Fix keyvault access token issue (#13317)

isra-fel · Yeming Liu · web-flow · commit 900365485089 · 2020-10-28T10:12:06.000+08:00
* keyvault can get access token from account

* use string.equal

Co-authored-by: Yeming Liu &lt;yeliu@microsoft.com&gt;
diff --git a/src/Accounts/Accounts/ChangeLog.md b/src/Accounts/Accounts/ChangeLog.md
@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Fixed an issue causing `Connect-AzAccount -KeyVaultAccessToken` not working [#13127]
 * Fixed null reference and method case insensitive in `Invoke-AzRestMethod`
 
 ## Version 2.1.0
diff --git a/src/Accounts/Authentication.Test/AuthenticationFactoryTests.cs b/src/Accounts/Authentication.Test/AuthenticationFactoryTests.cs
@@ -28,6 +28,8 @@
 using Xunit;
 using Xunit.Abstractions;
 using System.Text.RegularExpressions;
+using System.Net.Http;
+using System.Threading;
 
 namespace Common.Authentication.Test
 {
@@ -561,5 +563,51 @@ private string GetFunctionsResourceId(string resourceIdOrEndpointName, IAzureEnv
 
             return resourceId;
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void CanGetServiceClientCredentialsWithAccessToken()
+        {
+            AzureSessionInitializer.InitializeAzureSession();
+            IAuthenticatorBuilder authenticatorBuilder = new DefaultAuthenticatorBuilder();
+            AzureSession.Instance.RegisterComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, () => authenticatorBuilder);
+            PowerShellTokenCacheProvider factory = new InMemoryTokenCacheProvider();
+            AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => factory);
+            string tenant = Guid.NewGuid().ToString();
+            string userId = "user1@contoso.org";
+            var armToken = Guid.NewGuid().ToString();
+            var graphToken = Guid.NewGuid().ToString();
+            var kvToken = Guid.NewGuid().ToString();
+            var account = new AzureAccount
+            {
+                Id = userId,
+                Type = AzureAccount.AccountType.AccessToken
+            };
+            account.SetTenants(tenant);
+            account.SetAccessToken(armToken);
+            account.SetProperty(AzureAccount.Property.GraphAccessToken, graphToken);
+            account.SetProperty(AzureAccount.Property.KeyVaultAccessToken, kvToken);
+            var authFactory = new AuthenticationFactory();
+            var environment = AzureEnvironment.PublicEnvironments.Values.First();
+            var mockContext = new AzureContext()
+            {
+                Account = account
+            };
+            var credentials = authFactory.GetServiceClientCredentials(mockContext);
+            VerifyAccessTokenInServiceClientCredentials(credentials, armToken);
+            credentials = authFactory.GetServiceClientCredentials(mockContext, AzureEnvironment.Endpoint.Graph);
+            VerifyAccessTokenInServiceClientCredentials(credentials, graphToken);
+            credentials = authFactory.GetServiceClientCredentials(mockContext, AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId);
+            VerifyAccessTokenInServiceClientCredentials(credentials, kvToken);
+        }
+
+        private void VerifyAccessTokenInServiceClientCredentials(Microsoft.Rest.ServiceClientCredentials cred, string expected)
+        {
+            using (var request = new HttpRequestMessage())
+            {
+                cred.ProcessHttpRequestAsync(request, new CancellationToken()).ConfigureAwait(false).GetAwaiter().GetResult();
+                Assert.Equal(expected, request.Headers.Authorization.Parameter);
+            }
+        }
     }
 }
diff --git a/src/Accounts/Authentication/Factories/AuthenticationFactory.cs b/src/Accounts/Authentication/Factories/AuthenticationFactory.cs
@@ -438,11 +438,14 @@ private string GetFunctionsResourceId(string resourceIdOrEndpointName, IAzureEnv
         private string GetEndpointToken(IAzureAccount account, string targetEndpoint)
         {
             string tokenKey = AzureAccount.Property.AccessToken;
-            if (targetEndpoint == AzureEnvironment.Endpoint.Graph)
+            if (string.Equals(targetEndpoint, AzureEnvironment.Endpoint.Graph, StringComparison.OrdinalIgnoreCase))
             {
                 tokenKey = AzureAccount.Property.GraphAccessToken;
             }
-
+            if (string.Equals(targetEndpoint, AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId, StringComparison.OrdinalIgnoreCase))
+            {
+                tokenKey = AzureAccount.Property.KeyVaultAccessToken;
+            }
             return account.GetProperty(tokenKey);
         }
 

Original file line number	Diff line number	Diff line change
`@@ -438,11 +438,14 @@ private string GetFunctionsResourceId(string resourceIdOrEndpointName, IAzureEnv`
`438`	`438`	`private string GetEndpointToken(IAzureAccount account, string targetEndpoint)`
`439`	`439`	`{`
`440`	`440`	`string tokenKey = AzureAccount.Property.AccessToken;`
`441`		`- if (targetEndpoint == AzureEnvironment.Endpoint.Graph)`
	`441`	`+ if (string.Equals(targetEndpoint, AzureEnvironment.Endpoint.Graph, StringComparison.OrdinalIgnoreCase))`
`442`	`442`	`{`
`443`	`443`	`tokenKey = AzureAccount.Property.GraphAccessToken;`
`444`	`444`	`}`
`445`		`-`
	`445`	`+ if (string.Equals(targetEndpoint, AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId, StringComparison.OrdinalIgnoreCase))`
	`446`	`+ {`
	`447`	`+ tokenKey = AzureAccount.Property.KeyVaultAccessToken;`
	`448`	`+ }`
`446`	`449`	`return account.GetProperty(tokenKey);`
`447`	`450`	`}`
`448`	`451`