Skip to content

Commit 0c9605f

Browse files
danieljurekdanieljurek
authored
Add workload-identity capabilities to live test (#44083)
* Update tests.yml files to specify ServiceConnection and UseFederatedAuth * Add federated identities * Test keyvault * Revert change to use federated tests * Add SubscriptionConfigurationFilePath support * Cleanup TODO
1 parent 26059a5 commit 0c9605f

3 files changed

Lines changed: 87 additions & 24 deletions

File tree

eng/pipelines/templates/jobs/live.tests.yml

Lines changed: 72 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,8 @@ parameters:
5454
default: false
5555
- name: OSName
5656
type: string
57+
- name: UseFederatedAuth
58+
type: boolean
5759

5860
jobs:
5961
- job:
@@ -134,6 +136,9 @@ jobs:
134136
TestResourcesDirectory: '$(TestResourcesDirectory)'
135137
SubscriptionConfiguration: $(SubscriptionConfiguration)
136138
ArmTemplateParameters: $(ArmTemplateParameters)
139+
UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
140+
ServiceConnection: ${{ parameters.CloudConfig.ServiceConnection }}
141+
SubscriptionConfigurationFilePath: ${{ parameters.CloudConfig.SubscriptionConfigurationFilePath }}
137142
- ${{ if not(parameters.TestResourceDirectories) }}:
138143
- template: /eng/common/TestResources/deploy-test-resources.yml
139144
parameters:
@@ -143,6 +148,10 @@ jobs:
143148
TestResourcesDirectory: '$(TestResourcesDirectory)'
144149
SubscriptionConfiguration: $(SubscriptionConfiguration)
145150
ArmTemplateParameters: $(ArmTemplateParameters)
151+
UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
152+
ServiceConnection: ${{ parameters.CloudConfig.ServiceConnection }}
153+
SubscriptionConfigurationFilePath: ${{ parameters.CloudConfig.SubscriptionConfigurationFilePath }}
154+
146155
- pwsh: |
147156
if ($env:SupportsRecording -and $env:Record) {
148157
Write-Host "Enabling Record mode"
@@ -152,30 +161,62 @@ jobs:
152161
- template: /eng/pipelines/templates/steps/install-dotnet.yml
153162
parameters:
154163
Container: ${{ parameters.UsePlatformContainer }}
155-
- script: >
156-
dotnet test eng/service.proj
157-
--framework $(TestTargetFramework)
158-
--filter "TestCategory!=Manually & ($(AdditionalTestFilters))"
159-
--logger "trx"
160-
--logger:"console;verbosity=normal"
161-
--blame-crash-dump-type full --blame-hang-dump-type full --blame-hang-timeout ${{parameters.TimeoutInMinutes}}minutes
162-
/p:SDKType=${{ parameters.SDKType }}
163-
/p:ServiceDirectory=${{ parameters.ServiceDirectory }}
164-
/p:Project=${{ parameters.Project }}
165-
/p:IncludeSrc=false
166-
/p:IncludeSamples=false
167-
/p:IncludePerf=false
168-
/p:IncludeStress=false
169-
/p:BuildInParallel=${{ parameters.BuildInParallel }}
170-
/p:CollectCoverage=$(CollectCoverage) /p:CodeCoverageDirectory=$(Build.SourcesDirectory)\sdk\${{parameters.ServiceDirectory}}
171-
/p:EnableSourceLink=false
172-
$(AdditionalTestArguments)
173-
174-
displayName: "Build & Test (all tests for $(TestTargetFramework))"
175-
env:
176-
AZURE_TEST_MODE: $(TestMode)
177-
${{ each var in parameters.EnvVars }}:
178-
${{ var.key }}: ${{ var.value }}
164+
165+
- ${{ if eq('true', parameters.UseFederatedAuth) }}:
166+
- task: AzurePowerShell@5
167+
displayName: "Build & Test (all tests for $(TestTargetFramework)) - Federated Auth"
168+
inputs:
169+
azureSubscription: ${{ parameters.CloudConfig.ServiceConnection }}
170+
azurePowerShellVersion: LatestVersion
171+
pwsh: true
172+
ScriptType: InlineScript
173+
Inline: >-
174+
dotnet test eng/service.proj
175+
--framework $(TestTargetFramework)
176+
--filter "TestCategory!=Manually & ($(AdditionalTestFilters))"
177+
--logger "trx"
178+
--logger:"console;verbosity=normal"
179+
--blame-crash-dump-type full --blame-hang-dump-type full --blame-hang-timeout ${{parameters.TimeoutInMinutes}}minutes
180+
/p:SDKType=${{ parameters.SDKType }}
181+
/p:ServiceDirectory=${{ parameters.ServiceDirectory }}
182+
/p:Project=${{ parameters.Project }}
183+
/p:IncludeSrc=false
184+
/p:IncludeSamples=false
185+
/p:IncludePerf=false
186+
/p:IncludeStress=false
187+
/p:BuildInParallel=${{ parameters.BuildInParallel }}
188+
/p:CollectCoverage=$(CollectCoverage) /p:CodeCoverageDirectory=$(Build.SourcesDirectory)\sdk\${{parameters.ServiceDirectory}}
189+
/p:EnableSourceLink=false
190+
$(AdditionalTestArguments)
191+
env:
192+
AZURE_TEST_MODE: $(TestMode)
193+
${{ each var in parameters.EnvVars }}:
194+
${{ var.key }}: ${{ var.value }}
195+
196+
- ${{ else }}:
197+
- script: >-
198+
dotnet test eng/service.proj
199+
--framework $(TestTargetFramework)
200+
--filter "TestCategory!=Manually & ($(AdditionalTestFilters))"
201+
--logger "trx"
202+
--logger:"console;verbosity=normal"
203+
--blame-crash-dump-type full --blame-hang-dump-type full --blame-hang-timeout ${{parameters.TimeoutInMinutes}}minutes
204+
/p:SDKType=${{ parameters.SDKType }}
205+
/p:ServiceDirectory=${{ parameters.ServiceDirectory }}
206+
/p:Project=${{ parameters.Project }}
207+
/p:IncludeSrc=false
208+
/p:IncludeSamples=false
209+
/p:IncludePerf=false
210+
/p:IncludeStress=false
211+
/p:BuildInParallel=${{ parameters.BuildInParallel }}
212+
/p:CollectCoverage=$(CollectCoverage) /p:CodeCoverageDirectory=$(Build.SourcesDirectory)\sdk\${{parameters.ServiceDirectory}}
213+
/p:EnableSourceLink=false
214+
$(AdditionalTestArguments)
215+
displayName: "Build & Test (all tests for $(TestTargetFramework)) - Client Secret Auth"
216+
env:
217+
AZURE_TEST_MODE: $(TestMode)
218+
${{ each var in parameters.EnvVars }}:
219+
${{ var.key }}: ${{ var.value }}
179220
180221
- ${{ if parameters.DeployTestResources }}:
181222
- ${{ if parameters.TestResourceDirectories }}:
@@ -184,11 +225,18 @@ jobs:
184225
parameters:
185226
ServiceDirectory: '${{ directory }}'
186227
SubscriptionConfiguration: $(SubscriptionConfiguration)
228+
UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
229+
ServiceConnection: ${{ parameters.CloudConfig.ServiceConnection }}
230+
SubscriptionConfigurationFilePath: ${{ parameters.CloudConfig.SubscriptionConfigurationFilePath }}
231+
187232
- ${{ if not(parameters.TestResourceDirectories) }}:
188233
- template: /eng/common/TestResources/remove-test-resources.yml
189234
parameters:
190235
ServiceDirectory: '${{ parameters.ServiceDirectory }}'
191236
SubscriptionConfiguration: $(SubscriptionConfiguration)
237+
UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
238+
ServiceConnection: ${{ parameters.CloudConfig.ServiceConnection }}
239+
SubscriptionConfigurationFilePath: ${{ parameters.CloudConfig.SubscriptionConfigurationFilePath }}
192240

193241
- task: PublishTestResults@2
194242
condition: always()

eng/pipelines/templates/stages/archetype-sdk-tests.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,15 +55,21 @@ parameters:
5555
default:
5656
Public:
5757
SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
58+
ServiceConnection: azure-sdk-tests
59+
SubscriptionConfigurationFilePath: eng/common/TestResources/sub-config/AzurePublicMsft.json
5860
Preview:
5961
SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources-preview)
62+
ServiceConnection: azure-sdk-tests
6063
Canary:
6164
SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
6265
Location: 'eastus2euap'
66+
ServiceConnection: azure-sdk-tests
6367
UsGov:
6468
SubscriptionConfiguration: $(sub-config-gov-test-resources)
69+
ServiceConnection: usgov_azure-sdk-tests
6570
China:
6671
SubscriptionConfiguration: $(sub-config-cn-test-resources)
72+
ServiceConnection: china_azure-sdk-tests
6773
- name: MatrixConfigs
6874
type: object
6975
default:
@@ -105,6 +111,9 @@ parameters:
105111
- name: oneESTemplateTag
106112
type: string
107113
default: true
114+
- name: UseFederatedAuth
115+
type: boolean
116+
default: true
108117

109118
extends:
110119
template: /eng/pipelines/templates/stages/1es-redirect.yml
@@ -145,6 +154,7 @@ extends:
145154
Project: ${{ parameters.Project }}
146155
TestSetupSteps: ${{ parameters.TestSetupSteps }}
147156
DeployTestResources: ${{ parameters.DeployTestResources }}
157+
UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
148158
MatrixConfigs:
149159
# Enumerate platforms and additional platforms based on supported clouds (sparse platform<-->cloud matrix).
150160
- ${{ each config in parameters.MatrixConfigs }}:
@@ -161,6 +171,8 @@ extends:
161171
- ${{ parameters.MatrixReplace }}
162172
CloudConfig:
163173
SubscriptionConfiguration: ${{ cloud.value.SubscriptionConfiguration }}
174+
ServiceConnection: ${{ cloud.value.ServiceConnection }}
175+
SubscriptionConfigurationFilePath: ${{ cloud.value.SubscriptionConfigurationFilePath }}
164176
SubscriptionConfigurations: ${{ cloud.value.SubscriptionConfigurations }}
165177
Location: ${{ coalesce(parameters.Location, cloud.value.Location) }}
166178
Cloud: ${{ cloud.key }}

sdk/keyvault/tests.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,12 +11,14 @@ extends:
1111
CloudConfig:
1212
Public:
1313
SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
14+
ServiceConnection: azure-sdk-tests
1415
${{ if not(contains(variables['Build.DefinitionName'], 'tests-weekly')) }}:
1516
MatrixFilters:
1617
- ArmTemplateParameters=^(?!.*enableHsm.*true)
1718
Canary:
1819
SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
1920
Location: 'centraluseuap'
21+
ServiceConnection: azure-sdk-tests
2022
# Managed HSM test resources are expensive and provisioning has not been reliable.
2123
# Given test coverage of non-canary regions we probably don't need to test in canary.
2224
MatrixFilters:
@@ -26,6 +28,7 @@ extends:
2628
- 'ArmTemplateParameters=(.*)enableAttestation.*?\$true(.*)/$1enableAttestation \= $false$2'
2729
UsGov:
2830
SubscriptionConfiguration: $(sub-config-gov-test-resources)
31+
ServiceConnection: usgov_azure-sdk-tests
2932
MatrixFilters:
3033
- ArmTemplateParameters=^(?!.*enableHsm.*true)
3134
MatrixConfigs:

0 commit comments

Comments
 (0)