Add delete + purge test to Key Vault Secrets (Azure#2069)

Author: heaths

sdk/keyvault/assets.json

@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "rust",
   "TagPrefix": "rust/keyvault",
-  "Tag": "rust/keyvault_9528e38b39"
+  "Tag": "rust/keyvault_84345f715b"
 }

sdk/keyvault/azure_security_keyvault_secrets/tests/common/mod.rs

@@ -0,0 +1,102 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+use std::{ops::Mul, pin::Pin, time::Duration};
+use tokio::time::{sleep, Sleep};
+
+const DEFAULT_TIMEOUT: Duration = Duration::from_secs(60 * 3);
+const MAX_DURATION: Duration = Duration::from_secs(30);
+
+/// Use in a retry loop.
+#[derive(Debug)]
+pub struct Retry(RetryImpl);
+
+#[derive(Debug)]
+enum RetryImpl {
+    Immediate,
+    Progressive {
+        duration: Duration,
+        timeout: Pin<Box<Sleep>>,
+    },
+}
+
+impl Retry {
+    /// Creates a retry that returns immediately.
+    ///
+    /// Useful when playing back recorded tests.
+    pub fn immediate() -> Self {
+        Self(RetryImpl::Immediate)
+    }
+
+    /// Creates a progressive retry that starts at 500 milliseconds and doubles up until 30 seconds.
+    ///
+    /// Useful when recording tests.
+    ///
+    /// # Arguments
+    ///
+    /// * `timeout` - How long until the retry times out. If `None`, the default of 3 minutes is used.
+    ///   This only affects calls to [`Retry::next()`]. Actual timeout may be a little longer depending on your workload.
+    pub fn progressive(timeout: Option<Duration>) -> Self {
+        let timeout = Box::pin(sleep(timeout.unwrap_or(DEFAULT_TIMEOUT)));
+        Self(RetryImpl::Progressive {
+            duration: Duration::from_millis(500),
+            timeout,
+        })
+    }
+
+    /// Waits on the next retry interval or returns `None` if timed out.
+    pub async fn next(&mut self) -> Option<()> {
+        match &mut self.0 {
+            RetryImpl::Immediate => Some(()),
+            RetryImpl::Progressive { duration, timeout } => {
+                tokio::select! {
+                    _ = sleep(*duration) => {},
+                    _ = timeout => {
+                        return None;
+                    },
+                };
+
+                *duration = duration.mul(2);
+                if *duration > MAX_DURATION {
+                    *duration = MAX_DURATION;
+                }
+                Some(())
+            }
+        }
+    }
+
+    /// Gets the current [`Duration`] for the next call to [`Retry::next()`].
+    pub fn duration(&self) -> Option<Duration> {
+        match &self.0 {
+            RetryImpl::Immediate => None,
+            RetryImpl::Progressive { duration, .. } => Some(*duration),
+        }
+    }
+}
+
+#[tokio::test]
+async fn test_retry_immediate() {
+    let mut i = 0;
+    let mut retry = Retry::immediate();
+    while (retry.next().await).is_some() {
+        println!("Attempt {i}");
+        i += 1;
+        if i >= 5 {
+            break;
+        }
+    }
+}
+
+#[ignore = "literal waste of time normally"]
+#[tokio::test]
+async fn test_retry_progressive() {
+    let mut i = 0;
+    let mut retry = Retry::progressive(Some(Duration::from_secs(2)));
+    while (retry.next().await).is_some() {
+        println!("Attempt {i}");
+        i += 1;
+        if i >= 5 {
+            break;
+        }
+    }
+}

sdk/keyvault/azure_security_keyvault_secrets/tests/secret_client.rs

@@ -3,12 +3,15 @@
 
 #![cfg_attr(target_arch = "wasm32", allow(unused_imports))]
 
-use azure_core::Result;
-use azure_core_test::{recorded, TestContext};
+mod common;
+
+use azure_core::{Result, StatusCode};
+use azure_core_test::{recorded, TestContext, TestMode};
 use azure_security_keyvault_secrets::{
     models::{SecretSetParameters, SecretUpdateParameters},
     ResourceExt as _, SecretClient, SecretClientOptions,
 };
+use common::Retry;
 use futures::TryStreamExt;
 use std::collections::HashMap;
 
@@ -153,3 +156,64 @@ async fn list_secrets(ctx: TestContext) -> Result<()> {
 
     Ok(())
 }
+
+#[recorded::test]
+async fn purge_secret(ctx: TestContext) -> Result<()> {
+    let recording = ctx.recording();
+    recording.remove_sanitizers(REMOVE_SANITIZERS).await?;
+
+    let mut options = SecretClientOptions::default();
+    recording.instrument(&mut options.client_options);
+
+    let client = SecretClient::new(
+        recording.var("AZURE_KEYVAULT_URL", None).as_str(),
+        recording.credential(),
+        Some(options),
+    )?;
+
+    // Create a secret.
+    let secret = client
+        .set_secret(
+            "purge-secret",
+            SecretSetParameters {
+                value: Some("secret-value".into()),
+                ..Default::default()
+            }
+            .try_into()?,
+            None,
+        )
+        .await?
+        .into_body()
+        .await?;
+
+    // Delete the secret.
+    let name = secret.resource_id()?.name;
+    client.delete_secret(name.as_ref(), None).await?;
+
+    // Because deletes may not happen right away, try purging in a loop.
+    let mut retry = match recording.test_mode() {
+        TestMode::Playback => Retry::immediate(),
+        _ => Retry::progressive(None),
+    };
+
+    loop {
+        match client.purge_deleted_secret(name.as_ref(), None).await {
+            Ok(_) => {
+                println!("{name} has been purged");
+                break;
+            }
+            Err(err) if matches!(err.http_status(), Some(StatusCode::Conflict)) => {
+                println!(
+                    "Retrying in {} seconds",
+                    retry.duration().unwrap_or_default().as_secs_f32()
+                );
+                if retry.next().await.is_none() {
+                    return Err(err);
+                }
+            }
+            Err(err) => return Err(err),
+        }
+    }
+
+    Ok(())
+}