Add testing for persistence and tenantID specification changes

Author: Riven-Spell

cmd/credentialUtil.go

@@ -70,11 +70,13 @@ func GetUserOAuthTokenManagerInstance() *common.UserOAuthTokenManager {
 		if common.AzcopyJobPlanFolder == "" {
 			panic("invalid state, AzcopyJobPlanFolder should not be an empty string")
 		}
+		cacheName := common.GetEnvironmentVariable(common.EEnvironmentVariable.LoginCacheName())
+
 		currentUserOAuthTokenManager = common.NewUserOAuthTokenManagerInstance(common.CredCacheOptions{
 			DPAPIFilePath: common.AzcopyJobPlanFolder,
-			KeyName:       oauthLoginSessionCacheKeyName,
+			KeyName:       common.Iff(cacheName != "", cacheName, oauthLoginSessionCacheKeyName),
 			ServiceName:   oauthLoginSessionCacheServiceName,
-			AccountName:   oauthLoginSessionCacheAccountName,
+			AccountName:   common.Iff(cacheName != "", cacheName, oauthLoginSessionCacheAccountName),
 		})
 	})
 

cmd/loginStatus.go

@@ -22,16 +22,25 @@ package cmd
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"github.com/Azure/azure-storage-azcopy/v10/common"
 	"github.com/Azure/azure-storage-azcopy/v10/ste"
 	"github.com/spf13/cobra"
 )
 
+type LoginStatusOutput struct {
+	Valid       bool    `json:"valid"`
+	TenantID    *string `json:"tenantID,omitempty"`
+	AADEndpoint *string `json:"AADEndpoint,omitempty"`
+	AuthMethod  *string `json:"authMethod,omitempty"`
+}
+
 func init() {
 	type loginStatus struct {
 		tenantID bool
 		endpoint bool
+		method   bool
 	}
 	commandLineInput := loginStatus{}
 
@@ -51,26 +60,56 @@ func init() {
 			uotm := GetUserOAuthTokenManagerInstance()
 			tokenInfo, err := uotm.GetTokenInfo(ctx)
 
-			if err == nil && !tokenInfo.IsExpired() {
-				glcm.Info("You have successfully refreshed your token. Your login session is still active")
+			var Info = LoginStatusOutput{
+				Valid: err == nil && !tokenInfo.IsExpired(),
+			}
+
+			logText := func(format string, a ...any) {
+				if azcopyOutputFormat == common.EOutputFormat.None() || azcopyOutputFormat == common.EOutputFormat.Text() {
+					glcm.Info(fmt.Sprintf(format, a...))
+				}
+			}
+
+			if Info.Valid {
+				logText("You have successfully refreshed your token. Your login session is still active")
 
 				if commandLineInput.tenantID {
-					glcm.Info(fmt.Sprintf("Tenant ID: %v", tokenInfo.Tenant))
+					logText("Tenant ID: %v", tokenInfo.Tenant)
+					Info.TenantID = &tokenInfo.Tenant
 				}
 
 				if commandLineInput.endpoint {
-					glcm.Info(fmt.Sprintf("Active directory endpoint: %v", tokenInfo.ActiveDirectoryEndpoint))
+					logText(fmt.Sprintf("Active directory endpoint: %v", tokenInfo.ActiveDirectoryEndpoint))
+					Info.AADEndpoint = &tokenInfo.ActiveDirectoryEndpoint
+				}
+
+				if commandLineInput.method {
+					logText(fmt.Sprintf("Authorized using %s", tokenInfo.LoginType))
+					method := tokenInfo.LoginType.String()
+					Info.AuthMethod = &method
 				}
+			} else {
+				logText("You are currently not logged in. Please login using 'azcopy login'")
+			}
+
+			if azcopyOutputFormat == common.EOutputFormat.Json() {
+				glcm.Output(
+					func(_ common.OutputFormat) string {
+						buf, err := json.Marshal(Info)
+						if err != nil {
+							panic(err)
+						}
 
-				glcm.Exit(nil, common.EExitCode.Success())
+						return string(buf)
+					}, common.EOutputMessageType.LoginStatusInfo())
 			}
 
