Move tests to use azure pipeline credentials (#5754)

* test1 * hgdfchg * remove the remnants of azure client secret * test KV with federated auth * UseFederatedAuth * fdsa * kv template with managed * try try again * retry permissions * add net acls * blunt force replace the resource json * put back stuff * trey again with new method * attempt * missed something * flip if else * Temporarily use empty sub config file path for preview cloud * remove client secret * try to fix the identity tests * live skip failing tests and return in samples * samples for identity fix * disable failing samples in identity * fix winhttp failing test * comment out code * remove managed identity * restore version from main * revert readme changes * PR comments * test 2 * clang * attempt default creds with pipeline chanined * clangs * identity test and clangs * oops * live * cleanup * reter * test * revert the DAC change * missed one * taking the samples to a farm upstate * PR comments * Fix bad merge --------- Co-authored-by: Daniel Jurek <djurek@microsoft.com> Co-authored-by: Anton Kolesnyk <antkmsft@users.noreply.github.com> Co-authored-by: Anton Kolesnyk <41349689+antkmsft@users.noreply.github.com>
2024-07-11 17:38:19 -07:00 · 2024-07-11 17:38:19 -07:00 · 313fb0e58f
commit 313fb0e58f
parent aadeca2c5c
17 changed files with 80 additions and 52 deletions
--- a/eng/pipelines/templates/jobs/live.tests.yml
+++ b/eng/pipelines/templates/jobs/live.tests.yml
@ -244,32 +244,6 @@ jobs:
      # Will run samples described on a file name [service]-samples.txt within the build directory.
      # For example keyvault-samples.txt.
      # The file is written by CMake during configuration when building samples.
-    - bash: |
-        IFS=$'\n'
-        if [[ -f "./${{ parameters.ServiceDirectory }}-samples.txt" ]]; then
-          for sample in `cat ./${{ parameters.ServiceDirectory }}-samples.txt`
-          do
-            export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID)
-            export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID)
-            export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET)
-            echo "**********Running sample: ${sample}"
-            bash -c "$sample"
-            status=$?
-            if [[ $status -eq 0 ]]; then
-              echo "*********Sample completed*********"
-            else
-              echo "*Sample returned a failed code: $status"
-              exit 1
-            fi
-          done
-        fi
-      workingDirectory: build
-      displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}"
-      condition: and(succeeded(), eq(variables['RunSamples'], '1'))
-      env:
-        ${{ insert }}: ${{ parameters.EnvVars }}
-
-  - ${{ else }}:
    - task: AzurePowerShell@5
      displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}"
      condition: and(succeeded(), eq(variables['RunSamples'], '1'))
@ -299,6 +273,32 @@ jobs:
        SYSTEM_ACCESSTOKEN: $(System.AccessToken)
        ${{ insert }}: ${{ parameters.EnvVars }}

+  - ${{ else }}:
+    - bash: |
+        IFS=$'\n'
+        if [[ -f "./${{ parameters.ServiceDirectory }}-samples.txt" ]]; then
+          for sample in `cat ./${{ parameters.ServiceDirectory }}-samples.txt`
+          do
+            export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID)
+            export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID)
+            export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET)
+            echo "**********Running sample: ${sample}"
+            bash -c "$sample"
+            status=$?
+            if [[ $status -eq 0 ]]; then
+              echo "*********Sample completed*********"
+            else
+              echo "*Sample returned a failed code: $status"
+              exit 1
+            fi
+          done
+        fi
+      workingDirectory: build
+      displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}"
+      condition: and(succeeded(), eq(variables['RunSamples'], '1'))
+      env:
+        ${{ insert }}: ${{ parameters.EnvVars }}      
+
  # Make coverage targets (specified in coverage_targets.txt) and assemble
  # coverage report
  - bash: |
--- a/eng/pipelines/templates/stages/archetype-sdk-client.yml
+++ b/eng/pipelines/templates/stages/archetype-sdk-client.yml
@ -62,6 +62,8 @@ parameters:
      Preview:
        SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources-preview)
        ServiceConnection: azure-sdk-tests
+        # Temporary fix until an eng/common config for Preview can be merged
+        SubscriptionConfigurationFilePaths: []
      Canary:
        SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
        ServiceConnection: azure-sdk-tests
--- a/sdk/attestation/ci.yml
+++ b/sdk/attestation/ci.yml
@ -32,6 +32,7 @@ extends:
      LiveTestCtestRegex: azure-security-attestation.*
      LineCoverageTarget: 70
      BranchCoverageTarget: 34
+      UseFederatedAuth: true
      Artifacts:
        - Name: azure-security-attestation
          Path: azure-security-attestation
--- a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp
+++ b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp
@ -15,6 +15,8 @@
 #include <azure/core/internal/client_options.hpp>
 #include <azure/core/internal/diagnostics/log.hpp>
 #include <azure/core/internal/environment.hpp>
+#include <azure/identity/azure_pipelines_credential.hpp>
+#include <azure/identity/chained_token_credential.hpp>
 #include <azure/identity/client_secret_credential.hpp>
 #include <azure/identity/default_azure_credential.hpp>

@ -246,7 +248,17 @@ namespace Azure { namespace Core { namespace Test {
        }
        if (clientSecret.empty())
        {
-          m_testCredential = std::make_shared<Azure::Identity::DefaultAzureCredential>();
+          m_testCredential = std::make_shared<Azure::Identity::ChainedTokenCredential>(
+              Azure::Identity::ChainedTokenCredential::Sources{
+                  std ::make_shared<Azure::Identity::AzurePipelinesCredential>(
+                      Azure::Core::_internal::Environment::GetVariable(
+                          "AZURESUBSCRIPTION_TENANT_ID"),
+                      Azure::Core::_internal::Environment::GetVariable(
+                          "AZURESUBSCRIPTION_CLIENT_ID"),
+                      Azure::Core::_internal::Environment::GetVariable(
+                          "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"),
+                      Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")),
+                  std::make_shared<Azure::Identity::DefaultAzureCredential>()});
        }
        else
        {
@ -302,7 +314,7 @@ namespace Azure { namespace Core { namespace Test {
     *
     * @return The value of the environment variable retrieved.
     *
-     * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID, or AZURE_CLIENT_SECRET are not available in the
+     * @note If AZURE_TENANT_ID or AZURE_CLIENT_ID are not available in the
     * environment, the AZURE_SERVICE_DIRECTORY environment variable is used to set those values
     * with the values emitted by the New-TestResources.ps1 script.
     *
--- a/sdk/core/ci.yml
+++ b/sdk/core/ci.yml
@ -53,6 +53,7 @@ extends:
      LiveTestTimeoutInMinutes: 90 # default is 60 min. We need a little longer on worst case for Win+jsonTests
      LineCoverageTarget: 88
      BranchCoverageTarget: 50
+      UseFederatedAuth: true
 #      PreTestSteps:
 #        - pwsh: |
 #            docker build -t squid-local $(Build.SourcesDirectory)/sdk/core/azure-core/test/ut/proxy_tests/localproxy
--- a/sdk/core/perf/inc/azure/perf/base_test.hpp
+++ b/sdk/core/perf/inc/azure/perf/base_test.hpp
@ -100,7 +100,7 @@ namespace Azure { namespace Perf {
     *
     * @return The value of the environment variable retrieved.
     *
-     * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID, or AZURE_CLIENT_SECRET are not available in the
+     * @note If AZURE_TENANT_ID or AZURE_CLIENT_ID are not available in the
     * environment, the AZURE_SERVICE_DIRECTORY environment variable is used to set those values
     * with the values emitted by the New-TestResources.ps1 script.
     *
--- a/sdk/core/perf/src/base_test.cpp
+++ b/sdk/core/perf/src/base_test.cpp
@ -11,6 +11,8 @@
 #endif
 #include <azure/core/http/policies/policy.hpp>
 #include <azure/core/internal/http/pipeline.hpp>
+#include <azure/identity/azure_pipelines_credential.hpp>
+#include <azure/identity/chained_token_credential.hpp>
 #include <azure/identity/client_secret_credential.hpp>
 #include <azure/identity/default_azure_credential.hpp>

@ -285,7 +287,15 @@ namespace Azure { namespace Perf {
      }
      if (clientSecret.empty())
      {
-        m_testCredential = std::make_shared<Azure::Identity::DefaultAzureCredential>();
+        m_testCredential = std::make_shared<Azure::Identity::ChainedTokenCredential>(
+            Azure::Identity::ChainedTokenCredential::Sources{
+                std ::make_shared<Azure::Identity::AzurePipelinesCredential>(
+                    Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"),
+                    Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"),
+                    Azure::Core::_internal::Environment::GetVariable(
+                        "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"),
+                    Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")),
+                std::make_shared<Azure::Identity::DefaultAzureCredential>()});
      }
      else
      {
--- a/sdk/eventhubs/ci.yml
+++ b/sdk/eventhubs/ci.yml
@ -32,6 +32,7 @@ extends:
      LiveTestTimeoutInMinutes: 120
      LineCoverageTarget: 27
      BranchCoverageTarget: 13
+      UseFederatedAuth: true
      Artifacts:
        - Name: azure-messaging-eventhubs
          Path: azure-messaging-eventhubs
--- a/sdk/identity/azure-identity/samples/CMakeLists.txt
+++ b/sdk/identity/azure-identity/samples/CMakeLists.txt
@ -31,22 +31,22 @@ target_link_libraries(workload_identity_credential_sample PRIVATE azure-identity
 target_include_directories(workload_identity_credential_sample PRIVATE .)
 create_per_service_target_build_for_sample(identity workload_identity_credential_sample)

-add_executable(client_secret_credential_sample client_secret_credential.cpp)
-target_link_libraries(client_secret_credential_sample PRIVATE azure-identity service get-env-helper)
-target_include_directories(client_secret_credential_sample PRIVATE .)
-create_per_service_target_build_for_sample(identity client_secret_credential_sample)
+#add_executable(client_secret_credential_sample client_secret_credential.cpp)
+#target_link_libraries(client_secret_credential_sample PRIVATE azure-identity service get-env-helper)
+#target_include_directories(client_secret_credential_sample PRIVATE .)
+#create_per_service_target_build_for_sample(identity client_secret_credential_sample)

-add_executable(default_azure_credential_sample default_azure_credential.cpp)
-target_link_libraries(default_azure_credential_sample PRIVATE azure-identity service)
-target_include_directories(default_azure_credential_sample PRIVATE .)
-create_per_service_target_build_for_sample(identity default_azure_credential_sample)
+#add_executable(default_azure_credential_sample default_azure_credential.cpp)
+#target_link_libraries(default_azure_credential_sample PRIVATE azure-identity service)
+#target_include_directories(default_azure_credential_sample PRIVATE .)
+#create_per_service_target_build_for_sample(identity default_azure_credential_sample)

-add_executable(environment_credential_sample environment_credential.cpp)
-target_link_libraries(environment_credential_sample PRIVATE azure-identity service)
-target_include_directories(environment_credential_sample PRIVATE .)
-create_per_service_target_build_for_sample(identity environment_credential_sample)
+#add_executable(environment_credential_sample environment_credential.cpp)
+#target_link_libraries(environment_credential_sample PRIVATE azure-identity service)
+#target_include_directories(environment_credential_sample PRIVATE .)
+#create_per_service_target_build_for_sample(identity environment_credential_sample)

