Skip to content

Commit

Permalink
Use common OIDC token env vars for live tests.
Browse files Browse the repository at this point in the history
  • Loading branch information
@benbp
benbp committed Oct 18, 2024
1 parent 2a7059e commit 4105a67
Show file tree
Hide file tree
Showing 6 changed files with 35 additions and 24 deletions.
4 changes: 4 additions & 0 deletions eng/pipelines/templates/jobs/live.tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,9 @@ parameters:
- name: UseFederatedAuth
type: boolean
default: false
- name: PersistOidcToken
type: boolean
default: false

jobs:
- job:
Expand Down Expand Up @@ -99,6 +102,7 @@ jobs:
SubscriptionConfiguration: $(SubscriptionConfiguration)
ArmTemplateParameters: $(ArmTemplateParameters)
UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
PersistOidcToken: ${{ parameters.PersistOidcToken }}
ServiceConnection: ${{ parameters.CloudConfig.ServiceConnection }}
SubscriptionConfigurationFilePaths: ${{ parameters.CloudConfig.SubscriptionConfigurationFilePaths }}
EnvVars:
Expand Down
4 changes: 4 additions & 0 deletions eng/pipelines/templates/stages/archetype-sdk-tests-isolated.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,9 @@ parameters:
- name: UseFederatedAuth
type: boolean
default: true
- name: PersistOidcToken
type: boolean
default: false

stages:
- ${{ each cloud in parameters.CloudConfig }}:
Expand Down Expand Up @@ -97,6 +100,7 @@ stages:
TestResourceDirectories: ${{ parameters.TestResourceDirectories }}
PublishCodeCoverage: ${{ parameters.PublishCodeCoverage }}
UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
PersistOidcToken: ${{ parameters.PersistOidcToken }}
PreSteps:
- ${{ parameters.PreSteps }}
PostSteps:
Expand Down
4 changes: 4 additions & 0 deletions eng/pipelines/templates/stages/archetype-sdk-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,9 @@ parameters:
- name: UseFederatedAuth
type: boolean
default: true
- name: PersistOidcToken
type: boolean
default: false


extends:
Expand All @@ -89,6 +92,7 @@ extends:
SupportedClouds: ${{ parameters.SupportedClouds }}
UnsupportedClouds: ${{ parameters.UnsupportedClouds }}
UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
PersistOidcToken: ${{ parameters.PersistOidcToken }}
PreSteps:
- ${{ parameters.PreSteps }}
PostSteps:
Expand Down
4 changes: 2 additions & 2 deletions sdk/identity/identity/test/integration/node/azureKubernetesTest.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ describe("Azure Kubernetes Integration test", function () {

if (process.env.IDENTITY_CLIENT_SECRET) {
// Log in as service principal in CI
const clientId = requireEnvVar("ARM_CLIENT_ID");
const tenantId = requireEnvVar("ARM_TENANT_ID");
const clientId = requireEnvVar("AZURE_CLIENT_ID");
const tenantId = requireEnvVar("AZURE_TENANT_ID");
const oidc = requireEnvVar("ARM_OIDC_TOKEN");
runCommand(
"az",
Expand Down
21 changes: 1 addition & 20 deletions sdk/identity/identity/tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,25 +3,10 @@ trigger: none
extends:
template: /eng/pipelines/templates/stages/archetype-sdk-tests.yml
parameters:
PreSteps:
- task: AzureCLI@2
displayName: Set OIDC variables
env:
ARM_OIDC_TOKEN: $(ARM_OIDC_TOKEN)
ARM_CLIENT_ID: $(ARM_CLIENT_ID)
ARM_TENANT_ID: $(ARM_TENANT_ID)
inputs:
azureSubscription: azure-sdk-tests
scriptType: pscore
scriptLocation: inlineScript
addSpnToEnvironment: true
inlineScript: |
Write-Host "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$($env:servicePrincipalId)"
Write-Host "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$($env:tenantId)"
Write-Host "##vso[task.setvariable variable=ARM_OIDC_TOKEN;issecret=true]$($env:idToken)"
PackageName: "@azure/identity"
ServiceDirectory: identity
TimeoutInMinutes: 120
PersistOidcToken: true
CloudConfig:
Public:
SubscriptionConfigurations:
Expand All @@ -38,8 +23,4 @@ extends:
- OSVmImage=.*LINUXNEXTVMIMAGE.*/azsdk-pool-mms-ubuntu-2204-1espt
EnvVars:
AZURE_CLIENT_ID: $(IDENTITY_CLIENT_ID)
AZURE_CLIENT_SECRET: $(IDENTITY_CLIENT_SECRET)
AZURE_TENANT_ID: $(IDENTITY_TENANT_ID)
ARM_OIDC_TOKEN: $(ARM_OIDC_TOKEN)
ARM_CLIENT_ID: $(ARM_CLIENT_ID)
ARM_TENANT_ID: $(ARM_TENANT_ID)
22 changes: 20 additions & 2 deletions sdk/identity/test-resources-post.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,23 @@ param (
[Parameter(ValueFromRemainingArguments = $true)]
$RemainingArguments,

[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string] $SubscriptionId,

[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string] $TenantId,

[Parameter()]
[ValidatePattern('^[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$')]
[string] $TestApplicationId,

[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string] $Environment,


[Parameter()]
[hashtable] $DeploymentOutputs,

Expand Down Expand Up @@ -39,8 +56,9 @@ Write-Host "Working directory: $workingFolder"

if ($CI) {
Write-Host "Logging in to service principal"
az login --service-principal -u $env:ARM_CLIENT_ID --tenant $env:ARM_TENANT_ID --allow-no-subscriptions --federated-token $env:ARM_OIDC_TOKEN
az account set --subscription $DeploymentOutputs['IDENTITY_SUBSCRIPTION_ID']
az cloud set --name $Environment
az login --service-principal -u $env:TestApplicationId --tenant $env:TenantId --allow-no-subscriptions --federated-token $env:ARM_OIDC_TOKEN
az account set --subscription $SubscriptionId
}

# Azure Functions app deployment
Expand Down

0 comments on commit 4105a67

Please sign in to comment.