Support KeyVault with Track2 (Azure#17523)

* Az.accounts implements track 2 interface

* upgrade to azure.core 1.22

Author: BethanyZhou

src/Accounts/Accounts.sln

@@ -64,6 +64,22 @@ Global
 		{D06EF9FC-4C3E-4A51-A4AD-D39AD426EF8C}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{D06EF9FC-4C3E-4A51-A4AD-D39AD426EF8C}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{D06EF9FC-4C3E-4A51-A4AD-D39AD426EF8C}.Release|Any CPU.Build.0 = Release|Any CPU
+		{97A8C183-F5DF-466D-B45B-B7FF70C04639}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{97A8C183-F5DF-466D-B45B-B7FF70C04639}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{97A8C183-F5DF-466D-B45B-B7FF70C04639}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{97A8C183-F5DF-466D-B45B-B7FF70C04639}.Release|Any CPU.Build.0 = Release|Any CPU
+		{E464D47C-DF5C-4B52-910E-59D326E0C1F7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E464D47C-DF5C-4B52-910E-59D326E0C1F7}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E464D47C-DF5C-4B52-910E-59D326E0C1F7}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E464D47C-DF5C-4B52-910E-59D326E0C1F7}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A49450CD-4FC5-430B-BE9C-B3272E0981EB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A49450CD-4FC5-430B-BE9C-B3272E0981EB}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A49450CD-4FC5-430B-BE9C-B3272E0981EB}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A49450CD-4FC5-430B-BE9C-B3272E0981EB}.Release|Any CPU.Build.0 = Release|Any CPU
+		{E05F1B15-5799-4864-8D20-CA8F04AB50EB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E05F1B15-5799-4864-8D20-CA8F04AB50EB}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E05F1B15-5799-4864-8D20-CA8F04AB50EB}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E05F1B15-5799-4864-8D20-CA8F04AB50EB}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

src/Accounts/Accounts/Accounts.csproj

@@ -46,9 +46,9 @@
   <ItemGroup>
     <ProjectReference Include="..\Authentication.ResourceManager\Authentication.ResourceManager.csproj" />
     <ProjectReference Include="..\Authentication\Authentication.csproj" />
-    <ProjectReference Include="..\Authenticators\Authenticators.csproj" />  
+    <ProjectReference Include="..\Authenticators\Authenticators.csproj" />
   </ItemGroup>
-   
+  
   <ItemGroup>
     <Compile Update="Properties\Resources.Designer.cs">
       <DesignTime>True</DesignTime>

src/Accounts/Authentication/Authentication.csproj

@@ -14,7 +14,7 @@
   <ItemGroup>
     <PackageReference Include="Azure.Identity" Version="1.5.0" />
   </ItemGroup>
-
+  
   <ItemGroup>
     <Compile Update="Properties\Resources.Designer.cs">
       <DesignTime>True</DesignTime>

src/Accounts/Authentication/Authentication/AzureTokenCredential.cs

@@ -0,0 +1,37 @@
+using Azure.Core;
+
+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace Microsoft.Azure.Commands.Common.Authentication.Authentication
+{
+    public class AzureTokenCredential : TokenCredential
+    {
+        public string AccessToken { get; set; }
+
+        private readonly Func<string> GetTokenImpl;
+
+        public AzureTokenCredential(string accessToken, Func<string> getTokenImpl = null)
+        {
+            AccessToken = accessToken;
+            GetTokenImpl = getTokenImpl;
+        }
+        
+        public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
+        {
+            return new AccessToken(GetTokenImpl == null ? AccessToken : GetTokenImpl(), 
+                DateTimeOffset.UtcNow);
+        }
+
+        public override ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
+        {
+            return new ValueTask<AccessToken>(this.GetToken(requestContext, cancellationToken));
+        }
+    }
+}

src/Accounts/Authentication/Authentication/RenewingTokenCredential.cs

@@ -1,4 +1,7 @@
-// ----------------------------------------------------------------------------------
+
+
+
+// ----------------------------------------------------------------------------------
 //
 // Copyright Microsoft Corporation
 // Licensed under the Apache License, Version 2.0 (the "License");

