Add troubleshooting message link to credential exceptions (Azure#23979)

christothes · web-flow · commit 33cfc7e84f7b · 2021-10-11T13:26:03.000-05:00
* Add troubleshooting message link to credential exceptions
diff --git a/sdk/identity/Azure.Identity/src/AzureCliCredential.cs b/sdk/identity/Azure.Identity/src/AzureCliCredential.cs
@@ -25,6 +25,7 @@ public class AzureCliCredential : TokenCredential
         internal const string WinAzureCLIError = "'az' is not recognized";
         internal const string AzureCliTimeoutError = "Azure CLI authentication timed out.";
         internal const string AzureCliFailedError = "Azure CLI authentication failed due to an unknown error.";
+        internal const string Troubleshoot = "See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/azclicredential/troubleshoot";
         internal const string InteractiveLoginRequired = "Azure CLI could not login. Interactive login is required.";
         internal const string CLIInternalError = "CLIInternalError: The command failed with an unexpected error. Here is the traceback:";
         private const int CliProcessTimeoutMs = 13000;
@@ -156,7 +157,7 @@ private async ValueTask<AccessToken> RequestCliAccessTokenAsync(bool async, Toke
                     throw new CredentialUnavailableException(InteractiveLoginRequired);
                 }
 
-                throw new AuthenticationFailedException($"{AzureCliFailedError} {exception.Message}");
+                throw new AuthenticationFailedException($"{AzureCliFailedError} {Troubleshoot} {exception.Message}");
             }
 
             return DeserializeOutput(output);
diff --git a/sdk/identity/Azure.Identity/src/AzurePowerShellCredential.cs b/sdk/identity/Azure.Identity/src/AzurePowerShellCredential.cs
@@ -27,7 +27,8 @@ public class AzurePowerShellCredential : TokenCredential
         private const int PowerShellProcessTimeoutMs = 10000;
         internal bool UseLegacyPowerShell { get; set; }
 
-        private const string AzurePowerShellFailedError = "Azure PowerShell authentication failed due to an unknown error.";
+        private const string Troubleshooting = "See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/powershellcredential/troubleshoot";
+        private const string AzurePowerShellFailedError = "Azure PowerShell authentication failed due to an unknown error. " + Troubleshooting;
         private const string AzurePowerShellTimeoutError = "Azure PowerShell authentication timed out.";
         internal const string AzurePowerShellNotLogInError = "Please run 'Connect-AzAccount' to set up account.";
         internal const string AzurePowerShellModuleNotInstalledError = "Az.Account module >= 2.2.0 is not installed.";
diff --git a/sdk/identity/Azure.Identity/src/CredentialDiagnosticScope.cs b/sdk/identity/Azure.Identity/src/CredentialDiagnosticScope.cs
@@ -36,9 +36,9 @@ public AccessToken Succeeded(AccessToken token)
             return token;
         }
 
-        public Exception FailWrapAndThrow(Exception ex)
+        public Exception FailWrapAndThrow(Exception ex, string additionalMessage = null)
         {
-            var wrapped = TryWrapException(ref ex);
+            var wrapped = TryWrapException(ref ex, additionalMessage);
             RegisterFailed(ex);
 
             if (!wrapped)
@@ -55,7 +55,7 @@ private void RegisterFailed(Exception ex)
             _scopeHandler.Fail(_name, _scope, ex);
         }
 
-        private bool TryWrapException(ref Exception exception)
+        private bool TryWrapException(ref Exception exception, string additionalMessageText = null)
         {
             if (exception is OperationCanceledException || exception is AuthenticationFailedException)
             {
@@ -71,8 +71,12 @@ private bool TryWrapException(ref Exception exception)
                     return true;
                 }
             }
-
-            exception = new AuthenticationFailedException($"{_name.Substring(0, _name.IndexOf('.'))} authentication failed: {exception.Message}", exception);
+            string exceptionMessage = $"{_name.Substring(0, _name.IndexOf('.'))} authentication failed: {exception.Message}";
+            if (additionalMessageText != null)
+            {
+                exceptionMessage = exceptionMessage + $"\n{additionalMessageText}";
+            }
+            exception = new AuthenticationFailedException(exceptionMessage, exception);
             return true;
         }
 
