diff --git a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/AADSeleniumITHelper.java b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/AADSeleniumITHelper.java index de3af3a53b03..d3155474c1f1 100644 --- a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/AADSeleniumITHelper.java +++ b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/AADSeleniumITHelper.java @@ -63,4 +63,10 @@ public void logoutTest() { Assert.assertEquals(username, id); } + public String httpGetWithIncreamentalConsent(String endpoint) { + driver.get((app.root() + endpoint)); + wait.until(ExpectedConditions.elementToBeClickable(By.cssSelector("input[type='submit']"))).click(); + return wait.until(presenceOfElementLocated(By.tagName("body"))).getText(); + } + } diff --git a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/ondemand/AADOnDemandIT.java b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/ondemand/AADOnDemandIT.java new file mode 100644 index 000000000000..500093bbd445 --- /dev/null +++ b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/ondemand/AADOnDemandIT.java @@ -0,0 +1,71 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.azure.test.aad.selenium.ondemand; + +import com.azure.test.aad.selenium.AADSeleniumITHelper; +import org.junit.After; +import org.junit.Assert; +import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.http.ResponseEntity; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; +import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +import java.util.Map; + +import static com.azure.spring.test.EnvironmentVariable.AAD_USER_NAME_ON_DEMAND; +import static com.azure.spring.test.EnvironmentVariable.AAD_USER_PASSWORD_ON_DEMAND; +import static com.azure.test.aad.selenium.AADSeleniumITHelper.createDefaultProperties; + +public class AADOnDemandIT { + private AADSeleniumITHelper aadSeleniumITHelper; + private static final Logger LOGGER = LoggerFactory.getLogger(AADOnDemandIT.class); + + @Test + public void onDemandTest() { + Map properties = createDefaultProperties(); + properties.put("azure.activedirectory.authorization-clients.arm.scopes", + "https://management.azure.com/user_impersonation"); + properties.put("azure.activedirectory.authorization-clients.arm.on-demand", "true"); + LOGGER.info(AAD_USER_NAME_ON_DEMAND); + + aadSeleniumITHelper = new AADSeleniumITHelper(DumbApp.class, properties, + AAD_USER_NAME_ON_DEMAND, AAD_USER_PASSWORD_ON_DEMAND); + aadSeleniumITHelper.logIn(); + + String httpResponse = aadSeleniumITHelper.httpGet("api/azure"); + Assert.assertTrue(httpResponse.contains("azure")); + + httpResponse = aadSeleniumITHelper.httpGetWithIncreamentalConsent("api/arm"); + Assert.assertTrue(httpResponse.contains("arm")); + } + + @After + public void destroy() { + aadSeleniumITHelper.destroy(); + } + + @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) + @SpringBootApplication + @RestController + public static class DumbApp { + + @GetMapping(value = "/api/azure") + public ResponseEntity azure( + @RegisteredOAuth2AuthorizedClient("azure") OAuth2AuthorizedClient authorizedClient) { + return ResponseEntity.ok("azure"); + } + + @GetMapping(value = "/api/arm") + public ResponseEntity arm( + @RegisteredOAuth2AuthorizedClient("arm") OAuth2AuthorizedClient authorizedClient) { + return ResponseEntity.ok("arm"); + } + } +} \ No newline at end of file diff --git a/sdk/spring/azure-spring-boot-test-core/src/main/java/com/azure/spring/test/EnvironmentVariable.java