Enable spring AAD IT in Azure China Cloud

sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/AADSeleniumITHelper.java

@@ -1,5 +1,6 @@
 package com.azure.test.aad.selenium;
 
+import com.azure.spring.utils.AzureCloudUrls;
 import com.azure.test.aad.common.SeleniumITHelper;
 import org.openqa.selenium.By;
 import org.openqa.selenium.Keys;
@@ -8,11 +9,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import static com.azure.spring.test.EnvironmentVariable.AAD_SINGLE_TENANT_CLIENT_ID;
-import static com.azure.spring.test.EnvironmentVariable.AAD_SINGLE_TENANT_CLIENT_SECRET;
-import static com.azure.spring.test.EnvironmentVariable.AAD_TENANT_ID_1;
-import static com.azure.spring.test.EnvironmentVariable.AAD_USER_NAME_1;
-import static com.azure.spring.test.EnvironmentVariable.AAD_USER_PASSWORD_1;
+import static com.azure.spring.test.EnvironmentVariable.*;
 import static org.openqa.selenium.support.ui.ExpectedConditions.presenceOfElementLocated;
 
 public class AADSeleniumITHelper extends SeleniumITHelper {
@@ -27,6 +24,8 @@ public static Map<String, String> createDefaultProperties() {
         defaultProperties.put("azure.activedirectory.client-secret", AAD_SINGLE_TENANT_CLIENT_SECRET);
         defaultProperties.put("azure.activedirectory.user-group.allowed-groups", "group1");
         defaultProperties.put("azure.activedirectory.post-logout-redirect-uri", "http://localhost:${server.port}");
+        defaultProperties.put("azure.activedirectory.base-uri", AzureCloudUrls.getBaseUrl(AZURE_CLOUD_TYPE));
+        defaultProperties.put("azure.activedirectory.graph-base-uri", AzureCloudUrls.getGraphBaseUrl(AZURE_CLOUD_TYPE));
         return defaultProperties;
     }
 
@@ -58,15 +57,15 @@ public String logoutAndGetLogoutUsername() {
         String cssSelector = "div[data-test-id='" + username + "']";
         wait.until(ExpectedConditions.elementToBeClickable(By.cssSelector(cssSelector))).click();
         String id = wait.until(ExpectedConditions.elementToBeClickable(By.cssSelector("div[tabindex='0']")))
-                        .getAttribute("data-test-id");
+            .getAttribute("data-test-id");
         return id;
     }
 
     public String httpGetWithIncrementalConsent(String endpoint) {
         driver.get((app.root() + endpoint));
 
-        String oauth2AuthorizationUrlFraction = String.format("https://login.microsoftonline.com/%s/oauth2/v2.0/"
-            + "authorize?", AAD_TENANT_ID_1);
+        String oauth2AuthorizationUrlFraction = String.format(AzureCloudUrls.getBaseUrl(AZURE_CLOUD_TYPE)
+            + "%s/oauth2/v2.0/" + "authorize?", AAD_TENANT_ID_1);
         wait.until(ExpectedConditions.urlContains(oauth2AuthorizationUrlFraction));
 
         String onDemandAuthorizationUrl = driver.getCurrentUrl();

sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/multitenant/AADMultipleTenantIT.java

@@ -17,23 +17,21 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import java.security.Principal;
-import java.util.HashMap;
 import java.util.Map;
 
-import static com.azure.spring.test.EnvironmentVariable.AAD_MULTI_TENANT_CLIENT_ID;
-import static com.azure.spring.test.EnvironmentVariable.AAD_MULTI_TENANT_CLIENT_SECRET;
-import static com.azure.spring.test.EnvironmentVariable.AAD_USER_NAME_2;
-import static com.azure.spring.test.EnvironmentVariable.AAD_USER_PASSWORD_2;
+import static com.azure.spring.test.EnvironmentVariable.*;
+import static com.azure.test.aad.selenium.AADSeleniumITHelper.createDefaultProperties;
 
 public class AADMultipleTenantIT {
     private static final Logger LOGGER = LoggerFactory.getLogger(AADMultipleTenantIT.class);
     private AADSeleniumITHelper aadSeleniumITHelper;
 
     @Test
     public void multipleTenantTest() {
-        Map<String, String> properties = new HashMap<>();
+        Map<String, String> properties = createDefaultProperties();
         properties.put("azure.activedirectory.client-id", AAD_MULTI_TENANT_CLIENT_ID);
         properties.put("azure.activedirectory.client-secret", AAD_MULTI_TENANT_CLIENT_SECRET);
+
         aadSeleniumITHelper = new AADSeleniumITHelper(DumbApp.class, properties,
             AAD_USER_NAME_2, AAD_USER_PASSWORD_2);
         aadSeleniumITHelper.logIn();

sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/oauth2client/issuedat/AADOauth2AuthorizedClientCachedIT.java

@@ -3,6 +3,7 @@
 
 package com.azure.test.aad.selenium.oauth2client.issuedat;
 
+import com.azure.spring.utils.AzureCloudUrls;
 import com.azure.test.aad.selenium.AADSeleniumITHelper;
 import org.junit.After;
 import org.junit.Assert;
@@ -19,6 +20,7 @@
 import java.util.Map;
 import java.util.Optional;
 
+import static com.azure.spring.test.EnvironmentVariable.AZURE_CLOUD_TYPE;
 import static com.azure.test.aad.selenium.AADSeleniumITHelper.createDefaultProperties;
 
 public class AADOauth2AuthorizedClientCachedIT {
@@ -28,15 +30,14 @@ public class AADOauth2AuthorizedClientCachedIT {
     @Test
     public void testOauth2AuthorizedClientCached() {
         Map<String, String> properties = createDefaultProperties();
-        properties.put(
-            "azure.activedirectory.authorization-clients.office.scopes",
-            "https://manage.office.com/ActivityFeed.Read, "
-                + "https://manage.office.com/ActivityFeed.ReadDlp, "
-                + "https://manage.office.com/ServiceHealth.Read");
-        properties.put(
-            "azure.activedirectory.authorization-clients.graph.scopes",
-            "https://graph.microsoft.com/User.Read, https://graph.microsoft.com/Directory.Read.All");
 
+        String armClientUrl = AzureCloudUrls.getServiceManagementBaseUrl(AZURE_CLOUD_TYPE);
+        String armClientScope = armClientUrl + "user_impersonation";
+        properties.put("azure.activedirectory.authorization-clients.arm.scopes", armClientScope);
+
+        String graphBaseUrl = AzureCloudUrls.getGraphBaseUrl(AZURE_CLOUD_TYPE);
+        properties.put("azure.activedirectory.authorization-clients.graph.scopes",
+            graphBaseUrl + "User.Read, " + graphBaseUrl + "Directory.Read.All");
         aadSeleniumITHelper = new AADSeleniumITHelper(DumbApp.class, properties);
         aadSeleniumITHelper.logIn();
 
@@ -50,8 +51,8 @@ public void testOauth2AuthorizedClientCached() {
             aadSeleniumITHelper.httpGet("accessTokenIssuedAt/graph"));
 
         Assert.assertEquals(
-            aadSeleniumITHelper.httpGet("accessTokenIssuedAt/office"),
-            aadSeleniumITHelper.httpGet("accessTokenIssuedAt/office"));
+            aadSeleniumITHelper.httpGet("accessTokenIssuedAt/arm"),
+            aadSeleniumITHelper.httpGet("accessTokenIssuedAt/arm"));
     }
 
     @After
@@ -84,9 +85,9 @@ public String graph(
                            .orElse(null);
         }
 
-        @GetMapping(value = "accessTokenIssuedAt/office")
-        public String office(
-            @RegisteredOAuth2AuthorizedClient("office") OAuth2AuthorizedClient authorizedClient) {
+        @GetMapping(value = "accessTokenIssuedAt/arm")
+        public String arm(
+            @RegisteredOAuth2AuthorizedClient("arm") OAuth2AuthorizedClient authorizedClient) {
             return Optional.of(authorizedClient)
                            .map(OAuth2AuthorizedClient::getAccessToken)
                            .map(OAuth2AccessToken::getIssuedAt)

sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/oauth2client/scopes/AADAccessTokenScopesIT.java

@@ -3,12 +3,8 @@
 
 package com.azure.test.aad.selenium.oauth2client.scopes;
 
