1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
|
# ------------------------------------
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# ------------------------------------
from datetime import datetime
import json
import re
from azure.identity import AzureDeveloperCliCredential, CredentialUnavailableError
from azure.identity._constants import EnvironmentVariables
from azure.identity._credentials.azd_cli import CLI_NOT_FOUND, NOT_LOGGED_IN, COMMAND_LINE, extract_cli_error_message
from azure.core.exceptions import ClientAuthenticationError
import subprocess
import pytest
from helpers import mock, INVALID_CHARACTERS, GET_TOKEN_METHODS
CHECK_OUTPUT = AzureDeveloperCliCredential.__module__ + ".subprocess.check_output"
TEST_ERROR_OUTPUTS = (
'{"token": "secret value',
'{"token": "secret value"',
'{"token": "secret value and some other nonsense"',
'{"token": "secret value", some invalid json, "token": "secret value"}',
'{"token": "secret value"}',
'{"token": "secret value", "subscription": "some-guid", "tenant": "some-guid", "tokenType": "Bearer"}',
"no secrets or json here",
"{}",
)
def raise_called_process_error(return_code, output="", cmd="...", stderr=""):
error = subprocess.CalledProcessError(return_code, cmd=cmd, output=output, stderr=stderr)
return mock.Mock(side_effect=error)
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_no_scopes(get_token_method):
"""The credential should raise ValueError when get_token is called with no scopes"""
with pytest.raises(ValueError):
getattr(AzureDeveloperCliCredential(), get_token_method)()
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_invalid_tenant_id(get_token_method):
"""Invalid tenant IDs should raise ValueErrors."""
for c in INVALID_CHARACTERS:
with pytest.raises(ValueError):
AzureDeveloperCliCredential(tenant_id="tenant" + c)
with pytest.raises(ValueError):
kwargs = {"tenant_id": "tenant" + c}
if get_token_method == "get_token_info":
kwargs = {"options": kwargs}
getattr(AzureDeveloperCliCredential(), get_token_method)("scope", **kwargs)
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_invalid_scopes(get_token_method):
"""Scopes with invalid characters should raise ValueErrors."""
for c in INVALID_CHARACTERS:
with pytest.raises(ValueError):
getattr(AzureDeveloperCliCredential(), get_token_method)("scope" + c)
with pytest.raises(ValueError):
getattr(AzureDeveloperCliCredential(), get_token_method)("scope", "scope2", "scope" + c)
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_get_token(get_token_method):
"""The credential should parse the CLI's output to an token"""
access_token = "access token"
expected_expires_on = 1602015811
successful_output = json.dumps(
{
"expiresOn": datetime.fromtimestamp(expected_expires_on).strftime("%Y-%m-%dT%H:%M:%SZ"),
"token": access_token,
"subscription": "some-guid",
"tenant": "some-guid",
"tokenType": "Bearer",
}
)
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, mock.Mock(return_value=successful_output)):
token = getattr(AzureDeveloperCliCredential(), get_token_method)("scope")
assert token.token == access_token
assert type(token.expires_on) == int
assert token.expires_on == expected_expires_on
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_command_list(get_token_method):
"""The credential should formulate the command arg list correctly"""
access_token = "access token"
expected_expires_on = 1602015811
successful_output = json.dumps(
{
"expiresOn": datetime.fromtimestamp(expected_expires_on).strftime("%Y-%m-%dT%H:%M:%SZ"),
"token": access_token,
"subscription": "some-guid",
"tenant": "some-guid",
"tokenType": "Bearer",
}
)
def fake_check_output(command_line, **_):
assert command_line == ["azd"] + COMMAND_LINE + ["--scope", "scope"]
return successful_output
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, fake_check_output):
token = getattr(AzureDeveloperCliCredential(), get_token_method)("scope")
assert token.token == access_token
assert token.expires_on == expected_expires_on
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_cli_not_installed(get_token_method):
"""The credential should raise CredentialUnavailableError when the CLI isn't installed"""
with mock.patch("shutil.which", return_value=None):
with pytest.raises(CredentialUnavailableError, match=CLI_NOT_FOUND):
getattr(AzureDeveloperCliCredential(), get_token_method)("scope")
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_cannot_execute_shell(get_token_method):
"""The credential should raise CredentialUnavailableError when the subprocess doesn't start"""
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, mock.Mock(side_effect=OSError())):
with pytest.raises(CredentialUnavailableError):
getattr(AzureDeveloperCliCredential(), get_token_method)("scope")
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_not_logged_in(get_token_method):
"""When the CLI isn't logged in, the credential should raise CredentialUnavailableError"""
stderr = "ERROR: not logged in, run `azd auth login` to login"
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, raise_called_process_error(1, stderr=stderr)):
with pytest.raises(CredentialUnavailableError, match=NOT_LOGGED_IN):
getattr(AzureDeveloperCliCredential(), get_token_method)("scope")
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_aadsts_error(get_token_method):
"""When there is an AADSTS error, the credential should raise an error containing the CLI's output even if the
error also contains the 'not logged in' string."""
