From 42fb5467f9f6645bca8143cb6f43f66b96fee4bd Mon Sep 17 00:00:00 2001 From: "Hong Li(MSFT)" <74638143+hongli750210@users.noreply.github.com> Date: Tue, 21 Dec 2021 14:13:30 +0800 Subject: [PATCH] Update KeyVault to enable live testing in sovereign clouds for multiple services (#25760) * Fixed KeyVault test in UsGov/China cloud * Fixed KeyVault test in UsGov/China cloud * Fixed KeyVault test in UsGov/China cloud * Fixed KeyVault test in UsGov/China cloud * Fixed KeyVault test in UsGov/China cloud * Fixed KeyVault test in UsGov/China cloud * Fixed KeyVault test in UsGov/China cloud Co-authored-by: Tong Xu (MSFT) <57166602+v-xuto@users.noreply.github.com> --- .../certificates/CertificateClientTest.java | 6 +- .../keyvault/jca/AccessTokenUtilTest.java | 48 ++++- .../jca/KeyVaultCertificatesTest.java | 2 +- .../keyvault/jca/KeyVaultClientTest.java | 10 +- .../keyvault/jca/KeyVaultJcaProviderTest.java | 3 +- .../keyvault/jca/KeyVaultKeyManagerTest.java | 2 +- .../keyvault/jca/KeyVaultKeyStoreTest.java | 10 +- .../keyvault/jca/PropertyConvertorUtils.java | 13 +- .../keyvault/jca/ServerSocketTest.java | 2 +- .../keyvault/keys/KeyAsyncClientTest.java | 6 + .../security/keyvault/keys/KeyClientTest.java | 6 + .../keyvault/keys/KeyClientTestBase.java | 5 + .../azure-security-test-keyvault-jca/pom.xml | 2 +- sdk/keyvault/test-resources.json | 192 +++++++++--------- sdk/keyvault/tests.yml | 9 +- 15 files changed, 191 insertions(+), 125 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/src/test/java/com/azure/security/keyvault/certificates/CertificateClientTest.java b/sdk/keyvault/azure-security-keyvault-certificates/src/test/java/com/azure/security/keyvault/certificates/CertificateClientTest.java index 97dcf6d8a676f..91b256a200532 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/src/test/java/com/azure/security/keyvault/certificates/CertificateClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-certificates/src/test/java/com/azure/security/keyvault/certificates/CertificateClientTest.java @@ -10,6 +10,7 @@ import com.azure.core.http.HttpPipeline; import com.azure.core.http.rest.PagedIterable; import com.azure.core.util.Context; +import com.azure.core.util.polling.LongRunningOperationStatus; import com.azure.core.util.polling.PollResponse; import com.azure.core.util.polling.SyncPoller; import com.azure.security.keyvault.certificates.implementation.KeyVaultCredentialPolicy; @@ -388,9 +389,10 @@ public void cancelCertificateOperation(HttpClient httpClient, CertificateService client.beginCreateCertificate(certName, CertificatePolicy.getDefault()); certPoller.poll(); certPoller.cancelOperation(); - certPoller.waitForCompletion(); + certPoller.waitUntil(LongRunningOperationStatus.USER_CANCELLED); KeyVaultCertificateWithPolicy certificate = certPoller.getFinalResult(); - assertEquals(false, certificate.getProperties().isEnabled()); + assertFalse(certificate.getProperties().isEnabled()); + certPoller.waitForCompletion(); }); } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AccessTokenUtilTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AccessTokenUtilTest.java index a2ab38cdacbfd..fa45b51e29248 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AccessTokenUtilTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AccessTokenUtilTest.java @@ -25,16 +25,54 @@ public class AccessTokenUtilTest { */ @Test public void testGetAuthorizationToken() throws Exception { - String tenantId = System.getenv("AZURE_KEYVAULT_TENANT_ID"); - String clientId = System.getenv("AZURE_KEYVAULT_CLIENT_ID"); - String clientSecret = System.getenv("AZURE_KEYVAULT_CLIENT_SECRET"); + String tenantId = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_TENANT_ID"); + String clientId = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_ID"); + String clientSecret = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_SECRET"); + String keyVaultEndPointSuffix = PropertyConvertorUtils.getPropertyValue("KEY_VAULT_ENDPOINT_SUFFIX", ".vault.azure.net"); + CloudType cloudType = getCloudTypeByKeyVaultEndPoint(keyVaultEndPointSuffix); + String resourceUrl = getResourceUrl(cloudType); + String aadAuthenticationUrl = getAadAuthenticationUrl(cloudType); AccessToken result = AccessTokenUtil.getAccessToken( - "https://management.azure.com/", - null, + resourceUrl, + aadAuthenticationUrl, tenantId, clientId, URLEncoder.encode(clientSecret, "UTF-8") ); assertNotNull(result); } + + private String getResourceUrl(CloudType cloudType) { + if (CloudType.UsGov.equals(cloudType)) { + return "https://management.usgovcloudapi.net/"; + } else if (CloudType.China.equals(cloudType)) { + return "https://management.chinacloudapi.cn/"; + } + return "https://management.azure.com/"; + } + + private String getAadAuthenticationUrl(CloudType cloudType) { + if (CloudType.UsGov.equals(cloudType)) { + return "https://login.microsoftonline.us/"; + } else if (CloudType.China.equals(cloudType)) { + return "https://login.partner.microsoftonline.cn/"; + } + return "https://login.microsoftonline.com/"; + } + + private CloudType getCloudTypeByKeyVaultEndPoint(String keyVaultEndPointSuffix) { + if (".vault.usgovcloudapi.net".equals(keyVaultEndPointSuffix)) { + return CloudType.UsGov; + } else if (".vault.azure.cn".equals(keyVaultEndPointSuffix)) { + return CloudType.China; + } + return CloudType.Public; + } + + private enum CloudType { + Public, + UsGov, + China, + UNKNOWN + } } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificatesTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificatesTest.java index 58b716edc4b0e..aeabd3b8bcc1b 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificatesTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificatesTest.java @@ -55,7 +55,7 @@ public class KeyVaultCertificatesTest { public static void setEnvironmentProperty() { PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca(); PropertyConvertorUtils.addKeyVaultJcaProvider(); - certificateName = System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME"); + certificateName = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CERTIFICATE_NAME"); } @Test diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java index 0b2e1a373698e..90e36c5cbe3f8 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java @@ -19,11 +19,11 @@ public class KeyVaultClientTest { @BeforeAll public static void setEnvironmentProperty() { keyVaultClient = new KeyVaultClient( - System.getenv("AZURE_KEYVAULT_ENDPOINT"), - System.getenv("AZURE_KEYVAULT_TENANT_ID"), - System.getenv("AZURE_KEYVAULT_CLIENT_ID"), - System.getenv("AZURE_KEYVAULT_CLIENT_SECRET")); - certificateName = System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME"); + PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_ENDPOINT"), + PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_TENANT_ID"), + PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_ID"), + PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_SECRET")); + certificateName = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CERTIFICATE_NAME"); } @Test diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java index 79ee1049e4d4b..c83034f836f09 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java @@ -27,6 +27,7 @@ public void testGetCertificate() throws Exception { PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca(); PropertyConvertorUtils.addKeyVaultJcaProvider(); KeyStore keystore = PropertyConvertorUtils.getKeyVaultKeyStore(); - assertNotNull(keystore.getCertificate(System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME"))); + assertNotNull(keystore.getCertificate( + PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CERTIFICATE_NAME"))); } } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerTest.java index 499c239cd3a8d..dae4dc941b713 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerTest.java @@ -28,7 +28,7 @@ public static void setEnvironmentProperty() throws KeyStoreException, NoSuchAlgo PropertyConvertorUtils.addKeyVaultJcaProvider(); KeyStore keyStore = PropertyConvertorUtils.getKeyVaultKeyStore(); manager = new KeyVaultKeyManager(keyStore, null); - certificateName = System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME"); + certificateName = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CERTIFICATE_NAME"); } @Test diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java index ab52bd4b49f58..de359aa3260d8 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java @@ -33,11 +33,11 @@ public static void setEnvironmentProperty() { PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca(); keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( - System.getenv("AZURE_KEYVAULT_ENDPOINT"), - System.getenv("AZURE_KEYVAULT_TENANT_ID"), - System.getenv("AZURE_KEYVAULT_CLIENT_ID"), - System.getenv("AZURE_KEYVAULT_CLIENT_SECRET")); - certificateName = System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME"); + PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_ENDPOINT"), + PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_TENANT_ID"), + PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_ID"), + PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_SECRET")); + certificateName = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CERTIFICATE_NAME"); keystore.engineLoad(parameter); } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/PropertyConvertorUtils.