Fix access token cache issue (#27050)

* Fix access token cache issue

* Update doc and script

Author: vidai-msft

documentation/testing-docs/using-azure-test-framework.md

@@ -56,10 +56,10 @@ This cmdlet enables you to generate a credentials file (located in `C:/Users/<cu
 
 #### Use user account to record test cases (Recommended)
 
-Using a user account is the preferred method for recording test cases as it avoids storing secret in the local file with plain text. You can obtain the object ID of the user account either from the Azure portal or through Azure PowerShell.
+Using a user account is the preferred method for recording test cases as it avoids storing secret in the local file with plain text. The value of the UserId is your **email account** in the tenant where you plan to record the test.
 
 ```powershell
-Set-TestFxEnvironment -UserId <UserId> -SubscriptionId <SubscriptionId> -TenantId <TenantId> -RecorderMode "Record"
+Set-TestFxEnvironment -UserId <EmailAccount> -SubscriptionId <SubscriptionId> -TenantId <TenantId> -RecorderMode "Record"
 ```
 
 #### Create New Service Principal (Not Recommended)
@@ -108,7 +108,7 @@ You can use either a user account (Recommended) or a Service Principal to record
 With user account, you may set the following environment variables:
 
 ```
-TEST_CSM_ORGID_AUTHENTICATION=Environment=Prod;SubscriptionId=<SubscriptionId>;TenantId=<TenantId>;UserId=<UserId>;
+TEST_CSM_ORGID_AUTHENTICATION=Environment=Prod;SubscriptionId=<SubscriptionId>;TenantId=<TenantId>;UserId=<EmailAccount>;
 AZURE_TEST_MODE=Record
 ```
 

src/Attestation/Attestation.Test/ScenarioTests/AttestationTestRunner.cs

@@ -13,6 +13,7 @@
 // ----------------------------------------------------------------------------------
 
 using Microsoft.Azure.Attestation;
+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.TestFx;
 using Microsoft.Azure.Management.Attestation;
 using Microsoft.Azure.Management.Internal.Resources;
@@ -74,15 +75,8 @@ private static AttestationManagementClient GetAttestationManagementClient(MockCo
 
         private static AttestationClient GetAttestationClient(MockContext context)
         {
-            string accessToken = "fakefakefake";
-
-            // When recording, we should have a connection string passed into the code from the environment
-            if (HttpMockServer.Mode == HttpRecorderMode.Record)
-            {
-                accessToken = TestEnvironmentFactory.GetTestEnvironment().GetAccessToken(new[] { "https://attest.azure.net/.default" });
-            }
-
-            return new AttestationClient(new AttestationCredentials(accessToken), HttpMockServer.CreateInstance());
+            var creds = TestEnvironmentFactory.GetTestEnvironment().GetAccessToken(AzureEnvironmentConstants.AzureAttestationServiceEndpointResourceId);
+            return new AttestationClient(creds, HttpMockServer.CreateInstance());
         }
     }
 }

src/DataLakeStore/DataLakeStore.Test/ScenarioTests/DataLakeStoreTestRunner.cs

@@ -12,6 +12,7 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.DataLakeStore.Models;
 using Microsoft.Azure.Commands.TestFx;
 using System.Collections.Generic;
@@ -57,12 +58,11 @@ protected DataLakeStoreTestRunner(ITestOutputHelper output)
                 )
                 .WithManagementClients(mockContext =>
                     {
-                        var currentEnvironment = TestEnvironmentFactory.GetTestEnvironment();
                         AdlsClientFactory.IsTest = true;
-                        AdlsClientFactory.CustomDelegatingHAndler = mockContext.AddHandlers(currentEnvironment, new AdlMockDelegatingHandler());
-                        AdlsClientFactory.MockCredentials = currentEnvironment.TokenInfo[TokenAudience.Management];
-                        var dummyObj = new object();
-                        return dummyObj;
+                        var creds = TestEnvironmentFactory.GetTestEnvironment().GetAccessToken(AzureEnvironmentConstants.AzureDataLakeStoreFileSystemEndpointSuffix);
+                        AdlsClientFactory.CustomDelegatingHAndler = mockContext.AddHandlers(creds, new AdlMockDelegatingHandler());
+                        AdlsClientFactory.MockCredentials = creds;
+                        return new object();
                     }
                 )
                 .WithCleanupAction(

src/Network/Network.Test/ScenarioTests/NetworkTestRunner.cs

@@ -12,12 +12,11 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.TestFx;
 using Microsoft.Azure.KeyVault;
 using Microsoft.Azure.Test.HttpRecorder;
-using Microsoft.Rest;
 using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
-using System;
 using System.Collections.Generic;
 using Xunit.Abstractions;
 
@@ -76,15 +75,8 @@ protected NetworkTestRunner(ITestOutputHelper output)
 
         private static KeyVaultClient GetKeyVaultClient(MockContext context)
         {
-            string accessToken = "fakefakefake";
-
-            // When recording, we should have a connection string passed into the code from the environment
-            if (HttpMockServer.Mode == HttpRecorderMode.Record)
-            {
-                accessToken = TestEnvironmentFactory.GetTestEnvironment().GetAccessToken(new[] { "https://vault.azure.net/.default" });
-            }
-
-            return new KeyVaultClient(new TokenCredentials(accessToken), HttpMockServer.CreateInstance());
+            var creds = TestEnvironmentFactory.GetTestEnvironment().GetAccessToken(AzureEnvironmentConstants.AzureKeyVaultServiceEndpointResourceId);
+            return new KeyVaultClient(creds, HttpMockServer.CreateInstance());
         }
     }
 }

src/Synapse/Synapse.Test/ScenarioTests/SynapseTestRunner.cs

@@ -12,6 +12,7 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.TestFx;
 using Microsoft.Azure.Synapse;
 using Microsoft.Azure.Test.HttpRecorder;
@@ -78,15 +79,8 @@ protected SynapseTestRunner(ITestOutputHelper output)
 
         protected static SynapseClient GetSynapseClient(MockContext context)
         {
-            string accessToken = "fakefakefake";
-
-            // When recording, we should have a connection string passed into the code from the environment
-            if (HttpMockServer.Mode == HttpRecorderMode.Record)
-            {
-                accessToken = TestEnvironmentFactory.GetTestEnvironment().GetAccessToken(new[] { "https://dev.azuresynapse.net/.default" });
-            }
-
-            return new SynapseClient(new TokenCredentials(accessToken), HttpMockServer.CreateInstance());
+            var creds = TestEnvironmentFactory.GetTestEnvironment().GetAccessToken(AzureEnvironmentConstants.AzureSynapseAnalyticsEndpointResourceId);
+            return new SynapseClient(creds, HttpMockServer.CreateInstance());
         }
     }
 }

tools/Modules/TestFx-Tasks.psm1

@@ -29,7 +29,7 @@ function Set-TestFxEnvironment {
 
         [Parameter(Mandatory, ParameterSetName = "UserAccount")]
         [ValidateNotNullOrEmpty()]
-        [guid] $UserId,
+        [string] $UserId,
 
         [Parameter(Mandatory, ParameterSetName = "NewServicePrincipal")]
         [ValidateNotNullOrEmpty()]
@@ -113,10 +113,10 @@ function Set-TestFxEnvironment {
     }
 
     $testFxEnvProps = [PSCustomObject]@{
-        Environment            = $TargetEnvironment
-        SubscriptionId         = $SubscriptionId
-        TenantId               = $TenantId
-        HttpRecorderMode       = $RecorderMode
+        Environment      = $TargetEnvironment
+        SubscriptionId   = $SubscriptionId
+        TenantId         = $TenantId
+        HttpRecorderMode = $RecorderMode
     }
 
     switch ($PSCmdlet.ParameterSetName) {

tools/TestFx/DelegatingHandlers/HttpMockServer.cs

@@ -12,6 +12,9 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using Microsoft.Azure.Commands.Common.Authentication;
+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
+using Microsoft.Azure.Commands.ResourceManager.Common;
 using Microsoft.Azure.Commands.TestFx;
 using Microsoft.Azure.Commands.TestFx.Recorder;
 using System;
@@ -65,8 +68,16 @@ public static void Initialize(string callerIdentity, string testIdentity)
                 Mode = HttpRecorderMode.Playback;
             }
 
-            if (Mode == HttpRecorderMode.Playback)
+            if (Mode == HttpRecorderMode.Record)
             {
+                AzureSession.Instance.ARMContextSaveMode = ContextSaveMode.CurrentUser;
+                ProtectedProfileProvider.InitializeResourceManagerProfile();
+            }
+            else if (Mode == HttpRecorderMode.Playback)
+            {
+                AzureSession.Instance.ARMContextSaveMode = ContextSaveMode.Process;
+                ResourceManagerProfileProvider.InitializeResourceManagerProfile();
+
                 var recordDir = Path.Combine(RecordsDirectory, CallerIdentity);
                 var fileName = Path.GetFullPath(Path.Combine(recordDir, testIdentity.Replace(".json", "") + ".json"));
                 if (!FileSystemUtilsObject.DirectoryExists(recordDir) || !FileSystemUtilsObject.FileExists(fileName))

tools/TestFx/DelegatingHandlers/ResourceCleanerDelegatingHandler.cs

@@ -27,11 +27,11 @@ public class ResourceCleanerDelegatingHandler : DelegatingHandler
     {
         private readonly Regex _resourceGroupPattern = new Regex(@"/subscriptions/[^/]+/resourcegroups/([^?]+)\?api-version");
         private readonly HashSet<string> _resourceGroupsCreated = new HashSet<string>();
-        private readonly TokenCredentials _tokenCredentials;
+        private readonly ServiceClientCredentials _credentials;
 
-        public ResourceCleanerDelegatingHandler(TokenCredentials tokenCredentials)
+        public ResourceCleanerDelegatingHandler(ServiceClientCredentials credentials)
         {
-            _tokenCredentials = tokenCredentials;
+            _credentials = credentials;
         }
 
         protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
@@ -55,7 +55,7 @@ public async Task DeleteResourceGroups()
                     RequestUri = new Uri(resourceGroupUri)
                 };
 
-                _tokenCredentials.ProcessHttpRequestAsync(httpRequest, CancellationToken.None).ConfigureAwait(false).GetAwaiter().GetResult();
+                _credentials.ProcessHttpRequestAsync(httpRequest, CancellationToken.None).ConfigureAwait(false).GetAwaiter().GetResult();
 
                 HttpResponseMessage httpResponse = await httpClient.SendAsync(httpRequest).ConfigureAwait(false);
                 string groupName = _resourceGroupPattern.Match(resourceGroupUri).Groups[1].Value;

tools/TestFx/EnvironmentSetupHelper.cs

@@ -16,7 +16,6 @@
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.Common.Authentication.Models;
 using Microsoft.Azure.Commands.Common.Authentication.Properties;
-using Microsoft.Azure.Commands.ScenarioTest;
 using Microsoft.Azure.Commands.TestFx.Mocks;
 using Microsoft.Azure.ServiceManagement.Common.Models;
 using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
@@ -39,9 +38,9 @@ namespace Microsoft.Azure.Commands.TestFx
 {
     public class EnvironmentSetupHelper
     {
-        private const string TestFxEnvironmentName = "__testfx-environment";
+        private const string TestFxEnvironmentName = "testfx-environment";
 
-        private const string TestFxSubscriptionName = "__testfx-subscription";
+        private const string TestFxSubscriptionName = "testfx-subscription";
 
         private static string PackageDirectoryFromCommon { get; } = GetConfigDirectory();
 
@@ -78,17 +77,17 @@ public EnvironmentSetupHelper()
             LogIfNotNull($"Insights Module path: {module}");
             RMInsightsModule = module;
             module = GetModuleManifest(RmDirectory, "Az.Storage");
-            LogIfNotNull($"Storage Management Module path: {module}");
+            LogIfNotNull($"Storage Module path: {module}");
             RMStorageModule = module;
-            module = GetModuleManifest(StorageDirectory, "Azure.Storage");
-            LogIfNotNull($"Storage Data Plane Module path: {module}");
-            RMStorageDataPlaneModule = module;
             module = GetModuleManifest(RmDirectory, "Az.OperationalInsights");
-            LogIfNotNull($"Storage Data Plane Module path: {module}");
+            LogIfNotNull($"OperationalInsights Module path: {module}");
             RMOperationalInsightsModule = module;
             module = GetModuleManifest(RmDirectory, "Az.Network");
             LogIfNotNull($"Network Module path: {module}");
             RMNetworkModule = module;
+            module = GetModuleManifest(RmDirectory, "Az.KeyVault");
+            LogIfNotNull($"KeyVault Module path: {module}");
+            RMKeyVaultModule = module;
             module = GetModuleManifest(RmDirectory, "Az.EventHub");
             LogIfNotNull($"EventHub Module path: {module}");
             RMEventHubModule = module;
@@ -102,33 +101,8 @@ public EnvironmentSetupHelper()
             LogIfNotNull($"Stack Resources Module path: {module}");
             StackRMResourceModule = module;
             module = GetModuleManifest(StackRmDirectory, "Az.Storage");
-            LogIfNotNull($"Stack Storage Management Plane Module path: {module}");
+            LogIfNotNull($"Stack Storage Module path: {module}");
             StackRMStorageModule = module;
-            module = GetModuleManifest(StackStorageDirectory, "Azure.Storage");
-            LogIfNotNull($"Stack Storage Data Plane Module path: {module}");
-            StackRMStorageDataPlaneModule = module;
-            module = GetModuleManifest(RmDirectory, "Az.KeyVault");
-            LogIfNotNull($"KeyVault Module path: {module}");
-            RMKeyVaultModule = module;
-
-            TestExecutionHelpers.SetUpSessionAndProfile();
-            IDataStore datastore = new MemoryDataStore();
-            if (AzureSession.Instance.DataStore != null && (AzureSession.Instance.DataStore is MemoryDataStore))
-            {
-                datastore = AzureSession.Instance.DataStore;
-            }
-
-            AzureSession.Instance.DataStore = datastore;
-            var rmprofile = new AzureRmProfile(Path.Combine(AzureSession.Instance.ProfileDirectory, AzureSession.Instance.ProfileFile));
-            rmprofile.EnvironmentTable.Add("foo", new AzureEnvironment(AzureEnvironment.PublicEnvironments.Values.FirstOrDefault()));
-            rmprofile.DefaultContext = new AzureContext(new AzureSubscription(), new AzureAccount(), rmprofile.EnvironmentTable["foo"], new AzureTenant());
-            rmprofile.DefaultContext.Subscription.SetEnvironment("foo");
-            if (AzureRmProfileProvider.Instance.Profile == null)
-            {
-                AzureRmProfileProvider.Instance.Profile = rmprofile;
-            }
-
-            AzureSession.Instance.DataStore = datastore;
 
             if (File.Exists(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), Resources.AzureDirectoryName, "testcredentials.json")))
             {
@@ -150,8 +124,6 @@ public EnvironmentSetupHelper()
 
         public string RMMonitorModule { get; private set; }
 
-        public string RMStorageDataPlaneModule { get; private set; }
-
         public string RMNetworkModule { get; private set; }
 
         public string StackRMProfileModule { get; private set; }
@@ -160,8 +132,6 @@ public EnvironmentSetupHelper()
 
         public string StackRMStorageModule { get; private set; }
 
-        public string StackRMStorageDataPlaneModule { get; private set; }
-
         public string RMKeyVaultModule { get; private set; }
 
