Export credentials from azure_identity (#756)

Co-authored-by: Cameron Taggart <[email protected]>

Author: heaths

sdk/device_update/examples/delete_update.rs

@@ -1,5 +1,5 @@
 use azure_device_update::DeviceUpdateClient;
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use std::{env, sync::Arc};
 
 #[tokio::main]

sdk/device_update/examples/get_file.rs

@@ -1,5 +1,5 @@
 use azure_device_update::DeviceUpdateClient;
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use std::{env, sync::Arc};
 
 #[tokio::main]

sdk/device_update/examples/get_operation.rs

@@ -1,5 +1,5 @@
 use azure_device_update::DeviceUpdateClient;
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use std::{env, sync::Arc};
 
 #[tokio::main]

sdk/device_update/examples/get_update.rs

@@ -1,5 +1,5 @@
 use azure_device_update::DeviceUpdateClient;
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use std::{env, sync::Arc};
 
 #[tokio::main]

sdk/device_update/examples/import_update.rs

@@ -1,5 +1,5 @@
 use azure_device_update::DeviceUpdateClient;
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use std::{env, sync::Arc};
 
 #[tokio::main]

sdk/device_update/examples/list_files.rs

@@ -1,5 +1,5 @@
 use azure_device_update::DeviceUpdateClient;
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use std::{env, sync::Arc};
 
 #[tokio::main]

sdk/device_update/examples/list_names.rs

@@ -1,5 +1,5 @@
 use azure_device_update::DeviceUpdateClient;
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use std::{env, sync::Arc};
 
 #[tokio::main]

sdk/device_update/examples/list_operations.rs

@@ -1,5 +1,5 @@
 use azure_device_update::DeviceUpdateClient;
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use std::{env, sync::Arc};
 
 #[tokio::main]

sdk/device_update/examples/list_providers.rs

@@ -1,5 +1,5 @@
 use azure_device_update::DeviceUpdateClient;
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use std::{env, sync::Arc};
 
 #[tokio::main]

sdk/device_update/examples/list_updates.rs

@@ -1,5 +1,5 @@
 use azure_device_update::DeviceUpdateClient;
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use std::{env, sync::Arc};
 
 #[tokio::main]

sdk/device_update/examples/list_versions.rs

@@ -1,5 +1,5 @@
 use azure_device_update::DeviceUpdateClient;
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use std::{env, sync::Arc};
 
 #[tokio::main]

sdk/device_update/src/client.rs

@@ -3,7 +3,7 @@ use azure_core::{
     auth::{TokenCredential, TokenResponse},
     Error as CoreError, HttpError,
 };
-use azure_identity::token_credentials::AutoRefreshingTokenCredential;
+use azure_identity::AutoRefreshingTokenCredential;
 use const_format::formatcp;
 use serde::de::DeserializeOwned;
 use std::sync::Arc;
@@ -18,7 +18,7 @@ pub(crate) const API_VERSION_PARAM: &str = formatcp!("api-version={}", API_VERSI
 ///
 /// ```no_run
 /// use azure_device_update::DeviceUpdateClient;
-/// use azure_identity::token_credentials::DefaultAzureCredential;
+/// use azure_identity::DefaultAzureCredential;
 /// let creds = std::sync::Arc::new(DefaultAzureCredential::default());
 /// let client = DeviceUpdateClient::new("contoso.api.adu.microsoft.com", creds).unwrap();
 /// ```
@@ -37,7 +37,7 @@ impl DeviceUpdateClient {
     ///
     /// ```no_run
     /// use azure_device_update::DeviceUpdateClient;
-    /// use azure_identity::token_credentials::DefaultAzureCredential;
+    /// use azure_identity::DefaultAzureCredential;
     /// let creds = std::sync::Arc::new(DefaultAzureCredential::default());
     /// let client = DeviceUpdateClient::new("contoso.api.adu.microsoft.com", creds).unwrap();
     /// ```

sdk/device_update/src/lib.rs

@@ -37,7 +37,7 @@ pub type Result<T> = std::result::Result<T, Error>;
 #[cfg(test)]
 mod tests {
     use azure_core::auth::{TokenCredential, TokenResponse};
-    use azure_identity::token_credentials::AutoRefreshingTokenCredential;
+    use azure_identity::AutoRefreshingTokenCredential;
     use chrono::{Duration, Utc};
     use oauth2::AccessToken;
     use std::sync::Arc;

sdk/identity/CHANGELOG.md

@@ -1,5 +1,8 @@
 # 0.3.0 (2022-05)
 
