dotnet · dauinsight · Jul 8, 2024 · Jul 8, 2024 · Jul 8, 2024 · Jul 8, 2024
@@ -171,6 +171,8 @@ Manual Tests require the below setup to run:
   |TCPConnectionStringAASSGX | (Optional) Connection String for a TCP enabled SQL Server with a SGX Enclave and using Microsoft Azure Attestation (AAS) attestation protocol configuration. | `Server=tcp:{servername}; Database={Database_Name}; UID={UID}; PWD={PWD}; Attestation Protocol = AAS; Enclave Attestation Url = {AttestationURL};`|
   |EnclaveEnabled | Enables tests requiring an enclave-configured server.|
   |TracingEnabled | Enables EventSource related tests |
+  |UseAccessTokenAuth | (Optional) Enables access token authentication to the database for tests.
+  |AADAccessToken | (Optional) Access token for authentication to the database.
   |AADAuthorityURL | (Optional) Identifies the OAuth2 authority resource for `Server` specified in `AADPasswordConnectionString` | `https://login.windows.net/<tenant>`, where `<tenant>` is the tenant ID of the Azure Active Directory (Azure AD) tenant |
   |AADPasswordConnectionString | (Optional) Connection String for testing Azure Active Directory Password Authentication. | `Data Source={server.database.windows.net}; Initial Catalog={Azure_DB_Name};Authentication=Active Directory Password; User ID={AAD_User}; Password={AAD_User_Password};`|
   |AADSecurePrincipalId | (Optional) The Application Id of a registered application which has been granted permission to the database defined in the AADPasswordConnectionString. | {Application ID} |

@@ -85,6 +85,16 @@ jobs:
   - ${{ if ne(parameters.prebuildSteps, '') }}:
     - ${{ parameters.prebuildSteps }} # extra steps to run before the build like downloading sni and the required configuration
 
+  - ${{ if parameters.configProperties.UseAccessTokenAuth }}:
+    - task: AzureCLI@2
+      inputs:
+        azureSubscription: ADO.Net-UAMI
+        scriptType: 'pscore'
+        scriptLocation: 'inlineScript'
+        inlineScript: |
+            $token = az account get-access-token --query accessToken --resource https://database.windows.net/ -o tsv
+            Write-Host "##vso[task.setvariable variable=UAMI_Access_Token;issecret=true;]$token"
+
   - ${{ if ne(parameters.configProperties, '{}') }}:
     - template: ../steps/update-config-file-step.yml@self # update config.json file
       parameters:
@@ -94,6 +104,9 @@ jobs:
           TCPConnectionString: ${{ parameters.configProperties.TCPConnectionString }}
         ${{ if parameters.configProperties.NPConnectionString }}:
           NPConnectionString: ${{ parameters.configProperties.NPConnectionString }}
+        ${{ if parameters.configProperties.UseAccessTokenAuth }}:
+          UseAccessTokenAuth: ${{ parameters.configProperties.UseAccessTokenAuth }}
+          AADAccessToken: $(UAMI_Access_Token)
         ${{ if parameters.configProperties.AADAuthorityURL }}:
           AADAuthorityURL: ${{ parameters.configProperties.AADAuthorityURL }}
         ${{ if parameters.configProperties.TCPConnectionStringHGSVBS }}:

@@ -35,7 +35,15 @@ parameters:
   - name: TracingEnabled
     type: boolean
     default: false
+
+  - name: UseAccessTokenAuth
+    type: boolean
+    default: false
 
+  - name: AADAccessToken
+    type: string
+    default: ''
+
   - name: AADAuthorityURL
     type: string
     default: ''
@@ -134,6 +142,10 @@ steps:
 
         $p.NPConnectionString="${{parameters.NPConnectionString }}"
 
+        $p.UseAccessTokenAuth="${{parameters.UseAccessTokenAuth}}"
+
+        $p.AADAccessToken="${{parameters.AADAccessToken}}"
+
         $p.AADAuthorityURL="${{parameters.AADAuthorityURL }}"
 
         $p.AADPasswordConnectionString="${{parameters.AADPasswordConnectionString }}"

@@ -386,3 +386,4 @@ stages:
             ManagedIdentitySupported: false
             LocalDbAppName: $(LocalDbAppName)
             LocalDbSharedInstanceName: $(LocalDbSharedInstanceName)
+            UseAccessTokenAuth: true
@@ -35,7 +35,7 @@ public void TestEncryptDecryptWithAKV()
                 AttestationProtocol = SqlConnectionAttestationProtocol.NotSpecified,
                 EnclaveAttestationUrl = ""
             };
-            using SqlConnection sqlConnection = new (builder.ConnectionString);
+            using SqlConnection sqlConnection = DataTestUtility.GetSqlConnection(builder.ConnectionString);
 
             sqlConnection.Open();
             Customer customer = new(45, "Microsoft", "Corporation");
@@ -84,7 +84,7 @@ public void TestLocalCekCacheIsScopedToProvider()
                 EnclaveAttestationUrl = ""
             };
 
-            using SqlConnection sqlConnection = new(builder.ConnectionString);
+            using SqlConnection sqlConnection = DataTestUtility.GetSqlConnection(builder.ConnectionString);
 
             sqlConnection.Open();
 

@@ -246,7 +246,7 @@ public static void CekCacheShouldBeDisabledWhenCustomProviderIsRegisteredGloball
         {
             if (SQLSetupStrategyAzureKeyVault.IsAKVProviderRegistered)
             {
-                SqlConnection conn = new();
+                SqlConnection conn = DataTestUtility.GetSqlConnection();
                 FieldInfo globalCacheField = conn.GetType().GetField(
                     "s_globalCustomColumnEncryptionKeyStoreProviders", BindingFlags.Static | BindingFlags.NonPublic);
                 IReadOnlyDictionary<string, SqlColumnEncryptionKeyStoreProvider> globalProviders =