def validate_private_endpoint_connection_id(cmd, ns): if ns.connection_id: from azure.cli.core.util import parse_proxy_resource_id result = parse_proxy_resource_id(ns.connection_id) ns.resource_group_name = result['resource_group'] if result['type'] and 'managedHSM' in result['type']: ns.hsm_name = result['name'] else: ns.vault_name = result['name'] ns.private_endpoint_connection_name = result['child_name_1'] if not ns.resource_group_name: ns.resource_group_name = _get_resource_group_from_resource_name( cli_ctx=cmd.cli_ctx, vault_name=getattr(ns, 'vault_name', None), hsm_name=getattr(ns, 'hsm_name', None)) if not all([(getattr(ns, 'vault_name', None) or getattr(ns, 'hsm_name', None)), ns.resource_group_name, ns.private_endpoint_connection_name]): raise CLIError( 'incorrect usage: [--id ID | --name NAME --vault-name NAME | --name NAME --hsm-name NAME]' ) del ns.connection_id
def validate_private_endpoint_connection_id(namespace): if namespace.connection_id: from azure.cli.core.util import parse_proxy_resource_id result = parse_proxy_resource_id(namespace.connection_id) namespace.resource_group_name = result['resource_group'] namespace.scope_name = result['name'] namespace.private_endpoint_connection_name = result['child_name_1'] if not all([namespace.scope_name, namespace.resource_group_name, namespace.private_endpoint_connection_name]): raise CLIError('incorrect usage. Please provide [--id ID] or [--name NAME --scope-name NAME -g NAME]') del namespace.connection_id
def validate_private_endpoint_connection_id(ns): if ns.connection_id: from azure.cli.core.util import parse_proxy_resource_id result = parse_proxy_resource_id(ns.connection_id) ns.resource_group_name = result['resource_group'] ns.account_name = result['name'] ns.private_endpoint_connection_name = result['child_name_1'] if not all([ns.account_name, ns.resource_group_name, ns.private_endpoint_connection_name]): raise CLIError(None, 'incorrect usage: [--id ID | --name NAME --account-name NAME --resource-group NAME]') del ns.connection_id
def validate_private_endpoint_connection_id(cmd, namespace): if namespace.connection_id: result = parse_proxy_resource_id(namespace.connection_id) namespace.private_endpoint_connection_name = result['child_name_1'] namespace.server_name = result['name'] namespace.resource_group_name = result['resource_group'] if namespace.server_name and not namespace.resource_group_name: namespace.resource_group_name = _get_resource_group_from_server_name(cmd.cli_ctx, namespace.server_name) if not all([namespace.server_name, namespace.resource_group_name, namespace.private_endpoint_connection_name]): raise CLIError('incorrect usage: [--id ID | --name NAME --server-name NAME]') del namespace.connection_id
def test_proxy_resource_parse(self): mock_proxy_resource_id = "/subscriptions/0000/resourceGroups/clirg/" \ "providers/Microsoft.Network/privateEndpoints/cli/" \ "privateLinkServiceConnections/cliPec/privateLinkServiceConnectionsSubTypes/cliPecSubName" result = parse_proxy_resource_id(mock_proxy_resource_id) valid_dict_values = { 'subscription': '0000', 'resource_group': 'clirg', 'namespace': 'Microsoft.Network', 'type': 'privateEndpoints', 'name': 'cli', 'child_type_1': 'privateLinkServiceConnections', 'child_name_1': 'cliPec', 'child_type_2': 'privateLinkServiceConnectionsSubTypes', 'child_name_2': 'cliPecSubName', 'last_child_num': 2 } self.assertEqual(len(result.keys()), len(valid_dict_values.keys())) for key, value in valid_dict_values.items(): self.assertEqual(result[key], value) invalid_proxy_resource_id = "invalidProxyResourceID" result = parse_proxy_resource_id(invalid_proxy_resource_id) self.assertIsNone(result)
def validate_private_endpoint_connection_id(cmd, namespace): if namespace.connection_id: from azure.cli.core.util import parse_proxy_resource_id result = parse_proxy_resource_id(namespace.connection_id) namespace.resource_group_name = result['resource_group'] namespace.account_name = result['name'] namespace.private_endpoint_connection_name = result['child_name_1'] if namespace.account_name and not namespace.resource_group_name: namespace.resource_group_name = _query_account_rg(cmd.cli_ctx, namespace.account_name)[0] if not all([namespace.account_name, namespace.resource_group_name, namespace.private_endpoint_connection_name]): raise CLIError('incorrect usage: [--id ID | --name NAME --account-name NAME]') del namespace.connection_id
def validate_private_endpoint_connection_id(cmd, ns): if ns.connection_id: from azure.cli.core.util import parse_proxy_resource_id result = parse_proxy_resource_id(ns.connection_id) ns.resource_group_name = result['resource_group'] ns.vault_name = result['name'] ns.private_endpoint_connection_name = result['child_name_1'] if ns.vault_name and not ns.resource_group_name: ns.resource_group_name = _get_resource_group_from_resource_name(cmd.cli_ctx, ns.vault_name) if not all([ns.vault_name, ns.resource_group_name, ns.private_endpoint_connection_name]): raise CLIError('incorrect usage: [--id ID | --name NAME --vault-name NAME]') del ns.connection_id
