Merge pull request Azure#10057 from SanjaMalesevic/addPSCommandsForAadAdmin

Adding new Powershell cmdlets to support set/get/remove of Azure AD administrator on MI

Author: markcowl

src/Sql/Sql.Test/ScenarioTests/ManagedInstanceActiveDirectoryAdministratorTests.cs

@@ -0,0 +1,47 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.ScenarioTest.SqlTests;
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Xunit;
+using Xunit.Abstractions;
+using RestTestFramework = Microsoft.Rest.ClientRuntime.Azure.TestFramework;
+
+namespace Microsoft.Azure.Commands.Sql.Test.ScenarioTests
+{
+    public class ManagedInstanceActiveDirectoryAdministratorTests : SqlTestsBase
+    {
+        public ManagedInstanceActiveDirectoryAdministratorTests(ITestOutputHelper output) : base(output)
+        {
+        }
+    
+        protected override void SetupManagementClients(RestTestFramework.MockContext context)
+        {
+            var newResourcesClient = GetResourcesClient(context);
+            var sqlClient = GetSqlClient(context);
+            var networkClient = GetNetworkClient(context);
+            var graphClient = GetGraphClientVersion1_6(context);
+            Helper.SetupSomeOfManagementClients(newResourcesClient,sqlClient, networkClient, graphClient);
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestManagedInstanceActiveDirectoryAdministrator()
+        {
+            RunPowerShellTest("Test-ManagedInstanceActiveDirectoryAdministrator");
+        }
+    }
+}
+
+

src/Sql/Sql.Test/ScenarioTests/ManagedInstanceActiveDirectoryAdministratorTests.ps1

@@ -0,0 +1,80 @@
+# ----------------------------------------------------------------------------------
+#
+# Copyright Microsoft Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------------
+
+<#
+	.SYNOPSIS
+	Tests for managing Active Directory Administrator on managed instance
+#>
+function Test-ManagedInstanceActiveDirectoryAdministrator
+{
+	# Setup
+	$rg = Create-ResourceGroupForTest
+	$vnetName = "cl_initial"
+	$subnetName = "Cool"
+
+	# Setup VNET 
+	$virtualNetwork1 = CreateAndGetVirtualNetworkForManagedInstance $vnetName $subnetName $rg.Location
+	$subnetId = $virtualNetwork1.Subnets.where({ $_.Name -eq $subnetName })[0].Id
+
+	$managedInstance = Create-ManagedInstanceForTest $rg $subnetId
+        
+	# If there is a need to re-record this test, these values must be changed to correspond to existing group and user from Azure Active Directory related to current subscription.
+	$activeDirectoryGroup1 = "aadadmin"
+	$activeDirectoryGroup1ObjectId = "52b6d571-5ff9-4b8f-92de-4a5b1bcdbbef"
+	$activeDirectoryUser1 = "CL AAD Test User"
+	$activeDirectoryUser1ObjectId = "034bb7d9-ca26-4c6f-abe0-4aff74fdca50"
+
+	try
+	{
+		# Verify there is no Active Directory Administrator set
+		$activeDirectoryAdmin = Get-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName $rg.ResourceGroupName -InstanceName $managedInstance.ManagedInstanceName
+
+		Assert-Null $activeDirectoryAdmin
+
+		# Set an Active Directory Administrator Group on Managed Instance
+		# This command uses the Graph API to check if there is a user/group for provided DisplayName and ObjectId. Graph authentication blocks test passes, so if you need to record this test again, you must provide real token in 
+		# MockTokenAuthenticationFactory constructor and change SetAuthenticationFactory in EnvironmentSetupHelper.
+		$activeDirectoryAdmin1 = Set-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName $rg.ResourceGroupName -InstanceName $managedInstance.ManagedInstanceName -DisplayName $activeDirectoryGroup1 -ObjectId $activeDirectoryGroup1ObjectId
+
+		Assert-NotNull $activeDirectoryAdmin1
+
+		# Verify the correct Active Directory Administrator is set
+		Assert-AreEqual $activeDirectoryAdmin1.DisplayName $activeDirectoryGroup1
+		Assert-AreEqual $activeDirectoryAdmin1.ObjectId $activeDirectoryGroup1ObjectId
+
+		# Get an Active Directory Administrator
+		$activeDirectoryAdmin2 = Get-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName $rg.ResourceGroupName -InstanceName $managedInstance.ManagedInstanceName
+
+		Assert-AreEqual $activeDirectoryAdmin2.DisplayName $activeDirectoryGroup1
+		Assert-AreEqual $activeDirectoryAdmin2.ObjectId $activeDirectoryGroup1ObjectId
+
+		# Set an Active Directory Administrator User on Managed Instance
+		$activeDirectoryAdmin3 = Set-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName $rg.ResourceGroupName -InstanceName $managedInstance.ManagedInstanceName -DisplayName $activeDirectoryUser1 -ObjectId $activeDirectoryUser1ObjectId
+
+		Assert-AreEqual $activeDirectoryAdmin3.DisplayName $activeDirectoryUser1
+		Assert-AreEqual $activeDirectoryAdmin3.ObjectId $activeDirectoryUser1ObjectId
+
+		# Remove an Active Directory Administrator User from Managed Instance
+		$activeDirectoryAdmin4 = Remove-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName $rg.ResourceGroupName -InstanceName $managedInstance.ManagedInstanceName -Force
+
+		# Verify that Active Directory Administrator was deleted
+		$activeDirectoryAdmin5 = Get-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName $rg.ResourceGroupName -InstanceName $managedInstance.ManagedInstanceName
+
+		Assert-Null $activeDirectoryAdmin5
+	}
+	finally
+	{
+		Remove-ResourceGroupForTest $rg
+	}
+}

src/Sql/Sql.Test/ScenarioTests/SqlTestsBase.cs

@@ -31,15 +31,17 @@
 using Microsoft.Azure.Management.OperationalInsights;
 using SDKMonitor = Microsoft.Azure.Management.Monitor;
 using CommonMonitor = Microsoft.Azure.Management.Monitor.Version2018_09_01;
-using Microsoft.Azure.Graph.RBAC;
 using Microsoft.Azure.Management.KeyVault;
+using Microsoft.Azure.Graph.RBAC;
+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 
 namespace Microsoft.Azure.Commands.ScenarioTest.SqlTests
 {
     public class SqlTestsBase : RMTestBase
     {
         protected EnvironmentSetupHelper Helper;
         protected string[] resourceTypesToIgnoreApiVersion;
+        private const string TenantIdKey = "TenantId";
 
         protected SqlTestsBase(ITestOutputHelper output)
         {
@@ -84,8 +86,8 @@ protected void RunPowerShellTest(params string[] scripts)
             // Enable undo functionality as well as mock recording
             using (var context = MockContext.Start(callingClassType, mockName))
             {
-                SetupManagementClients(context);
                 Helper.SetupEnvironment(AzureModule.AzureResourceManager);
+                SetupManagementClients(context);
                 Helper.SetupModules(AzureModule.AzureResourceManager,
                     "ScenarioTests\\Common.ps1",
                     "ScenarioTests\\" + GetType().Name + ".ps1",
@@ -140,6 +142,35 @@ protected GraphRbacManagementClient GetGraphClient(MockContext context)
             return graphClient;
         }
 
+        protected Microsoft.Azure.Graph.RBAC.Version1_6.GraphRbacManagementClient GetGraphClientVersion1_6(MockContext context)
+        {
+            Microsoft.Azure.Graph.RBAC.Version1_6.GraphRbacManagementClient graphClient = context.GetServiceClient<Microsoft.Azure.Graph.RBAC.Version1_6.GraphRbacManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
+            graphClient.BaseUri = TestEnvironmentFactory.GetTestEnvironment().Endpoints.GraphUri;
+            string tenantId = null;
+
+            if (HttpMockServer.Mode == HttpRecorderMode.Record)
+            {
+                tenantId = TestEnvironmentFactory.GetTestEnvironment().Tenant;
+                HttpMockServer.Variables[TenantIdKey] = tenantId;
+            }
+            else if (HttpMockServer.Mode == HttpRecorderMode.Playback)
+            {
+                if (HttpMockServer.Variables.ContainsKey(TenantIdKey))
+                {
+                    tenantId = HttpMockServer.Variables[TenantIdKey];
+                }
+            }
+            graphClient.TenantID = tenantId;
+            if (AzureRmProfileProvider.Instance != null &&
+                AzureRmProfileProvider.Instance.Profile != null &&
+                AzureRmProfileProvider.Instance.Profile.DefaultContext != null &&
+                AzureRmProfileProvider.Instance.Profile.DefaultContext.Tenant != null)
+            {
+                AzureRmProfileProvider.Instance.Profile.DefaultContext.Tenant.Id = tenantId;
+            }
+            return graphClient;
+        }
+
         protected KeyVaultManagementClient GetKeyVaultClient(MockContext context)
         {
             return context.GetServiceClient<KeyVaultManagementClient>(TestEnvironmentFactory.GetTestEnvironment());