b/sdk/spring/azure-spring-boot-test-core/src/main/java/com/azure/spring/test/EnvironmentVariable.java index 4ddbe354e6b2..998952ce6063 100644 --- a/sdk/spring/azure-spring-boot-test-core/src/main/java/com/azure/spring/test/EnvironmentVariable.java +++ b/sdk/spring/azure-spring-boot-test-core/src/main/java/com/azure/spring/test/EnvironmentVariable.java @@ -21,8 +21,10 @@ public class EnvironmentVariable { public static final String AAD_TENANT_ID_2 = System.getenv("AAD_TENANT_ID_2"); public static final String AAD_USER_NAME_1 = System.getenv("AAD_USER_NAME_1"); public static final String AAD_USER_NAME_2 = System.getenv("AAD_USER_NAME_2"); + public static final String AAD_USER_NAME_ON_DEMAND = System.getenv("AAD_USER_NAME_ON_DEMAND"); public static final String AAD_USER_PASSWORD_1 = System.getenv("AAD_USER_PASSWORD_1"); public static final String AAD_USER_PASSWORD_2 = System.getenv("AAD_USER_PASSWORD_2"); + public static final String AAD_USER_PASSWORD_ON_DEMAND = System.getenv("AAD_USER_PASSWORD_ON_DEMAND"); public static final String AZURE_KEYVAULT2_URI = System.getenv("AZURE_KEYVAULT2_URI"); public static final String AZURE_KEYVAULT_URI = System.getenv("AZURE_KEYVAULT_URI"); public static final String AZURE_STORAGE_ACCOUNT_KEY = System.getenv("AZURE_STORAGE_ACCOUNT_KEY"); diff --git a/sdk/spring/tests.yml b/sdk/spring/tests.yml index e2694f5b8110..11f06fac2b92 100644 --- a/sdk/spring/tests.yml +++ b/sdk/spring/tests.yml @@ -75,6 +75,19 @@ stages: AAD_B2C_USER_PASSWORD: $(java-spring-aad-b2c-user-password) AAD_B2C_CLIENT_ID: $(java-spring-aad-b2c-client-id) AAD_B2C_CLIENT_SECRET: $(java-spring-aad-b2c-client-secret) + AAD_USER_NAME_ON_DEMAND: "user$(System.JobId)@aadittest1.onmicrosoft.com" + AAD_USER_PASSWORD_ON_DEMAND: $(java-spring-aad-user-password-1) + AAD_SERVICE_PRICIPAL_CLIENT_ID: $(java-spring-aad-service-principal-client-id) + AAD_SERVICE_PRICIPAL_CLIENT_SECRET: $(java-spring-aad-service-principal-client-secret) + + PreSteps: + - powershell: | + az login --allow-no-subscriptions --tenant $(java-spring-aad-tenant-id-1) --service-principal -u $(java-spring-aad-service-principal-client-id) -p $(java-spring-aad-service-principal-client-secret) + az ad user create --user-principal-name "$env:AAD_USER_NAME_ON_DEMAND" --display-name "user$(System.JobId)" --password "$(java-spring-aad-user-password-1)" --force-change-password-next-login false + az logout + env: + AAD_USER_NAME_ON_DEMAND: "user$(System.JobId)@aadittest1.onmicrosoft.com" + displayName: 'Create On-demand test user' PostSteps: - script: | @@ -123,3 +136,16 @@ stages: AAD_B2C_USER_PASSWORD: $(java-spring-aad-b2c-user-password) AAD_B2C_CLIENT_ID: $(java-spring-aad-b2c-client-id) AAD_B2C_CLIENT_SECRET: $(java-spring-aad-b2c-client-secret) + AAD_USER_NAME_ON_DEMAND: "user$(System.JobId)@aadittest1.onmicrosoft.com" + AAD_USER_PASSWORD_ON_DEMAND: $(java-spring-aad-user-password-1) + AAD_SERVICE_PRICIPAL_CLIENT_ID: $(java-spring-aad-service-principal-client-id) + AAD_SERVICE_PRICIPAL_CLIENT_SECRET: $(java-spring-aad-service-principal-client-secret) + + - powershell: | + az login --allow-no-subscriptions --tenant $(java-spring-aad-tenant-id-1) --service-principal -u $(java-spring-aad-service-principal-client-id) -p $(java-spring-aad-service-principal-client-secret) + az ad user delete --id "$env:AAD_USER_NAME_ON_DEMAND" + az logout + env: + AAD_USER_NAME_ON_DEMAND: "user$(System.JobId)@aadittest1.onmicrosoft.com" + condition: always() + displayName: 'Delete On-demand test user'