def test_validate_msi_on_assign_identity_command(self,
mock_resolve_role_id):
# check throw on : az vm/vmss assign-identity --role reader --scope ""
np_mock = mock.MagicMock()
cmd = mock.MagicMock()
cmd.cli_ctx = DummyCli()
np_mock.identity_scope = ''
np_mock.identity_role = 'reader'
from azure.cli.core.azclierror import ArgumentUsageError
with self.assertRaises(ArgumentUsageError) as err:
_validate_vm_vmss_msi(cmd, np_mock, is_identity_assign=True)
self.assertTrue(
"usage error: please specify --scope when assigning a role to the managed identity"
in str(err.exception))
# check we set right role id
np_mock = mock.MagicMock()
np_mock.identity_scope = 'foo-scope'
np_mock.identity_role = 'reader'
np_mock.assign_identity = []
mock_resolve_role_id.return_value = 'foo-role-id'
_validate_vm_vmss_msi(cmd, np_mock, is_identity_assign=True)
self.assertEqual(np_mock.identity_role_id, 'foo-role-id')
mock_resolve_role_id.assert_called_with(cmd.cli_ctx, 'reader',
'foo-scope')
def test_validate_msi_on_assign_identity_command(self,
mock_resolve_role_id):
# check throw on : az vm/vmss assign-identity --role reader --scope ""
np_mock = mock.MagicMock()
cmd = mock.MagicMock()
cmd.cli_ctx = DummyCli()
np_mock.identity_scope = ''
np_mock.identity_role = 'reader'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(cmd, np_mock, from_set_command=True)
self.assertTrue(
"usage error: '--role reader' is not applicable as the '--scope' is set to None",
str(err.exception))
# check we set right role id
np_mock = mock.MagicMock()
np_mock.identity_scope = 'foo-scope'
np_mock.identity_role = 'reader'
np_mock.assign_identity = []
mock_resolve_role_id.return_value = 'foo-role-id'
_validate_vm_vmss_msi(cmd, np_mock, from_set_command=True)
self.assertEqual(np_mock.identity_role_id, 'foo-role-id')
mock_resolve_role_id.assert_called_with(cmd.cli_ctx, 'reader',
'foo-scope')
def test_validate_msi_on_create(self, mock_get_subscription,
mock_resolve_role_id):
# check throw on : az vm/vmss create --assign-identity --role reader --scope ""
from azure.cli.core.azclierror import ArgumentUsageError
np_mock = mock.MagicMock()
cmd = mock.MagicMock()
cmd.cli_ctx = DummyCli()
np_mock.assign_identity = []
np_mock.identity_scope = None
np_mock.identity_role = 'reader'
with self.assertRaises(ArgumentUsageError) as err:
_validate_vm_vmss_msi(cmd, np_mock)
self.assertTrue("usage error: please specify both --role and --scope "
"when assigning a role to the managed identity" in str(
err.exception))
np_mock = mock.MagicMock()
np_mock.assign_identity = []
np_mock.identity_scope = 'foo-scope'
np_mock.identity_role = None
with self.assertRaises(ArgumentUsageError) as err:
_validate_vm_vmss_msi(cmd, np_mock)
self.assertTrue("usage error: please specify both --role and --scope "
"when assigning a role to the managed identity" in str(
err.exception))
# check throw on : az vm/vmss create --scope "some scope"
np_mock = mock.MagicMock()
np_mock.assign_identity = None
np_mock.identity_scope = 'foo-scope'
with self.assertRaises(ArgumentUsageError) as err:
_validate_vm_vmss_msi(cmd, np_mock)
self.assertTrue(
'usage error: --assign-identity [--scope SCOPE] [--role ROLE]' in
str(err.exception))
# check throw on : az vm/vmss create --role "reader"
np_mock = mock.MagicMock()
np_mock.assign_identity = None
np_mock.identity_role = 'reader'
with self.assertRaises(ArgumentUsageError) as err:
_validate_vm_vmss_msi(cmd, np_mock)
self.assertTrue(
'usage error: --assign-identity [--scope SCOPE] [--role ROLE]' in
str(err.exception))
# check we set right role id
np_mock = mock.MagicMock()
np_mock.assign_identity = []
np_mock.identity_scope = 'foo-scope'
np_mock.identity_role = 'reader'
mock_resolve_role_id.return_value = 'foo-role-id'
_validate_vm_vmss_msi(cmd, np_mock)
self.assertEqual(np_mock.identity_role_id, 'foo-role-id')
self.assertEqual(np_mock.identity_role, 'reader')
mock_resolve_role_id.assert_called_with(cmd.cli_ctx, 'reader',
'foo-scope')
def test_validate_msi_on_create(self, mock_get_subscription,
mock_resolve_role_id):
# check throw on : az vm/vmss create --assign-identity --role reader --scope ""
np_mock = mock.MagicMock()
np_mock.assign_identity = True
np_mock.identity_scope = ''
np_mock.identity_role = 'reader'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(np_mock)
self.assertTrue(
"usage error: '--role reader' is not applicable as the '--scope' is set to None",
str(err.exception))
# check throw on : az vm/vmss create --scope "some scope"
np_mock = mock.MagicMock()
np_mock.assign_identity = False
np_mock.identity_scope = 'foo-scope'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(np_mock)
self.assertTrue(
'usage error: --assign-identity [--scope SCOPE] [--role ROLE]' in
str(err.exception))
# check throw on : az vm/vmss create --role "reader"
np_mock = mock.MagicMock()
np_mock.assign_identity = False
np_mock.identity_role = 'reader'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(np_mock)
self.assertTrue(
'usage error: --assign-identity [--scope SCOPE] [--role ROLE]' in
str(err.exception))
# check we set right role id
np_mock = mock.MagicMock()
np_mock.assign_identity = True
np_mock.identity_scope = 'foo-scope'
np_mock.identity_role = 'reader'
mock_resolve_role_id.return_value = 'foo-role-id'
_validate_vm_vmss_msi(np_mock)
self.assertEqual(np_mock.identity_role_id, 'foo-role-id')
self.assertEqual(np_mock.identity_role, 'reader')
mock_resolve_role_id.assert_called_with('reader', 'foo-scope')
# check we set right default scope
np_mock = mock.MagicMock()
np_mock.assign_identity = True
np_mock.identity_scope = None
np_mock.identity_role = 'Reader'
np_mock.resource_group_name = 'foo-group'
mock_get_subscription.return_value = 'foo-subscription-id'
mock_resolve_role_id.return_value = 'foo-role-id'
_validate_vm_vmss_msi(np_mock)
self.assertEqual(
'/subscriptions/foo-subscription-id/resourceGroups/foo-group',
np_mock.identity_scope)
def test_validate_msi_on_create(self, mock_get_subscription, mock_resolve_role_id):
# check throw on : az vm/vmss create --assign-identity --role reader --scope ""
np_mock = mock.MagicMock()
np_mock.assign_identity = True
np_mock.identity_scope = ''
np_mock.identity_role = 'reader'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(np_mock)
self.assertTrue("usage error: '--role reader' is not applicable as the '--scope' is set to None",
str(err.exception))
# check throw on : az vm/vmss create --scope "some scope"
np_mock = mock.MagicMock()
np_mock.assign_identity = False
np_mock.identity_scope = 'foo-scope'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(np_mock)
self.assertTrue('usage error: --assign-identity [--scope SCOPE] [--role ROLE]' in str(err.exception))
# check throw on : az vm/vmss create --role "reader"
np_mock = mock.MagicMock()
np_mock.assign_identity = False
np_mock.identity_role = 'reader'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(np_mock)
self.assertTrue('usage error: --assign-identity [--scope SCOPE] [--role ROLE]' in str(err.exception))
# check we set right role id
np_mock = mock.MagicMock()
np_mock.assign_identity = True
np_mock.identity_scope = 'foo-scope'
np_mock.identity_role = 'reader'
mock_resolve_role_id.return_value = 'foo-role-id'
_validate_vm_vmss_msi(np_mock)
self.assertEqual(np_mock.identity_role_id, 'foo-role-id')
self.assertEqual(np_mock.identity_role, 'reader')
mock_resolve_role_id.assert_called_with('reader', 'foo-scope')
# check we set right default scope
np_mock = mock.MagicMock()
np_mock.assign_identity = True
np_mock.identity_scope = None
np_mock.identity_role = 'Reader'
np_mock.resource_group_name = 'foo-group'
mock_get_subscription.return_value = 'foo-subscription-id'
mock_resolve_role_id.return_value = 'foo-role-id'
_validate_vm_vmss_msi(np_mock)
self.assertEqual('/subscriptions/foo-subscription-id/resourceGroups/foo-group', np_mock.identity_scope)
def test_validate_msi_on_assign_identity_command(self, mock_resolve_role_id):
# check throw on : az vm/vmss assign-identity --role reader --scope ""
np_mock = mock.MagicMock()
np_mock.identity_scope = ''
np_mock.identity_role = 'reader'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(np_mock, from_set_command=True)
self.assertTrue("usage error: '--role reader' is not applicable as the '--scope' is set to None",
str(err.exception))
# check we set right role id
np_mock = mock.MagicMock()
np_mock.identity_scope = 'foo-scope'
np_mock.identity_role = 'reader'
mock_resolve_role_id.return_value = 'foo-role-id'
_validate_vm_vmss_msi(np_mock, from_set_command=True)
self.assertEqual(np_mock.identity_role_id, 'foo-role-id')
mock_resolve_role_id.assert_called_with('reader', 'foo-scope')
def test_validate_msi_on_create(self, mock_get_subscription,
mock_resolve_role_id):
# check throw on : az vm/vmss create --assign-identity --role reader --scope ""
np_mock = mock.MagicMock()
cmd = mock.MagicMock()
cmd.cli_ctx = DummyCli()
np_mock.assign_identity = []
np_mock.identity_scope = None
np_mock.identity_role = 'reader'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(cmd, np_mock)
self.assertTrue(
"usage error: '--role reader' is not applicable as the '--scope' is "
"not provided" in str(err.exception))
# check throw on : az vm/vmss create --scope "some scope"
np_mock = mock.MagicMock()
np_mock.assign_identity = None
np_mock.identity_scope = 'foo-scope'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(cmd, np_mock)
self.assertTrue(
'usage error: --assign-identity [--scope SCOPE] [--role ROLE]' in
str(err.exception))
# check throw on : az vm/vmss create --role "reader"
np_mock = mock.MagicMock()
np_mock.assign_identity = None
np_mock.identity_role = 'reader'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(cmd, np_mock)
self.assertTrue(
'usage error: --assign-identity [--scope SCOPE] [--role ROLE]' in
str(err.exception))
# check we set right role id
np_mock = mock.MagicMock()
np_mock.assign_identity = []
np_mock.identity_scope = 'foo-scope'
np_mock.identity_role = 'reader'
mock_resolve_role_id.return_value = 'foo-role-id'
_validate_vm_vmss_msi(cmd, np_mock)
self.assertEqual(np_mock.identity_role_id, 'foo-role-id')
self.assertEqual(np_mock.identity_role, 'reader')
mock_resolve_role_id.assert_called_with(cmd.cli_ctx, 'reader',
'foo-scope')
def test_validate_msi_on_create(self, mock_get_subscription, mock_resolve_role_id):
# check throw on : az vm/vmss create --assign-identity --role reader --scope ""
np_mock = mock.MagicMock()
cmd = mock.MagicMock()
cmd.cli_ctx = TestCli()
np_mock.assign_identity = []
np_mock.identity_scope = None
np_mock.identity_role = 'reader'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(cmd, np_mock)
self.assertTrue("usage error: '--role reader' is not applicable as the '--scope' is "
"not provided" in str(err.exception))
# check throw on : az vm/vmss create --scope "some scope"
np_mock = mock.MagicMock()
np_mock.assign_identity = None
np_mock.identity_scope = 'foo-scope'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(cmd, np_mock)
self.assertTrue('usage error: --assign-identity [--scope SCOPE] [--role ROLE]' in str(err.exception))
# check throw on : az vm/vmss create --role "reader"
np_mock = mock.MagicMock()
np_mock.assign_identity = None
np_mock.identity_role = 'reader'
with self.assertRaises(CLIError) as err:
_validate_vm_vmss_msi(cmd, np_mock)
self.assertTrue('usage error: --assign-identity [--scope SCOPE] [--role ROLE]' in str(err.exception))
# check we set right role id
np_mock = mock.MagicMock()
np_mock.assign_identity = []
np_mock.identity_scope = 'foo-scope'
np_mock.identity_role = 'reader'
mock_resolve_role_id.return_value = 'foo-role-id'
_validate_vm_vmss_msi(cmd, np_mock)
self.assertEqual(np_mock.identity_role_id, 'foo-role-id')
self.assertEqual(np_mock.identity_role, 'reader')
mock_resolve_role_id.assert_called_with(cmd.cli_ctx, 'reader', 'foo-scope')