         private void LogIfNotNull(string message)
@@ -393,15 +363,19 @@ public void SetupAzureEnvironmentFromEnvironmentVariables(AzureModule mode)
                 ResourceManagerUrl = currentEnvironment.Endpoints.ResourceManagementUri.AbsoluteUri,
                 ServiceManagementUrl = currentEnvironment.Endpoints.ServiceManagementUri.AbsoluteUri,
                 GalleryUrl = currentEnvironment.Endpoints.GalleryUri?.AbsoluteUri,
-                AzureDataLakeAnalyticsCatalogAndJobEndpointSuffix = currentEnvironment.Endpoints.DataLakeAnalyticsJobAndCatalogServiceUri.OriginalString.Replace("https://", ""), // because it is just a sufix
-                AzureDataLakeStoreFileSystemEndpointSuffix = currentEnvironment.Endpoints.DataLakeStoreServiceUri.OriginalString.Replace("https://", ""), // because it is just a sufix
+                AzureDataLakeAnalyticsCatalogAndJobEndpointSuffix = currentEnvironment.Endpoints.DataLakeAnalyticsJobAndCatalogServiceUri.OriginalString.Replace("https://", ""),
+                AzureDataLakeStoreFileSystemEndpointSuffix = currentEnvironment.Endpoints.DataLakeStoreServiceUri.OriginalString.Replace("https://", ""),
                 StorageEndpointSuffix = AzureEnvironmentConstants.AzureStorageEndpointSuffix,
                 AzureKeyVaultDnsSuffix = AzureEnvironmentConstants.AzureKeyVaultDnsSuffix,
                 AzureKeyVaultServiceEndpointResourceId = AzureEnvironmentConstants.AzureKeyVaultServiceEndpointResourceId
             };
             testEnvironment.ExtendedProperties.SetProperty(AzureEnvironment.ExtendedEndpoint.MicrosoftGraphUrl, currentEnvironment.Endpoints.GraphUri.AbsoluteUri);
-            testEnvironment.ExtendedProperties.SetProperty(AzureEnvironment.ExtendedEndpoint.OperationalInsightsEndpoint, "https://api.loganalytics.io/v1");
-            testEnvironment.ExtendedProperties.SetProperty(AzureEnvironment.ExtendedEndpoint.OperationalInsightsEndpointResourceId, "https://api.loganalytics.io");
+            testEnvironment.ExtendedProperties.SetProperty(AzureEnvironment.ExtendedEndpoint.AzureAttestationServiceEndpointSuffix, AzureEnvironmentConstants.AzureAttestationServiceEndpointSuffix);
+            testEnvironment.ExtendedProperties.SetProperty(AzureEnvironment.ExtendedEndpoint.AzureAttestationServiceEndpointResourceId, AzureEnvironmentConstants.AzureAttestationServiceEndpointResourceId);
+            testEnvironment.ExtendedProperties.SetProperty(AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointSuffix, AzureEnvironmentConstants.AzureSynapseAnalyticsEndpointSuffix);
+            testEnvironment.ExtendedProperties.SetProperty(AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId, AzureEnvironmentConstants.AzureSynapseAnalyticsEndpointResourceId);
+            testEnvironment.ExtendedProperties.SetProperty(AzureEnvironment.ExtendedEndpoint.OperationalInsightsEndpoint, AzureEnvironmentConstants.AzureOperationalInsightsEndpoint);
+            testEnvironment.ExtendedProperties.SetProperty(AzureEnvironment.ExtendedEndpoint.OperationalInsightsEndpointResourceId, AzureEnvironmentConstants.AzureOperationalInsightsEndpointResourceId);
             if (!AzureRmProfileProvider.Instance.GetProfile<AzureRmProfile>().EnvironmentTable.ContainsKey(TestFxEnvironmentName))
             {
                 AzureRmProfileProvider.Instance.GetProfile<AzureRmProfile>().EnvironmentTable[TestFxEnvironmentName] = testEnvironment;
@@ -441,12 +415,13 @@ public void SetupAzureEnvironmentFromEnvironmentVariables(AzureModule mode)
             testAccount.SetSubscriptions(currentEnvironment.SubscriptionId);
             testAccount.SetTenants(currentEnvironment.TenantId);
 
+            AzureRmProfileProvider.Instance.Profile = new AzureRmProfile(Path.Combine(AzureSession.Instance.ProfileDirectory, AzureSession.Instance.ProfileFile));
             AzureRmProfileProvider.Instance.Profile.DefaultContext = new AzureContext(testSubscription, testAccount, testEnvironment, testTenant);
         }
 
         private void SetAuthenticationFactory(TestEnvironment environment)
         {
-            if (environment.TokenInfo.ContainsKey(TokenAudience.Management))
+            if (environment.IsRunningMocked)
             {
                 var httpMessage = new HttpRequestMessage();
                 environment.TokenInfo[TokenAudience.Management]