Merge branch 'main' into changelog-link

Author: mvanchaa

CHANGELOG.md

@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Added
+- Added support for reading auth mode from the environment variable `AZUREAUTH_MODE`.
 
 ## [0.9.1] - 2024-12-09
 ### Changed

src/AzureAuth.Test/CommandAadTest.cs

@@ -236,6 +236,7 @@ public void TestEvaluateOptionsProvidedAliasWithEnvVarConfig()
 
             // Specify config via env var
             this.envMock.Setup(e => e.Get("AZUREAUTH_CONFIG")).Returns(configFile);
+            this.envMock.Setup(env => env.Get(It.Is<string>(key => key != "AZUREAUTH_CONFIG"))).Returns<string>(key => null);
 
             // Specify a client override on the command line.
             subject.Client = clientOverride;
@@ -444,6 +445,72 @@ public void TestEvaluateOptionsWithoutAliasValidCommandLineOptions()
             subject.TokenFetcherOptions.Should().BeEquivalentTo(expected);
         }
 
+        [Test]
+        public void TestEvaluateOptionsWithAuthModeFromCommandLineOptions()
+        {
+            CommandAad subject = this.serviceProvider.GetService<CommandAad>();
+            subject.Resource = "f0e8d801-3a50-48fd-b2da-6476d6e832a2";
+            subject.Client = "e19f71ed-3b14-448d-9346-9eff9753646b";
+            subject.Tenant = "9f6227ee-3d14-473e-8bed-1281171ef8c9";
+            subject.AuthModes = new List<AuthMode>() { AuthMode.DeviceCode };
+
+            this.envMock.Setup(env => env.Get(EnvVars.AuthMode)).Returns("Web,DeviceCode");
+            subject.EvaluateOptions().Should().BeTrue();
+            subject.AuthModes.Should().Contain(new[] { AuthMode.DeviceCode });
+        }
+
+        [Test]
+        public void TestEvaluateOptionsWithAuthModeFromEnvVar()
+        {
+            CommandAad subject = this.serviceProvider.GetService<CommandAad>();
+            subject.Resource = "f0e8d801-3a50-48fd-b2da-6476d6e832a2";
+            subject.Client = "e19f71ed-3b14-448d-9346-9eff9753646b";
+            subject.Tenant = "9f6227ee-3d14-473e-8bed-1281171ef8c9";
+
+            this.envMock.Setup(env => env.Get("AZUREAUTH_MODE")).Returns("Web,DeviceCode");
+            subject.EvaluateOptions().Should().BeTrue();
+            subject.AuthModes.Should().Contain(new[] { AuthMode.Web, AuthMode.DeviceCode });
+        }
+
+        [Test]
+        public void TestEvaluateOptionsWithNoAuthModeInEnvVarOrOptions()
+        {
+            CommandAad subject = this.serviceProvider.GetService<CommandAad>();
+            subject.Resource = "f0e8d801-3a50-48fd-b2da-6476d6e832a2";
+            subject.Client = "e19f71ed-3b14-448d-9346-9eff9753646b";
+            subject.Tenant = "9f6227ee-3d14-473e-8bed-1281171ef8c9";
+
+            this.envMock.Setup(env => env.Get(It.IsAny<string>())).Returns((string)null);
+            subject.EvaluateOptions().Should().BeTrue();
+            subject.AuthModes.Should().Contain(new[] { AuthMode.Default });
+        }
+
+        [Test]
+        public void TestEvaluateOptionsWithAuthModeFromInvalidEnvVars()
+        {
+            CommandAad subject = this.serviceProvider.GetService<CommandAad>();
+            subject.Resource = "f0e8d801-3a50-48fd-b2da-6476d6e832a2";
+            subject.Client = "e19f71ed-3b14-448d-9346-9eff9753646b";
+            subject.Tenant = "9f6227ee-3d14-473e-8bed-1281171ef8c9";
+
+            this.envMock.Setup(env => env.Get(EnvVars.AuthMode)).Returns("Invalid");
+            subject.EvaluateOptions().Should().BeFalse();
+            this.logTarget.Logs.Should().ContainMatch($"Invalid value specified for environment variable {EnvVars.AuthMode}*");
+        }
+
+        [Test]
+        public void TestEvaluateOptionsWithAuthModeFromEmptyEnvVars()
+        {
+            CommandAad subject = this.serviceProvider.GetService<CommandAad>();
+            subject.Resource = "f0e8d801-3a50-48fd-b2da-6476d6e832a2";
+            subject.Client = "e19f71ed-3b14-448d-9346-9eff9753646b";
+            subject.Tenant = "9f6227ee-3d14-473e-8bed-1281171ef8c9";
+
+            this.envMock.Setup(env => env.Get(EnvVars.AuthMode)).Returns("");
+            subject.EvaluateOptions().Should().BeTrue();
+            subject.AuthModes.Should().Contain(new[] { AuthMode.Default });
+        }
+
         /// <summary>
         /// The root path.
         /// </summary>

