From 99848eb286f88959af7315167922ae4f463e3398 Mon Sep 17 00:00:00 2001
From: Xiang Yan <xiangyan@microsoft.com>
Date: Wed, 16 Mar 2022 09:53:48 -0700
Subject: [PATCH] address arch board review feedback

---
 sdk/identity/azure-identity/CHANGELOG.md               |  3 +++
 .../azure/identity/_credentials/app_service.py         |  3 ---
 .../azure/identity/_credentials/azure_ml.py            |  2 --
 .../azure/identity/_credentials/client_assertion.py    | 10 +++++-----
 .../azure-identity/azure/identity/_credentials/imds.py |  2 +-
 .../azure/identity/_credentials/managed_identity.py    |  4 ----
 .../azure/identity/_credentials/token_exchange.py      |  2 +-
 .../identity/_internal/managed_identity_client.py      |  6 ++----
 .../identity/aio/_credentials/client_assertion.py      | 10 +++++-----
 .../azure/identity/aio/_credentials/token_exchange.py  |  2 +-
 10 files changed, 18 insertions(+), 26 deletions(-)

diff --git a/sdk/identity/azure-identity/CHANGELOG.md b/sdk/identity/azure-identity/CHANGELOG.md
index 20c4dce8229e..91c22d0d9f9f 100644
--- a/sdk/identity/azure-identity/CHANGELOG.md
+++ b/sdk/identity/azure-identity/CHANGELOG.md
@@ -12,6 +12,9 @@
 
 ### Other Changes
 
+- Removed `resource_id`, please use `identity_config` instead.
+- Renamed argument name `get_assertion` to `func` for `ClientAssertionCredential`.
+
 ## 1.9.0b1 (2022-03-08)
 
 ### Features Added
diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/app_service.py b/sdk/identity/azure-identity/azure/identity/_credentials/app_service.py
index f20f51a336d8..487e96e7c5b5 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/app_service.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/app_service.py
@@ -39,9 +39,6 @@ def _get_client_args(**kwargs):
         # App Service managed identity isn't available in this environment
         return None
 
-    if kwargs.get("resource_id"):
-        identity_config["mi_res_id"] = kwargs.pop("resource_id")
-
     return dict(
         kwargs,
         identity_config=identity_config,
diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/azure_ml.py b/sdk/identity/azure-identity/azure/identity/_credentials/azure_ml.py
index b1b4809be931..34b7c19d0972 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/azure_ml.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/azure_ml.py
@@ -41,8 +41,6 @@ def _get_client_args(**kwargs):
 
     if kwargs.get("client_id"):
         identity_config["clientid"] = kwargs.pop("client_id")
-    if kwargs.get("resource_id"):
-        identity_config["mi_res_id"] = kwargs.pop("resource_id")
 
     return dict(
         kwargs,
diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/client_assertion.py b/sdk/identity/azure-identity/azure/identity/_credentials/client_assertion.py
index 8c3dfefcd8a0..e59e7352a533 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/client_assertion.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/client_assertion.py
@@ -13,7 +13,7 @@
 
 
 class ClientAssertionCredential(GetTokenMixin):
-    def __init__(self, tenant_id, client_id, get_assertion, **kwargs):
+    def __init__(self, tenant_id, client_id, func, **kwargs):
         # type: (str, str, Callable[[], str], **Any) -> None
         """Authenticates a service principal with a JWT assertion.
 
@@ -22,15 +22,15 @@ def __init__(self, tenant_id, client_id, get_assertion, **kwargs):
 
         :param str tenant_id: ID of the principal's tenant. Also called its "directory" ID.
         :param str client_id: the principal's client ID
-        :param get_assertion: a callable that returns a string assertion. The credential will call this every time it
+        :param func: a callable that returns a string assertion. The credential will call this every time it
             acquires a new token.
-        :paramtype get_assertion: Callable[[], str]
+        :paramtype func: Callable[[], str]
 
         :keyword str authority: authority of an Azure Active Directory endpoint, for example
             "login.microsoftonline.com", the authority for Azure Public Cloud (which is the default).
             :class:`~azure.identity.AzureAuthorityHosts` defines authorities for other clouds.
         """
-        self._get_assertion = get_assertion
+        self._func = func
         self._client = AadClient(tenant_id, client_id, **kwargs)
         super(ClientAssertionCredential, self).__init__(**kwargs)
 
@@ -51,6 +51,6 @@ def _acquire_token_silently(self, *scopes, **kwargs):
 
     def _request_token(self, *scopes, **kwargs):
         # type: (*str, **Any) -> AccessToken
-        assertion = self._get_assertion()
+        assertion = self._func()
         token = self._client.obtain_token_by_jwt_assertion(scopes, assertion, **kwargs)
         return token
diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/imds.py b/sdk/identity/azure-identity/azure/identity/_credentials/imds.py
index 276dcaf7185b..d642dd063b21 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/imds.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/imds.py
@@ -54,7 +54,7 @@ def __init__(self, **kwargs):
         else:
             self._endpoint_available = None
         self._error_message = None  # type: Optional[str]
-        self._user_assigned_identity = "client_id" in kwargs or "resource_id" in kwargs or "identity_config" in kwargs
+        self._user_assigned_identity = "client_id" in kwargs or "identity_config" in kwargs
 
     def __enter__(self):
         self._client.__enter__()
diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py
index 80e06af364da..cfd6db568d10 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/managed_identity.py
@@ -32,10 +32,6 @@ class ManagedIdentityCredential(object):
 
