Enhance NSP deployment test with resource connectivity verification

[eerhardt]

Description

Enhances the NSP deployment E2E test (added in #16027) to actually verify that the deployed app can connect to Azure Storage and Key Vault through the Network Security Perimeter.

Changes:

• AppHost code alignment: NSP is declared first, then Storage and KeyVault chain .WithNetworkSecurityPerimeter(nsp) inline (cleaner style).
• Verification endpoints: Adds /api/verify-blobs and /api/verify-keyvault endpoints to the Server's Program.cs. These endpoints create, read, and delete resources to confirm real connectivity.
• New Step 13: After basic HTTP 200 checks, the test curls the verify endpoints on the deployed server to confirm actual Blob Storage and Key Vault connectivity through the NSP (with retry loops).

This ensures the test validates not just that the app deploys, but that the NSP allows the Container App to actually talk to the PaaS resources.

Checklist

• Is this feature complete?
  • Yes. Ready to ship.
  • No. Follow-up changes expected.
• Are you including unit tests for the changes and scenario tests if relevant?
  • Yes
  • No
• Did you add public API?
  • Yes
  • No
• Does the change make any security assumptions or guarantees?
  • Yes
  • No
• Does the change require an update in our Aspire docs?
  • Yes
  • No

[github-actions]

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 16040

Or

• Run remotely in PowerShell:

iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 16040"

[github-actions]

🚀 Deployment tests starting on PR #16040...

This will deploy to real Azure infrastructure. Results will be posted here when complete.

View workflow run

[github-actions]

🚀 Deployment tests starting on PR #16040...

This will deploy to real Azure infrastructure. Results will be posted here when complete.

View workflow run

[github-actions]

❌ Deployment E2E Tests failed — 23 passed, 7 failed, 0 cancelled

View test results and recordings

View workflow run

Test	Result	Recording
Deployment.EndToEnd-VnetSqlServerInfraDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-VnetSqlServerConnectivityDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AzureEventHubsDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AzureStorageDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-NspStorageKeyVaultDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AzureServiceBusDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AzureKeyVaultDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-VnetKeyVaultInfraDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AzureAppConfigDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AzureLogAnalyticsDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AcaCompactNamingDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AksStarterWithRedisDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AppServiceReactDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-VnetKeyVaultConnectivityDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AcaExistingRegistryDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AuthenticationTests	✅ Passed
Deployment.EndToEnd-AcaStarterDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AcaCustomRegistryDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-VnetStorageBlobInfraDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AzureContainerRegistryDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-VnetStorageBlobConnectivityDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AcaDeploymentErrorOutputTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-AksStarterDeploymentTests	✅ Passed	▶️ View Recording
Deployment.EndToEnd-TypeScriptExpressDeploymentTests	❌ Failed	▶️ View Recording
Deployment.EndToEnd-AppServicePythonDeploymentTests	❌ Failed	▶️ View Recording
Deployment.EndToEnd-AcaCompactNamingUpgradeDeploymentTests	❌ Failed	▶️ View Recording
Deployment.EndToEnd-AcaManagedRedisDeploymentTests	❌ Failed	▶️ View Recording
Deployment.EndToEnd-AcrPurgeTaskDeploymentTests	❌ Failed	▶️ View Recording
Deployment.EndToEnd-PythonFastApiDeploymentTests	❌ Failed	▶️ View Recording
Deployment.EndToEnd-TypeScriptVnetSqlServerInfraDeploymentTests	❌ Failed	▶️ View Recording

[github-actions]

🎬 CLI E2E Test Recordings — 56 recordings uploaded (commit 89298e7)

View recordings

Test	Recording
AddPackageInteractiveWhileAppHostRunningDetached	▶️ View Recording
AddPackageWhileAppHostRunningDetached	▶️ View Recording
AgentCommands_AllHelpOutputs_AreCorrect	▶️ View Recording
AgentInitCommand_DefaultSelection_InstallsSkillOnly	▶️ View Recording
AgentInitCommand_MigratesDeprecatedConfig	▶️ View Recording
AllPublishMethodsBuildDockerImages	▶️ View Recording
AspireAddPackageVersionToDirectoryPackagesProps	▶️ View Recording
AspireUpdateRemovesAppHostPackageVersionFromDirectoryPackagesProps	▶️ View Recording
Banner_DisplayedOnFirstRun	▶️ View Recording
Banner_DisplayedWithExplicitFlag	▶️ View Recording
Banner_NotDisplayedWithNoLogoFlag	▶️ View Recording
CertificatesClean_RemovesCertificates	▶️ View Recording
CertificatesTrust_WithNoCert_CreatesAndTrustsCertificate	▶️ View Recording
CertificatesTrust_WithUntrustedCert_TrustsCertificate	▶️ View Recording
ConfigSetGet_CreatesNestedJsonFormat	▶️ View Recording
CreateAndRunAspireStarterProject	▶️ View Recording
CreateAndRunAspireStarterProjectWithBundle	▶️ View Recording
CreateAndRunEmptyAppHostProject	▶️ View Recording
CreateAndRunJavaEmptyAppHostProject	▶️ View Recording
CreateAndRunJsReactProject	▶️ View Recording
CreateAndRunPythonReactProject	▶️ View Recording
CreateAndRunTypeScriptEmptyAppHostProject	▶️ View Recording
CreateAndRunTypeScriptStarterProject	▶️ View Recording
CreateJavaAppHostWithViteApp	▶️ View Recording
CreateStartAndStopAspireProject	▶️ View Recording
CreateTypeScriptAppHostWithViteApp	▶️ View Recording
DashboardRunWithOtelTracesReturnsNoTraces	▶️ View Recording
DescribeCommandResolvesReplicaNames	▶️ View Recording
DescribeCommandShowsRunningResources	▶️ View Recording
DetachFormatJsonProducesValidJson	▶️ View Recording
DoctorCommand_DetectsDeprecatedAgentConfig	▶️ View Recording
DoctorCommand_WithSslCertDir_ShowsTrusted	▶️ View Recording
DoctorCommand_WithoutSslCertDir_ShowsPartiallyTrusted	▶️ View Recording
GlobalMigration_HandlesCommentsAndTrailingCommas	▶️ View Recording
GlobalMigration_HandlesMalformedLegacyJson	▶️ View Recording
GlobalMigration_PreservesAllValueTypes	▶️ View Recording
GlobalMigration_SkipsWhenNewConfigExists	▶️ View Recording
GlobalSettings_MigratedFromLegacyFormat	▶️ View Recording
InvalidAppHostPathWithComments_IsHealedOnRun	▶️ View Recording
LegacySettingsMigration_AdjustsRelativeAppHostPath	▶️ View Recording
LogsCommandShowsResourceLogs	▶️ View Recording
PsCommandListsRunningAppHost	▶️ View Recording
PsFormatJsonOutputsOnlyJsonToStdout	▶️ View Recording
PublishWithDockerComposeServiceCallbackSucceeds	▶️ View Recording
RestoreGeneratesSdkFiles	▶️ View Recording
RestoreSupportsConfigOnlyHelperPackageAndCrossPackageTypes	▶️ View Recording
RunFromParentDirectory_UsesExistingConfigNearAppHost	▶️ View Recording
SecretCrudOnDotNetAppHost	▶️ View Recording
SecretCrudOnTypeScriptAppHost	▶️ View Recording
StagingChannel_ConfigureAndVerifySettings_ThenSwitchChannels	▶️ View Recording
StopAllAppHostsFromAppHostDirectory	▶️ View Recording
StopAllAppHostsFromUnrelatedDirectory	▶️ View Recording
StopNonInteractiveMultipleAppHostsShowsError	▶️ View Recording
StopNonInteractiveSingleAppHost	▶️ View Recording
StopWithNoRunningAppHostExitsSuccessfully	▶️ View Recording
UnAwaitedChainsCompileWithAutoResolvePromises	▶️ View Recording

---

_{📹 Recordings uploaded automatically from CI run #24253217757}