Skip to content

Commit 886050e

Browse files
MaryGaoMaryGao
authored
Add mock test cases for CAE auth in mgmt client (#32351)
fixes #31754
1 parent fdde5e8 commit 886050e

File tree

2 files changed

+95
-1
lines changed

2 files changed

+95
-1
lines changed

sdk/resources/arm-resources/package.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
"@azure/core-client": "^1.7.0",
1414
"@azure/core-lro": "^2.5.0",
1515
"@azure/core-paging": "^1.2.0",
16-
"@azure/core-rest-pipeline": "^1.8.0",
16+
"@azure/core-rest-pipeline": "^1.18.2",
1717
"tslib": "^2.2.0"
1818
},
1919
"keywords": [

sdk/resources/arm-resources/test/cae_mock_test.ts

+94
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,94 @@
1+
import { TokenCredential } from "@azure/core-auth";
2+
import { assert } from "chai";
3+
import { ResourceManagementClient } from "../src/resourceManagementClient";
4+
import { createHttpHeaders } from "@azure/core-rest-pipeline";
5+
import { OperationRequest } from "@azure/core-client";
6+
7+
describe("Mock test for CAE with ResourceManagementClient", () => {
8+
// this is not a real token, does not contain any sensitive info, just for test.
9+
// You could refer the check in core https://github.com/azure/azure-sdk-for-js/blob/57056dcef4d646fdca6f4af7bd5b2539c3cb57a2/sdk/core/core-rest-pipeline/src/policies/bearerTokenAuthenticationPolicy.ts#L375 to verify if your CAE challenge header is valid or not.
10+
const caeChallenge = `Bearer realm="", error_description="Continuous access evaluation resulted in challenge", error="insufficient_claims", claims="eyJhY2Nlc3NfdG9rZW4iOnsibmJmIjp7ImVzc2VudGlhbCI6dHJ1ZSwgInZhbHVlIjoiMTcyNjI1ODEyMiJ9fX0=" `;
11+
// This header is invalid because the claims is empty
12+
const invalidCAEChallenge = `Bearer realm="", error_description="", error="insufficient_claims", claims=""`;
13+
it("should proceed CAE process for mgmt client if a valid CAE challenge", async function () {
14+
let getTokenCount = 0;
15+
const credential: TokenCredential = {
16+
getToken: async (scopes) => {
17+
getTokenCount++;
18+
let token = "testToken";
19+
if (getTokenCount === 0) {
20+
token = "firstToken";
21+
}
22+
return { token: "testToken", expiresOnTimestamp: 11111 };
23+
},
24+
};
25+
26+
let getRequestCount = 0;
27+
let request: OperationRequest;
28+
const client = new ResourceManagementClient(credential, "subscriptionID", {
29+
httpClient: {
30+
sendRequest: async (req) => {
31+
request = req;
32+
getRequestCount++;
33+
if (getRequestCount === 1) {
34+
return { request: req, status: 401, headers: createHttpHeaders({ "www-authenticate": caeChallenge }) };
35+
}
36+
return { request: req, status: 200, headers: createHttpHeaders() };
37+
},
38+
},
39+
credential
40+
});
41+
42+
const result = await client.operations.list();
43+
const items = [];
44+
for await (let item of result) {
45+
items.push(item);
46+
}
47+
assert.equal(items.length, 0);
48+
assert.equal(getRequestCount, 2);
49+
assert.equal(getTokenCount, 2);
50+
assert.deepEqual(request!.headers.get("authorization"), "Bearer testToken");
51+
});
52+
53+
it("should not proceed CAE process for mgmt client if an invalid CAE challenge", async function () {
54+
let getTokenCount = 0;
55+
const credential: TokenCredential = {
56+
getToken: async (scopes) => {
57+
getTokenCount++;
58+
let token = "testToken";
59+
if (getTokenCount === 0) {
60+
token = "firstToken";
61+
}
62+
return { token: "testToken", expiresOnTimestamp: 11111 };
63+
},
64+
};
65+
66+
let getRequestCount = 0;
67+
let request: OperationRequest;
68+
const client = new ResourceManagementClient(credential, "subscriptionID", {
69+
httpClient: {
70+
sendRequest: async (req) => {
71+
request = req;
72+
getRequestCount++;
73+
if (getRequestCount === 1) {
74+
return { request: req, status: 401, headers: createHttpHeaders({ "www-authenticate": invalidCAEChallenge }) };
75+
}
76+
return { request: req, status: 200, headers: createHttpHeaders() };
77+
},
78+
},
79+
credential
80+
});
81+
try {
82+
const result = await client.operations.list();
83+
const items = [];
84+
for await (let item of result) {
85+
items.push(item);
86+
}
87+
assert.fail("Should not reach here and throw 401 exception");
88+
} catch (e: any) {
89+
assert.equal(e.statusCode, 401);
90+
assert.equal(getRequestCount, 1);
91+
assert.equal(getTokenCount, 1);
92+
}
93+
});
94+
});

0 commit comments

Comments
 (0)