From aa22e656c4ae5a1f09eaa3222a468dee87bf6588 Mon Sep 17 00:00:00 2001 From: Robbie Ginsburg Date: Fri, 10 May 2024 17:51:22 -0400 Subject: [PATCH 01/10] Implemented getManagedIdentitySource --- .../src/client/ManagedIdentityApplication.ts | 9 +++- .../src/client/ManagedIdentityClient.ts | 35 +++++++++++++ .../ManagedIdentitySources/AppService.ts | 19 ++++--- .../client/ManagedIdentitySources/AzureArc.ts | 19 ++++--- .../ManagedIdentitySources/CloudShell.ts | 10 +++- .../ManagedIdentitySources/ServiceFabric.ts | 21 +++++--- lib/msal-node/src/utils/Constants.ts | 13 +++++ .../ManagedIdentitySources/AppService.spec.ts | 11 +++- .../ManagedIdentitySources/AzureArc.spec.ts | 23 ++++++++- .../ManagedIdentitySources/CloudShell.spec.ts | 11 +++- .../ManagedIdentitySources/Imds.spec.ts | 50 ++++++++++++++++++- .../ServiceFabric.spec.ts | 11 +++- 12 files changed, 205 insertions(+), 27 deletions(-) diff --git a/lib/msal-node/src/client/ManagedIdentityApplication.ts b/lib/msal-node/src/client/ManagedIdentityApplication.ts index 6208dfb002..f120d6286d 100644 --- a/lib/msal-node/src/client/ManagedIdentityApplication.ts +++ b/lib/msal-node/src/client/ManagedIdentityApplication.ts @@ -31,7 +31,10 @@ import { ClientCredentialClient } from "./ClientCredentialClient"; import { ManagedIdentityClient } from "./ManagedIdentityClient"; import { ManagedIdentityRequestParams } from "../request/ManagedIdentityRequestParams"; import { NodeStorage } from "../cache/NodeStorage"; -import { DEFAULT_AUTHORITY_FOR_MANAGED_IDENTITY } from "../utils/Constants"; +import { + AzureIdentitySdkManagedIdentitySourceNames, + DEFAULT_AUTHORITY_FOR_MANAGED_IDENTITY, +} from "../utils/Constants"; /** * Class to initialize a managed identity and identify the service @@ -183,4 +186,8 @@ export class ManagedIdentityApplication { ); } } + + public getManagedIdentitySource(): AzureIdentitySdkManagedIdentitySourceNames { + return this.managedIdentityClient.getManagedIdentitySource(); + } } diff --git a/lib/msal-node/src/client/ManagedIdentityClient.ts b/lib/msal-node/src/client/ManagedIdentityClient.ts index c2a74db1c5..d6bc1e7d00 100644 --- a/lib/msal-node/src/client/ManagedIdentityClient.ts +++ b/lib/msal-node/src/client/ManagedIdentityClient.ts @@ -23,6 +23,7 @@ import { ManagedIdentityRequest } from "../request/ManagedIdentityRequest"; import { ManagedIdentityId } from "../config/ManagedIdentityId"; import { NodeStorage } from "../cache/NodeStorage"; import { BaseManagedIdentitySource } from "./ManagedIdentitySources/BaseManagedIdentitySource"; +import { AzureIdentitySdkManagedIdentitySourceNames } from "../utils/Constants"; /* * Class to initialize a managed identity and identify the service. @@ -73,6 +74,40 @@ export class ManagedIdentityClient { ); } + private allEnvironmentVariablesAreDefined( + environmentVariables: Array + ): boolean { + return Object.values(environmentVariables).every( + (environmentVariable) => { + return environmentVariable !== undefined; + } + ); + } + + /** + * Determine the Managed Identity Source based on available environment variables. This API is consumed by Azure Identity SDK. + * @returns AzureIdentitySdkManagedIdentitySourceNames - Azure Identity SDK defined identifiers for the Managed Identity Sources + */ + public getManagedIdentitySource(): AzureIdentitySdkManagedIdentitySourceNames { + return this.allEnvironmentVariablesAreDefined( + ServiceFabric.getEnvironmentVariables() + ) + ? AzureIdentitySdkManagedIdentitySourceNames.SERVICE_FABRIC + : this.allEnvironmentVariablesAreDefined( + AppService.getEnvironmentVariables() + ) + ? AzureIdentitySdkManagedIdentitySourceNames.APP_SERVICE + : this.allEnvironmentVariablesAreDefined( + CloudShell.getEnvironmentVariables() + ) + ? AzureIdentitySdkManagedIdentitySourceNames.CLOUD_SHELL + : this.allEnvironmentVariablesAreDefined( + AzureArc.getEnvironmentVariables() + ) + ? AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + : AzureIdentitySdkManagedIdentitySourceNames.IMDS; + } + /** * Tries to create a managed identity source for all sources * @returns the managed identity Source diff --git a/lib/msal-node/src/client/ManagedIdentitySources/AppService.ts b/lib/msal-node/src/client/ManagedIdentitySources/AppService.ts index 2300a2979e..8f4ac9ca4e 100644 --- a/lib/msal-node/src/client/ManagedIdentitySources/AppService.ts +++ b/lib/msal-node/src/client/ManagedIdentitySources/AppService.ts @@ -43,12 +43,7 @@ export class AppService extends BaseManagedIdentitySource { this.identityHeader = identityHeader; } - public static tryCreate( - logger: Logger, - nodeStorage: NodeStorage, - networkClient: INetworkModule, - cryptoProvider: CryptoProvider - ): AppService | null { + public static getEnvironmentVariables(): Array { const identityEndpoint: string | undefined = process.env[ ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT @@ -58,6 +53,18 @@ export class AppService extends BaseManagedIdentitySource { ManagedIdentityEnvironmentVariableNames.IDENTITY_HEADER ]; + return [identityEndpoint, identityHeader]; + } + + public static tryCreate( + logger: Logger, + nodeStorage: NodeStorage, + networkClient: INetworkModule, + cryptoProvider: CryptoProvider + ): AppService | null { + const [identityEndpoint, identityHeader] = + AppService.getEnvironmentVariables(); + // if either of the identity endpoint or identity header variables are undefined, this MSI provider is unavailable. if (!identityEndpoint || !identityHeader) { logger.info( diff --git a/lib/msal-node/src/client/ManagedIdentitySources/AzureArc.ts b/lib/msal-node/src/client/ManagedIdentitySources/AzureArc.ts index f0ae556004..779b958ea3 100644 --- a/lib/msal-node/src/client/ManagedIdentitySources/AzureArc.ts +++ b/lib/msal-node/src/client/ManagedIdentitySources/AzureArc.ts @@ -56,6 +56,17 @@ export class AzureArc extends BaseManagedIdentitySource { this.identityEndpoint = identityEndpoint; } + public static getEnvironmentVariables(): Array { + const identityEndpoint: string | undefined = + process.env[ + ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT + ]; + const imdsEndpoint: string | undefined = + process.env[ManagedIdentityEnvironmentVariableNames.IMDS_ENDPOINT]; + + return [identityEndpoint, imdsEndpoint]; + } + public static tryCreate( logger: Logger, nodeStorage: NodeStorage, @@ -63,12 +74,8 @@ export class AzureArc extends BaseManagedIdentitySource { cryptoProvider: CryptoProvider, managedIdentityId: ManagedIdentityId ): AzureArc | null { - const identityEndpoint: string | undefined = - process.env[ - ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT - ]; - const imdsEndpoint: string | undefined = - process.env[ManagedIdentityEnvironmentVariableNames.IMDS_ENDPOINT]; + const [identityEndpoint, imdsEndpoint] = + AzureArc.getEnvironmentVariables(); // if either of the identity or imds endpoints are undefined, this MSI provider is unavailable. if (!identityEndpoint || !imdsEndpoint) { diff --git a/lib/msal-node/src/client/ManagedIdentitySources/CloudShell.ts b/lib/msal-node/src/client/ManagedIdentitySources/CloudShell.ts index a62781d009..030823af32 100644 --- a/lib/msal-node/src/client/ManagedIdentitySources/CloudShell.ts +++ b/lib/msal-node/src/client/ManagedIdentitySources/CloudShell.ts @@ -40,6 +40,13 @@ export class CloudShell extends BaseManagedIdentitySource { this.msiEndpoint = msiEndpoint; } + public static getEnvironmentVariables(): Array { + const msiEndpoint: string | undefined = + process.env[ManagedIdentityEnvironmentVariableNames.MSI_ENDPOINT]; + + return [msiEndpoint]; + } + public static tryCreate( logger: Logger, nodeStorage: NodeStorage, @@ -47,8 +54,7 @@ export class CloudShell extends BaseManagedIdentitySource { cryptoProvider: CryptoProvider, managedIdentityId: ManagedIdentityId ): CloudShell | null { - const msiEndpoint: string | undefined = - process.env[ManagedIdentityEnvironmentVariableNames.MSI_ENDPOINT]; + const [msiEndpoint] = CloudShell.getEnvironmentVariables(); // if the msi endpoint environment variable is undefined, this MSI provider is unavailable. if (!msiEndpoint) { diff --git a/lib/msal-node/src/client/ManagedIdentitySources/ServiceFabric.ts b/lib/msal-node/src/client/ManagedIdentitySources/ServiceFabric.ts index 553d4259e7..c1c157e545 100644 --- a/lib/msal-node/src/client/ManagedIdentitySources/ServiceFabric.ts +++ b/lib/msal-node/src/client/ManagedIdentitySources/ServiceFabric.ts @@ -43,13 +43,7 @@ export class ServiceFabric extends BaseManagedIdentitySource { this.identityHeader = identityHeader; } - public static tryCreate( - logger: Logger, - nodeStorage: NodeStorage, - networkClient: INetworkModule, - cryptoProvider: CryptoProvider, - managedIdentityId: ManagedIdentityId - ): ServiceFabric | null { + public static getEnvironmentVariables(): Array { const identityEndpoint: string | undefined = process.env[ ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT @@ -64,6 +58,19 @@ export class ServiceFabric extends BaseManagedIdentitySource { .IDENTITY_SERVER_THUMBPRINT ]; + return [identityEndpoint, identityHeader, identityServerThumbprint]; + } + + public static tryCreate( + logger: Logger, + nodeStorage: NodeStorage, + networkClient: INetworkModule, + cryptoProvider: CryptoProvider, + managedIdentityId: ManagedIdentityId + ): ServiceFabric | null { + const [identityEndpoint, identityHeader, identityServerThumbprint] = + ServiceFabric.getEnvironmentVariables(); + /* * if either of the identity endpoint, identity header, or identity server thumbprint * environment variables are undefined, this MSI provider is unavailable. diff --git a/lib/msal-node/src/utils/Constants.ts b/lib/msal-node/src/utils/Constants.ts index ebb9328c77..946fc17f2b 100644 --- a/lib/msal-node/src/utils/Constants.ts +++ b/lib/msal-node/src/utils/Constants.ts @@ -43,6 +43,19 @@ export const ManagedIdentitySourceNames = { export type ManagedIdentitySourceNames = (typeof ManagedIdentitySourceNames)[keyof typeof ManagedIdentitySourceNames]; +/** + * Azure Identity SDK defined identifiers for the