Add azd credential to DefaultAzureCredential (#2563)

Author: heaths

sdk/identity/azure_identity/CHANGELOG.md

@@ -3,7 +3,9 @@
 ## 0.24.0 (Unreleased)
 
 ### Features Added
-- 'AzureDeveloperCliCredential' authenticates the identity logged in to the [Azure Developer CLI](https://learn.microsoft.com/azure/developer/azure-developer-cli/overview).
+
+- `AzureDeveloperCliCredential` authenticates the identity logged in to the [Azure Developer CLI](https://learn.microsoft.com/azure/developer/azure-developer-cli/overview).
+- Added the `AzureDeveloperCliCredential` to the `DefaultAzureCredential`.
 
 ### Breaking Changes
 

sdk/identity/azure_identity/src/azure_developer_cli_credential.rs

@@ -3,7 +3,7 @@
 
 // cspell:ignore SYSTEMROOT workdir
 
-use crate::{env::Env, validate_scope, validate_tenant_id};
+use crate::{env::Env, validate_scope, validate_tenant_id, TokenCredentialOptions};
 use azure_core::{
     credentials::{AccessToken, Secret, TokenCredential},
     error::{Error, ErrorKind},
@@ -146,6 +146,15 @@ impl TokenCredential for AzureDeveloperCliCredential {
     }
 }
 
+impl From<TokenCredentialOptions> for AzureDeveloperCliCredentialOptions {
+    fn from(options: TokenCredentialOptions) -> Self {
+        Self {
+            executor: Some(options.executor.clone()),
+            ..Default::default()
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

sdk/identity/azure_identity/src/credentials/default_azure_credentials.rs

@@ -1,10 +1,10 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-#[cfg(not(target_arch = "wasm32"))]
-use crate::AzureCliCredential;
 use crate::{credentials::cache::TokenCache, TokenCredentialOptions};
 #[cfg(not(target_arch = "wasm32"))]
+use crate::{AzureCliCredential, AzureDeveloperCliCredential};
+#[cfg(not(target_arch = "wasm32"))]
 use azure_core::error::ResultExt;
 use azure_core::{
     credentials::{AccessToken, TokenCredential},
@@ -17,6 +17,8 @@ pub struct DefaultAzureCredentialBuilder {
     options: TokenCredentialOptions,
     #[cfg(not(target_arch = "wasm32"))]
     include_azure_cli_credential: bool,
+    #[cfg(not(target_arch = "wasm32"))]
+    include_azure_developer_cli_credential: bool,
 }
 
 #[cfg_attr(target_arch = "wasm32", allow(clippy::derivable_impls))]
@@ -26,6 +28,8 @@ impl Default for DefaultAzureCredentialBuilder {
             options: TokenCredentialOptions::default(),
             #[cfg(not(target_arch = "wasm32"))]
             include_azure_cli_credential: true,
+            #[cfg(not(target_arch = "wasm32"))]
+            include_azure_developer_cli_credential: true,
         }
     }
 }
@@ -41,13 +45,20 @@ impl DefaultAzureCredentialBuilder {
         self
     }
 
-    /// Exclude using credential from the cli
+    /// Exclude authenticating using the Azure CLI (az).
     #[cfg(not(target_arch = "wasm32"))]
     pub fn exclude_azure_cli_credential(&mut self) -> &mut Self {
         self.include_azure_cli_credential = false;
         self
     }
 
+    /// Exclude authenticating using the Azure Developer CLI (azd).
+    #[cfg(not(target_arch = "wasm32"))]
+    pub fn exclude_azure_developer_cli_credential(&mut self) -> &mut Self {
+        self.include_azure_developer_cli_credential = false;
+        self
+    }
+
     /// Get a list of the credential types to include.
     fn included(&self) -> Vec<DefaultAzureCredentialType> {
         #[cfg_attr(target_arch = "wasm32", allow(unused_mut))]
@@ -56,6 +67,10 @@ impl DefaultAzureCredentialBuilder {
         if self.include_azure_cli_credential {
             sources.push(DefaultAzureCredentialType::AzureCli);
         }
+        #[cfg(not(target_arch = "wasm32"))]
+        if self.include_azure_developer_cli_credential {
+            sources.push(DefaultAzureCredentialType::AzureDeveloperCli);
+        }
         sources
     }
 
