Merge pull request #19 from daguito81/dev

Version 0.0.7

.github/workflows/python-package.yml

@@ -13,6 +13,7 @@ env:
   TENANT_ID: ${{ secrets.TENANT_ID }}
   CLIENT_ID: ${{ secrets.CLIENT_ID }}
   CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
+  OAUTH_SCOPE: ${{ secrets.OAUTH_SCOPE }}
 
 jobs:
   build:

setup.py

@@ -3,7 +3,7 @@
 setup(
     name='tokenazad',
     packages=find_packages(include=['tokenazad*']),
-    version='0.0.6',
+    version='0.0.7',
     description='A simple tool to get Azure AD Tokens with MSAL and set them as environment variables',
     long_description=open('README.md').read(),
     long_description_content_type='text/markdown',

tests/conftest.py

@@ -21,7 +21,8 @@ def token_client(self, service=None):
         TENANT = os.getenv('TENANT_ID')
         CLIENT_ID = os.getenv('CLIENT_ID')
         CLIENT_SECRET = os.getenv('CLIENT_SECRET')
-        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET, service)
+        OAUTH_SCOPE = os.getenv('OAUTH_SCOPE')
+        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET, OAUTH_SCOPE, service)
         client._get_token_client_secret()
         yield client
         self.cleanup(service)

tests/test_tokenmagic_envvar_check.py

@@ -12,8 +12,9 @@ class TestTokenazadNoEnvVar(MainTestSetup):
     def test_tokenmagic_noenv_missing_tenant(self):
         client = os.getenv("CLIENT_ID")
         secret = os.getenv("CLIENT_SECRET")
+        scope = os.getenv("OAUTH_SCOPE")
         try:
-            client = AzureADTokenSetter(None, client, secret)
+            client = AzureADTokenSetter(None, client, secret, scope)
             client.do_magic_trick()
             assert 0
         except BadClientException as e:
@@ -22,8 +23,9 @@ def test_tokenmagic_noenv_missing_tenant(self):
     def test_tokenmagic_noenv_missing_client(self):
         tenant = os.getenv("TENANT_ID")
         secret = os.getenv("CLIENT_SECRET")
+        scope = os.getenv("OAUTH_SCOPE")
         try:
-            client = AzureADTokenSetter(tenant, None, secret)
+            client = AzureADTokenSetter(tenant, None, secret, scope)
             client.do_magic_trick()
             assert 0
         except BadClientException as e:
@@ -32,9 +34,21 @@ def test_tokenmagic_noenv_missing_client(self):
     def test_tokenmagic_noenv_missing_secret(self):
         tenant = os.getenv("TENANT_ID")
         client = os.getenv("CLIENT_ID")
+        scope = os.getenv("OAUTH_SCOPE")
         try:
-            client = AzureADTokenSetter(tenant, client, None)
+            client = AzureADTokenSetter(tenant, client, None, scope)
             client.do_magic_trick()
             assert 0
         except BadClientException as e:
             assert str(e) == "CLIENT_SECRET is not set as Environment Variable"
+
+    def test_tokenmagic_noenv_missing_scope(self):
+        tenant = os.getenv("TENANT_ID")
+        client = os.getenv("CLIENT_ID")
+        secret = os.getenv("CLIENT_SECRET")
+        try:
+            client = AzureADTokenSetter(tenant, client, secret, None)
+            client.do_magic_trick()
+            assert 0
+        except BadClientException as e:
+            assert str(e) == "OAUTH_SCOPE is not set as Environment Variable"

tests/test_tokenmagic_generator.py

@@ -10,7 +10,8 @@ def test_tokenazad_client_generator(self):
         TENANT = os.getenv('TENANT_ID')
         CLIENT_ID = os.getenv('CLIENT_ID')
         CLIENT_SECRET = os.getenv('CLIENT_SECRET')
-        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET)
+        OAUTH_SCOPE = os.getenv('OAUTH_SCOPE')
+        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET, OAUTH_SCOPE)
         client._get_token_client_secret()
         assert client._app is not None
         assert client.ready is True
@@ -23,7 +24,8 @@ def test_tokenazad_client_failed_generator_bad_secret(self):
         TENANT = os.getenv('TENANT_ID')
         CLIENT_ID = os.getenv('CLIENT_ID')
         CLIENT_SECRET = "bad_secret"
-        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET)
+        OAUTH_SCOPE = os.getenv('OAUTH_SCOPE')
+        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET, OAUTH_SCOPE)
         client._get_token_client_secret()
         assert client.ready is False
         assert client._app.authority.authorization_endpoint == f"https://login.microsoftonline.com/{TENANT}" \
@@ -35,7 +37,8 @@ def test_tokenazad_client_failed_generator_bad_id(self):
         TENANT = os.getenv('TENANT_ID')
         CLIENT_ID = "bad_id"
         CLIENT_SECRET = os.getenv('CLIENT_SECRET')
-        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET)
+        OAUTH_SCOPE = os.getenv('OAUTH_SCOPE')
+        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET, OAUTH_SCOPE)
         client._get_token_client_secret()
         assert client.ready is False
         assert client._app.authority.authorization_endpoint == f"https://login.microsoftonline.com/{TENANT}" \
@@ -47,10 +50,22 @@ def test_tokenazad_client_failed_generator_bad_tenant(self):
         TENANT = "a34de1ed-779e-40e2-baa2-038614t129d8"  # Made up tenant id
         CLIENT_ID = os.getenv('CLIENT_ID')
         CLIENT_SECRET = os.getenv('CLIENT_SECRET')
-        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET)
+        OAUTH_SCOPE = os.getenv('OAUTH_SCOPE')
+        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET, OAUTH_SCOPE)
         client._get_token_client_secret()
         assert client.ready is False
         assert client._app is None
         assert client.token is None
         assert client._error.startswith(
             f"Unable to get authority configuration for https://login.microsoftonline.com/{TENANT}.")
+
+    def test_tokenazad_client_failed_generator_bad_scope(self):
+        TENANT = os.getenv('TENANT_ID')
+        CLIENT_ID = os.getenv('CLIENT_ID')
+        CLIENT_SECRET = os.getenv('CLIENT_SECRET')
+        OAUTH_SCOPE = "api://df5af265-3a5a-5436-9ac2-a856432a9327/.default"  # Made up scope
+        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET, OAUTH_SCOPE)
+        client._get_token_client_secret()
+        assert client.ready is False
+        assert client.token is None
+        assert client._error == 'invalid_resource'

tests/test_tokenmagic_tokens.py

@@ -42,8 +42,9 @@ def test_tokenazad_token_setter_bad_creds(self, token_client):
         TENANT = os.getenv('TENANT_ID')
         CLIENT_ID = os.getenv('CLIENT_ID')
         CLIENT_SECRET = "bad_secret"
+        OAUTH_SCOPE = os.getenv('OAUTH_SCOPE')
 
-        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET)
+        client = AzureADTokenSetter(TENANT, CLIENT_ID, CLIENT_SECRET, OAUTH_SCOPE)
         client._get_token_client_secret()
         client._set_token_env_var()
         assert os.getenv("TOKEN", "NA") == "NA"

tokenazad/tokenmagic.py

@@ -15,10 +15,12 @@
 
 
 class AzureADTokenSetter:
-    def __init__(self, tenant, client_id, client_secret, var_prefix=None, token_expiration_min=60) -> None:
+    def __init__(self, tenant, client_id, client_secret, oauth_scope,
+                 var_prefix=None, token_expiration_min=60) -> None:
         self._tenant: str = tenant
         self._client_id: str = client_id
         self.__client_secret: str = client_secret
+        self._oauth_scope: str = oauth_scope
         self._token: Optional[Dict[str, str]] = None
         self._app: Optional[ConfidentialClientApplication] = None
         self.ready: bool = False
@@ -41,6 +43,10 @@ def _init_check(self) -> None:
             logging.error("CLIENT_SECRET is not set as Environment Variable")
             self._error = "CLIENT_SECRET is not set as Environment Variable"
             raise BadClientException(self._error)
+        if self._oauth_scope is None:
+            logging.error("OAUTH_SCOPE is not set as Environment Variable")
+            self._error = "OAUTH_SCOPE is not set as Environment Variable"
+            raise BadClientException(self._error)
 
     def _create_client(self):
         try:
@@ -54,7 +60,7 @@ def _create_client(self):
 
     def _get_token_client_secret(self) -> None:
         if self.ready:
-            result: Dict[str, str] = self._app.acquire_token_for_client(scopes=['https://graph.microsoft.com/.default'])
+            result: Dict[str, str] = self._app.acquire_token_for_client(scopes=[self._oauth_scope])
             try:
                 _ = result['access_token']
             except KeyError:
@@ -132,9 +138,10 @@ def main(service: str) -> None:
     tenant = os.getenv('TENANT_ID')
     client_id = os.getenv('CLIENT_ID')
     client_secret = os.getenv('CLIENT_SECRET')
+    oauth_scope = os.getenv('OAUTH_SCOPE')
 
     print("Creating Client")
-    client: AzureADTokenSetter = AzureADTokenSetter(tenant, client_id, client_secret, service)
+    client: AzureADTokenSetter = AzureADTokenSetter(tenant, client_id, client_secret, oauth_scope, service)
     print("Getting Token")
     client.do_magic_trick()
     print("Persisting Token")