Skip to content

Commit 7ac58a2

Browse files
authored
fix default credential builder flags (#526)
1 parent 6d968b2 commit 7ac58a2

File tree

2 files changed

+123
-2
lines changed

2 files changed

+123
-2
lines changed

sdk/identity/examples/default_credentials.rs

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,10 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
66
env_logger::init();
77

88
let sub_id = std::env::var("AZURE_SUBSCRIPTION_ID")?;
9-
let creds = DefaultAzureCredential::default();
9+
let creds = DefaultAzureCredentialBuilder::new()
10+
.exclude_cli_credential() // disable using CLI for credentials (just as an example)
11+
.build();
12+
1013
let res = creds
1114
.get_token("https://management.azure.com/")
1215
.await

sdk/identity/src/token_credentials/default_credentials.rs

Lines changed: 119 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,24 @@ use super::{
33
};
44
use azure_core::TokenResponse;
55

6-
#[derive(Debug, Default)]
6+
#[derive(Debug)]
77
/// Provides a mechanism of selectively disabling credentials used for a `DefaultAzureCredential` instance
88
pub struct DefaultAzureCredentialBuilder {
99
include_environment_credential: bool,
1010
include_managed_identity_credential: bool,
1111
include_cli_credential: bool,
1212
}
1313

14+
impl Default for DefaultAzureCredentialBuilder {
15+
fn default() -> Self {
16+
Self {
17+
include_environment_credential: true,
18+
include_managed_identity_credential: true,
19+
include_cli_credential: true,
20+
}
21+
}
22+
}
23+
1424
impl DefaultAzureCredentialBuilder {
1525
/// Create a new `DefaultAzureCredentialBuilder`
1626
pub fn new() -> Self {
@@ -168,3 +178,111 @@ fn format_aggregate_error(errors: &[DefaultAzureCredentialError]) -> String {
168178
.collect::<Vec<String>>()
169179
.join("\n")
170180
}
181+
182+
#[cfg(test)]
183+
mod tests {
184+
use super::*;
185+
use std::matches;
186+
187+
#[test]
188+
fn test_builder_included_credential_flags() {
189+
let builder = DefaultAzureCredentialBuilder::new();
190+
assert_eq!(builder.include_cli_credential, true);
191+
assert_eq!(builder.include_environment_credential, true);
192+
assert_eq!(builder.include_managed_identity_credential, true);
193+
194+
let mut builder = DefaultAzureCredentialBuilder::new();
195+
builder.exclude_cli_credential();
196+
assert_eq!(builder.include_cli_credential, false);
197+
assert_eq!(builder.include_environment_credential, true);
198+
assert_eq!(builder.include_managed_identity_credential, true);
199+
200+
let mut builder = DefaultAzureCredentialBuilder::new();
201+
builder.exclude_environment_credential();
202+
assert_eq!(builder.include_cli_credential, true);
203+
assert_eq!(builder.include_environment_credential, false);
204+
assert_eq!(builder.include_managed_identity_credential, true);
205+
206+
let mut builder = DefaultAzureCredentialBuilder::new();
207+
builder.exclude_managed_identity_credential();
208+
assert_eq!(builder.include_cli_credential, true);
209+
assert_eq!(builder.include_environment_credential, true);
210+
assert_eq!(builder.include_managed_identity_credential, false);
211+
}
212+
213+
macro_rules! contains_credential {
214+
($creds:expr, $p:pat) => {
215+
$creds.sources.iter().any(|x| matches!(x, $p))
216+
};
217+
}
218+
219+
#[test]
220+
fn test_credential_sources() {
221+
let mut builder = DefaultAzureCredentialBuilder::new();
222+
223+
// test with all sources
224+
225+
let credential = builder.build();
226+
assert_eq!(credential.sources.len(), 3);
227+
228+
assert!(contains_credential!(
229+
credential,
230+
DefaultAzureCredentialEnum::Environment(_)
231+
));
232+
assert!(contains_credential!(
233+
credential,
234+
DefaultAzureCredentialEnum::AzureCli(_)
235+
));
236+
assert!(contains_credential!(
237+
credential,
238+
DefaultAzureCredentialEnum::ManagedIdentity(_)
239+
));
240+
241+
// remove environment source
242+
243+
builder.exclude_environment_credential();
244+
let credential = builder.build();
245+
246+
assert_eq!(credential.sources.len(), 2);
247+
248+
assert!(!contains_credential!(
249+
credential,
250+
DefaultAzureCredentialEnum::Environment(_)
251+
));
252+
assert!(contains_credential!(
253+
credential,
254+
DefaultAzureCredentialEnum::AzureCli(_)
255+
));
256+
assert!(contains_credential!(
257+
credential,
258+
DefaultAzureCredentialEnum::ManagedIdentity(_)
259+
));
260+
261+
// remove cli source
262+
263+
builder.exclude_cli_credential();
264+
let credential = builder.build();
265+
266+
assert_eq!(credential.sources.len(), 1);
267+
268+
assert!(!contains_credential!(
269+
credential,
270+
DefaultAzureCredentialEnum::Environment(_)
271+
));
272+
assert!(!contains_credential!(
273+
credential,
274+
DefaultAzureCredentialEnum::AzureCli(_)
275+
));
276+
assert!(contains_credential!(
277+
credential,
278+
DefaultAzureCredentialEnum::ManagedIdentity(_)
279+
));
280+
281+
// remove managed identity source
282+
283+
builder.exclude_managed_identity_credential();
284+
let credential = builder.build();
285+
286+
assert_eq!(credential.sources.len(), 0);
287+
}
288+
}

0 commit comments

Comments
 (0)