Managed Identity Sources + */ +export const AzureIdentitySdkManagedIdentitySourceNames = { + APP_SERVICE: "APP_SERVICE", + AZURE_ARC: "ARC", + CLOUD_SHELL: "CLOUD_SHELL", + IMDS: "DEFAULT_TO_VM", + SERVICE_FABRIC: "SERVICE_FABRIC", +} as const; +export type AzureIdentitySdkManagedIdentitySourceNames = + (typeof AzureIdentitySdkManagedIdentitySourceNames)[keyof typeof AzureIdentitySdkManagedIdentitySourceNames]; + /** * Managed Identity Ids */ diff --git a/lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts index 773a796c03..d75dc28a77 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts @@ -18,7 +18,10 @@ import { } from "../../test_kit/ManagedIdentityTestUtils"; import { AuthenticationResult } from "@azure/msal-common"; import { ManagedIdentityClient } from "../../../src/client/ManagedIdentityClient"; -import { ManagedIdentityEnvironmentVariableNames } from "../../../src/utils/Constants"; +import { + AzureIdentitySdkManagedIdentitySourceNames, + ManagedIdentityEnvironmentVariableNames, +} from "../../../src/utils/Constants"; describe("Acquires a token successfully via an App Service Managed Identity", () => { beforeAll(() => { @@ -48,6 +51,9 @@ describe("Acquires a token successfully via an App Service Managed Identity", () const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.APP_SERVICE + ); const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken( @@ -65,6 +71,9 @@ describe("Acquires a token successfully via an App Service Managed Identity", () managedIdentityApplication = new ManagedIdentityApplication( systemAssignedConfig ); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.APP_SERVICE + ); }); test("acquires a token", async () => { diff --git a/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts index 6fcc448fae..6aa48b4af4 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts @@ -30,7 +30,10 @@ import { } from "../../../src/error/ManagedIdentityError"; import { ARC_API_VERSION } from "../../../src/client/ManagedIdentitySources/AzureArc"; import * as fs from "fs"; -import { ManagedIdentityEnvironmentVariableNames } from "../../../src/utils/Constants"; +import { + AzureIdentitySdkManagedIdentitySourceNames, + ManagedIdentityEnvironmentVariableNames, +} from "../../../src/utils/Constants"; jest.mock("fs"); @@ -64,6 +67,9 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = managedIdentityApplication = new ManagedIdentityApplication( systemAssignedConfig ); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + ); }); test("acquires a token", async () => { @@ -116,6 +122,9 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = // managedIdentityIdParams will be omitted for system assigned }, }); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + ); const networkErrorClient: ManagedIdentityNetworkErrorClient = new ManagedIdentityNetworkErrorClient(); @@ -174,6 +183,9 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + ); await expect( managedIdentityApplication.acquireToken( @@ -199,6 +211,9 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = // managedIdentityIdParams will be omitted for system assigned }, }); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + ); await expect( managedIdentityApplication.acquireToken( @@ -223,6 +238,9 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = // managedIdentityIdParams will be omitted for system assigned }, }); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + ); await expect( managedIdentityApplication.acquireToken( @@ -247,6 +265,9 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = // managedIdentityIdParams will be omitted for system assigned }, }); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + ); jest.spyOn(fs, "readFileSync").mockImplementationOnce(() => { throw new Error(); diff --git a/lib/msal-node/test/client/ManagedIdentitySources/CloudShell.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/CloudShell.spec.ts index b589aa6a50..d318114dea 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/CloudShell.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/CloudShell.spec.ts @@ -17,7 +17,10 @@ import { } from "../../test_kit/ManagedIdentityTestUtils"; import { AuthenticationResult } from "@azure/msal-common"; import { ManagedIdentityClient } from "../../../src/client/ManagedIdentityClient"; -import { ManagedIdentityEnvironmentVariableNames } from "../../../src/utils/Constants"; +import { + AzureIdentitySdkManagedIdentitySourceNames, + ManagedIdentityEnvironmentVariableNames, +} from "../../../src/utils/Constants"; import { ManagedIdentityErrorCodes, createManagedIdentityError, @@ -47,6 +50,9 @@ describe("Acquires a token successfully via an App Service Managed Identity", () managedIdentityApplication = new ManagedIdentityApplication( systemAssignedConfig ); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.CLOUD_SHELL + ); }); test("acquires a token", async () => { @@ -93,6 +99,9 @@ describe("Acquires a token successfully via an App Service Managed Identity", () const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.CLOUD_SHELL + ); await expect( managedIdentityApplication.acquireToken( diff --git a/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts index e05a62a5ec..08ce7079d3 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts @@ -26,7 +26,10 @@ import { managedIdentityRequestParams, systemAssignedConfig, } from "../../test_kit/ManagedIdentityTestUtils"; -import { DEFAULT_MANAGED_IDENTITY_ID } from "../../../src/utils/Constants"; +import { + AzureIdentitySdkManagedIdentitySourceNames, + DEFAULT_MANAGED_IDENTITY_ID, +} from "../../../src/utils/Constants"; import { AccessTokenEntity, AuthenticationResult, @@ -87,6 +90,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.IMDS + ); const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken( @@ -103,6 +109,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedObjectIdConfig); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.IMDS + ); const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken( @@ -119,6 +128,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedResourceIdConfig); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.IMDS + ); const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken( @@ -137,6 +149,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { managedIdentityApplication = new ManagedIdentityApplication( systemAssignedConfig ); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.IMDS + ); }); test("acquires a token", async () => { @@ -184,6 +199,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { managedIdentityApplication = new ManagedIdentityApplication( userAssignedClientIdConfig ); + expect( + managedIdentityApplication.getManagedIdentitySource() + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); }); test("returns a 500 error response from the network request, just the first time", async () => { @@ -245,6 +263,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { managedIdentityApplication = new ManagedIdentityApplication( systemAssignedConfig ); + expect( + managedIdentityApplication.getManagedIdentitySource() + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); }); test("returns a 500 error response from the network request, just the first time, with no retry-after header", async () => { @@ -464,6 +485,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { disableInternalRetries: true, }, }); + expect( + managedIdentityApplicationNoRetry.getManagedIdentitySource() + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); const sendGetRequestAsyncSpy: jest.SpyInstance = jest .spyOn(networkClient, "sendGetRequestAsync") @@ -496,6 +520,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { beforeEach(() => { systemAssignedManagedIdentityApplication = new ManagedIdentityApplication(systemAssignedConfig); + expect( + systemAssignedManagedIdentityApplication.getManagedIdentitySource() + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); }); test("acquires a token from the network and then the same token from the cache, then acquires a different token for another scope", async () => { @@ -659,6 +686,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { userAssignedClientId: MANAGED_IDENTITY_RESOURCE_ID, }, }); + expect( + userAssignedClientIdManagedIdentityApplicationResource1.getManagedIdentitySource() + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); const userAssignedObjectIdManagedIdentityApplicationResource2: ManagedIdentityApplication = new ManagedIdentityApplication({ @@ -671,6 +701,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { userAssignedObjectId: MANAGED_IDENTITY_RESOURCE_ID_2, }, }); + expect( + userAssignedObjectIdManagedIdentityApplicationResource2.getManagedIdentitySource() + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); // ********** begin: return access tokens from a network request ********** // resource R1 for system assigned - returned from a network request @@ -707,6 +740,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { // resource R1 for system assigned - new application (to prove static cache persists), but same request as before, returned from the cache this time const systemAssignedManagedIdentityApplicationClone: ManagedIdentityApplication = new ManagedIdentityApplication(systemAssignedConfig); + expect( + systemAssignedManagedIdentityApplicationClone.getManagedIdentitySource() + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); let cachedManagedIdentityResult: AuthenticationResult = await systemAssignedManagedIdentityApplicationClone.acquireToken( { @@ -725,6 +761,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { userAssignedClientId: MANAGED_IDENTITY_RESOURCE_ID, }, }); + expect( + userAssignedClientIdManagedIdentityApplicationResource1Clone.getManagedIdentitySource() + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); cachedManagedIdentityResult = await userAssignedClientIdManagedIdentityApplicationResource1Clone.acquireToken( { @@ -745,6 +784,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { userAssignedObjectId: MANAGED_IDENTITY_RESOURCE_ID_2, }, }); + expect( + userAssignedObjectIdManagedIdentityApplicationResource2Clone.getManagedIdentitySource() + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); cachedManagedIdentityResult = await userAssignedObjectIdManagedIdentityApplicationResource2Clone.acquireToken( { @@ -784,6 +826,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { const systemAssignedManagedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(systemAssignedConfig); + expect( + systemAssignedManagedIdentityApplication.getManagedIdentitySource() + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); await expect( systemAssignedManagedIdentityApplication.acquireToken({ @@ -829,6 +874,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { // managedIdentityIdParams will be omitted for system assigned }, }); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.IMDS + ); let serverError: ServerError = new ServerError(); try { diff --git a/lib/msal-node/test/client/ManagedIdentitySources/ServiceFabric.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/ServiceFabric.spec.ts index 0be67d8848..82c170cd35 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/ServiceFabric.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/ServiceFabric.spec.ts @@ -18,7 +18,10 @@ import { } from "../../test_kit/ManagedIdentityTestUtils"; import { AuthenticationResult } from "@azure/msal-common"; import { ManagedIdentityClient } from "../../../src/client/ManagedIdentityClient"; -import { ManagedIdentityEnvironmentVariableNames } from "../../../src/utils/Constants"; +import { + AzureIdentitySdkManagedIdentitySourceNames, + ManagedIdentityEnvironmentVariableNames, +} from "../../../src/utils/Constants"; describe("Acquires a token successfully via an App Service Managed Identity", () => { beforeAll(() => { @@ -54,6 +57,9 @@ describe("Acquires a token successfully via an App Service Managed Identity", () const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.SERVICE_FABRIC + ); const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken( @@ -71,6 +77,9 @@ describe("Acquires a token successfully via an App Service Managed Identity", () managedIdentityApplication = new ManagedIdentityApplication( systemAssignedConfig ); + expect(managedIdentityApplication.getManagedIdentitySource()).toBe( + AzureIdentitySdkManagedIdentitySourceNames.SERVICE_FABRIC + ); }); test("acquires a token", async () => { From 9b150bc7c461cf5c66eadc42970f70ff1372f219 Mon Sep 17 00:00:00 2001 From: Robbie Ginsburg Date: Fri, 10 May 2024 17:59:04 -0400 Subject: [PATCH 02/10] Removed redundant tests --- .../ManagedIdentitySources/AppService.spec.ts | 7 --- .../ManagedIdentitySources/AzureArc.spec.ts | 15 ----- .../ManagedIdentitySources/CloudShell.spec.ts | 7 --- .../ManagedIdentitySources/Imds.spec.ts | 43 -------------- .../ServiceFabric.spec.ts | 7 --- .../test/test_kit/ManagedIdentityTestUtils.ts | 57 ------------------- 6 files changed, 136 deletions(-) diff --git a/lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts index d75dc28a77..85df136472 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts @@ -11,7 +11,6 @@ import { } from "../../test_kit/StringConstants"; import { - ManagedIdentityTestUtils, userAssignedClientIdConfig, managedIdentityRequestParams, systemAssignedConfig, @@ -47,8 +46,6 @@ describe("Acquires a token successfully via an App Service Managed Identity", () }); test("acquires a User Assigned Client Id token", async () => { - expect(ManagedIdentityTestUtils.isAppService()).toBe(true); - const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( @@ -77,8 +74,6 @@ describe("Acquires a token successfully via an App Service Managed Identity", () }); test("acquires a token", async () => { - expect(ManagedIdentityTestUtils.isAppService()).toBe(true); - const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken( managedIdentityRequestParams @@ -91,8 +86,6 @@ describe("Acquires a token successfully via an App Service Managed Identity", () }); test("returns an already acquired token from the cache", async () => { - expect(ManagedIdentityTestUtils.isAppService()).toBe(true); - const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken({ resource: MANAGED_IDENTITY_RESOURCE, diff --git a/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts index 6aa48b4af4..fdab6f4b40 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts @@ -15,7 +15,6 @@ import { } from "../../test_kit/StringConstants"; import { - ManagedIdentityTestUtils, ManagedIdentityNetworkClient, ManagedIdentityNetworkErrorClient, systemAssignedConfig, @@ -73,8 +72,6 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }); test("acquires a token", async () => { - expect(ManagedIdentityTestUtils.isAzureArc()).toBe(true); - const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken( managedIdentityRequestParams @@ -87,8 +84,6 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }); test("returns an already acquired token from the cache", async () => { - expect(ManagedIdentityTestUtils.isAzureArc()).toBe(true); - const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken({ resource: MANAGED_IDENTITY_RESOURCE, @@ -110,8 +105,6 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }); test("attempts to acquire a token, a 401 and www-authenticate header are returned form the azure arc managed identity, then retries the network request with the www-authenticate header", async () => { - expect(ManagedIdentityTestUtils.isAzureArc()).toBe(true); - const networkClient: ManagedIdentityNetworkClient = new ManagedIdentityNetworkClient(MANAGED_IDENTITY_RESOURCE_ID); @@ -179,8 +172,6 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = describe("Errors", () => { test("throws an error when a user assigned managed identity is used", async () => { - expect(ManagedIdentityTestUtils.isAzureArc()).toBe(true); - const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( @@ -199,8 +190,6 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }); test("throws an error when the www-authenticate header is missing", async () => { - expect(ManagedIdentityTestUtils.isAzureArc()).toBe(true); - const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication({ system: { @@ -227,8 +216,6 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }); test("throws an error when the www-authenticate header is in an unsupported format", async () => { - expect(ManagedIdentityTestUtils.isAzureArc()).toBe(true); - const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication({ system: { @@ -254,8 +241,6 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }); test("throws an error when the secret file cannot be found", async () => { - expect(ManagedIdentityTestUtils.isAzureArc()).toBe(true); - const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication({ system: { diff --git a/lib/msal-node/test/client/ManagedIdentitySources/CloudShell.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/CloudShell.spec.ts index d318114dea..f4e3b364af 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/CloudShell.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/CloudShell.spec.ts @@ -10,7 +10,6 @@ import { } from "../../test_kit/StringConstants"; import { - ManagedIdentityTestUtils, userAssignedClientIdConfig, managedIdentityRequestParams, systemAssignedConfig, @@ -56,8 +55,6 @@ describe("Acquires a token successfully via an App Service Managed Identity", () }); test("acquires a token", async () => { - expect(ManagedIdentityTestUtils.isCloudShell()).toBe(true); - const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken( managedIdentityRequestParams @@ -70,8 +67,6 @@ describe("Acquires a token successfully via an App Service Managed Identity", () }); test("returns an already acquired token from the cache", async () => { - expect(ManagedIdentityTestUtils.isCloudShell()).toBe(true); - const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken({ resource: MANAGED_IDENTITY_RESOURCE, @@ -95,8 +90,6 @@ describe("Acquires a token successfully via an App Service Managed Identity", () describe("Errors", () => { test("throws an error when a user assigned managed identity is used", async () => { - expect(ManagedIdentityTestUtils.isCloudShell()).toBe(true); - const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( diff --git a/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts index 08ce7079d3..84836ff4ca 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts @@ -18,7 +18,6 @@ import { } from "../../test_kit/StringConstants"; import { - ManagedIdentityTestUtils, ManagedIdentityNetworkClient, ManagedIdentityNetworkErrorClient, networkClient, @@ -86,8 +85,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { describe("User Assigned", () => { test("acquires a User Assigned Client Id token", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( @@ -105,8 +102,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("acquires a User Assigned Object Id token", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedObjectIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( @@ -124,8 +119,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("acquires a User Assigned Resource Id token", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedResourceIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( @@ -155,8 +148,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("acquires a token", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken( managedIdentityRequestParams @@ -169,8 +160,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("returns an already acquired token from the cache", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken({ resource: MANAGED_IDENTITY_RESOURCE, @@ -205,8 +194,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("returns a 500 error response from the network request, just the first time", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const sendGetRequestAsyncSpy: jest.SpyInstance = jest .spyOn(networkClient, "sendGetRequestAsync") // override