Implementing known_authority_hosts #492
Conversation
rayluo
force-pushed
the
known_authorities
branch
from
cf5f9ab to
0c2a9a3
Compare
rayluo
force-pushed
the
known_authorities
branch
from
080061d to
8370a61
Compare
rayluo
changed the title
|
Azure CLI never used For example, to verify with
|
rayluo
force-pushed
the
known_authorities
branch
3 times, most recently
from
7fe661a to
260450c
Compare
rayluo
force-pushed
the
known_authorities
branch
3 times, most recently
from
8a5905e to
eeae9a5
Compare
Also test behaviors for instance metadata Address proofreading feedback Rename known_authorities to known_authority_hosts Plan to ship this in 1.19 Address feedback from Xiang Yan from Azure SDK team Fine tune some wording known_authority_hosts allows multiple setting but only one modification Refine test case for idempotency More descriptive test case names Use base ClientApplication to test both PCA and CCA
rayluo
force-pushed
the
known_authorities
branch
2 times, most recently
from
296197e to
35e00a3
Compare
rayluo
force-pushed
the
known_authorities
branch
from
35e00a3 to
20c0da3
Compare
| self, instance_metadata, known_to_microsoft_validation, _): | ||
| app = msal.ClientApplication("id", authority="https://login.microsoftonline.com/common") | ||
| known_to_microsoft_validation.assert_not_called() | ||
| app.get_accounts() # This could make an instance metadata call for authority aliases |
There was a problem hiding this comment.
Is it expected in this case that get_accounts() does instance discovery? That is to say, ClientApplication() doesn't call known_to_microsoft_validation but get_accounts() does.
There was a problem hiding this comment.
The answer is two-fold.
- The "validating whether an input authority looks legit" and "getting some metadata for alias grouping" are two different things. This test case, as described in line 141, made a point that one does not necessarily turn off the other. In this case,
ClientApplication()skips validation, butget_accounts()would like to know alias groups. - The actual timing of when to send out the metadata call, is an implementation detail. Since MSAL Python delays that metadata call to
get_accounts(), so this test case is written this way. Your MSAL's implementation does not have to callget_accounts().
Last but not least, this entire PR has been shelved, because later we discovered some new requirements for Azure Stack scenarios (internal link), so we proceeded with #496.
|
Closing this without merging, because we ended up going with #496 |
Implementing the known_authorities behaviors based on the internal design.
The unit tests of this PR is almost as readable as plain English, and are considered as generic acceptance tests for this feature.
This PR also contains the "api reference documentation" for the newly introduced
known_authority_hostsparameter.When merged, this PR will close this internal workitem.
This entire PR has been shelved, because later we discovered some new requirements for Azure Stack scenarios (internal link), so we proceeded with #496.