diff --git a/eng/pipelines/templates/jobs/live.tests.yml b/eng/pipelines/templates/jobs/live.tests.yml index e348e0a5caee..422a9da8d6a6 100644 --- a/eng/pipelines/templates/jobs/live.tests.yml +++ b/eng/pipelines/templates/jobs/live.tests.yml @@ -45,6 +45,9 @@ parameters: - name: UseFederatedAuth type: boolean default: false +- name: PersistOidcToken + type: boolean + default: false jobs: - job: @@ -99,6 +102,7 @@ jobs: SubscriptionConfiguration: $(SubscriptionConfiguration) ArmTemplateParameters: $(ArmTemplateParameters) UseFederatedAuth: ${{ parameters.UseFederatedAuth }} + PersistOidcToken: ${{ parameters.PersistOidcToken }} ServiceConnection: ${{ parameters.CloudConfig.ServiceConnection }} SubscriptionConfigurationFilePaths: ${{ parameters.CloudConfig.SubscriptionConfigurationFilePaths }} EnvVars: diff --git a/eng/pipelines/templates/stages/archetype-sdk-tests-isolated.yml b/eng/pipelines/templates/stages/archetype-sdk-tests-isolated.yml index ecbdc04af0bc..6177ba2a725a 100644 --- a/eng/pipelines/templates/stages/archetype-sdk-tests-isolated.yml +++ b/eng/pipelines/templates/stages/archetype-sdk-tests-isolated.yml @@ -69,6 +69,9 @@ parameters: - name: UseFederatedAuth type: boolean default: true + - name: PersistOidcToken + type: boolean + default: false stages: - ${{ each cloud in parameters.CloudConfig }}: @@ -97,6 +100,7 @@ stages: TestResourceDirectories: ${{ parameters.TestResourceDirectories }} PublishCodeCoverage: ${{ parameters.PublishCodeCoverage }} UseFederatedAuth: ${{ parameters.UseFederatedAuth }} + PersistOidcToken: ${{ parameters.PersistOidcToken }} PreSteps: - ${{ parameters.PreSteps }} PostSteps: diff --git a/eng/pipelines/templates/stages/archetype-sdk-tests.yml b/eng/pipelines/templates/stages/archetype-sdk-tests.yml index 6d1ed557a8c3..eade2010d39f 100644 --- a/eng/pipelines/templates/stages/archetype-sdk-tests.yml +++ b/eng/pipelines/templates/stages/archetype-sdk-tests.yml @@ -69,6 +69,9 @@ parameters: - name: UseFederatedAuth type: boolean default: true + - name: PersistOidcToken + type: boolean + default: false extends: @@ -89,6 +92,7 @@ extends: SupportedClouds: ${{ parameters.SupportedClouds }} UnsupportedClouds: ${{ parameters.UnsupportedClouds }} UseFederatedAuth: ${{ parameters.UseFederatedAuth }} + PersistOidcToken: ${{ parameters.PersistOidcToken }} PreSteps: - ${{ parameters.PreSteps }} PostSteps: diff --git a/sdk/identity/identity/test/integration/node/azureKubernetesTest.spec.ts b/sdk/identity/identity/test/integration/node/azureKubernetesTest.spec.ts index 34f42c74a770..9bfe56dbddda 100644 --- a/sdk/identity/identity/test/integration/node/azureKubernetesTest.spec.ts +++ b/sdk/identity/identity/test/integration/node/azureKubernetesTest.spec.ts @@ -18,8 +18,8 @@ describe("Azure Kubernetes Integration test", function () { if (process.env.IDENTITY_CLIENT_SECRET) { // Log in as service principal in CI - const clientId = requireEnvVar("ARM_CLIENT_ID"); - const tenantId = requireEnvVar("ARM_TENANT_ID"); + const clientId = requireEnvVar("AZURE_CLIENT_ID"); + const tenantId = requireEnvVar("AZURE_TENANT_ID"); const oidc = requireEnvVar("ARM_OIDC_TOKEN"); runCommand( "az", diff --git a/sdk/identity/identity/tests.yml b/sdk/identity/identity/tests.yml index 6b7e43ec8299..323a0861aca5 100644 --- a/sdk/identity/identity/tests.yml +++ b/sdk/identity/identity/tests.yml @@ -3,25 +3,10 @@ trigger: none extends: template: /eng/pipelines/templates/stages/archetype-sdk-tests.yml parameters: - PreSteps: - - task: AzureCLI@2 - displayName: Set OIDC variables - env: - ARM_OIDC_TOKEN: $(ARM_OIDC_TOKEN) - ARM_CLIENT_ID: $(ARM_CLIENT_ID) - ARM_TENANT_ID: $(ARM_TENANT_ID) - inputs: - azureSubscription: azure-sdk-tests - scriptType: pscore - scriptLocation: inlineScript - addSpnToEnvironment: true - inlineScript: | - Write-Host "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$($env:servicePrincipalId)" - Write-Host "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$($env:tenantId)" - Write-Host "##vso[task.setvariable variable=ARM_OIDC_TOKEN;issecret=true]$($env:idToken)" PackageName: "@azure/identity" ServiceDirectory: identity TimeoutInMinutes: 120 + PersistOidcToken: true CloudConfig: Public: SubscriptionConfigurations: @@ -38,8 +23,4 @@ extends: - OSVmImage=.*LINUXNEXTVMIMAGE.*/azsdk-pool-mms-ubuntu-2204-1espt EnvVars: AZURE_CLIENT_ID: $(IDENTITY_CLIENT_ID) - AZURE_CLIENT_SECRET: $(IDENTITY_CLIENT_SECRET) AZURE_TENANT_ID: $(IDENTITY_TENANT_ID) - ARM_OIDC_TOKEN: $(ARM_OIDC_TOKEN) - ARM_CLIENT_ID: $(ARM_CLIENT_ID) - ARM_TENANT_ID: $(ARM_TENANT_ID) diff --git a/sdk/identity/test-resources-post.ps1 b/sdk/identity/test-resources-post.ps1 index 0f38a71199da..7b5156278acb 100644 --- a/sdk/identity/test-resources-post.ps1 +++ b/sdk/identity/test-resources-post.ps1 @@ -7,6 +7,23 @@ param ( [Parameter(ValueFromRemainingArguments = $true)] $RemainingArguments, + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $SubscriptionId, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $TenantId, + + [Parameter()] + [ValidatePattern('^[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$')] + [string] $TestApplicationId, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $Environment, + + [Parameter()] [hashtable] $DeploymentOutputs, @@ -39,8 +56,9 @@ Write-Host "Working directory: $workingFolder" if ($CI) { Write-Host "Logging in to service principal" - az login --service-principal -u $env:ARM_CLIENT_ID --tenant $env:ARM_TENANT_ID --allow-no-subscriptions --federated-token $env:ARM_OIDC_TOKEN - az account set --subscription $DeploymentOutputs['IDENTITY_SUBSCRIPTION_ID'] + az cloud set --name $Environment + az login --service-principal -u $env:TestApplicationId --tenant $env:TenantId --allow-no-subscriptions --federated-token $env:ARM_OIDC_TOKEN + az account set --subscription $SubscriptionId } # Azure Functions app deployment