-			glcm.Info("You are currently not logged in. Please login using 'azcopy login'")
-			glcm.Exit(nil, common.EExitCode.Error())
+			glcm.Exit(nil, common.Iff(Info.Valid, common.EExitCode.Success(), common.EExitCode.Error()))
 		},
 	}
 
 	lgCmd.AddCommand(lgStatus)
 	lgStatus.PersistentFlags().BoolVar(&commandLineInput.tenantID, "tenant", false, "Prints the Microsoft Entra tenant ID that is currently being used in session.")
 	lgStatus.PersistentFlags().BoolVar(&commandLineInput.endpoint, "endpoint", false, "Prints the Microsoft Entra endpoint that is being used in the current session.")
+	lgStatus.PersistentFlags().BoolVar(&commandLineInput.method, "method", false, "Prints the authorization method used in the current session.")
 }

common/credCache_windows.go

@@ -197,6 +197,10 @@ func (c *CredCache) saveTokenInternal(token OAuthTokenInfo) error {
 }
 
 func (c *CredCache) tokenFilePath() string {
+	if cacheFile := GetEnvironmentVariable(EEnvironmentVariable.LoginCacheName()); cacheFile != "" {
+		return path.Join(c.dpapiFilePath, "/", cacheFile)
+	}
+
 	return path.Join(c.dpapiFilePath, "/", defaultTokenFileName)
 }
 

common/environment.go

@@ -306,6 +306,13 @@ func (EnvironmentVariable) CacheProxyLookup() EnvironmentVariable {
 	}
 }
 
+func (EnvironmentVariable) LoginCacheName() EnvironmentVariable {
+	return EnvironmentVariable{
+		Name:        "AZCOPY_LOGIN_CACHE_NAME",
+		Description: "Do not use in production. Overrides the file name or key name used to cache azcopy's token. Do not use in production. This feature is not documented, intended for testing, and may break. Do not use in production.",
+	}
+}
+
 func (EnvironmentVariable) LogLocation() EnvironmentVariable {
 	return EnvironmentVariable{
 		Name:        "AZCOPY_LOG_LOCATION",

common/oauthTokenManager.go

@@ -645,6 +645,10 @@ func (credInfo *OAuthTokenInfo) GetClientSecretCredential() (azcore.TokenCredent
 }
 
 func (credInfo *OAuthTokenInfo) GetAzCliCredential() (azcore.TokenCredential, error) {
+	if credInfo.Tenant == DefaultTenantID {
+		credInfo.Tenant = ""
+	}
+
 	tc, err := azidentity.NewAzureCLICredential(&azidentity.AzureCLICredentialOptions{TenantID: credInfo.Tenant})
 	if err != nil {
 		return nil, err
@@ -654,6 +658,10 @@ func (credInfo *OAuthTokenInfo) GetAzCliCredential() (azcore.TokenCredential, er
 }
 
 func (credInfo *OAuthTokenInfo) GetPSContextCredential() (azcore.TokenCredential, error) {
+	if credInfo.Tenant == DefaultTenantID {
+		credInfo.Tenant = ""
+	}
+
 	tc, err := NewPowershellContextCredential(&PowershellContextCredentialOptions{TenantID: credInfo.Tenant})
 	if err != nil {
 		return nil, err

common/output.go

@@ -36,6 +36,8 @@ func (OutputMessageType) Response() OutputMessageType { return OutputMessageType
 func (OutputMessageType) ListObject() OutputMessageType  { return OutputMessageType(8) }
 func (OutputMessageType) ListSummary() OutputMessageType { return OutputMessageType(9) }
 
+func (OutputMessageType) LoginStatusInfo() OutputMessageType { return OutputMessageType(10) }
+
 func (o OutputMessageType) String() string {
 	return enum.StringInt(o, reflect.TypeOf(o))
 }

e2etest/newe2e_config.go

@@ -110,6 +110,19 @@ func (e NewE2EConfig) GetSPNOptions() (present bool, tenant, applicationId, secr
 	}
 }
 
+func (e NewE2EConfig) GetTenantID() string {
+	if e.StaticResources() {
+		return e.E2EAuthConfig.StaticStgAcctInfo.StaticOAuth.TenantID
+	} else {
+		dynamicInfo := e.E2EAuthConfig.SubscriptionLoginInfo.DynamicOAuth
+		if tid := dynamicInfo.SPNSecret.TenantID; tid != "" {
+			return tid
+		} else {
+			return dynamicInfo.Workload.TenantId // worst case if it bubbles down and it's all zero, that's OK.
+		}
+	}
+}
+
 // ========= Tag Definition ==========
 
 type EnvTag struct {

e2etest/newe2e_runazcopy_stdout.go

@@ -239,3 +239,26 @@ func (a *AzCopyParsedJobsListStdout) Write(p []byte) (n int, err error) {
 	}
 	return a.AzCopyParsedStdout.Write(p)
 }
+
+type AzCopyParsedLoginStatusStdout struct {
+	AzCopyParsedStdout
+	listenChan chan<- common.JsonOutputTemplate
+	status     cmd.LoginStatusOutput
+}
+
+func (a *AzCopyParsedLoginStatusStdout) Write(p []byte) (n int, err error) {
+	if a.listenChan == nil {
+		a.listenChan = a.OnParsedLine.SubscribeFunc(func(line common.JsonOutputTemplate) {
+			if line.MessageType == common.EOutputMessageType.LoginStatusInfo().String() {
+				out := &cmd.LoginStatusOutput{}
+				err = json.Unmarshal([]byte(line.MessageContent), out)
+				if err != nil {
+					return
+				}
+
+				a.status = *out
+			}
+		})
+	}
+	return a.AzCopyParsedStdout.Write(p)
+}

