HSM Tests to run from recordings only (#5463)

* mroe quotes * dssf * qweqeqw * record only * remove HSM from live platform * clangs * weqw * spellcheck * oopsie daisy * trigger storage * undo changes * part 2 * update tests * ffds * gfdg * fgdgd * skip tests * clangs
2024-03-25 15:35:56 -07:00 · 2024-03-25 15:35:56 -07:00 · 7cf80b5cf7
commit 7cf80b5cf7
parent 6a7540e7e0
5 changed files with 113 additions and 82 deletions
--- a/eng/pipelines/templates/stages/platform-matrix-live.json
+++ b/eng/pipelines/templates/stages/platform-matrix-live.json
@ -99,15 +99,6 @@
          "CmakeArgs": " -DBUILD_TRANSPORT_CURL=ON -DBUILD_TESTING=ON -DRUN_LONG_UNIT_TESTS=ON -DBUILD_PERFORMANCE_TESTS=ON -DMSVC_USE_STATIC_CRT=ON -DDISABLE_PROXY_TESTS=ON ",
          "BuildArgs": "-v --parallel 8"
        },
-        "HSM_x64_with_unit_test_libcurl": {
-          "VCPKG_DEFAULT_TRIPLET": "x64-windows-static",
-          "CMAKE_GENERATOR_PLATFORM": "x64",
-          "CmakeArgs": " -DBUILD_TRANSPORT_CURL=ON -DBUILD_TESTING=ON -DRUN_LONG_UNIT_TESTS=ON -DBUILD_PERFORMANCE_TESTS=ON -DMSVC_USE_STATIC_CRT=ON -DDISABLE_PROXY_TESTS=ON ",
-          "BuildArgs": "-v --parallel 8 --config Release",
-          "WindowsCtestConfig": "-C Release",
-          "KVLocation": "eastus2",
-          "EnableHSM": 1
-        },
        "x64_with_unit_samples_libcurl": {
          "VcpkgInstall": "curl[winssl] openssl",
          "VCPKG_DEFAULT_TRIPLET": "x64-windows-static",
@ -171,15 +162,6 @@
          "RunSamples": 1,
          "WindowsCtestConfig": "-C Release"
        },
-        "HSM_Win_x64_with_unit_test_libcurl": {
-          "VCPKG_DEFAULT_TRIPLET": "x64-windows-static",
-          "CMAKE_GENERATOR_PLATFORM": "x64",
-          "CmakeArgs": " -DBUILD_TRANSPORT_CURL=ON -DBUILD_TESTING=ON -DRUN_LONG_UNIT_TESTS=ON -DBUILD_PERFORMANCE_TESTS=ON -DMSVC_USE_STATIC_CRT=ON ",
-          "BuildArgs": "-v --parallel 8 --config Release",
-          "WindowsCtestConfig": "-C Release",
-          "KVLocation": "eastus2",
-          "EnableHSM": 1
-        },
        "x64_with_unit_samples_libcurl": {
          "VcpkgInstall": "curl[winssl] openssl",
          "VCPKG_DEFAULT_TRIPLET": "x64-windows-static",
--- a/sdk/keyvault/assets.json
+++ b/sdk/keyvault/assets.json
@ -2,5 +2,5 @@
  "AssetsRepo": "Azure/azure-sdk-assets",
  "AssetsRepoPrefixPath": "cpp",
  "TagPrefix": "cpp/keyvault",
-  "Tag": "cpp/keyvault_c86efa6555"
+  "Tag": "cpp/keyvault_6f97962887"
 }
--- a/sdk/keyvault/azure-security-keyvault-administration/test/ut/settings_client_test.cpp
+++ b/sdk/keyvault/azure-security-keyvault-administration/test/ut/settings_client_test.cpp
@ -20,14 +20,14 @@ using namespace Azure::Security::KeyVault::Administration::Test;

 using namespace std::chrono_literals;

-TEST_F(SettingsClientTest, GetSettings)
+TEST_F(SettingsClientTest, GetSettings_RECORDEDONLY_)
 {
-  auto testName = ::testing::UnitTest::GetInstance()->current_test_info()->name();
-  EXPECT_EQ(testName, testName);
-  CreateHSMClientForTest();
  if (m_keyVaultHsmUrl != m_keyVaultUrl)
  {
-    // create certificate method contains all the checks
+    auto testName = "GetSettings";
+    EXPECT_EQ(testName, testName);
+    CreateHSMClientForTest();
+
    auto const& client = GetClientForTest(testName);
    auto result = client.GetSettings();
    EXPECT_EQ(result.Value.Value.size(), 1);
@ -35,29 +35,36 @@ TEST_F(SettingsClientTest, GetSettings)
    EXPECT_EQ(setting.Name, "AllowKeyManagementOperationsThroughARM");
    EXPECT_EQ(setting.Value, "false");
  }
+  else
+  {
+    SkipTest();
+  }
 }

