Modify the order of the credentials used within the DefaultAzureCredential to be consistent with other languages. (#4946)

* Modify the order of the credentials used within the to be consistent with other languages. * Update LogMessages test since the order of credentials has changed. * Fix the order for the rest of the log messages within the test. * Update svg and clang format.
2023-09-13 15:02:25 -07:00 · 2023-09-13 15:02:25 -07:00 · 33dc61bbf8
commit 33dc61bbf8
parent 309cab82a0
7 changed files with 20 additions and 19 deletions
--- a/sdk/identity/azure-identity/CHANGELOG.md
+++ b/sdk/identity/azure-identity/CHANGELOG.md
@ -8,6 +8,7 @@

 ### Breaking Changes

+- Modify the order of the credentials used within the `DefaultAzureCredential` to be consistent with other languages.
 - Add `WorkloadIdentityCredential` to the `DefaultAzureCredential`.

 ### Bugs Fixed
--- a/sdk/identity/azure-identity/README.md
+++ b/sdk/identity/azure-identity/README.md
@ -58,8 +58,8 @@ The `DefaultAzureCredential` attempts to authenticate via the following mechanis

 1. **Environment** - The `DefaultAzureCredential` will read account information specified via [environment variables](#environment-variables) and use it to authenticate.
 1. **Workload Identity Credential** - If the developer authenticates using a Kubernetes service account token.
-1. **Azure CLI** - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.
 1. **Managed Identity** - If the application is deployed to an Azure host with Managed Identity enabled, the `DefaultAzureCredential` will authenticate with that account.
+1. **Azure CLI** - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.

 Even though the credentials being used and their order is documented, it may change from release to release.

--- a/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.md
+++ b/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.md
@ -6,7 +6,7 @@
 %% 2. Run command: mmdc -i DefaultAzureCredentialAuthFlow.md -o DefaultAzureCredentialAuthFlow.svg

 flowchart LR;
-    A(Environment):::deployed ==> B(Workload Identity):::deployed ==> C(Azure CLI):::developer ==> D(Managed Identity):::deployed;
+    A(Environment):::deployed ==> B(Workload Identity):::deployed ==> C(Managed Identity):::deployed ==> D(Azure CLI):::developer;

    subgraph CREDENTIAL TYPES;
        direction LR;
--- a/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.svg
+++ b/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.svg
--- a/sdk/identity/azure-identity/inc/azure/identity/default_azure_credential.hpp
+++ b/sdk/identity/azure-identity/inc/azure/identity/default_azure_credential.hpp
@ -26,7 +26,7 @@ namespace Azure { namespace Identity {
   *
   * @details This credential is using several credentials in the following order:
   * #Azure::Identity::EnvironmentCredential, #Azure::Identity::WorkloadIdentityCredential,
-   * #Azure::Identity::AzureCliCredential, and #Azure::Identity::ManagedIdentityCredential. Even
+   * #Azure::Identity::ManagedIdentityCredential, and #Azure::Identity::AzureCliCredential. Even
   * though the credentials being used and their order is documented, it may be changed in the
   * future versions of the SDK, potentially introducing breaking changes in its behavior.
   *
--- a/sdk/identity/azure-identity/src/default_azure_credential.cpp
+++ b/sdk/identity/azure-identity/src/default_azure_credential.cpp
@ -40,12 +40,12 @@ DefaultAzureCredential::DefaultAzureCredential(
  // Creating credentials in order to ensure the order of log messages.
  auto const envCred = std::make_shared<EnvironmentCredential>(options);
  auto const wiCred = std::make_shared<WorkloadIdentityCredential>(options);
-  auto const azCliCred = std::make_shared<AzureCliCredential>(options);
  auto const managedIdentityCred = std::make_shared<ManagedIdentityCredential>(options);
+  auto const azCliCred = std::make_shared<AzureCliCredential>(options);

  m_impl = std::make_unique<_detail::ChainedTokenCredentialImpl>(
      GetCredentialName(),
-      ChainedTokenCredential::Sources{envCred, wiCred, azCliCred, managedIdentityCred});
+      ChainedTokenCredential::Sources{envCred, wiCred, managedIdentityCred, azCliCred});
 }

 DefaultAzureCredential::~DefaultAzureCredential() = default;
--- a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp
+++ b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp
@ -97,49 +97,49 @@ TEST(DefaultAzureCredential, LogMessages)
            "ClientSecretCredential with corresponding tenantId, clientId, clientSecret, and "
            "authorityHost gets created.");

-        EXPECT_EQ(log[3].first, Logger::Level::Informational);
+        EXPECT_EQ(log[3].first, Logger::Level::Verbose);
        EXPECT_EQ(
            log[3].second,
-            "Identity: AzureCliCredential created."
-            "\nSuccessful creation does not guarantee further successful token retrieval.");
+            "Identity: ManagedIdentityCredential: Environment is not set up for the credential "
+            "to be created with App Service 2019 source.");

        EXPECT_EQ(log[4].first, Logger::Level::Verbose);
        EXPECT_EQ(
            log[4].second,
            "Identity: ManagedIdentityCredential: Environment is not set up for the credential "
-            "to be created with App Service 2019 source.");
+            "to be created with App Service 2017 source.");

        EXPECT_EQ(log[5].first, Logger::Level::Verbose);
        EXPECT_EQ(
            log[5].second,
            "Identity: ManagedIdentityCredential: Environment is not set up for the credential "
-            "to be created with App Service 2017 source.");
+            "to be created with Cloud Shell source.");

        EXPECT_EQ(log[6].first, Logger::Level::Verbose);
        EXPECT_EQ(
            log[6].second,
            "Identity: ManagedIdentityCredential: Environment is not set up for the credential "
-            "to be created with Cloud Shell source.");
+            "to be created with Azure Arc source.");

-        EXPECT_EQ(log[7].first, Logger::Level::Verbose);
+        EXPECT_EQ(log[7].first, Logger::Level::Informational);
        EXPECT_EQ(
            log[7].second,
-            "Identity: ManagedIdentityCredential: Environment is not set up for the credential "
-            "to be created with Azure Arc source.");
+            "Identity: ManagedIdentityCredential will be created "
+            "with Azure Instance Metadata Service source."
+            "\nSuccessful creation does not guarantee further successful token retrieval.");

        EXPECT_EQ(log[8].first, Logger::Level::Informational);
        EXPECT_EQ(
            log[8].second,
-            "Identity: ManagedIdentityCredential will be created "
-            "with Azure Instance Metadata Service source."
+            "Identity: AzureCliCredential created."
            "\nSuccessful creation does not guarantee further successful token retrieval.");

        EXPECT_EQ(log[9].first, Logger::Level::Informational);
        EXPECT_EQ(
            log[9].second,
            "Identity: DefaultAzureCredential: Created with the following credentials: "
-            "EnvironmentCredential, WorkloadIdentityCredential, AzureCliCredential, "
-            "ManagedIdentityCredential.");
+            "EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, "
+            "AzureCliCredential.");

        log.clear();