Merge pull request #511 from AzureAD/4gust/keyvault-labauth

4gust · web-flow · commit 5b82c58e3034 · 2024-09-26T16:32:29.000+01:00
Updating pipeline to connect to ADO for integration tests
diff --git a/ado/build_test.yaml b/ado/build_test.yaml
@@ -1,68 +1,48 @@
-trigger: 
- - main
+trigger:
+  - main
 
 pool:
-   vmImage: 'ubuntu-latest'
-
-steps: 
-- task: GoTool@0
-  inputs:
-    version: '1.22.3'
-- task: Go@0
-  inputs:
-    command: 'get'
-    arguments: '-d -v -t -d ./...'
-    workingDirectory: '$(System.DefaultWorkingDirectory)'
-  displayName: "Install dependencies"
-- task: Go@0
-  inputs:
-    command: 'build'
-    arguments: './apps/...'
-    workingDirectory: '$(System.DefaultWorkingDirectory)'
-  displayName: "Build"
-# - task: Go@0
-#   inputs:       
-#     command: 'test'
-#     arguments: '-race -short ./apps/cache/... ./apps/confidential/... ./apps/public/... ./apps/internal/...'
-#     workingDirectory: '$(System.DefaultWorkingDirectory)'
-#   displayName: "Run Unit Tests"
-
-- task: AzureKeyVault@2
-  displayName: 'Connect to Key Vault'
-  inputs:
-    azureSubscription: 'AuthSdkResourceManager' # string. Workload identity service connection to use managed identity authentication
-    KeyVaultName: 'msidlabs' # string. Required. The name of the Key Vault containing the secrets.
-    #setting secrets filter to fetch only MSIDLABCertificate cert from the vault
-    SecretsFilter: 'LabAuth' # string. Required. Specifies the secret to download. Use '*' for all secrets.
-    #RunAsPreJob: false # boolean. Make secrets available to whole job. Default: false.
-
-# - powershell: |
-#    $kvSecretBytes = [System.Convert]::FromBase64String('$(LabAuth)')
-#    $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
-#    $certCollection.Import($kvSecretBytes, $null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
-
-#    $protectedCertificateBytes = $certCollection.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12)
-#    $pfxPath = '$(Build.SourcesDirectory)' + "\TestCert.pfx"
-#    [System.IO.File]::WriteAllBytes($pfxPath, $protectedCertificateBytes)
-
-#    Import-PfxCertificate -FilePath $pfxPath -CertStoreLocation Cert:\LocalMachine\My
-
-#   displayName: 'Install Keyvault Secrets'
-  
-- script: |
-    echo $(LabAuth) | base64 -d > cert.pfx
-    sudo apt-get install -y libnss3-tools openssl
-    mkdir -p ~/.pki/nssdb
-    certutil -N -d sql:$HOME/.pki/nssdb --empty-password
-    openssl pkcs12 -in cert.pfx -out cert.pem -nodes
-    certutil -A -d sql:$HOME/.pki/nssdb -n "labCert" -t "P,," -i cert.pem
-  displayName: 'Install Keyvault Secrets'
-
-- task: Go@0
-  inputs:       
-    command: 'test'
-    arguments: '-race ./apps/tests/integration/...'
-    workingDirectory: '$(System.DefaultWorkingDirectory)'
-  displayName: "Run Integration Tests"
-  
-
+  vmImage: "ubuntu-latest"
+
+steps:
+  - task: GoTool@0
+    inputs:
+      version: "1.22.3"
+  - task: Go@0
+    inputs:
+      command: "get"
+      arguments: "-d -v -t -d ./..."
+      workingDirectory: "$(System.DefaultWorkingDirectory)"
+    displayName: "Install dependencies"
+  - task: Go@0
+    inputs:
+      command: "build"
+      arguments: "./apps/..."
+      workingDirectory: "$(System.DefaultWorkingDirectory)"
+    displayName: "Build"
+  - task: Go@0
+    inputs:
+      command: "test"
+      arguments: "-race -short ./apps/cache/... ./apps/confidential/... ./apps/public/... ./apps/internal/..."
+      workingDirectory: "$(System.DefaultWorkingDirectory)"
+    displayName: "Run Unit Tests"
+  - task: AzureKeyVault@2
+    displayName: "Connect to Key Vault"
+    inputs:
+      azureSubscription: "AuthSdkResourceManager"
+      KeyVaultName: "msidlabs"
+      SecretsFilter: "LabAuth"
+  - task: Bash@3
+    displayName: Installing certificate
+    inputs:
+      targetType: "inline"
+      script: |
+        echo $(LabAuth) | base64 -d > $(Build.SourcesDirectory)/cert.pfx
+        openssl pkcs12 -in $(Build.SourcesDirectory)/cert.pfx -out $(Build.SourcesDirectory)/cert.pem -nodes -passin pass:''
+
+  - task: Go@0
+    inputs:
+      command: "test"
+      arguments: "-race ./apps/tests/integration/..."
+      workingDirectory: "$(System.DefaultWorkingDirectory)"
+    displayName: "Run Integration Tests"
diff --git a/apps/tests/integration/README.md b/apps/tests/integration/README.md
@@ -0,0 +1,21 @@
+# Go Integration Test
+
+This guide explains how to:
+
+1. Download a certificate from [link](https://ms.portal.azure.com/#@microsoft.onmicrosoft.com/asset/Microsoft_Azure_KeyVault/Certificate/https://msidlabs.vault.azure.net/certificates/LabAuth).
+2. Download the `.pex/.pem` format
+3. Convert the `.cert` file to `.pem` file.
+4. Execute Go integration tests.
+
+## Prerequisites
+
+- Run `openssl pkcs12 -in <path to the cert>/cert.pfx -out <Go source folder>/cert.pem -nodes -passin pass:''`
+- It should be in the root folder of the `microsoft-authentication-library-for-go`
+
+## Steps
+
+### 1. Running the tests
+
+```bash
+go test -race ./apps/tests/integration/
+```
diff --git a/apps/tests/integration/integration_test.go b/apps/tests/integration/integration_test.go
@@ -36,7 +36,7 @@ const (
 
 	// Default values
 	defaultClientId = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9"
-	pemFile         = "Insert path to pem file here"
+	pemFile         = "../../../cert.pem"
 )
 
 var httpClient = http.Client{}
@@ -242,8 +242,7 @@ func TestUsernamePassword(t *testing.T) {
 
 // TODO: update this at a later date, see issue https://github.com/AzureAD/microsoft-authentication-library-for-go/issues/513
 func TestConfidentialClientWithSecret(t *testing.T) {
-	t.Skip("skipping integration test until it is fixed")
-
+	t.Skip("Skipping test until fix")
 	if testing.Short() {
 		t.Skip("skipping integration test")
 	}
@@ -273,13 +272,11 @@ func TestConfidentialClientWithSecret(t *testing.T) {
 	if silentResult.AccessToken == "" {
 		t.Fatal("TestConfidentialClientwithSecret: on AcquireTokenSilent(): got AccessToken == '', want AccessToken != ''")
 	}
-
 }
 
 // TODO: update this at a later date, see issue https://github.com/AzureAD/microsoft-authentication-library-for-go/issues/513
 func TestOnBehalfOf(t *testing.T) {
-	t.Skip("skipping integration test until it is fixed")
-
+	t.Skip("Skipping test until fix")
 	if testing.Short() {
 		t.Skip("skipping integration test")
 	}

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ const (`
`36`	`36`
`37`	`37`	`// Default values`
`38`	`38`	`defaultClientId = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9"`
`39`		`- pemFile = "Insert path to pem file here"`
	`39`	`+ pemFile = "../../../cert.pem"`
`40`	`40`	`)`
`41`	`41`
`42`	`42`	`var httpClient = http.Client{}`
`@@ -242,8 +242,7 @@ func TestUsernamePassword(t *testing.T) {`
`242`	`242`
`243`	`243`	`// TODO: update this at a later date, see issue https://github.com/AzureAD/microsoft-authentication-library-for-go/issues/513`
`244`	`244`	`func TestConfidentialClientWithSecret(t *testing.T) {`
`245`		`- t.Skip("skipping integration test until it is fixed")`
`246`		`-`
	`245`	`+ t.Skip("Skipping test until fix")`
`247`	`246`	`if testing.Short() {`
`248`	`247`	`t.Skip("skipping integration test")`
`249`	`248`	`}`
`@@ -273,13 +272,11 @@ func TestConfidentialClientWithSecret(t *testing.T) {`
`273`	`272`	`if silentResult.AccessToken == "" {`
`274`	`273`	`t.Fatal("TestConfidentialClientwithSecret: on AcquireTokenSilent(): got AccessToken == '', want AccessToken != ''")`
`275`	`274`	`}`
`276`		`-`
`277`	`275`	`}`
`278`	`276`
`279`	`277`	`// TODO: update this at a later date, see issue https://github.com/AzureAD/microsoft-authentication-library-for-go/issues/513`
`280`	`278`	`func TestOnBehalfOf(t *testing.T) {`
`281`		`- t.Skip("skipping integration test until it is fixed")`
`282`		`-`
	`279`	`+ t.Skip("Skipping test until fix")`
`283`	`280`	`if testing.Short() {`
`284`	`281`	`t.Skip("skipping integration test")`
`285`	`282`	`}`