+- [#756](https://github.com/Azure/azure-sdk-for-rust/pull/756) Export credentials from azure_identity
+    - BREAKING CHANGE: the credential types have moved. For example:
+    - use `azure_identity::DefaultAzureCredential` instead of `azure_identity::token_credentials::DefaultAzureCredential`
 - [#751](https://github.com/Azure/azure-sdk-for-rust/pull/751) datetime from azure cli token is in the local timezone
 - [#748](https://github.com/Azure/azure-sdk-for-rust/pull/748) adding option to specify client_id for MSI
 

sdk/identity/README.md

@@ -54,3 +54,5 @@ The supported authentication flows are:
 * [Device code flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-device-code).
 
 This crate also includes utilities for handling refresh tokens and accessing token credentials from many different sources.
+
+A list of changes can be found in [CHANGELOG.md](https://github.com/Azure/azure-sdk-for-rust/blob/main/sdk/identity/CHANGELOG.md);

sdk/identity/examples/cli_credentials.rs renamed to sdk/identity/examples/azure_cli_credentials.rs

@@ -1,4 +1,4 @@
-use azure_identity::token_credentials::*;
+use azure_identity::*;
 use std::error::Error;
 use url::Url;
 

sdk/identity/examples/client_certificate_credentials.rs

@@ -4,7 +4,7 @@
 /// please make sure to set the send_certificate_chain option to true otherwise
 /// the authentication will fail.
 use azure_core::auth::TokenCredential;
-use azure_identity::token_credentials::{
+use azure_identity::{
     CertificateCredentialOptions, ClientCertificateCredential, DefaultAzureCredential,
 };
 use azure_security_keyvault::KeyClient;

sdk/identity/examples/default_credentials.rs

@@ -1,4 +1,4 @@
-use azure_identity::token_credentials::*;
+use azure_identity::*;
 use url::Url;
 
 #[tokio::main]
@@ -7,7 +7,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     let sub_id = std::env::var("AZURE_SUBSCRIPTION_ID")?;
     let creds = DefaultAzureCredentialBuilder::new()
-        .exclude_cli_credential() // disable using CLI for credentials (just as an example)
+        .exclude_azure_cli_credential() // disable using CLI for credentials (just as an example)
         .build();
 
     let res = creds
@@ -32,6 +32,6 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         .text()
         .await?;
 
-    println!("\n\nresp {:?}", resp);
+    println!("\n\n{:?}", resp);
     Ok(())
 }

sdk/identity/examples/environment_credentials.rs

@@ -1,4 +1,4 @@
-use azure_identity::token_credentials::*;
+use azure_identity::*;
 use std::error::Error;
 use url::Url;
 

sdk/identity/src/errors.rs

@@ -8,19 +8,19 @@ use std::fmt;
 pub enum Error {
     /// An error getting credentials from the Azure CLI
     #[error("Error getting token credentials from Azure CLI")]
-    AzureCliCredential(#[from] crate::token_credentials::AzureCliCredentialError),
+    AzureCliCredential(#[from] crate::AzureCliCredentialError),
     /// An error getting credentials through the client secrect token credential flow
     #[error("Client secret credentials error")]
-    ClientSecretCredential(#[from] crate::token_credentials::ClientSecretCredentialError),
+    ClientSecretCredential(#[from] crate::ClientSecretCredentialError),
     /// An error getting credentials from the environment
     #[error("Error getting environment credential")]
-    EnvironmentCredential(#[from] crate::token_credentials::EnvironmentCredentialError),
+    EnvironmentCredential(#[from] crate::EnvironmentCredentialError),
     /// An error getting managed identity credentials
     #[error("Error getting managed identity credential")]
-    ManagedIdentityCredential(#[from] crate::token_credentials::ManagedIdentityCredentialError),
+    ManagedIdentityCredential(#[from] crate::ManagedIdentityCredentialError),
     /// An error using the default token credential flow
     #[error("Error getting default credential")]
-    DefaultAzureCredentialError(#[from] crate::token_credentials::DefaultAzureCredentialError),
+    DefaultAzureCredentialError(#[from] crate::DefaultAzureCredentialError),
     /// An error getting a refresh token
     #[error("Error refreshing token")]
     RefreshToken(#[from] crate::refresh_token::Error),

sdk/identity/src/lib.rs

@@ -1,37 +1,35 @@
-//!  Azure OAuth2 helper crate for the unofficial Microsoft Azure SDK for Rust. This crate is part of a collection of crates: for more information please refer to [https://github.com/azure/azure-sdk-for-rust](https://github.com/azure/azure-sdk-for-rust).
+//! Azure Identity crate for the unofficial Microsoft Azure SDK for Rust. This crate is part of a collection of crates: for more information please refer to [https://github.com/azure/azure-sdk-for-rust](https://github.com/azure/azure-sdk-for-rust).
 //! This crate provides mechanisms for several ways to authenticate against Azure
 //!
-//! For example, to authenticate using the client credential flow, you can do the following:
+//! For example, to authenticate using the recommended DefaultAzureCredential, you can do the following:
 //!
 //! ```no_run
-//! use azure_identity::client_credentials_flow;
-//! use oauth2::{ClientId, ClientSecret};
+//! use azure_identity::{DefaultAzureCredential, TokenCredential};
 //! use url::Url;
 //!
 //! use std::env;
 //! use std::error::Error;
 //!
 //! #[tokio::main]
 //! async fn main() -> Result<(), Box<dyn Error>> {
-//!     let client_id =
-//!         ClientId::new(env::var("CLIENT_ID").expect("Missing CLIENT_ID environment variable."));
-//!     let client_secret = ClientSecret::new(
-//!         env::var("CLIENT_SECRET").expect("Missing CLIENT_SECRET environment variable."),
-//!     );
-//!     let tenant_id = env::var("TENANT_ID").expect("Missing TENANT_ID environment variable.");
-//!     let subscription_id =
-//!         env::var("SUBSCRIPTION_ID").expect("Missing SUBSCRIPTION_ID environment variable.");
-//!
-//!     let client = reqwest::Client::new();
-//!     // This will give you the final token to use in authorization.
-//!     let token = client_credentials_flow::perform(
-//!         client,
-//!         &client_id,
-//!         &client_secret,
-//!         &["https://management.azure.com/"],
-//!         &tenant_id,
-//!     )
-//!     .await?;
+//!     let credential = DefaultAzureCredential::default();
+//!     let response = credential
+//!         .get_token("https://management.azure.com")
+//!         .await?;
+//!
+//!     let subscription_id = env::var("AZURE_SUBSCRIPTION_ID")?;
+//!     let url = Url::parse(&format!(
+//!         "https://management.azure.com/subscriptions/{}/providers/Microsoft.Storage/storageAccounts?api-version=2019-06-01",
+//!         subscription_id))?;
+//!     let response = reqwest::Client::new()
+//!         .get(url)
+//!         .header("Authorization", format!("Bearer {}", response.token.secret()))
+//!         .send()
+//!         .await?
+//!         .text()
+//!         .await?;
+//!
+//!     println!("{:?}", response);
 //!     Ok(())
 //! }
 //! ```
@@ -52,6 +50,7 @@ pub mod client_credentials_flow;
 pub mod development;
 pub mod device_code_flow;
 pub mod refresh_token;
-pub mod token_credentials;
+mod token_credentials;
 
+pub use crate::token_credentials::*;
 pub use errors::Error;

sdk/identity/src/token_credentials/cli_credentials.rs renamed to sdk/identity/src/token_credentials/azure_cli_credentials.rs

@@ -8,15 +8,15 @@ use azure_core::auth::TokenResponse;
 pub struct DefaultAzureCredentialBuilder {
     include_environment_credential: bool,
     include_managed_identity_credential: bool,
-    include_cli_credential: bool,
+    include_azure_cli_credential: bool,
 }
 
 impl Default for DefaultAzureCredentialBuilder {
     fn default() -> Self {
         Self {
             include_environment_credential: true,
             include_managed_identity_credential: true,
-            include_cli_credential: true,
+            include_azure_cli_credential: true,
         }
     }
 }
@@ -33,22 +33,22 @@ impl DefaultAzureCredentialBuilder {
         self
     }
 
-    /// Exclude using credentials from the cli
-    pub fn exclude_cli_credential(&mut self) -> &mut Self {
-        self.include_cli_credential = false;
-        self
-    }
-
     /// Exclude using managed identity credentials
     pub fn exclude_managed_identity_credential(&mut self) -> &mut Self {
         self.include_managed_identity_credential = false;
         self
     }
 
+    /// Exclude using credentials from the cli
+    pub fn exclude_azure_cli_credential(&mut self) -> &mut Self {
+        self.include_azure_cli_credential = false;
+        self
+    }
+
     /// Create a `DefaultAzureCredential` from this builder.
     pub fn build(&self) -> DefaultAzureCredential {
-        let source_count = self.include_cli_credential as usize
-            + self.include_cli_credential as usize
+        let source_count = self.include_azure_cli_credential as usize
+            + self.include_azure_cli_credential as usize
             + self.include_managed_identity_credential as usize;
         let mut sources = Vec::<DefaultAzureCredentialEnum>::with_capacity(source_count);
         if self.include_environment_credential {
@@ -61,7 +61,7 @@ impl DefaultAzureCredentialBuilder {
                 ImdsManagedIdentityCredential::default(),
             ))
         }
-        if self.include_cli_credential {
+        if self.include_azure_cli_credential {
             sources.push(DefaultAzureCredentialEnum::AzureCli(AzureCliCredential {}));
         }
         DefaultAzureCredential::with_sources(sources)
@@ -197,25 +197,25 @@ mod tests {
     #[test]
     fn test_builder_included_credential_flags() {
         let builder = DefaultAzureCredentialBuilder::new();
-        assert!(builder.include_cli_credential);
+        assert!(builder.include_azure_cli_credential);
         assert!(builder.include_environment_credential);
         assert!(builder.include_managed_identity_credential);
 
         let mut builder = DefaultAzureCredentialBuilder::new();
-        builder.exclude_cli_credential();
-        assert!(!builder.include_cli_credential);
+        builder.exclude_azure_cli_credential();
+        assert!(!builder.include_azure_cli_credential);
         assert!(builder.include_environment_credential);
         assert!(builder.include_managed_identity_credential);
 
         let mut builder = DefaultAzureCredentialBuilder::new();
         builder.exclude_environment_credential();
-        assert!(builder.include_cli_credential);
+        assert!(builder.include_azure_cli_credential);
         assert!(!builder.include_environment_credential);
         assert!(builder.include_managed_identity_credential);
 
         let mut builder = DefaultAzureCredentialBuilder::new();
         builder.exclude_managed_identity_credential();
-        assert!(builder.include_cli_credential);
+        assert!(builder.include_azure_cli_credential);
         assert!(builder.include_environment_credential);
         assert!(!builder.include_managed_identity_credential);
     }
@@ -270,7 +270,7 @@ mod tests {
 
         // remove cli source
 
-        builder.exclude_cli_credential();
+        builder.exclude_azure_cli_credential();
         let credential = builder.build();
 
         assert_eq!(credential.sources.len(), 1);

sdk/identity/src/token_credentials/default_credentials.rs

@@ -6,7 +6,7 @@
 //! * Managed identity
 //! * Client secret
 mod auto_refreshing_credentials;
-mod cli_credentials;
+mod azure_cli_credentials;
 #[cfg(feature = "client_certificate")]
 mod client_certificate_credentials;
 mod client_secret_credentials;
@@ -15,7 +15,7 @@ mod environment_credentials;
 mod imds_managed_identity_credentials;
 
 pub use auto_refreshing_credentials::*;
-pub use cli_credentials::*;
+pub use azure_cli_credentials::*;
 #[cfg(feature = "client_certificate")]
 pub use client_certificate_credentials::*;
 pub use client_secret_credentials::*;

sdk/identity/src/token_credentials/mod.rs

@@ -1,4 +1,4 @@
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use azure_security_keyvault::KeyClient;
 use std::env;
 

sdk/security_keyvault/examples/backup_secret.rs

@@ -1,4 +1,4 @@
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use azure_security_keyvault::KeyClient;
 use std::env;
 

sdk/security_keyvault/examples/delete_secret.rs

@@ -1,4 +1,4 @@
-use azure_identity::token_credentials::{ClientSecretCredential, TokenCredentialOptions};
+use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use azure_security_keyvault::KeyClient;
 use std::env;