Identity samples: make sample service to invoke GetToken() (#6604)

Co-authored-by: Anton Kolesnyk <antkmsft@users.noreply.github.com>

eng/pipelines/templates/jobs/live.tests.yml

@@ -270,6 +270,7 @@ jobs:
         # Set fake authority host to ensure Managed Identity fail for Default Azure Credential
         # so "execute samples" step correctly picks up Azure CLI credential.
         AZURE_POD_IDENTITY_AUTHORITY_HOST: 'FakeAuthorityHost'
+        AZURE_SDK_IDENTITY_SAMPLE_SERVICE_GETTOKEN: 'disable'
 
   - ${{ else }}:
     - bash: |
@@ -299,6 +300,7 @@ jobs:
         # Set fake authority host to ensure Managed Identity fail for Default Azure Credential
         # so "execute samples" step correctly picks up Azure CLI credential.
         AZURE_POD_IDENTITY_AUTHORITY_HOST: 'FakeAuthorityHost'
+        AZURE_SDK_IDENTITY_SAMPLE_SERVICE_GETTOKEN: 'disable'
 
   # Make coverage targets (specified in coverage_targets.txt) and assemble
   # coverage report

samples/helpers/service/src/client.cpp

@@ -3,12 +3,18 @@
 
 #include "azure/service/client.hpp"
 
+#include <azure/core/internal/environment.hpp>
+#include <azure/core/internal/strings.hpp>
+
 void Azure::Service::Client::DoSomething(const Azure::Core::Context& context) const
 {
   static_cast<void>(context); // to suppress the "unused variable" warning.
 
+  if (!Core::_internal::StringExtensions::LocaleInvariantCaseInsensitiveEqual(
+          Core::_internal::Environment::GetVariable("AZURE_SDK_IDENTITY_SAMPLE_SERVICE_GETTOKEN"),
+          "disable"))
+  {
     // An oversimplified logic of what a typical Azure SDK client does is below:
-#if (0)
     // Every client has its own scope. We use management.azure.com here as an example.
     Core::Credentials::TokenRequestContext azureServiceClientContext;
     azureServiceClientContext.Scopes = {"https://management.azure.com/.default"};
@@ -20,5 +26,5 @@ void Azure::Service::Client::DoSomething(const Azure::Core::Context& context) co
     // ...
 
     static_cast<void>(authenticationToken); // to suppress the "unused variable" warning.
-#endif
+  }
 }

sdk/identity/azure-identity/samples/azure_cli_credential.cpp

@@ -10,6 +10,10 @@ int main()
 {
   try
   {
+    // To diagnose, see https://aka.ms/azsdk/cpp/identity/troubleshooting
+    // For example, try setting 'AZURE_LOG_LEVEL' environment variable to 'verbose' before running
+    // this sample to see more details.
+
     // Step 1: Initialize Azure CLI Credential.
     auto azureCliCredential = std::make_shared<Azure::Identity::AzureCliCredential>();
 
@@ -24,10 +28,28 @@ int main()
   catch (const Azure::Core::Credentials::AuthenticationException& exception)
   {
     // Step 4: Handle authentication errors, if needed
-    // (Azure CLI invocation errors or process timeout).
+    // (invalid credential parameters, insufficient permissions).
     std::cout << "Authentication error: " << exception.what() << std::endl;
     return 1;
   }
+  catch (const Azure::Core::RequestFailedException& exception)
+  {
+    // Authentication exceptions are thrown as AuthenticationExceptions, client errors are thrown as
+    // RequestFailedExceptions, so it is easier to differentiate whether the request has failed
+    // due to input data, or due to authentication errors.
+    std::cout << "Azure service request error: " << exception.what() << std::endl
+              << "Status: " << static_cast<int>(exception.StatusCode) << " "
+              << exception.ReasonPhrase << std::endl
+              << "Error code: " << exception.ErrorCode << std::endl
+              << "Request ID: " << exception.RequestId << std::endl
+              << "Message: " << exception.Message << std::endl;
+    return 2;
+  }
+  catch (const std::exception& exception)
+  {
+    std::cout << "Unexpected exception thrown: " << exception.what() << std::endl;
+    return 3;
+  }
 
   return 0;
 }

sdk/identity/azure-identity/samples/chained_token_credential.cpp

@@ -13,6 +13,10 @@ int main()
 {
   try
   {
+    // To diagnose, see https://aka.ms/azsdk/cpp/identity/troubleshooting
+    // For example, try setting 'AZURE_LOG_LEVEL' environment variable to 'verbose' before running
+    // this sample to see more details.
+
     // Step 1: Initialize Chained Token Credential.
     // A configuration demonstrated below would authenticate using EnvironmentCredential if it is
     // available, and if it is not available, would fall back to use AzureCliCredential, and then to
@@ -38,6 +42,24 @@ int main()
     std::cout << "Authentication error: " << exception.what() << std::endl;
     return 1;
   }
+  catch (const Azure::Core::RequestFailedException& exception)
+  {
+    // Authentication exceptions are thrown as AuthenticationExceptions, client errors are thrown as
+    // RequestFailedExceptions, so it is easier to differentiate whether the request has failed
+    // due to input data, or due to authentication errors.
+    std::cout << "Azure service request error: " << exception.what() << std::endl
+              << "Status: " << static_cast<int>(exception.StatusCode) << " "
+              << exception.ReasonPhrase << std::endl
+              << "Error code: " << exception.ErrorCode << std::endl
+              << "Request ID: " << exception.RequestId << std::endl
+              << "Message: " << exception.Message << std::endl;
+    return 2;
+  }
+  catch (const std::exception& exception)
+  {
+    std::cout << "Unexpected exception thrown: " << exception.what() << std::endl;
+    return 3;
+  }
 
   return 0;
 }

sdk/identity/azure-identity/samples/client_certificate_credential.cpp

@@ -18,6 +18,10 @@ int main()
 {
   try
   {
+    // To diagnose, see https://aka.ms/azsdk/cpp/identity/troubleshooting
+    // For example, try setting 'AZURE_LOG_LEVEL' environment variable to 'verbose' before running
+    // this sample to see more details.
+
     // Step 1: Initialize Client Certificate Credential.
     auto clientCertificateCredential
         = std::make_shared<Azure::Identity::ClientCertificateCredential>(
@@ -38,6 +42,24 @@ int main()
     std::cout << "Authentication error: " << exception.what() << std::endl;
     return 1;
   }
+  catch (const Azure::Core::RequestFailedException& exception)
+  {
+    // Authentication exceptions are thrown as AuthenticationExceptions, client errors are thrown as
+    // RequestFailedExceptions, so it is easier to differentiate whether the request has failed
+    // due to input data, or due to authentication errors.
+    std::cout << "Azure service request error: " << exception.what() << std::endl
+              << "Status: " << static_cast<int>(exception.StatusCode) << " "
+              << exception.ReasonPhrase << std::endl
+              << "Error code: " << exception.ErrorCode << std::endl
+              << "Request ID: " << exception.RequestId << std::endl
+              << "Message: " << exception.Message << std::endl;
+    return 2;
+  }
+  catch (const std::exception& exception)
+  {
+    std::cout << "Unexpected exception thrown: " << exception.what() << std::endl;
+    return 3;
+  }
 
   return 0;
 }

sdk/identity/azure-identity/samples/client_secret_credential.cpp

@@ -18,6 +18,10 @@ int main()
 {
   try
   {
+    // To diagnose, see https://aka.ms/azsdk/cpp/identity/troubleshooting
+    // For example, try setting 'AZURE_LOG_LEVEL' environment variable to 'verbose' before running
+    // this sample to see more details.
+
     // Step 1: Initialize Client Secret Credential.
     auto clientSecretCredential = std::make_shared<Azure::Identity::ClientSecretCredential>(
         GetTenantId(), GetClientId(), GetClientSecret());

sdk/identity/azure-identity/samples/default_azure_credential.cpp

@@ -13,7 +13,10 @@ int main()
     // Step 1: Initialize Default Azure Credential.
     // Default Azure Credential is good for samples and initial development stages only.
     // It is not recommended used it in a production environment.
+
     // To diagnose, see https://aka.ms/azsdk/cpp/identity/troubleshooting
+    // For example, try setting 'AZURE_LOG_LEVEL' environment variable to 'verbose' before running
+    // this sample to see more details.
 
     auto defaultAzureCredential = std::make_shared<Azure::Identity::DefaultAzureCredential>();
 
@@ -32,6 +35,24 @@ int main()
     std::cout << "Authentication error: " << exception.what() << std::endl;
     return 1;
   }
+  catch (const Azure::Core::RequestFailedException& exception)
+  {
+    // Authentication exceptions are thrown as AuthenticationExceptions, client errors are thrown as
+    // RequestFailedExceptions, so it is easier to differentiate whether the request has failed
+    // due to input data, or due to authentication errors.
+    std::cout << "Azure service request error: " << exception.what() << std::endl
+              << "Status: " << static_cast<int>(exception.StatusCode) << " "
+              << exception.ReasonPhrase << std::endl
+              << "Error code: " << exception.ErrorCode << std::endl
+              << "Request ID: " << exception.RequestId << std::endl
+              << "Message: " << exception.Message << std::endl;
+    return 2;
+  }
+  catch (const std::exception& exception)
+  {
+    std::cout << "Unexpected exception thrown: " << exception.what() << std::endl;
+    return 3;
+  }
 
   return 0;
 }

sdk/identity/azure-identity/samples/environment_credential.cpp

@@ -10,6 +10,10 @@ int main()
 {
   try
   {
+    // To diagnose, see https://aka.ms/azsdk/cpp/identity/troubleshooting
+    // For example, try setting 'AZURE_LOG_LEVEL' environment variable to 'verbose' before running
+    // this sample to see more details.
+
     // Step 1: Create an EnvironmentCredential instance.
     // Environment Credential would read its parameters from the environment variables, such as
     // AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET. See documentation for details.
@@ -30,6 +34,24 @@ int main()
     std::cout << "Authentication error: " << exception.what() << std::endl;
     return 1;
   }
+  catch (const Azure::Core::RequestFailedException& exception)
+  {
+    // Authentication exceptions are thrown as AuthenticationExceptions, client errors are thrown as
+    // RequestFailedExceptions, so it is easier to differentiate whether the request has failed
+    // due to input data, or due to authentication errors.
+    std::cout << "Azure service request error: " << exception.what() << std::endl
+              << "Status: " << static_cast<int>(exception.StatusCode) << " "
+              << exception.ReasonPhrase << std::endl
+              << "Error code: " << exception.ErrorCode << std::endl
+              << "Request ID: " << exception.RequestId << std::endl
+              << "Message: " << exception.Message << std::endl;
+    return 2;
+  }
+  catch (const std::exception& exception)
+  {
+    std::cout << "Unexpected exception thrown: " << exception.what() << std::endl;
+    return 3;
+  }
 
   return 0;
 }

sdk/identity/azure-identity/samples/managed_identity_credential.cpp

@@ -68,6 +68,10 @@ int main()
 {
   try
   {
+    // To diagnose, see https://aka.ms/azsdk/cpp/identity/troubleshooting
+    // For example, try setting 'AZURE_LOG_LEVEL' environment variable to 'verbose' before running
+    // this sample to see more details.
+
     // Step 1: Create a ManagedIdentityCredential instance.
     // Managed Identity Credential would be available in some environments such as on Azure VMs.
     // See documentation for details.
@@ -88,6 +92,24 @@ int main()
     std::cout << "Authentication error: " << exception.what() << std::endl;
     return 1;
   }
+  catch (const Azure::Core::RequestFailedException& exception)
+  {
+    // Authentication exceptions are thrown as AuthenticationExceptions, client errors are thrown as
+    // RequestFailedExceptions, so it is easier to differentiate whether the request has failed
+    // due to input data, or due to authentication errors.
+    std::cout << "Azure service request error: " << exception.what() << std::endl
+              << "Status: " << static_cast<int>(exception.StatusCode) << " "
+              << exception.ReasonPhrase << std::endl
+              << "Error code: " << exception.ErrorCode << std::endl
+              << "Request ID: " << exception.RequestId << std::endl
+              << "Message: " << exception.Message << std::endl;
+    return 2;
+  }
+  catch (const std::exception& exception)
+  {
+    std::cout << "Unexpected exception thrown: " << exception.what() << std::endl;
+    return 3;
+  }
 
   ShowDifferentManagedIdentityApproaches();
 

sdk/identity/azure-identity/samples/workload_identity_credential.cpp

@@ -15,6 +15,10 @@ int main()
 {
   try
   {
+    // To diagnose, see https://aka.ms/azsdk/cpp/identity/troubleshooting
+    // For example, try setting 'AZURE_LOG_LEVEL' environment variable to 'verbose' before running
+    // this sample to see more details.
+
     // Step 1: Initialize Workload Identity Credential.
     auto workloadIdentityCredential
         = std::make_shared<Azure::Identity::WorkloadIdentityCredential>();
@@ -34,6 +38,24 @@ int main()
     std::cout << "Authentication error: " << exception.what() << std::endl;
     return 1;
   }
+  catch (const Azure::Core::RequestFailedException& exception)
+  {
+    // Authentication exceptions are thrown as AuthenticationExceptions, client errors are thrown as
+    // RequestFailedExceptions, so it is easier to differentiate whether the request has failed
+    // due to input data, or due to authentication errors.
+    std::cout << "Azure service request error: " << exception.what() << std::endl
+              << "Status: " << static_cast<int>(exception.StatusCode) << " "
+              << exception.ReasonPhrase << std::endl
+              << "Error code: " << exception.ErrorCode << std::endl
+              << "Request ID: " << exception.RequestId << std::endl
+              << "Message: " << exception.Message << std::endl;
+    return 2;
+  }
+  catch (const std::exception& exception)
+  {
+    std::cout << "Unexpected exception thrown: " << exception.what() << std::endl;
+    return 3;
+  }
 
   return 0;
 }