From ee636e1d856d47c1dd33652402159806239baa2d Mon Sep 17 00:00:00 2001 From: jiasli <4003950+jiasli@users.noreply.github.com> Date: Wed, 20 Nov 2024 16:51:21 +0800 Subject: [PATCH] scopes --- .../cli/core/auth/adal_authentication.py | 4 ++-- .../azure/cli/core/auth/credential_adaptor.py | 3 +-- .../azure/cli/core/auth/tests/test_util.py | 17 +-------------- .../azure/cli/core/auth/util.py | 21 ------------------- 4 files changed, 4 insertions(+), 41 deletions(-) diff --git a/src/azure-cli-core/azure/cli/core/auth/adal_authentication.py b/src/azure-cli-core/azure/cli/core/auth/adal_authentication.py index 35174dafb0f..8aeabf4b7ca 100644 --- a/src/azure-cli-core/azure/cli/core/auth/adal_authentication.py +++ b/src/azure-cli-core/azure/cli/core/auth/adal_authentication.py @@ -7,7 +7,7 @@ from knack.log import get_logger from msrestazure.azure_active_directory import MSIAuthentication -from .util import _normalize_scopes, scopes_to_resource, AccessToken +from .util import scopes_to_resource, AccessToken logger = get_logger(__name__) @@ -39,7 +39,7 @@ def get_token(self, *scopes, **kwargs): # pylint:disable=unused-argument raise AuthenticationError("VM SSH currently doesn't support managed identity.") # Use msrestazure to get access token - resource = scopes_to_resource(_normalize_scopes(scopes)) + resource = scopes_to_resource(scopes) if resource: # If available, use resource provided by SDK self.resource = resource diff --git a/src/azure-cli-core/azure/cli/core/auth/credential_adaptor.py b/src/azure-cli-core/azure/cli/core/auth/credential_adaptor.py index 53fc3dffb5c..3635963cb78 100644 --- a/src/azure-cli-core/azure/cli/core/auth/credential_adaptor.py +++ b/src/azure-cli-core/azure/cli/core/auth/credential_adaptor.py @@ -7,7 +7,7 @@ from knack.log import get_logger from knack.util import CLIError -from .util import resource_to_scopes, _normalize_scopes +from .util import resource_to_scopes logger = get_logger(__name__) @@ -62,7 +62,6 @@ def get_token(self, *scopes, **kwargs): if 'data' in kwargs: filtered_kwargs['data'] = kwargs['data'] - scopes = _normalize_scopes(scopes) token, _ = self._get_token(scopes, **filtered_kwargs) return token diff --git a/src/azure-cli-core/azure/cli/core/auth/tests/test_util.py b/src/azure-cli-core/azure/cli/core/auth/tests/test_util.py index c96e5a446ed..12bd442a1d6 100644 --- a/src/azure-cli-core/azure/cli/core/auth/tests/test_util.py +++ b/src/azure-cli-core/azure/cli/core/auth/tests/test_util.py @@ -6,7 +6,7 @@ # pylint: disable=protected-access import unittest -from azure.cli.core.auth.util import scopes_to_resource, resource_to_scopes, _normalize_scopes, _generate_login_command +from azure.cli.core.auth.util import scopes_to_resource, resource_to_scopes, _generate_login_command class TestUtil(unittest.TestCase): @@ -50,21 +50,6 @@ def test_resource_to_scopes(self): self.assertEqual(resource_to_scopes('https://managedhsm.azure.com'), ['https://managedhsm.azure.com/.default']) - def test_normalize_scopes(self): - # Test no scopes - self.assertIsNone(_normalize_scopes(())) - self.assertIsNone(_normalize_scopes([])) - self.assertIsNone(_normalize_scopes(None)) - - # Test multiple scopes, with the first one discarded - scopes = _normalize_scopes(("https://management.core.windows.net//.default", - "https://management.core.chinacloudapi.cn//.default")) - self.assertEqual(list(scopes), ["https://management.core.chinacloudapi.cn//.default"]) - - # Test single scopes (the correct usage) - scopes = _normalize_scopes(("https://management.core.chinacloudapi.cn//.default",)) - self.assertEqual(list(scopes), ["https://management.core.chinacloudapi.cn//.default"]) - def test_generate_login_command(self): # No parameter is given assert _generate_login_command() == 'az login' diff --git a/src/azure-cli-core/azure/cli/core/auth/util.py b/src/azure-cli-core/azure/cli/core/auth/util.py index a89500ef9ce..7b89f501aaf 100644 --- a/src/azure-cli-core/azure/cli/core/auth/util.py +++ b/src/azure-cli-core/azure/cli/core/auth/util.py @@ -106,27 +106,6 @@ def scopes_to_resource(scopes): return scope -def _normalize_scopes(scopes): - """Normalize scopes to workaround some SDK issues.""" - - # Track 2 SDKs generated before https://github.com/Azure/autorest.python/pull/239 don't maintain - # credential_scopes and call `get_token` with empty scopes. - # As a workaround, return None so that the CLI-managed resource is used. - if not scopes: - logger.debug("No scope is provided by the SDK, use the CLI-managed resource.") - return None - - # Track 2 SDKs generated before https://github.com/Azure/autorest.python/pull/745 extend default - # credential_scopes with custom credential_scopes. Instead, credential_scopes should be replaced by - # custom credential_scopes. https://github.com/Azure/azure-sdk-for-python/issues/12947 - # As a workaround, remove the first one if there are multiple scopes provided. - if len(scopes) > 1: - logger.debug("Multiple scopes are provided by the SDK, discarding the first one: %s", scopes[0]) - return scopes[1:] - - return scopes - - def check_result(result, **kwargs): """Parse the result returned by MSAL: