public DeploymentManagerClientHelper(TestBase testBase, MockContext context, RecordedDelegatingHandler handler)
{
_testBase = testBase;
_context = context;
resourceManagementClient = DeploymentManagerTestUtilities.GetResourceManagementClient(context, handler);
storageManagementClient = DeploymentManagerTestUtilities.GetStorageManagementClient(context, handler);
managedServiceIdentityClient = DeploymentManagerTestUtilities.GetManagedServiceIdentityClient(context, handler);
authorizationClient = DeploymentManagerTestUtilities.GetAuthorizationManagementClient(context, handler);
}
public string CreateManagedIdentity(
string subscriptionId,
string identityName)
{
if (HttpMockServer.Mode == HttpRecorderMode.Record)
{
var parameters = new Microsoft.Azure.Management.ManagedServiceIdentity.Models.Identity()
{
Location = this.GetProviderLocation("Microsoft.ManagedIdentity", "userAssignedIdentities")
};
var identity = this.managedServiceIdentityClient.UserAssignedIdentities.CreateOrUpdate(
this.ResourceGroupName,
identityName,
parameters);
Assert.NotNull(identity);
// Give a couple minutes for the MSI to propagate. Observed failures of principalId not being found in the tenant
// when there is no wait time between MSI creation and role assignment.
DeploymentManagerTestUtilities.Sleep(TimeSpan.FromMinutes(2));
var scope = "/subscriptions/" + subscriptionId;
var roleDefinitionList = this.authorizationClient.RoleDefinitions.List(
scope,
new Microsoft.Rest.Azure.OData.ODataQuery <Microsoft.Azure.Management.Authorization.Models.RoleDefinitionFilter>("roleName eq 'Contributor'"));
var roleAssignmentName = Guid.NewGuid().ToString();
var roleAssignmentParameters = new Microsoft.Azure.Management.Authorization.Models.RoleAssignmentCreateParameters()
{
PrincipalId = identity.PrincipalId.ToString(),
RoleDefinitionId = roleDefinitionList.First().Id,
CanDelegate = false
};
var roleAssignment = this.authorizationClient.RoleAssignments.Create(
scope,
roleAssignmentName,
roleAssignmentParameters);
Assert.NotNull(roleAssignment);
// Add additional wait time after role assignment to propagate permissions. Observed
// no permissions to modify resource group errors without wait time.
DeploymentManagerTestUtilities.Sleep(TimeSpan.FromMinutes(1));
roleAssignment = this.authorizationClient.RoleAssignments.Get(
scope,
roleAssignmentName);
Assert.NotNull(roleAssignment);
return(identity.Id);
}
return("dummyIdentity");
}
