Move tests to use azure pipeline credentials (Azure#5754)

* test1

* hgdfchg

* remove the remnants of azure client secret

* test KV with federated auth

* UseFederatedAuth

* fdsa

* kv template with managed

* try try again

* retry permissions

* add net acls

* blunt force replace the resource json

* put back stuff

* trey again with new method

* attempt

* missed something

* flip if else

* Temporarily use empty sub config file path for preview cloud

* remove client secret

* try to fix the identity tests

* live skip failing tests and return in samples

* samples for identity fix

* disable failing samples in identity

* fix winhttp failing test

* comment out code

* remove managed identity

* restore version from main

* revert readme changes

* PR comments

* test 2

* clang

* attempt default creds with pipeline chanined

* clangs

* identity test and clangs

* oops

* live

* cleanup

* reter

* test

* revert the DAC change

* missed one

* taking the samples to a farm upstate

* PR comments

* Fix bad merge

---------

Co-authored-by: Daniel Jurek <djurek@microsoft.com>
Co-authored-by: Anton Kolesnyk <antkmsft@users.noreply.github.com>
Co-authored-by: Anton Kolesnyk <41349689+antkmsft@users.noreply.github.com>

Author: 3 people

eng/pipelines/templates/jobs/live.tests.yml

@@ -244,32 +244,6 @@ jobs:
       # Will run samples described on a file name [service]-samples.txt within the build directory.
       # For example keyvault-samples.txt.
       # The file is written by CMake during configuration when building samples.
-    - bash: |
-        IFS=$'\n'
-        if [[ -f "./${{ parameters.ServiceDirectory }}-samples.txt" ]]; then
-          for sample in `cat ./${{ parameters.ServiceDirectory }}-samples.txt`
-          do
-            export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID)
-            export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID)
-            export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET)
-            echo "**********Running sample: ${sample}"
-            bash -c "$sample"
-            status=$?
-            if [[ $status -eq 0 ]]; then
-              echo "*********Sample completed*********"
-            else
-              echo "*Sample returned a failed code: $status"
-              exit 1
-            fi
-          done
-        fi
-      workingDirectory: build
-      displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}"
-      condition: and(succeeded(), eq(variables['RunSamples'], '1'))
-      env:
-        ${{ insert }}: ${{ parameters.EnvVars }}
-
-  - ${{ else }}:
     - task: AzurePowerShell@5
       displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}"
       condition: and(succeeded(), eq(variables['RunSamples'], '1'))
@@ -299,6 +273,32 @@ jobs:
         SYSTEM_ACCESSTOKEN: $(System.AccessToken)
         ${{ insert }}: ${{ parameters.EnvVars }}
 
+  - ${{ else }}:
+    - bash: |
+        IFS=$'\n'
+        if [[ -f "./${{ parameters.ServiceDirectory }}-samples.txt" ]]; then
+          for sample in `cat ./${{ parameters.ServiceDirectory }}-samples.txt`
+          do
+            export AZURE_CLIENT_ID=$(${{parameters.ServiceDirectory}}_CLIENT_ID)
+            export AZURE_TENANT_ID=$(${{parameters.ServiceDirectory}}_TENANT_ID)
+            export AZURE_CLIENT_SECRET=$(${{parameters.ServiceDirectory}}_CLIENT_SECRET)
+            echo "**********Running sample: ${sample}"
+            bash -c "$sample"
+            status=$?
+            if [[ $status -eq 0 ]]; then
+              echo "*********Sample completed*********"
+            else
+              echo "*Sample returned a failed code: $status"
+              exit 1
+            fi
+          done
+        fi
+      workingDirectory: build
+      displayName: "Run Samples for : ${{ parameters.ServiceDirectory }}"
+      condition: and(succeeded(), eq(variables['RunSamples'], '1'))
+      env:
+        ${{ insert }}: ${{ parameters.EnvVars }}      
+
   # Make coverage targets (specified in coverage_targets.txt) and assemble
   # coverage report
   - bash: |

eng/pipelines/templates/stages/archetype-sdk-client.yml

@@ -62,6 +62,8 @@ parameters:
       Preview:
         SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources-preview)
         ServiceConnection: azure-sdk-tests
+        # Temporary fix until an eng/common config for Preview can be merged
+        SubscriptionConfigurationFilePaths: []
       Canary:
         SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
         ServiceConnection: azure-sdk-tests

sdk/attestation/ci.yml

@@ -32,6 +32,7 @@ extends:
       LiveTestCtestRegex: azure-security-attestation.*
       LineCoverageTarget: 70
       BranchCoverageTarget: 34
+      UseFederatedAuth: true
       Artifacts:
         - Name: azure-security-attestation
           Path: azure-security-attestation

sdk/core/azure-core-test/inc/azure/core/test/test_base.hpp

@@ -15,6 +15,8 @@
 #include <azure/core/internal/client_options.hpp>
 #include <azure/core/internal/diagnostics/log.hpp>
 #include <azure/core/internal/environment.hpp>
+#include <azure/identity/azure_pipelines_credential.hpp>
+#include <azure/identity/chained_token_credential.hpp>
 #include <azure/identity/client_secret_credential.hpp>
 #include <azure/identity/default_azure_credential.hpp>
 
@@ -246,7 +248,17 @@ namespace Azure { namespace Core { namespace Test {
         }
         if (clientSecret.empty())
         {
-          m_testCredential = std::make_shared<Azure::Identity::DefaultAzureCredential>();
+          m_testCredential = std::make_shared<Azure::Identity::ChainedTokenCredential>(
+              Azure::Identity::ChainedTokenCredential::Sources{
+                  std ::make_shared<Azure::Identity::AzurePipelinesCredential>(
+                      Azure::Core::_internal::Environment::GetVariable(
+                          "AZURESUBSCRIPTION_TENANT_ID"),
+                      Azure::Core::_internal::Environment::GetVariable(
+                          "AZURESUBSCRIPTION_CLIENT_ID"),
+                      Azure::Core::_internal::Environment::GetVariable(
+                          "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"),
+                      Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")),
+                  std::make_shared<Azure::Identity::DefaultAzureCredential>()});
         }
         else
         {
@@ -302,7 +314,7 @@ namespace Azure { namespace Core { namespace Test {
      *
      * @return The value of the environment variable retrieved.
      *
-     * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID, or AZURE_CLIENT_SECRET are not available in the
+     * @note If AZURE_TENANT_ID or AZURE_CLIENT_ID are not available in the
      * environment, the AZURE_SERVICE_DIRECTORY environment variable is used to set those values
      * with the values emitted by the New-TestResources.ps1 script.
      *

sdk/core/ci.yml

@@ -53,6 +53,7 @@ extends:
       LiveTestTimeoutInMinutes: 90 # default is 60 min. We need a little longer on worst case for Win+jsonTests
       LineCoverageTarget: 88
       BranchCoverageTarget: 50
+      UseFederatedAuth: true
 #      PreTestSteps:
 #        - pwsh: |
 #            docker build -t squid-local $(Build.SourcesDirectory)/sdk/core/azure-core/test/ut/proxy_tests/localproxy

sdk/core/perf/inc/azure/perf/base_test.hpp

@@ -100,7 +100,7 @@ namespace Azure { namespace Perf {
      *
      * @return The value of the environment variable retrieved.
      *
-     * @note If AZURE_TENANT_ID, AZURE_CLIENT_ID, or AZURE_CLIENT_SECRET are not available in the
+     * @note If AZURE_TENANT_ID or AZURE_CLIENT_ID are not available in the
      * environment, the AZURE_SERVICE_DIRECTORY environment variable is used to set those values
      * with the values emitted by the New-TestResources.ps1 script.
      *

sdk/core/perf/src/base_test.cpp

@@ -11,6 +11,8 @@
 #endif
 #include <azure/core/http/policies/policy.hpp>
 #include <azure/core/internal/http/pipeline.hpp>
+#include <azure/identity/azure_pipelines_credential.hpp>
+#include <azure/identity/chained_token_credential.hpp>
 #include <azure/identity/client_secret_credential.hpp>
 #include <azure/identity/default_azure_credential.hpp>
 
@@ -285,7 +287,15 @@ namespace Azure { namespace Perf {
       }
       if (clientSecret.empty())
       {
-        m_testCredential = std::make_shared<Azure::Identity::DefaultAzureCredential>();
+        m_testCredential = std::make_shared<Azure::Identity::ChainedTokenCredential>(
+            Azure::Identity::ChainedTokenCredential::Sources{
+                std ::make_shared<Azure::Identity::AzurePipelinesCredential>(
+                    Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_TENANT_ID"),
+                    Azure::Core::_internal::Environment::GetVariable("AZURESUBSCRIPTION_CLIENT_ID"),
+                    Azure::Core::_internal::Environment::GetVariable(
+                        "AZURESUBSCRIPTION_SERVICE_CONNECTION_ID"),
+                    Azure::Core::_internal::Environment::GetVariable("SYSTEM_ACCESSTOKEN")),
+                std::make_shared<Azure::Identity::DefaultAzureCredential>()});
       }
       else
       {

sdk/eventhubs/ci.yml

@@ -32,6 +32,7 @@ extends:
       LiveTestTimeoutInMinutes: 120
       LineCoverageTarget: 27
       BranchCoverageTarget: 13
+      UseFederatedAuth: true
       Artifacts:
         - Name: azure-messaging-eventhubs
           Path: azure-messaging-eventhubs

sdk/identity/azure-identity/samples/CMakeLists.txt

@@ -31,22 +31,22 @@ target_link_libraries(workload_identity_credential_sample PRIVATE azure-identity
 target_include_directories(workload_identity_credential_sample PRIVATE .)
 create_per_service_target_build_for_sample(identity workload_identity_credential_sample)
 
-add_executable(client_secret_credential_sample client_secret_credential.cpp)
-target_link_libraries(client_secret_credential_sample PRIVATE azure-identity service get-env-helper)
-target_include_directories(client_secret_credential_sample PRIVATE .)
-create_per_service_target_build_for_sample(identity client_secret_credential_sample)
-
-add_executable(default_azure_credential_sample default_azure_credential.cpp)
-target_link_libraries(default_azure_credential_sample PRIVATE azure-identity service)
-target_include_directories(default_azure_credential_sample PRIVATE .)
-create_per_service_target_build_for_sample(identity default_azure_credential_sample)
-
-add_executable(environment_credential_sample environment_credential.cpp)
-target_link_libraries(environment_credential_sample PRIVATE azure-identity service)
-target_include_directories(environment_credential_sample PRIVATE .)
-create_per_service_target_build_for_sample(identity environment_credential_sample)
-
-add_executable(managed_identity_credential_sample managed_identity_credential.cpp)
-target_link_libraries(managed_identity_credential_sample PRIVATE azure-identity service)
-target_include_directories(managed_identity_credential_sample PRIVATE .)
-create_per_service_target_build_for_sample(identity managed_identity_credential_sample)
+#add_executable(client_secret_credential_sample client_secret_credential.cpp)
+#target_link_libraries(client_secret_credential_sample PRIVATE azure-identity service get-env-helper)
+#target_include_directories(client_secret_credential_sample PRIVATE .)
+#create_per_service_target_build_for_sample(identity client_secret_credential_sample)
+
+#add_executable(default_azure_credential_sample default_azure_credential.cpp)
+#target_link_libraries(default_azure_credential_sample PRIVATE azure-identity service)
+#target_include_directories(default_azure_credential_sample PRIVATE .)
+#create_per_service_target_build_for_sample(identity default_azure_credential_sample)
+
+#add_executable(environment_credential_sample environment_credential.cpp)
+#target_link_libraries(environment_credential_sample PRIVATE azure-identity service)
+#target_include_directories(environment_credential_sample PRIVATE .)
+#create_per_service_target_build_for_sample(identity environment_credential_sample)
+
+#add_executable(managed_identity_credential_sample managed_identity_credential.cpp)
+#target_link_libraries(managed_identity_credential_sample PRIVATE azure-identity service)
+#target_include_directories(managed_identity_credential_sample PRIVATE .)
+#create_per_service_target_build_for_sample(identity managed_identity_credential_sample)

sdk/keyvault/azure-security-keyvault-certificates/CMakeLists.txt

@@ -117,7 +117,7 @@ if (BUILD_PERFORMANCE_TESTS)
    add_subdirectory(test/perf)
 endif()
 
-if(BUILD_SAMPLES)
+if(BUILD_SAMPLES_DISABLED)
    add_subdirectory(samples)
 endif()