public async Task IndividualResourceOwnerIsEnvOwner() { var arm = new FakeAzureResourceProvider(); var graphProvider = new AuthorizationManager(null, null, null, arm, null); var env = RenderingEnvironment; var objectId = Guid.NewGuid().ToString(); arm.UserPermissions.Add(new UserPermission { ObjectId = objectId, Scope = env.ResourceGroupResourceId, Role = "Owner" }); arm.UserPermissions.Add(new UserPermission { ObjectId = objectId, Scope = env.BatchAccount.ResourceId, Role = "Owner" }); arm.UserPermissions.Add(new UserPermission { ObjectId = objectId, Scope = env.StorageAccount.ResourceId, Role = "Owner" }); arm.UserPermissions.Add(new UserPermission { ObjectId = objectId, Scope = env.KeyVault.ResourceId, Role = "Owner" }); arm.UserPermissions.Add(new UserPermission { ObjectId = objectId, Scope = env.ApplicationInsightsAccount.ResourceId, Role = "Owner" }); arm.UserPermissions.Add(new UserPermission { ObjectId = objectId, Scope = env.Subnet.VnetResourceId, Role = "Owner" }); var perms = await graphProvider.ListUserPermissions(env); var perm = Assert.Single(perms); Assert.Equal(PortalRole.Owner.ToString(), perm.Role); }
public async Task SubscriptionOwnerIsEnvOwner() { var arm = new FakeAzureResourceProvider(); var graphProvider = new AuthorizationManager(null, null, null, arm, null); var env = RenderingEnvironment; arm.UserPermissions.Add(new UserPermission { ObjectId = Guid.NewGuid().ToString(), Scope = $"/subscriptions/{env.SubscriptionId}", Role = "Owner" }); var perms = await graphProvider.ListUserPermissions(env); var perm = Assert.Single(perms); Assert.Equal(PortalRole.Owner.ToString(), perm.Role); }
public async Task MissingResourcePermissionMeansNoEnvPermissions() { var arm = new FakeAzureResourceProvider(); var graphProvider = new AuthorizationManager(null, null, null, arm, null); var env = RenderingEnvironment; var objectId = Guid.NewGuid().ToString(); // Test with each of the resource permissions missing for (var i = 0; i < 5; i++) { arm.UserPermissions.Clear(); arm.UserPermissions.Add(new UserPermission { ObjectId = objectId, Scope = env.BatchAccount.ResourceId, Role = "Owner" }); arm.UserPermissions.Add(new UserPermission { ObjectId = objectId, Scope = env.StorageAccount.ResourceId, Role = "Owner" }); arm.UserPermissions.Add(new UserPermission { ObjectId = objectId, Scope = env.KeyVault.ResourceId, Role = "Owner" }); arm.UserPermissions.Add(new UserPermission { ObjectId = objectId, Scope = env.ApplicationInsightsAccount.ResourceId, Role = "Owner" }); arm.UserPermissions.Add(new UserPermission { ObjectId = objectId, Scope = env.Subnet.VnetResourceId, Role = "Owner" }); // Remove a resource permission arm.UserPermissions.RemoveAt(i); var perms = await graphProvider.ListUserPermissions(env); Assert.Empty(perms); } }