From ffe9238d9ada9c07e34e3b59b33bb649d2a320c5 Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Thu, 3 Nov 2022 12:42:54 -0500 Subject: [PATCH] Handle Managed Identity json parse errors as CredentialUnAvailableException (#32272) * handle json parse errors as CredentialNotAvailable --- sdk/identity/Azure.Identity/CHANGELOG.md | 1 + sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs | 4 ++++ .../Azure.Identity/tests/ManagedIdentityCredentialTests.cs | 7 ++++--- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/sdk/identity/Azure.Identity/CHANGELOG.md b/sdk/identity/Azure.Identity/CHANGELOG.md index 45a7cdcd42b5c..8630206d3b83f 100644 --- a/sdk/identity/Azure.Identity/CHANGELOG.md +++ b/sdk/identity/Azure.Identity/CHANGELOG.md @@ -8,6 +8,7 @@ ### Bugs Fixed - Fixed error message parsing in `AzureCliCredential` which would misinterpret AAD errors with the need to login with `az login`. +- `ManagedIdentityCredential` will no longer fail when a response received from the endpoint is invalid JSON. It now treats this scenario as if the credential is unavailable. ### Other Changes diff --git a/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs b/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs index 469486aff46da..064d15c33bd85 100644 --- a/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs +++ b/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs @@ -61,6 +61,10 @@ protected virtual async ValueTask HandleResponseAsync( message = GetMessageFromResponse(json.RootElement); } + catch (JsonException jex) + { + throw new CredentialUnavailableException(UnexpectedResponse, jex); + } catch (Exception e) { exception = e; diff --git a/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs b/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs index eea65bbde76eb..f66bbb5c22cff 100644 --- a/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs @@ -15,6 +15,7 @@ using Azure.Identity.Tests.Mock; using Microsoft.AspNetCore.Http; using Microsoft.Diagnostics.Runtime.Interop; +using Newtonsoft.Json; using NUnit.Framework; namespace Azure.Identity.Tests @@ -691,7 +692,7 @@ public async Task VerifyClientAuthenticateThrows() } [Test] - public async Task VerifyClientAuthenticateReturnsInvalidJson([Values(200, 404)] int status) + public async Task VerifyClientAuthenticateReturnsInvalidJson([Values(200, 404, 403)] int status) { using var environment = new TestEnvVar( new() @@ -709,8 +710,8 @@ public async Task VerifyClientAuthenticateReturnsInvalidJson([Values(200, 404)] ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential("mock-client-id", pipeline)); - var ex = Assert.ThrowsAsync(async () => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default))); - Assert.IsInstanceOf(typeof(RequestFailedException), ex.InnerException); + var ex = Assert.ThrowsAsync(async () => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default))); + Assert.IsInstanceOf(typeof(System.Text.Json.JsonException), ex.InnerException); Assert.That(ex.Message, Does.Contain(ManagedIdentitySource.UnexpectedResponse)); await Task.CompletedTask; }