Merge pull request Azure#4348 from darshanhs90/settoledeffix

update setroledef command

Author: markcowl

src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj

@@ -336,6 +336,9 @@
     <None Include="Resources\RoleDefinition.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
+    <None Include="Resources\InvalidRoleDefinition.json">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
     <None Include="Resources\NewRoleDefinition.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
@@ -693,6 +696,12 @@
     <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.RoleDefinitionTests\RoleDefinitionCreateTests.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.RoleDefinitionTests\RDCreateFromFile.json">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.RoleDefinitionTests\RDUpdate.json">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
     <None Include="sampleTemplate.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>

src/ResourceManager/Resources/Commands.Resources.Test/Resources/InvalidRoleDefinition.json

@@ -0,0 +1,11 @@
+{
+    "Name": "Another Invalid test role",
+    "Id": "85E460B3-89E9-48BA-9DCD-A8A99D64A674",
+    "Description": "Test role",
+    "Actions": [ 
+        "Microsoft.Authorization/*/read",
+        "Microsoft.Support/*"
+    ],
+    "NotActions": [],
+    "AssignableScopes": ["/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f/ResourceGroups"]
+}

src/ResourceManager/Resources/Commands.Resources.Test/Resources/RoleDefinition.json

@@ -7,5 +7,6 @@
         "Microsoft.Support/*"
     ],
     "NotActions": [],
-    "AssignableScopes": ["/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f"]
+    "AssignableScopes": ["/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f",
+                        "/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f/ResourceGroups/rbactest"]
 }

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/RoleDefinitionTests.cs

@@ -49,7 +49,21 @@ public void RdPositiveScenarios()
             ResourcesController.NewInstance.RunPsTest("Test-RDPositiveScenarios");
         }
 
-        [Fact(Skip = "Unskip after service side change")]
+		[Fact]
+		[Trait(Category.AcceptanceType, Category.CheckIn)]
+		public void RDUpdate()
+		{
+			ResourcesController.NewInstance.RunPsTest("Test-RDUpdate");
+		}
+
+		[Fact]
+		[Trait(Category.AcceptanceType, Category.CheckIn)]
+		public void RDCreateFromFile()
+		{
+			ResourcesController.NewInstance.RunPsTest("Test-RDCreateFromFile");
+		}
+
+		[Fact(Skip = "Unskip after service side change")]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void RDRemoveScenario()
         {

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/RoleDefinitionTests.ps1

@@ -126,6 +126,49 @@ function Test-RDPositiveScenarios
     Assert-Null $readRd
 }
 
+<#
+.SYNOPSIS
+Tests verify roledefinition update with interchanged assignablescopes.
+#>
+function Test-RDUpdate
+{
+    # Setup
+    Add-Type -Path ".\\Microsoft.Azure.Commands.Resources.dll"
+
+    # Create a role definition with Name rdNamme.
+    $rdName = 'Another tests role'
+    [Microsoft.Azure.Commands.Resources.Models.Authorization.AuthorizationClient]::RoleDefinitionNames.Enqueue("032F61D2-ED09-40C9-8657-26A273DA7BAE")
+    $rd = New-AzureRmRoleDefinition -InputFile .\Resources\RoleDefinition.json
+    $rd = Get-AzureRmRoleDefinition -Name $rdName
+
+    # Update the role definition with action that was created in the step above.
+    $scopes = $rd.AssignableScopes | foreach { $_ }
+    $rd.AssignableScopes.Clear()
+	for($i = $scopes.Count - 1 ; $i -ge 0; $i--){
+		$rd.AssignableScopes.Add($scopes[$i])
+	}
+    $updatedRd = Set-AzureRmRoleDefinition -Role $rd
+    Assert-NotNull $updatedRd
+
+    # Cleanup
+    $deletedRd = Remove-AzureRmRoleDefinition -Id $rd.Id -Force -PassThru
+    Assert-AreEqual $rd.Name $deletedRd.Name
+}
+
+<#
+.SYNOPSIS
+Tests verify roledefinition create with invalid scope.
+#>
+function Test-RDCreateFromFile
+{
+    # Setup
+    Add-Type -Path ".\\Microsoft.Azure.Commands.Resources.dll"
+
+    # Create a role definition with invalid assignable scopes.
+    [Microsoft.Azure.Commands.Resources.Models.Authorization.AuthorizationClient]::RoleDefinitionNames.Enqueue("032F61D2-ED09-40C9-8657-26A273DA7BAE")
+    $badScopeException = "Scope '/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f/ResourceGroups' should have even number of parts."
+    Assert-Throws { $rd = New-AzureRmRoleDefinition -InputFile .\Resources\InvalidRoleDefinition.json } $badScopeException
+}
 <#
 .SYNOPSIS
 Verify positive and negative scenarios for RoleDefinition remove.

src/ResourceManager/Resources/Commands.Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.RoleDefinitionTests/RDCreateFromFile.json

