Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

{Role} Bump role_definitions API version to 2022-05-01-preview #26577

Merged
merged 2 commits into from
Aug 29, 2023
Merged

{Role} Bump role_definitions API version to 2022-05-01-preview #26577

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f8c5501
role_definitions
jiasli Aug 24, 2023
2ad53b9
test_role_assignment_handle_conflicted_assignments
jiasli Aug 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/azure-cli-core/azure/cli/core/profiles/_shared.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ def default_api_version(self):
ResourceType.MGMT_KEYVAULT: '2023-02-01',
ResourceType.MGMT_AUTHORIZATION: SDKProfile('2022-04-01', {
'classic_administrators': '2015-06-01',
'role_definitions': '2022-04-01',
'role_definitions': '2022-05-01-preview',
'provider_operations_metadata': '2018-01-01-preview'
}),
ResourceType.MGMT_CONTAINERREGISTRY: SDKProfile('2022-02-01-preview', {
Expand Down
1,094 changes: 480 additions & 614 deletions ...tests/latest/recordings/test_aks_create_default_service_without_skip_role_assignment.yaml
View file
Open in desktop

Large diffs are not rendered by default.

389 changes: 219 additions & 170 deletions ...-cli/azure/cli/command_modules/acs/tests/latest/recordings/test_aks_private_dns_zone.yaml
View file
Open in desktop

Large diffs are not rendered by default.

425 changes: 252 additions & 173 deletions ...e-cli/azure/cli/command_modules/ams/tests/latest/recordings/test_ams_sp_create_reset.yaml
View file
Open in desktop

Large diffs are not rendered by default.

1,809 changes: 1,129 additions & 680 deletions ...azure-cli/azure/cli/command_modules/iot/tests/latest/recordings/test_hub_file_upload.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2,328 changes: 1,181 additions & 1,147 deletions src/azure-cli/azure/cli/command_modules/iot/tests/latest/recordings/test_identity_hub.yaml
View file
Open in desktop

Large diffs are not rendered by default.

138 changes: 71 additions & 67 deletions ...ommand_modules/resource/tests/latest/recordings/test_managed_app_def_deployment_mode.yaml
View file
Open in desktop

Large diffs are not rendered by default.

438 changes: 229 additions & 209 deletions ...azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_managedapp.yaml
View file
Open in desktop

Large diffs are not rendered by default.

310 changes: 157 additions & 153 deletions ...re-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_managedappdef.yaml
View file
Open in desktop

Large diffs are not rendered by default.

482 changes: 241 additions & 241 deletions ...azure/cli/command_modules/resource/tests/latest/recordings/test_managedappdef_inline.yaml
View file
Open in desktop

Large diffs are not rendered by default.

1,002 changes: 484 additions & 518 deletions ...e/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_identity.yaml
View file
Open in desktop

Large diffs are not rendered by default.

730 changes: 458 additions & 272 deletions ...odules/resource/tests/latest/recordings/test_resource_policy_identity_systemassigned.yaml
View file
Open in desktop

Large diffs are not rendered by default.

427 changes: 265 additions & 162 deletions ...d_modules/role/tests/latest/recordings/test_create_for_rbac_password_with_assignment.yaml
View file
Open in desktop

Large diffs are not rendered by default.

695 changes: 407 additions & 288 deletions ...i/azure/cli/command_modules/role/tests/latest/recordings/test_role_assignment_audits.yaml
View file
Open in desktop

Large diffs are not rendered by default.

194 changes: 98 additions & 96 deletions .../cli/command_modules/role/tests/latest/recordings/test_role_assignment_create_update.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2,004 changes: 1,307 additions & 697 deletions ...odules/role/tests/latest/recordings/test_role_assignment_create_using_principal_type.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2,876 changes: 0 additions & 2,876 deletions .../cli/command_modules/role/tests/latest/recordings/test_role_assignment_for_co_admins.yaml
View file
Open in desktop

This file was deleted.

607 changes: 341 additions & 266 deletions ...ules/role/tests/latest/recordings/test_role_assignment_handle_conflicted_assignments.yaml
View file
Open in desktop

Large diffs are not rendered by default.

7,521 changes: 2,521 additions & 5,000 deletions ...azure/cli/command_modules/role/tests/latest/recordings/test_role_assignment_scenario.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2,972 changes: 2,677 additions & 295 deletions ...azure/cli/command_modules/role/tests/latest/recordings/test_role_definition_scenario.yaml
View file
Open in desktop

Large diffs are not rendered by default.

439 changes: 60 additions & 379 deletions src/azure-cli/azure/cli/command_modules/role/tests/latest/recordings/test_user_scenario.yaml
View file
Open in desktop

Large diffs are not rendered by default.

12 changes: 8 additions & 4 deletions src/azure-cli/azure/cli/command_modules/role/tests/latest/test_graph.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

from azure.cli.testsdk import MSGraphNameReplacer
from ..util import MSGraphUpnReplacer
from azure.cli.testsdk import ScenarioTest
from azure.cli.testsdk import ScenarioTest, LiveScenarioTest
from azure.cli.testsdk.scenario_tests import AllowLargeResponse


Expand Down Expand Up @@ -768,9 +768,6 @@ def test_user_scenario(self):
self.cmd('ad user get-member-groups --id {user1_id}',
checks=self.check('[0].displayName', self.kwargs['group']))

# list
self.cmd('ad user list')

# delete
self.cmd('ad user delete --id {user1_id}')

Expand Down Expand Up @@ -994,6 +991,13 @@ def test_special_characters_in_upn(self):
self.cmd('ad user delete --id {upn}')


class GraphLiveScenarioTest(LiveScenarioTest):
# Only test list commands in live mode to avoid recording tenant information

def test_user_list(self):
self.cmd('ad user list')


def _get_id_from_value(permissions, value):
"""Get id from value for appRoles or oauth2PermissionScopes."""
# https://docs.microsoft.com/en-us/graph/api/resources/serviceprincipal?view=graph-rest-1.0#properties
Expand Down
123 changes: 65 additions & 58 deletions src/azure-cli/azure/cli/command_modules/role/tests/latest/test_role.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -255,9 +255,6 @@ def test_role_definition_scenario(self):

class RoleAssignmentScenarioTest(RoleScenarioTestBase):

def __init__(self, *arg, **kwargs):
super().__init__(*arg, random_config_dir=True, **kwargs)

@ResourceGroupPreparer(name_prefix='cli_role_assign')
@AllowLargeResponse()
def test_role_assignment_scenario(self, resource_group):
Expand Down Expand Up @@ -315,14 +312,6 @@ def test_role_assignment_scenario(self, resource_group):
self.check("length([])", 2)
])

# test couple of more general filters
result = self.cmd('role assignment list -g {rg} --include-inherited').get_output_in_json()
# There are role assignments inherited from subscription, so we can't tell the exact number
self.assertTrue(len(result) >= 1)

result = self.cmd('role assignment list --all').get_output_in_json()
self.assertTrue(len(result) >= 1)

self.cmd('role assignment delete --assignee {group_id} --role {role} -g {rg}')
self.cmd('role assignment delete --assignee {upn} --role {role} -g {rg}')
self.cmd('role assignment list -g {rg}',
Expand Down Expand Up @@ -545,48 +534,6 @@ def test_role_assignment_create_update(self, resource_group):
finally:
self.cmd('ad user delete --id {upn}')

@ResourceGroupPreparer(name_prefix='cli_role_assign')
@AllowLargeResponse()
def test_role_assignment_handle_conflicted_assignments(self, resource_group):
if self.run_under_service_principal():
return # this test delete users which are beyond a SP's capacity, so quit...

with mock.patch('azure.cli.command_modules.role.custom._gen_guid', side_effect=self.create_guid):
user = self.create_random_name('testuser', 15)
self.kwargs.update({
'upn': user + TEST_TENANT_DOMAIN,
'nsg': 'nsg1'
})

self.cmd('ad user create --display-name tester123 --password Test123456789 --user-principal-name {upn}')
time.sleep(15) # By-design, it takes some time for RBAC system propagated with graph object change

base_dir = os.path.abspath(os.curdir)

try:
temp_dir = os.path.realpath(self.create_temp_dir())
os.chdir(temp_dir)
self.cmd('configure --default group={rg} --scope local')
local_defaults_config = self.cmd('configure --list-defaults --scope local').get_output_in_json()

self.assertGreaterEqual(len(local_defaults_config), 1)
actual = set([(x['name'], x['source'], x['value']) for x in local_defaults_config if x['name'] == 'group'])
# If global config_dir is ~/.azure/dummy_cli_config_dir/0azXbKR9OdJuZPFS/,
# local config file is ./0azXbKR9OdJuZPFS/config
expected = set([('group', os.path.join(temp_dir, os.path.basename(self.cli_ctx.config.config_dir), 'config'), self.kwargs['rg'])])
self.assertEqual(actual, expected)

# test role assignments on a resource group
rg_id = self.cmd('group show -n {rg}').get_output_in_json()['id']
self.cmd('role assignment create --assignee {upn} --role reader --scope ' + rg_id)
self.cmd('role assignment list --assignee {upn} --role reader --scope ' + rg_id, checks=self.check('length([])', 1))
self.cmd('role assignment delete --assignee {upn} --role reader --scope ' + rg_id)
self.cmd('role assignment list --assignee {upn} --role reader --scope ' + rg_id, checks=self.check('length([])', 0))
finally:
self.cmd('configure --default group="" --scope local')
os.chdir(base_dir)
self.cmd('ad user delete --id {upn}')

def test_role_assignment_empty_string_args(self):
expected_msg = "{} can't be an empty string"
with self.assertRaisesRegex(CLIError, expected_msg.format("--assignee")):
Expand Down Expand Up @@ -686,16 +633,76 @@ def check_changelogs():
finally:
self.cmd('ad user delete --id {upn}')

@ResourceGroupPreparer(name_prefix='cli_test_assignments_for_coadmins')

class RoleAssignmentWithConfigScenarioTest(RoleScenarioTestBase):

def __init__(self, *arg, **kwargs):
super().__init__(*arg, random_config_dir=True, **kwargs)

@ResourceGroupPreparer(name_prefix='cli_role_assign')
@AllowLargeResponse()
def test_role_assignment_handle_conflicted_assignments(self, resource_group):
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

test_role_assignment_handle_conflicted_assignments is the only test that writes to config file. I moved it to a dedicated RoleAssignmentWithConfigScenarioTest so that other tests in RoleAssignmentScenarioTest won't need random_config_dir.

if self.run_under_service_principal():
return # this test delete users which are beyond a SP's capacity, so quit...

with mock.patch('azure.cli.command_modules.role.custom._gen_guid', side_effect=self.create_guid):
user = self.create_random_name('testuser', 15)
self.kwargs.update({
'upn': user + TEST_TENANT_DOMAIN,
'nsg': 'nsg1'
})

self.cmd('ad user create --display-name tester123 --password Test123456789 --user-principal-name {upn}')
time.sleep(15) # By-design, it takes some time for RBAC system propagated with graph object change

base_dir = os.path.abspath(os.curdir)

try:
temp_dir = os.path.realpath(self.create_temp_dir())
os.chdir(temp_dir)
self.cmd('configure --default group={rg} --scope local')
local_defaults_config = self.cmd('configure --list-defaults --scope local').get_output_in_json()

self.assertGreaterEqual(len(local_defaults_config), 1)
actual = set([(x['name'], x['source'], x['value']) for x in local_defaults_config if x['name'] == 'group'])
# If global config_dir is ~/.azure/dummy_cli_config_dir/0azXbKR9OdJuZPFS/,
# local config file is ./0azXbKR9OdJuZPFS/config
expected = set([('group', os.path.join(temp_dir, os.path.basename(self.cli_ctx.config.config_dir), 'config'), self.kwargs['rg'])])
self.assertEqual(actual, expected)

# test role assignments on a resource group
rg_id = self.cmd('group show -n {rg}').get_output_in_json()['id']
self.cmd('role assignment create --assignee {upn} --role reader --scope ' + rg_id)
self.cmd('role assignment list --assignee {upn} --role reader --scope ' + rg_id, checks=self.check('length([])', 1))
self.cmd('role assignment delete --assignee {upn} --role reader --scope ' + rg_id)
self.cmd('role assignment list --assignee {upn} --role reader --scope ' + rg_id, checks=self.check('length([])', 0))
finally:
self.cmd('configure --default group="" --scope local')
os.chdir(base_dir)
self.cmd('ad user delete --id {upn}')


class RoleAssignmentLiveScenarioTest(LiveScenarioTest):
# Only test list commands in live mode to avoid recording tenant information

@ResourceGroupPreparer(name_prefix='cli_role_assign')
def test_role_assignment_list(self, resource_group):
# List all role assignments under a subscription
self.cmd('role assignment list --all', checks=[self.greater_than("length([])", 0)])

# List role assignments for a resource group.
self.cmd('role assignment list -g {rg}', checks=[self.check("length([])", 0)])

# There are role assignments inherited from subscription, so we can't tell the exact number.
self.cmd('role assignment list -g {rg} --include-inherited', checks=[self.greater_than("length([])", 0)])

@ResourceGroupPreparer(name_prefix='cli_test_assignments_for_coadmins')
def test_role_assignment_for_co_admins(self, resource_group):

result = self.cmd('role assignment list --include-classic-administrator').get_output_in_json()
self.assertTrue([x for x in result if x['roleDefinitionName'] in ['CoAdministrator', 'AccountAdministrator']])
self.cmd('role assignment list -g {}'.format(resource_group), checks=[
self.check("length([])", 0)
])
result = self.cmd('role assignment list -g {} --include-classic-administrator'.format(resource_group)).get_output_in_json()

result = self.cmd('role assignment list -g {rg} --include-classic-administrator').get_output_in_json()
self.assertTrue([x for x in result if x['roleDefinitionName'] in ['CoAdministrator', 'AccountAdministrator']])


Expand Down
Loading