add unit tests for checking azure Entra ID requests

add CI support for running some tests against live azure

.github/workflows/ci-azure.yml

@@ -0,0 +1,119 @@
+name: CI Azure
+on:
+  workflow_call:
+    inputs:
+      ci_backend:
+        description: 'Name of the job backend/target'
+        default: ''
+        required: false
+        type: string
+      ci_option:
+        description: 'Name of the job option for display'
+        default: ''
+        required: false
+        type: string
+      bootstrap_args:
+        default: ''
+        required: false
+        type: string
+      matrix_image:
+        default: ''
+        required: true
+        type: string
+
+env:
+  bootstrap_args: "--enable-ccache --vcpkg-base-triplet=x64-${{ startsWith(inputs.matrix_image, 'ubuntu-') && 'linux' || 'osx' }} ${{ inputs.bootstrap_args }}"
+  VCPKG_BINARY_SOURCES: 'clear;x-gha,readwrite'
+  SCCACHE_GHA_ENABLED: "true"
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        os:
+          - ${{ inputs.matrix_image }}
+    runs-on: ${{matrix.os}}
+
+    name: ${{matrix.os}} - ${{ inputs.ci_backend }}${{ inputs.ci_option }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+            submodules: true
+            fetch-depth: 0
+
+      # Configure required environment variables for vcpkg to use
+      # GitHub's Action Cache
+      - uses: actions/github-script@v6
+        with:
+          script: |
+            core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
+            core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');
+
+      - name: Prevent vpckg from building debug variants
+        run: python ./scripts/ci/patch_vcpkg_triplets.py
+
+      - name: Setup sccache
+        uses: mozilla-actions/[email protected]
+
+      - name: 'Configure libtiledb'
+        id: configure
+        shell: bash
+        run: |
+          set -e pipefail
+
+          # Show CMake Version
+          cmake --version
+
+          source $GITHUB_WORKSPACE/scripts/ci/bootstrap_libtiledb.sh
+
+      - name: 'Build libtiledb'
+        id: build
+        shell: bash
+        run: |
+          set -e pipefail
+
+          #####################################################
+          # Build libtiledb using previous bootstrap
+
+          source $GITHUB_WORKSPACE/scripts/ci/build_libtiledb.sh
+
+      - name: 'Az CLI login'
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: 'Test libtiledb'
+        id: test
+        shell: bash
+        env:
+          VCPKG_TARGET_TRIPLET: ${{ runner.os == 'Linux' && 'x64-linux' || 'x64-osx' }}
+        run: |
+          set -e pipefail
+
+          #####################################################
+          # Jump to our build directory after starting object
+          # store mock servers
+
+          cd $GITHUB_WORKSPACE/build
+
+          ###################################################
+          # Run tests
+
+          # Bypass Catch2 Framework stdout interception with awk on test output
+          ./tiledb/test/tiledb_unit -d yes "[ci_only][vfs][azure_entra]" | awk '/1: ::set-output/{sub(/.*1: /, ""); print; next} 1'
+
+      - name: 'Test status check'
+        run: |
+          # tiledb_unit is configured to set a  variable TILEDB_CI_SUCCESS=1
+          # following the test run. If this variable is not set, the build should fail.
+          # see https://github.com/TileDB-Inc/TileDB/pull/1400 (5f0623f4d3)
+          if [[ "${{ steps.test.outputs.TILEDB_CI_SUCCESS }}" -ne 1 ]]; then
+            exit 1;
+          fi
+
+      - name: "Print log files (failed build only)"
+        run: |
+          source $GITHUB_WORKSPACE/scripts/ci/print_logs.sh
+        if: ${{ failure() }} # only run this job if the build step failed

.github/workflows/full-ci.yml

@@ -129,6 +129,13 @@ jobs:
   ci_docker:
     uses: ./.github/workflows/build-dockerfile.yml
 
+  ci_real_azure:
+    uses: ./.github/workflows/ci-azure.yml
+    with:
+      ci_backend: AZURE
+      matrix_image: ubuntu-22.04
+      bootstrap_args: '--enable-azure --enable-release-symbols'
+
   # dummy job for branch protection check
   full_ci_passed:
     needs: [
@@ -145,7 +152,8 @@ jobs:
         ci_manylinux,
         ci_msvc,
         backward_compatibility,
-        standalone
+        standalone,
+        ci_real_azure
       ]
     runs-on: ubuntu-22.04
     steps:

test/src/unit-vfs.cc

@@ -535,6 +535,50 @@ TEMPLATE_LIST_TEST_CASE("VFS: File I/O", "[vfs][uri][file_io]", AllBackends) {
   }
 }
 
+TEST_CASE(
+    "VFS: Test Azure EntraID auth", "[.][ci_only][vfs][azure_entra][allowed]") {
+  URI container_path("azure://entratest/");
+  URI file_path("azure://entratest/test_file");
+
+  ThreadPool compute_tp(4);
+  ThreadPool io_tp(4);
+  Config config;
+  require_tiledb_ok(config.set("vfs.azure.storage_account_name", "rbindar"));
+
+  VFS vfs{&g_helper_stats, &compute_tp, &io_tp, config};
+  if (!vfs.supports_uri_scheme(container_path)) {
+    return;
+  }
+
+  bool exists = false;
+  require_tiledb_ok(vfs.is_bucket(container_path, &exists));
+  CHECK(exists);
+
+  uint64_t nbytes = 0;
+  require_tiledb_ok(vfs.file_size(file_path, &nbytes));
+  CHECK(nbytes == 19);
+}
+
+TEST_CASE(
+    "VFS: Test Azure EntraID auth",
+    "[.][ci_only][vfs][azure_entra][fallback]") {
+  URI file_path("azure://entratest/test_file_denied");
+
+  ThreadPool compute_tp(4);
+  ThreadPool io_tp(4);
+  Config config;
+  require_tiledb_ok(config.set("vfs.azure.storage_account_name", "rbindar"));
+
+  VFS vfs{&g_helper_stats, &compute_tp, &io_tp, config};
+  if (!vfs.supports_uri_scheme(file_path)) {
+    return;
+  }
+
+  uint64_t nbytes = 0;
+  require_tiledb_ok(vfs.file_size(file_path, &nbytes));
+  CHECK(nbytes == 19);
+}
+
 TEST_CASE("VFS: test ls_with_sizes", "[vfs][ls-with-sizes]") {
   ThreadPool compute_tp(4);
   ThreadPool io_tp(4);