-TEST_F(SettingsClientTest, GetSetting)
+TEST_F(SettingsClientTest, GetSetting_RECORDEDONLY_)
 {
-  auto testName = ::testing::UnitTest::GetInstance()->current_test_info()->name();
-  CreateHSMClientForTest();
-  // create certificate method contains all the checks
  if (m_keyVaultHsmUrl != m_keyVaultUrl)
  {
+    auto testName = "GetSetting";
+    CreateHSMClientForTest();
    auto const& client = GetClientForTest(testName);
    auto result = client.GetSetting("AllowKeyManagementOperationsThroughARM");
    EXPECT_EQ(result.Value.Name, "AllowKeyManagementOperationsThroughARM");
    EXPECT_EQ(result.Value.Value, "false");
  }
+  else
+  {
+    SkipTest();
+  }
 }

-TEST_F(SettingsClientTest, UpdateSetting)
+TEST_F(SettingsClientTest, UpdateSetting_RECORDEDONLY_)
 {
-  auto testName = ::testing::UnitTest::GetInstance()->current_test_info()->name();
-  CreateHSMClientForTest();
  if (m_keyVaultHsmUrl != m_keyVaultUrl)
  {
-    // create certificate method contains all the checks
+    auto testName = "UpdateSetting";
+    CreateHSMClientForTest();
+
    auto const& client = GetClientForTest(testName);
    {
      std::string value = "false";
@ -82,4 +89,8 @@ TEST_F(SettingsClientTest, UpdateSetting)
      EXPECT_EQ(result.Value.Value, "false");
    }
  }
+  else
+  {
+    SkipTest();
+  }
 }
--- a/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.cpp
+++ b/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.cpp
@ -12,69 +12,104 @@ using namespace Azure::Security::KeyVault::Keys::Test;

