Smile

rayluo · rayluo · commit 3783bb60651a · 2025-04-09T22:59:27.000-07:00
diff --git a/features/mi_capability.sml b/features/mi_capability.sml
@@ -0,0 +1,51 @@
+# This file describes test cases for MSALs
+type: MSAL Test
+ver: 1
+
+env:
+  #IDENTITY_ENDPOINT: http://localhost:5000/test/token_sha256_to_refresh/cp2,cp1
+  IDENTITY_ENDPOINT: https://smile-test.azurewebsites.net/test/token_sha256_to_refresh/cp2,cp1
+  # Mimic a Service Fabric setup
+  IDENTITY_HEADER: foo
+  IDENTITY_SERVER_THUMBPRINT: bar
+
+# Tests are organized in arrange-act-assert pattern
+arrange:
+  # The format is an orderless mapping of variable names and function calls.
+  app1:
+    ManagedIdentityClient:
+      managed_identity: {"ManagedIdentityIdType": "SystemAssigned", "Id": null}
+      client_capabilities: ["cp2", "cp1"]
+
+steps:
+  # Each step is a mapping.
+  # Each mapping contains an "act" key and an optional "assert" key.
+
+  - # Populate the token cache with a token
+    act:
+      app1.AcquireTokenForManagedIdentity:
+        resource: R
+    assert:
+      # The return value of the action shall be a mapping containing at least the following content
+      token_type: Bearer  # This implies the token acquisition succeeded
+      token_source: identity_provider
+
+  - # Test the next token request should hit cache
+    act:
+      app1.AcquireTokenForManagedIdentity:
+        resource: R
+    assert:
+      # The return value of the action shall be a mapping containing at least the following content
+      token_type: Bearer  # This implies the token acquisition succeeded
+      token_source: cache
+
+  - # Test a token request with claims challenge should send a new request
+    act:
+      app1.AcquireTokenForManagedIdentity:
+        resource: R
+        claims_challenge: foo
+    assert:
+      # The return value of the action shall be a mapping containing at least the following content
+      token_type: Bearer  # This implies the token acquisition succeeded
+      token_source: identity_provider
+      # Note: This test case does not explicitly assert the token request parameters sent by MSAL. The test lab is expected to validate them.
diff --git a/features/token_sha256_to_refresh.sml b/features/token_sha256_to_refresh.sml
@@ -0,0 +1,50 @@
+# This file describes test cases for MSALs
+type: MSAL Test
+ver: 1
+
+env:
+  #IDENTITY_ENDPOINT: http://localhost:5000/test/token_sha256_to_refresh
+  IDENTITY_ENDPOINT: https://smile-test.azurewebsites.net/test/token_sha256_to_refresh
+  # Mimic a Service Fabric setup
+  IDENTITY_HEADER: foo
+  IDENTITY_SERVER_THUMBPRINT: bar
+
+# Tests are organized in arrange-act-assert pattern
+arrange:
+  # The format is an orderless mapping of variable names and function calls.
+  app1:
+    ManagedIdentityClient:
+      managed_identity: {"ManagedIdentityIdType": "SystemAssigned", "Id": null}
+
+steps:
+  # Each step is a mapping.
+  # Each mapping contains an "act" key and an optional "assert" key.
+
+  - # Populate the token cache with a token
+    act:
+      app1.AcquireTokenForManagedIdentity:
+        resource: R
+    assert:
+      # The return value of the action shall be a mapping containing at least the following content
+      token_type: Bearer  # This implies the token acquisition succeeded
+      token_source: identity_provider
+
+  - # Test the next token request should hit cache
+    act:
+      app1.AcquireTokenForManagedIdentity:
+        resource: R
+    assert:
+      # The return value of the action shall be a mapping containing at least the following content
+      token_type: Bearer  # This implies the token acquisition succeeded
+      token_source: cache
+
+  - # Test a token request with claims challenge should send a new request
+    act:
+      app1.AcquireTokenForManagedIdentity:
+        resource: R
+        claims_challenge: foo
+    assert:
+      # The return value of the action shall be a mapping containing at least the following content
+      token_type: Bearer  # This implies the token acquisition succeeded
+      token_source: identity_provider
+      # Note: This test case does not explicitly assert the token request parameters sent by MSAL. The test lab is expected to validate them.
diff --git a/smile.py b/smile.py
@@ -0,0 +1,215 @@
+#!/usr/bin/env python3
+"""
+MSAL Feature Test Runner
+Interprets feature.yml files to create and execute test cases using MSAL.
+
+Initially created by the following prompt:
+Write a python implementation that can read content from feature.yml, create variables whose names are defined in the "arrange" mapping's keys, and the variables' value are derived from the "arrange" mapping's value; interpret those value as if they are python snippet using MSAL library.
+"""
+
+import os
+import sys
+import logging
+from contextlib import contextmanager
+from typing import Dict, Any, List, Optional
+
+import yaml
+import msal
+import requests
+
+
+logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+logger = logging.getLogger(__name__)
+
+class SmileTestRunner:
+    """Runs MSAL tests defined in a feature.yml file."""
+
+    def __init__(self, feature_file: str):
+        """Initialize the test runner with a feature file."""
+        self.feature_file = feature_file
+        self.test_spec = None
+        self.variables = {}
+
+    def load_feature(self) -> Dict[str, Any]:
+        """Load and validate the feature file."""
+        try:
+            with open(self.feature_file, 'r') as f:
+                self.test_spec = yaml.safe_load(f)
+
+            # Basic validation
+            if not isinstance(self.test_spec, dict):
+                raise ValueError("Feature file must contain a valid YAML dictionary")
+
+            if self.test_spec.get('type') != 'MSAL Test':
+                raise ValueError("Feature file must have type 'MSAL Test'")
+
+            return self.test_spec
+        except Exception as e:
+            logger.error(f"Error loading feature file: {str(e)}")
+            sys.exit(1)
+
+    @contextmanager
+    def setup_environment(self):
+        """Set up the environment variables specified in the feature file."""
+        original_env = os.environ.copy()
+
+        try:
+            # Set environment variables
+            if 'env' in self.test_spec and isinstance(self.test_spec['env'], dict):
+                for key, value in self.test_spec['env'].items():
+                    os.environ[key] = str(value)
+                    logger.info(f"Set environment variable {key}={value}")
+
+            yield
+        finally:
+            # Restore original environment
+            os.environ.clear()
+            os.environ.update(original_env)
+
+    def arrange(self):
+        """Create variables based on the arrange section."""
+        if 'arrange' not in self.test_spec or not self.test_spec['arrange']:
+            logger.info("No arrangement specified")
+            return
+
+        arrange_spec = self.test_spec['arrange']
+        for var_name, value_spec in arrange_spec.items():
+            logger.info(f"Creating variable '{var_name}'")
+            self.variables[var_name] = self._create_instance(value_spec)
+
+    def _create_instance(self, spec: Dict[str, Any]) -> Any:
+        """Create an instance based on the specification."""
+        if not isinstance(spec, dict) or len(spec) != 1:
+            raise ValueError(f"Invalid specification format: {spec}")
+
+        class_name, params = next(iter(spec.items()))
+
+        # Handle different MSAL classes
+        if class_name == "ManagedIdentityClient":
+            return msal.ManagedIdentityClient(http_client=requests.Session(), **params)
+        elif class_name == "PublicClientApplication":
+            return self._create_public_client_app(params)
+        elif class_name == "ConfidentialClientApplication":
+            return self._create_confidential_client_app(params)
+        else:
+            raise ValueError(f"Unsupported class: {class_name}")
+
+    def _create_public_client_app(self, params: Dict[str, Any]) -> Any:
+        """Create a PublicClientApplication instance."""
+        if not params or 'client_id' not in params:
+            raise ValueError("PublicClientApplication requires client_id")
+
+        client_id = params.get('client_id')
+        authority = params.get('authority')
+        logger.info(f"Creating PublicClientApplication with client_id: {client_id}, authority: {authority}")
+
+        kwargs = {'client_id': client_id}
+        if authority:
+            kwargs['authority'] = authority
+
+        return msal.PublicClientApplication(**kwargs)
+
+    def _create_confidential_client_app(self, params: Dict[str, Any]) -> Any:
+        """Create a ConfidentialClientApplication instance."""
+        if not params or 'client_id' not in params or 'client_credential' not in params:
+            raise ValueError("ConfidentialClientApplication requires client_id and client_credential")
+
+        client_id = params.get('client_id')
+        client_credential = params.get('client_credential')
+        authority = params.get('authority')
+        logger.info(f"Creating ConfidentialClientApplication with client_id: {client_id}, authority: {authority}")
+
+        kwargs = {'client_id': client_id, 'client_credential': client_credential}
+        if authority:
+            kwargs['authority'] = authority
+
+        return msal.ConfidentialClientApplication(**kwargs)
+
+    def execute_steps(self):
+        """Execute the test steps, returns number of failures."""
+        if 'steps' not in self.test_spec or not self.test_spec['steps']:
+            logger.warning("No test steps found")
+            return
+
+        steps = self.test_spec['steps']
+        passed = 0
+
+        for i, step in enumerate(steps):
+            logger.info(f"Executing step {i+1}/{len(steps)}")
+            if 'act' in step:
+                result = self._execute_action(step['act'])
+                if 'assert' in step:
+                    if self._validate_assertions(result, step['assert']):
+                        passed += 1
+        logger.info(f"{passed} of {len(steps)} step(s) passed")
+
+    def _execute_action(self, act_spec: Dict[str, Any]) -> Any:
+        """Execute an action based on the specification."""
+        if not isinstance(act_spec, dict) or len(act_spec) != 1:
+            raise ValueError(f"Invalid action specification: {act_spec}")
+
+        action_str, params = next(iter(act_spec.items()))
+
+        # Parse the action string (e.g., "app1.AcquireToken")
+        parts = action_str.split('.')
+        if len(parts) != 2:
+            raise ValueError(f"Invalid action format: {action_str}")
+
+        var_name = parts[0]
+        method_name = {  # Map the method names in yml to actual method names
+            "AcquireTokenForManagedIdentity": "acquire_token_for_client",
+            }.get(parts[1])
+
+        if method_name is None:
+            raise ValueError(f"Unsupported method: {parts[1]}")
+
+        if var_name not in self.variables:
+            raise ValueError(f"Variable '{var_name}' not found")
+
+        instance = self.variables[var_name]
+        if not hasattr(instance, method_name):
+            raise ValueError(f"Method '{method_name}' not found on {var_name}")
+
+        method = getattr(instance, method_name)
+
+        # Convert parameters to kwargs
+        kwargs = params if params else {}
+
+        # Execute the method with parameters
+        logger.info(f"Calling {var_name}.{method_name} with {kwargs}")
+        return method(**kwargs)
+
+    def _validate_assertions(self, result: Any, assertions: Dict[str, Any]) -> bool:
+        """Validate the assertions against the result."""
+        logger.info(f"Validating assertions: {assertions}")
+        for key, expected_value in assertions.items():
+            if key not in result:
+                logger.error(f"Assertion failed: '{key}' not found in result {result}")
+                return False  # Failed
+            actual_value = result[key]
+            if actual_value != expected_value:
+                logger.error(f"Assertion failed: expected {key}='{expected_value}', got '{actual_value}'")
+                return False  # Failed
+            else:
+                logger.info(f"Assertion passed: {key}='{actual_value}'")
+        return True  # Passed
+
+    def run(self):
+        """Run the entire test."""
+        self.load_feature()
+
+        with self.setup_environment():
+            self.arrange()
+            self.execute_steps()
+
+
+def main():
+    if len(sys.argv) != 2:
+        print(f"Usage: {sys.argv[0]} <feature_file.yml>")
+        sys.exit(1)
+    feature_file = sys.argv[1]
+    SmileTestRunner(feature_file).run()
+
+
+if __name__ == "__main__":
+    main()
