Updating Namespace CMDLETS to accomodate MSI encryption. (#16994)

* Added MSI cmdlets

* Made fixes

* Revert to old ways for sku object construction

* Fixed error due to wrong merge

* Updating test

* Fixed tests by adding new SB Runner class

* Removed shouldprocess from new-azeventhubencryptionconfig

* Update SignatureIssues.csv

Adding error message to SignatureIssues.csv to suppress it.

* Tests added

* Fixing tests

* Added session records

* Fixed bug

* Fixing doc bugs

* Update ChangeLog.md

* Adding tests and fixed models

* Adding session records

Co-authored-by: Yabo Hu <[email protected]>

Author: damodaravadhani

src/ServiceBus/ServiceBus.Test/ScenarioTests/ServiceBusController.cs

@@ -92,6 +92,8 @@ public void RunPsTestWorkflow(
                     "ScenarioTests\\" + callingClassName + ".ps1",
                     _helper.RMProfileModule,
                     _helper.GetRMModulePath(@"AzureRM.ServiceBus.psd1"),
+                    _helper.GetRMModulePath(@"AzureRM.KeyVault.psd1"),
+                    _helper.GetRMModulePath(@"AzureRM.ManagedServiceIdentity.psd1"),
                     "AzureRM.Resources.ps1");
                 try
                 {

src/ServiceBus/ServiceBus.Test/ScenarioTests/ServiceBusServiceTests.cs

@@ -14,33 +14,45 @@
 
 namespace Microsoft.Azure.Commands.ServiceBus.Test.ScenarioTests
 {
+    using Microsoft.Azure.Commands.EventHub.Test.ScenarioTests;
     using Microsoft.WindowsAzure.Commands.ScenarioTest;
     using Microsoft.WindowsAzure.Commands.Test.Utilities.Common;
     using ServiceManagement.Common.Models;
     using Xunit;
     using Xunit.Abstractions;
-    public class ServiceBusServiceTests : RMTestBase
+    public class ServiceBusServiceTests : ServiceBusTestRunner
     {
-        public XunitTracingInterceptor _logger;
-
-        public ServiceBusServiceTests(ITestOutputHelper output)
+        public ServiceBusServiceTests(ITestOutputHelper output) : base(output)
         {
-            _logger = new XunitTracingInterceptor(output);
-            XunitTracingInterceptor.AddToContext(_logger);
+
         }
 
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void ServiceBusNameSpace_CURD_Tests()
         {
-            ServiceBusController.NewInstance.RunPsTest(_logger, "ServiceBusTests");
+            TestRunner.RunTestScript("ServiceBusTests");
         }
 
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void ServiceBusNameSpaceAuth_CURD_Tests()
         {
-            ServiceBusController.NewInstance.RunPsTest(_logger, "ServiceBusNameSpaceAuthTests");
+            TestRunner.RunTestScript("ServiceBusNameSpaceAuthTests");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void ServiceBusNameSpaceEncryption_CRUD()
+        {
+            TestRunner.RunTestScript("EncryptionTest");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void ServiceBusNameSpaceMSI()
+        {
+            TestRunner.RunTestScript("MSITest");
         }
     }
 }

src/ServiceBus/ServiceBus.Test/ScenarioTests/ServiceBusServiceTests.ps1

@@ -17,6 +17,7 @@
 .SYNOPSIS
 Tests EventHub Namespace Create List Remove operations.
 #>
+
 function ServiceBusTests {
     # Setup    
     $location = "East US 2"
@@ -237,4 +238,117 @@ function ServiceBusNameSpaceAuthTests {
     Write-Debug " Delete namespaces"
     Remove-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespaceName
 
+}
+
+function MSITest{
+    $resourceGroupName = "PS-Testing"
+    $msi1 = "PS-Testing-MSI1"
+    $msi2 = "PS-Testing-MSI2"
+    $msi3 = "PS-Testing-MSI3"
+    $namespace1 = getAssetName "Namespace1-"
+    $namespace2 = getAssetName "Namespace2-"
+    try{
+
+        $uad1 = Get-AzUserAssignedIdentity -ResourceGroupName $resourceGroupName -Name $msi1
+        $uad2 = Get-AzUserAssignedIdentity -ResourceGroupName $resourceGroupName -Name $msi2
+        $uad3 = Get-AzUserAssignedIdentity -ResourceGroupName $resourceGroupName -Name $msi3
+
+        $namespace = New-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace1 -SkuName Standard -Location northeurope
+        Assert-AreEqual $namespace.Name $namespace1
+        Assert-AreEqual $namespace.Sku.Name "Standard"
+
+        $namespace = Set-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace1 -IdentityType "SystemAssigned"
+        Assert-AreEqual $namespace.Name $namespace1
+        Assert-AreEqual $namespace.Sku.Name "Standard"
+        Assert-AreEqual $namespace.IdentityType "SystemAssigned"
+
+        $namespace = Set-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace1 -IdentityType "UserAssigned" -IdentityId $uad1.Id,$uad2.Id
+        Assert-AreEqual $namespace.Name $namespace1
+        Assert-AreEqual $namespace.Sku.Name "Standard"
+        Assert-AreEqual $namespace.IdentityType "UserAssigned"
+        Assert-True { $namespace.IdentityId.Count -eq 2 }
+
+        $namespace = Set-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace1 -IdentityType "SystemAssigned, UserAssigned" -IdentityId $uad1.Id,$uad2.Id
+        Assert-AreEqual $namespace.Name $namespace1
+        Assert-AreEqual $namespace.Sku.Name "Standard"
+        Assert-AreEqual $namespace.IdentityType "SystemAssignedUserAssigned"
+        Assert-True { $namespace.IdentityId.Count -eq 2 }
+
+        $namespace = Set-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace1 -IdentityType "None"
+        Assert-AreEqual $namespace.Name $namespace1
+        Assert-AreEqual $namespace.Sku.Name "Standard"
+        Assert-Null $namespace.Identity
+    }
+    finally{
+        Remove-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace1
+    }
+}
+
+function EncryptionTest{
+    try{
+        $resourceGroupName = "PS-Testing"
+        $msi1 = "PS-Testing-MSI1"
+        $msi2 = "PS-Testing-MSI2"
+        $msi3 = "PS-Testing-MSI3"
+        $kv1 = "PS-Testing-kv1"
+        $kv2 = "PS-Testing-kv2"
+        $kv1uri = "https://ps-testing-kv1.vault.azure.net/"
+        $kv2uri = "https://ps-testing-kv2.vault.azure.net"
+        $namespace1 = getAssetName "Namespace1-"
+        $namespace2 = getAssetName "Namespace2-"
+
+        $uad1 = Get-AzUserAssignedIdentity -ResourceGroupName $resourceGroupName -Name $msi1
+        $uad2 = Get-AzUserAssignedIdentity -ResourceGroupName $resourceGroupName -Name $msi2
+        $uad3 = Get-AzUserAssignedIdentity -ResourceGroupName $resourceGroupName -Name $msi3
+
+        $namespace = New-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace2 -SkuName Premium -Location northeurope -IdentityType SystemAssigned
+        Assert-AreEqual $namespace.Name $namespace2
+        Assert-AreEqual $namespace.Sku.Name "Premium"
+        Assert-AreEqual $namespace.IdentityType "SystemAssigned"
+
+        Set-AzKeyVaultAccessPolicy -VaultName $kv1 -ObjectId $namespace.Identity.PrincipalId -PermissionsToKeys wrapkey,unwrapkey,get -BypassObjectIdValidation
+
+        $ec1 = New-AzServiceBusEncryptionConfig -KeyName key1 -KeyVaultUri $kv1uri
+        $ec2 = New-AzServiceBusEncryptionConfig -KeyName key2 -KeyVaultUri $kv1uri
+
+        $namespace = Set-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace2 -EncryptionConfig $ec1,$ec2
+        Assert-AreEqual $namespace.Name $namespace2
+        Assert-AreEqual $namespace.Sku.Name "Premium"
+        Assert-AreEqual $namespace.IdentityType "SystemAssigned"
+        Assert-True { $namespace.EncryptionConfig.Count -eq 2 }
+
+
+        $ec1 = New-AzServiceBusEncryptionConfig -KeyName key1 -KeyVaultUri $kv1uri -UserAssignedIdentity $uad1.Id
+        $ec2 = New-AzServiceBusEncryptionConfig -KeyName key2 -KeyVaultUri $kv1uri -UserAssignedIdentity $uad1.Id
+
+        $namespace = New-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace1 -SkuName Premium -Location northeurope -IdentityType UserAssigned -IdentityId $uad1.Id,$uad2.Id -EncryptionConfig $ec1,$ec2
+        Assert-AreEqual $namespace.Name $namespace1
+        Assert-AreEqual $namespace.Sku.Name "Premium"
+        Assert-AreEqual $namespace.IdentityType "UserAssigned"
+        Assert-True { $namespace.IdentityId.Count -eq 2 }
+        Assert-True { $namespace.EncryptionConfig.Count -eq 2 }
+
+        $ec3 = New-AzServiceBusEncryptionConfig -KeyName key1 -KeyVaultUri $kv2uri -UserAssignedIdentity $uad1.id
+        $namespace.EncryptionConfig += $ec3
+
+        $namespace = Set-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace1 -EncryptionConfig $namespace.EncryptionConfig -Location northeurope
+        Assert-AreEqual $namespace.Name $namespace1
+        Assert-AreEqual $namespace.Sku.Name "Premium"
+        Assert-AreEqual $namespace.IdentityType "UserAssigned"
+        Assert-True { $namespace.IdentityId.Count -eq 2 }
+        Assert-True { $namespace.EncryptionConfig.Count -eq 3 }
+
+        $namespace = Get-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace1
+        Assert-AreEqual $namespace.Name $namespace1
+        Assert-AreEqual $namespace.Sku.Name "Premium"
+        Assert-AreEqual $namespace.IdentityType "UserAssigned"
+        Assert-True { $namespace.IdentityId.Count -eq 2 }
+        Assert-True { $namespace.EncryptionConfig.Count -eq 3 }
+
+    }
+     
+    finally{
+        Remove-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace1
+        Remove-AzServiceBusNamespace -ResourceGroupName $resourceGroupName -Name $namespace2
+    }
 }

src/ServiceBus/ServiceBus.Test/ScenarioTests/ServiceBusTestRunner.cs

@@ -0,0 +1,68 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System.Collections.Generic;
+using Microsoft.Azure.Commands.TestFx;
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Xunit.Abstractions;
+
+namespace Microsoft.Azure.Commands.EventHub.Test.ScenarioTests
+{
+    public class ServiceBusTestRunner
+    {
+        protected readonly ITestRunner TestRunner;
+
+        protected ServiceBusTestRunner(ITestOutputHelper output)
+        {
+            TestRunner = TestFx.TestManager.CreateInstance(output)
+                .WithNewPsScriptFilename($"{GetType().Name}.ps1")
+                .WithProjectSubfolderForTests("ScenarioTests")
+                .WithCommonPsScripts(new[]
+                {
+                    @"../AzureRM.Resources.ps1",
+                    @"../AzureRM.Storage.ps1"
+                })
+                .WithNewRmModules(helper => new[]
+               {
+                    helper.RMProfileModule,
+                    helper.GetRMModulePath("AzureRM.ServiceBus.psd1"),
+                    helper.GetRMModulePath("AzureRM.KeyVault.psd1"),
+                    helper.GetRMModulePath("AzureRM.ManagedServiceIdentity.psd1"),
+
+                })
+                .WithRecordMatcher(
+                    (ignoreResourcesClient, resourceProviders, userAgentsToIgnore) =>
+                        new PermissiveRecordMatcherWithApiExclusion(ignoreResourcesClient, resourceProviders, userAgentsToIgnore)
+                )
+                .WithNewRecordMatcherArguments(
+                    userAgentsToIgnore: new Dictionary<string, string>
+                    {
+                        {"Microsoft.Azure.Management.Resources.ResourceManagementClient", "2016-02-01"},
+                        {"Microsoft.Azure.Management.ResourceManager.ResourceManagementClient", "2017-05-10"},
+                        {"Microsoft.Azure.Management.Internal.Resources.ResourceManagementClient", "2016-09-01"},
+                    },
+                    resourceProviders: new Dictionary<string, string>
+                    {
+                        {"Microsoft.Resources", null},
+                        {"Microsoft.Features", null},
+                        {"Microsoft.Authorization", null},
+                        {"Microsoft.ServiceBus", null},
+                        {"Microsoft.KeyVault", null},
+                        {"Microsoft.ManagedServiceIdentity", null},
+                    }
+                )
+                .Build();
+        }
+    }
+}

src/ServiceBus/ServiceBus.Test/ServiceBus.Test.csproj

@@ -11,6 +11,9 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.5" />
+    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.1.0" />
+    <PackageReference Include="Microsoft.Azure.Management.ManagedServiceIdentity" Version="0.11.0" />
     <PackageReference Include="Microsoft.Azure.Management.ServiceBus" Version="3.0.0" />
   </ItemGroup>