Use common OIDC token env vars for live tests.

Azure · Oct 8, 2024 · e8fa4a8 · e8fa4a8
1 parent 4fc29fe
commit e8fa4a8
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 23 deletions.
diff --git a/eng/pipelines/templates/jobs/live.tests.yml b/eng/pipelines/templates/jobs/live.tests.yml
@@ -45,6 +45,9 @@ parameters:
 - name: UseFederatedAuth
   type: boolean
   default: false
+- name: PersistOidcToken
+  type: boolean
+  default: false
 
 jobs:
   - job:
@@ -100,6 +103,7 @@ jobs:
                 SubscriptionConfiguration: $(SubscriptionConfiguration)
                 ArmTemplateParameters: $(ArmTemplateParameters)
                 UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
+                PersistOidcToken: ${{ parameters.PersistOidcToken }}
                 ServiceConnection: ${{ parameters.CloudConfig.ServiceConnection }}
                 SubscriptionConfigurationFilePaths: ${{ parameters.CloudConfig.SubscriptionConfigurationFilePaths }}
                 EnvVars:
@@ -114,6 +118,7 @@ jobs:
               SubscriptionConfiguration: $(SubscriptionConfiguration)
               ArmTemplateParameters: $(ArmTemplateParameters)
               UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
+              PersistOidcToken: ${{ parameters.PersistOidcToken }}
               ServiceConnection: ${{ parameters.CloudConfig.ServiceConnection }}
               SubscriptionConfigurationFilePaths: ${{ parameters.CloudConfig.SubscriptionConfigurationFilePaths }}
               EnvVars:

diff --git a/eng/pipelines/templates/stages/archetype-sdk-tests-isolated.yml b/eng/pipelines/templates/stages/archetype-sdk-tests-isolated.yml
@@ -44,7 +44,7 @@ parameters:
       Public:
         SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
         ServiceConnection: azure-sdk-tests
-        SubscriptionConfigurationFilePaths: 
+        SubscriptionConfigurationFilePaths:
           - eng/common/TestResources/sub-config/AzurePublicMsft.json
       Preview:
         SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources-preview)
@@ -77,6 +77,9 @@ parameters:
   - name: UseFederatedAuth
     type: boolean
     default: true
+  - name: PersistOidcToken
+    type: boolean
+    default: false
 
 stages:
   - ${{ each cloud in parameters.CloudConfig }}:
@@ -105,6 +108,7 @@ stages:
                 TestResourceDirectories: ${{ parameters.TestResourceDirectories }}
                 PublishCodeCoverage: ${{ parameters.PublishCodeCoverage }}
                 UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
+                PersistOidcToken: ${{ parameters.PersistOidcToken }}
                 PreSteps:
                   - ${{ parameters.PreSteps }}
                 PostSteps:

diff --git a/eng/pipelines/templates/stages/archetype-sdk-tests.yml b/eng/pipelines/templates/stages/archetype-sdk-tests.yml
@@ -44,7 +44,7 @@ parameters:
       Public:
         SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
         ServiceConnection: azure-sdk-tests
-        SubscriptionConfigurationFilePaths: 
+        SubscriptionConfigurationFilePaths:
           - eng/common/TestResources/sub-config/AzurePublicMsft.json
       Preview:
         SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources-preview)
@@ -78,6 +78,9 @@ parameters:
   - name: UseFederatedAuth
     type: boolean
     default: true
+  - name: PersistOidcToken
+    type: boolean
+    default: false
 
 
 extends:
@@ -98,6 +101,7 @@ extends:
           SupportedClouds: ${{ parameters.SupportedClouds }}
           UnsupportedClouds: ${{ parameters.UnsupportedClouds }}
           UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
+          PersistOidcToken: ${{ parameters.PersistOidcToken }}
           PreSteps:
             - ${{ parameters.PreSteps }}
           PostSteps:

diff --git a/sdk/identity/identity/tests.yml b/sdk/identity/identity/tests.yml
@@ -3,26 +3,11 @@ trigger: none
 extends:
     template: /eng/pipelines/templates/stages/archetype-sdk-tests.yml
     parameters:
-      PreSteps:
-      - task: AzureCLI@2
-        displayName: Set OIDC variables
-        env:
-          ARM_OIDC_TOKEN: $(ARM_OIDC_TOKEN)
-          ARM_CLIENT_ID: $(ARM_CLIENT_ID)
-          ARM_TENANT_ID: $(ARM_TENANT_ID)
-        inputs:
-          azureSubscription: azure-sdk-tests
-          scriptType: pscore
-          scriptLocation: inlineScript
-          addSpnToEnvironment: true
-          inlineScript: |
-            Write-Host "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$($env:servicePrincipalId)"
-            Write-Host "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$($env:tenantId)"
-            Write-Host "##vso[task.setvariable variable=ARM_OIDC_TOKEN;issecret=true]$($env:idToken)"
       PackageName: "@azure/identity"
       ServiceDirectory: identity
       TimeoutInMinutes: 120
       SupportedClouds: 'Public,UsGov,China,Canary'
+      PersistOidcToken: true
       CloudConfig:
         Public:
           ServiceConnection: azure-sdk-tests
@@ -43,6 +28,3 @@ extends:
         AZURE_CLIENT_ID: $(IDENTITY_CLIENT_ID)
         AZURE_CLIENT_SECRET: $(IDENTITY_CLIENT_SECRET)
         AZURE_TENANT_ID: $(IDENTITY_TENANT_ID)
-        ARM_OIDC_TOKEN: $(ARM_OIDC_TOKEN)
-        ARM_CLIENT_ID: $(ARM_CLIENT_ID)
-        ARM_TENANT_ID: $(ARM_TENANT_ID)
diff --git a/sdk/identity/test-resources-post.ps1 b/sdk/identity/test-resources-post.ps1
@@ -7,6 +7,23 @@ param (
   [Parameter(ValueFromRemainingArguments = $true)]
   $RemainingArguments,
 
+  [Parameter(Mandatory = $true)]
+  [ValidateNotNullOrEmpty()]
+  [string] $SubscriptionId,
+
+  [Parameter(Mandatory = $true)]
+  [ValidateNotNullOrEmpty()]
+  [string] $TenantId,
+
+  [Parameter()]
+  [ValidatePattern('^[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$')]
+  [string] $TestApplicationId,
+
+  [Parameter(Mandatory = $true)]
+  [ValidateNotNullOrEmpty()]
+  [string] $Environment,
+
+
   [Parameter()]
   [hashtable] $DeploymentOutputs,
 
@@ -39,8 +56,9 @@ Write-Host "Working directory: $workingFolder"
 
 if ($CI) {
   Write-Host "Logging in to service principal"
-  az login --service-principal -u $env:ARM_CLIENT_ID --tenant $env:ARM_TENANT_ID --allow-no-subscriptions --federated-token $env:ARM_OIDC_TOKEN
-  az account set --subscription $DeploymentOutputs['IDENTITY_SUBSCRIPTION_ID']
+  az cloud set --name $Environment
+  az login --service-principal -u $env:TestApplicationId --tenant $env:TenantId --allow-no-subscriptions --federated-token $env:ARM_OIDC_TOKEN
+  az account set --subscription $SubscriptionId
 }
 
 # Azure Functions app deployment