Merge branch 'preview' into fix_reg

Author: cormacpayne

TestMappings.json

@@ -113,7 +113,8 @@
     ".\\src\\ResourceManager\\Network\\Commands.Network.Test\\bin\\Debug\\Microsoft.Azure.Commands.Network.Test.dll",
     ".\\src\\ResourceManager\\RecoveryServices.Backup\\Commands.RecoveryServices.Backup.Test\\bin\\Debug\\Microsoft.Azure.Commands.RecoveryServices.Backup.Test.dll",
     ".\\src\\ResourceManager\\ServiceFabric\\Commands.ServiceFabric.Test\\bin\\Debug\\Microsoft.Azure.Commands.ServiceFabric.Test.dll",
-    ".\\src\\ResourceManager\\Sql\\Commands.Sql.Test\\bin\\Debug\\Microsoft.Azure.Commands.Sql.Test.dll"
+    ".\\src\\ResourceManager\\Sql\\Commands.Sql.Test\\bin\\Debug\\Microsoft.Azure.Commands.Sql.Test.dll",
+    ".\\src\\ResourceManager\\Dns\\Commands.Dns.Test\\bin\\Debug\\Microsoft.Azure.Commands.Dns.Test.dll"
   ],
   "src/ResourceManager/NotificationHubs /": [
     ".\\src\\ResourceManager\\NotificationHubs\\Commands.NotificationHubs.Test\\bin\\Debug\\Microsoft.Azure.Commands.NotificationHubs.Test.dll"

src/Common/Commands.Common.Authentication/Authentication/RenewingTokenCredential.cs

@@ -0,0 +1,39 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Rest;
+using System.Threading.Tasks;
+using System.Net.Http.Headers;
+using System.Threading;
+using System.Net.Http;
+
+namespace Microsoft.Azure.Commands.Common.Authentication
+{
+    public class RenewingTokenCredential : ServiceClientCredentials
+    {
+        private IAccessToken _token;
+
+
+        public RenewingTokenCredential(IAccessToken token)
+        {
+            _token = token;
+        }
+
+        public override Task ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
+        {
+            return Task.Run( () => _token.AuthorizeRequest((type, token) => request.Headers.Authorization = new AuthenticationHeaderValue(type, token)));
+        }
+
+    }
+}

src/Common/Commands.Common.Authentication/Authentication/ServicePrincipalTokenProvider.cs

@@ -15,8 +15,8 @@
 using Hyak.Common;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.IdentityModel.Clients.ActiveDirectory;
-using Microsoft.Rest.Azure.Authentication;
 #if NETSTANDARD
+using Microsoft.Rest.Azure.Authentication;
 using Microsoft.WindowsAzure.Commands.Common;
 #endif
 using System;

src/Common/Commands.Common.Authentication/Commands.Common.Authentication.csproj

@@ -129,6 +129,7 @@
     <Compile Include="Authentication\ManagedServiceTokenInfo.cs" />
     <Compile Include="Authentication\ProtectedFileTokenCache.cs" />
     <Compile Include="Authentication\RawAccessToken.cs" />
+    <Compile Include="Authentication\RenewingTokenCredential.cs" />
     <Compile Include="Authentication\ServicePrincipalKeyStore.cs" />
     <Compile Include="Authentication\ServicePrincipalTokenProvider.cs" />
     <Compile Include="Authentication\UserTokenProvider.cs" />