src/AzureAuth.Test/IEnvExtensionsTest.cs

@@ -6,20 +6,26 @@ namespace AzureAuth.Test
     using FluentAssertions;
 
     using Microsoft.Authentication.AzureAuth;
+    using Microsoft.Authentication.MSALWrapper;
+    using Microsoft.Authentication.TestHelper;
+    using Microsoft.Extensions.Logging;
     using Microsoft.Office.Lasso.Interfaces;
-
+    using Microsoft.Office.Lasso.Telemetry;
     using Moq;
-
+    using NLog.Targets;
     using NUnit.Framework;
 
     public class IEnvExtensionsTest
     {
         private Mock<IEnv> envMock;
+        private ILogger logger;
+        private MemoryTarget logTarget;
 
         [SetUp]
         public void SetUp()
         {
             this.envMock = new Mock<IEnv>();
+            (this.logger, this.logTarget) = MemoryLogger.Create();
         }
 
         [TestCase("1", true)]
@@ -51,5 +57,44 @@ public void InteractiveAuth_IsEnabledIfEnvVarsAreNotSet()
             this.envMock.Setup(env => env.Get(It.IsAny<string>())).Returns((string)null);
             IEnvExtensions.InteractiveAuthDisabled(this.envMock.Object).Should().BeFalse();
         }
+
+        [Test]
+        public void ReadAuthModeFromEnvOrSetDefault_ReturnsDefault_WhenEnvVarIsEmpty()
+        {
+            // Arrange
+            envMock.Setup(e => e.Get(It.IsAny<string>())).Returns(string.Empty);
+
+            // Act
+            var result = IEnvExtensions.ReadAuthModeFromEnvOrSetDefault(envMock.Object);
+
+            // Assert
+            result.Should().BeEquivalentTo(new[] { AuthMode.Default });
+        }
+
+        [Test]
+        public void ReadAuthModeFromEnvOrSetDefault_ReturnsParsedAuthModes_WhenEnvVarIsValid()
+        {
+            // Arrange
+            envMock.Setup(e => e.Get(It.IsAny<string>())).Returns("Web,DeviceCode");
+
+            // Act
+            var result = IEnvExtensions.ReadAuthModeFromEnvOrSetDefault(envMock.Object);
+
+            // Assert
+            result.Should().BeEquivalentTo(new[] { AuthMode.Web, AuthMode.DeviceCode });
+        }
+
+        [Test]
+        public void ReadAuthModeFromEnvOrSetDefault_ReturnsEmpty_WhenEnvVarIsInvalid()
+        {
+            // Arrange
+            envMock.Setup(e => e.Get(It.IsAny<string>())).Returns("InvalidMode");
+
+            // Act
+            var result = IEnvExtensions.ReadAuthModeFromEnvOrSetDefault(envMock.Object);
+
+            // Assert
+            result.Should().BeEmpty();
+        }
     }
 }

src/AzureAuth/Commands/Ado/CommandPat.cs

@@ -7,13 +7,15 @@ namespace Microsoft.Authentication.AzureAuth.Commands.Ado
     using System.Collections.Generic;
     using System.Collections.Immutable;
     using System.IO;
+    using System.Linq;
     using McMaster.Extensions.CommandLineUtils;
 
     using Microsoft.Authentication.AdoPat;
     using Microsoft.Authentication.AzureAuth.Ado;
     using Microsoft.Authentication.MSALWrapper;
     using Microsoft.Extensions.Logging;
     using Microsoft.Identity.Client.Extensions.Msal;
+    using Microsoft.Office.Lasso.Interfaces;
     using Microsoft.Office.Lasso.Telemetry;
     using Microsoft.VisualStudio.Services.DelegatedAuthorization;
     using Microsoft.VisualStudio.Services.OAuth;
@@ -92,7 +94,7 @@ private enum OutputMode
         private string Tenant { get; set; } = AzureAuth.Ado.Constants.Tenant.Microsoft;
 
         [Option(CommandAad.ModeOption, CommandAad.AuthModeHelperText, CommandOptionType.MultipleValue)]
-        private IEnumerable<AuthMode> AuthModes { get; set; } = new[] { AuthMode.Default };
+        private IEnumerable<AuthMode> AuthModes { get; set; }
 
         [Option(CommandAad.DomainOption, $"{CommandAad.DomainHelpText}\n[default: {AzureAuth.Ado.Constants.PreferredDomain}]", CommandOptionType.SingleValue)]
         private string Domain { get; set; } = AzureAuth.Ado.Constants.PreferredDomain;
@@ -120,14 +122,23 @@ private ImmutableSortedSet<string> Scopes
         /// <param name="logger">The <see cref="ILogger{T}"/> instance that is used for logging.</param>
         /// <param name="publicClientAuth">An <see cref="IPublicClientAuth"/>.</param>
         /// <param name="eventData">Lasso injected command event data.</param>
+        /// <param name="env">An <see cref="IEnv"/> to use.</param>
         /// <returns>An integer status code. 0 for success and non-zero for failure.</returns>
-        public int OnExecute(ILogger<CommandPat> logger, IPublicClientAuth publicClientAuth, CommandExecuteEventData eventData)
+        public int OnExecute(ILogger<CommandPat> logger, IPublicClientAuth publicClientAuth, CommandExecuteEventData eventData, IEnv env)
         {
             if (!this.ValidOptions(logger))
             {
                 return 1;
             }
 
+            // If command line options for mode are not specified, then use the environment variables.
+            this.AuthModes ??= env.ReadAuthModeFromEnvOrSetDefault();
+            if (!this.AuthModes.Any())
+            {
+                logger.LogError($"Invalid value specified for environment variable {EnvVars.AuthMode}. Allowed values are: {CommandAad.AuthModeHelperText}");
+                return 1;
+            }
+
             var accessToken = this.AccessToken(publicClientAuth, eventData);
             if (accessToken == null)
             {

src/AzureAuth/Commands/Ado/CommandToken.cs

@@ -5,7 +5,7 @@ namespace Microsoft.Authentication.AzureAuth.Commands.Ado
 {
     using System;
     using System.Collections.Generic;
-
+    using System.Linq;
     using McMaster.Extensions.CommandLineUtils;
 
     using Microsoft.Authentication.AzureAuth.Ado;
@@ -52,7 +52,7 @@ public enum OutputMode
         private string Tenant { get; set; } = AzureAuth.Ado.Constants.Tenant.Microsoft;
 
         [Option(CommandAad.ModeOption, CommandAad.AuthModeHelperText, CommandOptionType.MultipleValue)]
-        private IEnumerable<AuthMode> AuthModes { get; set; } = new[] { AuthMode.Default };
+        private IEnumerable<AuthMode> AuthModes { get; set; }
 
         [Option(CommandAad.DomainOption, Description = DomainOptionDescription)]
         private string Domain { get; set; } = AzureAuth.Ado.Constants.PreferredDomain;
@@ -98,6 +98,14 @@ public int OnExecute(ILogger<CommandToken> logger, IEnv env, ITelemetryService t
                 return 0;
             }
 
+            // If command line options for mode are not specified, then use the environment variables.
+            this.AuthModes ??= env.ReadAuthModeFromEnvOrSetDefault();
+            if (!this.AuthModes.Any())
+            {
+                logger.LogError($"Invalid value specified for environment variable {EnvVars.AuthMode}. Allowed values are: {CommandAad.AuthModeHelperText}");
+                return 1;
+            }
+
             // If no PAT then use AAD AT.
             TokenResult token = publicClientAuth.Token(
                 AzureAuth.Ado.AuthParameters.AdoParameters(this.Tenant),

src/AzureAuth/Commands/CommandAad.cs

@@ -60,12 +60,13 @@ public class CommandAad
         /// The help text for the <see cref="ModeOption"/> option.
         /// </summary>
 #if PlatformWindows
-        public const string AuthModeHelperText = @"Authentication mode. Repeated invocations allowed.
+        public const string AuthModeHelperText = $@"Authentication mode. Repeated invocations allowed.
 [default: broker, then web]
-[possible values: all, iwa, broker, web, devicecode]";
+[possible values: {AuthModeAllowedValues}]";
 #else
-        public const string AuthModeHelperText = @"Authentication mode. Repeated invocations allowed. [default: web]
-[possible values: all, web, devicecode]";
+        public const string AuthModeHelperText = $@"Authentication mode. Repeated invocations allowed
+[default: web]
+[possible values: {AuthModeAllowedValues}]";
 #endif
 
         /// <summary>
@@ -83,6 +84,15 @@ public class CommandAad
         /// </summary>
         public static readonly TimeSpan GlobalTimeout = TimeSpan.FromMinutes(15);
 
+        /// <summary>
+        /// The allowed values for the <see cref="AuthMode"/> option.
+        /// </summary>
+#if PlatformWindows
+        public const string AuthModeAllowedValues = "all, iwa, broker, web, devicecode";
+#else
+        public const string AuthModeAllowedValues = "all, web, devicecode";
+#endif
+
         private const string ResourceOption = "--resource";
         private const string ClientOption = "--client";
 
@@ -179,7 +189,7 @@ public CommandAad(CommandExecuteEventData eventData, ITelemetryService telemetry
         /// Gets or sets the auth modes.
         /// </summary>
         [Option(ModeOption, AuthModeHelperText, CommandOptionType.MultipleValue)]
-        public IEnumerable<AuthMode> AuthModes { get; set; } = new[] { AuthMode.Default };
+        public IEnumerable<AuthMode> AuthModes { get; set; }
 
         /// <summary>
         /// Gets or sets the output.
@@ -272,6 +282,14 @@ public bool EvaluateOptions()
                 }
             }
 
+            // If command line options for mode are not specified, then use the environment variables.
+            this.AuthModes ??= env.ReadAuthModeFromEnvOrSetDefault();
+            if (!this.AuthModes.Any())
+            {
+                this.logger.LogError($"Invalid value specified for environment variable {EnvVars.AuthMode}. Allowed values are: {CommandAad.AuthModeHelperText}");
+                return false;
+            }
+
             // Handle Resource Shorthand for Default Scope
             if (evaluatedOptions.Scopes.IsNullOrEmpty() && !string.IsNullOrEmpty(evaluatedOptions.Resource))
             {

src/AzureAuth/EnvVars.cs

@@ -46,6 +46,11 @@ public static class EnvVars
         /// </summary>
         public static readonly string AdoPat = $"{EnvVarPrefix}_ADO_PAT";
 
+        /// <summary>
+        /// Name of the env var to get the Auth Mode.
+        /// </summary>
+        public static readonly string AuthMode = $"{EnvVarPrefix}_MODE";
+
         /// <summary>
         /// Name of the env var used to disable user based authentication modes.
         /// NOTE: This is a private variable and it is recommended to not rely on this variable.

src/AzureAuth/IEnvExtensions.cs

@@ -3,7 +3,11 @@
 
 namespace Microsoft.Authentication.AzureAuth
 {
+    using Microsoft.Authentication.MSALWrapper;
     using Microsoft.Office.Lasso.Interfaces;
+    using Microsoft.Office.Lasso.Telemetry;
+    using System.Collections.Generic;
+    using System;
 
     /// <summary>
     /// Extension methods to Lasso's <see cref="IEnv"/> interface.
@@ -22,5 +26,38 @@ public static bool InteractiveAuthDisabled(this IEnv env)
             return !string.IsNullOrEmpty(env.Get(EnvVars.NoUser)) ||
                 string.Equals(CorextPositiveValue, env.Get(EnvVars.CorextNonInteractive));
         }
+
+        /// <summary>
+        /// Get the auth modes from the environment or set the default.
+        /// </summary>
+        /// <param name="env">The <see cref="IEnv"/> to use.</param>
+        /// <param name="eventData">Event data to add the auth mode to.</param>
+        /// <returns>AuthModes.</returns>
+        public static IEnumerable<AuthMode> ReadAuthModeFromEnvOrSetDefault(this IEnv env)
+        {
+            var authModesFromEnv = env.Get(EnvVars.AuthMode);
+
+            // If auth modes are not specified in the environment, then return the default.
+            if (string.IsNullOrEmpty(authModesFromEnv))
+            {
+                return new[] { AuthMode.Default };
+            }
+
+            var result = new List<AuthMode>();
+            foreach (var val in authModesFromEnv.Split(','))
+            {
+                if (Enum.TryParse<AuthMode>(val, ignoreCase: true, out var mode))
+                {
+                    result.Add(mode);
+                }
+                else
+                {
+                    // If the environment variable is not a valid auth mode, then return an empty list.
+                    return new List<AuthMode>();
+                }
+            }
+
+            return result;
+        }
     }
 }

src/AzureAuth/Program.cs

@@ -68,6 +68,7 @@ private static void Main(string[] args)
                 EnvVars.CloudBuild,
                 EnvVars.NoUser,
                 EnvVars.CorextNonInteractive,
+                EnvVars.AuthMode,
             };
 
             TelemetryConfig telemetryConfig = new TelemetryConfig(