def test_update_role_definition(self, client_mock): test_role_id = '2ac90824-b711-4809-bec9-4c85809d1111' def _update_def(role_definition_id, scope, role_definition): self.update_def_invoked = True self.assertEqual(role_definition_id, test_role_id) self.assertEqual(self.default_scope, scope) self.assertEqual(role_definition.role_name, self.role_logical_name) faked_role_client = mock.MagicMock() client_mock.return_value = faked_role_client faked_role_client.role_definitions.create_or_update = _update_def faked_role_client.config.subscription_id = self.subscription_id test_def = RoleDefinition(role_name=self.role_logical_name) test_def.name = test_role_id faked_role_client.role_definitions.list.return_value = [test_def] _, role_definition_file = tempfile.mkstemp() with open(role_definition_file, 'w') as f: json.dump(self.sample_role_def, f) role_definition_file = role_definition_file.replace('\\', '\\\\') # action cmd = mock.MagicMock() cmd.cli_ctx = TestCli() update_role_definition(cmd, role_definition_file) # assert self.assertTrue(self.update_def_invoked)
def create_role_definition(role_definition): role_id = uuid.uuid4() if os.path.exists(role_definition): role_definition = get_file_json(role_definition) else: role_definition = json.loads(role_definition) #to workaround service defects, ensure property names are camel case names = [p for p in role_definition if p[:1].isupper()] for n in names: new_name = n[:1].lower() + n[1:] role_definition[new_name] = role_definition.pop(n) if not 'name' in role_definition: raise CLIError("please provide 'name'") if not 'assignableScopes' in role_definition: raise CLIError("please provide 'assignableScopes'") permission = Permission(actions=role_definition.get('actions', None), not_actions=role_definition.get('notActions', None)) properties = RoleDefinitionProperties(role_name=role_definition['name'], description=role_definition.get('description', None), type=_CUSTOM_RULE, assignable_scopes=role_definition['assignableScopes'], permissions=[permission]) definition = RoleDefinition(name=role_id, properties=properties) definitions_client = _auth_client_factory().role_definitions return definitions_client.create_or_update(role_definition_id=role_id, scope=properties.assignable_scopes[0], role_definition=definition)
def _create_update_role_definition(cli_ctx, role_definition, for_update): definitions_client = _auth_client_factory(cli_ctx).role_definitions if os.path.exists(role_definition): role_definition = get_file_json(role_definition) else: role_definition = shell_safe_json_parse(role_definition) # to workaround service defects, ensure property names are camel case names = [p for p in role_definition if p[:1].isupper()] for n in names: new_name = n[:1].lower() + n[1:] role_definition[new_name] = role_definition.pop(n) role_name = role_definition.get('name', None) if not role_name: raise CLIError("please provide role name") if for_update: # for update, we need to use guid style unique name scopes_in_definition = role_definition.get('assignableScopes', None) scope = (scopes_in_definition[0] if scopes_in_definition else '/subscriptions/' + definitions_client.config.subscription_id) matched = _search_role_definitions(definitions_client, role_name, scope) if len(matched) != 1: raise CLIError( 'Please provide the unique logic name of an existing role') role_definition['name'] = matched[0].name # ensure correct logical name and guid name. For update we accept both role_name = matched[0].properties.role_name role_id = matched[0].name else: role_id = _gen_guid() if not for_update and 'assignableScopes' not in role_definition: raise CLIError("please provide 'assignableScopes'") permission = Permission(actions=role_definition.get('actions', None), not_actions=role_definition.get( 'notActions', None)) properties = RoleDefinitionProperties( role_name=role_name, description=role_definition.get('description', None), type=_CUSTOM_RULE, assignable_scopes=role_definition['assignableScopes'], permissions=[permission]) definition = RoleDefinition(name=role_id, properties=properties) return definitions_client.create_or_update( role_definition_id=role_id, scope=properties.assignable_scopes[0], role_definition=definition)