From 2175c152b4397a628070c2c44a685de2e71ee169 Mon Sep 17 00:00:00 2001
From: atakavci <a_takavci@yahoo.com>
Date: Wed, 11 Dec 2024 17:20:45 +0300
Subject: [PATCH] - fix config for managedIdentity - set audiences with scopes
 - managed identity tests

---
 .../authentication/EntraIDTestContext.java    | 13 ++-
 .../RedisEntraIDIntegrationTests.java         | 40 ---------
 ...ntraIDManagedIdentityIntegrationTests.java | 81 +++++++++++++++++++
 3 files changed, 93 insertions(+), 41 deletions(-)
 create mode 100644 src/test/java/redis/clients/jedis/authentication/RedisEntraIDManagedIdentityIntegrationTests.java

diff --git a/src/test/java/redis/clients/jedis/authentication/EntraIDTestContext.java b/src/test/java/redis/clients/jedis/authentication/EntraIDTestContext.java
index e0cde9cfef..b58ee2fd21 100644
--- a/src/test/java/redis/clients/jedis/authentication/EntraIDTestContext.java
+++ b/src/test/java/redis/clients/jedis/authentication/EntraIDTestContext.java
@@ -18,6 +18,7 @@ public class EntraIDTestContext {
   private static final String AZURE_PRIVATE_KEY = "AZURE_PRIVATE_KEY";
   private static final String AZURE_CERT = "AZURE_CERT";
   private static final String AZURE_REDIS_SCOPES = "AZURE_REDIS_SCOPES";
+  private static final String AZURE_USER_ASSIGNED_MANAGED_ID = "AZURE_USER_ASSIGNED_MANAGED_ID";
 
   private String clientId;
   private String authority;
@@ -25,6 +26,7 @@ public class EntraIDTestContext {
   private PrivateKey privateKey;
   private X509Certificate cert;
   private Set<String> redisScopes;
+  private String userAssignedManagedIdentity;
 
   public static final EntraIDTestContext DEFAULT = new EntraIDTestContext();
 
@@ -32,14 +34,19 @@ private EntraIDTestContext() {
     clientId = System.getenv(AZURE_CLIENT_ID);
     authority = System.getenv(AZURE_AUTHORITY);
     clientSecret = System.getenv(AZURE_CLIENT_SECRET);
+    userAssignedManagedIdentity = System.getenv(AZURE_USER_ASSIGNED_MANAGED_ID);
   }
 
   public EntraIDTestContext(String clientId, String authority, String clientSecret,
-      Set<String> redisScopes) {
+      PrivateKey privateKey, X509Certificate cert, Set<String> redisScopes,
+      String userAssignedManagedIdentity) {
     this.clientId = clientId;
     this.authority = authority;
     this.clientSecret = clientSecret;
+    this.privateKey = privateKey;
+    this.cert = cert;
     this.redisScopes = redisScopes;
+    this.userAssignedManagedIdentity = userAssignedManagedIdentity;
   }
 
   public String getClientId() {
@@ -76,6 +83,10 @@ public Set<String> getRedisScopes() {
     return redisScopes;
   }
 
+  public String getUserAssignedManagedIdentity() {
+    return userAssignedManagedIdentity;
+  }
+
   private PrivateKey getPrivateKey(String privateKey) {
     try {
       // Decode the base64 encoded key into a byte array
diff --git a/src/test/java/redis/clients/jedis/authentication/RedisEntraIDIntegrationTests.java b/src/test/java/redis/clients/jedis/authentication/RedisEntraIDIntegrationTests.java
index b6010ca28f..d57e0da3d2 100644
--- a/src/test/java/redis/clients/jedis/authentication/RedisEntraIDIntegrationTests.java
+++ b/src/test/java/redis/clients/jedis/authentication/RedisEntraIDIntegrationTests.java
@@ -49,7 +49,6 @@
 import redis.clients.authentication.entraid.EntraIDIdentityProvider;
 import redis.clients.authentication.entraid.EntraIDIdentityProviderConfig;
 import redis.clients.authentication.entraid.EntraIDTokenAuthConfigBuilder;
-import redis.clients.authentication.entraid.ManagedIdentityInfo.UserManagedIdentityType;
 import redis.clients.authentication.entraid.ServicePrincipalInfo;
 import redis.clients.jedis.Connection;
 import redis.clients.jedis.DefaultJedisClientConfig;
@@ -116,45 +115,6 @@ public void testJedisConfig() {
     }
   }
 
-  // T.1.1
-  // Verify authentication using Azure AD with managed identities
-  // @Test
-  public void withUserAssignedId_azureManagedIdentityIntegrationTest() {
-    TokenAuthConfig tokenAuthConfig = EntraIDTokenAuthConfigBuilder.builder()
-        .clientId(testCtx.getClientId())
-        .userAssignedManagedIdentity(UserManagedIdentityType.CLIENT_ID, "userManagedAuthxId")
-        .authority(testCtx.getAuthority()).scopes(testCtx.getRedisScopes()).build();
-
-    DefaultJedisClientConfig jedisConfig = DefaultJedisClientConfig.builder()
-        .authXManager(new AuthXManager(tokenAuthConfig)).build();
-
-    try (JedisPooled jedis = new JedisPooled(hnp, jedisConfig)) {
-      String key = UUID.randomUUID().toString();
-      jedis.set(key, "value");
-      assertEquals("value", jedis.get(key));
-      jedis.del(key);
-    }
-  }
-
-  // T.1.1
-  // Verify authentication using Azure AD with managed identities
-  // @Test
-  public void withSystemAssignedId_azureManagedIdentityIntegrationTest() {
-    TokenAuthConfig tokenAuthConfig = EntraIDTokenAuthConfigBuilder.builder()
-        .clientId(testCtx.getClientId()).systemAssignedManagedIdentity()
-        .authority(testCtx.getAuthority()).scopes(testCtx.getRedisScopes()).build();
-
-    DefaultJedisClientConfig jedisConfig = DefaultJedisClientConfig.builder()
-        .authXManager(new AuthXManager(tokenAuthConfig)).build();
-
-    try (JedisPooled jedis = new JedisPooled(hnp, jedisConfig)) {
-      String key = UUID.randomUUID().toString();
-      jedis.set(key, "value");
-      assertEquals("value", jedis.get(key));
-      jedis.del(key);
-    }
-  }
-
   // T.1.1
   // Verify authentication using Azure AD with service principals
   @Test
diff --git a/src/test/java/redis/clients/jedis/authentication/RedisEntraIDManagedIdentityIntegrationTests.java b/src/test/java/redis/clients/jedis/authentication/RedisEntraIDManagedIdentityIntegrationTests.java
new file mode 100644
index 0000000000..7e305ab766
--- /dev/null
+++ b/src/test/java/redis/clients/jedis/authentication/RedisEntraIDManagedIdentityIntegrationTests.java
@@ -0,0 +1,81 @@
+package redis.clients.jedis.authentication;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.Collections;
+import java.util.Set;
+import java.util.UUID;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import redis.clients.authentication.core.TokenAuthConfig;
+import redis.clients.authentication.entraid.EntraIDTokenAuthConfigBuilder;
+import redis.clients.authentication.entraid.ManagedIdentityInfo.UserManagedIdentityType;
+import redis.clients.jedis.DefaultJedisClientConfig;
+import redis.clients.jedis.EndpointConfig;
+import redis.clients.jedis.HostAndPort;
+import redis.clients.jedis.HostAndPorts;
+import redis.clients.jedis.JedisPooled;
+
+public class RedisEntraIDManagedIdentityIntegrationTests {
+  private static final Logger log = LoggerFactory.getLogger(RedisEntraIDIntegrationTests.class);
+
+  private static EntraIDTestContext testCtx;
+  private static EndpointConfig endpointConfig;
+  private static HostAndPort hnp;
+  private static Set<String> managedIdentityAudience = Collections
+      .singleton("https://redis.azure.com");
+
+  @BeforeClass
+  public static void before() {
+    try {
+      testCtx = EntraIDTestContext.DEFAULT;
+      endpointConfig = HostAndPorts.getRedisEndpoint("standalone-entraid-acl");
+      hnp = endpointConfig.getHostAndPort();
+    } catch (IllegalArgumentException e) {
+      log.warn("Skipping test because no Redis endpoint is configured");
+      org.junit.Assume.assumeTrue(false);
+    }
+  }
+
+  // T.1.1
+  // Verify authentication using Azure AD with managed identities
+  @Test
+  public void withUserAssignedId_azureManagedIdentityIntegrationTest() {
+    TokenAuthConfig tokenAuthConfig = EntraIDTokenAuthConfigBuilder.builder()
+        .userAssignedManagedIdentity(UserManagedIdentityType.OBJECT_ID,
+          testCtx.getUserAssignedManagedIdentity())
+        .scopes(managedIdentityAudience).build();
+
+    DefaultJedisClientConfig jedisConfig = DefaultJedisClientConfig.builder()
+        .authXManager(new AuthXManager(tokenAuthConfig)).build();
+
+    try (JedisPooled jedis = new JedisPooled(hnp, jedisConfig)) {
+      String key = UUID.randomUUID().toString();
+      jedis.set(key, "value");
+      assertEquals("value", jedis.get(key));
+      jedis.del(key);
+    }
+  }
+
+  // T.1.1
+  // Verify authentication using Azure AD with managed identities
+  @Test
+  public void withSystemAssignedId_azureManagedIdentityIntegrationTest() {
+    TokenAuthConfig tokenAuthConfig = EntraIDTokenAuthConfigBuilder.builder()
+        .systemAssignedManagedIdentity().scopes(managedIdentityAudience).build();
+
+    DefaultJedisClientConfig jedisConfig = DefaultJedisClientConfig.builder()
+        .authXManager(new AuthXManager(tokenAuthConfig)).build();
+
+    try (JedisPooled jedis = new JedisPooled(hnp, jedisConfig)) {
+      String key = UUID.randomUUID().toString();
+      jedis.set(key, "value");
+      assertEquals("value", jedis.get(key));
+      jedis.del(key);
+    }
+  }
+}