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/PropertyConvertorUtils.java index fa6b0f53e642e..2eb5d31164197 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/PropertyConvertorUtils.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/PropertyConvertorUtils.java @@ -3,6 +3,7 @@ package com.azure.security.keyvault.jca; +import com.azure.core.util.Configuration; import java.io.IOException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -14,10 +15,12 @@ public class PropertyConvertorUtils { + private static final Configuration GLOBAL_CONFIGURATION = Configuration.getGlobalConfiguration(); + public static void putEnvironmentPropertyToSystemPropertyForKeyVaultJca() { KEYVAULT_JCA_SYSTEM_PROPERTIES.forEach( environmentPropertyKey -> { - String value = System.getenv(environmentPropertyKey); + String value = getPropertyValue(environmentPropertyKey); String systemPropertyKey = environmentPropertyKey.toLowerCase().replaceFirst("azure_keyvault_", "azure.keyvault.").replaceAll("_", "-"); System.getProperties().put(systemPropertyKey, value); @@ -40,4 +43,12 @@ public static void addKeyVaultJcaProvider() { Security.addProvider(provider); } + public static String getPropertyValue(String property) { + return GLOBAL_CONFIGURATION.get(property, System.getenv(property)); + } + + public static String getPropertyValue(String property, String defaultValue) { + return GLOBAL_CONFIGURATION.get(property, defaultValue); + } + } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java index fe3f9ba8d5ee5..172c9ff594309 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java @@ -63,7 +63,7 @@ public static void beforeEach() throws Exception { ks = PropertyConvertorUtils.getKeyVaultKeyStore(); kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, "".toCharArray()); - certificateName = System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME"); + certificateName = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CERTIFICATE_NAME"); } diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyAsyncClientTest.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyAsyncClientTest.java index d9a013301c45d..b91d3b3a8a9df 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyAsyncClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyAsyncClientTest.java @@ -26,6 +26,7 @@ import com.azure.security.keyvault.keys.models.KeyVaultKey; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Assumptions; +import org.junit.jupiter.api.condition.DisabledIfSystemProperty; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; import reactor.core.publisher.Mono; @@ -569,6 +570,7 @@ public void releaseKey(HttpClient httpClient, KeyServiceVersion serviceVersion) */ @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS) @MethodSource("getTestParameters") + @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true") public void getKeyRotationPolicyOfNonExistentKey(HttpClient httpClient, KeyServiceVersion serviceVersion) { createKeyAsyncClient(httpClient, serviceVersion); StepVerifier.create(client.getKeyRotationPolicy(testResourceNamer.randomName("nonExistentKey", 20))) @@ -581,6 +583,7 @@ public void getKeyRotationPolicyOfNonExistentKey(HttpClient httpClient, KeyServi */ @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS) @MethodSource("getTestParameters") + @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true") public void getKeyRotationPolicyWithNoPolicySet(HttpClient httpClient, KeyServiceVersion serviceVersion) { // Key Rotation is not yet enabled in Managed HSM. Assumptions.assumeTrue(!isHsmEnabled); @@ -613,6 +616,7 @@ public void getKeyRotationPolicyWithNoPolicySet(HttpClient httpClient, KeyServic */ @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS) @MethodSource("getTestParameters") + @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true") public void updateGetKeyRotationPolicyWithMinimumProperties(HttpClient httpClient, KeyServiceVersion serviceVersion) { // Key Rotation is not yet enabled in Managed HSM. Assumptions.assumeTrue(!isHsmEnabled); @@ -636,6 +640,7 @@ public void updateGetKeyRotationPolicyWithMinimumProperties(HttpClient httpClien */ @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS) @MethodSource("getTestParameters") + @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true") public void updateGetKeyRotationPolicyWithAllProperties(HttpClient httpClient, KeyServiceVersion serviceVersion) { // Key Rotation is not yet enabled in Managed HSM. Assumptions.assumeTrue(!isHsmEnabled); @@ -659,6 +664,7 @@ public void updateGetKeyRotationPolicyWithAllProperties(HttpClient httpClient, K */ @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS) @MethodSource("getTestParameters") + @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true") public void rotateKey(HttpClient httpClient, KeyServiceVersion serviceVersion) { // Key Rotation is not yet enabled in Managed HSM. Assumptions.assumeTrue(!isHsmEnabled); diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientTest.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientTest.java index a28b4145a1478..1b7a7cf482007 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientTest.java @@ -23,6 +23,7 @@ import com.azure.security.keyvault.keys.models.KeyVaultKey; import com.azure.security.keyvault.keys.models.ReleaseKeyResult; import org.junit.jupiter.api.Assumptions; +import org.junit.jupiter.api.condition.DisabledIfSystemProperty; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; @@ -531,6 +532,7 @@ public void releaseKey(HttpClient httpClient, KeyServiceVersion serviceVersion) */ @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS) @MethodSource("getTestParameters") + @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true") public void getKeyRotationPolicyOfNonExistentKey(HttpClient httpClient, KeyServiceVersion serviceVersion) { createKeyClient(httpClient, serviceVersion); @@ -544,6 +546,7 @@ public void getKeyRotationPolicyOfNonExistentKey(HttpClient httpClient, KeyServi */ @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS) @MethodSource("getTestParameters") + @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true") public void getKeyRotationPolicyWithNoPolicySet(HttpClient httpClient, KeyServiceVersion serviceVersion) { // Key Rotation is not yet enabled in Managed HSM. Assumptions.assumeTrue(!isHsmEnabled); @@ -572,6 +575,7 @@ public void getKeyRotationPolicyWithNoPolicySet(HttpClient httpClient, KeyServic */ @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS) @MethodSource("getTestParameters") + @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true") public void updateGetKeyRotationPolicyWithMinimumProperties(HttpClient httpClient, KeyServiceVersion serviceVersion) { // Key Rotation is not yet enabled in Managed HSM. Assumptions.assumeTrue(!isHsmEnabled); @@ -593,6 +597,7 @@ public void updateGetKeyRotationPolicyWithMinimumProperties(HttpClient httpClien */ @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS) @MethodSource("getTestParameters") + @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true") public void updateGetKeyRotationPolicyWithAllProperties(HttpClient httpClient, KeyServiceVersion serviceVersion) { // Key Rotation is not yet enabled in Managed HSM. Assumptions.assumeTrue(!isHsmEnabled); @@ -614,6 +619,7 @@ public void updateGetKeyRotationPolicyWithAllProperties(HttpClient httpClient, K */ @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS) @MethodSource("getTestParameters") + @DisabledIfSystemProperty(named = "IS_SKIP_ROTATION_POLICY_TEST", matches = "true") public void rotateKey(HttpClient httpClient, KeyServiceVersion serviceVersion) { // Key Rotation is not yet enabled in Managed HSM. Assumptions.assumeTrue(!isHsmEnabled); diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientTestBase.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientTestBase.java index 0ff834fa2da8a..facc354c708c2 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientTestBase.java +++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientTestBase.java @@ -83,6 +83,11 @@ protected String getTestName() { } void beforeTestSetup() { + System.getProperties().put("IS_SKIP_ROTATION_POLICY_TEST", + String.valueOf(!".vault.azure.net".equals( + Configuration.getGlobalConfiguration() + .get("KEY_VAULT_ENDPOINT_SUFFIX", ".vault.azure.net")) + && interceptorManager.isLiveMode())); } HttpPipeline getHttpPipeline(HttpClient httpClient) { diff --git a/sdk/keyvault/azure-security-test-keyvault-jca/pom.xml b/sdk/keyvault/azure-security-test-keyvault-jca/pom.xml index 9e3fbee7eef27..51a87c02d0461 100644 --- a/sdk/keyvault/azure-security-test-keyvault-jca/pom.xml +++ b/sdk/keyvault/azure-security-test-keyvault-jca/pom.xml @@ -88,4 +88,4 @@ test - \ No newline at end of file + diff --git a/sdk/keyvault/test-resources.json b/sdk/keyvault/test-resources.json index 9fbcddcb62616..31963b4a52f54 100644 --- a/sdk/keyvault/test-resources.json +++ b/sdk/keyvault/test-resources.json @@ -67,24 +67,24 @@ }, "keyVaultSku": { "type": "string", - "defaultValue": "Premium", + "defaultValue": "premium", "allowedValues": [ - "Standard", - "Premium" + "standard", + "premium" ], "metadata": { "description": "Key Vault SKU to deploy. The default is 'Premium'" } }, - "endpointSuffix": { - "type": "String", - "defaultValue": "vault.azure.net" + "keyVaultEndpointSuffix": { + "type": "string", + "defaultValue": ".vault.azure.net" }, "testApplicationId": { - "type": "String" + "type": "string" }, "testApplicationSecret": { - "type": "String" + "type": "string" }, "enabledForDeployment": { "type": "bool", @@ -206,53 +206,53 @@ "objectId": "[parameters('testApplicationOid')]", "permissions": { "keys": [ - "backup", - "create", - "decrypt", - "delete", - "encrypt", - "get", - "getrotationpolicy", - "import", - "list", - "purge", - "recover", - "restore", - "rotate", - "sign", - "setrotationpolicy", - "unwrapKey", - "update", - "verify", - "wrapKey" + "Get", + "List", + "Update", + "Create", + "Import", + "Delete", + "Recover", + "Backup", + "Restore", + "Decrypt", + "Encrypt", + "UnwrapKey", + "WrapKey", + "Sign", + "Purge", + "Rotate", + "Verify", + "GetRotationPolicy", + "SetRotationPolicy" ], "secrets": [ - "backup", - "delete", - "get", - "list", - "purge", - "recover", - "restore", - "set" + "Get", + "List", + "Set", + "Delete", + "Recover", + "Backup", + "Restore", + "Purge" ], "certificates": [ - "backup", - "create", - "delete", - "deleteissuers", - "get", - "getissuers", - "import", - "list", - "listissuers", - "managecontacts", - "manageissuers", - "purge", - "recover", - "restore", - "setissuers", - "update" + "Get", + "List", + "Update", + "Create", + "Import", + "Delete", + "Recover", + "Backup", + "Restore", + "ManageContacts", + "ManageIssuers", + "GetIssuers", + "ListIssuers", + "SetIssuers", + "DeleteIssuers", + "Purge" ] } }, @@ -261,53 +261,53 @@ "objectId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')), '2018-11-30').principalId]", "permissions": { "keys": [ - "backup", - "create", - "decrypt", - "delete", - "encrypt", - "get", - "getrotationpolicy", - "import", - "list", - "purge", - "recover", - "restore", - "rotate", - "sign", - "setrotationpolicy", - "unwrapKey", - "update", - "verify", - "wrapKey" + "Get", + "List", + "Update", + "Create", + "Import", + "Delete", + "Recover", + "Backup", + "Restore", + "Decrypt", + "Encrypt", + "UnwrapKey", + "WrapKey", + "Sign", + "Purge", + "Rotate", + "Verify", + "GetRotationPolicy", + "SetRotationPolicy" ], "secrets": [ - "backup", - "delete", - "get", - "list", - "purge", - "recover", - "restore", - "set" + "Get", + "List", + "Set", + "Delete", + "Recover", + "Backup", + "Restore", + "Purge" ], "certificates": [ - "backup", - "create", - "delete", - "deleteissuers", - "get", - "getissuers", - "import", - "list", - "listissuers", - "managecontacts", - "manageissuers", - "purge", - "recover", - "restore", - "setissuers", - "update" + "Get", + "List", + "Update", + "Create", + "Import", + "Delete", + "Recover", + "Backup", + "Restore", + "ManageContacts", + "ManageIssuers", + "GetIssuers", + "ListIssuers", + "SetIssuers", + "DeleteIssuers", + "Purge" ] } } @@ -508,6 +508,10 @@ "AZURE_KEYVAULT_ATTESTATION_URL": { "type": "string", "value": "[parameters('attestationUrl')]" + }, + "KEY_VAULT_ENDPOINT_SUFFIX": { + "type": "string", + "value": "[parameters('keyVaultEndpointSuffix')]" } } } diff --git a/sdk/keyvault/tests.yml b/sdk/keyvault/tests.yml index dfa21653fefe8..aeb6e85239da1 100644 --- a/sdk/keyvault/tests.yml +++ b/sdk/keyvault/tests.yml @@ -5,17 +5,10 @@ stages: parameters: ServiceDirectory: keyvault TimeoutInMinutes: 240 - SupportedClouds: 'Public,UsGov,China,Canary' + SupportedClouds: 'Public,UsGov,China' CloudConfig: Public: SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources) - Canary: - SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources) - Location: 'eastus2euap' - # Managed HSM test resources are expensive and provisioning has not been reliable. - # Given test coverage of non-canary regions we probably don't need to test in canary. - MatrixFilters: - - ArmTemplateParameters=^(?!.*enableHsm.*true) UsGov: SubscriptionConfiguration: $(sub-config-gov-test-resources) MatrixFilters: