From 313fb0e58fee093ecb0a4806c46f1c9af8b493ad Mon Sep 17 00:00:00 2001 From: George Arama <50641385+gearama@users.noreply.github.com> Date: Thu, 11 Jul 2024 17:38:19 -0700 Subject: [PATCH] Move tests to use azure pipeline credentials (#5754) * test1 * hgdfchg * remove the remnants of azure client secret * test KV with federated auth * UseFederatedAuth * fdsa * kv template with managed * try try again * retry permissions * add net acls * blunt force replace the resource json * put back stuff * trey again with new method * attempt * missed something * flip if else * Temporarily use empty sub config file path for preview cloud * remove client secret * try to fix the identity tests * live skip failing tests and return in samples * samples for identity fix * disable failing samples in identity * fix winhttp failing test * comment out code * remove managed identity * restore version from main * revert readme changes * PR comments * test 2 * clang * attempt default creds with pipeline chanined * clangs * identity test and clangs * oops * live * cleanup * reter * test * revert the DAC change * missed one * taking the samples to a farm upstate * PR comments * Fix bad merge --------- Co-authored-by: Daniel Jurek Co-authored-by: Anton Kolesnyk Co-authored-by: Anton Kolesnyk <41349689+antkmsft@users.noreply.github.com> --- eng/pipelines/templates/jobs/live.tests.yml | 52 +++++++++---------- .../templates/stages/archetype-sdk-client.yml | 2 + sdk/attestation/ci.yml | 1 + .../inc/azure/core/test/test_base.hpp | 16 +++++- sdk/core/ci.yml | 1 + sdk/core/perf/inc/azure/perf/base_test.hpp | 2 +- sdk/core/perf/src/base_test.cpp | 12 ++++- sdk/eventhubs/ci.yml | 1 + .../azure-identity/samples/CMakeLists.txt | 32 ++++++------ .../CMakeLists.txt | 2 +- .../CMakeLists.txt | 2 +- .../azure-security-keyvault-keys/README.md | 3 +- .../CMakeLists.txt | 2 +- sdk/keyvault/ci.yml | 1 + sdk/storage/README.md | 1 - sdk/storage/ci.yml | 1 + sdk/tables/ci.yml | 1 + 17 files changed, 80 insertions(+), 52 deletions(-) diff --git a/eng/pipelines/templates/jobs/live.tests.yml b/eng/pipelines/templates/jobs/live.tests.yml index bda375013..dd9000638 100644 --- a/eng/pipelines/templates/jobs/live.tests.yml +++ b/eng/pipelines/templates/jobs/live.tests.yml @@ -244,32 +244,6 @@ jobs: # Will run samples described on a file name [service]-samples.txt within the build directory. # For example keyvault-samples.txt. # The file is written by CMake during configuration when building samples. - - bash: | - IFS=$'\n' - if [[ -f "./${{ parameters.ServiceDirectory }}-samples.txt" ]]; then - for sample in `cat ./${{ parameters.ServiceDirectory }}-samples.txt` - do - export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID) - export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID) - export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET) - echo "**********Running sample: ${sample}" - bash -c "$sample" - status=$? - if [[ $status -eq 0 ]]; then - echo "*********Sample completed*********" - else - echo "*Sample returned a failed code: $status" - exit 1 - fi - done - fi - workingDirectory: build - displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}" - condition: and(succeeded(), eq(variables['RunSamples'], '1')) - env: - ${{ insert }}: ${{ parameters.EnvVars }} - - - ${{ else }}: - task: AzurePowerShell@5 displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}" condition: and(succeeded(), eq(variables['RunSamples'], '1')) @@ -299,6 +273,32 @@ jobs: SYSTEM_ACCESSTOKEN: $(System.AccessToken) ${{ insert }}: ${{ parameters.EnvVars }} + - ${{ else }}: + - bash: | + IFS=$'\n' + if [[ -f "./${{ parameters.ServiceDirectory }}-samples.txt" ]]; then + for sample in `cat ./${{ parameters.ServiceDirectory }}-samples.txt` + do + export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID) + export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID) + export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET) + echo "**********Running sample: ${sample}" + bash -c "$sample" + status=$? + if [[ $status -eq 0 ]]; then + echo "*********Sample completed*********" + else + echo "*Sample returned a failed code: $status" + exit 1 + fi + done + fi + workingDirectory: build + displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}" + condition: and(succeeded(), eq(variables['RunSamples'], '1')) + env: + ${{ insert }}: ${{ parameters.EnvVars }} + # Make coverage targets (specified in coverage_targets.txt) and assemble # coverage report - bash: | diff --git a/eng/pipelines/templates/stages/archetype-sdk-client.yml b/eng/pipelines/templates/stages/archetype-sdk-client.yml index 18679cb08..b33dd34d0 100644 --- a/eng/pipelines/templates/stages/archetype-sdk-client.yml +++ b/eng/pipelines/templates/stages/archetype-sdk-client.yml @@ -62,6 +62,8 @@ parameters: Preview: SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources-preview) ServiceConnection: azure-sdk-tests + # Temporary fix until an eng/common config for Preview can be merged + SubscriptionConfigurationFilePaths: [] Canary: SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources) ServiceConnection: azure-sdk-tests diff --git a/sdk/attestation/ci.yml b/sdk/attestation/ci.yml index 9be536252..2d7e75aaa 100644 --- a/sdk/attestation/ci.yml +++ b/sdk/attestation/ci.yml @@ -32,6 +32,7 @@ extends: LiveTestCtestRegex: azure-security-attestation.* LineCoverageTarget: 70 BranchCoverageTarget: 34 + UseFederatedAuth: true Artifacts: - Name: azure-security-attestation Path: azure-security-attestation diff --git a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp index de9c152fd..5305aba57 100644 --- a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp +++ b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp @@ -15,6 +15,8 @@ #include #include #include +#include +#include #include #include @@ -246,7 +248,17 @@ namespace Azure { namespace Core { namespace Test { } if (clientSecret.empty()) { - m_testCredential = std::make_shared(); + m_testCredential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); } else { @@ -302,7 +314,7 @@ namespace Azure { namespace Core { namespace Test { * * @return The value of the environment variable retrieved. * - * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID, or AZURE_CLIENT_SECRET are not available in the + * @note If AZURE_TENANT_ID or AZURE_CLIENT_ID are not available in the * environment, the AZURE_SERVICE_DIRECTORY environment variable is used to set those values * with the values emitted by the New-TestResources.ps1 script. * diff --git a/sdk/core/ci.yml b/sdk/core/ci.yml index 618999e74..8606dd261 100644 --- a/sdk/core/ci.yml +++ b/sdk/core/ci.yml @@ -53,6 +53,7 @@ extends: LiveTestTimeoutInMinutes: 90 # default is 60 min. We need a little longer on worst case for Win+jsonTests LineCoverageTarget: 88 BranchCoverageTarget: 50 + UseFederatedAuth: true # PreTestSteps: # - pwsh: | # docker build -t squid-local $(Build.SourcesDirectory)/sdk/core/azure-core/test/ut/proxy_tests/localproxy diff --git a/sdk/core/perf/inc/azure/perf/base_test.hpp b/sdk/core/perf/inc/azure/perf/base_test.hpp index cc0c7f5f0..6b2d0ece7 100644 --- a/sdk/core/perf/inc/azure/perf/base_test.hpp +++ b/sdk/core/perf/inc/azure/perf/base_test.hpp @@ -100,7 +100,7 @@ namespace Azure { namespace Perf { * * @return The value of the environment variable retrieved. * - * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID, or AZURE_CLIENT_SECRET are not available in the + * @note If AZURE_TENANT_ID or AZURE_CLIENT_ID are not available in the * environment, the AZURE_SERVICE_DIRECTORY environment variable is used to set those values * with the values emitted by the New-TestResources.ps1 script. * diff --git a/sdk/core/perf/src/base_test.cpp b/sdk/core/perf/src/base_test.cpp index c5ab58301..037071d13 100644 --- a/sdk/core/perf/src/base_test.cpp +++ b/sdk/core/perf/src/base_test.cpp @@ -11,6 +11,8 @@ #endif #include #include +#include +#include #include #include @@ -285,7 +287,15 @@ namespace Azure { namespace Perf { } if (clientSecret.empty()) { - m_testCredential = std::make_shared(); + m_testCredential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); } else { diff --git a/sdk/eventhubs/ci.yml b/sdk/eventhubs/ci.yml index a87a348b3..b6bce4541 100644 --- a/sdk/eventhubs/ci.yml +++ b/sdk/eventhubs/ci.yml @@ -32,6 +32,7 @@ extends: LiveTestTimeoutInMinutes: 120 LineCoverageTarget: 27 BranchCoverageTarget: 13 + UseFederatedAuth: true Artifacts: - Name: azure-messaging-eventhubs Path: azure-messaging-eventhubs diff --git a/sdk/identity/azure-identity/samples/CMakeLists.txt b/sdk/identity/azure-identity/samples/CMakeLists.txt index c314f8ee7..9eec6e9a6 100644 --- a/sdk/identity/azure-identity/samples/CMakeLists.txt +++ b/sdk/identity/azure-identity/samples/CMakeLists.txt @@ -31,22 +31,22 @@ target_link_libraries(workload_identity_credential_sample PRIVATE azure-identity target_include_directories(workload_identity_credential_sample PRIVATE .) create_per_service_target_build_for_sample(identity workload_identity_credential_sample) -add_executable(client_secret_credential_sample client_secret_credential.cpp) -target_link_libraries(client_secret_credential_sample PRIVATE azure-identity service get-env-helper) -target_include_directories(client_secret_credential_sample PRIVATE .) -create_per_service_target_build_for_sample(identity client_secret_credential_sample) +#add_executable(client_secret_credential_sample client_secret_credential.cpp) +#target_link_libraries(client_secret_credential_sample PRIVATE azure-identity service get-env-helper) +#target_include_directories(client_secret_credential_sample PRIVATE .) +#create_per_service_target_build_for_sample(identity client_secret_credential_sample) -add_executable(default_azure_credential_sample default_azure_credential.cpp) -target_link_libraries(default_azure_credential_sample PRIVATE azure-identity service) -target_include_directories(default_azure_credential_sample PRIVATE .) -create_per_service_target_build_for_sample(identity default_azure_credential_sample) +#add_executable(default_azure_credential_sample default_azure_credential.cpp) +#target_link_libraries(default_azure_credential_sample PRIVATE azure-identity service) +#target_include_directories(default_azure_credential_sample PRIVATE .) +#create_per_service_target_build_for_sample(identity default_azure_credential_sample) -add_executable(environment_credential_sample environment_credential.cpp) -target_link_libraries(environment_credential_sample PRIVATE azure-identity service) -target_include_directories(environment_credential_sample PRIVATE .) -create_per_service_target_build_for_sample(identity environment_credential_sample) +#add_executable(environment_credential_sample environment_credential.cpp) +#target_link_libraries(environment_credential_sample PRIVATE azure-identity service) +#target_include_directories(environment_credential_sample PRIVATE .) +#create_per_service_target_build_for_sample(identity environment_credential_sample) -add_executable(managed_identity_credential_sample managed_identity_credential.cpp) -target_link_libraries(managed_identity_credential_sample PRIVATE azure-identity service) -target_include_directories(managed_identity_credential_sample PRIVATE .) -create_per_service_target_build_for_sample(identity managed_identity_credential_sample) +#add_executable(managed_identity_credential_sample managed_identity_credential.cpp) +#target_link_libraries(managed_identity_credential_sample PRIVATE azure-identity service) +#target_include_directories(managed_identity_credential_sample PRIVATE .) +#create_per_service_target_build_for_sample(identity managed_identity_credential_sample) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt index b6883613d..9099e2852 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt +++ b/sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt @@ -117,7 +117,7 @@ if (BUILD_PERFORMANCE_TESTS) add_subdirectory(test/perf) endif() -if(BUILD_SAMPLES) +if(BUILD_SAMPLES_DISABLED) add_subdirectory(samples) endif() diff --git a/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt index 9a18bee07..e15956e35 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt +++ b/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt @@ -154,7 +154,7 @@ if (BUILD_PERFORMANCE_TESTS) add_subdirectory(test/perf) endif() -if(BUILD_SAMPLES) +if(BUILD_SAMPLES_DISABLED) add_subdirectory(samples) endif() diff --git a/sdk/keyvault/azure-security-keyvault-keys/README.md b/sdk/keyvault/azure-security-keyvault-keys/README.md index 9a4344fc0..98c2dd724 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/README.md +++ b/sdk/keyvault/azure-security-keyvault-keys/README.md @@ -79,11 +79,10 @@ Use the [Azure CLI][azure_cli] snippet below to create/get client secret credent ``` "" ``` -- Use the returned credentials above to set **AZURE_CLIENT_ID** (appId), **AZURE_CLIENT_SECRET** (password), and **AZURE_TENANT_ID** (tenant) environment variables. The following example shows a way to do this in Powershell: +- Use the returned credentials above to set **AZURE_CLIENT_ID** (appId) and **AZURE_TENANT_ID** (tenant) environment variables. The following example shows a way to do this in Powershell: ```PowerShell $Env:AZURE_CLIENT_ID="generated-app-ID" - $Env:AZURE_CLIENT_SECRET="random-password" $Env:AZURE_TENANT_ID="tenant-ID" ``` diff --git a/sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt index 56b5e0a89..f6521b342 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt +++ b/sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt @@ -117,7 +117,7 @@ if (BUILD_PERFORMANCE_TESTS) add_subdirectory(test/perf) endif() -if(BUILD_SAMPLES) +if(BUILD_SAMPLES_DISABLED) add_subdirectory(samples) endif() diff --git a/sdk/keyvault/ci.yml b/sdk/keyvault/ci.yml index 9b3a6358d..c491e25ee 100644 --- a/sdk/keyvault/ci.yml +++ b/sdk/keyvault/ci.yml @@ -32,6 +32,7 @@ extends: LiveTestTimeoutInMinutes: 120 LineCoverageTarget: 81 BranchCoverageTarget: 42 + UseFederatedAuth: true Artifacts: - Name: azure-security-keyvault-keys Path: azure-security-keyvault-keys diff --git a/sdk/storage/README.md b/sdk/storage/README.md index f15f3b51c..e98d4ae85 100644 --- a/sdk/storage/README.md +++ b/sdk/storage/README.md @@ -36,4 +36,3 @@ additional questions or comments. [coc]: https://opensource.microsoft.com/codeofconduct/ [coc_faq]: https://opensource.microsoft.com/codeofconduct/faq/ [coc_contact]: mailto:opencode@microsoft.com - \ No newline at end of file diff --git a/sdk/storage/ci.yml b/sdk/storage/ci.yml index ddf0129e7..ca8ba906d 100644 --- a/sdk/storage/ci.yml +++ b/sdk/storage/ci.yml @@ -33,6 +33,7 @@ extends: LiveTestCtestRegex: azure-storage Clouds: Preview SupportedClouds: Preview + UseFederatedAuth: false Artifacts: - Name: azure-storage-common Path: azure-storage-common diff --git a/sdk/tables/ci.yml b/sdk/tables/ci.yml index 350b30e12..eb9e9e09b 100644 --- a/sdk/tables/ci.yml +++ b/sdk/tables/ci.yml @@ -30,6 +30,7 @@ extends: CtestRegex: azure-data LineCoverageTarget: 77 BranchCoverageTarget: 42 + UseFederatedAuth: true LiveTestCtestRegex: azure-data Clouds: Preview SupportedClouds: Preview