def validate_private_endpoint_connection_id(namespace): from azure.cli.core.azclierror import RequiredArgumentMissingError if namespace.connection_id: from azure.cli.core.util import parse_proxy_resource_id result = parse_proxy_resource_id(namespace.connection_id) namespace.resource_group_name = result['resource_group'] namespace.namespace_name = result['name'] namespace.private_endpoint_connection_name = result.get('child_name_1') # if namespace.account_name and not namespace.resource_group_name: # namespace.resource_group_name = _query_account_rg(cmd.cli_ctx, namespace.account_name)[0] if not all([ namespace.namespace_name, namespace.resource_group_name, namespace.private_endpoint_connection_name ]): raise RequiredArgumentMissingError( "Please provide either `--Id` or `-g` value `--namespace-name` vaule `--name` value" ) del namespace.connection_id
def _test_private_endpoint_connection(self, resource_group, server, database_engine, rp_type): loc = 'westus' vnet = self.create_random_name('cli-vnet-', 24) subnet = self.create_random_name('cli-subnet-', 24) pe_name_auto = self.create_random_name('cli-pe-', 24) pe_name_manual_approve = self.create_random_name('cli-pe-', 24) pe_name_manual_reject = self.create_random_name('cli-pe-', 24) pe_connection_name_auto = self.create_random_name('cli-pec-', 24) pe_connection_name_manual_approve = self.create_random_name('cli-pec-', 24) pe_connection_name_manual_reject = self.create_random_name('cli-pec-', 24) # Prepare network and disable network policies self.cmd('network vnet create -n {} -g {} -l {} --subnet-name {}' .format(vnet, resource_group, loc, subnet), checks=self.check('length(newVNet.subnets)', 1)) self.cmd('network vnet subnet update -n {} --vnet-name {} -g {} ' '--disable-private-endpoint-network-policies true' .format(subnet, vnet, resource_group), checks=self.check('privateEndpointNetworkPolicies', 'Disabled')) # Get Server Id and Group Id result = self.cmd('{} server show -g {} -n {}' .format(database_engine, resource_group, server)).get_output_in_json() server_id = result['id'] result = self.cmd('network private-link-resource list -g {} -n {} --type {}' .format(resource_group, server, rp_type)).get_output_in_json() group_id = result[0]['properties']['groupId'] approval_description = 'You are approved!' rejection_description = 'You are rejected!' expectedError = 'Private Endpoint Connection Status is not Pending' # Testing Auto-Approval workflow # Create a private endpoint connection private_endpoint = self.cmd('network private-endpoint create -g {} -n {} --vnet-name {} --subnet {} -l {} ' '--connection-name {} --private-connection-resource-id {} ' '--group-id {}' .format(resource_group, pe_name_auto, vnet, subnet, loc, pe_connection_name_auto, server_id, group_id)).get_output_in_json() self.assertEqual(private_endpoint['name'], pe_name_auto) self.assertEqual(private_endpoint['privateLinkServiceConnections'][0]['name'], pe_connection_name_auto) self.assertEqual(private_endpoint['privateLinkServiceConnections'][0]['privateLinkServiceConnectionState']['status'], 'Approved') self.assertEqual(private_endpoint['privateLinkServiceConnections'][0]['provisioningState'], 'Succeeded') self.assertEqual(private_endpoint['privateLinkServiceConnections'][0]['groupIds'][0], group_id) # Get Private Endpoint Connection Name and Id result = self.cmd('{} server show -g {} -n {}' .format(database_engine, resource_group, server)).get_output_in_json() self.assertEqual(len(result['privateEndpointConnections']), 1) self.assertEqual(result['privateEndpointConnections'][0]['properties']['privateLinkServiceConnectionState']['status'], 'Approved') server_pec_id = result['privateEndpointConnections'][0]['id'] result = parse_proxy_resource_id(server_pec_id) server_pec_name = result['child_name_1'] self.cmd('network private-endpoint-connection show --resource-name {} -g {} --name {} --type {}' .format(server, resource_group, server_pec_name, rp_type), checks=[ self.check('id', server_pec_id), self.check('properties.privateLinkServiceConnectionState.status', 'Approved'), self.check('properties.provisioningState', 'Ready') ]) with self.assertRaisesRegexp(CLIError, expectedError): self.cmd('network private-endpoint-connection approve --resource-name {} -g {} --name {} --description "{}" --type {}' .format(server, resource_group, server_pec_name, approval_description, rp_type)) with self.assertRaisesRegexp(CLIError, expectedError): self.cmd('network private-endpoint-connection reject --resource-name {} -g {} --name {} --description "{}" --type {}' .format(server, resource_group, server_pec_name, rejection_description, rp_type)) self.cmd('network private-endpoint-connection delete --id {} -y' .format(server_pec_id)) # Testing Manual-Approval workflow [Approval] # Create a private endpoint connection private_endpoint = self.cmd('network private-endpoint create -g {} -n {} --vnet-name {} --subnet {} -l {} ' '--connection-name {} --private-connection-resource-id {} ' '--group-id {} --manual-request' .format(resource_group, pe_name_manual_approve, vnet, subnet, loc, pe_connection_name_manual_approve, server_id, group_id)).get_output_in_json() self.assertEqual(private_endpoint['name'], pe_name_manual_approve) self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['name'], pe_connection_name_manual_approve) self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['privateLinkServiceConnectionState']['status'], 'Pending') self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['provisioningState'], 'Succeeded') self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['groupIds'][0], group_id) # Get Private Endpoint Connection Name and Id result = self.cmd('{} server show -g {} -n {}' .format(database_engine, resource_group, server)).get_output_in_json() self.assertEqual(len(result['privateEndpointConnections']), 1) self.assertEqual(result['privateEndpointConnections'][0]['properties']['privateLinkServiceConnectionState']['status'], 'Pending') server_pec_id = result['privateEndpointConnections'][0]['id'] result = parse_proxy_resource_id(server_pec_id) server_pec_name = result['child_name_1'] self.cmd('network private-endpoint-connection show --resource-name {} -g {} --name {} --type {}' .format(server, resource_group, server_pec_name, rp_type), checks=[ self.check('id', server_pec_id), self.check('properties.privateLinkServiceConnectionState.status', 'Pending'), self.check('properties.provisioningState', 'Ready') ]) self.cmd('network private-endpoint-connection approve --resource-name {} -g {} --name {} --description "{}" --type {}' .format(server, resource_group, server_pec_name, approval_description, rp_type), checks=[ self.check('properties.privateLinkServiceConnectionState.status', 'Approved'), self.check('properties.privateLinkServiceConnectionState.description', approval_description), self.check('properties.provisioningState', 'Ready') ]) with self.assertRaisesRegexp(CLIError, expectedError): self.cmd('network private-endpoint-connection reject --resource-name {} -g {} --name {} --description "{}" --type {}' .format(server, resource_group, server_pec_name, rejection_description, rp_type)) self.cmd('network private-endpoint-connection delete --id {} -y' .format(server_pec_id)) # Testing Manual-Approval workflow [Rejection] # Create a private endpoint connection private_endpoint = self.cmd('network private-endpoint create -g {} -n {} --vnet-name {} --subnet {} -l {} ' '--connection-name {} --private-connection-resource-id {} ' '--group-id {} --manual-request true' .format(resource_group, pe_name_manual_reject, vnet, subnet, loc, pe_connection_name_manual_reject, server_id, group_id)).get_output_in_json() self.assertEqual(private_endpoint['name'], pe_name_manual_reject) self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['name'], pe_connection_name_manual_reject) self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['privateLinkServiceConnectionState']['status'], 'Pending') self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['provisioningState'], 'Succeeded') self.assertEqual(private_endpoint['manualPrivateLinkServiceConnections'][0]['groupIds'][0], group_id) # Get Private Endpoint Connection Name and Id result = self.cmd('{} server show -g {} -n {}' .format(database_engine, resource_group, server)).get_output_in_json() self.assertEqual(len(result['privateEndpointConnections']), 1) self.assertEqual(result['privateEndpointConnections'][0]['properties']['privateLinkServiceConnectionState']['status'], 'Pending') server_pec_id = result['privateEndpointConnections'][0]['id'] result = parse_proxy_resource_id(server_pec_id) server_pec_name = result['child_name_1'] self.cmd('network private-endpoint-connection show --resource-name {} -g {} --name {} --type {}' .format(server, resource_group, server_pec_name, rp_type), checks=[ self.check('id', server_pec_id), self.check('properties.privateLinkServiceConnectionState.status', 'Pending'), self.check('properties.provisioningState', 'Ready') ]) self.cmd('network private-endpoint-connection reject --resource-name {} -g {} --name {} --description "{}" --type {}' .format(server, resource_group, server_pec_name, rejection_description, rp_type), checks=[ self.check('properties.privateLinkServiceConnectionState.status', 'Rejected'), self.check('properties.privateLinkServiceConnectionState.description', rejection_description), self.check('properties.provisioningState', 'Ready') ]) with self.assertRaisesRegexp(CLIError, expectedError): self.cmd('network private-endpoint-connection approve --resource-name {} -g {} --name {} --description "{}" --type {}' .format(server, resource_group, server_pec_name, approval_description, rp_type)) self.cmd('network private-endpoint-connection list --name {} -g {} --type {}' .format(server, resource_group, rp_type)) self.cmd('network private-endpoint-connection delete --id {} -y' .format(server_pec_id))