Add federated auth support (#5740)

* Add federated auth support * Wire up UseFederatedAuth more and EnvVars * parameters. * Testing * ServiceConnection * ServiceConnection (again) * Remove testApplicaitonSecret * Parameters * exit $LASTEXITCODE * Merge EnvVars correctly, only include SubscriptionConfigurationFilePaths if using federated auth * Review comments * Revert identity changes so tests continue passing
2024-07-01 14:36:07 -07:00 · 2024-07-01 14:36:07 -07:00 · b0aa9bb924
commit b0aa9bb924
parent 88bb72c045
3 changed files with 139 additions and 44 deletions
--- a/eng/pipelines/templates/jobs/live.tests.yml
+++ b/eng/pipelines/templates/jobs/live.tests.yml
@ -42,6 +42,12 @@ parameters:
 - name: OSName
  type: string
  default: ''
+- name: EnvVars
+  type: object
+  default: {}
+- name: UseFederatedAuth
+  type: boolean
+  default: false

 jobs:
 - job:
@ -156,6 +162,9 @@ jobs:
      SubscriptionConfigurations: ${{ parameters.CloudConfig.SubscriptionConfigurations }}
      EnvVars:
        Pool: $(Pool)
+        ${{ insert }}: ${{ parameters.EnvVars }}
+      ${{ if parameters.UseFederatedAuth }}:
+        SubscriptionConfigurationFilePaths: ${{ parameters.CloudConfig.SubscriptionConfigurationFilePaths }}

  - template: /eng/common/TestResources/deploy-test-resources.yml
    parameters:
@ -164,6 +173,9 @@ jobs:
      SubscriptionConfiguration: $(SubscriptionConfiguration)
      EnvVars:
        Pool: $(Pool)
+        ${{ insert }}: ${{ parameters.EnvVars }}
+      UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
+      ServiceConnection: ${{ parameters.CloudConfig.ServiceConnection }}

  - template: /eng/common/testproxy/test-proxy-tool.yml
    parameters:
@ -171,25 +183,46 @@ jobs:

  - ${{ parameters.PreTestSteps }}

-    # For non multi-config generator use the same build configuration to run tests
-    # We don't need to set it to invoke ctest
-    # Visual Studio generator used in CI is a multi-config generator.
-    # As such, it requires the configuration argument for building and invoking ctest
-  - bash: |
-      export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID)
-      export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID)
-      export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET)
+  - ${{ if parameters.UseFederatedAuth }}:
+    - task: AzurePowerShell@5
+      displayName: ctest
+      condition: and(succeeded(), ne(variables['RunSamples'], '1'))
+      inputs:
+        azureSubscription: ${{ parameters.CloudConfig.ServiceConnection }}
+        azurePowerShellVersion: LatestVersion
+        ScriptType: InlineScript
+        Inline: |
+          $account = (Get-AzContext).Account
+          $env:AZURESUBSCRIPTION_CLIENT_ID = $account.Id
+          $env:AZURESUBSCRIPTION_TENANT_ID = $account.Tenants

-      ctest $(WindowsCtestConfig) -V --tests-regex "${{ parameters.CtestRegex }}" --no-compress-output -T Test
-    workingDirectory: build
-    displayName: ctest
-    # Runs only if test-resources are happily deployed.
-    # unit-tests runs for those configs where samples are not ran.
-    # This enables to run tests and samples at the same time as different matrix configuration.
-    # Then unit-tests runs, samples should not run.
-    condition: and(
-      succeeded(),
-      ne(variables['RunSamples'], '1'))
+          ctest $(WindowsCtestConfig) -V --tests-regex "${{ parameters.CtestRegex }}" --no-compress-output -T Test
+          exit $LASTEXITCODE
+        workingDirectory: build
+      env:
+        SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+        ${{ insert }}: ${{ parameters.EnvVars }}
+
+  - ${{ else }}:
+      # For non multi-config generator use the same build configuration to run tests
+      # We don't need to set it to invoke ctest
+      # Visual Studio generator used in CI is a multi-config generator.
+      # As such, it requires the configuration argument for building and invoking ctest
+    - bash: |
+        export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID)
+        export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID)
+        export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET)
+
+        ctest $(WindowsCtestConfig) -V --tests-regex "${{ parameters.CtestRegex }}" --no-compress-output -T Test
+      workingDirectory: build
+      displayName: ctest
+      # Runs only if test-resources are happily deployed.
+      # unit-tests runs for those configs where samples are not ran.
+      # This enables to run tests and samples at the same time as different matrix configuration.
+      # Then unit-tests runs, samples should not run.
+      condition: and(succeeded(), ne(variables['RunSamples'], '1'))
+      env:
+        ${{ insert }}: ${{ parameters.EnvVars }}

  - ${{ parameters.PostTestSteps }}

@ -205,32 +238,66 @@ jobs:
    # this step only makes sense when ctest has run
    condition: and(succeededOrFailed(), ne(variables['RunSamples'], '1'))

-    # Running Samples step.
-    # Will run samples described on a file name [service]-samples.txt within the build directory.
-    # For example keyvault-samples.txt.
-    # The file is written by CMake during configuration when building samples.
-  - bash: |
-      IFS=$'\n'
-      if [[ -f "./${{ parameters.ServiceDirectory }}-samples.txt" ]]; then
-        for sample in `cat ./${{ parameters.ServiceDirectory }}-samples.txt`
-        do
-          export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID)
-          export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID)
-          export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET)
-          echo "**********Running sample: ${sample}"
-          bash -c "$sample"
-          status=$?
-          if [[ $status -eq 0 ]]; then
-            echo "*********Sample completed*********"
-          else
-            echo "*Sample returned a failed code: $status"
-            exit 1
-          fi
-        done
-      fi
-    workingDirectory: build
-    displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}"
-    condition: and(succeeded(), eq(variables['RunSamples'], '1'))
+
+  - ${{ if parameters.UseFederatedAuth }}:
+      # Running Samples step.
+      # Will run samples described on a file name [service]-samples.txt within the build directory.
+      # For example keyvault-samples.txt.
+      # The file is written by CMake during configuration when building samples.
+    - bash: |
+        IFS=$'\n'
+        if [[ -f "./${{ parameters.ServiceDirectory }}-samples.txt" ]]; then
+          for sample in `cat ./${{ parameters.ServiceDirectory }}-samples.txt`
+          do
+            export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID)
+            export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID)
+            export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET)
+            echo "**********Running sample: ${sample}"
+            bash -c "$sample"
+            status=$?
+            if [[ $status -eq 0 ]]; then
+              echo "*********Sample completed*********"
+            else
+              echo "*Sample returned a failed code: $status"
+              exit 1
+            fi
+          done
+        fi
+      workingDirectory: build
+      displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}"
+      condition: and(succeeded(), eq(variables['RunSamples'], '1'))
+      env:
+        ${{ insert }}: ${{ parameters.EnvVars }}
+
+  - ${{ else }}:
+    - task: AzurePowerShell@5
+      displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}"
+      condition: and(succeeded(), eq(variables['RunSamples'], '1'))
+      inputs:
+        azureSubscription: ${{ parameters.CloudConfig.ServiceConnection }}
+        azurePowerShellVersion: LatestVersion
+        ScriptType: InlineScript
+        Inline: |
+          $account = (Get-AzContext).Account
+          $env:AZURESUBSCRIPTION_CLIENT_ID = $account.Id
+          $env:AZURESUBSCRIPTION_TENANT_ID = $account.Tenants
+
+          if (Test-Path -Path "${{ parameters.ServiceDirectory }}-samples.txt") {
+            $samples = Get-Content "${{ parameters.ServiceDirectory }}-samples.txt"
+            foreach ($sample in $samples) {
+              Write-Host "**********Running sample: $sample"
+              & "$sample"
+              if ($LASTEXITCODE) {
+                Write-Host "Sample failed with exit code $LASTEXITCODE"
+                exit 1
+              }
+              Write-Host "**********Sample completed"
+            }
+          }
+        workingDirectory: build
+      env:
+        SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+        ${{ insert }}: ${{ parameters.EnvVars }}

