A reasonable-effort to convert scope to resource

Author: rayluo

msal/cloudshell.py

@@ -7,6 +7,10 @@
 import json
 import logging
 import os
+try:  # Python 2
+    from urlparse import urlparse
+except:  # Python 3
+    from urllib.parse import urlparse
 
 
 logger = logging.getLogger(__name__)
@@ -16,38 +20,18 @@ def _is_running_in_cloud_shell():
     return os.environ.get("AZUREPS_HOST_ENVIRONMENT", "").startswith("cloud-shell")
 
 
-def _scope_to_resource(scope):
-    cloud_shell_supported_audiences = [  # Came from https://msazure.visualstudio.com/One/_git/compute-CloudShell?path=/src/images/agent/env/envconfig.PROD.json
-        "https://management.core.windows.net/",
-        "https://management.azure.com/",
-        "https://graph.windows.net/",
-        "https://vault.azure.net",
-        "https://datalake.azure.net/",
-        "https://outlook.office365.com/",
-        "https://graph.microsoft.com/",
-        "https://batch.core.windows.net/",
-        "https://analysis.windows.net/powerbi/api",
-        "https://storage.azure.com/",
-        "https://rest.media.azure.net",
-        "https://api.loganalytics.io",
-        "https://ossrdbms-aad.database.windows.net",
-        "https://www.yammer.com",
-        "https://digitaltwins.azure.net",
-        "0b07f429-9f4b-4714-9392-cc5e8e80c8b0",
-        "822c8694-ad95-4735-9c55-256f7db2f9b4",
-        "https://dev.azuresynapse.net",
-        "https://database.windows.net",
-        "https://quantum.microsoft.com",
-        "https://iothubs.azure.net",
-        "2ff814a6-3304-4ab8-85cb-cd0e6f879c1d",
-        "https://azuredatabricks.net/",
-        "ce34e7e5-485f-4d76-964f-b3d2b16d1e4f",
-        "https://azure-devices-provisioning.net"
-        ]  # TODO: Cloud Shell IMDS will remove that list soon. What shall we do then?
+def _scope_to_resource(scope):  # This is an experimental reasonable-effort approach
+    cloud_shell_supported_audiences = [
+        "https://analysis.windows.net/powerbi/api",  # Came from https://msazure.visualstudio.com/One/_git/compute-CloudShell?path=/src/images/agent/env/envconfig.PROD.json
+        "https://pas.windows.net/CheckMyAccess/Linux/.default",  # Cloud Shell accepts it as-is
+        ]
     for a in cloud_shell_supported_audiences:
-        if scope.startswith(a):  # This is an experimental approach
+        if scope.startswith(a):
             return a
-    return scope  # Some scope would work as-is, such as the SSH Cert scope
+    u = urlparse(scope)
+    if u.scheme:
+        return "{}://{}".format(u.scheme, u.netloc)
+    return scope  # There is no much else we can do here
 
 
 def _acquire_token(http_client, scopes, **kwargs):