e2etest/newe2e_task_runazcopy.go

@@ -54,13 +54,16 @@ var _ AzCopyStdout = &AzCopyRawStdout{}
 type AzCopyVerb string
 
 const ( // initially supporting a limited set of verbs
-	AzCopyVerbCopy   AzCopyVerb = "copy"
-	AzCopyVerbSync   AzCopyVerb = "sync"
-	AzCopyVerbRemove AzCopyVerb = "remove"
-	AzCopyVerbList   AzCopyVerb = "list"
-	AzCopyVerbLogin  AzCopyVerb = "login"
-	AzCopyVerbLogout AzCopyVerb = "logout"
-	AzCopyVerbJobs   AzCopyVerb = "jobs"
+	AzCopyVerbCopy        AzCopyVerb = "copy"
+	AzCopyVerbSync        AzCopyVerb = "sync"
+	AzCopyVerbRemove      AzCopyVerb = "remove"
+	AzCopyVerbList        AzCopyVerb = "list"
+	AzCopyVerbLogin       AzCopyVerb = "login"
+	AzCopyVerbLoginStatus AzCopyVerb = "login status"
+	AzCopyVerbLogout      AzCopyVerb = "logout"
+	AzCopyVerbJobsList    AzCopyVerb = "jobs list"
+	AzCopyVerbJobsResume  AzCopyVerb = "jobs resume"
+	AzCopyVerbJobsClean   AzCopyVerb = "jobs clean"
 )
 
 type AzCopyTarget struct {
@@ -126,6 +129,8 @@ type AzCopyEnvironment struct {
 	AzureTenantId           *string `env:"AZURE_TENANT_ID"`
 	AzureClientId           *string `env:"AZURE_CLIENT_ID"`
 
+	LoginCacheName *string `env:"AZCOPY_LOGIN_CACHE_NAME"`
+
 	InheritEnvironment bool
 	ManualLogin        bool
 
@@ -281,7 +286,8 @@ func RunAzCopy(a ScenarioAsserter, commandSpec AzCopyCommand) (AzCopyStdout, *Az
 			commandSpec.Environment = &AzCopyEnvironment{}
 		}
 
-		out := []string{GlobalConfig.AzCopyExecutableConfig.ExecutablePath, string(commandSpec.Verb)}
+		out := []string{GlobalConfig.AzCopyExecutableConfig.ExecutablePath}
+		out = append(out, strings.Split(string(commandSpec.Verb), " ")...)
 
 		for _, v := range commandSpec.PositionalArgs {
 			out = append(out, v)
@@ -340,13 +346,15 @@ func RunAzCopy(a ScenarioAsserter, commandSpec AzCopyCommand) (AzCopyStdout, *Az
 			}
 		case commandSpec.Verb == AzCopyVerbList:
 			out = &AzCopyParsedListStdout{}
-		case commandSpec.Verb == AzCopyVerbJobs && len(commandSpec.PositionalArgs) != 0 && commandSpec.PositionalArgs[0] == "list":
+		case commandSpec.Verb == AzCopyVerbJobsList:
 			out = &AzCopyParsedJobsListStdout{}
-		case commandSpec.Verb == AzCopyVerbJobs && len(commandSpec.PositionalArgs) != 0 && commandSpec.PositionalArgs[0] == "resume":
+		case commandSpec.Verb == AzCopyVerbJobsResume:
 			out = &AzCopyParsedCopySyncRemoveStdout{ // Resume command treated the same as copy/sync/remove
 				JobPlanFolder: *commandSpec.Environment.JobPlanLocation,
 				LogFolder:     *commandSpec.Environment.LogLocation,
 			}
+		case commandSpec.Verb == AzCopyVerbLoginStatus:
+			out = &AzCopyParsedLoginStatusStdout{}
 
 		default: // We don't know how to parse this.
 			out = &AzCopyRawStdout{}

e2etest/newe2e_task_runazcopy_parameters.go

@@ -417,6 +417,31 @@ type ListFlags struct {
 	TrailingDot     *common.TrailingDotOption `flag:"trailing-dot"`
 }
 
+type LoginFlags struct {
+	GlobalFlags
+
+	// Generic flags
+	TenantID    *string               `flag:"tenant-id"`
+	AADEndpoint *string               `flag:"aad-endpoint"`
+	LoginType   *common.AutoLoginType `flag:"login-type"`
+
+	// Managed identity
+	IdentityClientID   *string `flag:"identity-client-id"`
+	IdentityResourceID *string `flag:"identity-resource-id"`
+
+	// SPN
+	ApplicationID *string `flag:"application-id"`
+	CertPath      *string `flag:"certificate-path"`
+}
+
+type LoginStatusFlags struct {
+	GlobalFlags
+
+	Tenant   *bool `flag:"tenant"`
+	Endpoint *bool `flag:"endpoint"`
+	Method   *bool `flag:"method"`
+}
+
 type WindowsAttribute uint32
 
 const (

e2etest/zt_newe2e_cli_ps_persist_test.go

@@ -0,0 +1,72 @@
+package e2etest
+
+import (
+	"fmt"
+	"github.com/Azure/azure-storage-azcopy/v10/common"
+)
+
+func init() {
+	suiteManager.RegisterSuite(&TokenPersistenceSuite{})
+}
+
+type TokenPersistenceSuite struct{}
+
+func (*TokenPersistenceSuite) Scenario_InheritCred_Persist(a *ScenarioVariationManager) {
+	credSource := ResolveVariation(a, []common.AutoLoginType{common.EAutoLoginType.PsCred(), common.EAutoLoginType.AzCLI()})
+	withSpecifiedTenantID := NamedResolveVariation(a, map[string]bool{
+		"-withTenantID": true,
+		"":              false,
+	})
+	cfgTenantID := GlobalConfig.GetTenantID()
+
+	azcopyEnv := &AzCopyEnvironment{
+		LoginCacheName:     pointerTo(fmt.Sprintf("AzCopyPersist%sTest", credSource.String())),
+		InheritEnvironment: true, // we want the executables in PATH
+		ManualLogin:        true,
+	}
+
+	_, _ = RunAzCopy(a,
+		AzCopyCommand{
+			Verb: AzCopyVerbLogin,
+			Flags: LoginFlags{
+				LoginType: &credSource,
+				TenantID:  common.Iff(withSpecifiedTenantID && cfgTenantID != "", &cfgTenantID, nil),
+			},
+			Environment: azcopyEnv,
+		})
+
+	loginStatus, _ := RunAzCopy(a,
+		AzCopyCommand{
+			Verb: AzCopyVerbLoginStatus,
+			Flags: LoginStatusFlags{
+				Method:   pointerTo(true),
+				Endpoint: pointerTo(true),
+				Tenant:   pointerTo(true),
+			},
+			Environment: azcopyEnv,
+		})
+
+	parsedStdout, ok := loginStatus.(*AzCopyParsedLoginStatusStdout)
+	a.AssertNow("must be AzCopyParsedLoginStatusStdout", Equal{}, ok, true)
+
+	if !a.Dryrun() {
+		status := parsedStdout.status
+		a.Assert("Login check failed", Equal{}, true, status.Valid)
+
+		a.Assert("Tenant not returned", Not{IsNil{}}, status.TenantID) // Let's just do a little extra testing while we're at it, kill two birds with one stone.
+		if withSpecifiedTenantID && status.TenantID != nil && cfgTenantID != "" {
+			a.Assert("Tenant does not match", Equal{}, cfgTenantID, *status.TenantID)
+		}
+		a.Assert("Endpoint not returned", Not{IsNil{}}, status.AADEndpoint)
+		a.Assert("Auth mechanism not returned", Not{IsNil{}}, status.AuthMethod)
+		if status.AuthMethod != nil {
+			a.Assert("Incorrect auth mechanism", Equal{}, *status.AuthMethod, credSource.String())
+		}
+	}
+
+	_, _ = RunAzCopy(a,
+		AzCopyCommand{
+			Verb:        AzCopyVerbLogout,
+			Environment: azcopyEnv,
+		})
+}

e2etest/zt_newe2e_jobs_clean_test.go

@@ -34,9 +34,8 @@ func (s *JobsCleanSuite) Scenario_JobsCleanBasic(svm *ScenarioVariationManager)
 	jobsCleanOutput, _ := RunAzCopy(
 		svm,
 		AzCopyCommand{
-			Verb:           AzCopyVerbJobs,
-			PositionalArgs: []string{"clean"},
-			ShouldFail:     false,
+			Verb:       AzCopyVerbJobsClean,
+			ShouldFail: false,
 			Environment: &AzCopyEnvironment{
 				LogLocation:     &logsDir,
 				JobPlanLocation: &jobPlanDir,