@@ -80,6 +95,14 @@ impl DefaultAzureCredentialBuilder {
                         sources.push(DefaultAzureCredentialKind::AzureCli(credential));
                     }
                 }
+                #[cfg(not(target_arch = "wasm32"))]
+                DefaultAzureCredentialType::AzureDeveloperCli => {
+                    if let Ok(credential) =
+                        AzureDeveloperCliCredential::new(Some(self.options.clone().into()))
+                    {
+                        sources.push(DefaultAzureCredentialKind::AzureDeveloperCli(credential));
+                    }
+                }
                 #[cfg(target_arch = "wasm32")]
                 _ => {
                     return Err(Error::with_message(ErrorKind::Credential, || {
@@ -112,14 +135,19 @@ impl DefaultAzureCredentialBuilder {
 enum DefaultAzureCredentialType {
     #[cfg(not(target_arch = "wasm32"))]
     AzureCli,
+    #[cfg(not(target_arch = "wasm32"))]
+    AzureDeveloperCli,
 }
 
 /// Types of `TokenCredential` supported by `DefaultAzureCredential`
 #[derive(Debug)]
 pub(crate) enum DefaultAzureCredentialKind {
     #[cfg(not(target_arch = "wasm32"))]
-    /// `TokenCredential` from Azure CLI.
+    /// `TokenCredential` from Azure CLI (az).
     AzureCli(Arc<AzureCliCredential>),
+    #[cfg(not(target_arch = "wasm32"))]
+    /// `TokenCredential` from Azure Developer CLI (azd).
+    AzureDeveloperCli(Arc<AzureDeveloperCliCredential>),
 }
 
 #[cfg_attr(target_arch = "wasm32", async_trait::async_trait(?Send), allow(unused_variables))]
@@ -134,6 +162,13 @@ impl TokenCredential for DefaultAzureCredentialKind {
                     "error getting token credential from Azure CLI",
                 )
             }
+            #[cfg(not(target_arch = "wasm32"))]
+            DefaultAzureCredentialKind::AzureDeveloperCli(credential) => {
+                credential.get_token(scopes).await.context(
+                    ErrorKind::Credential,
+                    "error getting token credential from Azure Developer CLI",
+                )
+            }
             #[cfg(target_arch = "wasm32")]
             _ => {
                 return Err(Error::with_message(ErrorKind::Credential, || {
@@ -240,6 +275,8 @@ mod tests {
         let builder = DefaultAzureCredentialBuilder::new();
         #[cfg(not(target_arch = "wasm32"))]
         assert!(builder.include_azure_cli_credential);
+        #[cfg(not(target_arch = "wasm32"))]
+        assert!(builder.include_azure_developer_cli_credential);
 
         #[cfg(not(target_arch = "wasm32"))]
         {
@@ -248,9 +285,18 @@ mod tests {
             assert!(!builder.include_azure_cli_credential);
         }
 
+        #[cfg(not(target_arch = "wasm32"))]
+        {
+            let mut builder = DefaultAzureCredentialBuilder::new();
+            builder.exclude_azure_developer_cli_credential();
+            assert!(!builder.include_azure_developer_cli_credential);
+        }
+
         let builder = DefaultAzureCredentialBuilder::new();
         #[cfg(not(target_arch = "wasm32"))]
         assert!(builder.include_azure_cli_credential);
+        #[cfg(not(target_arch = "wasm32"))]
+        assert!(builder.include_azure_developer_cli_credential);
     }
 
     #[test]
@@ -259,7 +305,10 @@ mod tests {
         let builder = DefaultAzureCredentialBuilder::new();
         assert_eq!(
             builder.included(),
-            vec![DefaultAzureCredentialType::AzureCli,]
+            vec![
+                DefaultAzureCredentialType::AzureCli,
+                DefaultAzureCredentialType::AzureDeveloperCli
+            ]
         );
     }
 
@@ -268,6 +317,7 @@ mod tests {
     fn test_exclude_azure_cli_credential() {
         let mut builder = DefaultAzureCredentialBuilder::new();
         builder.exclude_azure_cli_credential();
+        builder.exclude_azure_developer_cli_credential();
         assert!(builder.included().is_empty());
     }
 }