release/10.2 Test updates (#2637)

* Updated dependency download to pull from Azure Artifacts

* Added requireSecret tag

* Cherry-picked: azureAADPrincipialId/azureAADPrincipialSecret to applicationKey/applicationClientID

* Cherry-picked: ErrorMessageTest update

* Update FedAuth tests to use ManagedIdentity (#2629)

* Re-enable AE Tests (#2611)

* Added error string to TestResource

* Test fixes

* Test fixes p2

* Test fixes p3

* Test fixes p4: Update tests to run with ManagedIdentity

* Test fixes p5: Added missing brace and removed TestUtils.removeProperty method

* Test fixes p5: Adjusted test timings and added missing exception to TestResource

* Test fixes p6: Added additional requestSecret tag to more tests

* Update pom.xml

* Add profiles section to pom.xml

* Update Maven repository URL to Apache's repository

* Reverted to earlier

* Change repository ID from mssql-jdbc to central

* Add nimbus-jose-jwt dependency to pom.xml

* Update Azure dependencies in pom.xml

* Clean up pom.xml by removing commented dependencies

* Update azure-identity version to 1.15.3

* Remove nimbus-jose-jwt dependency

* Remove bumped versions from pom.xml

---------

Co-authored-by: lilgreenbird <[email protected]>
Co-authored-by: Muskan Gupta <[email protected]>

Author: 3 people

pom.xml

@@ -50,13 +50,15 @@
 			xAzureSQLDB - - - - For tests not compatible with Azure SQL Database - - 
 			xAzureSQLDW - - - - For tests not compatible with Azure Data Warehouse - 
 			xAzureSQLMI - - - - For tests not compatible with Azure SQL Managed Instance 
-			NTLM  - - - - - - - For tests using NTLM Authentication mode (excluded by default) 
-			reqExternalSetup  - For tests requiring external setup (excluded by default)
-			clientCertAuth  - - For tests requiring client certificate authentication setup (excluded by default)
+			NTLM - - - For tests using NTLM Authentication mode (excluded by default)
+			kerberos  - - - - For tests using Kerberos authentication (excluded by default)
+			reqExternalSetup - For tests requiring external setup (excluded by default)
+			clientCertAuth - - For tests requiring client certificate authentication 
+			setup (excluded by default) - - - - - - - - - - - - - - - - - - - - - - -
+			requireSecret - For tests requiring setting up secrets manually
 			- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
 			Default testing enabled with SQL Server 2019 (SQLv15) -->
-		<excludedGroups>xSQLv12,xSQLv15,NTLM,MSI,reqExternalSetup,clientCertAuth,fedAuth</excludedGroups>
-
+		<excludedGroups>xSQLv12,xSQLv15,NTLM,MSI,reqExternalSetup,clientCertAuth,fedAuth,kerberos,requireSecret</excludedGroups>
 		<!-- Use -preview for preview release, leave empty for official release. -->
 		<releaseExt></releaseExt>
 
@@ -232,7 +234,30 @@
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
-
+	<repositories>
+    	<repository>
+        	<id>central</id>
+        	<url>https://sqlclientdrivers.pkgs.visualstudio.com/public/_packaging/mssql-jdbc/maven/v1</url>
+        	<releases>
+            	<enabled>true</enabled>
+        	</releases>
+        	<snapshots>
+            	<enabled>true</enabled>
+        	</snapshots>
+    	</repository>
+	</repositories>
+	<pluginRepositories>
+    	<pluginRepository>
+        	<id>central</id>
+        	<url>https://sqlclientdrivers.pkgs.visualstudio.com/public/_packaging/mssql-jdbc/maven/v1</url>
+        	<releases>
+            	<enabled>true</enabled>
+        	</releases>
+        	<snapshots>
+            	<enabled>true</enabled>
+        	</snapshots>
+    	</pluginRepository>
+	</pluginRepositories>
 	<profiles>
 		<profile>
 			<id>jre8</id>

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/AESetup.java

@@ -177,17 +177,25 @@ static void setAEConnectionString(String serverName, String url, String protocol
         if (!isSqlLinux() && null != serverName && null != url && null != protocol) {
             enclaveProperties = "serverName=" + serverName + ";" + Constants.ENCLAVE_ATTESTATIONURL + "=" + url + ";"
                     + Constants.ENCLAVE_ATTESTATIONPROTOCOL + "=" + protocol;
-            AETestConnectionString = connectionString + ";sendTimeAsDateTime=false" + ";columnEncryptionSetting=enabled"
-                    + ";" + enclaveProperties;
+            AETestConnectionString = connectionString + ";sendTimeAsDateTime=false;columnEncryptionSetting=enabled;"
+                    + enclaveProperties;
 
             // show progress if testing multiple servers
             if (enclaveServer.length > 1) {
                 System.out.println("Testing enclave: " + enclaveProperties);
             }
+
+            // remove the password in connection string
+            // this is necessary as updateDataSource will only use 1st occurrence
+            String password = getConfiguredProperty("enclaveServerPassword");
+            AETestConnectionString = TestUtils.addOrOverrideProperty(AETestConnectionString, Constants.PASSWORD,
+                    password);
         } else {
-            AETestConnectionString = connectionString + ";sendTimeAsDateTime=false"
-                    + ";columnEncryptionSetting=enabled";
+            AETestConnectionString = connectionString + ";sendTimeAsDateTime=false;columnEncryptionSetting=enabled;";
         }
+
+        // TODO: update AE test servers to support
+        AETestConnectionString += ";encrypt=false;trustServerCertificate=true;";
     }
 
     @BeforeAll

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/BulkCopySendTemporalDataTypesAsStringAETest.java

@@ -57,6 +57,7 @@
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xAzureSQLDB)
 @Tag(Constants.xAzureSQLDW)
+@Tag(Constants.reqExternalSetup)
 public class BulkCopySendTemporalDataTypesAsStringAETest extends AESetup {
     static String inputFile = "BulkCopyCSVSendTemporalDataTypesAsStringForBulkCopy.csv";
     static String encoding = "UTF-8";

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/CallableStatementTest.java

@@ -51,6 +51,7 @@
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xAzureSQLDW)
 @Tag(Constants.xAzureSQLDB)
+@Tag(Constants.reqExternalSetup)
 public class CallableStatementTest extends AESetup {
 
     private static String multiStatementsProcedure = AbstractSQLGenerator

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/EnclaveTest.java

@@ -42,6 +42,7 @@
 @Tag(Constants.xAzureSQLDW)
 @Tag(Constants.xAzureSQLDB)
 @Tag(Constants.reqExternalSetup)
+@Tag(Constants.requireSecret)
 public class EnclaveTest extends AESetup {
     /**
      * Tests basic connection.

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java

@@ -29,10 +29,6 @@
 import com.azure.identity.ClientSecretCredentialBuilder;
 
 import java.util.Set;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.Future;
-
 import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
@@ -64,6 +60,7 @@
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xAzureSQLDW)
 @Tag(Constants.xAzureSQLDB)
+@Tag(Constants.reqExternalSetup)
 public class JDBCEncryptionDecryptionTest extends AESetup {
     private boolean nullable = false;
 
@@ -105,8 +102,7 @@ public void testJksName(String serverName, String url, String protocol) throws E
     public void testAkvName(String serverName, String url, String protocol) throws Exception {
         setAEConnectionString(serverName, url, protocol);
 
-        SQLServerColumnEncryptionAzureKeyVaultProvider akv = new SQLServerColumnEncryptionAzureKeyVaultProvider(
-                applicationClientID, applicationKey);
+        SQLServerColumnEncryptionAzureKeyVaultProvider akv = akvProvider;
         String keystoreName = "keystoreName";
         akv.setName(keystoreName);
         assertTrue(akv.getName().equals(keystoreName), "AKV name: " + akv.getName() + " keystoreName: " + keystoreName);
@@ -136,6 +132,7 @@ public void testBadJks(String serverName, String url, String protocol) throws Ex
     @SuppressWarnings("unused")
     @ParameterizedTest
     @MethodSource("enclaveParams")
+    @Tag(Constants.requireSecret)
     public void testBadAkvCallback(String serverName, String url, String protocol) throws Exception {
         setAEConnectionString(serverName, url, protocol);
 
@@ -209,8 +206,7 @@ public void testJksBadEncryptColumnEncryptionKey(String serverName, String url,
     public void testAkvBadEncryptColumnEncryptionKey(String serverName, String url, String protocol) throws Exception {
         setAEConnectionString(serverName, url, protocol);
 
-        SQLServerColumnEncryptionAzureKeyVaultProvider akv = null;
-        akv = new SQLServerColumnEncryptionAzureKeyVaultProvider(applicationClientID, applicationKey);
+        SQLServerColumnEncryptionAzureKeyVaultProvider akv = akvProvider;
 
         // null encryptedColumnEncryptionKey
         try {
@@ -288,8 +284,7 @@ public void testJksDecryptColumnEncryptionKey(String serverName, String url, Str
     public void testAkvDecryptColumnEncryptionKey(String serverName, String url, String protocol) throws Exception {
         setAEConnectionString(serverName, url, protocol);
 
-        SQLServerColumnEncryptionAzureKeyVaultProvider akv = null;
-        akv = new SQLServerColumnEncryptionAzureKeyVaultProvider(applicationClientID, applicationKey);
+        SQLServerColumnEncryptionAzureKeyVaultProvider akv = akvProvider;
 
         // null akvpath
         try {
@@ -2268,6 +2263,7 @@ void testNumerics(SQLServerStatement stmt, String cekName, String[][] table, Str
     @ParameterizedTest
     @MethodSource("enclaveParams")
     @Tag(Constants.reqExternalSetup)
+    @Tag(Constants.requireSecret)
     public void testAkvNameWithAuthCallback(String serverName, String url, String protocol) throws Exception {
         setAEConnectionString(serverName, url, protocol);
 
@@ -2286,6 +2282,7 @@ public void testAkvNameWithAuthCallback(String serverName, String url, String pr
     @ParameterizedTest
     @MethodSource("enclaveParams")
     @Tag(Constants.reqExternalSetup)
+    @Tag(Constants.requireSecret)
     public void testAkvNameWithTokenCredential(String serverName, String url, String protocol) throws Exception {
         setAEConnectionString(serverName, url, protocol);
 
@@ -2307,6 +2304,7 @@ public void testAkvNameWithTokenCredential(String serverName, String url, String
     @ParameterizedTest
     @MethodSource("enclaveParams")
     @Tag(Constants.reqExternalSetup)
+    @Tag(Constants.requireSecret)
     public void testAkvBadEncryptColumnEncryptionKeyWithAuthCallback(String serverName, String url,
             String protocol) throws Exception {
         setAEConnectionString(serverName, url, protocol);

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/MSITest.java

@@ -18,6 +18,10 @@
 import java.util.Map;
 import java.util.Properties;
 
+import com.azure.identity.CredentialUnavailableException;
+import com.azure.identity.ManagedIdentityCredential;
+import com.azure.identity.ManagedIdentityCredentialBuilder;
+
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.api.Test;
@@ -43,6 +47,7 @@
  */
 @RunWith(JUnitPlatform.class)
 @Tag(Constants.MSI)
+@Tag(Constants.requireSecret)
 public class MSITest extends AESetup {
 
     /*
@@ -365,11 +370,20 @@ private void testNumericAKV(String connStr) throws SQLException {
 
     @BeforeEach
     public void registerAKVProvider() throws Exception {
+        try {
         // unregister the custom providers registered in AESetup
         SQLServerConnection.unregisterColumnEncryptionKeyStoreProviders();
 
         Map<String, SQLServerColumnEncryptionKeyStoreProvider> map = new HashMap<String, SQLServerColumnEncryptionKeyStoreProvider>();
-        if (null != applicationClientID && null != applicationKey) {
+        if (null != akvProviderManagedClientId) {
+            System.out.println("ManagedIdentityCredential: registering akvProvider");
+
+            ManagedIdentityCredential credential = new ManagedIdentityCredentialBuilder()
+                    .clientId(akvProviderManagedClientId).build();
+            akvProvider = new SQLServerColumnEncryptionAzureKeyVaultProvider(credential);
+            map.put(Constants.AZURE_KEY_VAULT_NAME, akvProvider);
+            System.out.println("ManagedIdentityCredential: registered akvProvider");
+        } else if (null != applicationClientID && null != applicationKey) {
             File file = null;
             try {
                 file = new File(Constants.MSSQL_JDBC_PROPERTIES);
@@ -386,8 +400,12 @@ public void registerAKVProvider() throws Exception {
                     file.delete();
                 }
             }
+            System.out.println("applicationClientID: registered akvProvider");
         }
 
         SQLServerConnection.registerColumnEncryptionKeyStoreProviders(map);
+        } catch (Exception e) {
+            System.out.println("MSITest registerAKVProvider exception: " +e.getMessage());
+        }
     }
 }

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/MultiUserAKVTest.java

@@ -35,6 +35,8 @@
 import org.junit.platform.runner.JUnitPlatform;
 import org.junit.runner.RunWith;
 
+import com.azure.identity.ManagedIdentityCredential;
+import com.azure.identity.ManagedIdentityCredentialBuilder;
 import com.microsoft.sqlserver.jdbc.RandomUtil;
 import com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionAzureKeyVaultProvider;
 import com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider;
@@ -58,6 +60,7 @@
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xAzureSQLDW)
 @Tag(Constants.xAzureSQLDB)
+@Tag(Constants.reqExternalSetup)
 public class MultiUserAKVTest extends AESetup {
 
     private static Map<String, SQLServerColumnEncryptionKeyStoreProvider> requiredKeyStoreProvider = new HashMap<>();
@@ -99,7 +102,7 @@ public static void testCleanUp() throws Exception {
             tempMap.put(Constants.CUSTOM_KEYSTORE_NAME, jksProvider);
         }
 
-        if (null != akvProvider && null != applicationClientID && null != applicationKey) {
+        if (null != akvProvider) {
             tempMap.put(Constants.AZURE_KEY_VAULT_NAME, akvProvider);
         }
 
@@ -111,7 +114,7 @@ public static void testCleanUp() throws Exception {
     @Test
     @Tag(Constants.reqExternalSetup)
     public void decryptedCekIsCachedDuringDecryption() throws Exception {
-        SQLServerColumnEncryptionAzureKeyVaultProvider provider = createAKVProvider();
+        SQLServerColumnEncryptionAzureKeyVaultProvider provider = akvProvider;
 
         if (null == provider) {
             fail(TestResource.getResource("R_AKVProviderNull"));
@@ -151,8 +154,9 @@ public void decryptedCekIsCachedDuringDecryption() throws Exception {
 
     @Test
     @Tag(Constants.reqExternalSetup)
+    @Tag(Constants.requireSecret)
     public void signatureVerificationResultIsCachedDuringVerification() throws Exception {
-        SQLServerColumnEncryptionAzureKeyVaultProvider provider = createAKVProvider();
+        SQLServerColumnEncryptionAzureKeyVaultProvider provider = akvProvider;
 
         if (provider == null) {
             fail(TestResource.getResource("R_AKVProviderNull"));
@@ -184,7 +188,7 @@ public void signatureVerificationResultIsCachedDuringVerification() throws Excep
     @Test
     @Tag(Constants.reqExternalSetup)
     public void cekCacheEntryIsEvictedAfterTtlExpires() throws Exception {
-        SQLServerColumnEncryptionAzureKeyVaultProvider provider = createAKVProvider();
+        SQLServerColumnEncryptionAzureKeyVaultProvider provider = akvProvider;
 
         if (provider == null) {
             fail(TestResource.getResource("R_AKVProviderNull"));
@@ -212,7 +216,7 @@ public void cekCacheEntryIsEvictedAfterTtlExpires() throws Exception {
     @Test
     @Tag(Constants.reqExternalSetup)
     public void cekCacheShouldBeDisabledWhenAkvProviderIsRegisteredGlobally() throws Exception {
-        SQLServerColumnEncryptionAzureKeyVaultProvider provider = createAKVProvider();
+        SQLServerColumnEncryptionAzureKeyVaultProvider provider = akvProvider;
 
         if (provider == null) {
             fail(TestResource.getResource("R_AKVProviderNull"));
@@ -256,8 +260,9 @@ public void cekCacheShouldBeDisabledWhenAkvProviderIsRegisteredGlobally() throws
 
     @Test
     @Tag(Constants.reqExternalSetup)
+    @Tag(Constants.requireSecret)
     public void testLocalCekCacheIsScopedToProvider() throws Exception {
-        SQLServerColumnEncryptionAzureKeyVaultProvider provider = createAKVProvider();
+        SQLServerColumnEncryptionAzureKeyVaultProvider provider = akvProvider;
 
         if (provider == null) {
             fail(TestResource.getResource("R_AKVProviderNull"));
@@ -268,6 +273,8 @@ public void testLocalCekCacheIsScopedToProvider() throws Exception {
             fail((new MessageFormat(TestResource.getResource("R_objectNullOrEmpty"))).format(msgArg));
         }
 
+        SQLServerConnection.unregisterColumnEncryptionKeyStoreProviders();
+
         SQLServerConnection.unregisterColumnEncryptionKeyStoreProviders();
         Map<String, SQLServerColumnEncryptionKeyStoreProvider> providerMap = new HashMap<String, SQLServerColumnEncryptionKeyStoreProvider>();
         providerMap.put(Constants.AZURE_KEY_VAULT_NAME, akvProvider);
@@ -325,7 +332,7 @@ public void testLocalCekCacheIsScopedToProvider() throws Exception {
                 }
                 fail(TestResource.getResource("R_expectedExceptionNotThrown"));
             } catch (SQLServerException ex) {
-                assertTrue(ex.getMessage().contains("AADSTS700016"));
+                org.junit.jupiter.api.Assertions.assertTrue(ex.getMessage().contains("AADSTS700016"), ex.getMessage());
             }
         } finally {
             dropObject(AETestConnectionString, "TABLE", customProviderTableName);
@@ -608,31 +615,4 @@ private int getCacheSize(String methodName,
 
         return (int) method.invoke(provider);
     }
-
-    private SQLServerColumnEncryptionAzureKeyVaultProvider createAKVProvider() throws Exception {
-
-        SQLServerColumnEncryptionAzureKeyVaultProvider azureKeyVaultProvider = null;
-
-        if (null != applicationClientID && null != applicationKey) {
-            File file = null;
-            try {
-                file = new File(Constants.MSSQL_JDBC_PROPERTIES);
-                try (OutputStream os = new FileOutputStream(file);) {
-                    Properties props = new Properties();
-                    // Append to the list of hardcoded endpoints
-                    props.setProperty(Constants.AKV_TRUSTED_ENDPOINTS_KEYWORD, ";vault.azure.net");
-                    props.store(os, "");
-                }
-                azureKeyVaultProvider = new SQLServerColumnEncryptionAzureKeyVaultProvider(applicationClientID,
-                        applicationKey);
-
-            } finally {
-                if (null != file) {
-                    file.delete();
-                }
-            }
-        }
-
-        return azureKeyVaultProvider;
-    }
 }

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/PrecisionScaleTest.java

@@ -42,6 +42,7 @@
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xAzureSQLDW)
 @Tag(Constants.xAzureSQLDB)
+@Tag(Constants.reqExternalSetup)
 public class PrecisionScaleTest extends AESetup {
     private static java.util.Date date = null;
     private static int offsetFromGMT = 0;

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/RegressionAlwaysEncryptedTest.java

@@ -29,6 +29,7 @@
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xAzureSQLDW)
 @Tag(Constants.xAzureSQLDB)
+@Tag(Constants.reqExternalSetup)
 public class RegressionAlwaysEncryptedTest extends AESetup {
     static String numericTable[][] = {{"Bit", "bit"}, {"Tinyint", "tinyint"}, {"Smallint", "smallint"},};