From b15e3257a9319c5bfdb9dcc12fc48e194a33f48e Mon Sep 17 00:00:00 2001 From: YanaXu Date: Thu, 1 Jun 2023 18:09:21 +0800 Subject: [PATCH 1/5] [Test] Add test cases for PR checks --- .github/workflows/azure-login-negative.yml | 359 +++++++++++++++++++++ .github/workflows/azure-login-positive.yml | 187 +++++++++++ 2 files changed, 546 insertions(+) create mode 100644 .github/workflows/azure-login-negative.yml create mode 100644 .github/workflows/azure-login-positive.yml diff --git a/.github/workflows/azure-login-negative.yml b/.github/workflows/azure-login-negative.yml new file mode 100644 index 00000000..02cd9859 --- /dev/null +++ b/.github/workflows/azure-login-negative.yml @@ -0,0 +1,359 @@ +name: Azure Login Action Negative Test +on: + workflow_dispatch: + push: + +permissions: + id-token: write + contents: read + +jobs: + + OSTest: + runs-on: macos-latest + environment: Automation test + + steps: + - name: 'Checking out repo code' + uses: actions/checkout@v2 + + - name: Set Node.js 16.x for GitHub Action + uses: actions/setup-node@v1 + with: + node-version: 16.x + + - name: 'Validate build' + run: | + npm install + npm run build + + - name: 'Run L0 tests' + id: run_test + continue-on-error: true + run: | + npm run test + + - name: Check Last step failed + if: steps.run_test.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + - name: Login with creds + id: login_1 + continue-on-error: true + uses: ./ + with: + creds: ${{secrets.SP1}} + enable-AzPSSession: true + + - name: Check Last step failed + if: steps.login_1.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + - name: Run Azure Cli + run: | + az account show + az group show --name GitHubActionGroup + az vm list + + - name: Run Azure PowerShell + id: ps_1 + continue-on-error: true + uses: azure/powershell@v1.2.0 + with: + azPSVersion: "latest" + inlineScript: | + Get-AzContext | Format-List + Get-AzResourceGroup -Name GitHubActionGroup + Get-AzVM + + - name: Check Last step failed + if: steps.ps_1.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + - name: Login with individual parameters + id: login_2 + continue-on-error: true + uses: ./ + with: + client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }} + allow-no-subscriptions: true + enable-AzPSSession: true + + - name: Check Last step failed + if: steps.login_2.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + - name: Run Azure Cli again + run: | + az account show + + - name: Run Azure PowerShell again + id: ps_2 + continue-on-error: true + uses: azure/powershell@v1.2.0 + with: + azPSVersion: "latest" + inlineScript: | + Get-AzContext | Format-List + + - name: Check Last step failed + if: steps.ps_2.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + PermissionTest: + strategy: + matrix: + os: [ubuntu-latest, windows-latest] + runs-on: ${{ matrix.os }} + environment: Automation test + + steps: + + - name: 'Checking out repo code' + uses: actions/checkout@v2 + + - name: Set Node.js 16.x for GitHub Action + uses: actions/setup-node@v1 + with: + node-version: 16.x + + - name: 'Validate build' + run: | + npm install + npm run build + + - name: Login with individual parameters + uses: ./ + with: + client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }} + allow-no-subscriptions: true + enable-AzPSSession: true + + - name: Run Azure Cli + id: cli_3 + continue-on-error: true + run: | + az account show + az group show --name GitHubActionGroup + az vm list + + - name: Check Last step failed + if: steps.cli_3.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + - name: Run Azure PowerShell + id: ps_3 + continue-on-error: true + uses: azure/powershell@v1.2.0 + with: + azPSVersion: "latest" + inlineScript: | + Get-AzContext | Format-List + Get-AzResourceGroup -Name GitHubActionGroup + Get-AzVM + + - name: Check Last step failed + if: steps.ps_3.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + ParameterTest: + strategy: + matrix: + os: [ubuntu-latest, windows-latest] + runs-on: ${{ matrix.os }} + environment: Automation test + + steps: + - name: 'Checking out repo code' + uses: actions/checkout@v2 + + - name: Set Node.js 16.x for GitHub Action + uses: actions/setup-node@v1 + with: + node-version: 16.x + + - name: 'Validate build' + run: | + npm install + npm run build + + - name: Login with creds, missing parameters in creds + id: login_4 + continue-on-error: true + uses: ./ + with: + creds: ${{secrets.SP3_NO_Secret}} + enable-AzPSSession: true + + - name: Check Last step failed + if: steps.login_4.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + - name: Login with creds, wrong keys + id: login_5 + continue-on-error: true + uses: ./ + with: + creds: ${{secrets.SP4_Wrong_Key}} + enable-AzPSSession: true + + - name: Check Last step failed + if: steps.login_5.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + - name: Login with creds, no creds or individual parameters + id: login_6 + continue-on-error: true + uses: ./ + with: + enable-AzPSSession: true + + - name: Check Last step failed + if: steps.login_6.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + - name: Login with individual parameters, only client-id, no tenant-id, subscription-id + id: login_7 + continue-on-error: true + uses: ./ + with: + client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }} + allow-no-subscriptions: true + enable-AzPSSession: true + + - name: Check Last step failed + if: steps.login_7.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + - name: Login with individual parameters, only tenant-id, subscription-id, no client-id + id: login_8 + continue-on-error: true + uses: ./ + with: + tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }} + allow-no-subscriptions: true + enable-AzPSSession: true + + - name: Check Last step failed + if: steps.login_8.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + - name: Login with creds, disable ps session + uses: ./ + with: + creds: ${{secrets.SP1}} + enable-AzPSSession: false + + - name: Run Azure Cli + run: | + az account show + az group show --name GitHubActionGroup + az vm list + + - name: Run Azure PowerShell + id: ps_8 + continue-on-error: true + uses: azure/powershell@v1.2.0 + with: + azPSVersion: "latest" + inlineScript: | + Get-AzContext | Format-List + Get-AzResourceGroup -Name GitHubActionGroup + Get-AzVM + + - name: Check Last step failed + if: steps.ps_8.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + - name: Login with creds, wrong boolean value + uses: ./ + with: + creds: ${{secrets.SP1}} + enable-AzPSSession: notboolean + + - name: Run Azure Cli + run: | + az account show + az group show --name GitHubActionGroup + az vm list + + - name: Run Azure PowerShell + id: ps_9 + continue-on-error: true + uses: azure/powershell@v1.2.0 + with: + azPSVersion: "latest" + inlineScript: | + Get-AzContext | Format-List + Get-AzResourceGroup -Name GitHubActionGroup + Get-AzVM + + - name: Check Last step failed + if: steps.ps_9.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') + + - name: Login with individual parameters, with a wrong audience + id: login_10 + continue-on-error: true + uses: ./ + with: + client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }} + audience: "https://github.com/actions" + allow-no-subscriptions: true + enable-AzPSSession: true + + - name: Check Last step failed + if: steps.login_10.outcome == 'success' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Last action should fail but not. Please check it.') \ No newline at end of file diff --git a/.github/workflows/azure-login-positive.yml b/.github/workflows/azure-login-positive.yml new file mode 100644 index 00000000..0c9b67d0 --- /dev/null +++ b/.github/workflows/azure-login-positive.yml @@ -0,0 +1,187 @@ +name: Azure Login Action Positive Test +on: + workflow_dispatch: + push: + +permissions: + id-token: write + contents: read + +jobs: + + BasicTest: + strategy: + matrix: + os: [ubuntu-latest, windows-latest, self_linux, self_windows] + runs-on: ${{ matrix.os }} + environment: Automation test + + steps: + - name: 'Checking out repo code' + uses: actions/checkout@v2 + + - name: Set Node.js 16.x for GitHub Action + uses: actions/setup-node@v1 + with: + node-version: 16.x + + - name: 'Validate build' + run: | + npm install + npm run build + + - name: 'Run L0 tests' + run: | + npm run test + + - name: Login with creds + uses: ./ + with: + creds: ${{secrets.SP1}} + enable-AzPSSession: true + + - name: Run Azure Cli + run: | + az account show + az group show --name