  # Make coverage targets (specified in coverage_targets.txt) and assemble
  # coverage report
@ -252,3 +319,6 @@ jobs:
    parameters:
      ServiceDirectory: ${{ parameters.ServiceDirectory }}
      SubscriptionConfiguration: $(SubscriptionConfiguration)
+      UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
+      EnvVars: ${{ parameters.EnvVars }}
+      ServiceConnection: ${{ parameters.CloudConfig.ServiceConnection }}
--- a/eng/pipelines/templates/stages/archetype-sdk-client.yml
+++ b/eng/pipelines/templates/stages/archetype-sdk-client.yml
@ -56,15 +56,22 @@ parameters:
    default:
      Public:
        SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
+        ServiceConnection: azure-sdk-tests
+        SubscriptionConfigurationFilePaths:
+          - eng/common/TestResources/sub-config/AzurePublicMsft.json
      Preview:
        SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources-preview)
+        ServiceConnection: azure-sdk-tests
      Canary:
        SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
+        ServiceConnection: azure-sdk-tests
        Location: 'eastus2euap'
      UsGov:
        SubscriptionConfiguration: $(sub-config-gov-test-resources)
+        ServiceConnection: usgov_azure-sdk-tests
      China:
        SubscriptionConfiguration: $(sub-config-cn-test-resources)
+        ServiceConnection: china_azure-sdk-tests
  - name: Clouds
    type: string
    default: Public
@ -83,6 +90,12 @@ parameters:
  - name: CMakeGenerationTimeoutInMinutes
    type: number
    default: 120
+  - name: EnvVars
+    type: object
+    default: {}
+  - name: UseFederatedAuth
+    type: boolean
+    default: false

 extends:
  ${{ if eq(variables['System.TeamProject'], 'internal') }}:
@ -190,6 +203,8 @@ extends:
              UnsupportedClouds: ${{ parameters.UnsupportedClouds }}
              PreTestSteps: ${{ parameters.PreTestSteps }}
              PostTestSteps: ${{ parameters.PostTestSteps }}
+              UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
+              EnvVars: ${{ parameters.EnvVars }}

      - ${{ if and(eq(variables['System.TeamProject'], 'internal'), not(endsWith(variables['Build.DefinitionName'], ' - tests'))) }}:
          - template: archetype-cpp-release.yml@self
--- a/eng/pipelines/templates/stages/archetype-sdk-tests.yml
+++ b/eng/pipelines/templates/stages/archetype-sdk-tests.yml
@ -35,6 +35,12 @@ parameters:
 - name: PostTestSteps
  type: stepList
  default: []
+- name: EnvVars
+  type: object
+  default: {}
+- name: UseFederatedAuth
+  type: boolean
+  default: false

 stages:
 - ${{ each cloud in parameters.CloudConfig }}:
@ -58,6 +64,8 @@ stages:
                SubscriptionConfigurations: ${{ cloud.value.SubscriptionConfigurations }}
                Location: ${{ coalesce(parameters.Location, cloud.value.Location) }}
                Cloud: ${{ cloud.key }}
+                SubscriptionConfigurationFilePaths: ${{ cloud.value.SubscriptionConfigurationFilePaths }}
+                ServiceConnection: ${{ cloud.value.ServiceConnection }}
              AdditionalParameters:
                Location: ${{ parameters.Location}}
                ServiceDirectory: ${{ parameters.ServiceDirectory}}
@ -67,3 +75,5 @@ stages:
                TimeoutInMinutes: ${{ parameters.TimeoutInMinutes}}
                PreTestSteps: ${{ parameters.PreTestSteps }}
                PostTestSteps: ${{ parameters.PostTestSteps }}
+                EnvVars: ${{ parameters.EnvVars }}
+                UseFederatedAuth: ${{ parameters.UseFederatedAuth }}