public void TestSetManagedInstanceActiveDirectoryAdministrator()
{
string aadAdmin = "aadadmin";
string managedInstanceName = "miaadadmin";
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
Guid objectId = new Guid(TestEnvironmentUtilities.GetUserObjectId());
Guid tenantId = new Guid(TestEnvironmentUtilities.GetTenantId());
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
ResourceGroup resourceGroup = context.CreateResourceGroup();
// Create vnet and get the subnet id
VirtualNetwork vnet = ManagedInstanceTestFixture.CreateVirtualNetwork(context, resourceGroup, TestEnvironmentUtilities.DefaultLocationId);
Sku sku = new Sku();
sku.Name = "MIGP8G4";
sku.Tier = "GeneralPurpose";
ManagedInstance instance = sqlClient.ManagedInstances.CreateOrUpdate(resourceGroup.Name,
"crud-tests-" + managedInstanceName, new ManagedInstance()
{
AdministratorLogin = SqlManagementTestUtilities.DefaultLogin,
AdministratorLoginPassword = SqlManagementTestUtilities.DefaultPassword,
Sku = sku,
SubnetId = vnet.Subnets[0].Id,
Tags = new Dictionary <string, string>(),
Location = TestEnvironmentUtilities.DefaultLocationId,
});
Assert.NotNull(instance);
// Add new Active Directory Admin
ManagedInstanceAdministrator newAdmin = new ManagedInstanceAdministrator(login: aadAdmin, sid: objectId, tenantId: tenantId);
ManagedInstanceAdministrator createResult = sqlClient.ManagedInstanceAdministrators.CreateOrUpdate(resourceGroup.Name, instance.Name, newAdmin);
Assert.Equal(aadAdmin, createResult.Login);
// Get the current Active Directory Admin
ManagedInstanceAdministrator getResult = sqlClient.ManagedInstanceAdministrators.Get(resourceGroup.Name, instance.Name);
Assert.Equal(aadAdmin, getResult.Login);
Assert.Equal(objectId, getResult.Sid);
Assert.Equal(tenantId, getResult.TenantId);
// Delete the Active Directory Admin on server
sqlClient.ManagedInstanceAdministrators.Delete(resourceGroup.Name, instance.Name);
// List all Active Directory Admins for isntance.
Microsoft.Azure.Management.Sql.Models.Page1 <ManagedInstanceAdministrator> admins = (Microsoft.Azure.Management.Sql.Models.Page1 <ManagedInstanceAdministrator>)sqlClient.ManagedInstanceAdministrators.ListByInstance(resourceGroup.Name, instance.Name);
Assert.True(admins == null || !admins.GetEnumerator().MoveNext());
}
}
public void TestSetServerActiveDirectoryAdministrator()
{
string aadAdmin = "DSEngAll";
Dictionary <string, string> tags = new Dictionary <string, string>();
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
Guid objectId = new Guid(TestEnvironmentUtilities.GetUserObjectId());
Guid tenantId = new Guid(TestEnvironmentUtilities.GetTenantId());
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
ResourceGroup resourceGroup = context.CreateResourceGroup();
Server server = context.CreateServer(resourceGroup);
// Add new Active Directory Admin
ServerAzureADAdministrator newAdmin = new ServerAzureADAdministrator(
aadAdmin, objectId, tenantId);
ServerAzureADAdministrator createResult = sqlClient.ServerAzureADAdministrators.CreateOrUpdate(resourceGroup.Name, server.Name, newAdmin);
Assert.Equal(aadAdmin, createResult.Login);
// Get the current Active Directory Admin
ServerAzureADAdministrator getResult = sqlClient.ServerAzureADAdministrators.Get(resourceGroup.Name, server.Name);
Assert.Equal(aadAdmin, getResult.Login);
Assert.Equal(objectId, getResult.Sid);
Assert.Equal(tenantId, getResult.TenantId);
// Delete the Active Directory Admin on server
sqlClient.ServerAzureADAdministrators.Delete(resourceGroup.Name, server.Name);
// List all Active Directory Admin
List <ServerAzureADAdministrator> admins = sqlClient.ServerAzureADAdministrators.ListByServer(resourceGroup.Name, server.Name) as List <ServerAzureADAdministrator>;
Assert.True(admins == null || admins.Count == 0);
}
}
public void TestSetManagedInstanceActiveDirectoryAdministrator()
{
string aadAdmin = "aadadmin";
string managedInstanceName = "miaadadmin";
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
Guid objectId = new Guid(TestEnvironmentUtilities.GetUserObjectId());
Guid tenantId = new Guid(TestEnvironmentUtilities.GetTenantId());
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
ResourceGroup resourceGroup = context.CreateResourceGroup();
ManagedInstance instance = context.CreateManagedInstance(resourceGroup);
Assert.NotNull(instance);
// Add new Active Directory Admin
ManagedInstanceAdministrator newAdmin = new ManagedInstanceAdministrator(login: aadAdmin, sid: objectId, tenantId: tenantId);
ManagedInstanceAdministrator createResult = sqlClient.ManagedInstanceAdministrators.CreateOrUpdate(resourceGroup.Name, instance.Name, newAdmin);
Assert.Equal(aadAdmin, createResult.Login);
// Get the current Active Directory Admin
ManagedInstanceAdministrator getResult = sqlClient.ManagedInstanceAdministrators.Get(resourceGroup.Name, instance.Name);
Assert.Equal(aadAdmin, getResult.Login);
Assert.Equal(objectId, getResult.Sid);
Assert.Equal(tenantId, getResult.TenantId);
// Delete the Active Directory Admin on server
sqlClient.ManagedInstanceAdministrators.Delete(resourceGroup.Name, instance.Name);
// List all Active Directory Admins for isntance.
Microsoft.Azure.Management.Sql.Models.Page1 <ManagedInstanceAdministrator> admins = (Microsoft.Azure.Management.Sql.Models.Page1 <ManagedInstanceAdministrator>)sqlClient.ManagedInstanceAdministrators.ListByInstance(resourceGroup.Name, instance.Name);
Assert.True(admins == null || !admins.GetEnumerator().MoveNext());
}
}
private static KeyBundle CreateKeyVaultKeyAccessibleByIdentity(SqlManagementTestContext context,
ResourceGroup resourceGroup, ResourceIdentityWithUserAssignedIdentities identity)
{
var sqlClient = context.GetClient <SqlManagementClient>();
var keyVaultManagementClient = context.GetClient <KeyVaultManagementClient>();
var keyVaultClient = TestEnvironmentUtilities.GetKeyVaultClient();
// Prepare vault permissions for the server
var permissions = new Permissions()
{
Keys = new List <string>()
{
KeyPermissions.WrapKey,
KeyPermissions.UnwrapKey,
KeyPermissions.Get,
KeyPermissions.List
}
};
var aclEntry = new AccessPolicyEntry(identity.TenantId.Value,
identity.PrincipalId.Value.ToString(), permissions);
// Prepare vault permissions for the app used in this test
var appPermissions = new Permissions()
{
Keys = new List <string>()
{
KeyPermissions.Create,
KeyPermissions.Delete,
KeyPermissions.Get,
KeyPermissions.List
}
};
string authObjectId = TestEnvironmentUtilities.GetUserObjectId();
var aclEntryUser = new AccessPolicyEntry(identity.TenantId.Value, authObjectId, appPermissions);
// Create a vault
var accessPolicy = new List <AccessPolicyEntry>()
{
aclEntry, aclEntryUser
};
string vaultName = SqlManagementTestUtilities.GenerateName();
string vaultLocation = TestEnvironmentUtilities.DefaultLocation;
var vault = keyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroup.Name, vaultName,
new VaultCreateOrUpdateParameters()
{
Location = vaultLocation,
Properties = new VaultProperties()
{
AccessPolicies = accessPolicy,
TenantId = identity.TenantId.Value,
EnableSoftDelete = true
}
});
// Create a key
// This can be flaky if attempted immediately after creating the vault. Adding short sleep to improve robustness.
TestUtilities.Wait(TimeSpan.FromSeconds(3));
string keyName = SqlManagementTestUtilities.GenerateName();
return(keyVaultClient.CreateKeyAsync(vault.Properties.VaultUri, keyName, JsonWebKeyType.Rsa,
keyOps: JsonWebKeyOperation.AllOperations).GetAwaiter().GetResult());
}
