Cross-language consistency changes

sdk/identity/azure-identity/CHANGELOG.md

@@ -1,6 +1,12 @@
 # Release History
 
-## 1.4.0b7 (Unreleased)
+## 1.4.0b7 (2020-07-22)
+- `DefaultAzureCredential` has a new optional keyword argument,
+`visual_studio_code_tenant_id`, which sets the tenant the credential should
+authenticate in when authenticating as the Azure user signed in to Visual
+Studio Code.
+- Renamed `AuthenticationRecord.deserialize` positional parameter `json_string`
+to `data`.
 
 
 ## 1.4.0b6 (2020-07-07)

sdk/identity/azure-identity/azure/identity/__init__.py

@@ -6,7 +6,7 @@
 
 from ._auth_record import AuthenticationRecord
 from ._exceptions import AuthenticationRequiredError, CredentialUnavailableError
-from ._constants import KnownAuthorities
+from ._constants import AzureAuthorityHosts, KnownAuthorities
 from ._credentials import (
     AzureCliCredential,
     AuthorizationCodeCredential,
@@ -26,9 +26,10 @@
 
 __all__ = [
     "AuthenticationRecord",
-    "AzureCliCredential",
     "AuthenticationRequiredError",
     "AuthorizationCodeCredential",
+    "AzureAuthorityHosts",
+    "AzureCliCredential",
     "CertificateCredential",
     "ChainedTokenCredential",
     "ClientSecretCredential",

sdk/identity/azure-identity/azure/identity/_auth_record.py

@@ -43,11 +43,14 @@ def username(self):
         return self._username
 
     @classmethod
-    def deserialize(cls, json_string):
+    def deserialize(cls, data):
         # type: (str) -> AuthenticationRecord
-        """Deserialize a record from JSON"""
+        """Deserialize a record.
 
-        deserialized = json.loads(json_string)
+        :param str data: a serialized record
+        """
+
+        deserialized = json.loads(data)
 
         return cls(
             authority=deserialized["authority"],
@@ -59,7 +62,10 @@ def deserialize(cls, json_string):
 
     def serialize(self):
         # type: () -> str
-        """Serialize the record to JSON"""
+        """Serialize the record.
+
+        :rtype: str
+        """
 
         record = {
             "authority": self._authority,

sdk/identity/azure-identity/azure/identity/_constants.py

@@ -11,13 +11,17 @@
 DEFAULT_TOKEN_REFRESH_RETRY_DELAY = 30
 
 
-class KnownAuthorities:
+class AzureAuthorityHosts:
     AZURE_CHINA = "login.chinacloudapi.cn"
     AZURE_GERMANY = "login.microsoftonline.de"
     AZURE_GOVERNMENT = "login.microsoftonline.us"
     AZURE_PUBLIC_CLOUD = "login.microsoftonline.com"
 
 
+class KnownAuthorities(AzureAuthorityHosts):
+    """Alias of :class:`AzureAuthorityHosts`"""
+
+
 class EnvironmentVariables:
     AZURE_CLIENT_ID = "AZURE_CLIENT_ID"
     AZURE_CLIENT_SECRET = "AZURE_CLIENT_SECRET"

sdk/identity/azure-identity/azure/identity/_credentials/authorization_code.py

@@ -26,7 +26,7 @@ class AuthorizationCodeCredential(object):
     :param str redirect_uri: The application's redirect URI. Must match the URI used to request the authorization code.
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
           defines authorities for other clouds.
     :keyword str client_secret: One of the application's client secrets. Required only for web apps and web APIs.
     """

sdk/identity/azure-identity/azure/identity/_credentials/browser.py

@@ -30,7 +30,7 @@ class InteractiveBrowserCredential(InteractiveCredential):
     https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
           defines authorities for other clouds.
     :keyword str tenant_id: an Azure Active Directory tenant ID. Defaults to the 'organizations' tenant, which can
           authenticate work or school accounts.

sdk/identity/azure-identity/azure/identity/_credentials/certificate.py

@@ -20,7 +20,7 @@ class CertificateCredential(CertificateCredentialBase):
     :param str certificate_path: path to a PEM-encoded certificate file including the private key.
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
           defines authorities for other clouds.
     :keyword password: The certificate's password. If a unicode string, it will be encoded as UTF-8. If the certificate
           requires a different encoding, pass appropriately encoded bytes instead.

sdk/identity/azure-identity/azure/identity/_credentials/client_secret.py

@@ -24,7 +24,7 @@ class ClientSecretCredential(ClientSecretCredentialBase):
     :param str client_secret: one of the service principal's client secrets
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
           defines authorities for other clouds.
     :keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache. Defaults to
           False.

sdk/identity/azure-identity/azure/identity/_credentials/default.py

@@ -46,7 +46,7 @@ class DefaultAzureCredential(ChainedTokenCredential):
     This default behavior is configurable with keyword arguments.
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
           defines authorities for other clouds. Managed identities ignore this because they reside in a single cloud.
     :keyword bool exclude_cli_credential: Whether to exclude the Azure CLI from the credential. Defaults to **False**.
     :keyword bool exclude_environment_credential: Whether to exclude a service principal configured by environment
@@ -66,6 +66,8 @@ class DefaultAzureCredential(ChainedTokenCredential):
         Defaults to the value of environment variable AZURE_USERNAME, if any.
     :keyword str shared_cache_tenant_id: Preferred tenant for :class:`~azure.identity.SharedTokenCacheCredential`.
         Defaults to the value of environment variable AZURE_TENANT_ID, if any.
+    :keyword str visual_studio_code_tenant_id: Tenant ID to use when authenticating with
+        :class:`~azure.identity.VSCodeCredential`.
     """
 
     def __init__(self, **kwargs):
@@ -82,6 +84,10 @@ def __init__(self, **kwargs):
             "shared_cache_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
         )
 
+        vscode_tenant_id = kwargs.pop(
+            "visual_studio_code_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
+        )
+
         exclude_environment_credential = kwargs.pop("exclude_environment_credential", False)
         exclude_managed_identity_credential = kwargs.pop("exclude_managed_identity_credential", False)
         exclude_shared_token_cache_credential = kwargs.pop("exclude_shared_token_cache_credential", False)
@@ -104,7 +110,7 @@ def __init__(self, **kwargs):
             except Exception as ex:  # pylint:disable=broad-except
                 _LOGGER.info("Shared token cache is unavailable: '%s'", ex)
         if not exclude_visual_studio_code_credential:
-            credentials.append(VSCodeCredential())
+            credentials.append(VSCodeCredential(tenant_id=vscode_tenant_id))
         if not exclude_cli_credential:
             credentials.append(AzureCliCredential())
         if not exclude_interactive_browser_credential:

sdk/identity/azure-identity/azure/identity/_credentials/device_code.py

@@ -32,7 +32,7 @@ class DeviceCodeCredential(InteractiveCredential):
     :param str client_id: the application's ID
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
           defines authorities for other clouds.
     :keyword str tenant_id: an Azure Active Directory tenant ID. Defaults to the 'organizations' tenant, which can
           authenticate work or school accounts. **Required for single-tenant applications.**

sdk/identity/azure-identity/azure/identity/_credentials/shared_cache.py

@@ -27,7 +27,7 @@ class SharedTokenCacheCredential(SharedTokenCacheBase):
         contains tokens for multiple identities.
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-        the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+        the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
         defines authorities for other clouds.
     :keyword str tenant_id: an Azure Active Directory tenant ID. Used to select an account when the cache contains
         tokens for multiple identities.

sdk/identity/azure-identity/azure/identity/_credentials/user_password.py

@@ -29,7 +29,7 @@ class UsernamePasswordCredential(InteractiveCredential):
     :param str password: the user's password
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
           defines authorities for other clouds.
     :keyword str tenant_id: tenant ID or a domain associated with a tenant. If not provided, defaults to the
           'organizations' tenant, which supports only Azure Active Directory work or school accounts.

sdk/identity/azure-identity/azure/identity/_credentials/vscode_credential.py

@@ -24,12 +24,22 @@
 
 
 class VSCodeCredential(object):
-    """Authenticates by redeeming a refresh token previously saved by VS Code"""
+    """Authenticates as the Azure user signed in to Visual Studio Code.
+
+    :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
+          defines authorities for other clouds.
+    :keyword str tenant_id: ID of the tenant the credential should authenticate in. Defaults to the "organizations"
+        tenant, which supports only Azure Active Directory work or school accounts.
+    """
 
     def __init__(self, **kwargs):
         # type: (**Any) -> None
-        self._client = kwargs.pop("_client", None) or AadClient("organizations", AZURE_VSCODE_CLIENT_ID, **kwargs)
         self._refresh_token = None
+        self._client = kwargs.pop("_client", None)
+        if not self._client:
+            tenant_id = kwargs.pop("tenant_id", None) or "organizations"
+            self._client = AadClient(tenant_id, AZURE_VSCODE_CLIENT_ID, **kwargs)
 
     @log_get_token("VSCodeCredential")
     def get_token(self, *scopes, **kwargs):

sdk/identity/azure-identity/azure/identity/aio/_credentials/authorization_code.py

@@ -27,7 +27,7 @@ class AuthorizationCodeCredential(AsyncCredentialBase):
     :param str redirect_uri: The application's redirect URI. Must match the URI used to request the authorization code.
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
           defines authorities for other clouds.
     :keyword str client_secret: One of the application's client secrets. Required only for web apps and web APIs.
     """

sdk/identity/azure-identity/azure/identity/aio/_credentials/certificate.py

@@ -22,7 +22,7 @@ class CertificateCredential(CertificateCredentialBase, AsyncCredentialBase):
     :param str certificate_path: path to a PEM-encoded certificate file including the private key
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
           defines authorities for other clouds.
     :keyword password: The certificate's password. If a unicode string, it will be encoded as UTF-8. If the certificate
           requires a different encoding, pass appropriately encoded bytes instead.

sdk/identity/azure-identity/azure/identity/aio/_credentials/client_secret.py

@@ -22,7 +22,7 @@ class ClientSecretCredential(AsyncCredentialBase, ClientSecretCredentialBase):
     :param str client_secret: one of the service principal's client secrets
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
           defines authorities for other clouds.
     :keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache. Defaults to
           False.

sdk/identity/azure-identity/azure/identity/aio/_credentials/default.py

@@ -39,7 +39,7 @@ class DefaultAzureCredential(ChainedTokenCredential):
     This default behavior is configurable with keyword arguments.
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
           defines authorities for other clouds. Managed identities ignore this because they reside in a single cloud.
     :keyword bool exclude_cli_credential: Whether to exclude the Azure CLI from the credential. Defaults to **False**.
     :keyword bool exclude_environment_credential: Whether to exclude a service principal configured by environment
@@ -54,6 +54,8 @@ class DefaultAzureCredential(ChainedTokenCredential):
         Defaults to the value of environment variable AZURE_USERNAME, if any.
     :keyword str shared_cache_tenant_id: Preferred tenant for :class:`~azure.identity.SharedTokenCacheCredential`.
         Defaults to the value of environment variable AZURE_TENANT_ID, if any.
+    :keyword str visual_studio_code_tenant_id: Tenant ID to use when authenticating with
+        :class:`~azure.identity.VSCodeCredential`.
     """
 
     def __init__(self, **kwargs: "Any") -> None:
@@ -65,6 +67,10 @@ def __init__(self, **kwargs: "Any") -> None:
             "shared_cache_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
         )
 
+        vscode_tenant_id = kwargs.pop(
+            "visual_studio_code_tenant_id", os.environ.get(EnvironmentVariables.AZURE_TENANT_ID)
+        )
+
         exclude_visual_studio_code_credential = kwargs.pop("exclude_visual_studio_code_credential", False)
         exclude_cli_credential = kwargs.pop("exclude_cli_credential", False)
         exclude_environment_credential = kwargs.pop("exclude_environment_credential", False)
@@ -87,7 +93,7 @@ def __init__(self, **kwargs: "Any") -> None:
                 # transitive dependency pywin32 doesn't support 3.8 (https://github.com/mhammond/pywin32/issues/1431)
                 _LOGGER.info("Shared token cache is unavailable: '%s'", ex)
         if not exclude_visual_studio_code_credential:
-            credentials.append(VSCodeCredential())
+            credentials.append(VSCodeCredential(tenant_id=vscode_tenant_id))
         if not exclude_cli_credential:
             credentials.append(AzureCliCredential())
 

sdk/identity/azure-identity/azure/identity/aio/_credentials/shared_cache.py

@@ -25,7 +25,7 @@ class SharedTokenCacheCredential(SharedTokenCacheBase, AsyncCredentialBase):
         may contain tokens for multiple identities.
 
     :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
-        the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.KnownAuthorities`
+        the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
         defines authorities for other clouds.
     :keyword str tenant_id: an Azure Active Directory tenant ID. Used to select an account when the cache contains
         tokens for multiple identities.

sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode_credential.py

@@ -18,11 +18,21 @@
 
 
 class VSCodeCredential(AsyncCredentialBase):
-    """Authenticates by redeeming a refresh token previously saved by VS Code"""
+    """Authenticates as the Azure user signed in to Visual Studio Code.
+
+    :keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
+          the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
+          defines authorities for other clouds.
+    :keyword str tenant_id: ID of the tenant the credential should authenticate in. Defaults to the "organizations"
+        tenant, which supports only Azure Active Directory work or school accounts.
+    """
 
     def __init__(self, **kwargs: "Any") -> None:
-        self._client = kwargs.pop("_client", None) or AadClient("organizations", AZURE_VSCODE_CLIENT_ID, **kwargs)
         self._refresh_token = None
+        self._client = kwargs.pop("_client", None)
+        if not self._client:
+            tenant_id = kwargs.pop("tenant_id", None) or "organizations"
+            self._client = AadClient(tenant_id, AZURE_VSCODE_CLIENT_ID, **kwargs)
 
     async def __aenter__(self):
         if self._client: