Moved attestation factory back to static method on attestation class … (#3682)

* Moved attestation factory back to static method on attestation class and return a concrete type not a pointer

* Fixed factory in readme file

samples/integration/vcpkg-all-smoke/src/main.cpp

@@ -36,8 +36,9 @@ int main()
   auto clientSecret = std::getenv("AZURE_CLIENT_SECRET");
   const std::string leaseID = "leaseID";
   const std::string smokeUrl = "https://blob.com";
-  // Creating an attestation service instance requires contacting the attestation service (to retrieve validation collateral).
-  // Use the West US Shared client (which should always be available) as an anonymous service instance.
+  // Creating an attestation service instance requires contacting the attestation service (to
+  // retrieve validation collateral). Use the West US Shared client (which should always be
+  // available) as an anonymous service instance.
   const std::string attestationUrl = "https://sharedwus.wus.attest.azure.net";
 
   auto credential
@@ -75,11 +76,10 @@ int main()
     // Attestation
     std::cout << "Creating Attestation Clients" << std::endl;
 
-    std::unique_ptr<AttestationAdministrationClient> attestationAdminClient(
-        AttestationAdministrationClientFactory::Create(attestationUrl, credential));
+    AttestationAdministrationClient attestationAdminClient(
+        AttestationAdministrationClient::Create(attestationUrl, credential));
 
-    std::unique_ptr<AttestationClient> attestationClient(
-        AttestationClientFactory::Create(attestationUrl));
+    AttestationClient attestationClient(AttestationClient::Create(attestationUrl));
 
     std::cout << "Successfully Created the Clients" << std::endl;
   }

sdk/attestation/azure-security-attestation/CHANGELOG.md

@@ -2,17 +2,12 @@
 
 ## 1.0.0-beta.3 (Unreleased)
 
-### Features Added
-
 ### Breaking Changes
 - `ValueToSend` field in `TpmAttestationOptions` becomes `Payload`.
 - `AddIsolatedModeCertificatesOptions` becomes `AddIsolatedModeCertificateOptions`
 - `RemoveIsolatedModeCertificatesOptions` becomes `RemoveIsolatedModeCertificateOptions`
 - Renamed `AttestEnclaveOptions` to `AttestSgxEnclaveOptions` and `AttestOpenEnclaveOptions`.
-- Split out `AttestationClient::Create` into its own factory class `AttestationClientFactory`.
-    - Note that the `AttestationClientFactory::Create` method returns a `std::unique_ptr` to the client object.
-- Split out `AttestationAdministrationClient::Create` into its own factory class `AttestationAdministrationClientFactory`.
-    - Note that the `AttestationAdministrationClientFactory::Create` method returns a `std::unique_ptr` to the client object.
+- `AttestationClient` and `AttestationAdministrationClient` creation is now done using the factory method `AttestationClient::Create()` and `AttestationAdministrationClient::Create()`. 
 
 ### Bugs Fixed
 

sdk/attestation/azure-security-attestation/README.md

@@ -210,22 +210,21 @@ Isolated Mode Certificate Management APIs enable clients to add, remove or enume
 
 #### Create an attestation client
 
-The `AttestationClientFactory::Create` method is used to create instances of the attestation client:
+The `AttestationClient::Create` method is used to create instances of the attestation client:
 
 ```cpp
     std::string endpoint = std::getenv("ATTESTATION_AAD_URL");
-    return Azure::Security::Attestation::AttestationClientFactory::CreatePointer(m_endpoint);
+    Azure::Security::Attestation::AttestationClient client = Azure::Security::Attestation::AttestationClient::Create(m_endpoint);
 ```
 
-If the attestation APIs require authentication, use the following (note that unlike the previous example, 
-which returns a pointer to the client, this returns the client by value):
+If the attestation APIs require authentication, use the following:
 
 ```cpp
 std::string endpoint = std::getenv("ATTESTATION_AAD_URL");
 std::shared_ptr<Azure::Core::Credentials::TokenCredential> credential
     = std::make_shared<Azure::Identity::ClientSecretCredential>(
       std::getenv("AZURE_TENANT_ID"), std::getenv("AZURE_CLIENT_ID"), std::getenv("AZURE_CLIENT_SECRET"));
-return Azure::Security::Attestation::AttestationClientFactory::Create(m_endpoint, credential);
+auto client = Azure::Security::Attestation::AttestationClient::Create(m_endpoint, credential);
 ```
 
 The same pattern is used to create an `Azure::Security::Attestation::AttestationAdministrationClient`.
@@ -240,7 +239,7 @@ attestation service, however the APIs are provided for completeness and to facil
 attestation results.
 
 ```cpp
-auto validationCertificates = attestationClient->GetTokenValidationCertificates();
+auto validationCertificates = attestationClient.GetTokenValidationCertificates();
 // Enumerate the signers.
 for (const auto& signer : validationCertificates.Value.Signers)
 {
@@ -271,7 +270,7 @@ std::string endpoint = std::getenv("ATTESTATION_AAD_URL");
 std::shared_ptr<Azure::Core::Credentials::TokenCredential> credential
       = std::make_shared<Azure::Identity::ClientSecretCredential>(
           std::getenv("AZURE_TENANT_ID"), std::getenv("AZURE_CLIENT_ID"), std::getenv("AZURE_CLIENT_SECRET"));
-AttestationAdministrationClient adminClient(AttestationAdministrationClientFactory::Create(m_endpoint, credential));
+AttestationAdministrationClient adminClient(AttestationAdministrationClient::Create(m_endpoint, credential));
 ```
 
 #### Retrieve current attestation policy for OpenEnclave

sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_administration_client.hpp

@@ -44,9 +44,23 @@ namespace Azure { namespace Security { namespace Attestation {
    *
    */
   class AttestationAdministrationClient final {
-    friend class AttestationAdministrationClientFactory;
 
   public:
+    /**
+     * @brief Construct a new Attestation Administration Client object.
+     *
+     * @param endpoint The URL address where the client will send the requests to.
+     * @param credential The authentication token to use.
+     * @param options The options to customize the client behavior.
+     * @return The newly created client.
+     */
+    static AttestationAdministrationClient Create(
+        std::string const& endpoint,
+        std::shared_ptr<Core::Credentials::TokenCredential const> credential,
+        AttestationAdministrationClientOptions const& options
+        = AttestationAdministrationClientOptions{},
+        Azure::Core::Context const& context = Azure::Core::Context{});
+
     /**
      * @brief Construct a new Attestation Administration Client object from another attestation
      * administration client.
@@ -56,7 +70,8 @@ namespace Azure { namespace Security { namespace Attestation {
     AttestationAdministrationClient(AttestationAdministrationClient const& attestationClient)
         : m_endpoint(attestationClient.m_endpoint), m_apiVersion(attestationClient.m_apiVersion),
           m_pipeline(attestationClient.m_pipeline),
-          m_tokenValidationOptions(attestationClient.m_tokenValidationOptions){};
+          m_tokenValidationOptions(attestationClient.m_tokenValidationOptions),
+          m_attestationSigners(attestationClient.m_attestationSigners){};
 
     /**
      * @brief Destructor.
@@ -255,6 +270,36 @@ namespace Azure { namespace Security { namespace Attestation {
 
     std::vector<Models::AttestationSigner> m_attestationSigners;
 
+    /**
+     * @brief Construct a new Attestation Administration Client object.
+     *
+     * @param endpoint The URL address where the client will send the requests to.
+     * @param credential The authentication token to use.
+     * @param options The options to customize the client behavior.
+     * @return The newly created client.
+     */
+    static AttestationAdministrationClient CreateConcrete(
+        std::string const& endpoint,
+        std::shared_ptr<Core::Credentials::TokenCredential const> credential,
+        AttestationAdministrationClientOptions const& options
+        = AttestationAdministrationClientOptions{},
+        Azure::Core::Context const& context = Azure::Core::Context{});
+
+    /**
+     * @brief Construct a new Attestation Administration Client object.
+     *
+     * @param endpoint The URL address where the client will send the requests to.
+     * @param credential The authentication token to use.
+     * @param options The options to customize the client behavior.
+     * @return The newly created client.
+     */
+    static std::unique_ptr<AttestationAdministrationClient> CreatePointer(
+        std::string const& endpoint,
+        std::shared_ptr<Core::Credentials::TokenCredential const> credential,
+        AttestationAdministrationClientOptions const& options
+        = AttestationAdministrationClientOptions{},
+        Azure::Core::Context const& context = Azure::Core::Context{});
+
     /**
      * @brief Construct a new Attestation Administration Client object.
      *
@@ -289,29 +334,4 @@ namespace Azure { namespace Security { namespace Attestation {
     void RetrieveResponseValidationCollateral(
         Azure::Core::Context const& context = Azure::Core::Context{});
   };
-
-  /** @brief Construct a new AttestationAdministrationClient object.
-   *
-   * The AttestationAdministrationClientFactory class is a factory class for instantiating new
-   * AttestationAdministrationClient objects.
-   *
-   */
-  class AttestationAdministrationClientFactory final {
-  public:
-    /**
-     * @brief Construct a new Attestation Administration Client object.
-     *
-     * @param endpoint The URL address where the client will send the requests to.
-     * @param credential The authentication token to use.
-     * @param options The options to customize the client behavior.
-     * @return std::unique_ptr<AttestationAdministrationClient> The newly created client.
-     */
-    static std::unique_ptr<AttestationAdministrationClient> Create(
-        std::string const& endpoint,
-        std::shared_ptr<Core::Credentials::TokenCredential const> credential,
-        AttestationAdministrationClientOptions const& options
-        = AttestationAdministrationClientOptions{},
-        Azure::Core::Context const& context = Azure::Core::Context{});
-  };
-
 }}} // namespace Azure::Security::Attestation

sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp

@@ -114,10 +114,44 @@ namespace Azure { namespace Security { namespace Attestation {
    */
 
   class AttestationClient final {
-    // Allow client factory to access private methods in the AttestationClient object.
-    friend class AttestationClientFactory;
 
   public:
+    /** @brief Construct a new Attestation Client object
+     *
+     * @details Constructs a new attestation client. Follows the
+     * factory pattern in [C++ Core Guidelines
+     * C.50](https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c50-use-a-factory-function-if-you-need-virtual-behavior-during-initialization)
+     *
+     * @param endpoint The URL address where the client will send the requests to.
+     * @param credential The authentication method to use (required for TPM attestation). If the
+     * credential parameter is not supplied, the connection will be unauthenticated.
+     * @param options The options to customize the client behavior.
+     * @return The newly created client.
+     */
+    static AttestationClient Create(
+        std::string const& endpoint,
+        std::shared_ptr<Core::Credentials::TokenCredential const> credential,
+        AttestationClientOptions const& options = AttestationClientOptions{},
+        Azure::Core::Context const& constext = Azure::Core::Context{});
+
+    /** @brief Construct a new anonymous Attestation Client object
+     *
+     * @details Constructs a new anonymous (unauthenticated) attestation client. Follows the
+     * factory pattern in [C++ Core Guidelines
+     * C.50](https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c50-use-a-factory-function-if-you-need-virtual-behavior-during-initialization)
+     *
+     * @param endpoint The URL address where the client will send the requests to.
+     * @param options The options to customize the client behavior.
+     * @return The newly created attestation client.
+     *
+     * @note TPM attestation requires an authenticated attestation client.
+     *
+     */
+    static AttestationClient Create(
+        std::string const& endpoint,
+        AttestationClientOptions options = AttestationClientOptions{},
+        Azure::Core::Context const& constext = Azure::Core::Context{});
+
     /**
      * @brief Destructor.
      *
@@ -131,7 +165,8 @@ namespace Azure { namespace Security { namespace Attestation {
     AttestationClient(AttestationClient const& attestationClient)
         : m_endpoint(attestationClient.m_endpoint), m_apiVersion(attestationClient.m_apiVersion),
           m_pipeline(attestationClient.m_pipeline),
-          m_tokenValidationOptions(attestationClient.m_tokenValidationOptions){};
+          m_tokenValidationOptions(attestationClient.m_tokenValidationOptions),
+          m_attestationSigners(attestationClient.m_attestationSigners){};
 
     std::string const Endpoint() const { return m_endpoint.GetAbsoluteUrl(); }
 
@@ -225,9 +260,43 @@ namespace Azure { namespace Security { namespace Attestation {
     std::shared_ptr<Azure::Core::Credentials::TokenCredential const> m_credentials;
     std::shared_ptr<Azure::Core::Http::_internal::HttpPipeline> m_pipeline;
     AttestationTokenValidationOptions m_tokenValidationOptions;
-
     std::vector<Models::AttestationSigner> m_attestationSigners;
 
+    /** @brief Construct a new Attestation Client object
+     *
+     * @details Constructs a new attestation client. Follows the
+     * factory pattern in [C++ Core Guidelines
+     * C.50](https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c50-use-a-factory-function-if-you-need-virtual-behavior-during-initialization)
+     *
+     * @param endpoint The URL address where the client will send the requests to.
+     * @param credential The authentication method to use (required for TPM attestation). If the
+     * credential parameter is not supplied, the connection will be unauthenticated.
+     * @param options The options to customize the client behavior.
+     * @return std::unique_ptr<AttestationClient> The newly created client.
+     */
+    static AttestationClient CreateConcrete(
+        std::string const& endpoint,
+        std::shared_ptr<Core::Credentials::TokenCredential const> credential,
+        AttestationClientOptions const& options = AttestationClientOptions{},
+        Azure::Core::Context const& constext = Azure::Core::Context{});
+    /** @brief Construct a new Attestation Client object
+     *
+     * @details Constructs a new attestation client. Follows the
+     * factory pattern in [C++ Core Guidelines
+     * C.50](https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c50-use-a-factory-function-if-you-need-virtual-behavior-during-initialization)
+     *
+     * @param endpoint The URL address where the client will send the requests to.
+     * @param credential The authentication method to use (required for TPM attestation). If the
+     * credential parameter is not supplied, the connection will be unauthenticated.
+     * @param options The options to customize the client behavior.
+     * @return std::unique_ptr<AttestationClient> The newly created client.
+     */
+    static std::unique_ptr<AttestationClient> CreatePointer(
+        std::string const& endpoint,
+        std::shared_ptr<Core::Credentials::TokenCredential const> credential,
+        AttestationClientOptions const& options = AttestationClientOptions{},
+        Azure::Core::Context const& constext = Azure::Core::Context{});
+
     /** @brief Construct a new Attestation Client object
      *
      * @param endpoint The URL address where the client will send the requests to.
@@ -249,49 +318,4 @@ namespace Azure { namespace Security { namespace Attestation {
         Azure::Core::Context const& context = Azure::Core::Context{});
   };
 
-  /** @brief Construct a new AttestationClient object.
-   *
-   * The AttestationClientFactory class is a factory class for instantiating new AttestationClient
-   * objects.
-   *
-   */
-  class AttestationClientFactory final {
-  public:
-    /** @brief Construct a new Attestation Client object
-     *
-     * @details Constructs a new attestation client. Follows the
-     * factory pattern in [C++ Core Guidelines
-     * C.50](https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c50-use-a-factory-function-if-you-need-virtual-behavior-during-initialization)
-     *
-     * @param endpoint The URL address where the client will send the requests to.
-     * @param credential The authentication method to use (required for TPM attestation). If the
-     * credential parameter is not supplied, the connection will be unauthenticated.
-     * @param options The options to customize the client behavior.
-     * @return std::unique_ptr<AttestationClient> The newly created client.
-     */
-    static std::unique_ptr<AttestationClient> Create(
-        std::string const& endpoint,
-        std::shared_ptr<Core::Credentials::TokenCredential const> credential,
-        AttestationClientOptions options = AttestationClientOptions{},
-        Azure::Core::Context const& constext = Azure::Core::Context{});
-
-    /** @brief Construct a new anonymous Attestation Client object
-     *
-     * @details Constructs a new anonymous (unauthenticated) attestation client. Follows the
-     * factory pattern in [C++ Core Guidelines
-     * C.50](https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c50-use-a-factory-function-if-you-need-virtual-behavior-during-initialization)
-     *
-     * @param endpoint The URL address where the client will send the requests to.
-     * @param options The options to customize the client behavior.
-     * @return std::unique_ptr<AttestationClient> The newly created attestation client.
-     *
-     * @note TPM attestation requires an authenticated attestation client.
-     *
-     */
-    static std::unique_ptr<AttestationClient> Create(
-        std::string const& endpoint,
-        AttestationClientOptions options = AttestationClientOptions{},
-        Azure::Core::Context const& constext = Azure::Core::Context{});
-  };
-
 }}} // namespace Azure::Security::Attestation

sdk/attestation/azure-security-attestation/samples/attestation/attest_openenclave_shared.cpp

@@ -47,13 +47,12 @@ int main()
     std::string const endpoint
         = "https://shared" + shortLocation + "." + shortLocation + ".attest.azure.net";
 
-    std::unique_ptr<AttestationClient> attestationClient(
-        AttestationClientFactory::Create(endpoint));
+    AttestationClient const attestationClient(AttestationClient::Create(endpoint));
 
     std::vector<uint8_t> const sgxEnclaveQuote = AttestationCollateral::SgxQuote();
 
     Azure::Response<AttestationToken<AttestationResult>> const sgxResult
-        = attestationClient->AttestSgxEnclave(sgxEnclaveQuote);
+        = attestationClient.AttestSgxEnclave(sgxEnclaveQuote);
 
     std::cout << "SGX Quote MRSIGNER is: "
               << Convert::Base64Encode(*sgxResult.Value.Body.SgxMrSigner) << std::endl;

sdk/attestation/azure-security-attestation/samples/attestation/attest_openenclave_with_draft_policy.cpp

@@ -42,8 +42,8 @@ int main()
   {
     std::cout << "In function: SampleAttestSgxEnclaveSimple" << std::endl;
     // create client
-    std::unique_ptr<AttestationClient const> attestationClient(
-        AttestationClientFactory::Create(GetEnvHelper::GetEnv("ATTESTATION_AAD_URL")));
+    AttestationClient const attestationClient(
+        AttestationClient::Create(GetEnvHelper::GetEnv("ATTESTATION_AAD_URL")));
 
     std::vector<uint8_t> const openEnclaveReport = AttestationCollateral::OpenEnclaveReport();
 
@@ -61,7 +61,7 @@ issuancerules {
     c:[type=="x-ms-sgx-mrsigner"] => issue(type="custom-name", value=c.value);
 };)";
     Azure::Response<AttestationToken<AttestationResult>> const sgxResult(
-        attestationClient->AttestOpenEnclave(openEnclaveReport, options));
+        attestationClient.AttestOpenEnclave(openEnclaveReport, options));
 
     std::cout << "SGX Quote MRSIGNER is: "
               << Convert::Base64Encode(*sgxResult.Value.Body.SgxMrSigner) << std::endl;

sdk/attestation/azure-security-attestation/samples/attestation/attest_sgxenclave.cpp

@@ -42,13 +42,13 @@ int main()
   {
     std::cout << "In function: SampleAttestSgxEnclaveSimple" << std::endl;
     // create client
-    std::unique_ptr<AttestationClient> attestationClient(
-        AttestationClientFactory::Create(GetEnvHelper::GetEnv("ATTESTATION_AAD_URL")));
+    AttestationClient attestationClient(
+        AttestationClient::Create(GetEnvHelper::GetEnv("ATTESTATION_AAD_URL")));
 
     std::vector<uint8_t> const sgxEnclaveQuote = AttestationCollateral::SgxQuote();
 
     Azure::Response<AttestationToken<AttestationResult>> const sgxResult
-        = attestationClient->AttestSgxEnclave(sgxEnclaveQuote);
+        = attestationClient.AttestSgxEnclave(sgxEnclaveQuote);
 
     std::cout << "SGX Quote MRSIGNER is: "
               << Convert::Base64Encode(*sgxResult.Value.Body.SgxMrSigner) << std::endl;

sdk/attestation/azure-security-attestation/samples/attestation/attest_sgxenclave_with_runtime_binary.cpp

@@ -44,8 +44,7 @@ int main()
 
     // create client
     std::string endpoint(GetEnvHelper::GetEnv("ATTESTATION_AAD_URL"));
-    std::shared_ptr<AttestationClient> attestationClient(
-        AttestationClientFactory::Create(endpoint));
+    AttestationClient attestationClient(AttestationClient::Create(endpoint));
 
     std::vector<uint8_t> const sgxEnclaveQuote = AttestationCollateral::SgxQuote();
 
@@ -57,7 +56,7 @@ int main()
         = AttestationData{AttestationCollateral::RunTimeData(), AttestationDataType::Binary};
 
     Azure::Response<AttestationToken<AttestationResult>> const sgxResult
-        = attestationClient->AttestSgxEnclave(sgxEnclaveQuote, attestOptions);
+        = attestationClient.AttestSgxEnclave(sgxEnclaveQuote, attestOptions);
 
     std::cout << "SGX Quote MRSIGNER is: "
               << Convert::Base64Encode(*sgxResult.Value.Body.SgxMrSigner) << std::endl;

sdk/attestation/azure-security-attestation/samples/attestation/attest_sgxenclave_with_runtime_json.cpp

@@ -44,8 +44,7 @@ int main()
 
     // create client
     std::string const endpoint(GetEnvHelper::GetEnv("ATTESTATION_AAD_URL"));
-    std::unique_ptr<AttestationClient const> attestationClient(
-        AttestationClientFactory::Create(endpoint));
+    AttestationClient const attestationClient(AttestationClient::Create(endpoint));
 
     std::vector<uint8_t> const sgxEnclaveQuote = AttestationCollateral::SgxQuote();
 
@@ -57,7 +56,7 @@ int main()
         = AttestationData{AttestationCollateral::RunTimeData(), AttestationDataType::Json};
 
     Azure::Response<AttestationToken<AttestationResult>> const sgxResult
-        = attestationClient->AttestSgxEnclave(sgxEnclaveQuote, attestOptions);
+        = attestationClient.AttestSgxEnclave(sgxEnclaveQuote, attestOptions);
 
     std::cout << "SGX Quote MRSIGNER is: "
               << Convert::Base64Encode(*sgxResult.Value.Body.SgxMrSigner) << std::endl;

sdk/attestation/azure-security-attestation/samples/basic-operations/create_admin_client.cpp

@@ -39,11 +39,10 @@ int main()
         GetEnvHelper::GetEnv("AZURE_TENANT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_SECRET"));
-    std::unique_ptr<AttestationAdministrationClient const> adminClient(
-        AttestationAdministrationClientFactory::Create(
-            GetEnvHelper::GetEnv("ATTESTATION_AAD_URL"), credential));
+    AttestationAdministrationClient const adminClient(AttestationAdministrationClient::Create(
+        GetEnvHelper::GetEnv("ATTESTATION_AAD_URL"), credential));
 
-    std::cout << "Admin client is Communicating with " << adminClient->Endpoint() << std::endl;
+    std::cout << "Admin client is Communicating with " << adminClient.Endpoint() << std::endl;
   }
   catch (Azure::Core::Credentials::AuthenticationException const& e)
   {

sdk/attestation/azure-security-attestation/samples/basic-operations/create_client.cpp

@@ -35,10 +35,10 @@ int main()
     clientOptions.TokenValidationOptions.TimeValidationSlack = 10s;
 
     // create client
-    std::unique_ptr<AttestationClient> attestationClient(AttestationClientFactory::Create(
-        GetEnvHelper::GetEnv("ATTESTATION_AAD_URL"), clientOptions));
+    AttestationClient attestationClient(
+        AttestationClient::Create(GetEnvHelper::GetEnv("ATTESTATION_AAD_URL"), clientOptions));
 
-    attestationClient->GetOpenIdMetadata();
+    attestationClient.GetOpenIdMetadata();
   }
   catch (Azure::Core::Credentials::AuthenticationException const& e)
   {

sdk/attestation/azure-security-attestation/samples/basic-operations/get_open-id_metadata.cpp

@@ -32,11 +32,11 @@ int main()
   try
   {
     // create client
-    std::unique_ptr<AttestationClient const> attestationClient(
-        AttestationClientFactory::Create(GetEnvHelper::GetEnv("ATTESTATION_AAD_URL")));
+    AttestationClient const attestationClient(
+        AttestationClient::Create(GetEnvHelper::GetEnv("ATTESTATION_AAD_URL")));
 
     // Retrieve the OpenId metadata from this attestation service instance.
-    Azure::Response<OpenIdMetadata> const openIdMetadata = attestationClient->GetOpenIdMetadata();
+    Azure::Response<OpenIdMetadata> const openIdMetadata = attestationClient.GetOpenIdMetadata();
     std::cout << "Attestation Certificate Endpoint is: " << *openIdMetadata.Value.JsonWebKeySetUrl
               << std::endl;
   }

sdk/attestation/azure-security-attestation/samples/basic-operations/get_signing_certificates.cpp

@@ -32,12 +32,12 @@ int main()
   try
   {
     // create client
-    std::unique_ptr<AttestationClient const> attestationClient(
-        AttestationClientFactory::Create(GetEnvHelper::GetEnv("ATTESTATION_AAD_URL")));
+    AttestationClient const attestationClient(
+        AttestationClient::Create(GetEnvHelper::GetEnv("ATTESTATION_AAD_URL")));
 
     // Retrieve the OpenId metadata from this attestation service instance.
     Azure::Response<TokenValidationCertificateResult> const signingCertificates
-        = attestationClient->GetTokenValidationCertificates();
+        = attestationClient.GetTokenValidationCertificates();
 
     std::cout << "There are " << signingCertificates.Value.Signers.size() << "signing certificates."
               << std::endl;

sdk/attestation/azure-security-attestation/samples/policy-certificates/add_policy_certificate.cpp

@@ -50,9 +50,8 @@ int main()
         GetEnvHelper::GetEnv("AZURE_TENANT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_SECRET"));
-    std::shared_ptr<AttestationAdministrationClient> adminClient(
-        AttestationAdministrationClientFactory::Create(
-            GetEnvHelper::GetEnv("ATTESTATION_ISOLATED_URL"), credential));
+    AttestationAdministrationClient adminClient(AttestationAdministrationClient::Create(
+        GetEnvHelper::GetEnv("ATTESTATION_ISOLATED_URL"), credential));
 
     std::string const signingKey(GetEnvHelper::GetEnv("ISOLATED_SIGNING_KEY"));
     std::string const signingCert(GetEnvHelper::GetEnv("ISOLATED_SIGNING_CERTIFICATE"));
@@ -76,7 +75,7 @@ int main()
       // Add the new certificate to the set of policy management certificates for this attestation
       // service instance.
       Azure::Response<AttestationToken<IsolatedModeCertificateModificationResult>> const addResult
-          = adminClient->AddIsolatedModeCertificate(pemCertificateToAdd, requestSigner);
+          = adminClient.AddIsolatedModeCertificate(pemCertificateToAdd, requestSigner);
 
       std::cout << "The result of the certificate add operation is: "
                 << addResult.Value.Body.CertificateModification.ToString() << std::endl;
@@ -115,7 +114,7 @@ int main()
       // Add the new certificate to the set of policy management certificates for this attestation
       // service instance.
       Azure::Response<AttestationToken<IsolatedModeCertificateModificationResult>> const addResult
-          = adminClient->RemoveIsolatedModeCertificate(pemCertificateToRemove, requestSigner);
+          = adminClient.RemoveIsolatedModeCertificate(pemCertificateToRemove, requestSigner);
 
       std::cout << "The result of the certificate remove operation is: "
                 << addResult.Value.Body.CertificateModification.ToString() << std::endl;

sdk/attestation/azure-security-attestation/samples/policy-certificates/get_policy_certificates.cpp

@@ -45,13 +45,12 @@ int main()
     // create an administration client
     auto const credential = std::make_shared<Azure::Identity::ClientSecretCredential>(
         GetEnv("AZURE_TENANT_ID"), GetEnv("AZURE_CLIENT_ID"), GetEnv("AZURE_CLIENT_SECRET"));
-    std::unique_ptr<AttestationAdministrationClient> adminClient(
-        AttestationAdministrationClientFactory::Create(
-            GetEnv("ATTESTATION_ISOLATED_URL"), credential));
+    AttestationAdministrationClient adminClient(
+        AttestationAdministrationClient::Create(GetEnv("ATTESTATION_ISOLATED_URL"), credential));
 
     // Retrieve the SGX Attestation Policy from this attestation service instance.
     Azure::Response<AttestationToken<IsolatedModeCertificateListResult>> const policyCertificates
-        = adminClient->GetIsolatedModeCertificates();
+        = adminClient.GetIsolatedModeCertificates();
 
     std::cout << "There are " << policyCertificates.Value.Body.Certificates.size()
               << " certificates configured on this instance." << std::endl;

sdk/attestation/azure-security-attestation/samples/policy/get_policy.cpp

@@ -40,13 +40,12 @@ int main()
         GetEnvHelper::GetEnv("AZURE_TENANT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_SECRET"));
-    std::unique_ptr<AttestationAdministrationClient> adminClient(
-        AttestationAdministrationClientFactory::Create(
-            GetEnvHelper::GetEnv("ATTESTATION_AAD_URL"), credential));
+    AttestationAdministrationClient adminClient(AttestationAdministrationClient::Create(
+        GetEnvHelper::GetEnv("ATTESTATION_AAD_URL"), credential));
 
     // Retrieve the SGX Attestation Policy from this attestation service instance.
     Azure::Response<AttestationToken<std::string>> const sgxPolicy
-        = adminClient->GetAttestationPolicy(AttestationType::SgxEnclave);
+        = adminClient.GetAttestationPolicy(AttestationType::SgxEnclave);
     std::cout << "SGX Attestation Policy is: " << sgxPolicy.Value.Body << std::endl;
   }
   catch (Azure::Core::Credentials::AuthenticationException const& e)

sdk/attestation/azure-security-attestation/samples/policy/reset_policy.cpp

@@ -59,11 +59,11 @@ int main()
         GetEnvHelper::GetEnv("AZURE_TENANT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_SECRET"));
-    std::unique_ptr<AttestationAdministrationClient const> adminClient(
-        AttestationAdministrationClientFactory::Create(endpoint, credential, clientOptions));
+    AttestationAdministrationClient const adminClient(
+        AttestationAdministrationClient::Create(endpoint, credential, clientOptions));
 
     Azure::Response<AttestationToken<PolicyResult>> const resetResult
-        = adminClient->ResetAttestationPolicy(AttestationType::SgxEnclave);
+        = adminClient.ResetAttestationPolicy(AttestationType::SgxEnclave);
 
     if (resetResult.Value.Body.PolicyResolution == PolicyModification::Removed)
     {

sdk/attestation/azure-security-attestation/samples/policy/reset_sealed_policy.cpp

@@ -60,8 +60,8 @@ int main()
         GetEnvHelper::GetEnv("AZURE_TENANT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_SECRET"));
-    std::shared_ptr<AttestationAdministrationClient const> adminClient(
-        AttestationAdministrationClientFactory::Create(endpoint, credential, clientOptions));
+    AttestationAdministrationClient const adminClient(
+        AttestationAdministrationClient::Create(endpoint, credential, clientOptions));
 
     std::string const signingKey(GetEnvHelper::GetEnv("ISOLATED_SIGNING_KEY"));
     std::string const signingCert(GetEnvHelper::GetEnv("ISOLATED_SIGNING_CERTIFICATE"));
@@ -76,7 +76,7 @@ int main()
     resetOptions.SigningKey = AttestationSigningKey{pemSigningKey, pemSigningCert};
 
     Azure::Response<AttestationToken<PolicyResult>> const resetResult
-        = adminClient->ResetAttestationPolicy(AttestationType::SgxEnclave, resetOptions);
+        = adminClient.ResetAttestationPolicy(AttestationType::SgxEnclave, resetOptions);
 
     if (resetResult.Value.Body.PolicyResolution == PolicyModification::Updated)
     {

sdk/attestation/azure-security-attestation/samples/policy/set_policy.cpp

@@ -58,8 +58,8 @@ int main()
         GetEnvHelper::GetEnv("AZURE_TENANT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_SECRET"));
-    std::unique_ptr<AttestationAdministrationClient const> adminClient(
-        AttestationAdministrationClientFactory::Create(endpoint, credential, clientOptions));
+    AttestationAdministrationClient const adminClient(
+        AttestationAdministrationClient::Create(endpoint, credential, clientOptions));
 
     // Set the attestation policy on this attestation instance.
     // Note that because this is an AAD mode instance, the caller does not need to sign the policy
@@ -73,7 +73,7 @@ authorizationrules
 	[ type=="x-ms-sgx-mrsigner", value=="mrsigner2"] => permit(); 
 };)");
     Azure::Response<AttestationToken<PolicyResult>> const setResult
-        = adminClient->SetAttestationPolicy(AttestationType::SgxEnclave, policyToSet);
+        = adminClient.SetAttestationPolicy(AttestationType::SgxEnclave, policyToSet);
 
     if (setResult.Value.Body.PolicyResolution == PolicyModification::Updated)
     {
@@ -89,7 +89,7 @@ authorizationrules
     // by the attestation service, the customer can call CreateAttestationPolicyToken and then
     // generate the SHA256 of that token and compare it with the value returned by the service - the
     // two hash values should be identical.
-    auto const setPolicyToken = adminClient->CreateAttestationPolicyToken(policyToSet);
+    auto const setPolicyToken = adminClient.CreateAttestationPolicyToken(policyToSet);
     Sha256Hash shaHasher;
     std::vector<uint8_t> policyTokenHash = shaHasher.Final(
         reinterpret_cast<uint8_t const*>(setPolicyToken.RawToken.data()),

sdk/attestation/azure-security-attestation/samples/policy/set_sealed_policy.cpp

@@ -62,8 +62,8 @@ int main()
         GetEnvHelper::GetEnv("AZURE_TENANT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_ID"),
         GetEnvHelper::GetEnv("AZURE_CLIENT_SECRET"));
-    std::shared_ptr<AttestationAdministrationClient const> adminClient(
-        AttestationAdministrationClientFactory::Create(endpoint, credential, clientOptions));
+    AttestationAdministrationClient const adminClient(
+        AttestationAdministrationClient::Create(endpoint, credential, clientOptions));
 
     std::string const signingKey(GetEnvHelper::GetEnv("ISOLATED_SIGNING_KEY"));
     std::string const signingCert(GetEnvHelper::GetEnv("ISOLATED_SIGNING_CERTIFICATE"));
@@ -87,7 +87,7 @@ authorizationrules
     setOptions.SigningKey = AttestationSigningKey{pemSigningKey, pemSigningCert};
 
