DefaultAzureCredential disable VisualStudioCodeCredential by default (#…

…31755) * DefaultAzureCredential disable VisualStudioCodeCredential by default * update README.md * fix tests * Update sdk/identity/Azure.Identity/CHANGELOG.md Co-authored-by: Christopher Scott <chriscott@hotmail.com> * update readme wording to match changelog Co-authored-by: Christopher Scott <chriscott@hotmail.com>
Azure · Oct 12, 2022 · ef716a3 · ef716a3
1 parent 514a152
commit ef716a3
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 11 deletions.
diff --git a/sdk/identity/Azure.Identity/CHANGELOG.md b/sdk/identity/Azure.Identity/CHANGELOG.md
@@ -12,6 +12,7 @@
 - `EnvironmentCredential` updated to support specifying a certificate password via the `AZURE_CLIENT_CERTIFICATE_PASSWORD` environment variable
 
 ### Breaking Changes
+- Excluded `VisualStudioCodeCredential` from `DefaultAzureCredential` token chain by default as SDK authentication via Visual Studio Code is broken due to issue [#27263](https://github.com/Azure/azure-sdk-for-net/issues/27263). The `VisualStudioCodeCredential` will be re-enabled in the `DefaultAzureCredential` flow once a fix is in place. Issue [#30525](https://github.com/Azure/azure-sdk-for-net/issues/30525) tracks this. In the meantime Visual Studio Code users can authenticate their development environment using the [Azure CLI](https://learn.microsoft.com/cli/azure/).
 
 ### Bugs Fixed
 

diff --git a/sdk/identity/Azure.Identity/README.md b/sdk/identity/Azure.Identity/README.md
@@ -76,7 +76,7 @@ The `DefaultAzureCredential` will attempt to authenticate via the following mech
 1. **Environment** - The `DefaultAzureCredential` will read account information specified via [environment variables](#environment-variables) and use it to authenticate.
 2. **Managed Identity** - If the application is deployed to an Azure host with Managed Identity enabled, the `DefaultAzureCredential` will authenticate with that account.
 3. **Visual Studio** - If the developer has authenticated via Visual Studio, the `DefaultAzureCredential` will authenticate with that account.
-4. **Visual Studio Code** - If the developer has authenticated via the Visual Studio Code Azure Account plugin, the `DefaultAzureCredential` will authenticate with that account.
+4. **Visual Studio Code** - Currently excluded by default as SDK authentication via Visual Studio Code is broken due to issue [#27263](https://github.com/Azure/azure-sdk-for-net/issues/27263). The `VisualStudioCodeCredential` will be re-enabled in the `DefaultAzureCredential` flow once a fix is in place. Issue [#30525](https://github.com/Azure/azure-sdk-for-net/issues/30525) tracks this. In the meantime Visual Studio Code users can authenticate their development environment using the [Azure CLI](https://learn.microsoft.com/cli/azure/).
 5. **Azure CLI** - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.
 6. **Azure PowerShell** - If the developer has authenticated an account via the Azure PowerShell `Connect-AzAccount` command, the `DefaultAzureCredential` will authenticate with that account.
 7. **Interactive browser** - If enabled, the `DefaultAzureCredential` will interactively authenticate the developer via the current system's default browser. By default, this credential type is disabled.

diff --git a/sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs b/sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs
@@ -238,8 +238,9 @@ public string VisualStudioCodeTenantId
 
         /// <summary>
         /// Specifies whether the <see cref="VisualStudioCodeCredential"/> will be excluded from the <see cref="DefaultAzureCredential"/> authentication flow.
+        /// The default is <c>true</c>.
         /// </summary>
-        public bool ExcludeVisualStudioCodeCredential { get; set; }
+        public bool ExcludeVisualStudioCodeCredential { get; set; } = true;
 
         /// <summary>
         /// Specifies whether the <see cref="AzurePowerShellCredential"/> will be excluded from the <see cref="DefaultAzureCredential"/> authentication flow.

diff --git a/sdk/identity/Azure.Identity/tests/DefaultAzureCredentialLiveTests.cs b/sdk/identity/Azure.Identity/tests/DefaultAzureCredentialLiveTests.cs
@@ -33,6 +33,7 @@ public async Task DefaultAzureCredential_UseVisualStudioCredential()
                 ExcludeInteractiveBrowserCredential = true,
                 ExcludeSharedTokenCacheCredential = true,
                 ExcludeAzureCliCredential = true,
+                ExcludeVisualStudioCodeCredential = false,
             });
 
             var fileSystem = CredentialTestHelpers.CreateFileSystemForVisualStudio();
@@ -71,6 +72,7 @@ public async Task DefaultAzureCredential_UseVisualStudioCodeCredential()
                 ExcludeManagedIdentityCredential = true,
                 ExcludeVisualStudioCredential = true,
                 ExcludeAzureCliCredential = true,
+                ExcludeVisualStudioCodeCredential = false,
                 VisualStudioCodeTenantId = TestEnvironment.TestTenantId
             });
 
@@ -109,6 +111,7 @@ public async Task DefaultAzureCredential_UseVisualStudioCodeCredential_ParallelC
                 ExcludeSharedTokenCacheCredential = true,
                 ExcludeManagedIdentityCredential = true,
                 ExcludeAzureCliCredential = true,
+                ExcludeVisualStudioCodeCredential = false,
                 VisualStudioCodeTenantId = TestEnvironment.TestTenantId
             });
 
@@ -145,6 +148,7 @@ public async Task DefaultAzureCredential_UseAzureCliCredential()
                 ExcludeInteractiveBrowserCredential = true,
                 ExcludeSharedTokenCacheCredential = true,
                 ExcludeManagedIdentityCredential = true,
+                ExcludeVisualStudioCodeCredential = false,
                 VisualStudioCodeTenantId = TestEnvironment.TestTenantId
             });
 
@@ -183,6 +187,7 @@ public async Task DefaultAzureCredential_UseAzureCliCredential_ParallelCalls()
                 ExcludeInteractiveBrowserCredential = true,
                 ExcludeSharedTokenCacheCredential = true,
                 ExcludeManagedIdentityCredential = true,
+                ExcludeVisualStudioCodeCredential = false,
                 VisualStudioCodeTenantId = TestEnvironment.TestTenantId
             });
 
@@ -218,6 +223,7 @@ public void DefaultAzureCredential_AllCredentialsHaveFailed_CredentialUnavailabl
                 ExcludeInteractiveBrowserCredential = true,
                 ExcludeManagedIdentityCredential = true,
                 ExcludeSharedTokenCacheCredential = true,
+                ExcludeVisualStudioCodeCredential = false,
             });
 
             var vscAdapter = new TestVscAdapter(ExpectedServiceName, "AzureCloud", "{}");
@@ -249,6 +255,7 @@ public void DefaultAzureCredential_AllCredentialsHaveFailed_FirstAuthenticationF
                 ExcludeInteractiveBrowserCredential = true,
                 ExcludeSharedTokenCacheCredential = true,
                 ExcludeManagedIdentityCredential = true,
+                ExcludeVisualStudioCodeCredential = false,
             });
 
             var vscAdapter = new TestVscAdapter(ExpectedServiceName, "AzureCloud", null);
@@ -279,6 +286,7 @@ public void DefaultAzureCredential_AllCredentialsHaveFailed_LastAuthenticationFa
                 ExcludeInteractiveBrowserCredential = true,
                 ExcludeSharedTokenCacheCredential = true,
                 ExcludeManagedIdentityCredential = true,
+                ExcludeVisualStudioCodeCredential = false,
             });
 
             var vscAdapter = new TestVscAdapter(ExpectedServiceName, "AzureCloud", null);

diff --git a/sdk/identity/Azure.Identity/tests/DefaultAzureCredentialTests.cs b/sdk/identity/Azure.Identity/tests/DefaultAzureCredentialTests.cs
@@ -34,9 +34,8 @@ public void ValidateCtorNoOptions()
             Assert.IsInstanceOf(typeof(EnvironmentCredential), sources[0]);
             Assert.IsInstanceOf(typeof(ManagedIdentityCredential), sources[1]);
             Assert.IsInstanceOf(typeof(VisualStudioCredential), sources[2]);
-            Assert.IsInstanceOf(typeof(VisualStudioCodeCredential), sources[3]);
-            Assert.IsInstanceOf(typeof(AzureCliCredential), sources[4]);
-            Assert.IsInstanceOf(typeof(AzurePowerShellCredential), sources[5]);
+            Assert.IsInstanceOf(typeof(AzureCliCredential), sources[3]);
+            Assert.IsInstanceOf(typeof(AzurePowerShellCredential), sources[4]);
             Assert.IsNull(sources[7]);
         }
 
@@ -52,17 +51,16 @@ public void ValidateCtorIncludedInteractiveParam([Values(true, false)] bool incl
             Assert.IsInstanceOf(typeof(EnvironmentCredential), sources[0]);
             Assert.IsInstanceOf(typeof(ManagedIdentityCredential), sources[1]);
             Assert.IsInstanceOf(typeof(VisualStudioCredential), sources[2]);
-            Assert.IsInstanceOf(typeof(VisualStudioCodeCredential), sources[3]);
-            Assert.IsInstanceOf(typeof(AzureCliCredential), sources[4]);
-            Assert.IsInstanceOf(typeof(AzurePowerShellCredential), sources[5]);
+            Assert.IsInstanceOf(typeof(AzureCliCredential), sources[3]);
+            Assert.IsInstanceOf(typeof(AzurePowerShellCredential), sources[4]);
 
             if (includeInteractive)
             {
-                Assert.IsInstanceOf(typeof(InteractiveBrowserCredential), sources[6]);
+                Assert.IsInstanceOf(typeof(InteractiveBrowserCredential), sources[5]);
             }
             else
             {
-                Assert.IsNull(sources[6]);
+                Assert.IsNull(sources[5]);
             }
         }
 
@@ -163,6 +161,8 @@ public void ValidateUnhandledException(Type credentialType)
                 ExcludeEnvironmentCredential = false,
                 ExcludeManagedIdentityCredential = false,
                 ExcludeSharedTokenCacheCredential = false,
+                ExcludeVisualStudioCredential = false,
+                ExcludeVisualStudioCodeCredential = false,
                 ExcludeAzureCliCredential = false,
                 ExcludeAzurePowerShellCredential = false,
                 ExcludeInteractiveBrowserCredential = false
@@ -237,6 +237,8 @@ public async Task ValidateSelectedCredentialCaching(Type availableCredential)
                 ExcludeEnvironmentCredential = false,
                 ExcludeManagedIdentityCredential = false,
                 ExcludeSharedTokenCacheCredential = false,
+                ExcludeVisualStudioCredential = false,
+                ExcludeVisualStudioCodeCredential = false,
                 ExcludeAzureCliCredential = false,
                 ExcludeAzurePowerShellCredential = false,
                 ExcludeInteractiveBrowserCredential = false
@@ -282,8 +284,11 @@ public async Task CredentialTypeLogged(Type availableCredential)
                 ExcludeEnvironmentCredential = false,
                 ExcludeManagedIdentityCredential = false,
                 ExcludeSharedTokenCacheCredential = false,
+                ExcludeVisualStudioCredential = false,
+                ExcludeVisualStudioCodeCredential = false,
                 ExcludeAzureCliCredential = false,
-                ExcludeInteractiveBrowserCredential = false,
+                ExcludeAzurePowerShellCredential = false,
+                ExcludeInteractiveBrowserCredential = false
             };
 
             var credFactory = GetMockDefaultAzureCredentialFactory(options, availableCredential, expToken, calledCredentials);