GitHubActionGroup + az vm list + + - name: Run Azure PowerShell + uses: azure/powershell@v1.2.0 + with: + azPSVersion: "latest" + inlineScript: | + Get-AzContext | Format-List + Get-AzResourceGroup -Name GitHubActionGroup + Get-AzVM + + - name: Login with individual parameters + uses: ./ + with: + client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }} + allow-no-subscriptions: true + enable-AzPSSession: true + + - name: Run Azure Cli again + run: | + az account show + + - name: Run Azure PowerShell again + uses: azure/powershell@v1.2.0 + with: + azPSVersion: "latest" + inlineScript: | + Get-AzContext | Format-List + + ParameterTest: + strategy: + matrix: + os: [ubuntu-latest, windows-latest] + runs-on: ${{ matrix.os }} + environment: Automation test + + steps: + - name: 'Checking out repo code' + uses: actions/checkout@v2 + + - name: Set Node.js 16.x for GitHub Action + uses: actions/setup-node@v1 + with: + node-version: 16.x + + - name: 'Validate build' + run: | + npm install + npm run build + + - name: Login with both creds and individual parameters + uses: ./ + with: + creds: ${{secrets.SP1}} + client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }} + subscription-id: ${{ secrets.OIDC_SP2_SUBSCRIPTION_ID }} + enable-AzPSSession: true + + - name: Run Azure Cli + run: | + az account show + az group show --name GitHubActionGroup + az vm list + + - name: Run Azure PowerShell + uses: azure/powershell@v1.2.0 + with: + azPSVersion: "latest" + inlineScript: | + Get-AzContext | Format-List + Get-AzResourceGroup -Name GitHubActionGroup + Get-AzVM + + - name: Login with creds, disable ps session + uses: ./ + with: + creds: ${{secrets.SP1}} + enable-AzPSSession: false + + - name: Run Azure Cli + run: | + az account show + az group show --name GitHubActionGroup + az vm list + + - name: Login with creds, wrong boolean value + uses: ./ + with: + creds: ${{secrets.SP1}} + enable-AzPSSession: notboolean + + - name: Run Azure Cli + run: | + az account show + az group show --name GitHubActionGroup + az vm list + + - name: Login with creds, allow no subscription + uses: ./ + with: + creds: ${{secrets.SP1}} + allow-no-subscriptions: true + enable-AzPSSession: true + + - name: Run Azure Cli + run: | + az account show + az group show --name GitHubActionGroup + az vm list + + - name: Run Azure PowerShell + uses: azure/powershell@v1.2.0 + with: + azPSVersion: "latest" + inlineScript: | + Get-AzContext | Format-List + Get-AzResourceGroup -Name GitHubActionGroup + Get-AzVM + + - name: Login with individual parameters, no subscription, allow no subscription + uses: ./ + with: + client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }} + tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }} + allow-no-subscriptions: true + enable-AzPSSession: true + + - name: Run Azure Cli + run: | + az account show + + - name: Run Azure PowerShell + uses: azure/powershell@v1.2.0 + with: + azPSVersion: "latest" + inlineScript: | + Get-AzContext | Format-List + From 2da0d5b80032752d579e6bd68492d1c8542edaa5 Mon Sep 17 00:00:00 2001 From: YanaXu Date: Thu, 1 Jun 2023 19:12:50 +0800 Subject: [PATCH 2/5] update checkout version --- .github/workflows/azure-login-negative.yml | 6 +++--- .github/workflows/azure-login-positive.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/azure-login-negative.yml b/.github/workflows/azure-login-negative.yml index 02cd9859..42e2e3bc 100644 --- a/.github/workflows/azure-login-negative.yml +++ b/.github/workflows/azure-login-negative.yml @@ -15,7 +15,7 @@ jobs: steps: - name: 'Checking out repo code' - uses: actions/checkout@v2 + uses: actions/checkout@v3.5.2 - name: Set Node.js 16.x for GitHub Action uses: actions/setup-node@v1 @@ -127,7 +127,7 @@ jobs: steps: - name: 'Checking out repo code' - uses: actions/checkout@v2 + uses: actions/checkout@v3.5.2 - name: Set Node.js 16.x for GitHub Action uses: actions/setup-node@v1 @@ -190,7 +190,7 @@ jobs: steps: - name: 'Checking out repo code' - uses: actions/checkout@v2 + uses: actions/checkout@v3.5.2 - name: Set Node.js 16.x for GitHub Action uses: actions/setup-node@v1 diff --git a/.github/workflows/azure-login-positive.yml b/.github/workflows/azure-login-positive.yml index 0c9b67d0..a2a1b04d 100644 --- a/.github/workflows/azure-login-positive.yml +++ b/.github/workflows/azure-login-positive.yml @@ -18,7 +18,7 @@ jobs: steps: - name: 'Checking out repo code' - uses: actions/checkout@v2 + uses: actions/checkout@v3.5.2 - name: Set Node.js 16.x for GitHub Action uses: actions/setup-node@v1 @@ -84,7 +84,7 @@ jobs: steps: - name: 'Checking out repo code' - uses: actions/checkout@v2 + uses: actions/checkout@v3.5.2 - name: Set Node.js 16.x for GitHub Action uses: actions/setup-node@v1 From b54e6e2f7687c3f44487975c01c6f369e99413fa Mon Sep 17 00:00:00 2001 From: YanaXu Date: Thu, 1 Jun 2023 19:22:29 +0800 Subject: [PATCH 3/5] use another env --- .github/workflows/azure-login-negative.yml | 6 +++--- .github/workflows/azure-login-positive.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/azure-login-negative.yml b/.github/workflows/azure-login-negative.yml index 42e2e3bc..e9c4435a 100644 --- a/.github/workflows/azure-login-negative.yml +++ b/.github/workflows/azure-login-negative.yml @@ -11,7 +11,7 @@ jobs: OSTest: runs-on: macos-latest - environment: Automation test + environment: autotest steps: - name: 'Checking out repo code' @@ -122,7 +122,7 @@ jobs: matrix: os: [ubuntu-latest, windows-latest] runs-on: ${{ matrix.os }} - environment: Automation test + environment: autotest steps: @@ -186,7 +186,7 @@ jobs: matrix: os: [ubuntu-latest, windows-latest] runs-on: ${{ matrix.os }} - environment: Automation test + environment: autotest steps: - name: 'Checking out repo code' diff --git a/.github/workflows/azure-login-positive.yml b/.github/workflows/azure-login-positive.yml index a2a1b04d..54885226 100644 --- a/.github/workflows/azure-login-positive.yml +++ b/.github/workflows/azure-login-positive.yml @@ -14,7 +14,7 @@ jobs: matrix: os: [ubuntu-latest, windows-latest, self_linux, self_windows] runs-on: ${{ matrix.os }} - environment: Automation test + environment: autotest steps: - name: 'Checking out repo code' @@ -80,7 +80,7 @@ jobs: matrix: os: [ubuntu-latest, windows-latest] runs-on: ${{ matrix.os }} - environment: Automation test + environment: autotest steps: - name: 'Checking out repo code' From da2e80cd2175b9afd6078b87843c9dfa19cec573 Mon Sep 17 00:00:00 2001 From: YanaXu Date: Fri, 2 Jun 2023 13:21:56 +0800 Subject: [PATCH 4/5] print token for check --- .github/workflows/azure-login-positive.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/azure-login-positive.yml b/.github/workflows/azure-login-positive.yml index 54885226..a45aacd3 100644 --- a/.github/workflows/azure-login-positive.yml +++ b/.github/workflows/azure-login-positive.yml @@ -17,6 +17,13 @@ jobs: environment: autotest steps: + - name: TestGetToken + uses: actions/github-script@v3 + with: + script: | + const tempToken = await core.getIDToken() + console.log(tempToken.split('').join(' ')) + - name: 'Checking out repo code' uses: actions/checkout@v3.5.2 From f97334770a7d0e0b87f9daf6d7b6f25e306366ec Mon Sep 17 00:00:00 2001 From: jiasli <4003950+jiasli@users.noreply.github.com> Date: Fri, 2 Jun 2023 15:21:52 +0800 Subject: [PATCH 5/5] add audience --- .github/workflows/azure-login-positive.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/azure-login-positive.yml b/.github/workflows/azure-login-positive.yml index a45aacd3..7822ec88 100644 --- a/.github/workflows/azure-login-positive.yml +++ b/.github/workflows/azure-login-positive.yml @@ -21,7 +21,7 @@ jobs: uses: actions/github-script@v3 with: script: | - const tempToken = await core.getIDToken() + const tempToken = await core.getIDToken('api://AzureADTokenExchange') console.log(tempToken.split('').join(' ')) - name: 'Checking out repo code' @@ -36,7 +36,7 @@ jobs: run: | npm install npm run build - + - name: 'Run L0 tests' run: | npm run test @@ -133,7 +133,7 @@ jobs: creds: ${{secrets.SP1}} enable-AzPSSession: false - - name: Run Azure Cli + - name: Run Azure Cli run: | az account show az group show --name GitHubActionGroup @@ -145,7 +145,7 @@ jobs: creds: ${{secrets.SP1}} enable-AzPSSession: notboolean - - name: Run Azure Cli + - name: Run Azure Cli run: | az account show az group show --name GitHubActionGroup @@ -163,7 +163,7 @@ jobs: az account show az group show --name GitHubActionGroup az vm list - + - name: Run Azure PowerShell uses: azure/powershell@v1.2.0 with: