[Identity] Convert remaining cache.find usage (#36734)

pvaneck · web-flow · commit 46293fe6b5c7 · 2024-08-02T16:48:00.000-07:00
Since find is deprecated, search is the API we should be using.

Signed-off-by: Paul Van Eck &lt;paulvaneck@microsoft.com&gt;
diff --git a/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py b/sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py
@@ -87,12 +87,11 @@ def get_cached_access_token(self, scopes: Iterable[str], **kwargs: Any) -> Optio
         )
 
         cache = self._get_cache(**kwargs)
-        tokens = cache.find(
+        for token in cache.search(
             TokenCache.CredentialType.ACCESS_TOKEN,
             target=list(scopes),
             query={"client_id": self._client_id, "realm": tenant},
-        )
-        for token in tokens:
+        ):
             expires_on = int(token["expires_on"])
             if expires_on > int(time.time()):
                 return AccessToken(token["secret"], expires_on)
@@ -101,7 +100,7 @@ def get_cached_access_token(self, scopes: Iterable[str], **kwargs: Any) -> Optio
     def get_cached_refresh_tokens(self, scopes: Iterable[str], **kwargs) -> List[Dict]:
         # Assumes all cached refresh tokens belong to the same user
         cache = self._get_cache(**kwargs)
-        return cache.find(TokenCache.CredentialType.REFRESH_TOKEN, target=list(scopes))
+        return list(cache.search(TokenCache.CredentialType.REFRESH_TOKEN, target=list(scopes)))
 
     @abc.abstractmethod
     def obtain_token_by_authorization_code(self, scopes, code, redirect_uri, client_secret=None, **kwargs):
@@ -140,17 +139,21 @@ def _process_response(self, response: PipelineResponse, request_time: int, **kwa
         if response.http_request.body.get("grant_type") == "refresh_token":
             if content.get("error") == "invalid_grant":
                 # the request's refresh token is invalid -> evict it from the cache
-                cache_entries = cache.find(
-                    TokenCache.CredentialType.REFRESH_TOKEN,
-                    query={"secret": response.http_request.body["refresh_token"]},
+                cache_entries = list(
+                    cache.search(
+                        TokenCache.CredentialType.REFRESH_TOKEN,
+                        query={"secret": response.http_request.body["refresh_token"]},
+                    )
                 )
                 for invalid_token in cache_entries:
                     cache.remove_rt(invalid_token)
             if "refresh_token" in content:
                 # Microsoft Entra ID returned a new refresh token -> update the cache entry
-                cache_entries = cache.find(
-                    TokenCache.CredentialType.REFRESH_TOKEN,
-                    query={"secret": response.http_request.body["refresh_token"]},
+                cache_entries = list(
+                    cache.search(
+                        TokenCache.CredentialType.REFRESH_TOKEN,
+                        query={"secret": response.http_request.body["refresh_token"]},
+                    )
                 )
                 # If the old token is in multiple cache entries, the cache is in a state we don't
                 # expect or know how to reason about, so we update nothing.
diff --git a/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py b/sdk/identity/azure-identity/azure/identity/_internal/shared_token_cache.py
@@ -157,9 +157,9 @@ def _get_cache_items_for_authority(
         :rtype: list[CacheItem]
         """
 
-        cache = self._cae_cache if is_cae else self._cache
+        cache = cast(msal.TokenCache, self._cae_cache if is_cae else self._cache)
         items = []
-        for item in cache.find(credential_type):
+        for item in cache.search(credential_type):
             environment = item.get("environment")
             if environment in self._environment_aliases:
                 items.append(item)
@@ -232,9 +232,9 @@ def _get_cached_access_token(
         if "home_account_id" not in account:
             return None
 