the networkClient's sendGetRequestAsync method to return a 500. @@ -230,8 +217,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("returns a 500 error response from the network request permanently", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const sendGetRequestAsyncSpy: jest.SpyInstance = jest .spyOn(networkClient, "sendGetRequestAsync") // permanently override the networkClient's sendGetRequestAsync method to return a 500 @@ -269,8 +254,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("returns a 500 error response from the network request, just the first time, with no retry-after header", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const sendGetRequestAsyncSpy: jest.SpyInstance = jest .spyOn(networkClient, "sendGetRequestAsync") // override the networkClient's sendGetRequestAsync method to return a 500. @@ -304,8 +287,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("returns a 500 error response from the network request, just the first time, with a retry-after header of 3 seconds", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const headers: Record = { "Retry-After": "3", // 3 seconds }; @@ -344,8 +325,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("returns a 500 error response from the network request, just the first time, with a retry-after header of 3 seconds (extrapolated from an http-date)", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - var retryAfterHttpDate = new Date(); retryAfterHttpDate.setSeconds( retryAfterHttpDate.getSeconds() + 4 // 4 seconds. An extra second has been added to account for this date operation @@ -388,8 +367,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("returns a 500 error response from the network request permanently", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const sendGetRequestAsyncSpy: jest.SpyInstance = jest .spyOn(networkClient, "sendGetRequestAsync") // permanently override the networkClient's sendGetRequestAsync method to return a 500 @@ -415,8 +392,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("makes three acquireToken calls on the same managed identity application (which returns a 500 error response from the network request permanently) to ensure that retry policy lifetime is per request", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const sendGetRequestAsyncSpyApp: jest.SpyInstance = jest .spyOn(networkClient, "sendGetRequestAsync") // permanently override the networkClient's sendGetRequestAsync method to return a 500 @@ -452,8 +427,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }, 15000); // triple the timeout value for this test because there are 3 acquireToken calls (3 x 1 second in between retries) test("ensures that a retry does not happen when the http status code from a failed network response is not included in the retry policy", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const sendGetRequestAsyncSpyApp: jest.SpyInstance = jest .spyOn(networkClient, "sendGetRequestAsync") // permanently override the networkClient's sendGetRequestAsync method to return a 400 @@ -476,8 +449,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("ensures that a retry does not happen when the http status code from a failed network response is included in the retry policy, but the retry policy has been disabled", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const managedIdentityApplicationNoRetry: ManagedIdentityApplication = new ManagedIdentityApplication({ system: { @@ -526,8 +497,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("acquires a token from the network and then the same token from the cache, then acquires a different token for another scope", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - let networkManagedIdentityResult: AuthenticationResult = await systemAssignedManagedIdentityApplication.acquireToken({ resource: MANAGED_IDENTITY_RESOURCE, @@ -560,8 +529,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("ignores a cached token when forceRefresh is set to true", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - let networkManagedIdentityResult: AuthenticationResult = await systemAssignedManagedIdentityApplication.acquireToken({ resource: MANAGED_IDENTITY_RESOURCE, @@ -594,8 +561,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("proactively refreshes a token in the background when its refresh_in value is expired.", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - let networkManagedIdentityResult: AuthenticationResult = await systemAssignedManagedIdentityApplication.acquireToken({ resource: MANAGED_IDENTITY_RESOURCE, @@ -672,8 +637,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }, 10000); // double the timeout value for this test because it waits two seconds in between the acquireToken call and the cache lookup test("requests three tokens with two different resources while switching between user and system assigned, then requests them again to verify they are retrieved from the cache, then verifies that their cache keys are correct", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - // the imported systemAssignedManagedIdentityApplication is the default System Assigned Managed Identity Application. // for reference, in this case it is equivalent to systemAssignedManagedIdentityApplicationResource1 @@ -822,8 +785,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { describe("Errors", () => { test("throws an error when an invalid resource is provided", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const systemAssignedManagedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(systemAssignedConfig); expect( @@ -842,8 +803,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("throws an error when more than one managed identity type is provided", () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const badUserAssignedClientIdConfig: ManagedIdentityConfiguration = { system: { @@ -865,8 +824,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); test("managed identity token response contains an error message and correlation id when an error is returned from the managed identity", async () => { - expect(ManagedIdentityTestUtils.isIMDS()).toBe(true); - const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication({ system: { diff --git a/lib/msal-node/test/client/ManagedIdentitySources/ServiceFabric.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/ServiceFabric.spec.ts index 82c170cd35..a8d6e85ba5 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/ServiceFabric.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/ServiceFabric.spec.ts @@ -11,7 +11,6 @@ import { } from "../../test_kit/StringConstants"; import { - ManagedIdentityTestUtils, userAssignedClientIdConfig, managedIdentityRequestParams, systemAssignedConfig, @@ -53,8 +52,6 @@ describe("Acquires a token successfully via an App Service Managed Identity", () }); test("acquires a User Assigned Client Id token", async () => { - expect(ManagedIdentityTestUtils.isServiceFabric()).toBe(true); - const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( @@ -83,8 +80,6 @@ describe("Acquires a token successfully via an App Service Managed Identity", () }); test("acquires a token", async () => { - expect(ManagedIdentityTestUtils.isServiceFabric()).toBe(true); - const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken( managedIdentityRequestParams @@ -97,8 +92,6 @@ describe("Acquires a token successfully via an App Service Managed Identity", () }); test("returns an already acquired token from the cache", async () => { - expect(ManagedIdentityTestUtils.isServiceFabric()).toBe(true); - const networkManagedIdentityResult: AuthenticationResult = await managedIdentityApplication.acquireToken({ resource: MANAGED_IDENTITY_RESOURCE, diff --git a/lib/msal-node/test/test_kit/ManagedIdentityTestUtils.ts b/lib/msal-node/test/test_kit/ManagedIdentityTestUtils.ts index dceea72efb..85ed8fb302 100644 --- a/lib/msal-node/test/test_kit/ManagedIdentityTestUtils.ts +++ b/lib/msal-node/test/test_kit/ManagedIdentityTestUtils.ts @@ -18,7 +18,6 @@ import { TEST_TOKENS, TEST_TOKEN_LIFETIMES, } from "./StringConstants"; -import { ManagedIdentityEnvironmentVariableNames } from "../../src/utils/Constants"; import { ManagedIdentityTokenResponse } from "../../src/response/ManagedIdentityTokenResponse"; import { ManagedIdentityRequestParams } from "../../src"; import { ManagedIdentityConfiguration } from "../../src/config/Configuration"; @@ -26,62 +25,6 @@ import { mockAuthenticationResult } from "../utils/TestConstants"; const EMPTY_HEADERS: Record = {}; -export class ManagedIdentityTestUtils { - public static isAppService(): boolean { - return ( - // !! converts to boolean - !!process.env[ - ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT - ] && - !!process.env[ - ManagedIdentityEnvironmentVariableNames.IDENTITY_HEADER - ] - ); - } - - public static isAzureArc(): boolean { - return ( - // !! converts to boolean - !!process.env[ - ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT - ] && - !!process.env[ManagedIdentityEnvironmentVariableNames.IMDS_ENDPOINT] - ); - } - - public static isCloudShell(): boolean { - return ( - // !! converts to boolean - !!process.env[ManagedIdentityEnvironmentVariableNames.MSI_ENDPOINT] - ); - } - - public static isIMDS(): boolean { - return ( - !ManagedIdentityTestUtils.isAppService() && - !ManagedIdentityTestUtils.isAzureArc() && - !ManagedIdentityTestUtils.isCloudShell() && - !ManagedIdentityTestUtils.isServiceFabric() - ); - } - - public static isServiceFabric(): boolean { - return ( - // !! converts to boolean - !!process.env[ - ManagedIdentityEnvironmentVariableNames.IDENTITY_ENDPOINT - ] && - !!process.env[ - ManagedIdentityEnvironmentVariableNames.IDENTITY_HEADER - ] && - !!process.env[ - ManagedIdentityEnvironmentVariableNames - .IDENTITY_SERVER_THUMBPRINT - ] - ); - } -} - export class ManagedIdentityNetworkClient implements INetworkModule { private clientId: string; private resource: string | undefined; From fb541779cf84ffae634b40070b2bb29b893a1c88 Mon Sep 17 00:00:00 2001 From: Robbie Ginsburg Date: Fri, 10 May 2024 18:03:25 -0400 Subject: [PATCH 03/10] Change files --- ...ure-msal-node-57db4095-d80e-49e1-b4ca-835fe9d50cb3.json | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 change/@azure-msal-node-57db4095-d80e-49e1-b4ca-835fe9d50cb3.json diff --git a/change/@azure-msal-node-57db4095-d80e-49e1-b4ca-835fe9d50cb3.json b/change/@azure-msal-node-57db4095-d80e-49e1-b4ca-835fe9d50cb3.json new file mode 100644 index 0000000000..ec7a5b53b4 --- /dev/null +++ b/change/@azure-msal-node-57db4095-d80e-49e1-b4ca-835fe9d50cb3.json @@ -0,0 +1,7 @@ +{ + "type": "minor", + "comment": "Added API for Managed Identity to detect the current environment #7093", + "packageName": "@azure/msal-node", + "email": "rginsburg@microsoft.com", + "dependentChangeType": "patch" +} From 61ad33cface6704c81ded16963d7c9aeead6a50f Mon Sep 17 00:00:00 2001 From: Robbie Ginsburg Date: Wed, 15 May 2024 13:00:39 -0400 Subject: [PATCH 04/10] Implemented GitHub Feedback --- .../src/client/ManagedIdentityApplication.ts | 9 ++++- .../src/client/ManagedIdentityClient.ts | 38 ++++++++++--------- 2 files changed, 29 insertions(+), 18 deletions(-) diff --git a/lib/msal-node/src/client/ManagedIdentityApplication.ts b/lib/msal-node/src/client/ManagedIdentityApplication.ts index f120d6286d..4ccde4488e 100644 --- a/lib/msal-node/src/client/ManagedIdentityApplication.ts +++ b/lib/msal-node/src/client/ManagedIdentityApplication.ts @@ -187,7 +187,14 @@ export class ManagedIdentityApplication { } } + /** + * Determine the Managed Identity Source based on available environment variables. This API is consumed by Azure Identity SDK. + * @returns AzureIdentitySdkManagedIdentitySourceNames - Azure Identity SDK defined identifiers for the Managed Identity Sources + */ public getManagedIdentitySource(): AzureIdentitySdkManagedIdentitySourceNames { - return this.managedIdentityClient.getManagedIdentitySource(); + return ( + ManagedIdentityClient.azureIdentitySdkManagedIdentitySourceNames || + this.managedIdentityClient.getManagedIdentitySource() + ); } } diff --git a/lib/msal-node/src/client/ManagedIdentityClient.ts b/lib/msal-node/src/client/ManagedIdentityClient.ts index d6bc1e7d00..ee3f531bdc 100644 --- a/lib/msal-node/src/client/ManagedIdentityClient.ts +++ b/lib/msal-node/src/client/ManagedIdentityClient.ts @@ -36,6 +36,7 @@ export class ManagedIdentityClient { private cryptoProvider: CryptoProvider; private static identitySource?: BaseManagedIdentitySource; + public static azureIdentitySdkManagedIdentitySourceNames?: AzureIdentitySdkManagedIdentitySourceNames; constructor( logger: Logger, @@ -89,23 +90,26 @@ export class ManagedIdentityClient { * @returns AzureIdentitySdkManagedIdentitySourceNames - Azure Identity SDK defined identifiers for the Managed Identity Sources */ public getManagedIdentitySource(): AzureIdentitySdkManagedIdentitySourceNames { - return this.allEnvironmentVariablesAreDefined( - ServiceFabric.getEnvironmentVariables() - ) - ? AzureIdentitySdkManagedIdentitySourceNames.SERVICE_FABRIC - : this.allEnvironmentVariablesAreDefined( - AppService.getEnvironmentVariables() - ) - ? AzureIdentitySdkManagedIdentitySourceNames.APP_SERVICE - : this.allEnvironmentVariablesAreDefined( - CloudShell.getEnvironmentVariables() - ) - ? AzureIdentitySdkManagedIdentitySourceNames.CLOUD_SHELL - : this.allEnvironmentVariablesAreDefined( - AzureArc.getEnvironmentVariables() - ) - ? AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC - : AzureIdentitySdkManagedIdentitySourceNames.IMDS; + ManagedIdentityClient.azureIdentitySdkManagedIdentitySourceNames = + this.allEnvironmentVariablesAreDefined( + ServiceFabric.getEnvironmentVariables() + ) + ? AzureIdentitySdkManagedIdentitySourceNames.SERVICE_FABRIC + : this.allEnvironmentVariablesAreDefined( + AppService.getEnvironmentVariables() + ) + ? AzureIdentitySdkManagedIdentitySourceNames.APP_SERVICE + : this.allEnvironmentVariablesAreDefined( + CloudShell.getEnvironmentVariables() + ) + ? AzureIdentitySdkManagedIdentitySourceNames.CLOUD_SHELL + : this.allEnvironmentVariablesAreDefined( + AzureArc.getEnvironmentVariables() + ) + ? AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + : AzureIdentitySdkManagedIdentitySourceNames.IMDS; + + return ManagedIdentityClient.azureIdentitySdkManagedIdentitySourceNames; } /** From 74eb36a146679dd416dff48140a7e44205735c93 Mon Sep 17 00:00:00 2001 From: Robbie Ginsburg Date: Wed, 15 May 2024 13:02:24 -0400 Subject: [PATCH 05/10] Fixed comment --- lib/msal-node/src/client/ManagedIdentityClient.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/msal-node/src/client/ManagedIdentityClient.ts b/lib/msal-node/src/client/ManagedIdentityClient.ts index ee3f531bdc..506f7309c1 100644 --- a/lib/msal-node/src/client/ManagedIdentityClient.ts +++ b/lib/msal-node/src/client/ManagedIdentityClient.ts @@ -86,7 +86,7 @@ export class ManagedIdentityClient { } /** - * Determine the Managed Identity Source based on available environment variables. This API is consumed by Azure Identity SDK. + * Determine the Managed Identity Source based on available environment variables. This API is consumed by ManagedIdentityApplication's getManagedIdentitySource. * @returns AzureIdentitySdkManagedIdentitySourceNames - Azure Identity SDK defined identifiers for the Managed Identity Sources */ public getManagedIdentitySource(): AzureIdentitySdkManagedIdentitySourceNames { From d136a6a05b936d1da5f2f180fec9cae5411b8ce9 Mon Sep 17 00:00:00 2001 From: Robbie Ginsburg Date: Thu, 16 May 2024 13:56:44 -0400 Subject: [PATCH 06/10] Renamed constants --- .../src/client/ManagedIdentityClient.ts | 4 +-- lib/msal-node/src/utils/Constants.ts | 4 +-- .../ManagedIdentitySources/AzureArc.spec.ts | 12 +++---- .../ManagedIdentitySources/Imds.spec.ts | 36 +++++++++++-------- 4 files changed, 31 insertions(+), 25 deletions(-) diff --git a/lib/msal-node/src/client/ManagedIdentityClient.ts b/lib/msal-node/src/client/ManagedIdentityClient.ts index 506f7309c1..a95d296a46 100644 --- a/lib/msal-node/src/client/ManagedIdentityClient.ts +++ b/lib/msal-node/src/client/ManagedIdentityClient.ts @@ -106,8 +106,8 @@ export class ManagedIdentityClient { : this.allEnvironmentVariablesAreDefined( AzureArc.getEnvironmentVariables() ) - ? AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC - : AzureIdentitySdkManagedIdentitySourceNames.IMDS; + ? AzureIdentitySdkManagedIdentitySourceNames.ARC + : AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM; return ManagedIdentityClient.azureIdentitySdkManagedIdentitySourceNames; } diff --git a/lib/msal-node/src/utils/Constants.ts b/lib/msal-node/src/utils/Constants.ts index 946fc17f2b..66bd3ca99d 100644 --- a/lib/msal-node/src/utils/Constants.ts +++ b/lib/msal-node/src/utils/Constants.ts @@ -48,9 +48,9 @@ export type ManagedIdentitySourceNames = */ export const AzureIdentitySdkManagedIdentitySourceNames = { APP_SERVICE: "APP_SERVICE", - AZURE_ARC: "ARC", + ARC: "ARC", CLOUD_SHELL: "CLOUD_SHELL", - IMDS: "DEFAULT_TO_VM", + DEFAULT_TO_VM: "DEFAULT_TO_VM", SERVICE_FABRIC: "SERVICE_FABRIC", } as const; export type AzureIdentitySdkManagedIdentitySourceNames = diff --git a/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts index fdab6f4b40..d964db0149 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts @@ -67,7 +67,7 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = systemAssignedConfig ); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + AzureIdentitySdkManagedIdentitySourceNames.ARC ); }); @@ -116,7 +116,7 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }, }); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + AzureIdentitySdkManagedIdentitySourceNames.ARC ); const networkErrorClient: ManagedIdentityNetworkErrorClient = @@ -175,7 +175,7 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + AzureIdentitySdkManagedIdentitySourceNames.ARC ); await expect( @@ -201,7 +201,7 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }, }); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + AzureIdentitySdkManagedIdentitySourceNames.ARC ); await expect( @@ -226,7 +226,7 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }, }); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + AzureIdentitySdkManagedIdentitySourceNames.ARC ); await expect( @@ -251,7 +251,7 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }, }); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.AZURE_ARC + AzureIdentitySdkManagedIdentitySourceNames.ARC ); jest.spyOn(fs, "readFileSync").mockImplementationOnce(() => { diff --git a/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts index 84836ff4ca..a0e8f05bc3 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts @@ -88,7 +88,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.IMDS + AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM ); const networkManagedIdentityResult: AuthenticationResult = @@ -105,7 +105,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedObjectIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.IMDS + AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM ); const networkManagedIdentityResult: AuthenticationResult = @@ -122,7 +122,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedResourceIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.IMDS + AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM ); const networkManagedIdentityResult: AuthenticationResult = @@ -143,7 +143,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { systemAssignedConfig ); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.IMDS + AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM ); }); @@ -190,7 +190,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { ); expect( managedIdentityApplication.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); + ).toBe( + AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM + ); }); test("returns a 500 error response from the network request, just the first time", async () => { @@ -250,7 +252,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { ); expect( managedIdentityApplication.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); + ).toBe( + AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM + ); }); test("returns a 500 error response from the network request, just the first time, with no retry-after header", async () => { @@ -458,7 +462,9 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); expect( managedIdentityApplicationNoRetry.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); + ).toBe( + AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM + ); const sendGetRequestAsyncSpy: jest.SpyInstance = jest .spyOn(networkClient, "sendGetRequestAsync") @@ -493,7 +499,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { new ManagedIdentityApplication(systemAssignedConfig); expect( systemAssignedManagedIdentityApplication.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); }); test("acquires a token from the network and then the same token from the cache, then acquires a different token for another scope", async () => { @@ -651,7 +657,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); expect( userAssignedClientIdManagedIdentityApplicationResource1.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); const userAssignedObjectIdManagedIdentityApplicationResource2: ManagedIdentityApplication = new ManagedIdentityApplication({ @@ -666,7 +672,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); expect( userAssignedObjectIdManagedIdentityApplicationResource2.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); // ********** begin: return access tokens from a network request ********** // resource R1 for system assigned - returned from a network request @@ -705,7 +711,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { new ManagedIdentityApplication(systemAssignedConfig); expect( systemAssignedManagedIdentityApplicationClone.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); let cachedManagedIdentityResult: AuthenticationResult = await systemAssignedManagedIdentityApplicationClone.acquireToken( { @@ -726,7 +732,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); expect( userAssignedClientIdManagedIdentityApplicationResource1Clone.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); cachedManagedIdentityResult = await userAssignedClientIdManagedIdentityApplicationResource1Clone.acquireToken( { @@ -749,7 +755,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); expect( userAssignedObjectIdManagedIdentityApplicationResource2Clone.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); cachedManagedIdentityResult = await userAssignedObjectIdManagedIdentityApplicationResource2Clone.acquireToken( { @@ -789,7 +795,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { new ManagedIdentityApplication(systemAssignedConfig); expect( systemAssignedManagedIdentityApplication.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.IMDS); + ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); await expect( systemAssignedManagedIdentityApplication.acquireToken({ @@ -832,7 +838,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }, }); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.IMDS + AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM ); let serverError: ServerError = new ServerError(); From efaf361a1bba3a5a874e4b4fe184e59979e3a942 Mon Sep 17 00:00:00 2001 From: Robbie Ginsburg Date: Thu, 16 May 2024 15:30:45 -0400 Subject: [PATCH 07/10] ran apiExtractor --- lib/msal-node/apiReview/msal-node.api.md | 5 ++--- lib/msal-node/src/client/ManagedIdentityApplication.ts | 3 ++- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/msal-node/apiReview/msal-node.api.md b/lib/msal-node/apiReview/msal-node.api.md index 8a3ef577b3..dc97fc98c8 100644 --- a/lib/msal-node/apiReview/msal-node.api.md +++ b/lib/msal-node/apiReview/msal-node.api.md @@ -412,13 +412,12 @@ export { Logger } export { LogLevel } -// Warning: (ae-missing-release-tag) "ManagedIdentityApplication" is part of the package's API, but it is missing a release tag (@alpha, @beta, @public, or @internal) -// // @public export class ManagedIdentityApplication { constructor(configuration?: ManagedIdentityConfiguration); - // Warning: (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen acquireToken(managedIdentityRequestParams: ManagedIdentityRequestParams): Promise; + // Warning: (ae-forgotten-export) The symbol "AzureIdentitySdkManagedIdentitySourceNames" needs to be exported by the entry point index.d.ts + getManagedIdentitySource(): AzureIdentitySdkManagedIdentitySourceNames; } // Warning: (ae-missing-release-tag) "ManagedIdentityConfiguration" is part of the package's API, but it is missing a release tag (@alpha, @beta, @public, or @internal) diff --git a/lib/msal-node/src/client/ManagedIdentityApplication.ts b/lib/msal-node/src/client/ManagedIdentityApplication.ts index 4ccde4488e..477a4e8b2a 100644 --- a/lib/msal-node/src/client/ManagedIdentityApplication.ts +++ b/lib/msal-node/src/client/ManagedIdentityApplication.ts @@ -38,6 +38,7 @@ import { /** * Class to initialize a managed identity and identify the service + * @public */ export class ManagedIdentityApplication { private config: ManagedIdentityNodeConfiguration; @@ -116,7 +117,7 @@ export class ManagedIdentityApplication { /** * Acquire an access token from the cache or the managed identity - * @param managedIdentityRequest + * @param managedIdentityRequest - the ManagedIdentityRequestParams object passed in by the developer * @returns the access token */ public async acquireToken( From c07501dcf5ac0a88958b2a050769bca19a56058a Mon Sep 17 00:00:00 2001 From: Robbie Ginsburg Date: Thu, 16 May 2024 15:44:40 -0400 Subject: [PATCH 08/10] more apiExtractor changes --- lib/msal-node/apiReview/msal-node.api.md | 13 ++++++++++++- lib/msal-node/src/index.ts | 3 +++ lib/msal-node/src/utils/Constants.ts | 5 +++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/lib/msal-node/apiReview/msal-node.api.md b/lib/msal-node/apiReview/msal-node.api.md index dc97fc98c8..f473b4fee0 100644 --- a/lib/msal-node/apiReview/msal-node.api.md +++ b/lib/msal-node/apiReview/msal-node.api.md @@ -117,6 +117,18 @@ export { AzureCloudInstance } export { AzureCloudOptions } +// @public +export const AzureIdentitySdkManagedIdentitySourceNames: { + readonly APP_SERVICE: "APP_SERVICE"; + readonly ARC: "ARC"; + readonly CLOUD_SHELL: "CLOUD_SHELL"; + readonly DEFAULT_TO_VM: "DEFAULT_TO_VM"; + readonly SERVICE_FABRIC: "SERVICE_FABRIC"; +}; + +// @public +export type AzureIdentitySdkManagedIdentitySourceNames = (typeof AzureIdentitySdkManagedIdentitySourceNames)[keyof typeof AzureIdentitySdkManagedIdentitySourceNames]; + // @public export type BrokerOptions = { nativeBrokerPlugin?: INativeBrokerPlugin; @@ -416,7 +428,6 @@ export { LogLevel } export class ManagedIdentityApplication { constructor(configuration?: ManagedIdentityConfiguration); acquireToken(managedIdentityRequestParams: ManagedIdentityRequestParams): Promise; - // Warning: (ae-forgotten-export) The symbol "AzureIdentitySdkManagedIdentitySourceNames" needs to be exported by the entry point index.d.ts getManagedIdentitySource(): AzureIdentitySdkManagedIdentitySourceNames; } diff --git a/lib/msal-node/src/index.ts b/lib/msal-node/src/index.ts index b2ba3251c6..de5409e395 100644 --- a/lib/msal-node/src/index.ts +++ b/lib/msal-node/src/index.ts @@ -62,6 +62,9 @@ export { } from "./cache/serializer/SerializerTypes.js"; export { DistributedCachePlugin } from "./cache/distributed/DistributedCachePlugin.js"; +// Constants +export type { AzureIdentitySdkManagedIdentitySourceNames } from "./utils/Constants.js"; + // Crypto export { CryptoProvider } from "./crypto/CryptoProvider.js"; diff --git a/lib/msal-node/src/utils/Constants.ts b/lib/msal-node/src/utils/Constants.ts index 66bd3ca99d..f64f7738cf 100644 --- a/lib/msal-node/src/utils/Constants.ts +++ b/lib/msal-node/src/utils/Constants.ts @@ -45,6 +45,7 @@ export type ManagedIdentitySourceNames = /** * Azure Identity SDK defined identifiers for the Managed Identity Sources + * @public */ export const AzureIdentitySdkManagedIdentitySourceNames = { APP_SERVICE: "APP_SERVICE", @@ -53,6 +54,10 @@ export const AzureIdentitySdkManagedIdentitySourceNames = { DEFAULT_TO_VM: "DEFAULT_TO_VM", SERVICE_FABRIC: "SERVICE_FABRIC", } as const; +/** + * The AzureIdentitySdkManagedIdentitySourceNames type + * @public + */ export type AzureIdentitySdkManagedIdentitySourceNames = (typeof AzureIdentitySdkManagedIdentitySourceNames)[keyof typeof AzureIdentitySdkManagedIdentitySourceNames]; From 4b06da7abe96f2810ac03775bd7fa2032175c6d1 Mon Sep 17 00:00:00 2001 From: Robbie Ginsburg Date: Fri, 17 May 2024 13:07:02 -0400 Subject: [PATCH 09/10] Updated enum --- lib/msal-node/apiReview/msal-node.api.md | 27 ++++++------- .../src/client/ManagedIdentityApplication.ts | 6 +-- .../src/client/ManagedIdentityClient.ts | 20 +++++----- lib/msal-node/src/index.ts | 2 +- lib/msal-node/src/utils/Constants.ts | 32 +++++----------- .../ManagedIdentitySources/AppService.spec.ts | 6 +-- .../ManagedIdentitySources/AzureArc.spec.ts | 14 +++---- .../ManagedIdentitySources/CloudShell.spec.ts | 6 +-- .../ManagedIdentitySources/Imds.spec.ts | 38 ++++++++----------- .../ServiceFabric.spec.ts | 6 +-- 10 files changed, 70 insertions(+), 87 deletions(-) diff --git a/lib/msal-node/apiReview/msal-node.api.md b/lib/msal-node/apiReview/msal-node.api.md index f473b4fee0..4465215271 100644 --- a/lib/msal-node/apiReview/msal-node.api.md +++ b/lib/msal-node/apiReview/msal-node.api.md @@ -117,18 +117,6 @@ export { AzureCloudInstance } export { AzureCloudOptions } -// @public -export const AzureIdentitySdkManagedIdentitySourceNames: { - readonly APP_SERVICE: "APP_SERVICE"; - readonly ARC: "ARC"; - readonly CLOUD_SHELL: "CLOUD_SHELL"; - readonly DEFAULT_TO_VM: "DEFAULT_TO_VM"; - readonly SERVICE_FABRIC: "SERVICE_FABRIC"; -}; - -// @public -export type AzureIdentitySdkManagedIdentitySourceNames = (typeof AzureIdentitySdkManagedIdentitySourceNames)[keyof typeof AzureIdentitySdkManagedIdentitySourceNames]; - // @public export type BrokerOptions = { nativeBrokerPlugin?: INativeBrokerPlugin; @@ -428,7 +416,7 @@ export { LogLevel } export class ManagedIdentityApplication { constructor(configuration?: ManagedIdentityConfiguration); acquireToken(managedIdentityRequestParams: ManagedIdentityRequestParams): Promise; - getManagedIdentitySource(): AzureIdentitySdkManagedIdentitySourceNames; + getManagedIdentitySource(): ManagedIdentitySourceNames; } // Warning: (ae-missing-release-tag) "ManagedIdentityConfiguration" is part of the package's API, but it is missing a release tag (@alpha, @beta, @public, or @internal) @@ -460,6 +448,19 @@ export type ManagedIdentityRequestParams = { resource: string; }; +// @public +export const ManagedIdentitySourceNames: { + readonly APP_SERVICE: "AppService"; + readonly AZURE_ARC: "AzureArc"; + readonly CLOUD_SHELL: "CloudShell"; + readonly DEFAULT_TO_IMDS: "DefaultToImds"; + readonly IMDS: "Imds"; + readonly SERVICE_FABRIC: "ServiceFabric"; +}; + +// @public +export type ManagedIdentitySourceNames = (typeof ManagedIdentitySourceNames)[keyof typeof ManagedIdentitySourceNames]; + export { NetworkRequestOptions } export { NetworkResponse } diff --git a/lib/msal-node/src/client/ManagedIdentityApplication.ts b/lib/msal-node/src/client/ManagedIdentityApplication.ts index 477a4e8b2a..19fd17b379 100644 --- a/lib/msal-node/src/client/ManagedIdentityApplication.ts +++ b/lib/msal-node/src/client/ManagedIdentityApplication.ts @@ -32,8 +32,8 @@ import { ManagedIdentityClient } from "./ManagedIdentityClient"; import { ManagedIdentityRequestParams } from "../request/ManagedIdentityRequestParams"; import { NodeStorage } from "../cache/NodeStorage"; import { - AzureIdentitySdkManagedIdentitySourceNames, DEFAULT_AUTHORITY_FOR_MANAGED_IDENTITY, + ManagedIdentitySourceNames, } from "../utils/Constants"; /** @@ -192,9 +192,9 @@ export class ManagedIdentityApplication { * Determine the Managed Identity Source based on available environment variables. This API is consumed by Azure Identity SDK. * @returns AzureIdentitySdkManagedIdentitySourceNames - Azure Identity SDK defined identifiers for the Managed Identity Sources */ - public getManagedIdentitySource(): AzureIdentitySdkManagedIdentitySourceNames { + public getManagedIdentitySource(): ManagedIdentitySourceNames { return ( - ManagedIdentityClient.azureIdentitySdkManagedIdentitySourceNames || + ManagedIdentityClient.sourceName || this.managedIdentityClient.getManagedIdentitySource() ); } diff --git a/lib/msal-node/src/client/ManagedIdentityClient.ts b/lib/msal-node/src/client/ManagedIdentityClient.ts index a95d296a46..38ded0b326 100644 --- a/lib/msal-node/src/client/ManagedIdentityClient.ts +++ b/lib/msal-node/src/client/ManagedIdentityClient.ts @@ -23,7 +23,7 @@ import { ManagedIdentityRequest } from "../request/ManagedIdentityRequest"; import { ManagedIdentityId } from "../config/ManagedIdentityId"; import { NodeStorage } from "../cache/NodeStorage"; import { BaseManagedIdentitySource } from "./ManagedIdentitySources/BaseManagedIdentitySource"; -import { AzureIdentitySdkManagedIdentitySourceNames } from "../utils/Constants"; +import { ManagedIdentitySourceNames } from "../utils/Constants"; /* * Class to initialize a managed identity and identify the service. @@ -36,7 +36,7 @@ export class ManagedIdentityClient { private cryptoProvider: CryptoProvider; private static identitySource?: BaseManagedIdentitySource; - public static azureIdentitySdkManagedIdentitySourceNames?: AzureIdentitySdkManagedIdentitySourceNames; + public static sourceName?: ManagedIdentitySourceNames; constructor( logger: Logger, @@ -89,27 +89,27 @@ export class ManagedIdentityClient { * Determine the Managed Identity Source based on available environment variables. This API is consumed by ManagedIdentityApplication's getManagedIdentitySource. * @returns AzureIdentitySdkManagedIdentitySourceNames - Azure Identity SDK defined identifiers for the Managed Identity Sources */ - public getManagedIdentitySource(): AzureIdentitySdkManagedIdentitySourceNames { - ManagedIdentityClient.azureIdentitySdkManagedIdentitySourceNames = + public getManagedIdentitySource(): ManagedIdentitySourceNames { + ManagedIdentityClient.sourceName = this.allEnvironmentVariablesAreDefined( ServiceFabric.getEnvironmentVariables() ) - ? AzureIdentitySdkManagedIdentitySourceNames.SERVICE_FABRIC + ? ManagedIdentitySourceNames.SERVICE_FABRIC : this.allEnvironmentVariablesAreDefined( AppService.getEnvironmentVariables() ) - ? AzureIdentitySdkManagedIdentitySourceNames.APP_SERVICE + ? ManagedIdentitySourceNames.APP_SERVICE : this.allEnvironmentVariablesAreDefined( CloudShell.getEnvironmentVariables() ) - ? AzureIdentitySdkManagedIdentitySourceNames.CLOUD_SHELL + ? ManagedIdentitySourceNames.CLOUD_SHELL : this.allEnvironmentVariablesAreDefined( AzureArc.getEnvironmentVariables() ) - ? AzureIdentitySdkManagedIdentitySourceNames.ARC - : AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM; + ? ManagedIdentitySourceNames.AZURE_ARC + : ManagedIdentitySourceNames.DEFAULT_TO_IMDS; - return ManagedIdentityClient.azureIdentitySdkManagedIdentitySourceNames; + return ManagedIdentityClient.sourceName; } /** diff --git a/lib/msal-node/src/index.ts b/lib/msal-node/src/index.ts index de5409e395..5678805a3e 100644 --- a/lib/msal-node/src/index.ts +++ b/lib/msal-node/src/index.ts @@ -63,7 +63,7 @@ export { export { DistributedCachePlugin } from "./cache/distributed/DistributedCachePlugin.js"; // Constants -export type { AzureIdentitySdkManagedIdentitySourceNames } from "./utils/Constants.js"; +export { ManagedIdentitySourceNames } from "./utils/Constants.js"; // Crypto export { CryptoProvider } from "./crypto/CryptoProvider.js"; diff --git a/lib/msal-node/src/utils/Constants.ts b/lib/msal-node/src/utils/Constants.ts index f64f7738cf..eef876c2a0 100644 --- a/lib/msal-node/src/utils/Constants.ts +++ b/lib/msal-node/src/utils/Constants.ts @@ -32,34 +32,22 @@ export type ManagedIdentityEnvironmentVariableNames = /** * Managed Identity Source Names - */ -export const ManagedIdentitySourceNames = { - APP_SERVICE: "App Service", - AZURE_ARC: "Azure Arc", - CLOUD_SHELL: "Cloud Shell", - IMDS: "IMDS", - SERVICE_FABRIC: "Service Fabric", -} as const; -export type ManagedIdentitySourceNames = - (typeof ManagedIdentitySourceNames)[keyof typeof ManagedIdentitySourceNames]; - -/** - * Azure Identity SDK defined identifiers for the Managed Identity Sources * @public */ -export const AzureIdentitySdkManagedIdentitySourceNames = { - APP_SERVICE: "APP_SERVICE", - ARC: "ARC", - CLOUD_SHELL: "CLOUD_SHELL", - DEFAULT_TO_VM: "DEFAULT_TO_VM", - SERVICE_FABRIC: "SERVICE_FABRIC", +export const ManagedIdentitySourceNames = { + APP_SERVICE: "AppService", + AZURE_ARC: "AzureArc", + CLOUD_SHELL: "CloudShell", + DEFAULT_TO_IMDS: "DefaultToImds", + IMDS: "Imds", + SERVICE_FABRIC: "ServiceFabric", } as const; /** - * The AzureIdentitySdkManagedIdentitySourceNames type + * The ManagedIdentitySourceNames type * @public */ -export type AzureIdentitySdkManagedIdentitySourceNames = - (typeof AzureIdentitySdkManagedIdentitySourceNames)[keyof typeof AzureIdentitySdkManagedIdentitySourceNames]; +export type ManagedIdentitySourceNames = + (typeof ManagedIdentitySourceNames)[keyof typeof ManagedIdentitySourceNames]; /** * Managed Identity Ids diff --git a/lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts index 85df136472..9fbbdf50ec 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts @@ -18,8 +18,8 @@ import { import { AuthenticationResult } from "@azure/msal-common"; import { ManagedIdentityClient } from "../../../src/client/ManagedIdentityClient"; import { - AzureIdentitySdkManagedIdentitySourceNames, ManagedIdentityEnvironmentVariableNames, + ManagedIdentitySourceNames, } from "../../../src/utils/Constants"; describe("Acquires a token successfully via an App Service Managed Identity", () => { @@ -49,7 +49,7 @@ describe("Acquires a token successfully via an App Service Managed Identity", () const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.APP_SERVICE + ManagedIdentitySourceNames.APP_SERVICE ); const networkManagedIdentityResult: AuthenticationResult = @@ -69,7 +69,7 @@ describe("Acquires a token successfully via an App Service Managed Identity", () systemAssignedConfig ); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.APP_SERVICE + ManagedIdentitySourceNames.APP_SERVICE ); }); diff --git a/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts index d964db0149..88b477a782 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/AzureArc.spec.ts @@ -30,8 +30,8 @@ import { import { ARC_API_VERSION } from "../../../src/client/ManagedIdentitySources/AzureArc"; import * as fs from "fs"; import { - AzureIdentitySdkManagedIdentitySourceNames, ManagedIdentityEnvironmentVariableNames, + ManagedIdentitySourceNames, } from "../../../src/utils/Constants"; jest.mock("fs"); @@ -67,7 +67,7 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = systemAssignedConfig ); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.ARC + ManagedIdentitySourceNames.AZURE_ARC ); }); @@ -116,7 +116,7 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }, }); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.ARC + ManagedIdentitySourceNames.AZURE_ARC ); const networkErrorClient: ManagedIdentityNetworkErrorClient = @@ -175,7 +175,7 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.ARC + ManagedIdentitySourceNames.AZURE_ARC ); await expect( @@ -201,7 +201,7 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }, }); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.ARC + ManagedIdentitySourceNames.AZURE_ARC ); await expect( @@ -226,7 +226,7 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }, }); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.ARC + ManagedIdentitySourceNames.AZURE_ARC ); await expect( @@ -251,7 +251,7 @@ describe("Acquires a token successfully via an Azure Arc Managed Identity", () = }, }); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.ARC + ManagedIdentitySourceNames.AZURE_ARC ); jest.spyOn(fs, "readFileSync").mockImplementationOnce(() => { diff --git a/lib/msal-node/test/client/ManagedIdentitySources/CloudShell.