Added testing

Author: vladvildanov

.github/actions/run-tests/action.yml

@@ -103,7 +103,7 @@ runs:
 
           if (( $REDIS_MAJOR_VERSION < 7 )) && [ "$protocol" == "3" ]; then
             echo "Skipping module tests: Modules doesn't support RESP3 for Redis versions < 7"
-            invoke standalone-tests --redis-mod-url=${REDIS_MOD_URL} $eventloop --protocol="${protocol}" --extra-markers="not redismod"
+            invoke standalone-tests --redis-mod-url=${REDIS_MOD_URL} $eventloop --protocol="${protocol}" --extra-markers="not redismod and not cp_integration"
           else        
             invoke standalone-tests --redis-mod-url=${REDIS_MOD_URL} $eventloop --protocol="${protocol}"
           fi

requirements.txt

@@ -1,2 +1,3 @@
 async-timeout>=4.0.3
-redispy-entraid-credentials @ git+https://github.com/redis-developer/redispy-entra-credentials.git/@main
+redispy-entraid-credentials @ git+https://github.com/redis-developer/redispy-entra-credentials.git/@main
+PyJWT~=2.9.0

tests/conftest.py

@@ -1,15 +1,27 @@
 import argparse
+import os
 import random
 import time
+from datetime import datetime, timezone
 from typing import Callable, TypeVar
 from unittest import mock
 from unittest.mock import Mock
 from urllib.parse import urlparse
 
+import jwt
 import pytest
+from entraid.cred_provider import EntraIdCredentialsProvider, TokenAuthConfig
+from entraid.identity_provider import ManagedIdentityType, create_provider_from_managed_identity, \
+    create_provider_from_service_principal
+
+from redis.auth.token import JWToken
+from redis.auth.token_manager import TokenManager
+from redis.credentials import CredentialProvider, StreamingCredentialProvider
+
 import redis
 from packaging.version import Version
 from redis import Sentinel
+from redis.auth.idp import IdentityProviderInterface
 from redis.backoff import NoBackoff
 from redis.cache import (
     CacheConfig,
@@ -575,6 +587,113 @@ def cache_key(request) -> CacheKey:
     return CacheKey(command, keys)
 
 
+def mock_identity_provider() -> IdentityProviderInterface:
+    mock_provider = Mock(spec=IdentityProviderInterface)
+    token = {
+        "exp": datetime.now(timezone.utc).timestamp() + 3600,
+        "oid": "username"
+    }
+    encoded = jwt.encode(token, "secret", algorithm='HS256')
+    jwt_token = JWToken(encoded)
+    mock_provider.request_token.return_value = jwt_token
+    return mock_provider
+
+
+def identity_provider(request) -> IdentityProviderInterface:
+    auth_type = os.getenv("IDP_AUTH_TYPE")
+
+    if request.param.get("mock_idp", None) is not None:
+        return mock_identity_provider()
+
+    if auth_type == "MANAGED_IDENTITY":
+        return _get_managed_identity_provider(request)
+
+    return _get_service_principal_provider(request)
+
+
+def _get_managed_identity_provider(request):
+    authority = os.getenv("IDP_AUTHORITY")
+    identity_type = ManagedIdentityType(os.getenv("IDP_IDENTITY_TYPE"))
+    resource = os.getenv("IDP_RESOURCE")
+    id_type = os.getenv("IDP_ID_TYPE", None)
+    id_value = os.getenv("IDP_ID_VALUE", None)
+    kwargs = request.param.get("idp_kwargs", {})
+
+    return create_provider_from_managed_identity(
+        identity_type=identity_type,
+        resource=resource,
+        id_type=id_type,
+        id_value=id_value,
+        authority=authority,
+        **kwargs
+    )
+
+
+def _get_service_principal_provider(request):
+    client_id = os.getenv("IDP_CLIENT_ID")
+    client_credential = os.getenv("IDP_CLIENT_CREDENTIAL")
+    authority = os.getenv("IDP_AUTHORITY")
+    scopes = os.getenv("IDP_SCOPES", [])
+    kwargs = request.param.get("idp_kwargs", {})
+
+    if isinstance(scopes, str):
+        scopes = scopes.split(',')
+
+    token_kwargs = request.param.get("token_kwargs", {})
+    timeout = request.param.get("timeout", None)
+
+    return create_provider_from_service_principal(
+        client_id=client_id,
+        client_credential=client_credential,
+        scopes=scopes,
+        timeout=timeout,
+        token_kwargs=token_kwargs,
+        authority=authority,
+        **kwargs
+    )
+
+
+def get_credential_provider(request) -> CredentialProvider:
+    cred_provider_class = request.param.get("cred_provider_class")
+    cred_provider_kwargs = request.param.get("cred_provider_kwargs", {})
+
+    if cred_provider_class != EntraIdCredentialsProvider:
+        return cred_provider_class(**cred_provider_kwargs)
+
+    idp = identity_provider(request)
+    initial_delay_in_ms = cred_provider_kwargs.get("initial_delay_in_ms", 0)
+    block_for_initial = cred_provider_kwargs.get("block_for_initial", False)
+    expiration_refresh_ratio = cred_provider_kwargs.get(
+        "expiration_refresh_ratio", TokenAuthConfig.DEFAULT_EXPIRATION_REFRESH_RATIO
+    )
+    lower_refresh_bound_millis = cred_provider_kwargs.get(
+        "lower_refresh_bound_millis", TokenAuthConfig.DEFAULT_LOWER_REFRESH_BOUND_MILLIS
+    )
+    max_attempts = cred_provider_kwargs.get(
+        "max_attempts", TokenAuthConfig.DEFAULT_MAX_ATTEMPTS
+    )
+    delay_in_ms = cred_provider_kwargs.get(
+        "delay_in_ms", TokenAuthConfig.DEFAULT_DELAY_IN_MS
+    )
+
+    auth_config = TokenAuthConfig(idp)
+    auth_config.expiration_refresh_ratio(expiration_refresh_ratio)
+    auth_config.lower_refresh_bound_millis(lower_refresh_bound_millis)
+    auth_config.max_attempts(max_attempts)
+    auth_config.delay_in_ms(delay_in_ms)
+
+    return EntraIdCredentialsProvider(
+        config=auth_config,
+        initial_delay_in_ms=initial_delay_in_ms,
+        block_for_initial=block_for_initial,
+    )
+
+
+@pytest.fixture()
+def credential_provider(request) -> CredentialProvider:
+    return get_credential_provider(request)
+
+
 def wait_for_command(client, monitor, command, key=None):
     # issue a command with a key name that's local to this process.
     # if we find a command with our key before the command we're waiting

tests/test_asyncio/conftest.py

@@ -1,15 +1,26 @@
+import os
 import random
 from contextlib import asynccontextmanager as _asynccontextmanager
+from datetime import datetime, timezone
 from typing import Union
 
+import jwt
 import pytest
 import pytest_asyncio
+from entraid.cred_provider import EntraIdCredentialsProvider, TokenAuthConfig
+from entraid.identity_provider import ManagedIdentityType, create_provider_from_managed_identity, \
+    create_provider_from_service_principal
+from mock.mock import Mock
+from redis.credentials import CredentialProvider
+
 import redis.asyncio as redis
 from packaging.version import Version
 from redis.asyncio import Sentinel
 from redis.asyncio.client import Monitor
 from redis.asyncio.connection import Connection, parse_url
 from redis.asyncio.retry import Retry
+from redis.auth.idp import IdentityProviderInterface
+from redis.auth.token import JWToken
 from redis.backoff import NoBackoff
 from tests.conftest import REDIS_INFO
 
@@ -216,6 +227,113 @@ async def mock_cluster_resp_slaves(create_redis, **kwargs):
         yield mocked
 
