From 7cf80b5cf73730303d50d16768d7a5b25b01f73b Mon Sep 17 00:00:00 2001 From: George Arama <50641385+gearama@users.noreply.github.com> Date: Mon, 25 Mar 2024 15:35:56 -0700 Subject: [PATCH] HSM Tests to run from recordings only (#5463) * mroe quotes * dssf * qweqeqw * record only * remove HSM from live platform * clangs * weqw * spellcheck * oopsie daisy * trigger storage * undo changes * part 2 * update tests * ffds * gfdg * fgdgd * skip tests * clangs --- .../stages/platform-matrix-live.json | 18 --- sdk/keyvault/assets.json | 2 +- .../test/ut/settings_client_test.cpp | 37 +++-- .../test/ut-hsm/key_client_test_hsm_live.cpp | 136 +++++++++++------- sdk/keyvault/ci.yml | 2 +- 5 files changed, 113 insertions(+), 82 deletions(-) diff --git a/eng/pipelines/templates/stages/platform-matrix-live.json b/eng/pipelines/templates/stages/platform-matrix-live.json index 125443d4d..185a96270 100644 --- a/eng/pipelines/templates/stages/platform-matrix-live.json +++ b/eng/pipelines/templates/stages/platform-matrix-live.json @@ -99,15 +99,6 @@ "CmakeArgs": " -DBUILD_TRANSPORT_CURL=ON -DBUILD_TESTING=ON -DRUN_LONG_UNIT_TESTS=ON -DBUILD_PERFORMANCE_TESTS=ON -DMSVC_USE_STATIC_CRT=ON -DDISABLE_PROXY_TESTS=ON ", "BuildArgs": "-v --parallel 8" }, - "HSM_x64_with_unit_test_libcurl": { - "VCPKG_DEFAULT_TRIPLET": "x64-windows-static", - "CMAKE_GENERATOR_PLATFORM": "x64", - "CmakeArgs": " -DBUILD_TRANSPORT_CURL=ON -DBUILD_TESTING=ON -DRUN_LONG_UNIT_TESTS=ON -DBUILD_PERFORMANCE_TESTS=ON -DMSVC_USE_STATIC_CRT=ON -DDISABLE_PROXY_TESTS=ON ", - "BuildArgs": "-v --parallel 8 --config Release", - "WindowsCtestConfig": "-C Release", - "KVLocation": "eastus2", - "EnableHSM": 1 - }, "x64_with_unit_samples_libcurl": { "VcpkgInstall": "curl[winssl] openssl", "VCPKG_DEFAULT_TRIPLET": "x64-windows-static", @@ -171,15 +162,6 @@ "RunSamples": 1, "WindowsCtestConfig": "-C Release" }, - "HSM_Win_x64_with_unit_test_libcurl": { - "VCPKG_DEFAULT_TRIPLET": "x64-windows-static", - "CMAKE_GENERATOR_PLATFORM": "x64", - "CmakeArgs": " -DBUILD_TRANSPORT_CURL=ON -DBUILD_TESTING=ON -DRUN_LONG_UNIT_TESTS=ON -DBUILD_PERFORMANCE_TESTS=ON -DMSVC_USE_STATIC_CRT=ON ", - "BuildArgs": "-v --parallel 8 --config Release", - "WindowsCtestConfig": "-C Release", - "KVLocation": "eastus2", - "EnableHSM": 1 - }, "x64_with_unit_samples_libcurl": { "VcpkgInstall": "curl[winssl] openssl", "VCPKG_DEFAULT_TRIPLET": "x64-windows-static", diff --git a/sdk/keyvault/assets.json b/sdk/keyvault/assets.json index 0485f1171..96131edd3 100644 --- a/sdk/keyvault/assets.json +++ b/sdk/keyvault/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "cpp", "TagPrefix": "cpp/keyvault", - "Tag": "cpp/keyvault_c86efa6555" + "Tag": "cpp/keyvault_6f97962887" } diff --git a/sdk/keyvault/azure-security-keyvault-administration/test/ut/settings_client_test.cpp b/sdk/keyvault/azure-security-keyvault-administration/test/ut/settings_client_test.cpp index 1f57da7c5..7844a1839 100644 --- a/sdk/keyvault/azure-security-keyvault-administration/test/ut/settings_client_test.cpp +++ b/sdk/keyvault/azure-security-keyvault-administration/test/ut/settings_client_test.cpp @@ -20,14 +20,14 @@ using namespace Azure::Security::KeyVault::Administration::Test; using namespace std::chrono_literals; -TEST_F(SettingsClientTest, GetSettings) +TEST_F(SettingsClientTest, GetSettings_RECORDEDONLY_) { - auto testName = ::testing::UnitTest::GetInstance()->current_test_info()->name(); - EXPECT_EQ(testName, testName); - CreateHSMClientForTest(); if (m_keyVaultHsmUrl != m_keyVaultUrl) { - // create certificate method contains all the checks + auto testName = "GetSettings"; + EXPECT_EQ(testName, testName); + CreateHSMClientForTest(); + auto const& client = GetClientForTest(testName); auto result = client.GetSettings(); EXPECT_EQ(result.Value.Value.size(), 1); @@ -35,29 +35,36 @@ TEST_F(SettingsClientTest, GetSettings) EXPECT_EQ(setting.Name, "AllowKeyManagementOperationsThroughARM"); EXPECT_EQ(setting.Value, "false"); } + else + { + SkipTest(); + } } -TEST_F(SettingsClientTest, GetSetting) +TEST_F(SettingsClientTest, GetSetting_RECORDEDONLY_) { - auto testName = ::testing::UnitTest::GetInstance()->current_test_info()->name(); - CreateHSMClientForTest(); - // create certificate method contains all the checks if (m_keyVaultHsmUrl != m_keyVaultUrl) { + auto testName = "GetSetting"; + CreateHSMClientForTest(); auto const& client = GetClientForTest(testName); auto result = client.GetSetting("AllowKeyManagementOperationsThroughARM"); EXPECT_EQ(result.Value.Name, "AllowKeyManagementOperationsThroughARM"); EXPECT_EQ(result.Value.Value, "false"); } + else + { + SkipTest(); + } } -TEST_F(SettingsClientTest, UpdateSetting) +TEST_F(SettingsClientTest, UpdateSetting_RECORDEDONLY_) { - auto testName = ::testing::UnitTest::GetInstance()->current_test_info()->name(); - CreateHSMClientForTest(); if (m_keyVaultHsmUrl != m_keyVaultUrl) { - // create certificate method contains all the checks + auto testName = "UpdateSetting"; + CreateHSMClientForTest(); + auto const& client = GetClientForTest(testName); { std::string value = "false"; @@ -82,4 +89,8 @@ TEST_F(SettingsClientTest, UpdateSetting) EXPECT_EQ(result.Value.Value, "false"); } } + else + { + SkipTest(); + } } diff --git a/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.cpp b/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.cpp index 5acfdf930..cbb9b858f 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.cpp @@ -12,69 +12,104 @@ using namespace Azure::Security::KeyVault::Keys::Test; // No tests for octKey since the server does not support it. // FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL -TEST_F(KeyVaultKeyHSMClient, CreateEcHsmKey) +TEST_F(KeyVaultKeyHSMClient, CreateEcHsmKey_RECORDEDONLY_) { - auto const keyName = GetTestName(); - // This client requires an HSM client - CreateHsmClient(); - auto const& client = GetClientForTest(keyName); - + if (m_keyVaultHsmUrl != m_keyVaultUrl) { - auto ecHsmKey = Azure::Security::KeyVault::Keys::CreateEcKeyOptions(keyName, true); - ecHsmKey.Enabled = true; - ecHsmKey.KeyOperations = {KeyOperation::Sign}; - auto keyResponse = client.CreateEcKey(ecHsmKey); - CheckValidResponse(keyResponse); - auto keyVaultKey = keyResponse.Value; - EXPECT_EQ(keyVaultKey.Name(), keyName); - EXPECT_TRUE(keyVaultKey.Properties.HsmPlatform.HasValue()); - EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value()); + auto const baseKeyName = "CreateEcHsmKey"; + // This client requires an HSM client + CreateHsmClient(); + auto const& client = GetClientForTest(baseKeyName); + for (const auto& op : + {KeyOperation::Decrypt, + KeyOperation::Encrypt, + KeyOperation::Export, + KeyOperation::Import, + KeyOperation::Sign, + KeyOperation::UnwrapKey, + KeyOperation::Verify, + KeyOperation::WrapKey}) + { + auto keyName = baseKeyName + op.ToString(); + { + auto ecHsmKey = Azure::Security::KeyVault::Keys::CreateEcKeyOptions(keyName, true); + ecHsmKey.Enabled = true; + ecHsmKey.KeyOperations = {KeyOperation::Sign}; + auto keyResponse = client.CreateEcKey(ecHsmKey); + CheckValidResponse(keyResponse); + auto keyVaultKey = keyResponse.Value; + EXPECT_EQ(keyVaultKey.Name(), keyName); + EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value()); + } + { + // Now get the key + auto keyResponse = client.GetKey(keyName); + CheckValidResponse(keyResponse); + auto keyVaultKey = keyResponse.Value; + EXPECT_EQ(keyVaultKey.Name(), keyName); + EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue()); + EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value()); + } + } } + else { - // Now get the key - auto keyResponse = client.GetKey(keyName); - CheckValidResponse(keyResponse); - auto keyVaultKey = keyResponse.Value; - EXPECT_EQ(keyVaultKey.Name(), keyName); - EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue()); - EXPECT_TRUE(keyVaultKey.Properties.HsmPlatform.HasValue()); - EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value()); + SkipTest(); } } + // FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL -TEST_F(KeyVaultKeyHSMClient, CreateRsaHsmKey) +TEST_F(KeyVaultKeyHSMClient, CreateRsaHsmKey_RECORDEDONLY_) { - auto const keyName = GetTestName(); - // This client requires an HSM client - CreateHsmClient(); - auto const& client = GetClientForTest(keyName); + if (m_keyVaultHsmUrl != m_keyVaultUrl) { - auto rsaHsmKey = Azure::Security::KeyVault::Keys::CreateRsaKeyOptions(keyName, true); - rsaHsmKey.Enabled = true; - rsaHsmKey.KeyOperations = {KeyOperation::Sign}; - auto keyResponse = client.CreateRsaKey(rsaHsmKey); - CheckValidResponse(keyResponse); - auto keyVaultKey = keyResponse.Value; - EXPECT_EQ(keyVaultKey.Name(), keyName); - EXPECT_TRUE(keyVaultKey.Properties.HsmPlatform.HasValue()); + auto const baseKeyName = "CreateRsaHsmKey"; + // This client requires an HSM client + CreateHsmClient(); + auto const& client = GetClientForTest(baseKeyName); + for (const auto& op : + {KeyOperation::Decrypt, + KeyOperation::Encrypt, + KeyOperation::Export, + KeyOperation::Import, + KeyOperation::Sign, + KeyOperation::UnwrapKey, + KeyOperation::Verify, + KeyOperation::WrapKey}) + { + auto keyName = baseKeyName + op.ToString(); + { + auto rsaHsmKey = Azure::Security::KeyVault::Keys::CreateRsaKeyOptions(keyName, true); + rsaHsmKey.Enabled = true; + rsaHsmKey.KeyOperations = {KeyOperation::Sign}; + auto keyResponse = client.CreateRsaKey(rsaHsmKey); + CheckValidResponse(keyResponse); + auto keyVaultKey = keyResponse.Value; + EXPECT_EQ(keyVaultKey.Name(), keyName); + } + { + // Now get the key + auto keyResponse = client.GetKey(keyName); + CheckValidResponse(keyResponse); + auto keyVaultKey = keyResponse.Value; + EXPECT_EQ(keyVaultKey.Name(), keyName); + EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue()); + EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value()); + } + } } + else { - // Now get the key - auto keyResponse = client.GetKey(keyName); - CheckValidResponse(keyResponse); - auto keyVaultKey = keyResponse.Value; - EXPECT_EQ(keyVaultKey.Name(), keyName); - EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue()); - EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value()); - EXPECT_TRUE(keyVaultKey.Properties.HsmPlatform.HasValue()); + SkipTest(); } } -TEST_F(KeyVaultKeyHSMClient, GetRandomBytes) +// FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL +TEST_F(KeyVaultKeyHSMClient, GetRandomBytes_RECORDEDONLY_) { - if (m_keyVaultUrl.compare(m_keyVaultHsmUrl) != 0) + if (m_keyVaultHsmUrl != m_keyVaultUrl) { - auto const keyName = GetTestName(); + auto const keyName = "GetRandomBytes"; CreateHsmClient(); auto const& client = GetClientForTest(keyName); GetRandomBytesOptions options; @@ -82,5 +117,8 @@ TEST_F(KeyVaultKeyHSMClient, GetRandomBytes) auto result = client.GetRandomBytes(options); EXPECT_EQ(result.Value.RandomBytes.size(), size_t(options.Count)); } - EXPECT_TRUE(true); -} \ No newline at end of file + else + { + SkipTest(); + } +} diff --git a/sdk/keyvault/ci.yml b/sdk/keyvault/ci.yml index 7f0388918..eb4040fab 100644 --- a/sdk/keyvault/ci.yml +++ b/sdk/keyvault/ci.yml @@ -62,7 +62,7 @@ extends: - Name: AZURE_KEYVAULT_URL Value: "https://non-real-account.vault.azure.net" - Name: AZURE_KEYVAULT_HSM_URL - Value: "https://non-real-account.vault.azure.net" + Value: "https://non-real-account.managedhsm.azure.net/" # Tenant ID should use the uniqueID format for playback recordings - Name: AZURE_TENANT_ID Value: "33333333-3333-3333-3333-333333333333"