Merge pull request #25 from Azure/fixAAD

Fix aad impersonation issue

Author: ogail

src/Common/Commands.Common.Test/Common/ProfileClientTests.cs

@@ -16,6 +16,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using Microsoft.Azure.Subscriptions.Models;
 using Microsoft.WindowsAzure.Commands.Common.Models;
 using Microsoft.WindowsAzure.Commands.Common.Test.Mocks;
 using Microsoft.WindowsAzure.Commands.Profile;
@@ -46,6 +47,10 @@ public class ProfileClientTests
         private AzureSubscription azureSubscription3withoutUser;
         private AzureEnvironment azureEnvironment;
         private AzureAccount azureAccount;
+        private TenantIdDescription commonTenant;
+        private TenantIdDescription guestTenant;
+        private Subscriptions.Models.SubscriptionListOperationResponse.Subscription guestRdfeSubscription;
+        private Subscription guestCsmSubscription;
 
         public ProfileClientTests()
         {
@@ -285,6 +290,80 @@ public void AddAzureAccountReturnsAccountWithAllSubscriptionsInCsmMode()
             Assert.True(account.GetSubscriptions(client.Profile).Any(s => s.Id == new Guid(csmSubscription1.SubscriptionId)));
         }
 
+        [Fact]
+        public void AddAzureAccountWithImpersonatedGuestWithNoSubscriptions()
+        {
+            SetMocks(new[] { rdfeSubscription1 }.ToList(), new List<Azure.Subscriptions.Models.Subscription>(),
+                new[] { commonTenant, guestTenant }.ToList(),
+                (userAccount, environment, tenant) =>
+                {
+                    var token = new MockAccessToken
+                    {
+                        UserId = tenant == commonTenant.TenantId ? userAccount.Id : "UserB",
+                        AccessToken = "def",
+                        LoginType = LoginType.OrgId
+                    };
+                    userAccount.Id = token.UserId;
+                    return token;
+                });
+            MockDataStore dataStore = new MockDataStore();
+            dataStore.VirtualStore[oldProfileDataPath] = oldProfileData;
+            ProfileClient.DataStore = dataStore;
+            ProfileClient client = new ProfileClient();
+
+            var account = client.AddAccountAndLoadSubscriptions(new AzureAccount { Id = "UserA", Type = AzureAccount.AccountType.User }, AzureEnvironment.PublicEnvironments[EnvironmentName.AzureCloud], null);
+
+            Assert.Equal("UserA", account.Id);
+            Assert.Equal(1, account.GetSubscriptions(client.Profile).Count);
+            var subrdfe1 = account.GetSubscriptions(client.Profile).FirstOrDefault(s => s.Id == new Guid(rdfeSubscription1.SubscriptionId));
+            var userA = client.GetAccount("UserA");
+            var userB = client.GetAccount("UserB");
+            Assert.NotNull(userA);
+            Assert.NotNull(userB);
+            Assert.Contains<string>(rdfeSubscription1.SubscriptionId, userA.GetPropertyAsArray(AzureAccount.Property.Subscriptions), StringComparer.OrdinalIgnoreCase);
+            Assert.False(userB.HasSubscription(new Guid(rdfeSubscription1.SubscriptionId)));
+            Assert.NotNull(subrdfe1);
+            Assert.Equal("UserA", subrdfe1.Account);
+        }
+
+        [Fact]
+        public void AddAzureAccountWithImpersonatedGuestWithSubscriptions()
+        {
+            SetMocks(new[] { rdfeSubscription1, guestRdfeSubscription }.ToList(), new List<Azure.Subscriptions.Models.Subscription>(), new[] { commonTenant, guestTenant }.ToList(),
+                    (userAccount, environment, tenant) =>
+                {
+                    var token = new MockAccessToken
+                    {
+                        UserId = tenant == commonTenant.TenantId ? userAccount.Id : "UserB",
+                        AccessToken = "def",
+                        LoginType = LoginType.OrgId
+                    };
+                    userAccount.Id = token.UserId;
+                    return token;
+                });
+            MockDataStore dataStore = new MockDataStore();
+            dataStore.VirtualStore[oldProfileDataPath] = oldProfileData;
+            ProfileClient.DataStore = dataStore;
+            ProfileClient client = new ProfileClient();
+
+            var account = client.AddAccountAndLoadSubscriptions(new AzureAccount { Id = "UserA", Type = AzureAccount.AccountType.User }, AzureEnvironment.PublicEnvironments[EnvironmentName.AzureCloud], null);
+
+            Assert.Equal("UserA", account.Id);
+            Assert.Equal(1, account.GetSubscriptions(client.Profile).Count);
+            var subrdfe1 = account.GetSubscriptions(client.Profile).FirstOrDefault(s => s.Id == new Guid(rdfeSubscription1.SubscriptionId));
+            var userA = client.GetAccount("UserA");
+            var userB = client.GetAccount("UserB");
+             var subGuest = userB.GetSubscriptions(client.Profile).FirstOrDefault(s => s.Id == new Guid(guestRdfeSubscription.SubscriptionId));
+            Assert.NotNull(userA);
+            Assert.NotNull(userB);
+            Assert.Contains<string>(rdfeSubscription1.SubscriptionId, userA.GetPropertyAsArray(AzureAccount.Property.Subscriptions), StringComparer.OrdinalIgnoreCase);
+            Assert.Contains<string>(guestRdfeSubscription.SubscriptionId, userB.GetPropertyAsArray(AzureAccount.Property.Subscriptions), StringComparer.OrdinalIgnoreCase);
+            Assert.NotNull(subrdfe1);
+            Assert.NotNull(subGuest);
+            Assert.Equal("UserA", subrdfe1.Account);
+            Assert.Equal("UserB", subGuest.Account);
+        }
+
         [Fact]
         public void GetAzureAccountReturnsAccountWithSubscriptions()
         {
@@ -1139,7 +1218,7 @@ public void SelectAzureSubscriptionByIdWorks()
             cmdlt.InvokeBeginProcessing();
             cmdlt.ExecuteCmdlet();
             cmdlt.InvokeEndProcessing();
-            
+
             Assert.Equal(tempSubscriptions[2].Id, AzureSession.CurrentContext.Subscription.Id);
         }
 
@@ -1184,21 +1263,40 @@ public void ImportPublishSettingsAddsSecondCertificate()
         }
 
         private void SetMocks(List<WindowsAzure.Subscriptions.Models.SubscriptionListOperationResponse.Subscription> rdfeSubscriptions,
-            List<Azure.Subscriptions.Models.Subscription> csmSubscriptions)
+            List<Azure.Subscriptions.Models.Subscription> csmSubscriptions,
+            List<Azure.Subscriptions.Models.TenantIdDescription> tenants = null,
+            Func<AzureAccount, AzureEnvironment, string, IAccessToken> tokenProvider = null)
         {
             ClientMocks clientMocks = new ClientMocks(new Guid(defaultSubscription));
 
             clientMocks.LoadRdfeSubscriptions(rdfeSubscriptions);
             clientMocks.LoadCsmSubscriptions(csmSubscriptions);
+            clientMocks.LoadTenants(tenants);
 
             AzureSession.ClientFactory = new MockClientFactory(new object[] { clientMocks.RdfeSubscriptionClientMock.Object,
                 clientMocks.CsmSubscriptionClientMock.Object });
 
-            AzureSession.AuthenticationFactory = new MockTokenAuthenticationFactory();
+            var mockFactory = new MockTokenAuthenticationFactory();
+            if (tokenProvider != null)
+            {
+                mockFactory.TokenProvider = tokenProvider;
+            }
+
+            AzureSession.AuthenticationFactory = mockFactory;
         }
 
         private void SetMockData()
         {
+            commonTenant = new TenantIdDescription
+            {
+                Id = "Common",
+                TenantId = "Common"
+            };
+            guestTenant = new TenantIdDescription
+            {
+                Id = "Guest",
+                TenantId = "Guest"
+            };
             rdfeSubscription1 = new Subscriptions.Models.SubscriptionListOperationResponse.Subscription
             {
                 SubscriptionId = "16E3F6FD-A3AA-439A-8FC4-1F5C41D2AD1E",
@@ -1213,6 +1311,13 @@ private void SetMockData()
                 SubscriptionStatus = Subscriptions.Models.SubscriptionStatus.Active,
                 ActiveDirectoryTenantId = "Common"
             };
+            guestRdfeSubscription = new Subscriptions.Models.SubscriptionListOperationResponse.Subscription
+            {
+                SubscriptionId = "26E3F6FD-A3AA-439A-8FC4-1F5C41D2AD1C",
+                SubscriptionName = "RdfeSub2",
+                SubscriptionStatus = Subscriptions.Models.SubscriptionStatus.Active,
+                ActiveDirectoryTenantId = "Guest"
+            };
             csmSubscription1 = new Azure.Subscriptions.Models.Subscription
             {
                 Id = "Subscriptions/36E3F6FD-A3AA-439A-8FC4-1F5C41D2AD1E",
@@ -1234,6 +1339,13 @@ private void SetMockData()
                 State = "Active",
                 SubscriptionId = "46E3F6FD-A3AA-439A-8FC4-1F5C41D2AD1E"
             };
+            guestCsmSubscription = new Azure.Subscriptions.Models.Subscription
+            {
+                Id = "Subscriptions/76E3F6FD-A3AA-439A-8FC4-1F5C41D2AD1D",
+                DisplayName = "CsmGuestSub",
+                State = "Active",
+                SubscriptionId = "76E3F6FD-A3AA-439A-8FC4-1F5C41D2AD1D"
+            };
             azureSubscription1 = new AzureSubscription
             {
                 Id = new Guid("56E3F6FD-A3AA-439A-8FC4-1F5C41D2AD1E"),

src/Common/Commands.Common.Test/Mocks/ClientMocks.cs

@@ -58,7 +58,7 @@ private SubscriptionCloudCredentials CreateCredentials(Guid subscriptionId)
         }
 
         public static CloudException Make404Exception()
-        {
+    {
             return CloudException.Create(
                 new HttpRequestMessage(),
                 null,
@@ -75,18 +75,7 @@ public void LoadCsmSubscriptions(List<Azure.Subscriptions.Models.Subscription> s
                     Subscriptions = subscriptions
                 }));
 
-            var tenantOperationsMock = new Mock<Azure.Subscriptions.ITenantOperations>();
-            tenantOperationsMock.Setup(f => f.ListAsync(new CancellationToken()))
-                .Returns(Task.Factory.StartNew(() => new Azure.Subscriptions.Models.TenantListResult
-                {
-                    TenantIds = new[] { new Azure.Subscriptions.Models.TenantIdDescription
-                    {
-                        Id = "1", TenantId = "1"
-                    }}.ToList()
-                }));
-
             CsmSubscriptionClientMock.Setup(f => f.Subscriptions).Returns(subscriptionOperationsMock.Object);
-            CsmSubscriptionClientMock.Setup(f => f.Tenants).Returns(tenantOperationsMock.Object);
         }
 
         public void LoadRdfeSubscriptions(List<WindowsAzure.Subscriptions.Models.SubscriptionListOperationResponse.Subscription> subscriptions)
@@ -100,5 +89,26 @@ public void LoadRdfeSubscriptions(List<WindowsAzure.Subscriptions.Models.Subscri
 
             RdfeSubscriptionClientMock.Setup(f => f.Subscriptions).Returns(subscriptionOperationsMock.Object);
         }
+
+        public void LoadTenants(List<Azure.Subscriptions.Models.TenantIdDescription> tenantIds = null)
+        {
+
+            tenantIds = tenantIds ?? new[]
+            {
+                new Azure.Subscriptions.Models.TenantIdDescription
+                {
+                    Id = "Common",
+                    TenantId = "Common"
+                }
+            }.ToList();
+            var tenantOperationsMock = new Mock<Azure.Subscriptions.ITenantOperations>();
+            tenantOperationsMock.Setup(f => f.ListAsync(new CancellationToken()))
+                .Returns(Task.Factory.StartNew(() => new Azure.Subscriptions.Models.TenantListResult
+                {
+                    TenantIds = tenantIds
+                }));
+            
+            CsmSubscriptionClientMock.Setup(f => f.Tenants).Returns(tenantOperationsMock.Object);
+        }
     }
 }

src/Common/Commands.Common.Test/Mocks/MockTokenAuthenticationFactory.cs

@@ -12,6 +12,7 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using System;
 using System.Security;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.WindowsAzure.Commands.Common.Models;
@@ -23,6 +24,8 @@ public class MockTokenAuthenticationFactory : IAuthenticationFactory
     {
         public IAccessToken Token { get; set; }
 
+        public Func<AzureAccount, AzureEnvironment, string, IAccessToken> TokenProvider { get; set; }
+
         public MockTokenAuthenticationFactory()
         {
             Token = new MockAccessToken
@@ -31,6 +34,13 @@ public MockTokenAuthenticationFactory()
                 LoginType = LoginType.OrgId,
                 AccessToken = "abc"
             };
+
+            TokenProvider = (account, environment, tenant) => Token = new MockAccessToken
+            {
+                UserId = account.Id,
+                LoginType = LoginType.OrgId,
+                AccessToken = Token.AccessToken
+            };
         }
 
         public MockTokenAuthenticationFactory(string userId, string accessToken)
@@ -50,14 +60,7 @@ public IAccessToken Authenticate(AzureAccount account, AzureEnvironment environm
                 account.Id = "test";
             }
 
-            Token = new MockAccessToken
-            {
-                UserId = account.Id,
-                LoginType = LoginType.OrgId,
-                AccessToken = Token.AccessToken
-            };
-
-            return Token;
+            return TokenProvider(account, environment, tenant);
         }
 
         public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(AzureContext context)