From 5b9ea47d6b07342d51f632e02cf8a77e18c05c47 Mon Sep 17 00:00:00 2001
From: Larry Osterman <LarryOsterman@users.noreply.github.com>
Date: Tue, 28 May 2024 10:15:07 -0700
Subject: [PATCH] Disable playback for several attestation tests that use JWTs 
 (#5665)

* Disable playback tests on test that receive a JWT

* Reduced code coverage numbers due to disabled tests.
---
 sdk/attestation/assets.json                   |  2 +-
 .../test/ut/attestation_test.cpp              |  8 ++---
 .../test/ut/policycertmgmt_test.cpp           |  6 ++--
 .../test/ut/policygetset_test.cpp             |  2 +-
 .../test/ut/tpmattestation_test.cpp           | 30 +++++++++++--------
 sdk/attestation/ci.yml                        |  4 +--
 6 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/sdk/attestation/assets.json b/sdk/attestation/assets.json
index aabd9cf1b..79c2ec50a 100644
--- a/sdk/attestation/assets.json
+++ b/sdk/attestation/assets.json
@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "cpp",
   "TagPrefix": "cpp/attestation",
-  "Tag": "cpp/attestation_6398169251"
+  "Tag": "cpp/attestation_f34b6b4684"
 }
diff --git a/sdk/attestation/azure-security-attestation/test/ut/attestation_test.cpp b/sdk/attestation/azure-security-attestation/test/ut/attestation_test.cpp
index 034ecfe3d..ae13bb6fe 100644
--- a/sdk/attestation/azure-security-attestation/test/ut/attestation_test.cpp
+++ b/sdk/attestation/azure-security-attestation/test/ut/attestation_test.cpp
@@ -131,7 +131,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
     }
   };
 
-  TEST_P(AttestationTests, SimpleAttest)
+  TEST_P(AttestationTests, SimpleAttest_LIVEONLY_)
   {
     auto client(CreateClient());
 
@@ -150,7 +150,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
     }
   }
 
-  TEST_P(AttestationTests, AttestWithRuntimeData)
+  TEST_P(AttestationTests, AttestWithRuntimeData_LIVEONLY_)
   {
     // Attestation clients don't need to be authenticated, but they can be.
     auto client(CreateAuthenticatedClient());
@@ -176,7 +176,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
     }
   }
 
-  TEST_P(AttestationTests, AttestWithDraftPolicy)
+  TEST_P(AttestationTests, AttestWithDraftPolicy_LIVEONLY_)
   {
     // Attestation clients don't need to be authenticated, but they can be.
     auto client(CreateAuthenticatedClient());
@@ -254,7 +254,7 @@ issuancerules {
     }
   }
 
-  TEST_P(AttestationTests, AttestWithRuntimeDataJson)
+  TEST_P(AttestationTests, AttestWithRuntimeDataJson_LIVEONLY_)
   {
     auto client(CreateClient());
     auto runtimeData = AttestationCollateral::RunTimeData();
diff --git a/sdk/attestation/azure-security-attestation/test/ut/policycertmgmt_test.cpp b/sdk/attestation/azure-security-attestation/test/ut/policycertmgmt_test.cpp
index 539daaa69..3f22cfb24 100644
--- a/sdk/attestation/azure-security-attestation/test/ut/policycertmgmt_test.cpp
+++ b/sdk/attestation/azure-security-attestation/test/ut/policycertmgmt_test.cpp
@@ -157,15 +157,15 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
   // The GetIsolatedModeManagementCertificates API can be run against all instance types, but it
   // only returns values on isolated instances (an isolated instance is defined to be an attestation
   // service instance with policy management certificates).
-  TEST_F(CertificateTests, GetPolicyManagementCertificatesAad)
+  TEST_F(CertificateTests, GetPolicyManagementCertificatesAad_LIVEONLY_)
   {
     GetIsolatedModeCertificatesTest(ServiceInstanceType::AAD);
   }
-  TEST_F(CertificateTests, GetPolicyManagementCertificatesIsolated)
+  TEST_F(CertificateTests, GetPolicyManagementCertificatesIsolated_LIVEONLY_)
   {
     GetIsolatedModeCertificatesTest(ServiceInstanceType::Isolated);
   }
-  TEST_F(CertificateTests, GetPolicyManagementCertificatesShared)
+  TEST_F(CertificateTests, GetPolicyManagementCertificatesShared_LIVEONLY_)
   {
     GetIsolatedModeCertificatesTest(ServiceInstanceType::Shared);
   }
diff --git a/sdk/attestation/azure-security-attestation/test/ut/policygetset_test.cpp b/sdk/attestation/azure-security-attestation/test/ut/policygetset_test.cpp
index 26b5bdb0a..5cce0354b 100644
--- a/sdk/attestation/azure-security-attestation/test/ut/policygetset_test.cpp
+++ b/sdk/attestation/azure-security-attestation/test/ut/policygetset_test.cpp
@@ -353,7 +353,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
     }
   }; // namespace Test
 
