Credentials other than EnvironmentCredential broken

[jrahman]

Unfortunately Azure authentication is broken except for Environment based auth using the various AZURE_* environment variables. The problem specifically is that in auth/__init__.py if the environment variables are missing, they are forcibly set to secrets.get(<VAR>, "") right here: https://github.com/chaostoolkit-incubator/chaostoolkit-azure/blob/54230696376ae1e48c2ae68f852fe912b061d9c8/chaosazure/auth/__init__.py#L65C1-L72C67

However, the 'secrets' dictionary is initialized over here:

chaostoolkit-azure/chaosazure/common/config.py

Lines 73 to 98 in 5423069

	if experiment_secrets:
	return {
	"client_id": experiment_secrets.get(
	"client_id", os.getenv("AZURE_CLIENT_ID")
	),
	"client_secret": experiment_secrets.get(
	"client_secret", os.getenv("AZURE_CLIENT_SECRET")
	),
	"tenant_id": experiment_secrets.get(
	"tenant_id", os.getenv("AZURE_TENANT_ID")
	),
	# load cloud object
	"cloud": experiment_secrets.get(
	"azure_cloud", os.getenv("AZURE_CLOUD", "AZURE_PUBLIC_CLOUD")
	),
	"access_token": experiment_secrets.get(
	"access_token", os.getenv("AZURE_ACCESS_TOKEN")
	),
	}
	return {
	"client_id": os.getenv("AZURE_CLIENT_ID"),
	"client_secret": os.getenv("AZURE_CLIENT_SECRET"),
	"tenant_id": os.getenv("AZURE_TENANT_ID"),
	"cloud": os.getenv("AZURE_CLOUD", "AZURE_PUBLIC_CLOUD"),
	"access_token": os.getenv("AZURE_ACCESS_TOKEN"),

. The client_id, tenant_id and client_secret keys are therefore always set to some value (even if None).

Observed Behavior

This means that either:

1. The environment variable is set at runtime before starting the tool, and Azure auth observes this environment variable and must attempt Environment auth without fallback to other auth methods
2. The environment variable is not set at runtime, but neither is client_id, tenant_id or client_secret in the experiment file, which then crashes on the os.putenv() call because secrets.get(<var>, "") returns a None value previously populated in common/config.py
3. The environment variable is not set at runtime, but client_id, tenant_id, and client_secret is set in the experiment file, resulting in auth/__init__.py overwriting the environment variable with the values from the experiment file

The resulting behavior is either a crash (case 2) or Azure DefaultAzureCredentials API observes the environment variables as set and forces Environment based auth (even if we wanted to fall back to other auth modes).

Desired Behavior

If the AZURE_* environment variables are not set, and the client_id, tenent_id and client_secrets are not populated in the experiment file, those environment variables should remain unset so that DefaultAzureCredentials correct falls through to the next authentication method in it's expected sequence.

This can be simply accomplished by checking in auth/__init__.py if secrets.get(<var>) is None, and if so, skipping the os.putenv() calls which otherwise would spuriously set the environment variables with a None value (which crashes due to invalid None input to os.putenv().