def test_find_subscriptions_thru_username_password_adfs(self, mock_get_cloud, mock_acquire_token,
mock_acquire_token_username_password):
TEST_ADFS_AUTH_URL = 'https://adfs.local.azurestack.external/adfs'
def test_acquire_token(self, resource, username, password, client_id):
global acquire_token_invoked
acquire_token_invoked = True
if (self.authority.url == TEST_ADFS_AUTH_URL and self.authority.is_adfs_authority):
return Test_Profile.token_entry1
else:
raise ValueError('AuthContext was not initialized correctly for ADFS')
mock_acquire_token_username_password.side_effect = test_acquire_token
mock_acquire_token.return_value = self.token_entry1
mock_arm_client = mock.MagicMock()
mock_arm_client.tenants.list.return_value = [TenantStub(self.tenant_id)]
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
mock_get_cloud.endpoints.active_directory = TEST_ADFS_AUTH_URL
finder = SubscriptionFinder(_AUTH_CTX_FACTORY,
None,
lambda _: mock_arm_client)
mgmt_resource = 'https://management.core.windows.net/'
# action
subs = finder.find_from_user_account(self.user1, 'bar', None, mgmt_resource)
# assert
self.assertEqual([self.subscription1], subs)
self.assertTrue(acquire_token_invoked)
def test_find_subscriptions_thru_username_password_adfs(self, mock_get_cloud, mock_acquire_token,
mock_acquire_token_username_password):
TEST_ADFS_AUTH_URL = 'https://adfs.local.azurestack.external/adfs'
def test_acquire_token(self, resource, username, password, client_id):
global acquire_token_invoked
acquire_token_invoked = True
if (self.authority.url == TEST_ADFS_AUTH_URL and self.authority.is_adfs_authority):
return Test_Profile.token_entry1
else:
raise ValueError('AuthContext was not initialized correctly for ADFS')
mock_acquire_token_username_password.side_effect = test_acquire_token
mock_acquire_token.return_value = self.token_entry1
mock_arm_client = mock.MagicMock()
mock_arm_client.tenants.list.return_value = [TenantStub(self.tenant_id)]
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
mock_get_cloud.endpoints.active_directory = TEST_ADFS_AUTH_URL
finder = SubscriptionFinder(_AUTH_CTX_FACTORY,
None,
lambda _: mock_arm_client)
mgmt_resource = 'https://management.core.windows.net/'
# action
subs = finder.find_from_user_account(self.user1, 'bar', None, mgmt_resource)
# assert
self.assertEqual([self.subscription1], subs)
self.assertTrue(acquire_token_invoked)
def test_find_subscriptions_thru_username_password_with_account_disabled(self, mock_logger,
mock_auth_context):
mock_auth_context.acquire_token_with_username_password.return_value = self.token_entry1
mock_auth_context.acquire_token.side_effect = AdalError('Account is disabled')
mock_arm_client = mock.MagicMock()
mock_arm_client.tenants.list.return_value = [TenantStub(self.tenant_id)]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
mgmt_resource = 'https://management.core.windows.net/'
# action
subs = finder.find_from_user_account(self.user1, 'bar', None, mgmt_resource)
# assert
self.assertEqual([], subs)
mock_logger.warning.assert_called_once_with(mock.ANY, mock.ANY, mock.ANY)
def test_create_account_without_subscriptions(self, mock_auth_context):
mock_auth_context.acquire_token_with_client_credentials.return_value = self.token_entry1
mock_arm_client = mock.MagicMock()
mock_arm_client.subscriptions.list.return_value = []
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
storage_mock = {'subscriptions': []}
profile = Profile(storage_mock, use_global_creds_cache=False)
profile._management_resource_uri = 'https://management.core.windows.net/'
# action
result = profile.find_subscriptions_on_login(False,
'1234',
'my-secret',
True,
self.tenant_id,
allow_no_subscriptions=True,
subscription_finder=finder)
# assert
self.assertTrue(1, len(result))
self.assertEqual(result[0]['id'], self.tenant_id)
self.assertEqual(result[0]['state'], 'Enabled')
self.assertEqual(result[0]['tenantId'], self.tenant_id)
self.assertEqual(result[0]['name'], 'N/A(tenant level account)')
def test_find_subscriptions_interactive_from_particular_tenent(self, mock_auth_context):
def just_raise(ex):
raise ex
mock_arm_client = mock.MagicMock()
mock_arm_client.tenants.list.side_effect = lambda: just_raise(
ValueError("'tenants.list' should not occur"))
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
# action
subs = finder.find_through_interactive_flow('NiceTenant', 'http://someresource')
# assert
self.assertEqual([self.subscription1], subs)
def test_find_subscriptions_thru_username_password_with_account_disabled(self, mock_logger,
mock_auth_context):
mock_auth_context.acquire_token_with_username_password.return_value = self.token_entry1
mock_auth_context.acquire_token.side_effect = AdalError('Account is disabled')
mock_arm_client = mock.MagicMock()
mock_arm_client.tenants.list.return_value = [TenantStub(self.tenant_id)]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
mgmt_resource = 'https://management.core.windows.net/'
# action
subs = finder.find_from_user_account(self.user1, 'bar', None, mgmt_resource)
# assert
self.assertEqual([], subs)
mock_logger.warning.assert_called_once_with(mock.ANY, mock.ANY, mock.ANY)
def test_find_subscriptions_interactive_from_particular_tenent(self, mock_auth_context):
def just_raise(ex):
raise ex
mock_arm_client = mock.MagicMock()
mock_arm_client.tenants.list.side_effect = lambda: just_raise(
ValueError("'tenants.list' should not occur"))
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
# action
subs = finder.find_through_interactive_flow('NiceTenant', 'http://someresource')
# assert
self.assertEqual([self.subscription1], subs)
def test_get_expanded_subscription_info_for_logged_in_service_principal(self,
mock_auth_context):
mock_auth_context.acquire_token_with_client_credentials.return_value = self.token_entry1
mock_arm_client = mock.MagicMock()
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
storage_mock = {'subscriptions': []}
profile = Profile(storage_mock, use_global_creds_cache=False)
profile._management_resource_uri = 'https://management.core.windows.net/'
profile.find_subscriptions_on_login(False,
'1234',
'my-secret',
True,
self.tenant_id,
False,
finder)
# action
extended_info = profile.get_expanded_subscription_info()
# assert
self.assertEqual(self.id1.split('/')[-1], extended_info['subscriptionId'])
self.assertEqual(self.display_name1, extended_info['subscriptionName'])
self.assertEqual('1234', extended_info['client'])
self.assertEqual('https://login.microsoftonline.com',
extended_info['endpoints'].active_directory)
def test_find_subscriptions_from_service_principal_id(self, mock_auth_context):
mock_auth_context.acquire_token_with_client_credentials.return_value = self.token_entry1
mock_arm_client = mock.MagicMock()
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
mgmt_resource = 'https://management.core.windows.net/'
# action
subs = finder.find_from_service_principal_id('my app', ServicePrincipalAuth('my secret'),
self.tenant_id, mgmt_resource)
# assert
self.assertEqual([self.subscription1], subs)
mock_arm_client.tenants.list.assert_not_called()
mock_auth_context.acquire_token.assert_not_called()
mock_auth_context.acquire_token_with_client_credentials.assert_called_once_with(
mgmt_resource, 'my app', 'my secret')
def test_find_subscriptions_from_service_principal_id(self, mock_auth_context):
mock_auth_context.acquire_token_with_client_credentials.return_value = self.token_entry1
mock_arm_client = mock.MagicMock()
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
mgmt_resource = 'https://management.core.windows.net/'
#action
subs = finder.find_from_service_principal_id('my app', 'my secret',
self.tenant_id, mgmt_resource)
#assert
self.assertEqual([self.subscription1], subs)
mock_arm_client.tenants.list.assert_not_called()
mock_auth_context.acquire_token.assert_not_called()
mock_auth_context.acquire_token_with_client_credentials.assert_called_once_with(
mgmt_resource, 'my app', 'my secret')
def test_find_subscriptions_thru_username_password(self, mock_auth_context):
mock_auth_context.acquire_token_with_username_password.return_value = self.token_entry1
mock_auth_context.acquire_token.return_value = self.token_entry1
mock_arm_client = mock.MagicMock()
mock_arm_client.tenants.list.return_value = [TenantStub(self.tenant_id)]
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
mgmt_resource = 'https://management.core.windows.net/'
# action
subs = finder.find_from_user_account(self.user1, 'bar', None, mgmt_resource)
# assert
self.assertEqual([self.subscription1], subs)
mock_auth_context.acquire_token_with_username_password.assert_called_once_with(
mgmt_resource, self.user1, 'bar', mock.ANY)
mock_auth_context.acquire_token.assert_called_once_with(
mgmt_resource, self.user1, mock.ANY)
def test_find_subscriptions_thru_username_password(self, mock_auth_context):
mock_auth_context.acquire_token_with_username_password.return_value = self.token_entry1
mock_auth_context.acquire_token.return_value = self.token_entry1
mock_arm_client = mock.MagicMock()
mock_arm_client.tenants.list.return_value = [TenantStub(self.tenant_id)]
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
mgmt_resource = 'https://management.core.windows.net/'
#action
subs = finder.find_from_user_account(self.user1, 'bar', mgmt_resource)
#assert
self.assertEqual([self.subscription1], subs)
mock_auth_context.acquire_token_with_username_password.assert_called_once_with(
mgmt_resource, self.user1, 'bar', mock.ANY)
mock_auth_context.acquire_token.assert_called_once_with(
mgmt_resource, self.user1, mock.ANY)
def test_find_subscriptions_through_interactive_flow(self, mock_auth_context):
test_nonsense_code = {'message': 'magic code for you'}
mock_auth_context.acquire_user_code.return_value = test_nonsense_code
mock_auth_context.acquire_token_with_device_code.return_value = self.token_entry1
mock_arm_client = mock.MagicMock()
mock_arm_client.tenants.list.return_value = [TenantStub(self.tenant_id)]
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
mgmt_resource = 'https://management.core.windows.net/'
# action
subs = finder.find_through_interactive_flow(None, mgmt_resource)
# assert
self.assertEqual([self.subscription1], subs)
mock_auth_context.acquire_user_code.assert_called_once_with(
mgmt_resource, mock.ANY)
mock_auth_context.acquire_token_with_device_code.assert_called_once_with(
mgmt_resource, test_nonsense_code, mock.ANY)
mock_auth_context.acquire_token.assert_called_once_with(
mgmt_resource, self.user1, mock.ANY)
def test_find_subscriptions_through_interactive_flow(self, mock_auth_context):
test_nonsense_code = {'message':'magic code for you'}
mock_auth_context.acquire_user_code.return_value = test_nonsense_code
mock_auth_context.acquire_token_with_device_code.return_value = self.token_entry1
mock_arm_client = mock.MagicMock()
mock_arm_client.tenants.list.return_value = [TenantStub(self.tenant_id)]
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
mgmt_resource = 'https://management.core.windows.net/'
#action
subs = finder.find_through_interactive_flow(mgmt_resource)
#assert
self.assertEqual([self.subscription1], subs)
mock_auth_context.acquire_user_code.assert_called_once_with(
mgmt_resource, mock.ANY)
mock_auth_context.acquire_token_with_device_code.assert_called_once_with(
mgmt_resource, test_nonsense_code, mock.ANY)
mock_auth_context.acquire_token.assert_called_once_with(
mgmt_resource, self.user1, mock.ANY)
def test_find_subscriptions_from_service_principal_using_cert(self, mock_auth_context):
mock_auth_context.acquire_token_with_client_certificate.return_value = self.token_entry1
mock_arm_client = mock.MagicMock()
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
mgmt_resource = 'https://management.core.windows.net/'
curr_dir = os.path.dirname(os.path.realpath(__file__))
test_cert_file = os.path.join(curr_dir, 'sp_cert.pem')
# action
subs = finder.find_from_service_principal_id('my app', ServicePrincipalAuth(test_cert_file),
self.tenant_id, mgmt_resource)
# assert
self.assertEqual([self.subscription1], subs)
mock_arm_client.tenants.list.assert_not_called()
mock_auth_context.acquire_token.assert_not_called()
mock_auth_context.acquire_token_with_client_certificate.assert_called_once_with(
mgmt_resource, 'my app', mock.ANY, mock.ANY)
def test_find_subscriptions_from_service_principal_using_cert(self, mock_auth_context):
mock_auth_context.acquire_token_with_client_certificate.return_value = self.token_entry1
mock_arm_client = mock.MagicMock()
mock_arm_client.subscriptions.list.return_value = [self.subscription1]
finder = SubscriptionFinder(lambda _, _2: mock_auth_context,
None,
lambda _: mock_arm_client)
mgmt_resource = 'https://management.core.windows.net/'
curr_dir = os.path.dirname(os.path.realpath(__file__))
test_cert_file = os.path.join(curr_dir, 'sp_cert.pem')
# action
subs = finder.find_from_service_principal_id('my app', ServicePrincipalAuth(test_cert_file),
self.tenant_id, mgmt_resource)
# assert
self.assertEqual([self.subscription1], subs)
mock_arm_client.tenants.list.assert_not_called()
mock_auth_context.acquire_token.assert_not_called()
mock_auth_context.acquire_token_with_client_certificate.assert_called_once_with(
mgmt_resource, 'my app', mock.ANY, mock.ANY)
def test_subscription_finder_constructor(self, get_api_mock, cloud_mock):
get_api_mock.return_value = '2016-06-01'
cloud_mock.endpoints.resource_manager = 'http://foo_arm'
finder = SubscriptionFinder(None, None, arm_client_factory=None)
result = finder._arm_client_factory(mock.MagicMock())
self.assertEquals(result.config.base_url, 'http://foo_arm')
def test_subscription_finder_constructor(self, get_api_mock, cloud_mock):
get_api_mock.return_value = '2016-06-01'
cloud_mock.endpoints.resource_manager = 'http://foo_arm'
finder = SubscriptionFinder(None, None, arm_client_factory=None)
result = finder._arm_client_factory(mock.MagicMock())
self.assertEquals(result.config.base_url, 'http://foo_arm')