     Azure::Response<AttestationToken<PolicyResult>> const setResult
-        = adminClient->SetAttestationPolicy(AttestationType::SgxEnclave, policyToSet, setOptions);
+        = adminClient.SetAttestationPolicy(AttestationType::SgxEnclave, policyToSet, setOptions);
 
     if (setResult.Value.Body.PolicyResolution == PolicyModification::Updated)
     {
@@ -104,7 +104,7 @@ authorizationrules
     // generate the SHA256 of that token and compare it with the value returned by the service - the
     // two hash values should be identical.
     auto const setPolicyToken
-        = adminClient->CreateAttestationPolicyToken(policyToSet, setOptions.SigningKey);
+        = adminClient.CreateAttestationPolicyToken(policyToSet, setOptions.SigningKey);
     Sha256Hash shaHasher;
     std::vector<uint8_t> const policyTokenHash = shaHasher.Final(
         reinterpret_cast<uint8_t const*>(setPolicyToken.RawToken.data()),

sdk/attestation/azure-security-attestation/src/attestation_administration_client.cpp

@@ -65,15 +65,14 @@ AttestationAdministrationClient::AttestationAdministrationClient(
       std::move(perCallpolicies));
 }
 
-std::unique_ptr<AttestationAdministrationClient> AttestationAdministrationClientFactory::Create(
+AttestationAdministrationClient AttestationAdministrationClient::Create(
     std::string const& endpoint,
     std::shared_ptr<Core::Credentials::TokenCredential const> credential,
     AttestationAdministrationClientOptions const& options,
     Azure::Core::Context const& context)
 {
-  std::unique_ptr<AttestationAdministrationClient> returnValue(
-      new AttestationAdministrationClient(endpoint, credential, options));
-  returnValue->RetrieveResponseValidationCollateral(context);
+  AttestationAdministrationClient returnValue(endpoint, credential, options);
+  returnValue.RetrieveResponseValidationCollateral(context);
   return returnValue;
 }
 

sdk/attestation/azure-security-attestation/src/attestation_client.cpp

@@ -216,15 +216,14 @@ void AttestationClient::RetrieveResponseValidationCollateral(Azure::Core::Contex
  * @param credential The authentication method to use (required for TPM attestation).
  * @param options The options to customize the client behavior.
  */
-std::unique_ptr<AttestationClient> AttestationClientFactory::Create(
+Azure::Security::Attestation::AttestationClient AttestationClient::Create(
     std::string const& endpoint,
     std::shared_ptr<Core::Credentials::TokenCredential const> credential,
-    AttestationClientOptions options,
+    AttestationClientOptions const& options,
     Azure::Core::Context const& context)
 {
-  std::unique_ptr<AttestationClient> returnValue(
-      new AttestationClient(endpoint, credential, options));
-  returnValue->RetrieveResponseValidationCollateral(context);
+  AttestationClient returnValue(endpoint, credential, options);
+  returnValue.RetrieveResponseValidationCollateral(context);
   // Release the client pointer from the unique pointer to let the parent manage it.
   return returnValue;
 }
@@ -236,7 +235,7 @@ std::unique_ptr<AttestationClient> AttestationClientFactory::Create(
  *
  * @note TPM attestation requires an authenticated attestation client.
  */
-std::unique_ptr<AttestationClient> AttestationClientFactory::Create(
+Azure::Security::Attestation::AttestationClient AttestationClient::Create(
     std::string const& endpoint,
     AttestationClientOptions options,
     Azure::Core::Context const& context)

sdk/attestation/azure-security-attestation/test/ut/attestation_metadata.cpp

@@ -50,14 +50,14 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
       }
     }
 
-    std::unique_ptr<AttestationClient> CreateClient()
+    AttestationClient CreateClient()
     {
       // `InitTestClient` takes care of setting up Record&Playback.
       auto options = InitClientOptions<Azure::Security::Attestation::AttestationClientOptions>();
-      return AttestationClientFactory::Create(m_endpoint, options);
+      return AttestationClient::Create(m_endpoint, options);
     }
 
-    std::unique_ptr<AttestationClient> CreateAuthenticatedClient()
+    AttestationClient CreateAuthenticatedClient()
     {
       // `InitClientOptions` takes care of setting up Record&Playback.
       AttestationClientOptions options = InitClientOptions<AttestationClientOptions>();
@@ -65,7 +65,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
           = std::make_shared<Azure::Identity::ClientSecretCredential>(
               GetEnv("AZURE_TENANT_ID"), GetEnv("AZURE_CLIENT_ID"), GetEnv("AZURE_CLIENT_SECRET"));
 
-      return AttestationClientFactory::Create(m_endpoint, credential, options);
+      return AttestationClient::Create(m_endpoint, credential, options);
     }
   };
 
@@ -73,9 +73,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
   {
     auto attestationClient(CreateClient());
 
-    EXPECT_FALSE(attestationClient->Endpoint().empty());
-
-    auto openIdMetadata = attestationClient->GetOpenIdMetadata();
+    auto openIdMetadata = attestationClient.GetOpenIdMetadata();
 
     EXPECT_TRUE(openIdMetadata.Value.Issuer);
     EXPECT_TRUE(openIdMetadata.Value.JsonWebKeySetUrl);
@@ -94,7 +92,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
   {
     auto attestationClient(CreateClient());
 
-    auto attestationSigners = attestationClient->GetTokenValidationCertificates();
+    auto attestationSigners = attestationClient.GetTokenValidationCertificates();
     EXPECT_LE(1UL, attestationSigners.Value.Signers.size());
     for (const auto& signer : attestationSigners.Value.Signers)
     {

sdk/attestation/azure-security-attestation/test/ut/attestation_test.cpp

@@ -68,14 +68,14 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
       return returnValue;
     }
 
-    std::unique_ptr<AttestationClient> CreateClient()
+    AttestationClient CreateClient()
     {
       // `InitTestClient` takes care of setting up Record&Playback.
       auto options = InitClientOptions<Azure::Security::Attestation::AttestationClientOptions>();
       options.TokenValidationOptions = GetTokenValidationOptions();
-      return AttestationClientFactory::Create(m_endpoint, options);
+      return AttestationClient::Create(m_endpoint, options);
     }
-    std::unique_ptr<AttestationClient> CreateAuthenticatedClient()
+    AttestationClient CreateAuthenticatedClient()
     {
       // `InitClientOptions` takes care of setting up Record&Playback.
       AttestationClientOptions options = InitClientOptions<AttestationClientOptions>();
@@ -84,7 +84,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
           = CreateClientSecretCredential(
               GetEnv("AZURE_TENANT_ID"), GetEnv("AZURE_CLIENT_ID"), GetEnv("AZURE_CLIENT_SECRET"));
 
