Merge pull request #523 from AzureAD/4gust/region-auto-enable

Added Region auto enable
AzureAD · Oct 31, 2024 · 451cb24 · 451cb24
2 parents bf74752 + efa66ec
commit 451cb24
Show file tree

Hide file tree

Showing 2 changed files with 81 additions and 1 deletion.
diff --git a/apps/confidential/confidential.go b/apps/confidential/confidential.go
@@ -18,6 +18,8 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"os"
+	"strings"
 
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/cache"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base"
@@ -315,16 +317,21 @@ func New(authority, clientID string, cred Credential, options ...Option) (Client
 	if err != nil {
 		return Client{}, err
 	}
-
+	autoEnabledRegion := os.Getenv("MSAL_FORCE_REGION")
 	opts := clientOptions{
 		authority: authority,
 		// if the caller specified a token provider, it will handle all details of authentication, using Client only as a token cache
 		disableInstanceDiscovery: cred.tokenProvider != nil,
 		httpClient:               shared.DefaultClient,
+		azureRegion:              autoEnabledRegion,
 	}
 	for _, o := range options {
 		o(&opts)
 	}
+	if strings.EqualFold(opts.azureRegion, "DisableMsalForceRegion") {
+		opts.azureRegion = ""
+	}
+
 	baseOpts := []base.Option{
 		base.WithCacheAccessor(opts.accessor),
 		base.WithClientCapabilities(opts.capabilities),

diff --git a/apps/confidential/confidential_test.go b/apps/confidential/confidential_test.go
@@ -164,6 +164,79 @@ func TestAcquireTokenByCredential(t *testing.T) {
 	}
 }
 
+func TestRegionAutoEnable_EmptyRegion_EnvRegion(t *testing.T) {
+	cred, err := NewCredFromSecret(fakeSecret)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	envRegion := "envRegion"
+	err = os.Setenv("MSAL_FORCE_REGION", envRegion)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Unsetenv("MSAL_FORCE_REGION")
+
+	lmo := "login.microsoftonline.com"
+	tenant := "tenant"
+	mockClient := mock.Client{}
+	client, err := New(fmt.Sprintf(authorityFmt, lmo, tenant), fakeClientID, cred, WithHTTPClient(&mockClient))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if client.base.AuthParams.AuthorityInfo.Region != envRegion {
+		t.Fatalf("wanted %q, got %q", envRegion, client.base.AuthParams.AuthorityInfo.Region)
+	}
+}
+
+func TestRegionAutoEnable_SpecifiedRegion_EnvRegion(t *testing.T) {
+	cred, err := NewCredFromSecret(fakeSecret)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	envRegion := "envRegion"
+	err = os.Setenv("MSAL_FORCE_REGION", envRegion)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Unsetenv("MSAL_FORCE_REGION")
+
+	lmo := "login.microsoftonline.com"
+	tenant := "tenant"
+	mockClient := mock.Client{}
+	testRegion := "region"
+	client, err := New(fmt.Sprintf(authorityFmt, lmo, tenant), fakeClientID, cred, WithHTTPClient(&mockClient), WithAzureRegion(testRegion))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if client.base.AuthParams.AuthorityInfo.Region != testRegion {
+		t.Fatalf("wanted %q, got %q", testRegion, client.base.AuthParams.AuthorityInfo.Region)
+	}
+}
+
+func TestRegionAutoEnable_DisableMsalForceRegion(t *testing.T) {
+	cred, err := NewCredFromSecret(fakeSecret)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	lmo := "login.microsoftonline.com"
+	tenant := "tenant"
+	mockClient := mock.Client{}
+	testRegion := "DisableMsalForceRegion"
+	client, err := New(fmt.Sprintf(authorityFmt, lmo, tenant), fakeClientID, cred, WithHTTPClient(&mockClient), WithAzureRegion(testRegion))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if client.base.AuthParams.AuthorityInfo.Region != "" {
+		t.Fatalf("wanted empty, got %q", client.base.AuthParams.AuthorityInfo.Region)
+	}
+}
+
 func TestAcquireTokenOnBehalfOf(t *testing.T) {
 	// this test is an offline version of TestOnBehalfOf in integration_test.go
 	cred, err := NewCredFromSecret(fakeSecret)