Azure · xiangyan99 · Mar 3, 2022 · Feb 11, 2022 · Feb 28, 2022 · Feb 28, 2022
@@ -48,15 +48,15 @@ def _get_client_args(**kwargs):
         kwargs,
         _content_callback=_parse_app_service_expires_on,
         identity_config=identity_config,
-        base_headers={"secret": secret},
+        base_headers={"X-IDENTITY-HEADER": secret},
         request_factory=functools.partial(_get_request, url),
     )
 
 
 def _get_request(url, scope, identity_config):
     # type: (str, str, dict) -> HttpRequest
     request = HttpRequest("GET", url)
-    request.format_parameters(dict({"api-version": "2017-09-01", "resource": scope}, **identity_config))
+    request.format_parameters(dict({"api-version": "2019-08-01", "resource": scope}, **identity_config))
     return request
 
 

@@ -13,7 +13,7 @@ interactions:
       secret:
       - redacted
     method: GET
-    uri: https://msi-endpoint/token?api-version=2017-09-01&resource=https://management.azure.com
+    uri: https://msi-endpoint/token?api-version=2019-08-01&resource=https://management.azure.com
   response:
     body:
       string: '{"access_token": "redacted", "expires_on": "05/22/2021 17:14:33 +00:00",

@@ -13,7 +13,7 @@ interactions:
       secret:
       - redacted
     method: GET
-    uri: https://msi-endpoint/token?api-version=2017-09-01&resource=https://management.azure.com&clientid=client-id
+    uri: https://msi-endpoint/token?api-version=2019-08-01&resource=https://management.azure.com&clientid=client-id
   response:
     body:
       string: '{"access_token": "redacted", "expires_on": "05/22/2021 17:18:21 +00:00",

@@ -7,7 +7,7 @@ interactions:
       secret:
       - redacted
     method: GET
-    uri: https://msi-endpoint/token?api-version=2017-09-01&resource=https://management.azure.com
+    uri: https://msi-endpoint/token?api-version=2019-08-01&resource=https://management.azure.com
   response:
     body:
       string: '{"access_token": "redacted", "expires_on": "05/22/2021 17:18:20 +00:00",
@@ -21,5 +21,5 @@ interactions:
     status:
       code: 200
       message: OK
-    url: http://172.16.7.2:8081/msi/token?api-version=2017-09-01&resource=https://management.azure.com
+    url: http://172.16.7.2:8081/msi/token?api-version=2019-08-01&resource=https://management.azure.com
 version: 1
@@ -7,7 +7,7 @@ interactions:
       secret:
       - redacted
     method: GET
-    uri: https://msi-endpoint/token?api-version=2017-09-01&resource=https://management.azure.com&clientid=client-id
+    uri: https://msi-endpoint/token?api-version=2019-08-01&resource=https://management.azure.com&clientid=client-id
   response:
     body:
       string: '{"access_token": "redacted", "expires_on": "05/22/2021 17:18:21 +00:00",
@@ -21,5 +21,5 @@ interactions:
     status:
       code: 200
       message: OK
-    url: http://172.16.7.2:8081/msi/token?api-version=2017-09-01&resource=https://management.azure.com&clientid=b48ae5dc-70d0-488a-8ef5-f30d905cd5ec
+    url: http://172.16.7.2:8081/msi/token?api-version=2019-08-01&resource=https://management.azure.com&clientid=b48ae5dc-70d0-488a-8ef5-f30d905cd5ec
 version: 1
@@ -167,14 +167,14 @@ def test_azure_ml():
             Request(
                 url,
                 method="GET",
-                required_headers={"secret": secret, "User-Agent": USER_AGENT},
-                required_params={"api-version": "2017-09-01", "resource": scope},
+                required_headers={"X-IDENTITY-HEADER": secret, "User-Agent": USER_AGENT},
+                required_params={"api-version": "2019-08-01", "resource": scope},
             ),
             Request(
                 url,
                 method="GET",
-                required_headers={"secret": secret, "User-Agent": USER_AGENT},
-                required_params={"api-version": "2017-09-01", "resource": scope, "clientid": client_id},
+                required_headers={"X-IDENTITY-HEADER": secret, "User-Agent": USER_AGENT},
+                required_params={"api-version": "2019-08-01", "resource": scope, "clientid": client_id},
             ),
         ],
         responses=[
@@ -256,72 +256,6 @@ def test_cloud_shell_user_assigned_identity():
         assert token.expires_on == expires_on
 
 
-def test_prefers_app_service_2017_09_01():
-    """When the environment is configured for both App Service versions, the credential should prefer 2017-09-01
-
-    Support for 2019-08-01 was removed due to https://github.com/Azure/azure-sdk-for-python/issues/14670. This test
-    should be removed when that support is added back.
-    """
-
-    access_token = "****"
-    expires_on = 42
-    expected_token = AccessToken(access_token, expires_on)
-    url = "http://localhost:42/token"
-    secret = "expected-secret"
-    scope = "scope"
-
-    transport = validating_transport(
-        requests=[
-            Request(
-                url,
-                method="GET",
-                required_headers={"secret": secret, "User-Agent": USER_AGENT},
-                required_params={"api-version": "2017-09-01", "resource": scope},
-            )
-        ]
-        * 2,
-        responses=[
-            mock_response(
-                json_payload={
-                    "access_token": access_token,
-                    "expires_on": "01/01/1970 00:00:{} +00:00".format(expires_on),  # linux format
-                    "resource": scope,
-                    "token_type": "Bearer",
-                }
-            ),
-            mock_response(
-                json_payload={
-                    "access_token": access_token,
-                    "expires_on": "1/1/1970 12:00:{} AM +00:00".format(expires_on),  # windows format
-                    "resource": scope,
-                    "token_type": "Bearer",
-                }
-            ),
-        ],
-    )
-
-    with mock.patch.dict(
-        MANAGED_IDENTITY_ENVIRON,
-        {
-            EnvironmentVariables.IDENTITY_ENDPOINT: url,
-            EnvironmentVariables.IDENTITY_HEADER: secret,
-            EnvironmentVariables.MSI_ENDPOINT: url,
-            EnvironmentVariables.MSI_SECRET: secret,
-        },
-        clear=True,
-    ):
-        token = ManagedIdentityCredential(transport=transport).get_token(scope)
-        assert token == expected_token
-        assert token.expires_on == expires_on
-
-        token = ManagedIdentityCredential(transport=transport).get_token(scope)
-        assert token == expected_token
-        assert token.expires_on == expires_on
-
-
-@pytest.mark.skip(
-    "2019-08-01 support was removed due to https://github.com/Azure/azure-sdk-for-python/issues/14670. This test should be enabled when that support is added back."
-)
 def test_prefers_app_service_2019_08_01():
     """When the environment is configured for both App Service versions, the credential should prefer the most recent"""
 
@@ -363,9 +297,6 @@ def test_prefers_app_service_2019_08_01():
     assert token.expires_on == expires_on
 
 
-@pytest.mark.skip(
-    "2019-08-01 support was removed due to https://github.com/Azure/azure-sdk-for-python/issues/14670. This test should be enabled when that support is added back."
-)
 def test_app_service_2019_08_01():
     """App Service 2019-08-01: IDENTITY_ENDPOINT, IDENTITY_HEADER set"""
 
@@ -393,77 +324,23 @@ def send(request, **_):
         )
 
     # when configuration for both API versions is present, the credential should prefer the most recent
-    for environment in [
-        {EnvironmentVariables.IDENTITY_ENDPOINT: endpoint, EnvironmentVariables.IDENTITY_HEADER: secret},
-        {
-            EnvironmentVariables.IDENTITY_ENDPOINT: endpoint,
-            EnvironmentVariables.IDENTITY_HEADER: secret,
-            EnvironmentVariables.MSI_ENDPOINT: endpoint,
-            EnvironmentVariables.MSI_SECRET: secret,
-        },
-    ]:
-        with mock.patch.dict("os.environ", environment, clear=True):
-            token = ManagedIdentityCredential(transport=mock.Mock(send=send)).get_token(scope)
-        assert token.token == access_token
-        assert token.expires_on == expires_on
-
-
-def test_app_service_2017_09_01():
-    """test parsing of App Service MSI 2017-09-01's eccentric platform-dependent expires_on strings"""
-
-    access_token = "****"
-    expires_on = 42
-    expected_token = AccessToken(access_token, expires_on)
-    url = "http://localhost:42/token"
-    secret = "expected-secret"
-    scope = "scope"
-
-    transport = validating_transport(
-        requests=[
-            Request(
-                url,
-                method="GET",
-                required_headers={"secret": secret, "User-Agent": USER_AGENT},
-                required_params={"api-version": "2017-09-01", "resource": scope},
-            )
-        ]
-        * 2,
-        responses=[
-            mock_response(
-                json_payload={
-                    "access_token": access_token,
-                    "expires_on": "01/01/1970 00:00:{} +00:00".format(expires_on),  # linux format
-                    "resource": scope,
-                    "token_type": "Bearer",
-                }
-            ),
-            mock_response(
-                json_payload={
-                    "access_token": access_token,
-                    "expires_on": "1/1/1970 12:00:{} AM +00:00".format(expires_on),  # windows format
-                    "resource": scope,
-                    "token_type": "Bearer",
-                }
-            ),
-        ],
-    )
-
     with mock.patch.dict(
-        MANAGED_IDENTITY_ENVIRON,
-        {EnvironmentVariables.MSI_ENDPOINT: url, EnvironmentVariables.MSI_SECRET: secret},
-        clear=True,
+            MANAGED_IDENTITY_ENVIRON,
+            {
+                EnvironmentVariables.IDENTITY_ENDPOINT: endpoint,
+                EnvironmentVariables.IDENTITY_HEADER: secret,
+                EnvironmentVariables.MSI_ENDPOINT: endpoint,
+                EnvironmentVariables.MSI_SECRET: secret,
+            },
+            clear=True,
     ):
-        token = ManagedIdentityCredential(transport=transport).get_token(scope)
-        assert token == expected_token
-        assert token.expires_on == expires_on
-
-        token = ManagedIdentityCredential(transport=transport).get_token(scope)
-        assert token == expected_token
+        token = ManagedIdentityCredential(transport=mock.Mock(send=send)).get_token(scope)
+        assert token.token == access_token
         assert token.expires_on == expires_on
 
 
 def test_app_service_user_assigned_identity():
-    """App Service 2017-09-01: MSI_ENDPOINT, MSI_SECRET set"""
+    """App Service 2019-08-01: MSI_ENDPOINT, MSI_SECRET set"""
 
     expected_token = "****"
     expires_on = 42
@@ -478,15 +355,15 @@ def test_app_service_user_assigned_identity():
             Request(
                 base_url=endpoint,
                 method="GET",
-                required_headers={"secret": secret, "User-Agent": USER_AGENT},
-                required_params={"api-version": "2017-09-01", "clientid": client_id, "resource": scope},
+                required_headers={"X-IDENTITY-HEADER": secret, "User-Agent": USER_AGENT},
+                required_params={"api-version": "2019-08-01", "clientid": client_id, "resource": scope},
             ),
             Request(
                 base_url=endpoint,
                 method="GET",
-                required_headers={"secret": secret, "User-Agent": USER_AGENT},
+                required_headers={"X-IDENTITY-HEADER": secret, "User-Agent": USER_AGENT},
                 required_params={
-                    "api-version": "2017-09-01",
+                    "api-version": "2019-08-01",
                     "clientid": client_id,
                     "resource": scope,
                     param_name: param_value,
@@ -569,7 +446,7 @@ def test_client_id_none():
 
     def send(request, **_):
         assert "client_id" not in request.query  # IMDS
-        assert "clientid" not in request.query  # App Service 2017-09-01
+        assert "clientid" not in request.query  # App Service 2019-08-01
         if request.data:
             assert "client_id" not in request.body  # Cloud Shell
         return mock_response(