From ab3483201ef6ce035caa1877d2395ee08309fc14 Mon Sep 17 00:00:00 2001
From: JoshLozensky <103777376+JoshLozensky@users.noreply.github.com>
Date: Fri, 8 Dec 2023 11:51:58 -0800
Subject: [PATCH] Simplify managed identity configuration (#113)

Reducing complexity of managed identity implementation.
---
 .../ManagedIdentity/ManagedIdentityOptions.cs | 41 -------------------
 .../ManagedIdentity/ManagedIdentityType.cs    | 23 -----------
 .../TokenAcquisition/AcquireTokenOptions.cs   | 11 ++---
 .../ManagedIdentityOptions.cs                 | 37 +++++++++++++++++
 .../AquireTokenOptionsTests.cs                | 25 ++++-------
 .../DownstreamApiTests.cs                     |  3 +-
 .../ManagedIdentityDescriptionTests.cs        | 26 ------------
 7 files changed, 51 insertions(+), 115 deletions(-)
 delete mode 100644 src/Microsoft.Identity.Abstractions/ManagedIdentity/ManagedIdentityOptions.cs
 delete mode 100644 src/Microsoft.Identity.Abstractions/ManagedIdentity/ManagedIdentityType.cs
 create mode 100644 src/Microsoft.Identity.Abstractions/TokenAcquisition/ManagedIdentityOptions.cs
 delete mode 100644 test/Microsoft.Identity.Abstractions.Tests/ManagedIdentityDescriptionTests.cs

diff --git a/src/Microsoft.Identity.Abstractions/ManagedIdentity/ManagedIdentityOptions.cs b/src/Microsoft.Identity.Abstractions/ManagedIdentity/ManagedIdentityOptions.cs
deleted file mode 100644
index cc8cc7c..0000000
--- a/src/Microsoft.Identity.Abstractions/ManagedIdentity/ManagedIdentityOptions.cs
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-using System.ComponentModel;
-
-namespace Microsoft.Identity.Abstractions
-{
-    /// <summary>
-    /// Data object to hold the definition of a managed identity for an application to use for authentication.
-    /// See <see href="https://aka.ms/Entra/ManagedIdentityOverview"/> for more details.
-    /// </summary>
-    public class ManagedIdentityOptions
-    {
-        /// <summary>
-        /// Gets or sets whether the <see cref="Abstractions.ManagedIdentityType"/> is system-assigned or user assigned.
-        /// Defaults to <see cref="ManagedIdentityType.SystemAssigned"/> if not set.
-        /// See <see href="https://aka.ms/Entra/ManagedIdentityOverview"/> for details on these two types of managed identity.
-        /// </summary>
-        [DefaultValue(ManagedIdentityType.SystemAssigned)]
-        public ManagedIdentityType ManagedIdentityType { get; set; }
-
-        /// <summary>
-        /// Gets or sets the value of the ClientID when <see cref="ManagedIdentityType"/> is set to
-        /// <see cref="ManagedIdentityType.UserAssigned"/>. If not set, the default value is null.
-        /// </summary>
-        public string? ClientId { get; set; }
-
-        /// <summary>
-        /// Makes a new object to avoid sharing the same reference.
-        /// </summary>
-        /// <returns>A new instance of <see cref="ManagedIdentityOptions"/> with the same field values.</returns>
-        public ManagedIdentityOptions Clone()
-        {
-            return new ManagedIdentityOptions
-            {
-                ManagedIdentityType = ManagedIdentityType,
-                ClientId = ClientId
-            };
-        }
-    }
-}
diff --git a/src/Microsoft.Identity.Abstractions/ManagedIdentity/ManagedIdentityType.cs b/src/Microsoft.Identity.Abstractions/ManagedIdentity/ManagedIdentityType.cs
deleted file mode 100644
index 9a87b00..0000000
--- a/src/Microsoft.Identity.Abstractions/ManagedIdentity/ManagedIdentityType.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-namespace Microsoft.Identity.Abstractions
-{
-    /// <summary>
-    /// Used by <see cref="ManagedIdentityOptions"/> to specify the type of managed identity to use.
-    /// See <see href="https://aka.ms/Entra/ManagedIdentityOverview"/> for more details.
-    /// </summary>
-    public enum ManagedIdentityType
-    {
-        /// <summary>
-        /// The default value, indicating the managed identity to use is the one configured for the Azure resource on which the
-        /// application is running.
-        /// </summary>
-        SystemAssigned = 0,
-
-        /// <summary>
-        /// Indicates the managed identity to use is a user-assigned identity which is defined in a standalone Azure resource.
-        /// </summary>
-        UserAssigned = 1,
-    }
-}
diff --git a/src/Microsoft.Identity.Abstractions/TokenAcquisition/AcquireTokenOptions.cs b/src/Microsoft.Identity.Abstractions/TokenAcquisition/AcquireTokenOptions.cs
index 38b88e7..50f8df3 100644
--- a/src/Microsoft.Identity.Abstractions/TokenAcquisition/AcquireTokenOptions.cs
+++ b/src/Microsoft.Identity.Abstractions/TokenAcquisition/AcquireTokenOptions.cs
@@ -95,13 +95,10 @@ public AcquireTokenOptions(AcquireTokenOptions other)
         /// <summary>
         /// When <see cref="ManagedIdentity"/> is set, the application uses a managed identity instead of client credentials to
         /// acquire an app token.
-        /// The type of managed identity is defined by the <see cref="ManagedIdentityOptions.ManagedIdentityType"/> field. When
-        /// using a <see cref="ManagedIdentityType.SystemAssigned"/> identity, this is the only field that needs to be set and is
-        /// set by default. However, for readability it can be useful to set explicitly.
-        /// To use a user-assigned identity, select the <see cref="ManagedIdentityType"/> that corresponds to the
-        /// <see cref="ManagedIdentityOptions.ClientId"/> you plan to use for authentication.
-        /// Using either form of managed identity requires the application to be deployed on Azure and
-        /// the managed identity to be configured. For more details, check the
+        /// To use a system-assigned identity, simply leave <see cref="ManagedIdentityOptions.UserAssignedClientId"/> null.
+        /// To use a user-assigned identity, set <see cref="ManagedIdentityOptions.UserAssignedClientId"/> to the ClientID of the
+        /// user-assigned identity you want to use. Using either form of managed identity requires the application to be deployed
+        /// on Azure and the managed identity to be configured. For more details, check the
         /// <see href="https://aka.ms/Entra/ManagedIdentityOverview"> managed identities for Azure documentation</see>.
         /// </summary>
         /// <example>
diff --git a/src/Microsoft.Identity.Abstractions/TokenAcquisition/ManagedIdentityOptions.cs b/src/Microsoft.Identity.Abstractions/TokenAcquisition/ManagedIdentityOptions.cs
new file mode 100644
index 0000000..f7b5282
--- /dev/null
+++ b/src/Microsoft.Identity.Abstractions/TokenAcquisition/ManagedIdentityOptions.cs
@@ -0,0 +1,37 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System.ComponentModel;
+
+namespace Microsoft.Identity.Abstractions
+{
+    /// <summary>
+    /// Data object to hold the definition of a managed identity for an application to use for authentication. If 
+    /// <see cref="UserAssignedClientId"/> is null, the application will use the system-assigned managed identity. If
+    /// <see cref="UserAssignedClientId"/> is set, the application will try to use the user-assigned managed identity associated
+    /// with the provided ClientID. See <see href="https://aka.ms/Entra/ManagedIdentityOverview"/> for more details.
+    /// </summary>
+    public class ManagedIdentityOptions
+    {
+        /// <summary>
+        /// Gets or sets the value of the ClientID for user-assigned managed identity. If not set, the default value is null
+        /// which will tell the application to use the system-assigned managed identity.
+        /// </summary>
+        [DefaultValue(null)]
+        public string? UserAssignedClientId { get; set; }
+
+        /// <summary>
+        /// Makes a new object to avoid sharing the same reference.
+        /// </summary>
+        /// <returns>
+        /// New instance of <see cref="ManagedIdentityOptions"/> with the same <see cref="UserAssignedClientId"/>.
+        /// </returns>
+        public ManagedIdentityOptions Clone()
+        {
+            return new ManagedIdentityOptions
+            {
+                UserAssignedClientId = UserAssignedClientId
+            };
+        }
+    }
+}
diff --git a/test/Microsoft.Identity.Abstractions.Tests/AquireTokenOptionsTests.cs b/test/Microsoft.Identity.Abstractions.Tests/AquireTokenOptionsTests.cs
index 6a9291e..ee9ad31 100644
--- a/test/Microsoft.Identity.Abstractions.Tests/AquireTokenOptionsTests.cs
+++ b/test/Microsoft.Identity.Abstractions.Tests/AquireTokenOptionsTests.cs
@@ -17,9 +17,7 @@ public void ManagedIdentitySystemAssigned()
             // <managedidentity_json>
             {
                 "AquireTokenOptions": {
-                    "ManagedIdentity": {
-                        "ManagedIdentityType": "SystemAssigned"
-                    }
+                    "ManagedIdentity"
                 }
             }
             // </managedidentitysystem_json>
@@ -29,14 +27,11 @@ public void ManagedIdentitySystemAssigned()
             AcquireTokenOptions acquireTokenOptions = new AcquireTokenOptions
             {
                 ManagedIdentity = new ManagedIdentityOptions()
-                {
-                    // default: ManagedIdentityType = ManagedIdentityType.SystemAssigned
-                }
             };
             // </managedidentitysystem_csharp>
 
-            Assert.Equal(ManagedIdentityType.SystemAssigned, acquireTokenOptions.ManagedIdentity.ManagedIdentityType);
-            Assert.Null(acquireTokenOptions.ManagedIdentity.ClientId);
+            Assert.NotNull(acquireTokenOptions.ManagedIdentity);
+            Assert.Null(acquireTokenOptions.ManagedIdentity.UserAssignedClientId);
         }
 
         [Fact]
@@ -50,8 +45,7 @@ public void ManagedIdentityUserAssigned()
             {
                 "AquireTokenOptions": {
                     "ManagedIdentity": {
-                        "ManagedIdentityType": "UserAssigned"
-                        "ClientId": "[ClientIdForTheManagedIdentityResource]"
+                        "UserAssignedClientId": "[ClientIdForTheManagedIdentityResource]"
                     }
                 }
             }
@@ -59,20 +53,19 @@ public void ManagedIdentityUserAssigned()
             */
 
             // <managedidentityuser_csharp>
-            ManagedIdentityOptions managedIdentityDescription = new ManagedIdentityOptions
+            ManagedIdentityOptions managedIdentityOptions = new ManagedIdentityOptions
             {
-                ManagedIdentityType = ManagedIdentityType.UserAssigned,
-                ClientId = "[ClientIdForTheManagedIdentityResource]"
+                UserAssignedClientId = "[ClientIdForTheManagedIdentityResource]"
             };
 
             AcquireTokenOptions acquireTokenOptions = new AcquireTokenOptions
             {
-                ManagedIdentity = managedIdentityDescription
+                ManagedIdentity = managedIdentityOptions
             };
             // </managedidentityuser_csharp>
 
-            Assert.Equal(ManagedIdentityType.UserAssigned, acquireTokenOptions.ManagedIdentity.ManagedIdentityType);
-            Assert.Equal(managedIdentityDescription.ClientId, acquireTokenOptions.ManagedIdentity.ClientId);
+            Assert.NotNull(acquireTokenOptions.ManagedIdentity);
+            Assert.Equal(managedIdentityOptions.UserAssignedClientId, acquireTokenOptions.ManagedIdentity.UserAssignedClientId);
         }
     }
 }
diff --git a/test/Microsoft.Identity.Abstractions.Tests/DownstreamApiTests.cs b/test/Microsoft.Identity.Abstractions.Tests/DownstreamApiTests.cs
index 218adc7..422eeb6 100644
--- a/test/Microsoft.Identity.Abstractions.Tests/DownstreamApiTests.cs
+++ b/test/Microsoft.Identity.Abstractions.Tests/DownstreamApiTests.cs
@@ -76,8 +76,7 @@ public void CloneClonesAllProperties()
             Assert.Equal(downstreamApiOptions.AcquireTokenOptions.ExtraQueryParameters, downstreamApiClone.AcquireTokenOptions.ExtraQueryParameters);
             Assert.Equal(downstreamApiOptions.AcquireTokenOptions.ForceRefresh, downstreamApiClone.AcquireTokenOptions.ForceRefresh);
             Assert.Equal(downstreamApiOptions.AcquireTokenOptions.LongRunningWebApiSessionKey, downstreamApiClone.AcquireTokenOptions.LongRunningWebApiSessionKey);
-            Assert.Equal(downstreamApiOptions.AcquireTokenOptions.ManagedIdentity.ManagedIdentityType, downstreamApiClone.AcquireTokenOptions.ManagedIdentity?.ManagedIdentityType);
-            Assert.Equal(downstreamApiOptions.AcquireTokenOptions.ManagedIdentity.ClientId, downstreamApiClone.AcquireTokenOptions.ManagedIdentity?.ClientId);
+            Assert.Equal(downstreamApiOptions.AcquireTokenOptions.ManagedIdentity.UserAssignedClientId, downstreamApiClone.AcquireTokenOptions.ManagedIdentity?.UserAssignedClientId);
             Assert.Equal(downstreamApiOptions.AcquireTokenOptions.PopPublicKey, downstreamApiClone.AcquireTokenOptions.PopPublicKey);
             Assert.Equal(downstreamApiOptions.AcquireTokenOptions.PopClaim, downstreamApiClone.AcquireTokenOptions.PopClaim);
             Assert.Equal(downstreamApiOptions.AcquireTokenOptions.Tenant, downstreamApiClone.AcquireTokenOptions.Tenant);
diff --git a/test/Microsoft.Identity.Abstractions.Tests/ManagedIdentityDescriptionTests.cs b/test/Microsoft.Identity.Abstractions.Tests/ManagedIdentityDescriptionTests.cs
deleted file mode 100644
index 0b9ed05..0000000
--- a/test/Microsoft.Identity.Abstractions.Tests/ManagedIdentityDescriptionTests.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-using Xunit;
-
-namespace Microsoft.Identity.Abstractions.Tests
-{
-    public class ManagedIdentityDescriptionTests
-    {
-        /// <summary>
-        /// If no field is set for <see cref="ManagedIdentityOptions"/> the <see cref="ManagedIdentityOptions.ManagedIdentityType"/>
-        /// field needs to default to <see cref="ManagedIdentitySource.SystemAssigned"/> as other Microsoft.Identity libraries
-        /// will depend on this.
-        /// </summary>
-        [Fact]
-        public void ManagedIdentity_NoDescriptionFieldsSet()
-        {
-            // Arrange
-            ManagedIdentityOptions description = new();
-
-            // Assert
-            Assert.Equal(ManagedIdentityType.SystemAssigned, description.ManagedIdentityType);
-            Assert.Null(description.ClientId);
-        }
-    }
-}