     :keyword str client_id: a user-assigned identity's client ID or, when using Pod Identity, the client ID of an Azure
         AD app registration. This argument is supported in all hosting environments.
-    :keyword str resource_id: The resource ID to authenticate for a user-assigned managed identity.
-        See `Managed identity types
-        <https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview#managed-identity-types>`_
-        for more information about user-assigned managed identities.
     :keyword identity_config: a mapping ``{parameter_name: value}`` specifying a user-assigned identity by its object
         or resource ID, for example ``{"object_id": "..."}``. Check the documentation for your hosting environment to
         learn what values it expects.
diff --git a/sdk/identity/azure-identity/azure/identity/_credentials/token_exchange.py b/sdk/identity/azure-identity/azure/identity/_credentials/token_exchange.py
index bb5bcee00058..8a53355859ae 100644
--- a/sdk/identity/azure-identity/azure/identity/_credentials/token_exchange.py
+++ b/sdk/identity/azure-identity/azure/identity/_credentials/token_exchange.py
@@ -36,7 +36,7 @@ def __init__(self, tenant_id, client_id, token_file_path, **kwargs):
         super(TokenExchangeCredential, self).__init__(
             tenant_id=tenant_id,
             client_id=client_id,
-            get_assertion=self.get_service_account_token,
+            func=self.get_service_account_token,
             token_file_path=token_file_path,
             **kwargs
         )
diff --git a/sdk/identity/azure-identity/azure/identity/_internal/managed_identity_client.py b/sdk/identity/azure-identity/azure/identity/_internal/managed_identity_client.py
index 0239acdef12d..a0d0326051af 100644
--- a/sdk/identity/azure-identity/azure/identity/_internal/managed_identity_client.py
+++ b/sdk/identity/azure-identity/azure/identity/_internal/managed_identity_client.py
@@ -32,15 +32,13 @@
 
 class ManagedIdentityClientBase(ABC):
     # pylint:disable=missing-client-constructor-parameter-credential
-    def __init__(self, request_factory, client_id=None, resource_id=None, identity_config=None, **kwargs):
-        # type: (Callable[[str, dict], HttpRequest], Optional[str], Optional[str], Optional[Dict], **Any) -> None
+    def __init__(self, request_factory, client_id=None, identity_config=None, **kwargs):
+        # type: (Callable[[str, dict], HttpRequest], Optional[str], Optional[Dict], **Any) -> None
         self._cache = kwargs.pop("_cache", None) or TokenCache()
         self._content_callback = kwargs.pop("_content_callback", None)
         self._identity_config = identity_config or {}
         if client_id:
             self._identity_config["client_id"] = client_id
-        if resource_id:
-            self._identity_config["mi_res_id"] = resource_id
         self._pipeline = self._build_pipeline(**kwargs)
         self._request_factory = request_factory
 
diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_assertion.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_assertion.py
index 8b09b43fca3c..2e32e97d3bc3 100644
--- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_assertion.py
+++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/client_assertion.py
@@ -13,7 +13,7 @@
 
 
 class ClientAssertionCredential(AsyncContextManager, GetTokenMixin):
-    def __init__(self, tenant_id: str, client_id: str, get_assertion: "Callable[[], str]", **kwargs: "Any") -> None:
+    def __init__(self, tenant_id: str, client_id: str, func: "Callable[[], str]", **kwargs: "Any") -> None:
         """Authenticates a service principal with a JWT assertion.
 
         This credential is for advanced scenarios. :class:`~azure.identity.ClientCertificateCredential` has a more
@@ -21,15 +21,15 @@ def __init__(self, tenant_id: str, client_id: str, get_assertion: "Callable[[],
 
         :param str tenant_id: ID of the principal's tenant. Also called its "directory" ID.
         :param str client_id: the principal's client ID
-        :param get_assertion: a callable that returns a string assertion. The credential will call this every time it
+        :param func: a callable that returns a string assertion. The credential will call this every time it
             acquires a new token.
-        :paramtype get_assertion: Callable[[], str]
+        :paramtype func: Callable[[], str]
 
         :keyword str authority: authority of an Azure Active Directory endpoint, for example
             "login.microsoftonline.com", the authority for Azure Public Cloud (which is the default).
             :class:`~azure.identity.AzureAuthorityHosts` defines authorities for other clouds.
         """
-        self._get_assertion = get_assertion
+        self._func = func
         self._client = AadClient(tenant_id, client_id, **kwargs)
         super().__init__(**kwargs)
 
@@ -45,6 +45,6 @@ async def _acquire_token_silently(self, *scopes: str, **kwargs: "Any") -> "Optio
         return self._client.get_cached_access_token(scopes, **kwargs)
 
     async def _request_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken":
-        assertion = self._get_assertion()
+        assertion = self._func()
         token = await self._client.obtain_token_by_jwt_assertion(scopes, assertion, **kwargs)
         return token
diff --git a/sdk/identity/azure-identity/azure/identity/aio/_credentials/token_exchange.py b/sdk/identity/azure-identity/azure/identity/aio/_credentials/token_exchange.py
index 1ac071ed310e..1561481371bd 100644
--- a/sdk/identity/azure-identity/azure/identity/aio/_credentials/token_exchange.py
+++ b/sdk/identity/azure-identity/azure/identity/aio/_credentials/token_exchange.py
@@ -17,7 +17,7 @@ def __init__(self, tenant_id: str, client_id: str, token_file_path: str, **kwarg
         super().__init__(
             tenant_id=tenant_id,
             client_id=client_id,
-            get_assertion=self.get_service_account_token,
+            func=self.get_service_account_token,
             token_file_path=token_file_path,
             **kwargs
         )