Skip to content

Add test coverage for past expires_on in Managed Identity#940

Merged
gladjohn merged 3 commits into
devfrom
gladjohn/mi-past-expires-on-test
Jul 10, 2026
Merged

Add test coverage for past expires_on in Managed Identity#940
gladjohn merged 3 commits into
devfrom
gladjohn/mi-past-expires-on-test

Conversation

@gladjohn

Copy link
Copy Markdown
Contributor

Adds a regression test in tests/test_mi.py for a previously-uncovered Managed Identity edge case: when the MI endpoint returns a past expires_on timestamp.

Existing MI tests only use current/future expires_on values. This test verifies that a past timestamp is treated as already-expired:

  • expires_in derived from a past expires_on is non-positive (not an inflated lifetime).
  • A subsequent acquire_token_for_client re-hits the endpoint, so the stale token is not served from cache.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@gladjohn gladjohn requested a review from a team as a code owner July 10, 2026 16:16
Copilot AI review requested due to automatic review settings July 10, 2026 16:16

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a regression test to ensure Managed Identity token acquisition correctly handles an MI endpoint response containing a past expires_on timestamp, preventing an accidentally long-lived token lifetime and ensuring a subsequent request re-hits the MI endpoint rather than returning a stale cached token.

Changes:

  • Add a new App Service MI test covering past expires_on handling.
  • Assert expires_in derived from expires_on is non-positive for past timestamps.
  • Assert a second acquisition re-calls the MI endpoint (no cache hit for an already-expired token).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/test_mi.py Outdated
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

Comment thread tests/test_mi.py Outdated
Follow-up to review feedback: the second comment overstated that the token is not cached; the test proves it is not served (endpoint is re-hit), not that no entry is written.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@gladjohn gladjohn merged commit b37d7dc into dev Jul 10, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants