|
| 1 | +"""This script is used to impersonate Azure CLI |
| 2 | +and run 3 pairs of end-to-end tests with broker. |
| 3 | +Although not fully automated, it requires only several clicks to finish. |
| 4 | +
|
| 5 | +Each time a new PyMsalRuntime is going to be released, |
| 6 | +we can use this script to test it with a given version of MSAL Python. |
| 7 | +""" |
| 8 | +import msal |
| 9 | + |
| 10 | +_AZURE_CLI = "04b07795-8ddb-461a-bbee-02f9e1bf7b46" |
| 11 | +SCOPE_ARM = "https://management.azure.com/.default" |
| 12 | +placeholder_auth_scheme = msal.PopAuthScheme( |
| 13 | + http_method=msal.PopAuthScheme.HTTP_GET, |
| 14 | + url="https://example.com/endpoint", |
| 15 | + nonce="placeholder", |
| 16 | + ) |
| 17 | +_JWK1 = """{"kty":"RSA", "n":"2tNr73xwcj6lH7bqRZrFzgSLj7OeLfbn8216uOMDHuaZ6TEUBDN8Uz0ve8jAlKsP9CQFCSVoSNovdE-fs7c15MxEGHjDcNKLWonznximj8pDGZQjVdfK-7mG6P6z-lgVcLuYu5JcWU_PeEqIKg5llOaz-qeQ4LEDS4T1D2qWRGpAra4rJX1-kmrWmX_XIamq30C9EIO0gGuT4rc2hJBWQ-4-FnE1NXmy125wfT3NdotAJGq5lMIfhjfglDbJCwhc8Oe17ORjO3FsB5CLuBRpYmP7Nzn66lRY3Fe11Xz8AEBl3anKFSJcTvlMnFtu3EpD-eiaHfTgRBU7CztGQqVbiQ", "e":"AQAB"}""" |
| 18 | +_SSH_CERT_DATA = {"token_type": "ssh-cert", "key_id": "key1", "req_cnf": _JWK1} |
| 19 | +_SSH_CERT_SCOPE = "https://pas.windows.net/CheckMyAccess/Linux/.default" |
| 20 | + |
| 21 | +pca = msal.PublicClientApplication( |
| 22 | + _AZURE_CLI, |
| 23 | + authority="https://login.microsoftonline.com/organizations", |
| 24 | + enable_broker_on_windows=True) |
| 25 | + |
| 26 | +def interactive_and_silent(scopes, auth_scheme, data, expected_token_type): |
| 27 | + print("An account picker shall be pop up, possibly behind this console. Continue from there.") |
| 28 | + result = pca.acquire_token_interactive( |
| 29 | + scopes, |
| 30 | + prompt="select_account", # "az login" does this |
| 31 | + parent_window_handle=pca.CONSOLE_WINDOW_HANDLE, # This script is a console app |
| 32 | + enable_msa_passthrough=True, # Azure CLI is an MSA-passthrough app |
| 33 | + auth_scheme=auth_scheme, |
| 34 | + data=data or {}, |
| 35 | + ) |
| 36 | + _assert(result, expected_token_type) |
| 37 | + |
| 38 | + accounts = pca.get_accounts() |
| 39 | + assert accounts, "The logged in account should have been established by interactive flow" |
| 40 | + result = pca.acquire_token_silent( |
| 41 | + scopes, |
| 42 | + account=accounts[0], |
| 43 | + force_refresh=True, # Bypass MSAL Python's token cache to test PyMsalRuntime |
| 44 | + auth_scheme=auth_scheme, |
| 45 | + data=data or {}, |
| 46 | + ) |
| 47 | + _assert(result, expected_token_type) |
| 48 | + |
| 49 | +def _assert(result, expected_token_type): |
| 50 | + assert result.get("access_token"), f"We should obtain a token. Got {result} instead." |
| 51 | + assert result.get("token_source") == "broker", "Token should be obtained via broker" |
| 52 | + assert result.get("token_type").lower() == expected_token_type.lower(), f"{expected_token_type} not found" |
| 53 | + |
| 54 | +for i in range(2): # Mimic Azure CLI's issue report |
| 55 | + interactive_and_silent( |
| 56 | + scopes=[SCOPE_ARM], auth_scheme=None, data=None, expected_token_type="bearer") |
| 57 | + |
| 58 | +interactive_and_silent( |
| 59 | + scopes=[SCOPE_ARM], auth_scheme=placeholder_auth_scheme, data=None, expected_token_type="pop") |
| 60 | +interactive_and_silent( |
| 61 | + scopes=[_SSH_CERT_SCOPE], |
| 62 | + data=_SSH_CERT_DATA, |
| 63 | + auth_scheme=None, |
| 64 | + expected_token_type="ssh-cert", |
| 65 | + ) |
| 66 | + |
0 commit comments