Merge pull request #511 from AzureAD/4gust/keyvault-labauth

Updating pipeline to connect to ADO for integration tests
AzureAD · Sep 26, 2024 · 5b82c58 · 5b82c58
2 parents 7fe113d + 79e0339
commit 5b82c58
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 72 deletions.
diff --git a/ado/build_test.yaml b/ado/build_test.yaml
@@ -1,68 +1,48 @@
-trigger: 
- - main
+trigger:
+  - main
 
 pool:
-   vmImage: 'ubuntu-latest'
-
-steps: 
-- task: GoTool@0
-  inputs:
-    version: '1.22.3'
-- task: Go@0
-  inputs:
-    command: 'get'
-    arguments: '-d -v -t -d ./...'
-    workingDirectory: '$(System.DefaultWorkingDirectory)'
-  displayName: "Install dependencies"
-- task: Go@0
-  inputs:
-    command: 'build'
-    arguments: './apps/...'
-    workingDirectory: '$(System.DefaultWorkingDirectory)'
-  displayName: "Build"
-# - task: Go@0
-#   inputs:       
-#     command: 'test'
-#     arguments: '-race -short ./apps/cache/... ./apps/confidential/... ./apps/public/... ./apps/internal/...'
-#     workingDirectory: '$(System.DefaultWorkingDirectory)'
-#   displayName: "Run Unit Tests"
-
-- task: AzureKeyVault@2
-  displayName: 'Connect to Key Vault'
-  inputs:
-    azureSubscription: 'AuthSdkResourceManager' # string. Workload identity service connection to use managed identity authentication
-    KeyVaultName: 'msidlabs' # string. Required. The name of the Key Vault containing the secrets.
-    #setting secrets filter to fetch only MSIDLABCertificate cert from the vault
-    SecretsFilter: 'LabAuth' # string. Required. Specifies the secret to download. Use '*' for all secrets.
-    #RunAsPreJob: false # boolean. Make secrets available to whole job. Default: false.
-
-# - powershell: |
-#    $kvSecretBytes = [System.Convert]::FromBase64String('$(LabAuth)')
-#    $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
-#    $certCollection.Import($kvSecretBytes, $null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
-
-#    $protectedCertificateBytes = $certCollection.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12)
-#    $pfxPath = '$(Build.SourcesDirectory)' + "\TestCert.pfx"
-#    [System.IO.File]::WriteAllBytes($pfxPath, $protectedCertificateBytes)
-
-#    Import-PfxCertificate -FilePath $pfxPath -CertStoreLocation Cert:\LocalMachine\My
-
-#   displayName: 'Install Keyvault Secrets'
-
-- script: |
-    echo $(LabAuth) | base64 -d > cert.pfx
-    sudo apt-get install -y libnss3-tools openssl
-    mkdir -p ~/.pki/nssdb
-    certutil -N -d sql:$HOME/.pki/nssdb --empty-password
-    openssl pkcs12 -in cert.pfx -out cert.pem -nodes
-    certutil -A -d sql:$HOME/.pki/nssdb -n "labCert" -t "P,," -i cert.pem
-  displayName: 'Install Keyvault Secrets'
-
-- task: Go@0
-  inputs:       
-    command: 'test'
-    arguments: '-race ./apps/tests/integration/...'
-    workingDirectory: '$(System.DefaultWorkingDirectory)'
-  displayName: "Run Integration Tests"
-
-
+  vmImage: "ubuntu-latest"
+
+steps:
+  - task: GoTool@0
+    inputs:
+      version: "1.22.3"
+  - task: Go@0
+    inputs:
+      command: "get"
+      arguments: "-d -v -t -d ./..."
+      workingDirectory: "$(System.DefaultWorkingDirectory)"
+    displayName: "Install dependencies"
+  - task: Go@0
+    inputs:
+      command: "build"
+      arguments: "./apps/..."
+      workingDirectory: "$(System.DefaultWorkingDirectory)"
+    displayName: "Build"
+  - task: Go@0
+    inputs:
+      command: "test"
+      arguments: "-race -short ./apps/cache/... ./apps/confidential/... ./apps/public/... ./apps/internal/..."
+      workingDirectory: "$(System.DefaultWorkingDirectory)"
+    displayName: "Run Unit Tests"
+  - task: AzureKeyVault@2
+    displayName: "Connect to Key Vault"
+    inputs:
+      azureSubscription: "AuthSdkResourceManager"
+      KeyVaultName: "msidlabs"
+      SecretsFilter: "LabAuth"
+  - task: Bash@3
+    displayName: Installing certificate
+    inputs:
+      targetType: "inline"
+      script: |
+        echo $(LabAuth) | base64 -d > $(Build.SourcesDirectory)/cert.pfx
+        openssl pkcs12 -in $(Build.SourcesDirectory)/cert.pfx -out $(Build.SourcesDirectory)/cert.pem -nodes -passin pass:''
+
+  - task: Go@0
+    inputs:
+      command: "test"
+      arguments: "-race ./apps/tests/integration/..."
+      workingDirectory: "$(System.DefaultWorkingDirectory)"
+    displayName: "Run Integration Tests"
diff --git a/apps/tests/integration/README.md b/apps/tests/integration/README.md
@@ -0,0 +1,21 @@
+# Go Integration Test
+
+This guide explains how to:
+
+1. Download a certificate from [link](https://ms.portal.azure.com/#@microsoft.onmicrosoft.com/asset/Microsoft_Azure_KeyVault/Certificate/https://msidlabs.vault.azure.net/certificates/LabAuth).
+2. Download the `.pex/.pem` format
+3. Convert the `.cert` file to `.pem` file.
+4. Execute Go integration tests.
+
+## Prerequisites
+
+- Run `openssl pkcs12 -in <path to the cert>/cert.pfx -out <Go source folder>/cert.pem -nodes -passin pass:''`
+- It should be in the root folder of the `microsoft-authentication-library-for-go`
+
+## Steps
+
+### 1. Running the tests
+
+```bash
+go test -race ./apps/tests/integration/
+```
diff --git a/apps/tests/integration/integration_test.go b/apps/tests/integration/integration_test.go
@@ -36,7 +36,7 @@ const (
 
 	// Default values
 	defaultClientId = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9"
-	pemFile         = "Insert path to pem file here"
+	pemFile         = "../../../cert.pem"
 )
 
 var httpClient = http.Client{}
@@ -242,8 +242,7 @@ func TestUsernamePassword(t *testing.T) {
 
 // TODO: update this at a later date, see issue https://github.com/AzureAD/microsoft-authentication-library-for-go/issues/513
 func TestConfidentialClientWithSecret(t *testing.T) {
-	t.Skip("skipping integration test until it is fixed")
-
+	t.Skip("Skipping test until fix")
 	if testing.Short() {
 		t.Skip("skipping integration test")
 	}
@@ -273,13 +272,11 @@ func TestConfidentialClientWithSecret(t *testing.T) {
 	if silentResult.AccessToken == "" {
 		t.Fatal("TestConfidentialClientwithSecret: on AcquireTokenSilent(): got AccessToken == '', want AccessToken != ''")
 	}
-
 }
 
 // TODO: update this at a later date, see issue https://github.com/AzureAD/microsoft-authentication-library-for-go/issues/513
 func TestOnBehalfOf(t *testing.T) {
-	t.Skip("skipping integration test until it is fixed")
-
+	t.Skip("Skipping test until fix")
 	if testing.Short() {
 		t.Skip("skipping integration test")
 	}