CR suggestions

sfc-gh-dheyman · sfc-gh-dheyman · commit 65eca0d40ed1 · 2025-04-15T16:15:11.000+02:00
diff --git a/src/test/java/net/snowflake/client/core/auth/wif/AzureIdentityAttestationCreatorLatestIT.java b/src/test/java/net/snowflake/client/core/auth/wif/AzureIdentityAttestationCreatorLatestIT.java
@@ -46,6 +46,16 @@ public class AzureIdentityAttestationCreatorLatestIT extends BaseWiremockTest {
   private static final String SUCCESSFUL_FLOW_AZURE_FUNCTIONS_NO_CLIENT_ID_SCENARIO_MAPPINGS =
       SCENARIOS_BASE_DIR + "/successful_flow_azure_functions_no_client_id.json";
 
+  /*
+   * {
+   *     "iss": "https://sts.windows.net/fa15d692-e9c7-4460-a743-29f29522229/",
+   *     "sub": "77213E30-E8CB-4595-B1B6-5F050E8308FD"
+   * }
+   */
+  private static final String
+      SUCCESSFUL_FLOW_AZURE_FUNCTIONS_CUSTOM_ENTRA_RESOURCE_SCENARIO_MAPPINGS =
+          SCENARIOS_BASE_DIR + "/successful_flow_azure_functions_custom_entra_resource.json";
+
   /*
    * {
    *     "iss": "https://not.azure.sts.issuer.com",
@@ -104,7 +114,7 @@ public void successfulFlowAzureFunctionsScenario() {
     executeAndAssertCorrectAttestation(attestationServiceSpy, loginInput);
   }
 
-  // @Test // TODO: Confirm this scenario on actual VM environment
+  @Test
   public void successfulFlowAzureFunctionsNoClientIdScenario() {
     importMappingFromResources(SUCCESSFUL_FLOW_AZURE_FUNCTIONS_NO_CLIENT_ID_SCENARIO_MAPPINGS);
     SFLoginInput loginInput = createLoginInputStub();
@@ -118,6 +128,22 @@ public void successfulFlowAzureFunctionsNoClientIdScenario() {
     executeAndAssertCorrectAttestation(attestationServiceSpy, loginInput);
   }
 
+  @Test
+  public void successfulFlowAzureFunctionsCustomEntraResourceScenario() {
+    importMappingFromResources(
+        SUCCESSFUL_FLOW_AZURE_FUNCTIONS_CUSTOM_ENTRA_RESOURCE_SCENARIO_MAPPINGS);
+    SFLoginInput loginInput = createLoginInputStub();
+    loginInput.setWorkloadIdentityEntraResource("api://1111111-2222-3333-44444-55555555");
+    AzureAttestationService attestationServiceSpy = Mockito.spy(AzureAttestationService.class);
+    Mockito.when(attestationServiceSpy.getIdentityEndpoint())
+        .thenReturn(getBaseUrl() + "metadata/identity/endpoint/from/env");
+    Mockito.when(attestationServiceSpy.getIdentityHeader())
+        .thenReturn("some-identity-header-from-env");
+    Mockito.when(attestationServiceSpy.getClientId()).thenReturn("managed-client-id-from-env");
+
+    executeAndAssertCorrectAttestation(attestationServiceSpy, loginInput);
+  }
+
   @Test
   public void azureFunctionsFlowErrorNoIdentityHeader() {
     SFLoginInput loginInput = createLoginInputStub();
@@ -210,7 +236,6 @@ private SFLoginInput createLoginInputStub() {
     SFLoginInput loginInputStub = new SFLoginInput();
     loginInputStub.setSocketTimeout(Duration.ofMinutes(5));
     loginInputStub.setHttpClientSettingsKey(new HttpClientSettingsKey(OCSPMode.FAIL_OPEN));
-    loginInputStub.setWorkloadIdentityEntraResource("api://f4e4c08b-548a-41b8-a410-49b9eb33c527");
     return loginInputStub;
   }
 }
diff --git a/src/test/resources/wiremock/mappings/wif/azure/http_error.json b/src/test/resources/wiremock/mappings/wif/azure/http_error.json
@@ -8,7 +8,7 @@
             "equalTo": "2018-02-01"
           },
           "resource": {
-            "equalTo": "api://f4e4c08b-548a-41b8-a410-49b9eb33c527"
+            "equalTo": "api://fd3f753b-eed3-462c-b6a7-a4b5bb650aad"
           }
         },
         "method": "GET",
diff --git a/src/test/resources/wiremock/mappings/wif/azure/invalid_issuer_flow.json b/src/test/resources/wiremock/mappings/wif/azure/invalid_issuer_flow.json
@@ -8,7 +8,7 @@
             "equalTo": "2018-02-01"
           },
           "resource": {
-            "equalTo": "api://f4e4c08b-548a-41b8-a410-49b9eb33c527"
+            "equalTo": "api://fd3f753b-eed3-462c-b6a7-a4b5bb650aad"
           }
         },
         "method": "GET",
diff --git a/src/test/resources/wiremock/mappings/wif/azure/missing_issuer_claim.json b/src/test/resources/wiremock/mappings/wif/azure/missing_issuer_claim.json
@@ -8,7 +8,7 @@
             "equalTo": "2018-02-01"
           },
           "resource": {
-            "equalTo": "api://f4e4c08b-548a-41b8-a410-49b9eb33c527"
+            "equalTo": "api://fd3f753b-eed3-462c-b6a7-a4b5bb650aad"
           }
         },
         "method": "GET",
diff --git a/src/test/resources/wiremock/mappings/wif/azure/missing_sub_claim.json b/src/test/resources/wiremock/mappings/wif/azure/missing_sub_claim.json
@@ -8,7 +8,7 @@
             "equalTo": "2018-02-01"
           },
           "resource": {
-            "equalTo": "api://f4e4c08b-548a-41b8-a410-49b9eb33c527"
+            "equalTo": "api://fd3f753b-eed3-462c-b6a7-a4b5bb650aad"
           }
         },
         "method": "GET",
diff --git a/src/test/resources/wiremock/mappings/wif/azure/non_json_response.json b/src/test/resources/wiremock/mappings/wif/azure/non_json_response.json
@@ -8,7 +8,7 @@
             "equalTo": "2018-02-01"
           },
           "resource": {
-            "equalTo": "api://f4e4c08b-548a-41b8-a410-49b9eb33c527"
+            "equalTo": "api://fd3f753b-eed3-462c-b6a7-a4b5bb650aad"
           }
         },
         "method": "GET",
diff --git a/src/test/resources/wiremock/mappings/wif/azure/successful_flow_azure_functions.json b/src/test/resources/wiremock/mappings/wif/azure/successful_flow_azure_functions.json
@@ -8,7 +8,7 @@
             "equalTo": "2019-08-01"
           },
           "resource": {
-            "equalTo": "api://f4e4c08b-548a-41b8-a410-49b9eb33c527"
+            "equalTo": "api://fd3f753b-eed3-462c-b6a7-a4b5bb650aad"
           },
           "client_id": {
             "equalTo": "managed-client-id-from-env"
diff --git a/src/test/resources/wiremock/mappings/wif/azure/successful_flow_azure_functions_custom_entra_resource.json b/src/test/resources/wiremock/mappings/wif/azure/successful_flow_azure_functions_custom_entra_resource.json
@@ -0,0 +1,32 @@
+{
+  "mappings": [
+    {
+      "request": {
+        "urlPattern": "/metadata/identity/endpoint/from/env.*",
+        "queryParameters": {
+          "api-version": {
+            "equalTo": "2019-08-01"
+          },
+          "resource": {
+            "equalTo": "api://1111111-2222-3333-44444-55555555"
+          },
+          "client_id": {
+            "equalTo": "managed-client-id-from-env"
+          }
+        },
+        "method": "GET",
+        "headers": {
+          "X-IDENTITY-HEADER": {
+            "equalTo": "some-identity-header-from-env"
+          }
+        }
+      },
+      "response": {
+        "status": 200,
+        "jsonBody": {
+          "access_token": "eyJ0eXAiOiJhdCtqd3QiLCJhbGciOiJFUzI1NiIsImtpZCI6Ijk0ZGI4N2NiMjdmNjdjZDA1Zjk5OTlkZjMwNjg1NmQ4In0.eyJhdWQiOiJhcGkxIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvZmExNWQ2OTItZTljNy00NDYwLWE3NDMtMjlmMjk1MjIyMjkvIiwic3ViIjoiNzcyMTNFMzAtRThDQi00NTk1LUIxQjYtNUYwNTBFODMwOEZEIiwiZXhwIjoxNzQ0NzE2MDUxLCJpYXQiOjE3NDQ3MTI0NTEsImp0aSI6Ijg3MTMzNzcwMDk0MTZmYmFhNDM0MmFkMjMxZGUwMDBkIn0.C5jTYoybRs5YF5GvPgoDq4WK5U9-gDzh_N3IPaqEBI0IifdYSWpKQ72v3UISnVpp7Fc46C-ZC8kijUGe3IU9zA"
+        }
+      }
+    }
+  ]
+}
diff --git a/src/test/resources/wiremock/mappings/wif/azure/successful_flow_azure_functions_no_client_id.json b/src/test/resources/wiremock/mappings/wif/azure/successful_flow_azure_functions_no_client_id.json
@@ -8,7 +8,7 @@
             "equalTo": "2019-08-01"
           },
           "resource": {
-            "equalTo": "api://f4e4c08b-548a-41b8-a410-49b9eb33c527"
+            "equalTo": "api://fd3f753b-eed3-462c-b6a7-a4b5bb650aad"
           }
         },
         "method": "GET",
diff --git a/src/test/resources/wiremock/mappings/wif/azure/successful_flow_basic.json b/src/test/resources/wiremock/mappings/wif/azure/successful_flow_basic.json
@@ -8,7 +8,7 @@
             "equalTo": "2018-02-01"
           },
           "resource": {
-            "equalTo": "api://f4e4c08b-548a-41b8-a410-49b9eb33c527"
+            "equalTo": "api://fd3f753b-eed3-462c-b6a7-a4b5bb650aad"
           }
         },
         "method": "GET",
diff --git a/src/test/resources/wiremock/mappings/wif/azure/unparsable_token.json b/src/test/resources/wiremock/mappings/wif/azure/unparsable_token.json
@@ -8,7 +8,7 @@
             "equalTo": "2018-02-01"
           },
           "resource": {
-            "equalTo": "api://f4e4c08b-548a-41b8-a410-49b9eb33c527"
+            "equalTo": "api://fd3f753b-eed3-462c-b6a7-a4b5bb650aad"
           }
         },
         "method": "GET",

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`"equalTo": "2018-02-01"`
`9`	`9`	`},`
`10`	`10`	`"resource": {`
`11`		`- "equalTo": "api://f4e4c08b-548a-41b8-a410-49b9eb33c527"`
	`11`	`+ "equalTo": "api://fd3f753b-eed3-462c-b6a7-a4b5bb650aad"`
`12`	`12`	`}`
`13`	`13`	`},`
`14`	`14`	`"method": "GET",`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`"equalTo": "2019-08-01"`
`9`	`9`	`},`
`10`	`10`	`"resource": {`
`11`		`- "equalTo": "api://f4e4c08b-548a-41b8-a410-49b9eb33c527"`
	`11`	`+ "equalTo": "api://fd3f753b-eed3-462c-b6a7-a4b5bb650aad"`
`12`	`12`	`}`
`13`	`13`	`},`
`14`	`14`	`"method": "GET",`