Skip to content

Commit

Permalink
Fixed flaky Key Vault live tests. (#24606)
Browse files Browse the repository at this point in the history 
* Removed the `createRsaKeyWithPublicExponent()` test from `KeyClientTest` and `KeyAsyncClientTest`, as setting a public exponent is currently only available for Managed HSM.

* Added a call to `sleepIfRunningAgainstService()` in `KeyAsyncClientTest`'s `updateKey()` and `updateDisabledKey()` to avoid calling `getKey()` before the service has had a chance to update a given key.

* Removed sleep call and refactored 'updateKey' tests instead.
  • Loading branch information
@vcolin7
vcolin7 authored Oct 7, 2021
1 parent e1acee5 commit f7c35ca
Show file tree
Hide file tree
Showing 10 changed files with 90 additions and 399 deletions.
65 changes: 17 additions & 48 deletions ...rity-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyAsyncClientTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,21 +139,15 @@ public void setKeyNull(HttpClient httpClient, KeyServiceVersion serviceVersion)
@MethodSource("getTestParameters")
public void updateKey(HttpClient httpClient, KeyServiceVersion serviceVersion) {
createKeyAsyncClient(httpClient, serviceVersion);
updateKeyRunner((original, updated) -> {
StepVerifier.create(client.createKey(original))
.assertNext(response -> assertKeyEquals(original, response))
.verifyComplete();

StepVerifier.create(client.getKey(original.getName())
.flatMap(keyToUpdate ->
client.updateKeyProperties(keyToUpdate.getProperties().setExpiresOn(updated.getExpiresOn()))))
.assertNext(response -> {
assertNotNull(response);
assertEquals(original.getName(), response.getName());
}).verifyComplete();

StepVerifier.create(client.getKey(original.getName()))
.assertNext(updatedKeyResponse -> assertKeyEquals(updated, updatedKeyResponse))
updateKeyRunner((createKeyOptions, updateKeyOptions) -> {
StepVerifier.create(client.createKey(createKeyOptions)
.flatMap(createdKey -> {
assertKeyEquals(createKeyOptions, createdKey);

return client.updateKeyProperties(createdKey.getProperties()
.setExpiresOn(updateKeyOptions.getExpiresOn()));
}))
.assertNext(updatedKey -> assertKeyEquals(updateKeyOptions, updatedKey))
.verifyComplete();
});
}
Expand All @@ -165,21 +159,15 @@ public void updateKey(HttpClient httpClient, KeyServiceVersion serviceVersion) {
@MethodSource("getTestParameters")
public void updateDisabledKey(HttpClient httpClient, KeyServiceVersion serviceVersion) {
createKeyAsyncClient(httpClient, serviceVersion);
updateDisabledKeyRunner((original, updated) -> {
StepVerifier.create(client.createKey(original))
.assertNext(response -> assertKeyEquals(original, response))
.verifyComplete();
updateDisabledKeyRunner((createKeyOptions, updateKeyOptions) -> {
StepVerifier.create(client.createKey(createKeyOptions)
.flatMap(createdKey -> {
assertKeyEquals(createKeyOptions, createdKey);

StepVerifier.create(client.getKey(original.getName())
.flatMap(keyToUpdate ->
client.updateKeyProperties(keyToUpdate.getProperties().setExpiresOn(updated.getExpiresOn()))))
.assertNext(response -> {
assertNotNull(response);
assertEquals(original.getName(), response.getName());
}).verifyComplete();

StepVerifier.create(client.getKey(original.getName()))
.assertNext(updatedKeyResponse -> assertKeyEquals(updated, updatedKeyResponse))
return client.updateKeyProperties(createdKey.getProperties()
.setExpiresOn(updateKeyOptions.getExpiresOn()));
}))
.assertNext(updatedKey -> assertKeyEquals(updateKeyOptions, updatedKey))
.verifyComplete();
});
}
Expand Down Expand Up @@ -553,25 +541,6 @@ public void releaseKey(HttpClient httpClient, KeyServiceVersion serviceVersion)
});
}

/**
* Tests that an RSA key with a public exponent can be created in the key vault.
*/
@ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
@MethodSource("getTestParameters")
public void createRsaKeyWithPublicExponent(HttpClient httpClient, KeyServiceVersion serviceVersion) {
createKeyAsyncClient(httpClient, serviceVersion);
createRsaKeyWithPublicExponentRunner((createRsaKeyOptions) ->
StepVerifier.create(client.createRsaKey(createRsaKeyOptions))
.assertNext(rsaKey -> {
assertKeyEquals(createRsaKeyOptions, rsaKey);
// TODO: Investigate why the KV service sets the JWK's "e" parameter to "AQAB" instead of "Aw".
/*assertEquals(BigInteger.valueOf(createRsaKeyOptions.getPublicExponent()),
toBigInteger(rsaKey.getKey().getE()));*/
assertEquals(createRsaKeyOptions.getKeySize(), rsaKey.getKey().getN().length * 8);
})
.verifyComplete());
}

/**
* Tests that fetching the key rotation policy of a non-existent key throws.
*/
Expand Down
3 changes: 3 additions & 0 deletions ...ault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientManagedHsmTestBase.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@
import org.junit.jupiter.api.Test;

public interface KeyClientManagedHsmTestBase {
@Test
void createRsaKeyWithPublicExponent(HttpClient httpClient, KeyServiceVersion serviceVersion);

@Test
void createOctKeyWithDefaultSize(HttpClient httpClient, KeyServiceVersion serviceVersion);

Expand Down
46 changes: 18 additions & 28 deletions ...-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,11 +135,15 @@ public void setKeyNull(HttpClient httpClient, KeyServiceVersion serviceVersion)
@MethodSource("getTestParameters")
public void updateKey(HttpClient httpClient, KeyServiceVersion serviceVersion) {
createKeyClient(httpClient, serviceVersion);
updateKeyRunner((original, updated) -> {
assertKeyEquals(original, client.createKey(original));
KeyVaultKey keyToUpdate = client.getKey(original.getName());
client.updateKeyProperties(keyToUpdate.getProperties().setExpiresOn(updated.getExpiresOn()));
assertKeyEquals(updated, client.getKey(original.getName()));
updateKeyRunner((createKeyOptions, updateKeyOptions) -> {
KeyVaultKey createdKey = client.createKey(createKeyOptions);

assertKeyEquals(createKeyOptions, createdKey);

KeyVaultKey updatedKey =
client.updateKeyProperties(createdKey.getProperties().setExpiresOn(updateKeyOptions.getExpiresOn()));

assertKeyEquals(updateKeyOptions, updatedKey);
});
}

Expand All @@ -150,11 +154,15 @@ public void updateKey(HttpClient httpClient, KeyServiceVersion serviceVersion) {
@MethodSource("getTestParameters")
public void updateDisabledKey(HttpClient httpClient, KeyServiceVersion serviceVersion) {
createKeyClient(httpClient, serviceVersion);
updateDisabledKeyRunner((original, updated) -> {
assertKeyEquals(original, client.createKey(original));
KeyVaultKey keyToUpdate = client.getKey(original.getName());
client.updateKeyProperties(keyToUpdate.getProperties().setExpiresOn(updated.getExpiresOn()));
assertKeyEquals(updated, client.getKey(original.getName()));
updateDisabledKeyRunner((createKeyOptions, updateKeyOptions) -> {
KeyVaultKey createdKey = client.createKey(createKeyOptions);

assertKeyEquals(createKeyOptions, createdKey);

KeyVaultKey updatedKey =
client.updateKeyProperties(createdKey.getProperties().setExpiresOn(updateKeyOptions.getExpiresOn()));

assertKeyEquals(updateKeyOptions, updatedKey);
});
}

Expand Down Expand Up @@ -466,24 +474,6 @@ public void listKeyVersions(HttpClient httpClient, KeyServiceVersion serviceVers
});
}

/**
* Tests that an RSA key with a public exponent can be created in the key vault.
*/
@ParameterizedTest(name = DISPLAY_NAME_WITH_ARGUMENTS)
@MethodSource("getTestParameters")
public void createRsaKeyWithPublicExponent(HttpClient httpClient, KeyServiceVersion serviceVersion) {
createKeyClient(httpClient, serviceVersion);
createRsaKeyWithPublicExponentRunner((createRsaKeyOptions) -> {
KeyVaultKey rsaKey = client.createRsaKey(createRsaKeyOptions);

assertKeyEquals(createRsaKeyOptions, rsaKey);
// TODO: Investigate why the KV service sets the JWK's "e" parameter to "AQAB" instead of "Aw".
/*assertEquals(BigInteger.valueOf(createRsaKeyOptions.getPublicExponent()),
toBigInteger(rsaKey.getKey().getE()));*/
assertEquals(createRsaKeyOptions.getKeySize(), rsaKey.getKey().getN().length * 8);
});
}

/**
* Tests that an existing key can be released.
*/
Expand Down
3 changes: 0 additions & 3 deletions ...urity-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/KeyClientTestBase.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -449,9 +449,6 @@ void releaseKeyRunner(BiConsumer<CreateRsaKeyOptions, String> testRunner) {
testRunner.accept(keyToRelease, attestationUrl);
}

@Test
public abstract void createRsaKeyWithPublicExponent(HttpClient httpClient, KeyServiceVersion serviceVersion);

@Test
public abstract void getKeyRotationPolicyOfNonExistentKey(HttpClient httpClient, KeyServiceVersion serviceVersion);

Expand Down
30 changes: 0 additions & 30 deletions .../test/resources/session-records/KeyAsyncClientTest.createRsaKeyWithPublicExponent[1].json
View file

This file was deleted.

