public async Task IndividualResourceOwnerIsEnvOwner()
{
var arm = new FakeAzureResourceProvider();
var graphProvider = new AuthorizationManager(null, null, null, arm, null);
var env = RenderingEnvironment;
var objectId = Guid.NewGuid().ToString();
arm.UserPermissions.Add(new UserPermission {
ObjectId = objectId, Scope = env.ResourceGroupResourceId, Role = "Owner"
});
arm.UserPermissions.Add(new UserPermission {
ObjectId = objectId, Scope = env.BatchAccount.ResourceId, Role = "Owner"
});
arm.UserPermissions.Add(new UserPermission {
ObjectId = objectId, Scope = env.StorageAccount.ResourceId, Role = "Owner"
});
arm.UserPermissions.Add(new UserPermission {
ObjectId = objectId, Scope = env.KeyVault.ResourceId, Role = "Owner"
});
arm.UserPermissions.Add(new UserPermission {
ObjectId = objectId, Scope = env.ApplicationInsightsAccount.ResourceId, Role = "Owner"
});
arm.UserPermissions.Add(new UserPermission {
ObjectId = objectId, Scope = env.Subnet.VnetResourceId, Role = "Owner"
});
var perms = await graphProvider.ListUserPermissions(env);
var perm = Assert.Single(perms);
Assert.Equal(PortalRole.Owner.ToString(), perm.Role);
}
public async Task SubscriptionOwnerIsEnvOwner()
{
var arm = new FakeAzureResourceProvider();
var graphProvider = new AuthorizationManager(null, null, null, arm, null);
var env = RenderingEnvironment;
arm.UserPermissions.Add(new UserPermission {
ObjectId = Guid.NewGuid().ToString(),
Scope = $"/subscriptions/{env.SubscriptionId}",
Role = "Owner"
});
var perms = await graphProvider.ListUserPermissions(env);
var perm = Assert.Single(perms);
Assert.Equal(PortalRole.Owner.ToString(), perm.Role);
}
public async Task MissingResourcePermissionMeansNoEnvPermissions()
{
var arm = new FakeAzureResourceProvider();
var graphProvider = new AuthorizationManager(null, null, null, arm, null);
var env = RenderingEnvironment;
var objectId = Guid.NewGuid().ToString();
// Test with each of the resource permissions missing
for (var i = 0; i < 5; i++)
{
arm.UserPermissions.Clear();
arm.UserPermissions.Add(new UserPermission {
ObjectId = objectId, Scope = env.BatchAccount.ResourceId, Role = "Owner"
});
arm.UserPermissions.Add(new UserPermission {
ObjectId = objectId, Scope = env.StorageAccount.ResourceId, Role = "Owner"
});
arm.UserPermissions.Add(new UserPermission {
ObjectId = objectId, Scope = env.KeyVault.ResourceId, Role = "Owner"
});
arm.UserPermissions.Add(new UserPermission {
ObjectId = objectId, Scope = env.ApplicationInsightsAccount.ResourceId, Role = "Owner"
});
arm.UserPermissions.Add(new UserPermission {
ObjectId = objectId, Scope = env.Subnet.VnetResourceId, Role = "Owner"
});
// Remove a resource permission
arm.UserPermissions.RemoveAt(i);
var perms = await graphProvider.ListUserPermissions(env);
Assert.Empty(perms);
}
}
