Skip to content

Commit

Permalink
Fix HSM RBAC test failures and snippets (#21719)
Browse files Browse the repository at this point in the history
  • Loading branch information
heaths authored Jun 9, 2021
1 parent cf3f970 commit 003fa41
Show file tree
Hide file tree
Showing 19 changed files with 831 additions and 522 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ az ad signed-in-user show --query objectId
string definitionIdToAssign = "<roleDefinitionId>";
string servicePrincipalObjectId = "<objectId>";

KeyVaultRoleAssignment createdAssignment = await client.CreateRoleAssignmentAsync(RoleAssignmentScope.Global, definitionIdToAssign, servicePrincipalObjectId);
KeyVaultRoleAssignment createdAssignment = await client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionIdToAssign, servicePrincipalObjectId);
```

## Getting a Role Assignment
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ az ad signed-in-user show --query objectId
string definitionIdToAssign = "<roleDefinitionId>";
string servicePrincipalObjectId = "<objectId>";

KeyVaultRoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, definitionIdToAssign, servicePrincipalObjectI);
KeyVaultRoleAssignment createdAssignment = client.CreateRoleAssignment(KeyVaultRoleScope.Global, definitionIdToAssign, servicePrincipalObjectId);
```

## Getting a Role Assignment
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ A role definition Id can be obtained from the `Id` property of one of the role d
string definitionIdToAssign = "<roleDefinitionId>";
string servicePrincipalObjectId = "<objectId>";

RoleAssignment keysScopedAssignment = await client.CreateRoleAssignmentAsync(RoleAssignmentScope.Global, definitionIdToAssign, servicePrincipalObjectId);
KeyVaultRoleAssignment keysScopedAssignment = await client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionIdToAssign, servicePrincipalObjectId);
```

## Assigning a Role to a specific Key Scope
Expand All @@ -31,5 +31,5 @@ We'll also need the name of an existing `KeyVaultKey` to get it from the service
string keyName = "<your-key-name>";
KeyVaultKey key = await keyClient.GetKeyAsync(keyName);

RoleAssignment keyScopedAssignment = await client.CreateRoleAssignmentAsync(new RoleAssignmentScope(key.Id), definitionIdToAssign, servicePrincipalObjectId);
KeyVaultRoleAssignment keyScopedAssignment = await client.CreateRoleAssignmentAsync(new KeyVaultRoleScope(key.Id), definitionIdToAssign, servicePrincipalObjectId);
```
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ public async Task GetRoleDefinitions()
public async Task GetRoleDefinition()
{
var description = Recording.GenerateAlphaNumericId("role");
var name = Recording.Random.NewGuid();
Guid name = Recording.Random.NewGuid();

CreateOrUpdateRoleDefinitionOptions options = new(KeyVaultRoleScope.Global, name)
{
Expand Down Expand Up @@ -72,7 +72,7 @@ public async Task GetRoleDefinition()
public async Task CreateOrUpdateRoleDefinition()
{
var description = Recording.GenerateAlphaNumericId("role");
var name = Recording.Random.NewGuid();
Guid name = Recording.Random.NewGuid();

CreateOrUpdateRoleDefinitionOptions options = new(KeyVaultRoleScope.Global, name)
{
Expand Down Expand Up @@ -116,7 +116,7 @@ public async Task CreateOrUpdateRoleDefinition()
public async Task DeleteRoleDefinition()
{
var description = Recording.GenerateAlphaNumericId("role");
var name = Recording.Random.NewGuid();
Guid name = Recording.Random.NewGuid();

CreateOrUpdateRoleDefinitionOptions options = new(KeyVaultRoleScope.Global, name)
{
Expand Down Expand Up @@ -145,9 +145,10 @@ public async Task DeleteRoleDefinition()
public async Task CreateRoleAssignment()
{
List<KeyVaultRoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
var definitionToAssign = definitions.FirstOrDefault(d => d.RoleName.Contains(RoleName));
KeyVaultRoleDefinition definitionToAssign = definitions.First(d => d.RoleName.Contains(RoleName));

KeyVaultRoleAssignment result = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, _roleAssignmentId).ConfigureAwait(false);
Guid roleAssignmentName = Recording.Random.NewGuid();
KeyVaultRoleAssignment result = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, roleAssignmentName).ConfigureAwait(false);

RegisterForCleanup(result);

Expand All @@ -162,9 +163,10 @@ public async Task CreateRoleAssignment()
public async Task GetRoleAssignment()
{
List<KeyVaultRoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
var definitionToAssign = definitions.FirstOrDefault(d => d.RoleName.Contains(RoleName));
KeyVaultRoleDefinition definitionToAssign = definitions.First(d => d.RoleName.Contains(RoleName));

KeyVaultRoleAssignment assignment = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, _roleAssignmentId).ConfigureAwait(false);
Guid roleAssignmentName = Recording.Random.NewGuid();
KeyVaultRoleAssignment assignment = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, roleAssignmentName).ConfigureAwait(false);

RegisterForCleanup(assignment);

Expand All @@ -182,9 +184,10 @@ public async Task GetRoleAssignment()
public async Task DeleteRoleAssignment()
{
List<KeyVaultRoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
var definitionToAssign = definitions.FirstOrDefault(d => d.RoleName.Contains(RoleName));
KeyVaultRoleDefinition definitionToAssign = definitions.First(d => d.RoleName.Contains(RoleName));

KeyVaultRoleAssignment assignment = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, _roleAssignmentId).ConfigureAwait(false);
Guid roleAssignmentName = Recording.Random.NewGuid();
KeyVaultRoleAssignment assignment = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, roleAssignmentName).ConfigureAwait(false);

await Client.DeleteRoleAssignmentAsync(KeyVaultRoleScope.Global, assignment.Name).ConfigureAwait(false);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,7 @@ public abstract class AccessControlTestBase : AdministrationTestBase
internal KeyVaultAccessControlClient client;
#pragma warning restore IDE1006 // Naming Styles

internal const string RoleName = "Managed HSM Backup";
internal readonly Guid _roleAssignmentId = new Guid("e7ae2aff-eb17-4c9d-84f0-d12f7f468f16");
internal const string RoleName = "Managed HSM Backup User";
internal string _roleDefinitionId;
internal string _objectId;

Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 003fa41

Please sign in to comment.