From e9b3913703c1b9725ab1e68a30e8acda0a6dfffc Mon Sep 17 00:00:00 2001 From: Ray Luo Date: Tue, 29 Oct 2024 12:34:56 -0700 Subject: [PATCH 1/2] Fix incorrect arc detection and add test cases --- msal/managed_identity.py | 8 +++++--- tests/test_mi.py | 16 +++++++++++++++- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/msal/managed_identity.py b/msal/managed_identity.py index 5636f564..755c9bd8 100644 --- a/msal/managed_identity.py +++ b/msal/managed_identity.py @@ -319,10 +319,12 @@ def _scope_to_resource(scope): # This is an experimental reasonable-effort appr def _get_arc_endpoint(): if "IDENTITY_ENDPOINT" in os.environ and "IMDS_ENDPOINT" in os.environ: return os.environ["IDENTITY_ENDPOINT"] - if ( # Defined in https://msazure.visualstudio.com/One/_wiki/wikis/One.wiki/233012/VM-Extension-Authoring-for-Arc?anchor=determining-which-endpoint-to-use - sys.platform == "linux" and os.path.exists("/var/opt/azcmagent/bin/himds") + if ( # Defined in https://eng.ms/docs/cloud-ai-platform/azure-core/azure-management-and-platforms/control-plane-bburns/hybrid-resource-provider/azure-arc-for-servers/specs/extension_authoring + sys.platform == "linux" and os.path.exists("/opt/azcmagent/bin/himds") or sys.platform == "win32" and os.path.exists(os.path.expandvars( - r"%ProgramFiles%\AzureConnectedMachineAgent\himds.exe")) + # Avoid Windows-only "%EnvVar%" syntax so that tests can be run on Linux + r"${ProgramFiles}\AzureConnectedMachineAgent\himds.exe" + )) ): return "http://localhost:40342/metadata/identity/oauth2/token" diff --git a/tests/test_mi.py b/tests/test_mi.py index f3182c7b..d3a83a0c 100644 --- a/tests/test_mi.py +++ b/tests/test_mi.py @@ -303,9 +303,23 @@ def test_machine_learning(self): "IDENTITY_ENDPOINT": "http://localhost", "IMDS_ENDPOINT": "http://localhost", }) - def test_arc(self): + def test_arc_by_env_var(self): self.assertEqual(get_managed_identity_source(), AZURE_ARC) + @patch("msal.managed_identity.os.path.exists", return_value=True) + @patch("msal.managed_identity.sys.platform", new="linux") + def test_arc_by_file_existence_on_linux(self, mocked_exists): + self.assertEqual(get_managed_identity_source(), AZURE_ARC) + mocked_exists.assert_called_with("/opt/azcmagent/bin/himds") + + @patch("msal.managed_identity.os.path.exists", return_value=True) + @patch("msal.managed_identity.sys.platform", new="win32") + @patch.dict(os.environ, {"ProgramFiles": "C:\Program Files"}) + def test_arc_by_file_existence_on_windows(self, mocked_exists): + self.assertEqual(get_managed_identity_source(), AZURE_ARC) + mocked_exists.assert_called_with( + r"C:\Program Files\AzureConnectedMachineAgent\himds.exe") + @patch.dict(os.environ, { "AZUREPS_HOST_ENVIRONMENT": "cloud-shell-foo", }) From 69a96fe17b49d4ba698108d70f93fecbdff2117e Mon Sep 17 00:00:00 2001 From: Ray Luo Date: Fri, 1 Nov 2024 12:34:56 -0700 Subject: [PATCH 2/2] Release MSAL Python 1.31.1 --- msal/application.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal/application.py b/msal/application.py index 0869d9e5..bf55e5e9 100644 --- a/msal/application.py +++ b/msal/application.py @@ -21,7 +21,7 @@ # The __init__.py will import this. Not the other way around. -__version__ = "1.31.0" # When releasing, also check and bump our dependencies's versions if needed +__version__ = "1.31.1" # When releasing, also check and bump our dependencies's versions if needed logger = logging.getLogger(__name__) _AUTHORITY_TYPE_CLOUDSHELL = "CLOUDSHELL"