From b5bb9536ce2d1d5323d05e50ef3ba1ff6960c3db Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 1 Jul 2024 12:48:00 -0700 Subject: [PATCH 01/43] test1 --- .../inc/azure/core/test/test_base.hpp | 13 ++++++++++++- sdk/core/ci.yml | 1 + sdk/eventhubs/ci.yml | 1 + sdk/identity/ci.yml | 1 + sdk/keyvault/ci.yml | 1 + sdk/storage/ci.yml | 1 + sdk/tables/ci.yml | 1 + 7 files changed, 18 insertions(+), 1 deletion(-) diff --git a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp index de9c152fd0..4fec9cf019 100644 --- a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp +++ b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp @@ -15,6 +15,8 @@ #include #include #include +#include +#include #include #include @@ -246,7 +248,16 @@ namespace Azure { namespace Core { namespace Test { } if (clientSecret.empty()) { - m_testCredential = std::make_shared(); + m_testCredential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std::make_shared( + GetEnv("AZURE_TENANT_ID"), + GetEnv("AZURE_CLIENT_ID"), + "serviceConnectionId", // gearama these need to be updated to use the proper + // ENVs defined in the pipeline + "systemAccessToken"), // gearama these need to be updated to use the proper + // ENVs defined in the pipeline + std::make_shared()}); } else { diff --git a/sdk/core/ci.yml b/sdk/core/ci.yml index 618999e744..8606dd261d 100644 --- a/sdk/core/ci.yml +++ b/sdk/core/ci.yml @@ -53,6 +53,7 @@ extends: LiveTestTimeoutInMinutes: 90 # default is 60 min. We need a little longer on worst case for Win+jsonTests LineCoverageTarget: 88 BranchCoverageTarget: 50 + UseFederatedAuth: true # PreTestSteps: # - pwsh: | # docker build -t squid-local $(Build.SourcesDirectory)/sdk/core/azure-core/test/ut/proxy_tests/localproxy diff --git a/sdk/eventhubs/ci.yml b/sdk/eventhubs/ci.yml index a87a348b36..b6bce45415 100644 --- a/sdk/eventhubs/ci.yml +++ b/sdk/eventhubs/ci.yml @@ -32,6 +32,7 @@ extends: LiveTestTimeoutInMinutes: 120 LineCoverageTarget: 27 BranchCoverageTarget: 13 + UseFederatedAuth: true Artifacts: - Name: azure-messaging-eventhubs Path: azure-messaging-eventhubs diff --git a/sdk/identity/ci.yml b/sdk/identity/ci.yml index 2fcb520b3b..053746e82d 100644 --- a/sdk/identity/ci.yml +++ b/sdk/identity/ci.yml @@ -30,6 +30,7 @@ extends: LiveTestCtestRegex: azure-identity. LineCoverageTarget: 95 BranchCoverageTarget: 56 + UseFederatedAuth: true Artifacts: - Name: azure-identity Path: azure-identity diff --git a/sdk/keyvault/ci.yml b/sdk/keyvault/ci.yml index 9b3a6358db..c491e25ee7 100644 --- a/sdk/keyvault/ci.yml +++ b/sdk/keyvault/ci.yml @@ -32,6 +32,7 @@ extends: LiveTestTimeoutInMinutes: 120 LineCoverageTarget: 81 BranchCoverageTarget: 42 + UseFederatedAuth: true Artifacts: - Name: azure-security-keyvault-keys Path: azure-security-keyvault-keys diff --git a/sdk/storage/ci.yml b/sdk/storage/ci.yml index ddf0129e76..ca8ba906d7 100644 --- a/sdk/storage/ci.yml +++ b/sdk/storage/ci.yml @@ -33,6 +33,7 @@ extends: LiveTestCtestRegex: azure-storage Clouds: Preview SupportedClouds: Preview + UseFederatedAuth: false Artifacts: - Name: azure-storage-common Path: azure-storage-common diff --git a/sdk/tables/ci.yml b/sdk/tables/ci.yml index 350b30e121..eb9e9e09b0 100644 --- a/sdk/tables/ci.yml +++ b/sdk/tables/ci.yml @@ -30,6 +30,7 @@ extends: CtestRegex: azure-data LineCoverageTarget: 77 BranchCoverageTarget: 42 + UseFederatedAuth: true LiveTestCtestRegex: azure-data Clouds: Preview SupportedClouds: Preview From e4c3ea2f557b888d1377bc221bcdea19e9ebf991 Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 1 Jul 2024 14:14:29 -0700 Subject: [PATCH 02/43] hgdfchg --- sdk/core/ci.yml | 2 +- sdk/eventhubs/azure-messaging-eventhubs/README.md | 1 + sdk/eventhubs/ci.yml | 2 +- sdk/identity/azure-identity/README.md | 1 + sdk/identity/ci.yml | 2 +- sdk/keyvault/azure-security-keyvault-administration/README.md | 1 + sdk/keyvault/ci.yml | 2 +- sdk/storage/README.md | 2 +- sdk/storage/ci.yml | 2 +- sdk/tables/azure-data-tables/README.md | 1 + sdk/tables/ci.yml | 2 +- 11 files changed, 11 insertions(+), 7 deletions(-) diff --git a/sdk/core/ci.yml b/sdk/core/ci.yml index 8606dd261d..5297dffad1 100644 --- a/sdk/core/ci.yml +++ b/sdk/core/ci.yml @@ -53,7 +53,7 @@ extends: LiveTestTimeoutInMinutes: 90 # default is 60 min. We need a little longer on worst case for Win+jsonTests LineCoverageTarget: 88 BranchCoverageTarget: 50 - UseFederatedAuth: true + #UseFederatedAuth: true # PreTestSteps: # - pwsh: | # docker build -t squid-local $(Build.SourcesDirectory)/sdk/core/azure-core/test/ut/proxy_tests/localproxy diff --git a/sdk/eventhubs/azure-messaging-eventhubs/README.md b/sdk/eventhubs/azure-messaging-eventhubs/README.md index 8bc7dbd8e7..9bb3c1f2f4 100644 --- a/sdk/eventhubs/azure-messaging-eventhubs/README.md +++ b/sdk/eventhubs/azure-messaging-eventhubs/README.md @@ -272,3 +272,4 @@ Azure SDK for C++ is licensed under the [MIT](https://github.com/Azure/azure-sdk [cppdoc_examples]: https://github.com/Azure/azure-sdk-for-cpp/tree/main/sdk/eventhubs/azure-messaging-eventhubs/samples ![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-cpp%2Fsdk%2Feventhubs%2FREADME.png) + diff --git a/sdk/eventhubs/ci.yml b/sdk/eventhubs/ci.yml index b6bce45415..515efa50e1 100644 --- a/sdk/eventhubs/ci.yml +++ b/sdk/eventhubs/ci.yml @@ -32,7 +32,7 @@ extends: LiveTestTimeoutInMinutes: 120 LineCoverageTarget: 27 BranchCoverageTarget: 13 - UseFederatedAuth: true + #UseFederatedAuth: true Artifacts: - Name: azure-messaging-eventhubs Path: azure-messaging-eventhubs diff --git a/sdk/identity/azure-identity/README.md b/sdk/identity/azure-identity/README.md index 57de82c28a..03f6adff21 100644 --- a/sdk/identity/azure-identity/README.md +++ b/sdk/identity/azure-identity/README.md @@ -192,3 +192,4 @@ Azure SDK for C++ is licensed under the [MIT](https://github.com/Azure/azure-sdk [meid_doc]: https://learn.microsoft.com/entra/identity/ [azure_core_library]: https://github.com/Azure/azure-sdk-for-cpp/tree/main/sdk/core [doxygen]: https://azure.github.io/azure-sdk-for-cpp/ + diff --git a/sdk/identity/ci.yml b/sdk/identity/ci.yml index 053746e82d..83ab62891a 100644 --- a/sdk/identity/ci.yml +++ b/sdk/identity/ci.yml @@ -30,7 +30,7 @@ extends: LiveTestCtestRegex: azure-identity. LineCoverageTarget: 95 BranchCoverageTarget: 56 - UseFederatedAuth: true + #UseFederatedAuth: true Artifacts: - Name: azure-identity Path: azure-identity diff --git a/sdk/keyvault/azure-security-keyvault-administration/README.md b/sdk/keyvault/azure-security-keyvault-administration/README.md index 91557748e7..2414ffeeff 100644 --- a/sdk/keyvault/azure-security-keyvault-administration/README.md +++ b/sdk/keyvault/azure-security-keyvault-administration/README.md @@ -177,3 +177,4 @@ Azure SDK for C++ is licensed under the [MIT](https://github.com/Azure/azure-sdk [rbac_guide]: https://learn.microsoft.com/azure/key-vault/general/rbac-guide [best_practices]: https://learn.microsoft.com/azure/key-vault/managed-hsm/best-practices [built_in_roles]: https://learn.microsoft.com/azure/key-vault/managed-hsm/built-in-roles + diff --git a/sdk/keyvault/ci.yml b/sdk/keyvault/ci.yml index c491e25ee7..3260cbb22f 100644 --- a/sdk/keyvault/ci.yml +++ b/sdk/keyvault/ci.yml @@ -32,7 +32,7 @@ extends: LiveTestTimeoutInMinutes: 120 LineCoverageTarget: 81 BranchCoverageTarget: 42 - UseFederatedAuth: true + #UseFederatedAuth: true Artifacts: - Name: azure-security-keyvault-keys Path: azure-security-keyvault-keys diff --git a/sdk/storage/README.md b/sdk/storage/README.md index f15f3b51c5..038152abf8 100644 --- a/sdk/storage/README.md +++ b/sdk/storage/README.md @@ -36,4 +36,4 @@ additional questions or comments. [coc]: https://opensource.microsoft.com/codeofconduct/ [coc_faq]: https://opensource.microsoft.com/codeofconduct/faq/ [coc_contact]: mailto:opencode@microsoft.com - \ No newline at end of file + diff --git a/sdk/storage/ci.yml b/sdk/storage/ci.yml index ca8ba906d7..0e6b0f3568 100644 --- a/sdk/storage/ci.yml +++ b/sdk/storage/ci.yml @@ -33,7 +33,7 @@ extends: LiveTestCtestRegex: azure-storage Clouds: Preview SupportedClouds: Preview - UseFederatedAuth: false + #UseFederatedAuth: false Artifacts: - Name: azure-storage-common Path: azure-storage-common diff --git a/sdk/tables/azure-data-tables/README.md b/sdk/tables/azure-data-tables/README.md index 5e2ed157aa..00ae22078d 100644 --- a/sdk/tables/azure-data-tables/README.md +++ b/sdk/tables/azure-data-tables/README.md @@ -285,3 +285,4 @@ additional questions or comments. [azure_portal_create_account]:https://docs.microsoft.com/azure/storage/common/storage-account-create?tabs=azure-portal [azure_powershell_create_account]:https://docs.microsoft.com/azure/storage/common/storage-account-create?tabs=azure-powershell [azure_cli_create_account]: https://docs.microsoft.com/azure/storage/common/storage-account-create?tabs=azure-cli + diff --git a/sdk/tables/ci.yml b/sdk/tables/ci.yml index eb9e9e09b0..75504275b0 100644 --- a/sdk/tables/ci.yml +++ b/sdk/tables/ci.yml @@ -30,7 +30,7 @@ extends: CtestRegex: azure-data LineCoverageTarget: 77 BranchCoverageTarget: 42 - UseFederatedAuth: true + #UseFederatedAuth: true LiveTestCtestRegex: azure-data Clouds: Preview SupportedClouds: Preview From 2c9810f6f5fc21b50d55d84de598fbacfa653d24 Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 1 Jul 2024 15:04:44 -0700 Subject: [PATCH 03/43] remove the remnants of azure client secret --- sdk/attestation/ci.yml | 2 -- .../inc/azure/core/test/test_base.hpp | 2 +- sdk/core/ci.yml | 2 -- sdk/core/perf/inc/azure/perf/base_test.hpp | 2 +- sdk/core/perf/src/base_test.cpp | 13 ++++++++++++- sdk/eventhubs/ci.yml | 2 -- sdk/keyvault/azure-security-keyvault-keys/README.md | 3 +-- sdk/keyvault/ci.yml | 2 -- 8 files changed, 15 insertions(+), 13 deletions(-) diff --git a/sdk/attestation/ci.yml b/sdk/attestation/ci.yml index 9be5362525..441b06aa7b 100644 --- a/sdk/attestation/ci.yml +++ b/sdk/attestation/ci.yml @@ -48,8 +48,6 @@ extends: Value: "33333333-3333-3333-3333-333333333333" - Name: AZURE_CLIENT_ID Value: "non-real-client" - - Name: AZURE_CLIENT_SECRET - Value: "non-real-secret" # NOTE: The LOCATION_SHORT_NAME *must* match the region in which the tests were created. - Name: LOCATION_SHORT_NAME Value: "wus" diff --git a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp index 4fec9cf019..5271e4dd6c 100644 --- a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp +++ b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp @@ -313,7 +313,7 @@ namespace Azure { namespace Core { namespace Test { * * @return The value of the environment variable retrieved. * - * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID, or AZURE_CLIENT_SECRET are not available in the + * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID are not available in the * environment, the AZURE_SERVICE_DIRECTORY environment variable is used to set those values * with the values emitted by the New-TestResources.ps1 script. * diff --git a/sdk/core/ci.yml b/sdk/core/ci.yml index 5297dffad1..092cc006ee 100644 --- a/sdk/core/ci.yml +++ b/sdk/core/ci.yml @@ -108,8 +108,6 @@ extends: Value: "33333333-3333-3333-3333-333333333333" - Name: AZURE_CLIENT_ID Value: "non-real-client" - - Name: AZURE_CLIENT_SECRET - Value: "non-real-secret" # Storage - Name: AAD_TENANT_ID Value: "33333333-3333-3333-3333-333333333333" diff --git a/sdk/core/perf/inc/azure/perf/base_test.hpp b/sdk/core/perf/inc/azure/perf/base_test.hpp index cc0c7f5f05..2f5eac998b 100644 --- a/sdk/core/perf/inc/azure/perf/base_test.hpp +++ b/sdk/core/perf/inc/azure/perf/base_test.hpp @@ -100,7 +100,7 @@ namespace Azure { namespace Perf { * * @return The value of the environment variable retrieved. * - * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID, or AZURE_CLIENT_SECRET are not available in the + * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID are not available in the * environment, the AZURE_SERVICE_DIRECTORY environment variable is used to set those values * with the values emitted by the New-TestResources.ps1 script. * diff --git a/sdk/core/perf/src/base_test.cpp b/sdk/core/perf/src/base_test.cpp index c5ab583014..acf65ce839 100644 --- a/sdk/core/perf/src/base_test.cpp +++ b/sdk/core/perf/src/base_test.cpp @@ -11,6 +11,8 @@ #endif #include #include +#include +#include #include #include @@ -285,7 +287,16 @@ namespace Azure { namespace Perf { } if (clientSecret.empty()) { - m_testCredential = std::make_shared(); + m_testCredential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std::make_shared( + GetEnv("AZURE_TENANT_ID"), + GetEnv("AZURE_CLIENT_ID"), + "serviceConnectionId", // gearama these need to be updated to use the proper + // ENVs defined in the pipeline + "systemAccessToken"), // gearama these need to be updated to use the proper + // ENVs defined in the pipeline + std::make_shared()}); } else { diff --git a/sdk/eventhubs/ci.yml b/sdk/eventhubs/ci.yml index 515efa50e1..1e867e6ccf 100644 --- a/sdk/eventhubs/ci.yml +++ b/sdk/eventhubs/ci.yml @@ -52,8 +52,6 @@ extends: Value: "33333333-3333-3333-3333-333333333333" - Name: AZURE_CLIENT_ID Value: "non-real-client" - - Name: AZURE_CLIENT_SECRET - Value: "non-real-secret" - Name: AZURE_SUBSCRIPTION_ID Value: "non-real-sub" - Name: EVENTHUB_CONSUMER_GROUP diff --git a/sdk/keyvault/azure-security-keyvault-keys/README.md b/sdk/keyvault/azure-security-keyvault-keys/README.md index 9a4344fc0f..98c2dd7241 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/README.md +++ b/sdk/keyvault/azure-security-keyvault-keys/README.md @@ -79,11 +79,10 @@ Use the [Azure CLI][azure_cli] snippet below to create/get client secret credent ``` "" ``` -- Use the returned credentials above to set **AZURE_CLIENT_ID** (appId), **AZURE_CLIENT_SECRET** (password), and **AZURE_TENANT_ID** (tenant) environment variables. The following example shows a way to do this in Powershell: +- Use the returned credentials above to set **AZURE_CLIENT_ID** (appId) and **AZURE_TENANT_ID** (tenant) environment variables. The following example shows a way to do this in Powershell: ```PowerShell $Env:AZURE_CLIENT_ID="generated-app-ID" - $Env:AZURE_CLIENT_SECRET="random-password" $Env:AZURE_TENANT_ID="tenant-ID" ``` diff --git a/sdk/keyvault/ci.yml b/sdk/keyvault/ci.yml index 3260cbb22f..10b39d9af3 100644 --- a/sdk/keyvault/ci.yml +++ b/sdk/keyvault/ci.yml @@ -69,8 +69,6 @@ extends: Value: "33333333-3333-3333-3333-333333333333" - Name: AZURE_CLIENT_ID Value: "non-real-client" - - Name: AZURE_CLIENT_SECRET - Value: "non-real-secret" - Name: LOGGING__LOGLEVEL__DEFAULT Value: "debug" - Name: LOGGING__LOGLEVEL From 2bd4ad25d7ce629be46c70e1e8df810ba4572dce Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 1 Jul 2024 17:05:46 -0700 Subject: [PATCH 04/43] test KV with federated auth --- sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp | 6 ++---- sdk/core/perf/src/base_test.cpp | 6 ++---- sdk/keyvault/ci.yml | 2 +- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp index 5271e4dd6c..0852324042 100644 --- a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp +++ b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp @@ -253,10 +253,8 @@ namespace Azure { namespace Core { namespace Test { std::make_shared( GetEnv("AZURE_TENANT_ID"), GetEnv("AZURE_CLIENT_ID"), - "serviceConnectionId", // gearama these need to be updated to use the proper - // ENVs defined in the pipeline - "systemAccessToken"), // gearama these need to be updated to use the proper - // ENVs defined in the pipeline + GetEnv("AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + GetEnv("SYSTEM_ACCESSTOKEN")), std::make_shared()}); } else diff --git a/sdk/core/perf/src/base_test.cpp b/sdk/core/perf/src/base_test.cpp index acf65ce839..b9c64e097f 100644 --- a/sdk/core/perf/src/base_test.cpp +++ b/sdk/core/perf/src/base_test.cpp @@ -292,10 +292,8 @@ namespace Azure { namespace Perf { std::make_shared( GetEnv("AZURE_TENANT_ID"), GetEnv("AZURE_CLIENT_ID"), - "serviceConnectionId", // gearama these need to be updated to use the proper - // ENVs defined in the pipeline - "systemAccessToken"), // gearama these need to be updated to use the proper - // ENVs defined in the pipeline + GetEnv("AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + GetEnv("SYSTEM_ACCESSTOKEN")), std::make_shared()}); } else diff --git a/sdk/keyvault/ci.yml b/sdk/keyvault/ci.yml index 10b39d9af3..a27f1df528 100644 --- a/sdk/keyvault/ci.yml +++ b/sdk/keyvault/ci.yml @@ -32,7 +32,7 @@ extends: LiveTestTimeoutInMinutes: 120 LineCoverageTarget: 81 BranchCoverageTarget: 42 - #UseFederatedAuth: true + UseFederatedAuth: true Artifacts: - Name: azure-security-keyvault-keys Path: azure-security-keyvault-keys From e91611050f639e928b95086ea0699e56daedf6f9 Mon Sep 17 00:00:00 2001 From: George Arama Date: Tue, 2 Jul 2024 10:14:29 -0700 Subject: [PATCH 05/43] UseFederatedAuth --- sdk/attestation/ci.yml | 1 + sdk/core/ci.yml | 2 +- sdk/eventhubs/ci.yml | 2 +- sdk/identity/ci.yml | 2 +- sdk/storage/ci.yml | 2 +- sdk/tables/ci.yml | 2 +- 6 files changed, 6 insertions(+), 5 deletions(-) diff --git a/sdk/attestation/ci.yml b/sdk/attestation/ci.yml index 441b06aa7b..3e161a01e0 100644 --- a/sdk/attestation/ci.yml +++ b/sdk/attestation/ci.yml @@ -32,6 +32,7 @@ extends: LiveTestCtestRegex: azure-security-attestation.* LineCoverageTarget: 70 BranchCoverageTarget: 34 + UseFederatedAuth: true Artifacts: - Name: azure-security-attestation Path: azure-security-attestation diff --git a/sdk/core/ci.yml b/sdk/core/ci.yml index 092cc006ee..9d052ecf3d 100644 --- a/sdk/core/ci.yml +++ b/sdk/core/ci.yml @@ -53,7 +53,7 @@ extends: LiveTestTimeoutInMinutes: 90 # default is 60 min. We need a little longer on worst case for Win+jsonTests LineCoverageTarget: 88 BranchCoverageTarget: 50 - #UseFederatedAuth: true + UseFederatedAuth: true # PreTestSteps: # - pwsh: | # docker build -t squid-local $(Build.SourcesDirectory)/sdk/core/azure-core/test/ut/proxy_tests/localproxy diff --git a/sdk/eventhubs/ci.yml b/sdk/eventhubs/ci.yml index 1e867e6ccf..3ae529c9ed 100644 --- a/sdk/eventhubs/ci.yml +++ b/sdk/eventhubs/ci.yml @@ -32,7 +32,7 @@ extends: LiveTestTimeoutInMinutes: 120 LineCoverageTarget: 27 BranchCoverageTarget: 13 - #UseFederatedAuth: true + UseFederatedAuth: true Artifacts: - Name: azure-messaging-eventhubs Path: azure-messaging-eventhubs diff --git a/sdk/identity/ci.yml b/sdk/identity/ci.yml index 83ab62891a..053746e82d 100644 --- a/sdk/identity/ci.yml +++ b/sdk/identity/ci.yml @@ -30,7 +30,7 @@ extends: LiveTestCtestRegex: azure-identity. LineCoverageTarget: 95 BranchCoverageTarget: 56 - #UseFederatedAuth: true + UseFederatedAuth: true Artifacts: - Name: azure-identity Path: azure-identity diff --git a/sdk/storage/ci.yml b/sdk/storage/ci.yml index 0e6b0f3568..ca8ba906d7 100644 --- a/sdk/storage/ci.yml +++ b/sdk/storage/ci.yml @@ -33,7 +33,7 @@ extends: LiveTestCtestRegex: azure-storage Clouds: Preview SupportedClouds: Preview - #UseFederatedAuth: false + UseFederatedAuth: false Artifacts: - Name: azure-storage-common Path: azure-storage-common diff --git a/sdk/tables/ci.yml b/sdk/tables/ci.yml index 75504275b0..eb9e9e09b0 100644 --- a/sdk/tables/ci.yml +++ b/sdk/tables/ci.yml @@ -30,7 +30,7 @@ extends: CtestRegex: azure-data LineCoverageTarget: 77 BranchCoverageTarget: 42 - #UseFederatedAuth: true + UseFederatedAuth: true LiveTestCtestRegex: azure-data Clouds: Preview SupportedClouds: Preview From c429beb01774290c277a98fbb2ac0c6a89dfe8b7 Mon Sep 17 00:00:00 2001 From: George Arama Date: Tue, 2 Jul 2024 11:36:09 -0700 Subject: [PATCH 06/43] fdsa --- sdk/attestation/ci.yml | 2 ++ sdk/core/ci.yml | 2 ++ sdk/eventhubs/ci.yml | 2 ++ sdk/keyvault/ci.yml | 2 ++ 4 files changed, 8 insertions(+) diff --git a/sdk/attestation/ci.yml b/sdk/attestation/ci.yml index 3e161a01e0..2d7e75aaa7 100644 --- a/sdk/attestation/ci.yml +++ b/sdk/attestation/ci.yml @@ -49,6 +49,8 @@ extends: Value: "33333333-3333-3333-3333-333333333333" - Name: AZURE_CLIENT_ID Value: "non-real-client" + - Name: AZURE_CLIENT_SECRET + Value: "non-real-secret" # NOTE: The LOCATION_SHORT_NAME *must* match the region in which the tests were created. - Name: LOCATION_SHORT_NAME Value: "wus" diff --git a/sdk/core/ci.yml b/sdk/core/ci.yml index 9d052ecf3d..8606dd261d 100644 --- a/sdk/core/ci.yml +++ b/sdk/core/ci.yml @@ -108,6 +108,8 @@ extends: Value: "33333333-3333-3333-3333-333333333333" - Name: AZURE_CLIENT_ID Value: "non-real-client" + - Name: AZURE_CLIENT_SECRET + Value: "non-real-secret" # Storage - Name: AAD_TENANT_ID Value: "33333333-3333-3333-3333-333333333333" diff --git a/sdk/eventhubs/ci.yml b/sdk/eventhubs/ci.yml index 3ae529c9ed..b6bce45415 100644 --- a/sdk/eventhubs/ci.yml +++ b/sdk/eventhubs/ci.yml @@ -52,6 +52,8 @@ extends: Value: "33333333-3333-3333-3333-333333333333" - Name: AZURE_CLIENT_ID Value: "non-real-client" + - Name: AZURE_CLIENT_SECRET + Value: "non-real-secret" - Name: AZURE_SUBSCRIPTION_ID Value: "non-real-sub" - Name: EVENTHUB_CONSUMER_GROUP diff --git a/sdk/keyvault/ci.yml b/sdk/keyvault/ci.yml index a27f1df528..c491e25ee7 100644 --- a/sdk/keyvault/ci.yml +++ b/sdk/keyvault/ci.yml @@ -69,6 +69,8 @@ extends: Value: "33333333-3333-3333-3333-333333333333" - Name: AZURE_CLIENT_ID Value: "non-real-client" + - Name: AZURE_CLIENT_SECRET + Value: "non-real-secret" - Name: LOGGING__LOGLEVEL__DEFAULT Value: "debug" - Name: LOGGING__LOGLEVEL From 718edf4d7ed8c112cc2d9eff33bf82901dc8fba0 Mon Sep 17 00:00:00 2001 From: George Arama Date: Tue, 2 Jul 2024 12:29:32 -0700 Subject: [PATCH 07/43] kv template with managed --- sdk/keyvault/test-resources.json | 167 +++++++++++++++++++++++-------- 1 file changed, 124 insertions(+), 43 deletions(-) diff --git a/sdk/keyvault/test-resources.json b/sdk/keyvault/test-resources.json index 9b154ed8a6..a3e77f15e6 100644 --- a/sdk/keyvault/test-resources.json +++ b/sdk/keyvault/test-resources.json @@ -54,50 +54,50 @@ "type": "string", "defaultValue": "brazilsouth", "allowedValues": [ - "australiacentral", - "australiacentral2", - "australiaeast", - "brazilsouth", - "brazilsoutheast", - "canadacentral", - "canadaeast", - "centralindia", - "centralus", - "eastasia", - "eastus", - "eastus2", - "eastus2euap", - "francecentral", - "germanywestcentral", - "israelcentral", - "italynorth", - "japaneast", - "japanwest", - "koreacentral", - "northcentralus", - "northeurope", - "norwayeast", - "norwaywest", - "polandcentral", - "qatarcentral", - "southafricanorth", - "southcentralus", - "southindia", - "southeastasia", - "swedencentral", - "switzerlandnorth", - "switzerlandwest", - "uaenorth", - "uksouth", - "westcentralus", - "westeurope", - "westindia", - "westus", - "westus2", - "westus3" + "australiacentral", + "australiacentral2", + "australiaeast", + "brazilsouth", + "brazilsoutheast", + "canadacentral", + "canadaeast", + "centralindia", + "centralus", + "eastasia", + "eastus", + "eastus2", + "eastus2euap", + "francecentral", + "germanywestcentral", + "israelcentral", + "italynorth", + "japaneast", + "japanwest", + "koreacentral", + "northcentralus", + "northeurope", + "norwayeast", + "norwaywest", + "polandcentral", + "qatarcentral", + "southafricanorth", + "southcentralus", + "southindia", + "southeastasia", + "swedencentral", + "switzerlandnorth", + "switzerlandwest", + "uaenorth", + "uksouth", + "westcentralus", + "westeurope", + "westindia", + "westus", + "westus2", + "westus3" ], "metadata": { - "description": "The location of the Managed HSM. By default, this is 'brazilsouth'." + "description": "The location of the Managed HSM. By default, this is 'brazilsouth'." } }, "enableSoftDelete": { @@ -161,6 +161,10 @@ "metadata": { "description": "Whether to enable deployment of Managed HSM. The default is false." } + }, + "identityName": { + "type": "string", + "defaultValue": "identityForKeyVault" } }, "variables": { @@ -172,9 +176,31 @@ "defaultAction": "Allow", "virtualNetworkRules": [], "ipRules": [] - } + }, + "bootstrapRoleAssignmentId": "[guid(concat(resourceGroup().id, 'contributor'))]", + "contributorRoleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]" }, "resources": [ + { + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "name": "[parameters('identityName')]", + "location": "[parameters('location')]" + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2018-09-01-preview", + "name": "[variables('bootstrapRoleAssignmentId')]", + "dependsOn": [ + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]" + ], + "properties": { + "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2018-11-30').principalId]", + "scope": "[resourceGroup().id]", + "principalType": "ServicePrincipal" + } + }, { "type": "Microsoft.KeyVault/vaults", "apiVersion": "2021-11-01-preview", @@ -250,6 +276,61 @@ "enableSoftDelete": "[parameters('enableSoftDelete')]" } }, + { + "tenantId": "[parameters('tenantId')]", + "objectId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2018-11-30').principalId]", + "permissions": { + "keys": [ + "Get", + "List", + "Update", + "Create", + "Import", + "Delete", + "Recover", + "Backup", + "Restore", + "Decrypt", + "Encrypt", + "UnwrapKey", + "WrapKey", + "Sign", + "Purge", + "Rotate", + "Verify", + "GetRotationPolicy", + "SetRotationPolicy" + ], + "secrets": [ + "Get", + "List", + "Set", + "Delete", + "Recover", + "Backup", + "Restore", + "Purge" + ], + "certificates": [ + "Get", + "List", + "Update", + "Create", + "Import", + "Delete", + "Recover", + "Backup", + "Restore", + "ManageContacts", + "ManageIssuers", + "GetIssuers", + "ListIssuers", + "SetIssuers", + "DeleteIssuers", + "Purge" + ] + } + }, { "type": "Microsoft.KeyVault/vaults/keys", "apiVersion": "2019-09-01", From 6c1d77fc7ba120e949f91725c5c8f77ed97f1a93 Mon Sep 17 00:00:00 2001 From: George Arama Date: Tue, 2 Jul 2024 13:38:27 -0700 Subject: [PATCH 08/43] try try again --- sdk/keyvault/test-resources.json | 110 +++++++++++++++---------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/sdk/keyvault/test-resources.json b/sdk/keyvault/test-resources.json index a3e77f15e6..bda554c3f9 100644 --- a/sdk/keyvault/test-resources.json +++ b/sdk/keyvault/test-resources.json @@ -268,6 +268,61 @@ "Purge" ] } + }, + { + "tenantId": "[parameters('tenantId')]", + "objectId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2018-11-30').principalId]", + "permissions": { + "keys": [ + "Get", + "List", + "Update", + "Create", + "Import", + "Delete", + "Recover", + "Backup", + "Restore", + "Decrypt", + "Encrypt", + "UnwrapKey", + "WrapKey", + "Sign", + "Purge", + "Rotate", + "Verify", + "GetRotationPolicy", + "SetRotationPolicy" + ], + "secrets": [ + "Get", + "List", + "Set", + "Delete", + "Recover", + "Backup", + "Restore", + "Purge" + ], + "certificates": [ + "Get", + "List", + "Update", + "Create", + "Import", + "Delete", + "Recover", + "Backup", + "Restore", + "ManageContacts", + "ManageIssuers", + "GetIssuers", + "ListIssuers", + "SetIssuers", + "DeleteIssuers", + "Purge" + ] + } } ], "enabledForDeployment": false, @@ -276,61 +331,6 @@ "enableSoftDelete": "[parameters('enableSoftDelete')]" } }, - { - "tenantId": "[parameters('tenantId')]", - "objectId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2018-11-30').principalId]", - "permissions": { - "keys": [ - "Get", - "List", - "Update", - "Create", - "Import", - "Delete", - "Recover", - "Backup", - "Restore", - "Decrypt", - "Encrypt", - "UnwrapKey", - "WrapKey", - "Sign", - "Purge", - "Rotate", - "Verify", - "GetRotationPolicy", - "SetRotationPolicy" - ], - "secrets": [ - "Get", - "List", - "Set", - "Delete", - "Recover", - "Backup", - "Restore", - "Purge" - ], - "certificates": [ - "Get", - "List", - "Update", - "Create", - "Import", - "Delete", - "Recover", - "Backup", - "Restore", - "ManageContacts", - "ManageIssuers", - "GetIssuers", - "ListIssuers", - "SetIssuers", - "DeleteIssuers", - "Purge" - ] - } - }, { "type": "Microsoft.KeyVault/vaults/keys", "apiVersion": "2019-09-01", From 7bff79087595b52534a1f75cbd55730fe723905d Mon Sep 17 00:00:00 2001 From: George Arama Date: Tue, 2 Jul 2024 14:26:46 -0700 Subject: [PATCH 09/43] retry permissions --- sdk/keyvault/test-resources.json | 39 ++++++++++++++++---------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/sdk/keyvault/test-resources.json b/sdk/keyvault/test-resources.json index bda554c3f9..03e8f6901e 100644 --- a/sdk/keyvault/test-resources.json +++ b/sdk/keyvault/test-resources.json @@ -274,25 +274,26 @@ "objectId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2018-11-30').principalId]", "permissions": { "keys": [ - "Get", - "List", - "Update", - "Create", - "Import", - "Delete", - "Recover", - "Backup", - "Restore", - "Decrypt", - "Encrypt", - "UnwrapKey", - "WrapKey", - "Sign", - "Purge", - "Rotate", - "Verify", - "GetRotationPolicy", - "SetRotationPolicy" + "wrapKey", + "decrypt", + "list", + "purge", + "recover", + "restore", + "getrotationpolicy", + "sign", + "release", + "encrypt", + "rotate", + "import", + "create", + "verify", + "setrotationpolicy", + "backup", + "update", + "get", + "unwrapKey", + "delete" ], "secrets": [ "Get", From 47f4dbca3a4de1b0912963428652ecd27d4ec00e Mon Sep 17 00:00:00 2001 From: George Arama Date: Tue, 2 Jul 2024 16:14:04 -0700 Subject: [PATCH 10/43] add net acls --- sdk/keyvault/test-resources.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sdk/keyvault/test-resources.json b/sdk/keyvault/test-resources.json index 03e8f6901e..2025dcdb38 100644 --- a/sdk/keyvault/test-resources.json +++ b/sdk/keyvault/test-resources.json @@ -329,7 +329,8 @@ "enabledForDeployment": false, "enabledForDiskEncryption": false, "enabledForTemplateDeployment": false, - "enableSoftDelete": "[parameters('enableSoftDelete')]" + "enableSoftDelete": "[parameters('enableSoftDelete')]", + "networkAcls": "[variables('networkAcls')]" } }, { From 896bcaff00a520a6d3d576deef199ff5ef67126d Mon Sep 17 00:00:00 2001 From: George Arama Date: Tue, 2 Jul 2024 16:55:14 -0700 Subject: [PATCH 11/43] blunt force replace the resource json --- sdk/keyvault/test-resources.json | 426 +++++++++++++------------------ 1 file changed, 171 insertions(+), 255 deletions(-) diff --git a/sdk/keyvault/test-resources.json b/sdk/keyvault/test-resources.json index 2025dcdb38..a94e952caf 100644 --- a/sdk/keyvault/test-resources.json +++ b/sdk/keyvault/test-resources.json @@ -3,49 +3,34 @@ "contentVersion": "1.0.0.0", "parameters": { "baseName": { + "type": "string", "defaultValue": "[resourceGroup().name]", - "type": "String", "metadata": { "description": "The base resource name." } }, - "keyName": { - "defaultValue": "testKey", - "type": "String", - "metadata": { - "description": "The initial key in the keys." - } - }, - "secretName": { - "defaultValue": "testSecret", - "type": "String", - "metadata": { - "description": "The initial secret in the secrets." - } - }, "tenantId": { + "type": "string", "defaultValue": "72f988bf-86f1-41af-91ab-2d7cd011db47", - "type": "String", "metadata": { "description": "The tenant ID to which the application and resources belong." } }, - "testApplicationId": { - "type": "String", + "testApplicationOid": { + "type": "string", "metadata": { - "description": "The application client ID used to run tests." + "description": "The client OID to grant access to test resources." } }, - "testApplicationOid": { - "defaultValue": "b3653439-8136-4cd5-aac3-2a9460871ca6", - "type": "String", + "provisionerApplicationOid": { + "type": "string", "metadata": { - "description": "The client OID to grant access to test resources." + "description": "The provisioner OID to grant access to test resources." } }, "location": { + "type": "string", "defaultValue": "[resourceGroup().location]", - "type": "String", "metadata": { "description": "The location of the resource. By default, this is the same as the resource group." } @@ -97,114 +82,71 @@ "westus3" ], "metadata": { - "description": "The location of the Managed HSM. By default, this is 'brazilsouth'." + "description": "The location of the Managed HSM. By default, this is 'francecentral'." } }, - "enableSoftDelete": { + "enableAttestation": { + "type": "bool", "defaultValue": true, - "type": "Bool", "metadata": { - "description": "Whether to enable soft delete for the Key Vault. The default is true." + "description": "Whether to enable deployment of attestation resources. The default is true." } }, - "keyVaultDomainSuffix": { - "defaultValue": ".vault.azure.net", - "type": "String", + "enableHsm": { + "type": "bool", + "defaultValue": false, "metadata": { - "description": "Domain suffix for sovereign clouds, requires the preceding '.'. The default uses the public Azure Cloud (.vault.azure.net)" + "description": "Whether to enable deployment of Managed HSM. The default is false." } }, "keyVaultSku": { + "type": "string", "defaultValue": "premium", - "type": "String", "metadata": { "description": "Key Vault SKU to deploy. The default is 'premium'" } }, - "keyType": { - "defaultValue": "RSA", - "type": "String", - "metadata": { - "description": "The JsonWebKeyType of the key to be created." - } - }, - "keyOps": { - "defaultValue": [], - "type": "Array", - "metadata": { - "description": "The permitted JSON web key operations of the key to be created." - } - }, - "keySize": { - "defaultValue": 2048, - "type": "Int", - "metadata": { - "description": "The size in bits of the key to be created." - } - }, - "curveName": { - "defaultValue": "", - "type": "String", - "metadata": { - "description": "The JsonWebKeyCurveName of the key to be created." - } - }, - "provisionerApplicationOid": { - "type": "String", - "metadata": { - "description": "The provisioner OID to grant access to test resources." - } - }, - "enableHSM": { - "defaultValue": false, - "type": "Bool", + "attestationImage": { + "type": "string", + "defaultValue": "keyvault-mock-attestation:latest", "metadata": { - "description": "Whether to enable deployment of Managed HSM. The default is false." + "description": "The container image name and tag to use for the attestation mock service." } - }, - "identityName": { - "type": "string", - "defaultValue": "identityForKeyVault" } }, "variables": { - "azureKeyVaultUrl": "[format('https://{0}{1}/', parameters('baseName'), parameters('keyVaultDomainSuffix'))]", - "hsmApiVersion": "2021-11-01-preview", + "attestationFarm": "[concat(parameters('baseName'), 'farm')]", + "attestationSite": "[concat(parameters('baseName'), 'site')]", + "attestationUri": "[concat('DOCKER|azsdkengsys.azurecr.io/', parameters('attestationImage'))]", + "kvApiVersion": "2019-09-01", + "kvName": "[parameters('baseName')]", + "kvAdminDefinitionId": "00482a5a-887f-4fb3-b363-3b7fe8e74483", + "kvAdminAssignmentName": "[guid(resourceGroup().id, variables('kvAdminDefinitionId'), parameters('testApplicationOid'))]", + "hsmApiVersion": "2021-04-01-preview", "hsmName": "[concat(parameters('baseName'), 'hsm')]", + "mgmtApiVersion": "2019-04-01", + "blobContainerName": "backup", + "primaryAccountName": "[concat(parameters('baseName'), 'prim')]", + "encryption": { + "services": { + "blob": { + "enabled": true + } + }, + "keySource": "Microsoft.Storage" + }, "networkAcls": { "bypass": "AzureServices", - "defaultAction": "Allow", "virtualNetworkRules": [], - "ipRules": [] - }, - "bootstrapRoleAssignmentId": "[guid(concat(resourceGroup().id, 'contributor'))]", - "contributorRoleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]" + "ipRules": [], + "defaultAction": "Allow" + } }, "resources": [ - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2018-11-30", - "name": "[parameters('identityName')]", - "location": "[parameters('location')]" - }, - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2018-09-01-preview", - "name": "[variables('bootstrapRoleAssignmentId')]", - "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]" - ], - "properties": { - "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", - "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2018-11-30').principalId]", - "scope": "[resourceGroup().id]", - "principalType": "ServicePrincipal" - } - }, { "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2021-11-01-preview", - "name": "[parameters('baseName')]", + "apiVersion": "[variables('kvApiVersion')]", + "name": "[variables('kvName')]", "location": "[parameters('location')]", "properties": { "sku": { @@ -212,146 +154,29 @@ "name": "[parameters('keyVaultSku')]" }, "tenantId": "[parameters('tenantId')]", - "accessPolicies": [ - { - "tenantId": "[parameters('tenantId')]", - "objectId": "[parameters('testApplicationOid')]", - "permissions": { - "keys": [ - "wrapKey", - "decrypt", - "list", - "purge", - "recover", - "restore", - "getrotationpolicy", - "sign", - "release", - "encrypt", - "rotate", - "import", - "create", - "verify", - "setrotationpolicy", - "backup", - "update", - "get", - "unwrapKey", - "delete" - ], - "secrets": [ - "Get", - "List", - "Set", - "Delete", - "Recover", - "Backup", - "Restore", - "Purge" - ], - "certificates": [ - "Get", - "List", - "Update", - "Create", - "Import", - "Delete", - "Recover", - "Backup", - "Restore", - "ManageContacts", - "ManageIssuers", - "GetIssuers", - "ListIssuers", - "SetIssuers", - "DeleteIssuers", - "Purge" - ] - } - }, - { - "tenantId": "[parameters('tenantId')]", - "objectId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2018-11-30').principalId]", - "permissions": { - "keys": [ - "wrapKey", - "decrypt", - "list", - "purge", - "recover", - "restore", - "getrotationpolicy", - "sign", - "release", - "encrypt", - "rotate", - "import", - "create", - "verify", - "setrotationpolicy", - "backup", - "update", - "get", - "unwrapKey", - "delete" - ], - "secrets": [ - "Get", - "List", - "Set", - "Delete", - "Recover", - "Backup", - "Restore", - "Purge" - ], - "certificates": [ - "Get", - "List", - "Update", - "Create", - "Import", - "Delete", - "Recover", - "Backup", - "Restore", - "ManageContacts", - "ManageIssuers", - "GetIssuers", - "ListIssuers", - "SetIssuers", - "DeleteIssuers", - "Purge" - ] - } - } - ], "enabledForDeployment": false, "enabledForDiskEncryption": false, "enabledForTemplateDeployment": false, - "enableSoftDelete": "[parameters('enableSoftDelete')]", - "networkAcls": "[variables('networkAcls')]" + "enableSoftDelete": true, + "enableRbacAuthorization": true, + "softDeleteRetentionInDays": 7 } }, { - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2019-09-01", - "name": "[concat(parameters('baseName'), '/', parameters('keyName'))]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('baseName'))]" - ], + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[variables('kvAdminAssignmentName')]", "properties": { - "kty": "[parameters('keyType')]", - "keyOps": "[parameters('keyOps')]", - "keySize": "[parameters('keySize')]", - "curveName": "[parameters('curveName')]" + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('kvAdminDefinitionId'))]", + "principalId": "[parameters('testApplicationOid')]", + "scope": "[resourceGroup().id]" } }, { "type": "Microsoft.KeyVault/managedHSMs", "apiVersion": "[variables('hsmApiVersion')]", "name": "[variables('hsmName')]", + "condition": "[parameters('enableHsm')]", "location": "[parameters('hsmLocation')]", "sku": { "family": "B", @@ -365,42 +190,133 @@ "softDeleteRetentionInDays": 