Update keyvault to enable live testing in sovereign clouds for multip…

…le services (#21717)

* Update keyvault to enable live testing in sovereign clouds for multiple services

* Add async test recordings

* Add test_key_crud_operations recordings

sdk/keyvault/azure-keyvault-keys/tests/_test_case.py

@@ -95,6 +95,10 @@ def suffixed_test_name(testcase_func, param_num, param):
     )
 
 
+def is_public_cloud():
+    return (".microsoftonline.com" in os.getenv('AZURE_AUTHORITY_HOST', ''))
+
+
 class KeysTestCase(AzureTestCase):
     def setUp(self, *args, **kwargs):
         vault_playback_url = "https://vaultname.vault.azure.net"

sdk/keyvault/azure-keyvault-keys/tests/test_key_client.py

@@ -8,6 +8,7 @@
 import json
 import logging
 import time
+import os
 
 from azure.core.exceptions import ResourceExistsError, ResourceNotFoundError
 from azure.core.pipeline.policies import SansIOHTTPPolicy
@@ -23,7 +24,7 @@
 from six import byte2int
 
 from _shared.test_case import KeyVaultTestCase
-from _test_case import client_setup, get_attestation_token, get_decorator, get_release_policy, KeysTestCase
+from _test_case import client_setup, get_attestation_token, get_decorator, get_release_policy, is_public_cloud, KeysTestCase
 
 
 all_api_versions = get_decorator()
@@ -188,7 +189,7 @@ def test_key_crud_operations(self, client, is_hsm, **kwargs):
         # create ec key
         ec_key_name = self.get_resource_name("crud-ec-key")
         tags = {"purpose": "unit test", "test name": "CreateECKeyTest"}
-        ec_key = self._create_ec_key(client, enabled=True, key_name=ec_key_name, hardware_protected=True, tags=tags)
+        ec_key = self._create_ec_key(client, enabled=True, key_name=ec_key_name, hardware_protected=is_hsm, tags=tags)
         assert ec_key.properties.enabled
         assert tags == ec_key.properties.tags
         # create ec with curve
@@ -557,6 +558,9 @@ def test_update_release_policy(self, client, **kwargs):
     @only_vault_7_3_preview()
     @client_setup
     def test_key_rotation(self, client, **kwargs):
+        if (not is_public_cloud() and self.is_live):
+            pytest.skip("This test not supprot in usgov/china region. Follow up with service team.")
+
         key_name = self.get_resource_name("rotation-key")
         key = self._create_rsa_key(client, key_name)
         rotated_key = client.rotate_key(key_name)
@@ -569,6 +573,9 @@ def test_key_rotation(self, client, **kwargs):
     @only_vault_7_3_preview()
     @client_setup
     def test_key_rotation_policy(self, client, **kwargs):
+        if (not is_public_cloud() and self.is_live):
+            pytest.skip("This test not supprot in usgov/china region. Follow up with service team.")
+
         key_name = self.get_resource_name("rotation-key")
         self._create_rsa_key(client, key_name)
 

sdk/keyvault/azure-keyvault-keys/tests/test_keys_async.py

@@ -8,6 +8,7 @@
 import functools
 import json
 import logging
+import os
 
 from azure.core.exceptions import ResourceExistsError, ResourceNotFoundError
 from azure.core.pipeline.policies import SansIOHTTPPolicy
@@ -23,7 +24,7 @@
 from six import byte2int
 
 from _shared.test_case_async import KeyVaultTestCase
-from _test_case import client_setup, get_attestation_token, get_decorator, get_release_policy, KeysTestCase
+from _test_case import client_setup, get_attestation_token, get_decorator, get_release_policy, is_public_cloud, KeysTestCase
 from test_key_client import _assert_lifetime_actions_equal, _assert_rotation_policies_equal
 
 
@@ -183,7 +184,7 @@ async def test_key_crud_operations(self, client, is_hsm, **kwargs):
         ec_key_name = self.get_resource_name("crud-ec-key")
         tags = {"purpose": "unit test", "test name": "CreateECKeyTest"}
         ec_key = await self._create_ec_key(
-            client, enabled=True, key_name=ec_key_name, hardware_protected=True, tags=tags
+            client, enabled=True, key_name=ec_key_name, hardware_protected=is_hsm, tags=tags
         )
         assert ec_key.properties.enabled
         assert tags == ec_key.properties.tags
@@ -554,6 +555,9 @@ async def test_update_release_policy(self, client, **kwargs):
     @only_vault_7_3_preview()
     @client_setup
     async def test_key_rotation(self, client, **kwargs):
+        if (not is_public_cloud() and self.is_live):
+            pytest.skip("This test not supprot in usgov/china region. Follow up with service team.")
+
         key_name = self.get_resource_name("rotation-key")
         key = await self._create_rsa_key(client, key_name)
         rotated_key = await client.rotate_key(key_name)
@@ -566,6 +570,9 @@ async def test_key_rotation(self, client, **kwargs):
     @only_vault_7_3_preview()
     @client_setup
     async def test_key_rotation_policy(self, client, **kwargs):
+        if (not is_public_cloud() and self.is_live):
+            pytest.skip("This test not supprot in usgov/china region. Follow up with service team.")
+
         key_name = self.get_resource_name("rotation-key")
         await self._create_rsa_key(client, key_name)
 

sdk/keyvault/azure-keyvault-keys/tests/test_samples_keys.py

@@ -4,6 +4,8 @@
 # ------------------------------------
 from __future__ import print_function
 import time
+import os
+import pytest
 
 from azure.keyvault.keys import KeyType
 
@@ -36,6 +38,9 @@ class TestExamplesKeyVault(KeysTestCase, KeyVaultTestCase):
     @all_api_versions()
     @client_setup
     def test_example_key_crud_operations(self, key_client, **kwargs):
+        if (self.is_live and os.environ["KEYVAULT_SKU"] != "premium"):
+            pytest.skip("This test not supprot in usgov/china region. Follow up with service team")
+
         key_name = self.get_resource_name("key-name")
 
         # [START create_key]

sdk/keyvault/azure-keyvault-keys/tests/test_samples_keys_async.py

@@ -3,6 +3,7 @@
 # Licensed under the MIT License.
 # ------------------------------------
 import asyncio
+import os
 
 from azure.keyvault.keys import KeyType
 import pytest
@@ -42,6 +43,9 @@ class TestExamplesKeyVault(KeysTestCase, KeyVaultTestCase):
     @all_api_versions()
     @client_setup
     async def test_example_key_crud_operations(self, key_client, **kwargs):
+        if (self.is_live and os.environ["KEYVAULT_SKU"] != "premium"):
+            pytest.skip("This test not supprot in usgov/china region. Follow up with service team")
+
         key_name = self.get_resource_name("key-name")
 
         # [START create_key]

sdk/keyvault/tests.yml

@@ -17,6 +17,18 @@ stages:
         BuildTargetingString: ${{ service }}
         JobName: ${{ replace(service, '-', '_') }}
         TestTimeoutInMinutes: 240
+        SupportedClouds: 'Public,UsGov,China'
+        CloudConfig:
+          Public:
+            SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
+          UsGov:
+            SubscriptionConfiguration: $(sub-config-gov-test-resources)
+            MatrixFilters:
+              - ArmTemplateParameters=^(?!.*enableHsm.*true)
+          China:
+            SubscriptionConfiguration: $(sub-config-cn-test-resources)
+            MatrixFilters:
+              - ArmTemplateParameters=^(?!.*enableHsm.*true)
         ${{ if or(eq(service, 'azure-keyvault-keys'), eq(service, 'azure-keyvault-administration')) }}:
           AdditionalMatrixConfigs:
             - Name: keyvault_test_matrix_addons