-        cache = self._cae_cache if is_cae else self._cache
+        cache = cast(msal.TokenCache, self._cae_cache if is_cae else self._cache)
         try:
-            cache_entries = cache.find(
+            cache_entries = cache.search(
                 msal.TokenCache.CredentialType.ACCESS_TOKEN,
                 target=list(scopes),
                 query={"home_account_id": account["home_account_id"]},
@@ -253,9 +253,9 @@ def _get_refresh_tokens(self, account, is_cae: bool = False) -> List[str]:
         if "home_account_id" not in account:
             return []
 
-        cache = self._cae_cache if is_cae else self._cache
+        cache = cast(msal.TokenCache, self._cae_cache if is_cae else self._cache)
         try:
-            cache_entries = cache.find(
+            cache_entries = cache.search(
                 msal.TokenCache.CredentialType.REFRESH_TOKEN, query={"home_account_id": account["home_account_id"]}
             )
             return [token["secret"] for token in cache_entries if "secret" in token]
diff --git a/sdk/identity/azure-identity/tests/test_aad_client.py b/sdk/identity/azure-identity/tests/test_aad_client.py
@@ -202,8 +202,8 @@ def test_evicts_invalid_refresh_token():
     cache = TokenCache()
     cache.add({"response": build_aad_response(uid="id1", utid="tid1", access_token="*", refresh_token=invalid_token)})
     cache.add({"response": build_aad_response(uid="id2", utid="tid2", access_token="*", refresh_token="...")})
-    assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN)) == 2
-    assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN, query={"secret": invalid_token})) == 1
+    assert len(list(cache.search(TokenCache.CredentialType.REFRESH_TOKEN))) == 2
+    assert len(list(cache.search(TokenCache.CredentialType.REFRESH_TOKEN, query={"secret": invalid_token}))) == 1
 
     def send(request, **_):
         assert request.data["refresh_token"] == invalid_token
@@ -216,8 +216,8 @@ def send(request, **_):
         client.obtain_token_by_refresh_token(scopes=("scope",), refresh_token=invalid_token)
 
     assert transport.send.call_count == 1
-    assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN)) == 1
-    assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN, query={"secret": invalid_token})) == 0
+    assert len(list(cache.search(TokenCache.CredentialType.REFRESH_TOKEN))) == 1
+    assert len(list(cache.search(TokenCache.CredentialType.REFRESH_TOKEN, query={"secret": invalid_token}))) == 0
 
 
 def test_retries_token_requests():
diff --git a/sdk/identity/azure-identity/tests/test_aad_client_async.py b/sdk/identity/azure-identity/tests/test_aad_client_async.py
@@ -196,8 +196,8 @@ async def test_evicts_invalid_refresh_token():
     cache = TokenCache()
     cache.add({"response": build_aad_response(uid="id1", utid="tid1", access_token="*", refresh_token=invalid_token)})
     cache.add({"response": build_aad_response(uid="id2", utid="tid2", access_token="*", refresh_token="...")})
-    assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN)) == 2
-    assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN, query={"secret": invalid_token})) == 1
+    assert len(list(cache.search(TokenCache.CredentialType.REFRESH_TOKEN))) == 2
+    assert len(list(cache.search(TokenCache.CredentialType.REFRESH_TOKEN, query={"secret": invalid_token}))) == 1
 
     async def send(request, **_):
         assert request.data["refresh_token"] == invalid_token
@@ -210,8 +210,8 @@ async def send(request, **_):
         await client.obtain_token_by_refresh_token(scopes=("scope",), refresh_token=invalid_token)
 
     assert transport.send.call_count == 1
-    assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN)) == 1
-    assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN, query={"secret": invalid_token})) == 0
+    assert len(list(cache.search(TokenCache.CredentialType.REFRESH_TOKEN))) == 1
+    assert len(list(cache.search(TokenCache.CredentialType.REFRESH_TOKEN, query={"secret": invalid_token}))) == 0
 
 
 async def test_retries_token_requests():
diff --git a/sdk/identity/azure-identity/tests/test_auth_code.py b/sdk/identity/azure-identity/tests/test_auth_code.py
@@ -136,7 +136,7 @@ def test_auth_code_credential():
     assert transport.send.call_count == 1
 
     # no auth code, no cached token -> credential should redeem refresh token
-    cached_access_token = cache.find(cache.CredentialType.ACCESS_TOKEN)[0]
+    cached_access_token = list(cache.search(cache.CredentialType.ACCESS_TOKEN))[0]
     cache.remove_at(cached_access_token)
     token = credential.get_token(expected_scope)
     assert token.token == expected_access_token
diff --git a/sdk/identity/azure-identity/tests/test_auth_code_async.py b/sdk/identity/azure-identity/tests/test_auth_code_async.py
@@ -160,7 +160,7 @@ async def test_auth_code_credential():
     assert transport.send.call_count == 1
 
     # no auth code, no cached token -> credential should redeem refresh token
-    cached_access_token = cache.find(cache.CredentialType.ACCESS_TOKEN)[0]
+    cached_access_token = list(cache.search(cache.CredentialType.ACCESS_TOKEN))[0]
     cache.remove_at(cached_access_token)
     token = await credential.get_token(expected_scope)
     assert token.token == expected_access_token
diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential.py b/sdk/identity/azure-identity/tests/test_certificate_credential.py
@@ -414,7 +414,7 @@ def test_persistent_cache_multiple_clients(cert_path, cert_password):
         assert token_b.token == access_token_b
         assert transport_b.send.call_count == 2
 
-        assert len(cache.find(TokenCache.CredentialType.ACCESS_TOKEN)) == 2
+        assert len(list(cache.search(TokenCache.CredentialType.ACCESS_TOKEN))) == 2
 
 
 def test_certificate_arguments():
diff --git a/sdk/identity/azure-identity/tests/test_certificate_credential_async.py b/sdk/identity/azure-identity/tests/test_certificate_credential_async.py
@@ -334,7 +334,7 @@ async def test_persistent_cache_multiple_clients(cert_path, cert_password):
         assert transport_b.send.call_count == 1
         assert mock_cache_loader.call_count == 2
 
-        assert len(cache.find(TokenCache.CredentialType.ACCESS_TOKEN)) == 2
+        assert len(list(cache.search(TokenCache.CredentialType.ACCESS_TOKEN))) == 2
 
 
 def test_certificate_arguments():
diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential.py b/sdk/identity/azure-identity/tests/test_client_secret_credential.py
@@ -260,7 +260,7 @@ def test_cache_multiple_clients():
         assert token_b.token == access_token_b
         assert transport_b.send.call_count == 2
 
-        assert len(cache.find(TokenCache.CredentialType.ACCESS_TOKEN)) == 2
+        assert len(list(cache.search(TokenCache.CredentialType.ACCESS_TOKEN))) == 2
 
 
 def test_multitenant_authentication():
diff --git a/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py b/sdk/identity/azure-identity/tests/test_client_secret_credential_async.py
@@ -304,7 +304,7 @@ async def test_cache_multiple_clients():
         assert transport_b.send.call_count == 1
         assert mock_cache_loader.call_count == 2
 
-        assert len(cache.find(TokenCache.CredentialType.ACCESS_TOKEN)) == 2
+        assert len(list(cache.search(TokenCache.CredentialType.ACCESS_TOKEN))) == 2
 
 
 @pytest.mark.asyncio
diff --git a/sdk/identity/azure-identity/tests/test_shared_cache_credential.py b/sdk/identity/azure-identity/tests/test_shared_cache_credential.py
@@ -752,7 +752,7 @@ def test_writes_to_cache():
     assert token.token == second_access_token
 
     # verify the credential didn't add a new cache entry
-    assert len(cache.find(TokenCache.CredentialType.REFRESH_TOKEN)) == 1
+    assert len(list(cache.search(TokenCache.CredentialType.REFRESH_TOKEN))) == 1
 
 
 def test_initialization():
