Azure
diff --git a/‎test/WebJobs.Script.Tests.Integration/Management/InstanceControllerTests.cs
Lines changed: 8 additions & 12 deletions b/‎test/WebJobs.Script.Tests.Integration/Management/InstanceControllerTests.cs
Lines changed: 8 additions & 12 deletions
diff --git a/‎test/WebJobs.Script.Tests.Integration/Management/InstanceManagerTests.cs
Lines changed: 12 additions & 54 deletions b/‎test/WebJobs.Script.Tests.Integration/Management/InstanceManagerTests.cs
Lines changed: 12 additions & 54 deletions
diff --git a/‎test/WebJobs.Script.Tests.Integration/Management/KubernetesPodControllerTests.cs
Lines changed: 5 additions & 5 deletions b/‎test/WebJobs.Script.Tests.Integration/Management/KubernetesPodControllerTests.cs
Lines changed: 5 additions & 5 deletions
diff --git a/‎test/WebJobs.Script.Tests.Integration/Management/MeshServiceClientTests.cs
Lines changed: 1 addition & 4 deletions b/‎test/WebJobs.Script.Tests.Integration/Management/MeshServiceClientTests.cs
Lines changed: 1 addition & 4 deletions
diff --git a/‎test/WebJobs.Script.Tests.Shared/TestHelpers.Constants.cs
Lines changed: 39 additions & 0 deletions b/‎test/WebJobs.Script.Tests.Shared/TestHelpers.Constants.cs
Lines changed: 39 additions & 0 deletions
diff --git a/‎test/WebJobs.Script.Tests.Shared/TestHelpers.cs
Lines changed: 18 additions & 15 deletions b/‎test/WebJobs.Script.Tests.Shared/TestHelpers.cs
Lines changed: 18 additions & 15 deletions
@@ -69,7 +69,6 @@ public async Task Assign_MSISpecializationFailure_ReturnsError()
 
             var instanceController = new InstanceController(environment, instanceManager, loggerFactory, startupContextProvider);
 
-            const string containerEncryptionKey = "/a/vXvWJ3Hzgx4PFxlDUJJhQm5QVyGiu0NNLFm/ZMMg=";
             var hostAssignmentContext = new HostAssignmentContext
             {
                 Environment = new Dictionary<string, string>(),
@@ -79,14 +78,14 @@ public async Task Assign_MSISpecializationFailure_ReturnsError()
             hostAssignmentContext.Environment[EnvironmentSettingNames.MsiEndpoint] = "http://localhost:8081";
             hostAssignmentContext.Environment[EnvironmentSettingNames.MsiSecret] = "secret";
 
-            var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), containerEncryptionKey.ToKeyBytes());
+            var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), TestHelpers.EncryptionKey.ToKeyBytes());
 
             var encryptedHostAssignmentContext = new EncryptedHostAssignmentContext()
             {
                 EncryptedContext = encryptedHostAssignmentValue
             };
 
-            environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, containerEncryptionKey);
+            environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, TestHelpers.EncryptionKey);
 
             IActionResult result = await instanceController.Assign(encryptedHostAssignmentContext);
 
@@ -145,7 +144,6 @@ public async Task Assignment_Sets_Secrets_Context()
 
             var instanceController = new InstanceController(environment, instanceManager, loggerFactory, startupContextProvider);
 
-            const string containerEncryptionKey = "/a/vXvWJ3Hzgx4PFxlDUJJhQm5QVyGiu0NNLFm/ZMMg=";
             var hostAssignmentContext = new HostAssignmentContext
             {
                 Environment = new Dictionary<string, string>()
@@ -156,14 +154,14 @@ public async Task Assignment_Sets_Secrets_Context()
             hostAssignmentContext.Secrets = new FunctionAppSecrets();
             hostAssignmentContext.IsWarmupRequest = false; // non-warmup Request
 
-            var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), containerEncryptionKey.ToKeyBytes());
+            var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), TestHelpers.EncryptionKey.ToKeyBytes());
 
             var encryptedHostAssignmentContext = new EncryptedHostAssignmentContext()
             {
                 EncryptedContext = encryptedHostAssignmentValue
             };
 
-            environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, containerEncryptionKey);
+            environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, TestHelpers.EncryptionKey);
 
             await instanceController.Assign(encryptedHostAssignmentContext);
             Assert.NotNull(startupContextProvider.Context);
@@ -199,7 +197,6 @@ public async Task Assignment_Does_Not_Set_Secrets_Context_For_Warmup_Request()
 
             var instanceController = new InstanceController(environment, instanceManager, loggerFactory, startupContextProvider);
 
-            const string containerEncryptionKey = "/a/vXvWJ3Hzgx4PFxlDUJJhQm5QVyGiu0NNLFm/ZMMg=";
             var hostAssignmentContext = new HostAssignmentContext
             {
                 Environment = new Dictionary<string, string>()
@@ -210,14 +207,14 @@ public async Task Assignment_Does_Not_Set_Secrets_Context_For_Warmup_Request()
             hostAssignmentContext.Secrets = new FunctionAppSecrets();
             hostAssignmentContext.IsWarmupRequest = true; // Warmup Request
 
-            var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), containerEncryptionKey.ToKeyBytes());
+            var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), TestHelpers.EncryptionKey.ToKeyBytes());
 
             var encryptedHostAssignmentContext = new EncryptedHostAssignmentContext()
             {
                 EncryptedContext = encryptedHostAssignmentValue
             };
 
-            environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, containerEncryptionKey);
+            environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, TestHelpers.EncryptionKey);
 
             await instanceController.Assign(encryptedHostAssignmentContext);
             Assert.Null(startupContextProvider.Context);
@@ -243,7 +240,6 @@ public async Task Assignment_Invokes_InstanceManager_Methods_For_Warmup_Requests
             var instanceController = new InstanceController(environment, instanceManager.Object, loggerFactory,
                 startupContextProvider);
 
-            const string containerEncryptionKey = "/a/vXvWJ3Hzgx4PFxlDUJJhQm5QVyGiu0NNLFm/ZMMg=";
             var hostAssignmentContext = new HostAssignmentContext
             {
                 Environment = new Dictionary<string, string>()
@@ -252,14 +248,14 @@ public async Task Assignment_Invokes_InstanceManager_Methods_For_Warmup_Requests
 
             var encryptedHostAssignmentValue =
                 SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext),
-                    containerEncryptionKey.ToKeyBytes());
+                    TestHelpers.EncryptionKey.ToKeyBytes());
 
             var encryptedHostAssignmentContext = new EncryptedHostAssignmentContext()
             {
                 EncryptedContext = encryptedHostAssignmentValue
             };
 
-            environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, containerEncryptionKey);
+            environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, TestHelpers.EncryptionKey);
 
             await instanceController.Assign(encryptedHostAssignmentContext);
 
 
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
-using System.IO.Abstractions;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -376,9 +375,9 @@ public async Task ValidateContext_InvalidZipUrl_WebsiteUseZip_ReturnsError()
             handlerMock.Protected().Setup<Task<HttpResponseMessage>>("SendAsync",
                 ItExpr.IsAny<HttpRequestMessage>(),
                 ItExpr.IsAny<CancellationToken>()).ReturnsAsync(new HttpResponseMessage
-            {
-                StatusCode = HttpStatusCode.NotFound
-            });
+                {
+                    StatusCode = HttpStatusCode.NotFound
+                });
 