stderr = "ERROR: AADSTS70043: The refresh token has expired, not logged in, run `azd auth login` to login"
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, raise_called_process_error(1, stderr=stderr)):
with pytest.raises(ClientAuthenticationError, match=stderr):
getattr(AzureDeveloperCliCredential(), get_token_method)("scope")
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_unexpected_error(get_token_method):
"""When the CLI returns an unexpected error, the credential should raise an error containing the CLI's output"""
stderr = "something went wrong"
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, raise_called_process_error(42, stderr=stderr)):
with pytest.raises(ClientAuthenticationError, match=stderr):
getattr(AzureDeveloperCliCredential(), get_token_method)("scope")
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_unexpected_error_no_stderr(get_token_method):
"""When the CLI returns an unexpected error with no stderr captured, the credential should raise an error with a str output"""
stderr = ""
default_message = "Failed to invoke Azure Developer CLI"
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, raise_called_process_error(42, stderr=stderr)):
with pytest.raises(ClientAuthenticationError, match=default_message):
getattr(AzureDeveloperCliCredential(), get_token_method)("scope")
@pytest.mark.parametrize("output", TEST_ERROR_OUTPUTS)
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_parsing_error_does_not_expose_token(output, get_token_method):
"""Errors during CLI output parsing shouldn't expose access tokens in that output"""
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, mock.Mock(return_value=output)):
with pytest.raises(ClientAuthenticationError) as ex:
getattr(AzureDeveloperCliCredential(), get_token_method)("scope")
assert "secret value" not in str(ex.value)
assert "secret value" not in repr(ex.value)
@pytest.mark.parametrize("output", TEST_ERROR_OUTPUTS)
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_subprocess_error_does_not_expose_token(output, get_token_method):
"""Errors from the subprocess shouldn't expose access tokens in CLI output"""
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, raise_called_process_error(1, output=output)):
with pytest.raises(ClientAuthenticationError) as ex:
getattr(AzureDeveloperCliCredential(), get_token_method)("scope")
assert "secret value" not in str(ex.value)
assert "secret value" not in repr(ex.value)
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_timeout(get_token_method):
"""The credential should raise CredentialUnavailableError when the subprocess times out"""
from subprocess import TimeoutExpired
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, mock.Mock(side_effect=TimeoutExpired("", 42))) as check_output_mock:
with pytest.raises(CredentialUnavailableError):
getattr(AzureDeveloperCliCredential(process_timeout=42), get_token_method)("scope")
# Ensure custom timeout is passed to subprocess
_, kwargs = check_output_mock.call_args
assert "timeout" in kwargs
assert kwargs["timeout"] == 42
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_multitenant_authentication_class(get_token_method):
default_tenant = "first-tenant"
first_token = "***"
second_tenant = "second-tenant"
second_token = first_token * 2
def fake_check_output(command_line, **_):
tenant_id_index = command_line.index("--tenant-id") if "--tenant-id" in command_line else None
tenant = command_line[tenant_id_index + 1] if tenant_id_index is not None else default_tenant
assert tenant in (default_tenant, second_tenant), 'unexpected tenant "{}"'.format(tenant)
return json.dumps(
