-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update KeyVault to enable live testing in sovereign clouds for multiple services #25760
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes look good to me, but I would wait for @chenrujun to review as well just to be sure, as he knows more about the JCA module than I do.
...urity-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/PropertyConvertorUtils.java
Outdated
Show resolved
Hide resolved
...security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AccessTokenUtilTest.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
This pull request is protected by Check Enforcer. What is Check Enforcer?Check Enforcer helps ensure all pull requests are covered by at least one check-run (typically an Azure Pipeline). When all check-runs associated with this pull request pass then Check Enforcer itself will pass. Why am I getting this message?You are getting this message because Check Enforcer did not detect any check-runs being associated with this pull request within five minutes. This may indicate that your pull request is not covered by any pipelines and so Check Enforcer is correctly blocking the pull request being merged. What should I do now?If the check-enforcer check-run is not passing and all other check-runs associated with this PR are passing (excluding license-cla) then you could try telling Check Enforcer to evaluate your pull request again. You can do this by adding a comment to this pull request as follows: What if I am onboarding a new service?Often, new services do not have validation pipelines associated with them, in order to bootstrap pipelines for a new service, you can issue the following command as a pull request comment: |
These changes enable KeyVault to run live tests against Public, UsGov and China.
Update file: test-resources.json
i) Match with the
ArmTemplateParameter
setting, so change the parameter name of the endpoint suffix tokeyVaultEndpointSuffix
.ii) Modified permission of access policies for fix
The user, group or application 'appid=***;oid=***;iss=https://sts.windows.net/***/' does not have keys getrotationpolicy permission on key vault 't1e479d51bbe44e7d;location=***'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287
excception.iii) Fix the execution exception of
AccessTokenUtilTest.testGetAuthorizationToken
in UsGov and China Cloud, add output parameterKEY_VAULT_ENDPOINT_SUFFIX
Update file: /keys/KeyClientTestBase.java
According to the repair suggestions in issue#18142, add the cloud test platform judgment method
isPublicCloud
.Update file: /keys/KeyClientTest.java, /keys/KeyAsyncClientTest.java
According to the repair suggestions in issue#18142, skip Key Rotation related test cases in UsGov and China cloud.
Update file: /jca/AccessTokenUtilTest.java
Fix the execution exception of
AccessTokenUtilTest.testGetAuthorizationToken
in UsGov and China Cloud, and modify the parameter setting ofAccessTokenUtil.getAccessToken
.Update file: /certificates/CertificateClientTest.java
i) Fixed the
org.opentest4j.AssertionFailedError: expected: <false> but was: <true>
exception in UsGov and China cloud.ii) Adjust the process flow to avoid
waitForCompletion()
to interfere with result data interferenceIn the pipeline test, system parameters such as
AZURE_KEYVAULT_CERTIFICATE_NAME
are stored inConfiguration
, and cannot get them bySystem.getenv(name)
, so replaced withConfiguration.getGlobalConfiguration().get(name, default Value)
, and thedefaultValue
is obtained throughSystem.getenv(name)
system parameters or defined constants.e.g.
Update
certificateName = System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME")
to
certificateName = Configuration.getGlobalConfiguration().get("AZURE_KEYVAULT_CERTIFICATE_NAME", System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME"))
Pipeline results:
https://dev.azure.com/azure-sdk/internal/_build/results?buildId=1227309&view=results
@benbp, @scottaddie, @joshfree, @AlexGhiondea and @vcolin7 for notification.