Update KeyVault to enable live testing in sovereign clouds for multip…

…le services (#25760)

* Fixed KeyVault test in UsGov/China cloud

* Fixed KeyVault test in UsGov/China cloud

* Fixed KeyVault test in UsGov/China cloud

* Fixed KeyVault test in UsGov/China cloud

* Fixed KeyVault test in UsGov/China cloud

* Fixed KeyVault test in UsGov/China cloud

* Fixed KeyVault test in UsGov/China cloud

Co-authored-by: Tong Xu (MSFT) <57166602+v-xuto@users.noreply.github.com>

sdk/keyvault/azure-security-keyvault-certificates/src/test/java/com/azure/security/keyvault/certificates/CertificateClientTest.java

@@ -10,6 +10,7 @@
 import com.azure.core.http.HttpPipeline;
 import com.azure.core.http.rest.PagedIterable;
 import com.azure.core.util.Context;
+import com.azure.core.util.polling.LongRunningOperationStatus;
 import com.azure.core.util.polling.PollResponse;
 import com.azure.core.util.polling.SyncPoller;
 import com.azure.security.keyvault.certificates.implementation.KeyVaultCredentialPolicy;
@@ -388,9 +389,10 @@ public void cancelCertificateOperation(HttpClient httpClient, CertificateService
                 client.beginCreateCertificate(certName, CertificatePolicy.getDefault());
             certPoller.poll();
             certPoller.cancelOperation();
-            certPoller.waitForCompletion();
+            certPoller.waitUntil(LongRunningOperationStatus.USER_CANCELLED);
             KeyVaultCertificateWithPolicy certificate = certPoller.getFinalResult();
-            assertEquals(false, certificate.getProperties().isEnabled());
+            assertFalse(certificate.getProperties().isEnabled());
+            certPoller.waitForCompletion();
         });
     }
 

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AccessTokenUtilTest.java

@@ -25,16 +25,54 @@ public class AccessTokenUtilTest {
      */
     @Test
     public void testGetAuthorizationToken() throws Exception {
-        String tenantId = System.getenv("AZURE_KEYVAULT_TENANT_ID");
-        String clientId = System.getenv("AZURE_KEYVAULT_CLIENT_ID");
-        String clientSecret = System.getenv("AZURE_KEYVAULT_CLIENT_SECRET");
+        String tenantId = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_TENANT_ID");
+        String clientId = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_ID");
+        String clientSecret = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_SECRET");
+        String keyVaultEndPointSuffix = PropertyConvertorUtils.getPropertyValue("KEY_VAULT_ENDPOINT_SUFFIX", ".vault.azure.net");
+        CloudType cloudType = getCloudTypeByKeyVaultEndPoint(keyVaultEndPointSuffix);
+        String resourceUrl = getResourceUrl(cloudType);
+        String aadAuthenticationUrl = getAadAuthenticationUrl(cloudType);
         AccessToken result = AccessTokenUtil.getAccessToken(
-            "https://management.azure.com/",
-            null,
+            resourceUrl,
+            aadAuthenticationUrl,
             tenantId,
             clientId,
             URLEncoder.encode(clientSecret, "UTF-8")
         );
         assertNotNull(result);
     }
+
+    private String getResourceUrl(CloudType cloudType) {
+        if (CloudType.UsGov.equals(cloudType)) {
+            return "https://management.usgovcloudapi.net/";
+        } else if (CloudType.China.equals(cloudType)) {
+            return "https://management.chinacloudapi.cn/";
+        }
+        return "https://management.azure.com/";
+    }
+
+    private String getAadAuthenticationUrl(CloudType cloudType) {
+        if (CloudType.UsGov.equals(cloudType)) {
+            return "https://login.microsoftonline.us/";
+        } else if (CloudType.China.equals(cloudType)) {
+            return "https://login.partner.microsoftonline.cn/";
+        }
+        return "https://login.microsoftonline.com/";
+    }
+
+    private CloudType getCloudTypeByKeyVaultEndPoint(String keyVaultEndPointSuffix) {
+        if (".vault.usgovcloudapi.net".equals(keyVaultEndPointSuffix)) {
+            return CloudType.UsGov;
+        } else if (".vault.azure.cn".equals(keyVaultEndPointSuffix)) {
+            return CloudType.China;
+        }
+        return CloudType.Public;
+    }
+
+    private enum CloudType {
+        Public,
+        UsGov,
+        China,
+        UNKNOWN
+    }
 }

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificatesTest.java

@@ -55,7 +55,7 @@ public class KeyVaultCertificatesTest {
     public static void setEnvironmentProperty() {
         PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca();
         PropertyConvertorUtils.addKeyVaultJcaProvider();
-        certificateName = System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME");
+        certificateName = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CERTIFICATE_NAME");
     }
 
     @Test

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java

@@ -19,11 +19,11 @@ public class KeyVaultClientTest {
     @BeforeAll
     public static void setEnvironmentProperty() {
         keyVaultClient = new KeyVaultClient(
-            System.getenv("AZURE_KEYVAULT_ENDPOINT"),
-            System.getenv("AZURE_KEYVAULT_TENANT_ID"),
-            System.getenv("AZURE_KEYVAULT_CLIENT_ID"),
-            System.getenv("AZURE_KEYVAULT_CLIENT_SECRET"));
-        certificateName = System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME");
+            PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_ENDPOINT"),
+            PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_TENANT_ID"),
+            PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_ID"),
+            PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_SECRET"));
+        certificateName = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CERTIFICATE_NAME");
     }
 
     @Test

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java

@@ -27,6 +27,7 @@ public void testGetCertificate() throws Exception {
         PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca();
         PropertyConvertorUtils.addKeyVaultJcaProvider();
         KeyStore keystore = PropertyConvertorUtils.getKeyVaultKeyStore();
-        assertNotNull(keystore.getCertificate(System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME")));
+        assertNotNull(keystore.getCertificate(
+            PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CERTIFICATE_NAME")));
     }
 }

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerTest.java

@@ -28,7 +28,7 @@ public static void setEnvironmentProperty() throws KeyStoreException, NoSuchAlgo
         PropertyConvertorUtils.addKeyVaultJcaProvider();
         KeyStore keyStore = PropertyConvertorUtils.getKeyVaultKeyStore();
         manager = new KeyVaultKeyManager(keyStore, null);
-        certificateName = System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME");
+        certificateName = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CERTIFICATE_NAME");
     }
 
     @Test

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java

@@ -33,11 +33,11 @@ public static void setEnvironmentProperty() {
         PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca();
         keystore = new KeyVaultKeyStore();
         KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter(
-            System.getenv("AZURE_KEYVAULT_ENDPOINT"),
-            System.getenv("AZURE_KEYVAULT_TENANT_ID"),
-            System.getenv("AZURE_KEYVAULT_CLIENT_ID"),
-            System.getenv("AZURE_KEYVAULT_CLIENT_SECRET"));
-        certificateName = System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME");
+            PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_ENDPOINT"),
+            PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_TENANT_ID"),
+            PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_ID"),
+            PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_SECRET"));
+        certificateName = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CERTIFICATE_NAME");
         keystore.engineLoad(parameter);
     }
 

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/PropertyConvertorUtils.java

@@ -3,6 +3,7 @@
 
 package com.azure.security.keyvault.jca;
 
+import com.azure.core.util.Configuration;
 import java.io.IOException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -14,10 +15,12 @@
 
 public class PropertyConvertorUtils {
 
+    private static final Configuration GLOBAL_CONFIGURATION =  Configuration.getGlobalConfiguration();
+
     public static void putEnvironmentPropertyToSystemPropertyForKeyVaultJca() {
         KEYVAULT_JCA_SYSTEM_PROPERTIES.forEach(
             environmentPropertyKey -> {
-                String value = System.getenv(environmentPropertyKey);
+                String value = getPropertyValue(environmentPropertyKey);
                 String systemPropertyKey = environmentPropertyKey.toLowerCase().replaceFirst("azure_keyvault_",
                     "azure.keyvault.").replaceAll("_", "-");
                 System.getProperties().put(systemPropertyKey, value);
@@ -40,4 +43,12 @@ public static void addKeyVaultJcaProvider() {
         Security.addProvider(provider);
     }
 
+    public static String getPropertyValue(String property) {
+        return GLOBAL_CONFIGURATION.get(property, System.getenv(property));
+    }
+
+    public static String getPropertyValue(String property, String defaultValue) {
+        return GLOBAL_CONFIGURATION.get(property, defaultValue);
+    }
+
 }

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java

@@ -63,7 +63,7 @@ public static void beforeEach() throws Exception {
         ks = PropertyConvertorUtils.getKeyVaultKeyStore();
         kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
         kmf.init(ks, "".toCharArray());
-        certificateName = System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME");
+        certificateName = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CERTIFICATE_NAME");
     }
 
 

sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyAsyncClientTest.java

@@ -26,6 +26,7 @@
 import com.azure.security.keyvault.keys.models.KeyVaultKey;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Assumptions;
+import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import reactor.core.publisher.Mono;
@@ -569,6 +570,7 @@ public void releaseKey(HttpClient httpClient, KeyServiceVersion serviceVersion)
      */
     @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
     @MethodSource("getTestParameters")
+    @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true")
     public void getKeyRotationPolicyOfNonExistentKey(HttpClient httpClient, KeyServiceVersion serviceVersion) {
         createKeyAsyncClient(httpClient, serviceVersion);
         StepVerifier.create(client.getKeyRotationPolicy(testResourceNamer.randomName("nonExistentKey", 20)))
@@ -581,6 +583,7 @@ public void getKeyRotationPolicyOfNonExistentKey(HttpClient httpClient, KeyServi
      */
     @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
     @MethodSource("getTestParameters")
+    @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true")
     public void getKeyRotationPolicyWithNoPolicySet(HttpClient httpClient, KeyServiceVersion serviceVersion) {
         // Key Rotation is not yet enabled in Managed HSM.
         Assumptions.assumeTrue(!isHsmEnabled);
@@ -613,6 +616,7 @@ public void getKeyRotationPolicyWithNoPolicySet(HttpClient httpClient, KeyServic
      */
     @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
     @MethodSource("getTestParameters")
+    @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true")
     public void updateGetKeyRotationPolicyWithMinimumProperties(HttpClient httpClient, KeyServiceVersion serviceVersion) {
         // Key Rotation is not yet enabled in Managed HSM.
         Assumptions.assumeTrue(!isHsmEnabled);
@@ -636,6 +640,7 @@ public void updateGetKeyRotationPolicyWithMinimumProperties(HttpClient httpClien
      */
     @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
     @MethodSource("getTestParameters")
+    @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true")
     public void updateGetKeyRotationPolicyWithAllProperties(HttpClient httpClient, KeyServiceVersion serviceVersion) {
         // Key Rotation is not yet enabled in Managed HSM.
         Assumptions.assumeTrue(!isHsmEnabled);
@@ -659,6 +664,7 @@ public void updateGetKeyRotationPolicyWithAllProperties(HttpClient httpClient, K
      */
     @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
     @MethodSource("getTestParameters")
+    @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true")
     public void rotateKey(HttpClient httpClient, KeyServiceVersion serviceVersion) {
         // Key Rotation is not yet enabled in Managed HSM.
         Assumptions.assumeTrue(!isHsmEnabled);

sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientTest.java

@@ -23,6 +23,7 @@
 import com.azure.security.keyvault.keys.models.KeyVaultKey;
 import com.azure.security.keyvault.keys.models.ReleaseKeyResult;
 import org.junit.jupiter.api.Assumptions;
+import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 
@@ -531,6 +532,7 @@ public void releaseKey(HttpClient httpClient, KeyServiceVersion serviceVersion)
      */
     @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
     @MethodSource("getTestParameters")
+    @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true")
     public void getKeyRotationPolicyOfNonExistentKey(HttpClient httpClient, KeyServiceVersion serviceVersion) {
         createKeyClient(httpClient, serviceVersion);
 
@@ -544,6 +546,7 @@ public void getKeyRotationPolicyOfNonExistentKey(HttpClient httpClient, KeyServi
      */
     @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
     @MethodSource("getTestParameters")
+    @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true")
     public void getKeyRotationPolicyWithNoPolicySet(HttpClient httpClient, KeyServiceVersion serviceVersion) {
         // Key Rotation is not yet enabled in Managed HSM.
         Assumptions.assumeTrue(!isHsmEnabled);
@@ -572,6 +575,7 @@ public void getKeyRotationPolicyWithNoPolicySet(HttpClient httpClient, KeyServic
      */
     @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
     @MethodSource("getTestParameters")
+    @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true")
     public void updateGetKeyRotationPolicyWithMinimumProperties(HttpClient httpClient, KeyServiceVersion serviceVersion) {
         // Key Rotation is not yet enabled in Managed HSM.
         Assumptions.assumeTrue(!isHsmEnabled);
@@ -593,6 +597,7 @@ public void updateGetKeyRotationPolicyWithMinimumProperties(HttpClient httpClien
      */
     @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
     @MethodSource("getTestParameters")
+    @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true")
     public void updateGetKeyRotationPolicyWithAllProperties(HttpClient httpClient, KeyServiceVersion serviceVersion) {
         // Key Rotation is not yet enabled in Managed HSM.
         Assumptions.assumeTrue(!isHsmEnabled);
@@ -614,6 +619,7 @@ public void updateGetKeyRotationPolicyWithAllProperties(HttpClient httpClient, K
      */
     @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
     @MethodSource("getTestParameters")
+    @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true")
     public void rotateKey(HttpClient httpClient, KeyServiceVersion serviceVersion) {
         // Key Rotation is not yet enabled in Managed HSM.
         Assumptions.assumeTrue(!isHsmEnabled);

sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientTestBase.java

@@ -83,6 +83,11 @@ protected String getTestName() {
     }
 
     void beforeTestSetup() {
+        System.getProperties().put("IS_SKIP_ROTATION_POLICY_TEST",
+            String.valueOf(!".vault.azure.net".equals(
+                Configuration.getGlobalConfiguration()
+                    .get("KEY_VAULT_ENDPOINT_SUFFIX", ".vault.azure.net"))
+            && interceptorManager.isLiveMode()));
     }
 
     HttpPipeline getHttpPipeline(HttpClient httpClient) {

sdk/keyvault/azure-security-test-keyvault-jca/pom.xml

@@ -88,4 +88,4 @@
       <scope>test</scope>
     </dependency>
   </dependencies>
-</project>
+</project>