Skip to content

Migrate All lab helper methods to Key Vault/Region test migration. #5606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
RyAuld merged 7 commits into from
Dec 16, 2025
Merged

Migrate All lab helper methods to Key Vault/Region test migration. #5606

RyAuld merged 7 commits into from
Dec 16, 2025
+13 −85

Conversation

@RyAuld
Copy link
Contributor

@RyAuld RyAuld commented Dec 2, 2025
edited
Loading

Migrate Test Infrastructure to Key Vault and IMDS V2 Improvements

Overview

This PR consolidates several infrastructure improvements to MSAL.NET, focusing on migrating lab test infrastructure to use Azure Key Vault for credential management and enhancing IMDS V2 support for managed identity scenarios.

Key Changes

🔐 Test Infrastructure Migration to Key Vault

  • Arlington Test Migration: Migrated Arlington ADFS user authentication methods to use Azure Key Vault instead of hardcoded credentials
    • Refactored GetArlingtonADFSUserAsync to retrieve credentials securely from Key Vault
    • Updated Arlington test configurations to use secure credential retrieval
  • CIAM Test Migration: Migrated Customer Identity Access Management (CIAM) tests to use Key Vault-based authentication
    • Implemented GetCIAMUserAsync method with Key Vault integration
    • Updated CIAM integration tests to use secure credential management
  • Lab Helper Cleanup: Removed unused helper methods from LabUserHelper as part of the migration to Key Vault-based credential management

🚀 IMDS V2 and Managed Identity Improvements

  • Enhanced IMDS Source Detection: Improved Instance Metadata Service (IMDS) source detection logic for better reliability in managed identity scenarios
  • IMDS V2 Support: Enhanced support for IMDS Version 2 with improved retry policies and error handling
  • Retry Policy Enhancements:
    • Added ImdsProbeRetryPolicy for more intelligent retry logic specific to IMDS probes
    • Enhanced HttpRetryConditions for better handling of IMDS-specific scenarios
    • Updated RetryPolicyFactory to support new retry policies

🧪 Test Configuration Updates

  • Agentic Test Configuration: Updated Agentic test configuration for new tenant environments
  • FMI Test Refactoring: Refactored Federated Managed Identity (FMI) tests to use new tenant configurations
  • Cross-Platform Support: Updated DesktopOsHelper.IsMac to work properly on .NET 10 + macOS 26

📦 Project and Sample Updates

  • WinUI3 Sample: Updated WindowsAppSDK dependencies and added sample to project structure
  • Public API Updates: Updated public API surface files across all target frameworks to reflect new functionality

Benefits

  • Enhanced Security: Migrated from hardcoded credentials to secure Azure Key Vault-based credential management
  • Improved Reliability: Better IMDS detection and retry logic for managed identity scenarios
  • Cross-Platform Compatibility: Enhanced macOS support for latest .NET versions
  • Maintainability: Cleaner test infrastructure with centralized credential management

Testing

  • All existing tests continue to pass with the new Key Vault-based infrastructure
  • Enhanced IMDS V2 tests validate improved managed identity support
  • Cross-platform compatibility verified on updated macOS environments

Breaking Changes

None - this is purely an infrastructure improvement that maintains backward compatibility.

Related Issues/PRs

  • Addresses infrastructure modernization requirements for test environments
  • Enhances security posture by removing hardcoded credentials from test code
  • Improves managed identity support for cloud-native scenarios

This PR focuses on infrastructure improvements and does not introduce any changes to the public MSAL.NET API surface or core authentication functionality.

RyAuld added 3 commits December 2, 2025 15:05
@RyAuld
Migrate GetArlingtonADFSUserAsync to Key Vault
03131d9 
- Replace direct msidlab.com API call with Key Vault data retrieval
- Use MergeKVLabDataAsync pattern consistent with other migrated methods
- Maintains same functionality while reducing external API dependencies
@RyAuld
Migrate Arlington methods to Key Vault
a4d6dfd 
- Migrate GetArlingtonUserAsync to use MergeKVLabDataAsync with Key Vault secrets
- Migrate GetArlingtonADFSUserAsync to use MergeKVLabDataAsync with Key Vault secrets
- Replace direct msidlab.com API calls with pre-cached Key Vault data retrieval
- Maintains same functionality while reducing external API dependencies
- Uses consistent pattern with other migrated methods (B2C, default users)
- Arlington ADFS migration verified working in tests
- Arlington standard method has Key Vault data quality issue to be resolved separately
@RyAuld
Migrate CIAM tests to use Key Vault-based GetCIAMUserAsync method
6666d35 
- Added GetCIAMUserAsync() method in LabUserHelper using Key Vault secrets
- Updated all 4 CIAM integration tests to use new method instead of direct API calls
- Verified all tests pass with Key Vault cached data
- Improves reliability by removing dependency on msidlab.com API calls
@RyAuld RyAuld changed the title Migrate GetArlingtonADFSUserAsync to Key Vault Migrate All lab helper methods to Key Vault Dec 3, 2025
RyAuld and others added 3 commits December 4, 2025 10:08
@RyAuld
Clean up unused helper methods in LabUserHelper
bf044c5 
- Remove GetLabUserDataAsync (only used by obsolete GetAdfsUserAsync)
- Remove GetAdfsUserAsync (no external callers, replaced by GetDefaultAdfsUserAsync)
- Remove GetHybridSpaAccontAsync (no external callers, test now uses GetDefaultUserWithMultiTenantAppAsync)
- Remove s_userCache field and System.Collections.Concurrent import (no longer needed)
- Update TODO comments to remove references to deleted methods
- All active functionality preserved, ~45 lines of obsolete code removed
@RyAuld
Merge branch 'main' into MigrateOtherAPIRequests
ac0cf41
@RyAuld
Merge branch 'main' into MigrateOtherAPIRequests
07c7473
@RyAuld RyAuld changed the title Migrate All lab helper methods to Key Vault Migrate All lab helper methods to Key Vault/Region test migration. Dec 12, 2025
@RyAuld RyAuld force-pushed the MigrateOtherAPIRequests branch from 70da243 to 07c7473 Compare December 15, 2025 22:35
@RyAuld RyAuld marked this pull request as ready for review December 15, 2025 23:03
@RyAuld RyAuld requested a review from a team as a code owner December 15, 2025 23:03
@RyAuld RyAuld merged commit d36a83e into main Dec 16, 2025
11 checks passed
@RyAuld RyAuld deleted the MigrateOtherAPIRequests branch December 16, 2025 22:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bgavrilMS bgavrilMS bgavrilMS approved these changes

@Avery-Dunn Avery-Dunn Avery-Dunn approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@RyAuld @bgavrilMS @Avery-Dunn