forked from Azure/azure-sdk-for-js
-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Identity] Managed Identity test automation: Azure Functions and Weba…
…pps (Azure#28554)
- Loading branch information
1 parent
4c0a0fa
commit f9892bb
Showing
24 changed files
with
958 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -186,3 +186,7 @@ sdk/template/template-dpg/src/src | |
|
||
# tshy | ||
.tshy-build-tmp | ||
|
||
# sshkey | ||
sdk/**/sshkey | ||
sdk/**/sshkey.pub |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
src/**/*.js | ||
integration/AzureFunctions/app.zip | ||
integration/AzureWebApps/.azure/ | ||
!assets/fake-cert.pem | ||
!assets/fake-cert-password.pem |
17 changes: 17 additions & 0 deletions
17
sdk/identity/identity/integration/AzureFunctions/RunTest/function.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
{ | ||
"bindings": [ | ||
{ | ||
"type": "httpTrigger", | ||
"direction": "in", | ||
"authLevel": "anonymous", | ||
"methods": ["get"], | ||
"name": "req" | ||
}, | ||
{ | ||
"type": "http", | ||
"direction": "out", | ||
"name": "res" | ||
} | ||
], | ||
"scriptFile": "./dist/authenticateToStorageFunction.js" | ||
} |
15 changes: 15 additions & 0 deletions
15
sdk/identity/identity/integration/AzureFunctions/RunTest/host.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"version": "2.0", | ||
"logging": { | ||
"applicationInsights": { | ||
"samplingSettings": { | ||
"isEnabled": true, | ||
"excludedTypes": "Request" | ||
} | ||
} | ||
}, | ||
"extensionBundle": { | ||
"id": "Microsoft.Azure.Functions.ExtensionBundle", | ||
"version": "[4.0.0, 5.0.0)" | ||
} | ||
} |
7 changes: 7 additions & 0 deletions
7
sdk/identity/identity/integration/AzureFunctions/RunTest/local.settings.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
"IsEncrypted": false, | ||
"Values": { | ||
"FUNCTIONS_WORKER_RUNTIME": "node" | ||
}, | ||
"ConnectionStrings": {} | ||
} |
29 changes: 29 additions & 0 deletions
29
sdk/identity/identity/integration/AzureFunctions/RunTest/package.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
{ | ||
"name": "@azure-samples/azure-function-test", | ||
"version": "1.0.0", | ||
"description": "", | ||
"main": "dist/authenticateToStorageFunction.js", | ||
"scripts": { | ||
"build": "tsc", | ||
"build:production": "npm run prestart && npm prune --production", | ||
"clean": "rimraf --glob dist dist-*", | ||
"prestart": "npm run build:production && func extensions install", | ||
"start:host": "func start --typescript", | ||
"start": "npm-run-all --parallel start:host watch", | ||
"test": "echo \"Error: no test specified\" && exit 1" | ||
}, | ||
"author": "", | ||
"license": "ISC", | ||
"dependencies": { | ||
"@azure/identity": "^4.0.0", | ||
"@azure/storage-blob": "^12.17.0", | ||
"@azure/functions": "^4.1.0", | ||
"applicationinsights": "^2.9.2", | ||
"tslib": "^1.10.0" | ||
}, | ||
"devDependencies": { | ||
"npm-run-all": "^4.1.5", | ||
"typescript": "^5.3.3", | ||
"rimraf": "^5.0.5" | ||
} | ||
} |
61 changes: 61 additions & 0 deletions
61
...dentity/integration/AzureFunctions/RunTest/src/functions/authenticateToStorageFunction.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
|
||
import { BlobServiceClient } from "@azure/storage-blob"; | ||
import { ManagedIdentityCredential } from "@azure/identity"; | ||
import { app, HttpRequest, HttpResponseInit, InvocationContext } from "@azure/functions"; | ||
|
||
export async function authenticateStorage(request: HttpRequest, context: InvocationContext): Promise<HttpResponseInit> { | ||
