[NetAppFilse] Add test and fix for NetAppAccount Identity (#23808)

* Add test and fix for NetAppAccount Identity

* Update test run

* Update tests

* Update tests

* Enable volumegroup test

Author: audunn

src/NetAppFiles/NetAppFiles.Test/NetAppFiles.Test.csproj

@@ -17,6 +17,7 @@
   <ItemGroup>
     <ProjectReference Include="..\NetAppFiles\NetAppFiles.csproj" />
 	<ProjectReference Include="..\NetAppFiles.Management.Sdk\NetAppFiles.Management.Sdk.csproj" />
+	<PackageReference Include="Microsoft.Azure.Management.ManagedServiceIdentity" Version="0.10.0-preview" />
   </ItemGroup>
 
   <ItemGroup>

src/NetAppFiles/NetAppFiles.Test/ScenarioTests/AccountTests.cs

@@ -43,5 +43,12 @@ public void TestAccountPipelines()
         {
             TestRunner.RunTestScript("Test-AccountPipelines");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestAccountCMK()
+        {
+            TestRunner.RunTestScript("Test-AccountCMK");
+        }
     }
 }

src/NetAppFiles/NetAppFiles.Test/ScenarioTests/AccountTests.ps1

@@ -193,6 +193,91 @@ function Test-AccountCrud
     }
 }
 
+<#
+.SYNOPSIS
+Test Account CMK CRUD operations
+#>
+function Test-AccountCMK
+{
+    #$resourceGroup = "somename2"
+    $currentSub = (Get-AzureRmContext).Subscription
+    $subsid = $currentSub.SubscriptionId
+
+    $resourceGroup = Get-ResourceGroupName
+    $accName1 = Get-ResourceName
+    $accName2 = Get-ResourceName
+    $identityName = Get-ResourceName
+    #$keyVaultName = Get-ResourceName
+    $resourceLocation = Get-ProviderLocation "Microsoft.NetApp"
+    $keySource = "Microsoft.KeyVault"
+    $keyVaultUri = "https://akvtestvault2.vault.azure.net/"
+    $keyName = "akvTestMaster"
+    $keyVaultName = "akvTestVault2"
+    $keyVaultResourceId = "/subscriptions/0661b131-4a11-479b-96bf-2f95acca2f73/resourceGroups/akvTestRG/providers/Microsoft.KeyVault/vaults/akvTestVault2"
+    $kvResourceGroup = "akvTestRG"
+    # $userAssignedIdentity = "/subscriptions/$subsid/resourcegroups/$resourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/FakeUserIdentity"
+    $userAssignedIdentity = "/subscriptions/$subsid/resourcegroups/akvTestRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/abAkvIdenity"
+
+    $identityType = "UserAssigned"
+
+    try
+    {
+        # create the resource group
+        New-AzResourceGroup -Name $resourceGroup -Location $resourceLocation -Tags @{Owner = 'b-aubald'}
+
+        # New-AzResourceGroup -Name $resourceGroup -Tags @{Owner = 'b-aubald'} -Location $resourceLocation
+        # $userAssignedIdenity = New-AzUserAssignedIdentity -ResourceGroupName $resourceGroup -Name $identityName -Location $resourceLocation
+        # Create keyvault and userIdeneity then give the identity access to the keyvault
+        # $azKeyVault = New-AzKeyVault -Name $keyVaultName -ResourceGroupName $resourceGroup -Location $resourceLocation -EnablePurgeProtection                
+        
+        #Set-AzKeyVaultAccessPolicy -VaultName $keyVaultName -ResourceGroupname $kvResourceGroup -ObjectId $userAssignedIdenity.PrincipalId -PermissionsToKeys create,get,encrypt,decrypt  -BypassObjectIdValidation
+        # Create key
+        #$keyVaultKey = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $keyName -Destination "Software"
+
+        # create and check account 1
+        $newTagName = "tag1"
+        $newTagValue = "tagValue1"
+
+        # $retrievedAcc = New-AzNetAppFilesAccount -ResourceGroupName $resourceGroup -Location $resourceLocation -Name $accName1 -Tag @{$newTagName = $newTagValue}
+        $retrievedAcc = New-AzNetAppFilesAccount -ResourceGroupName $resourceGroup -Location $resourceLocation -Name $accName1 -Tag @{$newTagName = $newTagValue} -EncryptionKeySource $keySource -IdentityType $identityType -KeyVaultKeyName $keyName -KeyVaultResourceId $keyVaultResourceId -KeyVaultUri $keyVaultUri -UserAssignedIdentity $userAssignedIdentity
+        Assert-AreEqual $accName1 $retrievedAcc.Name
+        Assert-AreEqual True $retrievedAcc.Tags.ContainsKey($newTagName)
+        Assert-AreEqual "tagValue1" $retrievedAcc.Tags[$newTagName].ToString()
+        Assert-NotNull $retrievedAcc.Identity.UserAssignedIdentities
+        Assert-AreEqual True $retrievedAcc.Tags.ContainsKey($newTagName)
+        Assert-AreEqual True $retrievedAcc.Identity.UserAssignedIdentities.ContainsKey($userAssignedIdentity)
+
+        # create and check account 2 using the Confirm flag
+        $retrievedAcc2 = New-AzNetAppFilesAccount -ResourceGroupName $resourceGroup -Location $resourceLocation -AccountName $accName2 -Confirm:$false
+        Assert-AreEqual $accName2 $retrievedAcc2.Name
+
+        # update and check account setting Encryption CMK properties
+        Assert-ThrowsContains{$retrievedAcc = Update-AzNetAppFilesAccount -ResourceGroupName $resourceGroup -Location $resourceLocation -AccountName $accName2 -EncryptionKeySource $keySource -IdentityType $identityType -KeyVaultKeyName $keyName -KeyVaultResourceId $keyVaultResourceId -KeyVaultUri $keyVaultUri -UserAssignedIdentity $userAssignedIdenity}
+        Assert-AreEqual $accName2 $retrievedAcc2.Name
+        Assert-NotNull $retrievedAcc.Identity.UserAssignedIdentities
+        Assert-AreEqual True $retrievedAcc.Tags.ContainsKey($newTagName)
+        Assert-AreEqual True $retrievedAcc.Identity.UserAssignedIdentities.ContainsKey($userAssignedIdentity)
+
+        # Assert-ThrowsContains{$retrievedAcc = Update-AzNetAppFilesAccountCredential -ResourceGroupName $resourceGroup -Location $resourceLocation -AccountName $accName1 } 'NetApp account does not have an MSI credentials, therefore it is ineligible for renewal of credentials'
+        Update-AzNetAppFilesAccountCredential -ResourceGroupName $resourceGroup -Location $resourceLocation -AccountName $accName1 
+
+        # get and check accounts by group (list)
+        $retrievedAcc = Get-AzNetAppFilesAccount -ResourceGroupName $resourceGroup
+        # check the names but the order does not appear to be guaranteed (perhaps because the names are randomly generated)
+        Assert-AreEqual 2 $retrievedAcc.Length
+
+        Remove-AzNetAppFilesAccount -ResourceGroupName $resourceGroup -AccountName $accName1
+        $retrievedAcc = Get-AzNetAppFilesAccount -ResourceGroupName $resourceGroup
+        Assert-AreEqual 1 $retrievedAcc.Length
+    }
+    finally
+    {
+        # Cleanup
+        Clean-ResourceGroup $resourceGroup
+    }
+}
+
+
 <#
 .SYNOPSIS
 Test Account Pipeline operations (uses command aliases)

src/NetAppFiles/NetAppFiles.Test/ScenarioTests/NetAppFilesTestRunner.cs

@@ -36,7 +36,8 @@ protected NetAppFilesTestRunner(ITestOutputHelper output)
                 {
                     helper.RMProfileModule,
                     helper.RMNetworkModule,
-                    helper.GetRMModulePath("Az.NetAppFiles.psd1")
+                    helper.GetRMModulePath("Az.NetAppFiles.psd1"),
+                    helper.GetRMModulePath("Az.ManagedServiceIdentity.psd1")
                 })
                 .WithNewRecordMatcherArguments(
                     userAgentsToIgnore: new Dictionary<string, string>
@@ -49,7 +50,8 @@ protected NetAppFilesTestRunner(ITestOutputHelper output)
                         {"Microsoft.Features", null},
                         {"Microsoft.Authorization", null},
                         {"Microsoft.Network", null},
-                        {"Microsoft.Compute", null}
+                        {"Microsoft.Compute", null},
+                        {"Microsoft.ManagedServiceIdentity", null}
                     }
                 )
                 .Build();

src/NetAppFiles/NetAppFiles.Test/ScenarioTests/VolumeGroup.cs

@@ -22,8 +22,8 @@ public VolumeGroupTests(Xunit.Abstractions.ITestOutputHelper output) : base(outp
         {
         }
 
-        [Fact(Skip = "Doesn't work at the moment")]
-        //[Fact]
+        //[Fact(Skip = "Doesn't work at the moment")]
+        [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void TestVolumeGroupCrud()
         {

src/NetAppFiles/NetAppFiles.Test/ScenarioTests/VolumeGroupTests.ps1

@@ -49,7 +49,7 @@ function Test-VolumeGroupCrud
     $resourceLocation = "northeurope"
     $vnetName = "vnetnortheurope-anf"
     $subnetId = "/subscriptions/$subsId/resourceGroups/$fixedResourceGroup/providers/Microsoft.Network/virtualNetworks/$vnetName/subnets/$subnetName"
-    $proximityPlacementGroup = "/subscriptions/69a75bda-882e-44d5-8431-63421204132a/resourceGroups/sdk-net-test-qa2/providers/Microsoft.Compute/proximityPlacementGroups/sdk_test_northeurope_ppg"
+    $proximityPlacementGroup = "/subscriptions/$subsId/resourceGroups/$fixedResourceGroup/providers/Microsoft.Compute/proximityPlacementGroups/sdk_test_northeurope_ppg"
 
     # create the list of protocol types
     $protocolTypes = New-Object string[] 1