 // No tests for octKey since the server does not support it.
 // FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL
-TEST_F(KeyVaultKeyHSMClient, CreateEcHsmKey)
+TEST_F(KeyVaultKeyHSMClient, CreateEcHsmKey_RECORDEDONLY_)
 {
-  auto const keyName = GetTestName();
-  // This client requires an HSM client
-  CreateHsmClient();
-  auto const& client = GetClientForTest(keyName);
-
+  if (m_keyVaultHsmUrl != m_keyVaultUrl)
  {
-    auto ecHsmKey = Azure::Security::KeyVault::Keys::CreateEcKeyOptions(keyName, true);
-    ecHsmKey.Enabled = true;
-    ecHsmKey.KeyOperations = {KeyOperation::Sign};
-    auto keyResponse = client.CreateEcKey(ecHsmKey);
-    CheckValidResponse(keyResponse);
-    auto keyVaultKey = keyResponse.Value;
-    EXPECT_EQ(keyVaultKey.Name(), keyName);
-    EXPECT_TRUE(keyVaultKey.Properties.HsmPlatform.HasValue());
-    EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value());
+    auto const baseKeyName = "CreateEcHsmKey";
+    // This client requires an HSM client
+    CreateHsmClient();
+    auto const& client = GetClientForTest(baseKeyName);
+    for (const auto& op :
+         {KeyOperation::Decrypt,
+          KeyOperation::Encrypt,
+          KeyOperation::Export,
+          KeyOperation::Import,
+          KeyOperation::Sign,
+          KeyOperation::UnwrapKey,
+          KeyOperation::Verify,
+          KeyOperation::WrapKey})
+    {
+      auto keyName = baseKeyName + op.ToString();
+      {
+        auto ecHsmKey = Azure::Security::KeyVault::Keys::CreateEcKeyOptions(keyName, true);
+        ecHsmKey.Enabled = true;
+        ecHsmKey.KeyOperations = {KeyOperation::Sign};
+        auto keyResponse = client.CreateEcKey(ecHsmKey);
+        CheckValidResponse(keyResponse);
+        auto keyVaultKey = keyResponse.Value;
+        EXPECT_EQ(keyVaultKey.Name(), keyName);
+        EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value());
+      }
+      {
+        // Now get the key
+        auto keyResponse = client.GetKey(keyName);
+        CheckValidResponse(keyResponse);
+        auto keyVaultKey = keyResponse.Value;
+        EXPECT_EQ(keyVaultKey.Name(), keyName);
+        EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue());
+        EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value());
+      }
+    }
  }
+  else
  {
-    // Now get the key
-    auto keyResponse = client.GetKey(keyName);
-    CheckValidResponse(keyResponse);
-    auto keyVaultKey = keyResponse.Value;
-    EXPECT_EQ(keyVaultKey.Name(), keyName);
-    EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue());
-    EXPECT_TRUE(keyVaultKey.Properties.HsmPlatform.HasValue());
-    EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value());
+    SkipTest();
  }
 }
+
 // FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL
-TEST_F(KeyVaultKeyHSMClient, CreateRsaHsmKey)
+TEST_F(KeyVaultKeyHSMClient, CreateRsaHsmKey_RECORDEDONLY_)
 {
-  auto const keyName = GetTestName();
-  // This client requires an HSM client
-  CreateHsmClient();
-  auto const& client = GetClientForTest(keyName);
+  if (m_keyVaultHsmUrl != m_keyVaultUrl)
  {
-    auto rsaHsmKey = Azure::Security::KeyVault::Keys::CreateRsaKeyOptions(keyName, true);
-    rsaHsmKey.Enabled = true;
-    rsaHsmKey.KeyOperations = {KeyOperation::Sign};
-    auto keyResponse = client.CreateRsaKey(rsaHsmKey);
-    CheckValidResponse(keyResponse);
-    auto keyVaultKey = keyResponse.Value;
-    EXPECT_EQ(keyVaultKey.Name(), keyName);
-    EXPECT_TRUE(keyVaultKey.Properties.HsmPlatform.HasValue());
+    auto const baseKeyName = "CreateRsaHsmKey";
+    // This client requires an HSM client
+    CreateHsmClient();
+    auto const& client = GetClientForTest(baseKeyName);
+    for (const auto& op :
+         {KeyOperation::Decrypt,
+          KeyOperation::Encrypt,
+          KeyOperation::Export,
+          KeyOperation::Import,
+          KeyOperation::Sign,
+          KeyOperation::UnwrapKey,
+          KeyOperation::Verify,
+          KeyOperation::WrapKey})
+    {
+      auto keyName = baseKeyName + op.ToString();
+      {
+        auto rsaHsmKey = Azure::Security::KeyVault::Keys::CreateRsaKeyOptions(keyName, true);
+        rsaHsmKey.Enabled = true;
+        rsaHsmKey.KeyOperations = {KeyOperation::Sign};
+        auto keyResponse = client.CreateRsaKey(rsaHsmKey);
+        CheckValidResponse(keyResponse);
+        auto keyVaultKey = keyResponse.Value;
+        EXPECT_EQ(keyVaultKey.Name(), keyName);
+      }
+      {
+        // Now get the key
+        auto keyResponse = client.GetKey(keyName);
+        CheckValidResponse(keyResponse);
+        auto keyVaultKey = keyResponse.Value;
+        EXPECT_EQ(keyVaultKey.Name(), keyName);
+        EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue());
+        EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value());
+      }
+    }
  }
+  else
  {
-    // Now get the key
-    auto keyResponse = client.GetKey(keyName);
-    CheckValidResponse(keyResponse);
-    auto keyVaultKey = keyResponse.Value;
-    EXPECT_EQ(keyVaultKey.Name(), keyName);
-    EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue());
-    EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value());
-    EXPECT_TRUE(keyVaultKey.Properties.HsmPlatform.HasValue());
+    SkipTest();
  }
 }

-TEST_F(KeyVaultKeyHSMClient, GetRandomBytes)
+// FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL
+TEST_F(KeyVaultKeyHSMClient, GetRandomBytes_RECORDEDONLY_)
 {
-  if (m_keyVaultUrl.compare(m_keyVaultHsmUrl) != 0)
+  if (m_keyVaultHsmUrl != m_keyVaultUrl)
  {
-    auto const keyName = GetTestName();
+    auto const keyName = "GetRandomBytes";
    CreateHsmClient();
    auto const& client = GetClientForTest(keyName);
    GetRandomBytesOptions options;
@ -82,5 +117,8 @@ TEST_F(KeyVaultKeyHSMClient, GetRandomBytes)
    auto result = client.GetRandomBytes(options);
    EXPECT_EQ(result.Value.RandomBytes.size(), size_t(options.Count));
  }
-  EXPECT_TRUE(true);
-}
+  else
+  {
+    SkipTest();
+  }
+}
--- a/sdk/keyvault/ci.yml
+++ b/sdk/keyvault/ci.yml
@ -62,7 +62,7 @@ extends:
        - Name: AZURE_KEYVAULT_URL
          Value: "https://non-real-account.vault.azure.net"
        - Name: AZURE_KEYVAULT_HSM_URL
-          Value: "https://non-real-account.vault.azure.net"
+          Value: "https://non-real-account.managedhsm.azure.net/"
        # Tenant ID should use the uniqueID format for playback recordings
        - Name: AZURE_TENANT_ID
          Value: "33333333-3333-3333-3333-333333333333"