@@ -0,0 +1,76 @@
+{
+  "Entries": [
+    {
+      "RequestUri": "//subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f/ResourceGroups/rbactest/providers/Microsoft.Authorization/roleDefinitions/032f61d2-ed09-40c9-8657-26a273da7bae?api-version=2015-07-01",
+      "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzQwMDRhOWZkLWQ1OGUtNDhkYy1hZWIyLTRhNGFlYzU4NjA2Zi9SZXNvdXJjZUdyb3Vwcy9yYmFjdGVzdC9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vcm9sZURlZmluaXRpb25zLzAzMmY2MWQyLWVkMDktNDBjOS04NjU3LTI2YTI3M2RhN2JhZT9hcGktdmVyc2lvbj0yMDE1LTA3LTAx",
+      "RequestMethod": "PUT",
+      "RequestBody": "{\r\n  \"name\": \"032f61d2-ed09-40c9-8657-26a273da7bae\",\r\n  \"properties\": {\r\n    \"roleName\": \"Another Invalid test role\",\r\n    \"description\": \"Test role\",\r\n    \"type\": \"CustomRole\",\r\n    \"permissions\": [\r\n      {\r\n        \"actions\": [\r\n          \"Microsoft.Authorization/*/read\",\r\n          \"Microsoft.Support/*\"\r\n        ],\r\n        \"notActions\": []\r\n      }\r\n    ],\r\n    \"assignableScopes\": [\r\n      \"/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f/ResourceGroups/rbactest\"\r\n    ]\r\n  }\r\n}",
+      "RequestHeaders": {
+        "Content-Type": [
+          "application/json; charset=utf-8"
+        ],
+        "Content-Length": [
+          "490"
+        ],
+        "User-Agent": [
+          "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/2.0.0.0"
+        ]
+      },
+      "ResponseBody": "{\r\n  \"properties\": {\r\n    \"roleName\": \"Another Invalid test role\",\r\n    \"type\": \"CustomRole\",\r\n    \"description\": \"Test role\",\r\n    \"assignableScopes\": [\r\n      \"/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f/ResourceGroups/rbactest\"\r\n    ],\r\n    \"permissions\": [\r\n      {\r\n        \"actions\": [\r\n          \"Microsoft.Authorization/*/read\",\r\n          \"Microsoft.Support/*\"\r\n        ],\r\n        \"notActions\": []\r\n      }\r\n    ],\r\n    \"createdOn\": \"2017-07-26T23:48:33.1112039Z\",\r\n    \"updatedOn\": \"2017-07-26T23:48:33.1112039Z\",\r\n    \"createdBy\": \"f8d526a0-54eb-4941-ae69-ebf4a334d0f0\",\r\n    \"updatedBy\": \"f8d526a0-54eb-4941-ae69-ebf4a334d0f0\"\r\n  },\r\n  \"id\": \"/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f/providers/Microsoft.Authorization/roleDefinitions/032f61d2-ed09-40c9-8657-26a273da7bae\",\r\n  \"type\": \"Microsoft.Authorization/roleDefinitions\",\r\n  \"name\": \"032f61d2-ed09-40c9-8657-26a273da7bae\"\r\n}",
+      "ResponseHeaders": {
+        "Content-Length": [
+          "730"
+        ],
+        "Content-Type": [
+          "application/json; charset=utf-8"
+        ],
+        "Expires": [
+          "-1"
+        ],
+        "Pragma": [
+          "no-cache"
+        ],
+        "x-ms-request-id": [
+          "ff4f5807-a72d-4ea8-8ed5-8f3198f9ceb0"
+        ],
+        "X-Content-Type-Options": [
+          "nosniff"
+        ],
+        "Strict-Transport-Security": [
+          "max-age=31536000; includeSubDomains"
+        ],
+        "x-ms-ratelimit-remaining-subscription-writes": [
+          "1198"
+        ],
+        "x-ms-correlation-request-id": [
+          "4b207914-7d7f-4558-b95c-1c62035e0ea0"
+        ],
+        "x-ms-routing-request-id": [
+          "WESTUS2:20170726T234835Z:4b207914-7d7f-4558-b95c-1c62035e0ea0"
+        ],
+        "Cache-Control": [
+          "no-cache"
+        ],
+        "Date": [
+          "Wed, 26 Jul 2017 23:48:34 GMT"
+        ],
+        "Set-Cookie": [
+          "x-ms-gateway-slice=productionb; path=/; secure; HttpOnly"
+        ],
+        "Server": [
+          "Microsoft-IIS/8.5"
+        ],
+        "X-Powered-By": [
+          "ASP.NET"
+        ]
+      },
+      "StatusCode": 201
+    }
+  ],
+  "Names": {},
+  "Variables": {
+    "SubscriptionId": "4004a9fd-d58e-48dc-aeb2-4a4aec58606f",
+    "TenantId": "1273adef-00a3-4086-a51a-dbcce1857d36",
+    "Domain": "rbacclitest.onmicrosoft.com"
+  }
+}