[Identity] Add integration tests (#33742)

Adds test automation for:
  - Azure Functions
  - Azure Web Apps
  - Azure Kuberentes Service

Signed-off-by: Paul Van Eck <[email protected]>

Author: pvaneck

.vscode/cspell.json

@@ -549,6 +549,13 @@
         "Jwcmlud"
       ]
     },
+    {
+      "filename": "sdk/identity/test-resources*",
+      "words": [
+        "kubelet",
+        "otsv"
+      ]
+    },
     {
       "filename": "sdk/identity/azure-identity/TROUBLESHOOTING.md",
       "words": [

sdk/identity/azure-identity/tests/azure-functions/RunAsyncTest/__init__.py

@@ -8,18 +8,17 @@
 # public OSS users should simply leave this argument blank or ignore its presence entirely
 ARG REGISTRY=""
 
-FROM ${REGISTRY}alpine:3.14 as repo
+FROM ${REGISTRY}alpine:3.19 as repo
 RUN apk --no-cache add git
 RUN git clone https://github.com/Azure/azure-sdk-for-python --single-branch --depth 1 /azure-sdk-for-python
 
 
-FROM mcr.microsoft.com/azure-functions/python:3.0
+FROM mcr.microsoft.com/azure-functions/python:4-python3.11
 
 COPY --from=repo /azure-sdk-for-python/sdk/identity /sdk/identity
 COPY --from=repo /azure-sdk-for-python/sdk/core/azure-core /sdk/core/azure-core
-COPY --from=repo /azure-sdk-for-python/sdk/keyvault/azure-keyvault-secrets /sdk/keyvault/azure-keyvault-secrets
-WORKDIR /sdk/identity/azure-identity/tests/managed-identity-live
-RUN pip install --no-cache-dir -r ../managed-identity-live/requirements.txt azure-functions
+RUN pip install --no-cache-dir /sdk/identity/azure-identity /sdk/core/azure-core aiohttp azure-functions azure-storage-blob
+RUN pip freeze
 
 ENV AzureWebJobsScriptRoot=/home/site/wwwroot \
     AzureFunctionsJobHost__Logging__Console__IsEnabled=true

sdk/identity/azure-identity/tests/azure-functions/RunTest/__init__.py

@@ -0,0 +1,53 @@
+# ------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+# ------------------------------------
+import os
+
+import azure.functions as func
+from azure.identity.aio import ManagedIdentityCredential
+from azure.storage.blob.aio import BlobServiceClient
+
+
+EXPECTED_VARIABLES = (
+    "IDENTITY_USER_DEFINED_IDENTITY_CLIENT_ID",
+    "IDENTITY_STORAGE_NAME_1",
+    "IDENTITY_STORAGE_NAME_2",
+    "MSI_ENDPOINT",
+)
+
+
+async def main(req: func.HttpRequest) -> func.HttpResponse:
+    # capture interesting environment variables for debugging
+    env = "\n".join(f"{var}: {os.environ.get(var)}" for var in EXPECTED_VARIABLES)
+
+    system_success_message = ""
+    try:
+        credential_system_assigned = ManagedIdentityCredential()
+        credential_user_assigned = ManagedIdentityCredential(
+            client_id=os.environ.get("IDENTITY_USER_DEFINED_IDENTITY_CLIENT_ID")
+        )
+
+        client = BlobServiceClient(
+            account_url=f"https://{os.environ['IDENTITY_STORAGE_NAME_1']}.blob.core.windows.net",
+            credential=credential_system_assigned,
+        )
+        client2 = BlobServiceClient(
+            account_url=f"https://{os.environ['IDENTITY_STORAGE_NAME_2']}.blob.core.windows.net",
+            credential=credential_user_assigned,
+        )
+        async for container in client.list_containers():
+            print(container["name"])
+
+        system_success_message = "Successfully acquired token with system-assigned ManagedIdentityCredential"
+        async for container in client2.list_containers():
+            print(container["name"])
+
+        await client.close()
+        await client2.close()
+        await credential_system_assigned.close()
+        await credential_user_assigned.close()
+
+        return func.HttpResponse("Successfully acquired tokens with async ManagedIdentityCredential")
+    except Exception as ex:
+        return func.HttpResponse(f"Test Failed: {repr(ex)}\n\n{system_success_message}\n\n{env}", status_code=500)

sdk/identity/azure-identity/tests/azure-functions/local.settings.json

@@ -2,7 +2,7 @@
   "scriptFile": "__init__.py",
   "bindings": [
     {
-      "authLevel": "function",
+      "authLevel": "anonymous",
       "type": "httpTrigger",
       "direction": "in",
       "name": "req",
@@ -14,4 +14,4 @@
       "name": "$return"
     }
   ]
-}
+}