src/Accounts/Authentication/Extensions/ArmClientOptionExtension.cs

@@ -0,0 +1,73 @@
+using Azure.Core;
+using Azure.Core.Pipeline;
+using Azure.ResourceManager;
+
+using Microsoft.Azure.Commands.Common.Authentication.Policy;
+using Microsoft.WindowsAzure.Commands.Utilities.Common;
+
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Threading;
+using System.Threading.Tasks;
+
+using static Azure.Core.HttpHeader;
+
+namespace Microsoft.Azure.Commands.Common.Authentication.Extensions
+{
+    internal static class ArmClientOptionExtension
+    {
+
+        internal class AzPsHttpMessageHandler : HttpMessageHandler
+        {
+            private IEnumerable<ProductInfoHeaderValue> _userAgent;
+
+            public AzPsHttpMessageHandler(IEnumerable<ProductInfoHeaderValue> userAgent)
+            {
+                _userAgent = userAgent;
+            }
+            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
+            {
+                _userAgent?.ForEach((agent) => {
+                    request.Headers.UserAgent.Add(agent);
+                });
+
+                return SendAsync(request, cancellationToken);
+            }
+        }
+
+        /// <summary>
+        /// Set max retry times of retry after handler that is used to handle the response with retry-after header
+        /// from environement variable AZURE_PS_HTTP_MAX_RETRIES_FOR_429
+        /// </summary>
+        /// <returns>Whether succeed to set max retry times or not</returns>
+        public static void AddUserAgent(this ArmClientOptions option, ProductInfoHeaderValue[] userAgent)
+        {
+            option.AddPolicy(new UserAgentPolicy(userAgent), HttpPipelinePosition.PerCall);
+        }
+
+        /// <summary>
+        /// Set max retry times of retry after handler that is used to handle the response with retry-after header
+        /// from environement variable AZURE_PS_HTTP_MAX_RETRIES_FOR_429
+        /// </summary>
+        /// <returns>Whether succeed to set max retry times or not</returns>
+        public static void SetMaxDelayForRetryOption(this ArmClientOptions option, int maxDelay)
+        {
+            int? maxretriesfor429 = HttpRetryTimes.AzurePsHttpMaxRetriesFor429;
+            if (maxretriesfor429 != null && maxretriesfor429 >= 0)
+            {
+                option.Retry.MaxDelay = new TimeSpan();
+            }
+        }
+
+        /// <summary>
+        /// Set max retry count of retry policy from environement variable AZURE_PS_HTTP_MAX_RETRIES
+        /// </summary>
+        /// <returns>Whether succeed to set retry count or not</returns>
+        public static void SetMaxRetryCountofRetryOption(this ArmClientOptions option, int maxRetries)
+        {
+            option.Retry.MaxRetries = maxRetries;
+        }
+    }
+}

src/Accounts/Authentication/Extensions/ServiceClientExtension.cs

@@ -12,59 +12,14 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using Microsoft.Azure.Commands.Common.Authentication.Policy;
 using Microsoft.Rest.TransientFaultHandling;
 using System;
 
 namespace Microsoft.Azure.Commands.Common.Authentication.Abstractions
 {
     internal static class ServiceClientExtension
     {
-        private class HttpRetryTimes
-        {
-            private const string maxRetriesVariableName = "AZURE_PS_HTTP_MAX_RETRIES";
-            private const string maxRetriesFor429VariableName = "AZURE_PS_HTTP_MAX_RETRIES_FOR_429";
-
-            public static int? AzurePsHttpMaxRetries
-            {
-                get
-                {
-                    return TryGetAzurePsHttpMaxRetries();
-                }
-            }
-            public static int? AzurePsHttpMaxRetriesFor429
-            {
-                get
-                {
-                    return TryGetAzurePsHttpMaxRetriesFor429();
-                }
-            }
-
-            private static int? TryGetValue(string environmentVariable)
-            {
-                int? retries = null;
-                var value = Environment.GetEnvironmentVariable(environmentVariable);
-                if (value != null)
-                {
-                    int valueParsed = int.MinValue;
-                    if (int.TryParse(value, out valueParsed))
-                    {
-                        retries = valueParsed;
-                    }
-                }
-                return retries;
-            }
-
-            private static int? TryGetAzurePsHttpMaxRetries()
-            {
-                return TryGetValue(maxRetriesVariableName);
-            }
-
-            private static int? TryGetAzurePsHttpMaxRetriesFor429()
-            {
-                return TryGetValue(maxRetriesFor429VariableName);
-            }
-        }
-
         private static bool SetMaxTimesForRetryAfterHandler<TClient>(this Microsoft.Rest.ServiceClient<TClient> serviceClient, uint retrytimes) where TClient : Microsoft.Rest.ServiceClient<TClient>
         {
             bool findRetryHandler = false;
@@ -101,7 +56,7 @@ public static bool TrySetMaxTimesForRetryAfterHandler<TClient>(this Microsoft.Re
         /// <returns>Whether succeed to set retry count or not</returns>
         public static bool TrySetRetryCountofRetryPolicy<TClient>(this Microsoft.Rest.ServiceClient<TClient> serviceClient) where TClient : Microsoft.Rest.ServiceClient<TClient>
         {
-            int? maxretries = ServiceClientExtension.HttpRetryTimes.AzurePsHttpMaxRetries;
+            int? maxretries = HttpRetryTimes.AzurePsHttpMaxRetries;
             if (maxretries != null && maxretries >= 0)
             {
                 TimeSpan defaultBackoffDelta = new TimeSpan(0, 0, 10);

