Azure Resources API (v4) internal tests

.vscode/launch.json

@@ -69,7 +69,8 @@
             "preLaunchTask": "Watch: ESBuild",
             "env": {
                 "DEBUGTELEMETRY": "v",
-                "AzCode_EnableLongRunningTestsLocal": ""
+                "AzCode_EnableLongRunningTestsLocal": "",
+                "VSCODE_RUNNING_TESTS": "true",
             }
         },
     ]

src/extension.ts

@@ -269,6 +269,12 @@ export async function activate(context: vscode.ExtensionContext, perfStats: { lo
                     getAppResourceTree: () => ext.appResourceTree,
                 },
                 extensionVariables: {
+                    getUI: () => {
+                        return {
+                            context: ext.context,
+                            outputChannel: ext.outputChannel,
+                        };
+                    },
                     getOutputChannel: () => ext.outputChannel,
                 },
                 testing: {

src/testApi.ts

@@ -4,7 +4,7 @@
  *--------------------------------------------------------------------------------------------*/
 
 import { AzureSubscriptionProvider } from "@microsoft/vscode-azext-azureauth";
-import { AzExtTreeDataProvider, IAzExtLogOutputChannel } from "@microsoft/vscode-azext-utils";
+import { AzExtTreeDataProvider, IAzExtLogOutputChannel, UIExtensionVariables } from "@microsoft/vscode-azext-utils";
 import { AzureResourcesApiInternal } from "./hostapi.v2.internal";
 import { AzureResourcesServiceFactory } from "./services/AzureResourcesService";
 
@@ -38,6 +38,11 @@ export interface TestApi {
      * Get extension variables for tests
      */
     extensionVariables: {
+        /**
+         * Get the common extension variables used throughout the UI package
+         */
+        getUI(): UIExtensionVariables;
+
         /**
          * Get the output channel
          */

test/api/auth/MockUUIDCredentialManager.ts

@@ -0,0 +1,39 @@
+/*---------------------------------------------------------------------------------------------
+*  Copyright (c) Microsoft Corporation. All rights reserved.
+*  Licensed under the MIT License. See License.txt in the project root for license information.
+*--------------------------------------------------------------------------------------------*/
+
+import { AzExtCredentialManager } from "../../../api/src/auth/credentialManager/AzExtCredentialManager";
+import { maskValue } from "../../../api/src/utils/maskValue";
+
+/**
+ * A mock credential manager with the same implementation as `AzExtUUIDCredentialManager`,
+ * but with a public getter to inspect the UUIDs during test.
+ */
+export class MockUUIDCredentialManager implements AzExtCredentialManager {
+    #uuidMap: Map<string, string> = new Map();
+
+    get uuidMap() {
+        return this.#uuidMap;
+    }
+
+    createCredential(extensionId: string): string {
+        const uuid: string = crypto.randomUUID();
+        this.#uuidMap.set(extensionId, uuid);
+        return uuid;
+    }
+
+    verifyCredential(credential: string, extensionId: string): boolean {
+        if (!credential || !extensionId) {
+            return false;
+        }
+        return credential === this.#uuidMap.get(extensionId);
+    }
+
+    maskCredentials(data: string): string {
+        for (const uuid of this.#uuidMap.values()) {
+            data = maskValue(data, uuid);
+        }
+        return data;
+    }
+}

test/api/auth/mockAuthApi.ts

@@ -0,0 +1,37 @@
+/*---------------------------------------------------------------------------------------------
+*  Copyright (c) Microsoft Corporation. All rights reserved.
+*  Licensed under the MIT License. See License.txt in the project root for license information.
+*--------------------------------------------------------------------------------------------*/
+
+import { AzureExtensionApiFactory, createApiProvider } from "@microsoft/vscode-azext-utils";
+import { apiUtils, AzureExtensionApi, AzureResourcesExtensionAuthApi, GetApiOptions } from "../../../api/src";
+import { AuthApiFactoryDependencies, createAuthApiFactory } from "../../../src/api/auth/createAuthApiFactory";
+
+/**
+ * Creates a mock API provider with API factories matching the versions provided.
+ * Only the values required by the interface will be implemented.
+ */
+function createMockApiProvider(versions: string[]): apiUtils.AzureExtensionApiProvider {
+    const apiFactories: AzureExtensionApiFactory<AzureExtensionApi>[] = versions.map(version => {
+        return {
+            apiVersion: version,
+            createApi: (_options?: GetApiOptions) => {
+                return {
+                    apiVersion: version,
+                };
+            },
+        };
+    });
+
+    return createApiProvider(apiFactories);
+}
+
+/**
+ * Creates a mock auth API protecting core API versions: ['0.0.1', '2.0.0', '3.0.0']
+ */
+export function createMockAuthApi(customDependencies?: AuthApiFactoryDependencies): AzureResourcesExtensionAuthApi {
+    const coreApiVersions: string[] = ['0.0.1', '2.0.0', '3.0.0'];
+    const coreApiProvider = createMockApiProvider(coreApiVersions);
+    const authApiProvider = createAuthApiFactory(coreApiProvider, customDependencies);
+    return authApiProvider.createApi({ extensionId: 'ms-azuretools.vscode-azureresourcegroups-tests' });
+}

test/api/auth/v4.host.test.ts

@@ -0,0 +1,120 @@
+/*---------------------------------------------------------------------------------------------
+*  Copyright (c) Microsoft Corporation. All rights reserved.
+*  Licensed under the MIT License. See License.txt in the project root for license information.
+*--------------------------------------------------------------------------------------------*/
+
+import { nonNullValue, parseError } from "@microsoft/vscode-azext-utils";
+import * as assert from "assert";
+import { apiUtils, AzureExtensionApi, AzureResourcesExtensionAuthApi } from "../../../api/src";
+import { assertThrowsAsync } from "../../wrapFunctionsInTelemetry.test";
+import { MockUUIDCredentialManager } from "./MockUUIDCredentialManager";
+import { createMockAuthApi } from "./mockAuthApi";
+
+const clientExtensionId: string = 'ms-azuretools.vscode-azurecontainerapps';
+const clientExtensionVersion: string = '1.0.0';
+
+suite('v4 internal API auth tests', async () => {
+    test('v4 API should be defined', async () => {
+        const apiProvider = await apiUtils.getExtensionExports<apiUtils.AzureExtensionApiProvider>('ms-azuretools.vscode-azureresourcegroups');
+        assert.ok(apiProvider, 'API provider is undefined');
+
+        const v4Api = apiProvider.getApi('^4.0.0', { extensionId: 'ms-azuretools.vscode-azureresourcegroups-tests' });
+        assert.ok(v4Api);
+    });
+
+    test('createAzureResourcesApiSession should provide a valid credential but not return it directly', async () => {
+        let apiSession: unknown;
+        let receivedHostCredential: string = '';
+        let receivedClientCredential: string = '';
+
+        const credentialManager = new MockUUIDCredentialManager();
+        const generatedClientCredential: string = crypto.randomUUID();
+
+        await new Promise<void>((resolve) => {
+            const timeout = setTimeout(resolve, 5000);
+
+            const mockClientExtensionApi: AzureExtensionApi = {
+                apiVersion: clientExtensionVersion,
+                receiveAzureResourcesApiSession: (hostCredential: string, clientCredential: string) => {
+                    clearTimeout(timeout);
+                    receivedHostCredential = hostCredential;
+                    receivedClientCredential = clientCredential;
+                    resolve();
+                },
+            };
+
+            const authApi: AzureResourcesExtensionAuthApi = createMockAuthApi({ credentialManager, clientApiProvider: { getApi: () => mockClientExtensionApi } });
+            authApi.createAzureResourcesApiSession(clientExtensionId, clientExtensionVersion, generatedClientCredential)
+                .then(session => apiSession = session)
+                .catch(() => { clearTimeout(timeout); resolve(); });
+        });
+
+        assert.equal(apiSession, undefined);
+        assert.equal(receivedClientCredential, generatedClientCredential);
+
+        const generatedHostCredential: string = nonNullValue(credentialManager.uuidMap.get(clientExtensionId));
+        assert.equal(receivedHostCredential, generatedHostCredential);
+    });
+
+    test('createAzureResourcesApiSession should throw if an unallowed extension id is provided', async () => {
+        const authApi: AzureResourcesExtensionAuthApi = createMockAuthApi();
+        await assertThrowsAsync(async () => await authApi.createAzureResourcesApiSession('extension1', clientExtensionVersion, crypto.randomUUID()));
+    });
+
+    test('createAzureResourcesApiSession should not spill sensitive extension credentials in errors', async () => {
+        const credentialManager = new MockUUIDCredentialManager();
+        credentialManager.createCredential('extension1');
+        credentialManager.createCredential = () => {
+            throw new Error(credentialManager.uuidMap.get('extension1'));
+        };
+
+        const authApi: AzureResourcesExtensionAuthApi = createMockAuthApi({ credentialManager });
+
+        try {
+            await authApi.createAzureResourcesApiSession(clientExtensionId, clientExtensionVersion, crypto.randomUUID());
+            assert.fail('We expect the credential manager to throw in this test.');
+        } catch (err) {
+            const perr = parseError(err);
+            assert.doesNotMatch(perr.message, new RegExp(nonNullValue(credentialManager.uuidMap.get('extension1')), 'i'));
+        }
+    });
+
+    test('getAzureResourcesApis should return matching APIs if provided a valid credential', async () => {
+        const credentialManager = new MockUUIDCredentialManager();
+        const generatedHostCredential: string = credentialManager.createCredential(clientExtensionId);
+
+        const authApi: AzureResourcesExtensionAuthApi = createMockAuthApi({ credentialManager });
+        const resourcesApis = await authApi.getAzureResourcesApis(clientExtensionId, generatedHostCredential, ['0.0.1', '^2.0.0']);
+
+        assert.equal(resourcesApis[0]?.apiVersion, '0.0.1');
+        assert.match(resourcesApis[1]?.apiVersion ?? '', /^2\./);
+    });
+
+    test('getAzureResourcesApis should throw if provided an invalid credential', async () => {
+        const credentialManager = new MockUUIDCredentialManager();
+        const authApi: AzureResourcesExtensionAuthApi = createMockAuthApi({ credentialManager });
+        await assertThrowsAsync(async () => await authApi.getAzureResourcesApis(clientExtensionId, crypto.randomUUID(), ['^2.0.0']));
+
+        credentialManager.createCredential(clientExtensionId);
+        await assertThrowsAsync(async () => await authApi.getAzureResourcesApis(clientExtensionId, crypto.randomUUID(), ['^2.0.0']));
+    });
+
+    test('getAzureResourcesApis should not spill sensitive extension credentials in errors', async () => {
+        const credentialManager = new MockUUIDCredentialManager();
+        const authApi: AzureResourcesExtensionAuthApi = createMockAuthApi({ credentialManager });
+
+        credentialManager.createCredential('extension1');
+        credentialManager.createCredential('extension2');
+        credentialManager.createCredential('extension3');
+
+        try {
+            await authApi.getAzureResourcesApis(clientExtensionId, crypto.randomUUID(), ['^2.0.0']);
+            assert.fail('Should throw if requesting Azure Resources APIs without a valid credential.');
+        } catch (err) {
+            const perr = parseError(err);
+            for (const credential of credentialManager.uuidMap.values()) {
+                assert.doesNotMatch(perr.message, new RegExp(credential, 'i'));
+            }
+        }
+    });
+});

test/global.test.ts

@@ -3,8 +3,9 @@
  *  Licensed under the MIT License. See LICENSE.md in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
 
-import { registerOnActionStartHandler, TestUserInput } from '@microsoft/vscode-azext-utils';
+import { registerOnActionStartHandler, registerUIExtensionVariables, TestUserInput } from '@microsoft/vscode-azext-utils';
 import * as vscode from 'vscode';
+import { TestApi } from '../src/testApi';
 import { settingUtils } from '../src/utils/settingUtils';
 import { getTestApi } from './utils/testApiAccess';
 
@@ -19,7 +20,8 @@ suiteSetup(async function (this: Mocha.Context): Promise<void> {
     this.timeout(1 * 60 * 1000);
 
     // Initialize test API - this caches it for use throughout tests
-    await getTestApi();
+    const testApi: TestApi = await getTestApi();
+    registerUIExtensionVariables(testApi.extensionVariables.getUI());
 
     await vscode.commands.executeCommand('azureResourceGroups.refresh'); // activate the extension before tests begin
 

test/utils/testApiAccess.ts

@@ -4,8 +4,8 @@
  *--------------------------------------------------------------------------------------------*/
 
 import * as vscode from 'vscode';
-import { TestApi } from '../../src/testApi';
 import { apiUtils } from '../../api/src/utils/apiUtils';
+import { TestApi } from '../../src/testApi';
 
 let cachedTestApi: TestApi | undefined;