Skip to content

Commit

Permalink
azrepos: add tests of MID and SP get credential
Browse files Browse the repository at this point in the history 
Add tests of the `GetCredentialAsync` method on the
`AzureReposHostProvider` using managed identity and service principal.
  • Loading branch information
@mjcheetham
mjcheetham committed Aug 15, 2023
1 parent aafbda4 commit eff4ea6
Showing 1 changed file with 96 additions and 0 deletions.
96 changes: 96 additions & 0 deletions src/shared/Microsoft.AzureRepos.Tests/AzureReposHostProviderTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -511,6 +511,102 @@ public async Task AzureReposProvider_GetCredentialAsync_PatMode_ExistingPat_Retu
Assert.Equal(personalAccessToken, credential.Password);
}

[Fact]
public async Task AzureReposProvider_GetCredentialAsync_ManagedIdentity_ReturnsManagedIdCredential()
{
var input = new InputArguments(new Dictionary<string, string>
{
["protocol"] = "https",
["host"] = "dev.azure.com",
["path"] = "org/proj/_git/repo"
});

const string accessToken = "MANAGED-IDENTITY-TOKEN";
const string managedIdentity = "MANAGED-IDENTITY";

var context = new TestCommandContext
{
Environment =
{
Variables =
{
[AzureDevOpsConstants.EnvironmentVariables.ManagedIdentity] = managedIdentity
}
}
};

var azDevOps = Mock.Of<IAzureDevOpsRestApi>();
var authorityCache = Mock.Of<IAzureDevOpsAuthorityCache>();
var userMgr = Mock.Of<IAzureReposBindingManager>();
var msAuthMock = new Mock<IMicrosoftAuthentication>();

msAuthMock.Setup(x => x.GetTokenForManagedIdentityAsync(It.IsAny<string>(), It.IsAny<string>()))
.ReturnsAsync(new MockMsAuthResult { AccessToken = accessToken });

var provider = new AzureReposHostProvider(context, azDevOps, msAuthMock.Object, authorityCache, userMgr);

ICredential credential = await provider.GetCredentialAsync(input);

Assert.NotNull(credential);
Assert.Equal(managedIdentity, credential.Account);
Assert.Equal(accessToken, credential.Password);

msAuthMock.Verify(
x => x.GetTokenForManagedIdentityAsync(managedIdentity,
AzureDevOpsConstants.AzureDevOpsResourceId), Times.Once);
}

[Fact]
public async Task AzureReposProvider_GetCredentialAsync_ServicePrincipal_ReturnsSPCredential()
{
var input = new InputArguments(new Dictionary<string, string>
{
["protocol"] = "https",
["host"] = "dev.azure.com",
["path"] = "org/proj/_git/repo"
});

const string accessToken = "SP-TOKEN";
const string tenantId = "78B1822F-107D-40A3-A29C-AB68D8066074";
const string clientId = "49B4DC1A-58A8-4EEE-A81B-616A40D0BA64";
const string servicePrincipal = $"{tenantId}/{clientId}";
const string servicePrincipalSecret = "CLIENT-SECRET";

var context = new TestCommandContext
{
Environment =
{
Variables =
{
[AzureDevOpsConstants.EnvironmentVariables.ServicePrincipalId] = servicePrincipal,
[AzureDevOpsConstants.EnvironmentVariables.ServicePrincipalSecret] = servicePrincipalSecret
}
}
};

var azDevOps = Mock.Of<IAzureDevOpsRestApi>();
var authorityCache = Mock.Of<IAzureDevOpsAuthorityCache>();
var userMgr = Mock.Of<IAzureReposBindingManager>();
var msAuthMock = new Mock<IMicrosoftAuthentication>();

msAuthMock.Setup(x =>
x.GetTokenForServicePrincipalAsync(It.IsAny<ServicePrincipalIdentity>(), It.IsAny<string[]>()))
.ReturnsAsync(new MockMsAuthResult { AccessToken = accessToken });

var provider = new AzureReposHostProvider(context, azDevOps, msAuthMock.Object, authorityCache, userMgr);

ICredential credential = await provider.GetCredentialAsync(input);

Assert.NotNull(credential);
Assert.Equal(clientId, credential.Account);
Assert.Equal(accessToken, credential.Password);

msAuthMock.Verify(x => x.GetTokenForServicePrincipalAsync(
It.Is<ServicePrincipalIdentity>(sp => sp.TenantId == tenantId && sp.Id == clientId),
It.Is<string[]>(scopes => scopes.Length == 1 && scopes[0] == AzureDevOpsConstants.AzureDevOpsDefaultScopes[0])),
Times.Once);
}

[Fact]
public async Task AzureReposHostProvider_ConfigureAsync_UseHttpPathSetTrue_DoesNothing()
{
Expand Down

0 comments on commit eff4ea6

Please sign in to comment.