Use common OIDC token env vars for live tests.

benbp · benbp · commit 2cc1375e6b99 · 2024-10-08T13:12:04.000-04:00
diff --git a/eng/pipelines/templates/jobs/live.tests.yml b/eng/pipelines/templates/jobs/live.tests.yml
@@ -66,6 +66,9 @@ parameters:
   - name: UseFederatedAuth
     type: boolean
     default: false
+  - name: PersistOidcToken
+    type: boolean
+    default: false
 
 jobs:
   - job:
@@ -132,6 +135,7 @@ jobs:
             SubscriptionConfiguration: $(SubscriptionConfiguration)
             ArmTemplateParameters: $(ArmTemplateParameters)
             UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
+            PersistOidcToken: ${{ parameters.PersistOidcToken }}
             ServiceConnection: ${{ parameters.CloudConfig.ServiceConnection }}
             EnvVars:
               Pool: $(Pool)
diff --git a/eng/pipelines/templates/stages/archetype-sdk-tests.yml b/eng/pipelines/templates/stages/archetype-sdk-tests.yml
@@ -97,6 +97,9 @@ parameters:
   - name: UseFederatedAuth
     type: boolean
     default: true
+  - name: PersistOidcToken
+    type: boolean
+    default: false
 
 extends:
   template: /eng/pipelines/templates/stages/1es-redirect.yml
@@ -139,6 +142,7 @@ extends:
                       TestProxy: ${{ parameters.TestProxy }}
                       ToxTestEnv: ${{ parameters.ToxTestEnv }}
                       UseFederatedAuth: ${{ parameters.UseFederatedAuth }}
+                      PersistOidcToken: ${{ parameters.PersistOidcToken }}
                     MatrixConfigs:
                       # Enumerate platforms and additional platforms based on supported clouds (sparse platform<-->cloud matrix).
                       - ${{ each config in parameters.MatrixConfigs }}:
diff --git a/sdk/identity/test-resources-pre.ps1 b/sdk/identity/test-resources-pre.ps1
@@ -11,21 +11,22 @@ param (
     [Parameter()]
     [string] $Location = '',
 
-    [Parameter()]
+    [Parameter(Mandatory = $true)]
     [ValidatePattern('^[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$')]
     [string] $TestApplicationId,
 
-    [Parameter()]
-    [string] $TestApplicationSecret,
-
-    [Parameter()]
+    [Parameter(Mandatory = $true)]
     [ValidatePattern('^[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$')]
     [string] $SubscriptionId,
 
+    [Parameter(Mandatory = $true)]
+    [ValidateNotNullOrEmpty()]
+    [string] $Environment,
+
     [Parameter()]
     [hashtable] $AdditionalParameters = @{},
 
-    [Parameter(ParameterSetName = 'Provisioner', Mandatory = $true)]
+    [Parameter(Mandatory = $true)]
     [ValidateNotNullOrEmpty()]
     [string] $TenantId
 )
@@ -50,6 +51,7 @@ Start-Sleep -s 45
 
 $az_version = az version
 Write-Host "Azure CLI version: $az_version"
+az cloud set --name $Environment
 az login --service-principal -u $TestApplicationId --tenant $TenantId --allow-no-subscriptions --federated-token $env:ARM_OIDC_TOKEN
 az account set --subscription $SubscriptionId
 $versions = az aks get-versions -l westus -o json | ConvertFrom-Json
diff --git a/sdk/identity/tests.yml b/sdk/identity/tests.yml
@@ -5,27 +5,15 @@ trigger: none
 extends:
     template: ../../eng/pipelines/templates/stages/archetype-sdk-tests.yml
     parameters:
-      PreSteps:
-        - task: AzureCLI@2
-          displayName: Set OIDC variables
-          inputs:
-            azureSubscription: azure-sdk-tests-public
-            scriptType: pscore
-            scriptLocation: inlineScript
-            addSpnToEnvironment: true
-            inlineScript: |
-              Write-Host "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$($env:servicePrincipalId)"
-              Write-Host "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$($env:tenantId)"
-              Write-Host "##vso[task.setvariable variable=ARM_OIDC_TOKEN;issecret=true]$($env:idToken)"
       ServiceDirectory: identity
+      PersistOidcToken: true
       EnvVars:
         AZURE_CLIENT_ID: $(IDENTITY_SP_CLIENT_ID)
         AZURE_CLIENT_SECRET: $(IDENTITY_SP_CLIENT_SECRET)
         AZURE_TENANT_ID: $(IDENTITY_SP_TENANT_ID)
         PEM_CONTENT: $(python-identity-certificate)
         AZURE_TEST_RUN_LIVE: true
         AZURE_SKIP_LIVE_RECORDING: 'True'
-        ARM_OIDC_TOKEN: $(ARM_OIDC_TOKEN)
       CloudConfig:
         Public:
           SubscriptionConfigurations:
diff --git a/sdk/monitor/tests.yml b/sdk/monitor/tests.yml
@@ -5,21 +5,11 @@ trigger: none
 extends:
     template: /eng/pipelines/templates/stages/archetype-sdk-tests.yml
     parameters:
-      PreSteps:
-        - task: AzureCLI@2
-          displayName: Set OIDC variables
-          inputs:
-            azureSubscription: azure-sdk-tests-public
-            scriptType: pscore
-            scriptLocation: inlineScript
-            addSpnToEnvironment: true
-            inlineScript: |
-              Write-Host "##vso[task.setvariable variable=ARM_OIDC_TOKEN;issecret=true]$($env:idToken)"
       ServiceDirectory: monitor
       TestTimeoutInMinutes: 300
       BuildTargetingString: azure-monitor-*
+      PersistOidcToken: true
       EnvVars:
         AZURE_SUBSCRIPTION_ID: $(MONITOR_SUBSCRIPTION_ID)
         AZURE_TEST_RUN_LIVE: 'true'
         AZURE_SKIP_LIVE_RECORDING: 'true'
-        ARM_OIDC_TOKEN: $(ARM_OIDC_TOKEN)