-add_executable(managed_identity_credential_sample managed_identity_credential.cpp)
-target_link_libraries(managed_identity_credential_sample PRIVATE azure-identity service)
-target_include_directories(managed_identity_credential_sample PRIVATE .)
-create_per_service_target_build_for_sample(identity managed_identity_credential_sample)
+#add_executable(managed_identity_credential_sample managed_identity_credential.cpp)
+#target_link_libraries(managed_identity_credential_sample PRIVATE azure-identity service)
+#target_include_directories(managed_identity_credential_sample PRIVATE .)
+#create_per_service_target_build_for_sample(identity managed_identity_credential_sample)
--- a/sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt
+++ b/sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt
@ -117,7 +117,7 @@ if (BUILD_PERFORMANCE_TESTS)
   add_subdirectory(test/perf)
 endif()

-if(BUILD_SAMPLES)
+if(BUILD_SAMPLES_DISABLED)
   add_subdirectory(samples)
 endif()

--- a/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt
+++ b/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt
@ -154,7 +154,7 @@ if (BUILD_PERFORMANCE_TESTS)
  add_subdirectory(test/perf)
 endif()

-if(BUILD_SAMPLES)
+if(BUILD_SAMPLES_DISABLED)
  add_subdirectory(samples)
 endif()

--- a/sdk/keyvault/azure-security-keyvault-keys/README.md
+++ b/sdk/keyvault/azure-security-keyvault-keys/README.md
@ -79,11 +79,10 @@ Use the [Azure CLI][azure_cli] snippet below to create/get client secret credent
  ```
  "<your-service-principal-object-id>"
  ```
- Use the returned credentials above to set **AZURE_CLIENT_ID** (appId), **AZURE_CLIENT_SECRET** (password), and **AZURE_TENANT_ID** (tenant) environment variables. The following example shows a way to do this in Powershell:
+- Use the returned credentials above to set **AZURE_CLIENT_ID** (appId) and **AZURE_TENANT_ID** (tenant) environment variables. The following example shows a way to do this in Powershell:

  ```PowerShell
  $Env:AZURE_CLIENT_ID="generated-app-ID"
-  $Env:AZURE_CLIENT_SECRET="random-password"
  $Env:AZURE_TENANT_ID="tenant-ID"
  ```

--- a/sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt
+++ b/sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt
@ -117,7 +117,7 @@ if (BUILD_PERFORMANCE_TESTS)
  add_subdirectory(test/perf)
 endif()

-if(BUILD_SAMPLES)
+if(BUILD_SAMPLES_DISABLED)
  add_subdirectory(samples)
 endif()

--- a/sdk/keyvault/ci.yml
+++ b/sdk/keyvault/ci.yml
@ -32,6 +32,7 @@ extends:
      LiveTestTimeoutInMinutes: 120
      LineCoverageTarget: 81
      BranchCoverageTarget: 42
+      UseFederatedAuth: true
      Artifacts:
        - Name: azure-security-keyvault-keys
          Path: azure-security-keyvault-keys
--- a/sdk/storage/README.md
+++ b/sdk/storage/README.md
@ -36,4 +36,3 @@ additional questions or comments.
 [coc]: https://opensource.microsoft.com/codeofconduct/
 [coc_faq]: https://opensource.microsoft.com/codeofconduct/faq/
 [coc_contact]: mailto:opencode@microsoft.com
- 
--- a/sdk/storage/ci.yml
+++ b/sdk/storage/ci.yml
@ -33,6 +33,7 @@ extends:
      LiveTestCtestRegex: azure-storage
      Clouds: Preview
      SupportedClouds: Preview
+      UseFederatedAuth: false
      Artifacts:
        - Name: azure-storage-common
          Path: azure-storage-common
--- a/sdk/tables/ci.yml
+++ b/sdk/tables/ci.yml
@ -30,6 +30,7 @@ extends:
      CtestRegex: azure-data
      LineCoverageTarget: 77
      BranchCoverageTarget: 42
+      UseFederatedAuth: true
      LiveTestCtestRegex: azure-data
      Clouds: Preview
      SupportedClouds: Preview