             var instanceManager = new AtlasInstanceManager(_optionsFactory, TestHelpers.CreateHttpClientFactory(handlerMock.Object),
                 scriptWebEnvironment, environment, loggerFactory.CreateLogger<AtlasInstanceManager>(),
@@ -687,7 +686,7 @@ public async Task SpecializeMsiSidecar_RequiredPropertiesInPayload()
             var environment = new Dictionary<string, string>()
             {
                 { EnvironmentSettingNames.MsiEndpoint, "http://localhost:8081" },
-                { EnvironmentSettingNames.MsiSecret, "secret" }
+                { EnvironmentSettingNames.MsiSecret, "PLACEHOLDER" }
             };
             var assignmentContext = new HostAssignmentContext
             {
@@ -698,55 +697,14 @@ public async Task SpecializeMsiSidecar_RequiredPropertiesInPayload()
                 MSIContext = new MSIContext()
                 {
                     SiteName = "TestSite",
-                    MSISecret = "TestSecret1234",
-                    Identities = new[] { new ManagedServiceIdentity() { 
-                        Type = ManagedServiceIdentityType.SystemAssigned, 
-                        ClientId = "identityClientId",
-                        TenantId = "identityTenantId",
-                        Thumbprint = "identityThumbprint",
-                        SecretUrl = "identitySecretUrl",
-                        ResourceId = "identityResourceId",
-                        Certificate = "identityCertificate",
-                        PrincipalId = "identityPrincipalId",
-                        AuthenticationEndpoint = "identityAuthEndpoint"
-                    } },
-                    SystemAssignedIdentity = new ManagedServiceIdentity()
-                    {
-                        Type = ManagedServiceIdentityType.SystemAssigned,
-                        ClientId = "saClientId",
-                        TenantId = "saTenantId",
-                        Thumbprint = "saThumbprint",
-                        SecretUrl = "saSecretUrl",
-                        ResourceId = "saResourceId",
-                        Certificate = "saCertificate",
-                        PrincipalId = "saPrincipalId",
-                        AuthenticationEndpoint = "saAuthEndpoint"
-                    },
-                    DelegatedIdentities = new[] { new ManagedServiceIdentity() {
-                        Type = ManagedServiceIdentityType.SystemAssigned,
-                        ClientId = "delegatedClientId",
-                        TenantId = "delegatedTenantId",
-                        Thumbprint = "delegatedThumbprint",
-                        SecretUrl = "delegatedSecretUrl",
-                        ResourceId = "delegatedResourceId",
-                        Certificate = "delegatedCertificate",
-                        PrincipalId = "delegatedPrincipalId",
-                        AuthenticationEndpoint = "delegatedAuthEndpoint"
-                    } },
-                    UserAssignedIdentities = new[] { new ManagedServiceIdentity() {
-                        Type = ManagedServiceIdentityType.UserAssigned,
-                        ClientId = "uaClientId",
-                        TenantId = "uaTenantId",
-                        Thumbprint = "uaThumbprint",
-                        SecretUrl = "uaSecretUrl",
-                        ResourceId = "uaResourceId",
-                        Certificate = "uaCertificate",
-                        PrincipalId = "uaPrincipalId",
-                        AuthenticationEndpoint = "uaAuthEndpoint"
-                    } },
+                    MSISecret = "PLACEHOLDER",
+                    Identities = new[] { TestHelpers.CreateMsi(ManagedServiceIdentityType.SystemAssigned, "identity") },
+                    SystemAssignedIdentity = TestHelpers.CreateMsi(ManagedServiceIdentityType.SystemAssigned, "sa"),
+                    DelegatedIdentities = new[] { TestHelpers.CreateMsi(ManagedServiceIdentityType.SystemAssigned, "delegated") },
+                    UserAssignedIdentities = new[] { TestHelpers.CreateMsi(ManagedServiceIdentityType.UserAssigned, "ua") },
                 }
             };
-            
+
             static void verifyMSIPropertiesHelper(ManagedServiceIdentity msi)
             {
                 Assert.NotNull(msi);
@@ -1160,7 +1118,7 @@ public async void Falls_Back_To_Local_Disk_If_Azure_Files_Unavailable_For_PowerS
 
             var runFromPackageHandler = new Mock<IRunFromPackageHandler>(MockBehavior.Strict);
             runFromPackageHandler.Setup(r => r.MountAzureFileShare(context)).Returns(Task.FromResult(true));
-            
+
             runFromPackageHandler
                 .Setup(r => r.ApplyRunFromPackageContext(It.IsAny<RunFromPackageContext>(), It.IsAny<string>(), true,
                     false)).ReturnsAsync(false); // return false to trigger failure
@@ -1444,7 +1402,7 @@ private AtlasInstanceManager GetInstanceManagerForMSISpecialization(HostAssignme
 
             handlerMock.Protected().Setup<Task<HttpResponseMessage>>("SendAsync",
                 ItExpr.Is<HttpRequestMessage>(request => request.Method == HttpMethod.Post
-                                                         && (request.RequestUri.AbsoluteUri.Equals(msiEndpoint) 
+                                                         && (request.RequestUri.AbsoluteUri.Equals(msiEndpoint)
                                                             || request.RequestUri.AbsoluteUri.Equals(defaultEncryptedMsiEndpoint)
                                                             || request.RequestUri.AbsoluteUri.Equals(providedEncryptedMsiEndpoint))
                                                          && request.Content != null),
 
@@ -60,7 +60,6 @@ public async Task Assignment_Succeeds_With_Encryption_Key()
 
             var podController = new KubernetesPodController(environment, instanceManager, loggerFactory, startupContextProvider);
 
-            const string podEncryptionKey = "/a/vXvWJ3Hzgx4PFxlDUJJhQm5QVyGiu0NNLFm/ZMMg=";
             var hostAssignmentContext = new HostAssignmentContext
             {
                 Environment = new Dictionary<string, string>()
@@ -71,14 +70,15 @@ public async Task Assignment_Succeeds_With_Encryption_Key()
             hostAssignmentContext.Secrets = new FunctionAppSecrets();
             hostAssignmentContext.IsWarmupRequest = false;
 
-            var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), podEncryptionKey.ToKeyBytes());
+            var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(
+                JsonConvert.SerializeObject(hostAssignmentContext), TestHelpers.EncryptionKey.ToKeyBytes());
 
             var encryptedHostAssignmentContext = new EncryptedHostAssignmentContext()
             {
                 EncryptedContext = encryptedHostAssignmentValue
             };
 
-            environment.SetEnvironmentVariable(EnvironmentSettingNames.PodEncryptionKey, podEncryptionKey);
+            environment.SetEnvironmentVariable(EnvironmentSettingNames.PodEncryptionKey, TestHelpers.EncryptionKey);
             environment.SetEnvironmentVariable(EnvironmentSettingNames.KubernetesServiceHost, "http://localhost:80");
             environment.SetEnvironmentVariable(EnvironmentSettingNames.PodNamespace, "k8se-apps");
 
@@ -116,7 +116,6 @@ public async Task Assignment_Fails_Without_Encryption_Key()
 
             instanceManager.Reset();
 
-            const string podEncryptionKey = "/a/vXvWJ3Hzgx4PFxlDUJJhQm5QVyGiu0NNLFm/ZMMg=";
             var podController = new KubernetesPodController(environment, instanceManager, loggerFactory, startupContextProvider);
 
             var hostAssignmentContext = new HostAssignmentContext
@@ -129,7 +128,8 @@ public async Task Assignment_Fails_Without_Encryption_Key()
             hostAssignmentContext.Secrets = new FunctionAppSecrets();
             hostAssignmentContext.IsWarmupRequest = false;
 
-            var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), podEncryptionKey.ToKeyBytes());
+            var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(
+                JsonConvert.SerializeObject(hostAssignmentContext), TestHelpers.EncryptionKey.ToKeyBytes());
 
             var encryptedHostAssignmentContext = new EncryptedHostAssignmentContext()
             {
 
@@ -80,10 +80,7 @@ public async Task MountsCifsShare()
                 StatusCode = HttpStatusCode.OK
             });
 
-            var connectionString =
-                "DefaultEndpointsProtocol=https;AccountName=storageaccount;AccountKey=whXtW6WP8QTh84TT5wdjgzeFTj7Vc1aOiCVjTXohpE+jALoKOQ9nlQpj5C5zpgseVJxEVbaAhptP5j5DpaLgtA==";
-
-            await _meshServiceClient.MountCifs(connectionString, "sharename", "/data");
+            await _meshServiceClient.MountCifs(TestHelpers.StorageEmulatorConnectionString, "sharename", "/data");
 
             await Task.Delay(500);
 
