Skip to content

Commit 7ea9adc

Browse files
committed
Enable e2e tests in CI pipeline + fix interactive-test skip logic for ADO
- tests/test_e2e.py: - Add TF_BUILD to _SKIP_UNATTENDED_E2E_TESTS so acquire_token_interactive() and acquire_token_by_device_flow() tests skip on ADO (no browser/display), preventing hangs in SshCertTestCase.test_user_account, AtPopWithExternalKey, and any other interactive test method that runs on a headless agent. - Remove the class-level @unittest.skipIf(TF_BUILD) from PublicCloudScenariosTestCase now that the class uses lab config instead of the old config.json. The tests can now run on ADO when LAB_APP_CLIENT_ID is set. - Add a LAB_APP_CLIENT_ID guard in PublicCloudScenariosTestCase.setUpClass() so the class raises unittest.SkipTest (not EnvironmentError) when the env var is absent, giving the same clean-skip behaviour as LabBasedTestCase. - .Pipelines/template-pipeline-stages.yml: - Uncomment LAB_APP_CLIENT_ID: \ in the 'Run tests' env block. Service-principal / ROPC e2e tests now run when the pipeline variable is set; interactive tests remain skipped on ADO via the _SKIP_UNATTENDED_E2E_TESTS fix. - .Pipelines/ADO-PUBLISH-SETUP.md: - Add Step 5b documenting how to set the LAB_APP_CLIENT_ID pipeline variable and link to docs.msidlab.com for the client ID value.
1 parent d5ad7c0 commit 7ea9adc

File tree

3 files changed

+53
-10
lines changed

3 files changed

+53
-10
lines changed

.Pipelines/ADO-PUBLISH-SETUP.md

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -250,6 +250,38 @@ Environments let you add approval gates before the deployment jobs run.
250250

251251
---
252252

253+
## Step 5b — Configure Pipeline Variables for E2E Tests (Optional)
254+
255+
The CI stage can run the full MSID Lab-backed integration test suite if two pipeline
256+
variables are configured. Without them the `LabBasedTestCase` tests gracefully skip
257+
(the build still passes).
258+
259+
| Variable | Where to get the value |
260+
|----------|----------------------|
261+
| `LAB_APP_CLIENT_ID` | The client ID of the lab confidential client app. See [https://docs.msidlab.com/accounts/confidentialclient.html](https://docs.msidlab.com/accounts/confidentialclient.html). |
262+
263+
The matching PFX certificate (`LabAuth`) is already in the `msidlabs` Key Vault and
264+
is retrieved at run time by the `AzureKeyVault@2` step (which uses the
265+
`AuthSdkResourceManager` service connection). The cert path is automatically exported
266+
to `LAB_APP_CLIENT_CERT_PFX_PATH` — you do **not** set that variable manually.
267+
268+
**To add `LAB_APP_CLIENT_ID`:**
269+
270+
1. Open the pipeline → **Edit → Variables** (top-right `⋮` menu → **Variables**).
271+
2. Click **+** → Name: `LAB_APP_CLIENT_ID`, Value: *(lab app client ID from docs.msidlab.com)*.
272+
3. Leave **Secret** unchecked (it is a client ID, not a secret).
273+
4. Click **Save**.
274+
275+
Also make sure the `AuthSdkResourceManager` service connection is authorized for
276+
this pipeline (prerequisite in Step 1) — it is used to retrieve the lab certificate
277+
from the `msidlabs` Key Vault from which the cert path variable is populated.
278+
279+
> **Without this variable:** All `LabBasedTestCase` integration tests are automatically
280+
> skipped (`SkipTest`). The build passes with the same 228 unit-test passing, ~50 skipped
281+
> result as the PR gate.
282+
283+
---
284+
253285
## Step 6 — Authorize Pipelines to use Service Connections
254286

255287
When the pipeline first uses a service connection you may be prompted to

.Pipelines/template-pipeline-stages.yml

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -183,13 +183,12 @@ stages:
183183
pytest -vv --junitxml=test-results/junit.xml 2>&1 | tee test-results/pytest.log
184184
displayName: 'Run tests'
185185
env:
186-
# LAB_APP_CLIENT_ID is intentionally omitted to match the PR gate build
187-
# behaviour (azure-pipelines.yml). Without it, _get_credential() in
188-
# lab_config.py raises EnvironmentError and all e2e tests skip or error
189-
# gracefully — identical to the PR build result.
190-
# Uncomment and set this variable to enable full e2e runs on a
191-
# lab-capable agent pool (requires CA-exempt network / internal agent).
192-
# LAB_APP_CLIENT_ID: $(LAB_APP_CLIENT_ID)
186+
# LAB_APP_CLIENT_ID enables e2e tests against the MSID Lab infrastructure.
187+
# Must be set as a pipeline variable to the lab app's client ID
188+
# (see https://docs.msidlab.com/accounts/confidentialclient.html).
189+
# The matching certificate is retrieved from Key Vault by the steps above.
190+
# When unset, all LabBasedTestCase tests skip gracefully.
191+
LAB_APP_CLIENT_ID: $(LAB_APP_CLIENT_ID)
193192
LAB_APP_CLIENT_CERT_PFX_PATH: $(LAB_APP_CLIENT_CERT_PFX_PATH)
194193
195194
- task: PublishTestResults@2

tests/test_e2e.py

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,15 @@
4444

4545
_PYMSALRUNTIME_INSTALLED = is_pymsalruntime_installed()
4646
_AZURE_CLI = "04b07795-8ddb-461a-bbee-02f9e1bf7b46"
47-
_SKIP_UNATTENDED_E2E_TESTS = os.getenv("TRAVIS") or not os.getenv("CI")
47+
# Skip interactive / browser-dependent tests when:
48+
# - on Travis CI (TRAVIS), or
49+
# - on Azure DevOps (TF_BUILD) where there is no display/browser on the agent, or
50+
# - not running in any CI environment at all (not CI).
51+
# Service-principal and ROPC tests are NOT gated on this flag; only tests that
52+
# call acquire_token_interactive() or acquire_token_by_device_flow() are.
53+
_SKIP_UNATTENDED_E2E_TESTS = (
54+
os.getenv("TRAVIS") or os.getenv("TF_BUILD") or not os.getenv("CI")
55+
)
4856

4957
def _get_app_and_auth_code(
5058
client_id,
@@ -329,13 +337,17 @@ def test_access_token_should_be_obtained_for_a_supported_scope(self):
329337
self.assertIsNotNone(result.get("access_token"))
330338

331339

332-
@unittest.skipIf(os.getenv("TF_BUILD"), "Skip PublicCloud scenarios on Azure DevOps")
333340
class PublicCloudScenariosTestCase(E2eTestCase):
334341
# Historically this class was driven by tests/config.json for semi-automated runs.
335-
# It now uses lab config + env vars so it can run automatically without local files.
342+
# It now uses lab config + env vars so it can run automatically on any CI
343+
# (including Azure DevOps) as long as LAB_APP_CLIENT_ID and
344+
# LAB_APP_CLIENT_CERT_PFX_PATH are set.
336345

337346
@classmethod
338347
def setUpClass(cls):
348+
if not os.getenv("LAB_APP_CLIENT_ID"):
349+
raise unittest.SkipTest(
350+
"LAB_APP_CLIENT_ID not set; skipping PublicCloud e2e tests")
339351
pca_app = get_app_config(AppSecrets.PCA_CLIENT)
340352
user = get_user_config(UserSecrets.PUBLIC_CLOUD)
341353
cls.config = {

0 commit comments

Comments
 (0)