Support data plane RBAC for E2E tests. (#2176)

* Acquire token for NoSQL account prior to running tests. * Change client id to user assigned managed identity. * Change to use managed identity. Add token variables for gremlin and tables. * Add RBAC details to test README. * Add token for SQL readonly database. Skip resource token tests when RBAC enabled. * Use hardcoded account name for sql readonly. * Use specific tag for sql readonly. * Remove comment.
2025-12-19 08:51:24 +00:00 · 2025-08-05 10:59:57 -07:00
parent 870863a723
commit 0ef4399ba4
9 changed files with 166 additions and 34 deletions
--- a/test/sql/resourceToken.spec.ts
+++ b/test/sql/resourceToken.spec.ts
@@ -2,6 +2,7 @@ import { expect, test } from "@playwright/test";

 import { CosmosDBManagementClient } from "@azure/arm-cosmosdb";
 import { CosmosClient, PermissionMode } from "@azure/cosmos";
+import { AzureIdentityCredentialAdapter } from "@azure/ms-rest-js";
 import {
  DataExplorer,
  TestAccount,
@@ -13,8 +14,12 @@ import {
 } from "../fx";

 test("SQL account using Resource token", async ({ page }) => {
+  const nosqlAccountRbacToken = process.env.NOSQL_TESTACCOUNT_TOKEN || "";
+  test.skip(nosqlAccountRbacToken.length > 0, "Resource tokens not supported when using data plane RBAC.");
+
  const credentials = getAzureCLICredentials();
-  const armClient = new CosmosDBManagementClient(credentials, subscriptionId);
+  const adaptedCredentials = new AzureIdentityCredentialAdapter(credentials);
+  const armClient = new CosmosDBManagementClient(adaptedCredentials, subscriptionId);
  const accountName = getAccountName(TestAccount.SQL);
  const account = await armClient.databaseAccounts.get(resourceGroupName, accountName);
  const keys = await armClient.databaseAccounts.listKeys(resourceGroupName, accountName);