Enable national cloud testing for ACR library. (Azure#23117)

Author: pallavit

sdk/containerregistry/azure-containers-containerregistry/src/test/java/com/azure/containers/containerregistry/ContainerRegistryClientIntegrationTests.java

@@ -8,6 +8,8 @@
 import com.azure.core.http.HttpClient;
 import com.azure.core.test.TestMode;
 import com.azure.core.util.Context;
+import com.azure.identity.AzureAuthorityHosts;
+import org.junit.jupiter.api.Assumptions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
@@ -31,6 +33,7 @@
 import static com.azure.containers.containerregistry.TestUtils.V2_TAG_NAME;
 import static com.azure.containers.containerregistry.TestUtils.V3_TAG_NAME;
 import static com.azure.containers.containerregistry.TestUtils.V4_TAG_NAME;
+import static com.azure.containers.containerregistry.TestUtils.getAuthority;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
@@ -176,20 +179,20 @@ public void convenienceProperties(HttpClient httpClient) {
     @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
     @MethodSource("getHttpClients")
     public void authenticationScopeTest(HttpClient httpClient) {
+        Assumptions.assumeFalse(getTestMode().equals(TestMode.PLAYBACK));
+        Assumptions.assumeFalse(REGISTRY_ENDPOINT == null);
+        Assumptions.assumeTrue(getAuthority(REGISTRY_ENDPOINT).equals(AzureAuthorityHosts.AZURE_PUBLIC_CLOUD));
         ContainerRegistryClient registryClient = getContainerRegistryBuilder(httpClient)
             .authenticationScope(AZURE_GLOBAL_AUTHENTICATION_SCOPE)
             .buildClient();
 
         List<String> repositories = registryClient.listRepositoryNames().stream().collect(Collectors.toList());
         validateRepositories(repositories);
 
-        if (getTestMode() != TestMode.PLAYBACK) {
-            // Now doing the same should fail with the separate registryClient;
-            ContainerRegistryClient throwableRegistryClient = getContainerRegistryBuilder(httpClient)
-                .authenticationScope(AZURE_GOV_AUTHENTICATION_SCOPE)
-                .buildClient();
-            assertThrows(ClientAuthenticationException.class, () -> throwableRegistryClient.listRepositoryNames().stream().collect(Collectors.toList()));
-        }
+        ContainerRegistryClient throwableRegistryClient = getContainerRegistryBuilder(httpClient)
+            .authenticationScope(AZURE_GOV_AUTHENTICATION_SCOPE)
+            .buildClient();
+        assertThrows(ClientAuthenticationException.class, () -> throwableRegistryClient.listRepositoryNames().stream().collect(Collectors.toList()));
     }
 }
 

sdk/containerregistry/azure-containers-containerregistry/src/test/java/com/azure/containers/containerregistry/ContainerRegistryClientsTestBase.java

@@ -35,7 +35,7 @@
 import static com.azure.containers.containerregistry.TestUtils.REGISTRY_ENDPOINT;
 import static com.azure.containers.containerregistry.TestUtils.REGISTRY_ENDPOINT_PLAYBACK;
 import static com.azure.containers.containerregistry.TestUtils.V1_TAG_NAME;
-import static com.azure.containers.containerregistry.TestUtils.getCredential;
+import static com.azure.containers.containerregistry.TestUtils.getCredentialsByEndpoint;
 import static com.azure.containers.containerregistry.TestUtils.isSorted;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -86,20 +86,23 @@ public class ContainerRegistryClientsTestBase extends TestBase {
         .setTeleportEnabled(false);
 
     ContainerRegistryClientBuilder getContainerRegistryBuilder(HttpClient httpClient) {
-        TokenCredential credential = getCredential(getTestMode());
+        TokenCredential credential = getCredentialsByEndpoint(getTestMode(), REGISTRY_ENDPOINT);
         return getContainerRegistryBuilder(httpClient, credential);
     }
 
     ContainerRegistryClientBuilder getContainerRegistryBuilder(HttpClient httpClient, TokenCredential credential, String endpoint) {
         List<Function<String, String>> redactors = new ArrayList<>();
         redactors.add(data -> redact(data, JSON_PROPERTY_VALUE_REDACTION_PATTERN.matcher(data), "REDACTED"));
 
+        String authenticationScope = TestUtils.getAuthenticationScope(endpoint);
+
         ContainerRegistryClientBuilder builder = new ContainerRegistryClientBuilder()
             .endpoint(getEndpoint(endpoint))
             .httpClient(httpClient == null ? interceptorManager.getPlaybackClient() : httpClient)
             .httpLogOptions(new HttpLogOptions().setLogLevel(HttpLogDetailLevel.BODY_AND_HEADERS))
             .addPolicy(interceptorManager.getRecordPolicy(redactors))
-            .credential(credential);
+            .credential(credential)
+            .authenticationScope(authenticationScope);
 
            // builder.httpClient(new NettyAsyncHttpClientBuilder().proxy(new ProxyOptions(ProxyOptions.Type.HTTP, new InetSocketAddress("localhost", 8888))).build());
         return builder;

sdk/containerregistry/azure-containers-containerregistry/src/test/java/com/azure/containers/containerregistry/ContainerRepositoryAnonymousAccessTests.java

@@ -4,6 +4,8 @@
 package com.azure.containers.containerregistry;
 
 import com.azure.core.http.HttpClient;
+import com.azure.identity.AzureAuthorityHosts;
+import org.junit.jupiter.api.Assumptions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
@@ -16,17 +18,21 @@
 import static com.azure.containers.containerregistry.TestUtils.ANONYMOUS_REGISTRY_NAME;
 import static com.azure.containers.containerregistry.TestUtils.DISPLAY_NAME_WITH_ARGUMENTS;
 import static com.azure.containers.containerregistry.TestUtils.HELLO_WORLD_REPOSITORY_NAME;
+import static com.azure.containers.containerregistry.TestUtils.getAuthority;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 public class ContainerRepositoryAnonymousAccessTests extends ContainerRegistryClientsTestBase {
     @BeforeEach
     void beforeEach() {
-        TestUtils.importImageAsync(getTestMode(), ANONYMOUS_REGISTRY_NAME, HELLO_WORLD_REPOSITORY_NAME, Arrays.asList("latest", "v1", "v2", "v3", "v4")).block();
+        TestUtils.importImageAsync(getTestMode(), ANONYMOUS_REGISTRY_NAME, HELLO_WORLD_REPOSITORY_NAME, Arrays.asList("latest", "v1", "v2", "v3", "v4"), ANONYMOUS_REGISTRY_ENDPOINT).block();
     }
 
     @ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
     @MethodSource("getHttpClients")
     public void listAnonymousRepositories(HttpClient httpClient) {
+        Assumptions.assumeFalse(ANONYMOUS_REGISTRY_ENDPOINT == null);
+        Assumptions.assumeTrue(getAuthority(ANONYMOUS_REGISTRY_ENDPOINT).equals(AzureAuthorityHosts.AZURE_PUBLIC_CLOUD));
+
         ContainerRegistryClient client = getContainerRegistryBuilder(httpClient, null, ANONYMOUS_REGISTRY_ENDPOINT).buildClient();
         List<String> repositories = client.listRepositoryNames().stream().collect(Collectors.toList());
         assertTrue(repositories.stream().anyMatch(HELLO_WORLD_REPOSITORY_NAME::equals));

sdk/containerregistry/azure-containers-containerregistry/src/test/java/com/azure/containers/containerregistry/TestUtils.java

@@ -11,6 +11,8 @@
 import com.azure.core.management.profile.AzureProfile;
 import com.azure.core.test.TestMode;
 import com.azure.core.util.Configuration;
+import com.azure.identity.AzureAuthorityHosts;
+import com.azure.identity.ClientSecretCredentialBuilder;
 import com.azure.identity.DefaultAzureCredentialBuilder;
 import com.azure.resourcemanager.containerregistry.ContainerRegistryManager;
 import com.azure.resourcemanager.containerregistry.models.ImportImageParameters;
@@ -48,6 +50,8 @@ public class TestUtils {
     public static final String REGISTRY_NAME;
     public static final String RESOURCE_GROUP;
     public static final String SUBSCRIPTION_ID;
+    public static final String TENANT_ID;
+    public static final String CLIENT_ID;
     public static final String REGISTRY_URI;
     public static final String REGISTRY_ENDPOINT;
     public static final String ANONYMOUS_REGISTRY_ENDPOINT;
@@ -61,6 +65,7 @@ public class TestUtils {
     public static final int HTTP_STATUS_CODE_202;
     public static final String AZURE_GLOBAL_AUTHENTICATION_SCOPE;
     public static final String AZURE_GOV_AUTHENTICATION_SCOPE;
+    public static final String CONTAINERREGISTRY_CLIENT_SECRET;
 
     static {
         CONFIGURATION = Configuration.getGlobalConfiguration().clone();
@@ -85,12 +90,15 @@ public class TestUtils {
         WINDOWS_OPERATING_SYSTEM = "windows";
         RESOURCE_GROUP = CONFIGURATION.get("CONTAINERREGISTRY_RESOURCE_GROUP");
         SUBSCRIPTION_ID = CONFIGURATION.get("CONTAINERREGISTRY_SUBSCRIPTION_ID");
+        TENANT_ID = CONFIGURATION.get("CONTAINERREGISTRY_TENANT_ID");
+        CLIENT_ID = CONFIGURATION.get("CONTAINERREGISTRY_CLIENT_ID");
         REGISTRY_NAME = CONFIGURATION.get("CONTAINERREGISTRY_REGISTRY_NAME");
         REGISTRY_ENDPOINT = CONFIGURATION.get("CONTAINERREGISTRY_ENDPOINT");
         REGISTRY_URI = "registry.hub.docker.com";
         SLEEP_TIME_IN_MILLISECONDS = 5000;
         ANONYMOUS_REGISTRY_NAME = CONFIGURATION.get("CONTAINERREGISTRY_ANONREGISTRY_NAME");
         ANONYMOUS_REGISTRY_ENDPOINT = CONFIGURATION.get("CONTAINERREGISTRY_ANONREGISTRY_ENDPOINT");
+        CONTAINERREGISTRY_CLIENT_SECRET = CONFIGURATION.get("CONTAINERREGISTRY_CLIENT_SECRET");
         LOGIN_SERVER_SUFFIX = "azurecr.io";
         REGISTRY_ENDPOINT_PLAYBACK = "https://pallavitcontainerregistry.azurecr.io";
         REGISTRY_NAME_PLAYBACK = "pallavitcontainerregistry";
@@ -124,12 +132,29 @@ static <T extends Comparable<? super T>> boolean isSorted(Iterable<T> iterable)
         return true;
     }
 
-    static TokenCredential getCredential(TestMode testMode) {
+    static TokenCredential getCredentialsByEndpoint(TestMode testMode, String endpoint) {
         if (testMode == TestMode.PLAYBACK) {
             return new FakeCredentials();
         }
 
-        return new DefaultAzureCredentialBuilder().build();
+        String authority = getAuthority(endpoint);
+        return getCredentialByAuthority(testMode, authority);
+    }
+
+    static TokenCredential getCredentialByAuthority(TestMode testMode, String authority) {
+        if (testMode == TestMode.PLAYBACK) {
+            return new FakeCredentials();
+        }
+
+        if (authority == AzureAuthorityHosts.AZURE_PUBLIC_CLOUD) {
+            return new DefaultAzureCredentialBuilder().build();
+        } else {
+            return new ClientSecretCredentialBuilder()
+                .tenantId(TENANT_ID)
+                .clientId(CLIENT_ID)
+                .clientSecret(CONTAINERREGISTRY_CLIENT_SECRET)
+                .authorityHost(authority).build();
+        }
     }
 
     static void importImage(TestMode mode, String repository, List<String> tags) {
@@ -145,20 +170,69 @@ static void importImage(TestMode mode, String repository, List<String> tags) {
         }
     }
 
+    public static String getAuthority(String endpoint) {
+        if (endpoint == null) {
+            return AzureAuthorityHosts.AZURE_PUBLIC_CLOUD;
+        }
+
+        if (endpoint.contains(".azurecr.io")) {
+            return AzureAuthorityHosts.AZURE_PUBLIC_CLOUD;
+        }
+
+        if (endpoint.contains(".azurecr.cn")) {
+            return AzureAuthorityHosts.AZURE_CHINA;
+        }
+
+        if (endpoint.contains(".azurecr.us")) {
+            return AzureAuthorityHosts.AZURE_GOVERNMENT;
+        }
+
+        // By default we will assume that the authority is public
+        return AzureAuthorityHosts.AZURE_PUBLIC_CLOUD;
+    }
+
+    public static String getAuthenticationScope(String endpoint) {
+        String authority = getAuthority(endpoint);
+        switch (authority) {
+            case AzureAuthorityHosts.AZURE_PUBLIC_CLOUD:
+                return "https://management.core.windows.net/.default";
+
+            case AzureAuthorityHosts.AZURE_CHINA:
+                return "https://management.chinacloudapi.cn/.default";
+
+            case AzureAuthorityHosts.AZURE_GOVERNMENT:
+                return "https://management.usgovcloudapi.net/.default";
+
+            default:
+                return null;
+        }
+    }
+
+    static AzureProfile getAzureProfile(String authority) {
+        switch (authority) {
+            case AzureAuthorityHosts.AZURE_PUBLIC_CLOUD: return new AzureProfile(TENANT_ID, SUBSCRIPTION_ID, AzureEnvironment.AZURE);
+            case AzureAuthorityHosts.AZURE_CHINA: return new AzureProfile(TENANT_ID, SUBSCRIPTION_ID, AzureEnvironment.AZURE_CHINA);
+            case AzureAuthorityHosts.AZURE_GOVERNMENT: return new AzureProfile(TENANT_ID, SUBSCRIPTION_ID, AzureEnvironment.AZURE_US_GOVERNMENT);
+            default: return null;
+        }
+    }
+
     static Mono<Void> importImageAsync(TestMode mode, String repository, List<String> tags) {
-        return importImageAsync(mode, REGISTRY_NAME, repository, tags);
+        return importImageAsync(mode, REGISTRY_NAME, repository, tags, REGISTRY_ENDPOINT);
     }
 
-    static Mono<Void> importImageAsync(TestMode mode, String registryName, String repository, List<String> tags) {
+    static Mono<Void> importImageAsync(TestMode mode, String registryName, String repository, List<String> tags, String endpoint) {
         if (mode == TestMode.PLAYBACK) {
             return Mono.empty();
         }
 
-        TokenCredential credential = getCredential(mode);
+        String authority = getAuthority(endpoint);
 
+        TokenCredential credential = getCredentialByAuthority(mode, authority);
         tags = tags.stream().map(tag -> String.format("%1$s:%2$s", repository, tag)).collect(Collectors.toList());
+        AzureProfile profile = getAzureProfile(authority);
 
-        ContainerRegistryManager manager = ContainerRegistryManager.authenticate(credential, new AzureProfile(AzureEnvironment.AZURE));
+        ContainerRegistryManager manager = ContainerRegistryManager.authenticate(credential, profile);
 
         return manager.serviceClient().getRegistries().importImageAsync(
             RESOURCE_GROUP,