From e2a37c2c1c637985600fb62816122c5cd0ece326 Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Tue, 5 Sep 2023 09:31:46 -0500 Subject: [PATCH] VM managed identity integration test (#38457) --- .../tests/CredentialTestHelpers.cs | 1 + .../tests/IdentityTestEnvironment.cs | 2 +- .../ManagedIdentityVMIntegrationTests.cs | 29 +++++++++++++++++++ sdk/identity/platform-matrix.json | 10 ++++++- sdk/identity/tests.yml | 5 ++++ 5 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 sdk/identity/Azure.Identity/tests/ManagedIdentityVMIntegrationTests.cs diff --git a/sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs b/sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs index 74b1c7d9ea7a5..568d436e7c0d4 100644 --- a/sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs +++ b/sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs @@ -23,6 +23,7 @@ namespace Azure.Identity.Tests { internal static class CredentialTestHelpers { + public static string[] DefaultScope = new string[] { "https://management.azure.com//.default" }; private const string DiscoveryResponseBody = "{\"tenant_discovery_endpoint\": \"https://login.microsoftonline.com/c54fac88-3dd3-461f-a7c4-8a368e0340b3/v2.0/.well-known/openid-configuration\",\"api-version\": \"1.1\",\"metadata\":[{\"preferred_network\": \"login.microsoftonline.com\",\"preferred_cache\": \"login.windows.net\",\"aliases\":[\"login.microsoftonline.com\",\"login.windows.net\",\"login.microsoft.com\",\"sts.windows.net\"]},{\"preferred_network\": \"login.partner.microsoftonline.cn\",\"preferred_cache\": \"login.partner.microsoftonline.cn\",\"aliases\":[\"login.partner.microsoftonline.cn\",\"login.chinacloudapi.cn\"]},{\"preferred_network\": \"login.microsoftonline.de\",\"preferred_cache\": \"login.microsoftonline.de\",\"aliases\":[\"login.microsoftonline.de\"]},{\"preferred_network\": \"login.microsoftonline.us\",\"preferred_cache\": \"login.microsoftonline.us\",\"aliases\":[\"login.microsoftonline.us\",\"login.usgovcloudapi.net\"]},{\"preferred_network\": \"login-us.microsoftonline.com\",\"preferred_cache\": \"login-us.microsoftonline.com\",\"aliases\":[\"login-us.microsoftonline.com\"]}]}"; public static (string Token, DateTimeOffset ExpiresOn, string Json) CreateTokenForAzureCli() => CreateTokenForAzureCli(TimeSpan.FromSeconds(30)); diff --git a/sdk/identity/Azure.Identity/tests/IdentityTestEnvironment.cs b/sdk/identity/Azure.Identity/tests/IdentityTestEnvironment.cs index 472b8d9e529d0..0fc6f32ed41f2 100644 --- a/sdk/identity/Azure.Identity/tests/IdentityTestEnvironment.cs +++ b/sdk/identity/Azure.Identity/tests/IdentityTestEnvironment.cs @@ -1,7 +1,6 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. -using System; using System.IO; using Azure.Core.TestFramework; using NUnit.Framework; @@ -39,6 +38,7 @@ public class IdentityTestEnvironment : TestEnvironment public string ServicePrincipalCertificatePemPath => GetOptionalVariable("IDENTITY_SP_CERT_PEM") ?? Path.Combine(TestContext.CurrentContext.TestDirectory, "Data", "cert.pem"); public string ServicePrincipalSniCertificatePath => GetOptionalVariable("IDENTITY_SP_CERT_SNI") ?? Path.Combine(TestContext.CurrentContext.TestDirectory, "Data", "cert.pfx"); public string IdentityTestWebName => GetRecordedVariable("IDENTITY_WEBAPP_NAME"); + public string VMUserAssignedManagedIdentityClientId => GetOptionalVariable("IDENTITY_VM_USER_ASSIGNED_MI_CLIENT_ID"); public string IdentityTestAzFuncName => GetRecordedVariable("IDENTITY_FUNCTION_NAME"); } } diff --git a/sdk/identity/Azure.Identity/tests/ManagedIdentityVMIntegrationTests.cs b/sdk/identity/Azure.Identity/tests/ManagedIdentityVMIntegrationTests.cs new file mode 100644 index 0000000000000..4586954421f99 --- /dev/null +++ b/sdk/identity/Azure.Identity/tests/ManagedIdentityVMIntegrationTests.cs @@ -0,0 +1,29 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +using System; +using System.Threading.Tasks; +using Azure.Core.Pipeline; +using Azure.Core.TestFramework; +using NUnit.Framework; + +namespace Azure.Identity.Tests +{ + public class ManagedIdentityVMIntegrationTests : IdentityRecordedTestBase + { + public ManagedIdentityVMIntegrationTests(bool isAsync) : base(isAsync) + { } + + [Test] + [LiveOnly] + [Category("IdentityVM")] + // This test leverages the test app found in Azure.Identity\integration\WebApp + // It validates that ManagedIdentityCredential can acquire a token in an actual Azure Web App environment + public async Task GetManagedIdentityToken() + { + var cred = new ManagedIdentityCredential(TestEnvironment.VMUserAssignedManagedIdentityClientId); + var token = await cred.GetTokenAsync(new(CredentialTestHelpers.DefaultScope)); + Assert.NotNull(token.Token); + } + } +} diff --git a/sdk/identity/platform-matrix.json b/sdk/identity/platform-matrix.json index 07745ecd2db8c..c4eb2ddae27f8 100644 --- a/sdk/identity/platform-matrix.json +++ b/sdk/identity/platform-matrix.json @@ -1,7 +1,15 @@ { + "displayNames": { + "Public,Preview,Canary": "" + }, "include": [ { "Agent": { + "msi_image": { + "OSVmImage": "ubuntu-22.04", + "Pool": "azsdk-pool-mms-ubuntu-2204-identitymsi", + "AdditionalTestFilters": "TestCategory=IdentityVM" + }, "ubuntu_keyring_container": { "OSVmImage": "ubuntu-20.04", "Pool": "Azure Pipelines", @@ -12,4 +20,4 @@ "SupportedClouds": "Public,Preview,Canary" } ] -} +} \ No newline at end of file diff --git a/sdk/identity/tests.yml b/sdk/identity/tests.yml index 477a8e76f9db8..988bc49c598bd 100644 --- a/sdk/identity/tests.yml +++ b/sdk/identity/tests.yml @@ -4,6 +4,11 @@ extends: template: /eng/pipelines/templates/stages/archetype-sdk-tests.yml parameters: TimeoutInMinutes: 120 + AdditionalMatrixConfigs: + - Name: identity_msi + Path: sdk/identity/platform-matrix.json + Selection: sparse + GenerateVMJobs: true ServiceDirectory: identity CloudConfig: Public: