[Communication] - Phone Number Management - Added AAD Auth Support (Azure#18476)

* Using DefaultAzureCredential for managed identity

* Removed AzureKeyCredential

* Added tests

* Using DefaultAzureCredential for managed identity

* Added FakeCredential for playback tests

* Addressed comments

* Initial implementation

* Removed unused import

* changed core version

* Used connection string object

* Updated readme and changelog

* Fixed exceptions

Author: jbeauregardb

sdk/communication/azure-communication-administration/CHANGELOG.md

@@ -1,7 +1,7 @@
 # Release History
 
 ## 1.0.0-beta.4 (Unreleased)
-
+- Added support for Azure Active Directory Authentication for both clients.
 
 ## 1.0.0-beta.3 (2020-11-16)
 ### Added

sdk/communication/azure-communication-administration/README.md

@@ -31,9 +31,8 @@ Acquired phone numbers can come with many capabilities, depending on the country
 There are two forms of authentication to use the Administration SDK:
 
 ### Azure Active Directory Token Authentication
-Currently, Azure Active Directory (AAD) authentication is only possible for CommunicationIdentityClient.
-The `DefaultAzureCredential` object must be passed to the `CommunicationIdentityClientBuilder` via
-the credential() funtion. Endpoint and httpClient must also be set
+A `DefaultAzureCredential` object must be passed to the `CommunicationIdentityClientBuilder` or
+`PhoneNumberClientBuilder` via the credential() funtion. Endpoint and httpClient must also be set
 via the endpoint() and httpClient() functions respectively.
 
 `AZURE_CLIENT_SECRET`, `AZURE_CLIENT_ID` and `AZURE_TENANT_ID` environment variables 
@@ -90,7 +89,22 @@ CommunicationIdentityClient communicationIdentityClient = new CommunicationIdent
     .buildClient();
 ```
 ### Initializing Phone Number Client
+As it was mentioned before, the PhoneNumberClientBuilder is also enabled to use Azure Active Directory Authentication
+<!-- embedme ./src/samples/java/com/azure/communication/administration/ReadmeSamples.java#L398-L407 -->
+```java
+String endpoint = "https://<RESOURCE_NAME>.communication.azure.com";
+
+// Create an HttpClient builder of your choice and customize it
+HttpClient httpClient = new NettyAsyncHttpClientBuilder().build();
+
+PhoneNumberClient phoneNumberClient = new PhoneNumberClientBuilder()
+    .endpoint(endpoint)
+    .credential(new DefaultAzureCredentialBuilder().build())
+    .httpClient(httpClient)
+    .buildClient();
+```
 
+Using the endpoint and access key from the communication resource to authenticate is also posible.
 <!-- embedme ./src/samples/java/com/azure/communication/administration/ReadmeSamples.java#L128-L139 -->
 ```java
 // You can find your endpoint and access token from your resource in the Azure Portal

sdk/communication/azure-communication-administration/src/main/java/com/azure/communication/administration/PhoneNumberClientBuilder.java

@@ -8,9 +8,11 @@
 import com.azure.communication.common.ConnectionString;
 import com.azure.communication.common.HmacAuthenticationPolicy;
 import com.azure.core.annotation.ServiceClientBuilder;
+import com.azure.core.credential.TokenCredential;
 import com.azure.core.http.HttpClient;
 import com.azure.core.http.HttpPipeline;
 import com.azure.core.http.HttpPipelineBuilder;
+import com.azure.core.http.policy.BearerTokenAuthenticationPolicy;
 import com.azure.core.http.policy.CookiePolicy;
 import com.azure.core.http.policy.HttpLogDetailLevel;
 import com.azure.core.http.policy.HttpLogOptions;
@@ -44,7 +46,8 @@ public final class PhoneNumberClientBuilder {
     private HttpPipeline pipeline;
     private HttpClient httpClient;
     private HttpLogOptions httpLogOptions;
-    private CommunicationClientCredential credential;
+    private CommunicationClientCredential accessKeyCredential;
+    private TokenCredential tokenCredential;
     private Configuration configuration;
     private final List<HttpPipelinePolicy> additionalPolicies = new ArrayList<>();
 
@@ -108,10 +111,23 @@ public PhoneNumberClientBuilder httpLogOptions(HttpLogOptions httpLogOptions) {
      */
     public PhoneNumberClientBuilder accessKey(String accessKey) {
         Objects.requireNonNull(accessKey, "'accessKey' cannot be null.");
-        this.credential = new CommunicationClientCredential(accessKey);
+        this.accessKeyCredential = new CommunicationClientCredential(accessKey);
         return this;
     }
 
+    /**
+     * Sets the {@link TokenCredential} used to authenticate HTTP requests.
+     *
+     * @param tokenCredential {@link TokenCredential} used to authenticate HTTP requests.
+     * @return The updated {@link CommunicationIdentityClientBuilder} object.
+     * @throws NullPointerException If {@code tokenCredential} is null.
+     */
+    public PhoneNumberClientBuilder credential(TokenCredential tokenCredential) {
+        this.tokenCredential = Objects.requireNonNull(tokenCredential, "'tokenCredential' cannot be null.");
+        return this;
+    }
+
+
     /**
      * Set the endpoint and CommunicationClientCredential for authorization
      *
@@ -200,8 +216,20 @@ PhoneNumberAsyncClient createPhoneNumberAsyncClient(PhoneNumberAdminClientImpl p
         return new PhoneNumberAsyncClient(phoneNumberAdminClient);
     }
 
-    HmacAuthenticationPolicy createAuthenticationPolicy(CommunicationClientCredential communicationClientCredential) {
-        return new HmacAuthenticationPolicy(communicationClientCredential);
+    HttpPipelinePolicy createAuthenticationPolicy() {
+        if (this.tokenCredential != null && this.accessKeyCredential != null) {
+            throw logger.logExceptionAsError(
+                new IllegalArgumentException("Both 'credential' and 'accessKey' are set. Just one may be used."));
+        }
+        if (this.tokenCredential != null) { 
+            return new BearerTokenAuthenticationPolicy(
+                this.tokenCredential, "https://communication.azure.com//.default");          
+        } else if (this.accessKeyCredential != null) {
+            return new HmacAuthenticationPolicy(this.accessKeyCredential);            
+        } else {
+            throw logger.logExceptionAsError(
+                new NullPointerException("Missing credential information while building a client."));
+        }
     }
 
     UserAgentPolicy createUserAgentPolicy(
@@ -229,7 +257,6 @@ private void validateRequiredFields() {
         Objects.requireNonNull(this.endpoint);
 
         if (this.pipeline == null) {
-            Objects.requireNonNull(this.credential);
             Objects.requireNonNull(this.httpClient);
         }
     }
@@ -250,7 +277,7 @@ private HttpPipeline createHttpPipeline() {
         List<HttpPipelinePolicy> policyList = new ArrayList<>();
 
         // Add required policies
-        policyList.add(this.createAuthenticationPolicy(this.credential));
+        policyList.add(this.createAuthenticationPolicy());
         policyList.add(this.createUserAgentPolicy(
             this.getHttpLogOptions().getApplicationId(),
             PROPERTIES.get(SDK_NAME),

sdk/communication/azure-communication-administration/src/samples/java/com/azure/communication/administration/ReadmeSamples.java

@@ -387,4 +387,25 @@ public CommunicationIdentityClient createCommunicationIdentityClientWithAAD() {
 
         return communicationIdentityClient;
     }
+
+    /**
+     * Sample code for creating a sync Phone Number Client using AAD authentication.
+     *
+     * @return the Phone Number Client.
+     */
+    public PhoneNumberClient createPhoneNumberClientWithAAD() {
+        // You can find your endpoint and access key from your resource in the Azure Portal
+        String endpoint = "https://<RESOURCE_NAME>.communication.azure.com";
+
+        // Create an HttpClient builder of your choice and customize it
+        HttpClient httpClient = new NettyAsyncHttpClientBuilder().build();
+
+        PhoneNumberClient phoneNumberClient = new PhoneNumberClientBuilder()
+            .endpoint(endpoint)
+            .credential(new DefaultAzureCredentialBuilder().build())
+            .httpClient(httpClient)
+            .buildClient();
+
+        return phoneNumberClient;
+    }
 }

sdk/communication/azure-communication-administration/src/test/java/com/azure/communication/administration/PhoneNumberAsyncClientIntegrationTest.java

@@ -69,6 +69,21 @@ public void createAsyncPhoneNumberClientWithConnectionString(HttpClient httpClie
             .verifyComplete();
     }
 
+    @ParameterizedTest
+    @MethodSource("com.azure.core.test.TestBase#getHttpClients")
+    public void createAsyncPhoneNumberClientWithManagedIdentity(HttpClient httpClient) {
+        PhoneNumberAsyncClient phoneNumberAsyncClient = getClientBuilderUsingManagedIdentity(httpClient).buildAsyncClient();
+        assertNotNull(phoneNumberAsyncClient);
+
+        // Smoke test using phoneNumberAsyncClient to list all phone numbers
+        PagedFlux<AcquiredPhoneNumber> pagedFlux = phoneNumberAsyncClient.listAllPhoneNumbers(LOCALE);
+        StepVerifier.create(pagedFlux.next())
+            .assertNext(item -> {
+                assertNotNull(item.getPhoneNumber());
+            })
+            .verifyComplete();
+    }
+
     @ParameterizedTest
     @MethodSource("com.azure.core.test.TestBase#getHttpClients")
     public void listAllPhoneNumbers(HttpClient httpClient) {

sdk/communication/azure-communication-administration/src/test/java/com/azure/communication/administration/PhoneNumberClientBuilderTest.java

@@ -3,7 +3,6 @@
 package com.azure.communication.administration;
 
 import com.azure.communication.administration.implementation.PhoneNumberAdminClientImpl;
-import com.azure.communication.common.CommunicationClientCredential;
 import com.azure.communication.common.HmacAuthenticationPolicy;
 import com.azure.core.http.HttpClient;
 import com.azure.core.http.HttpPipeline;
@@ -411,8 +410,6 @@ private class ClientBuilderSpyHelper {
         final AtomicReference<HttpLogOptions> defaultHttpLogOptionsRef = new AtomicReference<>();
         final ArgumentCaptor<PhoneNumberAdminClientImpl> phoneNumberAdminClientArg =
             ArgumentCaptor.forClass(PhoneNumberAdminClientImpl.class);
-        final ArgumentCaptor<CommunicationClientCredential> credentialArg =
-            ArgumentCaptor.forClass(CommunicationClientCredential.class);
         final ArgumentCaptor<String> uaPolicyAppIdArg = ArgumentCaptor.forClass(String.class);
         final ArgumentCaptor<String> uaPolicySdkNameArg = ArgumentCaptor.forClass(String.class);
         final ArgumentCaptor<String> uaPolicySdkVersionArg = ArgumentCaptor.forClass(String.class);
@@ -429,7 +426,7 @@ private void initializeSpies() {
                 this.authenticationPolicyRef.set((HmacAuthenticationPolicy) invocation.callRealMethod());
                 return this.authenticationPolicyRef.get();
             };
-            doAnswer(createCommunicationClientCredentialPolicy).when(this.clientBuilder).createAuthenticationPolicy(any());
+            doAnswer(createCommunicationClientCredentialPolicy).when(this.clientBuilder).createAuthenticationPolicy();
 
             Answer<UserAgentPolicy> createUserAgentPolicy = (invocation) -> {
                 this.userAgentPolicyRef.set(mock(UserAgentPolicy.class));
@@ -469,7 +466,7 @@ void capturePhoneNumberAdminClientImpl() {
 
         void captureHttpPipelineSettings() {
             verify(this.clientBuilder, times(1))
-                .createAuthenticationPolicy(this.credentialArg.capture());
+                .createAuthenticationPolicy();
             verify(this.clientBuilder, times(1))
                 .createUserAgentPolicy(
                     this.uaPolicyAppIdArg.capture(),

sdk/communication/azure-communication-administration/src/test/java/com/azure/communication/administration/PhoneNumberIntegrationTestBase.java

@@ -2,18 +2,26 @@
 // Licensed under the MIT License.
 package com.azure.communication.administration;
 
+import java.time.OffsetDateTime;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.StringJoiner;
 import java.util.function.Function;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import com.azure.communication.common.ConnectionString;
+import com.azure.core.credential.AccessToken;
+import com.azure.core.credential.TokenCredential;
+import com.azure.core.credential.TokenRequestContext;
 import com.azure.core.http.HttpClient;
 import com.azure.core.test.TestBase;
 import com.azure.core.test.TestMode;
 import com.azure.core.util.Configuration;
 import com.azure.core.util.CoreUtils;
+import com.azure.identity.DefaultAzureCredentialBuilder;
+
+import reactor.core.publisher.Mono;
 
 public class PhoneNumberIntegrationTestBase extends TestBase {
     private static final String ENV_ACCESS_KEY =
@@ -89,6 +97,25 @@ protected PhoneNumberClientBuilder getClientBuilderWithConnectionString(HttpClie
         return builder;
     }
 
+    protected PhoneNumberClientBuilder getClientBuilderUsingManagedIdentity(HttpClient httpClient) {
+        PhoneNumberClientBuilder builder = new PhoneNumberClientBuilder();
+        builder
+            .endpoint(new ConnectionString(CONNECTION_STRING).getEndpoint())
+            .httpClient(httpClient == null ? interceptorManager.getPlaybackClient() : httpClient);
+        
+        if (getTestMode() == TestMode.PLAYBACK) {
+            builder.credential(new FakeCredentials());
+        } else {
+            builder.credential(new DefaultAzureCredentialBuilder().build());
+        }
+
+        if (getTestMode() == TestMode.RECORD) {
+            builder.addPolicy(interceptorManager.getRecordPolicy());
+        }
+
+        return builder;
+    }
+
     private String redact(String content, Matcher matcher, String replacement) {
         while (matcher.find()) {
             String captureGroup = matcher.group(1);
@@ -103,4 +130,10 @@ private String redact(String content, Matcher matcher, String replacement) {
     protected PhoneNumberClientBuilder addLoggingPolicy(PhoneNumberClientBuilder builder, String testName) {
         return builder.addPolicy(new CommunicationLoggerPolicy(testName));
     }
+    static class FakeCredentials implements TokenCredential {
+        @Override
+        public Mono<AccessToken> getToken(TokenRequestContext tokenRequestContext) {
+            return Mono.just(new AccessToken("someFakeToken", OffsetDateTime.MAX));
+        }
+    }
 }