-import static com.azure.test.aad.selenium.AADSeleniumITHelper.createDefaultProperties;
-
+import com.azure.spring.utils.AzureCloudUrls;
 import com.azure.test.aad.selenium.AADSeleniumITHelper;
-import java.util.Map;
-import java.util.Optional;
-import java.util.Set;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Test;
@@ -20,37 +16,43 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+
+import static com.azure.spring.test.EnvironmentVariable.AZURE_CLOUD_TYPE;
+import static com.azure.test.aad.selenium.AADSeleniumITHelper.createDefaultProperties;
+
 public class AADAccessTokenScopesIT {
 
     private AADSeleniumITHelper aadSeleniumITHelper;
 
     @Test
     public void testAccessTokenScopes() {
         Map<String, String> properties = createDefaultProperties();
-        properties.put(
-            "azure.activedirectory.authorization-clients.office.scopes",
-            "https://manage.office.com/ActivityFeed.Read, https://manage.office.com/ActivityFeed.ReadDlp, "
-                + "https://manage.office.com/ServiceHealth.Read");
-        properties.put(
-            "azure.activedirectory.authorization-clients.graph.scopes",
-            "https://graph.microsoft.com/User.Read, https://graph.microsoft.com/Directory.Read.All");
+        String armClientUrl = AzureCloudUrls.getServiceManagementBaseUrl(AZURE_CLOUD_TYPE);
+        String armClientScope = armClientUrl + "user_impersonation";
+        properties.put("azure.activedirectory.authorization-clients.arm.scopes", armClientScope);
+        String graphBaseUrl = AzureCloudUrls.getGraphBaseUrl(AZURE_CLOUD_TYPE);
+        properties.put("azure.activedirectory.authorization-clients.graph.scopes",
+            graphBaseUrl + "User.Read, " + graphBaseUrl + "Directory.Read.All");
+
         aadSeleniumITHelper = new AADSeleniumITHelper(DumbApp.class, properties);
         aadSeleniumITHelper.logIn();
+
         String httpResponse = aadSeleniumITHelper.httpGet("accessTokenScopes/azure");
         Assert.assertTrue(httpResponse.contains("profile"));
-        Assert.assertTrue(httpResponse.contains("https://graph.microsoft.com/Directory.Read.All"));
-        Assert.assertTrue(httpResponse.contains("https://graph.microsoft.com/User.Read"));
+        Assert.assertTrue(httpResponse.contains("Directory.Read.All"));
+        Assert.assertTrue(httpResponse.contains("User.Read"));
 
         httpResponse = aadSeleniumITHelper.httpGet("accessTokenScopes/graph");
         Assert.assertTrue(httpResponse.contains("profile"));
-        Assert.assertTrue(httpResponse.contains("https://graph.microsoft.com/Directory.Read.All"));
-        Assert.assertTrue(httpResponse.contains("https://graph.microsoft.com/User.Read"));
+        Assert.assertTrue(httpResponse.contains("Directory.Read.All"));
+        Assert.assertTrue(httpResponse.contains("User.Read"));
 
-        httpResponse = aadSeleniumITHelper.httpGet("accessTokenScopes/office");
+        httpResponse = aadSeleniumITHelper.httpGet("accessTokenScopes/arm");
         Assert.assertFalse(httpResponse.contains("profile"));
-        Assert.assertTrue(httpResponse.contains("https://manage.office.com/ActivityFeed.Read"));
-        Assert.assertTrue(httpResponse.contains("https://manage.office.com/ActivityFeed.ReadDlp"));
-        Assert.assertTrue(httpResponse.contains("https://manage.office.com/ServiceHealth.Read"));
+        Assert.assertTrue(httpResponse.contains("user_impersonation"));
 
         httpResponse = aadSeleniumITHelper.httpGet("notExist");
         Assert.assertNotEquals(httpResponse, "notExist");
@@ -84,9 +86,9 @@ public Set<String> graph(
                            .orElse(null);
         }
 
-        @GetMapping(value = "accessTokenScopes/office")
-        public Set<String> office(
-            @RegisteredOAuth2AuthorizedClient("office") OAuth2AuthorizedClient authorizedClient) {
+        @GetMapping(value = "accessTokenScopes/arm")
+        public Set<String> arm(
+            @RegisteredOAuth2AuthorizedClient("arm") OAuth2AuthorizedClient authorizedClient) {
             return Optional.of(authorizedClient)
                            .map(OAuth2AuthorizedClient::getAccessToken)
                            .map(OAuth2AccessToken::getScopes)

sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/ondemand/AADOnDemandIT.java

