Move tests to use azure pipeline credentials (#5754)

* test1 * hgdfchg * remove the remnants of azure client secret * test KV with federated auth * UseFederatedAuth * fdsa * kv template with managed * try try again * retry permissions * add net acls * blunt force replace the resource json * put back stuff * trey again with new method * attempt * missed something * flip if else * Temporarily use empty sub config file path for preview cloud * remove client secret * try to fix the identity tests * live skip failing tests and return in samples * samples for identity fix * disable failing samples in identity * fix winhttp failing test * comment out code * remove managed identity * restore version from main * revert readme changes * PR comments * test 2 * clang * attempt default creds with pipeline chanined * clangs * identity test and clangs * oops * live * cleanup * reter * test * revert the DAC change * missed one * taking the samples to a farm upstate * PR comments * Fix bad merge --------- Co-authored-by: Daniel Jurek <[email protected]> Co-authored-by: Anton Kolesnyk <[email protected]> Co-authored-by: Anton Kolesnyk <[email protected]>
Azure · Jul 12, 2024 · 313fb0e · 313fb0e
1 parent aadeca2
commit 313fb0e
Show file tree

Hide file tree

Showing 17 changed files with 83 additions and 55 deletions.
diff --git a/eng/pipelines/templates/jobs/live.tests.yml b/eng/pipelines/templates/jobs/live.tests.yml
@@ -244,32 +244,6 @@ jobs:
       # Will run samples described on a file name [service]-samples.txt within the build directory.
       # For example keyvault-samples.txt.
       # The file is written by CMake during configuration when building samples.
-    - bash: |
-        IFS=$'\n'
-        if [[ -f "./${{ parameters.ServiceDirectory }}-samples.txt" ]]; then
-          for sample in `cat ./${{ parameters.ServiceDirectory }}-samples.txt`
-          do
-            export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID)
-            export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID)
-            export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET)
-            echo "**********Running sample: ${sample}"
-            bash -c "$sample"
-            status=$?
-            if [[ $status -eq 0 ]]; then
-              echo "*********Sample completed*********"
-            else
-              echo "*Sample returned a failed code: $status"
-              exit 1
-            fi
-          done
-        fi
-      workingDirectory: build
-      displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}"
-      condition: and(succeeded(), eq(variables['RunSamples'], '1'))
-      env:
-        ${{ insert }}: ${{ parameters.EnvVars }}
-
-  - ${{ else }}:
     - task: AzurePowerShell@5
       displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}"
       condition: and(succeeded(), eq(variables['RunSamples'], '1'))
@@ -299,6 +273,32 @@ jobs:
         SYSTEM_ACCESSTOKEN: $(System.AccessToken)
         ${{ insert }}: ${{ parameters.EnvVars }}
 
+  - ${{ else }}:
+    - bash: |
+        IFS=$'\n'
+        if [[ -f "./${{ parameters.ServiceDirectory }}-samples.txt" ]]; then
+          for sample in `cat ./${{ parameters.ServiceDirectory }}-samples.txt`
+          do
+            export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID)
+            export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID)
+            export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET)
+            echo "**********Running sample: ${sample}"
+            bash -c "$sample"
+            status=$?
+            if [[ $status -eq 0 ]]; then
+              echo "*********Sample completed*********"
+            else
+              echo "*Sample returned a failed code: $status"
+              exit 1
+            fi
+          done
+        fi
+      workingDirectory: build
+      displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}"
+      condition: and(succeeded(), eq(variables['RunSamples'], '1'))
+      env:
+        ${{ insert }}: ${{ parameters.EnvVars }}      
+
   # Make coverage targets (specified in coverage_targets.txt) and assemble
   # coverage report
   - bash: |

diff --git a/eng/pipelines/templates/stages/archetype-sdk-client.yml b/eng/pipelines/templates/stages/archetype-sdk-client.yml
@@ -62,6 +62,8 @@ parameters:
       Preview:
         SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources-preview)
         ServiceConnection: azure-sdk-tests
+        # Temporary fix until an eng/common config for Preview can be merged
+        SubscriptionConfigurationFilePaths: []
       Canary:
         SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
         ServiceConnection: azure-sdk-tests

diff --git a/sdk/attestation/ci.yml b/sdk/attestation/ci.yml
@@ -32,6 +32,7 @@ extends:
       LiveTestCtestRegex: azure-security-attestation.*
       LineCoverageTarget: 70
       BranchCoverageTarget: 34
+      UseFederatedAuth: true
       Artifacts:
         - Name: azure-security-attestation
           Path: azure-security-attestation

diff --git a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp
@@ -15,6 +15,8 @@
 #include <azure/core/internal/client_options.hpp>
 #include <azure/core/internal/diagnostics/log.hpp>
 #include <azure/core/internal/environment.hpp>
+#include <azure/identity/azure_pipelines_credential.hpp>
+#include <azure/identity/chained_token_credential.hpp>
 #include <azure/identity/client_secret_credential.hpp>
 #include <azure/identity/default_azure_credential.hpp>
 
@@ -246,7 +248,17 @@ namespace Azure { namespace Core { namespace Test {
         }
         if (clientSecret.empty())
         {
-          m_testCredential = std::make_shared<Azure::Identity::DefaultAzureCredential>();
+          m_testCredential = std::make_shared<Azure::Identity::ChainedTokenCredential>(
+              Azure::Identity::ChainedTokenCredential::Sources{
+                  std ::make_shared<Azure::Identity::AzurePipelinesCredential>(
+                      Azure::Core::_internal::Environment::GetVariable(
+                          "AZURESUBSCRIPTION_TENANT_ID"),
+                      Azure::Core::_internal::Environment::GetVariable(
+                          "AZURESUBSCRIPTION_CLIENT_ID"),
+                      Azure::Core::_internal::Environment::GetVariable(
+                          "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"),
+                      Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")),
+                  std::make_shared<Azure::Identity::DefaultAzureCredential>()});
         }
         else
         {
@@ -302,7 +314,7 @@ namespace Azure { namespace Core { namespace Test {
      *
      * @return The value of the environment variable retrieved.
      *
-     * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID, or AZURE_CLIENT_SECRET are not available in the
+     * @note If AZURE_TENANT_ID or AZURE_CLIENT_ID are not available in the
      * environment, the AZURE_SERVICE_DIRECTORY environment variable is used to set those values
      * with the values emitted by the New-TestResources.ps1 script.
      *

diff --git a/sdk/core/ci.yml b/sdk/core/ci.yml
@@ -53,6 +53,7 @@ extends:
       LiveTestTimeoutInMinutes: 90 # default is 60 min. We need a little longer on worst case for Win+jsonTests
       LineCoverageTarget: 88
       BranchCoverageTarget: 50
+      UseFederatedAuth: true
 #      PreTestSteps:
 #        - pwsh: |
 #            docker build -t squid-local $(Build.SourcesDirectory)/sdk/core/azure-core/test/ut/proxy_tests/localproxy

diff --git a/sdk/core/perf/inc/azure/perf/base_test.hpp b/sdk/core/perf/inc/azure/perf/base_test.hpp
@@ -100,7 +100,7 @@ namespace Azure { namespace Perf {
      *
      * @return The value of the environment variable retrieved.
      *
-     * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID, or AZURE_CLIENT_SECRET are not available in the
+     * @note If AZURE_TENANT_ID or AZURE_CLIENT_ID are not available in the
      * environment, the AZURE_SERVICE_DIRECTORY environment variable is used to set those values
      * with the values emitted by the New-TestResources.ps1 script.
      *

diff --git a/sdk/core/perf/src/base_test.cpp b/sdk/core/perf/src/base_test.cpp
@@ -11,6 +11,8 @@
 #endif
 #include <azure/core/http/policies/policy.hpp>
 #include <azure/core/internal/http/pipeline.hpp>
+#include <azure/identity/azure_pipelines_credential.hpp>
+#include <azure/identity/chained_token_credential.hpp>
 #include <azure/identity/client_secret_credential.hpp>
 #include <azure/identity/default_azure_credential.hpp>
 
@@ -285,7 +287,15 @@ namespace Azure { namespace Perf {
       }
       if (clientSecret.empty())
       {
-        m_testCredential = std::make_shared<Azure::Identity::DefaultAzureCredential>();
+        m_testCredential = std::make_shared<Azure::Identity::ChainedTokenCredential>(
+            Azure::Identity::ChainedTokenCredential::Sources{
+                std ::make_shared<Azure::Identity::AzurePipelinesCredential>(
+                    Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"),
+                    Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"),
+                    Azure::Core::_internal::Environment::GetVariable(
+                        "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"),
+                    Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")),
+                std::make_shared<Azure::Identity::DefaultAzureCredential>()});
       }
       else
       {

diff --git a/sdk/eventhubs/ci.yml b/sdk/eventhubs/ci.yml
@@ -32,6 +32,7 @@ extends:
       LiveTestTimeoutInMinutes: 120
       LineCoverageTarget: 27
       BranchCoverageTarget: 13
+      UseFederatedAuth: true
       Artifacts:
         - Name: azure-messaging-eventhubs
           Path: azure-messaging-eventhubs

diff --git a/sdk/identity/azure-identity/samples/CMakeLists.txt b/sdk/identity/azure-identity/samples/CMakeLists.txt
@@ -31,22 +31,22 @@ target_link_libraries(workload_identity_credential_sample PRIVATE azure-identity
 target_include_directories(workload_identity_credential_sample PRIVATE .)
 create_per_service_target_build_for_sample(identity workload_identity_credential_sample)
 
-add_executable(client_secret_credential_sample client_secret_credential.cpp)
-target_link_libraries(client_secret_credential_sample PRIVATE azure-identity service get-env-helper)
-target_include_directories(client_secret_credential_sample PRIVATE .)
-create_per_service_target_build_for_sample(identity client_secret_credential_sample)
-
-add_executable(default_azure_credential_sample default_azure_credential.cpp)
-target_link_libraries(default_azure_credential_sample PRIVATE azure-identity service)
-target_include_directories(default_azure_credential_sample PRIVATE .)
-create_per_service_target_build_for_sample(identity default_azure_credential_sample)
-
-add_executable(environment_credential_sample environment_credential.cpp)
-target_link_libraries(environment_credential_sample PRIVATE azure-identity service)
-target_include_directories(environment_credential_sample PRIVATE .)
-create_per_service_target_build_for_sample(identity environment_credential_sample)
-
-add_executable(managed_identity_credential_sample managed_identity_credential.cpp)
-target_link_libraries(managed_identity_credential_sample PRIVATE azure-identity service)
-target_include_directories(managed_identity_credential_sample PRIVATE .)
-create_per_service_target_build_for_sample(identity managed_identity_credential_sample)
+#add_executable(client_secret_credential_sample client_secret_credential.cpp)
+#target_link_libraries(client_secret_credential_sample PRIVATE azure-identity service get-env-helper)
+#target_include_directories(client_secret_credential_sample PRIVATE .)
+#create_per_service_target_build_for_sample(identity client_secret_credential_sample)
+
+#add_executable(default_azure_credential_sample default_azure_credential.cpp)
+#target_link_libraries(default_azure_credential_sample PRIVATE azure-identity service)
+#target_include_directories(default_azure_credential_sample PRIVATE .)
+#create_per_service_target_build_for_sample(identity default_azure_credential_sample)
+
+#add_executable(environment_credential_sample environment_credential.cpp)
+#target_link_libraries(environment_credential_sample PRIVATE azure-identity service)
+#target_include_directories(environment_credential_sample PRIVATE .)
+#create_per_service_target_build_for_sample(identity environment_credential_sample)
+
+#add_executable(managed_identity_credential_sample managed_identity_credential.cpp)
+#target_link_libraries(managed_identity_credential_sample PRIVATE azure-identity service)
+#target_include_directories(managed_identity_credential_sample PRIVATE .)
+#create_per_service_target_build_for_sample(identity managed_identity_credential_sample)
diff --git a/sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt
@@ -117,7 +117,7 @@ if (BUILD_PERFORMANCE_TESTS)
    add_subdirectory(test/perf)
 endif()
 
-if(BUILD_SAMPLES)
+if(BUILD_SAMPLES_DISABLED)
    add_subdirectory(samples)
 endif()
 

diff --git a/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt
@@ -154,7 +154,7 @@ if (BUILD_PERFORMANCE_TESTS)
   add_subdirectory(test/perf)
 endif()
 
-if(BUILD_SAMPLES)
+if(BUILD_SAMPLES_DISABLED)
   add_subdirectory(samples)
 endif()
 

diff --git a/sdk/keyvault/azure-security-keyvault-keys/README.md b/sdk/keyvault/azure-security-keyvault-keys/README.md
@@ -79,11 +79,10 @@ Use the [Azure CLI][azure_cli] snippet below to create/get client secret credent
   ```
   "<your-service-principal-object-id>"
   ```
-- Use the returned credentials above to set **AZURE_CLIENT_ID** (appId), **AZURE_CLIENT_SECRET** (password), and **AZURE_TENANT_ID** (tenant) environment variables. The following example shows a way to do this in Powershell:
+- Use the returned credentials above to set **AZURE_CLIENT_ID** (appId) and **AZURE_TENANT_ID** (tenant) environment variables. The following example shows a way to do this in Powershell:
 
   ```PowerShell
   $Env:AZURE_CLIENT_ID="generated-app-ID"
-  $Env:AZURE_CLIENT_SECRET="random-password"
   $Env:AZURE_TENANT_ID="tenant-ID"
   ```
 

diff --git a/sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt
@@ -117,7 +117,7 @@ if (BUILD_PERFORMANCE_TESTS)
   add_subdirectory(test/perf)
 endif()
 
-if(BUILD_SAMPLES)
+if(BUILD_SAMPLES_DISABLED)
   add_subdirectory(samples)
 endif()
 

diff --git a/sdk/keyvault/ci.yml b/sdk/keyvault/ci.yml
@@ -32,6 +32,7 @@ extends:
       LiveTestTimeoutInMinutes: 120
       LineCoverageTarget: 81
       BranchCoverageTarget: 42
+      UseFederatedAuth: true
       Artifacts:
         - Name: azure-security-keyvault-keys
           Path: azure-security-keyvault-keys

diff --git a/sdk/storage/README.md b/sdk/storage/README.md
@@ -36,4 +36,3 @@ additional questions or comments.
 [coc]: https://opensource.microsoft.com/codeofconduct/
 [coc_faq]: https://opensource.microsoft.com/codeofconduct/faq/
 [coc_contact]: mailto:[email protected]
-
diff --git a/sdk/storage/ci.yml b/sdk/storage/ci.yml
@@ -33,6 +33,7 @@ extends:
       LiveTestCtestRegex: azure-storage
       Clouds: Preview
       SupportedClouds: Preview
+      UseFederatedAuth: false
       Artifacts:
         - Name: azure-storage-common
           Path: azure-storage-common

diff --git a/sdk/tables/ci.yml b/sdk/tables/ci.yml
@@ -30,6 +30,7 @@ extends:
       CtestRegex: azure-data
       LineCoverageTarget: 77
       BranchCoverageTarget: 42
+      UseFederatedAuth: true
       LiveTestCtestRegex: azure-data
       Clouds: Preview
       SupportedClouds: Preview