-      return AttestationClientFactory::Create(m_endpoint, credential, options);
+      return AttestationClient::Create(m_endpoint, credential, options);
     }
 
     void ValidateAttestResponse(
@@ -138,16 +138,13 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
     if (type == AttestationType::OpenEnclave)
     {
       auto report = AttestationCollateral::OpenEnclaveReport();
-      auto attestResponse = client->AttestOpenEnclave(report);
-      ValidateAttestResponse(attestResponse);
-
-      attestResponse = client->AttestOpenEnclave(report);
+      auto attestResponse = client.AttestOpenEnclave(report);
       ValidateAttestResponse(attestResponse);
     }
     else if (type == AttestationType::SgxEnclave)
     {
       auto quote = AttestationCollateral::SgxQuote();
-      auto attestResponse = client->AttestSgxEnclave(quote);
+      auto attestResponse = client.AttestSgxEnclave(quote);
       ValidateAttestResponse(attestResponse);
     }
   }
@@ -165,7 +162,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
       AttestOpenEnclaveOptions options;
       options.RunTimeData = data;
       auto report = AttestationCollateral::OpenEnclaveReport();
-      auto attestResponse = client->AttestOpenEnclave(report, options);
+      auto attestResponse = client.AttestOpenEnclave(report, options);
       ValidateAttestResponse(attestResponse, data);
     }
     else if (type == AttestationType::SgxEnclave)
@@ -173,7 +170,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
       AttestSgxEnclaveOptions options;
       options.RunTimeData = data;
       auto quote = AttestationCollateral::SgxQuote();
-      auto attestResponse = client->AttestSgxEnclave(quote, options);
+      auto attestResponse = client.AttestSgxEnclave(quote, options);
       ValidateAttestResponse(attestResponse, data);
     }
   }
@@ -203,7 +200,7 @@ issuancerules {
 };)";
       auto report = AttestationCollateral::OpenEnclaveReport();
 
-      auto attestResponse = client->AttestOpenEnclave(report, options);
+      auto attestResponse = client.AttestOpenEnclave(report, options);
       // Because a draft policy was set, the resulting token is unsigned.
       ValidateAttestResponse(
           attestResponse, Azure::Nullable<AttestationData>(), *options.DraftPolicyForAttestation);
@@ -219,7 +216,7 @@ authorizationrules
 issuancerules {
     c:[type=="x-ms-sgx-mrsigner"] => issue(type="custom-name", value=c.value);
 };)";
-      EXPECT_THROW(client->AttestOpenEnclave(report, options), Azure::Core::RequestFailedException);
+      EXPECT_THROW(client.AttestOpenEnclave(report, options), Azure::Core::RequestFailedException);
     }
     else if (type == AttestationType::SgxEnclave)
     {
@@ -237,7 +234,7 @@ issuancerules {
     c:[type=="x-ms-sgx-mrsigner"] => issue(type="custom-name", value=c.value);
 };)";
       auto quote = AttestationCollateral::SgxQuote();
-      auto attestResponse = client->AttestSgxEnclave(quote, options);
+      auto attestResponse = client.AttestSgxEnclave(quote, options);
       ValidateAttestResponse(
           attestResponse, Azure::Nullable<AttestationData>(), *options.DraftPolicyForAttestation);
 
@@ -252,7 +249,7 @@ authorizationrules
 issuancerules {
     c:[type=="x-ms-sgx-mrsigner"] => issue(type="custom-name", value=c.value);
 };)";
-      EXPECT_THROW(client->AttestSgxEnclave(quote, options), Azure::Core::RequestFailedException);
+      EXPECT_THROW(client.AttestSgxEnclave(quote, options), Azure::Core::RequestFailedException);
     }
   }
 
@@ -289,17 +286,44 @@ issuancerules {
                 EXPECT_NE(cert->GetSubjectName().find(m_endpoint), std::string::npos);
               }
             };
-      auto attestResponse = client->AttestOpenEnclave(report, options);
+      auto attestResponse = client.AttestOpenEnclave(report, options);
       ValidateAttestResponse(attestResponse, data);
     }
     else if (type == AttestationType::SgxEnclave)
     {
       auto quote = AttestationCollateral::SgxQuote();
-      auto attestResponse = client->AttestSgxEnclave(quote, {data});
+      auto attestResponse = client.AttestSgxEnclave(quote, {data});
       ValidateAttestResponse(attestResponse, data);
     }
   }
 
+  TEST_P(AttestationTests, CreateAttestationClients)
+  {
+    // `InitTestClient` takes care of setting up Record&Playback.
+    auto options = InitClientOptions<Azure::Security::Attestation::AttestationClientOptions>();
+
+    {
+      AttestationClient client = AttestationClient::Create(this->m_endpoint, options);
+      EXPECT_EQ(m_endpoint, client.Endpoint());
+    }
+    {
+      AttestationClient const client = AttestationClient::Create(this->m_endpoint, options);
+      EXPECT_EQ(m_endpoint, client.Endpoint());
+    }
+    {
+      AttestationClient client = AttestationClient::Create(this->m_endpoint, options);
+      EXPECT_EQ(m_endpoint, client.Endpoint());
+    }
+    {
+      auto client = AttestationClient::Create(this->m_endpoint, options);
+      EXPECT_EQ(m_endpoint, client.Endpoint());
+    }
+    {
+      auto const client = AttestationClient::Create(this->m_endpoint, options);
+      EXPECT_EQ(m_endpoint, client.Endpoint());
+    }
+  }
+
   namespace {
     static std::string GetSuffix(const testing::TestParamInfo<AttestationTests::ParamType>& info)
     {

sdk/attestation/azure-security-attestation/test/ut/policycertmgmt_test.cpp

@@ -72,7 +72,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
       return returnValue;
     }
 
-    std::unique_ptr<AttestationAdministrationClient> CreateClient(ServiceInstanceType instanceType)
+    AttestationAdministrationClient CreateClient(ServiceInstanceType instanceType)
     {
       // `InitTestClient` takes care of setting up Record&Playback.
       AttestationAdministrationClientOptions options
@@ -83,7 +83,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
           = CreateClientSecretCredential(
               GetEnv("AZURE_TENANT_ID"), GetEnv("AZURE_CLIENT_ID"), GetEnv("AZURE_CLIENT_SECRET"));
 
-      return AttestationAdministrationClientFactory::Create(
+      return AttestationAdministrationClient::Create(
           GetServiceEndpoint(instanceType), credential, options);
     }
 
@@ -96,7 +96,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
       auto adminClient(CreateClient(instanceType));
 
       {
-        auto certificatesResult = adminClient->GetIsolatedModeCertificates(
+        auto certificatesResult = adminClient.GetIsolatedModeCertificates(
             GetIsolatedModeCertificatesOptions{GetTokenValidationOptions()});
 
         // Do we expect to get any certificates in the response? AAD and Shared instances will never
@@ -195,7 +195,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
       auto isolatedSigningKey(AttestationSigningKey{
           isolatedPrivateKey->ExportPrivateKey(), isolatedCertificate->ExportAsPEM()});
 
-      auto certificatesResult = adminClient->AddIsolatedModeCertificate(
+      auto certificatesResult = adminClient.AddIsolatedModeCertificate(
           certificateToAdd->ExportAsPEM(), isolatedSigningKey);
 
