Arc test cases

Author: rayluo

msal/imds.py

@@ -284,15 +284,18 @@ def _obtain_token_on_arc(http_client, endpoint, resource):
         params={"api-version": "2020-06-01", "resource": resource},
         headers={"Metadata": "true", "Authorization": "Basic {}".format(secret)},
         )
-    payload = json.loads(response.text)
-    if payload.get("access_token") and payload.get("expires_in"):
-        # Example: https://learn.microsoft.com/en-us/azure/azure-arc/servers/media/managed-identity-authentication/bash-token-output-example.png
-        return {
-            "access_token": payload["access_token"],
-            "expires_in": int(payload["expires_in"]),
-            "token_type": payload.get("token_type", "Bearer"),
-            "resource": payload.get("resource"),
-            }
+    try:
+        payload = json.loads(response.text)
+        if payload.get("access_token") and payload.get("expires_in"):
+            # Example: https://learn.microsoft.com/en-us/azure/azure-arc/servers/media/managed-identity-authentication/bash-token-output-example.png
+            return {
+                "access_token": payload["access_token"],
+                "expires_in": int(payload["expires_in"]),
+                "token_type": payload.get("token_type", "Bearer"),
+                "resource": payload.get("resource"),
+                }
+    except ValueError:  # Typically json.decoder.JSONDecodeError
+        pass
     return {
         "error": "invalid_request",
         "error_description": response.text,

tests/test_mi.py

@@ -1,5 +1,6 @@
 import json
 import os
+import sys
 import time
 import unittest
 try:
@@ -141,7 +142,7 @@ def test_unified_api_service_should_ignore_unnecessary_client_id(self):
             {"ManagedIdentityIdType": "ClientId", "Id": "foo"},
             token_cache=TokenCache()))
 
-    def test_sf_service_error_should_be_normalized(self):
+    def test_sf_error_should_be_normalized(self):
         raw_error = '''
 {"error": {
     "correlationId": "foo",
@@ -163,18 +164,33 @@ def test_sf_service_error_should_be_normalized(self):
     "IDENTITY_ENDPOINT": "http://localhost/token",
     "IMDS_ENDPOINT": "http://localhost",
 })
+@patch(
+    "builtins.open" if sys.version_info.major >= 3 else "__builtin__.open",
+    mock_open(read_data="secret")
+)
 class ArcTestCase(ClientTestCase):
+    challenge = MinimalResponse(status_code=401, text="", headers={
+        "WWW-Authenticate": "Basic realm=/tmp/foo",
+        })
 
-    @patch("builtins.open", mock_open(read_data="secret"))
     def test_happy_path(self):
         with patch.object(self.app._http_client, "get", side_effect=[
-                MinimalResponse(status_code=401, text="", headers={
-                    "WWW-Authenticate": "Basic realm=/tmp/foo",
-                    }),
-                MinimalResponse(
-                    status_code=200,
-                    text='{"access_token": "AT", "expires_in": "1234", "resource": "R"}',
-                    ),
-                ]) as mocked_method:
+            self.challenge,
+            MinimalResponse(
+                status_code=200,
+                text='{"access_token": "AT", "expires_in": "1234", "resource": "R"}',
+                ),
+        ]) as mocked_method:
             super(ArcTestCase, self)._test_happy_path(self.app, mocked_method)
 
+    def test_arc_error_should_be_normalized(self):
+        with patch.object(self.app._http_client, "get", side_effect=[
+            self.challenge,
+            MinimalResponse(status_code=400, text="undefined"),
+        ]) as mocked_method:
+            self.assertEqual({
+                "error": "invalid_request",
+                "error_description": "undefined",
+            }, self.app.acquire_token(resource="R"))
+            self.assertEqual({}, self.app._token_cache._cache)
+