Migrates SDKs to Federated Auth (#41179)

Azure · Jul 18, 2024 · c40ee68 · c40ee68
1 parent f0bb03e
commit c40ee68
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 16 deletions.
diff --git a/sdk/personalizer/tests.yml b/sdk/personalizer/tests.yml
@@ -3,15 +3,13 @@ trigger: none
 extends:
   template: /eng/pipelines/templates/stages/archetype-sdk-tests.yml
   parameters:
+    UseFederatedAuth: true
     ServiceDirectory: personalizer
     timeoutInMinutes: 240 # how long to run the job before automatically cancelling
     Artifacts:
       - name: azure-ai-personalizer
         groupId: com.azure
         safeName: azureaipersonalizer
     EnvVars:
-        AZURE_TENANT_ID: $(PERSONALIZER_TENANT_ID)
-        AZURE_CLIENT_ID: $(PERSONALIZER_CLIENT_ID)
-        AZURE_CLIENT_SECRET: $(PERSONALIZER_CLIENT_SECRET)
         PERSONALIZER_ENDPOINT_STATIC: $(java-personalizer-test-singleslot-endpoint)
         PERSONALIZER_API_KEY_STATIC: $(java-personalizer-test-singleslot-api-key)
diff --git a/sdk/remoterendering/tests.yml b/sdk/remoterendering/tests.yml
@@ -3,6 +3,7 @@ trigger: none
 extends:
   template: /eng/pipelines/templates/stages/archetype-sdk-tests.yml
   parameters:
+    UseFederatedAuth: true
     ServiceDirectory: remoterendering
     Location: eastus2
     Artifacts:

diff --git a/...anslation-text/src/test/java/com/azure/ai/translation/text/TextTranslationClientBase.java b/...anslation-text/src/test/java/com/azure/ai/translation/text/TextTranslationClientBase.java
@@ -7,12 +7,20 @@
 import com.azure.core.credential.TokenCredential;
 import com.azure.core.http.policy.HttpLogDetailLevel;
 import com.azure.core.http.policy.HttpLogOptions;
+import com.azure.core.test.InterceptorManager;
 import com.azure.core.test.TestMode;
 import com.azure.core.test.TestProxyTestBase;
 import com.azure.core.test.utils.MockTokenCredential;
 import com.azure.core.test.models.CustomMatcher;
 import com.azure.core.util.Configuration;
-import com.azure.identity.ClientSecretCredentialBuilder;
+import com.azure.core.util.CoreUtils;
+import com.azure.identity.AzurePowerShellCredentialBuilder;
+import com.azure.identity.EnvironmentCredentialBuilder;
+import com.azure.identity.AzureDeveloperCliCredentialBuilder;
+import com.azure.identity.AzurePipelinesCredentialBuilder;
+import com.azure.identity.AzureCliCredentialBuilder;
+import com.azure.identity.ChainedTokenCredentialBuilder;
+
 
 import java.util.Arrays;
 import java.io.BufferedReader;
@@ -149,19 +157,42 @@ private TokenCredential getTokenCredential() throws IOException {
     }
 
     private TokenCredential getAadUserToken() {
-        TokenCredential credential;
-
-        if (getTestMode() != TestMode.PLAYBACK) {
-            Configuration global = Configuration.getGlobalConfiguration().clone();
-            credential = new ClientSecretCredentialBuilder()
-                .clientSecret(global.get("AZURE_CLIENT_SECRET"))
-                .clientId(global.get("AZURE_CLIENT_ID"))
-                .tenantId(global.get("AZURE_TENANT_ID"))
-                .build();
-        } else {
-            credential = new MockTokenCredential();
+        TokenCredential credential = getIdentityTestCredential(interceptorManager);
+        return credential;
+    }
+
+    public static TokenCredential getIdentityTestCredential(InterceptorManager interceptorManager) {
+        if (interceptorManager.isPlaybackMode()) {
+            return  new MockTokenCredential();
         }
 
-        return credential;
+        Configuration config = Configuration.getGlobalConfiguration();
+
+        ChainedTokenCredentialBuilder builder = new ChainedTokenCredentialBuilder()
+            .addLast(new EnvironmentCredentialBuilder().build())
+            .addLast(new AzureCliCredentialBuilder().build())
+            .addLast(new AzureDeveloperCliCredentialBuilder().build());
+
+
+        String serviceConnectionId = config.get("AZURESUBSCRIPTION_SERVICE_CONNECTION_ID");
+        String clientId = config.get("AZURESUBSCRIPTION_CLIENT_ID");
+        String tenantId = config.get("AZURESUBSCRIPTION_TENANT_ID");
+        String systemAccessToken = config.get("SYSTEM_ACCESSTOKEN");
+
+        if (!CoreUtils.isNullOrEmpty(serviceConnectionId)
+            && !CoreUtils.isNullOrEmpty(clientId)
+            && !CoreUtils.isNullOrEmpty(tenantId)
+            && !CoreUtils.isNullOrEmpty(systemAccessToken)) {
+
+            builder.addLast(new AzurePipelinesCredentialBuilder()
+                .systemAccessToken(systemAccessToken)
+                .clientId(clientId)
+                .tenantId(tenantId)
+                .serviceConnectionId(serviceConnectionId)
+                .build());
+        }
+
+        builder.addLast(new AzurePowerShellCredentialBuilder().build());
+        return builder.build();
     }
 }