src/Common/Commands.Common.Authentication/Factories/AuthenticationFactory.cs

@@ -64,22 +64,7 @@ public IAccessToken Authenticate(
                 configuration.ValidateAuthority);
             if (account != null && account.Type == AzureAccount.AccountType.ManagedService)
             {
-                if (environment == null)
-                {
-                    throw new InvalidOperationException("Environment is required for MSI Login");
-                }
-
-                if (!account.IsPropertySet(AzureAccount.Property.MSILoginUri))
-                {
-                    account.SetProperty(AzureAccount.Property.MSILoginUri, DefaultMSILoginUri);
-                }
-
-                if (string.IsNullOrWhiteSpace(tenant))
-                {
-                    tenant = environment.AdTenant ?? "Common";
-                }
-
-                token = new ManagedServiceAccessToken(account, environment, GetResourceId(resourceId, environment), tenant);
+                token = GetManagedServiceToken(account, environment, tenant, resourceId);
             }
             else if (account != null && environment != null
                 && account.Type == AzureAccount.AccountType.AccessToken)
@@ -144,12 +129,12 @@ public IAccessToken Authenticate(
             string resourceId = AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId)
         {
             return Authenticate(
-                account, 
-                environment, 
-                tenant, password, 
-                promptBehavior, 
-                promptAction, 
-                AzureSession.Instance.TokenCache, 
+                account,
+                environment,
+                tenant, password,
+                promptBehavior,
+                promptAction,
+                AzureSession.Instance.TokenCache,
                 resourceId);
         }
 
@@ -176,19 +161,16 @@ public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(IAzureContex
                 throw new ArgumentException(exceptionMessage);
             }
 
-            if (context.Account.Type == AzureAccount.AccountType.Certificate)
+            switch (context.Account.Type)
             {
-                var certificate = AzureSession.Instance.DataStore.GetCertificate(context.Account.Id);
-                return new CertificateCloudCredentials(context.Subscription.Id.ToString(), certificate);
-            }
-
-            if (context.Account.Type == AzureAccount.AccountType.AccessToken)
-            {
-                return new TokenCloudCredentials(context.Subscription.Id.ToString(), GetEndpointToken(context.Account, targetEndpoint));
+                case AzureAccount.AccountType.Certificate:
+                    var certificate = AzureSession.Instance.DataStore.GetCertificate(context.Account.Id);
+                    return new CertificateCloudCredentials(context.Subscription.Id.ToString(), certificate);
+                case AzureAccount.AccountType.AccessToken:
+                    return new TokenCloudCredentials(context.Subscription.Id.ToString(), GetEndpointToken(context.Account, targetEndpoint));
             }
 
             string tenant = null;
-
             if (context.Subscription != null && context.Account != null)
             {
                 tenant = context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants)
@@ -251,6 +233,7 @@ public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(IAzureContex
             }
         }
 
+
         public ServiceClientCredentials GetServiceClientCredentials(IAzureContext context)
         {
             return GetServiceClientCredentials(context,
@@ -263,16 +246,14 @@ public ServiceClientCredentials GetServiceClientCredentials(IAzureContext contex
             {
                 throw new ArgumentException(Resources.ArmAccountNotFound);
             }
-
-            if (context.Account.Type == AzureAccount.AccountType.Certificate)
+            switch (context.Account.Type)
             {
-                throw new NotSupportedException(AzureAccount.AccountType.Certificate.ToString());
+                case AzureAccount.AccountType.Certificate:
+                    throw new NotSupportedException(AzureAccount.AccountType.Certificate.ToString());
+                case AzureAccount.AccountType.AccessToken:
+                    return new TokenCredentials(GetEndpointToken(context.Account, targetEndpoint));
             }
 
-            if (context.Account.Type == AzureAccount.AccountType.AccessToken)
-            {
-                return new TokenCredentials(GetEndpointToken(context.Account, targetEndpoint));
-            }
 
             string tenant = null;
 
@@ -317,41 +298,47 @@ public ServiceClientCredentials GetServiceClientCredentials(IAzureContext contex
                 }
 
                 ServiceClientCredentials result = null;
-
-                if (context.Account.Type == AzureAccount.AccountType.User)
-                {
-                    result = Rest.Azure.Authentication.UserTokenProvider.CreateCredentialsFromCache(
-                        AdalConfiguration.PowerShellClientId,
-                        tenant,
-                        context.Account.Id,
-                        env,
-                        tokenCache as TokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
-                }
-                else if (context.Account.Type == AzureAccount.AccountType.ServicePrincipal)
-                {
-                    if (context.Account.IsPropertySet(AzureAccount.Property.CertificateThumbprint))
-                    {
-                        result = ApplicationTokenProvider.LoginSilentAsync(
-                            tenant,
-                            context.Account.Id,
-                            new CertificateApplicationCredentialProvider(
-                                context.Account.GetThumbprint()),
-                            env,
-                            tokenCache as TokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
-                    }
-                    else
-                    {
-                        result = ApplicationTokenProvider.LoginSilentAsync(
-                            tenant,
-                            context.Account.Id,
-                            new KeyStoreApplicationCredentialProvider(tenant),
-                            env,
-                            tokenCache as TokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
-                    }
-                }
-                else
+                switch (context.Account.Type)
                 {
-                    throw new NotSupportedException(context.Account.Type.ToString());
+                    case AzureAccount.AccountType.ManagedService:
+                        result = new RenewingTokenCredential(
+                            GetManagedServiceToken(
+                                context.Account, 
+                                context.Environment, 
+                                tenant, 
+                                context.Environment.GetTokenAudience(targetEndpoint)));
+                        break;
+                    case AzureAccount.AccountType.User:
+                        result = Rest.Azure.Authentication.UserTokenProvider.CreateCredentialsFromCache(
+                           AdalConfiguration.PowerShellClientId,
+                           tenant,
+                           context.Account.Id,
+                           env,
+                           tokenCache as TokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
+                        break;
+                    case AzureAccount.AccountType.ServicePrincipal:
+                        if (context.Account.IsPropertySet(AzureAccount.Property.CertificateThumbprint))
+                        {
+                            result = ApplicationTokenProvider.LoginSilentAsync(
+                                tenant,
+                                context.Account.Id,
+                                new CertificateApplicationCredentialProvider(
+                                    context.Account.GetThumbprint()),
+                                env,
+                                tokenCache as TokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
+                        }
+                        else
+                        {
+                            result = ApplicationTokenProvider.LoginSilentAsync(
+                                tenant,
+                                context.Account.Id,
+                                new KeyStoreApplicationCredentialProvider(tenant),
+                                env,
+                                tokenCache as TokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
+                        }
+                        break;
+                    default:
+                        throw new NotSupportedException(context.Account.Type.ToString());
                 }
 
                 return result;
@@ -363,6 +350,60 @@ public ServiceClientCredentials GetServiceClientCredentials(IAzureContext contex
             }
         }
 
+        public void RemoveUser(IAzureAccount account, IAzureTokenCache tokenCache)
+        {
+            TokenCache cache = tokenCache as TokenCache;
+            if (cache != null && account != null && !string.IsNullOrEmpty(account.Id) && !string.IsNullOrWhiteSpace(account.Type))
+            {
+                switch (account.Type)
+                {
+                    case AzureAccount.AccountType.AccessToken:
+                        account.SetProperty(AzureAccount.Property.AccessToken, null);
+                        account.SetProperty(AzureAccount.Property.GraphAccessToken, null);
+                        account.SetProperty(AzureAccount.Property.KeyVaultAccessToken, null);
+                        break;
+                    case AzureAccount.AccountType.ManagedService:
+                        account.SetProperty(AzureAccount.Property.MSILoginUri, null);
+                        break;
+                    case AzureAccount.AccountType.ServicePrincipal:
+                        try
+                        {
+                            ServicePrincipalKeyStore.DeleteKey(account.Id, account.GetTenants().FirstOrDefault());
+                        }
+                        catch
+                        {
+                            // make best effort to remove credentials
+                        }
+
+                        RemoveFromTokenCache(cache, account);
+                        break;
+                    case AzureAccount.AccountType.User:
+                        RemoveFromTokenCache(cache, account);
+                        break;
+                }
+            }
+        }
+
+        private IAccessToken GetManagedServiceToken(IAzureAccount account, IAzureEnvironment environment, string tenant, string resourceId)
+        {
+            if (environment == null)
+            {
+                throw new InvalidOperationException("Environment is required for MSI Login");
+            }
+
+            if (!account.IsPropertySet(AzureAccount.Property.MSILoginUri))
+            {
+                account.SetProperty(AzureAccount.Property.MSILoginUri, DefaultMSILoginUri);
+            }
+
+            if (string.IsNullOrWhiteSpace(tenant))
+            {
+                tenant = environment.AdTenant ?? "Common";
+            }
+
+            return new ManagedServiceAccessToken(account, environment, GetResourceId(resourceId, environment), tenant);
+        }
+
         private string GetResourceId(string resourceIdorEndpointName, IAzureEnvironment environment)
         {
             return environment.GetEndpoint(resourceIdorEndpointName) ?? resourceIdorEndpointName;
@@ -384,7 +425,7 @@ private AdalConfiguration GetAdalConfiguration(IAzureEnvironment environment, st
                     string.Format("No Active Directory endpoint specified for environment '{0}'", environment.Name));
             }
 
-            var audience = environment.GetEndpoint(resourceId)?? resourceId;
+            var audience = environment.GetEndpoint(resourceId) ?? resourceId;
             if (string.IsNullOrWhiteSpace(audience))
             {
                 string message = Resources.InvalidManagementTokenAudience;
@@ -410,45 +451,14 @@ private string GetEndpointToken(IAzureAccount account, string targetEndpoint)
         {
             string tokenKey = AzureAccount.Property.AccessToken;
             if (targetEndpoint == AzureEnvironment.Endpoint.Graph)
-            { 
+            {
                 tokenKey = AzureAccount.Property.GraphAccessToken;
             }
 
             return account.GetProperty(tokenKey);
         }
 
-        public void RemoveUser(IAzureAccount account, IAzureTokenCache tokenCache)
-        {
-            TokenCache cache = tokenCache as TokenCache;
-            if (cache!= null && account != null && !string.IsNullOrEmpty(account.Id) && !string.IsNullOrWhiteSpace(account.Type))
-            {
-                switch (account.Type)
-                {
-                    case AzureAccount.AccountType.AccessToken:
-                        account.SetProperty(AzureAccount.Property.AccessToken, null);
-                        account.SetProperty(AzureAccount.Property.GraphAccessToken, null);
-                        account.SetProperty(AzureAccount.Property.KeyVaultAccessToken, null);
-                        break;
-                    case AzureAccount.AccountType.ServicePrincipal:
-                        try
-                        {
-                            ServicePrincipalKeyStore.DeleteKey(account.Id, account.GetTenants().FirstOrDefault());
-                        }
-                        catch
-                        {
-                            // make best effort to remove credentials
-                        }
-
-                        RemoveFromTokenCache(cache, account);
-                        break;
-                    case AzureAccount.AccountType.User:
-                        RemoveFromTokenCache(cache, account);
-                        break;
-               }
-            }
-        }
-
-        void RemoveFromTokenCache(TokenCache cache, IAzureAccount account )
+        private void RemoveFromTokenCache(TokenCache cache, IAzureAccount account)
         {
             if (cache != null && cache.Count > 0 && account != null && !string.IsNullOrWhiteSpace(account.Id) && !string.IsNullOrWhiteSpace(account.Type))
             {
@@ -460,20 +470,20 @@ void RemoveFromTokenCache(TokenCache cache, IAzureAccount account )
             }
         }
 
-        bool MatchCacheItem(IAzureAccount account, TokenCacheItem item)
+        private bool MatchCacheItem(IAzureAccount account, TokenCacheItem item)
         {
             bool result = false;
             if (account != null && !string.IsNullOrWhiteSpace(account.Type) && item != null)
             {
-                switch(account.Type)
+                switch (account.Type)
                 {
                     case AzureAccount.AccountType.ServicePrincipal:
                         result = string.Equals(account.Id, item.ClientId, StringComparison.OrdinalIgnoreCase);
                         break;
                     case AzureAccount.AccountType.User:
-                        result = string.Equals(account.Id, item.DisplayableId, StringComparison.OrdinalIgnoreCase) 
+                        result = string.Equals(account.Id, item.DisplayableId, StringComparison.OrdinalIgnoreCase)
                             || (account.TenantMap != null && account.TenantMap.Any(
-                                (m) => string.Equals(m.Key, item.TenantId, StringComparison.OrdinalIgnoreCase) 
+                                (m) => string.Equals(m.Key, item.TenantId, StringComparison.OrdinalIgnoreCase)
                                        && string.Equals(m.Value, item.UniqueId, StringComparison.OrdinalIgnoreCase)));
                         break;
                 }