From 65b20043b801f66dc9ecd595b24b3befd412e8d4 Mon Sep 17 00:00:00 2001 From: Scott Schaab Date: Mon, 9 Oct 2023 14:01:01 -0700 Subject: [PATCH] Bug fixes for development time credentials --- sdk/identity/Azure.Identity/CHANGELOG.md | 6 ++++++ .../Azure.Identity/src/Credentials/AzureCliCredential.cs | 3 ++- .../src/Credentials/AzureDeveloperCliCredential.cs | 9 ++++++++- .../src/Credentials/AzurePowerShellCredential.cs | 7 +++++-- 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/sdk/identity/Azure.Identity/CHANGELOG.md b/sdk/identity/Azure.Identity/CHANGELOG.md index d6e805d0f2611..0672483dde0bf 100644 --- a/sdk/identity/Azure.Identity/CHANGELOG.md +++ b/sdk/identity/Azure.Identity/CHANGELOG.md @@ -1,5 +1,11 @@ # Release History +## 1.10.2 (2023-10-10) + +### Bugs Fixed + +- Bug fixes for development time credentials. + ## 1.10.1 (2023-09-12) ### Bugs Fixed diff --git a/sdk/identity/Azure.Identity/src/Credentials/AzureCliCredential.cs b/sdk/identity/Azure.Identity/src/Credentials/AzureCliCredential.cs index 8360f77bb8970..c5c50e027aad7 100644 --- a/sdk/identity/Azure.Identity/src/Credentials/AzureCliCredential.cs +++ b/sdk/identity/Azure.Identity/src/Credentials/AzureCliCredential.cs @@ -73,7 +73,7 @@ internal AzureCliCredential(CredentialPipeline pipeline, IProcessService process _pipeline = pipeline; _path = !string.IsNullOrEmpty(EnvironmentVariables.Path) ? EnvironmentVariables.Path : DefaultPath; _processService = processService ?? ProcessService.Default; - TenantId = options?.TenantId; + TenantId = Validations.ValidateTenantId(options?.TenantId, $"{nameof(options)}.{nameof(options.TenantId)}", true); AdditionallyAllowedTenantIds = TenantIdResolver.ResolveAddionallyAllowedTenantIds((options as ISupportsAdditionallyAllowedTenants)?.AdditionallyAllowedTenants); ProcessTimeout = options?.ProcessTimeout ?? TimeSpan.FromSeconds(13); _isChainedCredential = options?.IsChainedCredential ?? false; @@ -121,6 +121,7 @@ private async ValueTask RequestCliAccessTokenAsync(bool async, Toke string resource = ScopeUtilities.ScopesToResource(context.Scopes); string tenantId = TenantIdResolver.Resolve(TenantId, context, AdditionallyAllowedTenantIds); + Validations.ValidateTenantId(tenantId, nameof(context.TenantId), true); ScopeUtilities.ValidateScope(resource); GetFileNameAndArguments(resource, tenantId, out string fileName, out string argument); diff --git a/sdk/identity/Azure.Identity/src/Credentials/AzureDeveloperCliCredential.cs b/sdk/identity/Azure.Identity/src/Credentials/AzureDeveloperCliCredential.cs index aada387c93cc5..4b4402df509bb 100644 --- a/sdk/identity/Azure.Identity/src/Credentials/AzureDeveloperCliCredential.cs +++ b/sdk/identity/Azure.Identity/src/Credentials/AzureDeveloperCliCredential.cs @@ -65,7 +65,7 @@ internal AzureDeveloperCliCredential(CredentialPipeline pipeline, IProcessServic _logAccountDetails = options?.Diagnostics?.IsAccountIdentifierLoggingEnabled ?? false; _pipeline = pipeline; _processService = processService ?? ProcessService.Default; - TenantId = options?.TenantId; + TenantId = Validations.ValidateTenantId(options?.TenantId, $"{nameof(options)}.{nameof(options.TenantId)}", true); AdditionallyAllowedTenantIds = TenantIdResolver.ResolveAddionallyAllowedTenantIds((options as ISupportsAdditionallyAllowedTenants)?.AdditionallyAllowedTenants); ProcessTimeout = options?.ProcessTimeout ?? TimeSpan.FromSeconds(13); _isChainedCredential = options?.IsChainedCredential ?? false; @@ -112,6 +112,13 @@ private async ValueTask RequestCliAccessTokenAsync(bool async, Toke { string tenantId = TenantIdResolver.Resolve(TenantId, context, AdditionallyAllowedTenantIds); + Validations.ValidateTenantId(tenantId, nameof(context.TenantId), true); + + foreach (var scope in context.Scopes) + { + ScopeUtilities.ValidateScope(scope); + } + GetFileNameAndArguments(context.Scopes, tenantId, out string fileName, out string argument); ProcessStartInfo processStartInfo = GetAzureDeveloperCliProcessStartInfo(fileName, argument); using var processRunner = new ProcessRunner(_processService.Create(processStartInfo), ProcessTimeout, _logPII, cancellationToken); diff --git a/sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredential.cs b/sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredential.cs index 2f3148507a66c..37de6e0245076 100644 --- a/sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredential.cs +++ b/sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredential.cs @@ -63,7 +63,7 @@ internal AzurePowerShellCredential(AzurePowerShellCredentialOptions options, Cre UseLegacyPowerShell = false; _logPII = options?.IsUnsafeSupportLoggingEnabled ?? false; _logAccountDetails = options?.Diagnostics?.IsAccountIdentifierLoggingEnabled ?? false; - TenantId = options?.TenantId; + TenantId = Validations.ValidateTenantId(options?.TenantId, $"{nameof(options)}.{nameof(options.TenantId)}", true); _pipeline = pipeline ?? CredentialPipeline.GetInstance(options); _processService = processService ?? ProcessService.Default; AdditionallyAllowedTenantIds = TenantIdResolver.ResolveAddionallyAllowedTenantIds((options as ISupportsAdditionallyAllowedTenants)?.AdditionallyAllowedTenants); @@ -139,9 +139,12 @@ private async ValueTask RequestAzurePowerShellAccessTokenAsync(bool { string resource = ScopeUtilities.ScopesToResource(context.Scopes); - ScopeUtilities.ValidateScope(resource); var tenantId = TenantIdResolver.Resolve(TenantId, context, AdditionallyAllowedTenantIds); + Validations.ValidateTenantId(tenantId, nameof(context.TenantId), true); + + ScopeUtilities.ValidateScope(resource); + GetFileNameAndArguments(resource, tenantId, out string fileName, out string argument); ProcessStartInfo processStartInfo = GetAzurePowerShellProcessStartInfo(fileName, argument); using var processRunner = new ProcessRunner(