AzureAuth: --resource should not be required if passing scopes (#142)

* AzureAuth: --resource should not be required if passing scopes

* Add unit tests

* Fix unit tests.

* change method comments.

* Remove unused imports.

* Change log

* Add a normal parameter unit test.

* Update src/AzureAuth/CommandMain.cs

Co-authored-by: Kyle W. Rader <kyle.rader@microsoft.com>

* Unit test with right scope parameters for documentation.

* Apply code suggestions.

* address comments in PR.
Change all scopes to <resource>/.default in unit test

* Move `--resource` feature to unreleased section

Co-authored-by: Kyle W. Rader <kyle.rader@microsoft.com>

Author: goagain

CHANGELOG.md

@@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Fixed
+- Option `--resource` is not needed if option `--scope` is provided.
+
 ## [0.5.1] - 2022-09-08
 ### Fixed
 - Fixed a bug where we early exited before sending individual events telemetry data containing valuable `error_messages`.
@@ -14,7 +17,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added functionality to disable Public Client Authentication using an environment variable `AZUREAUTH_NO_USER`.
 - Added `--timeout` functionality to provide reliable contract of allowed runtime (default: 15 minutes) and warnings as the timeout approaches.
 
-### Fixed
 - Fixed a bug where broker auth prompt is hanging in the background and gives a false impression to the user that the console app is hung.
 - Fixed a bug where sometimes, when logged in with only a password (not a strong form of authentication) the broker flow could hang indefinitely, preventing fall back to another auth flow.
 

src/AzureAuth.Test/CommandMainTest.cs

@@ -38,7 +38,7 @@ internal class CommandMainTest
 client = ""73e5793e-8f71-4da2-9f71-575cb3019b37""
 domain = ""contoso.com""
 tenant = ""a3be859b-7f9a-4955-98ed-f3602dbd954c""
-scopes = [ "".default"", ]
+scopes = [ ""67eeda51-3891-4101-a0e3-bf0c64047157/.default"", ]
 prompt_hint = ""sample prompt hint.""
 ";
 
@@ -169,7 +169,7 @@ public void TestEvaluateOptionsProvidedAliasWithoutCommandLineOptions()
                 Client = "73e5793e-8f71-4da2-9f71-575cb3019b37",
                 Domain = "contoso.com",
                 Tenant = "a3be859b-7f9a-4955-98ed-f3602dbd954c",
-                Scopes = new List<string> { ".default" },
+                Scopes = new List<string> { "67eeda51-3891-4101-a0e3-bf0c64047157/.default" },
                 PromptHint = "sample prompt hint.",
             };
 
@@ -196,7 +196,7 @@ public void TestEvaluateOptionsProvidedAliasWithCommandLineOptions()
                 Client = clientOverride,
                 Domain = "contoso.com",
                 Tenant = "a3be859b-7f9a-4955-98ed-f3602dbd954c",
-                Scopes = new List<string> { ".default" },
+                Scopes = new List<string> { "67eeda51-3891-4101-a0e3-bf0c64047157/.default" },
                 PromptHint = "sample prompt hint.",
             };
 
@@ -226,7 +226,7 @@ public void TestEvaluateOptionsProvidedAliasWithEnvVarConfig()
                 Client = clientOverride,
                 Domain = "contoso.com",
                 Tenant = "a3be859b-7f9a-4955-98ed-f3602dbd954c",
-                Scopes = new List<string> { ".default" },
+                Scopes = new List<string> { "67eeda51-3891-4101-a0e3-bf0c64047157/.default" },
                 PromptHint = "sample prompt hint.",
             };
 
@@ -291,7 +291,7 @@ public void TestEvaluateOptionsWithoutAliasMissingResource()
             subject.Tenant = "9f6227ee-3d14-473e-8bed-1281171ef8c9";
 
             subject.EvaluateOptions().Should().BeFalse();
-            this.logTarget.Logs.Should().Contain("The --resource field is required.");
+            this.logTarget.Logs.Should().Contain("The --resource field or the --scope field is required.");
         }
 
         /// <summary>
@@ -338,12 +338,60 @@ public void TestEvaluateOptionsWithoutAliasMissingRequiredOptions()
             subject.EvaluateOptions().Should().BeFalse();
             this.logTarget.Logs.Should().Contain(new[]
             {
-                "The --resource field is required.",
+                "The --resource field or the --scope field is required.",
                 "The --client field is required.",
                 "The --tenant field is required.",
             });
         }
 
+        /// <summary>
+        /// The test to evaluate options without resource but with scopes.
+        /// </summary>
+        [Test]
+        public void TestEvaluateOptionsWithOverridedScopes()
+        {
+            CommandMain subject = this.serviceProvider.GetService<CommandMain>();
+            subject.Resource = null;
+            subject.Client = "e19f71ed-3b14-448d-9346-9eff9753646b";
+            subject.Tenant = "9f6227ee-3d14-473e-8bed-1281171ef8c9";
+            subject.Scopes = new string[] { "f0e8d801-3a50-48fd-b2da-6476d6e832a2/.default" };
+
+            subject.EvaluateOptions().Should().BeTrue();
+        }
+
+        /// <summary>
+        /// The test to evaluate options with normal parameters.
+        /// </summary>
+        [Test]
+        public void TestEvaluateOptionsWithNormalParameters()
+        {
+            CommandMain subject = this.serviceProvider.GetService<CommandMain>();
+            subject.Resource = "f0e8d801-3a50-48fd-b2da-6476d6e832a2";
+            subject.Client = "e19f71ed-3b14-448d-9346-9eff9753646b";
+            subject.Tenant = "9f6227ee-3d14-473e-8bed-1281171ef8c9";
+
+            subject.EvaluateOptions().Should().BeTrue();
+        }
+
+        /// <summary>
+        /// The test to evaluate options with both resource and scopes.
+        /// </summary>
+        [Test]
+        public void TestEvaluateOptionsWithResourceAndScopes()
+        {
+            CommandMain subject = this.serviceProvider.GetService<CommandMain>();
+            subject.Resource = "f0e8d801-3a50-48fd-b2da-6476d6e832a2";
+            subject.Client = "e19f71ed-3b14-448d-9346-9eff9753646b";
+            subject.Tenant = "9f6227ee-3d14-473e-8bed-1281171ef8c9";
+            subject.Scopes = new string[] { "f0e8d801-3a50-48fd-b2da-6476d6e832a2/.default" };
+
+            subject.EvaluateOptions().Should().BeTrue();
+            this.logTarget.Logs.Should().Contain(new[]
+            {
+                "The --scope option was provided with the --resource option. Only --scope will be used.",
+            });
+        }
+
         /// <summary>
         /// The test to evaluate options without alias valid command line options.
         /// </summary>

src/AzureAuth/CommandMain.cs

@@ -382,12 +382,20 @@ public bool PCADisabled()
         private bool ValidateOptions()
         {
             bool validOptions = true;
-            if (string.IsNullOrEmpty(this.authSettings.Resource))
+
+            int scopesCount = this.authSettings.Scopes?.Count ?? 0;
+
+            if (string.IsNullOrEmpty(this.authSettings.Resource) && scopesCount == 0)
             {
-                this.logger.LogError($"The {ResourceOption} field is required.");
+                this.logger.LogError($"The {ResourceOption} field or the {ScopeOption} field is required.");
                 validOptions = false;
             }
 
+            if (!string.IsNullOrEmpty(this.authSettings.Resource) && scopesCount > 0)
+            {
+                this.logger.LogWarning($"The {ScopeOption} option was provided with the {ResourceOption} option. Only {ScopeOption} will be used.");
+            }
+
             if (string.IsNullOrEmpty(this.authSettings.Client))
             {
                 this.logger.LogError($"The {ClientOption} field is required.");