       EXPECT_EQ(
@@ -208,7 +208,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
 
     // Make sure that the certificate we just added is included in the enumeration.
     {
-      auto policyCertificates = adminClient->GetIsolatedModeCertificates();
+      auto policyCertificates = adminClient.GetIsolatedModeCertificates();
       EXPECT_GT(policyCertificates.Value.Body.Certificates.size(), 1ul);
 
       bool foundIsolatedCertificate = false;
@@ -258,7 +258,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
 
     // Ensure that POLICY_SIGNING_CERTIFICATE_0 is already present in the list of certificates.
     {
-      auto certificatesResult = adminClient->AddIsolatedModeCertificate(
+      auto certificatesResult = adminClient.AddIsolatedModeCertificate(
           certificateToRemove->ExportAsPEM(), isolatedSigningKey);
 
       EXPECT_EQ(
@@ -268,7 +268,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
 
     // And now remove that certificate.
     {
-      auto certificatesResult = adminClient->RemoveIsolatedModeCertificate(
+      auto certificatesResult = adminClient.RemoveIsolatedModeCertificate(
           certificateToRemove->ExportAsPEM(), isolatedSigningKey);
 
       EXPECT_EQ(
@@ -281,7 +281,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
 
     // Make sure that the certificate we just removed is NOT included in the enumeration.
     {
-      auto policyCertificates = adminClient->GetIsolatedModeCertificates();
+      auto policyCertificates = adminClient.GetIsolatedModeCertificates();
       EXPECT_EQ(policyCertificates.Value.Body.Certificates.size(), 1ul);
 
       bool foundIsolatedCertificate = false;
@@ -326,7 +326,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
 
     {
       EXPECT_THROW(
-          adminClient->AddIsolatedModeCertificate(
+          adminClient.AddIsolatedModeCertificate(
               fakedCertificateToAdd->ExportAsPEM(), isolatedSigningKey),
           Azure::Core::RequestFailedException);
     }
@@ -353,7 +353,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
 
     {
       EXPECT_THROW(
-          adminClient->RemoveIsolatedModeCertificate(
+          adminClient.RemoveIsolatedModeCertificate(
               fakedCertificateToRemove->ExportAsPEM(), isolatedSigningKey),
           Azure::Core::RequestFailedException);
     }

sdk/attestation/azure-security-attestation/test/ut/policygetset_test.cpp

@@ -85,7 +85,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
       return returnValue;
     }
 
-    std::unique_ptr<AttestationAdministrationClient> CreateClient()
+    AttestationAdministrationClient CreateClient()
     {
       // `InitTestClient` takes care of setting up Record&Playback.
       AttestationAdministrationClientOptions options
@@ -96,11 +96,11 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
           = CreateClientSecretCredential(
               GetEnv("AZURE_TENANT_ID"), GetEnv("AZURE_CLIENT_ID"), GetEnv("AZURE_CLIENT_SECRET"));
 
-      return AttestationAdministrationClientFactory::Create(m_endpoint, credential, options);
+      return AttestationAdministrationClient::Create(m_endpoint, credential, options);
     }
 
     bool ValidateSetPolicyResponse(
-        std::unique_ptr<AttestationAdministrationClient> const& client,
+        AttestationAdministrationClient const& client,
         Response<AttestationToken<PolicyResult>> const& result,
         Azure::Nullable<std::string> policyToValidate,
         Azure::Nullable<AttestationSigningKey> const& signingKey = {})
@@ -147,7 +147,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
         if (!m_testContext.IsPlaybackMode())
         {
           AttestationToken<void> sentToken
-              = client->CreateAttestationPolicyToken(policyToValidate, signingKey);
+              = client.CreateAttestationPolicyToken(policyToValidate, signingKey);
 
           Azure::Core::Cryptography::_internal::Sha256Hash hasher;
           std::vector<uint8_t> rawTokenHash = hasher.Final(
@@ -172,13 +172,13 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
       SetPolicyOptions setOptions;
       setOptions.SigningKey = signingKey;
       auto setResponse
-          = adminClient->SetAttestationPolicy(GetParam().TeeType, policyToSet, setOptions);
+          = adminClient.SetAttestationPolicy(GetParam().TeeType, policyToSet, setOptions);
 
       EXPECT_TRUE(ValidateSetPolicyResponse(adminClient, setResponse, policyToSet, signingKey));
 
       // Make sure that the policy we set can be retrieved (we've checked the hash in
       // ValidateSetPolicyResponse, but this doesn't hurt)
-      auto getResponse = adminClient->GetAttestationPolicy(
+      auto getResponse = adminClient.GetAttestationPolicy(
           GetParam().TeeType, GetPolicyOptions{GetTokenValidationOptions()});
       EXPECT_EQ(policyToSet, getResponse.Value.Body);
     }
@@ -191,13 +191,13 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
       setOptions.SigningKey = signingKey;
       setOptions.TokenValidationOptionsOverride = GetTokenValidationOptions();
 
-      auto setResponse = adminClient->ResetAttestationPolicy(GetParam().TeeType, setOptions);
+      auto setResponse = adminClient.ResetAttestationPolicy(GetParam().TeeType, setOptions);
 
       EXPECT_TRUE(ValidateSetPolicyResponse(
           adminClient, setResponse, Azure::Nullable<std::string>(), signingKey));
 
       // The policy had better not be the minimal policy after we've reset it.
-      auto getResponse = adminClient->GetAttestationPolicy(GetParam().TeeType);
+      auto getResponse = adminClient.GetAttestationPolicy(GetParam().TeeType);
       EXPECT_NE(AttestationCollateral::GetMinimalPolicy(), getResponse.Value.Body);
     }
 
@@ -218,11 +218,9 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
     {
       auto adminClient(CreateClient());
 
-      EXPECT_FALSE(adminClient->Endpoint().empty());
-
       AttestationType attestationType(GetParam().TeeType);
       {
-        auto policy = adminClient->GetAttestationPolicy(attestationType);
+        auto policy = adminClient.GetAttestationPolicy(attestationType);
 
         // The policy should have a value, and the token should have been issued by the service.
         // Note that if the policy *doesn't* have a body, then the attestation type must be TPM
@@ -386,6 +384,23 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
     }
   } // namespace Test
 
+  TEST_P(PolicyTests, CreateAdministrationClients)
+  {
+    // `InitTestClient` takes care of setting up Record&Playback.
+    auto options
+        = InitClientOptions<Azure::Security::Attestation::AttestationAdministrationClientOptions>();
+    {
+      AttestationAdministrationClient client
+          = AttestationAdministrationClient::Create(this->m_endpoint, m_credential, options);
+      EXPECT_EQ(m_endpoint, client.Endpoint());
+    }
+    {
+      AttestationAdministrationClient const client
+          = AttestationAdministrationClient::Create(this->m_endpoint, m_credential, options);
+      EXPECT_EQ(m_endpoint, client.Endpoint());
+    }
+  }
+
   namespace {
     std::string GetTestName(testing::TestParamInfo<PolicyTests::ParamType> const& testInfo)
     {