diff --git a/sdk/identity/Azure.Identity/src/DefaultAzureCredential.cs b/sdk/identity/Azure.Identity/src/DefaultAzureCredential.cs
@@ -47,7 +47,8 @@ namespace Azure.Identity
     /// </example>
     public class DefaultAzureCredential : TokenCredential
     {
-        private const string DefaultExceptionMessage = "DefaultAzureCredential failed to retrieve a token from the included credentials.";
+        private const string Troubleshooting = "See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot";
+        private const string DefaultExceptionMessage = "DefaultAzureCredential failed to retrieve a token from the included credentials. " + Troubleshooting;
         private const string UnhandledExceptionMessage = "DefaultAzureCredential authentication failed due to an unhandled exception: ";
         private static readonly TokenCredential[] s_defaultCredentialChain = GetDefaultAzureCredentialChain(new DefaultAzureCredentialFactory(null), new DefaultAzureCredentialOptions());
 
diff --git a/sdk/identity/Azure.Identity/src/EnvironmentCredential.cs b/sdk/identity/Azure.Identity/src/EnvironmentCredential.cs
@@ -28,7 +28,7 @@ namespace Azure.Identity
     /// </summary>
     public class EnvironmentCredential : TokenCredential
     {
-        private const string UnavailableErrorMessage = "EnvironmentCredential authentication unavailable. Environment variables are not fully configured.";
+        private const string UnavailableErrorMessage = "EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot";
         private readonly CredentialPipeline _pipeline;
         private readonly TokenCredentialOptions _options;
 
diff --git a/sdk/identity/Azure.Identity/src/ManagedIdentityCredential.cs b/sdk/identity/Azure.Identity/src/ManagedIdentityCredential.cs
@@ -24,6 +24,7 @@ public class ManagedIdentityCredential : TokenCredential
 
         private readonly CredentialPipeline _pipeline;
         private readonly ManagedIdentityClient _client;
+        private const string Troubleshooting = "See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot";
 
         /// <summary>
         /// Protected constructor for mocking.
@@ -90,7 +91,7 @@ private async ValueTask<AccessToken> GetTokenImplAsync(bool async, TokenRequestC
             }
             catch (Exception e)
             {
-               throw scope.FailWrapAndThrow(e);
+               throw scope.FailWrapAndThrow(e, Troubleshooting);
             }
         }
     }
diff --git a/sdk/identity/Azure.Identity/src/UsernamePasswordCredential.cs b/sdk/identity/Azure.Identity/src/UsernamePasswordCredential.cs
@@ -19,6 +19,7 @@ namespace Azure.Identity
     public class UsernamePasswordCredential : TokenCredential
     {
         private const string NoDefaultScopeMessage = "Authenticating in this environment requires specifying a TokenRequestContext.";
+        private const string Troubleshooting = "See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot";
 
         private readonly string _clientId;
         private readonly CredentialPipeline _pipeline;
@@ -185,7 +186,7 @@ private async Task<AuthenticationResult> AuthenticateImplAsync(bool async, Token
             }
             catch (Exception e)
             {
-                throw scope.FailWrapAndThrow(e);
+                throw scope.FailWrapAndThrow(e, Troubleshooting);
             }
         }
 
@@ -215,7 +216,7 @@ private async Task<AccessToken> GetTokenImplAsync(bool async, TokenRequestContex
             }
             catch (Exception e)
             {
-                throw scope.FailWrapAndThrow(e);
+                throw scope.FailWrapAndThrow(e, Troubleshooting);
             }
         }
     }
diff --git a/sdk/identity/Azure.Identity/src/VisualStudioCodeCredential.cs b/sdk/identity/Azure.Identity/src/VisualStudioCodeCredential.cs
@@ -26,6 +26,7 @@ public class VisualStudioCodeCredential : TokenCredential
         private readonly CredentialPipeline _pipeline;
         private readonly string _tenantId;
         private const string _commonTenant = "common";
+        private const string Troubleshooting = "See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot";
         internal MsalPublicClient Client { get; }
 
         /// <summary>
@@ -83,12 +84,12 @@ private async ValueTask<AccessToken> GetTokenImplAsync(TokenRequestContext reque
             {
                 throw scope.FailWrapAndThrow(
                     new CredentialUnavailableException(
-                        $"{nameof(VisualStudioCodeCredential)} authentication unavailable. Token acquisition failed. Ensure that you have authenticated in VSCode Azure Account.",
+                        $"{nameof(VisualStudioCodeCredential)} authentication unavailable. Token acquisition failed. Ensure that you have authenticated in VSCode Azure Account. " + Troubleshooting,
                         e));
             }
             catch (Exception e)
             {
-                throw scope.FailWrapAndThrow(e);
+                throw scope.FailWrapAndThrow(e, Troubleshooting);
             }
         }
 
@@ -106,7 +107,7 @@ private string GetStoredCredentials(string environmentName)
             }
             catch (Exception ex) when (!(ex is OperationCanceledException || ex is CredentialUnavailableException))
             {
-                throw new CredentialUnavailableException("Stored credentials not found. Need to authenticate user in VSCode Azure Account.", ex);
+                throw new CredentialUnavailableException("Stored credentials not found. Need to authenticate user in VSCode Azure Account. " + Troubleshooting, ex);
             }
         }
 
diff --git a/sdk/identity/Azure.Identity/tests/AzureCliCredentialTests.cs b/sdk/identity/Azure.Identity/tests/AzureCliCredentialTests.cs
@@ -80,7 +80,7 @@ public static IEnumerable<object[]> AzureCliExceptionScenarios()
             yield return new object[] { AzureCliCredential.AzNotLogIn, AzureCliCredential.AzNotLogIn, typeof(CredentialUnavailableException) };
             yield return new object[] { RefreshTokenExpiredError, AzureCliCredential.InteractiveLoginRequired, typeof(CredentialUnavailableException) };
             yield return new object[] { AzureCliCredential.CLIInternalError, AzureCliCredential.InteractiveLoginRequired, typeof(CredentialUnavailableException) };
-            yield return new object[] { "random unknown exception", AzureCliCredential.AzureCliFailedError + " random unknown exception", typeof(AuthenticationFailedException) };
+            yield return new object[] { "random unknown exception", AzureCliCredential.AzureCliFailedError + " " + AzureCliCredential.Troubleshoot + " random unknown exception", typeof(AuthenticationFailedException) };
         }
 
         [Test]

