Updates to enable live testing in sovereign clouds for multiple services

sdk/appconfiguration/test-resources.json

@@ -48,16 +48,30 @@
             "defaultValue": "azconfig-net",
             "type": "string"
         },
-        "endpointSuffix": {
+        "azConfigEndpointSuffix": {
             "defaultValue": ".azconfig.io",
             "type": "string"
+        },
+        "keyVaultEndpointSuffix": {
+            "defaultValue": ".vault.azure.net",
+            "type": "string",
+            "metadata": {
+                "description": "Endpoint suffix for sovereign clouds, requies the preceeding '.'. The default uses the public Azure Cloud (.vault.azure.net)"
+            }
+        },
+        "keyVaultSku": {
+            "type": "string",
+            "defaultValue": "premium",
+            "metadata": {
+                "description": "Key Vault SKU to deploy. The default is 'premium'"
+            }
         }
     },
     "variables": {
         "roleDefinitionId": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b', subscription().subscriptionId)]",
         "uniqueAzConfigName": "[format('{0}-{1}', parameters('baseName'), parameters('azConfigPrefix'))]",
-        "endpointValue": "[format('https://{0}-{1}.azconfig.io', parameters('baseName'), parameters('azConfigPrefix'))]",
-        "azureKeyVaultSecretUrl": "[format('https://{0}.vault.azure.net/secrets/TestSecret', parameters('baseName'))]"
+        "endpointValue": "[format('https://{0}-{1}{2}', parameters('baseName'), parameters('azConfigPrefix'), parameters('azConfigEndpointSuffix'))]",
+        "azureKeyVaultSecretUrl": "[format('https://{0}{1}/secrets/TestSecret', parameters('baseName'), parameters('keyVaultEndpointSuffix'))]"
     },
     "resources": [
         {
@@ -89,7 +103,7 @@
             "properties": {
                 "sku": {
                     "family": "A",
-                    "name": "premium"
+                    "name": "[parameters('keyVaultSku')]"
                 },
                 "tenantId": "[parameters('tenantId')]",
                 "accessPolicies": [

sdk/appconfiguration/tests.yml

@@ -4,3 +4,4 @@ extends:
   template: ../../eng/pipelines/templates/stages/archetype-sdk-tests.yml
   parameters:
     ServiceDirectory: appconfiguration
+    Clouds: 'Public,Preview,UsGov,China'

sdk/core/Azure.Core.TestFramework/src/TestEnvironment.cs

@@ -131,7 +131,7 @@ static TestEnvironment()
         /// <summary>
         ///   The URL of the Azure Authority host to be used for authentication. Recorded.
         /// </summary>
-        public string AuthorityHostUrl => GetRecordedOptionalVariable("AZURE_AUTHORITY_HOST");
+        public string AuthorityHostUrl => GetRecordedOptionalVariable("AZURE_AUTHORITY_HOST") ?? "https://login.microsoftonline.com/";
 
         /// <summary>
         ///   The suffix for Azure Storage accounts for the active cloud environment, such as "core.windows.net".  Recorded.

sdk/eventgrid/tests.yml

@@ -4,5 +4,6 @@ extends:
   template: ../../eng/pipelines/templates/stages/archetype-sdk-tests.yml
   parameters:
     ServiceDirectory: eventgrid
+    Clouds: 'Public,Preview,UsGov,China'
     EnvVars:
       AZURE_EVENTGRID_TEST_MODE: Live

sdk/eventhub/tests.data.yml

@@ -6,5 +6,5 @@ extends:
     MaxParallel: 6
     ServiceDirectory: eventhub
     SDKType: data
-    TimeoutInMinutes: 190
-    Clouds: 'Public,Canary'
+    TimeoutInMinutes: 240
+    Clouds: 'Public,Preview,UsGov,China,Canary'

sdk/eventhub/tests.yml

@@ -6,5 +6,5 @@ extends:
     MaxParallel: 6
     ServiceDirectory: eventhub
     SDKType: client
-    TimeoutInMinutes: 190
-    Clouds: 'Public,Canary'
+    TimeoutInMinutes: 240
+    Clouds: 'Public,Preview,UsGov,China,Canary'

