public DeploymentManagerClientHelper(TestBase testBase, MockContext context, RecordedDelegatingHandler handler) { _testBase = testBase; _context = context; resourceManagementClient = DeploymentManagerTestUtilities.GetResourceManagementClient(context, handler); storageManagementClient = DeploymentManagerTestUtilities.GetStorageManagementClient(context, handler); managedServiceIdentityClient = DeploymentManagerTestUtilities.GetManagedServiceIdentityClient(context, handler); authorizationClient = DeploymentManagerTestUtilities.GetAuthorizationManagementClient(context, handler); }
public string CreateManagedIdentity( string subscriptionId, string identityName) { if (HttpMockServer.Mode == HttpRecorderMode.Record) { var parameters = new Microsoft.Azure.Management.ManagedServiceIdentity.Models.Identity() { Location = this.GetProviderLocation("Microsoft.ManagedIdentity", "userAssignedIdentities") }; var identity = this.managedServiceIdentityClient.UserAssignedIdentities.CreateOrUpdate( this.ResourceGroupName, identityName, parameters); Assert.NotNull(identity); // Give a couple minutes for the MSI to propagate. Observed failures of principalId not being found in the tenant // when there is no wait time between MSI creation and role assignment. DeploymentManagerTestUtilities.Sleep(TimeSpan.FromMinutes(2)); var scope = "/subscriptions/" + subscriptionId; var roleDefinitionList = this.authorizationClient.RoleDefinitions.List( scope, new Microsoft.Rest.Azure.OData.ODataQuery <Microsoft.Azure.Management.Authorization.Models.RoleDefinitionFilter>("roleName eq 'Contributor'")); var roleAssignmentName = Guid.NewGuid().ToString(); var roleAssignmentParameters = new Microsoft.Azure.Management.Authorization.Models.RoleAssignmentCreateParameters() { PrincipalId = identity.PrincipalId.ToString(), RoleDefinitionId = roleDefinitionList.First().Id, CanDelegate = false }; var roleAssignment = this.authorizationClient.RoleAssignments.Create( scope, roleAssignmentName, roleAssignmentParameters); Assert.NotNull(roleAssignment); // Add additional wait time after role assignment to propagate permissions. Observed // no permissions to modify resource group errors without wait time. DeploymentManagerTestUtilities.Sleep(TimeSpan.FromMinutes(1)); roleAssignment = this.authorizationClient.RoleAssignments.Get( scope, roleAssignmentName); Assert.NotNull(roleAssignment); return(identity.Id); } return("dummyIdentity"); }