handle json parsing errors (Azure#24166)

christothes · web-flow · commit e7c17aae18cf · 2021-10-19T15:29:40.000-05:00
* handle json parsing errors
diff --git a/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs b/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs
@@ -13,6 +13,7 @@ namespace Azure.Identity
     internal abstract class ManagedIdentitySource
     {
         internal const string AuthenticationResponseInvalidFormatError = "Invalid response, the authentication response was not in the expected format.";
+        internal const string UnexpectedResponse = "Managed Identity response was not in the expected format. See the inner exception for details.";
         private ManagedIdentityResponseClassifier _responseClassifier;
 
         protected ManagedIdentitySource(CredentialPipeline pipeline)
@@ -40,20 +41,35 @@ public virtual async ValueTask<AccessToken> AuthenticateAsync(bool async, TokenR
             return await HandleResponseAsync(async, context, message.Response, cancellationToken).ConfigureAwait(false);
         }
 
-        protected virtual async ValueTask<AccessToken> HandleResponseAsync(bool async, TokenRequestContext context, Response response, CancellationToken cancellationToken)
+        protected virtual async ValueTask<AccessToken> HandleResponseAsync(
+            bool async,
+            TokenRequestContext context,
+            Response response,
+            CancellationToken cancellationToken)
         {
-            using JsonDocument json = async
-                ? await JsonDocument.ParseAsync(response.ContentStream, default, cancellationToken).ConfigureAwait(false)
-                : JsonDocument.Parse(response.ContentStream);
-            if (response.Status == 200)
+            string message;
+            Exception exception = null;
+            try
+            {
+                using JsonDocument json = async
+                    ? await JsonDocument.ParseAsync(response.ContentStream, default, cancellationToken).ConfigureAwait(false)
+                    : JsonDocument.Parse(response.ContentStream);
+                if (response.Status == 200)
+                {
+                    return GetTokenFromResponse(json.RootElement);
+                }
+
+                message = GetMessageFromResponse(json.RootElement);
+            }
+            catch (Exception e)
             {
-                return GetTokenFromResponse(json.RootElement);
+                exception = e;
+                message = UnexpectedResponse;
             }
 
-            string message = GetMessageFromResponse(json.RootElement);
             throw async
-                ? await Pipeline.Diagnostics.CreateRequestFailedExceptionAsync(response, message).ConfigureAwait(false)
-                : Pipeline.Diagnostics.CreateRequestFailedException(response, message);
+                ? await Pipeline.Diagnostics.CreateRequestFailedExceptionAsync(response, message, innerException: exception).ConfigureAwait(false)
+                : Pipeline.Diagnostics.CreateRequestFailedException(response, message, innerException: exception);
         }
 
         protected abstract Request CreateRequest(string[] scopes);
diff --git a/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs b/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
-using System.Net.Http;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
@@ -459,6 +458,58 @@ public async Task VerifyClientAuthenticateThrows()
             await Task.CompletedTask;
         }
 
+        [Test]
+        public async Task VerifyClientAuthenticateReturnsInvalidJson([Values(200, 404)] int status)
+        {
+            using var environment = new TestEnvVar(
+                new()
+                {
+                    { "MSI_ENDPOINT", null },
+                    { "MSI_SECRET", null },
+                    { "IDENTITY_ENDPOINT", null },
+                    { "IDENTITY_HEADER", null },
+                    { "AZURE_POD_IDENTITY_AUTHORITY_HOST", null }
+                });
+            var mockTransport = new MockTransport(request => CreateInvalidJsonResponse(status));
+            var options = new TokenCredentialOptions() { Transport = mockTransport };
+            options.Retry.MaxDelay = TimeSpan.Zero;
+            var pipeline = CredentialPipeline.GetInstance(options);
+
+            ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential("mock-client-id", pipeline));
+
+            var ex = Assert.ThrowsAsync<AuthenticationFailedException>(async () => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
+            Assert.IsInstanceOf(typeof(RequestFailedException), ex.InnerException);
+            Assert.That(ex.Message, Does.Contain(ManagedIdentitySource.UnexpectedResponse));
+            await Task.CompletedTask;
+        }
+
+        [Test]
+        public async Task VerifyClientAuthenticateReturnsErrorResponse()
+        {
+            using var environment = new TestEnvVar(
+                new()
+                {
+                    { "MSI_ENDPOINT", null },
+                    { "MSI_SECRET", null },
+                    { "IDENTITY_ENDPOINT", null },
+                    { "IDENTITY_HEADER", null },
+                    { "AZURE_POD_IDENTITY_AUTHORITY_HOST", null }
+                });
+            var errorMessage = "Some error happened";
+            var mockTransport = new MockTransport(request => CreateErrorMockResponse(404, errorMessage));
+            var options = new TokenCredentialOptions { Transport = mockTransport};
+            options.Retry.MaxDelay = TimeSpan.Zero;
+            var pipeline = CredentialPipeline.GetInstance(options);
+
+            ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential("mock-client-id", pipeline));
+
+            var ex = Assert.ThrowsAsync<AuthenticationFailedException>(async () => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
+            Assert.IsInstanceOf(typeof(RequestFailedException), ex.InnerException);
+            Assert.That(ex.Message, Does.Contain(errorMessage));
+
+            await Task.CompletedTask;
+        }
+
         [Test]
         [TestCaseSource("ExceptionalEnvironmentConfigs")]
         public async Task VerifyAuthenticationFailedExceptionsAreDeferredToGetToken(Dictionary<string, string> environmentVariables)
@@ -503,5 +554,12 @@ private MockResponse CreateErrorMockResponse(int responseCode, string message)
             response.SetContent($"{{\"StatusCode\":400,\"Message\":\"{message}\",\"CorrelationId\":\"f3c9aec0-7fa2-4184-ad0f-0c68ce5fc748\"}}");
             return response;
         }
+
+        private static MockResponse CreateInvalidJsonResponse(int status)
+        {
+            var response = new MockResponse(status);
+            response.SetContent("invalid json");
+            return response;
+        }
     }
 }