7, "publicNetworkAccess": "Enabled", "networkAcls": "[variables('networkAcls')]" + } + }, + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "[variables('mgmtApiVersion')]", + "name": "[variables('primaryAccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard_RAGRS", + "tier": "Standard" }, - "condition": "[parameters('enableHSM')]" - } - ], - "outputs": { - "AZURE_KEYVAULT_URL": { - "type": "String", - "value": "[variables('azureKeyVaultUrl')]" + "kind": "StorageV2", + "properties": { + "networkAcls": "[variables('networkAcls')]", + "supportsHttpsTrafficOnly": true, + "encryption": "[variables('encryption')]", + "accessTier": "Hot" + } }, - "AZURE_ENABLE_HSM": { - "type": "Bool", - "value": "[parameters('enableHSM')]" + { + "type": "Microsoft.Storage/storageAccounts/blobServices", + "apiVersion": "2019-06-01", + "name": "[concat(variables('primaryAccountName'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('primaryAccountName'))]" + ], + "sku": { + "name": "Standard_RAGRS", + "tier": "Standard" + }, + "properties": { + "cors": { + "corsRules": [] + }, + "deleteRetentionPolicy": { + "enabled": false + } + } }, - "AZURE_ENABLE_HSM_STR": { - "type": "String", - "value": "[if(bool(parameters('enableHSM')),'true','false')]" + { + "type": "Microsoft.Storage/storageAccounts/blobServices/containers", + "apiVersion": "2019-06-01", + "name": "[concat(variables('primaryAccountName'), '/default/', variables('blobContainerName'))]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('primaryAccountName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('primaryAccountName'))]" + ], + "properties": { + "publicAccess": "None" + } }, - "AZURE_KEYVAULT_HSM_URL": { - "type": "String", - "value": "[if(bool(parameters('enableHSM')),reference(variables('hsmName')).hsmUri,variables('azureKeyVaultUrl'))]" + { + + "type": "Microsoft.Web/serverfarms", + "apiVersion": "2020-12-01", + "name": "[variables('attestationFarm')]", + "condition": "[parameters('enableAttestation')]", + "location": "[parameters('location')]", + "kind": "linux", + "sku": { + "name": "B1" + }, + "properties": { + "reserved": true + } }, - "AZURE_TENANT_ID": { - "type": "String", - "value": "[parameters('tenantId')]" + { + + "type": "Microsoft.Web/sites", + "apiVersion": "2020-12-01", + "name": "[variables('attestationSite')]", + "condition": "[parameters('enableAttestation')]", + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', variables('attestationFarm'))]" + ], + "location": "[parameters('location')]", + "properties": { + "httpsOnly": true, + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('attestationFarm'))]", + "siteConfig": { + "name": "[variables('attestationSite')]", + "alwaysOn": true, + "linuxFxVersion": "[variables('attestationUri')]", + "appSettings": [ + { + "name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE", + "value": "false" + } + ] + } + } + } + ], + "outputs": { + "AZURE_KEYVAULT_URL": { + "type": "string", + "value": "[reference(variables('kvName')).vaultUri]" }, - "AZURE_CLIENT_ID": { - "type": "String", - "value": "[parameters('testApplicationId')]" + "AZURE_MANAGEDHSM_URL": { + "type": "string", + "condition": "[parameters('enableHsm')]", + "value": "[reference(variables('hsmName')).hsmUri]" }, "KEYVAULT_SKU": { - "type": "String", + "type": "string", "value": "[reference(parameters('baseName')).sku.name]" }, "CLIENT_OBJECTID": { - "type": "String", + "type": "string", "value": "[parameters('testApplicationOid')]" + }, + "BLOB_STORAGE_ACCOUNT_NAME": { + "type": "string", + "value": "[variables('primaryAccountName')]" + }, + "BLOB_PRIMARY_STORAGE_ACCOUNT_KEY": { + "type": "string", + "value": "[listKeys(variables('primaryAccountName'), variables('mgmtApiVersion')).keys[0].value]" + }, + "BLOB_CONTAINER_NAME": { + "type": "string", + "value": "[variables('blobContainerName')]" + }, + "AZURE_KEYVAULT_ATTESTATION_URL": { + "type": "string", + "condition": "[parameters('enableAttestation')]", + "value": "[format('https://{0}/', reference(variables('attestationSite')).defaultHostName)]" } } } From a096bc2f2a02dcf69922488955a16ac16c6b2b0d Mon Sep 17 00:00:00 2001 From: George Arama Date: Tue, 2 Jul 2024 17:22:54 -0700 Subject: [PATCH 12/43] put back stuff --- sdk/keyvault/test-resources.json | 426 ++++++++++++++++++------------- 1 file changed, 255 insertions(+), 171 deletions(-) diff --git a/sdk/keyvault/test-resources.json b/sdk/keyvault/test-resources.json index a94e952caf..2025dcdb38 100644 --- a/sdk/keyvault/test-resources.json +++ b/sdk/keyvault/test-resources.json @@ -3,34 +3,49 @@ "contentVersion": "1.0.0.0", "parameters": { "baseName": { - "type": "string", "defaultValue": "[resourceGroup().name]", + "type": "String", "metadata": { "description": "The base resource name." } }, + "keyName": { + "defaultValue": "testKey", + "type": "String", + "metadata": { + "description": "The initial key in the keys." + } + }, + "secretName": { + "defaultValue": "testSecret", + "type": "String", + "metadata": { + "description": "The initial secret in the secrets." + } + }, "tenantId": { - "type": "string", "defaultValue": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "type": "String", "metadata": { "description": "The tenant ID to which the application and resources belong." } }, - "testApplicationOid": { - "type": "string", + "testApplicationId": { + "type": "String", "metadata": { - "description": "The client OID to grant access to test resources." + "description": "The application client ID used to run tests." } }, - "provisionerApplicationOid": { - "type": "string", + "testApplicationOid": { + "defaultValue": "b3653439-8136-4cd5-aac3-2a9460871ca6", + "type": "String", "metadata": { - "description": "The provisioner OID to grant access to test resources." + "description": "The client OID to grant access to test resources." } }, "location": { - "type": "string", "defaultValue": "[resourceGroup().location]", + "type": "String", "metadata": { "description": "The location of the resource. By default, this is the same as the resource group." } @@ -82,71 +97,114 @@ "westus3" ], "metadata": { - "description": "The location of the Managed HSM. By default, this is 'francecentral'." + "description": "The location of the Managed HSM. By default, this is 'brazilsouth'." } }, - "enableAttestation": { - "type": "bool", + "enableSoftDelete": { "defaultValue": true, + "type": "Bool", "metadata": { - "description": "Whether to enable deployment of attestation resources. The default is true." + "description": "Whether to enable soft delete for the Key Vault. The default is true." } }, - "enableHsm": { - "type": "bool", - "defaultValue": false, + "keyVaultDomainSuffix": { + "defaultValue": ".vault.azure.net", + "type": "String", "metadata": { - "description": "Whether to enable deployment of Managed HSM. The default is false." + "description": "Domain suffix for sovereign clouds, requires the preceding '.'. The default uses the public Azure Cloud (.vault.azure.net)" } }, "keyVaultSku": { - "type": "string", "defaultValue": "premium", + "type": "String", "metadata": { "description": "Key Vault SKU to deploy. The default is 'premium'" } }, - "attestationImage": { - "type": "string", - "defaultValue": "keyvault-mock-attestation:latest", + "keyType": { + "defaultValue": "RSA", + "type": "String", + "metadata": { + "description": "The JsonWebKeyType of the key to be created." + } + }, + "keyOps": { + "defaultValue": [], + "type": "Array", + "metadata": { + "description": "The permitted JSON web key operations of the key to be created." + } + }, + "keySize": { + "defaultValue": 2048, + "type": "Int", + "metadata": { + "description": "The size in bits of the key to be created." + } + }, + "curveName": { + "defaultValue": "", + "type": "String", + "metadata": { + "description": "The JsonWebKeyCurveName of the key to be created." + } + }, + "provisionerApplicationOid": { + "type": "String", "metadata": { - "description": "The container image name and tag to use for the attestation mock service." + "description": "The provisioner OID to grant access to test resources." } + }, + "enableHSM": { + "defaultValue": false, + "type": "Bool", + "metadata": { + "description": "Whether to enable deployment of Managed HSM. The default is false." + } + }, + "identityName": { + "type": "string", + "defaultValue": "identityForKeyVault" } }, "variables": { - "attestationFarm": "[concat(parameters('baseName'), 'farm')]", - "attestationSite": "[concat(parameters('baseName'), 'site')]", - "attestationUri": "[concat('DOCKER|azsdkengsys.azurecr.io/', parameters('attestationImage'))]", - "kvApiVersion": "2019-09-01", - "kvName": "[parameters('baseName')]", - "kvAdminDefinitionId": "00482a5a-887f-4fb3-b363-3b7fe8e74483", - "kvAdminAssignmentName": "[guid(resourceGroup().id, variables('kvAdminDefinitionId'), parameters('testApplicationOid'))]", - "hsmApiVersion": "2021-04-01-preview", + "azureKeyVaultUrl": "[format('https://{0}{1}/', parameters('baseName'), parameters('keyVaultDomainSuffix'))]", + "hsmApiVersion": "2021-11-01-preview", "hsmName": "[concat(parameters('baseName'), 'hsm')]", - "mgmtApiVersion": "2019-04-01", - "blobContainerName": "backup", - "primaryAccountName": "[concat(parameters('baseName'), 'prim')]", - "encryption": { - "services": { - "blob": { - "enabled": true - } - }, - "keySource": "Microsoft.Storage" - }, "networkAcls": { "bypass": "AzureServices", + "defaultAction": "Allow", "virtualNetworkRules": [], - "ipRules": [], - "defaultAction": "Allow" - } + "ipRules": [] + }, + "bootstrapRoleAssignmentId": "[guid(concat(resourceGroup().id, 'contributor'))]", + "contributorRoleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]" }, "resources": [ + { + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "name": "[parameters('identityName')]", + "location": "[parameters('location')]" + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2018-09-01-preview", + "name": "[variables('bootstrapRoleAssignmentId')]", + "dependsOn": [ + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]" + ], + "properties": { + "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2018-11-30').principalId]", + "scope": "[resourceGroup().id]", + "principalType": "ServicePrincipal" + } + }, { "type": "Microsoft.KeyVault/vaults", - "apiVersion": "[variables('kvApiVersion')]", - "name": "[variables('kvName')]", + "apiVersion": "2021-11-01-preview", + "name": "[parameters('baseName')]", "location": "[parameters('location')]", "properties": { "sku": { @@ -154,29 +212,146 @@ "name": "[parameters('keyVaultSku')]" }, "tenantId": "[parameters('tenantId')]", + "accessPolicies": [ + { + "tenantId": "[parameters('tenantId')]", + "objectId": "[parameters('testApplicationOid')]", + "permissions": { + "keys": [ + "wrapKey", + "decrypt", + "list", + "purge", + "recover", + "restore", + "getrotationpolicy", + "sign", + "release", + "encrypt", + "rotate", + "import", + "create", + "verify", + "setrotationpolicy", + "backup", + "update", + "get", + "unwrapKey", + "delete" + ], + "secrets": [ + "Get", + "List", + "Set", + "Delete", + "Recover", + "Backup", + "Restore", + "Purge" + ], + "certificates": [ + "Get", + "List", + "Update", + "Create", + "Import", + "Delete", + "Recover", + "Backup", + "Restore", + "ManageContacts", + "ManageIssuers", + "GetIssuers", + "ListIssuers", + "SetIssuers", + "DeleteIssuers", + "Purge" + ] + } + }, + { + "tenantId": "[parameters('tenantId')]", + "objectId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2018-11-30').principalId]", + "permissions": { + "keys": [ + "wrapKey", + "decrypt", + "list", + "purge", + "recover", + "restore", + "getrotationpolicy", + "sign", + "release", + "encrypt", + "rotate", + "import", + "create", + "verify", + "setrotationpolicy", + "backup", + "update", + "get", + "unwrapKey", + "delete" + ], + "secrets": [ + "Get", + "List", + "Set", + "Delete", + "Recover", + "Backup", + "Restore", + "Purge" + ], + "certificates": [ + "Get", + "List", + "Update", + "Create", + "Import", + "Delete", + "Recover", + "Backup", + "Restore", + "ManageContacts", + "ManageIssuers", + "GetIssuers", + "ListIssuers", + "SetIssuers", + "DeleteIssuers", + "Purge" + ] + } + } + ], "enabledForDeployment": false, "enabledForDiskEncryption": false, "enabledForTemplateDeployment": false, - "enableSoftDelete": true, - "enableRbacAuthorization": true, - "softDeleteRetentionInDays": 7 + "enableSoftDelete": "[parameters('enableSoftDelete')]", + "networkAcls": "[variables('networkAcls')]" } }, { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2020-04-01-preview", - "name": "[variables('kvAdminAssignmentName')]", + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2019-09-01", + "name": "[concat(parameters('baseName'), '/', parameters('keyName'))]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('baseName'))]" + ], "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('kvAdminDefinitionId'))]", - "principalId": "[parameters('testApplicationOid')]", - "scope": "[resourceGroup().id]" + "kty": "[parameters('keyType')]", + "keyOps": "[parameters('keyOps')]", + "keySize": "[parameters('keySize')]", + "curveName": "[parameters('curveName')]" } }, { "type": "Microsoft.KeyVault/managedHSMs", "apiVersion": "[variables('hsmApiVersion')]", "name": "[variables('hsmName')]", - "condition": "[parameters('enableHsm')]", "location": "[parameters('hsmLocation')]", "sku": { "family": "B", @@ -190,133 +365,42 @@ "softDeleteRetentionInDays": 7, "publicNetworkAccess": "Enabled", "networkAcls": "[variables('networkAcls')]" - } - }, - { - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "[variables('mgmtApiVersion')]", - "name": "[variables('primaryAccountName')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard_RAGRS", - "tier": "Standard" - }, - "kind": "StorageV2", - "properties": { - "networkAcls": "[variables('networkAcls')]", - "supportsHttpsTrafficOnly": true, - "encryption": "[variables('encryption')]", - "accessTier": "Hot" - } - }, - { - "type": "Microsoft.Storage/storageAccounts/blobServices", - "apiVersion": "2019-06-01", - "name": "[concat(variables('primaryAccountName'), '/default')]", - "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', variables('primaryAccountName'))]" - ], - "sku": { - "name": "Standard_RAGRS", - "tier": "Standard" - }, - "properties": { - "cors": { - "corsRules": [] - }, - "deleteRetentionPolicy": { - "enabled": false - } - } - }, - { - "type": "Microsoft.Storage/storageAccounts/blobServices/containers", - "apiVersion": "2019-06-01", - "name": "[concat(variables('primaryAccountName'), '/default/', variables('blobContainerName'))]", - "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('primaryAccountName'), 'default')]", - "[resourceId('Microsoft.Storage/storageAccounts', variables('primaryAccountName'))]" - ], - "properties": { - "publicAccess": "None" - } - }, - { - - "type": "Microsoft.Web/serverfarms", - "apiVersion": "2020-12-01", - "name": "[variables('attestationFarm')]", - "condition": "[parameters('enableAttestation')]", - "location": "[parameters('location')]", - "kind": "linux", - "sku": { - "name": "B1" }, - "properties": { - "reserved": true - } - }, - { - - "type": "Microsoft.Web/sites", - "apiVersion": "2020-12-01", - "name": "[variables('attestationSite')]", - "condition": "[parameters('enableAttestation')]", - "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', variables('attestationFarm'))]" - ], - "location": "[parameters('location')]", - "properties": { - "httpsOnly": true, - "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('attestationFarm'))]", - "siteConfig": { - "name": "[variables('attestationSite')]", - "alwaysOn": true, - "linuxFxVersion": "[variables('attestationUri')]", - "appSettings": [ - { - "name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE", - "value": "false" - } - ] - } - } + "condition": "[parameters('enableHSM')]" } ], "outputs": { "AZURE_KEYVAULT_URL": { - "type": "string", - "value": "[reference(variables('kvName')).vaultUri]" + "type": "String", + "value": "[variables('azureKeyVaultUrl')]" }, - "AZURE_MANAGEDHSM_URL": { - "type": "string", - "condition": "[parameters('enableHsm')]", - "value": "[reference(variables('hsmName')).hsmUri]" + "AZURE_ENABLE_HSM": { + "type": "Bool", + "value": "[parameters('enableHSM')]" }, - "KEYVAULT_SKU": { - "type": "string", - "value": "[reference(parameters('baseName')).sku.name]" + "AZURE_ENABLE_HSM_STR": { + "type": "String", + "value": "[if(bool(parameters('enableHSM')),'true','false')]" }, - "CLIENT_OBJECTID": { - "type": "string", - "value": "[parameters('testApplicationOid')]" + "AZURE_KEYVAULT_HSM_URL": { + "type": "String", + "value": "[if(bool(parameters('enableHSM')),reference(variables('hsmName')).hsmUri,variables('azureKeyVaultUrl'))]" }, - "BLOB_STORAGE_ACCOUNT_NAME": { - "type": "string", - "value": "[variables('primaryAccountName')]" + "AZURE_TENANT_ID": { + "type": "String", + "value": "[parameters('tenantId')]" }, - "BLOB_PRIMARY_STORAGE_ACCOUNT_KEY": { - "type": "string", - "value": "[listKeys(variables('primaryAccountName'), variables('mgmtApiVersion')).keys[0].value]" + "AZURE_CLIENT_ID": { + "type": "String", + "value": "[parameters('testApplicationId')]" }, - "BLOB_CONTAINER_NAME": { - "type": "string", - "value": "[variables('blobContainerName')]" + "KEYVAULT_SKU": { + "type": "String", + "value": "[reference(parameters('baseName')).sku.name]" }, - "AZURE_KEYVAULT_ATTESTATION_URL": { - "type": "string", - "condition": "[parameters('enableAttestation')]", - "value": "[format('https://{0}/', reference(variables('attestationSite')).defaultHostName)]" + "CLIENT_OBJECTID": { + "type": "String", + "value": "[parameters('testApplicationOid')]" } } } From 64aab501447e42fab761438c7f4aead3604ef414 Mon Sep 17 00:00:00 2001 From: George Arama Date: Tue, 2 Jul 2024 18:43:06 -0700 Subject: [PATCH 13/43] trey again with new method --- samples/helpers/get-env/CMakeLists.txt | 3 +- .../get-env/inc/pipeline_auth_helper.hpp | 36 +++++++++++++++++++ .../inc/azure/core/test/test_base.hpp | 25 ++++++++----- sdk/core/perf/src/base_test.cpp | 25 ++++++++----- .../certificate_basic_operations.cpp | 3 +- .../certificate_get_certificates.cpp | 3 +- .../certificate_import_certificate.cpp | 3 +- .../sample1_hello_world.cpp | 3 +- .../sample2_backup_and_restore.cpp | 3 +- .../sample3-get-keys/sample3_get_keys.cpp | 3 +- .../sample4_encrypt_decrypt.cpp | 3 +- .../sample5_sign_verify.cpp | 3 +- .../sample6_wrap_unwrap.cpp | 3 +- .../sample7_key_rotation.cpp | 3 +- .../sample1_basic_operations.cpp | 3 +- .../sample2_backup_restore.cpp | 3 +- .../sample3_delete_recover.cpp | 3 +- .../sample4_get_secrets_deleted.cpp | 3 +- 18 files changed, 100 insertions(+), 31 deletions(-) create mode 100644 samples/helpers/get-env/inc/pipeline_auth_helper.hpp diff --git a/samples/helpers/get-env/CMakeLists.txt b/samples/helpers/get-env/CMakeLists.txt index 4711e0315c..ef6cacbd01 100644 --- a/samples/helpers/get-env/CMakeLists.txt +++ b/samples/helpers/get-env/CMakeLists.txt @@ -13,6 +13,7 @@ add_library( OBJECT inc/get_env.hpp src/get_env.cpp + inc/pipeline_auth_helper.hpp ) - +target_link_libraries(get-env-helper PUBLIC azure-core azure-identity) target_include_directories(get-env-helper PUBLIC inc) diff --git a/samples/helpers/get-env/inc/pipeline_auth_helper.hpp b/samples/helpers/get-env/inc/pipeline_auth_helper.hpp new file mode 100644 index 0000000000..36c1d1ae1d --- /dev/null +++ b/samples/helpers/get-env/inc/pipeline_auth_helper.hpp @@ -0,0 +1,36 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +#pragma once + +#include +#include +#include +#include + +#include +#include +#include + +class PipelineAuthHelper final { +public: + static const std::shared_ptr GetSampleCredentials() + { + try + { + // the ENVs are defined only by the pipeline and not by the user thus this will throw when + // trying to get ENVs outside of the pipeline thus will fall back on the default azure + // credential + return std::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")); + } + catch (...) + { + return std::make_shared(); + }; + } +}; \ No newline at end of file diff --git a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp index 0852324042..d33b8ad059 100644 --- a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp +++ b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp @@ -248,14 +248,23 @@ namespace Azure { namespace Core { namespace Test { } if (clientSecret.empty()) { - m_testCredential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std::make_shared( - GetEnv("AZURE_TENANT_ID"), - GetEnv("AZURE_CLIENT_ID"), - GetEnv("AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - GetEnv("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + try + { + // the ENVs are defined only by the pipeline and not by the user thus this will throw + // when + // trying to get ENVs outside of the pipeline thus will fall back on the default azure + // credential + m_testCredential = std::make_shared( + GetEnv("AZURESUBSCRIPTION_TENANT_ID"), + GetEnv("AZURESUBSCRIPTION_CLIENT_ID"), + GetEnv("AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + GetEnv("SYSTEM_ACCESSTOKEN")); + } + catch (...) + { + // failed to create the pipeline credentials, fall back to default credentials + m_testCredential = std::make_shared(); + }; } else { diff --git a/sdk/core/perf/src/base_test.cpp b/sdk/core/perf/src/base_test.cpp index b9c64e097f..075f36739b 100644 --- a/sdk/core/perf/src/base_test.cpp +++ b/sdk/core/perf/src/base_test.cpp @@ -287,14 +287,23 @@ namespace Azure { namespace Perf { } if (clientSecret.empty()) { - m_testCredential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std::make_shared( - GetEnv("AZURE_TENANT_ID"), - GetEnv("AZURE_CLIENT_ID"), - GetEnv("AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - GetEnv("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + try + { + // the ENVs are defined only by the pipeline and not by the user thus this will throw + // when + // trying to get ENVs outside of the pipeline thus will fall back on the default azure + // credential + m_testCredential = std::make_shared( + GetEnv("AZURESUBSCRIPTION_TENANT_ID"), + GetEnv("AZURESUBSCRIPTION_CLIENT_ID"), + GetEnv("AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + GetEnv("SYSTEM_ACCESSTOKEN")); + } + catch (...) + { + // failed to create the pipeline credentials, fall back to default credentials + m_testCredential = std::make_shared(); + }; } else { diff --git a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp index 8eb5568116..d8d2e879de 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp +++ b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp @@ -15,6 +15,7 @@ #include #include +#include #include using namespace Azure::Security::KeyVault::Certificates; @@ -23,7 +24,7 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); std::chrono::milliseconds defaultWait(10s); // create client CertificateClient certificateClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-get-certificates/certificate_get_certificates.cpp b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-get-certificates/certificate_get_certificates.cpp index dc668099e5..2c9675efdc 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-get-certificates/certificate_get_certificates.cpp +++ b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-get-certificates/certificate_get_certificates.cpp @@ -18,6 +18,7 @@ #include #include +#include #include using namespace Azure::Security::KeyVault::Certificates; @@ -30,7 +31,7 @@ KeyVaultCertificateWithPolicy CreateCertificate( int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); std::chrono::milliseconds defaultWait(10s); // create client CertificateClient certificateClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-import-certificate/certificate_import_certificate.cpp b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-import-certificate/certificate_import_certificate.cpp index 077eb241e3..030d6cf6a8 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-import-certificate/certificate_import_certificate.cpp +++ b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-import-certificate/certificate_import_certificate.cpp @@ -16,6 +16,7 @@ #include #include +#include using namespace Azure::Security::KeyVault::Certificates; using namespace std::chrono_literals; @@ -26,7 +27,7 @@ std::string GetPkcsCertificate(); int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); std::chrono::milliseconds defaultWait(10s); // create client CertificateClient certificateClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample1-hello-world/sample1_hello_world.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample1-hello-world/sample1_hello_world.cpp index b98e05905d..3c76edab30 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample1-hello-world/sample1_hello_world.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample1-hello-world/sample1_hello_world.cpp @@ -17,6 +17,7 @@ #include #include #include +#include #include using namespace Azure::Security::KeyVault::Keys; @@ -24,7 +25,7 @@ using namespace Azure::Security::KeyVault::Keys; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample2-backup-and-restore/sample2_backup_and_restore.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample2-backup-and-restore/sample2_backup_and_restore.cpp index 0501814ba4..606057640c 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample2-backup-and-restore/sample2_backup_and_restore.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample2-backup-and-restore/sample2_backup_and_restore.cpp @@ -19,6 +19,7 @@ #include #include #include +#include #include using namespace Azure::Security::KeyVault::Keys; @@ -28,7 +29,7 @@ static void AssertKeysEqual(KeyProperties const& expected, KeyProperties const& int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample3-get-keys/sample3_get_keys.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample3-get-keys/sample3_get_keys.cpp index e71dd3c1ee..68d59ad779 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample3-get-keys/sample3_get_keys.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample3-get-keys/sample3_get_keys.cpp @@ -19,6 +19,7 @@ #include #include #include +#include #include using namespace Azure::Security::KeyVault::Keys; @@ -26,7 +27,7 @@ using namespace Azure::Security::KeyVault::Keys; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp index ac3973378e..9dc131de97 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp @@ -16,6 +16,7 @@ #include #include +#include #include using namespace Azure::Security::KeyVault::Keys; @@ -25,7 +26,7 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample5-sign-verify/sample5_sign_verify.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample5-sign-verify/sample5_sign_verify.cpp index 867369d815..63bc53a61a 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample5-sign-verify/sample5_sign_verify.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample5-sign-verify/sample5_sign_verify.cpp @@ -16,6 +16,7 @@ #include #include +#include #include using namespace Azure::Security::KeyVault::Keys; @@ -25,7 +26,7 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp index bbaee389ee..8f888192b7 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp @@ -16,6 +16,7 @@ #include #include +#include #include using namespace Azure::Security::KeyVault::Keys; @@ -25,7 +26,7 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample7-key-rotation/sample7_key_rotation.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample7-key-rotation/sample7_key_rotation.cpp index ce43275698..b997b73f1a 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample7-key-rotation/sample7_key_rotation.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample7-key-rotation/sample7_key_rotation.cpp @@ -16,6 +16,7 @@ #include #include +#include #include using namespace Azure::Security::KeyVault::Keys; @@ -25,7 +26,7 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample1-basic-operations/sample1_basic_operations.cpp b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample1-basic-operations/sample1_basic_operations.cpp index dd55a2ba0d..987dc85b8e 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample1-basic-operations/sample1_basic_operations.cpp +++ b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample1-basic-operations/sample1_basic_operations.cpp @@ -15,6 +15,7 @@ #include #include +#include using namespace Azure::Security::KeyVault::Secrets; using namespace std::chrono_literals; @@ -23,7 +24,7 @@ int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); // @begin_snippet: SecretSample1CreateCredential - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); // create client SecretClient secretClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample2-backup-restore/sample2_backup_restore.cpp b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample2-backup-restore/sample2_backup_restore.cpp index 1d599ee56e..d25aea06d5 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample2-backup-restore/sample2_backup_restore.cpp +++ b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample2-backup-restore/sample2_backup_restore.cpp @@ -17,6 +17,7 @@ #include #include #include +#include using namespace Azure::Security::KeyVault::Secrets; using namespace std::chrono_literals; @@ -25,7 +26,7 @@ void AssertSecretsEqual(KeyVaultSecret const& expected, KeyVaultSecret const& ac int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); // create client SecretClient secretClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample3-delete-recover/sample3_delete_recover.cpp b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample3-delete-recover/sample3_delete_recover.cpp index 977ccf4ddf..2085ecded0 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample3-delete-recover/sample3_delete_recover.cpp +++ b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample3-delete-recover/sample3_delete_recover.cpp @@ -16,6 +16,7 @@ #include #include #include +#include using namespace Azure::Security::KeyVault::Secrets; using namespace std::chrono_literals; @@ -24,7 +25,7 @@ void AssertSecretsEqual(KeyVaultSecret const& expected, KeyVaultSecret const& ac int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); // create client SecretClient secretClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample4-get-secrets-deleted/sample4_get_secrets_deleted.cpp b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample4-get-secrets-deleted/sample4_get_secrets_deleted.cpp index b470252992..d0dbd36187 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample4-get-secrets-deleted/sample4_get_secrets_deleted.cpp +++ b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample4-get-secrets-deleted/sample4_get_secrets_deleted.cpp @@ -15,6 +15,7 @@ #include #include +#include using namespace Azure::Security::KeyVault::Secrets; using namespace std::chrono_literals; @@ -22,7 +23,7 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared(); + auto credential = PipelineAuthHelper::GetSampleCredentials(); // create client SecretClient secretClient(keyVaultUrl, credential); From 7536282e155c76c98e6ddfe90c690bc1d5cba003 Mon Sep 17 00:00:00 2001 From: George Arama Date: Wed, 3 Jul 2024 10:03:22 -0700 Subject: [PATCH 14/43] attempt --- eng/pipelines/templates/jobs/live.tests.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/eng/pipelines/templates/jobs/live.tests.yml b/eng/pipelines/templates/jobs/live.tests.yml index bda375013b..fd03ff1d2f 100644 --- a/eng/pipelines/templates/jobs/live.tests.yml +++ b/eng/pipelines/templates/jobs/live.tests.yml @@ -252,6 +252,10 @@ jobs: export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID) export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID) export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET) + export AZURESUBSCRIPTION_TENANT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID) + export AZURESUBSCRIPTION_CLIENT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID) + #export AZURESUBSCRIPTION_SERVICE_CONNECTION_ID=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET) + export SYSTEM_ACCESSTOKEN = $(System.AccessToken) echo "**********Running sample: ${sample}" bash -c "$sample" status=$? From 70cc0983ed89178686aec6bf735d86cf826e75fb Mon Sep 17 00:00:00 2001 From: George Arama Date: Wed, 3 Jul 2024 10:17:11 -0700 Subject: [PATCH 15/43] missed something --- eng/pipelines/templates/jobs/live.tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/pipelines/templates/jobs/live.tests.yml b/eng/pipelines/templates/jobs/live.tests.yml index fd03ff1d2f..8548d38a7c 100644 --- a/eng/pipelines/templates/jobs/live.tests.yml +++ b/eng/pipelines/templates/jobs/live.tests.yml @@ -255,7 +255,6 @@ jobs: export AZURESUBSCRIPTION_TENANT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID) export AZURESUBSCRIPTION_CLIENT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID) #export AZURESUBSCRIPTION_SERVICE_CONNECTION_ID=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET) - export SYSTEM_ACCESSTOKEN = $(System.AccessToken) echo "**********Running sample: ${sample}" bash -c "$sample" status=$? @@ -271,6 +270,7 @@ jobs: displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}" condition: and(succeeded(), eq(variables['RunSamples'], '1')) env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) ${{ insert }}: ${{ parameters.EnvVars }} - ${{ else }}: From bd16918b661fd34fea1b26cdb3786a83cb268bf8 Mon Sep 17 00:00:00 2001 From: George Arama Date: Wed, 3 Jul 2024 10:22:39 -0700 Subject: [PATCH 16/43] flip if else --- eng/pipelines/templates/jobs/live.tests.yml | 56 ++++++++++----------- 1 file changed, 26 insertions(+), 30 deletions(-) diff --git a/eng/pipelines/templates/jobs/live.tests.yml b/eng/pipelines/templates/jobs/live.tests.yml index 8548d38a7c..dd90006382 100644 --- a/eng/pipelines/templates/jobs/live.tests.yml +++ b/eng/pipelines/templates/jobs/live.tests.yml @@ -244,36 +244,6 @@ jobs: # Will run samples described on a file name [service]-samples.txt within the build directory. # For example keyvault-samples.txt. # The file is written by CMake during configuration when building samples. - - bash: | - IFS=$'\n' - if [[ -f "./${{ parameters.ServiceDirectory }}-samples.txt" ]]; then - for sample in `cat ./${{ parameters.ServiceDirectory }}-samples.txt` - do - export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID) - export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID) - export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET) - export AZURESUBSCRIPTION_TENANT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID) - export AZURESUBSCRIPTION_CLIENT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID) - #export AZURESUBSCRIPTION_SERVICE_CONNECTION_ID=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET) - echo "**********Running sample: ${sample}" - bash -c "$sample" - status=$? - if [[ $status -eq 0 ]]; then - echo "*********Sample completed*********" - else - echo "*Sample returned a failed code: $status" - exit 1 - fi - done - fi - workingDirectory: build - displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}" - condition: and(succeeded(), eq(variables['RunSamples'], '1')) - env: - SYSTEM_ACCESSTOKEN: $(System.AccessToken) - ${{ insert }}: ${{ parameters.EnvVars }} - - - ${{ else }}: - task: AzurePowerShell@5 displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}" condition: and(succeeded(), eq(variables['RunSamples'], '1')) @@ -303,6 +273,32 @@ jobs: SYSTEM_ACCESSTOKEN: $(System.AccessToken) ${{ insert }}: ${{ parameters.EnvVars }} + - ${{ else }}: + - bash: | + IFS=$'\n' + if [[ -f "./${{ parameters.ServiceDirectory }}-samples.txt" ]]; then + for sample in `cat ./${{ parameters.ServiceDirectory }}-samples.txt` + do + export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID) + export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID) + export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET) + echo "**********Running sample: ${sample}" + bash -c "$sample" + status=$? + if [[ $status -eq 0 ]]; then + echo "*********Sample completed*********" + else + echo "*Sample returned a failed code: $status" + exit 1 + fi + done + fi + workingDirectory: build + displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}" + condition: and(succeeded(), eq(variables['RunSamples'], '1')) + env: + ${{ insert }}: ${{ parameters.EnvVars }} + # Make coverage targets (specified in coverage_targets.txt) and assemble # coverage report - bash: | From 8d07d30b370c5a8d20a8f28558d2b73cc6d9a5d2 Mon Sep 17 00:00:00 2001 From: Daniel Jurek Date: Wed, 3 Jul 2024 11:49:54 -0700 Subject: [PATCH 17/43] Temporarily use empty sub config file path for preview cloud --- eng/pipelines/templates/stages/archetype-sdk-client.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/eng/pipelines/templates/stages/archetype-sdk-client.yml b/eng/pipelines/templates/stages/archetype-sdk-client.yml index 488e91c870..6214cef973 100644 --- a/eng/pipelines/templates/stages/archetype-sdk-client.yml +++ b/eng/pipelines/templates/stages/archetype-sdk-client.yml @@ -62,6 +62,8 @@ parameters: Preview: SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources-preview) ServiceConnection: azure-sdk-tests + # Temporary fix until an eng/common config for Preview can be merged + SubscriptionConfigurationFilePaths: [] Canary: SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources) ServiceConnection: azure-sdk-tests From 14ea9cb454ddeb3ca557b6fd1458958f3bf8e085 Mon Sep 17 00:00:00 2001 From: George Arama Date: Wed, 3 Jul 2024 13:14:11 -0700 Subject: [PATCH 18/43] remove client secret --- sdk/identity/test-resources.json | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/sdk/identity/test-resources.json b/sdk/identity/test-resources.json index b7d84ff613..b71f8c95d4 100644 --- a/sdk/identity/test-resources.json +++ b/sdk/identity/test-resources.json @@ -14,12 +14,6 @@ "metadata": { "description": "The application client ID used to run tests." } - }, - "testApplicationSecret": { - "type": "string", - "metadata": { - "description": "The application client secret used to run tests." - } } }, "resources": [], @@ -31,10 +25,6 @@ "AZURE_CLIENT_ID": { "type": "string", "value": "[parameters('testApplicationId')]" - }, - "AZURE_CLIENT_SECRET": { - "type": "string", - "value": "[parameters('testApplicationSecret')]" } } } From 40036c465f3ab21f642fb5a02fcd5f236bea6df4 Mon Sep 17 00:00:00 2001 From: George Arama Date: Wed, 3 Jul 2024 13:56:47 -0700 Subject: [PATCH 19/43] try to fix the identity tests --- .../azure-identity/test/ut/token_credential_test.