refactor: enable both identity

blackchoey · Oct 24, 2024 · 2d708fd · 2d708fd
1 parent a1daa8f
commit 2d708fd
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 15 deletions.
diff --git a/src/apic-extension/azext_apic_extension/tests/latest/test_service_commands.py b/src/apic-extension/azext_apic_extension/tests/latest/test_service_commands.py
@@ -11,6 +11,9 @@
 from .utils import ApicServicePreparer
 from .constants import TEST_REGION, USERASSIGNED_IDENTITY
 
+# if USERASSIGNED_IDENTITY is set, enable_system_assigned_identity is False, otherwise use system assigned identity
+enable_system_assigned_identity = False if USERASSIGNED_IDENTITY else True
+
 class ServiceCommandsTests(ScenarioTest):
 
     @ResourceGroupPreparer(name_prefix="clirg", location=TEST_REGION, random_name_length=32)
@@ -111,7 +114,7 @@ def test_delete_service(self):
         self.cmd('az apic show -g {rg} -n {s}', expect_failure=True)
 
     @ResourceGroupPreparer(name_prefix="clirg", location=TEST_REGION, random_name_length=32)
-    @ApicServicePreparer(enable_system_assigned_identity=False)
+    @ApicServicePreparer(enable_system_assigned_identity)
     def test_import_from_apim(self):
         self.kwargs.update({
           'apim_name': self.create_random_name(prefix='cli', length=24)
@@ -127,7 +130,7 @@ def test_import_from_apim(self):
 
 
     @ResourceGroupPreparer(name_prefix="clirg", location=TEST_REGION, random_name_length=32)
-    @ApicServicePreparer(enable_system_assigned_identity=False)
+    @ApicServicePreparer(enable_system_assigned_identity)
     def test_import_from_apim_for_one_api(self):
         self.kwargs.update({
           'apim_name': self.create_random_name(prefix='cli', length=24)
@@ -146,7 +149,7 @@ def test_import_from_apim_for_one_api(self):
         ])
 
     @ResourceGroupPreparer(name_prefix="clirg", location=TEST_REGION, random_name_length=32)
-    @ApicServicePreparer(enable_system_assigned_identity=False)
+    @ApicServicePreparer(enable_system_assigned_identity)
     def test_import_from_apim_for_multiple_apis(self):
         self.kwargs.update({
           'apim_name': self.create_random_name(prefix='cli', length=24)
@@ -195,7 +198,7 @@ def test_examples_delete_service(self):
         self.cmd('az apic show -g {rg} -n {s}', expect_failure=True)
 
     @ResourceGroupPreparer(name_prefix="clirg", location=TEST_REGION, random_name_length=32)
-    @ApicServicePreparer(enable_system_assigned_identity=False)
+    @ApicServicePreparer(enable_system_assigned_identity)
     def test_examples_import_all_apis_from_apim(self):
         self.kwargs.update({
           'apim_name': self.create_random_name(prefix='cli', length=24)
@@ -204,7 +207,7 @@ def test_examples_import_all_apis_from_apim(self):
         self.cmd('az apic import-from-apim -g {rg} --service-name {s} --apim-name {apim_name} --apim-apis *')
 
     @ResourceGroupPreparer(name_prefix="clirg", location=TEST_REGION, random_name_length=32)
-    @ApicServicePreparer(enable_system_assigned_identity=False)
+    @ApicServicePreparer(enable_system_assigned_identity)
     def test_examples_import_selected_apis_from_apim(self):
         self.kwargs.update({
           'apim_name': self.create_random_name(prefix='cli', length=24)
@@ -238,9 +241,9 @@ def _prepare_apim(self):
             # Only setup APIM in live mode
             # Get system assigned identity id for API Center
             apic_service = self.cmd('az apic show -g {rg} -n {s}').get_output_in_json()
-            # self.kwargs.update({
-            #     'identity_id': apic_service['identity']['principalId']
-            # })
+            self.kwargs.update({
+                'identity_id': apic_service['identity']['principalId']
+            }) if enable_system_assigned_identity
             # Create APIM service
             apim_service = self.cmd('az apim create -g {rg} --name {apim_name} --publisher-name test --publisher-email test@example.com --sku-name Consumption').get_output_in_json()
             # Add echo api
@@ -254,8 +257,10 @@ def _prepare_apim(self):
                 'apim_id': apim_id,
                 'usi_id': USERASSIGNED_IDENTITY
             })
-            # Grant system assigned identity of API Center access to APIM
-            # self.cmd('az role assignment create --role "API Management Service Reader Role" --assignee-object-id {identity_id} --assignee-principal-type ServicePrincipal --scope {apim_id}')
-
-            # add user-assigned identity to api center service:
-            self.cmd('az apic update --name {s} -g {rg} --identity {{type:UserAssigned,user-assigned-identities:{usi_id}}}')
+
+            if enable_system_assigned_identity:
+                # Grant system assigned identity of API Center access to APIM
+                self.cmd('az role assignment create --role "API Management Service Reader Role" --assignee-object-id {identity_id} --assignee-principal-type ServicePrincipal --scope {apim_id}')
+            else:
+                # add user-assigned identity to api center service:
+                self.cmd('az apic update --name {s} -g {rg} --identity {{type:UserAssigned,user-assigned-identities:{usi_id}}}')
diff --git a/src/apic-extension/azext_apic_extension/tests/latest/utils.py b/src/apic-extension/azext_apic_extension/tests/latest/utils.py
@@ -8,8 +8,7 @@
 class ApicServicePreparer(NoTrafficRecordingPreparer, SingleValueReplacer):
     def __init__(self, name_prefix='clitest', length=24,
                  parameter_name='service_name', resource_group_parameter_name='resource_group', key='s',
-                 enable_system_assigned_identity=False,
-                 usi_id=None):
+                 enable_system_assigned_identity=False):
         super(ApicServicePreparer, self).__init__(name_prefix, length)
         self.cli_ctx = get_dummy_cli()
         self.resource_group_parameter_name = resource_group_parameter_name