 
@@ -0,0 +1,39 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+using System.IO;
+using System.Security.Cryptography;
+
+namespace Microsoft.Azure.WebJobs.Script.Tests
+{
+    public static partial class TestHelpers
+    {
+        [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification = "Well known account key for emulator. Used for testing.")]
+        public static readonly string StorageEmulatorAccountKey = "Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==";
+        public static readonly string StorageEmulatorConnectionString = $"DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey={StorageEmulatorAccountKey}";
+
+        private static readonly Lazy<string> _encryptionKey = new Lazy<string>(
+            () =>
+            {
+                using Aes aes = Aes.Create();
+                aes.GenerateKey();
+                return Convert.ToBase64String(aes.Key);
+            });
+
+        public static string EncryptionKey => _encryptionKey.Value;
+
+        /// <summary>
+        /// Gets the common root directory that functions tests create temporary directories under.
+        /// This enables us to clean up test files by deleting this single directory.
+        /// </summary>
+        public static string FunctionsTestDirectory
+        {
+            get
+            {
+                return Path.Combine(Path.GetTempPath(), "FunctionsTest");
+            }
+        }
+    }
+}
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
-using System.Diagnostics.Metrics;
 using System.IO;
 using System.IO.Compression;
 using System.Linq;
@@ -17,8 +16,8 @@
 using Microsoft.Azure.Storage;
 using Microsoft.Azure.Storage.Blob;
 using Microsoft.Azure.WebJobs.Host.Storage;
-using Microsoft.Azure.WebJobs.Script.Metrics;
 using Microsoft.Azure.WebJobs.Script.WebHost;
+using Microsoft.Azure.WebJobs.Script.WebHost.Models;
 using Microsoft.Azure.WebJobs.Script.Workers;
 using Microsoft.Azure.WebJobs.Script.Workers.Rpc;
 using Microsoft.Extensions.Azure;
@@ -36,18 +35,6 @@ public static partial class TestHelpers
         private const string Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
         private static readonly Random Random = new Random();
 
-        /// <summary>
-        /// Gets the common root directory that functions tests create temporary directories under.
-        /// This enables us to clean up test files by deleting this single directory.
-        /// </summary>
-        public static string FunctionsTestDirectory
-        {
-            get
-            {
-                return Path.Combine(Path.GetTempPath(), "FunctionsTest");
-            }
-        }
-
         public static Task WaitOneAsync(this WaitHandle waitHandle)
         {
             ArgumentNullException.ThrowIfNull(waitHandle);
@@ -116,8 +103,8 @@ public static async Task Await(Func<Task<bool>> condition, int timeout = 60 * 10
                     }
                     throw new ApplicationException(error);
                 }
-            }
         }
+            }
 
         public static async Task RetryFailedTest(Func<Task> test, int retries, ITestOutputHelper output = null)
         {
@@ -540,6 +527,22 @@ public static IHttpClientFactory CreateHttpClientFactory(HttpMessageHandler hand
             return mockFactory.Object;
         }
 
+        public static ManagedServiceIdentity CreateMsi(ManagedServiceIdentityType type, string prefix)
+        {
+            return new ManagedServiceIdentity
+            {
+                Type = type,
+                ClientId = $"{prefix}-clientId-placeholder",
+                PrincipalId = $"{prefix}-principalId-placeholder",
+                TenantId = $"{prefix}-tenantId-placeholder",
+                Thumbprint = $"{prefix}-thumbprint-placeholder",
+                SecretUrl = $"{prefix}-secretUrl-placeholder",
+                ResourceId = $"{prefix}-resourceId-placeholder",
+                Certificate = $"{prefix}-certificate-placeholder",
+                AuthenticationEndpoint = $"{prefix}-authenticationEndpoint-placeholder",
+            };
+        }
+
         /// <summary>
         /// Test class for IScriptHostManager to register an IAzureBlobStorageProvider.
         /// </summary>