ def test_mac_keychain_error(): def test_token_refresh_offset(): credential = VSCodeCredential() assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + + credential = VSCodeCredential(token_refresh_offset=100) + assert credential.token_refresh_offset == 100 diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py index 21134a3d468f..0a456e2c1f20 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py @@ -117,3 +117,6 @@ def mock_should_refresh(token): async def test_token_refresh_offset(): credential = VSCodeCredential() assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + + credential = VSCodeCredential(token_refresh_offset=100) + assert credential.token_refresh_offset == 100 From 4eb71a0c2b08d2a382f94a33b267e4b8bac8d1f6 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Mon, 29 Jun 2020 15:56:53 -0700 Subject: [PATCH 15/32] pylint fix --- .../azure-identity/azure/identity/_credentials/azure_cli.py | 1 - .../azure-identity/azure/identity/aio/_credentials/azure_cli.py | 1 - 2 files changed, 2 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py index e7577d271831..07687f8d32c1 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py @@ -17,7 +17,6 @@ from .. import CredentialUnavailableError from .._internal import _scopes_to_resource -from .._constants import DEFAULT_REFRESH_OFFSET if TYPE_CHECKING: # pylint:disable=ungrouped-imports diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py index 52e4ab2c6923..a562a7831b9f 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py @@ -8,7 +8,6 @@ from azure.core.exceptions import ClientAuthenticationError from .._credentials.base import AsyncCredentialBase from ... import CredentialUnavailableError -from ..._constants import DEFAULT_REFRESH_OFFSET from ..._credentials.azure_cli import ( AzureCliCredential as _SyncAzureCliCredential, CLI_NOT_FOUND, From e0602683b1a0d2ff3b060baf45ecf546376c52e9 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Mon, 29 Jun 2020 16:59:27 -0700 Subject: [PATCH 16/32] update --- .../azure/identity/_internal/shared_token_cache.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py index bb42266fa71b..3e59569a7f12 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py @@ -11,7 +11,7 @@ from azure.core.credentials import AccessToken from .. import CredentialUnavailableError -from .._constants import KnownAuthorities, DEFAULT_REFRESH_OFFSET +from .._constants import KnownAuthorities from .._internal import get_default_authority, normalize_authority, wrap_exceptions from .._internal.persistent_cache import load_user_cache From 0d9e63e709dbfe5a634544c71a32c487ea710ca8 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Tue, 30 Jun 2020 14:53:05 -0700 Subject: [PATCH 17/32] use option bags --- .../identity/_credentials/authorization_code.py | 7 +++---- .../azure/identity/_credentials/azure_cli.py | 4 ++++ .../azure/identity/_credentials/chained.py | 4 ++++ .../azure/identity/_credentials/environment.py | 7 +++---- .../identity/_credentials/managed_identity.py | 14 ++++++-------- .../identity/_credentials/vscode_credential.py | 7 +++---- .../_internal/certificate_credential_base.py | 7 +++---- .../_internal/client_secret_credential_base.py | 7 +++---- .../azure/identity/_internal/msal_credentials.py | 7 +++---- .../azure/identity/_internal/shared_token_cache.py | 7 +++---- .../aio/_credentials/authorization_code.py | 7 +++---- .../azure/identity/aio/_credentials/azure_cli.py | 3 +++ .../azure/identity/aio/_credentials/chained.py | 4 ++++ .../azure/identity/aio/_credentials/environment.py | 7 +++---- .../identity/aio/_credentials/managed_identity.py | 7 +++---- .../identity/aio/_credentials/vscode_credential.py | 7 +++---- .../tests/test_certificate_credential.py | 8 ++++---- .../tests/test_certificate_credential_async.py | 8 ++++---- .../tests/test_client_secret_credential.py | 8 ++++---- .../tests/test_client_secret_credential_async.py | 8 ++++---- .../azure-identity/tests/test_imds_credential.py | 8 ++++---- .../tests/test_imds_credential_async.py | 8 ++++---- .../azure-identity/tests/test_managed_identity.py | 8 ++++---- .../tests/test_managed_identity_async.py | 8 ++++---- .../azure-identity/tests/test_msi_credential.py | 8 ++++---- .../tests/test_msi_credential_async.py | 8 ++++---- .../tests/test_username_password_credential.py | 6 +++--- .../azure-identity/tests/test_vscode_credential.py | 8 ++++---- .../tests/test_vscode_credential_async.py | 8 ++++---- 29 files changed, 105 insertions(+), 103 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py index 81655091be8c..dfeabd99905f 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py @@ -95,7 +95,6 @@ def _redeem_refresh_token(self, scopes, **kwargs): return token return None - @property - def token_refresh_offset(self): - # type: () -> int - return self._client.token_refresh_offset + def get_token_refresh_options(self): + # type: () -> dict + return {"token_refresh_offset": self._client.token_refresh_offset} diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py index 07687f8d32c1..dffd9a67509e 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py @@ -61,6 +61,10 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=no-self-use,unused-arg return token + def get_token_refresh_options(self): + # type: () -> dict + return dict() + def parse_token(output): """Parse output of 'az account get-access-token' to an AccessToken. diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/chained.py b/sdk/identity/azure-identity/azure/identity/_credentials/chained.py index b40c373afa1d..75547adc2a30 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/chained.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/chained.py @@ -74,3 +74,7 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument attempts = _get_error_message(history) message = self.__class__.__name__ + " failed to retrieve a token from the included credentials." + attempts raise ClientAuthenticationError(message=message) + + def get_token_refresh_options(self): + # type: () -> dict + return dict() diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/environment.py b/sdk/identity/azure-identity/azure/identity/_credentials/environment.py index 6ec3787325db..33a343148b4a 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/environment.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/environment.py @@ -93,7 +93,6 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument raise CredentialUnavailableError(message=message) return self._credential.get_token(*scopes, **kwargs) - @property - def token_refresh_offset(self): - # type: () -> int - return self._credential.token_refresh_offset + def get_token_refresh_options(self): + # type: () -> dict + return self._credential.get_token_refresh_options() diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py index b2f57e0833a1..82c9d7b04bac 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py @@ -74,10 +74,9 @@ def get_token(self, *scopes, **kwargs): raise CredentialUnavailableError(message="No managed identity endpoint found.") return self._credential.get_token(*scopes, **kwargs) - @property - def token_refresh_offset(self): - # type: () -> int - return self._credential.token_refresh_offset + def get_token_refresh_options(self): + # type: () -> dict + return self._credential.get_token_refresh_options() class _ManagedIdentityBase(object): def __init__(self, endpoint, client_cls, config=None, client_id=None, **kwargs): @@ -134,10 +133,9 @@ def _create_config(**kwargs): "retry_on_status_codes": [404, 429] + list(range(500, 600)), } - @property - def token_refresh_offset(self): - # type: () -> int - return self._client.token_refresh_offset + def get_token_refresh_options(self): + # type: () -> dict + return {"token_refresh_offset": self._client.token_refresh_offset} class ImdsCredential(_ManagedIdentityBase): diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py index 6bbecf791ba4..6a5293c2a9b2 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py @@ -74,7 +74,6 @@ def _redeem_refresh_token(self, scopes, **kwargs): token = self._client.obtain_token_by_refresh_token(scopes, self._refresh_token, **kwargs) return token - @property - def token_refresh_offset(self): - # type: () -> int - return self._client.token_refresh_offset + def get_token_refresh_options(self): + # type: () -> dict + return {"token_refresh_offset": self._client.token_refresh_offset} diff --git a/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py index b26f01debd91..a62bb2e1bd2f 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py @@ -58,7 +58,6 @@ def __init__(self, tenant_id, client_id, certificate_path, **kwargs): def _get_auth_client(self, tenant_id, client_id, **kwargs): pass - @property - def token_refresh_offset(self): - # type: () -> int - return self._client.token_refresh_offset + def get_token_refresh_options(self): + # type: () -> dict + return {"token_refresh_offset": self._client.token_refresh_offset} diff --git a/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py index b87c92e74e16..4b2bec69b828 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py @@ -46,7 +46,6 @@ def __init__(self, tenant_id, client_id, client_secret, **kwargs): def _get_auth_client(self, tenant_id, client_id, **kwargs): pass - @property - def token_refresh_offset(self): - # type: () -> int - return self._client.token_refresh_offset + def get_token_refresh_options(self): + # type: () -> dict + return {"token_refresh_offset": self._client.token_refresh_offset} diff --git a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py index 9013b291ae84..e442538189ff 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py @@ -137,10 +137,9 @@ def _create_app(self, cls): return app - @property - def token_refresh_offset(self): - # type: () -> int - return DEFAULT_REFRESH_OFFSET + def get_token_refresh_options(self): + # type: () -> dict + return dict() class ConfidentialClientCredential(MsalCredential): diff --git a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py index 3e59569a7f12..f678ba04ed11 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py @@ -229,10 +229,9 @@ def _get_refresh_tokens(self, account): message = "Error accessing cached data: {}".format(ex) six.raise_from(CredentialUnavailableError(message=message), ex) - @property - def token_refresh_offset(self): - # type: () -> int - return 300 + def get_token_refresh_options(self): + # type: () -> dict + return dict() @staticmethod def supported(): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py index fb2bf77cb7c4..c6b32ac686ae 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py @@ -106,7 +106,6 @@ async def _redeem_refresh_token(self, scopes: "Sequence[str]", **kwargs: "Any") return token return None - @property - def token_refresh_offset(self): - # type: () -> int - return self._client.token_refresh_offset + def get_token_refresh_options(self): + # type: () -> dict + return {"token_refresh_offset": self._client.token_refresh_offset} diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py index a562a7831b9f..69d94277c59c 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py @@ -57,6 +57,9 @@ async def get_token(self, *scopes, **kwargs): async def close(self): """Calling this method is unnecessary""" + def get_token_refresh_options(self): + # type: () -> dict + return dict() async def _run_command(command): if sys.platform.startswith("win"): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py index aab679966e15..6b384527dcae 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py @@ -66,3 +66,7 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": attempts = _get_error_message(history) message = self.__class__.__name__ + " failed to retrieve a token from the included credentials." + attempts raise ClientAuthenticationError(message=message) + + def get_token_refresh_options(self): + # type: () -> dict + return dict() diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py index 5e00c50667ce..10843480412d 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py @@ -79,7 +79,6 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": raise CredentialUnavailableError(message=message) return await self._credential.get_token(*scopes, **kwargs) - @property - def token_refresh_offset(self): - # type: () -> int - return self._credential.token_refresh_offset + def get_token_refresh_options(self): + # type: () -> dict + return self._credential.get_token_refresh_options() diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py index 47d1562ea4e9..4458094e5dae 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py @@ -69,10 +69,9 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": raise CredentialUnavailableError(message="No managed identity endpoint found.") return await self._credential.get_token(*scopes, **kwargs) - @property - def token_refresh_offset(self): - # type: () -> int - return self._credential.token_refresh_offset + def get_token_refresh_options(self): + # type: () -> dict + return self._credential.get_token_refresh_options() class _AsyncManagedIdentityBase(_ManagedIdentityBase, AsyncCredentialBase): def __init__(self, endpoint: str, **kwargs: "Any") -> None: diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py index 4ea841a28824..9bcb8f36f0a2 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py @@ -76,7 +76,6 @@ async def _redeem_refresh_token(self, scopes: "Sequence[str]", **kwargs: "Any") token = await self._client.obtain_token_by_refresh_token(scopes, self._refresh_token, **kwargs) return token - @property - def token_refresh_offset(self): - # type: () -> int - return self._client.token_refresh_offset + def get_token_refresh_options(self): + # type: () -> dict + return {"token_refresh_offset": self._client.token_refresh_offset} diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential.py b/sdk/identity/azure-identity/tests/test_certificate_credential.py index aa6fec0d5f04..33ce7eb7bf47 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential.py @@ -243,8 +243,8 @@ def test_persistent_cache_multiple_clients(cert_path, cert_password): assert transport_b.send.call_count == 1 def test_token_refresh_offset(): - credential = CertificateCredential("tenant-id", "client-id", CERT_PATH) - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + token_refresh_options = CertificateCredential("tenant-id", "client-id", CERT_PATH).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - credential = CertificateCredential("tenant-id", "client-id", CERT_PATH, token_refresh_offset=100) - assert credential.token_refresh_offset == 100 + token_refresh_options = CertificateCredential("tenant-id", "client-id", CERT_PATH, token_refresh_offset=100).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py index 217b50689c64..bc1cf065ccf6 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py @@ -237,8 +237,8 @@ async def test_persistent_cache_multiple_clients(cert_path, cert_password): @pytest.mark.asyncio async def test_token_refresh_offset(): - credential = CertificateCredential("tenant-id", "client-id", CERT_PATH) - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + token_refresh_options = CertificateCredential("tenant-id", "client-id", CERT_PATH).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - credential = CertificateCredential("tenant-id", "client-id", CERT_PATH, token_refresh_offset=100) - assert credential.token_refresh_offset == 100 + token_refresh_options = CertificateCredential("tenant-id", "client-id", CERT_PATH, token_refresh_offset=100).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential.py b/sdk/identity/azure-identity/tests/test_client_secret_credential.py index 0e2a3de09d8e..5b815e076d68 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential.py @@ -235,8 +235,8 @@ def test_persistent_cache_multiple_clients(): assert transport_b.send.call_count == 1 def test_token_refresh_offset(): - credential = ClientSecretCredential("tenant-id", "client-id", "client-secret") - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + token_refresh_options = ClientSecretCredential("tenant-id", "client-id", "client-secret").get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - credential = ClientSecretCredential("tenant-id", "client-id", "client-secret", token_refresh_offset=100) - assert credential.token_refresh_offset == 100 + token_refresh_options = ClientSecretCredential("tenant-id", "client-id", "client-secret", token_refresh_offset=100).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py index 244dc1b609a4..19bc15e450fa 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py @@ -263,8 +263,8 @@ async def test_persistent_cache_multiple_clients(): @pytest.mark.asyncio async def test_token_refresh_offset(): - credential = ClientSecretCredential("tenant-id", "client-id", "client-secret") - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + token_refresh_options = ClientSecretCredential("tenant-id", "client-id", "client-secret").get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - credential = ClientSecretCredential("tenant-id", "client-id", "client-secret", token_refresh_offset=100) - assert credential.token_refresh_offset == 100 + token_refresh_options = ClientSecretCredential("tenant-id", "client-id", "client-secret", token_refresh_offset=100).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_imds_credential.py b/sdk/identity/azure-identity/tests/test_imds_credential.py index 1d53e46689ad..6dee60f0791f 100644 --- a/sdk/identity/azure-identity/tests/test_imds_credential.py +++ b/sdk/identity/azure-identity/tests/test_imds_credential.py @@ -175,8 +175,8 @@ def test_identity_config(): assert token == expected_token def test_token_refresh_offset(): - credential = ImdsCredential() - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + token_refresh_options = ImdsCredential().get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - credential = ImdsCredential(token_refresh_offset=100) - assert credential.token_refresh_offset == 100 + token_refresh_options = ImdsCredential(token_refresh_offset=100).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_imds_credential_async.py b/sdk/identity/azure-identity/tests/test_imds_credential_async.py index bd30059c82c7..e081a3d8a0ae 100644 --- a/sdk/identity/azure-identity/tests/test_imds_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_imds_credential_async.py @@ -204,8 +204,8 @@ async def test_identity_config(): assert token == expected_token async def test_token_refresh_offset(): - credential = ImdsCredential() - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + token_refresh_options = ImdsCredential().get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - credential = ImdsCredential(token_refresh_offset=100) - assert credential.token_refresh_offset == 100 + token_refresh_options = ImdsCredential(token_refresh_offset=100).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_managed_identity.py b/sdk/identity/azure-identity/tests/test_managed_identity.py index c3fdc3ba478b..663cdad96c91 100644 --- a/sdk/identity/azure-identity/tests/test_managed_identity.py +++ b/sdk/identity/azure-identity/tests/test_managed_identity.py @@ -300,8 +300,8 @@ def test_imds_user_assigned_identity(): assert token == expected_token def test_token_refresh_offset(): - credential = ManagedIdentityCredential() - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + token_refresh_options = ManagedIdentityCredential().get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - credential = ManagedIdentityCredential(token_refresh_offset=100) - assert credential.token_refresh_offset == 100 + token_refresh_options = ManagedIdentityCredential(token_refresh_offset=100).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_managed_identity_async.py b/sdk/identity/azure-identity/tests/test_managed_identity_async.py index f9c416ad8d3c..356378cfc2f7 100644 --- a/sdk/identity/azure-identity/tests/test_managed_identity_async.py +++ b/sdk/identity/azure-identity/tests/test_managed_identity_async.py @@ -307,8 +307,8 @@ async def test_imds_user_assigned_identity(): @pytest.mark.asyncio async def test_token_refresh_offset(): - credential = ManagedIdentityCredential() - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + token_refresh_options = ManagedIdentityCredential().get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - credential = ManagedIdentityCredential(token_refresh_offset=100) - assert credential.token_refresh_offset == 100 + token_refresh_options = ManagedIdentityCredential(token_refresh_offset=100).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_msi_credential.py b/sdk/identity/azure-identity/tests/test_msi_credential.py index 11b69426b793..712f581e752e 100644 --- a/sdk/identity/azure-identity/tests/test_msi_credential.py +++ b/sdk/identity/azure-identity/tests/test_msi_credential.py @@ -117,8 +117,8 @@ def test_token_refresh_offset(): with mock.patch.dict( MsiCredential.__module__ + ".os.environ", {EnvironmentVariables.MSI_ENDPOINT: endpoint}, clear=True ): - credential = MsiCredential() - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + token_refresh_options = MsiCredential().get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - credential = MsiCredential(token_refresh_offset=100) - assert credential.token_refresh_offset == 100 + token_refresh_options = MsiCredential(token_refresh_offset=100).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_msi_credential_async.py b/sdk/identity/azure-identity/tests/test_msi_credential_async.py index 61d7553e9ccb..0b78279963e1 100644 --- a/sdk/identity/azure-identity/tests/test_msi_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_msi_credential_async.py @@ -145,8 +145,8 @@ async def test_token_refresh_offset(): with mock.patch.dict( MsiCredential.__module__ + ".os.environ", {EnvironmentVariables.MSI_ENDPOINT: endpoint}, clear=True ): - credential = MsiCredential() - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + token_refresh_options = MsiCredential().get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - credential = MsiCredential(token_refresh_offset=100) - assert credential.token_refresh_offset == 100 + token_refresh_options = MsiCredential(token_refresh_offset=100).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_username_password_credential.py b/sdk/identity/azure-identity/tests/test_username_password_credential.py index 75b66c89b83e..591977d26cf5 100644 --- a/sdk/identity/azure-identity/tests/test_username_password_credential.py +++ b/sdk/identity/azure-identity/tests/test_username_password_credential.py @@ -142,11 +142,11 @@ def test_token_refresh_offset(): issuer = "https://" + environment tenant_id = "some-tenant" username = "me@work.com" - credential = UsernamePasswordCredential( + token_refresh_options = UsernamePasswordCredential( username=username, password="1234", authority=environment, client_id=client_id, tenant_id=tenant_id, - ) - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + ).get_token_refresh_options() + assert "token_refresh_offset" not in token_refresh_options diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential.py b/sdk/identity/azure-identity/tests/test_vscode_credential.py index 5677cd5d70c4..9ccdec5db4db 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential.py @@ -132,8 +132,8 @@ def test_mac_keychain_error(): def test_token_refresh_offset(): - credential = VSCodeCredential() - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + token_refresh_options = VSCodeCredential().get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - credential = VSCodeCredential(token_refresh_offset=100) - assert credential.token_refresh_offset == 100 + token_refresh_options = VSCodeCredential(token_refresh_offset=100).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py index 0a456e2c1f20..9a8e569a4a72 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py @@ -115,8 +115,8 @@ def mock_should_refresh(token): @pytest.mark.asyncio async def test_token_refresh_offset(): - credential = VSCodeCredential() - assert credential.token_refresh_offset == DEFAULT_REFRESH_OFFSET + token_refresh_options = VSCodeCredential().get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - credential = VSCodeCredential(token_refresh_offset=100) - assert credential.token_refresh_offset == 100 + token_refresh_options = VSCodeCredential(token_refresh_offset=100).get_token_refresh_options() + assert token_refresh_options.get("token_refresh_offset") == 100 From 9ba39106a61116a12dba788790cb047cecdc763c Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Tue, 30 Jun 2020 15:42:19 -0700 Subject: [PATCH 18/32] pylint fix --- .../azure-identity/azure/identity/_credentials/azure_cli.py | 2 +- .../azure-identity/azure/identity/_credentials/chained.py | 2 +- .../azure/identity/_internal/msal_credentials.py | 4 ++-- .../azure/identity/_internal/shared_token_cache.py | 2 +- .../azure/identity/aio/_credentials/azure_cli.py | 2 +- .../azure-identity/azure/identity/aio/_credentials/chained.py | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py index dffd9a67509e..cd427d69d86f 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py @@ -61,7 +61,7 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=no-self-use,unused-arg return token - def get_token_refresh_options(self): + def get_token_refresh_options(self): #pylint disable=no-self-use # type: () -> dict return dict() diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/chained.py b/sdk/identity/azure-identity/azure/identity/_credentials/chained.py index 75547adc2a30..24e5f81e20ed 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/chained.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/chained.py @@ -75,6 +75,6 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument message = self.__class__.__name__ + " failed to retrieve a token from the included credentials." + attempts raise ClientAuthenticationError(message=message) - def get_token_refresh_options(self): + def get_token_refresh_options(self): #pylint disable=no-self-use # type: () -> dict return dict() diff --git a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py index e442538189ff..387b0341aed9 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py @@ -19,7 +19,7 @@ from .exception_wrapper import wrap_exceptions from .msal_transport_adapter import MsalTransportAdapter from .persistent_cache import load_user_cache -from .._constants import KnownAuthorities, DEFAULT_REFRESH_OFFSET +from .._constants import KnownAuthorities from .._exceptions import AuthenticationRequiredError, CredentialUnavailableError from .._internal import get_default_authority, normalize_authority from .._auth_record import AuthenticationRecord @@ -137,7 +137,7 @@ def _create_app(self, cls): return app - def get_token_refresh_options(self): + def get_token_refresh_options(self): #pylint disable=no-self-use # type: () -> dict return dict() diff --git a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py index f678ba04ed11..8dddc6c43993 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py @@ -229,7 +229,7 @@ def _get_refresh_tokens(self, account): message = "Error accessing cached data: {}".format(ex) six.raise_from(CredentialUnavailableError(message=message), ex) - def get_token_refresh_options(self): + def get_token_refresh_options(self): #pylint disable=no-self-use # type: () -> dict return dict() diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py index 69d94277c59c..3ce4da5addb6 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py @@ -57,7 +57,7 @@ async def get_token(self, *scopes, **kwargs): async def close(self): """Calling this method is unnecessary""" - def get_token_refresh_options(self): + def get_token_refresh_options(self): #pylint disable=no-self-use # type: () -> dict return dict() diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py index 6b384527dcae..98b255364b86 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py @@ -67,6 +67,6 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": message = self.__class__.__name__ + " failed to retrieve a token from the included credentials." + attempts raise ClientAuthenticationError(message=message) - def get_token_refresh_options(self): + def get_token_refresh_options(self): #pylint disable=no-self-use # type: () -> dict return dict() From 10499c42c0fedc06ccd0143817a872abfc0025a7 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Tue, 30 Jun 2020 16:02:27 -0700 Subject: [PATCH 19/32] updates --- .../azure-identity/azure/identity/_credentials/azure_cli.py | 3 ++- .../azure-identity/azure/identity/_credentials/chained.py | 3 ++- .../azure/identity/_internal/msal_credentials.py | 3 ++- .../azure/identity/_internal/shared_token_cache.py | 3 ++- .../azure/identity/aio/_credentials/azure_cli.py | 3 ++- .../azure-identity/azure/identity/aio/_credentials/chained.py | 3 ++- 6 files changed, 12 insertions(+), 6 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py index cd427d69d86f..8b08bec03986 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py @@ -61,7 +61,8 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=no-self-use,unused-arg return token - def get_token_refresh_options(self): #pylint disable=no-self-use + @classmethod + def get_token_refresh_options(cls): # type: () -> dict return dict() diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/chained.py b/sdk/identity/azure-identity/azure/identity/_credentials/chained.py index 24e5f81e20ed..9c6fd8fcbedf 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/chained.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/chained.py @@ -75,6 +75,7 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument message = self.__class__.__name__ + " failed to retrieve a token from the included credentials." + attempts raise ClientAuthenticationError(message=message) - def get_token_refresh_options(self): #pylint disable=no-self-use + @classmethod + def get_token_refresh_options(cls): # type: () -> dict return dict() diff --git a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py index 387b0341aed9..3d3dd246a66b 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py @@ -137,7 +137,8 @@ def _create_app(self, cls): return app - def get_token_refresh_options(self): #pylint disable=no-self-use + @classmethod + def get_token_refresh_options(cls): # type: () -> dict return dict() diff --git a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py index 8dddc6c43993..d82888b7c803 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py @@ -229,7 +229,8 @@ def _get_refresh_tokens(self, account): message = "Error accessing cached data: {}".format(ex) six.raise_from(CredentialUnavailableError(message=message), ex) - def get_token_refresh_options(self): #pylint disable=no-self-use + @classmethod + def get_token_refresh_options(cls): # type: () -> dict return dict() diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py index 3ce4da5addb6..b30794f60111 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py @@ -57,7 +57,8 @@ async def get_token(self, *scopes, **kwargs): async def close(self): """Calling this method is unnecessary""" - def get_token_refresh_options(self): #pylint disable=no-self-use + @classmethod + def get_token_refresh_options(cls): # type: () -> dict return dict() diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py index 98b255364b86..a1e257923a55 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py @@ -67,6 +67,7 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": message = self.__class__.__name__ + " failed to retrieve a token from the included credentials." + attempts raise ClientAuthenticationError(message=message) - def get_token_refresh_options(self): #pylint disable=no-self-use + @classmethod + def get_token_refresh_options(cls): # type: () -> dict return dict() From d93fdba78f1947af28c2820fc47e7ac00d2cd582 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Mon, 13 Jul 2020 17:04:38 -0700 Subject: [PATCH 20/32] updates --- .../azure/identity/_authn_client.py | 10 ++------- .../azure/identity/_constants.py | 2 +- .../_credentials/authorization_code.py | 8 ------- .../identity/_credentials/certificate.py | 5 ----- .../identity/_credentials/managed_identity.py | 9 -------- .../_credentials/vscode_credential.py | 14 +------------ .../identity/_internal/aad_client_base.py | 10 ++------- .../_internal/certificate_credential_base.py | 4 ---- .../client_secret_credential_base.py | 4 ---- .../aio/_credentials/authorization_code.py | 9 -------- .../identity/aio/_credentials/certificate.py | 5 ----- .../aio/_credentials/client_secret.py | 5 ----- .../aio/_credentials/managed_identity.py | 5 ----- .../aio/_credentials/vscode_credential.py | 14 +------------ .../azure-identity/tests/test_aad_client.py | 20 +++++------------- .../tests/test_aad_client_async.py | 20 +++++------------- .../azure-identity/tests/test_authn_client.py | 21 +++++-------------- .../tests/test_authn_client_async.py | 20 +++++------------- .../tests/test_certificate_credential.py | 7 ------- .../test_certificate_credential_async.py | 8 ------- .../tests/test_client_secret_credential.py | 7 ------- .../test_client_secret_credential_async.py | 8 ------- .../tests/test_imds_credential.py | 7 ------- .../tests/test_imds_credential_async.py | 7 ------- .../tests/test_managed_identity.py | 7 ------- .../tests/test_managed_identity_async.py | 8 ------- .../tests/test_msi_credential.py | 11 ---------- .../tests/test_msi_credential_async.py | 11 ---------- .../test_username_password_credential.py | 15 ------------- .../tests/test_vscode_credential.py | 8 ------- .../tests/test_vscode_credential_async.py | 9 -------- 31 files changed, 27 insertions(+), 271 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_authn_client.py b/sdk/identity/azure-identity/azure/identity/_authn_client.py index bc7abef6cec3..a83f742cec82 100644 --- a/sdk/identity/azure-identity/azure/identity/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/_authn_client.py @@ -65,9 +65,8 @@ def __init__(self, endpoint=None, authority=None, tenant=None, **kwargs): # pyl authority = normalize_authority(authority) if authority else get_default_authority() self._auth_url = "/".join((authority, tenant.strip("/"), "oauth2/v2.0/token")) self._cache = kwargs.get("cache") or TokenCache() # type: TokenCache - self._token_refresh_retry_timeout = kwargs.get("token_refresh_retry_timeout", - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT) # default 30s - self._token_refresh_offset = kwargs.get("token_refresh_offset", DEFAULT_REFRESH_OFFSET) # default 2 min + self._token_refresh_retry_timeout = DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT # default 30s + self._token_refresh_offset = DEFAULT_REFRESH_OFFSET # default 2 min self._last_refresh_time = 0 @property @@ -86,11 +85,6 @@ def should_refresh(self, token): return False return True - @property - def token_refresh_offset(self): - # type: () -> int - return self._token_refresh_offset - def get_cached_token(self, scopes): # type: (Iterable[str]) -> Optional[AccessToken] tokens = self._cache.find(TokenCache.CredentialType.ACCESS_TOKEN, target=list(scopes)) diff --git a/sdk/identity/azure-identity/azure/identity/_constants.py b/sdk/identity/azure-identity/azure/identity/_constants.py index 8bee456a2e8c..c768f0d68fd3 100644 --- a/sdk/identity/azure-identity/azure/identity/_constants.py +++ b/sdk/identity/azure-identity/azure/identity/_constants.py @@ -7,7 +7,7 @@ AZURE_CLI_CLIENT_ID = "04b07795-8ddb-461a-bbee-02f9e1bf7b46" AZURE_VSCODE_CLIENT_ID = "aebc6443-996d-45c2-90f0-388ff96faa56" VSCODE_CREDENTIALS_SECTION = "VS Code Azure" -DEFAULT_REFRESH_OFFSET = 120 +DEFAULT_REFRESH_OFFSET = 300 DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT = 30 diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py index dfeabd99905f..69f3ff07e9f5 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py @@ -28,11 +28,6 @@ class AuthorizationCodeCredential(object): the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities` defines authorities for other clouds. :keyword str client_secret: One of the application's client secrets. Required only for web apps and web APIs. - :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, - default to 30s. - :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon - attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry - of the token. """ def __init__(self, tenant_id, client_id, authorization_code, redirect_uri, **kwargs): @@ -95,6 +90,3 @@ def _redeem_refresh_token(self, scopes, **kwargs): return token return None - def get_token_refresh_options(self): - # type: () -> dict - return {"token_refresh_offset": self._client.token_refresh_offset} diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py index 614704f0bcbc..d88972c75265 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py @@ -28,11 +28,6 @@ class CertificateCredential(CertificateCredentialBase): False. :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False. - :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, - default to 30s. - :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon - attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry - of the token. """ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py index 82c9d7b04bac..b49b58f57313 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py @@ -44,11 +44,6 @@ class ManagedIdentityCredential(object): or resource ID, for example ``{"object_id": "..."}``. Check the documentation for your hosting environment to learn what values it expects. :paramtype identity_config: Mapping[str, str] - :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, - default to 30s. - :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon - attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry - of the token. """ def __init__(self, **kwargs): @@ -133,10 +128,6 @@ def _create_config(**kwargs): "retry_on_status_codes": [404, 429] + list(range(500, 600)), } - def get_token_refresh_options(self): - # type: () -> dict - return {"token_refresh_offset": self._client.token_refresh_offset} - class ImdsCredential(_ManagedIdentityBase): """Authenticates with a managed identity via the IMDS endpoint. diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py index 6a5293c2a9b2..a5bcf3fc66c8 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py @@ -22,15 +22,7 @@ class VSCodeCredential(object): - """Authenticates by redeeming a refresh token previously saved by VS Code - - :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, - default to 30s. - :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon - attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry - of the token. - - """ + """Authenticates by redeeming a refresh token previously saved by VS Code""" def __init__(self, **kwargs): # type: (**Any) -> None @@ -73,7 +65,3 @@ def _redeem_refresh_token(self, scopes, **kwargs): token = self._client.obtain_token_by_refresh_token(scopes, self._refresh_token, **kwargs) return token - - def get_token_refresh_options(self): - # type: () -> dict - return {"token_refresh_offset": self._client.token_refresh_offset} diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index 0a14d44bd484..e4ebe8ce4a13 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -49,9 +49,8 @@ def __init__(self, tenant_id, client_id, authority=None, cache=None, **kwargs): self._cache = cache or TokenCache() self._client_id = client_id self._pipeline = self._build_pipeline(**kwargs) - self._token_refresh_retry_timeout = kwargs.get("token_refresh_retry_timeout", - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT) # default 30s - self._token_refresh_offset = kwargs.get("token_refresh_offset", DEFAULT_REFRESH_OFFSET) # default 2 min + self._token_refresh_retry_timeout = DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT # default 30s + self._token_refresh_offset = DEFAULT_REFRESH_OFFSET # default 2 min self._last_refresh_time = 0 def get_cached_access_token(self, scopes, query=None): @@ -101,11 +100,6 @@ def obtain_token_by_refresh_token(self, scopes, refresh_token, **kwargs): def _build_pipeline(self, config=None, policies=None, transport=None, **kwargs): pass - @property - def token_refresh_offset(self): - # type: () -> int - return self._token_refresh_offset - def _process_response(self, response, request_time): # type: (PipelineResponse, int) -> AccessToken self._last_refresh_time = int(time.time()) # no matter succeed or not, update the last refresh time diff --git a/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py index a62bb2e1bd2f..c13fe86d7a29 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/certificate_credential_base.py @@ -57,7 +57,3 @@ def __init__(self, tenant_id, client_id, certificate_path, **kwargs): @abc.abstractmethod def _get_auth_client(self, tenant_id, client_id, **kwargs): pass - - def get_token_refresh_options(self): - # type: () -> dict - return {"token_refresh_offset": self._client.token_refresh_offset} diff --git a/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py b/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py index 4b2bec69b828..4854a396e84f 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/client_secret_credential_base.py @@ -45,7 +45,3 @@ def __init__(self, tenant_id, client_id, client_secret, **kwargs): @abc.abstractmethod def _get_auth_client(self, tenant_id, client_id, **kwargs): pass - - def get_token_refresh_options(self): - # type: () -> dict - return {"token_refresh_offset": self._client.token_refresh_offset} diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py index c6b32ac686ae..90edc002b243 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py @@ -29,11 +29,6 @@ class AuthorizationCodeCredential(AsyncCredentialBase): the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities` defines authorities for other clouds. :keyword str client_secret: One of the application's client secrets. Required only for web apps and web APIs. - :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, - default to 30s. - :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon - attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry - of the token. """ async def __aenter__(self): @@ -105,7 +100,3 @@ async def _redeem_refresh_token(self, scopes: "Sequence[str]", **kwargs: "Any") if token: return token return None - - def get_token_refresh_options(self): - # type: () -> dict - return {"token_refresh_offset": self._client.token_refresh_offset} diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py index 88be59807433..ade6bb8e7d8c 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py @@ -26,11 +26,6 @@ class CertificateCredential(CertificateCredentialBase, AsyncCredentialBase): :keyword password: The certificate's password. If a unicode string, it will be encoded as UTF-8. If the certificate requires a different encoding, pass appropriately encoded bytes instead. :paramtype password: str or bytes - :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, - default to 30s. - :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon - attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry - of the token. """ async def __aenter__(self): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py index 221ab6f9ab44..767a80b3cf84 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py @@ -27,11 +27,6 @@ class ClientSecretCredential(AsyncCredentialBase, ClientSecretCredentialBase): False. :keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False. - :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, - default to 30s. - :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon - attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry - of the token. """ async def __aenter__(self): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py index 4458094e5dae..117a87ceadba 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py @@ -32,11 +32,6 @@ class ManagedIdentityCredential(AsyncCredentialBase): or resource ID, for example ``{"object_id": "..."}``. Check the documentation for your hosting environment to learn what values it expects. :paramtype identity_config: Mapping[str, str] - :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, - default to 30s. - :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon - attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry of the - token. """ def __init__(self, **kwargs: "Any") -> None: diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py index 9bcb8f36f0a2..6b1da3a6f8ae 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py @@ -16,15 +16,7 @@ class VSCodeCredential(AsyncCredentialBase): - """Authenticates by redeeming a refresh token previously saved by VS Code - - :keyword int token_refresh_retry_timeout: the number of seconds to wait before retrying a token refresh in seconds, - default to 30s. - :keyword int token_refresh_offset: the number of seconds to subtract from the token expiry time, whereupon - attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry - of the token. - - """ + """Authenticates by redeeming a refresh token previously saved by VS Code""" def __init__(self, **kwargs: "Any") -> None: self._client = kwargs.pop("_client", None) or AadClient("organizations", AZURE_VSCODE_CLIENT_ID, **kwargs) @@ -75,7 +67,3 @@ async def _redeem_refresh_token(self, scopes: "Sequence[str]", **kwargs: "Any") token = await self._client.obtain_token_by_refresh_token(scopes, self._refresh_token, **kwargs) return token - - def get_token_refresh_options(self): - # type: () -> dict - return {"token_refresh_offset": self._client.token_refresh_offset} diff --git a/sdk/identity/azure-identity/tests/test_aad_client.py b/sdk/identity/azure-identity/tests/test_aad_client.py index e0413b2b8986..453a671a4641 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client.py +++ b/sdk/identity/azure-identity/tests/test_aad_client.py @@ -228,32 +228,22 @@ def test_should_refresh(): def test_token_refresh_kwargs(): client = AadClient("test", "test") - assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT - assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET - - test_token_refresh_retry_timeout = 10 - test_token_refresh_offset = 100 - client = AadClient("test", "test", - token_refresh_retry_timeout=test_token_refresh_retry_timeout, - token_refresh_offset=test_token_refresh_offset) - assert client._token_refresh_retry_timeout == test_token_refresh_retry_timeout - assert client._token_refresh_offset == test_token_refresh_offset now = int(time.time()) # do not need refresh - token = AccessToken("token", now + test_token_refresh_offset + 1) + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET + 1) should_refresh = client.should_refresh(token) assert not should_refresh # need refresh - token = AccessToken("token", now + test_token_refresh_offset - 1) - client._last_refresh_time = now - test_token_refresh_retry_timeout - 1 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT - 1 should_refresh = client.should_refresh(token) assert should_refresh # not exceed cool down time, do not refresh - token = AccessToken("token", now + test_token_refresh_offset - 1) - client._last_refresh_time = now - test_token_refresh_retry_timeout + 1 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + 1 should_refresh = client.should_refresh(token) assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_aad_client_async.py b/sdk/identity/azure-identity/tests/test_aad_client_async.py index 229cbfacab23..813d269adb5a 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client_async.py +++ b/sdk/identity/azure-identity/tests/test_aad_client_async.py @@ -235,32 +235,22 @@ async def test_should_refresh(): async def test_token_refresh_kwargs(): client = AadClient("test", "test") - assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT - assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET - - test_token_refresh_retry_timeout = 10 - test_token_refresh_offset = 100 - client = AadClient("test", "test", - token_refresh_retry_timeout=test_token_refresh_retry_timeout, - token_refresh_offset=test_token_refresh_offset) - assert client._token_refresh_retry_timeout == test_token_refresh_retry_timeout - assert client._token_refresh_offset == test_token_refresh_offset now = int(time.time()) # do not need refresh - token = AccessToken("token", now + test_token_refresh_offset + 1) + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET + 1) should_refresh = client.should_refresh(token) assert not should_refresh # need refresh - token = AccessToken("token", now + test_token_refresh_offset - 1) - client._last_refresh_time = now - test_token_refresh_retry_timeout - 1 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT - 1 should_refresh = client.should_refresh(token) assert should_refresh # not exceed cool down time, do not refresh - token = AccessToken("token", now + test_token_refresh_offset - 1) - client._last_refresh_time = now - test_token_refresh_retry_timeout + 1 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + 1 should_refresh = client.should_refresh(token) assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client.py b/sdk/identity/azure-identity/tests/test_authn_client.py index 2a9c61b79a5a..7564c90eb33b 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client.py +++ b/sdk/identity/azure-identity/tests/test_authn_client.py @@ -259,32 +259,21 @@ def test_should_refresh(): def test_token_refresh_kwargs(): client = AuthnClient(endpoint="http://foo") - assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT - assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET - - test_token_refresh_retry_timeout = 10 - test_token_refresh_offset = 100 - client = AuthnClient(endpoint="http://foo", - token_refresh_retry_timeout=test_token_refresh_retry_timeout, - token_refresh_offset=test_token_refresh_offset) - assert client._token_refresh_retry_timeout == test_token_refresh_retry_timeout - assert client._token_refresh_offset == test_token_refresh_offset - now = int(time.time()) # do not need refresh - token = AccessToken("token", now + test_token_refresh_offset + 1) + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET + 1) should_refresh = client.should_refresh(token) assert not should_refresh # need refresh - token = AccessToken("token", now + test_token_refresh_offset - 1) - client._last_refresh_time = now - test_token_refresh_retry_timeout - 1 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT - 1 should_refresh = client.should_refresh(token) assert should_refresh # not exceed cool down time, do not refresh - token = AccessToken("token", now + test_token_refresh_offset - 1) - client._last_refresh_time = now - test_token_refresh_retry_timeout + 1 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + 1 should_refresh = client.should_refresh(token) assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client_async.py b/sdk/identity/azure-identity/tests/test_authn_client_async.py index 20ae64f4e3e3..764dcccf6cc3 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client_async.py +++ b/sdk/identity/azure-identity/tests/test_authn_client_async.py @@ -63,32 +63,22 @@ async def test_should_refresh(): async def test_token_refresh_kwargs(): client = AsyncAuthnClient(endpoint="http://foo") - assert client._token_refresh_retry_timeout == DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT - assert client._token_refresh_offset == DEFAULT_REFRESH_OFFSET - - test_token_refresh_retry_timeout = 10 - test_token_refresh_offset = 100 - client = AsyncAuthnClient(endpoint="http://foo", - token_refresh_retry_timeout=test_token_refresh_retry_timeout, - token_refresh_offset=test_token_refresh_offset) - assert client._token_refresh_retry_timeout == test_token_refresh_retry_timeout - assert client._token_refresh_offset == test_token_refresh_offset now = int(time.time()) # do not need refresh - token = AccessToken("token", now + test_token_refresh_offset + 1) + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET + 1) should_refresh = client.should_refresh(token) assert not should_refresh # need refresh - token = AccessToken("token", now + test_token_refresh_offset - 1) - client._last_refresh_time = now - test_token_refresh_retry_timeout - 1 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT - 1 should_refresh = client.should_refresh(token) assert should_refresh # not exceed cool down time, do not refresh - token = AccessToken("token", now + test_token_refresh_offset - 1) - client._last_refresh_time = now - test_token_refresh_retry_timeout + 1 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + 1 should_refresh = client.should_refresh(token) assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential.py b/sdk/identity/azure-identity/tests/test_certificate_credential.py index 33ce7eb7bf47..a2cb0b0e18d6 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential.py @@ -241,10 +241,3 @@ def test_persistent_cache_multiple_clients(cert_path, cert_password): token_b = credential_b.get_token(scope) assert token_b.token == access_token_b assert transport_b.send.call_count == 1 - -def test_token_refresh_offset(): - token_refresh_options = CertificateCredential("tenant-id", "client-id", CERT_PATH).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - - token_refresh_options = CertificateCredential("tenant-id", "client-id", CERT_PATH, token_refresh_offset=100).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py index bc1cf065ccf6..7432df2950e0 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py @@ -234,11 +234,3 @@ async def test_persistent_cache_multiple_clients(cert_path, cert_password): token_b = await credential_b.get_token(scope) assert token_b.token == access_token_b assert transport_b.send.call_count == 1 - -@pytest.mark.asyncio -async def test_token_refresh_offset(): - token_refresh_options = CertificateCredential("tenant-id", "client-id", CERT_PATH).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - - token_refresh_options = CertificateCredential("tenant-id", "client-id", CERT_PATH, token_refresh_offset=100).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential.py b/sdk/identity/azure-identity/tests/test_client_secret_credential.py index 5b815e076d68..775775e76fed 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential.py @@ -233,10 +233,3 @@ def test_persistent_cache_multiple_clients(): token_b = credential_b.get_token(scope) assert token_b.token == access_token_b assert transport_b.send.call_count == 1 - -def test_token_refresh_offset(): - token_refresh_options = ClientSecretCredential("tenant-id", "client-id", "client-secret").get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - - token_refresh_options = ClientSecretCredential("tenant-id", "client-id", "client-secret", token_refresh_offset=100).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py index 19bc15e450fa..ea78c6bfda12 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py @@ -260,11 +260,3 @@ async def test_persistent_cache_multiple_clients(): token_b = await credential_b.get_token(scope) assert token_b.token == access_token_b assert transport_b.send.call_count == 1 - -@pytest.mark.asyncio -async def test_token_refresh_offset(): - token_refresh_options = ClientSecretCredential("tenant-id", "client-id", "client-secret").get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - - token_refresh_options = ClientSecretCredential("tenant-id", "client-id", "client-secret", token_refresh_offset=100).