{
"expiresOn": datetime.now().strftime("%Y-%m-%dT%H:%M:%SZ"),
"token": first_token if tenant == default_tenant else second_token,
"subscription": "some-guid",
"tenant": tenant,
"tokenType": "Bearer",
}
)
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, fake_check_output):
token = getattr(AzureDeveloperCliCredential(), get_token_method)("scope")
assert token.token == first_token
token = getattr(AzureDeveloperCliCredential(tenant_id=default_tenant), get_token_method)("scope")
assert token.token == first_token
token = getattr(AzureDeveloperCliCredential(tenant_id=second_tenant), get_token_method)("scope")
assert token.token == second_token
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_multitenant_authentication(get_token_method):
default_tenant = "first-tenant"
first_token = "***"
second_tenant = "second-tenant"
second_token = first_token * 2
def fake_check_output(command_line, **_):
tenant_id_index = command_line.index("--tenant-id") if "--tenant-id" in command_line else None
tenant = command_line[tenant_id_index + 1] if tenant_id_index is not None else default_tenant
assert tenant in (default_tenant, second_tenant), 'unexpected tenant "{}"'.format(tenant)
return json.dumps(
{
"expiresOn": datetime.now().strftime("%Y-%m-%dT%H:%M:%SZ"),
"token": first_token if tenant == default_tenant else second_token,
"subscription": "some-guid",
"tenant": tenant,
"tokenType": "Bearer",
}
)
credential = AzureDeveloperCliCredential()
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, fake_check_output):
token = getattr(credential, get_token_method)("scope")
assert token.token == first_token
kwargs = {"tenant_id": default_tenant}
if get_token_method == "get_token_info":
kwargs = {"options": kwargs}
token = getattr(credential, get_token_method)("scope", **kwargs)
assert token.token == first_token
kwargs = {"tenant_id": second_tenant}
if get_token_method == "get_token_info":
kwargs = {"options": kwargs}
token = getattr(credential, get_token_method)("scope", **kwargs)
assert token.token == second_token
# should still default to the first tenant
token = getattr(credential, get_token_method)("scope")
assert token.token == first_token
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_multitenant_authentication_not_allowed(get_token_method):
expected_tenant = "expected-tenant"
expected_token = "***"
def fake_check_output(command_line, **_):
match = re.search("--tenant-id (.*)", command_line[-1])
assert match is None or match[1] == expected_tenant
return json.dumps(
{
"expiresOn": datetime.now().strftime("%Y-%m-%dT%H:%M:%SZ"),
"token": expected_token,
"subscription": "some-guid",
"tenant": expected_token,
"tokenType": "Bearer",
}
)
credential = AzureDeveloperCliCredential()
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, fake_check_output):
token = getattr(credential, get_token_method)("scope")
assert token.token == expected_token
with mock.patch.dict("os.environ", {EnvironmentVariables.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH: "true"}):
kwargs = {"tenant_id": "un" + expected_tenant}
if get_token_method == "get_token_info":
kwargs = {"options": kwargs}
token = getattr(credential, get_token_method)("scope", **kwargs)
assert token.token == expected_token
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_claims_challenge_raises_error(get_token_method):
"""The credential should raise CredentialUnavailableError when claims challenge is provided"""
claims = "test-claims-challenge"
credential = AzureDeveloperCliCredential()
expected_message = "Suggestion: re-authentication required, run `azd auth login` to acquire a new token."
