Add support for pulling the UPN json string, Fixes AB#3478938 (#2854)

This PR expands our automation code to enable pulling the upn json
string from the MobileBuildVault Key Vault


[AB#3478938](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3478938)

---------

Co-authored-by: Mohit <mchand@microsoft.com>

Author: fadidurah

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/client/ILabAccount.java

@@ -74,11 +74,19 @@ public interface ILabAccount {
 
     /**
      * Get authority (cloud URL) that can be used for this lab account.
-     *
+     * Deprecated: Use {@link #getCloudUrl()} instead.
      * @return a String representing the authority host for this lab account
      */
+    @Deprecated
     String getAuthority();
 
+    /**
+     * Get cloud URL that can be used for this lab account.
+     *
+     * @return a String representing the authority host for this lab account
+     */
+    String getCloudUrl();
+
     /**
      * Get Azure Environment associated to this lab account.
      **/

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/client/ILabClient.java

@@ -23,9 +23,11 @@
 package com.microsoft.identity.labapi.utilities.client;
 
 import com.microsoft.identity.labapi.utilities.constants.TempUserType;
+import com.microsoft.identity.labapi.utilities.constants.UserType;
 import com.microsoft.identity.labapi.utilities.exception.LabApiException;
 
 import java.util.List;
+import java.util.Map;
 
 import lombok.NonNull;
 
@@ -95,7 +97,24 @@ public interface ILabClient {
      * @return a String containing the value of the secret
      * @throws LabApiException if an error occurs while trying to load secret from lab
      */
-    String getKeyVaultSecret(String secretName) throws LabApiException;
+    String getPasswordSecretFromLabsKeyVault(String secretName) throws LabApiException;
+
+    /**
+     * Get the account UPN JSON from the Mobile Build Key Vault.
+     *
+     * @return a Map containing the account information entries
+     * @throws LabApiException if an error occurs while trying to load the UPN JSON string
+     */
+    Map<String, LabJsonStringAccountEntry> getAccountMapJsonFromMobileBuildKeyVault() throws LabApiException;
+
+    /**
+     * Get the account from the Mobile Build Key Vault based on the user type.
+     *
+     * @param userType the user type (key) of the desired account
+     * @return a {@link LabAccount} object
+     * @throws LabApiException if an error occurs while trying to load the account
+     */
+    ILabAccount getAccountFromLabJsonStringInMobileBuildVault(UserType userType) throws LabApiException;
 
     /**
      * Reset the password for the username given, then reset it back to the original password.

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/client/LabAccount.java

@@ -22,7 +22,6 @@
 // THE SOFTWARE.
 package com.microsoft.identity.labapi.utilities.client;
 
-import com.microsoft.identity.internal.test.labapi.model.ConfigInfo;
 import com.microsoft.identity.labapi.utilities.constants.UserType;
 
 import lombok.Builder;
@@ -55,22 +54,18 @@ public class LabAccount implements ILabAccount {
     @NonNull
     private final String mHomeObjectId;
 
-    // nullable
-    // dependency for Nullable annotation not currently added to LabApiUtilities
-    private final ConfigInfo mConfigInfo;
+    private final String mAssociatedClientId;
 
-    @Override
-    public String getAssociatedClientId() {
-        return mConfigInfo.getAppInfo().getAppId();
-    }
+    private final String mCloudUrl;
 
-    @Override
-    public String getAuthority() {
-        return mConfigInfo.getLabInfo().getAuthority();
-    }
+    private final String mAzureEnvironment;
 
+    /**
+     * Deprecated: Use getCloudUrl() instead.
+     * @return the cloud URL for this account.
+     */
     @Override
-    public String getAzureEnvironment() {
-        return mConfigInfo.getLabInfo().getAzureEnvironment();
+    public String getAuthority() {
+        return mCloudUrl;
     }
 }

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/client/LabClient.java

@@ -22,7 +22,6 @@
 // THE SOFTWARE.
 package com.microsoft.identity.labapi.utilities.client;
 
-import static com.microsoft.identity.labapi.utilities.constants.LabConstants.DEFAULT_LAB_CLIENT_ID;
 import static com.microsoft.identity.labapi.utilities.constants.LabConstants.KEYVAULT_SCOPE;
 
 import com.microsoft.identity.internal.test.labapi.ApiException;
@@ -39,8 +38,8 @@
 import com.microsoft.identity.internal.test.labapi.model.SecretBundle;
 import com.microsoft.identity.internal.test.labapi.model.TempUser;
 import com.microsoft.identity.internal.test.labapi.model.UserInfo;
-import com.microsoft.identity.labapi.utilities.BuildConfig;
 import com.microsoft.identity.labapi.utilities.authentication.LabApiAuthenticationClient;
+import com.microsoft.identity.labapi.utilities.constants.LabConstants;
 import com.microsoft.identity.labapi.utilities.constants.ProtectionPolicy;
 import com.microsoft.identity.labapi.utilities.constants.TempUserType;
 import com.microsoft.identity.labapi.utilities.constants.ResetOperation;
@@ -51,13 +50,14 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Locale;
+import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
 import lombok.AccessLevel;
-import lombok.AllArgsConstructor;
 import lombok.NonNull;
+import lombok.RequiredArgsConstructor;
 
-@AllArgsConstructor(access = AccessLevel.PUBLIC)
+@RequiredArgsConstructor(access = AccessLevel.PUBLIC)
 public class LabClient implements ILabClient {
 
     private final LabApiAuthenticationClient mLabApiAuthenticationClient;
@@ -72,6 +72,9 @@ public class LabClient implements ILabClient {
 
     public static final long TEMP_USER_WAIT_TIME = TimeUnit.SECONDS.toMillis(35);
 
+    private static final String ACCOUNT_UPN_JSON_STRING_SECRET_NAME = "Android-ID4SLAB2-User-Identifiers";
+    private Map<String, LabJsonStringAccountEntry> labUPNJsonMap = null;
+
     @Override
     public ILabAccount getLabAccount(@NonNull final LabQuery labQuery) throws LabApiException {
         // Adding a second attempt here, api sometimes fails to fetch the user.
@@ -145,7 +148,9 @@ private ILabAccount getLabAccountObject(@NonNull final ConfigInfo configInfo) th
                 .userType(UserType.fromName(configInfo.getUserInfo().getUserType()))
                 .homeTenantId(configInfo.getUserInfo().getHomeTenantID())
                 .homeObjectId(configInfo.getUserInfo().getHomeObjectId())
-                .configInfo(configInfo)
+                .associatedClientId(configInfo.getAppInfo().getAppId())
+                .cloudUrl(configInfo.getLabInfo().getAuthority())
+                .azureEnvironment(configInfo.getLabInfo().getAzureEnvironment())
                 .build();
     }
 
@@ -285,7 +290,7 @@ public String getPasswordForGuestUser(LabGuestAccount guestUser) throws LabApiEx
 
         // Adding a second attempt here, api sometimes fails to get the lab secret.
         try {
-            return getKeyVaultSecret(labName);
+            return getPasswordSecretFromLabsKeyVault(labName);
         } catch (final LabApiException e){
             if (e.getErrorCode().equals(LabError.FAILED_TO_GET_SECRET_FROM_LAB)){
 
@@ -297,15 +302,15 @@ public String getPasswordForGuestUser(LabGuestAccount guestUser) throws LabApiEx
                 }
 
                 // Try to get the secret again
-                return getKeyVaultSecret(labName);
+                return getPasswordSecretFromLabsKeyVault(labName);
             } else {
                 throw e;
             }
         }
     }
 
     @Override
-    public String getKeyVaultSecret(@NonNull final String secretName) throws LabApiException {
+    public String getPasswordSecretFromLabsKeyVault(@NonNull final String secretName) throws LabApiException {
         Configuration.getKeyVaultApiClient().setAccessToken(
                 mLabApiAuthenticationClient.getAccessTokenForCustomScope(KEYVAULT_SCOPE)
         );
@@ -319,6 +324,50 @@ public String getKeyVaultSecret(@NonNull final String secretName) throws LabApiE
         }
     }
 
+    @Override
+    public Map<String, LabJsonStringAccountEntry> getAccountMapJsonFromMobileBuildKeyVault() throws LabApiException {
+        if (labUPNJsonMap != null) {
+            return labUPNJsonMap;
+        }
+
+        Configuration.getKeyVaultApiClient().setAccessToken(
+                mLabApiAuthenticationClient.getAccessTokenForCustomScope(KEYVAULT_SCOPE)
+        );
+        final KeyVaultSecretsApi keyVaultSecretsApi = new KeyVaultSecretsApi(KeyVaultSecretsApi.MOBILE_BUILD_VAULT_URL);
+
+        try {
+            final SecretBundle secretBundle = keyVaultSecretsApi.getKeyVaultSecret(ACCOUNT_UPN_JSON_STRING_SECRET_NAME);
+
+            labUPNJsonMap = LabJsonStringAccountEntry.parseJsonToMap(secretBundle.getValue());
+            return labUPNJsonMap;
+        } catch (final com.microsoft.identity.internal.test.labapi.ApiException ex) {
+            throw new LabApiException(LabError.FAILED_TO_GET_SECRET_FROM_LAB, ex);
+        }
+    }
+
+    @Override
+    public ILabAccount getAccountFromLabJsonStringInMobileBuildVault(UserType userType) throws LabApiException {
+        // Make sure the UPN JSON map is loaded
+        getAccountMapJsonFromMobileBuildKeyVault();
+
+        final LabJsonStringAccountEntry accountEntry = labUPNJsonMap.get(userType.toString());
+        if (accountEntry == null) {
+            throw new LabApiException(LabError.ACCOUNT_NOT_FOUND_IN_MOBILE_BUILD_KEYVAULT_JSON, " Desired userType: " + userType);
+        }
+        final String accountPassword = getPassword(accountEntry.getKeyVaultEntry());
+
+        return new LabAccount.LabAccountBuilder()
+                .username(accountEntry.getUpn())
+                .password(accountPassword)
+                .userType(userType)
+                .homeTenantId(accountEntry.getHomeTenantId())
+                .homeObjectId(accountEntry.getHomeObjectId())
+                .azureEnvironment(accountEntry.getAzureEnvironment())
+                .cloudUrl(accountEntry.getCloudUrl())
+                .build();
+
+    }
+
     @Override
     public boolean deleteDevice(@NonNull final String upn,
                                 @NonNull final String deviceId) throws LabApiException {
@@ -406,7 +455,7 @@ private String getPassword(final String credentialVaultKeyName) throws LabApiExc
         final String secretName = getLabSecretName(credentialVaultKeyName);
 
         try {
-            return getKeyVaultSecret(secretName);
+            return getPasswordSecretFromLabsKeyVault(secretName);
         } catch (final LabApiException e) {
             if (e.getErrorCode().equals(LabError.FAILED_TO_GET_SECRET_FROM_LAB)){
 
@@ -418,7 +467,7 @@ private String getPassword(final String credentialVaultKeyName) throws LabApiExc
                 }
 
                 // Try to get the secret again
-                return getKeyVaultSecret(secretName);
+                return getPasswordSecretFromLabsKeyVault(secretName);
             } else {
                 throw e;
             }

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/client/LabJsonStringAccountEntry.java

@@ -0,0 +1,71 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+package com.microsoft.identity.labapi.utilities.client;
+
+import com.google.gson.Gson;
+import com.google.gson.annotations.SerializedName;
+import com.google.gson.reflect.TypeToken;
+
+import java.io.Serializable;
+import java.lang.reflect.Type;
+import java.util.Map;
+
+import lombok.Getter;
+
+/**
+ * Represents a lab account entry parsed from a JSON string.
+ */
+@Getter
+public class LabJsonStringAccountEntry implements Serializable {
+
+    @SerializedName("Upn")
+    private String upn;
+
+    @SerializedName("HomeObjectId")
+    private String homeObjectId;
+
+    @SerializedName("HomeTenantId")
+    private String homeTenantId;
+
+    @SerializedName("KeyVaultEntry")
+    private String keyVaultEntry;
+
+    @SerializedName("AzureEnvironment")
+    private String azureEnvironment;
+
+    @SerializedName("CloudUrl")
+    private String cloudUrl;
+
+
+    /**
+     * Parses a JSON string into a Map<String, LabJsonStringAccountEntry> using Gson.
+     * @param json the JSON string to parse
+     * @return a map of key to LabJsonStringAccountEntry
+     */
+    public static Map<String, LabJsonStringAccountEntry> parseJsonToMap(String json) {
+        Gson gson = new Gson();
+        Type type = new TypeToken<Map<String, LabJsonStringAccountEntry>>(){}.getType();
+        return gson.fromJson(json, type);
+    }
+}

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/constants/LabConstants.java

@@ -32,12 +32,35 @@ public class LabConstants {
     public static final String MSID_LAB3 = "https://login.microsoftonline.com/msidlab3.com";
     public static final String MSID_LAB4 = "https://login.microsoftonline.com/msidlab4.com";
 
+    // TODO, REMOVE LEGACY UserTypes WHEN WE REMOVE LAB QUERY USAGE
     static final class UserType {
-        public static final String CLOUD = "cloud";
+        public static final String BASIC = "basic";
+        public static final String MSA = "msa";
+        public static final String MDM_CA = "mdm_ca";
+        public static final String MAM_CA = "mam_ca";
+        public static final String TRUE_MAM_CA = "true_mam_ca";
+        public static final String WP = "wp";
         public static final String FEDERATED = "federated";
+        public static final String DEVICE_ADMIN = "device_admin";
+        public static final String USGOV = "usgov";
+        public static final String USGOV_GUEST = "usgov_guest";
+        public static final String CHINA = "china";
+        public static final String QR_PIN = "qr_pin";
+        public static final String TOKEN_BINDING = "token_binding";
+        public static final String CBA = "cba";
+        public static final String RESOURCE_ACCOUNT_1 = "resource_account_1";
+        public static final String RESOURCE_ACCOUNT_2 = "resource_account_2";
+        public static final String DUNA_BASIC_1 = "duna_basic_1";
+        public static final String DUNA_BASIC_2 = "duna_basic_2";
+        public static final String DUNA_MAM_CA_1 = "duna_mam_ca_1";
+        public static final String DUNA_MAM_CA_2 = "duna_mam_ca_2";
+        public static final String DUNA_MDM_CA_1 = "duna_mdm_ca_1";
+        public static final String DUNA_MDM_CA_2 = "duna_mdm_ca_2";
+        public static final String DUNA_MFA_1 = "duna_mfa_1";
+        public static final String DUNA_MFA_2 = "duna_mfa_2";
+        public static final String CLOUD = "cloud";
         public static final String ONPREM = "onprem";
         public static final String GUEST = "guest";
-        public static final String MSA = "msa";
         public static final String B2C = "b2c";
     }
 

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/constants/UserType.java

@@ -25,11 +25,33 @@
 import lombok.NonNull;
 
 public enum UserType {
+    BASIC(LabConstants.UserType.BASIC),
+    MSA(LabConstants.UserType.MSA),
+    MDM_CA(LabConstants.UserType.MDM_CA),
+    MAM_CA(LabConstants.UserType.MAM_CA),
+    TRUE_MAM_CA(LabConstants.UserType.TRUE_MAM_CA),
+    WP(LabConstants.UserType.WP),
+    FEDERATED(LabConstants.UserType.FEDERATED),
+    DEVICE_ADMIN(LabConstants.UserType.DEVICE_ADMIN),
+    USGOV(LabConstants.UserType.USGOV),
+    USGOV_GUEST(LabConstants.UserType.USGOV_GUEST),
+    CHINA(LabConstants.UserType.CHINA),
+    QR_PIN(LabConstants.UserType.QR_PIN),
+    TOKEN_BINDING(LabConstants.UserType.TOKEN_BINDING),
+    CBA(LabConstants.UserType.CBA),
+    RESOURCE_ACCOUNT_1(LabConstants.UserType.RESOURCE_ACCOUNT_1),
+    RESOURCE_ACCOUNT_2(LabConstants.UserType.RESOURCE_ACCOUNT_2),
+    DUNA_BASIC_1(LabConstants.UserType.DUNA_BASIC_1),
+    DUNA_BASIC_2(LabConstants.UserType.DUNA_BASIC_2),
+    DUNA_MAM_CA_1(LabConstants.UserType.DUNA_MAM_CA_1),
+    DUNA_MAM_CA_2(LabConstants.UserType.DUNA_MAM_CA_2),
+    DUNA_MDM_CA_1(LabConstants.UserType.DUNA_MDM_CA_1),
+    DUNA_MDM_CA_2(LabConstants.UserType.DUNA_MDM_CA_2),
+    DUNA_MFA_1(LabConstants.UserType.DUNA_MFA_1),
+    DUNA_MFA_2(LabConstants.UserType.DUNA_MFA_2),
     CLOUD(LabConstants.UserType.CLOUD),
     B2C(LabConstants.UserType.B2C),
-    FEDERATED(LabConstants.UserType.FEDERATED),
     GUEST(LabConstants.UserType.GUEST),
-    MSA(LabConstants.UserType.MSA),
     ONPREM(LabConstants.UserType.ONPREM);
 
     final String value;