 
+def mock_identity_provider() -> IdentityProviderInterface:
+    mock_provider = Mock(spec=IdentityProviderInterface)
+    token = {
+        "exp": datetime.now(timezone.utc).timestamp() + 3600,
+        "oid": "username"
+    }
+    encoded = jwt.encode(token, "secret", algorithm='HS256')
+    jwt_token = JWToken(encoded)
+    mock_provider.request_token.return_value = jwt_token
+    return mock_provider
+
+
+def identity_provider(request) -> IdentityProviderInterface:
+    auth_type = os.getenv("IDP_AUTH_TYPE")
+
+    if request.param.get("mock_idp", None) is not None:
+        return mock_identity_provider()
+
+    if auth_type == "MANAGED_IDENTITY":
+        return _get_managed_identity_provider(request)
+
+    return _get_service_principal_provider(request)
+
+
+def _get_managed_identity_provider(request):
+    authority = os.getenv("IDP_AUTHORITY")
+    identity_type = ManagedIdentityType(os.getenv("IDP_IDENTITY_TYPE"))
+    resource = os.getenv("IDP_RESOURCE")
+    id_type = os.getenv("IDP_ID_TYPE", None)
+    id_value = os.getenv("IDP_ID_VALUE", None)
+    kwargs = request.param.get("idp_kwargs", {})
+
+    return create_provider_from_managed_identity(
+        identity_type=identity_type,
+        resource=resource,
+        id_type=id_type,
+        id_value=id_value,
+        authority=authority,
+        **kwargs
+    )
+
+
+def _get_service_principal_provider(request):
+    client_id = os.getenv("IDP_CLIENT_ID")
+    client_credential = os.getenv("IDP_CLIENT_CREDENTIAL")
+    authority = os.getenv("IDP_AUTHORITY")
+    scopes = os.getenv("IDP_SCOPES", [])
+    kwargs = request.param.get("idp_kwargs", {})
+
+    if isinstance(scopes, str):
+        scopes = scopes.split(',')
+
+    token_kwargs = request.param.get("token_kwargs", {})
+    timeout = request.param.get("timeout", None)
+
+    return create_provider_from_service_principal(
+        client_id=client_id,
+        client_credential=client_credential,
+        scopes=scopes,
+        timeout=timeout,
+        token_kwargs=token_kwargs,
+        authority=authority,
+        **kwargs
+    )
+
+
+def get_credential_provider(request) -> CredentialProvider:
+    cred_provider_class = request.param.get("cred_provider_class")
+    cred_provider_kwargs = request.param.get("cred_provider_kwargs", {})
+
+    if cred_provider_class != EntraIdCredentialsProvider:
+        return cred_provider_class(**cred_provider_kwargs)
+
+    idp = identity_provider(request)
+    initial_delay_in_ms = cred_provider_kwargs.get("initial_delay_in_ms", 0)
+    block_for_initial = cred_provider_kwargs.get("block_for_initial", False)
+    expiration_refresh_ratio = cred_provider_kwargs.get(
+        "expiration_refresh_ratio", TokenAuthConfig.DEFAULT_EXPIRATION_REFRESH_RATIO
+    )
+    lower_refresh_bound_millis = cred_provider_kwargs.get(
+        "lower_refresh_bound_millis", TokenAuthConfig.DEFAULT_LOWER_REFRESH_BOUND_MILLIS
+    )
+    max_attempts = cred_provider_kwargs.get(
+        "max_attempts", TokenAuthConfig.DEFAULT_MAX_ATTEMPTS
+    )
+    delay_in_ms = cred_provider_kwargs.get(
+        "delay_in_ms", TokenAuthConfig.DEFAULT_DELAY_IN_MS
+    )
+
+    auth_config = TokenAuthConfig(idp)
+    auth_config.expiration_refresh_ratio(expiration_refresh_ratio)
+    auth_config.lower_refresh_bound_millis(lower_refresh_bound_millis)
+    auth_config.max_attempts(max_attempts)
+    auth_config.delay_in_ms(delay_in_ms)
+
+    return EntraIdCredentialsProvider(
+        config=auth_config,
+        initial_delay_in_ms=initial_delay_in_ms,
+        block_for_initial=block_for_initial,
+    )
+
+
+@pytest_asyncio.fixture()
+async def credential_provider(request) -> CredentialProvider:
+    return get_credential_provider(request)
+
+
 async def wait_for_command(
     client: redis.Redis, monitor: Monitor, command: str, key: Union[str, None] = None
 ):