error_output = """\
{"data":{"message":"\\nERROR: fetching token: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access 'tenant-id'. Trace ID: trace-id Correlation ID: correlation-id Timestamp: 2025-08-18 22:08:14Z\\n"}}
{"data":{"message":"Suggestion: re-authentication required, run `azd auth login` to acquire a new token.\\n"}}"""
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, raise_called_process_error(1, stderr=error_output)):
with pytest.raises(ClientAuthenticationError) as exc:
kwargs = {"claims": claims}
if get_token_method == "get_token_info":
kwargs = {"options": kwargs}
getattr(credential, get_token_method)("scope", **kwargs)
assert exc.value.message == expected_message
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_empty_claims_does_not_raise_error(get_token_method):
"""The credential should not raise error when claims parameter is empty or None"""
access_token = "access token"
expected_expires_on = 1602015811
successful_output = json.dumps(
{
"expiresOn": datetime.fromtimestamp(expected_expires_on).strftime("%Y-%m-%dT%H:%M:%SZ"),
"token": access_token,
"subscription": "some-guid",
"tenant": "some-guid",
"tokenType": "Bearer",
}
)
# Mock the CLI to avoid actual invocation
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, mock.Mock(return_value=successful_output)):
credential = AzureDeveloperCliCredential()
# Test with None (default)
token = getattr(credential, get_token_method)("scope")
assert token.token == access_token
# Test with empty string claims
kwargs = {"claims": ""}
if get_token_method == "get_token_info":
kwargs = {"options": kwargs}
token = getattr(credential, get_token_method)("scope", **kwargs)
assert token.token == access_token
# Test with None claims explicitly
kwargs = {"claims": None}
if get_token_method == "get_token_info":
kwargs = {"options": kwargs}
token = getattr(credential, get_token_method)("scope", **kwargs)
assert token.token == access_token
@pytest.mark.parametrize("get_token_method", GET_TOKEN_METHODS)
def test_claims_command_line_argument(get_token_method):
"""The credential should pass claims as --claims argument to azd command"""
claims = "test-claims-challenge"
access_token = "access token"
expected_expires_on = 1602015811
def fake_check_output(command_line, **kwargs):
# Verify that claims are passed as --claims argument
assert "--claims" in command_line
claims_index = command_line.index("--claims")
assert command_line[claims_index + 1] == claims
return json.dumps(
{
"expiresOn": datetime.fromtimestamp(expected_expires_on).strftime("%Y-%m-%dT%H:%M:%SZ"),
"token": access_token,
"subscription": "some-guid",
"tenant": "some-guid",
"tokenType": "Bearer",
}
)
credential = AzureDeveloperCliCredential()
with mock.patch("shutil.which", return_value="azd"):
with mock.patch(CHECK_OUTPUT, fake_check_output):
kwargs = {"claims": claims}
if get_token_method == "get_token_info":
kwargs = {"options": kwargs}
token = getattr(credential, get_token_method)("scope", **kwargs)
assert token.token == access_token
class TestExtractCliErrorMessage:
"""Tests for the error message extraction function."""
def test_extract_suggestion_message_preferred(self):
"""Should prefer messages containing 'Suggestion' (case-insensitive)"""
output = """\
{"type":"consoleMessage","timestamp":"2025-08-18T15:08:14.4849845-07:00","data":{"message":"\\nERROR: fetching token: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access 'tenant-id'. Trace ID: trace-id Correlation ID: correlation-id Timestamp: 2025-08-18 22:08:14Z\\n"}}
{"type":"consoleMessage","timestamp":"2025-08-18T15:08:14.4849845-07:00","data":{"message":"Suggestion: re-authentication required, run `azd auth login` to acquire a new token.\\n"}}"""
result = extract_cli_error_message(output)
assert result == "Suggestion: re-authentication required, run `azd auth login` to acquire a new token."
