Migrate Attestation Tests (#40906)

sdk/attestation/azure-security-attestation/src/test/java/com/azure/security/attestation/AttestationClientTestBase.java

@@ -12,7 +12,6 @@
 import com.azure.core.util.logging.ClientLogger;
 import com.azure.core.util.serializer.JacksonAdapter;
 import com.azure.core.util.serializer.SerializerAdapter;
-import com.azure.identity.ClientSecretCredentialBuilder;
 import com.azure.security.attestation.models.AttestationTokenValidationOptions;
 import com.azure.security.attestation.models.AttestationType;
 import com.nimbusds.jose.util.X509CertUtils;
@@ -170,11 +169,7 @@ static ClientTypes classifyClient(String clientUri) {
     AttestationClientBuilder getAuthenticatedAttestationBuilder(HttpClient httpClient, String clientUri) {
         AttestationClientBuilder builder = getAttestationBuilder(httpClient, clientUri);
         if (!interceptorManager.isPlaybackMode()) {
-            builder.credential(new ClientSecretCredentialBuilder()
-                .clientSecret(Configuration.getGlobalConfiguration().get("ATTESTATION_CLIENT_SECRET"))
-                .clientId(Configuration.getGlobalConfiguration().get("ATTESTATION_CLIENT_ID"))
-                .tenantId(Configuration.getGlobalConfiguration().get("ATTESTATION_TENANT_ID"))
-                .httpClient(httpClient).build());
+            builder.credential(TestUtil.getIdentityTestCredential(interceptorManager, httpClient));
         } else {
             builder.credential(new MockTokenCredential());
         }
@@ -234,12 +229,7 @@ AttestationAdministrationClientBuilder getAttestationAdministrationBuilder(HttpC
             // Add a 10-second slack time to account for clock drift between the client and server.
             builder.tokenValidationOptions(new AttestationTokenValidationOptions()
                     .setValidationSlack(Duration.ofSeconds(10)))
-                .credential(new ClientSecretCredentialBuilder()
-                    .clientSecret(Configuration.getGlobalConfiguration().get("ATTESTATION_CLIENT_SECRET"))
-                    .clientId(Configuration.getGlobalConfiguration().get("ATTESTATION_CLIENT_ID"))
-                    .tenantId(Configuration.getGlobalConfiguration().get("ATTESTATION_TENANT_ID"))
-                    .httpClient(httpClient).build())
-                .httpClient(httpClient);
+                .credential(TestUtil.getIdentityTestCredential(interceptorManager, httpClient));
         } else {
             builder.tokenValidationOptions(new AttestationTokenValidationOptions()
                 .setValidateExpiresOn(false)

sdk/attestation/azure-security-attestation/src/test/java/com/azure/security/attestation/TestUtil.java

@@ -0,0 +1,62 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.attestation;
+
+import com.azure.core.credential.TokenCredential;
+import com.azure.core.http.HttpClient;
+import com.azure.core.test.InterceptorManager;
+import com.azure.core.test.utils.MockTokenCredential;
+import com.azure.core.util.Configuration;
+import com.azure.core.util.CoreUtils;
+import com.azure.identity.AzureCliCredentialBuilder;
+import com.azure.identity.AzurePipelinesCredentialBuilder;
+import com.azure.identity.AzurePowerShellCredentialBuilder;
+import com.azure.identity.AzureDeveloperCliCredentialBuilder;
+import com.azure.identity.ChainedTokenCredentialBuilder;
+import com.azure.identity.EnvironmentCredentialBuilder;
+
+public class TestUtil {
+
+    /**
+     * Gets a token credential for use in tests.
+     * @param interceptorManager the interceptor manager
+     * @return the TokenCredential
+     */
+    public static TokenCredential getIdentityTestCredential(InterceptorManager interceptorManager,
+                                                            HttpClient httpClient) {
+        if (interceptorManager.isPlaybackMode()) {
+            return  new MockTokenCredential();
+        }
+
+        Configuration config = Configuration.getGlobalConfiguration();
+
+        ChainedTokenCredentialBuilder builder = new ChainedTokenCredentialBuilder()
+            .addLast(new EnvironmentCredentialBuilder().httpClient(httpClient).build())
+            .addLast(new AzureCliCredentialBuilder().httpClient(httpClient).build())
+            .addLast(new AzureDeveloperCliCredentialBuilder().httpClient(httpClient).build());
+
+
+        String serviceConnectionId = config.get("AZURESUBSCRIPTION_SERVICE_CONNECTION_ID");
+        String clientId = config.get("AZURESUBSCRIPTION_CLIENT_ID");
+        String tenantId = config.get("AZURESUBSCRIPTION_TENANT_ID");
+        String systemAccessToken = config.get("SYSTEM_ACCESSTOKEN");
+
+        if (!CoreUtils.isNullOrEmpty(serviceConnectionId)
+            && !CoreUtils.isNullOrEmpty(clientId)
+            && !CoreUtils.isNullOrEmpty(tenantId)
+            && !CoreUtils.isNullOrEmpty(systemAccessToken)) {
+
+            builder.addLast(new AzurePipelinesCredentialBuilder()
+                .systemAccessToken(systemAccessToken)
+                .clientId(clientId)
+                .tenantId(tenantId)
+                .httpClient(httpClient)
+                .serviceConnectionId(serviceConnectionId)
+                .build());
+        }
+
+        builder.addLast(new AzurePowerShellCredentialBuilder().httpClient(httpClient).build());
+        return builder.build();
+    }
+}

sdk/attestation/tests.yml

@@ -3,13 +3,10 @@ trigger: none
 extends:
   template: /eng/pipelines/templates/stages/archetype-sdk-tests.yml
   parameters:
+    UseFederatedAuth: true
     ServiceDirectory: attestation
     Location: westus
     Artifacts:
       - name: azure-security-attestation
         groupId: com.azure
         safeName: azuresecurityattestation
-    EnvVars:
-      AZURE_CLIENT_ID: $(ATTESTATION_CLIENT_ID)
-      AZURE_TENANT_ID: $(ATTESTATION_TENANT_ID)
-      AZURE_CLIENT_SECRET: $(ATTESTATION_CLIENT_SECRET)