Add test coverage for no role assignment in default SP creation scenario

cormacpayne · cormacpayne · commit 25fb72a73213 · 2018-05-24T13:49:53.000-07:00
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -3,7 +3,7 @@
 * Revert change to `New-AzureRmADServicePrincipal` that gave service principals `Contributor` permissions over the current subscription if no values were provided for the `Role` or `Scope` parameters
     - If no values are provided for `Role` or `Scope`, the service principal is created with no permissions
     - If a `Role` is provided, but no `Scope`, the service principal is created with the specified `Role` permissions over the current subscription
-    - If a `Scope` is provided, but no `Scope`, the service principal is created with `Contributor` permissions over the specified `Scope`
+    - If a `Scope` is provided, but no `Role`, the service principal is created with `Contributor` permissions over the specified `Scope`
     - If both `Role` and `Scope` are provided, the service principal is created with the specified `Role` permissions over the specified `Scope`
 
 ## 6.1.0 - May 2018
diff --git a/src/ResourceManager/Resources/AzureRM.Resources.psd1 b/src/ResourceManager/Resources/AzureRM.Resources.psd1
@@ -163,7 +163,7 @@ PrivateData = @{
         ReleaseNotes = '* Revert change to `New-AzureRmADServicePrincipal` that gave service principals `Contributor` permissions over the current subscription if no values were provided for the `Role` or `Scope` parameters
     - If no values are provided for `Role` or `Scope`, the service principal is created with no permissions
     - If a `Role` is provided, but no `Scope`, the service principal is created with the specified `Role` permissions over the current subscription
-    - If a `Scope` is provided, but no `Scope`, the service principal is created with `Contributor` permissions over the specified `Scope`
+    - If a `Scope` is provided, but no `Role`, the service principal is created with `Contributor` permissions over the specified `Scope`
     - If both `Role` and `Scope` are provided, the service principal is created with the specified `Role` permissions over the specified `Scope`'
 
         # Prerelease string of this module
diff --git a/src/ResourceManager/Resources/ChangeLog.md b/src/ResourceManager/Resources/ChangeLog.md
@@ -23,7 +23,7 @@
 * Revert change to `New-AzureRmADServicePrincipal` that gave service principals `Contributor` permissions over the current subscription if no values were provided for the `Role` or `Scope` parameters
     - If no values are provided for `Role` or `Scope`, the service principal is created with no permissions
     - If a `Role` is provided, but no `Scope`, the service principal is created with the specified `Role` permissions over the current subscription
-    - If a `Scope` is provided, but no `Scope`, the service principal is created with `Contributor` permissions over the specified `Scope`
+    - If a `Scope` is provided, but no `Role`, the service principal is created with `Contributor` permissions over the specified `Scope`
     - If both `Role` and `Scope` are provided, the service principal is created with the specified `Role` permissions over the specified `Scope`
 
 ## Version 6.0.0
diff --git a/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.cs b/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.cs
@@ -599,7 +599,7 @@ public void TestNewADApplication()
             ResourcesController.NewInstance.RunPsTest("Test-NewADApplication");
         }
 
-        [Fact(Skip = "Need AD team to re-record test")]
+        [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void TestNewADServicePrincipalWithoutApp()
         {
diff --git a/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.ps1 b/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.ps1
@@ -549,10 +549,12 @@ function Test-NewADServicePrincipalWithoutApp
 
     # Test
     $servicePrincipal = New-AzureRmADServicePrincipal -DisplayName $displayName
+	$role = Get-AzureRmRoleAssignment -ObjectId $servicePrincipal.Id
 
     # Assert
     Assert-NotNull $servicePrincipal
     Assert-AreEqual $servicePrincipal.DisplayName $displayName
+	Assert-Null $role
 
     # GetServicePrincipal by ObjectId
     $sp1 = Get-AzureRmADServicePrincipal -ObjectId $servicePrincipal.Id
diff --git a/src/ResourceManager/Resources/Commands.Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.ActiveDirectoryTests/TestNewADServicePrincipalWithoutApp.json b/src/ResourceManager/Resources/Commands.Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.ActiveDirectoryTests/TestNewADServicePrincipalWithoutApp.json
diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/UpdateAzureADServicePrincipalCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/UpdateAzureADServicePrincipalCommand.cs
@@ -100,7 +100,7 @@ public override void ExecuteCmdlet()
                 }
 
                 // Get AppObjectId
-                var applicationObjectId = sp.Id;
+                var applicationObjectId = GetObjectIdFromApplicationId(sp.ApplicationId.ToString());
                 ApplicationUpdateParameters parameters = new ApplicationUpdateParameters()
                 {
                     DisplayName = DisplayName,
@@ -117,5 +117,16 @@ public override void ExecuteCmdlet()
                 }
             });
         }
+
+        private Guid GetObjectIdFromApplicationId(string applicationId)
+        {
+            var odataQueryFilter = new Rest.Azure.OData.ODataQuery<Application>(a => a.AppId == applicationId);
+            var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQueryFilter).SingleOrDefault();
+            if (app == null)
+            {
+                throw new InvalidOperationException(String.Format("Application with AppId '{0}' does not exist.", applicationId));
+            }
+            return app.ObjectId;
+        }
     }
 }
diff --git a/tools/AzureRM/AzureRM.psd1 b/tools/AzureRM/AzureRM.psd1
@@ -164,7 +164,7 @@ AzureRM.Resources
 * Revert change to `New-AzureRmADServicePrincipal` that gave service principals `Contributor` permissions over the current subscription if no values were provided for the `Role` or `Scope` parameters
     - If no values are provided for `Role` or `Scope`, the service principal is created with no permissions
     - If a `Role` is provided, but no `Scope`, the service principal is created with the specified `Role` permissions over the current subscription
-    - If a `Scope` is provided, but no `Scope`, the service principal is created with `Contributor` permissions over the specified `Scope`
+    - If a `Scope` is provided, but no `Role`, the service principal is created with `Contributor` permissions over the specified `Scope`
     - If both `Role` and `Scope` are provided, the service principal is created with the specified `Role` permissions over the specified `Scope`
 '
 

Original file line number	Diff line number	Diff line change
`@@ -599,7 +599,7 @@ public void TestNewADApplication()`
`599`	`599`	`ResourcesController.NewInstance.RunPsTest("Test-NewADApplication");`
`600`	`600`	`}`
`601`	`601`
`602`		`- [Fact(Skip = "Need AD team to re-record test")]`
	`602`	`+ [Fact]`
`603`	`603`	`[Trait(Category.AcceptanceType, Category.CheckIn)]`
`604`	`604`	`public void TestNewADServicePrincipalWithoutApp()`
`605`	`605`	`{`
Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,7 @@ public override void ExecuteCmdlet()`
`100`	`100`	`}`
`101`	`101`
`102`	`102`	`// Get AppObjectId`
`103`		`- var applicationObjectId = sp.Id;`
	`103`	`+ var applicationObjectId = GetObjectIdFromApplicationId(sp.ApplicationId.ToString());`
`104`	`104`	`ApplicationUpdateParameters parameters = new ApplicationUpdateParameters()`
`105`	`105`	`{`
`106`	`106`	`DisplayName = DisplayName,`
`@@ -117,5 +117,16 @@ public override void ExecuteCmdlet()`
`117`	`117`	`}`
`118`	`118`	`});`
`119`	`119`	`}`
	`120`	`+`
	`121`	`+ private Guid GetObjectIdFromApplicationId(string applicationId)`
	`122`	`+ {`
	`123`	`+ var odataQueryFilter = new Rest.Azure.OData.ODataQuery<Application>(a => a.AppId == applicationId);`
	`124`	`+ var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQueryFilter).SingleOrDefault();`
	`125`	`+ if (app == null)`
	`126`	`+ {`
	`127`	`+ throw new InvalidOperationException(String.Format("Application with AppId '{0}' does not exist.", applicationId));`
	`128`	`+ }`
	`129`	`+ return app.ObjectId;`
	`130`	`+ }`
`120`	`131`	`}`
`121`	`132`	`}`
Original file line number	Diff line number	Diff line change
`@@ -164,7 +164,7 @@ AzureRM.Resources`
`164`	`164`	* Revert change to `New-AzureRmADServicePrincipal` that gave service principals `Contributor` permissions over the current subscription if no values were provided for the `Role` or `Scope` parameters
`165`	`165`	- If no values are provided for `Role` or `Scope`, the service principal is created with no permissions
`166`	`166`	- If a `Role` is provided, but no `Scope`, the service principal is created with the specified `Role` permissions over the current subscription
`167`		- - If a `Scope` is provided, but no `Scope`, the service principal is created with `Contributor` permissions over the specified `Scope`
	`167`	+ - If a `Scope` is provided, but no `Role`, the service principal is created with `Contributor` permissions over the specified `Scope`
`168`	`168`	- If both `Role` and `Scope` are provided, the service principal is created with the specified `Role` permissions over the specified `Scope`
`169`	`169`	`'`
`170`	`170`