src/Accounts/Authentication/Factories/AuthenticationFactory.cs

@@ -12,6 +12,8 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using Azure.Core;
+
 using Hyak.Common;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.Common.Authentication.Authentication;
@@ -325,6 +327,85 @@ public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(IAzureContex
             }
         }
 
+        public TokenCredential GetTokenCredential(IAzureContext context) =>
+            GetTokenCredential(context, AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId);
+
+        public TokenCredential GetTokenCredential(IAzureContext context, string targetEndpoint)
+        {
+            if (context == null)
+            {
+                throw new AzPSApplicationException("Azure context is empty");
+            }
+            return GetTokenCredential(context, targetEndpoint, context.Environment.GetTokenAudience(targetEndpoint));
+        }
+
+        public TokenCredential GetTokenCredential(IAzureContext context, string targetEndpoint, string resourceId)
+        {
+            if (context.Account == null)
+            {
+                throw new AzPSArgumentException(Resources.ArmAccountNotFound, "context.Account", ErrorKind.UserError);
+            }
+            switch (context.Account.Type)
+            {
+                case AzureAccount.AccountType.Certificate:
+                    throw new NotSupportedException(AzureAccount.AccountType.Certificate.ToString());
+                case AzureAccount.AccountType.AccessToken:
+                    return new AzureTokenCredential(GetEndpointToken(context.Account, targetEndpoint), 
+                        () => GetEndpointToken(context.Account, targetEndpoint));
+            }
+
+            string tenant = null;
+
+            if (context.Subscription != null && context.Account != null)
+            {
+                tenant = context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants)
+                      .Intersect(context.Account.GetPropertyAsArray(AzureAccount.Property.Tenants))
+                      .FirstOrDefault();
+            }
+
+            if (tenant == null && context.Tenant != null && new Guid(context.Tenant.Id) != Guid.Empty)
+            {
+                tenant = context.Tenant.Id.ToString();
+            }
+
+            if (tenant == null)
+            {
+                throw new ArgumentException(Resources.NoTenantInContext);
+            }
+
+            try
+            {
+                TracingAdapter.Information(Resources.UPNAuthenticationTrace,
+                    context.Account.Id, context.Environment.Name, tenant);
+
+                IAccessToken accesstoken = null;
+                switch (context.Account.Type)
+                {
+                    case AzureAccount.AccountType.ManagedService:
+                    case AzureAccount.AccountType.User:
+                    case AzureAccount.AccountType.ServicePrincipal:
+                    case "ClientAssertion":
+                        accesstoken = Authenticate(context.Account, context.Environment, tenant, null, ShowDialog.Never, null, resourceId);
+                        break;
+                    default:
+                        throw new NotSupportedException(context.Account.Type.ToString());
+                }
+
+                TracingAdapter.Information(Resources.UPNAuthenticationTokenTrace,
+                    accesstoken.LoginType, accesstoken.TenantId, accesstoken.UserId);
+                return new AzureTokenCredential(accesstoken.AccessToken);
+            }
+            catch (Exception ex)
+            {
+                TracingAdapter.Information(Resources.AdalAuthException, ex.Message);
+                throw new AzPSArgumentException(Resources.InvalidArmContext + System.Environment.NewLine + ex.Message, ex);
+            }
+        }
+
+        public TokenCredential GetTokenCredential(string accessToken, Func<string> renew = null)
+        {
+            return new AzureTokenCredential(accessToken, renew);
+        }
 
         public ServiceClientCredentials GetServiceClientCredentials(IAzureContext context)
         {