Exercises the Microsoft Graph API v1.0 to ensure Application passwords are reliably persisted.
This test issues parallel requests to the MS Graph API addPassword endpoint in parallel and ensures that every successful password created is persisted by Azure.
To run this test the following environment variables MUST be set:
TENANT_ID
- The Azure tenantSUBSCRIPTION_ID
- The Azure subscriptionCLIENT_ID
- The application (client) ID. Note the permission requirements below.CLIENT_SECRET
- The application passwordSUT_APPLICATION_OBJECT_ID
- The Subject Under Test application object ID (i.e. the application for which passwords will be added)
Optionally, the following can be set:
RETRY_ATTEMPTS
- Specifies the number of HTTP retry attempts for each request. Defaults to 3 per theAzure/go-autorest
library.PARALLEL_REQUESTS
- The number of paralleladdPassword
requests to send to MS Graph API. Defaults to 20.
The MS Graph API docs highlight the possible API Permissions that can be used for the application which is creating the passwords. Application.ReadWrite.All
will suffice. Be sure to grant consent to the permission on the application.
Set your environments variables (see above) and then call make test
.
- Frequently, especially with larger numbers (i.e. > 10) of parallel requests to
addPassword
, a response reports successful password creation, however, that password is not associated with the application when reading back all the password credentials. - At greater than ~5 parallel requests we see responses slow down significantly.
- At greater than ~15 parallel requests we start seeing HTTP 503 responses. The
go-autorest
automatically handles retries, the default is 3. Setting the retry count to 0 makes this problem even more apparent even at ~5 parallel requests. - In rare instances an HTTP 500 has been returned.