def test_graph_ownership(self): owner = get_signed_in_user(self) if not owner: return # this test delete users which are beyond a SP's capacity, so quit... self.kwargs = {'owner': owner} self.recording_processors.append( AADGraphUserReplacer(owner, '*****@*****.**')) try: self.kwargs['owner_object_id'] = self.cmd( 'ad user show --upn-or-object-id {owner}').get_output_in_json( )['objectId'] self.kwargs['app_id'] = self.cmd( 'ad sp create-for-rbac --skip-assignment').get_output_in_json( )['appId'] self.cmd( 'ad app owner add --owner-object-id {owner_object_id} --id {app_id}' ) self.cmd('ad app owner list --id {app_id}', checks=self.check('[0].userPrincipalName', owner)) self.cmd( 'ad app owner remove --owner-object-id {owner_object_id} --id {app_id}' ) self.cmd('ad app owner list --id {app_id}', checks=self.check('length([*])', 0)) finally: if self.kwargs['app_id']: self.cmd('ad sp delete --id {app_id}')
def test_graph_group_ownership(self): owner = get_signed_in_user(self) if not owner: return # this test delete users which are beyond a SP's capacity, so quit... self.kwargs = { 'owner': owner, 'group': self.create_random_name('cli-grp', 15), } self.recording_processors.append( AADGraphUserReplacer(owner, '*****@*****.**')) try: self.kwargs['owner_object_id'] = self.cmd( 'ad user show --upn-or-object-id {owner}').get_output_in_json( )['objectId'] self.kwargs['group_object_id'] = self.cmd( 'ad group create --display-name {group} --mail-nickname {group}' ).get_output_in_json()['objectId'] self.cmd( 'ad group owner add -g {group_object_id} --owner-object-id {owner_object_id}' ) self.cmd( 'ad group owner add -g {group_object_id} --owner-object-id {owner_object_id}' ) self.cmd('ad group owner list -g {group_object_id}', checks=self.check('length([*])', 1)) finally: if self.kwargs['group_object_id']: self.cmd('ad group delete -g ' + self.kwargs['group_object_id'])
def test_graph_ownership(self): playback = not (self.is_live or self.in_recording) if playback: owner = MOCKED_USER_NAME else: account_info = self.cmd('account show').get_output_in_json() if account_info['user']['type'] == 'servicePrincipal': return # this test delete users which are beyond a SP's capacity, so quit... owner = account_info['user']['name'] self.kwargs = {'owner': owner} self.recording_processors.append( AADGraphUserReplacer(owner, '*****@*****.**')) try: self.kwargs['owner_object_id'] = self.cmd( 'ad user show --upn-or-object-id {owner}').get_output_in_json( )['objectId'] self.kwargs['app_id'] = self.cmd( 'ad sp create-for-rbac --skip-assignment').get_output_in_json( )['appId'] self.cmd( 'ad app owner add --owner-object-id {owner_object_id} --id {app_id}' ) self.cmd('ad app owner list --id {app_id}', checks=self.check('[0].userPrincipalName', owner)) self.cmd( 'ad app owner remove --owner-object-id {owner_object_id} --id {app_id}' ) self.cmd('ad app owner list --id {app_id}', checks=self.check('length([*])', 0)) finally: if self.kwargs['app_id']: self.cmd('ad sp delete --id {app_id}')
def test_graph_group_scenario(self): account_info = self.cmd('account show').get_output_in_json() if account_info['user']['type'] == 'servicePrincipal': return # this test delete users which are beyond a SP's capacity, so quit... upn = account_info['user']['name'] domain = upn.split('@', 1)[1] self.kwargs = { 'user1': 'deleteme1', 'user2': 'deleteme2', 'domain': domain, 'new_mail_nick_name': 'deleteme11', 'group': 'deleteme_g', 'pass': '******' } self.recording_processors.append( AADGraphUserReplacer('@' + domain, '@example.com')) try: # create user1 user1_result = self.cmd( 'ad user create --display-name {user1} --password {pass} --user-principal-name {user1}@{domain}' ).get_output_in_json() self.kwargs['user1_id'] = user1_result['objectId'] # update user1 self.cmd( 'ad user update --display-name {user1}_new --account-enabled false --id {user1}@{domain} --mail-nickname {new_mail_nick_name}' ) user1_update_result = self.cmd( 'ad user show --upn-or-object-id {user1}@{domain}', checks=[ self.check("displayName", '{user1}_new'), self.check("accountEnabled", False) ]).get_output_in_json() self.cmd('ad user update --id {user1}@{domain} --password {pass}') self.cmd( 'ad user update --id {user1}@{domain} --password {pass} --force-change-password-next-login true' ) with self.assertRaises(CLIError): self.cmd( 'ad user update --id {user1}@{domain} --force-change-password-next-login false' ) self.kwargs['user1_id'] = user1_update_result['objectId'] # create user2 user2_result = self.cmd( 'ad user create --display-name {user2} --password {pass} --user-principal-name {user2}@{domain}' ).get_output_in_json() self.kwargs['user2_id'] = user2_result['objectId'] # create group group_result = self.cmd( 'ad group create --display-name {group} --mail-nickname {group}' ).get_output_in_json() self.kwargs['group_id'] = group_result['objectId'] # add user1 into group self.cmd('ad group member add -g {group} --member-id {user1_id}', checks=self.is_empty()) # add user2 into group self.cmd('ad group member add -g {group} --member-id {user2_id}', checks=self.is_empty()) # show user's group memberships self.cmd('ad user get-member-groups --upn-or-object-id {user1_id}', checks=self.check('[0].displayName', self.kwargs['group'])) # show group self.cmd('ad group show -g {group}', checks=[ self.check('objectId', '{group_id}'), self.check('displayName', '{group}') ]) self.cmd('ad group show -g {group}', checks=self.check('displayName', '{group}')) # list group self.cmd('ad group list --display-name {group}', checks=self.check('[0].displayName', '{group}')) # show member groups self.cmd('ad group get-member-groups -g {group}', checks=self.check('length([])', 0)) # check user1 memebership self.cmd('ad group member check -g {group} --member-id {user1_id}', checks=self.check('value', True)) # check user2 memebership self.cmd('ad group member check -g {group} --member-id {user2_id}', checks=self.check('value', True)) self.cmd('ad group member list -g {group}', checks=[ self.check("length([?displayName=='{user1}_new'])", 1), self.check("length([?displayName=='{user2}'])", 1), self.check("length([?displayName=='{user1}'])", 0), self.check("length([])", 2), ]) # remove user1 self.cmd( 'ad group member remove -g {group} --member-id {user1_id}') # check user1 memebership self.cmd('ad group member check -g {group} --member-id {user1_id}', checks=self.check('value', False)) # delete the group self.cmd('ad group delete -g {group}') self.cmd('ad group list', checks=self.check("length([?displayName=='{group}'])", 0)) finally: try: self.cmd('ad user delete --upn-or-object-id {user1_id}') self.cmd('ad user delete --upn-or-object-id {user2_id}') self.cmd('ad group delete -g {group}') except Exception: pass