sdk/extensions/tests.yml

@@ -4,4 +4,4 @@ extends:
   template: ../../eng/pipelines/templates/stages/archetype-sdk-tests.yml
   parameters:
     ServiceDirectory: extensions
-    SupportedClouds: 'Public,Canary,UsGov,China'
+    Clouds: 'Public,Preview,UsGov,China'

sdk/formrecognizer/tests.yml

@@ -4,7 +4,7 @@ extends:
   template: ../../eng/pipelines/templates/stages/archetype-sdk-tests.yml
   parameters:
     ServiceDirectory: formrecognizer
-    TimeoutInMinutes: 90
+    TimeoutInMinutes: 240
     CloudConfig:
       Public:
         SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources)
@@ -18,4 +18,4 @@ extends:
       China:
         SubscriptionConfiguration: $(sub-config-cn-test-resources)
         Location: 'chinaeast2'
-    SupportedClouds: 'Public,Canary,UsGov,China'
+    Clouds: 'Public,UsGov,China,Canary'

sdk/identity/Azure.Identity/tests/ClientCertificateCredentialLiveTests.cs

@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System;
 using System.IO;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
@@ -35,7 +36,7 @@ public async Task FromCertificatePath(bool usePem)
 
             var credential = InstrumentClient(new ClientCertificateCredential(tenantId, clientId, certPath, options));
 
-            var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(AzureAuthorityHosts.AzurePublicCloud) });
+            var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(new Uri(TestEnvironment.AuthorityHostUrl)) });
 
             // ensure we can initially acquire a  token
             AccessToken token = await credential.GetTokenAsync(tokenRequestContext);
@@ -70,7 +71,7 @@ public async Task FromX509Certificate2()
 
             var credential = InstrumentClient(new ClientCertificateCredential(tenantId, clientId, cert, options));
 
-            var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(AzureAuthorityHosts.AzurePublicCloud) });
+            var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(new Uri(TestEnvironment.AuthorityHostUrl)) });
 
             // ensure we can initially acquire a  token
             AccessToken token = await credential.GetTokenAsync(tokenRequestContext);
@@ -105,7 +106,7 @@ public async Task IncludeX5CClaimHeader()
 
             var credential = InstrumentClient(new ClientCertificateCredential(tenantId, clientId, certPath, options));
 
-            var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(AzureAuthorityHosts.AzurePublicCloud) });
+            var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(new Uri(TestEnvironment.AuthorityHostUrl)) });
 
             // ensure we can initially acquire a  token
             AccessToken token = await credential.GetTokenAsync(tokenRequestContext);
@@ -124,7 +125,7 @@ public void IncorrectCertificate()
 
             var credential = InstrumentClient(new ClientCertificateCredential(tenantId, clientId, new X509Certificate2(certPath), options));
 
-            var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(AzureAuthorityHosts.AzurePublicCloud) });
+            var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(new Uri(TestEnvironment.AuthorityHostUrl)) });
 
             // ensure the incorrect client claim is rejected, handled and wrapped in AuthenticationFailedException
             Assert.ThrowsAsync<AuthenticationFailedException>(async () => await credential.GetTokenAsync(tokenRequestContext));

sdk/identity/Azure.Identity/tests/ClientSecretCredentialLiveTests.cs

@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System;
 using System.Threading.Tasks;
 using Azure.Core;
 using Azure.Core.TestFramework;
@@ -32,7 +33,7 @@ public async Task GetToken()
 
             var credential = InstrumentClient(new ClientSecretCredential(tenantId, clientId, secret, options));
 
-            var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(AzureAuthorityHosts.AzurePublicCloud) });
+            var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(new Uri(TestEnvironment.AuthorityHostUrl)) });
 
             // ensure we can initially acquire a  token
             AccessToken token = await credential.GetTokenAsync(tokenRequestContext);
@@ -66,7 +67,7 @@ public void GetTokenIncorrectPassword()
 
             var credential = InstrumentClient(new ClientSecretCredential(tenantId, clientId, secret, options));
 
-            var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(AzureAuthorityHosts.AzurePublicCloud) });
+            var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(new Uri(TestEnvironment.AuthorityHostUrl)) });
 
             // ensure we can initially acquire a  token
             Assert.ThrowsAsync<AuthenticationFailedException>(async () => await credential.GetTokenAsync(tokenRequestContext));

sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs

@@ -135,13 +135,15 @@ public static async Task<string> GetRefreshTokenAsync(IdentityTestEnvironment te
             var clientId = "aebc6443-996d-45c2-90f0-388ff96faa56";
             var username = testEnvironment.Username;
             var password = testEnvironment.Password;
+            var authorityUri = new Uri(new Uri(testEnvironment.AuthorityHostUrl), testEnvironment.TestTenantId).ToString();
 
             var client = PublicClientApplicationBuilder.Create(clientId)
+                .WithAuthority(authorityUri)
                 .WithTenantId(testEnvironment.TestTenantId)
                 .Build();
 
             var retriever = new RefreshTokenRetriever(client.UserTokenCache);
-            await client.AcquireTokenByUsernamePassword(new[] {".default"}, username, password.ToSecureString()).ExecuteAsync();
+            await client.AcquireTokenByUsernamePassword(new[] { ".default" }, username, password.ToSecureString()).ExecuteAsync();
 
             StaticCachesUtilities.ClearStaticMetadataProviderCache();
             StaticCachesUtilities.ClearAuthorityEndpointResolutionManagerCache();

sdk/identity/Azure.Identity/tests/DefaultAzureCredentialLiveTests.cs

@@ -45,7 +45,7 @@ public async Task DefaultAzureCredential_UseVisualStudioCredential()
 
             using (ClientDiagnosticListener diagnosticListener = new ClientDiagnosticListener(s => s.StartsWith("Azure.Identity")))
             {
-                token = await credential.GetTokenAsync(new TokenRequestContext(new[] {"https://vault.azure.net/.default"}), CancellationToken.None);
+                token = await credential.GetTokenAsync(new TokenRequestContext(new[] {TestEnvironment.KeyvaultScope}), CancellationToken.None);
                 scopes = diagnosticListener.Scopes;
             }
 
@@ -66,6 +66,7 @@ public async Task DefaultAzureCredential_UseVisualStudioCodeCredential()
                 ExcludeEnvironmentCredential = true,
                 ExcludeInteractiveBrowserCredential = true,
                 ExcludeSharedTokenCacheCredential = true,
+                ExcludeManagedIdentityCredential = true,
                 VisualStudioCodeTenantId = TestEnvironment.TestTenantId
             });
 
@@ -82,7 +83,7 @@ public async Task DefaultAzureCredential_UseVisualStudioCodeCredential()
             using (await CredentialTestHelpers.CreateRefreshTokenFixtureAsync(TestEnvironment, Mode, ExpectedServiceName, cloudName))
             using (ClientDiagnosticListener diagnosticListener = new ClientDiagnosticListener(s => s.StartsWith("Azure.Identity")))
             {
-                token = await credential.GetTokenAsync(new TokenRequestContext(new[] {"https://vault.azure.net/.default"}), CancellationToken.None);
+                token = await credential.GetTokenAsync(new TokenRequestContext(new[] {TestEnvironment.KeyvaultScope}), CancellationToken.None);
                 scopes = diagnosticListener.Scopes;
             }
 
@@ -102,6 +103,7 @@ public async Task DefaultAzureCredential_UseVisualStudioCodeCredential_ParallelC
                 ExcludeEnvironmentCredential = true,
                 ExcludeInteractiveBrowserCredential = true,
                 ExcludeSharedTokenCacheCredential = true,
+                ExcludeManagedIdentityCredential = true,
                 VisualStudioCodeTenantId = TestEnvironment.TestTenantId
             });
 
@@ -117,7 +119,7 @@ public async Task DefaultAzureCredential_UseVisualStudioCodeCredential_ParallelC
             {
                 for (int i = 0; i < 10; i++)
                 {
-                    tasks.Add(Task.Run(async () => await credential.GetTokenAsync(new TokenRequestContext(new[] {"https://vault.azure.net/.default"}), CancellationToken.None)));
+                    tasks.Add(Task.Run(async () => await credential.GetTokenAsync(new TokenRequestContext(new[] {TestEnvironment.KeyvaultScope}), CancellationToken.None)));
                 }
 
                 await Task.WhenAll(tasks);
@@ -153,7 +155,7 @@ public async Task DefaultAzureCredential_UseAzureCliCredential()
 
             using (ClientDiagnosticListener diagnosticListener = new ClientDiagnosticListener(s => s.StartsWith("Azure.Identity")))
             {
-                token = await credential.GetTokenAsync(new TokenRequestContext(new[] {"https://vault.azure.net/.default"}), CancellationToken.None);
+                token = await credential.GetTokenAsync(new TokenRequestContext(new[] {TestEnvironment.KeyvaultScope}), CancellationToken.None);
                 scopes = diagnosticListener.Scopes;
             }
 
@@ -187,7 +189,7 @@ public async Task DefaultAzureCredential_UseAzureCliCredential_ParallelCalls()
             var tasks = new List<Task<AccessToken>>();
             for (int i = 0; i < 10; i++)
             {
-                tasks.Add(Task.Run(async () => await credential.GetTokenAsync(new TokenRequestContext(new[] {"https://vault.azure.net/.default"}), CancellationToken.None)));
+                tasks.Add(Task.Run(async () => await credential.GetTokenAsync(new TokenRequestContext(new[] {TestEnvironment.KeyvaultScope}), CancellationToken.None)));
             }
 
             await Task.WhenAll(tasks);
@@ -218,7 +220,7 @@ public void DefaultAzureCredential_AllCredentialsHaveFailed_CredentialUnavailabl
 
             using (ClientDiagnosticListener diagnosticListener = new ClientDiagnosticListener(s => s.StartsWith("Azure.Identity")))
             {
-                Assert.CatchAsync<CredentialUnavailableException>(async () => await credential.GetTokenAsync(new TokenRequestContext(new[] {"https://vault.azure.net/.default"}), CancellationToken.None));
+                Assert.CatchAsync<CredentialUnavailableException>(async () => await credential.GetTokenAsync(new TokenRequestContext(new[] {TestEnvironment.KeyvaultScope}), CancellationToken.None));
                 scopes = diagnosticListener.Scopes;
             }
 
@@ -274,7 +276,7 @@ public void DefaultAzureCredential_AllCredentialsHaveFailed_LastAuthenticationFa
 
             using (ClientDiagnosticListener diagnosticListener = new ClientDiagnosticListener(s => s.StartsWith("Azure.Identity")))
             {
-                Assert.CatchAsync<AuthenticationFailedException>(async () => await credential.GetTokenAsync(new TokenRequestContext(new[] {"https://vault.azure.net/.default"}), CancellationToken.None));
+                Assert.CatchAsync<AuthenticationFailedException>(async () => await credential.GetTokenAsync(new TokenRequestContext(new[] {TestEnvironment.KeyvaultScope}), CancellationToken.None));
                 scopes = diagnosticListener.Scopes;
             }
 

sdk/identity/Azure.Identity/tests/DeviceCodeCredentialTests.cs

@@ -176,6 +176,7 @@ public async Task AuthenticateWithDeviceCodeMockVerifyCallbackCancellationAsync(
         [Test]
         public void AuthenticateWithDeviceCodeCallbackThrowsAsync()
         {
+            IdentityTestEnvironment testEnvironment = new IdentityTestEnvironment();
             var expectedCode = Guid.NewGuid().ToString();
 
             var expectedToken = Guid.NewGuid().ToString();
@@ -188,19 +189,20 @@ public void AuthenticateWithDeviceCodeCallbackThrowsAsync()
 
             var cred = InstrumentClient(new DeviceCodeCredential(ThrowingDeviceCodeCallback, ClientId, options: options));
 