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_imds_credential.py b/sdk/identity/azure-identity/tests/test_imds_credential.py index 6dee60f0791f..bb4e027691cb 100644 --- a/sdk/identity/azure-identity/tests/test_imds_credential.py +++ b/sdk/identity/azure-identity/tests/test_imds_credential.py @@ -173,10 +173,3 @@ def test_identity_config(): token = credential.get_token(scope) assert token == expected_token - -def test_token_refresh_offset(): - token_refresh_options = ImdsCredential().get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - - token_refresh_options = ImdsCredential(token_refresh_offset=100).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_imds_credential_async.py b/sdk/identity/azure-identity/tests/test_imds_credential_async.py index e081a3d8a0ae..0d1a49909a75 100644 --- a/sdk/identity/azure-identity/tests/test_imds_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_imds_credential_async.py @@ -202,10 +202,3 @@ async def test_identity_config(): token = await credential.get_token(scope) assert token == expected_token - -async def test_token_refresh_offset(): - token_refresh_options = ImdsCredential().get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - - token_refresh_options = ImdsCredential(token_refresh_offset=100).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_managed_identity.py b/sdk/identity/azure-identity/tests/test_managed_identity.py index 663cdad96c91..99df09ab9c3d 100644 --- a/sdk/identity/azure-identity/tests/test_managed_identity.py +++ b/sdk/identity/azure-identity/tests/test_managed_identity.py @@ -298,10 +298,3 @@ def test_imds_user_assigned_identity(): with mock.patch.dict("os.environ", clear=True): token = ManagedIdentityCredential(client_id=client_id, transport=transport).get_token(scope) assert token == expected_token - -def test_token_refresh_offset(): - token_refresh_options = ManagedIdentityCredential().get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - - token_refresh_options = ManagedIdentityCredential(token_refresh_offset=100).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_managed_identity_async.py b/sdk/identity/azure-identity/tests/test_managed_identity_async.py index 356378cfc2f7..665f48ec0fc5 100644 --- a/sdk/identity/azure-identity/tests/test_managed_identity_async.py +++ b/sdk/identity/azure-identity/tests/test_managed_identity_async.py @@ -304,11 +304,3 @@ async def test_imds_user_assigned_identity(): with mock.patch.dict("os.environ", clear=True): token = await ManagedIdentityCredential(client_id=client_id, transport=transport).get_token(scope) assert token == expected_token - -@pytest.mark.asyncio -async def test_token_refresh_offset(): - token_refresh_options = ManagedIdentityCredential().get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - - token_refresh_options = ManagedIdentityCredential(token_refresh_offset=100).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_msi_credential.py b/sdk/identity/azure-identity/tests/test_msi_credential.py index 712f581e752e..6fa9eff94998 100644 --- a/sdk/identity/azure-identity/tests/test_msi_credential.py +++ b/sdk/identity/azure-identity/tests/test_msi_credential.py @@ -111,14 +111,3 @@ def test_identity_config_cloud_shell(): token = credential.get_token(scope) assert token == expected_token - -def test_token_refresh_offset(): - endpoint = "http://localhost:42/token" - with mock.patch.dict( - MsiCredential.__module__ + ".os.environ", {EnvironmentVariables.MSI_ENDPOINT: endpoint}, clear=True - ): - token_refresh_options = MsiCredential().get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - - token_refresh_options = MsiCredential(token_refresh_offset=100).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_msi_credential_async.py b/sdk/identity/azure-identity/tests/test_msi_credential_async.py index 0b78279963e1..362a56919b46 100644 --- a/sdk/identity/azure-identity/tests/test_msi_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_msi_credential_async.py @@ -139,14 +139,3 @@ async def test_identity_config_cloud_shell(): token = await credential.get_token(scope) assert token == expected_token - -async def test_token_refresh_offset(): - endpoint = "http://localhost:42/token" - with mock.patch.dict( - MsiCredential.__module__ + ".os.environ", {EnvironmentVariables.MSI_ENDPOINT: endpoint}, clear=True - ): - token_refresh_options = MsiCredential().get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - - token_refresh_options = MsiCredential(token_refresh_offset=100).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_username_password_credential.py b/sdk/identity/azure-identity/tests/test_username_password_credential.py index 591977d26cf5..cafd31d2d208 100644 --- a/sdk/identity/azure-identity/tests/test_username_password_credential.py +++ b/sdk/identity/azure-identity/tests/test_username_password_credential.py @@ -135,18 +135,3 @@ def test_authenticate(): # credential should have a cached access token for the scope passed to authenticate token = credential.get_token(scope) assert token.token == access_token - -def test_token_refresh_offset(): - client_id = "client-id" - environment = "localhost" - issuer = "https://" + environment - tenant_id = "some-tenant" - username = "me@work.com" - token_refresh_options = UsernamePasswordCredential( - username=username, - password="1234", - authority=environment, - client_id=client_id, - tenant_id=tenant_id, - ).get_token_refresh_options() - assert "token_refresh_offset" not in token_refresh_options diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential.py b/sdk/identity/azure-identity/tests/test_vscode_credential.py index 9ccdec5db4db..267996886866 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential.py @@ -129,11 +129,3 @@ def test_mac_keychain_error(): credential = VSCodeCredential() with pytest.raises(CredentialUnavailableError): token = credential.get_token("scope") - - -def test_token_refresh_offset(): - token_refresh_options = VSCodeCredential().get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - - token_refresh_options = VSCodeCredential(token_refresh_offset=100).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == 100 diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py index 9a8e569a4a72..ddbbbc2b76ad 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py @@ -111,12 +111,3 @@ def mock_should_refresh(token): credential = VSCodeCredential(_client=mock_client) token = await credential.get_token("scope") assert token_by_refresh_token.call_count == 0 - - -@pytest.mark.asyncio -async def test_token_refresh_offset(): - token_refresh_options = VSCodeCredential().get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == DEFAULT_REFRESH_OFFSET - - token_refresh_options = VSCodeCredential(token_refresh_offset=100).get_token_refresh_options() - assert token_refresh_options.get("token_refresh_offset") == 100 From 78518cd01a9193c383d0dbfca8b3dde7301fc0c4 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Mon, 13 Jul 2020 17:05:58 -0700 Subject: [PATCH 21/32] updates --- sdk/identity/azure-identity/azure/identity/_authn_client.py | 4 ++-- .../azure/identity/_internal/aad_client_base.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_authn_client.py b/sdk/identity/azure-identity/azure/identity/_authn_client.py index a83f742cec82..6a0502d7039b 100644 --- a/sdk/identity/azure-identity/azure/identity/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/_authn_client.py @@ -65,8 +65,8 @@ def __init__(self, endpoint=None, authority=None, tenant=None, **kwargs): # pyl authority = normalize_authority(authority) if authority else get_default_authority() self._auth_url = "/".join((authority, tenant.strip("/"), "oauth2/v2.0/token")) self._cache = kwargs.get("cache") or TokenCache() # type: TokenCache - self._token_refresh_retry_timeout = DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT # default 30s - self._token_refresh_offset = DEFAULT_REFRESH_OFFSET # default 2 min + self._token_refresh_retry_timeout = DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + self._token_refresh_offset = DEFAULT_REFRESH_OFFSET self._last_refresh_time = 0 @property diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index e4ebe8ce4a13..f27fed2ede30 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -49,8 +49,8 @@ def __init__(self, tenant_id, client_id, authority=None, cache=None, **kwargs): self._cache = cache or TokenCache() self._client_id = client_id self._pipeline = self._build_pipeline(**kwargs) - self._token_refresh_retry_timeout = DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT # default 30s - self._token_refresh_offset = DEFAULT_REFRESH_OFFSET # default 2 min + self._token_refresh_retry_timeout = DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + self._token_refresh_offset = DEFAULT_REFRESH_OFFSET self._last_refresh_time = 0 def get_cached_access_token(self, scopes, query=None): From 82ad53a1fc87ed909f1728b23d8b48f14a8ab92f Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Mon, 13 Jul 2020 17:07:57 -0700 Subject: [PATCH 22/32] updates --- .../azure-identity/azure/identity/_credentials/azure_cli.py | 5 ----- .../azure-identity/azure/identity/_credentials/chained.py | 5 ----- .../azure/identity/_credentials/environment.py | 4 ---- .../azure/identity/_credentials/managed_identity.py | 3 --- .../azure/identity/_internal/msal_credentials.py | 5 ----- .../azure/identity/_internal/shared_token_cache.py | 5 ----- .../azure/identity/aio/_credentials/azure_cli.py | 4 ---- .../azure/identity/aio/_credentials/chained.py | 5 ----- .../azure/identity/aio/_credentials/environment.py | 4 ---- .../azure/identity/aio/_credentials/managed_identity.py | 3 --- 10 files changed, 43 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py index 8b08bec03986..07687f8d32c1 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py @@ -61,11 +61,6 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=no-self-use,unused-arg return token - @classmethod - def get_token_refresh_options(cls): - # type: () -> dict - return dict() - def parse_token(output): """Parse output of 'az account get-access-token' to an AccessToken. diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/chained.py b/sdk/identity/azure-identity/azure/identity/_credentials/chained.py index 9c6fd8fcbedf..b40c373afa1d 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/chained.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/chained.py @@ -74,8 +74,3 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument attempts = _get_error_message(history) message = self.__class__.__name__ + " failed to retrieve a token from the included credentials." + attempts raise ClientAuthenticationError(message=message) - - @classmethod - def get_token_refresh_options(cls): - # type: () -> dict - return dict() diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/environment.py b/sdk/identity/azure-identity/azure/identity/_credentials/environment.py index 33a343148b4a..dc37abca83c1 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/environment.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/environment.py @@ -92,7 +92,3 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument ) raise CredentialUnavailableError(message=message) return self._credential.get_token(*scopes, **kwargs) - - def get_token_refresh_options(self): - # type: () -> dict - return self._credential.get_token_refresh_options() diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py index b49b58f57313..3cf055f816c1 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py @@ -69,9 +69,6 @@ def get_token(self, *scopes, **kwargs): raise CredentialUnavailableError(message="No managed identity endpoint found.") return self._credential.get_token(*scopes, **kwargs) - def get_token_refresh_options(self): - # type: () -> dict - return self._credential.get_token_refresh_options() class _ManagedIdentityBase(object): def __init__(self, endpoint, client_cls, config=None, client_id=None, **kwargs): diff --git a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py index 3d3dd246a66b..b408d37d69ac 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py @@ -137,11 +137,6 @@ def _create_app(self, cls): return app - @classmethod - def get_token_refresh_options(cls): - # type: () -> dict - return dict() - class ConfidentialClientCredential(MsalCredential): """Wraps an MSAL ConfidentialClientApplication with the TokenCredential API""" diff --git a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py index d82888b7c803..1cbb6f986352 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py @@ -229,11 +229,6 @@ def _get_refresh_tokens(self, account): message = "Error accessing cached data: {}".format(ex) six.raise_from(CredentialUnavailableError(message=message), ex) - @classmethod - def get_token_refresh_options(cls): - # type: () -> dict - return dict() - @staticmethod def supported(): # type: () -> bool diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py index b30794f60111..a562a7831b9f 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/azure_cli.py @@ -57,10 +57,6 @@ async def get_token(self, *scopes, **kwargs): async def close(self): """Calling this method is unnecessary""" - @classmethod - def get_token_refresh_options(cls): - # type: () -> dict - return dict() async def _run_command(command): if sys.platform.startswith("win"): diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py index a1e257923a55..aab679966e15 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/chained.py @@ -66,8 +66,3 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": attempts = _get_error_message(history) message = self.__class__.__name__ + " failed to retrieve a token from the included credentials." + attempts raise ClientAuthenticationError(message=message) - - @classmethod - def get_token_refresh_options(cls): - # type: () -> dict - return dict() diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py index 10843480412d..7e1197d702c2 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/environment.py @@ -78,7 +78,3 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": ) raise CredentialUnavailableError(message=message) return await self._credential.get_token(*scopes, **kwargs) - - def get_token_refresh_options(self): - # type: () -> dict - return self._credential.get_token_refresh_options() diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py index 117a87ceadba..6b17a55ada91 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/managed_identity.py @@ -64,9 +64,6 @@ async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken": raise CredentialUnavailableError(message="No managed identity endpoint found.") return await self._credential.get_token(*scopes, **kwargs) - def get_token_refresh_options(self): - # type: () -> dict - return self._credential.get_token_refresh_options() class _AsyncManagedIdentityBase(_ManagedIdentityBase, AsyncCredentialBase): def __init__(self, endpoint: str, **kwargs: "Any") -> None: From 429ca27f63f015c98e35972317546584ce51397b Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Mon, 13 Jul 2020 17:29:11 -0700 Subject: [PATCH 23/32] update --- .../azure/identity/_credentials/authorization_code.py | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py index 69f3ff07e9f5..b02e64baf684 100644 --- a/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py +++ b/sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py @@ -89,4 +89,3 @@ def _redeem_refresh_token(self, scopes, **kwargs): if token: return token return None - From 99e89213386b9f3793bfe37ef551c2cd31d2b768 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Tue, 14 Jul 2020 12:57:57 -0700 Subject: [PATCH 24/32] updates --- .../azure-identity/azure/identity/_authn_client.py | 8 ++++---- sdk/identity/azure-identity/azure/identity/_constants.py | 2 +- .../azure/identity/_internal/aad_client_base.py | 8 ++++---- sdk/identity/azure-identity/tests/test_aad_client.py | 6 +++--- .../azure-identity/tests/test_aad_client_async.py | 6 +++--- sdk/identity/azure-identity/tests/test_authn_client.py | 6 +++--- .../azure-identity/tests/test_authn_client_async.py | 6 +++--- .../tests/test_username_password_credential.py | 1 - .../azure-identity/tests/test_vscode_credential.py | 6 +----- .../azure-identity/tests/test_vscode_credential_async.py | 6 +----- 10 files changed, 23 insertions(+), 32 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_authn_client.py b/sdk/identity/azure-identity/azure/identity/_authn_client.py index 6a0502d7039b..bfbe45067d61 100644 --- a/sdk/identity/azure-identity/azure/identity/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/_authn_client.py @@ -22,7 +22,7 @@ UserAgentPolicy, ) from azure.core.pipeline.transport import RequestsTransport, HttpRequest -from ._constants import AZURE_CLI_CLIENT_ID, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT +from ._constants import AZURE_CLI_CLIENT_ID, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_DELAY from ._internal import get_default_authority, normalize_authority from ._internal.user_agent import USER_AGENT @@ -65,7 +65,7 @@ def __init__(self, endpoint=None, authority=None, tenant=None, **kwargs): # pyl authority = normalize_authority(authority) if authority else get_default_authority() self._auth_url = "/".join((authority, tenant.strip("/"), "oauth2/v2.0/token")) self._cache = kwargs.get("cache") or TokenCache() # type: TokenCache - self._token_refresh_retry_timeout = DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + self._token_refresh_retry_delay = DEFAULT_TOKEN_REFRESH_RETRY_DELAY self._token_refresh_offset = DEFAULT_REFRESH_OFFSET self._last_refresh_time = 0 @@ -81,7 +81,7 @@ def should_refresh(self, token): now = int(time.time()) if expires_on - now > self._token_refresh_offset: return False - if now - self._last_refresh_time < self._token_refresh_retry_timeout: + if now - self._last_refresh_time < self._token_refresh_retry_delay: return False return True @@ -90,7 +90,7 @@ def get_cached_token(self, scopes): tokens = self._cache.find(TokenCache.CredentialType.ACCESS_TOKEN, target=list(scopes)) for token in tokens: expires_on = int(token["expires_on"]) - if expires_on - 30 > int(time.time()): + if expires_on - self._token_refresh_retry_delay > int(time.time()): return AccessToken(token["secret"], expires_on) return None diff --git a/sdk/identity/azure-identity/azure/identity/_constants.py b/sdk/identity/azure-identity/azure/identity/_constants.py index c768f0d68fd3..4d217d7dc716 100644 --- a/sdk/identity/azure-identity/azure/identity/_constants.py +++ b/sdk/identity/azure-identity/azure/identity/_constants.py @@ -8,7 +8,7 @@ AZURE_VSCODE_CLIENT_ID = "aebc6443-996d-45c2-90f0-388ff96faa56" VSCODE_CREDENTIALS_SECTION = "VS Code Azure" DEFAULT_REFRESH_OFFSET = 300 -DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT = 30 +DEFAULT_TOKEN_REFRESH_RETRY_DELAY = 30 class KnownAuthorities: diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index f27fed2ede30..a290c65f8184 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -16,7 +16,7 @@ from azure.core.credentials import AccessToken from azure.core.exceptions import ClientAuthenticationError from . import get_default_authority, normalize_authority -from .._constants import DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT, DEFAULT_REFRESH_OFFSET +from .._constants import DEFAULT_TOKEN_REFRESH_RETRY_DELAY, DEFAULT_REFRESH_OFFSET try: from typing import TYPE_CHECKING @@ -49,7 +49,7 @@ def __init__(self, tenant_id, client_id, authority=None, cache=None, **kwargs): self._cache = cache or TokenCache() self._client_id = client_id self._pipeline = self._build_pipeline(**kwargs) - self._token_refresh_retry_timeout = DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + self._token_refresh_retry_delay = DEFAULT_TOKEN_REFRESH_RETRY_DELAY self._token_refresh_offset = DEFAULT_REFRESH_OFFSET self._last_refresh_time = 0 @@ -58,7 +58,7 @@ def get_cached_access_token(self, scopes, query=None): tokens = self._cache.find(TokenCache.CredentialType.ACCESS_TOKEN, target=list(scopes), query=query) for token in tokens: expires_on = int(token["expires_on"]) - if expires_on - 30 > int(time.time()): + if expires_on - self._token_refresh_retry_delay > int(time.time()): return AccessToken(token["secret"], expires_on) return None @@ -75,7 +75,7 @@ def should_refresh(self, token): now = int(time.time()) if expires_on - now > self._token_refresh_offset: return False - if now - self._last_refresh_time < self._token_refresh_retry_timeout: + if now - self._last_refresh_time < self._token_refresh_retry_delay: return False return True diff --git a/sdk/identity/azure-identity/tests/test_aad_client.py b/sdk/identity/azure-identity/tests/test_aad_client.py index 453a671a4641..e85cce2d0320 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client.py +++ b/sdk/identity/azure-identity/tests/test_aad_client.py @@ -5,7 +5,7 @@ import functools import time from azure.core.exceptions import ClientAuthenticationError -from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT +from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_DELAY from azure.identity._internal.aad_client import AadClient from azure.core.credentials import AccessToken import pytest @@ -238,12 +238,12 @@ def test_token_refresh_kwargs(): # need refresh token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT - 1 + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY - 1 should_refresh = client.should_refresh(token) assert should_refresh # not exceed cool down time, do not refresh token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + 1 + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 should_refresh = client.should_refresh(token) assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_aad_client_async.py b/sdk/identity/azure-identity/tests/test_aad_client_async.py index 813d269adb5a..40f4d4d60af8 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client_async.py +++ b/sdk/identity/azure-identity/tests/test_aad_client_async.py @@ -7,7 +7,7 @@ from urllib.parse import urlparse import time from azure.core.exceptions import ClientAuthenticationError -from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT +from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_DELAY from azure.identity.aio._internal.aad_client import AadClient from azure.core.credentials import AccessToken from msal import TokenCache @@ -245,12 +245,12 @@ async def test_token_refresh_kwargs(): # need refresh token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT - 1 + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY - 1 should_refresh = client.should_refresh(token) assert should_refresh # not exceed cool down time, do not refresh token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + 1 + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 should_refresh = client.should_refresh(token) assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client.py b/sdk/identity/azure-identity/tests/test_authn_client.py index 7564c90eb33b..3dacda1b89a7 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client.py +++ b/sdk/identity/azure-identity/tests/test_authn_client.py @@ -14,7 +14,7 @@ from azure.core.credentials import AccessToken from azure.identity._authn_client import AuthnClient -from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT +from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_DELAY import pytest from six.moves.urllib_parse import urlparse from helpers import mock_response @@ -268,12 +268,12 @@ def test_token_refresh_kwargs(): # need refresh token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT - 1 + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY - 1 should_refresh = client.should_refresh(token) assert should_refresh # not exceed cool down time, do not refresh token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + 1 + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 should_refresh = client.should_refresh(token) assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client_async.py b/sdk/identity/azure-identity/tests/test_authn_client_async.py index 764dcccf6cc3..c66acb74c917 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client_async.py +++ b/sdk/identity/azure-identity/tests/test_authn_client_async.py @@ -9,7 +9,7 @@ import pytest from azure.core.credentials import AccessToken -from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT +from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET, DEFAULT_TOKEN_REFRESH_RETRY_DELAY from azure.identity.aio._authn_client import AsyncAuthnClient from helpers import mock_response @@ -73,12 +73,12 @@ async def test_token_refresh_kwargs(): # need refresh token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT - 1 + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY - 1 should_refresh = client.should_refresh(token) assert should_refresh # not exceed cool down time, do not refresh token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_TIMEOUT + 1 + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 should_refresh = client.should_refresh(token) assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_username_password_credential.py b/sdk/identity/azure-identity/tests/test_username_password_credential.py index cafd31d2d208..f82d251090b0 100644 --- a/sdk/identity/azure-identity/tests/test_username_password_credential.py +++ b/sdk/identity/azure-identity/tests/test_username_password_credential.py @@ -5,7 +5,6 @@ from azure.core.pipeline.policies import SansIOHTTPPolicy from azure.identity import UsernamePasswordCredential from azure.identity._internal.user_agent import USER_AGENT -from azure.identity._constants import DEFAULT_REFRESH_OFFSET import pytest from helpers import ( diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential.py b/sdk/identity/azure-identity/tests/test_vscode_credential.py index 267996886866..5848f0cbffa5 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential.py @@ -93,13 +93,9 @@ def test_cache_refresh_token(): def test_no_obtain_token_if_cached(): - def mock_should_refresh(token): - return False - expected_token = AccessToken("token", 42) - mock_client = mock.Mock(spec=object) - mock_client.should_refresh = mock_should_refresh + mock_client = mock.Mock(should_refresh=lambda _: False) mock_client.obtain_token_by_refresh_token = mock.Mock(return_value=expected_token) mock_client.get_cached_access_token = mock.Mock(return_value="VALUE") diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py index ddbbbc2b76ad..1923dbd63aea 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py @@ -96,13 +96,9 @@ async def test_cache_refresh_token(): @pytest.mark.asyncio async def test_no_obtain_token_if_cached(): - def mock_should_refresh(token): - return False - expected_token = AccessToken("token", 42) - mock_client = mock.Mock(spec=object) - mock_client.should_refresh = mock_should_refresh + mock_client = mock.Mock(should_refresh=lambda _: False) token_by_refresh_token = mock.Mock(return_value=expected_token) mock_client.obtain_token_by_refresh_token = wrap_in_future(token_by_refresh_token) mock_client.get_cached_access_token = mock.Mock(return_value="VALUE") From a57f7fa044bbb9b4167007f49fbd3b2d330a669a Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Tue, 14 Jul 2020 13:07:46 -0700 Subject: [PATCH 25/32] updates --- sdk/identity/azure-identity/azure/identity/_authn_client.py | 2 +- .../azure-identity/azure/identity/_internal/aad_client_base.py | 2 +- sdk/identity/azure-identity/azure/identity/aio/_authn_client.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_authn_client.py b/sdk/identity/azure-identity/azure/identity/_authn_client.py index bfbe45067d61..ff3ffb887083 100644 --- a/sdk/identity/azure-identity/azure/identity/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/_authn_client.py @@ -230,9 +230,9 @@ def request_token( **kwargs # type: Any ): # type: (...) -> AccessToken - self._last_refresh_time = int(time.time()) # no matter succeed or not, update the last refresh time request = self._prepare_request(method, headers=headers, form_data=form_data, params=params) request_time = int(time.time()) + self._last_refresh_time = request_time # no matter succeed or not, update the last refresh time response = self._pipeline.run(request, stream=False, **kwargs) token = self._deserialize_and_cache_token(response=response, scopes=scopes, request_time=request_time) return token diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index a290c65f8184..7021a5a747fa 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -102,7 +102,7 @@ def _build_pipeline(self, config=None, policies=None, transport=None, **kwargs): def _process_response(self, response, request_time): # type: (PipelineResponse, int) -> AccessToken - self._last_refresh_time = int(time.time()) # no matter succeed or not, update the last refresh time + self._last_refresh_time = request_time # no matter succeed or not, update the last refresh time content = ContentDecodePolicy.deserialize_from_http_generics(response.http_response) diff --git a/sdk/identity/azure-identity/azure/identity/aio/_authn_client.py b/sdk/identity/azure-identity/azure/identity/aio/_authn_client.py index 1e29398e92e8..8f612e717ca8 100644 --- a/sdk/identity/azure-identity/azure/identity/aio/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/aio/_authn_client.py @@ -73,9 +73,9 @@ async def request_token( params: "Optional[Dict[str, str]]" = None, **kwargs: "Any" ) -> AccessToken: - self._last_refresh_time = int(time.time()) # no matter succeed or not, update the last refresh time request = self._prepare_request(method, headers=headers, form_data=form_data, params=params) request_time = int(time.time()) + self._last_refresh_time = request_time # no matter succeed or not, update the last refresh time response = await self._pipeline.run(request, stream=False, **kwargs) token = self._deserialize_and_cache_token(response=response, scopes=scopes, request_time=request_time) return token From e08692feef6a0517358165472c3dcd3485a6aeaf Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 15 Jul 2020 14:33:58 -0700 Subject: [PATCH 26/32] updates --- sdk/identity/azure-identity/tests/test_aad_client.py | 4 ++-- sdk/identity/azure-identity/tests/test_aad_client_async.py | 4 ++-- sdk/identity/azure-identity/tests/test_authn_client.py | 4 ++-- sdk/identity/azure-identity/tests/test_authn_client_async.py | 4 ++-- .../azure-identity/tests/test_certificate_credential.py | 1 - .../azure-identity/tests/test_certificate_credential_async.py | 1 - sdk/identity/azure-identity/tests/test_cli_credential.py | 1 - .../azure-identity/tests/test_cli_credential_async.py | 1 - sdk/identity/azure-identity/tests/test_vscode_credential.py | 1 - .../azure-identity/tests/test_vscode_credential_async.py | 1 - 10 files changed, 8 insertions(+), 14 deletions(-) diff --git a/sdk/identity/azure-identity/tests/test_aad_client.py b/sdk/identity/azure-identity/tests/test_aad_client.py index e85cce2d0320..0152e98aee26 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client.py +++ b/sdk/identity/azure-identity/tests/test_aad_client.py @@ -220,8 +220,8 @@ def test_should_refresh(): assert should_refresh # not exceed cool down time, do not refresh - token = AccessToken("token", now + 100) - client._last_refresh_time = now - 5 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 should_refresh = client.should_refresh(token) assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_aad_client_async.py b/sdk/identity/azure-identity/tests/test_aad_client_async.py index 40f4d4d60af8..efe792a6fc88 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client_async.py +++ b/sdk/identity/azure-identity/tests/test_aad_client_async.py @@ -227,8 +227,8 @@ async def test_should_refresh(): assert should_refresh # not exceed cool down time, do not refresh - token = AccessToken("token", now + 100) - client._last_refresh_time = now - 5 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 should_refresh = client.should_refresh(token) assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client.py b/sdk/identity/azure-identity/tests/test_authn_client.py index 3dacda1b89a7..05136805ba00 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client.py +++ b/sdk/identity/azure-identity/tests/test_authn_client.py @@ -251,8 +251,8 @@ def test_should_refresh(): assert should_refresh # not exceed cool down time, do not refresh - token = AccessToken("token", now + 100) - client._last_refresh_time = now - 5 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 should_refresh = client.should_refresh(token) assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client_async.py b/sdk/identity/azure-identity/tests/test_authn_client_async.py index c66acb74c917..3d669fce1953 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client_async.py +++ b/sdk/identity/azure-identity/tests/test_authn_client_async.py @@ -55,8 +55,8 @@ async def test_should_refresh(): assert should_refresh # not exceed cool down time, do not refresh - token = AccessToken("token", now + 100) - client._last_refresh_time = now - 5 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) + client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 should_refresh = client.should_refresh(token) assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential.py b/sdk/identity/azure-identity/tests/test_certificate_credential.py index a2cb0b0e18d6..af0eee63c580 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential.py @@ -9,7 +9,6 @@ from azure.identity import CertificateCredential from azure.identity._constants import EnvironmentVariables from azure.identity._internal.user_agent import USER_AGENT -from azure.identity._constants import DEFAULT_REFRESH_OFFSET from cryptography import x509 from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py index 7432df2950e0..01d2839fc2cc 100644 --- a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py @@ -9,7 +9,6 @@ from azure.identity._constants import EnvironmentVariables from azure.identity._internal.user_agent import USER_AGENT from azure.identity.aio import CertificateCredential -from azure.identity._constants import DEFAULT_REFRESH_OFFSET from msal import TokenCache import pytest diff --git a/sdk/identity/azure-identity/tests/test_cli_credential.py b/sdk/identity/azure-identity/tests/test_cli_credential.py index b528494cd665..3467a451356a 100644 --- a/sdk/identity/azure-identity/tests/test_cli_credential.py +++ b/sdk/identity/azure-identity/tests/test_cli_credential.py @@ -8,7 +8,6 @@ from azure.identity import AzureCliCredential, CredentialUnavailableError from azure.identity._credentials.azure_cli import CLI_NOT_FOUND, NOT_LOGGED_IN from azure.core.exceptions import ClientAuthenticationError -from azure.identity._constants import DEFAULT_REFRESH_OFFSET import subprocess import pytest diff --git a/sdk/identity/azure-identity/tests/test_cli_credential_async.py b/sdk/identity/azure-identity/tests/test_cli_credential_async.py index c520c90c07f6..46369faa522e 100644 --- a/sdk/identity/azure-identity/tests/test_cli_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_cli_credential_async.py @@ -11,7 +11,6 @@ from azure.identity.aio import AzureCliCredential from azure.identity._credentials.azure_cli import CLI_NOT_FOUND, NOT_LOGGED_IN from azure.core.exceptions import ClientAuthenticationError -from azure.identity._constants import DEFAULT_REFRESH_OFFSET import pytest from helpers_async import get_completed_future diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential.py b/sdk/identity/azure-identity/tests/test_vscode_credential.py index 5848f0cbffa5..6f22ad7ad8d6 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential.py @@ -9,7 +9,6 @@ from azure.core.pipeline.policies import SansIOHTTPPolicy from azure.identity._internal.user_agent import USER_AGENT from azure.identity._credentials.vscode_credential import get_credentials -from azure.identity._constants import DEFAULT_REFRESH_OFFSET import pytest from helpers import build_aad_response, mock_response, Request, validating_transport diff --git a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py index 1923dbd63aea..5207c73641fe 100644 --- a/sdk/identity/azure-identity/tests/test_vscode_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_vscode_credential_async.py @@ -10,7 +10,6 @@ from azure.identity.aio import VSCodeCredential from azure.identity._internal.user_agent import USER_AGENT from azure.core.pipeline.policies import SansIOHTTPPolicy -from azure.identity._constants import DEFAULT_REFRESH_OFFSET import pytest from helpers import build_aad_response, mock_response, Request From 101fa22829e80faeaa937bbcb5fcc1c4c2a507b8 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 15 Jul 2020 14:35:14 -0700 Subject: [PATCH 27/32] updates --- sdk/identity/azure-identity/tests/test_aad_client.py | 3 +-- sdk/identity/azure-identity/tests/test_aad_client_async.py | 3 +-- sdk/identity/azure-identity/tests/test_authn_client.py | 3 +-- sdk/identity/azure-identity/tests/test_authn_client_async.py | 3 +-- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/sdk/identity/azure-identity/tests/test_aad_client.py b/sdk/identity/azure-identity/tests/test_aad_client.py index 0152e98aee26..9dd31e8add76 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client.py +++ b/sdk/identity/azure-identity/tests/test_aad_client.py @@ -214,8 +214,7 @@ def test_should_refresh(): assert not should_refresh # need refresh - token = AccessToken("token", now + 100) - client._last_refresh_time = now - 500 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) should_refresh = client.should_refresh(token) assert should_refresh diff --git a/sdk/identity/azure-identity/tests/test_aad_client_async.py b/sdk/identity/azure-identity/tests/test_aad_client_async.py index efe792a6fc88..64a58850dda6 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client_async.py +++ b/sdk/identity/azure-identity/tests/test_aad_client_async.py @@ -221,8 +221,7 @@ async def test_should_refresh(): assert not should_refresh # need refresh - token = AccessToken("token", now + 100) - client._last_refresh_time = now - 500 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) should_refresh = client.should_refresh(token) assert should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client.py b/sdk/identity/azure-identity/tests/test_authn_client.py index 05136805ba00..64c08f853075 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client.py +++ b/sdk/identity/azure-identity/tests/test_authn_client.py @@ -245,8 +245,7 @@ def test_should_refresh(): assert not should_refresh # need refresh - token = AccessToken("token", now + 100) - client._last_refresh_time = now - 500 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) should_refresh = client.should_refresh(token) assert should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client_async.py b/sdk/identity/azure-identity/tests/test_authn_client_async.py index 3d669fce1953..df4215f43e84 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client_async.py +++ b/sdk/identity/azure-identity/tests/test_authn_client_async.py @@ -49,8 +49,7 @@ async def test_should_refresh(): assert not should_refresh # need refresh - token = AccessToken("token", now + 100) - client._last_refresh_time = now - 500 + token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) should_refresh = client.should_refresh(token) assert should_refresh From a38294a909476d62f56023e45452228cb3e97e25 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 15 Jul 2020 16:12:10 -0700 Subject: [PATCH 28/32] updates --- sdk/identity/azure-identity/tests/test_aad_client.py | 2 -- sdk/identity/azure-identity/tests/test_aad_client_async.py | 2 -- sdk/identity/azure-identity/tests/test_authn_client.py | 1 - sdk/identity/azure-identity/tests/test_authn_client_async.py | 2 -- 4 files changed, 7 deletions(-) diff --git a/sdk/identity/azure-identity/tests/test_aad_client.py b/sdk/identity/azure-identity/tests/test_aad_client.py index 9dd31e8add76..36d0bca1b6a3 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client.py +++ b/sdk/identity/azure-identity/tests/test_aad_client.py @@ -227,7 +227,6 @@ def test_should_refresh(): def test_token_refresh_kwargs(): client = AadClient("test", "test") - now = int(time.time()) # do not need refresh @@ -237,7 +236,6 @@ def test_token_refresh_kwargs(): # need refresh token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY - 1 should_refresh = client.should_refresh(token) assert should_refresh diff --git a/sdk/identity/azure-identity/tests/test_aad_client_async.py b/sdk/identity/azure-identity/tests/test_aad_client_async.py index 64a58850dda6..a42b74f2550c 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client_async.py +++ b/sdk/identity/azure-identity/tests/test_aad_client_async.py @@ -234,7 +234,6 @@ async def test_should_refresh(): async def test_token_refresh_kwargs(): client = AadClient("test", "test") - now = int(time.time()) # do not need refresh @@ -244,7 +243,6 @@ async def test_token_refresh_kwargs(): # need refresh token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY - 1 should_refresh = client.should_refresh(token) assert should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client.py b/sdk/identity/azure-identity/tests/test_authn_client.py index 64c08f853075..eef14d51c1a0 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client.py +++ b/sdk/identity/azure-identity/tests/test_authn_client.py @@ -267,7 +267,6 @@ def test_token_refresh_kwargs(): # need refresh token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY - 1 should_refresh = client.should_refresh(token) assert should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client_async.py b/sdk/identity/azure-identity/tests/test_authn_client_async.py index df4215f43e84..1f4055e9437b 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client_async.py +++ b/sdk/identity/azure-identity/tests/test_authn_client_async.py @@ -62,7 +62,6 @@ async def test_should_refresh(): async def test_token_refresh_kwargs(): client = AsyncAuthnClient(endpoint="http://foo") - now = int(time.time()) # do not need refresh @@ -72,7 +71,6 @@ async def test_token_refresh_kwargs(): # need refresh token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY - 1 should_refresh = client.should_refresh(token) assert should_refresh From 173e26db907fd368ebfa47b746a7e0029d2f7e12 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Wed, 15 Jul 2020 16:13:18 -0700 Subject: [PATCH 29/32] update --- sdk/identity/azure-identity/tests/test_cli_credential_async.py | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk/identity/azure-identity/tests/test_cli_credential_async.py b/sdk/identity/azure-identity/tests/test_cli_credential_async.py index 46369faa522e..ae9dec90a341 100644 --- a/sdk/identity/azure-identity/tests/test_cli_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_cli_credential_async.py @@ -169,4 +169,3 @@ async def test_subprocess_error_does_not_expose_token(output): assert "secret value" not in str(ex.value) assert "secret value" not in repr(ex.value) - From 533ab8c8fe171ff0721613712300f8302c64c2f3 Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Fri, 17 Jul 2020 08:53:46 -0700 Subject: [PATCH 30/32] update --- .../azure-identity/tests/test_aad_client.py | 21 ------------------- .../tests/test_aad_client_async.py | 21 ------------------- .../azure-identity/tests/test_authn_client.py | 21 ------------------- .../tests/test_authn_client_async.py | 21 ------------------- 4 files changed, 84 deletions(-) diff --git a/sdk/identity/azure-identity/tests/test_aad_client.py b/sdk/identity/azure-identity/tests/test_aad_client.py index 36d0bca1b6a3..b878d4bbf5e8 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client.py +++ b/sdk/identity/azure-identity/tests/test_aad_client.py @@ -223,24 +223,3 @@ def test_should_refresh(): client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 should_refresh = client.should_refresh(token) assert not should_refresh - - -def test_token_refresh_kwargs(): - client = AadClient("test", "test") - now = int(time.time()) - - # do not need refresh - token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET + 1) - should_refresh = client.should_refresh(token) - assert not should_refresh - - # need refresh - token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - should_refresh = client.should_refresh(token) - assert should_refresh - - # not exceed cool down time, do not refresh - token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 - should_refresh = client.should_refresh(token) - assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_aad_client_async.py b/sdk/identity/azure-identity/tests/test_aad_client_async.py index a42b74f2550c..ab9cd8208809 100644 --- a/sdk/identity/azure-identity/tests/test_aad_client_async.py +++ b/sdk/identity/azure-identity/tests/test_aad_client_async.py @@ -230,24 +230,3 @@ async def test_should_refresh(): client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 should_refresh = client.should_refresh(token) assert not should_refresh - - -async def test_token_refresh_kwargs(): - client = AadClient("test", "test") - now = int(time.time()) - - # do not need refresh - token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET + 1) - should_refresh = client.should_refresh(token) - assert not should_refresh - - # need refresh - token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - should_refresh = client.should_refresh(token) - assert should_refresh - - # not exceed cool down time, do not refresh - token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 - should_refresh = client.should_refresh(token) - assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client.py b/sdk/identity/azure-identity/tests/test_authn_client.py index eef14d51c1a0..c5dbbe41394a 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client.py +++ b/sdk/identity/azure-identity/tests/test_authn_client.py @@ -254,24 +254,3 @@ def test_should_refresh(): client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 should_refresh = client.should_refresh(token) assert not should_refresh - - -def test_token_refresh_kwargs(): - client = AuthnClient(endpoint="http://foo") - now = int(time.time()) - - # do not need refresh - token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET + 1) - should_refresh = client.should_refresh(token) - assert not should_refresh - - # need refresh - token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - should_refresh = client.should_refresh(token) - assert should_refresh - - # not exceed cool down time, do not refresh - token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 - should_refresh = client.should_refresh(token) - assert not should_refresh diff --git a/sdk/identity/azure-identity/tests/test_authn_client_async.py b/sdk/identity/azure-identity/tests/test_authn_client_async.py index 1f4055e9437b..d80367d9b583 100644 --- a/sdk/identity/azure-identity/tests/test_authn_client_async.py +++ b/sdk/identity/azure-identity/tests/test_authn_client_async.py @@ -58,24 +58,3 @@ async def test_should_refresh(): client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 should_refresh = client.should_refresh(token) assert not should_refresh - - -async def test_token_refresh_kwargs(): - client = AsyncAuthnClient(endpoint="http://foo") - now = int(time.time()) - - # do not need refresh - token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET + 1) - should_refresh = client.should_refresh(token) - assert not should_refresh - - # need refresh - token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - should_refresh = client.should_refresh(token) - assert should_refresh - - # not exceed cool down time, do not refresh - token = AccessToken("token", now + DEFAULT_REFRESH_OFFSET - 1) - client._last_refresh_time = now - DEFAULT_TOKEN_REFRESH_RETRY_DELAY + 1 - should_refresh = client.should_refresh(token) - assert not should_refresh From b6e1cc7afdf4a7fa670dd4fe36a0240e162dde4f Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Fri, 17 Jul 2020 09:16:43 -0700 Subject: [PATCH 31/32] update --- .../azure-identity/tests/test_client_secret_credential.py | 2 +- .../azure-identity/tests/test_client_secret_credential_async.py | 2 +- sdk/identity/azure-identity/tests/test_imds_credential.py | 2 +- sdk/identity/azure-identity/tests/test_imds_credential_async.py | 2 +- sdk/identity/azure-identity/tests/test_managed_identity.py | 2 +- .../azure-identity/tests/test_managed_identity_async.py | 2 +- sdk/identity/azure-identity/tests/test_msi_credential.py | 2 +- sdk/identity/azure-identity/tests/test_msi_credential_async.py | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential.py b/sdk/identity/azure-identity/tests/test_client_secret_credential.py index 775775e76fed..ea3362a3f0ff 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential.py @@ -7,7 +7,7 @@ from azure.core.credentials import AccessToken from azure.core.pipeline.policies import ContentDecodePolicy, SansIOHTTPPolicy from azure.identity import ClientSecretCredential -from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET +from azure.identity._constants import EnvironmentVariables from azure.identity._internal.user_agent import USER_AGENT from msal import TokenCache import pytest diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py index ea78c6bfda12..4731f1cb7bc2 100644 --- a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py @@ -8,7 +8,7 @@ from azure.core.credentials import AccessToken from azure.core.pipeline.policies import ContentDecodePolicy, SansIOHTTPPolicy -from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET +from azure.identity._constants import EnvironmentVariables from azure.identity._internal.user_agent import USER_AGENT from azure.identity.aio import ClientSecretCredential from msal import TokenCache diff --git a/sdk/identity/azure-identity/tests/test_imds_credential.py b/sdk/identity/azure-identity/tests/test_imds_credential.py index bb4e027691cb..95f53088b11a 100644 --- a/sdk/identity/azure-identity/tests/test_imds_credential.py +++ b/sdk/identity/azure-identity/tests/test_imds_credential.py @@ -8,7 +8,7 @@ from azure.core.exceptions import ClientAuthenticationError from azure.identity import CredentialUnavailableError -from azure.identity._constants import Endpoints, DEFAULT_REFRESH_OFFSET +from azure.identity._constants import Endpoints from azure.identity._credentials.managed_identity import ImdsCredential import pytest from azure.identity._internal.user_agent import USER_AGENT diff --git a/sdk/identity/azure-identity/tests/test_imds_credential_async.py b/sdk/identity/azure-identity/tests/test_imds_credential_async.py index 0d1a49909a75..a4d056f399fc 100644 --- a/sdk/identity/azure-identity/tests/test_imds_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_imds_credential_async.py @@ -9,7 +9,7 @@ from azure.core.credentials import AccessToken from azure.core.exceptions import ClientAuthenticationError from azure.identity import CredentialUnavailableError -from azure.identity._constants import Endpoints, DEFAULT_REFRESH_OFFSET +from azure.identity._constants import Endpoints from azure.identity._internal.user_agent import USER_AGENT from azure.identity.aio._credentials.managed_identity import ImdsCredential import pytest diff --git a/sdk/identity/azure-identity/tests/test_managed_identity.py b/sdk/identity/azure-identity/tests/test_managed_identity.py index 99df09ab9c3d..668fb6519b8c 100644 --- a/sdk/identity/azure-identity/tests/test_managed_identity.py +++ b/sdk/identity/azure-identity/tests/test_managed_identity.py @@ -11,7 +11,7 @@ from azure.core.credentials import AccessToken from azure.identity import ManagedIdentityCredential -from azure.identity._constants import Endpoints, EnvironmentVariables, DEFAULT_REFRESH_OFFSET +from azure.identity._constants import Endpoints, EnvironmentVariables from azure.identity._internal.user_agent import USER_AGENT from helpers import validating_transport, mock_response, Request diff --git a/sdk/identity/azure-identity/tests/test_managed_identity_async.py b/sdk/identity/azure-identity/tests/test_managed_identity_async.py index 665f48ec0fc5..3654044a2288 100644 --- a/sdk/identity/azure-identity/tests/test_managed_identity_async.py +++ b/sdk/identity/azure-identity/tests/test_managed_identity_async.py @@ -7,7 +7,7 @@ from azure.core.credentials import AccessToken from azure.identity.aio import ManagedIdentityCredential -from azure.identity._constants import Endpoints, EnvironmentVariables, DEFAULT_REFRESH_OFFSET +from azure.identity._constants import Endpoints, EnvironmentVariables from azure.identity._internal.user_agent import USER_AGENT import pytest diff --git a/sdk/identity/azure-identity/tests/test_msi_credential.py b/sdk/identity/azure-identity/tests/test_msi_credential.py index 6fa9eff94998..7536688774e2 100644 --- a/sdk/identity/azure-identity/tests/test_msi_credential.py +++ b/sdk/identity/azure-identity/tests/test_msi_credential.py @@ -5,7 +5,7 @@ import time from azure.core.credentials import AccessToken -from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET +from azure.identity._constants import EnvironmentVariables from azure.identity._credentials.managed_identity import MsiCredential from azure.identity._internal.user_agent import USER_AGENT import pytest diff --git a/sdk/identity/azure-identity/tests/test_msi_credential_async.py b/sdk/identity/azure-identity/tests/test_msi_credential_async.py index 362a56919b46..dfa038963536 100644 --- a/sdk/identity/azure-identity/tests/test_msi_credential_async.py +++ b/sdk/identity/azure-identity/tests/test_msi_credential_async.py @@ -6,7 +6,7 @@ from unittest import mock from azure.core.credentials import AccessToken -from azure.identity._constants import EnvironmentVariables, DEFAULT_REFRESH_OFFSET +from azure.identity._constants import EnvironmentVariables from azure.identity._internal.user_agent import USER_AGENT from azure.identity.aio._credentials.managed_identity import MsiCredential import pytest From 04dad9d08381da923a676d96cf69a538b20aee1b Mon Sep 17 00:00:00 2001 From: Xiang Yan Date: Fri, 17 Jul 2020 13:52:48 -0700 Subject: [PATCH 32/32] updates --- sdk/identity/azure-identity/azure/identity/_authn_client.py | 2 +- .../azure-identity/azure/identity/_internal/aad_client_base.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/identity/azure-identity/azure/identity/_authn_client.py b/sdk/identity/azure-identity/azure/identity/_authn_client.py index ff3ffb887083..e29a48854e68 100644 --- a/sdk/identity/azure-identity/azure/identity/_authn_client.py +++ b/sdk/identity/azure-identity/azure/identity/_authn_client.py @@ -90,7 +90,7 @@ def get_cached_token(self, scopes): tokens = self._cache.find(TokenCache.CredentialType.ACCESS_TOKEN, target=list(scopes)) for token in tokens: expires_on = int(token["expires_on"]) - if expires_on - self._token_refresh_retry_delay > int(time.time()): + if expires_on > int(time.time()): return AccessToken(token["secret"], expires_on) return None diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py index 7021a5a747fa..819139f97ff7 100644 --- a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py +++ b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py @@ -58,7 +58,7 @@ def get_cached_access_token(self, scopes, query=None): tokens = self._cache.find(TokenCache.CredentialType.ACCESS_TOKEN, target=list(scopes), query=query) for token in tokens: expires_on = int(token["expires_on"]) - if expires_on - self._token_refresh_retry_delay > int(time.time()): + if expires_on > int(time.time()): return AccessToken(token["secret"], expires_on) return None