try { | ||
context.log('Http function was triggered.'); | ||
//parse the request body | ||
await authToStorageHelper(context); | ||
|
||
return { | ||
// status: 200, /* Defaults to 200 */ | ||
body: "Successfully authenticated with storage", | ||
}; | ||
} catch (error: any) { | ||
context.log(error); | ||
return { | ||
status: 400, | ||
body: error, | ||
}; | ||
} | ||
}; | ||
|
||
app.http('authenticateStorage', { | ||
methods: ['GET', 'POST'], | ||
authLevel: "anonymous", | ||
handler: authenticateStorage | ||
}); | ||
|
||
async function authToStorageHelper(context: InvocationContext): Promise<void> { | ||
// This will use the system managed identity | ||
const credential1 = new ManagedIdentityCredential(); | ||
|
||
const clientId = process.env.IDENTITY_USER_DEFINED_IDENTITY_CLIENT_ID!; | ||
const account1 = process.env.IDENTITY_STORAGE_NAME_1; | ||
const account2 = process.env.IDENTITY_STORAGE_NAME_2; | ||
|
||
const credential2 = new ManagedIdentityCredential({ "clientId": clientId }); | ||
const client1 = new BlobServiceClient(`https://${account1}.blob.core.windows.net`, credential1); | ||
const client2 = new BlobServiceClient(`https://${account2}.blob.core.windows.net`, credential2); | ||
context.log("Getting containers for storage account client: system managed identity") | ||
let iter = client1.listContainers(); | ||
let i = 1; | ||
context.log("Client with system assigned identity"); | ||
let containerItem = await iter.next(); | ||
while (!containerItem.done) { | ||
context.log(`Container ${i++}: ${containerItem.value.name}`); | ||
containerItem = await iter.next(); | ||
} | ||
|
||
context.log("Getting properties for storage account client: user assigned managed identity") | ||
iter = client2.listContainers(); | ||
context.log("Client with user assigned identity"); | ||
containerItem = await iter.next(); | ||
while (!containerItem.done) { | ||
context.log(`Container ${i++}: ${containerItem.value.name}`); | ||
containerItem = await iter.next(); | ||
} | ||
|
||
} |
14 changes: 14 additions & 0 deletions
14
sdk/identity/identity/integration/AzureFunctions/RunTest/tsconfig.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
{ | ||
"compilerOptions": { | ||
"target": "ES2020", | ||
"module": "commonjs", | ||
"moduleResolution": "node", | ||
"resolveJsonModule": true, | ||
"esModuleInterop": true, | ||
"strict": true, | ||
"alwaysStrict": true, | ||
"outDir": "dist", | ||
}, | ||
"include": ["src"] | ||
} | ||
|
20 changes: 20 additions & 0 deletions
20
sdk/identity/identity/integration/AzureKubernetes/Dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# ------------------------------------ | ||
# Copyright (c) Microsoft Corporation. | ||
# Licensed under the MIT License. | ||
# ------------------------------------ | ||
ARG NODE_VERSION=20 | ||
|
||
# docker can't tell when the repo has changed and will therefore cache this layer | ||
# internal users should provide MCR registry to build via 'docker build . --build-arg REGISTRY="mcr.microsoft.com/mirror/docker/library/"' | ||
# public OSS users should simply leave this argument blank or ignore its presence entirely | ||
ARG REGISTRY="" | ||
|
||
FROM ${REGISTRY}node:${NODE_VERSION}-alpine as repo | ||
RUN apk --no-cache add git | ||
RUN git clone https://github.com/azure/azure-sdk-for-js --single-branch --branch main --depth 1 /azure-sdk-for-js | ||
|
||
WORKDIR /azure-sdk-for-js/sdk/identity/identity/test/integration/AzureKubernetes | ||
RUN npm install | ||
RUN npm install -g typescript | ||
RUN tsc -p . | ||
CMD ["node", "index"] |
22 changes: 22 additions & 0 deletions
22
sdk/identity/identity/integration/AzureKubernetes/package.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"name": "@azure-samples/azure-kubernetes-test", | ||
"version": "1.0.0", | ||
"description": "", | ||
"main": "index.js", | ||
"scripts": { | ||
"build": "tsc", | ||
"start": "ts-node src/index.ts", | ||
"test": "echo \"Error: no test specified\" && exit 1" | ||
}, | ||
"author": "", | ||
"license": "ISC", | ||
"dependencies": { | ||
"@azure/identity": "^4.0.0", | ||
"@azure/storage-blob": "^12.17.0", | ||
"tslib": "^1.10.0", | ||
"ts-node": "10.9.2" | ||
}, | ||
"devDependencies": { | ||
"typescript": "^5.3.3" | ||
} | ||
} |
48 changes: 48 additions & 0 deletions
48
sdk/identity/identity/integration/AzureKubernetes/src/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT license. | ||
|
||
import { ManagedIdentityCredential } from "@azure/identity"; | ||
import { BlobServiceClient } from "@azure/storage-blob"; | ||
import * as dotenv from "dotenv"; | ||
// Initialize the environment | ||
dotenv.config(); | ||
|
||
async function main(): Promise<void> { | ||
let systemSuccessMessage = ""; | ||
try{ | ||
const account1 = process.env.IDENTITY_STORAGE_NAME_1; | ||
const account2 = process.env.IDENTITY_STORAGE_NAME_2; | ||
const credentialSystemAssigned = new ManagedIdentityCredential(); | ||
const credentialUserAssigned = new ManagedIdentityCredential({clientId: process.env.IDENTITY_USER_DEFINED_IDENTITY_CLIENT_ID}) | ||
const client1 = new BlobServiceClient(`https://${account1}.blob.core.windows.net`, credentialSystemAssigned); | ||
const client2 = new BlobServiceClient(`https://${account2}.blob.core.windows.net`, credentialUserAssigned); | ||
let iter = client1.listContainers(); | ||
|
||
let i = 1; | ||
console.log("Client with system assigned identity"); | ||
let containerItem = await iter.next(); | ||
while (!containerItem.done) { | ||
console.log(`Container ${i++}: ${containerItem.value.name}`); | ||
containerItem = await iter.next(); | ||
} | ||
systemSuccessMessage = "Successfully acquired token with system-assigned ManagedIdentityCredential" | ||
console.log("Client with user assigned identity") | ||
iter = client2.listContainers(); | ||
i = 1; | ||
containerItem = await iter.next(); | ||
while (!containerItem.done) { | ||
console.log(`Container ${i++}: ${containerItem.value.name}`); | ||
containerItem = await iter.next(); | ||
} | ||
console.log("Successfully acquired tokens with async ManagedIdentityCredential") | ||
} | ||
catch(e){ | ||
console.error(`${e} \n ${systemSuccessMessage}`); | ||
} | ||
} | ||
|
||
main().catch((err) => { | ||
console.log("error code: ", err.code); | ||
console.log("error message: ", err.message); | ||
console.log("error stack: ", err.stack); | ||
}); |
13 changes: 13 additions & 0 deletions
13
sdk/identity/identity/integration/AzureKubernetes/tsconfig.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
{ | ||
"compilerOptions": { | ||
"target": "ES2020", | ||
"module": "commonjs", | ||
"moduleResolution": "node", | ||
"resolveJsonModule": true, | ||
"esModuleInterop": true, | ||
"strict": true, | ||
"alwaysStrict": true, | ||
"outDir": "dist", | ||
"rootDir": "." | ||
} | ||
} |
27 changes: 27 additions & 0 deletions
27
sdk/identity/identity/integration/AzureWebApps/package.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
{ | ||
"name": "@azure-samples/azure-web-apps-test", | ||
"version": "1.0.0", | ||
"description": "", | ||
"main": "dist/index.js", | ||
"scripts": { | ||
"build": "tsc", | ||
"start": "node dist/index.js", | ||
"clean": "rimraf --glob dist dist-*", | ||
"test": "echo \"Error: no test specified\" && exit 1" | ||
}, | ||
"author": "", | ||
"license": "ISC", | ||
"dependencies": { | ||
"@azure/identity": "^4.0.0", | ||
"@azure/storage-blob": "^12.17.0", | ||
"express": "^4.18.2", | ||
"tslib": "^1.10.0" | ||
}, | ||
"devDependencies": { | ||
"npm-run-all": "^4.1.5", | ||
"typescript": "^5.3.3", | ||
"@types/express": "^4.17.21", | ||
"dotenv": "16.4.4", | ||
"rimraf": "^5.0.5" | ||
} | ||
} |
60 changes: 60 additions & 0 deletions
60
sdk/identity/identity/integration/AzureWebApps/src/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT license. | ||
|
||
import express from "express"; | ||
import { ManagedIdentityCredential } from "@azure/identity"; | ||
import { BlobServiceClient } from "@azure/storage-blob"; | ||
import dotenv from "dotenv"; | ||
// Initialize the environment | ||
dotenv.config(); | ||
const app = express(); | ||
|
||
app.get("/", (req: express.Request, res: express.Response) => { | ||
res.send("Ok") | ||
}) | ||
|
||
app.get("/sync", async (req: express.Request, res: express.Response) => { | ||
let systemSuccessMessage = ""; | ||
try { | ||
const account1 = process.env.IDENTITY_STORAGE_NAME_1; | ||
const credentialSystemAssigned = new ManagedIdentityCredential(); | ||
const client1 = new BlobServiceClient(`https://${account1}.blob.core.windows.net`, credentialSystemAssigned); | ||
let iter = client1.listContainers(); | ||
let i = 0; | ||
console.log("Client with system assigned identity"); | ||
let containerItem = await iter.next(); | ||
while (!containerItem.done) { | ||
console.log(`Container ${i++}: ${containerItem.value.name}`); | ||
containerItem = await iter.next(); | ||
} | ||
console.log("Client with system assigned identity"); | ||
console.log("Properties of the 1st client =", iter); | ||
systemSuccessMessage = "Successfully acquired token with system-assigned ManagedIdentityCredential" | ||
console.log(systemSuccessMessage); | ||
} | ||
catch (e) { | ||
console.error(e); | ||
} | ||
try { | ||
const account2 = process.env.IDENTITY_STORAGE_NAME_2; | ||
const credentialUserAssigned = new ManagedIdentityCredential({ clientId: process.env.IDENTITY_USER_DEFINED_IDENTITY_CLIENT_ID }) | ||
const client2 = new BlobServiceClient(`https://${account2}.blob.core.windows.net`, credentialUserAssigned); | ||
let iter = client2.listContainers(); | ||
let i = 0; | ||
console.log("Client with user assigned identity") | ||
let containerItem = await iter.next(); | ||
while (!containerItem.done) { | ||
console.log(`Container ${i++}: ${containerItem.value.name}`); | ||
containerItem = await iter.next(); | ||
} | ||
res.status(200).send("Successfully acquired tokens with async ManagedIdentityCredential") | ||
} | ||
catch (e) { | ||
console.error(e); | ||
res.status(500).send(`${e} \n ${systemSuccessMessage}`); | ||
} | ||
}) | ||
|
||
app.listen(8080, () => { | ||
console.log(`Authorization code redirect server listening on port 8080`); | ||
}); |
13 changes: 13 additions & 0 deletions
13
sdk/identity/identity/integration/AzureWebApps/tsconfig.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
{ | ||
"compilerOptions": { | ||
"target": "ES2020", | ||
"module": "commonjs", | ||
"moduleResolution": "node", | ||
"resolveJsonModule": true, | ||
"esModuleInterop": true, | ||
"strict": true, | ||
"alwaysStrict": true, | ||
"outDir": "dist", | ||
}, | ||
"include": ["src"] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.