Skip to content

[Key Vault] Drop service principal authentication from test pipelines #36270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
mccoyp wants to merge 14 commits into from
Closed

[Key Vault] Drop service principal authentication from test pipelines #36270

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
6484fcf
Update pipelines for non-SP auth
mccoyp Jun 27, 2024
32b2140
Update Administration config
mccoyp Jun 27, 2024
e3a17ee
Update Keys config
mccoyp Jun 27, 2024
898a3bb
Refresh credentials in test-resources-post
mccoyp Jul 29, 2024
9326f0f
Refresh credentials earlier in script
mccoyp Jul 29, 2024
974a43d
Try getting credential with context
mccoyp Jul 30, 2024
f3add32
Sync test-resources with JS to fix deployment auth issues
mccoyp Jul 31, 2024
0e55932
Repair administration's tests.yml
mccoyp Jul 31, 2024
2a4acdd
Try same location as JS
mccoyp Jul 31, 2024
462c3b6
Try aligning Keys tests.yml with JS's
mccoyp Aug 1, 2024
1a722a1
Fix Admin; Target only Keys/Admin
mccoyp Aug 1, 2024
32cb72c
Make multitenant tests compatible with pipelines
mccoyp Aug 2, 2024
b1ed137
Correctly get credentials
mccoyp Aug 2, 2024
dcfb0d5
Fix async credential
mccoyp Aug 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Make multitenant tests compatible with pipelines
  • Loading branch information
@mccoyp
mccoyp committed Aug 2, 2024
commit 32cb72c3eb20e6e5956f138b4bc0123768973c6b
23 changes: 9 additions & 14 deletions sdk/keyvault/azure-keyvault-keys/tests/test_challenge_auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,22 +41,11 @@ def test_multitenant_authentication(self, client, is_hsm, **kwargs):
if not self.is_live:
pytest.skip("This test is incompatible with test proxy in playback")

client_id = os.environ.get("KEYVAULT_CLIENT_ID")
client_secret = os.environ.get("KEYVAULT_CLIENT_SECRET")

# we set up a client for this method to align with the async test, but we actually want to create a new client
# this new client should use a credential with an initially fake tenant ID and still succeed with a real request
if os.environ.get("AZURE_TEST_USE_PWSH_AUTH") == "true":
credential = AzurePowerShellCredential(tenant_id=str(uuid4()), additionally_allowed_tenants="*")
elif os.environ.get("AZURE_TEST_USE_CLI_AUTH") == "true":
credential = AzureCliCredential(tenant_id=str(uuid4()), additionally_allowed_tenants="*")
else:
credential = ClientSecretCredential(
tenant_id=str(uuid4()),
client_id=client_id,
client_secret=client_secret,
additionally_allowed_tenants="*",
)
original_tenant = os.environ.get("AZURE_TENANT_ID")
os.environ["AZURE_TENANT_ID"] = str(uuid4())
credential = self.get_credential(additionally_allowed_tenants="*")
managed_hsm_url = kwargs.pop("managed_hsm_url", None)
keyvault_url = kwargs.pop("vault_url", None)
vault_url = managed_hsm_url if is_hsm else keyvault_url
Expand All @@ -74,6 +63,12 @@ def test_multitenant_authentication(self, client, is_hsm, **kwargs):
fetched_key = client.get_key(key_name)
assert key.id == fetched_key.id

# clear the fake tenant
if original_tenant:
os.environ["AZURE_TENANT_ID"] = original_tenant
else:
os.environ.pop("AZURE_TENANT_ID")

def empty_challenge_cache(fn):
@functools.wraps(fn)
def wrapper(**kwargs):
Expand Down
23 changes: 9 additions & 14 deletions sdk/keyvault/azure-keyvault-keys/tests/test_challenge_auth_async.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,22 +42,11 @@ async def test_multitenant_authentication(self, client, is_hsm, **kwargs):
if not self.is_live:
pytest.skip("This test is incompatible with vcrpy in playback")

client_id = os.environ.get("KEYVAULT_CLIENT_ID")
client_secret = os.environ.get("KEYVAULT_CLIENT_SECRET")

# we set up a client for this method so it gets awaited, but we actually want to create a new client
# this new client should use a credential with an initially fake tenant ID and still succeed with a real request
if os.environ.get("AZURE_TEST_USE_PWSH_AUTH") == "true":
credential = AzurePowerShellCredential(tenant_id=str(uuid4()), additionally_allowed_tenants="*")
elif os.environ.get("AZURE_TEST_USE_CLI_AUTH") == "true":
credential = AzureCliCredential(tenant_id=str(uuid4()), additionally_allowed_tenants="*")
else:
credential = ClientSecretCredential(
tenant_id=str(uuid4()),
client_id=client_id,
client_secret=client_secret,
additionally_allowed_tenants="*",
)
original_tenant = os.environ.get("AZURE_TENANT_ID")
os.environ["AZURE_TENANT_ID"] = str(uuid4())
credential = self.get_credential(additionally_allowed_tenants="*")
managed_hsm_url = kwargs.pop("managed_hsm_url", None)
keyvault_url = kwargs.pop("vault_url", None)
vault_url = managed_hsm_url if is_hsm else keyvault_url
Expand All @@ -75,6 +64,12 @@ async def test_multitenant_authentication(self, client, is_hsm, **kwargs):
fetched_key = await client.get_key(key_name)
assert key.id == fetched_key.id

# clear the fake tenant
if original_tenant:
os.environ["AZURE_TENANT_ID"] = original_tenant
else:
os.environ.pop("AZURE_TENANT_ID")


@pytest.mark.asyncio
@empty_challenge_cache
Expand Down