Gangams/conformance tests mi migration (#1286)

* update conformance test framework to use workload identity * update conformance test framework to use workload identity * update conformance test framework to use workload identity * update conformance test framework to use workload identity
microsoft · Jun 27, 2024 · 3982365 · 3982365
1 parent 6e3a8ff
commit 3982365
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 18 deletions.
diff --git a/test/e2e/conformance.yaml b/test/e2e/conformance.yaml
@@ -3,7 +3,7 @@ sonobuoy-config:
   plugin-name: azure-arc-ci-conformance
   result-format: junit
 spec:
-  image: mcr.microsoft.com/azuremonitor/containerinsights/cidev:ciconftest06172024
+  image: mcr.microsoft.com/azuremonitor/containerinsights/cidev:ciconftest06272024
   imagePullPolicy: Always
   name: plugin
   resources: {}

diff --git a/test/e2e/e2e-tests.yaml b/test/e2e/e2e-tests.yaml
@@ -104,7 +104,7 @@ data:
       - name: AZURE_CLOUD
         value: "AZURE_PUBLIC_CLOUD"
       # image tag should be updated if new tests being added after this image
-      image: mcr.microsoft.com/azuremonitor/containerinsights/cidev:ciconftest06172024
+      image: mcr.microsoft.com/azuremonitor/containerinsights/cidev:ciconftest06272024
       imagePullPolicy: IfNotPresent
       name: plugin
       resources: {}

diff --git a/test/e2e/src/core/e2e_tests.sh b/test/e2e/src/core/e2e_tests.sh
@@ -73,19 +73,24 @@ waitForCIExtensionInstalled() {
 }
 
 validateCommonParameters() {
-    if [ -z $TENANT_ID ]; then
+   if [ -z $TENANT_ID ]; then
 	   echo "ERROR: parameter TENANT_ID is required." > ${results_dir}/error
 	   python3 setup_failure_handler.py
-	fi
-	if [ -z $CLIENT_ID ]; then
-	   echo "ERROR: parameter CLIENT_ID is required." > ${results_dir}/error
-	   python3 setup_failure_handler.py
-	fi
+   fi
 
-	if [ -z $CLIENT_SECRET ]; then
-	   echo "ERROR: parameter CLIENT_SECRET is required." > ${results_dir}/error
-	   python3 setup_failure_handler.py
-	fi
+   ## Look for WORKLOAD_CLIENT_ID
+   if [[ -z "${WORKLOAD_CLIENT_ID}" ]]
+   then
+      if [ -z $CLIENT_ID ]; then
+         echo "ERROR: parameter CLIENT_ID is required." > ${results_dir}/error
+         python3 setup_failure_handler.py
+      fi
+
+      if [ -z $CLIENT_SECRET ]; then
+         echo "ERROR: parameter CLIENT_SECRET is required." > ${results_dir}/error
+         python3 setup_failure_handler.py
+      fi
+   fi
 }
 
 validateArcConfTestParameters() {
@@ -150,12 +155,17 @@ deleteArcCIExtension() {
 }
 
 login_to_azure() {
-	# Login with service principal
-    echo "login to azure using the SP creds"
-	az login --service-principal \
-	-u ${CLIENT_ID} \
-	-p ${CLIENT_SECRET} \
-	--tenant ${TENANT_ID} 2> ${results_dir}/error || python3 setup_failure_handler.py
+   if [[ -z $WORKLOAD_CLIENT_ID ]]; then
+      echo "logging in using service principal '${CLIENT_ID}'"
+      az login --service-principal \
+         -u ${CLIENT_ID} \
+         -p ${CLIENT_SECRET} \
+         --tenant ${TENANT_ID} 2> ${results_dir}/error || python3 setup_failure_handler.py
+   else
+      echo "logging in using managed identity '${WORKLOAD_CLIENT_ID}'"
+      az login --identity \
+         -u ${WORKLOAD_CLIENT_ID} 2> ${results_dir}/error || python3 setup_failure_handler.py
+   fi
 
 	echo "setting subscription: ${SUBSCRIPTION_ID} as default subscription"
 	az account set -s $SUBSCRIPTION_ID