Resolving Error Checks for AzurePowerShellCredential Fall Back (#30214)

Author: nerddtvg

sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredential.cs

@@ -2,7 +2,6 @@
 // Licensed under the MIT License.
 
 using System;
-using System.ComponentModel;
 using System.Diagnostics;
 using System.Globalization;
 using System.IO;
@@ -38,7 +37,6 @@ public class AzurePowerShellCredential : TokenCredential
         private const string DefaultWorkingDirNonWindows = "/bin/";
         private static readonly string DefaultWorkingDir = RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? DefaultWorkingDirWindows : DefaultWorkingDirNonWindows;
         private readonly string _tenantId;
-        private const int ERROR_FILE_NOT_FOUND = 2;
         private readonly bool _logPII;
         private readonly bool _logAccountDetails;
         internal const string AzurePowerShellNotLogInError = "Please run 'Connect-AzAccount' to set up account.";
@@ -105,7 +103,10 @@ private async ValueTask<AccessToken> GetTokenImplAsync(bool async, TokenRequestC
                 }
                 return scope.Succeeded(token);
             }
-            catch (Win32Exception ex) when (ex.NativeErrorCode == ERROR_FILE_NOT_FOUND && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            // External execution is wrapped in a "cmd /c" command which will never throw a native Win32Exception ERROR_FILE_NOT_FOUND
+            // Check against the message for constant PowerShellNotInstalledError
+            // Do not retry if already using legacy PowerShell to prevent delays, also used in tests to ensure a single process result
+            catch (CredentialUnavailableException ex) when (UseLegacyPowerShell == false && ex.Message == PowerShellNotInstalledError && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
             {
                 UseLegacyPowerShell = true;
                 try
@@ -176,10 +177,6 @@ private static void CheckForErrors(string output)
             {
                 throw new CredentialUnavailableException(AzurePowerShellModuleNotInstalledError);
             }
-            if (output.IndexOf("is not recognized as an internal or external command", StringComparison.OrdinalIgnoreCase) != -1)
-            {
-                throw new Win32Exception(ERROR_FILE_NOT_FOUND);
-            }
 
             var needsLogin = output.IndexOf(RunConnectAzAccountToLogin, StringComparison.OrdinalIgnoreCase) != -1 ||
                              output.IndexOf(NoAccountsWereFoundInTheCache, StringComparison.OrdinalIgnoreCase) != -1 ||

sdk/identity/Azure.Identity/tests/AzurePowerShellCredentialsTests.cs

@@ -11,6 +11,7 @@
 using Azure.Core.TestFramework;
 using Azure.Identity.Tests.Mock;
 using NUnit.Framework;
+using System.Runtime.InteropServices;
 
 namespace Azure.Identity.Tests
 {
@@ -73,9 +74,6 @@ public async Task AuthenticateWithAzurePowerShellCredential(
 
         private static IEnumerable<object[]> ErrorScenarios()
         {
-            yield return new object[] { "'pwsh' is not recognized", AzurePowerShellCredential.PowerShellNotInstalledError };
-            yield return new object[] { "pwsh: command not found", AzurePowerShellCredential.PowerShellNotInstalledError };
-            yield return new object[] { "pwsh: not found", AzurePowerShellCredential.PowerShellNotInstalledError };
             yield return new object[] { "Run Connect-AzAccount to login", AzurePowerShellCredential.AzurePowerShellNotLogInError };
             yield return new object[] { "NoAzAccountModule", AzurePowerShellCredential.AzurePowerShellModuleNotInstalledError };
             yield return new object[] { "Get-AzAccessToken: Run Connect-AzAccount to login.", AzurePowerShellCredential.AzurePowerShellNotLogInError };
@@ -94,6 +92,32 @@ public void AuthenticateWithAzurePowerShellCredential_ErrorScenarios(string erro
             Assert.AreEqual(expectedError, ex.Message);
         }
 
+        /// <summary>
+        /// Requires 2 TestProcess results falling back from pwsh to powershell on Windows
+        /// </summary>
+        private static IEnumerable<object[]> FallBackErrorScenarios()
+        {
+            yield return new object[] { "'pwsh' is not recognized", AzurePowerShellCredential.PowerShellNotInstalledError };
+            yield return new object[] { "pwsh: command not found", AzurePowerShellCredential.PowerShellNotInstalledError };
+            yield return new object[] { "pwsh: not found", AzurePowerShellCredential.PowerShellNotInstalledError };
+        }
+
+        [Test]
+        [TestCaseSource(nameof(FallBackErrorScenarios))]
+        public void AuthenticateWithAzurePowerShellCredential_FallBackErrorScenarios(string errorMessage, string expectedError)
+        {
+            // This will require two processes on Windows and one on other platforms
+            // Purposefully stripping out the second process to ensure any attempt to fallback is caught on non-Windows
+            TestProcess[] testProcesses = new TestProcess[] { new TestProcess { Error = errorMessage }, new TestProcess { Error = errorMessage } };
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                testProcesses = new TestProcess[] { testProcesses[0] };
+
+            AzurePowerShellCredential credential = InstrumentClient(
+                new AzurePowerShellCredential(new AzurePowerShellCredentialOptions(), CredentialPipeline.GetInstance(null), new TestProcessService(testProcesses)));
+            var ex = Assert.ThrowsAsync<CredentialUnavailableException>(async () => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
+            Assert.AreEqual(expectedError, ex.Message);
+        }
+
         [Test]
         public async Task HandlesAlternateDateTimeFormats([Values("en-US", "nl-NL")] string culture)
         {
@@ -151,7 +175,10 @@ public void AuthenticateWithAzurePowerShellCredential_PowerShellNotInstalled(
         {
             var testProcess = new TestProcess { Error = errorMessage };
             AzurePowerShellCredential credential = InstrumentClient(
-                new AzurePowerShellCredential(new AzurePowerShellCredentialOptions(), CredentialPipeline.GetInstance(null), new TestProcessService(testProcess)));
+                new AzurePowerShellCredential(new AzurePowerShellCredentialOptions(), CredentialPipeline.GetInstance(null), new TestProcessService(testProcess))
+                {
+                    UseLegacyPowerShell = true
+                });
             var ex = Assert.ThrowsAsync<CredentialUnavailableException>(async () => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
             Assert.AreEqual(AzurePowerShellCredential.PowerShellNotInstalledError, ex.Message);
         }

sdk/identity/Azure.Identity/tests/DefaultAzureCredentialLiveTests.cs

@@ -221,7 +221,7 @@ public void DefaultAzureCredential_AllCredentialsHaveFailed_CredentialUnavailabl
             });
 
             var vscAdapter = new TestVscAdapter(ExpectedServiceName, "AzureCloud", "{}");
-            var factory = new TestDefaultAzureCredentialFactory(options, new TestFileSystemService(), new TestProcessService(new TestProcess { Error = "'az' is not recognized" }, new TestProcess{Error = "'PowerShell' is not recognized"}), vscAdapter);
+            var factory = new TestDefaultAzureCredentialFactory(options, new TestFileSystemService(), new TestProcessService(new TestProcess { Error = "'az' is not recognized" }, new TestProcess{Error = "'PowerShell' is not recognized"}, new TestProcess{Error = "'PowerShell' is not recognized"}), vscAdapter);
             var credential = InstrumentClient(new DefaultAzureCredential(factory, options));
 
             List<ClientDiagnosticListener.ProducedDiagnosticScope> scopes;