def validate_private_endpoint_connection_id(cmd, ns):
if ns.connection_id:
from azure.cli.core.util import parse_proxy_resource_id
result = parse_proxy_resource_id(ns.connection_id)
ns.resource_group_name = result['resource_group']
if result['type'] and 'managedHSM' in result['type']:
ns.hsm_name = result['name']
else:
ns.vault_name = result['name']
ns.private_endpoint_connection_name = result['child_name_1']
if not ns.resource_group_name:
ns.resource_group_name = _get_resource_group_from_resource_name(
cli_ctx=cmd.cli_ctx,
vault_name=getattr(ns, 'vault_name', None),
hsm_name=getattr(ns, 'hsm_name', None))
if not all([(getattr(ns, 'vault_name', None)
or getattr(ns, 'hsm_name', None)), ns.resource_group_name,
ns.private_endpoint_connection_name]):
raise CLIError(
'incorrect usage: [--id ID | --name NAME --vault-name NAME | --name NAME --hsm-name NAME]'
)
del ns.connection_id
def validate_private_endpoint_connection_id(namespace):
if namespace.connection_id:
from azure.cli.core.util import parse_proxy_resource_id
result = parse_proxy_resource_id(namespace.connection_id)
namespace.resource_group_name = result['resource_group']
namespace.scope_name = result['name']
namespace.private_endpoint_connection_name = result['child_name_1']
if not all([namespace.scope_name, namespace.resource_group_name, namespace.private_endpoint_connection_name]):
raise CLIError('incorrect usage. Please provide [--id ID] or [--name NAME --scope-name NAME -g NAME]')
del namespace.connection_id
def validate_private_endpoint_connection_id(ns):
if ns.connection_id:
from azure.cli.core.util import parse_proxy_resource_id
result = parse_proxy_resource_id(ns.connection_id)
ns.resource_group_name = result['resource_group']
ns.account_name = result['name']
ns.private_endpoint_connection_name = result['child_name_1']
if not all([ns.account_name, ns.resource_group_name, ns.private_endpoint_connection_name]):
raise CLIError(None, 'incorrect usage: [--id ID | --name NAME --account-name NAME --resource-group NAME]')
del ns.connection_id
def validate_private_endpoint_connection_id(cmd, namespace):
if namespace.connection_id:
result = parse_proxy_resource_id(namespace.connection_id)
namespace.private_endpoint_connection_name = result['child_name_1']
namespace.server_name = result['name']
namespace.resource_group_name = result['resource_group']
if namespace.server_name and not namespace.resource_group_name:
namespace.resource_group_name = _get_resource_group_from_server_name(cmd.cli_ctx, namespace.server_name)
if not all([namespace.server_name, namespace.resource_group_name, namespace.private_endpoint_connection_name]):
raise CLIError('incorrect usage: [--id ID | --name NAME --server-name NAME]')
del namespace.connection_id
def test_proxy_resource_parse(self):
mock_proxy_resource_id = "/subscriptions/0000/resourceGroups/clirg/" \
"providers/Microsoft.Network/privateEndpoints/cli/" \
"privateLinkServiceConnections/cliPec/privateLinkServiceConnectionsSubTypes/cliPecSubName"
result = parse_proxy_resource_id(mock_proxy_resource_id)
valid_dict_values = {
'subscription': '0000',
'resource_group': 'clirg',
'namespace': 'Microsoft.Network',
'type': 'privateEndpoints',
'name': 'cli',
'child_type_1': 'privateLinkServiceConnections',
'child_name_1': 'cliPec',
'child_type_2': 'privateLinkServiceConnectionsSubTypes',
'child_name_2': 'cliPecSubName',
'last_child_num': 2
}
self.assertEqual(len(result.keys()), len(valid_dict_values.keys()))
for key, value in valid_dict_values.items():
self.assertEqual(result[key], value)
invalid_proxy_resource_id = "invalidProxyResourceID"
result = parse_proxy_resource_id(invalid_proxy_resource_id)
self.assertIsNone(result)
def validate_private_endpoint_connection_id(cmd, namespace):
if namespace.connection_id:
from azure.cli.core.util import parse_proxy_resource_id
result = parse_proxy_resource_id(namespace.connection_id)
namespace.resource_group_name = result['resource_group']
namespace.account_name = result['name']
namespace.private_endpoint_connection_name = result['child_name_1']
if namespace.account_name and not namespace.resource_group_name:
namespace.resource_group_name = _query_account_rg(cmd.cli_ctx, namespace.account_name)[0]
if not all([namespace.account_name, namespace.resource_group_name, namespace.private_endpoint_connection_name]):
raise CLIError('incorrect usage: [--id ID | --name NAME --account-name NAME]')
del namespace.connection_id
def validate_private_endpoint_connection_id(cmd, ns):
if ns.connection_id:
from azure.cli.core.util import parse_proxy_resource_id
result = parse_proxy_resource_id(ns.connection_id)
ns.resource_group_name = result['resource_group']
ns.vault_name = result['name']
ns.private_endpoint_connection_name = result['child_name_1']
if ns.vault_name and not ns.resource_group_name:
ns.resource_group_name = _get_resource_group_from_resource_name(cmd.cli_ctx, ns.vault_name)
if not all([ns.vault_name, ns.resource_group_name, ns.private_endpoint_connection_name]):
raise CLIError('incorrect usage: [--id ID | --name NAME --vault-name NAME]')
del ns.connection_id
def validate_private_endpoint_connection_id(namespace):
from azure.cli.core.azclierror import RequiredArgumentMissingError
if namespace.connection_id:
from azure.cli.core.util import parse_proxy_resource_id
result = parse_proxy_resource_id(namespace.connection_id)
namespace.resource_group_name = result['resource_group']
namespace.namespace_name = result['name']
namespace.private_endpoint_connection_name = result.get('child_name_1')
# if namespace.account_name and not namespace.resource_group_name:
# namespace.resource_group_name = _query_account_rg(cmd.cli_ctx, namespace.account_name)[0]
if not all([
namespace.namespace_name, namespace.resource_group_name,
namespace.private_endpoint_connection_name
]):
raise RequiredArgumentMissingError(
"Please provide either `--Id` or `-g` value `--namespace-name` vaule `--name` value"
)
del namespace.connection_id
def _test_private_endpoint_connection(self, resource_group, server, database_engine, rp_type):
loc = 'westus'
vnet = self.create_random_name('cli-vnet-', 24)
subnet = self.create_random_name('cli-subnet-', 24)
pe_name_auto = self.create_random_name('cli-pe-', 24)
pe_name_manual_approve = self.create_random_name('cli-pe-', 24)
pe_name_manual_reject = self.create_random_name('cli-pe-', 24)
pe_connection_name_auto = self.create_random_name('cli-pec-', 24)
pe_connection_name_manual_approve = self.create_random_name('cli-pec-', 24)
pe_connection_name_manual_reject = self.create_random_name('cli-pec-', 24)
# Prepare network and disable network policies
self.cmd('network vnet create -n {} -g {} -l {} --subnet-name {}'
.format(vnet, resource_group, loc, subnet),
checks=self.check('length(newVNet.subnets)', 1))
self.cmd('network vnet subnet update -n {} --vnet-name {} -g {} '
'--disable-private-endpoint-network-policies true'
.format(subnet, vnet, resource_group),
checks=self.check('privateEndpointNetworkPolicies', 'Disabled'))
# Get Server Id and Group Id
result = self.cmd('{} server show -g {} -n {}'
.format(database_engine, resource_group, server)).get_output_in_json()
server_id = result['id']
result = self.cmd('network private-link-resource list -g {} -n {} --type {}'
.format(resource_group, server, rp_type)).get_output_in_json()
group_id = result[0]['properties']['groupId']
approval_description = 'You are approved!'
rejection_description = 'You are rejected!'
expectedError = 'Private Endpoint Connection Status is not Pending'
# Testing Auto-Approval workflow
# Create a private endpoint connection
private_endpoint = self.cmd('network private-endpoint create -g {} -n {} --vnet-name {} --subnet {} -l {} '
'--connection-name {} --private-connection-resource-id {} '
'--group-id {}'
.format(resource_group, pe_name_auto, vnet, subnet, loc, pe_connection_name_auto, server_id, group_id)).get_output_in_json()
self.assertEqual(private_endpoint['name'], pe_name_auto)
self.assertEqual(private_endpoint['privateLinkServiceConnections'][0]['name'], pe_connection_name_auto)
self.assertEqual(private_endpoint['privateLinkServiceConnections'][0]['privateLinkServiceConnectionState']['status'], 'Approved')
self.assertEqual(private_endpoint['privateLinkServiceConnections'][0]['provisioningState'], 'Succeeded')
self.assertEqual(private_endpoint['privateLinkServiceConnections'][0]['groupIds'][0], group_id)
# Get Private Endpoint Connection Name and Id
result = self.cmd('{} server show -g {} -n {}'
.format(database_engine, resource_group, server)).get_output_in_json()
self.assertEqual(len(result['privateEndpointConnections']), 1)
self.assertEqual(result['privateEndpointConnections'][0]['properties']['privateLinkServiceConnectionState']['status'],
'Approved')
server_pec_id = result['privateEndpointConnections'][0]['id']
result = parse_proxy_resource_id(server_pec_id)
server_pec_name = result['child_name_1']
self.cmd('network private-endpoint-connection show --resource-name {} -g {} --name {} --type {}'
.format(server, resource_group, server_pec_name, rp_type),
checks=[
self.check('id', server_pec_id),
self.check('properties.privateLinkServiceConnectionState.status', 'Approved'),
self.check('properties.provisioningState', 'Ready')
])
with self.assertRaisesRegexp(CLIError, expectedError):
self.cmd('network private-endpoint-connection approve --resource-name {} -g {} --name {} --description "{}" --type {}'
.format(server, resource_group, server_pec_name, approval_description, rp_type))
with self.assertRaisesRegexp(CLIError, expectedError):
self.cmd('network private-endpoint-connection reject --resource-name {} -g {} --name {} --description "{}" --type {}'
.format(server, resource_group, server_pec_name, rejection_description, rp_type))
self.cmd('network private-endpoint-connection delete --id {} -y'
.format(server_pec_id))
# Testing Manual-Approval workflow [Approval]
# Create a private endpoint connection
private_endpoint = self.cmd('network private-endpoint create -g {} -n {} --vnet-name {} --subnet {} -l {} '
'--connection-name {} --private-connection-resource-id {} '
'--group-id {} --manual-request'
.format(resource_group, pe_name_manual_approve, vnet, subnet, loc, pe_connection_name_manual_approve, server_id, group_id)).get_output_in_json()
self.assertEqual(private_endpoint['name'], pe_name_manual_approve)
self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['name'], pe_connection_name_manual_approve)
self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['privateLinkServiceConnectionState']['status'], 'Pending')
self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['provisioningState'], 'Succeeded')
self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['groupIds'][0], group_id)
# Get Private Endpoint Connection Name and Id
result = self.cmd('{} server show -g {} -n {}'
.format(database_engine, resource_group, server)).get_output_in_json()
self.assertEqual(len(result['privateEndpointConnections']), 1)
self.assertEqual(result['privateEndpointConnections'][0]['properties']['privateLinkServiceConnectionState']['status'],
'Pending')
server_pec_id = result['privateEndpointConnections'][0]['id']
result = parse_proxy_resource_id(server_pec_id)
server_pec_name = result['child_name_1']
self.cmd('network private-endpoint-connection show --resource-name {} -g {} --name {} --type {}'
.format(server, resource_group, server_pec_name, rp_type),
checks=[
self.check('id', server_pec_id),
self.check('properties.privateLinkServiceConnectionState.status', 'Pending'),
self.check('properties.provisioningState', 'Ready')
])
self.cmd('network private-endpoint-connection approve --resource-name {} -g {} --name {} --description "{}" --type {}'
.format(server, resource_group, server_pec_name, approval_description, rp_type),
checks=[
self.check('properties.privateLinkServiceConnectionState.status', 'Approved'),
self.check('properties.privateLinkServiceConnectionState.description', approval_description),
self.check('properties.provisioningState', 'Ready')
])
with self.assertRaisesRegexp(CLIError, expectedError):
self.cmd('network private-endpoint-connection reject --resource-name {} -g {} --name {} --description "{}" --type {}'
.format(server, resource_group, server_pec_name, rejection_description, rp_type))
self.cmd('network private-endpoint-connection delete --id {} -y'
.format(server_pec_id))
# Testing Manual-Approval workflow [Rejection]
# Create a private endpoint connection
private_endpoint = self.cmd('network private-endpoint create -g {} -n {} --vnet-name {} --subnet {} -l {} '
'--connection-name {} --private-connection-resource-id {} '
'--group-id {} --manual-request true'
.format(resource_group, pe_name_manual_reject, vnet, subnet, loc, pe_connection_name_manual_reject, server_id, group_id)).get_output_in_json()
self.assertEqual(private_endpoint['name'], pe_name_manual_reject)
self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['name'], pe_connection_name_manual_reject)
self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['privateLinkServiceConnectionState']['status'], 'Pending')
self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['provisioningState'], 'Succeeded')
self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['groupIds'][0], group_id)
# Get Private Endpoint Connection Name and Id
result = self.cmd('{} server show -g {} -n {}'
.format(database_engine, resource_group, server)).get_output_in_json()
self.assertEqual(len(result['privateEndpointConnections']), 1)
self.assertEqual(result['privateEndpointConnections'][0]['properties']['privateLinkServiceConnectionState']['status'],
'Pending')
server_pec_id = result['privateEndpointConnections'][0]['id']
result = parse_proxy_resource_id(server_pec_id)
server_pec_name = result['child_name_1']
self.cmd('network private-endpoint-connection show --resource-name {} -g {} --name {} --type {}'
.format(server, resource_group, server_pec_name, rp_type),
checks=[
self.check('id', server_pec_id),
self.check('properties.privateLinkServiceConnectionState.status', 'Pending'),
self.check('properties.provisioningState', 'Ready')
])
self.cmd('network private-endpoint-connection reject --resource-name {} -g {} --name {} --description "{}" --type {}'
.format(server, resource_group, server_pec_name, rejection_description, rp_type),
checks=[
self.check('properties.privateLinkServiceConnectionState.status', 'Rejected'),
self.check('properties.privateLinkServiceConnectionState.description', rejection_description),
self.check('properties.provisioningState', 'Ready')
])
with self.assertRaisesRegexp(CLIError, expectedError):
self.cmd('network private-endpoint-connection approve --resource-name {} -g {} --name {} --description "{}" --type {}'
.format(server, resource_group, server_pec_name, approval_description, rp_type))
self.cmd('network private-endpoint-connection list --name {} -g {} --type {}'
.format(server, resource_group, rp_type))
self.cmd('network private-endpoint-connection delete --id {} -y'
.format(server_pec_id))