-            var ex = Assert.ThrowsAsync<AuthenticationFailedException>(async () => await cred.GetTokenAsync(new TokenRequestContext(new string[] { "https://vault.azure.net/.default" }), cancelSource.Token));
+            var ex = Assert.ThrowsAsync<AuthenticationFailedException>(async () => await cred.GetTokenAsync(new TokenRequestContext(new string[] { testEnvironment.KeyvaultScope }), cancelSource.Token));
 
             Assert.IsInstanceOf(typeof(MockException), ex.InnerException);
         }
 
         [Test]
         public void DisableAutomaticAuthenticationException()
         {
+            IdentityTestEnvironment testEnvironment = new IdentityTestEnvironment();
             var expectedCode = Guid.NewGuid().ToString();
 
             var cred = InstrumentClient(new DeviceCodeCredential(new DeviceCodeCredentialOptions { DisableAutomaticAuthentication = true, DeviceCodeCallback = (code, cancelToken) => VerifyDeviceCode(code, expectedCode) }));
 
-            var expTokenRequestContext = new TokenRequestContext(new string[] { "https://vault.azure.net/.default" }, Guid.NewGuid().ToString());
+            var expTokenRequestContext = new TokenRequestContext(new string[] { testEnvironment.KeyvaultScope }, Guid.NewGuid().ToString());
 
             var ex = Assert.ThrowsAsync<AuthenticationRequiredException>(async () => await cred.GetTokenAsync(expTokenRequestContext));
 
@@ -209,24 +211,25 @@ public void DisableAutomaticAuthenticationException()
 
         private MockResponse ProcessMockRequest(MockRequest mockRequest, string code, string token)
         {
+            IdentityTestEnvironment testEnvironment = new IdentityTestEnvironment();
             string requestUrl = mockRequest.Uri.ToUri().AbsoluteUri;
 
-            if (requestUrl.StartsWith("https://login.microsoftonline.com/common/discovery/instance"))
+            if (requestUrl.StartsWith(new Uri(new Uri(testEnvironment.AuthorityHostUrl), "common/discovery/instance").ToString()))
             {
                 return DiscoveryInstanceResponse;
             }
 
-            if (requestUrl.StartsWith("https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration"))
+            if (requestUrl.StartsWith(new Uri(new Uri(testEnvironment.AuthorityHostUrl), "organizations/v2.0/.well-known/openid-configuration").ToString()))
             {
                 return OpenIdConfigurationResponse;
             }
 
-            if (requestUrl.StartsWith("https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode"))
+            if (requestUrl.StartsWith(new Uri(new Uri(testEnvironment.AuthorityHostUrl), "organizations/oauth2/v2.0/devicecode").ToString()) || requestUrl.StartsWith("https://login.partner.microsoftonline.cn/organizations/oauth2/v2.0/devicecode"))
             {
                 return CreateDeviceCodeResponse(code);
             }
 
-            if (requestUrl.StartsWith("https://login.microsoftonline.com/organizations/oauth2/v2.0/token"))
+            if (requestUrl.StartsWith(new Uri(new Uri(testEnvironment.AuthorityHostUrl), "organizations/oauth2/v2.0/token").ToString()) || requestUrl.StartsWith($"https://login.partner.microsoftonline.cn/organizations/oauth2/v2.0/token"))
             {
                 return CreateTokenResponse(code, token);
             }

sdk/identity/Azure.Identity/tests/IdentityTestEnvironment.cs

@@ -31,6 +31,7 @@ public class IdentityTestEnvironment : TestEnvironment
 
         public string TestPassword => GetOptionalVariable("AZURE_IDENTITY_TEST_PASSWORD") ?? "SANITIZED";
         public string TestTenantId => GetRecordedOptionalVariable("TENANT_ID") ?? GetRecordedVariable("AZURE_IDENTITY_TEST_TENANTID");
+        public string KeyvaultScope => GetOptionalVariable("AZURE_KEYVAULT_SCOPE") ?? "https://vault.azure.net/.default";
 
         public string ServicePrincipalClientId => GetRecordedVariable("IDENTITY_SP_CLIENT_ID");
         public string ServicePrincipalTenantId => GetRecordedVariable("IDENTITY_SP_TENANT_ID");