[azkeys] re-enable mhsm test (#22876)

* enable mhsm test * Charles feedback Co-authored-by: Charles Lowell <10964656+chlowell@users.noreply.github.com> --------- Co-authored-by: Charles Lowell <10964656+chlowell@users.noreply.github.com>
Azure · May 10, 2024 · 569e181 · 569e181
1 parent 6e41b3b
commit 569e181
Showing 1 changed file with 61 additions and 62 deletions.
diff --git a/sdk/security/keyvault/azkeys/client_test.go b/sdk/security/keyvault/azkeys/client_test.go
@@ -540,72 +540,71 @@ func TestReleaseKey(t *testing.T) {
 	if recording.GetRecordMode() == recording.PlaybackMode {
 		t.Skip("https://github.com/Azure/azure-sdk-for-go/issues/22869")
 	}
-	// Skipping managed HSM tests for now, service failure
-	//for _, mhsm := range []bool{false, true} {
-	name := "KV"
-	// if mhsm {
-	// 	name = "MHSM"
-	// }
-	t.Run(name, func(t *testing.T) {
-		client := startTest(t, false)
-		key := createRandomName(t, "testreleasekey")
-
-		// retry creating the key because Key Vault sometimes can't reach the fake
-		// attestation service we use in CI for several minutes after deployment
-		var createResp azkeys.CreateKeyResponse
-		var err error
-		for i := 0; i < 5; i++ {
-			params := azkeys.CreateKeyParameters{
-				Curve: to.Ptr(azkeys.CurveNameP256K),
-				KeyAttributes: &azkeys.KeyAttributes{
-					Exportable: to.Ptr(true),
-				},
-				Kty: to.Ptr(azkeys.KeyTypeECHSM),
-				ReleasePolicy: &azkeys.KeyReleasePolicy{
-					EncodedPolicy: getMarshalledReleasePolicy(attestationURL),
-					Immutable:     to.Ptr(true),
-				},
+	for _, mhsm := range []bool{false, true} {
+		name := "KV"
+		if mhsm {
+			name = "MHSM"
+		}
+		t.Run(name, func(t *testing.T) {
+			client := startTest(t, false)
+			key := createRandomName(t, "testreleasekey")
+
+			// retry creating the key because Key Vault sometimes can't reach the fake
+			// attestation service we use in CI for several minutes after deployment
+			var createResp azkeys.CreateKeyResponse
+			var err error
+			for i := 0; i < 5; i++ {
+				params := azkeys.CreateKeyParameters{
+					Curve: to.Ptr(azkeys.CurveNameP256K),
+					KeyAttributes: &azkeys.KeyAttributes{
+						Exportable: to.Ptr(true),
+					},
+					Kty: to.Ptr(azkeys.KeyTypeECHSM),
+					ReleasePolicy: &azkeys.KeyReleasePolicy{
+						EncodedPolicy: getMarshalledReleasePolicy(attestationURL),
+						Immutable:     to.Ptr(true),
+					},
+				}
+				createResp, err = client.CreateKey(context.Background(), key, params, nil)
+				if err == nil {
+					break
+				}
+				if i < 4 {
+					recording.Sleep(30 * time.Second)
+				}
 			}
-			createResp, err = client.CreateKey(context.Background(), key, params, nil)
-			if err == nil {
-				break
+			require.NoError(t, err)
+			require.NotNil(t, createResp.Key.KID)
+			defer cleanUpKey(t, client, createResp.Key.KID)
+
+			attestationClient, err := recording.NewRecordingHTTPClient(t, nil)
+			require.NoError(t, err)
+			req, err := http.NewRequest("GET", fmt.Sprintf("%s/generate-test-token", attestationURL), nil)
+			require.NoError(t, err)
+			resp, err := attestationClient.Do(req)
+			require.NoError(t, err)
+			require.Equal(t, resp.StatusCode, http.StatusOK)
+			defer resp.Body.Close()
+
+			var tR struct {
+				Token *string `json:"token"`
 			}
-			if i < 4 {
-				recording.Sleep(30 * time.Second)
+			err = json.NewDecoder(resp.Body).Decode(&tR)
+			require.NoError(t, err)
+
+			params := azkeys.ReleaseParameters{TargetAttestationToken: tR.Token}
+			testSerde(t, &params)
+			releaseResp, err := client.Release(context.Background(), key, "", params, nil)
+			if err != nil && strings.Contains(err.Error(), "Target environment attestation statement cannot be verified.") {
+				t.Skip("test encountered a transient service fault; see https://github.com/Azure/azure-sdk-for-net/issues/27957")
 			}
-		}
-		require.NoError(t, err)
-		require.NotNil(t, createResp.Key.KID)
-		defer cleanUpKey(t, client, createResp.Key.KID)
-
-		attestationClient, err := recording.NewRecordingHTTPClient(t, nil)
-		require.NoError(t, err)
-		req, err := http.NewRequest("GET", fmt.Sprintf("%s/generate-test-token", attestationURL), nil)
-		require.NoError(t, err)
-		resp, err := attestationClient.Do(req)
-		require.NoError(t, err)
-		require.Equal(t, resp.StatusCode, http.StatusOK)
-		defer resp.Body.Close()
-
-		var tR struct {
-			Token *string `json:"token"`
-		}
-		err = json.NewDecoder(resp.Body).Decode(&tR)
-		require.NoError(t, err)
-
-		params := azkeys.ReleaseParameters{TargetAttestationToken: tR.Token}
-		testSerde(t, &params)
-		releaseResp, err := client.Release(context.Background(), key, "", params, nil)
-		if err != nil && strings.Contains(err.Error(), "Target environment attestation statement cannot be verified.") {
-			t.Skip("test encountered a transient service fault; see https://github.com/Azure/azure-sdk-for-net/issues/27957")
-		}
-		require.NoError(t, err)
-		require.NotEmpty(t, releaseResp.KeyReleaseResult.Value)
-		testSerde(t, &releaseResp.KeyReleaseResult)
-	})
-}
+			require.NoError(t, err)
+			require.NotEmpty(t, releaseResp.KeyReleaseResult.Value)
+			testSerde(t, &releaseResp.KeyReleaseResult)
+		})
+	}
 
-//}
+}
 
 func TestRotateKey(t *testing.T) {
 	for _, mhsm := range []bool{false, true} {