Using federated auth for ACS tests (#36387)

* Enabling federated auth for ACS Identity SDK

* Removing application secret field from ARM template

* Removing application secret field from ARM template

* Adding federated auth support for other ACS SDKs

* Replacing DefaultAzureCredential with TokenCredential

* Removing PPE and INT from Live Tests

Author: rajuanitha88

sdk/communication/azure-communication-chat/tests.yml

@@ -8,16 +8,15 @@ extends:
       ServiceDirectory: communication
       MatrixReplace:
         - TestSamples=.*/true
+      UseFederatedAuth: true
       CloudConfig:
         Public:
+          ServiceConnection: azure-sdk-tests
+          SubscriptionConfigurationFilePaths:
+            - eng/common/TestResources/sub-config/AzurePublicMsft.json
           SubscriptionConfigurations:
-            - $(sub-config-azure-cloud-test-resources)
             - $(sub-config-communication-services-cloud-test-resources-common)
             - $(sub-config-communication-services-cloud-test-resources-python)
-        Int:
-            SubscriptionConfigurations:
-              - $(sub-config-communication-int-test-resources-common)
-              - $(sub-config-communication-int-test-resources-python)
-      Clouds: Public,Int
+      Clouds: Public
       TestResourceDirectories:
         - communication/test-resources/

sdk/communication/azure-communication-chat/tests/_shared/utils.py

@@ -9,32 +9,31 @@
     Tuple,
 )
 from azure.core.pipeline.policies import HttpLoggingPolicy, HeadersPolicy
+from devtools_testutils import is_live, get_credential
 
 
 def create_token_credential():
-    # type: () -> FakeTokenCredential or DefaultAzureCredential
+    # type: () -> FakeTokenCredential or get_credential
     from devtools_testutils import is_live
 
     if not is_live():
         from .fake_token_credential import FakeTokenCredential
 
         return FakeTokenCredential()
-    from azure.identity import DefaultAzureCredential
-
-    return DefaultAzureCredential()
+    
+    return get_credential()
 
 
 def async_create_token_credential():
-    # type: () -> AsyncFakeTokenCredential or DefaultAzureCredential
+    # type: () -> AsyncFakeTokenCredential or get_credential
     from devtools_testutils import is_live
 
     if not is_live():
         from .async_fake_token_credential import AsyncFakeTokenCredential
 
         return AsyncFakeTokenCredential()
-    from azure.identity.aio import DefaultAzureCredential
-
-    return DefaultAzureCredential()
+    
+    return get_credential(is_async=True)
 
 
 def get_http_logging_policy(**kwargs):

sdk/communication/azure-communication-identity/samples/identity_samples.py

@@ -28,6 +28,7 @@
 import os
 from azure.communication.identity._shared.utils import parse_connection_str
 from msal import PublicClientApplication
+from devtools_testutils import get_credential
 
 
 class CommunicationIdentityClientSamples(object):
@@ -53,11 +54,10 @@ def get_token(self):
             and self.client_secret is not None
             and self.tenant_id is not None
         ):
-            from azure.identity import DefaultAzureCredential
-
+            
             endpoint, _ = parse_connection_str(self.connection_string)
             identity_client = CommunicationIdentityClient(
-                endpoint, DefaultAzureCredential()
+                endpoint, get_credential()
             )
         else:
             identity_client = CommunicationIdentityClient.from_connection_string(
@@ -81,11 +81,10 @@ def get_token_with_custom_expiration(self):
             and self.client_secret is not None
             and self.tenant_id is not None
         ):
-            from azure.identity import DefaultAzureCredential
-
+          
             endpoint, _ = parse_connection_str(self.connection_string)
             identity_client = CommunicationIdentityClient(
-                endpoint, DefaultAzureCredential()
+                endpoint, get_credential()
             )
         else:
             identity_client = CommunicationIdentityClient.from_connection_string(
@@ -112,11 +111,10 @@ def revoke_tokens(self):
             and self.client_secret is not None
             and self.tenant_id is not None
         ):
-            from azure.identity import DefaultAzureCredential
-
+          
             endpoint, _ = parse_connection_str(self.connection_string)
             identity_client = CommunicationIdentityClient(
-                endpoint, DefaultAzureCredential()
+                endpoint, get_credential()
             )
         else:
             identity_client = CommunicationIdentityClient.from_connection_string(
@@ -138,11 +136,10 @@ def create_user(self):
             and self.client_secret is not None
             and self.tenant_id is not None
         ):
-            from azure.identity import DefaultAzureCredential
-
+            
             endpoint, _ = parse_connection_str(self.connection_string)
             identity_client = CommunicationIdentityClient(
-                endpoint, DefaultAzureCredential()
+                endpoint, get_credential()
             )
         else:
             identity_client = CommunicationIdentityClient.from_connection_string(
@@ -163,11 +160,10 @@ def create_user_and_token(self):
             and self.client_secret is not None
             and self.tenant_id is not None
         ):
-            from azure.identity import DefaultAzureCredential
-
+            
             endpoint, _ = parse_connection_str(self.connection_string)
             identity_client = CommunicationIdentityClient(
-                endpoint, DefaultAzureCredential()
+                endpoint, get_credential()
             )
         else:
             identity_client = CommunicationIdentityClient.from_connection_string(
@@ -191,11 +187,10 @@ def create_user_and_token_with_custom_expiration(self):
             and self.client_secret is not None
             and self.tenant_id is not None
         ):
-            from azure.identity import DefaultAzureCredential
-
+            
             endpoint, _ = parse_connection_str(self.connection_string)
             identity_client = CommunicationIdentityClient(
-                endpoint, DefaultAzureCredential()
+                endpoint, get_credential()
             )
         else:
             identity_client = CommunicationIdentityClient.from_connection_string(
@@ -217,11 +212,10 @@ def delete_user(self):
             and self.client_secret is not None
             and self.tenant_id is not None
         ):
-            from azure.identity import DefaultAzureCredential
-
+           
             endpoint, _ = parse_connection_str(self.connection_string)
             identity_client = CommunicationIdentityClient(
-                endpoint, DefaultAzureCredential()
+                endpoint, get_credential()
             )
         else:
             identity_client = CommunicationIdentityClient.from_connection_string(
@@ -243,11 +237,10 @@ def get_token_for_teams_user(self):
             and self.client_secret is not None
             and self.tenant_id is not None
         ):
-            from azure.identity import DefaultAzureCredential
-
+         
             endpoint, _ = parse_connection_str(self.connection_string)
             identity_client = CommunicationIdentityClient(
-                endpoint, DefaultAzureCredential()
+                endpoint, get_credential()
             )
         else:
             identity_client = CommunicationIdentityClient.from_connection_string(

sdk/communication/azure-communication-identity/tests.yml

@@ -8,21 +8,16 @@ extends:
       ServiceDirectory: communication
       MatrixReplace:
         - TestSamples=.*/true
+      UseFederatedAuth: true
       CloudConfig:
         Public:
+          ServiceConnection: azure-sdk-tests
+          SubscriptionConfigurationFilePaths:
+            - eng/common/TestResources/sub-config/AzurePublicMsft.json
           SubscriptionConfigurations:
-            - $(sub-config-azure-cloud-test-resources)
             - $(sub-config-communication-services-cloud-test-resources-common)
             - $(sub-config-communication-services-cloud-test-resources-python)
-        PPE:
-            SubscriptionConfigurations:
-              - $(sub-config-communication-ppe-test-resources-common)
-              - $(sub-config-communication-ppe-test-resources-python)
-        Int:
-          SubscriptionConfigurations:
-            - $(sub-config-communication-int-test-resources-common)
-            - $(sub-config-communication-int-test-resources-python)
-      Clouds: Public,PPE,Int
+      Clouds: Public
       EnvVars:
         AZURE_SKIP_LIVE_RECORDING: 'True'
         AZURE_TEST_RUN_LIVE: 'true'

sdk/communication/azure-communication-identity/tests/_shared/utils.py

@@ -9,32 +9,31 @@
     Tuple,
 )
 from azure.core.pipeline.policies import HttpLoggingPolicy, HeadersPolicy
+from devtools_testutils import is_live, get_credential
 
 
 def create_token_credential():
-    # type: () -> FakeTokenCredential or DefaultAzureCredential
+    # type: () -> FakeTokenCredential or get_credential
     from devtools_testutils import is_live
 
     if not is_live():
         from .fake_token_credential import FakeTokenCredential
 
         return FakeTokenCredential()
-    from azure.identity import DefaultAzureCredential
-
-    return DefaultAzureCredential()
+    
+    return get_credential()
 
 
 def async_create_token_credential():
-    # type: () -> AsyncFakeTokenCredential or DefaultAzureCredential
+    # type: () -> AsyncFakeTokenCredential or get_credential
     from devtools_testutils import is_live
 
     if not is_live():
         from .async_fake_token_credential import AsyncFakeTokenCredential
 
         return AsyncFakeTokenCredential()
-    from azure.identity.aio import DefaultAzureCredential
-
-    return DefaultAzureCredential()
+    
+    return get_credential(is_async=True)
 
 
 def get_http_logging_policy(**kwargs):

sdk/communication/azure-communication-identity/tests/test_communication_identity_client.py

@@ -7,12 +7,11 @@
 import pytest
 from datetime import timedelta
 from azure.communication.identity import CommunicationTokenScope
-from devtools_testutils import is_live, recorded_by_proxy
+from devtools_testutils import is_live, recorded_by_proxy, get_credential
 from utils import is_token_expiration_within_allowed_deviation, token_scope_scenarios
 from acs_identity_test_case import ACSIdentityTestCase
 from azure.communication.identity import CommunicationIdentityClient
 from devtools_testutils.fake_credentials import FakeTokenCredential
-from azure.identity import DefaultAzureCredential
 from _shared.utils import get_http_logging_policy
 
 
@@ -37,7 +36,7 @@ def create_client_from_token_credential(self):
         if not is_live():
             credential = FakeTokenCredential()
         else:
-            credential = DefaultAzureCredential()
+            credential = get_credential()
         return CommunicationIdentityClient(
             self.endpoint, credential, http_logging_policy=get_http_logging_policy()
         )

sdk/communication/azure-communication-identity/tests/test_communication_identity_client_async.py

@@ -7,14 +7,13 @@
 import pytest
 from datetime import timedelta
 from azure.communication.identity import CommunicationTokenScope
-from devtools_testutils import is_live
+from devtools_testutils import is_live, get_credential
 from devtools_testutils.aio import recorded_by_proxy_async
 from test_communication_identity_client import ArgumentPasser
 from utils import is_token_expiration_within_allowed_deviation, token_scope_scenarios
 from acs_identity_test_case import ACSIdentityTestCase
 from azure.communication.identity.aio import CommunicationIdentityClient
 from devtools_testutils.fake_credentials_async import AsyncFakeCredential
-from azure.identity.aio import DefaultAzureCredential
 from _shared.utils import get_http_logging_policy
 
 
@@ -32,7 +31,7 @@ def create_client_from_token_credential(self):
         if not is_live():
             credential = AsyncFakeCredential()
         else:
-            credential = DefaultAzureCredential()
+            credential = get_credential(is_async=True)
         return CommunicationIdentityClient(
             self.endpoint, credential, http_logging_policy=get_http_logging_policy()
         )

sdk/communication/azure-communication-jobrouter/tests/_shared/utils.py

@@ -9,32 +9,31 @@
     Tuple,
 )
 from azure.core.pipeline.policies import HttpLoggingPolicy, HeadersPolicy
+from devtools_testutils import is_live, get_credential
 
 
 def create_token_credential():
-    # type: () -> FakeTokenCredential or DefaultAzureCredential
+    # type: () -> FakeTokenCredential or get_credential
     from devtools_testutils import is_live
 
     if not is_live():
         from .fake_token_credential import FakeTokenCredential
 
         return FakeTokenCredential()
-    from azure.identity import DefaultAzureCredential
-
-    return DefaultAzureCredential()
+    
+    return get_credential()
 
 
 def async_create_token_credential():
-    # type: () -> AsyncFakeTokenCredential or DefaultAzureCredential
+    # type: () -> AsyncFakeTokenCredential or get_credential
     from devtools_testutils import is_live
 
     if not is_live():
         from .async_fake_token_credential import AsyncFakeTokenCredential
 
         return AsyncFakeTokenCredential()
-    from azure.identity.aio import DefaultAzureCredential
-
-    return DefaultAzureCredential()
+    
+    return get_credential(is_async=True)
 
 
 def get_http_logging_policy(**kwargs):

sdk/communication/azure-communication-rooms/tests.yml

@@ -8,18 +8,16 @@ extends:
       ServiceDirectory: communication
       MatrixReplace:
         - TestSamples=.*/true
+      UseFederatedAuth: true
       CloudConfig:
         Public:
+          ServiceConnection: azure-sdk-tests
+          SubscriptionConfigurationFilePaths:
+            - eng/common/TestResources/sub-config/AzurePublicMsft.json
           SubscriptionConfigurations:
-            - $(sub-config-azure-cloud-test-resources)
             - $(sub-config-communication-services-cloud-test-resources-common)
             - $(sub-config-communication-services-cloud-test-resources-python)
-
-        PPE:
-            SubscriptionConfigurations:
-              - $(sub-config-communication-ppe-test-resources-common)
-              - $(sub-config-communication-ppe-test-resources-python)
-      Clouds: Public,PPE
+      Clouds: Public
       TestResourceDirectories:
         - communication/test-resources/
       EnvVars: