Move ActiveDirectoryAuthenticationProvider Tests #3717
Conversation
paulmedynski
left a comment
paulmedynski
left a comment
There was a problem hiding this comment.
Commentary for reviewers.
| #pragma warning disable 0618 // Type or member is obsolete | ||
| [InlineData(SqlAuthenticationMethod.ActiveDirectoryPassword)] | ||
| #pragma warning restore 0618 // Type or member is obsolete | ||
| [InlineData(SqlAuthenticationMethod.ActiveDirectoryInteractive)] |
There was a problem hiding this comment.
Interactive was missing from the original test, so I added it here.
| namespace Microsoft.Data.SqlClient.ManualTesting.Tests | ||
| { | ||
| public class AADConnectionsTest | ||
| public class AADConnectionTest |
There was a problem hiding this comment.
The test class name didn't match the filename.
| // Clear token cache for code coverage. | ||
| ActiveDirectoryAuthenticationProvider.ClearUserTokenCache(); | ||
| using (SqlConnection connection = new SqlConnection(DataTestUtility.AADPasswordConnectionString)) | ||
| #pragma warning disable 0618 // Type or member is obsolete |
There was a problem hiding this comment.
These tests were unnecessarily using our auth provider, so I updated them to use the test provider defined above, which fetches real tokens via MSAL itself.
paulmedynski
force-pushed
the
dev/paul/azure-split/move-tests
branch
from
1903ecc to
b17155b
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## feat/azure-split #3717 +/- ##
===================================================
Coverage ? 76.45%
===================================================
Files ? 271
Lines ? 43029
Branches ? 0
===================================================
Hits ? 32896
Misses ? 10133
Partials ? 0
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
paulmedynski
left a comment
paulmedynski
left a comment
There was a problem hiding this comment.
Commentary for reviewers.
| public class AADConnectionsTest | ||
| public class AADConnectionTest | ||
| { | ||
| class CustomSqlAuthenticationProvider : SqlAuthenticationProvider |
There was a problem hiding this comment.
Moved this to UsernamePasswordProvider.cs so it could be shared.
| --verbosity ${{ parameters.verbosity }} | ||
| --verbosity ${{ parameters.dotnetVerbosity }} | ||
| -p:ReferenceType=${{ parameters.referenceType }} | ||
| -p:ForceMdsAssemblyNameSuffix=true |
There was a problem hiding this comment.
This is explained in my comments on Directory.Build.props.
| # to stress test. | ||
| - name: pipelineArtifactName | ||
| displayName: Pipeline Artifact Name | ||
| # The verbosity level for the dotnet CLI commands. |
There was a problem hiding this comment.
Sorted parameters alphabetically and added some debug/verbosity.
| Apply an MDS assembly name suffix, if necessary. See the top-level | ||
| Directory.Build.props for more information. | ||
| --> | ||
| <DefineConstants Condition="'$(ApplyMdsAssemblyNameSuffix)' == 'true'">$(DefineConstants);APPLY_MDS_ASSEMBLY_NAME_SUFFIX</DefineConstants> |
There was a problem hiding this comment.
Abstractions performs reflection against the MDS assembly, so it needs to know how to form the assembly name. Explained in Directory.Build.props.
| Append an assembly name suffix, if necessary. See the top-level | ||
| Directory.Build.props for more information. | ||
| --> | ||
| <AssemblyName>Microsoft.Data.SqlClient</AssemblyName> |
There was a problem hiding this comment.
The 2 ref projects didn't previously specify <AssemblyName>. Not sure why, or if this new addition will cause problems. Thoughts?
| <ProjectReference | ||
| Condition="'$(TargetGroup)'=='netfx'" | ||
| Include="$(NetFxSource)src\Microsoft.Data.SqlClient.csproj" /> | ||
| <ProjectReference Include="../../../Microsoft.Data.SqlClient.Extensions/Azure/src/Azure.csproj" /> |
There was a problem hiding this comment.
This ensures that none of the Functional (or Manual) tests are depending on our auth provider by accident.
| // | ||
| // TODO: Figure out which ones and install on-demand rather than | ||
| // globally. | ||
| SqlAuthenticationProvider.SetProvider( |
There was a problem hiding this comment.
This entire test suite is now serviced either by this provider, or by the UsernamePasswordProvider on-demand.
No other auth methods have a provider installed.
| } | ||
| finally | ||
| { | ||
| if (original is not null) |
There was a problem hiding this comment.
For some reason there is no unset-provider mechanism, so we're polluting the global scope in the event that no provider was registered before this test.
You will see this pattern elsewhere as well. SetProvider() throws an NRE if you pass null.
| <group targetFramework="net462"> | ||
| <reference file="Microsoft.Data.SqlClient.dll" /> | ||
| <reference file="Microsoft.Data.SqlClient.xml" /> | ||
| <reference file="Microsoft.Data.SqlClient$AssemblyNameSuffixNetFx$.dll" /> |
There was a problem hiding this comment.
Our project-reference based builds probably shouldn't be attempting to generate NuGet packages, but since they do, I made it work. The generated packages aren't used for anything (see CI-SqlClient pipeline), so there is no harm here.
As mentioned in the Directory.Build.props commentary, this is all temporary code anyway and should disappear before 7.0.0 GA.
| project to determine whether or not to apply the MDS assembly name suffix. | ||
| --> | ||
| <ApplyMdsAssemblyNameSuffix>false</ApplyMdsAssemblyNameSuffix> | ||
| <ApplyMdsAssemblyNameSuffix |
There was a problem hiding this comment.
This is a temporary measure to get the Abstractions and Azure projects (and their tests) to build without having to employ the confusing tricks found in the FunctionalTests, ManualTests, and AKV projects, where we only support building for one type of framework at a time (ick!). This will all disappear when we finally complete the .NET and .NET Framework codebase merge, and we have a single MDS project.
There was a problem hiding this comment.
Removed that part since it was confusing. We will produce the same number of MDS assembly files (DLLs), but will no longer be prevented from building them all at once via project references due to multiple projects specifying the same assembly name.
paulmedynski
force-pushed
the
dev/paul/azure-split/move-tests
branch
from
5d4f942 to
1e27ff4
Compare
paulmedynski
changed the title
paulmedynski
force-pushed
the
dev/paul/azure-split/move-tests
branch
from
1e27ff4 to
21ab32e
Compare
paulmedynski
force-pushed
the
feat/azure-split
branch
from
648d928 to
540c2c6
Compare
Abstractions Package - Pipeline Changes (#3628) Move AAD/Entra Authentication into new Azure package (#3680) User Story 39839: Move existing MDS tests to Azure package - Identified and moved tests specific to ActiveDirectoryAuthenticationProvider into the Azure Test project. - Updated some MDS tests that unnecessarily used ActiveDirectoryAuthenticationProvider. - Added tests to Abstractions Test project to ensure AAD/Entra auth fails when the Azure package isn't present. - Various build and pipeline changes to support the test changes. - Fixed project-based builds so we can restore MDS netcore and netfx projects at the same time. - Added caching to the managed identity provider for the ManualTest project. - Moved username/password Entra auth provider into its own file for sharing across tests. - Added ADO service connection for test tasks that require access to Azure resources. - Added workload identity federation tests. - Solved the mystery of SNI DLLs missing for .NET Framework project-reference-based builds. - Added ADO-CI-1ES pool jobs to test the Azure package on Linux and Windows. - Fixed Azure package pipelines to support pools in the ADO.Net and Public projects. - Added some new pipeline variables to handle the Workload Identity Federation test.
paulmedynski
force-pushed
the
dev/paul/azure-split/move-tests
branch
from
21ab32e to
6f7f621
Compare
paulmedynski
left a comment
paulmedynski
left a comment
There was a problem hiding this comment.
Commentary and things for myself to fix.
|
|
||
| namespace Microsoft.Data.SqlClient.Extensions.Azure.Test; | ||
|
|
||
| // This class reads configuration information from environment variables and the |
| // This class reads configuration information from environment variables and the | ||
| // config.json file for use by our tests. | ||
| // | ||
| // Environment variables take precedence over config.json settings. |
There was a problem hiding this comment.
@paulmedynski Note case-sensitivity on non-Windows platforms.
|
|
||
| #region Private Methods | ||
|
|
||
| private static string GetString(JsonElement element, string name) |
There was a problem hiding this comment.
@paulmedynski Add docs for these helper methods.
| // Note that this isn't testing anything in the Azure package. It actually | ||
| // tests the static constructor of SqlAuthenticationProviderManager class in | ||
| // the MDS package and the static GetProvider() and SetProvider() methods of | ||
| // the SqlAuthenticationProvider class in the Abstractions package. |
There was a problem hiding this comment.
@paulmedynski Explain why we're testing this here, and not in MDS or Abstractions tests.
| public async void GetCredential() | ||
| { | ||
| AzurePipelinesCredential credential = new( | ||
| // The tenant ID if the managed identity associated to our workload |
| Config.UserManagedIdentityClientId, | ||
|
|
||
| // The Azure Dev Ops service connection ID (resourceId found in the | ||
| // URL) of our workload identity federation setup. See: |
| "printMaxEnumerableLength": 0, | ||
| "printMaxStringLength": 0, | ||
| "showLiveOutput": false | ||
| "_comment": "Options for v3+ are prefixed with '_v3_'", |
paulmedynski
changed the title
There was a problem hiding this comment.
Pull request overview
This PR migrates ActiveDirectoryAuthenticationProvider (ADAP) tests from the Microsoft.Data.SqlClient (MDS) test suite to the Azure package. The migration includes infrastructure changes to support project-reference builds with different assembly names for .NET Core and .NET Framework, along with new test utilities and comprehensive pipeline updates.
Key Changes:
- Build infrastructure updated to handle assembly name suffixes for project-reference builds
- ActiveDirectoryAuthenticationProvider tests moved from MDS ManualTests to Azure package tests
- New test provider implementations (UsernamePasswordProvider, ManagedIdentityProvider) added to MDS tests
- Azure package tests now have comprehensive configuration and pipeline support
Reviewed changes
Copilot reviewed 55 out of 56 changed files in this pull request and generated 16 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/targets/GenerateMdsPackage.targets | Added assembly name suffix properties for project builds |
| tools/targets/CopySniDllsForNetFxProjectReferenceBuilds.targets | New target file to copy SNI DLLs for .NET Framework project builds |
| tools/specs/Microsoft.Data.SqlClient.nuspec | Updated to support optional assembly name suffixes in file paths |
| src/Microsoft.SqlServer.Server/StringsHelper.cs | Added braces for single-line if statements (code style fix) |
| src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/ConnectivityTests/AADConnectionTest.cs | Removed ADAP-dependent tests, added test provider usage for remaining tests |
| src/Microsoft.Data.SqlClient/tests/ManualTests/DataCommon/UsernamePasswordProvider.cs | New test provider for username/password authentication |
| src/Microsoft.Data.SqlClient/tests/ManualTests/DataCommon/ManagedIdentityProvider.cs | New test provider for managed identity authentication |
| src/Microsoft.Data.SqlClient/tests/FunctionalTests/AADAuthenticationTests.cs | Removed ADAP constructor tests (moved to Azure package) |
| src/Microsoft.Data.SqlClient/tests/FunctionalTests/SqlAuthenticationProviderTest.cs | Deleted - tests moved to Azure package |
| src/Microsoft.Data.SqlClient.Extensions/Azure/test/AADConnectionTest.cs | New file with migrated ADAP connection tests |
| src/Microsoft.Data.SqlClient.Extensions/Azure/test/AADAuthenticationTests.cs | New file with migrated ADAP provider constructor tests |
| src/Microsoft.Data.SqlClient.Extensions/Azure/test/DefaultAuthProviderTests.cs | New test verifying ADAP is installed for all AAD methods |
| src/Microsoft.Data.SqlClient.Extensions/Azure/test/Config.cs | New configuration class for Azure package tests |
| src/Microsoft.Data.SqlClient.Extensions/Abstractions/src/SqlAuthenticationProviderInternal.cs | Enhanced to support assembly name suffixes and improved logging |
| src/Directory.Build.props | Added ApplyMdsAssemblyNameSuffix property logic |
| eng/pipelines/* | Multiple pipeline files updated for consistent parameter naming and new test infrastructure |
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.
| arguments: 'pack -Symbols -SymbolPackageFormat snupkg ${{parameters.nuspecPath}} -Version ${{parameters.packageVersion}} -OutputDirectory ${{parameters.outputDirectory}} -properties "COMMITID=$(CommitHead);Configuration=${{parameters.buildConfiguration}};ReferenceType=${{parameters.referenceType}};${{parameters.properties}}"' | ||
| ${{else }}: | ||
| arguments: 'pack ${{parameters.nuspecPath}} -Version ${{parameters.NugetPackageVersion}} -OutputDirectory ${{parameters.OutputDirectory}} -properties "COMMITID=$(CommitHead);Configuration=${{parameters.buildConfiguration}};ReferenceType=${{parameters.referenceType}};${{parameters.properties}}"' | ||
| arguments: 'pack ${{parameters.nuspecPath}} -Version ${{parameters.packageVersion}} -OutputDirectory ${{parameters.outputDirectory}} -properties "COMMITID=$(CommitHead);Configuration=${{parameters.buildConfiguration}};ReferenceType=${{parameters.referenceType}};${{parameters.properties}}"' |
There was a problem hiding this comment.
The parameter references have inconsistent casing: ${{parameters.packageVersion}} and ${{parameters.outputDirectory}} use camelCase, but the original code used PascalCase (NugetPackageVersion, OutputDirectory). This change should be verified to ensure the parameters are defined with matching casing in the parameters section of this template file.
| throw new TokenException( | ||
| $"Failed to acquire token for ManagedIdentity " + | ||
| $"userId ={parameters.UserId} error={ex.Message}", ex); |
There was a problem hiding this comment.
The error message in line 55 states "Failed to acquire token for ManagedIdentity" but this is actually a UsernamePasswordProvider. The error message should accurately reflect that this is a username/password authentication failure, not a managed identity failure.
| /// A dummy provider that supports all authentication methods. | ||
| /// </summary> | ||
|
|
||
| // A dummy provider that supports all authentication methods. |
There was a problem hiding this comment.
There's a duplicate comment at line 86-87. Line 83-85 already contains the comment "A dummy provider that supports all authentication methods." The duplicate on line 87 should be removed.
| // A dummy provider that supports all authentication methods. |
| // | ||
| internal static class Config | ||
| { | ||
| # region Config Properties |
There was a problem hiding this comment.
Remove the space between '#' and 'region' to follow standard C# preprocessor directive formatting.
| # region Config Properties | |
| #region Config Properties |
|
|
||
| Assert.Throws<SqlException>(() => ConnectAndDisconnect(connStr)); | ||
|
|
||
| // We cannot verify error message with certainity as driver may cache token from other tests for current user |
There was a problem hiding this comment.
Correct the spelling of "certainty" from "certainity".
| // We cannot verify error message with certainity as driver may cache token from other tests for current user | |
| // We cannot verify error message with certainty as driver may cache token from other tests for current user |
| await PublicClientApplicationBuilder.Create(_appClientId) | ||
| .WithAuthority(parameters.Authority) | ||
| .Build() | ||
| .AcquireTokenByUsernamePassword(scopes, parameters.UserId, parameters.Password) |
There was a problem hiding this comment.
Call to obsolete method AcquireTokenByUsernamePassword.
| } | ||
| if (!removeKey) | ||
| { | ||
| res += key + ";"; |
There was a problem hiding this comment.
String concatenation in loop: use 'StringBuilder'.
| if (!string.IsNullOrEmpty(key.Trim())) | ||
| { | ||
| if (key.Trim().ToLower().StartsWith(keyword.Trim().ToLower(), StringComparison.Ordinal)) | ||
| { | ||
| res = key.Substring(key.IndexOf('=') + 1).Trim(); | ||
| break; | ||
| } |
There was a problem hiding this comment.
These 'if' statements can be combined.
| if (!string.IsNullOrEmpty(key.Trim())) | |
| { | |
| if (key.Trim().ToLower().StartsWith(keyword.Trim().ToLower(), StringComparison.Ordinal)) | |
| { | |
| res = key.Substring(key.IndexOf('=') + 1).Trim(); | |
| break; | |
| } | |
| if (!string.IsNullOrEmpty(key.Trim()) && | |
| key.Trim().ToLower().StartsWith(keyword.Trim().ToLower(), StringComparison.Ordinal)) | |
| { | |
| res = key.Substring(key.IndexOf('=') + 1).Trim(); | |
| break; |
|
|
||
| internal class UsernamePasswordProvider : SqlAuthenticationProvider | ||
| { | ||
| string _appClientId; |
There was a problem hiding this comment.
Field '_appClientId' can be 'readonly'.
Description
This PR moves all existing MDS tests that use the ActiveDirectoryAuthenticationProvider (ADAP) into the Azure project. The tests are moved as-is with non-functional changes to get them to build/run.
A few MDS tests were unnecessarily using ADAP when they should have been using a test provider, so I updated them to do so.
A full suite of tests for the Azure package will be created in future PRs.
Testing
Existing CI for the Azure and MDS packages should confirm everything.