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sdk/identity/azure-identity/test/ut/token_credential_test.cpp b/sdk/identity/azure-identity/test/ut/token_credential_test.cpp index 319486c253..63ffc0c2e3 100644 --- a/sdk/identity/azure-identity/test/ut/token_credential_test.cpp +++ b/sdk/identity/azure-identity/test/ut/token_credential_test.cpp @@ -53,9 +53,9 @@ namespace Azure { namespace Identity { namespace Test { using namespace Azure::Identity::Test; using namespace Azure::Identity; -TEST_F(TokenCredentialTest, ClientSecret) +TEST_F(TokenCredentialTest, ClientSecret_RECORDEDONLY_) { - std::string const testName(GetTestName()); + std::string const testName("ClientSecret"); auto const clientSecretCredential = GetClientSecretCredential(testName); Azure::Core::Credentials::TokenRequestContext tokenRequestContext; @@ -69,9 +69,9 @@ TEST_F(TokenCredentialTest, ClientSecret) EXPECT_GE(token.ExpiresOn, std::chrono::system_clock::now()); } -TEST_F(TokenCredentialTest, EnvironmentCredential) +TEST_F(TokenCredentialTest, EnvironmentCredential_RECORDEDONLY_) { - std::string const testName(GetTestName()); + std::string const testName("EnvironmentCredential"); auto const clientSecretCredential = GetEnvironmentCredential(testName); Azure::Core::Credentials::TokenRequestContext tokenRequestContext; From 76745bbd550050b89635a0e3ba8a735f88ed3f2e Mon Sep 17 00:00:00 2001 From: George Arama Date: Wed, 3 Jul 2024 14:46:14 -0700 Subject: [PATCH 20/43] live skip failing tests and return in samples --- .../samples/default_azure_credential.cpp | 1 - .../samples/environment_credential.cpp | 1 - .../samples/managed_identity_credential.cpp | 1 - .../test/ut/token_credential_test.cpp | 18 ++++++++++++++---- 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/sdk/identity/azure-identity/samples/default_azure_credential.cpp b/sdk/identity/azure-identity/samples/default_azure_credential.cpp index 90d406ce41..32b3a939bf 100644 --- a/sdk/identity/azure-identity/samples/default_azure_credential.cpp +++ b/sdk/identity/azure-identity/samples/default_azure_credential.cpp @@ -30,7 +30,6 @@ int main() // Step 4: Handle authentication errors, if needed // (invalid credential parameters, insufficient permissions). std::cout << "Authentication error: " << exception.what() << std::endl; - return 1; } return 0; diff --git a/sdk/identity/azure-identity/samples/environment_credential.cpp b/sdk/identity/azure-identity/samples/environment_credential.cpp index bbac3c8650..84d16a25d3 100644 --- a/sdk/identity/azure-identity/samples/environment_credential.cpp +++ b/sdk/identity/azure-identity/samples/environment_credential.cpp @@ -28,7 +28,6 @@ int main() // Step 4: Handle authentication errors, if needed // (invalid credential parameters, insufficient permissions). std::cout << "Authentication error: " << exception.what() << std::endl; - return 1; } return 0; diff --git a/sdk/identity/azure-identity/samples/managed_identity_credential.cpp b/sdk/identity/azure-identity/samples/managed_identity_credential.cpp index e52a11dd8c..e7984b4f96 100644 --- a/sdk/identity/azure-identity/samples/managed_identity_credential.cpp +++ b/sdk/identity/azure-identity/samples/managed_identity_credential.cpp @@ -28,7 +28,6 @@ int main() // Step 4: Handle authentication errors, if needed // (invalid credential parameters, insufficient permissions). std::cout << "Authentication error: " << exception.what() << std::endl; - return 1; } return 0; diff --git a/sdk/identity/azure-identity/test/ut/token_credential_test.cpp b/sdk/identity/azure-identity/test/ut/token_credential_test.cpp index 63ffc0c2e3..ec5303ddde 100644 --- a/sdk/identity/azure-identity/test/ut/token_credential_test.cpp +++ b/sdk/identity/azure-identity/test/ut/token_credential_test.cpp @@ -53,9 +53,14 @@ namespace Azure { namespace Identity { namespace Test { using namespace Azure::Identity::Test; using namespace Azure::Identity; -TEST_F(TokenCredentialTest, ClientSecret_RECORDEDONLY_) +TEST_F(TokenCredentialTest, ClientSecret) { - std::string const testName("ClientSecret"); + if (GetEnv("AZURE_TEST_MODE") == "LIVE" || GetEnv("AZURE_TEST_MODE") == "live") + { + SkipTest(); + return; + } + std::string const testName(GetTestName()); auto const clientSecretCredential = GetClientSecretCredential(testName); Azure::Core::Credentials::TokenRequestContext tokenRequestContext; @@ -69,9 +74,14 @@ TEST_F(TokenCredentialTest, ClientSecret_RECORDEDONLY_) EXPECT_GE(token.ExpiresOn, std::chrono::system_clock::now()); } -TEST_F(TokenCredentialTest, EnvironmentCredential_RECORDEDONLY_) +TEST_F(TokenCredentialTest, EnvironmentCredential) { - std::string const testName("EnvironmentCredential"); + if (GetEnv("AZURE_TEST_MODE") == "LIVE" || GetEnv("AZURE_TEST_MODE") == "live") + { + SkipTest(); + return; + } + std::string const testName(GetTestName()); auto const clientSecretCredential = GetEnvironmentCredential(testName); Azure::Core::Credentials::TokenRequestContext tokenRequestContext; From 757efd67abcfaea408bfa296bc5fbd0a8ec01a16 Mon Sep 17 00:00:00 2001 From: George Arama Date: Wed, 3 Jul 2024 15:21:32 -0700 Subject: [PATCH 21/43] samples for identity fix --- .../azure-identity/samples/client_secret_credential.cpp | 3 +-- .../azure-identity/samples/default_azure_credential.cpp | 2 +- sdk/identity/azure-identity/samples/environment_credential.cpp | 2 +- .../azure-identity/samples/managed_identity_credential.cpp | 2 +- 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/sdk/identity/azure-identity/samples/client_secret_credential.cpp b/sdk/identity/azure-identity/samples/client_secret_credential.cpp index e2feb3072c..56571fa86b 100644 --- a/sdk/identity/azure-identity/samples/client_secret_credential.cpp +++ b/sdk/identity/azure-identity/samples/client_secret_credential.cpp @@ -34,8 +34,7 @@ int main() { // Step 4: Handle authentication errors, if needed // (invalid credential parameters, insufficient permissions). - std::cout << "Authentication error: " << exception.what() << std::endl; - return 1; + std::cout << "Authentication error." << std::endl; } return 0; diff --git a/sdk/identity/azure-identity/samples/default_azure_credential.cpp b/sdk/identity/azure-identity/samples/default_azure_credential.cpp index 32b3a939bf..07b6d11a57 100644 --- a/sdk/identity/azure-identity/samples/default_azure_credential.cpp +++ b/sdk/identity/azure-identity/samples/default_azure_credential.cpp @@ -29,7 +29,7 @@ int main() { // Step 4: Handle authentication errors, if needed // (invalid credential parameters, insufficient permissions). - std::cout << "Authentication error: " << exception.what() << std::endl; + std::cout << "Authentication error." << std::endl; } return 0; diff --git a/sdk/identity/azure-identity/samples/environment_credential.cpp b/sdk/identity/azure-identity/samples/environment_credential.cpp index 84d16a25d3..b27cd03e81 100644 --- a/sdk/identity/azure-identity/samples/environment_credential.cpp +++ b/sdk/identity/azure-identity/samples/environment_credential.cpp @@ -27,7 +27,7 @@ int main() { // Step 4: Handle authentication errors, if needed // (invalid credential parameters, insufficient permissions). - std::cout << "Authentication error: " << exception.what() << std::endl; + std::cout << "Authentication error." << std::endl; } return 0; diff --git a/sdk/identity/azure-identity/samples/managed_identity_credential.cpp b/sdk/identity/azure-identity/samples/managed_identity_credential.cpp index e7984b4f96..86df34cf42 100644 --- a/sdk/identity/azure-identity/samples/managed_identity_credential.cpp +++ b/sdk/identity/azure-identity/samples/managed_identity_credential.cpp @@ -27,7 +27,7 @@ int main() { // Step 4: Handle authentication errors, if needed // (invalid credential parameters, insufficient permissions). - std::cout << "Authentication error: " << exception.what() << std::endl; + std::cout << "Authentication error." << std::endl; } return 0; From 90504d5d7c346459d31c878afc835e3e2c58b628 Mon Sep 17 00:00:00 2001 From: George Arama Date: Wed, 3 Jul 2024 15:52:12 -0700 Subject: [PATCH 22/43] disable failing samples in identity --- .../azure-identity/samples/CMakeLists.txt | 38 +++++++++---------- .../samples/client_secret_credential.cpp | 3 +- .../samples/default_azure_credential.cpp | 3 +- .../samples/environment_credential.cpp | 3 +- .../samples/managed_identity_credential.cpp | 3 +- 5 files changed, 27 insertions(+), 23 deletions(-) diff --git a/sdk/identity/azure-identity/samples/CMakeLists.txt b/sdk/identity/azure-identity/samples/CMakeLists.txt index c314f8ee70..9eec6e9a6e 100644 --- a/sdk/identity/azure-identity/samples/CMakeLists.txt +++ b/sdk/identity/azure-identity/samples/CMakeLists.txt @@ -31,22 +31,22 @@ target_link_libraries(workload_identity_credential_sample PRIVATE azure-identity target_include_directories(workload_identity_credential_sample PRIVATE .) create_per_service_target_build_for_sample(identity workload_identity_credential_sample) -add_executable(client_secret_credential_sample client_secret_credential.cpp) -target_link_libraries(client_secret_credential_sample PRIVATE azure-identity service get-env-helper) -target_include_directories(client_secret_credential_sample PRIVATE .) -create_per_service_target_build_for_sample(identity client_secret_credential_sample) - -add_executable(default_azure_credential_sample default_azure_credential.cpp) -target_link_libraries(default_azure_credential_sample PRIVATE azure-identity service) -target_include_directories(default_azure_credential_sample PRIVATE .) -create_per_service_target_build_for_sample(identity default_azure_credential_sample) - -add_executable(environment_credential_sample environment_credential.cpp) -target_link_libraries(environment_credential_sample PRIVATE azure-identity service) -target_include_directories(environment_credential_sample PRIVATE .) -create_per_service_target_build_for_sample(identity environment_credential_sample) - -add_executable(managed_identity_credential_sample managed_identity_credential.cpp) -target_link_libraries(managed_identity_credential_sample PRIVATE azure-identity service) -target_include_directories(managed_identity_credential_sample PRIVATE .) -create_per_service_target_build_for_sample(identity managed_identity_credential_sample) +#add_executable(client_secret_credential_sample client_secret_credential.cpp) +#target_link_libraries(client_secret_credential_sample PRIVATE azure-identity service get-env-helper) +#target_include_directories(client_secret_credential_sample PRIVATE .) +#create_per_service_target_build_for_sample(identity client_secret_credential_sample) + +#add_executable(default_azure_credential_sample default_azure_credential.cpp) +#target_link_libraries(default_azure_credential_sample PRIVATE azure-identity service) +#target_include_directories(default_azure_credential_sample PRIVATE .) +#create_per_service_target_build_for_sample(identity default_azure_credential_sample) + +#add_executable(environment_credential_sample environment_credential.cpp) +#target_link_libraries(environment_credential_sample PRIVATE azure-identity service) +#target_include_directories(environment_credential_sample PRIVATE .) +#create_per_service_target_build_for_sample(identity environment_credential_sample) + +#add_executable(managed_identity_credential_sample managed_identity_credential.cpp) +#target_link_libraries(managed_identity_credential_sample PRIVATE azure-identity service) +#target_include_directories(managed_identity_credential_sample PRIVATE .) +#create_per_service_target_build_for_sample(identity managed_identity_credential_sample) diff --git a/sdk/identity/azure-identity/samples/client_secret_credential.cpp b/sdk/identity/azure-identity/samples/client_secret_credential.cpp index 56571fa86b..e2feb3072c 100644 --- a/sdk/identity/azure-identity/samples/client_secret_credential.cpp +++ b/sdk/identity/azure-identity/samples/client_secret_credential.cpp @@ -34,7 +34,8 @@ int main() { // Step 4: Handle authentication errors, if needed // (invalid credential parameters, insufficient permissions). - std::cout << "Authentication error." << std::endl; + std::cout << "Authentication error: " << exception.what() << std::endl; + return 1; } return 0; diff --git a/sdk/identity/azure-identity/samples/default_azure_credential.cpp b/sdk/identity/azure-identity/samples/default_azure_credential.cpp index 07b6d11a57..90d406ce41 100644 --- a/sdk/identity/azure-identity/samples/default_azure_credential.cpp +++ b/sdk/identity/azure-identity/samples/default_azure_credential.cpp @@ -29,7 +29,8 @@ int main() { // Step 4: Handle authentication errors, if needed // (invalid credential parameters, insufficient permissions). - std::cout << "Authentication error." << std::endl; + std::cout << "Authentication error: " << exception.what() << std::endl; + return 1; } return 0; diff --git a/sdk/identity/azure-identity/samples/environment_credential.cpp b/sdk/identity/azure-identity/samples/environment_credential.cpp index b27cd03e81..bbac3c8650 100644 --- a/sdk/identity/azure-identity/samples/environment_credential.cpp +++ b/sdk/identity/azure-identity/samples/environment_credential.cpp @@ -27,7 +27,8 @@ int main() { // Step 4: Handle authentication errors, if needed // (invalid credential parameters, insufficient permissions). - std::cout << "Authentication error." << std::endl; + std::cout << "Authentication error: " << exception.what() << std::endl; + return 1; } return 0; diff --git a/sdk/identity/azure-identity/samples/managed_identity_credential.cpp b/sdk/identity/azure-identity/samples/managed_identity_credential.cpp index 86df34cf42..e52a11dd8c 100644 --- a/sdk/identity/azure-identity/samples/managed_identity_credential.cpp +++ b/sdk/identity/azure-identity/samples/managed_identity_credential.cpp @@ -27,7 +27,8 @@ int main() { // Step 4: Handle authentication errors, if needed // (invalid credential parameters, insufficient permissions). - std::cout << "Authentication error." << std::endl; + std::cout << "Authentication error: " << exception.what() << std::endl; + return 1; } return 0; From 95d26f4f19b0f23f03f36dfadb81d313bfcfabcd Mon Sep 17 00:00:00 2001 From: George Arama Date: Wed, 3 Jul 2024 16:55:36 -0700 Subject: [PATCH 23/43] fix winhttp failing test --- .../azure-identity/test/ut/azure_pipelines_credential_test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity/test/ut/azure_pipelines_credential_test.cpp b/sdk/identity/azure-identity/test/ut/azure_pipelines_credential_test.cpp index 02f110e33b..87bd7cc8c8 100644 --- a/sdk/identity/azure-identity/test/ut/azure_pipelines_credential_test.cpp +++ b/sdk/identity/azure-identity/test/ut/azure_pipelines_credential_test.cpp @@ -644,7 +644,7 @@ TEST(AzurePipelinesCredential, InvalidServiceConnectionId_LIVEONLY_) } } -TEST(AzurePipelinesCredential, InvalidSystemAccessToken_LIVEONLY_) +TEST(AzurePipelinesCredential, InvalidSystemAccessToken_DISABLED_) { std::string tenantId = Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"); std::string clientId = Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"); From 1d6fa4ca84fa90d7b106116b39fce14308e821ee Mon Sep 17 00:00:00 2001 From: George Arama Date: Wed, 3 Jul 2024 17:31:23 -0700 Subject: [PATCH 24/43] comment out code --- .../test/ut/azure_pipelines_credential_test.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/identity/azure-identity/test/ut/azure_pipelines_credential_test.cpp b/sdk/identity/azure-identity/test/ut/azure_pipelines_credential_test.cpp index 87bd7cc8c8..eb9b611079 100644 --- a/sdk/identity/azure-identity/test/ut/azure_pipelines_credential_test.cpp +++ b/sdk/identity/azure-identity/test/ut/azure_pipelines_credential_test.cpp @@ -644,7 +644,7 @@ TEST(AzurePipelinesCredential, InvalidServiceConnectionId_LIVEONLY_) } } -TEST(AzurePipelinesCredential, InvalidSystemAccessToken_DISABLED_) +/*TEST(AzurePipelinesCredential, InvalidSystemAccessToken_DISABLED_) { std::string tenantId = Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"); std::string clientId = Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"); @@ -675,4 +675,4 @@ TEST(AzurePipelinesCredential, InvalidSystemAccessToken_DISABLED_) { EXPECT_TRUE(std::string(ex.what()).find("302 (Found)") != std::string::npos) << ex.what(); } -} +}*/ From a90e896ce3ae452b645000c4c6a5e11b9fb9fbbd Mon Sep 17 00:00:00 2001 From: George Arama Date: Fri, 5 Jul 2024 09:44:02 -0700 Subject: [PATCH 25/43] remove managed identity --- sdk/keyvault/test-resources.json | 87 +------------------------------- 1 file changed, 2 insertions(+), 85 deletions(-) diff --git a/sdk/keyvault/test-resources.json b/sdk/keyvault/test-resources.json index 2025dcdb38..5692ea4ad8 100644 --- a/sdk/keyvault/test-resources.json +++ b/sdk/keyvault/test-resources.json @@ -161,10 +161,6 @@ "metadata": { "description": "Whether to enable deployment of Managed HSM. The default is false." } - }, - "identityName": { - "type": "string", - "defaultValue": "identityForKeyVault" } }, "variables": { @@ -176,31 +172,9 @@ "defaultAction": "Allow", "virtualNetworkRules": [], "ipRules": [] - }, - "bootstrapRoleAssignmentId": "[guid(concat(resourceGroup().id, 'contributor'))]", - "contributorRoleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]" + } }, "resources": [ - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2018-11-30", - "name": "[parameters('identityName')]", - "location": "[parameters('location')]" - }, - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2018-09-01-preview", - "name": "[variables('bootstrapRoleAssignmentId')]", - "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]" - ], - "properties": { - "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", - "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2018-11-30').principalId]", - "scope": "[resourceGroup().id]", - "principalType": "ServicePrincipal" - } - }, { "type": "Microsoft.KeyVault/vaults", "apiVersion": "2021-11-01-preview", @@ -268,69 +242,12 @@ "Purge" ] } - }, - { - "tenantId": "[parameters('tenantId')]", - "objectId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2018-11-30').principalId]", - "permissions": { - "keys": [ - "wrapKey", - "decrypt", - "list", - "purge", - "recover", - "restore", - "getrotationpolicy", - "sign", - "release", - "encrypt", - "rotate", - "import", - "create", - "verify", - "setrotationpolicy", - "backup", - "update", - "get", - "unwrapKey", - "delete" - ], - "secrets": [ - "Get", - "List", - "Set", - "Delete", - "Recover", - "Backup", - "Restore", - "Purge" - ], - "certificates": [ - "Get", - "List", - "Update", - "Create", - "Import", - "Delete", - "Recover", - "Backup", - "Restore", - "ManageContacts", - "ManageIssuers", - "GetIssuers", - "ListIssuers", - "SetIssuers", - "DeleteIssuers", - "Purge" - ] - } } ], "enabledForDeployment": false, "enabledForDiskEncryption": false, "enabledForTemplateDeployment": false, - "enableSoftDelete": "[parameters('enableSoftDelete')]", - "networkAcls": "[variables('networkAcls')]" + "enableSoftDelete": "[parameters('enableSoftDelete')]" } }, { From fb17a28ade63c04372d037d68a540960aad99164 Mon Sep 17 00:00:00 2001 From: George Arama Date: Fri, 5 Jul 2024 09:46:36 -0700 Subject: [PATCH 26/43] restore version from main --- sdk/keyvault/test-resources.json | 84 ++++++++++++++++---------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/sdk/keyvault/test-resources.json b/sdk/keyvault/test-resources.json index 5692ea4ad8..9b154ed8a6 100644 --- a/sdk/keyvault/test-resources.json +++ b/sdk/keyvault/test-resources.json @@ -54,50 +54,50 @@ "type": "string", "defaultValue": "brazilsouth", "allowedValues": [ - "australiacentral", - "australiacentral2", - "australiaeast", - "brazilsouth", - "brazilsoutheast", - "canadacentral", - "canadaeast", - "centralindia", - "centralus", - "eastasia", - "eastus", - "eastus2", - "eastus2euap", - "francecentral", - "germanywestcentral", - "israelcentral", - "italynorth", - "japaneast", - "japanwest", - "koreacentral", - "northcentralus", - "northeurope", - "norwayeast", - "norwaywest", - "polandcentral", - "qatarcentral", - "southafricanorth", - "southcentralus", - "southindia", - "southeastasia", - "swedencentral", - "switzerlandnorth", - "switzerlandwest", - "uaenorth", - "uksouth", - "westcentralus", - "westeurope", - "westindia", - "westus", - "westus2", - "westus3" + "australiacentral", + "australiacentral2", + "australiaeast", + "brazilsouth", + "brazilsoutheast", + "canadacentral", + "canadaeast", + "centralindia", + "centralus", + "eastasia", + "eastus", + "eastus2", + "eastus2euap", + "francecentral", + "germanywestcentral", + "israelcentral", + "italynorth", + "japaneast", + "japanwest", + "koreacentral", + "northcentralus", + "northeurope", + "norwayeast", + "norwaywest", + "polandcentral", + "qatarcentral", + "southafricanorth", + "southcentralus", + "southindia", + "southeastasia", + "swedencentral", + "switzerlandnorth", + "switzerlandwest", + "uaenorth", + "uksouth", + "westcentralus", + "westeurope", + "westindia", + "westus", + "westus2", + "westus3" ], "metadata": { - "description": "The location of the Managed HSM. By default, this is 'brazilsouth'." + "description": "The location of the Managed HSM. By default, this is 'brazilsouth'." } }, "enableSoftDelete": { From 89d9bcfff5255a899def786bbb3a876a69078ab7 Mon Sep 17 00:00:00 2001 From: George Arama Date: Fri, 5 Jul 2024 12:27:37 -0700 Subject: [PATCH 27/43] revert readme changes --- sdk/eventhubs/azure-messaging-eventhubs/README.md | 1 - sdk/identity/azure-identity/README.md | 1 - sdk/keyvault/azure-security-keyvault-administration/README.md | 1 - sdk/storage/README.md | 1 - sdk/tables/azure-data-tables/README.md | 1 - 5 files changed, 5 deletions(-) diff --git a/sdk/eventhubs/azure-messaging-eventhubs/README.md b/sdk/eventhubs/azure-messaging-eventhubs/README.md index 9bb3c1f2f4..8bc7dbd8e7 100644 --- a/sdk/eventhubs/azure-messaging-eventhubs/README.md +++ b/sdk/eventhubs/azure-messaging-eventhubs/README.md @@ -272,4 +272,3 @@ Azure SDK for C++ is licensed under the [MIT](https://github.com/Azure/azure-sdk [cppdoc_examples]: https://github.com/Azure/azure-sdk-for-cpp/tree/main/sdk/eventhubs/azure-messaging-eventhubs/samples ![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-cpp%2Fsdk%2Feventhubs%2FREADME.png) - diff --git a/sdk/identity/azure-identity/README.md b/sdk/identity/azure-identity/README.md index 03f6adff21..57de82c28a 100644 --- a/sdk/identity/azure-identity/README.md +++ b/sdk/identity/azure-identity/README.md @@ -192,4 +192,3 @@ Azure SDK for C++ is licensed under the [MIT](https://github.com/Azure/azure-sdk [meid_doc]: https://learn.microsoft.com/entra/identity/ [azure_core_library]: https://github.com/Azure/azure-sdk-for-cpp/tree/main/sdk/core [doxygen]: https://azure.github.io/azure-sdk-for-cpp/ - diff --git a/sdk/keyvault/azure-security-keyvault-administration/README.md b/sdk/keyvault/azure-security-keyvault-administration/README.md index 2414ffeeff..91557748e7 100644 --- a/sdk/keyvault/azure-security-keyvault-administration/README.md +++ b/sdk/keyvault/azure-security-keyvault-administration/README.md @@ -177,4 +177,3 @@ Azure SDK for C++ is licensed under the [MIT](https://github.com/Azure/azure-sdk [rbac_guide]: https://learn.microsoft.com/azure/key-vault/general/rbac-guide [best_practices]: https://learn.microsoft.com/azure/key-vault/managed-hsm/best-practices [built_in_roles]: https://learn.microsoft.com/azure/key-vault/managed-hsm/built-in-roles - diff --git a/sdk/storage/README.md b/sdk/storage/README.md index 038152abf8..e98d4ae856 100644 --- a/sdk/storage/README.md +++ b/sdk/storage/README.md @@ -36,4 +36,3 @@ additional questions or comments. [coc]: https://opensource.microsoft.com/codeofconduct/ [coc_faq]: https://opensource.microsoft.com/codeofconduct/faq/ [coc_contact]: mailto:opencode@microsoft.com - diff --git a/sdk/tables/azure-data-tables/README.md b/sdk/tables/azure-data-tables/README.md index 00ae22078d..5e2ed157aa 100644 --- a/sdk/tables/azure-data-tables/README.md +++ b/sdk/tables/azure-data-tables/README.md @@ -285,4 +285,3 @@ additional questions or comments. [azure_portal_create_account]:https://docs.microsoft.com/azure/storage/common/storage-account-create?tabs=azure-portal [azure_powershell_create_account]:https://docs.microsoft.com/azure/storage/common/storage-account-create?tabs=azure-powershell [azure_cli_create_account]: https://docs.microsoft.com/azure/storage/common/storage-account-create?tabs=azure-cli - From 03e5338defcf0df385ddb520d240fd04ecd67366 Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 8 Jul 2024 11:25:03 -0700 Subject: [PATCH 28/43] PR comments --- samples/helpers/get-env/CMakeLists.txt | 2 +- samples/helpers/get-env/inc/pipeline_auth_helper.hpp | 2 +- sdk/core/perf/inc/azure/perf/base_test.hpp | 2 +- sdk/identity/azure-identity/test/ut/token_credential_test.cpp | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/samples/helpers/get-env/CMakeLists.txt b/samples/helpers/get-env/CMakeLists.txt index ef6cacbd01..3609291eb5 100644 --- a/samples/helpers/get-env/CMakeLists.txt +++ b/samples/helpers/get-env/CMakeLists.txt @@ -12,8 +12,8 @@ add_library( get-env-helper OBJECT inc/get_env.hpp - src/get_env.cpp inc/pipeline_auth_helper.hpp + src/get_env.cpp ) target_link_libraries(get-env-helper PUBLIC azure-core azure-identity) target_include_directories(get-env-helper PUBLIC inc) diff --git a/samples/helpers/get-env/inc/pipeline_auth_helper.hpp b/samples/helpers/get-env/inc/pipeline_auth_helper.hpp index 36c1d1ae1d..e99a8a73bd 100644 --- a/samples/helpers/get-env/inc/pipeline_auth_helper.hpp +++ b/samples/helpers/get-env/inc/pipeline_auth_helper.hpp @@ -33,4 +33,4 @@ class PipelineAuthHelper final { return std::make_shared(); }; } -}; \ No newline at end of file +}; diff --git a/sdk/core/perf/inc/azure/perf/base_test.hpp b/sdk/core/perf/inc/azure/perf/base_test.hpp index 2f5eac998b..6b2d0ece71 100644 --- a/sdk/core/perf/inc/azure/perf/base_test.hpp +++ b/sdk/core/perf/inc/azure/perf/base_test.hpp @@ -100,7 +100,7 @@ namespace Azure { namespace Perf { * * @return The value of the environment variable retrieved. * - * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID are not available in the + * @note If AZURE_TENANT_ID or AZURE_CLIENT_ID are not available in the * environment, the AZURE_SERVICE_DIRECTORY environment variable is used to set those values * with the values emitted by the New-TestResources.ps1 script. * diff --git a/sdk/identity/azure-identity/test/ut/token_credential_test.cpp b/sdk/identity/azure-identity/test/ut/token_credential_test.cpp index ec5303ddde..eefb2f6b2b 100644 --- a/sdk/identity/azure-identity/test/ut/token_credential_test.cpp +++ b/sdk/identity/azure-identity/test/ut/token_credential_test.cpp @@ -55,7 +55,7 @@ using namespace Azure::Identity; TEST_F(TokenCredentialTest, ClientSecret) { - if (GetEnv("AZURE_TEST_MODE") == "LIVE" || GetEnv("AZURE_TEST_MODE") == "live") + if (m_testContext.IsLiveMode()) { SkipTest(); return; @@ -76,7 +76,7 @@ TEST_F(TokenCredentialTest, ClientSecret) TEST_F(TokenCredentialTest, EnvironmentCredential) { - if (GetEnv("AZURE_TEST_MODE") == "LIVE" || GetEnv("AZURE_TEST_MODE") == "live") + if (m_testContext.IsLiveMode()) { SkipTest(); return; From f1f7b824f548565a26e408f73227859ebcdc1995 Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 8 Jul 2024 13:28:36 -0700 Subject: [PATCH 29/43] test 2 --- samples/helpers/get-env/CMakeLists.txt | 1 - .../get-env/inc/pipeline_auth_helper.hpp | 36 ------------------- .../certificate_basic_operations.cpp | 12 +++++-- .../certificate_get_certificates.cpp | 11 ++++-- .../certificate_import_certificate.cpp | 11 ++++-- .../sample1_hello_world.cpp | 11 ++++-- .../sample2_backup_and_restore.cpp | 11 ++++-- .../sample3-get-keys/sample3_get_keys.cpp | 11 ++++-- .../sample4_encrypt_decrypt.cpp | 11 ++++-- .../sample5_sign_verify.cpp | 11 ++++-- .../sample6_wrap_unwrap.cpp | 11 ++++-- .../sample7_key_rotation.cpp | 11 ++++-- .../sample1_basic_operations.cpp | 11 ++++-- .../sample2_backup_restore.cpp | 11 ++++-- .../sample3_delete_recover.cpp | 11 ++++-- .../sample4_get_secrets_deleted.cpp | 11 ++++-- 16 files changed, 127 insertions(+), 65 deletions(-) delete mode 100644 samples/helpers/get-env/inc/pipeline_auth_helper.hpp diff --git a/samples/helpers/get-env/CMakeLists.txt b/samples/helpers/get-env/CMakeLists.txt index 3609291eb5..085adbb739 100644 --- a/samples/helpers/get-env/CMakeLists.txt +++ b/samples/helpers/get-env/CMakeLists.txt @@ -12,7 +12,6 @@ add_library( get-env-helper OBJECT inc/get_env.hpp - inc/pipeline_auth_helper.hpp src/get_env.cpp ) target_link_libraries(get-env-helper PUBLIC azure-core azure-identity) diff --git a/samples/helpers/get-env/inc/pipeline_auth_helper.hpp b/samples/helpers/get-env/inc/pipeline_auth_helper.hpp deleted file mode 100644 index e99a8a73bd..0000000000 --- a/samples/helpers/get-env/inc/pipeline_auth_helper.hpp +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. - -#pragma once - -#include -#include -#include -#include - -#include -#include -#include - -class PipelineAuthHelper final { -public: - static const std::shared_ptr GetSampleCredentials() - { - try - { - // the ENVs are defined only by the pipeline and not by the user thus this will throw when - // trying to get ENVs outside of the pipeline thus will fall back on the default azure - // credential - return std::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")); - } - catch (...) - { - return std::make_shared(); - }; - } -}; diff --git a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp index d8d2e879de..f44299421b 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp +++ b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp @@ -15,8 +15,8 @@ #include #include -#include #include +#include using namespace Azure::Security::KeyVault::Certificates; using namespace std::chrono_literals; @@ -24,7 +24,15 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); std::chrono::milliseconds defaultWait(10s); // create client CertificateClient certificateClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-get-certificates/certificate_get_certificates.cpp b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-get-certificates/certificate_get_certificates.cpp index 2c9675efdc..8af92428ea 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-get-certificates/certificate_get_certificates.cpp +++ b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-get-certificates/certificate_get_certificates.cpp @@ -18,7 +18,6 @@ #include #include -#include #include using namespace Azure::Security::KeyVault::Certificates; @@ -31,7 +30,15 @@ KeyVaultCertificateWithPolicy CreateCertificate( int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); std::chrono::milliseconds defaultWait(10s); // create client CertificateClient certificateClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-import-certificate/certificate_import_certificate.cpp b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-import-certificate/certificate_import_certificate.cpp index 030d6cf6a8..d690e4a78e 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-import-certificate/certificate_import_certificate.cpp +++ b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-import-certificate/certificate_import_certificate.cpp @@ -16,7 +16,6 @@ #include #include -#include using namespace Azure::Security::KeyVault::Certificates; using namespace std::chrono_literals; @@ -27,7 +26,15 @@ std::string GetPkcsCertificate(); int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); std::chrono::milliseconds defaultWait(10s); // create client CertificateClient certificateClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample1-hello-world/sample1_hello_world.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample1-hello-world/sample1_hello_world.cpp index 3c76edab30..ab1ea68053 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample1-hello-world/sample1_hello_world.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample1-hello-world/sample1_hello_world.cpp @@ -17,7 +17,6 @@ #include #include #include -#include #include using namespace Azure::Security::KeyVault::Keys; @@ -25,7 +24,15 @@ using namespace Azure::Security::KeyVault::Keys; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample2-backup-and-restore/sample2_backup_and_restore.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample2-backup-and-restore/sample2_backup_and_restore.cpp index 606057640c..2ce83c336f 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample2-backup-and-restore/sample2_backup_and_restore.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample2-backup-and-restore/sample2_backup_and_restore.cpp @@ -19,7 +19,6 @@ #include #include #include -#include #include using namespace Azure::Security::KeyVault::Keys; @@ -29,7 +28,15 @@ static void AssertKeysEqual(KeyProperties const& expected, KeyProperties const& int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample3-get-keys/sample3_get_keys.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample3-get-keys/sample3_get_keys.cpp index 68d59ad779..44ed1840da 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample3-get-keys/sample3_get_keys.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample3-get-keys/sample3_get_keys.cpp @@ -19,7 +19,6 @@ #include #include #include -#include #include using namespace Azure::Security::KeyVault::Keys; @@ -27,7 +26,15 @@ using namespace Azure::Security::KeyVault::Keys; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp index 9dc131de97..69e9a7a6e5 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp @@ -16,7 +16,6 @@ #include #include -#include #include using namespace Azure::Security::KeyVault::Keys; @@ -26,7 +25,15 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample5-sign-verify/sample5_sign_verify.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample5-sign-verify/sample5_sign_verify.cpp index 63bc53a61a..88b8778e89 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample5-sign-verify/sample5_sign_verify.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample5-sign-verify/sample5_sign_verify.cpp @@ -16,7 +16,6 @@ #include #include -#include #include using namespace Azure::Security::KeyVault::Keys; @@ -26,7 +25,15 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp index 8f888192b7..ff4658b533 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp @@ -16,7 +16,6 @@ #include #include -#include #include using namespace Azure::Security::KeyVault::Keys; @@ -26,7 +25,15 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample7-key-rotation/sample7_key_rotation.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample7-key-rotation/sample7_key_rotation.cpp index b997b73f1a..2f8ac9838b 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample7-key-rotation/sample7_key_rotation.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample7-key-rotation/sample7_key_rotation.cpp @@ -16,7 +16,6 @@ #include #include -#include #include using namespace Azure::Security::KeyVault::Keys; @@ -26,7 +25,15 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample1-basic-operations/sample1_basic_operations.cpp b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample1-basic-operations/sample1_basic_operations.cpp index 987dc85b8e..785cefea71 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample1-basic-operations/sample1_basic_operations.cpp +++ b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample1-basic-operations/sample1_basic_operations.cpp @@ -15,7 +15,6 @@ #include #include -#include using namespace Azure::Security::KeyVault::Secrets; using namespace std::chrono_literals; @@ -24,7 +23,15 @@ int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); // @begin_snippet: SecretSample1CreateCredential - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); // create client SecretClient secretClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample2-backup-restore/sample2_backup_restore.cpp b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample2-backup-restore/sample2_backup_restore.cpp index d25aea06d5..aa4f4cecfd 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample2-backup-restore/sample2_backup_restore.cpp +++ b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample2-backup-restore/sample2_backup_restore.cpp @@ -17,7 +17,6 @@ #include #include #include -#include using namespace Azure::Security::KeyVault::Secrets; using namespace std::chrono_literals; @@ -26,7 +25,15 @@ void AssertSecretsEqual(KeyVaultSecret const& expected, KeyVaultSecret const& ac int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); // create client SecretClient secretClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample3-delete-recover/sample3_delete_recover.cpp b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample3-delete-recover/sample3_delete_recover.cpp index 2085ecded0..656a0deb0b 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample3-delete-recover/sample3_delete_recover.cpp +++ b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample3-delete-recover/sample3_delete_recover.cpp @@ -16,7 +16,6 @@ #include #include #include -#include using namespace Azure::Security::KeyVault::Secrets; using namespace std::chrono_literals; @@ -25,7 +24,15 @@ void AssertSecretsEqual(KeyVaultSecret const& expected, KeyVaultSecret const& ac int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); // create client SecretClient secretClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample4-get-secrets-deleted/sample4_get_secrets_deleted.cpp b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample4-get-secrets-deleted/sample4_get_secrets_deleted.cpp index d0dbd36187..f74e69693e 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample4-get-secrets-deleted/sample4_get_secrets_deleted.cpp +++ b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample4-get-secrets-deleted/sample4_get_secrets_deleted.cpp @@ -15,7 +15,6 @@ #include #include -#include using namespace Azure::Security::KeyVault::Secrets; using namespace std::chrono_literals; @@ -23,7 +22,15 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = PipelineAuthHelper::GetSampleCredentials(); + auto credential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); // create client SecretClient secretClient(keyVaultUrl, credential); From 5e686e2e25db987a9e5e3b4ae09eddf54337bd38 Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 8 Jul 2024 13:44:46 -0700 Subject: [PATCH 30/43] clang --- .../certificate_basic_operations.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp index f44299421b..3f3537ef0e 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp +++ b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp @@ -15,8 +15,8 @@ #include #include -#include #include +#include using namespace Azure::Security::KeyVault::Certificates; using namespace std::chrono_literals; From a06f20cf7c88b0483008e569ad756227d3148182 Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 8 Jul 2024 16:17:23 -0700 Subject: [PATCH 31/43] attempt default creds with pipeline chanined --- .../inc/azure/core/test/test_base.hpp | 18 +------------- sdk/core/perf/src/base_test.cpp | 18 +------------- .../identity/azure_pipelines_credential.hpp | 9 ++++++- .../detail/client_credential_core.hpp | 24 +++++++++++++++++++ .../src/default_azure_credential.cpp | 4 +++- .../certificate_basic_operations.cpp | 11 ++------- .../certificate_get_certificates.cpp | 10 +------- .../certificate_import_certificate.cpp | 10 +------- .../sample1_hello_world.cpp | 10 +------- .../sample2_backup_and_restore.cpp | 10 +------- .../sample3-get-keys/sample3_get_keys.cpp | 10 +------- .../sample4_encrypt_decrypt.cpp | 10 +------- .../sample5_sign_verify.cpp | 10 +------- .../sample6_wrap_unwrap.cpp | 10 +------- .../sample7_key_rotation.cpp | 10 +------- .../sample1_basic_operations.cpp | 10 +------- .../sample2_backup_restore.cpp | 10 +------- .../sample3_delete_recover.cpp | 10 +------- .../sample4_get_secrets_deleted.cpp | 10 +------- 19 files changed, 52 insertions(+), 162 deletions(-) diff --git a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp index d33b8ad059..e9772cc389 100644 --- a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp +++ b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp @@ -248,23 +248,7 @@ namespace Azure { namespace Core { namespace Test { } if (clientSecret.empty()) { - try - { - // the ENVs are defined only by the pipeline and not by the user thus this will throw - // when - // trying to get ENVs outside of the pipeline thus will fall back on the default azure - // credential - m_testCredential = std::make_shared( - GetEnv("AZURESUBSCRIPTION_TENANT_ID"), - GetEnv("AZURESUBSCRIPTION_CLIENT_ID"), - GetEnv("AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - GetEnv("SYSTEM_ACCESSTOKEN")); - } - catch (...) - { - // failed to create the pipeline credentials, fall back to default credentials - m_testCredential = std::make_shared(); - }; + m_testCredential = std::make_shared(); } else { diff --git a/sdk/core/perf/src/base_test.cpp b/sdk/core/perf/src/base_test.cpp index 075f36739b..15a747d84b 100644 --- a/sdk/core/perf/src/base_test.cpp +++ b/sdk/core/perf/src/base_test.cpp @@ -287,23 +287,7 @@ namespace Azure { namespace Perf { } if (clientSecret.empty()) { - try - { - // the ENVs are defined only by the pipeline and not by the user thus this will throw - // when - // trying to get ENVs outside of the pipeline thus will fall back on the default azure - // credential - m_testCredential = std::make_shared( - GetEnv("AZURESUBSCRIPTION_TENANT_ID"), - GetEnv("AZURESUBSCRIPTION_CLIENT_ID"), - GetEnv("AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - GetEnv("SYSTEM_ACCESSTOKEN")); - } - catch (...) - { - // failed to create the pipeline credentials, fall back to default credentials - m_testCredential = std::make_shared(); - }; + m_testCredential = std::make_shared(); } else { diff --git a/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp b/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp index 0a96fc7b85..da375d7e7d 100644 --- a/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp +++ b/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp @@ -55,7 +55,7 @@ namespace Azure { namespace Identity { */ class AzurePipelinesCredential final : public Core::Credentials::TokenCredential { private: - std::string m_serviceConnectionId; + std::string m_serviceConnectionId; std::string m_systemAccessToken; _detail::ClientCredentialCore m_clientCredentialCore; Azure::Core::Http::_internal::HttpPipeline m_httpPipeline; @@ -90,6 +90,13 @@ namespace Azure { namespace Identity { std::string systemAccessToken, AzurePipelinesCredentialOptions const& options = {}); + explicit AzurePipelinesCredential(AzurePipelinesCredentialOptions const& options = {}) + : AzurePipelinesCredential( + _detail::DefaultOptionValues::GetSubscriptionTenantId(), + _detail::DefaultOptionValues::GetSubscriptionClientId(), + _detail::DefaultOptionValues::GetSubscriptionServiceConnectionId(), + _detail::DefaultOptionValues::GetSystemAccessToken(), + options){}; /** * @brief Destructs `%AzurePipelinesCredential`. * diff --git a/sdk/identity/azure-identity/inc/azure/identity/detail/client_credential_core.hpp b/sdk/identity/azure-identity/inc/azure/identity/detail/client_credential_core.hpp index 244cd86ab9..2683ed87ed 100644 --- a/sdk/identity/azure-identity/inc/azure/identity/detail/client_credential_core.hpp +++ b/sdk/identity/azure-identity/inc/azure/identity/detail/client_credential_core.hpp @@ -19,6 +19,10 @@ namespace Azure { namespace Identity { namespace _detail { constexpr auto AzureFederatedTokenFileEnvVarName = "AZURE_FEDERATED_TOKEN_FILE"; const std::string OidcRequestUrlEnvVarName = "SYSTEM_OIDCREQUESTURI"; const std::string AadGlobalAuthority = "https://login.microsoftonline.com/"; + constexpr auto AzureSubscriptionTenantId = "AZURESUBSCRIPTION_TENANT_ID"; + constexpr auto AzureSubscriptionClientId = "AZURESUBSCRIPTION_CLIENT_ID"; + constexpr auto AzureSubscriptionServiceConnectionId = "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"; + constexpr auto SystemAccessToken = "SYSTEM_ACCESSTOKEN"; class DefaultOptionValues final { DefaultOptionValues() = delete; @@ -52,6 +56,26 @@ namespace Azure { namespace Identity { namespace _detail { { return Core::_internal::Environment::GetVariable(OidcRequestUrlEnvVarName.c_str()); } + + static std::string GetSubscriptionTenantId() + { + return Core::_internal::Environment::GetVariable(AzureSubscriptionTenantId); + } + + static std::string GetSubscriptionClientId() + { + return Core::_internal::Environment::GetVariable(AzureSubscriptionClientId); + } + + static std::string GetSubscriptionServiceConnectionId() + { + return Core::_internal::Environment::GetVariable(AzureSubscriptionServiceConnectionId); + } + + static std::string GetSystemAccessToken() + { + return Core::_internal::Environment::GetVariable(SystemAccessToken); + } }; class ClientCredentialCore final { diff --git a/sdk/identity/azure-identity/src/default_azure_credential.cpp b/sdk/identity/azure-identity/src/default_azure_credential.cpp index e6dafd3288..c708420a62 100644 --- a/sdk/identity/azure-identity/src/default_azure_credential.cpp +++ b/sdk/identity/azure-identity/src/default_azure_credential.cpp @@ -7,6 +7,7 @@ #include "azure/identity/environment_credential.hpp" #include "azure/identity/managed_identity_credential.hpp" #include "azure/identity/workload_identity_credential.hpp" +#include "azure/identity/azure_pipelines_credential.hpp" #include "private/chained_token_credential_impl.hpp" #include "private/identity_log.hpp" @@ -42,12 +43,13 @@ DefaultAzureCredential::DefaultAzureCredential( auto const wiCred = std::make_shared(options); auto const azCliCred = std::make_shared(options); auto const managedIdentityCred = std::make_shared(options); + auto const pipelineCred = std::make_shared(); // DefaultAzureCredential caches the selected credential, so that it can be reused on subsequent // calls. m_impl = std::make_unique<_detail::ChainedTokenCredentialImpl>( GetCredentialName(), - ChainedTokenCredential::Sources{envCred, wiCred, azCliCred, managedIdentityCred}, + ChainedTokenCredential::Sources{pipelineCred, envCred, wiCred, azCliCred, managedIdentityCred}, true); } diff --git a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp index 3f3537ef0e..bac68a63c7 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp +++ b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp @@ -24,15 +24,8 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = + std::make_shared(); std::chrono::milliseconds defaultWait(10s); // create client CertificateClient certificateClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-get-certificates/certificate_get_certificates.cpp b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-get-certificates/certificate_get_certificates.cpp index 8af92428ea..dc668099e5 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-get-certificates/certificate_get_certificates.cpp +++ b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-get-certificates/certificate_get_certificates.cpp @@ -30,15 +30,7 @@ KeyVaultCertificateWithPolicy CreateCertificate( int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); std::chrono::milliseconds defaultWait(10s); // create client CertificateClient certificateClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-import-certificate/certificate_import_certificate.cpp b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-import-certificate/certificate_import_certificate.cpp index d690e4a78e..077eb241e3 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-import-certificate/certificate_import_certificate.cpp +++ b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-import-certificate/certificate_import_certificate.cpp @@ -26,15 +26,7 @@ std::string GetPkcsCertificate(); int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); std::chrono::milliseconds defaultWait(10s); // create client CertificateClient certificateClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample1-hello-world/sample1_hello_world.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample1-hello-world/sample1_hello_world.cpp index ab1ea68053..b98e05905d 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample1-hello-world/sample1_hello_world.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample1-hello-world/sample1_hello_world.cpp @@ -24,15 +24,7 @@ using namespace Azure::Security::KeyVault::Keys; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample2-backup-and-restore/sample2_backup_and_restore.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample2-backup-and-restore/sample2_backup_and_restore.cpp index 2ce83c336f..0501814ba4 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample2-backup-and-restore/sample2_backup_and_restore.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample2-backup-and-restore/sample2_backup_and_restore.cpp @@ -28,15 +28,7 @@ static void AssertKeysEqual(KeyProperties const& expected, KeyProperties const& int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample3-get-keys/sample3_get_keys.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample3-get-keys/sample3_get_keys.cpp index 44ed1840da..e71dd3c1ee 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample3-get-keys/sample3_get_keys.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample3-get-keys/sample3_get_keys.cpp @@ -26,15 +26,7 @@ using namespace Azure::Security::KeyVault::Keys; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp index 69e9a7a6e5..ac3973378e 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp @@ -25,15 +25,7 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample5-sign-verify/sample5_sign_verify.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample5-sign-verify/sample5_sign_verify.cpp index 88b8778e89..867369d815 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample5-sign-verify/sample5_sign_verify.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample5-sign-verify/sample5_sign_verify.cpp @@ -25,15 +25,7 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp index ff4658b533..bbaee389ee 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp @@ -25,15 +25,7 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample7-key-rotation/sample7_key_rotation.cpp b/sdk/keyvault/azure-security-keyvault-keys/samples/sample7-key-rotation/sample7_key_rotation.cpp index 2f8ac9838b..ce43275698 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample7-key-rotation/sample7_key_rotation.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample7-key-rotation/sample7_key_rotation.cpp @@ -25,15 +25,7 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); KeyClient keyClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample1-basic-operations/sample1_basic_operations.cpp b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample1-basic-operations/sample1_basic_operations.cpp index 785cefea71..dd55a2ba0d 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample1-basic-operations/sample1_basic_operations.cpp +++ b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample1-basic-operations/sample1_basic_operations.cpp @@ -23,15 +23,7 @@ int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); // @begin_snippet: SecretSample1CreateCredential - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); // create client SecretClient secretClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample2-backup-restore/sample2_backup_restore.cpp b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample2-backup-restore/sample2_backup_restore.cpp index aa4f4cecfd..1d599ee56e 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample2-backup-restore/sample2_backup_restore.cpp +++ b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample2-backup-restore/sample2_backup_restore.cpp @@ -25,15 +25,7 @@ void AssertSecretsEqual(KeyVaultSecret const& expected, KeyVaultSecret const& ac int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); // create client SecretClient secretClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample3-delete-recover/sample3_delete_recover.cpp b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample3-delete-recover/sample3_delete_recover.cpp index 656a0deb0b..977ccf4ddf 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample3-delete-recover/sample3_delete_recover.cpp +++ b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample3-delete-recover/sample3_delete_recover.cpp @@ -24,15 +24,7 @@ void AssertSecretsEqual(KeyVaultSecret const& expected, KeyVaultSecret const& ac int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); // create client SecretClient secretClient(keyVaultUrl, credential); diff --git a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample4-get-secrets-deleted/sample4_get_secrets_deleted.cpp b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample4-get-secrets-deleted/sample4_get_secrets_deleted.cpp index f74e69693e..b470252992 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/samples/sample4-get-secrets-deleted/sample4_get_secrets_deleted.cpp +++ b/sdk/keyvault/azure-security-keyvault-secrets/samples/sample4-get-secrets-deleted/sample4_get_secrets_deleted.cpp @@ -22,15 +22,7 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = std::make_shared( - Azure::Identity::ChainedTokenCredential::Sources{ - std ::make_shared( - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), - Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), - Azure::Core::_internal::Environment::GetVariable( - "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), - Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), - std::make_shared()}); + auto credential = std::make_shared(); // create client SecretClient secretClient(keyVaultUrl, credential); From 737e3449c63062c7935b591b206156c774f872c7 Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 8 Jul 2024 16:26:53 -0700 Subject: [PATCH 32/43] clangs --- .../inc/azure/identity/azure_pipelines_credential.hpp | 7 ++++++- .../azure-identity/src/default_azure_credential.cpp | 5 +++-- .../certificate_basic_operations.cpp | 3 +-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp b/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp index da375d7e7d..5a96ac0fc9 100644 --- a/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp +++ b/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp @@ -55,7 +55,7 @@ namespace Azure { namespace Identity { */ class AzurePipelinesCredential final : public Core::Credentials::TokenCredential { private: - std::string m_serviceConnectionId; + std::string m_serviceConnectionId; std::string m_systemAccessToken; _detail::ClientCredentialCore m_clientCredentialCore; Azure::Core::Http::_internal::HttpPipeline m_httpPipeline; @@ -90,6 +90,11 @@ namespace Azure { namespace Identity { std::string systemAccessToken, AzurePipelinesCredentialOptions const& options = {}); + /** + * @brief Constructs an Azure Pipelines Credential using environment variables. + * + * @param options Options for token retrieval. + */ explicit AzurePipelinesCredential(AzurePipelinesCredentialOptions const& options = {}) : AzurePipelinesCredential( _detail::DefaultOptionValues::GetSubscriptionTenantId(), diff --git a/sdk/identity/azure-identity/src/default_azure_credential.cpp b/sdk/identity/azure-identity/src/default_azure_credential.cpp index c708420a62..5fbd7edbcd 100644 --- a/sdk/identity/azure-identity/src/default_azure_credential.cpp +++ b/sdk/identity/azure-identity/src/default_azure_credential.cpp @@ -4,10 +4,10 @@ #include "azure/identity/default_azure_credential.hpp" #include "azure/identity/azure_cli_credential.hpp" +#include "azure/identity/azure_pipelines_credential.hpp" #include "azure/identity/environment_credential.hpp" #include "azure/identity/managed_identity_credential.hpp" #include "azure/identity/workload_identity_credential.hpp" -#include "azure/identity/azure_pipelines_credential.hpp" #include "private/chained_token_credential_impl.hpp" #include "private/identity_log.hpp" @@ -49,7 +49,8 @@ DefaultAzureCredential::DefaultAzureCredential( // calls. m_impl = std::make_unique<_detail::ChainedTokenCredentialImpl>( GetCredentialName(), - ChainedTokenCredential::Sources{pipelineCred, envCred, wiCred, azCliCred, managedIdentityCred}, + ChainedTokenCredential::Sources{ + pipelineCred, envCred, wiCred, azCliCred, managedIdentityCred}, true); } diff --git a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp index bac68a63c7..7c2b63ef23 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp +++ b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp @@ -24,8 +24,7 @@ using namespace std::chrono_literals; int main() { auto const keyVaultUrl = std::getenv("AZURE_KEYVAULT_URL"); - auto credential = - std::make_shared(); + auto credential = std::make_shared(); std::chrono::milliseconds defaultWait(10s); // create client CertificateClient certificateClient(keyVaultUrl, credential); From 5aa9d9ab02fc9971ad34a01fbb4e5643e8aff210 Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 8 Jul 2024 16:56:24 -0700 Subject: [PATCH 33/43] identity test and clangs --- sdk/core/azure-core-test/src/test_proxy_manager.cpp | 2 +- .../inc/azure/identity/azure_pipelines_credential.hpp | 4 +++- .../azure-identity/src/default_azure_credential.cpp | 6 +++++- .../test/ut/default_azure_credential_test.cpp | 8 ++++---- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/sdk/core/azure-core-test/src/test_proxy_manager.cpp b/sdk/core/azure-core-test/src/test_proxy_manager.cpp index 3fd86f12b5..98000a76cd 100644 --- a/sdk/core/azure-core-test/src/test_proxy_manager.cpp +++ b/sdk/core/azure-core-test/src/test_proxy_manager.cpp @@ -19,7 +19,7 @@ using Azure::Core::_internal::Environment; TestMode TestProxyManager::GetTestMode() { - auto value = Environment::GetVariable("AZURE_TEST_MODE"); + auto value = std::string{"LIVE"}; // Environment::GetVariable("AZURE_TEST_MODE"); if (value.empty()) { return Azure::Core::Test::TestMode::LIVE; diff --git a/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp b/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp index 5a96ac0fc9..4f7aa53e70 100644 --- a/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp +++ b/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp @@ -91,7 +91,9 @@ namespace Azure { namespace Identity { AzurePipelinesCredentialOptions const& options = {}); /** - * @brief Constructs an Azure Pipelines Credential using environment variables. + * @brief Constructs an Azure Pipelines Credential using the following environment variables. + * AZURESUBSCRIPTION_TENANT_ID, AZURESUBSCRIPTION_CLIENT_ID, + * AZURESUBSCRIPTION_SERVICE_CONNECTION_ID, SYSTEM_ACCESSTOKEN * * @param options Options for token retrieval. */ diff --git a/sdk/identity/azure-identity/src/default_azure_credential.cpp b/sdk/identity/azure-identity/src/default_azure_credential.cpp index 5fbd7edbcd..4d3e881ea3 100644 --- a/sdk/identity/azure-identity/src/default_azure_credential.cpp +++ b/sdk/identity/azure-identity/src/default_azure_credential.cpp @@ -50,7 +50,11 @@ DefaultAzureCredential::DefaultAzureCredential( m_impl = std::make_unique<_detail::ChainedTokenCredentialImpl>( GetCredentialName(), ChainedTokenCredential::Sources{ - pipelineCred, envCred, wiCred, azCliCred, managedIdentityCred}, + envCred, + wiCred, + azCliCred, + managedIdentityCred, + pipelineCred}, true); } diff --git a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp index d571952384..7c5d28d0d0 100644 --- a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp +++ b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp @@ -169,7 +169,7 @@ TEST(DefaultAzureCredential, LogMessages) auto credential = std::make_unique(options); - EXPECT_EQ(log.size(), LogMsgVec::size_type(11)); + EXPECT_EQ(log.size(), LogMsgVec::size_type(17)); EXPECT_EQ(log[0].first, Logger::Level::Verbose); EXPECT_EQ( @@ -235,12 +235,12 @@ TEST(DefaultAzureCredential, LogMessages) "Identity: AzureCliCredential created." "\nSuccessful creation does not guarantee further successful token retrieval."); - EXPECT_EQ(log[10].first, Logger::Level::Informational); + EXPECT_EQ(log[16].first, Logger::Level::Informational); EXPECT_EQ( - log[10].second, + log[16].second, "Identity: DefaultAzureCredential: Created with the following credentials: " "EnvironmentCredential, WorkloadIdentityCredential, AzureCliCredential, " - "ManagedIdentityCredential."); + "ManagedIdentityCredential, AzurePipelinesCredential."); log.clear(); From a499b637fb24edd6a61dc8e9df8e7704983c76e9 Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 8 Jul 2024 16:57:23 -0700 Subject: [PATCH 34/43] oops --- sdk/core/azure-core-test/src/test_proxy_manager.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/core/azure-core-test/src/test_proxy_manager.cpp b/sdk/core/azure-core-test/src/test_proxy_manager.cpp index 98000a76cd..3fd86f12b5 100644 --- a/sdk/core/azure-core-test/src/test_proxy_manager.cpp +++ b/sdk/core/azure-core-test/src/test_proxy_manager.cpp @@ -19,7 +19,7 @@ using Azure::Core::_internal::Environment; TestMode TestProxyManager::GetTestMode() { - auto value = std::string{"LIVE"}; // Environment::GetVariable("AZURE_TEST_MODE"); + auto value = Environment::GetVariable("AZURE_TEST_MODE"); if (value.empty()) { return Azure::Core::Test::TestMode::LIVE; From 142ed8dc1e965b5484816739be4dec110f861b94 Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 8 Jul 2024 17:09:25 -0700 Subject: [PATCH 35/43] live --- sdk/core/azure-core-test/src/test_proxy_manager.cpp | 2 +- .../azure-identity/src/default_azure_credential.cpp | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/sdk/core/azure-core-test/src/test_proxy_manager.cpp b/sdk/core/azure-core-test/src/test_proxy_manager.cpp index 3fd86f12b5..98000a76cd 100644 --- a/sdk/core/azure-core-test/src/test_proxy_manager.cpp +++ b/sdk/core/azure-core-test/src/test_proxy_manager.cpp @@ -19,7 +19,7 @@ using Azure::Core::_internal::Environment; TestMode TestProxyManager::GetTestMode() { - auto value = Environment::GetVariable("AZURE_TEST_MODE"); + auto value = std::string{"LIVE"}; // Environment::GetVariable("AZURE_TEST_MODE"); if (value.empty()) { return Azure::Core::Test::TestMode::LIVE; diff --git a/sdk/identity/azure-identity/src/default_azure_credential.cpp b/sdk/identity/azure-identity/src/default_azure_credential.cpp index 4d3e881ea3..50430c9240 100644 --- a/sdk/identity/azure-identity/src/default_azure_credential.cpp +++ b/sdk/identity/azure-identity/src/default_azure_credential.cpp @@ -50,11 +50,7 @@ DefaultAzureCredential::DefaultAzureCredential( m_impl = std::make_unique<_detail::ChainedTokenCredentialImpl>( GetCredentialName(), ChainedTokenCredential::Sources{ - envCred, - wiCred, - azCliCred, - managedIdentityCred, - pipelineCred}, + envCred, wiCred, azCliCred, managedIdentityCred, pipelineCred}, true); } From 462c5bc868603e56df3774c33078233b5044348d Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 8 Jul 2024 17:14:18 -0700 Subject: [PATCH 36/43] cleanup --- samples/helpers/get-env/CMakeLists.txt | 1 - sdk/core/azure-core-test/src/test_proxy_manager.cpp | 2 +- sdk/core/perf/src/base_test.cpp | 2 -- .../certificate_basic_operations.cpp | 1 - sdk/storage/README.md | 1 + 5 files changed, 2 insertions(+), 5 deletions(-) diff --git a/samples/helpers/get-env/CMakeLists.txt b/samples/helpers/get-env/CMakeLists.txt index 085adbb739..8ed7b89f0c 100644 --- a/samples/helpers/get-env/CMakeLists.txt +++ b/samples/helpers/get-env/CMakeLists.txt @@ -14,5 +14,4 @@ add_library( inc/get_env.hpp src/get_env.cpp ) -target_link_libraries(get-env-helper PUBLIC azure-core azure-identity) target_include_directories(get-env-helper PUBLIC inc) diff --git a/sdk/core/azure-core-test/src/test_proxy_manager.cpp b/sdk/core/azure-core-test/src/test_proxy_manager.cpp index 98000a76cd..3fd86f12b5 100644 --- a/sdk/core/azure-core-test/src/test_proxy_manager.cpp +++ b/sdk/core/azure-core-test/src/test_proxy_manager.cpp @@ -19,7 +19,7 @@ using Azure::Core::_internal::Environment; TestMode TestProxyManager::GetTestMode() { - auto value = std::string{"LIVE"}; // Environment::GetVariable("AZURE_TEST_MODE"); + auto value = Environment::GetVariable("AZURE_TEST_MODE"); if (value.empty()) { return Azure::Core::Test::TestMode::LIVE; diff --git a/sdk/core/perf/src/base_test.cpp b/sdk/core/perf/src/base_test.cpp index 15a747d84b..c5ab583014 100644 --- a/sdk/core/perf/src/base_test.cpp +++ b/sdk/core/perf/src/base_test.cpp @@ -11,8 +11,6 @@ #endif #include #include -#include -#include #include #include diff --git a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp index 7c2b63ef23..8eb5568116 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp +++ b/sdk/keyvault/azure-security-keyvault-certificates/samples/certificate-basic-operations/certificate_basic_operations.cpp @@ -15,7 +15,6 @@ #include #include -#include #include using namespace Azure::Security::KeyVault::Certificates; diff --git a/sdk/storage/README.md b/sdk/storage/README.md index e98d4ae856..018d3bc6dd 100644 --- a/sdk/storage/README.md +++ b/sdk/storage/README.md @@ -36,3 +36,4 @@ additional questions or comments. [coc]: https://opensource.microsoft.com/codeofconduct/ [coc_faq]: https://opensource.microsoft.com/codeofconduct/faq/ [coc_contact]: mailto:opencode@microsoft.com + From c4f6681572286fc833513665f85a158b79e0b31a Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 8 Jul 2024 17:17:08 -0700 Subject: [PATCH 37/43] reter --- samples/helpers/get-env/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/samples/helpers/get-env/CMakeLists.txt b/samples/helpers/get-env/CMakeLists.txt index 8ed7b89f0c..4711e0315c 100644 --- a/samples/helpers/get-env/CMakeLists.txt +++ b/samples/helpers/get-env/CMakeLists.txt @@ -14,4 +14,5 @@ add_library( inc/get_env.hpp src/get_env.cpp ) + target_include_directories(get-env-helper PUBLIC inc) From 2509a54f68034f9c05dd89802585e605489192c4 Mon Sep 17 00:00:00 2001 From: George Arama Date: Mon, 8 Jul 2024 17:31:27 -0700 Subject: [PATCH 38/43] test --- .../test/ut/default_azure_credential_test.cpp | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp index 7c5d28d0d0..48603084e5 100644 --- a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp +++ b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp @@ -169,7 +169,7 @@ TEST(DefaultAzureCredential, LogMessages) auto credential = std::make_unique(options); - EXPECT_EQ(log.size(), LogMsgVec::size_type(17)); + EXPECT_EQ(log.size(), LogMsgVec::size_type(16)); EXPECT_EQ(log[0].first, Logger::Level::Verbose); EXPECT_EQ( @@ -235,13 +235,6 @@ TEST(DefaultAzureCredential, LogMessages) "Identity: AzureCliCredential created." "\nSuccessful creation does not guarantee further successful token retrieval."); - EXPECT_EQ(log[16].first, Logger::Level::Informational); - EXPECT_EQ( - log[16].second, - "Identity: DefaultAzureCredential: Created with the following credentials: " - "EnvironmentCredential, WorkloadIdentityCredential, AzureCliCredential, " - "ManagedIdentityCredential, AzurePipelinesCredential."); - log.clear(); return credential; From 2b3161395f359bb681b982954dbc2108cd2bf08b Mon Sep 17 00:00:00 2001 From: George Arama Date: Tue, 9 Jul 2024 10:56:19 -0700 Subject: [PATCH 39/43] revert the DAC change --- .../inc/azure/core/test/test_base.hpp | 12 +++++++++- sdk/core/perf/src/base_test.cpp | 12 +++++++++- .../identity/azure_pipelines_credential.hpp | 14 ----------- .../detail/client_credential_core.hpp | 24 ------------------- .../src/default_azure_credential.cpp | 5 +--- .../test/ut/default_azure_credential_test.cpp | 9 ++++++- 6 files changed, 31 insertions(+), 45 deletions(-) diff --git a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp index e9772cc389..d6f8b740c9 100644 --- a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp +++ b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp @@ -248,7 +248,17 @@ namespace Azure { namespace Core { namespace Test { } if (clientSecret.empty()) { - m_testCredential = std::make_shared(); + m_testCredential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); } else { diff --git a/sdk/core/perf/src/base_test.cpp b/sdk/core/perf/src/base_test.cpp index c5ab583014..037071d13f 100644 --- a/sdk/core/perf/src/base_test.cpp +++ b/sdk/core/perf/src/base_test.cpp @@ -11,6 +11,8 @@ #endif #include #include +#include +#include #include #include @@ -285,7 +287,15 @@ namespace Azure { namespace Perf { } if (clientSecret.empty()) { - m_testCredential = std::make_shared(); + m_testCredential = std::make_shared( + Azure::Identity::ChainedTokenCredential::Sources{ + std ::make_shared( + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"), + Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"), + Azure::Core::_internal::Environment::GetVariable( + "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"), + Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")), + std::make_shared()}); } else { diff --git a/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp b/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp index 4f7aa53e70..0a96fc7b85 100644 --- a/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp +++ b/sdk/identity/azure-identity/inc/azure/identity/azure_pipelines_credential.hpp @@ -90,20 +90,6 @@ namespace Azure { namespace Identity { std::string systemAccessToken, AzurePipelinesCredentialOptions const& options = {}); - /** - * @brief Constructs an Azure Pipelines Credential using the following environment variables. - * AZURESUBSCRIPTION_TENANT_ID, AZURESUBSCRIPTION_CLIENT_ID, - * AZURESUBSCRIPTION_SERVICE_CONNECTION_ID, SYSTEM_ACCESSTOKEN - * - * @param options Options for token retrieval. - */ - explicit AzurePipelinesCredential(AzurePipelinesCredentialOptions const& options = {}) - : AzurePipelinesCredential( - _detail::DefaultOptionValues::GetSubscriptionTenantId(), - _detail::DefaultOptionValues::GetSubscriptionClientId(), - _detail::DefaultOptionValues::GetSubscriptionServiceConnectionId(), - _detail::DefaultOptionValues::GetSystemAccessToken(), - options){}; /** * @brief Destructs `%AzurePipelinesCredential`. * diff --git a/sdk/identity/azure-identity/inc/azure/identity/detail/client_credential_core.hpp b/sdk/identity/azure-identity/inc/azure/identity/detail/client_credential_core.hpp index 2683ed87ed..244cd86ab9 100644 --- a/sdk/identity/azure-identity/inc/azure/identity/detail/client_credential_core.hpp +++ b/sdk/identity/azure-identity/inc/azure/identity/detail/client_credential_core.hpp @@ -19,10 +19,6 @@ namespace Azure { namespace Identity { namespace _detail { constexpr auto AzureFederatedTokenFileEnvVarName = "AZURE_FEDERATED_TOKEN_FILE"; const std::string OidcRequestUrlEnvVarName = "SYSTEM_OIDCREQUESTURI"; const std::string AadGlobalAuthority = "https://login.microsoftonline.com/"; - constexpr auto AzureSubscriptionTenantId = "AZURESUBSCRIPTION_TENANT_ID"; - constexpr auto AzureSubscriptionClientId = "AZURESUBSCRIPTION_CLIENT_ID"; - constexpr auto AzureSubscriptionServiceConnectionId = "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"; - constexpr auto SystemAccessToken = "SYSTEM_ACCESSTOKEN"; class DefaultOptionValues final { DefaultOptionValues() = delete; @@ -56,26 +52,6 @@ namespace Azure { namespace Identity { namespace _detail { { return Core::_internal::Environment::GetVariable(OidcRequestUrlEnvVarName.c_str()); } - - static std::string GetSubscriptionTenantId() - { - return Core::_internal::Environment::GetVariable(AzureSubscriptionTenantId); - } - - static std::string GetSubscriptionClientId() - { - return Core::_internal::Environment::GetVariable(AzureSubscriptionClientId); - } - - static std::string GetSubscriptionServiceConnectionId() - { - return Core::_internal::Environment::GetVariable(AzureSubscriptionServiceConnectionId); - } - - static std::string GetSystemAccessToken() - { - return Core::_internal::Environment::GetVariable(SystemAccessToken); - } }; class ClientCredentialCore final { diff --git a/sdk/identity/azure-identity/src/default_azure_credential.cpp b/sdk/identity/azure-identity/src/default_azure_credential.cpp index 50430c9240..e6dafd3288 100644 --- a/sdk/identity/azure-identity/src/default_azure_credential.cpp +++ b/sdk/identity/azure-identity/src/default_azure_credential.cpp @@ -4,7 +4,6 @@ #include "azure/identity/default_azure_credential.hpp" #include "azure/identity/azure_cli_credential.hpp" -#include "azure/identity/azure_pipelines_credential.hpp" #include "azure/identity/environment_credential.hpp" #include "azure/identity/managed_identity_credential.hpp" #include "azure/identity/workload_identity_credential.hpp" @@ -43,14 +42,12 @@ DefaultAzureCredential::DefaultAzureCredential( auto const wiCred = std::make_shared(options); auto const azCliCred = std::make_shared(options); auto const managedIdentityCred = std::make_shared(options); - auto const pipelineCred = std::make_shared(); // DefaultAzureCredential caches the selected credential, so that it can be reused on subsequent // calls. m_impl = std::make_unique<_detail::ChainedTokenCredentialImpl>( GetCredentialName(), - ChainedTokenCredential::Sources{ - envCred, wiCred, azCliCred, managedIdentityCred, pipelineCred}, + ChainedTokenCredential::Sources{envCred, wiCred, azCliCred, managedIdentityCred}, true); } diff --git a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp index 48603084e5..02073655fa 100644 --- a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp +++ b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp @@ -169,7 +169,7 @@ TEST(DefaultAzureCredential, LogMessages) auto credential = std::make_unique(options); - EXPECT_EQ(log.size(), LogMsgVec::size_type(16)); + EXPECT_EQ(log.size(), LogMsgVec::size_type(11)); EXPECT_EQ(log[0].first, Logger::Level::Verbose); EXPECT_EQ( @@ -257,5 +257,12 @@ TEST(DefaultAzureCredential, LogMessages) log[4].second, "Identity: DefaultAzureCredential: Saved this credential at index 0 for subsequent calls."); + EXPECT_EQ(log[10].first, Logger::Level::Informational); + EXPECT_EQ( + log[10].second, + "Identity: DefaultAzureCredential: Created with the following credentials: " + "EnvironmentCredential, WorkloadIdentityCredential, AzureCliCredential, " + "ManagedIdentityCredential."); + Logger::SetListener(nullptr); } From a78674d75448ee1ba98ed66c41ab9c507720e7a8 Mon Sep 17 00:00:00 2001 From: George Arama Date: Tue, 9 Jul 2024 10:58:51 -0700 Subject: [PATCH 40/43] missed one --- .../test/ut/default_azure_credential_test.cpp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp index 02073655fa..d571952384 100644 --- a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp +++ b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp @@ -235,6 +235,13 @@ TEST(DefaultAzureCredential, LogMessages) "Identity: AzureCliCredential created." "\nSuccessful creation does not guarantee further successful token retrieval."); + EXPECT_EQ(log[10].first, Logger::Level::Informational); + EXPECT_EQ( + log[10].second, + "Identity: DefaultAzureCredential: Created with the following credentials: " + "EnvironmentCredential, WorkloadIdentityCredential, AzureCliCredential, " + "ManagedIdentityCredential."); + log.clear(); return credential; @@ -257,12 +264,5 @@ TEST(DefaultAzureCredential, LogMessages) log[4].second, "Identity: DefaultAzureCredential: Saved this credential at index 0 for subsequent calls."); - EXPECT_EQ(log[10].first, Logger::Level::Informational); - EXPECT_EQ( - log[10].second, - "Identity: DefaultAzureCredential: Created with the following credentials: " - "EnvironmentCredential, WorkloadIdentityCredential, AzureCliCredential, " - "ManagedIdentityCredential."); - Logger::SetListener(nullptr); } From 2e2d86c012dce6a7bc2cefff9177ca59a5829129 Mon Sep 17 00:00:00 2001 From: George Arama Date: Tue, 9 Jul 2024 11:02:11 -0700 Subject: [PATCH 41/43] taking the samples to a farm upstate --- .../azure-security-keyvault-certificates/CMakeLists.txt | 2 +- sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt | 2 +- sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt index b6883613d5..9099e28528 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt +++ b/sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt @@ -117,7 +117,7 @@ if (BUILD_PERFORMANCE_TESTS) add_subdirectory(test/perf) endif() -if(BUILD_SAMPLES) +if(BUILD_SAMPLES_DISABLED) add_subdirectory(samples) endif() diff --git a/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt index 9a18bee072..e15956e358 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt +++ b/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt @@ -154,7 +154,7 @@ if (BUILD_PERFORMANCE_TESTS) add_subdirectory(test/perf) endif() -if(BUILD_SAMPLES) +if(BUILD_SAMPLES_DISABLED) add_subdirectory(samples) endif() diff --git a/sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt index 56b5e0a890..f6521b342b 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt +++ b/sdk/keyvault/azure-security-keyvault-secrets/CMakeLists.txt @@ -117,7 +117,7 @@ if (BUILD_PERFORMANCE_TESTS) add_subdirectory(test/perf) endif() -if(BUILD_SAMPLES) +if(BUILD_SAMPLES_DISABLED) add_subdirectory(samples) endif() From 56dc0e898c411bf2f73fcbcf0fe8a2801e6238a3 Mon Sep 17 00:00:00 2001 From: George Arama Date: Wed, 10 Jul 2024 12:59:32 -0700 Subject: [PATCH 42/43] PR comments --- sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp | 2 +- sdk/storage/README.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp index d6f8b740c9..5305aba572 100644 --- a/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp +++ b/sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp @@ -314,7 +314,7 @@ namespace Azure { namespace Core { namespace Test { * * @return The value of the environment variable retrieved. * - * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID are not available in the + * @note If AZURE_TENANT_ID or AZURE_CLIENT_ID are not available in the * environment, the AZURE_SERVICE_DIRECTORY environment variable is used to set those values * with the values emitted by the New-TestResources.ps1 script. * diff --git a/sdk/storage/README.md b/sdk/storage/README.md index 018d3bc6dd..e98d4ae856 100644 --- a/sdk/storage/README.md +++ b/sdk/storage/README.md @@ -36,4 +36,3 @@ additional questions or comments. [coc]: https://opensource.microsoft.com/codeofconduct/ [coc_faq]: https://opensource.microsoft.com/codeofconduct/faq/ [coc_contact]: mailto:opencode@microsoft.com - From f717e6fb53819c7172cda571e12f513c7f5a35fa Mon Sep 17 00:00:00 2001 From: Anton Kolesnyk <41349689+antkmsft@users.noreply.github.com> Date: Thu, 11 Jul 2024 17:09:39 -0700 Subject: [PATCH 43/43] Fix bad merge --- .../azure-identity/test/ut/azure_pipelines_credential_test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity/test/ut/azure_pipelines_credential_test.cpp b/sdk/identity/azure-identity/test/ut/azure_pipelines_credential_test.cpp index be6e8fecb7..8d5280be6a 100644 --- a/sdk/identity/azure-identity/test/ut/azure_pipelines_credential_test.cpp +++ b/sdk/identity/azure-identity/test/ut/azure_pipelines_credential_test.cpp @@ -675,4 +675,4 @@ TEST(AzurePipelinesCredential, DISABLED_InvalidSystemAccessToken_LIVEONLY_) { EXPECT_TRUE(std::string(ex.what()).find("302 (Found)") != std::string::npos) << ex.what(); } -}*/ +}