@@ -3,6 +3,7 @@
 
 package com.azure.test.aad.selenium.ondemand;
 
+import com.azure.spring.utils.AzureCloudUrls;
 import com.azure.test.aad.selenium.AADSeleniumITHelper;
 import org.junit.After;
 import org.junit.Assert;
@@ -19,8 +20,7 @@
 
 import java.util.Map;
 
-import static com.azure.spring.test.EnvironmentVariable.AAD_USER_NAME_ON_DEMAND;
-import static com.azure.spring.test.EnvironmentVariable.AAD_USER_PASSWORD_ON_DEMAND;
+import static com.azure.spring.test.EnvironmentVariable.*;
 import static com.azure.test.aad.selenium.AADSeleniumITHelper.createDefaultProperties;
 
 public class AADOnDemandIT {
@@ -29,11 +29,11 @@ public class AADOnDemandIT {
 
     @Test
     public void onDemandTest() {
+        String armClientUrl = AzureCloudUrls.getServiceManagementBaseUrl(AZURE_CLOUD_TYPE);
+        String armClientScope = armClientUrl + "user_impersonation";
         Map<String, String> properties = createDefaultProperties();
-        properties.put("azure.activedirectory.authorization-clients.arm.scopes",
-            "https://management.azure.com/user_impersonation");
+        properties.put("azure.activedirectory.authorization-clients.arm.scopes", armClientScope);
         properties.put("azure.activedirectory.authorization-clients.arm.on-demand", "true");
-        LOGGER.info(AAD_USER_NAME_ON_DEMAND);
 
         aadSeleniumITHelper = new AADSeleniumITHelper(DumbApp.class, properties,
             AAD_USER_NAME_ON_DEMAND, AAD_USER_PASSWORD_ON_DEMAND);
@@ -43,7 +43,7 @@ public void onDemandTest() {
         Assert.assertTrue(httpResponse.contains("azure"));
 
         String incrementalConsentUrl = aadSeleniumITHelper.httpGetWithIncrementalConsent("api/arm");
-        Assert.assertTrue(incrementalConsentUrl.contains("https://management.azure.com/user_impersonation"));
+        Assert.assertTrue(incrementalConsentUrl.contains(armClientScope));
 
         httpResponse = aadSeleniumITHelper.httpGet("api/arm");
         Assert.assertTrue(httpResponse.contains("arm"));
@@ -71,4 +71,4 @@ public ResponseEntity<String> arm(
             return ResponseEntity.ok("arm");
         }
     }
-}
+}

sdk/spring/azure-spring-boot-test-core/src/main/java/com/azure/spring/test/EnvironmentVariable.java

@@ -23,6 +23,7 @@ public class EnvironmentVariable {
     public static final String AAD_USER_PASSWORD_1 = System.getenv("AAD_USER_PASSWORD_1");
     public static final String AAD_USER_PASSWORD_2 = System.getenv("AAD_USER_PASSWORD_2");
     public static final String AAD_USER_PASSWORD_ON_DEMAND = System.getenv("AAD_USER_PASSWORD_ON_DEMAND");
+    public static final String AZURE_CLOUD_TYPE = System.getenv("AZURE_CLOUD_TYPE");
     public static final String AZURE_KEYVAULT2_URI = System.getenv("AZURE_KEYVAULT2_URI");
     public static final String AZURE_KEYVAULT_URI = System.getenv("AZURE_KEYVAULT_URI");
     public static final String AZURE_STORAGE_ACCOUNT_KEY = System.getenv("AZURE_STORAGE_ACCOUNT_KEY");

sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/utils/AzureCloudUrls.java

@@ -0,0 +1,24 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.spring.utils;
+
+/**
+ * Util class for Azure urls
+ */
+public class AzureCloudUrls {
+    public static String getBaseUrl(String cloudType) {
+        return cloudType.equals("Global") ? "https://login.microsoftonline.com/"
+            : "https://login.partner.microsoftonline.cn/";
+    }
+
+    public static String getGraphBaseUrl(String cloudType) {
+        return cloudType.equals("Global") ? "https://graph.microsoft.com/"
+            : "https://microsoftgraph.chinacloudapi.cn/";
+    }
+
+    public static String getServiceManagementBaseUrl(String cloudType) {
+        return cloudType.equals("Global") ? "https://management.azure.com/"
+            : "https://management.chinacloudapi.cn/";
+    }
+}