def test_extract_suggestion_case_insensitive(self):
"""Should find 'suggestion' in any case"""
output = """\
{"type":"consoleMessage","data":{"message":"First message"}}
{"type":"consoleMessage","data":{"message":"SUGGESTION: Try running azd auth login"}}"""
result = extract_cli_error_message(output)
assert result == "SUGGESTION: Try running azd auth login"
def test_extract_last_message_when_no_suggestion(self):
"""Should return last message when multiple messages but no suggestion"""
output = """\
{"type":"consoleMessage","data":{"message":"First error message"}}
{"type":"consoleMessage","data":{"message":"Second error message"}}
{"type":"consoleMessage","data":{"message":"Third error message"}}"""
result = extract_cli_error_message(output)
assert result == "Third error message"
def test_extract_first_message_when_only_one(self):
"""Should return first message when only one exists"""
output = '{"type":"consoleMessage","data":{"message":"Only error message"}}'
result = extract_cli_error_message(output)
assert result == "Only error message"
def test_extract_message_from_nested_data(self):
"""Should extract message from nested data structure"""
output = '{"type":"consoleMessage","data":{"message":"Error in nested data"}}'
result = extract_cli_error_message(output)
assert result == "Error in nested data"
def test_extract_message_from_root_level(self):
"""Should extract message from root level of JSON"""
output = '{"message":"Root level error message"}'
result = extract_cli_error_message(output)
assert result == "Root level error message"
def test_extract_mixed_message_locations(self):
"""Should handle messages at different JSON levels"""
output = """\
{"message":"Root level message"}
{"data":{"message":"Nested message"}}
{"data":{"message":"suggestion: Use this suggestion"}}"""
result = extract_cli_error_message(output)
assert result == "suggestion: Use this suggestion"
def test_ignore_empty_messages(self):
"""Should ignore empty or whitespace-only messages"""
output = """\
{"data":{"message":" "}}
{"data":{"message":""}}
{"data":{"message":"Valid message"}}"""
result = extract_cli_error_message(output)
assert result == "Valid message"
def test_ignore_non_json_lines(self):
"""Should ignore lines that are not valid JSON"""
output = """\
This is not JSON
{"data":{"message":"Valid JSON message"}}
Another non-JSON line
{"data":{"message":"Suggestion: Another valid message"}}"""
result = extract_cli_error_message(output)
assert result == "Suggestion: Another valid message"
def test_ignore_non_string_messages(self):
"""Should ignore messages that are not strings"""
output = """\
{"data":{"message":123}}
{"data":{"message":{"nested":"object"}}}
{"data":{"message":"Valid string message"}}"""
result = extract_cli_error_message(output)
assert result == "Valid string message"
def test_ignore_empty_lines(self):
"""Should ignore empty lines and whitespace-only lines"""
output = """\
{"data":{"message":"First message"}}
{"data":{"message":"Second message"}}
"""
result = extract_cli_error_message(output)
assert result == "Second message"
def test_sanitize_token_in_output(self):
"""Should sanitize tokens in the extracted message"""
output = '{"data":{"message":"Error with \\"token\\": \\"abc123token\\" in message"}}'
result = extract_cli_error_message(output)
assert result is not None
assert "abc123token" not in result
assert "****" in result
def test_return_none_for_no_valid_messages(self):
"""Should return None when no valid messages found"""
output = """\
{"data":{"notamessage":"Not a message"}}
{"nomessage":"Also not a message"}
This is not JSON"""
result = extract_cli_error_message(output)
assert result is None
def test_return_none_for_empty_output(self):
"""Should return None for empty output"""
result = extract_cli_error_message("")
assert result is None
def test_return_none_for_whitespace_only_output(self):
"""Should return None for whitespace-only output"""
result = extract_cli_error_message(" \n\n \t ")
assert result is None
def test_complex_real_world_example(self):
"""Should handle complex real-world azd output"""
output = """\
{"type":"consoleMessage","timestamp":"2025-08-18T15:08:14.4849845-07:00","data":{"message":"\\nERROR: fetching token: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access 'tenant-id'. Trace ID: trace-id Correlation ID: correlation-id Timestamp: 2025-08-18 22:08:14Z\\n"}}
{"type":"consoleMessage","timestamp":"2025-08-18T15:08:14.4849845-07:00","data":{"message":"Suggestion: re-authentication required, run `azd auth login` to acquire a new token.\\n"}}
{"type":"progress","data":{"activity":"Cleaning up"}}"""
result = extract_cli_error_message(output)
assert result == "Suggestion: re-authentication required, run `azd auth login` to acquire a new token."
def test_strip_whitespace_from_messages(self):
"""Should strip leading and trailing whitespace from messages"""
output = '{"data":{"message":" \\n Error message with whitespace \\n "}}'
result = extract_cli_error_message(output)
assert result == "Error message with whitespace"
def test_handle_malformed_json_gracefully(self):
"""Should handle malformed JSON lines gracefully"""
output = """\
{"data":{"message":"First valid message"}
{"malformed":"json"without"closing"brace"
{"data":{"message":"suggestion: This should be found"}}"""
result = extract_cli_error_message(output)
assert result == "suggestion: This should be found"
|
