File: disable_test_mgmt_authorization.py

package info (click to toggle)
python-azure 20251014%2Bgit-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 766,472 kB
  • sloc: python: 6,314,744; ansic: 804; javascript: 287; makefile: 198; sh: 198; xml: 109
file content (66 lines) | stat: -rw-r--r-- 2,535 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# coding: utf-8

# -------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
# --------------------------------------------------------------------------
import unittest

import azure.mgmt.authorization
from devtools_testutils import AzureMgmtTestCase, ResourceGroupPreparer


class MgmtAuthorizationTest(AzureMgmtTestCase):

    def setUp(self):
        super(MgmtAuthorizationTest, self).setUp()
        self.authorization_client = self.create_mgmt_client(azure.mgmt.authorization.AuthorizationManagementClient)

    @ResourceGroupPreparer()
    def test_authorization(self, resource_group, location):
        permissions = self.authorization_client.permissions.list_for_resource_group(resource_group.name)

        permissions = list(permissions)
        self.assertEqual(len(permissions), 1)
        self.assertEqual(permissions[0].actions[0], "*")

    @ResourceGroupPreparer()
    def test_role_definitions(self, resource_group, location):
        # Get "Contributor" built-in role as a RoleDefinition object
        role_name = "Contributor"
        roles = list(
            self.authorization_client.role_definitions.list(
                resource_group.id, filter="roleName eq '{}'".format(role_name)
            )
        )
        assert len(roles) == 1

    @ResourceGroupPreparer()
    def test_role_assignment(self, resource_group, location):
        contributor_id = "b24988ac-6180-42a0-ab88-20f7382dd24c"  # Reserved UUID for contributor on Azure

        contributor_full_id = "/subscriptions/{}/providers/Microsoft.Authorization/roleDefinitions/{}".format(
            self.settings.SUBSCRIPTION_ID, contributor_id
        )

        role_name = "ddfe2dc0-9858-442f-aca3-ac215947a815"  # Consistent for testing, but not significant

        role_assignment = self.authorization_client.role_assignments.create(
            resource_group.id,
            role_name,
            {
                "role_definition_id": contributor_full_id,
                "principal_id": "6d33bfc8-e476-11e8-915d-f2801f1b9fd1",  # Should be service principal object ID
            },
        )

        self.authorization_client.role_assignments.delete(
            resource_group.id,
            role_assignment.name,
        )


# ------------------------------------------------------------------------------
if __name__ == "__main__":
    unittest.main()