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ public class AzureCliCredential : TokenCredential`
`25`	`25`	`internal const string WinAzureCLIError = "'az' is not recognized";`
`26`	`26`	`internal const string AzureCliTimeoutError = "Azure CLI authentication timed out.";`
`27`	`27`	`internal const string AzureCliFailedError = "Azure CLI authentication failed due to an unknown error.";`
	`28`	`+ internal const string Troubleshoot = "See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/azclicredential/troubleshoot";`
`28`	`29`	`internal const string InteractiveLoginRequired = "Azure CLI could not login. Interactive login is required.";`
`29`	`30`	`internal const string CLIInternalError = "CLIInternalError: The command failed with an unexpected error. Here is the traceback:";`
`30`	`31`	`private const int CliProcessTimeoutMs = 13000;`
`@@ -156,7 +157,7 @@ private async ValueTask<AccessToken> RequestCliAccessTokenAsync(bool async, Toke`
`156`	`157`	`throw new CredentialUnavailableException(InteractiveLoginRequired);`
`157`	`158`	`}`
`158`	`159`
`159`		`- throw new AuthenticationFailedException($"{AzureCliFailedError} {exception.Message}");`
	`160`	`+ throw new AuthenticationFailedException($"{AzureCliFailedError} {Troubleshoot} {exception.Message}");`
`160`	`161`	`}`
`161`	`162`
`162`	`163`	`return DeserializeOutput(output);`
Original file line number	Diff line number	Diff line change
`@@ -36,9 +36,9 @@ public AccessToken Succeeded(AccessToken token)`
`36`	`36`	`return token;`
`37`	`37`	`}`
`38`	`38`
`39`		`- public Exception FailWrapAndThrow(Exception ex)`
	`39`	`+ public Exception FailWrapAndThrow(Exception ex, string additionalMessage = null)`
`40`	`40`	`{`
`41`		`- var wrapped = TryWrapException(ref ex);`
	`41`	`+ var wrapped = TryWrapException(ref ex, additionalMessage);`
`42`	`42`	`RegisterFailed(ex);`
`43`	`43`
`44`	`44`	`if (!wrapped)`
`@@ -55,7 +55,7 @@ private void RegisterFailed(Exception ex)`
`55`	`55`	`_scopeHandler.Fail(_name, _scope, ex);`
`56`	`56`	`}`
`57`	`57`
`58`		`- private bool TryWrapException(ref Exception exception)`
	`58`	`+ private bool TryWrapException(ref Exception exception, string additionalMessageText = null)`
`59`	`59`	`{`
`60`	`60`	`if (exception is OperationCanceledException \|\| exception is AuthenticationFailedException)`
`61`	`61`	`{`
`@@ -71,8 +71,12 @@ private bool TryWrapException(ref Exception exception)`
`71`	`71`	`return true;`
`72`	`72`	`}`
`73`	`73`	`}`
`74`		`-`
`75`		`- exception = new AuthenticationFailedException($"{_name.Substring(0, _name.IndexOf('.'))} authentication failed: {exception.Message}", exception);`
	`74`	`+ string exceptionMessage = $"{_name.Substring(0, _name.IndexOf('.'))} authentication failed: {exception.Message}";`
	`75`	`+ if (additionalMessageText != null)`
	`76`	`+ {`
	`77`	`+ exceptionMessage = exceptionMessage + $"\n{additionalMessageText}";`
	`78`	`+ }`
	`79`	`+ exception = new AuthenticationFailedException(exceptionMessage, exception);`
`76`	`80`	`return true;`
`77`	`81`	`}`
`78`	`82`
Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,8 @@ namespace Azure.Identity`
`47`	`47`	`/// </example>`
`48`	`48`	`public class DefaultAzureCredential : TokenCredential`
`49`	`49`	`{`
`50`		`- private const string DefaultExceptionMessage = "DefaultAzureCredential failed to retrieve a token from the included credentials.";`
	`50`	`+ private const string Troubleshooting = "See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot";`
	`51`	`+ private const string DefaultExceptionMessage = "DefaultAzureCredential failed to retrieve a token from the included credentials. " + Troubleshooting;`
`51`	`52`	`private const string UnhandledExceptionMessage = "DefaultAzureCredential authentication failed due to an unhandled exception: ";`
`52`	`53`	`private static readonly TokenCredential[] s_defaultCredentialChain = GetDefaultAzureCredentialChain(new DefaultAzureCredentialFactory(null), new DefaultAzureCredentialOptions());`
`53`	`54`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ namespace Azure.Identity`
`28`	`28`	`/// </summary>`
`29`	`29`	`public class EnvironmentCredential : TokenCredential`
`30`	`30`	`{`
`31`		`- private const string UnavailableErrorMessage = "EnvironmentCredential authentication unavailable. Environment variables are not fully configured.";`
	`31`	`+ private const string UnavailableErrorMessage = "EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot";`
`32`	`32`	`private readonly CredentialPipeline _pipeline;`
`33`	`33`	`private readonly TokenCredentialOptions _options;`
`34`	`34`
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ public class ManagedIdentityCredential : TokenCredential`
`24`	`24`
`25`	`25`	`private readonly CredentialPipeline _pipeline;`
`26`	`26`	`private readonly ManagedIdentityClient _client;`
	`27`	`+ private const string Troubleshooting = "See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot";`
`27`	`28`
`28`	`29`	`/// <summary>`
`29`	`30`	`/// Protected constructor for mocking.`
`@@ -90,7 +91,7 @@ private async ValueTask<AccessToken> GetTokenImplAsync(bool async, TokenRequestC`
`90`	`91`	`}`
`91`	`92`	`catch (Exception e)`
`92`	`93`	`{`
`93`		`- throw scope.FailWrapAndThrow(e);`
	`94`	`+ throw scope.FailWrapAndThrow(e, Troubleshooting);`
`94`	`95`	`}`
`95`	`96`	`}`
`96`	`97`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@ namespace Azure.Identity`
`19`	`19`	`public class UsernamePasswordCredential : TokenCredential`
`20`	`20`	`{`
`21`	`21`	`private const string NoDefaultScopeMessage = "Authenticating in this environment requires specifying a TokenRequestContext.";`
	`22`	`+ private const string Troubleshooting = "See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot";`
`22`	`23`
`23`	`24`	`private readonly string _clientId;`
`24`	`25`	`private readonly CredentialPipeline _pipeline;`
`@@ -185,7 +186,7 @@ private async Task<AuthenticationResult> AuthenticateImplAsync(bool async, Token`
`185`	`186`	`}`
`186`	`187`	`catch (Exception e)`
`187`	`188`	`{`
`188`		`- throw scope.FailWrapAndThrow(e);`
	`189`	`+ throw scope.FailWrapAndThrow(e, Troubleshooting);`
`189`	`190`	`}`
`190`	`191`	`}`
`191`	`192`
`@@ -215,7 +216,7 @@ private async Task<AccessToken> GetTokenImplAsync(bool async, TokenRequestContex`
`215`	`216`	`}`
`216`	`217`	`catch (Exception e)`
`217`	`218`	`{`
`218`		`- throw scope.FailWrapAndThrow(e);`
	`219`	`+ throw scope.FailWrapAndThrow(e, Troubleshooting);`
`219`	`220`	`}`
`220`	`221`	`}`
`221`	`222`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ public class VisualStudioCodeCredential : TokenCredential`
`26`	`26`	`private readonly CredentialPipeline _pipeline;`
`27`	`27`	`private readonly string _tenantId;`
`28`	`28`	`private const string _commonTenant = "common";`
	`29`	`+ private const string Troubleshooting = "See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot";`
`29`	`30`	`internal MsalPublicClient Client { get; }`
`30`	`31`
`31`	`32`	`/// <summary>`
`@@ -83,12 +84,12 @@ private async ValueTask<AccessToken> GetTokenImplAsync(TokenRequestContext reque`
`83`	`84`	`{`
`84`	`85`	`throw scope.FailWrapAndThrow(`
`85`	`86`	`new CredentialUnavailableException(`
`86`		`- $"{nameof(VisualStudioCodeCredential)} authentication unavailable. Token acquisition failed. Ensure that you have authenticated in VSCode Azure Account.",`
	`87`	`+ $"{nameof(VisualStudioCodeCredential)} authentication unavailable. Token acquisition failed. Ensure that you have authenticated in VSCode Azure Account. " + Troubleshooting,`
`87`	`88`	`e));`
`88`	`89`	`}`
`89`	`90`	`catch (Exception e)`
`90`	`91`	`{`
`91`		`- throw scope.FailWrapAndThrow(e);`
	`92`	`+ throw scope.FailWrapAndThrow(e, Troubleshooting);`
`92`	`93`	`}`
`93`	`94`	`}`
`94`	`95`
`@@ -106,7 +107,7 @@ private string GetStoredCredentials(string environmentName)`
`106`	`107`	`}`
`107`	`108`	`catch (Exception ex) when (!(ex is OperationCanceledException \|\| ex is CredentialUnavailableException))`
`108`	`109`	`{`
`109`		`- throw new CredentialUnavailableException("Stored credentials not found. Need to authenticate user in VSCode Azure Account.", ex);`
	`110`	`+ throw new CredentialUnavailableException("Stored credentials not found. Need to authenticate user in VSCode Azure Account. " + Troubleshooting, ex);`
`110`	`111`	`}`
`111`	`112`	`}`
`112`	`113`
Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ public static IEnumerable<object[]> AzureCliExceptionScenarios()`
`80`	`80`	`yield return new object[] { AzureCliCredential.AzNotLogIn, AzureCliCredential.AzNotLogIn, typeof(CredentialUnavailableException) };`
`81`	`81`	`yield return new object[] { RefreshTokenExpiredError, AzureCliCredential.InteractiveLoginRequired, typeof(CredentialUnavailableException) };`
`82`	`82`	`yield return new object[] { AzureCliCredential.CLIInternalError, AzureCliCredential.InteractiveLoginRequired, typeof(CredentialUnavailableException) };`
`83`		`- yield return new object[] { "random unknown exception", AzureCliCredential.AzureCliFailedError + " random unknown exception", typeof(AuthenticationFailedException) };`
	`83`	`+ yield return new object[] { "random unknown exception", AzureCliCredential.AzureCliFailedError + " " + AzureCliCredential.Troubleshoot + " random unknown exception", typeof(AuthenticationFailedException) };`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`[Test]`