-  TEST_P(PolicyTests, PolicyTests)
+  TEST_P(PolicyTests, PolicyTests_LIVEONLY_)
   {
     switch (GetParam().TestType)
     {
diff --git a/sdk/attestation/azure-security-attestation/test/ut/tpmattestation_test.cpp b/sdk/attestation/azure-security-attestation/test/ut/tpmattestation_test.cpp
index c88d78be2..fbb40baeb 100644
--- a/sdk/attestation/azure-security-attestation/test/ut/tpmattestation_test.cpp
+++ b/sdk/attestation/azure-security-attestation/test/ut/tpmattestation_test.cpp
@@ -41,24 +41,30 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
     {
       Azure::Core::Test::TestBase::SetUpTestBase(AZURE_TEST_RECORDING_DIR);
       {
-        // TPM attestation requires a policy document be set. For simplicity, we only run the
-        // test against an AAD attestation service instance.
-        m_adminClient = std::make_unique<AttestationAdministrationClient>(
-            CreateAdminClient(InstanceType::AAD));
+        if (m_testContext.GetTestMode() != Azure::Core::Test::TestMode::PLAYBACK)
+        {
+          // TPM attestation requires a policy document be set. For simplicity, we only run the
+          // test against an AAD attestation service instance.
+          m_adminClient = std::make_unique<AttestationAdministrationClient>(
+              CreateAdminClient(InstanceType::AAD));
 
-        // Set a minimal policy, which will make the TPM attestation code happy.
-        m_adminClient->SetAttestationPolicy(
-            AttestationType::Tpm,
-            "version=1.0; authorizationrules{=> permit();}; issuancerules{};");
+          // Set a minimal policy, which will make the TPM attestation code happy.
+          m_adminClient->SetAttestationPolicy(
+              AttestationType::Tpm,
+              "version=1.0; authorizationrules{=> permit();}; issuancerules{};");
+        }
       }
     }
 
     virtual void TearDown() override
     {
-      // Reset the attestation policy for this instance back to the default.
-      if (m_adminClient)
+      if (m_testContext.GetTestMode() != Azure::Core::Test::TestMode::PLAYBACK)
       {
-        m_adminClient->ResetAttestationPolicy(AttestationType::Tpm);
+        // Reset the attestation policy for this instance back to the default.
+        if (m_adminClient)
+        {
+          m_adminClient->ResetAttestationPolicy(AttestationType::Tpm);
+        }
       }
 
       // Make sure you call the base classes TearDown method to ensure recordings are made.
@@ -120,7 +126,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test {
     }
   };
 
-  TEST_F(TpmAttestationTests, AttestTpm)
+  TEST_F(TpmAttestationTests, AttestTpm_LIVEONLY_)
   {
     auto client(CreateClient(InstanceType::AAD));
 
diff --git a/sdk/attestation/ci.yml b/sdk/attestation/ci.yml
index fab8d89f1..9be536252 100644
--- a/sdk/attestation/ci.yml
+++ b/sdk/attestation/ci.yml
@@ -30,8 +30,8 @@ extends:
       Location: WestUS
       CtestRegex: azure-security-attestation.*
       LiveTestCtestRegex: azure-security-attestation.*
-      LineCoverageTarget: 89
-      BranchCoverageTarget: 42
+      LineCoverageTarget: 70
+      BranchCoverageTarget: 34
       Artifacts:
         - Name: azure-security-attestation
           Path: azure-security-attestation