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/CloudShell.spec.ts index f4e3b364af..4085dd6a1c 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/CloudShell.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/CloudShell.spec.ts @@ -17,8 +17,8 @@ import { import { AuthenticationResult } from "@azure/msal-common"; import { ManagedIdentityClient } from "../../../src/client/ManagedIdentityClient"; import { - AzureIdentitySdkManagedIdentitySourceNames, ManagedIdentityEnvironmentVariableNames, + ManagedIdentitySourceNames, } from "../../../src/utils/Constants"; import { ManagedIdentityErrorCodes, @@ -50,7 +50,7 @@ describe("Acquires a token successfully via an App Service Managed Identity", () systemAssignedConfig ); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.CLOUD_SHELL + ManagedIdentitySourceNames.CLOUD_SHELL ); }); @@ -93,7 +93,7 @@ describe("Acquires a token successfully via an App Service Managed Identity", () const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.CLOUD_SHELL + ManagedIdentitySourceNames.CLOUD_SHELL ); await expect( diff --git a/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts index a0e8f05bc3..c145d89248 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts @@ -26,8 +26,8 @@ import { systemAssignedConfig, } from "../../test_kit/ManagedIdentityTestUtils"; import { - AzureIdentitySdkManagedIdentitySourceNames, DEFAULT_MANAGED_IDENTITY_ID, + ManagedIdentitySourceNames, } from "../../../src/utils/Constants"; import { AccessTokenEntity, @@ -88,7 +88,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM + ManagedIdentitySourceNames.DEFAULT_TO_IMDS ); const networkManagedIdentityResult: AuthenticationResult = @@ -105,7 +105,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedObjectIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM + ManagedIdentitySourceNames.DEFAULT_TO_IMDS ); const networkManagedIdentityResult: AuthenticationResult = @@ -122,7 +122,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedResourceIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM + ManagedIdentitySourceNames.DEFAULT_TO_IMDS ); const networkManagedIdentityResult: AuthenticationResult = @@ -143,7 +143,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { systemAssignedConfig ); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM + ManagedIdentitySourceNames.DEFAULT_TO_IMDS ); }); @@ -190,9 +190,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { ); expect( managedIdentityApplication.getManagedIdentitySource() - ).toBe( - AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM - ); + ).toBe(ManagedIdentitySourceNames.DEFAULT_TO_IMDS); }); test("returns a 500 error response from the network request, just the first time", async () => { @@ -252,9 +250,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { ); expect( managedIdentityApplication.getManagedIdentitySource() - ).toBe( - AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM - ); + ).toBe(ManagedIdentitySourceNames.DEFAULT_TO_IMDS); }); test("returns a 500 error response from the network request, just the first time, with no retry-after header", async () => { @@ -462,9 +458,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); expect( managedIdentityApplicationNoRetry.getManagedIdentitySource() - ).toBe( - AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM - ); + ).toBe(ManagedIdentitySourceNames.DEFAULT_TO_IMDS); const sendGetRequestAsyncSpy: jest.SpyInstance = jest .spyOn(networkClient, "sendGetRequestAsync") @@ -499,7 +493,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { new ManagedIdentityApplication(systemAssignedConfig); expect( systemAssignedManagedIdentityApplication.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); + ).toBe(ManagedIdentitySourceNames.DEFAULT_TO_IMDS); }); test("acquires a token from the network and then the same token from the cache, then acquires a different token for another scope", async () => { @@ -657,7 +651,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); expect( userAssignedClientIdManagedIdentityApplicationResource1.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); + ).toBe(ManagedIdentitySourceNames.DEFAULT_TO_IMDS); const userAssignedObjectIdManagedIdentityApplicationResource2: ManagedIdentityApplication = new ManagedIdentityApplication({ @@ -672,7 +666,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); expect( userAssignedObjectIdManagedIdentityApplicationResource2.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); + ).toBe(ManagedIdentitySourceNames.DEFAULT_TO_IMDS); // ********** begin: return access tokens from a network request ********** // resource R1 for system assigned - returned from a network request @@ -711,7 +705,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { new ManagedIdentityApplication(systemAssignedConfig); expect( systemAssignedManagedIdentityApplicationClone.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); + ).toBe(ManagedIdentitySourceNames.DEFAULT_TO_IMDS); let cachedManagedIdentityResult: AuthenticationResult = await systemAssignedManagedIdentityApplicationClone.acquireToken( { @@ -732,7 +726,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); expect( userAssignedClientIdManagedIdentityApplicationResource1Clone.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); + ).toBe(ManagedIdentitySourceNames.DEFAULT_TO_IMDS); cachedManagedIdentityResult = await userAssignedClientIdManagedIdentityApplicationResource1Clone.acquireToken( { @@ -755,7 +749,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }); expect( userAssignedObjectIdManagedIdentityApplicationResource2Clone.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); + ).toBe(ManagedIdentitySourceNames.DEFAULT_TO_IMDS); cachedManagedIdentityResult = await userAssignedObjectIdManagedIdentityApplicationResource2Clone.acquireToken( { @@ -795,7 +789,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { new ManagedIdentityApplication(systemAssignedConfig); expect( systemAssignedManagedIdentityApplication.getManagedIdentitySource() - ).toBe(AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM); + ).toBe(ManagedIdentitySourceNames.DEFAULT_TO_IMDS); await expect( systemAssignedManagedIdentityApplication.acquireToken({ @@ -838,7 +832,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { }, }); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.DEFAULT_TO_VM + ManagedIdentitySourceNames.DEFAULT_TO_IMDS ); let serverError: ServerError = new ServerError(); diff --git a/lib/msal-node/test/client/ManagedIdentitySources/ServiceFabric.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/ServiceFabric.spec.ts index a8d6e85ba5..81e5bccb28 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/ServiceFabric.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/ServiceFabric.spec.ts @@ -18,8 +18,8 @@ import { import { AuthenticationResult } from "@azure/msal-common"; import { ManagedIdentityClient } from "../../../src/client/ManagedIdentityClient"; import { - AzureIdentitySdkManagedIdentitySourceNames, ManagedIdentityEnvironmentVariableNames, + ManagedIdentitySourceNames, } from "../../../src/utils/Constants"; describe("Acquires a token successfully via an App Service Managed Identity", () => { @@ -55,7 +55,7 @@ describe("Acquires a token successfully via an App Service Managed Identity", () const managedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(userAssignedClientIdConfig); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.SERVICE_FABRIC + ManagedIdentitySourceNames.SERVICE_FABRIC ); const networkManagedIdentityResult: AuthenticationResult = @@ -75,7 +75,7 @@ describe("Acquires a token successfully via an App Service Managed Identity", () systemAssignedConfig ); expect(managedIdentityApplication.getManagedIdentitySource()).toBe( - AzureIdentitySdkManagedIdentitySourceNames.SERVICE_FABRIC + ManagedIdentitySourceNames.SERVICE_FABRIC ); }); From 1c26e4537a627426a597355297d814ba8f6eea9c Mon Sep 17 00:00:00 2001 From: Robbie Ginsburg Date: Fri, 17 May 2024 13:54:49 -0400 Subject: [PATCH 10/10] Updated comments --- lib/msal-node/src/client/ManagedIdentityApplication.ts | 2 +- lib/msal-node/src/client/ManagedIdentityClient.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/msal-node/src/client/ManagedIdentityApplication.ts b/lib/msal-node/src/client/ManagedIdentityApplication.ts index 19fd17b379..a14ef67ec2 100644 --- a/lib/msal-node/src/client/ManagedIdentityApplication.ts +++ b/lib/msal-node/src/client/ManagedIdentityApplication.ts @@ -190,7 +190,7 @@ export class ManagedIdentityApplication { /** * Determine the Managed Identity Source based on available environment variables. This API is consumed by Azure Identity SDK. - * @returns AzureIdentitySdkManagedIdentitySourceNames - Azure Identity SDK defined identifiers for the Managed Identity Sources + * @returns ManagedIdentitySourceNames - The Managed Identity source's name */ public getManagedIdentitySource(): ManagedIdentitySourceNames { return ( diff --git a/lib/msal-node/src/client/ManagedIdentityClient.ts b/lib/msal-node/src/client/ManagedIdentityClient.ts index 38ded0b326..8ca8a13c03 100644 --- a/lib/msal-node/src/client/ManagedIdentityClient.ts +++ b/lib/msal-node/src/client/ManagedIdentityClient.ts @@ -87,7 +87,7 @@ export class ManagedIdentityClient { /** * Determine the Managed Identity Source based on available environment variables. This API is consumed by ManagedIdentityApplication's getManagedIdentitySource. - * @returns AzureIdentitySdkManagedIdentitySourceNames - Azure Identity SDK defined identifiers for the Managed Identity Sources + * @returns ManagedIdentitySourceNames - The Managed Identity source's name */ public getManagedIdentitySource(): ManagedIdentitySourceNames { ManagedIdentityClient.sourceName =