78 changes: 13 additions & 65 deletions ...ault-keys/src/test/resources/session-records/KeyAsyncClientTest.updateDisabledKey[1].json
View file
Original file line number Diff line number Diff line change
@@ -1,108 +1,56 @@
{
"networkCallRecords" : [ {
"Method" : "POST",
"Uri" : "https://REDACTED.vault.azure.net/keys/testkey255915b59/create?api-version=7.3-preview",
"Uri" : "https://REDACTED.vault.azure.net/keys/testkey2986032b8/create?api-version=7.3-preview",
"Headers" : {
"User-Agent" : "azsdk-java-client_name/client_version (11.0.6; Windows 10; 10.0)",
"Content-Type" : "application/json"
},
"Response" : {
"content-length" : "427",
"content-length" : "416",
"X-Content-Type-Options" : "nosniff",
"Pragma" : "no-cache",
"retry-after" : "0",
"StatusCode" : "200",
"Date" : "Tue, 05 Oct 2021 01:54:23 GMT",
"Date" : "Thu, 07 Oct 2021 02:34:29 GMT",
"Strict-Transport-Security" : "max-age=31536000;includeSubDomains",
"Cache-Control" : "no-cache",
"x-ms-keyvault-region" : "centralus",
"x-ms-keyvault-region" : "westus",
"x-ms-keyvault-network-info" : "conn_type=Ipv4;addr=174.127.169.154;act_addr_fam=InterNetwork;",
"Expires" : "-1",
"x-ms-request-id" : "c7ce2095-8533-40eb-ab05-99f3c5de455c",
"x-ms-request-id" : "7ee9176f-2381-4306-bda7-9107209f15ca",
"x-ms-keyvault-service-version" : "1.9.132.3",
"Body" : "{\"key\":{\"kid\":\"https://azure-kv-tests2.vault.azure.net/keys/testkey255915b59/d209b2180d0642dbbb7ec4851278d211\",\"kty\":\"EC\",\"key_ops\":[\"sign\",\"verify\"],\"crv\":\"P-256\",\"x\":\"FeuTrI_mDAqfvodEzI7cUTNCvHzN9tGm3EtyWamrg_Y\",\"y\":\"AZXc2oUKZigV7yM1WJRI4YskH1O1J-19iSAhAPmR37M\"},\"attributes\":{\"enabled\":false,\"exp\":2537049600,\"created\":1633398863,\"updated\":1633398863,\"recoveryLevel\":\"CustomizedRecoverable+Purgeable\",\"recoverableDays\":7}}",
"Content-Type" : "application/json; charset=utf-8",
"X-Powered-By" : "ASP.NET"
},
"Exception" : null
}, {
"Method" : "GET",
"Uri" : "https://REDACTED.vault.azure.net/keys/testkey255915b59/?api-version=7.3-preview",
"Headers" : {
"User-Agent" : "azsdk-java-client_name/client_version (11.0.6; Windows 10; 10.0)",
"Content-Type" : "application/json"
},
"Response" : {
"content-length" : "427",
"X-Content-Type-Options" : "nosniff",
"Pragma" : "no-cache",
"retry-after" : "0",
"StatusCode" : "200",
"Date" : "Tue, 05 Oct 2021 01:54:23 GMT",
"Strict-Transport-Security" : "max-age=31536000;includeSubDomains",
"Cache-Control" : "no-cache",
"x-ms-keyvault-region" : "centralus",
"x-ms-keyvault-network-info" : "conn_type=Ipv4;addr=174.127.169.154;act_addr_fam=InterNetwork;",
"Expires" : "-1",
"x-ms-request-id" : "96f60166-ee2f-4bf0-9b9a-646309e626eb",
"x-ms-keyvault-service-version" : "1.9.132.3",
"Body" : "{\"key\":{\"kid\":\"https://azure-kv-tests2.vault.azure.net/keys/testkey255915b59/d209b2180d0642dbbb7ec4851278d211\",\"kty\":\"EC\",\"key_ops\":[\"sign\",\"verify\"],\"crv\":\"P-256\",\"x\":\"FeuTrI_mDAqfvodEzI7cUTNCvHzN9tGm3EtyWamrg_Y\",\"y\":\"AZXc2oUKZigV7yM1WJRI4YskH1O1J-19iSAhAPmR37M\"},\"attributes\":{\"enabled\":false,\"exp\":2537049600,\"created\":1633398863,\"updated\":1633398863,\"recoveryLevel\":\"CustomizedRecoverable+Purgeable\",\"recoverableDays\":7}}",
"Body" : "{\"key\":{\"kid\":\"https://azure-kv-tests2.vault.azure.net/keys/testkey2986032b8/c330063b2a144826bd258d8b6c88ec60\",\"kty\":\"EC\",\"key_ops\":[\"sign\",\"verify\"],\"crv\":\"P-256\",\"x\":\"mN_5P7JFoIG_7odyRnwRKMZvKfHHfBTNJ3sud3tyZYI\",\"y\":\"QwyOK5MRqMOepjRnNGoq7LJi4VDoacXb-DK2xIxJPGI\"},\"attributes\":{\"enabled\":false,\"exp\":2537049600,\"created\":1633574070,\"updated\":1633574070,\"recoveryLevel\":\"Recoverable+Purgeable\",\"recoverableDays\":90}}",
"Content-Type" : "application/json; charset=utf-8",
"X-Powered-By" : "ASP.NET"
},
"Exception" : null
}, {
"Method" : "PATCH",
"Uri" : "https://REDACTED.vault.azure.net/keys/testkey255915b59/d209b2180d0642dbbb7ec4851278d211?api-version=7.3-preview",
"Headers" : {
"User-Agent" : "azsdk-java-client_name/client_version (11.0.6; Windows 10; 10.0)",
"Content-Type" : "application/json"
},
"Response" : {
"content-length" : "427",
"X-Content-Type-Options" : "nosniff",
"Pragma" : "no-cache",
"retry-after" : "0",
"StatusCode" : "200",
"Date" : "Tue, 05 Oct 2021 01:54:23 GMT",
"Strict-Transport-Security" : "max-age=31536000;includeSubDomains",
"Cache-Control" : "no-cache",
"x-ms-keyvault-region" : "centralus",
"x-ms-keyvault-network-info" : "conn_type=Ipv4;addr=174.127.169.154;act_addr_fam=InterNetwork;",
"Expires" : "-1",
"x-ms-request-id" : "9a92ad6d-06b8-4c6a-b418-579843669ab8",
"x-ms-keyvault-service-version" : "1.9.132.3",
"Body" : "{\"key\":{\"kid\":\"https://azure-kv-tests2.vault.azure.net/keys/testkey255915b59/d209b2180d0642dbbb7ec4851278d211\",\"kty\":\"EC\",\"key_ops\":[\"sign\",\"verify\"],\"crv\":\"P-256\",\"x\":\"FeuTrI_mDAqfvodEzI7cUTNCvHzN9tGm3EtyWamrg_Y\",\"y\":\"AZXc2oUKZigV7yM1WJRI4YskH1O1J-19iSAhAPmR37M\"},\"attributes\":{\"enabled\":false,\"exp\":2852668800,\"created\":1633398863,\"updated\":1633398864,\"recoveryLevel\":\"CustomizedRecoverable+Purgeable\",\"recoverableDays\":7}}",
"Content-Type" : "application/json; charset=utf-8",
"X-Powered-By" : "ASP.NET"
},
"Exception" : null
}, {
"Method" : "GET",
"Uri" : "https://REDACTED.vault.azure.net/keys/testkey255915b59/?api-version=7.3-preview",
"Uri" : "https://REDACTED.vault.azure.net/keys/testkey2986032b8/c330063b2a144826bd258d8b6c88ec60?api-version=7.3-preview",
"Headers" : {
"User-Agent" : "azsdk-java-client_name/client_version (11.0.6; Windows 10; 10.0)",
"Content-Type" : "application/json"
},
"Response" : {
"content-length" : "427",
"content-length" : "416",
"X-Content-Type-Options" : "nosniff",
"Pragma" : "no-cache",
"retry-after" : "0",
"StatusCode" : "200",
"Date" : "Tue, 05 Oct 2021 01:54:24 GMT",
"Date" : "Thu, 07 Oct 2021 02:34:30 GMT",
"Strict-Transport-Security" : "max-age=31536000;includeSubDomains",
"Cache-Control" : "no-cache",
"x-ms-keyvault-region" : "centralus",
"x-ms-keyvault-region" : "westus",
"x-ms-keyvault-network-info" : "conn_type=Ipv4;addr=174.127.169.154;act_addr_fam=InterNetwork;",
"Expires" : "-1",
"x-ms-request-id" : "5ebc167f-d928-4966-9e8f-4f45fd053987",
"x-ms-request-id" : "00bc1d35-3d76-4334-80f5-bb0135c71e62",
"x-ms-keyvault-service-version" : "1.9.132.3",
"Body" : "{\"key\":{\"kid\":\"https://azure-kv-tests2.vault.azure.net/keys/testkey255915b59/d209b2180d0642dbbb7ec4851278d211\",\"kty\":\"EC\",\"key_ops\":[\"sign\",\"verify\"],\"crv\":\"P-256\",\"x\":\"FeuTrI_mDAqfvodEzI7cUTNCvHzN9tGm3EtyWamrg_Y\",\"y\":\"AZXc2oUKZigV7yM1WJRI4YskH1O1J-19iSAhAPmR37M\"},\"attributes\":{\"enabled\":false,\"exp\":2852668800,\"created\":1633398863,\"updated\":1633398864,\"recoveryLevel\":\"CustomizedRecoverable+Purgeable\",\"recoverableDays\":7}}",
"Body" : "{\"key\":{\"kid\":\"https://azure-kv-tests2.vault.azure.net/keys/testkey2986032b8/c330063b2a144826bd258d8b6c88ec60\",\"kty\":\"EC\",\"key_ops\":[\"sign\",\"verify\"],\"crv\":\"P-256\",\"x\":\"mN_5P7JFoIG_7odyRnwRKMZvKfHHfBTNJ3sud3tyZYI\",\"y\":\"QwyOK5MRqMOepjRnNGoq7LJi4VDoacXb-DK2xIxJPGI\"},\"attributes\":{\"enabled\":false,\"exp\":2852668800,\"created\":1633574070,\"updated\":1633574070,\"recoveryLevel\":\"Recoverable+Purgeable\",\"recoverableDays\":90}}",
"Content-Type" : "application/json; charset=utf-8",
"X-Powered-By" : "ASP.NET"
},
"Exception" : null
} ],
"variables" : [ "testkey255915b59" ]
"variables" : [ "testkey2986032b8" ]
}
Loading

0 comments on commit f7c35ca

Please sign in to comment.